Innovenergy_trunk/csharp/app/Backend/Controllers/Controller.cs

304 lines
10 KiB
C#
Raw Normal View History

2023-02-16 12:57:06 +00:00
using System.Net;
2023-02-16 14:08:50 +00:00
using System.Text;
2023-02-16 12:57:06 +00:00
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
2023-02-16 14:08:50 +00:00
using Backend.Utils;
2023-02-16 12:57:06 +00:00
using Microsoft.AspNetCore.Mvc;
using HttpContextAccessor = Microsoft.AspNetCore.Http.HttpContextAccessor;
2023-02-16 12:57:06 +00:00
namespace Backend.Controllers;
[ApiController]
[Route("api/")]
public class Controller
{
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(Login)}")]
public Object Login(Credentials credentials)
2023-02-16 12:57:06 +00:00
{
if (String.IsNullOrWhiteSpace(credentials.Username) ||
String.IsNullOrWhiteSpace(credentials.Password))
2023-02-16 12:57:06 +00:00
return new HttpResponseMessage(HttpStatusCode.BadRequest);
2023-02-16 14:08:50 +00:00
2023-02-16 12:57:06 +00:00
using var db = Db.Connect();
var user = db.GetUserByEmail(credentials.Username);
2023-02-16 14:08:50 +00:00
if (user is null)
2023-02-16 12:57:06 +00:00
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// if (!VerifyPassword(password, user))
// return new HttpResponseMessage(HttpStatusCode.Unauthorized);
2023-02-16 12:57:06 +00:00
var ses = new Session(user);
db.NewSession(ses);
return ses.Token;
}
private static Boolean VerifyPassword(String password, User user)
{
var pwdBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(user.Salt + "innovEnergy");
var pwdHash = Crypto.ComputeHash(pwdBytes, saltBytes);
return user.Password == pwdHash;
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(Logout)}")]
public Object Logout()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser is null)
return new HttpResponseMessage(HttpStatusCode.Conflict);
return db.DeleteSession(currentUser.Id);
}
2023-02-22 13:46:36 +00:00
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(UpdateS3Creds)}")]
public Object UpdateS3Creds()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx!.Items["User"]!;
return db.CreateAndSaveUserS3ApiKey(currentUser);
}
2023-02-16 14:08:50 +00:00
[ProducesResponseType(typeof(User), 200)]
2023-02-16 14:08:50 +00:00
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetUserById)}")]
public Object GetUserById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var viewedUser = db.GetUserById(id);
//using the same error to prevent fishing for ids
if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return viewedUser;
}
[ProducesResponseType(typeof(Installation), 200)]
2023-02-16 14:08:50 +00:00
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetInstallationById)}")]
public Object GetInstallationById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var installation = db
.GetAllAccessibleInstallations(currentUser)
.FirstOrDefault(i => i.Id == id);
if (installation is null)
return new HttpResponseMessage(HttpStatusCode.NotFound);
2023-02-16 14:08:50 +00:00
return installation;
2023-02-16 14:08:50 +00:00
}
[ProducesResponseType(typeof(Folder), 200)]
2023-02-16 14:08:50 +00:00
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetFolderById)}")]
public Object GetFolderById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var folder = db
.GetAllAccessibleFolders(currentUser!)
.FirstOrDefault(f => f.Id == id);
if(folder is null)
return new HttpResponseMessage(HttpStatusCode.NotFound);
return folder;
2023-02-16 14:08:50 +00:00
}
2023-02-16 12:57:06 +00:00
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllInstallations)}/")]
public Object GetAllInstallations()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"];
if (user == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
2023-02-16 12:57:06 +00:00
return db.GetAllAccessibleInstallations(user).ToList();
2023-02-16 12:57:06 +00:00
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllFolders)}/")]
public Object GetAllFolders()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
2023-02-16 12:57:06 +00:00
var user = (User)ctx.Items["User"];
using var db = Db.Connect();
if (user == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
2023-02-16 12:57:06 +00:00
return db.GetAllAccessibleFolders(user).ToList();
2023-02-16 12:57:06 +00:00
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateUser)}/")]
public Object UpdateUser(User updatedUser)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess || !db.IsParentOfChild(currentUser, updatedUser))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateInstallation)}/")]
public Object UpdateInstallation(Installation updatedInstallation)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
2023-02-16 12:57:06 +00:00
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
2023-02-16 12:57:06 +00:00
var hasAccess = db.GetAllAccessibleInstallations(currentUser)
.Any(i => i.Id == updatedInstallation.Id);
if (!hasAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// TODO: accessibility by other users etc
// TODO: sanity check changes
2023-02-16 12:57:06 +00:00
return db.UpdateInstallation(updatedInstallation);
2023-02-16 12:57:06 +00:00
}
2023-02-16 12:57:06 +00:00
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateFolder)}/")]
public Object UpdateFolder(Folder updatedFolder)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var hasAccess = db.GetAllAccessibleFolders(currentUser)
.Any(f => f.Id == updatedFolder.Id);
if (!hasAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
2023-02-16 12:57:06 +00:00
// TODO: accessibility by other users etc
// TODO: sanity check changes
return db.UpdateFolder(updatedFolder);
2023-02-16 12:57:06 +00:00
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteUser)}/")]
public Object DeleteUser(Int64 userId)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var userToBeDeleted = db.GetUserById(userId);
if (currentUser == null
|| userToBeDeleted == null
|| !currentUser.HasWriteAccess
|| !db.IsParentOfChild(currentUser,userToBeDeleted))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteUser(userToBeDeleted);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteInstallation)}/")]
public Object DeleteInstallation(Int64 idOfInstallationToBeDeleted)
2023-02-16 12:57:06 +00:00
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var installationToBeDeleted = db
.GetAllAccessibleInstallations(currentUser!)
.FirstOrDefault(i => i.Id == idOfInstallationToBeDeleted);
2023-02-16 12:57:06 +00:00
if (installationToBeDeleted is null)
2023-02-16 12:57:06 +00:00
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteInstallation(installationToBeDeleted);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteFolder)}/")]
public Object DeleteFolder(Int64 folderId)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var folderToDelete = db
.GetAllAccessibleFolders(currentUser!)
.FirstOrDefault(f => f.Id == folderId);
2023-02-16 12:57:06 +00:00
if (folderToDelete is null)
2023-02-16 12:57:06 +00:00
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteFolder(folderToDelete);
2023-02-16 12:57:06 +00:00
}
}