Innovenergy_trunk/csharp/app/Backend/Controllers/Controller.cs

using System.Net;
using System.Text;
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
using Backend.Utils;
using Microsoft.AspNetCore.Mvc;

namespace Backend.Controllers;


[ApiController]
[Route("api/")]
public class Controller  
{
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPost($"{nameof(Login)}")]
    public Object Login(JsonElement usernamepass)
    {
        usernamepass.TryGetProperty("username", out var usr);
        usernamepass.TryGetProperty("password", out var pwd);
        var username = usr.ToString();
        var password = pwd.ToString();
        
        if (username is null || password is null)
            return new HttpResponseMessage(HttpStatusCode.BadRequest);
        
        using var db = Db.Connect();
        var user = db.GetUserByEmail(username);

        var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
            Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
        
        //Same error as to not communicate if a user exists or not
        if (user is null || user.Password != hashedPassword)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        var ses = new Session(user);
        db.NewSession(ses);
        return ses.Token;
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPost($"{nameof(Logout)}")]
    public Object Logout()
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser is null)
            return new HttpResponseMessage(HttpStatusCode.Conflict);
        
        return db.DeleteSession(currentUser.Id);
    }
    

    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetUserById)}")]
    public Object GetUserById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var viewedUser = db.GetUserById(id);
        
        //using the same error to prevent fishing for ids
        if (currentUser == null || viewedUser == null  || !db.IsParentOfChild(currentUser, viewedUser))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);

        return viewedUser;
    }   
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetInstallationById)}")]
    public Object GetInstallationById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var installation = db.GetInstallationById(id);
        
        if(currentUser==null 
           || db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
            return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
                    : installation;

        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetFolderById)}")]
    public Object GetFolderById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var folder = db.GetFolderById(id);
        
        if(currentUser==null 
           || db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
            return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
                    : folder;

        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetAllInstallations)}/")]
    public Object GetAllInstallations()
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var user = (User)ctx.Items["User"];
        
        if (user != null) return db.GetAllAccessibleInstallations(user).ToList();
        
        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetAllFolders)}/")]
    public Object GetAllFolders()
    {
        var ctxAccessor = new HttpContextAccessor();
       var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var user = (User)ctx.Items["User"];
        
        if (user != null) return db.GetAllAccessibleFolders(user).ToList();
        
        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateUser)}/")]
    public Object UpdateUser(User updatedUser)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess || !db.IsParentOfChild(currentUser, updatedUser))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateInstallation)}/")]
    public Object UpdateInstallation(Installation updatedInstallation)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id))
            return db.GetInstallationById(updatedInstallation.Id) == null
                ? new HttpResponseMessage(HttpStatusCode.Unauthorized)
                : db.UpdateInstallation(updatedInstallation);
        
        db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id);
        return db.CreateInstallation(updatedInstallation);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateFolder)}/")]
    public Object UpdateFolder(Folder updatedFolder)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id))
            return db.GetFolderById(updatedFolder.Id) == null
                ? new HttpResponseMessage(HttpStatusCode.Unauthorized)
                : db.UpdateFolder(updatedFolder);
        
        db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id);
        return db.CreateFolder(updatedFolder);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteUser)}/")]
    public Object DeleteUser(Int64 userId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var userToBeDeleted = db.GetUserById(userId);
        
        if (currentUser == null 
                                || userToBeDeleted == null 
                                || !currentUser.HasWriteAccess
                                || !db.IsParentOfChild(currentUser,userToBeDeleted))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteUser(userToBeDeleted);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteInstallation)}/")]
    public Object DeleteInstallation(Int64 installationId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var installationToBeDeleted = db.GetInstallationById(installationId);
        
        if (currentUser == null 
            || installationToBeDeleted == null 
            || !currentUser.HasWriteAccess
            || !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteInstallation(installationToBeDeleted);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteFolder)}/")]
    public Object DeleteFolder(Int64 folderId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var folderToBeDeleted = db.GetFolderById(folderId);
        
        if (currentUser == null 
            || folderToBeDeleted == null 
            || !currentUser.HasWriteAccess
            || !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteFolder(folderToBeDeleted);
    }
    

}
test 2023-02-16 12:57:06 +00:00			`using System.Net;`
added salt and stuff 2023-02-16 14:08:50 +00:00			`using System.Text;`
test 2023-02-16 12:57:06 +00:00			`using System.Text.Json;`
			`using Backend.Database;`
			`using Backend.Model;`
			`using Backend.Model.Relations;`
added salt and stuff 2023-02-16 14:08:50 +00:00			`using Backend.Utils;`
test 2023-02-16 12:57:06 +00:00			`using Microsoft.AspNetCore.Mvc;`

			`namespace Backend.Controllers;`


			`[ApiController]`
			`[Route("api/")]`
			`public class Controller`
			`{`
			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpPost($"{nameof(Login)}")]`
			`public Object Login(JsonElement usernamepass)`
			`{`
			`usernamepass.TryGetProperty("username", out var usr);`
			`usernamepass.TryGetProperty("password", out var pwd);`
			`var username = usr.ToString();`
			`var password = pwd.ToString();`

			`if (username is null \|\| password is null)`
			`return new HttpResponseMessage(HttpStatusCode.BadRequest);`
added salt and stuff 2023-02-16 14:08:50 +00:00
test 2023-02-16 12:57:06 +00:00			`using var db = Db.Connect();`
			`var user = db.GetUserByEmail(username);`

added salt and stuff 2023-02-16 14:08:50 +00:00			`var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),`
			`Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));`

test 2023-02-16 12:57:06 +00:00			`//Same error as to not communicate if a user exists or not`
added salt and stuff 2023-02-16 14:08:50 +00:00			`if (user is null \|\| user.Password != hashedPassword)`
test 2023-02-16 12:57:06 +00:00			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`var ses = new Session(user);`
			`db.NewSession(ses);`
			`return ses.Token;`
			`}`

typescript fuckery?? is this still correct? 2023-02-21 08:58:21 +00:00			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpPost($"{nameof(Logout)}")]`
			`public Object Logout()`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`

			`if (currentUser is null)`
			`return new HttpResponseMessage(HttpStatusCode.Conflict);`

			`return db.DeleteSession(currentUser.Id);`
			`}`

added salt and stuff 2023-02-16 14:08:50 +00:00
			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpGet($"{nameof(GetUserById)}")]`
			`public Object GetUserById(Int64 id)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var viewedUser = db.GetUserById(id);`

			`//using the same error to prevent fishing for ids`
			`if (currentUser == null \|\| viewedUser == null \|\| !db.IsParentOfChild(currentUser, viewedUser))`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`return viewedUser;`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpGet($"{nameof(GetInstallationById)}")]`
			`public Object GetInstallationById(Int64 id)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var installation = db.GetInstallationById(id);`

			`if(currentUser==null`
			`\|\| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))`
			`return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)`
			`: installation;`

			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpGet($"{nameof(GetFolderById)}")]`
			`public Object GetFolderById(Int64 id)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var folder = db.GetFolderById(id);`

			`if(currentUser==null`
			`\|\| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))`
			`return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)`
			`: folder;`

			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`
			`}`

test 2023-02-16 12:57:06 +00:00			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpGet($"{nameof(GetAllInstallations)}/")]`
			`public Object GetAllInstallations()`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var user = (User)ctx.Items["User"];`

			`if (user != null) return db.GetAllAccessibleInstallations(user).ToList();`

			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpGet($"{nameof(GetAllFolders)}/")]`
			`public Object GetAllFolders()`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
added salt and stuff 2023-02-16 14:08:50 +00:00			`var ctx = ctxAccessor.HttpContext;`
test 2023-02-16 12:57:06 +00:00			`using var db = Db.Connect();`
			`var user = (User)ctx.Items["User"];`

			`if (user != null) return db.GetAllAccessibleFolders(user).ToList();`

			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpPut($"{nameof(UpdateUser)}/")]`
			`public Object UpdateUser(User updatedUser)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`

			`if (currentUser == null \|\| !currentUser.HasWriteAccess \|\| !db.IsParentOfChild(currentUser, updatedUser))`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpPut($"{nameof(UpdateInstallation)}/")]`
			`public Object UpdateInstallation(Installation updatedInstallation)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`

			`if (currentUser == null \|\| !currentUser.HasWriteAccess)`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id))`
			`return db.GetInstallationById(updatedInstallation.Id) == null`
			`? new HttpResponseMessage(HttpStatusCode.Unauthorized)`
			`: db.UpdateInstallation(updatedInstallation);`

			`db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id);`
			`return db.CreateInstallation(updatedInstallation);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpPut($"{nameof(UpdateFolder)}/")]`
			`public Object UpdateFolder(Folder updatedFolder)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`

			`if (currentUser == null \|\| !currentUser.HasWriteAccess)`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id))`
			`return db.GetFolderById(updatedFolder.Id) == null`
			`? new HttpResponseMessage(HttpStatusCode.Unauthorized)`
			`: db.UpdateFolder(updatedFolder);`

			`db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id);`
			`return db.CreateFolder(updatedFolder);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpDelete($"{nameof(DeleteUser)}/")]`
			`public Object DeleteUser(Int64 userId)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var userToBeDeleted = db.GetUserById(userId);`

			`if (currentUser == null`
			`\|\| userToBeDeleted == null`
			`\|\| !currentUser.HasWriteAccess`
			`\|\| !db.IsParentOfChild(currentUser,userToBeDeleted))`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`return db.DeleteUser(userToBeDeleted);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpDelete($"{nameof(DeleteInstallation)}/")]`
			`public Object DeleteInstallation(Int64 installationId)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var installationToBeDeleted = db.GetInstallationById(installationId);`

			`if (currentUser == null`
			`\|\| installationToBeDeleted == null`
			`\|\| !currentUser.HasWriteAccess`
			`\|\| !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`return db.DeleteInstallation(installationToBeDeleted);`
			`}`

			`[ProducesResponseType(200)]`
			`[ProducesResponseType(401)]`
			`[HttpDelete($"{nameof(DeleteFolder)}/")]`
			`public Object DeleteFolder(Int64 folderId)`
			`{`
			`var ctxAccessor = new HttpContextAccessor();`
			`var ctx = ctxAccessor.HttpContext;`
			`using var db = Db.Connect();`
			`var currentUser = (User)ctx.Items["User"];`
			`var folderToBeDeleted = db.GetFolderById(folderId);`

			`if (currentUser == null`
			`\|\| folderToBeDeleted == null`
			`\|\| !currentUser.HasWriteAccess`
			`\|\| !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))`
			`return new HttpResponseMessage(HttpStatusCode.Unauthorized);`

			`return db.DeleteFolder(folderToBeDeleted);`
			`}`


			`}`