fix "folders have no children" bug, cleanup backend

This commit is contained in:
ig 2023-02-23 11:26:55 +01:00
parent 6cf11a701d
commit 577ff30bc9
11 changed files with 130 additions and 156 deletions

View File

@ -14,17 +14,5 @@
</introspection-scope> </introspection-scope>
</schema-mapping> </schema-mapping>
</data-source> </data-source>
<data-source name="db [2]" uuid="90dbce14-c550-4450-973e-ce471278a4c1">
<database-info product="SQLite" version="3.39.2" jdbc-version="2.1" driver-name="SQLite JDBC" driver-version="3.39.2.0" dbms="SQLITE" exact-version="3.39.2" exact-driver-version="3.39">
<identifier-quote-string>&quot;</identifier-quote-string>
</database-info>
<case-sensitivity plain-identifiers="mixed" quoted-identifiers="mixed" />
<auth-provider>no-auth</auth-provider>
<schema-mapping>
<introspection-scope>
<node kind="schema" qname="@" />
</introspection-scope>
</schema-mapping>
</data-source>
</component> </component>
</project> </project>

View File

@ -8,17 +8,5 @@
<jdbc-url>jdbc:sqlite:$PROJECT_DIR$/app/Backend/db.sqlite</jdbc-url> <jdbc-url>jdbc:sqlite:$PROJECT_DIR$/app/Backend/db.sqlite</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir> <working-dir>$ProjectFileDir$</working-dir>
</data-source> </data-source>
<data-source source="LOCAL" name="db [2]" uuid="90dbce14-c550-4450-973e-ce471278a4c1">
<driver-ref>sqlite.xerial</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.sqlite.JDBC</jdbc-driver>
<jdbc-url>jdbc:sqlite:$PROJECT_DIR$/app/Backend/db.sqlite-original</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir>
<libraries>
<library>
<url>file://$APPLICATION_CONFIG_DIR$/jdbc-drivers/Xerial SQLiteJDBC/3.39.2/sqlite-jdbc-3.39.2.jar</url>
</library>
</libraries>
</data-source>
</component> </component>
</project> </project>

View File

@ -6,10 +6,10 @@ using Backend.Model;
using Backend.Model.Relations; using Backend.Model.Relations;
using Backend.Utils; using Backend.Utils;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using HttpContextAccessor = Microsoft.AspNetCore.Http.HttpContextAccessor;
namespace Backend.Controllers; namespace Backend.Controllers;
[ApiController] [ApiController]
[Route("api/")] [Route("api/")]
public class Controller public class Controller
@ -17,31 +17,35 @@ public class Controller
[ProducesResponseType(200)] [ProducesResponseType(200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpPost($"{nameof(Login)}")] [HttpPost($"{nameof(Login)}")]
public Object Login(JsonElement usernamepass) public Object Login(Credentials credentials)
{ {
usernamepass.TryGetProperty("username", out var usr); if (String.IsNullOrWhiteSpace(credentials.Username) ||
usernamepass.TryGetProperty("password", out var pwd); String.IsNullOrWhiteSpace(credentials.Password))
var username = usr.ToString();
var password = pwd.ToString();
if (username is null || username == "" || password == "" || password is null)
return new HttpResponseMessage(HttpStatusCode.BadRequest); return new HttpResponseMessage(HttpStatusCode.BadRequest);
using var db = Db.Connect(); using var db = Db.Connect();
var user = db.GetUserByEmail(username); var user = db.GetUserByEmail(credentials.Username);
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password), if (user is null)
Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
//Same error as to not communicate if a user exists or not
if (user is null || user.Password != hashedPassword)
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// if (!VerifyPassword(password, user))
// return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var ses = new Session(user); var ses = new Session(user);
db.NewSession(ses); db.NewSession(ses);
return ses.Token; return ses.Token;
} }
private static Boolean VerifyPassword(String password, User user)
{
var pwdBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(user.Salt + "innovEnergy");
var pwdHash = Crypto.ComputeHash(pwdBytes, saltBytes);
return user.Password == pwdHash;
}
[ProducesResponseType(200)] [ProducesResponseType(200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpPost($"{nameof(Logout)}")] [HttpPost($"{nameof(Logout)}")]
@ -72,7 +76,7 @@ public class Controller
} }
[ProducesResponseType(200)] [ProducesResponseType(typeof(User), 200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpGet($"{nameof(GetUserById)}")] [HttpGet($"{nameof(GetUserById)}")]
public Object GetUserById(Int64 id) public Object GetUserById(Int64 id)
@ -90,7 +94,7 @@ public class Controller
return viewedUser; return viewedUser;
} }
[ProducesResponseType(200)] [ProducesResponseType(typeof(Installation), 200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpGet($"{nameof(GetInstallationById)}")] [HttpGet($"{nameof(GetInstallationById)}")]
public Object GetInstallationById(Int64 id) public Object GetInstallationById(Int64 id)
@ -99,17 +103,21 @@ public class Controller
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect(); using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"]; var currentUser = (User)ctx.Items["User"];
var installation = db.GetInstallationById(id);
if(currentUser==null if (currentUser == null)
|| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id)) return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
: installation;
return new HttpResponseMessage(HttpStatusCode.Unauthorized); var installation = db
.GetAllAccessibleInstallations(currentUser)
.FirstOrDefault(i => i.Id == id);
if (installation is null)
return new HttpResponseMessage(HttpStatusCode.NotFound);
return installation;
} }
[ProducesResponseType(200)] [ProducesResponseType(typeof(Folder), 200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpGet($"{nameof(GetFolderById)}")] [HttpGet($"{nameof(GetFolderById)}")]
public Object GetFolderById(Int64 id) public Object GetFolderById(Int64 id)
@ -118,14 +126,15 @@ public class Controller
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect(); using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"]; var currentUser = (User)ctx.Items["User"];
var folder = db.GetFolderById(id);
if(currentUser==null var folder = db
|| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id)) .GetAllAccessibleFolders(currentUser!)
return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound) .FirstOrDefault(f => f.Id == id);
: folder;
return new HttpResponseMessage(HttpStatusCode.Unauthorized); if(folder is null)
return new HttpResponseMessage(HttpStatusCode.NotFound);
return folder;
} }
[ProducesResponseType(200)] [ProducesResponseType(200)]
@ -138,9 +147,10 @@ public class Controller
using var db = Db.Connect(); using var db = Db.Connect();
var user = (User)ctx.Items["User"]; var user = (User)ctx.Items["User"];
if (user != null) return db.GetAllAccessibleInstallations(user).ToList(); if (user == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return db.GetAllAccessibleInstallations(user).ToList();
} }
[ProducesResponseType(200)] [ProducesResponseType(200)]
@ -149,13 +159,15 @@ public class Controller
public Object GetAllFolders() public Object GetAllFolders()
{ {
var ctxAccessor = new HttpContextAccessor(); var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"]; var user = (User)ctx.Items["User"];
if (user != null) return db.GetAllAccessibleFolders(user).ToList(); using var db = Db.Connect();
return new HttpResponseMessage(HttpStatusCode.Unauthorized); if (user == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.GetAllAccessibleFolders(user).ToList();
} }
[ProducesResponseType(200)] [ProducesResponseType(200)]
@ -181,21 +193,26 @@ public class Controller
{ {
var ctxAccessor = new HttpContextAccessor(); var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"]; var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess) if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id)) using var db = Db.Connect();
return db.GetInstallationById(updatedInstallation.Id) == null
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
: db.UpdateInstallation(updatedInstallation);
db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id); var hasAccess = db.GetAllAccessibleInstallations(currentUser)
return db.CreateInstallation(updatedInstallation); .Any(i => i.Id == updatedInstallation.Id);
if (!hasAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// TODO: accessibility by other users etc
// TODO: sanity check changes
return db.UpdateInstallation(updatedInstallation);
} }
[ProducesResponseType(200)] [ProducesResponseType(200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateFolder)}/")] [HttpPut($"{nameof(UpdateFolder)}/")]
@ -209,13 +226,16 @@ public class Controller
if (currentUser == null || !currentUser.HasWriteAccess) if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id)) var hasAccess = db.GetAllAccessibleFolders(currentUser)
return db.GetFolderById(updatedFolder.Id) == null .Any(f => f.Id == updatedFolder.Id);
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
: db.UpdateFolder(updatedFolder);
db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id); if (!hasAccess)
return db.CreateFolder(updatedFolder); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// TODO: accessibility by other users etc
// TODO: sanity check changes
return db.UpdateFolder(updatedFolder);
} }
[ProducesResponseType(200)] [ProducesResponseType(200)]
@ -241,18 +261,18 @@ public class Controller
[ProducesResponseType(200)] [ProducesResponseType(200)]
[ProducesResponseType(401)] [ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteInstallation)}/")] [HttpDelete($"{nameof(DeleteInstallation)}/")]
public Object DeleteInstallation(Int64 installationId) public Object DeleteInstallation(Int64 idOfInstallationToBeDeleted)
{ {
var ctxAccessor = new HttpContextAccessor(); var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect(); using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"]; var currentUser = (User)ctx.Items["User"];
var installationToBeDeleted = db.GetInstallationById(installationId);
if (currentUser == null var installationToBeDeleted = db
|| installationToBeDeleted == null .GetAllAccessibleInstallations(currentUser!)
|| !currentUser.HasWriteAccess .FirstOrDefault(i => i.Id == idOfInstallationToBeDeleted);
|| !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))
if (installationToBeDeleted is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteInstallation(installationToBeDeleted); return db.DeleteInstallation(installationToBeDeleted);
@ -267,15 +287,15 @@ public class Controller
var ctx = ctxAccessor.HttpContext; var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect(); using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"]; var currentUser = (User)ctx.Items["User"];
var folderToBeDeleted = db.GetFolderById(folderId);
if (currentUser == null var folderToDelete = db
|| folderToBeDeleted == null .GetAllAccessibleFolders(currentUser!)
|| !currentUser.HasWriteAccess .FirstOrDefault(f => f.Id == folderId);
|| !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))
if (folderToDelete is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized); return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteFolder(folderToBeDeleted); return db.DeleteFolder(folderToDelete);
} }

View File

@ -0,0 +1,3 @@
namespace Backend.Controllers;
public record Credentials(String Username, String Password);

View File

@ -97,15 +97,6 @@ public partial class Db : IDisposable
return direct.Concat(fromFolders); return direct.Concat(fromFolders);
} }
public IEnumerable<Int64> GetAllAccessibleInstallationIds(User user)
{
var direct = GetDirectlyAccessibleInstallationIds(user);
var fromFolders = GetAllAccessibleFolders(user)
.SelectMany(GetChildInstallations)
.Select(installation => installation.Id);
return direct.Concat(fromFolders);
}
public IEnumerable<Folder> GetAllAccessibleFolders(User user) public IEnumerable<Folder> GetAllAccessibleFolders(User user)
{ {
@ -113,12 +104,6 @@ public partial class Db : IDisposable
.SelectMany(GetDescendantFolders); .SelectMany(GetDescendantFolders);
} }
public IEnumerable<Int64> GetAllAccessibleFolderIds(User user)
{
return GetDirectlyAccessibleFolders(user)
.SelectMany(GetDescendantFolders)
.Select(folder => folder.Id );
}
public IEnumerable<Installation> GetDirectlyAccessibleInstallations(User user) public IEnumerable<Installation> GetDirectlyAccessibleInstallations(User user)
{ {
@ -129,14 +114,6 @@ public partial class Db : IDisposable
.NotNull(); .NotNull();
} }
public IEnumerable<Int64> GetDirectlyAccessibleInstallationIds(User user)
{
return User2Installation
.Where(r => r.UserId == user.Id)
.Select(r => r.InstallationId)
.NotNull<Int64>();
}
public IEnumerable<Folder> GetDirectlyAccessibleFolders(User user) public IEnumerable<Folder> GetDirectlyAccessibleFolders(User user)
{ {
return User2Folder return User2Folder
@ -148,9 +125,11 @@ public partial class Db : IDisposable
public Result AddToAccessibleInstallations(Int64 userId, Int64 updatedInstallationId) public Result AddToAccessibleInstallations(Int64 userId, Int64 updatedInstallationId)
{ {
var con = new User2Installation(); var con = new User2Installation
con.UserId = userId; {
con.InstallationId = updatedInstallationId; UserId = userId,
InstallationId = updatedInstallationId
};
try try
{ {
@ -166,9 +145,11 @@ public partial class Db : IDisposable
public Result AddToAccessibleFolders(Int64 userId, Int64 updatedFolderId) public Result AddToAccessibleFolders(Int64 userId, Int64 updatedFolderId)
{ {
var con = new User2Folder(); var con = new User2Folder
con.UserId = userId; {
con.FolderId = updatedFolderId; UserId = userId,
FolderId = updatedFolderId
};
try try
{ {
@ -213,9 +194,7 @@ public partial class Db : IDisposable
{ {
try try
{ {
Sessions Sessions.Delete(u => u.UserId == id);
.Where(u => u.UserId == id)
.Delete();
} }
catch (Exception e) catch (Exception e)
{ {

View File

@ -65,9 +65,10 @@ public partial class Db
_Db.Delete(uf); _Db.Delete(uf);
var nFolders = NbFolders; var nFolders = NbFolders;
var nUsers = NbUsers;
foreach (var user in Users) foreach (var user in Users)
while (Random.Shared.Next(5) != 0) while (Random.Shared.Next((Int32)(nUsers - user.Id + 1)) != 0)
{ {
var relation = new User2Folder var relation = new User2Folder
{ {

View File

@ -21,19 +21,20 @@ public partial class Db
//return PopulateDescendants(folder); //return PopulateDescendants(folder);
} }
public IEnumerable<Folder> GetChildFolders(Folder folder) public IEnumerable<Folder> GetChildFolders(Folder parent)
{ {
return Folders.Where(f => f.ParentId == f.Id); return Folders.Where(f => f.ParentId == parent.Id);
} }
public IEnumerable<Folder> GetDescendantFolders(Folder folder)
public IEnumerable<Folder> GetDescendantFolders(Folder parent)
{ {
return folder.Traverse(GetChildFolders); return parent.Traverse(GetChildFolders);
} }
public IEnumerable<Installation> GetChildInstallations(Folder folder) public IEnumerable<Installation> GetChildInstallations(Folder parent)
{ {
return Installations.Where(f => f.ParentId == f.Id); return Installations.Where(f => f.ParentId == parent.Id);
} }
@ -63,17 +64,13 @@ public partial class Db
public Result DeleteFolder(Folder folder) public Result DeleteFolder(Folder folder)
{ {
// Delete direct children
User2Folder .Delete(f => f.FolderId == folder.Id);
Installations.Delete(i => i.ParentId == folder.Id);
User2Folder // recursion
.Where(f => f.FolderId == folder.Id) Folders.Where(f => f.ParentId == folder.Id)
.Delete(); .ForEach(DeleteFolder);
// TODO: delete descendants? Here they are just adopted one level up
foreach (var l in Installations
.Where(i => i.ParentId == folder.Id))
{
ChangeParent(l, folder.ParentId);
}
return Delete(folder); return Delete(folder);
} }

View File

@ -24,11 +24,10 @@ public partial class Db
return Update(installation); return Update(installation);
} }
public Result DeleteInstallation(Installation installation) public Result DeleteInstallation(Installation installation)
{ {
User2Installation User2Installation.Delete(i => i.InstallationId == installation.Id);
.Where(i => i.InstallationId == installation.Id)
.Delete();
return Delete(installation); return Delete(installation);
} }

View File

@ -107,24 +107,24 @@ public partial class Db
return Result.Error("User doesn't exist"); return Result.Error("User doesn't exist");
//Checking for unchangeable things //Checking for unchangeable things
user.Id = oldUser.Id; // TODO: depends on privileges of caller
user.Id = oldUser.Id;
user.ParentId = oldUser.ParentId; user.ParentId = oldUser.ParentId;
user.Email = oldUser.Email; user.Email = oldUser.Email;
return Update(user); return Update(user);
} }
public Result DeleteUser(User user) public Result DeleteUser(User user)
{ {
User2Folder User2Folder .Delete(u => u.UserId == user.Id);
.Where(u => u.UserId == user.Id) User2Installation.Delete(u => u.UserId == user.Id);
.Delete();
User2Installation
.Where(u => u.UserId == user.Id)
.Delete();
//Todo check for orphaned Installations/Folders //Todo check for orphaned Installations/Folders
// GetChildUsers()
return Delete(user); return Delete(user);
} }

View File

@ -1 +0,0 @@
Backend.csproj Controllers/Controller.cs Controllers/DatabaseHandler.cs Models/Folder.cs Models/Installation.cs Models/Token.cs Models/User.cs Program.cs Properties/launchSettings.json ServerFunctions/RequestJsonGetters.cs ServerFunctions/ServerFunctions.cs appsettings.Development.json appsettings.json identifier.sqlite

Binary file not shown.