diff --git a/csharp/App/Backend/Controllers/Controller.cs b/csharp/App/Backend/Controllers/Controller.cs index 99d622456..d9228f964 100644 --- a/csharp/App/Backend/Controllers/Controller.cs +++ b/csharp/App/Backend/Controllers/Controller.cs @@ -7,25 +7,32 @@ using Microsoft.AspNetCore.Mvc; namespace InnovEnergy.App.Backend.Controllers; +using Token = String; + [ApiController] [Route("api/")] public class Controller : ControllerBase { [HttpPost(nameof(Login))] - public ActionResult Login(Credentials credentials) + public ActionResult Login(String username, String password) { - var session = credentials.Login(); + var user = Db.GetUserByEmail(username); - return session is null - ? Unauthorized() - : session; + if (user is null || !user.VerifyPassword(password)) + return Unauthorized(); + + var session = new Session(user); + + return Db.Create(session) + ? session + : Unauthorized(); } [HttpPost(nameof(Logout))] - public ActionResult Logout() + public ActionResult Logout(Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); return session.Logout() ? Ok() @@ -34,15 +41,15 @@ public class Controller : ControllerBase [HttpGet(nameof(GetUserById))] - public ActionResult GetUserById(Int64 id) + public ActionResult GetUserById(Int64 id, Token authToken) { - var caller = GetSession()?.User; - if (caller == null) + var session = Db.GetSession(authToken)?.User; + if (session == null) return Unauthorized(); var user = Db.GetUserById(id); - if (user is null || !caller.HasAccessTo(user)) + if (user is null || !session.HasAccessTo(user)) return Unauthorized(); user.Password = ""; @@ -51,9 +58,9 @@ public class Controller : ControllerBase [HttpGet(nameof(GetInstallationById))] - public ActionResult GetInstallationById(Int64 id) + public ActionResult GetInstallationById(Int64 id, Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); @@ -66,9 +73,9 @@ public class Controller : ControllerBase } [HttpGet(nameof(GetUsersWithAccessToInstallation))] - public ActionResult> GetUsersWithAccessToInstallation(Int64 id) + public ActionResult> GetUsersWithAccessToInstallation(Int64 id, Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); @@ -93,9 +100,9 @@ public class Controller : ControllerBase } [HttpGet(nameof(GetUsersWithAccessToFolder))] - public ActionResult> GetUsersWithAccessToFolder(Int64 id) + public ActionResult> GetUsersWithAccessToFolder(Int64 id, Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); @@ -114,9 +121,9 @@ public class Controller : ControllerBase } [HttpGet(nameof(GetFolderById))] - public ActionResult GetFolderById(Int64 id) + public ActionResult GetFolderById(Int64 id, Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); @@ -130,9 +137,9 @@ public class Controller : ControllerBase [HttpGet(nameof(GetAllInstallations))] - public ActionResult> GetAllInstallations() + public ActionResult> GetAllInstallations(Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); @@ -143,9 +150,9 @@ public class Controller : ControllerBase [HttpGet(nameof(GetAllFolders))] - public ActionResult> GetAllFolders() + public ActionResult> GetAllFolders(Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); @@ -155,9 +162,9 @@ public class Controller : ControllerBase [HttpGet(nameof(GetAllFoldersAndInstallations))] - public ActionResult> GetAllFoldersAndInstallations() + public ActionResult> GetAllFoldersAndInstallations(Token authToken) { - var user = GetSession()?.User; + var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); @@ -167,26 +174,26 @@ public class Controller : ControllerBase [HttpPost(nameof(CreateUser))] - public ActionResult CreateUser(User newUser) + public ActionResult CreateUser(User newUser, Token authToken) { - return GetSession().Create(newUser) + return Db.GetSession(authToken).Create(newUser) ? newUser : Unauthorized() ; } [HttpPost(nameof(CreateInstallation))] - public async Task> CreateInstallation(Installation installation) + public async Task> CreateInstallation(Installation installation, Token authToken) { - if (!await GetSession().Create(installation)) + if (!await Db.GetSession(authToken).Create(installation)) return Unauthorized(); return installation; } [HttpPost(nameof(CreateFolder))] - public ActionResult CreateFolder(Folder folder) + public ActionResult CreateFolder(Folder folder, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); if (!session.Create(folder)) return Unauthorized(); @@ -195,9 +202,9 @@ public class Controller : ControllerBase } [HttpPost(nameof(GrantUserAccessToFolder))] - public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess) + public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); @@ -210,9 +217,9 @@ public class Controller : ControllerBase [HttpPost(nameof(RevokeUserAccessToFolder))] - public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess) + public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); @@ -225,9 +232,9 @@ public class Controller : ControllerBase [HttpPost(nameof(GrantUserAccessToInstallation))] - public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess) + public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); @@ -239,9 +246,9 @@ public class Controller : ControllerBase } [HttpPost(nameof(RevokeUserAccessToInstallation))] - public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess) + public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); @@ -255,9 +262,9 @@ public class Controller : ControllerBase [HttpPut(nameof(UpdateUser))] - public ActionResult UpdateUser(User updatedUser) + public ActionResult UpdateUser(User updatedUser, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); if (!session.Update(updatedUser)) return Unauthorized(); @@ -269,9 +276,9 @@ public class Controller : ControllerBase [HttpPut(nameof(UpdateInstallation))] - public ActionResult UpdateInstallation(Installation installation) + public ActionResult UpdateInstallation(Installation installation, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); if (!session.Update(installation)) return Unauthorized(); @@ -281,9 +288,9 @@ public class Controller : ControllerBase [HttpPut(nameof(UpdateFolder))] - public ActionResult UpdateFolder(Folder folder) + public ActionResult UpdateFolder(Folder folder, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); if (!session.Update(folder)) return Unauthorized(); @@ -292,9 +299,9 @@ public class Controller : ControllerBase } [HttpDelete(nameof(DeleteUser))] - public ActionResult DeleteUser(Int64 userId) + public ActionResult DeleteUser(Int64 userId, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); var user = Db.GetUserById(userId); return session.Delete(user) @@ -303,9 +310,9 @@ public class Controller : ControllerBase } [HttpDelete(nameof(DeleteInstallation))] - public ActionResult DeleteInstallation(Int64 installationId) + public ActionResult DeleteInstallation(Int64 installationId, Token authToken) { - var session = GetSession(); + var session = Db.GetSession(authToken); var installation = Db.GetInstallationById(installationId); return session.Delete(installation) @@ -314,11 +321,10 @@ public class Controller : ControllerBase } [HttpDelete(nameof(DeleteFolder))] - public ActionResult DeleteFolder(Int64 folderId) + public ActionResult DeleteFolder(Int64 folderId, Token authToken) { - var session = GetSession(); - - var folder = Db.GetFolderById(folderId); + var session = Db.GetSession(authToken); + var folder = Db.GetFolderById(folderId); return session.Delete(folder) ? Ok() @@ -326,11 +332,7 @@ public class Controller : ControllerBase } - private static Session? GetSession() - { - var ctxAccessor = new HttpContextAccessor(); - return ctxAccessor.HttpContext?.Items["Session"] as Session; - } + } diff --git a/csharp/App/Backend/DataTypes/Credentials.cs b/csharp/App/Backend/DataTypes/Credentials.cs deleted file mode 100644 index d17c3f063..000000000 --- a/csharp/App/Backend/DataTypes/Credentials.cs +++ /dev/null @@ -1,6 +0,0 @@ -using System.Diagnostics.CodeAnalysis; - -namespace InnovEnergy.App.Backend.DataTypes; - -[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.All)] -public record Credentials(String Username, String Password); \ No newline at end of file diff --git a/csharp/App/Backend/DataTypes/Methods/Credentials.cs b/csharp/App/Backend/DataTypes/Methods/Credentials.cs deleted file mode 100644 index 2e29149b1..000000000 --- a/csharp/App/Backend/DataTypes/Methods/Credentials.cs +++ /dev/null @@ -1,27 +0,0 @@ -using InnovEnergy.App.Backend.Database; -using InnovEnergy.App.Backend.Relations; -using InnovEnergy.Lib.Utils; - -namespace InnovEnergy.App.Backend.DataTypes.Methods; - -public static class CredentialsMethods -{ - public static Session? Login(this Credentials credentials) - { - var (username, password) = credentials; - - if (username.IsNullOrEmpty() || password.IsNullOrEmpty()) - return null; - - var user = Db.GetUserByEmail(username); - - if (user is null || !user.VerifyPassword(password)) - return null; - - var session = new Session(user); - - return Db.Create(session) - ? session - : null; - } -} \ No newline at end of file diff --git a/csharp/App/Backend/Program.cs b/csharp/App/Backend/Program.cs index fbf86d381..686e29d7f 100644 --- a/csharp/App/Backend/Program.cs +++ b/csharp/App/Backend/Program.cs @@ -1,4 +1,3 @@ -using InnovEnergy.App.Backend.Database; using Microsoft.OpenApi.Models; namespace InnovEnergy.App.Backend; @@ -10,53 +9,48 @@ public static class Program //Db.CreateFakeRelations(); var builder = WebApplication.CreateBuilder(args); - - builder.Services.AddControllers(); - builder.Services.AddHttpContextAccessor(); - builder.Services.AddEndpointsApiExplorer(); - builder.Services.AddCors(o => o.AddDefaultPolicy(p => p.WithOrigins("*").AllowAnyHeader().AllowAnyMethod())); + + //builder.Services.AddHttpContextAccessor(); + //builder.Services.AddEndpointsApiExplorer(); + //builder.Services.AddCors(o => o.AddDefaultPolicy(p => p.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod())); + + builder.Services.AddControllers(); builder.Services.AddSwaggerGen(c => { - c.SwaggerDoc("v1", new OpenApiInfo { Title = "InnovEnergy Backend API", Version = "v1" }); + c.SwaggerDoc("v1", OpenApiInfo); c.UseAllOfToExtendReferenceSchemas(); - c.OperationFilter(); //Todo testing throw me out c.SupportNonNullableReferenceTypes(); }); var app = builder.Build(); - // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); - app.UseSwaggerUI(cfg => cfg.EnableFilter()); + app.UseSwaggerUI(); } - - app.UseCors(); + + app.UseCors(p => p.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()) ; app.UseHttpsRedirection(); - app.UseAuthorization(); - app.Use(SetSessionUser); + //app.UseAuthorization(); app.MapControllers(); app.Run(); } - - - private static async Task SetSessionUser(HttpContext ctx, RequestDelegate next) + private static OpenApiInfo OpenApiInfo { get; } = new OpenApiInfo { - var headers = ctx.Request.Headers; - var hasToken = headers.TryGetValue("auth", out var token) ; + Title = "InnovEnergy Backend API", + Version = "v1" + }; - if (hasToken) - { - var session = Db.GetSession(token); +} - if (session is not null) - ctx.Items["Session"] = session; - } - await next(ctx); - } -} \ No newline at end of file +// var x = new CorsPolicy +// { +// Headers = { "*" }, +// Origins = { "*" }, +// Methods = { "*" } +// };