284 lines
10 KiB
C#
284 lines
10 KiB
C#
using System.Net;
|
|
using System.Text;
|
|
using System.Text.Json;
|
|
using Backend.Database;
|
|
using Backend.Model;
|
|
using Backend.Model.Relations;
|
|
using Backend.Utils;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Backend.Controllers;
|
|
|
|
|
|
[ApiController]
|
|
[Route("api/")]
|
|
public class Controller
|
|
{
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPost($"{nameof(Login)}")]
|
|
public Object Login(JsonElement usernamepass)
|
|
{
|
|
usernamepass.TryGetProperty("username", out var usr);
|
|
usernamepass.TryGetProperty("password", out var pwd);
|
|
var username = usr.ToString();
|
|
var password = pwd.ToString();
|
|
|
|
if (username is null || username == "" || password == "" || password is null)
|
|
return new HttpResponseMessage(HttpStatusCode.BadRequest);
|
|
|
|
using var db = Db.Connect();
|
|
var user = db.GetUserByEmail(username);
|
|
|
|
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
|
|
Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
|
|
|
|
//Same error as to not communicate if a user exists or not
|
|
if (user is null || user.Password != hashedPassword)
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
var ses = new Session(user);
|
|
db.NewSession(ses);
|
|
return ses.Token;
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPost($"{nameof(Logout)}")]
|
|
public Object Logout()
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
|
|
if (currentUser is null)
|
|
return new HttpResponseMessage(HttpStatusCode.Conflict);
|
|
|
|
return db.DeleteSession(currentUser.Id);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPost($"{nameof(UpdateS3Creds)}")]
|
|
public Object UpdateS3Creds()
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx!.Items["User"]!;
|
|
|
|
return db.CreateAndSaveUserS3ApiKey(currentUser);
|
|
}
|
|
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpGet($"{nameof(GetUserById)}")]
|
|
public Object GetUserById(Int64 id)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var viewedUser = db.GetUserById(id);
|
|
|
|
//using the same error to prevent fishing for ids
|
|
if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
return viewedUser;
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpGet($"{nameof(GetInstallationById)}")]
|
|
public Object GetInstallationById(Int64 id)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var installation = db.GetInstallationById(id);
|
|
|
|
if(currentUser==null
|
|
|| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
|
|
return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
|
|
: installation;
|
|
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpGet($"{nameof(GetFolderById)}")]
|
|
public Object GetFolderById(Int64 id)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var folder = db.GetFolderById(id);
|
|
|
|
if(currentUser==null
|
|
|| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
|
|
return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
|
|
: folder;
|
|
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpGet($"{nameof(GetAllInstallations)}/")]
|
|
public Object GetAllInstallations()
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var user = (User)ctx.Items["User"];
|
|
|
|
if (user != null) return db.GetAllAccessibleInstallations(user).ToList();
|
|
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpGet($"{nameof(GetAllFolders)}/")]
|
|
public Object GetAllFolders()
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var user = (User)ctx.Items["User"];
|
|
|
|
if (user != null) return db.GetAllAccessibleFolders(user).ToList();
|
|
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPut($"{nameof(UpdateUser)}/")]
|
|
public Object UpdateUser(User updatedUser)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
|
|
if (currentUser == null || !currentUser.HasWriteAccess || !db.IsParentOfChild(currentUser, updatedUser))
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPut($"{nameof(UpdateInstallation)}/")]
|
|
public Object UpdateInstallation(Installation updatedInstallation)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
|
|
if (currentUser == null || !currentUser.HasWriteAccess)
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id))
|
|
return db.GetInstallationById(updatedInstallation.Id) == null
|
|
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
|
|
: db.UpdateInstallation(updatedInstallation);
|
|
|
|
db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id);
|
|
return db.CreateInstallation(updatedInstallation);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpPut($"{nameof(UpdateFolder)}/")]
|
|
public Object UpdateFolder(Folder updatedFolder)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
|
|
if (currentUser == null || !currentUser.HasWriteAccess)
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id))
|
|
return db.GetFolderById(updatedFolder.Id) == null
|
|
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
|
|
: db.UpdateFolder(updatedFolder);
|
|
|
|
db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id);
|
|
return db.CreateFolder(updatedFolder);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpDelete($"{nameof(DeleteUser)}/")]
|
|
public Object DeleteUser(Int64 userId)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var userToBeDeleted = db.GetUserById(userId);
|
|
|
|
if (currentUser == null
|
|
|| userToBeDeleted == null
|
|
|| !currentUser.HasWriteAccess
|
|
|| !db.IsParentOfChild(currentUser,userToBeDeleted))
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
return db.DeleteUser(userToBeDeleted);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpDelete($"{nameof(DeleteInstallation)}/")]
|
|
public Object DeleteInstallation(Int64 installationId)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var installationToBeDeleted = db.GetInstallationById(installationId);
|
|
|
|
if (currentUser == null
|
|
|| installationToBeDeleted == null
|
|
|| !currentUser.HasWriteAccess
|
|
|| !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
return db.DeleteInstallation(installationToBeDeleted);
|
|
}
|
|
|
|
[ProducesResponseType(200)]
|
|
[ProducesResponseType(401)]
|
|
[HttpDelete($"{nameof(DeleteFolder)}/")]
|
|
public Object DeleteFolder(Int64 folderId)
|
|
{
|
|
var ctxAccessor = new HttpContextAccessor();
|
|
var ctx = ctxAccessor.HttpContext;
|
|
using var db = Db.Connect();
|
|
var currentUser = (User)ctx.Items["User"];
|
|
var folderToBeDeleted = db.GetFolderById(folderId);
|
|
|
|
if (currentUser == null
|
|
|| folderToBeDeleted == null
|
|
|| !currentUser.HasWriteAccess
|
|
|| !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))
|
|
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
|
|
|
return db.DeleteFolder(folderToBeDeleted);
|
|
}
|
|
|
|
|
|
}
|
|
|