Innovenergy
/
Innovenergy_trunk
2
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Innovenergy_trunk/csharp/App/Backend/Controllers/Controller.cs

380 lines
12 KiB
C#
Raw Blame History

using System.Net;
using System.Text;
using InnovEnergy.App.Backend.Database;
using InnovEnergy.App.Backend.Model;
using InnovEnergy.App.Backend.Model.Relations;
using InnovEnergy.App.Backend.Utils;
using InnovEnergy.Lib.Utils;
using Microsoft.AspNetCore.Mvc;
using HttpContextAccessor = Microsoft.AspNetCore.Http.HttpContextAccessor;
namespace InnovEnergy.App.Backend.Controllers;
[ApiController]
[Route("api/")]
public class Controller
{
[Returns<String>]
[Returns(HttpStatusCode.Unauthorized)]
[Returns(HttpStatusCode.BadRequest)]
[HttpPost($"{nameof(Login)}")]
public Object Login(Credentials credentials)
{
if (String.IsNullOrWhiteSpace(credentials.Username) ||
String.IsNullOrWhiteSpace(credentials.Password))
return new HttpResponseMessage(HttpStatusCode.BadRequest);
using var db = Db.Connect();
var user = db.GetUserByEmail(credentials.Username);
if (user is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
#if !DEBUG
if (!VerifyPassword(credentials.Password, user))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
#endif
var ses = new Session(user);
db.NewSession(ses);
return ses.Token;
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpPost($"{nameof(Logout)}")]
public Object Logout()
{
var caller = GetCaller();
if (caller is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
return db.DeleteSession(caller.Id);
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpPost($"{nameof(UpdateS3Credentials)}")]
public Object UpdateS3Credentials()
{
// TODO: S3Credentials should be per session, not per user
var caller = GetCaller();
if (caller is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
return db.CreateAndSaveUserS3ApiKey(caller);
}
[Returns<User>]
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetUserById)}")]
public Object GetUserById(Int64 id)
{
var caller = GetCaller();
if (caller is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var user = db
.GetDescendantUsers(caller)
.FirstOrDefault(u => u.Id == id);
return user as Object ?? new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[Returns<Installation>]
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetInstallationById)}")]
public Object GetInstallationById(Int64 id)
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var installation = db
.GetAllAccessibleInstallations(caller)
.FirstOrDefault(i => i.Id == id);
return installation as Object ?? new HttpResponseMessage(HttpStatusCode.NotFound);
}
[Returns<Folder>]
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetFolderById)}")]
public Object GetFolderById(Int64 id)
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var folder = db
.GetAllAccessibleFolders(caller)
.FirstOrDefault(f => f.Id == id);
return folder as Object ?? new HttpResponseMessage(HttpStatusCode.NotFound);
}
[Returns<Installation[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetAllInstallations)}/")]
public Object GetAllInstallations()
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
return db
.GetAllAccessibleInstallations(caller)
.ToList(); // important!
}
[Returns<Folder[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetAllFolders)}/")]
public Object GetAllFolders()
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
return db
.GetAllAccessibleFolders(caller)
.ToList(); // important!
}
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetTree)}/")]
public Object GetTree()
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var folders = db
.GetDirectlyAccessibleFolders(caller) // ReSharper disable once AccessToDisposedClosure
.Select(f => PopulateChildren(db, f));
var installations = db.GetDirectlyAccessibleInstallations(caller);
return folders
.Concat<TreeNode>(installations)
.ToList(); // important!
}
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(HttpStatusCode.Unauthorized)]
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
public Object GetAllFoldersAndInstallations()
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var folders = db.GetAllAccessibleFolders(caller) as IEnumerable<TreeNode>;
var installations = db.GetAllAccessibleInstallations(caller);
return folders
.Concat(installations)
.ToList(); // important!
}
private static Folder PopulateChildren(Db db, Folder folder, HashSet<Int64>? hs = null)
{
// TODO: remove cycle detector
hs ??= new HashSet<Int64>();
if (!hs.Add(folder.Id))
throw new Exception("Cycle detected: folder " + folder.Id);
var installations = db.GetChildInstallations(folder);
var folders = db
.GetChildFolders(folder)
.Select(c => PopulateChildren(db, c, hs));
folder.Children = folders.Concat<TreeNode>(installations).ToList();
return folder;
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpPut($"{nameof(UpdateUser)}/")]
public Object UpdateUser(User updatedUser)
{
// TODO: distinguish between create and update
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
return db.GetUserById(updatedUser.Id) != null
? db.UpdateUser(updatedUser)
: db.CreateUser(updatedUser);
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpPut($"{nameof(UpdateInstallation)}/")]
public Object UpdateInstallation(Installation installation)
{
var caller = GetCaller();
if (caller is null || !caller.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var hasAccessToInstallation = db
.GetAllAccessibleInstallations(caller)
.Any(i => i.Id == installation.Id);
if (!hasAccessToInstallation)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// TODO: accessibility by other users etc
// TODO: sanity check changes
return db.UpdateInstallation(installation);
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpPut($"{nameof(UpdateFolder)}/")]
public Object UpdateFolder(Folder folder)
{
var caller = GetCaller();
if (caller is null || !caller.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var hasAccessToFolder = db
.GetAllAccessibleFolders(caller)
.Any(f => f.Id == folder.Id);
if (!hasAccessToFolder)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
// TODO: accessibility by other users etc
// TODO: sanity check changes
return db.UpdateFolder(folder);
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpDelete($"{nameof(DeleteUser)}/")]
public Object DeleteUser(Int64 userId)
{
var caller = GetCaller();
if (caller is null || !caller.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var userToBeDeleted = db
.GetDescendantUsers(caller)
.FirstOrDefault(u => u.Id == userId);
if (userToBeDeleted is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteUser(userToBeDeleted);
}
[Returns(HttpStatusCode.OK)]
[Returns(HttpStatusCode.Unauthorized)]
[HttpDelete($"{nameof(DeleteInstallation)}/")]
public Object DeleteInstallation(Int64 installationId)
{
var caller = GetCaller();
if (caller is null || !caller.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var installationToBeDeleted = db
.GetAllAccessibleInstallations(caller)
.FirstOrDefault(i => i.Id == installationId);
if (installationToBeDeleted is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteInstallation(installationToBeDeleted);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteFolder)}/")]
public Object DeleteFolder(Int64 folderId)
{
var caller = GetCaller();
if (caller == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
using var db = Db.Connect();
var folderToDelete = db
.GetAllAccessibleFolders(caller)
.FirstOrDefault(f => f.Id == folderId);
if (folderToDelete is null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteFolder(folderToDelete);
}
private static User? GetCaller()
{
var ctxAccessor = new HttpContextAccessor();
return ctxAccessor.HttpContext?.Items["User"] as User;
}
private static Boolean VerifyPassword(String password, User user)
{
var pwdBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(user.Salt + "innovEnergy");
var pwdHash = Crypto.ComputeHash(pwdBytes, saltBytes);
return user.Password == pwdHash;
}
}
Reference in New Issue View Git Blame Copy Permalink