Innovenergy_trunk/csharp/app/Backend/Controllers/Controller.cs

284 lines
10 KiB
C#

using System.Net;
using System.Text;
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
using Backend.Utils;
using Microsoft.AspNetCore.Mvc;
namespace Backend.Controllers;
[ApiController]
[Route("api/")]
public class Controller
{
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(Login)}")]
public Object Login(JsonElement usernamepass)
{
usernamepass.TryGetProperty("username", out var usr);
usernamepass.TryGetProperty("password", out var pwd);
var username = usr.ToString();
var password = pwd.ToString();
if (username is null || username == "" || password == "" || password is null)
return new HttpResponseMessage(HttpStatusCode.BadRequest);
using var db = Db.Connect();
var user = db.GetUserByEmail(username);
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
//Same error as to not communicate if a user exists or not
if (user is null || user.Password != hashedPassword)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var ses = new Session(user);
db.NewSession(ses);
return ses.Token;
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(Logout)}")]
public Object Logout()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser is null)
return new HttpResponseMessage(HttpStatusCode.Conflict);
return db.DeleteSession(currentUser.Id);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPost($"{nameof(UpdateS3Creds)}")]
public Object UpdateS3Creds()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx!.Items["User"]!;
return db.CreateAndSaveUserS3ApiKey(currentUser);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetUserById)}")]
public Object GetUserById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var viewedUser = db.GetUserById(id);
//using the same error to prevent fishing for ids
if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return viewedUser;
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetInstallationById)}")]
public Object GetInstallationById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var installation = db.GetInstallationById(id);
if(currentUser==null
|| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
: installation;
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetFolderById)}")]
public Object GetFolderById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var folder = db.GetFolderById(id);
if(currentUser==null
|| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
: folder;
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllInstallations)}/")]
public Object GetAllInstallations()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"];
if (user != null) return db.GetAllAccessibleInstallations(user).ToList();
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllFolders)}/")]
public Object GetAllFolders()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"];
if (user != null) return db.GetAllAccessibleFolders(user).ToList();
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateUser)}/")]
public Object UpdateUser(User updatedUser)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess || !db.IsParentOfChild(currentUser, updatedUser))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateInstallation)}/")]
public Object UpdateInstallation(Installation updatedInstallation)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id))
return db.GetInstallationById(updatedInstallation.Id) == null
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
: db.UpdateInstallation(updatedInstallation);
db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id);
return db.CreateInstallation(updatedInstallation);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpPut($"{nameof(UpdateFolder)}/")]
public Object UpdateFolder(Folder updatedFolder)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
if (currentUser == null || !currentUser.HasWriteAccess)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id))
return db.GetFolderById(updatedFolder.Id) == null
? new HttpResponseMessage(HttpStatusCode.Unauthorized)
: db.UpdateFolder(updatedFolder);
db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id);
return db.CreateFolder(updatedFolder);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteUser)}/")]
public Object DeleteUser(Int64 userId)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var userToBeDeleted = db.GetUserById(userId);
if (currentUser == null
|| userToBeDeleted == null
|| !currentUser.HasWriteAccess
|| !db.IsParentOfChild(currentUser,userToBeDeleted))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteUser(userToBeDeleted);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteInstallation)}/")]
public Object DeleteInstallation(Int64 installationId)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var installationToBeDeleted = db.GetInstallationById(installationId);
if (currentUser == null
|| installationToBeDeleted == null
|| !currentUser.HasWriteAccess
|| !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteInstallation(installationToBeDeleted);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpDelete($"{nameof(DeleteFolder)}/")]
public Object DeleteFolder(Int64 folderId)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var folderToBeDeleted = db.GetFolderById(folderId);
if (currentUser == null
|| folderToBeDeleted == null
|| !currentUser.HasWriteAccess
|| !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return db.DeleteFolder(folderToBeDeleted);
}
}