Innovenergy_trunk/csharp/app/Backend/Controllers/Controller.cs

using System.Net;
using System.Text;
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
using Backend.Utils;
using Microsoft.AspNetCore.Mvc;

namespace Backend.Controllers;


[ApiController]
[Route("api/")]
public class Controller  
{
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPost($"{nameof(Login)}")]
    public Object Login(JsonElement usernamepass)
    {
        usernamepass.TryGetProperty("username", out var usr);
        usernamepass.TryGetProperty("password", out var pwd);
        var username = usr.ToString();
        var password = pwd.ToString();
        
        if (username is null || password is null)
            return new HttpResponseMessage(HttpStatusCode.BadRequest);
        
        using var db = Db.Connect();
        var user = db.GetUserByEmail(username);

        var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
            Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
        
        //Same error as to not communicate if a user exists or not
        if (user is null || user.Password != hashedPassword)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        var ses = new Session(user);
        db.NewSession(ses);
        return ses.Token;
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPost($"{nameof(Logout)}")]
    public Object Logout()
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser is null)
            return new HttpResponseMessage(HttpStatusCode.Conflict);
        
        return db.DeleteSession(currentUser.Id);
    }
    

    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetUserById)}")]
    public Object GetUserById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var viewedUser = db.GetUserById(id);
        
        //using the same error to prevent fishing for ids
        if (currentUser == null || viewedUser == null  || !db.IsParentOfChild(currentUser, viewedUser))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);

        return viewedUser;
    }   
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetInstallationById)}")]
    public Object GetInstallationById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var installation = db.GetInstallationById(id);
        
        if(currentUser==null 
           || db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
            return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
                    : installation;

        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetFolderById)}")]
    public Object GetFolderById(Int64 id)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var folder = db.GetFolderById(id);
        
        if(currentUser==null 
           || db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
            return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
                    : folder;

        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetAllInstallations)}/")]
    public Object GetAllInstallations()
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var user = (User)ctx.Items["User"];
        
        if (user != null) return db.GetAllAccessibleInstallations(user).ToList();
        
        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpGet($"{nameof(GetAllFolders)}/")]
    public Object GetAllFolders()
    {
        var ctxAccessor = new HttpContextAccessor();
       var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var user = (User)ctx.Items["User"];
        
        if (user != null) return db.GetAllAccessibleFolders(user).ToList();
        
        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateUser)}/")]
    public Object UpdateUser(User updatedUser)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess || !db.IsParentOfChild(currentUser, updatedUser))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.GetUserById(updatedUser.Id) != null ? db.UpdateUser(updatedUser) : db.CreateUser(updatedUser);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateInstallation)}/")]
    public Object UpdateInstallation(Installation updatedInstallation)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        if(db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(updatedInstallation.Id))
            return db.GetInstallationById(updatedInstallation.Id) == null
                ? new HttpResponseMessage(HttpStatusCode.Unauthorized)
                : db.UpdateInstallation(updatedInstallation);
        
        db.AddToAccessibleInstallations(currentUser.Id, updatedInstallation.Id);
        return db.CreateInstallation(updatedInstallation);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpPut($"{nameof(UpdateFolder)}/")]
    public Object UpdateFolder(Folder updatedFolder)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];

        if (currentUser == null || !currentUser.HasWriteAccess)
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        if(db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(updatedFolder.Id))
            return db.GetFolderById(updatedFolder.Id) == null
                ? new HttpResponseMessage(HttpStatusCode.Unauthorized)
                : db.UpdateFolder(updatedFolder);
        
        db.AddToAccessibleFolders(currentUser.Id, updatedFolder.Id);
        return db.CreateFolder(updatedFolder);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteUser)}/")]
    public Object DeleteUser(Int64 userId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var userToBeDeleted = db.GetUserById(userId);
        
        if (currentUser == null 
                                || userToBeDeleted == null 
                                || !currentUser.HasWriteAccess
                                || !db.IsParentOfChild(currentUser,userToBeDeleted))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteUser(userToBeDeleted);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteInstallation)}/")]
    public Object DeleteInstallation(Int64 installationId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var installationToBeDeleted = db.GetInstallationById(installationId);
        
        if (currentUser == null 
            || installationToBeDeleted == null 
            || !currentUser.HasWriteAccess
            || !db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(installationToBeDeleted.Id))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteInstallation(installationToBeDeleted);
    }
    
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    [HttpDelete($"{nameof(DeleteFolder)}/")]
    public Object DeleteFolder(Int64 folderId)
    {
        var ctxAccessor = new HttpContextAccessor();
        var ctx = ctxAccessor.HttpContext;
        using var db = Db.Connect();
        var currentUser = (User)ctx.Items["User"];
        var folderToBeDeleted = db.GetFolderById(folderId);
        
        if (currentUser == null 
            || folderToBeDeleted == null 
            || !currentUser.HasWriteAccess
            || !db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(folderToBeDeleted.Id))
            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
        
        return db.DeleteFolder(folderToBeDeleted);
    }
    

}