Integrated new JWT validation where needed

author: transtrike <transtrike@gmail.com> 2021-02-28 13:00:16 +0200
committer: transtrike <transtrike@gmail.com> 2021-02-28 13:00:16 +0200
commit: 26b18fe3727507d1b47ffb53ed773f133122eee8 (patch)
tree: cad0cdb64cd98edf1ced707b2296fb16da505801 /src/Web/DevHive.Web/Controllers
parent: e4331fe503547df8f17095540cbd4170bbaf2b25 (diff)
download: DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.tar
DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.tar.gz
DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.zip
3 files changed, 24 insertions, 8 deletions
diff --git a/src/Web/DevHive.Web/Controllers/CommentController.cs b/src/Web/DevHive.Web/Controllers/CommentController.cs
index c38e300..b4fae5c 100644
--- a/src/Web/DevHive.Web/Controllers/CommentController.cs
+++ b/src/Web/DevHive.Web/Controllers/CommentController.cs
@@ -6,6 +6,7 @@ using DevHive.Web.Models.Comment;
 using DevHive.Services.Models.Comment;
 using Microsoft.AspNetCore.Authorization;
 using DevHive.Services.Interfaces;
+using DevHive.Common.Jwt.Interfaces;
 
 namespace DevHive.Web.Controllers
 {
@@ -16,16 +17,21 @@ namespace DevHive.Web.Controllers
 	{
 		private readonly ICommentService _commentService;
 		private readonly IMapper _commentMapper;
+		private readonly IJwtService _jwtService;
 
-		public CommentController(ICommentService commentService, IMapper commentMapper)
+		public CommentController(ICommentService commentService, IMapper commentMapper, IJwtService jwtService)
 		{
 			this._commentService = commentService;
 			this._commentMapper = commentMapper;
+			this._jwtService = jwtService;
 		}
 
 		[HttpPost]
 		public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization)
 		{
+			if (!this._jwtService.ValidateToken(userId, authorization))
+				return new UnauthorizedResult();
+
 			if (!await this._commentService.ValidateJwtForCreating(userId, authorization))
 				return new UnauthorizedResult();
 
@@ -53,7 +59,7 @@ namespace DevHive.Web.Controllers
 		[HttpPut]
 		public async Task<IActionResult> UpdateComment(Guid userId, [FromBody] UpdateCommentWebModel updateCommentWebModel, [FromHeader] string authorization)
 		{
-			if (!await this._commentService.ValidateJwtForComment(updateCommentWebModel.CommentId, authorization))
+			if (!this._jwtService.ValidateToken(userId, authorization))
 				return new UnauthorizedResult();
 
 			UpdateCommentServiceModel updateCommentServiceModel =
diff --git a/src/Web/DevHive.Web/Controllers/PostController.cs b/src/Web/DevHive.Web/Controllers/PostController.cs
index d3fdbf6..309070c 100644
--- a/src/Web/DevHive.Web/Controllers/PostController.cs
+++ b/src/Web/DevHive.Web/Controllers/PostController.cs
@@ -6,6 +6,7 @@ using DevHive.Web.Models.Post;
 using DevHive.Services.Models.Post;
 using Microsoft.AspNetCore.Authorization;
 using DevHive.Services.Interfaces;
+using DevHive.Common.Jwt.Interfaces;
 
 namespace DevHive.Web.Controllers
 {
@@ -16,18 +17,20 @@ namespace DevHive.Web.Controllers
 	{
 		private readonly IPostService _postService;
 		private readonly IMapper _postMapper;
+		private readonly IJwtService _jwtService;
 
-		public PostController(IPostService postService, IMapper postMapper)
+		public PostController(IPostService postService, IMapper postMapper, IJwtService jwtService)
 		{
 			this._postService = postService;
 			this._postMapper = postMapper;
+			this._jwtService = jwtService;
 		}
 
 		#region Create
 		[HttpPost]
 		public async Task<IActionResult> Create(Guid userId, [FromForm] CreatePostWebModel createPostWebModel, [FromHeader] string authorization)
 		{
-			if (!await this._postService.ValidateJwtForCreating(userId, authorization))
+			if (!this._jwtService.ValidateToken(userId, authorization))
 				return new UnauthorizedResult();
 
 			CreatePostServiceModel createPostServiceModel =
@@ -58,6 +61,9 @@ namespace DevHive.Web.Controllers
 		[HttpPut]
 		public async Task<IActionResult> Update(Guid userId, [FromForm] UpdatePostWebModel updatePostWebModel, [FromHeader] string authorization)
 		{
+			if (!this._jwtService.ValidateToken(userId, authorization))
+				return new UnauthorizedResult();
+
 			if (!await this._postService.ValidateJwtForPost(updatePostWebModel.PostId, authorization))
 				return new UnauthorizedResult();
 
diff --git a/src/Web/DevHive.Web/Controllers/UserController.cs b/src/Web/DevHive.Web/Controllers/UserController.cs
index a1e87f4..b01ecc1 100644
--- a/src/Web/DevHive.Web/Controllers/UserController.cs
+++ b/src/Web/DevHive.Web/Controllers/UserController.cs
@@ -7,6 +7,8 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using DevHive.Common.Models.Identity;
 using DevHive.Services.Interfaces;
+using DevHive.Common.Jwt.Interfaces;
+using DevHive.Web.Models.Attributes;
 
 namespace DevHive.Web.Controllers
 {
@@ -16,11 +18,13 @@ namespace DevHive.Web.Controllers
 	{
 		private readonly IUserService _userService;
 		private readonly IMapper _userMapper;
+		private readonly IJwtService _jwtService;
 
-		public UserController(IUserService userService, IMapper mapper)
+		public UserController(IUserService userService, IMapper mapper, IJwtService jwtService)
 		{
 			this._userService = userService;
 			this._userMapper = mapper;
+			this._jwtService = jwtService;
 		}
 
 		#region Authentication
@@ -56,7 +60,7 @@ namespace DevHive.Web.Controllers
 		[Authorize(Roles = "User,Admin")]
 		public async Task<IActionResult> GetById(Guid id, [FromHeader] string authorization)
 		{
-			if (!await this._userService.ValidJWT(id, authorization))
+			if (!this._jwtService.ValidateToken(id, authorization))
 				return new UnauthorizedResult();
 
 			UserServiceModel userServiceModel = await this._userService.GetUserById(id);
@@ -82,7 +86,7 @@ namespace DevHive.Web.Controllers
 		[Authorize(Roles = "User,Admin")]
 		public async Task<IActionResult> Update(Guid id, [FromBody] UpdateUserWebModel updateUserWebModel, [FromHeader] string authorization)
 		{
-			if (!await this._userService.ValidJWT(id, authorization))
+			if (!this._jwtService.ValidateToken(id, authorization))
 				return new UnauthorizedResult();
 
 			UpdateUserServiceModel updateUserServiceModel = this._userMapper.Map<UpdateUserServiceModel>(updateUserWebModel);
@@ -100,7 +104,7 @@ namespace DevHive.Web.Controllers
 		[Authorize(Roles = "User,Admin")]
 		public async Task<IActionResult> Delete(Guid id, [FromHeader] string authorization)
 		{
-			if (!await this._userService.ValidJWT(id, authorization))
+			if (!this._jwtService.ValidateToken(id, authorization))
 				return new UnauthorizedResult();
 
 			bool result = await this._userService.DeleteUser(id);
author	transtrike <transtrike@gmail.com>	2021-02-28 13:00:16 +0200
committer	transtrike <transtrike@gmail.com>	2021-02-28 13:00:16 +0200
commit	26b18fe3727507d1b47ffb53ed773f133122eee8 (patch)
tree	cad0cdb64cd98edf1ced707b2296fb16da505801 /src/Web/DevHive.Web/Controllers
parent	e4331fe503547df8f17095540cbd4170bbaf2b25 (diff)
download	DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.tar DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.tar.gz DevHive-26b18fe3727507d1b47ffb53ed773f133122eee8.zip