diff options
| -rw-r--r-- | src/Services/DevHive.Services/Interfaces/IMessageService.cs | 4 | ||||
| -rw-r--r-- | src/Services/DevHive.Services/Services/MessageService.cs | 71 |
2 files changed, 74 insertions, 1 deletions
diff --git a/src/Services/DevHive.Services/Interfaces/IMessageService.cs b/src/Services/DevHive.Services/Interfaces/IMessageService.cs index a0fd155..5f210e6 100644 --- a/src/Services/DevHive.Services/Interfaces/IMessageService.cs +++ b/src/Services/DevHive.Services/Interfaces/IMessageService.cs @@ -9,5 +9,9 @@ namespace DevHive.Services.Interfaces Task<Guid> CreateMessage(CreateMessageServiceModel createMessageServiceModel); Task<ReadMessageServiceModel> GetMessageById(Guid id); + + Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData); + + Task<bool> ValidateJwtForMessage(Guid messageId, string rawTokenData); } } diff --git a/src/Services/DevHive.Services/Services/MessageService.cs b/src/Services/DevHive.Services/Services/MessageService.cs index d61d64d..3e07fab 100644 --- a/src/Services/DevHive.Services/Services/MessageService.cs +++ b/src/Services/DevHive.Services/Services/MessageService.cs @@ -1,5 +1,10 @@ using System; +using System.Collections.Generic; +using System.IdentityModel.Tokens.Jwt; +using System.Linq; +using System.Security.Claims; using System.Threading.Tasks; +using DevHive.Data.Models; using DevHive.Data.Repositories; using DevHive.Services.Interfaces; using DevHive.Services.Models.Message; @@ -9,10 +14,12 @@ namespace DevHive.Services.Services public class MessageService : IMessageService { private readonly MessageRepository _messageRepository; + private readonly UserRepository _userRepository; - public MessageService(MessageRepository messageRepository) + public MessageService(MessageRepository messageRepository, UserRepository userRepository) { this._messageRepository = messageRepository; + this._userRepository = userRepository; } public Task<Guid> CreateMessage(CreateMessageServiceModel createMessageServiceModel) @@ -24,5 +31,67 @@ namespace DevHive.Services.Services { throw new NotImplementedException(); } + + #region Validations + /// <summary> + /// Checks whether the user Id in the token and the given user Id match + /// </summary> + public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData) + { + User user = await this.GetUserForValidation(rawTokenData); + + return user.Id == userId; + } + + /// <summary> + /// Checks whether the comment, gotten with the commentId, + /// is made by the user in the token + /// or if the user in the token is an admin + /// </summary> + public async Task<bool> ValidateJwtForMessage(Guid messageId, string rawTokenData) + { + Message message = await this._messageRepository.GetByIdAsync(messageId) ?? + throw new ArgumentException("Message does not exist!"); + User user = await this.GetUserForValidation(rawTokenData); + + //If user made the comment + if (message.Creator.Id == user.Id) + return true; + //If user is admin + else if (user.Roles.Any(x => x.Name == Role.AdminRole)) + return true; + else + return false; + } + + /// <summary> + /// Returns the user, via their Id in the token + /// </summary> + private async Task<User> GetUserForValidation(string rawTokenData) + { + JwtSecurityToken jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7)); + + Guid jwtUserId = Guid.Parse(this.GetClaimTypeValues("ID", jwt.Claims).First()); + + User user = await this._userRepository.GetByIdAsync(jwtUserId) ?? + throw new ArgumentException("User does not exist!"); + + return user; + } + + /// <summary> + /// Returns all values from a given claim type + /// </summary> + private List<string> GetClaimTypeValues(string type, IEnumerable<Claim> claims) + { + List<string> toReturn = new(); + + foreach (var claim in claims) + if (claim.Type == type) + toReturn.Add(claim.Value); + + return toReturn; + } + #endregion } } |