2 files changed, 74 insertions, 1 deletions

diff --git a/src/Services/DevHive.Services/Interfaces/IMessageService.cs b/src/Services/DevHive.Services/Interfaces/IMessageService.cs
index a0fd155..5f210e6 100644
--- a/src/Services/DevHive.Services/Interfaces/IMessageService.cs
+++ b/src/Services/DevHive.Services/Interfaces/IMessageService.cs
@@ -9,5 +9,9 @@ namespace DevHive.Services.Interfaces
 		Task<Guid> CreateMessage(CreateMessageServiceModel createMessageServiceModel);
 
 		Task<ReadMessageServiceModel> GetMessageById(Guid id);
+
+		Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData);
+
+		Task<bool> ValidateJwtForMessage(Guid messageId, string rawTokenData);
 	}
 }
diff --git a/src/Services/DevHive.Services/Services/MessageService.cs b/src/Services/DevHive.Services/Services/MessageService.cs
index d61d64d..3e07fab 100644
--- a/src/Services/DevHive.Services/Services/MessageService.cs
+++ b/src/Services/DevHive.Services/Services/MessageService.cs
@@ -1,5 +1,10 @@
 using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
 using System.Threading.Tasks;
+using DevHive.Data.Models;
 using DevHive.Data.Repositories;
 using DevHive.Services.Interfaces;
 using DevHive.Services.Models.Message;
@@ -9,10 +14,12 @@ namespace DevHive.Services.Services
 	public class MessageService : IMessageService
 	{
 		private readonly MessageRepository _messageRepository;
+		private readonly UserRepository _userRepository;
 
-		public MessageService(MessageRepository messageRepository)
+		public MessageService(MessageRepository messageRepository, UserRepository userRepository)
 		{
 			this._messageRepository = messageRepository;
+			this._userRepository = userRepository;
 		}
 
 		public Task<Guid> CreateMessage(CreateMessageServiceModel createMessageServiceModel)
@@ -24,5 +31,67 @@ namespace DevHive.Services.Services
 		{
 			throw new NotImplementedException();
 		}
+
+		#region Validations
+		/// <summary>
+		/// Checks whether the user Id in the token and the given user Id match
+		/// </summary>
+		public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData)
+		{
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			return user.Id == userId;
+		}
+
+		/// <summary>
+		/// Checks whether the comment, gotten with the commentId,
+		/// is made by the user in the token
+		/// or if the user in the token is an admin
+		/// </summary>
+		public async Task<bool> ValidateJwtForMessage(Guid messageId, string rawTokenData)
+		{
+			Message message = await this._messageRepository.GetByIdAsync(messageId) ??
+				throw new ArgumentException("Message does not exist!");
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			//If user made the comment
+			if (message.Creator.Id == user.Id)
+				return true;
+			//If user is admin
+			else if (user.Roles.Any(x => x.Name == Role.AdminRole))
+				return true;
+			else
+				return false;
+		}
+
+		/// <summary>
+		/// Returns the user, via their Id in the token
+		/// </summary>
+		private async Task<User> GetUserForValidation(string rawTokenData)
+		{
+			JwtSecurityToken jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7));
+
+			Guid jwtUserId = Guid.Parse(this.GetClaimTypeValues("ID", jwt.Claims).First());
+
+			User user = await this._userRepository.GetByIdAsync(jwtUserId) ??
+				throw new ArgumentException("User does not exist!");
+
+			return user;
+		}
+
+		/// <summary>
+		/// Returns all values from a given claim type
+		/// </summary>
+		private List<string> GetClaimTypeValues(string type, IEnumerable<Claim> claims)
+		{
+			List<string> toReturn = new();
+
+			foreach (var claim in claims)
+				if (claim.Type == type)
+					toReturn.Add(claim.Value);
+
+			return toReturn;
+		}
+		#endregion
 	}
 }