From 83ae76a1b93c91cf7cfb5fc9ea1ef728ee47c839 Mon Sep 17 00:00:00 2001 From: transtrike Date: Sat, 27 Feb 2021 11:18:09 +0200 Subject: JWT Validations works; Introduced more bugs to fix later --- src/Web/DevHive.Web/Controllers/UserController.cs | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'src/Web/DevHive.Web/Controllers/UserController.cs') diff --git a/src/Web/DevHive.Web/Controllers/UserController.cs b/src/Web/DevHive.Web/Controllers/UserController.cs index 214fba7..a1e87f4 100644 --- a/src/Web/DevHive.Web/Controllers/UserController.cs +++ b/src/Web/DevHive.Web/Controllers/UserController.cs @@ -93,23 +93,6 @@ namespace DevHive.Web.Controllers return new AcceptedResult("UpdateUser", userWebModel); } - - [HttpPut] - [Route("ProfilePicture")] - [Authorize(Roles = "User,Admin")] - public async Task UpdateProfilePicture(Guid userId, [FromForm] UpdateProfilePictureWebModel updateProfilePictureWebModel, [FromHeader] string authorization) - { - if (!await this._userService.ValidJWT(userId, authorization)) - return new UnauthorizedResult(); - - UpdateProfilePictureServiceModel updateProfilePictureServiceModel = this._userMapper.Map(updateProfilePictureWebModel); - updateProfilePictureServiceModel.UserId = userId; - - ProfilePictureServiceModel profilePictureServiceModel = await this._userService.UpdateProfilePicture(updateProfilePictureServiceModel); - ProfilePictureWebModel profilePictureWebModel = this._userMapper.Map(profilePictureServiceModel); - - return new AcceptedResult("UpdateProfilePicture", profilePictureWebModel); - } #endregion #region Delete -- cgit v1.2.3 From 26b18fe3727507d1b47ffb53ed773f133122eee8 Mon Sep 17 00:00:00 2001 From: transtrike Date: Sun, 28 Feb 2021 13:00:16 +0200 Subject: Integrated new JWT validation where needed --- src/.editorconfig | 5 +- .../DevHive.Common/Jwt/Interfaces/IJwtService.cs | 17 +++ src/Common/DevHive.Common/Jwt/JwtService.cs | 2 - .../DevHive.Services/Interfaces/IUserService.cs | 49 ++++++++- .../DevHive.Services/Services/UserService.cs | 117 +-------------------- .../DevHive.Web/Controllers/CommentController.cs | 10 +- src/Web/DevHive.Web/Controllers/PostController.cs | 10 +- src/Web/DevHive.Web/Controllers/UserController.cs | 12 ++- 8 files changed, 95 insertions(+), 127 deletions(-) (limited to 'src/Web/DevHive.Web/Controllers/UserController.cs') diff --git a/src/.editorconfig b/src/.editorconfig index ea2af21..9f0e74b 100644 --- a/src/.editorconfig +++ b/src/.editorconfig @@ -44,9 +44,10 @@ dotnet_diagnostic.IDE0055.severity = warning # Sort using and Import directives with System.* appearing first dotnet_sort_system_directives_first = true dotnet_separate_import_directive_groups = false + # Avoid "this." and "Me." if not necessary -dotnet_style_qualification_for_field = false:refactoring -dotnet_style_qualification_for_property = false:refactoring +dotnet_style_qualification_for_field = true:refactoring +dotnet_style_qualification_for_property = true:refactoring dotnet_style_qualification_for_method = false:refactoring dotnet_style_qualification_for_event = false:refactoring diff --git a/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs index 6f844f5..352a7d5 100644 --- a/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs +++ b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs @@ -5,7 +5,24 @@ namespace DevHive.Common.Jwt.Interfaces { public interface IJwtService { + /// + /// The generation of a JWT, when a new user registers or log ins + /// Tokens have an expiration time of 7 days. + /// + /// User's Guid + /// Users's username + /// List of user's roles + /// Return a new JWT, containing the user id, username and roles. string GenerateJwtToken(Guid userId, string username, List roleNames); + + /// + /// Checks whether the given user, gotten by the "id" property, + /// is the same user as the one in the token (unless the user in the token has the admin role) + /// and the roles in the token are the same as those in the user, gotten by the id in the token + /// + /// Guid of the user being validated + /// The raw token coming from the request + /// Bool result of is the user authenticated to do an action bool ValidateToken(Guid userId, string rawToken); } } diff --git a/src/Common/DevHive.Common/Jwt/JwtService.cs b/src/Common/DevHive.Common/Jwt/JwtService.cs index a0c49db..9f316da 100644 --- a/src/Common/DevHive.Common/Jwt/JwtService.cs +++ b/src/Common/DevHive.Common/Jwt/JwtService.cs @@ -1,11 +1,9 @@ using System; -using System.Buffers.Text; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; using System.Security.Principal; -using System.Text; using DevHive.Common.Jwt.Interfaces; using Microsoft.IdentityModel.Tokens; diff --git a/src/Services/DevHive.Services/Interfaces/IUserService.cs b/src/Services/DevHive.Services/Interfaces/IUserService.cs index 4a9ffc8..a55f9dd 100644 --- a/src/Services/DevHive.Services/Interfaces/IUserService.cs +++ b/src/Services/DevHive.Services/Interfaces/IUserService.cs @@ -7,19 +7,64 @@ namespace DevHive.Services.Interfaces { public interface IUserService { + /// + /// Log ins an existing user and gives him/her a JWT Token for further authorization + /// + /// Login service model, conaining user's username and password + /// A JWT Token for authorization Task LoginUser(LoginServiceModel loginModel); + + /// + /// Registers a new user and gives him/her a JWT Token for further authorization + /// + /// Register service model, containing the new user's data + /// A JWT Token for authorization Task RegisterUser(RegisterServiceModel registerModel); + /// + /// Get a user by his username. Used for querying profiles without provided authentication + /// + /// User's username, who's to be queried + /// The queried user or null, if non existant Task GetUserByUsername(string username); + + /// + /// Get a user by his Guid. Used for querying full user's profile + /// Requires authenticated user + /// + /// User's username, who's to be queried + /// The queried user or null, if non existant Task GetUserById(Guid id); + /// + /// Updates a user's data, provided a full model with new details + /// Requires authenticated user + /// + /// Full update user model for updating + /// Read model of the new user Task UpdateUser(UpdateUserServiceModel updateUserServiceModel); + + /// + /// Uploads the given picture and assigns it's link to the user in the database + /// Requires authenticated user + /// + /// Contains User's Guid and the new picture to be updated + /// The new picture's URL Task UpdateProfilePicture(UpdateProfilePictureServiceModel updateProfilePictureServiceModel); + /// + /// Deletes a user from the database and removes his data entirely + /// Requires authenticated user + /// + /// The user's Guid, who's to be deleted + /// True if successfull, false otherwise Task DeleteUser(Guid id); - Task ValidJWT(Guid id, string rawTokenData); - + /// + /// We don't talk about that! + /// + /// + /// Task SuperSecretPromotionToAdmin(Guid userId); } } diff --git a/src/Services/DevHive.Services/Services/UserService.cs b/src/Services/DevHive.Services/Services/UserService.cs index cbcb116..4f74b06 100644 --- a/src/Services/DevHive.Services/Services/UserService.cs +++ b/src/Services/DevHive.Services/Services/UserService.cs @@ -1,20 +1,14 @@ using AutoMapper; -using DevHive.Services.Options; using DevHive.Services.Models.User; using System.Threading.Tasks; using DevHive.Data.Models; using System; -using System.IdentityModel.Tokens.Jwt; -using System.Security.Claims; -using Microsoft.IdentityModel.Tokens; -using System.Text; using System.Collections.Generic; using DevHive.Common.Models.Identity; using DevHive.Services.Interfaces; using DevHive.Data.Interfaces; using System.Linq; using Microsoft.AspNetCore.Http; -using DevHive.Common.Jwt; using DevHive.Common.Jwt.Interfaces; namespace DevHive.Services.Services @@ -26,7 +20,6 @@ namespace DevHive.Services.Services private readonly ILanguageRepository _languageRepository; private readonly ITechnologyRepository _technologyRepository; private readonly IMapper _userMapper; - private readonly JwtOptions _jwtOptions; private readonly ICloudService _cloudService; private readonly IJwtService _jwtService; @@ -35,14 +28,12 @@ namespace DevHive.Services.Services IRoleRepository roleRepository, ITechnologyRepository technologyRepository, IMapper mapper, - JwtOptions jwtOptions, ICloudService cloudService, IJwtService jwtService) { this._userRepository = userRepository; this._roleRepository = roleRepository; this._userMapper = mapper; - this._jwtOptions = jwtOptions; this._languageRepository = languageRepository; this._technologyRepository = technologyRepository; this._cloudService = cloudService; @@ -50,10 +41,6 @@ namespace DevHive.Services.Services } #region Authentication - /// - /// Adds a new user to the database with the values from the given model. - /// Returns a JSON Web Token (that can be used for authorization) - /// public async Task LoginUser(LoginServiceModel loginModel) { if (!await this._userRepository.DoesUsernameExistAsync(loginModel.UserName)) @@ -64,14 +51,10 @@ namespace DevHive.Services.Services if (!await this._userRepository.VerifyPassword(user, loginModel.Password)) throw new ArgumentException("Incorrect password!"); - return new TokenModel(WriteJWTSecurityToken(user.Id, user.UserName, user.Roles)); + List roleNames = user.Roles.Select(x => x.Name).ToList(); + return new TokenModel(this._jwtService.GenerateJwtToken(user.Id, user.UserName, roleNames)); } - /// - /// Register a user in the database and return a - /// - /// Register model, containing registration information - /// A Token model, containing JWT Token for further verification public async Task RegisterUser(RegisterServiceModel registerModel) { if (await this._userRepository.DoesUsernameExistAsync(registerModel.UserName)) @@ -91,11 +74,8 @@ namespace DevHive.Services.Services throw new ArgumentException("Unable to add role to user"); User createdUser = await this._userRepository.GetByUsernameAsync(registerModel.UserName); - List roleNames = createdUser - .Roles - .Select(x => x.Name) - .ToList(); + List roleNames = createdUser.Roles.Select(x => x.Name).ToList(); return new TokenModel(this._jwtService.GenerateJwtToken(createdUser.Id, createdUser.UserName, roleNames)); } #endregion @@ -140,9 +120,6 @@ namespace DevHive.Services.Services return this._userMapper.Map(newUser); } - /// - /// Uploads the given picture and assigns it's link to the user in the database - /// public async Task UpdateProfilePicture(UpdateProfilePictureServiceModel updateProfilePictureServiceModel) { User user = await this._userRepository.GetByIdAsync(updateProfilePictureServiceModel.UserId); @@ -179,61 +156,7 @@ namespace DevHive.Services.Services #region Validations /// - /// Checks whether the given user, gotten by the "id" property, - /// is the same user as the one in the token (unless the user in the token has the admin role) - /// and the roles in the token are the same as those in the user, gotten by the id in the token - /// - /// - /// - /// - public async Task ValidJWT(Guid id, string rawTokenData) - { - return this._jwtService.ValidateToken(rawTokenData); - // There is authorization name in the beginning, i.e. "Bearer eyJh..." - // var jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7)); - - // Guid jwtUserID = new(UserService.GetClaimTypeValues("ID", jwt.Claims).First()); - // List jwtRoleNames = UserService.GetClaimTypeValues("role", jwt.Claims); - - // User user = await this._userRepository.GetByIdAsync(jwtUserID) - // ?? throw new ArgumentException("User does not exist!"); - - // /* Check if he is an admin */ - // if (user.Roles.Any(x => x.Name == Role.AdminRole)) - // return true; - - // if (!jwtRoleNames.Contains(Role.AdminRole) && user.Id != id) - // return false; - - // // Check if jwt contains all user roles (if it doesn't, jwt is either old or tampered with) - // foreach (var role in user.Roles) - // if (!jwtRoleNames.Contains(role.Name)) - // return false; - - // // Check if jwt contains only roles of user - // if (jwtRoleNames.Count != user.Roles.Count) - // return false; - - // return true; - } - - /// - /// Returns all values from a given claim type - /// - private static List GetClaimTypeValues(string type, IEnumerable claims) - { - List toReturn = new(); - - foreach (var claim in claims) - if (claim.Type == type) - toReturn.Add(claim.Value); - - return toReturn; - } - - /// - /// Checks whether the user in the model exists - /// and whether the username in the model is already taken. + /// Checks whether the user in the model exists and whether the username in the model is already taken. /// If the check fails (is false), it throws an exception, otherwise nothing happens /// private async Task ValidateUserOnUpdate(UpdateUserServiceModel updateUserServiceModel) @@ -255,38 +178,6 @@ namespace DevHive.Services.Services if (!await this._userRepository.ValidateFriendsCollectionAsync(usernames)) throw new ArgumentException("One or more friends do not exist!"); } - - /// - /// Return a new JSON Web Token, containing the user id, username and roles. - /// Tokens have an expiration time of 7 days. - /// - private string WriteJWTSecurityToken(Guid userId, string username, HashSet roles) - { - byte[] signingKey = Encoding.ASCII.GetBytes(_jwtOptions.Secret); - HashSet claims = new() - { - new Claim("ID", $"{userId}"), - new Claim("Username", username) - }; - - foreach (var role in roles) - { - claims.Add(new Claim(ClaimTypes.Role, role.Name)); - } - - SecurityTokenDescriptor tokenDescriptor = new() - { - Subject = new ClaimsIdentity(claims), - Expires = DateTime.Today.AddDays(7), - SigningCredentials = new SigningCredentials( - new SymmetricSecurityKey(signingKey), - SecurityAlgorithms.HmacSha512Signature) - }; - - JwtSecurityTokenHandler tokenHandler = new(); - SecurityToken token = tokenHandler.CreateToken(tokenDescriptor); - return tokenHandler.WriteToken(token); - } #endregion #region Misc diff --git a/src/Web/DevHive.Web/Controllers/CommentController.cs b/src/Web/DevHive.Web/Controllers/CommentController.cs index c38e300..b4fae5c 100644 --- a/src/Web/DevHive.Web/Controllers/CommentController.cs +++ b/src/Web/DevHive.Web/Controllers/CommentController.cs @@ -6,6 +6,7 @@ using DevHive.Web.Models.Comment; using DevHive.Services.Models.Comment; using Microsoft.AspNetCore.Authorization; using DevHive.Services.Interfaces; +using DevHive.Common.Jwt.Interfaces; namespace DevHive.Web.Controllers { @@ -16,16 +17,21 @@ namespace DevHive.Web.Controllers { private readonly ICommentService _commentService; private readonly IMapper _commentMapper; + private readonly IJwtService _jwtService; - public CommentController(ICommentService commentService, IMapper commentMapper) + public CommentController(ICommentService commentService, IMapper commentMapper, IJwtService jwtService) { this._commentService = commentService; this._commentMapper = commentMapper; + this._jwtService = jwtService; } [HttpPost] public async Task AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization) { + if (!this._jwtService.ValidateToken(userId, authorization)) + return new UnauthorizedResult(); + if (!await this._commentService.ValidateJwtForCreating(userId, authorization)) return new UnauthorizedResult(); @@ -53,7 +59,7 @@ namespace DevHive.Web.Controllers [HttpPut] public async Task UpdateComment(Guid userId, [FromBody] UpdateCommentWebModel updateCommentWebModel, [FromHeader] string authorization) { - if (!await this._commentService.ValidateJwtForComment(updateCommentWebModel.CommentId, authorization)) + if (!this._jwtService.ValidateToken(userId, authorization)) return new UnauthorizedResult(); UpdateCommentServiceModel updateCommentServiceModel = diff --git a/src/Web/DevHive.Web/Controllers/PostController.cs b/src/Web/DevHive.Web/Controllers/PostController.cs index d3fdbf6..309070c 100644 --- a/src/Web/DevHive.Web/Controllers/PostController.cs +++ b/src/Web/DevHive.Web/Controllers/PostController.cs @@ -6,6 +6,7 @@ using DevHive.Web.Models.Post; using DevHive.Services.Models.Post; using Microsoft.AspNetCore.Authorization; using DevHive.Services.Interfaces; +using DevHive.Common.Jwt.Interfaces; namespace DevHive.Web.Controllers { @@ -16,18 +17,20 @@ namespace DevHive.Web.Controllers { private readonly IPostService _postService; private readonly IMapper _postMapper; + private readonly IJwtService _jwtService; - public PostController(IPostService postService, IMapper postMapper) + public PostController(IPostService postService, IMapper postMapper, IJwtService jwtService) { this._postService = postService; this._postMapper = postMapper; + this._jwtService = jwtService; } #region Create [HttpPost] public async Task Create(Guid userId, [FromForm] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) { - if (!await this._postService.ValidateJwtForCreating(userId, authorization)) + if (!this._jwtService.ValidateToken(userId, authorization)) return new UnauthorizedResult(); CreatePostServiceModel createPostServiceModel = @@ -58,6 +61,9 @@ namespace DevHive.Web.Controllers [HttpPut] public async Task Update(Guid userId, [FromForm] UpdatePostWebModel updatePostWebModel, [FromHeader] string authorization) { + if (!this._jwtService.ValidateToken(userId, authorization)) + return new UnauthorizedResult(); + if (!await this._postService.ValidateJwtForPost(updatePostWebModel.PostId, authorization)) return new UnauthorizedResult(); diff --git a/src/Web/DevHive.Web/Controllers/UserController.cs b/src/Web/DevHive.Web/Controllers/UserController.cs index a1e87f4..b01ecc1 100644 --- a/src/Web/DevHive.Web/Controllers/UserController.cs +++ b/src/Web/DevHive.Web/Controllers/UserController.cs @@ -7,6 +7,8 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using DevHive.Common.Models.Identity; using DevHive.Services.Interfaces; +using DevHive.Common.Jwt.Interfaces; +using DevHive.Web.Models.Attributes; namespace DevHive.Web.Controllers { @@ -16,11 +18,13 @@ namespace DevHive.Web.Controllers { private readonly IUserService _userService; private readonly IMapper _userMapper; + private readonly IJwtService _jwtService; - public UserController(IUserService userService, IMapper mapper) + public UserController(IUserService userService, IMapper mapper, IJwtService jwtService) { this._userService = userService; this._userMapper = mapper; + this._jwtService = jwtService; } #region Authentication @@ -56,7 +60,7 @@ namespace DevHive.Web.Controllers [Authorize(Roles = "User,Admin")] public async Task GetById(Guid id, [FromHeader] string authorization) { - if (!await this._userService.ValidJWT(id, authorization)) + if (!this._jwtService.ValidateToken(id, authorization)) return new UnauthorizedResult(); UserServiceModel userServiceModel = await this._userService.GetUserById(id); @@ -82,7 +86,7 @@ namespace DevHive.Web.Controllers [Authorize(Roles = "User,Admin")] public async Task Update(Guid id, [FromBody] UpdateUserWebModel updateUserWebModel, [FromHeader] string authorization) { - if (!await this._userService.ValidJWT(id, authorization)) + if (!this._jwtService.ValidateToken(id, authorization)) return new UnauthorizedResult(); UpdateUserServiceModel updateUserServiceModel = this._userMapper.Map(updateUserWebModel); @@ -100,7 +104,7 @@ namespace DevHive.Web.Controllers [Authorize(Roles = "User,Admin")] public async Task Delete(Guid id, [FromHeader] string authorization) { - if (!await this._userService.ValidJWT(id, authorization)) + if (!this._jwtService.ValidateToken(id, authorization)) return new UnauthorizedResult(); bool result = await this._userService.DeleteUser(id); -- cgit v1.2.3 From 441f04790659a439c0054b7b06130d14cc2eb90b Mon Sep 17 00:00:00 2001 From: transtrike Date: Sat, 13 Mar 2021 10:01:23 +0200 Subject: Technology xml comments added; Needs finish --- .../Controllers/TechnologyController.cs | 5 +++ src/Web/DevHive.Web/Controllers/UserController.cs | 52 ++++++++++++++++++++-- 2 files changed, 54 insertions(+), 3 deletions(-) (limited to 'src/Web/DevHive.Web/Controllers/UserController.cs') diff --git a/src/Web/DevHive.Web/Controllers/TechnologyController.cs b/src/Web/DevHive.Web/Controllers/TechnologyController.cs index e507899..ba3f04a 100644 --- a/src/Web/DevHive.Web/Controllers/TechnologyController.cs +++ b/src/Web/DevHive.Web/Controllers/TechnologyController.cs @@ -23,6 +23,11 @@ namespace DevHive.Web.Controllers this._technologyMapper = technologyMapper; } + /// + /// Create a new technology, so users can have a choice. Admin only! + /// + /// Data for the new technology + /// [HttpPost] [Authorize(Roles = "Admin")] public async Task Create([FromBody] CreateTechnologyWebModel createTechnologyWebModel) diff --git a/src/Web/DevHive.Web/Controllers/UserController.cs b/src/Web/DevHive.Web/Controllers/UserController.cs index b01ecc1..86076e5 100644 --- a/src/Web/DevHive.Web/Controllers/UserController.cs +++ b/src/Web/DevHive.Web/Controllers/UserController.cs @@ -8,12 +8,16 @@ using Microsoft.AspNetCore.Mvc; using DevHive.Common.Models.Identity; using DevHive.Services.Interfaces; using DevHive.Common.Jwt.Interfaces; -using DevHive.Web.Models.Attributes; +using NSwag.Annotations; namespace DevHive.Web.Controllers { + /// + /// All endpoints for integration with the User + /// [ApiController] [Route("/api/[controller]")] + [OpenApiController("User Controller")] public class UserController : ControllerBase { private readonly IUserService _userService; @@ -28,9 +32,15 @@ namespace DevHive.Web.Controllers } #region Authentication + /// + /// Login endpoint for the DevHive Social Platform + /// + /// Login model with username and password + /// A JWT Token for further validation [HttpPost] - [Route("Login")] [AllowAnonymous] + [Route("Login")] + [OpenApiTags("Authorization")] public async Task Login([FromBody] LoginWebModel loginModel) { LoginServiceModel loginServiceModel = this._userMapper.Map(loginModel); @@ -41,9 +51,15 @@ namespace DevHive.Web.Controllers return new OkObjectResult(tokenWebModel); } + /// + /// Register a new User in the DevHive Social Platform + /// + /// Register model with the new data to provide + /// A JWT Token for further validation [HttpPost] - [Route("Register")] [AllowAnonymous] + [Route("Register")] + [OpenApiTag("Authorization")] public async Task Register([FromBody] RegisterWebModel registerModel) { RegisterServiceModel registerServiceModel = this._userMapper.Map(registerModel); @@ -56,6 +72,12 @@ namespace DevHive.Web.Controllers #endregion #region Read + /// + /// Get a User's information using the Guid + /// + /// User's Guid + /// The JWT Token, contained in the header and used for validation + /// A full User's read model [HttpGet] [Authorize(Roles = "User,Admin")] public async Task GetById(Guid id, [FromHeader] string authorization) @@ -69,6 +91,11 @@ namespace DevHive.Web.Controllers return new OkObjectResult(userWebModel); } + /// + /// Get a User's profile using his username. Does NOT require authorization + /// + /// User's username + /// A trimmed version of the full User's read model [HttpGet] [Route("GetUser")] [AllowAnonymous] @@ -82,6 +109,13 @@ namespace DevHive.Web.Controllers #endregion #region Update + /// + /// Full update on User's data. A PUSTINQK can only edit his account + /// + /// The User's Guid + /// A full User update model + /// The JWT Token, contained in the header and used for validation + /// A full User's read model [HttpPut] [Authorize(Roles = "User,Admin")] public async Task Update(Guid id, [FromBody] UpdateUserWebModel updateUserWebModel, [FromHeader] string authorization) @@ -100,6 +134,12 @@ namespace DevHive.Web.Controllers #endregion #region Delete + /// + /// Delete a User with his Id. A PUSTINQK can only delete his account. An Admin can delete all accounts + /// + /// The User's Guid + /// The JWT Token, contained in the header and used for validation + /// Ok, BadRequest or Unauthorized [HttpDelete] [Authorize(Roles = "User,Admin")] public async Task Delete(Guid id, [FromHeader] string authorization) @@ -115,7 +155,13 @@ namespace DevHive.Web.Controllers } #endregion + /// + /// We don't talk about that, NIGGA! + /// + /// + /// [HttpPost] + [OpenApiIgnore] [Authorize(Roles = "User,Admin")] [Route("SuperSecretPromotionToAdmin")] public async Task SuperSecretPromotionToAdmin(Guid userId) -- cgit v1.2.3 From 93ded2b68a31fc9da643ac65955219e4f306ab82 Mon Sep 17 00:00:00 2001 From: transtrike Date: Sat, 13 Mar 2021 11:44:01 +0200 Subject: XML Docs on all controllers --- .../DevHive.Web/Controllers/CommentController.cs | 38 +++++++++++++++++++--- src/Web/DevHive.Web/Controllers/FeedController.cs | 15 +++++++++ .../DevHive.Web/Controllers/LanguageController.cs | 32 ++++++++++++++++-- src/Web/DevHive.Web/Controllers/PostController.cs | 34 +++++++++++++++++-- .../Controllers/ProfilePictureController.cs | 18 +++++++++- src/Web/DevHive.Web/Controllers/RoleController.cs | 24 ++++++++++++++ .../Controllers/TechnologyController.cs | 25 +++++++++++++- src/Web/DevHive.Web/Controllers/UserController.cs | 6 ++-- src/Web/DevHive.Web/DevHive.Web.csproj | 5 ++- 9 files changed, 181 insertions(+), 16 deletions(-) (limited to 'src/Web/DevHive.Web/Controllers/UserController.cs') diff --git a/src/Web/DevHive.Web/Controllers/CommentController.cs b/src/Web/DevHive.Web/Controllers/CommentController.cs index 1722801..8fa3577 100644 --- a/src/Web/DevHive.Web/Controllers/CommentController.cs +++ b/src/Web/DevHive.Web/Controllers/CommentController.cs @@ -10,6 +10,9 @@ using DevHive.Common.Jwt.Interfaces; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the comments layer + /// [ApiController] [Route("/api/[controller]")] [Authorize(Roles = "User,Admin")] @@ -26,6 +29,13 @@ namespace DevHive.Web.Controllers this._jwtService = jwtService; } + /// + /// Create a comment and attach it to a post + /// + /// The useer's Id + /// The new comment's parametars + /// JWT Bearer token + /// The comment's Id [HttpPost] public async Task AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization) { @@ -46,16 +56,28 @@ namespace DevHive.Web.Controllers new OkObjectResult(new { Id = id }); } + /// + /// Query comment's data by it's Id + /// + /// The comment's Id + /// Full data model of the comment [HttpGet] [AllowAnonymous] - public async Task GetCommentById(Guid id) + public async Task GetCommentById(Guid commentId) { - ReadCommentServiceModel readCommentServiceModel = await this._commentService.GetCommentById(id); + ReadCommentServiceModel readCommentServiceModel = await this._commentService.GetCommentById(commentId); ReadCommentWebModel readCommentWebModel = this._commentMapper.Map(readCommentServiceModel); return new OkObjectResult(readCommentWebModel); } + /// + /// Update comment's parametars. Comment creator only! + /// + /// The comment creator's Id + /// New comment's parametars + /// JWT Bearer token + /// Ok result [HttpPut] public async Task UpdateComment(Guid userId, [FromBody] UpdateCommentWebModel updateCommentWebModel, [FromHeader] string authorization) { @@ -73,13 +95,19 @@ namespace DevHive.Web.Controllers new OkObjectResult(new { Id = id }); } + /// + /// Delete a comment. Comment creator only! + /// + /// Comment's Id + /// JWT Bearer token + /// Ok result [HttpDelete] - public async Task DeleteComment(Guid id, [FromHeader] string authorization) + public async Task DeleteComment(Guid commentId, [FromHeader] string authorization) { - if (!await this._commentService.ValidateJwtForComment(id, authorization)) + if (!await this._commentService.ValidateJwtForComment(commentId, authorization)) return new UnauthorizedResult(); - return await this._commentService.DeleteComment(id) ? + return await this._commentService.DeleteComment(commentId) ? new OkResult() : new BadRequestObjectResult("Could not delete Comment"); } diff --git a/src/Web/DevHive.Web/Controllers/FeedController.cs b/src/Web/DevHive.Web/Controllers/FeedController.cs index abca3e4..37532a9 100644 --- a/src/Web/DevHive.Web/Controllers/FeedController.cs +++ b/src/Web/DevHive.Web/Controllers/FeedController.cs @@ -10,6 +10,9 @@ using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the feed layer + /// [ApiController] [Route("/api/[controller]")] [Authorize(Roles = "User,Admin")] @@ -24,6 +27,12 @@ namespace DevHive.Web.Controllers this._mapper = mapper; } + /// + /// Query posts for user's feed + /// + /// The user's Id, whose feed is begin queried + /// Page parametars + /// A page of the feed [HttpPost] [Route("GetPosts")] public async Task GetPosts(Guid userId, [FromBody] GetPageWebModel getPageWebModel) @@ -37,6 +46,12 @@ namespace DevHive.Web.Controllers return new OkObjectResult(readPageWebModel); } + /// + /// Query a user profile's posts + /// + /// The user's username, whose posts are being queried + /// Page parametars + /// A page of the user's posts [HttpPost] [Route("GetUserPosts")] [AllowAnonymous] diff --git a/src/Web/DevHive.Web/Controllers/LanguageController.cs b/src/Web/DevHive.Web/Controllers/LanguageController.cs index 5b0d5de..665fb66 100644 --- a/src/Web/DevHive.Web/Controllers/LanguageController.cs +++ b/src/Web/DevHive.Web/Controllers/LanguageController.cs @@ -10,6 +10,9 @@ using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the language layer + /// [ApiController] [Route("/api/[controller]")] public class LanguageController @@ -23,6 +26,11 @@ namespace DevHive.Web.Controllers this._languageMapper = mapper; } + /// + /// Create a new language, so users can have a choice. Admin only! + /// + /// The new language's parametars + /// The new language's Id [HttpPost] [Authorize(Roles = "Admin")] public async Task Create([FromBody] CreateLanguageWebModel createLanguageWebModel) @@ -36,6 +44,11 @@ namespace DevHive.Web.Controllers new OkObjectResult(new { Id = id }); } + /// + /// Query full language data by Id + /// + /// The language's Id + /// Full language data [HttpGet] [AllowAnonymous] public async Task GetById(Guid id) @@ -46,6 +59,10 @@ namespace DevHive.Web.Controllers return new OkObjectResult(languageWebModel); } + /// + /// Query all languages in the database + /// + /// All languages in the database [HttpGet] [Route("GetLanguages")] [Authorize(Roles = "User,Admin")] @@ -57,6 +74,12 @@ namespace DevHive.Web.Controllers return new OkObjectResult(languageWebModels); } + /// + /// Alter language's properties. Admin only! + /// + /// The language's Id + /// The langauge's new parametars + /// Ok result [HttpPut] [Authorize(Roles = "Admin")] public async Task Update(Guid id, [FromBody] UpdateLanguageWebModel updateModel) @@ -72,11 +95,16 @@ namespace DevHive.Web.Controllers return new OkResult(); } + /// + /// Delete a language. Admin only! + /// + /// The language's Id + /// Ok result [HttpDelete] [Authorize(Roles = "Admin")] - public async Task Delete(Guid id) + public async Task Delete(Guid langaugeId) { - bool result = await this._languageService.DeleteLanguage(id); + bool result = await this._languageService.DeleteLanguage(langaugeId); if (!result) return new BadRequestObjectResult("Could not delete Language"); diff --git a/src/Web/DevHive.Web/Controllers/PostController.cs b/src/Web/DevHive.Web/Controllers/PostController.cs index 309070c..44b291d 100644 --- a/src/Web/DevHive.Web/Controllers/PostController.cs +++ b/src/Web/DevHive.Web/Controllers/PostController.cs @@ -10,6 +10,9 @@ using DevHive.Common.Jwt.Interfaces; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the post layer + /// [ApiController] [Route("/api/[controller]")] [Authorize(Roles = "User,Admin")] @@ -27,6 +30,13 @@ namespace DevHive.Web.Controllers } #region Create + /// + /// Create a new post + /// + /// The user's Id + /// The new post's data + /// JWT Bearer token + /// New post's Id [HttpPost] public async Task Create(Guid userId, [FromForm] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) { @@ -46,6 +56,11 @@ namespace DevHive.Web.Controllers #endregion #region Read + /// + /// Query full post's data by it's Id + /// + /// The post's Id + /// Full data model of the post [HttpGet] [AllowAnonymous] public async Task GetById(Guid id) @@ -58,6 +73,13 @@ namespace DevHive.Web.Controllers #endregion #region Update + /// + /// Update post's data. Creator only! + /// + /// The post creator's Id + /// The new params of the post + /// JWT Bearer token + /// The post's Id [HttpPut] public async Task Update(Guid userId, [FromForm] UpdatePostWebModel updatePostWebModel, [FromHeader] string authorization) { @@ -80,13 +102,19 @@ namespace DevHive.Web.Controllers #endregion #region Delete + /// + /// Delete a post. Creator only! + /// + /// Post's Id + /// JWT Bearer token + /// Ok result [HttpDelete] - public async Task Delete(Guid id, [FromHeader] string authorization) + public async Task Delete(Guid postId, [FromHeader] string authorization) { - if (!await this._postService.ValidateJwtForPost(id, authorization)) + if (!await this._postService.ValidateJwtForPost(postId, authorization)) return new UnauthorizedResult(); - return await this._postService.DeletePost(id) ? + return await this._postService.DeletePost(postId) ? new OkResult() : new BadRequestObjectResult("Could not delete Post"); } diff --git a/src/Web/DevHive.Web/Controllers/ProfilePictureController.cs b/src/Web/DevHive.Web/Controllers/ProfilePictureController.cs index d3971ff..2eec99e 100644 --- a/src/Web/DevHive.Web/Controllers/ProfilePictureController.cs +++ b/src/Web/DevHive.Web/Controllers/ProfilePictureController.cs @@ -1,16 +1,32 @@ using System; using System.Threading.Tasks; -using DevHive.Services.Models.User; using DevHive.Web.Models.User; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the profile picture layer + /// [ApiController] [Route("api/[controller]")] public class ProfilePictureController { + // private readonly ProfilePictureService _profilePictureService; + + // public ProfilePictureController(ProfilePictureService profilePictureService) + // { + // this._profilePictureService = profilePictureService; + // } + + /// + /// Alter the profile picture of a user + /// + /// The user's Id + /// The new profile picture + /// JWT Bearer Token + /// ??? [HttpPut] [Route("ProfilePicture")] [Authorize(Roles = "User,Admin")] diff --git a/src/Web/DevHive.Web/Controllers/RoleController.cs b/src/Web/DevHive.Web/Controllers/RoleController.cs index 1465795..ebb305e 100644 --- a/src/Web/DevHive.Web/Controllers/RoleController.cs +++ b/src/Web/DevHive.Web/Controllers/RoleController.cs @@ -9,6 +9,9 @@ using Microsoft.AspNetCore.Authorization; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the roles layer + /// [ApiController] [Route("/api/[controller]")] public class RoleController @@ -22,6 +25,11 @@ namespace DevHive.Web.Controllers this._roleMapper = mapper; } + /// + /// Create a new role for the roles hierarchy. Admin only! + /// + /// The new role's parametars + /// The new role's Id [HttpPost] [Authorize(Roles = "Admin")] public async Task Create([FromBody] CreateRoleWebModel createRoleWebModel) @@ -36,6 +44,11 @@ namespace DevHive.Web.Controllers new OkObjectResult(new { Id = id }); } + /// + /// Get a role's full data, querying it by it's Id + /// + /// The role's Id + /// Full info of the role [HttpGet] [Authorize(Roles = "User,Admin")] public async Task GetById(Guid id) @@ -46,6 +59,12 @@ namespace DevHive.Web.Controllers return new OkObjectResult(roleWebModel); } + /// + /// Update a role's parametars. Admin only! + /// + /// The role's Id + /// The new parametrats for that role + /// Ok result [HttpPut] [Authorize(Roles = "Admin")] public async Task Update(Guid id, [FromBody] UpdateRoleWebModel updateRoleWebModel) @@ -62,6 +81,11 @@ namespace DevHive.Web.Controllers return new OkResult(); } + /// + /// Delete a role. Admin only! + /// + /// The role's Id + /// Ok result [HttpDelete] [Authorize(Roles = "Admin")] public async Task Delete(Guid id) diff --git a/src/Web/DevHive.Web/Controllers/TechnologyController.cs b/src/Web/DevHive.Web/Controllers/TechnologyController.cs index ba3f04a..ecf2bd7 100644 --- a/src/Web/DevHive.Web/Controllers/TechnologyController.cs +++ b/src/Web/DevHive.Web/Controllers/TechnologyController.cs @@ -10,6 +10,9 @@ using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { + /// + /// All endpoints for interacting with the technology layer + /// [ApiController] [Route("/api/[controller]")] public class TechnologyController @@ -27,7 +30,7 @@ namespace DevHive.Web.Controllers /// Create a new technology, so users can have a choice. Admin only! /// /// Data for the new technology - /// + /// The new technology's Id [HttpPost] [Authorize(Roles = "Admin")] public async Task Create([FromBody] CreateTechnologyWebModel createTechnologyWebModel) @@ -41,6 +44,11 @@ namespace DevHive.Web.Controllers new OkObjectResult(new { Id = id }); } + /// + /// Get technology's data by it's Id + /// + /// The technology's Id + /// The technology's full data [HttpGet] [AllowAnonymous] public async Task GetById(Guid id) @@ -51,6 +59,10 @@ namespace DevHive.Web.Controllers return new OkObjectResult(readTechnologyWebModel); } + /// + /// Get all technologies from our database + /// + /// All technologies [HttpGet] [Route("GetTechnologies")] [Authorize(Roles = "User,Admin")] @@ -62,6 +74,12 @@ namespace DevHive.Web.Controllers return new OkObjectResult(languageWebModels); } + /// + /// Alter a technology's parameters. Admin only! + /// + /// Technology's Id + /// The new parametars + /// Ok result [HttpPut] [Authorize(Roles = "Admin")] public async Task Update(Guid id, [FromBody] UpdateTechnologyWebModel updateModel) @@ -77,6 +95,11 @@ namespace DevHive.Web.Controllers return new OkResult(); } + /// + /// Delete a etchnology from the database. Admin only! + /// + /// The technology's Id + /// Ok result [HttpDelete] [Authorize(Roles = "Admin")] public async Task Delete(Guid id) diff --git a/src/Web/DevHive.Web/Controllers/UserController.cs b/src/Web/DevHive.Web/Controllers/UserController.cs index 86076e5..4d01447 100644 --- a/src/Web/DevHive.Web/Controllers/UserController.cs +++ b/src/Web/DevHive.Web/Controllers/UserController.cs @@ -75,7 +75,7 @@ namespace DevHive.Web.Controllers /// /// Get a User's information using the Guid /// - /// User's Guid + /// User's Id /// The JWT Token, contained in the header and used for validation /// A full User's read model [HttpGet] @@ -112,7 +112,7 @@ namespace DevHive.Web.Controllers /// /// Full update on User's data. A PUSTINQK can only edit his account /// - /// The User's Guid + /// The User's Id /// A full User update model /// The JWT Token, contained in the header and used for validation /// A full User's read model @@ -137,7 +137,7 @@ namespace DevHive.Web.Controllers /// /// Delete a User with his Id. A PUSTINQK can only delete his account. An Admin can delete all accounts /// - /// The User's Guid + /// The User's Id /// The JWT Token, contained in the header and used for validation /// Ok, BadRequest or Unauthorized [HttpDelete] diff --git a/src/Web/DevHive.Web/DevHive.Web.csproj b/src/Web/DevHive.Web/DevHive.Web.csproj index 38f21e6..39322ae 100644 --- a/src/Web/DevHive.Web/DevHive.Web.csproj +++ b/src/Web/DevHive.Web/DevHive.Web.csproj @@ -25,6 +25,9 @@ + + + @@ -32,4 +35,4 @@ - + \ No newline at end of file -- cgit v1.2.3