diff options
| author | ivarlovlie <git@ivarlovlie.no> | 2022-01-23 11:41:42 +0100 |
|---|---|---|
| committer | ivarlovlie <git@ivarlovlie.no> | 2022-01-23 14:33:05 +0100 |
| commit | ce86d103039b22695b04714ee85e9ef3e1e032b5 (patch) | |
| tree | 557455780de06ceb95dd556ca5ffca0208a1f8ba /src/server/Api/V1/Entries | |
| parent | 89816382424e59ad953b433fbf82c925741b3136 (diff) | |
| download | bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.tar.xz bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.zip | |
feat(auth): Implements first draft of basic auth gen/validation
Diffstat (limited to 'src/server/Api/V1/Entries')
| -rw-r--r-- | src/server/Api/V1/Entries/CreateEntryRoute.cs | 4 | ||||
| -rw-r--r-- | src/server/Api/V1/Entries/DeleteEntryRoute.cs | 4 | ||||
| -rw-r--r-- | src/server/Api/V1/Entries/GetEntriesRoute.cs | 4 | ||||
| -rw-r--r-- | src/server/Api/V1/Entries/UpdateEntryRoute.cs | 5 |
4 files changed, 16 insertions, 1 deletions
diff --git a/src/server/Api/V1/Entries/CreateEntryRoute.cs b/src/server/Api/V1/Entries/CreateEntryRoute.cs index ebe49fc..b502e4a 100644 --- a/src/server/Api/V1/Entries/CreateEntryRoute.cs +++ b/src/server/Api/V1/Entries/CreateEntryRoute.cs @@ -21,6 +21,10 @@ public class CreateEntryRoute : RouteBaseV1Sync.WithRequest<CreateEntryRequest>. [ApiVersion(ApiSpecV1.VERSION_STRING)] [HttpPost("~/v{version:apiVersion}/entries/create")] public override ActionResult<EntryDto> Handle(CreateEntryRequest entry) { + if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_CREATE)) { + return StatusCode(403, "Your token does not permit access to this resource"); + } + var errors = entry.GetErrors(); if (errors.Count != 0) { return BadRequest(errors); diff --git a/src/server/Api/V1/Entries/DeleteEntryRoute.cs b/src/server/Api/V1/Entries/DeleteEntryRoute.cs index fc79049..c979c1f 100644 --- a/src/server/Api/V1/Entries/DeleteEntryRoute.cs +++ b/src/server/Api/V1/Entries/DeleteEntryRoute.cs @@ -18,6 +18,10 @@ public class DeleteEntryRoute : RouteBaseV1Sync.WithRequest<Guid>.WithActionResu [ApiVersion(ApiSpecV1.VERSION_STRING)] [HttpDelete("~/v{version:apiVersion}/entries/{entryId:guid}")] public override ActionResult Handle(Guid entryId) { + if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_DELETE)) { + return StatusCode(403, "Your token does not permit access to this resource"); + } + var entry = _context.Entries.SingleOrDefault(c => c.Id == entryId && c.UserId == LoggedInUser.Id); if (entry == default) { return NotFound(new ErrorResult("Entry does not exist")); diff --git a/src/server/Api/V1/Entries/GetEntriesRoute.cs b/src/server/Api/V1/Entries/GetEntriesRoute.cs index adadf01..27905a2 100644 --- a/src/server/Api/V1/Entries/GetEntriesRoute.cs +++ b/src/server/Api/V1/Entries/GetEntriesRoute.cs @@ -16,6 +16,10 @@ public class GetEntriesRoute : RouteBaseV1Sync.WithoutRequest.WithActionResult<L [ApiVersion(ApiSpecV1.VERSION_STRING)] [HttpGet("~/v{version:apiVersion}/entries")] public override ActionResult<List<EntryDto>> Handle() { + if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_READ)) { + return StatusCode(403, "Your token does not permit access to this resource"); + } + return Ok(_context.Entries.Where(c => c.UserId == LoggedInUser.Id).Select(c => new EntryDto(c))); } } diff --git a/src/server/Api/V1/Entries/UpdateEntryRoute.cs b/src/server/Api/V1/Entries/UpdateEntryRoute.cs index 96c60fe..919364d 100644 --- a/src/server/Api/V1/Entries/UpdateEntryRoute.cs +++ b/src/server/Api/V1/Entries/UpdateEntryRoute.cs @@ -1,4 +1,3 @@ -using System.Security.Cryptography; using IOL.BookmarkThing.Server.Api.V1.Entries.Dtos; namespace IOL.BookmarkThing.Server.Api.V1.Entries; @@ -24,6 +23,10 @@ public class UpdateEntryRoute : RouteBaseV1Sync.WithRequest<UpdateEntryRequest>. [ApiVersion(ApiSpecV1.VERSION_STRING)] [HttpPost("~/v{version:apiVersion}/entries/update")] public override ActionResult<EntryDto> Handle(UpdateEntryRequest entryToUpdate) { + if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_UPDATE)) { + return StatusCode(403, "Your token does not permit access to this resource"); + } + var entry = _context.Entries.SingleOrDefault(c => c.Id == entryToUpdate.Id && c.UserId == LoggedInUser.Id); if (entry == default) { return NotFound(new ErrorResult("Entry does not exist")); |