src/server/Api/Internal/Account/CreateTokenRoute.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

using System.Text;

namespace IOL.BookmarkThing.Server.Api.Internal.Account;

public class CreateTokenRoute : RouteBaseInternalSync.WithRequest<CreateTokenRequest>.WithActionResult
{
	private readonly AppDbContext _context;
	private readonly IConfiguration _configuration;
	private readonly ILogger<CreateTokenRoute> _logger;

	public CreateTokenRoute(AppDbContext context, IConfiguration configuration, ILogger<CreateTokenRoute> logger) {
		_context = context;
		_configuration = configuration;
		_logger = logger;
	}

	[ApiVersionNeutral]
	[ApiExplorerSettings(IgnoreApi = true)]
	[HttpPost("~/v{version:apiVersion}/account/create-token")]
	public override ActionResult Handle(CreateTokenRequest request) {
		var user = _context.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
		if (user == default) {
			return NotFound(new ErrorResult("User does not exist"));
		}

		var token_entropy = _configuration.GetValue<string>("TOKEN_ENTROPY");
		if (token_entropy.IsNullOrWhiteSpace()) {
			_logger.LogWarning("No token entropy is available in env:TOKEN_ENTROPY, Basic auth is disabled");
			return NotFound();
		}

		var access_token = new AccessToken {
				Id = Guid.NewGuid(),
				User = user,
				ExpiryDate = request.ExpiryDate.ToUniversalTime(),
				AllowCreate = request.AllowCreate,
				AllowRead = request.AllowRead,
				AllowDelete = request.AllowDelete,
				AllowUpdate = request.AllowUpdate
		};

		_context.AccessTokens.Add(access_token);
		_context.SaveChanges();
		return Ok(Convert.ToBase64String(Encoding.UTF8.GetBytes(access_token.Id.ToString().EncryptWithAes(token_entropy))));
	}
}