From b7e39b59fd0fc7b5610ebff29035bf622079e0d8 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Wed, 5 Oct 2022 20:45:21 +0800
Subject: refactor: Change file structure

---
 .../src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs | 57 ++++++++++++++++++++++
 .../src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs | 33 +++++++++++++
 .../src/Endpoints/V1/ApiTokens/GetTokensRoute.cs   | 22 +++++++++
 3 files changed, 112 insertions(+)
 create mode 100644 code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
 create mode 100644 code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs
 create mode 100644 code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs

(limited to 'code/api/src/Endpoints/V1/ApiTokens')

diff --git a/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
new file mode 100644
index 0000000..2086619
--- /dev/null
+++ b/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
@@ -0,0 +1,57 @@
+using System.Text;
+
+namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens;
+
+public class CreateTokenRoute : RouteBaseSync.WithRequest<ApiAccessToken.ApiAccessTokenDto>.WithActionResult
+{
+    private readonly AppDbContext _context;
+    private readonly AppConfiguration _configuration;
+    private readonly ILogger<CreateTokenRoute> _logger;
+
+    public CreateTokenRoute(AppDbContext context, VaultService vaultService, ILogger<CreateTokenRoute> logger)
+    {
+        _context = context;
+        _configuration = vaultService.GetCurrentAppConfiguration();
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// Create a new api token with the provided claims.
+    /// </summary>
+    /// <param name="request">The claims to set on the api token</param>
+    /// <returns></returns>
+    [ApiVersion(ApiSpecV1.VERSION_STRING)]
+    [HttpPost("~/v{version:apiVersion}/api-tokens/create")]
+    [ProducesResponseType(200, Type = typeof(string))]
+    [ProducesResponseType(404, Type = typeof(ErrorResult))]
+    public override ActionResult Handle(ApiAccessToken.ApiAccessTokenDto request)
+    {
+        var user = _context.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
+        if (user == default)
+        {
+            return NotFound(new ErrorResult("User does not exist"));
+        }
+
+        var token_entropy = _configuration.APP_AES_KEY;
+        if (token_entropy.IsNullOrWhiteSpace())
+        {
+            _logger.LogWarning("No token entropy is available, Basic auth is disabled");
+            return NotFound();
+        }
+
+        var access_token = new ApiAccessToken()
+        {
+            Id = Guid.NewGuid(),
+            User = user,
+            ExpiryDate = request.ExpiryDate.ToUniversalTime(),
+            AllowCreate = request.AllowCreate,
+            AllowRead = request.AllowRead,
+            AllowDelete = request.AllowDelete,
+            AllowUpdate = request.AllowUpdate
+        };
+
+        _context.AccessTokens.Add(access_token);
+        _context.SaveChanges();
+        return Ok(Convert.ToBase64String(Encoding.UTF8.GetBytes(access_token.Id.ToString().EncryptWithAes(token_entropy))));
+    }
+}
diff --git a/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs
new file mode 100644
index 0000000..a90b4c0
--- /dev/null
+++ b/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs
@@ -0,0 +1,33 @@
+namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens;
+
+public class DeleteTokenRoute : RouteBaseSync.WithRequest<Guid>.WithActionResult
+{
+	private readonly AppDbContext _context;
+	private readonly ILogger<DeleteTokenRoute> _logger;
+
+	public DeleteTokenRoute(AppDbContext context, ILogger<DeleteTokenRoute> logger) {
+		_context = context;
+		_logger = logger;
+	}
+
+	/// <summary>
+	/// Delete an api token, rendering it unusable
+	/// </summary>
+	/// <param name="id">Id of the token to delete</param>
+	/// <returns>Nothing</returns>
+	[ApiVersion(ApiSpecV1.VERSION_STRING)]
+	[HttpDelete("~/v{version:apiVersion}/api-tokens/delete")]
+	[ProducesResponseType(200)]
+	[ProducesResponseType(404)]
+	public override ActionResult Handle(Guid id) {
+		var token = _context.AccessTokens.SingleOrDefault(c => c.Id == id);
+		if (token == default) {
+			_logger.LogWarning("A deletion request of an already deleted (maybe) api token was received.");
+			return NotFound();
+		}
+
+		_context.AccessTokens.Remove(token);
+		_context.SaveChanges();
+		return Ok();
+	}
+}
diff --git a/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs
new file mode 100644
index 0000000..59fd077
--- /dev/null
+++ b/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs
@@ -0,0 +1,22 @@
+namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens;
+
+public class GetTokensRoute : RouteBaseSync.WithoutRequest.WithResult<ActionResult<List<ApiAccessToken.ApiAccessTokenDto>>>
+{
+	private readonly AppDbContext _context;
+
+	public GetTokensRoute(AppDbContext context) {
+		_context = context;
+	}
+
+	/// <summary>
+	/// Get all tokens, both active and inactive.
+	/// </summary>
+	/// <returns>A list of tokens</returns>
+	[ApiVersion(ApiSpecV1.VERSION_STRING)]
+	[HttpGet("~/v{version:apiVersion}/api-tokens")]
+	[ProducesResponseType(200, Type = typeof(List<ApiAccessToken.ApiAccessTokenDto>))]
+	[ProducesResponseType(204)]
+	public override ActionResult<List<ApiAccessToken.ApiAccessTokenDto>> Handle() {
+		return Ok(_context.AccessTokens.Where(c => c.User.Id == LoggedInUser.Id).Select(c => c.AsDto));
+	}
+}
-- 
cgit v1.3