From 900bb5e845c3ad44defbd427cae3d44a4a43321f Mon Sep 17 00:00:00 2001 From: ivarlovlie Date: Sat, 25 Feb 2023 13:15:44 +0100 Subject: feat: Initial commit --- code/api/src/Endpoints/V1/ApiSpecV1.cs | 18 +++++ .../src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs | 58 +++++++++++++++ .../src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs | 31 ++++++++ .../src/Endpoints/V1/ApiTokens/GetTokensRoute.cs | 36 ++++++++++ .../Endpoints/V1/Customers/CreateCustomerRoute.cs | 66 +++++++++++++++++ .../Endpoints/V1/Projects/CreateProjectRoute.cs | 83 ++++++++++++++++++++++ .../src/Endpoints/V1/Projects/GetProjectsRoute.cs | 40 +++++++++++ code/api/src/Endpoints/V1/Projects/_calls.http | 12 ++++ code/api/src/Endpoints/V1/RouteBaseAsync.cs | 73 +++++++++++++++++++ code/api/src/Endpoints/V1/RouteBaseSync.cs | 53 ++++++++++++++ code/api/src/Endpoints/V1/V1_EndpointBase.cs | 29 ++++++++ 11 files changed, 499 insertions(+) create mode 100644 code/api/src/Endpoints/V1/ApiSpecV1.cs create mode 100644 code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs create mode 100644 code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs create mode 100644 code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs create mode 100644 code/api/src/Endpoints/V1/Customers/CreateCustomerRoute.cs create mode 100644 code/api/src/Endpoints/V1/Projects/CreateProjectRoute.cs create mode 100644 code/api/src/Endpoints/V1/Projects/GetProjectsRoute.cs create mode 100644 code/api/src/Endpoints/V1/Projects/_calls.http create mode 100644 code/api/src/Endpoints/V1/RouteBaseAsync.cs create mode 100644 code/api/src/Endpoints/V1/RouteBaseSync.cs create mode 100644 code/api/src/Endpoints/V1/V1_EndpointBase.cs (limited to 'code/api/src/Endpoints/V1') diff --git a/code/api/src/Endpoints/V1/ApiSpecV1.cs b/code/api/src/Endpoints/V1/ApiSpecV1.cs new file mode 100644 index 0000000..e4f9cc9 --- /dev/null +++ b/code/api/src/Endpoints/V1/ApiSpecV1.cs @@ -0,0 +1,18 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1; + +public static class ApiSpecV1 +{ + private const int MAJOR = 1; + private const int MINOR = 0; + public const string VERSION_STRING = "1.0"; + + public static ApiSpecDocument Document => new() { + Version = new ApiVersion(MAJOR, MINOR), + VersionName = VERSION_STRING, + SwaggerPath = $"/swagger/{VERSION_STRING}/swagger.json", + OpenApiInfo = new OpenApiInfo { + Title = AppConstants.API_NAME, + Version = VERSION_STRING + } + }; +} diff --git a/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs new file mode 100644 index 0000000..163ddb6 --- /dev/null +++ b/code/api/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs @@ -0,0 +1,58 @@ +using System.Text; + +namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens; + +public class CreateTokenRoute : RouteBaseSync.WithRequest.WithActionResult +{ + private readonly MainAppDatabase _database; + private readonly AppConfiguration _configuration; + private readonly ILogger _logger; + + public CreateTokenRoute(MainAppDatabase database, VaultService vaultService, ILogger logger) { + _database = database; + _configuration = vaultService.GetCurrentAppConfiguration(); + _logger = logger; + } + + public class Payload + { + public DateTime ExpiryDate { get; set; } + public bool AllowRead { get; set; } + public bool AllowCreate { get; set; } + public bool AllowUpdate { get; set; } + public bool AllowDelete { get; set; } + } + + /// + /// Create a new api token with the provided claims. + /// + /// The claims to set on the api token + /// + [ApiVersion(ApiSpecV1.VERSION_STRING)] + [HttpPost("~/v{version:apiVersion}/api-tokens/create")] + public override ActionResult Handle(Payload request) { + var user = _database.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id); + if (user == default) { + return NotFound(new KnownProblemModel("User does not exist")); + } + + var token_entropy = _configuration.APP_AES_KEY; + if (token_entropy.IsNullOrWhiteSpace()) { + _logger.LogWarning("No token entropy is available, Basic auth is disabled"); + return NotFound(); + } + + var accessToken = new ApiAccessToken() { + User = user, + ExpiryDate = request.ExpiryDate.ToUniversalTime(), + AllowCreate = request.AllowCreate, + AllowRead = request.AllowRead, + AllowDelete = request.AllowDelete, + AllowUpdate = request.AllowUpdate + }; + + _database.AccessTokens.Add(accessToken); + _database.SaveChanges(); + return Ok(Convert.ToBase64String(Encoding.UTF8.GetBytes(accessToken.Id.ToString().EncryptWithAes(token_entropy)))); + } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs new file mode 100644 index 0000000..ee19e40 --- /dev/null +++ b/code/api/src/Endpoints/V1/ApiTokens/DeleteTokenRoute.cs @@ -0,0 +1,31 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens; + +public class DeleteTokenRoute : RouteBaseSync.WithRequest.WithActionResult +{ + private readonly MainAppDatabase _database; + private readonly ILogger _logger; + + public DeleteTokenRoute(MainAppDatabase database, ILogger logger) { + _database = database; + _logger = logger; + } + + /// + /// Delete an api token, rendering it unusable + /// + /// Id of the token to delete + /// Nothing + [ApiVersion(ApiSpecV1.VERSION_STRING)] + [HttpDelete("~/v{version:apiVersion}/api-tokens/delete")] + public override ActionResult Handle(Guid id) { + var token = _database.AccessTokens.SingleOrDefault(c => c.Id == id); + if (token == default) { + _logger.LogWarning("A deletion request of an already deleted (maybe) api token was received."); + return NotFound(); + } + + _database.AccessTokens.Remove(token); + _database.SaveChanges(); + return Ok(); + } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs b/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs new file mode 100644 index 0000000..ee46b34 --- /dev/null +++ b/code/api/src/Endpoints/V1/ApiTokens/GetTokensRoute.cs @@ -0,0 +1,36 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens; + +public class GetTokensRoute : RouteBaseSync.WithoutRequest.WithResult>> +{ + private readonly MainAppDatabase _database; + + public GetTokensRoute(MainAppDatabase database) { + _database = database; + } + + public class ResponseModel + { + public DateTime ExpiryDate { get; set; } + public bool AllowRead { get; set; } + public bool AllowCreate { get; set; } + public bool AllowUpdate { get; set; } + public bool AllowDelete { get; set; } + public bool HasExpired => ExpiryDate < AppDateTime.UtcNow; + } + + /// + /// Get all tokens, both active and inactive. + /// + /// A list of tokens + [ApiVersion(ApiSpecV1.VERSION_STRING)] + [HttpGet("~/v{version:apiVersion}/api-tokens")] + public override ActionResult> Handle() { + return Ok(_database.AccessTokens.Where(c => c.User.Id == LoggedInUser.Id).Select(c => new ResponseModel() { + AllowCreate = c.AllowCreate, + AllowRead = c.AllowRead, + AllowDelete = c.AllowDelete, + AllowUpdate = c.AllowUpdate, + ExpiryDate = c.ExpiryDate + })); + } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/Customers/CreateCustomerRoute.cs b/code/api/src/Endpoints/V1/Customers/CreateCustomerRoute.cs new file mode 100644 index 0000000..e58aa37 --- /dev/null +++ b/code/api/src/Endpoints/V1/Customers/CreateCustomerRoute.cs @@ -0,0 +1,66 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1.Customers; + +public class CreateCustomerRoute : RouteBaseAsync.WithRequest.WithActionResult +{ + private readonly MainAppDatabase _database; + private readonly ILogger _logger; + private readonly IStringLocalizer _localizer; + + public CreateCustomerRoute(MainAppDatabase database, ILogger logger, IStringLocalizer localizer) { + _database = database; + _logger = logger; + _localizer = localizer; + } + + [HttpPost("~/v{version:apiVersion}/customers/create")] + public override async Task HandleAsync(CreateCustomerPayload request, CancellationToken cancellationToken = default) { + var problem = new KnownProblemModel(); + if (request.Name.Trim().IsNullOrEmpty()) problem.AddError("name", _localizer["Name is a required field"]); + if (problem.Errors.Any()) { + problem.Title = _localizer["Invalid form"]; + problem.Subtitle = _localizer["One or more validation errors occured"]; + return KnownProblem(problem); + } + + var customer = new Customer(LoggedInUser) { + CustomerNumber = request.CustomerNumber, + Name = request.Name, + Description = request.Description, + Address1 = request.Address1, + Address2 = request.Address2, + Country = request.Country, + Currency = request.Currency, + Email = request.Email, + Phone = request.Phone, + PostalCity = request.PostalCity, + PostalCode = request.PostalCode, + VATNumber = request.VATNumber, + ORGNumber = request.ORGNumber, + DefaultReference = request.DefaultReference, + Website = request.Website + }; + customer.SetOwnerIds(default, LoggedInUser.TenantId); + _database.Customers.Add(customer); + await _database.SaveChangesAsync(cancellationToken); + return Ok(); + } +} + +public class CreateCustomerPayload +{ + public string CustomerNumber { get; set; } + public string Name { get; set; } + public string Description { get; set; } + public string Address1 { get; set; } + public string Address2 { get; set; } + public string PostalCode { get; set; } + public string PostalCity { get; set; } + public string Country { get; set; } + public string Phone { get; set; } + public string Email { get; set; } + public string VATNumber { get; set; } + public string ORGNumber { get; set; } + public string DefaultReference { get; set; } + public string Website { get; set; } + public string Currency { get; set; } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/Projects/CreateProjectRoute.cs b/code/api/src/Endpoints/V1/Projects/CreateProjectRoute.cs new file mode 100644 index 0000000..bd37faf --- /dev/null +++ b/code/api/src/Endpoints/V1/Projects/CreateProjectRoute.cs @@ -0,0 +1,83 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1.Projects; + +public class CreateProjectRoute : RouteBaseAsync.WithRequest.WithActionResult +{ + private readonly MainAppDatabase _database; + private readonly IStringLocalizer _localizer; + + public CreateProjectRoute(MainAppDatabase database, IStringLocalizer localizer) { + _database = database; + _localizer = localizer; + } + + [HttpPost("~/v{version:apiVersion}/projects/create")] + public override async Task HandleAsync(CreateProjectPayload request, CancellationToken cancellationToken = default) { + var problem = new KnownProblemModel(); + + if (request.Name.IsNullOrEmpty()) { + problem.AddError("name", _localizer["Name is a required field"]); + } + + var project = new Project(LoggedInUser) { + Name = request.Name, + Description = request.Description, + Start = request.Start, + Stop = request.Stop, + }; + + project.SetOwnerIds(default, LoggedInUser.TenantId); + + foreach (var customerId in request.CustomerIds) { + var customer = _database.Customers.FirstOrDefault(c => c.Id == customerId); + if (customer == default) { + problem.AddError("customer_" + customerId, _localizer["Customer not found"]); + continue; + } + + project.Customers.Add(customer); + } + + foreach (var member in request.Members) { + var user = _database.Users.FirstOrDefault(c => c.Id == member.UserId); + if (user == default) { + problem.AddError("members_" + member.UserId, _localizer["User not found"]); + continue; + } + + project.Members.Add(new ProjectMember() { + Project = project, + User = user, + Role = member.Role + }); + } + + if (problem.Errors.Any()) { + problem.Title = _localizer["Invalid form"]; + problem.Subtitle = _localizer["One or more validation errors occured"]; + return KnownProblem(problem); + } + + _database.Projects.Add(project); + await _database.SaveChangesAsync(cancellationToken); + return Ok(); + } +} + +public class CreateProjectResponse +{ } + +public class CreateProjectPayload +{ + public string Name { get; set; } + public string Description { get; set; } + public DateTime Start { get; set; } + public DateTime Stop { get; set; } + public List CustomerIds { get; set; } + public List Members { get; set; } + + public class ProjectMember + { + public Guid UserId { get; set; } + public ProjectRole Role { get; set; } + } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/Projects/GetProjectsRoute.cs b/code/api/src/Endpoints/V1/Projects/GetProjectsRoute.cs new file mode 100644 index 0000000..8fe70a6 --- /dev/null +++ b/code/api/src/Endpoints/V1/Projects/GetProjectsRoute.cs @@ -0,0 +1,40 @@ +using MR.AspNetCore.Pagination; + +namespace IOL.GreatOffice.Api.Endpoints.V1.Projects; + +public class GetProjectsRoute : RouteBaseAsync.WithRequest.WithActionResult> +{ + private readonly MainAppDatabase _database; + private readonly PaginationService _pagination; + + public GetProjectsRoute(MainAppDatabase database, PaginationService pagination) { + _database = database; + _pagination = pagination; + } + + [HttpGet("~/v{version:apiVersion}/projects")] + public override async Task>> HandleAsync([FromQuery] GetProjectsQueryParameters request, CancellationToken cancellationToken = default) { + var result = await _pagination.KeysetPaginateAsync( + _database.Projects.ForTenant(LoggedInUser).ConditionalWhere(() => request.NameQuery.HasValue(), p => p.Name.Contains(request.NameQuery)), + b => b.Descending(x => x.CreatedAt), + async id => await _database.Projects.FindAsync(id), + query => query.Select(p => new GetProjectsResponseDto() { + Id = p.Id, + Name = p.Name + }) + ); + return Ok(result); + } +} + +public class GetProjectsResponseDto +{ + public Guid Id { get; set; } + public string Name { get; set; } +} + +public class GetProjectsQueryParameters +{ + [FromQuery(Name = "name")] + public string NameQuery { get; set; } +} \ No newline at end of file diff --git a/code/api/src/Endpoints/V1/Projects/_calls.http b/code/api/src/Endpoints/V1/Projects/_calls.http new file mode 100644 index 0000000..af0eba6 --- /dev/null +++ b/code/api/src/Endpoints/V1/Projects/_calls.http @@ -0,0 +1,12 @@ +### Create Project +GET https://localhost:5001/v1/projects/create +Accept: application/json +Content-Type: application/json +Cookie: "" + +{ + "": "" +} + +### Get Projects +POST http://localhost diff --git a/code/api/src/Endpoints/V1/RouteBaseAsync.cs b/code/api/src/Endpoints/V1/RouteBaseAsync.cs new file mode 100644 index 0000000..33b6f5f --- /dev/null +++ b/code/api/src/Endpoints/V1/RouteBaseAsync.cs @@ -0,0 +1,73 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1; + +/// +/// A base class for an endpoint that accepts parameters. +/// +public class RouteBaseAsync +{ + public class WithRequest + { + public abstract class WithResult : V1_EndpointBase + { + public abstract Task HandleAsync( + TRequest request, + CancellationToken cancellationToken = default + ); + } + + public abstract class WithoutResult : V1_EndpointBase + { + public abstract Task HandleAsync( + TRequest request, + CancellationToken cancellationToken = default + ); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract Task> HandleAsync( + TRequest request, + CancellationToken cancellationToken = default + ); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract Task HandleAsync( + TRequest request, + CancellationToken cancellationToken = default + ); + } + } + + public static class WithoutRequest + { + public abstract class WithResult : V1_EndpointBase + { + public abstract Task HandleAsync( + CancellationToken cancellationToken = default + ); + } + + public abstract class WithoutResult : V1_EndpointBase + { + public abstract Task HandleAsync( + CancellationToken cancellationToken = default + ); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract Task> HandleAsync( + CancellationToken cancellationToken = default + ); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract Task HandleAsync( + CancellationToken cancellationToken = default + ); + } + } +} diff --git a/code/api/src/Endpoints/V1/RouteBaseSync.cs b/code/api/src/Endpoints/V1/RouteBaseSync.cs new file mode 100644 index 0000000..6a86074 --- /dev/null +++ b/code/api/src/Endpoints/V1/RouteBaseSync.cs @@ -0,0 +1,53 @@ +namespace IOL.GreatOffice.Api.Endpoints.V1; + +/// +/// A base class for an endpoint that accepts parameters. +/// +public static class RouteBaseSync +{ + public static class WithRequest + { + public abstract class WithResult : V1_EndpointBase + { + public abstract TResponse Handle(TRequest request); + } + + public abstract class WithoutResult : V1_EndpointBase + { + public abstract void Handle(TRequest request); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract ActionResult Handle(TRequest request); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract ActionResult Handle(TRequest request); + } + } + + public static class WithoutRequest + { + public abstract class WithResult : V1_EndpointBase + { + public abstract TResponse Handle(); + } + + public abstract class WithoutResult : V1_EndpointBase + { + public abstract void Handle(); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract ActionResult Handle(); + } + + public abstract class WithActionResult : V1_EndpointBase + { + public abstract ActionResult Handle(); + } + } +} diff --git a/code/api/src/Endpoints/V1/V1_EndpointBase.cs b/code/api/src/Endpoints/V1/V1_EndpointBase.cs new file mode 100644 index 0000000..08ce4ab --- /dev/null +++ b/code/api/src/Endpoints/V1/V1_EndpointBase.cs @@ -0,0 +1,29 @@ +using System.Net.Http.Headers; + +namespace IOL.GreatOffice.Api.Endpoints.V1; + +[ApiVersion(ApiSpecV1.VERSION_STRING)] +[Authorize(AuthenticationSchemes = AuthSchemes)] +public class V1_EndpointBase : EndpointBase +{ + private const string AuthSchemes = CookieAuthenticationDefaults.AuthenticationScheme + "," + AppConstants.BASIC_AUTH_SCHEME; + + protected bool IsApiCall() { + if (!Request.Headers.ContainsKey("Authorization")) return false; + try { + var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); + if (authHeader.Parameter == null) return false; + } catch { + return false; + } + + return true; + } + + protected bool HasApiPermission(string permission_key) { + var permission_claim = User.Claims.SingleOrDefault(c => c.Type == permission_key); + return permission_claim is { + Value: "True" + }; + } +} \ No newline at end of file -- cgit v1.3