path: root/server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs

using System.Text;
using Microsoft.Extensions.Options;

namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens;

public class CreateTokenRoute : RouteBaseSync.WithRequest<ApiAccessToken.ApiAccessTokenDto>.WithActionResult
{
	private readonly AppDbContext _context;
	private readonly AppConfiguration _configuration;
	private readonly ILogger<CreateTokenRoute> _logger;

	public CreateTokenRoute(AppDbContext context, IOptions<AppConfiguration> configuration, ILogger<CreateTokenRoute> logger) {
		_context = context;
		_configuration = configuration.Value;
		_logger = logger;
	}

	/// <summary>
	/// Create a new api token with the provided claims.
	/// </summary>
	/// <param name="request">The claims to set on the api token</param>
	/// <returns></returns>
	[ApiVersion(ApiSpecV1.VERSION_STRING)]
	[HttpPost("~/v{version:apiVersion}/api-tokens/create")]
	[ProducesResponseType(200, Type = typeof(string))]
	[ProducesResponseType(404, Type = typeof(ErrorResult))]
	public override ActionResult Handle(ApiAccessToken.ApiAccessTokenDto request) {
		var user = _context.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
		if (user == default) {
			return NotFound(new ErrorResult("User does not exist"));
		}

		var token_entropy = _configuration.APP_AES_KEY;
		if (token_entropy.IsNullOrWhiteSpace()) {
			_logger.LogWarning("No token entropy is available, Basic auth is disabled");
			return NotFound();
		}

		var access_token = new ApiAccessToken() {
				Id = Guid.NewGuid(),
				User = user,
				ExpiryDate = request.ExpiryDate.ToUniversalTime(),
				AllowCreate = request.AllowCreate,
				AllowRead = request.AllowRead,
				AllowDelete = request.AllowDelete,
				AllowUpdate = request.AllowUpdate
		};

		_context.AccessTokens.Add(access_token);
		_context.SaveChanges();
		return Ok(Convert.ToBase64String(Encoding.UTF8.GetBytes(access_token.Id.ToString().EncryptWithAes(token_entropy))));
	}
}