IQBall
/
Dotnet-WebAPI
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: IQBall:master
Branches Tags
IQBall:master
IQBall:shared-tactic
IQBall:fix/concurrency
IQBall:shareTactic
IQBall:consoleTests
IQBall:tests
..
compare: IQBall:consoleTests
Branches Tags
IQBall:master
IQBall:shared-tactic
IQBall:fix/concurrency
IQBall:shareTactic
IQBall:consoleTests
IQBall:tests

No commits in common. 'master' and 'consoleTests' have entirely different histories.
master ... consoleTes

37 changed files with 104 additions and 610 deletions
Show Stats

3
API/Auth/Authentication.cs
Unescape View File

@ -1,7 +1,5 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using Microsoft.AspNetCore.Cryptography.KeyDerivation;
using Microsoft.IdentityModel.Tokens;
namespace API.Auth;
@ -27,4 +25,5 @@ public static class Authentication
return ("Bearer " + jwt, expirationDate);
}
}

2
API/Controllers/Admin/UsersAdminController.cs
Unescape View File

@ -120,7 +120,7 @@ public class UsersAdminController(IUserService service, ILogger<UsersAdminContro
}
catch (ServiceException e)
{
return BadRequest(e.FailuresMessages());
return BadRequest(e.Failures);
}
}
}

26
API/Controllers/AuthenticationController.cs
Unescape View File

@ -1,10 +1,10 @@
using System.ComponentModel.DataAnnotations;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using API.Auth;
using API.Validation;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using Model;
@ -16,15 +16,7 @@ namespace API.Controllers;
public class AuthenticationController(IUserService service, IConfiguration config) : ControllerBase
{
private readonly SymmetricSecurityKey _key = new(Encoding.UTF8.GetBytes(config["JWT:Key"]!));
[HttpGet("/auth/keep-alive")]
[Authorize]
public void KeepAlive()
{
}
public record GenerateTokenRequest(
[MaxLength(256, ErrorMessage = "Email address is too wide")]
[EmailAddress]
@ -33,7 +25,7 @@ public class AuthenticationController(IUserService service, IConfiguration confi
string Password
);
private record AuthenticationResponse(String Token, long ExpirationDate);
private record AuthenticationResponse(String Token, DateTime ExpirationDate);
[HttpPost("/auth/token")]
public async Task<IActionResult> GenerateToken([FromBody] GenerateTokenRequest req)
@ -47,13 +39,12 @@ public class AuthenticationController(IUserService service, IConfiguration confi
});
var (jwt, expirationDate) = GenerateJwt(user);
return Ok(new AuthenticationResponse(jwt, expirationDate.ToFileTimeUtc()));
return Ok(new AuthenticationResponse(jwt, expirationDate));
}
public record RegisterAccountRequest(
[StringLength(256, MinimumLength = 4, ErrorMessage = "password length must be between 4 and 256")]
[Name]
[MaxLength(256, ErrorMessage = "name is longer than 256")]
string Username,
[MaxLength(256, ErrorMessage = "email is longer than 256")]
[EmailAddress]
@ -71,7 +62,8 @@ public class AuthenticationController(IUserService service, IConfiguration confi
{ "email", ["The email address already exists"] }
});
}
var user = await service.CreateUser(
req.Username,
req.Email,
@ -81,7 +73,7 @@ public class AuthenticationController(IUserService service, IConfiguration confi
);
var (jwt, expirationDate) = GenerateJwt(user);
return Ok(new AuthenticationResponse(jwt, expirationDate.ToFileTimeUtc()));
return Ok(new AuthenticationResponse(jwt, expirationDate));
}
@ -98,6 +90,4 @@ public class AuthenticationController(IUserService service, IConfiguration confi
return Authentication.GenerateJwt(_key, claims);
}
}

42
API/Controllers/TacticsController.cs
Unescape View File

@ -26,7 +26,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
[FromBody] UpdateNameRequest req)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -41,7 +41,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
public async Task<IActionResult> GetTacticInfo(int tacticId)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -57,7 +57,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
public async Task<IActionResult> GetTacticStepsRoot(int tacticId)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -74,7 +74,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
[AllowedValues("PLAIN", "HALF")] string CourtType
);
public record CreateNewResponse(int Id, int RootStepId);
public record CreateNewResponse(int Id);
[HttpPost("/tactics")]
[Authorize]
@ -88,8 +88,8 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
throw new ArgumentOutOfRangeException("for req.CourtType");
}
var (id, rootId) = await service.AddTactic(userId, req.Name, courtType);
return new CreateNewResponse(id, rootId);
var id = await service.AddTactic(userId, req.Name, courtType);
return new CreateNewResponse(id);
}
public record AddStepRequest(int ParentId, object Content);
@ -110,7 +110,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -125,7 +125,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -142,7 +142,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
public async Task<IActionResult> SaveStepContent(int tacticId, int stepId, [FromBody] SaveStepContentRequest req)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
if (!await service.HasAnyRights(userId, tacticId))
{
return Unauthorized();
}
@ -150,28 +150,4 @@ public class TacticController(ITacticService service, IContextAccessor accessor)
var found = await service.SetTacticStepContent(tacticId, stepId, JsonSerializer.Serialize(req.Content));
return found ? Ok() : NotFound();
}
public record CanEditResponse(bool CanEdit);
[HttpGet("/tactics/{tacticId:int}/can-edit")]
[Authorize]
public async Task<CanEditResponse> CanEdit(int tacticId)
{
var userId = accessor.CurrentUserId(HttpContext);
return new CanEditResponse(await service.IsOwnerOf(userId, tacticId));
}
[HttpDelete("/tactics/{tacticId:int}")]
[Authorize]
public async Task<IActionResult> RemoveTactic(int tacticId)
{
var userId = accessor.CurrentUserId(HttpContext);
if (!await service.IsOwnerOf(userId, tacticId))
{
return Unauthorized();
}
return await service.RemoveTactic(tacticId) ? Ok() : NotFound();
}
}

85
API/Controllers/TeamsController.cs
Unescape View File

@ -1,6 +1,5 @@
using System.ComponentModel.DataAnnotations;
using API.Context;
using API.DTO;
using API.Validation;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@ -11,20 +10,13 @@ namespace API.Controllers;
[ApiController]
[Authorize]
public class TeamsController(
ITeamService service,
ITacticService tactics,
IUserService users,
IContextAccessor accessor
) : ControllerBase
public class TeamsController(ITeamService service, IContextAccessor accessor) : ControllerBase
{
public record CreateTeamRequest(
[Name] string Name,
[Url] string Picture,
[RegularExpression("^#[0-9A-Fa-f]{6}$")]
string FirstColor,
[RegularExpression("^#[0-9A-Fa-f]{6}$")]
string SecondColor
[RegularExpression("^#[0-9A-F]{6}$")] string FirstColor,
[RegularExpression("^#[0-9A-F]{6}$")] string SecondColor
);
[HttpPost("/teams")]
@ -36,14 +28,6 @@ public class TeamsController(
return Ok(team);
}
[HttpGet("/teams/{id:int}")]
public async Task<IActionResult> GetTeam(int id)
{
var team = await service.GetTeam(id);
return team == null ? NotFound() : Ok(team);
}
[HttpGet("/teams/{teamId:int}/members")]
public async Task<IActionResult> GetMembersOf(int teamId)
{
@ -53,16 +37,7 @@ public class TeamsController(
switch (accessibility)
{
case ITeamService.TeamAccessibility.Authorized:
var members = (await service.GetMembersOf(teamId)).ToList();
var membersDto = new List<MemberDto>();
foreach (var m in members)
{
membersDto.Add(new MemberDto((await users.GetUser(m.UserId))!, m.Role));
}
return Ok(membersDto);
return Ok(await service.GetMembersOf(teamId));
case ITeamService.TeamAccessibility.NotFound:
case ITeamService.TeamAccessibility.Unauthorized:
return NotFound();
@ -83,7 +58,7 @@ public class TeamsController(
{
throw new Exception($"Unable to convert string input '{req.Role}' to a role enum variant.");
}
var accessibility =
await service.EnsureAccessibility(accessor.CurrentUserId(HttpContext), teamId, MemberRole.Coach);
@ -135,6 +110,8 @@ public class TeamsController(
default: //unreachable
return Problem();
}
}
[HttpDelete("/team/{teamId:int}/members/{userId:int}")]
@ -157,52 +134,4 @@ public class TeamsController(
return Problem();
}
}
public record ShareTacticToTeamRequest(
int TacticId,
int TeamId
);
[HttpPost("/team/share-tactic")]
public async Task<IActionResult> ShareTactic([FromBody] ShareTacticToTeamRequest sharedTactic)
{
var userId = accessor.CurrentUserId(HttpContext);
var success = await tactics.ShareTactic(sharedTactic.TacticId, null, sharedTactic.TeamId);
return success ? Ok() : BadRequest();
}
[HttpDelete("/tactics/shared/{tacticId:int}/team/{teamId:int}")]
public async Task<IActionResult> UnshareTactic(int tacticId, int teamId)
{
var currentUserId = accessor.CurrentUserId(HttpContext);
var tactic = await tactics.GetTactic(tacticId);
if (tactic == null)
{
return NotFound();
}
if (currentUserId != tactic.OwnerId)
{
return Unauthorized();
}
var success = await tactics.UnshareTactic(tacticId, null, teamId);
return success ? Ok() : NotFound();
}
[HttpGet("/tactics/shared/team/{teamId:int}")]
public async Task<IActionResult> GetSharedTacticsToTeam(int teamId)
{
var currentUserId = accessor.CurrentUserId(HttpContext);
if (!await service.IsUserInTeam(currentUserId, teamId))
{
return Unauthorized();
}
var sharedTactics = await service.GetSharedTacticsToTeam(teamId);
return sharedTactics != null ? Ok(sharedTactics) : NotFound();
}
}

101
API/Controllers/UsersController.cs
Unescape View File

@ -1,15 +1,12 @@
using System.ComponentModel.DataAnnotations;
using System.Runtime.CompilerServices;
using API.Context;
using API.DTO;
using API.Validation;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Model;
using Services;
[assembly: InternalsVisibleTo("UnitTests")]
namespace API.Controllers;
[ApiController]
@ -38,102 +35,4 @@ public class UsersController(IUserService users, ITeamService teams, ITacticServ
var userTactics = await tactics.ListTacticsOf(userId);
return new GetUserDataResponse(userTeams.ToArray(), userTactics.Select(t => t.ToDto()).ToArray());
}
public record ChangeUserInformationRequest(
[EmailAddress] string? Email = null,
[Name] string? Name = null,
[StringLength(1024)] string? ProfilePicture = null,
[StringLength(256, MinimumLength = 4, ErrorMessage = "password length must be between 4 and 256")]
string? Password = null
);
[HttpPut("/user")]
[Authorize]
public async Task<IActionResult> ChangeUserInformation([FromBody] ChangeUserInformationRequest req)
{
var userId = accessor.CurrentUserId(HttpContext);
var currentUser = (await users.GetUser(userId))!;
try
{
await users.UpdateUser(
new User(
userId,
req.Name ?? currentUser.Name,
req.Email ?? currentUser.Email,
req.ProfilePicture ?? currentUser.ProfilePicture,
currentUser.IsAdmin
),
req.Password
);
} catch (ServiceException e)
{
return BadRequest(e.FailuresMessages());
}
return Ok();
}
public record ShareTacticToUserRequest(
int TacticId,
int UserId
);
[HttpPost("/user/share-tactic")]
[Authorize]
public async Task<IActionResult> ShareTactic([FromBody] ShareTacticToUserRequest sharedTactic)
{
var currentUserId = accessor.CurrentUserId(HttpContext);
var tactic = await tactics.GetTactic(sharedTactic.TacticId);
if (tactic == null)
{
return NotFound();
}
if (currentUserId != tactic.OwnerId)
{
return Unauthorized();
}
var result = await tactics.ShareTactic(sharedTactic.TacticId, sharedTactic.UserId, null);
return result ? Ok() : NotFound();
}
[HttpDelete("/tactics/shared/{tacticId:int}/user/{userId:int}")]
[Authorize]
public async Task<IActionResult> UnshareTactic(int tacticId, int userId)
{
var currentUserId = accessor.CurrentUserId(HttpContext);
var tactic = await tactics.GetTactic(tacticId);
if (tactic == null)
{
return NotFound();
}
if (currentUserId != tactic.OwnerId)
{
return Unauthorized();
}
var success = await tactics.UnshareTactic(tacticId, userId, null);
return success ? Ok() : NotFound();
}
[HttpGet("/tactics/shared/user/{userId:int}")]
[Authorize]
public async Task<IActionResult> GetSharedTacticsToUser(int userId)
{
var currentUserId = accessor.CurrentUserId(HttpContext);
if (currentUserId != userId)
{
return Unauthorized();
}
var sharedTactics = await users.GetSharedTacticsToUser(userId);
return Ok(sharedTactics);
}
}

5
API/DTO/MemberDto.cs
Unescape View File

@ -1,5 +0,0 @@
using Model;
namespace API.DTO;
public record MemberDto(User User, MemberRole Role);

2
API/Program.cs
Unescape View File

@ -101,7 +101,7 @@ app.Use((context, next) =>
var (jwt, expirationDate) = Authentication.GenerateJwt(key, context.User.Claims);
context.Response.Headers["Next-Authorization"] = jwt;
context.Response.Headers["Next-Authorization-Expiration-Date"] =
expirationDate.ToFileTimeUtc().ToString();
expirationDate.ToString(CultureInfo.InvariantCulture);
context.Response.Headers.AccessControlExposeHeaders = "Next-Authorization, Next-Authorization-Expiration-Date";
return next.Invoke();
});

3
API/Validation/NameAttribute.cs
Unescape View File

@ -9,9 +9,6 @@ public partial class NameAttribute : ValidationAttribute
{
var name = context.DisplayName;
if (value is null)
return ValidationResult.Success;
if (value is not string str)
{
return new ValidationResult($"{name} should be a string.");

4
APIConsole/TeamsControllerConsole.cs
Unescape View File

@ -16,10 +16,8 @@ namespace APIConsole
{
AppContext.AppContext context = new AppContext.AppContext();
ITeamService teams = new DbTeamService(context);
ITacticService tactics = new DbTacticService(context);
IUserService users = new DbUserService(context);
IContextAccessor accessor = new HttpContextAccessor();
_controller = new TeamsController(teams, tactics, users, accessor);
_controller = new TeamsController(teams, accessor);
}
public async void GetMembersOfTest()

21
AppContext/AppContext.cs
Unescape View File

@ -13,9 +13,7 @@ public class AppContext : DbContext
public DbSet<TeamEntity> Teams { get; init; }
public DbSet<MemberEntity> Members { get; init; }
public DbSet<TacticStepEntity> TacticSteps { get; set; }
public DbSet<SharedTacticEntity> SharedTactics { get; set; }
public AppContext()
{
@ -46,9 +44,26 @@ public class AppContext : DbContext
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
builder.Entity<UserEntity>()
.Property(e => e.Password)
.HasConversion(
v => HashString(v),
v => v
);
builder.Entity<MemberEntity>()
.HasKey("UserId", "TeamId");
}
private static string HashString(string str)
{
byte[] salt = RandomNumberGenerator.GetBytes(128 / 8);
return Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: str,
salt,
prf: KeyDerivationPrf.HMACSHA256,
iterationCount: 50000,
numBytesRequested: 256 / 8
));
}
}

1
AppContext/AppContext.csproj
Unescape View File

@ -9,6 +9,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
<PackageReference Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="8.0.0" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.0" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.0">
<PrivateAssets>all</PrivateAssets>

12
AppContext/Entities/SharedTacticEntity.cs
Unescape View File

@ -1,12 +0,0 @@
using System.ComponentModel.DataAnnotations;
namespace AppContext.Entities
{
public class SharedTacticEntity
{
[Key] public int Id { get; set; }
public int TacticId { get; set; }
public int? SharedWithUserId { get; set; }
public int? SharedWithTeamId { get; set; }
}
}

1
AppContext/Entities/UserEntity.cs
Unescape View File

@ -7,7 +7,6 @@ public class UserEntity
[Key] public int Id { get; set; }
public required string Password { get; set; }
public required byte[] PasswordSalt { get; set; }
public required string Name { get; set; }
public required string Email { get; set; }
public required string ProfilePicture { get; set; }

7
Converters/ModelToEntities.cs
Unescape View File

@ -22,7 +22,7 @@ public static class EntitiesToModels
entity.Id,
entity.ParentId,
steps.Where(s =>s.TacticId == entity.TacticId && s.ParentId == entity.Id)
.ToList()
.AsEnumerable()
.Select(e => e.ToModel(steps)),
entity.JsonContent
);
@ -37,9 +37,4 @@ public static class EntitiesToModels
{
return new Member(entity.TeamId, entity.UserId, entity.Role);
}
public static SharedTactic ToModel(this SharedTacticEntity entity)
{
return new SharedTactic(entity.Id, entity.TacticId, entity.SharedWithUserId, entity.SharedWithTeamId);
}
}

1
DbServices/DbServices.csproj
Unescape View File

@ -10,7 +10,6 @@
<ProjectReference Include="..\AppContext\AppContext.csproj" />
<ProjectReference Include="..\Converters\Converters.csproj" />
<ProjectReference Include="..\Services\Services.csproj" />
<ProjectReference Include="..\Utils\Utils.csproj" />
</ItemGroup>
</Project>

53
DbServices/DbTacticService.cs
Unescape View File

@ -18,7 +18,7 @@ public class DbTacticService(AppContext.AppContext context) : ITacticService
);
}
public async Task<bool> IsOwnerOf(int userId, int tacticId)
public async Task<bool> HasAnyRights(int userId, int tacticId)
{
var tacticEntity = await context.Tactics.FirstOrDefaultAsync(u => u.Id == tacticId);
if (tacticEntity == null)
@ -27,7 +27,7 @@ public class DbTacticService(AppContext.AppContext context) : ITacticService
return tacticEntity.OwnerId == userId;
}
public async Task<(int, int)> AddTactic(int userId, string name, CourtType courtType)
public async Task<int> AddTactic(int userId, string name, CourtType courtType)
{
var tacticEntity = new TacticEntity
{
@ -49,7 +49,7 @@ public class DbTacticService(AppContext.AppContext context) : ITacticService
await context.SaveChangesAsync();
return (tacticEntity.Id, stepEntity.Id);
return tacticEntity.Id;
}
public async Task<bool> UpdateName(int tacticId, string name)
@ -159,51 +159,4 @@ public class DbTacticService(AppContext.AppContext context) : ITacticService
return await context.SaveChangesAsync() > 0;
}
public async Task<bool> ShareTactic(int tacticId, int? userId, int? teamId)
{
var sharedTactic = new SharedTacticEntity
{
TacticId = tacticId,
SharedWithUserId = userId,
SharedWithTeamId = teamId
};
await context.SharedTactics.AddAsync(sharedTactic);
return await context.SaveChangesAsync() > 0;
}
public async Task<bool> UnshareTactic(int tacticId, int? userId, int? teamId)
{
SharedTacticEntity? sharedTactic = null;
if (userId.HasValue)
{
sharedTactic = await context.SharedTactics
.FirstOrDefaultAsync(st => st.TacticId == tacticId && st.SharedWithUserId == userId);
}
else if (teamId.HasValue)
{
sharedTactic = await context.SharedTactics
.FirstOrDefaultAsync(st => st.TacticId == tacticId && st.SharedWithTeamId == teamId);
}
if (sharedTactic == null)
{
return false;
}
context.SharedTactics.Remove(sharedTactic);
return await context.SaveChangesAsync() > 0;
}
public async Task<bool> RemoveTactic(int tacticId)
{
var removed = await context.Tactics.Where(t => t.Id == tacticId).ExecuteDeleteAsync() > 0;
if (!removed)
return false;
await context.TacticSteps.Where(s => s.TacticId == tacticId).ExecuteDeleteAsync();
return true;
}
}

35
DbServices/DbTeamService.cs
Unescape View File

@ -52,12 +52,6 @@ public class DbTeamService(AppContext.AppContext context) : ITeamService
return entity.ToModel();
}
public async Task<Team?> GetTeam(int id)
{
var entity = await context.Teams.FirstOrDefaultAsync(t => t.Id == id);
return entity?.ToModel();
}
public async Task RemoveTeams(params int[] teams)
{
await context.Teams
@ -79,29 +73,6 @@ public class DbTeamService(AppContext.AppContext context) : ITeamService
return await context.SaveChangesAsync() > 0;
}
public async Task<IEnumerable<Tactic>> GetSharedTacticsToTeam(int teamId)
{
var sharedTactics = await context.SharedTactics
.Where(st => st.SharedWithTeamId == teamId)
.ToListAsync();
var tactics = new List<Tactic>();
foreach (var sharedTactic in sharedTactics)
{
var tactic = await context.Tactics
.Where(t => t.Id == sharedTactic.TacticId)
.Select(t => t.ToModel())
.FirstOrDefaultAsync();
if (tactic != null)
{
tactics.Add(tactic);
}
}
return tactics;
}
public Task<IEnumerable<Member>> GetMembersOf(int teamId)
{
@ -160,10 +131,4 @@ public class DbTeamService(AppContext.AppContext context) : ITeamService
? ITeamService.TeamAccessibility.Authorized
: ITeamService.TeamAccessibility.Unauthorized;
}
public async Task<bool> IsUserInTeam(int userId, int teamId)
{
return await context.Members
.AnyAsync(m => m.TeamId == teamId && m.UserId == userId);
}
}

71
DbServices/DbUserService.cs
Unescape View File

@ -22,11 +22,12 @@ public class DbUserService(AppContext.AppContext context) : IUserService
public Task<IEnumerable<User>> ListUsers(int start, int count, string? nameNeedle = null)
{
IQueryable<UserEntity> request = context.Users;
if (nameNeedle != null)
request = request.Where(u => u.Name.ToLower().Contains(nameNeedle.ToLower()));
return Task.FromResult(
request
.Skip(start)
@ -45,23 +46,15 @@ public class DbUserService(AppContext.AppContext context) : IUserService
{
return (await context.Users.FirstOrDefaultAsync(e => e.Email == email))?.ToModel();
}
public async Task<User> CreateUser(
string username,
string email,
string password,
string profilePicture,
bool isAdmin
)
public async Task<User> CreateUser(string username, string email, string password, string profilePicture,
bool isAdmin)
{
var (passwordHash, salt) = Hashing.HashString(password);
var userEntity = new UserEntity
{
Name = username,
Email = email,
Password = passwordHash,
PasswordSalt = salt,
Password = password,
ProfilePicture = profilePicture,
IsAdmin = isAdmin
};
@ -80,66 +73,26 @@ public class DbUserService(AppContext.AppContext context) : IUserService
.ExecuteDeleteAsync() > 0;
}
public async Task UpdateUser(User user, string? password = null)
public async Task UpdateUser(User user)
{
var entity = await context.Users.FirstOrDefaultAsync(e => e.Id == user.Id);
if (entity == null)
throw new ServiceException(Failure.NotFound("User not found"));
var emailEntity = await context.Users.FirstOrDefaultAsync(e => e.Email == user.Email);
if (emailEntity != null && emailEntity.Id != entity.Id)
{
throw new ServiceException(new Failure("email conflict", "this provided email is used by another account"));
}
entity.ProfilePicture = user.ProfilePicture;
entity.Name = user.Name;
entity.Email = user.Email;
entity.Id = user.Id;
entity.IsAdmin = user.IsAdmin;
if (password != null)
{
var (passwordHash, salt) = Hashing.HashString(password);
entity.Password = passwordHash;
entity.PasswordSalt = salt;
}
await context.SaveChangesAsync();
}
public async Task<User?> Authorize(string email, string password)
{
var entity = await context
.Users
.FirstOrDefaultAsync(u => u.Email == email);
if (entity == null)
return null;
return Hashing.PasswordsMatches(entity.Password, password, entity.PasswordSalt) ? entity.ToModel() : null;
}
public async Task<IEnumerable<Tactic>> GetSharedTacticsToUser(int userId)
{
var sharedTactics = await context.SharedTactics
.Where(st => st.SharedWithUserId == userId)
.ToListAsync();
var tactics = new List<Tactic>();
foreach (var sharedTactic in sharedTactics)
{
var tactic = await context.Tactics
.Where(t => t.Id == sharedTactic.TacticId)
.Select(t => t.ToModel())
.FirstOrDefaultAsync();
if (tactic != null)
{
tactics.Add(tactic);
}
}
return tactics;
return (await context
.Users
.FirstOrDefaultAsync(u => u.Email == email))
?.ToModel();
}
}

3
DbServices/Security.cs
Unescape View File

@ -1,6 +1,3 @@
using System.Security.Cryptography;
using Microsoft.AspNetCore.Cryptography.KeyDerivation;
namespace DbServices;
public class Security

1
EFConsole/UsersConsole.cs
Unescape View File

@ -12,7 +12,6 @@ class UsersConsole
Name = "Pierre",
Email = "pierre@mail.com",
Password = "123456",
PasswordSalt = [1],
ProfilePicture = "https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973460_960_720.png",
IsAdmin = false
};

3
Model/SharedTactic.cs
Unescape View File

@ -1,3 +0,0 @@
namespace Model;
public record SharedTactic(int Id, int TacticId, int? SharedWithUserId, int? SharedWithTeamId);

12
Services/ITacticService.cs
Unescape View File

@ -15,12 +15,12 @@ public interface ITacticService
Task<IEnumerable<Tactic>> ListTacticsOf(int userId);
/// <summary>
/// Checks if the userId corresponds to the tactic's owner identifier
/// Checks if the user has any rights to access the specified tactic.
/// </summary>
/// <param name="userId">The ID of the user.</param>
/// <param name="tacticId">The ID of the tactic.</param>
/// <returns>A task that represents the asynchronous operation. The task result contains a boolean indicating whether the user has rights.</returns>
Task<bool> IsOwnerOf(int userId, int tacticId);
Task<bool> HasAnyRights(int userId, int tacticId);
/// <summary>
/// Adds a new tactic for the specified user.
@ -29,7 +29,7 @@ public interface ITacticService
/// <param name="name">The name of the tactic.</param>
/// <param name="courtType">The type of court.</param>
/// <returns>A task that represents the asynchronous operation. The task result contains the ID of the newly added tactic.</returns>
Task<(int, int)> AddTactic(int userId, string name, CourtType courtType);
Task<int> AddTactic(int userId, string name, CourtType courtType);
/// <summary>
/// Updates the name of the specified tactic.
@ -56,10 +56,6 @@ public interface ITacticService
/// <returns>A task that represents the asynchronous operation. The task result contains the JSON content of the step.</returns>
Task<string?> GetTacticStepContent(int tacticId, int stepId);
public Task<bool> ShareTactic(int tacticId, int? userId, int? teamId);
public Task<bool> UnshareTactic(int tacticId, int? userId, int? teamId);
/// <summary>
/// Retrieves the root step of the specified tactic.
/// </summary>
@ -97,6 +93,4 @@ public interface ITacticService
/// <param name="stepId">The ID of the step to remove.</param>
/// <returns>A task that represents the asynchronous operation. The task result contains a boolean indicating whether the removal was successful.</returns>
Task<bool> RemoveTacticStep(int tacticId, int stepId);
Task<bool> RemoveTactic(int tacticId);
}

8
Services/ITeamService.cs
Unescape View File

@ -26,8 +26,6 @@ public interface ITeamService
/// Adds a new team.
/// </summary>
Task<Team> AddTeam(string name, string picture, string firstColor, string secondColor);
Task<Team?> GetTeam(int id);
/// <summary>
/// Removes one or more teams.
@ -77,11 +75,6 @@ public interface ITeamService
*/
Authorized
}
public Task<IEnumerable<Tactic>> GetSharedTacticsToTeam(int teamId);
public Task<bool> IsUserInTeam(int userId, int teamId);
/**
* Ensures that the given user identifier van perform an operation that requires the given role permission.
@ -89,5 +82,4 @@ public interface ITeamService
* given team.
*/
public Task<TeamAccessibility> EnsureAccessibility(int userId, int teamId, MemberRole role);
}

7
Services/ServiceException.cs
Unescape View File

@ -10,11 +10,4 @@ public class ServiceException : Exception
{
Failures = new List<Failure>(failures);
}
public Dictionary<string, string[]> FailuresMessages()
{
return Failures.GroupBy(f => f.Name)
.Select(f => (f.Key, f.Select(f => f.Message).ToArray()))
.ToDictionary();
}
}

6
Services/UserService.cs
Unescape View File

@ -45,11 +45,7 @@ public interface IUserService
/// <summary>
/// Updates an existing user.
/// </summary>
Task UpdateUser(User user, string? password = null);
public Task<IEnumerable<Tactic>> GetSharedTacticsToUser(int userId);
Task UpdateUser(User user);
/// <summary>
/// Authorizes a user with the specified email and password.

30
StubContext/StubAppContext.cs
Unescape View File

@ -1,5 +1,4 @@
using AppContext.Entities;
using DbServices;
using Microsoft.EntityFrameworkCore;
using Model;
@ -25,20 +24,15 @@ public class StubAppContext(DbContextOptions<AppContext> options) : AppContext(o
var i = 0;
builder.Entity<UserEntity>()
.HasData(users.ConvertAll(name =>
.HasData(users.ConvertAll(name => new UserEntity
{
var (password, salt) = Hashing.HashString("123456");
return new UserEntity
{
Id = ++i,
Email = $"{name}@mail.com",
Name = name,
Password = password,
PasswordSalt = salt,
IsAdmin = true,
ProfilePicture =
"https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973460_960_720.png",
};
Id = ++i,
Email = $"{name}@mail.com",
Name = name,
Password = "123456",
IsAdmin = true,
ProfilePicture =
"https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973460_960_720.png",
}));
builder.Entity<TacticEntity>()
@ -59,14 +53,6 @@ public class StubAppContext(DbContextOptions<AppContext> options) : AppContext(o
TacticId = 1,
ParentId = null
});
builder.Entity<SharedTacticEntity>()
.HasData(new SharedTacticEntity
{
Id = 1,
TacticId = 1,
SharedWithUserId = 2
});
builder.Entity<TeamEntity>()

1
StubContext/StubContext.csproj
Unescape View File

@ -9,7 +9,6 @@
<ItemGroup>
<ProjectReference Include="..\AppContext\AppContext.csproj" />
<ProjectReference Include="..\Utils\Utils.csproj" />
</ItemGroup>
<ItemGroup>

2
UnitTests/TacticsControllerTest.cs
Unescape View File

@ -71,7 +71,7 @@ public class TacticsControllerTest
{
var (controller, context) = GetController(1);
var result = await controller.CreateNew(new("Test Tactic", "pLaIn"));
result.Should().BeEquivalentTo(new TacticController.CreateNewResponse(2, 2));
result.Should().BeEquivalentTo(new TacticController.CreateNewResponse(2));
var tactic = await context.Tactics.FirstOrDefaultAsync(e => e.Id == 2);
tactic.Should().NotBeNull();
tactic!.Name.Should().BeEquivalentTo("Test Tactic");

14
UnitTests/TeamsControllerTest.cs
Unescape View File

@ -21,9 +21,7 @@ public class TeamsControllerTest
);
context.Database.EnsureCreated();
var controller = new TeamsController(
new DbTeamService(context),
new DbTacticService(context),
new DbUserService(context),
new DbTeamService(context),
new ManualContextAccessor(userId)
);
@ -47,11 +45,11 @@ public class TeamsControllerTest
{
var (controller, context) = GetController(1);
var result = await controller.GetMembersOf(1);
// result.Should().BeEquivalentTo(controller.Ok(new Member[]
// {
// new(1, 1, MemberRole.Coach),
// new(1, 2, MemberRole.Player)
// }));
result.Should().BeEquivalentTo(controller.Ok(new Member[]
{
new(1, 1, MemberRole.Coach),
new(1, 2, MemberRole.Player)
}));
}
[Fact]

44
UnitTests/UserControllerTest.cs
Unescape View File

@ -1,7 +1,7 @@
using API.Controllers;
using API.DTO;
using DbServices;
using FluentAssertions;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Data.Sqlite;
using Microsoft.EntityFrameworkCore;
using Model;
@ -50,46 +50,4 @@ public class UsersControllerTest
// [new TacticDto(1, "New tactic", 1, "PLAIN", 1717106400000L)]
// ));
}
[Fact]
public async Task ShareTacticTest()
{
var controller = GetUserController(1);
var result = await controller.ShareTactic(new UsersController.ShareTacticToUserRequest(1, 2));
result.Should().BeOfType<OkResult>();
}
[Fact]
public async Task GetSharedTacticsToUserTest()
{
var controller = GetUserController(2);
var result = await controller.GetSharedTacticsToUser(2);
var okResult = result as OkObjectResult;
var sharedTactics = okResult!.Value as IEnumerable<Tactic>;
sharedTactics!.Should().NotBeNull();
sharedTactics.Should().ContainSingle();
var tactic = sharedTactics.First();
tactic.Id.Should().Be(1);
}
[Fact]
public async Task UnshareTacticTest()
{
var controller = GetUserController(1);
var result = await controller.UnshareTactic(1, 2);
result.Should().BeOfType<OkResult>();
}
[Fact]
public async Task TestChangeUserInformation()
{
var controller = GetUserController(1);
await controller.ChangeUserInformation(new("a", "b", "c", "d"));
var user = await controller.GetUser();
user.Should().BeEquivalentTo(new User(1, "b", "a", "c", true));
}
}

35
Utils/Hashing.cs
Unescape View File

@ -1,35 +0,0 @@
using System.Security.Cryptography;
using Microsoft.AspNetCore.Cryptography.KeyDerivation;
namespace DbServices;
public class Hashing
{
public static (string, byte[]) HashString(string str)
{
byte[] salt = RandomNumberGenerator.GetBytes(128 / 8);
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: str,
salt,
prf: KeyDerivationPrf.HMACSHA256,
iterationCount: 50000,
numBytesRequested: 256 / 8
));
return (hashed, salt);
}
public static bool PasswordsMatches(string password, string str, byte[] salt)
{
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: str,
salt,
prf: KeyDerivationPrf.HMACSHA256,
iterationCount: 50000,
numBytesRequested: 256 / 8
));
return hashed == password;
}
}

13
Utils/Utils.csproj
Unescape View File

@ -1,13 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="9.0.0-preview.2.24128.4" />
</ItemGroup>
</Project>

6
WebAPI.sln
Unescape View File

@ -20,8 +20,6 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EFConsole", "EFConsole\EFCo
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "APIConsole", "APIConsole\APIConsole.csproj", "{B01BD72E-15D3-4DC6-8DAC-2270A01129A9}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Utils", "Utils\Utils.csproj", "{D6FC4ED1-B4F8-4801-BC79-94627A1E6E0F}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -76,9 +74,5 @@ Global
{B01BD72E-15D3-4DC6-8DAC-2270A01129A9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{B01BD72E-15D3-4DC6-8DAC-2270A01129A9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{B01BD72E-15D3-4DC6-8DAC-2270A01129A9}.Release|Any CPU.Build.0 = Release|Any CPU
{D6FC4ED1-B4F8-4801-BC79-94627A1E6E0F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D6FC4ED1-B4F8-4801-BC79-94627A1E6E0F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D6FC4ED1-B4F8-4801-BC79-94627A1E6E0F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D6FC4ED1-B4F8-4801-BC79-94627A1E6E0F}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
EndGlobal

27
ci/.drone.yml
Unescape View File

@ -2,7 +2,7 @@ kind: pipeline
type: docker
name: "CI/CD"
steps:
- image: mcr.microsoft.com/dotnet/sdk:8.0
@ -12,12 +12,12 @@ steps:
- dotnet tool install --global dotnet-sonarscanner
- dotnet tool install --global dotnet-coverage
- export PATH="$PATH:/root/.dotnet/tools"
- dotnet sonarscanner begin /k:"IQBall-WebAPI" /d:sonar.host.url="https://codefirst.iut.uca.fr/sonar" /d:sonar.login="sqp_b16ad09dcce1b9dde920e313b10c2fe85566624c" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml
- dotnet sonarscanner begin /k:"IQBall-WebAPI" /d:sonar.host.url="https://codefirst.iut.uca.fr/sonar" /d:sonar.login="sqp_b16ad09dcce1b9dde920e313b10c2fe85566624c"
- dotnet build
- dotnet-coverage collect "dotnet test" -f xml -o coverage.xml
- dotnet-coverage collect "dotnet test" -f xml -o "coverage.xml"
- dotnet sonarscanner end /d:sonar.login="sqp_b16ad09dcce1b9dde920e313b10c2fe85566624c"
- image: plugins/docker
name: "build and push docker image"
depends_on:
@ -33,20 +33,23 @@ steps:
from_secret: SECRET_REGISTRY_USERNAME
password:
from_secret: SECRET_REGISTRY_PASSWORD
# deploy staging database and server on codefirst
- image: ubuntu:latest
- image: eeacms/rsync:latest
name: "Instantiate docker images on staging server"
depends_on:
- "build and push docker image"
environment:
environment:
PRIVATE_KEY:
from_secret: PRIVATE_KEY
commands:
- chmod +x ci/deploy_staging_server_step.sh
- ci/deploy_staging_server_step.sh
- mkdir -p ~/.ssh
- echo "$PRIVATE_KEY" > ~/.ssh/id_rsa
- chmod 0600 ~/.ssh
- chmod 0500 ~/.ssh/id_rsa*
- rsync -avz -e "ssh -p 80 -o 'StrictHostKeyChecking=no'" ci/deploy_staging_server.sh iqball@maxou.dev:/srv/www/iqball/$DRONE_BRANCH/
- ssh -p 80 -o 'StrictHostKeyChecking=no' iqball@maxou.dev "chmod +x /srv/www/iqball/$DRONE_BRANCH/deploy_staging_server.sh && /srv/www/iqball/$DRONE_BRANCH/deploy_staging_server.sh $(echo $DRONE_BRANCH | tr / _) $DRONE_COMMIT_SHA"
# Deploy the production database and server on codefirst
# - image: hub.codefirst.iut.uca.fr/thomas.bellembois/codefirst-dockerproxy-clientdrone:latest
# name: "Instantiate dotnet api docker image on codefirst"

13
ci/deploy_staging_server.sh
Unescape View File

@ -3,14 +3,13 @@
set -exu
BRANCH=$1
BRANCH_ESCAPED=$(echo $BRANCH | tr / _)
COMMIT_SHA=$2
API_CONTAINER_NAME="iqball-api-dotnet-$BRANCH_ESCAPED"
DB_CONTAINER_NAME="iqball-db-$BRANCH_ESCAPED"
API_CONTAINER_NAME="iqball-api-dotnet-$BRANCH"
DB_CONTAINER_NAME="iqball-db-$BRANCH"
(docker stop "$API_CONTAINER_NAME" && docker rm "$API_CONTAINER_NAME") || true
docker volume create "iqball-migrations-$BRANCH_ESCAPED" || true
docker volume create "iqball-migrations-$BRANCH" || true
docker run -d \
--name "$DB_CONTAINER_NAME" \
@ -26,12 +25,12 @@ docker run --rm -t \
--env PGSQL_DSN="Server=$DB_CONTAINER_NAME;Username=iqball;Password=1234;Database=iqball" \
--env BRANCH="$BRANCH" \
--env COMMIT_SHA="$COMMIT_SHA" \
--mount source="iqball-migrations-$BRANCH_ESCAPED",target=/migrations \
--mount source="iqball-migrations-$BRANCH",target=/migrations \
--network iqball_net \
iqball-db-init:latest
docker pull "hub.codefirst.iut.uca.fr/maxime.batista/iqball-api-dotnet:$BRANCH_ESCAPED"
docker pull "hub.codefirst.iut.uca.fr/maxime.batista/iqball-api-dotnet:$BRANCH"
# run the API
docker run -d \
@ -39,7 +38,7 @@ docker run -d \
--restart=always \
--network iqball_net \
--env PGSQL_DSN="Server=$DB_CONTAINER_NAME;Username=iqball;Password=1234;Database=iqball" \
"hub.codefirst.iut.uca.fr/maxime.batista/iqball-api-dotnet:$BRANCH_ESCAPED"
"hub.codefirst.iut.uca.fr/maxime.batista/iqball-api-dotnet:$BRANCH"

14
ci/deploy_staging_server_step.sh
Unescape View File

@ -1,14 +0,0 @@
#!/usr/bin/env bash
set -exu
apt update && apt install rsync openssh-client -y
mkdir -p ~/.ssh
echo "$PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 0600 ~/.ssh
chmod 0500 ~/.ssh/id_rsa*
ssh -p 80 -o 'StrictHostKeyChecking=no' iqball@maxou.dev mkdir -p /srv/www/iqball/$DRONE_BRANCH/
rsync -avz -e "ssh -p 80 -o 'StrictHostKeyChecking=no'" ci/deploy_staging_server.sh iqball@maxou.dev:/srv/www/iqball/$DRONE_BRANCH/
ssh -p 80 -o 'StrictHostKeyChecking=no' iqball@maxou.dev "chmod +x /srv/www/iqball/$DRONE_BRANCH/deploy_staging_server.sh && /srv/www/iqball/$DRONE_BRANCH/deploy_staging_server.sh $DRONE_BRANCH $DRONE_COMMIT_SHA"
Write Preview
Loading…
Cancel
Save