Sander Rasmussen

exercise.wwwapi/Configuration/ConfigurationSettings.cs

@@ -0,0 +1,17 @@
+using System.Configuration;
+
+namespace exercise.wwwapi.Configuration
+{
+    public class ConfigurationSettings : IConfigurationSettings
+    {
+        IConfiguration _configuration;
+        public ConfigurationSettings()
+        {
+            _configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
+        }
+        public string GetValue(string key)
+        {
+            return _configuration.GetValue<string>(key)!;
+        }
+    }
+}

exercise.wwwapi/Configuration/IConfigurationSettings.cs

@@ -0,0 +1,7 @@
+namespace exercise.wwwapi.Configuration
+{
+    public interface IConfigurationSettings
+    {
+        string GetValue(string key);
+    }
+}

exercise.wwwapi/Data/DataContext.cs

@@ -0,0 +1,74 @@
+using exercise.wwwapi.Configuration;
+using exercise.wwwapi.Models;
+using Microsoft.EntityFrameworkCore;
+using System.Collections.Generic;
+using System.Numerics;
+using System.Data.SqlClient;
+using System.Reflection.Metadata;
+
+namespace exercise.wwwapi.Data
+{
+    public class DataContext : DbContext
+    {
+        private string _connectionString;
+        public DataContext(DbContextOptions<DataContext> options) : base(options)
+        {
+            var configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
+            _connectionString = configuration.GetValue<string>("ConnectionStrings:DefaultConnectionString")!;
+            this.Database.SetConnectionString(_connectionString);
+            this.Database.EnsureCreated();
+        }
+        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
+        {
+            //optionsBuilder.UseInMemoryDatabase(databaseName: "Database");
+           optionsBuilder.UseNpgsql(_connectionString);
+            optionsBuilder.UseLazyLoadingProxies();
+
+
+
+        }
+        protected override void OnModelCreating(ModelBuilder modelBuilder)
+        {
+            modelBuilder.Entity<Post>()
+                .HasKey(b => b.postId);
+            modelBuilder.Entity<User>()
+                .HasKey(b => b.userId);
+            modelBuilder.Entity<Comment>()
+                .HasKey(b => b.commentId);
+
+            modelBuilder.Entity<Post>()
+                 .HasOne(b => b.user)
+                 .WithMany(b => b.Posts)
+                 .HasForeignKey(b => b.userId);
+
+            modelBuilder.Entity<Post>()
+                 .HasMany(b => b.comments)
+                 .WithOne(b => b.post);
+
+
+            modelBuilder.Entity<User>()
+                .HasMany(b => b.Posts)
+                .WithOne(b => b.user);
+
+            modelBuilder.Entity<User>()
+                 .HasMany(b => b.Comments)
+                 .WithOne(b => b.user);
+
+
+            modelBuilder.Entity<Comment>()
+                .HasOne(b => b.user)
+                .WithMany(c => c.Comments)
+                .HasForeignKey(b => b.userId);
+
+            modelBuilder.Entity<Comment>()
+                .HasOne(b => b.post)
+                .WithMany(c => c.comments)
+                .HasForeignKey(b => b.postId);
+
+        }
+
+        public DbSet<User> Users { get; set; }
+        public DbSet<Post> Posts { get; set; }
+        public DbSet<Comment> Comments { get; set; }
+    }
+}

exercise.wwwapi/Endpoints/AuthApi.cs

@@ -0,0 +1,92 @@
+using exercise.wwwapi.Configuration;
+using exercise.wwwapi.Helpers;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ActionConstraints;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+namespace exercise.wwwapi.EndPoints
+{
+    public static class AuthApi
+    {
+        public static void ConfigureAuthApi(this WebApplication app)
+        {
+            app.MapPost("register", Register);
+            app.MapPost("login", Login);
+            app.MapGet("users", GetUsers);
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetUsers(IRepository<User> service, ClaimsPrincipal user)
+        {
+            return TypedResults.Ok(service.GetAll());
+        }
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status409Conflict)]
+        private static async Task<IResult> Register(UserRequestDto request, IRepository<User> service)
+        {
+
+            //user exists
+            if (service.GetAll().Where(u => u.Username == request.Username).Any()) return Results.Conflict(new Payload<UserRequestDto>() { status = "Username already exists!", data = request });
+
+            string passwordHash = BCrypt.Net.BCrypt.HashPassword(request.Password);
+
+            var user = new User();
+
+            user.Username = request.Username;
+            user.PasswordHash = passwordHash;
+            user.Email = request.Email;
+
+            service.Insert(user);
+            service.Save();
+
+            return Results.Ok(new Payload<string>() { data = "Created Account" });
+        }
+
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        private static async Task<IResult> Login(UserRequestDto request, IRepository<User> service, IConfigurationSettings config)
+        {
+            //user doesn't exist
+            if (!service.GetAll().Where(u => u.Username == request.Username).Any()) return Results.BadRequest(new Payload<UserRequestDto>() { status = "User does not exist", data = request });
+
+            User user = service.GetAll().FirstOrDefault(u => u.Username == request.Username)!;
+
+
+            if (!BCrypt.Net.BCrypt.Verify(request.Password, user.PasswordHash))
+            {
+                return Results.BadRequest(new Payload<UserRequestDto>() { status = "Wrong Password", data = request });
+            }
+            string token = CreateToken(user, config);
+            return Results.Ok(new Payload<string>() { data = token });
+
+        }
+        private static string CreateToken(User user, IConfigurationSettings config)
+        {
+            List<Claim> claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.Sid, user.userId.ToString()),
+                new Claim(ClaimTypes.Name, user.Username),
+                new Claim(ClaimTypes.Email, user.Email),
+
+            };
+
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.GetValue("AppSettings:Token")));
+            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
+            var token = new JwtSecurityToken(
+                claims: claims,
+                expires: DateTime.Now.AddDays(1),
+                signingCredentials: credentials
+                );
+            var jwt = new JwtSecurityTokenHandler().WriteToken(token);
+            return jwt;
+        }
+    }
+}
+

exercise.wwwapi/Endpoints/SecureApi.cs

@@ -0,0 +1,107 @@
+using exercise.wwwapi.Helpers;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Win32;
+using System.Diagnostics.Eventing.Reader;
+using System.Security.Claims;
+
+
+namespace exercise.wwwapi.Endpoints
+{
+    public static class SecureApi
+    {
+        public static void ConfigureSecureApi(this WebApplication app)
+        {
+            app.MapGet("message", GetMessage);
+            app.MapGet("posts", GetPosts);
+            app.MapPost("newpost", MakePost);
+            app.MapPut("updatepost", UpdatePost);
+            app.MapGet("postswithcomments", GetPostsWithComments);
+            app.MapPost("Post{postId}/comment{content}", CommentOnPost);
+
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        public static async Task<IResult> CommentOnPost(IRepository<Post> postRepo, IRepository<Comment> commentRepo, int postId, ClaimsPrincipal user, string content )
+        {
+            Post post = postRepo.GetById(postId);
+            Comment comment = new Comment
+            {
+                userId = ClaimsPrincipalHelper.UserRealId(user),
+                postId = postId,
+                content = content
+            };
+            commentRepo.Insert(comment);    
+            post.comments.Add(comment);
+            commentRepo.Save();
+            postRepo.Save();
+            return TypedResults.Ok(new CommentDTO(comment));
+        }
+
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        public static async Task<IResult> GetPostsWithComments(IRepository<Post> repo)
+        {
+            List<Post> posts = repo.GetAll().ToList();
+            List<PostDTO> postDTOs = new List<PostDTO>();
+            posts.ForEach(x => postDTOs.Add(new PostDTO(x)));
+            return TypedResults.Ok(postDTOs);
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetMessage(IRepository<User> service, ClaimsPrincipal user, ILogger logger)
+        {
+            logger.LogDebug(new string('*', 1000));
+            return TypedResults.Ok(new { LoggedIn = true, UserId = user.UserRealId().ToString(), Email = $"{user.Email()}", Message = "Pulled the userid and email out of the claims" });
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetPosts(IRepository<Post> service) 
+        {
+            List<PostDTO> posts = new List<PostDTO>();
+            service.GetAll().ToList().ForEach(post => posts.Add(new PostDTO(post)));// convert all posts to postDTO
+
+            return TypedResults.Ok(posts);
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> MakePost(IRepository<Post> service,ClaimsPrincipal user,  string title, string content )
+        {
+            Post post = new Post { postTitle = title, content = content, userId=ClaimsPrincipalHelper.UserRealId(user) };
+            service.Insert(post);
+            service.Save();
+            return TypedResults.Ok(new PostDTO(post));
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+
+        private static async Task<IResult> UpdatePost(IRepository<Post> service, int postId, ClaimsPrincipal user,  string title, string content)
+        {
+
+            Post post = service.GetById(postId);
+            if (post.userId != ClaimsPrincipalHelper.UserRealId(user))
+            {
+                return TypedResults.Unauthorized();
+            }
+
+            else
+            {
+                post.postTitle = title;
+                post.content = content;
+                service.Save();
+                return TypedResults.Ok();
+            }
+
+        }
+    }
+}

exercise.wwwapi/Helpers/ClaimsPrincipalHelper.cs

@@ -0,0 +1,33 @@
+using System.ComponentModel.DataAnnotations;
+using System.Runtime.CompilerServices;
+using System.Security.Claims;
+
+namespace exercise.wwwapi.Helpers
+{
+    public static class ClaimsPrincipalHelper
+    {
+        public static int? UserRealId(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Sid);
+            return int.Parse(claim?.Value);
+        }
+        public static string UserId(this ClaimsPrincipal user)
+        {
+            IEnumerable<Claim> claims = user.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier);
+            return claims.Count() >= 2 ? claims.ElementAt(1).Value : null;
+
+        }
+
+        public static string? Email(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Email);
+            return claim?.Value;
+        }
+        public static string? Role(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Role);
+            return claim?.Value;
+        }
+
+    }
+}

exercise.wwwapi/Models/Comment.cs

@@ -0,0 +1,24 @@
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Drawing;
+using Microsoft.EntityFrameworkCore;
+
+namespace exercise.wwwapi.Models
+{
+    [Table("Comment")]
+    [PrimaryKey("commentId")]
+    public class Comment
+    {
+        [Column("commentId")]
+        public int commentId {  get; set; }
+        [Column("userId")]
+        public int? userId { get; set; }
+        [Column("content")]
+        public string content {  get; set; }
+        [Column("postId")]
+        public int postId { get; set; }
+        [NotMapped]
+        public virtual Post post { get; set; }
+        [NotMapped]
+        public virtual User user { get; set; }
+    }
+}

exercise.wwwapi/Models/CommentDTO.cs

@@ -0,0 +1,21 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.Models
+{
+    public class CommentDTO
+    {
+        public int commentId { get; set; }
+
+        public string content { get; set; }
+
+        public int? userId { get; set; } 
+
+        public CommentDTO(Comment comment ) 
+        {
+            commentId = comment.commentId;
+            content = comment.content;  
+            userId = comment.userId;    
+        }
+
+    }
+}