boolean-uk · AkselSau · Feb 4, 2025
diff --git a/exercise.wwwapi/Configuration/ConfigurationSettings.cs b/exercise.wwwapi/Configuration/ConfigurationSettings.cs
@@ -0,0 +1,15 @@
+namespace exercise.wwwapi.Configuration
+{
+    public class ConfigurationSettings : IConfigurationSettings
+    {
+        IConfiguration _configuration;
+        public ConfigurationSettings()
+        {
+            _configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
+        }
+        public string GetValue(string key)
+        {
+            return _configuration.GetValue<string>(key)!;
+        }
+    }
+}
diff --git a/exercise.wwwapi/Configuration/IConfigurationSettings.cs b/exercise.wwwapi/Configuration/IConfigurationSettings.cs
@@ -0,0 +1,7 @@
+namespace exercise.wwwapi.Configuration
+{
+    public interface IConfigurationSettings
+    {
+        string GetValue(string key);
+    }
+}
diff --git a/exercise.wwwapi/DTO/BlogPostDTO.cs b/exercise.wwwapi/DTO/BlogPostDTO.cs
@@ -0,0 +1,7 @@
+namespace exercise.wwwapi.DTO
+{
+    public class BlogPostDTO
+    {
+        public string Text { get; set; }
+    }
+}
diff --git a/exercise.wwwapi/DTO/BlogPostLinkDTO.cs b/exercise.wwwapi/DTO/BlogPostLinkDTO.cs
@@ -0,0 +1,9 @@
+namespace exercise.wwwapi.DTO
+{
+    public class BlogPostLinkDTO
+    {
+        public int id { get; set; }
+        public string text { get; set; }
+        public int authorId { get; set; }
+    }
+}
diff --git a/exercise.wwwapi/DTO/UserRequestDTO.cs b/exercise.wwwapi/DTO/UserRequestDTO.cs
@@ -0,0 +1,9 @@
+namespace exercise.wwwapi.DTO
+{
+    public class UserRequestDTO
+    {
+        public required string Name { get; set; }
+        public required string Email { get; set; }
+        public required string Password { get; set; }
+    }
+}
diff --git a/exercise.wwwapi/Data/DataContext.cs b/exercise.wwwapi/Data/DataContext.cs
@@ -0,0 +1,41 @@
+using System.Net.Sockets;
+using exercise.wwwapi.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace exercise.wwwapi.Data
+
+{
+    public class DataContext : DbContext
+    {
+        private string _connectionString;
+        public DataContext(DbContextOptions<DataContext> options) : base(options)
+        {
+            var configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
+            _connectionString = configuration.GetValue<string>("ConnectionStrings:DefaultConnectionString")!;
+            this.Database.EnsureCreated();
+        }
+
+        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
+        {
+            optionsBuilder.UseNpgsql(_connectionString);
+        }
+
+        protected override void OnModelCreating(ModelBuilder modelBuilder)
+        {
+            base.OnModelCreating(modelBuilder);
+            modelBuilder.Entity<User>().ToTable("users");
+            modelBuilder.Entity<BlogPost>().ToTable("blog_posts");
+
+            // Relationships
+            modelBuilder.Entity<BlogPost>()
+                .HasOne<User>(bp => bp.Author)
+                .WithMany(u => u.Blogs)
+                .HasForeignKey(bp => bp.authorId);
+        }
+
+        public DbSet<BlogPost> BlogPosts { get; set; }
+        public DbSet<User> Users { get; set; }
+
+    }
+
+}
diff --git a/exercise.wwwapi/EndPoints/AuthApi.cs b/exercise.wwwapi/EndPoints/AuthApi.cs
@@ -0,0 +1,93 @@
+using exercise.wwwapi.Configuration;
+using exercise.wwwapi.DTO;
+using exercise.wwwapi.Helpers;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ActionConstraints;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+namespace exercise.wwwapi.EndPoints
+{
+    public static class AuthApi
+    {
+        public static void ConfigureAuthApi(this WebApplication app)
+        {
+            app.MapPost("register", Register);
+            app.MapPost("login", Login);
+            app.MapGet("users", GetUsers);
+
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetUsers(IRepository<User> service, ClaimsPrincipal user)
+        {
+            return TypedResults.Ok(service.GetAll());
+        }
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status409Conflict)]
+        private static async Task<IResult> Register(UserRequestDTO request, IRepository<User> service)
+        {
+
+            //user exists
+            if (service.GetAll().Where(u => u.Name == request.Name).Any()) return Results.Conflict(new Payload<UserRequestDTO>() { status = "Username already exists!", data = request });
+
+            string passwordHash = BCrypt.Net.BCrypt.HashPassword(request.Password);
+
+            var user = new User();
+
+            user.Name = request.Name;
+            user.Password = passwordHash;
+            user.Email = request.Email;
+
+            service.Insert(user);
+            service.Save();
+
+            return Results.Ok(new Payload<string>() { data = "Created Account" });
+        }
+
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        private static async Task<IResult> Login(UserRequestDTO request, IRepository<User> service, IConfigurationSettings config)
+        {
+            //user doesn't exist
+            if (!service.GetAll().Where(u => u.Name == request.Name).Any()) return Results.BadRequest(new Payload<UserRequestDTO>() { status = "User does not exist", data = request });
+
+            User user = service.GetAll().FirstOrDefault(u => u.Name == request.Name)!;
+
+
+            if (!BCrypt.Net.BCrypt.Verify(request.Password, user.Password))
+            {
+                return Results.BadRequest(new Payload<UserRequestDTO>() { status = "Wrong Password", data = request });
+            }
+            string token = CreateToken(user, config);
+            return Results.Ok(new Payload<string>() { data = token });
+
+        }
+        private static string CreateToken(User user, IConfigurationSettings config)
+        {
+            List<Claim> claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.Sid, user.Id.ToString()),
+                new Claim(ClaimTypes.Name, user.Name),
+                new Claim(ClaimTypes.Email, user.Email),
+
+            };
+
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.GetValue("AppSettings:Token")));
+            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
+            var token = new JwtSecurityToken(
+                claims: claims,
+                expires: DateTime.Now.AddDays(1),
+                signingCredentials: credentials
+                );
+            var jwt = new JwtSecurityTokenHandler().WriteToken(token);
+            return jwt;
+        }
+    }
+}
diff --git a/exercise.wwwapi/EndPoints/BlogPostEndpoint.cs b/exercise.wwwapi/EndPoints/BlogPostEndpoint.cs
@@ -0,0 +1,119 @@
+using System;
+using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using AutoMapper;
+using exercise.wwwapi.Configuration;
+using exercise.wwwapi.DTO;
+using exercise.wwwapi.Helpers;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Win32;
+
+namespace exercise.wwwapi.EndPoints
+{
+    public static class BlogPostEndpoint
+    {
+        public static void ConfigureBlogPostEndpoint(this WebApplication app)
+        {
+            app.MapGet("blogpost", GetAll);
+            app.MapGet("blogpost/{id}", GetById);
+            app.MapPost("blogpost", AddBlogPost);
+            app.MapPut("blogpost/{id}", UpdateBlogPost);
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetAll(IRepository<BlogPost> repository, ClaimsPrincipal user)
+        {
+            var userId = user.UserRealId();
+
+            if (userId != null)
+            {
+                var blogposts = repository.GetAll();
+                Payload<List<BlogPostLinkDTO>> payload = new Payload<List<BlogPostLinkDTO>>();
+                payload.data = new List<BlogPostLinkDTO>();
+
+                foreach (var blogpost in blogposts)
+                {
+                    payload.data.Add(new BlogPostLinkDTO()
+                    {
+                        id = blogpost.id,
+                        text = blogpost.text,
+                        authorId = blogpost.authorId
+                    });
+                }
+                payload.status = "success";
+                return TypedResults.Ok(payload);
+            }
+            else
+            {
+                return Results.Unauthorized();
+            }
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetById(IRepository<BlogPost> repo, int id)
+        {
+            return TypedResults.Ok(repo.GetById(id));
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> AddBlogPost(BlogPostDTO request, IRepository<BlogPost> repository, ClaimsPrincipal user)
+        {
+            var userId = user.UserRealId();
+            if (userId != null)
+            {
+                var blogpost = new BlogPost()
+                {
+                    text = request.Text,
+                    authorId = userId.Value
+                };
+                repository.Insert(blogpost);
+                repository.Save();
+                return Results.Ok(new Payload<string>() { data = "Created BlogPost" });
+            }
+            else
+            {
+                return Results.Unauthorized();
+            }
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+
+        private static async Task<IResult> UpdateBlogPost(BlogPostDTO request, IRepository<BlogPost> repository, int id, ClaimsPrincipal user)
+        {
+            var userId = user.UserRealId();
+            if (userId != null)
+            {
+                var blogpost = repository.GetById(id);
+                if (blogpost == null)
+                {
+                    return Results.NotFound();
+                }
+                if (blogpost.authorId != userId.Value)
+                {
+                    return Results.Unauthorized();
+                }
+                blogpost.text = request.Text;
+                repository.Update(blogpost);
+                repository.Save();
+                return Results.Ok(new Payload<string>() { data = "Updated BlogPost" });
+            }
+            else
+            {
+                return Results.Unauthorized();
+            }
+        }
+    }
+}
diff --git a/exercise.wwwapi/Helpers/ClaimsPrincipalHelper.cs b/exercise.wwwapi/Helpers/ClaimsPrincipalHelper.cs
@@ -0,0 +1,33 @@
+using System.ComponentModel.DataAnnotations;
+using System.Runtime.CompilerServices;
+using System.Security.Claims;
+
+namespace exercise.wwwapi.Helpers
+{
+    public static class ClaimsPrincipalHelper
+    {
+        public static int? UserRealId(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Sid);
+            return int.Parse(claim?.Value);
+        }
+        public static string UserId(this ClaimsPrincipal user)
+        {
+            IEnumerable<Claim> claims = user.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier);
+            return claims.Count() >= 2 ? claims.ElementAt(1).Value : null;
+
+        }
+
+        public static string? Email(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Email);
+            return claim?.Value;
+        }
+        public static string? Role(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Role);
+            return claim?.Value;
+        }
+
+    }
+}
diff --git a/exercise.wwwapi/Helpers/Payload.cs b/exercise.wwwapi/Helpers/Payload.cs
@@ -0,0 +1,11 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.Helpers
+{
+    [NotMapped]
+    public class Payload<T> where T : class
+    {
+        public string status { get; set; } = "Success";
+        public T data { get; set; }
+    }
+}
diff --git a/exercise.wwwapi/Models/BlogPost.cs b/exercise.wwwapi/Models/BlogPost.cs
@@ -0,0 +1,18 @@
+namespace exercise.wwwapi.Models
+{
+    public class BlogPost
+    {
+        public int id { get; set; }
+        public string text { get; set; }
+        public int authorId { get; set; }
+        public User Author { get; set; }
+
+        public void Update(BlogPost post)
+        {
+            if (post.text != null)
+            {
+                text = post.text;
+            }
+        }
+    }
+}
diff --git a/exercise.wwwapi/Models/User.cs b/exercise.wwwapi/Models/User.cs
@@ -0,0 +1,13 @@
+namespace exercise.wwwapi.Models
+{
+    public class User
+    {
+        public int Id { get; set; }
+        public string Name { get; set; }
+        public string Email { get; set; }
+        public string Password { get; set; }
+
+        public ICollection<BlogPost> Blogs { get; set; }
+
+    }
+}