Egeland

exercise.wwwapi/Configuration/ConfigurationSettings.cs

@@ -0,0 +1,15 @@
+namespace exercise.wwwapi.Configuration
+{
+    public class ConfigurationSettings : IConfigurationSettings
+    {
+        IConfiguration _configuration;
+        public ConfigurationSettings()
+        {
+            _configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
+        }
+        public string GetValue(string key)
+        {
+            return _configuration.GetValue<string>(key)!;
+        }
+    }
+}

exercise.wwwapi/Configuration/IConfigurationSettings.cs

@@ -0,0 +1,7 @@
+namespace exercise.wwwapi.Configuration
+{
+    public interface IConfigurationSettings
+    {
+        string GetValue(string key);
+    }
+}

exercise.wwwapi/DTO/Requests/BlogPost.cs

@@ -0,0 +1,8 @@
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class BlogPost
+    {
+        public string Header { get; set; }
+        public string Text { get; set; }
+    }
+}

exercise.wwwapi/DTO/Requests/BlogPut.cs

@@ -0,0 +1,8 @@
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class BlogPut
+    {
+        public string? Header { get; set; }
+        public string? Text { get; set; }
+    }
+}

exercise.wwwapi/DTO/Requests/UserPost.cs

@@ -0,0 +1,11 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class AuthorPost
+    {
+        public string Name { get; set; }
+        public string Email { get; set; }
+        public string Password { get; set; }
+    }
+}

exercise.wwwapi/DTO/Requests/UserPut.cs

@@ -0,0 +1,9 @@
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class UserPut
+    {
+        public string? Name { get; set; }
+        public string? Email { get; set; }
+        public string? Password { get; set; }
+    }
+}

exercise.wwwapi/DTO/Requests/UserRequestDto.cs

@@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.DTO.Requests
+{
+    [NotMapped]
+    public class UserRequestDto
+    {
+        public required string Username { get; set; }
+        public required string Password { get; set; }
+        public required string Email { get; set; }
+    }
+}

exercise.wwwapi/DTO/Response/BlogDTO.cs

@@ -0,0 +1,9 @@
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class BlogDTO
+    {
+        public int Id { get; set; }
+        public string Header { get; set; }
+        public string Text { get; set; }
+    }
+}

exercise.wwwapi/DTO/Response/BlogUserDTO.cs

@@ -0,0 +1,9 @@
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class BlogAuthorDTO
+    {
+        public int Id { get; set; }
+        public string Header { get; set; }
+        public string Text { get; set; }
+    }
+}

exercise.wwwapi/DTO/Response/Payload.cs

@@ -0,0 +1,11 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.DTO.Response
+{
+    [NotMapped]
+    public class Payload<T> where T : class
+    {
+        public string status { get; set; } = "success";
+        public T data { get; set; }
+    }
+}

exercise.wwwapi/DTO/Response/UserDTO.cs

@@ -0,0 +1,13 @@
+using exercise.wwwapi.Models;
+
+namespace exercise.wwwapi.DTO.Requests
+{
+    public class UserDTO
+    {
+        public int Id { get; set; }
+        public string Name { get; set; }
+        public string Email { get; set; }
+        public string PasswordHash { get; set; }
+        public List<BlogAuthorDTO> Blogs { get; set; } = new List<BlogAuthorDTO>();
+    }
+}

exercise.wwwapi/DTO/Response/UserResponseDto.cs

@@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace exercise.wwwapi.DTO.Response
+{
+    [NotMapped]
+    public class UserResponseDto
+    {
+        public string Username { get; set; }
+        public string PasswordHash { get; set; }
+        public string Email { get; set; }
+    }
+}

exercise.wwwapi/Data/DataContext.cs

@@ -0,0 +1,22 @@
+using System.Collections.Generic;
+using System.Net.Sockets;
+using exercise.wwwapi.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace exercise.wwwapi.Data
+{
+    public class DataContext : DbContext
+    {
+        public DataContext(DbContextOptions<DataContext> options) : base(options)
+        {
+
+        }
+        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
+        {
+            //optionsBuilder.UseInMemoryDatabase(databaseName: "Database");
+        }
+
+        public DbSet<User> Users { get; set; }
+        public DbSet<Blog> Blogs { get; set; }
+    }
+}

exercise.wwwapi/Endpoints/AuthApi.cs

@@ -0,0 +1,93 @@
+using exercise.wwwapi.Configuration;
+using exercise.wwwapi.DTO.Requests;
+using exercise.wwwapi.DTO.Response;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+
+namespace exercise.wwwapi.Endpoints
+{
+    public static class AuthApi
+    {
+        public static void ConfigureAuthApi(this WebApplication app)
+        {
+            app.MapPost("register", Register);
+            app.MapPost("login", Login);
+            app.MapGet("users", GetUsers);
+
+        }
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetUsers(IRepository<User> service, ClaimsPrincipal user)
+        {
+            return TypedResults.Ok(service.GetAll());
+        }
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status409Conflict)]
+        private static async Task<IResult> Register(UserRequestDto request, IRepository<User> service)
+        {
+
+            //user exists
+            if (service.GetAll().Where(u => u.Username == request.Username).Any()) return Results.Conflict(new Payload<UserRequestDto>() { status = "Username already exists!", data = request });
+
+            string passwordHash = BCrypt.Net.BCrypt.HashPassword(request.Password);
+
+            var user = new User();
+
+            user.Username = request.Username;
+            user.PasswordHash = passwordHash;
+            user.Email = request.Email;
+
+            service.Insert(user);
+            service.Save();
+
+            return Results.Ok(new Payload<string>() { data = "Created Account" });
+        }
+
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        private static async Task<IResult> Login(UserRequestDto request, IRepository<User> service, IConfigurationSettings config)
+        {
+            //user doesn't exist
+            if (!service.GetAll().Where(u => u.Username == request.Username).Any()) return Results.BadRequest(new Payload<UserRequestDto>() { status = "User does not exist", data = request });
+
+            User user = service.GetAll().FirstOrDefault(u => u.Username == request.Username)!;
+
+
+            if (!BCrypt.Net.BCrypt.Verify(request.Password, user.PasswordHash))
+            {
+                return Results.BadRequest(new Payload<UserRequestDto>() { status = "Wrong Password", data = request });
+            }
+            string token = CreateToken(user, config);
+            return Results.Ok(new Payload<string>() { data =  token }) ;
+
+        }
+        private static string CreateToken(User user, IConfigurationSettings config)
+        {
+            List<Claim> claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.Sid, user.Id.ToString()),
+                new Claim(ClaimTypes.Name, user.Username),
+                new Claim(ClaimTypes.Email, user.Email),
+
+            };
+
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.GetValue("AppSettings:Token")));
+            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
+            var token = new JwtSecurityToken(
+                claims: claims,
+                expires: DateTime.Now.AddDays(1),
+                signingCredentials: credentials
+                );
+            var jwt = new JwtSecurityTokenHandler().WriteToken(token);
+            return jwt;
+        }
+    }
+}

exercise.wwwapi/Endpoints/SecureApi.cs

@@ -0,0 +1,83 @@
+using AutoMapper;
+using exercise.wwwapi.DTO.Requests;
+using exercise.wwwapi.DTO.Response;
+using exercise.wwwapi.Helpers;
+using exercise.wwwapi.Models;
+using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using System.Security.Claims;
+
+namespace exercise.wwwapi.Endpoints
+{
+    public static class SecureApi
+    {
+        public static void ConfigureSecureApi(this WebApplication app)
+        {
+            var blog = app.MapGroup("/blog");
+            blog.MapGet("/", GetBlogs);
+            blog.MapPost("/", CreateBlog);
+            blog.MapPut("/{id}", UpdateBlog);
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> GetBlogs(IRepository<Blog> service, ClaimsPrincipal user)
+        {
+            var blogs = service.GetAll(b => b.User);
+
+            var result = blogs.Select(b => new BlogDTO
+            {
+                Id = b.Id,
+                Header = b.Header,
+                Text = b.Text
+            }).ToList();
+            return TypedResults.Ok(new Payload<List<BlogDTO>>{ data = result });
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status201Created)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> CreateBlog(IRepository<Blog> service, [FromBody] BlogPost model, ClaimsPrincipal user)
+        {
+            Blog blog = new Blog()
+            {
+                Header = model.Header,
+                Text = model.Text,
+                UserId = user.UserRealId().Value
+            };
+            service.Insert(blog);
+            service.Save();
+
+            var result = new BlogDTO
+            {
+                Header = blog.Header,
+                Text = blog.Text,
+            };
+            return Results.Created($"/blogs/{blog.Id}", new Payload<BlogDTO> { data = result });
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status201Created)]
+        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+        private static async Task<IResult> UpdateBlog(IRepository<Blog> service, int id, [FromBody] BlogPut model, ClaimsPrincipal user)
+        {
+            Blog blog = service.GetById(id);
+            if (blog == null) return Results.NotFound("Screening not found");
+            if (model.Header != null) blog.Header = model.Header;
+            if (model.Text != null) blog.Text = model.Text;
+
+            service.Update(blog);
+            service.Save();
+
+            var result = new BlogDTO
+            {
+                Id = id,
+                Header = blog.Header,
+                Text = blog.Text,
+            };
+            return Results.Created($"/blogs/{id}", new Payload<BlogDTO> { data = result });
+        }
+    }
+}

exercise.wwwapi/Helpers/ClaimsPrincipalHelper.cs

@@ -0,0 +1,31 @@
+using System.Security.Claims;
+
+namespace exercise.wwwapi.Helpers
+{
+    public static class ClaimsPrincipalHelper
+    {
+        public static int? UserRealId(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Sid);
+            return int.Parse(claim?.Value);
+        }
+        public static string UserId(this ClaimsPrincipal user)
+        {
+            IEnumerable<Claim> claims = user.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier);
+            return claims.Count() >= 2 ? claims.ElementAt(1).Value : null;
+
+        }
+
+        public static string? Email(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Email);
+            return claim?.Value;
+        }
+        public static string? Role(this ClaimsPrincipal user)
+        {
+            Claim? claim = user.FindFirst(ClaimTypes.Role);
+            return claim?.Value;
+        }
+
+    }
+}

exercise.wwwapi/Models/Blog.cs

@@ -0,0 +1,24 @@
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Reflection.Metadata;
+
+namespace exercise.wwwapi.Models
+{
+    [Table("blogs")]
+    public class Blog
+    {
+        [Key]
+        [Column("id")]
+        public int Id { get; set; }
+        [Column("header")]
+        public string Header { get; set; }
+        [Column("text")]
+        public string Text { get; set; }
+
+        [ForeignKey("User")]
+        public int UserId { get; set; }
+
+        public User User { get; set; }
+
+    }
+}