// PUT api/Comment/5 public HttpResponseMessage PutComment(string token, int id, Comment comment) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != comment.id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault(); if (oldToken != null) { Comment oldComment = db.Comment.Find(id); if (oldComment.idUser != oldToken.userId) { ModelState.AddModelError("Forbiden", "operation not allowed"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } oldComment.comment1 = comment.comment1; oldToken.expires = DateTime.Now.AddMinutes(15); db.Entry(oldToken).State = EntityState.Modified; Utils.Util.RemoveTokens(db); db.Entry(oldComment).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { ModelState.AddModelError("token", "token expired"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
private void storeMessage(BlogAngularEntities db, User user, string message) { var now = DateTime.Now; var chat = new Models.ChatMessage() { uid = Guid.NewGuid(), Created = now, User = user, UserId = user.id, Message = message.Length <= 150 ? message : message.Substring(0, 150) }; db.ChatMessage.Add(chat); db.Entry(user).State = EntityState.Unchanged; db.Entry(chat).State = EntityState.Added; storeOldChat(db, now); }
// PUT api/Category/5 public HttpResponseMessage PutCategory(string token, int id, Category category) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault(); if (oldToken != null) { if (id != category.id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } oldToken.expires = DateTime.Now.AddMinutes(15); Util.RemoveTokens(db); db.Entry(oldToken).State = EntityState.Modified; db.Entry(category).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { ModelState.AddModelError("token", "token expired"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
// PUT api/Password/5 public HttpResponseMessage PutPassword(string id, NewPassword pass) { if (!ModelState.IsValid) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault(); if (token != null) { var user = db.User.Find(token.userId); var salted = Util.saltPassword(pass.oldPassword, user.salt); if (salted != user.password) { db.Token.Remove(token); db.SaveChanges(); ModelState.AddModelError("token", "token expired"); return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); byte[] random = new byte[10]; rngCsp.GetBytes(random); var strSalt = BitConverter.ToString(random).Replace("-", ""); user.password = Util.saltPassword(pass.password, strSalt); user.salt = strSalt; Util.RemoveTokens(db); db.Token.Remove(token); db.Entry(user).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return Request.CreateErrorResponse(HttpStatusCode.NotFound, ex); } return Request.CreateResponse(HttpStatusCode.OK); } else { ModelState.AddModelError("token", "token expired"); return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } }
// PUT api/Post/5 public HttpResponseMessage PutPost(string token, int id, Post post) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault(); if (oldToken != null) { if (id != post.id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } Post oldPost = db.Post.Find(id); if (oldPost.idUser != oldToken.userId) { ModelState.AddModelError("Forbiden", "operation not allowed"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } oldPost.idCategory = post.Category.id; oldPost.postContent = post.postContent; oldPost.synopsis = post.synopsis; oldPost.title = post.title; oldToken.expires = DateTime.Now.AddMinutes(15); Util.RemoveTokens(db); db.Entry(oldToken).State = EntityState.Modified; db.Entry(post.Category).State = EntityState.Unchanged; db.Entry(oldPost).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { ModelState.AddModelError("token", "token expired"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
// GET api/ChatMessage public IEnumerable <ChatMessage> GetChatMessages(string id) { Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault(); if (token != null) { ChatHub.storeOldChat(db, DateTime.Now); token.expires = DateTime.Now.AddMinutes(15); Util.RemoveTokens(db); db.Entry(token).State = EntityState.Modified; db.SaveChanges(); var chatmessages = db.ChatMessage.Include(c => c.User).OrderBy(c => c.Created).ToList(); return(chatmessages.Select(c => new ChatMessage() { Avatar = c.User.avatar, Message = c.Message, Username = c.User.username, Hour = c.Created.ToString("h:mm:ss") })); } return(new List <ChatMessage>()); }
public async Task <HttpResponseMessage> PostUpload(string id) { Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault(); if (token != null) { // Check if the request contains multipart/form-data. if (!Request.Content.IsMimeMultipartContent()) { throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType); } token.expires = DateTime.Now.AddMinutes(15); Util.RemoveTokens(db); db.Entry(token).State = EntityState.Modified; User user = db.User.Find(token.userId); string root = HttpContext.Current.Server.MapPath("~/cliente/app/images/avatars"); var provider = new MultipartFormDataStreamProvider(root); try { // Read the form data. await Request.Content.ReadAsMultipartAsync(provider); // This illustrates how to get the file names. foreach (MultipartFileData fileData in provider.FileData) { if (string.IsNullOrEmpty(fileData.Headers.ContentDisposition.FileName)) { return(Request.CreateResponse(HttpStatusCode.NotAcceptable, "This request is not properly formatted")); } string fileName = fileData.Headers.ContentDisposition.FileName; if (fileName.StartsWith("\"") && fileName.EndsWith("\"")) { fileName = fileName.Trim('"'); } if (fileName.Contains(@"/") || fileName.Contains(@"\")) { fileName = Path.GetFileName(fileName); } string path = Path.Combine(root, user.username + fileName.Substring(fileName.LastIndexOf('.'))); File.Delete(path); File.Move(fileData.LocalFileName, path); user.avatar = user.username + fileName.Substring(fileName.LastIndexOf('.')); db.SaveChanges(); } return(Request.CreateResponse(HttpStatusCode.OK)); } catch (System.Exception e) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, e)); } } else { ModelState.AddModelError("token", "token expired"); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }