private static string GetSlug(BlogPostRequest blogPost)
{
return(blogPost.BlogPost.Title
.Replace(' ', '-')
.Replace("?", "")
.Replace("&", "")
.Replace("\'", "")
.Replace("\"", "")
.ToLower());
}
public async Task<IEnumerable<BlogPost>> GetAll(int pageSize, int pageIndex, int skip = 0)
{
var blogPostRequest = new BlogPostRequest
{
PageSize = pageSize,
PageIndex = pageIndex,
Skip = skip
};
return await this.controller.GetAll(blogPostRequest);
}
public async Task <IEnumerable <BlogPost> > GetAll(BlogPostRequest blogPostRequest)
{
var blogs = await this.blogPostRepository.Query()
.Include(r => r.Author)
.OrderByDescending(b => b.CreatedOn)
.ThenBy(b => b.Title)
.Skip(blogPostRequest.Skip + (blogPostRequest.PageIndex * blogPostRequest.PageSize))
.Take(blogPostRequest.PageSize)
.ToListAsync();
return(this.mapper.Map <IEnumerable <BlogPost> >(blogs));
}
public async Task <IActionResult> Put([FromRoute] Guid id, [FromBody] BlogPostRequest blogPostRequest)
{
BlogPost blogPost = _ctx.BlogPosts.SingleOrDefault(bp => bp.Id == id);
if (blogPost == null)
{
return(NotFound("Blog Post not found."));
}
var authorId = new Guid(HttpContext.User.FindFirst("authorId").Value);
if (blogPost.AuthorId != authorId)
{
return(Forbid("Authenticated user cannot update this blog post."));
}
blogPost.Update(blogPostRequest.Title, blogPostRequest.Text);
await _ctx.SaveChangesAsync();
return(NoContent());
}
public async Task <IActionResult> Post([FromBody] BlogPostRequest blogPostRequest)
{
var authorId = new Guid(HttpContext.User.FindFirst("authorId").Value);
blogPostRequest.Title = _sanitizer.Sanitize(blogPostRequest.Title); // Post value: <div onload=alert('xss')>Title</div>
blogPostRequest.Text = _sanitizer.Sanitize(blogPostRequest.Text); // Post value: <script type="text/javascript">alert('text')</script>
var blogPost = blogPostRequest.CreateBlogPost(authorId);
await _ctx.BlogPosts.AddAsync(blogPost);
await _ctx.SaveChangesAsync();
var blogPostResponse = BlogPostResponse.FromBlogPost(
_blogPostProtector.Protect(blogPost.Id.ToString()),
blogPost,
true
);
return(CreatedAtAction(nameof(Get), new { id = _blogPostProtector.Protect(blogPost.Id.ToString()) }, blogPostResponse));
}
public async Task <IActionResult> PostBlogPost([FromBody] BlogPostRequest blogPost)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var entity = new BlogPost
{
Title = blogPost.BlogPost.Title,
Description = blogPost.BlogPost.Description,
Body = blogPost.BlogPost.Body,
Slug = GetSlug(blogPost),
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
BlogPostTags = new List <BlogPostTag>()
};
foreach (var item in blogPost.BlogPost.TagList)
{
var tag = _context.Tags.FirstOrDefault(t => t.Name == item);
if (tag == null)
{
tag = new Tag
{
Name = item
};
_context.Tags.Add(tag);
}
entity.BlogPostTags.Add(new BlogPostTag
{
Tag = tag
});
}
_context.BlogPosts.Add(entity);
await _context.SaveChangesAsync();
return(await GetBlogPost(entity.Slug));
}
public async Task <ActionResult <BlogPostModel> > UpdateBlogPostAsync([FromRoute] Guid blogPostId, [FromBody] BlogPostRequest blogPost)
{
return(NoContent());
}
public async Task <ActionResult <BlogPostModel> > CreateNewBlogPostAsync([FromBody] BlogPostRequest blogPost)
{
throw new NotImplementedException();
}
// POST api/blogposts
public BlogPostRequest Post([FromBody] BlogPostRequest request)
{
return(request);
}
public async Task <IActionResult> PutBlogPost([FromRoute] string slug, [FromBody] BlogPostRequest blogPost)
{
var entity = _context.BlogPosts.Where(a => a.Slug == slug).FirstOrDefault();
if (entity == null)
{
return(NotFound());
}
if (!String.IsNullOrEmpty(blogPost.BlogPost.Title))
{
entity.Title = blogPost.BlogPost.Title;
entity.Slug = GetSlug(blogPost);
}
if (!String.IsNullOrEmpty(blogPost.BlogPost.Description))
{
entity.Description = blogPost.BlogPost.Description;
}
if (!String.IsNullOrEmpty(blogPost.BlogPost.Body))
{
entity.Body = blogPost.BlogPost.Body;
}
if (blogPost.BlogPost.TagList != null)
{
var oldTags = _context.BlogPostTags.Where(a => a.BlogPost.Slug == entity.Slug).ToList();
foreach (var item in oldTags.ToList())
{
_context.BlogPostTags.Remove(item);
}
foreach (var item in blogPost.BlogPost.TagList)
{
var tag = _context.Tags.FirstOrDefault(t => t.Name == item);
if (tag == null)
{
tag = new Tag
{
Name = item
};
_context.Tags.Add(tag);
}
_context.BlogPostTags.Add(new BlogPostTag
{
BlogPostId = entity.ID,
TagId = tag.ID
});
}
}
entity.UpdatedAt = DateTime.Now;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
return(BadRequest("Desila se greška"));
}
return(await GetBlogPost(entity.Slug));
}
