public IHttpActionResult DeleteUser(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
var userData = _db.Users.Find(id);
if (userData == null)
{
return(NotFound());
}
userData.Permission = 0;
Sql.UpData(userData.Permission);
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult DeleteCounty(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
var county = _db.Counties.Find(id);
if (county == null)
{
return(NotFound());
}
county.Delete = true;
Sql.UpData(county.Delete);
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddScoped <IRepositoryContextFactory, RepositoryContextFactory>();
services.AddScoped <IOrderRepository>(
provider =>
new OrderRepository(Configuration.GetConnectionString("DefaultConnection"),
provider.GetService <IRepositoryContextFactory>())
);
services.AddScoped <IOrderItemRepository>(
provider =>
new OrderItemRepository(Configuration.GetConnectionString("DefaultConnection"),
provider.GetService <IRepositoryContextFactory>())
);
services.AddScoped <ICustomerRepository>(
provider =>
new CustomerRepository(Configuration.GetConnectionString("DefaultConnection"),
provider.GetService <IRepositoryContextFactory>())
);
services.AddScoped <ICatalogRepository>(
provider =>
new CatalogRepository(Configuration.GetConnectionString("DefaultConnection"),
provider.GetService <IRepositoryContextFactory>())
);
JwtAuth.SetAuthService(services);
services.AddCors();
}
public IHttpActionResult PutCounty(int id, [FromBody] County newCounty)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var county = _db.Counties.Find(id);
if (county == null)
{
return(NotFound());
}
county.Name = newCounty.Name ?? county.Name;
county.CountryId = county.CountryId;
_db.Entry(county).State = EntityState.Modified;
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult GetUser(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if ((permission & 1) <= 0)
{
return(BadRequest("權限不足"));
}
if (tokenId != id)
{
return(BadRequest("使用者錯誤"));
}
var user = _db.Users.Find(id);
return(Ok(new
{
user.Id,
user.Account,
user.Nickname,
user.Name,
user.Picture,
user.Email,
user.Phone,
user.Birthday,
user.BuyerAverageStar,
user.SellerAverageStar
}));
}
public IHttpActionResult GetOrder(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
var order = _db.Orders.Find(id);
return(Ok(new
{
order.Id,
order.Name,
order.Address,
order.Email,
order.Phone,
order.Payment,
order.Pickup,
order.Status,
order.TotalPrice,
order.Remark,
RoomName = order.Room.Name.FirstOrDefault(),
RoomPicture = order.Room.Picture.FirstOrDefault(),
Detail = order.OrderDetails.Select(detail => new
{
detail.Id,
detail.Name,
detail.Price
}).ToList(),
}));
}
public IHttpActionResult PutTag(int id, [FromBody] Tag newTag)
{
var token = JwtAuth.GetToken(Request.Headers.Authorization.Parameter);
if ((Convert.ToInt32(token["Permission"]) & 128) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var tag = _db.Tags.Find(id);
if (tag == null)
{
return(NotFound());
}
tag.Name = newTag.Name ?? tag.Name;
tag.Color = newTag.Color ?? tag.Color;
_db.Entry(tag).State = EntityState.Modified;
try
{
_db.SaveChanges();
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
return(Ok(id));
}
public IHttpActionResult DeleteOrder(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
var order = _db.Orders.Find(id);
if (order == null)
{
return(NotFound());
}
order.Status = OrderStatus.訂單取消;
Sql.UpData(order.Status);
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult DeleteTag(int id)
{
var token = JwtAuth.GetToken(Request.Headers.Authorization.Parameter);
if ((Convert.ToInt32(token["Permission"]) & 128) <= 0)
{
return(BadRequest("權限不足"));
}
var tag = _db.Tags.Find(id);
if (tag == null)
{
return(NotFound());
}
tag.Delete = true;
Sql.UpData(tag.Delete);
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public static void AddJwtLogin(this IServiceCollection services, JwtOptions jwtOptions, string connectionString)
{
UserDbContext.ConnectionString = connectionString;
services.AddSingleton <IRepo <UserDbContext>, Repo <UserDbContext> >();
services.AddScoped <AuthenticationService, AuthenticationService>();
JwtAuth.AddJwtAuth(services, jwtOptions);
}
public IHttpActionResult GetRoomUser()
{
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
var roomUsers = _db.Rooms.Where(room => room.SellerId == tokenId);
return(Ok(roomUsers.Select(room => new
{
room.Id,
})));
}
public IHttpActionResult PutRoom(int id, [FromBody] Room newRoom)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 4) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var room = _db.Rooms.Find(id);
if (room == null)
{
return(NotFound());
}
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if (tokenId != room.SellerId)
{
return(BadRequest("使用者錯誤"));
}
room.CountryId = newRoom.CountryId == 0 ? room.CountryId : newRoom.CountryId;
room.CountyId = newRoom.CountyId == 0 ? room.CountyId : newRoom.CountyId;
room.CityId = newRoom.CityId == 0 ? room.CityId : newRoom.CityId;
room.TagId = newRoom.TagId == 0 ? room.TagId : newRoom.TagId;
room.Name = newRoom.Name ?? room.Name;
room.Picture = newRoom.Picture ?? room.Picture;
room.Rule = newRoom.Rule ?? room.Rule;
room.TagText = newRoom.TagText ?? room.TagText;
room.MaxUsers = newRoom.MaxUsers == 0 ? room.MaxUsers : newRoom.MaxUsers;
room.Star = newRoom.Star == 0 ? room.Star : newRoom.Star;
room.R18 = newRoom.R18;
room.RoomClose = newRoom.RoomClose;
room.RoomEnd = DateTime.Now.AddHours(1);
_db.Entry(room).State = EntityState.Modified;
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult GetRoomUser(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
var roomUsers = _db.RoomUsers.Where(room => room.RoomId == id);
return(Ok(roomUsers.Select(user => new
{
user.User.Id,
user.User.Nickname,
user.User.Picture,
})));
}
public IHttpActionResult PostRoom([FromBody] Room room)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 4) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
room.RoomStart = DateTime.Now;
room.RoomEnd = DateTime.Now.AddHours(1);
if (room.RoomStart > DateTime.Now && room.RoomEnd <= DateTime.Now)
{
room.RoomClose = true;
}
room.SellerId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if (room.CountryId == 0)
{
room.CountryId = 1;
}
if (room.CountyId == 0)
{
room.CountyId = 1;
}
if (room.CityId == 0)
{
room.CityId = 1;
}
if (room.TagId == 0)
{
room.TagId = 1;
}
_db.Rooms.Add(room);
try
{
_db.SaveChanges();
return(Ok(room.Id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult DeleteRoom(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 4) <= 0)
{
return(BadRequest("權限不足"));
}
var room = _db.Rooms.Find(id);
if (room == null)
{
return(NotFound());
}
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if (tokenId != room.SellerId)
{
return(BadRequest("使用者錯誤"));
}
room.RoomClose = true;
_db.Entry(room).State = EntityState.Modified;
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
//var roomUser = room.RoomUsers.FirstOrDefault(user => user.RoomId == id);
//if (roomUser != null) return BadRequest("房間還有訪客");
//_db.Rooms.Remove(room);
//try
//{
// _db.SaveChanges();
// return Ok(id);
//}
//catch (Exception e)
//{
// return BadRequest(e.Message);
//}
}
public IHttpActionResult GetBuyerRatings()
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 1) <= 0)
{
return(BadRequest("權限不足"));
}
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
var orders = _db.Orders.Where(order => order.BuyerId == tokenId).ToList();
return(Ok(orders.OrderByDescending(order => order.Id).Select(order => new
{
order.Id,
order.Name,
order.Address,
order.Email,
order.Phone,
Payment = order.Payment.ToString(),
Pickup = order.Pickup.ToString(),
Status = order.Status.ToString(),
order.TotalPrice,
order.Remark,
order.RoomId,
RoomName = order.Room.Name,
RoomPicture = order.Room.Picture,
Detail = order.OrderDetails.Select(detail => new
{
detail.Id,
detail.Name,
detail.Price
}).ToList(),
order.SellerId,
SellerNickname = order.Seller.Nickname,
SellerAccount = order.Seller.Account,
SellerPicture = order.Seller.Picture,
SellerStar = Star(order.SellerStar),
order.SellerReviews,
BuyerStar = Star(order.BuyerStar),
order.BuyerReviews,
})));
}
public void TestCreateAndValidateInvalidToken()
{
var secret = "2Fkc2Fkc2FkYXNkMTIzMTJhc2Rhc2RzYWRhc2Q=232";
var aud = "teste";
var issuer = "teste";
var secretInvalid = "2Fkc2Fkc2FkYXNkMTIzMTJhc2Rhc2RzYWRhc2Q=";
var audInvalid = "teste";
var issuerInvalid = "teste";
var jwtAuth = new JwtAuth(secret, aud, issuer);
var jwtAuthIvalid = new JwtAuth(secretInvalid, audInvalid, issuerInvalid);
var userId = 1;
var claims = CreateClaims(userId);
var token = jwtAuth.CreateToken(claims);
var validation = jwtAuthIvalid.ValidateToken(token);
Assert.False(validation.IsValid);
Assert.Null(validation.Claims);
}
public IHttpActionResult PostOrder(InputId inputId)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
var order = new Order
{
TotalPrice = 0,
SellerId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter),
BuyerId = inputId.BuyerId,
RoomId = inputId.RoomId
};
var tempDetails = _db.TempDetails.Where(x => x.BuyerId == inputId.BuyerId && x.RoomId == inputId.RoomId);
foreach (var detail in tempDetails)
{
var newDerail = new OrderDetail
{
Name = detail.Name,
Price = detail.Price,
OrderId = order.Id
};
order.TotalPrice += detail.Price;
_db.OrderDetails.Add(newDerail);
//產生產品明細
}
//產生訂單表
_db.Orders.Add(order);
try
{
_db.SaveChanges();
return(Ok(order.Id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public void TestCreateAndValidateToken()
{
var secret = "2Fkc2Fkc2FkYXNkMTIzMTJhc2Rhc2RzYWRhc2Q=232";
var aud = "teste";
var issuer = "teste";
var jwtAuth = new JwtAuth(secret, aud, issuer);
var userId = 1;
var claims = CreateClaims(userId);
var token = jwtAuth.CreateToken(claims);
var validation = jwtAuth.ValidateToken(token);
if (validation.IsValid)
{
var userIdClaim = validation.Claims.FindFirst(c => c.Type == USER_ID).Value;
Assert.Equal(userId.ToString(), userIdClaim);
}
else
{
Assert.True(false);
}
}
public IHttpActionResult PutUser(int id, [FromBody] User newUser)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if ((permission & 1) <= 0)
{
return(BadRequest("權限不足"));
}
if (tokenId != id)
{
return(BadRequest("使用者錯誤"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = _db.Users.Find(id);
user.PasswordSalt = Salt.CreateSalt();
user.Password = Salt.GenerateHashWithSalt(newUser.Password, user.PasswordSalt);
user.Nickname = newUser.Nickname ?? user.Nickname;
user.Name = newUser.Name ?? user.Name;
user.Picture = newUser.Picture ?? user.Picture;
user.Email = newUser.Email ?? user.Email;
user.Phone = newUser.Phone ?? user.Phone;
user.Birthday = user.Birthday;
_db.Entry(user).State = EntityState.Modified;
try
{
_db.SaveChanges();
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
return(Ok(id));
}
public IHttpActionResult DeleteRoomUser(int id)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
var roomUser = _db.RoomUsers.FirstOrDefault(x => x.RoomId == id && x.UserId == tokenId);
var delUser = _db.RoomUsers.Find(roomUser.Id);
_db.RoomUsers.Remove(delUser);
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult PostTag([FromBody] Tag tag)
{
var token = JwtAuth.GetToken(Request.Headers.Authorization.Parameter);
if ((Convert.ToInt32(token["Permission"]) & 128) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
_db.Tags.Add(tag);
try
{
_db.SaveChanges();
return(Ok("新增成功"));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult GetUsers()
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
return(Ok(_db.Users.Select(user => new
{
user.Id,
user.Account,
user.Nickname,
user.Name,
user.Picture,
user.Email,
user.Phone,
user.Birthday,
user.Permission,
user.BuyerAverageStar,
user.SellerAverageStar
})));
}
public IHttpActionResult PostCountry([FromBody] Country country)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
_db.Countries.Add(country);
try
{
_db.SaveChanges();
return(Ok(country.Id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult PutOrder(int id, [FromBody] Order order)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var orderData = _db.Orders.Find(id);
if (orderData == null)
{
return(NotFound());
}
orderData.Name = string.IsNullOrEmpty(order.Name) ? orderData.Name : order.Name;
orderData.Address = string.IsNullOrEmpty(order.Address) ? orderData.Address : order.Address;
orderData.Email = string.IsNullOrEmpty(order.Email) ? orderData.Email : order.Email;
orderData.Phone = string.IsNullOrEmpty(order.Phone) ? orderData.Phone : order.Phone;
orderData.Payment = order.Payment == Payment.未選擇 ? orderData.Payment : order.Payment;
orderData.Pickup = order.Pickup == Pickup.未選擇 ? orderData.Pickup : order.Pickup;
orderData.Status = order.Status == OrderStatus.未選擇 ? orderData.Status : order.Status;
orderData.Remark = string.IsNullOrEmpty(order.Remark) ? orderData.Remark : order.Remark;
_db.Entry(orderData).State = EntityState.Modified;
try
{
_db.SaveChanges();
return(Ok(id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult GetOrders()
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 128) <= 0)
{
return(BadRequest("權限不足"));
}
var orders = _db.Orders.ToList();
return(Ok(orders.Select(order => new
{
order.Id,
order.Name,
order.Address,
order.Email,
order.Phone,
order.Payment,
order.Pickup,
Status = order.Status.ToString(),
order.TotalPrice,
order.Remark,
RoomName = order.Room.Name.FirstOrDefault(),
RoomPicture = order.Room.Picture.FirstOrDefault(),
Detail = order.OrderDetails.Select(detail => new
{
detail.Id,
detail.Name,
detail.Price
}),
order.BuyerStar,
order.BuyerReviews,
order.SellerStar,
order.SellerReviews,
})));
}
public IActionResult Auth([FromBody] UserViewModel user)
{
try
{
var userExists = _userService.CheckUserExists(user.Email, user.Password);
if (userExists == null || userExists.Password != user.Password)
{
return(BadRequest(new { Message = "Email e/ou senha está(ão) inválido(s)." }));
}
var key = _configuration.GetValue <string>("AuthenticationSettings:Key");
var token = JwtAuth.GenerateToken(Encoding.ASCII.GetBytes(key));
return(Ok(new
{
Token = token,
Usuario = userExists
}));
}
catch (Exception ex)
{
return(BadRequest(new { Message = "Ocorreu algum erro interno na aplicação, por favor tente novamente.", ExceptionMessage = ex.Message }));
}
}
public AdvertController(AdvertAccess advertAccess, IOptions <AppSetting> appSetting, JwtAuth jwtAuth)
{
_advertAccess = advertAccess;
_appSetting = appSetting.Value;
_jwtAuth = jwtAuth;
}
public IHttpActionResult PutRatings(int id, Ratings newRating)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
var user = _db.Users.Find(tokenId);
if ((permission & 16) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var order = _db.Orders.Find(id);
if (order == null)
{
return(NotFound());
}
if (order.SellerId == tokenId)
{
order.BuyerStar = newRating.BuyerStar;
order.BuyerReviews = newRating.BuyerReviews;
if (order.Buyer.SellerAverageStar > 0)
{
order.Buyer.SellerAverageStar += newRating.SellerStar;
order.Buyer.SellerAverageStar /= 2;
}
else
{
order.Buyer.SellerAverageStar = newRating.SellerStar;
}
}
else
{
order.SellerStar = newRating.SellerStar;
order.SellerReviews = newRating.SellerReviews;
if (order.Seller.BuyerAverageStar > 0)
{
order.Seller.BuyerAverageStar += newRating.BuyerStar;
order.Seller.BuyerAverageStar /= 2;
}
else
{
order.Seller.BuyerAverageStar = newRating.BuyerStar;
}
}
_db.Entry(user).State = EntityState.Modified;
_db.Entry(order).State = EntityState.Modified;
try
{
_db.SaveChanges();
return(Ok(new
{
id,
order.SellerId,
order.BuyerId,
tokenId
}));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public IHttpActionResult PostRoomUser([FromBody] Room room)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
if ((permission & 2) <= 0)
{
return(BadRequest("權限不足"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var roomData = _db.Rooms.Find(room.Id);
if (roomData != null && roomData.RoomClose)
{
return(BadRequest("找不到房間"));
}
var roomUsers = _db.RoomUsers.Where(x => x.RoomId == room.Id);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if (roomData.SellerId == tokenId)
{
// 房主直接進入
return(Ok(roomUsers.Select(user => new
{
user.RoomId,
user.Room.Name,
UserId = user.User.Id,
UserName = user.User.Name,
UserPicture = user.User.Picture,
user.Status
})));
}
var joinedUser = roomUsers.Where(user => user.User.Id == tokenId);
if (joinedUser.Any())
{
// 房客直接進入
return(Ok(joinedUser.Select(user => new
{
user.RoomId,
user.Room.Name,
UserId = user.User.Id,
UserName = user.User.Name,
UserPicture = user.User.Picture,
user.Status
})));
}
if (roomData.MaxUsers < roomUsers.Count())
{
return(BadRequest("人數已經滿"));
}
// 不在房間內則進入
var newUser = new RoomUser
{
RoomId = room.Id,
UserId = tokenId,
Status = UserStatus.無訂單
};
_db.RoomUsers.Add(newUser);
try
{
_db.SaveChanges();
return(Ok(roomUsers.Select(user => new
{
user.RoomId,
user.Room.Name,
UserId = user.User.Id,
UserName = user.User.Name,
UserPicture = user.User.Picture,
user.Status
})));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}