public ActionResult <IEnumerable <Cart> > DeleteItemsCart(string id, [FromBody] string[] items, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id='{id}';");
if (carts.Count > 0)
{
Cart c = carts.First();
List <ItemProperty> cartItems = c.items;
foreach (string item in items)
{
// check if the item is already in the cart
if (cartItems.Any(c => c.id == Convert.ToInt32(item)))
{
cartItems.Remove(cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item)));
}
}
c.itemsBlob = JsonSerializer.Serialize(cartItems);
Program.db.Update(c);
return(Ok(c));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult DeleteItem(string id, [FromHeader] string token)
{
if (Logins.Verify(token, true) != null)
{
List<Item> items = Program.db.Query<Item>($"SELECT * FROM Item WHERE id = '{id}';");
if (items.Count > 0)
{
List<ItemStock> itemsStocks = Program.db.Query<ItemStock>($"SELECT * FROM ItemStock WHERE id = '{id}';");
if (itemsStocks.Count > 0)
{
Program.db.Delete(itemsStocks.First());
Program.db.Delete(items.First());
return Ok();
}
else
return NotFound();
}
else
return NotFound();
}
else
return Unauthorized();
}
public ActionResult GetCartTotals(string cartId, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id=$1;", new object[] { cartId });
if (carts.Count > 0)
{
Cart cart = carts.Last();
return(Ok((new Dictionary <string, object>()
{
{ "totalPrice", cart.TotalPrice() },
{ "totalPriceExTax", cart.TotalPriceExTax() },
{ "totalTax", cart.TotalTax() },
{ "prettyTotalPrice", cart.PrettyTotalPrice() },
{ "prettyTotalPriceExVat", cart.PrettyTotalPriceExTax() },
{ "prettyTotalTax", cart.PrettyTotalTax() },
})));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Contract> > SearchContract([FromBody] string query, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
// Prevent searching everything, else this would causes a major performance hit.
if (string.IsNullOrEmpty(query))
{
return(NotFound());
}
List <Contract> contracts = Program.db.Query <Contract>($"SELECT con.* FROM Contract as con, Customer as cust WHERE cust.familyName LIKE '%{query}%' OR cust.initials LIKE '%{query}%' OR cust.company LIKE '%{query}%';");
if (contracts.Count > 0)
{
return(contracts);
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public IActionResult setup2FA([FromHeader] string token)
{
// Check if the user managed to login with user and password but don't check 2fa here
if (Logins.Verify(token, false, false) != null)
{
// Check if the user has 2fa enabled
List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';");
LoginSession u = v.Count > 0 ? v.First() : null;
// Get the user that owns this session
List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';");
User user = users.Last();
if (user.twoFactorConfirmed)
{
return(BadRequest("2FA is already enabled for this account."));
}
else
{
TwoFactorAuth tfa = new TwoFactorAuth("Cashier API", qrcodeprovider: new SkiaSharpQrCodeProvider()); //TODO: Change org to company name from global settings (WIP)
string secret = tfa.CreateSecret(160);
user.twoFactorSecret = secret;
user.twoFactorConfirmed = false;
Program.db.Update(user);
return(Ok(tfa.GetQrCodeImageAsDataUri("Cashier API", secret)));
}
}
else
{
return(Unauthorized());
}
}
public IActionResult confirmTFA([FromBody] string tfaCode, [FromHeader] string token)
{
// Check if the user managed to login with user and password but don't check 2fa here
if (Logins.Verify(token, false, false) != null)
{
// Check if the user has 2fa enabled
List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';");
LoginSession u = v.Count > 0 ? v.First() : null;
// Get the user that owns this session
List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';");
User user = users.Last();
if (u.passed2FA)
{
return(BadRequest("2FA is already validated for this session."));
}
if (users.Count > 0)
{
if (!string.IsNullOrEmpty(user.twoFactorSecret))
{
var tfa = new TwoFactorAuth("Cashier API"); //TODO: Change org to company name from global settings (WIP)
// Verify if 2FA code is valid
if (tfa.VerifyCode(user.twoFactorSecret, tfaCode))
{
// Code seems legit, update db and return session info.
u.passed2FA = true;
Program.db.Update(u);
// If 2FA was never confirmed let's make it confirmed as we validated a code.
if (!user.twoFactorConfirmed)
{
user.twoFactorConfirmed = true;
Program.db.Update(user);
}
return(Ok(u));
}
else
{
return(Unauthorized("Incorrect 2FA code"));
}
}
else
{
return(BadRequest("2FA is not enabled for this account."));
}
}
else
{
return(BadRequest("No user found with this login token."));
}
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Customer> > SearchCustomer([FromBody] string query, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
// Prevent searching everything, else this would causes a major performance hit.
if (string.IsNullOrEmpty(query))
{
return(NotFound());
}
List <Customer> customers = Program.db.Query <Customer>($"SELECT * FROM Customer WHERE initials LIKE '%{query}%' OR familyName LIKE '%{query}%' OR email LIKE '%{query}%' OR phone LIKE '%{query}%' OR address LIKE '%{query}%' OR postalCode LIKE '%{query}%';");
if (customers.Count > 0)
{
return(customers);
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult DeleteUser(int id, [FromHeader] string token)
{
// Check if user login
if (Logins.Verify(token, true) != null)
{
// Get the user to delete
User u = Users.getUserById(id);
// Make sure the user has been found
if (u == null)
{
return(NotFound());
}
List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';");
LoginSession uSession = v.Count > 0 ? v.First() : null;
if (u.id == uSession.userId)
{
return(BadRequest("Cannot delete yourself."));
}
Program.db.Delete(u);
return(Ok());
}
else
{
return(Unauthorized());
}
}
public ActionResult DeleteCustomer(string id, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Customer> customers = Program.db.Query <Customer>($"SELECT * FROM Customer WHERE id='{id}';");
if (customers.Count > 0)
{
List <Contract> contracts = Program.db.Query <Contract>($"SELECT id FROM Contract WHERE customerId='{customers.First().id}';");
if (contracts.Count > 0)
{
return(BadRequest("Cannot remove customer, customer still has contracts assigned to it!"));
}
Program.db.Delete(customers.First());
return(Ok());
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public IActionResult NewCustomer([FromBody] Customer customer, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
if (!string.IsNullOrEmpty(customer.initials) && !string.IsNullOrEmpty(customer.familyName) && !string.IsNullOrEmpty(customer.email))
{
if (Utilities.IsValidEmail(customer.email))
{
Program.db.Insert(customer);
return(Ok(customer));
}
else
{
return(BadRequest($"Malformed email address. ({customer.email})"));
}
}
else
{
return(BadRequest("Customer initials, family name and email are required fields!"));
}
}
else
{
return(Unauthorized());
}
}
public IActionResult DeleteInvoice(int id, [FromHeader] string token)
{
if (Logins.Verify(token, true) != null)
{
List <Invoice> invoices = Program.db.Query <Invoice>($"SELECT * FROM Invoice WHERE id='{id}';");
if (invoices.Count == 0)
{
return(NotFound());
}
Invoice invoice = invoices.First();
// If it is processed we need to check if it's older than 7 years to conform with regulations.
if (invoice.processedAt.AddYears(7) < DateTime.Now)
{
Program.db.Delete(invoice);
return(Ok());
}
else
{
return(BadRequest("Record cannot be deleted as it's younger than 7 years. To conform with regulations you are only allowed to delete an invoice after 7 years of the processing date."));
}
}
else
{
return(Unauthorized());
}
}
public ActionResult GetInvoiceTotals(int invoiceId, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Invoice> invoices = Program.db.Query <Invoice>($"SELECT * FROM Invoice WHERE id=$1;", new object[] { invoiceId });
if (invoices.Count > 0)
{
Invoice invoice = invoices.Last();
return(Ok((new Dictionary <string, object>()
{
{ "totalPrice", invoice.TotalPrice() },
{ "totalPriceExTax", invoice.TotalPriceExTax() },
{ "totalTax", invoice.TotalTax() },
{ "prettyTotalPrice", invoice.PrettyTotalPrice() },
{ "prettyTotalPriceExVat", invoice.PrettyTotalPriceExTax() },
{ "prettyTotalTax", invoice.PrettyTotalTax() },
})));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult ArchiveContract(string id, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Contract> contracts = Program.db.Query <Contract>($"SELECT * FROM Contract WHERE id='{id}';");
if (contracts.Count > 0)
{
Contract c = contracts.First();
if (c.enabled == false && c.archived == true)
{
Program.db.Delete(c);
return(Ok());
}
else
{
c.archived = true;
c.enabled = false;
Program.db.Update(c);
return(Accepted("archived"));
}
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public IActionResult NewContract([FromBody] Contract contract, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
if (contract.runDay >= 1 && contract.runDay <= 27 && contract.customerId > 0)
{
contract.enabled = true;
if (Program.db.Query <Customer>($"SELECT * FROM Customer WHERE id='{contract.customerId}';").Count == 0)
{
return(BadRequest($"Customer with id {contract.customerId} does not exist!"));
}
if (contract.start.Year == 1)
{
contract.start = DateTime.Now;
}
Program.db.Insert(contract);
return(Ok(contract));
}
else
{
return(BadRequest("Customer initials, family name and email are required fields!"));
}
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Contract> > UpdateContract(string id, [FromBody] Contract update, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Contract> contract = Program.db.Query <Contract>($"SELECT * FROM Contract WHERE id = '{id}';");
if (contract.Count > 0)
{
Contract i = contract.First();
if (update.customerId != 0)
{
if (Program.db.Query <Customer>($"SELECT * FROM Customer WHERE id='{update.customerId}';").Count == 0)
{
return(BadRequest($"Customer with id {update.customerId} does not exist!"));
}
}
if (update.runDay != 0 && update.runDay >= 1 && update.runDay <= 27)
{
i.runDay = update.runDay;
}
if (update.customerId != 0)
{
i.customerId = update.customerId;
}
if (update.period != 0)
{
i.period = update.period;
}
if (update.paymentMethod != 0)
{
i.paymentMethod = update.paymentMethod;
}
if (update.enabled != null)
{
i.enabled = update.enabled;
}
Program.db.Update(i);
return(Ok(i));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Cart> > UpdateCartItemsCount(string id, [FromBody] Dictionary <string, int> items, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id='{id}';");
if (carts.Count > 0)
{
Cart c = carts.First();
List <ItemProperty> cartItems = c.items;
foreach (KeyValuePair <string, int> item in items)
{
// check if the item is already in the cart
if (cartItems.Any(c => c.id == Convert.ToInt32(item.Key)))
{
//if so just add/remove the amount
cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).count += item.Value;
//if we are admin, only then we can accept negative returns.
LoginSession sess = Logins.Verify(token, true);
if (cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).count <= 0)
{
if (sess != null)
{
}
else
{
return(Unauthorized("Only admins are allowed to accept returns."));
}
}
}
else
{
return(NotFound($"Cart does not contain item with id {item.Key}"));
}
}
c.itemsBlob = JsonSerializer.Serialize(cartItems);
Program.db.Update(c);
return(Ok(c));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <User> > GetAll([FromHeader] string token)
{
// Check if user login
if (Logins.Verify(token, true) != null)
{
return(Program.db.Query <User>("SELECT id, displayName, username, isAdmin FROM User WHERE 1;"));
}
else
{
return(Unauthorized());
}
}
public ActionResult UpdateUser(int id, [FromBody] User raw, [FromHeader] string token)
{
// Check if user login
if (Logins.Verify(token, true) != null)
{
// Get the user to delete
User u = Users.getUserById(id);
// Make sure the user has been found
if (u == null)
{
return(NotFound());
}
// Update values of user if they are not null
if (raw.displayName != null)
{
u.displayName = raw.displayName;
}
if (raw.username != null)
{
u.username = raw.username;
}
if (raw.isAdmin != null)
{
u.isAdmin = raw.isAdmin;
}
if (raw.pinCode != null)
{
u.pinCode = raw.pinCode;
}
if (raw.Hash != null)
{
// Update the password
HashSalt hs = Utilities.GenerateSaltedHash(64, raw.Hash);
u.Hash = hs.Hash;
u.Salt = hs.Salt;
}
Program.db.Update(u);
return(Ok());
}
else
{
return(Unauthorized());
}
}
public ActionResult<IEnumerable<Item>> GetItem(string id, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List<Item> items = Items.getItem(id);
if (items.Count > 0)
return items;
else
return NotFound();
}
else
return Unauthorized();
}
public ActionResult<IEnumerable<Item>> GetItemRange(int count, int offset, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List<Item> items = Program.db.Query<Item>($"SELECT * FROM Item LIMIT {count} OFFSET {offset};");
if (items.Count > 0)
return items;
else
return NotFound();
}
else
return Unauthorized();
}
public ActionResult <IEnumerable <Cart> > UpdateCartItems(string id, [FromBody] string[] items, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id='{id}';");
if (carts.Count > 0)
{
Cart c = carts.First();
List <ItemProperty> cartItems = c.items;
foreach (string item in items)
{
// check if the item is already in the cart
if (!cartItems.Any(c => c.id == Convert.ToInt32(item)))
{
//if not so get the item details and add them to the cart while also adding the correct amount
ItemProperty rawItem = Program.db.Query <ItemProperty>($"SELECT * FROM Item WHERE id='{item}';").First();
//if this is null it means we try adding an item that didn't exist
if (rawItem == null)
{
return(NotFound($"Item with id {item} couldn't be found."));
}
//Create a new count property and add it to the cart items.
ItemProperty itemProp = rawItem;
itemProp.count = 1;
itemProp.multiplier = 1;
cartItems.Add(itemProp);
}
}
c.itemsBlob = JsonSerializer.Serialize(cartItems);
Program.db.Update(c);
return(Ok(c));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public IActionResult NewItem([FromBody] Item item, [FromHeader] string token)
{
if (Logins.Verify(token, true) != null)
{
if (!string.IsNullOrEmpty(item.description) && item.margin != 0 && item.price != 0)
{
Program.db.Insert(item);
Program.db.Insert(new ItemStock() { id = item.id, stock = 0 });
return Ok(item);
}
else
return BadRequest("Item description, margin and price are required fields!");
}
else
return Unauthorized();
}
public ActionResult <IEnumerable <Contract> > UpdateContractItemsCount(int id, [FromBody] Dictionary <string, int> items, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Contract> contracts = Program.db.Query <Contract>($"SELECT * FROM Contract WHERE id='{id}';");
if (contracts.Count > 0)
{
Contract c = contracts.First();
List <ItemProperty> contractItems = c.items;
foreach (KeyValuePair <string, int> item in items)
{
// check if the item is already in the contract
if (contractItems.Any(c => c.id == Convert.ToInt32(item.Key)))
{
//if so just add/remove the amount
contractItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).count += item.Value;
//if we have 0 or less added at the moment we will remove it from the contract as we can't sell negatives in contracts
if (contractItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).count <= 0)
{
contractItems.Remove(contractItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)));
}
}
else
{
return(NotFound($"Contract does not contain item with id {item.Key}"));
}
}
c.itemsBlob = JsonSerializer.Serialize(contractItems);
Program.db.Update(c);
return(Ok(c));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult NewCart([FromBody] Cart c, [FromHeader] string token)
{
LoginSession session = Logins.Verify(token);
if (session != null)
{
c.id = Guid.NewGuid().ToString();
Program.db.Insert(c);
session.activeCartId = c.id;
Program.db.Update(session);
return(Ok(c));
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Cart> > UpdateCartItemsMultipliers(string id, [FromBody] Dictionary <string, int> items, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id='{id}';");
if (carts.Count > 0)
{
Cart c = carts.First();
List <ItemProperty> cartItems = c.items;
foreach (KeyValuePair <string, int> item in items)
{
// check if the item is already in the cart
if (cartItems.Any(c => c.id == Convert.ToInt32(item.Key)))
{
//if so just add/remove the amount
cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).multiplier += item.Value;
//If the multiplier is 0 or below we will change it back to 1
if (cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).multiplier <= 0)
{
cartItems.FirstOrDefault(c => c.id == Convert.ToInt32(item.Key)).multiplier = 1;
}
}
else
{
return(NotFound($"Cart does not contain item with id {item.Key}"));
}
}
c.itemsBlob = JsonSerializer.Serialize(cartItems);
Program.db.Update(c);
return(Ok(c));
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult<IEnumerable<Item>> SearchItem([FromBody] string query, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
// Prevent searching everything, else this would causes a major performance hit.
if (string.IsNullOrEmpty(query))
return NotFound();
List<Item> items = Program.db.Query<Item>($"SELECT * FROM Item WHERE barcode LIKE '%{query}%' OR description LIKE '%{query}%' OR supplier LIKE '%{query}%' OR category LIKE '%{query}%';");
if (items.Count > 0)
return items;
else
return NotFound();
}
else
return Unauthorized();
}
public ActionResult ProcessCartToInvoice(string id, [FromHeader] string token)
{
LoginSession sess = Logins.Verify(token);
if (sess != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id=$1;", new object[] { id });
Cart cart = carts.Count > 0 ? carts.Last() : null;
// Check if the cart id actually exists
if (cart == null)
{
return(NotFound());
}
Invoice invoice = new Invoice();
invoice.items = cart.items;
invoice.fields = cart.fields;
invoice.notice = cart.notice;
invoice.paymentMethod = cart.paymentMethod;
invoice.processedAt = DateTime.Now;
invoice.userId = sess.userId;
invoice.customerId = cart.customerId;
// If cart was not a template it means we should delete it once we processed it.
if (cart.isTemplate == false)
{
Program.db.Delete(cart);
}
// Clear the active cart in the session as we processed it.
sess.activeCartId = "";
Program.db.Update(sess);
Program.db.Insert(invoice);
return(Ok(invoice));
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Contract> > GetAllCustomerContracts(string id, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Contract> contracts = Program.db.Query <Contract>($"SELECT * FROM Contract WHERE customerId='{id}';");
if (contracts.Count > 0)
{
return(contracts);
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}
public ActionResult GetCart(string id, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart WHERE id=$1;", new object[] { id });
Cart cart = carts.Count > 0 ? carts.Last() : null;
// Check if the cart id actually exists
if (cart == null)
{
return(NotFound());
}
return(Ok(cart));
}
else
{
return(Unauthorized());
}
}
public ActionResult <IEnumerable <Cart> > GetItemRange(int count, int offset, [FromHeader] string token)
{
if (Logins.Verify(token) != null)
{
List <Cart> carts = Program.db.Query <Cart>($"SELECT * FROM Cart LIMIT $1 OFFSET $2;", new object[] { count, offset });
if (carts.Count > 0)
{
return(carts);
}
else
{
return(NotFound());
}
}
else
{
return(Unauthorized());
}
}