public IHttpActionResult PostUser([FromBody] Login login)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = _db.Users.FirstOrDefault(x => x.Account == login.Account);
if (user == null)
{
return(Ok(false));
}
var password = Salt.GenerateHashWithSalt(login.Password, user.PasswordSalt);
var user2 = _db.Users.FirstOrDefault(x => x.Account == login.Account && x.Password == password);
if (user2 == null)
{
return(Ok(false));
}
var jwtAuth = new JwtToken();
var token = jwtAuth.GenerateToken(user2.Id);
return(Ok(new
{
user2.Id,
user2.Nickname,
user2.Picture,
token
}));
}
public IHttpActionResult PutUser(int id, [FromBody] User newUser)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if ((permission & 1) <= 0)
{
return(BadRequest("權限不足"));
}
if (tokenId != id)
{
return(BadRequest("使用者錯誤"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = _db.Users.Find(id);
user.PasswordSalt = Salt.CreateSalt();
user.Password = Salt.GenerateHashWithSalt(newUser.Password, user.PasswordSalt);
user.Nickname = newUser.Nickname ?? user.Nickname;
user.Name = newUser.Name ?? user.Name;
user.Picture = newUser.Picture ?? user.Picture;
user.Email = newUser.Email ?? user.Email;
user.Phone = newUser.Phone ?? user.Phone;
user.Birthday = user.Birthday;
_db.Entry(user).State = EntityState.Modified;
try
{
_db.SaveChanges();
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
return(Ok(id));
}
public IHttpActionResult PostUser([FromBody] User user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (_db.Users.FirstOrDefault(data => data.Account == user.Account) != null)
{
return(BadRequest("帳號已存在"));
}
user.PasswordSalt = Salt.CreateSalt();
user.Password = Salt.GenerateHashWithSalt(user.Password, user.PasswordSalt);
user.Permission = 127;
_db.Users.Add(user);
try
{
_db.SaveChanges();
return(Ok(user.Id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
