public IActionResult Put(string id, [FromBody] ApiResource apiResource)
{
var is4ApiResource = apiResource.ToIs4ApiResource();
return(ValidateAndExecute(is4ApiResource, () =>
{
if (!string.Equals(id, apiResource.Name))
{
return CreateFailureResponse(
"The ApiResource Name in the request URL path must match the ApiResource Name in the request body.", HttpStatusCode.BadRequest);
}
var storedApiResource = _apiResourceStore.GetResource(id);
if (string.IsNullOrEmpty(storedApiResource?.Name))
{
return CreateFailureResponse($"The specified api resource with id:{id} was not found",
HttpStatusCode.NotFound);
}
// Prevent from changing secrets.
is4ApiResource.ApiSecrets = storedApiResource.ApiSecrets;
// Prevent from changing payload Name.
is4ApiResource.Name = id;
_apiResourceStore.UpdateResource(id, is4ApiResource);
return NoContent();
}));
}
public IActionResult Post([FromBody] ApiResource apiResource)
{
var is4ApiResource = apiResource.ToIs4ApiResource();
return(ValidateAndExecute(is4ApiResource, () =>
{
var existingResource = _apiResourceStore.GetResource(apiResource.Name);
if (existingResource != null)
{
return CreateFailureResponse(
$"Api resource {apiResource.Name} already exists. Please provide a new name",
HttpStatusCode.Conflict);
}
// override any secret in the request.
// TODO: we need to implement a salt strategy, either at the controller level or store level.
var resourceSecret = GeneratePassword();
is4ApiResource.ApiSecrets = new List <IS4.Secret> {
GetNewSecret(resourceSecret)
};
_apiResourceStore.AddResource(is4ApiResource);
var viewResource = is4ApiResource.ToApiResourceViewModel();
viewResource.ApiSecret = resourceSecret;
return CreatedAtAction("Get", new { id = apiResource.Name }, viewResource);
}, $"{FabricIdentityConstants.ValidationRuleSets.ApiResourcePost},{FabricIdentityConstants.ValidationRuleSets.Default}"));
}