private JsonDictionaryStringConstructor WritePartsRequestToOutput(PartsRequest request, MySqlDataManipulator manipulator, int companyId) { JsonDictionaryStringConstructor ret = new JsonDictionaryStringConstructor(); var user = manipulator.GetUserById(request.UserId); if (user == null) { ret.SetMapping("DisplayName", "defaultUser"); } else { List <UserSettingsEntry> entries = JsonDataObjectUtil <List <UserSettingsEntry> > .ParseObject(user.Settings); ret.SetMapping("DisplayName", entries.Where(entry => entry.Key.Equals(UserSettingsEntryKeys.DisplayName)).First().Value); } List <int> referencedParts = JsonDataObjectUtil <List <int> > .ParseObject(request.ReferencedParts); JsonListStringConstructor partsConstructor = new JsonListStringConstructor(); foreach (int i in referencedParts) { var part = manipulator.GetPartCatalogueEntryById(companyId, i); if (part == null) { continue; } partsConstructor.AddElement(part.PartId); } ret.SetMapping("ReferencedParts", partsConstructor); ret.SetMapping("JobId", request.JobId); ret.SetMapping("Id", request.Id); return(ret); }
private static JsonListStringConstructor ConstructOptionsString(IEnumerable <string> options) { JsonListStringConstructor constructor = new JsonListStringConstructor(); foreach (string s in options) { constructor.AddElement(s); } return(constructor); }
/// <summary> /// GET request format located in the Web Api Enumeration v2 /// under the tab Company/Parts/Request, starting row 23 /// </summary> /// <param name="ctx">HttpListenerContext to respond to</param> private void HandleGetRequest(HttpListenerContext ctx, CompanyPartsRequestGetRequest entry) { try { MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } if (!UserVerificationUtil.AuthTokenValid(mappedUser, entry.AuthToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Auth token was ezpired or incorrect"); return; } if ((mappedUser.AccessLevel & AccessLevelMasks.PartMask) == 0) { WriteBodyResponse(ctx, 401, "Not Authorized", "User was not a parts level user"); return; } #endregion #region Action Handling JsonListStringConstructor retConstructor = new JsonListStringConstructor(); List <PartsRequest> requests = connection.GetPartsRequests(mappedUser.Company); requests.ForEach(req => retConstructor.AddElement(WritePartsRequestToOutput(req, connection, mappedUser.Company))); WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString()); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }
/// <summary> /// Attempts to return a list of the top 3 most similar complaint groups from the database /// </summary> /// <param name="entryIn">The query to predict the most similar complaint groups of</param> /// <param name="manipulator">The object to use to access the database</param> /// <param name="companyId">The id of the company the request is being made for. Determines which tables to use in the database</param> /// <returns>Json formatted string that contains the top 3 complaint groups that are most similar to the query made, and their database ids</returns> public string ProcessQueryForComplaintGroups(RepairJobEntry entryIn, MySqlDataManipulator manipulator, int companyId, int numGroupsRequested = 3) { List <string> tokens = SentenceTokenizer.TokenizeSentence(entryIn.Complaint); List <List <string> > taggedTokens = KeywordTagger.Tag(tokens); List <string> keywords = KeywordPredictor.PredictKeywords(taggedTokens); KeywordExample example = new KeywordExample(); foreach (string keyword in keywords) { example.AddKeyword(keyword); } KeywordClusterer.Load(manipulator, companyId); List <int> groups = KeywordClusterer.PredictTopNSimilarGroups(example, numGroupsRequested); List <KeywordGroupEntry> companyComplaintGroups = manipulator.GetCompanyComplaintGroups(companyId); if (companyComplaintGroups == null) { throw new NullReferenceException("Company " + companyId + " complaint groups were not available in database"); } List <KeywordGroupEntry> ret = new List <KeywordGroupEntry>(); bool uncategorizedAdded = false; foreach (int i in groups) { if (i == 0 && !uncategorizedAdded) { ret.Add(new KeywordGroupEntry("Uncategorized") { Id = 0 }); uncategorizedAdded = true; } else if (i != 0) { companyComplaintGroups[i - 1].Id = i; ret.Add(companyComplaintGroups[i - 1]); } } JsonListStringConstructor constructor = new JsonListStringConstructor(); ret.ForEach(obj => constructor.AddElement(ConvertKeywordGroupEntry(obj))); return(constructor.ToString()); JsonDictionaryStringConstructor ConvertKeywordGroupEntry(KeywordGroupEntry e) { JsonDictionaryStringConstructor r = new JsonDictionaryStringConstructor(); r.SetMapping("GroupDefinition", e.GroupDefinition); r.SetMapping("Id", e.Id); return(r); } }
public string ProcessQueryForSimilarQueriesArchive(RepairJobEntry entryIn, MySqlDataManipulator manipulator, int companyId, int problemGroupId, int numRequested, int offset = 0) { List <string> tokens = SentenceTokenizer.TokenizeSentence(entryIn.Problem); List <List <string> > taggedTokens = KeywordTagger.Tag(tokens); List <string> keywords = KeywordPredictor.PredictKeywords(taggedTokens); KeywordExample example = new KeywordExample(); foreach (string keyword in keywords) { example.AddKeyword(keyword); } KeywordClusterer.Load(manipulator, companyId); List <int> groups = KeywordClusterer.PredictTopNSimilarGroups(example, 3); entryIn.ComplaintGroups = "[" + string.Join(',', groups) + "]"; List <RepairJobEntry> potentials = manipulator.GetDataEntriesByProblemGroup(companyId, problemGroupId); List <EntrySimilarity> ret = ProblemPredictor.GetQueryResults(entryIn, potentials, numRequested, offset); JsonListStringConstructor retConstructor = new JsonListStringConstructor(); ret.ForEach(obj => retConstructor.AddElement(ConvertEntrySimilarity(obj))); return(retConstructor.ToString()); JsonDictionaryStringConstructor ConvertEntrySimilarity(EntrySimilarity e) { JsonDictionaryStringConstructor r = new JsonDictionaryStringConstructor(); r.SetMapping("Make", e.Entry.Make); r.SetMapping("Model", e.Entry.Model); r.SetMapping("Complaint", e.Entry.Complaint); r.SetMapping("Problem", e.Entry.Problem); if (e.Entry.Year == -1) { r.SetMapping("Year", "Unknown"); } else { r.SetMapping("Year", e.Entry.Year); } r.SetMapping("Id", e.Entry.Id); r.SetMapping("Difference", e.Difference); return(r); } }
private JsonDictionaryStringConstructor WritePartsListRequestToOutput(RequirementAdditionRequest request, MySqlDataManipulator connection, int companyId) { JsonDictionaryStringConstructor ret = new JsonDictionaryStringConstructor(); var user = connection.GetUserById(request.UserId); if (user == null) { ret.SetMapping("DisplayName", "Unknown User"); } else { List <UserSettingsEntry> userSettings = JsonDataObjectUtil <List <UserSettingsEntry> > .ParseObject(user.Settings); ret.SetMapping("DisplayName", userSettings.Where(entry => entry.Key.Equals(UserSettingsEntryKeys.DisplayName)).First().Value); } var part = connection.GetPartCatalogueEntryById(companyId, int.Parse(request.RequestedAdditions)); if (part == null) { ret.SetMapping("RequestedAdditions", "Unknown Part"); } else { ret.SetMapping("RequestedAdditions", part.PartId); } JsonListStringConstructor partsConstructor = new JsonListStringConstructor(); var job = connection.GetDataEntryById(companyId, request.ValidatedDataId); if (job == null) { ret.SetMapping("JobId", "Unknown"); } else { ret.SetMapping("JobId", job.JobId); } ret.SetMapping("Id", request.Id); return(ret); }
/// <summary> /// GET request format located in the Web Api Enumeration v2 /// under the tab Company/Parts, starting row 72 /// </summary> /// <param name="ctx">HttpListenerContext to respond to</param> private void HandleGetRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } CompanyPartsApiGetRequest entry = JsonDataObjectUtil <CompanyPartsApiGetRequest> .ParseObject(ctx); if (!ValidateGetRequest(entry)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } if (!UserVerificationUtil.AuthTokenValid(mappedUser, entry.AuthToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Auth token was ezpired or incorrect"); return; } if ((mappedUser.AccessLevel & AccessLevelMasks.PartMask) == 0) { WriteBodyResponse(ctx, 401, "Not Autherized", "Not marked as a Parts User"); return; } #endregion #region Get Parts List List <PartCatalogueEntry> catelogue = connection.GetPartCatalogueEntries(mappedUser.Company); JsonListStringConstructor retConstructor = new JsonListStringConstructor(); catelogue.ForEach(part => retConstructor.AddElement(WritePartCatelogueEntryToOutput(part))); WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString()); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }
/// <summary> /// GET request format located in the Web Api Enumeration v2 /// under the tab Company/Forum, starting row 49 /// </summary> /// <param name="ctx">HttpListenerContext to respond to</param> private void HandleGetRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } CompanyForumApiGetRequest entry = JsonDataObjectUtil <CompanyForumApiGetRequest> .ParseObject(ctx); if (!ValidateGetRequest(entry)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion //Otherwise we have a valid entry, validate user MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected ServerError", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } CompanySettingsEntry isPublicSetting = connection.GetCompanySettingsWhere(entry.CompanyId, "SettingKey=\"" + CompanySettingsKey.Public + "\"")[0]; bool isPublic = bool.Parse(isPublicSetting.SettingValue); if (!isPublic && mappedUser.Company != entry.CompanyId) { WriteBodyResponse(ctx, 401, "Not Authorized", "Cannot access other company's private data"); return; } #endregion #region Get Forum RepairJobEntry forumEntry = connection.GetDataEntryById(entry.CompanyId, entry.JobEntryId); if (forumEntry == null) { WriteBodyResponse(ctx, 404, "Not Found", "Job Data Entry was not found on the server"); return; } JsonListStringConstructor returnListConstructor = new JsonListStringConstructor(); JsonDictionaryStringConstructor repairJobConstructor = new JsonDictionaryStringConstructor(); repairJobConstructor.SetMapping("Make", forumEntry.Make); repairJobConstructor.SetMapping("Model", forumEntry.Model); if (forumEntry.Year == -1) { repairJobConstructor.SetMapping("Year", "Unknown"); } else { repairJobConstructor.SetMapping("Year", forumEntry.Year); } repairJobConstructor.SetMapping("Complaint", forumEntry.Complaint); repairJobConstructor.SetMapping("Problem", forumEntry.Problem); RequirementsEntry repairJobRequirements = RequirementsEntry.ParseJsonString(forumEntry.Requirements); List <string> auxillaryRequirements = new List <string>(repairJobRequirements.Auxillary.Select(req => req.Requirement)); repairJobConstructor.SetMapping("AuxillaryRequirements", auxillaryRequirements); repairJobConstructor.SetMapping("PartRequirements", repairJobRequirements.Parts); repairJobConstructor.SetMapping("SafetyRequirements", repairJobRequirements.Safety); returnListConstructor.AddElement(repairJobConstructor); List <UserToTextEntry> forumPosts = connection.GetForumPosts(mappedUser.Company, entry.JobEntryId); if (forumPosts == null) { WriteBodylessResponse(ctx, 404, "Not Found"); return; } forumPosts.ForEach(post => returnListConstructor.AddElement(ConvertForumPostToJson(post, connection))); WriteBodyResponse(ctx, 200, "OK", returnListConstructor.ToString(), "application/json"); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }
private void HandlePostRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Invalid Format", "Request did not contain a body"); return; } UsableCompanyListRetrieveRequest entry = JsonDataObjectUtil <UsableCompanyListRetrieveRequest> .ParseObject(ctx); if (entry == null) { WriteBodylessResponse(ctx, 400, "Invalid Format"); return; } if (!ValidateUsableRetrieveRequest(entry)) { WriteBodyResponse(ctx, 400, "Invalid Format", "One or more fields contained an invalid value or were missing"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } #endregion #region Post CompanyList List <CompanyId> companies = connection.GetPublicCompanies(); CompanyId userCompany = connection.GetCompanyById(mappedUser.Company); if (companies == null) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occured while retrieving companies: " + connection.LastException.Message); return; } if (!companies.Contains(userCompany)) { companies.Add(userCompany); } JsonListStringConstructor retConstructor = new JsonListStringConstructor(); companies.ForEach(req => retConstructor.AddElement(WriteCompanyIdToOutput(req))); WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString()); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }
/// <summary> /// PATCH request format located in the Web Api Enumeration v2 /// under the tab Company/Partslists/Request, starting row 95 /// </summary> /// <param name="ctx">HttpListenerContext to respond to</param> private void HandlePatchRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } string reqStr; using (var reader = new StreamReader(ctx.Request.InputStream)) { reqStr = reader.ReadToEnd(); } CompanyPartsListsRequestApiPatchRequest entry = JsonDataObjectUtil <CompanyPartsListsRequestApiPatchRequest> .ParseObject(reqStr); if (!ValidatePatchRequest(entry)) { CompanyPartsListsRequestApiDeleteRequest entry2 = JsonDataObjectUtil <CompanyPartsListsRequestApiDeleteRequest> .ParseObject(reqStr); if (entry2 != null && ValidateDeleteRequest(entry2)) { HandleDeleteRequest(ctx, entry2); return; } WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } if (!UserVerificationUtil.AuthTokenValid(mappedUser, entry.AuthToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Auth token was ezpired or incorrect"); return; } if ((mappedUser.AccessLevel & AccessLevelMasks.PartMask) == 0) { WriteBodyResponse(ctx, 401, "Not Authorized", "User was not a parts level user"); return; } #endregion #region Action Handling var request = connection.GetPartsListAdditionRequestById(mappedUser.Company, entry.RequestId); if (request == null) { WriteBodyResponse(ctx, 404, "Not Found", "The requested request was not found"); return; } List <int> requestedParts = JsonDataObjectUtil <List <int> > .ParseObject(request.RequestedAdditions); if (entry.RequirementId >= requestedParts.Count) { WriteBodyResponse(ctx, 404, "Not Found", "The requested part to change was not found"); return; } requestedParts[entry.RequirementId] = entry.PartsRequirement; JsonListStringConstructor editConstructor = new JsonListStringConstructor(); foreach (int i in requestedParts) { editConstructor.AddElement(i); } request.RequestedAdditions = editConstructor.ToString(); if (!connection.UpdatePartsListAdditionRequest(mappedUser.Company, request)) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occurred while attempting to update request: " + connection.LastException.Message); return; } WriteBodylessResponse(ctx, 200, "OK"); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }
private void HandlePutRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } ArchiveApiPutRequest req = JsonDataObjectUtil <ArchiveApiPutRequest> .ParseObject(ctx); if (!ValidatePutRequest(req)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region Validate User OverallUser mappedUser = connection.GetUserById(req.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, req.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } CompanySettingsEntry isPublicSetting = connection.GetCompanySettingsWhere(req.CompanyId, "SettingKey=\"" + CompanySettingsKey.Public + "\"")[0]; bool isPublic = bool.Parse(isPublicSetting.SettingValue); if (!isPublic && mappedUser.Company != req.CompanyId) { WriteBodyResponse(ctx, 401, "Not Authorized", "Cannot access other company's private data"); return; } #endregion UserSettingsEntry numPredictionsRequested = JsonDataObjectUtil <List <UserSettingsEntry> > .ParseObject(mappedUser.Settings).FirstOrDefault(entry => entry.Key.Equals(UserSettingsEntryKeys.ArchiveQueryResults)); if (numPredictionsRequested == null) { WriteBodyResponse(ctx, 500, "Internal Server Error", "User did not contain a setting with a key " + UserSettingsEntryKeys.ArchiveQueryResults); return; } int numRequested = int.Parse(numPredictionsRequested.Value); #region Input sanitation string whereString = ""; bool addedWhere = false; if (req.Entry.Complaint != null) { if (!PerformSanitization(req.Entry.Complaint)) { return; } whereString += " Complaint like \"%" + req.Entry.Complaint + "%\""; addedWhere = true; } if (req.Entry.Problem != null) { if (!PerformSanitization(req.Entry.Problem)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Problem like \"%" + req.Entry.Problem + "%\""; addedWhere = true; } if (req.Entry.Make != null) { if (!PerformSanitization(req.Entry.Make)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Make like \"%" + req.Entry.Make + "%\""; addedWhere = true; } if (req.Entry.Model != null) { if (!PerformSanitization(req.Entry.Model)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Model like \"%" + req.Entry.Model + "%\""; addedWhere = true; } if (req.Entry.Year != 0) { if (addedWhere) { whereString += " and"; } whereString += " Year =" + req.Entry.Year; addedWhere = true; } #endregion if (!addedWhere) { WriteBodyResponse(ctx, 400, "Bad Request", "No fields in the request's entry were filled"); return; } List <RepairJobEntry> entries = connection.GetDataEntriesWhere(req.CompanyId, whereString, true); JsonListStringConstructor retConstructor = new JsonListStringConstructor(); try { entries.ForEach(entry => retConstructor.AddElement(ConvertEntry(entry))); } catch (NullReferenceException) { WriteBodyResponse(ctx, 200, "OK", "[]", "application/json"); return; } WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString(), "application/json"); bool PerformSanitization(string queryIn) { if (queryIn.Contains('`')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the single quote character, which is disallowed due to MySQL injection attacks"); return(false); } return(true); } } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occurred during processing of request: " + e.Message); } }
/// <summary> /// GET request format located in the Web Api Enumeration v2 /// under the tab Company/Settings, starting row 1 /// </summary> /// <param name="ctx">HttpListenerContext to respond to</param> private void HandlePutRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "No Body", "Request lacked a body"); return; } CompanySettingsApiPutRequest entry = JsonDataObjectUtil <CompanySettingsApiPutRequest> .ParseObject(ctx); if (entry == null) { WriteBodyResponse(ctx, 400, "Incorrect Format", "Request was in the wrong format"); return; } if (!ValidatePutRequest(entry)) { WriteBodyResponse(ctx, 400, "Incorrect Format", "Not all fields in the request were filled"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected ServerError", "Connection to database failed"); return; } #region User Validation var user = connection.GetUserById(entry.UserId); if (user == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on the server"); return; } #endregion #region Action Handling List <CompanySettingsEntry> entries = connection.GetCompanySettings(user.Company); if (entries == null) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occured while retrieving settings: " + connection.LastException.Message); return; } JsonListStringConstructor retConstructor = new JsonListStringConstructor(); entries.ForEach(obj => retConstructor.AddElement(WriteSettingToOutput(obj))); WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString()); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occurred while processing request: " + e.Message); } }
/// <summary> /// Request for adding a repair job entry. Documention is found in the Web API Enumeration file /// in the /RepairJob tab, starting at row 1 /// </summary> /// <param name="ctx">The HttpListenerContext to respond to</param> private void HandlePostRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } RepairJobApiRequest entry = JsonDataObjectUtil <RepairJobApiRequest> .ParseObject(ctx); if (!ValidateFullRequest(entry)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion //Otherwise we have a valid entry, validate user MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected ServerError", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(entry.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, entry.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } if (!UserVerificationUtil.AuthTokenValid(mappedUser, entry.AuthToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Auth token was expired or incorrect"); return; } #endregion #region Input Sanitation if (entry.ContainedEntry.Complaint.Contains('<')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the < character, which is disallowed due to cross site scripting attacks"); return; } if (entry.ContainedEntry.Problem.Contains('<')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the < character, which is disallowed due to cross site scripting attacks"); return; } if (entry.ContainedEntry.Make.Contains('<')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the < character, which is disallowed due to cross site scripting attacks"); return; } if (entry.ContainedEntry.Model.Contains('<')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the < character, which is disallowed due to cross site scripting attacks"); return; } if (entry.ContainedEntry.JobId.Contains('<')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the < character, which is disallowed due to cross site scripting attacks"); return; } #endregion #region Action Handling #region Forced Upload if (!(entry.Duplicate == 0)) { //Now that we know the user is good, actually do the addition. res = connection.AddDataEntry(mappedUser.Company, entry.ContainedEntry); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", connection.LastException.Message); return; } WriteBodylessResponse(ctx, 200, "OK"); } #endregion else { //test if there exists similar string whereString = "Make =\"" + entry.ContainedEntry.Make + "\" AND " + "Model =\"" + entry.ContainedEntry.Model + "\""; //whereString += "AND"+entry.ContainedEntry.Year+">="+(entry.ContainedEntry.Year-2)+"AND"+entry.ContainedEntry.Year+"<="+(entry.ContainedEntry.Year+2); List <RepairJobEntry> dataCollectionsWhere = connection.GetDataEntriesWhere(mappedUser.Company, whereString, true); List <RepairJobEntry> data2 = connection.GetDataEntriesWhere(mappedUser.Company, whereString, false); foreach (RepairJobEntry x in data2) { dataCollectionsWhere.Add(x); } #region No Similar Jobs //if none force through if (dataCollectionsWhere.Count == 0) { res = connection.AddDataEntry(mappedUser.Company, entry.ContainedEntry); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", connection.LastException.Message); return; } WriteBodylessResponse(ctx, 200, "OK"); } #endregion #region Similar Jobs Return //if yes 409 with similar jobs else { JsonListStringConstructor retConstructor = new JsonListStringConstructor(); List <EntrySimilarity> ret = getSimilar(entry.ContainedEntry, dataCollectionsWhere, 3); if (ret.Count == 0) { res = connection.AddDataEntry(mappedUser.Company, entry.ContainedEntry); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", connection.LastException.Message); return; } WriteBodylessResponse(ctx, 200, "OK"); } ret.ForEach(obj => retConstructor.AddElement(ConvertEntrySimilarity(obj))); WriteBodyResponse(ctx, 409, "Conflict", retConstructor.ToString(), "application/json"); JsonDictionaryStringConstructor ConvertEntrySimilarity(EntrySimilarity e) { JsonDictionaryStringConstructor r = new JsonDictionaryStringConstructor(); r.SetMapping("Make", e.Entry.Make); r.SetMapping("Model", e.Entry.Model); r.SetMapping("Complaint", e.Entry.Complaint); r.SetMapping("Problem", e.Entry.Problem); if (e.Entry.Year == -1) { r.SetMapping("Year", "Unknown"); } else { r.SetMapping("Year", e.Entry.Year); } r.SetMapping("Id", e.Entry.Id); return(r); } } #endregion } #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", e.Message); } }