public async Task <IActionResult> GetJournalEntries([FromHeader] string token)
{
var verifiedToken = _jwtHandler.VerifyToken(token);
if (verifiedToken == null)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get journal entries action", false, "Unauthorized"));
await _context.SaveChangesAsync();
return(Unauthorized());
}
if (verifiedToken.Payload["role"].ToString() != "Admin")
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get journal entries action", false,
verifiedToken.Payload["user"].ToString()));
await _context.SaveChangesAsync();
return(BadRequest("Access denied"));
}
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get journal entries action", true,
verifiedToken.Payload["user"].ToString()));
await _context.SaveChangesAsync();
return(Ok(_context.Journals));
}
public ObjectResult Authorize([FromBody] UserAuthModel userModel)
{
if (!ModelState.IsValid)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Authorize", false, "Unauthorized"));
_context.SaveChanges();
return(new BadRequestObjectResult(ModelState));
}
var user = _context.Users.FirstOrDefault(c => c.Email == userModel.Email && c.Password == userModel.Password);
if (user == null)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Authorize", false, "Unauthorized"));
_context.SaveChanges();
return(new BadRequestObjectResult("Invalid credentials"));
}
List <Claim> claims = new List <Claim>();
claims.Add(new Claim("user", user.Id.ToString()));
claims.Add(new Claim("role", user.Status.ToString()));
var accessToken = _jwtHandler.GenerateToken(claims);
var tokenString = $"{accessToken.EncodedHeader}.{accessToken.EncodedPayload}.{accessToken.RawSignature}";
user.Modified = DateTime.Now;
_context.Update(user);
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Authorize", true, user.Id.ToString()));
_context.SaveChanges();
return(new OkObjectResult(tokenString));
}
public async Task <IActionResult> GetNote([FromHeader] string token, [FromRoute] int id)
{
int user = GetUser(token);
if (user == -1)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get note", false, "Unauthorized"));
await _context.SaveChangesAsync();
return(Unauthorized());
}
if (!ModelState.IsValid)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get note", false, user.ToString()));
await _context.SaveChangesAsync();
return(BadRequest(ModelState));
}
var note = await _context.Notes.SingleOrDefaultAsync(m => m.Id == id && m.UserId == user);
if (note == null)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get note", false, user.ToString()));
await _context.SaveChangesAsync();
return(NotFound());
}
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get note", true, user.ToString()));
await _context.SaveChangesAsync();
return(Ok(note));
}
public async Task <IActionResult> PostNote([FromHeader] string token, [FromBody] NoteViewModel note)
{
int user = GetUser(token);
if (user == -1)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Post note", false, "Unauthorized"));
await _context.SaveChangesAsync();
return(Unauthorized());
}
if (!ModelState.IsValid)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Post note", false, user.ToString()));
await _context.SaveChangesAsync();
return(BadRequest(ModelState));
}
var dbNote = new Note {
Title = note.Title,
Content = note.Content,
Created = DateTime.Now,
UserId = user
};
_context.Notes.Add(dbNote);
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Post note", true, user.ToString()));
await _context.SaveChangesAsync();
return(Ok(dbNote));
}
public ObjectResult GetNotes([FromHeader] string token)
{
int user = GetUser(token);
if (user == -1)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get notes", false, "Unauthorized"));
_context.SaveChanges();
return(new NotFoundObjectResult("Unauthorized!"));
}
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Get notes", true, user.ToString()));
_context.SaveChanges();
return(new OkObjectResult(_context.Notes.Where(note => note.UserId == user)));
}
public async Task <IActionResult> PutNote([FromHeader] string token, [FromBody] NoteViewModel note)
{
int user = GetUser(token);
if (user == -1)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Put note", false, "Unauthorized"));
await _context.SaveChangesAsync();
return(Unauthorized());
}
if (!ModelState.IsValid)
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Put note", false, user.ToString()));
await _context.SaveChangesAsync();
return(BadRequest(ModelState));
}
var dbNote = await _context.Notes.SingleOrDefaultAsync(m => m.Id == note.Id& m.UserId == user);
dbNote.Modified = DateTime.Now;
dbNote.Title = note.Title;
dbNote.Content = note.Content;
_context.Entry(dbNote).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!NoteExists(dbNote.Id, user))
{
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Put note", false, user.ToString()));
return(NotFound());
}
else
{
throw;
}
}
_context.Journals.Add(JournalEntryBuilder.CreateEntry("Put note", true, user.ToString()));
await _context.SaveChangesAsync();
return(Ok());
}
