public SecureModule() : base("api/secure")
{
this.RequiresAuthentication();
Get("/", args =>
{
//Context.CurrentUser foi definido pela StatelessAuthentication no pipeline
var identity = this.Context.CurrentUser;
//Retornar as informações seguras em uma resposta json
var userModel = new UserModel(identity.Identity.Name);
return(this.Response.AsJson(new
{
SecureContent = "Aqui está um conteúdo seguro que você só pode ver se você fornecer uma chave correta api",
User = userModel
}));
});
Post("/Usuario/Novo", args =>
{
Tuple <string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]);
return(this.Response.AsJson(new { username = user.Item1 }));
});
}
public Auth() : base("auth")
{
// post route with custom headers
Post("/custom", (args) => {
Console.WriteLine(args);
Console.WriteLine(this.Request.Headers.Authorization);
string xToken = this.Request.Headers["x-token"].FirstOrDefault();
string xKey = this.Request.Headers["x-key"].FirstOrDefault();
var xAuth = this.BindTo(
new
{
XToken = xToken,
XKey = xKey
}
);
return(Response.AsJson(xAuth)
.WithHeader("Foo", "Bar"));
});
Post("/create_user", args =>
{
Tuple <string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]);
return(this.Response.AsJson(new { username = user.Item1 }));
});
// The Post["/login"] method is used mainly to fetch the api key for subsequent calls
Post("/login", args =>
{
var apiKey = UserDatabase.ValidateUser(
(string)this.Request.Form.Username,
(string)this.Request.Form.Password);
return(string.IsNullOrEmpty(apiKey)
? new Response {
StatusCode = HttpStatusCode.Unauthorized
}
: this.Response.AsJson(new { ApiKey = apiKey }));
});
//do something to destroy the api key, maybe?
Delete("/delete/{userId}", args =>
{
var apiKey = (string)this.Request.Form.ApiKey;
UserDatabase.RemoveApiKey(apiKey);
return(new Response {
StatusCode = HttpStatusCode.OK
});
});
}
public UserInfoDTO RegisterUser(UserDTO userDTO)
{
if (userDatabase.IsUserExists(userDTO.Email))
{
throw new UserIsAlreadyExists();
}
else
{
userDTO.HashPassword = PasswordHelper.HashPassword(userDTO.Password);
UserInfoDTO addedUser = userDatabase.CreateUser(userDTO);
return(addedUser);
}
}
//by this time, the api key should have already been pulled out of our querystring
//and, using the api key, an identity assigned to our NancyContext
public SecureModule() : base("secure")
{
this.RequiresAuthentication();
Get("/", args =>
{
//Context.CurrentUser was set by StatelessAuthentication earlier in the pipeline
var identity = this.Context.CurrentUser;
//return the secure information in a json response
var userModel = new User(identity.Identity.Name);
return(this.Response.AsJson(new
{
SecureContent = "here's some secure content that you can only see if you provide a correct apiKey",
User = userModel
}));
});
Post("/create_user", args =>
{
Tuple <string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]);
return(this.Response.AsJson(new { username = user.Item1 }));
});
}
