public Dictionary <string, dynamic> RemoveItemFromCart([FromBody] SimpleInt id)
{
using (var context = new DbContext())
{
var session = _accountService.ValidateSession(Request.Cookies, context);
if (session == null)
{
Response.StatusCode = 401; // Unauthorised
return(null);
}
var itemToRemove =
context.CartItems.FirstOrDefault(x => x.SessionId == session.Id && x.ItemId == id.Value);
if (itemToRemove == null)
{
// Item does not exist or has already been removed
Response.StatusCode = 404;
return(null);
}
context.CartItems.Remove(itemToRemove);
context.SaveChanges();
return(GetItemsInCart());
}
}
public Dictionary <string, string> ChangeName([FromBody] Dictionary <string, string> request)
{
using (var context = new DbContext())
{
var obj = new Dictionary <string, string>();
var customer = _accountService.ValidateCustomerSession(Request.Cookies, context);
var seller = _accountService.ValidateSellerSession(Request.Cookies, context);
if (customer != null)
{
customer.FirstName = request["firstName"];
customer.LastName = request["lastName"];
}
else if (seller != null)
{
seller.Name = request["name"];
}
else
{
obj["error"] = "Invalid session. Please refresh the page, and try again.";
return(obj);
}
context.SaveChanges();
return(obj);
}
}
public Dictionary <string, dynamic> AddItemToCart([FromBody] SimpleInt id)
{
using (var context = new DbContext())
{
var session = _accountService.ValidateSession(Request.Cookies, context);
if (session == null)
{
Response.StatusCode = 401; // Unauthorised
return(null);
}
// If item does not exist, don't add it.
if (context.Items.FirstOrDefault(x => x.Id == id.Value && !x.Hidden) == null)
{
Response.StatusCode = 404; // Not found
return(null);
}
context.CartItems.Add(new CartItem
{
SessionId = session.Id,
ItemId = id.Value
});
context.SaveChanges();
return(GetItemsInCart());
}
}
public void RemoveItem([FromBody] SimpleInt simpleInt)
{
using (var context = new DbContext())
{
var item = context.Items.First(x => x.Id == simpleInt.Value);
// Check if the user is a seller.
var seller = _accountService.ValidateSellerSession(Request.Cookies, context);
var admin = _accountService.ValidateAdminSession(Request.Cookies, context);
// If user is not a seller or admin, return.
if (seller == null && admin == false)
{
Response.StatusCode = 403;
return;
}
// Do not let a seller remove the item if they are not the owner of the item.
if (!admin && item.SellerId != seller.Id)
{
Response.StatusCode = 403;
return;
}
item.Hidden = true;
context.SaveChanges();
}
}
public Item CreateItem([FromBody] NewItemForm form)
{
form.Price = form.Price.Replace("$", "");
using (var context = new DbContext())
{
var seller = _accountService.ValidateSellerSession(Request.Cookies, context);
if (seller == null)
{
Response.StatusCode = 403;
return(null);
}
var item = context.Items.Add(new Item
{
Description = form.Description,
Name = form.Name,
Price = decimal.Parse(form.Price),
SellerId = seller.Id,
ImageURL = form.ImageURL,
Hidden = false,
Purchases = 0
});
context.SaveChanges();
return(item.Entity);
}
}
public void RemoveAccount()
{
using (var context = new DbContext())
{
var account = _accountService.ValidateAccountSession(Request.Cookies, context);
context.Accounts.Remove(account);
context.SaveChanges();
}
}
public Item GetItem([FromQuery] int id)
{
using (var context = new DbContext())
{
var item = context.Items
.Include(x => x.Seller)
.First(x => x.Id == id && !x.Hidden);
if (item.Views == null)
{
item.Views = 0;
}
item.Views++;
context.SaveChanges();
return(item);
}
}
public Dictionary <string, dynamic> GetItemsInCart()
{
var obj = new Dictionary <string, dynamic>();
using (var context = new DbContext())
{
var session = _accountService.ValidateSession(Request.Cookies, context);
if (session == null)
{
Response.StatusCode = 401; // Unauthorised
return(null);
}
var cartItems = context.CartItems
.Where(x => x.SessionId == session.Id)
.Include(x => x.Item);
// If there are any hidden mostViewed in the cart, remove them before returning the mostViewed.
var itemsToRemove = cartItems.Where(x => x.Item.Hidden);
if (!itemsToRemove.IsNullOrEmpty())
{
context.CartItems.RemoveRange(itemsToRemove);
context.SaveChanges();
if (itemsToRemove.Count() == 1)
{
obj["warning"] = "An item in your cart has been removed, as it is no longer available.";
}
else
{
obj["warning"] =
"Some mostViewed in your cart have been removed, as they are no longer available.";
}
}
var items = cartItems
.Select(cartItem => cartItem.Item)
.Where(x => !x.Hidden)
.Include(x => x.Seller)
.ToList();
obj["mostViewed"] = items;
return(obj);
}
}
public Dictionary <string, string> ChangeEmail([FromBody] Dictionary <string, string> request)
{
using (var context = new DbContext())
{
var obj = new Dictionary <string, string>();
// Validate the user's old email and password
var account = _accountService.ValidateCredentials(request["oldEmail"], request["password"], context);
var session = _accountService.ValidateSession(Request.Cookies, context);
if (account == null || account.Id != session.AccountId)
{
obj["error"] = "Invalid credentials.";
Response.StatusCode = 403;
return(obj);
}
var newEmail = request["newEmail"];
if (!_accountService.IsEmailValid(newEmail))
{
obj["error"] = "Invalid email.";
Response.StatusCode = 403;
return(obj);
}
// Set the new email
account.Email = newEmail;
// Set the new password hash
var newHash = _accountService.HashPassword(request["password"], account);
account.PasswordHash = newHash;
// Reset session token (log user out everywhere)
context.Sessions.Find(account.SessionId).Token = _accountService.CreateSessionToken();
context.SaveChanges();
// Log the user out
ClearCookies();
return(obj);
}
}
public async Task <Dictionary <string, dynamic> > CapturePaypalOrder([FromQuery] string orderId)
{
using (var context = new DbContext())
{
// Refuse capture if customer is not properly authenticated
var customer = _accountService.ValidateCustomerSession(Request.Cookies, context, true);
if (customer == null)
{
Response.StatusCode = 401; // Unauthorised
return(null);
}
// Refuse capture if
// Capture funds through Paypal
var order = await _paypalService.CaptureOrder(orderId);
// Create transaction object
var transaction = context.CustomerTransactions.Add(new CustomerTransaction
{
CustomerId = customer.Id,
CustomerName = customer.FirstName + " " + customer.LastName,
Date = DateTime.UtcNow.AddHours(10), // Force Sydney timezone
PaypalTransactionId = order.Id,
Total = decimal.Parse(order.PurchaseUnits[0].AmountWithBreakdown.Value)
});
// Create transaction item objects
var items = order.PurchaseUnits[0].Items;
var lootBoxItems = new List <int>();
var boughtTogetherRecordsAlreadyHandledA = new HashSet <int>();
foreach (var item in items)
{
var itemId = int.Parse(item.Sku);
var itemEntity = context.Items
.Include(x => x.Seller)
.First(x => x.Id == itemId);
context.TransactionItems.Add(new TransactionItem
{
CustomerTransaction = transaction.Entity,
ItemSaleId = itemId,
ItemSalePrice = decimal.Parse(item.UnitAmount.Value),
ItemSaleName = item.Name,
SellerSaleId = itemEntity.SellerId,
SellerSaleName = itemEntity.Seller.Name
});
// Handle bought together records and purchase count
if (!boughtTogetherRecordsAlreadyHandledA.Contains(itemId))
{
boughtTogetherRecordsAlreadyHandledA.Add(itemId);
itemEntity.Purchases++;
var boughtTogetherRecordsAlreadyHandledB = new HashSet <int>();
foreach (var itemB in items)
{
var itemBId = int.Parse(itemB.Sku);
// Skip if item already handled or same (means duplicate mostViewed don't impact the count)
if (boughtTogetherRecordsAlreadyHandledB.Contains(itemBId) || itemBId == itemId)
{
continue;
}
boughtTogetherRecordsAlreadyHandledB.Add(itemBId);
// Get existing bought together record
var boughtTogetherRecord = context.ItemsBoughtTogether
.FirstOrDefault(x => x.ItemAId == itemId && x.ItemBId == itemBId);
// If record doesn't exist, create it.
if (boughtTogetherRecord == null)
{
boughtTogetherRecord = context.ItemsBoughtTogether.Add(new ItemsBoughtTogether
{
ItemAId = itemId,
ItemBId = itemBId,
Count = 0
}).Entity;
}
// Increment bought together count
boughtTogetherRecord.Count++;
}
}
// If item is a loot box, also add in a random item below its price.
if (itemEntity.Id == 86)
{
var eligibleItems = context.Items
.Include(x => x.Seller)
.Where(x => !x.Hidden && x.Price < itemEntity.Price);
var skip = (int)(new Random().NextDouble() * eligibleItems.Count());
var chosenItem = eligibleItems.Skip(skip).Take(1).FirstOrDefault();
TransactionItem transactionItem;
if (chosenItem == null)
{
transactionItem = context.TransactionItems.Add(new TransactionItem
{
CustomerTransaction = transaction.Entity,
ItemSaleId = -1,
ItemSalePrice = 0,
ItemSaleName = "Empty Cardboard Box",
SellerSaleId = itemEntity.SellerId,
SellerSaleName = itemEntity.Seller.Name
}).Entity;
}
else
{
transactionItem = context.TransactionItems.Add(new TransactionItem
{
CustomerTransaction = transaction.Entity,
ItemSaleId = chosenItem.Id,
ItemSalePrice = 0,
ItemSaleName = chosenItem.Name + " (from Loot Box)",
SellerSaleId = chosenItem.SellerId,
SellerSaleName = chosenItem.Seller.Name
}).Entity;
}
Console.WriteLine("Loot box item unlocked: " + transactionItem.ItemSaleName);
lootBoxItems.Add(transactionItem.ItemSaleId);
}
}
// Clear user's shopping cart
var itemsToRemove = context.CartItems.Where(x => x.SessionId == customer.Account.SessionId);
context.CartItems.RemoveRange(itemsToRemove);
context.SaveChanges();
if (lootBoxItems.IsNullOrEmpty())
{
lootBoxItems = null;
}
return(new Dictionary <string, dynamic>
{
["order"] = order,
["lootBoxItems"] = lootBoxItems
});
}
}
public bool Login([FromBody] LoginForm form)
{
int accountId, sessionId;
string token;
// Validate
form.Email = form.Email.Trim().ToLower();
if (form.Email.Length < 4)
{
return(false);
}
if (form.Password.Length < 8)
{
return(false);
}
using (var context = new DbContext())
{
var account = _accountService.ValidateCredentials(form.Email, form.Password, context);
if (account == null)
{
return(false);
}
accountId = account.Id;
var session = context.Sessions.FirstOrDefault(x => x.Id == account.SessionId);
// Generate new session and token if empty for whatever reason
if (session == null || string.IsNullOrEmpty(session.Token))
{
var newSession = context.Sessions.Add(new Session
{
Token = _accountService.CreateSessionToken()
});
// Link session to account, and account to session
newSession.Entity.Account = account;
account.Session = newSession.Entity;
context.SaveChanges();
}
token = account.Session.Token;
sessionId = (int)account.SessionId;
}
// Clear login cookies
ClearCookies();
// Provide with token and id cookies
Response.Cookies.Append("token", token, new CookieOptions
{
HttpOnly = true,
Secure = true,
IsEssential = true,
Expires = DateTimeOffset.Now.AddYears(1)
});
Response.Cookies.Append("accountId", accountId.ToString(), new CookieOptions
{
HttpOnly = true,
Secure = true,
IsEssential = true,
Expires = DateTimeOffset.Now.AddYears(1)
});
Response.Cookies.Append("sessionId", sessionId.ToString(), new CookieOptions
{
HttpOnly = true,
Secure = true,
IsEssential = true,
Expires = DateTimeOffset.Now.AddYears(1)
});
// Account has successfully been logged into. Page should now refresh.
return(true);
}
public dynamic CreateSession()
{
// Don't create a new session if token and session cookies already exist.
// (if only one of these exists, something has gone wrong and a new session will be created anyway)
// Instead, return the data logged in user. (null if not logged in)
if (Request.Cookies.ContainsKey("token") && Request.Cookies.ContainsKey("sessionId"))
{
var sessionId = int.Parse(Request.Cookies["sessionId"]);
var token = Request.Cookies["token"];
if (!Request.Cookies.ContainsKey("accountId"))
{
return(false);
}
var accountId = int.Parse(Request.Cookies["accountId"]);
// Return the data logged in user
var user = _accountService.ValidateUser(sessionId, accountId, token, new DbContext());
// If user is invalid, clear cookies.
if (user == null)
{
ClearCookies();
}
else
{
return(user);
}
}
// If someone with an account id does not already have a valid session, log them out. (this shouldn't happen)
if (Request.Cookies.ContainsKey("accountId"))
{
// Clear login cookies
ClearCookies();
return(false);
}
Session session;
using (var context = new DbContext())
{
var newSession = context.Sessions.Add(new Session
{
Token = _accountService.CreateSessionToken()
});
context.SaveChanges();
session = newSession.Entity;
}
// Provide with token and id cookies
Response.Cookies.Append("token", session.Token, new CookieOptions
{
HttpOnly = true,
Secure = true,
IsEssential = true,
Expires = DateTimeOffset.Now.AddYears(1)
});
Response.Cookies.Append("sessionId", session.Id.ToString(), new CookieOptions
{
HttpOnly = true,
Secure = true,
IsEssential = true,
Expires = DateTimeOffset.Now.AddYears(1)
});
return(true);
}
public Dictionary <string, dynamic> CreateCustomerAccount([FromBody] CustomerAccountForm form)
{
// Create response object to send back to client
var obj = new Dictionary <string, dynamic>
{
["error"] = null, ["success"] = false
};
// Clean up fields
form.Email = form.Email.Trim().ToLower();
// Verify that email and password are valid
if (!_accountService.IsEmailValid(form.Email))
{
obj["error"] = "Please provide a valid email.";
return(obj);
}
if (!_accountService.IsPasswordValid(form.Password, out var reason))
{
obj["error"] = reason;
return(obj);
}
using (var context = new DbContext())
{
// Verify that the session is actually valid, and that the session is not already linked to an account.
var session = _accountService.ValidateSession(Request.Cookies, context);
if (session == null || session.AccountId != null)
{
ClearCookies();
Response.StatusCode = 403;
obj["error"] =
"Invalid session. Please try again, refresh the page, or delete cookies for the site.";
return(obj);
}
// Verify that the provided email is not already in use.
if (context.Accounts.Any(x => x.Email == form.Email))
{
obj["error"] = "The email address provided is already in use.";
return(obj);
}
// Try actually creating the account.
try
{
// Create the Account object
var newAccount = context.Accounts.Add(new Account
{
Type = 'c',
Email = form.Email,
PasswordHash = null, // Fill in password later when id is available to use as salt
SessionId = session.Id // Tie the session to the newly created account.
});
session.Account = newAccount.Entity; // Tie the new account to the existing session.
// Have to send this to the database before creating the customer entity,
// as we don't know what the id is yet until the database tells us.
context.SaveChanges();
// Create the Customer object
context.Customers.Add(new Customer
{
Id = newAccount.Entity.Id,
FirstName = form.FirstName,
LastName = form.LastName
});
// Set the password hash
newAccount.Entity.PasswordHash = _accountService.HashPassword(form.Password, newAccount.Entity);
context.SaveChanges();
}
catch
{
obj["error"] = "An unknown database error occurred.";
return(obj);
}
// Log in with credentials provided
var loginSuccessful = Login(new LoginForm {
Email = form.Email, Password = form.Password
});
if (loginSuccessful)
{
obj["success"] = true;
return(obj);
}
obj["error"] = "An account was created but could not be logged into. Please try logging in manually.";
return(obj);
}
}
public Dictionary <string, dynamic> CreateAdminAccount([FromBody] AdminAccountForm form)
{
// Create response object to send back to client
var obj = new Dictionary <string, dynamic>
{
["error"] = null, ["success"] = false
};
// Clean up fields
form.Email = form.Email.Trim().ToLower();
// Verify that email and password are valid
if (!_accountService.IsEmailValid(form.Email))
{
obj["error"] = "Please provide a valid email.";
return(obj);
}
if (!_accountService.IsPasswordValid(form.Password, out var reason))
{
obj["error"] = reason;
return(obj);
}
using (var context = new DbContext())
{
// Verify that the account is being created by an admin
if (!_accountService.ValidateAdminSession(Request.Cookies, context))
{
obj["error"] = "Only admins can create admin accounts.";
return(obj);
}
// Verify that the provided email is not already in use.
if (context.Accounts.Any(x => x.Email == form.Email))
{
obj["error"] = "The email address provided is already in use.";
return(obj);
}
// Try actually creating the account.
try
{
// Create the Account object
var newAccount = context.Accounts.Add(new Account
{
Type = 'a',
Email = form.Email,
PasswordHash = null // Fill in password later when id is available to use as salt
});
// Have to send this to the database before creating the customer entity,
// as we don't know what the id is yet until the database tells us.
context.SaveChanges();
// Set the password hash
newAccount.Entity.PasswordHash = _accountService.HashPassword(form.Password, newAccount.Entity);
context.SaveChanges();
}
catch
{
obj["error"] = "An unknown database error occurred.";
return(obj);
}
return(obj);
}
}