public IActionResult Get(string uuid)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (!SecureGuid.VerifyGuid(uuid, out _))
{
_logger.LogInformation("Invalid Topic UUID");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
var topicInfo = _database.GetTopics(uuid);
if (topicInfo.Count != 1)
{
_logger.LogInformation("Topic UUID does nto exist");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
}
var posts = _database.GetPostByTopic(new Guid(uuid));
topicInfo[0].Posts = posts;
return(Ok(topicInfo[0]));
}
public IActionResult Get(string uuid)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (!SecureGuid.VerifyGuid(uuid, out var postGuid))
{
_logger.LogInformation("Post UUID is invalid.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
var postInfo = _database.GetPostInfo(postGuid);
if (postInfo == null)
{
_logger.LogInformation("Post does not exist.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
var comments = _database.GetCommentsByPost(postGuid);
postInfo.Comments = comments;
return(Ok(postInfo));
}
public bool CreateComment(Comment comment, User user)
{
if (!SecureGuid.VerifyGuid(comment.Post, out var postGuid))
{
return(false);
}
using var conn = new MySqlConnection(_connectionStringBuilder.ConnectionString);
conn.Open();
using var command = conn.CreateCommand();
command.CommandText = "newComment";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@postUUID", MySqlDbType.Binary, 16).Value = postGuid.ToByteArray();
command.Parameters.Add("@userUUID", MySqlDbType.Binary, 16).Value = user.Uuid.ToByteArray();
command.Parameters.Add("@commentUUID", MySqlDbType.Binary, 16).Value =
SecureGuid.CreateSecureRfc4122Guid().ToByteArray();
command.Parameters.AddWithValue("@commentContent", comment.Content);
try
{
command.ExecuteNonQuery();
return(true);
}
catch (MySqlException)
{
return(false);
}
}
public IActionResult Delete(string postUuid)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (!SecureGuid.VerifyGuid(postUuid, out _))
{
_logger.LogInformation("Post UUID is invalid.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
var post = new Post
{
Uuid = postUuid
};
if (_database.DeletePost(post, user))
{
_activityLogger.LogDeletePost(Request.HttpContext.Connection.RemoteIpAddress, user, post);
return(Ok());
}
_logger.LogInformation("DB failed to delete post.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
public IActionResult NewComment([FromBody] Comment comment)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (string.IsNullOrWhiteSpace(comment.Content) || string.IsNullOrWhiteSpace(comment.Post) ||
string.IsNullOrWhiteSpace(comment.Captcha))
{
_logger.LogInformation("Comment content, post or captcha is missing.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!_captcha.VerifyCaptcha(comment.Captcha, HttpContext.Connection.RemoteIpAddress, "newComment"))
{
_logger.LogInformation("Captcha failed verification.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (comment.Content.Length > 128)
{
_logger.LogInformation("Comment content length exceeds the permitted limit.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!SecureGuid.VerifyGuid(comment.Post, out _))
{
_logger.LogInformation("Post UUID is invalid.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (_database.CreateComment(comment, user))
{
_activityLogger.LogNewComment(Request.HttpContext.Connection.RemoteIpAddress, user, comment);
return(Ok());
}
_logger.LogInformation("Database failed to create new comment.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
public IActionResult UpdatePost(Post post)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (string.IsNullOrWhiteSpace(post.Content) || string.IsNullOrWhiteSpace(post.Uuid))
{
_logger.LogInformation("Post content or uuid is null or empty.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!SecureGuid.VerifyGuid(post.Uuid, out _))
{
_logger.LogInformation("Post UUID is invalid.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!_database.VerifyPostUser(user, post))
{
_logger.LogInformation("Requester is not post creator.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (_database.UpdatePost(post, user))
{
_activityLogger.LogEditPost(Request.HttpContext.Connection.RemoteIpAddress, user, post);
return(Ok());
}
_logger.LogInformation("DB failed to edit post.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
public IActionResult Put(Comment comment)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (string.IsNullOrWhiteSpace(comment.Uuid) || string.IsNullOrWhiteSpace(comment.Content))
{
_logger.LogInformation("Comment uuid or content is empty.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!SecureGuid.VerifyGuid(comment.Uuid, out _))
{
_logger.LogInformation("Comment UUID is invalid.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (!_database.VerifyCommentUser(user, comment))
{
_logger.LogInformation("Requester is not comment creator.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (_database.UpdateComment(comment, user))
{
_activityLogger.LogEditComment(Request.HttpContext.Connection.RemoteIpAddress, user, comment);
return(Ok());
}
_logger.LogInformation("Database failed to update comment.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
public bool VerifyCommentUser(User user, Comment comment)
{
if (!SecureGuid.VerifyGuid(comment.Uuid, out var commentGuid))
{
return(false);
}
using var conn = new MySqlConnection(_connectionStringBuilder.ConnectionString);
conn.Open();
using var command = conn.CreateCommand();
command.CommandText = "verifyCommentUser";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@commentUUID", MySqlDbType.Binary, 16).Value = commentGuid.ToByteArray();
command.Parameters.Add("@userUUID", MySqlDbType.Binary, 16).Value = user.Uuid.ToByteArray();
var result = command.ExecuteReader();
return(result.HasRows);
}
public bool UpdateComment(Comment comment, User user)
{
if (!SecureGuid.VerifyGuid(comment.Uuid, out var commentGuid))
{
return(false);
}
using var conn = new MySqlConnection(_connectionStringBuilder.ConnectionString);
conn.Open();
using var command = conn.CreateCommand();
command.CommandText = "editComment";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@commentUUID", MySqlDbType.Binary, 16).Value = commentGuid.ToByteArray();
command.Parameters.Add("@userUUID", MySqlDbType.Binary, 16).Value = user.Uuid.ToByteArray();
command.Parameters.Add("@updatedContent", MySqlDbType.Text).Value = comment.Content;
var response = command.ExecuteNonQuery();
return(response == 2);
}
public bool DeletePost(Post post, User user)
{
if (!SecureGuid.VerifyGuid(post.Uuid, out var postGuid))
{
return(false);
}
using var conn = new MySqlConnection(_connectionStringBuilder.ConnectionString);
conn.Open();
using var command = conn.CreateCommand();
command.CommandText = "deletePost";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@postUUID", MySqlDbType.Binary, 16).Value = postGuid.ToByteArray();
command.Parameters.Add("@userUUID", MySqlDbType.Binary, 16).Value = user.Uuid.ToByteArray();
var result = command.ExecuteNonQuery();
return(result == 2);
}