public async Task <IActionResult> CreateAdvertisementAsync([FromBody] CreateAdvertisementDto requestDto)
{
var userId = this.User.FindFirstValue(ClaimTypes.NameIdentifier);
_logger.LogInformation($"User trying to create new advertisement");
var entity = _mapper.Map <Advertisement>(requestDto);
entity.AuthorId = int.Parse(userId);
//TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS)
_logger.LogInformation($"Validating new advertisement");
if (ModelState.IsValid)
{
TryValidateModel(entity);
}
if (!ModelState.IsValid)
{
var errors = ModelState.FormatModelErrors();
_logger.LogWarning($"New advertisement did not pass entity validation", errors);
return(BadRequest(errors));
}
entity = await _advertisements.CreateAdvertisementAsync(entity);
_logger.LogInformation($"User created new advertisement with identificator {entity.Id}");
var result = _mapper.Map <AdvertisementDto>(entity);
return(Ok(result));
}