public IHttpActionResult PutUser(int id, [FromBody] User newUser)
{
var permission = JwtAuth.GetTokenPermission(Request.Headers.Authorization.Parameter);
var tokenId = JwtAuth.GetTokenId(Request.Headers.Authorization.Parameter);
if ((permission & 1) <= 0)
{
return(BadRequest("權限不足"));
}
if (tokenId != id)
{
return(BadRequest("使用者錯誤"));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = _db.Users.Find(id);
user.PasswordSalt = Salt.CreateSalt();
user.Password = Salt.GenerateHashWithSalt(newUser.Password, user.PasswordSalt);
user.Nickname = newUser.Nickname ?? user.Nickname;
user.Name = newUser.Name ?? user.Name;
user.Picture = newUser.Picture ?? user.Picture;
user.Email = newUser.Email ?? user.Email;
user.Phone = newUser.Phone ?? user.Phone;
user.Birthday = user.Birthday;
_db.Entry(user).State = EntityState.Modified;
try
{
_db.SaveChanges();
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
return(Ok(id));
}
public IHttpActionResult PostUser([FromBody] User user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (_db.Users.FirstOrDefault(data => data.Account == user.Account) != null)
{
return(BadRequest("帳號已存在"));
}
user.PasswordSalt = Salt.CreateSalt();
user.Password = Salt.GenerateHashWithSalt(user.Password, user.PasswordSalt);
user.Permission = 127;
_db.Users.Add(user);
try
{
_db.SaveChanges();
return(Ok(user.Id));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}