public AccountsController( AccountsContext context, IPasswordHasher <Account> hasher, IOptions <AccountsRoleConfiguration> roles) { this.context = context; this.roles = roles.Value; this.hasher = hasher; }
public static IServiceCollection AddAccountsMvc( this IServiceCollection services, AccountsRoleConfiguration roles) { services.AddMvcCore() .AddJsonFormatters() .AddAuthorization(options => options.AddPolicy("admin", builder => builder.RequireRole(roles.Admin))) .AddApiExplorer() .AddPhemaRouting(routing => routing.AddAccountsController(roles) .AddTokensController(roles) .AddVersionController()) .SetCompatibilityVersion(CompatibilityVersion.Version_2_2); return(services); }
public async ValueTask Update(AccountsContext context, IPasswordHasher <Account> hasher, AccountsRoleConfiguration roles, int accountId) { var account = await context.Accounts.FirstAsync(i => i.Id == accountId); if (Username != null) { account.Username = Username; } if (Password != null) { account.PasswordHash = hasher.HashPassword(account, Password); } if (Role != null) { if (!roles.IsAny(Role)) { throw new InvalidOperationException(); } account.Role = Role; } }
public async ValueTask Create(AccountsContext context, IPasswordHasher <Account> hasher, AccountsRoleConfiguration roles) { var account = new Account { Email = Email, Username = Username, PasswordHash = hasher.HashPassword(null, Password), Role = roles.User, Created = DateTime.UtcNow }; await context.Accounts.AddAsync(account); }
public static IRoutingBuilder AddTokensController(this IRoutingBuilder builder, AccountsRoleConfiguration roles) { builder.AddController <TokensController>(controller => { controller.AddRoute("tokens", c => c.Create(From.Body <CreateTokenRequest>())) .HttpPost(); controller.AddRoute("tokens", c => c.Read()) .HttpGet() .Authorize(); controller.AddRoute("tokens/{tokenId}", c => c.Delete(From.Route <DeleteTokenRequest>())) .HttpDelete() .Authorize(); controller.AddRoute("tokens", c => c.Refresh(From.Body <RefreshTokenRequest>())) .HttpPut(); controller.AddRoute("admin/tokens/{accountId}", c => c.AdminReadById(From.Route <int>())) .HttpGet() .Authorize(roles.Admin); controller.AddRoute("admin/tokens/{tokenId}", c => c.AdminDeleteById(From.Route <AdminDeleteByIdTokenRequest>())) .HttpDelete() .Authorize(roles.Admin); }); return(builder); }
public static IRoutingBuilder AddAccountsController(this IRoutingBuilder builder, AccountsRoleConfiguration roles) { builder.AddController <AccountsController>(controller => { controller.AddRoute("accounts", c => c.Create(From.Body <CreateAccountRequest>())) .HttpPost(); controller.AddRoute("accounts", c => c.Read()) .HttpGet() .Authorize(); controller.AddRoute("accounts", c => c.Update(From.Body <UpdateAccountRequest>())) .HttpPut() .Authorize(); controller.AddRoute("accounts", c => c.Delete(From.Any <DeleteAccountRequest>())) .HttpDelete() .Authorize(); controller.AddRoute("admin/accounts", c => c.AdminRead(From.Query <FilterRequest>())) .HttpGet() .Authorize(roles.Admin); controller.AddRoute("admin/accounts/{accountId}", c => c.AdminReadById(From.Route <int>())) .HttpGet() .Authorize(roles.Admin); controller.AddRoute("admin/accounts/{accountId}", c => c.AdminUpdateById(From.Route <int>(), From.Body <AdminUpdateByIdAccountRequest>())) .HttpPut() .Authorize(roles.Admin); controller.AddRoute("admin/accounts/{accountId}", c => c.AdminDeleteById(From.Route <AdminDeleteByIdAccountRequest>())) .HttpDelete() .Authorize(roles.Admin); }); return(builder); }