Changeset b373fea for ChapterX.API
- Timestamp:
- 06/23/26 15:20:39 (13 days ago)
- Branches:
- main
- Children:
- 0b502c2
- Parents:
- d300631
- Location:
- ChapterX.API
- Files:
-
- 6 edited
-
Controllers/AdminsController.cs (modified) (3 diffs)
-
Controllers/ChaptersController.cs (modified) (4 diffs)
-
Controllers/CommentsController.cs (modified) (4 diffs)
-
Controllers/StoriesController.cs (modified) (4 diffs)
-
Controllers/UsersController.cs (modified) (3 diffs)
-
Program.cs (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ChapterX.API/Controllers/AdminsController.cs
rd300631 rb373fea 40 40 41 41 [HttpPost] 42 [Authorize ]42 [Authorize(Roles = "Admin")] 43 43 public async Task<ActionResult> Add([FromBody] AddRequest request) 44 44 { … … 49 49 50 50 [HttpPut("{id:int}")] 51 [Authorize ]51 [Authorize(Roles = "Admin")] 52 52 public async Task<ActionResult> Update(int id, [FromBody] UpdateRequest request) 53 53 { … … 63 63 64 64 [HttpDelete("{id:int}")] 65 [Authorize ]65 [Authorize(Roles = "Admin")] 66 66 public async Task<ActionResult> Delete(int id) 67 67 { -
ChapterX.API/Controllers/ChaptersController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 40 42 41 43 [HttpPost] 44 [Authorize] 42 45 public async Task<ActionResult> Add([FromBody] AddRequest request) 43 46 { … … 57 60 } 58 61 59 var response = await _mediator.Send(request); 62 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 63 var response = await _mediator.Send(request with { CallerId = callerId }); 60 64 return Ok(response); 61 65 } … … 66 70 { 67 71 _logger.LogInformation("Deleting chapter with ID: {ChapterId}", id); 68 var response = await _mediator.Send(new DeleteRequest(id)); 72 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 73 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 69 74 return Ok(response); 70 75 } -
ChapterX.API/Controllers/CommentsController.cs
rd300631 rb373fea 6 6 using Microsoft.AspNetCore.Mvc; 7 7 using Microsoft.Extensions.Logging; 8 using System.IdentityModel.Tokens.Jwt; 9 using System.Security.Claims; 8 10 9 11 namespace ChapterX.API.Controllers … … 63 65 public async Task<ActionResult> Add([FromBody] AddRequest request) 64 66 { 67 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 65 68 _logger.LogInformation("Adding a new comment"); 66 var response = await _mediator.Send(request );69 var response = await _mediator.Send(request with { UserId = callerId }); 67 70 return Ok(response); 68 71 } … … 78 81 } 79 82 80 var response = await _mediator.Send(request); 83 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 84 var response = await _mediator.Send(request with { CallerId = callerId }); 81 85 return Ok(response); 82 86 } … … 87 91 { 88 92 _logger.LogInformation("Deleting comment with ID: {CommentId}", id); 89 var response = await _mediator.Send(new DeleteRequest(id)); 93 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 94 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 90 95 return Ok(response); 91 96 } -
ChapterX.API/Controllers/StoriesController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 46 48 public async Task<ActionResult> Add([FromBody] AddRequest request) 47 49 { 48 _logger.LogInformation("Adding a new story for UserId: {UserId}", request.UserId); 49 var response = await _mediator.Send(request); 50 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 51 _logger.LogInformation("Adding a new story for UserId: {UserId}", callerId); 52 var response = await _mediator.Send(request with { UserId = callerId }); 50 53 return Ok(response); 51 54 } … … 62 65 } 63 66 64 var response = await _mediator.Send(request); 67 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 68 var response = await _mediator.Send(request with { CallerId = callerId }); 65 69 return Ok(response); 66 70 } … … 72 76 { 73 77 _logger.LogInformation("Deleting story with ID: {StoryId}", id); 74 var response = await _mediator.Send(new DeleteRequest(id)); 78 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 79 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 75 80 return Ok(response); 76 81 } -
ChapterX.API/Controllers/UsersController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 67 69 } 68 70 71 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 72 var isAdmin = User.IsInRole("Admin"); 73 if (callerId != id && !isAdmin) 74 return Forbid(); 75 69 76 var response = await _mediator.Send(request); 70 77 return Ok(response); … … 76 83 { 77 84 _logger.LogInformation("Deleting user with ID: {UserId}", id); 85 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 86 var isAdmin = User.IsInRole("Admin"); 87 if (callerId != id && !isAdmin) 88 return Forbid(); 89 78 90 var response = await _mediator.Send(new DeleteRequest(id)); 79 91 return Ok(response); -
ChapterX.API/Program.cs
rd300631 rb373fea 7 7 8 8 var builder = WebApplication.CreateBuilder(args); 9 10 var jwtKey = builder.Configuration["Jwt:Key"]; 11 if (string.IsNullOrWhiteSpace(jwtKey) || jwtKey.StartsWith("change-this")) 12 throw new InvalidOperationException("Jwt:Key is not configured. Set it via environment variable DOTNET_Jwt__Key before starting the application."); 9 13 10 14 builder.Services.AddCors(options => … … 85 89 ctx.Response.ContentType = "application/json"; 86 90 91 var logger = ctx.RequestServices.GetRequiredService<ILogger<Program>>(); 92 87 93 string message; 88 94 int status; … … 107 113 message = "A user with this email or username already exists."; 108 114 else 109 message = "Database error: " + inner; 115 { 116 logger.LogError(dbEx, "Unhandled database error"); 117 message = "A database error occurred. Please try again."; 118 } 110 119 } 111 120 else 112 121 { 122 logger.LogError(ex, "Unhandled exception"); 113 123 status = 500; 114 message = ex?.Message ?? "Anerror occurred.";124 message = "An unexpected error occurred."; 115 125 } 116 126
Note:
See TracChangeset
for help on using the changeset viewer.
