Ignore:
Timestamp:
06/23/26 15:20:39 (13 days ago)
Author:
kikisrbinoska <srbinoskakristina07@…>
Branches:
main
Children:
0b502c2
Parents:
d300631
Message:

Fixes for authentication and auhtorization\

Location:
ChapterX.Application
Files:
17 edited

Legend:

Unmodified
Added
Removed
  • ChapterX.Application/Auth/LoginRequest.cs

    rd300631 rb373fea  
    11using MediatR;
     2using System.ComponentModel.DataAnnotations;
    23
    34namespace ChapterX.Application.Auth
    45{
    5     public record LoginRequest(string Email, string Password) : IRequest<LoginResponse>;
     6    public record LoginRequest(
     7        [Required][EmailAddress][MaxLength(200)] string Email,
     8        [Required][MaxLength(128)] string Password
     9    ) : IRequest<LoginResponse>;
    610}
  • ChapterX.Application/Auth/RegisterRequest.cs

    rd300631 rb373fea  
    11using MediatR;
     2using System.ComponentModel.DataAnnotations;
    23
    34namespace ChapterX.Application.Auth
    45{
    5     public record RegisterRequest(string Username, string Email, string Name, string Surname, string Password) : IRequest<RegisterResponse>;
     6    public record RegisterRequest(
     7        [Required][MaxLength(50)] string Username,
     8        [Required][EmailAddress][MaxLength(200)] string Email,
     9        [Required][MaxLength(100)] string Name,
     10        [Required][MaxLength(100)] string Surname,
     11        [Required][MinLength(8)][MaxLength(128)] string Password
     12    ) : IRequest<RegisterResponse>;
    613}
  • ChapterX.Application/Chapter/Commands/AddRequest.cs

    rd300631 rb373fea  
    11using MediatR;
     2using System.ComponentModel.DataAnnotations;
    23
    34namespace ChapterX.Application.Chapter.Commands
    45{
    56    public record AddRequest(
    6         int Number,
    7         string Name,
    8         string Title,
    9         string Content,
     7        [Range(1, int.MaxValue)] int Number,
     8        [Required][MaxLength(200)] string Name,
     9        [Required][MaxLength(300)] string Title,
     10        [Required] string Content,
    1011        int StoryId
    1112    ) : IRequest<AddResponse>;
  • ChapterX.Application/Chapter/Commands/DeleteHandler.cs

    rd300631 rb373fea  
    1818        public async Task<DeleteResponse> Handle(DeleteRequest request, CancellationToken cancellationToken)
    1919        {
    20             var chapter = await _chapterRepository.GetByIdAsync(request.Id, cancellationToken);
     20            var chapter = await _chapterRepository.GetByIdWithStoryAsync(request.Id, cancellationToken);
    2121            if (chapter is null)
    2222                return new DeleteResponse(false);
     23
     24            if (chapter.Story.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this chapter.");
    2326
    2427            await _chapterRepository.DeleteAsync(chapter, cancellationToken);
  • ChapterX.Application/Chapter/Commands/DeleteRequest.cs

    rd300631 rb373fea  
    33namespace ChapterX.Application.Chapter.Commands
    44{
    5     public record DeleteRequest(int Id) : IRequest<DeleteResponse>;
     5    public record DeleteRequest(int Id, int CallerId) : IRequest<DeleteResponse>;
    66}
  • ChapterX.Application/Chapter/Commands/UpdateHandler.cs

    rd300631 rb373fea  
    1818        public async Task<UpdateResponse> Handle(UpdateRequest request, CancellationToken cancellationToken)
    1919        {
    20             var chapter = await _chapterRepository.GetByIdAsync(request.Id, cancellationToken);
     20            var chapter = await _chapterRepository.GetByIdWithStoryAsync(request.Id, cancellationToken);
    2121            if (chapter is null)
    2222                return new UpdateResponse(false);
     23
     24            if (chapter.Story.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this chapter.");
    2326
    2427            chapter.Number = request.Number;
  • ChapterX.Application/Chapter/Commands/UpdateRequest.cs

    rd300631 rb373fea  
    99        string Title,
    1010        string Content,
    11         int? WordCount
     11        int? WordCount,
     12        int CallerId = 0
    1213    ) : IRequest<UpdateResponse>;
    1314}
  • ChapterX.Application/Comment/Commands/AddRequest.cs

    rd300631 rb373fea  
    11using MediatR;
     2using System.ComponentModel.DataAnnotations;
    23
    34namespace ChapterX.Application.Comment.Commands
    45{
    5     public record AddRequest(string Content, int UserId, int StoryId) : IRequest<AddResponse>;
     6    public record AddRequest(
     7        [Required][MaxLength(2000)] string Content,
     8        int UserId,
     9        int StoryId
     10    ) : IRequest<AddResponse>;
    611}
  • ChapterX.Application/Comment/Commands/DeleteHandler.cs

    rd300631 rb373fea  
    2222                return new DeleteResponse(false);
    2323
     24            if (comment.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this comment.");
     26
    2427            await _commentRepository.DeleteAsync(comment, cancellationToken);
    2528
  • ChapterX.Application/Comment/Commands/DeleteRequest.cs

    rd300631 rb373fea  
    33namespace ChapterX.Application.Comment.Commands
    44{
    5     public record DeleteRequest(int Id) : IRequest<DeleteResponse>;
     5    public record DeleteRequest(int Id, int CallerId) : IRequest<DeleteResponse>;
    66}
  • ChapterX.Application/Comment/Commands/UpdateHandler.cs

    rd300631 rb373fea  
    2222                return new UpdateResponse(false);
    2323
     24            if (comment.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this comment.");
     26
    2427            comment.Content = request.Content;
    2528            comment.UpdatedAt = DateTime.UtcNow;
  • ChapterX.Application/Comment/Commands/UpdateRequest.cs

    rd300631 rb373fea  
    33namespace ChapterX.Application.Comment.Commands
    44{
    5     public record UpdateRequest(int Id, string Content) : IRequest<UpdateResponse>;
     5    public record UpdateRequest(int Id, string Content, int CallerId = 0) : IRequest<UpdateResponse>;
    66}
  • ChapterX.Application/Story/Commands/AddRequest.cs

    rd300631 rb373fea  
    11using MediatR;
     2using System.ComponentModel.DataAnnotations;
    23
    34namespace ChapterX.Application.Story.Commands
    45{
    5     public record AddRequest(bool MatureContent, string ShortDescription, string? Image, string Content, int UserId, List<string> Genres) : IRequest<AddResponse>;
     6    public record AddRequest(
     7        bool MatureContent,
     8        [Required][MaxLength(500)] string ShortDescription,
     9        [MaxLength(2048)] string? Image,
     10        [Required] string Content,
     11        int UserId,
     12        List<string> Genres
     13    ) : IRequest<AddResponse>;
    614}
  • ChapterX.Application/Story/Commands/DeleteHandler.cs

    rd300631 rb373fea  
    2222                return new DeleteResponse(false);
    2323
     24            if (story.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this story.");
     26
    2427            await _storyRepository.DeleteAsync(story, cancellationToken);
    2528
  • ChapterX.Application/Story/Commands/DeleteRequest.cs

    rd300631 rb373fea  
    33namespace ChapterX.Application.Story.Commands
    44{
    5     public record DeleteRequest(int Id) : IRequest<DeleteResponse>;
     5    public record DeleteRequest(int Id, int CallerId) : IRequest<DeleteResponse>;
    66}
  • ChapterX.Application/Story/Commands/UpdateHandler.cs

    rd300631 rb373fea  
    2222                return new UpdateResponse(false);
    2323
     24            if (story.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this story.");
     26
    2427            story.MatureContent = request.MatureContent;
    2528            story.ShortDescription = request.ShortDescription;
  • ChapterX.Application/Story/Commands/UpdateRequest.cs

    rd300631 rb373fea  
    33namespace ChapterX.Application.Story.Commands
    44{
    5     public record UpdateRequest(int Id, bool MatureContent, string ShortDescription, string? Image, string Content) : IRequest<UpdateResponse>;
     5    public record UpdateRequest(int Id, bool MatureContent, string ShortDescription, string? Image, string Content, int CallerId = 0) : IRequest<UpdateResponse>;
    66}
Note: See TracChangeset for help on using the changeset viewer.