structure app by rest api standards

add getusers tidy up BusinessException
2026-04-23 01:56:33 +00:00 · 2024-11-14 22:45:36 +02:00
parent ace57eaf27
commit 4bc76bbbac
12 changed files with 182 additions and 37 deletions
@@ -9,8 +9,10 @@ using FluentValidation;
 using FluentValidation.AspNetCore;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.Swagger;

 var builder = WebApplication.CreateBuilder(args);
 builder.WebHost.ConfigureKestrel(o => o.Limits.MaxRequestBodySize = 209715200); //increase upload limit up to 200mb
@@ -97,25 +99,28 @@ app.MapPost("/login",
        return Results.Ok(new { Token = authService.CreateToken(user)});
    });

-app.MapPost("/register-user",
+app.MapPost("/users",
    async (RegisterUserRequest registerUserRequest, IUserService userService, CancellationToken cancellationToken)
        => await userService.RegisterUser(registerUserRequest, cancellationToken))
-    .RequireAuthorization(apiAdminPolicy);
+    .RequireAuthorization(apiAdminPolicy)
+    .WithDescription("Creates a new user");
+
+app.MapGet("/users",
+    async (string searchEmail, RoleEnum? searchRole, IUserService userService, CancellationToken cancellationToken)
+        => await userService.GetUsers(searchEmail, searchRole, cancellationToken))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithDescription("Lists all users");

 app.MapPost("/resources",
        async (ResourceEnum resourceEnum, IFormFile data, IResourcesService resourceService, CancellationToken cancellationToken)
            => await resourceService.SaveResource(resourceEnum, data, cancellationToken))
    .Accepts<IFormFile>("multipart/form-data")
    .RequireAuthorization(apiAdminPolicy)
-    .DisableAntiforgery();
+    .DisableAntiforgery()
+    .WithDescription("Uploads / Replace existing resource by type");

-app.MapPost("/resources/reset-hardware",
-    async (string email, IUserService userService, CancellationToken cancellationToken)
-        => await userService.UpdateHardwareId(email, null!, cancellationToken));
-
-
-app.MapPost("/resources/get",
-    async (GetResourceRequest request, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
+app.MapGet("/resources",
+    async ([FromBody]GetResourceRequest request, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
    {
        var user = authService.CurrentUser;
        if (user == null)
@@ -128,13 +133,18 @@ app.MapPost("/resources/get",
        }

        if (user.HardwareId != request.HardwareId)
-            throw new BusinessException(ExceptionEnum.HardwareIdMismatch, "Hardware mismatch! You are not authorized to access this resource from this hardware.");
+            throw new BusinessException(ExceptionEnum.HardwareIdMismatch);

        var ms = new MemoryStream();
-        var key = Security.MakeEncryptionKey(user.Email, request.Password);
+        var key = Security.MakeEncryptionKey(user.Email, request.Password, request.HardwareId);
        var filename = await resourcesService.GetEncryptedResource(request.ResourceEnum, key, ms, cancellationToken);

        return Results.File(ms, "application/octet-stream", filename);
-    }).RequireAuthorization();
+    }).RequireAuthorization()
+    .WithDescription("Gets encrypted by users Password and HardwareId resources ");
+
+app.MapPut("/resources/reset-hardware",
+    async (string email, IUserService userService, CancellationToken cancellationToken)
+        => await userService.UpdateHardwareId(email, null!, cancellationToken));

 app.Run();
@@ -1,20 +1,49 @@
-namespace Azaion.Common;
+using System.ComponentModel;
+using Azaion.Common.Extensions;

-public class BusinessException(ExceptionEnum exEnum, string message) : Exception(message)
+namespace Azaion.Common;
+
+public class BusinessException(ExceptionEnum exEnum) : Exception(GetMessage(exEnum))
 {
+    private static readonly Dictionary<ExceptionEnum, string> ExceptionDescriptions;
+
+    static BusinessException()
+    {
+        ExceptionDescriptions = EnumExtensions.GetDescriptions<ExceptionEnum>();
+    }
+
    private ExceptionEnum ExceptionEnum { get; set; } = exEnum;
+
+    public static string GetMessage(ExceptionEnum exEnum) => ExceptionDescriptions.GetValueOrDefault(exEnum) ?? exEnum.ToString();
 }

 public enum ExceptionEnum
 {
-    NoUserFound = 10,
-    NoUser = 15,
-    UserExists = 20,
-    PasswordIncorrect = 30,
-    UserLengthIncorrect = 33,
-    WrongEmail = 35,
-    PasswordLengthIncorrect = 37,
+    [Description("No such email found.")]
+    NoEmailFound = 10,
+
+    [Description("Email already exists.")]
+    EmailExists = 20,
+
+    [Description("Passwords do not match.")]
+    WrongPassword = 30,
+
+    [Description("Password should be at least 8 characters.")]
+    PasswordLengthIncorrect = 32,
+
+    EmailLengthIncorrect = 35,
+
+    WrongEmail = 37,
+
+    [Description("Hardware mismatch! You are not authorized to access this resource from this hardware.")]
    HardwareIdMismatch = 40,
+
+    [Description("Hardware Id should be at least 8 characters.")]
+    HardwareIdLength = 45,
+
+    [Description("Wrong resource type.")]
    WrongResourceType = 50,
-    NoFile = 60
+
+    [Description("No file provided.")]
+    NoFileProvided = 60,
 }
@@ -1,4 +1,5 @@
 using Azaion.Common.Entities;
+using Azaion.Common.Extensions;
 using LinqToDB;
 using LinqToDB.Mapping;

@@ -0,0 +1,54 @@
+using System.ComponentModel;
+using System.Reflection;
+
+namespace Azaion.Common.Extensions;
+
+/// <summary>Enum extensions</summary>
+public static class EnumExtensions
+{
+    /// <summary>Get all enums with descriptions </summary>
+    public static Dictionary<T, string> GetDescriptions<T>() where T : Enum =>
+        Enum.GetValues(typeof(T)).Cast<T>()
+            .ToDictionary(x => x, x => x.GetEnumAttrib<T, DescriptionAttribute>()?.Description ?? x.ToString());
+
+    /// <summary>
+    /// Get the Description from the DescriptionAttribute.
+    /// </summary>
+    /// <param name="enumValue"></param>
+    /// <returns></returns>
+    public static string GetDescription(this Enum enumValue)
+    {
+        return enumValue.GetType()
+            .GetMember(enumValue.ToString())
+            .First()
+            .GetCustomAttribute<DescriptionAttribute>()?
+            .Description ?? enumValue.ToString();
+    }
+
+    /// <summary> Get attribute for enum's member, usually is used for getting Description attribute </summary>
+    public static TAttrib GetEnumAttrib<T, TAttrib>(this T value) where T: Enum
+    {
+        var field = value.GetType().GetField(value.ToString());
+        if (field == null)
+            return default; 
+            
+        return field.GetCustomAttributes(typeof(TAttrib), false)
+            .Cast<TAttrib>()
+            .FirstOrDefault();   
+    }
+        
+    /// <summary>
+    /// Get default value for enum
+    /// </summary>
+    /// <typeparam name="TEnum"></typeparam>
+    /// <returns></returns>
+    public static TEnum GetDefaultValue<TEnum>() where TEnum : struct
+    {
+        var t = typeof(TEnum);
+        var attributes = (DefaultValueAttribute[])t.GetCustomAttributes(typeof(DefaultValueAttribute), false);
+        if (attributes is { Length: > 0 })
+            return (TEnum)attributes[0].Value!;
+
+        return default;
+    }
+}
@@ -0,0 +1,27 @@
+using System.Linq.Expressions;
+
+namespace Azaion.Common.Extensions;
+
+public static class QueryableExtensions
+{
+    /// <summary>
+    /// Adds Where true predicate only if result of condition is true.
+    /// If false predicate provided, uses it in case of false result
+    /// Useful for filters, when filters should be applied only when it was set (not NULL)
+    /// </summary>
+    public static IQueryable<TSource> WhereIf<TSource>(this IQueryable<TSource> query, bool? condition,
+        Expression<Func<TSource, bool>> truePredicate,
+        Expression<Func<TSource, bool>>? falsePredicate = null)
+    {
+        if (!condition.HasValue)
+            return query;
+
+        if (condition.Value)
+            return query.Where(truePredicate);
+
+        return falsePredicate != null
+            ? query.Where(falsePredicate)
+            : query;
+    }
+
+}
@@ -1,6 +1,6 @@
 using System.Text;

-namespace Azaion.Common;
+namespace Azaion.Common.Extensions;

 public static class StringExtensions
 {
@@ -15,9 +15,18 @@ public class GetResourceRequestValidator : AbstractValidator<GetResourceRequest>
    public GetResourceRequestValidator()
    {
        RuleFor(r => r.Password)
-            .MinimumLength(8).WithErrorCode(ExceptionEnum.PasswordLengthIncorrect.ToString()).WithMessage("Password should be at least 8 characters.");
+            .MinimumLength(8)
+            .WithErrorCode(ExceptionEnum.PasswordLengthIncorrect.ToString())
+            .WithMessage(_ => BusinessException.GetMessage(ExceptionEnum.PasswordLengthIncorrect));

        RuleFor(r => r.HardwareId)
-            .NotEmpty().WithErrorCode(ExceptionEnum.HardwareIdMismatch.ToString()).WithMessage("Hardware Id should be not empty.");
+            .MinimumLength(8)
+            .WithErrorCode(ExceptionEnum.HardwareIdLength.ToString())
+            .WithMessage(_ => BusinessException.GetMessage(ExceptionEnum.HardwareIdLength));
+
+        RuleFor(r => r.ResourceEnum)
+            .NotEqual(ResourceEnum.None)
+            .WithErrorCode(ExceptionEnum.WrongResourceType.ToString())
+            .WithMessage(_ => BusinessException.GetMessage(ExceptionEnum.WrongResourceType));
    }
 }
@@ -15,7 +15,7 @@ public class RegisterUserValidator : AbstractValidator<RegisterUserRequest>
    public RegisterUserValidator()
    {
        RuleFor(r => r.Email)
-            .MinimumLength(8).WithErrorCode(ExceptionEnum.UserLengthIncorrect.ToString()).WithMessage("Email address should be at least 8 characters.")
+            .MinimumLength(8).WithErrorCode(ExceptionEnum.EmailLengthIncorrect.ToString()).WithMessage("Email address should be at least 8 characters.")
            .EmailAddress().WithErrorCode(ExceptionEnum.WrongEmail.ToString()).WithMessage("Email address is not valid.");

        RuleFor(r => r.Password)
@@ -28,7 +28,7 @@ public class ResourcesService(IOptions<ResourcesConfig> resourcesConfig) : IReso
    public async Task SaveResource(ResourceEnum resourceEnum, IFormFile data, CancellationToken cancellationToken = default)
    {
        if (data == null)
-            throw new BusinessException(ExceptionEnum.NoFile, "No file provided!");
+            throw new BusinessException(ExceptionEnum.NoFileProvided);
        if (!Directory.Exists(resourcesConfig.Value.ResourcesFolder))
            Directory.CreateDirectory(resourcesConfig.Value.ResourcesFolder);

@@ -40,7 +40,7 @@ public class ResourcesService(IOptions<ResourcesConfig> resourcesConfig) : IReso
    {
        var resource = resourcesConfig.Value.Resources.GetValueOrDefault(resourceEnum.ToString());
        if (resource == null)
-            throw new BusinessException(ExceptionEnum.WrongResourceType, "Wrong resource type!");
+            throw new BusinessException(ExceptionEnum.WrongResourceType);
        return Path.Combine(resourcesConfig.Value.ResourcesFolder, resource);
    }
 }
@@ -10,8 +10,8 @@ public static class Security
    public static string ToHash(this string str) =>
        Convert.ToBase64String(SHA384.HashData(Encoding.UTF8.GetBytes(str)));

-    public static string MakeEncryptionKey(string username, string password) =>
-        $"{username}-{password}---#%@AzaionKey@%#---";
+    public static string MakeEncryptionKey(string username, string password, string hardwareId) =>
+        $"{username}-{password}-{hardwareId}-#%@AzaionKey@%#---";

    public static async Task EncryptTo(this Stream stream, Stream toStream, string key, CancellationToken cancellationToken = default)
    {
@@ -1,6 +1,7 @@
 using Azaion.Common;
 using Azaion.Common.Database;
 using Azaion.Common.Entities;
+using Azaion.Common.Extensions;
 using Azaion.Common.Requests;
 using LinqToDB;

@@ -11,6 +12,7 @@ public interface IUserService
    Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default);
    Task<User> ValidateUser(LoginRequest request, string? hardwareId = null, CancellationToken cancellationToken = default);
    Task UpdateHardwareId(string email, string hardwareId, CancellationToken cancellationToken = default);
+    Task<IEnumerable<User>> GetUsers(string searchEmail, RoleEnum? searchRole, CancellationToken cancellationToken);
 }

 public class UserService(IDbFactory dbFactory) : IUserService
@@ -21,7 +23,7 @@ public class UserService(IDbFactory dbFactory) : IUserService
        {
            var existingUser = await db.Users.FirstOrDefaultAsync(u => u.Email == request.Email, token: cancellationToken);
            if (existingUser != null)
-                throw new BusinessException(ExceptionEnum.UserExists, "User already exists");
+                throw new BusinessException(ExceptionEnum.EmailExists);

            await db.InsertAsync(new User
            {
@@ -38,21 +40,30 @@ public class UserService(IDbFactory dbFactory) : IUserService
        {
            var user = await db.Users.FirstOrDefaultAsync(x => x.Email == request.Email, token: cancellationToken);
            if (user == null)
-                throw new BusinessException(ExceptionEnum.NoUserFound, "No user found");
+                throw new BusinessException(ExceptionEnum.NoEmailFound);

            if (request.Password.ToHash() != user.PasswordHash)
-                throw new BusinessException(ExceptionEnum.PasswordIncorrect, "Passwords do not match");
+                throw new BusinessException(ExceptionEnum.WrongPassword);

            if (user.Role == RoleEnum.ApiAdmin)
                return user;

            // For Non-API admins hardwareId should match if it was already set
            if (user.HardwareId != null && user.HardwareId != hardwareId)
-                throw new BusinessException(ExceptionEnum.HardwareIdMismatch, "Hardware id mismatch");
+                throw new BusinessException(ExceptionEnum.HardwareIdMismatch);
            return user;
        });

    public async Task UpdateHardwareId(string email, string hardwareId, CancellationToken cancellationToken = default) =>
        await dbFactory.RunAdmin(async db =>
            await db.Users.UpdateAsync(x => x.Email == email, u => new User { HardwareId = hardwareId}, token: cancellationToken));
+
+    public async Task<IEnumerable<User>> GetUsers(string searchEmail, RoleEnum? searchRole, CancellationToken cancellationToken) =>
+        await dbFactory.Run(async db =>
+            await db.Users
+                .WhereIf(!string.IsNullOrEmpty(searchEmail),
+                    u => u.Email.ToLower().Contains(searchEmail.ToLower()))
+                .WhereIf(searchRole != null,
+                    u => u.Role == searchRole)
+                .ToListAsync(token: cancellationToken));
 }
@@ -15,7 +15,9 @@ public class SecurityTest
        var testString = "Hello World Test dfvjkhsdbfvkljh sabdljsdafv asdv";
        var username = "user@azaion.com";
        var password = "testpw";
-        var key = Security.MakeEncryptionKey(username, password);
+        var hardwareId = "test_hardware_id";
+
+        var key = Security.MakeEncryptionKey(username, password, hardwareId);

        var encryptedStream = new MemoryStream();
        await StringToStream(testString).EncryptTo(encryptedStream, key);
@@ -34,7 +36,9 @@ public class SecurityTest
    {
        var username = "user@azaion.com";
        var password = "testpw";
-        var key = Security.MakeEncryptionKey(username, password);
+        var hardwareId = "test_hardware_id";
+
+        var key = Security.MakeEncryptionKey(username, password, hardwareId);

        var largeFilePath = "large.txt";
        var largeFileDecryptedPath = "large_decrypted.txt";