rename Azaion.Api -> Azaion.AdminApi

Azaion.AdminApi/Azaion.AdminApi.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+    <PropertyGroup>
+        <TargetFramework>net10.0</TargetFramework>
+        <Nullable>enable</Nullable>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="FluentValidation.AspNetCore" Version="11.3.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.3" />
+        <PackageReference Include="Serilog" Version="4.1.0" />
+        <PackageReference Include="Serilog.Extensions.Hosting" Version="8.0.0" />
+        <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
+        <PackageReference Include="Serilog.Sinks.Console" Version="6.0.0" />
+        <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.4"/>
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\Azaion.Common\Azaion.Common.csproj" />
+      <ProjectReference Include="..\Azaion.Services\Azaion.Services.csproj" />
+    </ItemGroup>
+
+</Project>

Azaion.AdminApi/BusinessExceptionHandler.cs

@@ -0,0 +1,28 @@
+
+using Microsoft.AspNetCore.Diagnostics;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+
+namespace Azaion.Common;
+
+public class BusinessExceptionHandler(ILogger<BusinessExceptionHandler> logger) : IExceptionHandler
+{
+    public async ValueTask<bool> TryHandleAsync(HttpContext httpContext, Exception exception, CancellationToken cancellationToken)
+    {
+        if (exception is not BusinessException ex)
+            return false;
+
+        logger.LogWarning(exception, ex.Message);
+        httpContext.Response.StatusCode = StatusCodes.Status409Conflict;
+        httpContext.Response.ContentType = "application/json";
+
+        var err = JsonConvert.SerializeObject(new
+        {
+            ErrorCode = ex.ExceptionEnum,
+            ex.Message
+        });
+        await httpContext.Response.WriteAsync(err, cancellationToken).ConfigureAwait(false);
+        return true;
+    }
+}

Azaion.AdminApi/Program.cs

@@ -0,0 +1,265 @@
+using System.Text;
+using Azaion.Common;
+using Azaion.Common.Configs;
+using Azaion.Common.Database;
+using Azaion.Common.Entities;
+using Azaion.Common.Requests;
+using Azaion.Services;
+using FluentValidation;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Rewrite;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi;
+using Serilog;
+
+Log.Logger = new LoggerConfiguration()
+    .Enrich.FromLogContext()
+    .MinimumLevel.Information()
+    .WriteTo.Console()
+    .WriteTo.File(
+        path: "logs/log.txt",
+        rollingInterval: RollingInterval.Day)
+    .CreateLogger();
+
+var builder = WebApplication.CreateBuilder(args);
+builder.WebHost.ConfigureKestrel(o => o.Limits.MaxRequestBodySize = 209715200); //increase upload limit up to 200mb
+
+var jwtConfig = builder.Configuration.GetSection(nameof(JwtConfig)).Get<JwtConfig>();
+if (jwtConfig == null || string.IsNullOrEmpty(jwtConfig.Secret))
+    throw new Exception("Missing configuration section: JwtConfig");
+var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.Secret));
+
+builder.Services.AddSerilog();
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(o =>
+    {
+        o.TokenValidationParameters = new TokenValidationParameters
+        {
+            ValidateIssuer = true,
+            ValidateAudience = true,
+            ValidateLifetime = true,
+            ValidateIssuerSigningKey = true,
+            ValidIssuer = jwtConfig.Issuer,
+            ValidAudience = jwtConfig.Audience,
+            IssuerSigningKey = signingKey
+        };
+    });
+
+#region Policies
+
+var apiAdminPolicy = new AuthorizationPolicyBuilder()
+    .RequireRole(RoleEnum.ApiAdmin.ToString()).Build();
+
+var apiUploaderPolicy = new AuthorizationPolicyBuilder()
+    .RequireRole(RoleEnum.ResourceUploader.ToString(), RoleEnum.ApiAdmin.ToString()).Build();
+
+builder.Services.AddAuthorization(o =>
+{
+    o.AddPolicy(nameof(apiAdminPolicy), apiAdminPolicy);
+    o.AddPolicy(nameof(apiUploaderPolicy), apiUploaderPolicy);
+});
+
+#endregion Policies
+
+
+builder.Services.AddHttpContextAccessor();
+
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen(c =>
+{
+    c.SwaggerDoc("v1", new OpenApiInfo {Title = "Azaion.API", Version = "v1"});
+    c.CustomSchemaIds(type => type.ToString());
+    var jwtSecurityScheme = new OpenApiSecurityScheme
+    {
+        Scheme = "bearer",
+        BearerFormat = "JWT",
+        Name = "JWT Authentication",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+        Description = "Put **_ONLY_** your JWT Bearer token on textbox below!",
+    };
+
+    c.AddSecurityDefinition(JwtBearerDefaults.AuthenticationScheme, jwtSecurityScheme);
+
+    c.AddSecurityRequirement(_ => new OpenApiSecurityRequirement
+    {
+        { new OpenApiSecuritySchemeReference(JwtBearerDefaults.AuthenticationScheme, null), new List<string>() }
+    });
+});
+builder.Services.Configure<ResourcesConfig>(builder.Configuration.GetSection(nameof(ResourcesConfig)));
+builder.Services.Configure<JwtConfig>(builder.Configuration.GetSection(nameof(JwtConfig)));
+builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(nameof(ConnectionStrings)));
+
+builder.Services.AddScoped<IUserService, UserService>();
+builder.Services.AddScoped<IAuthService, AuthService>();
+builder.Services.AddScoped<IResourcesService, ResourcesService>();
+builder.Services.AddSingleton<IDbFactory, DbFactory>();
+
+builder.Services.AddLazyCache();
+builder.Services.AddScoped<ICache, MemoryCache>();
+
+builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
+builder.Services.AddExceptionHandler<BusinessExceptionHandler>();
+
+// Add CORS configuration
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy("AdminCorsPolicy", policy =>
+    {
+        policy.WithOrigins("https://admin.azaion.com", "http://admin.azaion.com")
+              .AllowAnyMethod()
+              .AllowAnyHeader()
+              .AllowCredentials();
+    });
+});
+
+var app = builder.Build();
+
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+}
+
+app.UseCors("AdminCorsPolicy");
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.UseRewriter(new RewriteOptions().AddRedirect("^$", "/swagger"));
+
+app.MapPost("/login",
+    async (LoginRequest request, IUserService userService, IAuthService authService, CancellationToken cancellationToken) =>
+    {
+        var user = await userService.ValidateUser(request, ct: cancellationToken);
+        return Results.Ok(new { Token = authService.CreateToken(user)});
+    })
+    .WithSummary("Login");
+
+app.MapPost("/users",
+    async (RegisterUserRequest registerUserRequest, IUserService userService, CancellationToken cancellationToken)
+        => await userService.RegisterUser(registerUserRequest, cancellationToken))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Creates a new user");
+
+app.MapGet("/users/current",
+    async (IAuthService authService) => await authService.GetCurrentUser())
+    .RequireAuthorization()
+    .WithSummary("Get Current User");
+
+app.MapGet("/users",
+    async (string? searchEmail, RoleEnum? searchRole, IUserService userService, CancellationToken ct)
+        => await userService.GetUsers(searchEmail, searchRole, ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("List users by criteria");
+
+app.MapPut("/users/hardware/set",
+        async ([FromBody]SetHWRequest request, IUserService userService, ICache cache, CancellationToken ct) =>
+        await userService.UpdateHardware(request.Email, request.Hardware, ct: ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Sets user's hardware");
+
+app.MapPut("/users/queue-offsets/set",
+        async ([FromBody]SetUserQueueOffsetsRequest request, IUserService userService, CancellationToken ct)
+            => await userService.UpdateQueueOffsets(request.Email, request.Offsets, ct))
+    .RequireAuthorization()
+    .WithSummary("Sets user's queue offsets");
+
+app.MapPut("/users/{email}/set-role/{role}", async (string email, RoleEnum role, IUserService userService, CancellationToken ct)
+    => await userService.ChangeRole(email, role, ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Set user's role");
+
+app.MapPut("/users/{email}/enable", async (string email, IUserService userService, CancellationToken ct)
+        => await userService.SetEnableStatus(email, true, ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Enable user");
+
+app.MapPut("/users/{email}/disable", async (string email, IUserService userService, CancellationToken ct)
+        => await userService.SetEnableStatus(email, false, ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Disable user");
+
+app.MapDelete("/users/{email}", async (string email, IUserService userService, CancellationToken ct)
+        => await userService.RemoveUser(email, ct))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Remove user");
+
+app.MapPost("/resources/{dataFolder?}",
+        async ([FromRoute]string? dataFolder, IFormFile data, IResourcesService resourceService, CancellationToken ct)
+            => await resourceService.SaveResource(dataFolder, data, ct))
+    .Accepts<IFormFile>("multipart/form-data")
+    .RequireAuthorization()
+    .WithSummary("Upload resource")
+    .DisableAntiforgery();
+
+app.MapGet("/resources/list/{dataFolder?}",
+    async ([FromRoute]string? dataFolder, string? search, IResourcesService resourcesService, CancellationToken ct)
+        => await resourcesService.ListResources(dataFolder, search, ct))
+    .RequireAuthorization()
+    .WithSummary("Lists resources in folder");
+
+app.MapPost("/resources/clear/{dataFolder?}",
+        ([FromRoute]string? dataFolder, IResourcesService resourcesService) => resourcesService.ClearFolder(dataFolder))
+    .RequireAuthorization(apiAdminPolicy)
+    .WithSummary("Clear folder");
+
+app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password
+    async ([FromBody]GetResourceRequest request, [FromRoute]string? dataFolder, IAuthService authService,
+        IUserService userService, IResourcesService resourcesService, CancellationToken ct) =>
+    {
+        var user = await authService.GetCurrentUser();
+        if (user == null)
+            throw new UnauthorizedAccessException();
+
+        var hwHash = await userService.CheckHardwareHash(user, request.Hardware);
+
+        var key = Security.GetApiEncryptionKey(user.Email, request.Password, hwHash);
+        var stream = await resourcesService.GetEncryptedResource(dataFolder, request.FileName, key, ct);
+
+        return Results.File(stream, "application/octet-stream", request.FileName);
+    }).RequireAuthorization()
+    .WithSummary("Gets encrypted by users Password and HardwareHash resources. POST method for secure password");
+
+app.MapGet("/resources/get-installer",
+        async (IAuthService authService, IResourcesService resourcesService, CancellationToken ct) =>
+        {
+            var user = await authService.GetCurrentUser();
+            if (user == null)
+                throw new UnauthorizedAccessException();
+            var (name, stream) = resourcesService.GetInstaller(isStage: false);
+            if (stream == null)
+                throw new FileNotFoundException("Installer file was not found!");
+            return Results.File(stream, "application/octet-stream", name);
+        }).RequireAuthorization()
+    .WithSummary("Gets latest installer");
+
+app.MapGet("/resources/get-installer/stage",
+        async (IAuthService authService, IResourcesService resourcesService, CancellationToken ct) =>
+        {
+            var user = await authService.GetCurrentUser();
+            if (user == null)
+                throw new UnauthorizedAccessException();
+            var (name, stream) = resourcesService.GetInstaller(isStage: true);
+            if (stream == null)
+                throw new FileNotFoundException("Installer file was not found!");
+            return Results.File(stream, "application/octet-stream", name);
+        }).RequireAuthorization()
+    .WithSummary("Gets latest installer");
+
+
+app.MapPost("/resources/check",
+    async (CheckResourceRequest request, IAuthService authService, IUserService userService) =>
+    {
+        var user = await authService.GetCurrentUser();
+        if (user == null)
+            throw new UnauthorizedAccessException();
+        await userService.CheckHardwareHash(user, request.Hardware);
+        return true;
+    });
+
+app.UseExceptionHandler(_ => {});
+
+app.Run();

Azaion.AdminApi/Properties/launchSettings.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:10133",
+      "sslPort": 44330
+    }
+  },
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:5219",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

Azaion.AdminApi/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

Azaion.AdminApi/appsettings.json

@@ -0,0 +1,19 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*",
+  "ResourcesConfig": {
+    "ResourcesFolder": "Content",
+    "SuiteInstallerFolder": "suite",
+    "SuiteStageInstallerFolder": "suite-stage"
+  },
+  "JwtConfig": {
+    "Issuer": "AzaionApi",
+    "Audience": "Annotators/OrangePi/Admins",
+    "TokenLifetimeHours": 4
+  }
+}