From f6eed184fa91ded074a8c09ee7a7f5cdff7f4dfe Mon Sep 17 00:00:00 2001 From: Oleksandr Bezdieniezhnykh Date: Thu, 2 Oct 2025 00:37:30 +0300 Subject: [PATCH] add cors , add user should be enabled by default --- Azaion.Api/Program.cs | 34 ++++++++++++++++++++++++---------- Azaion.Services/UserService.cs | 3 ++- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/Azaion.Api/Program.cs b/Azaion.Api/Program.cs index 25a7aea..b3d59f5 100644 --- a/Azaion.Api/Program.cs +++ b/Azaion.Api/Program.cs @@ -109,6 +109,18 @@ builder.Services.AddScoped(); builder.Services.AddValidatorsFromAssemblyContaining(); builder.Services.AddExceptionHandler(); +// Add CORS configuration +builder.Services.AddCors(options => +{ + options.AddPolicy("AdminCorsPolicy", policy => + { + policy.WithOrigins("https://admin.azaion.com", "http://admin.azaion.com") + .AllowAnyMethod() + .AllowAnyHeader() + .AllowCredentials(); + }); +}); + var app = builder.Build(); if (app.Environment.IsDevelopment()) @@ -117,6 +129,8 @@ if (app.Environment.IsDevelopment()) app.UseSwaggerUI(); } +app.UseCors("AdminCorsPolicy"); + app.UseAuthentication(); app.UseAuthorization(); @@ -136,7 +150,7 @@ app.MapPost("/users", .RequireAuthorization(apiAdminPolicy) .WithOpenApi(op => new(op){ Summary = "Creates a new user"}); -app.MapGet("/currentuser", +app.MapGet("/users/current", async (IAuthService authService) => await authService.GetCurrentUser()) .RequireAuthorization() .WithOpenApi(op => new(op){ Summary = "Get Current User"}); @@ -159,14 +173,6 @@ app.MapPut("/users/queue-offsets/set", .RequireAuthorization() .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Sets user's queue offsets" }); -app.MapPost("/resources/{dataFolder?}", - async ([FromRoute]string? dataFolder, IFormFile data, IResourcesService resourceService, CancellationToken ct) - => await resourceService.SaveResource(dataFolder, data, ct)) - .Accepts("multipart/form-data") - .RequireAuthorization() - //.WithOpenApi(op => new(op){ Summary = "Upload resource"}); //For some reason doesn't work when this is specified. - .DisableAntiforgery(); - app.MapPut("/users/{email}/enable", async (string email, IUserService userService, CancellationToken ct) => await userService.SetEnableStatus(email, true, ct)) .RequireAuthorization(apiAdminPolicy) @@ -182,6 +188,14 @@ app.MapDelete("/users/{email}", async (string email, IUserService userService, C .RequireAuthorization(apiAdminPolicy) .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Remove user" }); +app.MapPost("/resources/{dataFolder?}", + async ([FromRoute]string? dataFolder, IFormFile data, IResourcesService resourceService, CancellationToken ct) + => await resourceService.SaveResource(dataFolder, data, ct)) + .Accepts("multipart/form-data") + .RequireAuthorization() + //.WithOpenApi(op => new(op){ Summary = "Upload resource"}); //For some reason doesn't work when this is specified. + .DisableAntiforgery(); + app.MapGet("/resources/list/{dataFolder?}", async ([FromRoute]string? dataFolder, string? search, IResourcesService resourcesService, CancellationToken ct) => await resourcesService.ListResources(dataFolder, search, ct)) @@ -190,7 +204,7 @@ app.MapGet("/resources/list/{dataFolder?}", app.MapPost("/resources/clear/{dataFolder?}", ([FromRoute]string? dataFolder, IResourcesService resourcesService) => resourcesService.ClearFolder(dataFolder)) - .RequireAuthorization() + .RequireAuthorization(apiAdminPolicy) .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Clear folder" }); app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password diff --git a/Azaion.Services/UserService.cs b/Azaion.Services/UserService.cs index 2707d05..006488b 100644 --- a/Azaion.Services/UserService.cs +++ b/Azaion.Services/UserService.cs @@ -36,7 +36,8 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService Email = request.Email, PasswordHash = request.Password.ToHash(), Role = request.Role, - CreatedAt = DateTime.UtcNow + CreatedAt = DateTime.UtcNow, + IsEnabled = true }, token: ct); }); }