145 lines
4.4 KiB
C#
145 lines
4.4 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using AutoMapper;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
using Shop.DTO;
|
|
using Shop.Helpers;
|
|
using Shop.Model;
|
|
using Shop.Services;
|
|
|
|
namespace Controllers
|
|
{
|
|
[Authorize]
|
|
[ApiController]
|
|
[Route("[controller]")]
|
|
public class UsersController : ControllerBase
|
|
{
|
|
private UserServices.IUserService _userService;
|
|
private IMapper _mapper;
|
|
public IConfiguration Configuration;
|
|
|
|
public UsersController(
|
|
UserServices.IUserService userService,
|
|
IMapper mapper,
|
|
IConfiguration configuration)
|
|
{
|
|
_userService = userService;
|
|
_mapper = mapper;
|
|
Configuration = configuration;
|
|
}
|
|
|
|
[AllowAnonymous]
|
|
[HttpPost("authenticate")]
|
|
public IActionResult Authenticate([FromBody]AuthenticateModel model)
|
|
{
|
|
var user = _userService.Authenticate(model.Username, model.Password);
|
|
|
|
if (user == null)
|
|
return BadRequest(new { message = "Username or password is incorrect" });
|
|
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var key = Encoding.ASCII.GetBytes(Configuration["Secret"]);
|
|
var tokenDescriptor = new SecurityTokenDescriptor
|
|
{
|
|
Subject = new ClaimsIdentity(new Claim[]
|
|
{
|
|
new Claim(ClaimTypes.Name, user.Id.ToString())
|
|
}),
|
|
Expires = DateTime.UtcNow.AddDays(7),
|
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
|
};
|
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
|
var tokenString = tokenHandler.WriteToken(token);
|
|
|
|
// return basic user info and authentication token
|
|
return Ok(new
|
|
{
|
|
Id = user.Id,
|
|
Username = user.Username,
|
|
FirstName = user.FirstName,
|
|
LastName = user.LastName,
|
|
Token = tokenString
|
|
});
|
|
}
|
|
|
|
[AllowAnonymous]
|
|
[HttpPost("register")]
|
|
public IActionResult Register([FromBody]RegisterModel model)
|
|
{
|
|
// map model to entity
|
|
var user = _mapper.Map<User>(model);
|
|
|
|
try
|
|
{
|
|
// create user
|
|
_userService.Create(user, model.Password);
|
|
return Ok();
|
|
}
|
|
catch (AppException ex)
|
|
{
|
|
// return error message if there was an exception
|
|
return BadRequest(new { message = ex.Message });
|
|
}
|
|
}
|
|
|
|
[HttpGet]
|
|
public IActionResult GetAll()
|
|
{
|
|
var users = _userService.GetAll();
|
|
var model = _mapper.Map<IList<UserModel>>(users);
|
|
return Ok(model);
|
|
}
|
|
|
|
[HttpGet("{id}")]
|
|
public IActionResult GetById(int id)
|
|
{
|
|
var user = _userService.GetById(id);
|
|
var model = _mapper.Map<UserModel>(user);
|
|
return Ok(model);
|
|
}
|
|
|
|
[HttpPut("{id}")]
|
|
public IActionResult Update(int id, [FromBody]UpdateModel model)
|
|
{
|
|
//Finding who is logged in
|
|
int logged_in_user = int.Parse(User.Identity.Name);
|
|
|
|
// map model to entity and set id
|
|
var user = _mapper.Map<User>(model);
|
|
user.Id = id;
|
|
|
|
//Rejecting access if the logged in user is not same as the user updating information
|
|
if(logged_in_user != id)
|
|
{
|
|
return BadRequest(new { message = "Access Denied" });
|
|
}
|
|
|
|
try
|
|
{
|
|
// update user
|
|
_userService.Update(user, model.CurrentPassword, model.NewPassword, model.ConfirmNewPassword);
|
|
return Ok();
|
|
}
|
|
catch (AppException ex)
|
|
{
|
|
// return error message if there was an exception
|
|
return BadRequest(new { message = ex.Message });
|
|
}
|
|
}
|
|
|
|
[HttpDelete("{id}")]
|
|
public IActionResult Delete(int id)
|
|
{
|
|
_userService.Delete(id);
|
|
return Ok();
|
|
}
|
|
}
|
|
}
|