From 1dc5a8cd7fd2cdca06cdea1a798530b636f65e9a Mon Sep 17 00:00:00 2001 From: Derek Holloway Date: Sun, 29 Jun 2025 22:03:13 -0700 Subject: [PATCH] Cleanup and re-align the controllers to the new database --- .../Controllers/AuthenticationController.cs | 213 ++++++------------ .../Controllers/CartController.cs | 69 ++++++ .../Controllers/MistoxControllerBase.cs | 60 +++++ .../Controllers/PaymentController.cs | 35 ++- .../Controllers/PaymentMethods/IPayment.cs | 2 +- .../PaymentMethods/StripeIntents.cs | 9 +- .../Controllers/ProductController.cs | 203 ++++++----------- 7 files changed, 283 insertions(+), 308 deletions(-) create mode 100644 src/MistoxWebsite.Server/Controllers/CartController.cs create mode 100644 src/MistoxWebsite.Server/Controllers/MistoxControllerBase.cs diff --git a/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs b/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs index fee8417..0bd6c72 100755 --- a/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs +++ b/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs @@ -8,39 +8,32 @@ using MistoxWebsite.Server.Entities; namespace MistoxWebsite.Server.Controllers { [ApiController] - public class AuthenticationController : ControllerBase { + [Route("api/account/[controller]")] + public class AuthenticationController : MistoxControllerBase { - DatabaseService _accountContext; EmailService _emailContext; - public AuthenticationController(DatabaseService DatabaseContext, EmailService emailContext) { - _accountContext = DatabaseContext; + public AuthenticationController(DatabaseService db, EmailService emailContext) : base(db) { _emailContext = emailContext; } - [Route("api/account/login")] + [Route("login")] [HttpPost] public async Task> Login([FromForm] string UserName, [FromForm] string PasswordHash, [FromForm] bool StayLoggedIn) { try { - Account? test = await _accountContext.GetAccount(UserName.ToLower()); + Account? test = await _databaseService.GetAccount(UserName.ToLower()); if (test != null) { if (test.EmailVerified == true) { - if (test.SiteData.FailedPasswordLock) { - if (test.SiteData.CurrentPasswordAttempts >= test.SiteData.PasswordAttempts) { + if (test.FailedPasswordLock) { + if (test.CurrentPasswordAttempts >= test.PasswordAttempts) { return new Account() { Error = "Too many failed password attempts. Please reset your password" }; } } if (BCrypt.Net.BCrypt.Verify(PasswordHash, test.PasswordHash)) { - test.SiteData.CurrentPasswordAttempts = 0; - await _accountContext.SetAccount(test); + test.CurrentPasswordAttempts = 0; + await _databaseService.SetAccount(test); - AccountClaims aClaims = await getClaims(test.ID); List claims = new List() { - new Claim(ClaimTypes.Name, aClaims.UserName), - new Claim(ClaimTypes.Email, aClaims.Email), - new Claim("emailverified", aClaims.EmailVerified), - new Claim(ClaimTypes.Role, aClaims.Role), - new Claim("LockAccount", aClaims.FailedPasswordLock), new Claim("ID", test.ID.ToString()) }; @@ -55,8 +48,8 @@ namespace MistoxWebsite.Server.Controllers { return test; } else { - test.SiteData.CurrentPasswordAttempts += 1; - await _accountContext.SetAccount(test); + test.CurrentPasswordAttempts += 1; + await _databaseService.SetAccount(test); return new Account() { Error = "Wrong password" }; } } @@ -71,58 +64,21 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/session")] - [HttpPost] - public async Task> LoginSession([FromBody] Account request) { - try { - Account? test = await _accountContext.GetAccount(request.UserName.ToLower()); - if (test != null) { - if (request.PasswordHash == test.PasswordHash) { - return test; - } - else { - test.SiteData.CurrentPasswordAttempts += 1; - await _accountContext.SetAccount(test); - return new Account() { Error = "Wrong password" }; - } - } - return new Account() { Error = "User doesn't exist" }; - } catch (Exception ex) { - return new Account() { Error = ex.Message }; - } - } - - [Route("api/account/claims")] - [HttpPost] - public async Task> Claims([FromBody] Account Account) { - AccountClaims claims = await getClaims(Account.ID); - return claims; - } - - [Route("api/account/register")] + [Route("register")] [HttpPost] public async Task> Register([FromForm] string Email, [FromForm] string UserName, [FromForm] string PasswordHash) { try { - if (await _accountContext.GetAccount(UserName.ToLower()) == null) { - if (await _accountContext.GetAccount(Email.ToLower()) == null) { + if (await _databaseService.GetAccount(UserName.ToLower()) == null) { + if (await _databaseService.GetAccount(Email.ToLower()) == null) { Account? created = new Account() { UserName = UserName.ToLower(), Email = Email.ToLower(), EmailVerified = false, PasswordHash = BCrypt.Net.BCrypt.HashPassword(PasswordHash), }; - await _accountContext.NewAccount(created); - created = await _accountContext.GetAccount(Email.ToLower()); + await _databaseService.SetAccount(created); + created = await _databaseService.GetAccount(Email.ToLower()); if (created != null) { - AccountClaims aClaims = await getClaims(created.ID); - List claims = new List() { - new Claim(ClaimTypes.Name, aClaims.UserName), - new Claim(ClaimTypes.Email, aClaims.Email), - new Claim("emailverified", aClaims.EmailVerified), - new Claim(ClaimTypes.Role, aClaims.Role), - new Claim("LockAccount", aClaims.FailedPasswordLock) - }; - await SendVerify(created.UserName); return created; } @@ -142,16 +98,16 @@ namespace MistoxWebsite.Server.Controllers { } - [Route("api/account/changepassword")] + [Route("changepassword")] [HttpPost] - public async Task> ChangePassword([FromForm]string UserName, [FromForm]string OldPassword, [FromForm]string NewPassword) { + public async Task> ChangePassword([FromForm] string OldPassword, [FromForm] string NewPassword) { try { - Account? test = await _accountContext.GetAccount(UserName.ToLower()); - if (test != null) { - if (BCrypt.Net.BCrypt.Verify(OldPassword, test.PasswordHash)) { - test.PasswordHash = BCrypt.Net.BCrypt.HashPassword(NewPassword); - test.SiteData.CurrentPasswordAttempts = 0; - await _accountContext.SetAccount(test); + if (isLoggedIn()) { + Account user = await getLoggedInUser(); + if (BCrypt.Net.BCrypt.Verify(OldPassword, user.PasswordHash)) { + user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(NewPassword); + user.CurrentPasswordAttempts = 0; + await _databaseService.SetAccount(user); return true; } } @@ -161,15 +117,15 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/toggleAccountLock")] + [Route("toggleaccountlock")] [HttpPost] - public async Task> ToggleAccountLock([FromForm]string UserName, [FromForm]bool AccountLock) { + public async Task> ToggleAccountLock([FromForm] bool AccountLock) { try { - Account? test = await _accountContext.GetAccount(UserName); - if (test != null) { - test.SiteData.FailedPasswordLock = AccountLock; - test.SiteData.CurrentPasswordAttempts = 0; - await _accountContext.SetAccount(test); + if (isLoggedIn()) { + Account user = await getLoggedInUser(); + user.FailedPasswordLock = AccountLock; + user.CurrentPasswordAttempts = 0; + await _databaseService.SetAccount(user); return "Account Lock Status Updated"; } return "Unknown Error Occurred"; @@ -178,18 +134,12 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/get")] + [Route("get")] [HttpPost] public async Task> Get() { try { - if (User.Identity != null && User.Identity.IsAuthenticated) { - string? email = User.FindFirstValue(ClaimTypes.Email); - if (!string.IsNullOrEmpty(email)) { - Account? test = await _accountContext.GetAccount(email); - if (test != null) { - return test; - } - } + if (isLoggedIn()) { + return await getLoggedInUser(); } return Ok(); } catch { @@ -197,15 +147,15 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/logout")] + [Route("logout")] [HttpPost] public async Task Logout() { await HttpContext.SignOutAsync(); } - [Route("api/account/sendverifyemail")] + [Route("sendverifyemail")] [HttpPost] - public async Task> SendVerify([FromForm]string UserName) { + public async Task> SendVerify([FromForm] string UserName) { try { string key = "v" + UserName; // Stop from sending multiple emails quickly @@ -218,15 +168,15 @@ namespace MistoxWebsite.Server.Controllers { _emailContext._SentEmails.Remove(key); } } - Account? test = await _accountContext.GetAccount(UserName.ToLower()); + Account? test = await _databaseService.GetAccount(UserName.ToLower()); if (test != null) { - test.SiteData.EmailToken = Guid.NewGuid().ToString(); - await _accountContext.SetAccount(test); + test.EmailToken = Guid.NewGuid().ToString(); + await _databaseService.SetAccount(test); string EmailContents = EmailService.VerifyEmailEmail; EmailContents = Substitue(EmailContents, "@UserName", UserName); EmailContents = Substitue(EmailContents, "@UserName", UserName); - EmailContents = Substitue(EmailContents, "@VerifyPassword", test.SiteData.EmailToken); + EmailContents = Substitue(EmailContents, "@VerifyPassword", test.EmailToken); string result = _emailContext.Send(test.Email, EmailService.VerifyEmailSubject, EmailContents); _emailContext._SentEmails.Add(key, DateTime.Now); @@ -238,16 +188,16 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/verifyemail")] + [Route("verifyemail")] [HttpPost] - public async Task> VerifyEmail([FromForm]string UserName, [FromForm]string EmailToken) { + public async Task> VerifyEmail([FromForm] string UserName, [FromForm] string EmailToken) { try { - Account? test = await _accountContext.GetAccount(UserName.ToLower()); + Account? test = await _databaseService.GetAccount(UserName.ToLower()); if (test != null) { - if (test.SiteData.EmailToken == EmailToken) { - test.SiteData.EmailToken = ""; + if (!string.IsNullOrEmpty(test.EmailToken) && test.EmailToken == EmailToken) { + test.EmailToken = ""; test.EmailVerified = true; - await _accountContext.SetAccount(test); + await _databaseService.SetAccount(test); return true; } } @@ -257,7 +207,7 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/sendresetpassword")] + [Route("sendresetpassword")] [HttpPost] public async Task> ResetPassword([FromForm] string Email) { try { @@ -272,15 +222,15 @@ namespace MistoxWebsite.Server.Controllers { _emailContext._SentEmails.Remove(key); } } - Account? test = await _accountContext.GetAccount(Email.ToLower()); + Account? test = await _databaseService.GetAccount(Email.ToLower()); if (test != null) { - test.SiteData.EmailToken = Guid.NewGuid().ToString(); - await _accountContext.SetAccount(test); + test.EmailToken = Guid.NewGuid().ToString(); + await _databaseService.SetAccount(test); string EmailContents = EmailService.ResetPasswordEmail; EmailContents = Substitue(EmailContents, "@UserName", test.UserName); EmailContents = Substitue(EmailContents, "@UserName", test.UserName); - EmailContents = Substitue(EmailContents, "@ResetPassWord", test.SiteData.EmailToken); + EmailContents = Substitue(EmailContents, "@ResetPassWord", test.EmailToken); string result = _emailContext.Send(test.Email, EmailService.VerifyEmailSubject, EmailContents); _emailContext._SentEmails.Add(key, DateTime.Now); @@ -288,22 +238,23 @@ namespace MistoxWebsite.Server.Controllers { } return "Account Not Found"; } catch (Exception e) { - Console.WriteLine( "EmailService Error: " + e.ToString()); + Console.WriteLine("EmailService Error: " + e.ToString()); return "The connection couldn't be established to the email server"; } } - [Route("api/account/resetpassword")] + [Route("resetpassword")] [HttpPost] public async Task> ResetPwdVerify([FromForm] string UserName, [FromForm] string NewPassword, [FromForm] string ResetToken) { try { - Account? test = await _accountContext.GetAccount(UserName.ToLower()); - if (test != null && !string.IsNullOrEmpty(test.SiteData.EmailToken)) { - if (test.SiteData.EmailToken == ResetToken) { - test.SiteData.CurrentPasswordAttempts = 0; + Account? test = await _databaseService.GetAccount(UserName.ToLower()); + if (test != null && !string.IsNullOrEmpty(test.EmailToken)) { + if (!string.IsNullOrEmpty(test.EmailToken) && test.EmailToken == ResetToken) { + test.CurrentPasswordAttempts = 0; + test.EmailToken = ""; test.PasswordHash = BCrypt.Net.BCrypt.HashPassword(NewPassword); - await _accountContext.SetAccount(test); + await _databaseService.SetAccount(test); return true; } } @@ -313,14 +264,14 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/account/delete")] + [Route("delete")] [HttpPost] - public async Task> delete([FromForm]string UserName, [FromForm]string Password) { + public async Task> delete([FromForm] string Password) { try { - Account? test = await _accountContext.GetAccount(UserName.ToLower()); - if (test != null) { - if (BCrypt.Net.BCrypt.Verify(Password, test.PasswordHash)) { - await _accountContext.DeleteAccount(test); + if (isLoggedIn()) { + Account user = await getLoggedInUser(); + if (BCrypt.Net.BCrypt.Verify(Password, user.PasswordHash)) { + await _databaseService.DeleteAccount(user.ID); return true; } } @@ -330,37 +281,5 @@ namespace MistoxWebsite.Server.Controllers { } } - // Helper Functions - - string Substitue(string message, string subString, string Replacement) { - for (int i = 0; i < (message.Length - subString.Length); i++) { - if (message.Substring(i, subString.Length) == subString) { - string before = message.Substring(0, i); - string after = message.Substring(i + subString.Length); - return before + Replacement + after; - } - } - return message; - } - - async Task getClaims(int AccountID) { - try { - Account? test = await _accountContext.GetAccountByID(AccountID); - if (test != null) { - AccountClaims aClaims = new AccountClaims() { - UserName = test.UserName, - Email = test.Email, - Role = test.SiteData.Role - }; - aClaims.EmailVerified = test.EmailVerified ? "1" : "0"; - aClaims.FailedPasswordLock = test.SiteData.FailedPasswordLock ? "1" : "0"; - return aClaims; - } - return new AccountClaims(); - } catch { - return new AccountClaims(); - } - } - } } diff --git a/src/MistoxWebsite.Server/Controllers/CartController.cs b/src/MistoxWebsite.Server/Controllers/CartController.cs new file mode 100644 index 0000000..e1e7d2c --- /dev/null +++ b/src/MistoxWebsite.Server/Controllers/CartController.cs @@ -0,0 +1,69 @@ +using Microsoft.AspNetCore.Mvc; +using MistoxWebsite.Server.Entities; +using MistoxWebsite.Server.Services.DatabaseService; + +namespace MistoxWebsite.Server.Controllers { + [ApiController] + [Route("api/cart/[controller]")] + public class CartController : MistoxControllerBase { + + CartController(DatabaseService db) : base(db) { } + + [Route("get")] + [HttpPost] + public async Task> GetCart() { + try { + if (isLoggedIn()) { + return Ok(await _databaseService.GetCart(getLoggedInUserID())); + } + return StatusCode(500); + } catch { + return StatusCode(500); + } + } + + [Route("add")] + [HttpPost] + public async Task AddCart([FromBody] Cart cart) { + try { + if (isLoggedIn()) { + cart.AccountID = getLoggedInUserID(); + await _databaseService.AddToCart(cart); + return Ok(); + } + return StatusCode(500); + } catch { + return StatusCode(500); + } + } + + [Route("remove")] + [HttpPost] + public async Task RemoveCart([FromBody] Cart cart) { + try { + if (isLoggedIn()) { + cart.AccountID = getLoggedInUserID(); + await _databaseService.RemoveFromCart(cart); + return Ok(); + } + return StatusCode(500); + } catch { + return StatusCode(500); + } + } + + [Route("clear")] + [HttpPost] + public async Task ClearCart() { + try { + if (isLoggedIn()) { + await _databaseService.ClearCart(getLoggedInUserID()); + return Ok(); + } + return StatusCode(500); + } catch { + return StatusCode(500); + } + } + } +} \ No newline at end of file diff --git a/src/MistoxWebsite.Server/Controllers/MistoxControllerBase.cs b/src/MistoxWebsite.Server/Controllers/MistoxControllerBase.cs new file mode 100644 index 0000000..1fb2aad --- /dev/null +++ b/src/MistoxWebsite.Server/Controllers/MistoxControllerBase.cs @@ -0,0 +1,60 @@ +using Microsoft.AspNetCore.Mvc; +using MistoxWebsite.Server.Entities; +using MistoxWebsite.Server.Services.DatabaseService; + +namespace MistoxWebsite.Server.Controllers { + + public class MistoxControllerBase : ControllerBase { + + public DatabaseService _databaseService; + + public MistoxControllerBase(DatabaseService databaseService) { + _databaseService = databaseService; + } + + public bool isLoggedIn() { + if (User.Identity != null && User.Identity.IsAuthenticated) { + return true; + } + return false; + } + + public int getLoggedInUserID() { + return Convert.ToInt32(User.FindFirst("ID")?.Value); + } + + public async Task getLoggedInUser() { + try { + Account? test = await _databaseService.GetAccount(getLoggedInUserID()); + if (test != null) { + return test; + } + return new Account(); + } catch { + return new Account(); + } + } + + public string Substitue(string message, string subString, string Replacement) { + for (int i = 0; i < (message.Length - subString.Length); i++) { + if (message.Substring(i, subString.Length) == subString) { + string before = message.Substring(0, i); + string after = message.Substring(i + subString.Length); + return before + Replacement + after; + } + } + return message; + } + + public bool contains(string outer, string inner) { + if (outer.Length >= inner.Length) { + for (int i = 0; i < outer.Length - inner.Length; i++) { + if (outer.Substring(i, inner.Length) == inner) { + return true; + } + } + } + return false; + } + } +} \ No newline at end of file diff --git a/src/MistoxWebsite.Server/Controllers/PaymentController.cs b/src/MistoxWebsite.Server/Controllers/PaymentController.cs index 130a052..f043801 100755 --- a/src/MistoxWebsite.Server/Controllers/PaymentController.cs +++ b/src/MistoxWebsite.Server/Controllers/PaymentController.cs @@ -5,14 +5,12 @@ using MistoxWebsite.Server.Entities; namespace MistoxWebsite.Server.Controllers { [ApiController] - public class PaymentController : ControllerBase { + [Route("api/payment/[controller]")] + public class PaymentController : MistoxControllerBase { - DatabaseService _databaseService; IPayment _paymentService; - public PaymentController(DatabaseService databaseService) { - _databaseService = databaseService; - + public PaymentController(DatabaseService db) : base(db) { if (IPayment._PaymentType == PaymentType.StripeIntent) { _paymentService = new StripeIntent(_databaseService); } else { @@ -20,17 +18,15 @@ namespace MistoxWebsite.Server.Controllers { _paymentService = new StripeIntent(_databaseService); } // Add new payment plugins here - } - [Route("api/getCheckoutToken")] + [Route("getcheckouttoken")] [HttpPost] - public async Task GetPaymentKey( [FromQuery] string userID ) { - string OrderNumber = Guid.NewGuid().ToString().Substring(0,10); - Account? acc = await _databaseService.GetAccount(userID); - if (acc != null) { - Cart[] carts = await _databaseService.GetCart(acc); - (bool, string) PaymentResponse = await _paymentService.TryGetCheckoutToken(OrderNumber, acc, carts); + public async Task GetCheckoutToken() { + string OrderNumber = Guid.NewGuid().ToString().Substring(0, 10); + if (isLoggedIn()) { + Cart[] carts = await _databaseService.GetCart(getLoggedInUserID()); + (bool, string) PaymentResponse = await _paymentService.TryGetCheckoutToken(OrderNumber, getLoggedInUserID(), carts); if (PaymentResponse.Item1) { // Returns client secret return PaymentResponse.Item2; @@ -40,14 +36,13 @@ namespace MistoxWebsite.Server.Controllers { Console.WriteLine("\n"); return "An error has occured in the payment plugin"; } - } else { - return "Unable to find account"; } + return "You must be logged in"; } - - [Route("/api/payment/publickey")] - [HttpGet] - public IActionResult GetPaymentKey() { + + [Route("getpublickey")] + [HttpPost] + public IActionResult GetPublicKey() { try { return Ok(IPayment._PublicKey); } catch (Exception ex) { @@ -55,7 +50,7 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("/api/payment/response")] + [Route("response")] [HttpPost] public async Task paymentWebhook() { try { diff --git a/src/MistoxWebsite.Server/Controllers/PaymentMethods/IPayment.cs b/src/MistoxWebsite.Server/Controllers/PaymentMethods/IPayment.cs index f0cb018..491d2e6 100644 --- a/src/MistoxWebsite.Server/Controllers/PaymentMethods/IPayment.cs +++ b/src/MistoxWebsite.Server/Controllers/PaymentMethods/IPayment.cs @@ -8,7 +8,7 @@ namespace MistoxWebsite.Server.Controllers.Payment { public static string _EndpointSecret = ""; public static string _PublicKey = ""; - public Task<(bool, string)> TryGetCheckoutToken(string OrderNumber, Account user, Cart[] cart); + public Task<(bool, string)> TryGetCheckoutToken(string OrderNumber, int userID, Cart[] cart); public Task ValidatePurchase(string WebHookData, string Headers); } diff --git a/src/MistoxWebsite.Server/Controllers/PaymentMethods/StripeIntents.cs b/src/MistoxWebsite.Server/Controllers/PaymentMethods/StripeIntents.cs index 1475533..2ca006b 100644 --- a/src/MistoxWebsite.Server/Controllers/PaymentMethods/StripeIntents.cs +++ b/src/MistoxWebsite.Server/Controllers/PaymentMethods/StripeIntents.cs @@ -12,7 +12,7 @@ namespace MistoxWebsite.Server.Controllers { _databaseService = databaseService; } - public async Task<(bool, string)> TryGetCheckoutToken(string OrderNumber, Account user, Cart[] cart) { + public async Task<(bool, string)> TryGetCheckoutToken(string OrderNumber, int userID, Cart[] cart) { try { // build Recipt and calculate Tax var options = new Stripe.Tax.CalculationCreateOptions { @@ -60,7 +60,7 @@ namespace MistoxWebsite.Server.Controllers { Currency = "usd", Metadata = new Dictionary { { "ordernumber", OrderNumber }, - { "user", user.ID.ToString() }, + { "user", userID.ToString() }, { "products", csv }, { "subtotal", subtotal.ToString() }, { "total", result.AmountTotal.ToString() } @@ -115,10 +115,7 @@ namespace MistoxWebsite.Server.Controllers { } // Clear the cart - Account account = new() { - ID = userID - }; - await _databaseService.ClearCart(account); + await _databaseService.ClearCart(userID); // Add data to misox receipt for (int i = 0; i < productIDs.Count; i++) { diff --git a/src/MistoxWebsite.Server/Controllers/ProductController.cs b/src/MistoxWebsite.Server/Controllers/ProductController.cs index beaddc4..364fd0e 100755 --- a/src/MistoxWebsite.Server/Controllers/ProductController.cs +++ b/src/MistoxWebsite.Server/Controllers/ProductController.cs @@ -1,102 +1,53 @@ using Microsoft.AspNetCore.Mvc; using MistoxWebsite.Server.Services.DatabaseService; using MistoxWebsite.Server.Entities; -using System.Security.Claims; -using System.Threading.Tasks; namespace MistoxWebsite.Server.Controllers { [ApiController] - public class ProductController : ControllerBase { + [Route("api/product/[controller]")] + public class ProductController : MistoxControllerBase { - DatabaseService _databaseService; + public ProductController(DatabaseService db) : base(db) { } - public ProductController( DatabaseService databaseService ) { - _databaseService = databaseService; - } - - [Route( "api/cart/get" )] + [Route("set")] [HttpPost] - public async Task GetCart( [FromBody] Account acc ) { + public async Task> CreateProduct([FromForm] Product obj, [FromForm] IFormFile[] images) { try { - return await _databaseService.GetCart( acc ); - } catch { - return new Cart[0]; - } - } + if (isLoggedIn()) { + Account user = await getLoggedInUser(); + if (user.Role == "Admin") { + List building = new List(); + foreach (var file in images) { + using (var stream = new MemoryStream()) { + await file.CopyToAsync(stream); + var bytes = stream.ToArray(); - [Route( "api/cart/add" )] - [HttpPost] - public async Task AddCart( [FromBody] Cart cart ) { - try { - await _databaseService.AddToCart( cart ); - }catch { - - } - } - - [Route( "api/cart/remove" )] - [HttpPost] - public async Task RemoveCart( [FromBody] Cart cart ) { - try { - await _databaseService.RemoveFromCart( cart ); - } catch { - - } - } - - [Route( "api/cart/clear" )] - [HttpPost] - public async Task ClearCart( [FromBody] Account acc ) { - try { - await _databaseService.ClearCart( acc ); - } catch { - - } - } - - [Route( "api/product/create" )] - [HttpPost] - public async Task> CreateProduct([FromForm] Product obj, [FromForm] List images){ - try { - List building = new List(); - foreach (var file in images) { - using (var stream = new MemoryStream()) { - await file.CopyToAsync(stream); - var bytes = stream.ToArray(); - - // Convert to your image model or whatever your logic is - ProductImage img = new ProductImage { Image = bytes, Name = file.FileName }; - building.Add(img); + // Convert to your image model or whatever your logic is + ProductImage img = new ProductImage { Image = bytes, Name = file.FileName }; + building.Add(img); + } + } + obj.Images = building.ToArray(); + await _databaseService.SetProduct(obj); + return true; } } - obj.Images = building.ToArray(); - await _databaseService.NewProduct(obj); - return true; + return false; } catch (Exception e) { Console.WriteLine(e); return false; } } - [Route( "api/product/update" )] + [Route("get")] [HttpPost] - public async Task> UpdateProduct( [FromBody] Product obj ) { + public async Task> GetProduct([FromForm] int productID) { try { - await _databaseService.UpdateProduct( obj ); - return true; - } catch { - return false; - } - } - - [Route( "api/product/get" )] - [HttpPost] - public async Task> GetProduct( [FromForm] int productID ) { - try { - Product? x = await _databaseService.GetProduct(productID); - if (x != null) { - return x; - } else { + Product? product = await _databaseService.GetProduct(productID); + if (product != null) { + return product; + } + else { return NotFound(); } } catch { @@ -104,18 +55,7 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route( "api/product/delete" )] - [HttpPost] - public async Task> DeleteProduct( [FromForm] int productID ) { - try { - await _databaseService.DeleteProduct(productID); - return true; - } catch { - return false; - } - } - - [Route("api/product/getall")] + [Route("getall")] [HttpPost] public async Task GetAllProducts() { try { @@ -125,14 +65,32 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route( "api/productimage/get" )] - [HttpGet] - public async Task GetProductImage( int ProductID, int ImageID ) { + [Route("delete")] + [HttpPost] + public async Task> DeleteProduct([FromForm] int productID) { + try { + if (isLoggedIn()) { + Account user = await getLoggedInUser(); + if (user.Role == "Admin") { + await _databaseService.DeleteProduct(productID); + return true; + } + } + return false; + } catch { + return false; + } + } + + [Route("getimage")] + [HttpPost] + public async Task GetProductImage([FromForm] int ProductID, [FromForm] int ImageID) { try { ProductImage? img = await _databaseService.GetImage(ProductID, ImageID); if (img != null) { return File(img.Image, "Image/*"); - } else { + } + else { return NotFound(); } } catch { @@ -140,19 +98,13 @@ namespace MistoxWebsite.Server.Controllers { } } - [Route("api/product/getowned")] + [Route("getowned")] [HttpPost] public async Task> GetOwnedProduct() { try { - if( User.Identity != null && User.Identity.IsAuthenticated ) { - string? email = User.FindFirstValue(ClaimTypes.Email); - if( !string.IsNullOrEmpty( email ) ) { - Account? test = await _databaseService.GetAccount(email); - if( test != null ) { - Receipt[] returned = await _databaseService.GetAllReceipts(test); - return returned; - } - } + if (isLoggedIn()) { + Receipt[] returned = await _databaseService.GetAllReceipts(getLoggedInUserID()); + return returned; } return new Receipt[0]; } catch { @@ -160,39 +112,22 @@ namespace MistoxWebsite.Server.Controllers { } } - bool contains( string outer, string inner ) { - if ( outer.Length >= inner.Length ) { - for ( int i=0; i Download( [FromQuery] string Product ) { + public async Task Download([FromQuery] string Product) { try { - if( User.Identity != null && User.Identity.IsAuthenticated ) { - string? email = User.FindFirstValue(ClaimTypes.Email); - if( !string.IsNullOrEmpty( email ) ) { - Account? user = await _databaseService.GetAccount(email); - if (user != null){ - Product[] games = await _databaseService.GetAllProducts(); - foreach( Product product in games ) { - if ( contains( Product, product.URL ) ) { - Receipt? receipt = await _databaseService.GetReceipt(user, product); - if( receipt != null ) { - //FileStream fileStream = new FileStream(_FolderRoot + Product, FileMode.Open, FileAccess.Read); - //return new FileStreamResult( fileStream, "application/octet-stream" ) { - // FileDownloadName = fileStream.Name - //}; - } - break; - } + if (isLoggedIn()) { + Product[] games = await _databaseService.GetAllProducts(); + foreach (Product product in games) { + if (contains(Product, product.URL)) { + Receipt? receipt = await _databaseService.GetReceipt(getLoggedInUserID(), product.ID); + if (receipt != null) { + //FileStream fileStream = new FileStream(_FolderRoot + Product, FileMode.Open, FileAccess.Read); + //return new FileStreamResult( fileStream, "application/octet-stream" ) { + // FileDownloadName = fileStream.Name + //}; } + break; } } return Unauthorized();