Merge pull request #1482 from sbwalker/dev
improve validation and exception handling in API Controllers
This commit is contained in:
		| @ -2,7 +2,7 @@ | ||||
| @inherits ModuleBase | ||||
| @inject IPageService PageService | ||||
| @inject IUserService UserService | ||||
| @inject IStringLocalizer<SharedResources> Localizer | ||||
| @inject IStringLocalizer<SharedResources> SharedLocalizer | ||||
|  | ||||
| <div class="row"> | ||||
|     @foreach (var p in _pages) | ||||
| @ -12,7 +12,7 @@ | ||||
|             string url = NavigateUrl(p.Path); | ||||
|             <div class="col-md-2 mx-auto text-center"> | ||||
|                 <NavLink class="nav-link" href="@url" Match="NavLinkMatch.All"> | ||||
|                     <h2><span class="@p.Icon" aria-hidden="true"></span></h2>@Localizer[p.Name] | ||||
|                     <h2><span class="@p.Icon" aria-hidden="true"></span></h2>@SharedLocalizer[p.Name] | ||||
|                 </NavLink> | ||||
|             </div> | ||||
|         } | ||||
|  | ||||
| @ -1,4 +1,4 @@ | ||||
| using Oqtane.Models; | ||||
| using Oqtane.Models; | ||||
| using System.Collections.Generic; | ||||
| using System.Threading.Tasks; | ||||
|  | ||||
| @ -9,11 +9,5 @@ namespace Oqtane.Services | ||||
|         Task<List<JobLog>> GetJobLogsAsync(); | ||||
|  | ||||
|         Task<JobLog> GetJobLogAsync(int jobLogId); | ||||
|  | ||||
|         Task<JobLog> AddJobLogAsync(JobLog jobLog); | ||||
|  | ||||
|         Task<JobLog> UpdateJobLogAsync(JobLog jobLog); | ||||
|  | ||||
|         Task DeleteJobLogAsync(int jobLogId); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -21,26 +21,5 @@ namespace Oqtane.Services | ||||
|         /// <param name="tenantId">ID-reference of the <see cref="Tenant"/></param> | ||||
|         /// <returns></returns> | ||||
|         Task<Tenant> GetTenantAsync(int tenantId); | ||||
|  | ||||
|         /// <summary> | ||||
|         /// Add / save another <see cref="Tenant"/> to the database | ||||
|         /// </summary> | ||||
|         /// <param name="tenant">A <see cref="Tenant"/> object containing the configuration</param> | ||||
|         /// <returns></returns> | ||||
|         Task<Tenant> AddTenantAsync(Tenant tenant); | ||||
|  | ||||
|         /// <summary> | ||||
|         /// Update the <see cref="Tenant"/> information in the database. | ||||
|         /// </summary> | ||||
|         /// <param name="tenant"></param> | ||||
|         /// <returns></returns> | ||||
|         Task<Tenant> UpdateTenantAsync(Tenant tenant); | ||||
|  | ||||
|         /// <summary> | ||||
|         /// Delete / remove a <see cref="Tenant"/> | ||||
|         /// </summary> | ||||
|         /// <param name="tenantId"></param> | ||||
|         /// <returns></returns> | ||||
|         Task DeleteTenantAsync(int tenantId); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -30,19 +30,5 @@ namespace Oqtane.Services | ||||
|         { | ||||
|             return await GetJsonAsync<JobLog>($"{Apiurl}/{jobLogId}"); | ||||
|         } | ||||
|  | ||||
|         public async Task<JobLog> AddJobLogAsync(JobLog joblog) | ||||
|         { | ||||
|             return await PostJsonAsync<JobLog>(Apiurl, joblog); | ||||
|         } | ||||
|  | ||||
|         public async Task<JobLog> UpdateJobLogAsync(JobLog joblog) | ||||
|         { | ||||
|             return await PutJsonAsync<JobLog>($"{Apiurl}/{joblog.JobLogId}", joblog); | ||||
|         } | ||||
|         public async Task DeleteJobLogAsync(int jobLogId) | ||||
|         { | ||||
|             await DeleteAsync($"{Apiurl}/{jobLogId}"); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -30,20 +30,5 @@ namespace Oqtane.Services | ||||
|         { | ||||
|             return await GetJsonAsync<Tenant>($"{Apiurl}/{tenantId}"); | ||||
|         } | ||||
|  | ||||
|         public async Task<Tenant> AddTenantAsync(Tenant tenant) | ||||
|         { | ||||
|             return await PostJsonAsync<Tenant>(Apiurl, tenant); | ||||
|         } | ||||
|  | ||||
|         public async Task<Tenant> UpdateTenantAsync(Tenant tenant) | ||||
|         { | ||||
|             return await PutJsonAsync<Tenant>($"{Apiurl}/{tenant.TenantId}", tenant); | ||||
|         } | ||||
|  | ||||
|         public async Task DeleteTenantAsync(int tenantId) | ||||
|         { | ||||
|             await DeleteAsync($"{Apiurl}/{tenantId}"); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -72,7 +72,7 @@ namespace Oqtane.Controllers | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public Alias Put(int id, [FromBody] Alias alias) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             if (ModelState.IsValid && _aliases.GetAlias(alias.AliasId, false) != null) | ||||
|             { | ||||
|                 alias = _aliases.UpdateAlias(alias); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias); | ||||
| @ -91,8 +91,17 @@ namespace Oqtane.Controllers | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public void Delete(int id) | ||||
|         { | ||||
|             _aliases.DeleteAlias(id); | ||||
|             _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id); | ||||
|             var alias = _aliases.GetAlias(id); | ||||
|             if (alias != null) | ||||
|             { | ||||
|                 _aliases.DeleteAlias(id); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Delete Attempt {AliasId}", id); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -9,6 +9,7 @@ using Microsoft.Extensions.DependencyInjection; | ||||
| using Oqtane.Enums; | ||||
| using Oqtane.Infrastructure; | ||||
| using Oqtane.Repository; | ||||
| using System.Net; | ||||
|  | ||||
| namespace Oqtane.Controllers | ||||
| { | ||||
| @ -52,6 +53,12 @@ namespace Oqtane.Controllers | ||||
|                 job = _jobs.AddJob(job); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Post Attempt {Alias}", job); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|                 job = null; | ||||
|             } | ||||
|             return job; | ||||
|         } | ||||
|  | ||||
| @ -60,11 +67,17 @@ namespace Oqtane.Controllers | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public Job Put(int id, [FromBody] Job job) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             if (ModelState.IsValid && _jobs.GetJob(job.JobId, false) != null) | ||||
|             { | ||||
|                 job = _jobs.UpdateJob(job); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Put Attempt {Alias}", job); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|                 job = null; | ||||
|             } | ||||
|             return job; | ||||
|         } | ||||
|  | ||||
| @ -73,8 +86,17 @@ namespace Oqtane.Controllers | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public void Delete(int id) | ||||
|         { | ||||
|             _jobs.DeleteJob(id); | ||||
|             _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id); | ||||
|             var job = _jobs.GetJob(id); | ||||
|             if (job != null) | ||||
|             { | ||||
|                 _jobs.DeleteJob(id); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Delete Attempt {JobId}", id); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         // GET api/<controller>/start | ||||
| @ -83,12 +105,17 @@ namespace Oqtane.Controllers | ||||
|         public void Start(int id) | ||||
|         { | ||||
|             Job job = _jobs.GetJob(id); | ||||
|             Type jobtype = Type.GetType(job.JobType); | ||||
|             if (jobtype != null) | ||||
|             if (job != null) | ||||
|             { | ||||
|                 Type jobtype = Type.GetType(job.JobType); | ||||
|                 var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype); | ||||
|                 ((IHostedService)jobobject).StartAsync(new System.Threading.CancellationToken()); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Start Attempt {JobId}", id); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         // GET api/<controller>/stop | ||||
| @ -97,12 +124,17 @@ namespace Oqtane.Controllers | ||||
|         public void Stop(int id) | ||||
|         { | ||||
|             Job job = _jobs.GetJob(id); | ||||
|             Type jobtype = Type.GetType(job.JobType); | ||||
|             if (jobtype != null) | ||||
|             if (job != null) | ||||
|             { | ||||
|                 Type jobtype = Type.GetType(job.JobType); | ||||
|                 var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype); | ||||
|                 ((IHostedService)jobobject).StopAsync(new System.Threading.CancellationToken()); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Stop Attempt {JobId}", id); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -1,10 +1,8 @@ | ||||
| using System.Collections.Generic; | ||||
| using Microsoft.AspNetCore.Mvc; | ||||
| using Microsoft.AspNetCore.Authorization; | ||||
| using Oqtane.Enums; | ||||
| using Oqtane.Models; | ||||
| using Oqtane.Shared; | ||||
| using Oqtane.Infrastructure; | ||||
| using Oqtane.Repository; | ||||
|  | ||||
| namespace Oqtane.Controllers | ||||
| @ -13,12 +11,10 @@ namespace Oqtane.Controllers | ||||
|     public class JobLogController : Controller | ||||
|     { | ||||
|         private readonly IJobLogRepository _jobLogs; | ||||
|         private readonly ILogManager _logger; | ||||
|  | ||||
|         public JobLogController(IJobLogRepository jobLogs, ILogManager logger) | ||||
|         public JobLogController(IJobLogRepository jobLogs) | ||||
|         { | ||||
|             _jobLogs = jobLogs; | ||||
|             _logger = logger; | ||||
|         } | ||||
|  | ||||
|         // GET: api/<controller> | ||||
| @ -36,40 +32,5 @@ namespace Oqtane.Controllers | ||||
|         { | ||||
|             return _jobLogs.GetJobLog(id); | ||||
|         } | ||||
|  | ||||
|         // POST api/<controller> | ||||
|         [HttpPost] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public JobLog Post([FromBody] JobLog jobLog) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             { | ||||
|                 jobLog = _jobLogs.AddJobLog(jobLog); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", jobLog); | ||||
|             } | ||||
|             return jobLog; | ||||
|         } | ||||
|  | ||||
|         // PUT api/<controller>/5 | ||||
|         [HttpPut("{id}")] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public JobLog Put(int id, [FromBody] JobLog jobLog) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             { | ||||
|                 jobLog = _jobLogs.UpdateJobLog(jobLog); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", jobLog); | ||||
|             } | ||||
|             return jobLog; | ||||
|         } | ||||
|  | ||||
|         // DELETE api/<controller>/5 | ||||
|         [HttpDelete("{id}")] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public void Delete(int id) | ||||
|         { | ||||
|             _jobLogs.DeleteJobLog(id); | ||||
|             _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Log Deleted {JobLogId}", id); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -36,40 +36,5 @@ namespace Oqtane.Controllers | ||||
|         { | ||||
|             return _tenants.GetTenant(id); | ||||
|         } | ||||
|  | ||||
|         // POST api/<controller> | ||||
|         [HttpPost] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public Tenant Post([FromBody] Tenant tenant) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             { | ||||
|                 tenant = _tenants.AddTenant(tenant); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", tenant.TenantId); | ||||
|             } | ||||
|             return tenant; | ||||
|         } | ||||
|  | ||||
|         // PUT api/<controller>/5 | ||||
|         [HttpPut("{id}")] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public Tenant Put(int id, [FromBody] Tenant tenant) | ||||
|         { | ||||
|             if (ModelState.IsValid) | ||||
|             { | ||||
|                 tenant = _tenants.UpdateTenant(tenant); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", tenant.TenantId); | ||||
|             } | ||||
|             return tenant; | ||||
|         } | ||||
|  | ||||
|         // DELETE api/<controller>/5 | ||||
|         [HttpDelete("{id}")] | ||||
|         [Authorize(Roles = RoleNames.Host)] | ||||
|         public void Delete(int id) | ||||
|         { | ||||
|             _tenants.DeleteTenant(id); | ||||
|             _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Tenant Deleted {TenantId}", id); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -11,6 +11,7 @@ using Oqtane.Enums; | ||||
| using Oqtane.Infrastructure; | ||||
| using Oqtane.Repository; | ||||
| using System.Text.Json; | ||||
| using System.Net; | ||||
|  | ||||
| // ReSharper disable StringIndexOfIsCultureSpecific.1 | ||||
|  | ||||
| @ -84,6 +85,11 @@ namespace Oqtane.Controllers | ||||
|                 _themes.DeleteTheme(theme.ThemeName); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Theme Removed For {ThemeName}", theme.ThemeName); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Delete Attempt {Themename}", themename); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         // GET: api/<controller>/templates | ||||
| @ -141,6 +147,12 @@ namespace Oqtane.Controllers | ||||
|                 ProcessTemplatesRecursively(new DirectoryInfo(templatePath), rootPath, rootFolder.Name, templatePath, theme); | ||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Theme Created {Theme}", theme); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Post Attempt {Theme}", theme); | ||||
|                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|                 theme = null; | ||||
|             } | ||||
|  | ||||
|             return theme; | ||||
|         } | ||||
|  | ||||
| @ -45,15 +45,28 @@ namespace Oqtane.Repository | ||||
|  | ||||
|         public Alias GetAlias(int aliasId) | ||||
|         { | ||||
|             return _db.Alias.Find(aliasId); | ||||
|             return GetAlias(aliasId, true); | ||||
|         } | ||||
|  | ||||
|         public Alias GetAlias(string name) | ||||
|         public Alias GetAlias(int aliasId, bool tracking) | ||||
|         { | ||||
|             if (tracking) | ||||
|             { | ||||
|                 return _db.Alias.Find(aliasId); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 return _db.Alias.AsNoTracking().FirstOrDefault(item => item.AliasId == aliasId); | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         // lookup alias based on url - note that alias values are hierarchical | ||||
|         public Alias GetAlias(string url) | ||||
|         { | ||||
|             Alias alias = null; | ||||
|  | ||||
|             List<Alias> aliases = GetAliases().ToList(); | ||||
|             var segments = name.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries); | ||||
|             var segments = url.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries); | ||||
|  | ||||
|             // iterate segments to find keywords | ||||
|             int start = segments.Length; | ||||
|  | ||||
| @ -9,7 +9,8 @@ namespace Oqtane.Repository | ||||
|         Alias AddAlias(Alias alias); | ||||
|         Alias UpdateAlias(Alias alias); | ||||
|         Alias GetAlias(int aliasId); | ||||
|         Alias GetAlias(string name); | ||||
|         Alias GetAlias(int aliasId, bool tracking); | ||||
|         Alias GetAlias(string url); | ||||
|         void DeleteAlias(int aliasId); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -1,4 +1,4 @@ | ||||
| using System.Collections.Generic; | ||||
| using System.Collections.Generic; | ||||
| using Oqtane.Models; | ||||
|  | ||||
| namespace Oqtane.Repository | ||||
| @ -9,6 +9,7 @@ namespace Oqtane.Repository | ||||
|         Job AddJob(Job job); | ||||
|         Job UpdateJob(Job job); | ||||
|         Job GetJob(int jobId); | ||||
|         Job GetJob(int jobId, bool tracking); | ||||
|         void DeleteJob(int jobId); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -1,4 +1,4 @@ | ||||
| using System; | ||||
| using System; | ||||
| using System.Collections.Generic; | ||||
| using System.Linq; | ||||
| using Microsoft.EntityFrameworkCore; | ||||
| @ -48,6 +48,19 @@ namespace Oqtane.Repository | ||||
|             return _db.Job.Find(jobId); | ||||
|         } | ||||
|  | ||||
|         public Job GetJob(int jobId, bool tracking) | ||||
|         { | ||||
|             if (tracking) | ||||
|             { | ||||
|                 return _db.Job.Find(jobId); | ||||
|             } | ||||
|             else | ||||
|             { | ||||
|                 return _db.Job.AsNoTracking().FirstOrDefault(item => item.JobId == jobId); | ||||
|             } | ||||
|  | ||||
|         } | ||||
|  | ||||
|         public void DeleteJob(int jobId) | ||||
|         { | ||||
|             Job job = _db.Job.Find(jobId); | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Shaun Walker
					Shaun Walker