Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

improve validation and exception handling in API Controllers

Browse Source
This commit is contained in:
Shaun Walker
2021-06-15 19:11:00 -04:00
parent 0a2293119e
commit 65a14da5a9
14 changed files with 101 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Oqtane.Server/Controllers/AliasController.cs
View File

@ -72,7 +72,7 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public Alias Put(int id, [FromBody] Alias alias)
{
if (ModelState.IsValid)
if (ModelState.IsValid && _aliases.GetAlias(alias.AliasId, false) != null)
{
alias = _aliases.UpdateAlias(alias);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias);
@ -91,8 +91,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_aliases.DeleteAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id);
var alias = _aliases.GetAlias(id);
if (alias != null)
{
_aliases.DeleteAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Delete Attempt {AliasId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
}
}

46
Oqtane.Server/Controllers/JobController.cs
View File

@ -9,6 +9,7 @@ using Microsoft.Extensions.DependencyInjection;
using Oqtane.Enums;
using Oqtane.Infrastructure;
using Oqtane.Repository;
using System.Net;
namespace Oqtane.Controllers
{
@ -52,6 +53,12 @@ namespace Oqtane.Controllers
job = _jobs.AddJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Post Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job;
}
@ -60,11 +67,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public Job Put(int id, [FromBody] Job job)
{
if (ModelState.IsValid)
if (ModelState.IsValid && _jobs.GetJob(job.JobId, false) != null)
{
job = _jobs.UpdateJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Put Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job;
}
@ -73,8 +86,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_jobs.DeleteJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id);
var job = _jobs.GetJob(id);
if (job != null)
{
_jobs.DeleteJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Delete Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET api/<controller>/start
@ -83,12 +105,17 @@ namespace Oqtane.Controllers
public void Start(int id)
{
Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType);
if (jobtype != null)
if (job != null)
{
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StartAsync(new System.Threading.CancellationToken());
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Start Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET api/<controller>/stop
@ -97,12 +124,17 @@ namespace Oqtane.Controllers
public void Stop(int id)
{
Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType);
if (jobtype != null)
if (job != null)
{
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StopAsync(new System.Threading.CancellationToken());
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Stop Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
}
}

41
Oqtane.Server/Controllers/JobLogController.cs
View File

@ -1,10 +1,8 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Enums;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Repository;
namespace Oqtane.Controllers
@ -13,12 +11,10 @@ namespace Oqtane.Controllers
public class JobLogController : Controller
{
private readonly IJobLogRepository _jobLogs;
private readonly ILogManager _logger;
public JobLogController(IJobLogRepository jobLogs, ILogManager logger)
public JobLogController(IJobLogRepository jobLogs)
{
_jobLogs = jobLogs;
_logger = logger;
}
// GET: api/<controller>
@ -36,40 +32,5 @@ namespace Oqtane.Controllers
{
return _jobLogs.GetJobLog(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public JobLog Post([FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.AddJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", jobLog);
}
return jobLog;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public JobLog Put(int id, [FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.UpdateJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", jobLog);
}
return jobLog;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_jobLogs.DeleteJobLog(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Log Deleted {JobLogId}", id);
}
}
}

35
Oqtane.Server/Controllers/TenantController.cs
View File

@ -36,40 +36,5 @@ namespace Oqtane.Controllers
{
return _tenants.GetTenant(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public Tenant Post([FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.AddTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", tenant.TenantId);
}
return tenant;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public Tenant Put(int id, [FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.UpdateTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", tenant.TenantId);
}
return tenant;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_tenants.DeleteTenant(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Tenant Deleted {TenantId}", id);
}
}
}

12
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -11,6 +11,7 @@ using Oqtane.Enums;
using Oqtane.Infrastructure;
using Oqtane.Repository;
using System.Text.Json;
using System.Net;
// ReSharper disable StringIndexOfIsCultureSpecific.1
@ -84,6 +85,11 @@ namespace Oqtane.Controllers
_themes.DeleteTheme(theme.ThemeName);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Theme Removed For {ThemeName}", theme.ThemeName);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Delete Attempt {Themename}", themename);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET: api/<controller>/templates
@ -141,6 +147,12 @@ namespace Oqtane.Controllers
ProcessTemplatesRecursively(new DirectoryInfo(templatePath), rootPath, rootFolder.Name, templatePath, theme);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Theme Created {Theme}", theme);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Post Attempt {Theme}", theme);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
theme = null;
}
return theme;
}