kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve validation and exception handling in API Controllers

Browse Source
This commit is contained in:
Shaun Walker 2021-06-15 19:11:00 -04:00
parent 0a2293119e
commit 65a14da5a9
14 changed files with 101 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Client/Modules/Admin/Dashboard/Index.razor
View File

@ -2,7 +2,7 @@
@inherits ModuleBase
@inject IPageService PageService
@inject IUserService UserService
@inject IStringLocalizer<SharedResources> Localizer
@inject IStringLocalizer<SharedResources> SharedLocalizer
<div class="row">
@foreach (var p in _pages)
@ -12,7 +12,7 @@
string url = NavigateUrl(p.Path);
<div class="col-md-2 mx-auto text-center">
<NavLink class="nav-link" href="@url" Match="NavLinkMatch.All">
<h2><span class="@p.Icon" aria-hidden="true"></span></h2>@Localizer[p.Name]
<h2><span class="@p.Icon" aria-hidden="true"></span></h2>@SharedLocalizer[p.Name]
</NavLink>
</div>
}

8
Oqtane.Client/Services/Interfaces/IJobLogService.cs
View File

@ -1,4 +1,4 @@
using Oqtane.Models;
using Oqtane.Models;
using System.Collections.Generic;
using System.Threading.Tasks;
@ -9,11 +9,5 @@ namespace Oqtane.Services
Task<List<JobLog>> GetJobLogsAsync();
Task<JobLog> GetJobLogAsync(int jobLogId);
Task<JobLog> AddJobLogAsync(JobLog jobLog);
Task<JobLog> UpdateJobLogAsync(JobLog jobLog);
Task DeleteJobLogAsync(int jobLogId);
}
}

21
Oqtane.Client/Services/Interfaces/ITenantService.cs
View File

@ -21,26 +21,5 @@ namespace Oqtane.Services
/// <param name="tenantId">ID-reference of the <see cref="Tenant"/></param>
/// <returns></returns>
Task<Tenant> GetTenantAsync(int tenantId);
/// <summary>
/// Add / save another <see cref="Tenant"/> to the database
/// </summary>
/// <param name="tenant">A <see cref="Tenant"/> object containing the configuration</param>
/// <returns></returns>
Task<Tenant> AddTenantAsync(Tenant tenant);
/// <summary>
/// Update the <see cref="Tenant"/> information in the database.
/// </summary>
/// <param name="tenant"></param>
/// <returns></returns>
Task<Tenant> UpdateTenantAsync(Tenant tenant);
/// <summary>
/// Delete / remove a <see cref="Tenant"/>
/// </summary>
/// <param name="tenantId"></param>
/// <returns></returns>
Task DeleteTenantAsync(int tenantId);
}
}

14
Oqtane.Client/Services/JobLogService.cs
View File

@ -30,19 +30,5 @@ namespace Oqtane.Services
{
return await GetJsonAsync<JobLog>($"{Apiurl}/{jobLogId}");
}
public async Task<JobLog> AddJobLogAsync(JobLog joblog)
{
return await PostJsonAsync<JobLog>(Apiurl, joblog);
}
public async Task<JobLog> UpdateJobLogAsync(JobLog joblog)
{
return await PutJsonAsync<JobLog>($"{Apiurl}/{joblog.JobLogId}", joblog);
}
public async Task DeleteJobLogAsync(int jobLogId)
{
await DeleteAsync($"{Apiurl}/{jobLogId}");
}
}
}

15
Oqtane.Client/Services/TenantService.cs
View File

@ -30,20 +30,5 @@ namespace Oqtane.Services
{
return await GetJsonAsync<Tenant>($"{Apiurl}/{tenantId}");
}
public async Task<Tenant> AddTenantAsync(Tenant tenant)
{
return await PostJsonAsync<Tenant>(Apiurl, tenant);
}
public async Task<Tenant> UpdateTenantAsync(Tenant tenant)
{
return await PutJsonAsync<Tenant>($"{Apiurl}/{tenant.TenantId}", tenant);
}
public async Task DeleteTenantAsync(int tenantId)
{
await DeleteAsync($"{Apiurl}/{tenantId}");
}
}
}

15
Oqtane.Server/Controllers/AliasController.cs
View File

@ -72,7 +72,7 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public Alias Put(int id, [FromBody] Alias alias)
{
if (ModelState.IsValid)
if (ModelState.IsValid && _aliases.GetAlias(alias.AliasId, false) != null)
{
alias = _aliases.UpdateAlias(alias);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias);
@ -91,8 +91,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_aliases.DeleteAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id);
var alias = _aliases.GetAlias(id);
if (alias != null)
{
_aliases.DeleteAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Delete Attempt {AliasId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
}
}

46
Oqtane.Server/Controllers/JobController.cs
View File

@ -9,6 +9,7 @@ using Microsoft.Extensions.DependencyInjection;
using Oqtane.Enums;
using Oqtane.Infrastructure;
using Oqtane.Repository;
using System.Net;
namespace Oqtane.Controllers
{
@ -52,6 +53,12 @@ namespace Oqtane.Controllers
job = _jobs.AddJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Post Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job;
}
@ -60,11 +67,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public Job Put(int id, [FromBody] Job job)
{
if (ModelState.IsValid)
if (ModelState.IsValid && _jobs.GetJob(job.JobId, false) != null)
{
job = _jobs.UpdateJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Put Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job;
}
@ -73,8 +86,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_jobs.DeleteJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id);
var job = _jobs.GetJob(id);
if (job != null)
{
_jobs.DeleteJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Delete Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET api/<controller>/start
@ -83,12 +105,17 @@ namespace Oqtane.Controllers
public void Start(int id)
{
Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType);
if (jobtype != null)
if (job != null)
{
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StartAsync(new System.Threading.CancellationToken());
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Start Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET api/<controller>/stop
@ -97,12 +124,17 @@ namespace Oqtane.Controllers
public void Stop(int id)
{
Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType);
if (jobtype != null)
if (job != null)
{
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StopAsync(new System.Threading.CancellationToken());
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Stop Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
}
}

41
Oqtane.Server/Controllers/JobLogController.cs
View File

@ -1,10 +1,8 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Enums;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Repository;
namespace Oqtane.Controllers
@ -13,12 +11,10 @@ namespace Oqtane.Controllers
public class JobLogController : Controller
{
private readonly IJobLogRepository _jobLogs;
private readonly ILogManager _logger;
public JobLogController(IJobLogRepository jobLogs, ILogManager logger)
public JobLogController(IJobLogRepository jobLogs)
{
_jobLogs = jobLogs;
_logger = logger;
}
// GET: api/<controller>
@ -36,40 +32,5 @@ namespace Oqtane.Controllers
{
return _jobLogs.GetJobLog(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public JobLog Post([FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.AddJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", jobLog);
}
return jobLog;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public JobLog Put(int id, [FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.UpdateJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", jobLog);
}
return jobLog;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_jobLogs.DeleteJobLog(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Log Deleted {JobLogId}", id);
}
}
}

35
Oqtane.Server/Controllers/TenantController.cs
View File

@ -36,40 +36,5 @@ namespace Oqtane.Controllers
{
return _tenants.GetTenant(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public Tenant Post([FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.AddTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", tenant.TenantId);
}
return tenant;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public Tenant Put(int id, [FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.UpdateTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", tenant.TenantId);
}
return tenant;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_tenants.DeleteTenant(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Tenant Deleted {TenantId}", id);
}
}
}

12
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -11,6 +11,7 @@ using Oqtane.Enums;
using Oqtane.Infrastructure;
using Oqtane.Repository;
using System.Text.Json;
using System.Net;
// ReSharper disable StringIndexOfIsCultureSpecific.1
@ -84,6 +85,11 @@ namespace Oqtane.Controllers
_themes.DeleteTheme(theme.ThemeName);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Theme Removed For {ThemeName}", theme.ThemeName);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Delete Attempt {Themename}", themename);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET: api/<controller>/templates
@ -141,6 +147,12 @@ namespace Oqtane.Controllers
ProcessTemplatesRecursively(new DirectoryInfo(templatePath), rootPath, rootFolder.Name, templatePath, theme);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Theme Created {Theme}", theme);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Post Attempt {Theme}", theme);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
theme = null;
}
return theme;
}

19
Oqtane.Server/Repository/AliasRepository.cs
View File

@ -45,15 +45,28 @@ namespace Oqtane.Repository
public Alias GetAlias(int aliasId)
{
return _db.Alias.Find(aliasId);
return GetAlias(aliasId, true);
}
public Alias GetAlias(string name)
public Alias GetAlias(int aliasId, bool tracking)
{
if (tracking)
{
return _db.Alias.Find(aliasId);
}
else
{
return _db.Alias.AsNoTracking().FirstOrDefault(item => item.AliasId == aliasId);
}
}
// lookup alias based on url - note that alias values are hierarchical
public Alias GetAlias(string url)
{
Alias alias = null;
List<Alias> aliases = GetAliases().ToList();
var segments = name.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
var segments = url.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
// iterate segments to find keywords
int start = segments.Length;

3
Oqtane.Server/Repository/Interfaces/IAliasRepository.cs
View File

@ -9,7 +9,8 @@ namespace Oqtane.Repository
Alias AddAlias(Alias alias);
Alias UpdateAlias(Alias alias);
Alias GetAlias(int aliasId);
Alias GetAlias(string name);
Alias GetAlias(int aliasId, bool tracking);
Alias GetAlias(string url);
void DeleteAlias(int aliasId);
}
}

3
Oqtane.Server/Repository/Interfaces/IJobRepository.cs
View File

@ -1,4 +1,4 @@
using System.Collections.Generic;
using System.Collections.Generic;
using Oqtane.Models;
namespace Oqtane.Repository
@ -9,6 +9,7 @@ namespace Oqtane.Repository
Job AddJob(Job job);
Job UpdateJob(Job job);
Job GetJob(int jobId);
Job GetJob(int jobId, bool tracking);
void DeleteJob(int jobId);
}
}

15
Oqtane.Server/Repository/JobRepository.cs
View File

@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.EntityFrameworkCore;
@ -48,6 +48,19 @@ namespace Oqtane.Repository
return _db.Job.Find(jobId);
}
public Job GetJob(int jobId, bool tracking)
{
if (tracking)
{
return _db.Job.Find(jobId);
}
else
{
return _db.Job.AsNoTracking().FirstOrDefault(item => item.JobId == jobId);
}
}
public void DeleteJob(int jobId)
{
Job job = _db.Job.Find(jobId);