kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve validation and exception handling in API Controllers

Browse Source
This commit is contained in:
Shaun Walker 2021-06-15 19:11:00 -04:00
parent 0a2293119e
commit 65a14da5a9
14 changed files with 101 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Client/Modules/Admin/Dashboard/Index.razor
View File

@ -2,7 +2,7 @@
@inherits ModuleBase @inherits ModuleBase
@inject IPageService PageService @inject IPageService PageService
@inject IUserService UserService @inject IUserService UserService
@inject IStringLocalizer<SharedResources> Localizer @inject IStringLocalizer<SharedResources> SharedLocalizer
<div class="row"> <div class="row">
@foreach (var p in _pages) @foreach (var p in _pages)
@ -12,7 +12,7 @@
string url = NavigateUrl(p.Path); string url = NavigateUrl(p.Path);
<div class="col-md-2 mx-auto text-center"> <div class="col-md-2 mx-auto text-center">
<NavLink class="nav-link" href="@url" Match="NavLinkMatch.All"> <NavLink class="nav-link" href="@url" Match="NavLinkMatch.All">
<h2><span class="@p.Icon" aria-hidden="true"></span></h2>@Localizer[p.Name] <h2><span class="@p.Icon" aria-hidden="true"></span></h2>@SharedLocalizer[p.Name]
</NavLink> </NavLink>
</div> </div>
} }

8
Oqtane.Client/Services/Interfaces/IJobLogService.cs
View File

@ -1,4 +1,4 @@
using Oqtane.Models; using Oqtane.Models;
using System.Collections.Generic; using System.Collections.Generic;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -9,11 +9,5 @@ namespace Oqtane.Services
Task<List<JobLog>> GetJobLogsAsync(); Task<List<JobLog>> GetJobLogsAsync();
Task<JobLog> GetJobLogAsync(int jobLogId); Task<JobLog> GetJobLogAsync(int jobLogId);
Task<JobLog> AddJobLogAsync(JobLog jobLog);
Task<JobLog> UpdateJobLogAsync(JobLog jobLog);
Task DeleteJobLogAsync(int jobLogId);
} }
} }

21
Oqtane.Client/Services/Interfaces/ITenantService.cs
View File

@ -21,26 +21,5 @@ namespace Oqtane.Services
/// <param name="tenantId">ID-reference of the <see cref="Tenant"/></param> /// <param name="tenantId">ID-reference of the <see cref="Tenant"/></param>
/// <returns></returns> /// <returns></returns>
Task<Tenant> GetTenantAsync(int tenantId); Task<Tenant> GetTenantAsync(int tenantId);
/// <summary>
/// Add / save another <see cref="Tenant"/> to the database
/// </summary>
/// <param name="tenant">A <see cref="Tenant"/> object containing the configuration</param>
/// <returns></returns>
Task<Tenant> AddTenantAsync(Tenant tenant);
/// <summary>
/// Update the <see cref="Tenant"/> information in the database.
/// </summary>
/// <param name="tenant"></param>
/// <returns></returns>
Task<Tenant> UpdateTenantAsync(Tenant tenant);
/// <summary>
/// Delete / remove a <see cref="Tenant"/>
/// </summary>
/// <param name="tenantId"></param>
/// <returns></returns>
Task DeleteTenantAsync(int tenantId);
} }
} }

14
Oqtane.Client/Services/JobLogService.cs
View File

@ -30,19 +30,5 @@ namespace Oqtane.Services
{ {
return await GetJsonAsync<JobLog>($"{Apiurl}/{jobLogId}"); return await GetJsonAsync<JobLog>($"{Apiurl}/{jobLogId}");
} }
public async Task<JobLog> AddJobLogAsync(JobLog joblog)
{
return await PostJsonAsync<JobLog>(Apiurl, joblog);
}
public async Task<JobLog> UpdateJobLogAsync(JobLog joblog)
{
return await PutJsonAsync<JobLog>($"{Apiurl}/{joblog.JobLogId}", joblog);
}
public async Task DeleteJobLogAsync(int jobLogId)
{
await DeleteAsync($"{Apiurl}/{jobLogId}");
}
} }
} }

15
Oqtane.Client/Services/TenantService.cs
View File

@ -30,20 +30,5 @@ namespace Oqtane.Services
{ {
return await GetJsonAsync<Tenant>($"{Apiurl}/{tenantId}"); return await GetJsonAsync<Tenant>($"{Apiurl}/{tenantId}");
} }
public async Task<Tenant> AddTenantAsync(Tenant tenant)
{
return await PostJsonAsync<Tenant>(Apiurl, tenant);
}
public async Task<Tenant> UpdateTenantAsync(Tenant tenant)
{
return await PutJsonAsync<Tenant>($"{Apiurl}/{tenant.TenantId}", tenant);
}
public async Task DeleteTenantAsync(int tenantId)
{
await DeleteAsync($"{Apiurl}/{tenantId}");
}
} }
} }

15
Oqtane.Server/Controllers/AliasController.cs
View File

@ -72,7 +72,7 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)] [Authorize(Roles = RoleNames.Host)]
public Alias Put(int id, [FromBody] Alias alias) public Alias Put(int id, [FromBody] Alias alias)
{ {
if (ModelState.IsValid) if (ModelState.IsValid && _aliases.GetAlias(alias.AliasId, false) != null)
{ {
alias = _aliases.UpdateAlias(alias); alias = _aliases.UpdateAlias(alias);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias); _logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias);
@ -91,8 +91,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)] [Authorize(Roles = RoleNames.Host)]
public void Delete(int id) public void Delete(int id)
{ {
_aliases.DeleteAlias(id); var alias = _aliases.GetAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id); if (alias != null)
{
_aliases.DeleteAlias(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Alias Deleted {AliasId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Delete Attempt {AliasId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
} }
} }
} }

46
Oqtane.Server/Controllers/JobController.cs
View File

@ -9,6 +9,7 @@ using Microsoft.Extensions.DependencyInjection;
using Oqtane.Enums; using Oqtane.Enums;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Repository; using Oqtane.Repository;
using System.Net;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -52,6 +53,12 @@ namespace Oqtane.Controllers
job = _jobs.AddJob(job); job = _jobs.AddJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Post Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job; return job;
} }
@ -60,11 +67,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)] [Authorize(Roles = RoleNames.Host)]
public Job Put(int id, [FromBody] Job job) public Job Put(int id, [FromBody] Job job)
{ {
if (ModelState.IsValid) if (ModelState.IsValid && _jobs.GetJob(job.JobId, false) != null)
{ {
job = _jobs.UpdateJob(job); job = _jobs.UpdateJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job); _logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Put Attempt {Alias}", job);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
job = null;
}
return job; return job;
} }
@ -73,8 +86,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)] [Authorize(Roles = RoleNames.Host)]
public void Delete(int id) public void Delete(int id)
{ {
_jobs.DeleteJob(id); var job = _jobs.GetJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id); if (job != null)
{
_jobs.DeleteJob(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Deleted {JobId}", id);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Delete Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
} }
// GET api/<controller>/start // GET api/<controller>/start
@ -83,12 +105,17 @@ namespace Oqtane.Controllers
public void Start(int id) public void Start(int id)
{ {
Job job = _jobs.GetJob(id); Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType); if (job != null)
if (jobtype != null)
{ {
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype); var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StartAsync(new System.Threading.CancellationToken()); ((IHostedService)jobobject).StartAsync(new System.Threading.CancellationToken());
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Start Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
} }
// GET api/<controller>/stop // GET api/<controller>/stop
@ -97,12 +124,17 @@ namespace Oqtane.Controllers
public void Stop(int id) public void Stop(int id)
{ {
Job job = _jobs.GetJob(id); Job job = _jobs.GetJob(id);
Type jobtype = Type.GetType(job.JobType); if (job != null)
if (jobtype != null)
{ {
Type jobtype = Type.GetType(job.JobType);
var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype); var jobobject = ActivatorUtilities.CreateInstance(_serviceProvider, jobtype);
((IHostedService)jobobject).StopAsync(new System.Threading.CancellationToken()); ((IHostedService)jobobject).StopAsync(new System.Threading.CancellationToken());
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Job Stop Attempt {JobId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
} }
} }
} }

41
Oqtane.Server/Controllers/JobLogController.cs
View File

@ -1,10 +1,8 @@
using System.Collections.Generic; using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Enums;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Repository; using Oqtane.Repository;
namespace Oqtane.Controllers namespace Oqtane.Controllers
@ -13,12 +11,10 @@ namespace Oqtane.Controllers
public class JobLogController : Controller public class JobLogController : Controller
{ {
private readonly IJobLogRepository _jobLogs; private readonly IJobLogRepository _jobLogs;
private readonly ILogManager _logger;
public JobLogController(IJobLogRepository jobLogs, ILogManager logger) public JobLogController(IJobLogRepository jobLogs)
{ {
_jobLogs = jobLogs; _jobLogs = jobLogs;
_logger = logger;
} }
// GET: api/<controller> // GET: api/<controller>
@ -36,40 +32,5 @@ namespace Oqtane.Controllers
{ {
return _jobLogs.GetJobLog(id); return _jobLogs.GetJobLog(id);
} }
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public JobLog Post([FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.AddJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", jobLog);
}
return jobLog;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public JobLog Put(int id, [FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
jobLog = _jobLogs.UpdateJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", jobLog);
}
return jobLog;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_jobLogs.DeleteJobLog(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Job Log Deleted {JobLogId}", id);
}
} }
} }

35
Oqtane.Server/Controllers/TenantController.cs
View File

@ -36,40 +36,5 @@ namespace Oqtane.Controllers
{ {
return _tenants.GetTenant(id); return _tenants.GetTenant(id);
} }
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public Tenant Post([FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.AddTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", tenant.TenantId);
}
return tenant;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Host)]
public Tenant Put(int id, [FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
tenant = _tenants.UpdateTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", tenant.TenantId);
}
return tenant;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Host)]
public void Delete(int id)
{
_tenants.DeleteTenant(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Tenant Deleted {TenantId}", id);
}
} }
} }

12
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -11,6 +11,7 @@ using Oqtane.Enums;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Repository; using Oqtane.Repository;
using System.Text.Json; using System.Text.Json;
using System.Net;
// ReSharper disable StringIndexOfIsCultureSpecific.1 // ReSharper disable StringIndexOfIsCultureSpecific.1
@ -84,6 +85,11 @@ namespace Oqtane.Controllers
_themes.DeleteTheme(theme.ThemeName); _themes.DeleteTheme(theme.ThemeName);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Theme Removed For {ThemeName}", theme.ThemeName); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Theme Removed For {ThemeName}", theme.ThemeName);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Delete Attempt {Themename}", themename);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
} }
// GET: api/<controller>/templates // GET: api/<controller>/templates
@ -141,6 +147,12 @@ namespace Oqtane.Controllers
ProcessTemplatesRecursively(new DirectoryInfo(templatePath), rootPath, rootFolder.Name, templatePath, theme); ProcessTemplatesRecursively(new DirectoryInfo(templatePath), rootPath, rootFolder.Name, templatePath, theme);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Theme Created {Theme}", theme); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Theme Created {Theme}", theme);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Theme Post Attempt {Theme}", theme);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
theme = null;
}
return theme; return theme;
} }

19
Oqtane.Server/Repository/AliasRepository.cs
View File

@ -45,15 +45,28 @@ namespace Oqtane.Repository
public Alias GetAlias(int aliasId) public Alias GetAlias(int aliasId)
{ {
return _db.Alias.Find(aliasId); return GetAlias(aliasId, true);
} }
public Alias GetAlias(string name) public Alias GetAlias(int aliasId, bool tracking)
{
if (tracking)
{
return _db.Alias.Find(aliasId);
}
else
{
return _db.Alias.AsNoTracking().FirstOrDefault(item => item.AliasId == aliasId);
}
}
// lookup alias based on url - note that alias values are hierarchical
public Alias GetAlias(string url)
{ {
Alias alias = null; Alias alias = null;
List<Alias> aliases = GetAliases().ToList(); List<Alias> aliases = GetAliases().ToList();
var segments = name.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries); var segments = url.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
// iterate segments to find keywords // iterate segments to find keywords
int start = segments.Length; int start = segments.Length;

3
Oqtane.Server/Repository/Interfaces/IAliasRepository.cs
View File

@ -9,7 +9,8 @@ namespace Oqtane.Repository
Alias AddAlias(Alias alias); Alias AddAlias(Alias alias);
Alias UpdateAlias(Alias alias); Alias UpdateAlias(Alias alias);
Alias GetAlias(int aliasId); Alias GetAlias(int aliasId);
Alias GetAlias(string name); Alias GetAlias(int aliasId, bool tracking);
Alias GetAlias(string url);
void DeleteAlias(int aliasId); void DeleteAlias(int aliasId);
} }
} }

3
Oqtane.Server/Repository/Interfaces/IJobRepository.cs
View File

@ -1,4 +1,4 @@
using System.Collections.Generic; using System.Collections.Generic;
using Oqtane.Models; using Oqtane.Models;
namespace Oqtane.Repository namespace Oqtane.Repository
@ -9,6 +9,7 @@ namespace Oqtane.Repository
Job AddJob(Job job); Job AddJob(Job job);
Job UpdateJob(Job job); Job UpdateJob(Job job);
Job GetJob(int jobId); Job GetJob(int jobId);
Job GetJob(int jobId, bool tracking);
void DeleteJob(int jobId); void DeleteJob(int jobId);
} }
} }

15
Oqtane.Server/Repository/JobRepository.cs
View File

@ -1,4 +1,4 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
@ -48,6 +48,19 @@ namespace Oqtane.Repository
return _db.Job.Find(jobId); return _db.Job.Find(jobId);
} }
public Job GetJob(int jobId, bool tracking)
{
if (tracking)
{
return _db.Job.Find(jobId);
}
else
{
return _db.Job.AsNoTracking().FirstOrDefault(item => item.JobId == jobId);
}
}
public void DeleteJob(int jobId) public void DeleteJob(int jobId)
{ {
Job job = _db.Job.Find(jobId); Job job = _db.Job.Find(jobId);