kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactoring, enhancements, and some fixes

Browse Source
This commit is contained in:
Shaun Walker 2021-06-10 08:16:02 -04:00
parent 82c05a841f
commit bc720555c4
30 changed files with 436 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Oqtane.Client/App.razor
View File

@ -1,4 +1,6 @@
@inject IInstallationService InstallationService @inject IInstallationService InstallationService
@inject IJSRuntime JSRuntime
@inject SiteState SiteState
@if (_initialized) @if (_initialized)
{ {
@ -26,15 +28,22 @@
} }
@code { @code {
private Installation _installation; private bool _initialized = false;
private bool _initialized; private Installation _installation = new Installation { Success = false, Message = "" };
private PageState PageState { get; set; } private PageState PageState { get; set; }
protected override async Task OnParametersSetAsync() protected override async Task OnAfterRenderAsync(bool firstRender)
{ {
_installation = await InstallationService.IsInstalled(); if (firstRender && !_initialized)
_initialized = true; {
var interop = new Interop(JSRuntime);
SiteState.AntiForgeryToken = await interop.GetElementByName(Constants.RequestVerificationToken);
_installation = await InstallationService.IsInstalled();
SiteState.Alias = _installation.Alias;
_initialized = true;
StateHasChanged();
}
} }
private void ChangeState(PageState pageState) private void ChangeState(PageState pageState)

9
Oqtane.Client/Modules/Admin/Login/Index.razor
View File

@ -3,6 +3,7 @@
@inject NavigationManager NavigationManager @inject NavigationManager NavigationManager
@inject IUserService UserService @inject IUserService UserService
@inject IServiceProvider ServiceProvider @inject IServiceProvider ServiceProvider
@inject SiteState SiteState
@inject IStringLocalizer<Index> Localizer @inject IStringLocalizer<Index> Localizer
@if (_message != string.Empty) @if (_message != string.Empty)
@ -57,7 +58,7 @@
public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.Anonymous; public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.Anonymous;
public override List<Resource> Resources => new List<Resource>() public override List<Resource> Resources => new List<Resource>()
{ {
new Resource { ResourceType = ResourceType.Stylesheet, Url = ModulePath() + "Module.css" } new Resource { ResourceType = ResourceType.Stylesheet, Url = ModulePath() + "Module.css" }
}; };
@ -108,7 +109,6 @@
{ {
if (PageState.Runtime == Oqtane.Shared.Runtime.Server) if (PageState.Runtime == Oqtane.Shared.Runtime.Server)
{ {
// server-side Blazor
var user = new User(); var user = new User();
user.SiteId = PageState.Site.SiteId; user.SiteId = PageState.Site.SiteId;
user.Username = _username; user.Username = _username;
@ -118,9 +118,8 @@
if (user.IsAuthenticated) if (user.IsAuthenticated)
{ {
await logger.LogInformation("Login Successful For Username {Username}", _username); await logger.LogInformation("Login Successful For Username {Username}", _username);
// complete the login on the server so that the cookies are set correctly // server-side Blazor needs to post to the Login page so that the cookies are set correctly
string antiforgerytoken = await interop.GetElementByName("__RequestVerificationToken"); var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, username = _username, password = _password, remember = _remember, returnurl = _returnUrl };
var fields = new { __RequestVerificationToken = antiforgerytoken, username = _username, password = _password, remember = _remember, returnurl = _returnUrl };
string url = Utilities.TenantUrl(PageState.Alias, "/pages/login/"); string url = Utilities.TenantUrl(PageState.Alias, "/pages/login/");
await interop.SubmitForm(url, fields); await interop.SubmitForm(url, fields);
} }

94
Oqtane.Client/Modules/Admin/Site/Index.razor
View File

@ -21,14 +21,6 @@
<input id="name" class="form-control" @bind="@_name" /> <input id="name" class="form-control" @bind="@_name" />
</td> </td>
</tr> </tr>
<tr>
<td>
<Label For="alias" HelpText="Enter the aliases for the site. An alias can be a domain name (www.site.com) or a virtual folder (ie. www.site.com/folder). If a site has multiple aliases they can be separated by commas." ResourceKey="Aliases">Aliases: </Label>
</td>
<td>
<textarea id="alias" class="form-control" @bind="@_urls" rows="3"></textarea>
</td>
</tr>
<tr> <tr>
<td> <td>
<Label For="allowRegister" HelpText="Do you want the users to be able to register for an account on the site" ResourceKey="AllowRegistration">Allow User Registration? </Label> <Label For="allowRegister" HelpText="Do you want the users to be able to register for an account on the site" ResourceKey="AllowRegistration">Allow User Registration? </Label>
@ -210,6 +202,18 @@
</Section> </Section>
@if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) @if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
{ {
<Section Name="Alias" Heading="Alias Management" ResourceKey="Alias">
<table class="table table-borderless">
<tr>
<td>
<Label For="alias" HelpText="Enter the aliases for the site. An alias can be a domain name (www.site.com) or a virtual folder (ie. www.site.com/folder). If a site has multiple aliases they can be separated by commas." ResourceKey="Aliases">Aliases: </Label>
</td>
<td>
<textarea id="alias" class="form-control" @bind="@_urls" rows="3"></textarea>
</td>
</tr>
</table>
</Section>
<Section Name="TenantInformation" Heading="Tenant Information" ResourceKey="TenantInformation"> <Section Name="TenantInformation" Heading="Tenant Information" ResourceKey="TenantInformation">
<table class="table table-borderless"> <table class="table table-borderless">
<tr> <tr>
@ -292,16 +296,24 @@
try try
{ {
_themeList = await ThemeService.GetThemesAsync(); _themeList = await ThemeService.GetThemesAsync();
_aliasList = await AliasService.GetAliasesAsync();
Site site = await SiteService.GetSiteAsync(PageState.Site.SiteId); Site site = await SiteService.GetSiteAsync(PageState.Site.SiteId);
if (site != null) if (site != null)
{ {
_name = site.Name; _name = site.Name;
foreach (Alias alias in _aliasList.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList()) _allowregistration = site.AllowRegistration.ToString();
_isdeleted = site.IsDeleted.ToString();
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
{ {
_urls += alias.Name + ","; _aliasList = await AliasService.GetAliasesAsync();
foreach (Alias alias in _aliasList.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList())
{
_urls += alias.Name + ",";
}
_urls = _urls.Substring(0, _urls.Length - 1);
} }
_urls = _urls.Substring(0, _urls.Length - 1);
if (site.LogoFileId != null) if (site.LogoFileId != null)
{ {
_logofileid = site.LogoFileId.Value; _logofileid = site.LogoFileId.Value;
@ -317,7 +329,6 @@
_containers = ThemeService.GetContainerControls(_themeList, _themetype); _containers = ThemeService.GetContainerControls(_themeList, _themetype);
_containertype = (!string.IsNullOrEmpty(site.DefaultContainerType)) ? site.DefaultContainerType : Constants.DefaultContainer; _containertype = (!string.IsNullOrEmpty(site.DefaultContainerType)) ? site.DefaultContainerType : Constants.DefaultContainer;
_admincontainertype = (!string.IsNullOrEmpty(site.AdminContainerType)) ? site.AdminContainerType : Constants.DefaultAdminContainer; _admincontainertype = (!string.IsNullOrEmpty(site.AdminContainerType)) ? site.AdminContainerType : Constants.DefaultAdminContainer;
_allowregistration = site.AllowRegistration.ToString();
var settings = await SettingService.GetSiteSettingsAsync(site.SiteId); var settings = await SettingService.GetSiteSettingsAsync(site.SiteId);
_smtphost = SettingService.GetSetting(settings, "SMTPHost", string.Empty); _smtphost = SettingService.GetSetting(settings, "SMTPHost", string.Empty);
@ -368,7 +379,6 @@
_modifiedon = site.ModifiedOn; _modifiedon = site.ModifiedOn;
_deletedby = site.DeletedBy; _deletedby = site.DeletedBy;
_deletedon = site.DeletedOn; _deletedon = site.DeletedOn;
_isdeleted = site.IsDeleted.ToString();
_initialized = true; _initialized = true;
} }
@ -427,34 +437,30 @@
bool refresh = (site.DefaultThemeType != _themetype || site.DefaultContainerType != _containertype); bool refresh = (site.DefaultThemeType != _themetype || site.DefaultContainerType != _containertype);
site.Name = _name; site.Name = _name;
site.AllowRegistration = (_allowregistration == null ? true : Boolean.Parse(_allowregistration));
site.IsDeleted = (_isdeleted == null ? true : Boolean.Parse(_isdeleted));
site.LogoFileId = null; site.LogoFileId = null;
var logofileid = _logofilemanager.GetFileId(); var logofileid = _logofilemanager.GetFileId();
if (logofileid != -1) if (logofileid != -1)
{ {
site.LogoFileId = logofileid; site.LogoFileId = logofileid;
} }
var faviconFieldId = _faviconfilemanager.GetFileId(); var faviconFieldId = _faviconfilemanager.GetFileId();
if (faviconFieldId != -1) if (faviconFieldId != -1)
{ {
site.FaviconFileId = faviconFieldId; site.FaviconFileId = faviconFieldId;
} }
site.DefaultThemeType = _themetype; site.DefaultThemeType = _themetype;
site.DefaultContainerType = _containertype; site.DefaultContainerType = _containertype;
site.AdminContainerType = _admincontainertype; site.AdminContainerType = _admincontainertype;
site.AllowRegistration = (_allowregistration == null ? true : Boolean.Parse(_allowregistration));
site.IsDeleted = (_isdeleted == null ? true : Boolean.Parse(_isdeleted));
site.PwaIsEnabled = (_pwaisenabled == null ? true : Boolean.Parse(_pwaisenabled)); site.PwaIsEnabled = (_pwaisenabled == null ? true : Boolean.Parse(_pwaisenabled));
var pwaappiconfileid = _pwaappiconfilemanager.GetFileId(); var pwaappiconfileid = _pwaappiconfilemanager.GetFileId();
if (pwaappiconfileid != -1) if (pwaappiconfileid != -1)
{ {
site.PwaAppIconFileId = pwaappiconfileid; site.PwaAppIconFileId = pwaappiconfileid;
} }
var pwasplashiconfileid = _pwasplashiconfilemanager.GetFileId(); var pwasplashiconfileid = _pwasplashiconfilemanager.GetFileId();
if (pwasplashiconfileid != -1) if (pwasplashiconfileid != -1)
{ {
@ -463,27 +469,6 @@
site = await SiteService.UpdateSiteAsync(site); site = await SiteService.UpdateSiteAsync(site);
var names = _urls.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (Alias alias in _aliasList.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList())
{
if (!names.Contains(alias.Name))
{
await AliasService.DeleteAliasAsync(alias.AliasId);
}
}
foreach (string name in names)
{
if (!_aliasList.Exists(item => item.Name == name))
{
Alias alias = new Alias();
alias.Name = name;
alias.TenantId = site.TenantId;
alias.SiteId = site.SiteId;
await AliasService.AddAliasAsync(alias);
}
}
var settings = await SettingService.GetSiteSettingsAsync(site.SiteId); var settings = await SettingService.GetSiteSettingsAsync(site.SiteId);
SettingService.SetSetting(settings, "SMTPHost", _smtphost); SettingService.SetSetting(settings, "SMTPHost", _smtphost);
SettingService.SetSetting(settings, "SMTPPort", _smtpport); SettingService.SetSetting(settings, "SMTPPort", _smtpport);
@ -493,7 +478,32 @@
SettingService.SetSetting(settings, "SMTPSender", _smtpsender); SettingService.SetSetting(settings, "SMTPSender", _smtpsender);
await SettingService.UpdateSiteSettingsAsync(settings, site.SiteId); await SettingService.UpdateSiteSettingsAsync(settings, site.SiteId);
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
{
var names = _urls.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (Alias alias in _aliasList.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList())
{
if (!names.Contains(alias.Name))
{
await AliasService.DeleteAliasAsync(alias.AliasId);
}
}
foreach (string name in names)
{
if (!_aliasList.Exists(item => item.Name == name))
{
Alias alias = new Alias();
alias.Name = name;
alias.TenantId = site.TenantId;
alias.SiteId = site.SiteId;
await AliasService.AddAliasAsync(alias);
}
}
}
await logger.LogInformation("Site Settings Saved {Site}", site); await logger.LogInformation("Site Settings Saved {Site}", site);
if (refresh) if (refresh)
{ {
NavigationManager.NavigateTo(NavigateUrl()); // refresh to show new theme or container NavigationManager.NavigateTo(NavigateUrl()); // refresh to show new theme or container

17
Oqtane.Client/Modules/Admin/Sites/Index.razor
View File

@ -15,12 +15,14 @@ else
<Pager Items="@_sites"> <Pager Items="@_sites">
<Header> <Header>
<th style="width: 1px;">&nbsp;</th>
<th style="width: 1px;">&nbsp;</th> <th style="width: 1px;">&nbsp;</th>
<th>@Localizer["Name"]</th> <th>@Localizer["Name"]</th>
</Header> </Header>
<Row> <Row>
<td><NavLink class="btn btn-primary" href="@(_scheme + context.Name +"/admin/site")">@Localizer["Edit"]</NavLink></td> <td><button type="button" class="btn btn-primary" @onclick="@(async () => Edit(context.Name))">@Localizer["Edit"]</button></td>
<td><a href="@(_scheme + context.Name +"?reload")">@context.Name</a></td> <td><button type="button" class="btn btn-secondary" @onclick="@(async () => Browse(context.Name))">@Localizer["Browse"]</button></td>
<td>@context.Name</td>
</Row> </Row>
</Pager> </Pager>
} }
@ -46,4 +48,15 @@ else
} }
} }
} }
private void Edit(string name)
{
NavigationManager.NavigateTo(_scheme + name + "/admin/site", true);
}
private void Browse(string name)
{
NavigationManager.NavigateTo(_scheme + name, true);
}
} }

27
Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
View File

@ -1,5 +1,3 @@
using System.Collections.Generic;
using System.Linq;
using System.Net.Http; using System.Net.Http;
using System.Threading.Tasks; using System.Threading.Tasks;
using Oqtane.Services; using Oqtane.Services;
@ -9,34 +7,35 @@ namespace Oqtane.Modules.HtmlText.Services
{ {
public class HtmlTextService : ServiceBase, IHtmlTextService, IService public class HtmlTextService : ServiceBase, IHtmlTextService, IService
{ {
private readonly SiteState _siteState; public HtmlTextService(HttpClient http, SiteState siteState) : base(http, siteState) {}
public HtmlTextService(HttpClient http, SiteState siteState) : base(http) private string ApiUrl => CreateApiUrl("HtmlText");
{
_siteState = siteState;
}
private string ApiUrl => CreateApiUrl("HtmlText", _siteState.Alias);
public async Task<Models.HtmlText> GetHtmlTextAsync(int moduleId) public async Task<Models.HtmlText> GetHtmlTextAsync(int moduleId)
{ {
var htmltext = await GetJsonAsync<List<Models.HtmlText>>(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", new Dictionary<string, int>() { { EntityNames.Module, moduleId } })); AddAuthorizationPolicyHeader(EntityNames.Module, moduleId);
return htmltext.FirstOrDefault(); return await GetJsonAsync<Models.HtmlText>($"{ApiUrl}/{moduleId}");
} }
public async Task AddHtmlTextAsync(Models.HtmlText htmlText) public async Task AddHtmlTextAsync(Models.HtmlText htmlText)
{ {
await PostJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}", new Dictionary<string, int>() { { EntityNames.Module, htmlText.ModuleId } }), htmlText); AddAntiForgeryToken();
AddAuthorizationPolicyHeader(EntityNames.Module, htmlText.ModuleId);
await PostJsonAsync($"{ApiUrl}", htmlText);
} }
public async Task UpdateHtmlTextAsync(Models.HtmlText htmlText) public async Task UpdateHtmlTextAsync(Models.HtmlText htmlText)
{ {
await PutJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{htmlText.HtmlTextId}", new Dictionary<string, int>() { { EntityNames.Module, htmlText.ModuleId } }), htmlText); AddAntiForgeryToken();
AddAuthorizationPolicyHeader(EntityNames.Module, htmlText.ModuleId);
await PutJsonAsync($"{ApiUrl}/{htmlText.HtmlTextId}", htmlText);
} }
public async Task DeleteHtmlTextAsync(int moduleId) public async Task DeleteHtmlTextAsync(int moduleId)
{ {
await DeleteAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", new Dictionary<string, int>() { { EntityNames.Module, moduleId } })); AddAntiForgeryToken();
AddAuthorizationPolicyHeader(EntityNames.Module, moduleId);
await DeleteAsync($"{ApiUrl}/{moduleId}");
} }
} }
} }

3
Oqtane.Client/Program.cs
View File

@ -13,7 +13,6 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
using Microsoft.AspNetCore.Localization; using Microsoft.AspNetCore.Localization;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.JSInterop; using Microsoft.JSInterop;
using Oqtane.Interfaces;
using Oqtane.Modules; using Oqtane.Modules;
using Oqtane.Providers; using Oqtane.Providers;
using Oqtane.Services; using Oqtane.Services;
@ -69,6 +68,8 @@ namespace Oqtane.Client
builder.Services.AddScoped<ISystemService, SystemService>(); builder.Services.AddScoped<ISystemService, SystemService>();
builder.Services.AddScoped<ILocalizationService, LocalizationService>(); builder.Services.AddScoped<ILocalizationService, LocalizationService>();
builder.Services.AddScoped<ILanguageService, LanguageService>(); builder.Services.AddScoped<ILanguageService, LanguageService>();
builder.Services.AddScoped<IDatabaseService, DatabaseService>();
builder.Services.AddScoped<ISyncService, SyncService>();
await LoadClientAssemblies(httpClient); await LoadClientAssemblies(httpClient);

9
Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
View File

@ -30,14 +30,11 @@ namespace Oqtane.Providers
// get HttpClient lazily from IServiceProvider as you cannot use standard dependency injection due to the AuthenticationStateProvider being initialized prior to NavigationManager(https://github.com/aspnet/AspNetCore/issues/11867 ) // get HttpClient lazily from IServiceProvider as you cannot use standard dependency injection due to the AuthenticationStateProvider being initialized prior to NavigationManager(https://github.com/aspnet/AspNetCore/issues/11867 )
var http = _serviceProvider.GetRequiredService<HttpClient>(); var http = _serviceProvider.GetRequiredService<HttpClient>();
// get alias as SiteState has not been initialized ( cannot use AliasService as it is not yet registered ) var siteState = _serviceProvider.GetRequiredService<SiteState>();
var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1); User user = await http.GetFromJsonAsync<User>(Utilities.TenantUrl(siteState.Alias, "/api/User/authenticate"));
var alias = await http.GetFromJsonAsync<Alias>($"/api/Alias/name/?path={WebUtility.UrlEncode(path)}&sync={DateTime.UtcNow.ToString("yyyyMMddHHmmssfff")}");
// get user
User user = await http.GetFromJsonAsync<User>(Utilities.TenantUrl(alias, "/api/User/authenticate"));
if (user.IsAuthenticated) if (user.IsAuthenticated)
{ {
identity = UserSecurity.CreateClaimsIdentity(alias, user); identity = UserSecurity.CreateClaimsIdentity(siteState.Alias, user);
} }
return new AuthenticationState(new ClaimsPrincipal(identity)); return new AuthenticationState(new ClaimsPrincipal(identity));

9
Oqtane.Client/Services/AliasService.cs
View File

@ -3,8 +3,6 @@ using System.Threading.Tasks;
using System.Net.Http; using System.Net.Http;
using System.Linq; using System.Linq;
using System.Collections.Generic; using System.Collections.Generic;
using System.Net;
using System;
using Oqtane.Documentation; using Oqtane.Documentation;
using Oqtane.Shared; using Oqtane.Shared;
@ -40,13 +38,6 @@ namespace Oqtane.Services
return await GetJsonAsync<Alias>($"{ApiUrl}/{aliasId}"); return await GetJsonAsync<Alias>($"{ApiUrl}/{aliasId}");
} }
/// <inheritdoc />
public async Task<Alias> GetAliasAsync(string path, DateTime lastSyncDate)
{
// tenant agnostic as SiteState does not exist
return await GetJsonAsync<Alias>($"{CreateApiUrl("Alias", null)}/name/?path={WebUtility.UrlEncode(path)}&sync={lastSyncDate.ToString("yyyyMMddHHmmssfff")}");
}
/// <inheritdoc /> /// <inheritdoc />
public async Task<Alias> AddAliasAsync(Alias alias) public async Task<Alias> AddAliasAsync(Alias alias)
{ {

15
Oqtane.Client/Services/InstallationService.cs
View File

@ -3,19 +3,28 @@ using System.Threading.Tasks;
using System.Net.Http; using System.Net.Http;
using Oqtane.Documentation; using Oqtane.Documentation;
using Oqtane.Shared; using Oqtane.Shared;
using Microsoft.AspNetCore.Components;
using System;
using System.Net;
namespace Oqtane.Services namespace Oqtane.Services
{ {
[PrivateApi("Don't show in the documentation, as everything should use the Interface")] [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
public class InstallationService : ServiceBase, IInstallationService public class InstallationService : ServiceBase, IInstallationService
{ {
public InstallationService(HttpClient http) : base(http) {} private readonly NavigationManager _navigationManager;
private string ApiUrl => CreateApiUrl("Installation", null); // tenant agnostic as SiteState does not exist public InstallationService(HttpClient http, NavigationManager navigationManager) : base(http)
{
_navigationManager = navigationManager;
}
private string ApiUrl => CreateApiUrl("Installation", null, ControllerRoutes.ApiRoute); // tenant agnostic
public async Task<Installation> IsInstalled() public async Task<Installation> IsInstalled()
{ {
return await GetJsonAsync<Installation>($"{ApiUrl}/installed"); var path = new Uri(_navigationManager.Uri).LocalPath.Substring(1);
return await GetJsonAsync<Installation>($"{ApiUrl}/installed/?path={WebUtility.UrlEncode(path)}");
} }
public async Task<Installation> Install(InstallConfig config) public async Task<Installation> Install(InstallConfig config)

8
Oqtane.Client/Services/Interfaces/IAliasService.cs
View File

@ -23,14 +23,6 @@ namespace Oqtane.Services
/// <returns></returns> /// <returns></returns>
Task<Alias> GetAliasAsync(int aliasId); Task<Alias> GetAliasAsync(int aliasId);
/// <summary>
/// Retrieve the Alias object of a URL.
/// </summary>
/// <param name="url">The URL - todoc - is this only the root, or can it be a longer path?</param>
/// <param name="lastSyncDate">todoc - unclear what this is for</param>
/// <returns></returns>
Task<Alias> GetAliasAsync(string url, DateTime lastSyncDate);
/// <summary> /// <summary>
/// Save another <see cref="Oqtane.Models.Alias"/> in the DB. It must already contain all the information incl. <see cref="Oqtane.Models.Tenant"/> it belongs to. /// Save another <see cref="Oqtane.Models.Alias"/> in the DB. It must already contain all the information incl. <see cref="Oqtane.Models.Tenant"/> it belongs to.
/// </summary> /// </summary>

19
Oqtane.Client/Services/Interfaces/ISyncService.cs Normal file
View File

@ -0,0 +1,19 @@
using Oqtane.Models;
using System;
using System.Threading.Tasks;
namespace Oqtane.Services
{
/// <summary>
/// Service to retrieve <see cref="Sync"/> information.
/// </summary>
public interface ISyncService
{
/// <summary>
/// Get sync events
/// </summary>
/// <param name="lastSyncDate"></param>
/// <returns></returns>
Task<Sync> GetSyncAsync(DateTime lastSyncDate);
}
}

57
Oqtane.Client/Services/ServiceBase.cs
View File

@ -1,10 +1,12 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq;
using System.Net; using System.Net;
using System.Net.Http; using System.Net.Http;
using System.Net.Http.Json; using System.Net.Http.Json;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Components;
using Oqtane.Documentation; using Oqtane.Documentation;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
@ -15,10 +17,25 @@ namespace Oqtane.Services
public class ServiceBase public class ServiceBase
{ {
private readonly HttpClient _http; private readonly HttpClient _http;
private readonly SiteState _siteState;
protected ServiceBase(HttpClient client) protected ServiceBase(HttpClient client, SiteState siteState)
{ {
_http = client; _http = client;
_siteState = siteState;
}
// should be used with new constructor
public string CreateApiUrl(string serviceName)
{
if (_siteState != null)
{
return CreateApiUrl(serviceName, _siteState.Alias, ControllerRoutes.ApiRoute);
}
else // legacy support (before 2.1.0)
{
return CreateApiUrl(serviceName, null, ControllerRoutes.Default);
}
} }
public string CreateApiUrl(string serviceName, Alias alias) public string CreateApiUrl(string serviceName, Alias alias)
@ -61,10 +78,10 @@ namespace Oqtane.Services
return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { entityName, entityId } }); return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { entityName, entityId } });
} }
public string CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args) public string CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> authEntityId)
{ {
string qs = ""; string qs = "";
foreach (KeyValuePair<string, int> kvp in args) foreach (KeyValuePair<string, int> kvp in authEntityId)
{ {
qs += (qs != "") ? "&" : ""; qs += (qs != "") ? "&" : "";
qs += "auth" + kvp.Key.ToLower() + "id=" + kvp.Value.ToString(); qs += "auth" + kvp.Key.ToLower() + "id=" + kvp.Value.ToString();
@ -80,6 +97,33 @@ namespace Oqtane.Services
} }
} }
protected void AddRequestHeader(string name, string value)
{
if (_http.DefaultRequestHeaders.Contains(name))
{
_http.DefaultRequestHeaders.Remove(name);
}
_http.DefaultRequestHeaders.Add(name, value);
}
protected void AddAntiForgeryToken()
{
AddRequestHeader(Constants.AntiForgeryTokenHeaderName, _siteState.AntiForgeryToken);
}
public void AddAuthorizationPolicyHeader(string entityName, int entityId)
{
AddAuthorizationPolicyHeader(new Dictionary<string, int>() { { entityName, entityId } });
}
public void AddAuthorizationPolicyHeader(Dictionary<string, int> authEntityId)
{
foreach (KeyValuePair<string, int> kvp in authEntityId)
{
AddRequestHeader("auth" + kvp.Key.ToLower() + "id", kvp.Value.ToString());
}
}
protected async Task GetAsync(string uri) protected async Task GetAsync(string uri)
{ {
var response = await _http.GetAsync(uri); var response = await _http.GetAsync(uri);
@ -194,10 +238,11 @@ namespace Oqtane.Services
return mediaType != null && mediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase); return mediaType != null && mediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase);
} }
[Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)] //[Obsolete("This constructor is obsolete. Use ServiceBase(HttpClient client, SiteState siteState) : base(http, siteState) {} instead.", false)]
public string CreateApiUrl(string serviceName) // This constructor is obsolete. Use ServiceBase(HttpClient client, SiteState siteState) : base(http, siteState) {} instead.
protected ServiceBase(HttpClient client)
{ {
return CreateApiUrl(serviceName, null, ControllerRoutes.Default); _http = client;
} }
[Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)] [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)]

33
Oqtane.Client/Services/SyncService.cs Normal file
View File

@ -0,0 +1,33 @@
using Oqtane.Models;
using System.Threading.Tasks;
using System.Net.Http;
using System;
using Oqtane.Documentation;
using Oqtane.Shared;
namespace Oqtane.Services
{
/// <inheritdoc cref="ISyncService" />
[PrivateApi("Don't show in the documentation, as everything should use the Interface")]
public class SyncService : ServiceBase, ISyncService
{
private readonly SiteState _siteState;
/// <summary>
/// Constructor - should only be used by Dependency Injection
/// </summary>
public SyncService(HttpClient http, SiteState siteState) : base(http)
{
_siteState = siteState;
}
private string ApiUrl => CreateApiUrl("Sync", _siteState.Alias);
/// <inheritdoc />
public async Task<Sync> GetSyncAsync(DateTime lastSyncDate)
{
return await GetJsonAsync<Sync>($"{ApiUrl}/{lastSyncDate.ToString("yyyyMMddHHmmssfff")}");
}
}
}

12
Oqtane.Client/Themes/Controls/Container/ModuleActionsBase.cs
View File

@ -115,7 +115,7 @@ namespace Oqtane.Themes.Controls
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, oldPane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, oldPane);
return url; return NavigateUrl(url, "reload");
} }
private async Task<string> DeleteModule(string url, PageModule pagemodule) private async Task<string> DeleteModule(string url, PageModule pagemodule)
@ -123,7 +123,7 @@ namespace Oqtane.Themes.Controls
pagemodule.IsDeleted = true; pagemodule.IsDeleted = true;
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
return url; return NavigateUrl(url, "reload");
} }
private async Task<string> Settings(string url, PageModule pagemodule) private async Task<string> Settings(string url, PageModule pagemodule)
@ -174,7 +174,7 @@ namespace Oqtane.Themes.Controls
pagemodule.Order = 0; pagemodule.Order = 0;
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
return s; return NavigateUrl(s, "reload");
} }
private async Task<string> MoveBottom(string s, PageModule pagemodule) private async Task<string> MoveBottom(string s, PageModule pagemodule)
@ -182,7 +182,7 @@ namespace Oqtane.Themes.Controls
pagemodule.Order = int.MaxValue; pagemodule.Order = int.MaxValue;
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
return s; return NavigateUrl(s, "reload");
} }
private async Task<string> MoveUp(string s, PageModule pagemodule) private async Task<string> MoveUp(string s, PageModule pagemodule)
@ -190,7 +190,7 @@ namespace Oqtane.Themes.Controls
pagemodule.Order -= 3; pagemodule.Order -= 3;
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
return s; return NavigateUrl(s, "reload");
} }
private async Task<string> MoveDown(string s, PageModule pagemodule) private async Task<string> MoveDown(string s, PageModule pagemodule)
@ -198,7 +198,7 @@ namespace Oqtane.Themes.Controls
pagemodule.Order += 3; pagemodule.Order += 3;
await PageModuleService.UpdatePageModuleAsync(pagemodule); await PageModuleService.UpdatePageModuleAsync(pagemodule);
await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane); await PageModuleService.UpdatePageModuleOrderAsync(pagemodule.PageId, pagemodule.Pane);
return s; return NavigateUrl(s, "reload");
} }
public class ActionViewModel public class ActionViewModel

8
Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
View File

@ -16,6 +16,7 @@ namespace Oqtane.Themes.Controls
[Inject] public IUserService UserService { get; set; } [Inject] public IUserService UserService { get; set; }
[Inject] public IJSRuntime jsRuntime { get; set; } [Inject] public IJSRuntime jsRuntime { get; set; }
[Inject] public IServiceProvider ServiceProvider { get; set; } [Inject] public IServiceProvider ServiceProvider { get; set; }
[Inject] public SiteState SiteState { get; set; }
protected void LoginUser() protected void LoginUser()
{ {
@ -35,11 +36,10 @@ namespace Oqtane.Themes.Controls
if (PageState.Runtime == Oqtane.Shared.Runtime.Server) if (PageState.Runtime == Oqtane.Shared.Runtime.Server)
{ {
// server-side Blazor // server-side Blazor needs to post to the Logout page
var interop = new Interop(jsRuntime); var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path };
string antiforgerytoken = await interop.GetElementByName("__RequestVerificationToken");
var fields = new { __RequestVerificationToken = antiforgerytoken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path };
string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/"); string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/");
var interop = new Interop(jsRuntime);
await interop.SubmitForm(url, fields); await interop.SubmitForm(url, fields);
} }
else else

34
Oqtane.Client/UI/SiteRouter.razor
View File

@ -5,8 +5,7 @@
@inject SiteState SiteState @inject SiteState SiteState
@inject NavigationManager NavigationManager @inject NavigationManager NavigationManager
@inject INavigationInterception NavigationInterception @inject INavigationInterception NavigationInterception
@inject IAliasService AliasService @inject ISyncService SyncService
@inject ITenantService TenantService
@inject ISiteService SiteService @inject ISiteService SiteService
@inject IPageService PageService @inject IPageService PageService
@inject IUserService UserService @inject IUserService UserService
@ -69,7 +68,6 @@
[SuppressMessage("ReSharper", "StringIndexOfIsCultureSpecific.1")] [SuppressMessage("ReSharper", "StringIndexOfIsCultureSpecific.1")]
private async Task Refresh() private async Task Refresh()
{ {
Alias alias = null;
Site site; Site site;
List<Page> pages; List<Page> pages;
Page page; Page page;
@ -103,27 +101,25 @@
lastsyncdate = PageState.LastSyncDate; lastsyncdate = PageState.LastSyncDate;
} }
alias = await AliasService.GetAliasAsync(path, lastsyncdate);
SiteState.Alias = alias; // set state for services
lastsyncdate = alias.SyncDate;
// process any sync events // process any sync events
if (reload != Reload.Site && alias.SyncEvents.Any()) var sync = await SyncService.GetSyncAsync(lastsyncdate);
lastsyncdate = sync.SyncDate;
if (reload != Reload.Site && sync.SyncEvents.Any())
{ {
// if running on WebAssembly reload the client application if the server application was restarted // if running on WebAssembly reload the client application if the server application was restarted
if (runtime == Shared.Runtime.WebAssembly && PageState != null && alias.SyncEvents.Exists(item => item.TenantId == -1)) if (runtime == Shared.Runtime.WebAssembly && PageState != null && sync.SyncEvents.Exists(item => item.TenantId == -1))
{ {
NavigationManager.NavigateTo(_absoluteUri + (!_absoluteUri.Contains("?") ? "?" : "&") + "reload", true); NavigationManager.NavigateTo(_absoluteUri + (!_absoluteUri.Contains("?") ? "?" : "&") + "reload", true);
} }
if (alias.SyncEvents.Exists(item => item.EntityName == EntityNames.Site && item.EntityId == alias.SiteId)) if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.Site && item.EntityId == SiteState.Alias.SiteId))
{ {
reload = Reload.Site; reload = Reload.Site;
} }
} }
if (reload == Reload.Site || PageState == null || alias.SiteId != PageState.Alias.SiteId) if (reload == Reload.Site || PageState == null || PageState.Alias.SiteId != SiteState.Alias.SiteId)
{ {
site = await SiteService.GetSiteAsync(alias.SiteId); site = await SiteService.GetSiteAsync(SiteState.Alias.SiteId);
reload = Reload.Site; reload = Reload.Site;
} }
else else
@ -148,9 +144,9 @@
} }
// process any sync events for user // process any sync events for user
if (reload != Reload.Site && user != null && alias.SyncEvents.Any()) if (reload != Reload.Site && user != null && sync.SyncEvents.Any())
{ {
if (alias.SyncEvents.Exists(item => item.EntityName == EntityNames.User && item.EntityId == user.UserId)) if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.User && item.EntityId == user.UserId))
{ {
reload = Reload.Site; reload = Reload.Site;
} }
@ -173,9 +169,9 @@
path += "/"; path += "/";
} }
if (alias.Path != "") if (SiteState.Alias.Path != "")
{ {
path = path.Substring(alias.Path.Length + 1); path = path.Substring(SiteState.Alias.Path.Length + 1);
} }
// extract admin route elements from path // extract admin route elements from path
@ -281,7 +277,7 @@
_pagestate = new PageState _pagestate = new PageState
{ {
Alias = alias, Alias = SiteState.Alias,
Site = site, Site = site,
Pages = pages, Pages = pages,
Page = page, Page = page,
@ -305,7 +301,7 @@
if (user == null) if (user == null)
{ {
// redirect to login page // redirect to login page
NavigationManager.NavigateTo(Utilities.NavigateUrl(alias.Path, "login", "?returnurl=" + path)); NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "login", "?returnurl=" + path));
} }
else else
{ {
@ -313,7 +309,7 @@
if (path != "") if (path != "")
{ {
// redirect to home page // redirect to home page
NavigationManager.NavigateTo(Utilities.NavigateUrl(alias.Path, "", "")); NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "", ""));
} }
} }
} }

53
Oqtane.Server/Controllers/AliasController.cs
View File

@ -3,10 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using System.Linq;
using System;
using System.Net; using System.Net;
using System.Globalization;
using Oqtane.Enums; using Oqtane.Enums;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Repository; using Oqtane.Repository;
@ -18,21 +15,17 @@ namespace Oqtane.Controllers
public class AliasController : Controller public class AliasController : Controller
{ {
private readonly IAliasRepository _aliases; private readonly IAliasRepository _aliases;
private readonly IHttpContextAccessor _accessor;
private readonly ISyncManager _syncManager;
private readonly ILogManager _logger; private readonly ILogManager _logger;
public AliasController(IAliasRepository aliases, IHttpContextAccessor accessor, ISyncManager syncManager, ILogManager logger) public AliasController(IAliasRepository aliases, ILogManager logger)
{ {
_aliases = aliases; _aliases = aliases;
_accessor = accessor;
_syncManager = syncManager;
_logger = logger; _logger = logger;
} }
// GET: api/<controller> // GET: api/<controller>
[HttpGet] [HttpGet]
[Authorize(Roles = RoleNames.Admin)] [Authorize(Roles = RoleNames.Host)]
public IEnumerable<Alias> Get() public IEnumerable<Alias> Get()
{ {
return _aliases.GetAliases(); return _aliases.GetAliases();
@ -40,37 +33,15 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize(Roles = RoleNames.Admin)] [Authorize(Roles = RoleNames.Host)]
public Alias Get(int id) public Alias Get(int id)
{ {
return _aliases.GetAlias(id); return _aliases.GetAlias(id);
} }
// GET api/<controller>/name/?path=xxx&sync=yyyyMMddHHmmssfff
[HttpGet("name")]
public Alias Get(string path, string sync)
{
Alias alias = null;
if (_accessor.HttpContext != null)
{
path = _accessor.HttpContext.Request.Host.Value + "/" + WebUtility.UrlDecode(path);
alias = _aliases.GetAlias(path);
}
// get sync events
if (alias != null)
{
alias.SyncDate = DateTime.UtcNow;
alias.SyncEvents = _syncManager.GetSyncEvents(alias.TenantId, DateTime.ParseExact(sync, "yyyyMMddHHmmssfff", CultureInfo.InvariantCulture));
}
return alias;
}
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = RoleNames.Admin)] [Authorize(Roles = RoleNames.Host)]
public Alias Post([FromBody] Alias alias) public Alias Post([FromBody] Alias alias)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -78,12 +49,18 @@ namespace Oqtane.Controllers
alias = _aliases.AddAlias(alias); alias = _aliases.AddAlias(alias);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Alias Added {Alias}", alias); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Alias Added {Alias}", alias);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Post Attempt {Alias}", alias);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
alias = null;
}
return alias; return alias;
} }
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = RoleNames.Admin)] [Authorize(Roles = RoleNames.Host)]
public Alias Put(int id, [FromBody] Alias alias) public Alias Put(int id, [FromBody] Alias alias)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -91,12 +68,18 @@ namespace Oqtane.Controllers
alias = _aliases.UpdateAlias(alias); alias = _aliases.UpdateAlias(alias);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias); _logger.Log(LogLevel.Information, this, LogFunction.Update, "Alias Updated {Alias}", alias);
} }
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Alias Put Attempt {Alias}", alias);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
alias = null;
}
return alias; return alias;
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = RoleNames.Admin)] [Authorize(Roles = RoleNames.Host)]
public void Delete(int id) public void Delete(int id)
{ {
_aliases.DeleteAlias(id); _aliases.DeleteAlias(id);

20
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -13,6 +13,8 @@ using Oqtane.Shared;
using Oqtane.Themes; using Oqtane.Themes;
using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Caching.Memory;
using System.Net; using System.Net;
using Oqtane.Repository;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -24,14 +26,18 @@ namespace Oqtane.Controllers
private readonly IDatabaseManager _databaseManager; private readonly IDatabaseManager _databaseManager;
private readonly ILocalizationManager _localizationManager; private readonly ILocalizationManager _localizationManager;
private readonly IMemoryCache _cache; private readonly IMemoryCache _cache;
private readonly IHttpContextAccessor _accessor;
private readonly IAliasRepository _aliases;
public InstallationController(IConfigurationRoot config, IInstallationManager installationManager, IDatabaseManager databaseManager, ILocalizationManager localizationManager, IMemoryCache cache) public InstallationController(IConfigurationRoot config, IInstallationManager installationManager, IDatabaseManager databaseManager, ILocalizationManager localizationManager, IMemoryCache cache, IHttpContextAccessor accessor, IAliasRepository aliases)
{ {
_config = config; _config = config;
_installationManager = installationManager; _installationManager = installationManager;
_databaseManager = databaseManager; _databaseManager = databaseManager;
_localizationManager = localizationManager; _localizationManager = localizationManager;
_cache = cache; _cache = cache;
_accessor = accessor;
_aliases = aliases;
} }
// POST api/<controller> // POST api/<controller>
@ -52,11 +58,17 @@ namespace Oqtane.Controllers
return installation; return installation;
} }
// GET api/<controller>/installed // GET api/<controller>/installed/?path=xxx
[HttpGet("installed")] [HttpGet("installed")]
public Installation IsInstalled() public Installation IsInstalled(string path)
{ {
return _databaseManager.IsInstalled(); var installation = _databaseManager.IsInstalled();
if (installation.Success)
{
path = _accessor.HttpContext.Request.Host.Value + "/" + WebUtility.UrlDecode(path);
installation.Alias = _aliases.GetAlias(path);
}
return installation;
} }
[HttpGet("upgrade")] [HttpGet("upgrade")]

24
Oqtane.Server/Controllers/ModuleControllerBase.cs
View File

@ -3,7 +3,6 @@ using Microsoft.AspNetCore.Http;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using System.Collections.Generic; using System.Collections.Generic;
using System; using System;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -18,7 +17,7 @@ namespace Oqtane.Controllers
{ {
_logger = logger; _logger = logger;
// populate policy authorization dictionary // populate policy authorization dictionary from querystring and headers
int value; int value;
foreach (var param in accessor.HttpContext.Request.Query) foreach (var param in accessor.HttpContext.Request.Query)
{ {
@ -27,11 +26,32 @@ namespace Oqtane.Controllers
_authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value); _authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value);
} }
} }
foreach (var param in accessor.HttpContext.Request.Headers)
{
if (param.Key.StartsWith("auth") && param.Key.EndsWith("id") && int.TryParse(param.Value, out value))
{
_authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value);
}
}
// legacy support // legacy support
if (_authEntityId.Count == 0 && accessor.HttpContext.Request.Query.ContainsKey("entityid")) if (_authEntityId.Count == 0 && accessor.HttpContext.Request.Query.ContainsKey("entityid"))
{ {
_entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]); _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
} }
}
protected int AuthEntityId(string entityname)
{
if (_authEntityId.ContainsKey(entityname))
{
return _authEntityId[entityname];
}
else
{
return -1;
}
} }
} }

34
Oqtane.Server/Controllers/SyncController.cs Normal file
View File

@ -0,0 +1,34 @@
using Microsoft.AspNetCore.Mvc;
using Oqtane.Models;
using Oqtane.Shared;
using System;
using System.Globalization;
using Oqtane.Infrastructure;
namespace Oqtane.Controllers
{
[Route(ControllerRoutes.ApiRoute)]
public class SyncController : Controller
{
private readonly ISyncManager _syncManager;
private readonly Alias _alias;
public SyncController(ISyncManager syncManager, ITenantManager tenantManager)
{
_syncManager = syncManager;
_alias = tenantManager.GetAlias();
}
// GET api/<controller>/yyyyMMddHHmmssfff
[HttpGet("{lastSyncDate}")]
public Sync Get(string lastSyncDate)
{
Sync sync = new Sync
{
SyncDate = DateTime.UtcNow,
SyncEvents = _syncManager.GetSyncEvents(_alias.TenantId, DateTime.ParseExact(lastSyncDate, "yyyyMMddHHmmssfff", CultureInfo.InvariantCulture))
};
return sync;
}
}
}

73
Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
View File

@ -3,11 +3,10 @@ using Microsoft.AspNetCore.Authorization;
using Oqtane.Modules.HtmlText.Repository; using Oqtane.Modules.HtmlText.Repository;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Oqtane.Shared; using Oqtane.Shared;
using System;
using System.Collections.Generic;
using Oqtane.Enums; using Oqtane.Enums;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Controllers; using Oqtane.Controllers;
using System.Net;
namespace Oqtane.Modules.HtmlText.Controllers namespace Oqtane.Modules.HtmlText.Controllers
{ {
@ -24,85 +23,75 @@ namespace Oqtane.Modules.HtmlText.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize(Policy = PolicyNames.ViewModule)] [Authorize(Policy = PolicyNames.ViewModule)]
public List<Models.HtmlText> Get(int id) public Models.HtmlText Get(int id)
{ {
var list = new List<Models.HtmlText>(); if (AuthEntityId(EntityNames.Module) == id)
try
{ {
Models.HtmlText htmlText = null; return _htmlText.GetHtmlText(id);
if (_authEntityId[EntityNames.Module] == id)
{
htmlText = _htmlText.GetHtmlText(id);
list.Add(htmlText);
}
} }
catch (Exception ex) else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, ex, "Get Error {Error}", ex.Message); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Get Attempt {ModuleId}", id);
throw; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
} }
return list;
} }
// POST api/<controller> // POST api/<controller>
[ValidateAntiForgeryToken]
[HttpPost] [HttpPost]
[Authorize(Policy = PolicyNames.EditModule)] [Authorize(Policy = PolicyNames.EditModule)]
public Models.HtmlText Post([FromBody] Models.HtmlText htmlText) public Models.HtmlText Post([FromBody] Models.HtmlText htmlText)
{ {
try if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
{ {
if (ModelState.IsValid && htmlText.ModuleId == _authEntityId[EntityNames.Module]) htmlText = _htmlText.AddHtmlText(htmlText);
{ _logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
htmlText = _htmlText.AddHtmlText(htmlText);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
}
return htmlText; return htmlText;
} }
catch (Exception ex) else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Create, ex, "Post Error {Error}", ex.Message); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Post Attempt {HtmlText}", htmlText);
throw; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
} }
} }
// PUT api/<controller>/5 // PUT api/<controller>/5
[ValidateAntiForgeryToken]
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Policy = PolicyNames.EditModule)] [Authorize(Policy = PolicyNames.EditModule)]
public Models.HtmlText Put(int id, [FromBody] Models.HtmlText htmlText) public Models.HtmlText Put(int id, [FromBody] Models.HtmlText htmlText)
{ {
try if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
{ {
if (ModelState.IsValid && htmlText.ModuleId == _authEntityId[EntityNames.Module]) htmlText = _htmlText.UpdateHtmlText(htmlText);
{ _logger.Log(LogLevel.Information, this, LogFunction.Update, "Html/Text Updated {HtmlText}", htmlText);
htmlText = _htmlText.UpdateHtmlText(htmlText);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Html/Text Updated {HtmlText}", htmlText);
}
return htmlText; return htmlText;
} }
catch (Exception ex) else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Update, ex, "Put Error {Error}", ex.Message); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Put Attempt {HtmlText}", htmlText);
throw; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
} }
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[ValidateAntiForgeryToken]
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Policy = PolicyNames.EditModule)] [Authorize(Policy = PolicyNames.EditModule)]
public void Delete(int id) public void Delete(int id)
{ {
try if (AuthEntityId(EntityNames.Module) == id)
{ {
if (id == _authEntityId[EntityNames.Module]) _htmlText.DeleteHtmlText(id);
{ _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);
_htmlText.DeleteHtmlText(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);
}
} }
catch (Exception ex) else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Delete, ex, "Delete Error {Error}", ex.Message); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Delete Attempt {ModuleId}", id);
throw; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }
} }

3
Oqtane.Server/Pages/_Host.cshtml.cs
View File

@ -60,12 +60,13 @@ namespace Oqtane.Pages
ProcessThemeControls(assembly); ProcessThemeControls(assembly);
} }
// if culture not specified and framework is installed // if framework is installed
if (!string.IsNullOrEmpty(_configuration.GetConnectionString("DefaultConnection"))) if (!string.IsNullOrEmpty(_configuration.GetConnectionString("DefaultConnection")))
{ {
var alias = _tenantManager.GetAlias(); var alias = _tenantManager.GetAlias();
if (alias != null) if (alias != null)
{ {
// if culture not specified
if (HttpContext.Request.Cookies[CookieRequestCultureProvider.DefaultCookieName] == null) if (HttpContext.Request.Cookies[CookieRequestCultureProvider.DefaultCookieName] == null)
{ {
// set default language for site if the culture is not supported // set default language for site if the culture is not supported

38
Oqtane.Server/Security/PermissionHandler.cs
View File

@ -22,24 +22,44 @@ namespace Oqtane.Security
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{ {
// permission is scoped based on auth{entityname}id (ie ?authmoduleid ) which must be passed as a querystring parameter // permission is scoped based on entitynames and ids passed as querystring parameters or headers
var ctx = _httpContextAccessor.HttpContext; var ctx = _httpContextAccessor.HttpContext;
if (ctx != null) if (ctx != null)
{ {
// get entityid based on a parameter format of auth{entityname}id (ie. authmoduleid )
int entityId = -1; int entityId = -1;
if (ctx.Request.Query.ContainsKey("auth" + requirement.EntityName.ToLower() + "id")) if (ctx.Request.Query.ContainsKey("auth" + requirement.EntityName.ToLower() + "id"))
{ {
entityId = int.Parse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"]); if (!int.TryParse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"], out entityId))
}
else
{
// legacy support
if (ctx.Request.Query.ContainsKey("entityid"))
{ {
entityId = int.Parse(ctx.Request.Query["entityid"]); entityId = -1;
} }
} }
if (_userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName)) if (entityId == -1)
{
if (ctx.Request.Headers.ContainsKey("auth" + requirement.EntityName.ToLower() + "id"))
{
if (!int.TryParse(ctx.Request.Headers["auth" + requirement.EntityName.ToLower() + "id"], out entityId))
{
entityId = -1;
}
}
}
// legacy support
if (entityId == -1)
{
if (ctx.Request.Query.ContainsKey("entityid"))
{
if (!int.TryParse(ctx.Request.Query["entityid"], out entityId))
{
entityId = -1;
}
}
}
// validate permissions
if (entityId != -1 && _userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }

2
Oqtane.Server/Security/PrincipalValidator.cs
View File

@ -29,7 +29,7 @@ namespace Oqtane.Security
{ {
// tenant agnostic requests must be ignored // tenant agnostic requests must be ignored
string path = context.Request.Path.ToString().ToLower(); string path = context.Request.Path.ToString().ToLower();
if (path.StartsWith("/_blazor") || path.StartsWith("/api/installation/") || path.StartsWith("/api/alias/name/")) if (path.StartsWith("/_blazor") || path.StartsWith("/api/installation/"))
{ {
return Task.CompletedTask; return Task.CompletedTask;
} }

25
Oqtane.Server/Startup.cs
View File

@ -78,12 +78,12 @@ namespace Oqtane
var navigationManager = s.GetRequiredService<NavigationManager>(); var navigationManager = s.GetRequiredService<NavigationManager>();
var client = new HttpClient(new HttpClientHandler { UseCookies = false }); var client = new HttpClient(new HttpClientHandler { UseCookies = false });
client.BaseAddress = new Uri(navigationManager.Uri); client.BaseAddress = new Uri(navigationManager.Uri);
// set the auth cookie to allow HttpClient API calls to be authenticated
// set the cookies to allow HttpClient API calls to be authenticated
var httpContextAccessor = s.GetRequiredService<IHttpContextAccessor>(); var httpContextAccessor = s.GetRequiredService<IHttpContextAccessor>();
var authToken = httpContextAccessor.HttpContext.Request.Cookies[".AspNetCore." + Constants.AuthenticationScheme]; foreach (var cookie in httpContextAccessor.HttpContext.Request.Cookies)
if (authToken != null)
{ {
client.DefaultRequestHeaders.Add("Cookie", ".AspNetCore." + Constants.AuthenticationScheme + "=" + authToken); client.DefaultRequestHeaders.Add("Cookie", cookie.Key + "=" + cookie.Value);
} }
return client; return client;
}); });
@ -131,6 +131,7 @@ namespace Oqtane
services.AddScoped<ILocalizationService, LocalizationService>(); services.AddScoped<ILocalizationService, LocalizationService>();
services.AddScoped<ILanguageService, LanguageService>(); services.AddScoped<ILanguageService, LanguageService>();
services.AddScoped<IDatabaseService, DatabaseService>(); services.AddScoped<IDatabaseService, DatabaseService>();
services.AddScoped<ISyncService, SyncService>();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
@ -164,14 +165,30 @@ namespace Oqtane
services.ConfigureApplicationCookie(options => services.ConfigureApplicationCookie(options =>
{ {
options.Cookie.HttpOnly = false; options.Cookie.HttpOnly = false;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Events.OnRedirectToLogin = context => options.Events.OnRedirectToLogin = context =>
{ {
context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return Task.CompletedTask; return Task.CompletedTask;
}; };
options.Events.OnRedirectToAccessDenied = context =>
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return Task.CompletedTask;
};
options.Events.OnValidatePrincipal = PrincipalValidator.ValidateAsync; options.Events.OnValidatePrincipal = PrincipalValidator.ValidateAsync;
}); });
services.AddAntiforgery(options =>
{
options.HeaderName = Constants.AntiForgeryTokenHeaderName;
options.Cookie.HttpOnly = false;
options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
});
// register singleton scoped core services // register singleton scoped core services
services.AddSingleton(Configuration); services.AddSingleton(Configuration);
services.AddSingleton<IInstallationManager, InstallationManager>(); services.AddSingleton<IInstallationManager, InstallationManager>();

13
Oqtane.Shared/Models/Alias.cs
View File

@ -1,5 +1,4 @@
using System; using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
namespace Oqtane.Models namespace Oqtane.Models
@ -43,18 +42,6 @@ namespace Oqtane.Models
/// <inheritdoc /> /// <inheritdoc />
public DateTime ModifiedOn { get; set; } public DateTime ModifiedOn { get; set; }
/// <summary>
/// todoc - unclear what this is for
/// </summary>
[NotMapped]
public DateTime SyncDate { get; set; }
/// <summary>
/// todoc - unclear what this is for
/// </summary>
[NotMapped]
public List<SyncEvent> SyncEvents { get; set; }
/// <summary> /// <summary>
/// The path contains the url-part after the first slash. /// The path contains the url-part after the first slash.
/// * If the Name is `oqtane.me` the Path is empty /// * If the Name is `oqtane.me` the Path is empty

5
Oqtane.Shared/Models/Installation.cs
View File

@ -16,5 +16,10 @@ namespace Oqtane.Models
/// Message or error in case something failed. /// Message or error in case something failed.
/// </summary> /// </summary>
public string Message { get; set; } public string Message { get; set; }
/// <summary>
/// current alias value from server
/// </summary>
public Alias Alias { get; set; }
} }
} }

9
Oqtane.Shared/Models/SyncEvent.cs → Oqtane.Shared/Models/Sync.cs
View File

@ -1,7 +1,14 @@
using System; using System;
using System.Collections.Generic;
namespace Oqtane.Models namespace Oqtane.Models
{ {
public class Sync
{
public DateTime SyncDate { get; set; }
public List<SyncEvent> SyncEvents { get; set; }
}
public class SyncEvent public class SyncEvent
{ {
public int TenantId { get; set; } public int TenantId { get; set; }

3
Oqtane.Shared/Shared/Constants.cs
View File

@ -76,5 +76,8 @@ namespace Oqtane.Shared {
public static readonly string DefaultCulture = "en"; public static readonly string DefaultCulture = "en";
public static readonly string AuthenticationScheme = "Identity.Application"; public static readonly string AuthenticationScheme = "Identity.Application";
public static readonly string RequestVerificationToken = "__RequestVerificationToken";
public static readonly string AntiForgeryTokenHeaderName = "X-XSRF-TOKEN-HEADER";
public static readonly string AntiForgeryTokenCookieName = "X-XSRF-TOKEN-COOKIE";
} }
} }

3
Oqtane.Shared/Shared/SiteState.cs
View File

@ -1,4 +1,4 @@
using Oqtane.Models; using Oqtane.Models;
namespace Oqtane.Shared namespace Oqtane.Shared
{ {
@ -6,6 +6,7 @@ namespace Oqtane.Shared
public class SiteState public class SiteState
{ {
public Alias Alias { get; set; } public Alias Alias { get; set; }
public string AntiForgeryToken { get; set; } // for use in client services
} }
} }