using System.Collections.Generic; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using Oqtane.Enums; using Oqtane.Models; using Oqtane.Shared; using Oqtane.Infrastructure; using Oqtane.Repository; using System.Net; using System; using System.Globalization; namespace Oqtane.Controllers { [Route(ControllerRoutes.ApiRoute)] public class VisitorController : Controller { private readonly IVisitorRepository _visitors; private readonly ILogManager _logger; private readonly Alias _alias; public VisitorController(IVisitorRepository visitors, ILogManager logger, ITenantManager tenantManager) { _visitors = visitors; _logger = logger; _alias = tenantManager.GetAlias(); } // GET: api/?siteid=x&fromdate=y [HttpGet] [Authorize(Roles = RoleNames.Admin)] public IEnumerable Get(string siteid, string fromdate) { int SiteId; if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId) { return _visitors.GetVisitors(SiteId, DateTime.ParseExact(fromdate, "yyyy-MM-dd", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal)); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {SiteId}", siteid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // GET api//5 [HttpGet("{id}")] public Visitor Get(int id) { bool authorized = User.IsInRole(RoleNames.Admin); if (!authorized) { var visitorCookie = Constants.VisitorCookiePrefix + _alias.SiteId.ToString(); if (int.TryParse(Request.Cookies[visitorCookie], out int visitorId)) { authorized = (visitorId == id); } } var visitor = _visitors.GetVisitor(id); if (authorized && visitor != null && visitor.SiteId == _alias.SiteId) { return visitor; } else { if (visitor != null) { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } else { HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } return null; } } } }