-
-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathLegacyProjectApiController.cs
More file actions
82 lines (70 loc) · 3.22 KB
/
Copy pathLegacyProjectApiController.cs
File metadata and controls
82 lines (70 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
using System.ComponentModel.DataAnnotations;
using System.Net.Mime;
using LexCore;
using LexCore.Entities;
using LexCore.ServiceInterfaces;
using LexData;
using LexData.Entities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
namespace LexBoxApi.Controllers;
[ApiController]
public class LegacyProjectApiController : ControllerBase
{
private readonly LexBoxDbContext _lexBoxDbContext;
private readonly ILexProxyService _lexProxyService;
public LegacyProjectApiController(LexBoxDbContext lexBoxDbContext, ILexProxyService lexProxyService)
{
_lexBoxDbContext = lexBoxDbContext;
_lexProxyService = lexProxyService;
}
public record ProjectsInput(string Password);
[AllowAnonymous]
[HttpPost("/api/user/{userName}/projects")]
[Consumes("application/x-www-form-urlencoded")]
[ApiExplorerSettings(IgnoreApi = true)]
public async Task<ActionResult<LegacyApiProject[]>> ProjectsForm(string userName, [FromForm] ProjectsInput input)
{
return await Projects(userName, input);
}
[AllowAnonymous]
[HttpPost("/api/user/{userName}/projects")]
[ProducesResponseType(typeof(LegacyApiError), StatusCodes.Status404NotFound)]
[ProducesResponseType(typeof(LegacyApiError), StatusCodes.Status403Forbidden)]
[ProducesResponseType(typeof(LegacyApiProject[]), StatusCodes.Status200OK)]
[Consumes(MediaTypeNames.Application.Json)]
public async Task<ActionResult<LegacyApiProject[]>> Projects(string userName, ProjectsInput? input)
{
var password = input?.Password ?? string.Empty;
var user = await _lexBoxDbContext.Users.FilterByEmailOrUsername(userName)
.Select(user => new
{
user.Salt,
user.PasswordHash,
//FLEx does not support the observer role, so if a user is an observer we need to exclude it from the list of projects
projects = user.Projects.Where(m => m.Role != ProjectRole.Observer)
.Select(member => new LegacyApiProject(member.Project!.Code,
member.Project.Name,
//it seems this is largely ignored by the client as it uses the LF domain instead
"http://public.languagedepot.org",
//instead of using toString which could change if we rename the enum, we only ever want to return these 3 values.
member.Role == ProjectRole.Manager ? "manager"
: member.Role == ProjectRole.Editor ? "editor"
: "unknown"))//fieldworks doesn't know about or support observers
})
.FirstOrDefaultAsync();
if (user == null)
{
return NotFound(new LegacyApiError("Unknown user"));
}
var validPassword = PasswordHashing.IsValidPassword(password, user.Salt, user.PasswordHash, false);
if (!validPassword)
{
return StatusCode(StatusCodes.Status403Forbidden, new LegacyApiError("Bad password"));
}
return user.projects.ToArray();
}
}
public record LegacyApiProject(string Identifier, string Name, string Repository, string Role);
public record LegacyApiError(string Error);