mirror of
https://github.com/ryzij/URL-Shortener.git
synced 2026-07-14 03:56:58 +00:00
Compare commits
2 Commits
da47d7fdf3
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| a9746b8d0d | |||
| 067a1a6055 |
@@ -5,6 +5,7 @@ using URL_Shortener.Models;
|
|||||||
using HashidsNet;
|
using HashidsNet;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
|
using URL_Shortener.Extensions;
|
||||||
|
|
||||||
namespace URL_Shortener.Controllers
|
namespace URL_Shortener.Controllers
|
||||||
{
|
{
|
||||||
@@ -40,13 +41,15 @@ namespace URL_Shortener.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost]
|
[HttpPost]
|
||||||
|
[Authorize]
|
||||||
public async Task<IActionResult> CreateShortUrlAsync(CreateShortUrlDto dto)
|
public async Task<IActionResult> CreateShortUrlAsync(CreateShortUrlDto dto)
|
||||||
{
|
{
|
||||||
var shortUrl = new ShortUrl
|
var shortUrl = new ShortUrl
|
||||||
{
|
{
|
||||||
OriginalUrl = dto.OriginalUrl,
|
OriginalUrl = dto.OriginalUrl,
|
||||||
ExpirationDateTime = dto.ExpirationDateTime,
|
ExpirationDateTime = dto.ExpirationDateTime,
|
||||||
ClickLimit = dto.ClickLimit
|
ClickLimit = dto.ClickLimit,
|
||||||
|
UserId = int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!)
|
||||||
};
|
};
|
||||||
await _db.ShortUrls.AddAsync(shortUrl);
|
await _db.ShortUrls.AddAsync(shortUrl);
|
||||||
await _db.SaveChangesAsync();
|
await _db.SaveChangesAsync();
|
||||||
@@ -57,12 +60,16 @@ namespace URL_Shortener.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpPatch("{id:int}")]
|
[HttpPatch("{id:int}")]
|
||||||
|
[Authorize]
|
||||||
public async Task<IActionResult> UpdateShortUrlAsync(int id, UpdateShortUrlDto dto)
|
public async Task<IActionResult> UpdateShortUrlAsync(int id, UpdateShortUrlDto dto)
|
||||||
{
|
{
|
||||||
var shortUrl = await _db.ShortUrls.FindAsync(id);
|
var shortUrl = await _db.ShortUrls.FindAsync(id);
|
||||||
if (shortUrl == null)
|
if (shortUrl == null)
|
||||||
return NotFound("Short URL not found");
|
return NotFound("Short URL not found");
|
||||||
|
|
||||||
|
if (!User.CompareId(shortUrl.UserId))
|
||||||
|
throw new Exception("Not authorized");
|
||||||
|
|
||||||
if (!string.IsNullOrEmpty(dto.OriginalUrl))
|
if (!string.IsNullOrEmpty(dto.OriginalUrl))
|
||||||
shortUrl.OriginalUrl = dto.OriginalUrl;
|
shortUrl.OriginalUrl = dto.OriginalUrl;
|
||||||
if (dto.ExpirationDateTime.HasValue)
|
if (dto.ExpirationDateTime.HasValue)
|
||||||
@@ -87,8 +94,7 @@ namespace URL_Shortener.Controllers
|
|||||||
if (shortUrl == null)
|
if (shortUrl == null)
|
||||||
return NotFound();
|
return NotFound();
|
||||||
|
|
||||||
if (!int.TryParse(User.FindFirstValue(ClaimTypes.NameIdentifier), out var userId) ||
|
if (!User.CompareId(shortUrl.UserId))
|
||||||
shortUrl.UserId != userId)
|
|
||||||
throw new Exception("Not authorized");
|
throw new Exception("Not authorized");
|
||||||
|
|
||||||
_db.ShortUrls.Remove(shortUrl);
|
_db.ShortUrls.Remove(shortUrl);
|
||||||
|
|||||||
@@ -0,0 +1,12 @@
|
|||||||
|
using System.Security.Claims;
|
||||||
|
|
||||||
|
namespace URL_Shortener.Extensions;
|
||||||
|
|
||||||
|
public static class ClaimsPrincipalExtensions
|
||||||
|
{
|
||||||
|
public static bool CompareId(this ClaimsPrincipal claimsPrincipal, int userId)
|
||||||
|
{
|
||||||
|
return int.TryParse(claimsPrincipal.FindFirstValue(ClaimTypes.NameIdentifier), out int id) &&
|
||||||
|
id == userId;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -4,6 +4,7 @@ using URL_Shortener;
|
|||||||
using URL_Shortener.Services;
|
using URL_Shortener.Services;
|
||||||
using URL_Shortener.Settings;
|
using URL_Shortener.Settings;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
using Microsoft.OpenApi;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
var builder = WebApplication.CreateBuilder(args);
|
var builder = WebApplication.CreateBuilder(args);
|
||||||
@@ -15,7 +16,21 @@ builder.Services.AddControllers();
|
|||||||
builder.Services.AddOpenApi();
|
builder.Services.AddOpenApi();
|
||||||
|
|
||||||
builder.Services.AddEndpointsApiExplorer();
|
builder.Services.AddEndpointsApiExplorer();
|
||||||
builder.Services.AddSwaggerGen();
|
builder.Services.AddSwaggerGen(options =>
|
||||||
|
{
|
||||||
|
options.AddSecurityDefinition("bearer", new OpenApiSecurityScheme
|
||||||
|
{
|
||||||
|
Type = SecuritySchemeType.Http,
|
||||||
|
Scheme = "bearer",
|
||||||
|
BearerFormat = "JWT",
|
||||||
|
Description = "JWT Authorization header using the Bearer scheme."
|
||||||
|
});
|
||||||
|
|
||||||
|
options.AddSecurityRequirement(document => new OpenApiSecurityRequirement
|
||||||
|
{
|
||||||
|
[new OpenApiSecuritySchemeReference("bearer", document)] = []
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
builder.Services.AddSingleton<HashidsNet.Hashids>();
|
builder.Services.AddSingleton<HashidsNet.Hashids>();
|
||||||
|
|
||||||
@@ -29,11 +44,11 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|||||||
.AddJwtBearer(o => o.TokenValidationParameters = new()
|
.AddJwtBearer(o => o.TokenValidationParameters = new()
|
||||||
{
|
{
|
||||||
ValidateIssuerSigningKey = true,
|
ValidateIssuerSigningKey = true,
|
||||||
ValidateIssuer = true,
|
|
||||||
ValidateAudience = false,
|
ValidateAudience = false,
|
||||||
|
ValidateIssuer = false,
|
||||||
ValidateLifetime = true,
|
ValidateLifetime = true,
|
||||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
|
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
|
||||||
authSettings.Get<AuthSettings>().SecretKey))
|
authSettings.Get<AuthSettings>()!.SecretKey))
|
||||||
});
|
});
|
||||||
|
|
||||||
builder.Services.AddDbContext<AppDbContext>(options =>
|
builder.Services.AddDbContext<AppDbContext>(options =>
|
||||||
@@ -61,8 +76,6 @@ using (var scope = app.Services.CreateScope())
|
|||||||
retry.Execute(db.Database.Migrate);
|
retry.Execute(db.Database.Migrate);
|
||||||
}
|
}
|
||||||
|
|
||||||
//app.UseHttpsRedirection();
|
|
||||||
|
|
||||||
app.UseAuthentication();
|
app.UseAuthentication();
|
||||||
app.UseAuthorization();
|
app.UseAuthorization();
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user