1 files changed, 109 insertions, 0 deletions

diff --git a/Server/Controllers/ApiUserController.cs b/Server/Controllers/ApiUserController.cs
new file mode 100644
index 0000000..d678287
--- /dev/null
+++ b/Server/Controllers/ApiUserController.cs
@@ -0,0 +1,109 @@
+using HyperBooru.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace HyperBooru.Controllers;
+
+[ApiController]
+[Authorize]
+[Route("/api/user")]
+public class ApiUserController : Controller {
+    private IDbContextFactory<HBContext> dbFactory;
+
+    public ApiUserController(IDbContextFactory<HBContext> dbFactory) =>
+        this.dbFactory = dbFactory;
+
+    [HttpGet]
+    public async Task<IActionResult> GetAllUsersAsync() {
+        using var db = dbFactory.CreateDbContext();
+
+        return Ok(await db.Users
+            .Select(u => (ApiModels.User) u)
+            .ToArrayAsync());
+    }
+
+    [HttpGet("{userId}")]
+    public async Task<IActionResult> GetUserAsync([FromRoute] Guid userId) {
+        using var db = dbFactory.CreateDbContext();
+
+        var user = await db.Users
+            .FirstOrDefaultAsync(u => u.Guid == userId);
+
+        return user is null ? NotFound() : Ok((ApiModels.User) user);
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> CreateUserAsync([FromBody] ApiModels.UserCreateRequest request) {
+        using var db = dbFactory.CreateDbContext();
+
+        using var transaction = await db.Database.BeginTransactionAsync();
+
+        if(await db.Users.AnyAsync(u => u.Username == request.Username))
+            return BadRequest("Username already exists");
+
+        var user = new User() {
+            Username     = request.Username,
+            PasswordHash = UserService.HashPassword(request.Password)
+        };
+
+        db.Users.Add(user);
+
+        await db.SaveChangesAsync();
+        await transaction.CommitAsync();
+
+        return Ok((ApiModels.User) user);
+    }
+
+    [HttpPatch("{userId}")]
+    public async Task<IActionResult> UpdateUserAsync(
+        [FromRoute] Guid userId,
+        [FromBody] ApiModels.UserUpdateRequest request) {
+
+        using var db = dbFactory.CreateDbContext();
+
+        using var transaction = await db.Database.BeginTransactionAsync();
+
+        var user = await db.Users.FirstOrDefaultAsync(u => u.Guid == userId);
+        if(user is null)
+            return NotFound();
+
+        if(request.Username is not null) {
+            if(string.IsNullOrWhiteSpace(request.Username))
+                return BadRequest("Username cannot be empty");
+            user.Username = request.Username;
+        }
+
+        if(request.Password is not null) {
+            if(string.IsNullOrWhiteSpace(request.Password))
+                return BadRequest("Password cannot be empty");
+            user.PasswordHash = UserService.HashPassword(request.Password);
+        }
+
+        await db.SaveChangesAsync();
+        await transaction.CommitAsync();
+
+        return Ok((ApiModels.User) user);
+    }
+
+    [HttpDelete("{userId}")]
+    public async Task<IActionResult> DeleteUserAsync([FromRoute] Guid userId) {
+        if(userId == HBContext.AdminUser)
+            return BadRequest("Cannot delete the admin user");
+
+        using var db = dbFactory.CreateDbContext();
+
+        using var transaction = await db.Database.BeginTransactionAsync();
+
+        var user = await db.Users.FirstOrDefaultAsync(u => u.Guid == userId);
+        if(user is null)
+            return NotFound();
+
+        db.Users.Remove(user);
+
+        await db.SaveChangesAsync();
+        await transaction.CommitAsync();
+
+        return Ok((ApiModels.User) user);
+    }
+}