blob: d6782871ed47cb90e9ce67019e5bfbc5c108e7d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
using HyperBooru.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
namespace HyperBooru.Controllers;
[ApiController]
[Authorize]
[Route("/api/user")]
public class ApiUserController : Controller {
private IDbContextFactory<HBContext> dbFactory;
public ApiUserController(IDbContextFactory<HBContext> dbFactory) =>
this.dbFactory = dbFactory;
[HttpGet]
public async Task<IActionResult> GetAllUsersAsync() {
using var db = dbFactory.CreateDbContext();
return Ok(await db.Users
.Select(u => (ApiModels.User) u)
.ToArrayAsync());
}
[HttpGet("{userId}")]
public async Task<IActionResult> GetUserAsync([FromRoute] Guid userId) {
using var db = dbFactory.CreateDbContext();
var user = await db.Users
.FirstOrDefaultAsync(u => u.Guid == userId);
return user is null ? NotFound() : Ok((ApiModels.User) user);
}
[HttpPost]
public async Task<IActionResult> CreateUserAsync([FromBody] ApiModels.UserCreateRequest request) {
using var db = dbFactory.CreateDbContext();
using var transaction = await db.Database.BeginTransactionAsync();
if(await db.Users.AnyAsync(u => u.Username == request.Username))
return BadRequest("Username already exists");
var user = new User() {
Username = request.Username,
PasswordHash = UserService.HashPassword(request.Password)
};
db.Users.Add(user);
await db.SaveChangesAsync();
await transaction.CommitAsync();
return Ok((ApiModels.User) user);
}
[HttpPatch("{userId}")]
public async Task<IActionResult> UpdateUserAsync(
[FromRoute] Guid userId,
[FromBody] ApiModels.UserUpdateRequest request) {
using var db = dbFactory.CreateDbContext();
using var transaction = await db.Database.BeginTransactionAsync();
var user = await db.Users.FirstOrDefaultAsync(u => u.Guid == userId);
if(user is null)
return NotFound();
if(request.Username is not null) {
if(string.IsNullOrWhiteSpace(request.Username))
return BadRequest("Username cannot be empty");
user.Username = request.Username;
}
if(request.Password is not null) {
if(string.IsNullOrWhiteSpace(request.Password))
return BadRequest("Password cannot be empty");
user.PasswordHash = UserService.HashPassword(request.Password);
}
await db.SaveChangesAsync();
await transaction.CommitAsync();
return Ok((ApiModels.User) user);
}
[HttpDelete("{userId}")]
public async Task<IActionResult> DeleteUserAsync([FromRoute] Guid userId) {
if(userId == HBContext.AdminUser)
return BadRequest("Cannot delete the admin user");
using var db = dbFactory.CreateDbContext();
using var transaction = await db.Database.BeginTransactionAsync();
var user = await db.Users.FirstOrDefaultAsync(u => u.Guid == userId);
if(user is null)
return NotFound();
db.Users.Remove(user);
await db.SaveChangesAsync();
await transaction.CommitAsync();
return Ok((ApiModels.User) user);
}
}
|
