paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactoring
All checks were successful
Dotnet build and test / log-the-inputs (push) Successful in 7s
Details
Dotnet build and test / build (push) Successful in 1m48s
Details

Browse Source
This commit is contained in:
Paul Schneider
2025-06-29 16:12:16 +01:00
parent 0e0a79c6cd
commit 2002b8b232
5 changed files with 225 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/Yavsc.Server/Exceptions/AuthorizationFailureException.cs Normal file
View File

@ -0,0 +1,17 @@
namespace Yavsc.Server.Exceptions;
[Serializable]
public class AuthorizationFailureException : Exception
{
public AuthorizationFailureException(Microsoft.AspNetCore.Authorization.AuthorizationResult auth) : base(auth?.Failure?.ToString()??auth?.ToString()??"AuthorizationResult failure")
{
}
public AuthorizationFailureException(string? message) : base(message)
{
}
public AuthorizationFailureException(string? message, Exception? innerException) : base(message, innerException)
{
}
}

2
src/Yavsc.Server/Helpers/UserHelpers.cs
View File

@ -24,7 +24,7 @@ namespace Yavsc.Helpers
return user.Identity.IsAuthenticated; return user.Identity.IsAuthenticated;
} }
public static IEnumerable<BlogPost> UserPosts(this ApplicationDbContext dbContext, string posterId, string readerId) public static IEnumerable<BlogPost> UserPosts(this ApplicationDbContext dbContext, string posterId, string? readerId)
{ {
if (readerId == null) if (readerId == null)
{ {

162
src/Yavsc.Server/Services/BlogSpotService.cs Normal file
View File

@ -0,0 +1,162 @@
using System.Diagnostics;
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.Differencing;
using Microsoft.EntityFrameworkCore;
using Org.BouncyCastle.Tls;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Blog;
using Yavsc.Server.Exceptions;
using Yavsc.ViewModels.Auth;
using Yavsc.ViewModels.Blog;
public class BlogSpotService
{
private readonly ApplicationDbContext _context;
private readonly IAuthorizationService _authorizationService;
public BlogSpotService(ApplicationDbContext context,
IAuthorizationService authorizationService)
{
_authorizationService = authorizationService;
_context = context;
}
public BlogPost Create(string userId, BlogPostInputViewModel blogInput)
{
BlogPost post = new BlogPost
{
Title = blogInput.Title,
Content = blogInput.Content,
Photo = blogInput.Photo,
AuthorId = userId
};
_context.BlogSpot.Add(post);
_context.SaveChanges(userId);
return post;
}
public async Task<BlogPost> GetPostForEdition(ClaimsPrincipal user, long blogPostId)
{
var blog = await _context.BlogSpot.Include(x => x.Author).Include(x => x.ACL).SingleAsync(m => m.Id == blogPostId);
var auth = await _authorizationService.AuthorizeAsync(user, blog, new EditPermission());
if (!auth.Succeeded)
{
throw new AuthorizationFailureException(auth);
}
return blog;
}
public async Task<BlogPost> Details(ClaimsPrincipal user, long blogPostId)
{
BlogPost blog = await _context.BlogSpot
.Include(p => p.Author)
.Include(p => p.Tags)
.Include(p => p.Comments)
.Include(p => p.ACL)
.SingleAsync(m => m.Id == blogPostId);
if (blog == null)
{
return null;
}
var auth = await _authorizationService.AuthorizeAsync(user, blog, new ReadPermission());
if (!auth.Succeeded)
{
throw new AuthorizationFailureException(auth);
}
foreach (var c in blog.Comments)
{
c.Author = _context.Users.First(u => u.Id == c.AuthorId);
}
return blog;
}
public async Task Modify(ClaimsPrincipal user, BlogPostEditViewModel blogEdit)
{
var blog = _context.BlogSpot.SingleOrDefault(b => b.Id == blogEdit.Id);
Debug.Assert(blog != null);
var auth = await _authorizationService.AuthorizeAsync(user, blog, new EditPermission());
if (!auth.Succeeded)
{
throw new AuthorizationFailureException(auth);
}
blog.Content = blogEdit.Content;
blog.Title = blogEdit.Title;
blog.Photo = blogEdit.Photo;
blog.ACL = blogEdit.ACL;
// saves the change
_context.Update(blog);
_context.SaveChanges(user.GetUserId());
}
public async Task<IEnumerable<IGrouping<String, BlogPost>>> IndexByTitle(ClaimsPrincipal user, string id, int skip = 0, int take = 25)
{
IEnumerable<BlogPost> posts;
if (user.Identity.IsAuthenticated)
{
string viewerId = user.GetUserId();
long[] usercircles = await _context.Circle.Include(c => c.Members).
Where(c => c.Members.Any(m => m.MemberId == viewerId))
.Select(c => c.Id).ToArrayAsync();
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p => p.ACL)
.Include(p => p.Tags)
.Include(p => p.Comments)
.Where(p => (p.ACL.Count == 0)
|| (p.AuthorId == viewerId)
|| (usercircles != null && p.ACL.Any(a => usercircles.Contains(a.CircleId)))
);
}
else
{
posts = _context.blogspotPublications
.Include(p => p.BlogPost)
.Include(b => b.BlogPost.Author)
.Include(p => p.BlogPost.ACL)
.Include(p => p.BlogPost.Tags)
.Include(p => p.BlogPost.Comments)
.Where(p => p.BlogPost.ACL.Count == 0).Select(p => p.BlogPost).ToArray();
}
var data = posts.OrderByDescending(p => p.DateCreated);
var grouped = data.GroupBy(p => p.Title).Skip(skip).Take(take);
return grouped;
}
public async Task Delete(ClaimsPrincipal user, long id)
{
var uid = user.GetUserId();
BlogPost blog = _context.BlogSpot.Single(m => m.Id == id);
_context.BlogSpot.Remove(blog);
_context.SaveChanges(user.GetUserId());
}
public async Task<IEnumerable<BlogPost>> UserPosts(
string posterName,
string? readerId,
int pageLen = 10,
int pageNum = 0)
{
string? posterId = (await _context.Users.SingleOrDefaultAsync(u => u.UserName == posterName))?.Id ?? null;
if (posterId == null) return Array.Empty<BlogPost>();
return _context.UserPosts(posterId, readerId);
}
public object? ByTitle(string title)
{
return _context.BlogSpot.Include(
b => b.Author
).Where(x => x.Title == title).OrderByDescending(
x => x.DateCreated
).ToList();
}
}

178
src/Yavsc/Controllers/Communicating/BlogspotController.cs
View File

@ -1,4 +1,4 @@
using System.Security.Claims;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Yavsc.Models; using Yavsc.Models;
@ -9,6 +9,7 @@ using Yavsc.Helpers;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Yavsc.ViewModels.Blog; using Yavsc.ViewModels.Blog;
using Yavsc.Server.Exceptions;
// For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860 // For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860
@ -21,112 +22,63 @@ namespace Yavsc.Controllers
private readonly IAuthorizationService _authorizationService; private readonly IAuthorizationService _authorizationService;
readonly RequestLocalizationOptions _localisationOptions; readonly RequestLocalizationOptions _localisationOptions;
readonly BlogSpotService blogSpotService;
public BlogspotController( public BlogspotController(
ApplicationDbContext context, ApplicationDbContext context,
ILoggerFactory loggerFactory, ILoggerFactory loggerFactory,
IAuthorizationService authorizationService, IAuthorizationService authorizationService,
IOptions<RequestLocalizationOptions> localisationOptions) IOptions<RequestLocalizationOptions> localisationOptions,
BlogSpotService blogSpotService)
{ {
_context = context; _context = context;
_logger = loggerFactory.CreateLogger<AccountController>(); _logger = loggerFactory.CreateLogger<AccountController>();
_authorizationService = authorizationService; _authorizationService = authorizationService;
_localisationOptions = localisationOptions.Value; _localisationOptions = localisationOptions.Value;
this.blogSpotService = blogSpotService;
} }
// GET: Blog // GET: Blog
[AllowAnonymous] [AllowAnonymous]
public async Task<IActionResult> Index(string id, int skip=0, int take=25) public async Task<IActionResult> Index(string id, int skip = 0, int take = 25)
{ {
if (!string.IsNullOrEmpty(id)) { if (!string.IsNullOrEmpty(id))
return View("UserPosts", await UserPosts(id));
}
IEnumerable<BlogPost> posts;
if (User.Identity.IsAuthenticated)
{ {
string viewerId = User.GetUserId(); return View("UserPosts",
long[] usercircles = await _context.Circle.Include(c=>c.Members). await blogSpotService.UserPosts(id, User.GetUserId(),
Where(c=>c.Members.Any(m=>m.MemberId == viewerId)) skip, take));
.Select(c=>c.Id).ToArrayAsync();
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p =>(p.ACL.Count == 0)
|| (p.AuthorId == viewerId)
|| (usercircles != null && p.ACL.Any(a => usercircles.Contains(a.CircleId)))
);
} }
else var byTitle = await this.blogSpotService.IndexByTitle(User, id, skip, take);
{ return View(byTitle);
posts = _context.blogspotPublications
.Include(p=>p.BlogPost)
.Include(b => b.BlogPost.Author)
.Include(p=>p.BlogPost.ACL)
.Include(p=>p.BlogPost.Tags)
.Include(p=>p.BlogPost.Comments)
.Where(p => p.BlogPost.ACL.Count == 0 ).Select(p=>p.BlogPost).ToArray();
}
var data = posts.OrderByDescending( p=> p.DateCreated);
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(take);
return View(grouped);
} }
[Route("~/Title/{id?}")] [Route("~/Title/{id?}")]
[AllowAnonymous] [AllowAnonymous]
public IActionResult Title(string id) public IActionResult Title(string id)
{ {
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
ViewData["Title"] = id; ViewData["Title"] = id;
return View("Title", _context.BlogSpot.Include( return View("Title", blogSpotService.ByTitle(id));
b => b.Author
).Where(x => x.Title == id && (x.AuthorId == uid )).OrderByDescending(
x => x.DateCreated
).ToList());
} }
private async Task<IEnumerable<BlogPost>> UserPosts(string userName, int pageLen=10, int pageNum=0) private async Task<IEnumerable<BlogPost>> UserPosts(string userName, int pageLen = 10, int pageNum = 0)
{ {
string posterId = (await _context.Users.SingleOrDefaultAsync(u=>u.UserName == userName))?.Id ?? null ; return await blogSpotService.UserPosts(userName, User.GetUserId(), pageLen, pageNum);
return _context.UserPosts(posterId, User.Identity.Name);
} }
// GET: Blog/Details/5 // GET: Blog/Details/5
[AllowAnonymous] [AllowAnonymous]
public async Task<IActionResult> Details(long? id) public async Task<IActionResult> Details(long? id)
{ {
if (id == null) if (id == null) return this.NotFound();
{
return NotFound();
}
BlogPost blog = _context.BlogSpot var blog = await blogSpotService.Details(User, id.Value);
.Include(p => p.Author)
.Include(p => p.Tags)
.Include(p => p.Comments)
.Include(p => p.ACL)
.Single(m => m.Id == id);
if (blog == null)
{
return NotFound();
}
if ( _authorizationService.AuthorizeAsync(User, blog, new ReadPermission()).IsFaulted)
{
return new ChallengeResult();
}
foreach (var c in blog.Comments) {
c.Author = _context.Users.First(u=>u.Id==c.AuthorId);
}
ViewData["apicmtctlr"] = "/api/blogcomments"; ViewData["apicmtctlr"] = "/api/blogcomments";
ViewData["moderatoFlag"] = User.IsInRole(Constants.BlogModeratorGroupName); ViewData["moderatoFlag"] = User.IsInRole(Constants.BlogModeratorGroupName);
return View(blog); return View(blog);
} }
void SetLangItems() void SetLangItems()
{ {
ViewBag.LangItems = _localisationOptions.SupportedUICultures.Select ViewBag.LangItems = _localisationOptions.SupportedUICultures?.Select
( (
sc => new SelectListItem { Value = sc.IetfLanguageTag, Text = sc.NativeName, Selected = System.Globalization.CultureInfo.CurrentUICulture == sc } sc => new SelectListItem { Value = sc.IetfLanguageTag, Text = sc.NativeName, Selected = System.Globalization.CultureInfo.CurrentUICulture == sc }
); );
@ -136,9 +88,10 @@ namespace Yavsc.Controllers
[Authorize()] [Authorize()]
public IActionResult Create(string title) public IActionResult Create(string title)
{ {
var result = new BlogPostInputViewModel{Title=title var result = new BlogPostInputViewModel
{
Title = title
}; };
ViewData["PostTarget"]="Create";
SetLangItems(); SetLangItems();
return View(result); return View(result);
} }
@ -149,20 +102,11 @@ namespace Yavsc.Controllers
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
BlogPost post = new BlogPost BlogPost post = blogSpotService.Create(User.GetUserId(),
{ blogInput);
Title = blogInput.Title,
Content = blogInput.Content,
Photo = blogInput.Photo,
AuthorId = User.GetUserId()
};
_context.BlogSpot.Add(post);
_context.SaveChanges(User.GetUserId());
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
ModelState.AddModelError("Unknown","Invalid Blog posted ..."); return View("Edit", blogInput);
ViewData["PostTarget"]="Create";
return View("Edit",blogInput);
} }
[Authorize()] [Authorize()]
@ -173,26 +117,13 @@ namespace Yavsc.Controllers
{ {
return NotFound(); return NotFound();
} }
try
ViewData["PostTarget"]="Edit";
BlogPost blog = _context.BlogSpot.Include(x => x.Author).Include(x => x.ACL).Single(m => m.Id == id);
if (blog == null)
{ {
return NotFound(); BlogPost blog = await blogSpotService.GetPostForEdition(User, id.Value);
} if (blog == null)
if (!_authorizationService.AuthorizeAsync(User, blog, new EditPermission()).IsFaulted) {
{ return NotFound();
ViewBag.ACL = _context.Circle.Where( }
c=>c.OwnerId == blog.AuthorId)
.Select(
c => new SelectListItem
{
Text = c.Name,
Value = c.Id.ToString(),
Selected = blog.AuthorizeCircle(c.Id)
} 
);
SetLangItems(); SetLangItems();
return View(new BlogPostEditViewModel return View(new BlogPostEditViewModel
{ {
@ -201,9 +132,10 @@ namespace Yavsc.Controllers
Content = blog.Content, Content = blog.Content,
ACL = blog.ACL, ACL = blog.ACL,
Photo = blog.Photo Photo = blog.Photo
}); });
} }
else catch (AuthorizationFailureException)
{ {
return new ChallengeResult(); return new ChallengeResult();
} }
@ -211,65 +143,41 @@ namespace Yavsc.Controllers
// POST: Blog/Edit/5 // POST: Blog/Edit/5
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken,Authorize()] [ValidateAntiForgeryToken, Authorize()]
public async Task<IActionResult> Edit(BlogPostEditViewModel blogEdit) public async Task<IActionResult> Edit(BlogPostEditViewModel blogEdit)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
var blog = _context.BlogSpot.SingleOrDefault(b=>b.Id == blogEdit.Id); await blogSpotService.Modify(User, blogEdit);
if (blog == null) {
ModelState.AddModelError("Id", "not found");
return View();
}
if (!(await _authorizationService.AuthorizeAsync(User, blog, new EditPermission())).Succeeded) {
ViewData["StatusMessage"] = "Accès restreint";
return new ChallengeResult();
}
blog.Content=blogEdit.Content;
blog.Title = blogEdit.Title;
blog.Photo = blogEdit.Photo;
blog.ACL = blogEdit.ACL;
// saves the change
_context.Update(blog);
_context.SaveChanges(User.GetUserId());
ViewData["StatusMessage"] = "Post modified"; ViewData["StatusMessage"] = "Post modified";
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
ViewData["PostTarget"]="Edit";
return View(blogEdit); return View(blogEdit);
} }
// GET: Blog/Delete/5 // GET: Blog/Delete/5
[ActionName("Delete"),Authorize()] [ActionName("Delete"), Authorize()]
public IActionResult Delete(long? id) public async Task<IActionResult> Delete(long? id)
{ {
if (id == null) if (id == null)
{ {
return NotFound(); return NotFound();
} }
BlogPost blog = _context.BlogSpot.Include( BlogPost blog = await blogSpotService.GetPostForEdition(User, id.Value);
b => b.Author
).Single(m => m.Id == id);
if (blog == null) if (blog == null)
{ {
return NotFound(); return NotFound();
} }
return View(blog); return View(blog);
} }
// POST: Blog/Delete/5 // POST: Blog/Delete/5
[HttpPost, ActionName("Delete"), Authorize("IsTheAuthor")] [HttpPost, ActionName("Delete"), Authorize("IsTheAuthor")]
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public IActionResult DeleteConfirmed(long id) public async Task<IActionResult> DeleteConfirmed(long id)
{ {
var uid = User.GetUserId(); await blogSpotService.Delete(User, id);
BlogPost blog = _context.BlogSpot.Single(m => m.Id == id);
_context.BlogSpot.Remove(blog);
_context.SaveChanges(User.GetUserId());
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
} }

10
src/Yavsc/Extensions/HostingExtensions.cs
View File

@ -39,7 +39,6 @@ namespace Yavsc.Extensions;
public static class HostingExtensions public static class HostingExtensions
{ {
#region files config
public static IApplicationBuilder ConfigureFileServerApp(this IApplicationBuilder app, public static IApplicationBuilder ConfigureFileServerApp(this IApplicationBuilder app,
bool enableDirectoryBrowsing = false) bool enableDirectoryBrowsing = false)
{ {
@ -91,16 +90,10 @@ public static class HostingExtensions
return app; return app;
} }
#endregion
internal static WebApplication ConfigureWebAppServices(this WebApplicationBuilder builder) internal static WebApplication ConfigureWebAppServices(this WebApplicationBuilder builder)
{ {
IServiceCollection services = LoadConfiguration(builder); IServiceCollection services = LoadConfiguration(builder);
//services.AddRazorPages();
services.AddSession(); services.AddSession();
// TODO .AddServerSideSessionStore<YavscServerSideSessionStore>() // TODO .AddServerSideSessionStore<YavscServerSideSessionStore>()
@ -148,7 +141,8 @@ public static class HostingExtensions
.AddTransient<IYavscMessageSender, YavscMessageSender>() .AddTransient<IYavscMessageSender, YavscMessageSender>()
.AddTransient<IBillingService, BillingService>() .AddTransient<IBillingService, BillingService>()
.AddTransient<IDataStore, FileDataStore>((sp) => new FileDataStore("googledatastore", false)) .AddTransient<IDataStore, FileDataStore>((sp) => new FileDataStore("googledatastore", false))
.AddTransient<ICalendarManager, CalendarManager>(); .AddTransient<ICalendarManager, CalendarManager>()
.AddTransient<BlogSpotService>();
// TODO for SMS: services.AddTransient<ISmsSender, AuthMessageSender>(); // TODO for SMS: services.AddTransient<ISmsSender, AuthMessageSender>();