using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; using AutoMapper; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using UnivateProperties_API.Containers.Users; using UnivateProperties_API.Helpers; using UnivateProperties_API.Model.Users; using UnivateProperties_API.Repository; using UnivateProperties_API.Repository.Users; namespace UnivateProperties_API.Controllers.Users { [Route("api/[controller]")] [ApiController] public class RegisterController : ControllerBase { private readonly IRegisterRepository _Repo; private IMapper _mapper; private readonly AppSettings _appSettings; public RegisterController(IRegisterRepository repo, IMapper mapper, IOptions appSettings) { _Repo = repo; _mapper = mapper; _appSettings = appSettings.Value; } [AllowAnonymous] [HttpPost("authenticate")] public IActionResult Authenticate([FromBody]UserDto userDto) { var user = _Repo.Authenticate(userDto.Username, userDto.Password); if (user == null) return BadRequest(new { message = "Username or password is incorrect" }); var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()), new Claim(ClaimTypes.Role, user.Role) }), Expires = DateTime.UtcNow.AddMinutes(15), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); // return basic user info (without password) and token to store client side return Ok(new { user.Id, user.Username, user.Name, user.Surname, Token = tokenString }); } [AllowAnonymous] [HttpPost("register")] public IActionResult Register([FromBody]UserDto userDto) { // map dto to entity var user = _mapper.Map(userDto); try { // save _Repo.Create(user, userDto.Password, true); return Ok(); } catch (AppException ex) { // return error message if there was an exception return BadRequest(new { message = ex.Message }); } } [AllowAnonymous] [HttpPost("registeragency")] public IActionResult RegisterAgency([FromBody]AgencyDto agency) { // map dto to entity _mapper.Map(agency); try { // save _Repo.CreateAgency(agency); return Ok(); } catch (AppException ex) { // return error message if there was an exception return BadRequest(new { message = ex.Message }); } } [HttpPut("{id}")] public IActionResult Update(int id, [FromBody]UserDto userDto) { // map dto to entity and set id var user = _mapper.Map(userDto); user.Id = id; try { // save _Repo.Update(user, userDto.Password); return Ok(); } catch (AppException ex) { // return error message if there was an exception return BadRequest(new { message = ex.Message }); } } [HttpPut("{id}")] public IActionResult UpdateAgency(int id, [FromBody]UserDto userDto) { // map dto to entity and set id var agency = _mapper.Map(userDto); agency.Id = id; try { // save _Repo.UpdateAgency(agency, userDto.Password); return Ok(); } catch (AppException ex) { // return error message if there was an exception return BadRequest(new { message = ex.Message }); } } [HttpGet("{id}")] public IActionResult GetById(int id) { var user = _Repo.GetById(id); var userDto = _mapper.Map(user); if (user == null) { return NotFound(); } // Only allow SuperAdmins to access other user records var currentUserId = int.Parse(User.Identity.Name); if (id != currentUserId && !User.IsInRole(Role.SuperAdmin)) { return Forbid(); } return Ok(userDto); } [HttpGet("{id}")] public IActionResult GetByAgencyId(int id) { var agency = _Repo.GetByAgencyId(id); var agencyDto = _mapper.Map(agency); if (agency == null) { return NotFound(); } var currentAgencyId = int.Parse(User.Identity.Name); if (id != currentAgencyId && !User.IsInRole(Role.Agency)) { return Forbid(); } return Ok(agencyDto); } [Authorize(Roles = Role.SuperAdmin)] [HttpDelete("{id}")] public IActionResult Delete(User user) { _Repo.Delete(user.Id); return Ok(); } [Authorize(Roles = Role.SuperAdmin)] [HttpDelete("{id}")] public IActionResult DeleteAgency(Agency agency) { _Repo.DeleteAgency(agency.Id); return Ok(); } } }