Provision
/
UnivatePropertiesAPI


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
							using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using AutoMapper;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using UnivateProperties_API.Containers.Users;
using UnivateProperties_API.Helpers;
using UnivateProperties_API.Model.Users;
using UnivateProperties_API.Repository;
using UnivateProperties_API.Repository.Users;

namespace UnivateProperties_API.Controllers.Users
{
    [Route("api/[controller]")]
    [ApiController]
    public class RegisterController : ControllerBase
    {
        private readonly IRegisterRepository _Repo;
        private IMapper _mapper;
        private readonly AppSettings _appSettings;

        public RegisterController(IRegisterRepository repo, IMapper mapper, IOptions<AppSettings> appSettings)
        {
            _Repo = repo;
            _mapper = mapper;
            _appSettings = appSettings.Value;
        }

        [AllowAnonymous]
        [HttpPost("authenticate")]
        public IActionResult Authenticate([FromBody]UserDto userDto)
        {
            var user = _Repo.Authenticate(userDto.Username, userDto.Password);

            if (user == null)
                return BadRequest(new { message = "Username or password is incorrect" });

            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.Name, user.Id.ToString()),
                    new Claim(ClaimTypes.Role, user.Role)
                }),
                Expires = DateTime.UtcNow.AddMinutes(15),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };
            var token = tokenHandler.CreateToken(tokenDescriptor);
            var tokenString = tokenHandler.WriteToken(token);

            // return basic user info (without password) and token to store client side
            return Ok(new
            {
                user.Id,
                user.Username,
                user.Name,
                user.Surname,
                Token = tokenString
            });
        }

        [AllowAnonymous]
        [HttpPost("register")]
        public IActionResult Register([FromBody]UserDto userDto)
        {
            // map dto to entity
            var user = _mapper.Map<User>(userDto);

            try
            {
                // save 
                _Repo.Create(user, userDto.Password, true);
                return Ok();
            }
            catch (AppException ex)
            {
                // return error message if there was an exception
                return BadRequest(new { message = ex.Message });
            }
        }

        [AllowAnonymous]
        [HttpPost("registeragency")]
        public IActionResult RegisterAgency([FromBody]AgencyDto agency)
        {
            // map dto to entity
            _mapper.Map<Agency>(agency);

            try
            {
                // save 
                _Repo.CreateAgency(agency);
                return Ok();
            }
            catch (AppException ex)
            {
                // return error message if there was an exception
                return BadRequest(new { message = ex.Message });
            }
        }

        [HttpPut("{id}")]
        public IActionResult Update(int id, [FromBody]UserDto userDto)
        {
            // map dto to entity and set id
            var user = _mapper.Map<User>(userDto);
            user.Id = id;

            try
            {
                // save 
                _Repo.Update(user, userDto.Password);
                return Ok();
            }
            catch (AppException ex)
            {
                // return error message if there was an exception
                return BadRequest(new { message = ex.Message });
            }
        }

        [HttpPut("{id}")]
        public IActionResult UpdateAgency(int id, [FromBody]UserDto userDto)
        {
            // map dto to entity and set id
            var agency = _mapper.Map<Agency>(userDto);
            agency.Id = id;

            try
            {
                // save 
                _Repo.UpdateAgency(agency, userDto.Password);
                return Ok();
            }
            catch (AppException ex)
            {
                // return error message if there was an exception
                return BadRequest(new { message = ex.Message });
            }
        }

        [HttpGet("{id}")]
        public IActionResult GetById(int id)
        {
            var user = _Repo.GetById(id);
            var userDto = _mapper.Map<UserDto>(user);

            if (user == null)
            {
                return NotFound();
            }

            // Only allow SuperAdmins to access other user records
            var currentUserId = int.Parse(User.Identity.Name);
            if (id != currentUserId && !User.IsInRole(Role.SuperAdmin))
            {
                return Forbid();
            }

            return Ok(userDto);
        }

        [HttpGet("{id}")]
        public IActionResult GetByAgencyId(int id)
        {
            var agency = _Repo.GetByAgencyId(id);
            var agencyDto = _mapper.Map<AgencyDto>(agency);

            if (agency == null)
            {
                return NotFound();
            }

            var currentAgencyId = int.Parse(User.Identity.Name);
            if (id != currentAgencyId && !User.IsInRole(Role.Agency))
            {
                return Forbid();
            }

            return Ok(agencyDto);
        }

        [Authorize(Roles = Role.SuperAdmin)]
        [HttpDelete("{id}")]
        public IActionResult Delete(User user)
        {
            _Repo.Delete(user.Id);
            return Ok();
        }

        [Authorize(Roles = Role.SuperAdmin)]
        [HttpDelete("{id}")]
        public IActionResult DeleteAgency(Agency agency)
        {
            _Repo.DeleteAgency(agency.Id);
            return Ok();
        }
    }
}