homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: homeburger:e3cd44422cc9d987aba6f3bbf8f6c5e7f7c1f855
Branches Tags
homeburger:main homeburger:feature/llm homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template
..
compare: homeburger:main
Branches Tags
homeburger:feature/llm homeburger:main homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template

34 Commits
e3cd44422c ... main

Author SHA1 Message Date
homeburger
d29486dda9 Merge pull request 'Feature/Auth: last one was authentication, this one is authorization' (#4) from feature/auth into main
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 4s
Details
Build and Deploy Frontend / build-and-deploy (push) Successful in 4s
Details 
Reviewed-on: #4
 2026-04-23 00:18:39 -05:00
Blitblank
317a7bce9d comments galore
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-23 00:15:49 -05:00
Blitblank
ef1e9aa759 best of both worlds
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 23:45:18 -05:00
Blitblank
be183c6fd3 allow removal of self permissions, just not the important one
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 23:30:25 -05:00
Blitblank
0cda948323 do the same to delete
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 8s
Details
Build and Deploy API / build-and-deploy (push) Successful in 10s
Details
2026-04-22 23:27:31 -05:00
Blitblank
6761ae499b oops wrong http request type
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-04-22 23:23:48 -05:00
Blitblank
b7989a1c2b add api calls to permission modifications
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 9s
Details
2026-04-22 23:21:22 -05:00
Blitblank
42a59c8af3 add debugging frontend for permissions
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-04-22 23:08:33 -05:00
Blitblank
baca04fa03 create permission modification endpoints
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-22 21:49:15 -05:00
Blitblank
1afa30040d create userdto constructor out of user
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 21:19:35 -05:00
Blitblank
68685e6398 prevent self user deletion
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 21:08:02 -05:00
Blitblank
4f60336a37 it was staring me right in the face
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 20:21:39 -05:00
Blitblank
5f68179fd1 database malarkey
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 20:14:34 -05:00
Blitblank
37b5dd4637 fix permission table
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 4s
Details
2026-04-22 20:09:20 -05:00
Blitblank
ef1256b38f redo database
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 20:00:14 -05:00
Blitblank
89942f0731 fix build permission errors
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 19:55:47 -05:00
Blitblank
9d5bae339e every gosh darn time
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-22 19:35:12 -05:00
Blitblank
152db3d99f rework policies to use permissions over roles
Some checks failed
Build and Deploy API / build-and-deploy (push) Failing after 7s
Details
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details
2026-04-22 19:34:55 -05:00
Blitblank
1a0bf385b6 use strings instead of guids
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-21 23:22:00 -05:00
Blitblank
5bbe0bfb4d IdentityUsers use Guid instead of int ids
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-21 23:17:45 -05:00
Blitblank
60bead4426 seed admin role
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-21 22:24:21 -05:00
Blitblank
30214bd212 fix case issues on userName
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-04-21 21:06:52 -05:00
Blitblank
1350284b79 await asyncronous method
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-21 21:04:01 -05:00
Blitblank
ffdf997929 add roles to jwt claims
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-21 20:32:48 -05:00
Blitblank
500961be07 fix users page
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 5s
Details
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-04-21 20:12:17 -05:00
Blitblank
143d194cdb fix: policy mismatch
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-04-21 19:18:54 -05:00
Blitblank
2f3cb46af3 add roles seeding
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 8s
Details
Build and Deploy API / build-and-deploy (push) Successful in 11s
Details
2026-04-21 19:13:44 -05:00
Blitblank
214f1601b5 comment
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-03-28 00:54:03 -05:00
Blitblank
0af0ddf6b9 i was missing policies oops
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 9s
Details
2026-03-28 00:19:01 -05:00
Blitblank
f271ff59f8 added userDtos
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
Build and Deploy API / build-and-deploy (push) Successful in 10s
Details
2026-03-28 00:01:45 -05:00
Blitblank
5afd9057f2 checkpoint
All checks were successful
Build and Deploy Frontend / build-and-deploy (push) Successful in 7s
Details
2026-03-27 20:22:17 -05:00
Blitblank
12d1e65ed5 small roles update
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 10s
Details
2026-03-25 23:11:39 -05:00
Blitblank
eeee94d0d6 what da
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
Details
2026-03-24 19:41:48 -05:00
Blitblank
63c2da652c test api roles 2026-03-24 19:41:36 -05:00
29 changed files with 494 additions and 707 deletions
Expand all files Collapse all files

6
.env
View File

@@ -2,3 +2,9 @@
sike you thought I was like that
hehehehee (urp so full)
# TODO: should have basic public-safe environment variables here
# then secret environment variables can be added via secrets in the ci script like so:
# job: inject-seccrets $ echo API_KEY={{ secrets.API_KEY }} >> .env
# then they dont have to be inserted by the docker container ( messy)

279
api/Migrations/20260321221316_InitialCreate.Designer.cs generated
View File

@@ -1,279 +0,0 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260321221316_InitialCreate")]
partial class InitialCreate
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.5")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("agologumApi.Models.User", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

306
api/Migrations/20260322011947_AddItems.Designer.cs generated
View File

@@ -1,306 +0,0 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260322011947_AddItems")]
partial class AddItems
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.5")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("agologumApi.Models.Item", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Description")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("LastEditedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Name")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("Items");
});
modelBuilder.Entity("agologumApi.Models.User", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

39
api/Migrations/20260322011947_AddItems.cs
View File

@@ -1,39 +0,0 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class AddItems : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "Items",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Name = table.Column<string>(type: "text", nullable: false),
Description = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
LastEditedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Items", x => x.Id);
});
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "Items");
}
}
}

40
api/Migrations/20260322214843_AddRefreshTokens.cs
View File

@@ -1,40 +0,0 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class AddRefreshTokens : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "RefreshTokens",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
UserId = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
ExpiresAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
IsRevoked = table.Column<bool>(type: "boolean", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshTokens", x => x.Id);
});
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "RefreshTokens");
}
}
}

7
api/Migrations/20260322214843_AddRefreshTokens.Designer.cs → api/Migrations/20260423011426_InitialMigration.Designer.cs generated
View File

@@ -11,8 +11,8 @@ using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260322214843_AddRefreshTokens")]
partial class AddRefreshTokens
[Migration("20260423011426_InitialMigration")]
partial class InitialMigration
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
@@ -252,6 +252,9 @@ namespace agologum_api.Migrations
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.PrimitiveCollection<string>("Permissions")
.HasColumnType("jsonb");
b.Property<string>("PhoneNumber")
.HasColumnType("text");

42
api/Migrations/20260321221316_InitialCreate.cs → api/Migrations/20260423011426_InitialMigration.cs
View File

@@ -7,7 +7,7 @@ using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class InitialCreate : Migration
public partial class InitialMigration : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
@@ -32,6 +32,7 @@ namespace agologum_api.Migrations
{
Id = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
Permissions = table.Column<string>(type: "jsonb", nullable: true),
UserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
NormalizedUserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
Email = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
@@ -52,6 +53,39 @@ namespace agologum_api.Migrations
table.PrimaryKey("PK_AspNetUsers", x => x.Id);
});
migrationBuilder.CreateTable(
name: "Items",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Name = table.Column<string>(type: "text", nullable: false),
Description = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
LastEditedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Items", x => x.Id);
});
migrationBuilder.CreateTable(
name: "RefreshTokens",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
UserId = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
ExpiresAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
IsRevoked = table.Column<bool>(type: "boolean", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshTokens", x => x.Id);
});
migrationBuilder.CreateTable(
name: "AspNetRoleClaims",
columns: table => new
@@ -214,6 +248,12 @@ namespace agologum_api.Migrations
migrationBuilder.DropTable(
name: "AspNetUserTokens");
migrationBuilder.DropTable(
name: "Items");
migrationBuilder.DropTable(
name: "RefreshTokens");
migrationBuilder.DropTable(
name: "AspNetRoles");

3
api/Migrations/AppDbContextModelSnapshot.cs
View File

@@ -249,6 +249,9 @@ namespace agologum_api.Migrations
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.PrimitiveCollection<string>("Permissions")
.HasColumnType("jsonb");
b.Property<string>("PhoneNumber")
.HasColumnType("text");

33
api/Program.cs
View File

@@ -1,4 +1,5 @@
// system usings
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -7,27 +8,33 @@ using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using System.Text;
// homeburger usings
using agologumApi.Models;
using agologumApi.Services;
var builder = WebApplication.CreateBuilder(args);
// make sure the jwt key exists or else abort, security issue
var key = builder.Configuration["Jwt:Key"];
if(key == null) return;
// connect to the sql database
builder.Services.AddDbContext<AppDbContext>(options =>
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddControllers();
// services
// add our services
builder.Services.AddScoped<UserService>();
builder.Services.AddScoped<ItemService>();
builder.Services.AddScoped<JwtService>();
// if this grows sufficiently large we can put elsewhere
// configuration for jwt authentication
builder.Services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<AppDbContext>()
.AddDefaultTokenProviders();
.AddDefaultTokenProviders()
.AddRoles<IdentityRole>();
builder.Services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -44,7 +51,16 @@ builder.Services.AddAuthentication(options => {
};
});
builder.Services.AddAuthorization();
// authorization configurations; here's where we register our permissions to policies
// TODO: this suspiciously looks able to be automated through a for loop, only if we can have a static dictionary maybe though?
builder.Services.AddAuthorization(options => {
options.AddPolicy(Permission.SensitiveData_Read, policy =>
policy.RequireClaim("permission", Permission.SensitiveData_Read));
options.AddPolicy(Permission.SensitiveData_Modify, policy =>
policy.RequireClaim("permission", Permission.SensitiveData_Modify));
});
// configuration for behind my nginx proxy
builder.Services.Configure<ForwardedHeadersOptions>(options =>
@@ -61,6 +77,7 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
// cors; scary needs to be fixed
builder.Services.AddCors(options =>
{
options.AddPolicy("dev",
@@ -69,17 +86,14 @@ builder.Services.AddCors(options =>
policy.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
}); // TODO: scary please fix this
});
// more middleware; probably uncessary at this stage
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
// https://www.reddit.com/r/dotnet/comments/1h7vzbs/how_do_you_guys_handle_authorization_on_a_web_api/
// add authorization here
// controllers will have endpoints based on authorization
// frontend is a different story
// build app
var app = builder.Build();
app.UseForwardedHeaders();
@@ -111,6 +125,7 @@ using (var scope = app.Services.CreateScope()) {
Thread.Sleep(5000);
}
}
}
app.Run();

47
api/src/Controllers/AuthController.cs
View File

@@ -13,46 +13,62 @@ public class AuthController : ControllerBase {
// identity things
private readonly UserManager<User> userManager_;
private readonly SignInManager<User> signInManager_;
// services
private readonly JwtService jwt_;
private readonly UserService userService_;
public AuthController(UserManager<User> userManager, SignInManager<User> signInManager, JwtService jwt) {
// class constructor (where are my initializer lists man)
public AuthController(UserManager<User> userManager, SignInManager<User> signInManager, JwtService jwt, UserService userService) {
userManager_ = userManager;
signInManager_ = signInManager;
jwt_ = jwt;
userService_ = userService;
}
// register endpoint
[HttpPost("register")]
public async Task<ActionResult> Register(RegisterDto dto) {
var user = new User {
// create a new user out of the dto from the request
User user = new User {
UserName = dto.UserName,
Email = dto.Email,
CreatedAt = DateTime.UtcNow // yeah why not utc
};
// assigning roles to user. create a user starting with x to give it permissions to read sensitive data
if(dto.UserName.StartsWith("x")) {
user.Permissions = new List<string> { Permission.SensitiveData_Read };
}
// use Identity's user manager to add to db; error check if failed
var result = await userManager_.CreateAsync(user, dto.Password);
if(!result.Succeeded) return BadRequest(result.Errors);
// respond to post as necessary
return CreatedAtAction(
nameof(Register),
new { id = user.Id }
);
}
// login endpoint
[HttpPost("login")]
public async Task<ActionResult> Login(LoginDto dto)
{
// get the user from the database given the username
var user = await userManager_.FindByNameAsync(dto.UserName);
// user not found with that name
if (user == null) return Unauthorized(); // unauthorized instead of not found to not give away info
if (user == null) return Unauthorized();
// use identity's password validation
var result = await signInManager_.CheckPasswordSignInAsync(user, dto.Password, false);
// if failed then youre not real !
if(!result.Succeeded) return Unauthorized();
var accessToken = jwt_.GenerateJwt(user);
var refreshToken = jwt_.GenerateRefreshToken();
// login sucess, give you an authentication token
var accessToken = await jwt_.GenerateJwt(user);
var refreshToken = jwt_.GenerateRefreshToken(); // the refresh token is good enough to refresh your access token
RefreshToken newTokenObject = new RefreshToken {
Token = refreshToken,
UserId = user.Id,
@@ -61,34 +77,44 @@ public class AuthController : ControllerBase {
IsRevoked = false
};
await jwt_.AddRefreshToken(newTokenObject);
// the jwt says we trust who you are and can substitute it for login
// contains permissions claims too
// return both access and refresh token
return Ok(new { accessToken, refreshToken });
}
// logout endpoint
[Authorize] // authorize is handled by middleware
[HttpPost("logout")]
public async Task<ActionResult> Logout(string refreshTokenString) {
// revoke refresh token
bool success = await jwt_.RevokeRefreshToken(refreshTokenString);
if(!success) return NotFound();
// frontend refreshes page and detects logout
return Ok();
}
// refresh token endpoint
[HttpPost("refresh")] // allow-anonymous by default
public async Task<ActionResult> Refresh(TokenDto request) {
// reached when the frontend gets an unauthorized response and autoattempts to refresh if available
// get token from request and check if its valid
RefreshToken? storedToken = await jwt_.GetRefreshToken(request.RefreshToken);
if (storedToken == null) return Unauthorized();
bool valid = (storedToken.IsRevoked) ||
(storedToken.ExpiresAt < DateTime.UtcNow);
if(!valid) return Unauthorized(); // TODO: delete the invalid token
// get user from the token and give them new tokens
User? user = await jwt_.GetUser(storedToken.UserId);
if(user == null) return NotFound();
string? newAccessToken = jwt_.GenerateJwt(user);
string? newAccessToken = await jwt_.GenerateJwt(user);
if(newAccessToken == null) return NotFound();
string newRefreshToken = jwt_.GenerateRefreshToken();
// construct new token
storedToken.IsRevoked = true;
RefreshToken newTokenObject = new RefreshToken {
Token = newRefreshToken,
@@ -99,10 +125,9 @@ public class AuthController : ControllerBase {
};
await jwt_.AddRefreshToken(newTokenObject);
// return new tokens
return Ok(new { accessToken = newAccessToken, refreshToken = newRefreshToken });
}
// TODO

118
api/src/Controllers/UsersController.cs Normal file
View File

@@ -0,0 +1,118 @@
// this is basically a demo on roles
// level 0 can't access the users endpoint at all
// level 1 has read permissions
// level 2 has modify permissions
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Identity;
using agologumApi.Models;
using agologumApi.Services;
[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase {
private readonly UserService service_;
public UsersController(UserService service) {
service_ = service;
}
[Authorize(Policy = Permission.SensitiveData_Read)]
[HttpGet]
public async Task<ActionResult<List<User>>> getUsers() {
List<User> rawArray = await service_.GetAll();
List<UserDto> dtoArray = new List<UserDto>();
foreach(User user in rawArray) {
UserDto newDto = new UserDto(user);
dtoArray.Add(newDto);
}
return Ok(dtoArray);
}
[Authorize(Policy = Permission.SensitiveData_Read)]
[HttpGet("{id:int}")]
public async Task<ActionResult<User>> getUser(string id) {
var user = await service_.GetById(id);
if (user == null) return NotFound();
UserDto newDto = new UserDto(user);
return Ok(newDto);
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpDelete("{id}")]
public async Task<ActionResult> deleteUser(string id) {
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if(userId == id) return BadRequest(); // dont allow deletion of yourself
var success = await service_.Delete(id);
if (!success) return NotFound();
return NoContent();
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpDelete("{id}/{permission}")]
public async Task<ActionResult> removePermission(string id, string permission) {
// get the user this request comes from. since it passed identity auth we can trust it
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if(permission == Permission.SensitiveData_Modify && userId == id) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
// get list of permissions of that user
var user = await service_.GetById(id);
if (user == null) return NotFound();
if(user.Permissions == null) return NotFound();
// verify that the requested permission exists on that user
if(!user.Permissions.Contains(permission)) return NotFound();
// remove the permission from the permission list
user.Permissions.Remove(permission);
// update the user
await service_.Update(id, user);
return NoContent();
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpPost("{id}/{permission}")] // TODO: this was made with a single button per permission in mind, but may be better as sending an array
public async Task<ActionResult> addPermission(string id, string permission) {
// we'll allow the superuser to elevate their own permissions because they're the superuser
// get list of permissions of the user
var user = await service_.GetById(id);
if (user == null) return NotFound();
if(user.Permissions == null) return NotFound();
// remove add the permission to the user's permission list (if it doesnt already exist)
if(user.Permissions.Contains(permission)) return NoContent();
user.Permissions.Add(permission);
// update the user
await service_.Update(id, user);
return NoContent();
// fyi the user will need to sign out and sign back in so the new permissions are reflected in their jwt claims
// TODO: or on the client i could issue a refresh token request after a permission api call
}
// TODO: add controls on editing roles
}

10
api/src/Data/AppDbContext.cs
View File

@@ -10,8 +10,16 @@ public class AppDbContext : IdentityDbContext<User> {
}
// Db set for each model besides Users (DbSet<template> is already defined in IdenityDbContext<template>)
// Db set for each model besides Users (DbSet<User> is already defined in IdentityDbContext<User>)
public DbSet<Item> Items { get; set; }
public DbSet<RefreshToken> RefreshTokens { get; set; }
protected override void OnModelCreating(ModelBuilder builder) {
base.OnModelCreating(builder);
builder.Entity<User>().Property(u => u.Permissions).HasColumnType("jsonb");
}
}

10
api/src/Models/Permissions.cs Normal file
View File

@@ -0,0 +1,10 @@
// this is a static data model; it doesnt exist in a database (yet)
// lol no dynamic permissions would mean endpoint authorization gates need to be dynamic too
public static class Permission {
public const string SensitiveData_Read = "SensitiveData.Read";
public const string SensitiveData_Modify = "SensitiveData.Modify";
}

25
api/src/Models/User.cs
View File

@@ -7,6 +7,11 @@ public class User : IdentityUser {
public DateTime CreatedAt { get; set; }
// TODO: make this a list of UserPermissions
// where a userpermission has an Id, Permission (string), and userId string
// then we can do something like: get all users with this permission
public List<string>? Permissions { get; set; } = new(); // because this isnt very relational database happy
// properties inherited from IdentityUser:
/*
AccessFailedCount: Gets or sets the number of failed login attempts for the current user.
@@ -46,3 +51,23 @@ public class LoginDto {
public string Password { get; set; } = "";
}
public class UserDto {
public DateTime CreatedAt { get; set; } = DateTime.UtcNow; // datetimes get compressed to a string
public List<string>? Permissions { get; set; } = [];
public string? Email { get; set; } = "";
public string Id { get; set; } = "";
public string? UserName { get; set; } = "";
// constructor out of a full User object
// REMEMBER: when adding fields to UserDto they must also be set in this constructor or else stuff breaks
public UserDto(User user) {
CreatedAt = user.CreatedAt;
Email = user.Email;
Id = user.Id;
UserName = user.UserName;
Permissions = user.Permissions;
}
};

1
api/src/Services/ItemService.cs
View File

@@ -5,6 +5,7 @@ using agologumApi.Models;
namespace agologumApi.Services;
// basic CRUD operations for items in the database
public class ItemService {
private readonly AppDbContext db_;

30
api/src/Services/JwtService.cs
View File

@@ -5,6 +5,7 @@ using System.Text;
using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using Microsoft.AspNetCore.Identity;
using agologumApi.Models;
@@ -12,33 +13,46 @@ public class JwtService {
private readonly IConfiguration config_;
private readonly AppDbContext db_;
private readonly UserManager<User> userManager_;
public JwtService(IConfiguration config, AppDbContext db) { // why the heck does c# not have initializer lists ?
public JwtService(IConfiguration config, AppDbContext db, UserManager<User> userManager) { // why the heck does c# not have initializer lists ?
config_ = config;
db_ = db;
userManager_ = userManager;
}
public string? GenerateJwt(User user) {
// create a jwt string given a user (user contains permissions which go into claims)
public async Task<string?> GenerateJwt(User user) {
// security stuff
string? jwtKey = config_["Jwt:Key"];
if(jwtKey == null) return null;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
// make sure the user is real
if(user.UserName == null) return null;
// not too sure
var claims = new[] {
var claims = new List<Claim> {
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
};
// add each permission that the user has into the claims
List<string>? permissions = user.Permissions;
if(permissions != null) {
foreach(string perm in permissions) {
claims.Add(new Claim("permission", perm));
}
}
// construct that token
var token = new JwtSecurityToken(
issuer: "agologum",
audience: "agologum",
claims: claims,
expires: DateTime.UtcNow.AddHours(2), // will add a refresher later
expires: DateTime.UtcNow.AddHours(2),
signingCredentials: creds
);
@@ -46,6 +60,7 @@ public class JwtService {
}
// generating a refresh token is just like a long random password
public string GenerateRefreshToken() {
byte[] randomBytes = new byte[64];
@@ -54,10 +69,12 @@ public class JwtService {
}
// we store refresh tokens on our side to check against when a user requests a refresh
public async Task<RefreshToken?> GetRefreshToken(string refreshTokenString) {
return await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
}
// add a refresh token to the token db store
public async Task<RefreshToken> AddRefreshToken(RefreshToken refreshToken) {
db_.RefreshTokens.Add(refreshToken);
await db_.SaveChangesAsync();
@@ -67,8 +84,9 @@ public class JwtService {
// helper to get the User from the id that exists in a refresh token object
public async Task<User?> GetUser(string id) {
return await db_.Users.FindAsync(id);
}
} // since other places aren't good for having references to db contexts
// remove refresh token from our store; called when user logs out
public async Task<bool> RevokeRefreshToken(string refreshTokenString) {
var refreshToken = await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
if(refreshToken == null) return false;

55
api/src/Services/UserService.cs Normal file
View File

@@ -0,0 +1,55 @@
using Microsoft.EntityFrameworkCore;
using agologumApi.Models;
namespace agologumApi.Services;
public class UserService {
private readonly AppDbContext db_;
public UserService(AppDbContext db) {
db_ = db;
}
// get all users
public async Task<List<User>> GetAll() {
return await db_.Users.ToListAsync();
}
// get one user with id of id
public async Task<User?> GetById(string id) {
return await db_.Users.FindAsync(id);
}
// get one user with username of name
public async Task<User?> GetByName(string name) {
return await db_.Users.FirstOrDefaultAsync(u => u.UserName == name);
}
// delete one user with id of id
public async Task<bool> Delete(string id) {
User? User = await db_.Users.FindAsync(id);
if(User != null) {
db_.Users.Remove(User);
await db_.SaveChangesAsync();
return true;
} else {
return false;
}
}
// update user of id with user
public async Task<User?> Update(string id, User user) {
User? oldUser = await db_.Users.FindAsync(id);
if(oldUser == null) return oldUser;
oldUser.Permissions = user.Permissions;
await db_.SaveChangesAsync();
return oldUser;
}
}

2
client/src/api/AuthApi.ts
View File

@@ -3,7 +3,7 @@
// handles user registration, user logins, tokens, password reset, etc.
import { api, authStorage } from "./axios.ts"
import type { User, RegisterDto, LoginDto } from "../models/User.ts";
import type { UserDto, RegisterDto, LoginDto } from "../models/User.ts";
const API_URL: string = "/auth";

15
client/src/api/UsersApi.ts Normal file
View File

@@ -0,0 +1,15 @@
import api from "./axios.ts"
import type { UserDto } from "../models/User.ts";
const API_URL: string = "/users";
export const getUsers = () => api.get<UserDto[]>(`${API_URL}`);
export const getUser = (id: string) => api.get<UserDto>(`${API_URL}/${id}`);
export const deleteUser = (id: string) => api.delete<UserDto>(`${API_URL}/${id}`);
export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/${permission}`)
export const addPermission = (id: string, permission: string) => api.post(`${API_URL}/${id}/${permission}`)

3
client/src/api/axios.ts
View File

@@ -87,4 +87,7 @@ api.interceptors.response.use(response => response, async error => { // mainly f
return Promise.reject(error);
})
// TODO: if you get a 403 while navigating then redirect to the last authenticated page
// if you gert a 403 on a form submissio nthen do like an unauthorized popup (message: stale session <login link>) (or redirect to login like i said elsewhere)
export default api;

0
client/src/components/UsersTable.vue Normal file
View File

13
client/src/models/User.ts
View File

@@ -2,20 +2,21 @@
// models are the data objects stored in the database. models defined here must match models defined in api/models
// dtos here must match the the dtos in api/src/Modelts/Dto.cs in name (case insensitive) (types are intermediately serialized to strings)
export interface User {
id: number;
username: string;
export interface UserDto {
createdAt: string;
email: string;
password: string;
id: string;
userName: string;
permissions: string;
}
export interface RegisterDto {
username: string;
userName: string;
email: string;
password: string;
}
export interface LoginDto {
username: string;
userName: string;
password: string;
}

4
client/src/pages/LoginForm.vue
View File

@@ -10,7 +10,7 @@ import * as authApi from "../api/AuthApi";
const router = useRouter();
const user = reactive<LoginDto>({ // the template ensures type consistency
username: "",
userName: "",
password: "",
});
@@ -40,7 +40,7 @@ async function login(): Promise<void> {
<h2>Login</h2>
<form @submit.prevent="login">
<input v-model="user.username" placeholder="username" />
<input v-model="user.userName" placeholder="username" />
<input v-model="user.password" type="password" placeholder="password" />
<button type="submit">Submit</button>

4
client/src/pages/RegisterForm.vue
View File

@@ -10,7 +10,7 @@ import * as authApi from "../api/AuthApi";
const router = useRouter();
const user = reactive<RegisterDto>({ // the template ensures type consistency
username: "",
userName: "",
email: "",
password: "",
});
@@ -40,7 +40,7 @@ async function register(): Promise<void> {
<h2>Register</h2>
<form @submit.prevent="register">
<input v-model="user.username" placeholder="username" />
<input v-model="user.userName" placeholder="username" />
<input v-model="user.email" placeholder="email" />
<input v-model="user.password" placeholder="password" />

55
client/src/pages/UsersList.vue Normal file
View File

@@ -0,0 +1,55 @@
<script setup lang="ts">
import { onMounted, reactive } from "vue"
import { useRoute, useRouter } from "vue-router";
import { useUsersStore } from "../stores/UsersStore.ts"
import * as authApi from "../api/AuthApi";
const store = useUsersStore()
const router = useRouter();
onMounted(() => {
store.fetchUsers()
})
function logout() {
authApi.logout();
router.push("/login");
}
const inputs = reactive<Record<number, string>>({});
store.users.forEach((_, i) => {
inputs[i] = ""
});
const addPermission = (userId: string, index: number) => {
if(inputs[index] != null) store.addPermission(userId, inputs[index]);
}
</script>
<template>
<div>
<h1>Users</h1>
<table>
<tr v-for="(user, index) in store.users" :key="user.id">
<td>{{ user.userName }}</td>
<td>
<button @click="store.removeUser(user.id)">Delete</button>
</td>
<td v-for="perm in user.permissions" :key="user.id">
<button @click="store.removePermission(user.id, perm)">Remove {{ perm }} permission</button>
</td>
<td>
<form @submit.prevent="addPermission(user.id, index)">
<input type="text" v-model="inputs[index]" placeholder="permission" />
<button type="submit">Add Permission</button>
</form>
</td>
</tr>
</table>
<button @click="logout()">Logout</button>
</div>
</template>

6
client/src/pages/index.vue
View File

@@ -10,10 +10,16 @@
<h3>yeah im so cool rn</h3>
<h1>imagining what I could do with themes :o</h1>
<h3>TODO: if(logged in) show this stuff; else dont.</h3>
<router-link to="/items" custom v-slot="{ navigate }">
<button @click="navigate" role="link">Items</button>
</router-link>
<router-link to="/users" custom v-slot="{ navigate }">
<button @click="navigate" role="link">Users</button>
</router-link>
<router-link to="/register" custom v-slot="{ navigate }"> <!-- TODO: only if token == invalid -->
<button @click="navigate" role="link">Register</button>
</router-link>

5
client/src/router/index.ts
View File

@@ -6,6 +6,7 @@ import LoginForm from "../pages/LoginForm.vue";
import RegisterForm from "../pages/RegisterForm.vue";
import ItemsList from "../pages/ItemsList.vue";
import ItemForm from "../pages/ItemForm.vue";
import UsersList from "../pages/UsersList.vue";
import index from "../pages/index.vue";
import { authStorage } from "../api/axios.ts"
@@ -17,7 +18,8 @@ const routes = [
{ path: "/register", component: RegisterForm },
{ path: "/items", component: ItemsList, meta: { requiresAuth: true } },
{ path: "/item/new", component: ItemForm, meta: { requiresAuth: true } },
{ path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } }
{ path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } },
{ path: "/users", component: UsersList, meta: { requiresAuth: true } }
]; // I really like this
const router = createRouter({
@@ -36,5 +38,6 @@ router.beforeEach((to, from, next) => {
}
});
// if the api responds unauthorized (401) then it also will auto-redirect to the login page
export default router;

40
client/src/stores/UsersStore.ts Normal file
View File

@@ -0,0 +1,40 @@
import { defineStore } from "pinia";
import type { UserDto } from "../models/User.ts";
import * as usersApi from "../api/UsersApi";
interface UserState {
users: UserDto[];
loading: boolean;
}
export const useUsersStore = defineStore("users", {
state: (): UserState => ({
users: [],
loading: false
}),
actions: {
async fetchUsers() {
this.loading = true;
const response = await usersApi.getUsers();
this.users = response.data;
this.loading = false;
},
async removeUser(id: string) {
await usersApi.deleteUser(id);
this.users = this.users.filter(i => i.id !== id);
},
async removePermission(id: string, permission: string) {
await usersApi.removePermission(id, permission);
},
async addPermission(id: string, permission: string) {
await usersApi.addPermission(id, permission);
}
}
});

3
scripts/DEV_README.md
View File

@@ -13,7 +13,8 @@ To see live logs:
sudo docker logs -f -t agologum-api
public user:
> username=bard
> username=bard (admin)
> username=xvbard (superuser)
> password=Public*890
chrome dev tools troubleshooting