homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: homeburger:feature/auth
Branches Tags
homeburger:main homeburger:feature/llm homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template
..
compare: homeburger:feature/frontend-design
Branches Tags
homeburger:feature/llm homeburger:main homeburger:feature/auth homeburger:feature/frontend-design homeburger:feature/client-template

1 Commits
feature/au ... feature/fr

Author SHA1 Message Date
homeburger
e3cd44422c Merge pull request 'Feature/Auth: implement user authentication' (#3) from feature/auth into main
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 4s
Details
Build and Deploy Frontend / build-and-deploy (push) Successful in 4s
Details 
Reviewed-on: #3
 2026-03-22 20:52:22 -05:00
29 changed files with 708 additions and 495 deletions
Expand all files Collapse all files

6
.env
View File

@@ -2,9 +2,3 @@
sike you thought I was like that sike you thought I was like that
hehehehee (urp so full) hehehehee (urp so full)
# TODO: should have basic public-safe environment variables here
# then secret environment variables can be added via secrets in the ci script like so:
# job: inject-seccrets $ echo API_KEY={{ secrets.API_KEY }} >> .env
# then they dont have to be inserted by the docker container ( messy)

279
api/Migrations/20260321221316_InitialCreate.Designer.cs generated Normal file
View File

@@ -0,0 +1,279 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260321221316_InitialCreate")]
partial class InitialCreate
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.5")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("agologumApi.Models.User", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

42
api/Migrations/20260423011426_InitialMigration.cs → api/Migrations/20260321221316_InitialCreate.cs
View File

@@ -7,7 +7,7 @@ using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
namespace agologum_api.Migrations namespace agologum_api.Migrations
{ {
/// <inheritdoc /> /// <inheritdoc />
public partial class InitialMigration : Migration public partial class InitialCreate : Migration
{ {
/// <inheritdoc /> /// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder) protected override void Up(MigrationBuilder migrationBuilder)
@@ -32,7 +32,6 @@ namespace agologum_api.Migrations
{ {
Id = table.Column<string>(type: "text", nullable: false), Id = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false), CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
Permissions = table.Column<string>(type: "jsonb", nullable: true),
UserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true), UserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
NormalizedUserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true), NormalizedUserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
Email = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true), Email = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
@@ -53,39 +52,6 @@ namespace agologum_api.Migrations
table.PrimaryKey("PK_AspNetUsers", x => x.Id); table.PrimaryKey("PK_AspNetUsers", x => x.Id);
}); });
migrationBuilder.CreateTable(
name: "Items",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Name = table.Column<string>(type: "text", nullable: false),
Description = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
LastEditedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Items", x => x.Id);
});
migrationBuilder.CreateTable(
name: "RefreshTokens",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
UserId = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
ExpiresAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
IsRevoked = table.Column<bool>(type: "boolean", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshTokens", x => x.Id);
});
migrationBuilder.CreateTable( migrationBuilder.CreateTable(
name: "AspNetRoleClaims", name: "AspNetRoleClaims",
columns: table => new columns: table => new
@@ -248,12 +214,6 @@ namespace agologum_api.Migrations
migrationBuilder.DropTable( migrationBuilder.DropTable(
name: "AspNetUserTokens"); name: "AspNetUserTokens");
migrationBuilder.DropTable(
name: "Items");
migrationBuilder.DropTable(
name: "RefreshTokens");
migrationBuilder.DropTable( migrationBuilder.DropTable(
name: "AspNetRoles"); name: "AspNetRoles");

306
api/Migrations/20260322011947_AddItems.Designer.cs generated Normal file
View File

@@ -0,0 +1,306 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
[DbContext(typeof(AppDbContext))]
[Migration("20260322011947_AddItems")]
partial class AddItems
{
/// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "10.0.5")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("agologumApi.Models.Item", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Description")
.IsRequired()
.HasColumnType("text");
b.Property<DateTime>("LastEditedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Name")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.ToTable("Items");
});
modelBuilder.Entity("agologumApi.Models.User", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<DateTime>("CreatedAt")
.HasColumnType("timestamp with time zone");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("agologumApi.Models.User", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
#pragma warning restore 612, 618
}
}
}

39
api/Migrations/20260322011947_AddItems.cs Normal file
View File

@@ -0,0 +1,39 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class AddItems : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "Items",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Name = table.Column<string>(type: "text", nullable: false),
Description = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
LastEditedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Items", x => x.Id);
});
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "Items");
}
}
}

7
api/Migrations/20260423011426_InitialMigration.Designer.cs → api/Migrations/20260322214843_AddRefreshTokens.Designer.cs generated
View File

@@ -11,8 +11,8 @@ using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
namespace agologum_api.Migrations namespace agologum_api.Migrations
{ {
[DbContext(typeof(AppDbContext))] [DbContext(typeof(AppDbContext))]
[Migration("20260423011426_InitialMigration")] [Migration("20260322214843_AddRefreshTokens")]
partial class InitialMigration partial class AddRefreshTokens
{ {
/// <inheritdoc /> /// <inheritdoc />
protected override void BuildTargetModel(ModelBuilder modelBuilder) protected override void BuildTargetModel(ModelBuilder modelBuilder)
@@ -252,9 +252,6 @@ namespace agologum_api.Migrations
b.Property<string>("PasswordHash") b.Property<string>("PasswordHash")
.HasColumnType("text"); .HasColumnType("text");
b.PrimitiveCollection<string>("Permissions")
.HasColumnType("jsonb");
b.Property<string>("PhoneNumber") b.Property<string>("PhoneNumber")
.HasColumnType("text"); .HasColumnType("text");

40
api/Migrations/20260322214843_AddRefreshTokens.cs Normal file
View File

@@ -0,0 +1,40 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace agologum_api.Migrations
{
/// <inheritdoc />
public partial class AddRefreshTokens : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "RefreshTokens",
columns: table => new
{
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
UserId = table.Column<string>(type: "text", nullable: false),
CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
ExpiresAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
IsRevoked = table.Column<bool>(type: "boolean", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshTokens", x => x.Id);
});
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "RefreshTokens");
}
}
}

3
api/Migrations/AppDbContextModelSnapshot.cs
View File

@@ -249,9 +249,6 @@ namespace agologum_api.Migrations
b.Property<string>("PasswordHash") b.Property<string>("PasswordHash")
.HasColumnType("text"); .HasColumnType("text");
b.PrimitiveCollection<string>("Permissions")
.HasColumnType("jsonb");
b.Property<string>("PhoneNumber") b.Property<string>("PhoneNumber")
.HasColumnType("text"); .HasColumnType("text");

33
api/Program.cs
View File

@@ -1,5 +1,4 @@
// system usings
using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -8,33 +7,27 @@ using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using System.Text; using System.Text;
// homeburger usings
using agologumApi.Models; using agologumApi.Models;
using agologumApi.Services; using agologumApi.Services;
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
// make sure the jwt key exists or else abort, security issue
var key = builder.Configuration["Jwt:Key"]; var key = builder.Configuration["Jwt:Key"];
if(key == null) return; if(key == null) return;
// connect to the sql database
builder.Services.AddDbContext<AppDbContext>(options => builder.Services.AddDbContext<AppDbContext>(options =>
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection"))); options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddControllers(); builder.Services.AddControllers();
// add our services // services
builder.Services.AddScoped<UserService>();
builder.Services.AddScoped<ItemService>(); builder.Services.AddScoped<ItemService>();
builder.Services.AddScoped<JwtService>(); builder.Services.AddScoped<JwtService>();
// if this grows sufficiently large we can put elsewhere
// configuration for jwt authentication // configuration for jwt authentication
builder.Services.AddIdentity<User, IdentityRole>() builder.Services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<AppDbContext>() .AddEntityFrameworkStores<AppDbContext>()
.AddDefaultTokenProviders() .AddDefaultTokenProviders();
.AddRoles<IdentityRole>();
builder.Services.AddAuthentication(options => { builder.Services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -51,16 +44,7 @@ builder.Services.AddAuthentication(options => {
}; };
}); });
// authorization configurations; here's where we register our permissions to policies builder.Services.AddAuthorization();
// TODO: this suspiciously looks able to be automated through a for loop, only if we can have a static dictionary maybe though?
builder.Services.AddAuthorization(options => {
options.AddPolicy(Permission.SensitiveData_Read, policy =>
policy.RequireClaim("permission", Permission.SensitiveData_Read));
options.AddPolicy(Permission.SensitiveData_Modify, policy =>
policy.RequireClaim("permission", Permission.SensitiveData_Modify));
});
// configuration for behind my nginx proxy // configuration for behind my nginx proxy
builder.Services.Configure<ForwardedHeadersOptions>(options => builder.Services.Configure<ForwardedHeadersOptions>(options =>
@@ -77,7 +61,6 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi // Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi(); builder.Services.AddOpenApi();
// cors; scary needs to be fixed
builder.Services.AddCors(options => builder.Services.AddCors(options =>
{ {
options.AddPolicy("dev", options.AddPolicy("dev",
@@ -86,14 +69,17 @@ builder.Services.AddCors(options =>
policy.AllowAnyOrigin() policy.AllowAnyOrigin()
.AllowAnyHeader() .AllowAnyHeader()
.AllowAnyMethod(); .AllowAnyMethod();
}); // TODO: scary please fix this });
}); });
// more middleware; probably uncessary at this stage
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(); builder.Services.AddSwaggerGen();
// build app // https://www.reddit.com/r/dotnet/comments/1h7vzbs/how_do_you_guys_handle_authorization_on_a_web_api/
// add authorization here
// controllers will have endpoints based on authorization
// frontend is a different story
var app = builder.Build(); var app = builder.Build();
app.UseForwardedHeaders(); app.UseForwardedHeaders();
@@ -125,7 +111,6 @@ using (var scope = app.Services.CreateScope()) {
Thread.Sleep(5000); Thread.Sleep(5000);
} }
} }
} }
app.Run(); app.Run();

49
api/src/Controllers/AuthController.cs
View File

@@ -13,62 +13,46 @@ public class AuthController : ControllerBase {
// identity things // identity things
private readonly UserManager<User> userManager_; private readonly UserManager<User> userManager_;
private readonly SignInManager<User> signInManager_; private readonly SignInManager<User> signInManager_;
// services
private readonly JwtService jwt_;
private readonly UserService userService_;
// class constructor (where are my initializer lists man) private readonly JwtService jwt_;
public AuthController(UserManager<User> userManager, SignInManager<User> signInManager, JwtService jwt, UserService userService) {
public AuthController(UserManager<User> userManager, SignInManager<User> signInManager, JwtService jwt) {
userManager_ = userManager; userManager_ = userManager;
signInManager_ = signInManager; signInManager_ = signInManager;
jwt_ = jwt; jwt_ = jwt;
userService_ = userService;
} }
// register endpoint
[HttpPost("register")] [HttpPost("register")]
public async Task<ActionResult> Register(RegisterDto dto) { public async Task<ActionResult> Register(RegisterDto dto) {
// create a new user out of the dto from the request var user = new User {
User user = new User {
UserName = dto.UserName, UserName = dto.UserName,
Email = dto.Email, Email = dto.Email,
CreatedAt = DateTime.UtcNow // yeah why not utc CreatedAt = DateTime.UtcNow // yeah why not utc
}; };
// assigning roles to user. create a user starting with x to give it permissions to read sensitive data
if(dto.UserName.StartsWith("x")) {
user.Permissions = new List<string> { Permission.SensitiveData_Read };
}
// use Identity's user manager to add to db; error check if failed
var result = await userManager_.CreateAsync(user, dto.Password); var result = await userManager_.CreateAsync(user, dto.Password);
if(!result.Succeeded) return BadRequest(result.Errors); if(!result.Succeeded) return BadRequest(result.Errors);
// respond to post as necessary
return CreatedAtAction( return CreatedAtAction(
nameof(Register), nameof(Register),
new { id = user.Id } new { id = user.Id }
); );
} }
// login endpoint
[HttpPost("login")] [HttpPost("login")]
public async Task<ActionResult> Login(LoginDto dto) public async Task<ActionResult> Login(LoginDto dto)
{ {
// get the user from the database given the username
var user = await userManager_.FindByNameAsync(dto.UserName); var user = await userManager_.FindByNameAsync(dto.UserName);
// user not found with that name
if (user == null) return Unauthorized(); // unauthorized instead of not found to not give away info
// use identity's password validation if (user == null) return Unauthorized();
var result = await signInManager_.CheckPasswordSignInAsync(user, dto.Password, false); var result = await signInManager_.CheckPasswordSignInAsync(user, dto.Password, false);
// if failed then youre not real !
if(!result.Succeeded) return Unauthorized(); if(!result.Succeeded) return Unauthorized();
// login sucess, give you an authentication token var accessToken = jwt_.GenerateJwt(user);
var accessToken = await jwt_.GenerateJwt(user); var refreshToken = jwt_.GenerateRefreshToken();
var refreshToken = jwt_.GenerateRefreshToken(); // the refresh token is good enough to refresh your access token
RefreshToken newTokenObject = new RefreshToken { RefreshToken newTokenObject = new RefreshToken {
Token = refreshToken, Token = refreshToken,
UserId = user.Id, UserId = user.Id,
@@ -77,44 +61,34 @@ public class AuthController : ControllerBase {
IsRevoked = false IsRevoked = false
}; };
await jwt_.AddRefreshToken(newTokenObject); await jwt_.AddRefreshToken(newTokenObject);
// the jwt says we trust who you are and can substitute it for login
// contains permissions claims too
// return both access and refresh token
return Ok(new { accessToken, refreshToken }); return Ok(new { accessToken, refreshToken });
} }
// logout endpoint
[Authorize] // authorize is handled by middleware [Authorize] // authorize is handled by middleware
[HttpPost("logout")] [HttpPost("logout")]
public async Task<ActionResult> Logout(string refreshTokenString) { public async Task<ActionResult> Logout(string refreshTokenString) {
// revoke refresh token // revoke refresh token
bool success = await jwt_.RevokeRefreshToken(refreshTokenString); bool success = await jwt_.RevokeRefreshToken(refreshTokenString);
if(!success) return NotFound(); if(!success) return NotFound();
// frontend refreshes page and detects logout
return Ok(); return Ok();
} }
// refresh token endpoint
[HttpPost("refresh")] // allow-anonymous by default [HttpPost("refresh")] // allow-anonymous by default
public async Task<ActionResult> Refresh(TokenDto request) { public async Task<ActionResult> Refresh(TokenDto request) {
// reached when the frontend gets an unauthorized response and autoattempts to refresh if available
// get token from request and check if its valid
RefreshToken? storedToken = await jwt_.GetRefreshToken(request.RefreshToken); RefreshToken? storedToken = await jwt_.GetRefreshToken(request.RefreshToken);
if (storedToken == null) return Unauthorized(); if (storedToken == null) return Unauthorized();
bool valid = (storedToken.IsRevoked) || bool valid = (storedToken.IsRevoked) ||
(storedToken.ExpiresAt < DateTime.UtcNow); (storedToken.ExpiresAt < DateTime.UtcNow);
if(!valid) return Unauthorized(); // TODO: delete the invalid token if(!valid) return Unauthorized(); // TODO: delete the invalid token
// get user from the token and give them new tokens
User? user = await jwt_.GetUser(storedToken.UserId); User? user = await jwt_.GetUser(storedToken.UserId);
if(user == null) return NotFound(); if(user == null) return NotFound();
string? newAccessToken = await jwt_.GenerateJwt(user); string? newAccessToken = jwt_.GenerateJwt(user);
if(newAccessToken == null) return NotFound(); if(newAccessToken == null) return NotFound();
string newRefreshToken = jwt_.GenerateRefreshToken(); string newRefreshToken = jwt_.GenerateRefreshToken();
// construct new token
storedToken.IsRevoked = true; storedToken.IsRevoked = true;
RefreshToken newTokenObject = new RefreshToken { RefreshToken newTokenObject = new RefreshToken {
Token = newRefreshToken, Token = newRefreshToken,
@@ -125,9 +99,10 @@ public class AuthController : ControllerBase {
}; };
await jwt_.AddRefreshToken(newTokenObject); await jwt_.AddRefreshToken(newTokenObject);
// return new tokens
return Ok(new { accessToken = newAccessToken, refreshToken = newRefreshToken }); return Ok(new { accessToken = newAccessToken, refreshToken = newRefreshToken });
} }
// TODO // TODO

118
api/src/Controllers/UsersController.cs
View File

@@ -1,118 +0,0 @@
// this is basically a demo on roles
// level 0 can't access the users endpoint at all
// level 1 has read permissions
// level 2 has modify permissions
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Identity;
using agologumApi.Models;
using agologumApi.Services;
[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase {
private readonly UserService service_;
public UsersController(UserService service) {
service_ = service;
}
[Authorize(Policy = Permission.SensitiveData_Read)]
[HttpGet]
public async Task<ActionResult<List<User>>> getUsers() {
List<User> rawArray = await service_.GetAll();
List<UserDto> dtoArray = new List<UserDto>();
foreach(User user in rawArray) {
UserDto newDto = new UserDto(user);
dtoArray.Add(newDto);
}
return Ok(dtoArray);
}
[Authorize(Policy = Permission.SensitiveData_Read)]
[HttpGet("{id:int}")]
public async Task<ActionResult<User>> getUser(string id) {
var user = await service_.GetById(id);
if (user == null) return NotFound();
UserDto newDto = new UserDto(user);
return Ok(newDto);
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpDelete("{id}")]
public async Task<ActionResult> deleteUser(string id) {
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if(userId == id) return BadRequest(); // dont allow deletion of yourself
var success = await service_.Delete(id);
if (!success) return NotFound();
return NoContent();
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpDelete("{id}/{permission}")]
public async Task<ActionResult> removePermission(string id, string permission) {
// get the user this request comes from. since it passed identity auth we can trust it
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if(permission == Permission.SensitiveData_Modify && userId == id) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
// get list of permissions of that user
var user = await service_.GetById(id);
if (user == null) return NotFound();
if(user.Permissions == null) return NotFound();
// verify that the requested permission exists on that user
if(!user.Permissions.Contains(permission)) return NotFound();
// remove the permission from the permission list
user.Permissions.Remove(permission);
// update the user
await service_.Update(id, user);
return NoContent();
}
[Authorize(Policy = Permission.SensitiveData_Modify)]
[HttpPost("{id}/{permission}")] // TODO: this was made with a single button per permission in mind, but may be better as sending an array
public async Task<ActionResult> addPermission(string id, string permission) {
// we'll allow the superuser to elevate their own permissions because they're the superuser
// get list of permissions of the user
var user = await service_.GetById(id);
if (user == null) return NotFound();
if(user.Permissions == null) return NotFound();
// remove add the permission to the user's permission list (if it doesnt already exist)
if(user.Permissions.Contains(permission)) return NoContent();
user.Permissions.Add(permission);
// update the user
await service_.Update(id, user);
return NoContent();
// fyi the user will need to sign out and sign back in so the new permissions are reflected in their jwt claims
// TODO: or on the client i could issue a refresh token request after a permission api call
}
// TODO: add controls on editing roles
}

10
api/src/Data/AppDbContext.cs
View File

@@ -10,16 +10,8 @@ public class AppDbContext : IdentityDbContext<User> {
} }
// Db set for each model besides Users (DbSet<User> is already defined in IdentityDbContext<User>) // Db set for each model besides Users (DbSet<template> is already defined in IdenityDbContext<template>)
public DbSet<Item> Items { get; set; } public DbSet<Item> Items { get; set; }
public DbSet<RefreshToken> RefreshTokens { get; set; } public DbSet<RefreshToken> RefreshTokens { get; set; }
protected override void OnModelCreating(ModelBuilder builder) {
base.OnModelCreating(builder);
builder.Entity<User>().Property(u => u.Permissions).HasColumnType("jsonb");
}
} }

10
api/src/Models/Permissions.cs
View File

@@ -1,10 +0,0 @@
// this is a static data model; it doesnt exist in a database (yet)
// lol no dynamic permissions would mean endpoint authorization gates need to be dynamic too
public static class Permission {
public const string SensitiveData_Read = "SensitiveData.Read";
public const string SensitiveData_Modify = "SensitiveData.Modify";
}

25
api/src/Models/User.cs
View File

@@ -7,11 +7,6 @@ public class User : IdentityUser {
public DateTime CreatedAt { get; set; } public DateTime CreatedAt { get; set; }
// TODO: make this a list of UserPermissions
// where a userpermission has an Id, Permission (string), and userId string
// then we can do something like: get all users with this permission
public List<string>? Permissions { get; set; } = new(); // because this isnt very relational database happy
// properties inherited from IdentityUser: // properties inherited from IdentityUser:
/* /*
AccessFailedCount: Gets or sets the number of failed login attempts for the current user. AccessFailedCount: Gets or sets the number of failed login attempts for the current user.
@@ -51,23 +46,3 @@ public class LoginDto {
public string Password { get; set; } = ""; public string Password { get; set; } = "";
} }
public class UserDto {
public DateTime CreatedAt { get; set; } = DateTime.UtcNow; // datetimes get compressed to a string
public List<string>? Permissions { get; set; } = [];
public string? Email { get; set; } = "";
public string Id { get; set; } = "";
public string? UserName { get; set; } = "";
// constructor out of a full User object
// REMEMBER: when adding fields to UserDto they must also be set in this constructor or else stuff breaks
public UserDto(User user) {
CreatedAt = user.CreatedAt;
Email = user.Email;
Id = user.Id;
UserName = user.UserName;
Permissions = user.Permissions;
}
};

1
api/src/Services/ItemService.cs
View File

@@ -5,7 +5,6 @@ using agologumApi.Models;
namespace agologumApi.Services; namespace agologumApi.Services;
// basic CRUD operations for items in the database
public class ItemService { public class ItemService {
private readonly AppDbContext db_; private readonly AppDbContext db_;

30
api/src/Services/JwtService.cs
View File

@@ -5,7 +5,6 @@ using System.Text;
using System.Security.Claims; using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography; using System.Security.Cryptography;
using Microsoft.AspNetCore.Identity;
using agologumApi.Models; using agologumApi.Models;
@@ -13,46 +12,33 @@ public class JwtService {
private readonly IConfiguration config_; private readonly IConfiguration config_;
private readonly AppDbContext db_; private readonly AppDbContext db_;
private readonly UserManager<User> userManager_;
public JwtService(IConfiguration config, AppDbContext db, UserManager<User> userManager) { // why the heck does c# not have initializer lists ? public JwtService(IConfiguration config, AppDbContext db) { // why the heck does c# not have initializer lists ?
config_ = config; config_ = config;
db_ = db; db_ = db;
userManager_ = userManager;
} }
// create a jwt string given a user (user contains permissions which go into claims) public string? GenerateJwt(User user) {
public async Task<string?> GenerateJwt(User user) {
// security stuff
string? jwtKey = config_["Jwt:Key"]; string? jwtKey = config_["Jwt:Key"];
if(jwtKey == null) return null; if(jwtKey == null) return null;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey)); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
// make sure the user is real
if(user.UserName == null) return null; if(user.UserName == null) return null;
// not too sure // not too sure
var claims = new List<Claim> { var claims = new[] {
new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()) new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
}; };
// add each permission that the user has into the claims
List<string>? permissions = user.Permissions;
if(permissions != null) {
foreach(string perm in permissions) {
claims.Add(new Claim("permission", perm));
}
}
// construct that token
var token = new JwtSecurityToken( var token = new JwtSecurityToken(
issuer: "agologum", issuer: "agologum",
audience: "agologum", audience: "agologum",
claims: claims, claims: claims,
expires: DateTime.UtcNow.AddHours(2), expires: DateTime.UtcNow.AddHours(2), // will add a refresher later
signingCredentials: creds signingCredentials: creds
); );
@@ -60,7 +46,6 @@ public class JwtService {
} }
// generating a refresh token is just like a long random password
public string GenerateRefreshToken() { public string GenerateRefreshToken() {
byte[] randomBytes = new byte[64]; byte[] randomBytes = new byte[64];
@@ -69,12 +54,10 @@ public class JwtService {
} }
// we store refresh tokens on our side to check against when a user requests a refresh
public async Task<RefreshToken?> GetRefreshToken(string refreshTokenString) { public async Task<RefreshToken?> GetRefreshToken(string refreshTokenString) {
return await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString); return await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
} }
// add a refresh token to the token db store
public async Task<RefreshToken> AddRefreshToken(RefreshToken refreshToken) { public async Task<RefreshToken> AddRefreshToken(RefreshToken refreshToken) {
db_.RefreshTokens.Add(refreshToken); db_.RefreshTokens.Add(refreshToken);
await db_.SaveChangesAsync(); await db_.SaveChangesAsync();
@@ -84,9 +67,8 @@ public class JwtService {
// helper to get the User from the id that exists in a refresh token object // helper to get the User from the id that exists in a refresh token object
public async Task<User?> GetUser(string id) { public async Task<User?> GetUser(string id) {
return await db_.Users.FindAsync(id); return await db_.Users.FindAsync(id);
} // since other places aren't good for having references to db contexts }
// remove refresh token from our store; called when user logs out
public async Task<bool> RevokeRefreshToken(string refreshTokenString) { public async Task<bool> RevokeRefreshToken(string refreshTokenString) {
var refreshToken = await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString); var refreshToken = await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
if(refreshToken == null) return false; if(refreshToken == null) return false;

55
api/src/Services/UserService.cs
View File

@@ -1,55 +0,0 @@
using Microsoft.EntityFrameworkCore;
using agologumApi.Models;
namespace agologumApi.Services;
public class UserService {
private readonly AppDbContext db_;
public UserService(AppDbContext db) {
db_ = db;
}
// get all users
public async Task<List<User>> GetAll() {
return await db_.Users.ToListAsync();
}
// get one user with id of id
public async Task<User?> GetById(string id) {
return await db_.Users.FindAsync(id);
}
// get one user with username of name
public async Task<User?> GetByName(string name) {
return await db_.Users.FirstOrDefaultAsync(u => u.UserName == name);
}
// delete one user with id of id
public async Task<bool> Delete(string id) {
User? User = await db_.Users.FindAsync(id);
if(User != null) {
db_.Users.Remove(User);
await db_.SaveChangesAsync();
return true;
} else {
return false;
}
}
// update user of id with user
public async Task<User?> Update(string id, User user) {
User? oldUser = await db_.Users.FindAsync(id);
if(oldUser == null) return oldUser;
oldUser.Permissions = user.Permissions;
await db_.SaveChangesAsync();
return oldUser;
}
}

2
client/src/api/AuthApi.ts
View File

@@ -3,7 +3,7 @@
// handles user registration, user logins, tokens, password reset, etc. // handles user registration, user logins, tokens, password reset, etc.
import { api, authStorage } from "./axios.ts" import { api, authStorage } from "./axios.ts"
import type { UserDto, RegisterDto, LoginDto } from "../models/User.ts"; import type { User, RegisterDto, LoginDto } from "../models/User.ts";
const API_URL: string = "/auth"; const API_URL: string = "/auth";

15
client/src/api/UsersApi.ts
View File

@@ -1,15 +0,0 @@
import api from "./axios.ts"
import type { UserDto } from "../models/User.ts";
const API_URL: string = "/users";
export const getUsers = () => api.get<UserDto[]>(`${API_URL}`);
export const getUser = (id: string) => api.get<UserDto>(`${API_URL}/${id}`);
export const deleteUser = (id: string) => api.delete<UserDto>(`${API_URL}/${id}`);
export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/${permission}`)
export const addPermission = (id: string, permission: string) => api.post(`${API_URL}/${id}/${permission}`)

3
client/src/api/axios.ts
View File

@@ -87,7 +87,4 @@ api.interceptors.response.use(response => response, async error => { // mainly f
return Promise.reject(error); return Promise.reject(error);
}) })
// TODO: if you get a 403 while navigating then redirect to the last authenticated page
// if you gert a 403 on a form submissio nthen do like an unauthorized popup (message: stale session <login link>) (or redirect to login like i said elsewhere)
export default api; export default api;

0
client/src/components/UsersTable.vue
View File

13
client/src/models/User.ts
View File

@@ -2,21 +2,20 @@
// models are the data objects stored in the database. models defined here must match models defined in api/models // models are the data objects stored in the database. models defined here must match models defined in api/models
// dtos here must match the the dtos in api/src/Modelts/Dto.cs in name (case insensitive) (types are intermediately serialized to strings) // dtos here must match the the dtos in api/src/Modelts/Dto.cs in name (case insensitive) (types are intermediately serialized to strings)
export interface UserDto { export interface User {
createdAt: string; id: number;
username: string;
email: string; email: string;
id: string; password: string;
userName: string;
permissions: string;
} }
export interface RegisterDto { export interface RegisterDto {
userName: string; username: string;
email: string; email: string;
password: string; password: string;
} }
export interface LoginDto { export interface LoginDto {
userName: string; username: string;
password: string; password: string;
} }

4
client/src/pages/LoginForm.vue
View File

@@ -10,7 +10,7 @@ import * as authApi from "../api/AuthApi";
const router = useRouter(); const router = useRouter();
const user = reactive<LoginDto>({ // the template ensures type consistency const user = reactive<LoginDto>({ // the template ensures type consistency
userName: "", username: "",
password: "", password: "",
}); });
@@ -40,7 +40,7 @@ async function login(): Promise<void> {
<h2>Login</h2> <h2>Login</h2>
<form @submit.prevent="login"> <form @submit.prevent="login">
<input v-model="user.userName" placeholder="username" /> <input v-model="user.username" placeholder="username" />
<input v-model="user.password" type="password" placeholder="password" /> <input v-model="user.password" type="password" placeholder="password" />
<button type="submit">Submit</button> <button type="submit">Submit</button>

4
client/src/pages/RegisterForm.vue
View File

@@ -10,7 +10,7 @@ import * as authApi from "../api/AuthApi";
const router = useRouter(); const router = useRouter();
const user = reactive<RegisterDto>({ // the template ensures type consistency const user = reactive<RegisterDto>({ // the template ensures type consistency
userName: "", username: "",
email: "", email: "",
password: "", password: "",
}); });
@@ -40,7 +40,7 @@ async function register(): Promise<void> {
<h2>Register</h2> <h2>Register</h2>
<form @submit.prevent="register"> <form @submit.prevent="register">
<input v-model="user.userName" placeholder="username" /> <input v-model="user.username" placeholder="username" />
<input v-model="user.email" placeholder="email" /> <input v-model="user.email" placeholder="email" />
<input v-model="user.password" placeholder="password" /> <input v-model="user.password" placeholder="password" />

55
client/src/pages/UsersList.vue
View File

@@ -1,55 +0,0 @@
<script setup lang="ts">
import { onMounted, reactive } from "vue"
import { useRoute, useRouter } from "vue-router";
import { useUsersStore } from "../stores/UsersStore.ts"
import * as authApi from "../api/AuthApi";
const store = useUsersStore()
const router = useRouter();
onMounted(() => {
store.fetchUsers()
})
function logout() {
authApi.logout();
router.push("/login");
}
const inputs = reactive<Record<number, string>>({});
store.users.forEach((_, i) => {
inputs[i] = ""
});
const addPermission = (userId: string, index: number) => {
if(inputs[index] != null) store.addPermission(userId, inputs[index]);
}
</script>
<template>
<div>
<h1>Users</h1>
<table>
<tr v-for="(user, index) in store.users" :key="user.id">
<td>{{ user.userName }}</td>
<td>
<button @click="store.removeUser(user.id)">Delete</button>
</td>
<td v-for="perm in user.permissions" :key="user.id">
<button @click="store.removePermission(user.id, perm)">Remove {{ perm }} permission</button>
</td>
<td>
<form @submit.prevent="addPermission(user.id, index)">
<input type="text" v-model="inputs[index]" placeholder="permission" />
<button type="submit">Add Permission</button>
</form>
</td>
</tr>
</table>
<button @click="logout()">Logout</button>
</div>
</template>

6
client/src/pages/index.vue
View File

@@ -10,16 +10,10 @@
<h3>yeah im so cool rn</h3> <h3>yeah im so cool rn</h3>
<h1>imagining what I could do with themes :o</h1> <h1>imagining what I could do with themes :o</h1>
<h3>TODO: if(logged in) show this stuff; else dont.</h3>
<router-link to="/items" custom v-slot="{ navigate }"> <router-link to="/items" custom v-slot="{ navigate }">
<button @click="navigate" role="link">Items</button> <button @click="navigate" role="link">Items</button>
</router-link> </router-link>
<router-link to="/users" custom v-slot="{ navigate }">
<button @click="navigate" role="link">Users</button>
</router-link>
<router-link to="/register" custom v-slot="{ navigate }"> <!-- TODO: only if token == invalid --> <router-link to="/register" custom v-slot="{ navigate }"> <!-- TODO: only if token == invalid -->
<button @click="navigate" role="link">Register</button> <button @click="navigate" role="link">Register</button>
</router-link> </router-link>

5
client/src/router/index.ts
View File

@@ -6,7 +6,6 @@ import LoginForm from "../pages/LoginForm.vue";
import RegisterForm from "../pages/RegisterForm.vue"; import RegisterForm from "../pages/RegisterForm.vue";
import ItemsList from "../pages/ItemsList.vue"; import ItemsList from "../pages/ItemsList.vue";
import ItemForm from "../pages/ItemForm.vue"; import ItemForm from "../pages/ItemForm.vue";
import UsersList from "../pages/UsersList.vue";
import index from "../pages/index.vue"; import index from "../pages/index.vue";
import { authStorage } from "../api/axios.ts" import { authStorage } from "../api/axios.ts"
@@ -18,8 +17,7 @@ const routes = [
{ path: "/register", component: RegisterForm }, { path: "/register", component: RegisterForm },
{ path: "/items", component: ItemsList, meta: { requiresAuth: true } }, { path: "/items", component: ItemsList, meta: { requiresAuth: true } },
{ path: "/item/new", component: ItemForm, meta: { requiresAuth: true } }, { path: "/item/new", component: ItemForm, meta: { requiresAuth: true } },
{ path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } }, { path: "/item/:id", component: ItemForm, meta: { requiresAuth: true } }
{ path: "/users", component: UsersList, meta: { requiresAuth: true } }
]; // I really like this ]; // I really like this
const router = createRouter({ const router = createRouter({
@@ -38,6 +36,5 @@ router.beforeEach((to, from, next) => {
} }
}); });
// if the api responds unauthorized (401) then it also will auto-redirect to the login page
export default router; export default router;

40
client/src/stores/UsersStore.ts
View File

@@ -1,40 +0,0 @@
import { defineStore } from "pinia";
import type { UserDto } from "../models/User.ts";
import * as usersApi from "../api/UsersApi";
interface UserState {
users: UserDto[];
loading: boolean;
}
export const useUsersStore = defineStore("users", {
state: (): UserState => ({
users: [],
loading: false
}),
actions: {
async fetchUsers() {
this.loading = true;
const response = await usersApi.getUsers();
this.users = response.data;
this.loading = false;
},
async removeUser(id: string) {
await usersApi.deleteUser(id);
this.users = this.users.filter(i => i.id !== id);
},
async removePermission(id: string, permission: string) {
await usersApi.removePermission(id, permission);
},
async addPermission(id: string, permission: string) {
await usersApi.addPermission(id, permission);
}
}
});

3
scripts/DEV_README.md
View File

@@ -13,8 +13,7 @@ To see live logs:
sudo docker logs -f -t agologum-api sudo docker logs -f -t agologum-api
public user: public user:
> username=bard (admin) > username=bard
> username=xvbard (superuser)
> password=Public*890 > password=Public*890
chrome dev tools troubleshooting chrome dev tools troubleshooting