From f8144dd2541b26395df6faca9ac98e24f63429ef Mon Sep 17 00:00:00 2001 From: nugroho Date: Tue, 20 May 2025 15:57:10 +0700 Subject: [PATCH] endpoints added --- APIHandler.cs | 117 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 114 insertions(+), 3 deletions(-) diff --git a/APIHandler.cs b/APIHandler.cs index 464a742..0078427 100644 --- a/APIHandler.cs +++ b/APIHandler.cs @@ -8,6 +8,22 @@ public static partial class APIHandler public static void Handle(IApplicationBuilder App) { App + //===========TEST ONLY============ + .Map("/hostcheck", host => + { + host.Run(async runner => + { + await runner.WriteJsonResponse(200, $"{runner.Request.Host} : {HttpOnly.Domain}"); + }); + }) + .Map("/numbertest", test => + { + test.Run(async runner => + { + Dictionary ELE = (await runner.TryGetBodyJsonAsync(["num"], CTS.Token))!; + await runner.WriteJsonResponse(200, $"{ELE["num"].GetByte()}"); + }); + }) //============MISC================= .Map("/updatecache", cache => { @@ -17,6 +33,7 @@ public static partial class APIHandler await runner.WriteJsonResponse(StatusCodes.Status200OK, "Cache Updated."); }); }) + // -------ADD-/sse-later-------- //===========UNITS================= .Map("/getunits", units => { @@ -161,10 +178,12 @@ public static partial class APIHandler CreateAgent.Parameters.AddWithValue("@misi", Mission); CreateAgent.Parameters.AddWithValue("@poto", PhotoURL.Equals(string.Empty) ? DBNull.Value : PhotoURL); _ = await CreateAgent.ExecuteNonQueryAsync(); + Agents.Add(NewAgent); } if (CreateUser) { - string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))); + string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant(); + User NewUser = new(UName, AgentID, HashedPass, Level, true); using (SqlCommand CreateUser = Conn.CreateCommand()) { CreateUser.Transaction = Trans; @@ -175,6 +194,7 @@ public static partial class APIHandler CreateUser.Parameters.AddWithValue("@levl", Level); _ = await CreateUser.ExecuteNonQueryAsync(); } + UserAccounts.TryAdd(UName, NewUser); } }, CTS.Token ); @@ -199,7 +219,7 @@ public static partial class APIHandler CommandBuilder.Append("UPDATE agents SET"); foreach (JsonProperty Prop in UpdateFields.EnumerateObject()) { - Comm.Parameters.AddWithValue($"@p{Prop.Name}", Prop.Value.ValueKind == JsonValueKind.Null ? DBNull.Value : Prop.Value.ValueKind == JsonValueKind.String ? Prop.Value.GetString() : Prop.Value.GetInt16()); + Comm.Parameters.AddWithValue($"@p{Prop.Name}", Prop.Value.ValueKind == JsonValueKind.Null ? DBNull.Value : Prop.Value.ValueKind == JsonValueKind.String ? Prop.Value.GetString() : Prop.Value.GetInt16()); CommandBuilder.Append($" [{Prop.Name}] = @p{Prop.Name},"); } Comm.Parameters.AddWithValue("@pagentid", AgentID); @@ -221,11 +241,102 @@ public static partial class APIHandler a["mission"] == DBNull.Value ? null : (string)a["mission"], a["photourl"] == DBNull.Value ? null : (string)a["photourl"] ), CTS.Token))[0]; + int AgentIdx = Agents.FindIndex(a => a.AgentID == UpAgent.AgentID); + Agents[AgentIdx] = Agents[AgentIdx] with + { + Name = UpAgent.Name, + Jabatan = UpAgent.Jabatan, + DeplID = UpAgent.DeplID, + SKAngkat = UpAgent.SKAngkat, + TMT = UpAgent.TMT, + SKPerb = UpAgent.SKPerb, + TMUbah = UpAgent.TMUbah, + Vision = UpAgent.Vision, + Mission = UpAgent.Mission, + PhotoURL = UpAgent.PhotoURL + }; await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "Data updated.", UpAgent); } }); }) - + .Map("/passwd", passwd => + { + passwd.Run(async runner => + { + if + ( + !await runner.RequestValidated(0, "POST", true) //has to pass this before trying to get bodyjsonasync. + //Let it be for now, move the json check login into trygetjson for later projects. + || await runner.TryGetBodyJsonAsync(["username", "password"], CTS.Token) is not Dictionary InElement + || !(await runner.RequestValidated(InElement["username"].GetString() ?? string.Empty, "POST") || await runner.RequestValidated(0, "POST")) + ) return; + if (InElement["password"].GetString() is not string PlainPass || PlainPass.Equals(string.Empty) || InElement["username"].GetString() is not string Username || Username.Equals(string.Empty)) + { + await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Username and/or Password can't be empty"); + return; + } + string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant(); + _ = await RunNonQueryAsync(CS, "UPDATE useraccounts SET [pass] = @hp WHERE [uname] = @un", Act => + { + Act.Parameters.AddWithValue("@un", Username); + Act.Parameters.AddWithValue("@hp", HashedPass); + }, CTS.Token); + UserAccounts[Username] = UserAccounts[Username] with { Password = HashedPass }; + await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "Password Updated."); + }); + }) + .Map("/adduser", user => + { + user.Run(async runner => + { + if (!await runner.RequestValidated(ValidMethod: "POST", CheckJson: true) || await runner.TryGetBodyJsonAsync(["username", "password", "agentid", "level"], CTS.Token) is not Dictionary InElement) return; + if ( + InElement["username"].GetString() is not string Username || + InElement["password"].GetString() is not string PlainPass || + InElement["agentid"].GetString() is not string AgentID || + InElement["level"].GetByte() is byte Level && Level == 0 //REMEMBER TO FLIT THIS to prevent superuser creation + ) + { + await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "String fields should not be empty and level should not be zero or less."); + return; + } + string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant(); + await RunNonQueryAsync(CS, "INSERT INTO useraccounts VALUES(@un, @pw, @ai, @lv, 1)", Conf => + { + Conf.Parameters.AddWithValue("@un", Username); + Conf.Parameters.AddWithValue("@pw", HashedPass); + Conf.Parameters.AddWithValue("@ai", AgentID); + Conf.Parameters.AddWithValue("@lv", Level); + }, CTS.Token); + UserAccounts.TryAdd(Username, new(Username, AgentID, HashedPass, Level, true)); + await runner.WriteJsonResponse(StatusCodes.Status201Created, $"New user account created for Agent ID {AgentID}. Check data for created username", Username); + }); + }) + .Map("/toggleuser", userstate => + { + userstate.Run(async runner=> + { + if + ( + !await runner.RequestValidated(0, "POST", true) //has to pass this before trying to get bodyjsonasync. + //Let it be for now, move the json check login into trygetjson for later projects. + || await runner.TryGetBodyJsonAsync(["username"], CTS.Token) is not Dictionary InElement + || InElement["username"].GetString() is not string Username + ) return; + if (UserAccounts[Username] is not User FoundUser) + { + await runner.WriteJsonResponse(StatusCodes.Status404NotFound, "Username not found.", Username); + return; + } + await RunNonQueryAsync(CS, "UPDATE useraccounts SET [active] = @ac WHERE [uname]=@un", Conf => + { + Conf.Parameters.AddWithValue("@un", Username); + Conf.Parameters.AddWithValue("@ac", !FoundUser.Active); + }, CTS.Token); + UserAccounts[Username] = UserAccounts[Username] with { Active = !FoundUser.Active }; + await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "User account active state updated. See data for current active state", !FoundUser.Active); + }); + }) //=========ACTIVITIES============= ; }