nugroho/agper-perubahan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
agper-perubahan/APIHandler.cs

370 lines
22 KiB
C#
Raw Blame History

using System.Text.Json;
using System.Text.RegularExpressions;
namespace perubahan;
public static partial class APIHandler
{
public static void Handle(IApplicationBuilder App)
{
App
//===========TEST ONLY============
.Map("/hostcheck", host =>
{
host.Run(async runner =>
{
await runner.WriteJsonResponse(200, $"{runner.Request.Host} : {HttpOnly.Domain}");
});
})
.Map("/numbertest", test =>
{
test.Run(async runner =>
{
Dictionary<string, JsonElement> ELE = (await runner.TryGetBodyJsonAsync(["num"], CTS.Token))!;
await runner.WriteJsonResponse(200, $"{ELE["num"].GetByte()}");
});
})
//============MISC=================
.Map("/updatecache", cache =>
{
cache.Run(async runner =>
{
await UpdateCache();
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Cache Updated.");
});
})
// -------ADD-/sse-later--------
//===========UNITS=================
.Map("/getunits", units =>
{
units.Run(async runner =>
{
if (!await runner.RequestValidated(2)) return;
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Success", Deployments);
});
})
.Map("/chunit", unit =>
{
unit.Run(async runner =>
{
if (!await runner.RequestValidated(2, "POST", true)) return;
if (await runner.TryGetBodyJsonAsync(["deplid", "unitkerja"], CTS.Token) is Dictionary<string, JsonElement> InElement)
{
Deployment CorrectDeployment = new(
InElement["deplid"].GetInt16(),
InElement["unitkerja"].GetString() ?? ""
);
if (CorrectDeployment.UnitKerja.Length < 1)
{
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Unit Kerja can't be empty string.");
return;
}
int i = Deployments.FindIndex(depl => depl.DeplID == CorrectDeployment.DeplID);
if (i < 0)
{
await runner.WriteJsonResponse(StatusCodes.Status404NotFound, "Deployment ID not found.");
return;
}
_ = await RunNonQueryAsync(CS, "UPDATE deployment SET unitkerja = @uk WHERE deplid = @id", Comm =>
{
Comm.Parameters.AddWithValue("@id", CorrectDeployment.DeplID);
Comm.Parameters.AddWithValue("@uk", CorrectDeployment.UnitKerja);
}, CTS.Token);
Deployments[i] = CorrectDeployment;
await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "Data updated.", Deployments[i]);
}
});
})
.Map("/addunit", unit =>
{
unit.Run(async runner =>
{
if (!await runner.RequestValidated(2, "POST", true)) return;
if (await runner.TryGetBodyJsonAsync(["unitkerja"], CTS.Token) is Dictionary<string, JsonElement> InElement)
{
string UnitKerja = InElement["unitkerja"].GetString() ?? "";
if (UnitKerja.Length < 1)
{
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Unit Kerja can't be empty string.");
return;
}
short DeplID = (short)await RunScalarAsync(CS, "INSERT INTO deployment OUTPUT INSERTED.deplid VALUES (@uk)", Comm =>
{
Comm.Parameters.AddWithValue("@uk", UnitKerja);
}, CTS.Token);
Deployment Inserted = new(DeplID, UnitKerja);
Deployments.Add(Inserted);
// EventsMarker.CacheUpdates = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString("X");
await runner.WriteJsonResponse(StatusCodes.Status201Created, "Data Created.", Inserted);
}
});
})
//============AGENTS==============
.Map("/getagents", agents =>
{
agents.Run(async runner =>
{
if (!await runner.RequestValidated(2)) return;
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Success", Agents);
});
})
.Map("/addagent", agent =>
{
agent.Run(async runner =>
{
if (!await runner.RequestValidated(1, "POST", true)) return;
if (await runner.TryGetBodyJsonAsync(["agentid", "name", "jabatan", "deplid", "skangkat", "tmt", "skper", "tgper", "vision", "mission", "photo", "seleksi", "nilaipilih", "eviden", "dokumentasi", "createuser", "uname", "pass", "level"], CTS.Token) is Dictionary<string, JsonElement> InElement)
{
string AgentID = InElement["agentid"].GetString() ?? string.Empty;
string Name = InElement["name"].GetString() ?? string.Empty;
string Jabatan = InElement["jabatan"].GetString() ?? string.Empty;
short DeploymentID = InElement["deplid"].GetInt16();
string SKAngkat = InElement["skangkat"].GetString() ?? string.Empty;
DateOnly TMT = DateOnly.Parse(InElement["tmt"].GetString()?[..10] ?? "1970-01-01");
string SKPer = InElement["skper"].GetString() ?? string.Empty;
DateOnly? TGPer = InElement["tgper"].GetString()?.Length > 0 ? DateOnly.Parse(InElement["tgper"].GetString()![..10]) : null;
string Vision = InElement["vision"].GetString() ?? "-";
string Mission = InElement["mission"].GetString() ?? "-";
string Photo = InElement["photo"].GetString() ?? string.Empty;
string PhotoURL = string.Empty;
string? Seleksi = InElement["seleksi"].GetString();
DateOnly? NilaiPilih = InElement["nilaipilih"].ValueKind == JsonValueKind.Null ? null : DateOnly.FromDateTime(InElement["nilaipilih"].GetDateTime());
string? Eviden = InElement["eviden"].GetString();
string? Dokumentasi = InElement["dokumentasi"].GetString();
bool CreateUser = InElement["createuser"].GetBoolean();
string UName = InElement["uname"].GetString() ?? string.Empty;
string PlainPass = InElement["pass"].GetString() ?? string.Empty;
byte Level = InElement["level"].GetByte();
Match PhotoMatch = Base64Regex().Match(Photo.ToLower());
if (AgentID.Equals(string.Empty) ||
Name.Equals(string.Empty) ||
Jabatan.Equals(string.Empty) ||
//DeploymentID.Equals(0) ||
SKAngkat.Equals(string.Empty) ||
TMT.Equals(DateOnly.Parse("1970-01-01")) ||
(!SKPer.Equals(string.Empty) && TGPer is null) ||
(CreateUser && UName.Equals(string.Empty)) ||
(CreateUser && PlainPass.Equals(string.Empty)) ||
(!Photo.Equals(string.Empty) && !PhotoMatch.Success) ||
(!await runner.RequestValidated(Level, "POST"))
)
{
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "One or more input(s) are not acceptable, in an unsupported format, or an attempt to create user account of a higher level than the creator is made.");
return;
}
if (!Photo.Equals(string.Empty))
{
string Format = PhotoMatch.Groups["format"].Value.ToLowerInvariant();
string Data = PhotoMatch.Groups["data"].Value;
byte[] ImageBytes = Convert.FromBase64String(Data);
uint CRC32Hash = Crc32.Compute(ImageBytes);
string PhotoFileName = $"{CRC32Hash:X8}.{(Format == "jpeg" ? "jpg" : Format)}";
string PhotoPath = Path.Combine(AppContext.BaseDirectory, "/wwwroot/assets/images/uploads", PhotoFileName);
if (!File.Exists(PhotoPath)) await File.WriteAllBytesAsync(PhotoPath, ImageBytes, CTS.Token);
PhotoURL = Path.Combine("/assets/images/uploads", PhotoFileName);
}
Agent NewAgent = new(AgentID, Name, Jabatan, DeploymentID, SKAngkat, TMT, SKPer.Length == 0 ? null : SKPer, SKPer.Length == 0 ? null : TGPer, Vision, Mission, Photo.Length == 0 ? null : PhotoURL, Seleksi, NilaiPilih, Eviden, Dokumentasi);
await RunTransactionAsync(CS, async (Conn, Trans) =>
{
using (SqlCommand CreateAgent = Conn.CreateCommand())
{
CreateAgent.Transaction = Trans;
CreateAgent.CommandText = "INSERT INTO agents VALUES(@agid, @nama, @jabt, @deid, @skng, @tmt, @skpr, @tmpr, @visi, @misi, @poto)";
CreateAgent.Parameters.AddWithValue("@agid", AgentID);
CreateAgent.Parameters.AddWithValue("@nama", Name);
CreateAgent.Parameters.AddWithValue("@jabt", Jabatan);
CreateAgent.Parameters.AddWithValue("@deid", DeploymentID);
CreateAgent.Parameters.AddWithValue("@skng", SKAngkat);
CreateAgent.Parameters.AddWithValue("@tmt", TMT);
CreateAgent.Parameters.AddWithValue("@skpr", SKPer.Equals(string.Empty) ? DBNull.Value : SKPer);
CreateAgent.Parameters.AddWithValue("@tmpr", SKPer.Equals(string.Empty) ? DBNull.Value : TGPer);
CreateAgent.Parameters.AddWithValue("@visi", Vision);
CreateAgent.Parameters.AddWithValue("@misi", Mission);
CreateAgent.Parameters.AddWithValue("@poto", PhotoURL.Equals(string.Empty) ? DBNull.Value : PhotoURL);
_ = await CreateAgent.ExecuteNonQueryAsync();
Agents.Add(NewAgent);
}
if (CreateUser)
{
string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant();
User NewUser = new(UName, AgentID, HashedPass, Level, true);
using (SqlCommand CreateUser = Conn.CreateCommand())
{
CreateUser.Transaction = Trans;
CreateUser.CommandText = "INSERT INTO useraccounts VALUES(@unam, @pass, @agid, @levl, 1)";
CreateUser.Parameters.AddWithValue("@unam", UName);
CreateUser.Parameters.AddWithValue("@pass", HashedPass);
CreateUser.Parameters.AddWithValue("@agid", AgentID);
CreateUser.Parameters.AddWithValue("@levl", Level);
_ = await CreateUser.ExecuteNonQueryAsync();
}
UserAccounts.TryAdd(UName, NewUser);
}
}, CTS.Token
);
string OutMessage = CreateUser ? "New Agent and respective User Account created" : "New Agent created. User account creation is possible.";
await runner.WriteJsonResponse(StatusCodes.Status201Created, OutMessage, CreateUser ? new SafeUser(UName, AgentID, Level, true) : NewAgent);
}
});
})
.Map("/chagent", agent =>
{
agent.Run(async runner =>
{
if (!await runner.RequestValidated(0, "POST", true)) return;
if (await runner.TryGetBodyJsonAsync(["agentid", "updates"], CTS.Token) is Dictionary<string, JsonElement> InElement)
{
if (InElement["updates"].ValueKind != JsonValueKind.Object) return;
string AgentID = InElement["agentid"].GetString() ?? string.Empty;
JsonElement UpdateFields = InElement["updates"];
using SqlDataReader Updated = await RunReaderAsync(CS, "", Comm =>
{
StringBuilder CommandBuilder = new();
CommandBuilder.Append("UPDATE agents SET");
foreach (JsonProperty Prop in UpdateFields.EnumerateObject())
{
Comm.Parameters.AddWithValue($"@p{Prop.Name}", Prop.Value.ValueKind == JsonValueKind.Null ? DBNull.Value : Prop.Value.ValueKind == JsonValueKind.String ? Prop.Value.GetString() : Prop.Value.GetInt16());
CommandBuilder.Append($" [{Prop.Name}] = @p{Prop.Name},");
}
Comm.Parameters.AddWithValue("@pagentid", AgentID);
CommandBuilder.Remove(CommandBuilder.Length - 1, 1);
CommandBuilder.Append(" OUTPUT INSERTED.* WHERE agentid = @pagentid");
Comm.CommandText = CommandBuilder.ToString();
}, CTS.Token);
Agent UpAgent = (await Updated.ToListAsync<Agent>(a => new
(
AgentID,
(string)a["name"],
(string)a["jabatan"],
(short)a["deplid"],
(string)a["skangkat"],
DateOnly.FromDateTime((DateTime)a["tmt"]),
a["skperubahan"] == DBNull.Value ? null : (string)a["skperubahan"],
a["tgperubahan"] == DBNull.Value ? null : DateOnly.FromDateTime((DateTime)a["tgperubahan"]),
a["vision"] == DBNull.Value ? null : (string)a["vision"],
a["mission"] == DBNull.Value ? null : (string)a["mission"],
a["photourl"] == DBNull.Value ? null : (string)a["photourl"],
a["seleksi"] == DBNull.Value ? null : (string)a["seleksi"],
a["nilaipilih"] == DBNull.Value ? null : DateOnly.FromDateTime((DateTime)a["nilaipilih"]),
a["eviden"] == DBNull.Value ? null : (string)a["eviden"],
a["dokumentasi"] == DBNull.Value ? null : (string)a["dokumentasi"]
), CTS.Token))[0];
int AgentIdx = Agents.FindIndex(a => a.AgentID == UpAgent.AgentID);
Agents[AgentIdx] = Agents[AgentIdx] with
{
Name = UpAgent.Name,
Jabatan = UpAgent.Jabatan,
DeplID = UpAgent.DeplID,
SKAngkat = UpAgent.SKAngkat,
TMT = UpAgent.TMT,
SKPerb = UpAgent.SKPerb,
TMUbah = UpAgent.TMUbah,
Vision = UpAgent.Vision,
Mission = UpAgent.Mission,
PhotoURL = UpAgent.PhotoURL,
Seleksi = UpAgent.Seleksi,
NilaiPilih = UpAgent.NilaiPilih,
Eviden = UpAgent.Eviden,
Dokumentasi = UpAgent.Dokumentasi
};
await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "Data updated.", UpAgent);
}
});
})
.Map("/getusers", users =>
{
users.Run(async runner =>
{
if (!await runner.RequestValidated(2)) return;
List<SafeUser> SafeAccounts = [];
foreach (User UnsafeUser in UserAccounts.Values.ToList())
{
SafeAccounts.Add(SafeUser.FromUser(UnsafeUser));
}
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Success", SafeAccounts);
});
})
.Map("/passwd", passwd =>
{
passwd.Run(async runner =>
{
if
(
!await runner.RequestValidated(0, "POST", true) //has to pass this before trying to get bodyjsonasync.
//Let it be for now, move the json check login into trygetjson for later projects.
|| await runner.TryGetBodyJsonAsync(["username", "password"], CTS.Token) is not Dictionary<string, JsonElement> InElement
|| !(await runner.RequestValidated(InElement["username"].GetString() ?? string.Empty, "POST") || await runner.RequestValidated(0, "POST"))
) return;
if (InElement["password"].GetString() is not string PlainPass || PlainPass.Equals(string.Empty) || InElement["username"].GetString() is not string Username || Username.Equals(string.Empty))
{
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Username and/or Password can't be empty");
return;
}
string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant();
_ = await RunNonQueryAsync(CS, "UPDATE useraccounts SET [pass] = @hp WHERE [uname] = @un", Act =>
{
Act.Parameters.AddWithValue("@un", Username);
Act.Parameters.AddWithValue("@hp", HashedPass);
}, CTS.Token);
UserAccounts[Username] = UserAccounts[Username] with { Password = HashedPass };
await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "Password Updated.");
});
})
.Map("/adduser", user =>
{
user.Run(async runner =>
{
if (!await runner.RequestValidated(ValidMethod: "POST", CheckJson: true) || await runner.TryGetBodyJsonAsync(["username", "password", "agentid", "level"], CTS.Token) is not Dictionary<string, JsonElement> InElement) return;
if (
InElement["username"].GetString() is not string Username ||
InElement["password"].GetString() is not string PlainPass ||
InElement["agentid"].GetString() is not string AgentID ||
InElement["level"].GetByte() is byte Level && Level == 0 //REMEMBER TO FLIT THIS to prevent superuser creation
)
{
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "String fields should not be empty and level should not be zero or less.");
return;
}
string HashedPass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(PlainPass))).ToLowerInvariant();
await RunNonQueryAsync(CS, "INSERT INTO useraccounts VALUES(@un, @pw, @ai, @lv, 1)", Conf =>
{
Conf.Parameters.AddWithValue("@un", Username);
Conf.Parameters.AddWithValue("@pw", HashedPass);
Conf.Parameters.AddWithValue("@ai", AgentID);
Conf.Parameters.AddWithValue("@lv", Level);
}, CTS.Token);
UserAccounts.TryAdd(Username, new(Username, AgentID, HashedPass, Level, true));
await runner.WriteJsonResponse(StatusCodes.Status201Created, $"New user account created for Agent ID {AgentID}. Check data for created username", Username);
});
})
.Map("/toggleuser", userstate =>
{
userstate.Run(async runner=>
{
if
(
!await runner.RequestValidated(0, "POST", true) //has to pass this before trying to get bodyjsonasync.
//Let it be for now, move the json check login into trygetjson for later projects.
|| await runner.TryGetBodyJsonAsync(["username"], CTS.Token) is not Dictionary<string, JsonElement> InElement
|| InElement["username"].GetString() is not string Username
) return;
if (UserAccounts[Username] is not User FoundUser)
{
await runner.WriteJsonResponse(StatusCodes.Status404NotFound, "Username not found.", Username);
return;
}
await RunNonQueryAsync(CS, "UPDATE useraccounts SET [active] = @ac WHERE [uname]=@un", Conf =>
{
Conf.Parameters.AddWithValue("@un", Username);
Conf.Parameters.AddWithValue("@ac", !FoundUser.Active);
}, CTS.Token);
UserAccounts[Username] = UserAccounts[Username] with { Active = !FoundUser.Active };
await runner.WriteJsonResponse(StatusCodes.Status202Accepted, "User account active state updated. See data for current active state", !FoundUser.Active);
});
})
//=========ACTIVITIES=============
;
}
}
Reference in New Issue View Git Blame Copy Permalink