docker-compose.example.yaml was updated

Newsbot.Collector.Api/Controllers/AccountController.cs

@@ -1,11 +1,10 @@
-using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Api.Domain.Requests;
 using Newsbot.Collector.Api.Domain.Response;
 using Newsbot.Collector.Api.Domain.Results;
 using Newsbot.Collector.Api.Services;
-using Newsbot.Collector.Domain.Dto;
-using Newsbot.Collector.Domain.Entities;
 
 namespace Newsbot.Collector.Api.Controllers;
 
@@ -71,6 +70,21 @@ public class AccountController : ControllerBase
         return CheckIfSuccessful(response);
     }
 
+    [HttpPost("addRole")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
+    public ActionResult AddRole([FromBody] AddRoleRequest request)
+    {
+        try
+        {
+            _identityService.AddRole(request.RoleName ?? "", request.UserId ?? "");
+            return new OkResult();
+        }
+        catch (Exception ex)
+        {
+            return new BadRequestResult();
+        }
+    }
+
     private ActionResult CheckIfSuccessful(AuthenticationResult result)
     {
         if (!result.IsSuccessful)

Newsbot.Collector.Api/Controllers/CodeProjectController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Services.Jobs;
 
@@ -24,6 +25,7 @@ public class CodeProjectController
     }
 
     [HttpPost("check")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void PullNow()
     {
         BackgroundJob.Enqueue<CodeProjectWatcherJob>(x => x.InitAndExecute(new CodeProjectWatcherJobOptions

Newsbot.Collector.Api/Controllers/RssController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Domain.Models.Config.Sources;
 using Newsbot.Collector.Services.Jobs;
@@ -27,6 +28,7 @@ public class RssController
     }
 
     [HttpPost("check")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void CheckReddit()
     {
         BackgroundJob.Enqueue<RssWatcherJob>(x => x.InitAndExecute(new RssWatcherJobOptions

Newsbot.Collector.Api/Controllers/SourcesController.cs

@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Database.Repositories;
 using Newsbot.Collector.Domain.Consts;
 using Newsbot.Collector.Domain.Dto;
@@ -199,12 +200,14 @@ public class SourcesController : ControllerBase
         return SourceDto.Convert(item);
     }
 
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     [HttpPost("{id}/disable")]
     public void Disable(Guid id)
     {
         _sources.Disable(id);
     }
 
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     [HttpPost("{id}/enable")]
     public void Enable(Guid id)
     {
@@ -212,6 +215,7 @@ public class SourcesController : ControllerBase
     }
 
     [HttpDelete("{id}")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void Delete(Guid id, bool purgeOrphanedRecords)
     {
         _sources.Delete(id);

Newsbot.Collector.Api/Controllers/YoutubeController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Domain.Models.Config.Sources;
 using Newsbot.Collector.Services.Jobs;
@@ -27,6 +28,7 @@ public class YoutubeController
     }
     
     [HttpPost("check")]
+    [Authorize(Policy = AuthorizationRoles.Administrators)]
     public void CheckYoutube()
     {
         BackgroundJob.Enqueue<YoutubeWatcherJob>(x => x.InitAndExecute(new YoutubeWatcherJobOptions

Newsbot.Collector.Api/Controllers/v1/UserController.cs

@@ -1,16 +1,19 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Newsbot.Collector.Api.Authentication;
 using Newsbot.Collector.Domain.Entities;
 using Newsbot.Collector.Domain.Interfaces;
 
-namespace Newsbot.Collector.Api.Controllers;
+namespace Newsbot.Collector.Api.Controllers.v1;
 
+[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
 [ApiController]
 [Route("api/v1/user")]
 public class UserController : Controller
 {
-    private ILogger<UserController> _logger;
+    private readonly ILogger<UserController> _logger;
-    private IUserSourceSubscription _subscription;
+    private readonly IUserSourceSubscription _subscription;
 
     public UserController(ILogger<UserController> logger, IUserSourceSubscription subscription)
     {

Newsbot.Collector.Api/Domain/AuthorizationRoles.cs

@@ -0,0 +1,6 @@
+namespace Newsbot.Collector.Api.Domain;
+
+public class AuthorizationRoles
+{
+    public const string Administrators = "Administrators";
+}

Newsbot.Collector.Api/Domain/Requests/NewRoleRequest.cs

@@ -0,0 +1,7 @@
+namespace Newsbot.Collector.Api.Domain.Requests;
+
+public class AddRoleRequest
+{
+    public string? RoleName { get; set; }
+    public string? UserId { get; set; }
+}

Newsbot.Collector.Api/Filters/ApiKeyAuthAttribute.cs

@@ -0,0 +1,32 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Newsbot.Collector.Domain.Consts;
+
+namespace Newsbot.Collector.Api.Filters;
+
+[AttributeUsage(AttributeTargets.Class| AttributeTargets.Method)]
+public class ApiKeyAuthAttribute : Attribute, IAsyncActionFilter
+{
+    private const string ApiKeyHeaderName = "X-API-KEY";
+    
+    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+    {
+        if (!context.HttpContext.Request.Headers.TryGetValue(ApiKeyHeaderName, out var foundKey))
+        {
+            context.Result = new BadRequestResult();
+            return;
+        }
+
+        var config = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
+        var apiKeys = config.GetValue<string[]>(ConfigConst.ApiKeys);
+
+        foreach (var key in apiKeys ?? Array.Empty<string?>())
+        {
+            if (key != foundKey) continue;
+            await next();
+            return;
+        }
+
+        context.Result = new BadRequestResult();
+    }
+}

Newsbot.Collector.Api/Program.cs

@@ -10,6 +10,7 @@ using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Newsbot.Collector.Api;
 using Newsbot.Collector.Api.Authentication;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Api.Services;
 using Newsbot.Collector.Database;
 using Newsbot.Collector.Database.Repositories;
@@ -39,10 +40,12 @@ Log.Information("Starting up");
 var dbconn = config.GetConnectionString("Database");
 builder.Services.AddDbContext<DatabaseContext>(o => o.UseNpgsql(dbconn ?? ""));
 
+// Configure how Identity will be managed
 builder.Services.AddIdentity<IdentityUser, IdentityRole>()
     .AddRoles<IdentityRole>()
     .AddEntityFrameworkStores<DatabaseContext>();
 
+// Allow the controllers to access all the table repositories based on the interface
 builder.Services.AddScoped<IArticlesRepository, ArticlesTable>();
 builder.Services.AddScoped<IDiscordQueueRepository, DiscordQueueTable>();
 builder.Services.AddScoped<IDiscordWebHooksRepository, DiscordWebhooksTable>();
@@ -60,7 +63,7 @@ builder.Services.AddHangfire(f => f.UseMemoryStorage());
 builder.Services.AddHangfireServer();
 GlobalConfiguration.Configuration.UseSerilogLogProvider();
 
-// Add Health Checks
+// Build Health Checks
 builder.Services.AddHealthChecks()
     .AddNpgSql(config.GetValue<string>(ConfigConnectionStringConst.Database) ?? "");
 
@@ -75,13 +78,13 @@ builder.Services.Configure<ConnectionStrings>(config.GetSection("ConnectionStrin
 builder.Services.Configure<ConfigSectionConnectionStrings>(config.GetSection(ConfigSectionsConst.ConnectionStrings));
 builder.Services.Configure<ConfigSectionRssModel>(config.GetSection(ConfigSectionsConst.Rss));
 builder.Services.Configure<ConfigSectionYoutubeModel>(config.GetSection(ConfigSectionsConst.Youtube));
-//builder.Services.Configure<
 
-// Configure JWT for auth
+// Configure JWT for auth and load it into DI so we can use it in the controllers
 var jwtSettings = new JwtSettings();
 config.Bind(nameof(jwtSettings), jwtSettings);
 builder.Services.AddSingleton(jwtSettings);
 
+// Configure how the Token Validation will be handled
 var tokenValidationParameters = new TokenValidationParameters
 {
     ValidateIssuerSigningKey = true,
@@ -93,6 +96,7 @@ var tokenValidationParameters = new TokenValidationParameters
 };
 builder.Services.AddSingleton(tokenValidationParameters);    
 
+// Build the Authentication that will be used
 builder.Services.AddAuthentication(x =>
 {
     x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -104,9 +108,13 @@ builder.Services.AddAuthentication(x =>
     x.TokenValidationParameters = tokenValidationParameters;
 });
 
+// Build the Authorization Policy that the users will conform to.
+builder.Services.AddAuthorization(options =>
+    options.AddPolicy(Authorization.AdministratorPolicy, b => b.RequireClaim( Authorization.AdministratorClaim, "true") ));
+
+// Configure swagger authentication 
 builder.Services.AddSwaggerGen(cfg =>
 {
-    
     cfg.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
     {
         Description = "The API key to access the API",
@@ -159,7 +167,9 @@ builder.Services.AddSwaggerGen(cfg =>
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
-if (config.GetValue<bool>("EnableSwagger"))
+
+// Enable Swagger if requested based on config
+if (config.GetValue<bool>(ConfigConst.EnableSwagger))
 {
     app.UseSwagger();
     app.UseSwaggerUI();
@@ -167,14 +177,17 @@ if (config.GetValue<bool>("EnableSwagger"))
 
 app.UseHttpsRedirection();
 
+// Enable Hangfire background jobs
 app.UseHangfireDashboard();
 BackgroundJobs.SetupRecurringJobs(config);
 
-//app.UseAuthorization();
+app.UseAuthorization();
 app.UseAuthentication();
 
+// Add middleware
 //app.UseMiddleware<ApiKeyAuthAuthentication>();
 
+// Add HealthChecks
 app.MapHealthChecks("/health", new HealthCheckOptions
 {
     Predicate = _ => true,
@@ -182,6 +195,34 @@ app.MapHealthChecks("/health", new HealthCheckOptions
 });
 app.MapControllers();
 
+// Run Database Migrations if requested
+using var serviceScope = app.Services.CreateScope();
+if (config.GetValue<bool>(ConfigConst.RunDatabaseMigrationsOnStartup))
+{
+    var dbContext = serviceScope.ServiceProvider.GetRequiredService<DatabaseContext>();
+    dbContext.Database.Migrate();
+    
+}
+else
+{
+    Log.Warning("Database Migrations have been skipped.  Make sure you run them on your own");
+}
+
+// Inject the roles
+var roleManager = serviceScope.ServiceProvider.GetRequiredService<RoleManager<IdentityRole>>();
+if (!await roleManager.RoleExistsAsync("Administrators"))
+{
+    var adminRole = new IdentityRole("Administrators");
+    await roleManager.CreateAsync(adminRole);
+}
+
+if (!await roleManager.RoleExistsAsync("Users"))
+{
+    var userRole = new IdentityRole("Users");
+    await roleManager.CreateAsync(userRole);
+}
+
+// Start the application
 app.Run();
 
 

Newsbot.Collector.Api/Services/IdentityService.cs

@@ -16,6 +16,7 @@ public interface IIdentityService
     AuthenticationResult Register(string email, string password);
     AuthenticationResult Login(string email, string password);
     AuthenticationResult RefreshToken(string token, string refreshToken);
+    void AddRole(string roleName, string userId);
 }
 
 public class IdentityService : IIdentityService
@@ -178,6 +179,19 @@ public class IdentityService : IIdentityService
         return GenerateJwtToken(user.Result);
     }
 
+    public void AddRole(string roleName, string userId)
+    {
+        var user = _userManager.FindByIdAsync(userId);
+        user.Wait();
+
+        if (user.Result is null)
+        {
+            throw new Exception("User was not found");
+        }
+
+        _userManager.AddToRoleAsync(user.Result, roleName);
+    }
+    
     private ClaimsPrincipal? CheckTokenSigner(string token)
     {
         var tokenHandler = new JwtSecurityTokenHandler();

Newsbot.Collector.Domain/Consts/ConfigConst.cs

@@ -2,6 +2,9 @@ namespace Newsbot.Collector.Domain.Consts;
 
 public class ConfigConst
 {
+    public const string RunDatabaseMigrationsOnStartup = "RunDatabaseMigrationsOnStartup";
+    public const string ApiKeys = "ApiKeys";
+    
     public const string LoggingDefault = "Logging:LogLevel:Default";
 
     public const string SectionConnectionStrings = "ConnectionStrings";

docker-compose.example.yaml

@@ -28,11 +28,13 @@ services:
   api:
     image: newsbot.collector:latest
     environment:
-      # Used for database migrations
+      # This will run the migrations for you on API Startup.
-      GOOSE_DRIVER: "postgres"
+      "RunDatabaseMigrationsOnStartup": true
-      GOOSE_DBSTRING: "host=localhost user=${PostgresUser} password=${PostgresPassword} dbname=${PostgresDatabaseName} sslmode=disable"
       
-      SERVER_ADDRESS: "localhost"
+      # If this is false then /swagger/index.html will not be active on the API
+      EnableSwagger: true
+      
+      JwtSettings__Secret: "ThisNeedsToBeSecretAnd32CharactersLong"
       
       Logging__LogLevel__Default: "Information"
       Logging__LogLevel__Microsoft.AspNetCore: "Warning"
@@ -56,6 +58,8 @@ services:
 
       # If you want to collect news on Final Fantasy XIV, set this to true
       FFXIV__IsEnabled: false
+      
+      CodeProjects__IsEnabled: true
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
       interval: "1m"