Compare commits

...

6 Commits

13 changed files with 153 additions and 19 deletions

View File

@ -1,11 +1,10 @@
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Api.Domain.Requests;
using Newsbot.Collector.Api.Domain.Response;
using Newsbot.Collector.Api.Domain.Results;
using Newsbot.Collector.Api.Services;
using Newsbot.Collector.Domain.Dto;
using Newsbot.Collector.Domain.Entities;
namespace Newsbot.Collector.Api.Controllers;
@ -71,6 +70,21 @@ public class AccountController : ControllerBase
return CheckIfSuccessful(response);
}
[HttpPost("addRole")]
[Authorize(Roles = AuthorizationRoles.Administrators)]
public ActionResult AddRole([FromBody] AddRoleRequest request)
{
try
{
_identityService.AddRole(request.RoleName ?? "", request.UserId ?? "");
return new OkResult();
}
catch (Exception ex)
{
return new BadRequestResult();
}
}
private ActionResult CheckIfSuccessful(AuthenticationResult result)
{
if (!result.IsSuccessful)

View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Domain.Models.Config;
using Newsbot.Collector.Services.Jobs;
@ -24,6 +25,7 @@ public class CodeProjectController
}
[HttpPost("check")]
[Authorize(Roles = AuthorizationRoles.Administrators)]
public void PullNow()
{
BackgroundJob.Enqueue<CodeProjectWatcherJob>(x => x.InitAndExecute(new CodeProjectWatcherJobOptions

View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Domain.Models.Config;
using Newsbot.Collector.Domain.Models.Config.Sources;
using Newsbot.Collector.Services.Jobs;
@ -27,6 +28,7 @@ public class RssController
}
[HttpPost("check")]
[Authorize(Roles = AuthorizationRoles.Administrators)]
public void CheckReddit()
{
BackgroundJob.Enqueue<RssWatcherJob>(x => x.InitAndExecute(new RssWatcherJobOptions

View File

@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Database.Repositories;
using Newsbot.Collector.Domain.Consts;
using Newsbot.Collector.Domain.Dto;
@ -199,12 +200,14 @@ public class SourcesController : ControllerBase
return SourceDto.Convert(item);
}
[Authorize(Roles = AuthorizationRoles.Administrators)]
[HttpPost("{id}/disable")]
public void Disable(Guid id)
{
_sources.Disable(id);
}
[Authorize(Roles = AuthorizationRoles.Administrators)]
[HttpPost("{id}/enable")]
public void Enable(Guid id)
{
@ -212,6 +215,7 @@ public class SourcesController : ControllerBase
}
[HttpDelete("{id}")]
[Authorize(Roles = AuthorizationRoles.Administrators)]
public void Delete(Guid id, bool purgeOrphanedRecords)
{
_sources.Delete(id);

View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Domain.Models.Config;
using Newsbot.Collector.Domain.Models.Config.Sources;
using Newsbot.Collector.Services.Jobs;
@ -27,6 +28,7 @@ public class YoutubeController
}
[HttpPost("check")]
[Authorize(Policy = AuthorizationRoles.Administrators)]
public void CheckYoutube()
{
BackgroundJob.Enqueue<YoutubeWatcherJob>(x => x.InitAndExecute(new YoutubeWatcherJobOptions

View File

@ -1,16 +1,19 @@
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Newsbot.Collector.Api.Authentication;
using Newsbot.Collector.Domain.Entities;
using Newsbot.Collector.Domain.Interfaces;
namespace Newsbot.Collector.Api.Controllers;
namespace Newsbot.Collector.Api.Controllers.v1;
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[ApiController]
[Route("api/v1/user")]
public class UserController : Controller
{
private ILogger<UserController> _logger;
private IUserSourceSubscription _subscription;
private readonly ILogger<UserController> _logger;
private readonly IUserSourceSubscription _subscription;
public UserController(ILogger<UserController> logger, IUserSourceSubscription subscription)
{

View File

@ -0,0 +1,6 @@
namespace Newsbot.Collector.Api.Domain;
public class AuthorizationRoles
{
public const string Administrators = "Administrators";
}

View File

@ -0,0 +1,7 @@
namespace Newsbot.Collector.Api.Domain.Requests;
public class AddRoleRequest
{
public string? RoleName { get; set; }
public string? UserId { get; set; }
}

View File

@ -0,0 +1,32 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Newsbot.Collector.Domain.Consts;
namespace Newsbot.Collector.Api.Filters;
[AttributeUsage(AttributeTargets.Class| AttributeTargets.Method)]
public class ApiKeyAuthAttribute : Attribute, IAsyncActionFilter
{
private const string ApiKeyHeaderName = "X-API-KEY";
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (!context.HttpContext.Request.Headers.TryGetValue(ApiKeyHeaderName, out var foundKey))
{
context.Result = new BadRequestResult();
return;
}
var config = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
var apiKeys = config.GetValue<string[]>(ConfigConst.ApiKeys);
foreach (var key in apiKeys ?? Array.Empty<string?>())
{
if (key != foundKey) continue;
await next();
return;
}
context.Result = new BadRequestResult();
}
}

View File

@ -10,6 +10,7 @@ using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using Newsbot.Collector.Api;
using Newsbot.Collector.Api.Authentication;
using Newsbot.Collector.Api.Domain;
using Newsbot.Collector.Api.Services;
using Newsbot.Collector.Database;
using Newsbot.Collector.Database.Repositories;
@ -39,10 +40,12 @@ Log.Information("Starting up");
var dbconn = config.GetConnectionString("Database");
builder.Services.AddDbContext<DatabaseContext>(o => o.UseNpgsql(dbconn ?? ""));
// Configure how Identity will be managed
builder.Services.AddIdentity<IdentityUser, IdentityRole>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<DatabaseContext>();
// Allow the controllers to access all the table repositories based on the interface
builder.Services.AddScoped<IArticlesRepository, ArticlesTable>();
builder.Services.AddScoped<IDiscordQueueRepository, DiscordQueueTable>();
builder.Services.AddScoped<IDiscordWebHooksRepository, DiscordWebhooksTable>();
@ -60,7 +63,7 @@ builder.Services.AddHangfire(f => f.UseMemoryStorage());
builder.Services.AddHangfireServer();
GlobalConfiguration.Configuration.UseSerilogLogProvider();
// Add Health Checks
// Build Health Checks
builder.Services.AddHealthChecks()
.AddNpgSql(config.GetValue<string>(ConfigConnectionStringConst.Database) ?? "");
@ -75,13 +78,13 @@ builder.Services.Configure<ConnectionStrings>(config.GetSection("ConnectionStrin
builder.Services.Configure<ConfigSectionConnectionStrings>(config.GetSection(ConfigSectionsConst.ConnectionStrings));
builder.Services.Configure<ConfigSectionRssModel>(config.GetSection(ConfigSectionsConst.Rss));
builder.Services.Configure<ConfigSectionYoutubeModel>(config.GetSection(ConfigSectionsConst.Youtube));
//builder.Services.Configure<
// Configure JWT for auth
// Configure JWT for auth and load it into DI so we can use it in the controllers
var jwtSettings = new JwtSettings();
config.Bind(nameof(jwtSettings), jwtSettings);
builder.Services.AddSingleton(jwtSettings);
// Configure how the Token Validation will be handled
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
@ -93,6 +96,7 @@ var tokenValidationParameters = new TokenValidationParameters
};
builder.Services.AddSingleton(tokenValidationParameters);
// Build the Authentication that will be used
builder.Services.AddAuthentication(x =>
{
x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
@ -104,9 +108,13 @@ builder.Services.AddAuthentication(x =>
x.TokenValidationParameters = tokenValidationParameters;
});
// Build the Authorization Policy that the users will conform to.
builder.Services.AddAuthorization(options =>
options.AddPolicy(Authorization.AdministratorPolicy, b => b.RequireClaim( Authorization.AdministratorClaim, "true") ));
// Configure swagger authentication
builder.Services.AddSwaggerGen(cfg =>
{
cfg.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
{
Description = "The API key to access the API",
@ -159,7 +167,9 @@ builder.Services.AddSwaggerGen(cfg =>
var app = builder.Build();
// Configure the HTTP request pipeline.
if (config.GetValue<bool>("EnableSwagger"))
// Enable Swagger if requested based on config
if (config.GetValue<bool>(ConfigConst.EnableSwagger))
{
app.UseSwagger();
app.UseSwaggerUI();
@ -167,14 +177,17 @@ if (config.GetValue<bool>("EnableSwagger"))
app.UseHttpsRedirection();
// Enable Hangfire background jobs
app.UseHangfireDashboard();
BackgroundJobs.SetupRecurringJobs(config);
//app.UseAuthorization();
app.UseAuthorization();
app.UseAuthentication();
// Add middleware
//app.UseMiddleware<ApiKeyAuthAuthentication>();
// Add HealthChecks
app.MapHealthChecks("/health", new HealthCheckOptions
{
Predicate = _ => true,
@ -182,6 +195,34 @@ app.MapHealthChecks("/health", new HealthCheckOptions
});
app.MapControllers();
// Run Database Migrations if requested
using var serviceScope = app.Services.CreateScope();
if (config.GetValue<bool>(ConfigConst.RunDatabaseMigrationsOnStartup))
{
var dbContext = serviceScope.ServiceProvider.GetRequiredService<DatabaseContext>();
dbContext.Database.Migrate();
}
else
{
Log.Warning("Database Migrations have been skipped. Make sure you run them on your own");
}
// Inject the roles
var roleManager = serviceScope.ServiceProvider.GetRequiredService<RoleManager<IdentityRole>>();
if (!await roleManager.RoleExistsAsync("Administrators"))
{
var adminRole = new IdentityRole("Administrators");
await roleManager.CreateAsync(adminRole);
}
if (!await roleManager.RoleExistsAsync("Users"))
{
var userRole = new IdentityRole("Users");
await roleManager.CreateAsync(userRole);
}
// Start the application
app.Run();

View File

@ -16,6 +16,7 @@ public interface IIdentityService
AuthenticationResult Register(string email, string password);
AuthenticationResult Login(string email, string password);
AuthenticationResult RefreshToken(string token, string refreshToken);
void AddRole(string roleName, string userId);
}
public class IdentityService : IIdentityService
@ -178,6 +179,19 @@ public class IdentityService : IIdentityService
return GenerateJwtToken(user.Result);
}
public void AddRole(string roleName, string userId)
{
var user = _userManager.FindByIdAsync(userId);
user.Wait();
if (user.Result is null)
{
throw new Exception("User was not found");
}
_userManager.AddToRoleAsync(user.Result, roleName);
}
private ClaimsPrincipal? CheckTokenSigner(string token)
{
var tokenHandler = new JwtSecurityTokenHandler();

View File

@ -2,6 +2,9 @@ namespace Newsbot.Collector.Domain.Consts;
public class ConfigConst
{
public const string RunDatabaseMigrationsOnStartup = "RunDatabaseMigrationsOnStartup";
public const string ApiKeys = "ApiKeys";
public const string LoggingDefault = "Logging:LogLevel:Default";
public const string SectionConnectionStrings = "ConnectionStrings";

View File

@ -28,11 +28,13 @@ services:
api:
image: newsbot.collector:latest
environment:
# Used for database migrations
GOOSE_DRIVER: "postgres"
GOOSE_DBSTRING: "host=localhost user=${PostgresUser} password=${PostgresPassword} dbname=${PostgresDatabaseName} sslmode=disable"
# This will run the migrations for you on API Startup.
"RunDatabaseMigrationsOnStartup": true
SERVER_ADDRESS: "localhost"
# If this is false then /swagger/index.html will not be active on the API
EnableSwagger: true
JwtSettings__Secret: "ThisNeedsToBeSecretAnd32CharactersLong"
Logging__LogLevel__Default: "Information"
Logging__LogLevel__Microsoft.AspNetCore: "Warning"
@ -56,6 +58,8 @@ services:
# If you want to collect news on Final Fantasy XIV, set this to true
FFXIV__IsEnabled: false
CodeProjects__IsEnabled: true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
interval: "1m"