Newsbot.Collector.Api/Controllers/CodeProjectController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Services.Jobs;
 
@@ -24,6 +25,7 @@ public class CodeProjectController
     }
 
     [HttpPost("check")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void PullNow()
     {
         BackgroundJob.Enqueue<CodeProjectWatcherJob>(x => x.InitAndExecute(new CodeProjectWatcherJobOptions

Newsbot.Collector.Api/Controllers/RssController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Domain.Models.Config.Sources;
 using Newsbot.Collector.Services.Jobs;
@@ -27,6 +28,7 @@ public class RssController
     }
 
     [HttpPost("check")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void CheckReddit()
     {
         BackgroundJob.Enqueue<RssWatcherJob>(x => x.InitAndExecute(new RssWatcherJobOptions

Newsbot.Collector.Api/Controllers/SourcesController.cs

@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Database.Repositories;
 using Newsbot.Collector.Domain.Consts;
 using Newsbot.Collector.Domain.Dto;
@@ -199,12 +200,14 @@ public class SourcesController : ControllerBase
         return SourceDto.Convert(item);
     }
 
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     [HttpPost("{id}/disable")]
     public void Disable(Guid id)
     {
         _sources.Disable(id);
     }
 
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     [HttpPost("{id}/enable")]
     public void Enable(Guid id)
     {
@@ -212,6 +215,7 @@ public class SourcesController : ControllerBase
     }
 
     [HttpDelete("{id}")]
+    [Authorize(Roles = AuthorizationRoles.Administrators)]
     public void Delete(Guid id, bool purgeOrphanedRecords)
     {
         _sources.Delete(id);

Newsbot.Collector.Api/Controllers/YoutubeController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Newsbot.Collector.Api.Domain;
 using Newsbot.Collector.Domain.Models.Config;
 using Newsbot.Collector.Domain.Models.Config.Sources;
 using Newsbot.Collector.Services.Jobs;
@@ -27,6 +28,7 @@ public class YoutubeController
     }
     
     [HttpPost("check")]
+    [Authorize(Policy = AuthorizationRoles.Administrators)]
     public void CheckYoutube()
     {
         BackgroundJob.Enqueue<YoutubeWatcherJob>(x => x.InitAndExecute(new YoutubeWatcherJobOptions

Newsbot.Collector.Api/Controllers/v1/UserController.cs

@@ -1,16 +1,19 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Newsbot.Collector.Api.Authentication;
 using Newsbot.Collector.Domain.Entities;
 using Newsbot.Collector.Domain.Interfaces;
 
-namespace Newsbot.Collector.Api.Controllers;
+namespace Newsbot.Collector.Api.Controllers.v1;
 
+[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
 [ApiController]
 [Route("api/v1/user")]
 public class UserController : Controller
 {
-    private ILogger<UserController> _logger;
-    private IUserSourceSubscription _subscription;
+    private readonly ILogger<UserController> _logger;
+    private readonly IUserSourceSubscription _subscription;
 
     public UserController(ILogger<UserController> logger, IUserSourceSubscription subscription)
     {