From dcc6ce6c839ff0c0b3b63abc008c704438273966 Mon Sep 17 00:00:00 2001 From: amazing-username Date: Sat, 11 May 2019 22:22:53 -0400 Subject: [PATCH] HTTP endpoints secured #39 --- Controllers/AlbumController.cs | 4 +++- Controllers/ArtistController.cs | 4 +++- Controllers/SongController.cs | 4 ++-- Startup.cs | 15 +++++++++++++++ 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/Controllers/AlbumController.cs b/Controllers/AlbumController.cs index bf66ce7..5e57c19 100644 --- a/Controllers/AlbumController.cs +++ b/Controllers/AlbumController.cs @@ -2,6 +2,7 @@ using System; using System.Collections.Generic; using System.Configuration; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; @@ -13,7 +14,6 @@ namespace Icarus.Controllers { [Route("api/album")] [ApiController] - // TODO: Secure the HTTP endpoint routes with Auth0 grants. #39 public class AlbumController : ControllerBase { #region Fields @@ -35,6 +35,7 @@ namespace Icarus.Controllers #region HTTP Routes [HttpGet] + [Authorize("read:albums")] public IActionResult Get() { List albums = new List(); @@ -56,6 +57,7 @@ namespace Icarus.Controllers } [HttpGet("{id}")] + [Authorize("read:albums")] public IActionResult Get(int id) { Album album = new Album diff --git a/Controllers/ArtistController.cs b/Controllers/ArtistController.cs index b0e18e3..b3fd16e 100644 --- a/Controllers/ArtistController.cs +++ b/Controllers/ArtistController.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.Configuration; using System.Linq; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; @@ -14,7 +15,6 @@ namespace Icarus.Controllers { [Route("api/artist")] [ApiController] - // TODO: Secure the HTTP endpoint routes with Auth0 grants. #39 public class ArtistController : ControllerBase { #region Fields @@ -36,6 +36,7 @@ namespace Icarus.Controllers #region HTTP Routes [HttpGet] + [Authorize("read:artists")] public IActionResult Get() { ArtistStoreContext artistStoreContext = HttpContext @@ -55,6 +56,7 @@ namespace Icarus.Controllers } [HttpGet("{id}")] + [Authorize("read:artists")] public IActionResult Get(int id) { Artist artist = new Artist diff --git a/Controllers/SongController.cs b/Controllers/SongController.cs index 61f2515..6d2b58a 100644 --- a/Controllers/SongController.cs +++ b/Controllers/SongController.cs @@ -18,13 +18,11 @@ namespace Icarus.Controllers { [Route("api/song")] [ApiController] - // TODO: Secure the HTTP endpoint routes with Auth0 grants. #39 public class SongController : ControllerBase { #region Fields private readonly ILogger _logger; private IConfiguration _config; - private MusicStoreContext _context; private SongManager _songMgr; #endregion @@ -68,6 +66,7 @@ namespace Icarus.Controllers } [HttpGet("{id}")] + [Authorize("read:song_details")] public IActionResult Get(int id) { MusicStoreContext context = HttpContext @@ -88,6 +87,7 @@ namespace Icarus.Controllers [HttpPut("{id}")] + [Authorize("read:song_details")] public IActionResult Put(int id, [FromBody] Song song) { MusicStoreContext context = HttpContext diff --git a/Startup.cs b/Startup.cs index 10c82cb..c6123a0 100644 --- a/Startup.cs +++ b/Startup.cs @@ -76,6 +76,21 @@ namespace Icarus policy .Requirements .Add(new HasScopeRequirement("read:song_details", domain))); + + options.AddPolicy("update:songs", policy => + policy + .Requirements + .Add(new HasScopeRequirement("update:songs", domain))); + + options.AddPolicy("read:artists", policy => + policy + .Requirements + .Add(new HasScopeRequirement("read:artists", domain))); + + options.AddPolicy("read:albums", policy => + policy + .Requirements + .Add(new HasScopeRequirement("read:albums", domain))); });