HTTP endpoints secured #39

This commit is contained in:
amazing-username
2019-05-11 22:22:53 -04:00
parent 9bfb43e46a
commit dcc6ce6c83
4 changed files with 23 additions and 4 deletions
+3 -1
View File
@@ -2,6 +2,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Configuration; using System.Configuration;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@@ -13,7 +14,6 @@ namespace Icarus.Controllers
{ {
[Route("api/album")] [Route("api/album")]
[ApiController] [ApiController]
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
public class AlbumController : ControllerBase public class AlbumController : ControllerBase
{ {
#region Fields #region Fields
@@ -35,6 +35,7 @@ namespace Icarus.Controllers
#region HTTP Routes #region HTTP Routes
[HttpGet] [HttpGet]
[Authorize("read:albums")]
public IActionResult Get() public IActionResult Get()
{ {
List<Album> albums = new List<Album>(); List<Album> albums = new List<Album>();
@@ -56,6 +57,7 @@ namespace Icarus.Controllers
} }
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize("read:albums")]
public IActionResult Get(int id) public IActionResult Get(int id)
{ {
Album album = new Album Album album = new Album
+3 -1
View File
@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.Configuration; using System.Configuration;
using System.Linq; using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@@ -14,7 +15,6 @@ namespace Icarus.Controllers
{ {
[Route("api/artist")] [Route("api/artist")]
[ApiController] [ApiController]
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
public class ArtistController : ControllerBase public class ArtistController : ControllerBase
{ {
#region Fields #region Fields
@@ -36,6 +36,7 @@ namespace Icarus.Controllers
#region HTTP Routes #region HTTP Routes
[HttpGet] [HttpGet]
[Authorize("read:artists")]
public IActionResult Get() public IActionResult Get()
{ {
ArtistStoreContext artistStoreContext = HttpContext ArtistStoreContext artistStoreContext = HttpContext
@@ -55,6 +56,7 @@ namespace Icarus.Controllers
} }
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize("read:artists")]
public IActionResult Get(int id) public IActionResult Get(int id)
{ {
Artist artist = new Artist Artist artist = new Artist
+2 -2
View File
@@ -18,13 +18,11 @@ namespace Icarus.Controllers
{ {
[Route("api/song")] [Route("api/song")]
[ApiController] [ApiController]
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
public class SongController : ControllerBase public class SongController : ControllerBase
{ {
#region Fields #region Fields
private readonly ILogger<SongController> _logger; private readonly ILogger<SongController> _logger;
private IConfiguration _config; private IConfiguration _config;
private MusicStoreContext _context;
private SongManager _songMgr; private SongManager _songMgr;
#endregion #endregion
@@ -68,6 +66,7 @@ namespace Icarus.Controllers
} }
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize("read:song_details")]
public IActionResult Get(int id) public IActionResult Get(int id)
{ {
MusicStoreContext context = HttpContext MusicStoreContext context = HttpContext
@@ -88,6 +87,7 @@ namespace Icarus.Controllers
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize("read:song_details")]
public IActionResult Put(int id, [FromBody] Song song) public IActionResult Put(int id, [FromBody] Song song)
{ {
MusicStoreContext context = HttpContext MusicStoreContext context = HttpContext
+15
View File
@@ -76,6 +76,21 @@ namespace Icarus
policy policy
.Requirements .Requirements
.Add(new HasScopeRequirement("read:song_details", domain))); .Add(new HasScopeRequirement("read:song_details", domain)));
options.AddPolicy("update:songs", policy =>
policy
.Requirements
.Add(new HasScopeRequirement("update:songs", domain)));
options.AddPolicy("read:artists", policy =>
policy
.Requirements
.Add(new HasScopeRequirement("read:artists", domain)));
options.AddPolicy("read:albums", policy =>
policy
.Requirements
.Add(new HasScopeRequirement("read:albums", domain)));
}); });