HTTP endpoints secured #39
This commit is contained in:
@@ -2,6 +2,7 @@ using System;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Configuration;
|
using System.Configuration;
|
||||||
|
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Microsoft.Extensions.Configuration;
|
using Microsoft.Extensions.Configuration;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
@@ -13,7 +14,6 @@ namespace Icarus.Controllers
|
|||||||
{
|
{
|
||||||
[Route("api/album")]
|
[Route("api/album")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
|
|
||||||
public class AlbumController : ControllerBase
|
public class AlbumController : ControllerBase
|
||||||
{
|
{
|
||||||
#region Fields
|
#region Fields
|
||||||
@@ -35,6 +35,7 @@ namespace Icarus.Controllers
|
|||||||
|
|
||||||
#region HTTP Routes
|
#region HTTP Routes
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
|
[Authorize("read:albums")]
|
||||||
public IActionResult Get()
|
public IActionResult Get()
|
||||||
{
|
{
|
||||||
List<Album> albums = new List<Album>();
|
List<Album> albums = new List<Album>();
|
||||||
@@ -56,6 +57,7 @@ namespace Icarus.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
|
[Authorize("read:albums")]
|
||||||
public IActionResult Get(int id)
|
public IActionResult Get(int id)
|
||||||
{
|
{
|
||||||
Album album = new Album
|
Album album = new Album
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
|||||||
using System.Configuration;
|
using System.Configuration;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Microsoft.Extensions.Configuration;
|
using Microsoft.Extensions.Configuration;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
@@ -14,7 +15,6 @@ namespace Icarus.Controllers
|
|||||||
{
|
{
|
||||||
[Route("api/artist")]
|
[Route("api/artist")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
|
|
||||||
public class ArtistController : ControllerBase
|
public class ArtistController : ControllerBase
|
||||||
{
|
{
|
||||||
#region Fields
|
#region Fields
|
||||||
@@ -36,6 +36,7 @@ namespace Icarus.Controllers
|
|||||||
|
|
||||||
#region HTTP Routes
|
#region HTTP Routes
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
|
[Authorize("read:artists")]
|
||||||
public IActionResult Get()
|
public IActionResult Get()
|
||||||
{
|
{
|
||||||
ArtistStoreContext artistStoreContext = HttpContext
|
ArtistStoreContext artistStoreContext = HttpContext
|
||||||
@@ -55,6 +56,7 @@ namespace Icarus.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
|
[Authorize("read:artists")]
|
||||||
public IActionResult Get(int id)
|
public IActionResult Get(int id)
|
||||||
{
|
{
|
||||||
Artist artist = new Artist
|
Artist artist = new Artist
|
||||||
|
|||||||
@@ -18,13 +18,11 @@ namespace Icarus.Controllers
|
|||||||
{
|
{
|
||||||
[Route("api/song")]
|
[Route("api/song")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
// TODO: Secure the HTTP endpoint routes with Auth0 grants. #39
|
|
||||||
public class SongController : ControllerBase
|
public class SongController : ControllerBase
|
||||||
{
|
{
|
||||||
#region Fields
|
#region Fields
|
||||||
private readonly ILogger<SongController> _logger;
|
private readonly ILogger<SongController> _logger;
|
||||||
private IConfiguration _config;
|
private IConfiguration _config;
|
||||||
private MusicStoreContext _context;
|
|
||||||
private SongManager _songMgr;
|
private SongManager _songMgr;
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
@@ -68,6 +66,7 @@ namespace Icarus.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
|
[Authorize("read:song_details")]
|
||||||
public IActionResult Get(int id)
|
public IActionResult Get(int id)
|
||||||
{
|
{
|
||||||
MusicStoreContext context = HttpContext
|
MusicStoreContext context = HttpContext
|
||||||
@@ -88,6 +87,7 @@ namespace Icarus.Controllers
|
|||||||
|
|
||||||
|
|
||||||
[HttpPut("{id}")]
|
[HttpPut("{id}")]
|
||||||
|
[Authorize("read:song_details")]
|
||||||
public IActionResult Put(int id, [FromBody] Song song)
|
public IActionResult Put(int id, [FromBody] Song song)
|
||||||
{
|
{
|
||||||
MusicStoreContext context = HttpContext
|
MusicStoreContext context = HttpContext
|
||||||
|
|||||||
+15
@@ -76,6 +76,21 @@ namespace Icarus
|
|||||||
policy
|
policy
|
||||||
.Requirements
|
.Requirements
|
||||||
.Add(new HasScopeRequirement("read:song_details", domain)));
|
.Add(new HasScopeRequirement("read:song_details", domain)));
|
||||||
|
|
||||||
|
options.AddPolicy("update:songs", policy =>
|
||||||
|
policy
|
||||||
|
.Requirements
|
||||||
|
.Add(new HasScopeRequirement("update:songs", domain)));
|
||||||
|
|
||||||
|
options.AddPolicy("read:artists", policy =>
|
||||||
|
policy
|
||||||
|
.Requirements
|
||||||
|
.Add(new HasScopeRequirement("read:artists", domain)));
|
||||||
|
|
||||||
|
options.AddPolicy("read:albums", policy =>
|
||||||
|
policy
|
||||||
|
.Requirements
|
||||||
|
.Add(new HasScopeRequirement("read:albums", domain)));
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user