tsk-76: Added model and context for AccessLevel #108
@@ -138,24 +138,30 @@ public class TokenManager : BaseManager
|
||||
return tokenUserId.Value == song.UserId;
|
||||
}
|
||||
|
||||
public int? RetrieveUserIdFromToken(string token)
|
||||
public string? GetBearerToken(HttpContext context)
|
||||
{
|
||||
if (this.ContainsBearer(token))
|
||||
string authorizationHeader = context.Request.Headers["Authorization"]!;
|
||||
|
||||
if (!authorizationHeader.IsNullOrEmpty() && authorizationHeader.StartsWith("Bearer", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
token = this.StripBearer(token);
|
||||
string token = authorizationHeader.Substring("Bearer ".Length).Trim();
|
||||
return token;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public int? RetrieveUserIdFromToken(string token)
|
||||
{
|
||||
var parsedToken = this.ContainsBearer(token) ? this.StripBearer(token) : token;
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var readTok = tokenHandler.ReadJwtToken(token);
|
||||
// var userId = -1;
|
||||
var readTok = tokenHandler.ReadJwtToken(parsedToken);
|
||||
|
||||
foreach (var item in readTok.Payload)
|
||||
{
|
||||
if (item.Key == "user_id")
|
||||
{
|
||||
// userId =
|
||||
return Convert.ToInt32(item.Value);
|
||||
// break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -38,11 +38,23 @@ public class SongDataController : BaseController
|
||||
#endregion
|
||||
|
||||
|
||||
|
||||
[HttpGet("download/{id}")]
|
||||
public IActionResult Download(int id, [FromQuery] bool? randomizeFilename)
|
||||
{
|
||||
var songContext = new SongContext(_connectionString!);
|
||||
var tokenManager = new TokenManager(this._config!);
|
||||
var songContext = new SongContext(this._connectionString!);
|
||||
var accLvlContext = new AccessLevelContext(this._connectionString!);
|
||||
var songMetaData = songContext.RetrieveRecord(new Song { Id = id });
|
||||
var accessLevel = accLvlContext.GetAccessLevel(songMetaData.Id);
|
||||
var token = tokenManager.GetBearerToken(HttpContext);
|
||||
if (token == null || accessLevel == null) {
|
||||
return BadRequest();
|
||||
}
|
||||
|
||||
if (!tokenManager.CanAccessSong(token, songMetaData, accessLevel)) {
|
||||
return BadRequest();
|
||||
}
|
||||
|
||||
var song = _songMgr!.RetrieveSong(songMetaData).Result;
|
||||
string filename;
|
||||
@@ -66,6 +78,7 @@ public class SongDataController : BaseController
|
||||
return File(song.Data!, "application/x-msdownload", filename);
|
||||
}
|
||||
|
||||
// NOTE: No longer being used
|
||||
// Assumes that the song already has metadata such as
|
||||
// Title
|
||||
// Artist
|
||||
|
||||
@@ -4,21 +4,32 @@ namespace Icarus.Database.Contexts;
|
||||
|
||||
public class AccessLevelContext : DbContext
|
||||
{
|
||||
public DbSet<Icarus.Models.AccessLevel>? AccessLevels { get; set; }
|
||||
#region Properties
|
||||
public DbSet<Models.AccessLevel>? AccessLevels { get; set; }
|
||||
#endregion
|
||||
|
||||
#region Constructors
|
||||
public AccessLevelContext(DbContextOptions<AccessLevelContext> options) : base(options) { }
|
||||
public AccessLevelContext(string connString) : base(new DbContextOptionsBuilder<AccessLevelContext>()
|
||||
.UseMySQL(connString).Options)
|
||||
{
|
||||
|
||||
if (this.AccessLevels == null)
|
||||
{
|
||||
}
|
||||
}
|
||||
#endregion
|
||||
|
||||
#region Methods
|
||||
public Models.AccessLevel? GetAccessLevel(int songId) {
|
||||
var accessLevel = this.AccessLevels!.FirstOrDefault(acc => acc.SongId == songId);
|
||||
return accessLevel;
|
||||
}
|
||||
|
||||
protected override void OnModelCreating(ModelBuilder modelBuilder)
|
||||
{
|
||||
modelBuilder.Entity<Icarus.Models.AccessLevel>().ToTable("AccessLevel");
|
||||
modelBuilder.Entity<Models.AccessLevel>().ToTable("AccessLevel");
|
||||
|
||||
modelBuilder.Entity<Icarus.Models.AccessLevel>().Property(m => m.Level).IsRequired(true);
|
||||
modelBuilder.Entity<Models.AccessLevel>().Property(m => m.Level).IsRequired(true);
|
||||
}
|
||||
#endregion
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user