Implemented user logout and deletion service. Added Auth, Deletion and Logout hook. Restructed controllers

2026-02-01 16:26:11 +01:00
parent c8fe11bd2b
commit 58c882603c
11 changed files with 258 additions and 65 deletions
--- a/Moonlight.Api/Http/Controllers/Admin/Users/UserDeletionController.cs
+++ b/Moonlight.Api/Http/Controllers/Admin/Users/UserDeletionController.cs
@@ -0,0 +1,56 @@
+using System.Collections.Frozen;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using Moonlight.Api.Database;
+using Moonlight.Api.Database.Entities;
+using Moonlight.Api.Services;
+using Moonlight.Shared;
+
+namespace Moonlight.Api.Http.Controllers.Admin.Users;
+
+[ApiController]
+[Route("api/admin/users")]
+[Authorize(Policy = Permissions.Users.Delete)]
+public class UserDeletionController : Controller
+{
+    private readonly UserDeletionService UserDeletionService;
+    private readonly DatabaseRepository<User> Repository;
+
+    public UserDeletionController(UserDeletionService userDeletionService, DatabaseRepository<User> repository)
+    {
+        UserDeletionService = userDeletionService;
+        Repository = repository;
+    }
+
+    [HttpDelete("{id:int}")]
+    public async Task<ActionResult> DeleteAsync([FromRoute] int id)
+    {
+        var userExists = await Repository
+            .Query()
+            .AnyAsync(user => user.Id == id);
+
+        if (!userExists)
+            return Problem("No user with this id found", statusCode: 404);
+
+        var validationResult = await UserDeletionService.ValidateAsync(id);
+
+        if (!validationResult.IsValid)
+        {
+            return ValidationProblem(
+                new ValidationProblemDetails(
+                    new Dictionary<string, string[]>()
+                    {
+                        {
+                            string.Empty,
+                            validationResult.ErrorMessages.ToArray()
+                        }
+                    }
+                )
+            );
+        }
+        
+        await UserDeletionService.DeleteAsync(id);
+        return NoContent();
+    }
+}
--- a/Moonlight.Api/Http/Controllers/Admin/Users/UserLogoutController.cs
+++ b/Moonlight.Api/Http/Controllers/Admin/Users/UserLogoutController.cs
@@ -0,0 +1,41 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using Moonlight.Api.Database;
+using Moonlight.Api.Database.Entities;
+using Moonlight.Api.Services;
+using Moonlight.Shared;
+
+namespace Moonlight.Api.Http.Controllers.Admin.Users;
+
+[ApiController]
+[Route("api/admin/users/{id:int}/logout")]
+[Authorize(Policy = Permissions.Users.Logout)]
+public class UserLogoutController : Controller
+{
+    private readonly UserLogoutService LogoutService;
+    private readonly DatabaseRepository<User> Repository;
+
+    public UserLogoutController(
+        UserLogoutService logoutService,
+        DatabaseRepository<User> repository
+    )
+    {
+        LogoutService = logoutService;
+        Repository = repository;
+    }
+
+    [HttpPost]
+    public async Task<ActionResult> LogoutAsync([FromRoute] int id)
+    {
+        var userExists = await Repository
+            .Query()
+            .AnyAsync(user => user.Id == id);
+
+        if (!userExists)
+            return Problem("No user with this id found", statusCode: 404);
+
+        await LogoutService.LogoutAsync(id);
+        return NoContent();
+    }
+}
--- a/Moonlight.Api/Http/Controllers/Admin/Users/UsersController.cs
+++ b/Moonlight.Api/Http/Controllers/Admin/Users/UsersController.cs
@@ -0,0 +1,120 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using Moonlight.Api.Database;
+using Moonlight.Api.Database.Entities;
+using Moonlight.Api.Mappers;
+using Moonlight.Shared;
+using Moonlight.Shared.Http.Requests;
+using Moonlight.Shared.Http.Requests.Users;
+using Moonlight.Shared.Http.Responses;
+using Moonlight.Shared.Http.Responses.Users;
+
+namespace Moonlight.Api.Http.Controllers.Admin.Users;
+
+[Authorize]
+[ApiController]
+[Route("api/admin/users")]
+public class UsersController : Controller
+{
+    private readonly DatabaseRepository<User> UserRepository;
+
+    public UsersController(DatabaseRepository<User> userRepository)
+    {
+        UserRepository = userRepository;
+    }
+
+    [HttpGet]
+    [Authorize(Policy = Permissions.Users.View)]
+    public async Task<ActionResult<PagedData<UserDto>>> GetAsync(
+        [FromQuery] int startIndex,
+        [FromQuery] int length,
+        [FromQuery] FilterOptions? filterOptions
+    )
+    {
+        // Validation
+        if (startIndex < 0)
+            return Problem("Invalid start index specified", statusCode: 400);
+
+        if (length is < 1 or > 100)
+            return Problem("Invalid length specified");
+
+        // Query building
+        
+        var query = UserRepository
+            .Query();
+
+        // Filters
+        if (filterOptions != null)
+        {
+            foreach (var filterOption in filterOptions.Filters)
+            {
+                query = filterOption.Key switch
+                {
+                    nameof(Database.Entities.User.Email) =>
+                        query.Where(user => EF.Functions.ILike(user.Email, $"%{filterOption.Value}%")),
+
+                    nameof(Database.Entities.User.Username) =>
+                        query.Where(user => EF.Functions.ILike(user.Username, $"%{filterOption.Value}%")),
+
+                    _ => query
+                };
+            }
+        }
+
+        // Pagination
+        var data = await query
+            .OrderBy(x => x.Id)
+            .ProjectToDto()
+            .Skip(startIndex)
+            .Take(length)
+            .ToArrayAsync();
+
+        var total = await query.CountAsync();
+
+        return new PagedData<UserDto>(data, total);
+    }
+
+    [HttpGet("{id:int}")]
+    [Authorize(Policy = Permissions.Users.View)]
+    public async Task<ActionResult<UserDto>> GetAsync([FromRoute] int id)
+    {
+        var user = await UserRepository
+            .Query()
+            .FirstOrDefaultAsync(x => x.Id == id);
+
+        if (user == null)
+            return Problem("No user with this id found", statusCode: 404);
+
+        return UserMapper.ToDto(user);
+    }
+
+    [HttpPost]
+    [Authorize(Policy = Permissions.Users.Create)]
+    public async Task<ActionResult<UserDto>> CreateAsync([FromBody] CreateUserDto request)
+    {
+        var user = UserMapper.ToEntity(request);
+        user.InvalidateTimestamp = DateTimeOffset.UtcNow.AddMinutes(-1);
+
+        var finalUser = await UserRepository.AddAsync(user);
+
+        return UserMapper.ToDto(finalUser);
+    }
+
+    [HttpPatch("{id:int}")]
+    [Authorize(Policy = Permissions.Users.Edit)]
+    public async Task<ActionResult<UserDto>> UpdateAsync([FromRoute] int id, [FromBody] UpdateUserDto request)
+    {
+        var user = await UserRepository
+            .Query()
+            .FirstOrDefaultAsync(x => x.Id == id);
+
+        if (user == null)
+            return Problem("No user with this id found", statusCode: 404);
+
+        UserMapper.Merge(user, request);
+        await UserRepository.UpdateAsync(user);
+
+        return UserMapper.ToDto(user);
+    }
+}