Platform: Asp.Net Core 2 MVC
WebApi, Webserver
Sprache: C#
ProjectsController.cs
Web-API Controller
Der WebApi Controller wird gesichert mit Java Web Tokens JwtToken JwtBearer.
Beim Aufbau einer Verbindung zur Web API mit mit Authorize AuthenticationSchemes zunächst der Zugriff geprüft über die Startup.cs Einstellungen.
Die API Standard Methoden httpGet, HttpPost
HttpGet Index erstellt eine Übersichtsliste aller eigener Einträge
HttpPost Create erstellt neue Einträge, hier Projekte
HttpDelete(id) Delete löscht den Angegebenen Datensatz
Get_UserID prüft, ob der aktuelle User die Berechtigungen hat
using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net.Http; using System.Security.Claims; using System.Threading.Tasks; using Freelance.Data; using Freelance.Models; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; //*HttpContent using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Newtonsoft.Json.Linq;
namespace Freelance.Controllers.api { [Authorize(AuthenticationSchemes = "JwtBearer")] //*goes to startup ConfigureServices.AddAuthentication->AddJwtBearer(..) [Produces("application/json")] [Route("api/Projects")] public class ProjectsController : Controller { //--------------< Class: ApiController >--------------------- #region Controller Init private readonly ApplicationDbContext _dbContext;
public ProjectsController(ApplicationDbContext dbContext) { //----< Init: Controller >---- _dbContext = dbContext; //----</ Init: Controller >---- } #endregion
// GET: /api/index public async Task<List<ProjectModel>> Index() { //-------------< Index >------------- //< get UserClaim Info > //*get User from Token var userClaim_in_Token = HttpContext.User.Claims.Where(c => c.Type == ClaimsIdentity.DefaultNameClaimType).FirstOrDefault(); //User as Name if(userClaim_in_Token==null) { return null; } string sEmail = userClaim_in_Token.Value; //</ get UserClaim Info >
//< check user > long IDCurrent_User = await Get_UserID(sEmail); //</ check user >
//--< Get Linq.Query >-- //*gets last 10 Projects with View_Sum var query = (from n in _dbContext.tbl_Projects //where n.IDOwner == IDCurrent_User orderby n.IDProject descending select n ).Take(10); //--</ Get Linq.Query >--
//----< fill Data_to_View >---- List<ProjectModel> dataList = query.ToList<ProjectModel>();
//< out > //*output to client return dataList; //</ out > //-------------</ Index >------------- }
//HttpPost URL=/api/projects //*Post=Create, Put=Update [HttpPost] public async Task<ActionResult> Create() { //-------------< Create() >------------- //< get UserClaim Info > //*get User from Token var userClaim_in_Token = HttpContext.User.Claims.Where(c => c.Type == ClaimsIdentity.DefaultNameClaimType).FirstOrDefault(); //User as Name if (userClaim_in_Token == null) { return null; } string sEmail = userClaim_in_Token.Value; //</ get UserClaim Info >
//< check user > long IDCurrent_User = await Get_UserID(sEmail); //</ check user >
//--< Read UploadData >-- StreamReader reader = new StreamReader(Request.Body); JObject jsonData = JObject.Parse(reader.ReadToEnd()); string sTitle = jsonData.GetValue("title").ToString(); string sURLRef = jsonData.GetValue("url").ToString(); string sHTML = jsonData.GetValue("html").ToString(); string sOrt = jsonData.GetValue("ort").ToString(); string sBereiche = jsonData.GetValue("bereiche").ToString(); string sGehalt = jsonData.GetValue("gehalt").ToString(); string sArt = jsonData.GetValue("art").ToString(); //--</ Read UploadData >--
//< correct > string sText = Html_Methods.HTML_to_Text(sHTML); //</ correct >
//< Create Data > ProjectModel project = new ProjectModel();
project.IDOwner = IDCurrent_User; project.URLRef = sURLRef ; project.Title = sTitle; project.HTML = sHTML; project.Text = sText; project.Ort = sOrt; project.Bereiche = sBereiche; project.Gehalt = sGehalt; project.Art = sArt;
project.DtCreated = DateTime.Now; //</ Create Data >
//< add recordset > _dbContext.tbl_Projects.Add(project); //</ add recordset >
//< save sqlserver > await _dbContext.SaveChangesAsync(true); //</ save sqlserver >
long newIDProject_on_Server = project.IDProject;
ActionResult response= Json(new { status = "OK", newIDProject_on_Server = newIDProject_on_Server });
//< out > //*output to client return response; //</ out > //-------------</ Create() >------------- }
//HttpClient-URL: httpDelete /api/projects/5 [HttpDelete("{id}")] public async Task< ActionResult> Delete(int id) { //-------------< HttpDelete(ID) >------------- //< get UserClaim Info > //*get User from Token var userClaim_in_Token = HttpContext.User.Claims.Where(c => c.Type == ClaimsIdentity.DefaultNameClaimType).FirstOrDefault(); //User as Name if (userClaim_in_Token == null) { return null; } string sEmail = userClaim_in_Token.Value; //</ get UserClaim Info >
//< check user > long IDCurrent_User = await Get_UserID(sEmail); //</ check user >
//< get_database > ProjectModel project = _dbContext.tbl_Projects.SingleOrDefault(n => n.IDProject == id); if (project == null) { return NotFound(); } //</ get_database >
//< check Owner > long IDOwner = project.IDOwner; if (IDOwner != IDCurrent_User) { return BadRequest(); } //</ check Owner >
//< Delete Note > _dbContext.tbl_Projects.Remove(project); //set Flag //</ Delete Note >
//< delete project+images > await _dbContext.SaveChangesAsync(true); //</ delete project+images >
//< out > //*output to client return Ok(); //</ out > //-------------</ HttpDelete(ID) >------------- }
private async Task<long> Get_UserID(string sEmail) { //------------< Check_User() >------------ //*gets UserID as long from AspUsers by Email //< check > if (sEmail== null) { return 0; } if (sEmail == "") { return 0; } if (sEmail.IndexOf("@")<0) { return 0; } //</ check >
//< get AspUser > var aspUser = _dbContext.Users.SingleOrDefault(u => u.Email == sEmail); if (aspUser ==null) { return 0; } //</ get AspUser >
//< get tbl_User > UserModel User = await _dbContext.tbl_Users.SingleOrDefaultAsync(u => u.IDAspNetUser == aspUser.Id); //</ get tbl_User >
//< out > return User.IDUser ; //as long //</ out > //------------</ Check_User() >------------ }
//--------------</ Class: ApiController >--------------------- } } |