-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #25 from Star-Academy/role-authorization
Role authorization
- Loading branch information
Showing
44 changed files
with
905 additions
and
266 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
namespace mohaymen_codestar_Team02.Dto.Permission; | ||
|
||
using Models; | ||
|
||
public class GetPermissionDto | ||
{ | ||
public List<Permission> Permissions { get; init; } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 94 additions & 0 deletions
94
mohaymen-codestar-Team02/Middlewares/SanitizationMiddleware.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
using System.Text; | ||
using Ganss.Xss; | ||
using Microsoft.AspNetCore.Mvc.Controllers; | ||
using Newtonsoft.Json; | ||
|
||
namespace mohaymen_codestar_Team02.Middlewares; | ||
|
||
public class SanitizationMiddleware | ||
{ | ||
private readonly RequestDelegate _next; | ||
private readonly HtmlSanitizer _sanitizer; | ||
|
||
public SanitizationMiddleware(RequestDelegate next) | ||
{ | ||
_next = next; | ||
_sanitizer = new HtmlSanitizer(); | ||
} | ||
|
||
public async Task InvokeAsync(HttpContext context) | ||
{ | ||
if (context.Request.ContentType != null && context.Request.ContentType.Contains("application/json")) | ||
{ | ||
context.Request.EnableBuffering(); | ||
using (var reader = new StreamReader(context.Request.Body, Encoding.UTF8, leaveOpen: true)) | ||
{ | ||
var body = await reader.ReadToEndAsync(); | ||
context.Request.Body.Position = 0; | ||
|
||
var type = GetRequestDtoType(context); | ||
if (type != null) | ||
{ | ||
var sanitizedBody = SanitizeRequestBody(body, type); | ||
var buffer = Encoding.UTF8.GetBytes(sanitizedBody); | ||
|
||
context.Request.Body = new MemoryStream(buffer); | ||
context.Request.Body.Position = 0; | ||
} | ||
} | ||
} | ||
|
||
await _next(context); | ||
} | ||
|
||
private Type? GetRequestDtoType(HttpContext context) | ||
{ | ||
var endpoint = context.GetEndpoint(); | ||
var actionDescriptor = endpoint?.Metadata.GetMetadata<ControllerActionDescriptor>(); | ||
if (actionDescriptor != null) | ||
{ | ||
var parameters = actionDescriptor.Parameters; | ||
var dtoParameter = | ||
parameters.FirstOrDefault(p => p.ParameterType.IsClass && p.ParameterType != typeof(string)); | ||
return dtoParameter?.ParameterType; | ||
} | ||
|
||
return null; | ||
} | ||
|
||
private string SanitizeRequestBody(string body, Type type) | ||
{ | ||
object sanitizedDto; | ||
if (type == typeof(List<string>)) | ||
{ | ||
var dto = JsonConvert.DeserializeObject<IEnumerable<string>>(body); | ||
sanitizedDto = SanitizeEnumerable(dto); | ||
} | ||
else | ||
{ | ||
var dto = JsonConvert.DeserializeObject(body, type); | ||
sanitizedDto = SanitizeDto(dto); | ||
} | ||
|
||
return JsonConvert.SerializeObject(sanitizedDto); | ||
} | ||
|
||
private IEnumerable<string> SanitizeEnumerable(IEnumerable<string> dto) | ||
{ | ||
return dto.Select(str => _sanitizer.Sanitize(str)); | ||
} | ||
|
||
private object SanitizeDto(object dto) | ||
{ | ||
var properties = dto.GetType().GetProperties() | ||
.Where(p => p.PropertyType == typeof(string) && p.CanWrite && p.CanRead); | ||
|
||
foreach (var property in properties) | ||
{ | ||
var value = (string)property.GetValue(dto); | ||
if (value != null) property.SetValue(dto, _sanitizer.Sanitize(value)); | ||
} | ||
|
||
return dto; | ||
} | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
using System.ComponentModel.DataAnnotations; | ||
|
||
namespace mohaymen_codestar_Team02.Models; | ||
|
||
public class User | ||
{ | ||
[Key] public long UserId { get; init; } | ||
|
||
[Required] | ||
[StringLength(50, MinimumLength = 3, ErrorMessage = "Username must be between 3 and 50 characters.")] | ||
[RegularExpression(@"^[a-zA-Z0-9_]*$", | ||
ErrorMessage = "Username can only contain letters, numbers, and underscores.")] | ||
public string? Username { get; set; } = string.Empty; | ||
|
||
[Required] [StringLength(64)] public string FirstName { get; set; } = string.Empty; | ||
|
||
[Required] [StringLength(64)] public string LastName { get; set; } = string.Empty; | ||
|
||
[Required] [EmailAddress] public string Email { get; set; } = string.Empty; | ||
|
||
//dont add normal pass | ||
[Required] [StringLength(256)] public byte[] Salt { get; set; } | ||
|
||
[Required] [StringLength(256)] public byte[] PasswordHash { get; set; } | ||
|
||
public virtual ICollection<UserRole> UserRoles { get; set; } | ||
public virtual ICollection<DataGroup> DataSets { get; set; } | ||
} |
File renamed without changes.
Oops, something went wrong.