SolarNetwork/Swarm
2
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🐛 Fix publisher invite controller still use int user id

Browse Source
This commit is contained in:
LittleSheep
2025-11-22 17:25:45 +08:00
parent e449e16d33
commit 0e44d9c514
1 changed files with 415 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

573
DysonNetwork.Sphere/Publisher/PublisherController.cs
View File

@@ -21,17 +21,16 @@ public class PublisherController(
FileReferenceService.FileReferenceServiceClient fileRefs, FileReferenceService.FileReferenceServiceClient fileRefs,
ActionLogService.ActionLogServiceClient als, ActionLogService.ActionLogServiceClient als,
RemoteRealmService remoteRealmService RemoteRealmService remoteRealmService
) ) : ControllerBase
: ControllerBase
{ {
[HttpGet("{name}")] [HttpGet("{name}")]
public async Task<ActionResult<SnPublisher>> GetPublisher(string name) public async Task<ActionResult<SnPublisher>> GetPublisher(string name)
{ {
var publisher = await db.Publishers var publisher = await db.Publishers.Where(e => e.Name == name).FirstOrDefaultAsync();
.Where(e => e.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound(); if (publisher.AccountId is null)
if (publisher.AccountId is null) return Ok(publisher); return Ok(publisher);
var account = await accounts.GetAccountAsync( var account = await accounts.GetAccountAsync(
new GetAccountRequest { Id = publisher.AccountId.Value.ToString() } new GetAccountRequest { Id = publisher.AccountId.Value.ToString() }
@@ -45,7 +44,8 @@ public class PublisherController(
public async Task<ActionResult<ActivityHeatmap>> GetPublisherHeatmap(string name) public async Task<ActionResult<ActivityHeatmap>> GetPublisherHeatmap(string name)
{ {
var heatmap = await ps.GetPublisherHeatmap(name); var heatmap = await ps.GetPublisherHeatmap(name);
if (heatmap is null) return NotFound(); if (heatmap is null)
return NotFound();
return Ok(heatmap); return Ok(heatmap);
} }
@@ -53,15 +53,16 @@ public class PublisherController(
public async Task<ActionResult<PublisherService.PublisherStats>> GetPublisherStats(string name) public async Task<ActionResult<PublisherService.PublisherStats>> GetPublisherStats(string name)
{ {
var stats = await ps.GetPublisherStats(name); var stats = await ps.GetPublisherStats(name);
if (stats is null) return NotFound(); if (stats is null)
return NotFound();
return Ok(stats); return Ok(stats);
} }
[HttpGet("of/{accountId:guid}")] [HttpGet("of/{accountId:guid}")]
public async Task<ActionResult<List<SnPublisher>>> GetAccountManagedPublishers(Guid accountId) public async Task<ActionResult<List<SnPublisher>>> GetAccountManagedPublishers(Guid accountId)
{ {
var members = await db.PublisherMembers var members = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.JoinedAt != null) .Where(m => m.JoinedAt != null)
.Include(e => e.Publisher) .Include(e => e.Publisher)
.ToListAsync(); .ToListAsync();
@@ -73,11 +74,12 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<List<SnPublisher>>> ListManagedPublishers() public async Task<ActionResult<List<SnPublisher>>> ListManagedPublishers()
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var members = await db.PublisherMembers var members = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.JoinedAt != null) .Where(m => m.JoinedAt != null)
.Include(e => e.Publisher) .Include(e => e.Publisher)
.ToListAsync(); .ToListAsync();
@@ -89,11 +91,12 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<List<SnPublisherMember>>> ListInvites() public async Task<ActionResult<List<SnPublisherMember>>> ListInvites()
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var members = await db.PublisherMembers var members = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.JoinedAt == null) .Where(m => m.JoinedAt == null)
.Include(e => e.Publisher) .Include(e => e.Publisher)
.ToListAsync(); .ToListAsync();
@@ -103,26 +106,33 @@ public class PublisherController(
public class PublisherMemberRequest public class PublisherMemberRequest
{ {
[Required] public long RelatedUserId { get; set; } [Required]
[Required] public Shared.Models.PublisherMemberRole Role { get; set; } public Guid RelatedUserId { get; set; }
[Required]
public Shared.Models.PublisherMemberRole Role { get; set; }
} }
[HttpPost("invites/{name}")] [HttpPost("invites/{name}")]
[Authorize] [Authorize]
public async Task<ActionResult<SnPublisherMember>> InviteMember(string name, public async Task<ActionResult<SnPublisherMember>> InviteMember(
[FromBody] PublisherMemberRequest request) string name,
[FromBody] PublisherMemberRequest request
)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var relatedUser = var relatedUser = await accounts.GetAccountAsync(
await accounts.GetAccountAsync(new GetAccountRequest { Id = request.RelatedUserId.ToString() }); new GetAccountRequest { Id = request.RelatedUserId.ToString() }
if (relatedUser == null) return BadRequest("Related user was not found"); );
if (relatedUser == null)
return BadRequest("Related user was not found");
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
if (!await ps.IsMemberWithRole(publisher.Id, accountId, request.Role)) if (!await ps.IsMemberWithRole(publisher.Id, accountId, request.Role))
return StatusCode(403, "You cannot invite member has higher permission than yours."); return StatusCode(403, "You cannot invite member has higher permission than yours.");
@@ -137,18 +147,26 @@ public class PublisherController(
db.PublisherMembers.Add(newMember); db.PublisherMembers.Add(newMember);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.members.invite", Action = "publishers.members.invite",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "account_id", Google.Protobuf.WellKnownTypes.Value.ForString(relatedUser.Id.ToString()) } "publisher_id",
Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
},
{
"account_id",
Google.Protobuf.WellKnownTypes.Value.ForString(relatedUser.Id.ToString())
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return Ok(newMember); return Ok(newMember);
} }
@@ -157,32 +175,44 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<SnPublisher>> AcceptMemberInvite(string name) public async Task<ActionResult<SnPublisher>> AcceptMemberInvite(string name)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.Publisher.Name == name) .Where(m => m.Publisher.Name == name)
.Where(m => m.JoinedAt == null) .Where(m => m.JoinedAt == null)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (member is null) return NotFound(); if (member is null)
return NotFound();
member.JoinedAt = Instant.FromDateTimeUtc(DateTime.UtcNow); member.JoinedAt = Instant.FromDateTimeUtc(DateTime.UtcNow);
db.Update(member); db.Update(member);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.members.join", Action = "publishers.members.join",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(member.PublisherId.ToString()) }, {
{ "account_id", Google.Protobuf.WellKnownTypes.Value.ForString(member.AccountId.ToString()) } "publisher_id",
Google.Protobuf.WellKnownTypes.Value.ForString(
member.PublisherId.ToString()
)
},
{
"account_id",
Google.Protobuf.WellKnownTypes.Value.ForString(member.AccountId.ToString())
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return Ok(member); return Ok(member);
} }
@@ -191,31 +221,43 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult> DeclineMemberInvite(string name) public async Task<ActionResult> DeclineMemberInvite(string name)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.Publisher.Name == name) .Where(m => m.Publisher.Name == name)
.Where(m => m.JoinedAt == null) .Where(m => m.JoinedAt == null)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (member is null) return NotFound(); if (member is null)
return NotFound();
db.PublisherMembers.Remove(member); db.PublisherMembers.Remove(member);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.members.decline", Action = "publishers.members.decline",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(member.PublisherId.ToString()) }, {
{ "account_id", Google.Protobuf.WellKnownTypes.Value.ForString(member.AccountId.ToString()) } "publisher_id",
Google.Protobuf.WellKnownTypes.Value.ForString(
member.PublisherId.ToString()
)
},
{
"account_id",
Google.Protobuf.WellKnownTypes.Value.ForString(member.AccountId.ToString())
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return NoContent(); return NoContent();
} }
@@ -224,38 +266,56 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult> RemoveMember(string name, Guid memberId) public async Task<ActionResult> RemoveMember(string name, Guid memberId)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == memberId) .PublisherMembers.Where(m => m.AccountId == memberId)
.Where(m => m.PublisherId == publisher.Id) .Where(m => m.PublisherId == publisher.Id)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
if (member is null) return NotFound("Member was not found"); if (member is null)
if (!await ps.IsMemberWithRole(publisher.Id, accountId, Shared.Models.PublisherMemberRole.Manager)) return NotFound("Member was not found");
return StatusCode(403, "You need at least be a manager to remove members from this publisher."); if (
!await ps.IsMemberWithRole(
publisher.Id,
accountId,
Shared.Models.PublisherMemberRole.Manager
)
)
return StatusCode(
403,
"You need at least be a manager to remove members from this publisher."
);
db.PublisherMembers.Remove(member); db.PublisherMembers.Remove(member);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.members.kick", Action = "publishers.members.kick",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "account_id", Google.Protobuf.WellKnownTypes.Value.ForString(memberId.ToString()) }, "publisher_id",
{ "kicked_by", Google.Protobuf.WellKnownTypes.Value.ForString(currentUser.Id) } Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
},
{
"account_id",
Google.Protobuf.WellKnownTypes.Value.ForString(memberId.ToString())
},
{ "kicked_by", Google.Protobuf.WellKnownTypes.Value.ForString(currentUser.Id) },
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return NoContent(); return NoContent();
} }
@@ -264,14 +324,16 @@ public class PublisherController(
{ {
[RegularExpression( [RegularExpression(
@"^[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?$", @"^[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?$",
ErrorMessage = ErrorMessage = "Name must be URL-safe (alphanumeric, hyphens, underscores, or periods) and cannot start/end with special characters."
"Name must be URL-safe (alphanumeric, hyphens, underscores, or periods) and cannot start/end with special characters."
)] )]
[MaxLength(256)] [MaxLength(256)]
public string? Name { get; set; } public string? Name { get; set; }
[MaxLength(256)] public string? Nick { get; set; } [MaxLength(256)]
[MaxLength(4096)] public string? Bio { get; set; } public string? Nick { get; set; }
[MaxLength(4096)]
public string? Bio { get; set; }
public string? PictureId { get; set; } public string? PictureId { get; set; }
public string? BackgroundId { get; set; } public string? BackgroundId { get; set; }
@@ -280,32 +342,36 @@ public class PublisherController(
[HttpPost("individual")] [HttpPost("individual")]
[Authorize] [Authorize]
[RequiredPermission("global", "publishers.create")] [RequiredPermission("global", "publishers.create")]
public async Task<ActionResult<SnPublisher>> CreatePublisherIndividual([FromBody] PublisherRequest request) public async Task<ActionResult<SnPublisher>> CreatePublisherIndividual(
[FromBody] PublisherRequest request
)
{ {
if (string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.Nick)) if (string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.Nick))
return BadRequest("Name and Nick are required."); return BadRequest("Name and Nick are required.");
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var takenName = request.Name ?? currentUser.Name; var takenName = request.Name ?? currentUser.Name;
var duplicateNameCount = await db.Publishers var duplicateNameCount = await db.Publishers.Where(p => p.Name == takenName).CountAsync();
.Where(p => p.Name == takenName)
.CountAsync();
if (duplicateNameCount > 0) if (duplicateNameCount > 0)
return BadRequest( return BadRequest(
"The name you requested has already be taken, " + "The name you requested has already be taken, "
"if it is your account name, " + + "if it is your account name, "
"you can request a taken down to the publisher which created with " + + "you can request a taken down to the publisher which created with "
"your name firstly to get your name back." + "your name firstly to get your name back."
); );
SnCloudFileReferenceObject? picture = null, background = null; SnCloudFileReferenceObject? picture = null,
background = null;
if (request.PictureId is not null) if (request.PictureId is not null)
{ {
var queryResult = await files.GetFileAsync( var queryResult = await files.GetFileAsync(
new GetFileRequest { Id = request.PictureId } new GetFileRequest { Id = request.PictureId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid picture id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid picture id, unable to find the file on cloud."
);
picture = SnCloudFileReferenceObject.FromProtoValue(queryResult); picture = SnCloudFileReferenceObject.FromProtoValue(queryResult);
} }
@@ -315,7 +381,9 @@ public class PublisherController(
new GetFileRequest { Id = request.BackgroundId } new GetFileRequest { Id = request.BackgroundId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid background id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid background id, unable to find the file on cloud."
);
background = SnCloudFileReferenceObject.FromProtoValue(queryResult); background = SnCloudFileReferenceObject.FromProtoValue(queryResult);
} }
@@ -328,19 +396,30 @@ public class PublisherController(
background background
); );
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.create", Action = "publishers.create",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "publisher_name", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name) }, "publisher_id",
{ "publisher_type", Google.Protobuf.WellKnownTypes.Value.ForString("Individual") } Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
},
{
"publisher_name",
Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name)
},
{
"publisher_type",
Google.Protobuf.WellKnownTypes.Value.ForString("Individual")
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return Ok(publisher); return Ok(publisher);
} }
@@ -348,36 +427,48 @@ public class PublisherController(
[HttpPost("organization/{realmSlug}")] [HttpPost("organization/{realmSlug}")]
[Authorize] [Authorize]
[RequiredPermission("global", "publishers.create")] [RequiredPermission("global", "publishers.create")]
public async Task<ActionResult<SnPublisher>> CreatePublisherOrganization(string realmSlug, public async Task<ActionResult<SnPublisher>> CreatePublisherOrganization(
[FromBody] PublisherRequest request) string realmSlug,
[FromBody] PublisherRequest request
)
{ {
if (string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.Nick)) if (string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.Nick))
return BadRequest("Name and Nick are required."); return BadRequest("Name and Nick are required.");
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var realm = await remoteRealmService.GetRealmBySlug(realmSlug); var realm = await remoteRealmService.GetRealmBySlug(realmSlug);
if (realm == null) return NotFound("Realm not found"); if (realm == null)
return NotFound("Realm not found");
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var isAdmin = await remoteRealmService.IsMemberWithRole(realm.Id, accountId, [RealmMemberRole.Moderator]); var isAdmin = await remoteRealmService.IsMemberWithRole(
realm.Id,
accountId,
[RealmMemberRole.Moderator]
);
if (!isAdmin) if (!isAdmin)
return StatusCode(403, "You need to be a moderator of the realm to create an organization publisher"); return StatusCode(
403,
"You need to be a moderator of the realm to create an organization publisher"
);
var takenName = request.Name ?? realm.Slug; var takenName = request.Name ?? realm.Slug;
var duplicateNameCount = await db.Publishers var duplicateNameCount = await db.Publishers.Where(p => p.Name == takenName).CountAsync();
.Where(p => p.Name == takenName)
.CountAsync();
if (duplicateNameCount > 0) if (duplicateNameCount > 0)
return BadRequest("The name you requested has already been taken"); return BadRequest("The name you requested has already been taken");
SnCloudFileReferenceObject? picture = null, background = null; SnCloudFileReferenceObject? picture = null,
background = null;
if (request.PictureId is not null) if (request.PictureId is not null)
{ {
var queryResult = await files.GetFileAsync( var queryResult = await files.GetFileAsync(
new GetFileRequest { Id = request.PictureId } new GetFileRequest { Id = request.PictureId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid picture id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid picture id, unable to find the file on cloud."
);
picture = SnCloudFileReferenceObject.FromProtoValue(queryResult); picture = SnCloudFileReferenceObject.FromProtoValue(queryResult);
} }
@@ -387,7 +478,9 @@ public class PublisherController(
new GetFileRequest { Id = request.BackgroundId } new GetFileRequest { Id = request.BackgroundId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid background id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid background id, unable to find the file on cloud."
);
background = SnCloudFileReferenceObject.FromProtoValue(queryResult); background = SnCloudFileReferenceObject.FromProtoValue(queryResult);
} }
@@ -401,63 +494,87 @@ public class PublisherController(
background background
); );
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.create", Action = "publishers.create",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "publisher_name", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name) }, "publisher_id",
{ "publisher_type", Google.Protobuf.WellKnownTypes.Value.ForString("Organization") }, Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
{ "realm_slug", Google.Protobuf.WellKnownTypes.Value.ForString(realm.Slug) } },
{
"publisher_name",
Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name)
},
{
"publisher_type",
Google.Protobuf.WellKnownTypes.Value.ForString("Organization")
},
{ "realm_slug", Google.Protobuf.WellKnownTypes.Value.ForString(realm.Slug) },
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return Ok(publisher); return Ok(publisher);
} }
[HttpPatch("{name}")] [HttpPatch("{name}")]
[Authorize] [Authorize]
public async Task<ActionResult<SnPublisher>> UpdatePublisher(string name, PublisherRequest request) public async Task<ActionResult<SnPublisher>> UpdatePublisher(
string name,
PublisherRequest request
)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.PublisherId == publisher.Id) .Where(m => m.PublisherId == publisher.Id)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (member is null) return StatusCode(403, "You are not even a member of the targeted publisher."); if (member is null)
return StatusCode(403, "You are not even a member of the targeted publisher.");
if (member.Role < Shared.Models.PublisherMemberRole.Manager) if (member.Role < Shared.Models.PublisherMemberRole.Manager)
return StatusCode(403, "You need at least be the manager to update the publisher profile."); return StatusCode(
403,
"You need at least be the manager to update the publisher profile."
);
if (request.Name is not null) publisher.Name = request.Name; if (request.Name is not null)
if (request.Nick is not null) publisher.Nick = request.Nick; publisher.Name = request.Name;
if (request.Bio is not null) publisher.Bio = request.Bio; if (request.Nick is not null)
publisher.Nick = request.Nick;
if (request.Bio is not null)
publisher.Bio = request.Bio;
if (request.PictureId is not null) if (request.PictureId is not null)
{ {
var queryResult = await files.GetFileAsync( var queryResult = await files.GetFileAsync(
new GetFileRequest { Id = request.PictureId } new GetFileRequest { Id = request.PictureId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid picture id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid picture id, unable to find the file on cloud."
);
var picture = SnCloudFileReferenceObject.FromProtoValue(queryResult); var picture = SnCloudFileReferenceObject.FromProtoValue(queryResult);
// Remove old references for the publisher picture // Remove old references for the publisher picture
if (publisher.Picture is not null) if (publisher.Picture is not null)
await fileRefs.DeleteResourceReferencesAsync(new DeleteResourceReferencesRequest await fileRefs.DeleteResourceReferencesAsync(
new DeleteResourceReferencesRequest
{ {
ResourceId = publisher.ResourceIdentifier ResourceId = publisher.ResourceIdentifier,
}); }
);
publisher.Picture = picture; publisher.Picture = picture;
@@ -466,7 +583,7 @@ public class PublisherController(
{ {
FileId = picture.Id, FileId = picture.Id,
Usage = "publisher.picture", Usage = "publisher.picture",
ResourceId = publisher.ResourceIdentifier ResourceId = publisher.ResourceIdentifier,
} }
); );
} }
@@ -477,16 +594,20 @@ public class PublisherController(
new GetFileRequest { Id = request.BackgroundId } new GetFileRequest { Id = request.BackgroundId }
); );
if (queryResult is null) if (queryResult is null)
throw new InvalidOperationException("Invalid background id, unable to find the file on cloud."); throw new InvalidOperationException(
"Invalid background id, unable to find the file on cloud."
);
var background = SnCloudFileReferenceObject.FromProtoValue(queryResult); var background = SnCloudFileReferenceObject.FromProtoValue(queryResult);
// Remove old references for the publisher background // Remove old references for the publisher background
if (publisher.Background is not null) if (publisher.Background is not null)
{ {
await fileRefs.DeleteResourceReferencesAsync(new DeleteResourceReferencesRequest await fileRefs.DeleteResourceReferencesAsync(
new DeleteResourceReferencesRequest
{ {
ResourceId = publisher.ResourceIdentifier ResourceId = publisher.ResourceIdentifier,
}); }
);
} }
publisher.Background = background; publisher.Background = background;
@@ -496,7 +617,7 @@ public class PublisherController(
{ {
FileId = background.Id, FileId = background.Id,
Usage = "publisher.background", Usage = "publisher.background",
ResourceId = publisher.ResourceIdentifier ResourceId = publisher.ResourceIdentifier,
} }
); );
} }
@@ -504,22 +625,48 @@ public class PublisherController(
db.Update(publisher); db.Update(publisher);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.update", Action = "publishers.update",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "name_updated", Google.Protobuf.WellKnownTypes.Value.ForBool(!string.IsNullOrEmpty(request.Name)) }, "publisher_id",
{ "nick_updated", Google.Protobuf.WellKnownTypes.Value.ForBool(!string.IsNullOrEmpty(request.Nick)) }, Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
{ "bio_updated", Google.Protobuf.WellKnownTypes.Value.ForBool(!string.IsNullOrEmpty(request.Bio)) }, },
{ "picture_updated", Google.Protobuf.WellKnownTypes.Value.ForBool(request.PictureId != null) }, {
{ "background_updated", Google.Protobuf.WellKnownTypes.Value.ForBool(request.BackgroundId != null) } "name_updated",
Google.Protobuf.WellKnownTypes.Value.ForBool(
!string.IsNullOrEmpty(request.Name)
)
},
{
"nick_updated",
Google.Protobuf.WellKnownTypes.Value.ForBool(
!string.IsNullOrEmpty(request.Nick)
)
},
{
"bio_updated",
Google.Protobuf.WellKnownTypes.Value.ForBool(
!string.IsNullOrEmpty(request.Bio)
)
},
{
"picture_updated",
Google.Protobuf.WellKnownTypes.Value.ForBool(request.PictureId != null)
},
{
"background_updated",
Google.Protobuf.WellKnownTypes.Value.ForBool(request.BackgroundId != null)
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return Ok(publisher); return Ok(publisher);
} }
@@ -528,19 +675,20 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<SnPublisher>> DeletePublisher(string name) public async Task<ActionResult<SnPublisher>> DeletePublisher(string name)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.PublisherId == publisher.Id) .Where(m => m.PublisherId == publisher.Id)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (member is null) return StatusCode(403, "You are not even a member of the targeted publisher."); if (member is null)
return StatusCode(403, "You are not even a member of the targeted publisher.");
if (member.Role < Shared.Models.PublisherMemberRole.Owner) if (member.Role < Shared.Models.PublisherMemberRole.Owner)
return StatusCode(403, "You need to be the owner to delete the publisher."); return StatusCode(403, "You need to be the owner to delete the publisher.");
@@ -554,19 +702,30 @@ public class PublisherController(
db.Publishers.Remove(publisher); db.Publishers.Remove(publisher);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
_ = als.CreateActionLogAsync(new CreateActionLogRequest _ = als.CreateActionLogAsync(
new CreateActionLogRequest
{ {
Action = "publishers.delete", Action = "publishers.delete",
Meta = Meta =
{ {
{ "publisher_id", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString()) }, {
{ "publisher_name", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name) }, "publisher_id",
{ "publisher_type", Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Type.ToString()) } Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Id.ToString())
},
{
"publisher_name",
Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Name)
},
{
"publisher_type",
Google.Protobuf.WellKnownTypes.Value.ForString(publisher.Type.ToString())
},
}, },
AccountId = currentUser.Id, AccountId = currentUser.Id,
UserAgent = Request.Headers.UserAgent, UserAgent = Request.Headers.UserAgent,
IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString() IpAddress = Request.HttpContext.Connection.RemoteIpAddress?.ToString(),
}); }
);
return NoContent(); return NoContent();
} }
@@ -578,23 +737,18 @@ public class PublisherController(
[FromQuery] int take = 20 [FromQuery] int take = 20
) )
{ {
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var query = db.PublisherMembers var query = db
.Where(m => m.PublisherId == publisher.Id) .PublisherMembers.Where(m => m.PublisherId == publisher.Id)
.Where(m => m.JoinedAt != null); .Where(m => m.JoinedAt != null);
var total = await query.CountAsync(); var total = await query.CountAsync();
Response.Headers["X-Total"] = total.ToString(); Response.Headers["X-Total"] = total.ToString();
var members = await query var members = await query.OrderBy(m => m.CreatedAt).Skip(offset).Take(take).ToListAsync();
.OrderBy(m => m.CreatedAt)
.Skip(offset)
.Take(take)
.ToListAsync();
members = await ps.LoadMemberAccounts(members); members = await ps.LoadMemberAccounts(members);
return Ok(members.Where(m => m.Account is not null).ToList()); return Ok(members.Where(m => m.Account is not null).ToList());
@@ -604,20 +758,21 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<SnPublisherMember>> GetCurrentIdentity(string name) public async Task<ActionResult<SnPublisherMember>> GetCurrentIdentity(string name)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var member = await db.PublisherMembers var member = await db
.Where(m => m.AccountId == accountId) .PublisherMembers.Where(m => m.AccountId == accountId)
.Where(m => m.PublisherId == publisher.Id) .Where(m => m.PublisherId == publisher.Id)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (member is null) return NotFound(); if (member is null)
return NotFound();
return Ok(await ps.LoadMemberAccount(member)); return Ok(await ps.LoadMemberAccount(member));
} }
@@ -625,23 +780,20 @@ public class PublisherController(
[Authorize] [Authorize]
public async Task<ActionResult<Dictionary<string, bool>>> ListPublisherFeatures(string name) public async Task<ActionResult<Dictionary<string, bool>>> ListPublisherFeatures(string name)
{ {
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var features = await db.PublisherFeatures var features = await db
.Where(f => f.PublisherId == publisher.Id) .PublisherFeatures.Where(f => f.PublisherId == publisher.Id)
.ToListAsync(); .ToListAsync();
var dict = PublisherFeatureFlag.AllFlags.ToDictionary( var dict = PublisherFeatureFlag.AllFlags.ToDictionary(flag => flag, _ => false);
flag => flag,
_ => false
);
foreach ( foreach (
var feature in features.Where(feature => var feature in features.Where(feature =>
feature.ExpiredAt == null || !(feature.ExpiredAt < SystemClock.Instance.GetCurrentInstant()) feature.ExpiredAt == null
|| !(feature.ExpiredAt < SystemClock.Instance.GetCurrentInstant())
) )
) )
{ {
@@ -653,17 +805,17 @@ public class PublisherController(
[HttpGet("{name}/rewards")] [HttpGet("{name}/rewards")]
[Authorize] [Authorize]
public async Task<ActionResult<PublisherService.PublisherRewardPreview>> GetPublisherExpectedReward( public async Task<
string name ActionResult<PublisherService.PublisherRewardPreview>
) > GetPublisherExpectedReward(string name)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized(); if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized();
var accountId = Guid.Parse(currentUser.Id); var accountId = Guid.Parse(currentUser.Id);
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
if (!await ps.IsMemberWithRole(publisher.Id, accountId, PublisherMemberRole.Viewer)) if (!await ps.IsMemberWithRole(publisher.Id, accountId, PublisherMemberRole.Viewer))
return StatusCode(403, "You are not allowed to view stats data of this publisher."); return StatusCode(403, "You are not allowed to view stats data of this publisher.");
@@ -674,26 +826,28 @@ public class PublisherController(
public class PublisherFeatureRequest public class PublisherFeatureRequest
{ {
[Required] public string Flag { get; set; } = null!; [Required]
public string Flag { get; set; } = null!;
public Instant? ExpiredAt { get; set; } public Instant? ExpiredAt { get; set; }
} }
[HttpPost("{name}/features")] [HttpPost("{name}/features")]
[Authorize] [Authorize]
[RequiredPermission("maintenance", "publishers.features")] [RequiredPermission("maintenance", "publishers.features")]
public async Task<ActionResult<PublisherFeature>> AddPublisherFeature(string name, public async Task<ActionResult<PublisherFeature>> AddPublisherFeature(
[FromBody] PublisherFeatureRequest request) string name,
[FromBody] PublisherFeatureRequest request
)
{ {
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var feature = new SnPublisherFeature var feature = new SnPublisherFeature
{ {
PublisherId = publisher.Id, PublisherId = publisher.Id,
Flag = request.Flag, Flag = request.Flag,
ExpiredAt = request.ExpiredAt ExpiredAt = request.ExpiredAt,
}; };
db.PublisherFeatures.Add(feature); db.PublisherFeatures.Add(feature);
@@ -707,16 +861,16 @@ public class PublisherController(
[RequiredPermission("maintenance", "publishers.features")] [RequiredPermission("maintenance", "publishers.features")]
public async Task<ActionResult> RemovePublisherFeature(string name, string flag) public async Task<ActionResult> RemovePublisherFeature(string name, string flag)
{ {
var publisher = await db.Publishers var publisher = await db.Publishers.Where(p => p.Name == name).FirstOrDefaultAsync();
.Where(p => p.Name == name) if (publisher is null)
.FirstOrDefaultAsync(); return NotFound();
if (publisher is null) return NotFound();
var feature = await db.PublisherFeatures var feature = await db
.Where(f => f.PublisherId == publisher.Id) .PublisherFeatures.Where(f => f.PublisherId == publisher.Id)
.Where(f => f.Flag == flag) .Where(f => f.Flag == flag)
.FirstOrDefaultAsync(); .FirstOrDefaultAsync();
if (feature is null) return NotFound(); if (feature is null)
return NotFound();
db.PublisherFeatures.Remove(feature); db.PublisherFeatures.Remove(feature);
await db.SaveChangesAsync(); await db.SaveChangesAsync();
@@ -733,3 +887,4 @@ public class PublisherController(
return Ok(); return Ok();
} }
} }