PluralKit/PluralKit.API/Controllers/v1/SystemController.cs

using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

using Dapper;

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

using Newtonsoft.Json;
using Newtonsoft.Json.Linq;

using NodaTime;

using PluralKit.Core;

namespace PluralKit.API
{
    public struct SwitchesReturn
    {
        [JsonProperty("timestamp")] public Instant Timestamp { get; set; }
        [JsonProperty("members")] public IEnumerable<string> Members { get; set; }
    }

    public struct FrontersReturn
    {
        [JsonProperty("timestamp")] public Instant Timestamp { get; set; }
        [JsonProperty("members")] public IEnumerable<JObject> Members { get; set; }
    }

    public struct PostSwitchParams
    {
        public ICollection<string> Members { get; set; }
    }

    [ApiController]
    [ApiVersion("1.0")]
    [Route( "v{version:apiVersion}/s" )]
    public class SystemController : ControllerBase
    {
        private IDataStore _data;
        private IDatabase _db;
        private IAuthorizationService _auth;

        public SystemController(IDataStore data, IDatabase db, IAuthorizationService auth)
        {
            _data = data;
            _db = db;
            _auth = auth;
        }

        [HttpGet]
        [Authorize]
        public async Task<ActionResult<JObject>> GetOwnSystem()
        {
            var system = await _db.Execute(c => c.QuerySystem(User.CurrentSystem()));
            return system.ToJson(User.ContextFor(system));
        }

        [HttpGet("{hid}")]
        public async Task<ActionResult<JObject>> GetSystem(string hid)
        {
            var system = await _data.GetSystemByHid(hid);
            if (system == null) return NotFound("System not found.");
            return Ok(system.ToJson(User.ContextFor(system)));
        }

        [HttpGet("{hid}/members")]
        public async Task<ActionResult<IEnumerable<JObject>>> GetMembers(string hid)
        {
            var system = await _data.GetSystemByHid(hid);
            if (system == null) return NotFound("System not found.");

            if (!system.MemberListPrivacy.CanAccess(User.ContextFor(system)))
                return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view member list.");

            var members = _data.GetSystemMembers(system);
            return Ok(await members
                .Where(m => m.MemberVisibility.CanAccess(User.ContextFor(system)))
                .Select(m => m.ToJson(User.ContextFor(system)))
                .ToListAsync());
        }

        [HttpGet("{hid}/switches")]
        public async Task<ActionResult<IEnumerable<SwitchesReturn>>> GetSwitches(string hid, [FromQuery(Name = "before")] Instant? before)
        {
            if (before == null) before = SystemClock.Instance.GetCurrentInstant();
            
            var system = await _data.GetSystemByHid(hid);
            if (system == null) return NotFound("System not found.");

            var auth = await _auth.AuthorizeAsync(User, system, "ViewFrontHistory");
            if (!auth.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view front history.");

            using (var conn = await _db.Obtain())
            {
                var res = await conn.QueryAsync<SwitchesReturn>(
                    @"select *, array(
                        select members.hid from switch_members, members
                        where switch_members.switch = switches.id and members.id = switch_members.member
                    ) as members from switches
                    where switches.system = @System and switches.timestamp < @Before
                    order by switches.timestamp desc
                    limit 100;", new {System = system.Id, Before = before});
                return Ok(res);
            }
        }

        [HttpGet("{hid}/fronters")]
        public async Task<ActionResult<FrontersReturn>> GetFronters(string hid)
        {
            var system = await _data.GetSystemByHid(hid);
            if (system == null) return NotFound("System not found.");
            
            var auth = await _auth.AuthorizeAsync(User, system, "ViewFront");
            if (!auth.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view fronter.");
            
            var sw = await _data.GetLatestSwitch(system.Id);
            if (sw == null) return NotFound("System has no registered switches."); 
                
            var members = _data.GetSwitchMembers(sw);
            return Ok(new FrontersReturn
            {
                Timestamp = sw.Timestamp,
                Members = await members.Select(m => m.ToJson(User.ContextFor(system))).ToListAsync()
            });
        }

        [HttpPatch]
        [Authorize]
        public async Task<ActionResult<JObject>> EditSystem([FromBody] JObject changes)
        {
            var system = await _db.Execute(c => c.QuerySystem(User.CurrentSystem()));

            SystemPatch patch;
            try
            {
                patch = JsonModelExt.ToSystemPatch(changes); 
            }
            catch (JsonModelParseError e)
            {
                return BadRequest(e.Message);
            }

            await _db.Execute(conn => conn.UpdateSystem(system.Id, patch));
            return Ok(system.ToJson(User.ContextFor(system)));
        }

        [HttpPost("switches")]
        [Authorize]
        public async Task<IActionResult> PostSwitch([FromBody] PostSwitchParams param)
        {
            if (param.Members.Distinct().Count() != param.Members.Count)
                return BadRequest("Duplicate members in member list.");
            
            // We get the current switch, if it exists
            var latestSwitch = await _data.GetLatestSwitch(User.CurrentSystem());
            if (latestSwitch != null)
            {
                var latestSwitchMembers = _data.GetSwitchMembers(latestSwitch);

                // Bail if this switch is identical to the latest one
                if (await latestSwitchMembers.Select(m => m.Hid).SequenceEqualAsync(param.Members.ToAsyncEnumerable()))
                    return BadRequest("New members identical to existing fronters.");
            }

            // Resolve member objects for all given IDs
            IEnumerable<PKMember> membersList;
            using (var conn = await _db.Obtain())
                membersList = (await conn.QueryAsync<PKMember>("select * from members where hid = any(@Hids)", new {Hids = param.Members})).ToList();
            
            foreach (var member in membersList)
                if (member.System != User.CurrentSystem())
                    return BadRequest($"Cannot switch to member '{member.Hid}' not in system.");

            // membersList is in DB order, and we want it in actual input order
            // so we go through a dict and map the original input appropriately
            var membersDict = membersList.ToDictionary(m => m.Hid);
            
            var membersInOrder = new List<PKMember>();
            // We do this without .Select() since we want to have the early return bail if it doesn't find the member
            foreach (var givenMemberId in param.Members)
            {
                if (!membersDict.TryGetValue(givenMemberId, out var member)) return BadRequest($"Member '{givenMemberId}' not found.");
                membersInOrder.Add(member);
            }

            // Finally, log the switch (yay!)
            await _data.AddSwitch(User.CurrentSystem(), membersInOrder);
            return NoContent();
        }
    }
}
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using System.Collections.Generic;`
			`using System.Linq;`
			`using System.Threading.Tasks;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Dapper;`
Add system and member privacy support 2020-01-11 15:49:20 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`using Microsoft.AspNetCore.Authorization;`
Add system and member privacy support 2020-01-11 15:49:20 +00:00			`using Microsoft.AspNetCore.Http;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Microsoft.AspNetCore.Mvc;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using Newtonsoft.Json;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`using Newtonsoft.Json.Linq;`

Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`using NodaTime;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Bounds check system details 2019-07-09 22:21:00 +00:00			`using PluralKit.Core;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`namespace PluralKit.API`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
			`public struct SwitchesReturn`
			`{`
			`[JsonProperty("timestamp")] public Instant Timestamp { get; set; }`
			`[JsonProperty("members")] public IEnumerable<string> Members { get; set; }`
			`}`

			`public struct FrontersReturn`
			`{`
			`[JsonProperty("timestamp")] public Instant Timestamp { get; set; }`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`[JsonProperty("members")] public IEnumerable<JObject> Members { get; set; }`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`public struct PostSwitchParams`
			`{`
			`public ICollection<string> Members { get; set; }`
			`}`

			`[ApiController]`
Integrate ApiVersioning library for ASP.NET 2020-05-07 02:39:49 +00:00			`[ApiVersion("1.0")]`
			`[Route( "v{version:apiVersion}/s" )]`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`public class SystemController : ControllerBase`
			`{`
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`private IDataStore _data;`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`private IDatabase _db;`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`private IAuthorizationService _auth;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`public SystemController(IDataStore data, IDatabase db, IAuthorizationService auth)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`_data = data;`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`_db = db;`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`_auth = auth;`
			`}`

Add an endpoint to view your own system 2019-07-15 18:06:28 +00:00			`[HttpGet]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
			`public async Task<ActionResult<JObject>> GetOwnSystem()`
Add an endpoint to view your own system 2019-07-15 18:06:28 +00:00			`{`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`var system = await _db.Execute(c => c.QuerySystem(User.CurrentSystem()));`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`return system.ToJson(User.ContextFor(system));`
Add an endpoint to view your own system 2019-07-15 18:06:28 +00:00			`}`

Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`[HttpGet("{hid}")]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<JObject>> GetSystem(string hid)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`var system = await _data.GetSystemByHid(hid);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`if (system == null) return NotFound("System not found.");`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`return Ok(system.ToJson(User.ContextFor(system)));`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`[HttpGet("{hid}/members")]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<IEnumerable<JObject>>> GetMembers(string hid)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`var system = await _data.GetSystemByHid(hid);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`if (system == null) return NotFound("System not found.");`

Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`if (!system.MemberListPrivacy.CanAccess(User.ContextFor(system)))`
Add system and member privacy support 2020-01-11 15:49:20 +00:00			`return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view member list.");`

Add front history pagination; upgrade more store methods 2020-01-17 23:58:35 +00:00			`var members = _data.GetSystemMembers(system);`
			`return Ok(await members`
Feature/granular member privacy (#174) * Some reasons this needs to exist for it to run on my machine? I don't think it would hurt to have it in other machines so * Add options to member model * Add Privacy to member embed * Added member privacy display list * Update database settings * apparetnly this is nolonger needed? * Fix sql call * Fix more sql errors * Added in settings control * Add all subject to system privacy * Basic API Privacy * Name privacy in logs * update todo * remove CheckReadMemberPermission * Added name privacy to log embed * update todo * Update todo * Update api to handle privacy * update todo * Update systemlist full to respect privacy (as well as system list) * include colour as option for member privacy subject * move todo file (why was it there?) * Update TODO.md * Update TODO.md * Update TODO.md * Deleted to create pr * Update command usage and add to the command tree * Make api respect created privacy * Add editing privacy through the api * Fix pronoun privacy field in api * Fix info leak of display name in api * deprecate privacy field in api * Deprecate privacy diffrently * Update API * Update documentation * Update documentation * Remove comment in yml * Update userguide * Update migration (fix typo in 5.sql too) * Sanatize names * some full stops * Fix after merge * update migration * update schema version * update edit command * update privacy filter * fix a dumb mistake * clarify on what name privacy does * make it easier on someone else * Update docs * Comment out unused code * Add aliases for `member privacy all public` and `member privacy all private` 2020-06-17 19:31:39 +00:00			`.Where(m => m.MemberVisibility.CanAccess(User.ContextFor(system)))`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`.Select(m => m.ToJson(User.ContextFor(system)))`
Add front history pagination; upgrade more store methods 2020-01-17 23:58:35 +00:00			`.ToListAsync());`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`[HttpGet("{hid}/switches")]`
			`public async Task<ActionResult<IEnumerable<SwitchesReturn>>> GetSwitches(string hid, [FromQuery(Name = "before")] Instant? before)`
			`{`
Version API endpoints 2019-07-09 22:23:41 +00:00			`if (before == null) before = SystemClock.Instance.GetCurrentInstant();`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`var system = await _data.GetSystemByHid(hid);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`if (system == null) return NotFound("System not found.");`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00
			`var auth = await _auth.AuthorizeAsync(User, system, "ViewFrontHistory");`
			`if (!auth.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view front history.");`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`using (var conn = await _db.Obtain())`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00			`{`
			`var res = await conn.QueryAsync<SwitchesReturn>(`
			`@"select *, array(`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`select members.hid from switch_members, members`
			`where switch_members.switch = switches.id and members.id = switch_members.member`
			`) as members from switches`
			`where switches.system = @System and switches.timestamp < @Before`
			`order by switches.timestamp desc`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00			`limit 100;", new {System = system.Id, Before = before});`
			`return Ok(res);`
			`}`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`[HttpGet("{hid}/fronters")]`
			`public async Task<ActionResult<FrontersReturn>> GetFronters(string hid)`
			`{`
Refactor data stores, merging the Store classes 2019-10-26 17:45:30 +00:00			`var system = await _data.GetSystemByHid(hid);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`if (system == null) return NotFound("System not found.");`

Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`var auth = await _auth.AuthorizeAsync(User, system, "ViewFront");`
			`if (!auth.Succeeded) return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view fronter.");`
Add system and member privacy support 2020-01-11 15:49:20 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`var sw = await _data.GetLatestSwitch(system.Id);`
Fix API system fronter endpoint crashing on system with no switches 2019-07-10 10:54:54 +00:00			`if (sw == null) return NotFound("System has no registered switches.");`

Upgrade various store methods to IAsyncEnumerable 2020-01-17 23:02:17 +00:00			`var members = _data.GetSwitchMembers(sw);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`return Ok(new FrontersReturn`
			`{`
			`Timestamp = sw.Timestamp,`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`Members = await members.Select(m => m.ToJson(User.ContextFor(system))).ToListAsync()`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`});`
			`}`

			`[HttpPatch]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<JObject>> EditSystem([FromBody] JObject changes)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`{`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`var system = await _db.Execute(c => c.QuerySystem(User.CurrentSystem()));`

			`SystemPatch patch;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`try`
			`{`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`patch = JsonModelExt.ToSystemPatch(changes);`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`}`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`catch (JsonModelParseError e)`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`{`
			`return BadRequest(e.Message);`
			`}`

Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`await _db.Execute(conn => conn.UpdateSystem(system.Id, patch));`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`return Ok(system.ToJson(User.ContextFor(system)));`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`}`

			`[HttpPost("switches")]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`public async Task<IActionResult> PostSwitch([FromBody] PostSwitchParams param)`
			`{`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`if (param.Members.Distinct().Count() != param.Members.Count)`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`return BadRequest("Duplicate members in member list.");`

			`// We get the current switch, if it exists`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`var latestSwitch = await _data.GetLatestSwitch(User.CurrentSystem());`
Fix error when switching with no previous switches 2019-07-18 10:09:19 +00:00			`if (latestSwitch != null)`
			`{`
Upgrade various store methods to IAsyncEnumerable 2020-01-17 23:02:17 +00:00			`var latestSwitchMembers = _data.GetSwitchMembers(latestSwitch);`
Fix error when switching with no previous switches 2019-07-18 10:09:19 +00:00
			`// Bail if this switch is identical to the latest one`
Upgrade various store methods to IAsyncEnumerable 2020-01-17 23:02:17 +00:00			`if (await latestSwitchMembers.Select(m => m.Hid).SequenceEqualAsync(param.Members.ToAsyncEnumerable()))`
Fix error when switching with no previous switches 2019-07-18 10:09:19 +00:00			`return BadRequest("New members identical to existing fronters.");`
			`}`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00
			`// Resolve member objects for all given IDs`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00			`IEnumerable<PKMember> membersList;`
Move system updates to the same patch system as members 2020-06-29 12:39:19 +00:00			`using (var conn = await _db.Obtain())`
Fix database connection pool contention (maybe) Instead of acquiring a connection per service per request, we acquire connections more often but at a more granular level, meaning they're also disposed of more quickly instead of staying for a long time in case of long-running commands or leaks. 2019-07-11 19:25:23 +00:00			`membersList = (await conn.QueryAsync<PKMember>("select * from members where hid = any(@Hids)", new {Hids = param.Members})).ToList();`

Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`foreach (var member in membersList)`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`if (member.System != User.CurrentSystem())`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`return BadRequest($"Cannot switch to member '{member.Hid}' not in system.");`

			`// membersList is in DB order, and we want it in actual input order`
			`// so we go through a dict and map the original input appropriately`
			`var membersDict = membersList.ToDictionary(m => m.Hid);`

			`var membersInOrder = new List<PKMember>();`
			`// We do this without .Select() since we want to have the early return bail if it doesn't find the member`
			`foreach (var givenMemberId in param.Members)`
			`{`
			`if (!membersDict.TryGetValue(givenMemberId, out var member)) return BadRequest($"Member '{givenMemberId}' not found.");`
			`membersInOrder.Add(member);`
			`}`

			`// Finally, log the switch (yay!)`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`await _data.AddSwitch(User.CurrentSystem(), membersInOrder);`
Add basic API, only with system endpoints 2019-07-09 18:39:29 +00:00			`return NoContent();`
			`}`
			`}`
			`}`