PluralKit/PluralKit.API/Controllers/v1/MemberController.cs

using Dapper;

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

using Newtonsoft.Json.Linq;

using PluralKit.Core;

namespace PluralKit.API;

[ApiController]
[Route("v1/m")]
public class MemberController: ControllerBase
{
    private readonly IDatabase _db;
    private readonly ModelRepository _repo;
    private readonly IAuthorizationService _auth;

    public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)
    {
        _auth = auth;
        _db = db;
        _repo = repo;
    }

    [HttpGet("{hid}")]
    public async Task<ActionResult<JObject>> GetMember(string hid)
    {
        var member = await _repo.GetMemberByHid(hid);
        if (member == null) return NotFound("Member not found.");

        return Ok(member.ToJson(User.ContextFor(member), true));
    }

    [HttpPost]
    [Authorize]
    public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)
    {
        if (!properties.ContainsKey("name"))
            return BadRequest("Member name must be specified.");

        var systemId = User.CurrentSystem();
        var config = await _repo.GetSystemConfig(systemId);

        await using var conn = await _db.Obtain();

        // Enforce per-system member limit
        var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System",
            new { System = systemId });
        var memberLimit = config.MemberLimitOverride ?? Limits.MaxMemberCount;
        if (memberCount >= memberLimit)
            return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");

        await using var tx = await conn.BeginTransactionAsync();
        var member = await _repo.CreateMember(systemId, properties.Value<string>("name"), conn);

        var patch = MemberPatch.FromJSON(properties);

        patch.AssertIsValid();
        if (patch.Errors.Count > 0)
        {
            await tx.RollbackAsync();

            var err = patch.Errors[0];
            if (err is FieldTooLongError)
                return BadRequest($"Field {err.Key} is too long "
                                  + $"({(err as FieldTooLongError).ActualLength} > {(err as FieldTooLongError).MaxLength}).");
            if (err.Text != null)
                return BadRequest(err.Text);
            return BadRequest($"Field {err.Key} is invalid.");
        }

        member = await _repo.UpdateMember(member.Id, patch, conn);
        await tx.CommitAsync();
        return Ok(member.ToJson(User.ContextFor(member), true));
    }

    [HttpPatch("{hid}")]
    [Authorize]
    public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)
    {
        var member = await _repo.GetMemberByHid(hid);
        if (member == null) return NotFound("Member not found.");

        var res = await _auth.AuthorizeAsync(User, member, "EditMember");
        if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");

        var patch = MemberPatch.FromJSON(changes);

        patch.AssertIsValid();
        if (patch.Errors.Count > 0)
        {
            var err = patch.Errors[0];
            if (err is FieldTooLongError)
                return BadRequest($"Field {err.Key} is too long "
                                  + $"({(err as FieldTooLongError).ActualLength} > {(err as FieldTooLongError).MaxLength}).");
            if (err.Text != null)
                return BadRequest(err.Text);
            return BadRequest($"Field {err.Key} is invalid.");
        }

        var newMember = await _repo.UpdateMember(member.Id, patch);
        return Ok(newMember.ToJson(User.ContextFor(newMember), true));
    }

    [HttpDelete("{hid}")]
    [Authorize]
    public async Task<ActionResult> DeleteMember(string hid)
    {
        var member = await _repo.GetMemberByHid(hid);
        if (member == null) return NotFound("Member not found.");

        var res = await _auth.AuthorizeAsync(User, member, "EditMember");
        if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");

        await _repo.DeleteMember(member.Id);
        return Ok();
    }
}
Retire more IDataStore methods 2020-06-29 12:54:11 +00:00			`using Dapper;`

Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`using Microsoft.AspNetCore.Authorization;`
Add member routes to API 2019-07-09 22:19:18 +00:00			`using Microsoft.AspNetCore.Mvc;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00
			`using Newtonsoft.Json.Linq;`

Add member routes to API 2019-07-09 22:19:18 +00:00			`using PluralKit.Core;`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`namespace PluralKit.API;`

			`[ApiController]`
refactor: remove asp.net versioning 2022-01-20 00:25:04 +00:00			`[Route("v1/m")]`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`public class MemberController: ControllerBase`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`private readonly IDatabase _db;`
			`private readonly ModelRepository _repo;`
			`private readonly IAuthorizationService _auth;`

			`public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`_auth = auth;`
			`_db = db;`
			`_repo = repo;`
			`}`
Add member routes to API 2019-07-09 22:19:18 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`[HttpGet("{hid}")]`
			`public async Task<ActionResult<JObject>> GetMember(string hid)`
			`{`
			`var member = await _repo.GetMemberByHid(hid);`
			`if (member == null) return NotFound("Member not found.");`
Add member routes to API 2019-07-09 22:19:18 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`return Ok(member.ToJson(User.ContextFor(member), true));`
			`}`
Add member routes to API 2019-07-09 22:19:18 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`[HttpPost]`
			`[Authorize]`
			`public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)`
			`{`
			`if (!properties.ContainsKey("name"))`
			`return BadRequest("Member name must be specified.");`

			`var systemId = User.CurrentSystem();`
feat: pk;config 2021-11-30 02:35:21 +00:00			`var config = await _repo.GetSystemConfig(systemId);`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00
			`await using var conn = await _db.Obtain();`

			`// Enforce per-system member limit`
			`var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System",`
			`new { System = systemId });`
feat: pk;config 2021-11-30 02:35:21 +00:00			`var memberLimit = config.MemberLimitOverride ?? Limits.MaxMemberCount;`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`if (memberCount >= memberLimit)`
			`return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");`
Add member routes to API 2019-07-09 22:19:18 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`await using var tx = await conn.BeginTransactionAsync();`
			`var member = await _repo.CreateMember(systemId, properties.Value<string>("name"), conn);`

			`var patch = MemberPatch.FromJSON(properties);`

			`patch.AssertIsValid();`
			`if (patch.Errors.Count > 0)`
Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`await tx.RollbackAsync();`

			`var err = patch.Errors[0];`
			`if (err is FieldTooLongError)`
			`return BadRequest($"Field {err.Key} is too long "`
			`+ $"({(err as FieldTooLongError).ActualLength} > {(err as FieldTooLongError).MaxLength}).");`
			`if (err.Text != null)`
			`return BadRequest(err.Text);`
			`return BadRequest($"Field {err.Key} is invalid.");`
Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00			`}`

feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`member = await _repo.UpdateMember(member.Id, patch, conn);`
			`await tx.CommitAsync();`
			`return Ok(member.ToJson(User.ContextFor(member), true));`
			`}`

			`[HttpPatch("{hid}")]`
			`[Authorize]`
			`public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)`
			`{`
			`var member = await _repo.GetMemberByHid(hid);`
			`if (member == null) return NotFound("Member not found.");`

			`var res = await _auth.AuthorizeAsync(User, member, "EditMember");`
			`if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");`

			`var patch = MemberPatch.FromJSON(changes);`

			`patch.AssertIsValid();`
			`if (patch.Errors.Count > 0)`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`var err = patch.Errors[0];`
			`if (err is FieldTooLongError)`
			`return BadRequest($"Field {err.Key} is too long "`
			`+ $"({(err as FieldTooLongError).ActualLength} > {(err as FieldTooLongError).MaxLength}).");`
			`if (err.Text != null)`
			`return BadRequest(err.Text);`
			`return BadRequest($"Field {err.Key} is invalid.");`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`var newMember = await _repo.UpdateMember(member.Id, patch);`
			`return Ok(newMember.ToJson(User.ContextFor(newMember), true));`
			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`[HttpDelete("{hid}")]`
			`[Authorize]`
			`public async Task<ActionResult> DeleteMember(string hid)`
			`{`
			`var member = await _repo.GetMemberByHid(hid);`
			`if (member == null) return NotFound("Member not found.");`
Retire more IDataStore methods 2020-06-29 12:54:11 +00:00
feat: upgrade to .NET 6, refactor everything 2021-11-27 02:10:56 +00:00			`var res = await _auth.AuthorizeAsync(User, member, "EditMember");`
			`if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");`

			`await _repo.DeleteMember(member.Id);`
			`return Ok();`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00			`}`