PluralKit/PluralKit.API/Controllers/v1/MemberController.cs

using System;
using System.Threading.Tasks;

using Dapper;

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

using Newtonsoft.Json.Linq;

using PluralKit.Core;

namespace PluralKit.API
{
    [ApiController]
    [ApiVersion("1.0")]
    [Route("v{version:apiVersion}/m")]
    public class MemberController: ControllerBase
    {
        private readonly IDatabase _db;
        private readonly ModelRepository _repo;
        private readonly IAuthorizationService _auth;

        public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)
        {
            _auth = auth;
            _db = db;
            _repo = repo;
        }

        [HttpGet("{hid}")]
        public async Task<ActionResult<JObject>> GetMember(string hid)
        {
            var member = await _repo.GetMemberByHid(hid);
            if (member == null) return NotFound("Member not found.");

            return Ok(member.ToJson(User.ContextFor(member), needsLegacyProxyTags: true));
        }

        [HttpPost]
        [Authorize]
        public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)
        {
            if (!properties.ContainsKey("name"))
                return BadRequest("Member name must be specified.");

            var systemId = User.CurrentSystem();
            var systemData = await _repo.GetSystem(systemId);

            await using var conn = await _db.Obtain();

            // Enforce per-system member limit
            var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System", new { System = systemId });
            var memberLimit = systemData?.MemberLimitOverride ?? Limits.MaxMemberCount;
            if (memberCount >= memberLimit)
                return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");

            await using var tx = await conn.BeginTransactionAsync();
            var member = await _repo.CreateMember(systemId, properties.Value<string>("name"), conn);

            MemberPatch patch;
            try
            {
                patch = MemberPatch.FromJSON(properties);
                patch.AssertIsValid();
            }
            catch (FieldTooLongError e)
            {
                await tx.RollbackAsync();
                return BadRequest(e.Message);
            }
            catch (ValidationError e)
            {
                await tx.RollbackAsync();
                return BadRequest($"Request field '{e.Message}' is invalid.");
            }

            member = await _repo.UpdateMember(member.Id, patch, conn);
            await tx.CommitAsync();
            return Ok(member.ToJson(User.ContextFor(member), needsLegacyProxyTags: true));
        }

        [HttpPatch("{hid}")]
        [Authorize]
        public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)
        {
            var member = await _repo.GetMemberByHid(hid);
            if (member == null) return NotFound("Member not found.");

            var res = await _auth.AuthorizeAsync(User, member, "EditMember");
            if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");

            MemberPatch patch;
            try
            {
                patch = MemberPatch.FromJSON(changes);
                patch.AssertIsValid();
            }
            catch (FieldTooLongError e)
            {
                return BadRequest(e.Message);
            }
            catch (ValidationError e)
            {
                return BadRequest($"Request field '{e.Message}' is invalid.");
            }

            var newMember = await _repo.UpdateMember(member.Id, patch);
            return Ok(newMember.ToJson(User.ContextFor(newMember), needsLegacyProxyTags: true));
        }

        [HttpDelete("{hid}")]
        [Authorize]
        public async Task<ActionResult> DeleteMember(string hid)
        {
            var member = await _repo.GetMemberByHid(hid);
            if (member == null) return NotFound("Member not found.");

            var res = await _auth.AuthorizeAsync(User, member, "EditMember");
            if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");

            await _repo.DeleteMember(member.Id);
            return Ok();
        }
    }
}
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`using System;`
Add member routes to API 2019-07-09 22:19:18 +00:00			`using System.Threading.Tasks;`
Large refactor and project restructuring 2020-02-12 14:16:19 +00:00
Retire more IDataStore methods 2020-06-29 12:54:11 +00:00			`using Dapper;`

Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`using Microsoft.AspNetCore.Authorization;`
Add member routes to API 2019-07-09 22:19:18 +00:00			`using Microsoft.AspNetCore.Mvc;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00
			`using Newtonsoft.Json.Linq;`

Add member routes to API 2019-07-09 22:19:18 +00:00			`using PluralKit.Core;`

Large refactor and project restructuring 2020-02-12 14:16:19 +00:00			`namespace PluralKit.API`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
			`[ApiController]`
Integrate ApiVersioning library for ASP.NET 2020-05-07 02:39:49 +00:00			`[ApiVersion("1.0")]`
run dotnet format 2021-08-27 15:03:47 +00:00			`[Route("v{version:apiVersion}/m")]`
Add member routes to API 2019-07-09 22:19:18 +00:00			`public class MemberController: ControllerBase`
			`{`
Major database refactor (again) 2020-08-29 11:46:27 +00:00			`private readonly IDatabase _db;`
			`private readonly ModelRepository _repo;`
			`private readonly IAuthorizationService _auth;`
Add member routes to API 2019-07-09 22:19:18 +00:00
Major database refactor (again) 2020-08-29 11:46:27 +00:00			`public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
			`_auth = auth;`
Finally retire the PKMember setters! 2020-06-29 12:15:30 +00:00			`_db = db;`
Major database refactor (again) 2020-08-29 11:46:27 +00:00			`_repo = repo;`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`

			`[HttpGet("{hid}")]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<JObject>> GetMember(string hid)`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var member = await _repo.GetMemberByHid(hid);`
Add member routes to API 2019-07-09 22:19:18 +00:00			`if (member == null) return NotFound("Member not found.");`

feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`return Ok(member.ToJson(User.ContextFor(member), needsLegacyProxyTags: true));`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`

Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00			`[HttpPost]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)`
Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00			`{`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`if (!properties.ContainsKey("name"))`
			`return BadRequest("Member name must be specified.");`
run dotnet format 2021-08-27 15:03:47 +00:00
Add per-system member/group limit override 2020-10-09 10:18:29 +00:00			`var systemId = User.CurrentSystem();`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var systemData = await _repo.GetSystem(systemId);`
Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00
Retire more IDataStore methods 2020-06-29 12:54:11 +00:00			`await using var conn = await _db.Obtain();`

Added max member count to limits A given system can now have up to 1000 members. Within 50 members of that limit, a warning will display whenever a new member is created via the bot. Once the limit is reached, a final warning will appear indicating that no additional members can be created unless members are first deleted. Attempting to create a new member at that point by any method will result in an error message indicating that the limit has been reached. Respecting this in pk;import required some restructuring to tease apart which members already exist and which ones need to be created prior to creating any members as it seems preferable to fail early and give the user the ability to intervene rather than pushing the system to the member cap and requiring manual deletion of "lower priority" members before others can be created. One consequence of the restructure is that existing members are being read in bulk which is a performance improvement of 25-70% depending on how many switches need to be imported (the more members you have, the more noticeable this is). 2019-10-20 07:16:57 +00:00			`// Enforce per-system member limit`
run dotnet format 2021-08-27 15:03:47 +00:00			`var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System", new { System = systemId });`
Add per-system member/group limit override 2020-10-09 10:18:29 +00:00			`var memberLimit = systemData?.MemberLimitOverride ?? Limits.MaxMemberCount;`
			`if (memberCount >= memberLimit)`
			`return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");`
Added max member count to limits A given system can now have up to 1000 members. Within 50 members of that limit, a warning will display whenever a new member is created via the bot. Once the limit is reached, a final warning will appear indicating that no additional members can be created unless members are first deleted. Attempting to create a new member at that point by any method will result in an error message indicating that the limit has been reached. Respecting this in pk;import required some restructuring to tease apart which members already exist and which ones need to be created prior to creating any members as it seems preferable to fail early and give the user the ability to intervene rather than pushing the system to the member cap and requiring manual deletion of "lower priority" members before others can be created. One consequence of the restructure is that existing members are being read in bulk which is a performance improvement of 25-70% depending on how many switches need to be imported (the more members you have, the more noticeable this is). 2019-10-20 07:16:57 +00:00
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`await using var tx = await conn.BeginTransactionAsync();`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var member = await _repo.CreateMember(systemId, properties.Value<string>("name"), conn);`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00
Finally retire the PKMember setters! 2020-06-29 12:15:30 +00:00			`MemberPatch patch;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`try`
			`{`
refactor: move JsonModelExt to PluralKit.Core (in individual model/patch files) 2021-08-07 22:13:46 +00:00			`patch = MemberPatch.FromJSON(properties);`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`patch.AssertIsValid();`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`}`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`catch (FieldTooLongError e)`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`{`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`await tx.RollbackAsync();`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`return BadRequest(e.Message);`
			`}`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`catch (ValidationError e)`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`{`
			`await tx.RollbackAsync();`
			`return BadRequest($"Request field '{e.Message}' is invalid.");`
			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`member = await _repo.UpdateMember(member.Id, patch, conn);`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`await tx.CommitAsync();`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`return Ok(member.ToJson(User.ContextFor(member), needsLegacyProxyTags: true));`
Add endpoint to create new member by POST request 2019-07-27 03:37:23 +00:00			`}`

Add member routes to API 2019-07-09 22:19:18 +00:00			`[HttpPatch("{hid}")]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)`
Add member routes to API 2019-07-09 22:19:18 +00:00			`{`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var member = await _repo.GetMemberByHid(hid);`
Add member routes to API 2019-07-09 22:19:18 +00:00			`if (member == null) return NotFound("Member not found.");`
run dotnet format 2021-08-27 15:03:47 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`var res = await _auth.AuthorizeAsync(User, member, "EditMember");`
			`if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");`
Add member routes to API 2019-07-09 22:19:18 +00:00
Finally retire the PKMember setters! 2020-06-29 12:15:30 +00:00			`MemberPatch patch;`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`try`
			`{`
refactor: move JsonModelExt to PluralKit.Core (in individual model/patch files) 2021-08-07 22:13:46 +00:00			`patch = MemberPatch.FromJSON(changes);`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`patch.AssertIsValid();`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`}`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`catch (FieldTooLongError e)`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`{`
			`return BadRequest(e.Message);`
			`}`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`catch (ValidationError e)`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`{`
Update error string 2021-04-21 22:09:45 +00:00			`return BadRequest($"Request field '{e.Message}' is invalid.");`
API patch improvements - add PatchObject.CheckIsValid - use transaction when creating member, as to not create a member if the patch is invalid - return edited system in `PATCH /s` endpoint 2021-04-21 21:57:19 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var newMember = await _repo.UpdateMember(member.Id, patch);`
feat: refactor external input handling code - refactor import/export code - make import/export use the same JSON parsing as API - make Patch.AssertIsValid actually useful 2021-08-26 01:43:31 +00:00			`return Ok(newMember.ToJson(User.ContextFor(newMember), needsLegacyProxyTags: true));`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00
Add endpoint to delete members - Add endpoint to delete members through a DELETE request 2019-07-28 22:03:50 +00:00			`[HttpDelete("{hid}")]`
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`[Authorize]`
Upgrade API serialisation code to enable potential context-based serialisation 2019-12-28 14:52:59 +00:00			`public async Task<ActionResult> DeleteMember(string hid)`
Add endpoint to delete members - Add endpoint to delete members through a DELETE request 2019-07-28 22:03:50 +00:00			`{`
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`var member = await _repo.GetMemberByHid(hid);`
Add endpoint to delete members - Add endpoint to delete members through a DELETE request 2019-07-28 22:03:50 +00:00			`if (member == null) return NotFound("Member not found.");`
run dotnet format 2021-08-27 15:03:47 +00:00
Migrate API to ASP.NET Core Auth services + refactor 2020-06-15 23:15:59 +00:00			`var res = await _auth.AuthorizeAsync(User, member, "EditMember");`
			`if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");`
Retire more IDataStore methods 2020-06-29 12:54:11 +00:00
refactor: add SqlKata for SQL generation, move connection handling into ModelRepository 2021-09-30 01:51:38 +00:00			`await _repo.DeleteMember(member.Id);`
Add endpoint to delete members - Add endpoint to delete members through a DELETE request 2019-07-28 22:03:50 +00:00			`return Ok();`
			`}`
Add member routes to API 2019-07-09 22:19:18 +00:00			`}`
run dotnet format 2021-08-27 15:03:47 +00:00			`}`