From 6fb5a83183ae58bc731e3da8c6dda823ac6e2f87 Mon Sep 17 00:00:00 2001 From: Polianin Nikita Date: Sat, 1 Jun 2024 08:18:27 +0300 Subject: [PATCH 1/3] feat: add model to endpoint --- Endpoint/Common/Model/Admin.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 Endpoint/Common/Model/Admin.cs diff --git a/Endpoint/Common/Model/Admin.cs b/Endpoint/Common/Model/Admin.cs new file mode 100644 index 0000000..59e4b60 --- /dev/null +++ b/Endpoint/Common/Model/Admin.cs @@ -0,0 +1,10 @@ +namespace Mirea.Api.Endpoint.Common.Model; + +public class Admin +{ + public const string PathToSave = "admin.json"; + public required string Username { get; set; } + public required string Email { get; set; } + public required string PasswordHash { get; set; } + public required string Salt { get; set; } +} \ No newline at end of file From bba943173354d3aeba0f2dece4c3524ec730a015 Mon Sep 17 00:00:00 2001 From: Polianin Nikita Date: Sat, 1 Jun 2024 08:19:26 +0300 Subject: [PATCH 2/3] feat: add data checks --- Endpoint/Controllers/Configuration/SetupController.cs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Endpoint/Controllers/Configuration/SetupController.cs b/Endpoint/Controllers/Configuration/SetupController.cs index 1c9d275..adc1695 100644 --- a/Endpoint/Controllers/Configuration/SetupController.cs +++ b/Endpoint/Controllers/Configuration/SetupController.cs @@ -8,19 +8,23 @@ using Mirea.Api.Dto.Requests.Configuration; using Mirea.Api.Endpoint.Common.Attributes; using Mirea.Api.Endpoint.Common.Exceptions; using Mirea.Api.Endpoint.Common.Interfaces; +using Mirea.Api.Endpoint.Common.Model; using Mirea.Api.Endpoint.Common.Services; using Mirea.Api.Endpoint.Configuration.General; using Mirea.Api.Endpoint.Configuration.General.Settings; using Mirea.Api.Endpoint.Configuration.General.Validators; +using Mirea.Api.Security.Services; using MySqlConnector; using Npgsql; using StackExchange.Redis; using System; using System.Data; using System.IO; +using System.Net.Mail; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text.Json; +using System.Text.RegularExpressions; namespace Mirea.Api.Endpoint.Controllers.Configuration; @@ -199,8 +203,11 @@ public class SetupController(ISetupToken setupToken, IMaintenanceModeNotConfigur [BadRequestResponse] public ActionResult CreateAdmin([FromBody] CreateUserRequest user) { - // todo: change CreateUserRequest to Domain entity - cache.Set(CacheAdminKey, user); + if (user.Password.Length < 8 || !Regex.IsMatch(user.Password, "[A-Z]+") || !Regex.IsMatch(user.Password, "[!@#$%^&*]+")) + throw new ControllerArgumentException("The password must be at least 8 characters long and contain at least one uppercase letter and one special character."); + + if (!MailAddress.TryCreate(user.Email, out _)) + throw new ControllerArgumentException("The email address is incorrect."); return Ok(true); } From 2addd2aa786fbcfb582d74376701085f58deaaee Mon Sep 17 00:00:00 2001 From: Polianin Nikita Date: Sat, 1 Jun 2024 08:20:27 +0300 Subject: [PATCH 3/3] feat: use Admin model --- .../Configuration/SetupController.cs | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/Endpoint/Controllers/Configuration/SetupController.cs b/Endpoint/Controllers/Configuration/SetupController.cs index adc1695..9bda318 100644 --- a/Endpoint/Controllers/Configuration/SetupController.cs +++ b/Endpoint/Controllers/Configuration/SetupController.cs @@ -32,7 +32,11 @@ namespace Mirea.Api.Endpoint.Controllers.Configuration; [ApiController] [MaintenanceModeIgnore] [ApiExplorerSettings(IgnoreApi = true)] -public class SetupController(ISetupToken setupToken, IMaintenanceModeNotConfigureService notConfigureService, IMemoryCache cache) : BaseController +public class SetupController( + ISetupToken setupToken, + IMaintenanceModeNotConfigureService notConfigureService, + IMemoryCache cache, + PasswordHashService passwordHashService) : BaseController { private const string CacheGeneralKey = "config_general"; private const string CacheAdminKey = "config_admin"; @@ -208,6 +212,18 @@ public class SetupController(ISetupToken setupToken, IMaintenanceModeNotConfigur if (!MailAddress.TryCreate(user.Email, out _)) throw new ControllerArgumentException("The email address is incorrect."); + + var (salt, hash) = passwordHashService.HashPassword(user.Password); + + var admin = new Admin + { + Username = user.Username, + Email = user.Email, + PasswordHash = hash, + Salt = salt + }; + + cache.Set(CacheAdminKey, admin); return Ok(true); } @@ -297,14 +313,13 @@ public class SetupController(ISetupToken setupToken, IMaintenanceModeNotConfigur if (!new SettingsRequiredValidator(GeneralConfig).AreSettingsValid()) throw new ControllerArgumentException("The necessary data has not been configured."); - // todo: change CreateUserRequest to Domain entity - if (!cache.TryGetValue(CacheAdminKey, out CreateUserRequest? user) || user == null) + if (!cache.TryGetValue(CacheAdminKey, out Admin? admin) || admin == null) throw new ControllerArgumentException("The administrator's data was not set."); if (System.IO.File.Exists(PathBuilder.Combine(GeneralConfig.FilePath))) System.IO.File.Delete(PathBuilder.Combine(GeneralConfig.FilePath)); - System.IO.File.WriteAllText(PathBuilder.Combine("admin.json"), JsonSerializer.Serialize(user)); + System.IO.File.WriteAllText(PathBuilder.Combine(Admin.PathToSave), JsonSerializer.Serialize(admin)); System.IO.File.WriteAllText( PathBuilder.Combine(GeneralConfig.FilePath),