Merge in from auth branch

kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs

@@ -1,5 +1,6 @@
 using kabinizer_api.Dtos.BookingRequest;
 using kabinizer_api.Model;
+using kabinizer_api.Services;
 using kabinizer_api.Services.Export;
 using kabinizer_data;
 using kabinizer_data.Entities;
@@ -13,38 +14,29 @@ namespace kabinizer_api.Controllers;
 public class BookingRequestController : ControllerBase
 {
     private readonly EntityContext entityContext;
+    private readonly ITokenService tokenService;
 
-    public BookingRequestController(EntityContext entityContext)
+    public BookingRequestController(EntityContext entityContext, ITokenService tokenService)
     {
         this.entityContext = entityContext;
+        this.tokenService = tokenService;
     }
 
     [HttpGet]
     public IEnumerable<BookingRequest> GetBookingRequests()
     {
+        var currentUserId = tokenService.GetUserId();
         return entityContext.BookingRequests
-            .Select(BookingRequest.FromEntity);
+            .Where(b => b.UserId == currentUserId)
+            .AsEnumerable().Select(BookingRequest.FromModel);
     }
 
-    [HttpGet]
-    [Route("user")]
-    public IEnumerable<BookingRequest> GetBookingRequestsForUser()
-    {
-        // TODO: use authed user
-        return entityContext.BookingRequests
-            .Where(e => e.UserId == new Guid("EADD8F73-8B7A-4188-BFF8-8C80E6CB98FA"))
-            .ToList()
-            .Select(BookingRequest.FromEntity);
-    }
-
-
     [HttpPost]
     public void AddBookingRequests([Required] IEnumerable<CreateBookingRequestDto> r)
     {
-        // TODO: use authed user
+        var currentUserId = tokenService.GetUserId();
         IEnumerable<BookingRequestEntity> bookingRequestEntities =
-            r.Select(e => new BookingRequestEntity(new Guid("EADD8F73-8B7A-4188-BFF8-8C80E6CB98FA"), e.PeriodId));
-        //r.Select(e => new BookingRequestEntity(e.UserId, e.PeriodId));
+            r.Select(e => new BookingRequestEntity(currentUserId, e.PeriodId));
 
         entityContext.BookingRequests.AddRange(bookingRequestEntities);
         entityContext.SaveChanges();
@@ -53,7 +45,15 @@ public void AddBookingRequests([Required] IEnumerable<CreateBookingRequestDto> r
     [HttpDelete]
     public bool DeleteBookingRequest([Required] Guid bookingRequestId)
     {
+        var currentUserId = tokenService.GetUserId();
+
         BookingRequestEntity entityToRemove = entityContext.BookingRequests.Single(br => br.Id == bookingRequestId);
+
+        if (entityToRemove.UserId != currentUserId)
+        {
+            throw new Exception("You cannot remove a booking request for another user");
+        }
+
         entityContext.BookingRequests.Remove(entityToRemove);
         entityContext.SaveChanges();
         return true;

kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs

@@ -4,7 +4,7 @@ namespace kabinizer_api.Model;
 
 public record BookingRequest(Guid Id, Guid UserId, Guid PeriodId)
 {
-    public static BookingRequest FromEntity(BookingRequestEntity e)
+    public static BookingRequest FromModel(BookingRequestEntity e)
     {
         return new BookingRequest(e.Id, e.UserId, e.PeriodId);
     }

kabinizer-back-end/kabinizer-api/Program.cs

@@ -1,20 +1,27 @@
 using kabinizer_api.Services;
 using kabinizer_api.Services.Draw;
 using kabinizer_data;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Identity.Web;
 
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddScoped<DrawService>();
 builder.Services.AddScoped<PeriodService>();
 
 // Add services to the container.
-builder.Services.AddControllers();
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("EntraID"));
 
 
 builder.Services.AddDbContext<EntityContext>(o =>
     o.UseSqlServer(builder.Configuration.GetConnectionString("KabinizerConnection")));
 
+builder.Services.AddScoped<ITokenService, TokenService>();
+
+builder.Services.AddControllers();
+
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
@@ -26,9 +33,10 @@
 
 app.UseHttpsRedirection();
 
+app.UseAuthentication();
 app.UseAuthorization();
 
-app.MapControllers();
+app.MapControllers().RequireAuthorization();
 
 // Migrate db
 using (var scope = app.Services.CreateScope())

kabinizer-back-end/kabinizer-api/Services/ITokenService.cs

@@ -0,0 +1,6 @@
+namespace kabinizer_api.Services;
+
+public interface ITokenService
+{
+    Guid GetUserId();
+}

kabinizer-back-end/kabinizer-api/Services/TokenService.cs

@@ -0,0 +1,17 @@
+namespace kabinizer_api.Services;
+
+public class TokenService : ITokenService
+{
+    private readonly IHttpContextAccessor _httpContextAccessor;
+
+    public TokenService(IHttpContextAccessor httpContextAccessor)
+    {
+        _httpContextAccessor = httpContextAccessor;
+    }
+
+    public Guid GetUserId()
+    {
+        var guid = _httpContextAccessor.HttpContext.User.Claims.First(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
+        return new Guid(guid);
+    }
+}

kabinizer-back-end/kabinizer-api/kabinizer-api.csproj

@@ -5,6 +5,7 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <RootNamespace>kabinizer_api</RootNamespace>
+    <UserSecretsId>ae423604-4603-4f57-a55b-f051618b4e17</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
@@ -14,6 +15,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="Microsoft.Identity.Web" Version="2.14.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>