always better

8 years ago · f4d988b26c
parent 367b68e093
commit f4d988b26c
10 changed files with 102 additions and 28 deletions
--- a/Yavsc/ApiControllers/ChatApiController.cs
+++ b/Yavsc/ApiControllers/ChatApiController.cs
@ -6,18 +6,27 @@ using Microsoft.Data.Entity;

 namespace Yavsc.Controllers
 {
+    using System.Threading.Tasks;
+    using Microsoft.AspNet.Identity;
    using Models;
    using ViewModels.Chat;
    [Route("api/chat")]
    public class ChatApiController : Controller
    {
+        ApplicationDbContext dbContext;
+        UserManager<ApplicationUser> userManager;
+        public ChatApiController(ApplicationDbContext dbContext,
+        UserManager<ApplicationUser> userManager)
+        {
+            this.dbContext = dbContext;
+            this.userManager = userManager;
+        }

        [HttpGet("users")]
-        public List<ChatUserInfo> GetUserList()
+        public async Task<List<ChatUserInfo>> GetUserList()
        {
-            using (var db = new ApplicationDbContext()) {
      
-                var cxsQuery = db.Connections.Include(c=>c.Owner).GroupBy( c => c.ApplicationUserId );
+            var cxsQuery = dbContext.Connections.Include(c=>c.Owner).GroupBy( c => c.ApplicationUserId );

            List<ChatUserInfo> result = new List<ChatUserInfo>();

@ -25,14 +34,15 @@ namespace Yavsc.Controllers

                var uid = g.Key;
                var cxs = g.ToList();
+                if (cxs.Count>0) {
                    var user = cxs.First().Owner;
                    
                    result.Add(new ChatUserInfo { UserName = user.UserName,
-                    UserId = user.Id, Avatar = user.Avatar, Connections = cxs } );
-
+                    UserId = user.Id, Avatar = user.Avatar, Connections = cxs,
+                    Roles = ( await userManager.GetRolesAsync(user) ).ToArray() } );
                }
-               return result;
            }
+            return result;
        }
    }
 }
--- a/Yavsc/Startup/Startup.FileServer.cs
+++ b/Yavsc/Startup/Startup.FileServer.cs
@ -1,9 +1,12 @@
 using System.IO;
+using System.Security.Claims;
+using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.FileProviders;
 using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.StaticFiles;
+using Yavsc.ViewModels.Auth;

 namespace Yavsc
 {
@ -14,7 +17,7 @@ namespace Yavsc

        public static FileServerOptions AvatarsOptions { get; set; }
        public void ConfigureFileServerApp(IApplicationBuilder app,
-                SiteSettings siteSettings, IHostingEnvironment env)
+                SiteSettings siteSettings, IHostingEnvironment env, IAuthorizationService authorizationService)
        {
            var userFilesDirInfo = new DirectoryInfo( siteSettings.UserFiles.Blog );
            UserFilesDirName =  userFilesDirInfo.FullName;
@ -27,6 +30,14 @@ namespace Yavsc
                RequestPath = new PathString(Constants.UserFilesPath),
                EnableDirectoryBrowsing = env.IsDevelopment()
            };
+
+            UserFilesOptions.StaticFileOptions.OnPrepareResponse += async context =>
+             {
+                 var uname = context.Context.User.GetUserName();
+                 var path = context.Context.Request.Path;
+                 var result = await authorizationService.AuthorizeAsync(context.Context.User, new ViewFileContext 
+                 { UserName = uname, File = context.File, Path = path } , new ViewRequirement());
+             };
            var avatarsDirInfo = new DirectoryInfo(Startup.SiteSetup.UserFiles.Avatars);
            if (!avatarsDirInfo.Exists) avatarsDirInfo.Create();
            AvatarsDirName = avatarsDirInfo.FullName;
--- a/Yavsc/Startup/Startup.cs
+++ b/Yavsc/Startup/Startup.cs
@ -183,6 +183,7 @@ namespace Yavsc
            services.AddSingleton<IAuthorizationHandler, CommandViewHandler>();
            services.AddSingleton<IAuthorizationHandler, PostUserFileHandler>();
            services.AddSingleton<IAuthorizationHandler, EstimateViewHandler>();
+            services.AddSingleton<IAuthorizationHandler, ViewFileHandler>();

            services.AddMvc(config =>
            {
@ -230,6 +231,7 @@ namespace Yavsc
        IOptions<RequestLocalizationOptions> localizationOptions,
        IOptions<OAuth2AppSettings> oauth2SettingsContainer,
        RoleManager<IdentityRole> roleManager,
+        IAuthorizationService authorizationService,
         ILoggerFactory loggerFactory)
        {
            SiteSetup = siteSettings.Value;
@ -330,7 +332,7 @@ namespace Yavsc
            Audience = siteSettings.Value.Audience;

            ConfigureOAuthApp(app, siteSettings.Value);
-            ConfigureFileServerApp(app, siteSettings.Value, env);
+            ConfigureFileServerApp(app, siteSettings.Value, env, authorizationService);
            ConfigureWebSocketsApp(app, siteSettings.Value, env);

            app.UseRequestLocalization(localizationOptions.Value, (RequestCulture)new RequestCulture((string)"en"));
--- a/Yavsc/ViewModels/Auth/AuthorisationHandlers.cs
+++ b/Yavsc/ViewModels/Auth/AuthorisationHandlers.cs
@ -54,7 +54,18 @@ namespace Yavsc {

    }
    
-
+    public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext>
+    {
+        protected override void Handle(AuthorizationContext context, ViewRequirement requirement,  ViewFileContext fileContext)
+        {
+            // TODO file access rules
+            if (fileContext.Path.StartsWith("/pub/"))
+                context.Succeed(requirement);
+            else {
+                context.Succeed(requirement);
+            }
+        }
+    }

    public class CommandViewHandler : AuthorizationHandler<ViewRequirement, BookQuery>
    {
--- a/Yavsc/ViewModels/Auth/ViewFileContext.cs
+++ b/Yavsc/ViewModels/Auth/ViewFileContext.cs
@ -0,0 +1,11 @@
+using Microsoft.AspNet.FileProviders;
+
+namespace Yavsc.ViewModels.Auth
+{
+    public class ViewFileContext
+    {
+        public string UserName { get; set; }
+        public IFileInfo File { get; set; }
+        public string Path { get; set; }
+    }
+}
--- a/Yavsc/ViewModels/Chat/ChatUserInfo.cs
+++ b/Yavsc/ViewModels/Chat/ChatUserInfo.cs
@ -13,5 +13,7 @@ public class ChatUserInfo

            public string Avatar { get; set; }

+            public string[] Roles { get; set; }
+
        }
 }
--- a/Yavsc/Views/Home/Chat.cshtml
+++ b/Yavsc/Views/Home/Chat.cshtml
@ -52,14 +52,18 @@
            var getUsers = function() {
                    $('#userlist').empty();
                    $('#to').empty();
-                    chat.server.getUserList().done(
+                    $.get("/api/chat/users").done(
                        function(users) {
                            $.each(users, function () {
                                var user = this;
-                                document.userList[user.UserId]=user;
-                                $('#userlist').append('<li class="user">' + htmlEncode(user.UserName) + '</li>');
-
-                                $('#to').append('<option value="'+user.UserId+'">'+user.UserName+'</option>');
+                                var li = $('<li class="user">'+htmlEncode(user.UserName)+'</li>');
+                                var cxids = [];
+                                $.each(user.Connections,function() {
+                                    cxids.push(this.ConnectionId);
+                                });
+                                li.data("name",user.UserName);
+                                li.data("cxids",cxids);
+                                li.appendTo('#userlist');

                            });
                        }
@ -80,11 +84,35 @@
                $('#discussion').append('<li class="pv"><strong>' + htmlEncode(name)
                    + '</strong>: ' + htmlEncode(message) + '</li>');
            };
-            var onUserConnected =  function (cxid, username) {
-                 $('#userlist').append('<li class="user">'+username+'</li>')
-            };
+            $.fn.filterByData = function(prop, val) {
+                return this.filter(
+                    function() { return $(this).data(prop)==val; }
+                );
+            }
+
            var onUserDisconnected = function (cxid, username) {
-                 $('#userlist li[data-uid='+cxid+']').remove();
+                 $('#userlist li').filter (function() { 
+                     var nids = $(this).data("cxids").filter(function() { 
+                         return $(this) !== cxid
+                     });
+                     if (nids.Length==0) $(this).remove();
+                     else $(this).data("cxids",nids)
+                     });
+            };
+            var onUserConnected =  function (cxid, username) {
+                var connected = $('#userlist li').filterByData("name",username);
+                if (connected.length>0) {
+                    console.log(connected);
+                    var ids = connected.data("cxids");
+                    console.log(ids);
+                    ids.push(cxid);
+                    connected.data("cxids",ids);
+                } else {
+                    var li = $('<li class="user">'+username+'</li>');
+                    li.data("name",username);
+                    li.data("cxids",[cxid]);
+                    li.appendTo('#userlist');
+                }
            };
            chat.client.notify = function (tag, message, data) {
                if (data) {
--- a/Yavsc/Views/Shared/_Layout.cshtml
+++ b/Yavsc/Views/Shared/_Layout.cshtml
@ -45,11 +45,10 @@
                </div>
                <div class="navbar-collapse collapse">
                    <ul class="nav navbar-nav">
-                        <li><a asp-controller="Home" asp-action="Index" class="navbar-link">@SR["Home"]</a></li>
                        <li><a asp-controller="Blogspot" asp-action="Index" class="navbar-link">@SR["Blogs"]</a></li>
-                        <li><a asp-controller="Home" asp-action="About" class="navbar-link">@SR["About"] @SiteSettings.Value.Title</a> </li>
                        <li><a asp-controller="Home" asp-action="Chat" class="navbar-link">@SR["Chat"]</a></li>
                        <li><a asp-controller="Home" asp-action="Contact" class="navbar-link">@SR["Contact"]</a></li>
+                        <li><a asp-controller="Home" asp-action="About" class="navbar-link">@SR["About"] @SiteSettings.Value.Title</a> </li>
                    </ul>
                    @await Html.PartialAsync("_LoginPartial")
                </div>
--- a/Yavsc/package.json
+++ b/Yavsc/package.json
@ -1,5 +1,5 @@
 {
-  "name": "Yavsc",
+  "name": "yavsc",
  "version": "0.0.0",
  "devDependencies": {
    "grunt": "^1.0.1",
--- a/testOauthClient/wwwroot/lib/bootstrap/dist/css/bootstrap.min.css
+++ b/testOauthClient/wwwroot/lib/bootstrap/dist/css/bootstrap.min.css