Refaktorisierung: Absicherung von DB-Operationen und Verbesserung der Geschäftslogik
- Implementierung von LINQ-Abfragen innerhalb der Core-Bibliothek zur Minderung von SQL-Injection-Anfälligkeiten für DB-Operationen von Umschlägen und Empfängern. - Aktualisierung der Geschäftslogik in der Service-Schicht für verbessertes Transaktionshandling. - Erweiterung der ServiceMessage um eine neue Flag-Funktion zum Verfolgen von Cybersecurity- und Datenintegritätsproblemen. - Hinzufügen spezifischer Benutzerverhaltensflags zur besseren Erkennung und Behandlung potenzieller Datenverletzungen.
This commit is contained in:
Developer 02
@@ -14,13 +14,10 @@ namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
}
|
||||
|
||||
[NonAction]
|
||||
public override Task<IActionResult> GetAll()
|
||||
{
|
||||
return base.GetAll();
|
||||
}
|
||||
public override Task<IActionResult> GetAll() => base.GetAll();
|
||||
|
||||
[HttpGet]
|
||||
public virtual async Task<IActionResult> GetAll([FromQuery] string? envelopeKey = default, [FromQuery] bool withDocuments = false, [FromQuery] bool withReceivers = false, [FromQuery] bool withHistory = false, [FromQuery] bool withDocumentReceiverElement = false, [FromQuery] bool withAll = true)
|
||||
public async Task<IActionResult> GetAll([FromQuery] string? envelopeKey = default, [FromQuery] bool withDocuments = false, [FromQuery] bool withEnvelopeReceivers = false, [FromQuery] bool withHistory = false, [FromQuery] bool withDocumentReceiverElement = false, [FromQuery] bool withUser = false, [FromQuery] bool withAll = true)
|
||||
{
|
||||
if(envelopeKey is not null)
|
||||
{
|
||||
@@ -29,7 +26,7 @@ namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
var envlopeServiceResult = await _service.ReadByUuidAsync(
|
||||
uuid: decoded.EnvelopeUuid,
|
||||
signature: decoded.ReceiverSignature,
|
||||
withDocuments: withDocuments, withReceivers: withReceivers, withHistory: withHistory, withDocumentReceiverElement:withDocumentReceiverElement, withAll:withAll);
|
||||
withDocuments: withDocuments, withEnvelopeReceivers: withEnvelopeReceivers, withHistory: withHistory, withDocumentReceiverElement:withDocumentReceiverElement, withUser:withUser, withAll:withAll);
|
||||
|
||||
if (envlopeServiceResult.IsSuccess)
|
||||
{
|
||||
@@ -38,7 +35,7 @@ namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
var result = await _service.ReadAllWithAsync(documents: withDocuments, receivers: withReceivers, history: withHistory);
|
||||
var result = await _service.ReadAllWithAsync(documents: withDocuments, envelopeReceivers: withEnvelopeReceivers, history: withHistory);
|
||||
if (result.IsSuccess)
|
||||
{
|
||||
return Ok(result);
|
||||
|
||||
@@ -3,6 +3,7 @@ using EnvelopeGenerator.Application.Contracts;
|
||||
using EnvelopeGenerator.Application.DTOs;
|
||||
using EnvelopeGenerator.Domain.Entities;
|
||||
using EnvelopeGenerator.Infrastructure.Contracts;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
{
|
||||
@@ -10,7 +11,18 @@ namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
{
|
||||
public TestEnvelopeHistoryController(ILogger<TestEnvelopeHistoryController> logger, IEnvelopeHistoryService service) : base(logger, service)
|
||||
{
|
||||
}
|
||||
|
||||
[HttpGet("Count")]
|
||||
public async Task<IActionResult> Count(int? envelopeId = null, string? userReference = null, int? status = null)
|
||||
{
|
||||
return Ok(await _service.CountAsync(envelopeId, userReference, status));
|
||||
}
|
||||
|
||||
[HttpGet("is-ac-req")]
|
||||
public async Task<IActionResult> AccessCodeAlreadyRequested(int envelopeId, string userReference)
|
||||
{
|
||||
return Ok(await _service.AccessCodeAlreadyRequested(envelopeId, userReference));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,11 @@
|
||||
using DigitalData.Core.API;
|
||||
using DigitalData.Core.Application;
|
||||
using EnvelopeGenerator.Application.Contracts;
|
||||
using EnvelopeGenerator.Application.DTOs;
|
||||
using EnvelopeGenerator.Application.Services;
|
||||
using EnvelopeGenerator.Domain.Entities;
|
||||
using EnvelopeGenerator.Infrastructure.Contracts;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
{
|
||||
@@ -10,7 +13,38 @@ namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
{
|
||||
public TestEnvelopeReceiverController(ILogger<TestEnvelopeReceiverController> logger, IEnvelopeReceiverService service) : base(logger, service)
|
||||
{
|
||||
}
|
||||
|
||||
[HttpGet("verify-access-code/{envelope_receiver_id}")]
|
||||
public async Task<IActionResult> VerifyAccessCode([FromRoute] string envelope_receiver_id, [FromQuery] string access_code)
|
||||
{
|
||||
var verification = await _service.VerifyAccessCodeAsync(envelopeReceiverId:envelope_receiver_id, accessCode: access_code);
|
||||
|
||||
if (verification.IsSuccess)
|
||||
return Ok(verification);
|
||||
else if (verification.HasFlag(Flag.SecurityBreach))
|
||||
return Forbid();
|
||||
else if (verification.HasFlag(Flag.SecurityBreachOrDataIntegrity))
|
||||
return Conflict();
|
||||
else
|
||||
return this.InnerServiceError(verification);
|
||||
}
|
||||
|
||||
[HttpGet("e-r-id/{envelope_receiver_id}")]
|
||||
public async Task<IActionResult> GetByEnvelopeReceiverId([FromRoute] string envelope_receiver_id)
|
||||
{
|
||||
var er_result = await _service.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId: envelope_receiver_id);
|
||||
if (er_result.IsSuccess)
|
||||
return Ok(er_result);
|
||||
else
|
||||
return this.InnerServiceError(er_result);
|
||||
}
|
||||
|
||||
[HttpGet("decode")]
|
||||
public IActionResult DecodeEnvelopeReceiverId(string envelopeReceiverId)
|
||||
{
|
||||
var decoded = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
||||
return Ok(new { uuid = decoded.EnvelopeUuid, signature = decoded.ReceiverSignature });
|
||||
}
|
||||
}
|
||||
}
|
||||
60
EnvelopeGenerator.Web/Controllers/Test/TestViewController.cs
Normal file
60
EnvelopeGenerator.Web/Controllers/Test/TestViewController.cs
Normal file
@@ -0,0 +1,60 @@
|
||||
using EnvelopeGenerator.Application.Contracts;
|
||||
using EnvelopeGenerator.Common;
|
||||
using EnvelopeGenerator.Web.Services;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers.Test
|
||||
{
|
||||
public class TestViewController : BaseController
|
||||
{
|
||||
private readonly EnvelopeOldService envelopeOldService;
|
||||
private readonly IConfiguration _config;
|
||||
private readonly IEnvelopeReceiverService _envRcvService;
|
||||
private readonly IEnvelopeService _envelopeService;
|
||||
|
||||
public TestViewController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<TestViewController> logger, IConfiguration configuration, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeService envelopeService) : base(databaseService, logger)
|
||||
{
|
||||
this.envelopeOldService = envelopeOldService;
|
||||
_envRcvService = envelopeReceiverService;
|
||||
_envelopeService = envelopeService;
|
||||
_config = configuration;
|
||||
}
|
||||
|
||||
[HttpGet("/")]
|
||||
public IActionResult Index()
|
||||
{
|
||||
return View("Index");
|
||||
}
|
||||
|
||||
[HttpPost("/")]
|
||||
public IActionResult DebugEnvelopes([FromForm] string? password)
|
||||
{
|
||||
try
|
||||
{
|
||||
var passwordFromConfig = _config["Config:AdminPassword"];
|
||||
|
||||
if (passwordFromConfig == null)
|
||||
{
|
||||
ViewData["error"] = "No admin password configured!";
|
||||
return View("Index");
|
||||
}
|
||||
|
||||
if (password != passwordFromConfig)
|
||||
{
|
||||
ViewData["error"] = "Wrong Password!";
|
||||
return View("Index");
|
||||
}
|
||||
|
||||
List<Envelope> envelopes = envelopeOldService.LoadEnvelopes();
|
||||
|
||||
return View("DebugEnvelopes", envelopes);
|
||||
}
|
||||
catch(Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "Unexpected error");
|
||||
ViewData["error"] = "Unknown error!";
|
||||
return View("Index");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user