Refaktorisierung: Absicherung von DB-Operationen und Verbesserung der Geschäftslogik

- Implementierung von LINQ-Abfragen innerhalb der Core-Bibliothek zur Minderung von SQL-Injection-Anfälligkeiten für DB-Operationen von Umschlägen und Empfängern. - Aktualisierung der Geschäftslogik in der Service-Schicht für verbessertes Transaktionshandling. - Erweiterung der ServiceMessage um eine neue Flag-Funktion zum Verfolgen von Cybersecurity- und Datenintegritätsproblemen. - Hinzufügen spezifischer Benutzerverhaltensflags zur besseren Erkennung und Behandlung potenzieller Datenverletzungen.
2024-04-24 13:45:03 +02:00
parent f2e718565d
commit 6338b81571
47 changed files with 644 additions and 310 deletions
--- a/EnvelopeGenerator.Web/Controllers/Test/TestEnvelopeReceiverController.cs
+++ b/EnvelopeGenerator.Web/Controllers/Test/TestEnvelopeReceiverController.cs
@@ -1,8 +1,11 @@
 using DigitalData.Core.API;
+using DigitalData.Core.Application;
 using EnvelopeGenerator.Application.Contracts;
 using EnvelopeGenerator.Application.DTOs;
+using EnvelopeGenerator.Application.Services;
 using EnvelopeGenerator.Domain.Entities;
 using EnvelopeGenerator.Infrastructure.Contracts;
+using Microsoft.AspNetCore.Mvc;

 namespace EnvelopeGenerator.Web.Controllers.Test
 {
@@ -10,7 +13,38 @@ namespace EnvelopeGenerator.Web.Controllers.Test
    {
        public TestEnvelopeReceiverController(ILogger<TestEnvelopeReceiverController> logger, IEnvelopeReceiverService service) : base(logger, service)
        {
+        }

+        [HttpGet("verify-access-code/{envelope_receiver_id}")]
+        public async Task<IActionResult> VerifyAccessCode([FromRoute] string envelope_receiver_id, [FromQuery] string access_code)
+        {
+            var verification = await _service.VerifyAccessCodeAsync(envelopeReceiverId:envelope_receiver_id, accessCode: access_code);
+
+            if (verification.IsSuccess)
+                return Ok(verification);
+            else if (verification.HasFlag(Flag.SecurityBreach))
+                return Forbid();
+            else if (verification.HasFlag(Flag.SecurityBreachOrDataIntegrity))
+                return Conflict();
+            else
+                return this.InnerServiceError(verification);
+        }
+
+        [HttpGet("e-r-id/{envelope_receiver_id}")]
+        public async Task<IActionResult> GetByEnvelopeReceiverId([FromRoute] string envelope_receiver_id)
+        {
+            var er_result = await _service.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId: envelope_receiver_id);
+            if (er_result.IsSuccess)
+                return Ok(er_result);
+            else
+                return this.InnerServiceError(er_result);
+        }
+
+        [HttpGet("decode")]
+        public IActionResult DecodeEnvelopeReceiverId(string envelopeReceiverId)
+        {
+            var decoded = envelopeReceiverId.DecodeEnvelopeReceiverId();
+            return Ok(new { uuid = decoded.EnvelopeUuid, signature = decoded.ReceiverSignature });
        }
    }
 }