From 6f311fabd48f539e191f8e78e942c1a809482a93 Mon Sep 17 00:00:00 2001 From: Jeas0001 Date: Wed, 26 Mar 2025 12:14:42 +0100 Subject: [PATCH] Comments --- backend/Api/BusinessLogic/DeviceLogic.cs | 25 +++++++++++ backend/Api/BusinessLogic/UserLogic.cs | 48 ++++++++++++++++++++- backend/Api/Controllers/DeviceController.cs | 6 ++- backend/Api/Controllers/UserController.cs | 4 ++ backend/Api/DBAccess/DBAccess.cs | 4 +- 5 files changed, 82 insertions(+), 5 deletions(-) diff --git a/backend/Api/BusinessLogic/DeviceLogic.cs b/backend/Api/BusinessLogic/DeviceLogic.cs index 506316c..27ab67a 100644 --- a/backend/Api/BusinessLogic/DeviceLogic.cs +++ b/backend/Api/BusinessLogic/DeviceLogic.cs @@ -16,6 +16,12 @@ namespace Api.BusinessLogic _configuration = configuration; } + /// + /// Gets the user from dbaccess using the userId and checks if the user exists + /// Gets all devices that match the userId and checks if there are any devices connected to the user + /// + /// UserId that matches a user that owns the devices + /// returns the devices in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task GetDevices(int userId) { var profile = await _dbAccess.ReadUser(userId); @@ -29,6 +35,13 @@ namespace Api.BusinessLogic return new OkObjectResult(devices); } + /// + /// Checks if the user that the device is trying to be added to exists + /// Then it is send to dbaccess + /// + /// The new device + /// The user that owns the device + /// returns true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task AddDevice(Device device, int userId) { var profile = await _dbAccess.ReadUser(userId); @@ -38,6 +51,12 @@ namespace Api.BusinessLogic return await _dbAccess.CreateDevice(device, userId); } + /// + /// Checks if the device exist that is trying to be read from + /// Gets the logs and checks if there are any in the list + /// + /// The deviceId that you want from the logs + /// returns the logs in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task GetLogs(int deviceId) { var device = await _dbAccess.ReadDevice(deviceId); @@ -51,6 +70,12 @@ namespace Api.BusinessLogic return new OkObjectResult(logs); } + /// + /// Checks if the deviceId matches a device + /// + /// The updated info + /// The device to be edited + /// returns the updated device in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task EditDevice(Device device, int deviceId) { var device1 = _dbAccess.ReadDevice(deviceId); diff --git a/backend/Api/BusinessLogic/UserLogic.cs b/backend/Api/BusinessLogic/UserLogic.cs index 43d21f6..ed0a11f 100644 --- a/backend/Api/BusinessLogic/UserLogic.cs +++ b/backend/Api/BusinessLogic/UserLogic.cs @@ -22,6 +22,14 @@ namespace Api.BusinessLogic _configuration = configuration; } + /// + /// First checks if the mail is a valid one with regex so if there is something before the @ and after and it has a domain + /// Then it checks if the password is to our security standard + /// Then it makes sure the user has a device list + /// The last thing before it saves the user is creating a salt and then hashing of the password + /// + /// The new user + /// returns true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task RegisterUser(User user) { if (!new Regex(@".+@.+\..+").IsMatch(user.Email)) @@ -48,6 +56,13 @@ namespace Api.BusinessLogic return await _dbAccess.CreateUser(user); } + /// + /// Gets the user that matches the login + /// Hashes the login password with the users salt + /// checks if the hashed password that the login has is the same as the one saved in the database + /// + /// Has a username or email and a password + /// Returns a jwt token, username and userid public async Task Login(Login login) { User user = await _dbAccess.Login(login); @@ -65,6 +80,15 @@ namespace Api.BusinessLogic return new ConflictObjectResult(new { message = "Invalid password" }); } + /// + /// First checks if the mail is a valid one with regex so if there is something before the @ and after and it has a domain + /// Then it checks if the password is to our security standard + /// Finds the user that matches the userId and hashes a new hash with the old salt + /// Then the updated user and the userId is being send to dbaccess + /// + /// Contains the updated user info + /// Has the id for the user that is to be updated + /// returns the updated user in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task EditProfile(User user, int userId) { if (!new Regex(@".+@.+\..+").IsMatch(user.Email)) @@ -85,11 +109,23 @@ namespace Api.BusinessLogic return await _dbAccess.UpdateUser(user, userId); } + /// + /// Just sends the userid of the user that is to be deleted + /// + /// The Id of the user that is to be deleted + /// returns the true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task DeleteUser(int userId) { return await _dbAccess.DeleteUser(userId); } + /// + /// Generates a hash from a salt and input using the algorithm that is provided + /// + /// This is the input that is supposed to be hashed + /// This is the alogorithm that is used to encrypt the input + /// This is something extra added to make the hashed input more unpredictable + /// The hashed input private static string ComputeHash(string input, HashAlgorithm algorithm, string salt) { Byte[] inputBytes = Encoding.UTF8.GetBytes(input); @@ -105,6 +141,11 @@ namespace Api.BusinessLogic return BitConverter.ToString(hashedBytes); } + /// + /// Checks if password is up to our security standard + /// + /// The password that is to be checked + /// true or false dependeing on if the password is up to standard public bool PasswordSecurity(string password) { var hasMinimum8Chars = new Regex(@".{8,}"); @@ -112,6 +153,11 @@ namespace Api.BusinessLogic return hasMinimum8Chars.IsMatch(password); } + /// + /// Generates a JWT token that last 2 hours + /// + /// Used for sending the userid and username with the token + /// Returns a valid JWTToken private string GenerateJwtToken(User user) { var claims = new[] @@ -129,7 +175,7 @@ namespace Api.BusinessLogic _configuration["JwtSettings:Issuer"], _configuration["JwtSettings:Audience"], claims, - expires: DateTime.Now.AddMinutes(30), + expires: DateTime.Now.AddHours(2), signingCredentials: creds); return new JwtSecurityTokenHandler().WriteToken(token); diff --git a/backend/Api/Controllers/DeviceController.cs b/backend/Api/Controllers/DeviceController.cs index d936fdb..8244f8c 100644 --- a/backend/Api/Controllers/DeviceController.cs +++ b/backend/Api/Controllers/DeviceController.cs @@ -19,15 +19,15 @@ namespace Api.Controllers _deviceLogic = deviceLogic; } + // Sends the userId to deviceLogic [Authorize] [HttpGet("{userId}")] public async Task GetDevices(int userId) { - List devices = await _dbAccess.ReadDevices(userId); - if (devices.Count == 0) { return BadRequest(new { error = "There is no devices that belong to this userID" }); } return await _deviceLogic.GetDevices(userId); } + // Sends the device and userId to deviceLogic [Authorize] [HttpPost("adddevice/{userId}")] public async Task AddDevice([FromBody] Device device, int userId) @@ -35,6 +35,7 @@ namespace Api.Controllers return await _deviceLogic.AddDevice(device, userId); } + // Sends the deviceId to deviceLogic [Authorize] [HttpGet("logs/{deviceId}")] public async Task GetLogs(int deviceId) @@ -42,6 +43,7 @@ namespace Api.Controllers return await _deviceLogic.GetLogs(deviceId); } + // Sends the deviceId to deviceLogic [Authorize] [HttpPut("Edit/{deviceId}")] public async Task EditDevice([FromBody] Device device, int deviceId) diff --git a/backend/Api/Controllers/UserController.cs b/backend/Api/Controllers/UserController.cs index 186e1d4..74cbb1b 100644 --- a/backend/Api/Controllers/UserController.cs +++ b/backend/Api/Controllers/UserController.cs @@ -21,18 +21,21 @@ namespace Api.Controllers _userLogic = userLogic; } + // Sends the login to userLogic [HttpPost("Login")] public async Task Login([FromBody] Login login) { return await _userLogic.Login(login); } + // Sends the user to userLogic [HttpPost("Create")] public async Task CreateUser([FromBody] User user) { return await _userLogic.RegisterUser(user); } + // Sends the user and userId to userLogic [Authorize] [HttpPut("Edit/{userId}")] public async Task EditUser([FromBody] User user, int userId) @@ -40,6 +43,7 @@ namespace Api.Controllers return await _userLogic.EditProfile(user, userId); } + // Sends the userId to userLogic [Authorize] [HttpDelete("Delete/{userId}")] public async Task DeleteUser(int userId) diff --git a/backend/Api/DBAccess/DBAccess.cs b/backend/Api/DBAccess/DBAccess.cs index 8ced21d..a239f8c 100644 --- a/backend/Api/DBAccess/DBAccess.cs +++ b/backend/Api/DBAccess/DBAccess.cs @@ -22,7 +22,7 @@ namespace Api.DBAccess /// Creates a user using entityframework core /// /// Need the entire user obj - /// returns the true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason + /// returns true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task CreateUser(User user) { var users = await _context.Users.ToListAsync(); @@ -118,7 +118,7 @@ namespace Api.DBAccess /// Deletes a user from the database /// /// The Id of the user that is to be deleted - /// returns the true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason + /// returns true in a OkObjectResult and if there is some error it returns a ConflictObjectResult and a message that explain the reason public async Task DeleteUser(int userId) { var user = await _context.Users.Include(u => u.Devices).FirstOrDefaultAsync(u => u.Id == userId);