From da9139b7bab95f6e5ba5f4bb2d99011c2d6db03a Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Wed, 23 Mar 2022 21:30:14 +0800
Subject: …
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/BookmarkTimelineController.cs      |   8 +-
 .../Controllers/HighlightTimelineController.cs     |   4 +-
 BackEnd/Timeline/Controllers/MyControllerBase.cs   |  33 +-
 BackEnd/Timeline/Controllers/Resource.Designer.cs  | 393 ++++++++++-----------
 BackEnd/Timeline/Controllers/Resource.resx         |  14 +-
 BackEnd/Timeline/Controllers/TimelineController.cs |  10 +-
 .../Timeline/Controllers/TimelinePostController.cs |  12 +-
 BackEnd/Timeline/Controllers/TokenController.cs    |  37 +-
 .../Timeline/Controllers/UserAvatarController.cs   |   4 +-
 BackEnd/Timeline/Controllers/UserController.cs     |   7 +-
 10 files changed, 251 insertions(+), 271 deletions(-)

(limited to 'BackEnd/Timeline/Controllers')

diff --git a/BackEnd/Timeline/Controllers/BookmarkTimelineController.cs b/BackEnd/Timeline/Controllers/BookmarkTimelineController.cs
index 551a41e2..a1fa511c 100644
--- a/BackEnd/Timeline/Controllers/BookmarkTimelineController.cs
+++ b/BackEnd/Timeline/Controllers/BookmarkTimelineController.cs
@@ -44,7 +44,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(401)]
         public async Task<ActionResult<List<HttpTimeline>>> List()
         {
-            var ids = await _service.GetBookmarksAsync(GetUserId());
+            var ids = await _service.GetBookmarksAsync(GetAuthUserId());
             var timelines = await _timelineService.GetTimelineList(ids);
             return await Map(timelines);
         }
@@ -61,7 +61,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult<CommonPutResponse>> Put([GeneralTimelineName] string timeline)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
-            var create = await _service.AddBookmarkAsync(GetUserId(), timelineId);
+            var create = await _service.AddBookmarkAsync(GetAuthUserId(), timelineId);
             return CommonPutResponse.Create(create);
         }
 
@@ -77,7 +77,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult<CommonDeleteResponse>> Delete([GeneralTimelineName] string timeline)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
-            var delete = await _service.RemoveBookmarkAsync(GetUserId(), timelineId);
+            var delete = await _service.RemoveBookmarkAsync(GetAuthUserId(), timelineId);
             return CommonDeleteResponse.Create(delete);
         }
 
@@ -93,7 +93,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult> Move([FromBody] HttpBookmarkTimelineMoveRequest request)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(request.Timeline);
-            await _service.MoveBookmarkAsync(GetUserId(), timelineId, request.NewPosition!.Value);
+            await _service.MoveBookmarkAsync(GetAuthUserId(), timelineId, request.NewPosition!.Value);
             return OkWithCommonResponse();
         }
     }
diff --git a/BackEnd/Timeline/Controllers/HighlightTimelineController.cs b/BackEnd/Timeline/Controllers/HighlightTimelineController.cs
index 127392db..e30cf720 100644
--- a/BackEnd/Timeline/Controllers/HighlightTimelineController.cs
+++ b/BackEnd/Timeline/Controllers/HighlightTimelineController.cs
@@ -61,7 +61,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult<CommonPutResponse>> Put([GeneralTimelineName] string timeline)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
-            var create = await _service.AddHighlightTimelineAsync(timelineId, GetUserId());
+            var create = await _service.AddHighlightTimelineAsync(timelineId, GetAuthUserId());
             return CommonPutResponse.Create(create);
         }
 
@@ -78,7 +78,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult<CommonDeleteResponse>> Delete([GeneralTimelineName] string timeline)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
-            var delete = await _service.RemoveHighlightTimelineAsync(timelineId, GetUserId());
+            var delete = await _service.RemoveHighlightTimelineAsync(timelineId, GetAuthUserId());
             return CommonDeleteResponse.Create(delete);
         }
 
diff --git a/BackEnd/Timeline/Controllers/MyControllerBase.cs b/BackEnd/Timeline/Controllers/MyControllerBase.cs
index d4ee9d3e..b74193f4 100644
--- a/BackEnd/Timeline/Controllers/MyControllerBase.cs
+++ b/BackEnd/Timeline/Controllers/MyControllerBase.cs
@@ -1,8 +1,11 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.DependencyInjection;
 using System;
+using System.Threading.Tasks;
 using Timeline.Auth;
 using Timeline.Models.Http;
+using Timeline.Services;
 using Timeline.Services.User;
 
 namespace Timeline.Controllers
@@ -15,24 +18,30 @@ namespace Timeline.Controllers
             return User.HasPermission(permission);
         }
 
-        protected string? GetOptionalUsername()
+        protected long? GetOptionalAuthUserId()
         {
-            return User.GetOptionalName();
-        }
-
-        protected string GetUsername()
-        {
-            return GetOptionalUsername() ?? throw new InvalidOperationException(Resource.ExceptionNoUsername);
+            return User.GetOptionalUserId();
         }
 
-        protected long? GetOptionalUserId()
+        protected long GetAuthUserId()
         {
-            return User.GetOptionalUserId();
+            return GetOptionalAuthUserId() ?? throw new InvalidOperationException(Resource.ExceptionNoUserId);
         }
 
-        protected long GetUserId()
-        {
-            return GetOptionalUserId() ?? throw new InvalidOperationException(Resource.ExceptionNoUserId);
+        protected async Task<bool> CheckIsSelf(string username)
+        {
+            var authUserId = GetOptionalAuthUserId();
+            if (!authUserId.HasValue) return false;
+            try
+            {
+                var userService = HttpContext.RequestServices.GetRequiredService<IUserService>();
+                var id = await userService.GetUserIdByUsernameAsync(username);
+                return authUserId == id;
+            }
+            catch (EntityNotExistException)
+            {
+                return false;
+            }
         }
         #endregion auth
 
diff --git a/BackEnd/Timeline/Controllers/Resource.Designer.cs b/BackEnd/Timeline/Controllers/Resource.Designer.cs
index a647558a..eeb2f0fa 100644
--- a/BackEnd/Timeline/Controllers/Resource.Designer.cs
+++ b/BackEnd/Timeline/Controllers/Resource.Designer.cs
@@ -1,207 +1,186 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.42000
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Timeline.Controllers {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resource {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resource() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Timeline.Controllers.Resource", typeof(Resource).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Can&apos;t get user id..
-        /// </summary>
-        internal static string ExceptionNoUserId {
-            get {
-                return ResourceManager.GetString("ExceptionNoUserId", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Can&apos;t get username..
-        /// </summary>
-        internal static string ExceptionNoUsername {
-            get {
-                return ResourceManager.GetString("ExceptionNoUsername", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to You have no permission to access this..
-        /// </summary>
-        internal static string MessageForbid {
-            get {
-                return ResourceManager.GetString("MessageForbid", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to You can&apos;t do this unless you are administrator..
-        /// </summary>
-        internal static string MessageForbidNotAdministrator {
-            get {
-                return ResourceManager.GetString("MessageForbidNotAdministrator", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to You can&apos;t do this unless you are administrator or resource owner..
-        /// </summary>
-        internal static string MessageForbidNotAdministratorOrOwner {
-            get {
-                return ResourceManager.GetString("MessageForbidNotAdministratorOrOwner", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to You can&apos;t do this because it is the root user..
-        /// </summary>
-        internal static string MessageInvalidOperationOnRootUser {
-            get {
-                return ResourceManager.GetString("MessageInvalidOperationOnRootUser", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The old password is wrong..
-        /// </summary>
-        internal static string MessageOldPasswordWrong {
-            get {
-                return ResourceManager.GetString("MessageOldPasswordWrong", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Operation succeeded..
-        /// </summary>
-        internal static string MessageOperationSucceeded {
-            get {
-                return ResourceManager.GetString("MessageOperationSucceeded", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The user specified by query param &quot;relate&quot; does not exist..
-        /// </summary>
-        internal static string MessageTimelineListQueryRelateNotExist {
-            get {
-                return ResourceManager.GetString("MessageTimelineListQueryRelateNotExist", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to &apos;{0}&apos; is an unkown visibility in the query parameter &apos;visibility&apos;. .
-        /// </summary>
-        internal static string MessageTimelineListQueryVisibilityUnknown {
-            get {
-                return ResourceManager.GetString("MessageTimelineListQueryVisibilityUnknown", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Username or password is invalid..
-        /// </summary>
-        internal static string MessageTokenCreateBadCredential {
-            get {
-                return ResourceManager.GetString("MessageTokenCreateBadCredential", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The token is of bad format. It might not be created by the server..
-        /// </summary>
-        internal static string MessageTokenVerifyBadFormat {
-            get {
-                return ResourceManager.GetString("MessageTokenVerifyBadFormat", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Token has an old version. User might have update some info..
-        /// </summary>
-        internal static string MessageTokenVerifyOldVersion {
-            get {
-                return ResourceManager.GetString("MessageTokenVerifyOldVersion", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The token is expired..
-        /// </summary>
-        internal static string MessageTokenVerifyTimeExpired {
-            get {
-                return ResourceManager.GetString("MessageTokenVerifyTimeExpired", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to User does not exist. Administrator might have deleted this user..
-        /// </summary>
-        internal static string MessageTokenVerifyUserNotExist {
-            get {
-                return ResourceManager.GetString("MessageTokenVerifyUserNotExist", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to A user with given username already exists..
-        /// </summary>
-        internal static string MessageUsernameConflict {
-            get {
-                return ResourceManager.GetString("MessageUsernameConflict", resourceCulture);
-            }
-        }
-    }
-}
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Timeline.Controllers {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    ///   This class was generated by MSBuild using the GenerateResource task.
+    ///   To add or remove a member, edit your .resx file then rerun MSBuild.
+    /// </summary>
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.Build.Tasks.StronglyTypedResourceBuilder", "15.1.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resource {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resource() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Timeline.Controllers.Resource", typeof(Resource).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Can&apos;t get user id..
+        /// </summary>
+        internal static string ExceptionNoUserId {
+            get {
+                return ResourceManager.GetString("ExceptionNoUserId", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Can&apos;t get username..
+        /// </summary>
+        internal static string ExceptionNoUsername {
+            get {
+                return ResourceManager.GetString("ExceptionNoUsername", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to You have no permission to access this..
+        /// </summary>
+        internal static string MessageForbid {
+            get {
+                return ResourceManager.GetString("MessageForbid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to You can&apos;t do this unless you are administrator..
+        /// </summary>
+        internal static string MessageForbidNotAdministrator {
+            get {
+                return ResourceManager.GetString("MessageForbidNotAdministrator", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to You can&apos;t do this unless you are administrator or resource owner..
+        /// </summary>
+        internal static string MessageForbidNotAdministratorOrOwner {
+            get {
+                return ResourceManager.GetString("MessageForbidNotAdministratorOrOwner", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to You can&apos;t do this because it is the root user..
+        /// </summary>
+        internal static string MessageInvalidOperationOnRootUser {
+            get {
+                return ResourceManager.GetString("MessageInvalidOperationOnRootUser", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The old password is wrong..
+        /// </summary>
+        internal static string MessageOldPasswordWrong {
+            get {
+                return ResourceManager.GetString("MessageOldPasswordWrong", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Operation succeeded..
+        /// </summary>
+        internal static string MessageOperationSucceeded {
+            get {
+                return ResourceManager.GetString("MessageOperationSucceeded", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The user specified by query param &quot;relate&quot; does not exist..
+        /// </summary>
+        internal static string MessageTimelineListQueryRelateNotExist {
+            get {
+                return ResourceManager.GetString("MessageTimelineListQueryRelateNotExist", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to &apos;{0}&apos; is an unkown visibility in the query parameter &apos;visibility&apos;. .
+        /// </summary>
+        internal static string MessageTimelineListQueryVisibilityUnknown {
+            get {
+                return ResourceManager.GetString("MessageTimelineListQueryVisibilityUnknown", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Username or password is invalid..
+        /// </summary>
+        internal static string MessageTokenCreateBadCredential {
+            get {
+                return ResourceManager.GetString("MessageTokenCreateBadCredential", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The token is expired. Please create a new one..
+        /// </summary>
+        internal static string MessageTokenVerifyExpired {
+            get {
+                return ResourceManager.GetString("MessageTokenVerifyExpired", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The token is invalid..
+        /// </summary>
+        internal static string MessageTokenVerifyInvalid {
+            get {
+                return ResourceManager.GetString("MessageTokenVerifyInvalid", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to A user with given username already exists..
+        /// </summary>
+        internal static string MessageUsernameConflict {
+            get {
+                return ResourceManager.GetString("MessageUsernameConflict", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/BackEnd/Timeline/Controllers/Resource.resx b/BackEnd/Timeline/Controllers/Resource.resx
index 47b7a329..b70e5230 100644
--- a/BackEnd/Timeline/Controllers/Resource.resx
+++ b/BackEnd/Timeline/Controllers/Resource.resx
@@ -150,17 +150,11 @@
   <data name="MessageTokenCreateBadCredential" xml:space="preserve">
     <value>Username or password is invalid.</value>
   </data>
-  <data name="MessageTokenVerifyBadFormat" xml:space="preserve">
-    <value>The token is of bad format. It might not be created by the server.</value>
+  <data name="MessageTokenVerifyInvalid" xml:space="preserve">
+    <value>The token is invalid.</value>
   </data>
-  <data name="MessageTokenVerifyOldVersion" xml:space="preserve">
-    <value>Token has an old version. User might have update some info.</value>
-  </data>
-  <data name="MessageTokenVerifyTimeExpired" xml:space="preserve">
-    <value>The token is expired.</value>
-  </data>
-  <data name="MessageTokenVerifyUserNotExist" xml:space="preserve">
-    <value>User does not exist. Administrator might have deleted this user.</value>
+  <data name="MessageTokenVerifyExpired" xml:space="preserve">
+    <value>The token is expired. Please create a new one.</value>
   </data>
   <data name="MessageUsernameConflict" xml:space="preserve">
     <value>A user with given username already exists.</value>
diff --git a/BackEnd/Timeline/Controllers/TimelineController.cs b/BackEnd/Timeline/Controllers/TimelineController.cs
index f98ff3e0..42b8f210 100644
--- a/BackEnd/Timeline/Controllers/TimelineController.cs
+++ b/BackEnd/Timeline/Controllers/TimelineController.cs
@@ -142,7 +142,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _service.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _service.HasManagePermissionAsync(timelineId, GetUserId()))
+            if (!UserHasAllTimelineManagementPermission && !await _service.HasManagePermissionAsync(timelineId, GetAuthUserId()))
             {
                 return ForbidWithCommonResponse();
             }
@@ -168,7 +168,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _service.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetUserId())))
+            if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetAuthUserId())))
             {
                 return ForbidWithCommonResponse();
             }
@@ -194,7 +194,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _service.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetUserId())))
+            if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetAuthUserId())))
             {
                 return ForbidWithCommonResponse();
             }
@@ -216,7 +216,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
         public async Task<ActionResult<HttpTimeline>> TimelineCreate([FromBody] HttpTimelineCreateRequest body)
         {
-            var userId = GetUserId();
+            var userId = GetAuthUserId();
 
             var timeline = await _service.CreateTimelineAsync(body.Name, userId);
             var result = await Map(timeline);
@@ -240,7 +240,7 @@ namespace Timeline.Controllers
             {
                 var timelineId = await _service.GetTimelineIdByNameAsync(timeline);
 
-                if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetUserId())))
+                if (!UserHasAllTimelineManagementPermission && !(await _service.HasManagePermissionAsync(timelineId, GetAuthUserId())))
                 {
                     return ForbidWithCommonResponse();
                 }
diff --git a/BackEnd/Timeline/Controllers/TimelinePostController.cs b/BackEnd/Timeline/Controllers/TimelinePostController.cs
index f00a689c..c49c95fc 100644
--- a/BackEnd/Timeline/Controllers/TimelinePostController.cs
+++ b/BackEnd/Timeline/Controllers/TimelinePostController.cs
@@ -77,7 +77,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalUserId()))
+            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalAuthUserId()))
             {
                 return ForbidWithCommonResponse();
             }
@@ -102,7 +102,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalUserId()))
+            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalAuthUserId()))
             {
                 return ForbidWithCommonResponse();
             }
@@ -148,7 +148,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalUserId()))
+            if (!UserHasAllTimelineManagementPermission && !await _timelineService.HasReadPermissionAsync(timelineId, GetOptionalAuthUserId()))
             {
                 return ForbidWithCommonResponse();
             }
@@ -182,7 +182,7 @@ namespace Timeline.Controllers
         public async Task<ActionResult<HttpTimelinePost>> Post([FromRoute][GeneralTimelineName] string timeline, [FromBody] HttpTimelinePostCreateRequest body)
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
-            var userId = GetUserId();
+            var userId = GetAuthUserId();
 
             if (!UserHasAllTimelineManagementPermission && !await _timelineService.IsMemberOfAsync(timelineId, userId))
             {
@@ -247,7 +247,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _postService.HasPostModifyPermissionAsync(timelineId, post, GetUserId(), true))
+            if (!UserHasAllTimelineManagementPermission && !await _postService.HasPostModifyPermissionAsync(timelineId, post, GetAuthUserId(), true))
             {
                 return ForbidWithCommonResponse();
             }
@@ -274,7 +274,7 @@ namespace Timeline.Controllers
         {
             var timelineId = await _timelineService.GetTimelineIdByNameAsync(timeline);
 
-            if (!UserHasAllTimelineManagementPermission && !await _postService.HasPostModifyPermissionAsync(timelineId, post, GetUserId(), true))
+            if (!UserHasAllTimelineManagementPermission && !await _postService.HasPostModifyPermissionAsync(timelineId, post, GetAuthUserId(), true))
             {
                 return ForbidWithCommonResponse();
             }
diff --git a/BackEnd/Timeline/Controllers/TokenController.cs b/BackEnd/Timeline/Controllers/TokenController.cs
index ae3e1b94..9ee5a09f 100644
--- a/BackEnd/Timeline/Controllers/TokenController.cs
+++ b/BackEnd/Timeline/Controllers/TokenController.cs
@@ -19,13 +19,15 @@ namespace Timeline.Controllers
     [ProducesErrorResponseType(typeof(CommonResponse))]
     public class TokenController : MyControllerBase
     {
-        private readonly IUserTokenManager _userTokenManager;
+        private readonly IUserService _userService;
+        private readonly IUserTokenService _userTokenService;
         private readonly IGenericMapper _mapper;
         private readonly IClock _clock;
 
-        public TokenController(IUserTokenManager userTokenManager, IGenericMapper mapper, IClock clock)
+        public TokenController(IUserService userService, IUserTokenService userTokenService, IGenericMapper mapper, IClock clock)
         {
-            _userTokenManager = userTokenManager;
+            _userService = userService;
+            _userTokenService = userTokenService;
             _mapper = mapper;
             _clock = clock;
         }
@@ -47,12 +49,14 @@ namespace Timeline.Controllers
                 if (request.Expire is not null)
                     expireTime = _clock.GetCurrentTime().AddDays(request.Expire.Value);
 
-                var result = await _userTokenManager.CreateTokenAsync(request.Username, request.Password, expireTime);
+                var userId = await _userService.VerifyCredential(request.Username, request.Password);
+                var token = await _userTokenService.CreateTokenAsync(userId, expireTime);
+                var user = await _userService.GetUserAsync(userId);
 
                 return new HttpCreateTokenResponse
                 {
-                    Token = result.Token,
-                    User = await _mapper.MapAsync<HttpUser>(result.User, Url, User)
+                    Token = token,
+                    User = await _mapper.MapAsync<HttpUser>(user, Url, User)
                 };
             }
             catch (EntityNotExistException)
@@ -77,27 +81,20 @@ namespace Timeline.Controllers
         {
             try
             {
-                var result = await _userTokenManager.VerifyTokenAsync(request.Token);
+                var tokenInfo = await _userTokenService.ValidateTokenAsync(request.Token);
+                var user = await _userService.GetUserAsync(tokenInfo.UserId);
                 return new HttpVerifyTokenResponse
                 {
-                    User = await _mapper.MapAsync<HttpUser>(result, Url, User)
+                    User = await _mapper.MapAsync<HttpUser>(user, Url, User)
                 };
             }
-            catch (UserTokenTimeExpiredException)
+            catch (UserTokenExpiredException)
             {
-                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyTimeExpired, Resource.MessageTokenVerifyTimeExpired);
+                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyExpired, Resource.MessageTokenVerifyExpired);
             }
-            catch (UserTokenVersionExpiredException)
+            catch (UserTokenException)
             {
-                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyOldVersion, Resource.MessageTokenVerifyOldVersion);
-            }
-            catch (UserTokenBadFormatException)
-            {
-                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyBadFormat, Resource.MessageTokenVerifyBadFormat);
-            }
-            catch (UserTokenUserNotExistException)
-            {
-                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyUserNotExist, Resource.MessageTokenVerifyUserNotExist);
+                return BadRequestWithCommonResponse(ErrorCodes.TokenController.VerifyInvalid, Resource.MessageTokenVerifyInvalid);
             }
         }
     }
diff --git a/BackEnd/Timeline/Controllers/UserAvatarController.cs b/BackEnd/Timeline/Controllers/UserAvatarController.cs
index 5b8c5cdf..072ab621 100644
--- a/BackEnd/Timeline/Controllers/UserAvatarController.cs
+++ b/BackEnd/Timeline/Controllers/UserAvatarController.cs
@@ -61,7 +61,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Put([FromRoute][Username] string username, [FromBody] ByteData body)
         {
-            if (!UserHasPermission(UserPermission.UserManagement) && GetUsername() != username)
+            if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
             {
                 return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
             }
@@ -91,7 +91,7 @@ namespace Timeline.Controllers
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> Delete([FromRoute][Username] string username)
         {
-            if (!UserHasPermission(UserPermission.UserManagement) && User.Identity!.Name != username)
+            if (!UserHasPermission(UserPermission.UserManagement) && !await CheckIsSelf(username))
             {
                 return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
             }
diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs
index 740bd0ed..95a99a03 100644
--- a/BackEnd/Timeline/Controllers/UserController.cs
+++ b/BackEnd/Timeline/Controllers/UserController.cs
@@ -7,6 +7,7 @@ using Timeline.Auth;
 using Timeline.Filters;
 using Timeline.Models.Http;
 using Timeline.Models.Validation;
+using Timeline.Services;
 using Timeline.Services.Mapper;
 using Timeline.Services.User;
 
@@ -103,7 +104,7 @@ namespace Timeline.Controllers
             }
             else
             {
-                if (GetUsername() != username)
+                if (!await CheckIsSelf(username))
                     return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner);
 
                 if (body.Username is not null)
@@ -112,7 +113,7 @@ namespace Timeline.Controllers
                 if (body.Password is not null)
                     return ForbidWithCommonResponse(Resource.MessageForbidNotAdministrator);
 
-                var user = await _userService.ModifyUserAsync(GetUserId(), _mapper.AutoMapperMap<ModifyUserParams>(body));
+                var user = await _userService.ModifyUserAsync(GetAuthUserId(), _mapper.AutoMapperMap<ModifyUserParams>(body));
                 return await _mapper.MapAsync<HttpUser>(user, Url, User);
             }
         }
@@ -152,7 +153,7 @@ namespace Timeline.Controllers
         {
             try
             {
-                await _userService.ChangePassword(GetUserId(), request.OldPassword, request.NewPassword);
+                await _userService.ChangePassword(GetAuthUserId(), request.OldPassword, request.NewPassword);
                 return OkWithCommonResponse();
             }
             catch (BadPasswordException)
-- 
cgit v1.2.3