Develop secret api. v4

1 files changed, 56 insertions, 3 deletions

diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs
index a771547..12d939b 100644
--- a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs
@@ -14,17 +14,17 @@ public static class SecretsWebApplicationExtensions
             }
             catch (VerifySecretException e)
             {
-                await context.Response.WriteErrorMessageAsync(e.Message, 401);
+                await context.Response.WriteErrorMessageAsync(e.Message, e.Kind == VerifySecretException.ErrorKind.Unauthorized ? 401 : 403);
             }
         });
 
         return app;
     }
 
-    public static async Task CheckSecret(this HttpContext context, string key)
+    public static async Task CheckSecret(this HttpContext context, string? key)
     {
         var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
-        await secretsService.VerifySecretForHttpRequestAsync(context.Request, SecretsConstants.SecretManagementKey);
+        await secretsService.VerifySecretForHttpRequestAsync(context.Request, key);
     }
 
     public static WebApplication MapSecrets(this WebApplication app, string path)
@@ -37,6 +37,59 @@ public static class SecretsWebApplicationExtensions
             await context.Response.WriteJsonAsync(secrets);
         });
 
+        app.MapGet(path + "/:secret", async (context) =>
+        {
+            await context.CheckSecret(SecretsConstants.SecretManagementKey);
+            var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
+            var secret = context.Request.RouteValues["secret"];
+            if (secret is null)
+            {
+                await context.Response.WriteErrorMessageAsync("Secret path parameter is invalid.");
+                return;
+            }
+            var secretInfo = secretsService.GetSecretAsync((string)secret);
+            await context.Response.WriteJsonAsync(secretInfo);
+        });
+
+        app.MapPost(path, async (context) =>
+        {
+            await context.CheckSecret(SecretsConstants.SecretManagementKey);
+            var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
+            var request = await context.Request.ReadFromJsonAsync<SecretCreateRequest>();
+            if (request is null)
+            {
+                await context.Response.WriteErrorMessageAsync("Failed to deserialize request body to SecretCreateRequest.");
+                return;
+            }
+            var secret = await secretsService.CreateSecretAsync(request.Key, request.Description, request.ExpireTime);
+            await context.Response.WriteJsonAsync(secret, 201, beforeWriteBody: (response) =>
+            {
+                response.Headers.Location = context.Request.Path + "/" + secret.Secret;
+            });
+        });
+
+        app.MapPost(path + "/:secret/revoke", async (context) =>
+        {
+            await context.CheckSecret(SecretsConstants.SecretManagementKey);
+            var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
+            var secret = context.Request.RouteValues["secret"];
+            if (secret is null)
+            {
+                await context.Response.WriteErrorMessageAsync("Secret path parameter is invalid.");
+                return;
+            }
+
+            try
+            {
+                await secretsService.RevokeSecretAsync((string)secret);
+                await context.Response.WriteMessageAsync("Secret revoked.");
+            }
+            catch (EntityNotExistException)
+            {
+                await context.Response.WriteErrorMessageAsync("Secret to revoke is invalid.");
+            }
+        });
+
         return app;
     }
 }