...

8 files changed, 153 insertions, 0 deletions

diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj
index 72a1294..2d78adb 100644
--- a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj
@@ -1,5 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">

 

+  <ItemGroup>
+    <ProjectReference Include="..\CrupestApi.Commons\CrupestApi.Commons.csproj" />
+  </ItemGroup>

+

   <PropertyGroup>

     <TargetFramework>net7.0</TargetFramework>

     <Nullable>enable</Nullable>

diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs
new file mode 100644
index 0000000..c42fbdc
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs
@@ -0,0 +1,21 @@
+namespace CrupestApi.Secrets;
+
+public interface ISecretsService
+{
+    Task<List<SecretInfo>> GetSecretListAsync(bool includeExpired = false, bool includeRevoked = false);
+
+    Task<List<SecretInfo>> GetSecretListByKeyAsync(string key, bool includeExpired = false, bool includeRevoked = false);
+
+    Task<bool> VerifySecretAsync(string key, string secret);
+
+    // Check if "secret" query param exists and is only one. Then check the secret is valid for given key.
+    // If check fails, will throw a VerifySecretException with proper message that can be send to client.
+    Task VerifySecretForHttpRequestAsync(HttpRequest request, string key, string queryKey = "secret");
+
+    Task<SecretInfo> CreateSecretAsync(string key, string description, DateTime? expireTime = null);
+
+    Task RevokeSecretAsync(string secret);
+
+    // Throw SecretNotExistException if request secret does not exist.
+    Task<SecretInfo> ModifySecretAsync(string secret, SecretModifyRequest modifyRequest);
+}
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs
new file mode 100644
index 0000000..46ce501
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs
@@ -0,0 +1,21 @@
+namespace CrupestApi.Secrets;
+
+public class SecretInfo
+{
+    public SecretInfo(string key, string secret, string description, DateTime? expireTime, bool revoked, DateTime createdTime)
+    {
+        Key = key;
+        Secret = secret;
+        Description = description;
+        ExpireTime = expireTime;
+        Revoked = revoked;
+        CreateTime = createdTime;
+    }
+
+    public string Key { get; set; }
+    public string Secret { get; set; }
+    public string Description { get; set; }
+    public DateTime? ExpireTime { get; set; }
+    public bool Revoked { get; set; }
+    public DateTime CreateTime { get; set; }
+}
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs
new file mode 100644
index 0000000..dfff347
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs
@@ -0,0 +1,30 @@
+namespace CrupestApi.Secrets;
+
+public class SecretModifyRequest
+{
+    public SecretModifyRequest()
+    {
+
+    }
+
+    public SecretModifyRequest(string? key, string? description)
+    {
+        Key = key;
+        Description = description;
+        SetExpireTime = false;
+        ExpireTime = null;
+    }
+
+    public SecretModifyRequest(string? key, string? description, DateTime? expireTime)
+    {
+        Key = key;
+        Description = description;
+        SetExpireTime = true;
+        ExpireTime = expireTime;
+    }
+
+    public string? Key { get; set; }
+    public string? Description { get; set; }
+    public bool SetExpireTime { get; set; }
+    public DateTime? ExpireTime { get; set; }
+}
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs
new file mode 100644
index 0000000..ad082ee
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs
@@ -0,0 +1,18 @@
+namespace CrupestApi.Secrets;
+
+public class SecretNotExistException : Exception
+{
+    public SecretNotExistException(string requestSecret)
+        : base($"Request secret {requestSecret} not found.")
+    {
+        RequestSecret = requestSecret;
+    }
+
+    public SecretNotExistException(string requestSecret, string message)
+        : base(message)
+    {
+        RequestSecret = requestSecret;
+    }
+
+    public string RequestSecret { get; set; }
+}
\ No newline at end of file
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs
new file mode 100644
index 0000000..ea659a9
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs
@@ -0,0 +1,6 @@
+namespace CrupestApi.Secrets;
+
+public static class SecretsConstants
+{
+    public const string SecretManagementKey = "crupest.secrets.management";
+}
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs
new file mode 100644
index 0000000..a771547
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs
@@ -0,0 +1,42 @@
+using CrupestApi.Commons;
+
+namespace CrupestApi.Secrets;
+
+public static class SecretsWebApplicationExtensions
+{
+    public static WebApplication UseCatchVerifySecretException(this WebApplication app)
+    {
+        app.Use(async (context, next) =>
+        {
+            try
+            {
+                await next(context);
+            }
+            catch (VerifySecretException e)
+            {
+                await context.Response.WriteErrorMessageAsync(e.Message, 401);
+            }
+        });
+
+        return app;
+    }
+
+    public static async Task CheckSecret(this HttpContext context, string key)
+    {
+        var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
+        await secretsService.VerifySecretForHttpRequestAsync(context.Request, SecretsConstants.SecretManagementKey);
+    }
+
+    public static WebApplication MapSecrets(this WebApplication app, string path)
+    {
+        app.MapGet(path, async (context) =>
+        {
+            await context.CheckSecret(SecretsConstants.SecretManagementKey);
+            var secretsService = context.RequestServices.GetRequiredService<ISecretsService>();
+            var secrets = secretsService.GetSecretListAsync();
+            await context.Response.WriteJsonAsync(secrets);
+        });
+
+        return app;
+    }
+}
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs
new file mode 100644
index 0000000..c9f60a1
--- /dev/null
+++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs
@@ -0,0 +1,11 @@
+namespace CrupestApi.Secrets;
+
+public class VerifySecretException : Exception
+{
+    public VerifySecretException(string requestKey, string message) : base(message)
+    {
+        RequestKey = requestKey;
+    }
+
+    public string RequestKey { get; set; }
+}
\ No newline at end of file