diff options
Diffstat (limited to 'docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs')
| -rw-r--r-- | docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs | 59 |
1 files changed, 56 insertions, 3 deletions
diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs index a771547..12d939b 100644 --- a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs @@ -14,17 +14,17 @@ public static class SecretsWebApplicationExtensions } catch (VerifySecretException e) { - await context.Response.WriteErrorMessageAsync(e.Message, 401); + await context.Response.WriteErrorMessageAsync(e.Message, e.Kind == VerifySecretException.ErrorKind.Unauthorized ? 401 : 403); } }); return app; } - public static async Task CheckSecret(this HttpContext context, string key) + public static async Task CheckSecret(this HttpContext context, string? key) { var secretsService = context.RequestServices.GetRequiredService<ISecretsService>(); - await secretsService.VerifySecretForHttpRequestAsync(context.Request, SecretsConstants.SecretManagementKey); + await secretsService.VerifySecretForHttpRequestAsync(context.Request, key); } public static WebApplication MapSecrets(this WebApplication app, string path) @@ -37,6 +37,59 @@ public static class SecretsWebApplicationExtensions await context.Response.WriteJsonAsync(secrets); }); + app.MapGet(path + "/:secret", async (context) => + { + await context.CheckSecret(SecretsConstants.SecretManagementKey); + var secretsService = context.RequestServices.GetRequiredService<ISecretsService>(); + var secret = context.Request.RouteValues["secret"]; + if (secret is null) + { + await context.Response.WriteErrorMessageAsync("Secret path parameter is invalid."); + return; + } + var secretInfo = secretsService.GetSecretAsync((string)secret); + await context.Response.WriteJsonAsync(secretInfo); + }); + + app.MapPost(path, async (context) => + { + await context.CheckSecret(SecretsConstants.SecretManagementKey); + var secretsService = context.RequestServices.GetRequiredService<ISecretsService>(); + var request = await context.Request.ReadFromJsonAsync<SecretCreateRequest>(); + if (request is null) + { + await context.Response.WriteErrorMessageAsync("Failed to deserialize request body to SecretCreateRequest."); + return; + } + var secret = await secretsService.CreateSecretAsync(request.Key, request.Description, request.ExpireTime); + await context.Response.WriteJsonAsync(secret, 201, beforeWriteBody: (response) => + { + response.Headers.Location = context.Request.Path + "/" + secret.Secret; + }); + }); + + app.MapPost(path + "/:secret/revoke", async (context) => + { + await context.CheckSecret(SecretsConstants.SecretManagementKey); + var secretsService = context.RequestServices.GetRequiredService<ISecretsService>(); + var secret = context.Request.RouteValues["secret"]; + if (secret is null) + { + await context.Response.WriteErrorMessageAsync("Secret path parameter is invalid."); + return; + } + + try + { + await secretsService.RevokeSecretAsync((string)secret); + await context.Response.WriteMessageAsync("Secret revoked."); + } + catch (EntityNotExistException) + { + await context.Response.WriteErrorMessageAsync("Secret to revoke is invalid."); + } + }); + return app; } } |