feat: add password protection to blog posts (WEB-3)

2023-09-26 12:46:18 +01:00 · 2023-09-26 12:46:18 +01:00 · 1200318326
parent 40d8052116
commit 1200318326
3 changed files with 60 additions and 0 deletions
--- a/OliverBooth/OliverBooth.csproj
+++ b/OliverBooth/OliverBooth.csproj
@ -9,6 +9,7 @@

    <ItemGroup>
        <PackageReference Include="Alexinea.Extensions.Configuration.Toml" Version="7.0.0"/>
+        <PackageReference Include="BCrypt.Net-Core" Version="1.6.0"/>
        <PackageReference Include="Humanizer.Core" Version="2.14.1"/>
        <PackageReference Include="MailKit" Version="4.1.0"/>
        <PackageReference Include="MailKitSimplified.Sender" Version="2.5.2"/>
--- a/OliverBooth/Pages/Blog/Article.cshtml
+++ b/OliverBooth/Pages/Blog/Article.cshtml
@ -5,6 +5,22 @@
@inject IBlogPostService BlogPostService
@model Article

+@if (Model.ShowPasswordPrompt)
+{
+    <div class="alert alert-danger" role="alert">
+        This post is private and can only be viewed by those with the password.
+    </div>
+
+    <form method="post">
+        <div class="mb-3">
+            <label for="password" class="form-label">Password</label>
+            <input type="password" class="form-control" id="password" name="password" required>
+        </div>
+        <button type="submit" class="btn btn-primary">Submit</button>
+    </form>
+    return;
+}
+
@if (Model.Post is not { } post)
 {
    return;
--- a/OliverBooth/Pages/Blog/Article.cshtml.cs
+++ b/OliverBooth/Pages/Blog/Article.cshtml.cs
@ -1,7 +1,9 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.Extensions.Primitives;
 using OliverBooth.Data.Blog;
 using OliverBooth.Services;
+using BC = BCrypt.Net.BCrypt;

 namespace OliverBooth.Pages.Blog;

@ -38,6 +40,14 @@ public class Article : PageModel
    /// <value>The requested blog post.</value>
    public IBlogPost Post { get; private set; } = null!;

+    /// <summary>
+    ///     Gets a value indicating whether to show the password prompt.
+    /// </summary>
+    /// <value>
+    ///     <see langword="true" /> if the password prompt should be shown; otherwise, <see langword="false" />.
+    /// </value>
+    public bool ShowPasswordPrompt { get; private set; }
+
    public IActionResult OnGet(int year, int month, int day, string slug)
    {
        var date = new DateOnly(year, month, day);
@ -47,6 +57,39 @@ public class Article : PageModel
            return NotFound();
        }

+        if (!string.IsNullOrWhiteSpace(post.Password))
+        {
+            ShowPasswordPrompt = true;
+        }
+
+        if (post.IsRedirect)
+        {
+            return Redirect(post.RedirectUrl!.ToString());
+        }
+
+        Post = post;
+        return Page();
+    }
+
+    public IActionResult OnPost([FromRoute] int year,
+        [FromRoute] int month,
+        [FromRoute] int day,
+        [FromRoute] string slug)
+    {
+        var date = new DateOnly(year, month, day);
+        if (!_blogPostService.TryGetPost(date, slug, out IBlogPost? post))
+        {
+            Response.StatusCode = 404;
+            return NotFound();
+        }
+
+        ShowPasswordPrompt = true;
+
+        if (Request.Form.TryGetValue("password", out StringValues password) && BC.Verify(password, post.Password))
+        {
+            ShowPasswordPrompt = false;
+        }
+
        if (post.IsRedirect)
        {
            return Redirect(post.RedirectUrl!.ToString());