oliverbooth/oliverbooth.dev
oliverbooth/oliverbooth.dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Compare commits

base: oliverbooth:9d46d6495e6a3e7dc1eede5c48364ec12b511d00
Branches Tags
oliverbooth:main
oliverbooth:feature/cleanup
oliverbooth:feature/admin
oliverbooth:v1.1.0
..
compare: oliverbooth:3e20e41565ad0b62b5581b52ff6ed613225e58c5
Branches Tags
oliverbooth:main
oliverbooth:feature/cleanup
oliverbooth:feature/admin
oliverbooth:v1.1.0

3 Commits
9d46d6495e ... 3e20e41565

Author SHA1 Message Date
Oliver Booth
3e20e41565
refactor: use HttpGet for api routes 2023-08-10 22:57:24 +01:00
Oliver Booth
d3958fc22c
feat: validate referer on all routes 2023-08-10 22:56:49 +01:00
Oliver Booth
159e1ad65d
refactor: return Ok(...) instead of building a JsonResult 2023-08-10 22:55:52 +01:00
1 changed files with 16 additions and 15 deletions
Show Stats Expand all files Collapse all files

31
OliverBooth/Controllers/BlogApiController.cs
View File

@ -1,6 +1,5 @@
using Humanizer; using Humanizer;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using OliverBooth.Data.Blog; using OliverBooth.Data.Blog;
using OliverBooth.Services; using OliverBooth.Services;
@ -17,24 +16,19 @@ public sealed class BlogApiController : ControllerBase
_blogService = blogService; _blogService = blogService;
} }
[Route("count")] [HttpGet("count")]
public IActionResult Count() public IActionResult Count()
{ {
return new JsonResult(new { count = _blogService.AllPosts.Count }); if (!ValidateReferer()) return NotFound();
return Ok(new { count = _blogService.AllPosts.Count });
} }
[Route("all/{skip:int?}/{take:int?}")] [HttpGet("all/{skip:int?}/{take:int?}")]
public IActionResult GetAllBlogPosts(int skip = 0, int take = -1) public IActionResult GetAllBlogPosts(int skip = 0, int take = -1)
{ {
if (!ValidateReferer()) return NotFound();
if (take == -1) take = _blogService.AllPosts.Count; if (take == -1) take = _blogService.AllPosts.Count;
return Ok(_blogService.AllPosts.Skip(skip).Take(take).Select(post => new
var referer = Request.Headers["Referer"].ToString();
if (!referer.StartsWith(Url.PageLink("/Blog/Index")!))
{
return NotFound();
}
return new JsonResult(_blogService.AllPosts.Skip(skip).Take(take).Select(post => new
{ {
id = post.Id, id = post.Id,
commentsEnabled = post.EnableComments, commentsEnabled = post.EnableComments,
@ -44,7 +38,7 @@ public sealed class BlogApiController : ControllerBase
published = post.Published.ToUnixTimeSeconds(), published = post.Published.ToUnixTimeSeconds(),
formattedDate = post.Published.ToString("dddd, d MMMM yyyy HH:mm"), formattedDate = post.Published.ToString("dddd, d MMMM yyyy HH:mm"),
updated = post.Updated?.ToUnixTimeSeconds(), updated = post.Updated?.ToUnixTimeSeconds(),
humanizedTimestamp = post.Updated?.Humanize() ?? post.Published.Humanize(), humanizedTimestamp = post.Updated?.Humanize() ?? post.Published.Humanize(),
excerpt = _blogService.GetExcerpt(post, out bool trimmed), excerpt = _blogService.GetExcerpt(post, out bool trimmed),
trimmed, trimmed,
url = Url.Page("/Blog/Article", url = Url.Page("/Blog/Article",
@ -58,15 +52,22 @@ public sealed class BlogApiController : ControllerBase
})); }));
} }
[Route("author/{id:int}")] [HttpGet("author/{id:int}")]
public IActionResult GetAuthor(int id) public IActionResult GetAuthor(int id)
{ {
if (!ValidateReferer()) return NotFound();
if (!_blogService.TryGetAuthor(id, out Author? author)) return NotFound(); if (!_blogService.TryGetAuthor(id, out Author? author)) return NotFound();
return new JsonResult(new return Ok(new
{ {
name = author.Name, name = author.Name,
avatarHash = author.AvatarHash, avatarHash = author.AvatarHash,
}); });
} }
private bool ValidateReferer()
{
var referer = Request.Headers["Referer"].ToString();
return referer.StartsWith(Url.PageLink("/Blog/Index")!);
}
} }