oliverbooth/oliverbooth.dev
oliverbooth
/
oliverbooth.dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Compare commits

base: oliverbooth:9d46d6495e6a3e7dc1eede5c48364ec12b511d00
Branches Tags
oliverbooth:main
oliverbooth:feature/cleanup
oliverbooth:feature/admin
oliverbooth:v1.1.0
..
compare: oliverbooth:3e20e41565ad0b62b5581b52ff6ed613225e58c5
Branches Tags
oliverbooth:main
oliverbooth:feature/cleanup
oliverbooth:feature/admin
oliverbooth:v1.1.0

3 Commits
9d46d6495e ... 3e20e41565

Author SHA1 Message Date
Oliver Booth 3e20e41565
refactor: use HttpGet for api routes 2023-08-10 22:57:24 +01:00
Oliver Booth d3958fc22c
feat: validate referer on all routes 2023-08-10 22:56:49 +01:00
Oliver Booth 159e1ad65d
refactor: return Ok(...) instead of building a JsonResult 2023-08-10 22:55:52 +01:00
1 changed files with 16 additions and 15 deletions
Show Stats Expand all files Collapse all files

29
OliverBooth/Controllers/BlogApiController.cs
View File

@ -1,6 +1,5 @@
using Humanizer;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using OliverBooth.Data.Blog;
using OliverBooth.Services;
@ -17,24 +16,19 @@ public sealed class BlogApiController : ControllerBase
_blogService = blogService;
}
[Route("count")]
[HttpGet("count")]
public IActionResult Count()
{
return new JsonResult(new { count = _blogService.AllPosts.Count });
if (!ValidateReferer()) return NotFound();
return Ok(new { count = _blogService.AllPosts.Count });
}
[Route("all/{skip:int?}/{take:int?}")]
[HttpGet("all/{skip:int?}/{take:int?}")]
public IActionResult GetAllBlogPosts(int skip = 0, int take = -1)
{
if (!ValidateReferer()) return NotFound();
if (take == -1) take = _blogService.AllPosts.Count;
var referer = Request.Headers["Referer"].ToString();
if (!referer.StartsWith(Url.PageLink("/Blog/Index")!))
{
return NotFound();
}
return new JsonResult(_blogService.AllPosts.Skip(skip).Take(take).Select(post => new
return Ok(_blogService.AllPosts.Skip(skip).Take(take).Select(post => new
{
id = post.Id,
commentsEnabled = post.EnableComments,
@ -58,15 +52,22 @@ public sealed class BlogApiController : ControllerBase
}));
}
[Route("author/{id:int}")]
[HttpGet("author/{id:int}")]
public IActionResult GetAuthor(int id)
{
if (!ValidateReferer()) return NotFound();
if (!_blogService.TryGetAuthor(id, out Author? author)) return NotFound();
return new JsonResult(new
return Ok(new
{
name = author.Name,
avatarHash = author.AvatarHash,
});
}
private bool ValidateReferer()
{
var referer = Request.Headers["Referer"].ToString();
return referer.StartsWith(Url.PageLink("/Blog/Index")!);
}
}