// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschränkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Squidex.Areas.Api.Controllers.Apps.Models;
using Squidex.Domain.Apps.Entities.Apps.Commands;
using Squidex.Infrastructure.Commands;
using Squidex.Pipeline;
using Squidex.Shared;
namespace Squidex.Areas.Api.Controllers.Apps
{
///
/// Manages and configures apps.
///
[ApiExplorerSettings(GroupName = nameof(Apps))]
public sealed class AppClientsController : ApiController
{
public AppClientsController(ICommandBus commandBus)
: base(commandBus)
{
}
///
/// Get app clients.
///
/// The name of the app.
///
/// 200 => Client keys returned.
/// 404 => App not found.
///
///
/// Gets all configured clients for the app with the specified name.
///
[HttpGet]
[Route("apps/{app}/clients/")]
[ProducesResponseType(typeof(ClientDto[]), 200)]
[ApiPermission(Permissions.AppClientsRead)]
[ApiCosts(0)]
public IActionResult GetClients(string app)
{
var response = App.Clients.Select(ClientDto.FromKvp).ToList();
Response.Headers["ETag"] = App.Version.ToString();
return Ok(response);
}
///
/// Create a new app client.
///
/// The name of the app.
/// Client object that needs to be added to the app.
///
/// 201 => Client generated.
/// 404 => App not found.
///
///
/// Create a new client for the app with the specified name.
/// The client secret is auto generated on the server and returned. The client does not exire, the access token is valid for 30 days.
///
[HttpPost]
[Route("apps/{app}/clients/")]
[ProducesResponseType(typeof(ClientDto), 201)]
[ApiPermission(Permissions.AppClientsCreate)]
[ApiCosts(1)]
public async Task PostClient(string app, [FromBody] CreateAppClientDto request)
{
var command = request.ToCommand();
await CommandBus.PublishAsync(command);
var response = ClientDto.FromCommand(command);
return CreatedAtAction(nameof(GetClients), new { app }, response);
}
///
/// Updates an app client.
///
/// The name of the app.
/// The id of the client that must be updated.
/// Client object that needs to be updated.
///
/// 204 => Client updated.
/// 400 => Client request not valid.
/// 404 => Client or app not found.
///
///
/// Only the display name can be changed, create a new client if necessary.
///
[HttpPut]
[Route("apps/{app}/clients/{clientId}/")]
[ApiPermission(Permissions.AppClientsUpdate)]
[ApiCosts(1)]
public async Task PutClient(string app, string clientId, [FromBody] UpdateAppClientDto request)
{
await CommandBus.PublishAsync(request.ToCommand(clientId));
return NoContent();
}
///
/// Revoke an app client
///
/// The name of the app.
/// The id of the client that must be deleted.
///
/// 204 => Client revoked.
/// 404 => Client or app not found.
///
///
/// The application that uses this client credentials cannot access the API after it has been revoked.
///
[HttpDelete]
[Route("apps/{app}/clients/{clientId}/")]
[ApiPermission(Permissions.AppClientsDelete)]
[ApiCosts(1)]
public async Task DeleteClient(string app, string clientId)
{
await CommandBus.PublishAsync(new RevokeClient { Id = clientId });
return NoContent();
}
}
}