Refactor API (#554)

* Remove ODATA * Add OpenAPI and transformers * Update api endpoint (/api) * Remove Swashbuckle * Add SCALAR (Playground) * Refactor customer retrieval order in WorkContextSetter * Refactor authentication services and middleware
grandnode · Jan 7, 2025 · 7ec3e5f · 7ec3e5f
1 parent 68790b9
commit 7ec3e5f
Show file tree

Hide file tree

Showing 75 changed files with 1,364 additions and 2,073 deletions.
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -5,8 +5,10 @@
   <ItemGroup>
     <PackageVersion Include="MaxMind.GeoIP2" Version="5.2.0" />
     <PackageVersion Include="ExcelMapper" Version="5.2.593" />
+    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0" />
     <PackageVersion Include="Microsoft.FeatureManagement.AspNetCore" Version="4.0.0" />
     <PackageVersion Include="NPOI" Version="2.7.2" />
+    <PackageVersion Include="Scalar.AspNetCore" Version="1.2.72" />
     <PackageVersion Include="Scryber.Core" Version="6.0.4-beta" />
     <PackageVersion Include="Scryber.Core.OpenType" Version="6.1.0-beta" />
     <PackageVersion Include="MailKit" Version="4.9.0" />
@@ -38,13 +40,10 @@
     <PackageVersion Include="FluentValidation" Version="11.11.0" />
     <PackageVersion Include="Microsoft.AspNetCore.JsonPatch" Version="9.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="9.0.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.OData" Version="9.1.1" />
-    <PackageVersion Include="MongoDB.AspNetCore.OData" Version="1.1.0" />
-    <PackageVersion Include="Swashbuckle.AspNetCore" Version="7.2.0" />
-    <PackageVersion Include="Swashbuckle.AspNetCore.Annotations" Version="7.2.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.Facebook" Version="9.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.Google" Version="9.0.0" />
     <PackageVersion Include="Braintree" Version="5.28.0" />
+    <PackageVersion Include="System.Linq.Dynamic.Core" Version="1.5.1" />
     <PackageVersion Include="System.Xml.XPath.XmlDocument" Version="4.7.0" />
     <PackageVersion Include="Stripe.net" Version="47.1.0" />
     <PackageVersion Include="elFinder.Net.AspNetCore" Version="1.5.0" />

diff --git a/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs b/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
@@ -5,6 +5,7 @@
 using Grand.Infrastructure.Configuration;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Net.Http.Headers;
 
@@ -34,12 +35,12 @@ public virtual async Task<Customer> GetAuthenticatedCustomer()
         if (string.IsNullOrEmpty(authHeader))
             return null;
 
-        if (_httpContextAccessor.HttpContext.Request.Path.Value != null
-            && !_httpContextAccessor.HttpContext.Request.Path.Value.StartsWith("/odata"))
+        if (IsApiFrontAuthenticated())
         {
             customer = await ApiCustomer();
             return customer;
         }
+
         var authenticateResult = await _httpContextAccessor.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
         if (!authenticateResult.Succeeded)
             return null;
@@ -55,6 +56,15 @@ public virtual async Task<Customer> GetAuthenticatedCustomer()
 
         return customer;
     }
+    private bool IsApiFrontAuthenticated()
+    {
+        var endpoint = _httpContextAccessor.HttpContext.GetEndpoint();
+        if (endpoint == null) return false;
+
+        var authorizeAttributes = endpoint.Metadata.GetOrderedMetadata<AuthorizeAttribute>();
+        return authorizeAttributes.Any(attr => attr.AuthenticationSchemes?.Contains(FrontendAPIConfig.AuthenticationScheme) == true);
+    }
+
 
     private async Task<Customer> ApiCustomer()
     {

diff --git a/src/Business/Grand.Business.Authentication/Services/CookieAuthenticationService.cs b/src/Business/Grand.Business.Authentication/Services/CookieAuthenticationService.cs
@@ -55,7 +55,6 @@ public CookieAuthenticationService(
     private readonly IGroupService _groupService;
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly SecurityConfig _securityConfig;
-    private Customer _cachedCustomer;
 
     #endregion
 
@@ -112,22 +111,15 @@ public virtual async Task SignIn(Customer customer, bool isPersistent)
         {
             _httpContextAccessor.HttpContext.Response.Cookies.Delete(CustomerCookieName);
 
-            await _httpContextAccessor.HttpContext.SignInAsync(
-                GrandCookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, authenticationProperties);
+            await _httpContextAccessor.HttpContext.SignInAsync(GrandCookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, authenticationProperties);
         }
-
-        //cache authenticated customer
-        _cachedCustomer = customer;
     }
 
     /// <summary>
     ///     Sign out customer
     /// </summary>
     public virtual async Task SignOut()
     {
-        //Firstly reset cached customer
-        _cachedCustomer = null;
-
         //and then sign out customer from the present scheme of authentication
         if (_httpContextAccessor.HttpContext != null)
         {
@@ -145,15 +137,7 @@ await _httpContextAccessor.HttpContext.SignOutAsync(GrandCookieAuthenticationDef
     /// <returns>Customer</returns>
     public virtual async Task<Customer> GetAuthenticatedCustomer()
     {
-        //check if there is a cached customer
-        if (_cachedCustomer != null)
-            return _cachedCustomer;
-
-        //get the authenticated user identity
-        if (_httpContextAccessor.HttpContext == null) return _cachedCustomer;
-        var authenticateResult =
-            await _httpContextAccessor.HttpContext.AuthenticateAsync(GrandCookieAuthenticationDefaults
-                .AuthenticationScheme);
+        var authenticateResult = await _httpContextAccessor.HttpContext.AuthenticateAsync(GrandCookieAuthenticationDefaults.AuthenticationScheme);
         if (!authenticateResult.Succeeded)
             return null;
 
@@ -195,10 +179,7 @@ await _httpContextAccessor.HttpContext.AuthenticateAsync(GrandCookieAuthenticati
         if (customer is not { Active: true } || customer.Deleted || !await _groupService.IsRegistered(customer))
             return null;
 
-        //Cache the authenticated customer
-        _cachedCustomer = customer;
-
-        return _cachedCustomer;
+        return customer;
     }
 
     /// <summary>

diff --git a/src/Core/Grand.SharedKernel/Attributes/ApiGroupAttribute.cs b/src/Core/Grand.SharedKernel/Attributes/ApiGroupAttribute.cs
@@ -0,0 +1,12 @@
+namespace Grand.SharedKernel.Attributes;
+
+[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
+public sealed class ApiGroupAttribute : Attribute
+{
+    public string GroupName { get; }
+
+    public ApiGroupAttribute(string groupName)
+    {
+        GroupName = groupName;
+    }
+}
diff --git a/src/Core/Grand.SharedKernel/Extensions/ApiConstants.cs b/src/Core/Grand.SharedKernel/Extensions/ApiConstants.cs
@@ -0,0 +1,7 @@
+namespace Grand.SharedKernel.Extensions;
+
+public static class ApiConstants
+{
+    public const string ApiGroupNameV1 = "v1";
+    public const string ApiGroupNameV2 = "v2";
+}
diff --git a/src/Modules/Grand.Module.Api/ApiExplorer/ApiParameterContext.cs b/src/Modules/Grand.Module.Api/ApiExplorer/ApiParameterContext.cs