added review diffs

Author: retailcoder

rubberduckvba.Server/Api/Auth/AuthController.cs

@@ -115,15 +115,16 @@ public IActionResult OnGitHubCallback(SignInViewModel vm)
     {
         return GuardInternalAction(() =>
         {
-            Logger.LogInformation("OAuth token was received. State: {state}", vm.State);
+            Logger.LogInformation("OAuth code was received. State: {state}", vm.State);
             var clientId = configuration.Value.ClientId;
             var clientSecret = configuration.Value.ClientSecret;
             var agent = configuration.Value.UserAgent;
 
             var github = new GitHubClient(new ProductHeaderValue(agent));
-
             var request = new OauthTokenRequest(clientId, clientSecret, vm.Code);
+
             var token = github.Oauth.CreateAccessToken(request).GetAwaiter().GetResult();
+
             if (token is null)
             {
                 Logger.LogWarning("OAuth access token was not created.");
@@ -171,6 +172,13 @@ public IActionResult OnGitHubCallback(SignInViewModel vm)
                 Thread.CurrentPrincipal = HttpContext.User;
 
                 Logger.LogInformation("GitHub user with login {login} has signed in with role authorizations '{role}'.", githubUser.Login, configuration.Value.OwnerOrg);
+                Response.Cookies.Append(GitHubAuthenticationHandler.AuthCookie, token, new CookieOptions
+                {
+                    IsEssential = true,
+                    HttpOnly = true,
+                    Secure = true,
+                    Expires = DateTimeOffset.UtcNow.AddHours(1)
+                });
                 return token;
             }
             else

rubberduckvba.Server/GitHubAuthenticationHandler.cs

@@ -1,5 +1,4 @@
-
-using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Options;
 using rubberduckvba.Server.Services;
@@ -10,6 +9,10 @@ namespace rubberduckvba.Server;
 
 public class GitHubAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 {
+    public static readonly string AuthCookie = "x-access-token";
+
+    private static readonly object _lock = new object();
+
     private readonly IGitHubClientService _github;
     private readonly IMemoryCache _cache;
 
@@ -26,45 +29,86 @@ public GitHubAuthenticationHandler(IGitHubClientService github, IMemoryCache cac
         _cache = cache;
     }
 
-    protected async override Task<AuthenticateResult> HandleAuthenticateAsync()
+    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
     {
         try
         {
-            var token = Context.Request.Headers["X-ACCESS-TOKEN"].SingleOrDefault();
+            var token = Context.Request.Cookies[AuthCookie]
+                        ?? Context.Request.Headers[AuthCookie];
+
             if (string.IsNullOrWhiteSpace(token))
             {
-                return AuthenticateResult.Fail("Access token was not provided");
+                return Task.FromResult(AuthenticateResult.Fail("Access token was not provided"));
             }
 
-            if (_cache.TryGetValue(token, out var cached) && cached is AuthenticationTicket cachedTicket)
+            if (TryAuthenticateFromCache(token, out var cachedResult))
             {
-                var cachedPrincipal = cachedTicket.Principal;
-
-                Context.User = cachedPrincipal;
-                Thread.CurrentPrincipal = cachedPrincipal;
-
-                Logger.LogInformation($"Successfully retrieved authentication ticket from cached token for {cachedPrincipal.Identity!.Name}; token will not be revalidated.");
-                return AuthenticateResult.Success(cachedTicket);
+                return Task.FromResult(cachedResult)!;
             }
 
-            var principal = await _github.ValidateTokenAsync(token);
-            if (principal is ClaimsPrincipal)
+            lock (_lock)
             {
-                Context.User = principal;
-                Thread.CurrentPrincipal = principal;
-
-                var ticket = new AuthenticationTicket(principal, "github");
-                _cache.Set(token, ticket, _options);
+                if (TryAuthenticateGitHubToken(token, out var result)
+                    && result is AuthenticateResult
+                    && result.Ticket is AuthenticationTicket ticket)
+                {
+                    CacheAuthenticatedTicket(token, ticket);
+                    return Task.FromResult(result!);
+                }
 
-                return AuthenticateResult.Success(ticket);
+                if (TryAuthenticateFromCache(token, out cachedResult))
+                {
+                    return Task.FromResult(cachedResult!);
+                }
             }
 
-            return AuthenticateResult.Fail("An invalid access token was provided");
+            return Task.FromResult(AuthenticateResult.Fail("Missing or invalid access token"));
         }
         catch (InvalidOperationException e)
         {
             Logger.LogError(e, e.Message);
-            return AuthenticateResult.NoResult();
+            return Task.FromResult(AuthenticateResult.NoResult());
+        }
+    }
+
+    private void CacheAuthenticatedTicket(string token, AuthenticationTicket ticket)
+    {
+        if (!string.IsNullOrWhiteSpace(token) && ticket.Principal.Identity?.IsAuthenticated == true)
+        {
+            _cache.Set(token, ticket, _options);
+        }
+    }
+
+    private bool TryAuthenticateFromCache(string token, out AuthenticateResult? result)
+    {
+        result = null;
+        if (_cache.TryGetValue(token, out var cached) && cached is AuthenticationTicket cachedTicket)
+        {
+            var cachedPrincipal = cachedTicket.Principal;
+
+            Context.User = cachedPrincipal;
+            Thread.CurrentPrincipal = cachedPrincipal;
+
+            Logger.LogInformation($"Successfully retrieved authentication ticket from cached token for {cachedPrincipal.Identity!.Name}; token will not be revalidated.");
+            result = AuthenticateResult.Success(cachedTicket);
+            return true;
+        }
+        return false;
+    }
+
+    private bool TryAuthenticateGitHubToken(string token, out AuthenticateResult? result)
+    {
+        result = null;
+        var principal = _github.ValidateTokenAsync(token).GetAwaiter().GetResult();
+        if (principal is ClaimsPrincipal)
+        {
+            Context.User = principal;
+            Thread.CurrentPrincipal = principal;
+
+            var ticket = new AuthenticationTicket(principal, "github");
+            result = AuthenticateResult.Success(ticket);
+            return true;
         }
+        return false;
     }
 }

rubberduckvba.Server/Services/RubberduckDbService.cs

@@ -177,8 +177,12 @@ private async Task SubmitFeatureEdit(Feature feature, IIdentity identity)
 
         foreach (var name in editableFields)
         {
-            valueBefore = current?.GetType().GetProperty(name)?.GetValue(current)?.ToString();
-            valueAfter = feature.GetType().GetProperty(name)?.GetValue(feature)?.ToString() ?? string.Empty;
+            var currentProperty = current.GetType().GetProperty(name);
+            var property = feature.GetType().GetProperty(name)!;
+            var asJson = property.PropertyType.IsClass && property.PropertyType != typeof(string);
+
+            valueBefore = asJson ? JsonSerializer.Serialize(currentProperty?.GetValue(current)) : currentProperty?.GetValue(current)?.ToString() ?? string.Empty;
+            valueAfter = asJson ? JsonSerializer.Serialize(property?.GetValue(feature)) : property?.GetValue(feature)?.ToString() ?? string.Empty;
 
             if (valueBefore != valueAfter)
             {

rubberduckvba.client/package-lock.json

@@ -31,6 +31,8 @@
     "@popperjs/core": "^2.11.6",
     "angular-device-information": "^4.0.0",
     "bootstrap": "^5.2.3",
+    "diff": "^8.0.2",
+    "html-entities": "^2.6.0",
     "jest-editor-support": "*",
     "run-script-os": "*",
     "rxjs": "~7.8.0",

rubberduckvba.client/package.json

@@ -1,7 +1,7 @@
 import { NgModule } from '@angular/core';
 import { CommonModule } from '@angular/common';
 import { FormsModule } from '@angular/forms';
-import { NgbModule } from '@ng-bootstrap/ng-bootstrap';
+import { NgbAccordionDirective, NgbModule } from '@ng-bootstrap/ng-bootstrap';
 import { FontAwesomeModule } from '@fortawesome/angular-fontawesome';
 import { BrowserModule } from '@angular/platform-browser';
 import { RouterModule, UrlSerializer } from '@angular/router';
@@ -88,6 +88,7 @@ export class LowerCaseUrlSerializer extends DefaultUrlSerializer {
   bootstrap: [AppComponent],
   imports: [
     CommonModule,
+    NgbModule,
     BrowserModule,
     FormsModule,
     RouterModule.forRoot([
@@ -111,6 +112,7 @@ export class LowerCaseUrlSerializer extends DefaultUrlSerializer {
   providers: [
     DataService,
     ApiClientService,
+    NgbAccordionDirective,
     provideHttpClient(withInterceptorsFromDi()),
     {
       provide: UrlSerializer,

rubberduckvba.client/src/app/app.module.ts

@@ -5,5 +5,68 @@ <h2>Audits</h2>
     </p>
 </div>
 <div class="row">
-    <h3>TODO</h3>
+    <h3>Edits</h3>
+    <div class="col-12">
+        <p>
+            Edits are changes to existing features, such as changing the description, or changing the title.
+        </p>
+        <div *ngIf="pendingAudits.edits.length == 0">
+            <p class="text-muted">There are no pending edits.</p>
+        </div>
+        <div ngbAccordion>
+            <div ngbAccordionItem *ngFor="let edit of pendingAudits.edits" class="mb-2" [collapsed]="false">
+                <div ngbAccordionHeader>
+                    <h4>{{edit.featureName}}</h4>
+                    <p><span class="fw-bold">{{edit.author}}</span> wants to edit the '{{edit.fieldName.toLowerCase()}}' field.</p>
+                    <p>Submitted <span class="fw-bold">{{edit.dateInserted}}</span> <span *ngIf="edit.dateModified != null">, last modified <span class="fw-bold">{{edit.dateModified}}</span></span></p>
+                </div>
+                <div ngbAccordionCollapse>
+                    <div ngbAccordionBody>
+                        <div class="vbe-mock-debugger">
+                            <div class="code-area">
+                                <div [innerHtml]="getDiffHtml(edit.valueBefore ?? '', edit.valueAfter)"></div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <button class="btn btn-success" (click)="onApproveEdit(edit)">Approve</button>
+                <button class="btn btn-outline-danger" (click)="onRejectEdit(edit)">Reject</button>
+            </div>
+        </div>
+    </div>
+</div>
+<div class="row">
+    <h3>Operations</h3>
+    <div class="col-12">
+        <p>
+            Operations are additions or deletions of features, such as adding a new feature, or deleting an existing feature.
+        </p>
+        <div *ngIf="pendingAudits.other.length == 0">
+            <p class="text-muted">There are no pending operations.</p>
+        </div>
+        <div ngbAccordion>
+            <div ngbAccordionItem *ngFor="let op of pendingAudits.other" class="mb-2" [collapsed]="false">
+                <div ngbAccordionHeader>
+                    <h4>{{op.featureName}}</h4>
+                    <div *ngIf="op.featureAction == deleteOp">
+                        <p><span class="fw-bold">{{op.author}}</span> wants to DELETE the '<span class="fw-bold">{{op.featureName}}</span>' feature.</p>
+                        <p>Submitted <span class="fw-bold">{{op.dateInserted}}</span> <span *ngIf="op.dateModified != null">, last modified <span class="fw-bold">{{op.dateModified}}</span></span></p>
+                    </div>
+                    <div *ngIf="op.featureAction == createOp">
+                        <p><span class="fw-bold">{{op.author}}</span> wants to add a new '<span class="fw-bold">{{op.featureName}}</span>' feature.</p>
+                        <p>Submitted <span class="fw-bold">{{op.dateInserted}}</span> <span *ngIf="op.dateModified != null">, last modified <span class="fw-bold">{{op.dateModified}}</span></span></p>
+                    </div>
+                </div>
+                <div ngbAccordionCollapse>
+                    <div ngbAccordionBody>
+                        <h3>{{op.title}}</h3>
+                        <p [innerText]="op.shortDescription"></p>
+                        <p [innerHTML]="op.description"></p>
+                        <button class="btn btn-success" (click)="onApproveOperation(op)">Approve</button>
+                        <button class="btn btn-outline-danger" (click)="onRejectOperation(op)">Reject</button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
 </div>

rubberduckvba.client/src/app/routes/audits/audits.component.css

@@ -1,10 +1,13 @@
 import { Component, OnInit } from "@angular/core";
 import { ApiClientService } from "../../services/api-client.service";
-import { PendingAuditsViewModel } from "../../model/feature.model";
+import { FeatureEditViewModel, FeatureOperation, FeatureOperationViewModel, PendingAuditsViewModel } from "../../model/feature.model";
+import { Change, diffWords } from "diff";
+import { encode } from "html-entities";
 
 @Component({
   selector: 'app-audits',
-  templateUrl: './audits.component.html'
+  templateUrl: './audits.component.html',
+  styleUrls: ['./audits.component.css']
 })
 export class AuditsAdminComponent implements OnInit {
 
@@ -17,5 +20,51 @@ export class AuditsAdminComponent implements OnInit {
   ngOnInit(): void {
     this.api.getAllPendingAudits().subscribe(e => this.pendingAudits = e);
   }
-  
+
+  public get deleteOp() { return FeatureOperation.Delete; }
+  public get createOp() { return FeatureOperation.Create; }
+
+  public getDiffHtml(before: string, after: string): string {
+    const diff = diffWords(before, after, { ignoreCase: false });
+    return diff.map((part: Change) => {
+      const htmlEncodedValue = encode(part.value);
+      if (part.added) {
+        console.log(`added: ${part.value}`);
+        return `<span class="text-diff-added">${htmlEncodedValue}</span>`;
+      } else if (part.removed) {
+        console.log(`removed: ${part.value}`);
+        return `<span class="text-diff-removed">${htmlEncodedValue}</span>`;
+      } else {
+        return part.value;
+      }
+    }).join('');
+  }
+
+  public onApproveEdit(edit:FeatureEditViewModel): void {
+    this.api.approvePendingAudit(edit.id).subscribe(() => {
+      console.log(`Feature edit audit record id ${edit.id} was approved.`);
+      window.location.reload();
+    });
+  }
+
+  public onRejectEdit(edit:FeatureEditViewModel): void {
+    this.api.rejectPendingAudit(edit.id).subscribe(() => {
+      console.log(`Feature edit audit record id ${edit.id} was rejected.`);
+      window.location.reload();
+    });
+  }
+
+  public onApproveOperation(op: FeatureOperationViewModel): void {
+    this.api.approvePendingAudit(op.id).subscribe(() => {
+      console.log(`Feature operation audit record id ${op.id} was approved.`);
+      window.location.reload();
+    });
+  }
+
+  public onRejectOperation(op: FeatureOperationViewModel): void {
+    this.api.rejectPendingAudit(op.id).subscribe(() => {
+      console.log(`Feature operation audit record id ${op.id} was rejected.`);
+      window.location.reload();
+    });
+  }
 }