- Added details xml comments in Controllers

- Added 2.2 feature: Api Analyzer
- Refactor responses in Login and Log List
- Added Utls folder for shared extensions / classes
- Added warn filter in csproj
- Updated swagger configurations

Author: jioo

src/Api/Features/Accounts/AccountsController.cs

@@ -6,6 +6,8 @@
 using MediatR;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
+using WebApi.Features.Employees;
+using WebApi.Utils;
 
 namespace WebApi.Features.Accounts
 {
@@ -23,19 +25,28 @@ public AccountsController(IMediator mediator, IHttpContextAccessor httpContext)
         }
 
         // POST: api/accounts/register
+        /// <summary>
+        /// Register new employee
+        /// </summary>
+        /// <remarks>
+        /// Unique card no. and username filter will be applied
+        /// </remarks>
+        /// <param name="viewModel"></param>
         [Authorize(Roles = "Admin")]
         [HttpPost("register")]
+        [ProducesResponseType(typeof(EmployeeViewModel), StatusCodes.Status201Created)]
+        [ProducesResponseType(typeof(ErrorHandler), StatusCodes.Status400BadRequest)]
         public async Task<IActionResult> Register(RegisterViewModel viewModel)
         {
             // mediator from Features/Employees
             var isCardExist = await _mediator.Send(new Employees.IsCardExists.Query(Guid.Empty, viewModel.CardNo));
             if (isCardExist) 
-                return BadRequest("Card No. is already in use");
+                return BadRequest(new ErrorHandler{ Description = "Card No. is already in use" });
 
             // mediator from Features/Employees
             var isUsernameExist = await _mediator.Send(new Auth.IsUserExists.Query(viewModel.UserName));
             if (isUsernameExist) 
-                return BadRequest($"Username {viewModel.UserName} is already taken");
+                return BadRequest(new ErrorHandler{ Description = $"Username {viewModel.UserName} is already taken" });
 
             // Create user account
             var employeeInfo = await _mediator.Send(new Register.Command(viewModel));
@@ -44,32 +55,44 @@ public async Task<IActionResult> Register(RegisterViewModel viewModel)
         }
 
         // PUT: api/accounts/update-password
+        /// <summary>
+        /// Update an Employee password
+        /// </summary>
+        /// <param name="viewModel"></param>
         [Authorize(Roles = "Admin")]
         [HttpPut("update-password")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(ErrorHandler), StatusCodes.Status400BadRequest)]
         public async Task<IActionResult> UpdatePassword(UpdatePasswordViewModel viewModel)
         {
             // Change a specific Employee account's password
             var result = await _mediator.Send(new UpdatePassword.Command(viewModel));
             if (!result) 
-                return BadRequest();
+                return BadRequest(new ErrorHandler{ Description = "Unable to update password." });
 
             return Ok();
         }
 
         // PUT: api/accounts/change-password
+        /// <summary>
+        /// Update your current password
+        /// </summary>
+        /// <param name="viewModel"></param>
         [HttpPut("change-password")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(ErrorHandler), StatusCodes.Status400BadRequest)]
         public async Task<IActionResult> ChangePassword(ChangePasswordViewModel viewModel)
         {
             // Check if Old password is correct
             var currentUser = _httpContext.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
             var validatePassword = await _mediator.Send(new Auth.ValidatePassword.Query(currentUser, viewModel.OldPassword));
             if (!validatePassword) 
-                return BadRequest("Incorrect password");
+                return BadRequest(new ErrorHandler{ Description = "Incorrect password." });
 
             // Change account password
             var result = await _mediator.Send(new ChangePassword.Command(viewModel));
             if (!result.Succeeded) 
-                return BadRequest("Unable to change password");
+                return BadRequest(new ErrorHandler{ Description = "Unable to change password." });
 
             return Ok();
         }

src/Api/Features/Accounts/ChangePassword.cs

@@ -10,9 +10,6 @@
 
 namespace WebApi.Features.Accounts
 {
-    /// <summary>
-    /// Change account password
-    /// </summary>
     public class ChangePassword
     {
         public class Command : IRequest<IdentityResult>

src/Api/Features/Accounts/Register.cs

@@ -9,9 +9,6 @@
 
 namespace WebApi.Features.Accounts
 {
-    /// <summary>
-    /// Create employee account
-    /// </summary>
     public class Register
     {
         public class Command : IRequest<EmployeeViewModel>

src/Api/Features/Accounts/UpdatePassword.cs

@@ -9,9 +9,6 @@
 
 namespace WebApi.Features.Accounts
 {
-    /// <summary>
-    /// Change a specific Employee account's password
-    /// </summary>
     public class UpdatePassword
     {
         public class Command : IRequest<bool>

src/Api/Features/Auth/AuthController.cs

@@ -3,6 +3,7 @@
 using Microsoft.AspNetCore.Authorization;
 using MediatR;
 using Microsoft.AspNetCore.Http;
+using WebApi.Utils;
 
 namespace WebApi.Features.Auth
 {
@@ -19,14 +20,19 @@ public AuthController(IMediator mediator, IHttpContextAccessor httpContext)
         }
 
         // POST api/auth/login
+        /// <summary>
+        /// Login endpoint that produces Json Web Token
+        /// </summary>
+        /// <param name="viewModel"></param>
         [HttpPost("login")]
-        // [ValidateAntiForgeryToken]
-        public async Task<IActionResult> Login(LoginViewModel viewModel)
+        [ProducesResponseType(typeof(LoginResponse), StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(ErrorHandler), StatusCodes.Status400BadRequest)]
+        public async Task<ActionResult<LoginResponse>> Login(LoginViewModel viewModel)
         {
             // Check if credentials are correct
             var validate = await _mediator.Send(new ValidatePassword.Query(viewModel.UserName, viewModel.Password));
             if (!validate) 
-                return BadRequest("Invalid username or password");
+                return BadRequest(new ErrorHandler{ Description = "Invalid username or password." });
 
             // Get User Claims
             var claimsIdentity = await _mediator.Send(new GetRoleClaimsIdentity.Command(viewModel));
@@ -41,8 +47,15 @@ await _mediator.Send(new GenerateAccessToken.Command(claimsIdentity, employee, v
         }
 
         // POST api/challenge/{role}
+        /// <summary>
+        /// Validate the bearer token
+        /// </summary>
+        /// <param name="role"></param>
+        /// <returns></returns>
         [Authorize]
         [HttpPost("challenge/{role?}")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public IActionResult ChallengeAuth(string role)
         {
             if(!string.IsNullOrEmpty(role)) 
@@ -55,13 +68,13 @@ public IActionResult ChallengeAuth(string role)
             return Ok();
         }
 
-        // GET api/auth/xsrfToken
-        [HttpGet("xsrfToken")]
-        public IActionResult XsrfToken()
-        {
-            return new OkObjectResult(
-                _mediator.Send(new GenerateXsrfToken.Query(HttpContext))
-            );
-        }
+        // // GET api/auth/xsrfToken
+        // [HttpGet("xsrfToken")]
+        // public IActionResult XsrfToken()
+        // {
+        //     return new OkObjectResult(
+        //         _mediator.Send(new GenerateXsrfToken.Query(HttpContext))
+        //     );
+        // }
     }
 }

src/Api/Features/Auth/GenerateAccessToken.cs

@@ -13,7 +13,7 @@ namespace WebApi.Features.Auth
 {
     public class GenerateAccessToken
     {
-        public class Command : IRequest<Object>
+        public class Command : IRequest<LoginResponse>
         {
             public Command(
                 ClaimsIdentity claimsIdentity,
@@ -30,7 +30,7 @@ public Command(
             public string Uername { get; }
         }
 
-        public class CommandHandler : IRequestHandler<Command, Object>
+        public class CommandHandler : IRequestHandler<Command, LoginResponse>
         {
             private readonly JwtIssuerOptions _jwtOptions;
 
@@ -40,26 +40,24 @@ public CommandHandler(IOptions<JwtIssuerOptions> jwtOptions)
                 Extensions.ThrowIfInvalidOptions(_jwtOptions);
             }
 
-            public async Task<object> Handle(Command request, CancellationToken cancellationToken)
+            public async Task<LoginResponse> Handle(Command request, CancellationToken cancellationToken)
             {
                 try
                 {
-                    var response = new
+                    return new LoginResponse
                     {
-                        user = new
+                        User = new UserDetails
                         {
-                            empId = (request.Employee.Id != Guid.Empty) ? request.Employee.Id: Guid.Empty,
-                            fullName = request.Employee.FullName,
-                            username = request.Uername,
-                            roles = request.ClaimsIdentity.Claims.Where(c => c.Type == ClaimTypes.Role)
-                                        .Select(c => c.Value)
-                                        .ToList()
+                            EmployeeId = (request.Employee.Id != Guid.Empty) ? request.Employee.Id: Guid.Empty,
+                            FullName = request.Employee.FullName,
+                            UserName = request.Uername,
+                            Roles = request.ClaimsIdentity.Claims.Where(c => c.Type == ClaimTypes.Role)
+                                .Select(c => c.Value)
+                                .ToList()
                         },
-                        access_token = await GenerateEncodedToken(request.Uername, request.ClaimsIdentity),
-                        expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
+                        AccessToken = await GenerateEncodedToken(request.Uername, request.ClaimsIdentity),
+                        ExpiresIn = (int) _jwtOptions.ValidFor.TotalSeconds
                     };
-
-                    return response;
                 }
                 catch (Exception e)
                 {

src/Api/Features/Auth/LoginResponse.cs

@@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace WebApi.Features.Auth
+{
+    public class LoginResponse
+    {
+        [JsonProperty("user")]
+        public UserDetails User { get; set; }
+
+        [JsonProperty("access_token")]
+        public string AccessToken { get; set; }
+
+        [JsonProperty("expires_in")]
+        public int ExpiresIn { get; set; }
+    }
+
+    public class UserDetails
+    {
+        [JsonProperty("empId")]
+        public Guid EmployeeId { get; set; }
+        [JsonProperty("fullName")]
+        public string FullName { get; set; }
+        [JsonProperty("username")]
+        public string UserName { get; set; }
+        [JsonProperty("roles")]
+        public List<string> Roles { get; set; }
+    }
+}

src/Api/Features/Config/ConfigController.cs

@@ -2,6 +2,8 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 using MediatR;
+using Microsoft.AspNetCore.Http;
+using WebApi.Utils;
 
 namespace WebApi.Features.Config
 {
@@ -17,20 +19,30 @@ public ConfigController(IMediator mediator)
         }
 
         // GET api/config
+        /// <summary>
+        /// Get current atendance config
+        /// </summary>
         [HttpGet]
+        [ProducesResponseType(typeof(ConfigViewModel), StatusCodes.Status200OK)]
         public async Task<ConfigViewModel> Index()
         {
             return await _mediator.Send(new Details.Query());
         }
 
         // PUT api/config
+        /// <summary>
+        /// Update attendance config
+        /// </summary>
+        /// <param name="viewModel"></param>
         [Authorize(Roles = "Admin")]
         [HttpPut]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(ErrorHandler), StatusCodes.Status400BadRequest)]
         public async Task<ActionResult<ConfigViewModel>> Update(ConfigViewModel viewModel)
         {
             string message;
             if (Extensions.ValidateTimeStrings(viewModel, out message))
-                return BadRequest(message);
+                return BadRequest(new ErrorHandler{ Description = message });
 
             return await _mediator.Send(new Update.Command(viewModel));
         }

src/Api/Features/Config/Details.cs

@@ -8,9 +8,6 @@
 
 namespace WebApi.Features.Config
 {
-    /// <summary>
-    /// Get current attendance config
-    /// </summary>
     public class Details
     {
         public class Query : IRequest<ConfigViewModel> { }

src/Api/Features/Config/Update.cs

@@ -8,9 +8,6 @@
 
 namespace WebApi.Features.Config
 {
-    /// <summary>
-    /// Update attendance config
-    /// </summary>
     public class Update
     {
         public class Command : IRequest<ConfigViewModel>