Verbesserung Auth, Webhook-Handling & Codacy-Integration

- BasicAuthenticationAttribute: AllowAnonymous-Handling ergänzt, Fehlerbehandlung für ungültige Header verbessert, WWW-Authenticate-Header korrigiert, Credential-Handling robuster gestaltet. - WiseController: Webhook akzeptiert jetzt JSON und Text, asynchrone Verarbeitung, robustere Deserialisierung, <AllowAnonymous> auf Klassenebene. - WiseWebhookExampleProcessor: OpenAPI/Swagger-Doku erweitert (application/json & text/plain, Beispiele, flexiblere Schemas). - SwaggerConfig: Unsichtbares Zeichen entfernt. - .gitignore: Codacy-spezifische Anweisungen ausgeschlossen. - codacy.instructions.md: Neue Datei mit KI-Verhaltensregeln für Codacy-Analysen hinzugefügt.
2025-12-10 15:12:02 +01:00
parent a6cbf6ab56
commit 5c8daaabc0
6 changed files with 157 additions and 53 deletions
--- a/VERAG_REST_SERVER/App_Start/BasicAuthenticationAttribute.vb
+++ b/VERAG_REST_SERVER/App_Start/BasicAuthenticationAttribute.vb
@@ -1,36 +1,47 @@
-Imports System.Net
-Imports System.Net.Http
+Imports System.Net.Http
 Imports System.Security.Principal
 Imports System.Threading
+Imports System.Web.Http
 Imports System.Web.Http.Controllers
-Imports System.Web.Http.Filters
+Imports System.Text
 Imports VERAG_PROG_ALLGEMEIN
-
-
+Imports System.Net
+Imports System.Web.Http.Filters

 Public Class BasicAuthenticationAttribute
    Inherits AuthorizationFilterAttribute

    Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext)
+        ' Check for AllowAnonymous attribute on method or controller
+        If actionContext.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() OrElse
+           actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() Then
+            Return
+        End If
+
        Dim authHeader = actionContext.Request.Headers.Authorization

        If authHeader IsNot Nothing Then
-            Dim authenticationToken = actionContext.Request.Headers.Authorization.Parameter
-            Dim decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
-            Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
-            Dim userName = usernamePasswordArray(0)
-            Dim password = usernamePasswordArray(1)
-            'Dim hashedPW = BCrypt.Net.BCrypt.HashPassword(password)
-
-
-
-            Dim isValid = getCredentials(userName, password)
-
-            If isValid Then
-                Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
-                Thread.CurrentPrincipal = principal
-                'actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, "User " & userName & " successfully authenticated")
+            Dim authenticationToken = authHeader.Parameter
+            Dim decodedAuthenticationToken As String = ""
+            Try
+                decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
+            Catch
+                HandleUnathorized(actionContext)
                Return
+            End Try
+
+            Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
+            If usernamePasswordArray.Length >= 2 Then
+                Dim userName = usernamePasswordArray(0)
+                Dim password = usernamePasswordArray(1)
+
+                Dim isValid = getCredentials(userName, password)
+
+                If isValid Then
+                    Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
+                    Thread.CurrentPrincipal = principal
+                    Return
+                End If
            End If
        End If

@@ -38,28 +49,20 @@ Public Class BasicAuthenticationAttribute
    End Sub

    Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext)
-        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized)
-        actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://localhost:")
+        actionContext.Response = New HttpResponseMessage(HttpStatusCode.Unauthorized)
+        actionContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=""Data""")
    End Sub

    Private Shared Function getCredentials(user As String, password As String) As Boolean
-
        Dim SQL As New VERAG_PROG_ALLGEMEIN.SQL
        Dim authenticated As Boolean = False

+        ' Using SQL.DLookup as per previous context usage
        Dim hashedPassword = SQL.DLookup("hashedPassword", "tblRESTAuthentication", "username='" & user & "' AND type = 'REST'", "ADMIN", "")
        If hashedPassword <> "" Then
            authenticated = BCrypt.Net.BCrypt.Verify(password, hashedPassword)
        End If

        Return authenticated
-
    End Function
 End Class
-
-
-
-
-
-
-
--- a/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb
+++ b/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb
@@ -1,4 +1,4 @@
-Imports System.Web.Http
+Imports System.Web.Http
 Imports System.Web.Http.Description
 Imports System.Web.Routing
 Imports Microsoft.Extensions.Options
--- a/VERAG_REST_SERVER/App_Start/WiseWebhookExampleProcessor.vb
+++ b/VERAG_REST_SERVER/App_Start/WiseWebhookExampleProcessor.vb
@@ -1,22 +1,39 @@
+Imports NSwag
 Imports NSwag.Generation.Processors
 Imports NSwag.Generation.Processors.Contexts
 Imports NJsonSchema

-Public Class WiseWebhookExampleProcessor
-    Implements IOperationProcessor
+    Public Class WiseWebhookExampleProcessor
+        Implements IOperationProcessor

-    Public Function Process(context As OperationProcessorContext) As Boolean Implements IOperationProcessor.Process
+        Public Function Process(context As OperationProcessorContext) As Boolean Implements IOperationProcessor.Process
        If context.ControllerType.Name = "WiseController" AndAlso context.MethodInfo.Name = "Webhook" Then
            Dim operation = context.OperationDescription.Operation
-            If operation.RequestBody IsNot Nothing AndAlso operation.RequestBody.Content.ContainsKey("application/json") Then
-                Dim content = operation.RequestBody.Content("application/json")
-                content.Example = New With {
+            If operation.RequestBody Is Nothing Then
+                operation.RequestBody = New OpenApiRequestBody()
+                operation.RequestBody.IsRequired = False
+            End If
+
+            If Not operation.RequestBody.Content.ContainsKey("application/json") Then
+                operation.RequestBody.Content("application/json") = New OpenApiMediaType() With {
+                        .Schema = JsonSchema.CreateAnySchema()
+                    }
+            End If
+
+            If Not operation.RequestBody.Content.ContainsKey("text/plain") Then
+                operation.RequestBody.Content("text/plain") = New OpenApiMediaType() With {
+                        .Schema = JsonSchema.CreateAnySchema()
+                    }
+            End If
+
+            Dim jsonContent = operation.RequestBody.Content("application/json")
+                jsonContent.Example = New With {
                    .event_type = "balance.credit",
                    .data = New With {
                        .id = 123456789,
                        .balance_id = 99887766,
                        .amount = New With {
-                            .value = 1500.00,
+                            .value = 1500.0,
                            .currency = "EUR"
                        },
                        .occurred_at = "2025-12-06T10:15:30Z",
@@ -24,8 +41,10 @@ Public Class WiseWebhookExampleProcessor
                        .sender_name = "ACME GmbH"
                    }
                }
+
+                Dim textContent = operation.RequestBody.Content("text/plain")
+                textContent.Example = "hello world"
            End If
-        End If
-        Return True
-    End Function
-End Class
+            Return True
+        End Function
+    End Class