Removed public product listing endpoint (#240)

Refactored product retrieval by removing the public listing feature and enforcing authentication. Any unauthenticated access will now result in a 401 Unauthorized response. Resolves #239
AnalogIO · Dec 12, 2023 · 058db04 · 058db04
1 parent 1190b85
commit 058db04
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 22 deletions.
diff --git a/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs b/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs
@@ -8,7 +8,6 @@ namespace CoffeeCard.Library.Services.v2
 {
     public interface IProductService : IDisposable
     {
-        Task<IEnumerable<Product>> GetPublicProductsAsync();
         Task<IEnumerable<Product>> GetProductsForUserAsync(User user);
         Task<Product> GetProductAsync(int productId);
         Task<ChangedProductResponse> AddProduct(AddProductRequest product);

diff --git a/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs b/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs
@@ -21,11 +21,6 @@ public ProductService(CoffeeCardContext context)
             _context = context;
         }
 
-        public async Task<IEnumerable<Product>> GetPublicProductsAsync()
-        {
-            return await GetProductsAsync(UserGroup.Customer);
-        }
-
         public async Task<IEnumerable<Product>> GetProductsForUserAsync(User user)
         {
             return await GetProductsAsync(user.UserGroup);

diff --git a/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs b/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs
@@ -66,29 +66,18 @@ public async Task<IActionResult> UpdateProduct(UpdateProductRequest product)
         }
 
         /// <summary>
-        /// Returns a list of available products based on a account's user group
+        /// Returns a list of available products based on a account's user group.
         /// </summary>
         /// <returns>List of available products</returns>
         /// <response code="200">Successful request</response>
+        /// <response code="401">Invalid credentials</response>
         [HttpGet]
-        [AllowAnonymous]
         [ProducesResponseType(typeof(IEnumerable<ProductResponse>), StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
         public async Task<ActionResult<IEnumerable<ProductResponse>>> GetProducts()
         {
-            IEnumerable<Product> products;
-            try
-            {
-                // Try find user from potential login token
-                var user = await _claimsUtilities.ValidateAndReturnUserFromClaimAsync(User.Claims);
-                products = await _productService.GetProductsForUserAsync(user);
-            }
-            catch (ApiException)
-            {
-                // No token found, retrieve customer products
-                products = await _productService.GetPublicProductsAsync();
-            }
-
-
+            var user = await _claimsUtilities.ValidateAndReturnUserFromClaimAsync(User.Claims);
+            var products = await _productService.GetProductsForUserAsync(user);
             return Ok(products.Select(MapProductToDto).ToList());
         }