├── SurveyWebAPI ├── users.db ├── appsettings.Development.json ├── appsettings.json ├── ConfigurationManager.cs ├── DataContext │ └── ManageDataContext.cs ├── Program.cs ├── Properties │ └── launchSettings.json ├── Models │ └── UserInfo.cs ├── SurveyWebAPI.csproj ├── Controllers │ ├── TokenController.cs │ └── UserInfoController.cs ├── Startup.cs └── PasswordStorage.cs ├── README.md ├── SurveyWebAPI.sln ├── .gitattributes ├── .gitignore └── LICENSE /SurveyWebAPI/users.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/circler3/DemoWebAPI/HEAD/SurveyWebAPI/users.db -------------------------------------------------------------------------------- /SurveyWebAPI/appsettings.Development.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Debug", 5 | "System": "Information", 6 | "Microsoft": "Information" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /SurveyWebAPI/appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "ConnectionStrings": { 3 | "ServerConnection": "Data Source=users.db;" 4 | }, 5 | "Logging": { 6 | "LogLevel": { 7 | "Default": "Warning" 8 | } 9 | }, 10 | "Jwt": { 11 | "Key": "WEs25fa/8Ob`8fc=3NDVEQ!r", 12 | "Issuer": "APIServer", 13 | "Audience": "JwtAudience" 14 | }, 15 | "AllowedHosts": "*", 16 | "Url": "http://*:8088" 17 | } 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SurveyWebAPI 2 | A demo asp.net core 3.1 WebAPI with token protection. 3 | 4 | For detailed information, see [https://www.cnblogs.com/podolski/p/12737463.html](https://www.cnblogs.com/podolski/p/12737463.html) 5 | 6 | This demo is designed as a scafford of small project which requires token protection stay with WebAPI. Therefore you can deploy your **PROTECTED** API logics without a heavy IdentityServer. 7 | 8 | It leverages the following technologies: 9 | - RESTful 10 | - Swagger 11 | - ASP.NET Core 3.1 12 | - C# 8 nullable 13 | - JWT 14 | - EF Core 15 | 16 | > There is a admin account named `admin` with password `123` already in database. -------------------------------------------------------------------------------- /SurveyWebAPI/ConfigurationManager.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.Extensions.Configuration; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.IO; 5 | using System.Linq; 6 | using System.Threading.Tasks; 7 | 8 | namespace SurveyWebAPI 9 | { 10 | public class ConfigurationManager 11 | { 12 | public static readonly IConfiguration Configuration; 13 | static ConfigurationManager() 14 | { 15 | Configuration = new ConfigurationBuilder() 16 | .SetBasePath(Directory.GetCurrentDirectory()) 17 | .AddJsonFile("appsettings.json", optional: true) 18 | .Build(); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /SurveyWebAPI/DataContext/ManageDataContext.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.EntityFrameworkCore; 2 | using Microsoft.Extensions.Configuration; 3 | using SurveyWebAPI.Models; 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using System.Threading.Tasks; 8 | 9 | namespace SurveyWebAPI.DataContext 10 | { 11 | public class ManageDataContext : DbContext 12 | { 13 | public DbSet UserInfos { get; set; } = default!; 14 | 15 | 16 | protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder) 17 | { 18 | base.OnConfiguring(optionsBuilder); 19 | optionsBuilder.UseSqlite(ConfigurationManager.Configuration.GetConnectionString("ServerConnection"));//配置连接字符串 20 | } 21 | } 22 | 23 | } 24 | 25 | -------------------------------------------------------------------------------- /SurveyWebAPI/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Threading.Tasks; 6 | using Microsoft.AspNetCore; 7 | using Microsoft.AspNetCore.Hosting; 8 | using Microsoft.Extensions.Configuration; 9 | using Microsoft.Extensions.Hosting; 10 | using Microsoft.Extensions.Logging; 11 | 12 | namespace SurveyWebAPI 13 | { 14 | public class Program 15 | { 16 | public static void Main(string[] args) 17 | { 18 | CreateHostBuilder(args).Build().Run(); 19 | } 20 | 21 | public static IHostBuilder CreateHostBuilder(string[] args) => 22 | Host.CreateDefaultBuilder(args) 23 | .ConfigureWebHostDefaults(webBuilder => 24 | { 25 | webBuilder.UseStartup(); 26 | }); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /SurveyWebAPI/Properties/launchSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json.schemastore.org/launchsettings.json", 3 | "iisSettings": { 4 | "windowsAuthentication": false, 5 | "anonymousAuthentication": true, 6 | "iisExpress": { 7 | "applicationUrl": "http://localhost:61433", 8 | "sslPort": 0 9 | } 10 | }, 11 | "profiles": { 12 | "IIS Express": { 13 | "commandName": "IISExpress", 14 | "launchBrowser": true, 15 | "launchUrl": "swagger", 16 | "environmentVariables": { 17 | "ASPNETCORE_ENVIRONMENT": "Development" 18 | } 19 | }, 20 | "SurveyWebAPI": { 21 | "commandName": "Project", 22 | "launchBrowser": true, 23 | "launchUrl": "swagger", 24 | "applicationUrl": "http://localhost:8088", 25 | "environmentVariables": { 26 | "ASPNETCORE_ENVIRONMENT": "Development" 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /SurveyWebAPI.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29709.97 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SurveyWebAPI", "SurveyWebAPI\SurveyWebAPI.csproj", "{68300C76-636D-4CF4-B6AB-81E51918E436}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {68300C76-636D-4CF4-B6AB-81E51918E436}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {68300C76-636D-4CF4-B6AB-81E51918E436}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {68300C76-636D-4CF4-B6AB-81E51918E436}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {68300C76-636D-4CF4-B6AB-81E51918E436}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {0E9DBF67-C7C6-4E4D-B441-BCCD7C608B3D} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /SurveyWebAPI/Models/UserInfo.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel.DataAnnotations; 4 | using System.ComponentModel.DataAnnotations.Schema; 5 | using System.Linq; 6 | using System.Runtime.Serialization; 7 | using System.Threading.Tasks; 8 | 9 | namespace SurveyWebAPI.Models 10 | { 11 | [DataContract] 12 | [Table("userinfo")] 13 | public class UserInfo 14 | { 15 | [DataMember] 16 | [Key] 17 | public string UserName { get; set; } = default!; 18 | //传输的过程中会用到密码,但是这个密码不应该被存入数据库中。 19 | [NotMapped] 20 | [DataMember] 21 | public string? Password { get; set; } 22 | //传输的过程中不会用到密码哈希值,但是哈希值需要存入数据库中。 23 | [IgnoreDataMember] 24 | public string? PasswordHash { get; set; } 25 | [DataMember] 26 | public string? Role { get; set; } 27 | 28 | public static string GetRole(string? role) 29 | { 30 | if (string.IsNullOrWhiteSpace(role)) return "User"; 31 | return role.ToLower() switch 32 | { 33 | "admin" => "Admin", 34 | "supervisor" => "Supervisor", 35 | _ => "User" 36 | }; 37 | } 38 | 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /SurveyWebAPI/SurveyWebAPI.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp3.1 5 | enable 6 | 7 | 8 | 9 | bin\Debug\SurveyWebAPI.xml 10 | bin\Debug\ 11 | 1701;1702;1591 12 | DEBUG;TRACE 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | all 27 | runtime; build; native; contentfiles; analyzers; buildtransitive 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /SurveyWebAPI/Controllers/TokenController.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.AspNetCore.Authorization; 2 | using Microsoft.AspNetCore.Cors; 3 | using Microsoft.AspNetCore.Mvc; 4 | using Microsoft.Extensions.Configuration; 5 | using Microsoft.IdentityModel.Tokens; 6 | using SurveyWebAPI.DataContext; 7 | using SurveyWebAPI.Models; 8 | using System; 9 | using System.IdentityModel.Tokens.Jwt; 10 | using System.Linq; 11 | using System.Security.Claims; 12 | using System.Text; 13 | 14 | namespace SurveyWebAPI.Controllers 15 | { 16 | [EnableCors("AllowAll")] 17 | [Consumes("application/json", "application/x-www-form-urlencoded")] 18 | [Route("api/[controller]")] 19 | [ApiController] 20 | public class TokenController : ControllerBase 21 | { 22 | private IConfiguration _config; 23 | 24 | public TokenController(IConfiguration config) 25 | { 26 | _config = config; 27 | } 28 | 29 | [AllowAnonymous] 30 | [HttpPost] 31 | public ActionResult Post(UserInfo login) 32 | { 33 | ActionResult response = BadRequest("登录失败,请检查用户名和密码"); 34 | var user = AuthenticateUser(login); 35 | 36 | if (user != null) 37 | { 38 | var tokenString = GenerateJSONWebToken(user); 39 | response = Ok(new { access_token = tokenString, role = user.Role }); 40 | } 41 | 42 | return response; 43 | } 44 | 45 | [AllowAnonymous] 46 | [HttpGet] 47 | public IActionResult Get() 48 | { 49 | IActionResult response = Unauthorized(); 50 | return response; 51 | } 52 | 53 | private string GenerateJSONWebToken(UserInfo userInfo) 54 | { 55 | var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"])); 56 | var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); 57 | 58 | var claims = new[] { 59 | new Claim(JwtRegisteredClaimNames.Sub, userInfo.UserName), 60 | new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), 61 | new Claim(ClaimTypes.Role, userInfo.Role), 62 | }; 63 | 64 | var token = new JwtSecurityToken(null, 65 | null, 66 | claims, 67 | expires: DateTime.Now.AddMinutes(120), 68 | signingCredentials: credentials); 69 | 70 | return new JwtSecurityTokenHandler().WriteToken(token); 71 | } 72 | 73 | private UserInfo? AuthenticateUser(UserInfo login) 74 | { 75 | UserInfo? user = null; 76 | if (string.IsNullOrWhiteSpace(login.Password)) return user; 77 | 78 | using (var context = new ManageDataContext()) 79 | { 80 | var result = context.UserInfos.Where(w => w.UserName.ToLower() == login.UserName.ToLower()).FirstOrDefault(); 81 | if (result != null) 82 | if (PasswordStorage.VerifyPassword(login.Password, result.PasswordHash!)) user = result; 83 | } 84 | 85 | return user; 86 | } 87 | } 88 | } -------------------------------------------------------------------------------- /SurveyWebAPI/Controllers/UserInfoController.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.AspNetCore.Authorization; 2 | using Microsoft.AspNetCore.Cors; 3 | using Microsoft.AspNetCore.Mvc; 4 | using SurveyWebAPI.DataContext; 5 | using SurveyWebAPI.Models; 6 | using System.Collections.Generic; 7 | using System.Linq; 8 | using System.Threading.Tasks; 9 | using static Microsoft.AspNetCore.Http.StatusCodes; 10 | 11 | namespace SurveyWebAPI.Controllers 12 | { 13 | [EnableCors("AllowAll")] 14 | [Route("api/[controller]")] 15 | //只有角色为Admin可以访问 16 | [Authorize(Roles = "Admin")] 17 | //如果需要增加种子数据,可以注释上面这行,取消注释下面这一行 18 | //[AllowAnonymous] 19 | [ApiController] 20 | public class UserInfoController : ControllerBase 21 | { 22 | private readonly ManageDataContext _context; 23 | public UserInfoController(ManageDataContext context) 24 | { 25 | _context = context; 26 | } 27 | /// 28 | /// 无参GET请求 29 | /// 30 | /// 31 | [HttpGet()] 32 | [ProducesResponseType(typeof(IEnumerable), Status200OK)] 33 | public async Task Get() 34 | { 35 | return Ok(_context.UserInfos.ToArray()); 36 | } 37 | /// 38 | /// 有参GET请求 39 | /// 40 | /// 用户编号id 41 | /// 42 | [HttpGet("{id}")] 43 | [ProducesResponseType(typeof(UserInfo), Status200OK)] 44 | [ProducesResponseType(typeof(string), Status404NotFound)] 45 | public async Task Get(string id) 46 | { 47 | var res = await _context.UserInfos.FindAsync(id); 48 | if (res != null) return Ok(res); 49 | else return NotFound("Cannot find key."); 50 | } 51 | /// 52 | /// PUT请求,新增/覆盖一条数据。 53 | /// 54 | /// 用户JSON对象 55 | /// 是否执行成功 56 | [HttpPut] 57 | [ProducesResponseType(Status200OK)] 58 | [ProducesResponseType(typeof(string), Status400BadRequest)] 59 | public async Task Put([FromBody] Models.UserInfo value) 60 | { 61 | if (string.IsNullOrWhiteSpace(value.Password)) return BadRequest("Invalid password."); 62 | value.Role = UserInfo.GetRole(value.Role); 63 | value.PasswordHash = PasswordStorage.CreateHash(value.Password); 64 | var res = await _context.UserInfos.FindAsync(value.UserName); 65 | if (res != null) 66 | { 67 | _context.Entry(res).CurrentValues.SetValues(value); 68 | await _context.SaveChangesAsync(); 69 | return Ok(); 70 | } 71 | else 72 | { 73 | _context.UserInfos.Add(value); 74 | await _context.SaveChangesAsync(); 75 | return Ok(); 76 | } 77 | } 78 | 79 | /// 80 | /// Delete请求,删除一条数据 81 | /// 82 | /// 删除数据记录的id 83 | /// 是否执行成功 84 | [HttpDelete("{id}")] 85 | [ProducesResponseType(typeof(string), Status204NoContent)] 86 | [ProducesResponseType(typeof(string), Status404NotFound)] 87 | public async Task Delete(string id) 88 | { 89 | var res = await _context.UserInfos.FindAsync(id); 90 | if (res != null) 91 | { 92 | _context.UserInfos.Remove(res); 93 | await _context.SaveChangesAsync(); 94 | return NoContent(); 95 | } 96 | else return NotFound("Cannot find key."); 97 | } 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /SurveyWebAPI/Startup.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IdentityModel.Tokens.Jwt; 3 | using System.IO; 4 | using System.Reflection; 5 | using System.Text; 6 | using Microsoft.AspNetCore.Authentication.JwtBearer; 7 | using Microsoft.AspNetCore.Builder; 8 | using Microsoft.AspNetCore.Hosting; 9 | using Microsoft.AspNetCore.Http; 10 | using Microsoft.AspNetCore.Mvc; 11 | using Microsoft.Extensions.Configuration; 12 | using Microsoft.Extensions.DependencyInjection; 13 | using Microsoft.Extensions.Hosting; 14 | using Microsoft.IdentityModel.Tokens; 15 | using Microsoft.OpenApi.Models; 16 | using SurveyWebAPI.DataContext; 17 | using Swashbuckle.AspNetCore.Swagger; 18 | 19 | namespace SurveyWebAPI 20 | { 21 | public class Startup 22 | { 23 | public Startup(IConfiguration configuration) 24 | { 25 | Configuration = configuration; 26 | } 27 | 28 | public IConfiguration Configuration { get; } 29 | 30 | // This method gets called by the runtime. Use this method to add services to the container. 31 | public void ConfigureServices(IServiceCollection services) 32 | { 33 | services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0); 34 | services.AddControllers().AddNewtonsoftJson(); 35 | services.AddDbContext(); 36 | services.AddRazorPages(); 37 | services.AddSession(); 38 | services.AddServerSideBlazor(); 39 | services.AddCors(options => 40 | { 41 | options.AddDefaultPolicy( 42 | builder => 43 | { 44 | builder.AllowAnyOrigin(); 45 | }); 46 | 47 | options.AddPolicy("AllowAll", 48 | builder => 49 | { 50 | builder.AllowAnyOrigin() 51 | .AllowAnyHeader() 52 | .AllowAnyMethod(); 53 | }); 54 | 55 | }); 56 | services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) 57 | .AddJwtBearer(options => 58 | { 59 | options.TokenValidationParameters = new TokenValidationParameters 60 | { 61 | NameClaimType = JwtRegisteredClaimNames.Sub, 62 | ValidateLifetime = true, 63 | ValidateIssuerSigningKey = true, 64 | ValidateAudience = false, 65 | ValidateIssuer = false, 66 | IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])) 67 | }; 68 | }); 69 | 70 | services.AddSwaggerGen(option => 71 | { 72 | option.SwaggerDoc("v1", new OpenApiInfo 73 | { 74 | Version = "v1", 75 | Title = "SurveyWebAPI Swagger", 76 | Description = "SurveyWebAPI Swagger" 77 | }); 78 | // 加载程序集的xml描述文档 79 | var baseDirectory = System.AppDomain.CurrentDomain.BaseDirectory; 80 | if (baseDirectory == null) throw new ArgumentNullException("baseDirectory"); 81 | var xmlPath = Path.Combine(baseDirectory, System.AppDomain.CurrentDomain.FriendlyName + ".xml"); 82 | option.IncludeXmlComments(xmlPath); 83 | }); 84 | } 85 | 86 | // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. 87 | public void Configure(IApplicationBuilder app, IWebHostEnvironment env) 88 | { 89 | if (env.IsDevelopment()) 90 | { 91 | app.UseDeveloperExceptionPage(); 92 | } 93 | else 94 | { 95 | app.UseExceptionHandler("/Error"); 96 | } 97 | 98 | app.UseHttpsRedirection(); 99 | app.UseStaticFiles(); 100 | app.UseSession(); 101 | app.UseRouting(); 102 | 103 | app.UseCors("AllowAll"); 104 | 105 | app.UseAuthentication(); 106 | app.UseAuthorization(); 107 | 108 | app.UseEndpoints(endpoints => 109 | { 110 | endpoints.MapControllers(); 111 | endpoints.MapBlazorHub(); 112 | }); 113 | app.UseSwagger(); 114 | 115 | app.UseSwaggerUI(option => 116 | { 117 | option.SwaggerEndpoint("/swagger/v1/swagger.json", "SurveyWebAPI version 1.0"); 118 | //c.RoutePrefix = string.Empty;//设置根节点访问 119 | //c.ShowRequestHeaders(); 120 | }); 121 | } 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Build results 17 | [Dd]ebug/ 18 | [Dd]ebugPublic/ 19 | [Rr]elease/ 20 | [Rr]eleases/ 21 | x64/ 22 | x86/ 23 | [Aa][Rr][Mm]/ 24 | [Aa][Rr][Mm]64/ 25 | bld/ 26 | [Bb]in/ 27 | [Oo]bj/ 28 | [Ll]og/ 29 | 30 | # Visual Studio 2015/2017 cache/options directory 31 | .vs/ 32 | # Uncomment if you have tasks that create the project's static files in wwwroot 33 | #wwwroot/ 34 | 35 | # Visual Studio 2017 auto generated files 36 | Generated\ Files/ 37 | 38 | # MSTest test Results 39 | [Tt]est[Rr]esult*/ 40 | [Bb]uild[Ll]og.* 41 | 42 | # NUNIT 43 | *.VisualState.xml 44 | TestResult.xml 45 | 46 | # Build Results of an ATL Project 47 | [Dd]ebugPS/ 48 | [Rr]eleasePS/ 49 | dlldata.c 50 | 51 | # Benchmark Results 52 | BenchmarkDotNet.Artifacts/ 53 | 54 | # .NET Core 55 | project.lock.json 56 | project.fragment.lock.json 57 | artifacts/ 58 | 59 | # StyleCop 60 | StyleCopReport.xml 61 | 62 | # Files built by Visual Studio 63 | *_i.c 64 | *_p.c 65 | *_h.h 66 | *.ilk 67 | *.meta 68 | *.obj 69 | *.iobj 70 | *.pch 71 | *.pdb 72 | *.ipdb 73 | *.pgc 74 | *.pgd 75 | *.rsp 76 | *.sbr 77 | *.tlb 78 | *.tli 79 | *.tlh 80 | *.tmp 81 | *.tmp_proj 82 | *_wpftmp.csproj 83 | *.log 84 | *.vspscc 85 | *.vssscc 86 | .builds 87 | *.pidb 88 | *.svclog 89 | *.scc 90 | 91 | # Chutzpah Test files 92 | _Chutzpah* 93 | 94 | # Visual C++ cache files 95 | ipch/ 96 | *.aps 97 | *.ncb 98 | *.opendb 99 | *.opensdf 100 | *.sdf 101 | *.cachefile 102 | *.VC.db 103 | *.VC.VC.opendb 104 | 105 | # Visual Studio profiler 106 | *.psess 107 | *.vsp 108 | *.vspx 109 | *.sap 110 | 111 | # Visual Studio Trace Files 112 | *.e2e 113 | 114 | # TFS 2012 Local Workspace 115 | $tf/ 116 | 117 | # Guidance Automation Toolkit 118 | *.gpState 119 | 120 | # ReSharper is a .NET coding add-in 121 | _ReSharper*/ 122 | *.[Rr]e[Ss]harper 123 | *.DotSettings.user 124 | 125 | # JustCode is a .NET coding add-in 126 | .JustCode 127 | 128 | # TeamCity is a build add-in 129 | _TeamCity* 130 | 131 | # DotCover is a Code Coverage Tool 132 | *.dotCover 133 | 134 | # AxoCover is a Code Coverage Tool 135 | .axoCover/* 136 | !.axoCover/settings.json 137 | 138 | # Visual Studio code coverage results 139 | *.coverage 140 | *.coveragexml 141 | 142 | # NCrunch 143 | _NCrunch_* 144 | .*crunch*.local.xml 145 | nCrunchTemp_* 146 | 147 | # MightyMoose 148 | *.mm.* 149 | AutoTest.Net/ 150 | 151 | # Web workbench (sass) 152 | .sass-cache/ 153 | 154 | # Installshield output folder 155 | [Ee]xpress/ 156 | 157 | # DocProject is a documentation generator add-in 158 | DocProject/buildhelp/ 159 | DocProject/Help/*.HxT 160 | DocProject/Help/*.HxC 161 | DocProject/Help/*.hhc 162 | DocProject/Help/*.hhk 163 | DocProject/Help/*.hhp 164 | DocProject/Help/Html2 165 | DocProject/Help/html 166 | 167 | # Click-Once directory 168 | publish/ 169 | 170 | # Publish Web Output 171 | *.[Pp]ublish.xml 172 | *.azurePubxml 173 | # Note: Comment the next line if you want to checkin your web deploy settings, 174 | # but database connection strings (with potential passwords) will be unencrypted 175 | *.pubxml 176 | *.publishproj 177 | 178 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 179 | # checkin your Azure Web App publish settings, but sensitive information contained 180 | # in these scripts will be unencrypted 181 | PublishScripts/ 182 | 183 | # NuGet Packages 184 | *.nupkg 185 | # The packages folder can be ignored because of Package Restore 186 | **/[Pp]ackages/* 187 | # except build/, which is used as an MSBuild target. 188 | !**/[Pp]ackages/build/ 189 | # Uncomment if necessary however generally it will be regenerated when needed 190 | #!**/[Pp]ackages/repositories.config 191 | # NuGet v3's project.json files produces more ignorable files 192 | *.nuget.props 193 | *.nuget.targets 194 | 195 | # Microsoft Azure Build Output 196 | csx/ 197 | *.build.csdef 198 | 199 | # Microsoft Azure Emulator 200 | ecf/ 201 | rcf/ 202 | 203 | # Windows Store app package directories and files 204 | AppPackages/ 205 | BundleArtifacts/ 206 | Package.StoreAssociation.xml 207 | _pkginfo.txt 208 | *.appx 209 | 210 | # Visual Studio cache files 211 | # files ending in .cache can be ignored 212 | *.[Cc]ache 213 | # but keep track of directories ending in .cache 214 | !?*.[Cc]ache/ 215 | 216 | # Others 217 | ClientBin/ 218 | ~$* 219 | *~ 220 | *.dbmdl 221 | *.dbproj.schemaview 222 | *.jfm 223 | *.pfx 224 | *.publishsettings 225 | orleans.codegen.cs 226 | 227 | # Including strong name files can present a security risk 228 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 229 | #*.snk 230 | 231 | # Since there are multiple workflows, uncomment next line to ignore bower_components 232 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 233 | #bower_components/ 234 | 235 | # RIA/Silverlight projects 236 | Generated_Code/ 237 | 238 | # Backup & report files from converting an old project file 239 | # to a newer Visual Studio version. Backup files are not needed, 240 | # because we have git ;-) 241 | _UpgradeReport_Files/ 242 | Backup*/ 243 | UpgradeLog*.XML 244 | UpgradeLog*.htm 245 | ServiceFabricBackup/ 246 | *.rptproj.bak 247 | 248 | # SQL Server files 249 | *.mdf 250 | *.ldf 251 | *.ndf 252 | 253 | # Business Intelligence projects 254 | *.rdl.data 255 | *.bim.layout 256 | *.bim_*.settings 257 | *.rptproj.rsuser 258 | *- Backup*.rdl 259 | 260 | # Microsoft Fakes 261 | FakesAssemblies/ 262 | 263 | # GhostDoc plugin setting file 264 | *.GhostDoc.xml 265 | 266 | # Node.js Tools for Visual Studio 267 | .ntvs_analysis.dat 268 | node_modules/ 269 | 270 | # Visual Studio 6 build log 271 | *.plg 272 | 273 | # Visual Studio 6 workspace options file 274 | *.opt 275 | 276 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 277 | *.vbw 278 | 279 | # Visual Studio LightSwitch build output 280 | **/*.HTMLClient/GeneratedArtifacts 281 | **/*.DesktopClient/GeneratedArtifacts 282 | **/*.DesktopClient/ModelManifest.xml 283 | **/*.Server/GeneratedArtifacts 284 | **/*.Server/ModelManifest.xml 285 | _Pvt_Extensions 286 | 287 | # Paket dependency manager 288 | .paket/paket.exe 289 | paket-files/ 290 | 291 | # FAKE - F# Make 292 | .fake/ 293 | 294 | # JetBrains Rider 295 | .idea/ 296 | *.sln.iml 297 | 298 | # CodeRush personal settings 299 | .cr/personal 300 | 301 | # Python Tools for Visual Studio (PTVS) 302 | __pycache__/ 303 | *.pyc 304 | 305 | # Cake - Uncomment if you are using it 306 | # tools/** 307 | # !tools/packages.config 308 | 309 | # Tabs Studio 310 | *.tss 311 | 312 | # Telerik's JustMock configuration file 313 | *.jmconfig 314 | 315 | # BizTalk build output 316 | *.btp.cs 317 | *.btm.cs 318 | *.odx.cs 319 | *.xsd.cs 320 | 321 | # OpenCover UI analysis results 322 | OpenCover/ 323 | 324 | # Azure Stream Analytics local run output 325 | ASALocalRun/ 326 | 327 | # MSBuild Binary and Structured Log 328 | *.binlog 329 | 330 | # NVidia Nsight GPU debugger configuration file 331 | *.nvuser 332 | 333 | # MFractors (Xamarin productivity tool) working folder 334 | .mfractor/ 335 | 336 | # Local History for Visual Studio 337 | .localhistory/ 338 | 339 | # BeatPulse healthcheck temp database 340 | healthchecksdb -------------------------------------------------------------------------------- /SurveyWebAPI/PasswordStorage.cs: -------------------------------------------------------------------------------- 1 | // Codes from https://github.com/defuse/password-hashing 2 | 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Linq; 6 | using System.Security.Cryptography; 7 | using System.Threading.Tasks; 8 | 9 | namespace SurveyWebAPI 10 | { 11 | class InvalidHashException : Exception 12 | { 13 | public InvalidHashException() { } 14 | public InvalidHashException(string message) 15 | : base(message) { } 16 | public InvalidHashException(string message, Exception inner) 17 | : base(message, inner) { } 18 | } 19 | 20 | class CannotPerformOperationException : Exception 21 | { 22 | public CannotPerformOperationException() { } 23 | public CannotPerformOperationException(string message) 24 | : base(message) { } 25 | public CannotPerformOperationException(string message, Exception inner) 26 | : base(message, inner) { } 27 | } 28 | 29 | class PasswordStorage 30 | { 31 | // These constants may be changed without breaking existing hashes. 32 | public const int SALT_BYTES = 24; 33 | public const int HASH_BYTES = 18; 34 | public const int PBKDF2_ITERATIONS = 64000; 35 | 36 | // These constants define the encoding and may not be changed. 37 | public const int HASH_SECTIONS = 5; 38 | public const int HASH_ALGORITHM_INDEX = 0; 39 | public const int ITERATION_INDEX = 1; 40 | public const int HASH_SIZE_INDEX = 2; 41 | public const int SALT_INDEX = 3; 42 | public const int PBKDF2_INDEX = 4; 43 | 44 | public static string CreateHash(string password) 45 | { 46 | // Generate a random salt 47 | byte[] salt = new byte[SALT_BYTES]; 48 | try 49 | { 50 | using (var csprng = RandomNumberGenerator.Create()) 51 | { 52 | csprng.GetBytes(salt); 53 | } 54 | } 55 | catch (CryptographicException ex) 56 | { 57 | throw new CannotPerformOperationException( 58 | "Random number generator not available.", 59 | ex 60 | ); 61 | } 62 | catch (ArgumentNullException ex) 63 | { 64 | throw new CannotPerformOperationException( 65 | "Invalid argument given to random number generator.", 66 | ex 67 | ); 68 | } 69 | 70 | byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTES); 71 | 72 | // format: algorithm:iterations:hashSize:salt:hash 73 | String parts = "sha1:" + 74 | PBKDF2_ITERATIONS + 75 | ":" + 76 | hash.Length + 77 | ":" + 78 | Convert.ToBase64String(salt) + 79 | ":" + 80 | Convert.ToBase64String(hash); 81 | return parts; 82 | } 83 | 84 | public static bool VerifyPassword(string password, string goodHash) 85 | { 86 | char[] delimiter = { ':' }; 87 | string[] split = goodHash.Split(delimiter); 88 | 89 | if (split.Length != HASH_SECTIONS) 90 | { 91 | throw new InvalidHashException( 92 | "Fields are missing from the password hash." 93 | ); 94 | } 95 | 96 | // We only support SHA1 with C#. 97 | if (split[HASH_ALGORITHM_INDEX] != "sha1") 98 | { 99 | throw new CannotPerformOperationException( 100 | "Unsupported hash type." 101 | ); 102 | } 103 | 104 | int iterations = 0; 105 | try 106 | { 107 | iterations = Int32.Parse(split[ITERATION_INDEX]); 108 | } 109 | catch (ArgumentNullException ex) 110 | { 111 | throw new CannotPerformOperationException( 112 | "Invalid argument given to Int32.Parse", 113 | ex 114 | ); 115 | } 116 | catch (FormatException ex) 117 | { 118 | throw new InvalidHashException( 119 | "Could not parse the iteration count as an integer.", 120 | ex 121 | ); 122 | } 123 | catch (OverflowException ex) 124 | { 125 | throw new InvalidHashException( 126 | "The iteration count is too large to be represented.", 127 | ex 128 | ); 129 | } 130 | 131 | if (iterations < 1) 132 | { 133 | throw new InvalidHashException( 134 | "Invalid number of iterations. Must be >= 1." 135 | ); 136 | } 137 | 138 | byte[]? salt = null; 139 | try 140 | { 141 | salt = Convert.FromBase64String(split[SALT_INDEX]); 142 | } 143 | catch (ArgumentNullException ex) 144 | { 145 | throw new CannotPerformOperationException( 146 | "Invalid argument given to Convert.FromBase64String", 147 | ex 148 | ); 149 | } 150 | catch (FormatException ex) 151 | { 152 | throw new InvalidHashException( 153 | "Base64 decoding of salt failed.", 154 | ex 155 | ); 156 | } 157 | 158 | byte[]? hash = null; 159 | try 160 | { 161 | hash = Convert.FromBase64String(split[PBKDF2_INDEX]); 162 | } 163 | catch (ArgumentNullException ex) 164 | { 165 | throw new CannotPerformOperationException( 166 | "Invalid argument given to Convert.FromBase64String", 167 | ex 168 | ); 169 | } 170 | catch (FormatException ex) 171 | { 172 | throw new InvalidHashException( 173 | "Base64 decoding of pbkdf2 output failed.", 174 | ex 175 | ); 176 | } 177 | 178 | int storedHashSize = 0; 179 | try 180 | { 181 | storedHashSize = Int32.Parse(split[HASH_SIZE_INDEX]); 182 | } 183 | catch (ArgumentNullException ex) 184 | { 185 | throw new CannotPerformOperationException( 186 | "Invalid argument given to Int32.Parse", 187 | ex 188 | ); 189 | } 190 | catch (FormatException ex) 191 | { 192 | throw new InvalidHashException( 193 | "Could not parse the hash size as an integer.", 194 | ex 195 | ); 196 | } 197 | catch (OverflowException ex) 198 | { 199 | throw new InvalidHashException( 200 | "The hash size is too large to be represented.", 201 | ex 202 | ); 203 | } 204 | 205 | if (storedHashSize != hash.Length) 206 | { 207 | throw new InvalidHashException( 208 | "Hash length doesn't match stored hash length." 209 | ); 210 | } 211 | 212 | byte[] testHash = PBKDF2(password, salt, iterations, hash.Length); 213 | return SlowEquals(hash, testHash); 214 | } 215 | 216 | private static bool SlowEquals(byte[] a, byte[] b) 217 | { 218 | uint diff = (uint)a.Length ^ (uint)b.Length; 219 | for (int i = 0; i < a.Length && i < b.Length; i++) 220 | { 221 | diff |= (uint)(a[i] ^ b[i]); 222 | } 223 | return diff == 0; 224 | } 225 | 226 | private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes) 227 | { 228 | using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt)) 229 | { 230 | pbkdf2.IterationCount = iterations; 231 | return pbkdf2.GetBytes(outputBytes); 232 | } 233 | } 234 | } 235 | } 236 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2020 Podolski 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------