A robust, secure, and fully documented RESTful API for a Blogging platform. Built with ASP.NET Core 8.0, this project features advanced security logic, JWT authentication, and a clean Service-Repository architecture.
- Secure Authentication: Fully implemented JWT (JSON Web Token) authentication.
- Smart Authorization: Users can only Update or Delete their own posts and accounts.
- Account Safety: Automatic blocking of actions if an account is deleted, even if the Token is still valid.
- Relational Integrity: Comprehensive management of Users, BlogPosts, Categories, and Comments.
- Documentation: Interactive API testing via Swagger UI.
- Framework: .NET 8.0 (ASP.NET Core)
- Database: Entity Framework Core (SQL Server)
- Security: JWT Authentication, Password Hashing
- Architecture: Service-Repository Pattern
- Documentation: Swagger (Swashbuckle)
This project meets high-security standards by implementing:
-
Implicit User Identification: For user-specific actions (like updating profile or deleting account), the system identifies the user via the JWT Claim, eliminating the need to pass
userIdin the request body for better security. -
Strict Ownership Verification: Before any
UpdateorDeleteof a post, the system performs a three-step check:-
Authentication: Is the user logged in? (
$401$ ) -
Existence: Does the post/account exist? (
$404$ ) -
Ownership: Does the post belong to the current user? (
$403$ )
-
Authentication: Is the user logged in? (
- Active Account Verification: Every authorized request verifies that the user account still exists in the database. This prevents "Ghost Tokens" (valid tokens belonging to deleted accounts) from performing actions.
POST /api/User/Register- Create a new account.POST /api/User/Login- Authenticate and receive a JWT Token.PUT /api/User/Update- Update current user profile (identified by Token).DELETE /api/User/Delete- Delete current user account (identified by Token).
GET /api/BlogPost/All- Retrieve all blog posts.GET /api/BlogPost/Search- Search posts by title or content.GET /api/BlogPost/Filter- Filter posts by Category.POST /api/BlogPost/Create- Create a new post (Auto-linked to logged-in user).PUT /api/BlogPost/Update/{id}- Update a specific post (Ownership required).DELETE /api/BlogPost/Delete/{id}- Delete a specific post (Ownership required).
GET /api/Category/All- List all available categories.POST /api/Comment/Create- Post a comment on a blog post.
- Clone the Repository:
git clone https://github.com/Qian1507/BloggCommunityAPI.git
- Update Database Connection:
Update the
ConnectionStringsinappsettings.jsonto point to your local SQL Server instance. - Apply Migrations:
dotnet ef database update
- Run the Project:
dotnet run
- Test the API:
Open
https://localhost:[port]/swaggerin your browser to explore the API.
The project follows a clean separation of concerns:
-
Controllers: Handle HTTP requests and map status codes (
$200, 204, 401, 403, 404$ ). - Services: Encapsulate business logic and permission checks.
- Repositories: Manage data persistence using Entity Framework.
- DTOs: Ensure clean data transfer and hide sensitive database structures.
Developed as part of the Web Development Course Requirement.