Detect rapid user activity - asp.net

I'm creating an ASP.Net MVC 5 website. In my website, there is a voting system which is very similar to the one StackOverflow uses. I have successfully created the system in which users submit the votes. However one neat feature of SO is that it prevents users from rapidly clicking vote buttons (i.e. voting too fast). Currently my Vote class is something like this:
public class RestaurantReviewVote
{
[Key]
public int ID { get; set; }
public virtual NormalUser User { get; set; }
public virtual ItemReview Reivew { get; set; }
[Range(-1, 1)]
public int Value { get; set; }
public DateTime Created { get; set; }
}
What I have in mind is to do something like this:
rapidActivity = db.Votes.Where(v => v.User.Id == userId && (DateTime.UtcNow - v.Created < THRESHOLD)).Any();
However, I think running this everytime a user submits a vote would be too much pressure on the database. (maybe I'm wrong) How can I do it with performance in mind?
PS:
If you think there's a better way to do the voting system, please tell me. I appreciate any kind of help. Thanks.

I think your solution is reasonable for throttling the votes. You can always cache the last vote time for the user if you don't want to query the database each time.
This could also be an edge case for performance. If the check only occurs when someone is voting, then you're not going to have to incur this penalty on every page load. Chances are you're going to have to do other queries to register a vote anyway, so you could wrap this up in your Vote() method:
(note that you can combine the Where() and the Any() methods)
public bool Vote(int restaurantId)
{
if (db.Votes.Any(v => v.User.Id == userId && (DateTime.UtcNow - v.Created < THRESHOLD))
{
throw new VoteException("You are voting too quickly");
}
...
}

Related

Update database items from the website

My current problem is (probably) not necessarily directly related to MVC 6, but how working with database actually works, and therefore any help/suggestions in this matter would be more than appreciated.
For the sake of this question, let's say that we have a very simple database with the following tables (C# classes) [we are using Entity Framework to work with the database]:
public class ShoppingUser
{
public int Id { get; set; }
public string UserName { get; set; }
public ICollection<ShoppingItem> Items { get; set; }
}
public class ShoppingItem
{
public int Id { get; set; }
public string Quantity { get; set; }
public string Text { get; set; }
public bool ToRemove { get; set; }//if item has been bought, it can be removed from the shopping list
}
This demo will be for a super duper simple shopping list app, where user (ShoppingUser who is registered in the system can have a List of ShoppingItem where user can decide on what is the text of the item (e.g. Bread, Butter, Tomatoes, ...) and also a quantity (3 pieces, 5kg, ... simple string)
Afterwards in my ASP.NET Core app, I have defined a repository which is communicating with the database and has access to the ShoppingItem class (as we are only interested in shopping items of currently logged in user).
Example of some method we could use here:
public IEnumerable<ShoppingItem> ReturnUserItems(string sUsername)
{
if (string.IsNullOrWhiteSpace(sUsername))
return null;
var result = _context.ShoppingUsers.Include(n => n.Items).Where(n => n.UserName == sUsername).FirstOrDefault();
if (result != null)
return result.Items;
else
return null;
}
Finally we have an API controller with JsonResult for either GET, POST, DELETE, ..., which is used for communication between client side AngularJs App and our server side logic.
Example of GET Method:
// GET: /<controller>/
[HttpGet("")]
public JsonResult Get(string sUserName)
{
try
{
var results = _repository.ReturnUserItems(User.Identity.Name);
if (results != null)
{
var result = Mapper.Map<IEnumerable<ShoppingItemViewModel>>(results);
return Json(result);
}
Response.StatusCode = (int)HttpStatusCode.OK;
}
catch (Exception ex)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return Json(new { Message = ex.Message });
}
return null;
}
Here comes the tricky part (at least for me). From video tutorials I have learned, that I should never (or almost never) expose my real database model to the website (I guess it's for security reasons). Due to that (as visible from my GET method above) I have declared my ShoppingItemViewModel which contains only properties I want to expose to the user (e.g. meaning that Id of my item is not visible).
This is how it looks like:
public class ShoppingItemViewModel
{
public string Quantity { get; set; }
[Required]
public string Text { get; set; }
[Required]
public bool ToRemove { get; set; }//if item has been bought, it can be removed from the shopping list
}
And for the communication from my AngularJS App I am using simple $http.get and $http.post calls for retrieving / posting updated data.
Finally the question:
My problem is, that if a user decides to either delete an item from his shopping list, or decides to change the content of either text / quantity (meaning that originally in the database it was tomatoes - 5 kg but he manages to buy only 2 kg and therefore changes the quantity to tomatoes - 3kg), how can the app understand which elements have actually been changed and how? The problem I have in this case is, that we are no longer exposing the database Id of the items.
If I was writing a desktop app, where I wouldn't have to create this sub view (ShoppingItemViewModel), my EntityFramework is intelligent enough to check & update all the changes in my database. Unfortunately in this case, I do not understand how this is achievable.
When I was thinking about it I came with the following: Add a new property into the ShoppingItem and ShoppingItemViewModel: public string sCustomKey {get; set; }, which would serve as a unique key for every item. This way, we no longer need to expose our database Id, but we are exposing the 'fake' one.
Second question:
I case my solution would be accurate, what is the best way to update items in the database? The only way I can think of is iterating through all the items in the database and manually check for changes?
Example of what I have in mind:
//IEnumerable<ShoppingItem> would be re-mapped result of ShoppingItemViewModel we have received back from the website
public void UpdateValues(IEnumerable<ShoppingItem> items, string sUserName)
{
//retrieves list of shopping items for specified customer
var allItems = _context.ShoppingUsers
.Include(n => n.Items)
.FirstOrDefault(n => n.UserName == sUserName);
//updates the values
foreach (var sItem in items)
{
var updatedItem = allItems.Items.FirstOrDefault(n => n.Text == sItem.sCustomKey);
if (updatedItem == null)
{
//create new item
var newItem = new ShoppingItem();
newItem.Text = sItem.Text;
newItem.ToRemove = sItem.ToRemove;
allItems.Items.Add(newItem);
}
else
updatedItem.ToRemove = sItem.ToRemove;
}
_context.SaveChanges();
}
But this approach does not seem right to me.
Any help regarding these matters would be more than appreciated as I am still learning how to work with ASP.NET Core and web projects.
In your first question, exposing the item ID in the ViewModels is fine. In your domain layer, you can add validation logic that those ID exists/valid item.
Alternatively, you can use a Guid for your item/product because the ID (int) can easily be predicted.
As far as updating the items, you should not use the "username" as Identifier (of the cart) because that can be predicted/altered by the calling client. You can use Guid either persisted(to Db) or
in-memory. You can add validation as well if this Guid belongs to this username/emailAddress. So updating the items in the cart, consider adding/removing one at a time if that is doable
instead of sending list of items.
I think you have misunderstood something.
Here comes the tricky part (at least for me). From video tutorials I have learned, that I should never (or almost never) expose my real database model to the website (I guess it's for security reasons). Due to that (as visible from my GET method above) I have declared my ShoppingItemViewModel which contains only properties I want to expose to the user (e.g. meaning that Id of my item is not visible).
ViewModel <=> Domain Model <=> ReadModel (Database Model)
The point is that you shouldn't use your ReadModel(Database model) as your ViewModel in Presentation Layer (MVC). All three models will have identity.

Having difficulty trying to come up with an effective linq lambda expression

Stats:
ASP.NET 4.5.2
MVC 5
Identity 2.2
I am able to make the SQL statement, as I know SQL decently enough, but I am rather new to the whole LINQ Lambda thing.
I have also looked into the two tools most often cited for this job, but sorry -- Linqer is unable to run because the Microsoft tool it uses to create the SQL connection (the dbml file) refuses to install on my Win8.1 system, and LinqPad doesn’t provide an actual translation until you actually buy the product (which makes the “trial” fundamentally broken in the first place, IMHO: how can you possibly evaluate something that prevents you from conducting the action that you are evaluating?).
I am hoping that someone can take my SQL statement below and convert it into a proper LINQ Lambda expression that I can more effectively plug into my controller. This is also going to be a part of a multi-model display, such that multiple lambda expressions will be collated into a model that displays multiple outputs (very similar but slightly different outputs, one for users that shows only the user's dashboard, one for managers that also need the user's dashboard in addition to their managerial dashboard).
My expression is thus:
SELECT
co.CompanyId
, co.CompanyName
, co.CompanyCity
, co.NumberOfEmployees
, co.ProspectingScore
, po.ProvinceAbbr
, cd.PDFResourceLibrary
, cd.PresentationDone
, cd.MOUDone
FROM Company AS co
LEFT JOIN Province AS po ON co.ProvinceId = po.ProvinceId
OUTER APPLY (SELECT TOP 1 MAX(CycleDate) AS CycleDate, PDFResourceLibrary, PresentationDone, MOUDone FROM Cycle AS cy (NOLOCK) WHERE cy.CompanyId = co.CompanyId GROUP BY PDFResourceLibrary, PresentationDone, MOUDone) AS cd
WHERE co.RegionId = '66BD50DD-B6CB-E511-8265-14FEB5FBEAE8'
ORDER BY co.ProspectingScore DESC
For simplicity's sake, the po.ProvinceAbbr and its associated left join can be dropped, the RegionID will be brought in via a variable pulled from a claim, and if need be you can use wildcards (*) instead of named fields for all tables except for the MAX requirement on the Outer Apply (there are more than one cycles per company, I just want to bring back the most recent cycle by date). What you see above is the absolute minimum number of items needed to be pulled to populate the front end.
I have created the appropriate Models in my model namespace:
public class HomeViewModel {
public IEnumerable<DashboardUserData> RegionalCompanies { get; set; }
public IEnumerable<Company> AllOtherCompanies { get; set; }
}
public class DashboardUserData {
public Guid CompanyId { get; set; }
public string CompanyName { get; set; }
public string CompanyCity { get; set; }
public string ProvinceAbbr { get; set; }
public int? NumberOfEmployees { get; set; }
public int? ProspectingScore { get; set; }
public bool? PDFResourceLibrary { get; set; }
public bool? PresentationDone { get; set; }
public bool? MOUDone { get; set; }
}
And I hope to attach the lambda expression to the RegionalCompanies as shown in the model.
As an example, the AllOtherCompanies (which is the Managerial dashboard) has as its original lambda expression the following:
viewModel.AllOtherCompanies = await db.Company.Where(c => c.RegionId != regionId).Include(c => c.Province).ToListAsync();
So you can see that I am at least halfway there -- I am able to bring in the Company table, but I have no clue how to include the Cycle table for each company such that only the most recent Cycle is included with the company and all others are dropped.
Frankly, with the lambda I am still unsure as to how to connect the Cycle table such that only the most recent cycle (by date) is chosen. All other cycles for any company MUST be ignored and dropped, so from what I can tell neither a plain Join nor a GroupJoin would be effective here.
Suggestions?
Why don't you run it as SQL? Like:
var results = ctx.Companies.SqlQuery("SELECT ...", "66BD50DD-B6CB-E511-8265-14FEB5FBEAE8");
Where the GUID is passed as a parameter and the results translated into Company. You need to declare it in the SQL as #p0.

ASP.NET mvc 3 Pagination / Keeping track of last page

I am new to asp and have written a project that will connect to a database, retrieve number records and then present those records to the user in a paginated table. The user can then click on a record to edit, make the edit, save the change and be returned to the original table view. The update page is strongly typed.
I am struggling to keep track of which pagination page was last viewed and then navigating back to it. I.e. if the user is on page 5 of 10, they then update a record in from page 5, when the edit is saved the table is shown again but it has gone back to page 1. What is the best method to keep track of the last pagination page?
Any help appreciated.
Chris
Typically I will pass the page number in form submissions, and then when redirecting after save, pass it as part of the query string, so your action can provide the correct page of data back to the view.
This also lets users bookmark specific pages, which can be useful, or even just refresh the current page if necessary, without losing their place.
You may also need to pass sort information, if that feature is available.
I've found it's nice to save it in viewstate:
ex:
ViewState("paging") = 1
In the end I used a session cookie on the server to keep track of the pages shown and last search. This meant I could navigate between pages/controller and keep track of which page was showing in each and didn't need to pass lots of parameters around. I added a new class:
public class SearchModel
{
public string TargetController { get; set; }
public string TargetMethod { get; set; }
public string OriginalSearchCriteria { get; set; }
public string NewSearchCriteria { get; set; }
public int Page { get; set; }
public void SetCriteria(String newCriteria, int pageIn)
{
if (!newCriteria.Equals(OriginalSearchCriteria))
{
OriginalSearchCriteria = newCriteria;
Page = 1;
}
else
{
Page = pageIn;
}
}
public void SetPage(int newPage)
{
if (newPage != 0)
Page = newPage;
}
}
In the controller I just added:
private SearchModel GetSearch()
{
SearchModel search = (SearchModel)Session["CgRefCodeSearch"];
if (search == null)
{
search = new SearchModel();
search.Page = 1;
search.OriginalSearchCriteria = "";
Session["CgRefCodeSearch"] = search;
}
return search;
}
On each function in the controller I could then reference this:
GetSearch().SetPage(page);
CurrentPage = GetSearch().Page etc...
This was based on stuff I read in this Pro ASP.NET MVC 3 Framework, Third Edition by Adam Freeman; Steven Sanderson. Its really simple but works OK.

How to implement nontrivial edit in ASP.NET Web Forms

Lets say we have these classes:
class Teacher {
public int Id { get; set; }
public string FullName { get; set; }
public List<Course> Courses { get; set; }
}
class Course {
public int Id { get; set; }
public string CourseName { get; set; }
}
Now lets say I have selected one Teacher instance from the list of teachers and I've been redirected to a page where I can edit what courses this teacher can teach. So there's a list of all the courses she can teach at the momemt (taken from the database) with a "remove" option and a dropdownlist of all available courses that a user can select; when a user selects a course from the dropdownlist, it gets added to a "she can teach" list. At the end is a "save" button.
But, when a users removes a course from the list or adds a course, I don't want to save it to the database until pressed "save" button. My question is: where to hold Teacher object and its child Course objects while being edited and before saved to database?
So far I've been using Session to hold the edited object; adding a new course just adds a child object to its collection, and removing a courses removes a child object from Session. Is that the best way to go on or is there something better (or at least, cleaner)?
Session should be fine, as long as you're ok with keeping all this in memory, and potentially losing it if the session is lost prematurely.
But if you're looking for persistence, I'd probably suggest a "pending" database table, where you can keep the pending transactions (adds and deletes) until they're ready to be saved. When you're on this screen, you combine the real data with the pending data, and when you save, you apply the pending changes to the real data and kill the pending changes.
If they cancel, all you have to do is delete the pending records.

ASP.NET; Several session variables or a "container object"?

I have several variables that I need to send from page to page...
What is the best way to do this?
Just send them one by one:
string var1 = Session["var1"] == null ? "" : Session["var1"].ToString();
int var2 = Session["var2"] == null ? 0 : int.Parse(Session["var2"].ToString());
and so on...
Or put them all in some kind of container-object?
struct SessionData
{
public int Var1 { get; set; }
public string Var2 { get; set; }
public int Var3 { get; set; }
}
--
SessionData data = Session["data"] as SessionData;
What is the best solution? What do you use?
A hybrid of the two is the most maintainable approach. The Session offers a low-impedance, flexible key-value pair store so it would be wasteful not to take advantage of that. However, for complex pieces of data that are always related to each other - for example, a UserProfile - it makes sense to have a deeply nested object.
If all the data that you're storing in the Session is related, then I would suggest consolodating it into a single object like your second example:
public class UserData
{
public string UserName { get; set; }
public string LastPageViewed { get; set; }
public int ParentGroupId { get; set; }
}
And then load everything once and store it for the Session.
However, I would not suggest bundling unrelated Session data into a single object. I would break each seperate group of related items into their own. The result would be something of a middleground between the two hardline approaches you provided.
I use a SessionHandler, which is a custom rolled class that looks like this
public static class SessionHandler
{
public static string UserId
{
get
{
return Session["UserId"];
}
set
{
Session["UserId"] = value;
}
}
}
And then in code I do
var user = myDataContext.Users.Where(u => u.UserId = SessionHandler.UserId).FirstOrDefault();
I don't think I've every created an object just to bundle other objects for storage in a session, so I'd probably go with the first option. That said, if you have such a large number of objects that you need to bundle them up to make it easier to work with, you might want to re-examine your architecture.
I've used both. In general, many session variable names leads to a possibility of collisions, which makes collections a litte more reliable. Make sure the collection content relates to a single responsibility, just as you would for any object. (In fact, business objects make excellent candidates for session objects.)
Two tips:
Define all session names as public static readonly variables, and make it a coding standard to use only these static variables when naming session data.
Second, make sure that every object is marked with the [Serializable] attribute. If you ever need to save session state out-of-process, this is essential.
The big plus of an object: properties are strongly-typed.

Resources