Add paging for batch and voucher lists.

Read encryption keys directly from config rather than deriving them from passwords.
Add date and nonce to login response credentials payload.

BulkPrintingAPI/Configuration/DataEncryptionOptions.cs

 
         public DataEncryptionOptions(IConfiguration configuration)
         {
-            DefaultKey = DeriveKey(configuration, "DefaultKey").GetBytes(32);
-            DefaultIterations = configuration.GetValue("DefaultIterations", _defaultIterations);
-            DefaultSaltLength = configuration.GetValue("DefaultSaltLength", _defaultSaltLength);
+            DefaultKey = GetKeyFromConfiguration(configuration, "DefaultKey", 32);
+            Iterations = configuration.GetValue("DefaultIterations", _defaultIterations);
+            SaltLength = configuration.GetValue("DefaultSaltLength", _defaultSaltLength);
             PasswordNoise = configuration.GetValue("PasswordFuzz", _defaultPasswordNoise);
         }
 
             return new Rfc2898DeriveBytes(password, saltSize, iterations);
         }
 
+        public static byte[] GetKeyFromConfiguration(IConfiguration configuration, string section,
+            int keyLength)
+        {
+            string encodedKey = configuration[section];
+            if (string.IsNullOrWhiteSpace(encodedKey))
+            {
+                throw new ArgumentException(string.Format("Missing '{0}' value", section),
+                    nameof(configuration));
+            }
+            var keyBytes = Convert.FromBase64String(encodedKey);
+            if (keyBytes.Length != keyLength)
+            {
+                throw new ArgumentException(string.Format("Invalid '{0}' length", section),
+                    nameof(configuration));
+            }
+            return keyBytes;
+        }
+
         public byte[] DefaultKey { get; set; }
 
-        public int DefaultIterations { get; set; }
+        public int Iterations { get; set; }
 
-        public int DefaultSaltLength { get; set; }
+        public int SaltLength { get; set; }
 
         public string PasswordNoise { get; set; }
     }

BulkPrintingAPI/Configuration/TokenAuthenticationOptions.cs

             Issuer = configuration.GetValue("Issuer", "bulk");
             Audience = configuration.GetValue("Audience", "bulk");
             Lifetime = TimeSpan.FromSeconds(configuration.GetValue("TokenLifetime", 600));
-            Key = new SymmetricSecurityKey(DataEncryptionOptions.DeriveKey(configuration, "Key")
-                .GetBytes(32));
+            Key = new SymmetricSecurityKey(
+                DataEncryptionOptions.GetKeyFromConfiguration(configuration, "Key", 32));
             SigningCredentials = new SigningCredentials(Key, SecurityAlgorithms.HmacSha256);
             EncryptingCredentials = new EncryptingCredentials(Key, "dir",
                 SecurityAlgorithms.Aes128CbcHmacSha256);

BulkPrintingAPI/Controllers/BatchesController.cs

 using BulkPrintingAPI.Configuration;
+using BulkPrintingAPI.Pagination;
 using MAX.Models;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 namespace BulkPrintingAPI.Controllers
 {
     [Produces("application/json")]
-    [Route("api/v1/[controller]")]
+    [Route("api/[controller]")]
     public class BatchesController : Controller
     {
         public class OrderRequest
         }
 
         [HttpGet]
-        public async Task<IEnumerable<Batch>> GetBatches()
+        public async Task<Page<Batch>> GetBatches([FromQuery] int page = 1,
+            [FromQuery] int pageSize = 100)
         {
             var credentials = await Utils.GetLoginCredentialsFromRequest(HttpContext, _context);
-            return BatchesForVendor(credentials.Vendor.Id)
-                .OrderByDescending(b => b.OrderDate);
+            return await Page<Batch>.GetPageAsync(
+                BatchesForVendor(credentials.Vendor.Id).OrderByDescending(b => b.OrderDate),
+                page, pageSize);
         }
 
         [HttpGet("{id}")]

BulkPrintingAPI/Controllers/LoginController.cs

 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Serialization;
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.IdentityModel.Tokens.Jwt;
 namespace BulkPrintingAPI.Controllers
 {
     [Produces("application/json")]
-    [Route("api/v1/[controller]")]
+    [Route("api/[controller]")]
     public class LoginController : Controller
     {
         public class LoginRequest
                 encryptingCredentials: _tokenAuthenticationOptions.EncryptingCredentials
             );
 
-            var derivedUserKey = DataEncryptionOptions.DeriveKey(credentials.Password +
-                _dataEncryptionOptions.PasswordNoise, _dataEncryptionOptions.DefaultSaltLength,
-                _dataEncryptionOptions.DefaultIterations);
-            var userKey = derivedUserKey.GetBytes(32);
-
-            var payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
-                JsonConvert.SerializeObject(new
-                    {
-                        user = credentials.User,
-                        vendor = credentials.Vendor,
-                        encryptedDatabasePassword = Convert.ToBase64String(Utils.AesReEncrypt(
-                            credentials.Vendor.EncryptedDatabasePassword,
-                            _dataEncryptionOptions.DefaultKey,
-                            userKey)),
-                        encryptedVoucherKey = Convert.ToBase64String(Utils.AesReEncrypt(
-                            credentials.Vendor.EncryptedVoucherKey,
-                            _dataEncryptionOptions.DefaultKey,
-                            userKey))
-                    })));
-
-            byte[] signature;
-            using (var hmac = new System.Security.Cryptography.HMACSHA256() { Key = userKey })
+            using (var derivedBytes = DataEncryptionOptions.DeriveKey(credentials.Password +
+                _dataEncryptionOptions.PasswordNoise, _dataEncryptionOptions.SaltLength,
+                _dataEncryptionOptions.Iterations))
             {
-                signature = hmac.ComputeHash(Encoding.ASCII.GetBytes(payload));
-            }
+                var userKey = derivedBytes.GetBytes(32);
+
+                var payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                    JsonConvert.SerializeObject(
+                        new
+                        {
+                            date = DateTime.Now,
+                            nonce = await _tokenAuthenticationOptions.NonceGenerator(),
+                            user = credentials.User,
+                            vendor = credentials.Vendor,
+                            encryptedDatabasePassword = Convert.ToBase64String(Utils.AesReEncrypt(
+                                credentials.Vendor.EncryptedDatabasePassword,
+                                _dataEncryptionOptions.DefaultKey,
+                                userKey)),
+                            encryptedVoucherKey = Convert.ToBase64String(Utils.AesReEncrypt(
+                                credentials.Vendor.EncryptedVoucherKey,
+                                _dataEncryptionOptions.DefaultKey,
+                                userKey))
+                        },
+                        new JsonSerializerSettings
+                        {
+                            ContractResolver = new CamelCasePropertyNamesContractResolver()
+                        })));
+
+                byte[] signature;
+                using (var hmac = new System.Security.Cryptography.HMACSHA256() { Key = userKey })
+                {
+                    signature = hmac.ComputeHash(Encoding.ASCII.GetBytes(payload));
+                }
 
-            return Ok(new
+                return Ok(new
                 {
                     access_token = encodedJwt,
                     credentials = new
                     {
                         payload = payload,
-                        salt = Convert.ToBase64String(derivedUserKey.Salt),
-                        iterations = derivedUserKey.IterationCount,
+                        salt = Convert.ToBase64String(derivedBytes.Salt),
+                        iterations = derivedBytes.IterationCount,
                         signature = Convert.ToBase64String(signature)
                     },
                     expires_in = (int)_tokenAuthenticationOptions.Lifetime.TotalSeconds
                 });
+            }
         }
     }
 }

BulkPrintingAPI/Controllers/ProductsController.cs

 namespace BulkPrintingAPI.Controllers
 {
     [Produces("application/json")]
-    [Route("api/v1/[controller]")]
+    [Route("api/[controller]")]
     public class ProductsController : Controller
     {
         private readonly ILogger _logger;

BulkPrintingAPI/Controllers/VouchersController.cs

 using BulkPrintingAPI.Configuration;
+using BulkPrintingAPI.Pagination;
 using MAX.Models;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 namespace BulkPrintingAPI.Controllers
 {
     [Produces("application/json")]
-    [Route("api/v1/batches/{batchId}/[controller]")]
+    [Route("api/batches/{batchId}/[controller]")]
     public class VouchersController : Controller
     {
         private readonly ILogger _logger;
         }
 
         [HttpGet]
-        public async Task<IActionResult> GetVouchers([FromRoute] int batchId)
+        public async Task<IActionResult> GetVouchers([FromRoute] int batchId,
+            [FromQuery] int page = 1, [FromQuery] int pageSize = 100)
         {
             if (!ModelState.IsValid)
             {
             }
 
             var credentials = await Utils.GetLoginCredentialsFromRequest(HttpContext, _context);
-            return Ok(VouchersForBatchAndVendor(batchId, credentials.Vendor.Id)
-                .OrderBy(v => new { v.BatchId, v.SequenceNumber }));
+            return Ok(await Page<Voucher>.GetPageAsync(
+                VouchersForBatchAndVendor(batchId, credentials.Vendor.Id)
+                    .OrderBy(v => new { v.BatchId, v.SequenceNumber }),
+                page, pageSize));
         }
 
         [HttpGet("{sequenceNumber}")]
             return Ok(voucher);
         }
 
-
         private IQueryable<Voucher> VouchersForBatchAndVendor(int batchId, int vendorId)
         {
             return _context.Vouchers

BulkPrintingAPI/Migrations/20170705113945_InitialCreate.Designer.cs

 namespace BulkPrintingAPI.Migrations
 {
     [DbContext(typeof(MAXContext))]
-    [Migration("20170705113945_InitialCreate")]
+    [Migration("20170705205151_InitialCreate")]
     partial class InitialCreate
     {
         protected override void BuildTargetModel(ModelBuilder modelBuilder)

BulkPrintingAPI/Pagination/Page.cs

+using Microsoft.EntityFrameworkCore;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BulkPrintingAPI.Pagination
+{
+    public class Page<T>
+    {
+        public Page(List<T> items, int pageNumber, int pageSize, int totalItems)
+        {
+            Items = items;
+            PageNumber = pageNumber;
+            PageSize = pageSize;
+            TotalItems = totalItems;
+            NumPages = totalItems / pageSize + (totalItems % pageSize > 0 ? 1 : 0);
+        }
+
+        public List<T> Items { get; private set; }
+
+        public int TotalItems { get; private set; }
+
+        public int PageNumber { get; private set; }
+
+        public int PageSize { get; private set; }
+
+        public int NumPages { get; private set; }
+
+        public static async Task<Page<T>> GetPageAsync(IQueryable<T> query,
+            int pageNumber, int pageSize)
+        {
+            int count = await query.CountAsync().ConfigureAwait(false);
+            var items = await query
+                .Skip((pageNumber - 1) * pageSize)
+                .Take(pageSize)
+                .ToListAsync()
+                .ConfigureAwait(false);
+            return new Page<T>(items, pageNumber, pageSize, count);
+        }
+    }
+}

MAXClient/Utils.cs

         {
             using (var decryptor = des.CreateDecryptor(des.Key, des.IV))
             {
-                return Encoding.UTF8.GetString(Utils.Transform(decryptor, Convert.FromBase64String(cipherText)));
+                return Encoding.UTF8.GetString(Transform(decryptor, Convert.FromBase64String(cipherText)));
             }
         }
 
         {
             using (var encryptor = des.CreateEncryptor(des.Key, des.IV))
             {
-                return Convert.ToBase64String(Utils.Transform(encryptor, Encoding.UTF8.GetBytes(plainText)));
+                return Convert.ToBase64String(Transform(encryptor, Encoding.UTF8.GetBytes(plainText)));
             }
         }
 

MAXData/Json/DateFormatConverter.cs

+using Newtonsoft.Json.Converters;
+
+namespace MAX.Json
+{
+    public class DateFormatConverter : IsoDateTimeConverter
+    {
+        public DateFormatConverter(string format)
+        {
+            DateTimeFormat = format;
+        }
+    }
+}

MAXData/MAXModels.csproj

 
   <ItemGroup>
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="1.1.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
     <PackageReference Include="System.Runtime.Serialization.Primitives" Version="4.3.0" />
   </ItemGroup>
 

MAXData/Models/Account.cs

 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
+using System.Runtime.Serialization;
 
 namespace MAX.Models
 {
         [Required, MaxLength(50)]
         public string Reference { get; set; }
 
+        [IgnoreDataMember]
         public int WarehouseId { get; set; }
+
         public Warehouse Warehouse { get; set; }
 
+        [IgnoreDataMember]
         public ICollection<User> Users { get; set; }
 
+        [IgnoreDataMember]
         public ICollection<Vendor> Vendors { get; set; }
 
         public decimal Balance { get; set; }

MAXData/Models/Voucher.cs

-using System;
+using MAX.Json;
+using Newtonsoft.Json;
+using System;
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Runtime.Serialization;
 
         public int SequenceNumber { get; set; }
 
-        [Column(TypeName = "Date")]
+        [Column(TypeName = "Date"), JsonConverter(typeof(DateFormatConverter), "yyyy-MM-dd")]
         public DateTime ExpiryDate { get; set; }
         
         [Required, MaxLength(50)]

MAXData/Models/Warehouse.cs

 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
+using System.Runtime.Serialization;
 
 namespace MAX.Models
 {
         [Required, MaxLength(50)]
         public string Name { get; set; }
 
+        [IgnoreDataMember]
         public ICollection<Account> Accounts { get; set; }
     }
 }