Skip to content
GitLab
Commit 07f7731c authored by Marcel Nellesen's avatar Marcel Nellesen
Browse files

Merge branch 'Product/1301-cleanupblobApi' into 'Sprint/2021-04' 

Product/1301 cleanupblob api

See merge request !22
parents 74867704 d2208921
Hide whitespace changes
Inline Side-by-side
src/Blob/Controllers/BlobController.cs
View file @ 07f7731c
......@@ -142,25 +142,23 @@ namespace Coscine.Api.Blob.Controllers
[DisableRequestSizeLimit]
public async Task<IActionResult> GetFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
var checkPath = CheckPath(path);
if (checkPath != null)
{
return BadRequest("Path can not contain the sequence %2F.");
return checkPath;
}
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
var checkResourceId = CheckResource(resourceId, out Resource resource);
if (checkResourceId != null)
{
return check;
return checkResourceId;
}
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
var checkUser = CheckUser(user, resource);
if (checkUser != null)
{
return Forbid("User does not have permission to the resource.");
return checkUser;
}
var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id);
try
{
......@@ -169,7 +167,6 @@ namespace Coscine.Api.Blob.Controllers
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
var infos = await resourceTypeDefinition.GetEntry(resource.Id.ToString(), path, null, resourceTypeOptions);
var response = await resourceTypeDefinition.LoadEntry(resource.Id.ToString(), path, null, resourceTypeOptions);
new FileExtensionContentTypeProvider().TryGetContentType(path.Substring(path.LastIndexOf("/")), out string contentType);
......@@ -180,7 +177,6 @@ namespace Coscine.Api.Blob.Controllers
{
return BadRequest($"Error in communication with the resource");
}
}
/// <summary>
......@@ -193,30 +189,27 @@ namespace Coscine.Api.Blob.Controllers
[DisableRequestSizeLimit]
public async Task<IActionResult> UploadFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
var checkPath = CheckPath(path);
if (checkPath != null)
{
return BadRequest("Path can not contain the sequence %2F.");
return checkPath;
}
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
var checkResourceId = CheckResource(resourceId, out Resource resource);
if (checkResourceId != null)
{
return check;
return checkResourceId;
}
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
var checkUser = CheckUser(user, resource);
if (checkUser != null)
{
return StatusCode((int)HttpStatusCode.Forbidden,
"User does not have permission to the resource.");
return checkUser;
}
var id = GenerateId(resourceId, path);
if (!_rdfStoreConnector.HasGraph(id.AbsoluteUri))
{
return StatusCode((int)HttpStatusCode.Forbidden,
return StatusCode((int)HttpStatusCode.Forbidden,
"No metadataset has been added for this file.");
}
......@@ -229,7 +222,6 @@ namespace Coscine.Api.Blob.Controllers
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
ResourceEntry infos = null;
try
{
......@@ -238,7 +230,7 @@ namespace Coscine.Api.Blob.Controllers
catch
{
// do nothing
}
}
await resourceTypeDefinition.StoreEntry(resource.Id.ToString(), path, Request.Body, resourceTypeOptions);
LogAnalytics(infos == null ? "Upload File" : "Update File", resourceId, path, user);
return NoContent();
......@@ -258,25 +250,23 @@ namespace Coscine.Api.Blob.Controllers
[HttpDelete("[controller]/{resourceId}/{*path}")]
public async Task<IActionResult> DeleteFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
var checkPath = CheckPath(path);
if (checkPath != null)
{
return BadRequest("Path can not contain the sequence %2F.");
return checkPath;
}
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
var checkResourceId = CheckResource(resourceId, out Resource resource);
if (checkResourceId != null)
{
return check;
return checkResourceId;
}
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
var checkUser = CheckUser(user, resource);
if (checkUser != null)
{
return Forbid("User does not have permission to the resource.");
return checkUser;
}
try
{
var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id);
......@@ -285,7 +275,6 @@ namespace Coscine.Api.Blob.Controllers
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
await resourceTypeDefinition.DeleteEntry(resource.Id.ToString(), path, resourceTypeOptions);
LogAnalytics("Delete File", resourceId, path, user);
return NoContent();
......@@ -304,7 +293,6 @@ namespace Coscine.Api.Blob.Controllers
public async Task<IActionResult> IsResourceValid([FromBody] JToken resource)
{
var displayName = resource["type"]["displayName"].ToString().ToLower();
var resourceTypeOptions = new Dictionary<string, string>();
if (displayName == "s3")
{
......@@ -319,7 +307,6 @@ namespace Coscine.Api.Blob.Controllers
resourceTypeOptions.Add("repositoryUrl", resource["resourceTypeOption"]["RepositoryUrl"].ToString());
resourceTypeOptions.Add("repositoryNumber", resource["resourceTypeOption"]["RepositoryNumber"].ToString());
}
try
{
var resourceTypeDefinition = ResourceTypeFactory.CreateResourceTypeObject(displayName, _configuration);
......@@ -340,21 +327,10 @@ namespace Coscine.Api.Blob.Controllers
/// <summary>
/// Tries to establish connection with resource and validates wether the given file/folder exists
/// </summary>
private IActionResult CheckResourceIdAndPath(string resourceId, string path, out Resource resource)
private IActionResult CheckResource(string resourceId, out Resource resource)
{
resource = null;
if (string.IsNullOrWhiteSpace(path))
{
return BadRequest($"Your path \"{path}\" is empty.");
}
Regex rgx = new Regex(@"[\:?*<>|]+");
if (rgx.IsMatch(path))
{
return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
}
if (!Guid.TryParse(resourceId, out Guid resourceGuid))
{
return BadRequest($"{resourceId} is not a guid.");
......@@ -378,11 +354,51 @@ namespace Coscine.Api.Blob.Controllers
ResourceTypeModel resourceTypeModel = new ResourceTypeModel();
resource.Type = resourceTypeModel.GetById(resource.TypeId);
}
// All good
return null;
}
/// <summary>
/// Checks if the path is valid
/// </summary>
/// <param name="path">path</param>
/// <returns>Statuscode 400 if the given path is not valid</returns>
public IActionResult CheckPath(string path)
{
if (string.IsNullOrWhiteSpace(path))
{
return BadRequest($"Your path \"{path}\" is empty.");
}
var rgx = new Regex(@"[\:?*<>|]+");
if (rgx.IsMatch(path))
{
return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
}
if (path.Contains("%2F") || path.Contains("%2f"))
{
return BadRequest("Path can not contain the sequence %2F.");
}
return null;
}
/// <summary>
/// Checks if the user has access to the resource
/// </summary>
/// <param name="user">user</param>
/// <param name="resource">resource</param>
/// <returns>Statuscode 403 if the user has no access</returns>
public IActionResult CheckUser(User user, Resource resource)
{
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return Forbid("User does not have permission to the resource.");
}
return null;
}
/// <summary>
/// Writes an analytics log entry
/// </summary>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment