Skip to content
Snippets Groups Projects
Commit 4b5b1a6d authored by Marcel Nellesen's avatar Marcel Nellesen
Browse files

Merge remote-tracking branch 'remotes/origin/master' into Topic/1292-FdsS3

parents c777643e 865c7d47
No related branches found
No related tags found
1 merge request!23Topic/1292 fds s3
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
<RootNamespace>Coscine.Api.Blob</RootNamespace> <RootNamespace>Coscine.Api.Blob</RootNamespace>
<AssemblyName>Coscine.Api.Blob</AssemblyName> <AssemblyName>Coscine.Api.Blob</AssemblyName>
<TargetFramework>net5.0</TargetFramework> <TargetFramework>net5.0</TargetFramework>
<Version>2.0.1</Version> <Version>2.1.0</Version>
</PropertyGroup> </PropertyGroup>
<PropertyGroup> <PropertyGroup>
<Authors>RWTH Aachen University</Authors> <Authors>RWTH Aachen University</Authors>
......
...@@ -142,25 +142,23 @@ namespace Coscine.Api.Blob.Controllers ...@@ -142,25 +142,23 @@ namespace Coscine.Api.Blob.Controllers
[DisableRequestSizeLimit] [DisableRequestSizeLimit]
public async Task<IActionResult> GetFile(string resourceId, string path) public async Task<IActionResult> GetFile(string resourceId, string path)
{ {
var user = _authenticator.GetUser();
path = $"/{path}"; path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f")) var checkPath = CheckPath(path);
if (checkPath != null)
{ {
return BadRequest("Path can not contain the sequence %2F."); return checkPath;
} }
var checkResourceId = CheckResource(resourceId, out Resource resource);
var user = _authenticator.GetUser(); if (checkResourceId != null)
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{ {
return check; return checkResourceId;
} }
var checkUser = CheckUser(user, resource);
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member)) if (checkUser != null)
{ {
return Forbid("User does not have permission to the resource."); return checkUser;
} }
var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id); var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id);
try try
{ {
...@@ -169,7 +167,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -169,7 +167,6 @@ namespace Coscine.Api.Blob.Controllers
{ {
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\"."); return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
} }
var infos = await resourceTypeDefinition.GetEntry(resource.Id.ToString(), path, null, resourceTypeOptions); var infos = await resourceTypeDefinition.GetEntry(resource.Id.ToString(), path, null, resourceTypeOptions);
var response = await resourceTypeDefinition.LoadEntry(resource.Id.ToString(), path, null, resourceTypeOptions); var response = await resourceTypeDefinition.LoadEntry(resource.Id.ToString(), path, null, resourceTypeOptions);
new FileExtensionContentTypeProvider().TryGetContentType(path.Substring(path.LastIndexOf("/")), out string contentType); new FileExtensionContentTypeProvider().TryGetContentType(path.Substring(path.LastIndexOf("/")), out string contentType);
...@@ -180,7 +177,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -180,7 +177,6 @@ namespace Coscine.Api.Blob.Controllers
{ {
return BadRequest($"Error in communication with the resource"); return BadRequest($"Error in communication with the resource");
} }
} }
/// <summary> /// <summary>
...@@ -193,26 +189,23 @@ namespace Coscine.Api.Blob.Controllers ...@@ -193,26 +189,23 @@ namespace Coscine.Api.Blob.Controllers
[DisableRequestSizeLimit] [DisableRequestSizeLimit]
public async Task<IActionResult> UploadFile(string resourceId, string path) public async Task<IActionResult> UploadFile(string resourceId, string path)
{ {
var user = _authenticator.GetUser();
path = $"/{path}"; path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f")) var checkPath = CheckPath(path);
if (checkPath != null)
{ {
return BadRequest("Path can not contain the sequence %2F."); return checkPath;
} }
var checkResourceId = CheckResource(resourceId, out Resource resource);
var user = _authenticator.GetUser(); if (checkResourceId != null)
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{ {
return check; return checkResourceId;
} }
var checkUser = CheckUser(user, resource);
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member)) if (checkUser != null)
{ {
return StatusCode((int)HttpStatusCode.Forbidden, return checkUser;
"User does not have permission to the resource.");
} }
var id = GenerateId(resourceId, path); var id = GenerateId(resourceId, path);
if (!_rdfStoreConnector.HasGraph(id.AbsoluteUri)) if (!_rdfStoreConnector.HasGraph(id.AbsoluteUri))
{ {
...@@ -229,7 +222,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -229,7 +222,6 @@ namespace Coscine.Api.Blob.Controllers
{ {
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\"."); return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
} }
ResourceEntry infos = null; ResourceEntry infos = null;
try try
{ {
...@@ -258,25 +250,23 @@ namespace Coscine.Api.Blob.Controllers ...@@ -258,25 +250,23 @@ namespace Coscine.Api.Blob.Controllers
[HttpDelete("[controller]/{resourceId}/{*path}")] [HttpDelete("[controller]/{resourceId}/{*path}")]
public async Task<IActionResult> DeleteFile(string resourceId, string path) public async Task<IActionResult> DeleteFile(string resourceId, string path)
{ {
var user = _authenticator.GetUser();
path = $"/{path}"; path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f")) var checkPath = CheckPath(path);
if (checkPath != null)
{ {
return BadRequest("Path can not contain the sequence %2F."); return checkPath;
} }
var checkResourceId = CheckResource(resourceId, out Resource resource);
var user = _authenticator.GetUser(); if (checkResourceId != null)
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{ {
return check; return checkResourceId;
} }
var checkUser = CheckUser(user, resource);
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member)) if (checkUser != null)
{ {
return Forbid("User does not have permission to the resource."); return checkUser;
} }
try try
{ {
var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id); var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id);
...@@ -285,7 +275,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -285,7 +275,6 @@ namespace Coscine.Api.Blob.Controllers
{ {
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\"."); return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
} }
await resourceTypeDefinition.DeleteEntry(resource.Id.ToString(), path, resourceTypeOptions); await resourceTypeDefinition.DeleteEntry(resource.Id.ToString(), path, resourceTypeOptions);
LogAnalytics("Delete File", resourceId, path, user); LogAnalytics("Delete File", resourceId, path, user);
return NoContent(); return NoContent();
...@@ -304,7 +293,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -304,7 +293,6 @@ namespace Coscine.Api.Blob.Controllers
public async Task<IActionResult> IsResourceValid([FromBody] JToken resource) public async Task<IActionResult> IsResourceValid([FromBody] JToken resource)
{ {
var displayName = resource["type"]["displayName"].ToString().ToLower(); var displayName = resource["type"]["displayName"].ToString().ToLower();
var resourceTypeOptions = new Dictionary<string, string>(); var resourceTypeOptions = new Dictionary<string, string>();
if (displayName == "s3") if (displayName == "s3")
{ {
...@@ -319,7 +307,6 @@ namespace Coscine.Api.Blob.Controllers ...@@ -319,7 +307,6 @@ namespace Coscine.Api.Blob.Controllers
resourceTypeOptions.Add("repositoryUrl", resource["resourceTypeOption"]["RepositoryUrl"].ToString()); resourceTypeOptions.Add("repositoryUrl", resource["resourceTypeOption"]["RepositoryUrl"].ToString());
resourceTypeOptions.Add("repositoryNumber", resource["resourceTypeOption"]["RepositoryNumber"].ToString()); resourceTypeOptions.Add("repositoryNumber", resource["resourceTypeOption"]["RepositoryNumber"].ToString());
} }
try try
{ {
var resourceTypeDefinition = ResourceTypeFactory.CreateResourceTypeObject(displayName, _configuration); var resourceTypeDefinition = ResourceTypeFactory.CreateResourceTypeObject(displayName, _configuration);
...@@ -340,21 +327,10 @@ namespace Coscine.Api.Blob.Controllers ...@@ -340,21 +327,10 @@ namespace Coscine.Api.Blob.Controllers
/// <summary> /// <summary>
/// Tries to establish connection with resource and validates wether the given file/folder exists /// Tries to establish connection with resource and validates wether the given file/folder exists
/// </summary> /// </summary>
private IActionResult CheckResourceIdAndPath(string resourceId, string path, out Resource resource) private IActionResult CheckResource(string resourceId, out Resource resource)
{ {
resource = null; resource = null;
if (string.IsNullOrWhiteSpace(path))
{
return BadRequest($"Your path \"{path}\" is empty.");
}
Regex rgx = new Regex(@"[\:?*<>|]+");
if (rgx.IsMatch(path))
{
return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
}
if (!Guid.TryParse(resourceId, out Guid resourceGuid)) if (!Guid.TryParse(resourceId, out Guid resourceGuid))
{ {
return BadRequest($"{resourceId} is not a guid."); return BadRequest($"{resourceId} is not a guid.");
...@@ -378,11 +354,51 @@ namespace Coscine.Api.Blob.Controllers ...@@ -378,11 +354,51 @@ namespace Coscine.Api.Blob.Controllers
ResourceTypeModel resourceTypeModel = new ResourceTypeModel(); ResourceTypeModel resourceTypeModel = new ResourceTypeModel();
resource.Type = resourceTypeModel.GetById(resource.TypeId); resource.Type = resourceTypeModel.GetById(resource.TypeId);
} }
// All good // All good
return null; return null;
} }
/// <summary>
/// Checks if the path is valid
/// </summary>
/// <param name="path">path</param>
/// <returns>Statuscode 400 if the given path is not valid</returns>
public IActionResult CheckPath(string path)
{
if (string.IsNullOrWhiteSpace(path))
{
return BadRequest($"Your path \"{path}\" is empty.");
}
var rgx = new Regex(@"[\:?*<>|]+");
if (rgx.IsMatch(path))
{
return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
}
if (path.Contains("%2F") || path.Contains("%2f"))
{
return BadRequest("Path can not contain the sequence %2F.");
}
return null;
}
/// <summary>
/// Checks if the user has access to the resource
/// </summary>
/// <param name="user">user</param>
/// <param name="resource">resource</param>
/// <returns>Statuscode 403 if the user has no access</returns>
public IActionResult CheckUser(User user, Resource resource)
{
if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return Forbid("User does not have permission to the resource.");
}
return null;
}
/// <summary> /// <summary>
/// Writes an analytics log entry /// Writes an analytics log entry
/// </summary> /// </summary>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment