Commit b7a4fe55 authored by Marcel Nellesen's avatar Marcel Nellesen
Browse files

Merge branch 'Hotfix/988-fixSpecialCharacters' into 'master'

Hotfix/988-fixSpecialCharacters

See merge request coscine/api/blobapi!6
parents 7056b8d7 8fdc73b7
......@@ -53,8 +53,8 @@
<Reference Include="Consul, Version=0.7.2.6, Culture=neutral, PublicKeyToken=20a6ad9a81df1d95, processorArchitecture=MSIL">
<HintPath>..\packages\Consul.0.7.2.6\lib\net45\Consul.dll</HintPath>
</Reference>
<Reference Include="Coscine.Api.WaterbutlerHelper, Version=1.1.0.0, Culture=neutral, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Api.WaterbutlerHelper.1.1.0\lib\net461\Coscine.Api.WaterbutlerHelper.dll</HintPath>
<Reference Include="Coscine.Api.WaterbutlerHelper, Version=1.1.1.0, Culture=neutral, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Api.WaterbutlerHelper.1.1.1\lib\net461\Coscine.Api.WaterbutlerHelper.dll</HintPath>
</Reference>
<Reference Include="Coscine.ApiCommons, Version=1.9.0.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.ApiCommons.1.9.0\lib\net461\Coscine.ApiCommons.dll</HintPath>
......
......@@ -140,13 +140,17 @@ namespace Coscine.Api.Blob.Controllers
// inferring a ../ (urlencoded) can manipulate the url.
// However the constructed signature for s3 won't match and it will not be resolved.
// This may be a problem for other provider!
[HttpGet("[controller]/{resourceId}/{path}")]
[HttpGet("[controller]/{resourceId}/{*path}")]
[DisableRequestSizeLimit]
public async Task<IActionResult> GetFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
{
return BadRequest("Path can not contain the sequence %2F.");
}
path = HttpUtility.UrlDecode(path);
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
......@@ -201,13 +205,17 @@ namespace Coscine.Api.Blob.Controllers
// inferring a ../ (urlencoded) can manipulate the url.
// However the constructed signature for s3 won't match and it will not be resolved.
// This may be a problem for other provider!
[HttpPut("[controller]/{resourceId}/{path}")]
[HttpPut("[controller]/{resourceId}/{*path}")]
[DisableRequestSizeLimit]
public async Task<IActionResult> UploadFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
{
return BadRequest("Path can not contain the sequence %2F.");
}
path = HttpUtility.UrlDecode(path);
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
......@@ -229,7 +237,7 @@ namespace Coscine.Api.Blob.Controllers
else
{
var provider = GetResourceTypeName(resource);
var infos = await _waterbutlerInterface.GetObjectInfoAsync("/" + path, provider, authHeader);
var infos = await _waterbutlerInterface.GetObjectInfoAsync(path, provider, authHeader);
// Not found, upload new
if (infos == null)
......@@ -277,12 +285,16 @@ namespace Coscine.Api.Blob.Controllers
}
}
[HttpDelete("[controller]/{resourceId}/{path}")]
[HttpDelete("[controller]/{resourceId}/{*path}")]
public async Task<IActionResult> DeleteFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
path = $"/{path}";
if (path.Contains("%2F") || path.Contains("%2f"))
{
return BadRequest("Path can not contain the sequence %2F.");
}
path = HttpUtility.UrlDecode(path);
var user = _authenticator.GetUser();
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
......
......@@ -3,7 +3,7 @@
<package id="AWSSDK.Core" version="3.3.107.8" targetFramework="net461" />
<package id="AWSSDK.S3" version="3.3.111.9" targetFramework="net461" />
<package id="Consul" version="0.7.2.6" targetFramework="net461" />
<package id="Coscine.Api.WaterbutlerHelper" version="1.1.0" targetFramework="net461" />
<package id="Coscine.Api.WaterbutlerHelper" version="1.1.1" targetFramework="net461" />
<package id="Coscine.ApiCommons" version="1.9.0" targetFramework="net461" />
<package id="Coscine.Configuration" version="1.5.0" targetFramework="net461" />
<package id="Coscine.Database" version="1.22.2" targetFramework="net461" />
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment