admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-09-03 18:30:00 +00:00
parent 3deaa13ce8
commit 01b93829f4
4 changed files with 101 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
server/AyaNova/Controllers/ReportController.cs
View File

@@ -1,12 +1,13 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using System.Linq;
using System.IO;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.Features;
using Microsoft.Extensions.Logging;
using Microsoft.EntityFrameworkCore;
using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;
@@ -292,21 +293,21 @@ namespace AyaNova.Api.Controllers
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
{
await Task.Delay(nFailedAuthDelay);//DOS protection
return StatusCode(403, new ApiNotAuthorizedResponse());
}
// if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
// {
// await Task.Delay(nFailedAuthDelay);//DOS protection
// return StatusCode(403, new ApiNotAuthorizedResponse());
// }
if (!FileUtil.BackupFileExists(fileName))
if (!FileUtil.TemporaryFileExists(fileName))
{
await Task.Delay(nFailedAuthDelay);//fishing protection
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
string mimetype = fileName.EndsWith("zip") ? "application/zip" : "application/octet-stream";
var utilityFilePath = FileUtil.GetFullPathForBackupFile(fileName);
await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, 0, AyaType.NoType, AyaEvent.UtilityFileDownload, fileName), ct);
return PhysicalFile(utilityFilePath, mimetype, fileName);
var FilePath = FileUtil.GetFullPathForTemporaryFile(fileName);
// await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, 0, AyaType.NoType, AyaEvent.UtilityFileDownload, fileName), ct);
return PhysicalFile(FilePath, "application/pdf");
}