2020-09-03 17:35:06 +00:00
parent 5825b490fa
commit 3deaa13ce8
4 changed files with 165 additions and 15 deletions
--- a/server/AyaNova/Controllers/ReportController.cs
+++ b/server/AyaNova/Controllers/ReportController.cs
@@ -1,5 +1,6 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using System.Linq;
 using System.IO;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
@@ -191,7 +192,7 @@ namespace AyaNova.Api.Controllers
        /// <param name="reportDataParam">Data required for report</param>
        /// <param name="apiVersion">From route path</param>
        /// <returns></returns>
-        [HttpPost("object-report-data")]
+        [HttpPost("data")]
        public async Task<IActionResult> GetReportData([FromBody] ObjectReportDataParameter reportDataParam, ApiVersion apiVersion)
        {
            /*{
@@ -237,7 +238,7 @@ namespace AyaNova.Api.Controllers
        /// </summary>
        /// <param name="reportParam">report id and object id values for object type specified in report template</param>
        /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>downloadable pdf name</returns>
        [HttpPost("render")]
        public async Task<IActionResult> RenderReport([FromBody] RenderReportParameter reportParam, ApiVersion apiVersion)
        {
@@ -253,15 +254,61 @@ namespace AyaNova.Api.Controllers
            var API_URL = $"http://127.0.0.1:{httpConnectionFeature.LocalPort}/api/v8/";

            var result = await biz.RenderReport(reportParam, API_URL);
-            if (result == null)
+            if (string.IsNullOrWhiteSpace(result))
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
-                return new FileContentResult(result.RenderedOutput, result.MimeType);
+                return Ok(ApiOkResponse.Response(result));

        }


+        /// <summary>
+        /// Download a report file
+        /// </summary>
+        /// <param name="fileName"></param>
+        /// <param name="t">download token</param>
+        /// <returns></returns>
+        [HttpGet("download/{fileName}")]
+        public async Task<IActionResult> DownloadAsync([FromRoute] string fileName, [FromQuery] string t)
+        {
+            int nFailedAuthDelay = 3000;
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (string.IsNullOrWhiteSpace(t))
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var DownloadUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.DlKey == t && z.Active == true);
+            if (DownloadUser == null)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
+            if (DownloadUser.DlKeyExpire < utcNow.DateTime)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }

+            if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            }
+
+            if (!FileUtil.BackupFileExists(fileName))
+            {
+                await Task.Delay(nFailedAuthDelay);//fishing protection
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+            string mimetype = fileName.EndsWith("zip") ? "application/zip" : "application/octet-stream";
+            var utilityFilePath = FileUtil.GetFullPathForBackupFile(fileName);
+            await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, 0, AyaType.NoType, AyaEvent.UtilityFileDownload, fileName), ct);
+            return PhysicalFile(utilityFilePath, mimetype, fileName);
+
+        }

        // [HttpGet("render-test")]
        // [AllowAnonymous]
@@ -406,7 +453,7 @@ namespace AyaNova.Api.Controllers
        }


-        [HttpPost("post-poc")]      
+        [HttpPost("post-poc")]
        public async Task<IActionResult> PostProofOfConcept([FromBody] NameItem nameItem)
        {
            //https://test.helloayanova.com/api/v8/report/poc