Backup

server/AyaNova/Controllers/BackupController.cs

@@ -7,10 +7,9 @@ using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
 using AyaNova.Biz;
 using System.Threading.Tasks;
-using AyaNova.Biz;
-using Newtonsoft.Json.Linq;
 using AyaNova.Util;
-using System.Linq;
+using System;
+using Microsoft.AspNetCore.Http;
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 //************************************************************************************************************** */
@@ -103,6 +102,53 @@ namespace AyaNova.Api.Controllers
             return Ok(ApiOkResponse.Response(FileUtil.UtilityFileList()));
         }
 
+        /// <summary>
+        /// Download a backup file
+        /// </summary>
+        /// <param name="fileName"></param>
+        /// <param name="t">download token</param>
+        /// <returns></returns>
+        [HttpGet("download/{fileName}")]
+        public async Task<IActionResult> DownloadAsync([FromRoute] string fileName, [FromQuery] string t)
+        {
+            int nFailedAuthDelay = 3000;
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (string.IsNullOrWhiteSpace(t))
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var DownloadUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.DlKey == t && z.Active == true);
+            if (DownloadUser == null)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
+            if (DownloadUser.DlKeyExpire < utcNow.DateTime)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited))
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            }
+
+            var AvailableFiles = FileUtil.UtilityFileList();
+            if (!AvailableFiles.Contains(fileName))
+            {
+                await Task.Delay(nFailedAuthDelay);//fishing protection
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+            string mimetype = fileName.EndsWith("zip") ? "application/zip" : "application/octet-stream";
+            var utilityFilePath = FileUtil.GetFullPathForUtilityFile(fileName);
+            await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, 0, AyaType.NoType, AyaEvent.UtilityFileDownload, fileName), ct);
+            return PhysicalFile(utilityFilePath, mimetype);
+
+        }
 
 
     }//eoc