2020-06-25 16:00:39 +00:00
parent 248292fce2
commit 62a044e92e
2 changed files with 67 additions and 7 deletions
--- a/server/AyaNova/Controllers/TranslationController.cs
+++ b/server/AyaNova/Controllers/TranslationController.cs
@@ -1,5 +1,4 @@
 using System.Collections.Generic;
-using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -12,6 +11,11 @@ using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
 using AyaNova.Biz;
+using System;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Serialization;
+using System.Linq;
+


 namespace AyaNova.Api.Controllers
@@ -253,9 +257,11 @@ namespace AyaNova.Api.Controllers
        /// Get Translation all values
        /// </summary>
        /// <param name="id"></param>
+        /// <param name="t">download token</param>
        /// <returns>A single Translation and it's values</returns>
+        [AllowAnonymous]
        [HttpGet("download/{id}")]
-        public async Task<IActionResult> DownloadTranslation([FromRoute] long id)
+        public async Task<IActionResult> DownloadTranslation([FromRoute] long id, [FromQuery] string t)
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -266,26 +272,67 @@ namespace AyaNova.Api.Controllers
                return BadRequest(new ApiErrorResponse(ModelState));
            }

-            //Instantiate the business object handler        
-            TranslationBiz biz = TranslationBiz.GetBiz(ct, HttpContext);

-            var o = await biz.GetAsync(id);
+            int nFailedAuthDelay = 3000;
+
+            if (string.IsNullOrWhiteSpace(t))
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var DownloadUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.DlKey == t && z.Active == true);
+            if (DownloadUser == null)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+            var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
+            if (DownloadUser.DlKeyExpire < utcNow.DateTime)
+            {
+                await Task.Delay(nFailedAuthDelay);//DOS protection
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+
+
+            var o = await ct.Translation.Include(z => z.TranslationItems).SingleOrDefaultAsync(z => z.Id == id);

            //turn into correct format and then send as file
            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }
-            var asText = Newtonsoft.Json.JsonConvert.SerializeObject(o, Newtonsoft.Json.Formatting.None);
+            var asText = Newtonsoft.Json.JsonConvert.SerializeObject(
+                o,
+                Newtonsoft.Json.Formatting.None,
+                new JsonSerializerSettings { ContractResolver = new ShouldSerializeContractResolver(new string[] { "Concurrency", "Id","TranslationId" }) });
            var bytes = System.Text.Encoding.UTF8.GetBytes(asText);
            var file = new FileContentResult(bytes, "application/octet-stream");
-            file.FileDownloadName = o.Name + ".json";
+            file.FileDownloadName = Util.FileUtil.StringToSafeFileName(o.Name) + ".json";
            return file;

        }


+        public class ShouldSerializeContractResolver : DefaultContractResolver
+        {
+            private readonly IEnumerable<string> _excludePropertyNames;

+            public ShouldSerializeContractResolver(IEnumerable<string> excludePropertyNames)
+            {
+                _excludePropertyNames = excludePropertyNames;
+            }
+
+            protected override IList<JsonProperty> CreateProperties(Type type, MemberSerialization memberSerialization)
+            {
+                IList<JsonProperty> properties = base.CreateProperties(type, memberSerialization);
+
+                // only serializer properties that start with the specified character
+                properties =
+                    properties.Where(p => !_excludePropertyNames.Any(p2 => p2 == p.PropertyName)).ToList();
+
+                return properties;
+            }
+        }



--- a/server/AyaNova/util/FileUtil.cs
+++ b/server/AyaNova/util/FileUtil.cs
@@ -644,6 +644,19 @@ namespace AyaNova.Util
            return DateTime.Now.ToString("yyyyMMddHHmmssfff");
        }

+        public static string StringToSafeFileName(string fileName)
+        {//https://stackoverflow.com/a/3678296/8939
+            if (string.IsNullOrWhiteSpace(fileName))
+                return "no_name";
+
+            char[] invalidFileNameChars = Path.GetInvalidFileNameChars();
+            // Builds a string out of valid chars and an _ for invalid ones
+            var ret = new string(fileName.Select(ch => invalidFileNameChars.Contains(ch) ? '_' : ch).ToArray());
+            if (string.IsNullOrWhiteSpace(ret))
+                return "no_name";
+
+            return ret;
+        }
        #endregion general utilities

    }//eoc