admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-09-06 23:47:32 +00:00
parent 2d2b13cf00
commit 898daac02c
4 changed files with 53 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/launch.json vendored
View File

@@ -53,7 +53,7 @@
"AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles",
"AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles",
"AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles",
"AYANOVA_SERVER_TEST_MODE": "true",
"AYANOVA_SERVER_TEST_MODE": "false",
"AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small",
"AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7",
"AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\"

27
server/AyaNova/Controllers/BackupController.cs
View File

@@ -101,7 +101,7 @@ namespace AyaNova.Api.Controllers
[HttpGet("download/{fileName}")]
public async Task<IActionResult> DownloadAsync([FromRoute] string fileName, [FromQuery] string t)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
var DownloadUser = await UserBiz.ValidateDownloadTokenAndReturnUserAsync(t, ct);
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
{
await Task.Delay(AyaNova.Util.ServerBootConfig.FAILED_AUTH_DELAY);//DOS protection
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
}
if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
{
@@ -130,6 +130,29 @@ namespace AyaNova.Api.Controllers
}
/// <summary>
/// Delete Backup
/// </summary>
/// <param name="name"></param>
/// <returns>NoContent</returns>
[HttpDelete("{name}")]
[Authorize]
public ActionResult DeleteBackupFile([FromRoute] string name)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.Backup))
return StatusCode(403, new ApiNotAuthorizedResponse());
FileUtil.EraseBackupFile(name);
//never errors only no content
return NoContent();
}
//DANGER: MUST ADD AUTHORIZE ATTRIBUTE TO ANY NEW ROUTES
//[Authorize]

23
server/AyaNova/Controllers/CustomerController.cs
View File

@@ -60,29 +60,6 @@ namespace AyaNova.Api.Controllers
return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
}
// /// <summary>
// /// Duplicate Customer
// /// (Wiki and Attachments are not duplicated)
// /// </summary>
// /// <param name="id">Source object id</param>
// /// <param name="apiVersion">From route path</param>
// /// <returns>Customer</returns>
// [HttpPost("duplicate/{id}")]
// public async Task<IActionResult> DuplicateCustomer([FromRoute] long id, ApiVersion apiVersion)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext);
// if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// Customer o = await biz.DuplicateAsync(id);
// if (o == null)
// return BadRequest(new ApiErrorResponse(biz.Errors));
// else
// return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
// }
/// <summary>
/// Get Customer

36
server/AyaNova/util/FileUtil.cs
View File

@@ -274,20 +274,38 @@ namespace AyaNova.Util
}
// /// <summary>
// /// DANGER: Erases all Utility files including backups etc
// /// </summary>
// internal static void EraseEntireContentsOfBackupFilesFolder()
// {
// System.IO.DirectoryInfo di = new DirectoryInfo(BackupFilesFolder);
// foreach (FileInfo file in di.EnumerateFiles())
// {
// file.Delete();
// }
// foreach (DirectoryInfo dir in di.EnumerateDirectories())
// {
// dir.Delete(true);
// }
// }
/// <summary>
/// DANGER: Erases all Utility files including backups etc
/// DANGER: Erase backup file if it exists by name
/// </summary>
internal static void EraseEntireContentsOfBackupFilesFolder()
internal static void EraseBackupFile(string name)
{
System.IO.DirectoryInfo di = new DirectoryInfo(BackupFilesFolder);
foreach (FileInfo file in di.EnumerateFiles())
name=Path.GetFileName(name);//ensure no directory shenanigans, only a file name is allowed
//remove the file completely
var DeleteFilePath = Path.Combine(BackupFilesFolder, name);
if (File.Exists(DeleteFilePath))
{
file.Delete();
}
foreach (DirectoryInfo dir in di.EnumerateDirectories())
{
dir.Delete(true);
//delete the temp file, it's already stored
File.Delete(DeleteFilePath);
}
//never return an error as that would leak info if someone is fishing for deleting files that don't exist
}