diff --git a/.vscode/launch.json b/.vscode/launch.json index fcc80a75..b77f3b95 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -53,7 +53,7 @@ "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles", "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles", "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles", - "AYANOVA_SERVER_TEST_MODE": "true", + "AYANOVA_SERVER_TEST_MODE": "false", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7", "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\" diff --git a/server/AyaNova/Controllers/BackupController.cs b/server/AyaNova/Controllers/BackupController.cs index b7657487..0a2fead6 100644 --- a/server/AyaNova/Controllers/BackupController.cs +++ b/server/AyaNova/Controllers/BackupController.cs @@ -101,7 +101,7 @@ namespace AyaNova.Api.Controllers [HttpGet("download/{fileName}")] public async Task DownloadAsync([FromRoute] string fileName, [FromQuery] string t) { - + if (!serverState.IsOpen) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); var DownloadUser = await UserBiz.ValidateDownloadTokenAndReturnUserAsync(t, ct); @@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers { await Task.Delay(AyaNova.Util.ServerBootConfig.FAILED_AUTH_DELAY);//DOS protection return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); - } + } if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data { @@ -130,6 +130,29 @@ namespace AyaNova.Api.Controllers } + /// + /// Delete Backup + /// + /// + /// NoContent + [HttpDelete("{name}")] + [Authorize] + public ActionResult DeleteBackupFile([FromRoute] string name) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.Backup)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + FileUtil.EraseBackupFile(name); + //never errors only no content + + return NoContent(); + } + + //DANGER: MUST ADD AUTHORIZE ATTRIBUTE TO ANY NEW ROUTES //[Authorize] diff --git a/server/AyaNova/Controllers/CustomerController.cs b/server/AyaNova/Controllers/CustomerController.cs index b47bc021..8eaaf289 100644 --- a/server/AyaNova/Controllers/CustomerController.cs +++ b/server/AyaNova/Controllers/CustomerController.cs @@ -60,29 +60,6 @@ namespace AyaNova.Api.Controllers return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); } - // /// - // /// Duplicate Customer - // /// (Wiki and Attachments are not duplicated) - // /// - // /// Source object id - // /// From route path - // /// Customer - // [HttpPost("duplicate/{id}")] - // public async Task DuplicateCustomer([FromRoute] long id, ApiVersion apiVersion) - // { - // if (!serverState.IsOpen) - // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); - // CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext); - // if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType)) - // return StatusCode(403, new ApiNotAuthorizedResponse()); - // if (!ModelState.IsValid) - // return BadRequest(new ApiErrorResponse(ModelState)); - // Customer o = await biz.DuplicateAsync(id); - // if (o == null) - // return BadRequest(new ApiErrorResponse(biz.Errors)); - // else - // return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); - // } /// /// Get Customer diff --git a/server/AyaNova/util/FileUtil.cs b/server/AyaNova/util/FileUtil.cs index e75651a9..ad29d789 100644 --- a/server/AyaNova/util/FileUtil.cs +++ b/server/AyaNova/util/FileUtil.cs @@ -274,20 +274,38 @@ namespace AyaNova.Util } + // /// + // /// DANGER: Erases all Utility files including backups etc + // /// + // internal static void EraseEntireContentsOfBackupFilesFolder() + // { + // System.IO.DirectoryInfo di = new DirectoryInfo(BackupFilesFolder); + // foreach (FileInfo file in di.EnumerateFiles()) + // { + // file.Delete(); + // } + // foreach (DirectoryInfo dir in di.EnumerateDirectories()) + // { + // dir.Delete(true); + // } + // } + + /// - /// DANGER: Erases all Utility files including backups etc + /// DANGER: Erase backup file if it exists by name /// - internal static void EraseEntireContentsOfBackupFilesFolder() + internal static void EraseBackupFile(string name) { - System.IO.DirectoryInfo di = new DirectoryInfo(BackupFilesFolder); - foreach (FileInfo file in di.EnumerateFiles()) + + name=Path.GetFileName(name);//ensure no directory shenanigans, only a file name is allowed + //remove the file completely + var DeleteFilePath = Path.Combine(BackupFilesFolder, name); + if (File.Exists(DeleteFilePath)) { - file.Delete(); - } - foreach (DirectoryInfo dir in di.EnumerateDirectories()) - { - dir.Delete(true); + //delete the temp file, it's already stored + File.Delete(DeleteFilePath); } + //never return an error as that would leak info if someone is fishing for deleting files that don't exist }