This commit is contained in:
@@ -101,7 +101,7 @@ namespace AyaNova.Api.Controllers
|
||||
[HttpGet("download/{fileName}")]
|
||||
public async Task<IActionResult> DownloadAsync([FromRoute] string fileName, [FromQuery] string t)
|
||||
{
|
||||
|
||||
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
var DownloadUser = await UserBiz.ValidateDownloadTokenAndReturnUserAsync(t, ct);
|
||||
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
await Task.Delay(AyaNova.Util.ServerBootConfig.FAILED_AUTH_DELAY);//DOS protection
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
}
|
||||
|
||||
if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
|
||||
{
|
||||
@@ -130,6 +130,29 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Delete Backup
|
||||
/// </summary>
|
||||
/// <param name="name"></param>
|
||||
/// <returns>NoContent</returns>
|
||||
[HttpDelete("{name}")]
|
||||
[Authorize]
|
||||
public ActionResult DeleteBackupFile([FromRoute] string name)
|
||||
{
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.Backup))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
FileUtil.EraseBackupFile(name);
|
||||
//never errors only no content
|
||||
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
|
||||
//DANGER: MUST ADD AUTHORIZE ATTRIBUTE TO ANY NEW ROUTES
|
||||
//[Authorize]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user