public IActionResult GetUsers(string mssv, string path)
{
if (path.Length == 0)
{
return(BadRequest());
}
var invalidTokens = new[] { ":", ".." };
if (invalidTokens.Any(path.Contains))
{
return(BadRequest());
}
var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(path));
if (dbContext.Users.Any(x => x.Name == mssv))
{
var file = Path.Combine(appConfig.SharedDocumentPath, decrypted);
if (System.IO.File.Exists(file))
{
var stream = System.IO.File.OpenRead(file);
return(File(stream, "application/octet-stream", Path.GetFileName(file)));
}
return(NotFound());
}
return(Forbid());
}
private string CreateFileToken(string fileName)
{
var fileDownload = new FileDownload()
{
FileName = fileName,
ValidFrom = DateTime.Now
};
var token = JsonConvert.SerializeObject(fileDownload);
return(HexaEncode.Encode(RC4Encrypt.Encrypt(token)));
}
private string DecryptToken(string token)
{
var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(token));
var file = JsonConvert.DeserializeObject <FileDownload>(decrypted);
if (DateTime.Now - file.ValidFrom > TimeSpan.FromHours(1))
{
throw new BadRequestException("Invalid token");
}
return(file.FileName);
}
public string Enc(string enc)
{
return(HexaEncode.Encode(RC4Encrypt.Encrypt(enc)));
}
//[TypeFilter(typeof(IPFilterAttribute))]
public IActionResult DownloadPdf(string fileName)
{
fileName = RC4Encrypt.Decrypt(HexaEncode.Decode(fileName));
return(GetFile(_webHostEnvironment.WebRootPath + "\\uploads\\", fileName));
}