public async Task <File> UploadEmptyFile([FromQuery] string token, IFormFile file)
{
if (string.IsNullOrEmpty(token) && User == null)
{
throw new NotNullException("Token不該為空");
}
var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token);
var fileId = Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value);
var fileInstance = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin).SingleOrDefault(x => x.Id == fileId);
if (fileInstance == null)
{
throw new NotFoundException("找不到指定檔案");
}
if (User != null &&
fileInstance.UserId != this.User.Id &&
fileInstance.Repository.UserId != this.User.Id &&
fileInstance.Repository.AccessModifier == AccessModifierTypes.Private)
{
throw new AuthorizeException();
}
Response.Headers.Add("Access-Control-Allow-Origin",
string.Join(",", fileInstance.Repository.Origin.Select(x => x.OriginURI)));
var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value;
if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow)
{
throw new AuthorizeException("Token過期");
}
if (tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Upload.ToString())
{
throw new AuthorizeException();
}
await Models.EF.File.Append(Database, fileInstance.Id, file.OpenReadStream());
fileInstance.Name = file.FileName;
fileInstance.ContentType = file.ContentType;
fileInstance.Size = file.Length;
await Database.SaveChangesAsync();
return(fileInstance);
}
public async Task <FileStreamResult> Download(
[FromRoute] Guid fileId,
[FromQuery] string token = null)
{
var file = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin)
.SingleOrDefault(x => x.Id == fileId);
if (file == null)
{
throw new NotFoundException("找不到指定的檔案");
}
Response.Headers.Add("Access-Control-Allow-Origin", string.Join(",", file.Repository.Origin.Select(x => x.OriginURI)));
if (token == null) // 未使用存取權障
// 非公開且未登入,必定無法存取
{
if (file.AccessModifier != AccessModifierTypes.Public && User == null)
{
throw new AuthorizeException();
}
// 設定為私人,但不是儲存庫擁有者也不是檔案擁有者也不是超級使用者
if (file.AccessModifier == AccessModifierTypes.Private &&
User.Id != file.Repository.UserId &&
User.Id != file.UserId &&
!User.IsSuperUser())
{
throw new AuthorizeException();
}
}
else // 檢查權杖
{
var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token);
if (fileId != Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value) &&
tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Download.ToString())
{
throw new AuthorizeException();
}
var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value;
if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow)
{
throw new AuthorizeException("Token過期");
}
}
return(File(file.GetFileStream(), file.ContentType, file.Name));
}
public void FromUnixTimestamp_Test()
{
Assert.Equal(DateTimeConvert.FromUnixTimestamp(0), new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc));
}
