// Extra public ActionResult Copy([FromBody] ApiCopyFile model) { if (string.IsNullOrEmpty(model.RelativePathToDirectory)) { model.RelativePathToDirectory = ""; } if (string.IsNullOrEmpty(model.FileName)) { // directory move if (string.IsNullOrEmpty(model.RelativePathToDirectory)) { // You cannot copy the root directory return(StatusCode(403)); } var fullOriginalPath = this.GetAbsoluteDirectoryPath(model.RelativePathToDirectory); if (!ResolvedPathIsValid(fullOriginalPath)) { // User may be attempting to view "Up" directories -- app should only let people view "Down" return(StatusCode(403)); } // Directory copy needs to go to the current "Parent" // So copying directory C to D with structure a/b/c/ would yield // a/b/c // a/b/d var fullDestinationPath = this.GetAbsoluteDirectoryPath(Path.Join(model.RelativePathToDirectory, "../", model.CopyName)); if (!ResolvedPathIsValid(fullDestinationPath)) { // User may be attempting to view "Up" directories -- app should only let people view "Down" return(StatusCode(403)); } if (!System.IO.Directory.Exists(fullOriginalPath)) { return(NotFound(new ApiError("The file you are requesting to move does not exist"))); } if (System.IO.Directory.Exists(fullDestinationPath)) { // In "real" production circumstances, I would figure out if we can just replace the file or increment its filename return(Conflict(new ApiError("There is already a file in the destination directory with that name. Delete that file and try again"))); } FileLogic.DirectoryCopy(fullOriginalPath, fullDestinationPath); } else { // file move var fullOriginalPath = this.GetAbsoluteFilePath(model.RelativePathToDirectory, model.FileName); if (!ResolvedPathIsValid(fullOriginalPath)) { // User may be attempting to view "Up" directories -- app should only let people view "Down" return(StatusCode(403)); } var fullDestinationPath = this.GetAbsoluteFilePath(model.RelativePathToDirectory, model.CopyName); if (!ResolvedPathIsValid(fullDestinationPath)) { // User may be attempting to view "Up" directories -- app should only let people view "Down" return(StatusCode(403)); } if (!System.IO.File.Exists(fullOriginalPath)) { return(NotFound(new ApiError("The file you are requesting to move does not exist"))); } if (System.IO.File.Exists(fullDestinationPath)) { // In "real" production circumstances, I would figure out if we can just replace the file or increment its filename return(Conflict(new ApiError("There is already a file in the destination directory with that name. Delete that file and try again"))); } System.IO.File.Copy(fullOriginalPath, fullDestinationPath); } return(Ok()); }