public ActionResult DownloadFile(Guid id) { var requestFile = _context.ClamUserBooks.SingleOrDefault(m => m.BookId == id); if (requestFile == null) { return(null); } return(PhysicalFile(requestFile.ItemPath, MediaTypeNames.Application.Octet, WebUtility.HtmlEncode(FilePathUrlHelper.GetFileAtEndOfPath(requestFile.ItemPath)))); }
public async Task AddAsyncInterests(ProjectImageData model, ModelStateDictionary modelState, string userName) { var user = await _userManager.FindByNameAsync(userName); var trustedFileNameForDisplay = string.Empty; var streamedFileImageContent = new byte[0]; var untrustedFileNameForStorage = string.Empty; var trustedFilePathStorage = string.Empty; var trustedFileNameForFileStorage = string.Empty; var test = string.Empty; streamedFileImageContent = await FileHelpers.ProcessFormFile <ProjectFormData>( model.File, modelState, _permittedExtentions, _fileSizeLimit); if (!modelState.IsValid) { test = "ModelState is Invalid"; } untrustedFileNameForStorage = model.File.FileName; // Don't trust the file name sent by the client. To display // the file name, HTML-encode the value. trustedFileNameForDisplay = WebUtility.HtmlEncode( model.File.FileName); // Bind form data to the model var keyPathFolder = FilePathUrlHelper.GenerateKeyPath(user.Id); var generateKeyFolder = GenerateSecurity.Encode(user.Id); // Path Location & Directory Check trustedFilePathStorage = String.Format("{0}\\{1}\\{2}\\{3}", _targetFolderPath, keyPathFolder, generateKeyFolder, Path.GetRandomFileName()); Directory.CreateDirectory(trustedFilePathStorage); using (var fileStream = new FileStream(Path.Combine(trustedFilePathStorage, untrustedFileNameForStorage), FileMode.Create, FileAccess.Write)) { await model.File.CopyToAsync(fileStream); fileStream.Close(); } ClamProjectInterestsImageDisplay result = new ClamProjectInterestsImageDisplay() { Title = Path.GetFileNameWithoutExtension(model.File.FileName), ImageLocation = Path.Combine(trustedFilePathStorage, untrustedFileNameForStorage), Status = bool.Parse(model.Status), UserId = user.Id, LastModified = DateTime.Now, DateCreated = DateTime.Now }; await _context.AddAsync(result); await _context.SaveChangesAsync(); }
public async Task <IActionResult> UploadDatabase() { if (!MultipartRequestHelper.IsMultipartContentType(Request.ContentType)) { ModelState.AddModelError("File", $"The request couldn't be processed (Error 1)."); // Log error return(BadRequest(ModelState)); } // User Profile var name = User.Identity.Name; var profile = await _userManager.FindByNameAsync(name); // Accumulate the form data key-value pairs in the request (formAccumulator). var formAccumulator = new KeyValueAccumulator(); var trustedFileNameForDisplay = string.Empty; var untrustedFileNameForStorage = string.Empty; var trustedFilePathStorage = string.Empty; var trustedFileNameForFileStorage = string.Empty; var streamedFileImageContent = new byte[0]; var streamedFilePhysicalContent = new byte[0]; // List Byte for file storage List <byte[]> filesByteStorage = new List <byte[]>(); List <string> filesNameStorage = new List <string>(); List <string> storedPaths = new List <string>(); List <string> storedPathDictionaryKeys = new List <string>(); var fileStoredData = new Dictionary <string, byte[]>(); var boundary = MultipartRequestHelper.GetBoundary( MediaTypeHeaderValue.Parse(Request.ContentType), _defaultFormOptions.MultipartBoundaryLengthLimit); var reader = new MultipartReader(boundary, HttpContext.Request.Body); var section = await reader.ReadNextSectionAsync(); while (section != null) { var hasContentDispositionHeader = ContentDispositionHeaderValue.TryParse( section.ContentDisposition, out var contentDisposition); if (hasContentDispositionHeader) { if (MultipartRequestHelper .HasFileContentDisposition(contentDisposition)) { untrustedFileNameForStorage = contentDisposition.FileName.Value; // Don't trust the file name sent by the client. To display // the file name, HTML-encode the value. trustedFileNameForDisplay = WebUtility.HtmlEncode( contentDisposition.FileName.Value); if (!Directory.Exists(_targetFilePath)) { string path = String.Format("{0}", _targetFilePath); Directory.CreateDirectory(path); } //streamedFileContent = // await FileHelpers.ProcessStreamedFile(section, contentDisposition, // ModelState, _permittedExtentions, _fileSizeLimit); streamedFilePhysicalContent = await FileHelpers.ProcessStreamedFile( section, contentDisposition, ModelState, _permittedExtentions, _fileSizeLimit); filesNameStorage.Add(trustedFileNameForDisplay); filesByteStorage.Add(streamedFilePhysicalContent); fileStoredData.Add(trustedFileNameForDisplay, streamedFilePhysicalContent); // Debug //var errors = ModelState.ErrorCount; //var errorView = ModelState.Where(x => x.Value.Errors.Count > 0) // .Select(x => new { x.Key, x.Value.Errors }).ToArray(); if (!ModelState.IsValid) { return(BadRequest(ModelState)); } } else if (MultipartRequestHelper .HasFormDataContentDisposition(contentDisposition)) { // Don't limit the key name length because the // multipart headers length limit is already in effect. var key = HeaderUtilities .RemoveQuotes(contentDisposition.Name).Value; var encoding = GetEncoding(section); if (encoding == null) { ModelState.AddModelError("File", $"The request couldn't be processed (Error 2)."); // Log error return(BadRequest(ModelState)); } using (var streamReader = new StreamReader( section.Body, encoding, detectEncodingFromByteOrderMarks: true, bufferSize: 1024, leaveOpen: true)) { // The value length limit is enforced by // MultipartBodyLengthLimit var value = await streamReader.ReadToEndAsync(); if (string.Equals(value, "undefined", StringComparison.OrdinalIgnoreCase)) { value = string.Empty; } formAccumulator.Append(key, value); if (formAccumulator.ValueCount > _defaultFormOptions.ValueCountLimit) { // Form key count limit of // _defaultFormOptions.ValueCountLimit // is exceeded. ModelState.AddModelError("File", $"The request couldn't be processed (Error 3)."); // Log error return(BadRequest(ModelState)); } } } } // Drain any remaining section body that hasn't been consumed and // read the headers for the next section. section = await reader.ReadNextSectionAsync(); } // Bind form data to the model var formData = new StreamFormDataBooks(); var formValueProvider = new FormValueProvider( BindingSource.Form, new FormCollection(formAccumulator.GetResults()), CultureInfo.CurrentCulture); var bindingSuccessful = await TryUpdateModelAsync(formData, prefix : "", valueProvider : formValueProvider); var keyPathFolder = FilePathUrlHelper.GenerateKeyPath(profile.Id); trustedFilePathStorage = String.Format("{0}\\{1}\\{2}\\{3}", _targetFolderPath, keyPathFolder, GenerateSecurity.Encode(profile.Id), Path.GetRandomFileName()); if (!bindingSuccessful) { ModelState.AddModelError("File", "The request couldn't be processed (Error 5)."); // Log error return(BadRequest(ModelState)); } // **WARNING!** // In the following example, the file is saved without // scanning the file's contents. In most production // scenarios, an anti-virus/anti-malware scanner API // is used on the file before making the file available // for download or for use by other systems. // For more information, see the topic that accompanies // this sample app. Directory.CreateDirectory(trustedFilePathStorage); foreach (var item in fileStoredData) { using (var targetStream = System.IO.File.Create( Path.Combine(trustedFilePathStorage, item.Key))) { await targetStream.WriteAsync(item.Value); _logger.LogInformation( "Uploaded file '{TrustedFileNameForDisplay}' saved to " + "'{TargetFilePath}' as {TrustedFileNameForFileStorage}", item.Key, trustedFilePathStorage, item.Key); } storedPaths.Add(Path.Combine(trustedFilePathStorage, item.Key)); storedPathDictionaryKeys.Add(item.Key); } var keyValue = storedPathDictionaryKeys[0]; var keyConvert = fileStoredData[keyValue]; var file = new ClamUserBooks() { BookTitle = formData.BookTitle, ItemPath = storedPaths[0], ImagePath = storedPaths[1], Size = keyConvert.Length, DateCreated = DateTime.Now, Status = bool.Parse(formData.Status), UserId = profile.Id }; _context.Add(file); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); }