public async Task <string> Post(string token) { if (string.IsNullOrWhiteSpace(token)) { return(ReturnMessage.ErrorMessage("token not supplied")); } if (Request.HasFormContentType) { if (_appSettings.Value.AdminKey.Equals(token) || TokenManager.HasToken(token)) { try { List <string> fileUrls = new List <string>(); foreach (var file in Request.Form.Files) { string fileExtension = file.FileName.Split('.').Last(); if (_appSettings.Value.ExtensionBlacklist.Contains(fileExtension)) { return(ReturnMessage.ErrorMessage($"upload rejected because of blacklisted file extension on {file.FileName}")); } string fileName = await FileManager.WriteFile(fileExtension, file, _appSettings.Value.PhysicalUploadPath); fileUrls.Add($"{_appSettings.Value.HostUrl}{_appSettings.Value.FileRequestPath}/{fileName}"); } return(ReturnMessage.OkFileUploaded("file uploaded", fileUrls.ToArray())); } catch (Exception e) { return(ReturnMessage.ErrorMessage(e.Message)); } } else { return(ReturnMessage.ErrorMessage("unauthorised: invalid token")); } } return(ReturnMessage.ErrorMessage("no files or incorrect http post format encountered")); }