public void SendMessage(string board, string message)
{
var session = authService.GetSession();
dbContext.Messages.Add(new MessageDb
{
User = session.User,
Session = session,
Board = board,
Message = message,
Created = DateTime.UtcNow,
});
dbContext.SaveChanges();
}
public async Task <bool> UploadAvatar(IFormFile avatar)
{
var allowList = new string[] { "image/png", "image/jpg", "image/jpeg" };
var contentTypeFiltered = allowList
.Where(x => String.Equals(avatar.ContentType, x, StringComparison.InvariantCultureIgnoreCase))
.FirstOrDefault();
if (contentTypeFiltered == null)
{
throw new Exception("Content type not allowed");
}
// Fix: How do I ensure that the image isn't malicious file of any kind.
// Can a file that has the img tag be malicious?
if (avatar.Length > 512L * 1024L)
{
return(false);
}
using var mem = new MemoryStream();
await avatar.CopyToAsync(mem);
var image = mem.ToArray();
var session = sessionService.GetSession();
var data = new BinaryDb {
Data = image, ContentType = contentTypeFiltered
};
dbContext.Binary.Add(data);
session.User.Avatar = data;
dbContext.SaveChanges();
return(true);
}