public async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "selfdiagnosis")] HttpRequest req) { var requestBody = await new StreamReader(req.Body).ReadToEndAsync(); if (req.Method.Equals("put", StringComparison.OrdinalIgnoreCase)) { var diagnosis = JsonConvert.DeserializeObject <SelfDiagnosisSubmission>(requestBody); // Verification may be disabled for testing if (!settings.Value.DisableDeviceVerification) { var platform = DbAuthorizedApp.ParsePlatform(diagnosis.Platform); var authApp = storage.GetAuthorizedApp(platform); // Verify the device payload (safetynet attestation on android, or device check token on iOS) if (!await Verify.VerifyDevice(diagnosis, DateTimeOffset.UtcNow, platform, authApp)) { return(new BadRequestResult()); } } await storage.SubmitPositiveDiagnosisAsync(diagnosis); } return(new OkResult()); }
public async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "selfdiagnosis")] HttpRequest req, ILogger log) { var requestBody = await new StreamReader(req.Body).ReadToEndAsync(); if (req.Method.Equals("put", StringComparison.OrdinalIgnoreCase)) { var diagnosis = JsonConvert.DeserializeObject <SelfDiagnosisSubmission>(requestBody); // Verification may be disabled for testing if (!settings.Value.DisableDeviceVerification) { var platform = AuthorizedAppConfig.ParsePlatform(diagnosis.Platform); var authApp = storage.GetAuthorizedApp(platform); // Verify the device payload (safetynet attestation on android, or device check token on iOS) if (!await Verify.VerifyDevice(diagnosis, DateTimeOffset.UtcNow, platform, authApp)) { log.LogInformation($"Device Failed {platform} Attestation/Verification, returning OK"); // The suggestion from Apple/Google is to return OK here to prevent abuse return(new OkResult()); } } if (!diagnosis.Validate()) { log.LogInformation("Invalid Submission Key data - Validate() failed"); return(new OkResult()); } try { await storage.SubmitPositiveDiagnosisAsync(diagnosis); } catch (InvalidOperationException) { log.LogInformation("Maximum keys for VerificationPayload reached, skipping key submission..."); } } return(new OkResult()); }