public IActionResult GetUsers(string mssv, string path)
        {
            if (path.Length == 0)
            {
                return(BadRequest());
            }
            var invalidTokens = new[] { ":", ".." };

            if (invalidTokens.Any(path.Contains))
            {
                return(BadRequest());
            }

            var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(path));

            if (dbContext.Users.Any(x => x.Name == mssv))
            {
                var file = Path.Combine(appConfig.SharedDocumentPath, decrypted);
                if (System.IO.File.Exists(file))
                {
                    var stream = System.IO.File.OpenRead(file);
                    return(File(stream, "application/octet-stream", Path.GetFileName(file)));
                }

                return(NotFound());
            }

            return(Forbid());
        }
        private string DecryptToken(string token)
        {
            var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(token));

            var file = JsonConvert.DeserializeObject <FileDownload>(decrypted);

            if (DateTime.Now - file.ValidFrom > TimeSpan.FromHours(1))
            {
                throw new BadRequestException("Invalid token");
            }

            return(file.FileName);
        }
예제 #3
0
 //[TypeFilter(typeof(IPFilterAttribute))]
 public IActionResult DownloadPdf(string fileName)
 {
     fileName = RC4Encrypt.Decrypt(HexaEncode.Decode(fileName));
     return(GetFile(_webHostEnvironment.WebRootPath + "\\uploads\\", fileName));
 }