Exemplo n.º 1
0
        public async Task <File> UploadEmptyFile([FromQuery] string token, IFormFile file)
        {
            if (string.IsNullOrEmpty(token) && User == null)
            {
                throw new NotNullException("Token不該為空");
            }

            var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token);

            var fileId = Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value);

            var fileInstance = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin).SingleOrDefault(x => x.Id == fileId);

            if (fileInstance == null)
            {
                throw new NotFoundException("找不到指定檔案");
            }

            if (User != null &&
                fileInstance.UserId != this.User.Id &&
                fileInstance.Repository.UserId != this.User.Id &&
                fileInstance.Repository.AccessModifier == AccessModifierTypes.Private)
            {
                throw new AuthorizeException();
            }

            Response.Headers.Add("Access-Control-Allow-Origin",
                                 string.Join(",", fileInstance.Repository.Origin.Select(x => x.OriginURI)));

            var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value;

            if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow)
            {
                throw new AuthorizeException("Token過期");
            }

            if (tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Upload.ToString())
            {
                throw new AuthorizeException();
            }

            await Models.EF.File.Append(Database, fileInstance.Id, file.OpenReadStream());

            fileInstance.Name        = file.FileName;
            fileInstance.ContentType = file.ContentType;
            fileInstance.Size        = file.Length;

            await Database.SaveChangesAsync();

            return(fileInstance);
        }
Exemplo n.º 2
0
        public async Task <FileStreamResult> Download(
            [FromRoute] Guid fileId,
            [FromQuery] string token = null)
        {
            var file = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin)
                       .SingleOrDefault(x => x.Id == fileId);

            if (file == null)
            {
                throw new NotFoundException("找不到指定的檔案");
            }

            Response.Headers.Add("Access-Control-Allow-Origin", string.Join(",", file.Repository.Origin.Select(x => x.OriginURI)));

            if (token == null)   // 未使用存取權障
            // 非公開且未登入,必定無法存取
            {
                if (file.AccessModifier != AccessModifierTypes.Public && User == null)
                {
                    throw new AuthorizeException();
                }

                // 設定為私人,但不是儲存庫擁有者也不是檔案擁有者也不是超級使用者
                if (file.AccessModifier == AccessModifierTypes.Private &&
                    User.Id != file.Repository.UserId &&
                    User.Id != file.UserId &&
                    !User.IsSuperUser())
                {
                    throw new AuthorizeException();
                }
            }
            else     // 檢查權杖
            {
                var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token);
                if (fileId != Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value) &&
                    tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Download.ToString())
                {
                    throw new AuthorizeException();
                }

                var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value;
                if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow)
                {
                    throw new AuthorizeException("Token過期");
                }
            }

            return(File(file.GetFileStream(), file.ContentType, file.Name));
        }
 public void FromUnixTimestamp_Test()
 {
     Assert.Equal(DateTimeConvert.FromUnixTimestamp(0), new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc));
 }