public async Task <File> UploadEmptyFile([FromQuery] string token, IFormFile file) { if (string.IsNullOrEmpty(token) && User == null) { throw new NotNullException("Token不該為空"); } var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token); var fileId = Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value); var fileInstance = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin).SingleOrDefault(x => x.Id == fileId); if (fileInstance == null) { throw new NotFoundException("找不到指定檔案"); } if (User != null && fileInstance.UserId != this.User.Id && fileInstance.Repository.UserId != this.User.Id && fileInstance.Repository.AccessModifier == AccessModifierTypes.Private) { throw new AuthorizeException(); } Response.Headers.Add("Access-Control-Allow-Origin", string.Join(",", fileInstance.Repository.Origin.Select(x => x.OriginURI))); var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value; if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow) { throw new AuthorizeException("Token過期"); } if (tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Upload.ToString()) { throw new AuthorizeException(); } await Models.EF.File.Append(Database, fileInstance.Id, file.OpenReadStream()); fileInstance.Name = file.FileName; fileInstance.ContentType = file.ContentType; fileInstance.Size = file.Length; await Database.SaveChangesAsync(); return(fileInstance); }
public async Task <FileStreamResult> Download( [FromRoute] Guid fileId, [FromQuery] string token = null) { var file = Database.File.Include(x => x.Repository).ThenInclude(x => x.Origin) .SingleOrDefault(x => x.Id == fileId); if (file == null) { throw new NotFoundException("找不到指定的檔案"); } Response.Headers.Add("Access-Control-Allow-Origin", string.Join(",", file.Repository.Origin.Select(x => x.OriginURI))); if (token == null) // 未使用存取權障 // 非公開且未登入,必定無法存取 { if (file.AccessModifier != AccessModifierTypes.Public && User == null) { throw new AuthorizeException(); } // 設定為私人,但不是儲存庫擁有者也不是檔案擁有者也不是超級使用者 if (file.AccessModifier == AccessModifierTypes.Private && User.Id != file.Repository.UserId && User.Id != file.UserId && !User.IsSuperUser()) { throw new AuthorizeException(); } } else // 檢查權杖 { var tokenInfo = EzCoreKit.AspNetCore.EzJwtBearerHelper.ValidToken(token); if (fileId != Guid.Parse(tokenInfo.Claims.SingleOrDefault(x => x.Type == "fileId")?.Value) && tokenInfo.Claims.SingleOrDefault(x => x.Type == "tokenType")?.Value != FileTokenTypes.Download.ToString()) { throw new AuthorizeException(); } var exp = tokenInfo.Claims.SingleOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value; if (DateTimeConvert.FromUnixTimestamp(long.Parse(exp)) < DateTime.UtcNow) { throw new AuthorizeException("Token過期"); } } return(File(file.GetFileStream(), file.ContentType, file.Name)); }
public void FromUnixTimestamp_Test() { Assert.Equal(DateTimeConvert.FromUnixTimestamp(0), new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)); }