// ---------------
// Open
// ---------------
public async Task Open(int id)
{
// Ensure we have permission
if (!await _authorizationService.AuthorizeAsync(User, Permissions.OpenFiles))
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.Unauthorized);
return;
}
// Get file
var file = await _fileStore.GetByIdAsync(id);
// Ensure attachment exists
if (file == null)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
if (file.ContentLength <= 0)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Increment file view count
await _fileViewIncrementer
.Contextulize(HttpContext)
.IncrementAsync(file);
// Serve file
Response.Clear();
Response.ContentType = file.ContentType;
Response.Headers.Add(HeaderNames.ContentDisposition, "filename=\"" + file.Name + "\"");
Response.Headers.Add(HeaderNames.ContentLength, Convert.ToString((long)file.ContentLength));
await Response.Body.WriteAsync(file.ContentBlob, 0, (int)file.ContentLength);
}
public async Task Download(int id)
{
// Ensure we have permission
if (!await _authorizationService.AuthorizeAsync(User, Permissions.DownloadQuestionFiles))
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.Unauthorized);
return;
}
// Get file
var file = await _fileStore.GetByIdAsync(id);
// Ensure attachment exists
if (file == null)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Do we have permission to view at least one of the
// entities the file is associated with
if (!await AuthorizeAsync(file))
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.Unauthorized);
return;
}
if (file.ContentLength <= 0)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Increment file view count
await _fileViewIncrementer
.Contextulize(HttpContext)
.IncrementAsync(file);
// Expire entity files cache to ensure view count is reflected correctly
_entityFileStore.CancelTokens(null);
// Serve file
Response.Clear();
Response.ContentType = file.ContentType;
Response.Headers.Add(HeaderNames.ContentDisposition, "filename=\"" + file.Name + "\"");
Response.Headers.Add(HeaderNames.ContentLength, Convert.ToString((long)file.ContentLength));
await Response.Body.WriteAsync(file.ContentBlob, 0, (int)file.ContentLength);
}
// ---------------
// Index
// ---------------
public async Task Index(int id, string token)
{
// Ensure we have a valid id
if (id <= 0)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Ensure we have a token
if (string.IsNullOrEmpty(token))
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Ensure we have a valid base 64 token
if (!token.IsBase64String())
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Get invite
var invite = await _fileInviteStore.GetByIdAsync(id);
// Ensure invite exists
if (invite == null)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Get file
var file = await _fileStore.GetByIdAsync(invite.FileId);
// Ensure file exists
if (file == null)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
if (file.ContentLength <= 0)
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.NotFound);
return;
}
// Decode email
var email = Encoding.UTF8.GetString(Convert.FromBase64String(token));
// Ensure supplied decoded email matches the invite email
if (!email.Equals(invite.Email, StringComparison.OrdinalIgnoreCase))
{
Response.StatusCode = StatusCodes.Status302Found;
Response.Headers.Add(HeaderNames.Location, StatusCodePagePaths.Unauthorized);
}
// Increment file view count
await _fileViewIncrementer
.Contextulize(HttpContext)
.IncrementAsync(file);
// Serve file
Response.Clear();
Response.ContentType = file.ContentType;
Response.Headers.Add(HeaderNames.ContentDisposition, "filename=\"" + file.Name + "\"");
Response.Headers.Add(HeaderNames.ContentLength, Convert.ToString((long)file.ContentLength));
await Response.Body.WriteAsync(file.ContentBlob, 0, (int)file.ContentLength);
}
