public IActionResult DownloadAudioFile(string projectId, string wordId, string fileName)
{
// if we require authorization and authentication for audio files, the frontend cannot just use the api
// endpoint as the src
//if (!_permissionService.IsProjectAuthorized("1", HttpContext))
//{
// return Forbid();
//}
// Sanitize user input
if (!Sanitization.SanitizeId(projectId) || !Sanitization.SanitizeId(wordId) ||
!Sanitization.SanitizeFileName(fileName))
{
return(new UnsupportedMediaTypeResult());
}
var filePath = FileStorage.GenerateAudioFilePath(projectId, fileName);
var file = System.IO.File.OpenRead(filePath);
if (file is null)
{
return(BadRequest("The file does not exist."));
}
return(File(file, "application/octet-stream"));
}
public void TestInvalidFileNames(string fileName)
{
Assert.False(Sanitization.SanitizeFileName(fileName));
}
public void TestValidFileNames(string fileName)
{
Assert.That(Sanitization.SanitizeFileName(fileName));
}
