public async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "selfdiagnosis")] HttpRequest req, ILogger log)
{
var requestBody = await new StreamReader(req.Body).ReadToEndAsync();
if (req.Method.Equals("put", StringComparison.OrdinalIgnoreCase))
{
var diagnosis = JsonConvert.DeserializeObject <SelfDiagnosisSubmission>(requestBody);
// Verification may be disabled for testing
if (!settings.Value.DisableDeviceVerification)
{
var platform = AuthorizedAppConfig.ParsePlatform(diagnosis.Platform);
var authApp = storage.GetAuthorizedApp(platform);
// Verify the device payload (safetynet attestation on android, or device check token on iOS)
if (!await Verify.VerifyDevice(diagnosis, DateTimeOffset.UtcNow, platform, authApp))
{
log.LogInformation($"Device Failed {platform} Attestation/Verification, returning OK");
// The suggestion from Apple/Google is to return OK here to prevent abuse
return(new OkResult());
}
}
if (!diagnosis.Validate())
{
log.LogInformation("Invalid Submission Key data - Validate() failed");
return(new OkResult());
}
try
{
await storage.SubmitPositiveDiagnosisAsync(diagnosis);
}
catch (InvalidOperationException)
{
log.LogInformation("Maximum keys for VerificationPayload reached, skipping key submission...");
}
}
return(new OkResult());
}
