// validation public static PostValidateDTO ValidatePost(PostSubmitDTO postDTO) { PostValidateDTO validatedPost = new PostValidateDTO() { post = postDTO }; if (validatedPost.post == null) { validatedPost.invalid_reason = "No post submitted."; return(validatedPost); } if (validatedPost.post.title == null) { validatedPost.invalid_reason = "No title given."; return(validatedPost); } if (validatedPost.post.body == null && validatedPost.post.url == null) { validatedPost.invalid_reason = "No body or URL."; return(validatedPost); } if (validatedPost.post.tags?.Count > 12) { validatedPost.invalid_reason = "Too many tags (max 12)"; return(validatedPost); } // check valid URL if (!string.IsNullOrEmpty(validatedPost.post.url) && !Tools.ValidateUri(validatedPost.post.url)) { validatedPost.invalid_reason = "Invalid URL"; } // if has URL validatedPost.post.type = string.IsNullOrEmpty(validatedPost.post.url) ? "post" : "url"; validatedPost.post.body = validatedPost.post.type == "post" ? validatedPost.post.body : ""; // check for provided summary if (!string.IsNullOrEmpty(validatedPost.post.summary)) { validatedPost.post.summary = validatedPost.post.summary.Length > 140 ? validatedPost.post.summary.Substring(0, 140) : validatedPost.post.summary; } validatedPost.post.title = validatedPost.post.title.Length > 80 ? validatedPost.post.title.Substring(0, 80) : validatedPost.post.title; validatedPost.post.body = validatedPost.post.body.Length > 10000 ? validatedPost.post.body.Substring(0, 10000) : validatedPost.post.body; validatedPost.post.summary = string.IsNullOrEmpty(validatedPost.post.summary) ? Tools.GenerateSummary(validatedPost.post.body) : validatedPost.post.summary; validatedPost.post.tags = Tools.ValidateTags(validatedPost.post.tags); return(validatedPost); }
public static async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "track/{trackId}/post")] HttpRequest req, string trackId, TraceWriter log) { try { KeySecret keySecret = AuthRepository.DecodeKeyAndSecret(req.Headers["X-Track-Key"]); if (keySecret == null) { return(new UnauthorizedResult()); } // validate authKey if (!AuthRepository.ValidateSHA256(trackId + keySecret.Key, keySecret.Secret)) { return(new UnauthorizedResult()); } // get post from req body string requestBody = new StreamReader(req.Body).ReadToEnd(); PostSubmitDTO post = JsonConvert.DeserializeObject <PostSubmitDTO>(requestBody); // validate post PostValidateDTO validatedPost = PostRepository.ValidatePost(post); if (validatedPost.invalid_reason != null) { return(new BadRequestObjectResult(validatedPost.invalid_reason)); } // get track TrackAuth track = await TrackRepository.GetTrack(trackId); if (track == null || track.track_key != keySecret.Key) { return(new UnauthorizedResult()); } // check rate limit if (track.rate_limit_exceeded) { return(new ForbidResult()); } // create the post validatedPost.post.track_id = trackId; validatedPost.post.track_name = track.name; Post newPost = await PostRepository.InsertPost(validatedPost.post); // if didn't create return bad response if (newPost == null) { return(new BadRequestResult()); } // convert to post DTO return(new OkObjectResult(new PostQueryDTO() { date_created = newPost.date_created, id = newPost.RowKey, summary = newPost.summary, tags = newPost.tags.Split(',').ToList(), title = newPost.title, track_id = newPost.PartitionKey, track_name = newPost.track_name, type = newPost.type, url = newPost.url })); } catch (Exception e) { log.Info(e.Message); return(new UnauthorizedResult()); } }