public async Task <ActionResult> Download(string imageId, bool thumb = false) { int id; if (string.IsNullOrEmpty(imageId) || !Int32.TryParse(imageId, out id)) { return(new HttpUnauthorizedResult()); } IReadWriteRepository <ServiceData.Models.Photo> _photoRepository = new PhotoRepository(); IReadWriteRepository <ServiceData.Models.UserCondition> _condRepository = new UserConditionsRepository(); ServiceData.Models.Photo found = _photoRepository.GetById(id); if (found == null) { return(new HttpNotFoundResult()); } ServiceData.Models.UserCondition foundCond = _condRepository.GetById(found.UserCondition.Id); if (!IsSharedOrOwned(foundCond)) { return(new HttpUnauthorizedResult()); } string target = (thumb) ? found.ThumbUrl : found.Url; CloudBlobContainer container = await UploadController.GetBlobContainer(); Stream blobStream = new MemoryStream(); CloudBlob photoBlob = container.GetBlobReference(target.Replace(ConfidentialData.BlobStorageUrl, "")); KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(ServerUtils.GetToken); IKey rsa = await cloudResolver.ResolveKeyAsync(ConfidentialData.KeyLocation, CancellationToken.None); BlobEncryptionPolicy policy = new BlobEncryptionPolicy(null, cloudResolver); BlobRequestOptions options = new BlobRequestOptions() { EncryptionPolicy = policy }; await photoBlob.DownloadToStreamAsync(blobStream, null, options, null); blobStream.Position = 0; return(File(blobStream, "image/jpeg")); }
// GET: Conditions public async Task <ActionResult> Index(int id) { await LoadViewBag(); IReadWriteRepository <ServiceData.Models.UserCondition> _condRepository = new UserConditionsRepository(); ServiceData.Models.UserCondition found = _condRepository.GetById(id); if (found == null) { return(new HttpNotFoundResult()); } IReadWriteRepository <ServiceData.Models.Share> _shareRepository = new ShareRepository(); ServiceData.Models.Share sh = _shareRepository.Search(s => s.UserCondition.Id == id && s.SharedEmail == User.Identity.Name && s.ExpireDate > DateTime.UtcNow).FirstOrDefault(); if (found.Owner.Email != User.Identity.Name && sh == null) { return(new HttpUnauthorizedResult()); } // Has been shared with the user (potentially themself but meh) if (sh != null) { sh.Updated = false; _shareRepository.Update(sh); ViewData["Title"] = string.Format("{0}'s {1}", found.Owner.Name, found.Condition); } else { ViewData["Title"] = found.Condition; } Models.UserCondition cond = Models.UserCondition.ToAppModel(found, true); ViewData["Condition"] = cond; return(View(cond.Photos)); }