413 lines
16 KiB
C#
413 lines
16 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Hosting;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Oqtane.Infrastructure;
|
|
using Oqtane.Repository;
|
|
using Oqtane.Models;
|
|
using Oqtane.Shared;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.IO;
|
|
using System.Threading;
|
|
using System.Threading.Tasks;
|
|
using Oqtane.Security;
|
|
using System.Linq;
|
|
using System.Drawing;
|
|
|
|
namespace Oqtane.Controllers
|
|
{
|
|
[Route("{site}/api/[controller]")]
|
|
public class FileController : Controller
|
|
{
|
|
private readonly IWebHostEnvironment _environment;
|
|
private readonly IFileRepository _files;
|
|
private readonly IFolderRepository _folders;
|
|
private readonly IUserPermissions _userPermissions;
|
|
private readonly ITenantResolver _tenants;
|
|
private readonly ILogManager _logger;
|
|
|
|
public FileController(IWebHostEnvironment environment, IFileRepository Files, IFolderRepository Folders, IUserPermissions UserPermissions, ITenantResolver Tenants, ILogManager logger)
|
|
{
|
|
_environment = environment;
|
|
_files = Files;
|
|
_folders = Folders;
|
|
_userPermissions = UserPermissions;
|
|
_tenants = Tenants;
|
|
_logger = logger;
|
|
}
|
|
|
|
// GET: api/<controller>?folder=x
|
|
[HttpGet]
|
|
public IEnumerable<Models.File> Get(string folder)
|
|
{
|
|
List<Models.File> files = new List<Models.File>();
|
|
int folderid;
|
|
if (int.TryParse(folder, out folderid))
|
|
{
|
|
Folder Folder = _folders.GetFolder(folderid);
|
|
if (Folder != null && _userPermissions.IsAuthorized(User, "Browse", Folder.Permissions))
|
|
{
|
|
files = _files.GetFiles(folderid).ToList();
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (User.IsInRole(Constants.HostRole))
|
|
{
|
|
folder = GetFolderPath(folder);
|
|
if (Directory.Exists(folder))
|
|
{
|
|
foreach (string file in Directory.GetFiles(folder))
|
|
{
|
|
files.Add(new Models.File { Name = Path.GetFileName(file), Extension = Path.GetExtension(file).Replace(".","") });
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return files;
|
|
}
|
|
|
|
// GET api/<controller>/5
|
|
[HttpGet("{id}")]
|
|
public Models.File Get(int id)
|
|
{
|
|
Models.File file = _files.GetFile(id);
|
|
if (_userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
|
|
{
|
|
return file;
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
|
|
HttpContext.Response.StatusCode = 401;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// PUT api/<controller>/5
|
|
[HttpPut("{id}")]
|
|
[Authorize(Roles = Constants.RegisteredRole)]
|
|
public Models.File Put(int id, [FromBody] Models.File File)
|
|
{
|
|
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, "Edit"))
|
|
{
|
|
File = _files.UpdateFile(File);
|
|
_logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update File {File}", File);
|
|
HttpContext.Response.StatusCode = 401;
|
|
File = null;
|
|
}
|
|
return File;
|
|
}
|
|
|
|
// DELETE api/<controller>/5
|
|
[HttpDelete("{id}")]
|
|
[Authorize(Roles = Constants.RegisteredRole)]
|
|
public void Delete(int id)
|
|
{
|
|
Models.File File = _files.GetFile(id);
|
|
if (_userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, "Edit"))
|
|
{
|
|
_files.DeleteFile(id);
|
|
|
|
string filepath = Path.Combine(GetFolderPath(File.Folder) + File.Name);
|
|
if (System.IO.File.Exists(filepath))
|
|
{
|
|
System.IO.File.Delete(filepath);
|
|
}
|
|
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", File);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
|
|
HttpContext.Response.StatusCode = 401;
|
|
}
|
|
}
|
|
|
|
// GET api/<controller>/upload?url=x&folderid=y
|
|
[HttpGet("upload")]
|
|
public Models.File UploadFile(string url, string folderid)
|
|
{
|
|
Models.File file = null;
|
|
Folder folder = _folders.GetFolder(int.Parse(folderid));
|
|
if (folder != null && _userPermissions.IsAuthorized(User, "Edit", folder.Permissions))
|
|
{
|
|
string folderpath = GetFolderPath(folder);
|
|
CreateDirectory(folderpath);
|
|
string filename = url.Substring(url.LastIndexOf("/") + 1);
|
|
// check for allowable file extensions
|
|
if (Constants.UploadableFiles.Contains(Path.GetExtension(filename).Replace(".", "")))
|
|
{
|
|
try
|
|
{
|
|
var client = new System.Net.WebClient();
|
|
// remove file if it already exists
|
|
if (System.IO.File.Exists(folderpath + filename))
|
|
{
|
|
System.IO.File.Delete(folderpath + filename);
|
|
}
|
|
client.DownloadFile(url, folderpath + filename);
|
|
_files.AddFile(CreateFile(filename, folder.FolderId, folderpath + filename));
|
|
}
|
|
catch
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url {Url}", url);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url Due To Its File Extension {Url}", url);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Download File {Url} {FolderId}", url, folderid);
|
|
HttpContext.Response.StatusCode = 401;
|
|
file = null;
|
|
}
|
|
return file;
|
|
}
|
|
|
|
// POST api/<controller>/upload
|
|
[HttpPost("upload")]
|
|
public async Task UploadFile(string folder, IFormFile file)
|
|
{
|
|
if (file.Length > 0)
|
|
{
|
|
string folderpath = "";
|
|
int folderid = -1;
|
|
if (int.TryParse(folder, out folderid))
|
|
{
|
|
Folder Folder = _folders.GetFolder(folderid);
|
|
if (Folder != null && _userPermissions.IsAuthorized(User, "Edit", Folder.Permissions))
|
|
{
|
|
folderpath = GetFolderPath(Folder);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (User.IsInRole(Constants.HostRole))
|
|
{
|
|
folderpath = GetFolderPath(folder);
|
|
}
|
|
}
|
|
if (folderpath != "")
|
|
{
|
|
CreateDirectory(folderpath);
|
|
using (var stream = new FileStream(Path.Combine(folderpath, file.FileName), FileMode.Create))
|
|
{
|
|
await file.CopyToAsync(stream);
|
|
}
|
|
string upload = await MergeFile(folderpath, file.FileName);
|
|
if (upload != "" && folderid != -1)
|
|
{
|
|
_files.AddFile(CreateFile(upload, folderid, folderpath + upload));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Upload File {Folder} {File}", folder, file);
|
|
HttpContext.Response.StatusCode = 401;
|
|
}
|
|
}
|
|
}
|
|
|
|
private async Task<string> MergeFile(string folder, string filename)
|
|
{
|
|
string merged = "";
|
|
|
|
// parse the filename which is in the format of filename.ext.part_x_y
|
|
string token = ".part_";
|
|
string parts = Path.GetExtension(filename).Replace(token, ""); // returns "x_y"
|
|
int totalparts = int.Parse(parts.Substring(parts.IndexOf("_") + 1));
|
|
filename = filename.Substring(0, filename.IndexOf(token)); // base filename
|
|
string[] fileparts = Directory.GetFiles(folder, filename + token + "*"); // list of all file parts
|
|
|
|
// if all of the file parts exist ( note that file parts can arrive out of order )
|
|
if (fileparts.Length == totalparts && CanAccessFiles(fileparts))
|
|
{
|
|
// merge file parts
|
|
bool success = true;
|
|
using (var stream = new FileStream(Path.Combine(folder, filename + ".tmp"), FileMode.Create))
|
|
{
|
|
foreach (string filepart in fileparts)
|
|
{
|
|
try
|
|
{
|
|
using (FileStream chunk = new FileStream(filepart, FileMode.Open))
|
|
{
|
|
await chunk.CopyToAsync(stream);
|
|
}
|
|
}
|
|
catch
|
|
{
|
|
success = false;
|
|
}
|
|
}
|
|
}
|
|
|
|
// delete file parts and rename file
|
|
if (success)
|
|
{
|
|
foreach (string filepart in fileparts)
|
|
{
|
|
System.IO.File.Delete(filepart);
|
|
}
|
|
|
|
// check for allowable file extensions
|
|
if (!Constants.UploadableFiles.Contains(Path.GetExtension(filename).Replace(".", "")))
|
|
{
|
|
System.IO.File.Delete(Path.Combine(folder, filename + ".tmp"));
|
|
}
|
|
else
|
|
{
|
|
// remove file if it already exists
|
|
if (System.IO.File.Exists(Path.Combine(folder, filename)))
|
|
{
|
|
System.IO.File.Delete(Path.Combine(folder, filename));
|
|
}
|
|
// rename file now that the entire process is completed
|
|
System.IO.File.Move(Path.Combine(folder, filename + ".tmp"), Path.Combine(folder, filename));
|
|
_logger.Log(LogLevel.Information, this, LogFunction.Create, "File Uploaded {File}", Path.Combine(folder, filename));
|
|
}
|
|
merged = filename;
|
|
}
|
|
}
|
|
|
|
// clean up file parts which are more than 2 hours old ( which can happen if a prior file upload failed )
|
|
fileparts = Directory.GetFiles(folder, "*" + token + "*");
|
|
foreach (string filepart in fileparts)
|
|
{
|
|
DateTime createddate = System.IO.File.GetCreationTime(filepart);
|
|
if (createddate < DateTime.Now.AddHours(-2))
|
|
{
|
|
System.IO.File.Delete(filepart);
|
|
}
|
|
}
|
|
|
|
return merged;
|
|
}
|
|
|
|
private bool CanAccessFiles(string[] files)
|
|
{
|
|
// ensure files are not locked by another process ( ie. still being written to )
|
|
bool canaccess = true;
|
|
FileStream stream = null;
|
|
foreach (string file in files)
|
|
{
|
|
int attempts = 0;
|
|
bool locked = true;
|
|
while (attempts < 5 && locked == true)
|
|
{
|
|
try
|
|
{
|
|
stream = System.IO.File.Open(file, FileMode.Open, FileAccess.Read, FileShare.None);
|
|
locked = false;
|
|
}
|
|
catch // file is locked by another process
|
|
{
|
|
Thread.Sleep(1000); // wait 1 second
|
|
}
|
|
finally
|
|
{
|
|
if (stream != null)
|
|
{
|
|
stream.Close();
|
|
}
|
|
}
|
|
attempts += 1;
|
|
}
|
|
if (locked && canaccess)
|
|
{
|
|
canaccess = false;
|
|
}
|
|
}
|
|
return canaccess;
|
|
}
|
|
|
|
// GET api/<controller>/download/5
|
|
[HttpGet("download/{id}")]
|
|
public IActionResult Download(int id)
|
|
{
|
|
Models.File file = _files.GetFile(id);
|
|
if (file != null && _userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
|
|
{
|
|
string filepath = GetFolderPath(file.Folder) + file.Name;
|
|
if (System.IO.File.Exists(filepath))
|
|
{
|
|
byte[] filebytes = System.IO.File.ReadAllBytes(filepath);
|
|
return File(filebytes, "application/octet-stream", file.Name);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {File}", file);
|
|
HttpContext.Response.StatusCode = 404;
|
|
return null;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
|
|
HttpContext.Response.StatusCode = 401;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
private string GetFolderPath(Folder folder)
|
|
{
|
|
return _environment.ContentRootPath + "\\Content\\Tenants\\" + _tenants.GetTenant().TenantId.ToString() + "\\Sites\\" + folder.SiteId.ToString() + "\\" + folder.Path;
|
|
}
|
|
|
|
private string GetFolderPath(string folder)
|
|
{
|
|
return Path.Combine(_environment.WebRootPath, folder);
|
|
}
|
|
|
|
private void CreateDirectory(string folderpath)
|
|
{
|
|
if (!Directory.Exists(folderpath))
|
|
{
|
|
string path = "";
|
|
string[] folders = folderpath.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries);
|
|
foreach (string folder in folders)
|
|
{
|
|
path += folder + "\\";
|
|
if (!Directory.Exists(path))
|
|
{
|
|
Directory.CreateDirectory(path);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
private Models.File CreateFile(string filename, int folderid, string filepath)
|
|
{
|
|
Models.File file = new Models.File();
|
|
file.Name = filename;
|
|
file.FolderId = folderid;
|
|
|
|
FileInfo fileinfo = new FileInfo(filepath);
|
|
file.Extension = fileinfo.Extension.ToLower().Replace(".", "");
|
|
file.Size = (int)fileinfo.Length;
|
|
file.ImageHeight = 0;
|
|
file.ImageWidth = 0;
|
|
|
|
if (Constants.ImageFiles.Contains(file.Extension))
|
|
{
|
|
FileStream stream = new FileStream(filepath, FileMode.Open, FileAccess.Read);
|
|
using (var image = Image.FromStream(stream))
|
|
{
|
|
file.ImageHeight = image.Height;
|
|
file.ImageWidth = image.Width;
|
|
}
|
|
stream.Close();
|
|
}
|
|
|
|
return file;
|
|
}
|
|
}
|
|
} |