1 files changed, 50 insertions, 4 deletions

diff --git a/backend/api/api/Controllers/FileUploadController.cs b/backend/api/api/Controllers/FileUploadController.cs
index 46e7f4f9..2614ec1e 100644
--- a/backend/api/api/Controllers/FileUploadController.cs
+++ b/backend/api/api/Controllers/FileUploadController.cs
@@ -1,6 +1,11 @@
-using Microsoft.AspNetCore.Authorization;
+using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http.Headers;
+using System.Text;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Net.Http.Headers;
 namespace api.Controllers
 {
     [Route("api/[controller]")]
@@ -8,12 +13,51 @@ namespace api.Controllers
     public class FileUploadController : ControllerBase
     {
         private string[] permittedExtensions = { ".csv" };
+        private readonly IConfiguration _configuration;
+        public FileUploadController(IConfiguration configuration)
+        {
+            _configuration = configuration;
+
+        }
 
 
         [HttpPost("Csv")]
         [Authorize(Roles = "User")]
-        public async Task<ActionResult<string>> CsvUpload([FromForm]IFormFile file,[FromForm]string username)//???Umesto username poslati jwt odakle se moze preuzeti username radi sigurnosti
+        public async Task<ActionResult<string>> CsvUpload([FromForm]IFormFile file)
         {
+
+            //get username from jwtToken
+            string username;
+            var header = Request.Headers[HeaderNames.Authorization];
+            if (AuthenticationHeaderValue.TryParse(header, out var headerValue))
+            {
+
+                var scheme = headerValue.Scheme;
+                var parameter = headerValue.Parameter;
+                var tokenHandler = new JwtSecurityTokenHandler();
+                var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:JwtToken").Value);
+                try
+                {
+                    tokenHandler.ValidateToken(parameter, new TokenValidationParameters
+                    {
+                        ValidateIssuerSigningKey = true,
+                        IssuerSigningKey = new SymmetricSecurityKey(key),
+                        ValidateIssuer = false,
+                        ValidateAudience = false,
+                    }, out SecurityToken validatedToken);
+
+                    var jwtToken = (JwtSecurityToken)validatedToken;
+                    username = jwtToken.Claims.First(x => x.Type == "name").Value;
+                }
+                catch (Exception ex)
+                {
+                    return BadRequest();
+                }
+            }else 
+                return BadRequest();
+            
+
+            //Check filetype
             var filename=file.FileName;
             var ext=Path.GetExtension(filename).ToLowerInvariant();
             var name = Path.GetFileNameWithoutExtension(filename).ToLowerInvariant();
@@ -21,11 +65,12 @@ namespace api.Controllers
                 return BadRequest("Wrong file type");
             }
             var folderPath=Path.Combine(Directory.GetCurrentDirectory(),"UploadedFiles",username);
+            //Check Directory
             if (!Directory.Exists(folderPath))
             {
                 Directory.CreateDirectory(folderPath);
             }
-
+            //Index file if same filename
             var fullPath = Path.Combine(folderPath, filename);
             int i=0;
 
@@ -35,7 +80,7 @@ namespace api.Controllers
             }
 
 
-            
+            //Write file
             using (var stream=new FileStream(fullPath, FileMode.Create))
             {
                 await file.CopyToAsync(stream);
@@ -45,3 +90,4 @@ namespace api.Controllers
         }
     }
 }
+