diff options
Diffstat (limited to 'backend/api')
| -rw-r--r-- | backend/api/api/Controllers/FileUploadController.cs | 41 | ||||
| -rw-r--r-- | backend/api/api/Models/JwtToken.cs | 26 |
2 files changed, 61 insertions, 6 deletions
diff --git a/backend/api/api/Controllers/FileUploadController.cs b/backend/api/api/Controllers/FileUploadController.cs index 46e7f4f9..68ab814d 100644 --- a/backend/api/api/Controllers/FileUploadController.cs +++ b/backend/api/api/Controllers/FileUploadController.cs @@ -1,6 +1,8 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Http; +using System.Net.Http.Headers; +using api.Models; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; +using Microsoft.Net.Http.Headers; namespace api.Controllers { [Route("api/[controller]")] @@ -8,12 +10,37 @@ namespace api.Controllers public class FileUploadController : ControllerBase { private string[] permittedExtensions = { ".csv" }; + private readonly IConfiguration _configuration; + private JwtToken _token; + public FileUploadController(IConfiguration configuration) + { + _configuration = configuration; + _token = new JwtToken(configuration); + + } [HttpPost("Csv")] [Authorize(Roles = "User")] - public async Task<ActionResult<string>> CsvUpload([FromForm]IFormFile file,[FromForm]string username)//???Umesto username poslati jwt odakle se moze preuzeti username radi sigurnosti + public async Task<ActionResult<string>> CsvUpload([FromForm]IFormFile file) { + + //get username from jwtToken + string username; + var header = Request.Headers[HeaderNames.Authorization]; + if (AuthenticationHeaderValue.TryParse(header, out var headerValue)) + { + + var scheme = headerValue.Scheme; + var parameter = headerValue.Parameter; + username = _token.TokenToUsername(parameter); + if (username == null) + return null; + }else + return BadRequest(); + + + //Check filetype var filename=file.FileName; var ext=Path.GetExtension(filename).ToLowerInvariant(); var name = Path.GetFileNameWithoutExtension(filename).ToLowerInvariant(); @@ -21,11 +48,12 @@ namespace api.Controllers return BadRequest("Wrong file type"); } var folderPath=Path.Combine(Directory.GetCurrentDirectory(),"UploadedFiles",username); + //Check Directory if (!Directory.Exists(folderPath)) { Directory.CreateDirectory(folderPath); } - + //Index file if same filename var fullPath = Path.Combine(folderPath, filename); int i=0; @@ -35,13 +63,14 @@ namespace api.Controllers } - + //Write file using (var stream=new FileStream(fullPath, FileMode.Create)) { await file.CopyToAsync(stream); } - return Ok(); + return Ok(fullPath); } } } + diff --git a/backend/api/api/Models/JwtToken.cs b/backend/api/api/Models/JwtToken.cs index 3ecbf92d..31ecca10 100644 --- a/backend/api/api/Models/JwtToken.cs +++ b/backend/api/api/Models/JwtToken.cs @@ -61,6 +61,32 @@ namespace api.Models } + public string TokenToUsername(string token) + { + if (token == null) + return null; + var tokenHandler = new JwtSecurityTokenHandler(); + var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:JwtToken").Value); + try + { + tokenHandler.ValidateToken(token, new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(key), + ValidateIssuer = false, + ValidateAudience = false, + }, out SecurityToken validatedToken); + + var jwtToken = (JwtSecurityToken)validatedToken; + return jwtToken.Claims.First(x => x.Type == "name").Value; + } + catch + { + return null; + } + + } + } |