From 6c226fcc5e672511befad28d34b8eb7e7cfa6172 Mon Sep 17 00:00:00 2001 From: Ognjen Cirkovic Date: Mon, 14 Mar 2022 20:40:23 +0100 Subject: Omoguceno da se username cita iz jwtTokena kada uplodamo fajl.Vise nije potrebno slati username u formi. --- .../api/api/Controllers/FileUploadController.cs | 54 ++++++++++++++++++++-- 1 file changed, 50 insertions(+), 4 deletions(-) (limited to 'backend/api') diff --git a/backend/api/api/Controllers/FileUploadController.cs b/backend/api/api/Controllers/FileUploadController.cs index 46e7f4f9..2614ec1e 100644 --- a/backend/api/api/Controllers/FileUploadController.cs +++ b/backend/api/api/Controllers/FileUploadController.cs @@ -1,6 +1,11 @@ -using Microsoft.AspNetCore.Authorization; +using System.IdentityModel.Tokens.Jwt; +using System.Net.Http.Headers; +using System.Text; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; +using Microsoft.IdentityModel.Tokens; +using Microsoft.Net.Http.Headers; namespace api.Controllers { [Route("api/[controller]")] @@ -8,12 +13,51 @@ namespace api.Controllers public class FileUploadController : ControllerBase { private string[] permittedExtensions = { ".csv" }; + private readonly IConfiguration _configuration; + public FileUploadController(IConfiguration configuration) + { + _configuration = configuration; + + } [HttpPost("Csv")] [Authorize(Roles = "User")] - public async Task> CsvUpload([FromForm]IFormFile file,[FromForm]string username)//???Umesto username poslati jwt odakle se moze preuzeti username radi sigurnosti + public async Task> CsvUpload([FromForm]IFormFile file) { + + //get username from jwtToken + string username; + var header = Request.Headers[HeaderNames.Authorization]; + if (AuthenticationHeaderValue.TryParse(header, out var headerValue)) + { + + var scheme = headerValue.Scheme; + var parameter = headerValue.Parameter; + var tokenHandler = new JwtSecurityTokenHandler(); + var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:JwtToken").Value); + try + { + tokenHandler.ValidateToken(parameter, new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(key), + ValidateIssuer = false, + ValidateAudience = false, + }, out SecurityToken validatedToken); + + var jwtToken = (JwtSecurityToken)validatedToken; + username = jwtToken.Claims.First(x => x.Type == "name").Value; + } + catch (Exception ex) + { + return BadRequest(); + } + }else + return BadRequest(); + + + //Check filetype var filename=file.FileName; var ext=Path.GetExtension(filename).ToLowerInvariant(); var name = Path.GetFileNameWithoutExtension(filename).ToLowerInvariant(); @@ -21,11 +65,12 @@ namespace api.Controllers return BadRequest("Wrong file type"); } var folderPath=Path.Combine(Directory.GetCurrentDirectory(),"UploadedFiles",username); + //Check Directory if (!Directory.Exists(folderPath)) { Directory.CreateDirectory(folderPath); } - + //Index file if same filename var fullPath = Path.Combine(folderPath, filename); int i=0; @@ -35,7 +80,7 @@ namespace api.Controllers } - + //Write file using (var stream=new FileStream(fullPath, FileMode.Create)) { await file.CopyToAsync(stream); @@ -45,3 +90,4 @@ namespace api.Controllers } } } + -- cgit v1.2.3 From d7e7597f703e5914abebe5e35fa7dfa074821cb6 Mon Sep 17 00:00:00 2001 From: Ognjen Cirkovic Date: Mon, 14 Mar 2022 20:47:46 +0100 Subject: Dodata metoda TokenToUsername u klasi JwtToken. --- .../api/api/Controllers/FileUploadController.cs | 31 +++++----------------- backend/api/api/Models/JwtToken.cs | 26 ++++++++++++++++++ 2 files changed, 33 insertions(+), 24 deletions(-) (limited to 'backend/api') diff --git a/backend/api/api/Controllers/FileUploadController.cs b/backend/api/api/Controllers/FileUploadController.cs index 2614ec1e..07ab4821 100644 --- a/backend/api/api/Controllers/FileUploadController.cs +++ b/backend/api/api/Controllers/FileUploadController.cs @@ -1,10 +1,7 @@ -using System.IdentityModel.Tokens.Jwt; -using System.Net.Http.Headers; -using System.Text; +using System.Net.Http.Headers; +using api.Models; using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; -using Microsoft.IdentityModel.Tokens; using Microsoft.Net.Http.Headers; namespace api.Controllers { @@ -14,9 +11,11 @@ namespace api.Controllers { private string[] permittedExtensions = { ".csv" }; private readonly IConfiguration _configuration; + private JwtToken _token; public FileUploadController(IConfiguration configuration) { _configuration = configuration; + _token = new JwtToken(configuration); } @@ -34,25 +33,9 @@ namespace api.Controllers var scheme = headerValue.Scheme; var parameter = headerValue.Parameter; - var tokenHandler = new JwtSecurityTokenHandler(); - var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:JwtToken").Value); - try - { - tokenHandler.ValidateToken(parameter, new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKey = new SymmetricSecurityKey(key), - ValidateIssuer = false, - ValidateAudience = false, - }, out SecurityToken validatedToken); - - var jwtToken = (JwtSecurityToken)validatedToken; - username = jwtToken.Claims.First(x => x.Type == "name").Value; - } - catch (Exception ex) - { - return BadRequest(); - } + username = _token.TokenToUsername(parameter); + if (username == null) + return null; }else return BadRequest(); diff --git a/backend/api/api/Models/JwtToken.cs b/backend/api/api/Models/JwtToken.cs index 3ecbf92d..31ecca10 100644 --- a/backend/api/api/Models/JwtToken.cs +++ b/backend/api/api/Models/JwtToken.cs @@ -61,6 +61,32 @@ namespace api.Models } + public string TokenToUsername(string token) + { + if (token == null) + return null; + var tokenHandler = new JwtSecurityTokenHandler(); + var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:JwtToken").Value); + try + { + tokenHandler.ValidateToken(token, new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(key), + ValidateIssuer = false, + ValidateAudience = false, + }, out SecurityToken validatedToken); + + var jwtToken = (JwtSecurityToken)validatedToken; + return jwtToken.Claims.First(x => x.Type == "name").Value; + } + catch + { + return null; + } + + } + } -- cgit v1.2.3 From 7ff5981a464b17f84b7e0268077c5ba6ec131e21 Mon Sep 17 00:00:00 2001 From: Ognjen Cirkovic Date: Mon, 14 Mar 2022 20:52:20 +0100 Subject: Dodata povratna vrednost putanje gde je fajl sacuvan. --- backend/api/api/Controllers/FileUploadController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'backend/api') diff --git a/backend/api/api/Controllers/FileUploadController.cs b/backend/api/api/Controllers/FileUploadController.cs index 07ab4821..68ab814d 100644 --- a/backend/api/api/Controllers/FileUploadController.cs +++ b/backend/api/api/Controllers/FileUploadController.cs @@ -69,7 +69,7 @@ namespace api.Controllers await file.CopyToAsync(stream); } - return Ok(); + return Ok(fullPath); } } } -- cgit v1.2.3