From 4475de3c0c86c4096b843d8bee8aff48b7e31896 Mon Sep 17 00:00:00 2001 From: crupest Date: Fri, 21 Aug 2020 22:49:48 +0800 Subject: ... --- Timeline/Controllers/UserAvatarController.cs | 25 +++------ Timeline/Filters/Header.cs | 69 ++++++++++++++---------- Timeline/Formatters/BytesInputFormatter.cs | 79 ++++++++++++++++++++++++++++ Timeline/Models/ByteData.cs | 33 ++++++++++++ Timeline/Startup.cs | 1 + 5 files changed, 162 insertions(+), 45 deletions(-) create mode 100644 Timeline/Formatters/BytesInputFormatter.cs create mode 100644 Timeline/Models/ByteData.cs (limited to 'Timeline') diff --git a/Timeline/Controllers/UserAvatarController.cs b/Timeline/Controllers/UserAvatarController.cs index 52e87df2..32f63fc6 100644 --- a/Timeline/Controllers/UserAvatarController.cs +++ b/Timeline/Controllers/UserAvatarController.cs @@ -3,10 +3,12 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using System; +using System.IO; using System.Threading.Tasks; using Timeline.Auth; using Timeline.Filters; using Timeline.Helpers; +using Timeline.Models; using Timeline.Models.Http; using Timeline.Models.Validation; using Timeline.Services; @@ -72,20 +74,17 @@ namespace Timeline.Controllers /// Set avatar of a user. You have to be administrator to change other's. /// /// Username of the user to set avatar of. + /// The avatar data. [HttpPut("users/{username}/avatar")] [Authorize] - [RequireContentType, RequireContentLength] [Consumes("image/png", "image/jpeg", "image/gif", "image/webp")] + [MaxContentLength(1000 * 1000 * 10)] [ProducesResponseType(typeof(void), StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status403Forbidden)] - public async Task Put([FromRoute][Username] string username) + public async Task Put([FromRoute][Username] string username, [FromBody] ByteData body) { - var contentLength = Request.ContentLength!.Value; - if (contentLength > 1000 * 1000 * 10) - return BadRequest(ErrorResponse.Common.Content.TooBig("10MB")); - if (!User.IsAdministrator() && User.Identity.Name != username) { _logger.LogInformation(Log.Format(LogPutForbid, @@ -106,20 +105,10 @@ namespace Timeline.Controllers try { - var data = new byte[contentLength]; - var bytesRead = await Request.Body.ReadAsync(data); - - if (bytesRead != contentLength) - return BadRequest(ErrorResponse.Common.Content.UnmatchedLength_Smaller()); - - var extraByte = new byte[1]; - if (await Request.Body.ReadAsync(extraByte) != 0) - return BadRequest(ErrorResponse.Common.Content.UnmatchedLength_Bigger()); - await _service.SetAvatar(id, new Avatar { - Data = data, - Type = Request.ContentType + Data = body.Data, + Type = body.ContentType }); _logger.LogInformation(Log.Format(LogPutSuccess, diff --git a/Timeline/Filters/Header.cs b/Timeline/Filters/Header.cs index 0db11faf..cc5ddd9f 100644 --- a/Timeline/Filters/Header.cs +++ b/Timeline/Filters/Header.cs @@ -4,45 +4,60 @@ using Timeline.Models.Http; namespace Timeline.Filters { - public class RequireContentTypeAttribute : ActionFilterAttribute + /// + /// Restrict max content length. + /// + public class MaxContentLengthFilter : IResourceFilter { - public override void OnActionExecuting(ActionExecutingContext context) + /// + /// + /// + /// Max length. + public MaxContentLengthFilter(long maxByteLength) { - if (context.HttpContext.Request.ContentType == null) - { - context.Result = new BadRequestObjectResult(ErrorResponse.Common.Header.ContentType_Missing()); - } + MaxByteLength = maxByteLength; } - } - - public class RequireContentLengthAttribute : ActionFilterAttribute - { - public RequireContentLengthAttribute() - : this(true) - { - } + /// + /// Max length. + /// + public long MaxByteLength { get; set; } - public RequireContentLengthAttribute(bool requireNonZero) + /// + public void OnResourceExecuted(ResourceExecutedContext context) { - RequireNonZero = requireNonZero; } - public bool RequireNonZero { get; set; } - - public override void OnActionExecuting(ActionExecutingContext context) + /// + public void OnResourceExecuting(ResourceExecutingContext context) { - if (context.HttpContext.Request.ContentLength == null) + var contentLength = context.HttpContext.Request.ContentLength; + if (contentLength != null && contentLength > MaxByteLength) { - context.Result = new BadRequestObjectResult(ErrorResponse.Common.Header.ContentLength_Missing()); - return; + context.Result = new BadRequestObjectResult(ErrorResponse.Common.Content.TooBig(MaxByteLength + "B")); } + } + } - if (RequireNonZero && context.HttpContext.Request.ContentLength.Value == 0) - { - context.Result = new BadRequestObjectResult(ErrorResponse.Common.Header.ContentLength_Zero()); - return; - } + /// + /// Restrict max content length. + /// + public class MaxContentLengthAttribute : TypeFilterAttribute + { + /// + /// + /// + /// Max length. + public MaxContentLengthAttribute(long maxByteLength) + : base(typeof(MaxContentLengthFilter)) + { + MaxByteLength = maxByteLength; + Arguments = new object[] { maxByteLength }; } + + /// + /// Max length. + /// + public long MaxByteLength { get; } } } diff --git a/Timeline/Formatters/BytesInputFormatter.cs b/Timeline/Formatters/BytesInputFormatter.cs new file mode 100644 index 00000000..ac6537c9 --- /dev/null +++ b/Timeline/Formatters/BytesInputFormatter.cs @@ -0,0 +1,79 @@ +using Microsoft.AspNetCore.Mvc.Formatters; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Logging; +using Microsoft.Net.Http.Headers; +using System; +using System.Threading.Tasks; +using Timeline.Models; + +namespace Timeline.Formatters +{ + /// + /// Formatter that reads body as bytes. + /// + public class BytesInputFormatter : InputFormatter + { + /// + /// + /// + public BytesInputFormatter() + { + SupportedMediaTypes.Add(new MediaTypeHeaderValue("image/png")); + SupportedMediaTypes.Add(new MediaTypeHeaderValue("image/jpeg")); + SupportedMediaTypes.Add(new MediaTypeHeaderValue("image/gif")); + SupportedMediaTypes.Add(new MediaTypeHeaderValue("image/webp")); + } + + /// + public override bool CanRead(InputFormatterContext context) + { + if (context == null) throw new ArgumentNullException(nameof(context)); + + if (context.ModelType == typeof(ByteData)) + return true; + + return false; + } + + /// + public override async Task ReadRequestBodyAsync(InputFormatterContext context) + { + var request = context.HttpContext.Request; + var contentLength = request.ContentLength; + + var logger = context.HttpContext.RequestServices.GetRequiredService>(); + + if (contentLength == null) + { + logger.LogInformation("Failed to read body as bytes. Content-Length is not set."); + return await InputFormatterResult.FailureAsync(); + } + + if (contentLength == 0) + { + logger.LogInformation("Failed to read body as bytes. Content-Length is 0."); + return await InputFormatterResult.FailureAsync(); + } + + var bodyStream = request.Body; + + var data = new byte[contentLength.Value]; + var bytesRead = await bodyStream.ReadAsync(data); + + if (bytesRead != contentLength) + { + logger.LogInformation("Failed to read body as bytes. Actual length of body is smaller than Content-Length."); + return await InputFormatterResult.FailureAsync(); + } + + var extraByte = new byte[1]; + if (await bodyStream.ReadAsync(extraByte) != 0) + { + logger.LogInformation("Failed to read body as bytes. Actual length of body is greater than Content-Length."); + return await InputFormatterResult.FailureAsync(); + } + + return await InputFormatterResult.SuccessAsync(new ByteData(data, request.ContentType)); + } + } +} diff --git a/Timeline/Models/ByteData.cs b/Timeline/Models/ByteData.cs new file mode 100644 index 00000000..7b832eb5 --- /dev/null +++ b/Timeline/Models/ByteData.cs @@ -0,0 +1,33 @@ +using NSwag.Annotations; + +namespace Timeline.Models +{ + /// + /// Model for reading http body as bytes. + /// + [OpenApiFile] + public class ByteData + { + /// + /// + /// The data. + /// The content type. + public ByteData(byte[] data, string contentType) + { + Data = data; + ContentType = contentType; + } + + /// + /// Data. + /// +#pragma warning disable CA1819 // Properties should not return arrays + public byte[] Data { get; } +#pragma warning restore CA1819 // Properties should not return arrays + + /// + /// Content type. + /// + public string ContentType { get; } + } +} diff --git a/Timeline/Startup.cs b/Timeline/Startup.cs index 960bbc2c..408057e5 100644 --- a/Timeline/Startup.cs +++ b/Timeline/Startup.cs @@ -49,6 +49,7 @@ namespace Timeline services.AddControllers(setup => { setup.InputFormatters.Add(new StringInputFormatter()); + setup.InputFormatters.Add(new BytesInputFormatter()); setup.UseApiRoutePrefix("api"); }) .AddJsonOptions(options => -- cgit v1.2.3