AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PDF-Serialisierung erfolgt jetzt direkt auf Razor Page - Sicherheitsverbesserung

Browse Source 
Externer Fetch-Vorgang entfernt, PDF-Inhalt aus Sicherheitsgründen direkt auf der Razor Page serialisiert.
This commit is contained in:
Developer 02 2024-04-10 09:21:56 +02:00
parent 2c17d440c0
commit f5dd3cf8be
8 changed files with 59 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@ -32,7 +32,7 @@ namespace EnvelopeGenerator.Web.Controllers
}
[HttpPost("/")]
public IActionResult DebugEnvelopes([FromForm] string password)
public IActionResult DebugEnvelopes([FromForm] string? password)
{
try
{
@ -44,12 +44,6 @@ namespace EnvelopeGenerator.Web.Controllers
return View("Index");
}
if (password == null)
{
ViewData["error"] = "No password supplied!";
return View("Index");
}
if (password != passwordFromConfig)
{
ViewData["error"] = "Wrong Password!";
@ -75,15 +69,34 @@ namespace EnvelopeGenerator.Web.Controllers
{
var decodedId = envelopeReceiverId.DecodeEnvelopeReceiverId();
_logger.LogInformation($"Envelope UUID: [{decodedId.EnvelopeUuid}]");
_logger.LogInformation($"Receiver Signature: [{decodedId.ReceiverSignature}]");
var verification = await _envRcvService.VerifyAccessCode(decodedId.EnvelopeUuid, access_code);
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
if (verification.IsSuccess)
{
var envelope = await _envelopeService.ReadByUuidAsync(uuid: decodedId.EnvelopeUuid, signature: decodedId.ReceiverSignature, withAll:true);
if (envelopeOldService.ReceiverAlreadySigned(response.Envelope, response.Receiver.Id) == true)
{
return Problem(statusCode: 403);
}
var envelope = await _envelopeService.ReadByUuidAsync(uuid: decodedId.EnvelopeUuid, signature: decodedId.ReceiverSignature, withAll: true);
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
ViewData["EnvelopeKey"] = envelopeReceiverId;
ViewData["EnvelopeResponse"] = response;
ViewData["EnvelopeResponse"] = response;
if (response.Envelope.Documents.Count() > 0)
{
var document = await envelopeOldService.GetDocument(response.Envelope.Documents[0].Id, envelopeReceiverId);
byte[] bytes = await envelopeOldService.GetDocumentContents(document);
ViewData["DocumentBytes"] = bytes;
}
else
ViewData["DocumentBytes"] = null;
return View("ShowEnvelope", envelope);
}
else

4
EnvelopeGenerator.Web/Controllers/Test/TestControllerBase.cs
View File

@ -1,10 +1,6 @@
using DigitalData.Core.API;
using DigitalData.Core.Contracts.Application;
using DigitalData.Core.Contracts.Infrastructure;
using EnvelopeGenerator.Application.Contracts;
using EnvelopeGenerator.Application.DTOs;
using EnvelopeGenerator.Infrastructure.Contracts;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace EnvelopeGenerator.Web.Controllers.Test

45
EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
View File

@ -56,21 +56,34 @@
}
});
}
@{
var envelopeResponse = ViewData["EnvelopeResponse"];
var settings = new Newtonsoft.Json.JsonSerializerSettings
{
ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver()
};
var envelopeResponseJson = Newtonsoft.Json.JsonConvert.SerializeObject(envelopeResponse, settings);
}
var envelopeResponse = @Html.Raw(envelopeResponseJson);
document.addEventListener("DOMContentLoaded", async () => {
const app = new App("#app", "@ViewData["EnvelopeKey"]", envelopeResponse);
await app.init();
})
</script>
@if (ViewData["DocumentBytes"] is byte[] documentBytes)
{
var envelopeResponse = ViewData["EnvelopeResponse"];
var settings = new Newtonsoft.Json.JsonSerializerSettings
{
ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver()
};
var envelopeResponseJson = Newtonsoft.Json.JsonConvert.SerializeObject(envelopeResponse, settings);
var documentBase64String = Convert.ToBase64String(documentBytes);
<script>
var base64String = "@Html.Raw(documentBase64String)";
var byteCharacters = atob(base64String);
var byteNumbers = new Array(byteCharacters.length);
for (var i = 0; i < byteCharacters.length; i++) {
byteNumbers[i] = byteCharacters.charCodeAt(i);
}
var byteArray = new Uint8Array(byteNumbers);
var documentArrayBuffer = byteArray.buffer;
var envelopeResponse = @Html.Raw(envelopeResponseJson);
document.addEventListener("DOMContentLoaded", async () => {
const app = new App("#app", "@ViewData["EnvelopeKey"]", envelopeResponse, documentArrayBuffer);
await app.init();
})
</script>
}
<div id='app' style='background: gray; width: 100vw; height: 100vh; margin: 0 auto;'></div>

5
EnvelopeGenerator.Web/wwwroot/js/annotation.js
View File

@ -36,7 +36,6 @@
const allAnnotations = await this.getAnnotations(instance)
const pageAnnotations = allAnnotations
.map((annotation) => {
console.log(annotation.toJS())
return annotation
})
@ -108,9 +107,7 @@
const canvas = document.createElement('canvas')
const scale = 4
const fontSize = 10
console.log(receiverSignature)
canvas.width = width * scale
canvas.height = height * scale

29
EnvelopeGenerator.Web/wwwroot/js/app.js
View File

@ -10,7 +10,7 @@ const ActionType = {
}
class App {
constructor(container, envelopeKey, envelopeResponse) {
constructor(container, envelopeKey, envelopeResponse, documentBytes) {
this.container = container
this.envelopeKey = envelopeKey
@ -23,6 +23,7 @@ class App {
this.currentReceiver = null
this.signatureCount = 0
this.envelopeResponse = envelopeResponse;
this.documentBytes = documentBytes;
}
// This function will be called from the ShowEnvelope.razor page
@ -47,9 +48,11 @@ class App {
icon: 'error',
})
}
console.log(documentResponse.data)
console.log(this.documentBytes)
const arrayBuffer = documentResponse.data
const arrayBuffer = this.documentBytes
console.log(arrayBuffer)
// Load PSPDFKit
this.Instance = await this.UI.loadPSPDFKit(arrayBuffer, this.container)
this.UI.configurePSPDFKit(this.Instance, this.handleClick.bind(this))
@ -198,6 +201,7 @@ class App {
// Export annotation data and save to database
try {
const json = await this.Instance.exportInstantJSON()
console.log(json)
const postEnvelopeResult = await this.Network.postEnvelope(
this.envelopeKey,
this.currentDocument.id,
@ -236,30 +240,11 @@ class App {
.map(a => a.toJS())
.filter(a => a.isSignature)
console.log(annotations.length,"Signatures total!")
console.log(filtered.length,"Signatures signed!")
if (totalSignatures > filtered.length) {
return false
} else {
return true
}
/*this.Instance.getFormFields().then(formFields => {
formFields.forEach(formField => {
console.log(formField.name, formField.toJS());
});
// Filter form fields by type
formFields.filter(formField => (
formField instanceof PSPDFKit.FormFields.TextFormField
));
// Get the total number of form fields
const totalFormFields = formFields.size;
console.log(totalFormFields)
})*/
}
async handleReset(event) {

11
EnvelopeGenerator.Web/wwwroot/js/network.js
View File

@ -5,7 +5,6 @@
* @param {any} envelopeKey
*/
async getEnvelope(envelopeKey) {
console.log("getEnvelope")
return this.getRequest(`/api/envelope/${envelopeKey}`)
.then(this.wrapJsonResponse.bind(this))
}
@ -17,7 +16,6 @@
* @param {any} json
*/
async postEnvelope(envelopeKey, documentId, json) {
console.log("postEnvelope")
return this.postRequest(`/api/envelope/${envelopeKey}?index=${documentId}`, json)
.then(this.wrapJsonResponse.bind(this))
}
@ -28,7 +26,6 @@
* @param {any} documentId
*/
async getDocument(envelopeKey, documentId) {
console.log("getDocument", `/api/document/${envelopeKey}?index=${documentId}`)
return this.getRequest(`/api/document/${envelopeKey}?index=${documentId}`)
.then(this.wrapBinaryResponse.bind(this))
}
@ -38,7 +35,6 @@
* @param {any} envelopeKey
*/
async openDocument(envelopeKey) {
console.log("openDocument")
return this.postRequest(`/api/document/${envelopeKey}`, {})
.then(this.wrapJsonResponse.bind(this))
}
@ -66,7 +62,6 @@
*/
getCSRFToken() {
const token = document.getElementsByName('__RequestVerificationToken')[0].value
console.log(token)
return { 'X-XSRF-TOKEN': token }
}
@ -143,10 +138,6 @@
async wrapResponse(response, responseHandler) {
let wrappedResponse
console.log("Handling response from", response.url)
console.log("Status", response.status)
console.log(response)
if (response.status === 200) {
const data = await responseHandler(response)
wrappedResponse = new WrappedResponse(data, null)
@ -157,8 +148,6 @@
wrappedResponse = new WrappedResponse(null, null)
}
console.log("Wrapped response", wrappedResponse)
return wrappedResponse
}
}

3
EnvelopeGenerator.Web/wwwroot/js/ui.js
View File

@ -76,7 +76,6 @@
className: 'button-reset',
title: 'Zurücksetzen',
onPress() {
console.log('RESET')
callback('RESET')
},
icon: `<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="currentColor" class="bi bi-arrow-counterclockwise" viewBox="0 0 16 16">
@ -90,7 +89,6 @@
className: 'button-reject',
title: 'Ablehnen',
onPress() {
console.log('REJECT')
callback('REJECT')
},
icon: `<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="currentColor" class="bi bi-hand-thumbs-down" viewBox="0 0 16 16">
@ -103,7 +101,6 @@
className: 'button-finish',
title: 'Abschließen',
onPress() {
console.log('FINISH')
callback('FINISH')
},
},

2
EnvelopeGenerator.Web/wwwroot/lib/jquery-validation/dist/jquery.validate.js vendored
View File

@ -795,7 +795,7 @@ $.extend( $.validator, {
}
} catch ( e ) {
if ( this.settings.debug && window.console ) {
console.log( "Exception occurred when checking element " + element.id + ", check the '" + rule.method + "' method.", e );
console.error( "Exception occurred when checking element " + element.id + ", check the '" + rule.method + "' method.", e );
}
if ( e instanceof TypeError ) {
e.message += ". Exception occurred when checking element " + element.id + ", check the '" + rule.method + "' method.";