PDF-Serialisierung erfolgt jetzt direkt auf Razor Page - Sicherheitsverbesserung

Externer Fetch-Vorgang entfernt, PDF-Inhalt aus Sicherheitsgründen direkt auf der Razor Page serialisiert.
2024-04-10 09:21:56 +02:00
parent 2c17d440c0
commit f5dd3cf8be
8 changed files with 59 additions and 69 deletions
--- a/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
@@ -56,21 +56,34 @@
            }
        });
    }
-
-    @{
-        var envelopeResponse = ViewData["EnvelopeResponse"];
-        var settings = new Newtonsoft.Json.JsonSerializerSettings
-            {
-                ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver()
-            };
-        var envelopeResponseJson = Newtonsoft.Json.JsonConvert.SerializeObject(envelopeResponse, settings);
-    }
-
-    var envelopeResponse = @Html.Raw(envelopeResponseJson);
-
-    document.addEventListener("DOMContentLoaded", async () => {
-        const app = new App("#app", "@ViewData["EnvelopeKey"]", envelopeResponse);
-        await app.init();
-    })
 </script>
+@if (ViewData["DocumentBytes"] is byte[] documentBytes)
+{
+    var envelopeResponse = ViewData["EnvelopeResponse"];
+    var settings = new Newtonsoft.Json.JsonSerializerSettings
+                {
+                    ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver()
+                };
+    var envelopeResponseJson = Newtonsoft.Json.JsonConvert.SerializeObject(envelopeResponse, settings);
+
+    var documentBase64String = Convert.ToBase64String(documentBytes);
+
+    <script>
+        var base64String = "@Html.Raw(documentBase64String)";
+        var byteCharacters = atob(base64String);
+        var byteNumbers = new Array(byteCharacters.length);
+        for (var i = 0; i < byteCharacters.length; i++) {
+            byteNumbers[i] = byteCharacters.charCodeAt(i);
+        }
+        var byteArray = new Uint8Array(byteNumbers);
+        var documentArrayBuffer = byteArray.buffer;
+
+        var envelopeResponse = @Html.Raw(envelopeResponseJson);
+        document.addEventListener("DOMContentLoaded", async () => {
+            const app = new App("#app", "@ViewData["EnvelopeKey"]", envelopeResponse, documentArrayBuffer);
+            await app.init();
+        })
+    </script>
+}
+
 <div id='app' style='background: gray; width: 100vw; height: 100vh; margin: 0 auto;'></div>