74cb595128
Implementiere eine Signaturverifizierung in den EnvelopeController.Update (api/envelope/{envelopeKey}) und DocumentController.Open (api/document/{envelopeKey}) Methoden, die beide mit dem HTTPPost-Attribut gekennzeichnet sind. Diese Prüfung stellt sicher, dass nur der authentifizierte Empfänger mit einer übereinstimmenden Signatur Zugriff auf die spezifizierten Ressourcen hat oder diese ändern kann. Dies erhöht die Sicherheit, indem unautorisierten Zugriff verhindert wird.
77 lines
2.6 KiB
C#
77 lines
2.6 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using EnvelopeGenerator.Common;
|
|
using EnvelopeGenerator.Web.Services;
|
|
using EnvelopeGenerator.Application.Contracts;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using EnvelopeGenerator.Application.Services;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers
|
|
{
|
|
[Authorize]
|
|
public class DocumentController : BaseController
|
|
{
|
|
private readonly EnvelopeOldService envelopeService;
|
|
private readonly ActionService? actionService;
|
|
private readonly IEnvelopeDocumentService _envDocService;
|
|
|
|
public DocumentController(DatabaseService database, EnvelopeOldService envelope, IEnvelopeDocumentService envDocService, ILogger<DocumentController> logger) : base(database, logger)
|
|
{
|
|
envelopeService = envelope;
|
|
actionService = database.Services?.actionService;
|
|
_envDocService = envDocService;
|
|
}
|
|
|
|
[NonAction]
|
|
[HttpGet]
|
|
[Route("api/document/{envelopeKey}")]
|
|
public async Task<IActionResult> Get([FromRoute] string envelopeKey, [FromQuery] int index)
|
|
{
|
|
try
|
|
{
|
|
// Validate Envelope Key and load envelope
|
|
envelopeService.EnsureValidEnvelopeKey(envelopeKey);
|
|
EnvelopeResponse response = await envelopeService.LoadEnvelope(envelopeKey);
|
|
|
|
// Load document info
|
|
var document = await envelopeService.GetDocument(index, envelopeKey);
|
|
|
|
// Load the document from disk
|
|
var bytes = await envelopeService.GetDocumentContents(document);
|
|
|
|
// Return the document as bytes
|
|
return File(bytes, "application/octet-stream");
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
return ErrorResponse(ex);
|
|
}
|
|
}
|
|
|
|
[HttpPost]
|
|
[Route("api/document/{envelopeKey}")]
|
|
public async Task<IActionResult> Open(string envelopeKey)
|
|
{
|
|
try
|
|
{
|
|
var authSignature = this.GetAuthenticatedReceiverSignature();
|
|
|
|
if (authSignature != envelopeKey.GetReceiverSignature())
|
|
return Forbid();
|
|
|
|
// Validate Envelope Key and load envelope
|
|
envelopeService.EnsureValidEnvelopeKey(envelopeKey);
|
|
EnvelopeResponse response = await envelopeService.LoadEnvelope(envelopeKey);
|
|
|
|
actionService?.OpenEnvelope(response.Envelope, response.Receiver);
|
|
|
|
return Ok(new object());
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
return ErrorResponse(ex);
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|