admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-02-09 18:33:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0366c0efef1a0732aae8890d5eb09aba955a96ba
server/src/Core/Services/Implementations/SendService.cs

349 lines
13 KiB
C#
Raw Normal View History

Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using System;
using System.IO;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
using System.Linq;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using System.Threading.Tasks;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
using Bit.Core.Context;
using Bit.Core.Enums;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using Bit.Core.Exceptions;
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
using Bit.Core.Models.Business;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using Bit.Core.Models.Data;
using Bit.Core.Models.Table;
using Bit.Core.Repositories;
Use sas token for attachment downloads (#1153) * Get limited life attachment download URL This change limits url download to a 1min lifetime. This requires moving to a new container to allow for non-public blob access. Clients will have to call GetAttachmentData api function to receive the download URL. For backwards compatibility, attachment URLs are still present, but will not work for attachments stored in non-public access blobs. * Make GlobalSettings interface for testing * Test LocalAttachmentStorageService equivalence * Remove comment * Add missing globalSettings using * Simplify default attachment container * Default to attachments containe for existing methods A new upload method will be made for uploading to attachments-v2. For compatibility for clients which don't use these new methods, we need to still use the old container. The new container will be used only for new uploads * Remove Default MetaData fixture. * Keep attachments container blob-level security for all instances * Close unclosed FileStream * Favor default value for noop services
2021-02-22 15:35:16 -06:00
using Bit.Core.Settings;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using Microsoft.AspNetCore.Identity;
using Newtonsoft.Json;
namespace Bit.Core.Services
{
public class SendService : ISendService
{
Attachment blob upload (#1229) * Add Cipher attachment upload endpoints * Add validation bool to attachment storage data This bool is used to determine whether or not to renew upload links * Add model to request a new attachment to be made for later upload * Add model to respond with created attachment. The two cipher properties represent the two different cipher model types that can be returned. Cipher Response from personal items and mini response from organizations * Create Azure SAS-authorized upload links for both one-shot and block uploads * Add service methods to handle delayed upload and file size validation * Add emergency access method for downloading attachments direct from Azure * Add new attachment storage methods to other services * Update service interfaces * Log event grid exceptions * Limit Send and Attachment Size to 500MB * capitalize Key property * Add key validation to Azure Event Grid endpoint * Delete blob for unexpected blob creation events * Set Event Grid key at API startup * Change renew attachment upload url request path to match Send * Shore up attachment cleanup method. As long as we have the required information, we should always delete attachments from each the Repository, the cipher in memory, and the file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
public const long MAX_FILE_SIZE = 500L * 1024L * 1024L; // 500MB
public const string MAX_FILE_SIZE_READABLE = "500 MB";
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
private readonly ISendRepository _sendRepository;
private readonly IUserRepository _userRepository;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
private readonly IPolicyRepository _policyRepository;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
private readonly IUserService _userService;
private readonly IOrganizationRepository _organizationRepository;
private readonly ISendFileStorageService _sendFileStorageService;
private readonly IPasswordHasher<User> _passwordHasher;
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
private readonly IPushNotificationService _pushService;
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
private readonly IReferenceEventService _referenceEventService;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
private readonly GlobalSettings _globalSettings;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
private readonly ICurrentContext _currentContext;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
private const long _fileSizeLeeway = 1024L * 1024L; // 1MB
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
public SendService(
ISendRepository sendRepository,
IUserRepository userRepository,
IUserService userService,
IOrganizationRepository organizationRepository,
ISendFileStorageService sendFileStorageService,
IPasswordHasher<User> passwordHasher,
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
IPushNotificationService pushService,
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
IReferenceEventService referenceEventService,
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
GlobalSettings globalSettings,
IPolicyRepository policyRepository,
ICurrentContext currentContext)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
_sendRepository = sendRepository;
_userRepository = userRepository;
_userService = userService;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
_policyRepository = policyRepository;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
_organizationRepository = organizationRepository;
_sendFileStorageService = sendFileStorageService;
_passwordHasher = passwordHasher;
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
_pushService = pushService;
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
_referenceEventService = referenceEventService;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
_globalSettings = globalSettings;
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
_currentContext = currentContext;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
public async Task SaveSendAsync(Send send)
{
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
// Make sure user can save Sends
Hide email address in Sends (#1234) * Add send HideEmail to tables and models * Respect HideEmail setting for Sends * Recreate SendView to include new HideEmail column * Enforce new Send policy * Insert default value for new HideEmail column * Delete c95d7598-71cc-4eab-8b08-aced0045198b.json * Remove unrelated files * Revert disableSendPolicy, add sendOptionsPolicy * Minor style fixes * Update SQL project with Send.HideEmail column * unit test SendOptionsPolicy.DisableHideEmail * Add SendOptionsPolicy to Portal * Make HideEmail nullable, fix migrator script * Remove NOT NULL constraint from HideEmail * Fix style * Make HideEmail nullable * minor fixes to model and error message * Move SendOptionsExemption banner Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
await ValidateUserCanSaveAsync(send.UserId, send);
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
if (send.Id == default(Guid))
{
await _sendRepository.CreateAsync(send);
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
await _pushService.PushSyncSendCreateAsync(send);
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
await RaiseReferenceEventAsync(send, ReferenceEventType.SendCreated);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
else
{
send.RevisionDate = DateTime.UtcNow;
await _sendRepository.UpsertAsync(send);
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
await _pushService.PushSyncSendUpdateAsync(send);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
public async Task<string> SaveFileSendAsync(Send send, SendFileData data, long fileLength)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
if (send.Type != SendType.File)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
throw new BadRequestException("Send is not of type \"file\".");
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
if (fileLength < 1)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
throw new BadRequestException("No file data.");
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
var storageBytesRemaining = await StorageRemainingForSendAsync(send);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
if (storageBytesRemaining < fileLength)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
throw new BadRequestException("Not enough storage available.");
}
var fileId = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
try
{
data.Id = fileId;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
data.Size = fileLength;
data.Validated = false;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
send.Data = JsonConvert.SerializeObject(data,
new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
await SaveSendAsync(send);
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
return await _sendFileStorageService.GetSendFileUploadUrlAsync(send, fileId);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
catch
{
// Clean up since this is not transactional
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
await _sendFileStorageService.DeleteFileAsync(send, fileId);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
throw;
}
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
public async Task UploadFileToExistingSendAsync(Stream stream, Send send)
{
if (send?.Data == null)
{
throw new BadRequestException("Send does not have file data");
}
if (send.Type != SendType.File)
{
throw new BadRequestException("Not a File Type Send.");
}
var data = JsonConvert.DeserializeObject<SendFileData>(send.Data);
await _sendFileStorageService.UploadNewFileAsync(stream, send, data.Id);
if (!await ValidateSendFile(send))
{
throw new BadRequestException("File received does not match expected file length.");
}
}
public async Task<bool> ValidateSendFile(Send send)
{
var fileData = JsonConvert.DeserializeObject<SendFileData>(send.Data);
var (valid, realSize) = await _sendFileStorageService.ValidateFileAsync(send, fileData.Id, fileData.Size, _fileSizeLeeway);
Attachment blob upload (#1229) * Add Cipher attachment upload endpoints * Add validation bool to attachment storage data This bool is used to determine whether or not to renew upload links * Add model to request a new attachment to be made for later upload * Add model to respond with created attachment. The two cipher properties represent the two different cipher model types that can be returned. Cipher Response from personal items and mini response from organizations * Create Azure SAS-authorized upload links for both one-shot and block uploads * Add service methods to handle delayed upload and file size validation * Add emergency access method for downloading attachments direct from Azure * Add new attachment storage methods to other services * Update service interfaces * Log event grid exceptions * Limit Send and Attachment Size to 500MB * capitalize Key property * Add key validation to Azure Event Grid endpoint * Delete blob for unexpected blob creation events * Set Event Grid key at API startup * Change renew attachment upload url request path to match Send * Shore up attachment cleanup method. As long as we have the required information, we should always delete attachments from each the Repository, the cipher in memory, and the file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
if (!valid || realSize > MAX_FILE_SIZE)
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
{
// File reported differs in size from that promised. Must be a rogue client. Delete Send
await DeleteSendAsync(send);
Attachment blob upload (#1229) * Add Cipher attachment upload endpoints * Add validation bool to attachment storage data This bool is used to determine whether or not to renew upload links * Add model to request a new attachment to be made for later upload * Add model to respond with created attachment. The two cipher properties represent the two different cipher model types that can be returned. Cipher Response from personal items and mini response from organizations * Create Azure SAS-authorized upload links for both one-shot and block uploads * Add service methods to handle delayed upload and file size validation * Add emergency access method for downloading attachments direct from Azure * Add new attachment storage methods to other services * Update service interfaces * Log event grid exceptions * Limit Send and Attachment Size to 500MB * capitalize Key property * Add key validation to Azure Event Grid endpoint * Delete blob for unexpected blob creation events * Set Event Grid key at API startup * Change renew attachment upload url request path to match Send * Shore up attachment cleanup method. As long as we have the required information, we should always delete attachments from each the Repository, the cipher in memory, and the file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
return false;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
}
// Update Send data if necessary
if (realSize != fileData.Size)
{
fileData.Size = realSize.Value;
}
fileData.Validated = true;
send.Data = JsonConvert.SerializeObject(fileData,
new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
await SaveSendAsync(send);
return valid;
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
public async Task DeleteSendAsync(Send send)
{
await _sendRepository.DeleteAsync(send);
if (send.Type == Enums.SendType.File)
{
var data = JsonConvert.DeserializeObject<SendFileData>(send.Data);
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
await _sendFileStorageService.DeleteFileAsync(send, data.Id);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
enabled send and added send sync notifications (#1106)
2021-01-22 16:16:40 -05:00
await _pushService.PushSyncSendDeleteAsync(send);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
public (bool grant, bool passwordRequiredError, bool passwordInvalidError) SendCanBeAccessed(Send send,
string password)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
var now = DateTime.UtcNow;
if (send == null || send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < now || send.Disabled ||
send.DeletionDate < now)
{
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
return (false, false, false);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
if (!string.IsNullOrWhiteSpace(send.Password))
{
if (string.IsNullOrWhiteSpace(password))
{
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
return (false, true, false);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
var passwordResult = _passwordHasher.VerifyHashedPassword(new User(), send.Password, password);
if (passwordResult == PasswordVerificationResult.SuccessRehashNeeded)
{
send.Password = HashPassword(password);
}
if (passwordResult == PasswordVerificationResult.Failed)
{
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
return (false, false, true);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
}
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
return (true, false, false);
}
// Response: Send, password required, password invalid
public async Task<(string, bool, bool)> GetSendFileDownloadUrlAsync(Send send, string fileId, string password)
{
if (send.Type != SendType.File)
{
throw new BadRequestException("Can only get a download URL for a file type of Send");
}
var (grantAccess, passwordRequired, passwordInvalid) = SendCanBeAccessed(send, password);
if (!grantAccess)
{
return (null, passwordRequired, passwordInvalid);
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
send.AccessCount++;
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
await _sendRepository.ReplaceAsync(send);
Push syncs on Send Access (#1190) * Push syncs on Send Access * Revert "Push syncs on Send Access" This reverts commit 6a3eb7af4f1d4233b6e8854c863b2e263d7dea54. * Push update of Send directly since we can't use SaveSendAsync method
2021-03-05 18:36:20 -06:00
await _pushService.PushSyncSendUpdateAsync(send);
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
return (await _sendFileStorageService.GetSendFileDownloadUrlAsync(send, fileId), false, false);
}
// Response: Send, password required, password invalid
public async Task<(Send, bool, bool)> AccessAsync(Guid sendId, string password)
{
var send = await _sendRepository.GetByIdAsync(sendId);
var (grantAccess, passwordRequired, passwordInvalid) = SendCanBeAccessed(send, password);
if (!grantAccess)
{
return (null, passwordRequired, passwordInvalid);
}
// TODO: maybe move this to a simple ++ sproc?
if (send.Type != SendType.File)
{
// File sends are incremented during file download
send.AccessCount++;
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
await _sendRepository.ReplaceAsync(send);
Push syncs on Send Access (#1190) * Push syncs on Send Access * Revert "Push syncs on Send Access" This reverts commit 6a3eb7af4f1d4233b6e8854c863b2e263d7dea54. * Push update of Send directly since we can't use SaveSendAsync method
2021-03-05 18:36:20 -06:00
await _pushService.PushSyncSendUpdateAsync(send);
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
await RaiseReferenceEventAsync(send, ReferenceEventType.SendAccessed);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
return (send, false, false);
}
Reference events for Send (#1165)
2021-02-25 13:40:26 -05:00
private async Task RaiseReferenceEventAsync(Send send, ReferenceEventType eventType)
{
await _referenceEventService.RaiseEventAsync(new ReferenceEvent
{
Id = send.UserId ?? default,
Type = eventType,
Source = ReferenceEventSource.User,
SendType = send.Type,
MaxAccessCount = send.MaxAccessCount,
HasPassword = !string.IsNullOrWhiteSpace(send.Password),
});
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
public string HashPassword(string password)
{
return _passwordHasher.HashPassword(new User(), password);
}
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
Hide email address in Sends (#1234) * Add send HideEmail to tables and models * Respect HideEmail setting for Sends * Recreate SendView to include new HideEmail column * Enforce new Send policy * Insert default value for new HideEmail column * Delete c95d7598-71cc-4eab-8b08-aced0045198b.json * Remove unrelated files * Revert disableSendPolicy, add sendOptionsPolicy * Minor style fixes * Update SQL project with Send.HideEmail column * unit test SendOptionsPolicy.DisableHideEmail * Add SendOptionsPolicy to Portal * Make HideEmail nullable, fix migrator script * Remove NOT NULL constraint from HideEmail * Fix style * Make HideEmail nullable * minor fixes to model and error message * Move SendOptionsExemption banner Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
private async Task ValidateUserCanSaveAsync(Guid? userId, Send send)
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
{
if (!userId.HasValue || (!_currentContext.Organizations?.Any() ?? true))
{
return;
}
var policies = await _policyRepository.GetManyByUserIdAsync(userId.Value);
if (policies == null)
{
return;
}
foreach (var policy in policies.Where(p => p.Enabled && p.Type == PolicyType.DisableSend))
{
if (!_currentContext.ManagePolicies(policy.OrganizationId))
{
throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
}
}
Hide email address in Sends (#1234) * Add send HideEmail to tables and models * Respect HideEmail setting for Sends * Recreate SendView to include new HideEmail column * Enforce new Send policy * Insert default value for new HideEmail column * Delete c95d7598-71cc-4eab-8b08-aced0045198b.json * Remove unrelated files * Revert disableSendPolicy, add sendOptionsPolicy * Minor style fixes * Update SQL project with Send.HideEmail column * unit test SendOptionsPolicy.DisableHideEmail * Add SendOptionsPolicy to Portal * Make HideEmail nullable, fix migrator script * Remove NOT NULL constraint from HideEmail * Fix style * Make HideEmail nullable * minor fixes to model and error message * Move SendOptionsExemption banner Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
if (send.HideEmail.GetValueOrDefault())
{
foreach (var policy in policies.Where(p => p.Enabled && p.Type == PolicyType.SendOptions && !_currentContext.ManagePolicies(p.OrganizationId)))
{
SendOptionsPolicyData data = null;
if (policy.Data != null)
{
data = JsonConvert.DeserializeObject<SendOptionsPolicyData>(policy.Data);
}
if (data?.DisableHideEmail ?? false)
{
throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to hide your email address from recipients when creating or editing a Send.");
}
}
}
Add disable send policy (#1130) * Add Disable Send policy * Test DisableSend policy * PR Review * Update tests for using CurrentContext This required making an interface for CurrentContext and mocking out the members used. The interface can be expanded as needed for tests. I moved CurrentContext to a folder, which changes the namespace and causes a lot of file touches, but most are just adding a reference * Fix failing test * Update exemption to include all exempt users * Move all CurrentContext usages to ICurrentContext * PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
private async Task<long> StorageRemainingForSendAsync(Send send)
{
var storageBytesRemaining = 0L;
if (send.UserId.HasValue)
{
var user = await _userRepository.GetByIdAsync(send.UserId.Value);
if (!await _userService.CanAccessPremium(user))
{
throw new BadRequestException("You must have premium status to use file sends.");
}
if (user.Premium)
{
storageBytesRemaining = user.StorageBytesRemaining();
}
else
{
// Users that get access to file storage/premium from their organization get the default
// 1 GB max storage.
storageBytesRemaining = user.StorageBytesRemaining(
_globalSettings.SelfHosted ? (short)10240 : (short)1);
}
}
else if (send.OrganizationId.HasValue)
{
var org = await _organizationRepository.GetByIdAsync(send.OrganizationId.Value);
if (!org.MaxStorageGb.HasValue)
{
throw new BadRequestException("This organization cannot use file sends.");
}
storageBytesRemaining = org.StorageBytesRemaining();
}
return storageBytesRemaining;
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
}
Reference in New Issue Copy Permalink