admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 22:23:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb34de74cbd0053b7f1454611fbd5e54d04a63d2
server/src/Core/Services/Implementations/AzureSendFileStorageService.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

137 lines
4.8 KiB
C#
Raw Normal View History

Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using System;
using System.IO;
using System.Threading.Tasks;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
using Bit.Core.Enums;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using Bit.Core.Models.Table;
Use sas token for attachment downloads (#1153) * Get limited life attachment download URL This change limits url download to a 1min lifetime. This requires moving to a new container to allow for non-public blob access. Clients will have to call GetAttachmentData api function to receive the download URL. For backwards compatibility, attachment URLs are still present, but will not work for attachments stored in non-public access blobs. * Make GlobalSettings interface for testing * Test LocalAttachmentStorageService equivalence * Remove comment * Add missing globalSettings using * Simplify default attachment container * Default to attachments containe for existing methods A new upload method will be made for uploading to attachments-v2. For compatibility for clients which don't use these new methods, we need to still use the old container. The new container will be used only for new uploads * Remove Default MetaData fixture. * Keep attachments container blob-level security for all instances * Close unclosed FileStream * Favor default value for noop services
2021-02-22 15:35:16 -06:00
using Bit.Core.Settings;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
using Microsoft.Azure.Storage;
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
using Microsoft.Azure.Storage.Blob;
namespace Bit.Core.Services
{
public class AzureSendFileStorageService : ISendFileStorageService
{
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
public const string FilesContainerName = "sendfiles";
Use sas token for send downloads (#1157) * Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2021-02-24 13:03:16 -06:00
private static readonly TimeSpan _downloadLinkLiveTime = TimeSpan.FromMinutes(1);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
private readonly CloudBlobClient _blobClient;
private CloudBlobContainer _sendFilesContainer;
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
public FileUploadType FileUploadType => FileUploadType.Azure;
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
public static string SendIdFromBlobName(string blobName) => blobName.Split('/')[0];
public static string BlobName(Send send, string fileId) => $"{send.Id}/{fileId}";
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
public AzureSendFileStorageService(
GlobalSettings globalSettings)
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Send.ConnectionString);
_blobClient = storageAccount.CreateCloudBlobClient();
}
public async Task UploadNewFileAsync(Stream stream, Send send, string fileId)
{
await InitAsync();
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
if (send.UserId.HasValue)
{
blob.Metadata.Add("userId", send.UserId.Value.ToString());
}
else
{
blob.Metadata.Add("organizationId", send.OrganizationId.Value.ToString());
}
blob.Properties.ContentDisposition = $"attachment; filename=\"{fileId}\"";
await blob.UploadFromStreamAsync(stream);
}
Attachment blob upload (#1229) * Add Cipher attachment upload endpoints * Add validation bool to attachment storage data This bool is used to determine whether or not to renew upload links * Add model to request a new attachment to be made for later upload * Add model to respond with created attachment. The two cipher properties represent the two different cipher model types that can be returned. Cipher Response from personal items and mini response from organizations * Create Azure SAS-authorized upload links for both one-shot and block uploads * Add service methods to handle delayed upload and file size validation * Add emergency access method for downloading attachments direct from Azure * Add new attachment storage methods to other services * Update service interfaces * Log event grid exceptions * Limit Send and Attachment Size to 500MB * capitalize Key property * Add key validation to Azure Event Grid endpoint * Delete blob for unexpected blob creation events * Set Event Grid key at API startup * Change renew attachment upload url request path to match Send * Shore up attachment cleanup method. As long as we have the required information, we should always delete attachments from each the Repository, the cipher in memory, and the file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
public async Task DeleteFileAsync(Send send, string fileId) => await DeleteBlobAsync(BlobName(send, fileId));
public async Task DeleteBlobAsync(string blobName)
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
{
await InitAsync();
Attachment blob upload (#1229) * Add Cipher attachment upload endpoints * Add validation bool to attachment storage data This bool is used to determine whether or not to renew upload links * Add model to request a new attachment to be made for later upload * Add model to respond with created attachment. The two cipher properties represent the two different cipher model types that can be returned. Cipher Response from personal items and mini response from organizations * Create Azure SAS-authorized upload links for both one-shot and block uploads * Add service methods to handle delayed upload and file size validation * Add emergency access method for downloading attachments direct from Azure * Add new attachment storage methods to other services * Update service interfaces * Log event grid exceptions * Limit Send and Attachment Size to 500MB * capitalize Key property * Add key validation to Azure Event Grid endpoint * Delete blob for unexpected blob creation events * Set Event Grid key at API startup * Change renew attachment upload url request path to match Send * Shore up attachment cleanup method. As long as we have the required information, we should always delete attachments from each the Repository, the cipher in memory, and the file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
var blob = _sendFilesContainer.GetBlockBlobReference(blobName);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
await blob.DeleteIfExistsAsync();
}
public async Task DeleteFilesForOrganizationAsync(Guid organizationId)
{
await InitAsync();
}
public async Task DeleteFilesForUserAsync(Guid userId)
{
await InitAsync();
}
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
public async Task<string> GetSendFileDownloadUrlAsync(Send send, string fileId)
Use sas token for send downloads (#1157) * Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2021-02-24 13:03:16 -06:00
{
await InitAsync();
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
Use sas token for send downloads (#1157) * Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2021-02-24 13:03:16 -06:00
var accessPolicy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.Add(_downloadLinkLiveTime),
Prepare for send direct upload (#1174) * Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2021-03-01 15:01:04 -06:00
Permissions = SharedAccessBlobPermissions.Read,
Use sas token for send downloads (#1157) * Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2021-02-24 13:03:16 -06:00
};
return blob.Uri + blob.GetSharedAccessSignature(accessPolicy);
}
Direct upload to Azure/Local (#1188) * Direct upload to azure To validate file sizes in the event of a rogue client, Azure event webhooks will be hooked up to AzureValidateFile. Sends outside of a grace size will be deleted as non-compliant. TODO: LocalSendFileStorageService direct upload method/endpoint. * Quick respond to no-body event calls These shouldn't happen, but might if some errant get requests occur * Event Grid only POSTS to webhook * Enable local storage direct file upload * Increase file size difference leeway * Upload through service * Fix LocalFileSendStorage It turns out that multipartHttpStreams do not have a length until read. this causes all long files to be "invalid". We need to write the entire stream, then validate length, just like Azure. the difference is, We can return an exception to local storage admonishing the client for lying * Update src/Api/Utilities/ApiHelpers.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Do not delete directory if it has files * Allow large uploads for self hosted instances * Fix formatting * Re-verfiy access and increment access count on download of Send File * Update src/Core/Services/Implementations/SendService.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Add back in original Send upload * Update size and mark as validated upon Send file validation * Log azure file validation errors * Lint fix Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
public async Task<string> GetSendFileUploadUrlAsync(Send send, string fileId)
{
await InitAsync();
var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
var accessPolicy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.Add(_downloadLinkLiveTime),
Permissions = SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.Write,
};
return blob.Uri + blob.GetSharedAccessSignature(accessPolicy);
}
public async Task<(bool, long?)> ValidateFileAsync(Send send, string fileId, long expectedFileSize, long leeway)
{
await InitAsync();
var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
if (!blob.Exists())
{
return (false, null);
}
blob.FetchAttributes();
if (send.UserId.HasValue)
{
blob.Metadata["userId"] = send.UserId.Value.ToString();
}
else
{
blob.Metadata["organizationId"] = send.OrganizationId.Value.ToString();
}
blob.Properties.ContentDisposition = $"attachment; filename=\"{fileId}\"";
blob.SetMetadata();
blob.SetProperties();
var length = blob.Properties.Length;
if (length < expectedFileSize - leeway || length > expectedFileSize + leeway)
{
return (false, length);
}
return (true, length);
}
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
private async Task InitAsync()
{
if (_sendFilesContainer == null)
{
_sendFilesContainer = _blobClient.GetContainerReference(FilesContainerName);
Use sas token for send downloads (#1157) * Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2021-02-24 13:03:16 -06:00
await _sendFilesContainer.CreateIfNotExistsAsync(BlobContainerPublicAccessType.Off, null, null);
Send APIs (#979) * send work * fix sql proj file * update * updates * access id * delete job * fix delete job * local send storage * update sprocs for null checks
2020-11-02 15:55:49 -05:00
}
}
}
}
Reference in New Issue Copy Permalink