Send APIs (#979)

* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks

src/Api/Controllers/SendsController.cs

@@ -0,0 +1,162 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Bit.Core.Models.Api;
+using Bit.Core.Exceptions;
+using Bit.Core.Services;
+using Bit.Core;
+using Bit.Api.Utilities;
+using Bit.Core.Models.Table;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.Controllers
+{
+    [Route("sends")]
+    [Authorize("Application")]
+    public class SendsController : Controller
+    {
+        private readonly ISendRepository _sendRepository;
+        private readonly IUserService _userService;
+        private readonly ISendService _sendService;
+        private readonly GlobalSettings _globalSettings;
+
+        public SendsController(
+            ISendRepository sendRepository,
+            IUserService userService,
+            ISendService sendService,
+            GlobalSettings globalSettings)
+        {
+            _sendRepository = sendRepository;
+            _userService = userService;
+            _sendService = sendService;
+            _globalSettings = globalSettings;
+        }
+
+        [AllowAnonymous]
+        [HttpPost("access/{id}")]
+        public async Task<IActionResult> Access(string id, [FromBody] SendAccessRequestModel model)
+        {
+            var guid = new Guid(CoreHelpers.Base64UrlDecode(id));
+            var (send, passwordRequired, passwordInvalid) =
+                await _sendService.AccessAsync(guid, model.Password);
+            if (passwordRequired)
+            {
+                return new UnauthorizedResult();
+            }
+            if (passwordInvalid)
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("Invalid password.");
+            }
+            if (send == null)
+            {
+                throw new NotFoundException();
+            }
+
+            return new ObjectResult(new SendAccessResponseModel(send, _globalSettings));
+        }
+
+        [HttpGet("{id}")]
+        public async Task<SendResponseModel> Get(string id)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var send = await _sendRepository.GetByIdAsync(new Guid(id));
+            if (send == null || send.UserId != userId)
+            {
+                throw new NotFoundException();
+            }
+
+            return new SendResponseModel(send, _globalSettings);
+        }
+
+        [HttpGet("")]
+        public async Task<ListResponseModel<SendResponseModel>> Get()
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var sends = await _sendRepository.GetManyByUserIdAsync(userId);
+            var responses = sends.Select(s => new SendResponseModel(s, _globalSettings));
+            return new ListResponseModel<SendResponseModel>(responses);
+        }
+
+        [HttpPost("")]
+        public async Task<SendResponseModel> Post([FromBody] SendRequestModel model)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var send = model.ToSend(userId, _sendService);
+            await _sendService.SaveSendAsync(send);
+            return new SendResponseModel(send, _globalSettings);
+        }
+
+        [HttpPost("file")]
+        [RequestSizeLimit(105_906_176)]
+        [DisableFormValueModelBinding]
+        public async Task<SendResponseModel> PostFile()
+        {
+            if (!Request?.ContentType.Contains("multipart/") ?? true)
+            {
+                throw new BadRequestException("Invalid content.");
+            }
+
+            if (Request.ContentLength > 105906176) // 101 MB, give em' 1 extra MB for cushion
+            {
+                throw new BadRequestException("Max file size is 100 MB.");
+            }
+
+            Send send = null;
+            await Request.GetSendFileAsync(async (stream, fileName, model) =>
+            {
+                var userId = _userService.GetProperUserId(User).Value;
+                var (madeSend, madeData) = model.ToSend(userId, fileName, _sendService);
+                send = madeSend;
+                await _sendService.CreateSendAsync(send, madeData, stream, Request.ContentLength.GetValueOrDefault(0));
+            });
+
+            return new SendResponseModel(send, _globalSettings);
+        }
+
+        [HttpPut("{id}")]
+        public async Task<SendResponseModel> Put(string id, [FromBody] SendRequestModel model)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var send = await _sendRepository.GetByIdAsync(new Guid(id));
+            if (send == null || send.UserId != userId)
+            {
+                throw new NotFoundException();
+            }
+
+            await _sendService.SaveSendAsync(model.ToSend(send, _sendService));
+            return new SendResponseModel(send, _globalSettings);
+        }
+
+        [HttpPut("{id}/remove-password")]
+        public async Task<SendResponseModel> PutRemovePassword(string id)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var send = await _sendRepository.GetByIdAsync(new Guid(id));
+            if (send == null || send.UserId != userId)
+            {
+                throw new NotFoundException();
+            }
+
+            send.Password = null;
+            await _sendService.SaveSendAsync(send);
+            return new SendResponseModel(send, _globalSettings);
+        }
+
+        [HttpDelete("{id}")]
+        public async Task Delete(string id)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var send = await _sendRepository.GetByIdAsync(new Guid(id));
+            if (send == null || send.UserId != userId)
+            {
+                throw new NotFoundException();
+            }
+
+            await _sendService.DeleteSendAsync(send);
+        }
+    }
+}

src/Api/Utilities/MultipartFormDataHelper.cs

@@ -6,6 +6,8 @@ using System;
 using System.IO;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Primitives;
+using Bit.Core.Models.Api;
+using Newtonsoft.Json;
 
 namespace Bit.Api.Utilities
 {
@@ -33,7 +35,7 @@ namespace Bit.Api.Utilities
                             await callback(firstSection.Body, fileName, null);
                         }
                     }
-                    else if (HasKeyDisposition(firstContent))
+                    else if (HasDispositionName(firstContent, "key"))
                     {
                         // New style with key, then data
                         string key = null;
@@ -64,6 +66,49 @@ namespace Bit.Api.Utilities
             }
         }
 
+        public static async Task GetSendFileAsync(this HttpRequest request, Func<Stream, string,
+            SendRequestModel, Task> callback)
+        {
+            var boundary = GetBoundary(MediaTypeHeaderValue.Parse(request.ContentType),
+                _defaultFormOptions.MultipartBoundaryLengthLimit);
+            var reader = new MultipartReader(boundary, request.Body);
+
+            var firstSection = await reader.ReadNextSectionAsync();
+            if (firstSection != null)
+            {
+                if (ContentDispositionHeaderValue.TryParse(firstSection.ContentDisposition, out _))
+                {
+                    // Request model json, then data
+                    string requestModelJson = null;
+                    using (var sr = new StreamReader(firstSection.Body))
+                    {
+                        requestModelJson = await sr.ReadToEndAsync();
+                    }
+
+                    var secondSection = await reader.ReadNextSectionAsync();
+                    if (secondSection != null)
+                    {
+                        if (ContentDispositionHeaderValue.TryParse(secondSection.ContentDisposition,
+                            out var secondContent) && HasFileContentDisposition(secondContent))
+                        {
+                            var fileName = HeaderUtilities.RemoveQuotes(secondContent.FileName).ToString();
+                            using (secondSection.Body)
+                            {
+                                var model = JsonConvert.DeserializeObject<SendRequestModel>(requestModelJson);
+                                await callback(secondSection.Body, fileName, model);
+                            }
+                        }
+
+                        secondSection = null;
+                    }
+
+                }
+
+                firstSection = null;
+            }
+        }
+
+
         private static string GetBoundary(MediaTypeHeaderValue contentType, int lengthLimit)
         {
             var boundary = HeaderUtilities.RemoveQuotes(contentType.Boundary);
@@ -87,10 +132,10 @@ namespace Bit.Api.Utilities
                 (!StringSegment.IsNullOrEmpty(content.FileName) || !StringSegment.IsNullOrEmpty(content.FileNameStar));
         }
 
-        private static bool HasKeyDisposition(ContentDispositionHeaderValue content)
+        private static bool HasDispositionName(ContentDispositionHeaderValue content, string name)
         {
             // Content-Disposition: form-data; name="key";
-            return content != null && content.DispositionType.Equals("form-data") && content.Name == "key";
+            return content != null && content.DispositionType.Equals("form-data") && content.Name == name;
         }
     }
 }

src/Api/appsettings.json

@@ -44,6 +44,10 @@
       "connectionString": "SECRET",
       "baseUrl": "http://localhost:4000/attachments/"
     },
+    "send": {
+      "connectionString": "SECRET",
+      "baseUrl": "http://localhost:4000/sendfiles/"
+    },
     "documentDb": {
       "uri": "SECRET",
       "key": "SECRET"