Prepare for send direct upload (#1174)

* Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2025-07-03 00:52:49 -05:00 · 2021-03-01 15:01:04 -06:00
parent 13f12aaf58
commit 8d5fc21b51
7 changed files with 119 additions and 34 deletions
--- a/src/Core/Services/Implementations/AzureSendFileStorageService.cs
+++ b/src/Core/Services/Implementations/AzureSendFileStorageService.cs
@ -10,12 +10,14 @@ namespace Bit.Core.Services
 {
    public class AzureSendFileStorageService : ISendFileStorageService
    {
-        private const string FilesContainerName = "sendfiles";
-
+        public const string FilesContainerName = "sendfiles";
        private static readonly TimeSpan _downloadLinkLiveTime = TimeSpan.FromMinutes(1);
        private readonly CloudBlobClient _blobClient;
        private CloudBlobContainer _sendFilesContainer;

+        public static string SendIdFromBlobName(string blobName) => blobName.Split('/')[0];
+        public static string BlobName(Send send, string fileId) => $"{send.Id}/{fileId}";
+
        public AzureSendFileStorageService(
            GlobalSettings globalSettings)
        {
@ -26,7 +28,7 @@ namespace Bit.Core.Services
        public async Task UploadNewFileAsync(Stream stream, Send send, string fileId)
        {
            await InitAsync();
-            var blob = _sendFilesContainer.GetBlockBlobReference(fileId);
+            var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
            if (send.UserId.HasValue)
            {
                blob.Metadata.Add("userId", send.UserId.Value.ToString());
@ -39,10 +41,10 @@ namespace Bit.Core.Services
            await blob.UploadFromStreamAsync(stream);
        }

-        public async Task DeleteFileAsync(string fileId)
+        public async Task DeleteFileAsync(Send send, string fileId)
        {
            await InitAsync();
-            var blob = _sendFilesContainer.GetBlockBlobReference(fileId);
+            var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
            await blob.DeleteIfExistsAsync();
        }

@ -56,14 +58,14 @@ namespace Bit.Core.Services
            await InitAsync();
        }

-        public async Task<string> GetSendFileDownloadUrlAsync(string fileId)
+        public async Task<string> GetSendFileDownloadUrlAsync(Send send, string fileId)
        {
            await InitAsync();
-            var blob = _sendFilesContainer.GetBlockBlobReference(fileId);
+            var blob = _sendFilesContainer.GetBlockBlobReference(BlobName(send, fileId));
            var accessPolicy = new SharedAccessBlobPolicy()
            {
                SharedAccessExpiryTime = DateTime.UtcNow.Add(_downloadLinkLiveTime),
-                Permissions = SharedAccessBlobPermissions.Read
+                Permissions = SharedAccessBlobPermissions.Read,
            };

            return blob.Uri + blob.GetSharedAccessSignature(accessPolicy);