Use sas token for send downloads (#1157)

* Remove Url from SendFileModel Url is now generated on the fly with limited lifetime. New model houses the download url generated * Create API endpoint for getting Send file download url * Generate limited-life Azure download urls * Lint fix
2025-06-30 15:42:48 -05:00 · 2021-02-24 13:03:16 -06:00
parent f8940e4be5
commit e350daeeee
7 changed files with 54 additions and 3 deletions
--- a/src/Core/Services/Implementations/AzureSendFileStorageService.cs
+++ b/src/Core/Services/Implementations/AzureSendFileStorageService.cs
@ -12,6 +12,7 @@ namespace Bit.Core.Services
    {
        private const string FilesContainerName = "sendfiles";

+        private static readonly TimeSpan _downloadLinkLiveTime = TimeSpan.FromMinutes(1);
        private readonly CloudBlobClient _blobClient;
        private CloudBlobContainer _sendFilesContainer;

@ -55,12 +56,25 @@ namespace Bit.Core.Services
            await InitAsync();
        }

+        public async Task<string> GetSendFileDownloadUrlAsync(string fileId)
+        {
+            await InitAsync();
+            var blob = _sendFilesContainer.GetBlockBlobReference(fileId);
+            var accessPolicy = new SharedAccessBlobPolicy()
+            {
+                SharedAccessExpiryTime = DateTime.UtcNow.Add(_downloadLinkLiveTime),
+                Permissions = SharedAccessBlobPermissions.Read
+            };
+
+            return blob.Uri + blob.GetSharedAccessSignature(accessPolicy);
+        }
+
        private async Task InitAsync()
        {
            if (_sendFilesContainer == null)
            {
                _sendFilesContainer = _blobClient.GetContainerReference(FilesContainerName);
-                await _sendFilesContainer.CreateIfNotExistsAsync(BlobContainerPublicAccessType.Blob, null, null);
+                await _sendFilesContainer.CreateIfNotExistsAsync(BlobContainerPublicAccessType.Off, null, null);
            }
        }
    }
--- a/src/Core/Services/Implementations/LocalSendStorageService.cs
+++ b/src/Core/Services/Implementations/LocalSendStorageService.cs
@ -9,11 +9,13 @@ namespace Bit.Core.Services
    public class LocalSendStorageService : ISendFileStorageService
    {
        private readonly string _baseDirPath;
+        private readonly string _baseSendUrl;

        public LocalSendStorageService(
            GlobalSettings globalSettings)
        {
            _baseDirPath = globalSettings.Send.BaseDirectory;
+            _baseSendUrl = globalSettings.Send.BaseUrl;
        }

        public async Task UploadNewFileAsync(Stream stream, Send send, string fileId)
@ -42,6 +44,12 @@ namespace Bit.Core.Services
            await InitAsync();
        }

+        public async Task<string> GetSendFileDownloadUrlAsync(string fileId)
+        {
+            await InitAsync();
+            return $"{_baseSendUrl}/{fileId}";
+        }
+
        private void DeleteFileIfExists(string path)
        {
            if (File.Exists(path))