Поддержать механизм загрузки файлов в качестве решения к задаче со стороны студентов

HwProj.APIGateway/HwProj.APIGateway.API/Controllers/FilesController.cs

@@ -1,10 +1,10 @@
+using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
 using HwProj.APIGateway.API.Filters;
 using HwProj.AuthService.Client;
 using HwProj.ContentService.Client;
 using HwProj.Models.ContentService.DTO;
-using HwProj.Models.Roles;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -16,48 +16,79 @@ namespace HwProj.APIGateway.API.Controllers;
 public class FilesController : AggregationController
 {
     private readonly IContentServiceClient _contentServiceClient;
+    private readonly FilesPrivacyFilter _privacyFilter;
+    private readonly FilesCountLimit _countFilter;
 
     public FilesController(IAuthServiceClient authServiceClient,
-        IContentServiceClient contentServiceClient) : base(authServiceClient)
+        IContentServiceClient contentServiceClient,
+        FilesPrivacyFilter privacyFilter, FilesCountLimit countFilter) : base(authServiceClient)
     {
         _contentServiceClient = contentServiceClient;
+        _privacyFilter = privacyFilter;
+        _countFilter = countFilter;
     }
 
     [HttpPost("process")]
-    [Authorize(Roles = Roles.LecturerRole)]
-    [ServiceFilter(typeof(CourseMentorOnlyAttribute))]
     [ProducesResponseType((int)HttpStatusCode.OK)]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
     public async Task<IActionResult> Process([FromForm] ProcessFilesDTO processFilesDto)
     {
+        var checkRights = await _privacyFilter.CheckUploadRights(
+            User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value,
+            processFilesDto.FilesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для загрузки файлов");
+
+        var checkCountLimit = await _countFilter.CheckCountLimit(processFilesDto);
+        if (!checkCountLimit) return StatusCode((int)HttpStatusCode.Forbidden, "Слишком много файлов в решении." 
+            + $"Максимальное количество файлов - ${_countFilter.maxSolutionFiles}");
+
         var result = await _contentServiceClient.ProcessFilesAsync(processFilesDto);
         return result.Succeeded
             ? Ok()
             : StatusCode((int)HttpStatusCode.ServiceUnavailable, result.Errors);
     }
 
     [HttpPost("statuses")]
-    [Authorize(Roles = Roles.LecturerRole)]
-    [ServiceFilter(typeof(CourseMentorOnlyAttribute))]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(FileInfoDTO[]), (int)HttpStatusCode.OK)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
     public async Task<IActionResult> GetStatuses(ScopeDTO filesScope)
     {
+        var checkRights = await _privacyFilter.CheckUploadRights(
+            User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value,
+            filesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для получения информации о файлах");
+
         var filesStatusesResult = await _contentServiceClient.GetFilesStatuses(filesScope);
         return filesStatusesResult.Succeeded
             ? Ok(filesStatusesResult.Value) as IActionResult
             : StatusCode((int)HttpStatusCode.ServiceUnavailable, filesStatusesResult.Errors);
     }
 
     [HttpGet("downloadLink")]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string), (int)HttpStatusCode.OK)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.NotFound)]
     public async Task<IActionResult> GetDownloadLink([FromQuery] long fileId)
     {
-        var result = await _contentServiceClient.GetDownloadLinkAsync(fileId);
-        return result.Succeeded
-            ? Ok(result.Value)
-            : NotFound(result.Errors);
+        var linkDto = await _contentServiceClient.GetDownloadLinkAsync(fileId);
+        if(!linkDto.Succeeded) return StatusCode((int)HttpStatusCode.ServiceUnavailable, linkDto.Errors);
+
+        var userId = User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value;
+        var hasRights = false;
+        foreach (var scope in linkDto.Value.fileScopes)
+        {
+            if (await _privacyFilter.CheckDownloadRights(userId, scope))
+            {
+                hasRights = true;
+                break;
+            }
+        }
+
+        return hasRights
+            ? Ok(linkDto.Value.DownloadUrl)
+            : Forbid("Недостаточно прав для получения ссылки на файл");
     }
 
     [HttpGet("info/course/{courseId}")]

HwProj.APIGateway/HwProj.APIGateway.API/Filters/FilesCountLimit.cs

@@ -0,0 +1,39 @@
+using System.Linq;
+using System.Threading.Tasks;
+using HwProj.ContentService.Client;
+using HwProj.Models.ContentService.DTO;
+using HwProj.Models.CourseUnitType;
+
+namespace HwProj.APIGateway.API.Filters;
+
+public class FilesCountLimit
+{
+    private readonly IContentServiceClient _contentServiceClient;
+    public readonly long maxSolutionFiles = 5;
+
+    public FilesCountLimit(IContentServiceClient contentServiceClient)
+    {
+        _contentServiceClient = contentServiceClient;
+    }
+
+    public async Task<bool> CheckCountLimit(ProcessFilesDTO processFilesDto)
+    {
+        if (processFilesDto.FilesScope.CourseUnitType == CourseUnitType.Homework) return true;
+
+        var existingStatuses = await _contentServiceClient.GetFilesStatuses(processFilesDto.FilesScope);
+        if (!existingStatuses.Succeeded) return false;
+
+        var existingIds = existingStatuses.Value.Select(f => f.Id);
+        if (processFilesDto.DeletingFileIds.Any(id => !existingIds.Contains(id)))
+        {
+            return false;
+        }
+
+        if (existingIds.Count() + processFilesDto.NewFiles.Count - processFilesDto.DeletingFileIds.Count > maxSolutionFiles)
+        {
+            return false;
+        }
+
+        return true;
+    }
+}

HwProj.APIGateway/HwProj.APIGateway.API/Filters/FilesPrivacyFilter.cs

@@ -0,0 +1,68 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using HwProj.CoursesService.Client;
+using HwProj.Models.ContentService.DTO;
+using HwProj.Models.CourseUnitType;
+using HwProj.SolutionsService.Client;
+
+namespace HwProj.APIGateway.API.Filters;
+
+public class FilesPrivacyFilter
+{
+    private readonly ICoursesServiceClient _coursesServiceClient;
+    private readonly ISolutionsServiceClient _solutionsServiceClient;
+
+    public FilesPrivacyFilter(ICoursesServiceClient coursesServiceClient, ISolutionsServiceClient solutionsServiceClient)
+    {
+        _coursesServiceClient = coursesServiceClient;
+        _solutionsServiceClient = solutionsServiceClient;
+    }
+
+    public async Task<bool> CheckDownloadRights(string? userId, ScopeDTO fileScope)
+    {
+        if (fileScope.CourseUnitType == CourseUnitType.Homework) return true;
+        if (fileScope.CourseUnitType == CourseUnitType.Solution)
+        {
+            if (userId == null) return false;
+            var studentIds = new HashSet<string>();
+            var solution = await _solutionsServiceClient.GetSolutionById(fileScope.CourseUnitId);
+            studentIds.Add(solution.StudentId);
+            var groupIds = await _coursesServiceClient.GetGroupsById(solution.GroupId ?? 0);
+            studentIds.UnionWith(groupIds.FirstOrDefault()?.StudentsIds.ToHashSet() ?? new());
+
+            var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+
+            if (!studentIds.Contains(userId) && !mentorIds.Contains(userId)) return false;
+
+            return true;
+        }
+
+        return false;
+    }
+
+    public async Task<bool> CheckUploadRights(string? userId, ScopeDTO fileScope)
+    {
+        if (userId == null) return false;
+        if (fileScope.CourseUnitType == CourseUnitType.Homework)
+        {
+            var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+            if (!mentorIds.Contains(userId)) return false;
+            return true;
+        }
+        if (fileScope.CourseUnitType == CourseUnitType.Solution)
+        {
+            var studentIds = new HashSet<string>();
+            var solution = await _solutionsServiceClient.GetSolutionById(fileScope.CourseUnitId);
+            studentIds.Add(solution.StudentId);
+            var group = await _coursesServiceClient.GetGroupsById(solution.GroupId ?? 0);
+            studentIds.UnionWith(group.FirstOrDefault()?.StudentsIds.ToHashSet() ?? new());
+
+            if (!studentIds.Contains(userId)) return false;
+
+            return true;
+        }
+
+        return false;
+    }
+}

HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs

@@ -80,6 +80,8 @@ public void ConfigureServices(IServiceCollection services)
         services.AddContentServiceClient();
 
         services.AddScoped<CourseMentorOnlyAttribute>();
+        services.AddScoped<FilesPrivacyFilter>();
+        services.AddScoped<FilesCountLimit>();
     }
 
     public void Configure(IApplicationBuilder app, IHostEnvironment env)

HwProj.Common/HwProj.Models/ContentService/Attributes/CorrectFileTypeAttribute.cs

@@ -0,0 +1,73 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using FileTypeChecker;
+using Microsoft.AspNetCore.Http;
+using FileTypeChecker.Abstracts;
+using FileTypeChecker.Types;
+
+namespace HwProj.Models.ContentService.Attributes
+{
+
+    public class MachO : FileType
+    {
+        public const string TypeName = "MacOS executable";
+        public const string TypeExtension = "macho";
+        private static readonly byte[][] MagicBytes =
+        {
+            new byte[] { 0xfe, 0xed, 0xfa, 0xce }, // Mach-O BE 32-bit
+            new byte[] { 0xfe, 0xed, 0xfa, 0xcf }, // Mach-O BE 64-bit
+            new byte[] { 0xce, 0xfa, 0xed, 0xfe }, // Mach-O LE 32-bit
+            new byte[] { 0xcf, 0xfa, 0xed, 0xfe }, // Mach-O LE 64-bit
+        };
+
+        public MachO() : base(TypeName, TypeExtension, MagicBytes)
+        {
+        }
+    }
+
+    [AttributeUsage(AttributeTargets.Property)]
+    public class CorrectFileTypeAttribute : ValidationAttribute
+    {
+        private static readonly HashSet<FileType> forbiddenFileTypes = new HashSet<FileType>{
+            new MachO(), new Executable(), new ExecutableAndLinkableFormat()
+        };
+
+        protected override ValidationResult? IsValid(object? value, ValidationContext validationContext)
+        {
+            var files = value switch
+            {
+                IFormFile singleFile => new[] { singleFile },
+                IEnumerable<IFormFile> filesCollection => filesCollection,
+                _ => null
+            };
+
+            if (files == null) return ValidationResult.Success;
+
+            FileTypeValidator.RegisterCustomTypes(typeof(MachO).Assembly);
+            foreach (var file in files)
+            {
+                try
+                {
+                    using (var fileContent = file.OpenReadStream())
+                    {
+                        if (!FileTypeValidator.IsTypeRecognizable(fileContent) ||
+                            forbiddenFileTypes.Any(type => type.DoesMatchWith(fileContent)))
+                        {
+                            return new ValidationResult(
+                                $"Файл `{file.FileName}` имеет недопустимый тип ${file.ContentType}");
+                        }
+                    }
+                }
+                catch
+                {
+                    return new ValidationResult(
+                        $"Невозможно прочитать файл `{file.FileName}`");
+                }
+            }
+
+            return ValidationResult.Success;
+        }
+    }
+}

HwProj.Common/HwProj.Models/ContentService/CourseUnitType/CourseUnitType.cs

@@ -0,0 +1,9 @@
+namespace HwProj.Models.CourseUnitType
+{
+    public static class CourseUnitType
+    {
+        public const string Homework = "Homework";
+        public const string Solution = "Solution";
+        public const string Task = "Task";
+    };
+};

HwProj.Common/HwProj.Models/ContentService/DTO/FileLinkDTO.cs

@@ -0,0 +1,11 @@
+using System.Collections.Generic;
+
+namespace HwProj.Models.ContentService.DTO
+{
+
+    public class FileLinkDTO
+    {
+        public string DownloadUrl { get; set; }
+        public List<ScopeDTO> fileScopes { get; set; }
+    }
+}

HwProj.Common/HwProj.Models/ContentService/DTO/ProcessFilesDTO.cs

@@ -10,6 +10,7 @@ public class ProcessFilesDTO
 
         public List<long> DeletingFileIds { get; set; } = new List<long>();
 
+        [CorrectFileType]
         [MaxFileSize(100 * 1024 * 1024)]
         public List<IFormFile> NewFiles { get; set; } = new List<IFormFile>();
     }

HwProj.Common/HwProj.Models/HwProj.Models.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="File.TypeChecker" Version="3.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Http.Features" Version="2.2.0" />
     <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
   </ItemGroup>

HwProj.ContentService/HwProj.ContentService.API/Controllers/FilesController.cs

@@ -81,14 +81,25 @@ public async Task<IActionResult> GetStatuses(ScopeDTO scopeDto)
     }
 
     [HttpGet("downloadLink")]
-    [ProducesResponseType(typeof(Result<string>), (int)HttpStatusCode.OK)]
+    [ProducesResponseType(typeof(FileLinkDTO[]), (int)HttpStatusCode.OK)]
     public async Task<IActionResult> GetDownloadLink([FromQuery] long fileId)
     {
         var externalKey = await _filesInfoService.GetFileExternalKeyAsync(fileId);
-        if (externalKey is null) return Ok(Result<string>.Failed("Файл не найден"));
+        if (externalKey is null) return Ok(Result<FileLinkDTO>.Failed("Файл не найден"));
 
-        var downloadUrlResult = await _s3FilesService.GetDownloadUrl(externalKey);
-        return Ok(downloadUrlResult);
+        var fileScopes = await _filesInfoService.GetFileScopesAsync(fileId);
+        if (fileScopes is null) return Ok(Result<FileLinkDTO>.Failed("Файл не найден"));
+
+        var downloadUrl = await _s3FilesService.GetDownloadUrl(externalKey);
+        if (!downloadUrl.Succeeded) return Ok(Result<FileLinkDTO>.Failed(downloadUrl.Errors));
+
+        var result = new FileLinkDTO
+        {
+            DownloadUrl = downloadUrl.Value,
+            fileScopes = fileScopes.Select(fs => fs.ToScopeDTO()).ToList()
+        };
+
+        return Ok(result);
     }
 
     [HttpGet("info/course/{courseId}")]

HwProj.ContentService/HwProj.ContentService.API/Repositories/FileRecordRepository.cs

@@ -51,6 +51,13 @@ public async Task UpdateStatusAsync(List<long> fileRecordIds, FileStatus newStat
         => await _contentContext.FileRecords
             .AsNoTracking()
             .SingleOrDefaultAsync(fr => fr.Id == fileRecordId);
+
+    public async Task<List<Scope>?> GetScopesAsync(long fileRecordId)
+        => await _contentContext.FileToCourseUnits
+            .AsNoTracking()
+            .Where(fr => fr.FileRecordId == fileRecordId)
+            .Select(fc => fc.ToScope())
+            .ToListAsync();
 
     public async Task<List<FileRecord>> GetByScopeAsync(Scope scope)
         => await _contentContext.FileToCourseUnits

HwProj.ContentService/HwProj.ContentService.API/Repositories/IFileRecordRepository.cs

@@ -13,6 +13,7 @@ public interface IFileRecordRepository
     public Task UpdateAsync(long id,
         Expression<Func<SetPropertyCalls<FileRecord>, SetPropertyCalls<FileRecord>>> setPropertyCalls);
     public Task<FileRecord?> GetFileRecordByIdAsync(long fileRecordId);
+    public Task<List<Scope>?> GetScopesAsync(long fileRecordId);
     public Task<List<FileRecord>> GetByScopeAsync(Scope scope);
     public Task<List<FileToCourseUnit>> GetByCourseIdAsync(long courseId);
     public Task<List<FileToCourseUnit>> GetByCourseIdAndStatusAsync(long courseId, FileStatus filesStatus);

HwProj.ContentService/HwProj.ContentService.API/Services/FilesInfoService.cs

@@ -36,6 +36,12 @@ public async Task<List<FileInfoDTO>> GetFilesStatusesAsync(Scope filesScope)
         var fileRecord = await _fileRecordRepository.GetFileRecordByIdAsync(fileId);
         return fileRecord?.ExternalKey;
     }
+
+    public async Task<List<Scope>?> GetFileScopesAsync(long fileId)
+    {
+        var fileToCourseUnit = await _fileRecordRepository.GetScopesAsync(fileId);
+        return fileToCourseUnit;
+    }
 
     public async Task<List<FileInfoDTO>> GetFilesInfoAsync(long courseId)
     {