Merge pull request #28 from Nesteo/image-upload

Image upload and download

Author: Rand3rino

Nesteo.Server.IntegrationTests/appsettings-sample.json

@@ -2,6 +2,9 @@
   "ConnectionStrings": {
     "DefaultConnection": "Server=localhost;Database=test;User=root;Password=root"
   },
+  "Storage": {
+    "ImageUploadsDirectoryPath": "/tmp/nesteo-uploads"
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information"

Nesteo.Server/Controllers/Api/InspectionsController.cs

@@ -1,11 +1,14 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Nesteo.Server.Data.Entities;
-using Nesteo.Server.Data.Enums;
+using Microsoft.AspNetCore.StaticFiles;
+using Microsoft.Extensions.Options;
+using Nesteo.Server.Filters;
 using Nesteo.Server.Models;
+using Nesteo.Server.Options;
 using Nesteo.Server.Services;
 
 namespace Nesteo.Server.Controllers.Api
@@ -14,10 +17,12 @@ namespace Nesteo.Server.Controllers.Api
     public class InspectionsController : ApiControllerBase
     {
         private readonly IInspectionService _inspectionService;
+        private readonly IOptions<StorageOptions> _storageOptions;
 
-        public InspectionsController(IInspectionService inspectionService)
+        public InspectionsController(IInspectionService inspectionService, IOptions<StorageOptions> storageOptions)
         {
             _inspectionService = inspectionService ?? throw new ArgumentNullException(nameof(inspectionService));
+            _storageOptions = storageOptions ?? throw new ArgumentNullException(nameof(storageOptions));
         }
 
         /// <summary>
@@ -69,12 +74,17 @@ public async Task<ActionResult<Inspection>> CreateInspectionAsync([FromBody] Ins
         /// <param name="inspection">The modified inspection</param>
         [HttpPatch("{id}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> EditInspectionAsync(int id, [FromBody] Inspection inspection)
+        public async Task<IActionResult> EditInspectionAsync(int id, [FromBody] Inspection inspection)
         {
             if (inspection.Id == null)
+            {
                 inspection.Id = id;
+            }
             else if (inspection.Id != id)
-                return BadRequest();
+            {
+                ModelState.AddModelError("Inspection.Id", "Inspection ID is set but different from the resource URL.");
+                return BadRequest(ModelState);
+            }
 
             // Edit inspection
             inspection = await _inspectionService.UpdateAsync(inspection, HttpContext.RequestAborted).ConfigureAwait(false);
@@ -84,6 +94,54 @@ public async Task<ActionResult> EditInspectionAsync(int id, [FromBody] Inspectio
             return NoContent();
         }
 
+        /// <summary>
+        /// Upload a new inspection image
+        /// </summary>
+        /// <remarks>
+        /// Replaces the old one, when existing.
+        /// </remarks>
+        /// <param name="id">Inspection id</param>
+        [HttpPost("{id}/upload-image")]
+        [DisableFormValueModelBinding]
+        [Consumes("multipart/form-data")]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        public async Task<IActionResult> UploadInspectionImageAsync(int id)
+        {
+            if (!await _inspectionService.ExistsIdAsync(id, HttpContext.RequestAborted).ConfigureAwait(false))
+                return NotFound();
+
+            string imageFileName = await ReceiveMultipartImageFileUploadAsync(id.ToString(), HttpContext.RequestAborted).ConfigureAwait(false);
+            if (imageFileName == null)
+                return BadRequest(ModelState);
+
+            await _inspectionService.SetImageFileNameAsync(id, imageFileName, HttpContext.RequestAborted).ConfigureAwait(false);
+
+            return NoContent();
+        }
+
+        /// <summary>
+        /// Download an inspection image
+        /// </summary>
+        /// <param name="id">Inspection id</param>
+        [HttpGet("{id}/image")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public async Task<IActionResult> GetInspectionImageAsync(int id)
+        {
+            string imageFileName = await _inspectionService.GetImageFileNameAsync(id, HttpContext.RequestAborted).ConfigureAwait(false);
+            if (imageFileName == null)
+                return NotFound();
+
+            string imageFilePath = Path.Join(_storageOptions.Value.ImageUploadsDirectoryPath, imageFileName);
+            var fileInfo = new FileInfo(imageFilePath);
+            if (!fileInfo.Exists)
+                return NotFound();
+
+            string contentType = new FileExtensionContentTypeProvider().TryGetContentType(imageFilePath, out string result) ? result : "application/octet-stream";
+            FileStream fileStream = fileInfo.OpenRead();
+
+            return File(fileStream, contentType, true);
+        }
+
         /// <summary>
         /// Preview all inspections with a reduced set of data
         /// </summary>

Nesteo.Server/Controllers/Api/NestingBoxesController.cs

@@ -1,15 +1,15 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
+using System.IO;
 using System.Threading.Tasks;
-using Hellang.Middleware.ProblemDetails;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Nesteo.Server.Data;
-using Nesteo.Server.Data.Enums;
-using Nesteo.Server.IdGeneration;
+using Microsoft.AspNetCore.StaticFiles;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Nesteo.Server.Filters;
 using Nesteo.Server.Models;
+using Nesteo.Server.Options;
 using Nesteo.Server.Services;
 
 namespace Nesteo.Server.Controllers.Api
@@ -19,18 +19,18 @@ public class NestingBoxesController : ApiControllerBase
     {
         private readonly INestingBoxService _nestingBoxService;
         private readonly IInspectionService _inspectionService;
-        private readonly INestingBoxIdGenerator _nestingBoxIdGenerator;
-        private readonly IUserService _userService;
+        private readonly IOptions<StorageOptions> _storageOptions;
+        private readonly ILogger<NestingBoxesController> _logger;
 
         public NestingBoxesController(INestingBoxService nestingBoxService,
                                       IInspectionService inspectionService,
-                                      INestingBoxIdGenerator nestingBoxIdGenerator,
-                                      IUserService userService)
+                                      IOptions<StorageOptions> storageOptions,
+                                      ILogger<NestingBoxesController> logger)
         {
             _nestingBoxService = nestingBoxService ?? throw new ArgumentNullException(nameof(nestingBoxService));
             _inspectionService = inspectionService ?? throw new ArgumentNullException(nameof(inspectionService));
-            _nestingBoxIdGenerator = nestingBoxIdGenerator ?? throw new ArgumentNullException(nameof(nestingBoxIdGenerator));
-            _userService = userService ?? throw new ArgumentNullException(nameof(userService));
+            _storageOptions = storageOptions ?? throw new ArgumentNullException(nameof(storageOptions));
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
         /// <summary>
@@ -86,12 +86,17 @@ public async Task<ActionResult<NestingBox>> CreateNestingBoxAsync([FromBody] Nes
         /// <param name="nestingBox">The modified nesting box</param>
         [HttpPatch("{id}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> EditNestingBoxAsync(string id, [FromBody] NestingBox nestingBox)
+        public async Task<IActionResult> EditNestingBoxAsync(string id, [FromBody] NestingBox nestingBox)
         {
             if (nestingBox.Id == null)
+            {
                 nestingBox.Id = id;
+            }
             else if (nestingBox.Id != id)
-                return BadRequest();
+            {
+                ModelState.AddModelError("NestingBox.Id", "Nesting box ID is set but different from the resource URL.");
+                return BadRequest(ModelState);
+            }
 
             // Edit nesting box
             nestingBox = await _nestingBoxService.UpdateAsync(nestingBox, HttpContext.RequestAborted).ConfigureAwait(false);
@@ -101,6 +106,54 @@ public async Task<ActionResult> EditNestingBoxAsync(string id, [FromBody] Nestin
             return NoContent();
         }
 
+        /// <summary>
+        /// Upload a new nesting box image
+        /// </summary>
+        /// <remarks>
+        /// Replaces the old one, when existing.
+        /// </remarks>
+        /// <param name="id">Nesting box id</param>
+        [HttpPost("{id}/upload-image")]
+        [DisableFormValueModelBinding]
+        [Consumes("multipart/form-data")]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        public async Task<IActionResult> UploadNestingBoxImageAsync(string id)
+        {
+            if (!await _nestingBoxService.ExistsIdAsync(id, HttpContext.RequestAborted).ConfigureAwait(false))
+                return NotFound();
+
+            string imageFileName = await ReceiveMultipartImageFileUploadAsync(id, HttpContext.RequestAborted).ConfigureAwait(false);
+            if (imageFileName == null)
+                return BadRequest(ModelState);
+
+            await _nestingBoxService.SetImageFileNameAsync(id, imageFileName, HttpContext.RequestAborted).ConfigureAwait(false);
+
+            return NoContent();
+        }
+
+        /// <summary>
+        /// Download a nesting box image
+        /// </summary>
+        /// <param name="id">Nesting box id</param>
+        [HttpGet("{id}/image")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public async Task<IActionResult> GetNestingBoxImageAsync(string id)
+        {
+            string imageFileName = await _nestingBoxService.GetImageFileNameAsync(id, HttpContext.RequestAborted).ConfigureAwait(false);
+            if (imageFileName == null)
+                return NotFound();
+
+            string imageFilePath = Path.Join(_storageOptions.Value.ImageUploadsDirectoryPath, imageFileName);
+            var fileInfo = new FileInfo(imageFilePath);
+            if (!fileInfo.Exists)
+                return NotFound();
+
+            string contentType = new FileExtensionContentTypeProvider().TryGetContentType(imageFilePath, out string result) ? result : "application/octet-stream";
+            FileStream fileStream = fileInfo.OpenRead();
+
+            return File(fileStream, contentType, true);
+        }
+
         /// <summary>
         /// Preview all nesting boxes with a reduced set of data
         /// </summary>

Nesteo.Server/Controllers/ApiControllerBase.cs

@@ -1,8 +1,86 @@
+using System;
+using System.IO;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.Net.Http.Headers;
+using Nesteo.Server.Options;
+using Nesteo.Server.Utils;
 
 namespace Nesteo.Server.Controllers
 {
     [ApiController]
     [Produces("application/json")]
-    public abstract class ApiControllerBase : Controller { }
+    public abstract class ApiControllerBase : Controller
+    {
+        private static readonly string[] ValidImageFileExtensions = { ".jpg", ".png" };
+
+        protected async Task<string> ReceiveMultipartImageFileUploadAsync(string namePrefix, CancellationToken cancellationToken = default)
+        {
+            IOptions<StorageOptions> storageOptions = HttpContext.RequestServices.GetRequiredService<IOptions<StorageOptions>>();
+            ILogger<ApiControllerBase> logger = HttpContext.RequestServices.GetRequiredService<ILogger<ApiControllerBase>>();
+
+            if (!MultipartRequestHelper.IsMultipartContentType(Request.ContentType))
+            {
+                ModelState.AddModelError("File", "Multipart request expected.");
+                return null;
+            }
+
+            string boundary = MultipartRequestHelper.GetBoundary(MediaTypeHeaderValue.Parse(Request.ContentType));
+            var multipartReader = new MultipartReader(boundary, HttpContext.Request.Body);
+
+            MultipartSection section = await multipartReader.ReadNextSectionAsync(cancellationToken).ConfigureAwait(false);
+            if (section == null)
+            {
+                ModelState.AddModelError("File", "No multipart section found.");
+                return null;
+            }
+
+            if (!ContentDispositionHeaderValue.TryParse(section.ContentDisposition, out ContentDispositionHeaderValue contentDisposition))
+            {
+                ModelState.AddModelError("File", "Content disposition header expected.");
+                return null;
+            }
+
+            if (!MultipartRequestHelper.HasFileContentDisposition(contentDisposition))
+            {
+                ModelState.AddModelError("File", "File content disposition expected.");
+                return null;
+            }
+
+            string untrustedFileName = contentDisposition.FileName.Value;
+            string fileExtension = Path.GetExtension(untrustedFileName).ToLowerInvariant();
+
+            if (string.IsNullOrEmpty(fileExtension) || !ValidImageFileExtensions.Contains(fileExtension))
+            {
+                ModelState.AddModelError("File", $"File extension {fileExtension} is not allowed. Valid extensions are: {string.Join(", ", ValidImageFileExtensions)}");
+                return null;
+            }
+
+            Directory.CreateDirectory(storageOptions.Value.ImageUploadsDirectoryPath);
+
+            string targetFileName = $"{namePrefix}-{Guid.NewGuid()}{fileExtension}";
+            string targetFilePath = Path.Join(storageOptions.Value.ImageUploadsDirectoryPath, targetFileName);
+
+            try
+            {
+                await using FileStream targetStream = System.IO.File.Create(targetFilePath);
+                await section.Body.CopyToAsync(targetStream, HttpContext.RequestAborted).ConfigureAwait(false);
+            }
+            catch (Exception)
+            {
+                System.IO.File.Delete(targetFilePath);
+                throw;
+            }
+
+            logger.LogInformation($"Successfully uploaded file {untrustedFileName} to {targetFilePath}");
+
+            return targetFileName;
+        }
+    }
 }

Nesteo.Server/Filters/DisableFormValueModelBindingAttribute.cs

@@ -0,0 +1,21 @@
+using System;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Nesteo.Server.Filters
+{
+    // Source: https://docs.microsoft.com/en-us/aspnet/core/mvc/models/file-uploads?view=aspnetcore-3.0#upload-large-files-with-streaming
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
+    public class DisableFormValueModelBindingAttribute : Attribute, IResourceFilter
+    {
+        public void OnResourceExecuting(ResourceExecutingContext context)
+        {
+            var factories = context.ValueProviderFactories;
+            factories.RemoveType<FormValueProviderFactory>();
+            factories.RemoveType<FormFileValueProviderFactory>();
+            factories.RemoveType<JQueryFormValueProviderFactory>();
+        }
+
+        public void OnResourceExecuted(ResourceExecutedContext context) { }
+    }
+}

Nesteo.Server/Options/StorageOptions.cs

@@ -0,0 +1,10 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Nesteo.Server.Options
+{
+    public class StorageOptions
+    {
+        [Required]
+        public string ImageUploadsDirectoryPath { get; set; }
+    }
+}

Nesteo.Server/Services/IInspectionService.cs

@@ -19,5 +19,9 @@ public interface IInspectionService : ICrudService<Inspection, int?>
         Task<Inspection> AddAsync(Inspection inspection, CancellationToken cancellationToken = default);
 
         Task<Inspection> UpdateAsync(Inspection inspection, CancellationToken cancellationToken = default);
+
+        Task<Inspection> SetImageFileNameAsync(int id, string imageFileName, CancellationToken cancellationToken = default);
+
+        Task<string> GetImageFileNameAsync(int id, CancellationToken cancellationToken = default);
     }
 }

Nesteo.Server/Services/INestingBoxService.cs

@@ -18,5 +18,9 @@ public interface INestingBoxService : ICrudService<NestingBox, string>
         Task<NestingBox> AddAsync(NestingBox nestingBox, CancellationToken cancellationToken = default);
 
         Task<NestingBox> UpdateAsync(NestingBox nestingBox, CancellationToken cancellationToken = default);
+
+        Task<NestingBox> SetImageFileNameAsync(string id, string imageFileName, CancellationToken cancellationToken = default);
+
+        Task<string> GetImageFileNameAsync(string id, CancellationToken cancellationToken = default);
     }
 }