Skip to content

polterguy/magic.io

Repository files navigation

Magic IO

A generic file upload/download controller for .Net allowing you to upload and download files to and from your server.

Usage

The project is intended to be dynamically added to your Web API as a controller, making sure you create an association between the IFileService and its FileService by mapping it up as a transient service using something such as follows for instance.

/*
 * Somewhere were you initialize your ServiceProvider.
 */
service.AddTransient<IFileService, FileService>();

Then assuming you're able to dynamically add the "magic.io.controller" as a controller endpoint plugin, you'll end up with two endpoints as follows.

  • GET - api/files - Downloads the "file" QUERY parameter file. Remember to URL encode your QUERY parameters.
  • PUT - api/files - Uploads the "file" file. Use "multipart/form-data" as Content-Type for your request.

If you PUT a file that already exists, the existing file will be overwritten. However, you'll also need to think about authorization before you actually start using the library.

Authorization

Before you can start consuming the project, you'll need to think about what type of authorization process you intend to use. The project contains 4 different authorization services. The most basic one accepts a list of roles during construction, and could probably be consumed as a Singleton, and will only allow any type of file access to a user belonging to one of the specified roles. To use the simplest authorization implementation, you could provide something like the following, that will only allow users belonging to the "admin" role, and the "root" role to upload and download files.

/*
 * Somewhere were you initialize your ServiceProvider.
 *
 * This will only allow "admin" and "root" users to upload files to your server.
 */
service.AddTransient<IAuthorize>((svc) => new AuthorizeOnlyRoles("root", "admin"));

The next step of authorization, is to use AuthorizeLambda, which allows you to supply a Func, that will be invoked with the path, username, roles and AccessType (read/write) requested. This allows you to create any amount of C# to verify the user is allowed to access the requested access type for the given file, and return true or false from your function, depending upon whether or not you want to grant the user access or not.

The slightly more advanced only, allows you to create your own C# slot, named [magic.io.authorize], that allows you to declare a slot in your C# code, using the syntax from magic.signals, which will be given the path, username, and all other data necessary to determine whether or not you'd like to give access to some resource or not. This allows you to control access to files according to the paths, file extensions, etc.

The fourth authorization scheme, allows you to declare your own dynamic [magic.io.authorize] slot, as a [slot] invocation in your own Hyperlambda code, which will be given the same set of arguments as the above [magic.io.authorize] static slot, and be expected to return either true or false, declaring whether or not the user has access to the requested resource or not.

Both of the latter methods will be given the following arguments.

  • [path] - Path to file requested by caller
  • [username] - Username of user trying to access file
  • [type] - Type of access requested by user (can be "ReadFile" or "WriteFile")
  • [roles] - Roles user belongs to

In addition you can of course create your own IAuthorize implementation, entirely in C#, and plug it into your ServiceProvider, making sure the service will be resolved when some service within magic.io needs it. If you do, your IAuthorize implementation will be invoked every time some file resource is somehow requested by the library for some reasons.

By default no authorization is given, unless you explicitly wire up some authorization service, using for instance the ServiceProvider in your own wiring code.

Project website

The source code for this repository can be found at github.com/polterguy/magic.io, and you can provide feedback, provide bug reports, etc at the same place.

Quality gates

  • Quality Gate Status
  • Bugs
  • Code Smells
  • Coverage
  • Duplicated Lines (%)
  • Lines of Code
  • Maintainability Rating
  • Reliability Rating
  • Security Rating
  • Technical Debt
  • Vulnerabilities

License

This project is the copyright(c) 2020-2021 of Thomas Hansen thomas@servergardens.com, and is licensed under the terms of the LGPL version 3, as published by the Free Software Foundation. See the enclosed LICENSE file for details.