using System; using System.IO; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; namespace ETFileServer { [Route("")] [ApiController] public class DownLoadController: Controller { private IConfigurationRoot _config = Startup.config; private ILogger _logger; public DownLoadController(ILogger logger) { this._logger = logger; } [HttpGet("{dir}/{fileName}")] public IActionResult Get(string dir, string fileName) { string url = $"{dir}/{fileName}"; _logger.Log(LogLevel.Information, $"========{url}"); string configDir = this._config["DirectoryPath"]; string value = configDir + url; FileInfo fileInfo = new FileInfo(value); if (!fileInfo.Exists || !fileInfo.FullName.StartsWith(Path.GetFullPath(configDir))) { return NoContent(); } return PhysicalFile(fileInfo.FullName, "application/x-msdownload"); } public override void OnActionExecuting(ActionExecutingContext context) { var httpContext = context.HttpContext; if (httpContext.Request.Method != "GET") { httpContext.Abort(); return; } if (httpContext.WebSockets.IsWebSocketRequest) { httpContext.Abort(); return; } if (httpContext.Request.HasFormContentType) { httpContext.Abort(); return; } if (httpContext.Request.PathBase.HasValue) { httpContext.Abort(); return; } if (httpContext.Request.Query.Count > 0) { httpContext.Abort(); return; } if (httpContext.Request.QueryString.HasValue) { httpContext.Abort(); return; } } public override void OnActionExecuted(ActionExecutedContext context) { } } }