mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 10:01:09 +00:00
refactor: remove obsolete resource download and installer endpoints
- Deleted the `POST /resources/get/{dataFolder?}` and `GET /resources/get-installer` endpoints as part of the architectural shift towards simplified resource management.
- Removed associated methods and configurations, including `ResourcesService.GetEncryptedResource`, `ResourcesService.GetInstaller`, and related properties in `ResourcesConfig`.
- Cleaned up environment variables and configuration files to reflect the removal of installer-related settings.
- Eliminated the `GetResourceRequest` DTO and its validator, along with the `WrongResourceName` error code.
- Updated documentation to clarify the changes in resource handling and the retirement of per-user file encryption.
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -1,6 +1,5 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Json;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Azaion.E2E.Helpers;
|
||||
@@ -17,8 +16,6 @@ public sealed class ResourceTests
|
||||
PropertyNameCaseInsensitive = true
|
||||
};
|
||||
|
||||
private const string TestUserPassword = "TestPass1234";
|
||||
|
||||
private sealed record ErrorResponse(int ErrorCode, string Message);
|
||||
|
||||
private readonly TestFixture _fixture;
|
||||
@@ -50,119 +47,6 @@ public sealed class ResourceTests
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Encrypted_download_returns_octet_stream_and_non_empty_body()
|
||||
{
|
||||
// Arrange
|
||||
var folder = $"restest-{Guid.NewGuid():N}";
|
||||
const string fileName = "secure.bin";
|
||||
var fileBytes = Encoding.UTF8.GetBytes("download-test-payload");
|
||||
string? email = null;
|
||||
|
||||
try
|
||||
{
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var upload = await admin.UploadFileAsync($"/resources/{folder}", fileBytes, fileName);
|
||||
upload.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
var candidateEmail = $"restest-{Guid.NewGuid():N}@azaion.com";
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var createResp = await admin.PostAsync("/users",
|
||||
new { Email = candidateEmail, Password = TestUserPassword, Role = 10 });
|
||||
createResp.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
email = candidateEmail;
|
||||
|
||||
using var loginClient = _fixture.CreateApiClient();
|
||||
var userToken = await loginClient.LoginAsync(email, TestUserPassword);
|
||||
using var userClient = _fixture.CreateAuthenticatedClient(userToken);
|
||||
|
||||
// Act
|
||||
using var response = await userClient.PostAsync($"/resources/get/{folder}",
|
||||
new { Password = TestUserPassword, FileName = fileName });
|
||||
|
||||
// Assert
|
||||
response.StatusCode.Should().Be(HttpStatusCode.OK);
|
||||
response.Content.Headers.ContentType?.MediaType.Should().Be("application/octet-stream");
|
||||
var body = await response.Content.ReadAsByteArrayAsync();
|
||||
body.Should().NotBeEmpty();
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (email is not null)
|
||||
{
|
||||
using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var del = await adminCleanup.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
|
||||
del.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
using var adminClear = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var clear = await adminClear.PostAsync($"/resources/clear/{folder}", new { });
|
||||
clear.EnsureSuccessStatusCode();
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Encryption_round_trip_decrypt_matches_original_bytes()
|
||||
{
|
||||
// Arrange
|
||||
var folder = $"restest-{Guid.NewGuid():N}";
|
||||
const string fileName = "roundtrip.bin";
|
||||
var original = Enumerable.Range(0, 128).Select(i => (byte)i).ToArray();
|
||||
const string password = "RoundTrip123";
|
||||
string? email = null;
|
||||
|
||||
try
|
||||
{
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var upload = await admin.UploadFileAsync($"/resources/{folder}", original, fileName);
|
||||
upload.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
var candidateEmail = $"roundtrip-{Guid.NewGuid():N}@azaion.com";
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var createResp = await admin.PostAsync("/users",
|
||||
new { Email = candidateEmail, Password = password, Role = 10 });
|
||||
createResp.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
email = candidateEmail;
|
||||
|
||||
using var loginClient = _fixture.CreateApiClient();
|
||||
var userToken = await loginClient.LoginAsync(email, password);
|
||||
using var userClient = _fixture.CreateAuthenticatedClient(userToken);
|
||||
|
||||
// Act
|
||||
using var download = await userClient.PostAsync($"/resources/get/{folder}",
|
||||
new { Password = password, FileName = fileName });
|
||||
download.EnsureSuccessStatusCode();
|
||||
var encrypted = await download.Content.ReadAsByteArrayAsync();
|
||||
var decrypted = DecryptResourcePayload(encrypted, email!, password);
|
||||
|
||||
// Assert
|
||||
decrypted.Should().Equal(original);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (email is not null)
|
||||
{
|
||||
using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var del = await adminCleanup.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
|
||||
del.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
using var adminClear = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var clear = await adminClear.PostAsync($"/resources/clear/{folder}", new { });
|
||||
clear.EnsureSuccessStatusCode();
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Upload_without_file_is_rejected_with_400_or_409_and_60_on_conflict()
|
||||
{
|
||||
@@ -182,22 +66,4 @@ public sealed class ResourceTests
|
||||
err!.ErrorCode.Should().Be(60);
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] DecryptResourcePayload(byte[] encrypted, string email, string password)
|
||||
{
|
||||
var apiKey = Convert.ToBase64String(SHA384.HashData(
|
||||
Encoding.UTF8.GetBytes($"{email}-{password}-#%@AzaionKey@%#---")));
|
||||
var aesKey = SHA256.HashData(Encoding.UTF8.GetBytes(apiKey));
|
||||
|
||||
if (encrypted.Length <= 16)
|
||||
throw new InvalidOperationException("Encrypted payload too short.");
|
||||
|
||||
using var aes = Aes.Create();
|
||||
aes.Key = aesKey;
|
||||
aes.IV = encrypted.AsSpan(0, 16).ToArray();
|
||||
aes.Mode = CipherMode.CBC;
|
||||
aes.Padding = PaddingMode.PKCS7;
|
||||
using var decryptor = aes.CreateDecryptor();
|
||||
return decryptor.TransformFinalBlock(encrypted, 16, encrypted.Length - 16);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -55,10 +55,6 @@ public sealed class SecurityTests
|
||||
|
||||
using (var r = await client.DeleteAsync($"/users/{Uri.EscapeDataString(probeEmail)}"))
|
||||
r.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
|
||||
|
||||
using (var r = await client.PostAsync("/resources/get",
|
||||
new { password = "irrelevant1", fileName = "f.bin" }))
|
||||
r.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -141,63 +137,6 @@ public sealed class SecurityTests
|
||||
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Per_user_encryption_produces_distinct_ciphertext_for_same_file()
|
||||
{
|
||||
// Arrange
|
||||
var folder = $"sectest-{Guid.NewGuid():N}";
|
||||
var fileName = $"enc-{Guid.NewGuid():N}.bin";
|
||||
var payload = Encoding.UTF8.GetBytes($"secret-{Guid.NewGuid()}");
|
||||
var email1 = $"{Guid.NewGuid():N}@sectest.example.com";
|
||||
var email2 = $"{Guid.NewGuid():N}@sectest.example.com";
|
||||
const string password = "TestPwd12345";
|
||||
|
||||
try
|
||||
{
|
||||
foreach (var email in new[] { email1, email2 })
|
||||
{
|
||||
var reg = JsonSerializer.Serialize(new { email, password, role = 10 }, JsonOptions);
|
||||
using var create = await _fixture.HttpClient.PostAsync("/users",
|
||||
new StringContent(reg, Encoding.UTF8, "application/json"));
|
||||
create.IsSuccessStatusCode.Should().BeTrue();
|
||||
}
|
||||
|
||||
using (var adminUpload = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var up = await adminUpload.UploadFileAsync($"/resources/{folder}", payload, fileName);
|
||||
up.IsSuccessStatusCode.Should().BeTrue();
|
||||
}
|
||||
|
||||
async Task<byte[]> DownloadForAsync(string email)
|
||||
{
|
||||
using var api = _fixture.CreateApiClient();
|
||||
var token = await api.LoginAsync(email, password);
|
||||
api.SetAuthToken(token);
|
||||
using var get = await api.PostAsync($"/resources/get/{folder}",
|
||||
new { password, fileName });
|
||||
get.IsSuccessStatusCode.Should().BeTrue();
|
||||
return await get.Content.ReadAsByteArrayAsync();
|
||||
}
|
||||
|
||||
// Act
|
||||
var bytes1 = await DownloadForAsync(email1);
|
||||
var bytes2 = await DownloadForAsync(email2);
|
||||
|
||||
// Assert
|
||||
bytes1.Should().NotBeEquivalentTo(bytes2);
|
||||
}
|
||||
finally
|
||||
{
|
||||
using var clearResponse = await _fixture.HttpClient.PostAsync($"/resources/clear/{folder}",
|
||||
new StringContent("", Encoding.UTF8, "application/json"));
|
||||
|
||||
foreach (var email in new[] { email1, email2 })
|
||||
{
|
||||
using var _ = await _fixture.HttpClient.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Hardware_endpoints_are_removed_AZ_197()
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user