mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 10:31:09 +00:00
refactor: remove obsolete resource download and installer endpoints
- Deleted the `POST /resources/get/{dataFolder?}` and `GET /resources/get-installer` endpoints as part of the architectural shift towards simplified resource management.
- Removed associated methods and configurations, including `ResourcesService.GetEncryptedResource`, `ResourcesService.GetInstaller`, and related properties in `ResourcesConfig`.
- Cleaned up environment variables and configuration files to reflect the removal of installer-related settings.
- Eliminated the `GetResourceRequest` DTO and its validator, along with the `WrongResourceName` error code.
- Updated documentation to clarify the changes in resource handling and the retirement of per-user file encryption.
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -1,6 +1,5 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Json;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Azaion.E2E.Helpers;
|
||||
@@ -17,8 +16,6 @@ public sealed class ResourceTests
|
||||
PropertyNameCaseInsensitive = true
|
||||
};
|
||||
|
||||
private const string TestUserPassword = "TestPass1234";
|
||||
|
||||
private sealed record ErrorResponse(int ErrorCode, string Message);
|
||||
|
||||
private readonly TestFixture _fixture;
|
||||
@@ -50,119 +47,6 @@ public sealed class ResourceTests
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Encrypted_download_returns_octet_stream_and_non_empty_body()
|
||||
{
|
||||
// Arrange
|
||||
var folder = $"restest-{Guid.NewGuid():N}";
|
||||
const string fileName = "secure.bin";
|
||||
var fileBytes = Encoding.UTF8.GetBytes("download-test-payload");
|
||||
string? email = null;
|
||||
|
||||
try
|
||||
{
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var upload = await admin.UploadFileAsync($"/resources/{folder}", fileBytes, fileName);
|
||||
upload.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
var candidateEmail = $"restest-{Guid.NewGuid():N}@azaion.com";
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var createResp = await admin.PostAsync("/users",
|
||||
new { Email = candidateEmail, Password = TestUserPassword, Role = 10 });
|
||||
createResp.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
email = candidateEmail;
|
||||
|
||||
using var loginClient = _fixture.CreateApiClient();
|
||||
var userToken = await loginClient.LoginAsync(email, TestUserPassword);
|
||||
using var userClient = _fixture.CreateAuthenticatedClient(userToken);
|
||||
|
||||
// Act
|
||||
using var response = await userClient.PostAsync($"/resources/get/{folder}",
|
||||
new { Password = TestUserPassword, FileName = fileName });
|
||||
|
||||
// Assert
|
||||
response.StatusCode.Should().Be(HttpStatusCode.OK);
|
||||
response.Content.Headers.ContentType?.MediaType.Should().Be("application/octet-stream");
|
||||
var body = await response.Content.ReadAsByteArrayAsync();
|
||||
body.Should().NotBeEmpty();
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (email is not null)
|
||||
{
|
||||
using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var del = await adminCleanup.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
|
||||
del.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
using var adminClear = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var clear = await adminClear.PostAsync($"/resources/clear/{folder}", new { });
|
||||
clear.EnsureSuccessStatusCode();
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Encryption_round_trip_decrypt_matches_original_bytes()
|
||||
{
|
||||
// Arrange
|
||||
var folder = $"restest-{Guid.NewGuid():N}";
|
||||
const string fileName = "roundtrip.bin";
|
||||
var original = Enumerable.Range(0, 128).Select(i => (byte)i).ToArray();
|
||||
const string password = "RoundTrip123";
|
||||
string? email = null;
|
||||
|
||||
try
|
||||
{
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var upload = await admin.UploadFileAsync($"/resources/{folder}", original, fileName);
|
||||
upload.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
var candidateEmail = $"roundtrip-{Guid.NewGuid():N}@azaion.com";
|
||||
using (var admin = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
|
||||
{
|
||||
using var createResp = await admin.PostAsync("/users",
|
||||
new { Email = candidateEmail, Password = password, Role = 10 });
|
||||
createResp.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
email = candidateEmail;
|
||||
|
||||
using var loginClient = _fixture.CreateApiClient();
|
||||
var userToken = await loginClient.LoginAsync(email, password);
|
||||
using var userClient = _fixture.CreateAuthenticatedClient(userToken);
|
||||
|
||||
// Act
|
||||
using var download = await userClient.PostAsync($"/resources/get/{folder}",
|
||||
new { Password = password, FileName = fileName });
|
||||
download.EnsureSuccessStatusCode();
|
||||
var encrypted = await download.Content.ReadAsByteArrayAsync();
|
||||
var decrypted = DecryptResourcePayload(encrypted, email!, password);
|
||||
|
||||
// Assert
|
||||
decrypted.Should().Equal(original);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (email is not null)
|
||||
{
|
||||
using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var del = await adminCleanup.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
|
||||
del.EnsureSuccessStatusCode();
|
||||
}
|
||||
|
||||
using var adminClear = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
|
||||
using var clear = await adminClear.PostAsync($"/resources/clear/{folder}", new { });
|
||||
clear.EnsureSuccessStatusCode();
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task Upload_without_file_is_rejected_with_400_or_409_and_60_on_conflict()
|
||||
{
|
||||
@@ -182,22 +66,4 @@ public sealed class ResourceTests
|
||||
err!.ErrorCode.Should().Be(60);
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] DecryptResourcePayload(byte[] encrypted, string email, string password)
|
||||
{
|
||||
var apiKey = Convert.ToBase64String(SHA384.HashData(
|
||||
Encoding.UTF8.GetBytes($"{email}-{password}-#%@AzaionKey@%#---")));
|
||||
var aesKey = SHA256.HashData(Encoding.UTF8.GetBytes(apiKey));
|
||||
|
||||
if (encrypted.Length <= 16)
|
||||
throw new InvalidOperationException("Encrypted payload too short.");
|
||||
|
||||
using var aes = Aes.Create();
|
||||
aes.Key = aesKey;
|
||||
aes.IV = encrypted.AsSpan(0, 16).ToArray();
|
||||
aes.Mode = CipherMode.CBC;
|
||||
aes.Padding = PaddingMode.PKCS7;
|
||||
using var decryptor = aes.CreateDecryptor();
|
||||
return decryptor.TransformFinalBlock(encrypted, 16, encrypted.Length - 16);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user