# Module: Azaion.Services.ResourcesService ## Purpose File-based resource management: upload, list, and clear files in the server's filesystem. > **Cycle 2 (2026-05-14) note** — `GetInstaller` and `GetEncryptedResource` were removed along with the `POST /resources/get/{dataFolder?}` and `GET /resources/get-installer[/stage]` endpoints; the corresponding interface methods, the `Security.EncryptTo` dependency, and the `ResourcesConfig.SuiteInstallerFolder` / `SuiteStageInstallerFolder` properties went with them. The service is now upload + list + clear only. ## Public Interface ### IResourcesService | Method | Signature | Description | |--------|-----------|-------------| | `SaveResource` | `Task SaveResource(string? dataFolder, IFormFile data, CancellationToken ct)` | Saves an uploaded file to the resource folder | | `ListResources` | `Task> ListResources(string? dataFolder, string? search, CancellationToken ct)` | Lists file names in a resource folder, optionally filtered | | `ClearFolder` | `void ClearFolder(string? dataFolder)` | Deletes all files and subdirectories in the specified folder | ## Internal Logic - **GetResourceFolder**: resolves the target directory. If `dataFolder` is null/empty, uses `ResourcesConfig.ResourcesFolder` directly; otherwise, appends it as a subdirectory. - **SaveResource**: creates the folder if needed, deletes any existing file with the same name, then copies the uploaded file. - **ListResources**: uses `DirectoryInfo.GetFiles` with optional search pattern. - **ClearFolder**: iterates and deletes all files and subdirectories. ## Dependencies - `IOptions` — folder paths - `ILogger` — logs successful saves - `BusinessException` — thrown for null file uploads ## Consumers - `Program.cs` — `POST /resources/{dataFolder?}` (upload), `GET /resources/list/{dataFolder?}`, `POST /resources/clear/{dataFolder?}` ## Data Models None. ## Configuration Uses `ResourcesConfig.ResourcesFolder`. ## External Integrations Local filesystem for resource storage. ## Security - File deletion overwrites existing files before writing new ones. - No path traversal protection on `dataFolder` parameter (security audit F-2 — open). ## Tests End-to-end coverage in `e2e/Azaion.E2E/Tests/ResourceTests.cs` — `File_upload_succeeds` and `Upload_without_file_is_rejected_with_400_or_409_and_60_on_conflict`.