78612ea29d
- Add JWT Bearer token validation to API Gateway with restricted CORS - Add cookie-based JWT validation to FileService for browser image requests - Create shared authentication infrastructure in FictionArchive.Service.Shared - Update frontend to set fa_session cookie after OIDC login - Add [Authorize] attributes to GraphQL mutations with role-based restrictions - Configure OIDC settings for both services in docker-compose Implements FA-17: Authentication for microservices architecture
52 lines
1.5 KiB
C#
52 lines
1.5 KiB
C#
using System.Web;
|
|
using Amazon.S3;
|
|
using Amazon.S3.Model;
|
|
using FictionArchive.Service.FileService.Models;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace FictionArchive.Service.FileService.Controllers
|
|
{
|
|
[Route("api/{*path}")]
|
|
[ApiController]
|
|
[Authorize]
|
|
public class S3ProxyController : ControllerBase
|
|
{
|
|
private readonly AmazonS3Client _amazonS3Client;
|
|
private readonly S3Configuration _s3Configuration;
|
|
|
|
public S3ProxyController(AmazonS3Client amazonS3Client, IOptions<S3Configuration> s3Configuration)
|
|
{
|
|
_amazonS3Client = amazonS3Client;
|
|
_s3Configuration = s3Configuration.Value;
|
|
}
|
|
|
|
[HttpGet]
|
|
public async Task<IActionResult> Get(string path)
|
|
{
|
|
var decodedPath = HttpUtility.UrlDecode(path);
|
|
|
|
try
|
|
{
|
|
var s3Response = await _amazonS3Client.GetObjectAsync(new GetObjectRequest()
|
|
{
|
|
BucketName = _s3Configuration.Bucket,
|
|
Key = decodedPath
|
|
});
|
|
|
|
return new FileStreamResult(s3Response.ResponseStream, s3Response.Headers.ContentType);
|
|
}
|
|
catch (AmazonS3Exception e)
|
|
{
|
|
if (e.Message == "Key not found")
|
|
{
|
|
return NotFound();
|
|
}
|
|
throw;
|
|
}
|
|
}
|
|
}
|
|
}
|