Merge branch master

Author: KirillBorisovich

HwProj.APIGateway/HwProj.APIGateway.API/Controllers/CoursesController.cs

@@ -49,7 +49,7 @@ public async Task<CoursePreviewView[]> GetAllCourses()
     [ProducesResponseType(typeof(CourseAllData), (int)HttpStatusCode.OK)]
     public async Task<IActionResult> GetAllCourseData(long courseId)
     {
-        var courseResult = await _coursesClient.GetAllCourseData(courseId);
+        var courseResult = await _coursesClient.GetCourseDataRaw(courseId);
         if (!courseResult.Succeeded)
             return BadRequest(courseResult.Errors[0]);
 
@@ -66,7 +66,7 @@ public async Task<IActionResult> GetAllCourseData(long courseId)
     [ProducesResponseType(typeof(CourseViewModel), (int)HttpStatusCode.OK)]
     public async Task<IActionResult> GetCourseData(long courseId)
     {
-        var course = await _coursesClient.GetCourseById(courseId);
+        var course = await _coursesClient.GetCourseView(courseId);
         if (course == null) return NotFound();
 
         var result = await ToCourseViewModel(course);

HwProj.APIGateway/HwProj.APIGateway.API/Controllers/FilesController.cs

@@ -4,7 +4,7 @@
 using HwProj.AuthService.Client;
 using HwProj.ContentService.Client;
 using HwProj.Models.ContentService.DTO;
-using HwProj.Models.Roles;
+using HwProj.Models.CourseUnitType;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -13,72 +13,79 @@ namespace HwProj.APIGateway.API.Controllers;
 [Route("api/[controller]")]
 [Authorize]
 [ApiController]
-public class FilesController : AggregationController
+public class FilesController(
+    IAuthServiceClient authServiceClient,
+    IContentServiceClient contentServiceClient,
+    FilesPrivacyFilter privacyFilter,
+    FilesCountLimiter filesCountLimiter)
+    : AggregationController(authServiceClient)
 {
-    private readonly IContentServiceClient _contentServiceClient;
-
-    public FilesController(IAuthServiceClient authServiceClient,
-        IContentServiceClient contentServiceClient) : base(authServiceClient)
-    {
-        _contentServiceClient = contentServiceClient;
-    }
-
     [HttpPost("process")]
-    [Authorize(Roles = Roles.LecturerRole)]
-    [ServiceFilter(typeof(CourseMentorOnlyAttribute))]
     [ProducesResponseType((int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
+    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.BadRequest)]
     public async Task<IActionResult> Process([FromForm] ProcessFilesDTO processFilesDto)
     {
-        var result = await _contentServiceClient.ProcessFilesAsync(processFilesDto);
+        var checkRights = await privacyFilter.CheckUploadRights(UserId, processFilesDto.FilesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для загрузки файлов");
+
+        var checkCountLimit = await filesCountLimiter.CheckCountLimit(processFilesDto);
+        if (!checkCountLimit)
+            return Forbid("Слишком много файлов в решении." +
+                          $"Максимальное количество файлов - ${FilesCountLimiter.MaxSolutionFiles}");
+
+        var result = await contentServiceClient.ProcessFilesAsync(processFilesDto);
         return result.Succeeded
             ? Ok()
-            : StatusCode((int)HttpStatusCode.ServiceUnavailable, result.Errors);
+            : BadRequest(result.Errors);
     }
 
     [HttpPost("statuses")]
-    [Authorize(Roles = Roles.LecturerRole)]
-    [ServiceFilter(typeof(CourseMentorOnlyAttribute))]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(FileInfoDTO[]), (int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
+    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.BadRequest)]
     public async Task<IActionResult> GetStatuses(ScopeDTO filesScope)
     {
-        var filesStatusesResult = await _contentServiceClient.GetFilesStatuses(filesScope);
-        return filesStatusesResult.Succeeded
-            ? Ok(filesStatusesResult.Value) as IActionResult
-            : StatusCode((int)HttpStatusCode.ServiceUnavailable, filesStatusesResult.Errors);
+        var checkRights = await privacyFilter.CheckUploadRights(UserId, filesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для получения информации о файлах");
+
+        var result = await contentServiceClient.GetFilesStatuses(filesScope);
+        return result.Succeeded
+            ? Ok(result.Value)
+            : BadRequest(result.Errors);
     }
 
     [HttpGet("downloadLink")]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string), (int)HttpStatusCode.OK)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.NotFound)]
     public async Task<IActionResult> GetDownloadLink([FromQuery] long fileId)
     {
-        var result = await _contentServiceClient.GetDownloadLinkAsync(fileId);
-        return result.Succeeded
-            ? Ok(result.Value)
-            : NotFound(result.Errors);
-    }
+        var linkDto = await contentServiceClient.GetDownloadLinkAsync(fileId);
+        if (!linkDto.Succeeded) return BadRequest(linkDto.Errors);
 
-    [HttpGet("info/course/{courseId}")]
-    [ProducesResponseType(typeof(FileInfoDTO[]), (int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
-    public async Task<IActionResult> GetFilesInfo(long courseId)
-    {
-        var filesInfoResult = await _contentServiceClient.GetFilesInfo(courseId);
-        return filesInfoResult.Succeeded
-            ? Ok(filesInfoResult.Value) as IActionResult
-            : StatusCode((int)HttpStatusCode.ServiceUnavailable, filesInfoResult.Errors);
+        var result = linkDto.Value;
+        var userId = UserId;
+
+        foreach (var scope in result.FileScopes)
+        {
+            if (await privacyFilter.CheckDownloadRights(userId, scope))
+                return Ok(result.DownloadUrl);
+        }
+
+        return Forbid("Недостаточно прав для получения ссылки на файл");
     }
 
-    [HttpGet("info/course/{courseId}/uploaded")]
+    [HttpGet("info/course/{courseId}")]
     [ProducesResponseType(typeof(FileInfoDTO[]), (int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
-    public async Task<IActionResult> GetUploadedFilesInfo(long courseId)
+    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.BadRequest)]
+    public async Task<IActionResult> GetFilesInfo(long courseId,
+        [FromQuery] bool uploadedOnly = true,
+        [FromQuery] string courseUnitType = CourseUnitType.Homework)
     {
-        var filesInfoResult = await _contentServiceClient.GetUploadedFilesInfo(courseId);
+        var filesInfoResult = await contentServiceClient.GetFilesInfo(courseId, uploadedOnly, courseUnitType);
         return filesInfoResult.Succeeded
-            ? Ok(filesInfoResult.Value) as IActionResult
-            : StatusCode((int)HttpStatusCode.ServiceUnavailable, filesInfoResult.Errors);
+            ? Ok(filesInfoResult.Value)
+            : BadRequest(filesInfoResult.Errors);
     }
 }

HwProj.APIGateway/HwProj.APIGateway.API/Controllers/TasksController.cs

@@ -16,9 +16,9 @@ public class TasksController(ICoursesServiceClient coursesClient) : ControllerBa
     [HttpGet("get/{taskId}")]
     [Authorize]
     [ProducesResponseType(typeof(HomeworkTaskViewModel), (int)HttpStatusCode.OK)]
-    public async Task<IActionResult> GetTask(long taskId)
+    public async Task<IActionResult> GetTask(long taskId, [FromQuery] bool? withCriteria)
     {
-        var result = await coursesClient.GetTask(taskId);
+        var result = await coursesClient.GetTask(taskId, withCriteria ?? false);
         return result == null
             ? NotFound()
             : Ok(result);
@@ -38,7 +38,7 @@ public async Task<IActionResult> GetForEditingTask(long taskId)
     [HttpPost("add/{homeworkId}")]
     [Authorize(Roles = Roles.LecturerRole)]
     [ProducesResponseType(typeof(Result<HomeworkTaskViewModel>), (int)HttpStatusCode.OK)]
-    public async Task<IActionResult> AddTask(long homeworkId, CreateTaskViewModel taskViewModel)
+    public async Task<IActionResult> AddTask(long homeworkId, PostTaskViewModel taskViewModel)
     {
         var result = await coursesClient.AddTask(homeworkId, taskViewModel);
         return result.Succeeded
@@ -57,7 +57,7 @@ public async Task<IActionResult> DeleteTask(long taskId)
     [HttpPut("update/{taskId}")]
     [Authorize(Roles = Roles.LecturerRole)]
     [ProducesResponseType(typeof(Result<HomeworkTaskViewModel>), (int)HttpStatusCode.OK)]
-    public async Task<IActionResult> UpdateTask(long taskId, CreateTaskViewModel taskViewModel)
+    public async Task<IActionResult> UpdateTask(long taskId, PostTaskViewModel taskViewModel)
     {
         var result = await coursesClient.UpdateTask(taskId, taskViewModel);
         return Ok(result);

HwProj.APIGateway/HwProj.APIGateway.API/Filters/FilesCountLimiter.cs

@@ -0,0 +1,27 @@
+using System.Linq;
+using System.Threading.Tasks;
+using HwProj.ContentService.Client;
+using HwProj.Models.ContentService.DTO;
+using HwProj.Models.CourseUnitType;
+
+namespace HwProj.APIGateway.API.Filters;
+
+public class FilesCountLimiter(IContentServiceClient contentServiceClient)
+{
+    public const long MaxSolutionFiles = 5;
+
+    public async Task<bool> CheckCountLimit(ProcessFilesDTO processFilesDto)
+    {
+        if (processFilesDto.FilesScope.CourseUnitType == CourseUnitType.Homework) return true;
+
+        var existingStatuses = await contentServiceClient.GetFilesStatuses(processFilesDto.FilesScope);
+        if (!existingStatuses.Succeeded) return false;
+
+        var existingIds = existingStatuses.Value.Select(f => f.Id).ToList();
+        if (processFilesDto.DeletingFileIds.Any(id => !existingIds.Contains(id)))
+            return false;
+
+        return existingIds.Count + processFilesDto.NewFiles.Count - processFilesDto.DeletingFileIds.Count <=
+               MaxSolutionFiles;
+    }
+}

HwProj.APIGateway/HwProj.APIGateway.API/Filters/FilesPrivacyFilter.cs

@@ -0,0 +1,71 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using HwProj.CoursesService.Client;
+using HwProj.Models.ContentService.DTO;
+using HwProj.Models.CourseUnitType;
+using HwProj.SolutionsService.Client;
+
+namespace HwProj.APIGateway.API.Filters;
+
+public class FilesPrivacyFilter(
+    ICoursesServiceClient coursesServiceClient,
+    ISolutionsServiceClient solutionsServiceClient)
+{
+    private async Task<HashSet<string>> GetSolutionStudentIds(long solutionId)
+    {
+        var studentIds = new HashSet<string>();
+        var solution = await solutionsServiceClient.GetSolutionById(solutionId);
+        studentIds.Add(solution.StudentId);
+
+        if (solution.GroupId is { } groupId)
+        {
+            var groups = await coursesServiceClient.GetGroupsById(groupId);
+            if (groups is [var group]) studentIds.UnionWith(group.StudentsIds.ToHashSet());
+        }
+
+        return studentIds;
+    }
+
+    public async Task<bool> CheckDownloadRights(string? userId, ScopeDTO fileScope)
+    {
+        if (userId == null) return false;
+
+        switch (fileScope.CourseUnitType)
+        {
+            case CourseUnitType.Homework:
+                return true;
+            case CourseUnitType.Solution:
+            {
+                var studentIds = await GetSolutionStudentIds(fileScope.CourseUnitId);
+                if (studentIds.Contains(userId)) return true;
+
+                var mentorIds = await coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+                return mentorIds.Contains(userId);
+            }
+            default:
+                return false;
+        }
+    }
+
+    public async Task<bool> CheckUploadRights(string? userId, ScopeDTO fileScope)
+    {
+        if (userId == null) return false;
+
+        switch (fileScope.CourseUnitType)
+        {
+            case CourseUnitType.Homework:
+            {
+                var mentorIds = await coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+                return mentorIds.Contains(userId);
+            }
+            case CourseUnitType.Solution:
+            {
+                var studentIds = await GetSolutionStudentIds(fileScope.CourseUnitId);
+                return studentIds.Contains(userId);
+            }
+            default:
+                return false;
+        }
+    }
+}

HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAssignmentsGradesControllers.cs

@@ -21,8 +21,8 @@ public class LtiAssignmentsGradesControllers(
     ILtiToolService toolService)
     : ControllerBase
 {
-    [HttpPost("lineItem/{taskId}")]
-    [Consumes("application/vnd.ims.lti-ags.v1.score+json")]
+    [HttpPost("lineItem/{taskId}/scores")]
+    [Consumes("application/json", "application/vnd.ims.lis.v1.score+json")]
     public async Task<IActionResult> UpdateTaskScore(long taskId, [FromBody] Score score)
     {
         var scopeClaim = User.FindFirst("scope")?.Value;

HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs

@@ -111,6 +111,8 @@ public void ConfigureServices(IServiceCollection services)
         services.AddSingleton<ILtiKeyService, LtiKeyService>(); 
 
         services.AddScoped<CourseMentorOnlyAttribute>();
+        services.AddScoped<FilesPrivacyFilter>();
+        services.AddScoped<FilesCountLimiter>();
     }
 
     public void Configure(IApplicationBuilder app, IHostEnvironment env)

HwProj.Common/HwProj.Exceptions/HwProj.Exceptions.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <LangVersion>$(CSharpLanguageVersion)</LangVersion>
     <Nullable>$(NullableReferenceTypes)</Nullable>
   </PropertyGroup>

HwProj.Common/HwProj.Models/ContentService/Attributes/CorrectFileTypeAttribute.cs

@@ -0,0 +1,59 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using Microsoft.AspNetCore.Http;
+using FileTypeChecker.Abstracts;
+using FileTypeChecker.Types;
+
+namespace HwProj.Models.ContentService.Attributes
+{
+    [AttributeUsage(AttributeTargets.Property)]
+    public class CorrectFileTypeAttribute : FileValidationAttribute
+    {
+        private static readonly HashSet<FileType> ForbiddenFileTypes = new HashSet<FileType>
+        {
+            new MachO(), new Executable(), new ExecutableAndLinkableFormat()
+        };
+
+        protected override ValidationResult Validate(IFormFile file)
+        {
+            try
+            {
+                using var fileContent = file.OpenReadStream();
+                //FileTypeValidator.RegisterCustomTypes(typeof(MachO).Assembly);
+                if ( //!FileTypeValidator.IsTypeRecognizable(fileContent) ||
+                    ForbiddenFileTypes.Any(type => type.DoesMatchWith(fileContent)))
+                {
+                    return new ValidationResult(
+                        $"Файл `{file.FileName}` имеет недопустимый тип ${file.ContentType}");
+                }
+            }
+            catch
+            {
+                return new ValidationResult(
+                    $"Невозможно прочитать файл `{file.FileName}`");
+            }
+
+            return ValidationResult.Success;
+        }
+
+        private class MachO : FileType
+        {
+            private const string TypeName = "MacOS executable";
+            private const string TypeExtension = "macho";
+
+            private static readonly byte[][] MagicBytes =
+            {
+                new byte[] { 0xfe, 0xed, 0xfa, 0xce }, // Mach-O BE 32-bit
+                new byte[] { 0xfe, 0xed, 0xfa, 0xcf }, // Mach-O BE 64-bit
+                new byte[] { 0xce, 0xfa, 0xed, 0xfe }, // Mach-O LE 32-bit
+                new byte[] { 0xcf, 0xfa, 0xed, 0xfe }, // Mach-O LE 64-bit
+            };
+
+            public MachO() : base(TypeName, TypeExtension, MagicBytes)
+            {
+            }
+        }
+    }
+}

HwProj.Common/HwProj.Models/ContentService/Attributes/FileValidationAttribute.cs

@@ -0,0 +1,22 @@
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using Microsoft.AspNetCore.Http;
+
+namespace HwProj.Models.ContentService.Attributes
+{
+    public abstract class FileValidationAttribute : ValidationAttribute
+    {
+        protected abstract ValidationResult Validate(IFormFile file);
+
+        protected override ValidationResult? IsValid(object? value, ValidationContext validationContext) =>
+            value switch
+            {
+                IFormFile singleFile => Validate(singleFile),
+                IEnumerable<IFormFile> files => files
+                    .Select(Validate)
+                    .FirstOrDefault(x => x != ValidationResult.Success) ?? ValidationResult.Success,
+                _ => null
+            };
+    }
+}