Prepare for send direct upload (#1174)

* Add sendId to path Event Grid returns the blob path, which will be used to grab a Send and verify file size * Re-validate access upon file download Increment access count only when file is downloaded. File name and size are leaked, but this is a good first step toward solving the access-download race
2025-12-21 10:43:44 +00:00 · 2021-03-01 15:01:04 -06:00
parent 13f12aaf58
commit 8d5fc21b51
7 changed files with 119 additions and 34 deletions
--- a/src/Core/Services/Implementations/LocalSendStorageService.cs
+++ b/src/Core/Services/Implementations/LocalSendStorageService.cs
@@ -3,6 +3,7 @@ using System.IO;
 using System;
 using Bit.Core.Models.Table;
 using Bit.Core.Settings;
+using System.Linq;

 namespace Bit.Core.Services
 {
@@ -11,6 +12,9 @@ namespace Bit.Core.Services
        private readonly string _baseDirPath;
        private readonly string _baseSendUrl;

+        private string RelativeFilePath(Send send, string fileID) => $"{send.Id}/{fileID}";
+        private string FilePath(Send send, string fileID) => $"{_baseDirPath}/{RelativeFilePath(send, fileID)}";
+
        public LocalSendStorageService(
            GlobalSettings globalSettings)
        {
@@ -21,17 +25,21 @@ namespace Bit.Core.Services
        public async Task UploadNewFileAsync(Stream stream, Send send, string fileId)
        {
            await InitAsync();
-            using (var fs = File.Create($"{_baseDirPath}/{fileId}"))
+            var path = FilePath(send, fileId);
+            Directory.CreateDirectory(Path.GetDirectoryName(path));
+            using (var fs = File.Create(path))
            {
                stream.Seek(0, SeekOrigin.Begin);
                await stream.CopyToAsync(fs);
            }
        }

-        public async Task DeleteFileAsync(string fileId)
+        public async Task DeleteFileAsync(Send send, string fileId)
        {
            await InitAsync();
-            DeleteFileIfExists($"{_baseDirPath}/{fileId}");
+            var path = FilePath(send, fileId);
+            DeleteFileIfExists(path);
+            DeleteDirectoryIfExistsAndEmpty(Path.GetDirectoryName(path));
        }

        public async Task DeleteFilesForOrganizationAsync(Guid organizationId)
@@ -44,10 +52,10 @@ namespace Bit.Core.Services
            await InitAsync();
        }

-        public async Task<string> GetSendFileDownloadUrlAsync(string fileId)
+        public async Task<string> GetSendFileDownloadUrlAsync(Send send, string fileId)
        {
            await InitAsync();
-            return $"{_baseSendUrl}/{fileId}";
+            return $"{_baseSendUrl}/{RelativeFilePath(send, fileId)}";
        }

        private void DeleteFileIfExists(string path)
@@ -58,6 +66,14 @@ namespace Bit.Core.Services
            }
        }

+        private void DeleteDirectoryIfExistsAndEmpty(string path)
+        {
+            if (Directory.Exists(path) && !Directory.EnumerateFiles(path).Any())
+            {
+                Directory.Delete(path);
+            }
+        }
+
        private Task InitAsync()
        {
            if (!Directory.Exists(_baseDirPath))