using System.Data; using System.Text; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Data.SqlClient; using Microsoft.EntityFrameworkCore; using WebAPI.Models; namespace WebAPI.Controllers; [ApiController] [Route("api/[controller]")] public class DataInboxController : Controller { private readonly AppDbContext _db; private readonly IConfiguration _configuration; private readonly LogsController _logsController; public DataInboxController( AppDbContext db, GoogleSheetsHelper googleSheetsHelper, IConfiguration configuration) { _db = db; _configuration = configuration; _logsController = new LogsController(googleSheetsHelper, _configuration); } [HttpPut] [Route("Add/{apiKey}")] [AllowAnonymous] public IActionResult Add(string apiKey, [FromBody] DataInbox dataInbox) { if (apiKey != _configuration["apiKey"]) { _logsController.AddEntry(new LogEntry { Title = $"Unauthorized request - wrong apiKey ({dataInbox.Source})", Type = LogEntryType.Warning, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return Unauthorized(); } try { if ( !Request.Headers.TryGetValue("Authorization", out var authHeader)) { _logsController.AddEntry(new LogEntry { Title = $"Unauthorized request - no authorization header ({dataInbox.Source})", Type = LogEntryType.Warning, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return Unauthorized(); } var credentialsArr = authHeader.ToString().Split(" "); if (credentialsArr.Length != 2) { _logsController.AddEntry(new LogEntry { Title = $"Unauthorized request - wrong auth header format ({dataInbox.Source})", Type = LogEntryType.Warning, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return Unauthorized(); } var authValue = Encoding.UTF8.GetString(Convert.FromBase64String(credentialsArr[1])); var username = authValue.Split(':')[0]; var password = authValue.Split(':')[1]; if (username != _configuration["morska-user"] || password != _configuration["morska-pass"]) { _logsController.AddEntry(new LogEntry { Title = $"Unauthorized request - bad credentials ({dataInbox.Source})", Type = LogEntryType.Warning, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return Unauthorized(); } // check if datainbox.data is base64 encoded value if (!string.IsNullOrEmpty(dataInbox.Data) && !IsBase64String(dataInbox.Data)) { _logsController.AddEntry(new LogEntry { Title = $"Invalid data format - not base64 encoded ({dataInbox.Source})", Type = LogEntryType.Warning, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return BadRequest("Invalid data format - not base64 encoded"); } dataInbox.Id = Guid.NewGuid(); dataInbox.CreatedAt = DateTime.UtcNow; _db.DataInbox.Add(dataInbox); _db.SaveChanges(); _logsController.AddEntry(new LogEntry { Title = $"Insert success: {dataInbox.Source}, {dataInbox.Name}", Type = LogEntryType.Info, LogType = LogType.DataInbox, CreatedAt = DateTime.UtcNow }); return Ok(); } catch (Exception e) { _logsController.AddEntry(new LogEntry { Title = $"Insert error: {dataInbox.Source}, {dataInbox.Name}", Type = LogEntryType.Error, LogType = LogType.DataInbox, Message = e.ToString(), CreatedAt = DateTime.UtcNow }); return BadRequest(e.ToString()); } } [HttpGet] public IActionResult GetAll() { return Ok(_db.DataInbox.AsNoTracking().ToList()); } // helpers private bool IsBase64String(string data) { if (string.IsNullOrEmpty(data)) { return false; } try { var base64Bytes = Convert.FromBase64String(data); var utf8String = Encoding.UTF8.GetString(base64Bytes); var reEncoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(utf8String)); return data.TrimEnd('=') == reEncoded.TrimEnd('='); } catch (FormatException) { return false; } catch (DecoderFallbackException) { return false; } } }