DiunaBI/WebAPI/Controllers/DataInboxController.cs

using System.Data;
using System.Text;
using Google.Cloud.Firestore;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Data.SqlClient;
using Microsoft.EntityFrameworkCore;
using WebAPI.Models;

namespace WebAPI.Controllers;

[ApiController]
[Route("api/[controller]")]
public class DataInboxController : Controller
{
    private readonly AppDbContext _db;
    private readonly IConfiguration _configuration;
    private readonly LogsController _logsController;
    private readonly LayersController _layersController;

    public DataInboxController(
        AppDbContext db,
        IConfiguration configuration,
        FirestoreDb firestoreDb,
        LayersController layersController)
    {
        _db = db;
        _configuration = configuration;
        _logsController = new LogsController(firestoreDb);
        _layersController = layersController;
    }

    [HttpPut]
    [Route("Add/{apiKey}")]
    [AllowAnonymous]
    public IActionResult Add(string apiKey, [FromBody] DataInbox dataInbox)
    {
        if (apiKey != _configuration["apiKey"])
        {
            _logsController.AddEntry(new LogEntry
            {
                Title = $"Unauthorized request - wrong apiKey ({dataInbox.Source})",
                Type = LogEntryType.Warning,
                LogType = LogType.DataInbox,
                CreatedAt = DateTime.UtcNow
            });
            return Unauthorized();
        }

        try
        {
            if (
                !Request.Headers.TryGetValue("Authorization", out var authHeader))
            {
                _logsController.AddEntry(new LogEntry
                {
                    Title = $"Unauthorized request - no authorization header ({dataInbox.Source})",
                    Type = LogEntryType.Warning,
                    LogType = LogType.DataInbox,
                    CreatedAt = DateTime.UtcNow
                });
                return Unauthorized();
            }

            var credentialsArr = authHeader.ToString().Split(" ");
            if (credentialsArr.Length != 2)
            {
                _logsController.AddEntry(new LogEntry
                {
                    Title = $"Unauthorized request - wrong auth header format ({dataInbox.Source})",
                    Type = LogEntryType.Warning,
                    LogType = LogType.DataInbox,
                    CreatedAt = DateTime.UtcNow
                });
                return Unauthorized();
            }

            var authValue = Encoding.UTF8.GetString(Convert.FromBase64String(credentialsArr[1]));
            var username = authValue.Split(':')[0];
            var password = authValue.Split(':')[1];
            if (username != _configuration["morska-user"] || password != _configuration["morska-pass"])
            {
                _logsController.AddEntry(new LogEntry
                {
                    Title = $"Unauthorized request - bad credentials ({dataInbox.Source})",
                    Type = LogEntryType.Warning,
                    LogType = LogType.DataInbox,
                    CreatedAt = DateTime.UtcNow
                });
                return Unauthorized();
            }
            
            // check if datainbox.data is base64 encoded value
            if (!string.IsNullOrEmpty(dataInbox.Data) && !IsBase64String(dataInbox.Data))
            {
                _logsController.AddEntry(new LogEntry
                {
                    Title = $"Invalid data format - not base64 encoded ({dataInbox.Source})",
                    Type = LogEntryType.Warning,
                    LogType = LogType.DataInbox,
                    CreatedAt = DateTime.UtcNow
                });
                return BadRequest("Invalid data format - not base64 encoded");
            }
            
            
            dataInbox.Id = Guid.NewGuid();
            dataInbox.CreatedAt = DateTime.UtcNow;
            _db.DataInbox.Add(dataInbox);
            _db.SaveChanges();
            
            _logsController.AddEntry(new LogEntry
            {
                Title = $"Insert success: {dataInbox.Source}, {dataInbox.Name}",
                Type = LogEntryType.Info,
                LogType = LogType.DataInbox,
                CreatedAt = DateTime.UtcNow
            });

            if (dataInbox.Name == "morska.d3.importer")
            {
                // TODO: import dataInbox as Layer
            }

            return Ok();
        }
        catch (Exception e)
        {
            _logsController.AddEntry(new LogEntry
            {
                Title = $"Insert error: {dataInbox.Source}, {dataInbox.Name}",
                Type = LogEntryType.Error,
                LogType = LogType.DataInbox,
                Message = e.ToString(),
                CreatedAt = DateTime.UtcNow
            });
            return BadRequest(e.ToString());
        }
    }

    [HttpGet]
    public IActionResult GetAll()
    {
        return Ok(_db.DataInbox.AsNoTracking().ToList());
    }
    
    // helpers
    private bool IsBase64String(string data)
    {
        if (string.IsNullOrEmpty(data))
        {
            return false;
        }
        try
        {
            var base64Bytes = Convert.FromBase64String(data);
            
            var utf8String = Encoding.UTF8.GetString(base64Bytes);
            
            var reEncoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(utf8String));
            return data.TrimEnd('=') == reEncoded.TrimEnd('=');
        }
        catch (FormatException)
        {
            return false;
        }
        catch (DecoderFallbackException)
        {
            return false;
        }
    }
}