Skip to content

Commit c8db0a9

Browse files
frasermolyneuxfrasermolyneux
committed
feat: Enhance FTP browsing permissions handling and improve error messages
1 parent 0005bb7 commit c8db0a9

2 files changed

Lines changed: 16 additions & 1 deletion

File tree

src/XtremeIdiots.Portal.Web/ApiControllers/FtpBrowseApiController.cs

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,16 @@
22
using Microsoft.AspNetCore.Authorization;
33
using Microsoft.AspNetCore.Mvc;
44
using XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1;
5+
using XtremeIdiots.Portal.Repository.Api.Client.V1;
56
using XtremeIdiots.Portal.Web.Auth.Constants;
67

78
namespace XtremeIdiots.Portal.Web.ApiControllers;
89

9-
[Authorize(Policy = AuthPolicies.GameServers_Credentials_Ftp_Write)]
10+
[Authorize]
1011
[Route("api/ftp")]
1112
public class FtpBrowseApiController(
13+
IAuthorizationService authorizationService,
14+
IRepositoryApiClient repositoryApiClient,
1215
IServersApiClient serversApiClient,
1316
TelemetryClient telemetryClient,
1417
ILogger<FtpBrowseApiController> logger,
@@ -19,6 +22,15 @@ public async Task<IActionResult> Browse(Guid gameServerId, [FromQuery] string? p
1922
{
2023
return await ExecuteWithErrorHandlingAsync(async () =>
2124
{
25+
var gameServerResponse = await repositoryApiClient.GameServers.V1.GetGameServer(gameServerId).ConfigureAwait(false);
26+
if (!gameServerResponse.IsSuccess || gameServerResponse.Result?.Data is null)
27+
return Forbid();
28+
29+
var gameServer = gameServerResponse.Result.Data;
30+
var authResult = await authorizationService.AuthorizeAsync(User, gameServer.GameType, AuthPolicies.GameServers_Credentials_Ftp_Write).ConfigureAwait(false);
31+
if (!authResult.Succeeded)
32+
return Forbid();
33+
2234
var result = await serversApiClient.FtpBrowse.V1.BrowseDirectory(gameServerId, path).ConfigureAwait(false);
2335

2436
if (!result.IsSuccess || result.Result?.Data == null)

src/XtremeIdiots.Portal.Web/wwwroot/js/ftp-browser.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,10 @@
4040

4141
fetch('/api/ftp/' + _gameServerId + '/browse?path=' + encodeURIComponent(path))
4242
.then(function (response) {
43+
if (response.status === 403) throw new Error('You do not have permission to browse this server\'s files.');
4344
if (!response.ok) throw new Error('Failed to browse directory (HTTP ' + response.status + ')');
45+
var contentType = response.headers.get('content-type') || '';
46+
if (!contentType.includes('application/json')) throw new Error('Unexpected response from server.');
4447
return response.json();
4548
})
4649
.then(function (data) {

0 commit comments

Comments
 (0)