login gated freelancer specific file submission access

2023-08-04 20:25:03 +02:00
parent 008b6edce1
commit 3c9488df66
3 changed files with 72 additions and 0 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@ -1105,6 +1105,50 @@ int main(int argc, char *argv[]) {
                    return crow::response(403, "Not logged in");
                }
            });
+
+
+    /*
+     * Serves a freelancers file based on [hash]Filename with login validation
+     */
+    CROW_ROUTE(app, "/freelancer/submissionManagement/view/<string>").methods(crow::HTTPMethod::GET)
+            ([&, configuration](const crow::request &postRequest, const string& fileName) {
+                auto &cookieCtx = app.get_context<crow::CookieParser>(postRequest);
+                if (Utilities::checkCookieLoginState(configuration, cookieCtx)) {
+                    pqxx::connection databaseConnection(configuration.databaseConnectionString);
+                    Database::prepareStatement(databaseConnection, ID_SELECT_FREELANCER_FILE_SUBMISSION_PATH);
+
+                    pqxx::result submissionFilePathResult = Database::executePreparedStatement_SELECT_FREELANCER_FILE_SUBMISSION_PATH(databaseConnection, fileName, cookieCtx.get_cookie(COOKIE_FREELANCER_EMAIL));
+
+                    if (submissionFilePathResult.empty())
+                        return crow::response(404, "File does not exist.");
+
+                    string submissionFilePath = submissionFilePathResult.at(0).at(0).c_str();
+
+                    switch (Utilities::validateFileReadAccess(submissionFilePath)) {
+                        case 1:
+                            return crow::response(404, "File does not exist.");
+                            break;
+                        case 2:
+                            return crow::response(500, "Filesystem Permission Error.");
+                            break;
+                        case 3:
+                            return crow::response(400, "Invalid file request was executed.");
+                            break;
+                    }
+
+
+                    crow::response fileResponse;
+                    fileResponse.code = 200;
+                    fileResponse.set_static_file_info(submissionFilePath);
+
+                    return fileResponse;
+                }
+                else {
+                    //ERROR not logged in
+                    return crow::response(403, "Not logged in");
+                }
+            });
+
 /*
    CROW_ROUTE(app, "/freelancer/submissionManagement/add/fulfillment").methods(crow::HTTPMethod::Post)
            ([&, configuration](const crow::request& postRequest) {