KSP/graf-uloh
Archived
37
1
Fork 0
Code Issues 20 Pull requests Releases Wiki Activity

Forbid tasks.json modification on production env

Browse source
This commit is contained in:
Standa Lukeš 2020-10-17 18:22:22 +00:00
parent 20f7bb3e59
commit a2797cabc2
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server/Ksp.WebServer/Controllers/TasksController.cs
View file

@ -5,6 +5,7 @@ using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
namespace Ksp.WebServer.Controllers namespace Ksp.WebServer.Controllers
@ -33,6 +34,9 @@ namespace Ksp.WebServer.Controllers
[HttpPost] [HttpPost]
public async Task<IActionResult> Post() public async Task<IActionResult> Post()
{ {
if (env.IsProduction())
return this.Forbid();
// TODO: auth org // TODO: auth org
using var rdr = new StreamReader(HttpContext.Request.Body); using var rdr = new StreamReader(HttpContext.Request.Body);
await System.IO.File.WriteAllTextAsync(TasksJsonFile, await rdr.ReadToEndAsync()); await System.IO.File.WriteAllTextAsync(TasksJsonFile, await rdr.ReadToEndAsync());