2

Previously I used PHP. Then I was given a C# based project and I didn't know what to do. Even I tried to print something but it was always error building.

Below is (I think, because I found this file in the Controller directory) the upload file controller, I want to limit so that only images can be uploaded. Can anyone help?

public IActionResult UploadFile ([FromForm] IFormFile file, [FromForm] string fileName) {
  return Ok (new {
    id = _fileService.UploadFile (fileName, file),
      fileName = file.FileName,
      fileSize = file.Length,
      fileType = file.ContentType,
      file = file
  });
}
Another Student
  • 33
  • 4
  • Hello! What in particular are you struggling with? You need to add a check that if `file`'s extension is invalid, then you need to return an error instead of uploading and returning `Ok` response. Have you tried anything so far? In its current form, the question is way too broad to be answered well. – Yeldar Kurmangaliyev Jul 13 '20 at 16:55
  • @YeldarKurmangaliyev I do not know what to do. This project was immediately given to me (previously owned by someone) and I was asked to filter the uploaded file without me knowing the basic C# – Another Student Jul 13 '20 at 17:15

1 Answers1

5

(FYI, I would make sure that the code you have has been verified to work before you change anything.)

If you're trying to limit what file types can be uploaded, you should be able to check both the file type (Content Type) or the extension.

The ContentType should be something like "image/png" or "image/jpeg". You can find lists of the images types online, I found this answer which had a lot of the common ones: https://stackoverflow.com/a/14587821/13734398

To check the extension I believe you could parse the filename like this using Path.GetExtension:

var extension = Path.GetExtension(file.FileName);

(Path is from the System.IO namespace. Either use System.IO.Path... or add using System.IO; to the top of your C# file)

Then you can check the extension for ".png" or ".jpeg" for example.

Client-side Checks

Oh, and your question mentioned "before upload". Technically, at this point the file has already been uploaded. If you're trying to limit what gets uploaded at all, you could add some client side checks to the upload form. Note that it isn't bulletproof, and you still need to check server side like I mentioned above.

Other Advice

Personally, I would recommend refactoring your code a tiny bit as well. Here is what I would make it look like:

public IActionResult UploadFile ([FromForm] IFormFile file, [FromForm] string fileName)
{
    var fileId = _fileService.UploadFile(fileName, file);
    
    return Ok (new {
        id = fileId,
        fileName = file.FileName,
        fileSize = file.Length,
        fileType = file.ContentType,
        // Removing this from the Response.
        // Probably don't need to send the file back.
        // file = file
    });
}

I think this will give you better error messages if something goes wrong with UploadFile(). It's also (to me) a bit more clear about the sequence/order of things.

John
  • 96
  • 4
  • I've tried whether this code runs through Postman. Still I do not know what to do. This project was immediately given to me (previously owned by someone) and I was asked to filter the uploaded file without me knowing the basic C#. Would you like to give an example by changing the code that I included? – Another Student Jul 13 '20 at 17:17
  • @AnotherStudent This is a pretty detailed and good answer with related links, you should be able to do it with this. If you want an introduction to c# there's great resources at microsoft website. Starting [here](https://learn.microsoft.com/en-us/dotnet/csharp/tutorials/) – user3647971 Jul 13 '20 at 17:24
  • @user3647971 I will try to understand it first, after succeeding I will accept your answer. Thanks for your answer – Another Student Jul 13 '20 at 17:28
  • 1
    @AnotherStudent This might be a good section for you too: [https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/](https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/) – user3647971 Jul 13 '20 at 17:33
  • @AnotherStudent I showed the code for getting the extension. A set of conditionals is all you really need to compare that extension to the ones you want. Conditionals in C# are similar to conditionals in PHP. From there you can probably do `return BadRequest();` if the extension isn't what you're expecting. Do something similar for the ContentType. – John Jul 13 '20 at 17:37