Conditionally restrict static files from ErrorController

JeremyCaney · JeremyCaney · commit 83f4691f8763 · 2021-12-26T15:36:15.000-08:00
Custom errors provide human audiences with friendly error messages. Most static files—at least on an OnTopic website—will not be presented to human audiences, however, as they will instead be loaded as resources via e.g. `<script />`, `<style />`, or `<image />` tags (among others). As such, processing the entire `ErrorController` logic and returning a bunch of markup isn't necessary, and is even wasteful in terms of CPU load and bandwidth. That's especially true of sites subjected to a lot of robot activity for identifying potential exploits (which is the majority of public facing sites). To better control this, the `HttpAsync` action of the `ErrorController` now accepts an optional `includeStaticFiles` parameter, which defaults to true. If this is set in the querystring or a route variable, it will exclude static files from subsequent processing by the `ErrorController`, and instead return a canned string. This addresses the core requirements of Feature #101.
diff --git a/OnTopic.AspNetCore.Mvc/Controllers/ErrorController.cs b/OnTopic.AspNetCore.Mvc/Controllers/ErrorController.cs
@@ -4,6 +4,7 @@
 | Project       Topics Library
 \=============================================================================================================================*/
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Diagnostics;
 using OnTopic.Mapping;
 
 namespace OnTopic.AspNetCore.Mvc.Controllers {
@@ -48,7 +49,17 @@ ITopicMappingService topicMappingService
     ///   content available.
     /// </summary>
     /// <returns>A view associated with the requested current <paramref name="statusCode"/>.</returns>
-    public async virtual Task<IActionResult> HttpAsync([FromRoute(Name="id")] int statusCode) {
+    public async virtual Task<IActionResult> HttpAsync([FromRoute(Name="id")] int statusCode, bool includeStaticFiles = true) {
+
+      /*------------------------------------------------------------------------------------------------------------------------
+      | Bypass for resources
+      \-----------------------------------------------------------------------------------------------------------------------*/
+      if (!includeStaticFiles) {
+        var feature             = HttpContext.Features.Get<IStatusCodeReExecuteFeature>();
+        if (feature?.OriginalPath.Contains('.', StringComparison.Ordinal)?? false) {
+          return Content("The resource requested could not found.");
+        }
+      }
 
       /*------------------------------------------------------------------------------------------------------------------------
       | Identify base path
