using System.IO.Compression; if (!Directory.Exists("wwwroot")) Directory.CreateDirectory("wwwroot"); WebApplicationBuilder builder = WebApplication.CreateBuilder(args); WebApplication app = builder.Build(); if (Environment.GetEnvironmentVariable("API_TOKEN") is null) throw new InvalidOperationException("API_TOKEN is not set"); app.UseStatusCodePages(); app.UseDefaultFiles(); app.UseStaticFiles(new StaticFileOptions { ServeUnknownFileTypes = true, DefaultContentType = "text/plain" }); app.MapPost("/pages/{projectName}", async (string projectName, HttpRequest request) => { if (!request.HasFormContentType || request.Form.Files["zipfile"] is null) return Results.BadRequest(); IFormFile zipFile = request.Form.Files["zipfile"]!; if (zipFile.Length == 0) return Results.BadRequest(); var extractPath = Path.Combine(app.Environment.WebRootPath, projectName); if (Directory.Exists(extractPath)) Directory.Delete(extractPath, true); Directory.CreateDirectory(extractPath); try { await using Stream stream = zipFile.OpenReadStream(); using var zipArchive = new ZipArchive(stream); zipArchive.ExtractToDirectory(extractPath, true); } catch { return Results.BadRequest(); } return Results.Ok(); }).DisableAntiforgery().AddEndpointFilter(async (context, next) => { var token = GetBearerToken(context.HttpContext); if (token is not null && token == Environment.GetEnvironmentVariable("API_TOKEN")) return await next(context); return Results.Unauthorized(); }); app.Run(); return; string? GetBearerToken(HttpContext httpContext) { var authHeader = httpContext.Request.Headers.Authorization.ToString(); return authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase) ? authHeader["Bearer ".Length..].Trim() : null; }