Teknikode
/
Teknik
Watch 3
Star 18
Fork 4
Code Issues 39 Pull Requests 0 Releases 3 Wiki Activity
The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
536 Commits
2 Branches
Tree: 181e20d86c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '181e20d86c'
${ noResults }
Teknik/Teknik/Areas/Upload/Controllers/UploadController.cs

UploadController.cs 20KB
Normal View History Raw

Added Terms of Service page. Added virus checking to all uploads.
4 years ago
Added Piwik tracking to the server side.
4 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
Initial creation of the Vault
4 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
Fixed encrypted data not being sent to server. Still having issues with the encryption and subsequent conversions.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Fixed user password transfer not generating the new password for the transfer type. Removed individual db.User access and replaced with user helper GetUser.
4 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Added Tracking Filter to only those actions that need it.
4 years ago
Moved StringHelper and Byte extensions to Utility project.
4 years ago
Moved Helpers and Configuration into separate projects. Updated all references to use them as well.
4 years ago
- Added Basic Auth handling inside the auth attributes - Removed global auth attribute and moved it to each controller - Added new auth information to the API help doc - Finished UI for managing auth tokens - Added breadcrumbs to the help pages
4 years ago
Modified download to stream to the output.
3 years ago
- Removed Inferno crypto library - Converted SHA384 hashing to use standard .net library - Moved rest of crypto.cs into the cryptography folder/namespace
3 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
- Added Basic Auth handling inside the auth attributes - Removed global auth attribute and moved it to each controller - Added new auth information to the API help doc - Finished UI for managing auth tokens - Added breadcrumbs to the help pages
4 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Added Tracking Filter to only those actions that need it.
4 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
Added config options to the Uploads.
5 years ago
Added shorten URL button to uploads
4 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added config options to the Uploads.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added config options to the Uploads.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Fixed encryption of files, modified UI some more.
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
- Modified uploads to either encrypt in the browser, or encrypt server side. - Reconfigured the upload screen.
3 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added base API service, with Upload POST.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added config options to the Uploads.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added Terms of Service page. Added virus checking to all uploads.
4 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Started making changes to how the file upload encrypt/decrypt works to better optimize memory usage.
3 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added user uploads and pastes to profile. Moved settigns to it's own page.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added user uploads and pastes to profile. Moved settigns to it's own page.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Added user uploads and pastes to profile. Moved settigns to it's own page.
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Modified the upload progress bar to better show the current status. Fixed teh virus scan stream size not being big enough/matching the upload limit.
4 years ago
Initial creation of the Vault
4 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Fixed encryption of files, modified UI some more.
5 years ago
Added download action tracking to uploads/pastes/rss
4 years ago
Fixed encryption of files, modified UI some more.
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Fixed encryption of files, modified UI some more.
5 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Small mods to download function
3 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Small mods to download function
3 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Small mods to download function
3 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added caching to the uploads if not getting by range.
4 years ago
Small mods to download function
3 years ago
Added proper 404 response
3 years ago
Small mods to download function
3 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Small mods to download function
3 years ago
- Added better cache check for downloads. - Fixed error redirects not forcing https
3 years ago
Small mods to download function
3 years ago
- Added better cache check for downloads. - Fixed error redirects not forcing https
3 years ago
Small mods to download function
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Small mods to download function
3 years ago
Fixed issue where both key and iv aren't stored for upload and it would try to decrypt it.
5 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
- Added better cache check for downloads. - Fixed error redirects not forcing https
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Small mods to download function
3 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Small mods to download function
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Small mods to download function
3 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Small mods to download function
3 years ago
Made downloads stream the file while decrypting them.
3 years ago
Small mods to download function
3 years ago
Made downloads stream the file while decrypting them.
3 years ago
Added content security policy for uploads
3 years ago
Broke out File Upload javascript functions more. Also changed download CSP to allow self.
3 years ago
Made downloads stream the file while decrypting them.
3 years ago
Small mods to download function
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Made downloads stream the file while decrypting them.
3 years ago
Small mods to download function
3 years ago
Made downloads stream the file while decrypting them.
3 years ago
Small mods to download function
3 years ago
- Removed Inferno crypto library - Converted SHA384 hashing to use standard .net library - Moved rest of crypto.cs into the cryptography folder/namespace
3 years ago
Small mods to download function
3 years ago
Added check for html files on upload and return them as plain text.
4 years ago
Small mods to download function
3 years ago
Added range support again. Fixed file stream read access to allow multiple processes to access the file.
3 years ago
Small mods to download function
3 years ago
Added Range support for file downloads.
4 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Fixed encryption of files, modified UI some more.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Uploads - Got encryption working, got file upload working (not encrypted version though), and got upload saving server side.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Uploads - Got encryption working, got file upload working (not encrypted version though), and got upload saving server side.
5 years ago
Added 'Enabled' for most service configs. Added Git configration on user modifications.
5 years ago
Implemented file download and decryption. Still need to re-create file from ArrayBuffer.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Implemented key storage, deletion key generation, file deletion, and server side decryption.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added ability to remove key from server after saving key to server.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added ability to remove key from server after saving key to server.
5 years ago
- Moved TeknikEntities from global field to disposed local instances. - Added additional logging/handling of errors. - Added processed/total bytes for uploads, downloads, and encryption/decryption. - Fixed paste CSS bundle using a script handler. - Fixed bad js when viewing a vault
3 years ago
Added ability to remove key from server after saving key to server.
5 years ago
Added new Url Extension to generate a url with subdomain
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416 
  1. using nClam;

  2. using Piwik.Tracker;

  3. using System;

  4. using System.Collections.Generic;

  5. using System.Data.Entity;

  6. using System.Drawing;

  7. using System.Drawing.Imaging;

  8. using System.IO;

  9. using System.Linq;

  10. using System.Web;

  11. using System.Web.Mvc;

  12. using Teknik.Areas.Error.ViewModels;

  13. using Teknik.Areas.Upload.Models;

  14. using Teknik.Areas.Upload.ViewModels;

  15. using Teknik.Areas.Users.Utility;

  16. using Teknik.Controllers;

  17. using Teknik.Filters;

  18. using Teknik.Utilities;

  19. using Teknik.Models;

  20. using Teknik.Attributes;

  21. using System.Text;

  22. using Teknik.Utilities.Cryptography;

  23. 

  24. namespace Teknik.Areas.Upload.Controllers

  25. {

  26.     [TeknikAuthorize]

  27.     public class UploadController : DefaultController

  28.     {

  29.         // GET: Upload/Upload

  30.         [HttpGet]

  31.         [TrackPageView]

  32.         [AllowAnonymous]

  33.         public ActionResult Index()

  34.         {

  35.             ViewBag.Title = "Teknik Upload - End to End Encryption";

  36.             UploadViewModel model = new UploadViewModel();

  37.             model.CurrentSub = Subdomain;

  38.             using (TeknikEntities db = new TeknikEntities())

  39.             {

  40.                 Users.Models.User user = UserHelper.GetUser(db, User.Identity.Name);

  41.                 if (user != null)

  42.                 {

  43.                     model.Encrypt = user.UploadSettings.Encrypt;

  44.                     model.Vaults = user.Vaults.ToList();

  45.                 }

  46.                 else

  47.                 {

  48.                     model.Encrypt = false;

  49.                 }

  50.             }

  51.             return View(model);

  52.         }

  53. 

  54.         [HttpPost]

  55.         [AllowAnonymous]

  56.         public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, HttpPostedFileWrapper data)

  57.         {

  58.             try

  59.             {

  60.                 if (Config.UploadConfig.UploadEnabled)

  61.                 {

  62.                     if (data.ContentLength <= Config.UploadConfig.MaxUploadSize)

  63.                     {

  64.                         // convert file to bytes

  65.                         int contentLength = data.ContentLength;

  66. 

  67.                         // Scan the file to detect a virus

  68.                         if (Config.UploadConfig.VirusScanEnable)

  69.                         {

  70.                             ClamClient clam = new ClamClient(Config.UploadConfig.ClamServer, Config.UploadConfig.ClamPort);

  71.                             clam.MaxStreamSize = Config.UploadConfig.MaxUploadSize;

  72.                             ClamScanResult scanResult = clam.SendAndScanFile(data.InputStream);

  73. 

  74.                             switch (scanResult.Result)

  75.                             {

  76.                                 case ClamScanResults.Clean:

  77.                                     break;

  78.                                 case ClamScanResults.VirusDetected:

  79.                                     return Json(new { error = new { message = string.Format("Virus Detected: {0}. As per our <a href=\"{1}\">Terms of Service</a>, Viruses are not permited.", scanResult.InfectedFiles.First().VirusName, Url.SubRouteUrl("tos", "TOS.Index")) } });

  80.                                 case ClamScanResults.Error:

  81.                                     return Json(new { error = new { message = string.Format("Error scanning the file upload for viruses.  {0}", scanResult.RawResult) } });

  82.                                 case ClamScanResults.Unknown:

  83.                                     return Json(new { error = new { message = string.Format("Unknown result while scanning the file upload for viruses.  {0}", scanResult.RawResult) } });

  84.                             }

  85.                         }

  86. 

  87.                         using (TeknikEntities db = new TeknikEntities())

  88.                         {

  89.                             Models.Upload upload = Uploader.SaveFile(db, Config, data.InputStream, fileType, contentLength, encrypt, fileExt, iv, null, keySize, blockSize);

  90.                             if (upload != null)

  91.                             {

  92.                                 if (User.Identity.IsAuthenticated)

  93.                                 {

  94.                                     Users.Models.User user = UserHelper.GetUser(db, User.Identity.Name);

  95.                                     if (user != null)

  96.                                     {

  97.                                         upload.UserId = user.UserId;

  98.                                         db.Entry(upload).State = EntityState.Modified;

  99.                                         db.SaveChanges();

  100.                                     }

  101.                                 }

  102.                                 return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), contentType = upload.ContentType, contentLength = StringHelper.GetBytesReadable(upload.ContentLength), deleteUrl = Url.SubRouteUrl("u", "Upload.Delete", new { file = upload.Url, key = upload.DeleteKey }) } }, "text/plain");

  103.                             }

  104.                             return Json(new { error = new { message = "Unable to upload file" } });

  105.                         }

  106.                     }

  107.                     else

  108.                     {

  109.                         return Json(new { error = new { message = "File Too Large" } });

  110.                     }

  111.                 }

  112.                 return Json(new { error = new { message = "Uploads are disabled" } });

  113.             }

  114.             catch (Exception ex)

  115.             {

  116.                 return Json(new { error = new { message = "Exception while uploading file: " + ex.GetFullMessage(true) } });

  117.             }

  118.         }

  119. 

  120.         // User did not supply key

  121.         [HttpGet]

  122.         [TrackDownload]

  123.         [AllowAnonymous]

  124.         public ActionResult Download(string file)

  125.         {

  126.             if (Config.UploadConfig.DownloadEnabled)

  127.             {

  128.                 ViewBag.Title = "Teknik Download - " + file;

  129.                 string fileName = string.Empty;

  130.                 string url = string.Empty;

  131.                 string key = string.Empty;

  132.                 string iv = string.Empty;

  133.                 string contentType = string.Empty;

  134.                 long contentLength = 0;

  135.                 DateTime dateUploaded = new DateTime();

  136. 

  137.                 using (TeknikEntities db = new TeknikEntities())

  138.                 {

  139.                     Models.Upload uploads = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

  140.                     if (uploads != null)

  141.                     {

  142.                         uploads.Downloads += 1;

  143.                         db.Entry(uploads).State = EntityState.Modified;

  144.                         db.SaveChanges();

  145. 

  146.                         fileName = uploads.FileName;

  147.                         url = uploads.Url;

  148.                         key = uploads.Key;

  149.                         iv = uploads.IV;

  150.                         contentType = uploads.ContentType;

  151.                         contentLength = uploads.ContentLength;

  152.                         dateUploaded = uploads.DateUploaded;

  153.                     }

  154.                     else

  155.                     {

  156.                         return Redirect(Url.SubRouteUrl("error", "Error.Http404"));

  157.                     }

  158.                 }

  159. 

  160.                 // We don't have the key, so we need to decrypt it client side

  161.                 if (string.IsNullOrEmpty(key) && !string.IsNullOrEmpty(iv))

  162.                 {

  163.                     DownloadViewModel model = new DownloadViewModel();

  164.                     model.FileName = file;

  165.                     model.ContentType = contentType;

  166.                     model.ContentLength = contentLength;

  167.                     model.IV = iv;

  168. 

  169.                     return View(model);

  170.                 }

  171.                 else // We have the key, so that means server side decryption

  172.                 {

  173.                     // Check for the cache

  174.                     bool isCached = false;

  175.                     string modifiedSince = Request.Headers["If-Modified-Since"];

  176.                     if (!string.IsNullOrEmpty(modifiedSince))

  177.                     {

  178.                         DateTime modTime = new DateTime();

  179.                         bool parsed = DateTime.TryParse(modifiedSince, out modTime);

  180.                         if (parsed)

  181.                         {

  182.                             if ((modTime - dateUploaded).TotalSeconds <= 1)

  183.                             {

  184.                                 isCached = true;

  185.                             }

  186.                         }

  187.                     }

  188. 

  189.                     if (isCached)

  190.                     {

  191.                         // The file is cached, let's just 304 this

  192.                         Response.StatusCode = 304;

  193.                         Response.StatusDescription = "Not Modified";

  194.                         return new EmptyResult();

  195.                     }

  196.                     else

  197.                     {

  198.                         string subDir = fileName[0].ToString();

  199.                         string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, fileName);

  200.                         long startByte = 0;

  201.                         long endByte = contentLength - 1;

  202.                         long length = contentLength;

  203.                         if (System.IO.File.Exists(filePath))

  204.                         {

  205.                             #region Range Calculation

  206.                             // Are they downloading it by range?

  207.                             bool byRange = !string.IsNullOrEmpty(Request.ServerVariables["HTTP_RANGE"]); // We do not support ranges

  208. 

  209.                             // check to see if we need to pass a specified range

  210.                             if (byRange)

  211.                             {

  212.                                 long anotherStart = startByte;

  213.                                 long anotherEnd = endByte;

  214.                                 string[] arr_split = Request.ServerVariables["HTTP_RANGE"].Split(new char[] { '=' });

  215.                                 string range = arr_split[1];

  216. 

  217.                                 // Make sure the client hasn't sent us a multibyte range 

  218.                                 if (range.IndexOf(",") > -1)

  219.                                 {

  220.                                     // (?) Shoud this be issued here, or should the first 

  221.                                     // range be used? Or should the header be ignored and 

  222.                                     // we output the whole content? 

  223.                                     Response.AddHeader("Content-Range", "bytes " + startByte + "-" + endByte + "/" + contentLength);

  224.                                     throw new HttpException(416, "Requested Range Not Satisfiable");

  225.                                 }

  226. 

  227.                                 // If the range starts with an '-' we start from the beginning 

  228.                                 // If not, we forward the file pointer 

  229.                                 // And make sure to get the end byte if spesified 

  230.                                 if (range.StartsWith("-"))

  231.                                 {

  232.                                     // The n-number of the last bytes is requested 

  233.                                     anotherStart = startByte - Convert.ToInt64(range.Substring(1));

  234.                                 }

  235.                                 else

  236.                                 {

  237.                                     arr_split = range.Split(new char[] { '-' });

  238.                                     anotherStart = Convert.ToInt64(arr_split[0]);

  239.                                     long temp = 0;

  240.                                     anotherEnd = (arr_split.Length > 1 && Int64.TryParse(arr_split[1].ToString(), out temp)) ? Convert.ToInt64(arr_split[1]) : contentLength;

  241.                                 }

  242. 

  243.                                 /* Check the range and make sure it's treated according to the specs. 

  244.                                  * http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html 

  245.                                  */

  246.                                 // End bytes can not be larger than $end. 

  247.                                 anotherEnd = (anotherEnd > endByte) ? endByte : anotherEnd;

  248.                                 // Validate the requested range and return an error if it's not correct. 

  249.                                 if (anotherStart > anotherEnd || anotherStart > contentLength - 1 || anotherEnd >= contentLength)

  250.                                 {

  251. 

  252.                                     Response.AddHeader("Content-Range", "bytes " + startByte + "-" + endByte + "/" + contentLength);

  253.                                     throw new HttpException(416, "Requested Range Not Satisfiable");

  254.                                 }

  255.                                 startByte = anotherStart;

  256.                                 endByte = anotherEnd;

  257. 

  258.                                 length = endByte - startByte + 1; // Calculate new content length 

  259. 

  260.                                 // Ranges are response of 206

  261.                                 Response.StatusCode = 206;

  262.                             }

  263.                             #endregion

  264. 

  265.                             // Add cache parameters

  266.                             Response.Cache.SetCacheability(HttpCacheability.Public);

  267.                             Response.Cache.SetMaxAge(new TimeSpan(365, 0, 0, 0));

  268.                             Response.Cache.SetLastModified(dateUploaded);

  269. 

  270.                             // We accept ranges

  271.                             Response.AddHeader("Accept-Ranges", "0-" + contentLength);

  272. 

  273.                             // Notify the client the byte range we'll be outputting 

  274.                             Response.AddHeader("Content-Range", "bytes " + startByte + "-" + endByte + "/" + contentLength);

  275. 

  276.                             // Notify the client the content length we'll be outputting 

  277.                             Response.AddHeader("Content-Length", length.ToString());

  278. 

  279.                             // Create content disposition

  280.                             var cd = new System.Net.Mime.ContentDisposition

  281.                             {

  282.                                 FileName = url,

  283.                                 Inline = true

  284.                             };

  285. 

  286.                             Response.AddHeader("Content-Disposition", cd.ToString());

  287. 

  288.                             // Apply content security policy for downloads

  289.                             Response.AddHeader("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src *; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");

  290. 

  291.                             // Read in the file

  292.                             FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);

  293. 

  294.                             // Reset file stream to starting position (or start of range)

  295.                             fs.Seek(startByte, SeekOrigin.Begin);

  296. 

  297.                             try

  298.                             {

  299.                                 // If the IV is set, and Key is set, then decrypt it while sending

  300.                                 if (!string.IsNullOrEmpty(key) && !string.IsNullOrEmpty(iv))

  301.                                 {

  302.                                     byte[] keyBytes = Encoding.UTF8.GetBytes(key);

  303.                                     byte[] ivBytes = Encoding.UTF8.GetBytes(iv);

  304. 

  305.                                     return new FileGenerateResult(url,

  306.                                                                 contentType,

  307.                                                                 (response) => ResponseHelper.StreamToOutput(response, true, new AesCounterStream(fs, false, keyBytes, ivBytes), (int)length, Config.UploadConfig.ChunkSize),

  308.                                                                 false);

  309.                                 }

  310.                                 else // Otherwise just send it

  311.                                 {

  312.                                     // Send the file

  313.                                     return new FileGenerateResult(url,

  314.                                                                 contentType,

  315.                                                                 (response) => ResponseHelper.StreamToOutput(response, true, fs, (int)length, Config.UploadConfig.ChunkSize),

  316.                                                                 false);

  317.                                 }

  318.                             }

  319.                             catch (Exception ex)

  320.                             {

  321.                                 Logging.Logger.WriteEntry(Logging.LogLevel.Warning, "Error in Download", ex);

  322.                             }

  323.                         }

  324.                     }

  325.                     return Redirect(Url.SubRouteUrl("error", "Error.Http404"));

  326.                 }

  327.             }

  328.             return Redirect(Url.SubRouteUrl("error", "Error.Http403"));

  329.         }

  330. 

  331.         [HttpPost]

  332.         [AllowAnonymous]

  333.         public FileResult DownloadData(string file)

  334.         {

  335.             if (Config.UploadConfig.DownloadEnabled)

  336.             {

  337.                 using (TeknikEntities db = new TeknikEntities())

  338.                 {

  339.                     Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

  340.                     if (upload != null)

  341.                     {

  342.                         string subDir = upload.FileName[0].ToString();

  343.                         string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName);

  344.                         if (System.IO.File.Exists(filePath))

  345.                         {

  346.                             FileStream fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read);

  347.                             return File(fileStream, System.Net.Mime.MediaTypeNames.Application.Octet, file);

  348.                         }

  349.                     }

  350.                     Redirect(Url.SubRouteUrl("error", "Error.Http404"));

  351.                     return null;

  352.                 }

  353.             }

  354.             Redirect(Url.SubRouteUrl("error", "Error.Http403"));

  355.             return null;

  356.         }

  357. 

  358.         [HttpGet]

  359.         [AllowAnonymous]

  360.         public ActionResult Delete(string file, string key)

  361.         {

  362.             using (TeknikEntities db = new TeknikEntities())

  363.             {

  364.                 ViewBag.Title = "File Delete - " + file + " - " + Config.Title;

  365.                 Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

  366.                 if (upload != null)

  367.                 {

  368.                     DeleteViewModel model = new DeleteViewModel();

  369.                     model.File = file;

  370.                     if (!string.IsNullOrEmpty(upload.DeleteKey) && upload.DeleteKey == key)

  371.                     {

  372.                         string filePath = upload.FileName;

  373.                         // Delete from the DB

  374.                         db.Uploads.Remove(upload);

  375.                         db.SaveChanges();

  376. 

  377.                         // Delete the File

  378.                         if (System.IO.File.Exists(filePath))

  379.                         {

  380.                             System.IO.File.Delete(filePath);

  381.                         }

  382.                         model.Deleted = true;

  383.                     }

  384.                     else

  385.                     {

  386.                         model.Deleted = false;

  387.                     }

  388.                     return View(model);

  389.                 }

  390.                 return RedirectToRoute("Error.Http404");

  391.             }

  392.         }

  393. 

  394.         [HttpPost]

  395.         public ActionResult GenerateDeleteKey(string file)

  396.         {

  397.             using (TeknikEntities db = new TeknikEntities())

  398.             {

  399.                 Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

  400.                 if (upload != null)

  401.                 {

  402.                     if (upload.User.Username == User.Identity.Name)

  403.                     {

  404.                         string delKey = StringHelper.RandomString(Config.UploadConfig.DeleteKeyLength);

  405.                         upload.DeleteKey = delKey;

  406.                         db.Entry(upload).State = EntityState.Modified;

  407.                         db.SaveChanges();

  408.                         return Json(new { result = new { url = Url.SubRouteUrl("u", "Upload.Delete", new { file = file, key = delKey }) } });

  409.                     }

  410.                     return Json(new { error = new { message = "You do not own this upload" } });

  411.                 }

  412.                 return Json(new { error = new { message = "Invalid URL" } });

  413.             }

  414.         }

  415.     }

  416. }