Browse Source

Fixed uploads via API not adhering to the saveKey attribute, or allowing custom Keys/IVs.

Teknikode 1 year ago
parent
commit
ec8d7f0de6
3 changed files with 35 additions and 13 deletions
  1. 10
    0
      .gitignore
  2. 19
    9
      Teknik/Areas/API/Controllers/APIv1Controller.cs
  3. 6
    4
      Teknik/Areas/Upload/Uploader.cs

+ 10
- 0
.gitignore View File

@@ -197,3 +197,13 @@ ModelManifest.xml
197 197
 /Teknik/App_Data/Config.json.old
198 198
 /Teknik/App_Data/MachineKey.config
199 199
 /.vs/Teknik/v15/sqlite3/storage.ide
200
+/.vs/Teknik/v15/sqlite3/storage.ide-wal
201
+/.vs/Teknik/v15/sqlite3/storage.ide-shm
202
+/.vs/Teknik/v15/sqlite3/db.lock
203
+/.vs/Teknik/v15/sqlite3
204
+/.vs/Teknik/v15/Server/sqlite3/storage.ide-wal
205
+/.vs/Teknik/v15/Server/sqlite3/storage.ide-shm
206
+/.vs/Teknik/v15/Server/sqlite3/storage.ide
207
+/.vs/Teknik/v15/Server/sqlite3/db.lock
208
+/.vs/Teknik/v15/Server/sqlite3
209
+/.vs/Teknik/v15

+ 19
- 9
Teknik/Areas/API/Controllers/APIv1Controller.cs View File

@@ -1,4 +1,4 @@
1
-using System;
1
+using System;
2 2
 using System.Collections.Generic;
3 3
 using System.Data.Entity;
4 4
 using System.IO;
@@ -100,6 +100,8 @@ namespace Teknik.Areas.API.Controllers
100 100
 
101 101
                                 if (upload != null)
102 102
                                 {
103
+                                    string fileKey = upload.Key;
104
+
103 105
                                     // Associate this with the user if they provided an auth key
104 106
                                     if (User.Identity.IsAuthenticated)
105 107
                                     {
@@ -120,18 +122,26 @@ namespace Teknik.Areas.API.Controllers
120 122
                                         db.SaveChanges();
121 123
                                     }
122 124
 
125
+                                    // remove the key if we don't want to save it
126
+                                    if (!model.saveKey)
127
+                                    {
128
+                                        upload.Key = null;
129
+                                        db.Entry(upload).State = EntityState.Modified;
130
+                                        db.SaveChanges();
131
+                                    }
132
+
123 133
                                     // Pull all the information together 
124 134
                                     string fullUrl = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url });
125 135
                                     var returnData = new
126 136
                                     {
127
-                                        url = (model.saveKey || string.IsNullOrEmpty(model.key)) ? fullUrl : fullUrl + "#" + model.key,
137
+                                        url = (model.saveKey || string.IsNullOrEmpty(fileKey)) ? fullUrl : fullUrl + "#" + fileKey,
128 138
                                         fileName = upload.Url,
129
-                                        contentType = model.contentType,
130
-                                        contentLength = contentLength,
131
-                                        key = model.key,
132
-                                        keySize = model.keySize,
133
-                                        iv = model.iv,
134
-                                        blockSize = model.blockSize,
139
+                                        contentType = upload.ContentType,
140
+                                        contentLength = upload.ContentLength,
141
+                                        key = fileKey,
142
+                                        keySize = upload.KeySize,
143
+                                        iv = upload.IV,
144
+                                        blockSize = upload.BlockSize,
135 145
                                         deletionKey = upload.DeleteKey
136 146
 
137 147
                                     };
@@ -253,4 +263,4 @@ namespace Teknik.Areas.API.Controllers
253 263
             }
254 264
         }
255 265
     }
256
-}
266
+}

+ 6
- 4
Teknik/Areas/Upload/Uploader.cs View File

@@ -1,4 +1,4 @@
1
-using System;
1
+using System;
2 2
 using System.Collections.Generic;
3 3
 using System.Linq;
4 4
 using System.Web;
@@ -47,8 +47,10 @@ namespace Teknik.Areas.Upload
47 47
             if (encrypt)
48 48
             {
49 49
                 // Generate a key and iv
50
-                key = StringHelper.RandomString(config.UploadConfig.KeySize / 8);
51
-                iv = StringHelper.RandomString(config.UploadConfig.BlockSize / 8);
50
+                if (string.IsNullOrEmpty(key))
51
+                    key = StringHelper.RandomString(config.UploadConfig.KeySize / 8);
52
+                if (string.IsNullOrEmpty(iv))
53
+                    iv = StringHelper.RandomString(config.UploadConfig.BlockSize / 8);
52 54
 
53 55
                 byte[] keyBytes = Encoding.UTF8.GetBytes(key);
54 56
                 byte[] ivBytes = Encoding.UTF8.GetBytes(iv);
@@ -96,4 +98,4 @@ namespace Teknik.Areas.Upload
96 98
             return upload;
97 99
         }
98 100
     }
99
-}
101
+}

Loading…
Cancel
Save