Browse Source

Fixed uploads via API not adhering to the saveKey attribute, or allowing custom Keys/IVs.

tags/3.0.0
Teknikode 2 years ago
parent
commit
ec8d7f0de6
3 changed files with 35 additions and 13 deletions
  1. 10
    0
      .gitignore
  2. 19
    9
      Teknik/Areas/API/Controllers/APIv1Controller.cs
  3. 6
    4
      Teknik/Areas/Upload/Uploader.cs

+ 10
- 0
.gitignore View File

@@ -197,3 +197,13 @@ ModelManifest.xml
/Teknik/App_Data/Config.json.old
/Teknik/App_Data/MachineKey.config
/.vs/Teknik/v15/sqlite3/storage.ide
/.vs/Teknik/v15/sqlite3/storage.ide-wal
/.vs/Teknik/v15/sqlite3/storage.ide-shm
/.vs/Teknik/v15/sqlite3/db.lock
/.vs/Teknik/v15/sqlite3
/.vs/Teknik/v15/Server/sqlite3/storage.ide-wal
/.vs/Teknik/v15/Server/sqlite3/storage.ide-shm
/.vs/Teknik/v15/Server/sqlite3/storage.ide
/.vs/Teknik/v15/Server/sqlite3/db.lock
/.vs/Teknik/v15/Server/sqlite3
/.vs/Teknik/v15

+ 19
- 9
Teknik/Areas/API/Controllers/APIv1Controller.cs View File

@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.Data.Entity;
using System.IO;
@@ -100,6 +100,8 @@ namespace Teknik.Areas.API.Controllers

if (upload != null)
{
string fileKey = upload.Key;

// Associate this with the user if they provided an auth key
if (User.Identity.IsAuthenticated)
{
@@ -120,18 +122,26 @@ namespace Teknik.Areas.API.Controllers
db.SaveChanges();
}

// remove the key if we don't want to save it
if (!model.saveKey)
{
upload.Key = null;
db.Entry(upload).State = EntityState.Modified;
db.SaveChanges();
}

// Pull all the information together
string fullUrl = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url });
var returnData = new
{
url = (model.saveKey || string.IsNullOrEmpty(model.key)) ? fullUrl : fullUrl + "#" + model.key,
url = (model.saveKey || string.IsNullOrEmpty(fileKey)) ? fullUrl : fullUrl + "#" + fileKey,
fileName = upload.Url,
contentType = model.contentType,
contentLength = contentLength,
key = model.key,
keySize = model.keySize,
iv = model.iv,
blockSize = model.blockSize,
contentType = upload.ContentType,
contentLength = upload.ContentLength,
key = fileKey,
keySize = upload.KeySize,
iv = upload.IV,
blockSize = upload.BlockSize,
deletionKey = upload.DeleteKey

};
@@ -253,4 +263,4 @@ namespace Teknik.Areas.API.Controllers
}
}
}
}
}

+ 6
- 4
Teknik/Areas/Upload/Uploader.cs View File

@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
@@ -47,8 +47,10 @@ namespace Teknik.Areas.Upload
if (encrypt)
{
// Generate a key and iv
key = StringHelper.RandomString(config.UploadConfig.KeySize / 8);
iv = StringHelper.RandomString(config.UploadConfig.BlockSize / 8);
if (string.IsNullOrEmpty(key))
key = StringHelper.RandomString(config.UploadConfig.KeySize / 8);
if (string.IsNullOrEmpty(iv))
iv = StringHelper.RandomString(config.UploadConfig.BlockSize / 8);

byte[] keyBytes = Encoding.UTF8.GetBytes(key);
byte[] ivBytes = Encoding.UTF8.GetBytes(iv);
@@ -96,4 +98,4 @@ namespace Teknik.Areas.Upload
return upload;
}
}
}
}

Loading…
Cancel
Save