The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

APIv1Controller.cs 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using System.Linq;
  5. using System.Web;
  6. using Teknik.Areas.Upload;
  7. using Teknik.Areas.Paste;
  8. using Teknik.Controllers;
  9. using Teknik.Utilities;
  10. using Teknik.Models;
  11. using System.Text;
  12. using MimeDetective;
  13. using MimeDetective.Extensions;
  14. using Teknik.Areas.Shortener.Models;
  15. using nClam;
  16. using Teknik.Filters;
  17. using Teknik.Areas.API.Models;
  18. using Teknik.Areas.Users.Models;
  19. using Teknik.Areas.Users.Utility;
  20. using Teknik.Attributes;
  21. using Microsoft.AspNetCore.Authorization;
  22. using Microsoft.Extensions.Logging;
  23. using Teknik.Configuration;
  24. using Teknik.Data;
  25. using Microsoft.AspNetCore.Mvc;
  26. using Microsoft.EntityFrameworkCore;
  27. using System.Threading.Tasks;
  28. using Teknik.Areas.Shortener;
  29. using Teknik.Logging;
  30. namespace Teknik.Areas.API.Controllers
  31. {
  32. [TeknikAuthorize(AuthType.Basic)]
  33. [Area("APIv1")]
  34. public class APIv1Controller : DefaultController
  35. {
  36. public APIv1Controller(ILogger<Logger> logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { }
  37. [AllowAnonymous]
  38. public IActionResult Index()
  39. {
  40. return Redirect(Url.SubRouteUrl("help", "Help.API"));
  41. }
  42. [HttpPost]
  43. [AllowAnonymous]
  44. public async Task<IActionResult> UploadAsync(APIv1UploadModel model)
  45. {
  46. try
  47. {
  48. if (_config.UploadConfig.UploadEnabled)
  49. {
  50. if (model.file != null)
  51. {
  52. long maxUploadSize = _config.UploadConfig.MaxUploadSize;
  53. if (User.Identity.IsAuthenticated)
  54. {
  55. maxUploadSize = _config.UploadConfig.MaxUploadSizeBasic;
  56. User user = UserHelper.GetUser(_dbContext, User.Identity.Name);
  57. if (user.AccountType == AccountType.Premium)
  58. {
  59. maxUploadSize = _config.UploadConfig.MaxUploadSizePremium;
  60. }
  61. }
  62. if (model.file.Length <= maxUploadSize)
  63. {
  64. // convert file to bytes
  65. string fileExt = Path.GetExtension(model.file.FileName);
  66. long contentLength = model.file.Length;
  67. // Scan the file to detect a virus
  68. if (_config.UploadConfig.VirusScanEnable)
  69. {
  70. ClamClient clam = new ClamClient(_config.UploadConfig.ClamServer, _config.UploadConfig.ClamPort);
  71. clam.MaxStreamSize = maxUploadSize;
  72. ClamScanResult scanResult = await clam.SendAndScanFileAsync(model.file.OpenReadStream());
  73. switch (scanResult.Result)
  74. {
  75. case ClamScanResults.Clean:
  76. break;
  77. case ClamScanResults.VirusDetected:
  78. return Json(new { error = new { message = string.Format("Virus Detected: {0}. As per our <a href=\"{1}\">Terms of Service</a>, Viruses are not permited.", scanResult.InfectedFiles.First().VirusName, Url.SubRouteUrl("tos", "TOS.Index")) } });
  79. case ClamScanResults.Error:
  80. break;
  81. case ClamScanResults.Unknown:
  82. break;
  83. }
  84. }
  85. // Need to grab the contentType if it's empty
  86. if (string.IsNullOrEmpty(model.contentType))
  87. {
  88. model.contentType = model.file.ContentType;
  89. if (string.IsNullOrEmpty(model.contentType))
  90. {
  91. using (System.IO.Stream fileStream = model.file.OpenReadStream())
  92. {
  93. fileStream.Seek(0, SeekOrigin.Begin);
  94. FileType fileType = fileStream.GetFileType();
  95. if (fileType != null)
  96. model.contentType = fileType.Mime;
  97. if (string.IsNullOrEmpty(model.contentType))
  98. {
  99. model.contentType = "application/octet-stream";
  100. }
  101. }
  102. }
  103. }
  104. // Check content type restrictions (Only for encrypting server side
  105. if (model.encrypt || !string.IsNullOrEmpty(model.key))
  106. {
  107. if (_config.UploadConfig.RestrictedContentTypes.Contains(model.contentType) || _config.UploadConfig.RestrictedExtensions.Contains(fileExt))
  108. {
  109. return Json(new { error = new { message = "File Type Not Allowed" } });
  110. }
  111. }
  112. // Initialize the key size and block size if empty
  113. if (model.keySize <= 0)
  114. model.keySize = _config.UploadConfig.KeySize;
  115. if (model.blockSize <= 0)
  116. model.blockSize = _config.UploadConfig.BlockSize;
  117. // Save the file data
  118. Upload.Models.Upload upload = Uploader.SaveFile(_dbContext, _config, model.file.OpenReadStream(), model.contentType, contentLength, model.encrypt, fileExt, model.iv, model.key, model.keySize, model.blockSize);
  119. if (upload != null)
  120. {
  121. string fileKey = upload.Key;
  122. // Associate this with the user if they provided an auth key
  123. if (User.Identity.IsAuthenticated)
  124. {
  125. User foundUser = UserHelper.GetUser(_dbContext, User.Identity.Name);
  126. if (foundUser != null)
  127. {
  128. upload.UserId = foundUser.UserId;
  129. _dbContext.Entry(upload).State = EntityState.Modified;
  130. _dbContext.SaveChanges();
  131. }
  132. }
  133. // Generate delete key only if asked to
  134. if (!model.genDeletionKey)
  135. {
  136. upload.DeleteKey = string.Empty;
  137. _dbContext.Entry(upload).State = EntityState.Modified;
  138. _dbContext.SaveChanges();
  139. }
  140. // remove the key if we don't want to save it
  141. if (!model.saveKey)
  142. {
  143. upload.Key = null;
  144. _dbContext.Entry(upload).State = EntityState.Modified;
  145. _dbContext.SaveChanges();
  146. }
  147. // Pull all the information together
  148. string fullUrl = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url });
  149. var returnData = new
  150. {
  151. url = (model.saveKey || string.IsNullOrEmpty(fileKey)) ? fullUrl : fullUrl + "#" + fileKey,
  152. fileName = upload.Url,
  153. contentType = upload.ContentType,
  154. contentLength = upload.ContentLength,
  155. key = fileKey,
  156. keySize = upload.KeySize,
  157. iv = upload.IV,
  158. blockSize = upload.BlockSize,
  159. deletionKey = upload.DeleteKey
  160. };
  161. return Json(new { result = returnData });
  162. }
  163. return Json(new { error = new { message = "Unable to save file" } });
  164. }
  165. else
  166. {
  167. return Json(new { error = new { message = "File Too Large" } });
  168. }
  169. }
  170. return Json(new { error = new { message = "Invalid Upload Request" } });
  171. }
  172. return Json(new { error = new { message = "Uploads are Disabled" } });
  173. }
  174. catch(Exception ex)
  175. {
  176. return Json(new { error = new { message = "Exception: " + ex.Message } });
  177. }
  178. }
  179. [HttpPost]
  180. [AllowAnonymous]
  181. public IActionResult Paste(APIv1PasteModel model)
  182. {
  183. try
  184. {
  185. if (model != null && model.code != null)
  186. {
  187. Paste.Models.Paste paste = PasteHelper.CreatePaste(_config, _dbContext, model.code, model.title, model.syntax, model.expireUnit, model.expireLength, model.password, model.hide);
  188. // Associate this with the user if they are logged in
  189. if (User.Identity.IsAuthenticated)
  190. {
  191. User foundUser = UserHelper.GetUser(_dbContext, User.Identity.Name);
  192. if (foundUser != null)
  193. {
  194. paste.UserId = foundUser.UserId;
  195. }
  196. }
  197. _dbContext.Pastes.Add(paste);
  198. _dbContext.SaveChanges();
  199. return Json(new
  200. {
  201. result = new
  202. {
  203. id = paste.Url,
  204. url = Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url, password = model.password }),
  205. title = paste.Title,
  206. syntax = paste.Syntax,
  207. expiration = paste.ExpireDate,
  208. password = model.password
  209. }
  210. });
  211. }
  212. return Json(new { error = new { message = "Invalid Paste Request" } });
  213. }
  214. catch (Exception ex)
  215. {
  216. return Json(new { error = new { message = "Exception: " + ex.Message } });
  217. }
  218. }
  219. [HttpPost]
  220. [AllowAnonymous]
  221. public IActionResult Shorten(APIv1ShortenModel model)
  222. {
  223. try
  224. {
  225. if (model.url.IsValidUrl())
  226. {
  227. ShortenedUrl newUrl = ShortenerHelper.ShortenUrl(_dbContext, model.url, _config.ShortenerConfig.UrlLength);
  228. // Associate this with the user if they are logged in
  229. if (User.Identity.IsAuthenticated)
  230. {
  231. User foundUser = UserHelper.GetUser(_dbContext, User.Identity.Name);
  232. if (foundUser != null)
  233. {
  234. newUrl.UserId = foundUser.UserId;
  235. }
  236. }
  237. _dbContext.ShortenedUrls.Add(newUrl);
  238. _dbContext.SaveChanges();
  239. string shortUrl = string.Format("{0}://{1}/{2}", HttpContext.Request.Scheme, _config.ShortenerConfig.ShortenerHost, newUrl.ShortUrl);
  240. if (_config.DevEnvironment)
  241. {
  242. shortUrl = Url.SubRouteUrl("shortened", "Shortener.View", new { url = newUrl.ShortUrl });
  243. }
  244. return Json(new
  245. {
  246. result = new
  247. {
  248. shortUrl = shortUrl,
  249. originalUrl = model.url
  250. }
  251. });
  252. }
  253. return Json(new { error = new { message = "Must be a valid Url" } });
  254. }
  255. catch (Exception ex)
  256. {
  257. return Json(new { error = new { message = "Exception: " + ex.Message } });
  258. }
  259. }
  260. }
  261. }