The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

UploadController.cs 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. using Piwik.Tracker;
  2. using System;
  3. using System.Collections.Generic;
  4. using System.Data.Entity;
  5. using System.IO;
  6. using System.Linq;
  7. using System.Web;
  8. using System.Web.Mvc;
  9. using Teknik.Areas.Error.ViewModels;
  10. using Teknik.Areas.Upload.Models;
  11. using Teknik.Areas.Upload.ViewModels;
  12. using Teknik.Controllers;
  13. using Teknik.Helpers;
  14. using Teknik.Models;
  15. namespace Teknik.Areas.Upload.Controllers
  16. {
  17. public class UploadController : DefaultController
  18. {
  19. private TeknikEntities db = new TeknikEntities();
  20. // GET: Upload/Upload
  21. [HttpGet]
  22. [AllowAnonymous]
  23. public ActionResult Index()
  24. {
  25. ViewBag.Title = "Teknik Upload - End to End Encryption";
  26. UploadViewModel model = new UploadViewModel();
  27. model.CurrentSub = Subdomain;
  28. Areas.Profile.Models.User user = db.Users.Where(u => u.Username == User.Identity.Name).FirstOrDefault();
  29. if (user != null)
  30. {
  31. model.SaveKey = user.UploadSettings.SaveKey;
  32. model.ServerSideEncrypt = user.UploadSettings.ServerSideEncrypt;
  33. }
  34. else
  35. {
  36. model.SaveKey = true;
  37. model.ServerSideEncrypt = true;
  38. }
  39. return View(model);
  40. }
  41. [HttpPost]
  42. [AllowAnonymous]
  43. public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null)
  44. {
  45. if (Config.UploadConfig.UploadEnabled)
  46. {
  47. if (data.ContentLength <= Config.UploadConfig.MaxUploadSize)
  48. {
  49. // convert file to bytes
  50. byte[] fileData = null;
  51. int contentLength = data.ContentLength;
  52. using (var binaryReader = new BinaryReader(data.InputStream))
  53. {
  54. fileData = binaryReader.ReadBytes(data.ContentLength);
  55. }
  56. // if they want us to encrypt it, we do so here
  57. if (encrypt)
  58. {
  59. // Generate key and iv if empty
  60. if (string.IsNullOrEmpty(key))
  61. {
  62. key = Utility.RandomString(keySize / 8);
  63. }
  64. fileData = AES.Encrypt(fileData, key, iv);
  65. if (fileData == null || fileData.Length <= 0)
  66. {
  67. return Json(new { error = new { message = "Unable to encrypt file" } });
  68. }
  69. }
  70. Models.Upload upload = Uploader.SaveFile(fileData, fileType, contentLength, fileExt, iv, (saveKey) ? key : null, keySize, blockSize);
  71. if (upload != null)
  72. {
  73. if (User.Identity.IsAuthenticated)
  74. {
  75. Profile.Models.User user = db.Users.Where(u => u.Username == User.Identity.Name).FirstOrDefault();
  76. if (user != null)
  77. {
  78. upload.UserId = user.UserId;
  79. db.Entry(upload).State = EntityState.Modified;
  80. db.SaveChanges();
  81. }
  82. }
  83. return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain");
  84. }
  85. return Json(new { error = "Unable to upload file" });
  86. }
  87. else
  88. {
  89. return Json(new { error = "File Too Large" });
  90. }
  91. }
  92. return Json(new { error = "Uploads are disabled" });
  93. }
  94. // User did not supply key
  95. [HttpGet]
  96. [AllowAnonymous]
  97. public ActionResult Download(string file)
  98. {
  99. if (Config.UploadConfig.DownloadEnabled)
  100. {
  101. ViewBag.Title = "Teknik Download - " + file;
  102. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  103. if (upload != null)
  104. {
  105. upload.Downloads += 1;
  106. db.Entry(upload).State = EntityState.Modified;
  107. db.SaveChanges();
  108. // We don't have the key, so we need to decrypt it client side
  109. if (string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV))
  110. {
  111. DownloadViewModel model = new DownloadViewModel();
  112. model.FileName = file;
  113. model.ContentType = upload.ContentType;
  114. model.ContentLength = upload.ContentLength;
  115. model.IV = upload.IV;
  116. return View(model);
  117. }
  118. else // We have the key, so that means server side decryption
  119. {
  120. string subDir = upload.FileName[0].ToString();
  121. string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName);
  122. if (System.IO.File.Exists(filePath))
  123. {
  124. // Read in the file
  125. byte[] data = System.IO.File.ReadAllBytes(filePath);
  126. // If the IV is set, and Key is set, then decrypt it
  127. if (!string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV))
  128. {
  129. // Decrypt the data
  130. data = AES.Decrypt(data, upload.Key, upload.IV);
  131. }
  132. // Create content disposition
  133. var cd = new System.Net.Mime.ContentDisposition
  134. {
  135. FileName = upload.Url,
  136. Inline = true
  137. };
  138. Response.AppendHeader("Content-Disposition", cd.ToString());
  139. // Handle Piwik Tracking if enabled
  140. Tracking.TrackPageView(Request, ViewBag.Title, Subdomain);
  141. return File(data, upload.ContentType);
  142. }
  143. }
  144. }
  145. return Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  146. }
  147. return Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  148. }
  149. [HttpPost]
  150. [AllowAnonymous]
  151. public FileResult DownloadData(string file)
  152. {
  153. if (Config.UploadConfig.DownloadEnabled)
  154. {
  155. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  156. if (upload != null)
  157. {
  158. string subDir = upload.FileName[0].ToString();
  159. string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName);
  160. if (System.IO.File.Exists(filePath))
  161. {
  162. byte[] buffer;
  163. FileStream fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read);
  164. try
  165. {
  166. int length = (int)fileStream.Length; // get file length
  167. buffer = new byte[length]; // create buffer
  168. int count; // actual number of bytes read
  169. int sum = 0; // total number of bytes read
  170. // read until Read method returns 0 (end of the stream has been reached)
  171. while ((count = fileStream.Read(buffer, sum, length - sum)) > 0)
  172. sum += count; // sum is a buffer offset for next reading
  173. }
  174. finally
  175. {
  176. fileStream.Close();
  177. }
  178. return File(buffer, System.Net.Mime.MediaTypeNames.Application.Octet, file);
  179. }
  180. }
  181. Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  182. return null;
  183. }
  184. Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  185. return null;
  186. }
  187. [HttpGet]
  188. [AllowAnonymous]
  189. public ActionResult Delete(string file, string key)
  190. {
  191. ViewBag.Title = "File Delete - " + file + " - " + Config.Title;
  192. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  193. if (upload != null)
  194. {
  195. DeleteViewModel model = new DeleteViewModel();
  196. model.File = file;
  197. if (!string.IsNullOrEmpty(upload.DeleteKey) && upload.DeleteKey == key)
  198. {
  199. string filePath = upload.FileName;
  200. // Delete from the DB
  201. db.Uploads.Remove(upload);
  202. db.SaveChanges();
  203. // Delete the File
  204. if (System.IO.File.Exists(filePath))
  205. {
  206. System.IO.File.Delete(filePath);
  207. }
  208. model.Deleted = true;
  209. }
  210. else
  211. {
  212. model.Deleted = false;
  213. }
  214. return View(model);
  215. }
  216. return RedirectToRoute("Error.Http404");
  217. }
  218. [HttpPost]
  219. [AllowAnonymous]
  220. public ActionResult GenerateDeleteKey(string file)
  221. {
  222. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  223. if (upload != null)
  224. {
  225. string delKey = Utility.RandomString(Config.UploadConfig.DeleteKeyLength);
  226. upload.DeleteKey = delKey;
  227. db.Entry(upload).State = EntityState.Modified;
  228. db.SaveChanges();
  229. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Delete", new { file = file, key = delKey }) });
  230. }
  231. return Json(new { error = "Invalid URL" });
  232. }
  233. [HttpPost]
  234. [AllowAnonymous]
  235. public ActionResult SaveFileKey(string file, string key)
  236. {
  237. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  238. if (upload != null)
  239. {
  240. upload.Key = key;
  241. db.Entry(upload).State = EntityState.Modified;
  242. db.SaveChanges();
  243. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  244. }
  245. return Json(new { error = "Invalid URL" });
  246. }
  247. [HttpPost]
  248. [AllowAnonymous]
  249. public ActionResult RemoveFileKey(string file, string key)
  250. {
  251. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  252. if (upload != null)
  253. {
  254. if (upload.Key == key)
  255. {
  256. upload.Key = null;
  257. db.Entry(upload).State = EntityState.Modified;
  258. db.SaveChanges();
  259. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  260. }
  261. return Json(new { error = "Non-Matching Key" });
  262. }
  263. return Json(new { error = "Invalid URL" });
  264. }
  265. }
  266. }