The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UploadController.cs 8.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data.Entity;
  4. using System.IO;
  5. using System.Linq;
  6. using System.Web;
  7. using System.Web.Mvc;
  8. using Teknik.Areas.Error.ViewModels;
  9. using Teknik.Areas.Upload.Models;
  10. using Teknik.Areas.Upload.ViewModels;
  11. using Teknik.Controllers;
  12. using Teknik.Helpers;
  13. using Teknik.Models;
  14. namespace Teknik.Areas.Upload.Controllers
  15. {
  16. public class UploadController : DefaultController
  17. {
  18. private TeknikEntities db = new TeknikEntities();
  19. // GET: Upload/Upload
  20. [HttpGet]
  21. [AllowAnonymous]
  22. public ActionResult Index()
  23. {
  24. ViewBag.Title = "Teknik Upload - End to End Encryption";
  25. return View(new UploadViewModel());
  26. }
  27. [HttpPost]
  28. [AllowAnonymous]
  29. [ValidateAntiForgeryToken]
  30. public ActionResult Upload(string fileType, string iv, int keySize, int blockSize, HttpPostedFileWrapper data)
  31. {
  32. if (data.ContentLength <= Config.UploadConfig.MaxUploadSize)
  33. {
  34. Models.Upload upload = Uploader.SaveFile(data, fileType, iv, null, keySize, blockSize);
  35. if (upload != null)
  36. {
  37. return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("upload", "Upload.Download", new { file = upload.Url }) } }, "text/plain");
  38. }
  39. return Json(new { error = "Unable to upload file" });
  40. }
  41. else
  42. {
  43. return Json(new { error = "File Too Large" });
  44. }
  45. }
  46. // User did not supply key
  47. [HttpGet]
  48. [AllowAnonymous]
  49. public ActionResult Download(string file)
  50. {
  51. ViewBag.Title = "Teknik Download - " + file;
  52. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  53. if (upload != null)
  54. {
  55. // We don't have the key, so we need to decrypt it client side
  56. if (string.IsNullOrEmpty(upload.Key))
  57. {
  58. DownloadViewModel model = new DownloadViewModel();
  59. model.FileName = file;
  60. model.ContentType = upload.ContentType;
  61. model.ContentLength = upload.ContentLength;
  62. model.IV = upload.IV;
  63. return View(model);
  64. }
  65. else // We have the key, so that means server side decryption
  66. {
  67. if (System.IO.File.Exists(upload.FileName))
  68. {
  69. // Read in the file
  70. byte[] encData = System.IO.File.ReadAllBytes(upload.FileName);
  71. // Decrypt the data
  72. byte[] data = AES.Decrypt(encData, upload.Key, upload.IV, upload.KeySize, upload.BlockSize);
  73. // Create File
  74. var cd = new System.Net.Mime.ContentDisposition
  75. {
  76. FileName = upload.Url,
  77. Inline = true
  78. };
  79. Response.AppendHeader("Content-Disposition", cd.ToString());
  80. return File(data, upload.ContentType);
  81. }
  82. }
  83. }
  84. return RedirectToRoute("*.Error.Http404");
  85. }
  86. [HttpPost]
  87. [AllowAnonymous]
  88. [ValidateAntiForgeryToken]
  89. public FileResult DownloadData(string file)
  90. {
  91. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  92. if (upload != null)
  93. {
  94. string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, upload.FileName);
  95. if (System.IO.File.Exists(filePath))
  96. {
  97. byte[] buffer;
  98. FileStream fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read);
  99. try
  100. {
  101. int length = (int)fileStream.Length; // get file length
  102. buffer = new byte[length]; // create buffer
  103. int count; // actual number of bytes read
  104. int sum = 0; // total number of bytes read
  105. // read until Read method returns 0 (end of the stream has been reached)
  106. while ((count = fileStream.Read(buffer, sum, length - sum)) > 0)
  107. sum += count; // sum is a buffer offset for next reading
  108. }
  109. finally
  110. {
  111. fileStream.Close();
  112. }
  113. return File(buffer, System.Net.Mime.MediaTypeNames.Application.Octet, file);
  114. }
  115. }
  116. RedirectToAction("Http404", "Error", new { area = "Errors", exception = new Exception("File Not Found") });
  117. return null;
  118. }
  119. [HttpGet]
  120. [AllowAnonymous]
  121. public ActionResult Delete(string file, string key)
  122. {
  123. ViewBag.Title = "File Delete - " + file + " - " + Config.Title;
  124. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  125. if (upload != null)
  126. {
  127. DeleteViewModel model = new DeleteViewModel();
  128. model.File = file;
  129. if (!string.IsNullOrEmpty(upload.DeleteKey) && upload.DeleteKey == key)
  130. {
  131. string filePath = upload.FileName;
  132. // Delete from the DB
  133. db.Uploads.Remove(upload);
  134. db.SaveChanges();
  135. // Delete the File
  136. if (System.IO.File.Exists(filePath))
  137. {
  138. System.IO.File.Delete(filePath);
  139. }
  140. model.Deleted = true;
  141. }
  142. else
  143. {
  144. model.Deleted = false;
  145. }
  146. return View(model);
  147. }
  148. return RedirectToRoute("*.Error.Http404");
  149. }
  150. [HttpPost]
  151. [AllowAnonymous]
  152. [ValidateAntiForgeryToken]
  153. public ActionResult GenerateDeleteKey(string file)
  154. {
  155. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  156. if (upload != null)
  157. {
  158. string delKey = Utility.RandomString(Config.UploadConfig.DeleteKeyLength);
  159. upload.DeleteKey = delKey;
  160. db.Entry(upload).State = EntityState.Modified;
  161. db.SaveChanges();
  162. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Delete", new { file = file, key = delKey }) });
  163. }
  164. return Json(new { error = "Invalid URL" });
  165. }
  166. [HttpPost]
  167. [AllowAnonymous]
  168. [ValidateAntiForgeryToken]
  169. public ActionResult SaveFileKey(string file, string key)
  170. {
  171. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  172. if (upload != null)
  173. {
  174. upload.Key = key;
  175. db.Entry(upload).State = EntityState.Modified;
  176. db.SaveChanges();
  177. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  178. }
  179. return Json(new { error = "Invalid URL" });
  180. }
  181. [HttpPost]
  182. [AllowAnonymous]
  183. [ValidateAntiForgeryToken]
  184. public ActionResult RemoveFileKey(string file, string key)
  185. {
  186. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  187. if (upload != null)
  188. {
  189. if (upload.Key == key)
  190. {
  191. upload.Key = null;
  192. db.Entry(upload).State = EntityState.Modified;
  193. db.SaveChanges();
  194. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  195. }
  196. return Json(new { error = "Non-Matching Key" });
  197. }
  198. return Json(new { error = "Invalid URL" });
  199. }
  200. }
  201. }