The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

VaultController.cs 22KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485
  1. using Microsoft.AspNetCore.Authorization;
  2. using Microsoft.AspNetCore.Http;
  3. using Microsoft.AspNetCore.Mvc;
  4. using Microsoft.EntityFrameworkCore;
  5. using Microsoft.Extensions.Logging;
  6. using System;
  7. using System.Collections.Generic;
  8. using System.IO;
  9. using System.Linq;
  10. using System.Text;
  11. using System.Threading.Tasks;
  12. using System.Web;
  13. using Teknik.Areas.Paste;
  14. using Teknik.Areas.Users.Models;
  15. using Teknik.Areas.Users.Utility;
  16. using Teknik.Areas.Vault.Models;
  17. using Teknik.Areas.Vault.ViewModels;
  18. using Teknik.Attributes;
  19. using Teknik.Configuration;
  20. using Teknik.Controllers;
  21. using Teknik.Data;
  22. using Teknik.Filters;
  23. using Teknik.Logging;
  24. using Teknik.Models;
  25. using Teknik.Utilities;
  26. using Teknik.Utilities.Cryptography;
  27. namespace Teknik.Areas.Vault.Controllers
  28. {
  29. [Authorize]
  30. [Area("Vault")]
  31. public class VaultController : DefaultController
  32. {
  33. public VaultController(ILogger<Logger> logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { }
  34. [AllowAnonymous]
  35. public async Task<IActionResult> ViewVault(string id)
  36. {
  37. Models.Vault foundVault = _dbContext.Vaults.Where(v => v.Url == id).FirstOrDefault();
  38. if (foundVault != null)
  39. {
  40. // Update view count
  41. foundVault.Views += 1;
  42. _dbContext.Entry(foundVault).State = EntityState.Modified;
  43. _dbContext.SaveChanges();
  44. ViewBag.Title = foundVault.Title + " | Vault";
  45. VaultViewModel model = new VaultViewModel();
  46. model.CurrentSub = Subdomain;
  47. model.Url = foundVault.Url;
  48. model.UserId = foundVault.UserId;
  49. model.User = foundVault.User;
  50. model.Title = foundVault.Title;
  51. model.Description = foundVault.Description;
  52. model.DateCreated = foundVault.DateCreated;
  53. model.DateEdited = foundVault.DateEdited;
  54. if (foundVault.VaultItems.Any())
  55. {
  56. foreach (VaultItem item in foundVault.VaultItems.OrderBy(v => v.Index))
  57. {
  58. if (item.GetType().BaseType == typeof(UploadVaultItem))
  59. {
  60. UploadVaultItem upload = (UploadVaultItem)item;
  61. // Increment Views
  62. upload.Upload.Downloads += 1;
  63. _dbContext.Entry(upload.Upload).State = EntityState.Modified;
  64. _dbContext.SaveChanges();
  65. UploadItemViewModel uploadModel = new UploadItemViewModel();
  66. uploadModel.VaultItemId = item.VaultItemId;
  67. uploadModel.Title = item.Title;
  68. uploadModel.Description = item.Description;
  69. uploadModel.DateAdded = item.DateAdded;
  70. uploadModel.Upload = upload.Upload;
  71. model.Items.Add(uploadModel);
  72. }
  73. else if (item.GetType().BaseType == typeof(PasteVaultItem))
  74. {
  75. PasteVaultItem paste = (PasteVaultItem)item;
  76. // Increment Views
  77. paste.Paste.Views += 1;
  78. _dbContext.Entry(paste.Paste).State = EntityState.Modified;
  79. _dbContext.SaveChanges();
  80. // Check Expiration
  81. if (PasteHelper.CheckExpiration(paste.Paste))
  82. {
  83. _dbContext.Pastes.Remove(paste.Paste);
  84. _dbContext.SaveChanges();
  85. break;
  86. }
  87. PasteItemViewModel pasteModel = new PasteItemViewModel();
  88. pasteModel.VaultItemId = item.VaultItemId;
  89. pasteModel.Title = item.Title;
  90. pasteModel.Description = item.Description;
  91. pasteModel.DateAdded = item.DateAdded;
  92. pasteModel.PasteId = paste.Paste.PasteId;
  93. pasteModel.Url = paste.Paste.Url;
  94. pasteModel.DatePosted = paste.Paste.DatePosted;
  95. pasteModel.Syntax = paste.Paste.Syntax;
  96. pasteModel.HasPassword = !string.IsNullOrEmpty(paste.Paste.HashedPassword);
  97. if (!pasteModel.HasPassword)
  98. {
  99. // Read in the file
  100. string subDir = paste.Paste.FileName[0].ToString();
  101. string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.Paste.FileName);
  102. if (!System.IO.File.Exists(filePath))
  103. continue;
  104. byte[] ivBytes = Encoding.Unicode.GetBytes(paste.Paste.IV);
  105. byte[] keyBytes = AesCounterManaged.CreateKey(paste.Paste.Key, ivBytes, paste.Paste.KeySize);
  106. using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))
  107. using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))
  108. using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))
  109. {
  110. pasteModel.Content = await sr.ReadToEndAsync();
  111. }
  112. }
  113. model.Items.Add(pasteModel);
  114. }
  115. }
  116. }
  117. return View(model);
  118. }
  119. return new StatusCodeResult(StatusCodes.Status404NotFound);
  120. }
  121. [HttpGet]
  122. [AllowAnonymous]
  123. public IActionResult NewVault()
  124. {
  125. ViewBag.Title = "Create Vault";
  126. ModifyVaultViewModel model = new ModifyVaultViewModel();
  127. model.CurrentSub = Subdomain;
  128. return View("~/Areas/Vault/Views/Vault/ModifyVault.cshtml", model);
  129. }
  130. [HttpGet]
  131. [AllowAnonymous]
  132. public IActionResult NewVaultFromService(string type, string items)
  133. {
  134. ViewBag.Title = "Create Vault";
  135. ModifyVaultViewModel model = new ModifyVaultViewModel();
  136. model.CurrentSub = Subdomain;
  137. string decodedItems = HttpUtility.UrlDecode(items);
  138. string[] allURLs = decodedItems.Split(',');
  139. int index = 0;
  140. foreach (string url in allURLs)
  141. {
  142. string[] urlInfo = url.Split(':');
  143. string uploadId = urlInfo[0];
  144. string title = string.Empty;
  145. if (urlInfo.GetUpperBound(0) >= 1)
  146. {
  147. // They also passed in the original filename, so let's use it as our title
  148. title = urlInfo[1];
  149. }
  150. if (IsValidItem(type, uploadId))
  151. {
  152. ModifyVaultItemViewModel item = new ModifyVaultItemViewModel();
  153. item.isTemplate = false;
  154. item.index = index;
  155. item.title = title;
  156. item.url = uploadId;
  157. item.type = type;
  158. model.items.Add(item);
  159. index++;
  160. }
  161. }
  162. return View("~/Areas/Vault/Views/Vault/ModifyVault.cshtml", model);
  163. }
  164. [HttpGet]
  165. public IActionResult EditVault(string url, string type, string items)
  166. {
  167. ViewBag.Title = "Edit Vault";
  168. Vault.Models.Vault foundVault = _dbContext.Vaults.Where(v => v.Url == url).FirstOrDefault();
  169. if (foundVault != null)
  170. {
  171. if (foundVault.User.Username == User.Identity.Name)
  172. {
  173. ViewBag.Title = "Edit Vault | " + foundVault.Title;
  174. ModifyVaultViewModel model = new ModifyVaultViewModel();
  175. model.CurrentSub = Subdomain;
  176. model.isEdit = true;
  177. model.vaultId = foundVault.VaultId;
  178. model.title = foundVault.Title;
  179. model.description = foundVault.Description;
  180. int index = 0;
  181. // Add all their existing items for the vault
  182. foreach (VaultItem item in foundVault.VaultItems.OrderBy(v => v.Index))
  183. {
  184. ModifyVaultItemViewModel itemModel = new ModifyVaultItemViewModel();
  185. itemModel.index = index;
  186. itemModel.isTemplate = false;
  187. if (item.GetType().BaseType == typeof(UploadVaultItem))
  188. {
  189. UploadVaultItem upload = (UploadVaultItem)item;
  190. itemModel.title = upload.Title;
  191. itemModel.description = upload.Description;
  192. itemModel.type = "Upload";
  193. itemModel.url = upload.Upload.Url;
  194. model.items.Add(itemModel);
  195. index++;
  196. }
  197. else if (item.GetType().BaseType == typeof(PasteVaultItem))
  198. {
  199. PasteVaultItem paste = (PasteVaultItem)item;
  200. itemModel.title = paste.Title;
  201. itemModel.description = paste.Description;
  202. itemModel.type = "Paste";
  203. itemModel.url = paste.Paste.Url;
  204. model.items.Add(itemModel);
  205. index++;
  206. }
  207. }
  208. // If they passed any new items in via the parameters, let's add them
  209. if (!string.IsNullOrEmpty(type) && !string.IsNullOrEmpty(items))
  210. {
  211. string decodedItems = HttpUtility.UrlDecode(items);
  212. string[] allItems = decodedItems.Split(',');
  213. foreach (string newItem in allItems)
  214. {
  215. string[] urlInfo = newItem.Split(':');
  216. string itemId = urlInfo[0];
  217. string title = string.Empty;
  218. if (urlInfo.GetUpperBound(0) >= 1)
  219. {
  220. // They also passed in the original filename, so let's use it as our title
  221. title = urlInfo[1];
  222. }
  223. if (IsValidItem(type, itemId))
  224. {
  225. ModifyVaultItemViewModel item = new ModifyVaultItemViewModel();
  226. item.isTemplate = false;
  227. item.index = index;
  228. item.title = title;
  229. item.url = itemId;
  230. item.type = type;
  231. model.items.Add(item);
  232. index++;
  233. }
  234. }
  235. }
  236. return View("~/Areas/Vault/Views/Vault/ModifyVault.cshtml", model);
  237. }
  238. return new StatusCodeResult(StatusCodes.Status403Forbidden);
  239. }
  240. return new StatusCodeResult(StatusCodes.Status404NotFound);
  241. }
  242. [HttpPost]
  243. [AllowAnonymous]
  244. [ValidateAntiForgeryToken]
  245. public IActionResult CreateVault(ModifyVaultViewModel model)
  246. {
  247. if (model != null)
  248. {
  249. if (!string.IsNullOrEmpty(model.title))
  250. {
  251. Models.Vault newVault = new Models.Vault();
  252. // Create a new ID
  253. string url = StringHelper.RandomString(_config.VaultConfig.UrlLength);
  254. while (_dbContext.Vaults.Where(v => v.Url == url).FirstOrDefault() != null)
  255. {
  256. url = StringHelper.RandomString(_config.VaultConfig.UrlLength);
  257. }
  258. newVault.Url = url;
  259. newVault.DateCreated = DateTime.Now;
  260. newVault.Title = model.title;
  261. newVault.Description = model.description;
  262. if (User.Identity.IsAuthenticated)
  263. {
  264. User user = UserHelper.GetUser(_dbContext, User.Identity.Name);
  265. if (user != null)
  266. {
  267. newVault.UserId = user.UserId;
  268. }
  269. }
  270. // Add/Verify items
  271. if (model.items.Any())
  272. {
  273. int index = 0;
  274. foreach (ModifyVaultItemViewModel item in model.items)
  275. {
  276. if (IsValidItem(item.type, item.url))
  277. {
  278. switch (item.type.ToLower())
  279. {
  280. case "upload":
  281. UploadVaultItem newUpload = new UploadVaultItem();
  282. newUpload.Index = index;
  283. newUpload.DateAdded = DateTime.Now;
  284. newUpload.Title = item.title;
  285. newUpload.Description = item.description;
  286. newUpload.UploadId = _dbContext.Uploads.Where(u => u.Url == item.url).FirstOrDefault().UploadId;
  287. newVault.VaultItems.Add(newUpload);
  288. index++;
  289. break;
  290. case "paste":
  291. PasteVaultItem newPaste = new PasteVaultItem();
  292. newPaste.Index = index;
  293. newPaste.DateAdded = DateTime.Now;
  294. newPaste.Title = item.title;
  295. newPaste.Description = item.description;
  296. newPaste.PasteId = _dbContext.Pastes.Where(p => p.Url == item.url).FirstOrDefault().PasteId;
  297. newVault.VaultItems.Add(newPaste);
  298. index++;
  299. break;
  300. default:
  301. return Json(new { error = new { message = "You have an invalid item type: " + item.type } });
  302. }
  303. }
  304. else
  305. {
  306. return Json(new { error = new { message = "You have an invalid item URL: " + item.url } });
  307. }
  308. }
  309. }
  310. // Add and save the new vault
  311. _dbContext.Vaults.Add(newVault);
  312. _dbContext.SaveChanges();
  313. return Json(new { result = new { url = Url.SubRouteUrl("v", "Vault.ViewVault", new { id = url }) } });
  314. }
  315. return Json(new { error = new { message = "You must supply a Title" } });
  316. }
  317. return Json(new { error = new { message = "Invalid Parameters" } });
  318. }
  319. [HttpPost]
  320. [ValidateAntiForgeryToken]
  321. public IActionResult EditVault(ModifyVaultViewModel model)
  322. {
  323. if (model != null)
  324. {
  325. Vault.Models.Vault foundVault = _dbContext.Vaults.Where(v => v.VaultId == model.vaultId).FirstOrDefault();
  326. if (foundVault != null)
  327. {
  328. if (foundVault.User.Username == User.Identity.Name)
  329. {
  330. foundVault.DateEdited = DateTime.Now;
  331. foundVault.Title = model.title;
  332. foundVault.Description = model.description;
  333. // Clear previous items
  334. List<VaultItem> vaultItems = _dbContext.VaultItems.Where(v => v.VaultId == foundVault.VaultId).ToList();
  335. if (vaultItems != null)
  336. {
  337. foreach (VaultItem item in vaultItems)
  338. {
  339. _dbContext.VaultItems.Remove(item);
  340. }
  341. }
  342. foundVault.VaultItems.Clear();
  343. // Add/Verify items
  344. if (model.items.Any())
  345. {
  346. int index = 0;
  347. foreach (ModifyVaultItemViewModel item in model.items)
  348. {
  349. if (IsValidItem(item.type, item.url))
  350. {
  351. switch (item.type.ToLower())
  352. {
  353. case "upload":
  354. UploadVaultItem newUpload = new UploadVaultItem();
  355. newUpload.Index = index;
  356. newUpload.DateAdded = DateTime.Now;
  357. newUpload.Title = item.title;
  358. newUpload.Description = item.description;
  359. newUpload.UploadId = _dbContext.Uploads.Where(u => u.Url == item.url).FirstOrDefault().UploadId;
  360. foundVault.VaultItems.Add(newUpload);
  361. index++;
  362. break;
  363. case "paste":
  364. PasteVaultItem newPaste = new PasteVaultItem();
  365. newPaste.Index = index;
  366. newPaste.DateAdded = DateTime.Now;
  367. newPaste.Title = item.title;
  368. newPaste.Description = item.description;
  369. newPaste.PasteId = _dbContext.Pastes.Where(p => p.Url == item.url).FirstOrDefault().PasteId;
  370. foundVault.VaultItems.Add(newPaste);
  371. index++;
  372. break;
  373. default:
  374. return Json(new { error = new { message = "You have an invalid item type: " + item.type } });
  375. }
  376. }
  377. else
  378. {
  379. return Json(new { error = new { message = "You have an invalid item URL: " + item.url } });
  380. }
  381. }
  382. }
  383. _dbContext.Entry(foundVault).State = EntityState.Modified;
  384. _dbContext.SaveChanges();
  385. return Json(new { result = new { url = Url.SubRouteUrl("v", "Vault.ViewVault", new { id = foundVault.Url }) } });
  386. }
  387. return Json(new { error = new { message = "You do not have permission to edit this Vault" } });
  388. }
  389. return Json(new { error = new { message = "That Vault does not exist" } });
  390. }
  391. return Json(new { error = new { message = "Invalid Parameters" } });
  392. }
  393. [HttpPost]
  394. public IActionResult Delete(string id)
  395. {
  396. Vault.Models.Vault foundVault = _dbContext.Vaults.Where(v => v.Url == id).FirstOrDefault();
  397. if (foundVault != null)
  398. {
  399. if (foundVault.User.Username == User.Identity.Name)
  400. {
  401. _dbContext.Vaults.Remove(foundVault);
  402. _dbContext.SaveChanges();
  403. return Json(new { result = new { url = Url.SubRouteUrl("vault", "Vault.CreateVault") } });
  404. }
  405. return Json(new { error = new { message = "You do not have permission to edit this Vault" } });
  406. }
  407. return Json(new { error = new { message = "That Vault does not exist" } });
  408. }
  409. [HttpPost]
  410. [AllowAnonymous]
  411. [ValidateAntiForgeryToken]
  412. public IActionResult ValidateItem(string type, string url)
  413. {
  414. if (IsValidItem(type, url))
  415. {
  416. return Json(new { result = new { valid = true } });
  417. }
  418. else
  419. {
  420. return Json(new { error = new { message = "Invalid URL Id for this Item" } });
  421. }
  422. }
  423. private bool IsValidItem(string type, string url)
  424. {
  425. bool valid = false;
  426. if (!string.IsNullOrEmpty(type) && !string.IsNullOrEmpty(url))
  427. {
  428. switch (type.ToLower())
  429. {
  430. case "upload":
  431. Upload.Models.Upload foundUpload = _dbContext.Uploads.Where(u => u.Url == url).FirstOrDefault();
  432. if (foundUpload != null)
  433. {
  434. valid = true;
  435. }
  436. break;
  437. case "paste":
  438. Paste.Models.Paste foundPaste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault();
  439. if (foundPaste != null)
  440. {
  441. valid = true;
  442. }
  443. break;
  444. }
  445. }
  446. return valid;
  447. }
  448. }
  449. }