Teknikode
/
Teknik
Слідкувати 3
В обрані 16
Форк 4
Код Проблеми 38 Запити на злиття 0 Релізи 3 Вікі Активність
The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
749 Коміти
2 Гілки
Дерево: f42547174a
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'f42547174a'
${ noResults }
Teknik/Teknik/Areas/Paste/Controllers/PasteController.cs

PasteController.cs 19KB
Неформатований Blame Історія

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Linq;

  4. using System.Text;

  5. using Teknik.Areas.Paste.ViewModels;

  6. using Teknik.Areas.Users.Utility;

  7. using Teknik.Controllers;

  8. using Teknik.Filters;

  9. using Teknik.Utilities;

  10. using Teknik.Models;

  11. using Teknik.Attributes;

  12. using Teknik.Utilities.Cryptography;

  13. using Microsoft.Extensions.Logging;

  14. using Teknik.Configuration;

  15. using Teknik.Data;

  16. using Microsoft.AspNetCore.Authorization;

  17. using Microsoft.AspNetCore.Mvc;

  18. using Microsoft.EntityFrameworkCore;

  19. using Microsoft.AspNetCore.Http;

  20. using Teknik.Logging;

  21. using System.IO;

  22. using System.Threading.Tasks;

  23. using Microsoft.AspNetCore.Diagnostics;

  24. 

  25. namespace Teknik.Areas.Paste.Controllers

  26. {

  27.     [Authorize]

  28.     [Area("Paste")]

  29.     public class PasteController : DefaultController

  30.     {

  31.         public PasteController(ILogger<Logger> logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { }

  32.         

  33.         [AllowAnonymous]

  34.         [TrackPageView]

  35.         public IActionResult Index()

  36.         {

  37.             ViewBag.Title = "Pastebin";

  38.             ViewBag.Description = "Paste your code or text easily and securely.  Set an expiration, set a password, or leave it open for the world to see.";

  39.             PasteCreateViewModel model = new PasteCreateViewModel();

  40.             return View(model);

  41.         }

  42.         

  43.         [AllowAnonymous]

  44.         [TrackPageView]

  45.         public async Task<IActionResult> ViewPaste(string type, string url, string password)

  46.         {

  47.             Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault();

  48.             if (paste != null)

  49.             {

  50.                 ViewBag.Title = (string.IsNullOrEmpty(paste.Title)) ? "Untitled Paste" : paste.Title + " | Pastebin";

  51.                 ViewBag.Description = "Paste your code or text easily and securely.  Set an expiration, set a password, or leave it open for the world to see.";

  52.                 // Increment Views

  53.                 paste.Views += 1;

  54.                 _dbContext.Entry(paste).State = EntityState.Modified;

  55.                 _dbContext.SaveChanges();

  56. 

  57.                 // Check Expiration

  58.                 if (PasteHelper.CheckExpiration(paste))

  59.                 {

  60.                     _dbContext.Pastes.Remove(paste);

  61.                     _dbContext.SaveChanges();

  62.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  63.                 }

  64. 

  65.                 PasteViewModel model = new PasteViewModel();

  66.                 model.Url = url;

  67.                 model.Title = paste.Title;

  68.                 model.Syntax = paste.Syntax;

  69.                 model.DatePosted = paste.DatePosted;

  70.                 model.Username = paste.User?.Username;

  71. 

  72.                 if (User.Identity.IsAuthenticated && type.ToLower() == "full")

  73.                 {

  74.                     Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name);

  75.                     if (user != null)

  76.                     {

  77.                         model.Vaults = user.Vaults.ToList();

  78.                     }

  79.                 }

  80. 

  81.                 byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV);

  82.                 byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);

  83. 

  84.                 // The paste has a password set

  85.                 if (!string.IsNullOrEmpty(paste.HashedPassword))

  86.                 {

  87.                     if (string.IsNullOrEmpty(password))

  88.                     {

  89.                         // Try to get the password from the session

  90.                         password = GetCachedPassword(url);

  91.                     }

  92.                     string hash = string.Empty;

  93.                     if (!string.IsNullOrEmpty(password))

  94.                     {

  95.                         hash = PasteHelper.HashPassword(paste.Key, password);

  96.                         keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize);

  97.                     }

  98.                     if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword)

  99.                     {

  100.                         PasswordViewModel passModel = new PasswordViewModel();

  101.                         passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.View");

  102.                         passModel.Url = url;

  103.                         passModel.Type = type;

  104. 

  105.                         if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword)

  106.                         {

  107.                             passModel.Error = true;

  108.                             passModel.ErrorMessage = "Invalid Password";

  109.                         }

  110. 

  111.                         // Redirect them to the password request page

  112.                         return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel);

  113.                     }

  114.                 }

  115. 

  116.                 // Save the password to the cache

  117.                 CachePassword(url, password);

  118. 

  119.                 // Read in the file

  120.                 if (string.IsNullOrEmpty(paste.FileName))

  121.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  122.                 string subDir = paste.FileName[0].ToString();

  123.                 string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);

  124.                 if (!System.IO.File.Exists(filePath))

  125.                 {

  126.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  127.                 }

  128. 

  129.                 using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))

  130.                 using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))

  131.                 using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))

  132.                 {

  133.                     model.Content = await sr.ReadToEndAsync();

  134.                 }

  135. 

  136.                 switch (type.ToLower())

  137.                 {

  138.                     case "full":

  139.                         return View("~/Areas/Paste/Views/Paste/Full.cshtml", model);

  140.                     case "simple":

  141.                         return View("~/Areas/Paste/Views/Paste/Simple.cshtml", model);

  142.                     case "raw":

  143.                         return Content(model.Content, "text/plain");

  144.                     case "download":

  145.                         //Create File

  146.                         var cd = new System.Net.Mime.ContentDisposition

  147.                         {

  148.                             FileName = url + ".txt",

  149.                             Inline = true

  150.                         };

  151. 

  152.                         Response.Headers.Add("Content-Disposition", cd.ToString());

  153. 

  154.                         FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);

  155.                         return new BufferedFileStreamResult("application/octet-stream", async (response) => await ResponseHelper.StreamToOutput(response, true, new AesCounterStream(fs, false, keyBytes, ivBytes), (int)fs.Length, _config.PasteConfig.ChunkSize), false);

  156.                     default:

  157.                         return View("~/Areas/Paste/Views/Paste/Full.cshtml", model);

  158.                 }

  159.             }

  160.             return new StatusCodeResult(StatusCodes.Status404NotFound);

  161.         }

  162. 

  163.         [HttpPost]

  164.         [AllowAnonymous]

  165.         [DisableRequestSizeLimit]

  166.         public IActionResult Paste([Bind("Content, Title, Syntax, ExpireLength, ExpireUnit, Password")]PasteCreateViewModel model)

  167.         {

  168.             if (ModelState.IsValid)

  169.             {

  170.                 if (_config.PasteConfig.Enabled)

  171.                 {

  172.                     try

  173.                     {

  174.                         Models.Paste paste = PasteHelper.CreatePaste(_config, _dbContext, model.Content, model.Title, model.Syntax, model.ExpireUnit, model.ExpireLength ?? 1, model.Password);

  175. 

  176.                         if (model.ExpireUnit == ExpirationUnit.Views)

  177.                         {

  178.                             paste.Views = -1;

  179.                         }

  180. 

  181.                         if (User.Identity.IsAuthenticated)

  182.                         {

  183.                             Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name);

  184.                             if (user != null)

  185.                             {

  186.                                 paste.UserId = user.UserId;

  187.                             }

  188.                         }

  189. 

  190.                         _dbContext.Pastes.Add(paste);

  191.                         _dbContext.SaveChanges();

  192. 

  193.                         // Cache the password

  194.                         CachePassword(paste.Url, model.Password);

  195. 

  196.                         return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url }));

  197.                     }

  198.                     catch (Exception ex)

  199.                     {

  200.                         return Redirect(Url.SubRouteUrl("error", "Error.500", new { exception = ex }));

  201.                     }

  202.                 }

  203.                 return new StatusCodeResult(StatusCodes.Status403Forbidden);

  204.             }

  205.             return View("~/Areas/Paste/Views/Paste/Index.cshtml", model);

  206.         }

  207. 

  208.         [TrackPageView]

  209.         public async Task<IActionResult> Edit(string url, string password)

  210.         {

  211.             Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault();

  212.             if (paste != null)

  213.             {

  214.                 if (paste.User?.Username != User.Identity.Name)

  215.                     return new StatusCodeResult(StatusCodes.Status403Forbidden);

  216. 

  217.                 ViewBag.Title = "Edit Paste";

  218.                 ViewBag.Description = "Edit your paste's content.";

  219. 

  220.                 // Check Expiration

  221.                 if (PasteHelper.CheckExpiration(paste))

  222.                 {

  223.                     _dbContext.Pastes.Remove(paste);

  224.                     _dbContext.SaveChanges();

  225.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  226.                 }

  227. 

  228.                 PasteViewModel model = new PasteViewModel();

  229.                 model.Url = url;

  230.                 model.Title = paste.Title;

  231.                 model.Syntax = paste.Syntax;

  232.                 model.DatePosted = paste.DatePosted;

  233.                 model.Username = paste.User?.Username;

  234. 

  235.                 byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV);

  236.                 byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);

  237. 

  238.                 // The paste has a password set

  239.                 if (!string.IsNullOrEmpty(paste.HashedPassword))

  240.                 {

  241.                     if (string.IsNullOrEmpty(password))

  242.                     {

  243.                         // Try to get the password from the session

  244.                         password = GetCachedPassword(url);

  245.                     }

  246.                     string hash = string.Empty;

  247.                     if (!string.IsNullOrEmpty(password))

  248.                     {

  249.                         hash = PasteHelper.HashPassword(paste.Key, password);

  250.                         keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize);

  251.                     }

  252.                     if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword)

  253.                     {

  254.                         PasswordViewModel passModel = new PasswordViewModel();

  255.                         passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit");

  256.                         passModel.Url = url;

  257. 

  258.                         if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword)

  259.                         {

  260.                             passModel.Error = true;

  261.                             passModel.ErrorMessage = "Invalid Password";

  262.                         }

  263. 

  264.                         // Redirect them to the password request page

  265.                         return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel);

  266.                     }

  267.                 }

  268. 

  269.                 // Cache the password

  270.                 CachePassword(url, password);

  271. 

  272.                 // Read in the file

  273.                 if (string.IsNullOrEmpty(paste.FileName))

  274.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  275.                 string subDir = paste.FileName[0].ToString();

  276.                 string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);

  277.                 if (!System.IO.File.Exists(filePath))

  278.                 {

  279.                     return new StatusCodeResult(StatusCodes.Status404NotFound);

  280.                 }

  281. 

  282.                 using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))

  283.                 using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))

  284.                 using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))

  285.                 {

  286.                     model.Content = await sr.ReadToEndAsync();

  287.                 }

  288. 

  289.                 return View("~/Areas/Paste/Views/Paste/Edit.cshtml", model);

  290.             }

  291.             return new StatusCodeResult(StatusCodes.Status404NotFound);

  292.         }

  293. 

  294.         [HttpPost]

  295.         [DisableRequestSizeLimit]

  296.         public IActionResult EditSubmit([Bind("Content, Title, Syntax, Url")]PasteEditViewModel model)

  297.         {

  298.             if (_config.PasteConfig.Enabled)

  299.             {

  300.                 try

  301.                 {

  302.                     Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == model.Url).FirstOrDefault();

  303.                     if (paste != null)

  304.                     {

  305.                         if (paste.User?.Username != User.Identity.Name)

  306.                             return new StatusCodeResult(StatusCodes.Status403Forbidden);

  307. 

  308.                         string password = null;

  309.                         // The paste has a password set

  310.                         if (!string.IsNullOrEmpty(paste.HashedPassword))

  311.                         {

  312.                             // Try to get the password from the session

  313.                             password = GetCachedPassword(model.Url);

  314.                             string hash = string.Empty;

  315.                             if (!string.IsNullOrEmpty(password))

  316.                             {

  317.                                 hash = PasteHelper.HashPassword(paste.Key, password);

  318.                             }

  319.                             if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword)

  320.                             {

  321.                                 PasswordViewModel passModel = new PasswordViewModel();

  322.                                 passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit");

  323.                                 passModel.Url = model.Url;

  324. 

  325.                                 if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword)

  326.                                 {

  327.                                     passModel.Error = true;

  328.                                     passModel.ErrorMessage = "Invalid Password";

  329.                                 }

  330. 

  331.                                 // Redirect them to the password request page

  332.                                 return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel);

  333.                             }

  334.                         }

  335. 

  336.                         // Delete the old file

  337.                         string subDir = paste.FileName[0].ToString();

  338.                         string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);

  339.                         if (System.IO.File.Exists(filePath))

  340.                             System.IO.File.Delete(filePath);

  341. 

  342.                         // Generate a unique file name that does not currently exist

  343.                         string newFilePath = FileHelper.GenerateRandomFileName(_config.PasteConfig.PasteDirectory, _config.PasteConfig.FileExtension, 10);

  344.                         string fileName = Path.GetFileName(newFilePath);

  345. 

  346.                         string key = PasteHelper.GenerateKey(_config.PasteConfig.KeySize);

  347.                         string iv = PasteHelper.GenerateIV(_config.PasteConfig.BlockSize);

  348. 

  349.                         PasteHelper.EncryptContents(model.Content, newFilePath, password, key, iv, _config.PasteConfig.KeySize, _config.PasteConfig.ChunkSize);

  350. 

  351.                         paste.Key = key;

  352.                         paste.KeySize = _config.PasteConfig.KeySize;

  353.                         paste.IV = iv;

  354.                         paste.BlockSize = _config.PasteConfig.BlockSize;

  355. 

  356.                         if (!string.IsNullOrEmpty(password))

  357.                             paste.HashedPassword = PasteHelper.HashPassword(paste.Key, password);

  358.                         paste.FileName = fileName;

  359.                         paste.Title = model.Title;

  360.                         paste.Syntax = model.Syntax;

  361.                         paste.DateEdited = DateTime.Now;

  362. 

  363.                         _dbContext.Entry(paste).State = EntityState.Modified;

  364.                         _dbContext.SaveChanges();

  365. 

  366.                         return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url }));

  367.                     }

  368.                 }

  369.                 catch (Exception ex)

  370.                 {

  371.                     return Redirect(Url.SubRouteUrl("error", "Error.500", new { exception = ex }));

  372.                 }

  373.             }

  374.             return new StatusCodeResult(StatusCodes.Status403Forbidden);

  375.         }

  376. 

  377.         [HttpPost]

  378.         public IActionResult Delete(string id)

  379.         {

  380.             Models.Paste foundPaste = _dbContext.Pastes.Where(p => p.Url == id).FirstOrDefault();

  381.             if (foundPaste != null)

  382.             {

  383.                 if (foundPaste.User.Username == User.Identity.Name)

  384.                 {

  385.                     string filePath = foundPaste.FileName;

  386.                     // Delete from the DB

  387.                     _dbContext.Pastes.Remove(foundPaste);

  388.                     _dbContext.SaveChanges();

  389. 

  390.                     // Delete the File

  391.                     if (System.IO.File.Exists(filePath))

  392.                     {

  393.                         System.IO.File.Delete(filePath);

  394.                     }

  395. 

  396.                     return Json(new { result = true, redirect = Url.SubRouteUrl("p", "Paste.Index") });

  397.                 }

  398.                 return Json(new { error = new { message = "You do not have permission to edit this Paste" } });

  399.             }

  400.             return Json(new { error = new { message = "This Paste does not exist" } });

  401.         }

  402. 

  403.         private void CachePassword(string url, string password)

  404.         {

  405.             if (HttpContext != null && HttpContext.Session != null)

  406.             {

  407.                 HttpContext.Session?.Set("PastePassword_" + url, password);

  408.             }

  409.         }

  410. 

  411.         private string GetCachedPassword(string url)

  412.         {

  413.             if (HttpContext != null && HttpContext.Session != null)

  414.             {

  415.                 return HttpContext.Session.Get<string>("PastePassword_" + url);

  416.             }

  417.             return null;

  418.         }

  419. 

  420.         private void ClearCachedPassword(string url)

  421.         {

  422.             if (HttpContext != null)

  423.             {

  424.                 HttpContext.Session.Remove("PastePassword_" + url);

  425.             }

  426.         }

  427.     }

  428. }