Browse Source

- Added better cache check for downloads.

- Fixed error redirects not forcing https
pull/111/head
Teknikode 6 years ago
parent
commit
7070128efb
  1. 83
      Teknik/Areas/Error/Controllers/ErrorController.cs
  2. 27
      Teknik/Areas/Upload/Controllers/UploadController.cs
  3. 9
      Teknik/Controllers/DefaultController.cs
  4. 1
      Teknik/Global.asax.cs

83
Teknik/Areas/Error/Controllers/ErrorController.cs

@ -30,13 +30,7 @@ namespace Teknik.Areas.Error.Controllers @@ -30,13 +30,7 @@ namespace Teknik.Areas.Error.Controllers
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "General Exception";
if (Request != null && Request.Url != null)
{
errorMessage += " on page: " + Request.Url.AbsoluteUri;
}
Logger.WriteEntry(LogLevel.Error, errorMessage, exception);
LogError(LogLevel.Error, "General Exception", exception);
ErrorViewModel model = new ErrorViewModel();
model.Exception = exception;
@ -57,13 +51,7 @@ namespace Teknik.Areas.Error.Controllers @@ -57,13 +51,7 @@ namespace Teknik.Areas.Error.Controllers
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "General HTTP Exception";
if (Request != null && Request.Url != null)
{
errorMessage += " on page: " + Request.Url.AbsoluteUri;
}
Logger.WriteEntry(LogLevel.Error, errorMessage, exception);
LogError(LogLevel.Error, "General HTTP Exception", exception);
ErrorViewModel model = new ErrorViewModel();
model.Description = exception.Message;
@ -84,13 +72,7 @@ namespace Teknik.Areas.Error.Controllers @@ -84,13 +72,7 @@ namespace Teknik.Areas.Error.Controllers
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "Unauthorized";
if (Request != null && Request.Url != null)
{
errorMessage += " for page: " + Request.Url.AbsoluteUri;
}
Logger.WriteEntry(LogLevel.Error, errorMessage, exception);
LogError(LogLevel.Error, "Unauthorized", exception);
ErrorViewModel model = new ErrorViewModel();
model.Exception = exception;
@ -110,13 +92,7 @@ namespace Teknik.Areas.Error.Controllers @@ -110,13 +92,7 @@ namespace Teknik.Areas.Error.Controllers
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "Access Denied";
if (Request != null && Request.Url != null)
{
errorMessage += " on page: " + Request.Url.AbsoluteUri;
}
Logger.WriteEntry(LogLevel.Error, errorMessage, exception);
LogError(LogLevel.Error, "Access Denied", exception);
ErrorViewModel model = new ErrorViewModel();
model.Exception = exception;
@ -136,24 +112,7 @@ namespace Teknik.Areas.Error.Controllers @@ -136,24 +112,7 @@ namespace Teknik.Areas.Error.Controllers
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "Page Not Found";
if (Request != null)
{
if (Request.Url != null)
{
errorMessage += " for page: " + Request.Url.AbsoluteUri;
}
if (Request.UrlReferrer != null)
{
errorMessage += " | for referred page: " + Request.Url.AbsoluteUri;
}
errorMessage += " | using Method: " + Request.HttpMethod;
}
Logger.WriteEntry(LogLevel.Warning, errorMessage, exception);
LogError(LogLevel.Warning, "Page Not Found", exception);
ErrorViewModel model = new ErrorViewModel();
model.Exception = exception;
@ -173,19 +132,35 @@ namespace Teknik.Areas.Error.Controllers @@ -173,19 +132,35 @@ namespace Teknik.Areas.Error.Controllers
Response.StatusCode = 500;
Response.TrySkipIisCustomErrors = true;
}
string errorMessage = "Server Error";
if (Request != null && Request.Url != null)
{
errorMessage += " on page: " + Request.Url.AbsoluteUri;
}
Logger.WriteEntry(LogLevel.Error, errorMessage, exception);
LogError(LogLevel.Error, "Server Error", exception);
ErrorViewModel model = new ErrorViewModel();
model.Exception = exception;
return View("~/Areas/Error/Views/Error/Http500.cshtml", model);
}
private void LogError(LogLevel level, string message, Exception exception)
{
if (Request != null)
{
if (Request.Url != null)
{
message += " | Url: " + Request.Url.AbsoluteUri;
}
if (Request.UrlReferrer != null)
{
message += " | Referred Url: " + Request.Url.AbsoluteUri;
}
message += " | Method: " + Request.HttpMethod;
message += " | User Agent: " + Request.UserAgent;
}
Logger.WriteEntry(level, message, exception);
}
}
}

27
Teknik/Areas/Upload/Controllers/UploadController.cs

@ -171,18 +171,28 @@ namespace Teknik.Areas.Upload.Controllers @@ -171,18 +171,28 @@ namespace Teknik.Areas.Upload.Controllers
}
else // We have the key, so that means server side decryption
{
// Are they downloading it by range?
bool byRange = !string.IsNullOrEmpty(Request.ServerVariables["HTTP_RANGE"]); // We do not support ranges
bool isCached = !string.IsNullOrEmpty(Request.Headers["If-Modified-Since"]); // Check to see if they have a cache
// Check for the cache
bool isCached = false;
string modifiedSince = Request.Headers["If-Modified-Since"];
if (!string.IsNullOrEmpty(modifiedSince))
{
DateTime modTime = new DateTime();
bool parsed = DateTime.TryParse(modifiedSince, out modTime);
if (parsed)
{
if ((modTime - dateUploaded).TotalSeconds <= 1)
{
isCached = true;
}
}
}
if (isCached)
{
// The file is cached, let's just 304 this
Response.StatusCode = 304;
Response.StatusDescription = "Not Modified";
Response.AddHeader("Content-Length", "0");
return Content(string.Empty);
return new EmptyResult();
}
else
{
@ -194,6 +204,9 @@ namespace Teknik.Areas.Upload.Controllers @@ -194,6 +204,9 @@ namespace Teknik.Areas.Upload.Controllers
if (System.IO.File.Exists(filePath))
{
#region Range Calculation
// Are they downloading it by range?
bool byRange = !string.IsNullOrEmpty(Request.ServerVariables["HTTP_RANGE"]); // We do not support ranges
// check to see if we need to pass a specified range
if (byRange)
{
@ -274,7 +287,7 @@ namespace Teknik.Areas.Upload.Controllers @@ -274,7 +287,7 @@ namespace Teknik.Areas.Upload.Controllers
Response.AddHeader("Content-Disposition", cd.ToString());
// Apply content security policy for downloads
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");
// Read in the file
FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);

9
Teknik/Controllers/DefaultController.cs

@ -54,8 +54,7 @@ namespace Teknik.Controllers @@ -54,8 +54,7 @@ namespace Teknik.Controllers
{
this.InvokeHttp404(HttpContext);
}
[HttpGet]
[AllowAnonymous]
public ActionResult InvokeHttp404(HttpContextBase httpContext)
{
@ -73,7 +72,6 @@ namespace Teknik.Controllers @@ -73,7 +72,6 @@ namespace Teknik.Controllers
}
// Get the Favicon
[HttpGet]
[AllowAnonymous]
public ActionResult Favicon()
{
@ -83,7 +81,6 @@ namespace Teknik.Controllers @@ -83,7 +81,6 @@ namespace Teknik.Controllers
}
// Get the Logo
[HttpGet]
[AllowAnonymous]
public ActionResult Logo()
{
@ -93,7 +90,6 @@ namespace Teknik.Controllers @@ -93,7 +90,6 @@ namespace Teknik.Controllers
}
// Get the Robots.txt
[HttpGet]
[AllowAnonymous]
public ActionResult Robots()
{
@ -101,8 +97,7 @@ namespace Teknik.Controllers @@ -101,8 +97,7 @@ namespace Teknik.Controllers
string file = Server.MapPath(Constants.ROBOTS_PATH);
return File(file, "text/plain");
}
[HttpGet]
[AllowAnonymous]
public ActionResult NotFound()
{

1
Teknik/Global.asax.cs

@ -159,6 +159,7 @@ namespace Teknik @@ -159,6 +159,7 @@ namespace Teknik
routeData.DataTokens.Add("namespaces", new[] { typeof(ErrorController).Namespace });
routeData.DataTokens.Add("area", "Error");
routeData.Values.Add("controller", "Error");
routeData.Values.Add("scheme", "https");
if (httpException == null)
{

Loading…
Cancel
Save