The next generation of the Teknik Services. Written in ASP.NET.
https://www.teknik.io/
Du kan inte välja fler än 25 ämnen
Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
420 rader
18 KiB
420 rader
18 KiB
using System; |
|
using System.Collections.Generic; |
|
using System.Linq; |
|
using System.Text; |
|
using Teknik.Areas.Paste.ViewModels; |
|
using Teknik.Areas.Users.Utility; |
|
using Teknik.Controllers; |
|
using Teknik.Filters; |
|
using Teknik.Utilities; |
|
using Teknik.Models; |
|
using Teknik.Attributes; |
|
using Teknik.Utilities.Cryptography; |
|
using Microsoft.Extensions.Logging; |
|
using Teknik.Configuration; |
|
using Teknik.Data; |
|
using Microsoft.AspNetCore.Authorization; |
|
using Microsoft.AspNetCore.Mvc; |
|
using Microsoft.EntityFrameworkCore; |
|
using Microsoft.AspNetCore.Http; |
|
using Teknik.Logging; |
|
using System.IO; |
|
using System.Threading.Tasks; |
|
using Microsoft.AspNetCore.Diagnostics; |
|
|
|
namespace Teknik.Areas.Paste.Controllers |
|
{ |
|
[Authorize] |
|
[Area("Paste")] |
|
public class PasteController : DefaultController |
|
{ |
|
public PasteController(ILogger<Logger> logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { } |
|
|
|
[AllowAnonymous] |
|
public IActionResult Index() |
|
{ |
|
ViewBag.Title = "Pastebin"; |
|
ViewBag.Description = "Paste your code or text easily and securely. Set an expiration, set a password, or leave it open for the world to see."; |
|
PasteCreateViewModel model = new PasteCreateViewModel(); |
|
return View(model); |
|
} |
|
|
|
[AllowAnonymous] |
|
public async Task<IActionResult> ViewPaste(string type, string url, string password) |
|
{ |
|
Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault(); |
|
if (paste != null) |
|
{ |
|
ViewBag.Title = paste.Title + " | Pastebin"; |
|
ViewBag.Description = "Paste your code or text easily and securely. Set an expiration, set a password, or leave it open for the world to see."; |
|
// Increment Views |
|
paste.Views += 1; |
|
_dbContext.Entry(paste).State = EntityState.Modified; |
|
_dbContext.SaveChanges(); |
|
|
|
// Check Expiration |
|
if (PasteHelper.CheckExpiration(paste)) |
|
{ |
|
_dbContext.Pastes.Remove(paste); |
|
_dbContext.SaveChanges(); |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
PasteViewModel model = new PasteViewModel(); |
|
model.Url = url; |
|
model.Title = paste.Title; |
|
model.Syntax = paste.Syntax; |
|
model.DatePosted = paste.DatePosted; |
|
model.Username = paste.User?.Username; |
|
|
|
if (User.Identity.IsAuthenticated && type.ToLower() == "full") |
|
{ |
|
Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name); |
|
if (user != null) |
|
{ |
|
model.Vaults = user.Vaults.ToList(); |
|
} |
|
} |
|
|
|
byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV); |
|
byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize); |
|
|
|
// The paste has a password set |
|
if (!string.IsNullOrEmpty(paste.HashedPassword)) |
|
{ |
|
if (string.IsNullOrEmpty(password)) |
|
{ |
|
// Try to get the password from the session |
|
password = GetCachedPassword(url); |
|
} |
|
string hash = string.Empty; |
|
if (!string.IsNullOrEmpty(password)) |
|
{ |
|
hash = PasteHelper.HashPassword(paste.Key, password); |
|
keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize); |
|
} |
|
if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) |
|
{ |
|
PasswordViewModel passModel = new PasswordViewModel(); |
|
passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.View"); |
|
passModel.Url = url; |
|
passModel.Type = type; |
|
|
|
if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) |
|
{ |
|
passModel.Error = true; |
|
passModel.ErrorMessage = "Invalid Password"; |
|
} |
|
|
|
// Redirect them to the password request page |
|
return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel); |
|
} |
|
} |
|
|
|
// Save the password to the cache |
|
CachePassword(url, password); |
|
|
|
// Read in the file |
|
string subDir = paste.FileName[0].ToString(); |
|
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); |
|
if (!System.IO.File.Exists(filePath)) |
|
{ |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read)) |
|
using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes)) |
|
using (StreamReader sr = new StreamReader(cs, Encoding.Unicode)) |
|
{ |
|
model.Content = await sr.ReadToEndAsync(); |
|
} |
|
|
|
switch (type.ToLower()) |
|
{ |
|
case "full": |
|
return View("~/Areas/Paste/Views/Paste/Full.cshtml", model); |
|
case "simple": |
|
return View("~/Areas/Paste/Views/Paste/Simple.cshtml", model); |
|
case "raw": |
|
return Content(model.Content, "text/plain"); |
|
case "download": |
|
//Create File |
|
var cd = new System.Net.Mime.ContentDisposition |
|
{ |
|
FileName = url + ".txt", |
|
Inline = true |
|
}; |
|
|
|
Response.Headers.Add("Content-Disposition", cd.ToString()); |
|
|
|
FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read); |
|
return new BufferedFileStreamResult("application/octet-stream", async (response) => await ResponseHelper.StreamToOutput(response, true, new AesCounterStream(fs, false, keyBytes, ivBytes), (int)fs.Length, _config.PasteConfig.ChunkSize), false); |
|
default: |
|
return View("~/Areas/Paste/Views/Paste/Full.cshtml", model); |
|
} |
|
} |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
[HttpPost] |
|
[AllowAnonymous] |
|
[DisableRequestSizeLimit] |
|
public IActionResult Paste([Bind("Content, Title, Syntax, ExpireLength, ExpireUnit, Password")]PasteCreateViewModel model) |
|
{ |
|
if (ModelState.IsValid) |
|
{ |
|
if (_config.PasteConfig.Enabled) |
|
{ |
|
try |
|
{ |
|
Models.Paste paste = PasteHelper.CreatePaste(_config, _dbContext, model.Content, model.Title, model.Syntax, model.ExpireUnit, model.ExpireLength ?? 1, model.Password); |
|
|
|
if (model.ExpireUnit == ExpirationUnit.Views) |
|
{ |
|
paste.Views = -1; |
|
} |
|
|
|
if (User.Identity.IsAuthenticated) |
|
{ |
|
Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name); |
|
if (user != null) |
|
{ |
|
paste.UserId = user.UserId; |
|
} |
|
} |
|
|
|
_dbContext.Pastes.Add(paste); |
|
_dbContext.SaveChanges(); |
|
|
|
// Cache the password |
|
CachePassword(paste.Url, model.Password); |
|
|
|
return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url })); |
|
} |
|
catch (Exception ex) |
|
{ |
|
return Redirect(Url.SubRouteUrl("error", "Error.500", new { exception = ex })); |
|
} |
|
} |
|
return new StatusCodeResult(StatusCodes.Status403Forbidden); |
|
} |
|
return View("~/Areas/Paste/Views/Paste/Index.cshtml", model); |
|
} |
|
|
|
public async Task<IActionResult> Edit(string url, string password) |
|
{ |
|
Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault(); |
|
if (paste != null) |
|
{ |
|
if (paste.User?.Username != User.Identity.Name) |
|
return new StatusCodeResult(StatusCodes.Status403Forbidden); |
|
|
|
ViewBag.Title = "Edit Paste"; |
|
ViewBag.Description = "Edit your paste's content."; |
|
|
|
// Check Expiration |
|
if (PasteHelper.CheckExpiration(paste)) |
|
{ |
|
_dbContext.Pastes.Remove(paste); |
|
_dbContext.SaveChanges(); |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
PasteViewModel model = new PasteViewModel(); |
|
model.Url = url; |
|
model.Title = paste.Title; |
|
model.Syntax = paste.Syntax; |
|
model.DatePosted = paste.DatePosted; |
|
model.Username = paste.User?.Username; |
|
|
|
byte[] ivBytes = Encoding.Unicode.GetBytes(paste.IV); |
|
byte[] keyBytes = AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize); |
|
|
|
// The paste has a password set |
|
if (!string.IsNullOrEmpty(paste.HashedPassword)) |
|
{ |
|
if (string.IsNullOrEmpty(password)) |
|
{ |
|
// Try to get the password from the session |
|
password = GetCachedPassword(url); |
|
} |
|
string hash = string.Empty; |
|
if (!string.IsNullOrEmpty(password)) |
|
{ |
|
hash = PasteHelper.HashPassword(paste.Key, password); |
|
keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize); |
|
} |
|
if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) |
|
{ |
|
PasswordViewModel passModel = new PasswordViewModel(); |
|
passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit"); |
|
passModel.Url = url; |
|
|
|
if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) |
|
{ |
|
passModel.Error = true; |
|
passModel.ErrorMessage = "Invalid Password"; |
|
} |
|
|
|
// Redirect them to the password request page |
|
return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel); |
|
} |
|
} |
|
|
|
// Cache the password |
|
CachePassword(url, password); |
|
|
|
// Read in the file |
|
string subDir = paste.FileName[0].ToString(); |
|
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); |
|
if (!System.IO.File.Exists(filePath)) |
|
{ |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read)) |
|
using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes)) |
|
using (StreamReader sr = new StreamReader(cs, Encoding.Unicode)) |
|
{ |
|
model.Content = await sr.ReadToEndAsync(); |
|
} |
|
|
|
return View("~/Areas/Paste/Views/Paste/Edit.cshtml", model); |
|
} |
|
return new StatusCodeResult(StatusCodes.Status404NotFound); |
|
} |
|
|
|
[HttpPost] |
|
[DisableRequestSizeLimit] |
|
public IActionResult EditSubmit([Bind("Content, Title, Syntax, Url")]PasteEditViewModel model) |
|
{ |
|
if (_config.PasteConfig.Enabled) |
|
{ |
|
try |
|
{ |
|
Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == model.Url).FirstOrDefault(); |
|
if (paste != null) |
|
{ |
|
if (paste.User?.Username != User.Identity.Name) |
|
return new StatusCodeResult(StatusCodes.Status403Forbidden); |
|
|
|
string password = null; |
|
// The paste has a password set |
|
if (!string.IsNullOrEmpty(paste.HashedPassword)) |
|
{ |
|
// Try to get the password from the session |
|
password = GetCachedPassword(model.Url); |
|
string hash = string.Empty; |
|
if (!string.IsNullOrEmpty(password)) |
|
{ |
|
hash = PasteHelper.HashPassword(paste.Key, password); |
|
} |
|
if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) |
|
{ |
|
PasswordViewModel passModel = new PasswordViewModel(); |
|
passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit"); |
|
passModel.Url = model.Url; |
|
|
|
if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) |
|
{ |
|
passModel.Error = true; |
|
passModel.ErrorMessage = "Invalid Password"; |
|
} |
|
|
|
// Redirect them to the password request page |
|
return View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel); |
|
} |
|
} |
|
|
|
// Delete the old file |
|
string subDir = paste.FileName[0].ToString(); |
|
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); |
|
if (System.IO.File.Exists(filePath)) |
|
System.IO.File.Delete(filePath); |
|
|
|
// Generate a unique file name that does not currently exist |
|
string newFilePath = FileHelper.GenerateRandomFileName(_config.PasteConfig.PasteDirectory, _config.PasteConfig.FileExtension, 10); |
|
string fileName = Path.GetFileName(newFilePath); |
|
|
|
string key = PasteHelper.GenerateKey(_config.PasteConfig.KeySize); |
|
string iv = PasteHelper.GenerateIV(_config.PasteConfig.BlockSize); |
|
|
|
PasteHelper.EncryptContents(model.Content, newFilePath, password, key, iv, _config.PasteConfig.KeySize, _config.PasteConfig.ChunkSize); |
|
|
|
paste.Key = key; |
|
paste.KeySize = _config.PasteConfig.KeySize; |
|
paste.IV = iv; |
|
paste.BlockSize = _config.PasteConfig.BlockSize; |
|
|
|
paste.HashedPassword = PasteHelper.HashPassword(paste.Key, password); |
|
paste.FileName = fileName; |
|
paste.Title = model.Title; |
|
paste.Syntax = model.Syntax; |
|
paste.DateEdited = DateTime.Now; |
|
|
|
_dbContext.Entry(paste).State = EntityState.Modified; |
|
_dbContext.SaveChanges(); |
|
|
|
return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url })); |
|
} |
|
} |
|
catch (Exception ex) |
|
{ |
|
return Redirect(Url.SubRouteUrl("error", "Error.500", new { exception = ex })); |
|
} |
|
} |
|
return new StatusCodeResult(StatusCodes.Status403Forbidden); |
|
} |
|
|
|
[HttpPost] |
|
public IActionResult Delete(string id) |
|
{ |
|
Models.Paste foundPaste = _dbContext.Pastes.Where(p => p.Url == id).FirstOrDefault(); |
|
if (foundPaste != null) |
|
{ |
|
if (foundPaste.User.Username == User.Identity.Name) |
|
{ |
|
string filePath = foundPaste.FileName; |
|
// Delete from the DB |
|
_dbContext.Pastes.Remove(foundPaste); |
|
_dbContext.SaveChanges(); |
|
|
|
// Delete the File |
|
if (System.IO.File.Exists(filePath)) |
|
{ |
|
System.IO.File.Delete(filePath); |
|
} |
|
|
|
return Json(new { result = true, redirect = Url.SubRouteUrl("p", "Paste.Index") }); |
|
} |
|
return Json(new { error = new { message = "You do not have permission to edit this Paste" } }); |
|
} |
|
return Json(new { error = new { message = "This Paste does not exist" } }); |
|
} |
|
|
|
private void CachePassword(string url, string password) |
|
{ |
|
if (HttpContext != null) |
|
{ |
|
HttpContext.Session.Set("PastePassword_" + url, password); |
|
} |
|
} |
|
|
|
private string GetCachedPassword(string url) |
|
{ |
|
if (HttpContext != null) |
|
{ |
|
return HttpContext.Session.Get<string>("PastePassword_" + url); |
|
} |
|
return null; |
|
} |
|
|
|
private void ClearCachedPassword(string url) |
|
{ |
|
if (HttpContext != null) |
|
{ |
|
HttpContext.Session.Remove("PastePassword_" + url); |
|
} |
|
} |
|
} |
|
} |