The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UploadController.cs 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data.Entity;
  4. using System.IO;
  5. using System.Linq;
  6. using System.Web;
  7. using System.Web.Mvc;
  8. using Teknik.Areas.Error.ViewModels;
  9. using Teknik.Areas.Upload.Models;
  10. using Teknik.Areas.Upload.ViewModels;
  11. using Teknik.Controllers;
  12. using Teknik.Helpers;
  13. using Teknik.Models;
  14. namespace Teknik.Areas.Upload.Controllers
  15. {
  16. public class UploadController : DefaultController
  17. {
  18. private TeknikEntities db = new TeknikEntities();
  19. // GET: Upload/Upload
  20. [HttpGet]
  21. [AllowAnonymous]
  22. public ActionResult Index()
  23. {
  24. ViewBag.Title = "Teknik Upload - End to End Encryption";
  25. UploadViewModel model = new UploadViewModel();
  26. Areas.Profile.Models.User user = db.Users.Where(u => u.Username == User.Identity.Name).FirstOrDefault();
  27. if (user != null)
  28. {
  29. model.SaveKey = user.UploadSettings.SaveKey;
  30. model.ServerSideEncrypt = user.UploadSettings.ServerSideEncrypt;
  31. }
  32. else
  33. {
  34. model.SaveKey = false;
  35. model.ServerSideEncrypt = false;
  36. }
  37. return View(model);
  38. }
  39. [HttpPost]
  40. [AllowAnonymous]
  41. public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null)
  42. {
  43. if (Config.UploadConfig.UploadEnabled)
  44. {
  45. if (data.ContentLength <= Config.UploadConfig.MaxUploadSize)
  46. {
  47. // convert file to bytes
  48. byte[] fileData = null;
  49. int contentLength = data.ContentLength;
  50. using (var binaryReader = new BinaryReader(data.InputStream))
  51. {
  52. fileData = binaryReader.ReadBytes(data.ContentLength);
  53. }
  54. // if they want us to encrypt it, we do so here
  55. if (encrypt)
  56. {
  57. // Generate key and iv if empty
  58. if (string.IsNullOrEmpty(key))
  59. {
  60. key = Utility.RandomString(keySize / 8);
  61. }
  62. fileData = AES.Encrypt(fileData, key, iv);
  63. if (fileData == null || fileData.Length <= 0)
  64. {
  65. return Json(new { error = new { message = "Unable to encrypt file" } });
  66. }
  67. }
  68. Models.Upload upload = Uploader.SaveFile(fileData, fileType, contentLength, fileExt, iv, (saveKey) ? key : null, keySize, blockSize);
  69. if (upload != null)
  70. {
  71. if (User.Identity.IsAuthenticated)
  72. {
  73. Profile.Models.User user = db.Users.Where(u => u.Username == User.Identity.Name).FirstOrDefault();
  74. if (user != null)
  75. {
  76. upload.UserId = user.UserId;
  77. db.Entry(upload).State = EntityState.Modified;
  78. db.SaveChanges();
  79. }
  80. }
  81. return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain");
  82. }
  83. return Json(new { error = "Unable to upload file" });
  84. }
  85. else
  86. {
  87. return Json(new { error = "File Too Large" });
  88. }
  89. }
  90. return Json(new { error = "Uploads are disabled" });
  91. }
  92. // User did not supply key
  93. [HttpGet]
  94. [AllowAnonymous]
  95. public ActionResult Download(string file)
  96. {
  97. if (Config.UploadConfig.DownloadEnabled)
  98. {
  99. ViewBag.Title = "Teknik Download - " + file;
  100. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  101. if (upload != null)
  102. {
  103. upload.Downloads += 1;
  104. db.Entry(upload).State = EntityState.Modified;
  105. db.SaveChanges();
  106. // We don't have the key, so we need to decrypt it client side
  107. if (string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV))
  108. {
  109. DownloadViewModel model = new DownloadViewModel();
  110. model.FileName = file;
  111. model.ContentType = upload.ContentType;
  112. model.ContentLength = upload.ContentLength;
  113. model.IV = upload.IV;
  114. return View(model);
  115. }
  116. else // We have the key, so that means server side decryption
  117. {
  118. string subDir = upload.FileName[0].ToString();
  119. string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName);
  120. if (System.IO.File.Exists(filePath))
  121. {
  122. // Read in the file
  123. byte[] data = System.IO.File.ReadAllBytes(filePath);
  124. // If the IV is set, and Key is set, then decrypt it
  125. if (!string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV))
  126. {
  127. // Decrypt the data
  128. data = AES.Decrypt(data, upload.Key, upload.IV);
  129. }
  130. // Create content disposition
  131. var cd = new System.Net.Mime.ContentDisposition
  132. {
  133. FileName = upload.Url,
  134. Inline = true
  135. };
  136. Response.AppendHeader("Content-Disposition", cd.ToString());
  137. return File(data, upload.ContentType);
  138. }
  139. }
  140. }
  141. return Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  142. }
  143. return Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  144. }
  145. [HttpPost]
  146. [AllowAnonymous]
  147. public FileResult DownloadData(string file)
  148. {
  149. if (Config.UploadConfig.DownloadEnabled)
  150. {
  151. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  152. if (upload != null)
  153. {
  154. string subDir = upload.FileName[0].ToString();
  155. string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName);
  156. if (System.IO.File.Exists(filePath))
  157. {
  158. byte[] buffer;
  159. FileStream fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read);
  160. try
  161. {
  162. int length = (int)fileStream.Length; // get file length
  163. buffer = new byte[length]; // create buffer
  164. int count; // actual number of bytes read
  165. int sum = 0; // total number of bytes read
  166. // read until Read method returns 0 (end of the stream has been reached)
  167. while ((count = fileStream.Read(buffer, sum, length - sum)) > 0)
  168. sum += count; // sum is a buffer offset for next reading
  169. }
  170. finally
  171. {
  172. fileStream.Close();
  173. }
  174. return File(buffer, System.Net.Mime.MediaTypeNames.Application.Octet, file);
  175. }
  176. }
  177. Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  178. return null;
  179. }
  180. Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  181. return null;
  182. }
  183. [HttpGet]
  184. [AllowAnonymous]
  185. public ActionResult Delete(string file, string key)
  186. {
  187. ViewBag.Title = "File Delete - " + file + " - " + Config.Title;
  188. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  189. if (upload != null)
  190. {
  191. DeleteViewModel model = new DeleteViewModel();
  192. model.File = file;
  193. if (!string.IsNullOrEmpty(upload.DeleteKey) && upload.DeleteKey == key)
  194. {
  195. string filePath = upload.FileName;
  196. // Delete from the DB
  197. db.Uploads.Remove(upload);
  198. db.SaveChanges();
  199. // Delete the File
  200. if (System.IO.File.Exists(filePath))
  201. {
  202. System.IO.File.Delete(filePath);
  203. }
  204. model.Deleted = true;
  205. }
  206. else
  207. {
  208. model.Deleted = false;
  209. }
  210. return View(model);
  211. }
  212. return RedirectToRoute("Error.Http404");
  213. }
  214. [HttpPost]
  215. [AllowAnonymous]
  216. public ActionResult GenerateDeleteKey(string file)
  217. {
  218. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  219. if (upload != null)
  220. {
  221. string delKey = Utility.RandomString(Config.UploadConfig.DeleteKeyLength);
  222. upload.DeleteKey = delKey;
  223. db.Entry(upload).State = EntityState.Modified;
  224. db.SaveChanges();
  225. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Delete", new { file = file, key = delKey }) });
  226. }
  227. return Json(new { error = "Invalid URL" });
  228. }
  229. [HttpPost]
  230. [AllowAnonymous]
  231. public ActionResult SaveFileKey(string file, string key)
  232. {
  233. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  234. if (upload != null)
  235. {
  236. upload.Key = key;
  237. db.Entry(upload).State = EntityState.Modified;
  238. db.SaveChanges();
  239. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  240. }
  241. return Json(new { error = "Invalid URL" });
  242. }
  243. [HttpPost]
  244. [AllowAnonymous]
  245. public ActionResult RemoveFileKey(string file, string key)
  246. {
  247. Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
  248. if (upload != null)
  249. {
  250. if (upload.Key == key)
  251. {
  252. upload.Key = null;
  253. db.Entry(upload).State = EntityState.Modified;
  254. db.SaveChanges();
  255. return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) });
  256. }
  257. return Json(new { error = "Non-Matching Key" });
  258. }
  259. return Json(new { error = "Invalid URL" });
  260. }
  261. }
  262. }