diff --git a/Teknik/Areas/Upload/Controllers/UploadController.cs b/Teknik/Areas/Upload/Controllers/UploadController.cs index 3c45b5b..55cde51 100644 --- a/Teknik/Areas/Upload/Controllers/UploadController.cs +++ b/Teknik/Areas/Upload/Controllers/UploadController.cs @@ -57,13 +57,12 @@ namespace Teknik.Areas.Upload.Controllers if (upload != null) { // We don't have the key, so we need to decrypt it client side - if (upload.Key == null) + if (string.IsNullOrEmpty(upload.Key)) { DownloadViewModel model = new DownloadViewModel(); model.FileName = file; model.ContentType = upload.ContentType; model.ContentLength = upload.ContentLength; - model.Key = upload.Key; model.IV = upload.IV; return View(model); @@ -193,5 +192,25 @@ namespace Teknik.Areas.Upload.Controllers } return Json(new { error = "Invalid URL" }); } + + [HttpPost] + [AllowAnonymous] + [ValidateAntiForgeryToken] + public ActionResult RemoveFileKey(string file, string key) + { + Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); + if (upload != null) + { + if (upload.Key == key) + { + upload.Key = null; + db.Entry(upload).State = EntityState.Modified; + db.SaveChanges(); + return Json(new { result = Url.SubRouteUrl("upload", "Upload.Download", new { file = file }) }); + } + return Json(new { error = "Non-Matching Key" }); + } + return Json(new { error = "Invalid URL" }); + } } } \ No newline at end of file diff --git a/Teknik/Areas/Upload/Scripts/Download.js b/Teknik/Areas/Upload/Scripts/Download.js index a35ff77..76ea9a5 100644 --- a/Teknik/Areas/Upload/Scripts/Download.js +++ b/Teknik/Areas/Upload/Scripts/Download.js @@ -1,6 +1,7 @@ $(document).ready(downloadFile); function downloadFile() { + var key = window.location.hash.substring(1); var fd = new FormData(); fd.append('file', fileName); fd.append('__RequestVerificationToken', $('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val()); diff --git a/Teknik/Areas/Upload/Scripts/Upload.js b/Teknik/Areas/Upload/Scripts/Upload.js index b82d5d5..73e9b63 100644 --- a/Teknik/Areas/Upload/Scripts/Upload.js +++ b/Teknik/Areas/Upload/Scripts/Upload.js @@ -11,7 +11,31 @@ function linkSaveKey(selector, uploadID, key, fileID) { data: AddAntiForgeryToken({ file: uploadID, key: key }), success: function (html) { if (html.result) { + $('#key-link-' + fileID).html(''); $('#upload-link-' + fileID).html('

' + html.result + '

'); + linkRemoveKey('#remove-key-link-' + fileID + '', uploadID, key, fileID); + } + else { + $("#top_msg").css('display', 'inline', 'important'); + $("#top_msg").html('
' + html.error + '
'); + } + } + }); + return false; + }); +} + +function linkRemoveKey(selector, uploadID, key, fileID) { + $(selector).click(function () { + $.ajax({ + type: "POST", + url: removeKeyFromServerURL, + data: AddAntiForgeryToken({ file: uploadID, key: key }), + success: function (html) { + if (html.result) { + $('#key-link-' + fileID).html(''); + $('#upload-link-' + fileID).html('

' + html.result + '#' + key + '

'); + linkSaveKey('#save-key-link-' + fileID + '', uploadID, key, fileID); } else { $("#top_msg").css('display', 'inline', 'important'); @@ -221,13 +245,13 @@ function uploadProgress(fileID, evt) { function uploadComplete(fileID, key, evt) { obj = JSON.parse(evt.target.responseText); var name = obj.result.name; - var fullName = decodeURIComponent(obj.result.url); + var fullName = obj.result.url; $('#progress-' + fileID).children('.progress-bar').css('width', '100%'); $('#progress-' + fileID).children('.progress-bar').html('Complete'); $('#upload-link-' + fileID).html('

' + fullName + '#' + key + '

'); $('#link-footer-' + fileID).html(' \
\ -
\ +
\ \
\
\ diff --git a/Teknik/Areas/Upload/Uploader.cs b/Teknik/Areas/Upload/Uploader.cs index 4372bcf..69cf9fe 100644 --- a/Teknik/Areas/Upload/Uploader.cs +++ b/Teknik/Areas/Upload/Uploader.cs @@ -44,8 +44,8 @@ namespace Teknik.Areas.Upload upload.DateUploaded = DateTime.Now; upload.Url = url; upload.FileName = fileName; + upload.ContentType = (!string.IsNullOrEmpty(contentType)) ? contentType : "application/octet-stream"; upload.ContentLength = file.ContentLength; - upload.ContentType = contentType; upload.Key = key; upload.IV = iv; diff --git a/Teknik/Areas/Upload/ViewModels/DownloadViewModel.cs b/Teknik/Areas/Upload/ViewModels/DownloadViewModel.cs index 0c63b9d..3a65390 100644 --- a/Teknik/Areas/Upload/ViewModels/DownloadViewModel.cs +++ b/Teknik/Areas/Upload/ViewModels/DownloadViewModel.cs @@ -11,7 +11,6 @@ namespace Teknik.Areas.Upload.ViewModels public string FileName { get; set; } public string ContentType { get; set; } public int ContentLength { get; set; } - public string Key { get; set; } public string IV { get; set; } } } \ No newline at end of file diff --git a/Teknik/Areas/Upload/Views/Upload/Download.cshtml b/Teknik/Areas/Upload/Views/Upload/Download.cshtml index ae595d6..8c4a93e 100644 --- a/Teknik/Areas/Upload/Views/Upload/Download.cshtml +++ b/Teknik/Areas/Upload/Views/Upload/Download.cshtml @@ -6,11 +6,6 @@ var downloadDataUrl = '@Url.SubRouteUrl("upload", "Upload.Action", new { action = "DownloadData" })'; var fileName = '@Model.FileName'; var fileType = '@Model.ContentType'; - var key = window.location.hash.substring(1); - if (key == null) - { - key = '@((Model.Key != null) ? Model.Key : string.Empty)'; - } var iv = '@Model.IV'; var chunkSize = @(Model.Config.UploadConfig.ChunkSize); diff --git a/Teknik/Areas/Upload/Views/Upload/Index.cshtml b/Teknik/Areas/Upload/Views/Upload/Index.cshtml index 44cbb9f..cd5702f 100644 --- a/Teknik/Areas/Upload/Views/Upload/Index.cshtml +++ b/Teknik/Areas/Upload/Views/Upload/Index.cshtml @@ -5,6 +5,7 @@ var aesScriptSrc = '@Scripts.Url("~/bundles/crypto")'; var generateDeleteKeyURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "GenerateDeleteKey" })'; var saveKeyToServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "SaveFileKey" })'; + var removeKeyFromServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "RemoveFileKey" })'; var uploadFileURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action = "Upload" })'; var maxUploadSize = @Model.Config.UploadConfig.MaxUploadSize; var chunkSize = @Model.Config.UploadConfig.ChunkSize; @@ -35,13 +36,6 @@
-
-
-
- -
-
-
@@ -51,7 +45,10 @@

- Each file is encrypted on upload using an AES-256-CTR cipher. If you wish to view the file decrypted, you must use the direct Teknik link. + Each file is encrypted on upload using an AES-256-CTR cipher. +

+

+ To view the file decrypted, you must use the direct Teknik link in a javascript enabled browser or save the key to the server.

The maximum file size per upload is @Utility.GetBytesReadable(Model.Config.UploadConfig.MaxUploadSize)