diff --git a/Teknik/Areas/Error/Controllers/ErrorController.cs b/Teknik/Areas/Error/Controllers/ErrorController.cs index bb41767..99a72bc 100644 --- a/Teknik/Areas/Error/Controllers/ErrorController.cs +++ b/Teknik/Areas/Error/Controllers/ErrorController.cs @@ -30,13 +30,7 @@ namespace Teknik.Areas.Error.Controllers Response.TrySkipIisCustomErrors = true; } - string errorMessage = "General Exception"; - if (Request != null && Request.Url != null) - { - errorMessage += " on page: " + Request.Url.AbsoluteUri; - } - - Logger.WriteEntry(LogLevel.Error, errorMessage, exception); + LogError(LogLevel.Error, "General Exception", exception); ErrorViewModel model = new ErrorViewModel(); model.Exception = exception; @@ -57,13 +51,7 @@ namespace Teknik.Areas.Error.Controllers Response.TrySkipIisCustomErrors = true; } - string errorMessage = "General HTTP Exception"; - if (Request != null && Request.Url != null) - { - errorMessage += " on page: " + Request.Url.AbsoluteUri; - } - - Logger.WriteEntry(LogLevel.Error, errorMessage, exception); + LogError(LogLevel.Error, "General HTTP Exception", exception); ErrorViewModel model = new ErrorViewModel(); model.Description = exception.Message; @@ -84,13 +72,7 @@ namespace Teknik.Areas.Error.Controllers Response.TrySkipIisCustomErrors = true; } - string errorMessage = "Unauthorized"; - if (Request != null && Request.Url != null) - { - errorMessage += " for page: " + Request.Url.AbsoluteUri; - } - - Logger.WriteEntry(LogLevel.Error, errorMessage, exception); + LogError(LogLevel.Error, "Unauthorized", exception); ErrorViewModel model = new ErrorViewModel(); model.Exception = exception; @@ -110,13 +92,7 @@ namespace Teknik.Areas.Error.Controllers Response.TrySkipIisCustomErrors = true; } - string errorMessage = "Access Denied"; - if (Request != null && Request.Url != null) - { - errorMessage += " on page: " + Request.Url.AbsoluteUri; - } - - Logger.WriteEntry(LogLevel.Error, errorMessage, exception); + LogError(LogLevel.Error, "Access Denied", exception); ErrorViewModel model = new ErrorViewModel(); model.Exception = exception; @@ -136,24 +112,7 @@ namespace Teknik.Areas.Error.Controllers Response.TrySkipIisCustomErrors = true; } - string errorMessage = "Page Not Found"; - - if (Request != null) - { - if (Request.Url != null) - { - errorMessage += " for page: " + Request.Url.AbsoluteUri; - } - - if (Request.UrlReferrer != null) - { - errorMessage += " | for referred page: " + Request.Url.AbsoluteUri; - } - - errorMessage += " | using Method: " + Request.HttpMethod; - } - - Logger.WriteEntry(LogLevel.Warning, errorMessage, exception); + LogError(LogLevel.Warning, "Page Not Found", exception); ErrorViewModel model = new ErrorViewModel(); model.Exception = exception; @@ -173,19 +132,35 @@ namespace Teknik.Areas.Error.Controllers Response.StatusCode = 500; Response.TrySkipIisCustomErrors = true; } - - string errorMessage = "Server Error"; - if (Request != null && Request.Url != null) - { - errorMessage += " on page: " + Request.Url.AbsoluteUri; - } - - Logger.WriteEntry(LogLevel.Error, errorMessage, exception); + + LogError(LogLevel.Error, "Server Error", exception); ErrorViewModel model = new ErrorViewModel(); model.Exception = exception; return View("~/Areas/Error/Views/Error/Http500.cshtml", model); } + + private void LogError(LogLevel level, string message, Exception exception) + { + if (Request != null) + { + if (Request.Url != null) + { + message += " | Url: " + Request.Url.AbsoluteUri; + } + + if (Request.UrlReferrer != null) + { + message += " | Referred Url: " + Request.Url.AbsoluteUri; + } + + message += " | Method: " + Request.HttpMethod; + + message += " | User Agent: " + Request.UserAgent; + } + + Logger.WriteEntry(level, message, exception); + } } } \ No newline at end of file diff --git a/Teknik/Areas/Upload/Controllers/UploadController.cs b/Teknik/Areas/Upload/Controllers/UploadController.cs index 6e4f08d..9d13fea 100644 --- a/Teknik/Areas/Upload/Controllers/UploadController.cs +++ b/Teknik/Areas/Upload/Controllers/UploadController.cs @@ -171,18 +171,28 @@ namespace Teknik.Areas.Upload.Controllers } else // We have the key, so that means server side decryption { - // Are they downloading it by range? - bool byRange = !string.IsNullOrEmpty(Request.ServerVariables["HTTP_RANGE"]); // We do not support ranges - - bool isCached = !string.IsNullOrEmpty(Request.Headers["If-Modified-Since"]); // Check to see if they have a cache + // Check for the cache + bool isCached = false; + string modifiedSince = Request.Headers["If-Modified-Since"]; + if (!string.IsNullOrEmpty(modifiedSince)) + { + DateTime modTime = new DateTime(); + bool parsed = DateTime.TryParse(modifiedSince, out modTime); + if (parsed) + { + if ((modTime - dateUploaded).TotalSeconds <= 1) + { + isCached = true; + } + } + } if (isCached) { // The file is cached, let's just 304 this Response.StatusCode = 304; Response.StatusDescription = "Not Modified"; - Response.AddHeader("Content-Length", "0"); - return Content(string.Empty); + return new EmptyResult(); } else { @@ -194,6 +204,9 @@ namespace Teknik.Areas.Upload.Controllers if (System.IO.File.Exists(filePath)) { #region Range Calculation + // Are they downloading it by range? + bool byRange = !string.IsNullOrEmpty(Request.ServerVariables["HTTP_RANGE"]); // We do not support ranges + // check to see if we need to pass a specified range if (byRange) { @@ -274,7 +287,7 @@ namespace Teknik.Areas.Upload.Controllers Response.AddHeader("Content-Disposition", cd.ToString()); // Apply content security policy for downloads - Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';"); + Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';"); // Read in the file FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read); diff --git a/Teknik/Controllers/DefaultController.cs b/Teknik/Controllers/DefaultController.cs index f99e464..8fd03bd 100644 --- a/Teknik/Controllers/DefaultController.cs +++ b/Teknik/Controllers/DefaultController.cs @@ -54,8 +54,7 @@ namespace Teknik.Controllers { this.InvokeHttp404(HttpContext); } - - [HttpGet] + [AllowAnonymous] public ActionResult InvokeHttp404(HttpContextBase httpContext) { @@ -73,7 +72,6 @@ namespace Teknik.Controllers } // Get the Favicon - [HttpGet] [AllowAnonymous] public ActionResult Favicon() { @@ -83,7 +81,6 @@ namespace Teknik.Controllers } // Get the Logo - [HttpGet] [AllowAnonymous] public ActionResult Logo() { @@ -93,7 +90,6 @@ namespace Teknik.Controllers } // Get the Robots.txt - [HttpGet] [AllowAnonymous] public ActionResult Robots() { @@ -101,8 +97,7 @@ namespace Teknik.Controllers string file = Server.MapPath(Constants.ROBOTS_PATH); return File(file, "text/plain"); } - - [HttpGet] + [AllowAnonymous] public ActionResult NotFound() { diff --git a/Teknik/Global.asax.cs b/Teknik/Global.asax.cs index e30c670..522a677 100644 --- a/Teknik/Global.asax.cs +++ b/Teknik/Global.asax.cs @@ -159,6 +159,7 @@ namespace Teknik routeData.DataTokens.Add("namespaces", new[] { typeof(ErrorController).Namespace }); routeData.DataTokens.Add("area", "Error"); routeData.Values.Add("controller", "Error"); + routeData.Values.Add("scheme", "https"); if (httpException == null) {