Added Terms of Service page.

Added virus checking to all uploads.
2023-08-02 14:16:22 +02:00 · 2016-05-08 19:04:20 -07:00 · 2016-05-08 19:04:20 -07:00 · 80f3671541
commit 80f3671541
parent bef2ec6280
15 changed files with 244 additions and 28 deletions
--- a/Teknik/Areas/API/Controllers/APIv1Controller.cs
+++ b/Teknik/Areas/API/Controllers/APIv1Controller.cs
@ -12,6 +12,7 @@ using Teknik.Helpers;
 using Teknik.Models;
 using System.Text;
 using Teknik.Areas.Shortener.Models;
+using nClam;

 namespace Teknik.Areas.API.Controllers
 {
@ -46,6 +47,25 @@ namespace Teknik.Areas.API.Controllers
                            fileData = binaryReader.ReadBytes(file.ContentLength);
                        }

+                        // Scan the file to detect a virus
+                        if (Config.UploadConfig.VirusScanEnable)
+                        {
+                            ClamClient clam = new ClamClient(Config.UploadConfig.ClamServer, Config.UploadConfig.ClamPort);
+                            ClamScanResult scanResult = clam.SendAndScanFile(fileData);
+
+                            switch (scanResult.Result)
+                            {
+                                case ClamScanResults.Clean:
+                                    break;
+                                case ClamScanResults.VirusDetected:
+                                    return Json(new { error = new { message = string.Format("Virus Detected: {0}. As per our <a href=\"{1}\">Terms of Service</a>, Viruses are not permited.", scanResult.InfectedFiles.First().VirusName, Url.SubRouteUrl("tos", "TOS.Index")) } });
+                                case ClamScanResults.Error:
+                                    break;
+                                case ClamScanResults.Unknown:
+                                    break;
+                            }
+                        }
+
                        // Need to grab the contentType if it's empty
                        if (string.IsNullOrEmpty(contentType))
                        {
--- a/Teknik/Areas/Help/Views/Help/Upload.cshtml
+++ b/Teknik/Areas/Help/Views/Help/Upload.cshtml
@ -32,6 +32,13 @@
            <p>
                The encryption library being used is <a href="http://code.google.com/p/crypto-js/">Crypto-JS</a> and the cipher being used is <b>AES-@Model.Config.UploadConfig.KeySize</b> using the mode <b>CTR</b>.  The variant of AES is determined by the size of the key used (128, 192, or 256).
            </p>
+            <h3>Upload Requirements</h3>
+            <p>
+                The maximum file size per upload is <b>@Utility.GetBytesReadable(Model.Config.UploadConfig.MaxUploadSize)</b>
+            </p>
+            <p>
+                Each file is scanned for viruses at upload.  If it fails, it will cancel the upload.
+            </p>
        </div>
    </div>
 </div>
--- a/Teknik/Areas/Profile/Controllers/ProfileController.cs
+++ b/Teknik/Areas/Profile/Controllers/ProfileController.cs
@ -392,9 +392,14 @@ namespace Teknik.Areas.Profile.Controllers
                            return Json(new { error = "Unable to delete git account.  Response Code: " + response.StatusCode });
                        }
                    }
-                    catch (Exception)
+                    catch (HttpException htex)
                    {
-                        return Json(new { error = "Unable to delete git account." });
+                        if (htex.GetHttpCode() != 404)
+                            return Json(new { error = "Unable to delete git account.  Http Exception: " + htex.Message });
+                    }
+                    catch (Exception ex)
+                    {
+                        return Json(new { error = "Unable to delete git account.  Exception: " + ex.Message });
                    }
                }

--- a/Teknik/Areas/TOS/Controllers/TOSController.cs
+++ b/Teknik/Areas/TOS/Controllers/TOSController.cs
@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using System.Web.Mvc;
+using Teknik.Areas.TOS.ViewModels;
+using Teknik.Controllers;
+
+namespace Teknik.Areas.TOS.Controllers
+{
+    public class TOSController : DefaultController
+    {
+        // GET: Privacy/Privacy
+        [AllowAnonymous]
+        public ActionResult Index()
+        {
+            ViewBag.Title = "Terms of Service - " + Config.Title;
+            ViewBag.Description = "Teknik Terms of Service.";
+
+            return View(new TOSViewModel());
+        }
+    }
+}
--- a/Teknik/Areas/TOS/TOSAreaRegistration.cs
+++ b/Teknik/Areas/TOS/TOSAreaRegistration.cs
@ -0,0 +1,30 @@
+using System.Collections.Generic;
+using System.Web.Mvc;
+using Teknik.Configuration;
+
+namespace Teknik.Areas.TOS
+{
+    public class TOSAreaRegistration : AreaRegistration 
+    {
+        public override string AreaName 
+        {
+            get 
+            {
+                return "TOS";
+            }
+        }
+
+        public override void RegisterArea(AreaRegistrationContext context)
+        {
+            Config config = Config.Load();
+            context.MapSubdomainRoute(
+                 "TOS.Index", // Route name
+                 new List<string>() { "tos" }, // Subdomains
+                 new List<string>() { config.Host }, // domains
+                 "",    // URL with parameters 
+                 new { controller = "TOS", action = "Index" },  // Parameter defaults 
+                 new[] { typeof(Controllers.TOSController).Namespace }
+             );
+        }
+    }
+}
--- a/Teknik/Areas/TOS/ViewModels/TOSViewModel.cs
+++ b/Teknik/Areas/TOS/ViewModels/TOSViewModel.cs
@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using Teknik.ViewModels;
+
+namespace Teknik.Areas.TOS.ViewModels
+{
+    public class TOSViewModel : ViewModelBase
+    {
+    }
+}
--- a/Teknik/Areas/TOS/Views/Shared/Index.cshtml
+++ b/Teknik/Areas/TOS/Views/Shared/Index.cshtml
@ -0,0 +1,24 @@
+@model Teknik.Areas.TOS.ViewModels.TOSViewModel
+
+@using Teknik.Models
+<div class="container">
+    <div class="row">
+        <div class="col-xs-10">
+            <h2>Terms of Service for Teknik Services</h2>
+            <p>
+                Below are the terms of service for the Teknik Services.  By using our services, you agree to all of the below terms.
+            </p>
+            <ul>
+                <li>No illegal content as defined by the country the user resides.  If you are viewing content, be mindful that laws differ between regions.</li>
+                <li>Any Malware uploads or otherwise hosted/linked content will be removed without notice.</li>
+                <li>Email is limited to a maximum of 100 outbound email messages per day.  This is to prevent spam accounts.  If your account is flagged as spamming, it will be deleted without notice.</li>
+                <li>Copyrighted content will be removed only after a valid DMCA is recieved and verified.</li>
+            </ul>
+        </div>
+    </div>
+    <div class="row">
+        <div class="col-xs-10">
+            <p><i>Last Modified May 8, 2016</i></p>
+        </div>
+    </div>
+</div>
--- a/Teknik/Areas/TOS/Views/_ViewStart.cshtml
+++ b/Teknik/Areas/TOS/Views/_ViewStart.cshtml
@ -0,0 +1,3 @@
+@{
+    Layout = "~/Views/Shared/_Layout.cshtml";
+}
--- a/Teknik/Areas/TOS/Views/web.config
+++ b/Teknik/Areas/TOS/Views/web.config
@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+
+<configuration>
+  <configSections>
+    <sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
+      <section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
+      <section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
+    </sectionGroup>
+  </configSections>
+
+  <system.web.webPages.razor>
+    <host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
+    <pages pageBaseType="System.Web.Mvc.WebViewPage">
+      <namespaces>
+        <add namespace="System.Web.Mvc" />
+        <add namespace="System.Web.Mvc.Ajax" />
+        <add namespace="System.Web.Mvc.Html" />
+        <add namespace="System.Web.Routing" />
+        <add namespace="System.Web.Optimization" />
+        <add namespace="Teknik" />
+        
+      </namespaces>
+    </pages>
+  </system.web.webPages.razor>
+
+  <appSettings>
+    <add key="webpages:Enabled" value="false" />
+  </appSettings>
+
+  <system.webServer>
+    <handlers>
+      <remove name="BlockViewHandler"/>
+      <add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
+    </handlers>
+  </system.webServer>
+</configuration>
--- a/Teknik/Areas/Upload/Controllers/UploadController.cs
+++ b/Teknik/Areas/Upload/Controllers/UploadController.cs
@ -1,4 +1,5 @@
-using Piwik.Tracker;
+using nClam;
+using Piwik.Tracker;
 using System;
 using System.Collections.Generic;
 using System.Data.Entity;
@ -56,6 +57,26 @@ namespace Teknik.Areas.Upload.Controllers
                    {
                        fileData = binaryReader.ReadBytes(data.ContentLength);
                    }
+
+                    // Scan the file to detect a virus
+                    if (Config.UploadConfig.VirusScanEnable)
+                    {
+                        ClamClient clam = new ClamClient(Config.UploadConfig.ClamServer, Config.UploadConfig.ClamPort);
+                        ClamScanResult scanResult = clam.SendAndScanFile(fileData);
+
+                        switch (scanResult.Result)
+                        {
+                            case ClamScanResults.Clean:
+                                break;
+                            case ClamScanResults.VirusDetected:
+                                return Json(new { error = new { message = string.Format("Virus Detected: {0}. As per our <a href=\"{1}\">Terms of Service</a>, Viruses are not permited.", scanResult.InfectedFiles.First().VirusName, Url.SubRouteUrl("tos", "TOS.Index")) } });
+                            case ClamScanResults.Error:
+                                break;
+                            case ClamScanResults.Unknown:
+                                break;
+                        }
+                    }
+
                    // if they want us to encrypt it, we do so here
                    if (encrypt)
                    {
@ -86,14 +107,14 @@ namespace Teknik.Areas.Upload.Controllers
                        }
                        return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain");
                    }
-                    return Json(new { error = "Unable to upload file" });
+                    return Json(new { error = new { message = "Unable to upload file" } });
                }
                else
                {
-                    return Json(new { error = "File Too Large" });
+                    return Json(new { error = new { message = "File Too Large" } });
                }
            }
-            return Json(new { error = "Uploads are disabled" });
+            return Json(new { error = new { message = "Uploads are disabled" } });
        }

        // User did not supply key
--- a/Teknik/Areas/Upload/Scripts/Upload.js
+++ b/Teknik/Areas/Upload/Scripts/Upload.js
@ -290,25 +290,26 @@ function uploadProgress(fileID, evt) {

 function uploadComplete(fileID, key, saveKey, serverSideEncrypt, evt) {
    obj = JSON.parse(evt.target.responseText);
-    var name = obj.result.name;
-    var fullName = obj.result.url;
-    if (obj.result.key != null)
-        key = obj.result.key;
-    if (!saveKey) {
-        fullName = fullName + '#' + key;
-    }
-    $('#progress-' + fileID).children('.progress-bar').css('width', '100%');
-    $('#progress-' + fileID).children('.progress-bar').html('Complete');
-    $('#upload-link-' + fileID).html('<p><a href="' + fullName + '" id="full-url-link-' + fileID + '" target="_blank" class="alert-link">' + fullName + '</a></p>');
-    var keyBtn = '<div class="col-sm-4 text-center" id="key-link-' + fileID + '"> \
+    if (obj.result != null) {
+        var name = obj.result.name;
+        var fullName = obj.result.url;
+        if (obj.result.key != null)
+            key = obj.result.key;
+        if (!saveKey) {
+            fullName = fullName + '#' + key;
+        }
+        $('#progress-' + fileID).children('.progress-bar').css('width', '100%');
+        $('#progress-' + fileID).children('.progress-bar').html('Complete');
+        $('#upload-link-' + fileID).html('<p><a href="' + fullName + '" id="full-url-link-' + fileID + '" target="_blank" class="alert-link">' + fullName + '</a></p>');
+        var keyBtn = '<div class="col-sm-4 text-center" id="key-link-' + fileID + '"> \
                    <button type="button" class="btn btn-default btn-sm" id="save-key-link-' + fileID + '">Save Key On Server</button> \
                </div>';
-    if (saveKey) {
-        keyBtn = '<div class="col-sm-4 text-center" id="key-link-' + fileID + '"> \
+        if (saveKey) {
+            keyBtn = '<div class="col-sm-4 text-center" id="key-link-' + fileID + '"> \
                    <button type="button" class="btn btn-default btn-sm" id="remove-key-link-' + fileID + '">Remove Key From Server</button> \
                </div>';
-    }
-    $('#link-footer-' + fileID).html(' \
+        }
+        $('#link-footer-' + fileID).html(' \
                    <div class="row"> \
                        ' + keyBtn + ' \
                        <div class="col-sm-4 text-center"> \
@ -319,14 +320,28 @@ function uploadComplete(fileID, key, saveKey, serverSideEncrypt, evt) {
                        </div> \
                    </div> \
              ');
-    if (saveKey) {
-        linkRemoveKey('#remove-key-link-' + fileID + '', name, key, fileID);
+        if (saveKey) {
+            linkRemoveKey('#remove-key-link-' + fileID + '', name, key, fileID);
+        }
+        else {
+            linkSaveKey('#save-key-link-' + fileID + '', name, key, fileID);
+        }
+        linkUploadDelete('#generate-delete-link-' + fileID + '', name);
+        linkShortenUrl('#shortenUrl-button-' + fileID + '', fileID, fullName);
    }
-    else {
-        linkSaveKey('#save-key-link-' + fileID + '', name, key, fileID);
+    else
+    {
+        $('#progress-' + fileID).children('.progress-bar').css('width', '100%');
+        $("#progress-" + fileID).children('.progress-bar').removeClass('progress-bar-success');
+        $("#progress-" + fileID).children('.progress-bar').addClass('progress-bar-danger');
+        $('#remove-link-' + fileID).text('Clear Upload');
+        if (obj.error != null) {
+            $('#progress-' + fileID).children('.progress-bar').html(obj.error.message);
+        }
+        else {
+            $('#progress-' + fileID).children('.progress-bar').html('Unable to Upload File');
+        }
    }
-    linkUploadDelete('#generate-delete-link-' + fileID + '', name);
-    linkShortenUrl('#shortenUrl-button-' + fileID + '', fileID, fullName);
 }

 function uploadFailed(fileID, evt) {
--- a/Teknik/Configuration/UploadConfig.cs
+++ b/Teknik/Configuration/UploadConfig.cs
@ -23,6 +23,10 @@ namespace Teknik.Configuration
        public bool IncludeExtension { get; set; }
        // The size of the chunk that the file will be encrypted/decrypted in (bytes)
        public int ChunkSize { get; set; }
+        // Virus Scanning Settings
+        public bool VirusScanEnable { get; set; }
+        public string ClamServer { get; set; }
+        public int ClamPort { get; set; }

        public UploadConfig()
        {
@ -42,6 +46,9 @@ namespace Teknik.Configuration
            BlockSize = 128;
            IncludeExtension = true;
            ChunkSize = 1024;
+            VirusScanEnable = false;
+            ClamServer = "localhost";
+            ClamPort = 3310;
        }
    }
 }
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@ -76,6 +76,10 @@
      <HintPath>..\packages\MySql.Data.6.9.8\lib\net45\MySql.Data.dll</HintPath>
      <Private>True</Private>
    </Reference>
+    <Reference Include="nClam, Version=2.0.6.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\nClam.2.0.6.0\lib\net40-Client\nClam.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
    <Reference Include="Newtonsoft.Json, Version=8.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
      <HintPath>..\packages\Newtonsoft.Json.8.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
      <Private>True</Private>
@ -219,6 +223,9 @@
    <Compile Include="Areas\Stream\Controllers\StreamController.cs" />
    <Compile Include="Areas\Stream\StreamAreaRegistration.cs" />
    <Compile Include="Areas\Stream\ViewModels\StreamViewModel.cs" />
+    <Compile Include="Areas\TOS\Controllers\TOSController.cs" />
+    <Compile Include="Areas\TOS\TOSAreaRegistration.cs" />
+    <Compile Include="Areas\TOS\ViewModels\TOSViewModel.cs" />
    <Compile Include="Areas\Transparency\Controllers\TransparencyController.cs" />
    <Compile Include="Areas\Transparency\Models\Bill.cs" />
    <Compile Include="Areas\Transparency\Models\Donation.cs" />
@ -503,6 +510,9 @@
    <Content Include="Areas\Shortener\Views\_ViewStart.cshtml" />
    <Content Include="Areas\Shortener\Views\Shortener\Index.cshtml" />
    <Content Include="Areas\Help\Views\Help\API\v1\Shorten.cshtml" />
+    <Content Include="Areas\TOS\Views\web.config" />
+    <Content Include="Areas\TOS\Views\_ViewStart.cshtml" />
+    <Content Include="Areas\TOS\Views\Shared\Index.cshtml" />
    <None Include="Properties\PublishProfiles\Teknik Dev.pubxml" />
    <None Include="Properties\PublishProfiles\Teknik Production.pubxml" />
    <None Include="Scripts\jquery-2.1.4.intellisense.js" />
@ -595,6 +605,8 @@
    <Folder Include="Areas\Profile\Views\Shared\" />
    <Folder Include="Areas\Shortener\Views\Shared\" />
    <Folder Include="Areas\Stream\Views\Shared\" />
+    <Folder Include="Areas\TOS\Models\" />
+    <Folder Include="Areas\TOS\Views\TOS\" />
    <Folder Include="Areas\Transparency\Views\Shared\" />
    <Folder Include="Areas\Upload\Views\Shared\" />
  </ItemGroup>
--- a/Teknik/Views/Shared/_Footer.cshtml
+++ b/Teknik/Views/Shared/_Footer.cshtml
@ -15,7 +15,7 @@
        }
        <div class="row">
            <div class="col-md-6 text-left text-muted">
-                &copy; Teknik 2013-2016 | <a href="@Url.SubRouteUrl("privacy", "Privacy.Index")">Privacy</a> | <a href="@Url.SubRouteUrl("transparency", "Transparency.Index")">Transparency</a>
+                &copy; Teknik 2013-2016 | <a href="@Url.SubRouteUrl("privacy", "Privacy.Index")">Privacy</a> | <a href="@Url.SubRouteUrl("tos", "TOS.Index")">TOS</a> | <a href="@Url.SubRouteUrl("transparency", "Transparency.Index")">Transparency</a>
            </div>
            <div class="col-md-6 text-right text-muted">
                <div id="pagetime" style="display:none;">
--- a/Teknik/packages.config
+++ b/Teknik/packages.config
@ -24,6 +24,7 @@
  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net46" userInstalled="true" />
  <package id="Modernizr" version="2.8.3" targetFramework="net452" userInstalled="true" />
  <package id="MySql.Data" version="6.9.8" targetFramework="net452" />
+  <package id="nClam" version="2.0.6.0" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="8.0.2" targetFramework="net452" userInstalled="true" />
  <package id="Piwik.Tracker" version="2.8.0.0" targetFramework="net452" />
  <package id="Respond" version="1.4.2" targetFramework="net452" userInstalled="true" />