Mirrors/Teknik
1
0
Fork 0
mirror of https://git.teknik.io/Teknikode/Teknik.git synced 2023-08-02 14:16:22 +02:00
Code Releases Activity

Removed validations as they aren't working for subdomains.

Browse Source 
Made upload URLs dependent on the current subdomain.
This commit is contained in:
Uncled1023 2016-01-30 21:49:32 -08:00
parent 9caac7fab3
commit 886b36cbf1
20 changed files with 99 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Teknik/Areas/Blog/Controllers/BlogController.cs
View File

@ -134,7 +134,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreatePost(int blogID, string title, string article) public ActionResult CreatePost(int blogID, string title, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -169,7 +168,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditPost(int postID, string title, string article) public ActionResult EditPost(int postID, string title, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -194,7 +192,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult PublishPost(int postID, bool publish) public ActionResult PublishPost(int postID, bool publish)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -219,7 +216,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeletePost(int postID) public ActionResult DeletePost(int postID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -271,7 +267,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreateComment(int postID, string article) public ActionResult CreateComment(int postID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -295,7 +290,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditComment(int commentID, string article) public ActionResult EditComment(int commentID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -319,7 +313,6 @@ namespace Teknik.Areas.Blog.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeleteComment(int commentID) public ActionResult DeleteComment(int commentID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

16
Teknik/Areas/Blog/Scripts/Blog.js
View File

@ -7,7 +7,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addPostURL, url: addPostURL,
data: AddAntiForgeryToken({ blogID: blogID, title: title, article: post }), data: { blogID: blogID, title: title, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -55,7 +55,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editPostURL, url: editPostURL,
data: AddAntiForgeryToken({ postID: postID, title: title, article: post }), data: { postID: postID, title: title, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -76,7 +76,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addCommentURL, url: addCommentURL,
data: AddAntiForgeryToken({ postID: postID, article: post }), data: { postID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -113,7 +113,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editCommentURL, url: editCommentURL,
data: AddAntiForgeryToken({ commentID: postID, article: post }), data: { commentID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -185,7 +185,7 @@ function linkPostUnpublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPostURL, url: publishPostURL,
data: AddAntiForgeryToken({ postID: post_id, publish: false }), data: { postID: post_id, publish: false },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -206,7 +206,7 @@ function linkPostPublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPostURL, url: publishPostURL,
data: AddAntiForgeryToken({postID: post_id, publish: true }), data: {postID: post_id, publish: true },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -229,7 +229,7 @@ function linkPostDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deletePostURL, url: deletePostURL,
data: AddAntiForgeryToken({ postID: post_id }), data: { postID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -254,7 +254,7 @@ function linkCommentDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteCommentURL, url: deleteCommentURL,
data: AddAntiForgeryToken({ commentID: post_id }), data: { commentID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();

12
Teknik/Areas/Error/Controllers/ErrorController.cs
View File

@ -29,9 +29,6 @@ namespace Teknik.Areas.Error.Controllers
{ {
ViewBag.Title = "Http Exception - " + Config.Title; ViewBag.Title = "Http Exception - " + Config.Title;
if (Response != null)
Response.StatusCode = (exception as HttpException).GetHttpCode();
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Description = exception.Message; model.Description = exception.Message;
model.Exception = exception; model.Exception = exception;
@ -45,9 +42,6 @@ namespace Teknik.Areas.Error.Controllers
ViewBag.Title = "403 - " + Config.Title; ViewBag.Title = "403 - " + Config.Title;
ViewBag.Message = "Access Denied"; ViewBag.Message = "Access Denied";
if (Response != null)
Response.StatusCode = 403;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;
@ -59,9 +53,6 @@ namespace Teknik.Areas.Error.Controllers
{ {
ViewBag.Title = "404 - " + Config.Title; ViewBag.Title = "404 - " + Config.Title;
ViewBag.Message = "Uh Oh, can't find it!"; ViewBag.Message = "Uh Oh, can't find it!";
if (Response != null)
Response.StatusCode = 404;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;
@ -75,9 +66,6 @@ namespace Teknik.Areas.Error.Controllers
ViewBag.Title = "500 - " + Config.Title; ViewBag.Title = "500 - " + Config.Title;
ViewBag.Message = "Something Borked"; ViewBag.Message = "Something Borked";
if (Response != null)
Response.StatusCode = 500;
ErrorViewModel model = new ErrorViewModel(); ErrorViewModel model = new ErrorViewModel();
model.Exception = exception; model.Exception = exception;

6
Teknik/Areas/Error/ErrorAreaRegistration.cs
View File

@ -17,21 +17,21 @@ namespace Teknik.Areas.Error
{ {
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http404", // Route name "Error.Http404", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"404", // URL with parameters "404", // URL with parameters
new { controller = "Error", action = "Http404" }, // Parameter defaults new { controller = "Error", action = "Http404" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }
); );
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http403", // Route name "Error.Http403", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"403", // URL with parameters "403", // URL with parameters
new { controller = "Error", action = "Http403" }, // Parameter defaults new { controller = "Error", action = "Http403" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }
); );
context.MapSubdomainRoute( context.MapSubdomainRoute(
"Error.Http500", // Route name "Error.Http500", // Route name
new List<string>() { "*" }, // Subdomains new List<string>() { "*", "error" }, // Subdomains
"500", // URL with parameters "500", // URL with parameters
new { controller = "Error", action = "Http500" }, // Parameter defaults new { controller = "Error", action = "Http500" }, // Parameter defaults
new[] { typeof(Controllers.ErrorController).Namespace } new[] { typeof(Controllers.ErrorController).Namespace }

6
Teknik/Areas/Home/Controllers/HomeController.cs
View File

@ -23,17 +23,17 @@ namespace Teknik.Areas.Home.Controllers
HomeViewModel model = new HomeViewModel(); HomeViewModel model = new HomeViewModel();
// Grab the latest site blog posts // Grab the latest site blog posts
List<BlogPost> lastSite = new List<BlogPost>(); List<BlogPost> lastSite = new List<BlogPost>();
var foundSite = db.BlogPosts.Include("Blog").Include("Blog.User").OrderBy(post => post.DatePosted).Where(p => p.Published && p.System).Take(10); var foundSite = db.BlogPosts.Include("Blog").Include("Blog.User").OrderByDescending(post => post.DatePosted).Where(p => p.Published && p.System).Take(5);
if (foundSite != null) if (foundSite != null)
lastSite = foundSite.ToList(); lastSite = foundSite.ToList();
// Grab the latest user blog posts // Grab the latest user blog posts
List<BlogPost> lastPosts = new List<BlogPost>(); List<BlogPost> lastPosts = new List<BlogPost>();
var foundPosts = db.BlogPosts.Include("Blog").Include("Blog.User").OrderBy(post => post.DatePosted).Where(p => p.Published && !p.System).Take(10); var foundPosts = db.BlogPosts.Include("Blog").Include("Blog.User").OrderByDescending(post => post.DatePosted).Where(p => p.Published && !p.System).Take(5);
if (foundPosts != null) if (foundPosts != null)
lastPosts = foundPosts.ToList(); lastPosts = foundPosts.ToList();
// Grab the latest podcasts // Grab the latest podcasts
List<Podcast.Models.Podcast> lastPods = new List<Podcast.Models.Podcast>(); List<Podcast.Models.Podcast> lastPods = new List<Podcast.Models.Podcast>();
var foundPods = db.Podcasts.OrderBy(post => post.DatePosted).Where(p => p.Published).Take(10); var foundPods = db.Podcasts.OrderByDescending(post => post.DatePosted).Where(p => p.Published).Take(5);
if (foundPods != null) if (foundPods != null)
lastPods = foundPods.ToList(); lastPods = foundPods.ToList();

3
Teknik/Areas/Paste/Controllers/PasteController.cs
View File

@ -102,7 +102,6 @@ namespace Teknik.Areas.Paste.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Paste([Bind(Include = "Content, Title, Syntax, ExpireLength, ExpireUnit, Password, Hide")]PasteCreateViewModel model) public ActionResult Paste([Bind(Include = "Content, Title, Syntax, ExpireLength, ExpireUnit, Password, Hide")]PasteCreateViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -130,7 +129,7 @@ namespace Teknik.Areas.Paste.Controllers
db.Pastes.Add(paste); db.Pastes.Add(paste);
db.SaveChanges(); db.SaveChanges();
return Redirect(Url.SubRouteUrl("paste", "Paste.View", new { type = "Full", url = paste.Url, password = model.Password })); return Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url, password = model.Password }));
} }
catch (Exception ex) catch (Exception ex)
{ {

1
Teknik/Areas/Paste/Views/Paste/Index.cshtml
View File

@ -14,7 +14,6 @@
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-sm-12">
<form class="form-horizontal" name="editor" method="post" action="@Url.SubRouteUrl("paste", "Paste.Action", new { action = "Paste" })"> <form class="form-horizontal" name="editor" method="post" action="@Url.SubRouteUrl("paste", "Paste.Action", new { action = "Paste" })">
@Html.AntiForgeryToken()
<div class="form-group"> <div class="form-group">
<div class="col-sm-10 col-sm-offset-1"> <div class="col-sm-10 col-sm-offset-1">
<textarea class="form-control" name="Content" id="content" rows="20"></textarea> <textarea class="form-control" name="Content" id="content" rows="20"></textarea>

7
Teknik/Areas/Podcast/Controllers/PodcastController.cs
View File

@ -156,7 +156,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreatePodcast(int episode, string title, string description) public ActionResult CreatePodcast(int episode, string title, string description)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -223,7 +222,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditPodcast(int podcastId, int episode, string title, string description) public ActionResult EditPodcast(int podcastId, int episode, string title, string description)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -253,7 +251,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult PublishPodcast(int podcastId, bool publish) public ActionResult PublishPodcast(int podcastId, bool publish)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -278,7 +275,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeletePodcast(int podcastId) public ActionResult DeletePodcast(int podcastId)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -330,7 +326,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreateComment(int podcastId, string article) public ActionResult CreateComment(int podcastId, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -354,7 +349,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditComment(int commentID, string article) public ActionResult EditComment(int commentID, string article)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -378,7 +372,6 @@ namespace Teknik.Areas.Podcast.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeleteComment(int commentID) public ActionResult DeleteComment(int commentID)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

14
Teknik/Areas/Podcast/Scripts/Podcast.js
View File

@ -81,7 +81,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editPodcastURL, url: editPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, episode: episode, title: title, description: description }), data: { podcastId: podcastId, episode: episode, title: title, description: description },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -102,7 +102,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: addCommentURL, url: addCommentURL,
data: AddAntiForgeryToken({ podcastId: postID, article: post }), data: { podcastId: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -139,7 +139,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editCommentURL, url: editCommentURL,
data: AddAntiForgeryToken({ commentID: postID, article: post }), data: { commentID: postID, article: post },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -211,7 +211,7 @@ function linkPodcastUnpublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPodcastURL, url: publishPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, publish: false }), data: { podcastId: podcastId, publish: false },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -232,7 +232,7 @@ function linkPodcastPublish(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: publishPodcastURL, url: publishPodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId, publish: true }), data: { podcastId: podcastId, publish: true },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -255,7 +255,7 @@ function linkPodcastDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deletePodcastURL, url: deletePodcastURL,
data: AddAntiForgeryToken({ podcastId: podcastId }), data: { podcastId: podcastId },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();
@ -280,7 +280,7 @@ function linkCommentDelete(selector) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteCommentURL, url: deleteCommentURL,
data: AddAntiForgeryToken({ commentID: post_id }), data: { commentID: post_id },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.reload(); window.location.reload();

11
Teknik/Areas/Profile/Controllers/ProfileController.cs
View File

@ -114,7 +114,6 @@ namespace Teknik.Areas.Profile.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel model) public ActionResult Login(LoginViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -138,7 +137,12 @@ namespace Teknik.Areas.Profile.Controllers
db.Entry(user).State = EntityState.Modified; db.Entry(user).State = EntityState.Modified;
db.SaveChanges(); db.SaveChanges();
} }
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe); HttpCookie authcookie = FormsAuthentication.GetAuthCookie(model.Username, model.RememberMe);
authcookie.Domain = string.Format(".{0}", Config.Host);
authcookie.HttpOnly = true;
authcookie.Secure = true;
Response.AppendCookie(authcookie);
if (string.IsNullOrEmpty(model.ReturnUrl)) if (string.IsNullOrEmpty(model.ReturnUrl))
{ {
return Json(new { result = "true" }); return Json(new { result = "true" });
@ -172,7 +176,6 @@ namespace Teknik.Areas.Profile.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Register(RegisterViewModel model) public ActionResult Register(RegisterViewModel model)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -261,7 +264,6 @@ namespace Teknik.Areas.Profile.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt) public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -332,7 +334,6 @@ namespace Teknik.Areas.Profile.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Delete() public ActionResult Delete()
{ {
if (ModelState.IsValid) if (ModelState.IsValid)

6
Teknik/Areas/Profile/Scripts/Profile.js
View File

@ -8,7 +8,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: deleteUserURL, url: deleteUserURL,
data: AddAntiForgeryToken({}), data: {},
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
window.location.replace(homeUrl); window.location.replace(homeUrl);
@ -40,7 +40,7 @@
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: editUserURL, url: editUserURL,
data: AddAntiForgeryToken({ data: {
curPass: current_password, curPass: current_password,
newPass: password, newPass: password,
newPassConfirm: password_confirm, newPassConfirm: password_confirm,
@ -51,7 +51,7 @@
blogDesc: blog_desc, blogDesc: blog_desc,
saveKey: upload_saveKey, saveKey: upload_saveKey,
serverSideEncrypt: upload_serverSideEncrypt serverSideEncrypt: upload_serverSideEncrypt
}), },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$.unblockUI(); $.unblockUI();

1
Teknik/Areas/Profile/Views/Profile/Login.cshtml
View File

@ -3,7 +3,6 @@
@if (Model.Config.UserConfig.LoginEnabled) @if (Model.Config.UserConfig.LoginEnabled)
{ {
<form role="form" id="loginForm" action="@Url.SubRouteUrl("profile", "Profile.Login")" method="post" accept-charset="UTF-8"> <form role="form" id="loginForm" action="@Url.SubRouteUrl("profile", "Profile.Login")" method="post" accept-charset="UTF-8">
@Html.AntiForgeryToken()
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" /> <input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true" /> <input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true" />

1
Teknik/Areas/Profile/Views/Profile/Register.cshtml
View File

@ -3,7 +3,6 @@
@if (Model.Config.UserConfig.RegistrationEnabled) @if (Model.Config.UserConfig.RegistrationEnabled)
{ {
<form role="form" id="registrationForm" action="@Url.SubRouteUrl("profile", "Profile.Register")" method="post" accept-charset="UTF-8"> <form role="form" id="registrationForm" action="@Url.SubRouteUrl("profile", "Profile.Register")" method="post" accept-charset="UTF-8">
@Html.AntiForgeryToken()
<input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" /> <input name="ReturnUrl" id="ReturnUrl" type="hidden" value="@Model.ReturnUrl" />
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true"/> <input type="text" class="form-control" id="Username" value="" placeholder="Username" name="Username" data-val-required="The Username field is required." data-val="true"/>

7
Teknik/Areas/Upload/Controllers/UploadController.cs
View File

@ -41,7 +41,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null) public ActionResult Upload(string fileType, string fileExt, string iv, int keySize, int blockSize, bool encrypt, bool saveKey, HttpPostedFileWrapper data, string key = null)
{ {
if (Config.UploadConfig.UploadEnabled) if (Config.UploadConfig.UploadEnabled)
@ -83,7 +82,7 @@ namespace Teknik.Areas.Upload.Controllers
db.SaveChanges(); db.SaveChanges();
} }
} }
return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("upload", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain"); return Json(new { result = new { name = upload.Url, url = Url.SubRouteUrl("u", "Upload.Download", new { file = upload.Url }), key = key } }, "text/plain");
} }
return Json(new { error = "Unable to upload file" }); return Json(new { error = "Unable to upload file" });
} }
@ -156,7 +155,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public FileResult DownloadData(string file) public FileResult DownloadData(string file)
{ {
if (Config.UploadConfig.DownloadEnabled) if (Config.UploadConfig.DownloadEnabled)
@ -230,7 +228,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult GenerateDeleteKey(string file) public ActionResult GenerateDeleteKey(string file)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
@ -247,7 +244,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult SaveFileKey(string file, string key) public ActionResult SaveFileKey(string file, string key)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();
@ -263,7 +259,6 @@ namespace Teknik.Areas.Upload.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult RemoveFileKey(string file, string key) public ActionResult RemoveFileKey(string file, string key)
{ {
Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault();

6
Teknik/Areas/Upload/Scripts/Upload.js
View File

@ -11,7 +11,7 @@ function linkSaveKey(selector, uploadID, key, fileID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: saveKeyToServerURL, url: saveKeyToServerURL,
data: AddAntiForgeryToken({ file: uploadID, key: key }), data: { file: uploadID, key: key },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="remove-key-link-' + fileID + '">Remove Key From Server</button>'); $('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="remove-key-link-' + fileID + '">Remove Key From Server</button>');
@ -33,7 +33,7 @@ function linkRemoveKey(selector, uploadID, key, fileID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: removeKeyFromServerURL, url: removeKeyFromServerURL,
data: AddAntiForgeryToken({ file: uploadID, key: key }), data: { file: uploadID, key: key },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
$('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="save-key-link-' + fileID + '">Save Key To Server</button>'); $('#key-link-' + fileID).html('<button type="button" class="btn btn-default btn-sm" id="save-key-link-' + fileID + '">Save Key To Server</button>');
@ -55,7 +55,7 @@ function linkUploadDelete(selector, uploadID) {
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: generateDeleteKeyURL, url: generateDeleteKeyURL,
data: AddAntiForgeryToken({ file: uploadID }), data: { file: uploadID },
success: function (html) { success: function (html) {
if (html.result) { if (html.result) {
bootbox.dialog({ bootbox.dialog({

10
Teknik/Areas/Upload/Views/Upload/Index.cshtml
View File

@ -1,12 +1,14 @@
@model Teknik.Areas.Upload.ViewModels.UploadViewModel @model Teknik.Areas.Upload.ViewModels.UploadViewModel
@using Teknik.Helpers
<script> <script>
var encScriptSrc = '@Scripts.Url("~/bundles/cryptoWorker")'; var encScriptSrc = '@Scripts.Url("~/bundles/cryptoWorker")';
var aesScriptSrc = '@Scripts.Url("~/bundles/crypto")'; var aesScriptSrc = '@Scripts.Url("~/bundles/crypto")';
var generateDeleteKeyURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "GenerateDeleteKey" })'; var generateDeleteKeyURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "GenerateDeleteKey" })';
var saveKeyToServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "SaveFileKey" })'; var saveKeyToServerURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "SaveFileKey" })';
var removeKeyFromServerURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action= "RemoveFileKey" })'; var removeKeyFromServerURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action= "RemoveFileKey" })';
var uploadFileURL = '@Url.SubRouteUrl("upload", "Upload.Action", new { action = "Upload" })'; var uploadFileURL = '@Url.SubRouteUrl(Request.Url.Authority.GetSubdomain(), "Upload.Action", new { action = "Upload" })';
var maxUploadSize = @Model.Config.UploadConfig.MaxUploadSize; var maxUploadSize = @Model.Config.UploadConfig.MaxUploadSize;
var chunkSize = @Model.Config.UploadConfig.ChunkSize; var chunkSize = @Model.Config.UploadConfig.ChunkSize;
var keySize = @Model.Config.UploadConfig.KeySize; var keySize = @Model.Config.UploadConfig.KeySize;

93
Teknik/Migrations/Configuration.cs
View File

@ -22,10 +22,11 @@ namespace Teknik.Migrations
protected override void Seed(Models.TeknikEntities context) protected override void Seed(Models.TeknikEntities context)
{ {
Config config = Config.Load();
// Pre-populate with the default stuff // Pre-populate with the default stuff
// Create system blog // Create system blog
/*
Config config = Config.Load();
Areas.Profile.Models.User systemUser = new Areas.Profile.Models.User(); Areas.Profile.Models.User systemUser = new Areas.Profile.Models.User();
systemUser.Username = Constants.SERVERUSER; systemUser.Username = Constants.SERVERUSER;
systemUser.JoinDate = DateTime.Now; systemUser.JoinDate = DateTime.Now;
@ -74,15 +75,14 @@ namespace Teknik.Migrations
context.Groups.AddOrUpdate(memberGroup); context.Groups.AddOrUpdate(memberGroup);
context.SaveChanges(); context.SaveChanges();
if (config.DatabaseConfig.Migrate && !config.DevEnvironment) if (config.DatabaseConfig.Migrate && !config.DevEnvironment)
{ {
config.DatabaseConfig.Migrate = false;
Config.Save(config);
// Convert legacy MySQL DB to new MS SQL DB // Convert legacy MySQL DB to new MS SQL DB
MysqlDatabase db = new MysqlDatabase(config.DatabaseConfig); MysqlDatabase db = new MysqlDatabase(config.DatabaseConfig);
db.MysqlErrorEvent += Db_MysqlErrorEvent; db.MysqlErrorEvent += Db_MysqlErrorEvent;
config.DatabaseConfig.Migrate = false;
Config.Save(config);
// Transfer transactions // Transfer transactions
var transRet = db.Query("SELECT * FROM `transactions`"); var transRet = db.Query("SELECT * FROM `transactions`");
@ -120,7 +120,6 @@ namespace Teknik.Migrations
} }
} }
context.SaveChanges(); context.SaveChanges();
// Transfer Users and Blogs/Posts // Transfer Users and Blogs/Posts
Dictionary<int, int> userMapping = new Dictionary<int, int>(); Dictionary<int, int> userMapping = new Dictionary<int, int>();
Dictionary<int, int> postMapping = new Dictionary<int, int>(); Dictionary<int, int> postMapping = new Dictionary<int, int>();
@ -146,13 +145,18 @@ namespace Teknik.Migrations
{ {
newUser.Groups.Add(adminGroup); newUser.Groups.Add(adminGroup);
} }
context.Users.AddOrUpdate(newUser); context.Users.AddOrUpdate(newUser);
context.SaveChanges(); context.SaveChanges();
int oldUserId = Int32.Parse(user["id"].ToString()); string oldUsername = user["username"].ToString();
int userId = newUser.UserId; Areas.Profile.Models.User newUser = context.Users.Where(u => u.Username == oldUsername).FirstOrDefault();
if (newUser != null)
userMapping.Add(oldUserId, userId); {
int oldUserId = Int32.Parse(user["id"].ToString());
int userId = newUser.UserId;
userMapping.Add(oldUserId, userId);
}
// Create Blog for user // Create Blog for user
Areas.Blog.Models.Blog newBlog = new Areas.Blog.Models.Blog(); Areas.Blog.Models.Blog newBlog = new Areas.Blog.Models.Blog();
newBlog.UserId = userId; newBlog.UserId = userId;
@ -195,7 +199,7 @@ namespace Teknik.Migrations
} }
} }
} }
// Transfer Blog Comments // Transfer Blog Comments
var commentRet = db.Query("SELECT * FROM `comments` WHERE `service` = {0}", new object[] { "blog" }); var commentRet = db.Query("SELECT * FROM `comments` WHERE `service` = {0}", new object[] { "blog" });
foreach (var comment in commentRet) foreach (var comment in commentRet)
@ -214,13 +218,14 @@ namespace Teknik.Migrations
context.SaveChanges(); context.SaveChanges();
} }
} }
// Transfer Pastes // Transfer Pastes
var pasteRet = db.Query("SELECT * FROM `paste`"); var pasteRet = db.Query("SELECT * FROM `paste`");
foreach (var paste in pasteRet) foreach (var paste in pasteRet)
{ {
string pass = paste["password"].ToString();
// If it's a password protected paste, we just skip it // If it's a password protected paste, we just skip it
if (paste["password"] == null) if (string.IsNullOrEmpty(pass) || pass == "EMPTY")
{ {
string content = paste["code"].ToString(); string content = paste["code"].ToString();
string title = paste["title"].ToString(); string title = paste["title"].ToString();
@ -237,53 +242,57 @@ namespace Teknik.Migrations
context.SaveChanges(); context.SaveChanges();
} }
} }
// Transfer Uploads // Transfer Uploads
var uploadRet = db.Query("SELECT * FROM `uploads`"); var uploadRet = db.Query("SELECT * FROM `uploads`");
foreach (var upload in uploadRet) foreach (var upload in uploadRet)
{ {
string url = upload["url"].ToString(); string url = upload["url"].ToString();
string fileType = upload["type"].ToString(); Areas.Upload.Models.Upload upFound = context.Uploads.Where(u => u.Url == url).FirstOrDefault();
int contentLength = Int32.Parse(upload["filesize"].ToString()); if (upFound == null)
string deleteKey = upload["delete_key"].ToString();
int userId = Int32.Parse(upload["user_id"].ToString());
DateTime uploadDate = DateTime.Parse(upload["upload_date"].ToString());
string fullUrl = string.Format("https://u.teknik.io/{0}", url);
string fileExt = Path.GetExtension(fullUrl);
// Download the old file and re-upload it
using (WebClient client = new WebClient())
{ {
try string fileType = upload["type"].ToString();
{ int contentLength = Int32.Parse(upload["filesize"].ToString());
byte[] fileData = client.DownloadData(fullUrl); string deleteKey = upload["delete_key"].ToString();
// Generate key and iv if empty int userId = Int32.Parse(upload["user_id"].ToString());
string key = Utility.RandomString(config.UploadConfig.KeySize / 8); DateTime uploadDate = DateTime.Parse(upload["upload_date"].ToString());
string iv = Utility.RandomString(config.UploadConfig.BlockSize / 8); string fullUrl = string.Format("https://u.teknik.io/{0}", url);
string fileExt = Path.GetExtension(fullUrl);
fileData = AES.Encrypt(fileData, key, iv); // Download the old file and re-upload it
if (fileData == null || fileData.Length <= 0) using (WebClient client = new WebClient())
{
try
{ {
continue; byte[] fileData = client.DownloadData(fullUrl);
// Generate key and iv if empty
string key = Utility.RandomString(config.UploadConfig.KeySize / 8);
string iv = Utility.RandomString(config.UploadConfig.BlockSize / 8);
fileData = AES.Encrypt(fileData, key, iv);
if (fileData == null || fileData.Length <= 0)
{
continue;
}
Areas.Upload.Models.Upload up = Uploader.SaveFile(fileData, fileType, contentLength, fileExt, iv, key, config.UploadConfig.KeySize, config.UploadConfig.BlockSize);
if (userMapping.ContainsKey(userId))
up.UserId = userMapping[userId];
if (!string.IsNullOrEmpty(deleteKey))
up.DeleteKey = deleteKey;
up.Url = url;
context.Uploads.Add(up);
context.SaveChanges();
} }
Areas.Upload.Models.Upload up = Uploader.SaveFile(fileData, fileType, contentLength, fileExt, iv, key, config.UploadConfig.KeySize, config.UploadConfig.BlockSize); catch { }
if (userMapping.ContainsKey(userId))
up.UserId = userMapping[userId];
if (!string.IsNullOrEmpty(deleteKey))
up.DeleteKey = deleteKey;
up.Url = url;
context.Uploads.Add(up);
context.SaveChanges();
} }
catch { }
} }
} }
} }
*/
} }
private void Db_MysqlErrorEvent(object sender, string e) private void Db_MysqlErrorEvent(object sender, string e)
{ {
throw new NotImplementedException(); //throw new NotImplementedException();
} }
} }
} }

5
Teknik/Scripts/Common.js
View File

@ -1,9 +1,4 @@
$(document).ready(function () { $(document).ready(function () {
AddAntiForgeryToken = function (data) {
data.__RequestVerificationToken = $('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val();
return data;
};
$("#top_msg").css('display', 'none', 'important'); $("#top_msg").css('display', 'none', 'important');
$("#login_dropdown").click(function () { $("#login_dropdown").click(function () {

5
Teknik/Views/Shared/_Layout.cshtml
View File

@ -41,11 +41,6 @@
</div> </div>
</div> </div>
</noscript> </noscript>
<!-- Global AntiForgery Token -->
@using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" }))
{
@Html.AntiForgeryToken()
}
@RenderBody() @RenderBody()
</div> </div>

7
Teknik/Web.config
View File

@ -42,6 +42,13 @@
<requestLimits maxAllowedContentLength="1073741824" /> <requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering> </requestFiltering>
</security> </security>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Accept, Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer> </system.webServer>
<runtime> <runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">