public async Task <ActionResult> Get()
        {
            string path = HttpUtility.UrlDecode(Request.GetRelativePath())
                          .ToLowerInvariant();

            if (path.StartsWith("http:/"))
            {
                path = "http://" + path.SubstringAfter("http:/");
                Response.Redirect(path, true);
            }
            else if (path.StartsWith("https:/"))
            {
                path = "https://" + path.SubstringAfter("https:/");
                Response.Redirect(path, true);
            }
            else if (path.StartsWith("ftp:/"))
            {
                path = "ftp://" + path.SubstringAfter("ftp:/");
                Response.Redirect(path, true);
            }

            //if it is going to ICE images, use a different system, get image content from resource
            if (path.ToLowerInvariant().EndsWith("images/_ice_/play.png"))
            {
                string ext = Path.GetExtension(path);
                //string mimeType = MIMEAssisant.GetMIMEType("png");
                string mimeType = MIMEAssistant.GetMIMEType("png");

                var image = Properties.Resources.play;

                MemoryStream ms = new MemoryStream();
                image.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
                ms.Position = 0;

                return(File(ms, mimeType));
            }
            else
            {
                path = path.ToLowerInvariant().TrimStart('/');
                Regex trimRE = new Regex(@"^((images|documents|media)\/)?assets\/");
                if (trimRE.IsMatch(path))
                {
                    path = path.SubstringAfter("assets/");
                }

                if (isPreviewRequest)
                {
                    // Pull the "assets" off the from of the path for preview. Publish puts it in 'assets'
                    path = (path.StartsWith("assets/") ? path.SubstringAfter("assets/") : path.TrimStart('/'));
                    using (var session = _ContentStore.OpenReadSession(_CurrentUser))
                    {
                        IAsset   asset = session.Site.AssetByPath(path);
                        FileInfo file;
                        if (asset != null)
                        {
                            file = asset.File();
                        }
                        else
                        {
                            IUnmanagedAsset unmanaged = session.UnmanagedAssetManager.UnmanagedAsset(path);
                            if (unmanaged != null)
                            {
                                file = unmanaged.FileInfo;
                            }
                            else
                            {
                                throw new HttpException(404, string.Format("Asset for Preview {0} is missing.", path));
                            }
                        }

                        string mime = MimeMapping.GetMimeMapping(file.FullName);
                        return(new RangeFilePathResult(mime, file.FullName, file.LastWriteTimeUtc, file.Length));
                        //return base.File(file.FullName, mime);
                    }
                }

                //else
                //{
                //	path = "assets/" + (path.StartsWith("assets/") ? path.SubstringAfter("assets/") : path.TrimStart('/'));
                //}

                string assetPath = Path.Combine(AssetBasePath, path.TrimStart('/').Replace("/", @"\"));
                assetPath = Uri.UnescapeDataString(assetPath);
                //if (!path.ToLowerInvariant().StartsWith("assets/") && !System.IO.File.Exists(assetPath))
                //{
                //	path = "assets\\" + path.TrimStart('/').Replace("/", @"\");
                //	assetPath = Path.Combine(AssetBasePath, path);
                //}

                Assets.AssetFactory map           = Assets.AssetFactory.Get(CmsRoute.GetSitePath());
                Assets.IAsset       assetMapEntry = map.GetAssetByPath(path);
                if (assetMapEntry != null)
                {
                    var assetId           = assetMapEntry.AssetId;
                    Assets.AssetTree tree = Assets.AssetTree.Get(CmsRoute.GetSitePath());
                    var assetTreeEntry    = tree.GetNode(assetId);
                    if (assetTreeEntry != null && !assetTreeEntry.Valid())
                    {
                        throw new HttpException(404, string.Format("Asset {0} is invalid.", assetPath));
                    }

                    assetPath = assetMapEntry.FilePath;

                    if (assetMapEntry.IsExternal)
                    {
                        Response.Redirect(assetPath);
                    }
                }
                else
                {
                    throw new HttpException(404, string.Format("Asset {0} is invalid.", assetPath));
                }

                //block any access in settings folder
                string settingsFolder = Path.Combine(AssetBasePath, "settings").ToLowerInvariant() + @"\";
                if (assetPath.ToLowerInvariant().StartsWith(settingsFolder))
                {
                    throw new HttpException((int)AssetRequestState.Forbidden, Ingeniux.Runtime.Properties.Resources.AccessToDynamicSiteServerMetaDataIsForbidd);
                }

                if (!System.IO.File.Exists(assetPath))
                {
                    path = path.Replace("\\", "/");
                    if (path.StartsWith("assets/"))
                    {
                        path = "/" + path.SubstringAfter("assets/");
                    }
                    var urlmap      = Runtime.StructureUrlMap.Get(CmsRoute.GetSitePath());
                    var urlmapEntry = urlmap.GetPageDataByPath(path);
                    if (urlmapEntry != null)
                    {
                        CMSPageDefaultController pageController = initPageController();
                        return(pageController.Index());
                    }
                    else
                    {
                        throw new HttpException(404, Ingeniux.Runtime.Properties.Resources.AssetDoesnTExist);
                    }
                }

                DateTime lastWriteTime = System.IO.File.GetLastWriteTime(assetPath);

                if (!changed(lastWriteTime))
                {
                    return(new HttpStatusCodeResult(304));
                }

                string ext = Path.GetExtension(assetPath).TrimStart('.');

                string mimeType = MIMEAssistant.GetMIMEType(ext);

                bool isAttachment = path.StartsWith("documents/") || mimeType == MIMEAssistant.DEFAULT_MIME_TYPE;

                //if (isAttachment)
                //	Response.AddHeader("Content-Disposition", "attachment");

                string thisUrl = Request.Url.AbsoluteUri;

                if (!isPreviewRequest)
                {
                    //if (Authman.IsForbiddenAsset(path) || Authman.IsProtectedAsset(path) || isAttachment)
                    //{
                    //	setNoCache();
                    //}
                    //else
                    //{
                    //	Response.Cache.SetCacheability(HttpCacheability.ServerAndPrivate);
                    //	//Response.Cache.SetExpires(DateTime.MaxValue);
                    //	Response.CacheControl = "private";
                    //	Response.Cache.SetLastModified(System.IO.File.GetLastWriteTime(assetPath));
                    //}

                    //when runtime request, check protected and forbidden folder
                    AssetRequestState stateCheck = Authman.CheckAssetAccessiblility(path, Request);
                    if (stateCheck == AssetRequestState.Forbidden)
                    {
                        string forbiddenResponsePagePath = AuthenticationManager.Settings.ForbiddenFoldersResponsePage;

                        //path is blocked, go to forbidden response page
                        if (!string.IsNullOrWhiteSpace(forbiddenResponsePagePath))
                        {
                            if (!forbiddenResponsePagePath.EndsWith(".xml") || !forbiddenResponsePagePath.SubstringBefore(".", false, true).IsXId())
                            {
                                string fullRedirPath = forbiddenResponsePagePath.ToAbsoluteUrl();
                                fullRedirPath += fullRedirPath.Contains("?") ? "&" : "?";
                                fullRedirPath += "blockedPath=" + HttpUtility.UrlEncode(HttpUtility.UrlEncode(thisUrl));

                                return(Redirect(fullRedirPath));
                            }
                            else
                            {
                                //if the setting is standar xid.xml, then use more friendly path rewrite
                                return(rewriteToCmsPath(
                                           forbiddenResponsePagePath.SubstringBefore(".", false, true),
                                           new Dictionary <string, string> {
                                    { "blockedPath", thisUrl }
                                }));
                            }
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsForbidden);
                        }
                    }

                    if (stateCheck == AssetRequestState.Unauthorized)
                    {
                        string loginPagePath = Authman.LoginPath;
                        if (!string.IsNullOrWhiteSpace(loginPagePath))
                        {
                            string loginPathUrl = loginPagePath.ToAbsoluteUrl();
                            loginPathUrl += loginPathUrl.Contains("?") ? "&" : "?";
                            loginPathUrl += AuthenticationManager.Settings.RedirectionQueryStringName + "=" + Uri.EscapeDataString(Uri.EscapeDataString(thisUrl));
                            return(RedirectPermanent(loginPathUrl));
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsNotAuthorized);
                        }
                    }

                    //use download manager if is protected asset, this way we can use the download page
                    if (!string.IsNullOrWhiteSpace(AuthenticationManager.Settings.BinaryDownloadPage) && Authman.IsProtectedAsset(path))
                    {
                        DownloadManager             downloadsMan = Authman.DownloadsManager;
                        string                      downloadPageId;
                        Dictionary <string, string> queryStrings = new Dictionary <string, string>();
                        bool presentDownloadPage = downloadsMan.ProcessProtectedDownload(Request.RequestContext.HttpContext,
                                                                                         out queryStrings, out downloadPageId);

                        if (presentDownloadPage)
                        {
                            //Response.AddHeader("Content-Disposition", "attachment");

                            //return File(assetPath, mimeType);
                            return(rewriteToCmsPath(downloadPageId, queryStrings));
                        }

                        //return rewriteToCmsPath(downloadPageId, queryStrings);
                    }
                }

                setCacheResponses(ext, mimeType, path);

                var forceDownloadDocuments = ConfigurationManager.AppSettings["ForceDownloadDocuments"] != null ?
                                             ConfigurationManager.AppSettings["ForceDownloadDocuments"].ToBoolean() : true;

                var bypassDownloadDocTypes = ConfigurationManager.AppSettings["DocumentExtBypassDownload"] != null ?
                                             ConfigurationManager.AppSettings["DocumentExtBypassDownload"].Split(';') : new string[] { "" };

                if (isAttachment && (forceDownloadDocuments && !bypassDownloadDocTypes.Contains(ext)))
                {
                    Response.AddHeader("Content-Disposition", "attachment");
                }

                FileInfo assetInfo = new FileInfo(assetPath);

                if (assetInfo.Length == 0)
                {
                    return(File(assetPath, mimeType));
                }

                try
                {
                    return(new RangeFilePathResult(mimeType, assetInfo.FullName, assetInfo.LastWriteTimeUtc, assetInfo.Length));
                    //return File(assetPath, mimeType);
                }
                catch (Exception e)
                {
                    return(File(assetPath, mimeType));
                }
            }
        }
Ejemplo n.º 2
0
        public async Task <ActionResult> Get()
        {
            string path = HttpUtility.UrlDecode(Request.GetRelativePath())
                          .ToLowerInvariant();

            //if it is going to ICE images, use a different system, get image content from resource
            if (path.ToLowerInvariant().EndsWith("images/_ice_/play.png"))
            {
                string ext = Path.GetExtension(path);
                //string mimeType = MIMEAssisant.GetMIMEType("png");
                string mimeType = MIMEAssistant.GetMIMEType("png");

                var image = Properties.Resources.play;

                MemoryStream ms = new MemoryStream();
                image.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
                ms.Position = 0;

                return(File(ms, mimeType));
            }
            else
            {
                path = path.Contains("assets/") ? path.SubstringAfter("assets/") : path.TrimStart('/');
                string assetPath = Path.Combine(AssetBasePath, path.TrimStart('/').Replace("/", @"\"));

                //block any access in settings folder
                string settingsFolder = Path.Combine(AssetBasePath, "settings").ToLowerInvariant() + @"\";
                if (assetPath.ToLowerInvariant().StartsWith(settingsFolder))
                {
                    throw new HttpException((int)AssetRequestState.Forbidden, Ingeniux.Runtime.Properties.Resources.AccessToDynamicSiteServerMetaDataIsForbidd);
                }

                if (!System.IO.File.Exists(assetPath))
                {
                    throw new HttpException(404, Ingeniux.Runtime.Properties.Resources.AssetDoesnTExist);
                }

                DateTime lastWriteTime = System.IO.File.GetLastWriteTime(assetPath);

                if (!changed(lastWriteTime))
                {
                    return(new HttpStatusCodeResult(304));
                }

                string ext = Path.GetExtension(assetPath).TrimStart('.');

                string mimeType = MIMEAssistant.GetMIMEType(ext);

                bool isAttachment = path.StartsWith("documents/") || mimeType == MIMEAssistant.DEFAULT_MIME_TYPE;

                //if (isAttachment && !Authman.IsProtectedAsset(path))
                //	Response.AddHeader("Content-Disposition", "attachment");

                string thisUrl = Request.Url.AbsoluteUri;

                if (!isPreviewRequest)
                {
                    //if (Authman.IsForbiddenAsset(path) || Authman.IsProtectedAsset(path) || isAttachment)
                    //{
                    //	setNoCache();
                    //}
                    //else
                    //{
                    //	Response.Cache.SetCacheability(HttpCacheability.ServerAndPrivate);
                    //	//Response.Cache.SetExpires(DateTime.MaxValue);
                    //	Response.CacheControl = "private";
                    //	Response.Cache.SetLastModified(System.IO.File.GetLastWriteTime(assetPath));
                    //}

                    //when runtime request, check protected and forbidden folder
                    AssetRequestState stateCheck = Authman.CheckAssetAccessiblility(path, Request);
                    if (stateCheck == AssetRequestState.Forbidden)
                    {
                        string forbiddenResponsePagePath = AuthenticationManager.Settings.ForbiddenFoldersResponsePage;

                        //path is blocked, go to forbidden response page
                        if (!string.IsNullOrWhiteSpace(forbiddenResponsePagePath))
                        {
                            if (!forbiddenResponsePagePath.EndsWith(".xml") || !forbiddenResponsePagePath.SubstringBefore(".", false, true).IsXId())
                            {
                                string fullRedirPath = forbiddenResponsePagePath.ToAbsoluteUrl();
                                fullRedirPath += fullRedirPath.Contains("?") ? "&" : "?";
                                fullRedirPath += "blockedPath=" + HttpUtility.UrlEncode(HttpUtility.UrlEncode(thisUrl));

                                return(Redirect(fullRedirPath));
                            }
                            else
                            {
                                //if the setting is standar xid.xml, then use more friendly path rewrite
                                return(rewriteToCmsPath(
                                           forbiddenResponsePagePath.SubstringBefore(".", false, true),
                                           new Dictionary <string, string> {
                                    { "blockedPath", thisUrl }
                                }));
                            }
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsForbidden);
                        }
                    }

                    if (stateCheck == AssetRequestState.Unauthorized)
                    {
                        string loginPagePath = Authman.LoginPath;
                        if (!string.IsNullOrWhiteSpace(loginPagePath))
                        {
                            string loginPathUrl = loginPagePath.ToAbsoluteUrl();
                            loginPathUrl += loginPathUrl.Contains("?") ? "&" : "?";
                            loginPathUrl += AuthenticationManager.Settings.RedirectionQueryStringName + "=" + Uri.EscapeDataString(Uri.EscapeDataString(thisUrl));
                            return(RedirectPermanent(loginPathUrl));
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsNotAuthorized);
                        }
                    }

                    //use download manager if is protected asset, this way we can use the download page
                    if (!string.IsNullOrWhiteSpace(AuthenticationManager.Settings.BinaryDownloadPage) && Authman.IsProtectedAsset(path))
                    {
                        DownloadManager             downloadsMan = Authman.DownloadsManager;
                        string                      downloadPageId;
                        Dictionary <string, string> queryStrings = new Dictionary <string, string>();
                        bool presentDownloadPage = downloadsMan.ProcessProtectedDownload(Request.RequestContext.HttpContext,
                                                                                         out queryStrings, out downloadPageId);

                        if (presentDownloadPage)
                        {
                            //Response.AddHeader("Content-Disposition", "attachment");

                            //return File(assetPath, mimeType);
                            return(rewriteToCmsPath(downloadPageId, queryStrings));
                        }

                        //return rewriteToCmsPath(downloadPageId, queryStrings);
                    }
                }

                setCacheResponses(ext, mimeType, path);

                var forceDownloadDocuments = ConfigurationManager.AppSettings["ForceDownloadDocuments"] != null ?
                                             ConfigurationManager.AppSettings["ForceDownloadDocuments"].ToBoolean() : true;

                var bypassDownloadDocTypes = ConfigurationManager.AppSettings["DocumentExtBypassDownload"] != null ?
                                             ConfigurationManager.AppSettings["DocumentExtBypassDownload"].Split(';') : new string[] { "" };

                if (isAttachment && (forceDownloadDocuments && !bypassDownloadDocTypes.Contains(ext)))
                {
                    Response.AddHeader("Content-Disposition", "attachment");
                }

                FileInfo assetInfo = new FileInfo(assetPath);
                return(new RangeFilePathResult(mimeType, assetInfo.FullName, assetInfo.LastWriteTimeUtc, assetInfo.Length));
            }
        }
Ejemplo n.º 3
0
        public ActionResult Get()
        {
            string path = HttpUtility.UrlDecode(Request.GetRelativePath());

            //if it is going to ICE images, use a different system, get image content from resource
            if (path.ToLowerInvariant().EndsWith("images/_ice_/play.png"))
            {
                string mimeType = MIMEAssistant.GetMIMEType("png");

                var image = Properties.Resources.play;

                MemoryStream ms = new MemoryStream();
                image.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
                ms.Position = 0;

                return(File(ms, mimeType));
            }
            else if (path.Contains("swapandsellimgs/"))
            {
                string ext      = Path.GetExtension(path);
                string mimeType = MIMEAssistant.GetMIMEType(ext);

                string filePath = Path.Combine(Server.MapPath("~/App_Data/"), path.TrimStart('/'));
                if (!System.IO.File.Exists(filePath))
                {
                    throw new HttpException(404, Ingeniux.Runtime.Properties.Resources.AssetDoesnTExist);
                }

                return(File(filePath, mimeType));
            }
            else
            {
                path = path.Contains("assets/") ? path.SubstringAfter("assets/") : path;
                string assetPath = Path.Combine(AssetBasePath, path.TrimStart('/').Replace("/", @"\"));

                if (!System.IO.File.Exists(assetPath))
                {
                    throw new HttpException(404, Ingeniux.Runtime.Properties.Resources.AssetDoesnTExist);
                }

                DateTime lastWriteTime = System.IO.File.GetLastWriteTime(assetPath);

                if (!changed(lastWriteTime))
                {
                    return(new HttpStatusCodeResult(304));
                }

                string ext = Path.GetExtension(assetPath).TrimStart('.');

                string mimeType = MIMEAssistant.GetMIMEType(ext);

                if (path.StartsWith("documents/") || mimeType == MIMEAssistant.DEFAULT_MIME_TYPE)
                {
                    Response.AddHeader("Content-Disposition", "attachment");
                }

                string thisUrl = Request.Url.AbsoluteUri;

                if (!isPreviewRequest)
                {
                    if (Authman.IsForbiddenAsset(path) || Authman.IsProtectedAsset(path))
                    {
                        setNoCache();
                    }
                    else
                    {
                        Response.Cache.SetCacheability(HttpCacheability.Public);
                        Response.Cache.SetExpires(DateTime.MaxValue);
                        Response.CacheControl = "public";
                        Response.Cache.SetLastModified(System.IO.File.GetLastWriteTime(assetPath));
                    }

                    //when runtime request, check protected and forbidden folder
                    AssetRequestState stateCheck = Authman.CheckAssetAccessiblility(path, Request);
                    if (stateCheck == AssetRequestState.Forbidden)
                    {
                        string forbiddenResponsePagePath = AuthenticationManager.Settings.ForbiddenFoldersResponsePage;

                        //path is blocked, go to forbidden response page
                        if (!string.IsNullOrWhiteSpace(forbiddenResponsePagePath))
                        {
                            if (!forbiddenResponsePagePath.EndsWith(".xml") || !forbiddenResponsePagePath.SubstringBefore(".", false, true).IsXId())
                            {
                                string fullRedirPath = forbiddenResponsePagePath.ToAbsoluteUrl();
                                fullRedirPath += fullRedirPath.Contains("?") ? "&" : "?";
                                fullRedirPath += "blockedPath=" + HttpUtility.UrlEncode(HttpUtility.UrlEncode(thisUrl));

                                return(Redirect(fullRedirPath));
                            }
                            else
                            {
                                //if the setting is standar xid.xml, then use more friendly path rewrite
                                return(rewriteToCmsPath(
                                           forbiddenResponsePagePath.SubstringBefore(".", false, true),
                                           new Dictionary <string, string> {
                                    { "blockedPath", thisUrl }
                                }));
                            }
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsForbidden);
                        }
                    }

                    if (stateCheck == AssetRequestState.Unauthorized)
                    {
                        string loginPagePath = Authman.LoginPath;
                        if (!string.IsNullOrWhiteSpace(loginPagePath))
                        {
                            string loginPathUrl = loginPagePath.ToAbsoluteUrl();
                            loginPathUrl += loginPathUrl.Contains("?") ? "&" : "?";
                            loginPathUrl += AuthenticationManager.Settings.RedirectionQueryStringName + "=" + Uri.EscapeDataString(Uri.EscapeDataString(thisUrl));
                            return(RedirectPermanent(loginPathUrl));
                        }
                        else
                        {
                            throw new HttpException((int)stateCheck, Ingeniux.Runtime.Properties.Resources.AccessToAssetIsNotAuthorized);
                        }
                    }

                    //use download manager if is protected asset, this way we can use the download page
                    if (!string.IsNullOrWhiteSpace(AuthenticationManager.Settings.BinaryDownloadPage) && Authman.IsProtectedAsset(path))
                    {
                        DownloadManager             downloadsMan = Authman.DownloadsManager;
                        string                      downloadPageId;
                        Dictionary <string, string> queryStrings = new Dictionary <string, string>();
                        bool presentDownloadPage = downloadsMan.ProcessProtectedDownload(Request.RequestContext.HttpContext,
                                                                                         out queryStrings, out downloadPageId);

                        if (!presentDownloadPage)
                        {
                            Response.AddHeader("Content-Disposition", "attachment");
                            return(File(assetPath, mimeType));
                        }

                        return(rewriteToCmsPath(downloadPageId, queryStrings));
                    }
                }

                return(File(assetPath, mimeType));
            }
        }