public override void OnActionExecuting(ActionExecutingContext context) { var listGUID = ((IListController)context.Controller).CurrentListGUID; var currList = db.Lists.Find(listGUID); if (currList == null) { context.Result = new NotFoundObjectResult(ErrorModel.NotFound()); return; } if (!(context.ActionArguments.Values.FirstOrDefault(v => v is IMasterKey) is IMasterKey masterKeyModel)) { context.Result = new BadRequestObjectResult(ErrorModel.BadRequest()); return; } if (!Hashing.CompareStringToHash(masterKeyModel.MasterKey, currList.MasterKeyHash)) { var res = new ObjectResult(ErrorModel.Unauthorized()); res.StatusCode = 401; context.Result = res; return; } }
public async Task <IActionResult> Set([FromBody] GeneralSettingsPostModel model) { var isNew = false; var settings = Db.GeneralSettings.FirstOrDefault(); if (settings == null) { settings = new GeneralSettingsModel(); isNew = true; } if (!model.Password.IsEmpty()) { if (model.CurrentPassword.IsEmpty() || !Hashing.CompareStringToHash(model.CurrentPassword, settings.PasswordHash)) { return(BadRequest(ErrorModel.BadRequest("invalid current password"))); } settings.PasswordHash = Hashing.CreatePasswordHash(model.Password); } if (!model.DefaultRedirect.IsEmpty()) { if (model.DefaultRedirect.Equals("__RESET__")) { settings.DefaultRedirect = null; } else { if (!await URIValidation.Validate(model.DefaultRedirect)) { return(BadRequest(ErrorModel.BadRequest("invalid defautl redirect url"))); } settings.DefaultRedirect = model.DefaultRedirect; } } if (isNew) { Db.GeneralSettings.Add(settings); } else { Db.GeneralSettings.Update(settings); } await Db.SaveChangesAsync(); return(Ok(settings)); }
public async Task <IActionResult> ProtectedRedirect(Guid guid, [FromBody] ProtectedPostModel model) { if (model.Password.IsEmpty()) { return(Unauthorized()); } var shortLink = Db.ShortLinks.Find(guid); if (!IsValid(shortLink)) { return(BadRequest(ErrorModel.BadRequest("invalid short link"))); } if (!shortLink.IsPasswordProtected) { return(BadRequest(ErrorModel.BadRequest("short link not password protected"))); } try { if (!Hashing.CompareStringToHash(model.Password, shortLink.PasswordHash)) { return(Unauthorized()); } } catch (Exception) { return(Unauthorized()); } await CountRedirect(shortLink, model.DisableTracking); var res = new ProtectedResponseModel() { RootURL = shortLink.RootURL, }; return(Ok(res)); }
public async Task <IActionResult> Login() { StringValues authHeaderValue; if (!HttpContext.Request.Headers.TryGetValue("Authorization", out authHeaderValue)) { return(Unauthorized()); } if (authHeaderValue.Count <= 0 || !authHeaderValue[0].ToLower().StartsWith("basic ")) { return(Unauthorized()); } var authValue = authHeaderValue[0].Substring(6); var settings = Db.GeneralSettings.FirstOrDefault(); if (settings == null || settings.PasswordHash.IsEmpty()) { return(Unauthorized()); } if (!Hashing.CompareStringToHash(authValue, settings.PasswordHash)) { return(Unauthorized()); } var claims = new List <Claim> { }; var identity = new ClaimsIdentity(claims, "login"); var principal = new ClaimsPrincipal(identity); await HttpContext.SignInAsync(principal); return(Ok()); }
public bool ValidateLogin(List list, string keyword) => Hashing.CompareStringToHash(keyword, list.KeywordHash);