public override void OnActionExecuting(ActionExecutingContext context)
{
var listGUID = ((IListController)context.Controller).CurrentListGUID;
var currList = db.Lists.Find(listGUID);
if (currList == null)
{
context.Result = new NotFoundObjectResult(ErrorModel.NotFound());
return;
}
if (!(context.ActionArguments.Values.FirstOrDefault(v => v is IMasterKey) is IMasterKey masterKeyModel))
{
context.Result = new BadRequestObjectResult(ErrorModel.BadRequest());
return;
}
if (!Hashing.CompareStringToHash(masterKeyModel.MasterKey, currList.MasterKeyHash))
{
var res = new ObjectResult(ErrorModel.Unauthorized());
res.StatusCode = 401;
context.Result = res;
return;
}
}
public async Task <IActionResult> Set([FromBody] GeneralSettingsPostModel model)
{
var isNew = false;
var settings = Db.GeneralSettings.FirstOrDefault();
if (settings == null)
{
settings = new GeneralSettingsModel();
isNew = true;
}
if (!model.Password.IsEmpty())
{
if (model.CurrentPassword.IsEmpty() || !Hashing.CompareStringToHash(model.CurrentPassword, settings.PasswordHash))
{
return(BadRequest(ErrorModel.BadRequest("invalid current password")));
}
settings.PasswordHash = Hashing.CreatePasswordHash(model.Password);
}
if (!model.DefaultRedirect.IsEmpty())
{
if (model.DefaultRedirect.Equals("__RESET__"))
{
settings.DefaultRedirect = null;
}
else
{
if (!await URIValidation.Validate(model.DefaultRedirect))
{
return(BadRequest(ErrorModel.BadRequest("invalid defautl redirect url")));
}
settings.DefaultRedirect = model.DefaultRedirect;
}
}
if (isNew)
{
Db.GeneralSettings.Add(settings);
}
else
{
Db.GeneralSettings.Update(settings);
}
await Db.SaveChangesAsync();
return(Ok(settings));
}
public async Task <IActionResult> ProtectedRedirect(Guid guid, [FromBody] ProtectedPostModel model)
{
if (model.Password.IsEmpty())
{
return(Unauthorized());
}
var shortLink = Db.ShortLinks.Find(guid);
if (!IsValid(shortLink))
{
return(BadRequest(ErrorModel.BadRequest("invalid short link")));
}
if (!shortLink.IsPasswordProtected)
{
return(BadRequest(ErrorModel.BadRequest("short link not password protected")));
}
try
{
if (!Hashing.CompareStringToHash(model.Password, shortLink.PasswordHash))
{
return(Unauthorized());
}
}
catch (Exception)
{
return(Unauthorized());
}
await CountRedirect(shortLink, model.DisableTracking);
var res = new ProtectedResponseModel()
{
RootURL = shortLink.RootURL,
};
return(Ok(res));
}
public async Task <IActionResult> Login()
{
StringValues authHeaderValue;
if (!HttpContext.Request.Headers.TryGetValue("Authorization", out authHeaderValue))
{
return(Unauthorized());
}
if (authHeaderValue.Count <= 0 || !authHeaderValue[0].ToLower().StartsWith("basic "))
{
return(Unauthorized());
}
var authValue = authHeaderValue[0].Substring(6);
var settings = Db.GeneralSettings.FirstOrDefault();
if (settings == null || settings.PasswordHash.IsEmpty())
{
return(Unauthorized());
}
if (!Hashing.CompareStringToHash(authValue, settings.PasswordHash))
{
return(Unauthorized());
}
var claims = new List <Claim>
{
};
var identity = new ClaimsIdentity(claims, "login");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal);
return(Ok());
}
public bool ValidateLogin(List list, string keyword) => Hashing.CompareStringToHash(keyword, list.KeywordHash);
