public IActionResult GetUsers(string mssv, string path)
{
if (path.Length == 0)
{
return(BadRequest());
}
var invalidTokens = new[] { ":", ".." };
if (invalidTokens.Any(path.Contains))
{
return(BadRequest());
}
var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(path));
if (dbContext.Users.Any(x => x.Name == mssv))
{
var file = Path.Combine(appConfig.SharedDocumentPath, decrypted);
if (System.IO.File.Exists(file))
{
var stream = System.IO.File.OpenRead(file);
return(File(stream, "application/octet-stream", Path.GetFileName(file)));
}
return(NotFound());
}
return(Forbid());
}
private string CreateFileToken(string fileName)
{
var fileDownload = new FileDownload()
{
FileName = fileName,
ValidFrom = DateTime.Now
};
var token = JsonConvert.SerializeObject(fileDownload);
return(HexaEncode.Encode(RC4Encrypt.Encrypt(token)));
}
public T DecryptCookie <T>(string cookieValue, Dictionary <string, string> parameters)
{
T result = default(T);
string strEncCookieValue = string.Empty;
string strContent = string.Empty;
string strSHA1Sign = string.Empty;
string strShA1Temp = string.Empty;
string[] arrayCookieValue = new string[2];
try
{
if (cookieValue.Length < 40)
{
return(result);
}
// 取出签名和密文
strSHA1Sign = cookieValue.Substring(0, 40);
strEncCookieValue = cookieValue.Substring(40);
// 签名校验
strShA1Temp = HashEncrypt.SHA1Encrypt(HttpUtility.UrlDecode(strEncCookieValue).Trim() + parameters["hashkey"]);
if (strSHA1Sign != strShA1Temp)
{
return(result);
}
strEncCookieValue = HttpUtility.UrlDecode(strEncCookieValue);
// 还原成明文
strContent = RC4Encrypt.Decrypt(strEncCookieValue, parameters["rc4key"], RC4Encrypt.EncoderMode.HexEncoder);
if (strContent.Length == 0)
{
return(result);
}
arrayCookieValue = JsonConvert.DeserializeObject <string[]>(strContent);
if (arrayCookieValue != null && arrayCookieValue.Length == 3)
{
if (DateTime.Parse(arrayCookieValue[1]) > DateTime.Now && GetClientIP() == arrayCookieValue[2])
{
result = JsonConvert.DeserializeObject <T>(arrayCookieValue[0]);
//Cookie有效,则继续延续有效期
IocManager.Instance.IocContainer.Resolve <CookieHelper>().SaveCookie <T>(parameters["nodeName"], result);
//CookieHelper.SaveCookie<T>(parameters["nodeName"], result);
}
}
return(result);
}
catch
{
return(result);
}
}
private string DecryptToken(string token)
{
var decrypted = RC4Encrypt.Decrypt(HexaEncode.Decode(token));
var file = JsonConvert.DeserializeObject <FileDownload>(decrypted);
if (DateTime.Now - file.ValidFrom > TimeSpan.FromHours(1))
{
throw new BadRequestException("Invalid token");
}
return(file.FileName);
}
public string EncryptCookie <T>(T obj, Dictionary <string, string> parameters)
{
string strCookieValue = string.Empty;
string strEncCookieValue = string.Empty;
string strSHA1Sign = string.Empty;
strCookieValue = SerializationUtility.JsonSerialize3(obj);
strEncCookieValue = RC4Encrypt.Encrypt(strCookieValue, parameters["rc4key"], RC4Encrypt.EncoderMode.HexEncoder).Trim();
strSHA1Sign = HashEncrypt.SHA1Encrypt(strEncCookieValue + parameters["hashkey"]);
strEncCookieValue = HttpUtility.UrlEncode(strEncCookieValue);
strEncCookieValue = strSHA1Sign + strEncCookieValue;
return(strEncCookieValue);
}
public T DecryptCookie <T>(string cookieValue, Dictionary <string, string> parameters)
{
T result = default(T);
string strEncCookieValue = string.Empty;
string strContent = string.Empty;
string strSHA1Sign = string.Empty;
string strShA1Temp = string.Empty;
try
{
if (cookieValue.Length < 40)
{
return(result);
}
// 取出签名和密文
strSHA1Sign = cookieValue.Substring(0, 40);
strEncCookieValue = cookieValue.Substring(40);
// 签名校验
strShA1Temp = HashEncrypt.SHA1Encrypt(HttpUtility.UrlDecode(strEncCookieValue).Trim() + parameters["hashkey"]);
if (strSHA1Sign != strShA1Temp)
{
return(result);
}
strEncCookieValue = HttpUtility.UrlDecode(strEncCookieValue);
// 还原成明文
strContent = RC4Encrypt.Decrypt(strEncCookieValue, parameters["rc4key"], RC4Encrypt.EncoderMode.HexEncoder);
if (strContent.Length == 0)
{
return(result);
}
result = SerializationUtility.JsonDeserialize3 <T>(strContent);
return(result);
}
catch
{
return(result);
}
}
public string EncryptCookie <T>(T obj, Dictionary <string, string> parameters)
{
string strCookieValue = string.Empty;
string strEncCookieValue = string.Empty;
string strSHA1Sign = string.Empty;
string[] arrayCookieValue = new string[3];
int securityExpires = 0;
int.TryParse(parameters["securityExpires"], out securityExpires);
arrayCookieValue[0] = JsonConvert.SerializeObject(obj);
arrayCookieValue[1] = DateTime.Now.AddMinutes(securityExpires).ToString();
arrayCookieValue[2] = GetClientIP();
strCookieValue = JsonConvert.SerializeObject(arrayCookieValue);
strEncCookieValue = RC4Encrypt.Encrypt(strCookieValue, parameters["rc4key"], RC4Encrypt.EncoderMode.HexEncoder).Trim();
strSHA1Sign = HashEncrypt.SHA1Encrypt(strEncCookieValue + parameters["hashkey"]);
strEncCookieValue = HttpUtility.UrlEncode(strEncCookieValue);
strEncCookieValue = strSHA1Sign + strEncCookieValue;
return(strEncCookieValue);
}
public string Enc(string enc)
{
return(HexaEncode.Encode(RC4Encrypt.Encrypt(enc)));
}
//[TypeFilter(typeof(IPFilterAttribute))]
public IActionResult DownloadPdf(string fileName)
{
fileName = RC4Encrypt.Decrypt(HexaEncode.Decode(fileName));
return(GetFile(_webHostEnvironment.WebRootPath + "\\uploads\\", fileName));
}
