public static void EncryptContents(string content, string filePath, string password, string key, string iv, int keySize, int chunkSize)
{
byte[] ivBytes = Encoding.Unicode.GetBytes(iv);
byte[] keyBytes = AesCounterManaged.CreateKey(key, ivBytes, keySize);
// Set the hashed password if one is provided and modify the key
if (!string.IsNullOrEmpty(password))
{
keyBytes = AesCounterManaged.CreateKey(password, ivBytes, keySize);
}
// Encrypt Content
byte[] data = Encoding.Unicode.GetBytes(content);
using (MemoryStream ms = new MemoryStream(data))
{
AesCounterManaged.EncryptToFile(filePath, ms, chunkSize, keyBytes, ivBytes);
}
}
public async Task <IActionResult> ViewPaste(string type, string url, string password)
{
Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault();
if (paste != null)
{
ViewBag.Title = (string.IsNullOrEmpty(paste.Title)) ? "Untitled Paste" : paste.Title + " | Pastebin";
ViewBag.Description = "Paste your code or text easily and securely. Set an expiration, set a password, or leave it open for the world to see.";
// Increment Views
paste.Views += 1;
_dbContext.Entry(paste).State = EntityState.Modified;
_dbContext.SaveChanges();
// Check Expiration
if (PasteHelper.CheckExpiration(paste))
{
DeleteFile(paste);
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
PasteViewModel model = new PasteViewModel();
model.Url = url;
model.Title = paste.Title;
model.Syntax = paste.Syntax;
model.DatePosted = paste.DatePosted;
model.Username = paste.User?.Username;
if (User.Identity.IsAuthenticated && type.ToLower() == "full")
{
Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name);
if (user != null)
{
model.Vaults = user.Vaults.ToList();
}
}
byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV);
byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);
// The paste has a password set
if (!string.IsNullOrEmpty(paste.HashedPassword))
{
if (string.IsNullOrEmpty(password))
{
// Try to get the password from the session
password = GetCachedPassword(url);
}
string hash = string.Empty;
if (!string.IsNullOrEmpty(password))
{
hash = PasteHelper.HashPassword(paste.Key, password);
keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize);
}
if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword)
{
PasswordViewModel passModel = new PasswordViewModel();
passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.View");
passModel.Url = url;
passModel.Type = type;
if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword)
{
passModel.Error = true;
passModel.ErrorMessage = "Invalid Password";
}
// Redirect them to the password request page
return(View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel));
}
}
// Save the password to the cache
CachePassword(url, password);
// Read in the file
if (string.IsNullOrEmpty(paste.FileName))
{
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
string subDir = paste.FileName[0].ToString();
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);
if (!System.IO.File.Exists(filePath))
{
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))
using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))
using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))
{
model.Content = await sr.ReadToEndAsync();
}
switch (type.ToLower())
{
case "full":
return(View("~/Areas/Paste/Views/Paste/Full.cshtml", model));
case "simple":
return(View("~/Areas/Paste/Views/Paste/Simple.cshtml", model));
case "raw":
return(Content(model.Content, "text/plain"));
case "download":
//Create File
var cd = new System.Net.Mime.ContentDisposition
{
FileName = url + ".txt",
Inline = true
};
Response.Headers.Add("Content-Disposition", cd.ToString());
FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);
return(new BufferedFileStreamResult("application/octet-stream", async(response) => await ResponseHelper.StreamToOutput(response, true, new AesCounterStream(fs, false, keyBytes, ivBytes), (int)fs.Length, _config.PasteConfig.ChunkSize), false));
default:
return(View("~/Areas/Paste/Views/Paste/Full.cshtml", model));
}
}
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
public async Task <IActionResult> Edit(string url, string password)
{
Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault();
if (paste != null)
{
if (paste.User?.Username != User.Identity.Name)
{
return(new StatusCodeResult(StatusCodes.Status403Forbidden));
}
ViewBag.Title = "Edit Paste";
ViewBag.Description = "Edit your paste's content.";
// Check Expiration
if (PasteHelper.CheckExpiration(paste))
{
DeleteFile(paste);
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
PasteViewModel model = new PasteViewModel();
model.Url = url;
model.Title = paste.Title;
model.Syntax = paste.Syntax;
model.DatePosted = paste.DatePosted;
model.Username = paste.User?.Username;
byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV);
byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);
// The paste has a password set
if (!string.IsNullOrEmpty(paste.HashedPassword))
{
if (string.IsNullOrEmpty(password))
{
// Try to get the password from the session
password = GetCachedPassword(url);
}
string hash = string.Empty;
if (!string.IsNullOrEmpty(password))
{
hash = PasteHelper.HashPassword(paste.Key, password);
keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize);
}
if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword)
{
PasswordViewModel passModel = new PasswordViewModel();
passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit");
passModel.Url = url;
if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword)
{
passModel.Error = true;
passModel.ErrorMessage = "Invalid Password";
}
// Redirect them to the password request page
return(View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel));
}
}
// Cache the password
CachePassword(url, password);
// Read in the file
if (string.IsNullOrEmpty(paste.FileName))
{
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
string subDir = paste.FileName[0].ToString();
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);
if (!System.IO.File.Exists(filePath))
{
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))
using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))
using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))
{
model.Content = await sr.ReadToEndAsync();
}
return(View("~/Areas/Paste/Views/Paste/Edit.cshtml", model));
}
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
public static Models.Upload SaveFile(TeknikEntities db, Config config, Stream file, string contentType, long contentLength, bool encrypt, ExpirationUnit expirationUnit, int expirationLength, string fileExt, string iv, string key, int keySize, int blockSize)
{
if (!Directory.Exists(config.UploadConfig.UploadDirectory))
{
Directory.CreateDirectory(config.UploadConfig.UploadDirectory);
}
// Generate a unique file name that does not currently exist
string filePath = FileHelper.GenerateRandomFileName(config.UploadConfig.UploadDirectory, config.UploadConfig.FileExtension, 10);
string fileName = Path.GetFileName(filePath);
// once we have the filename, lets save the file
if (encrypt)
{
// Generate a key and iv
if (string.IsNullOrEmpty(key))
{
key = StringHelper.RandomString(config.UploadConfig.KeySize / 8);
}
if (string.IsNullOrEmpty(iv))
{
iv = StringHelper.RandomString(config.UploadConfig.BlockSize / 8);
}
byte[] keyBytes = Encoding.UTF8.GetBytes(key);
byte[] ivBytes = Encoding.UTF8.GetBytes(iv);
// Encrypt the file to disk
AesCounterManaged.EncryptToFile(filePath, file, config.UploadConfig.ChunkSize, keyBytes, ivBytes);
}
else
{
// Just write the stream to the file
using (FileStream fileStream = new FileStream(filePath, FileMode.Create, FileAccess.Write))
{
file.Seek(0, SeekOrigin.Begin);
file.CopyTo(fileStream);
}
}
// Generate a unique url
string extension = (config.UploadConfig.IncludeExtension) ? fileExt : string.Empty;
string url = StringHelper.RandomString(config.UploadConfig.UrlLength) + extension;
while (db.Uploads.Where(u => u.Url == url).FirstOrDefault() != null)
{
url = StringHelper.RandomString(config.UploadConfig.UrlLength) + extension;
}
// Generate a deletion key
string delKey = StringHelper.RandomString(config.UploadConfig.DeleteKeyLength);
// Now we need to update the database with the new upload information
Models.Upload upload = new Models.Upload();
upload.DateUploaded = DateTime.Now;
upload.Url = url;
upload.FileName = fileName;
upload.ContentType = (!string.IsNullOrEmpty(contentType)) ? contentType : "application/octet-stream";
upload.ContentLength = contentLength;
upload.Key = key;
upload.IV = iv;
upload.KeySize = keySize;
upload.BlockSize = blockSize;
upload.DeleteKey = delKey;
if (expirationUnit == ExpirationUnit.Views)
{
upload.MaxDownloads = expirationLength;
}
else
{
switch (expirationUnit)
{
case ExpirationUnit.Minutes:
upload.ExpireDate = DateTime.Now.AddMinutes(expirationLength);
break;
case ExpirationUnit.Hours:
upload.ExpireDate = DateTime.Now.AddHours(expirationLength);
break;
case ExpirationUnit.Days:
upload.ExpireDate = DateTime.Now.AddDays(expirationLength);
break;
case ExpirationUnit.Months:
upload.ExpireDate = DateTime.Now.AddMonths(expirationLength);
break;
case ExpirationUnit.Years:
upload.ExpireDate = DateTime.Now.AddYears(expirationLength);
break;
}
}
db.Uploads.Add(upload);
db.SaveChanges();
return(upload);
}
public async Task <IActionResult> ViewVault(string id)
{
Models.Vault foundVault = _dbContext.Vaults.Where(v => v.Url == id).FirstOrDefault();
if (foundVault != null)
{
// Update view count
foundVault.Views += 1;
_dbContext.Entry(foundVault).State = EntityState.Modified;
_dbContext.SaveChanges();
ViewBag.Title = foundVault.Title + " | Vault";
VaultViewModel model = new VaultViewModel();
model.CurrentSub = Subdomain;
model.Url = foundVault.Url;
model.UserId = foundVault.UserId;
model.User = foundVault.User;
model.Title = foundVault.Title;
model.Description = foundVault.Description;
model.DateCreated = foundVault.DateCreated;
model.DateEdited = foundVault.DateEdited;
if (foundVault.VaultItems.Any())
{
foreach (VaultItem item in foundVault.VaultItems.OrderBy(v => v.Index))
{
if (item.GetType().BaseType == typeof(UploadVaultItem))
{
UploadVaultItem upload = (UploadVaultItem)item;
// Increment Views
upload.Upload.Downloads += 1;
_dbContext.Entry(upload.Upload).State = EntityState.Modified;
_dbContext.SaveChanges();
UploadItemViewModel uploadModel = new UploadItemViewModel();
uploadModel.VaultItemId = item.VaultItemId;
uploadModel.Title = item.Title;
uploadModel.Description = item.Description;
uploadModel.DateAdded = item.DateAdded;
uploadModel.Upload = upload.Upload;
model.Items.Add(uploadModel);
}
else if (item.GetType().BaseType == typeof(PasteVaultItem))
{
PasteVaultItem paste = (PasteVaultItem)item;
// Increment Views
paste.Paste.Views += 1;
_dbContext.Entry(paste.Paste).State = EntityState.Modified;
_dbContext.SaveChanges();
// Check Expiration
if (PasteHelper.CheckExpiration(paste.Paste))
{
_dbContext.Pastes.Remove(paste.Paste);
_dbContext.SaveChanges();
break;
}
PasteItemViewModel pasteModel = new PasteItemViewModel();
pasteModel.VaultItemId = item.VaultItemId;
pasteModel.Title = item.Title;
pasteModel.Description = item.Description;
pasteModel.DateAdded = item.DateAdded;
pasteModel.PasteId = paste.Paste.PasteId;
pasteModel.Url = paste.Paste.Url;
pasteModel.DatePosted = paste.Paste.DatePosted;
pasteModel.Syntax = paste.Paste.Syntax;
pasteModel.HasPassword = !string.IsNullOrEmpty(paste.Paste.HashedPassword);
if (!pasteModel.HasPassword)
{
// Read in the file
string subDir = paste.Paste.FileName[0].ToString();
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.Paste.FileName);
if (!System.IO.File.Exists(filePath))
{
continue;
}
byte[] ivBytes = Encoding.Unicode.GetBytes(paste.Paste.IV);
byte[] keyBytes = AesCounterManaged.CreateKey(paste.Paste.Key, ivBytes, paste.Paste.KeySize);
using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))
using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes))
using (StreamReader sr = new StreamReader(cs, Encoding.Unicode))
{
pasteModel.Content = await sr.ReadToEndAsync();
}
}
model.Items.Add(pasteModel);
}
}
}
return(View(model));
}
return(new StatusCodeResult(StatusCodes.Status404NotFound));
}
