private IActionResult Download(int id, bool asAttachment) { var file = _files.GetFile(id); if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions)) { var filepath = _files.GetFilePath(file); if (System.IO.File.Exists(filepath)) { var result = asAttachment ? PhysicalFile(filepath, file.GetMimeType(), file.Name) : PhysicalFile(filepath, file.GetMimeType()); return(result); } else { _logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FileId} {FilePath}", id, filepath); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {FileId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } string errorPath = Path.Combine(GetFolderPath("images"), "error.png"); return(System.IO.File.Exists(errorPath) ? PhysicalFile(errorPath, MimeUtilities.GetMimeType(errorPath)) : null); }
public IActionResult GetImage(int id, int width, int height, string mode) { var file = _files.GetFile(id); if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions)) { if (Constants.ImageFiles.Split(',').Contains(file.Extension.ToLower())) { var filepath = _files.GetFilePath(file); if (System.IO.File.Exists(filepath)) { mode = (string.IsNullOrEmpty(mode)) ? "crop" : mode; string imagepath = filepath.Replace(Path.GetExtension(filepath), "." + width.ToString() + "x" + height.ToString() + "." + mode.ToLower() + ".png"); if (!System.IO.File.Exists(imagepath)) { if ((_userPermissions.IsAuthorized(User, PermissionNames.Edit, file.Folder.Permissions) || !string.IsNullOrEmpty(file.Folder.ImageSizes) && file.Folder.ImageSizes.ToLower().Split(",").Contains(width.ToString() + "x" + height.ToString())) && Enum.TryParse(mode, true, out ResizeMode resizemode)) { imagepath = CreateImage(filepath, width, height, resizemode.ToString(), imagepath); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Invalid Image Size For Folder Or Invalid Mode Specification {Folder} {Width} {Height} {Mode}", file.Folder, width, height, mode); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } if (!string.IsNullOrEmpty(imagepath)) { return(PhysicalFile(imagepath, file.GetMimeType())); } else { _logger.Log(LogLevel.Error, this, LogFunction.Create, "Error Displaying Image For File {File} {Width} {Height}", file, width, height); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FileId} {FilePath}", id, filepath); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "File Is Not An Image {File}", file); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {FileId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } string errorPath = Path.Combine(GetFolderPath("images"), "error.png"); return(System.IO.File.Exists(errorPath) ? PhysicalFile(errorPath, MimeUtilities.GetMimeType(errorPath)) : null); }
public IActionResult GetImage(int id, int width, int height, string mode, string position, string background, string rotate, string recreate) { var file = _files.GetFile(id); if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions)) { if (Constants.ImageFiles.Split(',').Contains(file.Extension.ToLower())) { var filepath = _files.GetFilePath(file); if (System.IO.File.Exists(filepath)) { // validation if (!Enum.TryParse(mode, true, out ResizeMode _)) { mode = "crop"; } if (!Enum.TryParse(position, true, out AnchorPositionMode _)) { position = "center"; } if (!Color.TryParseHex("#" + background, out _)) { background = "000000"; } if (!int.TryParse(rotate, out _)) { rotate = "0"; } rotate = (int.Parse(rotate) < 0 || int.Parse(rotate) > 360) ? "0" : rotate; if (!bool.TryParse(recreate, out _)) { recreate = "false"; } string imagepath = filepath.Replace(Path.GetExtension(filepath), "." + width.ToString() + "x" + height.ToString() + ".png"); if (!System.IO.File.Exists(imagepath) || bool.Parse(recreate)) { if ((_userPermissions.IsAuthorized(User, PermissionNames.Edit, file.Folder.Permissions) || !string.IsNullOrEmpty(file.Folder.ImageSizes) && file.Folder.ImageSizes.ToLower().Split(",").Contains(width.ToString() + "x" + height.ToString()))) { imagepath = CreateImage(filepath, width, height, mode, position, background, rotate, imagepath); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Invalid Image Size For Folder {Folder} {Width} {Height}", file.Folder, width, height); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } if (!string.IsNullOrEmpty(imagepath)) { return(PhysicalFile(imagepath, file.GetMimeType())); } else { _logger.Log(LogLevel.Error, this, LogFunction.Create, "Error Displaying Image For File {File} {Width} {Height}", file, width, height); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FileId} {FilePath}", id, filepath); HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "File Is Not An Image {File}", file); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Access Attempt {FileId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } string errorPath = Path.Combine(GetFolderPath("images"), "error.png"); return(System.IO.File.Exists(errorPath) ? PhysicalFile(errorPath, MimeUtilities.GetMimeType(errorPath)) : null); }
public ActionResult ViewBlob(string repo, string @object, string path, bool raw = false) { var resourceInfo = this.FileManager.GetResourceInfo(repo); if (resourceInfo.Type != ResourceType.Directory || string.IsNullOrEmpty(path)) { return(HttpNotFound()); } var fileName = Path.GetFileName(path); var containingPath = path.Substring(0, path.Length - fileName.Length); TreeView items; try { items = GitUtilities.GetTreeInfo(resourceInfo.FullPath, @object, containingPath); } catch (GitErrorException) { return(HttpNotFound()); } if (!items.Objects.Any(o => o.Name == fileName)) { return(HttpNotFound()); } var contentType = MimeUtilities.GetMimeType(fileName); if (raw) { return(new GitFileResult(resourceInfo.FullPath, @object, path, contentType)); } AddRepoBreadCrumb(repo); this.BreadCrumbs.Append("Browse", "ViewTree", @object, new { repo, @object, path = string.Empty }); var paths = BreadCrumbTrail.EnumeratePath(path, TrailingSlashBehavior.LeaveOffLastTrailingSlash).ToList(); this.BreadCrumbs.Append("Browse", "ViewTree", paths.Take(paths.Count() - 1), p => p.Key, p => new { repo, @object, path = p.Value }); this.BreadCrumbs.Append("Browse", "ViewBlob", paths.Last().Key, new { repo, @object, path = paths.Last().Value }); ViewBag.RepoName = resourceInfo.Name; ViewBag.Tree = @object; ViewBag.Path = path; ViewBag.FileName = fileName; ViewBag.ContentType = contentType; string model = null; if (contentType.StartsWith("text/") || contentType == "application/xml" || Regex.IsMatch(contentType, @"^application/.*\+xml$")) { using (var blob = GitUtilities.GetBlob(resourceInfo.FullPath, @object, path)) { using (var reader = new StreamReader(blob, detectEncodingFromByteOrderMarks: true)) { model = reader.ReadToEnd(); } } } return(View((object)model)); }