public List <dynamic> GetData(string type) { List <dynamic> dataset = new List <dynamic>(); try { using (var context = new GreenWerxDbContext(this._connectionKey)) { dataset = context.GetAllOf(type).ToList(); } } catch (Exception ex) { Debug.Assert(false, ex.Message); _logger.InsertError(ex.Message, "DatasetManager", "GetData:" + type); } return(dataset); }
public ServiceResult Delete(INode n, bool purge = false) //TODO check if finance account references this currency. if so then return error. { ServiceResult res = ServiceResponse.OK(); if (n == null) { return(ServiceResponse.Error("No record sent.")); } if (!this.DataAccessAuthorized(n, "DELETE", false)) { return(ServiceResponse.Error("You are not authorized this action.")); } var p = (Currency)n; try { // List<SqlParameter> parameters = new List<SqlParameter>(); DynamicParameters parameters = new DynamicParameters(); parameters.Add("@UUID", p.UUID); using (var context = new TreeMonDbContext(this._connectionKey)) { if (context.Delete <Currency>("WHERE UUID=@UUID", parameters) == 0) { return(ServiceResponse.Error(p.Name + " failed to delete. ")); } } //SQLITE //this was the only way I could get it to delete a RolePermission without some stupid EF error. //object[] paramters = new object[] { rp.PermissionUUID , rp.RoleUUID ,rp.AccountUUID }; //context.Delete<RolePermission>("WHERE PermissionUUID=? AND RoleUUID=? AND AccountUUID=?", paramters); // context.Delete<RolePermission>(rp); } catch (Exception ex) { _logger.InsertError(ex.Message, "ItemManager", "DeleteItem"); Debug.Assert(false, ex.Message); return(ServiceResponse.Error("Exception occured while deleting this record.")); } return(res); }
public ServiceResult GetBy(string uuid) { try { UserManager userManager = new UserManager(Globals.DBConnectionKey, Request.Headers?.Authorization?.Parameter); User u = (User)userManager.GetBy(uuid, true); if (u == null) { return(ServiceResponse.Error("User not found.")); } return(ServiceResponse.OK("", u)); } catch (Exception ex) { SystemLogger logger = new SystemLogger(Globals.DBConnectionKey); logger.InsertError(ex.Message, "UsersController", "GetBy"); } return(ServiceResponse.Error()); }
public ServiceResult MoveProductsToCategory() { if (CurrentUser == null) { return(ServiceResponse.Error("You must be logged in to access this function.")); } ServiceResult res; try { Task <string> content = Request.Content.ReadAsStringAsync(); if (content == null) { return(ServiceResponse.Error("No products were sent.")); } string body = content.Result; if (string.IsNullOrEmpty(body)) { return(ServiceResponse.Error("No products were sent.")); } List <Product> products = JsonConvert.DeserializeObject <List <Product> >(body); ProductManager pm = new ProductManager(Globals.DBConnectionKey, this.GetAuthToken(Request)); res = pm.Update(products); } catch (Exception ex) { res = ServiceResponse.Error(ex.Message); Debug.Assert(false, ex.Message); SystemLogger logger = new SystemLogger(Globals.DBConnectionKey); logger.InsertError(ex.Message, "ProductController", "MoveProductCategories"); } return(res); }
public int ClearExpiredSessions(int minutes) { if (minutes > 0) { minutes = minutes * -1; } int deletedSessions = 0; DateTime expireDate = DateTime.UtcNow.AddMinutes(minutes); try { List <UserSession> sessions; using (var context = new GreenWerxDbContext(_connectionKey)) { sessions = context.GetAll <UserSession>(). Where(w => w.Issued < expireDate && w.IsPersistent == false)?.ToList(); } if (sessions == null) { return(0); } foreach (UserSession s in sessions) { if (DeleteSession(s.AuthToken)) { deletedSessions++; } } } catch (Exception ex) { _logger.InsertError(ex.Message, "SessionManager", MethodInfo.GetCurrentMethod().Name); } return(deletedSessions); }
public ServiceResult GetDataset(string category = "", string field = "") { List <DataPoint> dataSet; if (string.IsNullOrWhiteSpace(category)) { return(ServiceResponse.Error("You must provide a category to get the datasets.")); } if (string.IsNullOrWhiteSpace(field)) { return(ServiceResponse.Error("You must provide a series to get the datasets.")); } if (CurrentUser == null) { return(ServiceResponse.Error("You must be logged in to access this function.")); } if (category?.ToLower() == "users" && CurrentUser.SiteAdmin == false) //BACKLOG turn on the flag to log permission routes to log this. add numeric value to roles sow we can include multiple roles by doing math >= roleWeight { RoleManager roleManager = new RoleManager(Globals.DBConnectionKey, CurrentUser); if (!roleManager.IsUserInRole(CurrentUser.UUID, "Admin", CurrentUser.AccountUUID) || !roleManager.IsUserInRole(CurrentUser.UUID, "owner", CurrentUser.AccountUUID)) { return(ServiceResponse.Error("You are not authorized to query the category:" + category)); } } try { Task <string> content = ActionContext.Request.Content.ReadAsStringAsync(); if (content == null) { return(ServiceResponse.Error("No screens were sent.")); } string body = content.Result; if (string.IsNullOrEmpty(body)) { return(ServiceResponse.Error("No screens were sent.")); } List <DataScreen> screens = JsonConvert.DeserializeObject <List <DataScreen> >(body); DatasetManager dm = new DatasetManager(Globals.DBConnectionKey, Request.Headers?.Authorization?.Parameter); dataSet = dm.GetData(category, field, screens); return(ServiceResponse.OK("", dataSet)); } catch (Exception ex) { Debug.Assert(false, ex.Message); SystemLogger logger = new SystemLogger(Globals.DBConnectionKey); logger.InsertError(ex.Message, "ReportsController", "GetDataset"); return(ServiceResponse.Error("Error retrieving dataset.")); } }
public async Task <ServiceResult> PostFile(string UUID, string type) //public ServiceResult PostFile(string UUID, string type) { var fileResult = new FileEx(); fileResult.Default = false; string pathToImage = ""; string root = ""; string basePath = "/Content/Uploads/" + this.CurrentUser.UUID; if (type.EqualsIgnoreCase("user") || type.EqualsIgnoreCase("profile") || type.EqualsIgnoreCase("profilemember")) { basePath = "/Content/Protected/" + this.CurrentUser.UUID; } try { if (this.CurrentUser == null) { return(ServiceResponse.Error("You must be logged in to upload.")); } #region non async //var httpRequest = HttpContext.Current.Request; //if (httpRequest.Files.Count < 1) //{ // return ServiceResponse.Error("Bad request"); //} //foreach (string file in httpRequest.Files) //{ // var postedFile = httpRequest.Files[file]; // var filePath = HttpContext.Current.Server.MapPath("~/" + postedFile.FileName); // postedFile.SaveAs(filePath); //} //return ServiceResponse.OK(); #endregion non async HttpRequestMessage request = this.Request; if (!request.Content.IsMimeMultipartContent()) { return(ServiceResponse.Error("Unsupported media type.")); } root = System.Web.HttpContext.Current.Server.MapPath("~" + basePath); if (!Directory.Exists(root)) { Directory.CreateDirectory(root); } var provider = new MultipartFormDataStreamProvider(root); // foreach (MultipartFileData file in provider.FileData) //{ // Trace.WriteLine(file.Headers.ContentDisposition.FileName); // Trace.WriteLine("Server file path: " + file.LocalFileName); // //AppManager app = new AppManager(Globals.DBConnectionKey, "web", this.GetAuthToken(Request)); // //string fileName = file.Headers.ContentDisposition.FileName; // //// Clean the file name.. // //foreach (var c in Path.GetInvalidFileNameChars()) { fileName = fileName.Replace(c, ' '); } // //if (string.IsNullOrWhiteSpace(fileName)) // // continue; // //fileName = fileName.ToUpper(); //} //return ServiceResponse.OK(); ServiceResult res = await request.Content.ReadAsMultipartAsync(provider). ContinueWith <ServiceResult>(o => { if (o.IsFaulted || o.IsCanceled) { _logger.InsertError("o.IsFaulted:" + o.IsFaulted, "AttributesController", "PostFile"); _logger.InsertError("o.IsCanceled:" + o.IsCanceled, "AttributesController", "PostFile"); _logger.InsertError("o.Exception:" + JsonConvert.SerializeObject(o), "AttributesController", "PostFile"); throw new HttpResponseException(HttpStatusCode.InternalServerError); } string fileName = ""; List <string> kvp = o.Result.Contents.First().Headers.First(w => w.Key == "Content-Disposition").Value.ToList()[0].Split(';').ToList(); foreach (string value in kvp) { if (value.Trim().StartsWith("filename")) { String[] tmp = value.Split('='); fileName = DateTime.UtcNow.ToString("yyyyMMdd_hhmmss") + tmp[1].Trim().Replace("\"", ""); } if (value.Contains("defaultImage")) //value.Trim().StartsWith("name")) { fileResult.Default = true; } } // this is the file name on the server where the file was saved string file = provider.FileData.First().LocalFileName; string originalFilename = Path.GetFileName(file); string destFile = file.Replace(originalFilename, fileName); try { if (File.Exists(destFile)) { File.Delete(destFile); } } catch { //file may still be locked so don't worry about it. } try { string extension = Path.GetExtension(destFile)?.ToUpper(); if (!string.IsNullOrWhiteSpace(extension)) { extension = extension.Replace(".", ""); } var image = System.Drawing.Image.FromFile(file); using (var resized = ImageEx.ResizeImage(image, 640, 640)) { switch (extension) { case "PNG": resized.Save(destFile, ImageFormat.Png); break; case "GIF": resized.Save(destFile, ImageFormat.Gif); break; case "JPEG": case "JPG": resized.Save(destFile, ImageFormat.Jpeg); break; default: ImageEx.SaveJpeg(destFile, resized, 90); break; } } } catch (Exception ex) { Debug.Assert(false, ex.Message); } //try //{ // File.Move(file, destFile); //} //catch { }//ditto from above catch file = destFile; string thumbFile = ImageEx.CreateThumbnailImage(file, 64); string ImageUrl = fileName; string fullUrl = this.Request.RequestUri.Scheme + "://" + this.Request.RequestUri.Authority + basePath + "/"; // "/Content/Uploads/" + this.CurrentUser.UUID + "/"; pathToImage = fullUrl + thumbFile; // ImageUrl; if (fileResult.Default) { this.UpdateImageURL(UUID, type, pathToImage); //Now update the database. } else { //add other images to attributes AttributeManager atm = new AttributeManager(Globals.DBConnectionKey, this.GetAuthToken(Request)); var attribute = new TMG.Attribute() { ReferenceUUID = UUID, ReferenceType = type, Value = thumbFile, Image = thumbFile, ValueType = "ImagePath", Name = fileResult.Name, AccountUUID = this.CurrentUser.AccountUUID, DateCreated = DateTime.UtcNow, CreatedBy = CurrentUser.UUID, RoleOperation = ">=", RoleWeight = RoleFlags.MemberRoleWeights.Member, Private = false, NSFW = -1 }; atm.Insert(attribute); } fileResult.UUID = UUID; fileResult.UUIDType = type; fileResult.Status = "saved"; fileResult.Image = fullUrl + ImageUrl; fileResult.ImageThumb = fullUrl + ImageEx.GetThumbFileName(destFile); //todo check this fileResult.Name = fileName; return(ServiceResponse.OK(fileName + " uploaded.", fileResult)); } ); return(res); } catch (Exception ex) { _logger.InsertError("root folder:" + root, "AttributesController", "PostFile"); _logger.InsertError(ex.DeserializeException(false), "AttributesController", "PostFile"); return(ServiceResponse.Error("Upload failed.")); } }
public async Task <ServiceResult> SendMessage(EmailMessage form)// public ServiceResult SendMessage(Message form) { if (form == null) { return(ServiceResponse.Error("No form was posted to the server.")); } try { form.DateSent = DateTime.UtcNow; bool isValidFormat = Validator.IsValidEmailFormat(form.EmailFrom); if (string.IsNullOrWhiteSpace(form.EmailFrom) || isValidFormat == false) { return(ServiceResponse.Error("You must provide a valid email address.")); } if (string.IsNullOrWhiteSpace(form.Body)) { return(ServiceResponse.Error("You must provide a message.")); } EmailMessageManager EmailMessageManager = new EmailMessageManager(Globals.DBConnectionKey, Request?.Headers?.Authorization?.Parameter); NetworkHelper network = new NetworkHelper(); string ipAddress = network.GetClientIpAddress(this.Request); EmailMessage EmailMessage = new EmailMessage(); EmailMessage.Body = form.Body + "<br/><br/><br/>Message Key:" + EmailMessage.UUID; EmailMessage.Subject = form.Subject; EmailMessage.EmailFrom = Cipher.Crypt(Globals.Application.AppSetting("AppKey"), form.EmailFrom.ToLower(), true); EmailMessage.UUIDType += "." + form.Type; if (form.Type?.ToLower() != "contactus") { EmailMessage.EmailTo = Globals.Application.AppSetting("SiteEmail"); } EmailMessage.DateCreated = DateTime.UtcNow; EmailMessage.IpAddress = ipAddress; EmailMessage.Status = "not_sent"; if (CurrentUser != null) { EmailMessage.CreatedBy = CurrentUser.UUID; EmailMessage.AccountUUID = CurrentUser.AccountUUID; } else { EmailMessage.CreatedBy = "ContactUsForm"; EmailMessage.AccountUUID = "ContactUsForm"; } UserManager um = new UserManager(Globals.DBConnectionKey, Request?.Headers?.Authorization?.Parameter); string toName = um.GetUserByEmail(EmailMessage.EmailTo)?.Name; string fromName = um.GetUserByEmail(form.EmailFrom)?.Name; EmailMessage.NameFrom = fromName; EmailMessage.NameTo = toName; if (EmailMessageManager.Insert(EmailMessage).Code == 500) { return(ServiceResponse.Error("Failed to save the email. Try again later.")); } EmailSettings settings = new EmailSettings(); settings.EncryptionKey = Globals.Application.AppSetting("AppKey"); settings.HostPassword = Globals.Application.AppSetting("EmailHostPassword"); settings.HostUser = Globals.Application.AppSetting("EmailHostUser"); settings.MailHost = Globals.Application.AppSetting("MailHost"); settings.MailPort = StringEx.ConvertTo <int>(Globals.Application.AppSetting("MailPort")); settings.SiteDomain = Globals.Application.AppSetting("SiteDomain"); settings.EmailDomain = Globals.Application.AppSetting("EmailDomain"); settings.SiteEmail = Globals.Application.AppSetting("SiteEmail"); settings.UseSSL = StringEx.ConvertTo <bool>(Globals.Application.AppSetting("UseSSL")); MailAddress ma = new MailAddress(settings.SiteEmail, settings.SiteEmail); MailMessage mail = new MailMessage(); mail.From = ma; // mail.ReplyToList.Add( ma ); mail.ReplyToList.Add(form.EmailFrom); mail.To.Add(EmailMessage.EmailTo); mail.Subject = EmailMessage.Subject; mail.Body = EmailMessage.Body + "<br/><br/><br/>IP:" + ipAddress; mail.IsBodyHtml = true; SMTP svc = new SMTP(Globals.DBConnectionKey, settings); return(svc.SendMail(mail)); } catch (Exception ex) { _fileLogger.InsertError(ex.DeserializeException(true), "SiteController", "SendMessage:" + JsonConvert.SerializeObject(form)); } return(ServiceResponse.Error("Failed to send message.")); }
public ServiceResult AddCart(ShoppingCart cart) { using (var context = new TreeMonDbContext(this._connectionKey)) { try { if (context.Insert <ShoppingCart>(cart)) { return(ServiceResponse.OK("Cart created", cart)); } } catch (Exception ex) { _logger.InsertError(ex.Message, "AddCart", MethodInfo.GetCurrentMethod().Name); } } return(ServiceResponse.Error("Failed to create shopping cart.")); }
private DataFilter GetFilter(string filter) { int currentUserRoleWeight = CurrentUser?.RoleWeight ?? 0; bool siteAdmin = CurrentUser?.SiteAdmin ?? false; DataFilter tmpFilter = Globals.DefaultDataFilter; tmpFilter.UserRoleWeight = currentUserRoleWeight; if (string.IsNullOrWhiteSpace(filter) || filter == "[]") { return(tmpFilter); } try { tmpFilter = JsonConvert.DeserializeObject <DataFilter>(filter); if (tmpFilter == null) { return(Globals.DefaultDataFilter); } if (tmpFilter.PageSize > Globals.MaxRecordsPerRequest && siteAdmin == false) { tmpFilter.PageSize = Globals.MaxRecordsPerRequest; } if (currentUserRoleWeight > 0 && siteAdmin == false) { //the higher thier role the more records they can get in one call tmpFilter.PageSize = currentUserRoleWeight * Globals.DefaultDataFilter.PageSize; } if (Validator.HasSqlCommand(tmpFilter.SortBy)) { tmpFilter.SortBy = "Name"; } if (Validator.HasSqlCommand(tmpFilter.SortDirection)) { tmpFilter.SortDirection = "ASC"; } if (Validator.HasSqlCommand(tmpFilter.TimeZone)) { tmpFilter.TimeZone = ""; } for (int i = 0; i < tmpFilter.Screens.Count; i++) { var tmp = tmpFilter.Screens[i].Value + " " + tmpFilter.Screens[i].Command + " " + tmpFilter.Screens[i].Field + " " + tmpFilter.Screens[i].Junction + " " + tmpFilter.Screens[i].Operator + " " + tmpFilter.Screens[i].Type; if (Validator.HasSqlCommand(tmp)) { Debug.Assert(false, "SQL INJECTION! " + tmp); tmpFilter.Screens[i].Value = ""; tmpFilter.Screens[i].Command = ""; tmpFilter.Screens[i].Field = ""; tmpFilter.Screens[i].Junction = ""; tmpFilter.Screens[i].Operator = ""; tmpFilter.Screens[i].Type = ""; } } } catch (Exception ex) { _logger.InsertError(ex.Message, "ApiBaseController", "GetFilter"); return(tmpFilter); } return(tmpFilter); }
public ServiceResult AuthenticateUser(string userName, string password, string ip) { if (string.IsNullOrWhiteSpace(userName)) { using (var context = new TreeMonDbContext(this._connectionKey)) { context.Insert <AuthenticationLog>(new AuthenticationLog() { Authenticated = false, AuthenticationDate = DateTime.UtcNow, IPAddress = ip, FailType = "Blank Username", UserName = userName, UUIDType = "AuthenticationLog", Vector = "UserManager.AuthenticateUser" }); } return(ServiceResponse.Error("Invalid username or password.")); } User user = null; try { using (var context = new TreeMonDbContext(this._connectionKey)) { user = context.GetAll <User>().FirstOrDefault(uw => (uw.Name?.EqualsIgnoreCase(userName) ?? false)); if (user == null) { return(ServiceResponse.Error("Invalid username or password.")); } user.LastActivityDate = DateTime.UtcNow; if (!PasswordHash.ValidatePassword(password, user.PasswordHashIterations + ":" + user.PasswordSalt + ":" + user.Password)) { context.Insert <AuthenticationLog>(new AuthenticationLog() { Authenticated = false, AuthenticationDate = DateTime.UtcNow, IPAddress = ip, FailType = "Invalid Password", UserName = userName, UUIDType = "AuthenticationLog", Vector = "UserManager.AuthenticateUser", DateCreated = DateTime.UtcNow }); user.FailedPasswordAttemptCount++; context.Update <User>(user); return(ServiceResponse.Error("Invalid username or password.")); } ServiceResult sr = IsUserAuthorized(user, ip); if (sr.Status == "ERROR") { return(sr); } user.Online = true; user.LastLoginDate = DateTime.UtcNow; context.Update <User>(user); } } catch (Exception ex) { _logger.InsertError(ex.Message, "UserManager", "AuthenticateUser:"******" IP:" + ip); return(ServiceResponse.Error(ex.Message)); } user = ClearSensitiveData(user); return(ServiceResponse.OK("", user)); }
public async Task <ServiceResult> PostFile(string UUID, string type) { string pathToImage = ""; try { if (this.CurrentUser == null) { return(ServiceResponse.Error("You must be logged in to upload.")); } #region non async //var httpRequest = HttpContext.Current.Request; //if (httpRequest.Files.Count < 1) //{ // return ServiceResponse.Error("Bad request"); //} //foreach (string file in httpRequest.Files) //{ // var postedFile = httpRequest.Files[file]; // var filePath = HttpContext.Current.Server.MapPath("~/" + postedFile.FileName); // postedFile.SaveAs(filePath); //} //return ServiceResponse.OK(); #endregion HttpRequestMessage request = this.Request; if (!request.Content.IsMimeMultipartContent()) { return(ServiceResponse.Error("Unsupported media type.")); } string root = System.Web.HttpContext.Current.Server.MapPath("~/Content/Uploads/" + this.CurrentUser.AccountUUID); if (!Directory.Exists(root)) { Directory.CreateDirectory(root); } var provider = new MultipartFormDataStreamProvider(root); ServiceResult res = await request.Content.ReadAsMultipartAsync(provider). ContinueWith <ServiceResult>(o => { if (o.IsFaulted || o.IsCanceled) { throw new HttpResponseException(HttpStatusCode.InternalServerError); } string fileName = ""; List <string> kvp = o.Result.Contents.First().Headers.Where(w => w.Key == "Content-Disposition").First().Value.ToList()[0].Split(';').ToList(); foreach (string value in kvp) { if (value.Trim().StartsWith("filename")) { String[] tmp = value.Split('='); fileName = tmp[1].Trim().Replace("\"", ""); } } // this is the file name on the server where the file was saved string file = provider.FileData.First().LocalFileName; string originalFilename = Path.GetFileName(file); string destFile = file.Replace(originalFilename, fileName); try { if (File.Exists(destFile)) { File.Delete(destFile); } } catch { //file may still be locked so don't worry about it. } File.Move(file, destFile); file = destFile; string thumbFile = ImageEx.CreateThumbnailImage(file, 64); string ImageUrl = fileName; string fullUrl = this.Request.RequestUri.Scheme + "://" + this.Request.RequestUri.Authority + "/Content/Uploads/" + this.CurrentUser.AccountUUID + "/"; pathToImage = fullUrl + ImageUrl; this.UpdateImageURL(UUID, type, pathToImage); //Now update the database. string results = "{ ImageUrl: \"" + fullUrl + ImageUrl + "\" , ImageThumbUrl:\"" + fullUrl + thumbFile + "\" }"; return(ServiceResponse.OK(fileName + " uploaded.", results)); } ); return(res); }catch (Exception ex) { _logger.InsertError(ex.Message, "InventoryController", "PostFile"); return(ServiceResponse.Error("Upload failed.")); } }
public ServiceResult Delete(INode n, bool purge = false) { if (n == null) { return(ServiceResponse.Error("No record sent.")); } if (!this.DataAccessAuthorized(n, "DELETE", false)) { return(ServiceResponse.Error("You are not authorized this action.")); } if (n.GetType().Name != "Location") { Debug.Assert(false, "TODO FIX THIS IT SHOULDN'T BE ANOTHER TYPE"); } var p = (Location)n; try { using (var context = new GreenWerxDbContext(this._connectionKey)) { if (purge) { DynamicParameters parameters = new DynamicParameters(); parameters.Add("@LocationUUID", p.UUID); if (context.Delete <Location>("WHERE UUID=@LocationUUID", parameters) > 0) { DynamicParameters credParams = new DynamicParameters(); credParams.Add("@UUID", p.UUID); credParams.Add("@TYPE", "Location"); context.Delete <Credential>("WHERE RecipientUUID=@UUID AND RecipientType=@TYPE", credParams); return(ServiceResponse.OK()); } } else { p.Deleted = true; if (context.Update <Location>(p) > 0) { return(ServiceResponse.OK()); } } } return(ServiceResponse.Error("No records deleted.")); ////SQLITE ////this was the only way I could get it to delete a RolePermission without some stupid EF error. ////object[] paramters = new object[] { rp.PermissionUUID , rp.RoleUUID ,rp.AccountUUID }; ////context.Delete<RolePermission>("WHERE PermissionUUID=? AND RoleUUID=? AND AccountUUID=?", paramters); //// context.Delete<RolePermission>(rp); } catch (Exception ex) { _logger.InsertError(ex.Message, "LocationManager", "DeleteLocation:" + p.UUID); Debug.Assert(false, ex.Message); return(ServiceResponse.Error("Exception occured while deleting this record.")); } }