public IHttpActionResult DeleteWall(string wallId, GenericWallRequest request)
{
wallId = Helpers.TextSanitizer.Hypersanitize(wallId, true);
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var model = DatabaseContext.Shared.WallModels.Find(wallId);
if (model == null)
{
return(NotFound());
}
if (!IsOwner(model, request))
{
return(Unauthorized());
}
//Delete posts first to avoid reference errors
DatabaseContext.Shared.WallPosts.RemoveRange(model.Posts);
//And delete the files (both references and actual files)
foreach (var file in model.Files)
{
TryDeleteFile(file); //Remove actual files
}
DatabaseContext.Shared.Files.RemoveRange(model.Files); //Remove db info
//And remove the wall from the user, if any
var user = GetUser();
if (user != null)
{
user.Remove(model);
_authRepo.SaveUserUpdate();
}
DatabaseContext.Shared.WallModels.Remove(model);
try
{
DatabaseContext.Shared.SaveChanges();
}
catch (DbUpdateException)
{
if (WallModelExists(wallId))
{
return(InternalServerError());
}
else
{
throw;
}
}
DatabaseContext.Release();
return(Ok());
}
private bool CanModerate(WallModel model, GenericWallRequest request)
{
//No view permission
if (!IsAuthorizedToView(model, GetPassword(request)))
{
return(false);
}
//Everyone has admin
if (model.UnauthorizedUserPermissionLevel ==
WallModel.WallAccessPermissionLevels.ViewEditModerate)
{
return(true);
}
//Owner
if (IsOwner(model, request))
{
return(true);
}
//Not authorized to do anything / aren't on authorized list
if (!User.Identity.IsAuthenticated)
{
return(false);
}
//Get them if possible
var mx = model.AuthorizedUsers.FirstOrDefault(
(m) => m.User.UserName == User.Identity.Name &&
m.PermissionLevel == WallModel.WallAccessPermissionLevels.ViewEditModerate);
//and verify
return(mx != null);
}
private string GetPublicKey(GenericWallRequest model)
{
var user = User.Identity.IsAuthenticated ? _authRepo.FindUserByNameSync(User.Identity.Name) : null;
if (user != null)
{
return(_authRepo.FindUserByNameSync(User.Identity.Name).TokenKeyPublic);
}
else
{
return(model.KeyPublic);
}
}
public IHttpActionResult CheckPassword(string wallId, GenericWallRequest request)
{
wallId = Helpers.TextSanitizer.Hypersanitize(wallId, true);
if (!ModelState.IsValid)
{
return(BadRequest());
}
WallModel wallModel = DatabaseContext.Shared.WallModels.Find(wallId);
if (wallModel == null)
{
return(NotFound());
}
DatabaseContext.Release();
return(Ok(new { authenticated = request.Password == wallModel.Password }));
}
private bool CanCreatePost(WallModel model, GenericWallRequest request)
{
//No view permission
if (!IsAuthorizedToView(model, GetPassword(request)))
{
return(false);
}
if (CanModerate(model, request))
{
return(true);
}
if (IsEditPermission(model.UnauthorizedUserPermissionLevel)) //If anyone can edit
{
return(true);
}
return(UserHasCreatePermissions(model));
}
public IHttpActionResult UploadFile(string wallId, GenericWallRequest _request)
{
HttpRequestMessage request = this.Request;
if (!request.Content.IsMimeMultipartContent())
{
return(BadRequest());
}
if (!WallExists(wallId))
{
return(NotFound());
}
var wall = DatabaseContext.Shared.WallModels.Find(wallId);
if (!CanCreatePost(wall, _request))
{
return(Unauthorized());
}
wallId = Helpers.TextSanitizer.Hypersanitize(wallId).ToLower();
if (wallId.Length <= 0)
{
return(InternalServerError());
}
if (wallId.Length >= 40) //Don't allow length >=40 for wall id
{
wallId = wallId.Substring(0, 40);
}
//Get the directory to store
string root = System.Web.HttpContext.Current.Server.MapPath("~/App_Data/uploads/" + wallId);
System.IO.Directory.CreateDirectory(root);
//And loop through and get all of the files
var httpRequest = HttpContext.Current.Request;
if (httpRequest.Files.Count > 0)
{
var locations = new List <FileLocation>();
foreach (string file in httpRequest.Files)
{
var postedFile = httpRequest.Files[file];
//get the filename to upload to
var extension = System.IO.Path.GetExtension(postedFile.FileName);
var fileName = GetFileName(36) + "." + extension;
var savePath = System.IO.Path.Combine(root, fileName);
//In case we generate identical names, loop until they're different
while (System.IO.File.Exists(savePath))
{
fileName = GetFileName(36) + "." + extension;
savePath = System.IO.Path.Combine(root, fileName);
}
//And save
postedFile.SaveAs(savePath);
locations.Add(new FileLocation()
{
Filename = fileName,
AbsolutePath = String.Format("/api/walls/retrieve/{0}/{1}", wallId, fileName)
});
}
//And add to the wall db
foreach (var fl in locations)
{
var fum = DatabaseContext.Shared.Files.Create();
fum.Filename = fl.Filename;
fum.Wall = wall;
fum.WallId = wall.WallUrl;
wall.Files.Add(fum);
}
DatabaseContext.Shared.SaveChanges();
//And return the info
return(Ok(locations));
}
else
{
return(BadRequest("No files to upload."));
}
DatabaseContext.Release();
}
public IHttpActionResult GetUploadedFile(string wallId, string filename, GenericWallRequest request)
{
var sanitized = Helpers.TextSanitizer.Hypersanitize(wallId).ToLower();
if (sanitized.Length <= 0)
{
return(InternalServerError());
}
if (!WallExists(wallId))
{
return(NotFound());
}
var wall = DatabaseContext.Shared.WallModels.Find(wallId);
if (!CanCreatePost(wall, request))
{
return(Unauthorized());
}
wallId = Helpers.TextSanitizer.Hypersanitize(wallId).ToLower();
if (wallId.Length <= 0)
{
return(InternalServerError());
}
if (sanitized.Length >= 40) //Don't allow length >=40 for wall id
{
sanitized = sanitized.Substring(0, 40);
}
//Get the directory to store
string root = System.Web.HttpContext.Current.Server.MapPath("~/App_Data/uploads/" + sanitized);
System.IO.Directory.CreateDirectory(root);
//Sanitize the filename
filename = Helpers.TextSanitizer.Hypersanitize(filename, false, true);
if (!System.IO.File.Exists(System.IO.Path.Combine(root, filename)))
{
return(NotFound());
}
try
{
var stream = new System.IO.FileStream(System.IO.Path.Combine(root, filename),
System.IO.FileMode.Open, System.IO.FileAccess.Read);
var content = new StreamContent(stream);
var mimeType = MimeTypeMap.MimeTypeMap.GetMimeType(System.IO.Path.GetExtension(filename));
HttpResponseMessage result = new HttpResponseMessage(HttpStatusCode.OK);
result.Content = content;
result.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue(mimeType);
return(Ok(result));
}
catch
{
return(NotFound());
}
}
private bool IsOwner(WallModel model, GenericWallRequest request)
{
return(model.OwnerPrivate == GetPrivateKey(request));
}
private string GetPassword(GenericWallRequest model)
{
return(model.Password);
}
