public AdHocApiAccessModule(IPenguinUploadContext serverContext) : base("/api")
        {
            ServerContext = serverContext;
            Get("/fileinfo/{idPass}", async args =>
            {
                var idParts = ((string)args.idPass).Split('!');
                var id      = idParts[0];
                string pass = null;
                if (idParts.Length > 1)
                {
                    pass = idParts[1];
                }
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetPublicStoredFileByIdentifierAsync(id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.NotFound);
                }
                if (storedFile.IsPasswordProtected)
                {
                    if (pass == null)
                    {
                        return(HttpStatusCode.Unauthorized);
                    }
                    // Make sure password matches
                    if (!storedFile.CheckPassword(pass))
                    {
                        return(HttpStatusCode.Unauthorized);
                    }
                }
                return(Response.AsJsonNet(storedFile));
            });

            Get("/download/{idPass}", async args =>
            {
                var idParts    = ((string)args.idPass).Split('!');
                var id         = idParts[0];
                var serveEmbed = ((string)Request.Query.embed) == "1";
                string pass    = null;
                if (idParts.Length > 1)
                {
                    pass = idParts[1];
                }
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetPublicStoredFileByIdentifierAsync(id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.NotFound);
                }
                if (storedFile.IsPasswordProtected)
                {
                    // Make sure password matches
                    if (!storedFile.CheckPassword(pass))
                    {
                        return(HttpStatusCode.Unauthorized);
                    }
                }

                // Create unauthenticated storage handler without admin permissions
                // This is OK because download operation does not affect quota.
                var fileUploadHandler = new LocalStorageHandler(ServerContext, null, false);
                var fileStream        = fileUploadHandler.RetrieveFileStream(storedFile.Identifier);
                var contentType       = MimeTypes.GetMimeType(storedFile.Name);
                // serve depending on embed option
                if (serveEmbed)
                {
                    // allow streamable download
                    return(Response.FromPartialStream(Request, fileStream, contentType));
                }
                else
                {
                    var response = new StreamResponse(() => fileStream, contentType);
                    return(response.AsAttachment(storedFile.Name));
                }
            });
        }
Exemplo n.º 2
0
        public ApiAccessModule(IPenguinUploadContext serverContext) : base("/api")
        {
            ServerContext = serverContext;
            this.RequiresAuthentication();
            // Requires API key access
            this.RequiresClaims(x => x.Value == ApiClientAuthenticationService.StatelessAuthClaim.Value);

            var userManager = new WebUserManager(ServerContext);

            // Get user metadata
            Get("/userinfo", async _ =>
            {
                var idUsername = Context.CurrentUser.Identity.Name;
                var user       = await userManager.FindUserByUsernameAsync(idUsername);
                return(Response.AsJsonNet(user));
            });

            // Generate new API key
            Patch("/newkey", async _ =>
            {
                var idUsername = Context.CurrentUser.Identity.Name;
                var user       = await userManager.FindUserByUsernameAsync(idUsername);
                // Update key
                await userManager.GenerateNewApiKeyAsync(user);
                return(Response.AsJsonNet(user));
            });

            // Get list of files
            Get("/files", async _ =>
            {
                var idUsername         = Context.CurrentUser.Identity.Name;
                var user               = await userManager.FindUserByUsernameAsync(idUsername);
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var userFiles          = await storedFilesManager.GetStoredFilesByUserAsync(user);
                var directoryStructure = FileOrganization.BuildStructure(userFiles);
                return(Response.AsJsonNet(directoryStructure));
            });

            // Upload a file
            Post("/upload", async _ =>
            {
                var idUsername        = Context.CurrentUser.Identity.Name;
                var request           = this.Bind <FileUploadRequest>();
                var fileUploadHandler = new LocalStorageHandler(ServerContext, idUsername);
                FileUploadResult uploadResult;
                try
                {
                    uploadResult =
                        await fileUploadHandler.HandleUploadAsync(request.File.Name, request.File.Value);
                }
                catch (QuotaExceededException qEx)
                {
                    return(Response.AsText(qEx.Message).WithStatusCode(HttpStatusCode.Forbidden));
                }

                // Register uploaded file
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         =
                    await storedFilesManager.RegisterStoredFileAsync(idUsername,
                                                                     request.File.Name, request.TargetDirectory, uploadResult.FileId,
                                                                     uploadResult.Size);

                return(Response.AsJsonNet(storedFile));
            });

            // Force download, bypass password
            Get("/fdownload/{id}", async args =>
            {
                var idUsername         = Context.CurrentUser.Identity.Name;
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync((string)args.id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.NotFound);
                }

                var fileUploadHandler = new LocalStorageHandler(ServerContext, idUsername);
                var fileStream        = fileUploadHandler.RetrieveFileStream(storedFile.Identifier);
                var response          = new StreamResponse(() => fileStream, MimeTypes.GetMimeType(storedFile.Name));
                return(response.AsAttachment(storedFile.Name));
            });

            // Set a password on a file
            Patch("/lock/{idPass}", async args =>
            {
                var idParts = ((string)args.idPass).Split('!');
                if (idParts.Length < 2)
                {
                    return(HttpStatusCode.BadRequest);
                }
                var id   = idParts[0];
                var pass = idParts[1];
                if (pass.Length > 128)
                {
                    return(Response.AsText("Password cannot exceed 128 characters.")
                           .WithStatusCode(HttpStatusCode.BadRequest));
                }
                // Update file metadata
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync(id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                await storedFilesManager.SetFilePasswordAsync(storedFile, pass);
                return(HttpStatusCode.OK);
            });

            // Unset a password on a file
            Patch("/unlock/{id}", async args =>
            {
                var id = (string)args.id;
                // Update file metadata
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync(id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                await storedFilesManager.SetFilePasswordAsync(storedFile, null);
                return(HttpStatusCode.OK);
            });

            Patch("/rename/{id}/{name}", async args =>
            {
                var id      = (string)args.id;
                var newname = (string)args.name;
                // Update file metadata
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync(id);
                if (storedFile == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                storedFile.Name = newname;
                await storedFilesManager.UpdateStoredFileInDatabaseAsync(storedFile);
                return(HttpStatusCode.OK);
            });

            // Delete a file
            Delete("/delete/{id}", async args =>
            {
                var idUsername = Context.CurrentUser.Identity.Name;
                var fileId     = (string)args.id;
                // Remove physical file
                var fileUploadHandler = new LocalStorageHandler(ServerContext, idUsername);
                await fileUploadHandler.DeleteFileAsync(fileId);
                // Unregister file
                var storedFilesManager = new StoredFilesManager(ServerContext);
                await storedFilesManager.UnregisterStoredFileAsync(fileId);
                return(HttpStatusCode.OK);
            });

            // Nuke (batch destroy)

            // Delete all a user's files
            Delete("/nuke/files", async _ =>
            {
                var idUsername         = Context.CurrentUser.Identity.Name;
                var user               = await userManager.FindUserByUsernameAsync(idUsername);
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var fileUploadHandler  = new LocalStorageHandler(ServerContext, idUsername);
                // Start tasks to nuke user's files
                var userFiles             = await storedFilesManager.GetStoredFilesByUserAsync(user);
                var nukePhysicalFilesTask = fileUploadHandler.NukeAllFilesAsync(userFiles.Select(x => x.Identifier));
                var nukeFilesTask         = storedFilesManager.NukeAllFilesAsync(user);
                return(HttpStatusCode.OK);
            });

            // Delete a user and all content
            Delete("/nuke/user", async _ =>
            {
                var idUsername = Context.CurrentUser.Identity.Name;
                var user       = await userManager.FindUserByUsernameAsync(idUsername);
                // Disable user
                await userManager.SetEnabledAsync(user, false);
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var fileUploadHandler  = new LocalStorageHandler(ServerContext, idUsername);
                // Start tasks to nuke user's files
                var userFiles             = await storedFilesManager.GetStoredFilesByUserAsync(user);
                var nukePhysicalFilesTask = fileUploadHandler.NukeAllFilesAsync(userFiles.Select(x => x.Identifier));
                var nukeFilesTask         = storedFilesManager.NukeAllFilesAsync(user);
                await nukeFilesTask;
                await nukePhysicalFilesTask;
                // Now nuke the user
                await userManager.RemoveUserAsync(user.Username);
                return(HttpStatusCode.OK);
            });
        }
Exemplo n.º 3
0
        public AdminAccessModule(IPenguinUploadContext serverContext) : base("/api/admin")
        {
            ServerContext = serverContext;

            this.RequiresAuthentication();
            // Requires API key access
            this.RequiresClaims(x => x.Value == ApiClientAuthenticationService.StatelessAuthClaim.Value);

            Before += (ctx) =>
            {
                // Make sure user is an admin
                if (!ServerContext.IsAdministrator(Context.CurrentUser.Identity.Name))
                {
                    return(HttpStatusCode.Unauthorized);
                }
                return(null);
            };

            // List all users
            Get("/enumerateusers", async _ =>
            {
                var webUserManager = new WebUserManager(ServerContext);
                var allUsers       = await webUserManager.GetAllUsersAsync();
                return(Response.AsJsonNet(allUsers));
            });

            // Get user account info
            Get("/accountinfo/{name}", async args =>
            {
                var userManager = new WebUserManager(ServerContext);
                var user        = await userManager.FindUserByUsernameAsync((string)args.name);
                return(user == null ? HttpStatusCode.NotFound : Response.AsJsonNet(user));
            });

            // Disable a user's account
            Patch("/disableuser/{name}", async args =>
            {
                var userManager = new WebUserManager(ServerContext);
                var user        = await userManager.FindUserByUsernameAsync((string)args.name);
                if (user == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                // Disable user
                await userManager.SetEnabledAsync(user, false);
                return(HttpStatusCode.OK);
            });

            // Enable a user's account
            Patch("/enableuser/{name}", async args =>
            {
                var userManager = new WebUserManager(ServerContext);
                var user        = await userManager.FindUserByUsernameAsync((string)args.name);
                if (user == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                // Disable user
                await userManager.SetEnabledAsync(user, true);
                return(HttpStatusCode.OK);
            });

            // Get file info (admin override)
            Get("/fileinfo/{id}", async args =>
            {
                var fileId = (string)args.id;
                // Get metadata
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync(fileId);
                return(Response.AsJsonNet(storedFile));
            });

            // Download a file (admin override)
            Get("/downloadfile/{id}", async args =>
            {
                var fileId = (string)args.id;
                // Get metadata
                var storedFilesManager = new StoredFilesManager(ServerContext);
                var storedFile         = await storedFilesManager.GetStoredFileByIdentifierAsync(fileId);
                if (storedFile == null)
                {
                    return(HttpStatusCode.NotFound);
                }
                var fileUploadHandler = new LocalStorageHandler(ServerContext, null, true);
                var fileStream        = fileUploadHandler.RetrieveFileStream(storedFile.Identifier);
                var response          = new StreamResponse(() => fileStream, MimeTypes.GetMimeType(storedFile.Name));
                return(response.AsAttachment(storedFile.Name));
            });

            // Delete a file (admin override)
            Delete("/deletefile/{id}", async args =>
            {
                var fileId = (string)args.id;
                // Remove physical file
                var fileUploadHandler = new LocalStorageHandler(ServerContext, null, true);
                await fileUploadHandler.DeleteFileAsync(fileId);
                // Unregister file
                var storedFilesManager = new StoredFilesManager(ServerContext);
                await storedFilesManager.UnregisterStoredFileAsync(fileId);
                return(HttpStatusCode.OK);
            });

            // Quota management
            Patch("/updatequota/{name}/{quota}", async args =>
            {
                var userManager = new WebUserManager(ServerContext);
                var user        = await userManager.FindUserByUsernameAsync((string)args.name);
                if (user == null)
                {
                    return(HttpStatusCode.BadRequest);
                }
                // Disable user
                await userManager.SetQuotaAsync(user, (int)args.quota);
                return(HttpStatusCode.OK);
            });
        }