public async Task <IActionResult> SetPassword(Guid guid, [FromBody] SetPasswordPostModel pwModel)
{
var shortLink = Db.ShortLinks.Find(guid);
if (shortLink == null)
{
return(NotFound(ErrorModel.NotFound()));
}
if (pwModel.Reset)
{
shortLink.PasswordHash = default;
shortLink.IsPasswordProtected = false;
return(Ok());
}
if (pwModel.Password.IsEmpty())
{
return(BadRequest(ErrorModel.BadRequest("empty password")));
}
shortLink.PasswordHash = Hashing.CreatePasswordHash(pwModel.Password);
shortLink.IsPasswordProtected = true;
Db.ShortLinks.Update(shortLink);
await Db.SaveChangesAsync();
return(Ok());
}
public async Task <IActionResult> Initialize([FromBody] GeneralSettingsPostModel model)
{
var settings = Db.GeneralSettings.FirstOrDefault();
if (settings != null && !settings.PasswordHash.IsEmpty())
{
return(new ForbidResult());
}
if (model.Password.IsEmpty())
{
return(BadRequest(ErrorModel.BadRequest("invalid new password")));
}
var hash = Hashing.CreatePasswordHash(model.Password);
Db.GeneralSettings.Add(new GeneralSettingsModel()
{
PasswordHash = hash,
});
await Db.SaveChangesAsync();
return(Ok());
}
public async Task <IActionResult> Login([FromBody, Bind("ListIdentifier", "Keyword")] AuthorizationModel auth)
{
if (!auth.Validate())
{
return(BadRequest(ErrorModel.BadRequest()));
}
auth.LowerIdentifier();
var list = db.Lists.FirstOrDefault(l => l.Identifier == auth.ListIdentifier);
if (list == null)
{
return(Unauthorized());
}
if (!keywordAccess.ValidateLogin(list, auth.Keyword))
{
return(Unauthorized());
}
var claims = new List <Claim>
{
new Claim(ExtendedClaimTypes.ListIdentifier, list.Identifier),
new Claim(ExtendedClaimTypes.ListGUID, list.GUID.ToString()),
};
var identity = new ClaimsIdentity(claims, "login");
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal);
return(Ok());
}
public async Task <IActionResult> ForgotPassword([FromBody] ForgotPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(NotFound(new ErrorModel
{
StatusCode = System.Net.HttpStatusCode.NotFound,
Method = Request.Method,
URL = Request.Path,
Message = "User Not Found!"
}));
}
//var code = await _userManager.GeneratePasswordResetTokenAsync(user);
//
//var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, code, Request.Scheme);
//
//await _emailSender.SendEmailAsync(model.Email, "Reset Password",
// $"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>");
////return RedirectToAction(nameof(ForgotPasswordConfirmation));
return(Ok("Password reset sent to your email."));
}
public async Task <IActionResult> Edit(Guid guid, [FromBody] ShortLinkModel newShortLink)
{
var shortLink = Db.ShortLinks.Find(guid);
if (shortLink == null)
{
return(NotFound(ErrorModel.NotFound()));
}
if (!shortLink.ValidateIdent())
{
return(BadRequest(ErrorModel.BadRequest("invalid short ident")));
}
if (!CheckShortIdent(newShortLink, shortLink.GUID))
{
return(BadRequest(ErrorModel.BadRequest("short ident already in use")));
}
if (!await newShortLink.ValidateURI())
{
return(BadRequest(ErrorModel.BadRequest("invalid root link")));
}
shortLink.Update(newShortLink);
shortLink.Sanitize();
Db.ShortLinks.Update(shortLink);
await Db.SaveChangesAsync();
return(Ok(shortLink));
}
public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(NotFound(new ErrorModel
{
StatusCode = HttpStatusCode.NotFound,
Method = Request.Method,
URL = Request.Path,
Message = "User Not Found!",
}));
}
var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
if (result.Succeeded)
{
return(Ok("Password Reset Successfully"));
}
return(BadRequest(ErrorModel.BadRequest(Request)));
}
public async Task <IActionResult> CreateList(
[FromBody, Bind("Listidentifier", "Keyword")] AuthorizationModel listAuth)
{
if (!listAuth.Validate())
{
return(BadRequest(ErrorModel.BadRequest()));
}
listAuth.LowerIdentifier();
if (db.Lists.FirstOrDefault(l => l.Identifier == listAuth.ListIdentifier) != null)
{
return(BadRequest(ErrorModel.AlreadyExists()));
}
var list = new List(listAuth.ListIdentifier, listAuth.Keyword);
var masterKey = SecureRandom.GenerateMasterKey(32);
list.MasterKeyHash = Hashing.CreatePasswordHash(masterKey);
await db.Lists.AddAsync(list);
await db.SaveChangesAsync();
var outList = new ListCreated(list, masterKey);
return(Created("list", outList));
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var listGUID = ((IListController)context.Controller).CurrentListGUID;
var currList = db.Lists.Find(listGUID);
if (currList == null)
{
context.Result = new NotFoundObjectResult(ErrorModel.NotFound());
return;
}
if (!(context.ActionArguments.Values.FirstOrDefault(v => v is IMasterKey) is IMasterKey masterKeyModel))
{
context.Result = new BadRequestObjectResult(ErrorModel.BadRequest());
return;
}
if (!Hashing.CompareStringToHash(masterKeyModel.MasterKey, currList.MasterKeyHash))
{
var res = new ObjectResult(ErrorModel.Unauthorized());
res.StatusCode = 401;
context.Result = res;
return;
}
}
public IActionResult ChangePassword([FromBody] ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
var user = ApplicationUser.Get(db, User);
_userManager.ChangePasswordAsync(user, model.Password, model.NewPassword);
return(Ok("Password Changed Successfully"));
}
public async Task <IActionResult> Set([FromBody] GeneralSettingsPostModel model)
{
var isNew = false;
var settings = Db.GeneralSettings.FirstOrDefault();
if (settings == null)
{
settings = new GeneralSettingsModel();
isNew = true;
}
if (!model.Password.IsEmpty())
{
if (model.CurrentPassword.IsEmpty() || !Hashing.CompareStringToHash(model.CurrentPassword, settings.PasswordHash))
{
return(BadRequest(ErrorModel.BadRequest("invalid current password")));
}
settings.PasswordHash = Hashing.CreatePasswordHash(model.Password);
}
if (!model.DefaultRedirect.IsEmpty())
{
if (model.DefaultRedirect.Equals("__RESET__"))
{
settings.DefaultRedirect = null;
}
else
{
if (!await URIValidation.Validate(model.DefaultRedirect))
{
return(BadRequest(ErrorModel.BadRequest("invalid defautl redirect url")));
}
settings.DefaultRedirect = model.DefaultRedirect;
}
}
if (isNew)
{
Db.GeneralSettings.Add(settings);
}
else
{
Db.GeneralSettings.Update(settings);
}
await Db.SaveChangesAsync();
return(Ok(settings));
}
public IActionResult Search([FromQuery] string query,
[FromQuery] int page = 0,
[FromQuery] int size = 100,
[FromQuery] string sortBy = "CreationDate")
{
if (query.IsEmpty())
{
return(BadRequest(ErrorModel.BadRequest("invalid search query")));
}
query = query.ToLower();
var shortLinkModel = typeof(ShortLinkModel);
var property = shortLinkModel.GetProperties()
.FirstOrDefault(p => p.Name.ToLower() == sortBy.ToLower());
if (property == null)
{
return(BadRequest(ErrorModel.BadRequest("invalid property for 'sortBy'")));
}
var outList = Db.ShortLinks
.Where((sl) => sl.ShortIdent.Contains(query) ||
sl.RootURL.Contains(query) ||
sl.GUID.ToString().Contains(query))
.OrderByDescending(sl => property.GetValue(sl))
.Skip(page * size)
.Take(size)
.ToList()
.Select(sl =>
{
var accesses = DbCache.GetAccesses(sl.GUID);
sl.UniqueAccessCount = accesses
.ToArray()
.Count(a => a.IsUnique);
sl.AccessCount = accesses.Length;
sl.LastAccess = accesses
.OrderBy(a => a.Timestamp)
.LastOrDefault()?.Timestamp ?? DateTime.MinValue;
return(sl);
});
return(Ok(outList));
}
public async Task <IActionResult> CreateEntry([Bind("Content"), FromBody] ListEntryPostModel entry)
{
if (!ModelState.IsValid)
{
return(BadRequest(ErrorModel.BadRequest()));
}
if (entry.Content == null || entry.Content == "")
{
return(BadRequest(ErrorModel.BadRequest()));
}
var listEntry = new ListEntry <string>(entry.Content, CurrentListGUID);
db.Entries.Add(listEntry);
await db.SaveChangesAsync();
return(CreatedAtAction("entry created", listEntry));
}
public async Task <IActionResult> LoginByPhone([FromBody] LoginByPhoneViewModel model)
{
if (ModelState.IsValid)
{
var user = db.Users.SingleOrDefault(u => u.PhoneNumber == model.PhoneNumber);
if (user == null)
{
return(NotFound(new ErrorModel
{
StatusCode = System.Net.HttpStatusCode.NotFound,
Method = Request.Method,
URL = Request.Path,
Message = "User Not Found",
}));
}
var result = await _userManager.ChangePhoneNumberAsync(user, model.PhoneNumber, model.VerificationCode);
if (!result.Succeeded)
{
AddErrors(result);
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
var token = await GetToken(user);
if (token != null)
{
return(Ok(token));
}
}
return(BadRequest(new ErrorModel
{
StatusCode = System.Net.HttpStatusCode.BadRequest,
Method = Request.Method,
URL = Request.Path,
Message = "Login Failed"
}));
}
public async Task <IActionResult> RegisterByPhone([FromBody] RegisterByPhoneViewModel model)
{
ApplicationUser user;
if (!db.Users.Any(u => u.PhoneNumber == model.PhoneNumber))
{
user = new ApplicationUser {
UserName = model.PhoneNumber, PhoneNumber = model.PhoneNumber, AddDateTime = DateTime.Now
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with phone number.");
await _signInManager.SignInAsync(user, isPersistent : false);
await _userManager.AddToRoleAsync(user, "User");
}
else
{
AddErrors(result);
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
}
else
{
user = db.Users.SingleOrDefault(u => u.PhoneNumber == model.PhoneNumber);
}
//var code = await _userManager.GenerateChangePhoneNumberTokenAsync(user, user.PhoneNumber);
//await _SMSSender.SendSMSAsync(user.PhoneNumber, $"{code} is your verification code in {_config["Title"]}", false);
//if (_config["Development"] == "True")
//{
// return Ok(new { Status = "Verification code sent!", Code = code });
//}
return(Ok(new { Status = "Verification code sent!" }));
}
public async Task <IActionResult> Login([FromBody] LoginViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ErrorModel.BadRequest(Request, ModelState)));
}
if (ModelState.IsValid)
{
return(await GetTokenAsync(model));
}
return(BadRequest(new ErrorModel
{
StatusCode = System.Net.HttpStatusCode.BadRequest,
Message = "Login Failed",
Method = Request.Method,
URL = Request.Path
}));
}
public async Task <IActionResult> DeleteEntry(Guid entryId)
{
if (entryId == null)
{
return(BadRequest(ErrorModel.BadRequest()));
}
var entry = db.Entries
.FirstOrDefault(e => e.ListGUID == CurrentListGUID && e.GUID == entryId);
if (entry == null)
{
return(NotFound(ErrorModel.NotFound()));
}
db.Entries.Remove(entry);
await db.SaveChangesAsync();
return(Ok());
}
public async Task <IActionResult> ChangePassword(
[FromBody, Bind("MasterKey", "NewKeyword")] ListPasswordChangeModel model)
{
var list = db.Lists.Find(CurrentListGUID);
if (list == null)
{
return(NotFound(ErrorModel.NotFound()));
}
if (model.NewKeyword == null || model.NewKeyword.Length < 1)
{
return(BadRequest(ErrorModel.BadRequest()));
}
list.KeywordHash = Hashing.CreatePasswordHash(model.NewKeyword);
db.Lists.Update(list);
await db.SaveChangesAsync();
return(Ok());
}
public async Task <IActionResult> ProtectedRedirect(Guid guid, [FromBody] ProtectedPostModel model)
{
if (model.Password.IsEmpty())
{
return(Unauthorized());
}
var shortLink = Db.ShortLinks.Find(guid);
if (!IsValid(shortLink))
{
return(BadRequest(ErrorModel.BadRequest("invalid short link")));
}
if (!shortLink.IsPasswordProtected)
{
return(BadRequest(ErrorModel.BadRequest("short link not password protected")));
}
try
{
if (!Hashing.CompareStringToHash(model.Password, shortLink.PasswordHash))
{
return(Unauthorized());
}
}
catch (Exception)
{
return(Unauthorized());
}
await CountRedirect(shortLink, model.DisableTracking);
var res = new ProtectedResponseModel()
{
RootURL = shortLink.RootURL,
};
return(Ok(res));
}
public async Task <IActionResult> Create([FromBody] ShortLinkModel shortLink)
{
if (!shortLink.ValidateIdent())
{
return(BadRequest(ErrorModel.BadRequest("invalid short ident")));
}
if (!CheckShortIdent(shortLink))
{
return(BadRequest(ErrorModel.BadRequest("short ident already in use")));
}
if (!await shortLink.ValidateURI())
{
return(BadRequest(ErrorModel.BadRequest("invalid root link")));
}
shortLink.Sanitize(asNew: true);
Db.ShortLinks.Add(shortLink);
await Db.SaveChangesAsync();
return(Created(shortLink.GUID.ToString(), shortLink));
}
