public IActionResult EditSubmit([Bind("Content, Title, Syntax, Url")] PasteEditViewModel model) { if (_config.PasteConfig.Enabled) { try { Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == model.Url).FirstOrDefault(); if (paste != null) { if (paste.User?.Username != User.Identity.Name) { return(new StatusCodeResult(StatusCodes.Status403Forbidden)); } string password = null; // The paste has a password set if (!string.IsNullOrEmpty(paste.HashedPassword)) { // Try to get the password from the session password = GetCachedPassword(model.Url); string hash = string.Empty; if (!string.IsNullOrEmpty(password)) { hash = PasteHelper.HashPassword(paste.Key, password); } if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) { PasswordViewModel passModel = new PasswordViewModel(); passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit"); passModel.Url = model.Url; if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) { passModel.Error = true; passModel.ErrorMessage = "Invalid Password"; } // Redirect them to the password request page return(View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel)); } } // get the old file string subDir = paste.FileName[0].ToString(); string oldFile = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); // Generate a unique file name that does not currently exist string newFilePath = FileHelper.GenerateRandomFileName(_config.PasteConfig.PasteDirectory, _config.PasteConfig.FileExtension, 10); string fileName = Path.GetFileName(newFilePath); string key = PasteHelper.GenerateKey(_config.PasteConfig.KeySize); string iv = PasteHelper.GenerateIV(_config.PasteConfig.BlockSize); PasteHelper.EncryptContents(model.Content, newFilePath, password, key, iv, _config.PasteConfig.KeySize, _config.PasteConfig.ChunkSize); paste.Key = key; paste.KeySize = _config.PasteConfig.KeySize; paste.IV = iv; paste.BlockSize = _config.PasteConfig.BlockSize; if (!string.IsNullOrEmpty(password)) { paste.HashedPassword = PasteHelper.HashPassword(paste.Key, password); } paste.FileName = fileName; paste.Title = model.Title; paste.Syntax = model.Syntax; paste.DateEdited = DateTime.Now; _dbContext.Entry(paste).State = EntityState.Modified; _dbContext.SaveChanges(); // Delete the old file if (System.IO.File.Exists(oldFile)) { System.IO.File.Delete(oldFile); } return(Redirect(Url.SubRouteUrl("p", "Paste.View", new { type = "Full", url = paste.Url }))); } } catch (Exception ex) { return(Redirect(Url.SubRouteUrl("error", "Error.500", new { exception = ex }))); } } return(new StatusCodeResult(StatusCodes.Status403Forbidden)); }
public async Task <IActionResult> ViewPaste(string type, string url, string password) { Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault(); if (paste != null) { ViewBag.Title = (string.IsNullOrEmpty(paste.Title)) ? "Untitled Paste" : paste.Title + " | Pastebin"; ViewBag.Description = "Paste your code or text easily and securely. Set an expiration, set a password, or leave it open for the world to see."; // Increment Views paste.Views += 1; _dbContext.Entry(paste).State = EntityState.Modified; _dbContext.SaveChanges(); // Check Expiration if (PasteHelper.CheckExpiration(paste)) { DeleteFile(paste); return(new StatusCodeResult(StatusCodes.Status404NotFound)); } PasteViewModel model = new PasteViewModel(); model.Url = url; model.Title = paste.Title; model.Syntax = paste.Syntax; model.DatePosted = paste.DatePosted; model.Username = paste.User?.Username; if (User.Identity.IsAuthenticated && type.ToLower() == "full") { Users.Models.User user = UserHelper.GetUser(_dbContext, User.Identity.Name); if (user != null) { model.Vaults = user.Vaults.ToList(); } } byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV); byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize); // The paste has a password set if (!string.IsNullOrEmpty(paste.HashedPassword)) { if (string.IsNullOrEmpty(password)) { // Try to get the password from the session password = GetCachedPassword(url); } string hash = string.Empty; if (!string.IsNullOrEmpty(password)) { hash = PasteHelper.HashPassword(paste.Key, password); keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize); } if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) { PasswordViewModel passModel = new PasswordViewModel(); passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.View"); passModel.Url = url; passModel.Type = type; if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) { passModel.Error = true; passModel.ErrorMessage = "Invalid Password"; } // Redirect them to the password request page return(View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel)); } } // Save the password to the cache CachePassword(url, password); // Read in the file if (string.IsNullOrEmpty(paste.FileName)) { return(new StatusCodeResult(StatusCodes.Status404NotFound)); } string subDir = paste.FileName[0].ToString(); string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); if (!System.IO.File.Exists(filePath)) { return(new StatusCodeResult(StatusCodes.Status404NotFound)); } using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read)) using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes)) using (StreamReader sr = new StreamReader(cs, Encoding.Unicode)) { model.Content = await sr.ReadToEndAsync(); } switch (type.ToLower()) { case "full": return(View("~/Areas/Paste/Views/Paste/Full.cshtml", model)); case "simple": return(View("~/Areas/Paste/Views/Paste/Simple.cshtml", model)); case "raw": return(Content(model.Content, "text/plain")); case "download": //Create File var cd = new System.Net.Mime.ContentDisposition { FileName = url + ".txt", Inline = true }; Response.Headers.Add("Content-Disposition", cd.ToString()); FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read); return(new BufferedFileStreamResult("application/octet-stream", async(response) => await ResponseHelper.StreamToOutput(response, true, new AesCounterStream(fs, false, keyBytes, ivBytes), (int)fs.Length, _config.PasteConfig.ChunkSize), false)); default: return(View("~/Areas/Paste/Views/Paste/Full.cshtml", model)); } } return(new StatusCodeResult(StatusCodes.Status404NotFound)); }
public async Task <IActionResult> Edit(string url, string password) { Models.Paste paste = _dbContext.Pastes.Where(p => p.Url == url).FirstOrDefault(); if (paste != null) { if (paste.User?.Username != User.Identity.Name) { return(new StatusCodeResult(StatusCodes.Status403Forbidden)); } ViewBag.Title = "Edit Paste"; ViewBag.Description = "Edit your paste's content."; // Check Expiration if (PasteHelper.CheckExpiration(paste)) { DeleteFile(paste); return(new StatusCodeResult(StatusCodes.Status404NotFound)); } PasteViewModel model = new PasteViewModel(); model.Url = url; model.Title = paste.Title; model.Syntax = paste.Syntax; model.DatePosted = paste.DatePosted; model.Username = paste.User?.Username; byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV); byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize); // The paste has a password set if (!string.IsNullOrEmpty(paste.HashedPassword)) { if (string.IsNullOrEmpty(password)) { // Try to get the password from the session password = GetCachedPassword(url); } string hash = string.Empty; if (!string.IsNullOrEmpty(password)) { hash = PasteHelper.HashPassword(paste.Key, password); keyBytes = AesCounterManaged.CreateKey(password, ivBytes, paste.KeySize); } if (string.IsNullOrEmpty(password) || hash != paste.HashedPassword) { PasswordViewModel passModel = new PasswordViewModel(); passModel.ActionUrl = Url.SubRouteUrl("p", "Paste.Edit"); passModel.Url = url; if (!string.IsNullOrEmpty(password) && hash != paste.HashedPassword) { passModel.Error = true; passModel.ErrorMessage = "Invalid Password"; } // Redirect them to the password request page return(View("~/Areas/Paste/Views/Paste/PasswordNeeded.cshtml", passModel)); } } // Cache the password CachePassword(url, password); // Read in the file if (string.IsNullOrEmpty(paste.FileName)) { return(new StatusCodeResult(StatusCodes.Status404NotFound)); } string subDir = paste.FileName[0].ToString(); string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName); if (!System.IO.File.Exists(filePath)) { return(new StatusCodeResult(StatusCodes.Status404NotFound)); } using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read)) using (AesCounterStream cs = new AesCounterStream(fs, false, keyBytes, ivBytes)) using (StreamReader sr = new StreamReader(cs, Encoding.Unicode)) { model.Content = await sr.ReadToEndAsync(); } return(View("~/Areas/Paste/Views/Paste/Edit.cshtml", model)); } return(new StatusCodeResult(StatusCodes.Status404NotFound)); }