diff --git a/Monitor/Pages/_get/DownloadFile.cshtml b/Monitor/Pages/_get/DownloadFile.cshtml new file mode 100644 index 0000000..e47402b --- /dev/null +++ b/Monitor/Pages/_get/DownloadFile.cshtml @@ -0,0 +1,5 @@ +@page +@model DownloadFileModel +@{ + Layout = null; +} \ No newline at end of file diff --git a/Monitor/Pages/_get/DownloadFile.cshtml.cs b/Monitor/Pages/_get/DownloadFile.cshtml.cs new file mode 100644 index 0000000..900fa5a --- /dev/null +++ b/Monitor/Pages/_get/DownloadFile.cshtml.cs @@ -0,0 +1,47 @@ +using System; +using System.Collections; +using System.IO; +using Microsoft.Net.Http.Headers; +using Core.Helper; + +namespace Monitor.Pages { + public class DownloadFileModel : _Internal.BasePageModelSecure { + + public void OnGet() { + // Initialize Config + base.Init(); + + // Check we have a log in + if (base.IsLoggedIn(this.HttpContext)) + { + InitializeDownload(); + } + } + + private async void InitializeDownload() { + // Zip the file in an non web accessible folder + string fileName = GetStringParameter("f", ""); + string tempFolder = PTMagicMonitorBasePath + System.IO.Path.DirectorySeparatorChar + "tmp" + System.IO.Path.DirectorySeparatorChar; + + if (System.IO.File.Exists(PTMagicBasePath + fileName)) { + if (!System.IO.Directory.Exists(tempFolder)) { + System.IO.Directory.CreateDirectory(tempFolder); + } + + string sourcefilePath = PTMagicBasePath + fileName; + string destinationFilePath = tempFolder + fileName + ".zip"; + + ZIPHelper.CreateZipFile(new ArrayList() { sourcefilePath }, destinationFilePath); + + // Write out the file + var data = System.IO.File.ReadAllBytes(destinationFilePath); + + Response.ContentType = "application/zip"; + Response.Headers[HeaderNames.CacheControl] = "no-cache"; + Response.Headers[HeaderNames.ContentDisposition] = String.Format("attachment; filename={0}", fileName); + await Response.BodyWriter.WriteAsync(new Memory(data)); + Response.BodyWriter.Complete(); + } + } + } +} diff --git a/Monitor/Startup.cs b/Monitor/Startup.cs index b50797d..fa46e14 100644 --- a/Monitor/Startup.cs +++ b/Monitor/Startup.cs @@ -7,6 +7,7 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.AspNetCore.Server.Kestrel.Core; using Core.Main; +using Core.Helper; using System.Runtime.InteropServices; using System.Diagnostics; @@ -58,6 +59,13 @@ namespace Monitor { options.AllowSynchronousIO = true; }); + + // Remove the old tmp folder if it exists + string oldTmpFolder = monitorBasePath + System.IO.Path.DirectorySeparatorChar + "wwwroot" + System.IO.Path.DirectorySeparatorChar + "assets" + System.IO.Path.DirectorySeparatorChar + "tmp" + System.IO.Path.DirectorySeparatorChar; + if (System.IO.Directory.Exists(oldTmpFolder)) + { + System.IO.Directory.Delete(oldTmpFolder, true); + } } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. @@ -77,7 +85,7 @@ namespace Monitor // Configure request pipeline app.UseStaticFiles(); app.UseSession(); - app.UseMvcWithDefaultRoute(); + app.UseMvcWithDefaultRoute(); // Open the browser if (systemConfiguration.GeneralSettings.Monitor.OpenBrowserOnStart) OpenBrowser("http://localhost:" + systemConfiguration.GeneralSettings.Monitor.Port.ToString()); diff --git a/Monitor/_Internal/BasePageModelSecure.cs b/Monitor/_Internal/BasePageModelSecure.cs index 12ff0ee..080b8ef 100644 --- a/Monitor/_Internal/BasePageModelSecure.cs +++ b/Monitor/_Internal/BasePageModelSecure.cs @@ -7,32 +7,72 @@ namespace Monitor._Internal { public class BasePageModelSecure : BasePageModel { + // The string to redirect to if it fails security + protected string _redirectUrl; + + public BasePageModelSecure(string redirect = null) + { + // Configure redirect URL + _redirectUrl = !String.IsNullOrEmpty(redirect) ? redirect : "Login"; + } + + /// + /// Must be called from inheritting pages to check security + /// public void Init() { + // Initialise base class base.PreInit(); - if (String.IsNullOrEmpty(HttpContext.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString())) && PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected) + // Security check + if (!IsLoggedIn(this.HttpContext)) { - bool redirectToLogin = true; - if (Request.Cookies.ContainsKey("PTMRememberMeKey")) + HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + _redirectUrl); + } + } + + /// + /// Check to see a user if logged in interactively + /// + /// Boolean - User logged in or not + protected Boolean IsLoggedIn(HttpContext context) + { + bool isLoggedIn = false; + + if (PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected) + { + // Do we have a session active? + if (!String.IsNullOrEmpty(context.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString()))) { - string rememberMeKey = Request.Cookies["PTMRememberMeKey"]; - if (!rememberMeKey.Equals("")) + isLoggedIn = true; + } + else + { + // Do we have a auto login cookie? + if (Request.Cookies.ContainsKey("PTMRememberMeKey")) { - string encryptedPassword = EncryptionHelper.Decrypt(Request.Cookies["PTMRememberMeKey"]); - if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword)) + string rememberMeKey = Request.Cookies["PTMRememberMeKey"]; + if (!rememberMeKey.Equals("")) { - HttpContext.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'")); - redirectToLogin = false; + string encryptedPassword = EncryptionHelper.Decrypt(Request.Cookies["PTMRememberMeKey"]); + if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword)) + { + context.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'")); + isLoggedIn = true; + } } } } - - if (redirectToLogin) - { - HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login"); - } } + else + { + // No password required + isLoggedIn = true; + } + + return isLoggedIn; } + } + } diff --git a/Monitor/_Internal/BasePageModelSecureAJAX.cs b/Monitor/_Internal/BasePageModelSecureAJAX.cs index c1c7c6a..c69cc4d 100644 --- a/Monitor/_Internal/BasePageModelSecureAJAX.cs +++ b/Monitor/_Internal/BasePageModelSecureAJAX.cs @@ -1,49 +1,12 @@ -using System; -using System.IO; -using Microsoft.AspNetCore.Http; -using Microsoft.AspNetCore.Mvc; -using Microsoft.AspNetCore.Mvc.RazorPages; -using Microsoft.Extensions.Configuration; -using Microsoft.Extensions.DependencyInjection; -using Newtonsoft.Json; -using Core.Main; -using Core.Helper; -using Core.Main.DataObjects.PTMagicData; -using Core.MarketAnalyzer; -using Core.ProfitTrailer; -using Microsoft.Extensions.Primitives; - -namespace Monitor._Internal +namespace Monitor._Internal { - public class BasePageModelSecureAJAX : BasePageModel + public class BasePageModelSecureAJAX : BasePageModelSecure { - public void Init() - { - base.PreInit(); - - if (String.IsNullOrEmpty(HttpContext.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString())) && PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected) - { - bool redirectToLogin = true; - if (Request.Cookies.ContainsKey("PTMRememberMeKey")) - { - string rememberMeKey = Request.Cookies["PTMRememberMeKey"]; - if (!rememberMeKey.Equals("")) - { - string encryptedPassword = EncryptionHelper.Decrypt(Request.Cookies["PTMRememberMeKey"]); - if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword)) - { - HttpContext.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'")); - redirectToLogin = false; - } - } - } - - if (redirectToLogin) - { - HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "_get/ReturnToLogin"); - } - } + public BasePageModelSecureAJAX() : base(@"_get/ReturnToLogin") { + // Logic in base class } + } + }