This repository has been archived by the owner on May 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Lesson one work * Initial commit for assignment security * Worked on lesson 1 and a little on 2 * work on readme and made folder for main project * Update README.md Added table with requirements * Moved files around * Added developer page to Overkoepelend * Improved developer page * Databinding work and GDPR assignment * Finished GDPR assignment * Initial GDPR form added to Overkoepelend * Week 2 added to ClientTech * Update README.md * GDPR now working alongside viewcounter. Missing only a few things now for week one client * Removed unused functions and parameters from HomeController * Starting work on developer page binding * Lesson 2 ServerTech in class work * Databinding done * Changed gitignore * Start work on contact page * Required forms contact * Work on updating readme and lesson assignment * push readme for real this time * made readme nicer and fixed one table * Update README.md * Work on class assignment * Added back in * Work on the fucking API * POST finally posts * Google API now gets a good response * Work on finishing rest of the requirements * Captcha function now properly checks * Database connection working * Lesson works + email sending now works * Updates to page: loading bar, more verifications, prevent xss. Moved keys to secret.json so can commit more frequently again * Improved handling of errors and sending data to form. Form is pretty much finished * Summaries and code improvements * Using migrations on database now * nosniff security * Fix merge
- Loading branch information
1 parent
54d6682
commit 45bef36
Showing
63 changed files
with
1,652 additions
and
79 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
115 changes: 115 additions & 0 deletions
115
Overkoepelend/Setup/Setup/Controllers/DevContactController.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
using Ganss.Xss; | ||
using Mailjet.Client; | ||
using Mailjet.Client.TransactionalEmails; | ||
using Microsoft.AspNetCore.Mvc; | ||
using Setup.Models; | ||
using Setup.Models.DeveloperModels; | ||
|
||
namespace Setup.Controllers | ||
{ | ||
[Route("api/[controller]")] | ||
[ApiController] | ||
public class DevContactController : ControllerBase | ||
{ | ||
private readonly IConfiguration Configuration; | ||
private readonly EmailContext db; | ||
|
||
private readonly string GoogleCaptchaUrl = "https://www.google.com/recaptcha/api/siteverify"; | ||
|
||
private bool AcceptCaptcha = false; | ||
private bool AcceptEmail = false; | ||
|
||
/// <summary> | ||
/// Constructor that gets <see cref="EmailContext"/> and <paramref name="configuration"/>. | ||
/// </summary> | ||
/// <param name="db"></param> | ||
/// <param name="configuration"></param> | ||
public DevContactController(EmailContext db, IConfiguration configuration) | ||
{ | ||
this.db = db; | ||
Configuration = configuration; | ||
} | ||
|
||
/// <summary> | ||
/// When /api/DevContact/Contact gets posted, cast body data to <see cref="Email"/> | ||
/// </summary> | ||
/// <param name="email"></param> | ||
/// <returns></returns> | ||
[HttpPost("Contact")] | ||
public IActionResult ContactDeveloper([FromBody] Email email) | ||
{ | ||
if (email is null) return BadRequest(); | ||
|
||
//Prevent XSS | ||
var sanitizer = new HtmlSanitizer(); | ||
if(email.Message is not null) email.Message = sanitizer.Sanitize(email.Message); | ||
if (email.Subject is not null) email.Subject = sanitizer.Sanitize(email.Subject); | ||
|
||
if (email.Response is not null) | ||
{ | ||
Task captchatask = VerifyCaptcha(email.Response); | ||
captchatask.Wait(); | ||
} | ||
|
||
if (!AcceptCaptcha) return StatusCode(403, 0); | ||
|
||
db.Add(email); | ||
db.SaveChanges(); | ||
|
||
SendEmail(email).Wait(); | ||
|
||
if (!AcceptEmail) return StatusCode(403, 1); | ||
|
||
return Ok("{\"Email\": \"" + email.EmailAddress + "\", \"Subject\": \"" + email.Subject + "\", \"Message\": \"" + email.Message + "\"}"); | ||
} | ||
|
||
/// <summary> | ||
/// Captcha will be done server side for better security | ||
/// Verifies captcha from Google | ||
/// </summary> | ||
/// <param name="ResponseUser"></param> | ||
/// <returns></returns> | ||
private async Task VerifyCaptcha(string ResponseUser) | ||
{ | ||
AcceptCaptcha = false; | ||
|
||
using HttpClient client = new(); | ||
var req = new HttpRequestMessage(HttpMethod.Post, GoogleCaptchaUrl); | ||
req.Headers.Add("Accept", "application/x-www-form-urlencoded"); | ||
|
||
req.Content = new FormUrlEncodedContent(new Dictionary<string, string> | ||
{ | ||
{ "secret", Configuration["SecretKeys:CaptchaSecret"] }, | ||
{ "response", ResponseUser } | ||
}); | ||
|
||
HttpResponseMessage resp = await client.SendAsync(req); | ||
AcceptCaptcha = (bool)resp.IsSuccessStatusCode; | ||
} | ||
|
||
/// <summary> | ||
/// Sends email with <see cref="MailjetClient"/> | ||
/// </summary> | ||
/// <param name="email"></param> | ||
/// <returns></returns> | ||
private async Task SendEmail(Email email) | ||
{ | ||
AcceptEmail = false; | ||
|
||
MailjetClient client = new(Configuration["PublicKeys:MailJetPublicKey"], Configuration["SecretKeys:MailJetSecret"]); | ||
|
||
// construct your email with builder | ||
var emailtosend = new TransactionalEmailBuilder() | ||
.WithFrom(new SendContact("s1168716@student.windesheim.nl")) | ||
.WithSubject(email.Subject) | ||
.WithHtmlPart(email.Message + "<br><br>" + "Dit email is afkomstig van: " + email.EmailAddress) | ||
.WithTo(new SendContact("s1168716@student.windesheim.nl")) | ||
.Build(); | ||
|
||
// invoke API to send email | ||
var response = await client.SendTransactionalEmailAsync(emailtosend); | ||
|
||
AcceptEmail = response.Messages[0].Errors is null; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
Overkoepelend/Setup/Setup/Migrations/20230219113947_CSSWindeheim.Designer.cs
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.