using System; using System.Collections.Generic; using System.IO; using System.IO.Compression; using System.Linq; using System.Web; using Orchard.ContentManagement; using Orchard.FileSystems.Media; using Orchard.Localization; using Orchard.Media.Models; using Orchard.Security; using Orchard.Settings; using Orchard.Validation; namespace Orchard.Media.Services { ///

/// The MediaService class provides the services to manipulate media entities (files / folders). /// Among other things it provides filtering functionalities on file types. /// The actual manipulation of the files is, however, delegated to the IStorageProvider. ///

public class MediaService : IMediaService { private readonly IStorageProvider _storageProvider; private readonly IOrchardServices _orchardServices; ///

/// Initializes a new instance of the MediaService class with a given IStorageProvider and IOrchardServices. ///

/// The storage provider. /// The orchard services provider. public MediaService(IStorageProvider storageProvider, IOrchardServices orchardServices) { _storageProvider = storageProvider; _orchardServices = orchardServices; T = NullLocalizer.Instance; } public Localizer T { get; set; } ///

/// Retrieves the public path based on the relative path within the media directory. ///

/// /// "/Media/Default/InnerDirectory/Test.txt" based on the input "InnerDirectory/Test.txt" /// /// The relative path within the media directory. /// The public path relative to the application url. public string GetPublicUrl(string relativePath) { Argument.ThrowIfNullOrEmpty(relativePath, "relativePath"); return _storageProvider.GetPublicUrl(relativePath); } ///

/// Returns the public URL for a media file. ///

/// The relative path of the media folder containing the media. /// The media file name. /// The public URL for the media. public string GetMediaPublicUrl(string mediaPath, string fileName) { return GetPublicUrl(Path.Combine(mediaPath, fileName)); } ///

/// Retrieves the media folders within a given relative path. ///

/// The path where to retrieve the media folder from. null means root. /// The media folder in the given path. public IEnumerable GetMediaFolders(string relativePath) { return _storageProvider.ListFolders(relativePath).Select(folder => new MediaFolder { Name = folder.GetName(), Size = folder.GetSize(), LastUpdated = folder.GetLastUpdated(), MediaPath = folder.GetPath() }).ToList(); } ///

/// Retrieves the media files within a given relative path. ///

/// The path where to retrieve the media files from. null means root. /// The media files in the given path. public IEnumerable GetMediaFiles(string relativePath) { return _storageProvider.ListFiles(relativePath).Select(file => new MediaFile { Name = file.GetName(), Size = file.GetSize(), LastUpdated = file.GetLastUpdated(), Type = file.GetFileType(), FolderName = relativePath, MediaPath = GetMediaPublicUrl(relativePath, file.GetName()) }).ToList(); } ///

/// Creates a media folder. ///

/// The path where to create the new folder. null means root. /// The name of the folder to be created. public void CreateFolder(string relativePath, string folderName) { Argument.ThrowIfNullOrEmpty(folderName, "folderName"); _storageProvider.CreateFolder(relativePath == null ? folderName : _storageProvider.Combine(relativePath, folderName)); } ///

/// Deletes a media folder. ///

/// The path to the folder to be deleted. public void DeleteFolder(string folderPath) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); _storageProvider.DeleteFolder(folderPath); } ///

/// Renames a media folder. ///

/// The path to the folder to be renamed. /// The new folder name. public void RenameFolder(string folderPath, string newFolderName) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNullOrEmpty(newFolderName, "newFolderName"); _storageProvider.RenameFolder(folderPath, _storageProvider.Combine(Path.GetDirectoryName(folderPath), newFolderName)); } ///

/// Deletes a media file. ///

/// The folder path. /// The file name. public void DeleteFile(string folderPath, string fileName) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNullOrEmpty(fileName, "fileName"); _storageProvider.DeleteFile(_storageProvider.Combine(folderPath, fileName)); } ///

/// Renames a media file. ///

/// The path to the file's parent folder. /// The current file name. /// The new file name. public void RenameFile(string folderPath, string currentFileName, string newFileName) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNullOrEmpty(currentFileName, "currentFileName"); Argument.ThrowIfNullOrEmpty(newFileName, "newFileName"); if (!FileAllowed(newFileName, false)) { if (string.IsNullOrEmpty(Path.GetExtension(newFileName))) { throw new ArgumentException(T("New file name \"{0}\" is not allowed. Please provide a file extension.", newFileName).ToString()); } throw new ArgumentException(T("New file name \"{0}\" is not allowed.", newFileName).ToString()); } _storageProvider.RenameFile(_storageProvider.Combine(folderPath, currentFileName), _storageProvider.Combine(folderPath, newFileName)); } ///

/// Moves a media file. ///

/// The file name. /// The path to the file's parent folder. /// The path where the file will be moved to. public void MoveFile(string fileName, string currentPath, string newPath) { Argument.ThrowIfNullOrEmpty(currentPath, "currentPath"); Argument.ThrowIfNullOrEmpty(newPath, "newPath"); Argument.ThrowIfNullOrEmpty(fileName, "fileName"); _storageProvider.RenameFile(_storageProvider.Combine(currentPath, fileName), _storageProvider.Combine(newPath, fileName)); } ///

/// Uploads a media file based on a posted file. ///

/// The path to the folder where to upload the file. /// The file to upload. /// Boolean value indicating weather zip files should be extracted. /// The path to the uploaded file. public string UploadMediaFile(string folderPath, HttpPostedFileBase postedFile, bool extractZip) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNull(postedFile, "postedFile"); return UploadMediaFile(folderPath, Path.GetFileName(postedFile.FileName), postedFile.InputStream, extractZip); } ///

/// Uploads a media file based on an array of bytes. ///

/// The path to the folder where to upload the file. /// The file name. /// The array of bytes with the file's contents. /// Boolean value indicating weather zip files should be extracted. /// The path to the uploaded file. public string UploadMediaFile(string folderPath, string fileName, byte[] bytes, bool extractZip) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNullOrEmpty(fileName, "fileName"); Argument.ThrowIfNull(bytes, "bytes"); return UploadMediaFile(folderPath, fileName, new MemoryStream(bytes), extractZip); } ///

/// Uploads a media file based on a stream. ///

/// The folder path to where to upload the file. /// The file name. /// The stream with the file's contents. /// Boolean value indicating weather zip files should be extracted. /// The path to the uploaded file. public string UploadMediaFile(string folderPath, string fileName, Stream inputStream, bool extractZip) { Argument.ThrowIfNullOrEmpty(folderPath, "folderPath"); Argument.ThrowIfNullOrEmpty(fileName, "fileName"); Argument.ThrowIfNull(inputStream, "inputStream"); if (extractZip && IsZipFile(Path.GetExtension(fileName))) { UnzipMediaFileArchive(folderPath, inputStream); // Don't save the zip file. return _storageProvider.GetPublicUrl(folderPath); } if (!FileAllowed(fileName, true)) { var currentSite = _orchardServices.WorkContext.CurrentSite; var mediaSettings = currentSite.As(); throw new ArgumentException(T("Could not upload file {0}. Supported file types are {1}.", fileName, mediaSettings.UploadAllowedFileTypeWhitelist).Text); } string filePath = _storageProvider.Combine(folderPath, fileName); _storageProvider.SaveStream(filePath, inputStream); return _storageProvider.GetPublicUrl(filePath); } ///

/// Verifies if a file is allowed based on its name and the policies defined by the black / white lists. ///

/// The posted file /// True if the file is allowed; false if otherwise. public bool FileAllowed(HttpPostedFileBase postedFile) { if (postedFile == null) { return false; } return FileAllowed(postedFile.FileName, true); } ///

/// Verifies if a file is allowed based on its name and the policies defined by the black / white lists. ///

/// The file name of the file to validate. /// Boolean value indicating weather zip files are allowed. /// True if the file is allowed; false if otherwise. public bool FileAllowed(string fileName, bool allowZip) { string localFileName = GetFileName(fileName); string extension = GetExtension(localFileName); if (string.IsNullOrEmpty(localFileName) || string.IsNullOrEmpty(extension)) { return false; } ISite currentSite = _orchardServices.WorkContext.CurrentSite; IUser currentUser = _orchardServices.WorkContext.CurrentUser; // zip files at the top level are allowed since this is how you upload multiple files at once. if (IsZipFile(extension)) { return allowZip; } // whitelist does not apply to the superuser if (currentUser == null || !currentSite.SuperUser.Equals(currentUser.UserName, StringComparison.Ordinal)) { // must be in the whitelist MediaSettingsPart mediaSettings = currentSite.As(); if (mediaSettings == null) { return false; } if (String.IsNullOrWhiteSpace(mediaSettings.UploadAllowedFileTypeWhitelist)) { return true; } if (!mediaSettings.UploadAllowedFileTypeWhitelist.ToUpperInvariant().Split(' ').Contains(extension.ToUpperInvariant())) { return false; } } // blacklist always applies if (string.Equals(localFileName, "web.config", StringComparison.OrdinalIgnoreCase)) { return false; } return true; } ///

/// Unzips a media archive file. ///

/// The folder where to unzip the file. /// The archive file stream. protected void UnzipMediaFileArchive(string targetFolder, Stream zipStream) { Argument.ThrowIfNullOrEmpty(targetFolder, "targetFolder"); Argument.ThrowIfNull(zipStream, "zipStream"); using (var fileInflater = new ZipArchive(zipStream)) { // We want to preserve whatever directory structure the zip file contained instead // of flattening it. // The API below doesn't necessarily return the entries in the zip file in any order. // That means the files in subdirectories can be returned as entries from the stream // before the directories that contain them, so we create directories as soon as first // file below their path is encountered. foreach (var entry in fileInflater.Entries) { if (entry == null) { continue; } if (!string.IsNullOrEmpty(entry.Name)) { // skip disallowed files if (FileAllowed(entry.Name, false)) { string fullFileName = _storageProvider.Combine(targetFolder, entry.FullName); using (var stream = entry.Open()) { // the call will return false if the file already exists if (!_storageProvider.TrySaveStream(fullFileName, stream)) { // try to delete the file and save again try { _storageProvider.DeleteFile(fullFileName); _storageProvider.TrySaveStream(fullFileName, stream); } catch (ArgumentException) { // ignore the exception as the file doesn't exist } } } } } } } } ///

/// Determines if a file is a Zip Archive based on its extension. ///

/// The extension of the file to analyze. /// True if the file is a Zip archive; false otherwise. private static bool IsZipFile(string extension) { return string.Equals(extension.TrimStart('.'), "zip", StringComparison.OrdinalIgnoreCase); } private static string GetFileName(string fileName) { return Path.GetFileName(fileName).Trim(); } private static string GetExtension(string fileName) { return Path.GetExtension(fileName).Trim().TrimStart('.'); } } }