Jackett/src/Jackett.Server/Controllers/DownloadController.cs

using System;
using System.Text;
using System.Threading.Tasks;
using BencodeNET.Objects;
using BencodeNET.Parsing;
using Jackett.Common.Models.Config;
using Jackett.Common.Services.Interfaces;
using Jackett.Common.Utils;
using Jackett.Server.ActionFilters;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.WebUtilities;
using NLog;

namespace Jackett.Server.Controllers
{
    [AllowAnonymous]
    [DownloadActionFilter]
    [ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
    [Route("dl/{indexerID}")]
    public class DownloadController : Controller
    {
        private ServerConfig serverConfig;
        private Logger logger;
        private IIndexerManagerService indexerService;
        private IProtectionService protectionService;

        public DownloadController(IIndexerManagerService i, Logger l, IProtectionService ps, ServerConfig sConfig)
        {
            serverConfig = sConfig;
            logger = l;
            indexerService = i;
            protectionService = ps;
        }

        [HttpGet]
        public async Task<IActionResult> Download(string indexerID, string path, string jackett_apikey, string file)
        {
            try
            {
                if (serverConfig.APIKey != jackett_apikey)
                    return Unauthorized();

                var indexer = indexerService.GetWebIndexer(indexerID);

                if (!indexer.IsConfigured)
                {
                    logger.Warn(string.Format("Rejected a request to {0} which is unconfigured.", indexer.DisplayName));
                    return Forbid("This indexer is not configured.");
                }

                path = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(path));
                path = protectionService.UnProtect(path);

                var target = new Uri(path, UriKind.RelativeOrAbsolute);
                var downloadBytes = await indexer.Download(target);

                // handle magnet URLs
                if (downloadBytes.Length >= 7
                    && downloadBytes[0] == 0x6d // m
                    && downloadBytes[1] == 0x61 // a
                    && downloadBytes[2] == 0x67 // g
                    && downloadBytes[3] == 0x6e // n
                    && downloadBytes[4] == 0x65 // e
                    && downloadBytes[5] == 0x74 // t
                    && downloadBytes[6] == 0x3a // :
                    )
                {
                    // some sites provide magnet links with non-ascii characters, the only way to be sure the url
                    // is well encoded is to unscape and escape again
                    // https://github.com/Jackett/Jackett/issues/5372
                    // https://github.com/Jackett/Jackett/issues/4761
                    var magneturi = Uri.EscapeUriString(Uri.UnescapeDataString(Encoding.UTF8.GetString(downloadBytes)));
                    return Redirect(magneturi);
                }

                // This will fix torrents where the keys are not sorted, and thereby not supported by Sonarr.
                byte[] sortedDownloadBytes = null;
                try
                {
                    var parser = new BencodeParser();
                    var torrentDictionary = parser.Parse(downloadBytes);
                    sortedDownloadBytes = torrentDictionary.EncodeAsBytes();
                }
                catch (Exception e)
                {
                    var content = indexer.Encoding.GetString(downloadBytes);
                    logger.Error(content);
                    throw new Exception("BencodeParser failed", e);
                }

                string fileName = StringUtil.MakeValidFileName(file, '_', false) + ".torrent"; // call MakeValidFileName again to avoid any kind of injection attack

                return File(sortedDownloadBytes, "application/x-bittorrent", fileName);
            }
            catch (Exception e)
            {
                logger.Error(e, "Error downloading " + indexerID + " " + path);
                return NotFound();
            }
        }
    }
}
-												core: Sort and remove usings (#7159)


											
										
										
											2020-02-09 18:08:34 +00:00
+								using System;
 								using System.Text;
 								using System.Threading.Tasks;
 								using BencodeNET.Objects;
-												Package update (#6916)

4 packages updated -> Jackett is now using the latest version of all packages except for AutoMapper -> Will have a go at that another day -> There is a few changes needed

-Minor code changes made to support newer version of YamlDotNet and BencodeNET
-Logic update for AssemblyName as I've been experiencing restore 'weirdness'  https://stackoverflow.com/questions/208084/how-to-use-a-different-assembly-name-for-different-configurations
											
										
										
											2020-01-11 18:04:24 +00:00
+								using BencodeNET.Parsing;
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								using Jackett.Common.Models.Config;
 								using Jackett.Common.Services.Interfaces;
 								using Jackett.Common.Utils;
-												core: Sort and remove usings (#7159)


											
										
										
											2020-02-09 18:08:34 +00:00
+								using Jackett.Server.ActionFilters;
-												Add Authorization

											
										
										
											2018-05-12 02:44:47 +00:00
+								using Microsoft.AspNetCore.Authorization;
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								using Microsoft.AspNetCore.Mvc;
 								using Microsoft.AspNetCore.WebUtilities;
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								using NLog;
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								namespace Jackett.Server.Controllers
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								{
-												Add Authorization

											
										
										
											2018-05-12 02:44:47 +00:00
+								    [AllowAnonymous]
-												core: add rss url decode in download controller. resolves #4617 #6589 #4760 #6397 #5752 (#6936)


											
										
										
											2020-01-12 18:14:36 +00:00
+								    [DownloadActionFilter]
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								    [ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
 								    [Route("dl/{indexerID}")]
 								    public class DownloadController : Controller
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								    {
-												core: security fix, authorization first in download / blackhole links (#6825)


											
										
										
											2020-01-05 06:41:01 +00:00
+								        private ServerConfig serverConfig;
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								        private Logger logger;
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								        private IIndexerManagerService indexerService;
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								        private IProtectionService protectionService;
-												core: security fix, authorization first in download / blackhole links (#6825)


											
										
										
											2020-01-05 06:41:01 +00:00
+								        public DownloadController(IIndexerManagerService i, Logger l, IProtectionService ps, ServerConfig sConfig)
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								        {
-												core: security fix, authorization first in download / blackhole links (#6825)


											
										
										
											2020-01-05 06:41:01 +00:00
+								            serverConfig = sConfig;
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								            logger = l;
 								            indexerService = i;
 								            protectionService = ps;
 								        }
 								        [HttpGet]
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								        public async Task<IActionResult> Download(string indexerID, string path, string jackett_apikey, string file)
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								        {
 								            try
 								            {
-												core: security fix, authorization first in download / blackhole links (#6825)


											
										
										
											2020-01-05 06:41:01 +00:00
+								                if (serverConfig.APIKey != jackett_apikey)
 								                    return Unauthorized();
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								                var indexer = indexerService.GetWebIndexer(indexerID);
 								                if (!indexer.IsConfigured)
 								                {
 								                    logger.Warn(string.Format("Rejected a request to {0} which is unconfigured.", indexer.DisplayName));
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								                    return Forbid("This indexer is not configured.");
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								                }
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								                path = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(path));
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								                path = protectionService.UnProtect(path);
 								                var target = new Uri(path, UriKind.RelativeOrAbsolute);
 								                var downloadBytes = await indexer.Download(target);
 								                // handle magnet URLs
 								                if (downloadBytes.Length >= 7
 								                    && downloadBytes[0] == 0x6d // m
 								                    && downloadBytes[1] == 0x61 // a
 								                    && downloadBytes[2] == 0x67 // g
 								                    && downloadBytes[3] == 0x6e // n
 								                    && downloadBytes[4] == 0x65 // e
 								                    && downloadBytes[5] == 0x74 // t
 								                    && downloadBytes[6] == 0x3a // :
 								                    )
 								                {
-												core: fix magnet link encoding. resolves #5372 #4761 (#6824)


											
										
										
											2020-01-05 06:31:32 +00:00
+								                    // some sites provide magnet links with non-ascii characters, the only way to be sure the url
 								                    // is well encoded is to unscape and escape again
 								                    // https://github.com/Jackett/Jackett/issues/5372
 								                    // https://github.com/Jackett/Jackett/issues/4761
 								                    var magneturi = Uri.EscapeUriString(Uri.UnescapeDataString(Encoding.UTF8.GetString(downloadBytes)));
 								                    return Redirect(magneturi);
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								                }
 								                // This will fix torrents where the keys are not sorted, and thereby not supported by Sonarr.
-												improve BEncode error handling: Pull in changes from master

3468e7d40428f88537015096ed014d5d1bb8844e

											
										
										
											2018-06-16 08:40:31 +00:00
+								                byte[] sortedDownloadBytes = null;
 								                try
 								                {
 								                    var parser = new BencodeParser();
 								                    var torrentDictionary = parser.Parse(downloadBytes);
 								                    sortedDownloadBytes = torrentDictionary.EncodeAsBytes();
 								                }
 								                catch (Exception e)
 								                {
 								                    var content = indexer.Encoding.GetString(downloadBytes);
 								                    logger.Error(content);
 								                    throw new Exception("BencodeParser failed", e);
 								                }
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								                string fileName = StringUtil.MakeValidFileName(file, '_', false) + ".torrent"; // call MakeValidFileName again to avoid any kind of injection attack
 								                return File(sortedDownloadBytes, "application/x-bittorrent", fileName);
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								            }
 								            catch (Exception e)
 								            {
 								                logger.Error(e, "Error downloading " + indexerID + " " + path);
-												Refactor controllers for ASP.NET Core (Authentication disabled for now)

											
										
										
											2018-05-01 12:55:09 +00:00
+								                return NotFound();
-												Copy controllers untouced from Jackett project

											
										
										
											2018-05-01 12:03:16 +00:00
+								            }
 								        }
 								    }
 								}