dotnet core web api : generate sub-webs for users
-
First of all, the code is super insecure. This code allows anyone to hit a URL on my web site and create a user directory and one html file (which I fill in with their user name). ** EDIT ** I've implemented SSL on the site (as of 2018-04-25) so you can use the HTTPS version to try it if you like: https://newlibre.com[^] ** END EDIT ** Usage I've posted this at my web site : NewLibre.com[^] To try it out you just hit : http://newlibre.com/api/values/ where is a string representing the user name you'd like to create. It cannot include characters that don't work in a directory (because it creates a directory based upon your user name). Sample Here's a sample you can try : http://newlibre.com/api/values/superstar If someone gets there before you, it simply notices that the directory and file is already created and redirects you there. What Happens When you navigate to the URL (get) the system: 1. creates a directory under my web site named after your username 2. generates a default html file with your user name in it 3. redirects you to the newly created page and loads it. I'm Being Absurd Isn't this absurd!?! I'm letting you navigate to a URL and generate a new folder and html page on my web server. I know this opens me up for everyone create a new folder and just being mean-spirited but this is a prototype and I'm amazed at how simple the code is. Also, they are created in a subdir and I will just delete the subdir. :) I hope you find this interesting (and Weird & Wonderful). This Is all The code it takes to do that
[HttpGet("{userName}")]
public HttpResponse Get(string userName)
{
var currentDir = Directory.GetCurrentDirectory();
DirectoryInfo di = Directory.CreateDirectory(Path.Combine(currentDir,@"wwwroot\allUsers\",userName));
string allHtml = $"newlibre\\{userName}newlibre\\{userName}";
string htmlFileName = Path.Combine(di.FullName, $"{userName}.htm");
if (!System.IO.File.Exists(htmlFileName))
{
System.IO.File.AppendAllText(htmlFileName, allHtml);
}
vYou might want to check for invalid file name characters in the username. At the moment, I suspect it might be possible to use some version of "..\" to put files in a parent folder. I've tried a couple of versions which don't seem to have worked. But if you see a "test" folder and "test.htm" file in your "wwwroot" folder, then it's trivial to hack. :)
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
"These people looked deep within my soul and assigned me a number based on the order in which I joined" - Homer
-
You might want to check for invalid file name characters in the username. At the moment, I suspect it might be possible to use some version of "..\" to put files in a parent folder. I've tried a couple of versions which don't seem to have worked. But if you see a "test" folder and "test.htm" file in your "wwwroot" folder, then it's trivial to hack. :)
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I looked and I don't see any new ones, but I will definitely implement some checks against that. Thanks for mentioning it. I was able to create one with spaces in it like: http://newlibre.com/api/values/this is a good test Wow.
-
First of all, the code is super insecure. This code allows anyone to hit a URL on my web site and create a user directory and one html file (which I fill in with their user name). ** EDIT ** I've implemented SSL on the site (as of 2018-04-25) so you can use the HTTPS version to try it if you like: https://newlibre.com[^] ** END EDIT ** Usage I've posted this at my web site : NewLibre.com[^] To try it out you just hit : http://newlibre.com/api/values/ where is a string representing the user name you'd like to create. It cannot include characters that don't work in a directory (because it creates a directory based upon your user name). Sample Here's a sample you can try : http://newlibre.com/api/values/superstar If someone gets there before you, it simply notices that the directory and file is already created and redirects you there. What Happens When you navigate to the URL (get) the system: 1. creates a directory under my web site named after your username 2. generates a default html file with your user name in it 3. redirects you to the newly created page and loads it. I'm Being Absurd Isn't this absurd!?! I'm letting you navigate to a URL and generate a new folder and html page on my web server. I know this opens me up for everyone create a new folder and just being mean-spirited but this is a prototype and I'm amazed at how simple the code is. Also, they are created in a subdir and I will just delete the subdir. :) I hope you find this interesting (and Weird & Wonderful). This Is all The code it takes to do that
[HttpGet("{userName}")]
public HttpResponse Get(string userName)
{
var currentDir = Directory.GetCurrentDirectory();
DirectoryInfo di = Directory.CreateDirectory(Path.Combine(currentDir,@"wwwroot\allUsers\",userName));
string allHtml = $"newlibre\\{userName}newlibre\\{userName}";
string htmlFileName = Path.Combine(di.FullName, $"{userName}.htm");
if (!System.IO.File.Exists(htmlFileName))
{
System.IO.File.AppendAllText(htmlFileName, allHtml);
}
vIt works ! but I would like a funny picture in the created website :-\
-
It works ! but I would like a funny picture in the created website :-\
I've implemented your idea. A funny pic...ala the daily dilbert.com your page will now look like: https://i.stack.imgur.com/rXxXB.png^ The new template that is created loads the daily dilbert strip!! I hope you find that quite cool. Also, if you type a dilbert.com daily strip link and click the button it will get that one and display it on your page (ie link will be like http://dilbert.com/2018-04-01) I've deleted the old user directories so try creating yours again and you will see this. :)
-
I've implemented your idea. A funny pic...ala the daily dilbert.com your page will now look like: https://i.stack.imgur.com/rXxXB.png^ The new template that is created loads the daily dilbert strip!! I hope you find that quite cool. Also, if you type a dilbert.com daily strip link and click the button it will get that one and display it on your page (ie link will be like http://dilbert.com/2018-04-01) I've deleted the old user directories so try creating yours again and you will see this. :)
-
Approved !
That was cool you tried it. Thanks.:thumbsup: It's just some funny code I've been thinking of for a long while and the dotnet core stuff really does make this easier. Along with Visual Studio and the built-in deployment and my web host (smarterasp.net) it's pretty amazing.
-
That was cool you tried it. Thanks.:thumbsup: It's just some funny code I've been thinking of for a long while and the dotnet core stuff really does make this easier. Along with Visual Studio and the built-in deployment and my web host (smarterasp.net) it's pretty amazing.
I have not yet done much with .NET Core, but it has my attention. Recently I found out how to build (publish) and version .NET Core projects in a simple way on our builder as my colleagues had made some projects, took me some time to figure that out :) If you are interested, there's a tip about the versioning trick ...
-
I have not yet done much with .NET Core, but it has my attention. Recently I found out how to build (publish) and version .NET Core projects in a simple way on our builder as my colleagues had made some projects, took me some time to figure that out :) If you are interested, there's a tip about the versioning trick ...
-
I have not yet done much with .NET Core, but it has my attention. Recently I found out how to build (publish) and version .NET Core projects in a simple way on our builder as my colleagues had made some projects, took me some time to figure that out :) If you are interested, there's a tip about the versioning trick ...
Hey, I deleted your folder/web again so you can try it again. Now it: creates the user's page named as index.htm so the user will have a shorter URL to get to for their web page (http://newlibre.com/allUsers/RickZeeland) will work when you create it again. Also, you can try creating it using the text box and button on the main page (newlibre.com[^]. If you get a chance. Thanks.
-
Hey, I deleted your folder/web again so you can try it again. Now it: creates the user's page named as index.htm so the user will have a shorter URL to get to for their web page (http://newlibre.com/allUsers/RickZeeland) will work when you create it again. Also, you can try creating it using the text box and button on the main page (newlibre.com[^]. If you get a chance. Thanks.
Nice landing page, filled in my name there and that worked too :) newlibre.com/allUsers/RickZeeland/[]
-
Nice landing page, filled in my name there and that worked too :) newlibre.com/allUsers/RickZeeland/[]
-
RickZeeland wrote:
Nice landing page,
Thanks and thanks for trying it out again. :thumbsup:
Here's a tulip for you which I photographed today: OneDrive - Tulips.[^] You have my permission to publish it on your website :-\
-
First of all, the code is super insecure. This code allows anyone to hit a URL on my web site and create a user directory and one html file (which I fill in with their user name). ** EDIT ** I've implemented SSL on the site (as of 2018-04-25) so you can use the HTTPS version to try it if you like: https://newlibre.com[^] ** END EDIT ** Usage I've posted this at my web site : NewLibre.com[^] To try it out you just hit : http://newlibre.com/api/values/ where is a string representing the user name you'd like to create. It cannot include characters that don't work in a directory (because it creates a directory based upon your user name). Sample Here's a sample you can try : http://newlibre.com/api/values/superstar If someone gets there before you, it simply notices that the directory and file is already created and redirects you there. What Happens When you navigate to the URL (get) the system: 1. creates a directory under my web site named after your username 2. generates a default html file with your user name in it 3. redirects you to the newly created page and loads it. I'm Being Absurd Isn't this absurd!?! I'm letting you navigate to a URL and generate a new folder and html page on my web server. I know this opens me up for everyone create a new folder and just being mean-spirited but this is a prototype and I'm amazed at how simple the code is. Also, they are created in a subdir and I will just delete the subdir. :) I hope you find this interesting (and Weird & Wonderful). This Is all The code it takes to do that
[HttpGet("{userName}")]
public HttpResponse Get(string userName)
{
var currentDir = Directory.GetCurrentDirectory();
DirectoryInfo di = Directory.CreateDirectory(Path.Combine(currentDir,@"wwwroot\allUsers\",userName));
string allHtml = $"newlibre\\{userName}newlibre\\{userName}";
string htmlFileName = Path.Combine(di.FullName, $"{userName}.htm");
if (!System.IO.File.Exists(htmlFileName))
{
System.IO.File.AppendAllText(htmlFileName, allHtml);
}
v -
myspace.com v2?
englebart wrote:
myspace.com v2?
:laugh: Maybe even v2.5 or v3.0. :)
-
First of all, the code is super insecure. This code allows anyone to hit a URL on my web site and create a user directory and one html file (which I fill in with their user name). ** EDIT ** I've implemented SSL on the site (as of 2018-04-25) so you can use the HTTPS version to try it if you like: https://newlibre.com[^] ** END EDIT ** Usage I've posted this at my web site : NewLibre.com[^] To try it out you just hit : http://newlibre.com/api/values/ where is a string representing the user name you'd like to create. It cannot include characters that don't work in a directory (because it creates a directory based upon your user name). Sample Here's a sample you can try : http://newlibre.com/api/values/superstar If someone gets there before you, it simply notices that the directory and file is already created and redirects you there. What Happens When you navigate to the URL (get) the system: 1. creates a directory under my web site named after your username 2. generates a default html file with your user name in it 3. redirects you to the newly created page and loads it. I'm Being Absurd Isn't this absurd!?! I'm letting you navigate to a URL and generate a new folder and html page on my web server. I know this opens me up for everyone create a new folder and just being mean-spirited but this is a prototype and I'm amazed at how simple the code is. Also, they are created in a subdir and I will just delete the subdir. :) I hope you find this interesting (and Weird & Wonderful). This Is all The code it takes to do that
[HttpGet("{userName}")]
public HttpResponse Get(string userName)
{
var currentDir = Directory.GetCurrentDirectory();
DirectoryInfo di = Directory.CreateDirectory(Path.Combine(currentDir,@"wwwroot\allUsers\",userName));
string allHtml = $"newlibre\\{userName}newlibre\\{userName}";
string htmlFileName = Path.Combine(di.FullName, $"{userName}.htm");
if (!System.IO.File.Exists(htmlFileName))
{
System.IO.File.AppendAllText(htmlFileName, allHtml);
}
vWhile interesting, it just occurred to me:
var newUrl = "http://" +Creating sub-webs for users won't work if you use https unless you use a wildcard cert, and I think (as an example) LetsEncrypt only supports 100 subdomains? Still it would be possible to create the cert on the fly using LetEncrypt. Hmmm...interesting...might be an interesting but off the beaten path article. Just up my alley! :)Latest Article - Building a Prototype Web-Based Diagramming Tool with SVG and Javascript Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny Artificial intelligence is the only remedy for natural stupidity. - CDP1802
-
While interesting, it just occurred to me:
var newUrl = "http://" +Creating sub-webs for users won't work if you use https unless you use a wildcard cert, and I think (as an example) LetsEncrypt only supports 100 subdomains? Still it would be possible to create the cert on the fly using LetEncrypt. Hmmm...interesting...might be an interesting but off the beaten path article. Just up my alley! :)Latest Article - Building a Prototype Web-Based Diagramming Tool with SVG and Javascript Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny Artificial intelligence is the only remedy for natural stupidity. - CDP1802
Yeah since I implemented httpS I changed the code a lot but didn't repost because it was getting so long. The sun page is httpS also but the retrieval of the Dilbert comic is via http so browsers do complain for that reason. Can't be helped though because Dilbert site has no httpS alternative. FYI that URL is built up using location.protocol and other JavaScript to build it properly now whether user in http or https.
