Initial commit

5 files changed, 556 insertions, 0 deletions

diff --git a/middleware/checkexception.php b/middleware/checkexception.php
new file mode 100644
index 00000000..3fa64ee9
--- /dev/null
+++ b/middleware/checkexception.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * ownCloud - galleryplus
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Olivier Paroz <owncloud@interfasys.ch>
+ *
+ * @copyright Olivier Paroz 2014-2015
+ */
+
+namespace OCA\GalleryPlus\Middleware;
+
+/**
+ * Thrown when one of the tests in the "check" middlewares fails
+ *
+ * @package OCA\GalleryPlus\Middleware
+ */
+class CheckException extends \Exception {
+
+	/**
+	 * Constructor
+	 *
+	 * @param string $msg the message contained in the exception
+	 * @param int $code the HTTP status code
+	 */
+	public function __construct($msg, $code = 0) {
+		parent::__construct($msg, $code);
+	}
+
+}
diff --git a/middleware/checkmiddleware.php b/middleware/checkmiddleware.php
new file mode 100644
index 00000000..e10c41b6
--- /dev/null
+++ b/middleware/checkmiddleware.php
@@ -0,0 +1,160 @@
+<?php
+/**
+ * ownCloud - galleryplus
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Olivier Paroz <owncloud@interfasys.ch>
+ * @author Bernhard Posselt <dev@bernhard-posselt.com>
+ *
+ * @copyright Olivier Paroz 2014-2015
+ * @copyright Bernhard Posselt 2012-2015
+ */
+
+namespace OCA\GalleryPlus\Middleware;
+
+use OCP\IURLGenerator;
+use OCP\ILogger;
+use OCP\IRequest;
+
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Middleware;
+
+/**
+ * Checks that we have a valid token linked to a valid resource and that the
+ * user is authorised to access it
+ *
+ * @package OCA\GalleryPlus\Middleware
+ */
+abstract class CheckMiddleware extends Middleware {
+
+	/**
+	 * @type string
+	 */
+	protected $appName;
+	/**
+	 * @type IRequest
+	 */
+	protected $request;
+	/**
+	 * @type IURLGenerator
+	 */
+	private $urlGenerator;
+	/**
+	 * @type ILogger
+	 */
+	private $logger;
+
+	/***
+	 * Constructor
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IURLGenerator $urlGenerator
+	 * @param ILogger $logger
+	 */
+	public function __construct(
+		$appName,
+		IRequest $request,
+		IURLGenerator $urlGenerator,
+		ILogger $logger
+	) {
+		$this->appName = $appName;
+		$this->request = $request;
+		$this->urlGenerator = $urlGenerator;
+		$this->logger = $logger;
+	}
+
+	/**
+	 * If a CheckException is being caught, ajax requests return a JSON
+	 * error response and non ajax requests redirect an error page
+	 *
+	 * @inheritDoc
+	 */
+	public function afterException(
+		$controller, $methodName, \Exception $exception
+	) {
+		if ($exception instanceof CheckException) {
+			$appName = $this->appName;
+			$message = $exception->getMessage();
+			$code = $exception->getCode();
+
+			$this->logger->debug(
+				"[TokenCheckException] {message} ({code})",
+				array(
+					'app'     => $appName,
+					'message' => $message,
+					'code'    => $code
+				)
+			);
+
+			if (stripos($this->request->getHeader('Accept'), 'html') === false
+			) {
+				$response = new JSONResponse(
+					array(
+						'message' => $message,
+						'success' => false
+					),
+					$code
+				);
+
+				$this->logger->debug(
+					"[TokenCheckException] JSON response",
+					array(
+						'app' => $appName
+					)
+				);
+
+			} else {
+				$this->logger->debug(
+					"[CheckException] HTML response",
+					array(
+						'app' => $appName
+					)
+				);
+
+				if ($code === 401) {
+					$params = $this->request->getParams();
+
+					$this->logger->debug(
+						'[CheckException] Unauthorised Request params: {params}',
+						array(
+							'app'    => $appName,
+							'params' => $params
+						)
+					);
+
+					/**
+					 * We need to render a template or we'll have an endless
+					 * loop as this is called before the controller can render
+					 * a template
+					 */
+					return new TemplateResponse(
+						$appName, 'authenticate', $params,
+						'guest'
+					);
+
+				} else {
+					$url = $this->urlGenerator->linkToRoute(
+						$this->appName . '.page.error_page',
+						array(
+							'message' => $message,
+							'code'    => $code
+						)
+					);
+				}
+
+				$response = new RedirectResponse($url);
+			}
+
+			return $response;
+		}
+
+		throw $exception;
+	}
+
+}
\ No newline at end of file
diff --git a/middleware/sessionmiddleware.php b/middleware/sessionmiddleware.php
new file mode 100644
index 00000000..9e351e26
--- /dev/null
+++ b/middleware/sessionmiddleware.php
@@ -0,0 +1,108 @@
+<?php
+/**
+ * ownCloud - Gallery plus
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Thomas Müller <deepdiver@owncloud.com>
+ * @author Olivier Paroz <owncloud@interfasys.ch>
+ *
+ * @copyright Thomas Müller 2014-2015
+ * @copyright Olivier Paroz 2014-2015
+ */
+
+namespace OCA\GalleryPlus\Middleware;
+
+// FIXME: Private API. Fix only available in OC8
+use \OC\AppFramework\Utility\ControllerMethodReflector;
+
+use OCP\IRequest;
+use OCP\ISession;
+use OCP\ILogger;
+
+use OCP\AppFramework\Http\Response;
+use OCP\AppFramework\Middleware;
+
+
+/**
+ * Closes the session unless a controller methods specifically asks for it to
+ * stay open
+ *
+ * @package OCA\GalleryPlus\Middleware
+ */
+class SessionMiddleware extends Middleware {
+
+	/**
+	 * @type IRequest
+	 */
+	private $request;
+	/**
+	 * @type ControllerMethodReflector
+	 */
+	private $reflector;
+
+	/**
+	 * @type ISession
+	 */
+	private $session;
+	/**
+	 * @type ILogger
+	 */
+	private $logger;
+
+	/**
+	 * @param IRequest $request
+	 * @param ControllerMethodReflector $reflector
+	 * @param ISession $session
+	 * @param ILogger $logger
+	 */
+	public function __construct(
+		IRequest $request,
+		ControllerMethodReflector $reflector,
+		ISession $session,
+		ILogger $logger
+	) {
+		$this->request = $request;
+		$this->reflector = $reflector;
+		$this->session = $session;
+		$this->logger = $logger;
+	}
+
+	/**
+	 * Closes the session BEFORE calling the controller unless the method
+	 * contains @UseSession
+	 *
+	 * @inheritDoc
+	 */
+	public function beforeController($controller, $methodName) {
+		// This needs to be done here as the Dispatcher does not call our reflector
+		$this->reflector->reflect($controller, $methodName);
+
+		$useSession = $this->reflector->hasAnnotation('UseSession');
+		if (!$useSession) {
+			$this->session->close();
+		}
+	}
+
+	/**
+	 * Closes the session AFTER calling the controller unless the method
+	 * contains @UseSession
+	 *
+	 * @inheritDoc
+	 */
+	public function afterController(
+		$controller,
+		$methodName,
+		Response $response
+	) {
+		$useSession = $this->reflector->hasAnnotation('UseSession');
+
+		if ($useSession) {
+			$this->session->close();
+		}
+
+		return $response;
+	}
+
+}
diff --git a/middleware/sharingcheckmiddleware.php b/middleware/sharingcheckmiddleware.php
new file mode 100644
index 00000000..a39f3940
--- /dev/null
+++ b/middleware/sharingcheckmiddleware.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * ownCloud - galleryplus
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Lukas Reschke <lukas@owncloud.com>
+ * @author Olivier Paroz <owncloud@interfasys.ch>
+ *
+ * @copyright Lukas Reschke 2014-2015
+ * @copyright Olivier Paroz 2014-2015
+ */
+
+namespace OCA\GalleryPlus\Middleware;
+
+// FIXME: Private API. Fix only available in OC8
+use \OC\AppFramework\Utility\ControllerMethodReflector;
+
+use OCP\IAppConfig;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\ILogger;
+
+use OCP\AppFramework\Http;
+
+/**
+ * Checks whether the "sharing check" is enabled
+ *
+ * @package OCA\Files_Sharing\Middleware
+ */
+class SharingCheckMiddleware extends CheckMiddleware {
+
+	/**
+	 * @type IAppConfig
+	 * */
+	private $appConfig;
+	/**
+	 * @type ControllerMethodReflector
+	 */
+	protected $reflector;
+
+	/***
+	 * Constructor
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IAppConfig $appConfig
+	 * @param ControllerMethodReflector $reflector
+	 * @param IURLGenerator $urlGenerator
+	 * @param ILogger $logger
+	 */
+	public function __construct(
+		$appName,
+		IRequest $request,
+		IAppConfig $appConfig,
+		ControllerMethodReflector $reflector,
+		IURLGenerator $urlGenerator,
+		ILogger $logger
+	) {
+		parent::__construct(
+			$appName,
+			$request,
+			$urlGenerator,
+			$logger
+		);
+
+		$this->appConfig = $appConfig;
+		$this->reflector = $reflector;
+	}
+
+	/**
+	 * Check if sharing is enabled before the controllers is executed
+	 *
+	 * Inspects the controller method annotations and if PublicPage is found
+	 * it makes sure that sharing is enabled in the configuration settings
+	 *
+	 * The check is not performed on "guest" pages which don't require sharing
+	 * to be enabled
+	 *
+	 * @inheritDoc
+	 */
+	public function beforeController($controller, $methodName) {
+		$sharingEnabled = $this->isSharingEnabled();
+
+		// This needs to be done here as the Dispatcher does not call our reflector
+		$this->reflector->reflect($controller, $methodName);
+
+		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
+		$isGuest = $this->reflector->hasAnnotation('Guest');
+
+		if ($isPublicPage && !$isGuest && !$sharingEnabled) {
+			throw new CheckException(
+				'Sharing is disabled',
+				Http::STATUS_SERVICE_UNAVAILABLE
+			);
+		}
+	}
+
+	/**
+	 * Checks whether sharing is enabled in the OC config
+	 *
+	 * @return bool
+	 */
+	private function isSharingEnabled() {
+		// Check whether public sharing (via links) is enabled
+		if ($this->appConfig->getValue('core', 'shareapi_allow_links', 'yes')
+			!== 'yes'
+		) {
+			return false;
+		}
+
+		return true;
+	}
+
+}
\ No newline at end of file
diff --git a/middleware/tokencheckmiddleware.php b/middleware/tokencheckmiddleware.php
new file mode 100644
index 00000000..0ec4585f
--- /dev/null
+++ b/middleware/tokencheckmiddleware.php
@@ -0,0 +1,139 @@
+<?php
+/**
+ * ownCloud - galleryplus
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Olivier Paroz <owncloud@interfasys.ch>
+ * @author Bernhard Posselt <dev@bernhard-posselt.com>
+ *
+ * @copyright Olivier Paroz 2014-2015
+ * @copyright Bernhard Posselt 2012-2015
+ */
+
+namespace OCA\GalleryPlus\Middleware;
+
+// FIXME: Private API. Fix only available in OC8
+use \OC\AppFramework\Utility\ControllerMethodReflector;
+
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\ILogger;
+
+use OCP\AppFramework\Http;
+
+use OCA\GalleryPlus\Service\EnvironmentService;
+use OCA\GalleryPlus\Service\ServiceException;
+
+
+/**
+ * Checks that we have a valid token linked to a valid resource and that the
+ * user is authorised to access it
+ *
+ * @package OCA\GalleryPlus\Middleware
+ */
+class TokenCheckMiddleware extends CheckMiddleware {
+
+	/**
+	 * @type EnvironmentService
+	 */
+	private $environmentService;
+	/**
+	 * @type ControllerMethodReflector
+	 */
+	protected $reflector;
+
+	/***
+	 * Constructor
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param EnvironmentService $environmentService
+	 * @param ControllerMethodReflector $reflector
+	 * @param IURLGenerator $urlGenerator
+	 * @param ILogger $logger
+	 */
+	public function __construct(
+		$appName,
+		IRequest $request,
+		EnvironmentService $environmentService,
+		ControllerMethodReflector $reflector,
+		IURLGenerator $urlGenerator,
+		ILogger $logger
+	) {
+		parent::__construct(
+			$appName,
+			$request,
+			$urlGenerator,
+			$logger
+		);
+
+		$this->environmentService = $environmentService;
+		$this->reflector = $reflector;
+	}
+
+	/**
+	 * Checks that we have a valid token linked to a valid resource and that the
+	 * user is authorised to access it
+	 *
+	 * Inspects the controller method annotations and if PublicPage is found
+	 * it checks that we have token and an optional password giving access to a
+	 * valid resource
+	 *
+	 * The check is not performed on "guest" pages which don't require a token
+	 *
+	 * @inheritDoc
+	 */
+	public function beforeController($controller, $methodName) {
+		$token = $this->request->getParam('token');
+		$password = $this->request->getParam('password');
+
+		// This needs to be done here as the Dispatcher does not call our reflector
+		$this->reflector->reflect($controller, $methodName);
+
+		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
+		$isGuest = $this->reflector->hasAnnotation('Guest');
+
+		if ($isPublicPage && !$isGuest) {
+			if (!$token) {
+				throw new CheckException(
+					"Can't access a public resource without a token",
+					Http::STATUS_NOT_FOUND
+				);
+			} else { // We have a token
+
+				// Let's see if it's linked to a valid resource
+				try {
+					$this->environmentService->checkToken($token);
+				} catch (ServiceException $exception) {
+					throw new CheckException(
+						$exception->getMessage(),
+						$exception->getCode()
+					);
+				}
+
+				// Let's see if the user needs to provide a password
+				try {
+					$this->environmentService->checkAuthorisation($password);
+				} catch (ServiceException $exception) {
+					throw new CheckException(
+						$exception->getMessage(),
+						$exception->getCode()
+					);
+				}
+
+				// Let's see if we can set up the environment for the controller
+				try {
+					$this->environmentService->setupTokenBasedEnv();
+				} catch (ServiceException $exception) {
+					throw new CheckException(
+						$exception->getMessage(),
+						$exception->getCode()
+					);
+				}
+			}
+		}
+	}
+
+}
\ No newline at end of file