diff options
author | Olivier Paroz <github@oparoz.com> | 2015-01-05 04:45:32 +0300 |
---|---|---|
committer | Olivier Paroz <github@oparoz.com> | 2015-01-05 04:45:32 +0300 |
commit | 1d8fab3f47e79fdc6377fad48c1c4b6cf69bad61 (patch) | |
tree | 4936a6a0da5848342e59c67c30770a91deaf8cab /middleware | |
parent | 64735b0b61eb9a5c2b81c03249ed9107b6957fd8 (diff) |
Initial commit
Diffstat (limited to 'middleware')
-rw-r--r-- | middleware/checkexception.php | 33 | ||||
-rw-r--r-- | middleware/checkmiddleware.php | 160 | ||||
-rw-r--r-- | middleware/sessionmiddleware.php | 108 | ||||
-rw-r--r-- | middleware/sharingcheckmiddleware.php | 116 | ||||
-rw-r--r-- | middleware/tokencheckmiddleware.php | 139 |
5 files changed, 556 insertions, 0 deletions
diff --git a/middleware/checkexception.php b/middleware/checkexception.php new file mode 100644 index 00000000..3fa64ee9 --- /dev/null +++ b/middleware/checkexception.php @@ -0,0 +1,33 @@ +<?php + +/** + * ownCloud - galleryplus + * + * This file is licensed under the Affero General Public License version 3 or + * later. See the COPYING file. + * + * @author Olivier Paroz <owncloud@interfasys.ch> + * + * @copyright Olivier Paroz 2014-2015 + */ + +namespace OCA\GalleryPlus\Middleware; + +/** + * Thrown when one of the tests in the "check" middlewares fails + * + * @package OCA\GalleryPlus\Middleware + */ +class CheckException extends \Exception { + + /** + * Constructor + * + * @param string $msg the message contained in the exception + * @param int $code the HTTP status code + */ + public function __construct($msg, $code = 0) { + parent::__construct($msg, $code); + } + +} diff --git a/middleware/checkmiddleware.php b/middleware/checkmiddleware.php new file mode 100644 index 00000000..e10c41b6 --- /dev/null +++ b/middleware/checkmiddleware.php @@ -0,0 +1,160 @@ +<?php +/** + * ownCloud - galleryplus + * + * This file is licensed under the Affero General Public License version 3 or + * later. See the COPYING file. + * + * @author Olivier Paroz <owncloud@interfasys.ch> + * @author Bernhard Posselt <dev@bernhard-posselt.com> + * + * @copyright Olivier Paroz 2014-2015 + * @copyright Bernhard Posselt 2012-2015 + */ + +namespace OCA\GalleryPlus\Middleware; + +use OCP\IURLGenerator; +use OCP\ILogger; +use OCP\IRequest; + +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\RedirectResponse; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Middleware; + +/** + * Checks that we have a valid token linked to a valid resource and that the + * user is authorised to access it + * + * @package OCA\GalleryPlus\Middleware + */ +abstract class CheckMiddleware extends Middleware { + + /** + * @type string + */ + protected $appName; + /** + * @type IRequest + */ + protected $request; + /** + * @type IURLGenerator + */ + private $urlGenerator; + /** + * @type ILogger + */ + private $logger; + + /*** + * Constructor + * + * @param string $appName + * @param IRequest $request + * @param IURLGenerator $urlGenerator + * @param ILogger $logger + */ + public function __construct( + $appName, + IRequest $request, + IURLGenerator $urlGenerator, + ILogger $logger + ) { + $this->appName = $appName; + $this->request = $request; + $this->urlGenerator = $urlGenerator; + $this->logger = $logger; + } + + /** + * If a CheckException is being caught, ajax requests return a JSON + * error response and non ajax requests redirect an error page + * + * @inheritDoc + */ + public function afterException( + $controller, $methodName, \Exception $exception + ) { + if ($exception instanceof CheckException) { + $appName = $this->appName; + $message = $exception->getMessage(); + $code = $exception->getCode(); + + $this->logger->debug( + "[TokenCheckException] {message} ({code})", + array( + 'app' => $appName, + 'message' => $message, + 'code' => $code + ) + ); + + if (stripos($this->request->getHeader('Accept'), 'html') === false + ) { + $response = new JSONResponse( + array( + 'message' => $message, + 'success' => false + ), + $code + ); + + $this->logger->debug( + "[TokenCheckException] JSON response", + array( + 'app' => $appName + ) + ); + + } else { + $this->logger->debug( + "[CheckException] HTML response", + array( + 'app' => $appName + ) + ); + + if ($code === 401) { + $params = $this->request->getParams(); + + $this->logger->debug( + '[CheckException] Unauthorised Request params: {params}', + array( + 'app' => $appName, + 'params' => $params + ) + ); + + /** + * We need to render a template or we'll have an endless + * loop as this is called before the controller can render + * a template + */ + return new TemplateResponse( + $appName, 'authenticate', $params, + 'guest' + ); + + } else { + $url = $this->urlGenerator->linkToRoute( + $this->appName . '.page.error_page', + array( + 'message' => $message, + 'code' => $code + ) + ); + } + + $response = new RedirectResponse($url); + } + + return $response; + } + + throw $exception; + } + +}
\ No newline at end of file diff --git a/middleware/sessionmiddleware.php b/middleware/sessionmiddleware.php new file mode 100644 index 00000000..9e351e26 --- /dev/null +++ b/middleware/sessionmiddleware.php @@ -0,0 +1,108 @@ +<?php +/** + * ownCloud - Gallery plus + * + * This file is licensed under the Affero General Public License version 3 or + * later. See the COPYING file. + * + * @author Thomas Müller <deepdiver@owncloud.com> + * @author Olivier Paroz <owncloud@interfasys.ch> + * + * @copyright Thomas Müller 2014-2015 + * @copyright Olivier Paroz 2014-2015 + */ + +namespace OCA\GalleryPlus\Middleware; + +// FIXME: Private API. Fix only available in OC8 +use \OC\AppFramework\Utility\ControllerMethodReflector; + +use OCP\IRequest; +use OCP\ISession; +use OCP\ILogger; + +use OCP\AppFramework\Http\Response; +use OCP\AppFramework\Middleware; + + +/** + * Closes the session unless a controller methods specifically asks for it to + * stay open + * + * @package OCA\GalleryPlus\Middleware + */ +class SessionMiddleware extends Middleware { + + /** + * @type IRequest + */ + private $request; + /** + * @type ControllerMethodReflector + */ + private $reflector; + + /** + * @type ISession + */ + private $session; + /** + * @type ILogger + */ + private $logger; + + /** + * @param IRequest $request + * @param ControllerMethodReflector $reflector + * @param ISession $session + * @param ILogger $logger + */ + public function __construct( + IRequest $request, + ControllerMethodReflector $reflector, + ISession $session, + ILogger $logger + ) { + $this->request = $request; + $this->reflector = $reflector; + $this->session = $session; + $this->logger = $logger; + } + + /** + * Closes the session BEFORE calling the controller unless the method + * contains @UseSession + * + * @inheritDoc + */ + public function beforeController($controller, $methodName) { + // This needs to be done here as the Dispatcher does not call our reflector + $this->reflector->reflect($controller, $methodName); + + $useSession = $this->reflector->hasAnnotation('UseSession'); + if (!$useSession) { + $this->session->close(); + } + } + + /** + * Closes the session AFTER calling the controller unless the method + * contains @UseSession + * + * @inheritDoc + */ + public function afterController( + $controller, + $methodName, + Response $response + ) { + $useSession = $this->reflector->hasAnnotation('UseSession'); + + if ($useSession) { + $this->session->close(); + } + + return $response; + } + +} diff --git a/middleware/sharingcheckmiddleware.php b/middleware/sharingcheckmiddleware.php new file mode 100644 index 00000000..a39f3940 --- /dev/null +++ b/middleware/sharingcheckmiddleware.php @@ -0,0 +1,116 @@ +<?php +/** + * ownCloud - galleryplus + * + * This file is licensed under the Affero General Public License version 3 or + * later. See the COPYING file. + * + * @author Lukas Reschke <lukas@owncloud.com> + * @author Olivier Paroz <owncloud@interfasys.ch> + * + * @copyright Lukas Reschke 2014-2015 + * @copyright Olivier Paroz 2014-2015 + */ + +namespace OCA\GalleryPlus\Middleware; + +// FIXME: Private API. Fix only available in OC8 +use \OC\AppFramework\Utility\ControllerMethodReflector; + +use OCP\IAppConfig; +use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\ILogger; + +use OCP\AppFramework\Http; + +/** + * Checks whether the "sharing check" is enabled + * + * @package OCA\Files_Sharing\Middleware + */ +class SharingCheckMiddleware extends CheckMiddleware { + + /** + * @type IAppConfig + * */ + private $appConfig; + /** + * @type ControllerMethodReflector + */ + protected $reflector; + + /*** + * Constructor + * + * @param string $appName + * @param IRequest $request + * @param IAppConfig $appConfig + * @param ControllerMethodReflector $reflector + * @param IURLGenerator $urlGenerator + * @param ILogger $logger + */ + public function __construct( + $appName, + IRequest $request, + IAppConfig $appConfig, + ControllerMethodReflector $reflector, + IURLGenerator $urlGenerator, + ILogger $logger + ) { + parent::__construct( + $appName, + $request, + $urlGenerator, + $logger + ); + + $this->appConfig = $appConfig; + $this->reflector = $reflector; + } + + /** + * Check if sharing is enabled before the controllers is executed + * + * Inspects the controller method annotations and if PublicPage is found + * it makes sure that sharing is enabled in the configuration settings + * + * The check is not performed on "guest" pages which don't require sharing + * to be enabled + * + * @inheritDoc + */ + public function beforeController($controller, $methodName) { + $sharingEnabled = $this->isSharingEnabled(); + + // This needs to be done here as the Dispatcher does not call our reflector + $this->reflector->reflect($controller, $methodName); + + $isPublicPage = $this->reflector->hasAnnotation('PublicPage'); + $isGuest = $this->reflector->hasAnnotation('Guest'); + + if ($isPublicPage && !$isGuest && !$sharingEnabled) { + throw new CheckException( + 'Sharing is disabled', + Http::STATUS_SERVICE_UNAVAILABLE + ); + } + } + + /** + * Checks whether sharing is enabled in the OC config + * + * @return bool + */ + private function isSharingEnabled() { + // Check whether public sharing (via links) is enabled + if ($this->appConfig->getValue('core', 'shareapi_allow_links', 'yes') + !== 'yes' + ) { + return false; + } + + return true; + } + +}
\ No newline at end of file diff --git a/middleware/tokencheckmiddleware.php b/middleware/tokencheckmiddleware.php new file mode 100644 index 00000000..0ec4585f --- /dev/null +++ b/middleware/tokencheckmiddleware.php @@ -0,0 +1,139 @@ +<?php +/** + * ownCloud - galleryplus + * + * This file is licensed under the Affero General Public License version 3 or + * later. See the COPYING file. + * + * @author Olivier Paroz <owncloud@interfasys.ch> + * @author Bernhard Posselt <dev@bernhard-posselt.com> + * + * @copyright Olivier Paroz 2014-2015 + * @copyright Bernhard Posselt 2012-2015 + */ + +namespace OCA\GalleryPlus\Middleware; + +// FIXME: Private API. Fix only available in OC8 +use \OC\AppFramework\Utility\ControllerMethodReflector; + +use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\ILogger; + +use OCP\AppFramework\Http; + +use OCA\GalleryPlus\Service\EnvironmentService; +use OCA\GalleryPlus\Service\ServiceException; + + +/** + * Checks that we have a valid token linked to a valid resource and that the + * user is authorised to access it + * + * @package OCA\GalleryPlus\Middleware + */ +class TokenCheckMiddleware extends CheckMiddleware { + + /** + * @type EnvironmentService + */ + private $environmentService; + /** + * @type ControllerMethodReflector + */ + protected $reflector; + + /*** + * Constructor + * + * @param string $appName + * @param IRequest $request + * @param EnvironmentService $environmentService + * @param ControllerMethodReflector $reflector + * @param IURLGenerator $urlGenerator + * @param ILogger $logger + */ + public function __construct( + $appName, + IRequest $request, + EnvironmentService $environmentService, + ControllerMethodReflector $reflector, + IURLGenerator $urlGenerator, + ILogger $logger + ) { + parent::__construct( + $appName, + $request, + $urlGenerator, + $logger + ); + + $this->environmentService = $environmentService; + $this->reflector = $reflector; + } + + /** + * Checks that we have a valid token linked to a valid resource and that the + * user is authorised to access it + * + * Inspects the controller method annotations and if PublicPage is found + * it checks that we have token and an optional password giving access to a + * valid resource + * + * The check is not performed on "guest" pages which don't require a token + * + * @inheritDoc + */ + public function beforeController($controller, $methodName) { + $token = $this->request->getParam('token'); + $password = $this->request->getParam('password'); + + // This needs to be done here as the Dispatcher does not call our reflector + $this->reflector->reflect($controller, $methodName); + + $isPublicPage = $this->reflector->hasAnnotation('PublicPage'); + $isGuest = $this->reflector->hasAnnotation('Guest'); + + if ($isPublicPage && !$isGuest) { + if (!$token) { + throw new CheckException( + "Can't access a public resource without a token", + Http::STATUS_NOT_FOUND + ); + } else { // We have a token + + // Let's see if it's linked to a valid resource + try { + $this->environmentService->checkToken($token); + } catch (ServiceException $exception) { + throw new CheckException( + $exception->getMessage(), + $exception->getCode() + ); + } + + // Let's see if the user needs to provide a password + try { + $this->environmentService->checkAuthorisation($password); + } catch (ServiceException $exception) { + throw new CheckException( + $exception->getMessage(), + $exception->getCode() + ); + } + + // Let's see if we can set up the environment for the controller + try { + $this->environmentService->setupTokenBasedEnv(); + } catch (ServiceException $exception) { + throw new CheckException( + $exception->getMessage(), + $exception->getCode() + ); + } + } + } + } + +}
\ No newline at end of file |