mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 997 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71738 Commits
365 Branches
Tree: 82b5a19a35
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82b5a19a35'
${ noResults }
nextcloud/apps/files_sharing/lib/Controller/PublicPreviewController.php

PublicPreviewController.php 6.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>

  4.  *

  5.  * @author Julius Härtl <jus@bitgrid.net>

  6.  * @author Morris Jobke <hey@morrisjobke.de>

  7.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  8.  * @author Kate Döen <kate.doeen@nextcloud.com>

  9.  *

  10.  * @license GNU AGPL version 3 or any later version

  11.  *

  12.  * This program is free software: you can redistribute it and/or modify

  13.  * it under the terms of the GNU Affero General Public License as

  14.  * published by the Free Software Foundation, either version 3 of the

  15.  * License, or (at your option) any later version.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU Affero General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU Affero General Public License

  23.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  24.  *

  25.  */

  26. namespace OCA\Files_Sharing\Controller;

  27. 

  28. use OCP\AppFramework\Http;

  29. use OCP\AppFramework\Http\DataResponse;

  30. use OCP\AppFramework\Http\FileDisplayResponse;

  31. use OCP\AppFramework\PublicShareController;

  32. use OCP\Constants;

  33. use OCP\Files\Folder;

  34. use OCP\Files\NotFoundException;

  35. use OCP\IPreview;

  36. use OCP\IRequest;

  37. use OCP\ISession;

  38. use OCP\Share\Exceptions\ShareNotFound;

  39. use OCP\Share\IManager as ShareManager;

  40. use OCP\Share\IShare;

  41. 

  42. class PublicPreviewController extends PublicShareController {

  43. 

  44. 	/** @var ShareManager */

  45. 	private $shareManager;

  46. 

  47. 	/** @var IPreview */

  48. 	private $previewManager;

  49. 

  50. 	/** @var IShare */

  51. 	private $share;

  52. 

  53. 	public function __construct(string $appName,

  54. 		IRequest $request,

  55. 		ShareManager $shareManger,

  56. 		ISession $session,

  57. 		IPreview $previewManager) {

  58. 		parent::__construct($appName, $request, $session);

  59. 

  60. 		$this->shareManager = $shareManger;

  61. 		$this->previewManager = $previewManager;

  62. 	}

  63. 

  64. 	protected function getPasswordHash(): ?string {

  65. 		return $this->share->getPassword();

  66. 	}

  67. 

  68. 	public function isValidToken(): bool {

  69. 		try {

  70. 			$this->share = $this->shareManager->getShareByToken($this->getToken());

  71. 			return true;

  72. 		} catch (ShareNotFound $e) {

  73. 			return false;

  74. 		}

  75. 	}

  76. 

  77. 	protected function isPasswordProtected(): bool {

  78. 		return $this->share->getPassword() !== null;

  79. 	}

  80. 

  81. 

  82. 	/**

  83. 	 * @PublicPage

  84. 	 * @NoCSRFRequired

  85. 	 *

  86. 	 * Get a preview for a shared file

  87. 	 *

  88. 	 * @param string $token Token of the share

  89. 	 * @param string $file File in the share

  90. 	 * @param int $x Width of the preview

  91. 	 * @param int $y Height of the preview

  92. 	 * @param bool $a Whether to not crop the preview

  93. 	 * @return FileDisplayResponse<Http::STATUS_OK, array{Content-Type: string}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_FORBIDDEN|Http::STATUS_NOT_FOUND, array<empty>, array{}>

  94. 	 *

  95. 	 * 200: Preview returned

  96. 	 * 400: Getting preview is not possible

  97. 	 * 403: Getting preview is not allowed

  98. 	 * 404: Share or preview not found

  99. 	 */

  100. 	public function getPreview(

  101. 		string $token,

  102. 		string $file = '',

  103. 		int $x = 32,

  104. 		int $y = 32,

  105. 		$a = false

  106. 	) {

  107. 		if ($token === '' || $x === 0 || $y === 0) {

  108. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  109. 		}

  110. 

  111. 		try {

  112. 			$share = $this->shareManager->getShareByToken($token);

  113. 		} catch (ShareNotFound $e) {

  114. 			return new DataResponse([], Http::STATUS_NOT_FOUND);

  115. 		}

  116. 

  117. 		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {

  118. 			return new DataResponse([], Http::STATUS_FORBIDDEN);

  119. 		}

  120. 

  121. 		$attributes = $share->getAttributes();

  122. 		if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {

  123. 			return new DataResponse([], Http::STATUS_FORBIDDEN);

  124. 		}

  125. 

  126. 		try {

  127. 			$node = $share->getNode();

  128. 			if ($node instanceof Folder) {

  129. 				$file = $node->get($file);

  130. 			} else {

  131. 				$file = $node;

  132. 			}

  133. 

  134. 			$f = $this->previewManager->getPreview($file, $x, $y, !$a);

  135. 			$response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);

  136. 			$response->cacheFor(3600 * 24);

  137. 			return $response;

  138. 		} catch (NotFoundException $e) {

  139. 			return new DataResponse([], Http::STATUS_NOT_FOUND);

  140. 		} catch (\InvalidArgumentException $e) {

  141. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  142. 		}

  143. 	}

  144. 

  145. 	/**

  146. 	 * @PublicPage

  147. 	 * @NoCSRFRequired

  148. 	 * @NoSameSiteCookieRequired

  149. 	 *

  150. 	 * Get a direct link preview for a shared file

  151. 	 *

  152. 	 * @param string $token Token of the share

  153. 	 * @return FileDisplayResponse<Http::STATUS_OK, array{Content-Type: string}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_FORBIDDEN|Http::STATUS_NOT_FOUND, array<empty>, array{}>

  154. 	 *

  155. 	 * 200: Preview returned

  156. 	 * 400: Getting preview is not possible

  157. 	 * 403: Getting preview is not allowed

  158. 	 * 404: Share or preview not found

  159. 	 */

  160. 	public function directLink(string $token) {

  161. 		// No token no image

  162. 		if ($token === '') {

  163. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  164. 		}

  165. 

  166. 		// No share no image

  167. 		try {

  168. 			$share = $this->shareManager->getShareByToken($token);

  169. 		} catch (ShareNotFound $e) {

  170. 			return new DataResponse([], Http::STATUS_NOT_FOUND);

  171. 		}

  172. 

  173. 		// No permissions no image

  174. 		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {

  175. 			return new DataResponse([], Http::STATUS_FORBIDDEN);

  176. 		}

  177. 

  178. 		// Password protected shares have no direct link!

  179. 		if ($share->getPassword() !== null) {

  180. 			return new DataResponse([], Http::STATUS_FORBIDDEN);

  181. 		}

  182. 

  183. 		$attributes = $share->getAttributes();

  184. 		if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {

  185. 			return new DataResponse([], Http::STATUS_FORBIDDEN);

  186. 		}

  187. 

  188. 		try {

  189. 			$node = $share->getNode();

  190. 			if ($node instanceof Folder) {

  191. 				// Direct link only works for single files

  192. 				return new DataResponse([], Http::STATUS_BAD_REQUEST);

  193. 			}

  194. 

  195. 			$f = $this->previewManager->getPreview($node, -1, -1, false);

  196. 			$response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);

  197. 			$response->cacheFor(3600 * 24);

  198. 			return $response;

  199. 		} catch (NotFoundException $e) {

  200. 			return new DataResponse([], Http::STATUS_NOT_FOUND);

  201. 		} catch (\InvalidArgumentException $e) {

  202. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  203. 		}

  204. 	}

  205. }