mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 987 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69695 Commits
414 Branches
Tree: 8b9e7e235d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8b9e7e235d'
${ noResults }
nextcloud/apps/files_sharing/lib/External/Storage.php

Storage.php 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  *

  8.  * @author Bjoern Schiessle <bjoern@schiessle.org>

  9.  * @author Björn Schießle <bjoern@schiessle.org>

  10.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  11.  * @author Daniel Kesselberg <mail@danielkesselberg.de>

  12.  * @author Joas Schilling <coding@schilljs.com>

  13.  * @author Lukas Reschke <lukas@statuscode.ch>

  14.  * @author Maxence Lange <maxence@artificial-owl.com>

  15.  * @author Morris Jobke <hey@morrisjobke.de>

  16.  * @author Robin Appelman <robin@icewind.nl>

  17.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  18.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  19.  * @author Vincent Petry <vincent@nextcloud.com>

  20.  *

  21.  * @license AGPL-3.0

  22.  *

  23.  * This code is free software: you can redistribute it and/or modify

  24.  * it under the terms of the GNU Affero General Public License, version 3,

  25.  * as published by the Free Software Foundation.

  26.  *

  27.  * This program is distributed in the hope that it will be useful,

  28.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  29.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  30.  * GNU Affero General Public License for more details.

  31.  *

  32.  * You should have received a copy of the GNU Affero General Public License, version 3,

  33.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  34.  *

  35.  */

  36. namespace OCA\Files_Sharing\External;

  37. 

  38. use GuzzleHttp\Exception\ClientException;

  39. use GuzzleHttp\Exception\ConnectException;

  40. use GuzzleHttp\Exception\RequestException;

  41. use OC\Files\Storage\DAV;

  42. use OC\ForbiddenException;

  43. use OCA\Files_Sharing\External\Manager as ExternalShareManager;

  44. use OCA\Files_Sharing\ISharedStorage;

  45. use OCP\AppFramework\Http;

  46. use OCP\Constants;

  47. use OCP\Federation\ICloudId;

  48. use OCP\Files\NotFoundException;

  49. use OCP\Files\Storage\IDisableEncryptionStorage;

  50. use OCP\Files\Storage\IReliableEtagStorage;

  51. use OCP\Files\StorageInvalidException;

  52. use OCP\Files\StorageNotAvailableException;

  53. use OCP\Http\Client\IClientService;

  54. use OCP\Http\Client\LocalServerException;

  55. use OCP\ICacheFactory;

  56. use OCP\OCM\Exceptions\OCMArgumentException;

  57. use OCP\OCM\Exceptions\OCMProviderException;

  58. use OCP\OCM\IOCMDiscoveryService;

  59. use OCP\Server;

  60. use Psr\Log\LoggerInterface;

  61. 

  62. class Storage extends DAV implements ISharedStorage, IDisableEncryptionStorage, IReliableEtagStorage {

  63. 	private ICloudId $cloudId;

  64. 	private string $mountPoint;

  65. 	private string $token;

  66. 	private ICacheFactory $memcacheFactory;

  67. 	private IClientService $httpClient;

  68. 	private bool $updateChecked = false;

  69. 	private ExternalShareManager $manager;

  70. 

  71. 	/**

  72. 	 * @param array{HttpClientService: IClientService, manager: ExternalShareManager, cloudId: ICloudId, mountpoint: string, token: string, password: ?string}|array $options

  73. 	 */

  74. 	public function __construct($options) {

  75. 		$this->memcacheFactory = \OC::$server->getMemCacheFactory();

  76. 		$this->httpClient = $options['HttpClientService'];

  77. 		$this->manager = $options['manager'];

  78. 		$this->cloudId = $options['cloudId'];

  79. 		$this->logger = Server::get(LoggerInterface::class);

  80. 		$discoveryService = Server::get(IOCMDiscoveryService::class);

  81. 

  82. 		// use default path to webdav if not found on discovery

  83. 		try {

  84. 			$ocmProvider = $discoveryService->discover($this->cloudId->getRemote());

  85. 			$webDavEndpoint = $ocmProvider->extractProtocolEntry('file', 'webdav');

  86. 			$remote = $ocmProvider->getEndPoint();

  87. 		} catch (OCMProviderException|OCMArgumentException $e) {

  88. 			$this->logger->notice('exception while retrieving webdav endpoint', ['exception' => $e]);

  89. 			$webDavEndpoint = '/public.php/webdav';

  90. 			$remote = $this->cloudId->getRemote();

  91. 		}

  92. 

  93. 		$host = parse_url($remote, PHP_URL_HOST);

  94. 		$port = parse_url($remote, PHP_URL_PORT);

  95. 		$host .= (null === $port) ? '' : ':' . $port; // we add port if available

  96. 

  97. 		// in case remote NC is on a sub folder and using deprecated ocm provider

  98. 		$tmpPath = rtrim(parse_url($this->cloudId->getRemote(), PHP_URL_PATH) ?? '', '/');

  99. 		if (!str_starts_with($webDavEndpoint, $tmpPath)) {

  100. 			$webDavEndpoint = $tmpPath . $webDavEndpoint;

  101. 		}

  102. 

  103. 		$this->mountPoint = $options['mountpoint'];

  104. 		$this->token = $options['token'];

  105. 

  106. 		parent::__construct(

  107. 			[

  108. 				'secure' => ((parse_url($remote, PHP_URL_SCHEME) ?? 'https') === 'https'),

  109. 				'host' => $host,

  110. 				'root' => $webDavEndpoint,

  111. 				'user' => $options['token'],

  112. 				'password' => (string)$options['password']

  113. 			]

  114. 		);

  115. 	}

  116. 

  117. 	public function getWatcher($path = '', $storage = null) {

  118. 		if (!$storage) {

  119. 			$storage = $this;

  120. 		}

  121. 		if (!isset($this->watcher)) {

  122. 			$this->watcher = new Watcher($storage);

  123. 			$this->watcher->setPolicy(\OC\Files\Cache\Watcher::CHECK_ONCE);

  124. 		}

  125. 		return $this->watcher;

  126. 	}

  127. 

  128. 	public function getRemoteUser(): string {

  129. 		return $this->cloudId->getUser();

  130. 	}

  131. 

  132. 	public function getRemote(): string {

  133. 		return $this->cloudId->getRemote();

  134. 	}

  135. 

  136. 	public function getMountPoint(): string {

  137. 		return $this->mountPoint;

  138. 	}

  139. 

  140. 	public function getToken(): string {

  141. 		return $this->token;

  142. 	}

  143. 

  144. 	public function getPassword(): ?string {

  145. 		return $this->password;

  146. 	}

  147. 

  148. 	/**

  149. 	 * Get id of the mount point.

  150. 	 * @return string

  151. 	 */

  152. 	public function getId() {

  153. 		return 'shared::' . md5($this->token . '@' . $this->getRemote());

  154. 	}

  155. 

  156. 	public function getCache($path = '', $storage = null) {

  157. 		if (is_null($this->cache)) {

  158. 			$this->cache = new Cache($this, $this->cloudId);

  159. 		}

  160. 		return $this->cache;

  161. 	}

  162. 

  163. 	/**

  164. 	 * @param string $path

  165. 	 * @param \OC\Files\Storage\Storage $storage

  166. 	 * @return \OCA\Files_Sharing\External\Scanner

  167. 	 */

  168. 	public function getScanner($path = '', $storage = null) {

  169. 		if (!$storage) {

  170. 			$storage = $this;

  171. 		}

  172. 		if (!isset($this->scanner)) {

  173. 			$this->scanner = new Scanner($storage);

  174. 		}

  175. 		return $this->scanner;

  176. 	}

  177. 

  178. 	/**

  179. 	 * Check if a file or folder has been updated since $time

  180. 	 *

  181. 	 * @param string $path

  182. 	 * @param int $time

  183. 	 * @throws \OCP\Files\StorageNotAvailableException

  184. 	 * @throws \OCP\Files\StorageInvalidException

  185. 	 * @return bool

  186. 	 */

  187. 	public function hasUpdated($path, $time) {

  188. 		// since for owncloud webdav servers we can rely on etag propagation we only need to check the root of the storage

  189. 		// because of that we only do one check for the entire storage per request

  190. 		if ($this->updateChecked) {

  191. 			return false;

  192. 		}

  193. 		$this->updateChecked = true;

  194. 		try {

  195. 			return parent::hasUpdated('', $time);

  196. 		} catch (StorageInvalidException $e) {

  197. 			// check if it needs to be removed

  198. 			$this->checkStorageAvailability();

  199. 			throw $e;

  200. 		} catch (StorageNotAvailableException $e) {

  201. 			// check if it needs to be removed or just temp unavailable

  202. 			$this->checkStorageAvailability();

  203. 			throw $e;

  204. 		}

  205. 	}

  206. 

  207. 	public function test() {

  208. 		try {

  209. 			return parent::test();

  210. 		} catch (StorageInvalidException $e) {

  211. 			// check if it needs to be removed

  212. 			$this->checkStorageAvailability();

  213. 			throw $e;

  214. 		} catch (StorageNotAvailableException $e) {

  215. 			// check if it needs to be removed or just temp unavailable

  216. 			$this->checkStorageAvailability();

  217. 			throw $e;

  218. 		}

  219. 	}

  220. 

  221. 	/**

  222. 	 * Check whether this storage is permanently or temporarily

  223. 	 * unavailable

  224. 	 *

  225. 	 * @throws \OCP\Files\StorageNotAvailableException

  226. 	 * @throws \OCP\Files\StorageInvalidException

  227. 	 */

  228. 	public function checkStorageAvailability() {

  229. 		// see if we can find out why the share is unavailable

  230. 		try {

  231. 			$this->getShareInfo(0);

  232. 		} catch (NotFoundException $e) {

  233. 			// a 404 can either mean that the share no longer exists or there is no Nextcloud on the remote

  234. 			if ($this->testRemote()) {

  235. 				// valid Nextcloud instance means that the public share no longer exists

  236. 				// since this is permanent (re-sharing the file will create a new token)

  237. 				// we remove the invalid storage

  238. 				$this->manager->removeShare($this->mountPoint);

  239. 				$this->manager->getMountManager()->removeMount($this->mountPoint);

  240. 				throw new StorageInvalidException("Remote share not found", 0, $e);

  241. 			} else {

  242. 				// Nextcloud instance is gone, likely to be a temporary server configuration error

  243. 				throw new StorageNotAvailableException("No nextcloud instance found at remote", 0, $e);

  244. 			}

  245. 		} catch (ForbiddenException $e) {

  246. 			// auth error, remove share for now (provide a dialog in the future)

  247. 			$this->manager->removeShare($this->mountPoint);

  248. 			$this->manager->getMountManager()->removeMount($this->mountPoint);

  249. 			throw new StorageInvalidException("Auth error when getting remote share");

  250. 		} catch (\GuzzleHttp\Exception\ConnectException $e) {

  251. 			throw new StorageNotAvailableException("Failed to connect to remote instance", 0, $e);

  252. 		} catch (\GuzzleHttp\Exception\RequestException $e) {

  253. 			throw new StorageNotAvailableException("Error while sending request to remote instance", 0, $e);

  254. 		}

  255. 	}

  256. 

  257. 	public function file_exists($path) {

  258. 		if ($path === '') {

  259. 			return true;

  260. 		} else {

  261. 			return parent::file_exists($path);

  262. 		}

  263. 	}

  264. 

  265. 	/**

  266. 	 * Check if the configured remote is a valid federated share provider

  267. 	 *

  268. 	 * @return bool

  269. 	 */

  270. 	protected function testRemote(): bool {

  271. 		try {

  272. 			return $this->testRemoteUrl($this->getRemote() . '/ocm-provider/index.php')

  273. 				   || $this->testRemoteUrl($this->getRemote() . '/ocm-provider/')

  274. 				   || $this->testRemoteUrl($this->getRemote() . '/status.php');

  275. 		} catch (\Exception $e) {

  276. 			return false;

  277. 		}

  278. 	}

  279. 

  280. 	private function testRemoteUrl(string $url): bool {

  281. 		$cache = $this->memcacheFactory->createDistributed('files_sharing_remote_url');

  282. 		$cached = $cache->get($url);

  283. 		if ($cached !== null) {

  284. 			return (bool)$cached;

  285. 		}

  286. 

  287. 		$client = $this->httpClient->newClient();

  288. 		try {

  289. 			$result = $client->get($url, [

  290. 				'timeout' => 10,

  291. 				'connect_timeout' => 10,

  292. 			])->getBody();

  293. 			$data = json_decode($result);

  294. 			$returnValue = (is_object($data) && !empty($data->version));

  295. 		} catch (ConnectException $e) {

  296. 			$returnValue = false;

  297. 		} catch (ClientException $e) {

  298. 			$returnValue = false;

  299. 		} catch (RequestException $e) {

  300. 			$returnValue = false;

  301. 		}

  302. 

  303. 		$cache->set($url, $returnValue, 60 * 60 * 24);

  304. 		return $returnValue;

  305. 	}

  306. 

  307. 	/**

  308. 	 * Check whether the remote is an ownCloud/Nextcloud. This is needed since some sharing

  309. 	 * features are not standardized.

  310. 	 *

  311. 	 * @throws LocalServerException

  312. 	 */

  313. 	public function remoteIsOwnCloud(): bool {

  314. 		if (defined('PHPUNIT_RUN') || !$this->testRemoteUrl($this->getRemote() . '/status.php')) {

  315. 			return false;

  316. 		}

  317. 		return true;

  318. 	}

  319. 

  320. 	/**

  321. 	 * @return mixed

  322. 	 * @throws ForbiddenException

  323. 	 * @throws NotFoundException

  324. 	 * @throws \Exception

  325. 	 */

  326. 	public function getShareInfo(int $depth = -1) {

  327. 		$remote = $this->getRemote();

  328. 		$token = $this->getToken();

  329. 		$password = $this->getPassword();

  330. 

  331. 		try {

  332. 			// If remote is not an ownCloud do not try to get any share info

  333. 			if (!$this->remoteIsOwnCloud()) {

  334. 				return ['status' => 'unsupported'];

  335. 			}

  336. 		} catch (LocalServerException $e) {

  337. 			// throw this to be on the safe side: the share will still be visible

  338. 			// in the UI in case the failure is intermittent, and the user will

  339. 			// be able to decide whether to remove it if it's really gone

  340. 			throw new StorageNotAvailableException();

  341. 		}

  342. 

  343. 		$url = rtrim($remote, '/') . '/index.php/apps/files_sharing/shareinfo?t=' . $token;

  344. 

  345. 		// TODO: DI

  346. 		$client = \OC::$server->getHTTPClientService()->newClient();

  347. 		try {

  348. 			$response = $client->post($url, [

  349. 				'body' => ['password' => $password, 'depth' => $depth],

  350. 				'timeout' => 10,

  351. 				'connect_timeout' => 10,

  352. 			]);

  353. 		} catch (\GuzzleHttp\Exception\RequestException $e) {

  354. 			if ($e->getCode() === Http::STATUS_UNAUTHORIZED || $e->getCode() === Http::STATUS_FORBIDDEN) {

  355. 				throw new ForbiddenException();

  356. 			}

  357. 			if ($e->getCode() === Http::STATUS_NOT_FOUND) {

  358. 				throw new NotFoundException();

  359. 			}

  360. 			// throw this to be on the safe side: the share will still be visible

  361. 			// in the UI in case the failure is intermittent, and the user will

  362. 			// be able to decide whether to remove it if it's really gone

  363. 			throw new StorageNotAvailableException();

  364. 		}

  365. 

  366. 		return json_decode($response->getBody(), true);

  367. 	}

  368. 

  369. 	public function getOwner($path) {

  370. 		return $this->cloudId->getDisplayId();

  371. 	}

  372. 

  373. 	public function isSharable($path): bool {

  374. 		if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) {

  375. 			return false;

  376. 		}

  377. 		return (bool)($this->getPermissions($path) & Constants::PERMISSION_SHARE);

  378. 	}

  379. 

  380. 	public function getPermissions($path): int {

  381. 		$response = $this->propfind($path);

  382. 		// old federated sharing permissions

  383. 		if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {

  384. 			$permissions = (int)$response['{http://open-collaboration-services.org/ns}share-permissions'];

  385. 		} elseif (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) {

  386. 			// permissions provided by the OCM API

  387. 			$permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions'], $path);

  388. 		} elseif (isset($response['{http://owncloud.org/ns}permissions'])) {

  389. 			return $this->parsePermissions($response['{http://owncloud.org/ns}permissions']);

  390. 		} else {

  391. 			// use default permission if remote server doesn't provide the share permissions

  392. 			$permissions = $this->getDefaultPermissions($path);

  393. 		}

  394. 

  395. 		return $permissions;

  396. 	}

  397. 

  398. 	public function needsPartFile() {

  399. 		return false;

  400. 	}

  401. 

  402. 	/**

  403. 	 * Translate OCM Permissions to Nextcloud permissions

  404. 	 *

  405. 	 * @param string $ocmPermissions json encoded OCM permissions

  406. 	 * @param string $path path to file

  407. 	 * @return int

  408. 	 */

  409. 	protected function ocmPermissions2ncPermissions(string $ocmPermissions, string $path): int {

  410. 		try {

  411. 			$ocmPermissions = json_decode($ocmPermissions);

  412. 			$ncPermissions = 0;

  413. 			foreach ($ocmPermissions as $permission) {

  414. 				switch (strtolower($permission)) {

  415. 					case 'read':

  416. 						$ncPermissions += Constants::PERMISSION_READ;

  417. 						break;

  418. 					case 'write':

  419. 						$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;

  420. 						break;

  421. 					case 'share':

  422. 						$ncPermissions += Constants::PERMISSION_SHARE;

  423. 						break;

  424. 					default:

  425. 						throw new \Exception();

  426. 				}

  427. 			}

  428. 		} catch (\Exception $e) {

  429. 			$ncPermissions = $this->getDefaultPermissions($path);

  430. 		}

  431. 

  432. 		return $ncPermissions;

  433. 	}

  434. 

  435. 	/**

  436. 	 * Calculate the default permissions in case no permissions are provided

  437. 	 */

  438. 	protected function getDefaultPermissions(string $path): int {

  439. 		if ($this->is_dir($path)) {

  440. 			$permissions = Constants::PERMISSION_ALL;

  441. 		} else {

  442. 			$permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE;

  443. 		}

  444. 

  445. 		return $permissions;

  446. 	}

  447. 

  448. 	public function free_space($path) {

  449. 		return parent::free_space("");

  450. 	}

  451. }