Move publicpreview over

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

3 files changed, 119 insertions, 133 deletions

diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
deleted file mode 100644
index 4c60f9c20ca..00000000000
--- a/apps/files_sharing/ajax/publicpreview.php
+++ /dev/null
@@ -1,126 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Björn Schießle <bjoern@schiessle.org>
- * @author Georg Ehrke <georg@owncloud.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-OCP\JSON::checkAppEnabled('files_sharing');
-
-\OC_User::setIncognitoMode(true);
-
-$file = array_key_exists('file', $_GET) ? (string) $_GET['file'] : '';
-$maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : '32';
-$maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : '32';
-$scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true;
-$token = array_key_exists('t', $_GET) ? (string) $_GET['t'] : '';
-$keepAspect = array_key_exists('a', $_GET) ? true : false;
-
-if($token === ''){
-	\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
-	\OCP\Util::writeLog('core-preview', 'No token parameter was passed', \OCP\Util::DEBUG);
-	exit;
-}
-
-$linkedItem = \OCP\Share::getShareByToken($token);
-$shareManager = \OC::$server->getShareManager();
-$share = $shareManager->getShareByToken($token);
-if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
-	OCP\JSON::error(array('data' => 'Share is not readable.'));
-	exit();
-}
-
-if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
-	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
-	\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
-	exit;
-}
-
-if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
-	\OC_Response::setStatus(\OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-	\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
-	exit;
-}
-
-$rootLinkItem = OCP\Share::resolveReShare($linkedItem);
-$userId = $rootLinkItem['uid_owner'];
-
-OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
-\OC_Util::setupFS($userId);
-\OC\Files\Filesystem::initMountPoints($userId);
-$view = new \OC\Files\View('/' . $userId . '/files');
-
-$pathId = $linkedItem['file_source'];
-$path = $view->getPath($pathId);
-
-if($path === null) {
-	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
-	\OCP\Util::writeLog('core-preview', 'Could not resolve file for shared item', \OCP\Util::WARN);
-	exit;
-}
-
-$pathInfo = $view->getFileInfo($path);
-$sharedFile = null;
-
-if($linkedItem['item_type'] === 'folder') {
-	$isValid = \OC\Files\Filesystem::isValidPath($file);
-	if(!$isValid) {
-		\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
-		\OCP\Util::writeLog('core-preview', 'Passed filename is not valid, might be malicious (file:"' . $file . '";ip:"' . \OC::$server->getRequest()->getRemoteAddress() . '")', \OCP\Util::WARN);
-		exit;
-	}
-	$sharedFile = \OC\Files\Filesystem::normalizePath($file);
-}
-
-if($linkedItem['item_type'] === 'file') {
-	$parent = $pathInfo['parent'];
-	$path = $view->getPath($parent);
-	$sharedFile = $pathInfo['name'];
-}
-
-$path = \OC\Files\Filesystem::normalizePath($path, false);
-if(substr($path, 0, 1) === '/') {
-	$path = substr($path, 1);
-}
-
-if($maxX === 0 || $maxY === 0) {
-	\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
-	\OCP\Util::writeLog('core-preview', 'x and/or y set to 0', \OCP\Util::DEBUG);
-	exit;
-}
-
-$root = 'files/' . $path;
-
-try{
-	$preview = new \OC\Preview($userId, $root);
-	$preview->setFile($sharedFile);
-	$preview->setMaxX($maxX);
-	$preview->setMaxY($maxY);
-	$preview->setScalingUp($scalingUp);
-	$preview->setKeepAspect($keepAspect);
-
-	$preview->showPreview();
-} catch (\Exception $e) {
-	\OC_Response::setStatus(\OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-	\OCP\Util::writeLog('core', $e->getmessage(), \OCP\Util::DEBUG);
-}
diff --git a/apps/files_sharing/appinfo/routes.php b/apps/files_sharing/appinfo/routes.php
index 267e53829da..439d46253d4 100644
--- a/apps/files_sharing/appinfo/routes.php
+++ b/apps/files_sharing/appinfo/routes.php
@@ -39,6 +39,17 @@ $application->registerRoutes($this, [
 			'url' => '/testremote',
 			'verb' => 'GET'
 		],
+		[
+			'name' => 'PublicPreview#getPreview',
+			'url' => '/publicpreview',
+			'verb' => 'GET',
+		],
+
+		[
+			'name' => 'PublicPreview#getPreview',
+			'url' => '/ajax/publicpreview.php',
+			'verb' => 'GET',
+		],
 	],
 	'ocs' => [
 		/*
@@ -114,15 +125,8 @@ $application->registerRoutes($this, [
 ]);
 
 /** @var $this \OCP\Route\IRouter */
-$this->create('core_ajax_public_preview', '/publicpreview')->action(
-	function() {
-		require_once __DIR__ . '/../ajax/publicpreview.php';
-	});
-
 $this->create('files_sharing_ajax_list', 'ajax/list.php')
 	->actionInclude('files_sharing/ajax/list.php');
-$this->create('files_sharing_ajax_publicpreview', 'ajax/publicpreview.php')
-	->actionInclude('files_sharing/ajax/publicpreview.php');
 $this->create('sharing_external_shareinfo', '/shareinfo')
 	->actionInclude('files_sharing/ajax/shareinfo.php');
 
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php
new file mode 100644
index 00000000000..0c8a2c36c3d
--- /dev/null
+++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php
@@ -0,0 +1,108 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Files_Sharing\Controller;
+
+use OC\PreviewManager;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Http\FileDisplayResponse;
+use OCP\Constants;
+use OCP\Files\Folder;
+use OCP\Files\NotFoundException;
+use OCP\IRequest;
+use OCP\Share\Exceptions\ShareNotFound;
+use OCP\Share\IManager as ShareManager;
+
+class PublicPreviewController extends Controller {
+
+	/** @var ShareManager */
+	private $shareManager;
+
+	/** @var PreviewManager */
+	private $previewManager;
+
+	public function __construct($appName,
+								IRequest $request,
+								ShareManager $shareManger,
+								PreviewManager $previewManager) {
+		parent::__construct($appName, $request);
+
+		$this->shareManager = $shareManger;
+		$this->previewManager = $previewManager;
+	}
+
+	/**
+	 * @PublicPage
+	 * @NoCSRFRequired
+	 *
+	 * @param string $file
+	 * @param int $x
+	 * @param int $y
+	 * @param string $t
+	 * @param bool $a
+	 * @return DataResponse|FileDisplayResponse
+	 */
+	public function getPreview(
+		$file = '',
+		$x = 32,
+		$y = 32,
+		$t = '',
+		$a = false
+	) {
+
+		if ($t === '') {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+
+		if ($x === 0 || $y === 0) {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+
+		try {
+			$share = $this->shareManager->getShareByToken($t);
+		} catch (ShareNotFound $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
+		$node = $share->getNode();
+
+		if ($node instanceof Folder) {
+			try {
+				$file = $node->get($file);
+			} catch (NotFoundException $e) {
+				return new DataResponse([], Http::STATUS_NOT_FOUND);
+			}
+		} else {
+			$file = $node;
+		}
+
+		$f = $this->previewManager->getPreview($file, $x, $y, !$a);
+
+		return new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);
+	}
+}