Direct editing API to allow file editing using a one-time token for

mobile apps

Signed-off-by: Julius Härtl <jus@bitgrid.net>

2 files changed, 308 insertions, 0 deletions

diff --git a/lib/private/DirectEditing/Manager.php b/lib/private/DirectEditing/Manager.php
new file mode 100644
index 00000000000..085a7de557a
--- /dev/null
+++ b/lib/private/DirectEditing/Manager.php
@@ -0,0 +1,232 @@
+<?php
+/**
+ * @copyright Copyright (c) 2019 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\DirectEditing;
+
+use Doctrine\DBAL\FetchMode;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Http\Response;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\DirectEditing\ACreateFromTemplate;
+use OCP\DirectEditing\IEditor;
+use \OCP\DirectEditing\IManager;
+use OCP\DirectEditing\IToken;
+use OCP\Files\File;
+use OCP\Files\IRootFolder;
+use OCP\Files\NotFoundException;
+use OCP\IDBConnection;
+use OCP\IUserSession;
+use OCP\Security\ISecureRandom;
+use OCP\Share\IShare;
+
+class Manager implements IManager {
+
+	private const TOKEN_CLEANUP_TIME = 12 * 60 * 60 ;
+
+	public const TABLE_TOKENS = 'direct_edit';
+
+	/** @var IEditor[] */
+	private $editors;
+
+	/** @var IDBConnection */
+	private $connection;
+	/**
+	 * @var ISecureRandom
+	 */
+	private $random;
+	private $userId;
+	private $rootFolder;
+
+	public function __construct(
+		ISecureRandom $random,
+		IDBConnection $connection,
+		IUserSession $userSession,
+		IRootFolder $rootFolder
+	) {
+		$this->random = $random;
+		$this->connection = $connection;
+		$this->userId = $userSession->getUser() ? $userSession->getUser()->getUID() : null;
+		$this->rootFolder = $rootFolder;
+	}
+
+	public function registerDirectEditor(IEditor $directEditor): void {
+		$this->editors[$directEditor->getId()] = $directEditor;
+	}
+
+	public function getEditors(): array {
+		return $this->editors;
+	}
+
+	public function getTemplates(string $editor, string $type): array {
+		if (!array_key_exists($editor, $this->editors)) {
+			throw new \RuntimeException('No matching editor found');
+		}
+		$templates = [];
+		foreach ($this->editors[$editor]->getCreators() as $creator) {
+			if ($creator instanceof ACreateFromTemplate && $creator->getId() === $type) {
+				$templates = $creator->getTemplates();
+			}
+		}
+		return $templates;
+	}
+
+	public function create(string $path, string $editorId, string $creatorId, $templateId = null): string {
+		$userFolder = $this->rootFolder->getUserFolder($this->userId);
+		$file = $userFolder->newFile($path);
+		$editor = $this->getEditor($editorId);
+		$creators = $editor->getCreators();
+		foreach ($creators as $creator) {
+			if ($creator->getId() === $creatorId) {
+				$creator->create($file, $creatorId, $templateId);
+				return $this->createToken($editorId, $file);
+			}
+		}
+		throw new \RuntimeException('No creator found');
+	}
+
+	public function open(int $fileId, string $editorId = null): string {
+		$file = $this->rootFolder->getUserFolder($this->userId)->getById($fileId);
+		if (count($file) === 0 || !($file[0] instanceof File) || $file === null) {
+			throw new NotFoundException();
+		}
+		/** @var File $file */
+		$file = $file[0];
+
+		if ($editorId === null) {
+			$editorId = $this->findEditorForFile($file);
+		}
+
+		return $this->createToken($editorId, $file);
+	}
+
+	private function findEditorForFile(File $file) {
+		foreach ($this->editors as $editor) {
+			if (in_array($file->getMimeType(), $editor->getMimetypes())) {
+				return $editor->getId();
+			}
+		}
+		throw new \RuntimeException('No default editor found for files mimetype');
+	}
+
+	public function edit(string $token): Response {
+		try {
+			/** @var IEditor $editor */
+			$tokenObject = $this->getToken($token);
+			if ($tokenObject->hasBeenAccessed()) {
+				throw new \RuntimeException('Token has already been used and can only be used for followup requests');
+			}
+			$editor = $this->getEditor($tokenObject->getEditor());
+			$this->accessToken($token);
+
+		} catch (\Throwable $throwable) {
+			$this->invalidateToken($token);
+			return new NotFoundResponse();
+		}
+		return $editor->open($tokenObject);
+	}
+
+	public function editSecure(File $file, string $editorId): TemplateResponse {
+		// TODO: Implementation in follow up
+	}
+
+	private function getEditor($editorId): IEditor {
+		if (!array_key_exists($editorId, $this->editors)) {
+			throw new \RuntimeException('No editor found');
+		}
+		return $this->editors[$editorId];
+	}
+
+	public function getToken(string $token): IToken {
+		$query = $this->connection->getQueryBuilder();
+		$query->select('*')->from(self::TABLE_TOKENS)
+			->where($query->expr()->eq('token', $query->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
+		$result = $query->execute();
+		if ($tokenRow = $result->fetch(FetchMode::ASSOCIATIVE)) {
+			return new Token($this, $tokenRow);
+		}
+		throw new \RuntimeException('Failed to validate the token');
+	}
+
+	public function cleanup(): int {
+		$query = $this->connection->getQueryBuilder();
+		$query->delete(self::TABLE_TOKENS)
+			->where($query->expr()->lt('timestamp', $query->createNamedParameter(time() - self::TOKEN_CLEANUP_TIME)));
+		return $query->execute();
+	}
+
+	public function refreshToken(string $token): bool {
+		$query = $this->connection->getQueryBuilder();
+		$query->update(self::TABLE_TOKENS)
+			->set('timestamp', $query->createNamedParameter(time(), IQueryBuilder::PARAM_INT))
+			->where($query->expr()->eq('token', $query->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
+		$result = $query->execute();
+		return $result !== 0;
+	}
+
+
+	public function invalidateToken(string $token): bool {
+		$query = $this->connection->getQueryBuilder();
+		$query->delete(self::TABLE_TOKENS)
+			->where($query->expr()->eq('token', $query->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
+		$result = $query->execute();
+		return $result !== 0;
+	}
+
+	public function accessToken(string $token): bool {
+		$query = $this->connection->getQueryBuilder();
+		$query->update(self::TABLE_TOKENS)
+			->set('accessed', $query->createNamedParameter(true, IQueryBuilder::PARAM_BOOL))
+			->set('timestamp', $query->createNamedParameter(time(), IQueryBuilder::PARAM_INT))
+			->where($query->expr()->eq('token', $query->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
+		$result = $query->execute();
+		return $result !== 0;
+	}
+
+	public function invokeTokenScope($userId): void {
+		\OC_User::setIncognitoMode(true);
+		\OC_User::setUserId($userId);
+	}
+
+	public function createToken($editorId, File $file, IShare $share = null): string {
+		$token = $this->random->generate(64, ISecureRandom::CHAR_HUMAN_READABLE);
+		$query = $this->connection->getQueryBuilder();
+		$query->insert(self::TABLE_TOKENS)
+			->values([
+				'token' => $query->createNamedParameter($token),
+				'editor_id' => $query->createNamedParameter($editorId),
+				'file_id' => $query->createNamedParameter($file->getId()),
+				'user_id' => $query->createNamedParameter($this->userId),
+				'share_id' => $query->createNamedParameter($share !== null ? $share->getId(): null),
+				'timestamp' => $query->createNamedParameter(time())
+			]);
+		$query->execute();
+		return $token;
+	}
+
+	public function getFileForToken($userId, $fileId) {
+		$userFolder = $this->rootFolder->getUserFolder($userId);
+		return $userFolder->getById($fileId)[0];
+	}
+
+}
diff --git a/lib/private/DirectEditing/Token.php b/lib/private/DirectEditing/Token.php
new file mode 100644
index 00000000000..946699900b7
--- /dev/null
+++ b/lib/private/DirectEditing/Token.php
@@ -0,0 +1,76 @@
+<?php
+/**
+ * @copyright Copyright (c) 2019 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\DirectEditing;
+
+
+use OCP\DirectEditing\IToken;
+use OCP\Files\File;
+
+class Token implements IToken {
+
+	/** @var Manager */
+	private $manager;
+	private $data;
+
+	public function __construct(Manager $manager, $data) {
+		$this->manager = $manager;
+		$this->data = $data;
+	}
+
+	public function extend(): void {
+		$this->manager->refreshToken($this->data['token']);
+	}
+
+	public function invalidate(): void {
+		$this->manager->invalidateToken($this->data['token']);
+	}
+
+	public function getFile(): File {
+		if ($this->data['share_id'] !== null) {
+			return $this->manager->getShareForToken($this->data['share_id']);
+		}
+		return $this->manager->getFileForToken($this->data['user_id'], $this->data['file_id']);
+	}
+
+	public function getToken(): string {
+		return $this->data['token'];
+	}
+
+	public function useTokenScope(): void {
+		$this->manager->invokeTokenScope($this->data['user_id']);
+	}
+
+	public function hasBeenAccessed(): bool {
+		return $this->data['accessed'] === '1';
+	}
+
+	public function getEditor(): string {
+		return $this->data['editor_id'];
+	}
+
+	public function getUser(): string {
+		return $this->data['user_id'];
+	}
+
+}