| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | <?php | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * ownCloud - Richdocuments App | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @author Ashod Nakashian | 
					
						
							|  |  |  |  * @copyright 2016 Ashod Nakashian ashod.nakashian@collabora.co.uk | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This file is licensed under the Affero General Public License version 3 or | 
					
						
							|  |  |  |  * later. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace OCA\Richdocuments\Db; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use \OCA\Richdocuments\Download; | 
					
						
							|  |  |  | use \OCA\Richdocuments\DownloadResponse; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | class Wopi extends \OCA\Richdocuments\Db{ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	const DB_TABLE = '`*PREFIX*richdocuments_wopi`'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Tokens expire after this many seconds (not defined by WOPI specs).
 | 
					
						
							| 
									
										
										
										
											2016-04-05 14:20:05 +02:00
										 |  |  | 	const TOKEN_LIFETIME_SECONDS = 1800; | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	protected $tableName  = '`*PREFIX*richdocuments_wopi`'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-12-07 00:57:01 +01:00
										 |  |  | 	protected $insertStatement  = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`fileid`, `owner_uid`, `editor_uid`, `version`, `canwrite`, `server_host`, `token`, `expiry`) | 
					
						
							|  |  |  | 			VALUES (?, ?, ?, ?, ?, ?, ?, ?)'; | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-12-07 00:57:01 +01:00
										 |  |  | 	public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost) { | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 		$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32, | 
					
						
							|  |  |  | 					\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . | 
					
						
							|  |  |  | 					\OCP\Security\ISecureRandom::CHAR_DIGITS); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$wopi = new \OCA\Richdocuments\Db\Wopi([ | 
					
						
							| 
									
										
										
										
											2016-12-07 00:57:01 +01:00
										 |  |  | 			$fileId, | 
					
						
							| 
									
										
										
										
											2016-06-18 20:43:00 -04:00
										 |  |  | 			$owner, | 
					
						
							|  |  |  | 			$editor, | 
					
						
							| 
									
										
										
										
											2016-06-26 20:51:06 +05:30
										 |  |  | 			$version, | 
					
						
							| 
									
										
										
										
											2016-10-19 20:58:10 +05:30
										 |  |  | 			$updatable, | 
					
						
							| 
									
										
										
										
											2016-10-26 18:59:27 +05:30
										 |  |  | 			$serverHost, | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			$token, | 
					
						
							|  |  |  | 			time() + self::TOKEN_LIFETIME_SECONDS | 
					
						
							|  |  |  | 		]); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-12-07 00:57:01 +01:00
										 |  |  | 		if (!$wopi->insert()) { | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			throw new \Exception('Failed to add wopi token into database'); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		return $token; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/* | 
					
						
							|  |  |  | 	 * Given a token, validates it and | 
					
						
							|  |  |  | 	 * constructs and validates the path. | 
					
						
							|  |  |  | 	 * Returns the path, if valid, else false. | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2016-06-26 20:51:06 +05:30
										 |  |  | 	public function getPathForToken($fileId, $version, $token){ | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		$wopi = new Wopi(); | 
					
						
							|  |  |  | 		$row = $wopi->loadBy('token', $token)->getData(); | 
					
						
							|  |  |  | 		\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]); | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if (count($row) == 0) | 
					
						
							|  |  |  | 		{ | 
					
						
							|  |  |  | 			// Invalid token.
 | 
					
						
							|  |  |  | 			http_response_code(401); | 
					
						
							|  |  |  | 			return false; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		//TODO: validate.
 | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if ($row['expiry'] > time()){ | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			// Expired token!
 | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 			//http_response_code(404);
 | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			//$wopi->deleteBy('id', $row['id']);
 | 
					
						
							|  |  |  | 			//return false;
 | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-07-19 15:04:32 +02:00
										 |  |  | 		if ($row['fileid'] != $fileId || $row['version'] != $version){ | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 			// File unknown / user unauthorized (for the requested file).
 | 
					
						
							|  |  |  | 			http_response_code(404); | 
					
						
							|  |  |  | 			return false; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-10-19 20:58:10 +05:30
										 |  |  | 		return array( | 
					
						
							|  |  |  | 			'owner' => $row['owner_uid'], | 
					
						
							|  |  |  | 			'editor' => $row['editor_uid'], | 
					
						
							|  |  |  | 			'path' => $row['path'], | 
					
						
							| 
									
										
										
										
											2016-10-26 18:59:27 +05:30
										 |  |  | 			'canwrite' => $row['canwrite'], | 
					
						
							|  |  |  | 			'server_host' => $row['server_host'] | 
					
						
							| 
									
										
										
										
											2016-10-19 20:58:10 +05:30
										 |  |  | 		); | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 	} | 
					
						
							|  |  |  | } |