| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * ownCloud - Richdocuments App | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @author Ashod Nakashian | 
					
						
							|  |  |  |  * @copyright 2016 Ashod Nakashian ashod.nakashian@collabora.co.uk | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This file is licensed under the Affero General Public License version 3 or | 
					
						
							|  |  |  |  * later. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace OCA\Richdocuments\Db; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use \OCA\Richdocuments\Download; | 
					
						
							|  |  |  | use \OCA\Richdocuments\DownloadResponse; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * @method string generateFileToken() | 
					
						
							|  |  |  |  * @method string getPathForToken() | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | class Wopi extends \OCA\Richdocuments\Db{ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	const DB_TABLE = '`*PREFIX*richdocuments_wopi`'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Tokens expire after this many seconds (not defined by WOPI specs).
 | 
					
						
							| 
									
										
										
										
											2016-04-05 14:20:05 +02:00
										 |  |  | 	const TOKEN_LIFETIME_SECONDS = 1800; | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	protected $tableName  = '`*PREFIX*richdocuments_wopi`'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	protected $insertStatement  = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`uid`, `fileid`, `path`, `token`, `expiry`) | 
					
						
							|  |  |  | 			VALUES (?, ?, ?, ?, ?)'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/* | 
					
						
							|  |  |  | 	 * Given a fileId, generates a token | 
					
						
							|  |  |  | 	 * and stores in the database. | 
					
						
							|  |  |  | 	 * Returns the token. | 
					
						
							|  |  |  | 	 */ | 
					
						
							|  |  |  | 	public function generateFileToken($fileId){ | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		// Get the FS view of the current user.
 | 
					
						
							|  |  |  | 		$view = \OC\Files\Filesystem::getView(); | 
					
						
							|  |  |  | 		// Get the virtual path (if the file is shared).
 | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 		$path = $view->getPath($fileId); | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if (!$view->is_file($path) || !$view->isUpdatable($path)) { | 
					
						
							|  |  |  | 			throw new \Exception('Invalid fileId.'); | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		// Figure out the real owner, if not us.
 | 
					
						
							|  |  |  | 		$user = $view->getOwner($path); | 
					
						
							|  |  |  | 		// Create a view into the owner's FS.
 | 
					
						
							|  |  |  | 		$view = new \OC\Files\View('/' . $user . '/'); | 
					
						
							|  |  |  | 		// Find the real path.
 | 
					
						
							|  |  |  | 		$path = $view->getPath($fileId); | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 		if (!$view->is_file($path)) { | 
					
						
							|  |  |  | 			throw new \Exception('Invalid fileId.'); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32, | 
					
						
							|  |  |  | 					\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . | 
					
						
							|  |  |  | 					\OCP\Security\ISecureRandom::CHAR_DIGITS); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		\OC::$server->getLogger()->debug('Issuing token for {user} file {fileId}: {token}', | 
					
						
							|  |  |  | 										 [ 'user' => $user, 'fileId' => $fileId, 'token' => $token ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$wopi = new \OCA\Richdocuments\Db\Wopi([ | 
					
						
							|  |  |  | 			$user, | 
					
						
							|  |  |  | 			$fileId, | 
					
						
							|  |  |  | 			$path, | 
					
						
							|  |  |  | 			$token, | 
					
						
							|  |  |  | 			time() + self::TOKEN_LIFETIME_SECONDS | 
					
						
							|  |  |  | 		]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if (!$wopi->insert()){ | 
					
						
							|  |  |  | 			throw new \Exception('Failed to add wopi token into database'); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		return $token; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/* | 
					
						
							|  |  |  | 	 * Given a token, validates it and | 
					
						
							|  |  |  | 	 * constructs and validates the path. | 
					
						
							|  |  |  | 	 * Returns the path, if valid, else false. | 
					
						
							|  |  |  | 	 */ | 
					
						
							|  |  |  | 	public function getPathForToken($fileId, $token){ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$wopi = new Wopi(); | 
					
						
							|  |  |  | 		$row = $wopi->loadBy('token', $token)->getData(); | 
					
						
							|  |  |  | 		\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]); | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if (count($row) == 0) | 
					
						
							|  |  |  | 		{ | 
					
						
							|  |  |  | 			// Invalid token.
 | 
					
						
							|  |  |  | 			http_response_code(401); | 
					
						
							|  |  |  | 			return false; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		//TODO: validate.
 | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if ($row['expiry'] > time()){ | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			// Expired token!
 | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 			//http_response_code(404);
 | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 			//$wopi->deleteBy('id', $row['id']);
 | 
					
						
							|  |  |  | 			//return false;
 | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-23 21:57:22 -04:00
										 |  |  | 		if ($row['fileid'] !== $fileId){ | 
					
						
							|  |  |  | 			// File unknown / user unauthorized (for the requested file).
 | 
					
						
							|  |  |  | 			http_response_code(404); | 
					
						
							|  |  |  | 			return false; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2016-03-08 21:15:44 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		$user = $row['uid']; | 
					
						
							|  |  |  | 		$view = new \OC\Files\View('/' . $user . '/'); | 
					
						
							|  |  |  | 		$path = $row['path']; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if (!$view->is_file($path)) { | 
					
						
							|  |  |  | 			throw new \Exception('Invalid file path.'); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		return array('user' => $user, 'path' => $path); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } |