2015-08-23 22:38:18 +02:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* @file mod/dav.php
|
|
|
|
|
* @brief Initialize Hubzilla's cloud (SabreDAV).
|
|
|
|
|
*
|
|
|
|
|
* Module for accessing the DAV storage area from a DAV client.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
use Sabre\DAV;
|
2016-03-20 08:06:33 +01:00
|
|
|
use Zotlabs\Storage;
|
2015-08-23 22:38:18 +02:00
|
|
|
|
|
|
|
|
// composer autoloader for SabreDAV
|
|
|
|
|
require_once('vendor/autoload.php');
|
|
|
|
|
|
|
|
|
|
// workaround for HTTP-auth in CGI mode
|
|
|
|
|
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
|
|
|
|
|
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
|
|
|
|
|
if(strlen($userpass)) {
|
|
|
|
|
list($name, $password) = explode(':', $userpass);
|
|
|
|
|
$_SERVER['PHP_AUTH_USER'] = $name;
|
|
|
|
|
$_SERVER['PHP_AUTH_PW'] = $password;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
|
|
|
|
|
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
|
|
|
|
|
if(strlen($userpass)) {
|
|
|
|
|
list($name, $password) = explode(':', $userpass);
|
|
|
|
|
$_SERVER['PHP_AUTH_USER'] = $name;
|
|
|
|
|
$_SERVER['PHP_AUTH_PW'] = $password;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Fires up the SabreDAV server.
|
|
|
|
|
*
|
|
|
|
|
* @param App &$a
|
|
|
|
|
*/
|
|
|
|
|
function dav_init(&$a) {
|
|
|
|
|
|
|
|
|
|
require_once('include/reddav.php');
|
|
|
|
|
|
|
|
|
|
if (! is_dir('store'))
|
|
|
|
|
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
|
|
|
|
|
|
|
|
|
|
$which = null;
|
|
|
|
|
if (argc() > 1)
|
|
|
|
|
$which = argv(1);
|
|
|
|
|
|
|
|
|
|
$profile = 0;
|
|
|
|
|
|
|
|
|
|
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n";
|
|
|
|
|
|
|
|
|
|
if ($which)
|
|
|
|
|
profile_load($a, $which, $profile);
|
|
|
|
|
|
2016-03-20 08:06:33 +01:00
|
|
|
$auth = new Zotlabs\Storage\BasicAuth();
|
2015-08-23 22:38:18 +02:00
|
|
|
|
|
|
|
|
$ob_hash = get_observer_hash();
|
|
|
|
|
|
|
|
|
|
if ($ob_hash) {
|
|
|
|
|
if (local_channel()) {
|
|
|
|
|
$channel = $a->get_channel();
|
|
|
|
|
$auth->setCurrentUser($channel['channel_address']);
|
|
|
|
|
$auth->channel_id = $channel['channel_id'];
|
|
|
|
|
$auth->channel_hash = $channel['channel_hash'];
|
|
|
|
|
$auth->channel_account_id = $channel['channel_account_id'];
|
|
|
|
|
if($channel['channel_timezone'])
|
|
|
|
|
$auth->setTimezone($channel['channel_timezone']);
|
|
|
|
|
}
|
|
|
|
|
$auth->observer = $ob_hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($_GET['davguest'])
|
|
|
|
|
$_SESSION['davguest'] = true;
|
|
|
|
|
|
|
|
|
|
$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
|
|
|
|
|
$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
|
|
|
|
|
$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
|
|
|
|
|
|
|
|
|
|
$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
|
|
|
|
|
$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
|
|
|
|
|
$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
|
|
|
|
|
|
2016-03-20 08:06:33 +01:00
|
|
|
$rootDirectory = new Zotlabs\Storage\Directory('/', $auth);
|
2015-08-23 22:38:18 +02:00
|
|
|
|
|
|
|
|
// A SabreDAV server-object
|
|
|
|
|
$server = new DAV\Server($rootDirectory);
|
|
|
|
|
// prevent overwriting changes each other with a lock backend
|
|
|
|
|
$lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
|
|
|
|
|
$lockPlugin = new DAV\Locks\Plugin($lockBackend);
|
|
|
|
|
|
|
|
|
|
$server->addPlugin($lockPlugin);
|
|
|
|
|
|
|
|
|
|
// The next section of code allows us to bypass prompting for http-auth if a
|
|
|
|
|
// FILE is being accessed anonymously and permissions allow this. This way
|
|
|
|
|
// one can create hotlinks to public media files in their cloud and anonymous
|
|
|
|
|
// viewers won't get asked to login.
|
|
|
|
|
// If a DIRECTORY is accessed or there are permission issues accessing the
|
|
|
|
|
// file and we aren't previously authenticated via zot, prompt for HTTP-auth.
|
|
|
|
|
// This will be the default case for mounting a DAV directory.
|
|
|
|
|
// In order to avoid prompting for passwords for viewing a DIRECTORY, add
|
|
|
|
|
// the URL query parameter 'davguest=1'.
|
|
|
|
|
|
|
|
|
|
$isapublic_file = false;
|
|
|
|
|
$davguest = ((x($_SESSION, 'davguest')) ? true : false);
|
|
|
|
|
|
|
|
|
|
if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
|
|
|
|
|
try {
|
|
|
|
|
$x = RedFileData('/' . $a->cmd, $auth);
|
2016-03-20 08:06:33 +01:00
|
|
|
if($x instanceof Zotlabs\Storage\File)
|
2015-08-23 22:38:18 +02:00
|
|
|
$isapublic_file = true;
|
|
|
|
|
}
|
|
|
|
|
catch (Exception $e) {
|
|
|
|
|
$isapublic_file = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
|
|
|
|
|
try {
|
|
|
|
|
$auth->Authenticate($server, t('$Projectname channel'));
|
|
|
|
|
}
|
|
|
|
|
catch (Exception $e) {
|
|
|
|
|
logger('mod_cloud: auth exception' . $e->getMessage());
|
|
|
|
|
http_status_exit($e->getHTTPCode(), $e->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-20 08:06:33 +01:00
|
|
|
// require_once('Zotlabs/Storage/Browser.php');
|
2015-08-23 22:38:18 +02:00
|
|
|
// provide a directory view for the cloud in Hubzilla
|
2016-03-20 08:06:33 +01:00
|
|
|
$browser = new Zotlabs\Storage\Browser($auth);
|
2015-08-23 22:38:18 +02:00
|
|
|
$auth->setBrowserPlugin($browser);
|
|
|
|
|
|
|
|
|
|
// Experimental QuotaPlugin
|
2016-03-20 08:06:33 +01:00
|
|
|
// require_once('Zotlabs/Storage/QuotaPlugin.php');
|
|
|
|
|
// $server->addPlugin(new Zotlabs\Storage\QuotaPlugin($auth));
|
2015-08-23 22:38:18 +02:00
|
|
|
|
|
|
|
|
// All we need to do now, is to fire up the server
|
|
|
|
|
$server->exec();
|
|
|
|
|
|
|
|
|
|
killme();
|
|
|
|
|
}
|
