diff options
author | Louis Chemineau <louis@chmn.me> | 2022-09-28 23:20:53 +0200 |
---|---|---|
committer | Louis Chemineau <louis@chmn.me> | 2022-10-10 12:23:52 +0200 |
commit | 142fe8363862a750bfa6cf728ba7f81fa2e3b683 (patch) | |
tree | 65909778a8ad63ce2be356d1f8b4340f9fd4fe3b | |
parent | a2890b03e795184863e4252fd535fa6037b86235 (diff) |
Make public pages work
Signed-off-by: Louis Chemineau <louis@chmn.me>
29 files changed, 509 insertions, 182 deletions
diff --git a/appinfo/info.xml b/appinfo/info.xml index 8fed5560..dad0ef31 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -10,9 +10,10 @@ <author mail="skjnldsv@protonmail.com">John Molakvoæ</author> <namespace>Photos</namespace> <category>multimedia</category> - <types> - <dav/> - </types> + <types> + <dav /> + <authentication /> + </types> <website>https://github.com/nextcloud/photos</website> <bugs>https://github.com/nextcloud/photos/issues</bugs> @@ -29,12 +30,13 @@ </navigation> </navigations> - <sabre> - <collections> - <collection>OCA\Photos\Sabre\RootCollection</collection> - </collections> - <plugins> - <plugin>OCA\Photos\Sabre\Album\PropFindPlugin</plugin> - </plugins> - </sabre> + <sabre> + <collections> + <collection>OCA\Photos\Sabre\RootCollection</collection> + <collection>OCA\Photos\Sabre\PublicRootCollection</collection> + </collections> + <plugins> + <plugin>OCA\Photos\Sabre\Album\PropFindPlugin</plugin> + </plugins> + </sabre> </info> diff --git a/appinfo/routes.php b/appinfo/routes.php index 5ae06249..db37ad4c 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -46,10 +46,7 @@ return [ 'path' => '', ] ], - [ 'name' => 'publicAlbum#get', 'url' => '/public/{ownerId}/{token}', 'verb' => 'GET', - 'requirements' => [ - 'ownerId' => '.*', - ], + [ 'name' => 'publicAlbum#get', 'url' => '/public/{token}', 'verb' => 'GET', 'requirements' => [ 'token' => '.*', ], @@ -132,5 +129,14 @@ return [ 'fileId' => '.*', ] ], + + [ + 'name' => 'publicPreview#index', + 'url' => '/api/v1/publicPreview/{fileId}', + 'verb' => 'GET', + 'requirements' => [ + 'fileId' => '.*', + ] + ], ] ]; diff --git a/lib/Album/AlbumMapper.php b/lib/Album/AlbumMapper.php index baf1a728..5514d869 100644 --- a/lib/Album/AlbumMapper.php +++ b/lib/Album/AlbumMapper.php @@ -362,7 +362,7 @@ class AlbumMapper { } break; case self::TYPE_LINK: - $collaborator['id'] = $this->random->generate(15, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS); + $collaborator['id'] = $this->random->generate(32, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS); break; default: throw new \Exception('Invalid collaborator type: ' . $collaborator['type']); @@ -420,7 +420,13 @@ class AlbumMapper { } if (!isset($albumsById[$albumId])) { - $albumsById[$albumId] = new AlbumInfo($albumId, $row['album_user'], $row['album_name'].' ('.$row['album_user'].')', $row['location'], (int)$row['created'], (int)$row['last_added_photo']); + $albumName = $row['album_name']; + // Suffix album name with the album owner to prevent duplicates. + // Not done for public link as it would like owner's uid. + if ($collaboratorType !== self::TYPE_LINK) { + $row['album_name'].' ('.$row['album_user'].')'; + } + $albumsById[$albumId] = new AlbumInfo($albumId, $row['album_user'], $albumName, $row['location'], (int)$row['created'], (int)$row['last_added_photo']); } } @@ -452,7 +458,7 @@ class AlbumMapper { * @param int $fileId * @return AlbumInfo[] */ - public function getAlbumForCollaboratorIdAndFileId(string $collaboratorId, int $collaboratorType, int $fileId): array { + public function getAlbumsForCollaboratorIdAndFileId(string $collaboratorId, int $collaboratorType, int $fileId): array { $query = $this->connection->getQueryBuilder(); $rows = $query ->select("a.album_id", "name", "user", "location", "created", "last_added_photo") diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 608c0f23..4a1dc328 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -25,6 +25,8 @@ declare(strict_types=1); namespace OCA\Photos\AppInfo; +use OCA\DAV\Events\SabrePluginAuthInitEvent; +use OCA\Photos\Listener\SabrePluginAuthInitListener; use OCA\DAV\Connector\Sabre\Principal; use OCA\Photos\Listener\CacheEntryRemovedListener; use OCP\AppFramework\App; @@ -64,6 +66,7 @@ class Application extends App implements IBootstrap { /** Register $principalBackend for the DAV collection */ $context->registerServiceAlias('principalBackend', Principal::class); $context->registerEventListener(CacheEntryRemovedEvent::class, CacheEntryRemovedListener::class); + $context->registerEventListener(SabrePluginAuthInitEvent::class, SabrePluginAuthInitListener::class); } public function boot(IBootContext $context): void { diff --git a/lib/Controller/PreviewController.php b/lib/Controller/PreviewController.php index 48f79e2d..d84ea879 100644 --- a/lib/Controller/PreviewController.php +++ b/lib/Controller/PreviewController.php @@ -43,16 +43,16 @@ use OCP\IUserSession; class PreviewController extends Controller { private IUserSession $userSession; - private Folder $userFolder; + private ?Folder $userFolder; private IRootFolder $rootFolder; - private AlbumMapper $albumMapper; + protected AlbumMapper $albumMapper; private IPreview $preview; private IGroupManager $groupManager; public function __construct( IRequest $request, IUserSession $userSession, - Folder $userFolder, + ?Folder $userFolder, IRootFolder $rootFolder, AlbumMapper $albumMapper, IPreview $preview, @@ -67,7 +67,6 @@ class PreviewController extends Controller { $this->preview = $preview; $this->groupManager = $groupManager; } - /** * @NoAdminRequired * @NoCSRFRequired @@ -85,25 +84,35 @@ class PreviewController extends Controller { } $user = $this->userSession->getUser(); + + if ($user === null || $this->userFolder === null) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + $nodes = $this->userFolder->getById($fileId); + /** @var \OCA\Photos\Album\AlbumInfo[] */ + $checkedAlbums = []; if (\count($nodes) === 0) { - $albums = $this->albumMapper->getForUserAndFile($user->getUID(), $fileId); - $receivedAlbums = $this->albumMapper->getAlbumForCollaboratorIdAndFileId($user->getUID(), AlbumMapper::TYPE_USER, $fileId); - $albums = array_merge($albums, $receivedAlbums); + $albumsOfCurrentUser = $this->albumMapper->getForUserAndFile($user->getUID(), $fileId); + $nodes = $this->getFileIdForAlbums($fileId, $albumsOfCurrentUser); + $checkedAlbums = $albumsOfCurrentUser; + } + + if (\count($nodes) === 0) { + $receivedAlbums = $this->albumMapper->getAlbumsForCollaboratorIdAndFileId($user->getUID(), AlbumMapper::TYPE_USER, $fileId); + $receivedAlbums = array_udiff($checkedAlbums, $receivedAlbums, fn ($a, $b) => strcmp($a->getId(), $b->getId())); + $nodes = $this->getFileIdForAlbums($fileId, $receivedAlbums); + $checkedAlbums = array_merge($checkedAlbums, $receivedAlbums); + } + if (\count($nodes) === 0) { $userGroups = $this->groupManager->getUserGroupIds($user); foreach ($userGroups as $groupId) { - $albumsForGroup = $this->albumMapper->getAlbumForCollaboratorIdAndFileId($groupId, AlbumMapper::TYPE_GROUP, $fileId); - $albumsForGroup = array_udiff($albumsForGroup, $albums, fn ($a, $b) => $a->getId() - $b->getId()); - $albums = array_merge($albums, $albumsForGroup); - } - - foreach ($albums as $album) { - $albumFile = $this->albumMapper->getForAlbumIdAndFileId($album->getId(), $fileId); - $nodes = $this->rootFolder - ->getUserFolder($albumFile->getOwner()) - ->getById($fileId); + $albumsForGroup = $this->albumMapper->getAlbumsForCollaboratorIdAndFileId($groupId, AlbumMapper::TYPE_GROUP, $fileId); + $albumsForGroup = array_udiff($checkedAlbums, $albumsForGroup, fn ($a, $b) => strcmp($a->getId(), $b->getId())); + $nodes = $this->getFileIdForAlbums($fileId, $albumsForGroup); + $checkedAlbums = array_merge($checkedAlbums, $receivedAlbums); if (\count($nodes) !== 0) { break; } @@ -119,10 +128,25 @@ class PreviewController extends Controller { return $this->fetchPreview($node, $x, $y); } + + protected function getFileIdForAlbums($fileId, $albums) { + foreach ($albums as $album) { + $albumFile = $this->albumMapper->getForAlbumIdAndFileId($album->getId(), $fileId); + $nodes = $this->rootFolder + ->getUserFolder($albumFile->getOwner()) + ->getById($fileId); + if (\count($nodes) !== 0) { + return $nodes; + } + } + + return []; + } + /** * @return DataResponse|FileDisplayResponse */ - private function fetchPreview( + protected function fetchPreview( Node $node, int $x, int $y diff --git a/lib/Controller/PublicAlbumController.php b/lib/Controller/PublicAlbumController.php index d5ccd3cc..6477c1f3 100644 --- a/lib/Controller/PublicAlbumController.php +++ b/lib/Controller/PublicAlbumController.php @@ -25,36 +25,27 @@ namespace OCA\Photos\Controller; use OCP\AppFramework\Controller; -use OCA\Files\Event\LoadSidebar; use OCA\Photos\AppInfo\Application; -use OCA\Photos\Service\UserConfigService; use OCA\Viewer\Event\LoadViewer; -use OCP\App\IAppManager; use OCP\AppFramework\Http\ContentSecurityPolicy; -use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Http\Template\PublicTemplateResponse; use OCP\EventDispatcher\IEventDispatcher; use OCP\AppFramework\Services\IInitialState; use OCP\IRequest; use OCP\Util; class PublicAlbumController extends Controller { - private IAppManager $appManager; private IEventDispatcher $eventDispatcher; - private UserConfigService $userConfig; private IInitialState $initialState; public function __construct( IRequest $request, - IAppManager $appManager, IEventDispatcher $eventDispatcher, - UserConfigService $userConfig, - IInitialState $initialState, + IInitialState $initialState ) { parent::__construct(Application::APP_ID, $request); - $this->appManager = $appManager; $this->eventDispatcher = $eventDispatcher; - $this->userConfig = $userConfig; $this->initialState = $initialState; } @@ -62,7 +53,7 @@ class PublicAlbumController extends Controller { * @PublicPage * @NoCSRFRequired */ - public function get(): TemplateResponse { + public function get(): PublicTemplateResponse { $this->eventDispatcher->dispatch(LoadViewer::class, new LoadViewer()); $this->initialState->provideInitialState('image-mimes', Application::IMAGE_MIMES); @@ -74,7 +65,7 @@ class PublicAlbumController extends Controller { Util::addScript(Application::APP_ID, 'photos-public'); Util::addStyle(Application::APP_ID, 'icons'); - $response = new TemplateResponse(Application::APP_ID, 'main'); + $response = new PublicTemplateResponse(Application::APP_ID, 'public'); $policy = new ContentSecurityPolicy(); $policy->addAllowedWorkerSrcDomain("'self'"); diff --git a/lib/Controller/PublicPreviewController.php b/lib/Controller/PublicPreviewController.php new file mode 100644 index 00000000..f18811dd --- /dev/null +++ b/lib/Controller/PublicPreviewController.php @@ -0,0 +1,67 @@ +<?php + +declare(strict_types=1); +/** + * @copyright Copyright (c) 2022, Louis Chmn <louis@chmn.me> + * + * @author Louis Chmn <louis@chmn.me> + * + * @license AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Photos\Controller; + +use OCA\Photos\Album\AlbumMapper; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Http\FileDisplayResponse; + +class PublicPreviewController extends PreviewController { + /** + * @NoAdminRequired + * @NoCSRFRequired + * @PublicPage + * Render default index template + * + * @return DataResponse|FileDisplayResponse + */ + public function index( + int $fileId = -1, + int $x = 32, + int $y = 32, + string $token = null + ) { + if ($fileId === -1 || $x === 0 || $y === 0) { + return new DataResponse([], Http::STATUS_BAD_REQUEST); + } + + if ($token === null) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + + $publicAlbums = $this->albumMapper->getAlbumsForCollaboratorIdAndFileId($token, AlbumMapper::TYPE_LINK, $fileId); + $nodes = $this->getFileIdForAlbums($fileId, $publicAlbums); + + if (\count($nodes) === 0) { + return new DataResponse([], Http::STATUS_NOT_FOUND); + } + + $node = array_pop($nodes); + + return $this->fetchPreview($node, $x, $y); + } +} diff --git a/lib/Listener/SabrePluginAuthInitListener.php b/lib/Listener/SabrePluginAuthInitListener.php new file mode 100644 index 00000000..ec6a3784 --- /dev/null +++ b/lib/Listener/SabrePluginAuthInitListener.php @@ -0,0 +1,49 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2022, Louis Chmn <louis@chmn.me> + * + * @author Louis Chmn <louis@chmn.me> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OCA\Photos\Listener; + +use OCA\DAV\Events\SabrePluginAuthInitEvent; +use OCA\Photos\Sabre\PublicAlbumAuthBackend; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; + +class SabrePluginAuthInitListener implements IEventListener { + private PublicAlbumAuthBackend $publicAlbumAuthBackend; + + public function __construct(PublicAlbumAuthBackend $publicAlbumAuthBackend) { + $this->publicAlbumAuthBackend = $publicAlbumAuthBackend; + } + + public function handle(Event $event): void { + if (!($event instanceof SabrePluginAuthInitEvent)) { + return; + } + + $server = $event->getServer(); + $authPlugin = $server->getPlugin('auth'); + $authPlugin->addBackend($this->publicAlbumAuthBackend); + } +} diff --git a/lib/Sabre/Album/AlbumPhoto.php b/lib/Sabre/Album/AlbumPhoto.php index a5e51bff..832bcb97 100644 --- a/lib/Sabre/Album/AlbumPhoto.php +++ b/lib/Sabre/Album/AlbumPhoto.php @@ -137,6 +137,9 @@ class AlbumPhoto implements IFile { public function isFavorite(): bool { $tagManager = \OCP\Server::get(\OCP\ITagManager::class); $tagger = $tagManager->load('files'); + if ($tagger === null) { + return false; + } $tags = $tagger->getTagsForObjects([$this->getFileId()]); if ($tags === false || empty($tags)) { diff --git a/lib/Sabre/Album/AlbumRoot.php b/lib/Sabre/Album/AlbumRoot.php index f63f8823..f6d10b0f 100644 --- a/lib/Sabre/Album/AlbumRoot.php +++ b/lib/Sabre/Album/AlbumRoot.php @@ -31,7 +31,6 @@ use OCA\Photos\Service\UserConfigService; use OCP\Files\Folder; use OCP\Files\IRootFolder; use OCP\Files\NotFoundException; -use OCP\IUser; use Sabre\DAV\Exception\Conflict; use Sabre\DAV\Exception\Forbidden; use Sabre\DAV\Exception\NotFound; @@ -43,22 +42,19 @@ class AlbumRoot implements ICollection, ICopyTarget { protected AlbumMapper $albumMapper; protected AlbumWithFiles $album; protected IRootFolder $rootFolder; - protected Folder $userFolder; - protected IUser $user; + protected string $userId; public function __construct( AlbumMapper $albumMapper, AlbumWithFiles $album, IRootFolder $rootFolder, - Folder $userFolder, - IUser $user, + string $userId, UserConfigService $userConfigService ) { $this->albumMapper = $albumMapper; $this->album = $album; $this->rootFolder = $rootFolder; - $this->userFolder = $userFolder; - $this->user = $user; + $this->userId = $userId; $this->userConfigService = $userConfigService; } @@ -82,7 +78,7 @@ class AlbumRoot implements ICollection, ICopyTarget { protected function getPhotosLocationInfo() { $photosLocation = $this->userConfigService->getUserConfig('photosLocation'); - $userFolder = $this->rootFolder->getUserFolder($this->user->getUID()); + $userFolder = $this->rootFolder->getUserFolder($this->userId); return [$photosLocation, $userFolder]; } @@ -98,12 +94,12 @@ class AlbumRoot implements ICollection, ICopyTarget { try { [$photosLocation, $userFolder] = $this->getPhotosLocationInfo(); - // If the folder does not exists, create it. + // If the folder does not exists, create it. if (!$userFolder->nodeExists($photosLocation)) { return $userFolder->newFolder($photosLocation); } - $photosFolder = $this->userFolder->get($photosLocation); + $photosFolder = $userFolder->get($photosLocation); if (!($photosFolder instanceof Folder)) { throw new Conflict('The destination exists and is not a folder'); @@ -159,23 +155,22 @@ class AlbumRoot implements ICollection, ICopyTarget { } public function copyInto($targetName, $sourcePath, INode $sourceNode): bool { - $uid = $this->user->getUID(); if ($sourceNode instanceof File) { $sourceId = $sourceNode->getId(); $ownerUID = $sourceNode->getFileInfo()->getOwner()->getUID(); return $this->addFile($sourceId, $ownerUID); } + $uid = $this->userId; throw new \Exception("Can't add file to album, only files from $uid can be added"); } protected function addFile(int $sourceId, string $ownerUID): bool { - $uid = $this->user->getUID(); if (in_array($sourceId, $this->album->getFileIds())) { throw new Conflict("File $sourceId is already in the folder"); } - if ($ownerUID === $uid) { + if ($ownerUID === $this->userId) { $this->albumMapper->addFile($this->album->getAlbum()->getId(), $sourceId, $ownerUID); - $node = current($this->userFolder->getById($sourceId)); + $node = current($this->rootFolder->getUserFolder($ownerUID)->getById($sourceId)); $this->album->addFile(new AlbumFile($sourceId, $node->getName(), $node->getMimetype(), $node->getSize(), $node->getMTime(), $node->getEtag(), $node->getCreationTime(), $ownerUID)); return true; } diff --git a/lib/Sabre/Album/AlbumsHome.php b/lib/Sabre/Album/AlbumsHome.php index c077eacd..d73e6da3 100644 --- a/lib/Sabre/Album/AlbumsHome.php +++ b/lib/Sabre/Album/AlbumsHome.php @@ -27,9 +27,7 @@ use OCA\Photos\Album\AlbumInfo; use OCA\Photos\Album\AlbumMapper; use OCA\Photos\Album\AlbumWithFiles; use OCA\Photos\Service\UserConfigService; -use OCP\Files\Folder; use OCP\Files\IRootFolder; -use OCP\IUser; use Sabre\DAV\Exception\Forbidden; use Sabre\DAV\Exception\NotFound; use Sabre\DAV\ICollection; @@ -37,9 +35,8 @@ use Sabre\DAV\ICollection; class AlbumsHome implements ICollection { protected AlbumMapper $albumMapper; protected array $principalInfo; - protected IUser $user; + protected string $userId; protected IRootFolder $rootFolder; - protected Folder $userFolder; protected UserConfigService $userConfigService; public const NAME = 'albums'; @@ -52,15 +49,14 @@ class AlbumsHome implements ICollection { public function __construct( array $principalInfo, AlbumMapper $albumMapper, - IUser $user, + string $userId, IRootFolder $rootFolder, UserConfigService $userConfigService ) { $this->principalInfo = $principalInfo; $this->albumMapper = $albumMapper; - $this->user = $user; + $this->userId = $userId; $this->rootFolder = $rootFolder; - $this->userFolder = $rootFolder->getUserFolder($user->getUID()); $this->userConfigService = $userConfigService; } @@ -90,8 +86,7 @@ class AlbumsHome implements ICollection { * @return void */ public function createDirectory($name) { - $uid = $this->user->getUID(); - $this->albumMapper->create($uid, $name); + $this->albumMapper->create($this->userId, $name); } public function getChild($name) { @@ -109,9 +104,9 @@ class AlbumsHome implements ICollection { */ public function getChildren(): array { if ($this->children === null) { - $albumInfos = $this->albumMapper->getForUser($this->user->getUID()); + $albumInfos = $this->albumMapper->getForUser($this->userId); $this->children = array_map(function (AlbumInfo $albumInfo) { - return new AlbumRoot($this->albumMapper, new AlbumWithFiles($albumInfo, $this->albumMapper), $this->rootFolder, $this->userFolder, $this->user, $this->userConfigService); + return new AlbumRoot($this->albumMapper, new AlbumWithFiles($albumInfo, $this->albumMapper), $this->rootFolder, $this->userId, $this->userConfigService); }, $albumInfos); } diff --git a/lib/Sabre/Album/PropFindPlugin.php b/lib/Sabre/Album/PropFindPlugin.php index b716ca34..9f3572ce 100644 --- a/lib/Sabre/Album/PropFindPlugin.php +++ b/lib/Sabre/Album/PropFindPlugin.php @@ -28,13 +28,13 @@ use OCA\DAV\Connector\Sabre\FilesPlugin; use OCA\Photos\Album\AlbumMapper; use OCP\IConfig; use OCP\IPreview; +use OCP\Files\NotFoundException; use Sabre\DAV\INode; use Sabre\DAV\PropFind; use Sabre\DAV\PropPatch; use Sabre\DAV\Server; use Sabre\DAV\ServerPlugin; use Sabre\DAV\Tree; -use OCP\Files\NotFoundException |