Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 41 |
|
0.00% |
0 / 1 |
CRAP | |
0.00% |
0 / 1 |
| OlzWebDav | |
0.00% |
0 / 41 |
|
0.00% |
0 / 1 |
90 | |
0.00% |
0 / 1 |
| getHtml | |
0.00% |
0 / 41 |
|
0.00% |
0 / 1 |
90 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace Olz\Apps\Files\Components\OlzWebDav; |
| 4 | |
| 5 | use Olz\Apps\Files\Service\CallbackAuthBackend; |
| 6 | use Olz\Components\Common\OlzComponent; |
| 7 | use Sabre\DAV; |
| 8 | |
| 9 | /** @extends OlzComponent<array<string, mixed>> */ |
| 10 | class OlzWebDav extends OlzComponent { |
| 11 | public function getHtml(mixed $args): string { |
| 12 | $data_path = $this->envUtils()->getDataPath(); |
| 13 | error_reporting(0); |
| 14 | |
| 15 | // Hack: Use weird path-token-authentication |
| 16 | // Reason: Hoststar cannot have basic auth header ¯\_(ツ)_/¯ |
| 17 | $path_info = $args['path']; |
| 18 | $pattern = '/^\/?(token__([a-zA-Z0-9_\-]+))(\/.*)?$/'; |
| 19 | $res = preg_match($pattern, $path_info, $matches); |
| 20 | $stripped_path_info = $res ? $matches[1] : ''; |
| 21 | $access_token = $res ? $matches[2] : null; |
| 22 | $simulated_path_info = $res ? ($matches[3] ?? '') : $path_info; |
| 23 | $_SERVER['PATH_INFO'] = $simulated_path_info; |
| 24 | // end of hack |
| 25 | |
| 26 | // The user can be logged in by PHP session or access token. |
| 27 | if ($access_token) { |
| 28 | $this->authUtils()->setGetParams(['access_token' => $access_token]); |
| 29 | } |
| 30 | $user = $this->authUtils()->getCurrentUser(); |
| 31 | if (!$user) { |
| 32 | $this->httpUtils()->dieWithHttpError(401); |
| 33 | throw new \Exception('should already have failed'); |
| 34 | } |
| 35 | $user_root = $user->getRoot(); |
| 36 | if (!$user_root) { |
| 37 | $this->httpUtils()->dieWithHttpError(403); |
| 38 | throw new \Exception('should already have failed'); |
| 39 | } |
| 40 | |
| 41 | $root_directory = new DAV\FS\Directory("{$data_path}OLZimmerbergAblage/{$user_root}"); |
| 42 | $server = new DAV\Server($root_directory); |
| 43 | $server->setBaseUri("/apps/files/webdav/{$stripped_path_info}"); |
| 44 | |
| 45 | $auth_backend = new CallbackAuthBackend( |
| 46 | function () use ($user) { |
| 47 | $has_permission = $this->authUtils()->hasPermission('webdav', $user); |
| 48 | if ($has_permission) { |
| 49 | return [true, $user->getUsername()]; |
| 50 | } |
| 51 | return [false, 'WebDAV permission denied']; |
| 52 | } |
| 53 | ); |
| 54 | $auth_plugin = new DAV\Auth\Plugin($auth_backend); |
| 55 | $server->addPlugin($auth_plugin); |
| 56 | |
| 57 | $lock_backend = new DAV\Locks\Backend\File('data/locks'); |
| 58 | $lock_plugin = new DAV\Locks\Plugin($lock_backend); |
| 59 | $server->addPlugin($lock_plugin); |
| 60 | |
| 61 | $server->addPlugin(new DAV\Browser\Plugin()); |
| 62 | |
| 63 | ob_start(); |
| 64 | $server->exec(); |
| 65 | $html_out = ob_get_contents() ?: ''; |
| 66 | ob_end_clean(); |
| 67 | return $html_out; |
| 68 | } |
| 69 | } |