From 366981fba6d01167c1ac38f559bd611062d8e534 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Wed, 23 May 2018 10:50:44 +0200 Subject: [PATCH] Move public preview endpoint over Signed-off-by: Roeland Jago Douma --- apps/files_sharing/appinfo/routes.php | 8 +--- apps/files_sharing/js/public.js | 11 +++-- .../Controller/PublicPreviewController.php | 44 ++++++++++++++----- .../lib/Controller/ShareController.php | 2 +- .../PublicShare/PublicShareMiddleware.php | 3 +- lib/private/legacy/template/functions.php | 2 +- 6 files changed, 44 insertions(+), 26 deletions(-) diff --git a/apps/files_sharing/appinfo/routes.php b/apps/files_sharing/appinfo/routes.php index 863b27da27..8e5110c6a1 100644 --- a/apps/files_sharing/appinfo/routes.php +++ b/apps/files_sharing/appinfo/routes.php @@ -34,13 +34,7 @@ return [ ], [ 'name' => 'PublicPreview#getPreview', - 'url' => '/publicpreview', - 'verb' => 'GET', - ], - - [ - 'name' => 'PublicPreview#getPreview', - 'url' => '/ajax/publicpreview.php', + 'url' => '/publicpreview/{token}', 'verb' => 'GET', ], diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js index 1de7c6b4fc..e1e05f8964 100644 --- a/apps/files_sharing/js/public.js +++ b/apps/files_sharing/js/public.js @@ -112,7 +112,6 @@ OCA.Sharing.PublicApp = { y: Math.ceil(previewHeight * window.devicePixelRatio), a: 'true', file: encodeURIComponent(this.initialDir + $('#filename').val()), - t: token, scalingup: 0 }; @@ -150,7 +149,7 @@ OCA.Sharing.PublicApp = { } else if ((previewSupported === 'true' && mimetype.substr(0, mimetype.indexOf('/')) !== 'video') || mimetype.substr(0, mimetype.indexOf('/')) === 'image' && mimetype !== 'image/svg+xml') { - img.attr('src', OC.filePath('files_sharing', 'ajax', 'publicpreview.php') + '?' + OC.buildQueryString(params)); + img.attr('src', OC.linkTo('files_sharing', '/publicpreview/'+token) + '?' + OC.buildQueryString(params)); imgcontainer.appendTo('#imgframe'); } else if (mimetype.substr(0, mimetype.indexOf('/')) !== 'video') { img.attr('src', OC.Util.replaceSVGIcon(mimetypeIcon)); @@ -158,7 +157,7 @@ OCA.Sharing.PublicApp = { imgcontainer.appendTo('#imgframe'); } else if (previewSupported === 'true') { - $('#imgframe > video').attr('poster', OC.filePath('files_sharing', 'ajax', 'publicpreview.php') + '?' + OC.buildQueryString(params)); + $('#imgframe > video').attr('poster', OC.linkTo('files_sharing', '/publicpreview/'+token) + '?' + OC.buildQueryString(params)); } if (this.fileList) { @@ -223,8 +222,8 @@ OCA.Sharing.PublicApp = { urlSpec.y *= window.devicePixelRatio; urlSpec.x = Math.ceil(urlSpec.x); urlSpec.y = Math.ceil(urlSpec.y); - urlSpec.t = $('#dirToken').val(); - return OC.generateUrl('/apps/files_sharing/ajax/publicpreview.php?') + $.param(urlSpec); + var token = $('#dirToken').val(); + return OC.linkTo('files_sharing', '/publicpreview/'+token) + '?' + OC.buildQueryString(urlSpec); }; this.fileList.updateEmptyContent = function() { @@ -427,4 +426,4 @@ $(document).ready(function () { }; } -}); \ No newline at end of file +}); diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 0870995fc7..b13c0a64b0 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -27,15 +27,18 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\FileDisplayResponse; +use OCP\AppFramework\PublicShareController; use OCP\Constants; use OCP\Files\Folder; use OCP\Files\NotFoundException; use OCP\IPreview; use OCP\IRequest; +use OCP\ISession; use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\IManager as ShareManager; +use OCP\Share\IShare; -class PublicPreviewController extends Controller { +class PublicPreviewController extends PublicShareController { /** @var ShareManager */ private $shareManager; @@ -43,16 +46,38 @@ class PublicPreviewController extends Controller { /** @var IPreview */ private $previewManager; - public function __construct($appName, + /** @var IShare */ + private $share; + + public function __construct(string $appName, IRequest $request, ShareManager $shareManger, + ISession $session, IPreview $previewManager) { - parent::__construct($appName, $request); + parent::__construct($appName, $request, $session); $this->shareManager = $shareManger; $this->previewManager = $previewManager; } + protected function getPasswordHash(): string { + return $this->share->getPassword(); + } + + public function isValidToken(): bool { + try { + $this->share = $this->shareManager->getShareByToken($this->getToken()); + return true; + } catch (ShareNotFound $e) { + return false; + } + } + + protected function isPasswordProtected(): bool { + return $this->share->getPassword() !== null; + } + + /** * @PublicPage * @NoCSRFRequired @@ -60,24 +85,23 @@ class PublicPreviewController extends Controller { * @param string $file * @param int $x * @param int $y - * @param string $t * @param bool $a * @return DataResponse|FileDisplayResponse */ public function getPreview( - $file = '', - $x = 32, - $y = 32, - $t = '', + string $token, + string $file = '', + int $x = 32, + int $y = 32, $a = false ) { - if ($t === '' || $x === 0 || $y === 0) { + if ($token === '' || $x === 0 || $y === 0) { return new DataResponse([], Http::STATUS_BAD_REQUEST); } try { - $share = $this->shareManager->getShareByToken($t); + $share = $this->shareManager->getShareByToken($token); } catch (ShareNotFound $e) { return new DataResponse([], Http::STATUS_NOT_FOUND); } diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 662099cd30..5c72bbd8c7 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -372,7 +372,7 @@ class ShareController extends AuthPublicShareController { $ogPreview = ''; if ($shareTmpl['previewSupported']) { $shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute( 'files_sharing.PublicPreview.getPreview', - ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]); + ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 'token' => $shareTmpl['dirToken']]); $ogPreview = $shareTmpl['previewImage']; // We just have direct previews for image files diff --git a/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php index 2b3f384fcd..38267779e6 100644 --- a/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php +++ b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php @@ -80,6 +80,7 @@ class PublicShareMiddleware extends Middleware { } private function getFunctionForRoute(string $route): string { - return array_pop(explode('.', $route)); + $tmp = explode('.', $route); + return array_pop($tmp); } } diff --git a/lib/private/legacy/template/functions.php b/lib/private/legacy/template/functions.php index 290ffe120a..55d3a59568 100644 --- a/lib/private/legacy/template/functions.php +++ b/lib/private/legacy/template/functions.php @@ -262,7 +262,7 @@ function preview_icon( $path ) { * @return string */ function publicPreview_icon ( $path, $token ) { - return \OC::$server->getURLGenerator()->linkToRoute('files_sharing.PublicPreview.getPreview', ['x' => 32, 'y' => 32, 'file' => $path, 't' => $token]); + return \OC::$server->getURLGenerator()->linkToRoute('files_sharing.PublicPreview.getPreview', ['x' => 32, 'y' => 32, 'file' => $path, 'token' => $token]); } /**