From fbba3876b537e84699b854e098936a5cd4fe0c8b Mon Sep 17 00:00:00 2001
From: steckbrief <steckbrief@chefmail.de>
Date: Mon, 4 Jan 2016 21:48:17 +0100
Subject: Reduced manual configuration, folder structure created Determination
 of storage paths now relative to script directory and programmatically
 Determination of get and put URLs now based on the slot request request Basic
 access restriction to default directories

---
 storage-backend/config.inc.php        | 21 ------------------
 storage-backend/config/.htaccess      |  1 +
 storage-backend/config/config.inc.php | 13 +++++++++++
 storage-backend/files/.htaccess       |  1 +
 storage-backend/index.php             | 42 ++++++++++++++++++++++++++++++++++-
 storage-backend/slots/.htaccess       |  1 +
 6 files changed, 57 insertions(+), 22 deletions(-)
 delete mode 100644 storage-backend/config.inc.php
 create mode 100644 storage-backend/config/.htaccess
 create mode 100644 storage-backend/config/config.inc.php
 create mode 100644 storage-backend/files/.htaccess
 create mode 100644 storage-backend/slots/.htaccess

diff --git a/storage-backend/config.inc.php b/storage-backend/config.inc.php
deleted file mode 100644
index f9b7537..0000000
--- a/storage-backend/config.inc.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-/*
- * Configuration file for http upload storage backend
- */
-
-return array(
-  // Array of keys of XMPP Server allowed to request slots
-  'valid_xmpp_server_keys' => array('abc'),
-  // Max Upload size in bytes
-  'max_upload_file_size' => 10 * 1024 * 1024,
-  // Array of characters which are not allowed in filenames
-  'invalid_characters_in_filename' => array('/'),
-  // The path to the file storage - IMPORTANT: Add a trailing '/'
-  'storage_base_path' => '[[PATH_TO_STORAGE]]',
-  // The path to the directory where the slots are stored - IMPORTANT: Add a trailing '/'
-  'slot_registry_dir' => '[[PATH_TO_SLOT_STORAGE]]',
-  // The base URL to put the files - IMPORTANT: Add a trailing '/'
-  'base_url_put' => '[[BASE_URL_FOR_PUT]]',
-  // The base URL to get the files - IMPORTANT: Add a trailing '/'
-  'base_url_get' => '[[BASE_URL_FOR_GET]]',
-);
diff --git a/storage-backend/config/.htaccess b/storage-backend/config/.htaccess
new file mode 100644
index 0000000..3418e55
--- /dev/null
+++ b/storage-backend/config/.htaccess
@@ -0,0 +1 @@
+deny from all
\ No newline at end of file
diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php
new file mode 100644
index 0000000..dd05a15
--- /dev/null
+++ b/storage-backend/config/config.inc.php
@@ -0,0 +1,13 @@
+<?php
+/*
+ * Configuration file for http upload storage backend
+ */
+
+return [
+  // Array of keys of XMPP Server allowed to request slots
+  'valid_xmpp_server_keys' => ['abc'],
+  // Max Upload size in bytes
+  'max_upload_file_size' => 10 * 1024 * 1024,
+  // Array of characters which are not allowed in filenames
+  'invalid_characters_in_filename' => ['/'],
+];
diff --git a/storage-backend/files/.htaccess b/storage-backend/files/.htaccess
new file mode 100644
index 0000000..45552cb
--- /dev/null
+++ b/storage-backend/files/.htaccess
@@ -0,0 +1 @@
+Options -Indexes
\ No newline at end of file
diff --git a/storage-backend/index.php b/storage-backend/index.php
index 1753055..d9c82d5 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -31,7 +31,12 @@
 $method = $_SERVER['REQUEST_METHOD'];
 
 // Load configuration
-$config = require('config.php');
+$config = require(__DIR__.'/config/config.php');
+// Initialize directory config
+$config['storage_base_path'] = __DIR__.'/files/';
+$config['slot_registry_dir'] = __DIR__.'/slots/';
+$config['base_url_put'] = getServerProtocol()."://".getRequestHostname().getRequestUriWithoutFilename().'files/';
+$config['base_url_get'] = $config['base_url_put'];
 
 switch ($method) {
   case 'POST':
@@ -172,6 +177,41 @@ function getUploadFilePath($slotUUID, $config, $filename = NULL) {
   return $path;
 }
 
+/**
+ * Inspired by https://github.com/owncloud/core/blob/master/lib/private/appframework/http/request.php#L523
+ */
+function getServerProtocol() {
+  if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+      if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], ',') !== false) {
+          $parts = explode(',', $_SERVER['HTTP_X_FORWARDED_PROTO']);
+          $proto = strtolower(trim($parts[0]));
+      } else {
+          $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
+      }
+      // Verify that the protocol is always HTTP or HTTPS
+      // default to http if an invalid value is provided
+      return $proto === 'https' ? 'https' : 'http';
+  }
+  if (isset($_SERVER['HTTPS'])
+      && $_SERVER['HTTPS'] !== null
+      && $_SERVER['HTTPS'] !== 'off'
+      && $_SERVER['HTTPS'] !== '') {
+      return 'https';
+  }
+  return 'http';
+}
+
+function getRequestHostname() {
+  if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+    return strtolower($_SERVER['HTTP_X_FORWARDED_HOST']);
+  }
+  return strtolower($_SERVER['HTTP_HOST']);
+}
+
+function getRequestUriWithoutFilename() {
+  return strtolower(substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/') + 1));
+}
+
 /**
  * Copied from http://rogerstringer.com/2013/11/15/generate-uuids-php/
  */ 
diff --git a/storage-backend/slots/.htaccess b/storage-backend/slots/.htaccess
new file mode 100644
index 0000000..3418e55
--- /dev/null
+++ b/storage-backend/slots/.htaccess
@@ -0,0 +1 @@
+deny from all
\ No newline at end of file
-- 
cgit v1.2.3