1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
<?php
/*
* This script serves as storing backend for the xmpp extension
* XEP-0313 Http Upload
*/
$method = $_SERVER['REQUEST_METHOD'];
// Load configuration
$config = require('config.php');
switch ($method) {
case 'POST':
// parse post parameters
// check if all parameters are present - return 400 (bad request) if a parameter is missing / empty
$xmppServerKey = getMandatoryPostParameter('xmpp_server_key');
$filename = getMandatoryPostParameter('filename');
$filesize = getMandatoryPostParameter('size');
$type = getMandatoryPostParameter('content_type');
$userJid = getMandatoryPostParameter('user_jid');
// check file size - return 406 (not acceptable) if file too large
if ($filesize > $config['max_upload_file_size']) {
sendHttpErrorCodeAndMessage(406, 'File too large. Maximum file size: '.$config['max_upload_file_size']);
}
// check file name - return 406 (not acceptable) if file contains invalid characters
foreach ($config['invalid_characters_in_filename'] as $invalidCharacter) {
if (stripos($filename, $invalidCharacter) !== false) {
sendHttpErrorCodeAndMessage(406, 'Invalid character found in filename.');
}
}
// generate slot uuid, register slot uuid and expected file size and expected mime type
$basePath = $config['storage_base_path'];
$slotUUID = generate_uuid();
registerSlot($slotUUID, $filename, $filesize, $type, $userJid, $config);
if (!mkdir(getUploadFilePath($slotUUID, $config))) {
sendHttpErrorCodeAndMessage(500, "Could not create directory for upload.");
}
// return 200 for success and get / put url Json formatted ( ['get'=>url, 'put'=>url] )
$result = array('put' => $config['base_url_put'].$slotUUID.'/'.$filename,
'get' => $config['base_url_get'].$slotUUID.'/'.$filename);
echo json_encode($result);
break;
case 'PUT':
// check slot uuid - return 403 if not existing
$uri = $_SERVER["REQUEST_URI"];
$slotUUID = getUUIDFromUri($uri);
$filename = getFilenameFromUri($uri);
$uploadFilePath = getUploadFilePath($slotUUID, $config, $filename);
if (file_exists($uploadFilePath)) {
sendHttpErrorCodeAndMessage(403, "The slot was already used.");
}
if (!slotExists($slotUUID, $config)) {
sendHttpErrorCodeAndMessage(403, "The slot does not exist.");
}
$slotParameters = require(getSlotFilePath($slotUUID, $config));
// save file
$incomingFileStream = fopen("php://input", "r");
$targetFileStream = fopen($uploadFilePath, "w");
$uploadedFilesize = stream_copy_to_stream($incomingFileStream, $targetFileStream);
fclose($targetFileStream);
// check actual file size with registered file size - return 413
if ($uploadedFilesize != $slotParameters['filesize']) {
unlink($uploadedFilePath);
sendHttpErrorCodeAndMessage(403, "Uploaded file size differs from requestes slot size.");
}
// check actual mime type with registered mime type
if (mime_content_type($uploadFilePath) != $slotParameters['content_type']) {
unlink($uploadedFilePath);
sendHttpErrorCodeAndMessage(403, "Uploaded file content type differs from requestes slot content type.");
}
// return 500 in case of any error
// return 201 for success
sendHttpErrorCodeAndMessage(201);
break;
case 'GET': // better use really apache to serve files...
break;
}
function getMandatoryPostParameter($parameterName) {
$parameter = $_POST[$parameterName];
if (!isset($parameter) || is_null($parameter) || empty($parameter)) {
sendHttpErrorCodeAndMessage(400, 'Missing parameter "'.$parameterName.'"');
}
return $parameter;
}
function sendHttpErrorCodeAndMessage($code, $text = '') {
http_response_code($code);
exit($text);
}
function getUUIDFromUri($uri) {
$pattern = "/[a-f0-9]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/";
preg_match($pattern, $uri, $matches);
return $matches[0];
}
function getFilenameFromUri($uri) {
$lastSlash = strrpos($uri, '/');
return substr($uri, $lastSlash);
}
function registerSlot($slotUUID, $filename, $filesize, $contentType, $userJid, $config) {
$contents = "<?php\n/*\n * This is an autogenerated file - do not edit\n */\n\n";
$contents .= 'return array(\'filename\' => \''.$filename.'\', \'filesize\' => \''.$filesize.'\', ';
$contents .= '\'content_type\' => \''.$contentType.'\', \'user_jid\' => \''.$userJid.'\');';
if (!file_put_contents(getSlotFilePath($slotUUID, $config), $contents)) {
sendHttpErrorCodeAndMessage(500, "Could not create slot registry entry.");
}
}
function slotExists($slotUUID, $config) {
return file_exists(getSlotFilePath($slotUUID, $config));
}
function getSlotFilePath($slotUUID, $config) {
return $config['slot_registry_dir'].$slotUUID;
}
function getUploadFilePath($slotUUID, $config, $filename = NULL) {
$path = $config['storage_base_path'].$slotUUID;
if (!is_null($filename)) {
$path .= '/'.$filename;
}
return $path;
}
/**
* Copied from http://rogerstringer.com/2013/11/15/generate-uuids-php/
*/
function generate_uuid() {
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),
mt_rand( 0, 0xffff ),
mt_rand( 0, 0x0fff ) | 0x4000,
mt_rand( 0, 0x3fff ) | 0x8000,
mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
);
}
|
