From fbba3876b537e84699b854e098936a5cd4fe0c8b Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 4 Jan 2016 21:48:17 +0100 Subject: Reduced manual configuration, folder structure created Determination of storage paths now relative to script directory and programmatically Determination of get and put URLs now based on the slot request request Basic access restriction to default directories --- storage-backend/config.inc.php | 21 ------------------ storage-backend/config/.htaccess | 1 + storage-backend/config/config.inc.php | 13 +++++++++++ storage-backend/files/.htaccess | 1 + storage-backend/index.php | 42 ++++++++++++++++++++++++++++++++++- storage-backend/slots/.htaccess | 1 + 6 files changed, 57 insertions(+), 22 deletions(-) delete mode 100644 storage-backend/config.inc.php create mode 100644 storage-backend/config/.htaccess create mode 100644 storage-backend/config/config.inc.php create mode 100644 storage-backend/files/.htaccess create mode 100644 storage-backend/slots/.htaccess diff --git a/storage-backend/config.inc.php b/storage-backend/config.inc.php deleted file mode 100644 index f9b7537..0000000 --- a/storage-backend/config.inc.php +++ /dev/null @@ -1,21 +0,0 @@ - array('abc'), - // Max Upload size in bytes - 'max_upload_file_size' => 10 * 1024 * 1024, - // Array of characters which are not allowed in filenames - 'invalid_characters_in_filename' => array('/'), - // The path to the file storage - IMPORTANT: Add a trailing '/' - 'storage_base_path' => '[[PATH_TO_STORAGE]]', - // The path to the directory where the slots are stored - IMPORTANT: Add a trailing '/' - 'slot_registry_dir' => '[[PATH_TO_SLOT_STORAGE]]', - // The base URL to put the files - IMPORTANT: Add a trailing '/' - 'base_url_put' => '[[BASE_URL_FOR_PUT]]', - // The base URL to get the files - IMPORTANT: Add a trailing '/' - 'base_url_get' => '[[BASE_URL_FOR_GET]]', -); diff --git a/storage-backend/config/.htaccess b/storage-backend/config/.htaccess new file mode 100644 index 0000000..3418e55 --- /dev/null +++ b/storage-backend/config/.htaccess @@ -0,0 +1 @@ +deny from all \ No newline at end of file diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php new file mode 100644 index 0000000..dd05a15 --- /dev/null +++ b/storage-backend/config/config.inc.php @@ -0,0 +1,13 @@ + ['abc'], + // Max Upload size in bytes + 'max_upload_file_size' => 10 * 1024 * 1024, + // Array of characters which are not allowed in filenames + 'invalid_characters_in_filename' => ['/'], +]; diff --git a/storage-backend/files/.htaccess b/storage-backend/files/.htaccess new file mode 100644 index 0000000..45552cb --- /dev/null +++ b/storage-backend/files/.htaccess @@ -0,0 +1 @@ +Options -Indexes \ No newline at end of file diff --git a/storage-backend/index.php b/storage-backend/index.php index 1753055..d9c82d5 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -31,7 +31,12 @@ $method = $_SERVER['REQUEST_METHOD']; // Load configuration -$config = require('config.php'); +$config = require(__DIR__.'/config/config.php'); +// Initialize directory config +$config['storage_base_path'] = __DIR__.'/files/'; +$config['slot_registry_dir'] = __DIR__.'/slots/'; +$config['base_url_put'] = getServerProtocol()."://".getRequestHostname().getRequestUriWithoutFilename().'files/'; +$config['base_url_get'] = $config['base_url_put']; switch ($method) { case 'POST': @@ -172,6 +177,41 @@ function getUploadFilePath($slotUUID, $config, $filename = NULL) { return $path; } +/** + * Inspired by https://github.com/owncloud/core/blob/master/lib/private/appframework/http/request.php#L523 + */ +function getServerProtocol() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], ',') !== false) { + $parts = explode(',', $_SERVER['HTTP_X_FORWARDED_PROTO']); + $proto = strtolower(trim($parts[0])); + } else { + $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); + } + // Verify that the protocol is always HTTP or HTTPS + // default to http if an invalid value is provided + return $proto === 'https' ? 'https' : 'http'; + } + if (isset($_SERVER['HTTPS']) + && $_SERVER['HTTPS'] !== null + && $_SERVER['HTTPS'] !== 'off' + && $_SERVER['HTTPS'] !== '') { + return 'https'; + } + return 'http'; +} + +function getRequestHostname() { + if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { + return strtolower($_SERVER['HTTP_X_FORWARDED_HOST']); + } + return strtolower($_SERVER['HTTP_HOST']); +} + +function getRequestUriWithoutFilename() { + return strtolower(substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/') + 1)); +} + /** * Copied from http://rogerstringer.com/2013/11/15/generate-uuids-php/ */ diff --git a/storage-backend/slots/.htaccess b/storage-backend/slots/.htaccess new file mode 100644 index 0000000..3418e55 --- /dev/null +++ b/storage-backend/slots/.htaccess @@ -0,0 +1 @@ +deny from all \ No newline at end of file -- cgit v1.2.3