storage-backend: Add functionality to delete a file via an xmpp server; removed possibility to request a delete token and delete the file afterwards via xmpp client
This commit is contained in:
steckbrief
parent
14753b0d57
commit
49c6bb9f0b
2 changed files with 28 additions and 52 deletions
|
|
@ -41,11 +41,13 @@
|
|||
*
|
||||
* The following return codes are used for deleting a file:
|
||||
* 204: Success - No Content
|
||||
* 403: If a slot does not exist or a slot is not marked for deletion.
|
||||
* The slot does not exist
|
||||
* The slot does not contain a delete token
|
||||
* The slot's delete token does not match the header field "X-FILETRANSFER-HTTP-DELETE-TOKEN"
|
||||
* The slot's delete token is not valid any more
|
||||
* 403:
|
||||
* In case the XMPP Server Key is not valid
|
||||
* The user is not allowed to delete a file (e.g. files can only be deleted by the creator and deletion is requested by someone else)
|
||||
* There is no slot file for the file
|
||||
* The filename stored in the slot file differs from the filename of the request
|
||||
* 404: If the file does not exist
|
||||
* 500: If an error occured while deleting
|
||||
*/
|
||||
include_once(__DIR__.'/lib/functions.common.inc.php');
|
||||
include_once(__DIR__.'/lib/functions.http.inc.php');
|
||||
|
|
@ -79,30 +81,6 @@ switch ($method) {
|
|||
$slots = readSlots($userJid);
|
||||
$result = ['list' => $slots];
|
||||
break;
|
||||
case 'delete':
|
||||
// Check if all parameters needed for an delete are present - return 400 (bad request) if a parameter is missing / empty
|
||||
$fileURL = getMandatoryPostParameter('file_url');
|
||||
|
||||
$slotUUID = getUUIDFromUri($fileURL);
|
||||
$filename = getFilenameFromUri($fileURL);
|
||||
if (!slotExists($slotUUID, $config)) {
|
||||
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
|
||||
}
|
||||
|
||||
if ($config['delete_only_by_creator']) {
|
||||
$slotParameters = loadSlotParameters($slotUUID, $config);
|
||||
if ($slotParameters['user_jid'] != $userJid) {
|
||||
sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
|
||||
}
|
||||
}
|
||||
|
||||
// generate delete token, register delete token
|
||||
$deleteToken = generate_uuid();
|
||||
registerDeleteToken($slotUUID, $filename, $deleteToken, $config);
|
||||
|
||||
// return 200 for success and delete url Json formatted ( ['delete'=>url] )
|
||||
$result = ['deletetoken' => $deleteToken];
|
||||
break;
|
||||
case 'upload':
|
||||
default:
|
||||
// Check if all parameters needed for an upload are present - return 400 (bad request) if a parameter is missing / empty
|
||||
|
|
@ -178,17 +156,25 @@ switch ($method) {
|
|||
$uri = $_SERVER["REQUEST_URI"];
|
||||
$slotUUID = getUUIDFromUri($uri);
|
||||
$filename = getFilenameFromUri($uri);
|
||||
$deleteToken = $_SERVER["HTTP_X_FILETRANSFER_HTTP_DELETE_TOKEN"];
|
||||
$xmppServerKey = $_SERVER["HTTP_X_XMPP_SERVER_KEY"];
|
||||
$userJid = $_SERVER["HTTP_X_USER_JID"];
|
||||
|
||||
// Check if xmppServerKey is allowed to request slots
|
||||
if (false === checkXmppServerKey($config['valid_xmpp_server_keys'], $xmppServerKey)) {
|
||||
sendHttpReturnCodeAndJson(403, 'Server is not allowed to delete a file');
|
||||
}
|
||||
|
||||
if ($config['delete_only_by_creator']) {
|
||||
$slotParameters = loadSlotParameters($slotUUID, $config);
|
||||
if ($slotParameters['user_jid'] != $userJid) {
|
||||
sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
|
||||
}
|
||||
}
|
||||
|
||||
if (!slotExists($slotUUID, $config)) {
|
||||
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
|
||||
}
|
||||
$slotParameters = loadSlotParameters($slotUUID, $config);
|
||||
if ($deleteToken != $slotParameters['delete_token']) {
|
||||
sendHttpReturnCodeAndJson(403, "The delete token is not valid.");
|
||||
}
|
||||
if (time() > $slotParameters['delete_token_valid_till']) {
|
||||
sendHttpReturnCodeAndJson(403, "The delete token is not valid anymore.");
|
||||
}
|
||||
if (!checkFilenameParameter($filename, $slotParameters)) {
|
||||
sendHttpReturnCodeAndJson(403, "Filename to delete differs from requested slot filename.");
|
||||
}
|
||||
|
|
@ -196,7 +182,7 @@ switch ($method) {
|
|||
if (!file_exists($uploadFilePath)) {
|
||||
sendHttpReturnCodeAndJson(404, "The file does not exist.");
|
||||
}
|
||||
|
||||
|
||||
// Delete file
|
||||
if (unlink($uploadFilePath)) {
|
||||
// Clean up the server - ignore errors
|
||||
|
|
@ -245,26 +231,16 @@ function getFilenameFromUri($uri) {
|
|||
return substr($uri, $lastSlash);
|
||||
}
|
||||
|
||||
function registerSlot($slotUUID, $filename, $filesize, $contentType, $userJid, $receipientJid, $config) {
|
||||
function registerSlot($slotUUID, $filename, $filesize, $contentType, $userJid, $recipientJid, $config) {
|
||||
$contents = "<?php\n/*\n * This is an autogenerated file - do not edit\n */\n\n";
|
||||
$contents .= 'return [\'filename\' => \''.$filename.'\', \'filesize\' => \''.$filesize.'\', ';
|
||||
$contents .= '\'content_type\' => \''.$contentType.'\', \'user_jid\' => \''.$userJid.'\', \'receipient_jid\' => \''.$receipientJid.'\'];';
|
||||
$contents .= '\'content_type\' => \''.$contentType.'\', \'user_jid\' => \''.$userJid.'\', \'recipient_jid\' => \''.$recipientJid.'\'];';
|
||||
$contents .= "\n?>";
|
||||
if (!file_put_contents(getSlotFilePath($slotUUID, $config), $contents)) {
|
||||
sendHttpReturnCodeAndMessage(500, "Could not create slot registry entry.");
|
||||
}
|
||||
}
|
||||
|
||||
function registerDeleteToken($slotUUID, $filename, $deleteToken, $config) {
|
||||
$slotFilePath = getSlotFilePath($slotUUID, $config);
|
||||
$contents = file_get_contents($slotFilePath);
|
||||
$validTo = time() + $config['delete_token_validity'];
|
||||
$newContents = str_replace("]", ", 'delete_token' => '".$deleteToken."', 'delete_token_valid_till' => '".$validTo."']", $contents);
|
||||
if (!file_put_contents($slotFilePath, $newContents)) {
|
||||
sendHttpReturnCodeAndMessage(500, "Could not update slot registry entry.");
|
||||
}
|
||||
}
|
||||
|
||||
function slotExists($slotUUID, $config) {
|
||||
return file_exists(getSlotFilePath($slotUUID, $config));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ function readSlots($jid) {
|
|||
$slotUUID = $entry;
|
||||
$params = loadSlotParameters($slotUUID, $config);
|
||||
$senderBareJid = getBareJid($params['user_jid']);
|
||||
$recipientBareJid = (array_key_exists('receipient_jid', $params)) ? getBareJid($params['receipient_jid']) : '';
|
||||
$recipientBareJid = (array_key_exists('recipient_jid', $params)) ? getBareJid($params['recipient_jid']) : '';
|
||||
if ($senderBareJid == $jid || $recipientBareJid == $jid) {
|
||||
$filePath = getUploadFilePath($slotUUID, $config, $params['filename']);
|
||||
$file = [];
|
||||
|
|
@ -52,8 +52,8 @@ function readSlots($jid) {
|
|||
$file['fileinfo']['content_type'] = $params['content_type'];
|
||||
$file['sender_jid'] = $senderBareJid;
|
||||
$file['recipient_jid'] = $recipientBareJid;
|
||||
if (null == $file['receipient_jid']) {
|
||||
$file['receipient_jid'] = "";
|
||||
if (null == $file['recipient_jid']) {
|
||||
$file['recipient_jid'] = "";
|
||||
}
|
||||
$slots[] = $file;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue