Reduced manual configuration, folder structure created

Determination of storage paths now relative to script directory and programmatically
Determination of get and put URLs now based on the slot request request
Basic access restriction to default directories

storage-backend/config.inc.php

@@ -1,21 +0,0 @@
-<?php
-/*
- * Configuration file for http upload storage backend
- */
-
-return array(
-  // Array of keys of XMPP Server allowed to request slots
-  'valid_xmpp_server_keys' => array('abc'),
-  // Max Upload size in bytes
-  'max_upload_file_size' => 10 * 1024 * 1024,
-  // Array of characters which are not allowed in filenames
-  'invalid_characters_in_filename' => array('/'),
-  // The path to the file storage - IMPORTANT: Add a trailing '/'
-  'storage_base_path' => '[[PATH_TO_STORAGE]]',
-  // The path to the directory where the slots are stored - IMPORTANT: Add a trailing '/'
-  'slot_registry_dir' => '[[PATH_TO_SLOT_STORAGE]]',
-  // The base URL to put the files - IMPORTANT: Add a trailing '/'
-  'base_url_put' => '[[BASE_URL_FOR_PUT]]',
-  // The base URL to get the files - IMPORTANT: Add a trailing '/'
-  'base_url_get' => '[[BASE_URL_FOR_GET]]',
-);

storage-backend/config/.htaccess

@@ -0,0 +1 @@
+deny from all

storage-backend/config/config.inc.php

@@ -0,0 +1,13 @@
+<?php
+/*
+ * Configuration file for http upload storage backend
+ */
+
+return [
+  // Array of keys of XMPP Server allowed to request slots
+  'valid_xmpp_server_keys' => ['abc'],
+  // Max Upload size in bytes
+  'max_upload_file_size' => 10 * 1024 * 1024,
+  // Array of characters which are not allowed in filenames
+  'invalid_characters_in_filename' => ['/'],
+];

storage-backend/files/.htaccess

@@ -0,0 +1 @@
+Options -Indexes

storage-backend/index.php

@@ -31,7 +31,12 @@
 $method = $_SERVER['REQUEST_METHOD'];
 
 // Load configuration
-$config = require('config.php');
+$config = require(__DIR__.'/config/config.php');
+// Initialize directory config
+$config['storage_base_path'] = __DIR__.'/files/';
+$config['slot_registry_dir'] = __DIR__.'/slots/';
+$config['base_url_put'] = getServerProtocol()."://".getRequestHostname().getRequestUriWithoutFilename().'files/';
+$config['base_url_get'] = $config['base_url_put'];
 
 switch ($method) {
   case 'POST':
@@ -172,6 +177,41 @@ function getUploadFilePath($slotUUID, $config, $filename = NULL) {
   return $path;
 }
 
+/**
+ * Inspired by https://github.com/owncloud/core/blob/master/lib/private/appframework/http/request.php#L523
+ */
+function getServerProtocol() {
+  if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+      if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], ',') !== false) {
+          $parts = explode(',', $_SERVER['HTTP_X_FORWARDED_PROTO']);
+          $proto = strtolower(trim($parts[0]));
+      } else {
+          $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
+      }
+      // Verify that the protocol is always HTTP or HTTPS
+      // default to http if an invalid value is provided
+      return $proto === 'https' ? 'https' : 'http';
+  }
+  if (isset($_SERVER['HTTPS'])
+      && $_SERVER['HTTPS'] !== null
+      && $_SERVER['HTTPS'] !== 'off'
+      && $_SERVER['HTTPS'] !== '') {
+      return 'https';
+  }
+  return 'http';
+}
+
+function getRequestHostname() {
+  if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+    return strtolower($_SERVER['HTTP_X_FORWARDED_HOST']);
+  }
+  return strtolower($_SERVER['HTTP_HOST']);
+}
+
+function getRequestUriWithoutFilename() {
+  return strtolower(substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/') + 1));
+}
+
 /**
  * Copied from http://rogerstringer.com/2013/11/15/generate-uuids-php/
  */ 

storage-backend/slots/.htaccess

@@ -0,0 +1 @@
+deny from all