nextcloud/apps/dav/lib/Controller/DirectController.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
namespace OCA\DAV\Controller;

use OCA\DAV\Db\Direct;
use OCA\DAV\Db\DirectMapper;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\Events\BeforeDirectFileDownloadEvent;
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\IRequest;
use OCP\IURLGenerator;
use OCP\Security\ISecureRandom;

class DirectController extends OCSController {

	public function __construct(
		string $appName,
		IRequest $request,
		private IRootFolder $rootFolder,
		private string $userId,
		private DirectMapper $mapper,
		private ISecureRandom $random,
		private ITimeFactory $timeFactory,
		private IURLGenerator $urlGenerator,
		private IEventDispatcher $eventDispatcher,
	) {
		parent::__construct($appName, $request);
	}

	/**
	 * Get a direct link to a file
	 *
	 * @param int $fileId ID of the file
	 * @param int $expirationTime Duration until the link expires
	 * @return DataResponse<Http::STATUS_OK, array{url: string}, array{}>
	 * @throws OCSNotFoundException File not found
	 * @throws OCSBadRequestException Getting direct link is not possible
	 * @throws OCSForbiddenException Missing permissions to get direct link
	 *
	 * 200: Direct link returned
	 */
	#[NoAdminRequired]
	public function getUrl(int $fileId, int $expirationTime = 60 * 60 * 8): DataResponse {
		$userFolder = $this->rootFolder->getUserFolder($this->userId);

		$file = $userFolder->getFirstNodeById($fileId);

		if (!$file) {
			throw new OCSNotFoundException();
		}

		if ($expirationTime <= 0 || $expirationTime > (60 * 60 * 24)) {
			throw new OCSBadRequestException('Expiration time should be greater than 0 and less than or equal to ' . (60 * 60 * 24));
		}

		if (!($file instanceof File)) {
			throw new OCSBadRequestException('Direct download only works for files');
		}

		$event = new BeforeDirectFileDownloadEvent($userFolder->getRelativePath($file->getPath()));
		$this->eventDispatcher->dispatchTyped($event);

		if ($event->isSuccessful() === false) {
			throw new OCSForbiddenException('Permission denied to download file');
		}

		//TODO: at some point we should use the directdownlaod function of storages
		$direct = new Direct();
		$direct->setUserId($this->userId);
		$direct->setFileId($fileId);

		$token = $this->random->generate(60, ISecureRandom::CHAR_ALPHANUMERIC);
		$direct->setToken($token);
		$direct->setExpiration($this->timeFactory->getTime() + $expirationTime);

		$this->mapper->insert($direct);

		$url = $this->urlGenerator->getAbsoluteURL('remote.php/direct/' . $token);

		return new DataResponse([
			'url' => $url,
		]);
	}
}
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-27 11:39:07 -04:00			`* SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`*/`
			`namespace OCA\DAV\Controller;`

Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`use OCA\DAV\Db\Direct;`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`use OCA\DAV\Db\DirectMapper;`
dav: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com> 2023-03-20 13:46:52 -04:00			`use OCP\AppFramework\Http;`
refactor(dav): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de> 2024-07-25 07:14:45 -04:00			`use OCP\AppFramework\Http\Attribute\NoAdminRequired;`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`use OCP\AppFramework\Http\DataResponse;`
Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`use OCP\AppFramework\OCS\OCSBadRequestException;`
Block download when needed on direct download endpoint Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 09:50:43 -04:00			`use OCP\AppFramework\OCS\OCSForbiddenException;`
chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2023-11-23 04:22:34 -05:00			`use OCP\AppFramework\OCS\OCSNotFoundException;`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`use OCP\AppFramework\OCSController;`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`use OCP\AppFramework\Utility\ITimeFactory;`
Block download when needed on direct download endpoint Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 09:50:43 -04:00			`use OCP\EventDispatcher\IEventDispatcher;`
Multiple fixes - Fix tests - Use non deprecated event stuff - Add a bit of type hinting to the new stuff - More safe handling of instanceOfStorage (share might not be the first wrapper) - Fix resharing Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-07-15 11:11:54 -04:00			`use OCP\Files\Events\BeforeDirectFileDownloadEvent;`
Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`use OCP\Files\File;`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`use OCP\Files\IRootFolder;`
			`use OCP\IRequest;`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`use OCP\IURLGenerator;`
			`use OCP\Security\ISecureRandom;`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00
			`class DirectController extends OCSController {`

refactor(apps): Use constructor property promotion when possible Signed-off-by: provokateurin <kate@provokateurin.de> 2024-10-18 06:04:22 -04:00			`public function __construct(`
			`string $appName,`
chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2023-11-23 04:22:34 -05:00			`IRequest $request,`
refactor(apps): Use constructor property promotion when possible Signed-off-by: provokateurin <kate@provokateurin.de> 2024-10-18 06:04:22 -04:00			`private IRootFolder $rootFolder,`
			`private string $userId,`
			`private DirectMapper $mapper,`
			`private ISecureRandom $random,`
			`private ITimeFactory $timeFactory,`
			`private IURLGenerator $urlGenerator,`
			`private IEventDispatcher $eventDispatcher,`
			`) {`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`parent::__construct($appName, $request);`
			`}`

Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`/**`
dav: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com> 2023-03-20 13:46:52 -04:00			`* Get a direct link to a file`
			`*`
			`* @param int $fileId ID of the file`
			`* @param int $expirationTime Duration until the link expires`
			`* @return DataResponse<Http::STATUS_OK, array{url: string}, array{}>`
			`* @throws OCSNotFoundException File not found`
			`* @throws OCSBadRequestException Getting direct link is not possible`
			`* @throws OCSForbiddenException Missing permissions to get direct link`
			`*`
			`* 200: Direct link returned`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`*/`
refactor(dav): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de> 2024-07-25 07:14:45 -04:00			`#[NoAdminRequired]`
DirectController: Let users choose the expiration time Signed-off-by: Iscle <albertiscle9@gmail.com> 2020-09-23 17:57:57 -04:00			`public function getUrl(int $fileId, int $expirationTime = 60 * 60 * 8): DataResponse {`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`$userFolder = $this->rootFolder->getUserFolder($this->userId);`

perf: switch places that always use the first getById result to getFirstNodeById Signed-off-by: Robin Appelman <robin@icewind.nl> 2024-02-09 03:54:52 -05:00			`$file = $userFolder->getFirstNodeById($fileId);`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00
perf: switch places that always use the first getById result to getFirstNodeById Signed-off-by: Robin Appelman <robin@icewind.nl> 2024-02-09 03:54:52 -05:00			`if (!$file) {`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`throw new OCSNotFoundException();`
			`}`

DirectController: Verify that expirationTime is between 0s and 24h Signed-off-by: Iscle <albertiscle9@gmail.com> 2020-10-01 17:47:13 -04:00			`if ($expirationTime <= 0 \|\| $expirationTime > (60 * 60 * 24)) {`
			`throw new OCSBadRequestException('Expiration time should be greater than 0 and less than or equal to ' . (60 * 60 * 24));`
			`}`

Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`if (!($file instanceof File)) {`
			`throw new OCSBadRequestException('Direct download only works for files');`
			`}`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00
Multiple fixes - Fix tests - Use non deprecated event stuff - Add a bit of type hinting to the new stuff - More safe handling of instanceOfStorage (share might not be the first wrapper) - Fix resharing Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-07-15 11:11:54 -04:00			`$event = new BeforeDirectFileDownloadEvent($userFolder->getRelativePath($file->getPath()));`
			`$this->eventDispatcher->dispatchTyped($event);`
Block download when needed on direct download endpoint Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 09:50:43 -04:00
Multiple fixes - Fix tests - Use non deprecated event stuff - Add a bit of type hinting to the new stuff - More safe handling of instanceOfStorage (share might not be the first wrapper) - Fix resharing Signed-off-by: Carl Schwan <carl@carlschwan.eu> 2022-07-15 11:11:54 -04:00			`if ($event->isSuccessful() === false) {`
Block download when needed on direct download endpoint Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 09:50:43 -04:00			`throw new OCSForbiddenException('Permission denied to download file');`
			`}`

Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`//TODO: at some point we should use the directdownlaod function of storages`
			`$direct = new Direct();`
			`$direct->setUserId($this->userId);`
			`$direct->setFileId($fileId);`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00
Introduce ISecureRandom::CHAR_ALPHANUMERIC Signed-off-by: J0WI <J0WI@users.noreply.github.com> 2021-07-07 11:52:46 -04:00			`$token = $this->random->generate(60, ISecureRandom::CHAR_ALPHANUMERIC);`
Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`$direct->setToken($token);`
DirectController: Let users choose the expiration time Signed-off-by: Iscle <albertiscle9@gmail.com> 2020-09-23 17:57:57 -04:00			`$direct->setExpiration($this->timeFactory->getTime() + $expirationTime);`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00
Improve the directContoller * Tests * No directdownload from storage yet (as it is not tested at all) * No direct links for folders Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-26 04:34:57 -04:00			`$this->mapper->insert($direct);`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00
chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de> 2024-09-19 05:10:31 -04:00			`$url = $this->urlGenerator->getAbsoluteURL('remote.php/direct/' . $token);`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`return new DataResponse([`
Add directDownload support of storage Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 11:40:52 -04:00			`'url' => $url,`
Request a direct link Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 10:54:24 -04:00			`]);`
First step of DAV endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-13 08:04:41 -04:00			`}`
			`}`