2012-05-05 16:54:14 -04:00
|
|
|
<?php
|
2024-05-24 13:43:47 -04:00
|
|
|
|
2015-03-26 06:44:34 -04:00
|
|
|
/**
|
2024-05-24 13:43:47 -04:00
|
|
|
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
|
|
|
|
|
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
|
|
|
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
2015-03-26 06:44:34 -04:00
|
|
|
*/
|
2017-10-13 15:30:29 -04:00
|
|
|
require_once __DIR__ . '/lib/versioncheck.php';
|
|
|
|
|
|
2015-08-30 13:13:01 -04:00
|
|
|
use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
|
2024-09-12 10:17:19 -04:00
|
|
|
use OCP\App\IAppManager;
|
2025-02-27 05:59:44 -05:00
|
|
|
use OCP\IRequest;
|
|
|
|
|
use OCP\Template\ITemplateManager;
|
2022-03-31 10:25:31 -04:00
|
|
|
use Psr\Log\LoggerInterface;
|
2015-06-29 09:47:05 -04:00
|
|
|
use Sabre\DAV\Exception\ServiceUnavailable;
|
|
|
|
|
use Sabre\DAV\Server;
|
|
|
|
|
|
2015-06-29 16:08:34 -04:00
|
|
|
/**
|
|
|
|
|
* Class RemoteException
|
|
|
|
|
* Dummy exception class to be use locally to identify certain conditions
|
2015-08-18 09:02:30 -04:00
|
|
|
* Will not be logged to avoid DoS
|
2015-06-29 16:08:34 -04:00
|
|
|
*/
|
2024-07-16 02:29:44 -04:00
|
|
|
class RemoteException extends \Exception {
|
2015-06-29 16:08:34 -04:00
|
|
|
}
|
|
|
|
|
|
2024-09-12 10:17:19 -04:00
|
|
|
function handleException(Exception|Error $e): void {
|
2022-10-05 06:39:00 -04:00
|
|
|
try {
|
2025-02-27 05:59:44 -05:00
|
|
|
$request = \OCP\Server::get(IRequest::class);
|
2022-10-05 06:39:00 -04:00
|
|
|
// in case the request content type is text/xml - we assume it's a WebDAV request
|
|
|
|
|
$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
|
|
|
|
|
if ($isXmlContentType === 0) {
|
|
|
|
|
// fire up a simple server to properly process the exception
|
|
|
|
|
$server = new Server();
|
|
|
|
|
if (!($e instanceof RemoteException)) {
|
|
|
|
|
// we shall not log on RemoteException
|
2025-02-27 05:59:44 -05:00
|
|
|
$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OCP\Server::get(LoggerInterface::class)));
|
2015-06-29 16:08:34 -04:00
|
|
|
}
|
2022-10-05 06:39:00 -04:00
|
|
|
$server->on('beforeMethod:*', function () use ($e) {
|
|
|
|
|
if ($e instanceof RemoteException) {
|
|
|
|
|
switch ($e->getCode()) {
|
|
|
|
|
case 503:
|
|
|
|
|
throw new ServiceUnavailable($e->getMessage());
|
|
|
|
|
case 404:
|
|
|
|
|
throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$class = get_class($e);
|
|
|
|
|
$msg = $e->getMessage();
|
|
|
|
|
throw new ServiceUnavailable("$class: $msg");
|
|
|
|
|
});
|
|
|
|
|
$server->exec();
|
2015-06-29 16:08:34 -04:00
|
|
|
} else {
|
2022-10-05 06:39:00 -04:00
|
|
|
$statusCode = 500;
|
|
|
|
|
if ($e instanceof \OC\ServiceUnavailableException) {
|
|
|
|
|
$statusCode = 503;
|
|
|
|
|
}
|
|
|
|
|
if ($e instanceof RemoteException) {
|
|
|
|
|
// we shall not log on RemoteException
|
2025-02-27 05:59:44 -05:00
|
|
|
\OCP\Server::get(ITemplateManager::class)->printErrorPage($e->getMessage(), '', $e->getCode());
|
2022-10-05 06:39:00 -04:00
|
|
|
} else {
|
2025-02-27 05:59:44 -05:00
|
|
|
\OCP\Server::get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'remote','exception' => $e]);
|
|
|
|
|
\OCP\Server::get(ITemplateManager::class)->printExceptionErrorPage($e, $statusCode);
|
2022-10-05 06:39:00 -04:00
|
|
|
}
|
2015-06-29 16:08:34 -04:00
|
|
|
}
|
2022-10-05 06:39:00 -04:00
|
|
|
} catch (\Exception $e) {
|
2025-02-27 05:59:44 -05:00
|
|
|
\OCP\Server::get(ITemplateManager::class)->printExceptionErrorPage($e, 500);
|
2015-06-29 09:47:05 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-05 03:59:43 -04:00
|
|
|
/**
|
2025-02-27 05:59:44 -05:00
|
|
|
* @param string $service
|
2016-04-05 03:59:43 -04:00
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
function resolveService($service) {
|
|
|
|
|
$services = [
|
|
|
|
|
'webdav' => 'dav/appinfo/v1/webdav.php',
|
|
|
|
|
'dav' => 'dav/appinfo/v2/remote.php',
|
|
|
|
|
'caldav' => 'dav/appinfo/v1/caldav.php',
|
|
|
|
|
'calendar' => 'dav/appinfo/v1/caldav.php',
|
|
|
|
|
'carddav' => 'dav/appinfo/v1/carddav.php',
|
|
|
|
|
'contacts' => 'dav/appinfo/v1/carddav.php',
|
|
|
|
|
'files' => 'dav/appinfo/v1/webdav.php',
|
2018-04-13 08:04:41 -04:00
|
|
|
'direct' => 'dav/appinfo/v2/direct.php',
|
2016-04-05 03:59:43 -04:00
|
|
|
];
|
|
|
|
|
if (isset($services[$service])) {
|
|
|
|
|
return $services[$service];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-10 07:45:19 -04:00
|
|
|
try {
|
2016-10-06 06:13:02 -04:00
|
|
|
require_once __DIR__ . '/lib/base.php';
|
2014-06-25 12:17:17 -04:00
|
|
|
|
2016-04-12 07:30:37 -04:00
|
|
|
// All resources served via the DAV endpoint should have the strictest possible
|
|
|
|
|
// policy. Exempted from this is the SabreDAV browser plugin which overwrites
|
|
|
|
|
// this policy with a softer one if debug mode is enabled.
|
|
|
|
|
header("Content-Security-Policy: default-src 'none';");
|
|
|
|
|
|
2014-06-25 12:17:17 -04:00
|
|
|
if (\OCP\Util::needUpgrade()) {
|
|
|
|
|
// since the behavior of apps or remotes are unpredictable during
|
|
|
|
|
// an upgrade, return a 503 directly
|
2018-06-26 06:15:09 -04:00
|
|
|
throw new RemoteException('Service unavailable', 503);
|
2014-06-25 12:17:17 -04:00
|
|
|
}
|
|
|
|
|
|
2015-02-10 07:02:48 -05:00
|
|
|
$request = \OC::$server->getRequest();
|
|
|
|
|
$pathInfo = $request->getPathInfo();
|
|
|
|
|
if ($pathInfo === false || $pathInfo === '') {
|
2018-06-26 06:15:09 -04:00
|
|
|
throw new RemoteException('Path not found', 404);
|
2013-06-10 07:45:19 -04:00
|
|
|
}
|
2015-02-10 07:02:48 -05:00
|
|
|
if (!$pos = strpos($pathInfo, '/', 1)) {
|
|
|
|
|
$pos = strlen($pathInfo);
|
2013-06-10 07:45:19 -04:00
|
|
|
}
|
2020-10-05 09:12:57 -04:00
|
|
|
$service = substr($pathInfo, 1, $pos - 1);
|
2012-06-24 04:06:42 -04:00
|
|
|
|
2016-04-05 03:59:43 -04:00
|
|
|
$file = resolveService($service);
|
2012-07-13 18:10:17 -04:00
|
|
|
|
2013-06-10 07:45:19 -04:00
|
|
|
if (is_null($file)) {
|
2018-06-26 06:15:09 -04:00
|
|
|
throw new RemoteException('Path not found', 404);
|
2013-06-10 07:45:19 -04:00
|
|
|
}
|
|
|
|
|
|
2020-10-05 09:12:57 -04:00
|
|
|
$file = ltrim($file, '/');
|
2013-06-10 07:45:19 -04:00
|
|
|
|
2020-10-05 09:12:57 -04:00
|
|
|
$parts = explode('/', $file, 2);
|
|
|
|
|
$app = $parts[0];
|
2014-05-10 08:00:22 -04:00
|
|
|
|
|
|
|
|
// Load all required applications
|
|
|
|
|
\OC::$REQUESTEDAPP = $app;
|
2024-09-12 10:17:19 -04:00
|
|
|
$appManager = \OCP\Server::get(IAppManager::class);
|
|
|
|
|
$appManager->loadApps(['authentication']);
|
|
|
|
|
$appManager->loadApps(['extended_authentication']);
|
|
|
|
|
$appManager->loadApps(['filesystem', 'logging']);
|
2014-05-10 08:00:22 -04:00
|
|
|
|
2013-06-10 07:45:19 -04:00
|
|
|
switch ($app) {
|
|
|
|
|
case 'core':
|
2020-10-05 09:12:57 -04:00
|
|
|
$file = OC::$SERVERROOT . '/' . $file;
|
2013-06-10 07:45:19 -04:00
|
|
|
break;
|
|
|
|
|
default:
|
2025-02-10 05:25:50 -05:00
|
|
|
if (!$appManager->isEnabledForUser($app)) {
|
2015-08-18 09:02:30 -04:00
|
|
|
throw new RemoteException('App not installed: ' . $app);
|
2014-09-04 09:23:55 -04:00
|
|
|
}
|
2024-09-12 10:17:19 -04:00
|
|
|
$appManager->loadApp($app);
|
|
|
|
|
$file = $appManager->getAppPath($app) . '/' . ($parts[1] ?? '');
|
2013-06-10 07:45:19 -04:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
$baseuri = OC::$WEBROOT . '/remote.php/' . $service . '/';
|
|
|
|
|
require_once $file;
|
|
|
|
|
} catch (Exception $ex) {
|
2015-06-29 09:47:05 -04:00
|
|
|
handleException($ex);
|
2016-04-20 12:01:47 -04:00
|
|
|
} catch (Error $e) {
|
2016-05-02 07:10:03 -04:00
|
|
|
handleException($e);
|
2013-08-18 05:02:08 -04:00
|
|
|
}
|
