You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

156 lines
4.6 KiB

14 years ago
  1. <?php
  2. use OC\ServiceUnavailableException;
  3. use OCP\IConfig;
  4. use OCP\Util;
  5. /**
  6. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  7. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  8. * SPDX-License-Identifier: AGPL-3.0-only
  9. */
  10. require_once __DIR__ . '/lib/versioncheck.php';
  11. use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
  12. use OCP\App\IAppManager;
  13. use OCP\IRequest;
  14. use OCP\Template\ITemplateManager;
  15. use Psr\Log\LoggerInterface;
  16. use Sabre\DAV\Exception\ServiceUnavailable;
  17. use Sabre\DAV\Server;
  18. /**
  19. * Class RemoteException
  20. * Dummy exception class to be use locally to identify certain conditions
  21. * Will not be logged to avoid DoS
  22. */
  23. class RemoteException extends \Exception {
  24. }
  25. function handleException(Exception|Error $e): void {
  26. try {
  27. $request = \OCP\Server::get(IRequest::class);
  28. // in case the request content type is text/xml - we assume it's a WebDAV request
  29. $isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
  30. if ($isXmlContentType === 0) {
  31. // fire up a simple server to properly process the exception
  32. $server = new Server();
  33. if (!($e instanceof RemoteException)) {
  34. // we shall not log on RemoteException
  35. $server->addPlugin(new ExceptionLoggerPlugin('webdav', \OCP\Server::get(LoggerInterface::class)));
  36. }
  37. $server->on('beforeMethod:*', function () use ($e): void {
  38. if ($e instanceof RemoteException) {
  39. switch ($e->getCode()) {
  40. case 503:
  41. throw new ServiceUnavailable($e->getMessage());
  42. case 404:
  43. throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
  44. }
  45. }
  46. $class = get_class($e);
  47. $msg = $e->getMessage();
  48. throw new ServiceUnavailable("$class: $msg");
  49. });
  50. $server->exec();
  51. } else {
  52. $statusCode = 500;
  53. if ($e instanceof ServiceUnavailableException) {
  54. $statusCode = 503;
  55. }
  56. if ($e instanceof RemoteException) {
  57. // we shall not log on RemoteException
  58. \OCP\Server::get(ITemplateManager::class)->printErrorPage($e->getMessage(), '', $e->getCode());
  59. } else {
  60. \OCP\Server::get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'remote','exception' => $e]);
  61. \OCP\Server::get(ITemplateManager::class)->printExceptionErrorPage($e, $statusCode);
  62. }
  63. }
  64. } catch (\Exception $e) {
  65. \OCP\Server::get(ITemplateManager::class)->printExceptionErrorPage($e, 500);
  66. }
  67. }
  68. /**
  69. * @param string $service
  70. * @return string
  71. */
  72. function resolveService($service) {
  73. $services = [
  74. 'webdav' => 'dav/appinfo/v1/webdav.php',
  75. 'dav' => 'dav/appinfo/v2/remote.php',
  76. 'caldav' => 'dav/appinfo/v1/caldav.php',
  77. 'calendar' => 'dav/appinfo/v1/caldav.php',
  78. 'carddav' => 'dav/appinfo/v1/carddav.php',
  79. 'contacts' => 'dav/appinfo/v1/carddav.php',
  80. 'files' => 'dav/appinfo/v1/webdav.php',
  81. 'direct' => 'dav/appinfo/v2/direct.php',
  82. ];
  83. if (isset($services[$service])) {
  84. return $services[$service];
  85. }
  86. return \OCP\Server::get(IConfig::class)->getAppValue('core', 'remote_' . $service);
  87. }
  88. try {
  89. require_once __DIR__ . '/lib/base.php';
  90. // All resources served via the DAV endpoint should have the strictest possible
  91. // policy. Exempted from this is the SabreDAV browser plugin which overwrites
  92. // this policy with a softer one if debug mode is enabled.
  93. header("Content-Security-Policy: default-src 'none';");
  94. if (Util::needUpgrade()) {
  95. // since the behavior of apps or remotes are unpredictable during
  96. // an upgrade, return a 503 directly
  97. throw new RemoteException('Service unavailable', 503);
  98. }
  99. $request = \OCP\Server::get(IRequest::class);
  100. $pathInfo = $request->getPathInfo();
  101. if ($pathInfo === false || $pathInfo === '') {
  102. throw new RemoteException('Path not found', 404);
  103. }
  104. if (!$pos = strpos($pathInfo, '/', 1)) {
  105. $pos = strlen($pathInfo);
  106. }
  107. $service = substr($pathInfo, 1, $pos - 1);
  108. $file = resolveService($service);
  109. if (is_null($file)) {
  110. throw new RemoteException('Path not found', 404);
  111. }
  112. $file = ltrim($file, '/');
  113. $parts = explode('/', $file, 2);
  114. $app = $parts[0];
  115. // Load all required applications
  116. \OC::$REQUESTEDAPP = $app;
  117. $appManager = \OCP\Server::get(IAppManager::class);
  118. $appManager->loadApps(['authentication']);
  119. $appManager->loadApps(['extended_authentication']);
  120. $appManager->loadApps(['filesystem', 'logging']);
  121. switch ($app) {
  122. case 'core':
  123. $file = OC::$SERVERROOT . '/' . $file;
  124. break;
  125. default:
  126. if (!$appManager->isEnabledForUser($app)) {
  127. throw new RemoteException('App not installed: ' . $app);
  128. }
  129. $appManager->loadApp($app);
  130. $file = $appManager->getAppPath($app) . '/' . ($parts[1] ?? '');
  131. break;
  132. }
  133. $baseuri = OC::$WEBROOT . '/remote.php/' . $service . '/';
  134. require_once $file;
  135. } catch (Exception $ex) {
  136. handleException($ex);
  137. } catch (Error $e) {
  138. handleException($e);
  139. }