1
0

TrustedServers.php 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bjoern Schiessle <bjoern@schiessle.org>
  7. * @author Björn Schießle <bjoern@schiessle.org>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Thomas Müller <thomas.mueller@tmit.eu>
  12. *
  13. * @license AGPL-3.0
  14. *
  15. * This code is free software: you can redistribute it and/or modify
  16. * it under the terms of the GNU Affero General Public License, version 3,
  17. * as published by the Free Software Foundation.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License, version 3,
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>
  26. *
  27. */
  28. namespace OCA\Federation;
  29. use OCA\Federation\BackgroundJob\RequestSharedSecret;
  30. use OCP\AppFramework\Http;
  31. use OCP\AppFramework\Utility\ITimeFactory;
  32. use OCP\BackgroundJob\IJobList;
  33. use OCP\HintException;
  34. use OCP\Http\Client\IClientService;
  35. use OCP\IConfig;
  36. use OCP\Security\ISecureRandom;
  37. use OCP\DB\Exception as DBException;
  38. use OCP\EventDispatcher\IEventDispatcher;
  39. use OCP\Federation\Events\TrustedServerRemovedEvent;
  40. use Psr\Log\LoggerInterface;
  41. class TrustedServers {
  42. /** after a user list was exchanged at least once successfully */
  43. public const STATUS_OK = 1;
  44. /** waiting for shared secret or initial user list exchange */
  45. public const STATUS_PENDING = 2;
  46. /** something went wrong, misconfigured server, software bug,... user interaction needed */
  47. public const STATUS_FAILURE = 3;
  48. /** remote server revoked access */
  49. public const STATUS_ACCESS_REVOKED = 4;
  50. private DbHandler $dbHandler;
  51. private IClientService $httpClientService;
  52. private LoggerInterface $logger;
  53. private IJobList $jobList;
  54. private ISecureRandom $secureRandom;
  55. private IConfig $config;
  56. private IEventDispatcher $dispatcher;
  57. private ITimeFactory $timeFactory;
  58. public function __construct(
  59. DbHandler $dbHandler,
  60. IClientService $httpClientService,
  61. LoggerInterface $logger,
  62. IJobList $jobList,
  63. ISecureRandom $secureRandom,
  64. IConfig $config,
  65. IEventDispatcher $dispatcher,
  66. ITimeFactory $timeFactory
  67. ) {
  68. $this->dbHandler = $dbHandler;
  69. $this->httpClientService = $httpClientService;
  70. $this->logger = $logger;
  71. $this->jobList = $jobList;
  72. $this->secureRandom = $secureRandom;
  73. $this->config = $config;
  74. $this->dispatcher = $dispatcher;
  75. $this->timeFactory = $timeFactory;
  76. }
  77. /**
  78. * Add server to the list of trusted servers
  79. */
  80. public function addServer(string $url): int {
  81. $url = $this->updateProtocol($url);
  82. $result = $this->dbHandler->addServer($url);
  83. if ($result) {
  84. $token = $this->secureRandom->generate(16);
  85. $this->dbHandler->addToken($url, $token);
  86. $this->jobList->add(
  87. RequestSharedSecret::class,
  88. [
  89. 'url' => $url,
  90. 'token' => $token,
  91. 'created' => $this->timeFactory->getTime()
  92. ]
  93. );
  94. }
  95. return $result;
  96. }
  97. /**
  98. * Get shared secret for the given server
  99. */
  100. public function getSharedSecret(string $url): string {
  101. return $this->dbHandler->getSharedSecret($url);
  102. }
  103. /**
  104. * Add shared secret for the given server
  105. */
  106. public function addSharedSecret(string $url, string $sharedSecret): void {
  107. $this->dbHandler->addSharedSecret($url, $sharedSecret);
  108. }
  109. /**
  110. * Remove server from the list of trusted servers
  111. */
  112. public function removeServer(int $id): void {
  113. $server = $this->dbHandler->getServerById($id);
  114. $this->dbHandler->removeServer($id);
  115. $this->dispatcher->dispatchTyped(new TrustedServerRemovedEvent($server['url_hash']));
  116. }
  117. /**
  118. * Get all trusted servers
  119. * @return list<array{id: int, url: string, url_hash: string, shared_secret: string, status: int, sync_token: string}>
  120. */
  121. public function getServers() {
  122. return $this->dbHandler->getAllServer();
  123. }
  124. /**
  125. * Check if given server is a trusted Nextcloud server
  126. */
  127. public function isTrustedServer(string $url): bool {
  128. return $this->dbHandler->serverExists($url);
  129. }
  130. /**
  131. * Set server status
  132. */
  133. public function setServerStatus(string $url, int $status): void {
  134. $this->dbHandler->setServerStatus($url, $status);
  135. }
  136. /**
  137. * Get server status
  138. */
  139. public function getServerStatus(string $url): int {
  140. return $this->dbHandler->getServerStatus($url);
  141. }
  142. /**
  143. * Check if URL point to a ownCloud/Nextcloud server
  144. */
  145. public function isNextcloudServer(string $url): bool {
  146. $isValidNextcloud = false;
  147. $client = $this->httpClientService->newClient();
  148. try {
  149. $result = $client->get(
  150. $url . '/status.php',
  151. [
  152. 'timeout' => 3,
  153. 'connect_timeout' => 3,
  154. ]
  155. );
  156. if ($result->getStatusCode() === Http::STATUS_OK) {
  157. $body = $result->getBody();
  158. if (is_resource($body)) {
  159. $body = stream_get_contents($body) ?: '';
  160. }
  161. $isValidNextcloud = $this->checkNextcloudVersion($body);
  162. }
  163. } catch (\Exception $e) {
  164. $this->logger->error('No Nextcloud server.', [
  165. 'app' => 'federation',
  166. 'exception' => $e,
  167. ]);
  168. return false;
  169. }
  170. return $isValidNextcloud;
  171. }
  172. /**
  173. * Check if ownCloud/Nextcloud version is >= 9.0
  174. * @throws HintException
  175. */
  176. protected function checkNextcloudVersion(string $status): bool {
  177. $decoded = json_decode($status, true);
  178. if (!empty($decoded) && isset($decoded['version'])) {
  179. if (!version_compare($decoded['version'], '9.0.0', '>=')) {
  180. throw new HintException('Remote server version is too low. 9.0 is required.');
  181. }
  182. return true;
  183. }
  184. return false;
  185. }
  186. /**
  187. * Check if the URL contain a protocol, if not add https
  188. */
  189. protected function updateProtocol(string $url): string {
  190. if (
  191. strpos($url, 'https://') === 0
  192. || strpos($url, 'http://') === 0
  193. ) {
  194. return $url;
  195. }
  196. return 'https://' . $url;
  197. }
  198. }