CustomPropertiesBackend.php 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\DAV\DAV;
  8. use Exception;
  9. use OCA\DAV\CalDAV\Calendar;
  10. use OCA\DAV\CalDAV\DefaultCalendarValidator;
  11. use OCA\DAV\Connector\Sabre\Directory;
  12. use OCA\DAV\Connector\Sabre\FilesPlugin;
  13. use OCP\DB\QueryBuilder\IQueryBuilder;
  14. use OCP\IDBConnection;
  15. use OCP\IUser;
  16. use Sabre\DAV\Exception as DavException;
  17. use Sabre\DAV\PropertyStorage\Backend\BackendInterface;
  18. use Sabre\DAV\PropFind;
  19. use Sabre\DAV\PropPatch;
  20. use Sabre\DAV\Server;
  21. use Sabre\DAV\Tree;
  22. use Sabre\DAV\Xml\Property\Complex;
  23. use Sabre\DAV\Xml\Property\Href;
  24. use Sabre\DAV\Xml\Property\LocalHref;
  25. use Sabre\Xml\ParseException;
  26. use Sabre\Xml\Service as XmlService;
  27. use function array_intersect;
  28. class CustomPropertiesBackend implements BackendInterface {
  29. /** @var string */
  30. private const TABLE_NAME = 'properties';
  31. /**
  32. * Value is stored as string.
  33. */
  34. public const PROPERTY_TYPE_STRING = 1;
  35. /**
  36. * Value is stored as XML fragment.
  37. */
  38. public const PROPERTY_TYPE_XML = 2;
  39. /**
  40. * Value is stored as a property object.
  41. */
  42. public const PROPERTY_TYPE_OBJECT = 3;
  43. /**
  44. * Value is stored as a {DAV:}href string.
  45. */
  46. public const PROPERTY_TYPE_HREF = 4;
  47. /**
  48. * Ignored properties
  49. *
  50. * @var string[]
  51. */
  52. private const IGNORED_PROPERTIES = [
  53. '{DAV:}getcontentlength',
  54. '{DAV:}getcontenttype',
  55. '{DAV:}getetag',
  56. '{DAV:}quota-used-bytes',
  57. '{DAV:}quota-available-bytes',
  58. '{http://owncloud.org/ns}permissions',
  59. '{http://owncloud.org/ns}downloadURL',
  60. '{http://owncloud.org/ns}dDC',
  61. '{http://owncloud.org/ns}size',
  62. '{http://nextcloud.org/ns}is-encrypted',
  63. // Currently, returning null from any propfind handler would still trigger the backend,
  64. // so we add all known Nextcloud custom properties in here to avoid that
  65. // text app
  66. '{http://nextcloud.org/ns}rich-workspace',
  67. '{http://nextcloud.org/ns}rich-workspace-file',
  68. // groupfolders
  69. '{http://nextcloud.org/ns}acl-enabled',
  70. '{http://nextcloud.org/ns}acl-can-manage',
  71. '{http://nextcloud.org/ns}acl-list',
  72. '{http://nextcloud.org/ns}inherited-acl-list',
  73. '{http://nextcloud.org/ns}group-folder-id',
  74. // files_lock
  75. '{http://nextcloud.org/ns}lock',
  76. '{http://nextcloud.org/ns}lock-owner-type',
  77. '{http://nextcloud.org/ns}lock-owner',
  78. '{http://nextcloud.org/ns}lock-owner-displayname',
  79. '{http://nextcloud.org/ns}lock-owner-editor',
  80. '{http://nextcloud.org/ns}lock-time',
  81. '{http://nextcloud.org/ns}lock-timeout',
  82. '{http://nextcloud.org/ns}lock-token',
  83. ];
  84. /**
  85. * Properties set by one user, readable by all others
  86. *
  87. * @var string[]
  88. */
  89. private const PUBLISHED_READ_ONLY_PROPERTIES = [
  90. '{urn:ietf:params:xml:ns:caldav}calendar-availability',
  91. '{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL',
  92. ];
  93. /**
  94. * Map of custom XML elements to parse when trying to deserialize an instance of
  95. * \Sabre\DAV\Xml\Property\Complex to find a more specialized PROPERTY_TYPE_*
  96. */
  97. private const COMPLEX_XML_ELEMENT_MAP = [
  98. '{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL' => Href::class,
  99. ];
  100. /**
  101. * Properties cache
  102. *
  103. * @var array
  104. */
  105. private $userCache = [];
  106. private XmlService $xmlService;
  107. /**
  108. * @param Tree $tree node tree
  109. * @param IDBConnection $connection database connection
  110. * @param IUser $user owner of the tree and properties
  111. */
  112. public function __construct(
  113. private Server $server,
  114. private Tree $tree,
  115. private IDBConnection $connection,
  116. private IUser $user,
  117. private DefaultCalendarValidator $defaultCalendarValidator,
  118. ) {
  119. $this->xmlService = new XmlService();
  120. $this->xmlService->elementMap = array_merge(
  121. $this->xmlService->elementMap,
  122. self::COMPLEX_XML_ELEMENT_MAP,
  123. );
  124. }
  125. /**
  126. * Fetches properties for a path.
  127. *
  128. * @param string $path
  129. * @param PropFind $propFind
  130. * @return void
  131. */
  132. public function propFind($path, PropFind $propFind) {
  133. $requestedProps = $propFind->get404Properties();
  134. // these might appear
  135. $requestedProps = array_diff(
  136. $requestedProps,
  137. self::IGNORED_PROPERTIES,
  138. );
  139. $requestedProps = array_filter(
  140. $requestedProps,
  141. fn ($prop) => !str_starts_with($prop, FilesPlugin::FILE_METADATA_PREFIX),
  142. );
  143. // substr of calendars/ => path is inside the CalDAV component
  144. // two '/' => this a calendar (no calendar-home nor calendar object)
  145. if (str_starts_with($path, 'calendars/') && substr_count($path, '/') === 2) {
  146. $allRequestedProps = $propFind->getRequestedProperties();
  147. $customPropertiesForShares = [
  148. '{DAV:}displayname',
  149. '{urn:ietf:params:xml:ns:caldav}calendar-description',
  150. '{urn:ietf:params:xml:ns:caldav}calendar-timezone',
  151. '{http://apple.com/ns/ical/}calendar-order',
  152. '{http://apple.com/ns/ical/}calendar-color',
  153. '{urn:ietf:params:xml:ns:caldav}schedule-calendar-transp',
  154. ];
  155. foreach ($customPropertiesForShares as $customPropertyForShares) {
  156. if (in_array($customPropertyForShares, $allRequestedProps)) {
  157. $requestedProps[] = $customPropertyForShares;
  158. }
  159. }
  160. }
  161. // substr of addressbooks/ => path is inside the CardDAV component
  162. // three '/' => this a addressbook (no addressbook-home nor contact object)
  163. if (str_starts_with($path, 'addressbooks/') && substr_count($path, '/') === 3) {
  164. $allRequestedProps = $propFind->getRequestedProperties();
  165. $customPropertiesForShares = [
  166. '{DAV:}displayname',
  167. ];
  168. foreach ($customPropertiesForShares as $customPropertyForShares) {
  169. if (in_array($customPropertyForShares, $allRequestedProps, true)) {
  170. $requestedProps[] = $customPropertyForShares;
  171. }
  172. }
  173. }
  174. // substr of principals/users/ => path is a user principal
  175. // two '/' => this a principal collection (and not some child object)
  176. if (str_starts_with($path, 'principals/users/') && substr_count($path, '/') === 2) {
  177. $allRequestedProps = $propFind->getRequestedProperties();
  178. $customProperties = [
  179. '{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL',
  180. ];
  181. foreach ($customProperties as $customProperty) {
  182. if (in_array($customProperty, $allRequestedProps, true)) {
  183. $requestedProps[] = $customProperty;
  184. }
  185. }
  186. }
  187. if (empty($requestedProps)) {
  188. return;
  189. }
  190. $node = $this->tree->getNodeForPath($path);
  191. if ($node instanceof Directory && $propFind->getDepth() !== 0) {
  192. $this->cacheDirectory($path, $node);
  193. }
  194. // First fetch the published properties (set by another user), then get the ones set by
  195. // the current user. If both are set then the latter as priority.
  196. foreach ($this->getPublishedProperties($path, $requestedProps) as $propName => $propValue) {
  197. try {
  198. $this->validateProperty($path, $propName, $propValue);
  199. } catch (DavException $e) {
  200. continue;
  201. }
  202. $propFind->set($propName, $propValue);
  203. }
  204. foreach ($this->getUserProperties($path, $requestedProps) as $propName => $propValue) {
  205. try {
  206. $this->validateProperty($path, $propName, $propValue);
  207. } catch (DavException $e) {
  208. continue;
  209. }
  210. $propFind->set($propName, $propValue);
  211. }
  212. }
  213. /**
  214. * Updates properties for a path
  215. *
  216. * @param string $path
  217. * @param PropPatch $propPatch
  218. *
  219. * @return void
  220. */
  221. public function propPatch($path, PropPatch $propPatch) {
  222. $propPatch->handleRemaining(function ($changedProps) use ($path) {
  223. return $this->updateProperties($path, $changedProps);
  224. });
  225. }
  226. /**
  227. * This method is called after a node is deleted.
  228. *
  229. * @param string $path path of node for which to delete properties
  230. */
  231. public function delete($path) {
  232. $statement = $this->connection->prepare(
  233. 'DELETE FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?'
  234. );
  235. $statement->execute([$this->user->getUID(), $this->formatPath($path)]);
  236. $statement->closeCursor();
  237. unset($this->userCache[$path]);
  238. }
  239. /**
  240. * This method is called after a successful MOVE
  241. *
  242. * @param string $source
  243. * @param string $destination
  244. *
  245. * @return void
  246. */
  247. public function move($source, $destination) {
  248. $statement = $this->connection->prepare(
  249. 'UPDATE `*PREFIX*properties` SET `propertypath` = ?' .
  250. ' WHERE `userid` = ? AND `propertypath` = ?'
  251. );
  252. $statement->execute([$this->formatPath($destination), $this->user->getUID(), $this->formatPath($source)]);
  253. $statement->closeCursor();
  254. }
  255. /**
  256. * Validate the value of a property. Will throw if a value is invalid.
  257. *
  258. * @throws DavException The value of the property is invalid
  259. */
  260. private function validateProperty(string $path, string $propName, mixed $propValue): void {
  261. switch ($propName) {
  262. case '{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL':
  263. /** @var Href $propValue */
  264. $href = $propValue->getHref();
  265. if ($href === null) {
  266. throw new DavException('Href is empty');
  267. }
  268. // $path is the principal here as this prop is only set on principals
  269. $node = $this->tree->getNodeForPath($href);
  270. if (!($node instanceof Calendar) || $node->getOwner() !== $path) {
  271. throw new DavException('No such calendar');
  272. }
  273. $this->defaultCalendarValidator->validateScheduleDefaultCalendar($node);
  274. break;
  275. }
  276. }
  277. /**
  278. * @param string $path
  279. * @param string[] $requestedProperties
  280. *
  281. * @return array
  282. */
  283. private function getPublishedProperties(string $path, array $requestedProperties): array {
  284. $allowedProps = array_intersect(self::PUBLISHED_READ_ONLY_PROPERTIES, $requestedProperties);
  285. if (empty($allowedProps)) {
  286. return [];
  287. }
  288. $qb = $this->connection->getQueryBuilder();
  289. $qb->select('*')
  290. ->from(self::TABLE_NAME)
  291. ->where($qb->expr()->eq('propertypath', $qb->createNamedParameter($path)));
  292. $result = $qb->executeQuery();
  293. $props = [];
  294. while ($row = $result->fetch()) {
  295. $props[$row['propertyname']] = $this->decodeValueFromDatabase($row['propertyvalue'], $row['valuetype']);
  296. }
  297. $result->closeCursor();
  298. return $props;
  299. }
  300. /**
  301. * prefetch all user properties in a directory
  302. */
  303. private function cacheDirectory(string $path, Directory $node): void {
  304. $prefix = ltrim($path . '/', '/');
  305. $query = $this->connection->getQueryBuilder();
  306. $query->select('name', 'p.propertypath', 'p.propertyname', 'p.propertyvalue', 'p.valuetype')
  307. ->from('filecache', 'f')
  308. ->hintShardKey('storage', $node->getNode()->getMountPoint()->getNumericStorageId())
  309. ->leftJoin('f', 'properties', 'p', $query->expr()->eq('p.propertypath', $query->func()->concat(
  310. $query->createNamedParameter($prefix),
  311. 'f.name'
  312. )),
  313. )
  314. ->where($query->expr()->eq('parent', $query->createNamedParameter($node->getInternalFileId(), IQueryBuilder::PARAM_INT)))
  315. ->andWhere($query->expr()->eq('p.userid', $query->createNamedParameter($this->user->getUID())));
  316. $result = $query->executeQuery();
  317. $propsByPath = [];
  318. while ($row = $result->fetch()) {
  319. $childPath = $prefix . $row['name'];
  320. if (!isset($propsByPath[$childPath])) {
  321. $propsByPath[$childPath] = [];
  322. }
  323. if (isset($row['propertyname'])) {
  324. $propsByPath[$childPath][$row['propertyname']] = $this->decodeValueFromDatabase($row['propertyvalue'], $row['valuetype']);
  325. }
  326. }
  327. $this->userCache = array_merge($this->userCache, $propsByPath);
  328. }
  329. /**
  330. * Returns a list of properties for the given path and current user
  331. *
  332. * @param string $path
  333. * @param array $requestedProperties requested properties or empty array for "all"
  334. * @return array
  335. * @note The properties list is a list of propertynames the client
  336. * requested, encoded as xmlnamespace#tagName, for example:
  337. * http://www.example.org/namespace#author If the array is empty, all
  338. * properties should be returned
  339. */
  340. private function getUserProperties(string $path, array $requestedProperties) {
  341. if (isset($this->userCache[$path])) {
  342. return $this->userCache[$path];
  343. }
  344. // TODO: chunking if more than 1000 properties
  345. $sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?';
  346. $whereValues = [$this->user->getUID(), $this->formatPath($path)];
  347. $whereTypes = [null, null];
  348. if (!empty($requestedProperties)) {
  349. // request only a subset
  350. $sql .= ' AND `propertyname` in (?)';
  351. $whereValues[] = $requestedProperties;
  352. $whereTypes[] = IQueryBuilder::PARAM_STR_ARRAY;
  353. }
  354. $result = $this->connection->executeQuery(
  355. $sql,
  356. $whereValues,
  357. $whereTypes
  358. );
  359. $props = [];
  360. while ($row = $result->fetch()) {
  361. $props[$row['propertyname']] = $this->decodeValueFromDatabase($row['propertyvalue'], $row['valuetype']);
  362. }
  363. $result->closeCursor();
  364. $this->userCache[$path] = $props;
  365. return $props;
  366. }
  367. /**
  368. * @throws Exception
  369. */
  370. private function updateProperties(string $path, array $properties): bool {
  371. // TODO: use "insert or update" strategy ?
  372. $existing = $this->getUserProperties($path, []);
  373. try {
  374. $this->connection->beginTransaction();
  375. foreach ($properties as $propertyName => $propertyValue) {
  376. // common parameters for all queries
  377. $dbParameters = [
  378. 'userid' => $this->user->getUID(),
  379. 'propertyPath' => $this->formatPath($path),
  380. 'propertyName' => $propertyName,
  381. ];
  382. // If it was null, we need to delete the property
  383. if (is_null($propertyValue)) {
  384. if (array_key_exists($propertyName, $existing)) {
  385. $deleteQuery = $deleteQuery ?? $this->createDeleteQuery();
  386. $deleteQuery
  387. ->setParameters($dbParameters)
  388. ->executeStatement();
  389. }
  390. } else {
  391. [$value, $valueType] = $this->encodeValueForDatabase(
  392. $path,
  393. $propertyName,
  394. $propertyValue,
  395. );
  396. $dbParameters['propertyValue'] = $value;
  397. $dbParameters['valueType'] = $valueType;
  398. if (!array_key_exists($propertyName, $existing)) {
  399. $insertQuery = $insertQuery ?? $this->createInsertQuery();
  400. $insertQuery
  401. ->setParameters($dbParameters)
  402. ->executeStatement();
  403. } else {
  404. $updateQuery = $updateQuery ?? $this->createUpdateQuery();
  405. $updateQuery
  406. ->setParameters($dbParameters)
  407. ->executeStatement();
  408. }
  409. }
  410. }
  411. $this->connection->commit();
  412. unset($this->userCache[$path]);
  413. } catch (Exception $e) {
  414. $this->connection->rollBack();
  415. throw $e;
  416. }
  417. return true;
  418. }
  419. /**
  420. * long paths are hashed to ensure they fit in the database
  421. *
  422. * @param string $path
  423. * @return string
  424. */
  425. private function formatPath(string $path): string {
  426. if (strlen($path) > 250) {
  427. return sha1($path);
  428. }
  429. return $path;
  430. }
  431. /**
  432. * @throws ParseException If parsing a \Sabre\DAV\Xml\Property\Complex value fails
  433. * @throws DavException If the property value is invalid
  434. */
  435. private function encodeValueForDatabase(string $path, string $name, mixed $value): array {
  436. // Try to parse a more specialized property type first
  437. if ($value instanceof Complex) {
  438. $xml = $this->xmlService->write($name, [$value], $this->server->getBaseUri());
  439. $value = $this->xmlService->parse($xml, $this->server->getBaseUri()) ?? $value;
  440. }
  441. if ($name === '{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL') {
  442. $value = $this->encodeDefaultCalendarUrl($value);
  443. }
  444. try {
  445. $this->validateProperty($path, $name, $value);
  446. } catch (DavException $e) {
  447. throw new DavException(
  448. "Property \"$name\" has an invalid value: " . $e->getMessage(),
  449. 0,
  450. $e,
  451. );
  452. }
  453. if (is_scalar($value)) {
  454. $valueType = self::PROPERTY_TYPE_STRING;
  455. } elseif ($value instanceof Complex) {
  456. $valueType = self::PROPERTY_TYPE_XML;
  457. $value = $value->getXml();
  458. } elseif ($value instanceof Href) {
  459. $valueType = self::PROPERTY_TYPE_HREF;
  460. $value = $value->getHref();
  461. } else {
  462. $valueType = self::PROPERTY_TYPE_OBJECT;
  463. // serialize produces null character
  464. // these can not be properly stored in some databases and need to be replaced
  465. $value = str_replace(chr(0), '\x00', serialize($value));
  466. }
  467. return [$value, $valueType];
  468. }
  469. /**
  470. * @return mixed|Complex|string
  471. */
  472. private function decodeValueFromDatabase(string $value, int $valueType) {
  473. switch ($valueType) {
  474. case self::PROPERTY_TYPE_XML:
  475. return new Complex($value);
  476. case self::PROPERTY_TYPE_HREF:
  477. return new Href($value);
  478. case self::PROPERTY_TYPE_OBJECT:
  479. // some databases can not handel null characters, these are custom encoded during serialization
  480. // this custom encoding needs to be first reversed before unserializing
  481. return unserialize(str_replace('\x00', chr(0), $value));
  482. case self::PROPERTY_TYPE_STRING:
  483. default:
  484. return $value;
  485. }
  486. }
  487. private function encodeDefaultCalendarUrl(Href $value): Href {
  488. $href = $value->getHref();
  489. if ($href === null) {
  490. return $value;
  491. }
  492. if (!str_starts_with($href, '/')) {
  493. return $value;
  494. }
  495. try {
  496. // Build path relative to the dav base URI to be used later to find the node
  497. $value = new LocalHref($this->server->calculateUri($href) . '/');
  498. } catch (DavException\Forbidden) {
  499. // Not existing calendars will be handled later when the value is validated
  500. }
  501. return $value;
  502. }
  503. private function createDeleteQuery(): IQueryBuilder {
  504. $deleteQuery = $this->connection->getQueryBuilder();
  505. $deleteQuery->delete('properties')
  506. ->where($deleteQuery->expr()->eq('userid', $deleteQuery->createParameter('userid')))
  507. ->andWhere($deleteQuery->expr()->eq('propertypath', $deleteQuery->createParameter('propertyPath')))
  508. ->andWhere($deleteQuery->expr()->eq('propertyname', $deleteQuery->createParameter('propertyName')));
  509. return $deleteQuery;
  510. }
  511. private function createInsertQuery(): IQueryBuilder {
  512. $insertQuery = $this->connection->getQueryBuilder();
  513. $insertQuery->insert('properties')
  514. ->values([
  515. 'userid' => $insertQuery->createParameter('userid'),
  516. 'propertypath' => $insertQuery->createParameter('propertyPath'),
  517. 'propertyname' => $insertQuery->createParameter('propertyName'),
  518. 'propertyvalue' => $insertQuery->createParameter('propertyValue'),
  519. 'valuetype' => $insertQuery->createParameter('valueType'),
  520. ]);
  521. return $insertQuery;
  522. }
  523. private function createUpdateQuery(): IQueryBuilder {
  524. $updateQuery = $this->connection->getQueryBuilder();
  525. $updateQuery->update('properties')
  526. ->set('propertyvalue', $updateQuery->createParameter('propertyValue'))
  527. ->set('valuetype', $updateQuery->createParameter('valueType'))
  528. ->where($updateQuery->expr()->eq('userid', $updateQuery->createParameter('userid')))
  529. ->andWhere($updateQuery->expr()->eq('propertypath', $updateQuery->createParameter('propertyPath')))
  530. ->andWhere($updateQuery->expr()->eq('propertyname', $updateQuery->createParameter('propertyName')));
  531. return $updateQuery;
  532. }
  533. }