remote.php 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Brice Maron <brice@bmaron.net>
  6. * @author Christopher Schäpers <kondou@ts.unde.re>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Georg Ehrke <oc.list@georgehrke.com>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  11. * @author Lukas Reschke <lukas@statuscode.ch>
  12. * @author Morris Jobke <hey@morrisjobke.de>
  13. * @author Robin Appelman <robin@icewind.nl>
  14. * @author Robin McCorkell <robin@mccorkell.me.uk>
  15. * @author Roeland Jago Douma <roeland@famdouma.nl>
  16. * @author Thomas Müller <thomas.mueller@tmit.eu>
  17. * @author Vincent Petry <vincent@nextcloud.com>
  18. *
  19. * @license AGPL-3.0
  20. *
  21. * This code is free software: you can redistribute it and/or modify
  22. * it under the terms of the GNU Affero General Public License, version 3,
  23. * as published by the Free Software Foundation.
  24. *
  25. * This program is distributed in the hope that it will be useful,
  26. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  27. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  28. * GNU Affero General Public License for more details.
  29. *
  30. * You should have received a copy of the GNU Affero General Public License, version 3,
  31. * along with this program. If not, see <http://www.gnu.org/licenses/>
  32. *
  33. */
  34. require_once __DIR__ . '/lib/versioncheck.php';
  35. use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
  36. use Psr\Log\LoggerInterface;
  37. use Sabre\DAV\Exception\ServiceUnavailable;
  38. use Sabre\DAV\Server;
  39. /**
  40. * Class RemoteException
  41. * Dummy exception class to be use locally to identify certain conditions
  42. * Will not be logged to avoid DoS
  43. */
  44. class RemoteException extends Exception {
  45. }
  46. /**
  47. * @param Exception|Error $e
  48. */
  49. function handleException($e) {
  50. try {
  51. $request = \OC::$server->getRequest();
  52. // in case the request content type is text/xml - we assume it's a WebDAV request
  53. $isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
  54. if ($isXmlContentType === 0) {
  55. // fire up a simple server to properly process the exception
  56. $server = new Server();
  57. if (!($e instanceof RemoteException)) {
  58. // we shall not log on RemoteException
  59. $server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->get(LoggerInterface::class)));
  60. }
  61. $server->on('beforeMethod:*', function () use ($e) {
  62. if ($e instanceof RemoteException) {
  63. switch ($e->getCode()) {
  64. case 503:
  65. throw new ServiceUnavailable($e->getMessage());
  66. case 404:
  67. throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
  68. }
  69. }
  70. $class = get_class($e);
  71. $msg = $e->getMessage();
  72. throw new ServiceUnavailable("$class: $msg");
  73. });
  74. $server->exec();
  75. } else {
  76. $statusCode = 500;
  77. if ($e instanceof \OC\ServiceUnavailableException) {
  78. $statusCode = 503;
  79. }
  80. if ($e instanceof RemoteException) {
  81. // we shall not log on RemoteException
  82. OC_Template::printErrorPage($e->getMessage(), '', $e->getCode());
  83. } else {
  84. \OC::$server->get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'remote','exception' => $e]);
  85. OC_Template::printExceptionErrorPage($e, $statusCode);
  86. }
  87. }
  88. } catch (\Exception $e) {
  89. OC_Template::printExceptionErrorPage($e, 500);
  90. }
  91. }
  92. /**
  93. * @param $service
  94. * @return string
  95. */
  96. function resolveService($service) {
  97. $services = [
  98. 'webdav' => 'dav/appinfo/v1/webdav.php',
  99. 'dav' => 'dav/appinfo/v2/remote.php',
  100. 'caldav' => 'dav/appinfo/v1/caldav.php',
  101. 'calendar' => 'dav/appinfo/v1/caldav.php',
  102. 'carddav' => 'dav/appinfo/v1/carddav.php',
  103. 'contacts' => 'dav/appinfo/v1/carddav.php',
  104. 'files' => 'dav/appinfo/v1/webdav.php',
  105. 'direct' => 'dav/appinfo/v2/direct.php',
  106. ];
  107. if (isset($services[$service])) {
  108. return $services[$service];
  109. }
  110. return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
  111. }
  112. try {
  113. require_once __DIR__ . '/lib/base.php';
  114. // All resources served via the DAV endpoint should have the strictest possible
  115. // policy. Exempted from this is the SabreDAV browser plugin which overwrites
  116. // this policy with a softer one if debug mode is enabled.
  117. header("Content-Security-Policy: default-src 'none';");
  118. if (\OCP\Util::needUpgrade()) {
  119. // since the behavior of apps or remotes are unpredictable during
  120. // an upgrade, return a 503 directly
  121. throw new RemoteException('Service unavailable', 503);
  122. }
  123. $request = \OC::$server->getRequest();
  124. $pathInfo = $request->getPathInfo();
  125. if ($pathInfo === false || $pathInfo === '') {
  126. throw new RemoteException('Path not found', 404);
  127. }
  128. if (!$pos = strpos($pathInfo, '/', 1)) {
  129. $pos = strlen($pathInfo);
  130. }
  131. $service = substr($pathInfo, 1, $pos - 1);
  132. $file = resolveService($service);
  133. if (is_null($file)) {
  134. throw new RemoteException('Path not found', 404);
  135. }
  136. $file = ltrim($file, '/');
  137. $parts = explode('/', $file, 2);
  138. $app = $parts[0];
  139. // Load all required applications
  140. \OC::$REQUESTEDAPP = $app;
  141. OC_App::loadApps(['authentication']);
  142. OC_App::loadApps(['extended_authentication']);
  143. OC_App::loadApps(['filesystem', 'logging']);
  144. switch ($app) {
  145. case 'core':
  146. $file = OC::$SERVERROOT .'/'. $file;
  147. break;
  148. default:
  149. if (!\OC::$server->getAppManager()->isInstalled($app)) {
  150. throw new RemoteException('App not installed: ' . $app);
  151. }
  152. OC_App::loadApp($app);
  153. $file = OC_App::getAppPath($app) .'/'. $parts[1];
  154. break;
  155. }
  156. $baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
  157. require_once $file;
  158. } catch (Exception $ex) {
  159. handleException($ex);
  160. } catch (Error $e) {
  161. handleException($e);
  162. }