1
0

MountPublicLinkController.php 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\FederatedFileSharing\Controller;
  8. use OCA\DAV\Connector\Sabre\PublicAuth;
  9. use OCA\FederatedFileSharing\AddressHandler;
  10. use OCA\FederatedFileSharing\FederatedShareProvider;
  11. use OCP\AppFramework\Controller;
  12. use OCP\AppFramework\Http;
  13. use OCP\AppFramework\Http\Attribute\BruteForceProtection;
  14. use OCP\AppFramework\Http\Attribute\NoAdminRequired;
  15. use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  16. use OCP\AppFramework\Http\Attribute\OpenAPI;
  17. use OCP\AppFramework\Http\Attribute\PublicPage;
  18. use OCP\AppFramework\Http\JSONResponse;
  19. use OCP\Constants;
  20. use OCP\Federation\ICloudIdManager;
  21. use OCP\HintException;
  22. use OCP\Http\Client\IClientService;
  23. use OCP\IL10N;
  24. use OCP\IRequest;
  25. use OCP\ISession;
  26. use OCP\IUserSession;
  27. use OCP\Share\IManager;
  28. use OCP\Share\IShare;
  29. use Psr\Log\LoggerInterface;
  30. /**
  31. * Class MountPublicLinkController
  32. *
  33. * convert public links to federated shares
  34. *
  35. * @package OCA\FederatedFileSharing\Controller
  36. */
  37. #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)]
  38. class MountPublicLinkController extends Controller {
  39. /**
  40. * MountPublicLinkController constructor.
  41. */
  42. public function __construct(
  43. string $appName,
  44. IRequest $request,
  45. private FederatedShareProvider $federatedShareProvider,
  46. private IManager $shareManager,
  47. private AddressHandler $addressHandler,
  48. private ISession $session,
  49. private IL10N $l,
  50. private IUserSession $userSession,
  51. private IClientService $clientService,
  52. private ICloudIdManager $cloudIdManager,
  53. private LoggerInterface $logger,
  54. ) {
  55. parent::__construct($appName, $request);
  56. }
  57. /**
  58. * send federated share to a user of a public link
  59. *
  60. * @param string $shareWith Username to share with
  61. * @param string $token Token of the share
  62. * @param string $password Password of the share
  63. * @return JSONResponse<Http::STATUS_OK, array{remoteUrl: string}, array{}>|JSONResponse<Http::STATUS_BAD_REQUEST, array{message: string}, array{}>
  64. * 200: Remote URL returned
  65. * 400: Creating share is not possible
  66. */
  67. #[NoCSRFRequired]
  68. #[PublicPage]
  69. #[BruteForceProtection(action: 'publicLink2FederatedShare')]
  70. public function createFederatedShare($shareWith, $token, $password = '') {
  71. if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
  72. return new JSONResponse(
  73. ['message' => 'This server doesn\'t support outgoing federated shares'],
  74. Http::STATUS_BAD_REQUEST
  75. );
  76. }
  77. try {
  78. [, $server] = $this->addressHandler->splitUserRemote($shareWith);
  79. $share = $this->shareManager->getShareByToken($token);
  80. } catch (HintException $e) {
  81. $response = new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
  82. $response->throttle();
  83. return $response;
  84. }
  85. // make sure that user is authenticated in case of a password protected link
  86. $storedPassword = $share->getPassword();
  87. $authenticated = $this->session->get(PublicAuth::DAV_AUTHENTICATED) === $share->getId() ||
  88. $this->shareManager->checkPassword($share, $password);
  89. if (!empty($storedPassword) && !$authenticated) {
  90. $response = new JSONResponse(
  91. ['message' => 'No permission to access the share'],
  92. Http::STATUS_BAD_REQUEST
  93. );
  94. $response->throttle();
  95. return $response;
  96. }
  97. if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
  98. $response = new JSONResponse(
  99. ['message' => 'Mounting file drop not supported'],
  100. Http::STATUS_BAD_REQUEST
  101. );
  102. $response->throttle();
  103. return $response;
  104. }
  105. $share->setSharedWith($shareWith);
  106. $share->setShareType(IShare::TYPE_REMOTE);
  107. try {
  108. $this->federatedShareProvider->create($share);
  109. } catch (\Exception $e) {
  110. $this->logger->warning($e->getMessage(), [
  111. 'app' => 'federatedfilesharing',
  112. 'exception' => $e,
  113. ]);
  114. return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
  115. }
  116. return new JSONResponse(['remoteUrl' => $server]);
  117. }
  118. /**
  119. * ask other server to get a federated share
  120. *
  121. * @param string $token
  122. * @param string $remote
  123. * @param string $password
  124. * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
  125. * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
  126. * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
  127. * @return JSONResponse
  128. */
  129. #[NoAdminRequired]
  130. public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
  131. // check if server admin allows to mount public links from other servers
  132. if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
  133. return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
  134. }
  135. $cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
  136. $httpClient = $this->clientService->newClient();
  137. try {
  138. $response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
  139. [
  140. 'body' =>
  141. [
  142. 'token' => $token,
  143. 'shareWith' => rtrim($cloudId->getId(), '/'),
  144. 'password' => $password
  145. ],
  146. 'connect_timeout' => 10,
  147. ]
  148. );
  149. } catch (\Exception $e) {
  150. if (empty($password)) {
  151. $message = $this->l->t("Couldn't establish a federated share.");
  152. } else {
  153. $message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
  154. }
  155. return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
  156. }
  157. $body = $response->getBody();
  158. $result = json_decode($body, true);
  159. if (is_array($result) && isset($result['remoteUrl'])) {
  160. return new JSONResponse(['message' => $this->l->t('Federated Share request sent, you will receive an invitation. Check your notifications.')]);
  161. }
  162. // if we doesn't get the expected response we assume that we try to add
  163. // a federated share from a Nextcloud <= 9 server
  164. $message = $this->l->t("Couldn't establish a federated share, it looks like the server to federate with is too old (Nextcloud <= 9).");
  165. return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
  166. }
  167. }