1
0

OpenLocalEditorController.php 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OCA\Files\Controller;
  8. use OCA\Files\Db\OpenLocalEditor;
  9. use OCA\Files\Db\OpenLocalEditorMapper;
  10. use OCP\AppFramework\Db\DoesNotExistException;
  11. use OCP\AppFramework\Http;
  12. use OCP\AppFramework\Http\DataResponse;
  13. use OCP\AppFramework\OCSController;
  14. use OCP\AppFramework\Utility\ITimeFactory;
  15. use OCP\DB\Exception;
  16. use OCP\IRequest;
  17. use OCP\Security\ISecureRandom;
  18. use Psr\Log\LoggerInterface;
  19. class OpenLocalEditorController extends OCSController {
  20. public const TOKEN_LENGTH = 128;
  21. public const TOKEN_DURATION = 600; // 10 Minutes
  22. public const TOKEN_RETRIES = 50;
  23. protected ITimeFactory $timeFactory;
  24. protected OpenLocalEditorMapper $mapper;
  25. protected ISecureRandom $secureRandom;
  26. protected LoggerInterface $logger;
  27. protected ?string $userId;
  28. public function __construct(
  29. string $appName,
  30. IRequest $request,
  31. ITimeFactory $timeFactory,
  32. OpenLocalEditorMapper $mapper,
  33. ISecureRandom $secureRandom,
  34. LoggerInterface $logger,
  35. ?string $userId
  36. ) {
  37. parent::__construct($appName, $request);
  38. $this->timeFactory = $timeFactory;
  39. $this->mapper = $mapper;
  40. $this->secureRandom = $secureRandom;
  41. $this->logger = $logger;
  42. $this->userId = $userId;
  43. }
  44. /**
  45. * @NoAdminRequired
  46. * @UserRateThrottle(limit=10, period=120)
  47. *
  48. * Create a local editor
  49. *
  50. * @param string $path Path of the file
  51. *
  52. * @return DataResponse<Http::STATUS_OK, array{userId: ?string, pathHash: string, expirationTime: int, token: string}, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array<empty>, array{}>
  53. *
  54. * 200: Local editor returned
  55. */
  56. public function create(string $path): DataResponse {
  57. $pathHash = sha1($path);
  58. $entity = new OpenLocalEditor();
  59. $entity->setUserId($this->userId);
  60. $entity->setPathHash($pathHash);
  61. $entity->setExpirationTime($this->timeFactory->getTime() + self::TOKEN_DURATION); // Expire in 10 minutes
  62. for ($i = 1; $i <= self::TOKEN_RETRIES; $i++) {
  63. $token = $this->secureRandom->generate(self::TOKEN_LENGTH, ISecureRandom::CHAR_ALPHANUMERIC);
  64. $entity->setToken($token);
  65. try {
  66. $this->mapper->insert($entity);
  67. return new DataResponse([
  68. 'userId' => $this->userId,
  69. 'pathHash' => $pathHash,
  70. 'expirationTime' => $entity->getExpirationTime(),
  71. 'token' => $entity->getToken(),
  72. ]);
  73. } catch (Exception $e) {
  74. if ($e->getCode() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
  75. // Only retry on unique constraint violation
  76. throw $e;
  77. }
  78. }
  79. }
  80. $this->logger->error('Giving up after ' . self::TOKEN_RETRIES . ' retries to generate a unique local editor token for path hash: ' . $pathHash);
  81. return new DataResponse([], Http::STATUS_INTERNAL_SERVER_ERROR);
  82. }
  83. /**
  84. * @NoAdminRequired
  85. * @BruteForceProtection(action=openLocalEditor)
  86. *
  87. * Validate a local editor
  88. *
  89. * @param string $path Path of the file
  90. * @param string $token Token of the local editor
  91. *
  92. * @return DataResponse<Http::STATUS_OK, array{userId: string, pathHash: string, expirationTime: int, token: string}, array{}>|DataResponse<Http::STATUS_NOT_FOUND, array<empty>, array{}>
  93. *
  94. * 200: Local editor validated successfully
  95. * 404: Local editor not found
  96. */
  97. public function validate(string $path, string $token): DataResponse {
  98. $pathHash = sha1($path);
  99. try {
  100. $entity = $this->mapper->verifyToken($this->userId, $pathHash, $token);
  101. } catch (DoesNotExistException $e) {
  102. $response = new DataResponse([], Http::STATUS_NOT_FOUND);
  103. $response->throttle(['userId' => $this->userId, 'pathHash' => $pathHash]);
  104. return $response;
  105. }
  106. $this->mapper->delete($entity);
  107. if ($entity->getExpirationTime() <= $this->timeFactory->getTime()) {
  108. $response = new DataResponse([], Http::STATUS_NOT_FOUND);
  109. $response->throttle(['userId' => $this->userId, 'pathHash' => $pathHash]);
  110. return $response;
  111. }
  112. return new DataResponse([
  113. 'userId' => $this->userId,
  114. 'pathHash' => $pathHash,
  115. 'expirationTime' => $entity->getExpirationTime(),
  116. 'token' => $entity->getToken(),
  117. ]);
  118. }
  119. }