1
0

OC_EventSource.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. <?php
  2. use OCP\IRequest;
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christian Oliff <christianoliff@yahoo.com>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Felix Moeller <mail@felixmoeller.de>
  10. * @author Lukas Reschke <lukas@statuscode.ch>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Robin Appelman <robin@icewind.nl>
  13. * @author Thomas Müller <thomas.mueller@tmit.eu>
  14. *
  15. * @license AGPL-3.0
  16. *
  17. * This code is free software: you can redistribute it and/or modify
  18. * it under the terms of the GNU Affero General Public License, version 3,
  19. * as published by the Free Software Foundation.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU Affero General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU Affero General Public License, version 3,
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>
  28. *
  29. */
  30. class OC_EventSource implements \OCP\IEventSource {
  31. /**
  32. * @var bool
  33. */
  34. private $fallback;
  35. /**
  36. * @var int
  37. */
  38. private $fallBackId = 0;
  39. /**
  40. * @var bool
  41. */
  42. private $started = false;
  43. private IRequest $request;
  44. public function __construct(IRequest $request) {
  45. $this->request = $request;
  46. }
  47. protected function init() {
  48. if ($this->started) {
  49. return;
  50. }
  51. $this->started = true;
  52. // prevent php output buffering, caching and nginx buffering
  53. OC_Util::obEnd();
  54. header('Cache-Control: no-cache');
  55. header('X-Accel-Buffering: no');
  56. $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
  57. if ($this->fallback) {
  58. $this->fallBackId = (int)$_GET['fallback_id'];
  59. /**
  60. * FIXME: The default content-security-policy of ownCloud forbids inline
  61. * JavaScript for security reasons. IE starting on Windows 10 will
  62. * however also obey the CSP which will break the event source fallback.
  63. *
  64. * As a workaround thus we set a custom policy which allows the execution
  65. * of inline JavaScript.
  66. *
  67. * @link https://github.com/owncloud/core/issues/14286
  68. */
  69. header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
  70. header("Content-Type: text/html");
  71. echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy
  72. } else {
  73. header("Content-Type: text/event-stream");
  74. }
  75. if (!$this->request->passesStrictCookieCheck()) {
  76. header('Location: '.\OC::$WEBROOT);
  77. exit();
  78. }
  79. if (!$this->request->passesCSRFCheck()) {
  80. $this->send('error', 'Possible CSRF attack. Connection will be closed.');
  81. $this->close();
  82. exit();
  83. }
  84. flush();
  85. }
  86. /**
  87. * send a message to the client
  88. *
  89. * @param string $type
  90. * @param mixed $data
  91. *
  92. * @throws \BadMethodCallException
  93. * if only one parameter is given, a typeless message will be send with that parameter as data
  94. * @suppress PhanDeprecatedFunction
  95. */
  96. public function send($type, $data = null) {
  97. if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) {
  98. throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')');
  99. }
  100. $this->init();
  101. if (is_null($data)) {
  102. $data = $type;
  103. $type = null;
  104. }
  105. if ($this->fallback) {
  106. $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
  107. . $this->fallBackId . ',"' . $type . '",' . OC_JSON::encode($data) . ')</script>' . PHP_EOL;
  108. echo $response;
  109. } else {
  110. if ($type) {
  111. echo 'event: ' . $type . PHP_EOL;
  112. }
  113. echo 'data: ' . OC_JSON::encode($data) . PHP_EOL;
  114. }
  115. echo PHP_EOL;
  116. flush();
  117. }
  118. /**
  119. * close the connection of the event source
  120. */
  121. public function close() {
  122. $this->send('__internal__', 'close'); //server side closing can be an issue, let the client do it
  123. }
  124. }