diff options
Diffstat (limited to 'mod/cloud.php')
| -rw-r--r-- | mod/cloud.php | 151 |
1 files changed, 89 insertions, 62 deletions
diff --git a/mod/cloud.php b/mod/cloud.php index cdd926444..18b61f941 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -1,23 +1,5 @@ <?php - // This module is currently !!!HIGHLY EXPERIMENTAL!!! - // You should think twice before running this on a production server - // as security mechanisms are not yet implemented and those that - // are implemented probably don't work. - - // DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send - // basic auth over non-encrypted connections. - // One could use digest auth - but then one has to calculate the A1 digest and store it for - // all acounts. We aren't doing that. We have a stored password already. We don't need another - // one. The login unfortunately is the channel nickname (webbie) as we have no way of passing - // the destination channel to DAV. You should be able to login with your account credentials - // and be directed to your default channel. - - // This interface does not yet support Red stored files. Consider any content in your "store" - // directory to be throw-away until advised otherwise. - - - use Sabre\DAV; require_once('vendor/autoload.php'); @@ -44,64 +26,109 @@ -class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { - protected function validateUserPass($username, $password) { - require_once('include/auth.php'); - $record = account_verify_password($email,$pass); - if($record && $record['account_default_channel']) { - $r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if($r) { - $this->currentUser = $r[0]['channel_address']; - return true; - } - } - $r = q("select channel_account_id from channel where channel_address = '%s' limit 1", - dbesc($username) - ); - if($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if($x) { - foreach($x as $record) { - if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) - && (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) { - logger('(DAV) RedBasicAuth: password verified for ' . $username); - return true; - } - } - } - } - logger('(DAV) RedBasicAuth: password failed for ' . $username); - return false; - } -} +function cloud_init(&$a) { + + require_once('include/reddav.php'); + + if(! is_dir('store')) + mkdir('store',STORAGE_DEFAULT_PERMISSIONS,false); + + $which = null; + if(argc() > 1) + $which = argv(1); + + $profile = 0; + $channel = $a->get_channel(); + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which .'" />' . "\r\n" ; + + if($which) + profile_load($a,$which,$profile); + + + + + $auth = new RedBasicAuth(); + + $ob_hash = get_observer_hash(); -function cloud_init() { + if($ob_hash) { + if(local_user()) { + $channel = $a->get_channel(); + $auth->setCurrentUser($channel['channel_address']); + $auth->channel_name = $channel['channel_address']; + $auth->channel_id = $channel['channel_id']; + $auth->channel_hash = $channel['channel_hash']; + if($channel['channel_timezone']) + $auth->timezone = $channel['channel_timezone']; + } + $auth->observer = $ob_hash; + } - if(! get_config('system','enable_cloud')) - killme(); + if($_GET['davguest']) + $_SESSION['davguest'] = true; - $rootDirectory = new DAV\FS\Directory('store'); + + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + + $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); + + $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); - $lockBackend = new DAV\Locks\Backend\File('store/data/locks'); + $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks'); $lockPlugin = new DAV\Locks\Plugin($lockBackend); $server->addPlugin($lockPlugin); - $auth = new RedBasicAuth(); + // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions + // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login. + // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, + // prompt for HTTP-auth. This will be the default case for mounting a DAV directory. + // In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1' - $auth->Authenticate($server,'Red Matrix'); + $isapublic_file = false; + $davguest = ((x($_SESSION,'davguest')) ? true : false); + + if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { + try { + $x = RedFileData('/' . $a->cmd,$auth); + if($x instanceof RedFile) + $isapublic_file = true; + } + catch ( Exception $e ) { + $isapublic_file = false; + } + } + + if((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { + try { + $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++')); + } + catch ( Exception $e) { + logger('mod_cloud: auth exception' . $e->getMessage()); + http_status_exit($e->getHTTPCode(),$e->getMessage()); + } + } + +// $browser = new DAV\Browser\Plugin(); + + $browser = new RedBrowser($auth); + + $auth->setBrowserPlugin($browser); + + + $server->addPlugin($browser); // All we need to do now, is to fire up the server $server->exec(); - exit; - + killme(); }
\ No newline at end of file |