From 02c72e59faef6d6305bf43d7df34af70de73c02a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 9 Oct 2016 20:49:40 -0700
Subject: provide a DAV module which accesses the raw data storage for a
 channel. Together with an export data function in the API this allows a
 client process to create true backups of the cloud storage and importable
 cloud mirrors with all the metadata intact. The import function will need to
 be modified slightly to obtain the file contents from a plugin or API call;
 since it currently tries to fetch it from the source hub.

---
 Zotlabs/Module/Snap.php | 93 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 Zotlabs/Module/Snap.php

(limited to 'Zotlabs/Module/Snap.php')

diff --git a/Zotlabs/Module/Snap.php b/Zotlabs/Module/Snap.php
new file mode 100644
index 000000000..742d88617
--- /dev/null
+++ b/Zotlabs/Module/Snap.php
@@ -0,0 +1,93 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/**
+ * @brief Initialize Hubzilla's cloud (SabreDAV).
+ *
+ * Module for accessing the DAV storage area from a DAV client.
+ */
+
+use \Sabre\DAV as SDAV;
+use \Zotlabs\Storage;
+
+// composer autoloader for SabreDAV
+require_once('vendor/autoload.php');
+
+
+/**
+ * @brief Fires up the SabreDAV server.
+ *
+ * @param App &$a
+ */
+
+class Snap extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		// workaround for HTTP-auth in CGI mode
+		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+ 			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+			if(strlen($userpass)) {
+			 	list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
+			}
+		}
+
+		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
+			}
+		}
+	
+		if (! is_dir('store'))
+			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
+	
+		$which = null;
+		if (argc() > 1)
+			$which = argv(1);
+	
+		$profile = 0;
+	
+		if($which)
+			profile_load( $which, $profile);
+		else
+			killme();	
+
+		$auth = new \Zotlabs\Storage\BasicAuth();
+		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
+
+		$rootDirectory = new SDAV\FS\Directory("store");
+
+		// The server object is responsible for making sense out of the WebDAV protocol
+		$server = new SDAV\Server($rootDirectory);
+
+		$authPlugin = new \Sabre\DAV\Auth\Plugin($auth);
+		$server->addPlugin($authPlugin);
+
+		// If your server is not on your webroot, make sure the following line has the
+		// correct information
+		$server->setBaseUri('/snap');
+
+		// The lock manager is reponsible for making sure users don't overwrite
+		// each others changes.
+		$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
+		$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
+		$server->addPlugin($lockPlugin);
+
+		// This ensures that we get a pretty index in the browser, but it is
+		// optional.
+
+//		$server->addPlugin(new SDAV\Browser\Plugin());
+
+		// All we need to do now, is to fire up the server
+		$server->exec();
+		killme();
+
+	}
+	
+}
-- 
cgit v1.2.3


From 8eac8132e31106c4220c496229f68496e0d8bc08 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 9 Oct 2016 21:28:24 -0700
Subject: snap dav module is currently read-only. error out on any request
 methods which can alter data.

---
 Zotlabs/Module/Snap.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Zotlabs/Module/Snap.php')

diff --git a/Zotlabs/Module/Snap.php b/Zotlabs/Module/Snap.php
index 742d88617..8e52d85ac 100644
--- a/Zotlabs/Module/Snap.php
+++ b/Zotlabs/Module/Snap.php
@@ -58,6 +58,9 @@ class Snap extends \Zotlabs\Web\Controller {
 		else
 			killme();	
 
+		if(! in_array(strtolower($_SERVER['REQUEST_METHOD']),['propfind','get','head']))
+			killme(); 
+
 		$auth = new \Zotlabs\Storage\BasicAuth();
 		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
 
-- 
cgit v1.2.3


From af13e5fa4a88691dc1d7a7474890b381fbb44aab Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 9 Oct 2016 21:36:55 -0700
Subject: since the snap module runs without permissions controls, verify the
 logged in channel matches the requested cloud path

---
 Zotlabs/Module/Snap.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Zotlabs/Module/Snap.php')

diff --git a/Zotlabs/Module/Snap.php b/Zotlabs/Module/Snap.php
index 8e52d85ac..89aebc097 100644
--- a/Zotlabs/Module/Snap.php
+++ b/Zotlabs/Module/Snap.php
@@ -58,6 +58,15 @@ class Snap extends \Zotlabs\Web\Controller {
 		else
 			killme();	
 
+		if($_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_USER'] !== $which)
+			killme();
+
+		if(local_channel()) {
+			$c = \App::get_channel();
+			if($c && $c['channel_address'] !== $which)
+				killme();
+		}
+
 		if(! in_array(strtolower($_SERVER['REQUEST_METHOD']),['propfind','get','head']))
 			killme(); 
 
-- 
cgit v1.2.3