作者:GitHubUser423
项目:cor
/**
* Intercepts GET requests on addressbook urls ending with ?photo.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool|void
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
// TODO: in addition to photo we should also add logo some point in time
if (!array_key_exists('photo', $queryParams)) {
return true;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof Card) {
return true;
}
$this->server->transactionType = 'carddav-image-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
/** @var \Sabre\DAVACL\Plugin $aclPlugin */
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
if ($result = $this->getPhoto($node)) {
$response->setHeader('Content-Type', $result['Content-Type']);
$response->setStatus(200);
$response->setBody($result['body']);
// Returning false to break the event chain
return false;
}
return true;
}
作者:BlaBlaNe
项目:hubzill
/**
* Intercepts GET requests on addressbook urls ending with ?export.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('export', $queryParams)) {
return;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof IAddressBook) {
return;
}
$this->server->transactionType = 'get-addressbook-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
$nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
$format = 'text/directory';
$output = null;
$filenameExtension = null;
switch ($format) {
case 'text/directory':
$output = $this->generateVCF($nodes);
$filenameExtension = '.vcf';
break;
}
$filename = preg_replace('/[^a-zA-Z0-9-_ ]/um', '', $node->getName());
$filename .= '-' . date('Y-m-d') . $filenameExtension;
$response->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"');
$response->setHeader('Content-Type', $format);
$response->setStatus(200);
$response->setBody($output);
// Returning false to break the event chain
return false;
}
作者:krekik
项目:sambada
/**
* Handles POST requests for tree operations not handled in the SabreDAV parent clas
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function httpPOSTExtra(RequestInterface $request, ResponseInterface $response)
{
$contentType = $request->getHeader('Content-Type');
list($contentType) = explode(';', $contentType);
if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
return;
}
$postVars = $request->getPostData();
if (!isset($postVars['sabreActionExtra'])) {
return;
}
$uri = $request->getPath();
switch ($postVars['sabreActionExtra']) {
case 'del':
if (isset($postVars['path'])) {
// Using basename() because we won't allow slashes
list(, $Name) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['path']));
if (!empty($Name) && $this->config->browserplugin_enable_delete === true) {
$this->server->tree->delete($uri . '/' . $Name);
}
}
break;
}
$response->setHeader('Location', $request->getUrl());
$response->setStatus(302);
return false;
}
作者:Kevin-Z
项目:vaneDis
/**
* Plugin that adds a 'Content-Disposition: attachment' header to all files
* delivered by SabreDAV.
* @param RequestInterface $request
* @param ResponseInterface $response
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
// Only handle valid files
$node = $this->tree->getNodeForPath($request->getPath());
if (!$node instanceof IFile) {
return;
}
$response->addHeader('Content-Disposition', 'attachment');
}
作者:pagee
项目:sabre-da
/**
* Intercepts GET requests on calendar urls ending with ?export.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('export', $queryParams)) {
return;
}
$path = $request->getPath();
$node = $this->server->getProperties($path, ['{DAV:}resourcetype', '{DAV:}displayname', '{http://sabredav.org/ns}sync-token', '{DAV:}sync-token', '{http://apple.com/ns/ical/}calendar-color']);
if (!isset($node['{DAV:}resourcetype']) || !$node['{DAV:}resourcetype']->is('{' . Plugin::NS_CALDAV . '}calendar')) {
return;
}
// Marking the transactionType, for logging purposes.
$this->server->transactionType = 'get-calendar-export';
$properties = $node;
$start = null;
$end = null;
$expand = false;
$componentType = false;
if (isset($queryParams['start'])) {
if (!ctype_digit($queryParams['start'])) {
throw new BadRequest('The start= parameter must contain a unix timestamp');
}
$start = DateTime::createFromFormat('U', $queryParams['start']);
}
if (isset($queryParams['end'])) {
if (!ctype_digit($queryParams['end'])) {
throw new BadRequest('The end= parameter must contain a unix timestamp');
}
$end = DateTime::createFromFormat('U', $queryParams['end']);
}
if (isset($queryParams['expand']) && !!$queryParams['expand']) {
if (!$start || !$end) {
throw new BadRequest('If you\'d like to expand recurrences, you must specify both a start= and end= parameter.');
}
$expand = true;
$componentType = 'VEVENT';
}
if (isset($queryParams['componentType'])) {
if (!in_array($queryParams['componentType'], ['VEVENT', 'VTODO', 'VJOURNAL'])) {
throw new BadRequest('You are not allowed to search for components of type: ' . $queryParams['componentType'] . ' here');
}
$componentType = $queryParams['componentType'];
}
$format = \Sabre\HTTP\Util::Negotiate($request->getHeader('Accept'), ['text/calendar', 'application/calendar+json']);
if (isset($queryParams['accept'])) {
if ($queryParams['accept'] === 'application/calendar+json' || $queryParams['accept'] === 'jcal') {
$format = 'application/calendar+json';
}
}
if (!$format) {
$format = 'text/calendar';
}
$this->generateResponse($path, $start, $end, $expand, $componentType, $format, $properties, $response);
// Returning false to break the event chain
return false;
}
作者:bogolubo
项目:owncollab_talks-
/**
* This method intercepts GET requests to non-files, and changes it into an HTTP PROPFIND request
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$node = $this->server->tree->getNodeForPath($request->getPath());
if ($node instanceof DAV\IFile) {
return;
}
$subRequest = clone $request;
$subRequest->setMethod('PROPFIND');
$this->server->invokeMethod($subRequest, $response);
return false;
}
作者:sebbie4
项目:casebo
/**
* When this method is called, the backend must check if authentication was
* successful.
*
* The returned value must be one of the following
*
* [true, "principals/username"]
* [false, "reason for failure"]
*
* If authentication was successful, it's expected that the authentication
* backend returns a so-called principal url.
*
* Examples of a principal url:
*
* principals/admin
* principals/user1
* principals/users/joe
* principals/uid/123457
*
* If you don't use WebDAV ACL (RFC3744) we recommend that you simply
* return a string such as:
*
* principals/users/[username]
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
function check(RequestInterface $request, ResponseInterface $response)
{
$remoteUser = $request->getRawServerValue('REMOTE_USER');
if (is_null($remoteUser)) {
$remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER');
}
if (is_null($remoteUser)) {
return [false, 'No REMOTE_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly'];
}
return [true, $this->principalPrefix . $remoteUser];
}
作者:kebenxiaomin
项目:cor
/**
* We intercept this to handle POST requests on calendars.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return null|bool
*/
function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
// Only handling xml
$contentType = $request->getHeader('Content-Type');
if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
return;
}
// Making sure the node exists
try {
$node = $this->server->tree->getNodeForPath($path);
} catch (NotFound $e) {
return;
}
// CSRF protection
$this->protectAgainstCSRF();
$requestBody = $request->getBodyAsString();
// If this request handler could not deal with this POST request, it
// will return 'null' and other plugins get a chance to handle the
// request.
//
// However, we already requested the full body. This is a problem,
// because a body can only be read once. This is why we preemptively
// re-populated the request body with the existing data.
$request->setBody($requestBody);
$dom = XMLUtil::loadDOMDocument($requestBody);
$documentType = XMLUtil::toClarkNotation($dom->firstChild);
switch ($documentType) {
// Dealing with the 'share' document, which modified invitees on a
// calendar.
case '{' . \Sabre\CardDAV\Plugin::NS_CARDDAV . '}share':
// We can only deal with IShareableCalendar objects
if (!$node instanceof IShareableAddressBook) {
return;
}
$this->server->transactionType = 'post-calendar-share';
// Getting ACL info
$acl = $this->server->getPlugin('acl');
// If there's no ACL support, we allow everything
if ($acl) {
$acl->checkPrivileges($path, '{DAV:}write');
}
$mutations = $this->parseShareRequest($dom);
$node->updateShares($mutations[0], $mutations[1]);
$response->setStatus(200);
// Adding this because sending a response body may cause issues,
// and I wanted some type of indicator the response was handled.
$response->setHeader('X-Sabre-Status', 'everything-went-well');
// Breaking the event chain
return false;
}
}
作者:Kevin-Z
项目:vaneDis
/**
* 'beforeMethod' event handles. This event handles intercepts GET requests ending
* with ?mount
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('mount', $queryParams)) {
return;
}
$currentUri = $request->getAbsoluteUrl();
// Stripping off everything after the ?
list($currentUri) = explode('?', $currentUri);
$this->davMount($response, $currentUri);
// Returning false to break the event chain
return false;
}
作者:GitHubUser423
项目:cor
public function releaseLock(RequestInterface $request)
{
if ($request->getMethod() !== 'PUT' || isset($_SERVER['HTTP_OC_CHUNKED'])) {
return;
}
try {
$node = $this->server->tree->getNodeForPath($request->getPath());
} catch (NotFound $e) {
return;
}
if ($node instanceof Node) {
$node->releaseLock(ILockingProvider::LOCK_SHARED);
}
}
作者:nem0xf
项目:cor
public function releaseLock(RequestInterface $request)
{
if ($request->getMethod() !== 'PUT') {
return;
}
try {
$node = $this->tree->getNodeForPath($request->getPath());
} catch (NotFound $e) {
return;
}
if ($node instanceof Node) {
$node->releaseLock(ILockingProvider::LOCK_SHARED);
}
}
作者:samj191
项目:rep
/**
* Detects all unsupported clients and throws a \Sabre\DAV\Exception\Forbidden
* exception which will result in a 403 to them.
* @param RequestInterface $request
* @throws \Sabre\DAV\Exception\Forbidden If the client version is not supported
*/
public function beforeHandler(RequestInterface $request)
{
$userAgent = $request->getHeader('User-Agent');
if ($userAgent === null) {
return;
}
$minimumSupportedDesktopVersion = $this->config->getSystemValue('minimum.supported.desktop.version', '1.7.0');
// Match on the mirall version which is in scheme "Mozilla/5.0 (%1) mirall/%2" or
// "mirall/%1" for older releases
preg_match("/(?:mirall\\/)([\\d.]+)/i", $userAgent, $versionMatches);
if (isset($versionMatches[1]) && version_compare($versionMatches[1], $minimumSupportedDesktopVersion) === -1) {
throw new \Sabre\DAV\Exception\Forbidden('Unsupported client version.');
}
}
作者:bogolubo
项目:owncollab_talks-
/**
* Intercepts GET requests on addressbook urls ending with ?export.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
$queryParams = $request->getQueryParameters();
if (!array_key_exists('export', $queryParams)) {
return;
}
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof IAddressBook) {
return;
}
$this->server->transactionType = 'get-addressbook-export';
// Checking ACL, if available.
if ($aclPlugin = $this->server->getPlugin('acl')) {
$aclPlugin->checkPrivileges($path, '{DAV:}read');
}
$response->setHeader('Content-Type', 'text/directory');
$response->setStatus(200);
$nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
$response->setBody($this->generateVCF($nodes));
// Returning false to break the event chain
return false;
}
作者:nikos
项目:openeclas
/**
* This method is created to extract information from the WebDAV HTTP 'If:' header
*
* The If header can be quite complex, and has a bunch of features. We're using a regex to extract all relevant information
* The function will return an array, containing structs with the following keys
*
* * uri - the uri the condition applies to.
* * tokens - The lock token. another 2 dimensional array containing 3 elements
*
* Example 1:
*
* If: (<opaquelocktoken:181d4fae-7d8c-11d0-a765-00a0c91e6bf2>)
*
* Would result in:
*
* [
* [
* 'uri' => '/request/uri',
* 'tokens' => [
* [
* [
* 'negate' => false,
* 'token' => 'opaquelocktoken:181d4fae-7d8c-11d0-a765-00a0c91e6bf2',
* 'etag' => ""
* ]
* ]
* ],
* ]
* ]
*
* Example 2:
*
* If: </path/> (Not <opaquelocktoken:181d4fae-7d8c-11d0-a765-00a0c91e6bf2> ["Im An ETag"]) (["Another ETag"]) </path2/> (Not ["Path2 ETag"])
*
* Would result in:
*
* [
* [
* 'uri' => 'path',
* 'tokens' => [
* [
* [
* 'negate' => true,
* 'token' => 'opaquelocktoken:181d4fae-7d8c-11d0-a765-00a0c91e6bf2',
* 'etag' => '"Im An ETag"'
* ],
* [
* 'negate' => false,
* 'token' => '',
* 'etag' => '"Another ETag"'
* ]
* ]
* ],
* ],
* [
* 'uri' => 'path2',
* 'tokens' => [
* [
* [
* 'negate' => true,
* 'token' => '',
* 'etag' => '"Path2 ETag"'
* ]
* ]
* ],
* ],
* ]
*
* @return array
*/
function getIfConditions(RequestInterface $request) {
$header = $request->getHeader('If');
if (!$header) return [];
$matches = [];
$regex = '/(?:\<(?P<uri>.*?)\>\s)?\((?P<not>Not\s)?(?:\<(?P<token>[^\>]*)\>)?(?:\s?)(?:\[(?P<etag>[^\]]*)\])?\)/im';
preg_match_all($regex, $header, $matches, PREG_SET_ORDER);
$conditions = [];
foreach ($matches as $match) {
// If there was no uri specified in this match, and there were
// already conditions parsed, we add the condition to the list of
// conditions for the previous uri.
if (!$match['uri'] && count($conditions)) {
$conditions[count($conditions) - 1]['tokens'][] = [
'negate' => $match['not'] ? true : false,
'token' => $match['token'],
'etag' => isset($match['etag']) ? $match['etag'] : ''
];
} else {
if (!$match['uri']) {
$realUri = $request->getPath();
} else {
$realUri = $this->calculateUri($match['uri']);
}
//.........这里部分代码省略.........
作者:enoch8
项目:owncloud-testserve
/**
* HTTP REPORT method implementation
*
* Although the REPORT method is not part of the standard WebDAV spec (it's from rfc3253)
* It's used in a lot of extensions, so it made sense to implement it into the core.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpReport(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$body = $request->getBodyAsString();
$dom = XMLUtil::loadDOMDocument($body);
$reportName = XMLUtil::toClarkNotation($dom->firstChild);
if ($this->server->emit('report', [$reportName, $dom, $path])) {
// If emit returned true, it means the report was not supported
throw new Exception\ReportNotSupported();
}
// Sending back false will interupt the event chain and tell the server
// we've handled this method.
return false;
}
作者:drognise
项目:Portfolio-Sit
/**
* HTTP REPORT method implementation
*
* Although the REPORT method is not part of the standard WebDAV spec (it's from rfc3253)
* It's used in a lot of extensions, so it made sense to implement it into the core.
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
function httpReport(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$result = $this->server->xml->parse($request->getBody(), $request->getUrl(), $rootElementName);
if ($this->server->emit('report', [$rootElementName, $result, $path])) {
// If emit returned true, it means the report was not supported
throw new Exception\ReportNotSupported();
}
// Sending back false will interupt the event chain and tell the server
// we've handled this method.
return false;
}
作者:stwei
项目:owncloud-cor
/**
* Fakes a successful LOCK
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return bool
*/
public function fakeLockProvider(RequestInterface $request, ResponseInterface $response)
{
$lockInfo = new LockInfo();
$lockInfo->token = md5($request->getPath());
$lockInfo->uri = $request->getPath();
$lockInfo->depth = \Sabre\DAV\Server::DEPTH_INFINITY;
$lockInfo->timeout = 1800;
$body = $this->server->xml->write('{DAV:}prop', ['{DAV:}lockdiscovery' => new LockDiscovery([$lockInfo])]);
$response->setBody($body);
return false;
}
作者:farukuzu
项目:core-
/**
* POST operation on Comments collections
*
* @param RequestInterface $request request object
* @param ResponseInterface $response response object
* @return null|false
*/
public function httpPost(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getPath();
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof EntityCollection) {
return null;
}
$data = $request->getBodyAsString();
$comment = $this->createComment($node->getName(), $node->getId(), $data, $request->getHeader('Content-Type'));
// update read marker for the current user/poster to avoid
// having their own comments marked as unread
$node->setReadMarker(null);
$url = $request->getUrl() . '/' . urlencode($comment->getId());
$response->setHeader('Content-Location', $url);
// created
$response->setStatus(201);
return false;
}
作者:Kevin-Z
项目:vaneDis
/**
* Returns the HTTP custom range update header
*
* This method returns null if there is no well-formed HTTP range request
* header. It returns array(1) if it was an append request, array(2,
* $start, $end) if it's a start and end range, lastly it's array(3,
* $endoffset) if the offset was negative, and should be calculated from
* the end of the file.
*
* Examples:
*
* null - invalid
* [1] - append
* [2,10,15] - update bytes 10, 11, 12, 13, 14, 15
* [2,10,null] - update bytes 10 until the end of the patch body
* [3,-5] - update from 5 bytes from the end of the file.
*
* @param RequestInterface $request
* @return array|null
*/
function getHTTPUpdateRange(RequestInterface $request)
{
$range = $request->getHeader('X-Update-Range');
if (is_null($range)) {
return null;
}
// Matching "Range: bytes=1234-5678: both numbers are optional
if (!preg_match('/^(append)|(?:bytes=([0-9]+)-([0-9]*))|(?:bytes=(-[0-9]+))$/i', $range, $matches)) {
return null;
}
if ($matches[1] === 'append') {
return [self::RANGE_APPEND];
} elseif (strlen($matches[2]) > 0) {
return [self::RANGE_START, $matches[2], $matches[3] ?: null];
} elseif ($matches[4]) {
return [self::RANGE_END, $matches[4]];
} else {
return null;
}
}
作者:bartv
项目:SecotrustSabreDavBundl
/**
* This method is called when a user could not be authenticated, and
* authentication was required for the current request.
*
* This gives you the opportunity to set authentication headers. The 401
* status code will already be set.
*
* In this case of Basic Auth, this would for example mean that the
* following header needs to be set:
*
* $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
*
* Keep in mind that in the case of multiple authentication backends, other
* WWW-Authenticate headers may already have been set, and you'll want to
* append your own WWW-Authenticate header instead of overwriting the
* existing one.
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function challenge(RequestInterface $request, ResponseInterface $response)
{
$auth = new Auth\BasicAuth($this->realm, $request, $response, $this->user_manager);
$userpass = $auth->getCredentials($this->encoder_service);
if (!$userpass) {
$auth->requireLogin();
}
// Authenticates the user
if (!$this->validateUserPass($userpass[0], $userpass[1])) {
$auth->requireLogin();
}
$this->currentUser = $userpass[0];
$request->setCurrentUsername($this->currentUser);
}