From 1a808ef47d55a4a6121eacd7661a4cbecd36e1b8 Mon Sep 17 00:00:00 2001
From: Gerben <gerben@treora.com>
Date: Tue, 28 Aug 2018 11:42:33 +0200
Subject: [PATCH] Implement getting files by token or path.

Also renamed static to raw.
---
 .travis.yml                                  |  6 +--
 README.md                                    |  2 +-
 appinfo/info.xml                             | 10 ++---
 appinfo/routes.php                           | 18 +++-----
 composer.json                                |  2 +-
 lib/Controller/PageController.php            | 31 --------------
 lib/Controller/PrivatePageController.php     | 43 ++++++++++++++++++++
 lib/Controller/PubPageController.php         | 36 ++++++++++++++++
 lib/Controller/RawResponse.php               | 15 +++++++
 templates/index.php                          |  4 +-
 tests/Integration/AppTest.php                |  6 +--
 tests/Unit/Controller/PageControllerTest.php |  6 +--
 tests/bootstrap.php                          |  4 +-
 13 files changed, 120 insertions(+), 63 deletions(-)
 delete mode 100644 lib/Controller/PageController.php
 create mode 100644 lib/Controller/PrivatePageController.php
 create mode 100644 lib/Controller/PubPageController.php
 create mode 100644 lib/Controller/RawResponse.php

diff --git a/.travis.yml b/.travis.yml
index 3a52f37..b66bc03 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -35,7 +35,7 @@ before_install:
     # install core
     - cd ../
     - git clone https://github.com/nextcloud/server.git --recursive --depth 1 -b $CORE_BRANCH nextcloud
-    - mv "$TRAVIS_BUILD_DIR" nextcloud/apps/static
+    - mv "$TRAVIS_BUILD_DIR" nextcloud/apps/raw
 
 before_script:
     - if [[ "$DB" == 'pgsql' ]]; then createuser -U travis -s oc_autotest; fi
@@ -45,9 +45,9 @@ before_script:
     - cd nextcloud
     - mkdir data
     - ./occ maintenance:install --database-name oc_autotest --database-user oc_autotest --admin-user admin --admin-pass admin --database $DB --database-pass=''
-    - ./occ app:enable static
+    - ./occ app:enable raw
     - php -S localhost:8080 &
-    - cd apps/static
+    - cd apps/raw
 
 script:
     - make test
diff --git a/README.md b/README.md
index 2f6e8b2..aacb0c9 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Static
+# Raw
 Place this app in **nextcloud/apps/**
 
 ## Building the app
diff --git a/appinfo/info.xml b/appinfo/info.xml
index c8739ad..fa0d126 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -1,14 +1,14 @@
 <?xml version="1.0"?>
 <info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
       xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
-    <id>static</id>
-    <name>Static</name>
+    <id>raw</id>
+    <name>Raw</name>
     <summary>a</summary>
     <description><![CDATA[a]]></description>
     <version>0.0.1</version>
     <licence>agpl</licence>
     <author mail="b@c.de" >a</author>
-    <namespace>Static</namespace>
+    <namespace>Raw</namespace>
     <category>files</category>
     <bugs>https://example.com</bugs>
     <dependencies>
@@ -16,8 +16,8 @@
     </dependencies>
     <navigations>
         <navigation>
-            <name>Static</name>
-            <route>static.page.index</route>
+            <name>Raw</name>
+            <route>raw.page.index</route>
         </navigation>
     </navigations>
 </info>
diff --git a/appinfo/routes.php b/appinfo/routes.php
index 1ae0cae..045f35f 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -1,15 +1,9 @@
 <?php
-/**
- * Create your routes in here. The name is the lowercase name of the controller
- * without the controller part, the stuff after the hash is the method.
- * e.g. page#index -> OCA\Static\Controller\PageController->index()
- *
- * The controller class has to be registered in the application.php file since
- * it's instantiated in there
- */
+
 return [
-    'routes' => [
-	   ['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
-	   ['name' => 'page#do_echo', 'url' => '/echo', 'verb' => 'POST'],
-    ]
+  'routes' => [
+    ['name' => 'pubPage#getByToken', 'url' => '/s/{token}', 'verb' => 'GET'],
+    ['name' => 'privatePage#getByPath', 'url' => '/files/{path}', 'verb' => 'GET',
+      'requirements' => array('path' => '.+')],
+  ]
 ];
diff --git a/composer.json b/composer.json
index 4d56e10..a998070 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-    "name": "Static",
+    "name": "Raw",
     "description": "a",
     "type": "project",
     "license": "AGPL",
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
deleted file mode 100644
index cfae797..0000000
--- a/lib/Controller/PageController.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-namespace OCA\Static\Controller;
-
-use OCP\IRequest;
-use OCP\AppFramework\Http\TemplateResponse;
-use OCP\AppFramework\Http\DataResponse;
-use OCP\AppFramework\Controller;
-
-class PageController extends Controller {
-	private $userId;
-
-	public function __construct($AppName, IRequest $request, $UserId){
-		parent::__construct($AppName, $request);
-		$this->userId = $UserId;
-	}
-
-	/**
-	 * CAUTION: the @Stuff turns off security checks; for this page no admin is
-	 *          required and no CSRF check. If you don't know what CSRF is, read
-	 *          it up in the docs or you might create a security hole. This is
-	 *          basically the only required method to add this exemption, don't
-	 *          add it to any other method if you don't exactly know what it does
-	 *
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
-	public function index() {
-		return new TemplateResponse('static', 'index');  // templates/index.php
-	}
-
-}
diff --git a/lib/Controller/PrivatePageController.php b/lib/Controller/PrivatePageController.php
new file mode 100644
index 0000000..e9b4957
--- /dev/null
+++ b/lib/Controller/PrivatePageController.php
@@ -0,0 +1,43 @@
+<?php
+namespace OCA\Raw\Controller;
+
+use OCP\IRequest;
+use OCP\IServerContainer;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Controller;
+use OCP\Files\Folder;
+use OCP\Files\NotFoundException;
+
+class PrivatePageController extends Controller {
+	use RawResponse;
+
+	private $userFolder;
+
+	public function __construct(
+		$AppName,
+		$UserId,
+		IRequest $request,
+		IServerContainer $serverContainer
+	) {
+		parent::__construct($AppName, $request);
+		$this->userFolder = $serverContainer->getUserFolder($UserId);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function getByPath($path) {
+		if (!$this->userFolder) {
+			return new NotFoundResponse();
+		}
+		try {
+			$node = $this->userFolder->get($path);
+		} catch (NotFoundException $e) {
+			return new NotFoundResponse();
+		}
+		$content = $node->getContent();
+		$mimetype = $node->getMimeType();
+		$this->returnRawResponse($content, $mimetype);
+	}
+}
diff --git a/lib/Controller/PubPageController.php b/lib/Controller/PubPageController.php
new file mode 100644
index 0000000..7284d29
--- /dev/null
+++ b/lib/Controller/PubPageController.php
@@ -0,0 +1,36 @@
+<?php
+namespace OCA\Raw\Controller;
+
+use OCP\IRequest;
+use OCP\Share\IManager;
+use OCP\AppFramework\Controller;
+use OCP\Files\Folder;
+
+class PubPageController extends Controller {
+	use RawResponse;
+
+	private $manager;
+
+	public function __construct(
+		$AppName,
+		IRequest $request,
+		IManager $shareManager
+	) {
+		parent::__construct($AppName, $request);
+		$this->manager = $shareManager;
+	}
+
+	/**
+	 * @PublicPage
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function getByToken($token) {
+		$share = $this->manager->getShareByToken($token);
+		$node = $share->getNode();
+		// if ($node->getType() === 'dir') { TODO }
+		$content = $node->getContent();
+		$mimetype = $node->getMimeType();
+		$this->returnRawResponse($content, $mimetype);
+	}
+}
diff --git a/lib/Controller/RawResponse.php b/lib/Controller/RawResponse.php
new file mode 100644
index 0000000..837d056
--- /dev/null
+++ b/lib/Controller/RawResponse.php
@@ -0,0 +1,15 @@
+<?php
+namespace OCA\Raw\Controller;
+
+trait RawResponse {
+	protected function returnRawResponse($content, $mimetype) {
+		// Ugly hack to prevent security middleware messing up the CSP.
+		header(
+			"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data; "
+			. "style-src data: 'unsafe-inline'; font-src data:; frame-src data:"
+		);
+		header("Content-Type: ${mimetype}");
+		echo $content;
+		exit;
+	}
+}
diff --git a/templates/index.php b/templates/index.php
index c112b7a..401dd4c 100644
--- a/templates/index.php
+++ b/templates/index.php
@@ -1,6 +1,6 @@
 <?php
-script('static', 'script');
-style('static', 'style');
+script('raw', 'script');
+style('raw', 'style');
 ?>
 
 <div id="app">
diff --git a/tests/Integration/AppTest.php b/tests/Integration/AppTest.php
index 2d948b7..e3e7f22 100644
--- a/tests/Integration/AppTest.php
+++ b/tests/Integration/AppTest.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace OCA\Static\Tests\Integration\Controller;
+namespace OCA\Raw\Tests\Integration\Controller;
 
 use OCP\AppFramework\App;
 use Test\TestCase;
@@ -17,13 +17,13 @@ class AppTest extends TestCase {
 
     public function setUp() {
         parent::setUp();
-        $app = new App('static');
+        $app = new App('raw');
         $this->container = $app->getContainer();
     }
 
     public function testAppInstalled() {
         $appManager = $this->container->query('OCP\App\IAppManager');
-        $this->assertTrue($appManager->isInstalled('static'));
+        $this->assertTrue($appManager->isInstalled('raw'));
     }
 
 }
diff --git a/tests/Unit/Controller/PageControllerTest.php b/tests/Unit/Controller/PageControllerTest.php
index f94e700..6f4ca81 100644
--- a/tests/Unit/Controller/PageControllerTest.php
+++ b/tests/Unit/Controller/PageControllerTest.php
@@ -1,12 +1,12 @@
 <?php
 
-namespace OCA\Static\Tests\Unit\Controller;
+namespace OCA\Raw\Tests\Unit\Controller;
 
 use PHPUnit_Framework_TestCase;
 
 use OCP\AppFramework\Http\TemplateResponse;
 
-use OCA\Static\Controller\PageController;
+use OCA\Raw\Controller\PageController;
 
 
 class PageControllerTest extends PHPUnit_Framework_TestCase {
@@ -17,7 +17,7 @@ class PageControllerTest extends PHPUnit_Framework_TestCase {
 		$request = $this->getMockBuilder('OCP\IRequest')->getMock();
 
 		$this->controller = new PageController(
-			'static', $request, $this->userId
+			'raw', $request, $this->userId
 		);
 	}
 
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 53f0681..ff71f03 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -9,8 +9,8 @@ require_once __DIR__.'/../../../lib/base.php';
 // Fix for "Autoload path not allowed: .../tests/lib/testcase.php"
 \OC::$loader->addValidRoot(OC::$SERVERROOT . '/tests');
 
-// Fix for "Autoload path not allowed: .../static/tests/testcase.php"
-\OC_App::loadApp('static');
+// Fix for "Autoload path not allowed: .../raw/tests/testcase.php"
+\OC_App::loadApp('raw');
 
 if(!class_exists('PHPUnit_Framework_TestCase')) {
     require_once('PHPUnit/Autoload.php');