richdocuments/lib/Db/Wopi.php

<?php
/**
 * ownCloud - Richdocuments App
 *
 * @author Ashod Nakashian
 * @copyright 2016 Ashod Nakashian ashod.nakashian@collabora.co.uk
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 */

namespace OCA\Richdocuments\Db;

class Wopi extends DbBase {

	const DB_TABLE = '`*PREFIX*richdocuments_wopi`';

	// Tokens expire after this many seconds (not defined by WOPI specs).
	const TOKEN_LIFETIME_SECONDS = 1800;

	protected $tableName  = '`*PREFIX*richdocuments_wopi`';

	protected $insertStatement  = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`fileid`, `owner_uid`, `editor_uid`, `version`, `canwrite`, `server_host`, `token`, `expiry`)
			VALUES (?, ?, ?, ?, ?, ?, ?, ?)';

	protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?';

	public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost) {
		$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32,
					\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
					\OCP\Security\ISecureRandom::CHAR_DIGITS);

		$wopi = new \OCA\Richdocuments\Db\Wopi([
			$fileId,
			$owner,
			$editor,
			$version,
			$updatable,
			$serverHost,
			$token,
			time() + self::TOKEN_LIFETIME_SECONDS
		]);

		if (!$wopi->insert()) {
			throw new \Exception('Failed to add wopi token into database');
		}

		return $token;
	}

	/*
	 * Given a token, validates it and
	 * constructs and validates the path.
	 * Returns the path, if valid, else false.
	 */
	public function getPathForToken($fileId, $token){

		$wopi = new Wopi();
		$row = $wopi->loadBy('token', $token)->getData();
		\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);
		if (count($row) === 0)
		{
			// Invalid token.
			http_response_code(401);
			return false;
		}

		//TODO: validate.
		if ($row['expiry'] > time()){
			// Expired token!
			//http_response_code(404);
			//$wopi->deleteBy('id', $row['id']);
			//return false;
		}

		return array(
			'owner' => $row['owner_uid'],
			'editor' => $row['editor_uid'],
			'canwrite' => $row['canwrite'],
			'server_host' => $row['server_host']
		);
	}
}
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`<?php`
			`/**`
			`* ownCloud - Richdocuments App`
			`*`
			`* @author Ashod Nakashian`
			`* @copyright 2016 Ashod Nakashian ashod.nakashian@collabora.co.uk`
			`*`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later.`
			`*/`

			`namespace OCA\Richdocuments\Db;`

Properly name classes * All should be PSR-4 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-22 18:01:21 +03:00			`class Wopi extends DbBase {`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00
			const DB_TABLE = '`PREFIXrichdocuments_wopi`';

			`// Tokens expire after this many seconds (not defined by WOPI specs).`
PHP syntax error on Ubuntu 14.04 LTS syntax error, unexpected '*', expecting ',' or ';' at /var/www/owncloud/apps/richdocuments/lib/db/wopi.php#28 2016-04-05 15:20:05 +03:00			`const TOKEN_LIFETIME_SECONDS = 1800;`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00
			protected $tableName = '`PREFIXrichdocuments_wopi`';

Public editing Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-12-07 02:57:01 +03:00			protected $insertStatement = 'INSERT INTO `PREFIXrichdocuments_wopi` (`fileid`, `owner_uid`, `editor_uid`, `version`, `canwrite`, `server_host`, `token`, `expiry`)
			`VALUES (?, ?, ?, ?, ?, ?, ?, ?)';`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00
			protected $loadStatement = 'SELECT * FROM `PREFIXrichdocuments_wopi` WHERE `token`= ?';

Public editing Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-12-07 02:57:01 +03:00			`public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost) {`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32,`
			`\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .`
			`\OCP\Security\ISecureRandom::CHAR_DIGITS);`

			`$wopi = new \OCA\Richdocuments\Db\Wopi([`
Public editing Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-12-07 02:57:01 +03:00			`$fileId,`
Shared documents now show correct editor's name in the change hisotry 2016-06-19 03:43:00 +03:00			`$owner,`
			`$editor,`
Add a revision history sidebar 2016-06-26 18:21:06 +03:00			`$version,`
Store canwrite property in DB Move whether the file is editable or not logic when generating a token and store it in the DB with the access token instead of checking it dynamically in WOPI calls. 2016-10-19 18:28:10 +03:00			`$updatable,`
security: Support WOPI's PostMessageOrigin Adds a new property PostMessageOrigin to WOPI's CheckFileInfo. The inner frame then only sends message to target with origin mentioned in this property. Also implement editor initialization WOPI specs. Inner frame sends a App_LoadingStatus message to us when ready, and we send Host_PostmessageReady when we are ready. 2016-10-26 16:29:27 +03:00			`$serverHost,`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`$token,`
			`time() + self::TOKEN_LIFETIME_SECONDS`
			`]);`

Public editing Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-12-07 02:57:01 +03:00			`if (!$wopi->insert()) {`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`throw new \Exception('Failed to add wopi token into database');`
			`}`

			`return $token;`
			`}`

			`/*`
			`* Given a token, validates it and`
			`* constructs and validates the path.`
			`* Returns the path, if valid, else false.`
			`*/`
Fix file revisions 2017-05-11 18:31:40 +03:00			`public function getPathForToken($fileId, $token){`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00
			`$wopi = new Wopi();`
			`$row = $wopi->loadBy('token', $token)->getData();`
			`\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);`
'==' and '!=' are discouraged 2017-03-14 13:59:37 +03:00			`if (count($row) === 0)`
wopi: support for file sharing and authentication 2016-03-24 04:57:22 +03:00			`{`
			`// Invalid token.`
			`http_response_code(401);`
			`return false;`
			`}`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00
			`//TODO: validate.`
wopi: support for file sharing and authentication 2016-03-24 04:57:22 +03:00			`if ($row['expiry'] > time()){`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`// Expired token!`
wopi: support for file sharing and authentication 2016-03-24 04:57:22 +03:00			`//http_response_code(404);`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`//$wopi->deleteBy('id', $row['id']);`
			`//return false;`
			`}`

Store canwrite property in DB Move whether the file is editable or not logic when generating a token and store it in the DB with the access token instead of checking it dynamically in WOPI calls. 2016-10-19 18:28:10 +03:00			`return array(`
			`'owner' => $row['owner_uid'],`
			`'editor' => $row['editor_uid'],`
security: Support WOPI's PostMessageOrigin Adds a new property PostMessageOrigin to WOPI's CheckFileInfo. The inner frame then only sends message to target with origin mentioned in this property. Also implement editor initialization WOPI specs. Inner frame sends a App_LoadingStatus message to us when ready, and we send Host_PostmessageReady when we are ready. 2016-10-26 16:29:27 +03:00			`'canwrite' => $row['canwrite'],`
			`'server_host' => $row['server_host']`
Store canwrite property in DB Move whether the file is editable or not logic when generating a token and store it in the DB with the access token instead of checking it dynamically in WOPI calls. 2016-10-19 18:28:10 +03:00			`);`
WOPI Token table and database plumbing added 2016-03-09 05:15:44 +03:00			`}`
			`}`