chore: Move to class/method attributes for middleware checks
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
Родитель
7edf59f312
Коммит
93225dda10
|
|
@ -17,6 +17,7 @@ return array(
|
|||
'OCA\\Richdocuments\\Command\\InstallDefaultFonts' => $baseDir . '/../lib/Command/InstallDefaultFonts.php',
|
||||
'OCA\\Richdocuments\\Command\\UpdateEmptyTemplates' => $baseDir . '/../lib/Command/UpdateEmptyTemplates.php',
|
||||
'OCA\\Richdocuments\\Controller\\AssetsController' => $baseDir . '/../lib/Controller/AssetsController.php',
|
||||
'OCA\\Richdocuments\\Controller\\Attribute\\RestrictToWopiServer' => $baseDir . '/../lib/Controller/Attribute/RestrictToWopiServer.php',
|
||||
'OCA\\Richdocuments\\Controller\\DirectViewController' => $baseDir . '/../lib/Controller/DirectViewController.php',
|
||||
'OCA\\Richdocuments\\Controller\\DocumentAPIController' => $baseDir . '/../lib/Controller/DocumentAPIController.php',
|
||||
'OCA\\Richdocuments\\Controller\\DocumentController' => $baseDir . '/../lib/Controller/DocumentController.php',
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ class ComposerStaticInitRichdocuments
|
|||
'OCA\\Richdocuments\\Command\\InstallDefaultFonts' => __DIR__ . '/..' . '/../lib/Command/InstallDefaultFonts.php',
|
||||
'OCA\\Richdocuments\\Command\\UpdateEmptyTemplates' => __DIR__ . '/..' . '/../lib/Command/UpdateEmptyTemplates.php',
|
||||
'OCA\\Richdocuments\\Controller\\AssetsController' => __DIR__ . '/..' . '/../lib/Controller/AssetsController.php',
|
||||
'OCA\\Richdocuments\\Controller\\Attribute\\RestrictToWopiServer' => __DIR__ . '/..' . '/../lib/Controller/Attribute/RestrictToWopiServer.php',
|
||||
'OCA\\Richdocuments\\Controller\\DirectViewController' => __DIR__ . '/..' . '/../lib/Controller/DirectViewController.php',
|
||||
'OCA\\Richdocuments\\Controller\\DocumentAPIController' => __DIR__ . '/..' . '/../lib/Controller/DocumentAPIController.php',
|
||||
'OCA\\Richdocuments\\Controller\\DocumentController' => __DIR__ . '/..' . '/../lib/Controller/DocumentController.php',
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@
|
|||
|
||||
namespace OCA\Richdocuments\Controller;
|
||||
|
||||
use OCA\Richdocuments\Controller\Attribute\RestrictToWopiServer;
|
||||
use OCA\Richdocuments\Db\AssetMapper;
|
||||
use OCA\Richdocuments\Service\UserScopeService;
|
||||
use OCP\AppFramework\Controller;
|
||||
|
|
@ -92,6 +93,7 @@ class AssetsController extends Controller {
|
|||
* @param string $token
|
||||
* @return Http\Response
|
||||
*/
|
||||
#[RestrictToWopiServer]
|
||||
public function get($token) {
|
||||
try {
|
||||
$asset = $this->assetMapper->getAssetByToken($token);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2024 Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @author Julius Härtl <jus@bitgrid.net>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace OCA\Richdocuments\Controller\Attribute;
|
||||
|
||||
use Attribute;
|
||||
|
||||
#[Attribute]
|
||||
class RestrictToWopiServer {
|
||||
}
|
||||
|
|
@ -24,6 +24,7 @@ namespace OCA\Richdocuments\Controller;
|
|||
use OCA\Files_Versions\Versions\IVersionManager;
|
||||
use OCA\Richdocuments\AppConfig;
|
||||
use OCA\Richdocuments\AppInfo\Application;
|
||||
use OCA\Richdocuments\Controller\Attribute\RestrictToWopiServer;
|
||||
use OCA\Richdocuments\Db\Wopi;
|
||||
use OCA\Richdocuments\Db\WopiMapper;
|
||||
use OCA\Richdocuments\Events\DocumentOpenedEvent;
|
||||
|
|
@ -71,6 +72,7 @@ use Psr\Container\ContainerExceptionInterface;
|
|||
use Psr\Container\NotFoundExceptionInterface;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
#[RestrictToWopiServer]
|
||||
class WopiController extends Controller {
|
||||
/** @var IRootFolder */
|
||||
private $rootFolder;
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ declare(strict_types=1);
|
|||
namespace OCA\Richdocuments\Middleware;
|
||||
|
||||
use OCA\Richdocuments\AppInfo\Application;
|
||||
use OCA\Richdocuments\Controller\AssetsController;
|
||||
use OCA\Richdocuments\Controller\Attribute\RestrictToWopiServer;
|
||||
use OCA\Richdocuments\Controller\WopiController;
|
||||
use OCA\Richdocuments\Db\WopiMapper;
|
||||
use OCA\Richdocuments\Exceptions\ExpiredTokenException;
|
||||
|
|
@ -42,33 +42,31 @@ use OCP\Files\NotPermittedException;
|
|||
use OCP\IConfig;
|
||||
use OCP\IRequest;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use ReflectionClass;
|
||||
use ReflectionMethod;
|
||||
use Symfony\Component\HttpFoundation\IpUtils;
|
||||
|
||||
class WOPIMiddleware extends Middleware {
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
/** @var IRequest */
|
||||
private $request;
|
||||
/** @var WopiMapper */
|
||||
private $wopiMapper;
|
||||
/** @var LoggerInterface */
|
||||
private $logger;
|
||||
|
||||
public function __construct(IConfig $config, IRequest $request, WopiMapper $wopiMapper, LoggerInterface $logger) {
|
||||
$this->config = $config;
|
||||
$this->request = $request;
|
||||
$this->wopiMapper = $wopiMapper;
|
||||
$this->logger = $logger;
|
||||
public function __construct(
|
||||
private IConfig $config,
|
||||
private IRequest $request,
|
||||
private WopiMapper $wopiMapper,
|
||||
private LoggerInterface $logger
|
||||
) {
|
||||
}
|
||||
|
||||
public function beforeController($controller, $methodName) {
|
||||
parent::beforeController($controller, $methodName);
|
||||
|
||||
// Check controllers that are only supposed to be called by Collabora directly
|
||||
// FIXME: This can be moved to a PHP attribute in the future
|
||||
$isRestrictedController = $controller instanceof WopiController
|
||||
|| ($controller instanceof AssetsController && $methodName === 'get');
|
||||
if ($isRestrictedController && !$this->isWOPIAllowed()) {
|
||||
$reflectionClass = new ReflectionClass($controller);
|
||||
$hasClassAttribute = !empty($reflectionClass->getAttributes(RestrictToWopiServer::class));
|
||||
|
||||
$reflectionMethod = new ReflectionMethod($controller, $methodName);
|
||||
$hasMethodAttribute = !empty($reflectionMethod->getAttributes(RestrictToWopiServer::class));
|
||||
|
||||
$isRestricted = $hasClassAttribute || $hasMethodAttribute;
|
||||
if ($isRestricted && !$this->isWOPIAllowed()) {
|
||||
throw new NotPermittedException();
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче