fileserver.php 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
  1. <?php
  2. /* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>
  3. * Copyright (C) 2019 Regis Houssin <regis.houssin@inodbox.com>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation; either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  17. *
  18. * You can test with the WebDav client cadaver:
  19. * cadaver http://myurl/dav/fileserver.php
  20. */
  21. /**
  22. * \file htdocs/dav/fileserver.php
  23. * \ingroup dav
  24. * \brief Server DAV
  25. */
  26. if (!defined('NOTOKENRENEWAL')) {
  27. define('NOTOKENRENEWAL', '1');
  28. }
  29. if (!defined('NOREQUIREMENU')) {
  30. define('NOREQUIREMENU', '1'); // If there is no menu to show
  31. }
  32. if (!defined('NOREQUIREHTML')) {
  33. define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
  34. }
  35. if (!defined('NOREQUIREAJAX')) {
  36. define('NOREQUIREAJAX', '1');
  37. }
  38. if (!defined('NOLOGIN')) {
  39. define("NOLOGIN", 1); // This means this output page does not require to be logged.
  40. }
  41. if (!defined('NOCSRFCHECK')) {
  42. define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
  43. }
  44. require "../main.inc.php";
  45. require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
  46. require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
  47. require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
  48. require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
  49. require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
  50. $user = new User($db);
  51. if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
  52. $user->fetch('', $_SERVER['PHP_AUTH_USER']);
  53. $user->getrights();
  54. }
  55. // Load translation files required by the page
  56. $langs->loadLangs(array("main", "other"));
  57. if (empty($conf->dav->enabled)) {
  58. accessforbidden();
  59. }
  60. // Restrict API to some IPs
  61. if (!empty($conf->global->DAV_RESTRICT_ON_IP)) {
  62. $allowedip = explode(' ', $conf->global->DAV_RESTRICT_ON_IP);
  63. $ipremote = getUserRemoteIP();
  64. if (!in_array($ipremote, $allowedip)) {
  65. dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTRICT_ON_IP);
  66. print 'DAV not allowed from the IP '.$ipremote;
  67. header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
  68. //print $conf->global->DAV_RESTRICT_ON_IP;
  69. exit(0);
  70. }
  71. }
  72. $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
  73. // settings
  74. $publicDir = $conf->dav->multidir_output[$entity].'/public';
  75. $privateDir = $conf->dav->multidir_output[$entity].'/private';
  76. $ecmDir = $conf->ecm->multidir_output[$entity];
  77. $tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted
  78. //var_dump($tmpDir);mkdir($tmpDir);exit;
  79. // Authentication callback function
  80. $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $password) {
  81. global $user;
  82. global $conf;
  83. global $dolibarr_main_authentication, $dolibarr_auto_user;
  84. if (empty($user->login)) {
  85. dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
  86. return false;
  87. }
  88. if ($user->socid > 0) {
  89. dol_syslog("Failed to authenticate to DAV, use is an external user", LOG_WARNING);
  90. return false;
  91. }
  92. if ($user->login != $username) {
  93. dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
  94. return false;
  95. }
  96. // Authentication mode
  97. if (empty($dolibarr_main_authentication)) {
  98. $dolibarr_main_authentication = 'dolibarr';
  99. }
  100. // Authentication mode: forceuser
  101. if ($dolibarr_main_authentication == 'forceuser') {
  102. if (empty($dolibarr_auto_user)) {
  103. $dolibarr_auto_user = 'auto';
  104. }
  105. if ($dolibarr_auto_user != $username) {
  106. dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
  107. return false;
  108. }
  109. }
  110. $authmode = explode(',', $dolibarr_main_authentication);
  111. $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));
  112. if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
  113. return false;
  114. }
  115. return true;
  116. });
  117. $authBackend->setRealm(constant('DOL_APPLICATION_TITLE'));
  118. /*
  119. * Actions and View
  120. */
  121. // Create the root node
  122. // Setting up the directory tree //
  123. $nodes = array();
  124. // Enable directories and features according to DAV setup
  125. // Public dir
  126. if (!empty($conf->global->DAV_ALLOW_PUBLIC_DIR)) {
  127. $nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
  128. }
  129. // Private dir
  130. $nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
  131. // ECM dir
  132. if (!empty($conf->ecm->enabled) && !empty($conf->global->DAV_ALLOW_ECM_DIR)) {
  133. $nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
  134. }
  135. // Principals Backend
  136. //$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
  137. // /principals
  138. //$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
  139. // CardDav & CalDav Backend
  140. //$carddavBackend = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
  141. //$caldavBackend = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
  142. // /addressbook
  143. //$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
  144. // /calendars
  145. //$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
  146. // The rootnode needs in turn to be passed to the server class
  147. $server = new \Sabre\DAV\Server($nodes);
  148. // If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
  149. // You can override the baseUri here.
  150. $baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
  151. if (isset($baseUri)) {
  152. $server->setBaseUri($baseUri);
  153. }
  154. // Add authentication function
  155. if ((empty($conf->global->DAV_ALLOW_PUBLIC_DIR)
  156. || !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
  157. && !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources
  158. ) {
  159. //var_dump($_SERVER["QUERY_STRING"]);exit;
  160. $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
  161. }
  162. // Support for LOCK and UNLOCK
  163. $lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
  164. $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
  165. $server->addPlugin($lockPlugin);
  166. // Support for html frontend
  167. if (empty($conf->global->DAV_DISABLE_BROWSER)) {
  168. $browser = new \Sabre\DAV\Browser\Plugin();
  169. $server->addPlugin($browser);
  170. }
  171. // Automatically guess (some) contenttypes, based on extension
  172. //$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
  173. //$server->addPlugin(new \Sabre\CardDAV\Plugin());
  174. //$server->addPlugin(new \Sabre\CalDAV\Plugin());
  175. //$server->addPlugin(new \Sabre\DAVACL\Plugin());
  176. // Temporary file filter
  177. /*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
  178. $server->addPlugin($tempFF);
  179. */
  180. // And off we go!
  181. $server->exec();
  182. if (is_object($db)) {
  183. $db->close();
  184. }