upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

Merge pull request #48098 from nextcloud/feat/zip-folder-plugin

Browse source 
feat: Move to ZipFolderPlugin for downloading multiple-nodes
This commit is contained in:
Ferdinand Thiessen 2024-09-28 14:24:12 +02:00 committed by GitHub
commit 31ad1c5f55
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
24 changed files with 554 additions and 846 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/dav/composer/composer/autoload_classmap.php
View file

@ -213,6 +213,7 @@ return array(
'OCA\\DAV\\Connector\\Sabre\\SharesPlugin' => $baseDir . '/../lib/Connector/Sabre/SharesPlugin.php',
'OCA\\DAV\\Connector\\Sabre\\TagList' => $baseDir . '/../lib/Connector/Sabre/TagList.php',
'OCA\\DAV\\Connector\\Sabre\\TagsPlugin' => $baseDir . '/../lib/Connector/Sabre/TagsPlugin.php',
'OCA\\DAV\\Connector\\Sabre\\ZipFolderPlugin' => $baseDir . '/../lib/Connector/Sabre/ZipFolderPlugin.php',
'OCA\\DAV\\Controller\\BirthdayCalendarController' => $baseDir . '/../lib/Controller/BirthdayCalendarController.php',
'OCA\\DAV\\Controller\\DirectController' => $baseDir . '/../lib/Controller/DirectController.php',
'OCA\\DAV\\Controller\\InvitationResponseController' => $baseDir . '/../lib/Controller/InvitationResponseController.php',

1
apps/dav/composer/composer/autoload_static.php
View file

@ -228,6 +228,7 @@ class ComposerStaticInitDAV
'OCA\\DAV\\Connector\\Sabre\\SharesPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/SharesPlugin.php',
'OCA\\DAV\\Connector\\Sabre\\TagList' => __DIR__ . '/..' . '/../lib/Connector/Sabre/TagList.php',
'OCA\\DAV\\Connector\\Sabre\\TagsPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/TagsPlugin.php',
'OCA\\DAV\\Connector\\Sabre\\ZipFolderPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/ZipFolderPlugin.php',
'OCA\\DAV\\Controller\\BirthdayCalendarController' => __DIR__ . '/..' . '/../lib/Controller/BirthdayCalendarController.php',
'OCA\\DAV\\Controller\\DirectController' => __DIR__ . '/..' . '/../lib/Controller/DirectController.php',
'OCA\\DAV\\Controller\\InvitationResponseController' => __DIR__ . '/..' . '/../lib/Controller/InvitationResponseController.php',

5
apps/dav/lib/Connector/Sabre/ServerFactory.php
View file

@ -92,6 +92,11 @@ class ServerFactory {
$server->addPlugin(new RequestIdHeaderPlugin(\OC::$server->get(IRequest::class)));
$server->addPlugin(new ZipFolderPlugin(
$objectTree,
$this->logger,
));
// Some WebDAV clients do require Class 2 WebDAV support (locking), since
// we do not provide locking we emulate it using a fake locking plugin.
if ($this->request->isUserAgent([

155
apps/dav/lib/Connector/Sabre/ZipFolderPlugin.php Normal file
View file

@ -0,0 +1,155 @@
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\DAV\Connector\Sabre;
use OC\Streamer;
use OCP\Files\File as NcFile;
use OCP\Files\Folder as NcFolder;
use OCP\Files\Node as NcNode;
use Psr\Log\LoggerInterface;
use Sabre\DAV\Server;
use Sabre\DAV\ServerPlugin;
use Sabre\DAV\Tree;
use Sabre\HTTP\Request;
use Sabre\HTTP\Response;
/**
* This plugin allows to download folders accessed by GET HTTP requests on DAV.
* The WebDAV standard explicitly say that GET is not covered and should return what ever the application thinks would be a good representation.
*
* When a collection is accessed using GET, this will provide the content as a archive.
* The type can be set by the `Accept` header (MIME type of zip or tar), or as browser fallback using a `accept` GET parameter.
* It is also possible to only include some child nodes (from the collection it self) by providing a `filter` GET parameter or `X-NC-Files` custom header.
*/
class ZipFolderPlugin extends ServerPlugin {
/**
* Reference to main server object
*/
private ?Server $server = null;
public function __construct(
private Tree $tree,
private LoggerInterface $logger,
) {
}
/**
* This initializes the plugin.
*
* This function is called by \Sabre\DAV\Server, after
* addPlugin is called.
*
* This method should set up the required event subscriptions.
*/
public function initialize(Server $server): void {
$this->server = $server;
$this->server->on('method:GET', $this->handleDownload(...), 100);
}
/**
* Adding a node to the archive streamer.
* This will recursively add new nodes to the stream if the node is a directory.
*/
protected function streamNode(Streamer $streamer, NcNode $node, string $rootPath): void {
// Remove the root path from the filename to make it relative to the requested folder
$filename = str_replace($rootPath, '', $node->getPath());
if ($node instanceof NcFile) {
$resource = $node->fopen('rb');
if ($resource === false) {
$this->logger->info('Cannot read file for zip stream', ['filePath' => $node->getPath()]);
throw new \Sabre\DAV\Exception\ServiceUnavailable('Requested file can currently not be accessed.');
}
$streamer->addFileFromStream($resource, $filename, $node->getSize(), $node->getMTime());
} elseif ($node instanceof NcFolder) {
$streamer->addEmptyDir($filename);
$content = $node->getDirectoryListing();
foreach ($content as $subNode) {
$this->streamNode($streamer, $subNode, $rootPath);
}
}
}
/**
* Download a folder as an archive.
* It is possible to filter / limit the files that should be downloaded,
* either by passing (multiple) `X-NC-Files: the-file` headers
* or by setting a `files=JSON_ARRAY_OF_FILES` URL query.
*
* @return false|null
*/
public function handleDownload(Request $request, Response $response): ?bool {
$node = $this->tree->getNodeForPath($request->getPath());
if (!($node instanceof \OCA\DAV\Connector\Sabre\Directory)) {
// only handle directories
return null;
}
$query = $request->getQueryParameters();
// Get accept header - or if set overwrite with accept GET-param
$accept = $request->getHeaderAsArray('Accept');
$acceptParam = $query['accept'] ?? '';
if ($acceptParam !== '') {
$accept = array_map(fn (string $name) => strtolower(trim($name)), explode(',', $acceptParam));
}
$zipRequest = !empty(array_intersect(['application/zip', 'zip'], $accept));
$tarRequest = !empty(array_intersect(['application/x-tar', 'tar'], $accept));
if (!$zipRequest && !$tarRequest) {
// does not accept zip or tar stream
return null;
}
$files = $request->getHeaderAsArray('X-NC-Files');
$filesParam = $query['files'] ?? '';
// The preferred way would be headers, but this is not possible for simple browser requests ("links")
// so we also need to support GET parameters
if ($filesParam !== '') {
$files = json_decode($filesParam);
if (!is_array($files)) {
if (!is_string($files)) {
// no valid parameter so continue with Sabre behavior
$this->logger->debug('Invalid files filter parameter for ZipFolderPlugin', ['filter' => $filesParam]);
return null;
}
$files = [$files];
}
}
$folder = $node->getNode();
$content = empty($files) ? $folder->getDirectoryListing() : [];
foreach ($files as $path) {
$child = $node->getChild($path);
assert($child instanceof Node);
$content[] = $child->getNode();
}
$archiveName = 'download';
$rootPath = $folder->getPath();
if (empty($files)) {
// We download the full folder so keep it in the tree
$rootPath = dirname($folder->getPath());
// Full folder is loaded to rename the archive to the folder name
$archiveName = $folder->getName();
}
$streamer = new Streamer($tarRequest, -1, count($content));
$streamer->sendHeaders($archiveName);
// For full folder downloads we also add the folder itself to the archive
if (empty($files)) {
$streamer->addEmptyDir($archiveName);
}
foreach ($content as $node) {
$this->streamNode($streamer, $node, $rootPath);
}
$streamer->finalize();
return false;
}
}

5
apps/dav/lib/Server.php
View file

@ -38,6 +38,7 @@ use OCA\DAV\Connector\Sabre\QuotaPlugin;
use OCA\DAV\Connector\Sabre\RequestIdHeaderPlugin;
use OCA\DAV\Connector\Sabre\SharesPlugin;
use OCA\DAV\Connector\Sabre\TagsPlugin;
use OCA\DAV\Connector\Sabre\ZipFolderPlugin;
use OCA\DAV\DAV\CustomPropertiesBackend;
use OCA\DAV\DAV\PublicAuth;
use OCA\DAV\DAV\ViewOnlyPlugin;
@ -209,6 +210,10 @@ class Server {
$this->server->addPlugin(new RequestIdHeaderPlugin(\OC::$server->get(IRequest::class)));
$this->server->addPlugin(new ChunkingV2Plugin(\OCP\Server::get(ICacheFactory::class)));
$this->server->addPlugin(new ChunkingPlugin());
$this->server->addPlugin(new ZipFolderPlugin(
$this->server->tree,
$logger,
));
// allow setup of additional plugins
$dispatcher->dispatch('OCA\DAV\Connector\Sabre::addPlugin', $event);

55
apps/files/ajax/download.php
View file

@ -1,55 +0,0 @@
<?php
/**
* SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
// Check if we are a user
OC_Util::checkLoggedIn();
\OC::$server->getSession()->close();
$files = isset($_GET['files']) ? (string)$_GET['files'] : '';
$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$files_list = json_decode($files);
// in case we get only a single file
if (!is_array($files_list)) {
$files_list = [$files];
}
/**
* @psalm-taint-escape cookie
*/
function cleanCookieInput(string $value): string {
if (strlen($value) > 32) {
return '';
}
if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) {
return '';
}
return $value;
}
/**
* this sets a cookie to be able to recognize the start of the download
* the content must not be longer than 32 characters and must only contain
* alphanumeric characters
*/
if (isset($_GET['downloadStartSecret'])) {
$value = cleanCookieInput($_GET['downloadStartSecret']);
if ($value !== '') {
setcookie('ocDownloadStarted', $value, time() + 20, '/');
}
}
$server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ];
/**
* Http range requests support
*/
if (isset($_SERVER['HTTP_RANGE'])) {
$server_params['range'] = \OC::$server->getRequest()->getHeader('Range');
}
OC_Files::get($dir, $files_list, $server_params);

338
apps/files/appinfo/routes.php
View file

@ -9,181 +9,169 @@ declare(strict_types=1);
*/
namespace OCA\Files\AppInfo;
use OCA\Files\Controller\OpenLocalEditorController;
// Legacy routes above
/** @var \OC\Route\Router $this */
$this->create('files_ajax_download', 'apps/files/ajax/download.php')
->actionInclude('files/ajax/download.php');
/** @var Application $application */
$application = \OC::$server->get(Application::class);
$application->registerRoutes(
$this,
[
'routes' => [
[
'name' => 'view#index',
'url' => '/',
'verb' => 'GET',
],
[
'name' => 'View#showFile',
'url' => '/f/{fileid}',
'verb' => 'GET',
'root' => '',
],
[
'name' => 'Api#getThumbnail',
'url' => '/api/v1/thumbnail/{x}/{y}/{file}',
'verb' => 'GET',
'requirements' => ['file' => '.+']
],
[
'name' => 'Api#updateFileTags',
'url' => '/api/v1/files/{path}',
'verb' => 'POST',
'requirements' => ['path' => '.+'],
],
[
'name' => 'Api#getRecentFiles',
'url' => '/api/v1/recent/',
'verb' => 'GET'
],
[
'name' => 'Api#getStorageStats',
'url' => '/api/v1/stats',
'verb' => 'GET'
],
[
'name' => 'Api#setViewConfig',
'url' => '/api/v1/views/{view}/{key}',
'verb' => 'PUT'
],
[
'name' => 'Api#setViewConfig',
'url' => '/api/v1/views',
'verb' => 'PUT'
],
[
'name' => 'Api#getViewConfigs',
'url' => '/api/v1/views',
'verb' => 'GET'
],
[
'name' => 'Api#setConfig',
'url' => '/api/v1/config/{key}',
'verb' => 'PUT'
],
[
'name' => 'Api#getConfigs',
'url' => '/api/v1/configs',
'verb' => 'GET'
],
[
'name' => 'Api#showHiddenFiles',
'url' => '/api/v1/showhidden',
'verb' => 'POST'
],
[
'name' => 'Api#cropImagePreviews',
'url' => '/api/v1/cropimagepreviews',
'verb' => 'POST'
],
[
'name' => 'Api#showGridView',
'url' => '/api/v1/showgridview',
'verb' => 'POST'
],
[
'name' => 'Api#getGridView',
'url' => '/api/v1/showgridview',
'verb' => 'GET'
],
[
'name' => 'DirectEditingView#edit',
'url' => '/directEditing/{token}',
'verb' => 'GET'
],
[
'name' => 'Api#serviceWorker',
'url' => '/preview-service-worker.js',
'verb' => 'GET'
],
[
'name' => 'view#indexView',
'url' => '/{view}',
'verb' => 'GET',
],
[
'name' => 'view#indexViewFileid',
'url' => '/{view}/{fileid}',
'verb' => 'GET',
],
return [
'routes' => [
[
'name' => 'view#index',
'url' => '/',
'verb' => 'GET',
],
'ocs' => [
[
'name' => 'DirectEditing#info',
'url' => '/api/v1/directEditing',
'verb' => 'GET'
],
[
'name' => 'DirectEditing#templates',
'url' => '/api/v1/directEditing/templates/{editorId}/{creatorId}',
'verb' => 'GET'
],
[
'name' => 'DirectEditing#open',
'url' => '/api/v1/directEditing/open',
'verb' => 'POST'
],
[
'name' => 'DirectEditing#create',
'url' => '/api/v1/directEditing/create',
'verb' => 'POST'
],
[
'name' => 'Template#list',
'url' => '/api/v1/templates',
'verb' => 'GET'
],
[
'name' => 'Template#create',
'url' => '/api/v1/templates/create',
'verb' => 'POST'
],
[
'name' => 'Template#path',
'url' => '/api/v1/templates/path',
'verb' => 'POST'
],
[
'name' => 'TransferOwnership#transfer',
'url' => '/api/v1/transferownership',
'verb' => 'POST',
],
[
'name' => 'TransferOwnership#accept',
'url' => '/api/v1/transferownership/{id}',
'verb' => 'POST',
],
[
'name' => 'TransferOwnership#reject',
'url' => '/api/v1/transferownership/{id}',
'verb' => 'DELETE',
],
[
/** @see OpenLocalEditorController::create() */
'name' => 'OpenLocalEditor#create',
'url' => '/api/v1/openlocaleditor',
'verb' => 'POST',
],
[
/** @see OpenLocalEditorController::validate() */
'name' => 'OpenLocalEditor#validate',
'url' => '/api/v1/openlocaleditor/{token}',
'verb' => 'POST',
],
[
'name' => 'View#showFile',
'url' => '/f/{fileid}',
'verb' => 'GET',
'root' => '',
],
[
'name' => 'Api#getThumbnail',
'url' => '/api/v1/thumbnail/{x}/{y}/{file}',
'verb' => 'GET',
'requirements' => ['file' => '.+']
],
[
'name' => 'Api#updateFileTags',
'url' => '/api/v1/files/{path}',
'verb' => 'POST',
'requirements' => ['path' => '.+'],
],
[
'name' => 'Api#getRecentFiles',
'url' => '/api/v1/recent/',
'verb' => 'GET'
],
[
'name' => 'Api#getStorageStats',
'url' => '/api/v1/stats',
'verb' => 'GET'
],
[
'name' => 'Api#setViewConfig',
'url' => '/api/v1/views/{view}/{key}',
'verb' => 'PUT'
],
[
'name' => 'Api#setViewConfig',
'url' => '/api/v1/views',
'verb' => 'PUT'
],
[
'name' => 'Api#getViewConfigs',
'url' => '/api/v1/views',
'verb' => 'GET'
],
[
'name' => 'Api#setConfig',
'url' => '/api/v1/config/{key}',
'verb' => 'PUT'
],
[
'name' => 'Api#getConfigs',
'url' => '/api/v1/configs',
'verb' => 'GET'
],
[
'name' => 'Api#showHiddenFiles',
'url' => '/api/v1/showhidden',
'verb' => 'POST'
],
[
'name' => 'Api#cropImagePreviews',
'url' => '/api/v1/cropimagepreviews',
'verb' => 'POST'
],
[
'name' => 'Api#showGridView',
'url' => '/api/v1/showgridview',
'verb' => 'POST'
],
[
'name' => 'Api#getGridView',
'url' => '/api/v1/showgridview',
'verb' => 'GET'
],
[
'name' => 'DirectEditingView#edit',
'url' => '/directEditing/{token}',
'verb' => 'GET'
],
[
'name' => 'Api#serviceWorker',
'url' => '/preview-service-worker.js',
'verb' => 'GET'
],
[
'name' => 'view#indexView',
'url' => '/{view}',
'verb' => 'GET',
],
[
'name' => 'view#indexViewFileid',
'url' => '/{view}/{fileid}',
'verb' => 'GET',
],
],
'ocs' => [
[
'name' => 'DirectEditing#info',
'url' => '/api/v1/directEditing',
'verb' => 'GET'
],
[
'name' => 'DirectEditing#templates',
'url' => '/api/v1/directEditing/templates/{editorId}/{creatorId}',
'verb' => 'GET'
],
[
'name' => 'DirectEditing#open',
'url' => '/api/v1/directEditing/open',
'verb' => 'POST'
],
[
'name' => 'DirectEditing#create',
'url' => '/api/v1/directEditing/create',
'verb' => 'POST'
],
[
'name' => 'Template#list',
'url' => '/api/v1/templates',
'verb' => 'GET'
],
[
'name' => 'Template#create',
'url' => '/api/v1/templates/create',
'verb' => 'POST'
],
[
'name' => 'Template#path',
'url' => '/api/v1/templates/path',
'verb' => 'POST'
],
[
'name' => 'TransferOwnership#transfer',
'url' => '/api/v1/transferownership',
'verb' => 'POST',
],
[
'name' => 'TransferOwnership#accept',
'url' => '/api/v1/transferownership/{id}',
'verb' => 'POST',
],
[
'name' => 'TransferOwnership#reject',
'url' => '/api/v1/transferownership/{id}',
'verb' => 'DELETE',
],
[
/** @see OpenLocalEditorController::create() */
'name' => 'OpenLocalEditor#create',
'url' => '/api/v1/openlocaleditor',
'verb' => 'POST',
],
[
/** @see OpenLocalEditorController::validate() */
'name' => 'OpenLocalEditor#validate',
'url' => '/api/v1/openlocaleditor/{token}',
'verb' => 'POST',
],
]
);
];

4
apps/files/src/actions/downloadAction.spec.ts
View file

@ -141,7 +141,7 @@ describe('Download action execute tests', () => {
// Silent action
expect(exec).toBe(null)
expect(link.download).toEqual('')
expect(link.href.startsWith('/index.php/apps/files/ajax/download.php?dir=%2F&files=%5B%22FooBar%22%5D&downloadStartSecret=')).toBe(true)
expect(link.href).toMatch('https://cloud.domain.com/remote.php/dav/files/admin/FooBar/?accept=zip')
expect(link.click).toHaveBeenCalledTimes(1)
})
@ -166,7 +166,7 @@ describe('Download action execute tests', () => {
// Silent action
expect(exec).toStrictEqual([null, null])
expect(link.download).toEqual('')
expect(link.href.startsWith('/index.php/apps/files/ajax/download.php?dir=%2FDir&files=%5B%22foo.txt%22%2C%22bar.txt%22%5D&downloadStartSecret=')).toBe(true)
expect(link.href).toMatch('https://cloud.domain.com/remote.php/dav/files/admin/Dir/?accept=zip&files=%5B%22foo.txt%22%2C%22bar.txt%22%5D')
expect(link.click).toHaveBeenCalledTimes(1)
})
})

98
apps/files/src/actions/downloadAction.ts
View file

@ -2,11 +2,8 @@
* SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
import { FileAction, Node, FileType, View, DefaultType } from '@nextcloud/files'
import { FileAction, Node, FileType, DefaultType } from '@nextcloud/files'
import { t } from '@nextcloud/l10n'
import { generateUrl } from '@nextcloud/router'
import { getSharingToken, isPublicShare } from '@nextcloud/sharing/public'
import { basename } from 'path'
import { isDownloadable } from '../utils/permissions'
import ArrowDownSvg from '@mdi/svg/svg/arrow-down.svg?raw'
@ -18,25 +15,57 @@ const triggerDownload = function(url: string) {
hiddenElement.click()
}
const downloadNodes = function(dir: string, nodes: Node[]) {
const secret = Math.random().toString(36).substring(2)
let url: string
if (isPublicShare()) {
url = generateUrl('/s/{token}/download/{filename}?path={dir}&files={files}&downloadStartSecret={secret}', {
dir,
secret,
files: JSON.stringify(nodes.map(node => node.basename)),
token: getSharingToken(),
filename: `${basename(dir)}.zip}`,
})
} else {
url = generateUrl('/apps/files/ajax/download.php?dir={dir}&files={files}&downloadStartSecret={secret}', {
dir,
secret,
files: JSON.stringify(nodes.map(node => node.basename)),
})
/**
* Find the longest common path prefix of both input paths
* @param first The first path
* @param second The second path
*/
function longestCommonPath(first: string, second: string): string {
const firstSegments = first.split('/').filter(Boolean)
const secondSegments = second.split('/').filter(Boolean)
let base = ''
for (const [index, segment] of firstSegments.entries()) {
if (index >= second.length) {
break
}
if (segment !== secondSegments[index]) {
break
}
const sep = base === '' ? '' : '/'
base = `${base}${sep}${segment}`
}
triggerDownload(url)
return base
}
const downloadNodes = function(nodes: Node[]) {
let url: URL
if (nodes.length === 1) {
if (nodes[0].type === FileType.File) {
return triggerDownload(nodes[0].encodedSource)
} else {
url = new URL(nodes[0].encodedSource)
url.searchParams.append('accept', 'zip')
}
} else {
url = new URL(nodes[0].source)
let base = url.pathname
for (const node of nodes.slice(1)) {
base = longestCommonPath(base, (new URL(node.source).pathname))
}
url.pathname = base
// The URL contains the path encoded so we need to decode as the query.append will re-encode it
const filenames = nodes.map((node) => decodeURI(node.encodedSource.slice(url.href.length + 1)))
url.searchParams.append('accept', 'zip')
url.searchParams.append('files', JSON.stringify(filenames))
}
if (url.pathname.at(-1) !== '/') {
url.pathname = `${url.pathname}/`
}
return triggerDownload(url.href)
}
export const action = new FileAction({
@ -51,34 +80,21 @@ export const action = new FileAction({
return false
}
// We can download direct dav files. But if we have
// some folders, we need to use the /apps/files/ajax/download.php
// endpoint, which only supports user root folder.
if (nodes.some(node => node.type === FileType.Folder)
&& nodes.some(node => !node.root?.startsWith('/files'))) {
// We can only download dav files and folders.
if (nodes.some(node => !node.isDavRessource)) {
return false
}
return nodes.every(isDownloadable)
},
async exec(node: Node, view: View, dir: string) {
if (node.type === FileType.Folder) {
downloadNodes(dir, [node])
return null
}
triggerDownload(node.encodedSource)
async exec(node: Node) {
downloadNodes([node])
return null
},
async execBatch(nodes: Node[], view: View, dir: string) {
if (nodes.length === 1) {
this.exec(nodes[0], view, dir)
return [null]
}
downloadNodes(dir, nodes)
async execBatch(nodes: Node[]) {
downloadNodes(nodes)
return new Array(nodes.length).fill(null)
},

115
apps/files_sharing/lib/Controller/ShareController.php
View file

@ -7,8 +7,6 @@
namespace OCA\Files_Sharing\Controller;
use OC\Security\CSP\ContentSecurityPolicy;
use OC_Files;
use OC_Util;
use OCA\DAV\Connector\Sabre\PublicAuth;
use OCA\FederatedFileSharing\FederatedShareProvider;
use OCA\Files_Sharing\Activity\Providers\Downloads;
@ -20,6 +18,7 @@ use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\Defaults;
use OCP\EventDispatcher\IEventDispatcher;
@ -337,15 +336,15 @@ class ShareController extends AuthPublicShareController {
* @NoSameSiteCookieRequired
*
* @param string $token
* @param string $files
* @param string|null $files
* @param string $path
* @param string $downloadStartSecret
* @return void|\OCP\AppFramework\Http\Response
* @throws NotFoundException
* @deprecated 31.0.0 Users are encouraged to use the DAV endpoint
*/
#[PublicPage]
#[NoCSRFRequired]
public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
public function downloadShare($token, $files = null, $path = '') {
\OC_User::setIncognitoMode(true);
$share = $this->shareManager->getShareByToken($token);
@ -354,27 +353,10 @@ class ShareController extends AuthPublicShareController {
return new \OCP\AppFramework\Http\DataResponse('Share has no read permission');
}
$files_list = null;
if (!is_null($files)) { // download selected files
$files_list = json_decode($files);
// in case we get only a single file
if ($files_list === null) {
$files_list = [$files];
}
// Just in case $files is a single int like '1234'
if (!is_array($files_list)) {
$files_list = [$files_list];
}
}
if (!$this->validateShare($share)) {
throw new NotFoundException();
}
$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
$originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
// Single file share
if ($share->getNode() instanceof \OCP\Files\File) {
// Single file download
@ -396,84 +378,35 @@ class ShareController extends AuthPublicShareController {
}
}
$originalSharePath = $userFolder->getRelativePath($node->getPath());
if ($node instanceof \OCP\Files\File) {
if ($node instanceof \OCP\Files\Folder) {
if ($files === null || $files === '') {
// The folder is downloaded
$this->singleFileDownloaded($share, $share->getNode());
} else {
$fileList = json_decode($files);
// in case we get only a single file
if (!is_array($fileList)) {
$fileList = [$fileList];
}
foreach ($fileList as $file) {
$subNode = $node->get($file);
$this->singleFileDownloaded($share, $subNode);
}
}
} else {
// Single file download
$this->singleFileDownloaded($share, $share->getNode());
} else {
try {
if (!empty($files_list)) {
$this->fileListDownloaded($share, $files_list, $node);
} else {
// The folder is downloaded
$this->singleFileDownloaded($share, $share->getNode());
}
} catch (NotFoundException $e) {
return new NotFoundResponse();
}
}
}
/* FIXME: We should do this all nicely in OCP */
OC_Util::tearDownFS();
OC_Util::setupFS($share->getShareOwner());
/**
* this sets a cookie to be able to recognize the start of the download
* the content must not be longer than 32 characters and must only contain
* alphanumeric characters
*/
if (!empty($downloadStartSecret)
&& !isset($downloadStartSecret[32])
&& preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
// FIXME: set on the response once we use an actual app framework response
setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');
}
$this->emitAccessShareHook($share);
$this->emitShareAccessEvent($share, self::SHARE_DOWNLOAD);
$server_params = [ 'head' => $this->request->getMethod() === 'HEAD' ];
/**
* Http range requests support
*/
if (isset($_SERVER['HTTP_RANGE'])) {
$server_params['range'] = $this->request->getHeader('Range');
}
// download selected files
if (!is_null($files) && $files !== '') {
// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
// after dispatching the request which results in a "Cannot modify header information" notice.
OC_Files::get($originalSharePath, $files_list, $server_params);
exit();
} else {
// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
// after dispatching the request which results in a "Cannot modify header information" notice.
OC_Files::get(dirname($originalSharePath), basename($originalSharePath), $server_params);
exit();
}
}
/**
* create activity for every downloaded file
*
* @param Share\IShare $share
* @param array $files_list
* @param \OCP\Files\Folder $node
* @throws NotFoundException when trying to download a folder or multiple files of a "hide download" share
*/
protected function fileListDownloaded(Share\IShare $share, array $files_list, \OCP\Files\Folder $node) {
if ($share->getHideDownload() && count($files_list) > 1) {
throw new NotFoundException('Downloading more than 1 file');
}
foreach ($files_list as $file) {
$subNode = $node->get($file);
$this->singleFileDownloaded($share, $subNode);
$davUrl = '/public.php/dav/files/' . $token . '/?accept=zip';
if ($files !== null) {
$davUrl .= '&files=' . $files;
}
return new RedirectResponse($this->urlGenerator->getAbsoluteURL($davUrl));
}
/**

20
build/integration/dav_features/dav-v2-public.feature
View file

@ -20,3 +20,23 @@ Feature: dav-v2-public
Given using new public dav path
When Requesting share note on dav endpoint
Then the single response should contain a property "{http://nextcloud.org/ns}note" with value "Hello"
Scenario: Download a folder
Given using new dav path
And As an "admin"
And user "user0" exists
And user "user0" created a folder "/testshare"
And user "user0" created a folder "/testshare/testFolder"
When User "user0" uploads file "data/textfile.txt" to "/testshare/testFolder/text.txt"
When User "user0" uploads file "data/green-square-256.png" to "/testshare/testFolder/image.png"
And as "user0" creating a share with
| path | testshare |
| shareType | 3 |
| permissions | 1 |
And As an "user1"
Given using new public dav path
When Downloading public folder "testFolder"
Then the downloaded file is a zip file
Then the downloaded zip file contains a folder named "testFolder/"
And the downloaded zip file contains a file named "testFolder/text.txt" with the contents of "/testshare/testFolder/text.txt" from "user0" data
And the downloaded zip file contains a file named "testFolder/image.png" with the contents of "/testshare/testFolder/image.png" from "user0" data

15
build/integration/dav_features/dav-v2.feature
View file

@ -1,5 +1,6 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: dav-v2
Background:
Given using api version "1"
@ -45,6 +46,20 @@ Feature: dav-v2
Then Downloaded content should start with "Welcome to your Nextcloud account!"
Then the HTTP status code should be "200"
Scenario: Download a folder
Given using new dav path
And As an "admin"
And user "user0" exists
And user "user0" created a folder "/testFolder"
When User "user0" uploads file "data/textfile.txt" to "/testFolder/text.txt"
When User "user0" uploads file "data/green-square-256.png" to "/testFolder/image.png"
And As an "user0"
When Downloading folder "/testFolder"
Then the downloaded file is a zip file
Then the downloaded zip file contains a folder named "testFolder/"
And the downloaded zip file contains a file named "testFolder/text.txt" with the contents of "/testFolder/text.txt" from "user0" data
And the downloaded zip file contains a file named "testFolder/image.png" with the contents of "/testFolder/image.png" from "user0" data
Scenario: Doing a PROPFIND with a web login should not work without CSRF token on the new backend
Given Logging in using web as "admin"
When Sending a "PROPFIND" to "/remote.php/dav/files/admin/welcome.txt" without requesttoken

23
build/integration/features/bootstrap/Download.php
View file

@ -4,6 +4,7 @@
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
use PHPUnit\Framework\Assert;
use Psr\Http\Message\StreamInterface;
require __DIR__ . '/../../vendor/autoload.php';
@ -20,16 +21,16 @@ trait Download {
* @When user :user downloads zip file for entries :entries in folder :folder
*/
public function userDownloadsZipFileForEntriesInFolder($user, $entries, $folder) {
$folder = trim($folder, '/');
$this->asAn($user);
$this->sendingToDirectUrl('GET', '/index.php/apps/files/ajax/download.php?dir=' . $folder . '&files=[' . $entries . ']');
$this->sendingToDirectUrl('GET', "/remote.php/dav/files/$user/$folder?accept=zip&files=[" . $entries . ']');
$this->theHTTPStatusCodeShouldBe('200');
$this->getDownloadedFile();
}
private function getDownloadedFile() {
$this->downloadedFile = '';
/** @var StreamInterface */
$body = $this->response->getBody();
while (!$body->eof()) {
$this->downloadedFile .= $body->read(8192);
@ -37,10 +38,24 @@ trait Download {
$body->close();
}
/**
* @Then the downloaded file is a zip file
*/
public function theDownloadedFileIsAZipFile() {
$this->getDownloadedFile();
Assert::assertTrue(
strpos($this->downloadedFile, "\x50\x4B\x01\x02") !== false,
'File does not contain the central directory file header'
);
}
/**
* @Then the downloaded zip file is a zip32 file
*/
public function theDownloadedZipFileIsAZip32File() {
$this->theDownloadedFileIsAZipFile();
// assertNotContains is not used to prevent the whole file from being
// printed in case of error.
Assert::assertTrue(
@ -53,6 +68,8 @@ trait Download {
* @Then the downloaded zip file is a zip64 file
*/
public function theDownloadedZipFileIsAZip64File() {
$this->theDownloadedFileIsAZipFile();
// assertNotContains is not used to prevent the whole file from being
// printed in case of error.
Assert::assertTrue(

27
build/integration/features/bootstrap/WebDav.php
View file

@ -238,6 +238,33 @@ trait WebDav {
$this->downloadedContentShouldBe($content);
}
/**
* @When Downloading folder :folderName
*/
public function downloadingFolder(string $folderName) {
try {
$this->response = $this->makeDavRequest($this->currentUser, 'GET', $folderName, ['Accept' => 'application/zip']);
} catch (\GuzzleHttp\Exception\ClientException $e) {
$this->response = $e->getResponse();
}
}
/**
* @When Downloading public folder :folderName
*/
public function downloadPublicFolder(string $folderName) {
$token = $this->lastShareData->data->token;
$fullUrl = substr($this->baseUrl, 0, -4) . "public.php/dav/files/$token/$folderName";
$client = new GClient();
$options = [];
$options['headers'] = [
'Accept' => 'application/zip'
];
$this->response = $client->request('GET', $fullUrl, $options);
}
/**
* @When Downloading file :fileName
* @param string $fileName

56
build/integration/files_features/download.feature
View file

@ -2,60 +2,60 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: download
Scenario: downloading 2 small files returns a zip32
Scenario: downloading 2 small files
Given using new dav path
And user "user0" exists
And User "user0" copies file "/welcome.txt" to "/welcome2.txt"
When user "user0" downloads zip file for entries '"welcome.txt","welcome2.txt"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/welcome.txt" from "user0" data
And the downloaded zip file contains a file named "welcome2.txt" with the contents of "/welcome2.txt" from "user0" data
Scenario: downloading a small file and a directory returns a zip32
Scenario: downloading a small file and a directory
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/emptySubFolder"
When user "user0" downloads zip file for entries '"welcome.txt","emptySubFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "emptySubFolder/"
Scenario: downloading a small file and 2 nested directories returns a zip32
Scenario: downloading a small file and 2 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/subFolder"
And user "user0" created a folder "/subFolder/emptySubSubFolder"
When user "user0" downloads zip file for entries '"welcome.txt","subFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "subFolder/"
And the downloaded zip file contains a folder named "subFolder/emptySubSubFolder/"
Scenario: downloading dir with 2 small files returns a zip32
Scenario: downloading dir with 2 small files
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/sparseFolder"
And User "user0" copies file "/welcome.txt" to "/sparseFolder/welcome.txt"
And User "user0" copies file "/welcome.txt" to "/sparseFolder/welcome2.txt"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a file named "sparseFolder/welcome2.txt" with the contents of "/sparseFolder/welcome2.txt" from "user0" data
Scenario: downloading dir with a small file and a directory returns a zip32
Scenario: downloading dir with a small file and a directory
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/sparseFolder"
And User "user0" copies file "/welcome.txt" to "/sparseFolder/welcome.txt"
And user "user0" created a folder "/sparseFolder/emptySubFolder"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "sparseFolder/emptySubFolder/"
Scenario: downloading dir with a small file and 2 nested directories returns a zip32
Scenario: downloading dir with a small file and 2 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/sparseFolder"
@ -63,35 +63,35 @@ Feature: download
And user "user0" created a folder "/sparseFolder/subFolder"
And user "user0" created a folder "/sparseFolder/subFolder/emptySubSubFolder"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "sparseFolder/subFolder/"
And the downloaded zip file contains a folder named "sparseFolder/subFolder/emptySubSubFolder/"
Scenario: downloading (from folder) 2 small files returns a zip32
Scenario: downloading (from folder) 2 small files
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
And User "user0" copies file "/welcome.txt" to "/baseFolder/welcome.txt"
And User "user0" copies file "/welcome.txt" to "/baseFolder/welcome2.txt"
When user "user0" downloads zip file for entries '"welcome.txt","welcome2.txt"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/baseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a file named "welcome2.txt" with the contents of "/baseFolder/welcome2.txt" from "user0" data
Scenario: downloading (from folder) a small file and a directory returns a zip32
Scenario: downloading (from folder) a small file and a directory
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
And User "user0" copies file "/welcome.txt" to "/baseFolder/welcome.txt"
And user "user0" created a folder "/baseFolder/emptySubFolder"
When user "user0" downloads zip file for entries '"welcome.txt","emptySubFolder"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/baseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "emptySubFolder/"
Scenario: downloading (from folder) a small file and 2 nested directories returns a zip32
Scenario: downloading (from folder) a small file and 2 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
@ -99,12 +99,12 @@ Feature: download
And user "user0" created a folder "/baseFolder/subFolder"
And user "user0" created a folder "/baseFolder/subFolder/emptySubSubFolder"
When user "user0" downloads zip file for entries '"welcome.txt","subFolder"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/baseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "subFolder/"
And the downloaded zip file contains a folder named "subFolder/emptySubSubFolder/"
Scenario: downloading (from folder) dir with 2 small files returns a zip32
Scenario: downloading (from folder) dir with 2 small files
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
@ -112,12 +112,12 @@ Feature: download
And User "user0" copies file "/welcome.txt" to "/baseFolder/sparseFolder/welcome.txt"
And User "user0" copies file "/welcome.txt" to "/baseFolder/sparseFolder/welcome2.txt"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/baseFolder/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a file named "sparseFolder/welcome2.txt" with the contents of "/baseFolder/sparseFolder/welcome2.txt" from "user0" data
Scenario: downloading (from folder) dir with a small file and a directory returns a zip32
Scenario: downloading (from folder) dir with a small file and a directory
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
@ -125,12 +125,12 @@ Feature: download
And User "user0" copies file "/welcome.txt" to "/baseFolder/sparseFolder/welcome.txt"
And user "user0" created a folder "/baseFolder/sparseFolder/emptySubFolder"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/baseFolder/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "sparseFolder/emptySubFolder/"
Scenario: downloading (from folder) dir with a small file and 2 nested directories returns a zip32
Scenario: downloading (from folder) dir with a small file and 2 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/baseFolder"
@ -139,14 +139,14 @@ Feature: download
And user "user0" created a folder "/baseFolder/sparseFolder/subFolder"
And user "user0" created a folder "/baseFolder/sparseFolder/subFolder/emptySubSubFolder"
When user "user0" downloads zip file for entries '"sparseFolder"' in folder "/baseFolder/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "sparseFolder/"
And the downloaded zip file contains a file named "sparseFolder/welcome.txt" with the contents of "/baseFolder/sparseFolder/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "sparseFolder/subFolder/"
And the downloaded zip file contains a folder named "sparseFolder/subFolder/emptySubSubFolder/"
@large
Scenario: downloading small file and dir with 65524 small files and 9 nested directories returns a zip32
Scenario: downloading small file and dir with 65524 small files and 9 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/crowdedFolder"
@ -174,7 +174,7 @@ Feature: download
And user "user0" created a folder "/crowdedFolder/subFolder7/subSubFolder"
And user "user0" created a folder "/crowdedFolder/subFolder7/subSubFolder/emptySubSubSubFolder"
When user "user0" downloads zip file for entries '"welcome.txt","crowdedFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a file named "welcome.txt" with the contents of "/welcome.txt" from "user0" data
And the downloaded zip file contains a folder named "crowdedFolder/"
And the downloaded zip file contains a folder named "crowdedFolder/subFolder1/"
@ -183,7 +183,7 @@ Feature: download
And the downloaded zip file contains a folder named "crowdedFolder/subFolder7/subSubFolder/emptySubSubSubFolder/"
@large
Scenario: downloading dir with 65525 small files and 9 nested directories returns a zip32
Scenario: downloading dir with 65525 small files and 9 nested directories
Given using new dav path
And user "user0" exists
And user "user0" created a folder "/crowdedFolder"
@ -211,7 +211,7 @@ Feature: download
And user "user0" created a folder "/crowdedFolder/subFolder7/subSubFolder"
And user "user0" created a folder "/crowdedFolder/subFolder7/subSubFolder/emptySubSubSubFolder"
When user "user0" downloads zip file for entries '"crowdedFolder"' in folder "/"
Then the downloaded zip file is a zip32 file
Then the downloaded file is a zip file
And the downloaded zip file contains a folder named "crowdedFolder/"
And the downloaded zip file contains a folder named "crowdedFolder/subFolder1/"
And the downloaded zip file contains a file named "crowdedFolder/subFolder1/test.txt-0" with the contents of "/crowdedFolder/subFolder1/test.txt-0" from "user0" data

4
cypress/e2e/files_sharing/public-share/download-files.cy.ts
View file

@ -11,8 +11,6 @@ import { getShareUrl, setupPublicShare } from './setup-public-share.ts'
describe('files_sharing: Public share - downloading files', { testIsolation: true }, () => {
const shareName = 'shared'
before(() => setupPublicShare())
deleteDownloadsFolderBeforeEach()
@ -40,7 +38,7 @@ describe('files_sharing: Public share - downloading files', { testIsolation: tru
// check a file is downloaded
const downloadsFolder = Cypress.config('downloadsFolder')
cy.readFile(`${downloadsFolder}/${shareName}.zip`, null, { timeout: 15000 })
cy.readFile(`${downloadsFolder}/download.zip`, null, { timeout: 15000 })
.should('exist')
.and('have.length.gt', 30)
// Check all files are included

4
dist/files-init.js vendored
View file

File diff suppressed because one or more lines are too long

2
dist/files-init.js.map vendored
View file

File diff suppressed because one or more lines are too long

1
lib/composer/composer/autoload_classmap.php
View file

@ -2008,7 +2008,6 @@ return array(
'OC\\User\\User' => $baseDir . '/lib/private/User/User.php',
'OC_App' => $baseDir . '/lib/private/legacy/OC_App.php',
'OC_Defaults' => $baseDir . '/lib/private/legacy/OC_Defaults.php',
'OC_Files' => $baseDir . '/lib/private/legacy/OC_Files.php',
'OC_Helper' => $baseDir . '/lib/private/legacy/OC_Helper.php',
'OC_Hook' => $baseDir . '/lib/private/legacy/OC_Hook.php',
'OC_JSON' => $baseDir . '/lib/private/legacy/OC_JSON.php',

1
lib/composer/composer/autoload_static.php
View file

@ -2041,7 +2041,6 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
'OC\\User\\User' => __DIR__ . '/../../..' . '/lib/private/User/User.php',
'OC_App' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_App.php',
'OC_Defaults' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_Defaults.php',
'OC_Files' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_Files.php',
'OC_Helper' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_Helper.php',
'OC_Hook' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_Hook.php',
'OC_JSON' => __DIR__ . '/../../..' . '/lib/private/legacy/OC_JSON.php',

24
lib/private/Streamer.php
View file

@ -21,20 +21,30 @@ use ZipStreamer\ZipStreamer;
class Streamer {
// array of regexp. Matching user agents will get tar instead of zip
private array $preferTarFor = [ '/macintosh|mac os x/i' ];
private const UA_PREFERS_TAR = [ '/macintosh|mac os x/i' ];
// streamer instance
private $streamerInstance;
public static function isUserAgentPreferTar(IRequest $request): bool {
return $request->isUserAgent(self::UA_PREFERS_TAR);
}
/**
* Streamer constructor.
*
* @param IRequest $request
* @param bool|IRequest $preferTar If true a tar stream is used.
* For legacy reasons also a IRequest can be passed to detect this preference by user agent,
* please migrate to `Streamer::isUserAgentPreferTar()` instead.
* @param int|float $size The size of the files in bytes
* @param int $numberOfFiles The number of files (and directories) that will
* be included in the streamed file
*/
public function __construct(IRequest $request, int|float $size, int $numberOfFiles) {
public function __construct(IRequest|bool $preferTar, int|float $size, int $numberOfFiles) {
if ($preferTar instanceof IRequest) {
$preferTar = self::isUserAgentPreferTar($preferTar);
}
/**
* zip32 constraints for a basic (without compression, volumes nor
* encryption) zip file according to the Zip specification:
@ -61,10 +71,11 @@ class Streamer {
* from not fully scanned external storage. And then things fall apart
* if somebody tries to package to much.
*/
if ($size > 0 && $size < 4 * 1000 * 1000 * 1000 && $numberOfFiles < 65536) {
$this->streamerInstance = new ZipStreamer(['zip64' => false]);
} elseif ($request->isUserAgent($this->preferTarFor)) {
if ($preferTar) {
// If TAR ball is preferred use it
$this->streamerInstance = new TarStreamer();
} elseif ($size > 0 && $size < 4 * 1000 * 1000 * 1000 && $numberOfFiles < 65536) {
$this->streamerInstance = new ZipStreamer(['zip64' => false]);
} else {
$this->streamerInstance = new ZipStreamer(['zip64' => PHP_INT_SIZE !== 4]);
}
@ -84,6 +95,7 @@ class Streamer {
/**
* Stream directory recursively
*
* @param string $dir Directory path relative to root of current user
* @throws NotFoundException
* @throws NotPermittedException
* @throws InvalidPathException

428
lib/private/legacy/OC_Files.php
View file

@ -1,428 +0,0 @@
<?php
/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
use bantu\IniGetWrapper\IniGetWrapper;
use OC\Files\View;
use OC\HintException;
use OC\Streamer;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\Events\BeforeDirectFileDownloadEvent;
use OCP\Files\Events\BeforeZipCreatedEvent;
use OCP\Files\IRootFolder;
use OCP\Lock\ILockingProvider;
use Psr\Log\LoggerInterface;
/**
* Class for file server access
*/
class OC_Files {
public const FILE = 1;
public const ZIP_FILES = 2;
public const ZIP_DIR = 3;
public const UPLOAD_MIN_LIMIT_BYTES = 1048576; // 1 MiB
private static string $multipartBoundary = '';
private static function getBoundary(): string {
if (empty(self::$multipartBoundary)) {
self::$multipartBoundary = md5((string)mt_rand());
}
return self::$multipartBoundary;
}
/**
* @param string $filename
* @param string $name
* @param array $rangeArray ('from'=>int,'to'=>int), ...
*/
private static function sendHeaders($filename, $name, array $rangeArray): void {
OC_Response::setContentDispositionHeader($name, 'attachment');
header('Content-Transfer-Encoding: binary', true);
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
$fileSize = \OC\Files\Filesystem::filesize($filename);
$type = \OC::$server->getMimeTypeDetector()->getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename));
if ($fileSize > -1) {
if (!empty($rangeArray)) {
http_response_code(206);
header('Accept-Ranges: bytes', true);
if (count($rangeArray) > 1) {
$type = 'multipart/byteranges; boundary=' . self::getBoundary();
// no Content-Length header here
} else {
header(sprintf('Content-Range: bytes %d-%d/%d', $rangeArray[0]['from'], $rangeArray[0]['to'], $fileSize), true);
OC_Response::setContentLengthHeader($rangeArray[0]['to'] - $rangeArray[0]['from'] + 1);
}
} else {
OC_Response::setContentLengthHeader($fileSize);
}
}
header('Content-Type: ' . $type, true);
header('X-Accel-Buffering: no');
}
/**
* return the content of a file or return a zip file containing multiple files
*
* @param string $dir
* @param string|array $files ; separated list of files to download
* @param array $params ; 'head' boolean to only send header of the request ; 'range' http range header
*/
public static function get($dir, $files, $params = null) {
OC_Util::setupFS();
$view = \OC\Files\Filesystem::getView();
$getType = self::FILE;
$filename = $dir;
try {
if (is_array($files) && count($files) === 1) {
$files = $files[0];
}
if (!is_array($files)) {
$filename = $dir . '/' . $files;
if (!$view->is_dir($filename)) {
self::getSingleFile($view, $dir, $files, is_null($params) ? [] : $params);
return;
}
}
$name = 'download';
if (is_array($files)) {
$getType = self::ZIP_FILES;
$basename = basename($dir);
if ($basename) {
$name = $basename;
}
$filename = $dir . '/' . $name;
} else {
$filename = $dir . '/' . $files;
$getType = self::ZIP_DIR;
// downloading root ?
if ($files !== '') {
$name = $files;
}
}
self::lockFiles($view, $dir, $files);
$numberOfFiles = 0;
$fileSize = 0;
/* Calculate filesize and number of files */
if ($getType === self::ZIP_FILES) {
$fileInfos = [];
foreach ($files as $file) {
$fileInfo = \OC\Files\Filesystem::getFileInfo($dir . '/' . $file);
if ($fileInfo) {
$fileSize += $fileInfo->getSize();
$fileInfos[] = $fileInfo;
}
}
$numberOfFiles = self::getNumberOfFiles($fileInfos);
} elseif ($getType === self::ZIP_DIR) {
$fileInfo = \OC\Files\Filesystem::getFileInfo($dir . '/' . $files);
if ($fileInfo) {
$fileSize = $fileInfo->getSize();
$numberOfFiles = self::getNumberOfFiles([$fileInfo]);
}
}
//Dispatch an event to see if any apps have problem with download
$event = new BeforeZipCreatedEvent($dir, is_array($files) ? $files : [$files]);
$dispatcher = \OCP\Server::get(IEventDispatcher::class);
$dispatcher->dispatchTyped($event);
if ((!$event->isSuccessful()) || $event->getErrorMessage() !== null) {
throw new \OC\ForbiddenException($event->getErrorMessage());
}
$streamer = new Streamer(\OC::$server->getRequest(), $fileSize, $numberOfFiles);
OC_Util::obEnd();
$streamer->sendHeaders($name);
$executionTime = (int)OC::$server->get(IniGetWrapper::class)->getNumeric('max_execution_time');
if (!str_contains(@ini_get('disable_functions'), 'set_time_limit')) {
@set_time_limit(0);
}
ignore_user_abort(true);
if ($getType === self::ZIP_FILES) {
foreach ($files as $file) {
$file = $dir . '/' . $file;
if (\OC\Files\Filesystem::is_file($file)) {
$userFolder = \OC::$server->get(IRootFolder::class)->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($file);
if ($file instanceof \OC\Files\Node\File) {
try {
$fh = $file->fopen('r');
} catch (\OCP\Files\NotPermittedException $e) {
continue;
}
$fileSize = $file->getSize();
$fileTime = $file->getMTime();
} else {
// File is not a file? …
\OCP\Server::get(LoggerInterface::class)->debug(
'File given, but no Node available. Name {file}',
[ 'app' => 'files', 'file' => $file ]
);
continue;
}
$streamer->addFileFromStream($fh, $file->getName(), $fileSize, $fileTime);
fclose($fh);
} elseif (\OC\Files\Filesystem::is_dir($file)) {
$streamer->addDirRecursive($file);
}
}
} elseif ($getType === self::ZIP_DIR) {
$file = $dir . '/' . $files;
$streamer->addDirRecursive($file);
}
$streamer->finalize();
set_time_limit($executionTime);
self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
} catch (\OCP\Lock\LockedException $ex) {
self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
\OCP\Server::get(LoggerInterface::class)->error('File is currently busy', ['exception' => $ex]);
$l = \OC::$server->getL10N('lib');
$hint = $ex instanceof HintException ? $ex->getHint() : '';
\OC_Template::printErrorPage($l->t('File is currently busy, please try again later'), $hint, 200);
} catch (\OCP\Files\ForbiddenException $ex) {
self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
\OCP\Server::get(LoggerInterface::class)->error('Cannot download file', ['exception' => $ex]);
$l = \OC::$server->getL10N('lib');
\OC_Template::printErrorPage($l->t('Cannot download file'), $ex->getMessage(), 200);
} catch (\OCP\Files\ConnectionLostException $ex) {
self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
\OCP\Server::get(LoggerInterface::class)->debug('Connection lost', ['exception' => $ex]);
/* We do not print anything here, the connection is already closed */
die();
} catch (\Exception $ex) {
self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
\OCP\Server::get(LoggerInterface::class)->error('Cannot download file', ['exception' => $ex]);
$l = \OC::$server->getL10N('lib');
$hint = $ex instanceof HintException ? $ex->getHint() : '';
if ($event && $event->getErrorMessage() !== null) {
$hint .= ' ' . $event->getErrorMessage();
}
\OC_Template::printErrorPage($l->t('Cannot download file'), $hint, 200);
}
}
/**
* @param string $rangeHeaderPos
* @param int|float $fileSize
* @return array $rangeArray ('from'=>int,'to'=>int), ...
*/
private static function parseHttpRangeHeader($rangeHeaderPos, $fileSize): array {
$rArray = explode(',', $rangeHeaderPos);
$minOffset = 0;
$ind = 0;
$rangeArray = [];
foreach ($rArray as $value) {
$ranges = explode('-', $value);
if (is_numeric($ranges[0])) {
if ($ranges[0] < $minOffset) { // case: bytes=500-700,601-999
$ranges[0] = $minOffset;
}
if ($ind > 0 && $rangeArray[$ind - 1]['to'] + 1 == $ranges[0]) { // case: bytes=500-600,601-999
$ind--;
$ranges[0] = $rangeArray[$ind]['from'];
}
}
if (is_numeric($ranges[0]) && is_numeric($ranges[1]) && $ranges[0] < $fileSize && $ranges[0] <= $ranges[1]) {
// case: x-x
if ($ranges[1] >= $fileSize) {
$ranges[1] = $fileSize - 1;
}
$rangeArray[$ind++] = [ 'from' => $ranges[0], 'to' => $ranges[1], 'size' => $fileSize ];
$minOffset = $ranges[1] + 1;
if ($minOffset >= $fileSize) {
break;
}
} elseif (is_numeric($ranges[0]) && $ranges[0] < $fileSize) {
// case: x-
$rangeArray[$ind++] = [ 'from' => $ranges[0], 'to' => $fileSize - 1, 'size' => $fileSize ];
break;
} elseif (is_numeric($ranges[1])) {
// case: -x
if ($ranges[1] > $fileSize) {
$ranges[1] = $fileSize;
}
$rangeArray[$ind++] = [ 'from' => $fileSize - $ranges[1], 'to' => $fileSize - 1, 'size' => $fileSize ];
break;
}
}
return $rangeArray;
}
/**
* @param View $view
* @param string $name
* @param string $dir
* @param array $params ; 'head' boolean to only send header of the request ; 'range' http range header
* @throws \OC\ForbiddenException
*/
private static function getSingleFile($view, $dir, $name, $params) {
$filename = $dir . '/' . $name;
$file = null;
try {
$userFolder = \OC::$server->get(IRootFolder::class)->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($filename);
if (!$file instanceof \OC\Files\Node\File || !$file->isReadable()) {
http_response_code(403);
die('403 Forbidden');
}
$fileSize = $file->getSize();
} catch (\OCP\Files\NotPermittedException $e) {
http_response_code(403);
die('403 Forbidden');
} catch (\OCP\Files\InvalidPathException $e) {
http_response_code(403);
die('403 Forbidden');
} catch (\OCP\Files\NotFoundException $e) {
http_response_code(404);
$tmpl = new OC_Template('', '404', 'guest');
$tmpl->printPage();
exit();
}
OC_Util::obEnd();
$view->lockFile($filename, ILockingProvider::LOCK_SHARED);
$rangeArray = [];
if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {
$rangeArray = self::parseHttpRangeHeader(substr($params['range'], 6), $fileSize);
}
$dispatcher = \OCP\Server::get(IEventDispatcher::class);
$event = new BeforeDirectFileDownloadEvent($filename);
$dispatcher->dispatchTyped($event);
if (!\OC\Files\Filesystem::isReadable($filename) || $event->getErrorMessage()) {
if ($event->getErrorMessage()) {
$msg = $event->getErrorMessage();
} else {
$msg = 'Access denied';
}
throw new \OC\ForbiddenException($msg);
}
self::sendHeaders($filename, $name, $rangeArray);
if (isset($params['head']) && $params['head']) {
return;
}
if (!empty($rangeArray)) {
try {
if (count($rangeArray) == 1) {
$view->readfilePart($filename, $rangeArray[0]['from'], $rangeArray[0]['to']);
} else {
// check if file is seekable (if not throw UnseekableException)
// we have to check it before body contents
$view->readfilePart($filename, $rangeArray[0]['size'], $rangeArray[0]['size']);
$type = \OC::$server->getMimeTypeDetector()->getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename));
foreach ($rangeArray as $range) {
echo "\r\n--" . self::getBoundary() . "\r\n" .
'Content-type: ' . $type . "\r\n" .
'Content-range: bytes ' . $range['from'] . '-' . $range['to'] . '/' . $range['size'] . "\r\n\r\n";
$view->readfilePart($filename, $range['from'], $range['to']);
}
echo "\r\n--" . self::getBoundary() . "--\r\n";
}
} catch (\OCP\Files\UnseekableException $ex) {
// file is unseekable
header_remove('Accept-Ranges');
header_remove('Content-Range');
http_response_code(200);
self::sendHeaders($filename, $name, []);
$view->readfile($filename);
}
} else {
$view->readfile($filename);
}
}
/**
* Returns the total (recursive) number of files and folders in the given
* FileInfos.
*
* @param \OCP\Files\FileInfo[] $fileInfos the FileInfos to count
* @return int the total number of files and folders
*/
private static function getNumberOfFiles($fileInfos) {
$numberOfFiles = 0;
$view = new View();
while ($fileInfo = array_pop($fileInfos)) {
$numberOfFiles++;
if ($fileInfo->getType() === \OCP\Files\FileInfo::TYPE_FOLDER) {
$fileInfos = array_merge($fileInfos, $view->getDirectoryContent($fileInfo->getPath()));
}
}
return $numberOfFiles;
}
/**
* @param View $view
* @param string $dir
* @param string[]|string $files
*/
public static function lockFiles($view, $dir, $files) {
if (!is_array($files)) {
$file = $dir . '/' . $files;
$files = [$file];
}
foreach ($files as $file) {
$file = $dir . '/' . $file;
$view->lockFile($file, ILockingProvider::LOCK_SHARED);
if ($view->is_dir($file)) {
$contents = $view->getDirectoryContent($file);
$contents = array_map(function ($fileInfo) use ($file) {
/** @var \OCP\Files\FileInfo $fileInfo */
return $file . '/' . $fileInfo->getName();
}, $contents);
self::lockFiles($view, $dir, $contents);
}
}
}
/**
* @param string $dir
* @param $files
* @param integer $getType
* @param View $view
* @param string $filename
*/
private static function unlockAllTheFiles($dir, $files, $getType, $view, $filename) {
if ($getType === self::FILE) {
$view->unlockFile($filename, ILockingProvider::LOCK_SHARED);
}
if ($getType === self::ZIP_FILES) {
foreach ($files as $file) {
$file = $dir . '/' . $file;
$view->unlockFile($file, ILockingProvider::LOCK_SHARED);
}
}
if ($getType === self::ZIP_DIR) {
$file = $dir . '/' . $files;
$view->unlockFile($file, ILockingProvider::LOCK_SHARED);
}
}
}

4
tests/lib/AutoLoaderTest.php
View file

@ -20,8 +20,8 @@ class AutoLoaderTest extends TestCase {
public function testLegacyPath(): void {
$this->assertEquals([
\OC::$SERVERROOT . '/lib/private/legacy/files.php',
], $this->loader->findClass('OC_Files'));
\OC::$SERVERROOT . '/lib/private/legacy/json.php',
], $this->loader->findClass('OC_JSON'));
}
public function testLoadTestTestCase(): void {

14
tests/lib/UrlGeneratorTest.php
View file

@ -107,25 +107,25 @@ class UrlGeneratorTest extends \Test\TestCase {
$this->assertEquals($expected, $result);
}
public function provideRoutes() {
public static function provideRoutes() {
return [
['core.Preview.getPreview', 'http://localhost/nextcloud/index.php/core/preview.png'],
['cloud_federation_api.requesthandlercontroller.addShare', 'http://localhost/nextcloud/index.php/ocm/shares'],
];
}
public function provideDocRootAppUrlParts() {
public static function provideDocRootAppUrlParts() {
return [
['files', 'ajax/download.php', [], '/index.php/apps/files/ajax/download.php'],
['files', 'ajax/download.php', ['trut' => 'trat', 'dut' => 'dat'], '/index.php/apps/files/ajax/download.php?trut=trat&dut=dat'],
['files_external', 'ajax/oauth2.php', [], '/index.php/apps/files_external/ajax/oauth2.php'],
['files_external', 'ajax/oauth2.php', ['trut' => 'trat', 'dut' => 'dat'], '/index.php/apps/files_external/ajax/oauth2.php?trut=trat&dut=dat'],
['', 'index.php', ['trut' => 'trat', 'dut' => 'dat'], '/index.php?trut=trat&dut=dat'],
];
}
public function provideSubDirAppUrlParts() {
public static function provideSubDirAppUrlParts() {
return [
['files', 'ajax/download.php', [], '/nextcloud/index.php/apps/files/ajax/download.php'],
['files', 'ajax/download.php', ['trut' => 'trat', 'dut' => 'dat'], '/nextcloud/index.php/apps/files/ajax/download.php?trut=trat&dut=dat'],
['files_external', 'ajax/oauth2.php', [], '/nextcloud/index.php/apps/files_external/ajax/oauth2.php'],
['files_external', 'ajax/oauth2.php', ['trut' => 'trat', 'dut' => 'dat'], '/nextcloud/index.php/apps/files_external/ajax/oauth2.php?trut=trat&dut=dat'],
['', 'index.php', ['trut' => 'trat', 'dut' => 'dat'], '/nextcloud/index.php?trut=trat&dut=dat'],
];
}