1 package Sesse::pr0n::WebDAV;
5 use Sesse::pr0n::Common qw(error dberror);
11 my $dbh = Sesse::pr0n::Common::get_dbh();
13 # We ignore the body, but we _must_ consume it fully before
14 # we output anything, or Squid will get seriously confused
15 $r->discard_request_body;
17 $r->headers_out->{'DAV'} = "1,2";
19 # We only handle depth=0, depth=1 (cf. the RFC)
20 my $depth = $r->headers_in->{'depth'};
21 $depth = 0 if (!defined($depth));
22 if (defined($depth) && $depth ne "0" && $depth ne "1") {
23 $r->content_type('text/plain; charset="utf-8"');
25 $r->print("Invalid depth setting");
26 return Apache2::Const::OK;
29 my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
30 if (!defined($user)) {
31 return Apache2::Const::OK;
34 # Just "ping, are you alive and do you speak WebDAV"
35 if ($r->method eq "OPTIONS") {
36 $r->content_type('text/plain; charset="utf-8"');
38 $r->headers_out->{'allow'} = 'OPTIONS,PUT';
39 $r->headers_out->{'ms-author-via'} = 'DAV';
40 return Apache2::Const::OK;
43 # Directory listings et al
44 if ($r->method eq "PROPFIND") {
45 $r->content_type('text/xml; charset="utf-8"');
48 if ($r->uri =~ m#^/webdav/?$#) {
49 $r->headers_out->{'content-location'} = "/webdav/";
53 <?xml version="1.0" encoding="utf-8"?>
54 <multistatus xmlns="DAV:">
59 <resourcetype><collection/></resourcetype>
60 <getcontenttype>text/xml</getcontenttype>
62 <status>HTTP/1.1 200 OK</status>
67 # Optionally list the upload/ dir
71 <href>/webdav/upload/</href>
74 <resourcetype><collection/></resourcetype>
75 <getcontenttype>text/xml</getcontenttype>
77 <status>HTTP/1.1 200 OK</status>
82 $r->print("</multistatus>\n");
83 } elsif ($r->uri =~ m#^/webdav/upload/?$#) {
84 $r->headers_out->{'content-location'} = "/webdav/upload/";
86 # Upload root directory
88 <?xml version="1.0" encoding="utf-8"?>
89 <multistatus xmlns="DAV:">
91 <href>/webdav/upload/</href>
94 <resourcetype><collection/></resourcetype>
95 <getcontenttype>text/xml</getcontenttype>
97 <status>HTTP/1.1 200 OK</status>
102 # Optionally list all events
104 my $q = $dbh->prepare('SELECT * FROM events WHERE vhost=?') or
105 dberror($r, "Couldn't list events");
106 $q->execute($r->get_server_name) or
107 dberror($r, "Couldn't get events");
109 while (my $ref = $q->fetchrow_hashref()) {
110 my $id = $ref->{'id'};
111 my $name = $ref->{'name'};
113 $name =~ s/&/\&/g; # hack :-)
116 <href>/webdav/upload/$id/</href>
119 <resourcetype><collection/></resourcetype>
120 <getcontenttype>text/xml</getcontenttype>
121 <displayname>$name</displayname>
123 <status>HTTP/1.1 200 OK</status>
131 $r->print("</multistatus>\n");
132 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/?$#) {
135 $r->headers_out->{'content-location'} = "/webdav/upload/$event/";
137 # Check that we do indeed exist
138 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE id=?',
140 if ($ref->{'numev'} != 1) {
142 $r->content_type('text/plain; charset=utf-8');
143 $r->print("Couldn't find event in database");
144 return Apache2::Const::OK;
147 # OK, list the directory
149 <?xml version="1.0" encoding="utf-8"?>
150 <multistatus xmlns="DAV:">
152 <href>/webdav/upload/$event/</href>
155 <resourcetype><collection/></resourcetype>
156 <getcontenttype>text/xml</getcontenttype>
158 <status>HTTP/1.1 200 OK</status>
163 # List all the files within too, of course :-)
165 my $q = $dbh->prepare('SELECT * FROM images WHERE event=?') or
166 dberror($r, "Couldn't list images");
167 $q->execute($event) or
168 dberror($r, "Couldn't get events");
170 while (my $ref = $q->fetchrow_hashref()) {
171 my $id = $ref->{'id'};
172 my $filename = $ref->{'filename'};
173 my $fname = Sesse::pr0n::Common::get_disk_location($r, $id);
174 my (undef, undef, undef, undef, undef, undef, undef, $size, undef, $mtime) = stat($fname)
176 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
177 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
181 <href>/webdav/upload/$event/$filename</href>
185 <getcontenttype>$mime_type</getcontenttype>
186 <getcontentlength>$size</getcontentlength>
187 <getlastmodified>$mtime</getlastmodified>
189 <status>HTTP/1.1 200 OK</status>
196 # And the magical autorename folder
199 <href>/webdav/upload/$event/autorename/</href>
202 <resourcetype><collection/></resourcetype>
203 <getcontenttype>text/xml</getcontenttype>
205 <status>HTTP/1.1 200 OK</status>
209 $r->log->info("Full list");
212 $r->print("</multistatus>\n");
214 return Apache2::Const::OK;
215 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/?$#) {
216 # The autorename folder is always empty
219 $r->headers_out->{'content-location'} = "/webdav/upload/$event/autorename/";
221 # Check that we do indeed exist
222 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE id=?',
224 if ($ref->{'numev'} != 1) {
226 $r->content_type('text/plain; charset=utf-8');
227 $r->print("Couldn't find event in database");
228 return Apache2::Const::OK;
231 # OK, list the (empty) directory
233 <?xml version="1.0" encoding="utf-8"?>
234 <multistatus xmlns="DAV:">
236 <href>/webdav/upload/$event/autorename/</href>
239 <resourcetype><collection/></resourcetype>
240 <getcontenttype>text/xml</getcontenttype>
242 <status>HTTP/1.1 200 OK</status>
248 return Apache2::Const::OK;
249 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._-]+)$#) {
251 my ($event, $filename) = ($1, $2);
252 my ($fname, $size, $mtime);
254 # check if we have a pending fake file for this
255 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
256 undef, $event, $filename);
257 if ($ref->{'numfiles'} == 1) {
258 $fname = "/dev/null";
262 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
265 if (!defined($fname)) {
267 $r->content_type('text/plain; charset=utf-8');
268 $r->print("Couldn't find file");
269 return Apache2::Const::OK;
271 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
273 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
275 <?xml version="1.0" encoding="utf-8"?>
276 <multistatus xmlns="DAV:">
278 <href>/webdav/upload/$event/$filename</href>
282 <getcontenttype>$mime_type</getcontenttype>
283 <getcontentlength>$size</getcontentlength>
284 <getlastmodified>$mtime</getlastmodified>
286 <status>HTTP/1.1 200 OK</status>
291 return Apache2::Const::OK;
292 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/(.{1,250})$#) {
293 # stat a single file in autorename
294 my ($event, $filename) = ($1, $2);
295 my ($fname, $size, $mtime);
297 # check if we have a pending fake file for this
298 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
299 undef, $event, $filename);
300 if ($ref->{'numfiles'} == 1) {
301 $fname = "/dev/null";
305 # check if we have a "shadow file" for this
306 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE event=? AND filename=? AND expires_at > now()',
307 undef, $event, $filename);
309 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
313 if (!defined($fname)) {
315 $r->content_type('text/plain; charset=utf-8');
316 $r->print("Couldn't find file");
317 return Apache2::Const::OK;
319 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
321 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
323 <?xml version="1.0" encoding="utf-8"?>
324 <multistatus xmlns="DAV:">
326 <href>/webdav/upload/$event/autorename/$filename</href>
330 <getcontenttype>$mime_type</getcontenttype>
331 <getcontentlength>$size</getcontentlength>
332 <getlastmodified>$mtime</getlastmodified>
334 <status>HTTP/1.1 200 OK</status>
341 $r->content_type('text/plain; charset=utf-8');
342 $r->print("Couldn't find file");
344 return Apache2::Const::OK;
347 if ($r->method eq "HEAD" or $r->method eq "GET") {
348 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
350 $r->content_type('text/xml; charset=utf-8');
351 $r->print("<?xml version=\"1.0\"?>\n<p>Couldn't find file</p>");
352 return Apache2::Const::OK;
355 my ($event, $autorename, $filename) = ($1, $2, $3);
357 # Check if this file really exists
358 my ($fname, $size, $mtime);
360 # check if we have a pending fake file for this
361 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
362 undef, $event, $filename);
363 if ($ref->{'numfiles'} == 1) {
364 $fname = "/dev/null";
368 # check if we have a "shadow file" for this
369 if (defined($autorename) && $autorename eq "autorename/") {
370 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE event=? AND filename=? AND expires_at > now()',
371 undef, $event, $filename);
373 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
375 } elsif (!defined($fname)) {
376 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
380 if (!defined($fname)) {
382 $r->content_type('text/plain; charset=utf-8');
383 $r->print("Couldn't find file");
384 return Apache2::Const::OK;
388 $r->set_content_length($size);
389 $r->set_last_modified($mtime);
391 if ($r->method eq "GET") {
392 $r->sendfile($fname);
394 return Apache2::Const::OK;
397 if ($r->method eq "PUT") {
398 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
400 $r->content_type('text/plain; charset=utf-8');
401 $r->print("No access");
402 return Apache2::Const::OK;
405 my ($event, $autorename, $filename) = ($1, $2, $3);
406 my $size = $r->headers_in->{'content-length'};
407 my $orig_filename = $filename;
409 # Remove evil characters
410 if ($filename =~ /[^a-zA-Z0-9._-]/) {
411 if (defined($autorename) && $autorename eq "autorename/") {
412 $filename =~ tr/a-zA-Z0-9.-/_/c;
415 $r->content_type('text/plain; charset=utf-8');
416 $r->print("Illegal characters in filename");
417 return Apache2::Const::OK;
422 # gnome-vfs and mac os x love to make zero-byte files,
425 if ($r->headers_in->{'content-length'} == 0) {
426 $dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND filename=?);',
427 undef, $event, $filename)
428 or dberror($r, "Couldn't prune fake_files");
429 $dbh->do('INSERT INTO fake_files (event,filename,expires_at) VALUES (?,?,now() + interval \'30 seconds\');',
430 undef, $event, $filename)
431 or dberror($r, "Couldn't add file");
432 $r->content_type('text/plain; charset="utf-8"');
435 $r->log->info("Fake upload of $event/$filename");
436 return Apache2::Const::OK;
440 my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
441 my $newid = $ref->{'id'};
442 if (!defined($newid)) {
443 dberror($r, "Couldn't get new ID");
446 # Autorename if we need to
447 if (defined($autorename) && $autorename eq "autorename/") {
448 my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE event=? AND filename=?",
449 undef, $event, $filename)
450 or dberror($r, "Couldn't check for existing files");
451 if ($ref->{'numfiles'} > 0) {
452 $r->log->info("Renaming $filename to $newid.jpeg");
453 $filename = "$newid.jpeg";
458 # Enable transactions and error raising temporarily
459 local $dbh->{AutoCommit} = 0;
461 local $dbh->{RaiseError} = 1;
463 # Try to insert this new file
465 $dbh->do('DELETE FROM fake_files WHERE event=? AND filename=?;',
466 undef, $event, $filename);
468 $dbh->do('INSERT INTO images (id,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
469 undef, $newid, $event, $user, $takenby, $filename);
471 # Now save the file to disk
472 my $fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
473 open NEWFILE, ">$fname"
477 my $content_length = $r->headers_in->{'content-length'};
478 if ($r->read($buf, $content_length)) {
479 print NEWFILE $buf or die "write($fname): $!";
482 close NEWFILE or die "close($fname): $!";
484 # Orient stuff correctly
485 system("/usr/bin/exifautotran", $fname) == 0
486 or die "/usr/bin/exifautotran: $!";
488 # Make cache while we're at it.
489 # Don't do it for the resource forks Mac OS X loves to upload :-(
490 if ($filename !~ /^\._/) {
491 Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, -1, -1, 1, 80, 64, 320, 256, -1, -1);
494 # OK, we got this far, commit
497 $r->log->notice("Successfully wrote $event/$filename to $fname");
500 # Some error occurred, rollback and bomb out
502 dberror($r, "Transaction aborted because $@");
506 # Insert a `shadow file' we can stat the next 30 secs
507 if (defined($autorename) && $autorename eq "autorename/") {
508 $dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (event=? AND filename=?);',
509 undef, $event, $filename)
510 or dberror($r, "Couldn't prune shadow_files");
511 $dbh->do('INSERT INTO shadow_files (event,filename,id,expires_at) VALUES (?,?,?,now() + interval \'30 seconds\');',
512 undef, $event, $orig_filename, $newid)
513 or dberror($r, "Couldn't add shadow file");
514 $r->log->info("Added shadow entry for $event/$filename");
517 $r->content_type('text/plain; charset="utf-8"');
521 return Apache2::Const::OK;
524 # Yes, we fake locks. :-)
525 if ($r->method eq "LOCK") {
526 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) {
528 $r->content_type('text/plain; charset=utf-8');
529 $r->print("No access");
530 return Apache2::Const::OK;
533 my ($event, $autorename, $filename) = ($1, $2, $3);
534 my $sha1 = Digest::SHA1::sha1_base64("/$event/$autorename/$filename");
537 $r->content_type('text/xml; charset=utf-8');
540 <?xml version="1.0" encoding="utf-8"?>
544 <locktype><write/></locktype>
545 <lockscope><exclusive/></lockscope>
548 <href>/webdav/upload/$event/$autorename$filename</href>
550 <timeout>Second-3600</timeout>
552 <href>opaquelocktoken:$sha1</href>
558 return Apache2::Const::OK;
561 if ($r->method eq "UNLOCK") {
562 $r->content_type('text/plain; charset="utf-8"');
566 return Apache2::Const::OK;
569 if ($r->method eq "DELETE") {
570 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(\._[a-zA-Z0-9._-]+)$#) {
572 $r->content_type('text/plain; charset=utf-8');
573 $r->print("No access");
574 return Apache2::Const::OK;
577 my ($event, $autorename, $filename) = ($1, $2, $3);
578 $dbh->do('DELETE FROM images WHERE event=? AND filename=?;',
579 undef, $event, $filename)
580 or dberror($r, "Couldn't remove file");
584 $r->log->info("deleted $event/$filename");
586 return Apache2::Const::OK;
589 if ($r->method eq "MOVE" or
590 $r->method eq "MKCOL" or
591 $r->method eq "RMCOL" or
592 $r->method eq "RENAME" or
593 $r->method eq "COPY") {
594 $r->content_type('text/plain; charset="utf-8"');
596 $r->print("Sorry, you do not have access to that feature.");
597 return Apache2::Const::OK;
600 $r->content_type('text/plain; charset=utf-8');
601 $r->log->error("unknown method " . $r->method);
603 $r->print("Unknown method");
605 return Apache2::Const::OK;