1 package Sesse::pr0n::WebDAV;
5 use Sesse::pr0n::Common qw(error dberror);
13 my $dbh = Sesse::pr0n::Common::get_dbh();
15 $r->headers_out->{'DAV'} = "1,2";
17 # We only handle depth=0, depth=1 (cf. the RFC)
18 my $depth = $r->headers_in->{'depth'};
19 $depth = 0 if (!defined($depth));
20 if (defined($depth) && $depth ne "0" && $depth ne "1") {
21 $r->content_type('text/plain; charset="utf-8"');
23 $r->print("Invalid depth setting");
24 return Apache2::Const::OK;
27 my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
28 if (!defined($user)) {
29 return Apache2::Const::OK;
32 # Just "ping, are you alive and do you speak WebDAV"
33 if ($r->method eq "OPTIONS") {
34 $r->content_type('text/plain; charset="utf-8"');
36 $r->headers_out->{'allow'} = 'OPTIONS,PUT';
37 $r->headers_out->{'ms-author-via'} = 'DAV';
38 return Apache2::Const::OK;
41 # Directory listings et al
42 if ($r->method eq "PROPFIND") {
43 # We ignore the body, but we _must_ consume it fully before
44 # we output anything, or Squid will get seriously confused
45 $r->discard_request_body;
47 $r->content_type('text/xml; charset="utf-8"');
50 if ($r->uri =~ m#^/webdav/?$#) {
51 $r->headers_out->{'content-location'} = "/webdav/";
55 <?xml version="1.0" encoding="utf-8"?>
56 <multistatus xmlns="DAV:">
61 <resourcetype><collection/></resourcetype>
62 <getcontenttype>text/xml</getcontenttype>
64 <status>HTTP/1.1 200 OK</status>
69 # Optionally list the upload/ dir
73 <href>/webdav/upload/</href>
76 <resourcetype><collection/></resourcetype>
77 <getcontenttype>text/xml</getcontenttype>
79 <status>HTTP/1.1 200 OK</status>
84 $r->print("</multistatus>\n");
85 } elsif ($r->uri =~ m#^/webdav/upload/?$#) {
86 $r->headers_out->{'content-location'} = "/webdav/upload/";
88 # Upload root directory
90 <?xml version="1.0" encoding="utf-8"?>
91 <multistatus xmlns="DAV:">
93 <href>/webdav/upload/</href>
96 <resourcetype><collection/></resourcetype>
97 <getcontenttype>text/xml</getcontenttype>
99 <status>HTTP/1.1 200 OK</status>
104 # Optionally list all events
106 my $q = $dbh->prepare('SELECT * FROM events WHERE vhost=?') or
107 dberror($r, "Couldn't list events");
108 $q->execute($r->get_server_name) or
109 dberror($r, "Couldn't get events");
111 while (my $ref = $q->fetchrow_hashref()) {
112 my $id = $ref->{'event'};
113 my $name = $ref->{'name'};
115 $name =~ s/&/\&/g; # hack :-)
118 <href>/webdav/upload/$id/</href>
121 <resourcetype><collection/></resourcetype>
122 <getcontenttype>text/xml</getcontenttype>
123 <displayname>$name</displayname>
125 <status>HTTP/1.1 200 OK</status>
133 $r->print("</multistatus>\n");
134 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/?$#) {
137 $r->headers_out->{'content-location'} = "/webdav/upload/$event/";
139 # Check that we do indeed exist
140 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE vhost=? AND event=?',
141 undef, $r->get_server_name, $event);
142 if ($ref->{'numev'} != 1) {
144 $r->content_type('text/plain; charset=utf-8');
145 $r->print("Couldn't find event in database");
146 return Apache2::Const::OK;
149 # OK, list the directory
151 <?xml version="1.0" encoding="utf-8"?>
152 <multistatus xmlns="DAV:">
154 <href>/webdav/upload/$event/</href>
157 <resourcetype><collection/></resourcetype>
158 <getcontenttype>text/xml</getcontenttype>
160 <status>HTTP/1.1 200 OK</status>
165 # List all the files within too, of course :-)
167 my $q = $dbh->prepare('SELECT * FROM images WHERE vhost=? AND event=?') or
168 dberror($r, "Couldn't list images");
169 $q->execute($r->get_server_name, $event) or
170 dberror($r, "Couldn't get events");
172 while (my $ref = $q->fetchrow_hashref()) {
173 my $id = $ref->{'id'};
174 my $filename = $ref->{'filename'};
175 my $fname = Sesse::pr0n::Common::get_disk_location($r, $id);
176 my (undef, undef, undef, undef, undef, undef, undef, $size, undef, $mtime) = stat($fname)
178 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
179 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
183 <href>/webdav/upload/$event/$filename</href>
187 <getcontenttype>$mime_type</getcontenttype>
188 <getcontentlength>$size</getcontentlength>
189 <getlastmodified>$mtime</getlastmodified>
191 <status>HTTP/1.1 200 OK</status>
198 # And the magical autorename folder
201 <href>/webdav/upload/$event/autorename/</href>
204 <resourcetype><collection/></resourcetype>
205 <getcontenttype>text/xml</getcontenttype>
207 <status>HTTP/1.1 200 OK</status>
213 $r->print("</multistatus>\n");
215 return Apache2::Const::OK;
216 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/?$#) {
217 # The autorename folder is always empty
220 $r->headers_out->{'content-location'} = "/webdav/upload/$event/autorename/";
222 # Check that we do indeed exist
223 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE vhost=? AND event=?',
224 undef, $r->get_server_name, $event);
225 if ($ref->{'numev'} != 1) {
227 $r->content_type('text/plain; charset=utf-8');
228 $r->print("Couldn't find event in database");
229 return Apache2::Const::OK;
232 # OK, list the (empty) directory
234 <?xml version="1.0" encoding="utf-8"?>
235 <multistatus xmlns="DAV:">
237 <href>/webdav/upload/$event/autorename/</href>
240 <resourcetype><collection/></resourcetype>
241 <getcontenttype>text/xml</getcontenttype>
243 <status>HTTP/1.1 200 OK</status>
249 return Apache2::Const::OK;
250 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._()-]+)$#) {
252 my ($event, $filename) = ($1, $2);
253 my ($fname, $size, $mtime);
255 # check if we have a pending fake file for this
256 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND vhost=? AND filename=? AND expires_at > now()',
257 undef, $event, $r->get_server_name, $filename);
258 if ($ref->{'numfiles'} == 1) {
259 $fname = "/dev/null";
263 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
266 if (!defined($fname)) {
268 $r->content_type('text/plain; charset=utf-8');
269 $r->print("Couldn't find file");
270 return Apache2::Const::OK;
272 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
274 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
276 <?xml version="1.0" encoding="utf-8"?>
277 <multistatus xmlns="DAV:">
279 <href>/webdav/upload/$event/$filename</href>
283 <getcontenttype>$mime_type</getcontenttype>
284 <getcontentlength>$size</getcontentlength>
285 <getlastmodified>$mtime</getlastmodified>
287 <status>HTTP/1.1 200 OK</status>
292 return Apache2::Const::OK;
293 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/(.{1,250})$#) {
294 # stat a single file in autorename
295 my ($event, $filename) = ($1, $2);
296 my ($fname, $size, $mtime);
298 # check if we have a pending fake file for this
299 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND vhost=? AND filename=? AND expires_at > now()',
300 undef, $event, $r->get_server_name, $filename);
301 if ($ref->{'numfiles'} == 1) {
302 $fname = "/dev/null";
306 # check if we have a "shadow file" for this
307 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE vhost=? AND event=? AND filename=? AND expires_at > now()',
308 undef, $r->get_server_name, $event, $filename);
310 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
314 if (!defined($fname)) {
316 $r->content_type('text/plain; charset=utf-8');
317 $r->print("Couldn't find file");
318 return Apache2::Const::OK;
320 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
322 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
324 <?xml version="1.0" encoding="utf-8"?>
325 <multistatus xmlns="DAV:">
327 <href>/webdav/upload/$event/autorename/$filename</href>
331 <getcontenttype>$mime_type</getcontenttype>
332 <getcontentlength>$size</getcontentlength>
333 <getlastmodified>$mtime</getlastmodified>
335 <status>HTTP/1.1 200 OK</status>
342 $r->content_type('text/plain; charset=utf-8');
343 $r->print("Couldn't find file");
345 return Apache2::Const::OK;
348 if ($r->method eq "HEAD" or $r->method eq "GET") {
349 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
351 $r->content_type('text/xml; charset=utf-8');
352 $r->print("<?xml version=\"1.0\"?>\n<p>Couldn't find file</p>");
353 return Apache2::Const::OK;
356 my ($event, $autorename, $filename) = ($1, $2, $3);
358 # Check if this file really exists
359 my ($fname, $size, $mtime);
361 # check if we have a pending fake file for this
362 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND vhost=? AND filename=? AND expires_at > now()',
363 undef, $event, $r->get_server_name, $filename);
364 if ($ref->{'numfiles'} == 1) {
365 $fname = "/dev/null";
369 # check if we have a "shadow file" for this
370 if (defined($autorename) && $autorename eq "autorename/") {
371 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE host=? AND event=? AND filename=? AND expires_at > now()',
372 undef, $r->get_server_name, $event, $filename);
374 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
376 } elsif (!defined($fname)) {
377 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
381 if (!defined($fname)) {
383 $r->content_type('text/plain; charset=utf-8');
384 $r->print("Couldn't find file");
385 return Apache2::Const::OK;
389 $r->set_content_length($size);
390 $r->set_last_modified($mtime);
392 if ($r->method eq "GET") {
393 $r->sendfile($fname);
395 return Apache2::Const::OK;
398 if ($r->method eq "PUT") {
399 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
401 $r->content_type('text/plain; charset=utf-8');
402 $r->print("No access");
403 return Apache2::Const::OK;
406 my ($event, $autorename, $filename) = ($1, $2, $3);
407 my $size = $r->headers_in->{'content-length'};
408 if (!defined($size)) {
409 $size = $r->headers_in->{'x-expected-entity-length'};
411 $r->log->info("sz=$size");
412 my $orig_filename = $filename;
414 # Remove evil characters
415 if ($filename =~ /[^a-zA-Z0-9._()-]/) {
416 if (defined($autorename) && $autorename eq "autorename/") {
417 $filename =~ tr/a-zA-Z0-9.()-/_/c;
420 $r->content_type('text/plain; charset=utf-8');
421 $r->print("Illegal characters in filename");
422 return Apache2::Const::OK;
427 # gnome-vfs and mac os x love to make zero-byte files,
430 if ($size == 0 || $filename =~ /^\.(_|DS_Store)/) {
431 $dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND vhost=? AND filename=?);',
432 undef, $event, $r->get_server_name, $filename)
433 or dberror($r, "Couldn't prune fake_files");
434 $dbh->do('INSERT INTO fake_files (vhost,event,filename,expires_at) VALUES (?,?,?,now() + interval \'1 day\');',
435 undef, $r->get_server_name, $event, $filename)
436 or dberror($r, "Couldn't add file");
437 $r->content_type('text/plain; charset="utf-8"');
440 $r->log->info("Fake upload of $event/$filename");
441 return Apache2::Const::OK;
445 my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
446 my $newid = $ref->{'id'};
447 if (!defined($newid)) {
448 dberror($r, "Couldn't get new ID");
451 # Autorename if we need to
452 if (defined($autorename) && $autorename eq "autorename/") {
453 my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
454 undef, $r->get_server_name, $event, $filename)
455 or dberror($r, "Couldn't check for existing files");
456 if ($ref->{'numfiles'} > 0) {
457 $r->log->info("Renaming $filename to $newid.jpeg");
458 $filename = "$newid.jpeg";
463 # Enable transactions and error raising temporarily
464 local $dbh->{AutoCommit} = 0;
465 local $dbh->{RaiseError} = 1;
468 # Try to insert this new file
470 $dbh->do('DELETE FROM fake_files WHERE vhost=? AND event=? AND filename=?',
471 undef, $r->get_server_name, $event, $filename);
473 $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
474 undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
475 $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
476 undef, $r->get_server_name, $event);
477 Sesse::pr0n::Common::purge_cache($r, "/$event/");
479 # Now save the file to disk
480 $fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
481 open NEWFILE, ">$fname"
485 if ($r->read($buf, $size)) {
486 print NEWFILE $buf or die "write($fname): $!";
489 close NEWFILE or die "close($fname): $!";
491 # Orient stuff correctly
492 system("/usr/bin/exifautotran", $fname) == 0
493 or die "/usr/bin/exifautotran: $!";
495 # Make cache while we're at it.
496 # Don't do it for the resource forks Mac OS X loves to upload :-(
497 if ($filename !~ /^\.(_|DS_Store)/) {
498 # FIXME: Ideally we'd want to ensure cache of -1x-1 here as well (for NEFs), but that would
499 # preclude mipmapping in its current form.
500 Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, "nobox", 80, 64, 320, 256);
503 # OK, we got this far, commit
506 $r->log->notice("Successfully wrote $event/$filename to $fname");
509 # Some error occurred, rollback and bomb out
511 error($r, "Transaction aborted because $@");
516 # Insert a `shadow file' we can stat the next day or so
517 if (defined($autorename) && $autorename eq "autorename/") {
518 $dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (vhost=? AND event=? AND filename=?);',
519 undef, $r->get_server_name, $event, $filename)
520 or dberror($r, "Couldn't prune shadow_files");
521 $dbh->do('INSERT INTO shadow_files (vhost,event,filename,id,expires_at) VALUES (?,?,?,?,now() + interval \'1 day\');',
522 undef, $r->get_server_name, $event, $orig_filename, $newid)
523 or dberror($r, "Couldn't add shadow file");
524 $r->log->info("Added shadow entry for $event/$filename");
527 $r->content_type('text/plain; charset="utf-8"');
531 return Apache2::Const::OK;
534 # Used by the XP publishing wizard -- largely the same as the code above
535 # but vastly simplified. Should we refactor?
536 if ($r->method eq "POST") {
537 my $apr = Apache2::Request->new($r);
538 my $client_size = $apr->param('size');
539 my $event = $apr->param('event');
541 my $file = $apr->upload('image');
542 my $filename = $file->filename();
543 if ($client_size != $file->size()) {
544 $r->content_type('text/plain; charset="utf-8"');
546 $r->print("Client-size resizing detected; refusing automatically");
548 $r->log->info("Client-size resized upload of $event/$filename detected");
549 return Apache2::Const::OK;
552 # Ugh, Windows XP seems to be sending this in... something that's not UTF-8, at least
553 my $takenby_given = Sesse::pr0n::Common::guess_charset($apr->param('takenby'));
555 if (defined($takenby_given) && $takenby_given !~ /^\s*$/ && $takenby_given !~ /[<>&]/ && length($takenby_given) <= 100) {
556 $takenby = $takenby_given;
559 my $ne_id = Sesse::pr0n::Common::guess_charset($apr->param('neweventid'));
560 my $ne_date = Sesse::pr0n::Common::guess_charset($apr->param('neweventdate'));
561 my $ne_desc = Sesse::pr0n::Common::guess_charset($apr->param('neweventdesc'));
562 if (defined($ne_id)) {
563 # Trying to add a new event, let's see if it already exists
564 my $q = $dbh->prepare('SELECT COUNT(*) AS cnt FROM events WHERE event=? AND vhost=?')
565 or dberror($r, "Couldn't prepare event count");
566 $q->execute($ne_id, $r->get_server_name)
567 or dberror($r, "Couldn't execute event count");
568 my $ref = $q->fetchrow_hashref;
570 if ($ref->{'cnt'} == 0) {
571 my @errors = Sesse::pr0n::Common::add_new_event($r, $dbh, $ne_id, $ne_date, $ne_desc);
572 if (scalar @errors > 0) {
573 die "Couldn't add new event $ne_id: " . join(', ', @errors);
580 # Remove evil characters
581 if ($filename =~ /[^a-zA-Z0-9._-]/) {
582 $filename =~ tr/a-zA-Z0-9.-/_/c;
586 my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
587 my $newid = $ref->{'id'};
588 if (!defined($newid)) {
589 dberror($r, "Couldn't get new ID");
592 # Autorename if we need to
594 my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?",
595 undef, $r->get_server_name, $event, $filename)
596 or dberror($r, "Couldn't check for existing files");
597 if ($ref->{'numfiles'} > 0) {
598 $r->log->info("Renaming $filename to $newid.jpeg");
599 $filename = "$newid.jpeg";
604 # Enable transactions and error raising temporarily
605 local $dbh->{AutoCommit} = 0;
606 local $dbh->{RaiseError} = 1;
609 # Try to insert this new file
611 $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
612 undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
613 $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
614 undef, $r->get_server_name, $event);
616 # Now save the file to disk
617 $fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
618 open NEWFILE, ">$fname"
623 print NEWFILE $buf or die "write($fname): $!";
624 close NEWFILE or die "close($fname): $!";
626 # Orient stuff correctly
627 system("/usr/bin/exifautotran", $fname) == 0
628 or die "/usr/bin/exifautotran: $!";
630 # Make cache while we're at it.
631 Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, 1, 80, 64, 320, 256, -1, -1);
633 # OK, we got this far, commit
636 $r->log->notice("Successfully wrote $event/$filename to $fname");
639 # Some error occurred, rollback and bomb out
641 error($r, "Transaction aborted because $@");
644 $r->content_type('text/plain; charset="utf-8"');
646 $r->print("Error: $@");
650 $r->content_type('text/plain; charset="utf-8"');
654 return Apache2::Const::OK;
657 # Yes, we fake locks. :-)
658 if ($r->method eq "LOCK") {
659 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) {
661 $r->content_type('text/plain; charset=utf-8');
662 $r->print("No access");
663 return Apache2::Const::OK;
666 my ($event, $autorename, $filename) = ($1, $2, $3);
667 $autorename = '' if (!defined($autorename));
668 my $sha1 = Digest::SHA1::sha1_base64("/$event/$autorename$filename");
671 $r->content_type('text/xml; charset=utf-8');
674 <?xml version="1.0" encoding="utf-8"?>
678 <locktype><write/></locktype>
679 <lockscope><exclusive/></lockscope>
682 <href>/webdav/upload/$event/$autorename$filename</href>
684 <timeout>Second-3600</timeout>
686 <href>opaquelocktoken:$sha1</href>
692 return Apache2::Const::OK;
695 if ($r->method eq "UNLOCK") {
696 $r->content_type('text/plain; charset="utf-8"');
700 return Apache2::Const::OK;
703 if ($r->method eq "DELETE") {
704 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(\._[a-zA-Z0-9._-]+)$#) {
706 $r->content_type('text/plain; charset=utf-8');
707 $r->print("No access");
708 return Apache2::Const::OK;
711 my ($event, $autorename, $filename) = ($1, $2, $3);
712 $dbh->do('DELETE FROM images WHERE vhost=? AND event=? AND filename=?',
713 undef, $r->get_server_name, $event, $filename)
714 or dberror($r, "Couldn't remove file");
715 $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
716 undef, $r->get_server_name, $event)
717 or dberror($r, "Couldn't invalidate cache");
721 $r->log->info("deleted $event/$filename");
723 return Apache2::Const::OK;
726 if ($r->method eq "MOVE" or
727 $r->method eq "MKCOL" or
728 $r->method eq "RMCOL" or
729 $r->method eq "RENAME" or
730 $r->method eq "COPY") {
731 $r->content_type('text/plain; charset="utf-8"');
733 $r->print("Sorry, you do not have access to that feature.");
734 return Apache2::Const::OK;
737 $r->content_type('text/plain; charset=utf-8');
738 $r->log->error("unknown method " . $r->method);
740 $r->print("Unknown method");
742 return Apache2::Const::OK;