1 package Sesse::pr0n::WebDAV;
5 use Sesse::pr0n::Common qw(error dberror);
11 my $dbh = Sesse::pr0n::Common::get_dbh();
13 $r->headers_out->{'DAV'} = "1,2";
15 # We only handle depth=0, depth=1 (cf. the RFC)
16 my $depth = $r->headers_in->{'depth'};
17 $depth = 0 if (!defined($depth));
18 if (defined($depth) && $depth ne "0" && $depth ne "1") {
19 $r->content_type('text/plain; charset="utf-8"');
21 $r->print("Invalid depth setting");
22 return Apache2::Const::OK;
25 my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
26 if (!defined($user)) {
27 return Apache2::Const::OK;
30 # Just "ping, are you alive and do you speak WebDAV"
31 if ($r->method eq "OPTIONS") {
32 $r->content_type('text/plain; charset="utf-8"');
34 $r->headers_out->{'allow'} = 'OPTIONS,PUT';
35 $r->headers_out->{'ms-author-via'} = 'DAV';
36 return Apache2::Const::OK;
39 # Directory listings et al
40 if ($r->method eq "PROPFIND") {
41 $r->content_type('text/xml; charset="utf-8"');
44 if ($r->uri =~ m#^/webdav/?$#) {
45 $r->headers_out->{'content-location'} = "/webdav/";
49 <?xml version="1.0" encoding="utf-8"?>
50 <multistatus xmlns="DAV:">
55 <resourcetype><collection/></resourcetype>
56 <getcontenttype>text/xml</getcontenttype>
58 <status>HTTP/1.1 200 OK</status>
63 # Optionally list the upload/ dir
67 <href>/webdav/upload/</href>
70 <resourcetype><collection/></resourcetype>
71 <getcontenttype>text/xml</getcontenttype>
73 <status>HTTP/1.1 200 OK</status>
78 $r->print("</multistatus>\n");
79 } elsif ($r->uri =~ m#^/webdav/upload/?$#) {
80 $r->headers_out->{'content-location'} = "/webdav/upload/";
82 # Upload root directory
84 <?xml version="1.0" encoding="utf-8"?>
85 <multistatus xmlns="DAV:">
87 <href>/webdav/upload/</href>
90 <resourcetype><collection/></resourcetype>
91 <getcontenttype>text/xml</getcontenttype>
93 <status>HTTP/1.1 200 OK</status>
98 # Optionally list all events
100 my $q = $dbh->prepare('SELECT * FROM events WHERE vhost=?') or
101 dberror($r, "Couldn't list events");
102 $q->execute($r->get_server_name) or
103 dberror($r, "Couldn't get events");
105 while (my $ref = $q->fetchrow_hashref()) {
106 my $id = $ref->{'id'};
107 my $name = $ref->{'name'};
109 $name =~ s/&/\&/g; # hack :-)
112 <href>/webdav/upload/$id/</href>
115 <resourcetype><collection/></resourcetype>
116 <getcontenttype>text/xml</getcontenttype>
117 <displayname>$name</displayname>
119 <status>HTTP/1.1 200 OK</status>
127 $r->print("</multistatus>\n");
128 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/?$#) {
131 $r->headers_out->{'content-location'} = "/webdav/upload/$event/";
133 # Check that we do indeed exist
134 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE id=?',
136 if ($ref->{'numev'} != 1) {
138 $r->content_type('text/plain; charset=utf-8');
139 $r->print("Couldn't find event in database");
140 return Apache2::Const::OK;
143 # OK, list the directory
145 <?xml version="1.0" encoding="utf-8"?>
146 <multistatus xmlns="DAV:">
148 <href>/webdav/upload/$event/</href>
151 <resourcetype><collection/></resourcetype>
152 <getcontenttype>text/xml</getcontenttype>
154 <status>HTTP/1.1 200 OK</status>
159 # List all the files within too, of course :-)
161 my $q = $dbh->prepare('SELECT * FROM images WHERE event=?') or
162 dberror($r, "Couldn't list images");
163 $q->execute($event) or
164 dberror($r, "Couldn't get events");
166 while (my $ref = $q->fetchrow_hashref()) {
167 my $id = $ref->{'id'};
168 my $filename = $ref->{'filename'};
169 my $fname = Sesse::pr0n::Common::get_disk_location($r, $id);
170 my (undef, undef, undef, undef, undef, undef, undef, $size, undef, $mtime) = stat($fname)
172 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
173 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
177 <href>/webdav/upload/$event/$filename</href>
181 <getcontenttype>$mime_type</getcontenttype>
182 <getcontentlength>$size</getcontentlength>
183 <getlastmodified>$mtime</getlastmodified>
185 <status>HTTP/1.1 200 OK</status>
192 # And the magical autorename folder
195 <href>/webdav/upload/$event/autorename/</href>
198 <resourcetype><collection/></resourcetype>
199 <getcontenttype>text/xml</getcontenttype>
201 <status>HTTP/1.1 200 OK</status>
205 $r->log->info("Full list");
208 $r->print("</multistatus>\n");
210 return Apache2::Const::OK;
211 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/?$#) {
212 # The autorename folder is always empty
215 $r->headers_out->{'content-location'} = "/webdav/upload/$event/autorename/";
217 # Check that we do indeed exist
218 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numev FROM events WHERE id=?',
220 if ($ref->{'numev'} != 1) {
222 $r->content_type('text/plain; charset=utf-8');
223 $r->print("Couldn't find event in database");
224 return Apache2::Const::OK;
227 # OK, list the (empty) directory
229 <?xml version="1.0" encoding="utf-8"?>
230 <multistatus xmlns="DAV:">
232 <href>/webdav/upload/$event/autorename/</href>
235 <resourcetype><collection/></resourcetype>
236 <getcontenttype>text/xml</getcontenttype>
238 <status>HTTP/1.1 200 OK</status>
244 return Apache2::Const::OK;
245 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._-]+)$#) {
247 my ($event, $filename) = ($1, $2);
248 my ($fname, $size, $mtime);
250 # check if we have a pending fake file for this
251 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
252 undef, $event, $filename);
253 if ($ref->{'numfiles'} == 1) {
254 $fname = "/dev/null";
258 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
261 if (!defined($fname)) {
263 $r->content_type('text/plain; charset=utf-8');
264 $r->print("Couldn't find file");
265 return Apache2::Const::OK;
267 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
269 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
271 <?xml version="1.0" encoding="utf-8"?>
272 <multistatus xmlns="DAV:">
274 <href>/webdav/upload/$event/$filename</href>
278 <getcontenttype>$mime_type</getcontenttype>
279 <getcontentlength>$size</getcontentlength>
280 <getlastmodified>$mtime</getlastmodified>
282 <status>HTTP/1.1 200 OK</status>
287 return Apache2::Const::OK;
288 } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/autorename/(.{1,250})$#) {
289 # stat a single file in autorename
290 my ($event, $filename) = ($1, $2);
291 my ($fname, $size, $mtime);
293 # check if we have a pending fake file for this
294 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
295 undef, $event, $filename);
296 if ($ref->{'numfiles'} == 1) {
297 $fname = "/dev/null";
301 # check if we have a "shadow file" for this
302 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE event=? AND filename=? AND expires_at > now()',
303 undef, $event, $filename);
305 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
309 if (!defined($fname)) {
311 $r->content_type('text/plain; charset=utf-8');
312 $r->print("Couldn't find file");
313 return Apache2::Const::OK;
315 my $mime_type = Sesse::pr0n::Common::get_mimetype_from_filename($filename);
317 $mtime = POSIX::strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime($mtime));
319 <?xml version="1.0" encoding="utf-8"?>
320 <multistatus xmlns="DAV:">
322 <href>/webdav/upload/$event/autorename/$filename</href>
326 <getcontenttype>$mime_type</getcontenttype>
327 <getcontentlength>$size</getcontentlength>
328 <getlastmodified>$mtime</getlastmodified>
330 <status>HTTP/1.1 200 OK</status>
337 $r->content_type('text/plain; charset=utf-8');
338 $r->print("Couldn't find file");
340 return Apache2::Const::OK;
343 if ($r->method eq "HEAD" or $r->method eq "GET") {
344 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
346 $r->content_type('text/xml; charset=utf-8');
347 $r->print("<?xml version=\"1.0\"?>\n<p>Couldn't find file</p>");
348 return Apache2::Const::OK;
351 my ($event, $autorename, $filename) = ($1, $2, $3);
353 # Check if this file really exists
354 my ($fname, $size, $mtime);
356 # check if we have a pending fake file for this
357 my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND filename=? AND expires_at > now()',
358 undef, $event, $filename);
359 if ($ref->{'numfiles'} == 1) {
360 $fname = "/dev/null";
364 # check if we have a "shadow file" for this
365 if (defined($autorename) && $autorename eq "autorename/") {
366 my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE event=? AND filename=? AND expires_at > now()',
367 undef, $event, $filename);
369 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'});
371 } elsif (!defined($fname)) {
372 ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename);
376 if (!defined($fname)) {
378 $r->content_type('text/plain; charset=utf-8');
379 $r->print("Couldn't find file");
380 return Apache2::Const::OK;
384 $r->set_content_length($size);
385 $r->set_last_modified($mtime);
387 if ($r->method eq "GET") {
388 $r->sendfile($fname);
390 return Apache2::Const::OK;
393 if ($r->method eq "PUT") {
394 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) {
396 $r->content_type('text/plain; charset=utf-8');
397 $r->print("No access");
398 return Apache2::Const::OK;
401 my ($event, $autorename, $filename) = ($1, $2, $3);
402 my $size = $r->headers_in->{'content-length'};
403 my $orig_filename = $filename;
405 # Remove evil characters
406 if ($filename =~ /[^a-zA-Z0-9._-]/) {
407 if (defined($autorename) && $autorename eq "autorename/") {
408 $filename =~ tr/a-zA-Z0-9.-/_/c;
411 $r->content_type('text/plain; charset=utf-8');
412 $r->print("Illegal characters in filename");
413 return Apache2::Const::OK;
418 # gnome-vfs and mac os x love to make zero-byte files,
421 if ($r->headers_in->{'content-length'} == 0) {
422 $dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND filename=?);',
423 undef, $event, $filename)
424 or dberror($r, "Couldn't prune fake_files");
425 $dbh->do('INSERT INTO fake_files (event,filename,expires_at) VALUES (?,?,now() + interval \'30 seconds\');',
426 undef, $event, $filename)
427 or dberror($r, "Couldn't add file");
428 $r->content_type('text/plain; charset="utf-8"');
431 $r->log->info("Fake upload of $event/$filename");
432 return Apache2::Const::OK;
436 my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;");
437 my $newid = $ref->{'id'};
438 if (!defined($newid)) {
439 dberror($r, "Couldn't get new ID");
442 # Autorename if we need to
443 if (defined($autorename) && $autorename eq "autorename/") {
444 my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE event=? AND filename=?",
445 undef, $event, $filename)
446 or dberror($r, "Couldn't check for existing files");
447 if ($ref->{'numfiles'} > 0) {
448 $r->log->info("Renaming $filename to $newid.jpeg");
449 $filename = "$newid.jpeg";
454 # Enable transactions and error raising temporarily
455 local $dbh->{AutoCommit} = 0;
457 local $dbh->{RaiseError} = 1;
459 # Try to insert this new file
461 $dbh->do('DELETE FROM fake_files WHERE event=? AND filename=?;',
462 undef, $event, $filename);
464 $dbh->do('INSERT INTO images (id,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
465 undef, $newid, $event, $user, $takenby, $filename);
467 # Now save the file to disk
468 my $fname = Sesse::pr0n::Common::get_disk_location($r, $newid);
469 open NEWFILE, ">$fname"
473 my $content_length = $r->headers_in->{'content-length'};
474 if ($r->read($buf, $content_length)) {
475 print NEWFILE $buf or die "write($fname): $!";
478 close NEWFILE or die "close($fname): $!";
480 # Orient stuff correctly
481 system("/usr/bin/exifautotran", $fname) == 0
482 or die "/usr/bin/exifautotran: $!";
484 # Make cache while we're at it.
485 # Don't do it for the resource forks Mac OS X loves to upload :-(
486 if ($filename !~ /^\._/) {
487 Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, -1, -1, 1, 80, 64, 320, 256, -1, -1);
490 # OK, we got this far, commit
493 $r->log->notice("Successfully wrote $event/$filename to $fname");
496 # Some error occurred, rollback and bomb out
498 dberror($r, "Transaction aborted because $@");
502 # Insert a `shadow file' we can stat the next 30 secs
503 if (defined($autorename) && $autorename eq "autorename/") {
504 $dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (event=? AND filename=?);',
505 undef, $event, $filename)
506 or dberror($r, "Couldn't prune shadow_files");
507 $dbh->do('INSERT INTO shadow_files (event,filename,id,expires_at) VALUES (?,?,?,now() + interval \'30 seconds\');',
508 undef, $event, $orig_filename, $newid)
509 or dberror($r, "Couldn't add shadow file");
510 $r->log->info("Added shadow entry for $event/$filename");
513 $r->content_type('text/plain; charset="utf-8"');
517 return Apache2::Const::OK;
520 # Yes, we fake locks. :-)
521 if ($r->method eq "LOCK") {
522 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) {
524 $r->content_type('text/plain; charset=utf-8');
525 $r->print("No access");
526 return Apache2::Const::OK;
529 my ($event, $autorename, $filename) = ($1, $2, $3);
530 my $sha1 = Digest::SHA1::sha1_base64("/$event/$autorename/$filename");
533 $r->content_type('text/xml; charset=utf-8');
536 <?xml version="1.0" encoding="utf-8"?>
540 <locktype><write/></locktype>
541 <lockscope><exclusive/></lockscope>
544 <href>/webdav/upload/$event/$autorename$filename</href>
546 <timeout>Second-3600</timeout>
548 <href>opaquelocktoken:$sha1</href>
554 return Apache2::Const::OK;
557 if ($r->method eq "UNLOCK") {
558 $r->content_type('text/plain; charset="utf-8"');
562 return Apache2::Const::OK;
565 if ($r->method eq "DELETE") {
566 if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(\._[a-zA-Z0-9._-]+)$#) {
568 $r->content_type('text/plain; charset=utf-8');
569 $r->print("No access");
570 return Apache2::Const::OK;
573 my ($event, $autorename, $filename) = ($1, $2, $3);
574 $dbh->do('DELETE FROM images WHERE event=? AND filename=?;',
575 undef, $event, $filename)
576 or dberror($r, "Couldn't remove file");
580 $r->log->info("deleted $event/$filename");
582 return Apache2::Const::OK;
585 if ($r->method eq "MOVE" or
586 $r->method eq "MKCOL" or
587 $r->method eq "RMCOL" or
588 $r->method eq "RENAME" or
589 $r->method eq "COPY") {
590 $r->content_type('text/plain; charset="utf-8"');
592 $r->print("Sorry, you do not have access to that feature.");
593 return Apache2::Const::OK;
596 $r->content_type('text/plain; charset=utf-8');
597 $r->log->error("unknown method " . $r->method);
599 $r->print("Unknown method");
601 return Apache2::Const::OK;