X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=perl%2FSesse%2Fpr0n%2FWebDAV.pm;h=84abaca33258cc1287716daa1a78daebf27047d7;hb=09260885c52013320acd21d7ce262e12def7301f;hp=09f10e519cd1ebd312be7e6a51d84f0a58b6a008;hpb=fd1e8cc4d43ed344438cb93e203ca146fe243487;p=pr0n
diff --git a/perl/Sesse/pr0n/WebDAV.pm b/perl/Sesse/pr0n/WebDAV.pm
index 09f10e5..84abaca 100644
--- a/perl/Sesse/pr0n/WebDAV.pm
+++ b/perl/Sesse/pr0n/WebDAV.pm
@@ -3,55 +3,48 @@ use strict;
use warnings;
use Sesse::pr0n::Common qw(error dberror);
-use Digest::SHA1;
+use Digest::SHA;
use MIME::Base64;
-use Apache2::Request;
-use Apache2::Upload;
sub handler {
my $r = shift;
my $dbh = Sesse::pr0n::Common::get_dbh();
-
- $r->headers_out->{'DAV'} = "1,2";
+
+ my $res = Plack::Response->new(200);
+ my $io = IO::String->new;
+ $r->header('DAV' => "1,2");
# We only handle depth=0, depth=1 (cf. the RFC)
- my $depth = $r->headers_in->{'depth'};
+ my $depth = $r->header('depth');
$depth = 0 if (!defined($depth));
if (defined($depth) && $depth ne "0" && $depth ne "1") {
- $r->content_type('text/plain; charset="utf-8"');
- $r->status(403);
- $r->print("Invalid depth setting");
- return Apache2::Const::OK;
- }
-
- my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
- if (!defined($user)) {
- return Apache2::Const::OK;
+ $res->status(403);
+ $res->content_type('text/plain; charset="utf-8"');
+ $res->body("Invalid depth setting");
+ return $res;
}
# Just "ping, are you alive and do you speak WebDAV"
if ($r->method eq "OPTIONS") {
- $r->content_type('text/plain; charset="utf-8"');
- $r->status(200);
- $r->headers_out->{'allow'} = 'OPTIONS,PUT';
- $r->headers_out->{'ms-author-via'} = 'DAV';
- return Apache2::Const::OK;
+ $res->content_type('text/plain; charset="utf-8"');
+ $res->header('allow' => 'OPTIONS,PUT');
+ $res->header('ms-author-via' => 'DAV');
+ return $res;
}
+ my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
+ return Sesse::pr0n::Common::generate_401($r) if (!defined($user));
+
# Directory listings et al
if ($r->method eq "PROPFIND") {
- # We ignore the body, but we _must_ consume it fully before
- # we output anything, or Squid will get seriously confused
- $r->discard_request_body;
-
- $r->content_type('text/xml; charset="utf-8"');
- $r->status(207);
+ $res->content_type('text/xml; charset="utf-8"');
+ $res->status(207);
- if ($r->uri =~ m#^/webdav/?$#) {
- $r->headers_out->{'content-location'} = "/webdav/";
+ if ($r->path_info =~ m#^/webdav/?$#) {
+ $res->header('content-location' => "/webdav/");
# Root directory
- $r->print(<<"EOF");
+ $io->print(<<"EOF");
Couldn't find file
"); - return Apache2::Const::OK; + if ($r->path_info !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) { + $res->status(404); + $res->content_type('text/xml; charset=utf-8'); + $res->body("\nCouldn't find file
"); + return $res; } my ($event, $autorename, $filename) = ($1, $2, $3); @@ -360,7 +357,7 @@ EOF # check if we have a pending fake file for this my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND vhost=? AND filename=? AND expires_at > now()', - undef, $event, $r->get_server_name, $filename); + undef, $event, Sesse::pr0n::Common::get_server_name($r), $filename); if ($ref->{'numfiles'} == 1) { $fname = "/dev/null"; $size = 0; @@ -368,8 +365,8 @@ EOF } else { # check if we have a "shadow file" for this if (defined($autorename) && $autorename eq "autorename/") { - my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE host=? AND event=? AND filename=? AND expires_at > now()', - undef, $r->get_server_name, $event, $filename); + my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE vhost=? AND event=? AND filename=? AND expires_at > now()', + undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename); if (defined($ref)) { ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'}); } @@ -379,32 +376,35 @@ EOF } if (!defined($fname)) { - $r->status(404); - $r->content_type('text/plain; charset=utf-8'); - $r->print("Couldn't find file"); - return Apache2::Const::OK; + $res->status(404); + $res->content_type('text/plain; charset=utf-8'); + $res->body("Couldn't find file"); + return $res; } - $r->status(200); - $r->set_content_length($size); - $r->set_last_modified($mtime); + $res->status(200); + $res->set_content_length($size); + Sesse::pr0n::Common::set_last_modified($res, $mtime); if ($r->method eq "GET") { - $r->sendfile($fname); + $res->content(IO::File::WithPath->new($fname)); } - return Apache2::Const::OK; + return $res; } if ($r->method eq "PUT") { - if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) { - $r->status(403); - $r->content_type('text/plain; charset=utf-8'); - $r->print("No access"); - return Apache2::Const::OK; + if ($r->path_info !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) { + $res->status(403); + $res->content_type('text/plain; charset=utf-8'); + $res->body("No access"); + return $res; } my ($event, $autorename, $filename) = ($1, $2, $3); - my $size = $r->headers_in->{'content-length'}; + my $size = $r->header('content-length'); + if (!defined($size)) { + $size = $r->header('x-expected-entity-length'); + } my $orig_filename = $filename; # Remove evil characters @@ -412,10 +412,10 @@ EOF if (defined($autorename) && $autorename eq "autorename/") { $filename =~ tr/a-zA-Z0-9.()-/_/c; } else { - $r->status(403); - $r->content_type('text/plain; charset=utf-8'); - $r->print("Illegal characters in filename"); - return Apache2::Const::OK; + $res->status(403); + $res->content_type('text/plain; charset=utf-8'); + $res->body("Illegal characters in filename"); + return $res; } } @@ -423,35 +423,40 @@ EOF # gnome-vfs and mac os x love to make zero-byte files, # make them happy # - if ($r->headers_in->{'content-length'} == 0 || $filename =~ /^\.(_|DS_Store)/) { + if ($size == 0 || $filename =~ /^\.(_|DS_Store)/) { $dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND vhost=? AND filename=?);', - undef, $event, $r->get_server_name, $filename) - or dberror($r, "Couldn't prune fake_files"); + undef, $event, Sesse::pr0n::Common::get_server_name($r), $filename) + or return dberror($r, "Couldn't prune fake_files"); $dbh->do('INSERT INTO fake_files (vhost,event,filename,expires_at) VALUES (?,?,?,now() + interval \'1 day\');', - undef, $r->get_server_name, $event, $filename) - or dberror($r, "Couldn't add file"); - $r->content_type('text/plain; charset="utf-8"'); - $r->status(201); - $r->print("OK"); - $r->log->info("Fake upload of $event/$filename"); - return Apache2::Const::OK; + undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) + or return dberror($r, "Couldn't add file"); + $res->content_type('text/plain; charset="utf-8"'); + $res->status(201); + $res->body("OK"); + Sesse::pr0n::Common::log_info($r, "Fake upload of $event/$filename"); + return $res; } - + # Get the new ID my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;"); my $newid = $ref->{'id'}; if (!defined($newid)) { - dberror($r, "Couldn't get new ID"); + return dberror($r, "Couldn't get new ID"); } # Autorename if we need to - if (defined($autorename) && $autorename eq "autorename/") { - my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?", - undef, $r->get_server_name, $event, $filename) - or dberror($r, "Couldn't check for existing files"); - if ($ref->{'numfiles'} > 0) { - $r->log->info("Renaming $filename to $newid.jpeg"); + $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?", + undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) + or return dberror($r, "Couldn't check for existing files"); + if ($ref->{'numfiles'} > 0) { + if (defined($autorename) && $autorename eq "autorename/") { + Sesse::pr0n::Common::log_info($r, "Renaming $filename to $newid.jpeg"); $filename = "$newid.jpeg"; + } else { + $res->status(403); + $res->content_type('text/plain; charset=utf-8'); + $res->body("File $filename already exists in event $event, cannot overwrite"); + return $res; } } @@ -464,25 +469,19 @@ EOF # Try to insert this new file eval { $dbh->do('DELETE FROM fake_files WHERE vhost=? AND event=? AND filename=?', - undef, $r->get_server_name, $event, $filename); + undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename); $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)', - undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename); - $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?', - undef, $r->get_server_name, $event); - Sesse::pr0n::Common::purge_cache($r, "/$event/"); + undef, $newid, Sesse::pr0n::Common::get_server_name($r), $event, $user, $takenby, $filename); + Sesse::pr0n::Common::purge_cache($r, $res, "/$event/"); # Now save the file to disk + Sesse::pr0n::Common::ensure_disk_location_exists($r, $newid); $fname = Sesse::pr0n::Common::get_disk_location($r, $newid); - open NEWFILE, ">$fname" - or die "$fname: $!"; - - my $buf; - my $content_length = $r->headers_in->{'content-length'}; - if ($r->read($buf, $content_length)) { - print NEWFILE $buf or die "write($fname): $!"; - } + open NEWFILE, ">", $fname + or die "$fname: $!"; + print NEWFILE $r->content; close NEWFILE or die "close($fname): $!"; # Orient stuff correctly @@ -494,180 +493,56 @@ EOF if ($filename !~ /^\.(_|DS_Store)/) { # FIXME: Ideally we'd want to ensure cache of -1x-1 here as well (for NEFs), but that would # preclude mipmapping in its current form. - Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, "nobox", 80, 64, 320, 256); + Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, "nobox", 1, 80, 64, 320, 256); } # OK, we got this far, commit $dbh->commit; - $r->log->notice("Successfully wrote $event/$filename to $fname"); + Sesse::pr0n::Common::log_info($r, "Successfully wrote $event/$filename to $fname"); }; if ($@) { # Some error occurred, rollback and bomb out $dbh->rollback; - error($r, "Transaction aborted because $@"); unlink($fname); + return error($r, "Transaction aborted because $@"); } } # Insert a `shadow file' we can stat the next day or so if (defined($autorename) && $autorename eq "autorename/") { $dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (vhost=? AND event=? AND filename=?);', - undef, $r->get_server_name, $event, $filename) - or dberror($r, "Couldn't prune shadow_files"); + undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) + or return dberror($r, "Couldn't prune shadow_files"); $dbh->do('INSERT INTO shadow_files (vhost,event,filename,id,expires_at) VALUES (?,?,?,?,now() + interval \'1 day\');', - undef, $r->get_server_name, $event, $orig_filename, $newid) - or dberror($r, "Couldn't add shadow file"); - $r->log->info("Added shadow entry for $event/$filename"); - } - - $r->content_type('text/plain; charset="utf-8"'); - $r->status(201); - $r->print("OK"); - - return Apache2::Const::OK; - } - - # Used by the XP publishing wizard -- largely the same as the code above - # but vastly simplified. Should we refactor? - if ($r->method eq "POST") { - my $apr = Apache2::Request->new($r); - my $client_size = $apr->param('size'); - my $event = $apr->param('event'); - - my $file = $apr->upload('image'); - my $filename = $file->filename(); - if ($client_size != $file->size()) { - $r->content_type('text/plain; charset="utf-8"'); - $r->status(403); - $r->print("Client-size resizing detected; refusing automatically"); - - $r->log->info("Client-size resized upload of $event/$filename detected"); - return Apache2::Const::OK; - } - - # Ugh, Windows XP seems to be sending this in... something that's not UTF-8, at least - my $takenby_given = Sesse::pr0n::Common::guess_charset($apr->param('takenby')); - - if (defined($takenby_given) && $takenby_given !~ /^\s*$/ && $takenby_given !~ /[<>&]/ && length($takenby_given) <= 100) { - $takenby = $takenby_given; - } - - my $ne_id = Sesse::pr0n::Common::guess_charset($apr->param('neweventid')); - my $ne_date = Sesse::pr0n::Common::guess_charset($apr->param('neweventdate')); - my $ne_desc = Sesse::pr0n::Common::guess_charset($apr->param('neweventdesc')); - if (defined($ne_id)) { - # Trying to add a new event, let's see if it already exists - my $q = $dbh->prepare('SELECT COUNT(*) AS cnt FROM events WHERE event=? AND vhost=?') - or dberror($r, "Couldn't prepare event count"); - $q->execute($ne_id, $r->get_server_name) - or dberror($r, "Couldn't execute event count"); - my $ref = $q->fetchrow_hashref; - - if ($ref->{'cnt'} == 0) { - my @errors = Sesse::pr0n::Common::add_new_event($dbh, $ne_id, $ne_date, $ne_desc, $r->get_server_name); - if (scalar @errors > 0) { - die "Couldn't add new event $ne_id: " . join(', ', @errors); - } - } - - $event = $ne_id; - } - - # Remove evil characters - if ($filename =~ /[^a-zA-Z0-9._-]/) { - $filename =~ tr/a-zA-Z0-9.-/_/c; - } - - # Get the new ID - my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;"); - my $newid = $ref->{'id'}; - if (!defined($newid)) { - dberror($r, "Couldn't get new ID"); + undef, Sesse::pr0n::Common::get_server_name($r), $event, $orig_filename, $newid) + or return dberror($r, "Couldn't add shadow file"); + Sesse::pr0n::Common::log_info($r, "Added shadow entry for $event/$filename"); } - - # Autorename if we need to - { - my $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?", - undef, $r->get_server_name, $event, $filename) - or dberror($r, "Couldn't check for existing files"); - if ($ref->{'numfiles'} > 0) { - $r->log->info("Renaming $filename to $newid.jpeg"); - $filename = "$newid.jpeg"; - } - } - - { - # Enable transactions and error raising temporarily - local $dbh->{AutoCommit} = 0; - local $dbh->{RaiseError} = 1; - my $fname; - - # Try to insert this new file - eval { - $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)', - undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename); - $dbh->do('UPDATE last_picture_cache SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?', - undef, $r->get_server_name, $event); - # Now save the file to disk - $fname = Sesse::pr0n::Common::get_disk_location($r, $newid); - open NEWFILE, ">$fname" - or die "$fname: $!"; - - my $buf; - $file->slurp($buf); - print NEWFILE $buf or die "write($fname): $!"; - close NEWFILE or die "close($fname): $!"; - - # Orient stuff correctly - system("/usr/bin/exifautotran", $fname) == 0 - or die "/usr/bin/exifautotran: $!"; - - # Make cache while we're at it. - Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, 1, 80, 64, 320, 256, -1, -1); - - # OK, we got this far, commit - $dbh->commit; - - $r->log->notice("Successfully wrote $event/$filename to $fname"); - }; - if ($@) { - # Some error occurred, rollback and bomb out - $dbh->rollback; - error($r, "Transaction aborted because $@"); - unlink($fname); - - $r->content_type('text/plain; charset="utf-8"'); - $r->status(500); - $r->print("Error: $@"); - } - } - - $r->content_type('text/plain; charset="utf-8"'); - $r->status(201); - $r->print("OK"); - - return Apache2::Const::OK; + $res->content_type('text/plain; charset="utf-8"'); + $res->status(201); + $res->body("OK"); + return $res; } # Yes, we fake locks. :-) if ($r->method eq "LOCK") { - if ($r->uri !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) { - $r->status(403); - $r->content_type('text/plain; charset=utf-8'); - $r->print("No access"); - return Apache2::Const::OK; + if ($r->path_info !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) { + $res->status(403); + $res->content_type('text/plain; charset=utf-8'); + $res->body("No access"); + return $res; } my ($event, $autorename, $filename) = ($1, $2, $3); $autorename = '' if (!defined($autorename)); - my $sha1 = Digest::SHA1::sha1_base64("/$event/$autorename$filename"); + my $sha1 = Digest::SHA::sha1_base64("/$event/$autorename$filename"); - $r->status(200); - $r->content_type('text/xml; charset=utf-8'); + $res->status(200); + $res->content_type('text/xml; charset=utf-8'); - $r->print(<<"EOF"); + $io->print(<<"EOF");