X-Git-Url: https://git.sesse.net/?p=pr0n;a=blobdiff_plain;f=perl%2FSesse%2Fpr0n%2FWebDAV.pm;fp=perl%2FSesse%2Fpr0n%2FWebDAV.pm;h=0000000000000000000000000000000000000000;hp=ade89638577cfa03a57b7484ee04e7b3725dc7b1;hb=3b2c7786062de33fd427f8b30556570cab9d4349;hpb=8f134ac2c4309260db7e2ede5814e30427467c3b
diff --git a/perl/Sesse/pr0n/WebDAV.pm b/perl/Sesse/pr0n/WebDAV.pm
deleted file mode 100644
index ade8963..0000000
--- a/perl/Sesse/pr0n/WebDAV.pm
+++ /dev/null
@@ -1,619 +0,0 @@
-package Sesse::pr0n::WebDAV;
-use strict;
-use warnings;
-
-use Sesse::pr0n::Common qw(error dberror);
-use Digest::SHA;
-use MIME::Base64;
-
-sub handler {
- my $r = shift;
- my $dbh = Sesse::pr0n::Common::get_dbh();
-
- my $res = Plack::Response->new(200);
- my $io = IO::String->new;
- $r->header('DAV' => "1,2");
-
- # We only handle depth=0, depth=1 (cf. the RFC)
- my $depth = $r->header('depth');
- $depth = 0 if (!defined($depth));
- if (defined($depth) && $depth ne "0" && $depth ne "1") {
- $res->status(403);
- $res->content_type('text/plain; charset="utf-8"');
- $res->body("Invalid depth setting");
- return $res;
- }
-
- # Just "ping, are you alive and do you speak WebDAV"
- if ($r->method eq "OPTIONS") {
- $res->content_type('text/plain; charset="utf-8"');
- $res->header('allow' => 'OPTIONS,PUT');
- $res->header('ms-author-via' => 'DAV');
- return $res;
- }
-
- my ($user,$takenby) = Sesse::pr0n::Common::check_access($r);
- return Sesse::pr0n::Common::generate_401($r) if (!defined($user));
-
- # Directory listings et al
- if ($r->method eq "PROPFIND") {
- $res->content_type('text/xml; charset="utf-8"');
- $res->status(207);
-
- if ($r->path_info =~ m#^/webdav/?$#) {
- $res->header('content-location' => "/webdav/");
-
- # Root directory
- $io->print(<<"EOF");
-
-
Couldn't find file
"); - return $res; - } - - my ($event, $autorename, $filename) = ($1, $2, $3); - - # Check if this file really exists - my ($fname, $size, $mtime); - - # check if we have a pending fake file for this - my $ref = $dbh->selectrow_hashref('SELECT count(*) AS numfiles FROM fake_files WHERE event=? AND vhost=? AND filename=? AND expires_at > now()', - undef, $event, Sesse::pr0n::Common::get_server_name($r), $filename); - if ($ref->{'numfiles'} == 1) { - $fname = "/dev/null"; - $size = 0; - $mtime = time; - } else { - # check if we have a "shadow file" for this - if (defined($autorename) && $autorename eq "autorename/") { - my $ref = $dbh->selectrow_hashref('SELECT id FROM shadow_files WHERE vhost=? AND event=? AND filename=? AND expires_at > now()', - undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename); - if (defined($ref)) { - ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image_from_id($r, $ref->{'id'}); - } - } elsif (!defined($fname)) { - ($fname, $size, $mtime) = Sesse::pr0n::Common::stat_image($r, $event, $filename); - } - } - - if (!defined($fname)) { - $res->status(404); - $res->content_type('text/plain; charset=utf-8'); - $res->body("Couldn't find file"); - return $res; - } - - $res->status(200); - $res->set_content_length($size); - Sesse::pr0n::Common::set_last_modified($res, $mtime); - - if ($r->method eq "GET") { - $res->content(IO::File::WithPath->new($fname)); - } - return $res; - } - - if ($r->method eq "PUT") { - if ($r->path_info !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?(.{1,250})$#) { - $res->status(403); - $res->content_type('text/plain; charset=utf-8'); - $res->body("No access"); - return $res; - } - - my ($event, $autorename, $filename) = ($1, $2, $3); - my $size = $r->header('content-length'); - if (!defined($size)) { - $size = $r->header('x-expected-entity-length'); - } - my $orig_filename = $filename; - - # Remove evil characters - if ($filename =~ /[^a-zA-Z0-9._()-]/) { - if (defined($autorename) && $autorename eq "autorename/") { - $filename =~ tr/a-zA-Z0-9.()-/_/c; - } else { - $res->status(403); - $res->content_type('text/plain; charset=utf-8'); - $res->body("Illegal characters in filename"); - return $res; - } - } - - # - # gnome-vfs and mac os x love to make zero-byte files, - # make them happy - # - if ($size == 0 || $filename =~ /^\.(_|DS_Store)/) { - $dbh->do('DELETE FROM fake_files WHERE expires_at <= now() OR (event=? AND vhost=? AND filename=?);', - undef, $event, Sesse::pr0n::Common::get_server_name($r), $filename) - or return dberror($r, "Couldn't prune fake_files"); - $dbh->do('INSERT INTO fake_files (vhost,event,filename,expires_at) VALUES (?,?,?,now() + interval \'1 day\');', - undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) - or return dberror($r, "Couldn't add file"); - $res->content_type('text/plain; charset="utf-8"'); - $res->status(201); - $res->body("OK"); - Sesse::pr0n::Common::log_info($r, "Fake upload of $event/$filename"); - return $res; - } - - # Get the new ID - my $ref = $dbh->selectrow_hashref("SELECT NEXTVAL('imageid_seq') AS id;"); - my $newid = $ref->{'id'}; - if (!defined($newid)) { - return dberror($r, "Couldn't get new ID"); - } - - # Autorename if we need to - $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS numfiles FROM images WHERE vhost=? AND event=? AND filename=?", - undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) - or return dberror($r, "Couldn't check for existing files"); - if ($ref->{'numfiles'} > 0) { - if (defined($autorename) && $autorename eq "autorename/") { - Sesse::pr0n::Common::log_info($r, "Renaming $filename to $newid.jpeg"); - $filename = "$newid.jpeg"; - } else { - $res->status(403); - $res->content_type('text/plain; charset=utf-8'); - $res->body("File $filename already exists in event $event, cannot overwrite"); - return $res; - } - } - - { - # Enable transactions and error raising temporarily - local $dbh->{AutoCommit} = 0; - local $dbh->{RaiseError} = 1; - my $fname; - - # Try to insert this new file - eval { - $dbh->do('DELETE FROM fake_files WHERE vhost=? AND event=? AND filename=?', - undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename); - - $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)', - undef, $newid, Sesse::pr0n::Common::get_server_name($r), $event, $user, $takenby, $filename); - Sesse::pr0n::Common::purge_cache($r, $res, "/$event/"); - - # Now save the file to disk - Sesse::pr0n::Common::ensure_disk_location_exists($r, $newid); - $fname = Sesse::pr0n::Common::get_disk_location($r, $newid); - - open NEWFILE, ">", $fname - or die "$fname: $!"; - print NEWFILE $r->content; - close NEWFILE or die "close($fname): $!"; - - # Orient stuff correctly - system("/usr/bin/exifautotran", $fname) == 0 - or die "/usr/bin/exifautotran: $!"; - - # Make cache while we're at it. - # Don't do it for the resource forks Mac OS X loves to upload :-( - if ($filename !~ /^\.(_|DS_Store)/) { - # FIXME: Ideally we'd want to ensure cache of -1x-1 here as well (for NEFs), but that would - # preclude mipmapping in its current form. - Sesse::pr0n::Common::ensure_cached($r, $filename, $newid, undef, undef, 320, 256); - } - - # OK, we got this far, commit - $dbh->commit; - - Sesse::pr0n::Common::log_info($r, "Successfully wrote $event/$filename to $fname"); - }; - if ($@) { - # Some error occurred, rollback and bomb out - $dbh->rollback; - unlink($fname); - return error($r, "Transaction aborted because $@"); - } - } - - # Insert a `shadow file' we can stat the next day or so - if (defined($autorename) && $autorename eq "autorename/") { - $dbh->do('DELETE FROM shadow_files WHERE expires_at <= now() OR (vhost=? AND event=? AND filename=?);', - undef, Sesse::pr0n::Common::get_server_name($r), $event, $filename) - or return dberror($r, "Couldn't prune shadow_files"); - $dbh->do('INSERT INTO shadow_files (vhost,event,filename,id,expires_at) VALUES (?,?,?,?,now() + interval \'1 day\');', - undef, Sesse::pr0n::Common::get_server_name($r), $event, $orig_filename, $newid) - or return dberror($r, "Couldn't add shadow file"); - Sesse::pr0n::Common::log_info($r, "Added shadow entry for $event/$filename"); - } - - $res->content_type('text/plain; charset="utf-8"'); - $res->status(201); - $res->body("OK"); - return $res; - } - - # Yes, we fake locks. :-) - if ($r->method eq "LOCK") { - if ($r->path_info !~ m#^/webdav/upload/([a-zA-Z0-9-]+)/(autorename/)?([a-zA-Z0-9._-]+)$#) { - $res->status(403); - $res->content_type('text/plain; charset=utf-8'); - $res->body("No access"); - return $res; - } - - my ($event, $autorename, $filename) = ($1, $2, $3); - $autorename = '' if (!defined($autorename)); - my $sha1 = Digest::SHA::sha1_base64("/$event/$autorename$filename"); - - $res->status(200); - $res->content_type('text/xml; charset=utf-8'); - - $io->print(<<"EOF"); - -