187 lines
4.9 KiB
PHP
187 lines
4.9 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
/**
|
||
|
|
Spec:
|
||
|
|
|
||
|
|
|
||
|
|
/login ... => login user
|
||
|
|
/logout .. => logout user
|
||
|
|
|
||
|
|
/... => URL to files and folders:
|
||
|
|
|
||
|
|
GET /<DIR>
|
||
|
|
= return file/folders in this dir
|
||
|
|
|
||
|
|
POST /<DIR>
|
||
|
|
= create the directory and send message back
|
||
|
|
|
||
|
|
DELETE <DIR>
|
||
|
|
= delete the directory
|
||
|
|
|
||
|
|
GET /<file>
|
||
|
|
= return binary data of file
|
||
|
|
|
||
|
|
POST /<file>
|
||
|
|
= create the file with corresponding content
|
||
|
|
|
||
|
|
DELETE /<file>
|
||
|
|
= delete the file and send message
|
||
|
|
|
||
|
|
|
||
|
|
Authentication workflow:
|
||
|
|
|
||
|
|
POST /login with username password => return token
|
||
|
|
|
||
|
|
All other requests:
|
||
|
|
authorization: Basic base64(username.token)
|
||
|
|
|
||
|
|
*/
|
||
|
|
|
||
|
|
require "lib/Folder.php";
|
||
|
|
require "lib/File.php";
|
||
|
|
require "lib/Authenticator.php";
|
||
|
|
|
||
|
|
$authorized = false;
|
||
|
|
|
||
|
|
//first check if user is valid
|
||
|
|
$headers = getallheaders();
|
||
|
|
$auth = array(2);
|
||
|
|
if(isset($headers["Authorization"])){
|
||
|
|
$temp = explode(" ",$headers["Authorization"]);
|
||
|
|
$raw_auth = base64_decode($temp[1]);
|
||
|
|
$auth = explode(":",$raw_auth);
|
||
|
|
$authenticator = new Authenticator();
|
||
|
|
$authorized = $authenticator->verifyToken($auth[0],$auth[1]);
|
||
|
|
}
|
||
|
|
|
||
|
|
$url = filter_input(INPUT_SERVER,"REQUEST_URI",FILTER_SANITIZE_URL);
|
||
|
|
|
||
|
|
$paramPos = strpos($url,"?");
|
||
|
|
if($paramPos == 0){
|
||
|
|
$path = $url;
|
||
|
|
} else {
|
||
|
|
$path = substr($url,0,$paramPos);
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
$method = filter_input(INPUT_SERVER,"REQUEST_METHOD",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||
|
|
if($path != "/login" && !$authorized){
|
||
|
|
http_response_code(401);
|
||
|
|
echo '{"error": "authorization failed"}';
|
||
|
|
} else if($path == "/login"){
|
||
|
|
$username = filter_input(INPUT_POST,"username",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||
|
|
$password = filter_input(INPUT_POST,"password",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||
|
|
$authenticator = new Authenticator();
|
||
|
|
$result = $authenticator->authUser($username, $password);
|
||
|
|
if(!$result){
|
||
|
|
http_response_code(401);
|
||
|
|
echo '{"error": "authentication failed"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"token": "'.$result.'"}';
|
||
|
|
}
|
||
|
|
} else if($path == "/logout"){
|
||
|
|
if(count($auth) > 0){
|
||
|
|
$authenticator = new Authenticator();
|
||
|
|
if(!$authenticator->logoutToken($auth[0], $auth[1])){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "logout failed"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"message": "logout successful"}';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
} else if($authorized){
|
||
|
|
$fullPath = __DIR__."/data".urldecode($path);
|
||
|
|
|
||
|
|
if($method == "GET"){
|
||
|
|
$isDir = Folder::isDirectory($fullPath);
|
||
|
|
if($isDir){
|
||
|
|
$dir = new Folder($fullPath);
|
||
|
|
$entries = $dir->getEntries();
|
||
|
|
if($entries === false){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "failed to load directory entries"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo json_encode($entries);
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
$file = new File($fullPath);
|
||
|
|
if($file->doExists()){
|
||
|
|
if(isset($_GET["format"]) && filter_input(INPUT_GET,"format",FILTER_SANITIZE_FULL_SPECIAL_CHARS) == "base64"){
|
||
|
|
echo base64_encode($file->getContent());
|
||
|
|
} else {
|
||
|
|
header('Content-Type: '.$file->getMimeType());
|
||
|
|
header('Content-Disposition: attachment; filename="'.$file->getFilename().'"');
|
||
|
|
echo $file->getContent();
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "file does not exist"}';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if($method == "POST"){
|
||
|
|
if(isset($_POST["type"]) && filter_input(INPUT_POST,"type",FILTER_SANITIZE_FULL_SPECIAL_CHARS) == "dir"){
|
||
|
|
$isDir = true;
|
||
|
|
} else {
|
||
|
|
$isDir = false;
|
||
|
|
}
|
||
|
|
if($isDir){
|
||
|
|
$dir = new Folder($fullPath);
|
||
|
|
if($dir->create() === false){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "failed to create directory"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"message": "directory created successfully"}';
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
if(count($_FILES) == 0){ //no upload
|
||
|
|
$file = new File($fullPath);
|
||
|
|
//no filter, since we need to write the file as is
|
||
|
|
$result = $file->writeContent(base64_decode($_POST["content"]));
|
||
|
|
} else {
|
||
|
|
$file = new File($fullPath);
|
||
|
|
$result = $file->createFromUpload($_FILES["newFile"]);
|
||
|
|
}
|
||
|
|
|
||
|
|
if($result === false){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "faild to write file"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"message": "file written successfully"}';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if($method == "DELETE"){
|
||
|
|
$isDir = Folder::isDirectory($fullPath);
|
||
|
|
if($isDir){
|
||
|
|
$dir = new Folder($fullPath);
|
||
|
|
if(!$dir->delete()){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "failed to delete directory"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"message": "directory deleted successfully"}';
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
$file = new File($fullPath);
|
||
|
|
if(!$file->delete()){
|
||
|
|
http_response_code(500);
|
||
|
|
echo '{"error": "failed to delete file"}';
|
||
|
|
} else {
|
||
|
|
http_response_code(200);
|
||
|
|
echo '{"message": "file deleted successfully"}';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
}
|
||
|
|
|
||
|
|
}
|