initial commit file manager project

WebService/data/texts/Letter_to_grandma.txt

@@ -0,0 +1,7 @@
+Hi Granny,
+
+how are you? Hope you are doing good!
+I really miss your cake. Hope to see you soon.
+
+Best,
+Larry

WebService/data/texts/Schoolpapers/C_Programming.txt

@@ -0,0 +1 @@
+it all started with "Hello World!"

WebService/data/texts/Schoolpapers/WebEngineering.txt

@@ -0,0 +1 @@
+Its just amazing!

WebService/data/texts/Text_for_Moonlanding.txt

@@ -0,0 +1 @@
+That's one small step for (a) man, one giant leap for mankind.

WebService/index.php

@@ -0,0 +1,186 @@
+<?php
+
+/**
+Spec:
+
+
+/login ... => login user
+/logout .. => logout user
+
+/... => URL to files and folders:
+
+GET /<DIR>
+= return file/folders in this dir
+
+POST /<DIR>
+= create the directory and send message back
+
+DELETE <DIR>
+= delete the directory
+
+GET /<file>
+= return binary data of file
+
+POST /<file>
+= create the file with corresponding content
+
+DELETE /<file>
+= delete the file and send message
+
+
+Authentication workflow:
+
+POST /login with username password => return token
+
+All other requests:
+authorization: Basic base64(username.token)
+
+*/
+
+require "lib/Folder.php";
+require "lib/File.php";
+require "lib/Authenticator.php";
+
+$authorized = false;
+
+//first check if user is valid
+$headers = getallheaders();
+$auth = array(2);
+if(isset($headers["Authorization"])){
+	$temp = explode(" ",$headers["Authorization"]);
+	$raw_auth = base64_decode($temp[1]);
+	$auth = explode(":",$raw_auth);
+	$authenticator = new Authenticator();
+	$authorized = $authenticator->verifyToken($auth[0],$auth[1]);
+}
+
+$url = filter_input(INPUT_SERVER,"REQUEST_URI",FILTER_SANITIZE_URL);
+
+$paramPos = strpos($url,"?");
+if($paramPos == 0){
+	$path = $url;
+} else {
+	$path = substr($url,0,$paramPos);
+}
+
+
+
+$method = filter_input(INPUT_SERVER,"REQUEST_METHOD",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+if($path != "/login" && !$authorized){
+	http_response_code(401);
+	echo '{"error": "authorization failed"}';
+} else if($path == "/login"){
+	$username = filter_input(INPUT_POST,"username",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+	$password = filter_input(INPUT_POST,"password",FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+	$authenticator = new Authenticator();
+	$result = $authenticator->authUser($username, $password);
+	if(!$result){
+		http_response_code(401);
+		echo '{"error": "authentication failed"}';
+	} else {
+		http_response_code(200);
+		echo '{"token": "'.$result.'"}';
+	}
+} else if($path == "/logout"){
+	if(count($auth) > 0){
+		$authenticator = new Authenticator();
+		if(!$authenticator->logoutToken($auth[0], $auth[1])){
+			http_response_code(500);
+			echo '{"error": "logout failed"}';
+		} else {
+			http_response_code(200);
+			echo '{"message": "logout successful"}';
+		}
+	}
+} else if($authorized){
+	$fullPath = __DIR__."/data".urldecode($path);
+
+	if($method == "GET"){
+		$isDir = Folder::isDirectory($fullPath);
+		if($isDir){
+			$dir = new Folder($fullPath);
+			$entries = $dir->getEntries();
+			if($entries === false){
+				http_response_code(500);
+				echo '{"error": "failed to load directory entries"}';
+			} else {
+				http_response_code(200);
+				echo json_encode($entries);
+			}
+		} else {
+			$file = new File($fullPath);
+			if($file->doExists()){
+ 				if(isset($_GET["format"]) && filter_input(INPUT_GET,"format",FILTER_SANITIZE_FULL_SPECIAL_CHARS) == "base64"){
+					echo base64_encode($file->getContent());
+				} else {
+					header('Content-Type: '.$file->getMimeType());
+					header('Content-Disposition: attachment; filename="'.$file->getFilename().'"');
+					echo $file->getContent();
+				}
+			} else {
+				http_response_code(500);
+				echo '{"error": "file does not exist"}';
+			}
+		}
+	}
+
+	if($method == "POST"){
+		if(isset($_POST["type"]) && filter_input(INPUT_POST,"type",FILTER_SANITIZE_FULL_SPECIAL_CHARS) == "dir"){
+			$isDir = true;
+		} else {
+			$isDir = false;
+		}
+		if($isDir){
+			$dir = new Folder($fullPath);
+			if($dir->create() === false){
+				http_response_code(500);
+				echo '{"error": "failed to create directory"}';
+			} else {
+				http_response_code(200);
+				echo '{"message": "directory created successfully"}';
+			}
+		} else {
+			if(count($_FILES) == 0){ //no upload
+				$file = new File($fullPath);
+				//no filter, since we need to write the file as is
+				$result = $file->writeContent(base64_decode($_POST["content"]));
+			} else {
+				$file = new File($fullPath);
+				$result = $file->createFromUpload($_FILES["newFile"]);
+			}
+
+			if($result === false){
+	                        http_response_code(500);
+                                echo '{"error": "faild to write file"}';
+                        } else {
+                                http_response_code(200);
+        	                echo '{"message": "file written successfully"}';
+                        }
+		}
+	}
+
+	if($method == "DELETE"){
+		$isDir = Folder::isDirectory($fullPath);
+                if($isDir){
+                        $dir = new Folder($fullPath);
+                        if(!$dir->delete()){
+                                http_response_code(500);
+                                echo '{"error": "failed to delete directory"}';
+                        } else {
+                                http_response_code(200);
+                                echo '{"message": "directory deleted successfully"}';
+                        }
+                } else {
+			$file = new File($fullPath);
+			if(!$file->delete()){
+				http_response_code(500);
+				echo '{"error": "failed to delete file"}';
+			} else {
+				http_response_code(200);
+				echo '{"message": "file deleted successfully"}';
+			}
+                }
+
+	}
+
+}

WebService/lib/Authenticator.php

@@ -0,0 +1,118 @@
+<?php
+
+class Authenticator{
+
+	private $dbDN = "sqlite:auth.db";
+	private $tokenValidity = 600;
+
+	private function createInitalDB(){
+		$db = new PDO($this->dbDN);
+		$db->exec("CREATE TABLE users (user TEXT, pass TEXT)");
+		$db->exec("INSERT INTO users VALUES('admin','".md5("admin")."')");
+		$db->exec("CREATE TABLE tokens (username TEXT, token TEXT, validTo INT)");
+		unset($db);
+	}
+
+	private function createToken($username){
+
+		$token = md5($username.time());
+		$validTo = time()+$this->tokenValidity;
+
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("INSERT INTO tokens VALUES (:USER, :TOKEN, :VALIDTO)");
+		$result = $stmt->execute(array(
+			":USER" => $username,
+			":TOKEN" => $token,
+			":VALIDTO" => $validTo
+			));
+		unset($db);
+		if($result){
+			return $token;
+		} else {
+			return false;
+		}
+	}
+
+	public function createUser($username,$password){
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("INSERT INTO users VALUES(:USER,:PASS)");
+		$result = $stmt->execute(array(
+			":USER" => $username,
+			":PASS" => md5($password)
+			));
+		unset($db);
+		return $result;
+	}
+
+	public function deleteUser($username){
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("DELETE FROM users WHERE user = :USER");
+		$result = $stmt->execute(array(
+			":USER" => $username
+			));
+		unset($db);
+		return $result;
+	}
+
+	public function authUser($username,$password){
+	        if(!file_exists("auth.db")){
+                        $this->createInitalDB();
+                }
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("SELECT COUNT(*) AS NUMUSER FROM users WHERE user = :USER and pass = :PASS");
+		$result = $stmt->execute(array(
+			":USER" => $username,
+			":PASS" => md5($password)
+			));
+		if($result){
+			$temp = $stmt->fetchAll();
+			if(intval($temp[0]["NUMUSER"]) == 1){
+				return $this->createToken($username);
+			} else {
+				return false;
+			}
+		} else {
+			return false;
+		}
+
+	}
+
+	public function verifyToken($username,$token){
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("SELECT COUNT(*) AS NUMTOK FROM tokens WHERE username = :USER and token = :TOKEN and validTo >= :VALIDTO");
+		$result = $stmt->execute(array(
+			":USER" => $username,
+			":TOKEN" => $token,
+			":VALIDTO" => time()
+			));
+		if($result){
+			$temp = $stmt->fetchAll();
+			if(intval($temp[0]["NUMTOK"]) == 1){
+				$stmt2 = $db->prepare("UPDATE tokens SET validTo = :VALIDTO WHERE token = :TOKEN");
+				$result = $stmt2->execute(array(
+					":VALIDTO" => time()+$this->tokenValidity,
+					":TOKEN" => $token
+					));
+				unset($db);
+				return $result;
+			} else {
+				unset($db);
+				return false;
+			}
+		} else {
+			unset($db);
+			return false;
+		}
+
+	}
+
+	public function logoutToken($username, $token){
+		$db = new PDO($this->dbDN);
+		$stmt = $db->prepare("DELETE FROM tokens WHERE username = :USER AND token = :TOKEN");
+		$result = $stmt->execute(array(
+			":USER" => $username,
+			":TOKEN" => $token
+			));
+		return $result;
+	}
+}

WebService/lib/File.php

@@ -0,0 +1,49 @@
+<?php
+
+class File {
+	private $fullFilename = "";
+
+	public function __construct($fullFilename){
+		$this->fullFilename = $fullFilename;
+	}
+
+	public function doExists(){
+		return file_exists($this->fullFilename);
+	}
+
+	public function getMimeType(){
+		return mime_content_type($this->fullFilename);
+	}
+
+	public function getContent(){
+		return file_get_contents($this->fullFilename);
+	}
+
+	public function delete(){
+		return unlink($this->fullFilename);
+	}
+
+	public function getFilePath(){
+		return dirname($this->fullFilename);
+	}
+
+	public function getFilename(){
+		return basename($this->fullFilename);
+	}
+
+	protected function writeToFile($data,$flag){
+		return file_put_contents($this->fullFilename,$data,$flag);
+	}
+
+	public function addContent($data){
+		return $this->writeToFile($data,FILE_APPEND);
+	}
+
+	public function writeContent($data){
+		return $this->writeToFile($data,0);
+	}
+
+	public function createFromUpload($file){
+		move_uploaded_file($file['tmp_name'],$this->fullFilename);
+	}
+}

WebService/lib/Folder.php

@@ -0,0 +1,63 @@
+<?php
+
+class Folder{
+	private $fullDirname = "";
+
+	public static function isDirectory($fullPath){
+		return is_dir($fullPath);
+	}
+
+	public function __construct($fullDirname){
+		if(substr($fullDirname,-1,1)=="/" && $fullDirname != "/"){
+			$fullDirname=substr($fullDirname,0,-1);
+		}
+		$this->fullDirname = $fullDirname;
+	}
+
+	public function create(){
+		return mkdir($this->fullDirname);
+	}
+
+	public function isEmpty(){
+		return (count(scandir($this->fullDirname)) <= 2);
+	}
+
+	public function delete(){
+		if($this->isEmpty()){
+			return rmdir($this->fullDirname);
+		}else{
+			return false;
+		}
+	}
+
+	public function getFoldername(){
+		return basename($this->fullDirname);
+	}
+
+	public function getFolderpath(){
+		return dirname($this->fullDirname);
+	}
+
+	public function getEntries(){
+		$entries = array();
+		if($dir = opendir($this->fullDirname)){
+
+			while (false !== ($entry = readdir($dir))) {
+				if($entry != "." && $entry != ".."){
+					if(is_dir($this->fullDirname."/".$entry)){
+						$temp = array("Name" => $entry, "Type" => "dir");
+					}else{
+						$temp = array("Name" => $entry, "Type" => mime_content_type($this->fullDirname."/".$entry));
+					}
+					array_push($entries,$temp);
+				}
+			}
+
+			closedir($dir);
+			return $entries;
+
+		}else{
+			return false;
+		}
+	}
+}

WebService/router.php

@@ -0,0 +1,12 @@
+<?php
+header("Access-Control-Allow-Origin: *");
+if($_SERVER["REQUEST_METHOD"] == "OPTIONS"){
+	http_response_code(200);
+	header("Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE");
+	header("Access-Control-Allow-Headers: authorization, origin, content-type, accept, x-requested-with");
+	header("Access-Control-Max-Age: 3600");
+} else {
+	include "index.php";
+}
+?>
+

WebService/upload.ini

@@ -0,0 +1,4 @@
+file_uploads = On
+memory_limit = 64M
+upload_max_filesize = 64M
+post_max_size = 64M