Merge pull request #52182 from nextcloud/feat/dav/public-share-chunked-upload

Author: skjnldsv

apps/dav/appinfo/v1/publicwebdav.php

@@ -68,7 +68,7 @@
 $linkCheckPlugin = new PublicLinkCheckPlugin();
 $filesDropPlugin = new FilesDropPlugin();
 
-$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
+$server = $serverFactory->createServer(false, $baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
 	$isAjax = in_array('XMLHttpRequest', explode(',', $_SERVER['HTTP_X_REQUESTED_WITH'] ?? ''));
 	/** @var FederatedShareProvider $shareProvider */
 	$federatedShareProvider = Server::get(FederatedShareProvider::class);

apps/dav/appinfo/v1/webdav.php

@@ -68,7 +68,7 @@
 
 $requestUri = Server::get(IRequest::class)->getRequestUri();
 
-$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function () {
+$server = $serverFactory->createServer(false, $baseuri, $requestUri, $authPlugin, function () {
 	// use the view for the logged in user
 	return Filesystem::getView();
 });

apps/dav/appinfo/v2/publicremote.php

@@ -14,12 +14,15 @@
 use OCA\DAV\Files\Sharing\PublicLinkCheckPlugin;
 use OCA\DAV\Storage\PublicOwnerWrapper;
 use OCA\DAV\Storage\PublicShareWrapper;
+use OCA\DAV\Upload\ChunkingPlugin;
+use OCA\DAV\Upload\ChunkingV2Plugin;
 use OCA\FederatedFileSharing\FederatedShareProvider;
 use OCP\BeforeSabrePubliclyLoadedEvent;
 use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\IRootFolder;
 use OCP\Files\Mount\IMountManager;
+use OCP\ICacheFactory;
 use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IPreview;
@@ -75,12 +78,8 @@
 $linkCheckPlugin = new PublicLinkCheckPlugin();
 $filesDropPlugin = new FilesDropPlugin();
 
-// Define root url with /public.php/dav/files/TOKEN
 /** @var string $baseuri defined in public.php */
-preg_match('/(^files\/[a-z0-9-_]+)/i', substr($requestUri, strlen($baseuri)), $match);
-$baseuri = $baseuri . $match[0];
-
-$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
+$server = $serverFactory->createServer(true, $baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
 	// GET must be allowed for e.g. showing images and allowing Zip downloads
 	if ($server->httpRequest->getMethod() !== 'GET') {
 		// If this is *not* a GET request we only allow access to public DAV from AJAX or when Server2Server is allowed
@@ -142,6 +141,8 @@
 
 $server->addPlugin($linkCheckPlugin);
 $server->addPlugin($filesDropPlugin);
+$server->addPlugin(new ChunkingV2Plugin(Server::get(ICacheFactory::class)));
+$server->addPlugin(new ChunkingPlugin());
 
 // allow setup of additional plugins
 $event = new BeforeSabrePubliclyLoadedEvent($server);

apps/dav/composer/composer/autoload_classmap.php

@@ -284,6 +284,7 @@
     'OCA\\DAV\\Files\\RootCollection' => $baseDir . '/../lib/Files/RootCollection.php',
     'OCA\\DAV\\Files\\Sharing\\FilesDropPlugin' => $baseDir . '/../lib/Files/Sharing/FilesDropPlugin.php',
     'OCA\\DAV\\Files\\Sharing\\PublicLinkCheckPlugin' => $baseDir . '/../lib/Files/Sharing/PublicLinkCheckPlugin.php',
+    'OCA\\DAV\\Files\\Sharing\\RootCollection' => $baseDir . '/../lib/Files/Sharing/RootCollection.php',
     'OCA\\DAV\\Listener\\ActivityUpdaterListener' => $baseDir . '/../lib/Listener/ActivityUpdaterListener.php',
     'OCA\\DAV\\Listener\\AddMissingIndicesListener' => $baseDir . '/../lib/Listener/AddMissingIndicesListener.php',
     'OCA\\DAV\\Listener\\AddressbookListener' => $baseDir . '/../lib/Listener/AddressbookListener.php',

apps/dav/composer/composer/autoload_static.php

@@ -299,6 +299,7 @@ class ComposerStaticInitDAV
         'OCA\\DAV\\Files\\RootCollection' => __DIR__ . '/..' . '/../lib/Files/RootCollection.php',
         'OCA\\DAV\\Files\\Sharing\\FilesDropPlugin' => __DIR__ . '/..' . '/../lib/Files/Sharing/FilesDropPlugin.php',
         'OCA\\DAV\\Files\\Sharing\\PublicLinkCheckPlugin' => __DIR__ . '/..' . '/../lib/Files/Sharing/PublicLinkCheckPlugin.php',
+        'OCA\\DAV\\Files\\Sharing\\RootCollection' => __DIR__ . '/..' . '/../lib/Files/Sharing/RootCollection.php',
         'OCA\\DAV\\Listener\\ActivityUpdaterListener' => __DIR__ . '/..' . '/../lib/Listener/ActivityUpdaterListener.php',
         'OCA\\DAV\\Listener\\AddMissingIndicesListener' => __DIR__ . '/..' . '/../lib/Listener/AddMissingIndicesListener.php',
         'OCA\\DAV\\Listener\\AddressbookListener' => __DIR__ . '/..' . '/../lib/Listener/AddressbookListener.php',

apps/dav/lib/Capabilities.php

@@ -17,12 +17,13 @@ public function __construct(
 	}
 
 	/**
-	 * @return array{dav: array{chunking: string, bulkupload?: string, absence-supported?: bool, absence-replacement?: bool}}
+	 * @return array{dav: array{chunking: string, public_shares_chunking: bool, bulkupload?: string, absence-supported?: bool, absence-replacement?: bool}}
 	 */
 	public function getCapabilities() {
 		$capabilities = [
 			'dav' => [
 				'chunking' => '1.0',
+				'public_shares_chunking' => true,
 			]
 		];
 		if ($this->config->getSystemValueBool('bulkupload.enabled', true)) {

apps/dav/lib/Connector/Sabre/Directory.php

@@ -13,7 +13,9 @@
 use OCA\DAV\Connector\Sabre\Exception\FileLocked;
 use OCA\DAV\Connector\Sabre\Exception\Forbidden;
 use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
+use OCA\DAV\Storage\PublicShareWrapper;
 use OCP\App\IAppManager;
+use OCP\Constants;
 use OCP\Files\FileInfo;
 use OCP\Files\Folder;
 use OCP\Files\ForbiddenException;
@@ -172,7 +174,19 @@ public function createDirectory($name) {
 	 * @throws \Sabre\DAV\Exception\ServiceUnavailable
 	 */
 	public function getChild($name, $info = null, ?IRequest $request = null, ?IL10N $l10n = null) {
-		if (!$this->info->isReadable()) {
+		$storage = $this->info->getStorage();
+		$allowDirectory = false;
+		if ($storage instanceof PublicShareWrapper) {
+			$share = $storage->getShare();
+			$allowDirectory =
+				// Only allow directories for file drops
+				($share->getPermissions() & Constants::PERMISSION_READ) !== Constants::PERMISSION_READ &&
+				// And only allow it for directories which are a direct child of the share root
+				$this->info->getId() === $share->getNodeId();
+		}
+
+		// For file drop we need to be allowed to read the directory with the nickname
+		if (!$allowDirectory && !$this->info->isReadable()) {
 			// avoid detecting files through this way
 			throw new NotFound();
 		}
@@ -198,6 +212,11 @@ public function getChild($name, $info = null, ?IRequest $request = null, ?IL10N
 		if ($info->getMimeType() === FileInfo::MIMETYPE_FOLDER) {
 			$node = new \OCA\DAV\Connector\Sabre\Directory($this->fileView, $info, $this->tree, $this->shareManager);
 		} else {
+			// In case reading a directory was allowed but it turns out the node was a not a directory, reject it now.
+			if (!$this->info->isReadable()) {
+				throw new NotFound();
+			}
+
 			$node = new File($this->fileView, $info, $this->shareManager, $request, $l10n);
 		}
 		if ($this->tree) {

apps/dav/lib/Connector/Sabre/FilesPlugin.php

@@ -720,15 +720,15 @@ private function getMetadataFileAccessRight(Node $node, string $userId): int {
 	 */
 	public function sendFileIdHeader($filePath, ?\Sabre\DAV\INode $node = null) {
 		// we get the node for the given $filePath here because in case of afterCreateFile $node is the parent folder
-		if (!$this->server->tree->nodeExists($filePath)) {
-			return;
-		}
-		$node = $this->server->tree->getNodeForPath($filePath);
-		if ($node instanceof Node) {
-			$fileId = $node->getFileId();
-			if (!is_null($fileId)) {
-				$this->server->httpResponse->setHeader('OC-FileId', $fileId);
+		try {
+			$node = $this->server->tree->getNodeForPath($filePath);
+			if ($node instanceof Node) {
+				$fileId = $node->getFileId();
+				if (!is_null($fileId)) {
+					$this->server->httpResponse->setHeader('OC-FileId', $fileId);
+				}
 			}
+		} catch (NotFound) {
 		}
 	}
 }

apps/dav/lib/Connector/Sabre/Principal.php

@@ -155,6 +155,11 @@ public function getPrincipalByPath($path) {
 				'uri' => 'principals/system/' . $name,
 				'{DAV:}displayname' => $this->languageFactory->get('dav')->t('Accounts'),
 			];
+		} elseif ($prefix === 'principals/shares') {
+			return [
+				'uri' => 'principals/shares/' . $name,
+				'{DAV:}displayname' => $name,
+			];
 		}
 		return null;
 	}

apps/dav/lib/Connector/Sabre/ServerFactory.php

@@ -8,18 +8,22 @@
 namespace OCA\DAV\Connector\Sabre;
 
 use OC\Files\View;
+use OC\KnownUser\KnownUserService;
 use OCA\DAV\AppInfo\PluginManager;
 use OCA\DAV\CalDAV\DefaultCalendarValidator;
+use OCA\DAV\CalDAV\Proxy\ProxyMapper;
 use OCA\DAV\DAV\CustomPropertiesBackend;
 use OCA\DAV\DAV\ViewOnlyPlugin;
 use OCA\DAV\Files\BrowserErrorPagePlugin;
+use OCA\DAV\Upload\CleanupService;
 use OCA\Theming\ThemingDefaults;
 use OCP\Accounts\IAccountManager;
 use OCP\App\IAppManager;
 use OCP\Comments\ICommentsManager;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
 use OCP\Files\IFilenameValidator;
+use OCP\Files\IRootFolder;
 use OCP\Files\Mount\IMountManager;
 use OCP\IConfig;
 use OCP\IDBConnection;
@@ -28,12 +32,14 @@
 use OCP\IPreview;
 use OCP\IRequest;
 use OCP\ITagManager;
+use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\SabrePluginEvent;
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTagObjectMapper;
 use Psr\Log\LoggerInterface;
 use Sabre\DAV\Auth\Plugin;
+use Sabre\DAV\SimpleCollection;
 
 class ServerFactory {
 
@@ -54,13 +60,22 @@ public function __construct(
 	/**
 	 * @param callable $viewCallBack callback that should return the view for the dav endpoint
 	 */
-	public function createServer(string $baseUri,
+	public function createServer(
+		bool $isPublicShare,
+		string $baseUri,
 		string $requestUri,
 		Plugin $authPlugin,
-		callable $viewCallBack): Server {
+		callable $viewCallBack,
+	): Server {
 		// Fire up server
-		$objectTree = new ObjectTree();
-		$server = new Server($objectTree);
+		if ($isPublicShare) {
+			$rootCollection = new SimpleCollection('root');
+			$tree = new CachingTree($rootCollection);
+		} else {
+			$rootCollection = null;
+			$tree = new ObjectTree();
+		}
+		$server = new Server($tree);
 		// Set URL explicitly due to reverse-proxy situations
 		$server->httpRequest->setUrl($requestUri);
 		$server->setBaseUri($baseUri);
@@ -81,7 +96,7 @@ public function createServer(string $baseUri,
 		$server->addPlugin(new RequestIdHeaderPlugin($this->request));
 
 		$server->addPlugin(new ZipFolderPlugin(
-			$objectTree,
+			$tree,
 			$this->logger,
 			$this->eventDispatcher,
 		));
@@ -101,7 +116,7 @@ public function createServer(string $baseUri,
 		}
 
 		// wait with registering these until auth is handled and the filesystem is setup
-		$server->on('beforeMethod:*', function () use ($server, $objectTree, $viewCallBack): void {
+		$server->on('beforeMethod:*', function () use ($server, $tree, $viewCallBack, $isPublicShare, $rootCollection): void {
 			// ensure the skeleton is copied
 			$userFolder = \OC::$server->getUserFolder();
 
@@ -115,15 +130,49 @@ public function createServer(string $baseUri,
 
 			// Create Nextcloud Dir
 			if ($rootInfo->getType() === 'dir') {
-				$root = new Directory($view, $rootInfo, $objectTree);
+				$root = new Directory($view, $rootInfo, $tree);
 			} else {
 				$root = new File($view, $rootInfo);
 			}
-			$objectTree->init($root, $view, $this->mountManager);
+
+			if ($isPublicShare) {
+				$userPrincipalBackend = new Principal(
+					\OCP\Server::get(IUserManager::class),
+					\OCP\Server::get(IGroupManager::class),
+					\OCP\Server::get(IAccountManager::class),
+					\OCP\Server::get(\OCP\Share\IManager::class),
+					\OCP\Server::get(IUserSession::class),
+					\OCP\Server::get(IAppManager::class),
+					\OCP\Server::get(ProxyMapper::class),
+					\OCP\Server::get(KnownUserService::class),
+					\OCP\Server::get(IConfig::class),
+					\OC::$server->getL10NFactory(),
+				);
+
+				// Mount the share collection at /public.php/dav/shares/<share token>
+				$rootCollection->addChild(new \OCA\DAV\Files\Sharing\RootCollection(
+					$root,
+					$userPrincipalBackend,
+					'principals/shares',
+				));
+
+				// Mount the upload collection at /public.php/dav/uploads/<share token>
+				$rootCollection->addChild(new \OCA\DAV\Upload\RootCollection(
+					$userPrincipalBackend,
+					'principals/shares',
+					\OCP\Server::get(CleanupService::class),
+					\OCP\Server::get(IRootFolder::class),
+					\OCP\Server::get(IUserSession::class),
+					\OCP\Server::get(\OCP\Share\IManager::class),
+				));
+			} else {
+				/** @var ObjectTree $tree */
+				$tree->init($root, $view, $this->mountManager);
+			}
 
 			$server->addPlugin(
 				new FilesPlugin(
-					$objectTree,
+					$tree,
 					$this->config,
 					$this->request,
 					$this->previewManager,
@@ -143,16 +192,16 @@ public function createServer(string $baseUri,
 			));
 
 			if ($this->userSession->isLoggedIn()) {
-				$server->addPlugin(new TagsPlugin($objectTree, $this->tagManager, $this->eventDispatcher, $this->userSession));
+				$server->addPlugin(new TagsPlugin($tree, $this->tagManager, $this->eventDispatcher, $this->userSession));
 				$server->addPlugin(new SharesPlugin(
-					$objectTree,
+					$tree,
 					$this->userSession,
 					$userFolder,
 					\OCP\Server::get(\OCP\Share\IManager::class)
 				));
 				$server->addPlugin(new CommentPropertiesPlugin(\OCP\Server::get(ICommentsManager::class), $this->userSession));
 				$server->addPlugin(new FilesReportPlugin(
-					$objectTree,
+					$tree,
 					$view,
 					\OCP\Server::get(ISystemTagManager::class),
 					\OCP\Server::get(ISystemTagObjectMapper::class),
@@ -167,7 +216,7 @@ public function createServer(string $baseUri,
 					new \Sabre\DAV\PropertyStorage\Plugin(
 						new CustomPropertiesBackend(
 							$server,
-							$objectTree,
+							$tree,
 							$this->databaseConnection,
 							$this->userSession->getUser(),
 							\OCP\Server::get(DefaultCalendarValidator::class),