eeprom/public/index.php

414 lines
13 KiB
PHP
Raw Normal View History

2020-05-08 22:53:21 +00:00
<?php
namespace EEPROM;
2022-07-05 19:07:24 +00:00
require_once __DIR__ . '/../eeprom.php';
2020-05-08 22:53:21 +00:00
$reqMethod = $_SERVER['REQUEST_METHOD'];
$reqPath = '/' . trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
header('X-Powered-By: EEPROM');
function eepromOriginAllowed(string $origin): bool {
$origin = mb_strtolower(parse_url($origin, PHP_URL_HOST));
if($origin === $_SERVER['HTTP_HOST'])
return true;
$allowed = Config::get('CORS', 'origins', []);
if(empty($allowed))
return true;
return in_array($origin, $allowed);
}
if($_SERVER['HTTP_HOST'] !== Config::get('Uploads', 'api_domain')) {
2020-05-08 22:53:21 +00:00
$reqMethod = 'GET'; // short domain is read only, prevent deleting
$reqPath = '/uploads/' . trim($reqPath, '/');
$isShortDomain = true;
}
if(!empty($_SERVER['HTTP_ORIGIN'])) {
if(!eepromOriginAllowed($_SERVER['HTTP_ORIGIN'])) {
http_response_code(403);
return;
}
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Vary: Origin');
}
if($reqMethod === 'OPTIONS') {
http_response_code(204);
if(isset($isShortDomain))
header('Access-Control-Allow-Methods: OPTIONS, GET');
else {
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: Authorization');
header('Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE');
}
return;
}
if(!isset($isShortDomain) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
$authParts = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
$authMethod = strval($authParts[0] ?? '');
$authToken = strval($authParts[1] ?? '');
2020-05-12 18:30:22 +00:00
$authClients = Config::get('Auth', 'clients', []);
foreach($authClients as $client) {
$client = new $client;
if($client->getName() !== $authMethod)
continue;
$authUserId = $client->verifyToken($authToken);
break;
2020-05-08 22:53:21 +00:00
}
if(isset($authUserId) && $authUserId > 0)
2022-07-06 16:58:40 +00:00
User::byId($db, $authUserId)->setActive();
2020-05-08 22:53:21 +00:00
}
if(preg_match('#^/uploads/([a-zA-Z0-9-_]{32})(\.t)?/?$#', $reqPath, $matches)) {
$getNormal = empty($matches[2]);
$getThumbnail = isset($matches[2]) && $matches[2] === '.t';
try {
2022-07-06 16:58:40 +00:00
$uploadInfo = Upload::byId($db, $matches[1]);
2020-05-08 22:53:21 +00:00
} catch(UploadNotFoundException $ex) {
http_response_code(404);
echo 'File not found.';
return;
}
if($uploadInfo->isDMCA()) {
http_response_code(451);
echo 'File is unavailable for copyright reasons.';
return;
}
if($uploadInfo->isDeleted() || $uploadInfo->hasExpired()) {
http_response_code(404);
echo 'File not found.';
return;
}
if($reqMethod === 'DELETE') {
if(!User::hasActive()) {
http_response_code(401);
return;
}
if(User::active()->isRestricted()
|| User::active()->getId() !== $uploadInfo->getUserId()) {
http_response_code(403);
return;
}
http_response_code(204);
2022-07-06 16:58:40 +00:00
$uploadInfo->delete($db, false);
2020-05-08 22:53:21 +00:00
return;
}
if(!is_file($uploadInfo->getPath())) {
http_response_code(404);
echo 'Data is missing.';
return;
}
if($getNormal) {
2022-07-06 16:58:40 +00:00
$uploadInfo->bumpAccess($db);
$uploadInfo->bumpExpiry($db);
2020-05-08 22:53:21 +00:00
}
$fileName = $uploadInfo->getName();
2020-05-08 22:53:21 +00:00
$contentType = $uploadInfo->getType();
if($contentType === 'application/octet-stream' || substr($contentType, 0, 5) === 'text/')
$contentType = 'text/plain';
$sourceDir = basename($getThumbnail ? PRM_THUMBS : PRM_UPLOADS);
if($getThumbnail && $uploadInfo->supportsThumbnail()) {
if(!is_file($uploadInfo->getThumbPath()))
$uploadInfo->createThumbnail();
$contentType = 'image/jpeg';
$fileName = pathinfo($fileName, PATHINFO_FILENAME) . '-thumb.jpg';
2020-05-08 22:53:21 +00:00
}
header(sprintf('X-Accel-Redirect: /%s/%s', $sourceDir, $uploadInfo->getId()));
header(sprintf('Content-Type: %s', $contentType));
header(sprintf('Content-Disposition: inline; filename="%s"', addslashes($fileName)));
2020-05-08 22:53:21 +00:00
return;
}
if(preg_match('#^/uploads/([a-zA-Z0-9-_]{32})\.json/?$#', $reqPath, $matches)) {
if(isset($isShortDomain)) {
http_response_code(404);
return;
}
try {
2022-07-06 16:58:40 +00:00
$uploadInfo = Upload::byId($db, $matches[1]);
2020-05-08 22:53:21 +00:00
} catch(UploadNotFoundException $ex) {
http_response_code(404);
return;
}
header('Content-Type: application/json; charset=utf-8');
echo json_encode($uploadInfo);
return;
}
2022-07-05 19:07:24 +00:00
if($reqPath === '/eeprom.js') {
2020-05-12 15:19:18 +00:00
header('Content-Type: application/javascript; charset=utf-8');
2022-07-05 19:07:24 +00:00
echo file_get_contents(PRM_ROOT . '/js/eeprom-v1.0.js');
return;
}
if($reqPath === '/test-v1.0.html' && PRM_DEBUG) {
header('Content-Type: text/html; charset=utf-8');
$cookie = htmlspecialchars((string)filter_input(INPUT_COOKIE, 'msz_auth'));
echo <<<TEST
<!doctype html>
<input type="file" id="-eeprom-file"/> <button id="-eeprom-abort">Abort</button> <progress id="-eeprom-progress" min="0" max="100" value="0"></progress> <span id="-eeprom-progress-done"></span> <span id="-eeprom-progress-total"></span><br/>
<div id="-eeprom-history"></div>
<script src="/eeprom.js" type="text/javascript"></script>
<script type="text/javascript">
var eFile = document.getElementById('-eeprom-file'),
eAbort = document.getElementById('-eeprom-abort'),
eProgress = document.getElementById('-eeprom-progress'),
eProgressD = document.getElementById('-eeprom-progress-done'),
eProgressT = document.getElementById('-eeprom-progress-total'),
eHistory = document.getElementById('-eeprom-history'),
eTask = undefined;
eAbort.onclick = function() {
if(eTask)
eTask.abort();
};
var eClient = new EEPROM(1, '/uploads', 'Misuzu {$cookie}');
eFile.onchange = function() {
var task = eTask = eClient.createUpload(this.files[0]);
task.onProgress = function(progressInfo) {
eProgress.value = progressInfo.progress;
eProgressD.textContent = progressInfo.loaded;
eProgressT.textContent = progressInfo.total;
};
task.onFailure = function(errorInfo) {
if(!errorInfo.userAborted) {
var errorText = 'Was unable to upload file.';
switch(errorInfo.error) {
case EEPROM.ERR_INVALID:
errorText = 'Upload request was invalid.';
break;
case EEPROM.ERR_AUTH:
errorText = 'Upload authentication failed, refresh and try again.';
break;
case EEPROM.ERR_ACCESS:
errorText = 'You\'re not allowed to upload files.';
break;
case EEPROM.ERR_GONE:
errorText = 'Upload client has a configuration error or the server is gone.';
break;
case EEPROM.ERR_DMCA:
errorText = 'This file has been uploaded before and was removed for copyright reasons, you cannot upload this file.';
break;
case EEPROM.ERR_SERVER:
errorText = 'Upload server returned a critical error, try again later.';
break;
case EEPROM.ERR_SIZE:
if(errorInfo.maxSize < 1)
errorText = 'Selected file is too large.';
else {
var _t = ['bytes', 'KB', 'MB', 'GB', 'TB'],
_i = parseInt(Math.floor(Math.log(errorInfo.maxSize) / Math.log(1024))),
_s = Math.round(errorInfo.maxSize / Math.pow(1024, _i), 2);
errorText = 'Upload may not be larger than %1 %2.'.replace('%1', _s).replace('%2', _t[_i]);
}
break;
}
alert(errorText);
}
};
task.onComplete = function(fileInfo) {
eTask = undefined;
var elem = document.createElement('div');
elem.id = fileInfo.id;
var link = document.createElement('a');
link.textContent = fileInfo.id;
link.href = fileInfo.url;
link.target = '_blank';
elem.appendChild(link);
elem.appendChild(document.createTextNode(' '));
var del = document.createElement('button');
del.textContent = 'Delete';
del.onclick = function() {
var dTask = eClient.deleteUpload(fileInfo);
dTask.onFailure = function(reason) {
alert('Delete failed: ' + reason);
};
dTask.onSuccess = function() {
eHistory.removeChild(elem);
};
dTask.start();
};
elem.appendChild(del);
elem.appendChild(document.createTextNode(' '));
var json = document.createElement('code');
json.textContent = JSON.stringify(fileInfo);
elem.appendChild(json);
eHistory.appendChild(elem);
};
task.start();
};
</script>
TEST;
2020-05-12 15:19:18 +00:00
return;
}
2020-05-08 22:53:21 +00:00
header('Content-Type: text/plain; charset=us-ascii');
2022-07-05 16:00:20 +00:00
if($reqPath === '/' || $reqPath === '/stats.json') {
2020-05-08 22:53:21 +00:00
$fileCount = 0;
$userCount = 0;
$totalSize = 0;
$uniqueTypes = 0;
2022-07-06 16:58:40 +00:00
$uploadStats = $db->query('SELECT COUNT(`upload_id`) AS `amount`, SUM(`upload_size`) AS `size`, COUNT(DISTINCT `upload_type`) AS `types` FROM `prm_uploads` WHERE `upload_deleted` IS NULL AND `upload_dmca` IS NULL');
if($uploadStats->next()) {
$fileCount = $uploadStats->getInteger(0);
$totalSize = $uploadStats->getInteger(1);
$uniqueTypes = $uploadStats->getInteger(2);
2020-05-08 22:53:21 +00:00
}
2022-07-06 16:58:40 +00:00
$userStats = $db->query('SELECT COUNT(`user_id`) AS `amount` FROM `prm_users` WHERE `user_restricted` IS NULL');
2020-05-08 22:53:21 +00:00
2022-07-06 16:58:40 +00:00
if($userStats->next())
$userCount = $userStats->getInteger(0);
2020-05-08 22:53:21 +00:00
2022-07-05 16:00:20 +00:00
if($reqPath === '/stats.json') {
2020-05-08 22:53:21 +00:00
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
2022-07-05 16:00:20 +00:00
'size' => $totalSize,
'files' => $fileCount,
'types' => $uniqueTypes,
'members' => $userCount,
2020-05-08 22:53:21 +00:00
]);
return;
}
2022-07-05 16:00:20 +00:00
header('Content-Type: text/html; charset=utf-8');
header('X-Accel-Redirect: /index.html');
2020-05-08 22:53:21 +00:00
return;
}
if($reqPath === '/uploads') {
if($reqMethod !== 'POST') {
http_response_code(405);
return;
}
try {
2022-07-06 16:58:40 +00:00
$appInfo = Application::byId($db, filter_input(INPUT_POST, 'src', FILTER_VALIDATE_INT));
2020-05-08 22:53:21 +00:00
} catch(ApplicationNotFoundException $ex) {
http_response_code(404);
return;
}
if(!User::hasActive()) {
http_response_code(401);
return;
}
$userInfo = User::active();
if($userInfo->isRestricted()) {
http_response_code(403);
return;
}
if(empty($_FILES['file']['tmp_name']) || !is_file($_FILES['file']['tmp_name'])) {
http_response_code(400);
return;
}
$maxFileSize = $appInfo->getSizeLimit();
if($appInfo->allowSizeMultiplier())
$maxFileSize *= $userInfo->getSizeMultiplier();
$fileSize = filesize($_FILES['file']['tmp_name']);
if($_FILES['file']['size'] !== $fileSize || $fileSize > $maxFileSize) {
http_response_code(413);
header('Access-Control-Expose-Headers: X-EEPROM-Max-Size');
header('X-EEPROM-Max-Size: ' . $maxFileSize);
return;
}
$hash = hash_file('sha256', $_FILES['file']['tmp_name']);
2022-07-06 16:58:40 +00:00
$fileInfo = Upload::byHash($db, $hash);
2020-05-08 22:53:21 +00:00
if($fileInfo !== null) {
if($fileInfo->isDMCA()) {
http_response_code(451);
return;
}
if($fileInfo->getUserId() !== $userInfo->getId()
|| $fileInfo->getApplicationId() !== $appInfo->getId())
unset($fileInfo);
}
if(!empty($fileInfo)) {
if($fileInfo->isDeleted())
2022-07-06 16:58:40 +00:00
$fileInfo->restore($db);
2020-05-08 22:53:21 +00:00
} else {
try {
$fileInfo = Upload::create(
2022-07-06 16:58:40 +00:00
$db, $appInfo, $userInfo,
2020-05-08 22:53:21 +00:00
$_FILES['file']['name'],
mime_content_type($_FILES['file']['tmp_name']),
$fileSize, $hash,
$appInfo->getExpiry(), true
);
} catch(UploadCreationFailedException $ex) {
http_response_code(500);
return;
}
if(!move_uploaded_file($_FILES['file']['tmp_name'], $fileInfo->getPath())) {
http_response_code(500);
return;
}
}
http_response_code(201);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($fileInfo);
return;
}
http_response_code(404);