Skip to content

Make use of session middleware in remaining controllers #4290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
juliusknorr merged 6 commits into from
Jun 24, 2023
Merged

Make use of session middleware in remaining controllers #4290

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f5963e1
chore: Annotate controller methods in routes.php
juliusknorr Jun 13, 2023
c9f252d
chore: Cleanup workspace controller
juliusknorr Jun 13, 2023
7471edc
chore: Refactor remaining controllers to make use of the session midd…
juliusknorr Jun 13, 2023
e549536
chore: Cleanup in direct editing backend
juliusknorr Jun 13, 2023
3b7877b
chore: Cleanup psalm baseline
juliusknorr Jun 13, 2023
84dd2d3
test(api): Try different approach of chaining api calls
juliusknorr Jun 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
chore: Refactor remaining controllers to make use of the session midd… 
…leware

Signed-off-by: Julius Härtl <[email protected]>
  • Loading branch information
@juliusknorr
juliusknorr committed Jun 23, 2023
commit 7471edcb8c3fb2b82c4f2539bcd3e7f15424ff72
3 changes: 2 additions & 1 deletion composer/composer/autoload_classmap.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,13 @@
'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
'OCA\\Text\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php',
'OCA\\Text\\Command\\ResetDocument' => $baseDir . '/../lib/Command/ResetDocument.php',
'OCA\\Text\\Controller\\ASessionAwareController' => $baseDir . '/../lib/Controller/ASessionAwareController.php',
'OCA\\Text\\Controller\\AttachmentController' => $baseDir . '/../lib/Controller/AttachmentController.php',
'OCA\\Text\\Controller\\ISessionAwareController' => $baseDir . '/../lib/Controller/ISessionAwareController.php',
'OCA\\Text\\Controller\\NavigationController' => $baseDir . '/../lib/Controller/NavigationController.php',
'OCA\\Text\\Controller\\PublicSessionController' => $baseDir . '/../lib/Controller/PublicSessionController.php',
'OCA\\Text\\Controller\\SessionController' => $baseDir . '/../lib/Controller/SessionController.php',
'OCA\\Text\\Controller\\SettingsController' => $baseDir . '/../lib/Controller/SettingsController.php',
'OCA\\Text\\Controller\\TSessionAwareController' => $baseDir . '/../lib/Controller/TSessionAwareController.php',
'OCA\\Text\\Controller\\UserApiController' => $baseDir . '/../lib/Controller/UserApiController.php',
'OCA\\Text\\Controller\\WorkspaceController' => $baseDir . '/../lib/Controller/WorkspaceController.php',
'OCA\\Text\\Cron\\Cleanup' => $baseDir . '/../lib/Cron/Cleanup.php',
Expand Down
3 changes: 2 additions & 1 deletion composer/composer/autoload_static.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,13 @@ class ComposerStaticInitText
'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
'OCA\\Text\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php',
'OCA\\Text\\Command\\ResetDocument' => __DIR__ . '/..' . '/../lib/Command/ResetDocument.php',
'OCA\\Text\\Controller\\ASessionAwareController' => __DIR__ . '/..' . '/../lib/Controller/ASessionAwareController.php',
'OCA\\Text\\Controller\\AttachmentController' => __DIR__ . '/..' . '/../lib/Controller/AttachmentController.php',
'OCA\\Text\\Controller\\ISessionAwareController' => __DIR__ . '/..' . '/../lib/Controller/ISessionAwareController.php',
'OCA\\Text\\Controller\\NavigationController' => __DIR__ . '/..' . '/../lib/Controller/NavigationController.php',
'OCA\\Text\\Controller\\PublicSessionController' => __DIR__ . '/..' . '/../lib/Controller/PublicSessionController.php',
'OCA\\Text\\Controller\\SessionController' => __DIR__ . '/..' . '/../lib/Controller/SessionController.php',
'OCA\\Text\\Controller\\SettingsController' => __DIR__ . '/..' . '/../lib/Controller/SettingsController.php',
'OCA\\Text\\Controller\\TSessionAwareController' => __DIR__ . '/..' . '/../lib/Controller/TSessionAwareController.php',
'OCA\\Text\\Controller\\UserApiController' => __DIR__ . '/..' . '/../lib/Controller/UserApiController.php',
'OCA\\Text\\Controller\\WorkspaceController' => __DIR__ . '/..' . '/../lib/Controller/WorkspaceController.php',
'OCA\\Text\\Cron\\Cleanup' => __DIR__ . '/..' . '/../lib/Cron/Cleanup.php',
Expand Down
25 changes: 0 additions & 25 deletions lib/Controller/ASessionAwareController.php
View file
Open in desktop

This file was deleted.

4 changes: 3 additions & 1 deletion lib/Controller/AttachmentController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
use OCA\Text\Exception\UploadException;
use OCA\Text\Middleware\Attribute\RequireDocumentSession;
use OCA\Text\Service\AttachmentService;
use OCP\AppFramework\ApiController;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
Expand All @@ -42,7 +43,8 @@
use OCP\Util;
use Psr\Log\LoggerInterface;

class AttachmentController extends ASessionAwareController {
class AttachmentController extends ApiController implements ISessionAwareController {
use TSessionAwareController;
public const IMAGE_MIME_TYPES = [
'image/png',
'image/jpeg',
Expand Down
13 changes: 13 additions & 0 deletions lib/Controller/ISessionAwareController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?php

namespace OCA\Text\Controller;

use OCA\Text\Db\Document;
use OCA\Text\Db\Session;

interface ISessionAwareController {
public function getSession(): Session;
public function setSession(Session $session): void;
public function getDocument(): Document;
public function setDocument(Document $document): void;
}
62 changes: 31 additions & 31 deletions lib/Controller/PublicSessionController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@

namespace OCA\Text\Controller;

use OCA\Text\Middleware\Attribute\RequireDocumentSession;
use OCA\Text\Service\ApiService;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\PublicShareController;
use OCP\IRequest;
Expand All @@ -34,15 +37,19 @@
use OCP\Share\IManager as ShareManager;
use OCP\Share\IShare;

class PublicSessionController extends PublicShareController {
private ShareManager $shareManager;
private ?IShare $share;
private ApiService $apiService;
class PublicSessionController extends PublicShareController implements ISessionAwareController {
use TSessionAwareController;

public function __construct(string $appName, IRequest $request, ISession $session, ShareManager $shareManager, ApiService $apiService) {
private IShare $share;

public function __construct(
string $appName,
IRequest $request,
ISession $session,
private ShareManager $shareManager,
private ApiService $apiService
) {
parent::__construct($appName, $request, $session);
$this->shareManager = $shareManager;
$this->apiService = $apiService;
}

protected function getPasswordHash(): string {
Expand All @@ -62,43 +69,36 @@ protected function isPasswordProtected(): bool {
return $this->share->getPassword() !== null;
}

/**
* @NoAdminRequired
* @PublicPage
*/
#[NoAdminRequired]
#[PublicPage]
public function create(string $token, string $file = null, $guestName = null): DataResponse {
return $this->apiService->create(null, $file, $token, $guestName);
}

/**
* @NoAdminRequired
* @PublicPage
*/
#[NoAdminRequired]
#[PublicPage]
public function close(int $documentId, int $sessionId, string $sessionToken): DataResponse {
return $this->apiService->close($documentId, $sessionId, $sessionToken);
}

/**
* @NoAdminRequired
* @PublicPage
*/
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
public function push(int $documentId, int $sessionId, string $sessionToken, int $version, array $steps, string $awareness, string $token): DataResponse {
return $this->apiService->push($documentId, $sessionId, $sessionToken, $version, $steps, $awareness, $token);
return $this->apiService->push($this->getSession(), $this->getDocument(), $version, $steps, $awareness, $token);
}

/**
* @NoAdminRequired
* @PublicPage
*/
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
public function sync(string $token, int $documentId, int $sessionId, string $sessionToken, int $version = 0, string $autosaveContent = null, string $documentState = null, bool $force = false, bool $manualSave = false): DataResponse {
return $this->apiService->sync($documentId, $sessionId, $sessionToken, $version, $autosaveContent, $documentState, $force, $manualSave, $token);
return $this->apiService->sync($this->getSession(), $this->getDocument(), $version, $autosaveContent, $documentState, $force, $manualSave, $token);
}

/**
* @NoAdminRequired
* @PublicPage
*/
public function updateSession(int $documentId, int $sessionId, string $sessionToken, string $guestName) {
return $this->apiService->updateSession($documentId, $sessionId, $sessionToken, $guestName);
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
public function updateSession(string $guestName) {
return $this->apiService->updateSession($this->getSession(), $guestName);
}
}
91 changes: 40 additions & 51 deletions lib/Controller/SessionController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,98 +25,87 @@

namespace OCA\Text\Controller;

use OCA\Text\Middleware\Attribute\RequireDocumentSession;
use OCA\Text\Service\ApiService;
use OCA\Text\Service\NotificationService;
use OCA\Text\Service\SessionService;
use OCP\AppFramework\Controller;
use OCP\AppFramework\ApiController;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
use OCP\IUser;
use OCP\IUserManager;
use OCP\IUserSession;

class SessionController extends Controller {
private ApiService $apiService;
private SessionService $sessionService;
private NotificationService $notificationService;
private IUserManager $userManager;
private IUserSession $userSession;
class SessionController extends ApiController implements ISessionAwareController {
use TSessionAwareController;

private bool $restoreUser = false;
private ?IUser $userToRestore = null;

public function __construct(string $appName, IRequest $request, ApiService $apiService, SessionService $sessionService, NotificationService $notificationService, IUserManager $userManager, IUserSession $userSession) {
public function __construct(
string $appName,
IRequest $request,
private ApiService $apiService,
private SessionService $sessionService,
private NotificationService $notificationService,
private IUserManager $userManager,
private IUserSession $userSession) {
parent::__construct($appName, $request);
$this->apiService = $apiService;
$this->sessionService = $sessionService;
$this->notificationService = $notificationService;
$this->userManager = $userManager;
$this->userSession = $userSession;
}

/**
* @NoAdminRequired
*/
#[NoAdminRequired]
public function create(int $fileId = null, string $file = null): DataResponse {
return $this->apiService->create($fileId, $file, null, null);
}

/**
* @NoAdminRequired
* @PublicPage
*/
#[NoAdminRequired]
#[PublicPage]
public function close(int $documentId, int $sessionId, string $sessionToken): DataResponse {
return $this->apiService->close($documentId, $sessionId, $sessionToken);
}

/**
* @NoAdminRequired
* @PublicPage
*/
public function push(int $documentId, int $sessionId, string $sessionToken, int $version, array $steps, string $awareness): DataResponse {
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
public function push(int $version, array $steps, string $awareness): DataResponse {
try {
$this->loginSessionUser($documentId, $sessionId, $sessionToken);
return $this->apiService->push($documentId, $sessionId, $sessionToken, $version, $steps, $awareness);
$this->loginSessionUser();
return $this->apiService->push($this->getSession(), $this->getDocument(), $version, $steps, $awareness);
} finally {
$this->restoreSessionUser();
}
}

/**
* @NoAdminRequired
* @PublicPage
*/
public function sync(int $documentId, int $sessionId, string $sessionToken, int $version = 0, string $autosaveContent = null, string $documentState = null, bool $force = false, bool $manualSave = false): DataResponse {
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
public function sync(int $version = 0, string $autosaveContent = null, string $documentState = null, bool $force = false, bool $manualSave = false): DataResponse {
try {
$this->loginSessionUser($documentId, $sessionId, $sessionToken);
return $this->apiService->sync($documentId, $sessionId, $sessionToken, $version, $autosaveContent, $documentState, $force, $manualSave);
$this->loginSessionUser();
return $this->apiService->sync($this->getSession(), $this->getDocument(), $version, $autosaveContent, $documentState, $force, $manualSave);
} finally {
$this->restoreSessionUser();
}
}

/**
* @NoAdminRequired
* @PublicPage
* @UserRateThrottle(limit=5, period=120)
*/
public function mention(int $documentId, int $sessionId, string $sessionToken, string $mention): DataResponse {
if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) {
#[NoAdminRequired]
#[PublicPage]
#[RequireDocumentSession]
#[UserRateLimit(limit: 5, period: 120)]
public function mention(string $mention): DataResponse {
if ($this->getSession()->getUserId() === null && !$this->sessionService->isUserInDocument($this->getDocument()->getId(), $mention)) {
return new DataResponse([], 403);
}

$currentSession = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);

if ($currentSession->getUserId() === null && !$this->sessionService->isUserInDocument($documentId, $mention)) {
return new DataResponse([], 403);
}

return new DataResponse($this->notificationService->mention($documentId, $mention));
return new DataResponse($this->notificationService->mention($this->getDocument()->getId(), $mention));
}

private function loginSessionUser(int $documentId, int $sessionId, string $sessionToken) {
$currentSession = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
if ($currentSession !== null && !$this->userSession->isLoggedIn()) {
private function loginSessionUser() {
$currentSession = $this->getSession();
if (!$this->userSession->isLoggedIn()) {
$user = $this->userManager->get($currentSession->getUserId());
if ($user !== null) {
$this->restoreUser = true;
Expand Down
7 changes: 3 additions & 4 deletions lib/Controller/SettingsController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
use OCA\Text\AppInfo\Application;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\IConfig;
use OCP\IRequest;
Expand All @@ -46,16 +47,14 @@ public function __construct($appName, IRequest $request, IConfig $config, $userI
}

/**
* @NoAdminRequired
* @param string $key
* @param string $value
* @return DataResponse
* @throws \OCP\PreConditionNotMetException
*/
#[NoAdminRequired]
public function updateConfig(string $key, $value) {
if (!in_array($key, self::ACCEPTED_KEYS, true)) {
return new DataResponse(['message' => 'Invalid config key'], Http::STATUS_BAD_REQUEST);
}
/** @psalm-suppress PossiblyNullArgument */
$this->config->setUserValue($this->userId, Application::APP_NAME, $key, $value);
return new DataResponse([
$key => $value
Expand Down
39 changes: 39 additions & 0 deletions lib/Controller/TSessionAwareController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<?php

declare(strict_types=1);

namespace OCA\Text\Controller;

use OCA\Text\Db\Document;
use OCA\Text\Db\Session;
use OCA\Text\Exception\InvalidSessionException;

trait TSessionAwareController {
private ?Session $textSession = null;
private ?Document $document = null;

public function setSession(?Session $session): void {
$this->textSession = $session;
}

public function setDocument(?Document $document): void {
$this->document = $document;
}

public function getSession(): Session {
if ($this->textSession === null) {
throw new InvalidSessionException();
}

return $this->textSession;
}

public function getDocument(): Document {
if ($this->document === null) {
throw new InvalidSessionException();
}

return $this->document;
}

}
Loading