mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-09 05:39:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9299 from dragonchaser/thumbnailer-respect-secure-view

Browse Source 
Thumbnailer respect secure view
This commit is contained in:
Christian Richter
2024-06-04 16:26:25 +02:00
committed by GitHub
parent e1dcf47741 a145c36fd5
commit b3db1354ec
3 changed files with 41 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/prevent-thumbnailer-from-showing-secureview-previews.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: Don't show thumbnails for secureview shares
We have fixed a bug where thumbnails were shown for secureview shares.
https://github.com/owncloud/ocis/pull/9299
https://github.com/owncloud/ocis/issues/9249

42
services/thumbnails/pkg/service/grpc/v0/service.go
View File

@@ -116,11 +116,10 @@ func (g Thumbnail) GetThumbnail(ctx context.Context, req *thumbnailssvc.GetThumb
return nil
}
func (g Thumbnail) handleCS3Source(ctx context.Context, req *thumbnailssvc.GetThumbnailRequest) (string, error) {
src := req.GetCs3Source()
sRes, err := g.stat(src.GetPath(), src.GetAuthorization())
if err != nil {
return "", err
func (g Thumbnail) checkThumbnail(req *thumbnailssvc.GetThumbnailRequest, sRes *provider.StatResponse) (thumbnail.Request, error) {
tr := thumbnail.Request{}
if !sRes.GetInfo().GetPermissionSet().GetInitiateFileDownload() {
return tr, merrors.Forbidden(g.serviceID, "no download permission")
}
tType := thumbnail.GetExtForMime(sRes.GetInfo().GetMimeType())
@@ -129,11 +128,25 @@ func (g Thumbnail) handleCS3Source(ctx context.Context, req *thumbnailssvc.GetTh
}
tr, err := thumbnail.PrepareRequest(int(req.GetWidth()), int(req.GetHeight()), tType, sRes.GetInfo().GetChecksum().GetSum(), req.GetProcessor())
if err != nil {
return "", merrors.BadRequest(g.serviceID, err.Error())
return tr, merrors.BadRequest(g.serviceID, err.Error())
}
if key, exists := g.manager.CheckThumbnail(tr); exists {
return key, nil
if _, exists := g.manager.CheckThumbnail(tr); exists {
return tr, nil
}
return tr, nil
}
func (g Thumbnail) handleCS3Source(ctx context.Context, req *thumbnailssvc.GetThumbnailRequest) (string, error) {
src := req.GetCs3Source()
sRes, err := g.stat(src.GetPath(), src.GetAuthorization())
if err != nil {
return "", err
}
tr, err := g.checkThumbnail(req, sRes)
if err != nil {
return "", err
}
ctx = imgsource.ContextSetAuthorization(ctx, src.GetAuthorization())
@@ -206,19 +219,10 @@ func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.Ge
return "", err
}
tType := thumbnail.GetExtForMime(sRes.GetInfo().GetMimeType())
if tType == "" {
tType = req.GetThumbnailType().String()
}
tr, err := thumbnail.PrepareRequest(int(req.GetWidth()), int(req.GetHeight()), tType, sRes.GetInfo().GetChecksum().GetSum(), req.GetProcessor())
tr, err := g.checkThumbnail(req, sRes)
if err != nil {
return "", merrors.BadRequest(g.serviceID, err.Error())
return "", err
}
if key, exists := g.manager.CheckThumbnail(tr); exists {
return key, nil
}
if src.GetWebdavAuthorization() != "" {
ctx = imgsource.ContextSetAuthorization(ctx, src.GetWebdavAuthorization())
}

17
services/webdav/pkg/service/v0/service.go
View File

@@ -33,11 +33,6 @@ import (
"github.com/owncloud/ocis/v2/services/webdav/pkg/dav/requests"
)
func init() {
// register method with chi before any routing is set up
chi.RegisterMethod("REPORT")
}
var (
codesEnum = map[int]string{
http.StatusBadRequest: "Sabre\\DAV\\Exception\\BadRequest",
@@ -94,6 +89,10 @@ func NewService(opts ...Option) (Service, error) {
if svc.config.DisablePreviews {
svc.thumbnailsClient = nil
}
// register method with chi before any routing is set up
chi.RegisterMethod("REPORT")
m.Route(options.Config.HTTP.Root, func(r chi.Router) {
if !svc.config.DisablePreviews {
@@ -261,6 +260,8 @@ func (g Webdav) SpacesThumbnail(w http.ResponseWriter, r *http.Request) {
return
case http.StatusBadRequest:
renderError(w, r, errBadRequest(e.Detail))
case http.StatusForbidden:
renderError(w, r, errPermissionDenied(e.Detail))
default:
renderError(w, r, errInternalError(err.Error()))
}
@@ -354,6 +355,8 @@ func (g Webdav) Thumbnail(w http.ResponseWriter, r *http.Request) {
return
case http.StatusBadRequest:
renderError(w, r, errBadRequest(e.Detail))
case http.StatusForbidden:
renderError(w, r, errPermissionDenied(e.Detail))
default:
renderError(w, r, errInternalError(err.Error()))
}
@@ -531,6 +534,10 @@ func errBadRequest(msg string) *errResponse {
return newErrResponse(http.StatusBadRequest, msg)
}
func errPermissionDenied(msg string) *errResponse {
return newErrResponse(http.StatusForbidden, msg)
}
func errNotFound(msg string) *errResponse {
return newErrResponse(http.StatusNotFound, msg)
}