forked from prasathmani/tinyfilemanager
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjoyee-bridge.php
More file actions
118 lines (92 loc) · 3.47 KB
/
Copy pathjoyee-bridge.php
File metadata and controls
118 lines (92 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
/**
* Joyee Bridge for Tiny File Manager API.
*
* This endpoint is for clients that cannot send custom HTTP headers.
* It uses a separate bridge key and maps requests internally to api.core.php
* by setting X-TFM-API-Key on the server side.
*
* Use only over HTTPS.
*/
header('Content-Type: application/json; charset=utf-8');
function joyee_bridge_error($message, $status = 400, $extra = array())
{
http_response_code($status);
echo json_encode(array(
'ok' => false,
'data' => array_merge(array('error' => $message), $extra),
), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);
exit;
}
$bridge_config_file = __DIR__ . '/joyee-bridge.config.php';
if (!is_file($bridge_config_file)) {
joyee_bridge_error('Joyee bridge config is missing.', 500);
}
require $bridge_config_file;
if (empty($joyee_bridge_enabled)) {
joyee_bridge_error('Joyee bridge is disabled.', 403);
}
if (empty($joyee_bridge_key) || empty($joyee_api_token)) {
joyee_bridge_error('Joyee bridge is not configured.', 500);
}
if (empty($joyee_bridge_root_path)) {
joyee_bridge_error('Joyee bridge root path is not configured.', 500);
}
$joyee_bridge_root_path = (string) $joyee_bridge_root_path;
if (!is_dir($joyee_bridge_root_path)) {
if (!mkdir($joyee_bridge_root_path, 0775, true)) {
joyee_bridge_error('Unable to create Joyee bridge root path.', 500);
}
}
if (!is_writable($joyee_bridge_root_path)) {
joyee_bridge_error('Joyee bridge root path is not writable.', 500);
}
if (hash_equals((string) $joyee_bridge_key, (string) $joyee_api_token)) {
joyee_bridge_error('Bridge key must be different from API token.', 500);
}
$provided_bridge_key = isset($_GET['bridge_key']) ? (string) $_GET['bridge_key'] : '';
if ($provided_bridge_key === '') {
joyee_bridge_error('Missing bridge key.', 401);
}
if (!hash_equals((string) $joyee_bridge_key, $provided_bridge_key)) {
joyee_bridge_error('Invalid bridge key.', 401);
}
unset($_GET['bridge_key']);
unset($_REQUEST['bridge_key']);
$action = isset($_GET['action']) ? strtolower(trim((string) $_GET['action'])) : 'ping';
$allowed_actions = isset($joyee_bridge_allowed_actions) && is_array($joyee_bridge_allowed_actions)
? $joyee_bridge_allowed_actions
: array('ping', 'list', 'stat', 'read', 'write', 'mkdir', 'rename', 'move', 'copy', 'delete');
$allowed_actions = array_map('strtolower', $allowed_actions);
if (!in_array($action, $allowed_actions, true)) {
joyee_bridge_error('Action is not allowed through Joyee bridge.', 403, array(
'action' => $action,
));
}
// Force the whitelisted action path that api.core.php will consume first.
$_GET['action'] = $action;
$default_token_config = array(
'label' => 'Joyee Bridge API',
'role' => 'admin',
'root_path' => $joyee_bridge_root_path,
'capabilities' => array(
'list' => true,
'stat' => true,
'read' => true,
'write' => true,
'mkdir' => true,
'delete' => true,
'rename' => true,
'move' => true,
'copy' => true,
),
);
$joyee_token_config = isset($joyee_api_token_config) && is_array($joyee_api_token_config)
? array_merge($default_token_config, $joyee_api_token_config)
: $default_token_config;
$joyee_token_config['root_path'] = $joyee_bridge_root_path;
$api_extra_tokens = array(
(string) $joyee_api_token => $joyee_token_config,
);
$_SERVER['HTTP_X_TFM_API_KEY'] = (string) $joyee_api_token;
require __DIR__ . '/api.core.php';