Split down middlewares and servers again.

core/src/core/src/pydio/Core/Http/Cli/CliServer.php

@@ -0,0 +1,36 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+
+namespace Pydio\Core\Http\Cli;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+
+class CliServer extends \Pydio\Core\Http\Server
+{
+    protected function stackMiddleWares()
+    {
+        $this->middleWares->push(array("Pydio\\Core\\Controller\\Controller", "registryActionMiddleware"));
+        $this->middleWares->push(array("Pydio\\Core\\Http\\Cli\\AuthCliMiddleware", "handleRequest"));
+        $this->topMiddleware = new CliMiddleware();
+        $this->middleWares->push(array($this->topMiddleware, "handleRequest"));
+    }
+}

core/src/core/src/pydio/Core/Http/Cli/Command.php

@@ -21,7 +21,6 @@
 namespace Pydio\Core\Http\Cli;
 
 defined('AJXP_EXEC') or die('Access not allowed');
-use Pydio\Core\Http\Server;
 use Symfony;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
@@ -82,7 +81,7 @@ protected function configure()
 
     protected function execute(InputInterface $input, OutputInterface $output)
     {
-        $server = new Server(Server::MODE_CLI);
+        $server = new CliServer();
         $server->registerCatchAll();
 
         $definitionsKeys = array_keys($this->getDefinition()->getOptions());

core/src/core/src/pydio/Core/Http/Middleware/AuthMiddleware.php

@@ -22,6 +22,7 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use Pydio\Authfront\Core\AbstractAuthFrontend;
+use Pydio\Authfront\Core\FrontendsLoader;
 use Pydio\Core\Exception\AuthRequiredException;
 use Pydio\Core\Exception\NoActiveWorkspaceException;
 use Pydio\Core\Exception\PydioException;
@@ -47,50 +48,25 @@ class AuthMiddleware
      */
     public static function handleRequest(\Psr\Http\Message\ServerRequestInterface &$requestInterface, \Psr\Http\Message\ResponseInterface &$responseInterface, callable $next = null){
 
-        if(AuthService::usersEnabled()){
-
-            PluginsService::getInstance()->initActivePlugins();
-            $frontends = PluginsService::getInstance()->getActivePluginsForType("authfront");
-            $index = 0;
-            /**
-             * @var AbstractAuthFrontend $frontendPlugin
-             */
-            foreach($frontends as $frontendPlugin){
-                if(!$frontendPlugin->isEnabled()) continue;
-                if(!method_exists($frontendPlugin, "tryToLogUser")){
-                    AJXP_Logger::error(__CLASS__, __FUNCTION__, "Trying to use an authfront plugin without tryToLogUser method. Wrongly initialized?");
-                    continue;
-                }
-                //$res = $frontendPlugin->tryToLogUser($httpVars, ($index == count($frontends)-1));
-                $isLast = ($index == count($frontends)-1);
-                $res = $frontendPlugin->tryToLogUser($requestInterface, $responseInterface, $isLast);
-                $index ++;
-                if($res) {
-                    if($responseInterface->getBody()->getSize() > 0 || $responseInterface->getStatusCode() != 200){
-                        // Do not go to the other middleware, return directly.
-                        return $responseInterface;
-                    }
-                    break;
-                }
-            }
-
+        $response = FrontendsLoader::frontendsAsAuthMiddlewares($requestInterface, $responseInterface);
+        if($response != null){
+            return $response;
         }
 
-        if(Server::$mode == Server::MODE_SESSION){
-            self::bootSessionServer($requestInterface);
-        }else{
-            self::bootRestServer($requestInterface);
-        }
+        self::bootSessionServer($requestInterface);
 
         try{
+
             ConfService::reloadServicesAndActivePlugins();
+
         }catch (NoActiveWorkspaceException $ex){
-            if(Server::$mode != Server::MODE_SESSION) throw $ex;
+
             $logged = AuthService::getLoggedUser();
             if($logged !== null) $lock = $logged->getLock();
             if(empty($lock)){
                 throw new AuthRequiredException();
             }
+
         }
 
         return Server::callNextMiddleWare($requestInterface, $responseInterface, $next);
@@ -108,8 +84,7 @@ protected static function bootSessionServer(ServerRequestInterface $request){
             ConfService::switchRootDir($_SESSION["SWITCH_BACK_REPO_ID"]);
             unset($_SESSION["SWITCH_BACK_REPO_ID"]);
         }
-
-
+
         if (AuthService::usersEnabled()) {
             $loggedUser = AuthService::getLoggedUser();
             if ($loggedUser != null) {
@@ -127,32 +102,4 @@ protected static function bootSessionServer(ServerRequestInterface $request){
 
     }
 
-    protected static function bootRestServer(ServerRequestInterface $request){
-
-        if(AuthService::getLoggedUser() == null){
-            header('HTTP/1.0 401 Unauthorized');
-            echo 'You are not authorized to access this API.';
-            exit;
-        }
-
-        $repoID = $request->getAttribute("repository_id");
-        if($repoID == 'pydio'){
-            ConfService::switchRootDir();
-            $repo = ConfService::getRepository();
-        }else{
-            $repo = ConfService::findRepositoryByIdOrAlias($repoID);
-            if ($repo == null) {
-                throw new WorkspaceNotFoundException($repoID);
-            }
-            if(!ConfService::repositoryIsAccessible($repo->getId(), $repo, AuthService::getLoggedUser(), false, true)){
-                header('HTTP/1.0 401 Unauthorized');
-                echo 'You are not authorized to access this workspace.';
-                exit;
-            }
-            ConfService::switchRootDir($repo->getId());
-        }
-
-    }
-
-
 }

core/src/core/src/pydio/Core/Http/Middleware/SapiMiddleware.php

@@ -23,7 +23,7 @@
 use \Psr\Http\Message\ServerRequestInterface;
 use \Psr\Http\Message\ResponseInterface;
 use Pydio\Core\Exception\PydioException;
-use Pydio\Core\Http\ApiRouter;
+use Pydio\Core\Http\Rest\ApiRouter;
 use Pydio\Core\Http\Response\SerializableResponseStream;
 use Pydio\Core\Http\Server;
 use Pydio\Core\Utils\Utils;
@@ -58,31 +58,7 @@ public function handleRequest(ServerRequestInterface $request, ResponseInterface
             }
         }
 
-        $serverData = $request->getServerParams();
-        if(Server::$mode == Server::MODE_REST){
-
-            $router = new ApiRouter([]);
-            if(!$router->route($request, $response)){
-                throw new PydioException("Could not find any endpoint for this URI");
-            }
-
-        }else{
-
-            if(isSet($params["get_action"])){
-                $action = $params["get_action"];
-            }else if(isSet($params["action"])){
-                $action = $params["action"];
-            }else if (preg_match('/MSIE 7/',$serverData['HTTP_USER_AGENT']) || preg_match('/MSIE 8/',$serverData['HTTP_USER_AGENT'])) {
-                $action = "get_boot_gui";
-            } else {
-                $action = (strpos($serverData["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping");
-            }
-            $request = $request
-                ->withAttribute("action", Utils::sanitize($action, AJXP_SANITIZE_EMAILCHARS))
-                ->withAttribute("api", "session")
-            ;
-
-        }
+        $this->parseRequestRouteAndParams($request, $response);
 
         $response = Server::callNextMiddleWare($request, $response, $next);
 
@@ -92,6 +68,26 @@ public function handleRequest(ServerRequestInterface $request, ResponseInterface
         $this->emitResponse($request, $response);
     }
 
+    protected function parseRequestRouteAndParams(ServerRequestInterface &$request, ResponseInterface &$responseInterface){
+
+        $serverData = $request->getServerParams();
+        $params = $request->getParsedBody();
+        if(isSet($params["get_action"])){
+            $action = $params["get_action"];
+        }else if(isSet($params["action"])){
+            $action = $params["action"];
+        }else if (preg_match('/MSIE 7/',$serverData['HTTP_USER_AGENT']) || preg_match('/MSIE 8/',$serverData['HTTP_USER_AGENT'])) {
+            $action = "get_boot_gui";
+        } else {
+            $action = (strpos($serverData["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping");
+        }
+        $request = $request
+            ->withAttribute("action", Utils::sanitize($action, AJXP_SANITIZE_EMAILCHARS))
+            ->withAttribute("api", "session")
+        ;
+
+    }
+
     public function emitResponse(ServerRequestInterface $request, ResponseInterface $response){
         if($response !== false && $response->getBody() && $response->getBody() instanceof SerializableResponseStream){
             /**

core/src/core/src/pydio/Core/Http/ApiRouter.php → core/src/core/src/pydio/Core/Http/Rest/ApiRouter.php

@@ -18,7 +18,7 @@
  *
  * The latest code can be found at <http://pyd.io/>.
  */
-namespace Pydio\Core\Http;
+namespace Pydio\Core\Http\Rest;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;

core/src/core/src/pydio/Core/Http/Rest/RestApiMiddleware.php

@@ -0,0 +1,42 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+namespace Pydio\Core\Http\Rest;
+
+use \Psr\Http\Message\ServerRequestInterface;
+use \Psr\Http\Message\ResponseInterface;
+use Pydio\Core\Exception\PydioException;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+
+class RestApiMiddleware extends \Pydio\Core\Http\Middleware\SapiMiddleware
+{
+
+    protected function parseRequestRouteAndParams(ServerRequestInterface &$request, ResponseInterface &$response){
+
+        $router = new ApiRouter([]);
+        if(!$router->route($request, $response)){
+            throw new PydioException("Could not find any endpoint for this URI");
+        }
+
+    }
+
+}

core/src/core/src/pydio/Core/Http/Rest/RestAuthMiddleware.php

@@ -0,0 +1,81 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+namespace Pydio\Core\Http\Rest;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Pydio\Authfront\Core\FrontendsLoader;
+use Pydio\Core\Exception\PydioException;
+use Pydio\Core\Exception\WorkspaceNotFoundException;
+use Pydio\Core\Http\Rest\RestServer;
+use Pydio\Core\Services\AuthService;
+use Pydio\Core\Services\ConfService;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+
+class RestAuthMiddleware
+{
+
+    /**
+     * @param ServerRequestInterface $requestInterface
+     * @param \Psr\Http\Message\ResponseInterface $responseInterface
+     * @return \Psr\Http\Message\ResponseInterface
+     * @param callable|null $next
+     * @throws PydioException
+     */
+    public static function handleRequest(\Psr\Http\Message\ServerRequestInterface &$requestInterface, \Psr\Http\Message\ResponseInterface &$responseInterface, callable $next = null){
+
+        $response = FrontendsLoader::frontendsAsAuthMiddlewares($requestInterface, $responseInterface);
+        if($response != null){
+            return $response;
+        }
+
+        if(AuthService::getLoggedUser() == null){
+            header('HTTP/1.0 401 Unauthorized');
+            echo 'You are not authorized to access this API.';
+            exit;
+        }
+
+        $repoID = $requestInterface->getAttribute("repository_id");
+        if($repoID == 'pydio'){
+            ConfService::switchRootDir();
+            ConfService::getRepository();
+        }else{
+            $repo = ConfService::findRepositoryByIdOrAlias($repoID);
+            if ($repo == null) {
+                throw new WorkspaceNotFoundException($repoID);
+            }
+            if(!ConfService::repositoryIsAccessible($repo->getId(), $repo, AuthService::getLoggedUser(), false, true)){
+                header('HTTP/1.0 401 Unauthorized');
+                echo 'You are not authorized to access this workspace.';
+                exit;
+            }
+            ConfService::switchRootDir($repo->getId());
+        }
+
+        ConfService::reloadServicesAndActivePlugins();
+
+        return RestServer::callNextMiddleWare($requestInterface, $responseInterface, $next);
+
+    }
+
+
+}