transloadit · mifi · Aug 9, 2023 · Aug 9, 2023 · Aug 9, 2023 · Aug 9, 2023
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -242,6 +242,7 @@ module.exports = {
         'packages/@uppy/utils/src/**/*.js',
         'packages/@uppy/vue/src/**/*.js',
         'packages/@uppy/webcam/src/**/*.js',
+        'packages/@uppy/webdav/src/**/*.js',
         'packages/@uppy/xhr-upload/src/**/*.js',
         'packages/@uppy/zoom/src/**/*.js',
       ],

diff --git a/packages/@uppy/companion/package.json b/packages/@uppy/companion/package.json
@@ -48,6 +48,7 @@
     "express-prom-bundle": "6.5.0",
     "express-request-id": "1.4.1",
     "express-session": "1.17.3",
+    "fast-xml-parser": "^4.2.7",
     "form-data": "^3.0.0",
     "got": "11",
     "grant": "5.4.21",
@@ -67,6 +68,7 @@
     "serialize-javascript": "^6.0.0",
     "tus-js-client": "^3.0.0",
     "validator": "^13.0.0",
+    "webdav": "^5.3.0",
     "ws": "8.8.1"
   },
   "devDependencies": {

diff --git a/packages/@uppy/companion/src/config/grant.js b/packages/@uppy/companion/src/config/grant.js
@@ -49,5 +49,16 @@ module.exports = () => {
       access_url: 'https://zoom.us/oauth/token',
       callback: '/zoom/callback',
     },
+    webdav: {
+      transport: 'session',
+      // use 'subdomain' for full domain (hostname) similar to mastodon:
+      // https://github.com/simov/grant/blob/6e0692dfdd83edbc4ee82629ba0fe8f986d5879d/config/oauth.json#L631
+      dynamic: ['subdomain'],
+      authorize_url: 'https://[subdomain]/apps/oauth2/authorize',
+      access_url: 'https://[subdomain]/apps/oauth2/api/v1/token',
+      scope: ['profile'],
+      oauth: 2,
+      callback: '/webdavOauth/callback',
+    },
   }
 }
diff --git a/packages/@uppy/companion/src/server/controllers/get.js b/packages/@uppy/companion/src/server/controllers/get.js
@@ -8,7 +8,7 @@ async function get (req, res) {
   const { provider } = req.companion
 
   async function getSize () {
-    return provider.size({ id, token: accessToken, query: req.query })
+    return provider.size({ id, token: accessToken, providerUserSession, query: req.query })
   }
 
   async function download () {

diff --git a/packages/@uppy/companion/src/server/provider/Provider.js b/packages/@uppy/companion/src/server/provider/Provider.js
@@ -8,11 +8,12 @@ class Provider {
    *
    * @param {{providerName: string, allowLocalUrls: boolean, providerGrantConfig?: object}} options
    */
-  constructor ({ allowLocalUrls, providerGrantConfig }) {
+  constructor ({ allowLocalUrls, providerGrantConfig, providerOptions }) {
     // Some providers might need cookie auth for the thumbnails fetched via companion
     this.needsCookieAuth = false
     this.allowLocalUrls = allowLocalUrls
     this.providerGrantConfig = providerGrantConfig
+    this.providerOptions = providerOptions
     return this
   }
 

diff --git a/packages/@uppy/companion/src/server/provider/index.js b/packages/@uppy/companion/src/server/provider/index.js
@@ -9,6 +9,8 @@ const facebook = require('./facebook')
 const onedrive = require('./onedrive')
 const unsplash = require('./unsplash')
 const zoom = require('./zoom')
+const webdavSimpleAuth = require('./webdav/WebdavSimpleAuthProvider')
+const webdavOauth = require('./webdav/WebdavOauthProvider')
 const { getURLBuilder } = require('../helpers/utils')
 const logger = require('../logger')
 const { getCredentialsResolver } = require('./credentials')
@@ -72,7 +74,9 @@ module.exports.getProviderMiddleware = (providers, grantConfig) => {
         req.companion.providerGrantConfig = providerGrantConfig
       }
 
-      req.companion.provider = new ProviderClass({ providerName, providerGrantConfig, allowLocalUrls })
+      const providerOptions = req.companion.options.providerOptions[providerName] || {}
+
+      req.companion.provider = new ProviderClass({ providerName, providerGrantConfig, providerOptions, allowLocalUrls })
       req.companion.providerClass = ProviderClass
     } else {
       logger.warn('invalid provider options detected. Provider will not be loaded', 'provider.middleware.invalid', req.id)
@@ -87,7 +91,9 @@ module.exports.getProviderMiddleware = (providers, grantConfig) => {
  * @returns {Record<string, typeof Provider>}
  */
 module.exports.getDefaultProviders = () => {
-  const providers = { dropbox, box, drive, facebook, onedrive, zoom, instagram, unsplash }
+  const providers = {
+    dropbox, box, drive, facebook, onedrive, zoom, instagram, unsplash, webdavOauth, webdavSimpleAuth,
+  }
 
   return providers
 }

diff --git a/packages/@uppy/companion/src/server/provider/webdav/WebdavOauthProvider.js b/packages/@uppy/companion/src/server/provider/webdav/WebdavOauthProvider.js
@@ -0,0 +1,92 @@
+// eslint-disable-next-line import/no-extraneous-dependencies
+const { XMLParser } = require('fast-xml-parser')
+
+const WebdavProvider = require('./common')
+const { getProtectedGot, validateURL } = require('../../helpers/request')
+
+const cloudTypePathMappings = {
+  nextcloud: {
+    manual_revoke_url: '/settings/user/security',
+  },
+  owncloud: {
+    manual_revoke_url: '/settings/personal?sectionid=security',
+  },
+}
+
+class WebdavOauth extends WebdavProvider {
+  constructor (options) {
+    super(options)
+    this.authProvider = WebdavOauth.authProvider
+  }
+
+  // for "grant"
+  static getExtraConfig () {
+    return {}
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  static grantDynamicToUserSession ({ grantDynamic }) {
+    return {
+      subdomain: grantDynamic.subdomain,
+    }
+  }
+
+  static get authProvider () {
+    return 'webdav'
+  }
+
+  #getBaseUrl ({ providerUserSession: { subdomain } }) {
+    const { protocol } = this.providerOptions
+
+    return `${protocol}://${subdomain}`
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  isAuthenticated ({ providerUserSession }) {
+    return providerUserSession.subdomain != null
+  }
+
+  async getUsername ({ token, providerUserSession }) {
+    const { allowLocalUrls } = this
+
+    const url = `${this.#getBaseUrl({ providerUserSession })}/ocs/v1.php/cloud/user`
+    if (!validateURL(url, allowLocalUrls)) {
+      throw new Error('invalid user url')
+    }
+
+    const response = await getProtectedGot({ url, blockLocalIPs: !allowLocalUrls }).get(url, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    }).text()
+
+    const parser = new XMLParser()
+    const data = parser.parse(response)
+    return data?.ocs?.data?.id
+  }
+
+  async getClient ({ username, token, providerUserSession }) {
+    const url = `${this.#getBaseUrl({ providerUserSession })}/remote.php/dav/files/${username}`
+
+    const { AuthType } = await import('webdav') // eslint-disable-line import/no-unresolved
+    return this.getClientHelper({
+      url,
+      authType: AuthType.Token,
+      token: {
+        access_token: token,
+        token_type: 'Bearer',
+      },
+    })
+  }
+
+  async logout ({ providerUserSession }) {
+    const { cloudType } = providerUserSession
+    const manual_revoke_url = cloudTypePathMappings[cloudType]?.manual_revoke_url
+    return {
+      revoked: false,
+      ...(manual_revoke_url && { manual_revoke_url: `${this.#getBaseUrl({ providerUserSession })}${manual_revoke_url}` }),
+    }
+  }
+}
+
+module.exports = WebdavOauth
diff --git a/packages/@uppy/companion/src/server/provider/webdav/WebdavSimpleAuthProvider.js b/packages/@uppy/companion/src/server/provider/webdav/WebdavSimpleAuthProvider.js
@@ -0,0 +1,79 @@
+const { validateURL } = require('../../helpers/request')
+const WebdavProvider = require('./common')
+const { ProviderUserError } = require('../error')
+const logger = require('../../logger')
+
+const defaultDirectory = '/'
+
+/**
+ * Adapter for WebDAV servers that support simple auth (non-OAuth).
+ */
+class WebdavSimpleAuthProvider extends WebdavProvider {
+  static get hasSimpleAuth () {
+    return true
+  }
+
+  async getUsername () { // eslint-disable-line class-methods-use-this
+    return null
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  isAuthenticated ({ providerUserSession }) {
+    return providerUserSession.webdavUrl != null
+  }
+
+  async getClient ({ providerUserSession }) {
+    const webdavUrl = providerUserSession?.webdavUrl
+    const { allowLocalUrls } = this
+    if (!validateURL(webdavUrl, allowLocalUrls)) {
+      throw new Error('invalid public link url')
+    }
+
+    const { AuthType } = await import('webdav') // eslint-disable-line import/no-unresolved
+
+    // Is this a nextcloud URL? e.g. https://example.com/s/kFy9Lek5sm928xP
+    // they have specific urls that we can identify
+    // todo not sure if this is the right way to support nextcloud and other webdavs
+    if (/\/s\/([^/]+)/.test(webdavUrl)) {
+      const [baseURL, publicLinkToken] = webdavUrl.split('/s/')
+
+      return this.getClientHelper({
+        url: `${baseURL.replace('/index.php', '')}/public.php/webdav/`,
+        authType: AuthType.Password,
+        username: publicLinkToken,
+        password: 'null',
+      })
+    }
+
+    // normal public WebDAV urls
+    return this.getClientHelper({
+      url: webdavUrl,
+      authType: AuthType.None,
+    })
+  }
+
+  async logout () { // eslint-disable-line class-methods-use-this
+    return { revoked: true }
+  }
+
+  async simpleAuth ({ requestBody }) {
+    try {
+      const providerUserSession = { webdavUrl: requestBody.form.webdavUrl }
+
+      const client = await this.getClient({ providerUserSession })
+      // call the list operation as a way to validate the url
+      await client.getDirectoryContents(defaultDirectory)
+
+      return providerUserSession
+    } catch (err) {
+      logger.error(err, 'provider.webdav.simpleAuth.error')
+      if (['ECONNREFUSED', 'ENOTFOUND'].includes(err.code)) {
+        throw new ProviderUserError({ message: 'Cannot connect to server' })
+      }
+      // todo report back to the user what actually went wrong
+      throw err
+    }
+  }
+}
+
+module.exports = WebdavSimpleAuthProvider
diff --git a/packages/@uppy/companion/src/server/provider/webdav/common.js b/packages/@uppy/companion/src/server/provider/webdav/common.js
@@ -0,0 +1,123 @@
+const Provider = require('../Provider')
+const logger = require('../../logger')
+const { getProtectedHttpAgent, validateURL } = require('../../helpers/request')
+const { ProviderApiError, ProviderAuthError } = require('../error')
+
+/**
+ * WebdavProvider base class provides implementations shared by simple and oauth providers
+ */
+class WebdavProvider extends Provider {
+  async getClientHelper ({ url, ...options }) {
+    const { allowLocalUrls } = this
+    if (!validateURL(url, allowLocalUrls)) {
+      throw new Error('invalid webdav url')
+    }
+    const { protocol } = new URL(url)
+    const HttpAgentClass = getProtectedHttpAgent({ protocol, blockLocalIPs: !allowLocalUrls })
+
+    const { createClient } = await import('webdav') // eslint-disable-line import/no-unresolved
+    return createClient(url, {
+      ...options,
+      [`${protocol}Agent`] : new HttpAgentClass(),
+    })
+  }
+
+  async getClient ({ username, token, providerUserSession }) { // eslint-disable-line no-unused-vars,class-methods-use-this
+    logger.error('call to getUsername is not implemented', 'provider.webdav.getUsername.error')
+    throw new Error('call to getUsername is not implemented')
+    // todo: use @returns to specify the return type
+    return this.getClientHelper() // eslint-disable-line
+  }
+
+  async getUsername ({ token, providerUserSession }) { // eslint-disable-line no-unused-vars,class-methods-use-this
+    logger.error('call to getUsername is not implemented', 'provider.webdav.getUsername.error')
+    throw new Error('call to getUsername is not implemented')
+  }
+
+  /** @protected */
+  // eslint-disable-next-line class-methods-use-this
+  isAuthenticated () {
+    throw new Error('Not implemented')
+  }
+
+  async list ({ directory, token, providerUserSession }) {
+    return this.withErrorHandling('provider.webdav.list.error', async () => {
+      // @ts-ignore
+      if (!this.isAuthenticated({ providerUserSession })) {
+        throw new ProviderAuthError()
+      }
+
+      const username = await this.getUsername({ token, providerUserSession })
+      const data = { username, items: [] }
+      const client = await this.getClient({ username, token, providerUserSession })
+
+      /** @type {any} */
+      const dir = await client.getDirectoryContents(directory || '/')
+
+      dir.forEach(item => {
+        const isFolder = item.type === 'directory'
+        const requestPath = encodeURIComponent(`${directory || ''}/${item.basename}`)
+        data.items.push({
+          isFolder,
+          id: requestPath,
+          name: item.basename,
+          requestPath, // TODO FIXME
+          modifiedDate: item.lastmod, // TODO FIXME: convert  'Tue, 04 Jul 2023 13:09:47 GMT' to  ISO 8601
+          ...(!isFolder && {
+            mimeType: item.mime,
+            size: item.size,
+            thumbnail: null,
+
+          }),
+        })
+      })
+
+      return data
+    })
+  }
+
+  async download ({ id, token, providerUserSession }) {
+    return this.withErrorHandling('provider.webdav.download.error', async () => {
+      // maybe we can avoid this by putting the username in front of the request path/id
+      const username = await this.getUsername({ token, providerUserSession })
+      const client = await this.getClient({ username, token, providerUserSession })
+      const stream = client.createReadStream(`/${id}`)
+      return { stream }
+    })
+  }
+
+  // eslint-disable-next-line
+  async thumbnail ({ id, providerUserSession }) {
+    // not implementing this because a public thumbnail from webdav will be used instead
+    logger.error('call to thumbnail is not implemented', 'provider.webdav.thumbnail.error')
+    throw new Error('call to thumbnail is not implemented')
+  }
+
+  // todo fixme implement
+  // eslint-disable-next-line
+  async size ({ id, token, providerUserSession }) {
+    return this.withErrorHandling('provider.webdav.size.error', async () => {
+      const username = await this.getUsername({ token, providerUserSession })
+      const client = await this.getClient({ username, token, providerUserSession })
+      const stat = await client.stat(id)
+      return stat.size
+    })
+  }
+
+  // eslint-disable-next-line class-methods-use-this
+  async withErrorHandling (tag, fn) {
+    try {
+      return await fn()
+    } catch (err) {
+      let err2 = err
+      if (err.status === 401) err2 = new ProviderAuthError()
+      if (err.response) {
+        err2 = new ProviderApiError('WebDAV API error', err.status) // todo improve (read err?.response?.body readable stream and parse response)
+      }
+      logger.error(err2, tag)
+      throw err2
+    }
+  }
+}
+
+module.exports = WebdavProvider