ObsidianJustSharePlease/server/public/share.php

128 lines
3 KiB
PHP
Raw Permalink Normal View History

2023-08-09 18:11:29 +02:00
<?php
2023-08-09 17:57:29 +02:00
2023-08-09 20:13:44 +02:00
switch ($_SERVER["REQUEST_METHOD"]) {
case "GET":
2023-08-11 17:55:30 +02:00
handle_get();
2023-08-09 20:13:44 +02:00
break;
case "POST":
2023-08-11 17:55:30 +02:00
handle_post();
2023-08-09 20:13:44 +02:00
break;
2023-08-10 19:47:55 +02:00
case "PATCH":
2023-08-11 17:55:30 +02:00
handle_patch();
break;
2023-08-09 20:13:44 +02:00
case "DELETE":
2023-08-11 17:55:30 +02:00
handle_delete();
2023-08-09 20:13:44 +02:00
break;
2023-08-11 19:01:10 +02:00
default:
http_response_code(405);
echo "Unsupported method";
2023-08-09 20:13:44 +02:00
}
2023-08-10 19:47:55 +02:00
2023-08-11 17:55:30 +02:00
function handle_get(): void {
parse_str($_SERVER["QUERY_STRING"], $query);
$content = file_get_contents(get_markdown_path($query["id"]));
2023-08-11 19:01:10 +02:00
if ($content === false) {
2023-08-11 17:55:30 +02:00
http_response_code(404);
echo "Not found";
return;
}
echo $content;
}
function handle_post(): void {
$content = get_markdown_content();
2023-08-11 19:01:10 +02:00
if ($content === null)
2023-08-11 17:55:30 +02:00
return;
try {
// generate id and deletion/edit password
$id = bin2hex(random_bytes(4));
$password = bin2hex(random_bytes(16));
} catch (Exception $e) {
http_response_code(500);
echo $e->getMessage();
return;
}
$meta = json_encode([
"id" => $id,
2023-08-11 19:01:10 +02:00
"password" => $password
2023-08-11 17:55:30 +02:00
]);
// store markdown and metadata in data path
file_put_contents(get_markdown_path($id), $content);
file_put_contents(get_meta_path($id), $meta);
echo $meta;
}
function handle_patch(): void {
$info = get_patch_delete_info();
$content = get_markdown_content();
2023-08-11 19:01:10 +02:00
if (!$info || $content === null)
2023-08-11 17:55:30 +02:00
return;
[$id, $password] = $info;
if (!check_password($id, $password))
return;
file_put_contents(get_markdown_path($id), $content);
}
function handle_delete(): void {
$info = get_patch_delete_info();
if (!$info)
return;
[$id, $password] = $info;
if (!check_password($id, $password))
return;
// delete content and meta
unlink(get_markdown_path($id));
unlink(get_meta_path($id));
}
function check_password(string $id, string $password): bool {
$meta = json_decode(file_get_contents(get_meta_path($id)), true);
2023-08-11 19:01:10 +02:00
if ($password != $meta["password"]) {
2023-08-11 17:55:30 +02:00
http_response_code(401);
echo "Unauthorized";
return false;
}
return true;
}
function get_patch_delete_info(): ?array {
parse_str($_SERVER["QUERY_STRING"], $query);
$id = $query["id"];
$password = $_SERVER["HTTP_PASSWORD"];
if (!$id || !$password) {
http_response_code(400);
echo "No id or password";
return null;
}
return [$id, $password];
}
2023-08-11 19:01:10 +02:00
function get_markdown_content(): ?string {
2023-08-11 17:55:30 +02:00
$body = json_decode(file_get_contents("php://input"), true);
2023-08-11 19:01:10 +02:00
if (!array_key_exists("content", $body)) {
2023-08-11 17:55:30 +02:00
http_response_code(400);
echo "No content";
2023-08-11 19:01:10 +02:00
return null;
2023-08-11 17:55:30 +02:00
}
2023-08-11 19:01:10 +02:00
return $body["content"];
2023-08-11 17:55:30 +02:00
}
2023-08-10 19:47:55 +02:00
function get_markdown_path(string $id): string {
2023-08-18 13:03:03 +02:00
return get_id_base_path($id) . ".md";
2023-08-10 19:47:55 +02:00
}
function get_meta_path(string $id): string {
2023-08-18 13:03:03 +02:00
return get_id_base_path($id) . ".json";
2023-08-10 19:47:55 +02:00
}
2023-08-18 13:03:03 +02:00
function get_id_base_path(string $id): string {
// ensure id can't be used to traverse into other directories
return dirname(getcwd()) . "/data/" . basename($id);
2023-08-10 19:47:55 +02:00
}