Select Git revision
index.php 2.88 KiB
<?php
/* ======================================================================
*
* A P I F O R C I P A C K A G E S E R V E R
*
* GET /packages/[phase]/[ID]/[filename]
*
* ----------------------------------------------------------------------
* 2021-03-31 v0.0 <axel.hahn@iml.unibe.ch> init
* ======================================================================
*/
$bDebug=false;
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
require_once('../inc_functions.php');
$aConfig=require_once("../inc_config.php");
$lockfile=$aConfig['tmpdir'].'/used_hashes.txt';
$iMaxAge=$aConfig['maxage'];
// ----------------------------------------------------------------------
// MAIN
// ----------------------------------------------------------------------
_wd('Start: '.date('Y-m-d H:i:s').'<style>body{background:#eee; color:#456;}
.debug{background:#ddd; margin-bottom: 2px;}
</style>');
_wd('request uri is '.$_SERVER["REQUEST_URI"]);
_wd('<pre>GET: '.print_r($_GET, 1).'</pre>');
// verify hashed secret
$sMyHash=_checkAuth($aConfig['apikey'], $iMaxAge);
// if I am here then authentication was successful.
// limit to one time usage of a hash
if($aConfig['onetimesecret']){
if(_checkIfHashWasUsedAlready($lockfile, $sMyHash)) {
_quit('Access denied. The hashed was used already.', 403);
}
_cleanupLockdata($lockfile, $aConfig['maxlockfilesize'], $iMaxAge);
// first item must be unix ts followed by "-" char ... see
// _cleanupLockdata() to detect outdated data lines
file_put_contents($lockfile, date('U').'-'.date('Y-m-d__H:i:s').'-'.$sMyHash."\n", FILE_APPEND);
}
// ---------- SPLIT URL
$sRelfile=preg_replace('#^/packages#', '', $_SERVER["REQUEST_URI"]);
_wd('$sRelfile: '.$sRelfile);
// prevent going up a directory
if (strstr($sRelfile, '..')){
_quit('Bad request. Invalid access to [..].', 400);
}
$sMyFile=$aConfig['packagedir'].$sRelfile;
_wd('full path of file: '.$sMyFile);
// handle a requested directory
if (is_dir($sMyFile)){
if(!$aConfig['showdircontent']){
_quit('Filelisting is denied by config.', 403);
} else {
foreach( array_diff(scandir($sMyFile), array('.', '..')) as $sEntry){
echo filetype($sMyFile.'/'.$sEntry).':'.str_replace($aConfig['packagedir'], '_', $sEntry).PHP_EOL;
}
die();
}
}
if (!file_exists($sMyFile)){
_quit('File not found.', 404);
}
// let the webserver deliver a given file
header('X-Sendfile: ' . $sMyFile);
// ======================================================================