/python/php/sdk/google/appengine/ext/cloud_storage_streams/CloudStorageStreamWrapper.php

http://googleappengine.googlecode.com/ · PHP · 380 lines · 237 code · 44 blank · 99 comment · 35 complexity · 111e6adb064d7a43b1a746cd8ececaa1 MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright 2007 Google Inc.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6.  * you may not use this file except in compliance with the License.
    7. 

  7.  * You may obtain a copy of the License at
    8. 

  8.  *
    9. 

  9.  *     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  * Unless required by applicable law or agreed to in writing, software
    12. 

  12.  * distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.  * See the License for the specific language governing permissions and
    15. 

  15.  * limitations under the License.
    16. 

  16.  */
    17. 

  17. /**
    18. 

  18.  * A user space stream wrapper for reading and writing to Google Cloud Storage.
    19. 

  19.  *
    20. 

  20.  * See: http://www.php.net/manual/en/class.streamwrapper.php
    21. 

  21.  *
    22. 

  22.  */
    23. 

  23. 

  24. namespace google\appengine\ext\cloud_storage_streams;
    25. 

  25. 

  26. use google\appengine\api\cloud_storage\CloudStorageTools;
    27. 

  27. use google\appengine\util\ArrayUtil;
    28. 

  28. 

  29. /**
    30. 

  30.  * Allowed stream_context options.
    31. 

  31.  * "anonymous": Boolean, if set then OAuth tokens will not be generated.
    32. 

  32.  * "acl": The ACL to apply when creating an object.
    33. 

  33.  * "Content-Type": The content type of the object being written.
    34. 

  34.  */
    35. 

  35. final class CloudStorageStreamWrapper {
    36. 

  36. 

  37.   // The client instance that we're using to communicate with GS.
    38. 

  38.   private $client;
    39. 

  39. 

  40.   // Must be public according to PHP documents - We capture the contents when
    41. 

  41.   // constructing objects.
    42. 

  42.   public $context;
    43. 

  43. 

  44.   const STREAM_OPEN_FOR_INCLUDE = 0x80;
    45. 

  45. 

  46.   private static $valid_read_modes = ['r', 'rb', 'rt'];
    47. 

  47.   private static $valid_write_modes = ['w', 'wb', 'wt'];
    48. 

  48. 

  49.   /**
    50. 

  50.    * Constructs a new stream wrapper.
    51. 

  51.    */
    52. 

  52.   public function __construct() {
    53. 

  53.   }
    54. 

  54. 

  55.   /**
    56. 

  56.    * Destructs an existing stream wrapper.
    57. 

  57.    */
    58. 

  58.   public function __destruct() {
    59. 

  59.   }
    60. 

  60. 

  61.   /**
    62. 

  62.    * Close an open directory handle.
    63. 

  63.    */
    64. 

  64.   public function dir_closedir() {
    65. 

  65.     assert(isset($this->client));
    66. 

  66.     $this->client->close();
    67. 

  67.     $this->client = null;
    68. 

  68.   }
    69. 

  69. 

  70.   /**
    71. 

  71.    * Open a directory handle.
    72. 

  72.    */
    73. 

  73.   public function dir_opendir($path, $options) {
    74. 

  74.     if (!CloudStorageTools::parseFilename($path, $bucket, $object)) {
    75. 

  75.       trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    76. 

  76.                     E_USER_ERROR);
    77. 

  77.       return false;
    78. 

  78.     }
    79. 

  79. 

  80.     // Assume opening root directory if no object name is specified in path.
    81. 

  81.     if (!isset($object)) {
    82. 

  82.       $object = "/";
    83. 

  83.     }
    84. 

  84. 

  85.     $this->client = new CloudStorageDirectoryClient($bucket,
    86. 

  86.                                                     $object,
    87. 

  87.                                                     $this->context);
    88. 

  88.     return $this->client->initialise();
    89. 

  89.   }
    90. 

  90. 

  91.   /**
    92. 

  92.    * Read entry from the directory handle.
    93. 

  93.    *
    94. 

  94.    * @return string representing the next filename, of false if there is no
    95. 

  95.    * next file.
    96. 

  96.    */
    97. 

  97.   public function dir_readdir() {
    98. 

  98.     assert(isset($this->client));
    99. 

  99.     return $this->client->dir_readdir();
    100. 

  100.   }
    101. 

  101. 

  102.   /**
    103. 

  103.    * Reset the output returned from dir_readdir.
    104. 

  104.    *
    105. 

  105.    * @return bool true if the stream can be rewound, false otherwise.
    106. 

  106.    */
    107. 

  107.   public function dir_rewinddir() {
    108. 

  108.     assert(isset($this->client));
    109. 

  109.     return $this->client->dir_rewinddir();
    110. 

  110.   }
    111. 

  111. 

  112.   public function mkdir($path, $mode, $options) {
    113. 

  113.     if (!CloudStorageTools::parseFilename($path, $bucket, $object) ||
    114. 

  114.         !isset($object)) {
    115. 

  115.       if (($options | STREAM_REPORT_ERRORS) != 0) {
    116. 

  116.         trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    117. 

  117.                       E_USER_ERROR);
    118. 

  118.       }
    119. 

  119.       return false;
    120. 

  120.     }
    121. 

  121.     $client = new CloudStorageDirectoryClient($bucket,
    122. 

  122.                                               $object,
    123. 

  123.                                               $this->context);
    124. 

  124.     return $client->mkdir($options);
    125. 

  125.   }
    126. 

  126. 

  127.   public function rmdir($path, $options) {
    128. 

  128.     if (!CloudStorageTools::parseFilename($path, $bucket, $object) ||
    129. 

  129.         !isset($object)) {
    130. 

  130.       if (($options | STREAM_REPORT_ERRORS) != 0) {
    131. 

  131.         trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    132. 

  132.                       E_USER_ERROR);
    133. 

  133.       }
    134. 

  134.       return false;
    135. 

  135.     }
    136. 

  136.     $client = new CloudStorageDirectoryClient($bucket,
    137. 

  137.                                               $object,
    138. 

  138.                                               $this->context);
    139. 

  139.     return $client->rmdir($options);
    140. 

  140.   }
    141. 

  141. 

  142.   /**
    143. 

  143.    * Rename a cloud storage object.
    144. 

  144.    *
    145. 

  145.    * @return TRUE if the object was renamed, FALSE otherwise
    146. 

  146.    */
    147. 

  147.   public function rename($from, $to) {
    148. 

  148.     if (!CloudStorageTools::parseFilename($from, $from_bucket, $from_object) ||
    149. 

  149.         !isset($from_object)) {
    150. 

  150.       trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $from),
    151. 

  151.                     E_USER_ERROR);
    152. 

  152.       return false;
    153. 

  153.     }
    154. 

  154.     if (!CloudStorageTools::parseFilename($to, $to_bucket, $to_object) ||
    155. 

  155.         !isset($to_object)) {
    156. 

  156.       trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $to),
    157. 

  157.                     E_USER_ERROR);
    158. 

  158.       return false;
    159. 

  159.     }
    160. 

  160. 

  161.     // If the file being renamed is an uploaded file being moved to an allowed
    162. 

  162.     // include bucket trigger a warning.
    163. 

  163.     $allowed_buckets = $this->getAllowedBuckets();
    164. 

  164.     foreach ($_FILES as $file) {
    165. 

  165.       if ($file['tmp_name'] == $from) {
    166. 

  166.         foreach ($allowed_buckets as $allowed_bucket) {
    167. 

  167.           // 5th character indicates start of bucket since it ignores 'gs://'.
    168. 

  168.           if (strpos($to, $allowed_bucket) === 5) {
    169. 

  169.             trigger_error(sprintf('Moving uploaded file (%s) to an allowed ' .
    170. 

  170.                                   'include bucket (%s) which may be ' .
    171. 

  171.                                   'vulnerable to local file inclusion (LFI).',
    172. 

  172.                                   $from, $allowed_bucket),
    173. 

  173.                           E_USER_WARNING);
    174. 

  174.             break 2;
    175. 

  175.           }
    176. 

  176.         }
    177. 

  177.       }
    178. 

  178.     }
    179. 

  179. 

  180.     $client = new CloudStorageRenameClient($from_bucket,
    181. 

  181.                                            $from_object,
    182. 

  182.                                            $to_bucket,
    183. 

  183.                                            $to_object,
    184. 

  184.                                            $this->context);
    185. 

  185.     return $client->rename();
    186. 

  186.   }
    187. 

  187. 

  188.   /**
    189. 

  189.    * Retrieve the underlaying resource of the stream, called in response to
    190. 

  190.    * stream_select().
    191. 

  191.    *
    192. 

  192.    * As GS streams have no underlying resource, we can only return false
    193. 

  193.    */
    194. 

  194.   public function stream_cast() {
    195. 

  195.     return false;
    196. 

  196.   }
    197. 

  197. 

  198.   /**
    199. 

  199.    * All resources that were locked, or allocated, by the wrapper should be
    200. 

  200.    * released.
    201. 

  201.    *
    202. 

  202.    * No value is returned.
    203. 

  203.    */
    204. 

  204.   public function stream_close() {
    205. 

  205.     assert(isset($this->client));
    206. 

  206.     $this->client->close();
    207. 

  207.     $this->client = null;
    208. 

  208.   }
    209. 

  209. 

  210.   /**
    211. 

  211.    * Tests for end-of-file on a file pointer.
    212. 

  212.    *
    213. 

  213.    * @return TRUE if the read/write position is at the end of the stream and if
    214. 

  214.    * no more data is available to be read, or FALSE otherwise
    215. 

  215.    */
    216. 

  216.   public function stream_eof() {
    217. 

  217.     assert(isset($this->client));
    218. 

  218.     return $this->client->eof();
    219. 

  219.   }
    220. 

  220. 

  221.   /**
    222. 

  222.    * Flushes the output.
    223. 

  223.    *
    224. 

  224.    * @return TRUE if the cached data was successfully stored (or if there was
    225. 

  225.    * no data to store), or FALSE if the data could not be stored.
    226. 

  226.    */
    227. 

  227.   public function stream_flush() {
    228. 

  228.     assert(isset($this->client));
    229. 

  229.     return $this->client->flush();
    230. 

  230.   }
    231. 

  231. 

  232.   public function stream_metadata($path, $option, $value) {
    233. 

  233.     return false;
    234. 

  234.   }
    235. 

  235. 

  236.   public function stream_open($path, $mode, $options, &$opened_path) {
    237. 

  237.     if (!CloudStorageTools::parseFilename($path, $bucket, $object) ||
    238. 

  238.         !isset($object)) {
    239. 

  239.       if (($options & STREAM_REPORT_ERRORS) != 0) {
    240. 

  240.         trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    241. 

  241.                 E_USER_ERROR);
    242. 

  242.       }
    243. 

  243.       return false;
    244. 

  244.     }
    245. 

  245. 

  246.     if (($options & self::STREAM_OPEN_FOR_INCLUDE) != 0) {
    247. 

  247.       $allowed_buckets = $this->getAllowedBuckets();
    248. 

  248.       $include_allowed = false;
    249. 

  249.       foreach ($allowed_buckets as $bucket_name) {
    250. 

  250.         // Check if the allowed bucket includes a path restriction and if so
    251. 

  251.         // separate the path from the bucket name.
    252. 

  252.         if (strpos($bucket_name, '/') !== false) {
    253. 

  253.           list($bucket_name, $object_path) = explode('/', $bucket_name, 2);
    254. 

  254.         }
    255. 

  255.         if ($bucket_name === $bucket) {
    256. 

  256.           // If a path restriction is set then ensure that the object either
    257. 

  257.           // starts with or is equal to the path.
    258. 

  258.           $include_allowed = !isset($object_path) ||
    259. 

  259.               (isset($object) && strpos($object, $object_path) === 1);
    260. 

  260.           break;
    261. 

  261.         }
    262. 

  262.       }
    263. 

  263.       if (!$include_allowed) {
    264. 

  264.         if (($options & STREAM_REPORT_ERRORS) != 0) {
    265. 

  265.           trigger_error(
    266. 

  266.               sprintf("Not allowed to include/require from bucket '%s'",
    267. 

  267.                       $bucket),
    268. 

  268.               E_USER_ERROR);
    269. 

  269.         }
    270. 

  270.         return false;
    271. 

  271.       }
    272. 

  272.     }
    273. 

  273. 

  274.     if (in_array($mode, self::$valid_read_modes)) {
    275. 

  275.       $this->client = new CloudStorageReadClient($bucket,
    276. 

  276.                                                  $object,
    277. 

  277.                                                  $this->context);
    278. 

  278.     } else if (in_array($mode, self::$valid_write_modes)) {
    279. 

  279.       $this->client = new CloudStorageWriteClient($bucket,
    280. 

  280.                                                   $object,
    281. 

  281.                                                   $this->context);
    282. 

  282.     } else {
    283. 

  283.       if (($options & STREAM_REPORT_ERRORS) != 0) {
    284. 

  284.         trigger_error(sprintf("Invalid mode: %s", $mode), E_USER_ERROR);
    285. 

  285.       }
    286. 

  286.       return false;
    287. 

  287.     }
    288. 

  288. 

  289.     return $this->client->initialize();
    290. 

  290.   }
    291. 

  291. 

  292.   /**
    293. 

  293.    * Read from a stream, return string of bytes.
    294. 

  294.    */
    295. 

  295.   public function stream_read($count) {
    296. 

  296.     assert(isset($this->client));
    297. 

  297.     return $this->client->read($count);
    298. 

  298.   }
    299. 

  299. 

  300.   public function stream_seek($offset, $whence) {
    301. 

  301.     assert(isset($this->client));
    302. 

  302.     return $this->client->seek($offset, $whence);
    303. 

  303.   }
    304. 

  304. 

  305.   public function stream_set_option($option, $arg1, $arg2) {
    306. 

  306.     assert(isset($this->client));
    307. 

  307.     return false;
    308. 

  308.   }
    309. 

  309. 

  310.   public function stream_stat() {
    311. 

  311.     assert(isset($this->client));
    312. 

  312.     return $this->client->stat();
    313. 

  313.   }
    314. 

  314. 

  315.   public function stream_tell() {
    316. 

  316.     assert(isset($this->client));
    317. 

  317.     return $this->client->tell();
    318. 

  318.   }
    319. 

  319. 

  320.   /**
    321. 

  321.    * Return the number of bytes written.
    322. 

  322.    */
    323. 

  323.   public function stream_write($data) {
    324. 

  324.     assert(isset($this->client));
    325. 

  325.     return $this->client->write($data);
    326. 

  326.   }
    327. 

  327. 

  328.   /**
    329. 

  329.    * Deletes a file. Called in response to unlink($filename).
    330. 

  330.    */
    331. 

  331.   public function unlink($path) {
    332. 

  332.     if (!CloudStorageTools::parseFilename($path, $bucket, $object) ||
    333. 

  333.         !isset($object)) {
    334. 

  334.       trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    335. 

  335.               E_USER_ERROR);
    336. 

  336.       return false;
    337. 

  337.     }
    338. 

  338. 

  339.     $this->client = new CloudStorageDeleteClient($bucket,
    340. 

  340.                                                  $object,
    341. 

  341.                                                  $this->context);
    342. 

  342.     return $this->client->delete();
    343. 

  343.   }
    344. 

  344. 

  345.   public function url_stat($path, $flags) {
    346. 

  346.     if (!CloudStorageTools::parseFilename($path, $bucket, $object)) {
    347. 

  347.       if (($flags & STREAM_URL_STAT_QUIET) != 0) {
    348. 

  348.         trigger_error(sprintf("Invalid Google Cloud Storage path: %s", $path),
    349. 

  349.                 E_USER_ERROR);
    350. 

  350.         return false;
    351. 

  351.       }
    352. 

  352.     }
    353. 

  353. 

  354.     $client = new CloudStorageUrlStatClient($bucket,
    355. 

  355.                                             $object,
    356. 

  356.                                             $this->context,
    357. 

  357.                                             $flags);
    358. 

  358.     return $client->stat();
    359. 

  359.   }
    360. 

  360. 

  361.   private function getAllowedBuckets() {
    362. 

  362.     static $allowed_buckets;
    363. 

  363. 

  364.     if (!isset($allowed_buckets)) {
    365. 

  365.       $allowed_buckets = explode(',', GAE_INCLUDE_GS_BUCKETS);
    366. 

  366.       $allowed_buckets = array_map('trim', $allowed_buckets);
    367. 

  367.       $allowed_bukcets = array_filter($allowed_buckets);
    368. 

  368.     }
    369. 

  369. 

  370.     return $allowed_buckets;
    371. 

  371.   }
    372. 

  372. 

  373.   public function getMetaData() {
    374. 

  374.     return $this->client->getMetaData();
    375. 

  375.   }
    376. 

  376. 

  377.   public function getContentType() {
    378. 

  378.     return $this->client->getContentType();
    379. 

  379.   }
    380. 

  380. }
    381.