"""Session represents one connection to Nextcloud. All related stuff for these live here.""" import builtins import pathlib import re import typing from abc import ABC, abstractmethod from base64 import b64encode from dataclasses import dataclass from enum import IntEnum from json import loads from os import environ from httpx import AsyncClient, Client, Headers, Limits, ReadTimeout, Request, Response from httpx import __version__ as httpx_version from starlette.requests import HTTPConnection from . import options from ._exceptions import ( NextcloudException, NextcloudExceptionNotFound, NextcloudExceptionNotModified, check_error, ) from ._misc import get_username_secret_from_headers class OCSRespond(IntEnum): """Special Nextcloud respond statuses for OCS calls.""" RESPOND_SERVER_ERROR = 996 RESPOND_UNAUTHORISED = 997 RESPOND_NOT_FOUND = 998 RESPOND_UNKNOWN_ERROR = 999 class ServerVersion(typing.TypedDict): """Nextcloud version information.""" major: int """Major version""" minor: int """Minor version""" micro: int """Micro version""" string: str """Full version in string format""" extended_support: bool """Indicates if the subscription has extended support""" @dataclass class RuntimeOptions: xdebug_session: str timeout: int | None timeout_dav: int | None _nc_cert: str | bool upload_chunk_v2: bool def __init__(self, **kwargs): self.xdebug_session = kwargs.get("xdebug_session", options.XDEBUG_SESSION) self.timeout = kwargs.get("npa_timeout", options.NPA_TIMEOUT) self.timeout_dav = kwargs.get("npa_timeout_dav", options.NPA_TIMEOUT_DAV) self._nc_cert = kwargs.get("npa_nc_cert", options.NPA_NC_CERT) self.upload_chunk_v2 = kwargs.get("chunked_upload_v2", options.CHUNKED_UPLOAD_V2) @property def nc_cert(self) -> str | bool: return self._nc_cert @dataclass class BasicConfig: endpoint: str dav_endpoint: str dav_url_suffix: str options: RuntimeOptions def __init__(self, **kwargs): full_nc_url = self._get_config_value("nextcloud_url", **kwargs) self.endpoint = full_nc_url.removesuffix("/index.php").removesuffix("/") self.dav_url_suffix = self._get_config_value("dav_url_suffix", raise_not_found=False, **kwargs) if not self.dav_url_suffix: self.dav_url_suffix = "remote.php/dav" self.dav_url_suffix = "/" + self.dav_url_suffix.strip("/") self.dav_endpoint = self.endpoint + self.dav_url_suffix self.options = RuntimeOptions(**kwargs) @staticmethod def _get_config_value(value_name: str, raise_not_found=True, **kwargs): if value_name in kwargs: return kwargs[value_name] value_name_upper = value_name.upper() if value_name_upper in environ: return environ[value_name_upper] if raise_not_found: raise ValueError(f"`{value_name}` is not found.") return None @dataclass class Config(BasicConfig): auth: tuple[str, str] = ("", "") def __init__(self, **kwargs): super().__init__(**kwargs) nc_auth_user = self._get_config_value("nc_auth_user", raise_not_found=False, **kwargs) nc_auth_pass = self._get_config_value("nc_auth_pass", raise_not_found=False, **kwargs) if nc_auth_user and nc_auth_pass: self.auth = (nc_auth_user, nc_auth_pass) @dataclass class AppConfig(BasicConfig): """Application configuration.""" aa_version: str """AppAPI version""" app_name: str """Application ID""" app_version: str """Application version""" app_secret: str """Application authentication secret""" def __init__(self, **kwargs): super().__init__(**kwargs) self.aa_version = self._get_config_value("aa_version", raise_not_found=False, **kwargs) if not self.aa_version: self.aa_version = "2.2.0" self.app_name = self._get_config_value("app_id", **kwargs) self.app_version = self._get_config_value("app_version", **kwargs) self.app_secret = self._get_config_value("app_secret", **kwargs) class NcSessionBase(ABC): adapter: AsyncClient | Client adapter_dav: AsyncClient | Client cfg: BasicConfig custom_headers: dict response_headers: Headers _user: str _capabilities: dict @abstractmethod def __init__(self, **kwargs): self._capabilities = {} self._user = kwargs.get("user", "") self.custom_headers = kwargs.get("headers", {}) self.limits = Limits(max_keepalive_connections=20, max_connections=20, keepalive_expiry=60.0) self.init_adapter() self.init_adapter_dav() self.response_headers = Headers() self._ocs_regexp = re.compile(r"/ocs/v[12]\.php/|/apps/groupfolders/") def init_adapter(self, restart=False) -> None: if getattr(self, "adapter", None) is None or restart: self.adapter = self._create_adapter() self.adapter.headers.update({"OCS-APIRequest": "true"}) if self.custom_headers: self.adapter.headers.update(self.custom_headers) if options.XDEBUG_SESSION: self.adapter.cookies.set("XDEBUG_SESSION", options.XDEBUG_SESSION) self._capabilities = {} def init_adapter_dav(self, restart=False) -> None: if getattr(self, "adapter_dav", None) is None or restart: self.adapter_dav = self._create_adapter(dav=True) if self.custom_headers: self.adapter_dav.headers.update(self.custom_headers) if options.XDEBUG_SESSION: self.adapter_dav.cookies.set("XDEBUG_SESSION", options.XDEBUG_SESSION) @abstractmethod def _create_adapter(self, dav: bool = False) -> AsyncClient | Client: pass # pragma: no cover @property def ae_url(self) -> str: """Return base url for the AppAPI endpoints.""" return "/ocs/v1.php/apps/app_api/api/v1" @property def ae_url_v2(self) -> str: """Return base url for the AppAPI endpoints(version 2).""" return "/ocs/v1.php/apps/app_api/api/v2" class NcSessionBasic(NcSessionBase, ABC): adapter: Client adapter_dav: Client def ocs( self, method: str, path: str, *, content: bytes | str | typing.Iterable[bytes] | typing.AsyncIterable[bytes] | None = None, json: dict | list | None = None, response_type: str | None = None, params: dict | None = None, files: dict | None = None, **kwargs, ): self.init_adapter() info = f"request: {method} {path}" nested_req = kwargs.pop("nested_req", False) try: response = self.adapter.request( method, path, content=content, json=json, params=params, files=files, **kwargs ) except ReadTimeout: raise NextcloudException(408, info=info) from None check_error(response, info) if response.status_code == 204: # NO_CONTENT return [] response_data = loads(response.text) if response_type == "json": return response_data ocs_meta = response_data["ocs"]["meta"] if ocs_meta["status"] != "ok": if ( not nested_req and ocs_meta["statuscode"] == 403 and str(ocs_meta["message"]).lower().find("password confirmation is required") != -1 ): self.adapter.close() self.init_adapter(restart=True) return self.ocs(method, path, **kwargs, content=content, json=json, params=params, nested_req=True) if ocs_meta["statuscode"] in (404, OCSRespond.RESPOND_NOT_FOUND): raise NextcloudExceptionNotFound(reason=ocs_meta["message"], info=info) if ocs_meta["statuscode"] == 304: raise NextcloudExceptionNotModified(reason=ocs_meta["message"], info=info) raise NextcloudException(status_code=ocs_meta["statuscode"], reason=ocs_meta["message"], info=info) return response_data["ocs"]["data"] def update_server_info(self) -> None: self._capabilities = self.ocs("GET", "/ocs/v1.php/cloud/capabilities") @property def capabilities(self) -> dict: if not self._capabilities: self.update_server_info() return self._capabilities["capabilities"] @property def nc_version(self) -> ServerVersion: if not self._capabilities: self.update_server_info() v = self._capabilities["version"] return ServerVersion( major=v["major"], minor=v["minor"], micro=v["micro"], string=v["string"], extended_support=v["extendedSupport"], ) @property def user(self) -> str: """Current user ID. Can be different from the login name.""" if isinstance(self, NcSession) and not self._user: # do not trigger for NextcloudApp self._user = self.ocs("GET", "/ocs/v1.php/cloud/user")["id"] return self._user def set_user(self, user_id: str) -> None: self._user = user_id def download2stream(self, url_path: str, fp, dav: bool = False, **kwargs): if isinstance(fp, str | pathlib.Path): with builtins.open(fp, "wb") as f: self.download2fp(url_path, f, dav, **kwargs) elif hasattr(fp, "write"): self.download2fp(url_path, fp, dav, **kwargs) else: raise TypeError("`fp` must be a path to file or an object with `write` method.") def _get_adapter_kwargs(self, dav: bool) -> dict[str, typing.Any]: if dav: return { "base_url": self.cfg.dav_endpoint, "timeout": self.cfg.options.timeout_dav, "event_hooks": {"request": [], "response": [self._response_event]}, } return { "base_url": self.cfg.endpoint, "timeout": self.cfg.options.timeout, "event_hooks": {"request": [self._request_event_ocs], "response": [self._response_event]}, } def _request_event_ocs(self, request: Request) -> None: str_url = str(request.url) if re.search(self._ocs_regexp, str_url) is not None: # this is OCS call request.url = request.url.copy_merge_params({"format": "json"}) request.headers["Accept"] = "application/json" def _response_event(self, response: Response) -> None: str_url = str(response.request.url) # we do not want ResponseHeaders for those two endpoints, as call to them can occur during DAV calls. for i in ("/ocs/v1.php/cloud/capabilities?format=json", "/ocs/v1.php/cloud/user?format=json"): if str_url.endswith(i): return self.response_headers = response.headers def download2fp(self, url_path: str, fp, dav: bool, params=None, **kwargs): adapter = self.adapter_dav if dav else self.adapter with adapter.stream("GET", url_path, params=params, headers=kwargs.get("headers")) as response: check_error(response) for data_chunk in response.iter_raw(chunk_size=kwargs.get("chunk_size", 5 * 1024 * 1024)): fp.write(data_chunk) class AsyncNcSessionBasic(NcSessionBase, ABC): adapter: AsyncClient adapter_dav: AsyncClient async def ocs( self, method: str, path: str, *, content: bytes | str | typing.Iterable[bytes] | typing.AsyncIterable[bytes] | None = None, json: dict | list | None = None, response_type: str | None = None, params: dict | None = None, files: dict | None = None, **kwargs, ): self.init_adapter() info = f"request: {method} {path}" nested_req = kwargs.pop("nested_req", False) try: response = await self.adapter.request( method, path, content=content, json=json, params=params, files=files, **kwargs ) except ReadTimeout: raise NextcloudException(408, info=info) from None check_error(response, info) if response.status_code == 204: # NO_CONTENT return [] response_data = loads(response.text) if response_type == "json": return response_data ocs_meta = response_data["ocs"]["meta"] if ocs_meta["status"] != "ok": if ( not nested_req and ocs_meta["statuscode"] == 403 and str(ocs_meta["message"]).lower().find("password confirmation is required") != -1 ): await self.adapter.aclose() self.init_adapter(restart=True) return await self.ocs( method, path, **kwargs, content=content, json=json, params=params, nested_req=True ) if ocs_meta["statuscode"] in (404, OCSRespond.RESPOND_NOT_FOUND): raise NextcloudExceptionNotFound(reason=ocs_meta["message"], info=info) if ocs_meta["statuscode"] == 304: raise NextcloudExceptionNotModified(reason=ocs_meta["message"], info=info) raise NextcloudException(status_code=ocs_meta["statuscode"], reason=ocs_meta["message"], info=info) return response_data["ocs"]["data"] async def update_server_info(self) -> None: self._capabilities = await self.ocs("GET", "/ocs/v1.php/cloud/capabilities") @property async def capabilities(self) -> dict: if not self._capabilities: await self.update_server_info() return self._capabilities["capabilities"] @property async def nc_version(self) -> ServerVersion: if not self._capabilities: await self.update_server_info() v = self._capabilities["version"] return ServerVersion( major=v["major"], minor=v["minor"], micro=v["micro"], string=v["string"], extended_support=v["extendedSupport"], ) @property async def user(self) -> str: """Current user ID. Can be different from the login name.""" if isinstance(self, AsyncNcSession) and not self._user: # do not trigger for NextcloudApp self._user = (await self.ocs("GET", "/ocs/v1.php/cloud/user"))["id"] return self._user def set_user(self, user: str) -> None: self._user = user async def download2stream(self, url_path: str, fp, dav: bool = False, **kwargs): if isinstance(fp, str | pathlib.Path): with builtins.open(fp, "wb") as f: await self.download2fp(url_path, f, dav, **kwargs) elif hasattr(fp, "write"): await self.download2fp(url_path, fp, dav, **kwargs) else: raise TypeError("`fp` must be a path to file or an object with `write` method.") def _get_adapter_kwargs(self, dav: bool) -> dict[str, typing.Any]: if dav: return { "base_url": self.cfg.dav_endpoint, "timeout": self.cfg.options.timeout_dav, "event_hooks": {"request": [], "response": [self._response_event]}, } return { "base_url": self.cfg.endpoint, "timeout": self.cfg.options.timeout, "event_hooks": {"request": [self._request_event_ocs], "response": [self._response_event]}, } async def _request_event_ocs(self, request: Request) -> None: str_url = str(request.url) if re.search(self._ocs_regexp, str_url) is not None: # this is OCS call request.url = request.url.copy_merge_params({"format": "json"}) request.headers["Accept"] = "application/json" async def _response_event(self, response: Response) -> None: str_url = str(response.request.url) # we do not want ResponseHeaders for those two endpoints, as call to them can occur during DAV calls. for i in ("/ocs/v1.php/cloud/capabilities?format=json", "/ocs/v1.php/cloud/user?format=json"): if str_url.endswith(i): return self.response_headers = response.headers async def download2fp(self, url_path: str, fp, dav: bool, params=None, **kwargs): adapter = self.adapter_dav if dav else self.adapter async with adapter.stream("GET", url_path, params=params, headers=kwargs.get("headers")) as response: check_error(response) async for data_chunk in response.aiter_raw(chunk_size=kwargs.get("chunk_size", 5 * 1024 * 1024)): fp.write(data_chunk) class NcSession(NcSessionBasic): cfg: Config def __init__(self, **kwargs): self.cfg = Config(**kwargs) super().__init__() def _create_adapter(self, dav: bool = False) -> AsyncClient | Client: return Client( follow_redirects=True, limits=self.limits, verify=self.cfg.options.nc_cert, **self._get_adapter_kwargs(dav), auth=self.cfg.auth, ) class AsyncNcSession(AsyncNcSessionBasic): cfg: Config def __init__(self, **kwargs): self.cfg = Config(**kwargs) super().__init__() def _create_adapter(self, dav: bool = False) -> AsyncClient | Client: return AsyncClient( follow_redirects=True, limits=self.limits, verify=self.cfg.options.nc_cert, **self._get_adapter_kwargs(dav), auth=self.cfg.auth, ) class NcSessionAppBasic(ABC): cfg: AppConfig _user: str adapter: AsyncClient | Client adapter_dav: AsyncClient | Client def __init__(self, **kwargs): self.cfg = AppConfig(**kwargs) super().__init__(**kwargs) def sign_check(self, request: HTTPConnection) -> str: headers = { "EX-APP-ID": request.headers.get("EX-APP-ID", ""), "EX-APP-VERSION": request.headers.get("EX-APP-VERSION", ""), "AUTHORIZATION-APP-API": request.headers.get("AUTHORIZATION-APP-API", ""), } empty_headers = [k for k, v in headers.items() if not v] if empty_headers: raise ValueError(f"Missing required headers:{empty_headers}") if headers["EX-APP-ID"] != self.cfg.app_name: raise ValueError(f"Invalid EX-APP-ID:{headers['EX-APP-ID']} != {self.cfg.app_name}") username, app_secret = get_username_secret_from_headers(headers) if app_secret != self.cfg.app_secret: raise ValueError(f"Invalid App secret:{app_secret} != {self.cfg.app_secret}") return username class NcSessionApp(NcSessionAppBasic, NcSessionBasic): cfg: AppConfig def _create_adapter(self, dav: bool = False) -> AsyncClient | Client: r = self._get_adapter_kwargs(dav) r["event_hooks"]["request"].append(self._add_auth) return Client( follow_redirects=True, limits=self.limits, verify=self.cfg.options.nc_cert, **r, headers={ "AA-VERSION": self.cfg.aa_version, "EX-APP-ID": self.cfg.app_name, "EX-APP-VERSION": self.cfg.app_version, "user-agent": f"ExApp/{self.cfg.app_name}/{self.cfg.app_version} (httpx/{httpx_version})", }, ) def _add_auth(self, request: Request): request.headers.update( {"AUTHORIZATION-APP-API": b64encode(f"{self._user}:{self.cfg.app_secret}".encode("UTF=8"))} ) class AsyncNcSessionApp(NcSessionAppBasic, AsyncNcSessionBasic): cfg: AppConfig def _create_adapter(self, dav: bool = False) -> AsyncClient | Client: r = self._get_adapter_kwargs(dav) r["event_hooks"]["request"].append(self._add_auth) return AsyncClient( follow_redirects=True, limits=self.limits, verify=self.cfg.options.nc_cert, **r, headers={ "AA-VERSION": self.cfg.aa_version, "EX-APP-ID": self.cfg.app_name, "EX-APP-VERSION": self.cfg.app_version, "User-Agent": f"ExApp/{self.cfg.app_name}/{self.cfg.app_version} (httpx/{httpx_version})", }, ) async def _add_auth(self, request: Request): request.headers.update( {"AUTHORIZATION-APP-API": b64encode(f"{self._user}:{self.cfg.app_secret}".encode("UTF=8"))} )