147 scan on update via events #160
Conversation
with this option set to true, you always got all the available php core functions as suggestion when doing -> on an object
|
In my test, this catched both, the client upload and the ui upload |
|
Did a test with compose ---
services:
nextcloud:
image: nextcloud:30.0
container_name: nextcloud
restart: unless-stopped
networks:
- cloud
depends_on:
- nextclouddb
- redis
ports:
- 8081:80
volumes:
- ./custom_apps:/var/www/html/custom_apps
- ./apps:/var/www/html/apps
- ./html:/var/www/html
- ./config:/var/www/html/config
- ./data:/var/www/html/data
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=dbpassword
- MYSQL_HOST=nextclouddb
- REDIS_HOST=redis
nextclouddb:
image: mariadb
container_name: nextcloud-db
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
networks:
- cloud
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_PASSWORD=dbpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
collabora:
image: collabora/code
container_name: collabora
restart: unless-stopped
networks:
- cloud
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- password=password
- username=nextcloud
- domain=example.com
- extra_params=--o:ssl.enable=true
ports:
- 9980:9980
redis:
image: redis:alpine
container_name: redis
volumes:
- ./redis:/data
networks:
- cloud
nginx-proxy:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginx-proxy
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
cloud:
name: cloud
driver: bridgeresulting in this when uploading
|
|
The HintException is used because that one of two ecxeptions that are not catched by the hook/event-system. Instead they get rethrown and cause the upload to fail. |
|
It also blocks for sync-clients
|
|
I will start implementing the virus scan tomorrow. |
|
The order of the relevant events is
But the behavior is still a bit weird from the users perspective because the UI upload (and the client too) do retries. So when you throw the exception there it will not immediately stop the upload. In the UI it just looks, like the upload takes forever before it is actually declined. This is basically the code-part where the events are emitted: |
|
It retries 4 times. |
|
This might be a better method. It hooks into the WebDav-Server. But will have to test if this also affects the inline editor/creator. https://github.com/nextcloud/files_downloadlimit/blob/master/lib/AppInfo/Application.php#L34C1-L35C1 |
|
The BeforeNodeCreateEvent will also not be emitted, when you update an existing file, like reupload the same file, so we have to listen on the BeforeNodeWrittenEvent. |
|
With the Sabre Plugin we can also return a proper error message.
|
|
Also shown in sync clients.
|
…error message is shown #TODO implement the virus check #TODO remove the FileEventsListener
|
This solution also does not work for files created with the inline editor. But it does work for overwriting a file. |
#TODO: remove the Sabre Server-Plugin stuff.
|
Ok. Last update for today. You can basically do the same thing without a plugin within the eventlistener. And with that you can also block editor files from beeing created. But without a specific error message, at least without any further investigation about that. I guess it would be better to not scan the file on beforeCreation beacuse its completely empty there.
@lennartdohmann I would like to work that out together with you on monday. On our dev-machine, there is already a version which deletes the Server-Plugin stuff and the AvirWrapper. |
|
@unglaublicherdude With the |
|
So still WIP |
weird because I tested that. The code you mention there is the one that should lead to ignoring the templates (all of them) , because it basically generates an array with all the files of the templates folder. Better solution, than to ignore the templates file by file. There are also examples in the scoper-repository, like this: |
Yes I noticed that. But something did not work on that, as you can see in the screenshot, with this scoper.inc.php the files are not ignored and a namespace was inserted. |
Co-authored-by: Matthias Simonis <[email protected]>
I just commited a working version again. |
unglaublicherdude
force-pushed
the
147-scan-on-update-via-events
branch
from
5bdd526
to
9483ff5
Compare
|
If this is not urgent I would still like to test the Cache-Deletion to avoid the files from being available in the ui. |
I would like to merge and backport this today, the linked issue is open for more than a month now. @unglaublicherdude can you/we try this on a new branch? |
I am testing right now. So if possible I would like to ship it directly with this PR |
There is also allot of unused stuff in the EventListener. I will also throw that stuff out. |
…e not beeing available until the scan is done.
unglaublicherdude
force-pushed
the
147-scan-on-update-via-events
branch
from
3b16da9
to
dabf475
Compare
|
… the file beeing in the cache
|
So. The scanFileById does not work when the file is not in the cache. So any opinions? The main reason why I tested that, is that if a scan does take its time, the file will be available in the UI and can be downloaded for that time. Removing the file from the cache would prevent that from happening because the file will only appear again in the UI, when the scan is done. But for this PR I am OK with this behavior. |
* switch to event driven scanning to properly handle scanning on client and UI uploads, updates or changes of files * make debugging and the devcontainer work again --------- Co-authored-by: PT-ATA No One <[email protected]> Co-authored-by: Lennart Dohmann <[email protected]> (cherry picked from commit 2b73060)
* switch to event driven scanning to properly handle scanning on client and UI uploads, updates or changes of files #160 * make debugging and the devcontainer work again --------- Co-authored-by: Renovate Bot <[email protected]> Co-authored-by: Matthias Simonis <[email protected]> Co-authored-by: PT-ATA No One <[email protected]>
* switch to event driven scanning to properly handle scanning on client and UI uploads, updates or changes of files #160 * make debugging and the devcontainer work again --------- Co-authored-by: PT-ATA No One <[email protected]> Co-authored-by: Lennart Dohmann <[email protected]> (cherry picked from commit 2b73060) Co-authored-by: Matthias Simonis <[email protected]>
No description provided.