From 6cc68d563409cd1c695b9f34e0efda9f4b107b86 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Wed, 3 Jun 2020 09:15:53 +0200
Subject: [PATCH] Add option to disable TUS on OC layer (#791)

This way the TUS headers and capabilities are not returned when
disabled, to not advertise TUS support for clients.

Furthermore the TUS handlers are also disabled.
---
 internal/http/services/owncloud/ocdav/ocdav.go      |  1 +
 internal/http/services/owncloud/ocdav/options.go    | 13 +++++++------
 internal/http/services/owncloud/ocdav/propfind.go   |  2 +-
 internal/http/services/owncloud/ocdav/webdav.go     |  6 +++++-
 .../http/services/owncloud/ocs/config/config.go     |  1 +
 .../ocs/handlers/cloud/capabilities/capabilities.go |  2 +-
 6 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/internal/http/services/owncloud/ocdav/ocdav.go b/internal/http/services/owncloud/ocdav/ocdav.go
index a00a8b46a83..5c755771afd 100644
--- a/internal/http/services/owncloud/ocdav/ocdav.go
+++ b/internal/http/services/owncloud/ocdav/ocdav.go
@@ -65,6 +65,7 @@ type Config struct {
 	WebdavNamespace string `mapstructure:"webdav_namespace"`
 	ChunkFolder     string `mapstructure:"chunk_folder"`
 	GatewaySvc      string `mapstructure:"gatewaysvc"`
+	DisableTus      bool   `mapstructure:"disable_tus"`
 }
 
 type svc struct {
diff --git a/internal/http/services/owncloud/ocdav/options.go b/internal/http/services/owncloud/ocdav/options.go
index b0ef55812db..89d2ea9fb3d 100644
--- a/internal/http/services/owncloud/ocdav/options.go
+++ b/internal/http/services/owncloud/ocdav/options.go
@@ -27,15 +27,16 @@ func (s *svc) handleOptions(w http.ResponseWriter, r *http.Request, ns string) {
 	allow += " MOVE, UNLOCK, PROPFIND, MKCOL, REPORT, SEARCH,"
 	allow += " PUT" // TODO(jfd): only for files ... but we cannot create the full path without a user ... which we only have when credentials are sent
 
-	w.Header().Add("Access-Control-Allow-Headers", "Tus-Resumable")
-	w.Header().Add("Access-Control-Expose-Headers", "Tus-Resumable, Tus-Version, Tus-Extension")
-
 	w.Header().Set("Content-Type", "application/xml")
 	w.Header().Set("Allow", allow)
 	w.Header().Set("DAV", "1, 2")
 	w.Header().Set("MS-Author-Via", "DAV")
-	w.Header().Set("Tus-Resumable", "1.0.0") // TODO(jfd): only for dirs?
-	w.Header().Set("Tus-Version", "1.0.0")
-	w.Header().Set("Tus-Extension", "creation,creation-with-upload")
+	if !s.c.DisableTus {
+		w.Header().Add("Access-Control-Allow-Headers", "Tus-Resumable")
+		w.Header().Add("Access-Control-Expose-Headers", "Tus-Resumable, Tus-Version, Tus-Extension")
+		w.Header().Set("Tus-Resumable", "1.0.0") // TODO(jfd): only for dirs?
+		w.Header().Set("Tus-Version", "1.0.0")
+		w.Header().Set("Tus-Extension", "creation,creation-with-upload")
+	}
 	w.WriteHeader(http.StatusOK)
 }
diff --git a/internal/http/services/owncloud/ocdav/propfind.go b/internal/http/services/owncloud/ocdav/propfind.go
index f6d7d4423f8..5f93fff18aa 100644
--- a/internal/http/services/owncloud/ocdav/propfind.go
+++ b/internal/http/services/owncloud/ocdav/propfind.go
@@ -169,7 +169,7 @@ func (s *svc) handlePropfind(w http.ResponseWriter, r *http.Request, ns string)
 	w.Header().Set("DAV", "1, 3, extended-mkcol")
 	w.Header().Set("Content-Type", "application/xml; charset=utf-8")
 	// let clients know this collection supports tus.io POST requests to start uploads
-	if info.Type == provider.ResourceType_RESOURCE_TYPE_CONTAINER {
+	if info.Type == provider.ResourceType_RESOURCE_TYPE_CONTAINER && !s.c.DisableTus {
 		w.Header().Add("Access-Control-Expose-Headers", "Tus-Resumable, Tus-Version, Tus-Extension")
 		w.Header().Set("Tus-Resumable", "1.0.0")
 		w.Header().Set("Tus-Version", "1.0.0")
diff --git a/internal/http/services/owncloud/ocdav/webdav.go b/internal/http/services/owncloud/ocdav/webdav.go
index 5c7e5be7c10..22d05d784d2 100644
--- a/internal/http/services/owncloud/ocdav/webdav.go
+++ b/internal/http/services/owncloud/ocdav/webdav.go
@@ -58,7 +58,11 @@ func (h *WebDavHandler) Handler(s *svc) http.Handler {
 		case http.MethodPut:
 			s.handlePut(w, r, h.namespace)
 		case http.MethodPost:
-			s.handleTusPost(w, r, h.namespace)
+			if !s.c.DisableTus {
+				s.handleTusPost(w, r, h.namespace)
+			} else {
+				w.WriteHeader(http.StatusNotFound)
+			}
 		case http.MethodOptions:
 			s.handleOptions(w, r, h.namespace)
 		case http.MethodHead:
diff --git a/internal/http/services/owncloud/ocs/config/config.go b/internal/http/services/owncloud/ocs/config/config.go
index 84109967e77..dce4f48bc80 100644
--- a/internal/http/services/owncloud/ocs/config/config.go
+++ b/internal/http/services/owncloud/ocs/config/config.go
@@ -28,4 +28,5 @@ type Config struct {
 	Config       data.ConfigData       `mapstructure:"config"`
 	Capabilities data.CapabilitiesData `mapstructure:"capabilities"`
 	GatewaySvc   string                `mapstructure:"gatewaysvc"`
+	DisableTus   bool                  `mapstructure:"disable_tus"`
 }
diff --git a/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go b/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go
index 540c3b6224e..24a919f78ce 100644
--- a/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go
+++ b/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go
@@ -101,7 +101,7 @@ func (h *Handler) Init(c *config.Config) {
 	// h.c.Capabilities.Files.Undelete is boolean
 	// h.c.Capabilities.Files.Versioning is boolean
 
-	if h.c.Capabilities.Files.TusSupport == nil {
+	if h.c.Capabilities.Files.TusSupport == nil && !c.DisableTus {
 		// these are global capabilities
 		// TODO: infer from various TUS handlers from all known storages
 		h.c.Capabilities.Files.TusSupport = &data.CapabilitiesFilesTusSupport{