Merge pull request #5 from computersalat/dev

improve Quota handling
6 years ago · b91b3fdbc1
parent 407cc8d3fa f27e734fc0
commit b91b3fdbc1
4 changed files with 42 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ can be found here:

 https://www.ohnekontur.de/category/technik/sync/fsyncms/

-Although the original author has planned further extesnions to this implementation,
-the current state of this server implementation is rather stagnant ans missing two
+Although the original author has planned further extensions to this implementation,
+the current state of this server implementation is rather stagnant and missing two
 important features:
 * Delete account from the web
 * Reset password from the web (similar to reset inside the client)

-Current state is the state as-used by the Pale Moon Sync service, which is v0.13 with some minor updates.
+Current state is the state as-used by the Pale Moon Sync service, which is v0.13b with some minor updates.

 If you wish to help complete the missing features, please feel free to clone this repository and make 
 the necessary edits -- kindly submit a pull request after you've tested your changes so it can be merged
@ -23,6 +23,14 @@ back in and improve this software!

 Release notes for older original versions:

+FSyncMS v013b
+======
+Password Change Bug-fix
+
+There has been a bug in FSyncMS v 0.13: if you tried to update your password via Firefox, the wrong hash
+was written in the Database. As a result the account was no longer usable, but no data should be lost.
+This update fixes the Bug.
+
 FSyncMS v013
 ======
 Database upgrade
--- a/index.php
+++ b/index.php
@ -23,6 +23,7 @@
 # Contributor(s):
 #	Toby Elliott (telliott@mozilla.com)
 #   Luca Tettamanti
+#   Christian Wittmer <chris@computersalat.de>
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -88,7 +89,7 @@
 	log_error("start request_____" . $path); 
    // ensure that we got a valid request
    if ( !$path ) 
-        report_problem("Invalid request, this was not a firefox sync request!", 400);
+        report_problem("Invalid request!", 400);

    // split path into parts and make sure that all values are properly initialized
    list($version, $username, $function, $collection, $id) = array_pad(explode('/', $path.'///'), 5, '');
--- a/setup.php
+++ b/setup.php
@ -23,6 +23,7 @@
 # Contributor(s):
 #   Daniel Triendl <daniel@pew.cc>
 #   balu
+#   Christian Wittmer <chris@computersalat.de>
 # 
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -156,6 +157,15 @@ function write_config_file($dbt, $dbh, $dbn, $dbu, $dbp, $fsRoot) {
    $cfg_content .= "    define(\"BCRYPT\", true);\n";
    $cfg_content .= "    define(\"BCRYPT_ROUNDS\", 12);\n";

+    $cfg_content .= "\n";
+    $cfg_content .= "    // you can enable logging to syslog for MINQUOTA_ERROR_OVER_QUOTA\n";
+    $cfg_content .= "    // if (quota_used > MINQUOTA && quota_used < MAXQUOTA)\n";
+    $cfg_content .= "    define(\"MINQUOTA_LOG_ERROR_OVER_QUOTA_ENABLE\", false);\n";
+    $cfg_content .= "\n";
+    $cfg_content .= "    // set MinQuota and MaxQuota\n";
+    $cfg_content .= "    define(\"MINQUOTA\", 30000);\n";
+    $cfg_content .= "    define(\"MAXQUOTA\", 35000);\n";
+
    $cfg_content .= "\n?>\n";

    // now write everything
--- a/weave_utils.php
+++ b/weave_utils.php
@ -21,6 +21,7 @@
 # Contributor(s):
 #   Daniel Triendl <daniel@pew.cc>
 #   Mark Straver <moonchild@palemoon.org>
+#   Christian Wittmer <chris@computersalat.de>
 #
 # Alternatively, the contents of this file may be used under the terms of
 # either the GNU General Public License Version 2 or later (the "GPL"), or
@ -257,20 +258,29 @@

 	function check_quota(&$db)
 	{
-	   // Checks the quota and if over limit, returns "over quota" to the user.
-	   $auth_user = array_key_exists('PHP_AUTH_USER', $_SERVER) ? $_SERVER['PHP_AUTH_USER'] : null;
-	   try {
+		// Checks the quota and if over limit, returns "over quota" to the user.
+		$auth_user = array_key_exists('PHP_AUTH_USER', $_SERVER) ? $_SERVER['PHP_AUTH_USER'] : null;
+		try {
 		$quota_used = $db->get_storage_total();
 		// log_quota("Debug quota: ".$auth_user." @ ".$quota_used." KB.");
 		} catch (Exception $e) {
 		  log_error($e->getMessage(), $e->getCode());
 		}
-      
-	   if ($quota_used > 35000) {
-	      log_quota("[!!] Over quota: ".$auth_user." @ ".$quota_used." KB.");
-	      // HTTP 400 with body error code 14 means over quota.
-	      report_problem(WEAVE_ERROR_OVER_QUOTA, 400);
-	   }
+
+		if ((defined("MINQUOTA") && MINQUOTA) && (defined("MAXQUOTA") && MAXQUOTA)) {
+			if ($quota_used > MINQUOTA && $quota_used < MAXQUOTA) {
+				report_problem(WEAVE_ERROR_OVER_QUOTA, 400);
+				log_quota("[!!] Over quota [MINQUOTA:MAXQUOTA]: ".$auth_user." @ ".$quota_used." KB.");
+				if (defined(MINQUOTA_LOG_ERROR_OVER_QUOTA_ENABLE) && MINQUOTA_LOG_ERROR_OVER_QUOTA_ENABLE) {
+					log_error(" MinQUOTA exceeding: ".$quota_used." KB.");
+				}
+			}
+			if ($quota_used > MAXQUOTA) {
+				log_quota("[!!] Over quota: ".$auth_user." @ ".$quota_used." KB.");
+				// HTTP 400 with body error code 14 means over quota.
+				report_problem(WEAVE_ERROR_OVER_QUOTA, 400);
+			}
+		}
 	}
 	
 	function check_timestamp($collection, &$db)