Public Pages¶
A lot of apps in Nextcloud want to expose public pages in some form. This can be to share files, a calendar or anything else. To ensure all those pages benefit from the security enhancements we add we created simple controlers for app developers to use.
Concept¶
A public page is there to display a resource that a user wants to expose via a public link in an app.
A public page is identified by some token
and can be protected by a password
.
If a public page is password protected by default we will show the normal authentication page to enter the password.
A public page can also call other endpoints. These endpoints operate very similarly with the difference that if the user is not properly authenticated it will throw a 404.
It is required that you have a parameter (probaby in your url) with the token
. As an example
your routes.php
could look like:
<?php
return [
'routes' => [
[ 'name' => 'PublicAPI#get', 'url' => '/api/{token}', 'verb' => 'GET' ],
[ 'name' => 'PublicDisplay#get', 'url' => '/display/{token}', 'verb' => 'GET' ],
]
];
Implementing an authenticated public page¶
On some pages password authentication might be required (just like the when you share a file via public link with a password). In this case you need to extend a different provider.
The AuthPublicShareController requiers in addition to the PublicShareController that
you also implement the verifyPassword
and showShare
functions.
Additionally you can overwrite the showAuthenticate
and showAuthFailed
functions
if you do now want to use the default authentication pages.
The authFailed
and authSucceeded
functions can be overwritten as well and are
called depending on the if authentication passed or not. You can handle additional logging
there for example.