Public Pages
A lot of apps in Nextcloud want to expose public pages in some form. This can be to share files, a calendar or anything else. To ensure all those pages benefit from the security enhancements we add simplified controllers were created for app developers to use.
Concept
A public page is there to display a resource that a user wants to expose via a public link in an app.
A public page is identified by some token
and can be protected by a password
.
If a public page is password protected by default we will show the normal authentication page to enter the password.
A public page can also call other endpoints. These endpoints operate very similarly with the difference that if the user is not properly authenticated it will throw a 404.
It is required that you have a parameter (probaby in your url) with the token
. As an example
your routes.php
could look like:
<?php
return [
'routes' => [
[ 'name' => 'PublicAPI#get', 'url' => '/api/{token}', 'verb' => 'GET' ],
[ 'name' => 'PublicDisplay#get', 'url' => '/display/{token}', 'verb' => 'GET' ],
]
];
Implementing an authenticated public page
On some pages password authentication might be required (just like the when you share a file via public link with a password). In this case you need to extend a different provider.
The AuthPublicShareController requires in addition to the PublicShareController that
you also implement the verifyPassword
and showShare
functions.
Additionally you can overwrite the showAuthenticate
and showAuthFailed
functions
if you do not want to use the default authentication pages.
The authFailed
and authSucceeded
functions can be overwritten as well and are
called depending on the if authentication passed or not. You can handle additional logging
there for example.