oderwat / hubic2swiftgate Goto Github PK

A HubiC.com to OpenStack Swift Gateway

ApacheConf 0.99% PHP 99.01%

hubic2swiftgate's Introduction

HubiC to OpenStack Swift Gateway

With HubiC now offering 10 TB (yes 10.000 GB) for 5,- Euro a month (or 50,- Euro a year) it becomes extremly interesting as datastorage for multiple and automated tasks!

As HubiC exposes an OpenStack Swift API to the developer the idea to use it with existing swift client implementations is a natural thing.

Sadly the HubiC authorisation is currently limited to OAuth2. This is those thing wich redirects you to a Website where you have to agree to connect your Account to a client. You know these ones!

To close this gap I made: hubic2swiftgate. A gateway which supports OAuth2 with api.hubic.com and has to be installed on an apache2 or nginx webserver using a ssl-certificate.

Warning!

This tool is not supported by OVH!

But they encourage user to use the API and allow access to non default containers explicitly on their forums! You find me on the Forum as "OderWat" too.

What can it do?

While using a real (non self-signed) certificate I got 100% compabillity with:

Duplicity - THE backup solution with encryption and diff (using: swift:// backend, this was added in 0.6.22 afaik)
Python-SwiftClient - Command line client. Very useful.
CyberDuck - FTP like access to all containers (using 'Swift'). As we only support v1.0 authentication you need to use the v1.0 devauth authentication supplied on the CyberDuck Homepage Auth 1.0 Profile Info
ExpanDrive2 - Mounts your HubiC Storage as external Drive (Select 'Open Stack Swift Storage. This really needs a non self-signed certificate!)
ftp-cloudfs - Users reported that this works very good to abstract Hubic as FTP Server.

I got limited success with:

Dulwich (the GIT Server component) with Swift-Repo Backend by Enovance (using my patch until they fix return code acceptance). This may be unusable slow depending on network/workflow.
CloudFuse (It works with v1.0 auth but crashes fairly often on my Mac)

Notice: The actuall datastore access is not running over the gateway! So you get full possible speed! The gateway just handles the authentication (v1.0 not v2.0) of swift clients

State of the project!

It works "perfectly well" for me and some friends but still is kinda "alpha code" because it has limited error control and needs some knowledge to setup it up correctly.

It is not meant as "finished product" and maybe never will. Actually it is kind of a hack like most "gateways" are :)

Please don't expect it to be easy to install (but it actually is easy to use after you got it working).

This was made because the HubicSwiftGateway (https://github.com/Toorop/HubicSwiftGateway) "suddenly" stopped working after the (reverse engineered) authentication scheme which was used is now deprecated.

P.S.: I was thinking about creating a stand alone binary version written in GoLang which would work for "everybody" and on Mac/Linux/PC. But I still hope that the HubiC Guys may implement this kind of gateway natively into their service. So don't expect this to happen soon, if at all.

How to make it work?

I suppose you have the code run in an apache2 server with php, curl, mod_rewrite, mod_ssl.

The docroot of a virtual server is pointing at the root of this project and asume the server is available under https://yourserver.com/ for this description.

Here some more help for that: Setting up Apache2 for Hubic2SwiftGate or Setting up nginx for Hubic2SwiftGate

There is also a docker image available from here.

In the current state the gateway only works for one HubiC Client which needs to be registered in the HubiC account panel (developer section).

Setting things up in you HubiC account:

Log into your HubiC account
Click onto account details
Add a new personal client app in the developer section
You can choose any name you like (e.g. SwiftGate)
Redirect URL needs to point to https://yourserver.com(:port)/callback/ (Important: Only add non standard ports, for 443 do not add a port in the url!)

Configuring the gateway:

rename config.php.sample to config.php and put your Password, Client ID and Client Secret in there.
change permission on "cache" folder to allow apache to store data there
make sure the .htaccess is used or configure your virtual server similar

Registering the client with your HubiC account

Visit: https://yourserver.com/register/?client=hubic&password=mypassword

If everything is working you are redirected to the Hubic Client Authentication Site. There you need to login with the data of the HubiC account which should be connected to this user (currently only one user 'hubic' is supported).

After that you get redirected back to your server which should take the code and redirect again to a simple "success" page.

To verify that it worked you can access: https://yourserver.com/usage/ which should show you a brief space usage report (this is not protected with a password so 'everybody' can see the usage of the client right now).

I am using the the user "hubic" and the password (aka authkey) from the config.php for "pseudo" authentication with the swift clients. This allows to hide everything hubic related from the user of the swift-client.

The real authentication is done with the OAuth2 tokens from the Hubic API "in the background" which then gets the OpenStack Tokens for the API to the filestorage.

Overriding the automatic redirect uri (callback)

There are use cases where the redirect uri calculated by the server is different to the real uri. This can happen if your server is behind some proxy or uses port mapping and you are using autoregister from internal or a browser from external. In that case the automatically generated redirect_uri does not match what is needed to really access the server and the callback after (auto)register fails to reach the server.

In those cases you remove the comment and set your value for redirect_uri in config.php to force the callback to a certain URI. For example, if you want to access to use https://yourserver.com:8080/autoregister/?client=hubic&password=mypassword&hubic_user=myhubiclogin&hubic_password=myhubicpassword, that internally is a redirection to port 80 inside a VM or a container, then you could use:

     'redirect_uri'=>'https://localhost/callback/', // only needed for special use cases

Registering the client with your HubiC account without user intervention

Visit: https://yourserver.com/autoregister/?client=hubic&password=mypassword&hubic_user=myhubiclogin&hubic_password=myhubicpassword

It will get fill the form and send it back without user intervention.

Configuring the Swift Clients

To use it with "any" client supporting openstack swift protocol you need to set those up similiar to these examples:

Duplicity

# Setting up the environment. Put it into .bashrc    

export SWIFT_AUTHURL='https://yourserver.com/auth/v1.0/'
export SWIFT_USERNAME='hubic' // fixed atm
export SWIFT_PASSWORD='mypassword' // from config.php
export PASSPHRASE='somethingreallylongandsecret'

duplicity /mydatetobackup swift://containername

# I personally use it for something like:

mysqlhotcopy .... (making a snapshot of the mysql databases to backup)
duplicity /backups/mysqlhotcopies swift://duplicity:server1:mysqldbs
duplicity /home swift://duplicity:server1:homes

Python-SwiftClient

Grab it here: https://github.com/openstack/python-swiftclient , or install with pip: pip install python-swiftclient

Attention: I believe starting with 2.0 they broke support for "gzip" compressed swift backends! The problem is now fixed in version 2.6, so make sure you use 1.9 or 2.6 or more recent, but not an older 2.x.

# Setting up the environment. Put it into .bashrc    

export ST_AUTH='https://yourserver.com/auth/v1.0/'
export ST_USER='hubic' // fixed atm
export ST_KEY='mypassword' // from config.php
export SWIFTCLIENT_INSECURE=true // if you use a self-signed certificate

# Examples
swift list --lh
swift delete duplicity:server1:homes
swift stat

Setting up Apache2 for HubiC2SwiftGate

I am not explaining how to get apache2 running in detail. Make sure you have php with curl extension, mod_ssl, mod_rewrite installed for your system. There is plenty of information about this on the net!

After you got those installed you need to configure apache2 to run the gateway.

First you need either a "real" (preferred) or self signed SSL certificate. On Linux and Mac you can create one like this:

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

You will be asked different stuff. The most important ist the "common name". There you need to enter the domain you want to use! It generates the private key server.key and the certificate server.crt. The file server.csr is the (reusable) certificate sign request.

You can order a "real" certificate for free from different sources. I checked out COMODO in the past which give you a certificate which is valid for 90 day for free.

Cautious: If you use a self signed certificate there may be problems with some of the clients. Sometimes you can deactivate certificate checking. It may even be possible to not use SSL at all. But I can't recommend this for software with these security relevance!

After you got the certificates you can set up an apache virtual server like this:

<VirtualHost *:443>
  ServerName hsgate.domain.name
  DocumentRoot /var/www/hsgate/www/

  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateFile /etc/apache2/ssl/server.crt
  SSLCertificateKeyFile /etc/apache2/ssl/server.key

  CustomLog /var/log/apache2/hsgate_ssl_access.log combined
  ErrorLog /var/log/apache2/hsgate_ssl_error.log

  <Directory "/var/www/hsgate/www/">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  php_admin_flag engine on

</VirtualHost>

Notice: This is just an example. You need to adjust the paths for your system and maybe more. Here hsgate is the repository root folder which contains the www folder which the virtual host needs to point at.

Depending on where you setup the server you may need to create a port mapping from outside in you router if you want to use the gateway from another than your own network.

It is fine to install this all "inside" your own network as long as your local browser has access to it! You even can use localhost! My scope is different in that I am using the gateway from many different servers in different locations.

Setting up nginx for HubiC2SwiftGate

The creation of the self-signed certificate is the same as for apache2. A possible nginx-configuration would be:

server  {
          listen 443 ssl;

          #access_log  /var/log/nginx/hsgate.access.log;
          error_log   /var/log/nginx/hsgate.error.log error;

          server_name hsgate;

          ssl                  on;
          ssl_certificate      /etc/nginx/ssl/hsgate.crt;
          ssl_certificate_key  /etc/nginx/ssl/hsgate.key;

          root /var/www/hsgate/;
          index index.php;

          location / {
                root /var/www/hsgate/html;
                try_files $uri $uri/ /simple.php?$args;

              }


          location ~ \.php$ {
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                fastcgi_pass  unix:/var/run/php5-fpm.sock;
              }


        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

      }

In this config php5-fpm is used to serve .php-files with nginx. But there are also some other ways to use nginx with PHP. The ssl config is also quite minimal and if you want to use this in production, it would be a good suggestion to extend it.

P.S.: This work is dedicated to my friends from METATEXX GmbH!

hubic2swiftgate's People

Contributors

Stargazers

Watchers

hubic2swiftgate's Issues

.

Using a recent version of Python-SwiftClient

README.md suggest to use Python-SwiftClient version 1.9 because of a problem with 2.0.
But it look like the problem is solved in recent version, I just do a "pip install python-swiftclient" that install me the version 2.6 and it work fine with Hubic.

The only change I need when moving from 1.9 is to use "export SWIFTCLIENT_INSECURE=true" because my gateway use a self-signed certificate.

Maybe README.md can be updated to avoid people to use an old version when this is not required.
Or is the problem with a specific function I am not using?

Setup

You may add that the simple.php file should be linked or renamed to a classic index.php in order to setup the gateway.

Register issue : HubiC api server responded with return code: 0

Hello,

After succefully instal the hubic2swiftgate script, set all the config variable I cannot succes for register my client ...

Same error with both autoregister or register mod. I enter my Hubic credential and I give in return :
(I hide with XXX the personal information ;) )

For URL : https://hub.local/autoregister/?client=hubic&password=mypassword&hubic_user=XXX&hubic_password=XXX
I get :
HubiC api server responded with return code: 0
Failed to request authorization code, check client_id or redirect_ur

'redirect_uri' => https://hub.local/callback/
'client_id' => api_hubic_XXXX

(same with the register mod, i get
Notice: Undefined variable: uri in C:\xampp\htdocs\hubic\simple.php on line 386
HubiC api server responded with return code: 0 )

What is this error code 0 ? I have make a lot of time on it, so if somebody can help me :) ?

Nota : thanks for this project, it's very useful

Works only for one "ClientID"

I am pretty sure that it is possible to make this work for multiple ClientIDs and therefor multiple HubiC Accounts on the same "Gateway". This may be implemented later!

I can't make a connection with hubiC

Hello!

First of all thank you very much for everything!

I'm trying to make hubic2swiftgate work but I'm finding some trouble to access this address:

https://issam******.com/register/?client=hubic&password=mypassword

I have an 404 error. What I did is to make the necessary configuration in the file config.php, and the i renamed the folder "hubic2swiftgate-master" to "hsgate", and finally I put the folder in /var/www.

My website does work with SSL. Indeed now I can see the content of /var/www/hsgate, but the I don't understand how to connect with hubiC.

Can someone please give me a hand?

Thanks!

Several issues (s3ql), any help?

I'm trying to setup hubic2swiftgate with lighttpd, I've had some problems so far:

First of all, I couldn't get the registration to work properly, I guess something wrong with my lighttpd config, it wasn't getting the ?password from the url. I hardcoded it in the simple.php and it worked.

Would this be an issue for the hubic2swiftgate backend to work after configuration? I never did find out what's wrong with my lighttpd config.

I can go to http://localhost/usage/ and it works, displays my accurate space stats.

However, I'm trying to mount it with s3ql and no matter what I get:

I'm using login: hubic and passphrase from the h2s config, that's correct?

sudo mkfs.s3ql --debug --backend-options ssl-ca-path=/etc/lighttpd/certs/lighttpd.pem swift://localhost/hubic
Enter backend login: 
Enter backend passphrase: 
2015-11-09 19:57:28.742 20419 MainThread s3ql.backends.common.get_ssl_context: Reading CA certificates from file /etc/lighttpd/certs/lighttpd.pem
2015-11-09 19:57:28.748 20419 MainThread s3ql.backends.swift._do_request: started with 'GET', '/', None, {'limit': 1}, None, None
2015-11-09 19:57:28.749 20419 MainThread s3ql.backends.swift._do_request: no active connection, calling _get_conn()
2015-11-09 19:57:28.749 20419 MainThread s3ql.backends.swift._get_conn: started
2015-11-09 19:57:28.750 20419 MainThread s3ql.backends.swift._get_conn: GET /v1.0
2015-11-09 19:57:28.795 20419 MainThread root.excepthook: No permission to access backend.

This is my lighttpd config:

# This is a minimal example config
# See /usr/share/doc/lighttpd
# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions

server.port             = 80
server.username         = "http"
server.groupname        = "http"
server.document-root    = "/srv/http/hubic2swiftgate/www"
server.errorlog         = "/var/log/lighttpd/error.log"
dir-listing.activate    = "disable"
index-file.names        = ( "index.html" )

server.modules += ( "mod_fastcgi" )
server.modules += ( "mod_scgi" )
server.modules += ( "mod_rewrite" )

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}


mimetype.assign             = (
      ".rpm"          =>      "application/x-rpm",
      ".pdf"          =>      "application/pdf",
      ".sig"          =>      "application/pgp-signature",
      ".spl"          =>      "application/futuresplash",
      ".class"        =>      "application/octet-stream",
      ".ps"           =>      "application/postscript",
      ".torrent"      =>      "application/x-bittorrent",
      ".dvi"          =>      "application/x-dvi",
      ".gz"           =>      "application/x-gzip",
      ".pac"          =>      "application/x-ns-proxy-autoconfig",
      ".swf"          =>      "application/x-shockwave-flash",
      ".tar.gz"       =>      "application/x-tgz",
      ".tgz"          =>      "application/x-tgz",
      ".tar"          =>      "application/x-tar",
      ".zip"          =>      "application/zip",
      ".mp3"          =>      "audio/mpeg",
      ".m3u"          =>      "audio/x-mpegurl",
      ".wma"          =>      "audio/x-ms-wma",
      ".wax"          =>      "audio/x-ms-wax",
      ".ogg"          =>      "application/ogg",
      ".wav"          =>      "audio/x-wav",
      ".gif"          =>      "image/gif",
      ".jar"          =>      "application/x-java-archive",
      ".jpg"          =>      "image/jpeg",
      ".jpeg"         =>      "image/jpeg",
      ".png"          =>      "image/png",
      ".xbm"          =>      "image/x-xbitmap",
      ".tar.gz"       =>      "application/x-tgz",
      ".tgz"          =>      "application/x-tgz",
      ".tar"          =>      "application/x-tar",
      ".zip"          =>      "application/zip",
      ".mp3"          =>      "audio/mpeg",
      ".m3u"          =>      "audio/x-mpegurl",
      ".wma"          =>      "audio/x-ms-wma",
      ".wax"          =>      "audio/x-ms-wax",
      ".ogg"          =>      "application/ogg",
      ".wav"          =>      "audio/x-wav",
      ".gif"          =>      "image/gif",
      ".jar"          =>      "application/x-java-archive",
      ".jpg"          =>      "image/jpeg",
      ".jpeg"         =>      "image/jpeg",
      ".png"          =>      "image/png",
      ".xbm"          =>      "image/x-xbitmap",
      ".xpm"          =>      "image/x-xpixmap",
      ".xwd"          =>      "image/x-xwindowdump",
      ".css"          =>      "text/css",
      ".html"         =>      "text/html",
      ".htm"          =>      "text/html",
      ".js"           =>      "text/javascript",
      ".asc"          =>      "text/plain",
      ".c"            =>      "text/plain",
      ".cpp"          =>      "text/plain",
      ".log"          =>      "text/plain",
      ".conf"         =>      "text/plain",
      ".text"         =>      "text/plain",
      ".txt"          =>      "text/plain",
      ".dtd"          =>      "text/xml",
      ".xml"          =>      "text/xml",
      ".mpeg"         =>      "video/mpeg",
      ".mpg"          =>      "video/mpeg",
      ".xwd"          =>      "image/x-xwindowdump",
      ".css"          =>      "text/css",
      ".html"         =>      "text/html",
      ".htm"          =>      "text/html",
      ".js"           =>      "text/javascript",
      ".asc"          =>      "text/plain",
      ".c"            =>      "text/plain",
      ".cpp"          =>      "text/plain",
      ".log"          =>      "text/plain",
      ".conf"         =>      "text/plain",
      ".text"         =>      "text/plain",
      ".txt"          =>      "text/plain",
      ".dtd"          =>      "text/xml",
      ".xml"          =>      "text/xml",
      ".mpeg"         =>      "video/mpeg",
      ".mpg"          =>      "video/mpeg",
      ".mov"          =>      "video/quicktime",
      ".qt"           =>      "video/quicktime",
      ".avi"          =>      "video/x-msvideo",
      ".asf"          =>      "video/x-ms-asf",
      ".asx"          =>      "video/x-ms-asf",
      ".wmv"          =>      "video/x-ms-wmv",
      ".bz2"          =>      "application/x-bzip",
      ".tbz"          =>      "application/x-bzip-compressed-tar",
      ".tar.bz2"      =>      "application/x-bzip-compressed-tar",
      # default mime type
      ""              =>      "application/octet-stream",
     )

scgi.server = ( "/RPC2" =>
    ( "127.0.0.1" =>
        (
            "host" => "127.0.0.1",
            "port" => 5050,
            "check-local" => "disable"
        )
    )
)

fastcgi.server = ( ".php" => ((
                 "bin-path" => "/usr/bin/php-cgi",
                 "socket" => "/tmp/php.socket"
)))

url.rewrite-if-not-file = (
"^(.*)$" => "/simple.php/$1"
)

I'm thinking maybe the problem is with my rewrite rule, but would that even matter after registering with hubic?

Is there a way I can debug what's going wrong with the hubic2swiftgate backend? Or any idea what I might be doing wrong?

Any simple way to determine where the problem is, whether it's with lighttpd, hubic2swiftgate, or s3ql? I can't get anything but " No permission to access backend." from s3ql.

Not "secure" to be trusted for "public" users...

To make this clear. This software could be extended to be used by "anybody" but the owner of the Gateway would be able to gain access to any Storage used by its users.

I wonder if there is a way to implement it in a way that this is not possible and create an universal public gateway...

Ideas?

403 Forbidden

Hi Hans,

I'm trying to run ftpcloudfs + hubic2swiftgate on Mac OS X Yosemite (+ Server.app installed).
Have you been able to make it run under such a similar config?

Everytime I want to connect to ftp://[email protected]:2021, I get an error.
I've both tested with MAMP or Apple's Apache.
https://myServerDomain:8890/auth/v1.0/ is when I test with MAMP, else, it's https://myServerDomain/auth/v1.0/ with default OS X Apache.
With MAMP, I'm using a MAMP create autosigned certificate+key
With Apple's Apache, I'm using an Apple autosigned certificate+key create right into the Server.app

Error With Apple Apache

[E 14-11-25 19:59:14] 192.168.1.11:64096-[hubic] Failed to authenticate user hubic: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol
[13683] 2014-11-25 19:59:14,996 - ERROR - 192.168.1.11:64096-[hubic] Failed to authenticate user hubic: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol

Error with MAMP

[54610] 2014-11-28 18:53:34,687 - INFO - Starting new HTTPS connection (1): myServerDomain
/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py:730: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/   en/latest/security.html (This warning will only appear once by default.)
InsecureRequestWarning)
[54610] 2014-11-28 18:53:34,699 - INFO - REQ: curl -i https://myServerDomain:8890/auth/v1.0/ -X GET
[54610] 2014-11-28 18:53:34,700 - INFO - RESP STATUS: 403 Forbidden
[54610] 2014-11-28 18:53:34,700 - INFO - RESP HEADERS: [('content-length', '212'), ('keep-alive', 'timeout=5, max=100'), ('server', 'Apache'), ('connection', 'Keep-Alive'), ('date', 'Fri, 28 Nov 2014 17:53:34 GMT'), ('content-  type', 'text/html; charset=iso-8859-1')]
[54610] 2014-11-28 18:53:34,700 - INFO - RESP BODY: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /auth/v1.0/
on this server.</p>
</body></html>
[E 14-11-28 18:53:34] 192.168.1.11:59039-[hubic] Failed to authenticate user hubic: [Errno 13] Auth GET failed:     Forbidden
[54610] 2014-11-28 18:53:34,700 - ERROR - 192.168.1.11:59039-[hubic] Failed to authenticate user hubic: [Errno 13] Auth     GET failed: Forbidden
[I 14-11-28 18:53:39] 192.168.1.11:59039-[] USER 'hubic' failed login.
[54610] 2014-11-28 18:53:39,702 - INFO - 192.168.1.11:59039-[] USER 'hubic' failed login.
[I 14-11-28 18:53:42] 192.168.1.11:59039-[] FTP session closed (disconnect).
[54610] 2014-11-28 18:53:42,962 - INFO - 192.168.1.11:59039-[] FTP session closed (disconnect).

By running the command curl -v -k https://myServerDomain:8890/auth/v1.0/I've the following output

* Hostname was NOT found in DNS cache
*   Trying 192.168.1.11...
* Connected to myServerDomain (192.168.1.11) port 8890 (#0)
* TLS 1.0 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: myServerDomain
> GET /auth/v1.0/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: myServerDomain:8890
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Date: Fri, 28 Nov 2014 18:31:10 GMT
* Server Apache is not blacklisted
< Server: Apache
< Content-Length: 212
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /auth/v1.0/
on this server.</p>
</body></html>
* Connection #0 to host myServerDomain left intact

This one is the ouput with Apple Apache

* Hostname was NOT found in DNS cache
*   Trying 192.168.1.11...
* Connected to myServerDomain (192.168.1.11) port 443 (#0)
* TLS 1.0 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: myServerDomain
> GET /auth/v1.0/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: myServerDomain
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 403 Forbidden
< Date: Fri, 28 Nov 2014 18:37:41 GMT
< Server: Apache
< X-Powered-By: PHP/5.5.14
< Expires: Mon, 1 Jan 2000 00:00:00 GMT
< Last-Modified: Fri, 28 Nov 2014 18:37:41 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< MS-Author-Via: DAV
< Content-Length: 38
< Connection: close
< Content-Type: text/html
< 
* Closing connection 0
AUTH_USER and/or AUTH_KEY are missing!

Problem registering

I've setup hubic2swiftgate on a devuan virtual server as described in the readme.
When I try to register the app with hubiC, I get redirected to the hubic2swiftgate homepage not to the success page. The usage page is giving Error 178 without any further details, the apache2 error log is not showing anything.
What can I do to find the error?

SCRIPT_URL does not not exists in nginx / fpm config

after updating to commit 215efc9 i receive this error:

Notice: Undefined index: SCRIPT_URL in /hubic2swiftgate/www/simple.php on line 26

apache seems to be the only webserver wich supports SCRIPT_URL. php frameworks like symfony2 do use other parameters (https://github.com/symfony/HttpFoundation/blob/master/Tests/RequestTest.php#L453) to detect the correct "prefix".

here is my nginx config (with rewrites):

server {
    listen 192.168.0.60:443 ssl;
    listen 192.168.0.60:80;
    location / {
        index simple.php;
        rewrite ^/(.*)$ /simple.php?/$1 last;
    }
    location ~ /simple.php($|/) {
        include /opt/local/etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
    }
}

an call to the host https://hub_ic.local with active nginx rewrites return the following var_dump($_SERVER)

array(35) {
  ["HOME"]=>
  string(21) "/Users/christiankrupa"
  ["QUERY_STRING"]=>
  string(1) "/"
  ["SCRIPT_NAME"]=>
  string(11) "/simple.php"
  ["REQUEST_URI"]=>
  string(1) "/"
  ["DOCUMENT_URI"]=>
  string(11) "/simple.php"
  ["DOCUMENT_ROOT"]=>
  string(47) "/Users/christiankrupa/Sites/hubic2swiftgate/www"
  ["SERVER_SOFTWARE"]=>
  string(11) "nginx/1.7.7"
  ["SERVER_NAME"]=>
  string(12) "hub_ic.local"
  ["SCRIPT_FILENAME"]=>
  string(58) "/Users/christiankrupa/Sites/hubic2swiftgate/www/simple.php"
  ["PATH_INFO"]=>
  string(11) "/simple.php"
}

the same call without rewrites (http://localhost/hubic2swiftgate/www/simple.php)

array(33) {
  ["HOME"]=>
  string(21) "/Users/christiankrupa"
  ["QUERY_STRING"]=>
  string(0) ""
  ["SCRIPT_NAME"]=>
  string(31) "/hubic2swiftgate/www/simple.php"
  ["REQUEST_URI"]=>
  string(31) "/hubic2swiftgate/www/simple.php"
  ["DOCUMENT_URI"]=>
  string(31) "/hubic2swiftgate/www/simple.php"
  ["DOCUMENT_ROOT"]=>
  string(27) "/Users/christiankrupa/Sites"
  ["SERVER_SOFTWARE"]=>
  string(11) "nginx/1.7.7"
  ["SCRIPT_FILENAME"]=>
  string(58) "/Users/christiankrupa/Sites/hubic2swiftgate/www/simple.php"
  ["PATH_INFO"]=>
  string(31) "/hubic2swiftgate/www/simple.php"
}

what is the apache response? after comparing the params i think we are able to find a valid solution which does work on different webservers.

ftp-cloudfs + hubic2swiftgate = ftp hubic

it would be nice if you could put this on the front page that this works wonders with https://github.com/cloudfs/ftp-cloudfs

autoregister doesn't work anymore ?

Whereas /register works successfully, /autoregister returns the following error message:
Error on logon or user_pw. Hubic api server responded with return code: 302
Even if I uncomment the line in config.php file:
'autoredirect_uri'=>'https://localhost/callback/', // only needed for autoregister

Register URL in readme are not good

You write in the readme :

To register the gateway with hubic visit:
https://yourserver.com/register/?user=hubic&password=mypassword

But the good URL was :
https://yourserver.com/register/?client=hubic&password=mypassword

include caddy configuration info

Hi, I think than would be cool add info about how config h2sg with caddy server, caddy is really simple, noob friendly and you don't need a big setup (only download the executable) so it could be a good option for those than doesnt need apache or nginx in his machine...

I'm not a caddy expert but I'll try satup it, if someone has more experience please let me know.

Does not work with CyberDuck

http://gyazo.com/7c5653d810a2fb040c947c8ee3fbfe60

the program is posting with /v2.0/tokens ... so its not sending the right things it seams

Dockerfile

Hi!

Just letting you know this exist, https://github.com/jkaberg/docker-hubic2swiftgate

Should ease the setup part :-)

404 not found

Hi,

I have a 404 not found error when I go to https://hb.my.domaine/register/?client=hubic&password=mypassword

My Apache vhost:

<VirtualHost *:1443>
  ServerName hb.my.domaine
  DocumentRoot /var/www/hubic2swiftgate/

  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateFile /etc/ssl/hubic/server.crt
  SSLCertificateKeyFile /etc/ssl/hubic/server.key

  CustomLog /var/log/apache2/hsgate_ssl_access.log combined
  ErrorLog /var/log/apache2/hsgate_ssl_error.log

  <Directory "/var/www/hubic2swiftgate/">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  php_admin_flag engine on

</VirtualHost>

php5-curl and curl installed
mod_rewrite and mod_ssl activeted

permission ok:

root@ks:/var/www# ls -alh hubic2swiftgate/
total 44K
drwxrwxr-x 5 www-data www-data 4,0K oct.  26 17:08 .
drwxr-xr-x 9 www-data root     4,0K oct.  26 15:07 ..
drwxrwxr-x 2 www-data www-data 4,0K oct.  26 15:07 cache
-rwxrwxr-x 1 www-data www-data  220 oct.  26 17:08 config.php
-rwxrwxr-x 1 www-data www-data  172 oct.  26 15:07 config.php.sample
drwxrwxr-x 8 www-data www-data 4,0K oct.  26 15:07 .git
-rwxrwxr-x 1 www-data www-data   39 oct.  26 15:07 .gitignore
-rwxrwxr-x 1 www-data www-data  12K oct.  26 15:07 README.md
drwxrwxr-x 2 www-data www-data 4,0K oct.  26 15:45 www

In hubiC account:

Name: swiftraja
URL: https://hb.my.domaine/callback/

idea ?

Thx,
Rajaskank42

Callback doesn't work with custom IP port

If we customise the ip port of the webserver the callback don't work.

To make the "callback" work i have modify this line :

$redirect_uri="https://".$_SERVER['SERVER_NAME']."/callback/";

Replace by :

$redirect_uri="https://".$_SERVER['SERVER_NAME'].":444/callback/";

I just added my server port configuration.
I thinks this must be in config.php ;)

Help in configuration with Nginx (and Owncloud)

Hello,

I installed Owncloud on a VPS with Nginx and php-fpm
Now i would like to link my Hubic account inside Owncloud using the openstack interface that's why i would like to use the gateway.
Unfortunaltly i don't know how to use/configure it. Owncloud is installed at the root of one of my subdomain. The gateway (simple.php) is in a subfolder called hubic. Another subfolder called cache has been created with config.php at the root path.

When i try to access the register part i got a 404 error code

Here is my nginx configuration (with a dedicated block for /hubic)

server {
    listen 80;
    listen [::]:80;
    server_name cloud.mysubdomain.fr;
    return 301 https://$server_name$request_uri;
}

server {
        server_name cloud.mysubdomain.fr;

        listen 443 ssl;
        listen [::]:443 ssl;
        include snippets/ssl-cloud.mysubdomain.fr.conf;
        include snippets/ssl-params.conf;

        index index.php;
        root /var/www/cloud;

        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

    rewrite ^/caldav((/|$).*)$ /remote.php/caldav$1 last;
    rewrite ^/carddav((/|$).*)$ /remote.php/carddav$1 last;
    rewrite ^/webdav((/|$).*)$ /remote.php/webdav$1 last;

    error_page 403 = /core/templates/403.php;
    error_page 404 = /core/templates/404.php;

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
                deny all;
        }

        location / {
                # The following 2 rules are only needed with webfinger
                rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
                rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

                rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
                rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

                rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

                try_files $uri $uri/ index.php;
        }

        location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param HTTPS on;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

        location /hubic {
                index simple.php;
                rewrite ^/(.*)$ /simple.php?/$1 last;
                root /var/www/cloud/hubic;
                try_files $uri $uri/ /simple.php?$args;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
                add_header Cache-Control "public, max-age=7200";
                # Add headers to serve security related headers
                add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
                add_header X-Content-Type-Options nosniff;
                add_header X-Frame-Options "SAMEORIGIN";
                add_header X-XSS-Protection "1; mode=block";
                add_header X-Robots-Tag none;
                # Optional: Don't log access to assets
                access_log off;
        }    

        # Optional: set long EXPIRES header on static assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
                expires 30d;
                # Optional: Don't log access to assets
                access_log off;
        }
}

Any help is welcome.
Thank you

Timing of expires...

I am pretty sure that the code which checks for expire of the OS_Token is not really working "worldwide" (or at all). My main concern are timezone differences. May be that it will work using GMT in the gateway code. Didn't check that so far!

invalid_request

Since revision 24781fe something has been changed and it's not possible anymore to register api_access. The redirect_uri always points to https://yourserver.com(:port)/simple.php/callback/ instead of https://yourserver.com(:port)/callback/

A fix for this would be really great. Thx

ERROR : Access Denied! Wrong Client or Password

Hi,
I have this problem with hubic2swiftgate. How can I do to determine the problem ?
Thank you.

Alias Apache

Hi,

I tried with an alias in apache:

<VirtualHost *:443>
        ServerName ssl.my.domaine
        ## SSL
                SSLEngine on
                SSLProtocol all -SSLv2 -SSLv3
                SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
                SSLCertificateFile /etc/ssl/startssl/my.domaine.crt
                SSLCertificateKeyFile /etc/ssl/startssl/my.domaine.key
                SSLCertificateChainFile /etc/ssl/startssl/sub.class1.server.ca.pem
        ## hubiC
                alias /hb /var/www/hubic2swiftgate/www/
                <Directory "/var/www/hubic2swiftgate/www/">
                        Options Indexes FollowSymLinks
                        AllowOverride All
                        Order allow,deny
                        Allow from all
                </Directory>
                php_admin_flag engine on
        ## other
                alias /other /var/www/other/
                <Directory "/var/www/other/">
                        Options Indexes FollowSymLinks
                        AllowOverride All
                        Order allow,deny
                        Allow from all
                </Directory>
etc...
</VirtualHost>

it must also change in simple.php:

switch($request) {
        case '/hb/v1.0':
        case '/hb/v1.0/':
        case '/hb/auth':
        case '/hb/auth/':
        case '/hb/auth/v1.0':
        case '/hb/auth/v1.0/':
                $mode='swift';
                break;

        case '/hb/register':
        case '/hb/register/':
                $mode='register';
                break;

        case '/hb/usage':
        case '/hb/usage/':
                $mode='usage';
                break;

        case '/hb':
                $mode='home';
                break;

        case '/hb/callback':
        case '/hb/callback/':
                $mode='callback';
                break;

        case '/hb/success':
        case '/hb/success/':
                $mode='success';
                break;

And in hubiC account:
URL: https://ssl.my.domaine/hb/callback/

it works very well !
This is useful if you already have a valid certificate (and free like StartSSL) on your server.

And by the way , exellent work!
I greatly increase the transfer rate with ftp-cloudfs compared to the official client :)