b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove invalid custom HTTP client - use query parameter token for SfPdfViewer

Browse Source
This commit is contained in:
Leon Bösche
2026-01-11 17:54:01 +01:00
parent ef737429d6
commit 17d10e5815
3 changed files with 3 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
b0esche_cloud/lib/pages/document_viewer.dart
View File

@@ -10,138 +10,6 @@ import '../services/file_service.dart';
import '../injection.dart';
import 'package:syncfusion_flutter_pdfviewer/pdfviewer.dart';
import 'package:go_router/go_router.dart';
import 'dart:io';
// Custom HTTP client for SfPdfViewer that injects Bearer token
class AuthorizedHttpClient extends HttpClient {
final String token;
final HttpClient _inner = HttpClient();
AuthorizedHttpClient(this.token);
@override
Future<HttpClientRequest> getUrl(Uri url) async {
final request = await _inner.getUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> openUrl(String method, Uri url) async {
final request = await _inner.openUrl(method, url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
set connectionTimeout(Duration? timeout) =>
_inner.connectionTimeout = timeout;
@override
Duration? get connectionTimeout => _inner.connectionTimeout;
@override
set maxConnectionsPerHost(int? value) =>
_inner.maxConnectionsPerHost = value;
@override
int? get maxConnectionsPerHost => _inner.maxConnectionsPerHost;
@override
Future<HttpClientRequest> delete(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.delete(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> deleteUrl(Uri url) async {
final request = await _inner.deleteUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> get(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.get(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> head(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.head(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> headUrl(Uri url) async {
final request = await _inner.headUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> patch(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.patch(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> patchUrl(Uri url) async {
final request = await _inner.patchUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> post(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.post(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> postUrl(Uri url) async {
final request = await _inner.postUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> put(String host,
[int port = 0, String requestPath = '/']) async {
final request = await _inner.put(host, port, requestPath);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
Future<HttpClientRequest> putUrl(Uri url) async {
final request = await _inner.putUrl(url);
request.headers.set('Authorization', 'Bearer $token');
return request;
}
@override
set badCertificateCallback(
bool Function(X509Certificate, String, int)? callback) =>
_inner.badCertificateCallback = callback;
@override
bool Function(X509Certificate, String, int)? get badCertificateCallback =>
_inner.badCertificateCallback;
@override
void close({bool force = false}) => _inner.close(force: force);
}
// Modal version for overlay display
class DocumentViewerModal extends StatefulWidget {
@@ -312,16 +180,13 @@ class _DocumentViewerModalState extends State<DocumentViewerModal> {
if (state.caps.isPdf) {
// Log the URL being used for debugging
print('Loading PDF from: ${state.viewUrl}');
// Create custom HTTP client that injects the Bearer token
final httpClient = AuthorizedHttpClient(state.token);
// Token is passed via Authorization header, not in URL
// Token is passed via Authorization header in SessionBloc context
return SfPdfViewer.network(
state.viewUrl.toString(),
onDocumentLoadFailed: (details) {
print('PDF load failed: ${details.error}');
print('Description: ${details.description}');
},
httpClient: httpClient,
);
} else {
return Container(

BIN
go_cloud/api
View File

Binary file not shown.

6
go_cloud/internal/http/routes.go
View File

@@ -459,8 +459,7 @@ func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, jwtM
errors.WriteError(w, errors.CodeInternal, "Server error", http.StatusInternalServerError)
return
}
// Download URL without token - will use Authorization header instead
downloadPath := fmt.Sprintf("%s://%s/orgs/%s/files/download?path=%s", scheme, host, orgID.String(), url.QueryEscape(file.Path))
downloadPath := fmt.Sprintf("%s://%s/orgs/%s/files/download?path=%s&token=%s", scheme, host, orgID.String(), url.QueryEscape(file.Path), url.QueryEscape(viewerToken))
// Determine if it's a PDF based on file extension
isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")
@@ -543,8 +542,7 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
errors.WriteError(w, errors.CodeInternal, "Server error", http.StatusInternalServerError)
return
}
// Download URL without token - will use Authorization header instead
downloadPath := fmt.Sprintf("%s://%s/user/files/download?path=%s", scheme, host, url.QueryEscape(file.Path))
downloadPath := fmt.Sprintf("%s://%s/user/files/download?path=%s&token=%s", scheme, host, url.QueryEscape(file.Path), url.QueryEscape(viewerToken))
// Determine if it's a PDF based on file extension
isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")