b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor WOPI handlers to retrieve access token from Authorization header, maintaining backward compatibility with query parameter

Browse Source
This commit is contained in:
Leon Bösche
2026-02-05 12:18:43 +01:00
parent 67e6d89eb2
commit 425ac0c99e
2 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
go_cloud/api
View File

Binary file not shown.

39
go_cloud/internal/http/wopi_handlers.go
View File

@@ -216,8 +216,16 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa
return
}
// Get access token from query parameter
accessToken := r.URL.Query().Get("access_token")
// Get access token from Authorization header or query parameter
authHeader := r.Header.Get("Authorization")
accessToken := ""
if strings.HasPrefix(authHeader, "Bearer ") {
accessToken = strings.TrimPrefix(authHeader, "Bearer ")
} else {
// Fallback to query parameter for backward compatibility
accessToken = r.URL.Query().Get("access_token")
}
if accessToken == "" {
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
return
@@ -228,8 +236,6 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa
accessToken = decodedToken
}
fmt.Printf("[WOPI-DEBUG] CheckFileInfo received token: %s\n", accessToken)
// Validate token
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
if err != nil {
@@ -345,8 +351,16 @@ func wopiGetFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
fmt.Printf("[WOPI-GetFile] START: file=%s\n", fileID)
// Get access token from query parameter
accessToken := r.URL.Query().Get("access_token")
// Get access token from Authorization header or query parameter
authHeader := r.Header.Get("Authorization")
accessToken := ""
if strings.HasPrefix(authHeader, "Bearer ") {
accessToken = strings.TrimPrefix(authHeader, "Bearer ")
} else {
// Fallback to query parameter for backward compatibility
accessToken = r.URL.Query().Get("access_token")
}
if accessToken == "" {
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
return
@@ -464,8 +478,6 @@ func wopiPutFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
accessToken = decodedToken
}
fmt.Printf("[WOPI-DEBUG] PutFile received token: %s\n", accessToken)
// Validate token
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
if err != nil {
@@ -859,19 +871,14 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
return
}
// Build WOPISrc URL (with access_token as query parameter)
// JWT tokens are URL-safe, so no additional encoding needed
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken)
// Build WOPISrc URL (without access_token - Collabora will use Authorization header)
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s", fileID)
// Get the correct Collabora editor URL from discovery (includes version hash)
editorURL := getCollaboraEditorURL(collaboraURL)
// URL-encode the WOPISrc for use in the form action URL
encodedWopiSrc := url.QueryEscape(wopiSrc)
// Build the full Collabora URL with WOPISrc as query parameter
// Collabora expects: cool.html?WOPISrc=<encoded-url>
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, encodedWopiSrc)
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, wopiSrc)
// Return HTML page with auto-submitting form
// The form POSTs to Collabora with access_token in the body