diff --git a/go_cloud/api b/go_cloud/api index 8be5dbc..d0b9070 100755 Binary files a/go_cloud/api and b/go_cloud/api differ diff --git a/go_cloud/internal/http/wopi_handlers.go b/go_cloud/internal/http/wopi_handlers.go index 3fa788b..0adcad1 100644 --- a/go_cloud/internal/http/wopi_handlers.go +++ b/go_cloud/internal/http/wopi_handlers.go @@ -216,8 +216,16 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa return } - // Get access token from query parameter - accessToken := r.URL.Query().Get("access_token") + // Get access token from Authorization header or query parameter + authHeader := r.Header.Get("Authorization") + accessToken := "" + if strings.HasPrefix(authHeader, "Bearer ") { + accessToken = strings.TrimPrefix(authHeader, "Bearer ") + } else { + // Fallback to query parameter for backward compatibility + accessToken = r.URL.Query().Get("access_token") + } + if accessToken == "" { errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized) return @@ -228,8 +236,6 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa accessToken = decodedToken } - fmt.Printf("[WOPI-DEBUG] CheckFileInfo received token: %s\n", accessToken) - // Validate token claims, err := validateWOPIAccessToken(accessToken, jwtManager) if err != nil { @@ -345,8 +351,16 @@ func wopiGetFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, fmt.Printf("[WOPI-GetFile] START: file=%s\n", fileID) - // Get access token from query parameter - accessToken := r.URL.Query().Get("access_token") + // Get access token from Authorization header or query parameter + authHeader := r.Header.Get("Authorization") + accessToken := "" + if strings.HasPrefix(authHeader, "Bearer ") { + accessToken = strings.TrimPrefix(authHeader, "Bearer ") + } else { + // Fallback to query parameter for backward compatibility + accessToken = r.URL.Query().Get("access_token") + } + if accessToken == "" { errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized) return @@ -464,8 +478,6 @@ func wopiPutFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, accessToken = decodedToken } - fmt.Printf("[WOPI-DEBUG] PutFile received token: %s\n", accessToken) - // Validate token claims, err := validateWOPIAccessToken(accessToken, jwtManager) if err != nil { @@ -859,19 +871,14 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database. return } - // Build WOPISrc URL (with access_token as query parameter) - // JWT tokens are URL-safe, so no additional encoding needed - wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken) + // Build WOPISrc URL (without access_token - Collabora will use Authorization header) + wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s", fileID) // Get the correct Collabora editor URL from discovery (includes version hash) editorURL := getCollaboraEditorURL(collaboraURL) - // URL-encode the WOPISrc for use in the form action URL - encodedWopiSrc := url.QueryEscape(wopiSrc) - // Build the full Collabora URL with WOPISrc as query parameter - // Collabora expects: cool.html?WOPISrc= - collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, encodedWopiSrc) + collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, wopiSrc) // Return HTML page with auto-submitting form // The form POSTs to Collabora with access_token in the body