Refactor WOPI handlers to retrieve access token from Authorization header, maintaining backward compatibility with query parameter
This commit is contained in:
Leon Bösche
BIN
go_cloud/api
BIN
go_cloud/api
Binary file not shown.
@@ -216,8 +216,16 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get access token from query parameter
|
// Get access token from Authorization header or query parameter
|
||||||
accessToken := r.URL.Query().Get("access_token")
|
authHeader := r.Header.Get("Authorization")
|
||||||
|
accessToken := ""
|
||||||
|
if strings.HasPrefix(authHeader, "Bearer ") {
|
||||||
|
accessToken = strings.TrimPrefix(authHeader, "Bearer ")
|
||||||
|
} else {
|
||||||
|
// Fallback to query parameter for backward compatibility
|
||||||
|
accessToken = r.URL.Query().Get("access_token")
|
||||||
|
}
|
||||||
|
|
||||||
if accessToken == "" {
|
if accessToken == "" {
|
||||||
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
|
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
@@ -228,8 +236,6 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa
|
|||||||
accessToken = decodedToken
|
accessToken = decodedToken
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Printf("[WOPI-DEBUG] CheckFileInfo received token: %s\n", accessToken)
|
|
||||||
|
|
||||||
// Validate token
|
// Validate token
|
||||||
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
|
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -345,8 +351,16 @@ func wopiGetFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
|
|||||||
|
|
||||||
fmt.Printf("[WOPI-GetFile] START: file=%s\n", fileID)
|
fmt.Printf("[WOPI-GetFile] START: file=%s\n", fileID)
|
||||||
|
|
||||||
// Get access token from query parameter
|
// Get access token from Authorization header or query parameter
|
||||||
accessToken := r.URL.Query().Get("access_token")
|
authHeader := r.Header.Get("Authorization")
|
||||||
|
accessToken := ""
|
||||||
|
if strings.HasPrefix(authHeader, "Bearer ") {
|
||||||
|
accessToken = strings.TrimPrefix(authHeader, "Bearer ")
|
||||||
|
} else {
|
||||||
|
// Fallback to query parameter for backward compatibility
|
||||||
|
accessToken = r.URL.Query().Get("access_token")
|
||||||
|
}
|
||||||
|
|
||||||
if accessToken == "" {
|
if accessToken == "" {
|
||||||
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
|
errors.WriteError(w, errors.CodeUnauthenticated, "Missing access_token", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
@@ -464,8 +478,6 @@ func wopiPutFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
|
|||||||
accessToken = decodedToken
|
accessToken = decodedToken
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Printf("[WOPI-DEBUG] PutFile received token: %s\n", accessToken)
|
|
||||||
|
|
||||||
// Validate token
|
// Validate token
|
||||||
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
|
claims, err := validateWOPIAccessToken(accessToken, jwtManager)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -859,19 +871,14 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Build WOPISrc URL (with access_token as query parameter)
|
// Build WOPISrc URL (without access_token - Collabora will use Authorization header)
|
||||||
// JWT tokens are URL-safe, so no additional encoding needed
|
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s", fileID)
|
||||||
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken)
|
|
||||||
|
|
||||||
// Get the correct Collabora editor URL from discovery (includes version hash)
|
// Get the correct Collabora editor URL from discovery (includes version hash)
|
||||||
editorURL := getCollaboraEditorURL(collaboraURL)
|
editorURL := getCollaboraEditorURL(collaboraURL)
|
||||||
|
|
||||||
// URL-encode the WOPISrc for use in the form action URL
|
|
||||||
encodedWopiSrc := url.QueryEscape(wopiSrc)
|
|
||||||
|
|
||||||
// Build the full Collabora URL with WOPISrc as query parameter
|
// Build the full Collabora URL with WOPISrc as query parameter
|
||||||
// Collabora expects: cool.html?WOPISrc=<encoded-url>
|
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, wopiSrc)
|
||||||
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, encodedWopiSrc)
|
|
||||||
|
|
||||||
// Return HTML page with auto-submitting form
|
// Return HTML page with auto-submitting form
|
||||||
// The form POSTs to Collabora with access_token in the body
|
// The form POSTs to Collabora with access_token in the body
|
||||||
|
|||||||
Reference in New Issue
Block a user