URL-decode access token in WOPI handlers and add debug logging for received tokens

go_cloud/internal/http/wopi_handlers.go

@@ -223,6 +223,13 @@ func wopiCheckFileInfoHandler(w http.ResponseWriter, r *http.Request, db *databa
 		return
 	}
 
+	// URL-decode the token in case it was encoded
+	if decodedToken, err := url.QueryUnescape(accessToken); err == nil {
+		accessToken = decodedToken
+	}
+
+	fmt.Printf("[WOPI-DEBUG] CheckFileInfo received token: %s\n", accessToken)
+
 	// Validate token
 	claims, err := validateWOPIAccessToken(accessToken, jwtManager)
 	if err != nil {
@@ -452,6 +459,13 @@ func wopiPutFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
 	}
 	accessToken := strings.TrimPrefix(authHeader, "Bearer ")
 
+	// URL-decode the token in case it was encoded
+	if decodedToken, err := url.QueryUnescape(accessToken); err == nil {
+		accessToken = decodedToken
+	}
+
+	fmt.Printf("[WOPI-DEBUG] PutFile received token: %s\n", accessToken)
+
 	// Validate token
 	claims, err := validateWOPIAccessToken(accessToken, jwtManager)
 	if err != nil {
@@ -846,6 +860,7 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
 	}
 
 	// Build WOPISrc URL (with access_token as query parameter)
+	// JWT tokens are URL-safe, so no additional encoding needed
 	wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken)
 
 	// Get the correct Collabora editor URL from discovery (includes version hash)