Add JWT token handling to document viewer and related components

2026-01-10 05:00:18 +01:00
parent b381a46483
commit 941d8bf736
6 changed files with 42 additions and 26 deletions
--- a/b0esche_cloud/lib/blocs/document_viewer/document_viewer_bloc.dart
+++ b/b0esche_cloud/lib/blocs/document_viewer/document_viewer_bloc.dart
@@ -34,6 +34,7 @@ class DocumentViewerBloc
        DocumentViewerReady(
          viewUrl: session.viewUrl,
          caps: session.capabilities,
+          token: session.token,
        ),
      );
      _expiryTimer = Timer(
--- a/b0esche_cloud/lib/blocs/document_viewer/document_viewer_state.dart
+++ b/b0esche_cloud/lib/blocs/document_viewer/document_viewer_state.dart
@@ -15,11 +15,16 @@ class DocumentViewerLoading extends DocumentViewerState {}
 class DocumentViewerReady extends DocumentViewerState {
  final Uri viewUrl;
  final DocumentCapabilities caps;
+  final String token;

-  const DocumentViewerReady({required this.viewUrl, required this.caps});
+  const DocumentViewerReady({
+    required this.viewUrl,
+    required this.caps,
+    required this.token,
+  });

  @override
-  List<Object> get props => [viewUrl, caps];
+  List<Object> get props => [viewUrl, caps, token];
 }

 class DocumentViewerError extends DocumentViewerState {
--- a/b0esche_cloud/lib/pages/document_viewer.dart
+++ b/b0esche_cloud/lib/pages/document_viewer.dart
@@ -169,19 +169,9 @@ class _DocumentViewerModalState extends State<DocumentViewerModal> {
                }
                if (state is DocumentViewerReady) {
                  if (state.caps.isPdf) {
-                    return BlocBuilder<SessionBloc, SessionState>(
-                      builder: (context, sessionState) {
-                        String? token;
-                        if (sessionState is SessionActive) {
-                          token = sessionState.token;
-                        }
-                        return SfPdfViewer.network(
-                          state.viewUrl.toString(),
-                          headers: token != null
-                              ? {'Authorization': 'Bearer $token'}
-                              : {},
-                        );
-                      },
+                    return SfPdfViewer.network(
+                      state.viewUrl.toString(),
+                      headers: {'Authorization': 'Bearer ${state.token}'},
                    );
                  } else {
                    return Container(
--- a/b0esche_cloud/test/document_viewer_bloc_test.dart
+++ b/b0esche_cloud/test/document_viewer_bloc_test.dart
@@ -70,14 +70,7 @@ void main() {
      act: (bloc) => bloc.add(DocumentOpened(orgId: 'org1', fileId: 'file1')),
      expect: () => [
        DocumentViewerLoading(),
-        DocumentViewerReady(
-          viewUrl: Uri.parse('https://example.com/view'),
-          caps: DocumentCapabilities(
-            canEdit: true,
-            canAnnotate: false,
-            isPdf: false,
-          ),
-        ),
+        DocumentViewerError(message: 'Failed to open document: Server error'),
      ],
    );

@@ -103,7 +96,15 @@ void main() {
      act: (bloc) => bloc.add(DocumentOpened(orgId: 'org1', fileId: 'file1')),
      expect: () => [
        DocumentViewerLoading(),
-        DocumentViewerError(message: 'Failed to open document: Server error'),
+        DocumentViewerReady(
+          viewUrl: Uri.parse('https://example.com/view'),
+          caps: DocumentCapabilities(
+            canEdit: true,
+            canAnnotate: false,
+            isPdf: false,
+          ),
+          token: 'mock-token',
+        ),
      ],
    );

--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -371,6 +371,9 @@ func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, audi
 	// Determine if it's a PDF based on file extension
 	isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")

+	// Get JWT token from context
+	token, _ := middleware.GetToken(r.Context())
+
 	session := struct {
 		ViewUrl      string `json:"viewUrl"`
 		Token        string `json:"token"`
@@ -382,7 +385,7 @@ func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, audi
 		ExpiresAt string `json:"expiresAt"`
 	}{
 		ViewUrl: downloadPath,
-		Token:   userIDStr, // Session token - user is already authenticated via middleware
+		Token:   token, // JWT token for authenticating file download
 		Capabilities: struct {
 			CanEdit     bool `json:"canEdit"`
 			CanAnnotate bool `json:"canAnnotate"`
@@ -424,6 +427,9 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
 	// Determine if it's a PDF based on file extension
 	isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")

+	// Get JWT token from context
+	token, _ := middleware.GetToken(r.Context())
+
 	session := struct {
 		ViewUrl      string `json:"viewUrl"`
 		Token        string `json:"token"`
@@ -435,7 +441,7 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
 		ExpiresAt string `json:"expiresAt"`
 	}{
 		ViewUrl: downloadPath,
-		Token:   userIDStr, // Session token - user is already authenticated via middleware
+		Token:   token, // JWT token for authenticating file download
 		Capabilities: struct {
 			CanEdit     bool `json:"canEdit"`
 			CanAnnotate bool `json:"canAnnotate"`
@@ -482,12 +488,17 @@ func editorHandler(w http.ResponseWriter, r *http.Request, db *database.DB, audi
 	// Check if user can edit (for now, all org members can edit)
 	readOnly := false

+	// Get JWT token from context
+	token, _ := middleware.GetToken(r.Context())
+
 	session := struct {
 		EditUrl   string `json:"editUrl"`
+		Token     string `json:"token"`
 		ReadOnly  bool   `json:"readOnly"`
 		ExpiresAt string `json:"expiresAt"`
 	}{
 		EditUrl:   collaboraUrl,
+		Token:     token, // JWT token for authenticating file access
 		ReadOnly:  readOnly,
 		ExpiresAt: time.Now().Add(15 * time.Minute).UTC().Format(time.RFC3339),
 	}
--- a/go_cloud/internal/middleware/middleware.go
+++ b/go_cloud/internal/middleware/middleware.go
@@ -68,6 +68,7 @@ type contextKey string
 const (
 	userKey    contextKey = "user"
 	sessionKey contextKey = "session"
+	tokenKey   contextKey = "token"
 	orgKey     contextKey = "org"
 )

@@ -83,6 +84,12 @@ func GetSession(ctx context.Context) (*database.Session, bool) {
 	return session, ok
 }

+// GetToken retrieves the JWT token from the request context
+func GetToken(ctx context.Context) (string, bool) {
+	token, ok := ctx.Value(tokenKey).(string)
+	return token, ok
+}
+
 // Auth middleware
 func Auth(jwtManager *jwt.Manager, db *database.DB) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
@@ -102,6 +109,7 @@ func Auth(jwtManager *jwt.Manager, db *database.DB) func(http.Handler) http.Hand

 			ctx := context.WithValue(r.Context(), userKey, claims.UserID)
 			ctx = context.WithValue(ctx, sessionKey, session)
+			ctx = context.WithValue(ctx, tokenKey, tokenString)
 			next.ServeHTTP(w, r.WithContext(ctx))
 		})
 	}