Henry Castro
commit
a149c97639
@ -38,6 +38,7 @@ $application->registerRoutes($this, [
|
||||
['name' => 'document#localClose', 'url' => 'close/{fileId}', 'verb' => 'POST'],
|
||||
//documents - for WOPI access
|
||||
['name' => 'document#wopiGetToken', 'url' => 'wopi/token/{fileId}', 'verb' => 'GET'],
|
||||
['name' => 'document#wopiCheckFileInfo', 'url' => 'wopi/files/{fileId}', 'verb' => 'GET'],
|
||||
['name' => 'document#wopiGetFile', 'url' => 'wopi/files/{fileId}/contents', 'verb' => 'GET'],
|
||||
['name' => 'document#wopiPutFile', 'url' => 'wopi/files/{fileId}/contents', 'verb' => 'POST'],
|
||||
//settings
|
||||
|
||||
@ -301,6 +301,7 @@ class DocumentController extends Controller{
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* Generates and returns an access token for a given fileId.
|
||||
* Only for authenticated users!
|
||||
*/
|
||||
@ -317,6 +318,42 @@ class DocumentController extends Controller{
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
* Returns general info about a file.
|
||||
*/
|
||||
public function wopiCheckFileInfo($fileId){
|
||||
$token = $this->request->getParam('access_token');
|
||||
|
||||
\OC::$server->getLogger()->debug('Getting info about file {fileId} by token {token}.', [ 'app' => $this->appName, 'fileId' => $fileId, 'token' => $token ]);
|
||||
|
||||
$row = new Db\Wopi();
|
||||
$row->loadBy('token', $token);
|
||||
|
||||
$res = $row->getPathForToken($fileId, $token);
|
||||
if ($res == false || http_response_code() != 200)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$view = new \OC\Files\View('/' . $res['user'] . '/');
|
||||
$info = $view->getFileInfo($res['path']);
|
||||
|
||||
\OC::$server->getLogger()->debug('File info: {info}.', [ 'app' => $this->appName, 'info' => $info ]);
|
||||
|
||||
$baseFileName = $info['name'];
|
||||
$size = $info['size'];
|
||||
|
||||
return array(
|
||||
'BaseFileName' => $baseFileName,
|
||||
'Size' => $size,
|
||||
//'DownloadUrl' => '',
|
||||
//'FileUrl' => '',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
|
||||
@ -192,7 +192,7 @@ var documentsMain = {
|
||||
}
|
||||
|
||||
var urlsrc = $('li[data-id='+ documentsMain.fileId +']>a').attr('urlsrc');
|
||||
var url = OC.generateUrl('apps/richdocuments/wopi/files/{file_id}/contents?access_token={token}',
|
||||
var url = OC.generateUrl('apps/richdocuments/wopi/files/{file_id}?access_token={token}',
|
||||
{file_id: documentsMain.fileId, token: encodeURIComponent(result.token)});
|
||||
documentsMain.url = window.location.protocol + '//' + window.location.host + url;
|
||||
|
||||
|
||||
@ -40,10 +40,21 @@ class Wopi extends \OCA\Richdocuments\Db{
|
||||
* Returns the token.
|
||||
*/
|
||||
public function generateFileToken($fileId){
|
||||
$user = \OC_User::getUser();
|
||||
$view = new \OC\Files\View('/' . $user . '/');
|
||||
$path = $view->getPath($fileId);
|
||||
|
||||
// Get the FS view of the current user.
|
||||
$view = \OC\Files\Filesystem::getView();
|
||||
// Get the virtual path (if the file is shared).
|
||||
$path = $view->getPath($fileId);
|
||||
if (!$view->is_file($path) || !$view->isUpdatable($path)) {
|
||||
throw new \Exception('Invalid fileId.');
|
||||
}
|
||||
|
||||
// Figure out the real owner, if not us.
|
||||
$user = $view->getOwner($path);
|
||||
// Create a view into the owner's FS.
|
||||
$view = new \OC\Files\View('/' . $user . '/');
|
||||
// Find the real path.
|
||||
$path = $view->getPath($fileId);
|
||||
if (!$view->is_file($path)) {
|
||||
throw new \Exception('Invalid fileId.');
|
||||
}
|
||||
@ -80,13 +91,25 @@ class Wopi extends \OCA\Richdocuments\Db{
|
||||
$wopi = new Wopi();
|
||||
$row = $wopi->loadBy('token', $token)->getData();
|
||||
\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);
|
||||
if (count($row) == 0)
|
||||
{
|
||||
// Invalid token.
|
||||
http_response_code(401);
|
||||
return false;
|
||||
}
|
||||
|
||||
//TODO: validate.
|
||||
if ($row['expiry'] > time() || $row['fileid'] !== $fileId){
|
||||
if ($row['expiry'] > time()){
|
||||
// Expired token!
|
||||
//http_response_code(404);
|
||||
//$wopi->deleteBy('id', $row['id']);
|
||||
//return false;
|
||||
}
|
||||
if ($row['fileid'] !== $fileId){
|
||||
// File unknown / user unauthorized (for the requested file).
|
||||
http_response_code(404);
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $row['uid'];
|
||||
$view = new \OC\Files\View('/' . $user . '/');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user