wsd: access_token_ttl substitution

Change-Id: Ifcc2939124e061313cdb547985ec888aed9aa875
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This commit is contained in:
Ashod Nakashian 2023-06-23 07:08:09 -04:00 committed by Michael Meeks
parent 5e9fdc8ef8
commit c62cb19dc9

View file

@ -991,6 +991,7 @@ constexpr char BRANDING_UNSUPPORTED[] = "branding-unsupported";
#endif
static const std::string ACCESS_TOKEN = "%ACCESS_TOKEN%";
static const std::string ACCESS_TOKEN_TTL = "%ACCESS_TOKEN_TTL%";
/// Per user request variables.
/// Holds access_token, css_variables, postmessage_origin, etc.
@ -1016,6 +1017,38 @@ public:
// from the GET URI and set them in the generated html (see cool.html.m4).
const std::string accessToken = extractVariable(form, "access_token", ACCESS_TOKEN);
const std::string accessTokenTtl =
extractVariable(form, "access_token_ttl", ACCESS_TOKEN_TTL);
unsigned long tokenTtl = 0;
if (!accessToken.empty())
{
if (!accessTokenTtl.empty())
{
try
{
tokenTtl = std::stoul(accessTokenTtl);
}
catch (const std::exception& exc)
{
LOG_ERR(
"access_token_ttl ["
<< accessTokenTtl
<< "] must be represented as the number of milliseconds "
"since January 1, 1970 UTC, when the token will expire. Defaulting to "
<< tokenTtl);
}
}
else
{
LOG_INF("WOPI host did not pass optional access_token_ttl");
}
}
_vars[ACCESS_TOKEN_TTL] = std::to_string(tokenTtl);
LOG_TRC("Field ["
<< "access_token_ttl"
<< "] for var [" << ACCESS_TOKEN_TTL << "] = [" << tokenTtl << ']');
}
const std::string& operator[](const std::string& key) const
@ -1050,9 +1083,6 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
const UserRequestVars urv(request, form);
const std::string accessToken = form.get("access_token", "");
const std::string accessTokenTtl = form.get("access_token_ttl", "");
LOG_TRC("access_token=" << accessToken << ", access_token_ttl=" << accessTokenTtl);
const std::string accessHeader = form.get("access_header", "");
LOG_TRC("access_header=" << accessHeader);
const std::string uiDefaults = form.get("ui_defaults", "");
@ -1080,26 +1110,6 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
const std::string escapedAccessHeader = Util::encodeURIComponent(accessHeader, "'");
const std::string escapedPostmessageOrigin = Util::encodeURIComponent(postMessageOrigin, "'");
unsigned long tokenTtl = 0;
if (!accessToken.empty())
{
if (!accessTokenTtl.empty())
{
try
{
tokenTtl = std::stoul(accessTokenTtl);
}
catch (const std::exception& exc)
{
LOG_ERR("access_token_ttl must be represented as the number of milliseconds since January 1, 1970 UTC, when the token will expire");
}
}
else
{
LOG_INF("WOPI host did not pass optional access_token_ttl");
}
}
std::string socketProxy = "false";
if (requestDetails.isProxy())
socketProxy = "true";
@ -1111,7 +1121,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
std::string savedUIState = "true";
Poco::replaceInPlace(preprocess, ACCESS_TOKEN, urv[ACCESS_TOKEN]);
Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), std::to_string(tokenTtl));
Poco::replaceInPlace(preprocess, ACCESS_TOKEN_TTL, urv[ACCESS_TOKEN_TTL]);
Poco::replaceInPlace(preprocess, std::string("%ACCESS_HEADER%"), escapedAccessHeader);
Poco::replaceInPlace(preprocess, std::string("%HOST%"), cnxDetails.getWebSocketUrl());
Poco::replaceInPlace(preprocess, std::string("%VERSION%"), std::string(COOLWSD_VERSION_HASH));