Commit graph

210 commits

Author SHA1 Message Date
Pranav Kant
7b4f734b32 Broadcast closing documents in same thread
... instead of handing it over the Document broker polling thread which
can lead to race conditions, and hence not giving desired behavior when
document is changed externally.

Change-Id: Ib0821d4ae931c357bc4d4c526865eefc090ddc23
2017-09-18 23:02:07 +05:30
Marco Cecchetti
dee39a562c support for rendering a watermark on each tile
Change-Id: I3edccac49a3bcd3d2493d8d7ef3a1ae29307e727
Reviewed-on: https://gerrit.libreoffice.org/41898
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-09-07 17:28:44 +02:00
Jan Holesovsky
f7c199684c WOPI extension: DisableInactiveMessages to avoid showing message when dimmed.
Change-Id: I925602295dde95611ab1a6565dd7266460769a50
Reviewed-on: https://gerrit.libreoffice.org/41709
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-08-29 19:44:33 +02:00
Pranav Kant
ad211ef51b wsd: Configurable autosave and idlesave durations
But these save conditions are checked every 30 seconds only, so setting
them to less than 30 seconds wouldn't mean that save will be triggered
anytime sooner.

Change-Id: Id473a79af6a3170c72e372040460f2b7c15f150e
2017-08-24 16:54:15 +05:30
Pranav Kant
769e41dfb2 Fix build
Mismerge. There is no session->getAccessToken now

Change-Id: I4d8f2cc612cbd39b3163bcdbba5df8ea5d732774
2017-08-18 07:14:33 +05:30
Aditya Dewan
c3711a4375 Extending WOPI implementaion to introduce 'Save As' feature
Change-Id: Ic4c80f4c4b54944143682c25a5878c1336787b27
Reviewed-on: https://gerrit.libreoffice.org/40946
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-08-17 19:25:44 +02:00
Jan Holesovsky
afcfac4bef access_header: Infrastructure for providing custom headers for authentication.
Change-Id: I52e61dc01dbad0d501471e663aaf364d9bc23c52
Reviewed-on: https://gerrit.libreoffice.org/41223
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-08-17 13:40:57 +02:00
Pranav Kant
ef54b6ea16 wsd: Ignore useractive, userinactive when doc is not loaded
Sometimes client sends a userinactive message while the document is
already being loaded, which leads to the kit process skipping sending
the result of LOK callbacks to the client.

Handling this in child session is futile in the case when userinactive
message is sent when the document is being loaded, since kit process
handles the 'userinactive' message only after document is loaded (i.e
isLoaded() returns true). Moving this handling to DocumentBroker will
take care of both the cases - when 'userinactive' is sent before load
starts, and during load of the document.

Change-Id: I4ea3ac7b184d2ca373eb3ff4fb7b4ae394d454df
2017-08-11 23:27:17 +05:30
Pranav Kant
fde57adbbf Introduce hard mode when we are OOM
Start killing documents when memory usage goes above threshold.

Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.

Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
2017-07-07 21:14:53 +05:30
Aditya Dewan
bc7fa9a812 admin: convert document list to drop down
Change-Id: I23635599b008fb0bfa694b4e73cb8f18f49c8ab7
Reviewed-on: https://gerrit.libreoffice.org/39170
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-07-06 09:18:09 +02:00
Pranav Kant
a03f69a16a Update PostMessageOrigin if SSL termination is on too
Change-Id: I887ab368fec62a5efefde4da3762c47dd0bf66d7
Reviewed-on: https://gerrit.libreoffice.org/39100
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-06-26 12:32:49 +02:00
Ashod Nakashian
8689d11f5c wsd: don't busy wait when getNewChild fails fast
If Forkit is dead, getNewChild will fail fast.

Try not to busy loop in that case and yield
the CPU for a nominal duration, which currently
is the tenth of the normal getNewChild timeout.

Change-Id: I1a94dfedbf2a4f4fc12e4d33d1307f70c307987a
Reviewed-on: https://gerrit.libreoffice.org/39248
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-26 05:18:14 +02:00
Pranav Kant
c21de44524 Bin unused parameter, rude
Change-Id: I39f55f55f8a0c5432350625d9720ea2367955a8c
Reviewed-on: https://gerrit.libreoffice.org/39085
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-06-23 10:42:55 +02:00
Pranav Kant
6c6ddbe425 Remove redundant function call
This is called later after the while loop. Breaking out of while loop
should be enough.

Change-Id: I04979d3af1f475c05b5a43d7afe47770ff69ee25
Reviewed-on: https://gerrit.libreoffice.org/39086
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-06-23 10:42:44 +02:00
Michael Meeks
d43589c343 Replace now un-used locking with thread affinity assertions.
Change-Id: I8c08d1618404740e9dc1d5ff2cb7d9d460ca2be5
2017-06-22 18:41:16 +01:00
Pranav Kant
d192fa4944 Obsolete comment
Change-Id: I30b1bcbb5c4bd040ab1205030d16867fa488bdb4
2017-06-22 12:56:23 +05:30
Ashod Nakashian
7ae37aff0d wsd: fix access-after-free error
Valgrind spotted one case, and the other is possible but
not common it seems.

Change-Id: Id5e41145f597c3564263adb25b7b765db1c90bf7
Reviewed-on: https://gerrit.libreoffice.org/38991
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-20 05:15:29 +02:00
Pranav Kant
c88780b2d4 wsd: Don't show dialog if document is unmodified
Change-Id: Ibb9e2122461c577863d1f713070748bdda6129d1
2017-06-19 20:01:31 +05:30
Michael Meeks
7ea5f71a7b Units: allow filtering of user alerts.
Catch things that kill tests like disk-full earlier.

Change-Id: Ib50b516063305f2fc93b662ec3ad9ab6c52c6c92
2017-06-16 20:25:23 +01:00
Pranav Kant
db13014e00 Update modifiedTime for local files unconditionally
Also teach logger to print timestamp object.

Change-Id: Ia13836814c195cef92f5dafd8245c9958600876d
2017-06-16 19:49:37 +05:30
Aditya Dewan
681138ab54 tdf#106451 admin: graph to monitor network activity
Change-Id: Id71ef4e2a9d16e72f4df442fbf646a39213b61d5
Reviewed-on: https://gerrit.libreoffice.org/38621
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-06-16 09:55:01 +02:00
Jan Holesovsky
4f89ce23b2 wsd: Honor the hosting/discovery read-only setting in LocalStorage too.
To make the debugging easier...

Change-Id: I7c6e748e72a595a6c3a5942a20874339b8456f19
Reviewed-on: https://gerrit.libreoffice.org/38781
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-06-14 14:02:23 +02:00
Ashod Nakashian
194faa6d69 wsd: force readonly for view file types per discovery.xml
File extensions marked as view (as opposed to edit)
in discovery.xml are now forced to be read-only,
regardless of what the client tries to request.

Change-Id: I3eb00c33ff716800dc317f7377281c6d5f0909d7
Reviewed-on: https://gerrit.libreoffice.org/38480
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-07 06:02:30 +02:00
Michael Meeks
eeaf436d53 Admin: show cumulative bandwidth sent / recv'd over all time.
Change-Id: I3f9f398d1de19d54e0aa4c51bc44c597019dc839
2017-06-03 22:53:57 +01:00
Michael Meeks
3101fa510d Accumulate I/O stats per document.
Change-Id: Ie2f5647e65070ddd828f048820efd38b600f9133
2017-06-02 20:41:25 +01:00
Pranav Kant
a0710c9613 Inform the current session about document change too
Change-Id: I9947eb8b23e5a698cc2cbf39bfde4e1941aae0f0
2017-06-01 22:07:25 +05:30
Pranav Kant
f4b22bbb3c Broadcast command result back to clients
This is required to tell the clients if the command they issued was
successfull or not. In this case 'savetostorage' is the command that we
are interested in knowing the success status of.

With this, now if the user commands to overwrite the document, dialog
boxes of all other users are automatically closed.

Can easily more commands in future for this kind of thing. Its similar
to unocommandresult, except its not a uno command, but our internal
command.

Change-Id: I2e7e1fd5edbd55c13ee4bf9bce24284483d6507f
2017-06-01 21:42:29 +05:30
Pranav Kant
dce714efb8 Toggle this flag after a successfull save
Change-Id: Id1bf5bc5e32e24f68094f3020f4a7c4c4117f18a
2017-06-01 21:07:52 +05:30
Pranav Kant
41234773e3 If user permits, save to storage force-fully in case of doc conflict
There is one known problem still - after any user decides to overwrite
the file to storage, other users are not informed, so their dialog keeps
hanging on the screen until they press the cancel or reload button.

Change-Id: I6dad1585e4c53eeed79cd38316892a7f239d44ef
2017-06-01 19:53:10 +05:30
Pranav Kant
4d61cae4c8 If user commands, refresh the document for all in case of doc conflict
Change-Id: I42c61fb8099b0bcc60f942e602561cc97486a918
2017-06-01 19:46:38 +05:30
Pranav Kant
d6ef241cf5 Don't be so rude
If we are rude, then we don't tell the reason behind closing the
document to our clients.

This method earlier was used to do 'ownertermination', but without this
patch, ownertermination is not going to work. We regressed somewhere in
the past.

Change-Id: I7a2513e567f72b1adf00d5a74b118e116d6d99d3
2017-06-01 18:17:39 +05:30
Pranav Kant
ba4e75cfae Inform all clients when document changed behind our back
Introduce a new header X-LOOL-WOPI-Timestamp

This is a WOPI header extension to detect any external document change. For
example, when the file that is already opened by LOOL is changed
in storage.

The WOPI host sends LastModifiedTime field (in WOPI specs) as part
of the CheckFileInfo response. It also expects wsd to send the
same timestamp in X-LOOL-WOPI-Timestamp header during WOPI::PutFile. If
this header is present, then WOPI host checks, before saving the
document, if the timestamp in the header is equal to the timestamp of
the file in its storage. Only upon meeting this condition, it saves the
file back to storage, otherwise it informs us about some change
to the document.

We are supposed to inform the user accordingly. If user is okay
with over-writing the document, then we can omit sending
X-LOOL-WOPI-Timestamp header, in which case, no check as mentioned above
would be performed while saving the file and document will be
overwritten.

Also, use a separate list of LOOL status codes to denote such a change.
It would be wrong to use HTTP_CONFLICT status code for denoting doc
changed in storage scenario. WOPI specs reserves that for WOPI locks
which are not yet implemented. Better to use a separate LOOL specific
status codes synced across WOPI hosts and us to denote scenario that we
expect and are not covered in WOPI specs.

Change-Id: I61539dfae672bc104b8008f030f96e90f9ff48a5
2017-06-01 16:17:07 +05:30
Pranav Kant
15a4474572 Remove superfluous WOPI calls to getFileInfo to check timestamp
One can add the timetamp information in the PutFile call itself. This
way we can avoid making an extra CheckFileInfo call here.

Change-Id: Iae180262e648c36b9cfeb6d5fabdf5d243b93afb
2017-06-01 16:17:07 +05:30
Pranav Kant
d840e8720a Handle WOPI PutFile unauthorized access token
Change-Id: I29ee8cc0c9f3ea42f70628eca6f74d161d1a38f9
2017-05-31 12:08:31 +05:30
Ashod Nakashian
da2d3cbc92 wsd: support per-user links and commands
userextrainfo is a json array that contains
extra user-specific links.

Currently 'avatar' is assumed to hold the
image url for the user's avatar.

'mail' and other links can also be added.

Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-29 06:45:18 +02:00
Aditya Dewan
9db39ce741 tdf#107752 admin console: indicating whether a document is modified.
Change-Id: I6055a601c1dd3b5e9700ef75d7c07d7e0b13d663
2017-05-23 19:00:53 +05:30
Pranav Kant
c05aec945d Revert "wsd: Use hostname and port in doc key too"
This reverts commit e8ff268992.

To have support for both multitenancy - several WOPI hosts using same wsd -
and WOPI host aliases, using a ID unique across a WOPI host instance as
part of the WOPI URL is a better approach that handles both of above
mentioned issues cleanly.
2017-05-23 17:05:07 +05:30
Ashod Nakashian
e877adc84b wsd: don't stop doc on unauthorized loading
When a client connects with expired/invalid
access_token, the document should remain
active for other/existing clients, if any.

However, if no clients exists (i.e. the
first client has invalid access_token),
then the document should be unloaded and
cleaned up.

Change-Id: Iaad95a4286325cc6ee130b37e3ad635993a71c72
Reviewed-on: https://gerrit.libreoffice.org/37916
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 21:07:03 +02:00
Pranav Kant
1ea87b627e wsd: Arrange exception handling a bit
Remove incorrect usage of std::uncaught_exception and handle
StorageConnectionException later.

Change-Id: I15ecd46b51e8ed33649fe876d46ce3d5fbae07cc
2017-05-22 11:04:26 +05:30
Ashod Nakashian
407c538f04 Correctly send termination reason to clients
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).

Also, show informative message to users in this case
instead of grey screen.

Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 07:05:28 +02:00
Ashod Nakashian
bdd8b715dd wsd: include cleanup
Change-Id: I9f28ee329e318043c31c899d3a07cd3139d838f0
Reviewed-on: https://gerrit.libreoffice.org/37890
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 07:04:24 +02:00
Ashod Nakashian
873cbcbe91 wsd: logging corrections
Change-Id: I35c52494137ea174c218bf936bc2440634036e3e
Reviewed-on: https://gerrit.libreoffice.org/37889
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 07:03:47 +02:00
Pranav Kant
bcf958c500 wsd: Fail gracefully when storage misbehaves
When WOPI's CheckFileInfo or GetFile responds with status code other
than HTTP 200, show a message to the user indicating some problem in the
storage.

Currently, we open an empty document if storage doesn't return a
document which surely is not correct.

Mention the storage server address when asking user to contact the
server administrator to be more friendly.

Change-Id: I15f0489f36db8689b43d42f6b691fdd21815e4fa
2017-05-19 20:53:42 +05:30
Jan Holesovsky
9db41725f4 Revert "wsd: use WOPI host instance ID to support hostname aliases"
Turns out this introduces two calls to the CheckFileInfo which is not really
what we should be doing; instead, let's do a kind of cannonicalization in the
WOPI host directly.

This reverts commit ec2fd0844f.

Change-Id: I311bf8a45b706ed9a4d8cd00db0a990ac6d461b4
2017-05-19 10:34:38 +02:00
Ashod Nakashian
ec2fd0844f wsd: use WOPI host instance ID to support hostname aliases
The docKey creation moved to Storage where we first
invoke WOPI (if/when it's a WOPI-hosted doc and WOPI enabled)
and see if the user has access to the document at all.
If they do, we expect the server to give us a
unique ID to use for identifying the host regardless
of hostname aliases.

If a unique ID is not returned (i.e. empty or missing)
we use the hostname and port in its place as fallback.
This will break hostname aliases, but it will still work.

Change-Id: I407b0087395f9df6ad9cc6e037570487999be4a4
Reviewed-on: https://gerrit.libreoffice.org/37697
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-17 04:18:31 +02:00
Pranav Kant
1cb75cbcb8 wsd: Save wrapper over .uno:Save
Document broker needs to know when the save request is sent and when the
save finished. It uses these parameters to avoid shutting down document,
in the document broker main polling loop, if save is already going on.
But direct .uno:Save commands issued from
loleaflet precludes document broker to keep track of it - in this case a
.uno:Save command issued from loleaflet followed by closing the
session will prevent saving the document to storage, if document is huge
enough and LO core takes a bit of time to save it. A save wrapper
command, 'save', ensures that document broker is aware of all such save
requests (_saveRequestTime member variable) and doesn't close the
document until we completely save it (to storage and other cleanups).

Change-Id: I5ec73d45adff23b2e7543e93dfd0624a5e5af46d
2017-05-15 11:41:52 +05:30
Jan Holesovsky
95e892168c wsd: When connecting new sessions, always use the original URI...
...but in combination with the appropriate session's access_token to always
authenticate against the same instance of the WOPI host.

Change-Id: Ic94dfa8fcb226a2d134272b22edc1f8f76c24e34
2017-05-12 18:07:23 +02:00
Pranav Kant
e8ff268992 wsd: Use hostname and port in doc key too
... to avoid different WOPI hosts using same loolwsd instance sharing a
file because the path of the file (file id etc.) is same in both of
WOPI hosts.

Though, having hosts + port in doc key engenders the possibility of
opening the same file as two if the WOPI host is accessed using
different aliases but that is much less of a concern than security bug
mentioned in previous paragraph.

Change-Id: Iaa2f880edce952925a85e56ed8eba99514e19751
Reviewed-on: https://gerrit.libreoffice.org/37400
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-05-10 17:02:47 +02:00
Ashod Nakashian
7d823787bb wsd: configurable idle document timeout
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.

Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-08 05:00:56 +02:00
Ashod Nakashian
9798eafb8c wsd: random jail paths instead of pid
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.

The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.

Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-08 04:59:12 +02:00