... instead of handing it over the Document broker polling thread which
can lead to race conditions, and hence not giving desired behavior when
document is changed externally.
Change-Id: Ib0821d4ae931c357bc4d4c526865eefc090ddc23
But these save conditions are checked every 30 seconds only, so setting
them to less than 30 seconds wouldn't mean that save will be triggered
anytime sooner.
Change-Id: Id473a79af6a3170c72e372040460f2b7c15f150e
Sometimes client sends a userinactive message while the document is
already being loaded, which leads to the kit process skipping sending
the result of LOK callbacks to the client.
Handling this in child session is futile in the case when userinactive
message is sent when the document is being loaded, since kit process
handles the 'userinactive' message only after document is loaded (i.e
isLoaded() returns true). Moving this handling to DocumentBroker will
take care of both the cases - when 'userinactive' is sent before load
starts, and during load of the document.
Change-Id: I4ea3ac7b184d2ca373eb3ff4fb7b4ae394d454df
Start killing documents when memory usage goes above threshold.
Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.
Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
If Forkit is dead, getNewChild will fail fast.
Try not to busy loop in that case and yield
the CPU for a nominal duration, which currently
is the tenth of the normal getNewChild timeout.
Change-Id: I1a94dfedbf2a4f4fc12e4d33d1307f70c307987a
Reviewed-on: https://gerrit.libreoffice.org/39248
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This is called later after the while loop. Breaking out of while loop
should be enough.
Change-Id: I04979d3af1f475c05b5a43d7afe47770ff69ee25
Reviewed-on: https://gerrit.libreoffice.org/39086
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
Valgrind spotted one case, and the other is possible but
not common it seems.
Change-Id: Id5e41145f597c3564263adb25b7b765db1c90bf7
Reviewed-on: https://gerrit.libreoffice.org/38991
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
To make the debugging easier...
Change-Id: I7c6e748e72a595a6c3a5942a20874339b8456f19
Reviewed-on: https://gerrit.libreoffice.org/38781
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
File extensions marked as view (as opposed to edit)
in discovery.xml are now forced to be read-only,
regardless of what the client tries to request.
Change-Id: I3eb00c33ff716800dc317f7377281c6d5f0909d7
Reviewed-on: https://gerrit.libreoffice.org/38480
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This is required to tell the clients if the command they issued was
successfull or not. In this case 'savetostorage' is the command that we
are interested in knowing the success status of.
With this, now if the user commands to overwrite the document, dialog
boxes of all other users are automatically closed.
Can easily more commands in future for this kind of thing. Its similar
to unocommandresult, except its not a uno command, but our internal
command.
Change-Id: I2e7e1fd5edbd55c13ee4bf9bce24284483d6507f
There is one known problem still - after any user decides to overwrite
the file to storage, other users are not informed, so their dialog keeps
hanging on the screen until they press the cancel or reload button.
Change-Id: I6dad1585e4c53eeed79cd38316892a7f239d44ef
If we are rude, then we don't tell the reason behind closing the
document to our clients.
This method earlier was used to do 'ownertermination', but without this
patch, ownertermination is not going to work. We regressed somewhere in
the past.
Change-Id: I7a2513e567f72b1adf00d5a74b118e116d6d99d3
Introduce a new header X-LOOL-WOPI-Timestamp
This is a WOPI header extension to detect any external document change. For
example, when the file that is already opened by LOOL is changed
in storage.
The WOPI host sends LastModifiedTime field (in WOPI specs) as part
of the CheckFileInfo response. It also expects wsd to send the
same timestamp in X-LOOL-WOPI-Timestamp header during WOPI::PutFile. If
this header is present, then WOPI host checks, before saving the
document, if the timestamp in the header is equal to the timestamp of
the file in its storage. Only upon meeting this condition, it saves the
file back to storage, otherwise it informs us about some change
to the document.
We are supposed to inform the user accordingly. If user is okay
with over-writing the document, then we can omit sending
X-LOOL-WOPI-Timestamp header, in which case, no check as mentioned above
would be performed while saving the file and document will be
overwritten.
Also, use a separate list of LOOL status codes to denote such a change.
It would be wrong to use HTTP_CONFLICT status code for denoting doc
changed in storage scenario. WOPI specs reserves that for WOPI locks
which are not yet implemented. Better to use a separate LOOL specific
status codes synced across WOPI hosts and us to denote scenario that we
expect and are not covered in WOPI specs.
Change-Id: I61539dfae672bc104b8008f030f96e90f9ff48a5
One can add the timetamp information in the PutFile call itself. This
way we can avoid making an extra CheckFileInfo call here.
Change-Id: Iae180262e648c36b9cfeb6d5fabdf5d243b93afb
userextrainfo is a json array that contains
extra user-specific links.
Currently 'avatar' is assumed to hold the
image url for the user's avatar.
'mail' and other links can also be added.
Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This reverts commit e8ff268992.
To have support for both multitenancy - several WOPI hosts using same wsd -
and WOPI host aliases, using a ID unique across a WOPI host instance as
part of the WOPI URL is a better approach that handles both of above
mentioned issues cleanly.
When a client connects with expired/invalid
access_token, the document should remain
active for other/existing clients, if any.
However, if no clients exists (i.e. the
first client has invalid access_token),
then the document should be unloaded and
cleaned up.
Change-Id: Iaad95a4286325cc6ee130b37e3ad635993a71c72
Reviewed-on: https://gerrit.libreoffice.org/37916
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).
Also, show informative message to users in this case
instead of grey screen.
Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When WOPI's CheckFileInfo or GetFile responds with status code other
than HTTP 200, show a message to the user indicating some problem in the
storage.
Currently, we open an empty document if storage doesn't return a
document which surely is not correct.
Mention the storage server address when asking user to contact the
server administrator to be more friendly.
Change-Id: I15f0489f36db8689b43d42f6b691fdd21815e4fa
Turns out this introduces two calls to the CheckFileInfo which is not really
what we should be doing; instead, let's do a kind of cannonicalization in the
WOPI host directly.
This reverts commit ec2fd0844f.
Change-Id: I311bf8a45b706ed9a4d8cd00db0a990ac6d461b4
The docKey creation moved to Storage where we first
invoke WOPI (if/when it's a WOPI-hosted doc and WOPI enabled)
and see if the user has access to the document at all.
If they do, we expect the server to give us a
unique ID to use for identifying the host regardless
of hostname aliases.
If a unique ID is not returned (i.e. empty or missing)
we use the hostname and port in its place as fallback.
This will break hostname aliases, but it will still work.
Change-Id: I407b0087395f9df6ad9cc6e037570487999be4a4
Reviewed-on: https://gerrit.libreoffice.org/37697
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Document broker needs to know when the save request is sent and when the
save finished. It uses these parameters to avoid shutting down document,
in the document broker main polling loop, if save is already going on.
But direct .uno:Save commands issued from
loleaflet precludes document broker to keep track of it - in this case a
.uno:Save command issued from loleaflet followed by closing the
session will prevent saving the document to storage, if document is huge
enough and LO core takes a bit of time to save it. A save wrapper
command, 'save', ensures that document broker is aware of all such save
requests (_saveRequestTime member variable) and doesn't close the
document until we completely save it (to storage and other cleanups).
Change-Id: I5ec73d45adff23b2e7543e93dfd0624a5e5af46d
...but in combination with the appropriate session's access_token to always
authenticate against the same instance of the WOPI host.
Change-Id: Ic94dfa8fcb226a2d134272b22edc1f8f76c24e34
... to avoid different WOPI hosts using same loolwsd instance sharing a
file because the path of the file (file id etc.) is same in both of
WOPI hosts.
Though, having hosts + port in doc key engenders the possibility of
opening the same file as two if the WOPI host is accessed using
different aliases but that is much less of a concern than security bug
mentioned in previous paragraph.
Change-Id: Iaa2f880edce952925a85e56ed8eba99514e19751
Reviewed-on: https://gerrit.libreoffice.org/37400
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.
Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.
The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.
Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>