The docKey creation moved to Storage where we first
invoke WOPI (if/when it's a WOPI-hosted doc and WOPI enabled)
and see if the user has access to the document at all.
If they do, we expect the server to give us a
unique ID to use for identifying the host regardless
of hostname aliases.
If a unique ID is not returned (i.e. empty or missing)
we use the hostname and port in its place as fallback.
This will break hostname aliases, but it will still work.
Change-Id: I407b0087395f9df6ad9cc6e037570487999be4a4
Reviewed-on: https://gerrit.libreoffice.org/37697
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Document broker needs to know when the save request is sent and when the
save finished. It uses these parameters to avoid shutting down document,
in the document broker main polling loop, if save is already going on.
But direct .uno:Save commands issued from
loleaflet precludes document broker to keep track of it - in this case a
.uno:Save command issued from loleaflet followed by closing the
session will prevent saving the document to storage, if document is huge
enough and LO core takes a bit of time to save it. A save wrapper
command, 'save', ensures that document broker is aware of all such save
requests (_saveRequestTime member variable) and doesn't close the
document until we completely save it (to storage and other cleanups).
Change-Id: I5ec73d45adff23b2e7543e93dfd0624a5e5af46d
Show the user that authorization failed.
Change-Id: Iad63c11ac2033eee80062ecd43dff76f776924c3
Reviewed-on: https://gerrit.libreoffice.org/37610
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Thread-affinity checks must be inhibited
not just on Socket, but on the SocketPoll as well,
before destroying DocumentBroker instances.
Also, properly initialize the inhibit statics.
Change-Id: I2ced1554d477f0c3faf09bda74034cbae99e4ce1
Reviewed-on: https://gerrit.libreoffice.org/37608
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
...but in combination with the appropriate session's access_token to always
authenticate against the same instance of the WOPI host.
Change-Id: Ic94dfa8fcb226a2d134272b22edc1f8f76c24e34
Timeouts to dimming the doc in the browser
are now configurable from WSD and is relayed
to loleflet as expected.
Out of focus timeout is now 60 seconds.
Change-Id: I8452e30976f6a81b0c3bb3ba5774daa244c1640c
Reviewed-on: https://gerrit.libreoffice.org/37489
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
... to avoid different WOPI hosts using same loolwsd instance sharing a
file because the path of the file (file id etc.) is same in both of
WOPI hosts.
Though, having hosts + port in doc key engenders the possibility of
opening the same file as two if the WOPI host is accessed using
different aliases but that is much less of a concern than security bug
mentioned in previous paragraph.
Change-Id: Iaa2f880edce952925a85e56ed8eba99514e19751
Reviewed-on: https://gerrit.libreoffice.org/37400
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
This is required in those setup where the document is not served from
the same host user is currently connected to. Use the Referer[sic]
header to set the frame ancestors and if they are absent, fallback to
WOPISrc value provided by the WOPI host.
Change-Id: Ia63a213d10aca2df56a2884e07322c1cd8056ff8
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.
Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.
The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.
Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Dung out overlapping return enumerations. Move more work into 'move'
callbacks at a safer time, etc.
Change-Id: I62ba5a35f12073b7b9c8de4674be9dae519a8aca
Use what we read at startup as the complete set of files to serve.
Trace log filenames as we read them.
Simplify and accelerate path related checks via the hash.
Kill leak with get_current_dir_name and use the correct path.
Poco::DateTime is enough to create an object representing the current
date time, no need to create a timestamp first.
Change-Id: Ib95b43c1f7ae4993a6d9f7ec6da1234ac2bf59aa
POST requests require the full request to be
left in the socket buffer to be parsed in full.
But GET requests, especially WS upgrade, must
have the request cleared from the socket, as
there is more data expected to be read after
the upgrade, which happens by the DocBroker
thread, so clearing the buffer must be done
before the upgrade.
This patch accomodates these two conflicting
cases and refactors the code slightly to
make it more structured and readable.
Change-Id: Ia7357a745a3900f986099ba14af2a0946023018b
Reviewed-on: https://gerrit.libreoffice.org/36873
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Because POST requests need to consume the complete
request message, we shouldn't clear the buffer
before handling the POST request.
Change-Id: I53f7b664378dd6614afc6983fdd10d0102b38acf
Reviewed-on: https://gerrit.libreoffice.org/36763
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
We should only remove sessions that had already been
disconnected, which caused the saving.
Change-Id: I22fc54356af50df7a7bd2107fa17f6951d40812f
Reviewed-on: https://gerrit.libreoffice.org/36762
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Not to confuse with the DocumentBroker isLoaded,
this is view-specific. Except for the first view,
which is identical to the document being loaded,
subsequent view loadings are independent from,
though follow, document loading.
Change-Id: I0f21016fa84bf507ca4bc0e7a6c7d0d76b033c60
Reviewed-on: https://gerrit.libreoffice.org/36761
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When a session is disconnecting and we use it to save
(because the other sessions are not viable for saving),
then we need to correctly detect if by the time
saving is done there are no other sessions left.
Otherwise, we end up thinking there are other sessions
when the others had been disconnected during saving.
Change-Id: I55687376f5237a495ae163b53f51ee1d2414d770
Reviewed-on: https://gerrit.libreoffice.org/36711
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
If a session is not loaded, it might never
do so. We should skip them when deciding
whether to save using a disconnecting
session or rely on another.
This is to avoid failing to save when
the remaining sessions never really load
the document at all, and are therefore useless.
Change-Id: I4e7127e12960a31e9f66e835bb63fb2347390711
Reviewed-on: https://gerrit.libreoffice.org/36710
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
The server correctly saves all documents
and waits to upload them before exiting.
Change-Id: I04dc9ce588bc0fa39a9deb298d0a5efa61a03f1a
Reviewed-on: https://gerrit.libreoffice.org/36654
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
A Document has its own snapshots set.
A snapshot is a string representation of a JSON object.
AdminModel keeps also the expired document objects.
Query each document object in order to get their own history.
Admin accepts an "history" command then returns a json object.
An administrator checks the history by dashboard.
Change-Id: I73c87eff334cdb5a4a58043b2b66f18a56240b3a
Reviewed-on: https://gerrit.libreoffice.org/35926
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>