Commit graph

15 commits

Author SHA1 Message Date
Michael Meeks
cca657c8f2 Apply the pre-branch rename script to re-organize the source. 2016-11-25 09:58:48 +00:00
Pranav Kant
09b33d357d loolwsd: Escape access token safely, don't be too defensive
Change-Id: I43cb71f418904c0b925722f4d2fe3ac1b0a351f6
2016-11-15 20:21:02 +05:30
Andras Timar
e302993791 loolwsd: remove unused defines 2016-10-24 16:37:56 +02:00
Henry Castro
fe2004a06f loolwsd: rework bccu#2022, User warning on hitting limit 2016-09-28 16:01:53 -04:00
Henry Castro
0ccbf8b235 loolwsd: bccu#2022, User warning on hitting limit 2016-09-27 17:28:30 -04:00
Pranav Kant
06b869bb63 loolwsd: -Werror,-Wpointer-bool-conversion
isSSLTermination() was added in b0619d387b

Change-Id: I63a702023b6a096154b510653bed885331e8e22d
2016-08-29 10:53:56 +05:30
Andras Timar
b0619d387b loolwsd: add support of SSL termination 2016-08-28 23:06:30 +02:00
Ashod Nakashian
a5716da8f8 loolwsd: fail gracefully on invalid file requests
Change-Id: I576623de1251c916f3a54dca8e470d8989710e40
Reviewed-on: https://gerrit.libreoffice.org/27687
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-07-29 12:43:43 +00:00
Pranav Kant
b8ef017610 Move JWT auth to inside websocket to prevent CSRF
... instead of setting a httpOnly cookie for admin websocket
endpoint which can be CSRFed.

With this, we remove the httpOnly tag on jwt cookie so that
scripts in admin html pages can access the jwt cookie and
authenticates after opening websocket endpoint. Until
authenticated using 'auth authToken' command, admin will not
respond to any admin command.

Also, adapt admin test these changes
2016-07-29 12:03:14 +05:30
Pranav Kant
a97b4f52b8 loolwsd: Make FileServer a singleton 2016-07-28 13:54:50 +05:30
Pranav Kant
fee967e510 loolwsd: Fix indentation 2016-07-28 13:54:50 +05:30
Ashod Nakashian
9510c1aca7 loowsd: log file server requests
Change-Id: Ia3e9ebf2888a629b8e5fb0b83dd526fcaec03835
Reviewed-on: https://gerrit.libreoffice.org/27452
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-07-23 02:58:03 +00:00
Miklos Vajna
f5bf034949 FileServer: clean up unused 'using' declarations
Change-Id: I0db8215f21dbdc6e90c2a3bbfe517d7a0f3c4a0f
2016-07-22 09:18:28 +02:00
Pranav Kant
dff5118d3a loolwsd: Better handling of JWT cookies
Use Poco API instead of manually finding the cookie in request
headers.

Change-Id: I4fee64b0adfe8a3139ad4291512e94fd65f9aa9d
2016-07-19 23:28:36 +05:30
Pranav Kant
f9b86d749d loolwsd: Split FileServer into header/implementation
Change-Id: Idf0d2cb92028a79b8b32e0225ce5be1a1156542e
2016-07-19 22:53:48 +05:30