This allows us to use multiple hosts using same coolwsd instance.
added aliases configuration to coolwsd.xml to avoid
possibility of opening the same file as two if the
WOPI host is accessed using different aliases
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I32913015c15fd396cecc702b76e0dcaa8bcafad3
fetch JSON from remote server and apply new config without restarting coolwsd
- Extended the feature_locked configuration & functionality so that it can be set per wopi host ranges
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: Id0e2b4b524a80de88b2b3559dd18c4a95b8163fb
We no store the origina modified time of the document
as we receive from the storage server in string
form and send it back as-is. This avoids any
potential issues with the roundtrip of conversion
to and from a timestamp.
Change-Id: I524bea8f36c3ce62dcd00c4fe6a1e7e083287ed1
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This remove reuse_cookies as a setting and feature
altogether. It was originally a workaround to aid
with authentication, prior to having access_token.
However, it proved to be less useful than originally
anticipated, primarily because cookies nowadays have
security restrictions in browsers. In addition to
the fact that access_token simply deprecated it.
While the documentation has also been updated,
tests still have reuse_cookies in input data.
This is intentional to ensure the code is
backwards compatible with any deployment that might
still pass URLs with reuse_cookies around.
Change-Id: If214b299b34a910face8cabc7c1335621990c85e
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
When async save was started but we want to stop DocumentBroker
- we shouldn't kill the socket which listens to save result.
Because when we kill socket we will destroy DocumentBroker
before saving is completed, this allows for a minimal time
to connect again to the document and receive old content
from the WOPI storage. When we wait for async save result
we will keep DocumentBroker alive and next session can be
connected and receive correct content.
fixes: https://github.com/CollaboraOnline/online/issues/2747
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I5505a5ccc1f3d6928c723bddfea16bf5c5798d1e
remember correct URI so all the following communication
(eg. downloading the file, upload) will be performed on new location.
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: Id14c5209eb1d9ffc7c24d7e02f0c7c32a60568b7
With some loadbalancers it may happen that HTTP 302 Found
response with redirect location will appear.
Change-Id: I7bac807761423adcd827cf775bd1d3d2ba87a6cc
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
To avoid writing (saving) while reading (uploading) or
any other undesirable racse on the document file,
we atomically rename the file after saving on disk
to pass ownership.
After saving in Core, we rename the document in the
jail to .upload (by appending it). DocumentBroker
looks for the file with that extension and atomically
renames it to .uploading (by appening the 'ing' suffix).
This way, the Kit only renames from the original to
.upload and DocBroker renames only .upload to .uploading.
This guarantees that we never rename the same file
concurrently.
Uploading decision is strictly based on the modified
timestamp of the .uploading file, compared to the
timestamp of the last file we uploaded successfully.
Change-Id: I03520cd8c87605f6dad417e7a978204f76fc0c38
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Now we can handle the response of the storage
after the async upload is complete (or timed out).
Change-Id: I29d450646bddb07f02bb17d257e7e0fa372ce357
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The download operation itself is done
after reading the response from the Poco
object. Therefore, the time duration that
was captured for the GetFile operation
was inaccurate. Luckily, we only need
to time the download API of the Storage
object, which actually is simpler, and
more accurate.
Change-Id: I05c94a29fa59d5efae215f2daea17672abc6efc7
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
For some reason, the duration of the CheckFileInfo
request was not set/updated, and therefore it was
always 0. This fixes this oversight and also
moves the duration variable locally, since
the request is synchronous anyway and there is
hardly any reason to store it elsewhere.
Change-Id: I613b24311bc5c8ee9ab98d675057f354990226e8
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
And a couple of const cases.
The removed const is to allow move on return.
Change-Id: I7a81b531e75c39379871f5ffeb82d49ba1110ab1
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
A minor cleanup of UploadResult to make tidy
it up a little bit and make it less specific.
Single-argument constructors should be explicit
to avoid unexpected conversion and other surprises.
Change-Id: I57599805743dffddac620f501dc6ca79c2217f89
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
While chrono supports double as a datatype, it
is opaque and doesn't lend itself to any obvious
units of time (presumably seconds). Using
chrono::milliseconds is much more readable and
also safe when converting from seconds or any
other units. Ultimately, we typically convert
to milliseconds anyway, mostly for logging.
There is but one exception where we convert
in seconds, and now that case is documented.
Change-Id: Ide98f45f2ad8da8225d41ae870bbc4bc09a2a0b5
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Using "load" and "save" in the storage was a poor
choice of verbs, in hindsight, because these very
same verbs are also used to describe the loading
and saving of documents in Core.
It is more appropriate to label the storage
operations as download and upload, respectively,
to avoid any confusion. This is especially useful
because when reporting we have for some time now
been reporting the results of each of these
stages separately, there is no longer reason
to label them the same.
We already used "upload" and "download" in
some of the logs, but not all.
Change-Id: I0fac9130032e2c3c6dfb4d671c31130265091f0d
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This is in preparation for asynchronous uploading.
Change-Id: Ibd0ff0fa8edfc08ad2755a45227891ed40e09d1c
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
We now download the convert-to files into the
child-root/tmp directory and then move it into
the jail that will convert it. This way ownership
and cleanup become contained within our child-root
and jail subsystems. This reduces the chances of
leaking convert-to files and simplifies the design.
In addition, we avoid an extra file copy and improve
the security of the convert-to API.
Change-Id: I450c24d0d0dc0da447c8072b0701c3b48d07c81b
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.
Also, 'using std::size_t;' isn't a great practice,
so removed.
This is not exhaustive, just some low-hanging cases.
Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This makes the code self-documenting and avoids accidental
comparison or assignment of Result variables/values.
Change-Id: I84b8e36aa999191c8704938552b73ddc1c3dc3fc
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
std::ifstream's tellg() returns -1 on error.
This is handled very poorly and shows up as ULONG_MAX.
Luckily, we have Stat class that does the same
both more safely and more efficiently.
Without opening the file, we now get the necessary
information unambiguously.
Change-Id: I2448bc71e01b0f166a9dd66aa38a88ea97a50cdd
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The default Poco connection timeout is 60 seconds,
which is probably excessive. The current configurable
default is a more reasonable 30 seconds.
Currently we set this timeout on Storage connections
going out (i.e. WOPI connections).
Change-Id: Ie80a9141ca9bf721addc74baf94e62e0ad72fdd2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98913
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ash@collabora.com>
665b1629de was not correct, as it reported back
the save result of the internal save (which usually succeeds).
Instead we want to know the save result of the remote storage (WOPI/Webdav).
So report that back instead.
Change-Id: Iaaa42b8c817a19c2c77935a6f81c1951fdf2216c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/97637
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc.. When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).
A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.
Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.
The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.
This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.
As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.
The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.
The random temp directory is now created and set
correctly, plus many logging and other improvements.
Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
This hoists the common parts of the HTTPRequest
for all WOPI requests to avoid errors when changing them.
Change-Id: Ia02ef657a43b7a7d2fc13be3da012836fa0d7650
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96372
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Dung out lots of pointless intermediate variables, and overly
verbose code. Vertical space is not a renewable resource.
Most variables had a consistent pattern, except these:
caller var c'tor parameter member name
Change-Id: I7910b713b8c4f6950b1e7be9c3a8e4eb4f54e249
----------------------------------------------------------
userId userid _userId
userName username _username
canWrite userCanWrite _userCanWriter
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96129
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
This is the new default - do as we're told by the client.
The old setting is left to allow users to force SSL if they are
concerned that they may receive unhelpful URLs.
Change-Id: Idea83aacea6826a8f37264e34d49c7550efe6d27
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/93179
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
LibreOffice core uses that, too, and we support an even more
restricted set of compilers.
Change-Id: I0d0e2c8608e323eb5ef0f35ee8c46d02ab49a745
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92467
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Cookies may be passed from the client to the storage,
in which case each user may have its own unique set
of cookies. These cookies are now preserved in the
ClientSession, which is per connection, and are then
passed to the storage to use when communicating with
the WOPI-like backend.
(cherry picked from commit 6022faf3cc9b622b490c3f8ca91efbff8e542414)
Change-Id: Ic2e13fa541a5ee01b7383939bbbf7d46ea75684b