scinote-web/app/controllers/wopi_controller.rb

374 lines
13 KiB
Ruby
Raw Normal View History

2016-08-03 21:31:25 +08:00
class WopiController < ActionController::Base
include WopiUtil
2019-09-19 21:55:29 +08:00
skip_before_action :verify_authenticity_token
2016-09-23 16:27:30 +08:00
before_action :load_vars, :authenticate_user_from_token!
before_action :verify_proof!
2016-08-03 21:31:25 +08:00
2016-09-23 16:27:30 +08:00
# Only used for checkfileinfo
def file_get_endpoint
2016-08-03 21:31:25 +08:00
check_file_info
end
2016-09-23 16:27:30 +08:00
def file_contents_get_endpoint
# get_file
response.headers['X-WOPI-ItemVersion'] = @asset.version
response.body = @asset.file.download
2016-09-23 16:27:30 +08:00
send_data response.body, disposition: 'inline', content_type: 'text/plain'
2016-08-03 21:31:25 +08:00
end
def post_file_endpoint
2016-09-23 16:27:30 +08:00
override = request.headers['X-WOPI-Override']
2016-08-03 21:31:25 +08:00
case override
2016-09-23 16:27:30 +08:00
when 'GET_LOCK'
get_lock
when 'PUT_RELATIVE'
put_relative
when 'LOCK'
old_lock = request.headers['X-WOPI-OldLock']
if old_lock.nil?
lock
2016-08-03 21:31:25 +08:00
else
2016-09-23 16:27:30 +08:00
unlock_and_relock
2016-08-03 21:31:25 +08:00
end
2016-09-23 16:27:30 +08:00
when 'UNLOCK'
unlock
when 'REFRESH_LOCK'
refresh_lock
when 'GET_SHARE_URL'
render body: nil, status: 501 and return
2016-09-23 16:27:30 +08:00
else
render body: nil, status: 404 and return
2016-09-23 16:27:30 +08:00
end
2016-08-03 21:31:25 +08:00
end
2016-09-23 16:27:30 +08:00
# Only used for putfile
def file_contents_post_endpoint
logger.warn 'WOPI: post_file_contents called'
2016-08-03 21:31:25 +08:00
put_file
end
def check_file_info
2017-03-16 01:01:15 +08:00
asset_owner_id = @asset.id.to_s
asset_owner_id = @asset.created_by_id.to_s if @asset.created_by_id
2016-09-23 16:27:30 +08:00
msg = {
BaseFileName: @asset.file_name,
2017-03-16 01:01:15 +08:00
OwnerId: asset_owner_id,
Size: @asset.file_size,
UserId: @user.id.to_s,
Version: @asset.version.to_s,
2016-09-23 16:27:30 +08:00
SupportsExtendedLockLength: true,
SupportsGetLock: true,
SupportsLocks: true,
SupportsUpdate: true,
# Setting all users to business until we figure out
# which should NOT be business
LicenseCheckForEditIsEnabled: true,
UserFriendlyName: @user.name,
2016-10-04 00:25:01 +08:00
UserCanWrite: @can_write,
UserCanNotWriteRelative: true,
CloseUrl: @close_url,
DownloadUrl: url_for(controller: 'assets', action: 'file_url',
id: @asset.id, host: ENV['WOPI_USER_HOST']),
2016-09-23 16:27:30 +08:00
HostEditUrl: url_for(controller: 'assets', action: 'edit',
id: @asset.id, host: ENV['WOPI_USER_HOST']),
2016-09-23 16:27:30 +08:00
HostViewUrl: url_for(controller: 'assets', action: 'view',
id: @asset.id, host: ENV['WOPI_USER_HOST']),
2016-10-04 01:45:39 +08:00
BreadcrumbBrandName: @breadcrumb_brand_name,
BreadcrumbBrandUrl: @breadcrumb_brand_url,
BreadcrumbFolderName: @breadcrumb_folder_name,
BreadcrumbFolderUrl: @breadcrumb_folder_url
2016-09-23 16:27:30 +08:00
}
response.headers['X-WOPI-HostEndpoint'] = ENV['WOPI_ENDPOINT_URL']
response.headers['X-WOPI-MachineName'] = ENV['WOPI_ENDPOINT_URL']
response.headers['X-WOPI-ServerVersion'] = Scinote::Application::VERSION
2016-09-23 16:27:30 +08:00
render json: msg and return
end
def put_relative
render body: nil, status: 501 and return
end
def lock
2016-09-23 16:27:30 +08:00
lock = request.headers['X-WOPI-Lock']
logger.warn 'WOPI: lock; ' + lock.to_s
render body: nil, status: 404 and return if lock.nil? || lock.blank?
@asset.with_lock do
if @asset.locked?
if @asset.lock == lock
@asset.refresh_lock
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-Lock'] = @asset.lock
render body: nil, status: 409 and return
end
else
@asset.lock_asset(lock)
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
end
end
end
def unlock_and_relock
2016-09-23 16:27:30 +08:00
logger.warn 'lock and relock'
lock = request.headers['X-WOPI-Lock']
old_lock = request.headers['X-WOPI-OldLock']
if lock.nil? || lock.blank? || old_lock.blank?
render body: nil, status: 400 and return
end
@asset.with_lock do
if @asset.locked?
if @asset.lock == old_lock
@asset.unlock
@asset.lock_asset(lock)
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-Lock'] = @asset.lock
render body: nil, status: 409 and return
end
else
response.headers['X-WOPI-Lock'] = ' '
render body: nil, status: 409 and return
end
end
2016-08-03 21:31:25 +08:00
end
def unlock
2016-09-23 16:27:30 +08:00
lock = request.headers['X-WOPI-Lock']
render body: nil, status: 400 and return if lock.nil? || lock.blank?
@asset.with_lock do
if @asset.locked?
logger.warn "WOPI: current asset lock: #{@asset.lock},
unlocking lock #{lock}"
if @asset.lock == lock
@asset.unlock
2016-09-29 00:02:47 +08:00
@asset.post_process_file # Space is already taken in put_file
2016-09-29 21:30:55 +08:00
create_wopi_file_activity(@user, false)
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-Lock'] = @asset.lock
render body: nil, status: 409 and return
end
else
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: tried to unlock non-locked file'
response.headers['X-WOPI-Lock'] = ' '
render body: nil, status: 409 and return
end
end
end
def refresh_lock
2016-09-23 16:27:30 +08:00
lock = request.headers['X-WOPI-Lock']
render body: nil, status: 400 and return if lock.nil? || lock.blank?
@asset.with_lock do
if @asset.locked?
if @asset.lock == lock
@asset.refresh_lock
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-Lock'] = @asset.lock
render body: nil, status: 409 and return
end
else
response.headers['X-WOPI-Lock'] = ' '
render body: nil, status: 409 and return
end
end
end
def get_lock
@asset.with_lock do
if @asset.locked?
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-Lock'] = @asset.lock
else
response.headers['X-WOPI-Lock'] = ' '
end
render body: nil, status: 200 and return
end
end
2016-09-23 16:27:30 +08:00
def put_file
@asset.with_lock do
2016-09-23 16:27:30 +08:00
lock = request.headers['X-WOPI-Lock']
if @asset.locked?
if @asset.lock == lock
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: replacing file'
2016-09-29 00:02:47 +08:00
2017-03-14 20:29:59 +08:00
@team.release_space(@asset.estimated_size)
@asset.update_contents(request.body)
2016-09-28 22:22:25 +08:00
@asset.last_modified_by = @user
@asset.save
2016-09-29 00:02:47 +08:00
2017-03-14 20:29:59 +08:00
@team.take_space(@asset.estimated_size)
@team.save
2016-09-29 00:02:47 +08:00
@protocol.update(updated_at: Time.now) if @protocol
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: wrong lock used to try and modify file'
response.headers['X-WOPI-Lock'] = @asset.lock
render body: nil, status: 409 and return
end
elsif !@asset.file_size.nil? && @asset.file_size.zero?
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: initializing empty file'
2016-09-29 00:02:47 +08:00
2017-03-14 20:29:59 +08:00
@team.release_space(@asset.estimated_size)
2016-09-23 16:27:30 +08:00
@asset.update_contents(request.body)
2016-09-28 22:22:25 +08:00
@asset.last_modified_by = @user
@asset.save
2017-03-14 20:29:59 +08:00
@team.save
2016-09-29 00:02:47 +08:00
2016-09-23 16:27:30 +08:00
response.headers['X-WOPI-ItemVersion'] = @asset.version
render body: nil, status: 200 and return
else
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: trying to modify unlocked file'
response.headers['X-WOPI-Lock'] = ' '
render body: nil, status: 409 and return
end
end
end
2016-08-03 21:31:25 +08:00
def load_vars
@asset = Asset.find_by_id(params[:id])
if @asset.nil?
render body: nil, status: 404 and return
2016-08-03 21:31:25 +08:00
else
2016-09-28 22:22:25 +08:00
logger.warn 'Found asset: ' + @asset.id.to_s
2016-08-03 21:31:25 +08:00
step_assoc = @asset.step
result_assoc = @asset.result
repository_cell_assoc = @asset.repository_cell
2016-09-23 16:27:30 +08:00
@assoc = step_assoc unless step_assoc.nil?
@assoc = result_assoc unless result_assoc.nil?
@assoc = repository_cell_assoc unless repository_cell_assoc.nil?
2016-08-03 21:31:25 +08:00
if @assoc.class == Step
@protocol = @asset.step.protocol
2017-03-14 20:29:59 +08:00
@team = @protocol.team
elsif @assoc.class == Result
2016-08-03 21:31:25 +08:00
@my_module = @assoc.my_module
2017-03-14 20:29:59 +08:00
@team = @my_module.experiment.project.team
elsif @assoc.class == RepositoryCell
@repository = @assoc.repository_column.repository
@team = @repository.team
2016-08-03 21:31:25 +08:00
end
end
end
private
2016-09-23 16:27:30 +08:00
def authenticate_user_from_token!
wopi_token = params[:access_token]
if wopi_token.nil?
logger.warn 'WOPI: nil wopi token'
render body: nil, status: 401 and return
2016-09-23 16:27:30 +08:00
end
2016-08-03 21:31:25 +08:00
2016-09-23 16:27:30 +08:00
@user = User.find_by_valid_wopi_token(wopi_token)
if @user.nil?
logger.warn 'WOPI: no user with this token found'
render body: nil, status: 401 and return
2016-08-03 21:31:25 +08:00
end
2016-09-28 22:22:25 +08:00
logger.warn 'WOPI: user found by token ' + wopi_token +
' ID: ' + @user.id.to_s
2016-09-23 16:27:30 +08:00
2016-09-27 01:23:27 +08:00
# This is what we get for settings permission methods with
# current_user
@current_user = @user
if @assoc.class == Step
2016-10-04 00:25:01 +08:00
if @protocol.in_module?
@can_read = can_read_protocol_in_module?(@protocol)
@can_write = can_manage_protocol_in_module?(@protocol)
@close_url = protocols_my_module_url(@protocol.my_module,
only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
project = @protocol.my_module.experiment.project
@breadcrumb_brand_name = project.name
@breadcrumb_brand_url = project_url(project,
only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
@breadcrumb_folder_name = @protocol.my_module.name
2016-10-04 00:25:01 +08:00
else
@can_read = can_read_protocol_in_repository?(@protocol)
@can_write = can_manage_protocol_in_repository?(@protocol)
@close_url = protocols_url(only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
@breadcrump_brand_name = 'Projects'
@breadcrumb_brand_url = root_url(only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
@breadcrumb_folder_name = 'Protocol managament'
2016-10-04 00:25:01 +08:00
end
@breadcrumb_folder_url = @close_url
elsif @assoc.class == Result
@can_read = can_read_experiment?(@my_module.experiment)
@can_write = can_manage_module?(@my_module)
2016-10-04 00:25:01 +08:00
@close_url = results_my_module_url(@my_module,
only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
@breadcrumb_brand_name = @my_module.experiment.project.name
@breadcrumb_brand_url = project_url(@my_module.experiment.project,
only_path: false,
host: ENV['WOPI_USER_HOST'])
2016-10-04 01:45:39 +08:00
@breadcrumb_folder_name = @my_module.name
@breadcrumb_folder_url = @close_url
elsif @assoc.class == RepositoryCell
@can_read = can_read_repository?(@repository)
@can_write = can_edit_wopi_file_in_repository_rows?
@close_url = repository_url(@repository,
only_path: false,
host: ENV['WOPI_USER_HOST'])
@breadcrumb_brand_name = @team.name
@breadcrumb_brand_url = @close_url
@breadcrumb_folder_name = @assoc.repository_row.name
@breadcrumb_folder_url = @close_url
2016-09-27 01:23:27 +08:00
end
render body: nil, status: 404 and return unless @can_read
2016-09-23 16:27:30 +08:00
end
2016-08-03 21:31:25 +08:00
2016-09-23 16:27:30 +08:00
def verify_proof!
token = params[:access_token].encode('utf-8')
timestamp = request.headers['X-WOPI-TimeStamp'].to_i
signed_proof = request.headers['X-WOPI-Proof']
signed_proof_old = request.headers['X-WOPI-ProofOld']
url = request.original_url.upcase.encode('utf-8')
2016-08-03 21:31:25 +08:00
2016-09-23 16:27:30 +08:00
if convert_to_unix_timestamp(timestamp) + 20.minutes >= Time.now
if current_wopi_discovery.verify_proof(token, timestamp, signed_proof,
signed_proof_old, url)
2016-09-23 16:27:30 +08:00
logger.warn 'WOPI: proof verification: successful'
else
logger.warn 'WOPI: proof verification: not verified'
render body: nil, status: 500 and return
2016-08-03 21:31:25 +08:00
end
2016-09-23 16:27:30 +08:00
else
logger.warn 'WOPI: proof verification: timestamp too old; ' +
timestamp.to_s
render body: nil, status: 500 and return
2016-08-03 21:31:25 +08:00
end
2016-09-23 16:27:30 +08:00
rescue => e
logger.warn 'WOPI: proof verification: failed; ' + e.message
render body: nil, status: 500 and return
2016-09-23 16:27:30 +08:00
end
# Overwrriten in electronic signature for locked inventory items
def can_edit_wopi_file_in_repository_rows?
2019-07-12 22:43:54 +08:00
can_manage_repository_rows?(@repository)
end
end