1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
<?php
/**
*
* (c) Copyright Ascensio System SIA 2020
*
* This program is a free software product.
* You can redistribute it and/or modify it under the terms of the GNU Affero General Public License
* (AGPL) version 3 as published by the Free Software Foundation.
* In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended to the effect
* that Ascensio System SIA expressly excludes the warranty of non-infringement of any third-party rights.
*
* This program is distributed WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* For details, see the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
*
* You can contact Ascensio System SIA at 20A-12 Ernesta Birznieka-Upisha street, Riga, Latvia, EU, LV-1050.
*
* The interactive user interfaces in modified source and object code versions of the Program
* must display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
*
* Pursuant to Section 7(b) of the License you must retain the original Product logo when distributing the program.
* Pursuant to Section 7(e) we decline to grant you any rights under trademark law for use of our trademarks.
*
* All the Product's GUI elements, including illustrations and icon sets, as well as technical
* writing content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International.
* See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
*
*/
namespace OCA\Onlyoffice;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\DirectEditing\IEditor;
use OCP\DirectEditing\IToken;
use OCP\IL10N;
use OCP\ILogger;
use OCP\IURLGenerator;
use OCA\Onlyoffice\AppConfig;
use OCA\Onlyoffice\Crypt;
use OCA\Onlyoffice\FileCreator;
/**
* Direct Editor
*
* @package OCA\Onlyoffice
*/
class DirectEditor implements IEditor {
/**
* Application name
*
* @var string
*/
private $appName;
/**
* Url generator service
*
* @var IURLGenerator
*/
private $urlGenerator;
/**
* l10n service
*
* @var IL10N
*/
private $trans;
/**
* Logger
*
* @var ILogger
*/
private $logger;
/**
* Application configuration
*
* @var OCA\Onlyoffice\AppConfig
*/
private $config;
/**
* Hash generator
*
* @var OCA\Onlyoffice\Crypt
*/
private $crypt;
/**
* @param string $AppName - application name
* @param IURLGenerator $urlGenerator - url generator service
* @param IL10N $trans - l10n service
* @param ILogger $logger - logger
* @param OCA\Onlyoffice\AppConfig $config - application configuration
* @param OCA\Onlyoffice\Crypt $crypt - hash generator
*/
public function __construct($AppName,
IURLGenerator $urlGenerator,
IL10N $trans,
ILogger $logger,
AppConfig $config,
Crypt $crypt) {
$this->appName = $AppName;
$this->urlGenerator = $urlGenerator;
$this->trans = $trans;
$this->logger = $logger;
$this->config = $config;
$this->crypt = $crypt;
}
/**
* Return a unique identifier for the editor
*
* @return string
*/
public function getId(): string {
return $this->appName;
}
/**
* Return a readable name for the editor
*
* @return string
*/
public function getName(): string {
return "ONLYOFFICE";
}
/**
* A list of mimetypes that should open the editor by default
*
* @return array
*/
public function getMimetypes(): array {
$mimes = array();
$formats = $this->config->FormatsSetting();
foreach ($formats as $format => $setting) {
if (array_key_exists("edit", $setting) && $setting["edit"]
&& array_key_exists("def", $setting) && $setting["def"]) {
array_push($mimes, $setting["mime"]);
}
}
return $mimes;
}
/**
* A list of mimetypes that can be opened in the editor optionally
*
* @return array
*/
public function getMimetypesOptional(): array {
$mimes = array();
$formats = $this->config->FormatsSetting();
foreach ($formats as $format => $setting) {
if (array_key_exists("edit", $setting) && $setting["edit"]
&& (!array_key_exists("def", $setting) || !$setting["def"])) {
array_push($mimes, $setting["mime"]);
}
}
return $mimes;
}
/**
* Return a list of file creation options to be presented to the user
*
* @return array of ACreateFromTemplate|ACreateEmpty
*/
public function getCreators(): array {
return [
new FileCreator($this->appName, $this->trans, $this->logger, "docx"),
new FileCreator($this->appName, $this->trans, $this->logger, "xlsx"),
new FileCreator($this->appName, $this->trans, $this->logger, "pptx")
];
}
/**
* Return if the view is able to securely view a file without downloading it to the browser
*
* @return bool
*/
public function isSecure(): bool {
return true;
}
/**
* Return a template response for displaying the editor
*
* open can only be called once when the client requests the editor with a one-time-use token
* For handling editing and later requests, editors need to impelement their own token handling
* and take care of invalidation
*
* @param IToken $token - one time token
*
* @return Response
*/
public function open(IToken $token): Response {
try {
$token->useTokenScope();
$file = $token->getFile();
$fileId = $file->getId();
$this->logger->debug("DirectEditor open: $fileId", array("app" => $this->appName));
$documentServerUrl = $this->config->GetDocumentServerUrl();
if (empty($documentServerUrl)) {
$this->logger->error("documentServerUrl is empty", array("app" => $this->appName));
return $this->renderError($this->trans->t("ONLYOFFICE app is not configured. Please contact admin"));
}
$userId = $token->getUser();
$directToken = $this->crypt->GetHash([
"userId" => $userId,
"fileId" => $fileId,
"action" => "direct",
"iat" => time(),
"exp" => time() + 30
]);
$filePath = $file->getPath();
$filePath = preg_replace("/^\/" . $userId . "\/files/", "", $filePath);
$params = [
"documentServerUrl" => $documentServerUrl,
"fileId" => null,
"filePath" => $filePath,
"shareToken" => null,
"directToken" => $directToken,
"inframe" => false
];
$response = new TemplateResponse($this->appName, "editor", $params, "base");
$csp = new ContentSecurityPolicy();
$csp->allowInlineScript(true);
if (preg_match("/^https?:\/\//i", $documentServerUrl)) {
$csp->addAllowedScriptDomain($documentServerUrl);
$csp->addAllowedFrameDomain($documentServerUrl);
} else {
$csp->addAllowedFrameDomain($this->urlGenerator->getAbsoluteURL("/"));
}
$response->setContentSecurityPolicy($csp);
return $response;
} catch (\Exception $e) {
$this->logger->error("DirectEditor open: " . $e->getMessage(), array("app" => $this->appName));
return $this->renderError($e->getMessage());
}
}
/**
* Print error page
*
* @param string $error - error message
* @param string $hint - error hint
*
* @return TemplateResponse
*/
private function renderError($error, $hint = "") {
return new TemplateResponse("", "error", array(
"errors" => array(
array(
"error" => $error,
"hint" => $hint
)
)
), "error");
}
}
|
