mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 19:59:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: include additional logging in the wopicontext middleware

Browse Source
This commit is contained in:
Juan Pablo Villafáñez
2024-09-18 13:19:16 +02:00
parent ceb29e63fc
commit 4fcf6c1863
1 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
services/collaboration/pkg/middleware/wopicontext.go
View File

@@ -45,8 +45,23 @@ type WopiContext struct {
// and the WopiContext
func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
// include additional info in the context's logger
// we might need to check https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/common-headers
// although some headers might not be sent depending on the client.
logger := zerolog.Ctx(ctx)
wopiLogger := logger.With().
Str("WopiSessionId", r.Header.Get("X-WOPI-SessionId")).
Str("WopiOverride", r.Header.Get("X-WOPI-Override")).
Str("WopiProof", r.Header.Get("X-WOPI-Proof")).
Str("WopiProofOld", r.Header.Get("X-WOPI-ProofOld")).
Str("WopiStamp", r.Header.Get("X-WOPI-TimeStamp")).
Logger()
accessToken := r.URL.Query().Get("access_token")
if accessToken == "" {
wopiLogger.Error().Msg("missing access token")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
@@ -62,14 +77,14 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
})
if err != nil {
wopiLogger.Error().Err(err).Msg("failed to parse jwt token")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
ctx := r.Context()
wopiContextAccessToken, err := DecryptAES([]byte(cfg.Wopi.Secret), claims.WopiContext.AccessToken)
if err != nil {
wopiLogger.Error().Err(err).Msg("failed to decrypt reva access token")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
@@ -78,11 +93,13 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
"expires": int64(24 * 60 * 60),
})
if err != nil {
wopiLogger.Error().Err(err).Msg("failed to get a reva token manager")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
user, _, err := tokenManager.DismantleToken(ctx, wopiContextAccessToken)
if err != nil {
wopiLogger.Error().Err(err).Msg("failed to dismantle reva token manager")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
@@ -94,15 +111,7 @@ func WopiContextAuthMiddleware(cfg *config.Config, next http.Handler) http.Handl
ctx = ctxpkg.ContextSetUser(ctx, user)
// include additional info in the context's logger
// we might need to check https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/common-headers
// although some headers might not be sent depending on the client.
logger := zerolog.Ctx(ctx)
wopiLogger := logger.With().
Str("WopiSessionId", r.Header.Get("X-WOPI-SessionId")).
Str("WopiOverride", r.Header.Get("X-WOPI-Override")).
Str("WopiProof", r.Header.Get("X-WOPI-Proof")).
Str("WopiProofOld", r.Header.Get("X-WOPI-ProofOld")).
Str("WopiStamp", r.Header.Get("X-WOPI-TimeStamp")).
wopiLogger = wopiLogger.With().
Str("FileReference", claims.WopiContext.FileReference.String()).
Str("ViewMode", claims.WopiContext.ViewMode.String()).
Str("Requester", user.GetId().String()).