diff --git a/Common/config/default.json b/Common/config/default.json index 58415959..5da5c60c 100644 --- a/Common/config/default.json +++ b/Common/config/default.json @@ -132,10 +132,10 @@ "errorcode": 401 }, "secret": { - "browser": {"string": "secret", "file": "", "tenants": {}}, - "inbox": {"string": "secret", "file": "", "tenants": {}}, - "outbox": {"string": "secret", "file": ""}, - "session": {"string": "secret", "file": ""} + "browser": {"string": "secret1", "file": "", "tenants": {}}, + "inbox": {"string": "secret2", "file": "", "tenants": {}}, + "outbox": {"string": "secret3", "file": ""}, + "session": {"string": "secret4", "file": ""} }, "token": { "enable": { @@ -146,18 +146,19 @@ } }, "browser": { - "secretFromInbox": true + "secretFromInbox": false }, "inbox": { "header": "Authorization", - "prefix": "Bearer " + "prefix": "Bearer ", + "inBody": true }, "outbox": { "header": "Authorization", "prefix": "Bearer ", "algorithm": "HS256", "expires": "5m", - "inBody": false + "inBody": true }, "session": { "algorithm": "HS256", diff --git a/DocService/sources/DocsCoServer.js b/DocService/sources/DocsCoServer.js index 2fac85a3..07b5dd1a 100644 --- a/DocService/sources/DocsCoServer.js +++ b/DocService/sources/DocsCoServer.js @@ -130,6 +130,7 @@ const cfgTokenSessionAlgorithm = config.get('token.session.algorithm'); const cfgTokenSessionExpires = ms(config.get('token.session.expires')); const cfgTokenInboxHeader = config.get('token.inbox.header'); const cfgTokenInboxPrefix = config.get('token.inbox.prefix'); +const cfgTokenInboxInBody = config.get('token.inbox.inBody'); const cfgTokenOutboxInBody = config.get('token.outbox.inBody'); const cfgTokenBrowserSecretFromInbox = config.get('token.browser.secretFromInbox'); const cfgSecretBrowser = config.get('secret.browser'); @@ -1078,6 +1079,48 @@ function checkJwtPayloadHash(docId, hash, body, token) { } return res; } +function getRequestParams(docId, req, opt_isNotInBody, opt_tokenAssign) { + let res = {code: constants.NO_ERROR, params: undefined}; + if (req.body && Buffer.isBuffer(req.body) && !opt_isNotInBody) { + res.params = JSON.parse(req.body.toString('utf8')); + } else { + res.params = req.query; + } + if (cfgTokenEnableRequestInbox) { + res.code = constants.VKEY; + let checkJwtRes; + if (cfgTokenInboxInBody && !opt_isNotInBody) { + checkJwtRes = checkJwt(docId, res.params.token, commonDefines.c_oAscSecretType.Inbox); + } else { + //for compatibility + checkJwtRes = checkJwtHeader(docId, req); + } + if (checkJwtRes) { + if (checkJwtRes.decoded) { + res.code = constants.NO_ERROR; + if (cfgTokenInboxInBody && !opt_tokenAssign) { + res.params = checkJwtRes.decoded.payload || {}; + } else { + //for compatibility + if (!utils.isEmptyObject(checkJwtRes.decoded.payload)) { + Object.assign(res.params, checkJwtRes.decoded.payload); + } else if (checkJwtRes.decoded.payloadhash) { + if (!checkJwtPayloadHash(docId, checkJwtRes.decoded.payloadhash, req.body, checkJwtRes.token)) { + res.code = constants.VKEY; + } + } else if (!utils.isEmptyObject(checkJwtRes.decoded.query)) { + Object.assign(res.params, checkJwtRes.decoded.query); + } + } + } else { + if (constants.JWT_EXPIRED_CODE == checkJwtRes.code) { + res.code = constants.VKEY_KEY_EXPIRE; + } + } + } + } + return res; +} exports.c_oAscServerStatus = c_oAscServerStatus; exports.sendData = sendData; @@ -1100,6 +1143,7 @@ exports.getLastSave = getLastSave; exports.getLastForceSave = getLastForceSave; exports.startForceSavePromise = co.wrap(startForceSave); exports.checkJwt = checkJwt; +exports.getRequestParams = getRequestParams; exports.checkJwtHeader = checkJwtHeader; exports.checkJwtPayloadHash = checkJwtPayloadHash; exports.install = function(server, callbackFunction) { @@ -2980,34 +3024,12 @@ exports.commandFromServer = function (req, res) { let docId = 'commandFromServer'; let version = undefined; try { - let params; - if (req.body && Buffer.isBuffer(req.body)) { - params = JSON.parse(req.body.toString('utf8')); - } else { - params = req.query; - } - if (cfgTokenEnableRequestInbox) { + let authRes = getRequestParams(docId, req); + let params = authRes.params; + if(authRes.code === constants.VKEY_KEY_EXPIRE){ + result = commonDefines.c_oAscServerCommandErrors.TokenExpire; + } else if(authRes.code !== constants.NO_ERROR){ result = commonDefines.c_oAscServerCommandErrors.Token; - const checkJwtRes = checkJwtHeader(docId, req); - if (checkJwtRes) { - if (checkJwtRes.decoded) { - if (!utils.isEmptyObject(checkJwtRes.decoded.payload)) { - Object.assign(params, checkJwtRes.decoded.payload); - result = commonDefines.c_oAscServerCommandErrors.NoError; - } else if (checkJwtRes.decoded.payloadhash) { - if (checkJwtPayloadHash(docId, checkJwtRes.decoded.payloadhash, req.body, checkJwtRes.token)) { - result = commonDefines.c_oAscServerCommandErrors.NoError; - } - } else if (!utils.isEmptyObject(checkJwtRes.decoded.query)) { - Object.assign(params, checkJwtRes.decoded.query); - result = commonDefines.c_oAscServerCommandErrors.NoError; - } - } else { - if (constants.JWT_EXPIRED_CODE == checkJwtRes.code) { - result = commonDefines.c_oAscServerCommandErrors.TokenExpire; - } - } - } } // Ключ id-документа docId = params.key; diff --git a/DocService/sources/converterservice.js b/DocService/sources/converterservice.js index 990b1bf7..0d1de9d4 100644 --- a/DocService/sources/converterservice.js +++ b/DocService/sources/converterservice.js @@ -46,8 +46,6 @@ var formatChecker = require('./../../Common/sources/formatchecker'); var statsDClient = require('./../../Common/sources/statsdclient'); var storageBase = require('./../../Common/sources/storage-base'); -var cfgTokenEnableRequestInbox = config.get('services.CoAuthoring.token.enable.request.inbox'); - var CONVERT_ASYNC_DELAY = 1000; var clientStatsD = statsDClient.getClient(); @@ -180,38 +178,13 @@ function convertRequest(req, res) { return co(function* () { var docId = 'convertRequest'; try { - var params; - if (req.body && Buffer.isBuffer(req.body)) { - params = JSON.parse(req.body.toString('utf8')); + let params; + let authRes = docsCoServer.getRequestParams(docId, req); + if(authRes.code === constants.NO_ERROR){ + params = authRes.params; } else { - params = req.query; - } - if (cfgTokenEnableRequestInbox) { - var authError = constants.VKEY; - var checkJwtRes = docsCoServer.checkJwtHeader(docId, req); - if (checkJwtRes) { - if (checkJwtRes.decoded) { - if (!utils.isEmptyObject(checkJwtRes.decoded.payload)) { - Object.assign(params, checkJwtRes.decoded.payload); - authError = constants.NO_ERROR; - } else if (checkJwtRes.decoded.payloadhash) { - if (docsCoServer.checkJwtPayloadHash(docId, checkJwtRes.decoded.payloadhash, req.body, checkJwtRes.token)) { - authError = constants.NO_ERROR; - } - } else if (!utils.isEmptyObject(checkJwtRes.decoded.query)) { - Object.assign(params, checkJwtRes.decoded.query); - authError = constants.NO_ERROR; - } - } else { - if (constants.JWT_EXPIRED_CODE == checkJwtRes.code) { - authError = constants.VKEY_KEY_EXPIRE; - } - } - } - if (authError !== constants.NO_ERROR) { - utils.fillResponse(req, res, undefined, authError); - return; - } + utils.fillResponse(req, res, undefined, authRes.code); + return; } var cmd = new commonDefines.InputCommand(); @@ -279,30 +252,18 @@ function builderRequest(req, res) { return co(function* () { let docId = 'builderRequest'; try { - let params = req.query; + let authRes; + if (!utils.isEmptyObject(req.query)) { + //todo this is a stub for compatibility. remove in future version + authRes = docsCoServer.getRequestParams(docId, req, true, true); + } else { + authRes = docsCoServer.getRequestParams(docId, req); + } + + let params = authRes.params; + let error = authRes.code; let urls; let end = false; - let error = constants.NO_ERROR; - if (cfgTokenEnableRequestInbox) { - error = constants.VKEY; - let checkJwtRes = docsCoServer.checkJwtHeader(docId, req); - if (checkJwtRes) { - if (checkJwtRes.decoded) { - error = constants.NO_ERROR; - if (!utils.isEmptyObject(checkJwtRes.decoded.query)) { - Object.assign(params, checkJwtRes.decoded.query); - } - if (checkJwtRes.decoded.payloadhash && - !docsCoServer.checkJwtPayloadHash(docId, checkJwtRes.decoded.payloadhash, req.body, checkJwtRes.token)) { - error = constants.VKEY; - } - } else { - if (constants.JWT_EXPIRED_CODE === checkJwtRes.code) { - error = constants.VKEY_KEY_EXPIRE; - } - } - } - } if (error === constants.NO_ERROR && (params.key || params.url || (req.body && Buffer.isBuffer(req.body) && req.body.length > 0))) { docId = params.key; diff --git a/DocService/sources/fileuploaderservice.js b/DocService/sources/fileuploaderservice.js index 6969d9be..2b6a86e4 100644 --- a/DocService/sources/fileuploaderservice.js +++ b/DocService/sources/fileuploaderservice.js @@ -51,39 +51,21 @@ var configUtils = config.get('services.CoAuthoring.utils'); var cfgImageSize = configServer.get('limits_image_size'); var cfgTypesUpload = configUtils.get('limits_image_types_upload'); var cfgTokenEnableBrowser = config.get('services.CoAuthoring.token.enable.browser'); -var cfgTokenEnableRequestInbox = config.get('services.CoAuthoring.token.enable.request.inbox'); exports.uploadTempFile = function(req, res) { return co(function* () { - var docId = 'null'; + var docId = 'uploadTempFile'; try { - docId = req.query.key; - logger.debug('Start uploadTempFile: docId = %s', docId); - if (cfgTokenEnableRequestInbox) { - var authError = constants.VKEY; - var checkJwtRes = docsCoServer.checkJwtHeader(docId, req); - if (checkJwtRes) { - if (checkJwtRes.decoded) { - authError = constants.NO_ERROR; - if (checkJwtRes.decoded.query && checkJwtRes.decoded.query.key) { - docId = checkJwtRes.decoded.query.key; - } - if (checkJwtRes.decoded.payloadhash && - !docsCoServer.checkJwtPayloadHash(docId, checkJwtRes.decoded.payloadhash, req.body, checkJwtRes.token)) { - authError = constants.VKEY; - } - } else { - if (constants.JWT_EXPIRED_CODE == checkJwtRes.code) { - authError = constants.VKEY_KEY_EXPIRE; - } - } - } - if (authError !== constants.NO_ERROR) { - utils.fillResponse(req, res, undefined, authError); - return; - } + let params; + let authRes = docsCoServer.getRequestParams(docId, req, true); + if(authRes.code === constants.NO_ERROR){ + params = authRes.params; + } else { + utils.fillResponse(req, res, undefined, authRes.code); + return; } - + docId = params.key; + logger.debug('Start uploadTempFile: docId = %s', docId); if (docId && req.body && Buffer.isBuffer(req.body)) { var task = yield* taskResult.addRandomKeyTask(docId); var strPath = task.key + '/' + docId + '.tmp';