jwt token on open

DocService/sources/fileuploaderservice.js

@@ -33,6 +33,7 @@
 var multiparty = require('multiparty');
 var co = require('co');
 var taskResult = require('./taskresult');
+var docsCoServer = require('./DocsCoServer');
 var utils = require('./../../Common/sources/utils');
 var constants = require('./../../Common/sources/constants');
 var storageBase = require('./../../Common/sources/storage-base');
@@ -44,6 +45,7 @@ var configUtils = config.get('services.CoAuthoring.utils');
 
 var cfgImageSize = configServer.get('limits_image_size');
 var cfgTypesUpload = configUtils.get('limits_image_types_upload');
+var cfgSignatureEnable = config.get('services.CoAuthoring.signature.enable');
 
 exports.uploadTempFile = function(req, res) {
   return co(function* () {
@@ -70,15 +72,43 @@ exports.uploadTempFile = function(req, res) {
     }
   });
 };
+function checkJwt(docId, errorName, jwt){
+  var res = {err: true, docId: null, userid: null};
+  var checkJwtRes = docsCoServer.checkJwt(jwt);
+  if (checkJwtRes.decoded) {
+    var doc = checkJwtRes.decoded.document;
+    var edit = checkJwtRes.decoded.editorConfig;
+    if (utils.isEditMode(doc.permissions, edit.mode, true)) {
+      res.err = false;
+      res.docId = doc.key;
+      if (edit.user) {
+        res.userid = edit.user.id;
+      }
+    } else {
+      logger.error('Error %s jwt: docId = %s\r\n%s', errorName, docId, 'access deny');
+    }
+  } else {
+    logger.error('Error %s jwt: docId = %s\r\n%s', errorName, docId, checkJwtRes.description);
+  }
+  return res;
+}
 exports.uploadImageFileOld = function(req, res) {
   var docId = req.params.docid;
   logger.debug('Start uploadImageFileOld: docId = %s', docId);
   var userid = req.params.userid;
-  var vkey = req.params.vkey;
+  if (cfgSignatureEnable) {
+    var checkJwtRes = checkJwt(docId, 'uploadImageFileOld', req.params.jwt);
+    if(!checkJwtRes.err){
+      docId = checkJwtRes.docId || docId;
+      userid = checkJwtRes.userid || userid;
+    } else {
+      res.sendStatus(400);
+      return;
+    }
+  }
   var index = parseInt(req.params.index);
   var listImages = [];
   //todo userid
-  //todo vkey
   if (docId && index) {
     var isError = false;
     var form = new multiparty.Form();
@@ -149,11 +179,22 @@ exports.uploadImageFile = function(req, res) {
     var docId = 'null';
     try {
       docId = req.params.docid;
-      logger.debug('Start uploadImageFile: docId = %s', docId);
       var userid = req.params.userid;
-      var vkey = req.params.vkey;
+      logger.debug('Start uploadImageFile: docId = %s', docId);
+
+      var isValidJwt = true;
+      if (cfgSignatureEnable) {
+        var checkJwtRes = checkJwt(docId, 'uploadImageFile', req.params.jwt);
+        if (!checkJwtRes.err) {
+          docId = checkJwtRes.docId || docId;
+          userid = checkJwtRes.userid || userid;
+        } else {
+          isValidJwt = false;
+        }
+      }
+
       var index = parseInt(req.params.index);
-      if (docId && req.body && Buffer.isBuffer(req.body)) {
+      if (isValidJwt && docId && req.body && Buffer.isBuffer(req.body)) {
         var buffer = req.body;
         var format = formatChecker.getImageFormat(buffer);
         var formatStr = formatChecker.getStringFromFormat(format);