wsd: added mode attribute to alias_groups
you can switch between 'first' and 'groups' mode default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases. also added mode option in JSON format to make the setup backwards compaitable , auto_host is by default false it won't resolves aliases and dockey will only use uri's path . To use alias_groups you have to explicitly set the auto_host allow attribute value to true Signed-off-by: Rash419 <rashesh.padia@collabora.com> Change-Id: I3af439edcbc546d9a660d678e52d813951dc237apull/4437/head
parent
ddc13c0f4a
commit
da3143dbdc
|
@ -206,11 +206,17 @@
|
|||
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
|
||||
</locking>
|
||||
|
||||
<!-- <group>
|
||||
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
|
||||
<alias>scheme://aliasname1:port</alias>
|
||||
<alias>scheme://aliasname2:port</alias>
|
||||
</group> -->
|
||||
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
|
||||
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
|
||||
add the hosts below. If one host is accessible under multiple ip addresses
|
||||
or names, add them as aliases. -->
|
||||
<!--<group>
|
||||
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
|
||||
<alias>scheme://aliasname1:port</alias>
|
||||
<alias>scheme://aliasname2:port</alias>
|
||||
</group>-->
|
||||
<!-- More "group"s possible here -->
|
||||
</alias_groups>
|
||||
|
||||
</wopi>
|
||||
<ssl desc="SSL settings">
|
||||
|
|
|
@ -1277,23 +1277,30 @@ public:
|
|||
{
|
||||
try
|
||||
{
|
||||
Poco::JSON::Array::Ptr aliasGroups =
|
||||
remoteJson->getObject("storage")->getObject("wopi")->getArray("alias_groups");
|
||||
Poco::JSON::Object::Ptr aliasGroups =
|
||||
remoteJson->getObject("storage")->getObject("wopi")->getObject("alias_groups");
|
||||
|
||||
if (aliasGroups->size() == 0)
|
||||
Poco::JSON::Array::Ptr groups = aliasGroups->getArray("groups");
|
||||
|
||||
if (groups->size() == 0)
|
||||
{
|
||||
LOG_WRN("Not overwriting any alias groups because alias_group array is empty");
|
||||
return;
|
||||
}
|
||||
|
||||
std::string mode = "first";
|
||||
JsonUtil::findJSONValue(aliasGroups, "mode", mode);
|
||||
newAppConfig.insert(std::make_pair("storage.wopi.alias_groups[@mode]", mode));
|
||||
|
||||
std::size_t i;
|
||||
for (i = 0; i < aliasGroups->size(); i++)
|
||||
for (i = 0; i < groups->size(); i++)
|
||||
{
|
||||
Poco::JSON::Object::Ptr group = aliasGroups->getObject(i);
|
||||
Poco::JSON::Object::Ptr group = groups->getObject(i);
|
||||
std::string host;
|
||||
JsonUtil::findJSONValue(group, "host", host);
|
||||
Poco::Dynamic::Var allow = group->get("allow");
|
||||
const std::string path = "storage.wopi.group[" + std::to_string(i) + ']';
|
||||
const std::string path =
|
||||
"storage.wopi.alias_groups.group[" + std::to_string(i) + ']';
|
||||
|
||||
newAppConfig.insert(std::make_pair(path + ".host", host));
|
||||
newAppConfig.insert(std::make_pair(path + ".host[@allow]", booleanToString(allow)));
|
||||
|
@ -1324,7 +1331,8 @@ public:
|
|||
//fetched from json, overwrite the remaining alias_groups from config file to empty strings and
|
||||
for (;; i++)
|
||||
{
|
||||
const std::string path = "storage.wopi.group[" + std::to_string(i) + "].host";
|
||||
const std::string path =
|
||||
"storage.wopi.alias_groups.group[" + std::to_string(i) + "].host";
|
||||
if (!conf.has(path))
|
||||
{
|
||||
break;
|
||||
|
@ -1506,7 +1514,8 @@ void COOLWSD::innerInitialize(Application& self)
|
|||
{ "quarantine_files.max_versions_to_maintain", "2" },
|
||||
{ "quarantine_files.path", "quarantine" },
|
||||
{ "quarantine_files.expiry_min", "30" },
|
||||
{ "remote_config.remote_url", ""}
|
||||
{ "remote_config.remote_url", ""},
|
||||
{ "storage.wopi.alias_groups[@mode]" , "first"}
|
||||
};
|
||||
|
||||
// Set default values, in case they are missing from the config file.
|
||||
|
|
|
@ -128,30 +128,46 @@ void StorageBase::addWopiHost(std::string host, bool allow)
|
|||
|
||||
void StorageBase::parseAliases(Poco::Util::LayeredConfiguration& conf)
|
||||
{
|
||||
//set alias_groups mode to compat
|
||||
if (!conf.has("storage.wopi.alias_groups"))
|
||||
{
|
||||
conf.setString("storage.wopi.alias_groups[@mode]", "compat");
|
||||
}
|
||||
else if (conf.has("storage.wopi.alias_groups.group[0]"))
|
||||
{
|
||||
// group defined in alias_groups
|
||||
if (Util::iequal(config::getString("storage.wopi.alias_groups[@mode]", "first"), "first"))
|
||||
{
|
||||
LOG_ERR("Admins didnot set the alias_groups mode to 'groups'");
|
||||
AliasHosts.clear();
|
||||
AllHosts.clear();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
AliasHosts.clear();
|
||||
AllHosts.clear();
|
||||
|
||||
for (size_t i = 0;; i++)
|
||||
{
|
||||
const std::string path = "storage.wopi.group[" + std::to_string(i) + ']';
|
||||
const std::string path = "storage.wopi.alias_groups.group[" + std::to_string(i) + ']';
|
||||
if (!conf.has(path + ".host"))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
const std::string hostAndPort = conf.getString(path + ".host", "");
|
||||
if (hostAndPort.empty())
|
||||
const std::string uri = conf.getString(path + ".host", "");
|
||||
if (uri.empty())
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
bool allow = conf.getBool(path + ".host[@allow]", false);
|
||||
Poco::URI uriHostAndPort;
|
||||
|
||||
try
|
||||
{
|
||||
Poco::URI aUri(hostAndPort);
|
||||
aUri.swap(uriHostAndPort);
|
||||
StorageBase::addWopiHost(uriHostAndPort.getHost(), allow);
|
||||
AllHosts.insert(uriHostAndPort.getAuthority());
|
||||
const Poco::URI realUri(uri);
|
||||
StorageBase::addWopiHost(realUri.getHost(), allow);
|
||||
AllHosts.insert(realUri.getAuthority());
|
||||
}
|
||||
catch (const Poco::Exception& exc)
|
||||
{
|
||||
|
@ -168,10 +184,15 @@ void StorageBase::parseAliases(Poco::Util::LayeredConfiguration& conf)
|
|||
|
||||
try
|
||||
{
|
||||
const Poco::URI uriAliasHostAndPort(conf.getString(aliasPath, ""));
|
||||
AliasHosts.insert({ uriAliasHostAndPort.getAuthority(), uriHostAndPort.getAuthority() });
|
||||
AllHosts.insert(uriAliasHostAndPort.getAuthority());
|
||||
StorageBase::addWopiHost(uriAliasHostAndPort.getHost(), allow);
|
||||
const Poco::URI aliasUri(conf.getString(aliasPath, ""));
|
||||
if (aliasUri.empty())
|
||||
{
|
||||
continue;
|
||||
}
|
||||
const Poco::URI realUri(uri);
|
||||
AliasHosts.insert({ aliasUri.getAuthority(), realUri.getAuthority() });
|
||||
AllHosts.insert(aliasUri.getAuthority());
|
||||
StorageBase::addWopiHost(aliasUri.getHost(), allow);
|
||||
}
|
||||
catch (const Poco::Exception& exc)
|
||||
{
|
||||
|
@ -183,6 +204,10 @@ void StorageBase::parseAliases(Poco::Util::LayeredConfiguration& conf)
|
|||
|
||||
std::string StorageBase::getNewUri(const Poco::URI& uri)
|
||||
{
|
||||
if (Util::iequal(config::getString("storage.wopi.alias_groups[@mode]", "first"), "compat"))
|
||||
{
|
||||
return uri.getPath();
|
||||
}
|
||||
Poco::URI newUri(uri);
|
||||
const std::string key = newUri.getAuthority();
|
||||
if (AliasHosts.find(key) != AliasHosts.end())
|
||||
|
@ -289,6 +314,11 @@ bool StorageBase::allowedWopiHost(const std::string& host)
|
|||
|
||||
bool StorageBase::allowedAlias(const Poco::URI& uri)
|
||||
{
|
||||
if (Util::iequal(config::getString("storage.wopi.alias_groups[@mode]", "first"), "compat"))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if (AllHosts.empty())
|
||||
{
|
||||
if (FirstHost.empty())
|
||||
|
@ -297,15 +327,14 @@ bool StorageBase::allowedAlias(const Poco::URI& uri)
|
|||
}
|
||||
else if (FirstHost != uri.getAuthority())
|
||||
{
|
||||
LOG_ERR("Only allowed host is: " << FirstHost
|
||||
<< ", no aliases groups are defined in configuration");
|
||||
LOG_ERR("Only allowed host is: " << FirstHost);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else if (AllHosts.find(uri.getAuthority()) == AllHosts.end())
|
||||
{
|
||||
LOG_ERR("Host: " << uri.getAuthority()
|
||||
<< " is not allowed, It is not part of aliases group");
|
||||
<< " is not allowed, It is not part of alias_groups configuration");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
Loading…
Reference in New Issue