Avoid window id in query string for attachments. Project: http://git-wip-us.apache.org/repos/asf/incubator-wave/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-wave/commit/a7250231 Tree: http://git-wip-us.apache.org/repos/asf/incubator-wave/tree/a7250231 Diff: http://git-wip-us.apache.org/repos/asf/incubator-wave/diff/a7250231
Branch: refs/heads/swellrt Commit: a72502314cd1c0ad0fc7d0a222be09b850409b1d Parents: 635c8a7 Author: Pablo Ojanguren <[email protected]> Authored: Mon Oct 10 16:31:22 2016 +0200 Committer: Pablo Ojanguren <[email protected]> Committed: Mon Oct 10 16:31:22 2016 +0200 ---------------------------------------------------------------------- .../main/java/org/swellrt/api/SwellRTUtils.java | 14 ++++-- .../org/swellrt/api/js/generic/FileTypeJS.java | 4 ++ .../box/server/rpc/AttachmentServlet.java | 46 +++++++++++++++++--- 3 files changed, 54 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-wave/blob/a7250231/wave/src/main/java/org/swellrt/api/SwellRTUtils.java ---------------------------------------------------------------------- diff --git a/wave/src/main/java/org/swellrt/api/SwellRTUtils.java b/wave/src/main/java/org/swellrt/api/SwellRTUtils.java index 79d7654..4ee6730 100644 --- a/wave/src/main/java/org/swellrt/api/SwellRTUtils.java +++ b/wave/src/main/java/org/swellrt/api/SwellRTUtils.java @@ -211,11 +211,19 @@ public class SwellRTUtils { Preconditions.checkArgument(file.getModel() != null, "File is not in a model"); - return getBaseUrl() + "/attachment/" + file.getValue().getId() + BrowserSession.getSessionURLparameter() - + "?waveRef=" + encodeWaveRefUri(file.getModel().getWaveRef()) - + BrowserSession.getWindowURLparameter(); + return getBaseUrl() + "/attachment/" + file.getValue().getId() + BrowserSession.getSessionURLparameter(); } + public static String buildThumbnailUrl(FileType file) { + Preconditions.checkArgument(file != null, "File can't be null"); + Preconditions.checkArgument(file.getValue() != null, "File content can't be null"); + Preconditions.checkArgument(file.getValue().getId() != null, "File id can't be null"); + Preconditions.checkArgument(file.getModel() != null, "File is not in a model"); + + return getBaseUrl() + "/thumbnail/" + file.getValue().getId() + BrowserSession.getSessionURLparameter(); + } + + public static String encodeWaveRefUri(WaveRef waveRef) { return URL.encode(GwtWaverefEncoder.encodeToUriQueryString(waveRef)); } http://git-wip-us.apache.org/repos/asf/incubator-wave/blob/a7250231/wave/src/main/java/org/swellrt/api/js/generic/FileTypeJS.java ---------------------------------------------------------------------- diff --git a/wave/src/main/java/org/swellrt/api/js/generic/FileTypeJS.java b/wave/src/main/java/org/swellrt/api/js/generic/FileTypeJS.java index c13013a..dbb2fab 100644 --- a/wave/src/main/java/org/swellrt/api/js/generic/FileTypeJS.java +++ b/wave/src/main/java/org/swellrt/api/js/generic/FileTypeJS.java @@ -59,6 +59,10 @@ public class FileTypeJS extends JavaScriptObject implements FileType.Listener { getUrl: function() { return this.url(); }, + + getThumbnailUrl: function() { + return @org.swellrt.api.SwellRTUtils::buildThumbnailUrl(Lorg/swellrt/model/generic/FileType;)(this._delegate); + }, setValue: function(file) { this.set(file); http://git-wip-us.apache.org/repos/asf/incubator-wave/blob/a7250231/wave/src/main/java/org/waveprotocol/box/server/rpc/AttachmentServlet.java ---------------------------------------------------------------------- diff --git a/wave/src/main/java/org/waveprotocol/box/server/rpc/AttachmentServlet.java b/wave/src/main/java/org/waveprotocol/box/server/rpc/AttachmentServlet.java index b395079..c35bffd 100644 --- a/wave/src/main/java/org/waveprotocol/box/server/rpc/AttachmentServlet.java +++ b/wave/src/main/java/org/waveprotocol/box/server/rpc/AttachmentServlet.java @@ -19,6 +19,7 @@ package org.waveprotocol.box.server.rpc; +import com.google.common.net.MediaType; import com.google.inject.Inject; import com.google.inject.Singleton; import com.typesafe.config.Config; @@ -37,6 +38,7 @@ import org.waveprotocol.box.server.waveserver.WaveletProvider; import org.waveprotocol.wave.media.model.AttachmentId; import org.waveprotocol.wave.model.id.InvalidIdException; import org.waveprotocol.wave.model.id.WaveletName; +import org.waveprotocol.wave.model.util.Preconditions; import org.waveprotocol.wave.model.wave.ParticipantId; import org.waveprotocol.wave.util.logging.Log; @@ -48,6 +50,7 @@ import java.io.*; import java.net.URLDecoder; import java.util.Calendar; import java.util.List; +import java.util.Set; import java.util.logging.Level; /** @@ -108,13 +111,21 @@ public class AttachmentServlet extends HttpServlet { } else { waveletName = AttachmentUtil.waveRef2WaveletName(metadata.getWaveRef()); } - - ParticipantId user = sessionManager.getLoggedInUser(request); + + // the same HTTP cookie-based session could handle different per browser tab sessions + // however, we can't distinguish the actual participant requesting an image because + // img requests can't carry the header with the browser tab id. + // Workaround is to grant access to the image to all sessions in the browser. + Set<ParticipantId> participants = sessionManager.getAllLoggedInUser(sessionManager.getSession(request)); boolean isAuthorized = false; - try { - isAuthorized = waveletProvider.checkAccessPermission(waveletName, user); - } catch (WaveServerException e) { - LOG.warning("Problem while authorizing user: " + user + " for wavelet: " + waveletName, e); + for (ParticipantId p: participants) { + try { + isAuthorized = waveletProvider.checkAccessPermission(waveletName, p); + if (isAuthorized) + break; + } catch (WaveServerException e) { + LOG.warning("Problem while authorizing user: " + p + " for wavelet: " + waveletName, e); + } } if (!isAuthorized) { response.sendError(HttpServletResponse.SC_FORBIDDEN); @@ -164,7 +175,10 @@ public class AttachmentServlet extends HttpServlet { response.setContentType(contentType); response.setContentLength((int)data.getSize()); - response.setHeader("Content-Disposition", "attachment; filename=\"" + metadata.getFileName() + "\""); + + if (!isWebContent(contentType)) + response.setHeader("Content-Disposition", "attachment; filename=\"" + metadata.getFileName() + "\""); + response.setStatus(HttpServletResponse.SC_OK); response.setDateHeader("Last-Modified", Calendar.getInstance().getTimeInMillis()); AttachmentUtil.writeTo(data.getInputStream(), response.getOutputStream()); @@ -354,4 +368,22 @@ public class AttachmentServlet extends HttpServlet { } return waveRefStr; } + + /** + * Check if mime type is suitable to be deliver as an inline content + * or as a file. + * @param mimeType + * @return + */ + private static boolean isWebContent(String mimeType) { + boolean isWebContent = false; + try { + MediaType mt = MediaType.parse(mimeType); + isWebContent = mt.is(MediaType.ANY_IMAGE_TYPE) || mt.is(MediaType.ANY_VIDEO_TYPE); + } catch (IllegalArgumentException e) { + LOG.warning("Unable to decode mime type "+mimeType != null ? mimeType : "null"); + } + + return isWebContent; + } }
