use onlyoffice jwt token (#4671)

Co-authored-by: lian <lian@seafile.com>

seahub/onlyoffice/utils.py

@@ -10,38 +10,45 @@ from django.utils.encoding import force_bytes
 
 from seaserv import seafile_api
 
+from seahub.base.templatetags.seahub_tags import email2nickname
 from seahub.utils import get_file_type_and_ext, gen_file_get_url, \
         get_site_scheme_and_netloc, normalize_cache_key
 
 from seahub.settings import ENABLE_WATERMARK
 from seahub.onlyoffice.settings import ONLYOFFICE_APIJS_URL, \
-        ONLYOFFICE_FORCE_SAVE
+        ONLYOFFICE_FORCE_SAVE, ONLYOFFICE_JWT_SECRET
+
 
 def generate_onlyoffice_cache_key(repo_id, file_path):
     prefix = "ONLYOFFICE_"
     value = "%s_%s" % (repo_id, file_path)
     return normalize_cache_key(value, prefix)
 
-def get_onlyoffice_dict(username, repo_id, file_path,
+
-        file_id='', can_edit=False, can_download=True):
+def get_onlyoffice_dict(request, username, repo_id, file_path, file_id='',
+                        can_edit=False, can_download=True):
 
     repo = seafile_api.get_repo(repo_id)
     if repo.is_virtual:
         origin_repo_id = repo.origin_repo_id
-        origin_file_path = posixpath.join(repo.origin_path, file_path.strip('/'))
+        origin_file_path = posixpath.join(repo.origin_path,
+                                          file_path.strip('/'))
         # for view history/trash/snapshot file
         if not file_id:
             file_id = seafile_api.get_file_id_by_path(origin_repo_id,
-                    origin_file_path)
+                                                      origin_file_path)
     else:
         origin_repo_id = repo_id
         origin_file_path = file_path
         if not file_id:
             file_id = seafile_api.get_file_id_by_path(repo_id,
-                    file_path)
+                                                      file_path)
 
     dl_token = seafile_api.get_fileserver_access_token(repo_id,
-            file_id, 'download', username, use_onetime=True)
+                                                       file_id,
+                                                       'download',
+                                                       username,
+                                                       use_onetime=True)
     if not dl_token:
         return None
 
@@ -62,9 +69,12 @@ def get_onlyoffice_dict(username, repo_id, file_path,
         doc_key = cache.get(cache_key)
 
     if not doc_key:
-        doc_key = hashlib.md5(force_bytes(origin_repo_id + origin_file_path + file_id)).hexdigest()[:20]
+        info_bytes = force_bytes(origin_repo_id + origin_file_path + file_id)
+        doc_key = hashlib.md5(info_bytes).hexdigest()[:20]
 
-    doc_info = json.dumps({'repo_id': repo_id, 'file_path': file_path, 'username': username})
+    doc_info = json.dumps({'repo_id': repo_id,
+                           'file_path': file_path,
+                           'username': username})
     cache.set("ONLYOFFICE_%s" % doc_key, doc_info, None)
 
     file_name = os.path.basename(file_path.rstrip('/'))
@@ -72,7 +82,8 @@ def get_onlyoffice_dict(username, repo_id, file_path,
 
     base_url = get_site_scheme_and_netloc()
     onlyoffice_editor_callback_url = reverse('onlyoffice_editor_callback')
-    calllback_url = urllib.parse.urljoin(base_url, onlyoffice_editor_callback_url)
+    callback_url = urllib.parse.urljoin(base_url,
+                                        onlyoffice_editor_callback_url)
 
     return_dict = {
         'repo_id': repo_id,
@@ -83,7 +94,7 @@ def get_onlyoffice_dict(username, repo_id, file_path,
         'doc_title': file_name,
         'doc_url': doc_url,
         'document_type': document_type,
-        'callback_url': calllback_url,
+        'callback_url': callback_url,
         'can_edit': can_edit,
         'can_download': can_download,
         'username': username,
@@ -91,4 +102,36 @@ def get_onlyoffice_dict(username, repo_id, file_path,
         'enable_watermark': ENABLE_WATERMARK and not can_edit,
     }
 
+    if ONLYOFFICE_JWT_SECRET:
+        import jwt
+        config = {
+            "document": {
+                "fileType": fileext,
+                "key": doc_key,
+                "title": file_name,
+                "url": doc_url,
+                "permissions": {
+                    "download": can_download,
+                    "edit": can_edit,
+                    "print": can_download,
+                    "review": True
+                }
+            },
+            "documentType": document_type,
+            "editorConfig": {
+                "callbackUrl": callback_url,
+                "lang": request.LANGUAGE_CODE,
+                "mode": can_edit,
+                "customization": {
+                    "forcesave": ONLYOFFICE_FORCE_SAVE,
+                },
+                "user": {
+                    "name": email2nickname(username)
+                }
+            }
+        }
+
+        return_dict['onlyoffice_jwt_token'] = jwt.encode(config,
+                                                         ONLYOFFICE_JWT_SECRET)
+
     return return_dict

seahub/views/file.py

@@ -125,11 +125,6 @@ try:
 except ImportError:
     ONLYOFFICE_EDIT_FILE_EXTENSION = ()
 
-try:
-    from seahub.onlyoffice.settings import ONLYOFFICE_JWT_SECRET
-except ImportError:
-    ONLYOFFICE_JWT_SECRET = ''
-
 # bisheng office
 from seahub.bisheng_office.utils import get_bisheng_dict, \
         get_bisheng_editor_url, get_bisheng_preivew_url
@@ -790,9 +785,8 @@ def view_lib_file(request, repo_id, path):
                     (is_locked and locked_by_online_office)):
                 can_edit = True
 
-            onlyoffice_dict = get_onlyoffice_dict(username, repo_id, path,
+            onlyoffice_dict = get_onlyoffice_dict(request, username, repo_id, path,
-                    can_edit=can_edit,
+                    can_edit=can_edit, can_download=parse_repo_perm(permission).can_download)
-                    can_download=parse_repo_perm(permission).can_download)
 
             if onlyoffice_dict:
                 if is_pro_version() and can_edit:
@@ -806,36 +800,6 @@ def view_lib_file(request, repo_id, path):
 
                 send_file_access_msg(request, repo, path, 'web')
 
-                if ONLYOFFICE_JWT_SECRET:
-                    import jwt
-                    config = {
-                        "document": {
-                            "fileType": onlyoffice_dict['file_type'],
-                            "key": onlyoffice_dict['doc_key'],
-                            "title": onlyoffice_dict['doc_title'],
-                            "url": onlyoffice_dict['doc_url'],
-                            "permissions": {
-                                "download": onlyoffice_dict['can_download'],
-                                "edit": onlyoffice_dict['can_edit'],
-                                "print": onlyoffice_dict['can_download'],
-                                "review": True
-                            }
-                        },
-                        "documentType": onlyoffice_dict['document_type'],
-                        "editorConfig": {
-                            "callbackUrl": onlyoffice_dict['callback_url'],
-                            "lang": request.LANGUAGE_CODE,
-                            "mode": onlyoffice_dict['can_edit'],
-                            "customization": {
-                                "forcesave": onlyoffice_dict['onlyoffice_force_save'],
-                            },
-                            "user": {
-                                "name": email2nickname(username)
-                            }
-                        }
-                    };
-                    onlyoffice_dict['onlyoffice_jwt_token'] = jwt.encode(config, ONLYOFFICE_JWT_SECRET)
-
                 return render(request, 'view_file_onlyoffice.html', onlyoffice_dict)
             else:
                 return_dict['err'] = _('Error when prepare OnlyOffice file preview page.')
@@ -944,7 +908,7 @@ def view_history_file_common(request, repo_id, ret_dict):
 
             if ENABLE_ONLYOFFICE and fileext in ONLYOFFICE_FILE_EXTENSION:
 
-                onlyoffice_dict = get_onlyoffice_dict(username, repo_id, path,
+                onlyoffice_dict = get_onlyoffice_dict(request, username, repo_id, path,
                         file_id=obj_id, can_download=parse_repo_perm(user_perm).can_download)
 
                 if onlyoffice_dict:
@@ -1230,7 +1194,7 @@ def view_shared_file(request, fileshare):
 
         if ENABLE_ONLYOFFICE and fileext in ONLYOFFICE_FILE_EXTENSION:
 
-            onlyoffice_dict = get_onlyoffice_dict(username, repo_id, path,
+            onlyoffice_dict = get_onlyoffice_dict(request, username, repo_id, path,
                     can_edit=can_edit, can_download=can_download)
 
             if onlyoffice_dict:
@@ -1416,7 +1380,7 @@ def view_file_via_shared_dir(request, fileshare):
 
         if ENABLE_ONLYOFFICE and fileext in ONLYOFFICE_FILE_EXTENSION:
 
-            onlyoffice_dict = get_onlyoffice_dict(username,
+            onlyoffice_dict = get_onlyoffice_dict(request, username,
                     repo_id, real_path)
 
             if onlyoffice_dict: