From 87eac2079baad92e2b1f33d9cab806506c6e69fa Mon Sep 17 00:00:00 2001 From: Michael Meeks Date: Wed, 4 Mar 2020 13:52:51 +0000 Subject: [PATCH] ProxyPrefix: allow the user to specify a custom prefix. This allows us to re-direct web traffic via a proxy quite simply during fetch, instead of changing the service root. Change-Id: I28d348467e48394d581fca4da4c199348a2ca8e0 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92804 Tested-by: Jenkins CollaboraOffice Reviewed-by: Jan Holesovsky --- loleaflet/html/loleaflet.html.m4 | 2 ++ wsd/FileServer.cpp | 35 ++++++++++++++++++++++++-------- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/loleaflet/html/loleaflet.html.m4 b/loleaflet/html/loleaflet.html.m4 index 945449d9f6..3b63c87ff6 100644 --- a/loleaflet/html/loleaflet.html.m4 +++ b/loleaflet/html/loleaflet.html.m4 @@ -241,6 +241,7 @@ m4_ifelse(MOBILEAPP,[true], window.reuseCookies = ''; window.protocolDebug = false; window.frameAncestors = ''; + window.socketProxy = false; window.tileSize = 256;], [window.host = '%HOST%'; window.serviceRoot = '%SERVICE_ROOT%'; @@ -255,6 +256,7 @@ m4_ifelse(MOBILEAPP,[true], window.reuseCookies = '%REUSE_COOKIES%'; window.protocolDebug = %PROTOCOL_DEBUG%; window.frameAncestors = '%FRAME_ANCESTORS%'; + window.socketProxy = %SOCKET_PROXY%; window.tileSize = 256;]) m4_syscmd([cat ]GLOBAL_JS)m4_dnl diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 432a09b1c7..8073860c22 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -640,6 +640,17 @@ constexpr char BRANDING[] = "branding"; constexpr char BRANDING_UNSUPPORTED[] = "branding-unsupported"; #endif +namespace { + // The user can override the ServerRoot with a new prefix. + std::string getResponseRoot(const HTTPRequest &request) + { + if (!request.has("ProxyPrefix")) + return LOOLWSD::ServiceRoot; + std::string proxyPrefix = request.get("ProxyPrefix", ""); + return proxyPrefix; + } +} + void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco::MemoryInputStream& message, const std::shared_ptr& socket) { @@ -686,15 +697,21 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco:: } } - const auto& config = Application::instance().config(); + std::string socketProxy = "false"; + if (request.has("ProxyPrefix")) + socketProxy = "true"; + Poco::replaceInPlace(preprocess, std::string("%SOCKET_PROXY%"), socketProxy); + + std::string responseRoot = getResponseRoot(request); Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN%"), escapedAccessToken); Poco::replaceInPlace(preprocess, std::string("%ACCESS_TOKEN_TTL%"), std::to_string(tokenTtl)); Poco::replaceInPlace(preprocess, std::string("%ACCESS_HEADER%"), escapedAccessHeader); Poco::replaceInPlace(preprocess, std::string("%HOST%"), host); Poco::replaceInPlace(preprocess, std::string("%VERSION%"), std::string(LOOLWSD_VERSION_HASH)); - Poco::replaceInPlace(preprocess, std::string("%SERVICE_ROOT%"), LOOLWSD::ServiceRoot); + Poco::replaceInPlace(preprocess, std::string("%SERVICE_ROOT%"), responseRoot); + const auto& config = Application::instance().config(); std::string protocolDebug = "false"; if (config.getBool("logging.protocol")) protocolDebug = "true"; @@ -703,16 +720,16 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco:: static const std::string linkCSS(""); static const std::string scriptJS(""); - std::string brandCSS(Poco::format(linkCSS, LOOLWSD::ServiceRoot, std::string(BRANDING))); - std::string brandJS(Poco::format(scriptJS, LOOLWSD::ServiceRoot, std::string(BRANDING))); + std::string brandCSS(Poco::format(linkCSS, responseRoot, std::string(BRANDING))); + std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING))); #if ENABLE_SUPPORT_KEY const std::string keyString = config.getString("support_key", ""); SupportKey key(keyString); if (!key.verify() || key.validDaysRemaining() <= 0) { - brandCSS = Poco::format(linkCSS, LOOLWSD::ServiceRoot, std::string(BRANDING_UNSUPPORTED)); - brandJS = Poco::format(scriptJS, LOOLWSD::ServiceRoot, std::string(BRANDING_UNSUPPORTED)); + brandCSS = Poco::format(linkCSS, responseRoot, std::string(BRANDING_UNSUPPORTED)); + brandJS = Poco::format(scriptJS, responseRoot, std::string(BRANDING_UNSUPPORTED)); } #endif @@ -905,13 +922,15 @@ void FileServerRequestHandler::preprocessAdminFile(const HTTPRequest& request,co if (!FileServerRequestHandler::isAdminLoggedIn(request, response)) throw Poco::Net::NotAuthenticatedException("Invalid admin login"); + std::string responseRoot = getResponseRoot(request); + static const std::string scriptJS(""); static const std::string footerPage("
Key: %s   Expiry Date: %s
"); const std::string relPath = getRequestPathname(request); LOG_DBG("Preprocessing file: " << relPath); std::string adminFile = *getUncompressedFile(relPath); - std::string brandJS(Poco::format(scriptJS, LOOLWSD::ServiceRoot, std::string(BRANDING))); + std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING))); std::string brandFooter; #if ENABLE_SUPPORT_KEY @@ -929,7 +948,7 @@ void FileServerRequestHandler::preprocessAdminFile(const HTTPRequest& request,co Poco::replaceInPlace(adminFile, std::string(""), brandJS); Poco::replaceInPlace(adminFile, std::string(""), brandFooter); Poco::replaceInPlace(adminFile, std::string("%VERSION%"), std::string(LOOLWSD_VERSION_HASH)); - Poco::replaceInPlace(adminFile, std::string("%SERVICE_ROOT%"), LOOLWSD::ServiceRoot); + Poco::replaceInPlace(adminFile, std::string("%SERVICE_ROOT%"), responseRoot); // Ask UAs to block if they detect any XSS attempt response.add("X-XSS-Protection", "1; mode=block");