forked from CollaboraOnline/online
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathStorageConnectionManager.hpp
177 lines (148 loc) · 6.53 KB
/
StorageConnectionManager.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#pragma once
#include <chrono>
#include <memory>
#include <string>
#include <Poco/URI.h>
#include <Poco/Util/Application.h>
#include "Authorization.hpp"
#include "HttpRequest.hpp"
/// A Storage Manager is responsible for the settings
/// of Storage and the creation of http::Session and
/// related objects.
class StorageConnectionManager final
{
public:
static std::shared_ptr<StorageConnectionManager> create()
{
static std::weak_ptr<StorageConnectionManager> instance;
std::shared_ptr<StorageConnectionManager> sm = instance.lock();
if (!sm)
{
sm = std::shared_ptr<StorageConnectionManager>(new StorageConnectionManager());
instance = sm;
}
return sm;
}
/// Create an http::Session from a URI.
/// The configured timeout (net.connection_timeout_secs) is used when 0 is given.
static std::shared_ptr<http::Session>
getHttpSession(const Poco::URI& uri,
std::chrono::seconds timeout = std::chrono::seconds::zero());
/// Create an http::Request with the common headers.
static http::Request createHttpRequest(const Poco::URI& uri, const Authorization& auth);
private:
StorageConnectionManager() {}
#if 0
void initialize()
{
#if !MOBILEAPP
const auto& app = Poco::Util::Application::instance();
FilesystemEnabled = app.config().getBool("storage.filesystem[@allow]", false);
//parse wopi.storage.host only when there is no storage.wopi.alias_groups entry in config
if (!app.config().has("storage.wopi.alias_groups"))
{
HostUtil::parseWopiHost(app.config());
}
#if ENABLE_FEATURE_LOCK
CommandControl::LockManager::parseLockedHost(app.config());
#endif
HostUtil::parseAliases(app.config());
#if ENABLE_SSL
// FIXME: should use our own SSL socket implementation here.
Poco::Crypto::initializeCrypto();
Poco::Net::initializeSSL();
// Init client
Poco::Net::Context::Params sslClientParams;
// false default for upgrade to preserve legacy configuration
// in-config-file defaults are true.
SSLAsScheme = COOLWSD::getConfigValue<bool>("storage.ssl.as_scheme", false);
// Fallback to ssl.enable if not set - for back compatibility & simplicity.
SSLEnabled = COOLWSD::getConfigValue<bool>(
"storage.ssl.enable", COOLWSD::getConfigValue<bool>("ssl.enable", true));
#if ENABLE_DEBUG
char* StorageSSLEnabled = getenv("STORAGE_SSL_ENABLE");
if (StorageSSLEnabled != NULL)
{
if (!strcasecmp(StorageSSLEnabled, "true"))
SSLEnabled = true;
else if (!strcasecmp(StorageSSLEnabled, "false"))
SSLEnabled = false;
}
#endif
if (SSLEnabled)
{
sslClientParams.certificateFile = COOLWSD::getPathFromConfigWithFallback(
"storage.ssl.cert_file_path", "ssl.cert_file_path");
sslClientParams.privateKeyFile = COOLWSD::getPathFromConfigWithFallback(
"storage.ssl.key_file_path", "ssl.key_file_path");
sslClientParams.caLocation = COOLWSD::getPathFromConfigWithFallback(
"storage.ssl.ca_file_path", "ssl.ca_file_path");
sslClientParams.cipherList = COOLWSD::getPathFromConfigWithFallback(
"storage.ssl.cipher_list", "ssl.cipher_list");
sslClientParams.verificationMode =
(sslClientParams.caLocation.empty() ? Poco::Net::Context::VERIFY_NONE
: Poco::Net::Context::VERIFY_STRICT);
sslClientParams.loadDefaultCAs = true;
}
else
sslClientParams.verificationMode = Poco::Net::Context::VERIFY_NONE;
Poco::SharedPtr<Poco::Net::PrivateKeyPassphraseHandler> consoleClientHandler =
new Poco::Net::KeyConsoleHandler(false);
Poco::SharedPtr<Poco::Net::InvalidCertificateHandler> invalidClientCertHandler =
new Poco::Net::AcceptCertificateHandler(false);
Poco::Net::Context::Ptr sslClientContext =
new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, sslClientParams);
sslClientContext->disableProtocols(Poco::Net::Context::Protocols::PROTO_SSLV2 |
Poco::Net::Context::Protocols::PROTO_SSLV3 |
Poco::Net::Context::Protocols::PROTO_TLSV1);
Poco::Net::SSLManager::instance().initializeClient(
consoleClientHandler, invalidClientCertHandler, sslClientContext);
// Initialize our client SSL context.
ssl::Manager::initializeClientContext(
sslClientParams.certificateFile, sslClientParams.privateKeyFile,
sslClientParams.caLocation, sslClientParams.cipherList,
sslClientParams.caLocation.empty() ? ssl::CertificateVerification::Disabled
: ssl::CertificateVerification::Required);
if (!ssl::Manager::isClientContextInitialized())
LOG_ERR("Failed to initialize Client SSL.");
else
LOG_INF("Initialized Client SSL.");
#endif
#else
FilesystemEnabled = true;
#endif
}
#endif
/// Sanitize a URI by removing authorization tokens.
Poco::URI sanitizeUri(Poco::URI uri)
{
static const std::string access_token("access_token");
Poco::URI::QueryParameters queryParams = uri.getQueryParameters();
for (auto& param : queryParams)
{
// Sanitize more params as needed.
if (param.first == access_token)
{
// If access_token exists, clear it. But don't add it if not provided.
param.second.clear();
uri.setQueryParameters(queryParams);
break;
}
}
return uri;
}
/// Saves new URI when resource was moved
// void setUri(const Poco::URI& uri) { _uri = sanitizeUri(uri); }
static bool FilesystemEnabled;
/// If true, use only the WOPI URL for whether to use SSL to talk to storage server
static bool SSLAsScheme;
/// If true, force SSL communication with storage server
static bool SSLEnabled;
};
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */