ONLYOFFICE · AlexeySafronov · May 5, 2022 · May 5, 2022
diff --git a/common/ASC.FederatedLogin/OAuth20Token.cs b/common/ASC.FederatedLogin/OAuth20Token.cs
@@ -101,7 +101,14 @@ public static OAuth20Token FromJson(string json)
             if (string.IsNullOrEmpty(json)) return null;
             try
             {
-                return JsonSerializer.Deserialize<OAuth20Token>(json);
+                var result = JsonSerializer.Deserialize<OAuth20Token>(json);
+
+                if (result.Timestamp == default)
+                {
+                    result.Timestamp = DateTime.UtcNow;
+                }
+
+                return result;
             }
             catch (Exception)
             {

diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf
@@ -24,7 +24,7 @@ map $request_uri $header_x_frame_options {
 
 map $request_uri $cache_control {
   default "no-cache, no-store, must-revalidate";
-  ~*\/(api\/2\.0.*|storage|login\.ashx|products\/.+\/httphandlers\/filehandler\.ashx|ChunkedUploader.ashx|apisystem|sh|remoteEntry\.js|debuginfo\.md) "no-cache, no-store, must-revalidate";
+  ~*\/(api\/2\.0.*|storage|login\.ashx|products\/.+\/httphandlers\/filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md) "no-cache, no-store, must-revalidate";
   ~*\/(locales.*\.json) "public, no-transform";
   ~*\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|md|css|js)$ "public, no-transform";
 }
@@ -204,6 +204,11 @@ server {
 	location /backupFileUpload.ashx {
 		proxy_pass http://localhost:5012;
 		proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
+	}	
+
+	location /ThirdPartyApp {
+		proxy_pass http://localhost:5007;
+		proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
 	}
 
 	location /products {   

diff --git a/products/ASC.Files/Core/Core/FileStorageService.cs b/products/ASC.Files/Core/Core/FileStorageService.cs
@@ -82,6 +82,7 @@ public class FileStorageService<T> //: IFileStorageService
     {
         private static readonly FileEntrySerializer serializer = new FileEntrySerializer();
         private readonly OFormRequestManager _oFormRequestManager;
+        private readonly ThirdPartySelector _thirdPartySelector;
 
         private Global Global { get; }
         private GlobalStore GlobalStore { get; }
@@ -171,7 +172,8 @@ public FileStorageService(
             ICacheNotify<ThumbnailRequest> thumbnailNotify,
             EntryStatusManager entryStatusManager,
             CompressToArchive compressToArchive,
-            OFormRequestManager oFormRequestManager)
+            OFormRequestManager oFormRequestManager,
+            ThirdPartySelector thirdPartySelector)
         {
             Global = global;
             GlobalStore = globalStore;
@@ -217,6 +219,7 @@ public FileStorageService(
             EntryStatusManager = entryStatusManager;
             CompressToArchive = compressToArchive;
             _oFormRequestManager = oFormRequestManager;
+            _thirdPartySelector = thirdPartySelector;
         }
 
         public async Task<Folder<T>> GetFolderAsync(T folderId)
@@ -838,7 +841,7 @@ public async Task<string> StartEditAsync(T fileId, bool editingAlone = false, st
                 {
                     ErrorIf(FileTracker.IsEditing(fileId), FilesCommonResource.ErrorMassage_SecurityException_EditFileTwice);
 
-                    app = ThirdPartySelector.GetAppByFileId(fileId.ToString());
+                    app = _thirdPartySelector.GetAppByFileId(fileId.ToString());
                     if (app == null)
                     {
                         await EntryManager.TrackEditingAsync(fileId, Guid.Empty, AuthContext.CurrentAccount.ID, doc, true);
@@ -850,7 +853,7 @@ public async Task<string> StartEditAsync(T fileId, bool editingAlone = false, st
 
                 (File<string> File, Configuration<string> Configuration) fileOptions;
 
-                app = ThirdPartySelector.GetAppByFileId(fileId.ToString());
+                app = _thirdPartySelector.GetAppByFileId(fileId.ToString());
                 if (app == null)
                 {
                     fileOptions = await DocumentServiceHelper.GetParamsAsync(fileId.ToString(), -1, doc, true, true, false);

diff --git a/products/ASC.Files/Core/HttpHandlers/ThirdPartyAppHandler.ashx.cs b/products/ASC.Files/Core/HttpHandlers/ThirdPartyAppHandler.ashx.cs
@@ -40,34 +40,32 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 
 namespace ASC.Web.Files.HttpHandlers
 {
     public class ThirdPartyAppHandler
     {
-        private RequestDelegate Next { get; }
-        private IServiceProvider ServiceProvider { get; }
+        private RequestDelegate Next { get; }
+
+        public static string HandlerPath = "~/ThirdPartyApp";
 
-        public ThirdPartyAppHandler(RequestDelegate next, IServiceProvider serviceProvider)
+        public ThirdPartyAppHandler(RequestDelegate next)
         {
-            Next = next;
-            ServiceProvider = serviceProvider;
         }
 
-        public async Task Invoke(HttpContext context)
+        public async Task Invoke(HttpContext context, ThirdPartyAppHandlerService thirdPartyAppHandlerService)
         {
-            using var scope = ServiceProvider.CreateScope();
-            var thirdPartyAppHandlerService = scope.ServiceProvider.GetService<ThirdPartyAppHandlerService>();
             await thirdPartyAppHandlerService.InvokeAsync(context);
-            await Next.Invoke(context);
+            //await Next.Invoke(context);
         }
     }
 
     [Scope]
     public class ThirdPartyAppHandlerService
-    {
+    {
+        private readonly ThirdPartySelector _thirdPartySelector;
+
         private AuthContext AuthContext { get; }
         private CommonLinkUtility CommonLinkUtility { get; }
         private ILog Log { get; set; }
@@ -78,12 +76,14 @@ public ThirdPartyAppHandlerService(
             IOptionsMonitor<ILog> optionsMonitor,
             AuthContext authContext,
             BaseCommonLinkUtility baseCommonLinkUtility,
-            CommonLinkUtility commonLinkUtility)
+            CommonLinkUtility commonLinkUtility,
+            ThirdPartySelector thirdPartySelector)
         {
             AuthContext = authContext;
-            CommonLinkUtility = commonLinkUtility;
+            CommonLinkUtility = commonLinkUtility;
+            _thirdPartySelector = thirdPartySelector;
             Log = optionsMonitor.CurrentValue;
-            HandlerPath = baseCommonLinkUtility.ToAbsolute("~/thirdpartyapp");
+            HandlerPath = baseCommonLinkUtility.ToAbsolute(ThirdPartyAppHandler.HandlerPath);
         }
 
         public async Task InvokeAsync(HttpContext context)
@@ -94,7 +94,7 @@ public async Task InvokeAsync(HttpContext context)
 
             try
             {
-                var app = ThirdPartySelector.GetApp(context.Request.Query[ThirdPartySelector.AppAttr]);
+                var app = _thirdPartySelector.GetApp(context.Request.Query[ThirdPartySelector.AppAttr]);
                 Log.Debug("ThirdPartyApp: app - " + app);
 
                 if (await app.RequestAsync(context))

diff --git a/products/ASC.Files/Core/Services/DocumentService/Configuration.cs b/products/ASC.Files/Core/Services/DocumentService/Configuration.cs
@@ -31,7 +31,6 @@
 using System.Linq;
 using System.Text.Json;
 using System.Text.Json.Serialization;
-using System.Threading.Tasks;
 using System.Web;
 
 using ASC.Common;
@@ -214,14 +213,22 @@ public InfoConfig(BreadCrumbsManager breadCrumbsManager, FileSharing fileSharing
             UserManager = userManager;
         }
 
+        private bool? _favorite;
+        private bool _favoriteIsSet;
         public bool? Favorite
         {
             get
             {
+                if (_favoriteIsSet) return _favorite;
                 if (!SecurityContext.IsAuthenticated || UserManager.GetUsers(SecurityContext.CurrentAccount.ID).IsVisitor(UserManager)) return null;
                 if (File.Encrypted) return null;
                 return File.IsFavorite;
             }
+            set
+            {
+                _favoriteIsSet = true;
+                _favorite = value;
+            }
         }
 
         public string Folder
@@ -657,7 +664,8 @@ public CustomizationConfig(
             PathProvider pathProvider,
             CustomerConfig<T> customerConfig,
             LogoConfig<T> logoConfig,
-            FileSharing fileSharing)
+            FileSharing fileSharing,
+            ThirdPartySelector thirdPartySelector)
         {
             CoreBaseSettings = coreBaseSettings;
             SettingsManager = settingsManager;
@@ -671,9 +679,11 @@ public CustomizationConfig(
             Customer = customerConfig;
             Logo = logoConfig;
             FileSharing = fileSharing;
+            _thirdPartySelector = thirdPartySelector;
         }
 
         private Configuration<T> _configuration;
+        private readonly ThirdPartySelector _thirdPartySelector;
 
         internal void SetConfiguration(Configuration<T> configuration)
         {
@@ -682,7 +692,8 @@ internal void SetConfiguration(Configuration<T> configuration)
             Logo.SetConfiguration(_configuration);
         }
 
-        //private string _gobackUrl;
+        [JsonIgnore]
+        public string GobackUrl;
         public bool IsRetina { get; set; } = false;
 
 
@@ -716,7 +727,7 @@ public bool? Forcesave
             {
                 return FileUtility.CanForcesave
                        && !_configuration.Document.Info.GetFile().ProviderEntry
-                       && ThirdPartySelector.GetAppByFileId(_configuration.Document.Info.GetFile().ID.ToString()) == null
+                       && _thirdPartySelector.GetAppByFileId(_configuration.Document.Info.GetFile().ID.ToString()) == null
                        && FilesSettingsHelper.Forcesave;
             }
         }
@@ -727,13 +738,13 @@ public GobackConfig Goback
             {
                 if (_configuration.EditorType == EditorType.Embedded || _configuration.EditorType == EditorType.External) return null;
                 if (!AuthContext.IsAuthenticated) return null;
-                //if (_gobackUrl != null)
-                //{
-                //    return new GobackConfig
-                //    {
-                //        Url = _gobackUrl,
-                //    };
-                //}
+                if (GobackUrl != null)
+                {
+                    return new GobackConfig
+                    {
+                        Url = GobackUrl,
+                    };
+                }
 
                 var folderDao = DaoFactory.GetFolderDao<T>();
                 try

diff --git a/products/ASC.Files/Core/Services/DocumentService/DocumentServiceTracker.cs b/products/ASC.Files/Core/Services/DocumentService/DocumentServiceTracker.cs
@@ -164,7 +164,9 @@ public static string Serialize(TrackResponse response)
 
     [Scope]
     public class DocumentServiceTrackerHelper
-    {
+    {
+        private readonly ThirdPartySelector _thirdPartySelector;
+
         private SecurityContext SecurityContext { get; }
         private UserManager UserManager { get; }
         private TenantManager TenantManager { get; }
@@ -206,7 +208,8 @@ public DocumentServiceTrackerHelper(
             NotifyClient notifyClient,
             MailMergeTaskRunner mailMergeTaskRunner,
             FileTrackerHelper fileTracker,
-            IHttpClientFactory clientFactory)
+            IHttpClientFactory clientFactory,
+            ThirdPartySelector thirdPartySelector)
         {
             SecurityContext = securityContext;
             UserManager = userManager;
@@ -228,6 +231,7 @@ public DocumentServiceTrackerHelper(
             FileTracker = fileTracker;
             Logger = options.CurrentValue;
             ClientFactory = clientFactory;
+            _thirdPartySelector = thirdPartySelector;
         }
 
         public string GetCallbackUrl<T>(T fileId)
@@ -275,7 +279,7 @@ public async Task<TrackResponse> ProcessDataAsync<T>(T fileId, TrackerData fileD
 
         private async Task ProcessEditAsync<T>(T fileId, TrackerData fileData)
         {
-            if (ThirdPartySelector.GetAppByFileId(fileId.ToString()) != null)
+            if (_thirdPartySelector.GetAppByFileId(fileId.ToString()) != null)
             {
                 return;
             }
@@ -284,7 +288,7 @@ private async Task ProcessEditAsync<T>(T fileId, TrackerData fileData)
             var usersDrop = new List<string>();
 
             string docKey;
-            var app = ThirdPartySelector.GetAppByFileId(fileId.ToString());
+            var app = _thirdPartySelector.GetAppByFileId(fileId.ToString());
             if (app == null)
             {
                 File<T> fileStable;
@@ -356,7 +360,7 @@ private async Task<TrackResponse> ProcessSaveAsync<T>(T fileId, TrackerData file
                 userId = Guid.Empty;
             }
 
-            var app = ThirdPartySelector.GetAppByFileId(fileId.ToString());
+            var app = _thirdPartySelector.GetAppByFileId(fileId.ToString());
             if (app == null)
             {
                 File<T> fileStable;

diff --git a/products/ASC.Files/Core/ThirdPartyApp/BoxApp.cs b/products/ASC.Files/Core/ThirdPartyApp/BoxApp.cs
@@ -30,13 +30,12 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http;
-using System.Net.Http.Headers;
 using System.Security;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Web;
+using System.Web;
 
+using ASC.Common;
 using ASC.Common.Caching;
 using ASC.Common.Logging;
 using ASC.Common.Web;
@@ -73,7 +72,8 @@
 using SecurityContext = ASC.Core.SecurityContext;
 
 namespace ASC.Web.Files.ThirdPartyApp
-{
+{
+    [Scope]
     public class BoxApp : Consumer, IThirdPartyApp, IOAuthProvider
     {
         public const string AppAttr = "box";
@@ -329,43 +329,35 @@ public async Task SaveFileAsync(string fileId, string fileType, string downloadU
             var httpClient = _clientFactory.CreateClient();
 
             var request = new HttpRequestMessage();
-            request.RequestUri = new Uri(BoxUrlUpload.Replace("{fileId}", fileId));
-
-            using (var tmpStream = new MemoryStream())
-            {
-                var boundary = DateTime.UtcNow.Ticks.ToString("x");
-
-                var metadata = $"Content-Disposition: form-data; name=\"filename\"; filename=\"{title}\"\r\nContent-Type: application/octet-stream\r\n\r\n";
-                var metadataPart = $"--{boundary}\r\n{metadata}";
-                var bytes = Encoding.UTF8.GetBytes(metadataPart);
-                await tmpStream.WriteAsync(bytes, 0, bytes.Length);
-
-                if (stream != null)
-                {
-                    await stream.CopyToAsync(tmpStream);
-                }
-                else
-                {
-                    var downloadRequest = new HttpRequestMessage();
-                    downloadRequest.RequestUri = new Uri(downloadUrl);
-                    using var response = await httpClient.SendAsync(request);
-                    using var downloadStream = new ResponseStream(response);
-                    await downloadStream.CopyToAsync(tmpStream);
-                }
-
-                var mediaPartEnd = $"\r\n--{boundary}--\r\n";
-                bytes = Encoding.UTF8.GetBytes(mediaPartEnd);
-                await tmpStream.WriteAsync(bytes, 0, bytes.Length);
-
-                request.Method = HttpMethod.Post;
-                request.Headers.Add("Authorization", "Bearer " + token);
-                request.Content.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data; boundary=" + boundary);
-                Logger.Debug("BoxApp: save file totalSize - " + tmpStream.Length);
-
-                tmpStream.Seek(0, SeekOrigin.Begin);
-                request.Content = new StreamContent(tmpStream);
-            }
-
+            request.RequestUri = new Uri(BoxUrlUpload.Replace("{fileId}", fileId));
+
+            StreamContent streamContent;
+
+            using var multipartFormContent = new MultipartFormDataContent();
+
+            if (stream != null)
+            {
+                streamContent = new StreamContent(stream);
+            }
+            else
+            {
+                var downloadRequest = new HttpRequestMessage();
+                downloadRequest.RequestUri = new Uri(downloadUrl);
+                var response = await httpClient.SendAsync(downloadRequest);
+                var downloadStream = new ResponseStream(response);
+
+                streamContent = new StreamContent(downloadStream);
+            }
+
+            streamContent.Headers.TryAddWithoutValidation("Content-Type", MimeMapping.GetMimeMapping(title));
+            multipartFormContent.Add(streamContent, name: "filename", fileName: title);
+
+            request.Content = multipartFormContent;
+            request.Method = HttpMethod.Post;
+            request.Headers.Add("Authorization", "Bearer " + token);
+            //request.Content.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data; boundary=" + boundary);
+            //Logger.Debug("BoxApp: save file totalSize - " + tmpStream.Length);
+
             try
             {
                 using var response = await httpClient.SendAsync(request);