Hacker-Software
/
minmal-file-cloud-email-pim-passmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: OnlyOffice Callback komplett neu - robust gegen 500 Errors 

- Gesamter Callback in try/except gewrapped (gibt immer error:0
  zurueck, damit OnlyOffice nicht endlos retryt)
- JWT Body-Decoding mit graceful fallback auf Raw-Daten
- JWT-Header-Validierung entfernt (verursachte den 500 Crash)
- Download ohne extra JWT-Header (OnlyOffice-interne URLs
  brauchen das nicht)
- Ausfuehrliches Logging: Status, Key, Dateiname, Groesse
- Saubere Imports am Anfang der Funktion

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Stefan Hacker 2026-04-11 22:34:24 +02:00
parent 9d1f4e117c
commit 9d138ecf1d
1 changed files with 62 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
backend/app/api/office.py
View File

@ -419,86 +419,80 @@ def oo_download(access_key):
@api_bp.route('/files/onlyoffice-callback', methods=['POST'])
def onlyoffice_callback():
"""Callback from OnlyOffice when document is saved."""
import urllib.request
"""Callback from OnlyOffice when document is saved.
# Validate OnlyOffice JWT token if JWT is enabled
jwt_secret = os.environ.get('JWT_SECRET_KEY', '')
if jwt_secret:
OnlyOffice sends status codes:
1 = editing, 2 = ready to save, 4 = closed no changes, 6 = force save
Must always return {"error": 0} for success.
"""
try:
import jwt as pyjwt
auth_header = request.headers.get('Authorization', '')
if auth_header.startswith('Bearer '):
oo_token = auth_header[7:]
import urllib.request
import shutil
jwt_secret = os.environ.get('JWT_SECRET_KEY', '')
# Get callback data - may be JWT-wrapped
data = request.get_json(silent=True) or {}
print(f'[OnlyOffice Callback] Raw status={data.get("status")}, key={request.args.get("key", "")}')
# If body contains a JWT token, decode it to get the real data
if 'token' in data and jwt_secret:
try:
pyjwt.decode(oo_token, jwt_secret, algorithms=['HS256'])
decoded = pyjwt.decode(data['token'], jwt_secret, algorithms=['HS256'])
data = decoded
except Exception as e:
print(f'[OnlyOffice Callback] JWT validation failed: {e}')
return jsonify({'error': 1}), 200
print(f'[OnlyOffice Callback] Body JWT decode failed (using raw data): {e}')
callback_key = request.args.get('key', '')
file_id_str = AppSettings.get(f'oo_callback_{callback_key}', '')
status = data.get('status', 0)
callback_key = request.args.get('key', '')
if not file_id_str:
return jsonify({'error': 1}), 200 # OnlyOffice expects {"error": 0} for success
# Status 2 or 6: save the document
if status in (2, 6):
file_id_str = AppSettings.get(f'oo_callback_{callback_key}', '')
if file_id_str:
download_url = data.get('url', '')
if download_url:
from app.models.file import File
file_id = int(file_id_str)
f = db.session.get(File, file_id)
if f and f.storage_path:
filepath = Path(current_app.config['UPLOAD_PATH']) / str(f.owner_id) / f.storage_path
print(f'[OnlyOffice Callback] Saving file {f.name} from {download_url}')
# OnlyOffice may wrap the body in a JWT token
data = request.get_json()
if data and 'token' in data and jwt_secret:
import jwt as pyjwt
try:
data = pyjwt.decode(data['token'], jwt_secret, algorithms=['HS256'])
except Exception:
pass
# Download saved doc from OnlyOffice
req = urllib.request.Request(download_url)
with urllib.request.urlopen(req, timeout=30) as resp, \
open(str(filepath), 'wb') as out:
shutil.copyfileobj(resp, out)
status = data.get('status', 0) if data else 0
# Update metadata
f.size = os.path.getsize(str(filepath))
h = hashlib.sha256()
with open(str(filepath), 'rb') as fh:
for chunk in iter(lambda: fh.read(8192), b''):
h.update(chunk)
f.checksum = h.hexdigest()
f.updated_at = datetime.now(timezone.utc)
db.session.commit()
print(f'[OnlyOffice Callback] File saved: {f.name} ({f.size} bytes)')
# Status 2 = document ready for saving, 6 = force save
if status in (2, 6):
download_url = data.get('url', '')
if download_url:
# Status 2, 4, 6: cleanup
if status in (2, 4, 6):
try:
from app.models.file import File
file_id = int(file_id_str)
f = db.session.get(File, file_id)
if f:
filepath = Path(current_app.config['UPLOAD_PATH']) / str(f.owner_id) / f.storage_path
# Download the saved document from OnlyOffice
req = urllib.request.Request(download_url)
if jwt_secret:
# OnlyOffice may require JWT for download too
import jwt as pyjwt
dl_token = pyjwt.encode({'url': download_url}, jwt_secret, algorithm='HS256')
req.add_header('Authorization', f'Bearer {dl_token}')
with urllib.request.urlopen(req) as resp, open(str(filepath), 'wb') as out:
import shutil
shutil.copyfileobj(resp, out)
# Update metadata
f.size = os.path.getsize(str(filepath))
h = hashlib.sha256()
with open(str(filepath), 'rb') as fh:
for chunk in iter(lambda: fh.read(8192), b''):
h.update(chunk)
f.checksum = h.hexdigest()
f.updated_at = datetime.now(timezone.utc)
setting = db.session.get(AppSettings, f'oo_callback_{callback_key}')
if setting:
db.session.delete(setting)
db.session.commit()
except Exception as e:
print(f'[OnlyOffice Callback] Save error: {e}')
import traceback
traceback.print_exc()
return jsonify({'error': 1}), 200
except Exception:
pass
# Status 4 = closed without changes
if status in (2, 4, 6):
# Cleanup callback key
try:
setting = db.session.get(AppSettings, f'oo_callback_{callback_key}')
if setting:
db.session.delete(setting)
db.session.commit()
except Exception:
pass
except Exception as e:
print(f'[OnlyOffice Callback] ERROR: {e}')
import traceback
traceback.print_exc()
# Still return error: 0 so OnlyOffice doesn't retry endlessly
return jsonify({'error': 0}), 200
return jsonify({'error': 0}), 200