diff --git a/backend/app/api/office.py b/backend/app/api/office.py index ab9213c..fec5700 100644 --- a/backend/app/api/office.py +++ b/backend/app/api/office.py @@ -1,7 +1,7 @@ import io import os import hashlib -from datetime import datetime, timezone +from datetime import datetime, timezone, timedelta from pathlib import Path from flask import request, jsonify, current_app, send_file @@ -353,9 +353,22 @@ def onlyoffice_config(file_id): AppSettings.set(f'oo_callback_{callback_key}', str(file_id)) # Build the config - # The URLs must be reachable by OnlyOffice server (not the browser) - base_url = request.host_url.rstrip('/') - token = request.args.get('token', '') or request.headers.get('Authorization', '').replace('Bearer ', '') + # Internal URL for OnlyOffice to reach our backend (Docker network) + internal_url = os.environ.get('ONLYOFFICE_INTERNAL_URL', 'http://minicloud:5000') + + # Generate a long-lived token for OnlyOffice file access (24h) + from app.api.auth import create_access_token + import jwt as pyjwt + oo_file_token = pyjwt.encode( + { + 'user_id': user.id, + 'type': 'access', + 'exp': datetime.now(timezone.utc) + timedelta(hours=24), + 'iat': datetime.now(timezone.utc), + }, + current_app.config['JWT_SECRET_KEY'], + algorithm='HS256', + ) config = { 'available': True, @@ -365,11 +378,11 @@ def onlyoffice_config(file_id): 'fileType': ext, 'key': f'{file_id}_{f.checksum or "0"}_{callback_key[:8]}', 'title': f.name, - 'url': f'{base_url}/api/files/{file_id}/download?token={token}', + 'url': f'{internal_url}/api/files/{file_id}/download?token={oo_file_token}', }, 'documentType': doc_type, 'editorConfig': { - 'callbackUrl': f'{base_url}/api/files/onlyoffice-callback?key={callback_key}', + 'callbackUrl': f'{internal_url}/api/files/onlyoffice-callback?key={callback_key}', 'mode': 'edit' if can_write else 'view', 'lang': 'de', 'user': {