✨(back) create wopi application

Makefile

@@ -115,6 +115,7 @@ logs: ## display app-dev logs (follow mode)
 
 run: ## start the wsgi (production) and development server
 	@$(COMPOSE) up --force-recreate -d nginx
+	@$(MAKE) configure-wopi
 .PHONY: run
 
 run-with-frontend: ## Start all the containers needed (backend to frontend)
@@ -191,6 +192,10 @@ superuser: ## Create an admin superuser with password "admin"
 	@$(MANAGE) createsuperuser --email [email protected] --password admin
 .PHONY: superuser
 
+configure-wopi: ## configure the wopi settings
+	@$(MANAGE) trigger_wopi_configuration
+.PHONY: configure-wopi
+
 back-i18n-compile: ## compile the gettext files
 	@$(MANAGE) compilemessages --ignore="venv/**/*"
 .PHONY: back-i18n-compile

compose.yaml

@@ -84,6 +84,8 @@ services:
         condition: service_started
       celery-dev:
         condition: service_started
+      collabora:
+        condition: service_started
 
   celery-dev:
     user: ${DOCKER_USER:-1000}
@@ -214,3 +216,14 @@ services:
       - "8080:8080"
     depends_on:
       - kc_postgresql
+
+  collabora:
+    image: collabora/code:latest
+    ports:
+      - "9980:9980"
+    environment:
+      - extra_params=--o:ssl.enable=false
+      - username=drive
+      - password=password
+      - server_name=localhost:9980
+      - aliasgroup1=app-dev:8000

env.d/development/common.dist

@@ -45,3 +45,7 @@ LOGOUT_REDIRECT_URL=http://localhost:3000
 
 OIDC_REDIRECT_ALLOWED_HOSTS=["http://localhost:8083", "http://localhost:3000"]
 OIDC_AUTH_REQUEST_EXTRA_PARAMS={"acr_values": "eidas1"}
+
+WOPI_CLIENTS="collabora"
+WOPI_COLLABORA_DISCOVERY_URL="http://collabora:9980/hosting/discovery"
+WOPI_SRC_BASE_URL=http://app-dev:8000

src/backend/core/api/serializers.py

@@ -10,6 +10,7 @@
 
 from core import models
 from core.api import utils
+from wopi import utils as wopi_utils
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -131,6 +132,7 @@ class ListItemSerializer(serializers.ModelSerializer):
     url = serializers.SerializerMethodField()
     creator = UserLiteSerializer(read_only=True)
     hard_delete_at = serializers.SerializerMethodField(read_only=True)
+    is_wopi_supported = serializers.SerializerMethodField()
 
     class Meta:
         model = models.Item
@@ -160,6 +162,7 @@ class Meta:
             "description",
             "deleted_at",
             "hard_delete_at",
+            "is_wopi_supported",
         ]
         read_only_fields = [
             "id",
@@ -185,6 +188,7 @@ class Meta:
             "description",
             "deleted_at",
             "hard_delete_at",
+            "is_wopi_supported",
         ]
 
     def get_abilities(self, item) -> dict:
@@ -230,6 +234,10 @@ def get_hard_delete_at(self, item):
         hard_delete_at = item.deleted_at + timedelta(days=settings.TRASHBIN_CUTOFF_DAYS)
         return hard_delete_at.isoformat()
 
+    def get_is_wopi_supported(self, item):
+        """Return whether the item is supported by WOPI protocol."""
+        return wopi_utils.is_item_wopi_supported(item)
+
 
 class ItemSerializer(ListItemSerializer):
     """Serialize items with all fields for display in detail views."""
@@ -262,6 +270,7 @@ class Meta:
             "description",
             "deleted_at",
             "hard_delete_at",
+            "is_wopi_supported",
         ]
         read_only_fields = [
             "id",
@@ -286,6 +295,7 @@ class Meta:
             "size",
             "deleted_at",
             "hard_delete_at",
+            "is_wopi_supported",
         ]
 
     def create(self, validated_data):

src/backend/core/api/utils.py

@@ -109,9 +109,18 @@ def generate_upload_policy(item):
         Fields={"acl": "private"},
         Conditions=[
             {"acl": "private"},
-            ["content-length-range", 0, settings.ITEM_FILE_MAX_SIZE],
+            ["content-length-range", 0, settings.DATA_UPLOAD_MAX_MEMORY_SIZE],
         ],
         ExpiresIn=settings.AWS_S3_UPLOAD_POLICY_EXPIRATION,
     )
 
     return policy
+
+
+def get_item_file_head_object(item):
+    """
+    Get the head object of an item file.
+    """
+    return default_storage.connection.meta.client.head_object(
+        Bucket=default_storage.bucket_name, Key=item.file_key
+    )

src/backend/core/api/viewsets.py

@@ -14,6 +14,7 @@
 from django.db import models as db
 from django.db import transaction
 from django.db.models.expressions import RawSQL
+from django.urls import reverse
 
 import magic
 import rest_framework as drf
@@ -24,6 +25,8 @@
 
 from core import enums, models
 from core.tasks.item import process_item_deletion
+from wopi.services import access as access_service
+from wopi.utils import compute_wopi_launch_url, get_wopi_client_config
 
 from . import permissions, serializers, utils
 from .filters import ItemFilter, ListItemFilter
@@ -34,7 +37,7 @@
 UUID_REGEX = (
     r"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}"
 )
-FILE_EXT_REGEX = r"(\.[a-zA-Z0-9]+)?$"
+FILE_EXT_REGEX = '[^.\\/:*?&"<>|\r\n]+'
 MEDIA_STORAGE_URL_PATTERN = re.compile(
     f"{settings.MEDIA_URL:s}"
     f"(?P<key>{ITEM_FOLDER:s}/(?P<pk>{UUID_REGEX:s})/.*{FILE_EXT_REGEX:s})$"
@@ -1018,6 +1021,34 @@ def media_auth(self, request, *args, **kwargs):
 
         return drf.response.Response("authorized", headers=request.headers, status=200)
 
+    @drf.decorators.action(detail=True, methods=["get"], url_path="wopi")
+    def wopi(self, request, *args, **kwargs):
+        """
+        This view is used to generate an access token and access token ttl in order to start
+        a WOPI session for the item and the current user.
+        """
+        item = self.get_object()
+
+        if not (wopi_client := get_wopi_client_config(item)):
+            raise drf.exceptions.ValidationError(
+                {"detail": "This item does not suport WOPI integration."}
+            )
+
+        service = access_service.AccessUserItemService()
+        access_token, access_token_ttl = service.insert_new_access(item, request.user)
+
+        get_file_info = reverse("files-detail", kwargs={"pk": item.id})
+        launch_url = compute_wopi_launch_url(wopi_client, get_file_info)
+
+        return drf.response.Response(
+            {
+                "access_token": access_token,
+                "access_token_ttl": access_token_ttl,
+                "launch_url": launch_url,
+            },
+            status=drf.status.HTTP_200_OK,
+        )
+
 
 class ItemAccessViewSet(
     ResourceAccessViewsetMixin,

src/backend/core/factories.py

@@ -8,10 +8,12 @@
 
 import factory.fuzzy
 from faker import Faker
+from faker.providers import file
 
 from core import models
 
 fake = Faker()
+fake.add_provider(file)
 
 
 class UserFactory(factory.django.DjangoModelFactory):
@@ -67,9 +69,7 @@ class Meta:
     )
     type = factory.fuzzy.FuzzyChoice([t[0] for t in models.ItemTypeChoices.choices])
     filename = factory.lazy_attribute(
-        lambda o: factory.Faker("file_name")
-        if o.type == models.ItemTypeChoices.FILE
-        else None
+        lambda o: fake.file_name() if o.type == models.ItemTypeChoices.FILE else None
     )
     upload_state = None
 

src/backend/core/models.py

@@ -8,6 +8,7 @@
 from collections import defaultdict
 from datetime import timedelta
 from logging import getLogger
+from os.path import splitext
 
 from django.conf import settings
 from django.contrib.auth import models as auth_models
@@ -606,6 +607,21 @@ def descendants(self):
         """Return the descendants of the item excluding the item itself."""
         return super().descendants().exclude(id=self.id)
 
+    @property
+    def extension(self):
+        """Return the extension related to the filename."""
+        if self.filename is None:
+            raise RuntimeError(
+                "The item must have a filename to compute its extension."
+            )
+
+        _, extension = splitext(self.filename)
+
+        if extension:
+            return extension.lstrip(".")
+
+        return None
+
     @property
     def key_base(self):
         """Key base of the location where the item is stored in object storage."""
@@ -765,6 +781,7 @@ def get_abilities(self, user, ancestors_links=None):
             "partial_update": is_owner_or_admin if self.is_root else can_update,
             "update": is_owner_or_admin if self.is_root else can_update,
             "upload_ended": can_update and user.is_authenticated,
+            "wopi": can_get,
         }
 
     def send_email(self, subject, emails, context=None, language=None):

src/backend/core/tests/conftest.py

@@ -2,13 +2,22 @@
 
 from unittest import mock
 
+from django.core.cache import cache
+
 import pytest
 
 USER = "user"
 TEAM = "team"
 VIA = [USER, TEAM]
 
 
+@pytest.fixture(autouse=True)
+def clear_cache():
+    """Fixture to clear the cache before each test."""
+    yield
+    cache.clear()
+
+
 @pytest.fixture
 def mock_user_teams():
     """Mock for the "teams" property on the User model."""