def cboxDownload():
'''Returns the file's content for a given valid access token. Used as a download URL,
so that the file's path is never explicitly visible.'''
try:
acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256'])
if acctok['exp'] < time.time():
raise jwt.exceptions.ExpiredSignatureError
resp = flask.Response(xrdcl.readfile(acctok['filename'], acctok['ruid'], acctok['rgid']), mimetype='application/octet-stream')
resp.headers['Content-Disposition'] = 'attachment; filename="%s"' % os.path.basename(acctok['filename'])
resp.status_code = httplib.OK
Wopi.log.info('msg="cboxDownload: direct download succeeded" filename="%s" user="%s:%s" token="%s"' % \
(acctok['filename'], acctok['ruid'], acctok['rgid'], flask.request.args['access_token'][-20:]))
return resp
except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e:
Wopi.log.warning('msg="Signature verification failed" client="%s" requestedUrl="%s" token="%s"' % \
(flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token']))
return 'Invalid access token', httplib.NOT_FOUND
except IOError, e:
Wopi.log.info('msg="Requested file not found" filename="%s" token="%s" error="%s"' % \
(acctok['filename'], flask.request.args['access_token'][-20:], e))
return 'File not found', httplib.NOT_FOUND
except KeyError, e:
Wopi.log.error('msg="Invalid access token or request argument" error="%s"' % e)
return 'Invalid access token', httplib.UNAUTHORIZED
except Exception, e:
return _logGeneralExceptionAndReturn(e, flask.request)
评论列表
文章目录
