decode payload if onlyoffice have jwt token

classes/converter.php

@@ -100,7 +100,7 @@ public function create_client(): documentserver_client {
 
         // Only create client if it hasn't already been done.
         if ($this->client == null) {
-            $this->client = new documentserver_client($this->config->internaloodsurl);
+            $this->client = new documentserver_client($this->config->internaloodsurl, $this->config->documentserversecret);
         }
 
         return $this->client;

classes/documentserver_client.php

@@ -24,6 +24,7 @@
 namespace fileconverter_onlyoffice;
 
 use coding_exception;
+use Firebase\JWT\JWT;
 use curl;
 
 defined('MOODLE_INTERNAL') || die();
@@ -46,21 +47,36 @@ class documentserver_client {
      * @var string
      */
     private $documentserverhost;
+    /**
+     * Private OnlyOfice document server Secret Token
+     * @var string
+     */
+    private $documentserversecret;
 
     /**
      * Initialise the client.
      * @param string $documentserverhost Private OnlyOfice document server URL
      */
-    public function __construct(string $documentserverhost) {
+    public function __construct(string $documentserverhost, string $documentserversecret = null) {
         $this->documentserverhost = rtrim($documentserverhost, '/');
+        $this->documentserversecret = $documentserversecret;
         $this->curl = new \curl();
     }
 
     public function request_conversion($params) {
         $endpoint = $this->documentserverhost . '/ConvertService.ashx';
+        if ($this->documentserversecret ) {
+             $payload = ["payload" => $params];
+             $headertoken = JWT::encode($payload, $this->documentserversecret);
+             $token = JWT::encode($params, $this->documentserversecret);
+             $params['token'] = $token;
+        }
         $callargs = json_encode($params);
         $this->curl->setHeader('Content-type: application/json');
         $this->curl->setHeader('Accept: application/json');
+        if ($this->documentserversecret) {
+            $this->curl->setHeader('Authorization: ' . $headertoken);
+        }
         $response = $this->curl->post($endpoint, $callargs);
 
         if ($this->curl->errno != 0) {

lang/en/fileconverter_onlyoffice.php

@@ -33,4 +33,5 @@
 $string['preparesubmissionsforannotation'] = 'Prepare submissions for annotation';
 $string['privacy:metadata:filecontent'] = 'The content of the file.';
 $string['privacy:metadata:externalpurpose'] = 'The file is send to a external ONLYOFFICE document server, which stores the file briefly in order to convert it into the desired file format.';
-
+$string['documentserversecret'] = 'Document Server Secret';
+$string['documentserversecret_desc'] = 'The secret is used to generate the token (an encrypted signature) in the browser for the document editor opening and calling the methods and the requests to the document command service and document conversion service. The token prevents the substitution of important parameters in ONLYOFFICE Document Server requests.';

settings.php

@@ -34,6 +34,11 @@
         get_string('settings:internaloodsurl', 'fileconverter_onlyoffice'),
         get_string('settings:internaloodsurl_help', 'fileconverter_onlyoffice'),
         ''));
+        // Token Secret JWT
+    $settings->add(new admin_setting_configtext('fileconverter_onlyoffice/documentserversecret',
+        get_string('documentserversecret', 'fileconverter_onlyoffice'),
+        get_string('documentserversecret_desc', 'fileconverter_onlyoffice'),
+    ''));
 
     // Specify the URL at which the OO document server can reach the Moodle wwwroot.
     // Usually it is identical to the wwwroot, but it may vary in certain configurations (e. g., containerised setup with Docker).