Feat/overview and wopi

.eslintrc.cjs

@@ -6,4 +6,16 @@ module.exports = {
 		'jsdoc/require-jsdoc': 'off',
 		'vue/first-attribute-linebreak': 'off',
 	},
+	overrides: [
+		{
+			// @nextcloud/eslint-config uses @babel/eslint-parser for .vue files,
+			// which cannot parse TypeScript in <script setup lang="ts">.
+			// Override to use @typescript-eslint/parser as the inner parser.
+			files: ['**/*.vue'],
+			parser: 'vue-eslint-parser',
+			parserOptions: {
+				parser: '@typescript-eslint/parser',
+			},
+		},
+	],
 }

.stylelintrc.cjs

@@ -0,0 +1,5 @@
+module.exports = {
+	extends: [
+		'@nextcloud/stylelint-config',
+	],
+}

PHASE3_DECISIONS.md

@@ -0,0 +1,71 @@
+# Phase 3 — Design Decisions
+
+**Date:** 2026-05-23  
+**Scope:** WOPI share-link / guest token support
+
+---
+
+## D1 — User lock demotes guest write access
+
+**Decision:** Yes — if a `TYPE_USER` lock exists on a file whose owner ≠ `editorUid`, the guest's `UserCanWrite` is forced to `false` in CheckFileInfo.
+
+**Rationale:** `editorUid` is `null` for all guests, so they always fail the owner check. This is the safest default and matches both richdocuments and eurooffice-nextcloud behaviour. Two parties (a user and a guest) writing to the same file simultaneously would risk data loss.
+
+---
+
+## D2 — Share-level flags stored on the token row
+
+**Decision:** `hide_download` is stamped onto the `oc_office_wopi` row at token-generation time (migration `1002`). It is never re-read from the share on subsequent requests.
+
+**Rationale:** The `oc_office_wopi` token row is the right boundary — it is already the authority for `canwrite`, `owner_uid`, etc. Storing flags here avoids a per-request `IShareManager` lookup on every CheckFileInfo heartbeat. This is the richdocuments pattern.
+
+**Trade-off accepted:** Share revocation mid-session is not enforced. A deleted/revoked share leaves its issued tokens valid until they expire (10 h TTL). Acceptable for Phase 3; can be revisited if needed.
+
+---
+
+## D3 — Share revocation window accepted
+
+**Decision:** No per-request share re-validation. See D2.
+
+**Rationale:** Adds latency and couples the WOPI token lifetime to the share object. The 10 h token TTL bounds the exposure window. eurooffice-nextcloud (which re-validates per request) uses a different architecture with no WOPI token table — not applicable here.
+
+---
+
+## D4 — Guests may issue WOPI locks (same as authenticated users)
+
+**Decision:** No special guest check in `executeOperation`. Guests with `canWrite = true` may `LOCK`, `UNLOCK`, and `REFRESH_LOCK`.
+
+**Rationale:** richdocuments allows guests to lock. Blocking guests from locking would cause EO to skip `PutFile` (EO locks before writing), breaking guest editing entirely. The 30-minute lock TTL and `CleanupJob` are the mitigations against lock-and-abandon abuse.
+
+---
+
+## D5 — Share scope for Phase 3
+
+**Decision:** All three types handled in one shot:
+- **File shares** — share node is a `File`; returned directly.
+- **Folder shares** — share node is a `Folder`; resolved by `fileId` or relative `path` parameter. NC's `Folder::get()` / `getFirstNodeById()` throw `NotFoundException` on traversal — no extra guard needed.
+- **Password-protected shares** — checked via `ISession::get('public_link_authenticated')`. Supports both legacy string format and current array-of-IDs format (matches richdocuments).
+
+**Deferred:** Federated/remote shares. Internal user-through-share tokens (authenticated user viewing a share link gets a guest token for Phase 3; full user-token path deferred to Phase 4).
+
+---
+
+## Architecture notes
+
+- `UserCanNotWriteRelative` = `$wopi->isGuest() || $wopi->getHideDownload()` — guests can never write relative (Save As to owner storage), and hideDownload also blocks it.
+- `HideExportOption`, `DisablePrint`, `DisableExport` are all derived from `hideDownload` at CheckFileInfo time.
+- `generateFileToken` (authenticated users) does not accept a `hideDownload` param — always `false`. Share-level restrictions only apply to the guest path.
+- `files_sharing` app is not declared as a formal dependency (matches richdocuments). `IShareManager::getShareByToken()` returns a clean 404 if the share is not found.
+
+---
+
+## Known gaps (deferred)
+
+**KG1 — Password-protected share UI** (P4)  
+`ShareController` returns `401 Password required` when the session lacks `public_link_authenticated`. There is currently no redirect to `/s/{shareToken}` or embedded password form. Users must visit `/s/{shareToken}` first, then navigate to the editor URL. A P4 redirect or embedded challenge is needed.
+
+**KG2 — Authenticated-user-through-share** (P4)  
+An authenticated NC user visiting a share link currently gets a guest token. richdocuments issues a user token (with the user's own uid) for authenticated visitors. Deferred to P4 — requires a `$userSession->isLoggedIn()` branch in `ShareController`.
+
+**KG3 — Federated/remote share support** (deferred, not P4)  
+`ShareController` accepts any share type returned by `IShareManager::getShareByToken()`. Federated shares (TYPE_REMOTE, TYPE_REMOTE_GROUP) are not tested. `getHideDownload()` is confirmed in `OCP\Share\IShare` and returns `false` for non-link shares by default, so no crash risk. Full federated support is out of scope.

README.md

@@ -1,25 +1,137 @@
 # Office
 
-A template to get started with Nextcloud app development.
+A Nextcloud app that integrates Euro-Office as a WOPI host, providing a document hub
+and full-page editor. Nextcloud acts as the WOPI host (file storage, token authority,
+lock manager); Euro-Office acts as the WOPI client (rendering, editing).
 
-## Usage
+> **Note:** This branch (`feat/overview-and-wopi`) is a combined test branch that
+> merges `feat/euro-office-overview` and `feat/wopi-phase-4`. It is not a development
+> target — work happens on those two branches independently.
 
-- To get started easily use the [Appstore App generator](https://apps.nextcloud.com/developer/apps/generate) to
-  dynamically generate an App based on this repository with all the constants prefilled.
-- Alternatively you can use the "Use this template" button on the top of this page to create a new repository based on
-  this repository. Afterwards adjust all the necessary constants like App ID, namespace, descriptions etc.
+---
 
-Once your app is ready follow the [instructions](https://nextcloudappstore.readthedocs.io/en/latest/developer.html) to
-upload it to the Appstore.
+## Features
 
-## Resources
+- **Overview page** at `/apps/office` — browse, filter, search, and create Documents,
+  Spreadsheets, Presentations, and Diagrams from one place
+- **Filters** — All / Mine / Shared with me
+- **Search** — within the active category, with an "Open in Files" escape hatch
+- **View toggle** — Grid (thumbnail previews) or List, persisted per user
+- **Template creator** — create new files from editor-provided templates
+- **Full-page editor** at `/apps/office/open?fileId=N`
+- **WOPI host implementation** — CheckFileInfo, GetFile, PutFile, Lock/Unlock/RefreshLock
+- **Files app integration** — DEFAULT file action for all MIME types advertised by the editor
+- **Public share support** — guest tokens for link-share access (Phase 3)
+- **Clean navigation** — editor close (`history.back()`) returns the user to the overview
 
-### Documentation for developers:
+---
 
-- General documentation and tutorials: https://nextcloud.com/developer
-- Technical documentation: https://docs.nextcloud.com/server/latest/developer_manual
+## Local development
 
-### Help for developers:
+### Requirements
 
-- Official community chat: https://cloud.nextcloud.com/call/xs25tz5y
-- Official community forum: https://help.nextcloud.com/c/dev/11
+- [nextcloud-docker-dev](https://github.com/juliushaertl/nextcloud-docker-dev)
+- NC ≥ 33
+- Node 24 / npm 11
+- Euro-Office server reachable from the NC container
+
+### 1. Mount the app into the container
+
+Add to `nextcloud-docker-dev/docker-compose.override.yml`:
+
+```yaml
+services:
+  nextcloud:
+    volumes:
+      - /path/to/office:/var/www/html/apps-extra/office
+```
+
+Restart the container after saving.
+
+### 2. Enable the app and disable eurooffice
+
+```bash
+docker exec -u www-data nextcloud-docker-dev-nextcloud-1 \
+  php occ app:enable office
+
+# Disable eurooffice so it does not compete for the DEFAULT file action
+docker exec -u www-data nextcloud-docker-dev-nextcloud-1 \
+  php occ app:disable eurooffice
+```
+
+### 3. Build the frontend
+
+```bash
+npm ci
+npm run build      # one-off build
+npm run watch      # rebuild on file changes
+```
+
+---
+
+## How it works
+
+### User flow
+
+1. User navigates to `/apps/office`
+2. Overview lists all office files, grouped by type
+3. User clicks a file → navigated to `/apps/office/open?fileId=N`
+4. `EditorController` mints a WOPI token and builds the editor URL
+5. Euro-Office loads the file via the WOPI protocol
+6. User closes the editor → `history.back()` returns to the overview
+
+### WOPI flow
+
+```
+Browser                  NC (WOPI host)                  Euro-Office (WOPI client)
+   |                          |                                   |
+   |  GET /apps/office/open   |                                   |
+   |------------------------->|                                   |
+   |                          | mint WOPI token (TokenManager)    |
+   |                          | build editor URL with wopisrc     |
+   |   editor iframe / page   |                                   |
+   |<-------------------------|                                   |
+   |                          |  GET /wopi/files/{id}?token=...  |
+   |                          |<----------------------------------|
+   |                          |  CheckFileInfo response           |
+   |                          |---------------------------------->|
+   |                          |  GET /wopi/files/{id}/contents   |
+   |                          |<----------------------------------|
+   |                          |  file bytes                       |
+   |                          |---------------------------------->|
+   |   ← editing session →    |                                   |
+   |                          |  POST /wopi/files/{id}/contents  |
+   |                          |<----------------------------------|
+   |                          |  204 No Content                   |
+   |                          |---------------------------------->|
+```
+
+### Key classes
+
+| Class | Responsibility |
+|---|---|
+| `PageController` | Renders overview page; injects editor URL into NC initial state |
+| `EditorController` | Renders editor page; mints WOPI token; builds editor URL from discovery XML |
+| `WopiController` | WOPI protocol endpoint — handles all `/wopi/files/` requests |
+| `TokenManager` | Creates and validates WOPI tokens; manages token TTL and guest vs user access |
+| `DiscoveryService` | Fetches and caches the editor's discovery XML; resolves MIME → action URL |
+| `ShareController` | Issues guest tokens for public share links |
+| `WopiMapper` / `WopiLockMapper` | Persistence for WOPI tokens and file locks |
+| `CleanupJob` | Background job — expires stale locks and tokens |
+
+---
+
+## Public share support (Phase 3)
+
+Share link visitors (`/s/{token}`) receive a guest WOPI token via `ShareController`.
+File access, locking, and `CheckFileInfo` flags (`HideExportOption`, `DisablePrint`,
+`UserCanWrite`, etc.) are derived from the share's permissions and `hide_download`
+flag at token-issue time.
+
+**Known gaps** — see `PHASE3_DECISIONS.md` for full context:
+
+- **KG1** — Password-protected shares: no redirect to `/s/{token}` password page yet.
+  Users must authenticate at `/s/{token}` before navigating to the editor.
+- **KG2** — Authenticated users through share links receive guest tokens.
+  Full user-token path deferred to Phase 4.
+- **KG3** — Federated/remote shares not tested.

appinfo/info.xml

@@ -12,8 +12,14 @@
 	<category>office</category>
 	<bugs>https://github.com/nextcloud/office</bugs>
 	<dependencies>
-		<nextcloud min-version="31" max-version="32"/>
+		<nextcloud min-version="33" max-version="35"/>
 	</dependencies>
+	<background-jobs>
+		<job>OCA\Office\BackgroundJob\CleanupJob</job>
+	</background-jobs>
+	<settings>
+		<admin>OCA\Office\Settings\Admin</admin>
+	</settings>
 	<navigations>
 		<navigation>
 			<id>office</id>

lib/AppInfo/Application.php

@@ -4,10 +4,18 @@
 
 namespace OCA\Office\AppInfo;
 
+use OCA\Office\Listener\LoadAdditionalScriptsListener;
+use OCA\Office\TokenManager;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
+use OCP\Collaboration\Resources\LoadAdditionalScriptsEvent;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\IRootFolder;
+use OCP\IURLGenerator;
+use OCP\IUserSession;
+use Psr\Log\LoggerInterface;
 
 class Application extends App implements IBootstrap {
 	public const APP_ID = 'office';
@@ -18,6 +26,18 @@ public function __construct() {
 	}
 
 	public function register(IRegistrationContext $context): void {
+		$context->registerEventListener(LoadAdditionalScriptsEvent::class, LoadAdditionalScriptsListener::class);
+
+		$context->registerService(TokenManager::class, static function ($c) {
+			return new TokenManager(
+				$c->get(IRootFolder::class),
+				$c->get(\OCA\Office\Db\WopiMapper::class),
+				$c->get(IURLGenerator::class),
+				$c->get(IEventDispatcher::class),
+				$c->get(LoggerInterface::class),
+				$c->get(IUserSession::class)->getUser()?->getUID(),
+			);
+		});
 	}
 
 	public function boot(IBootContext $context): void {

lib/BackgroundJob/CleanupJob.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Office\BackgroundJob;
+
+use OCA\Office\Db\WopiLockMapper;
+use OCA\Office\Db\WopiMapper;
+use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\BackgroundJob\TimedJob;
+
+class CleanupJob extends TimedJob {
+	private const BATCH_SIZE = 500;
+
+	public function __construct(
+		ITimeFactory $time,
+		private WopiMapper $wopiMapper,
+		private WopiLockMapper $wopiLockMapper,
+	) {
+		parent::__construct($time);
+		$this->setInterval(3600); // run hourly
+	}
+
+	protected function run(mixed $argument): void {
+		$tokenIds = $this->wopiMapper->getExpiredTokenIds(self::BATCH_SIZE);
+		if (!empty($tokenIds)) {
+			$this->wopiMapper->deleteByIds($tokenIds);
+		}
+
+		$lockIds = $this->wopiLockMapper->getExpiredLockIds(self::BATCH_SIZE);
+		if (!empty($lockIds)) {
+			$this->wopiLockMapper->deleteByIds($lockIds);
+		}
+	}
+}