From f4d1be99fe9fe5f71f14c756a3c6ac59e4536331 Mon Sep 17 00:00:00 2001 From: Spocke Date: Mon, 3 Dec 2018 10:58:50 +0100 Subject: [PATCH] backported changed from 5.x branch --- configure/jwt-authentication.md | 41 +++++++++++++++++++++++---------- plugins/drive.md | 20 ++++++++++++++-- 2 files changed, 47 insertions(+), 14 deletions(-) diff --git a/configure/jwt-authentication.md b/configure/jwt-authentication.md index 3be8bcd..fb677f7 100644 --- a/configure/jwt-authentication.md +++ b/configure/jwt-authentication.md @@ -1,6 +1,7 @@ --- layout: default -title: JWT Authentication +title: JWT authentication setup +title_nav: JWT authentication setup description_short: JWT Authentication description: JWT is a common authorization solution for web services. --- @@ -14,14 +15,14 @@ This section is intended to be used by developers with prior knowledge of JSON W Some cloud services for TinyMCE require you to setup JWT authentication. This allows us to verify that you and your end user are allowed to access a particular feature. JWT is a common authorization solution for web services and is documented in more detail at the https://jwt.io/ website. The guide aims to show how to setup JWT authentication for the cloud services provided for TinyMCE. -## Private/Public Key Pair +## Private/public key pair Tokens used by the TinyMCE cloud services make use of a public/private RSA key-pair. This allows you as an integrator to have full control over the authentication as we don't store the private key. Only you have access to the private key, and only you can produce valid tokens. We can only verify that they are valid and extract user information from that token. The private/public key pair is created in your [Tiny account page](https://apps.tiny.cloud/my-account/jwt-key-manager/), but we only store the public key on our side. The private key is for you to store in your backend. -## JWT Provider URL +## JWT provider URL The easiest way to setup JWT authentication against TinyMCE cloud services is to create a JWT provider endpoint. This endpoint takes a JSON HTTP POST request and produces a JSON result with the token that the service will then use for all the HTTP requests. @@ -49,7 +50,7 @@ All of these algorithms use the private RSA key to sign the JWT, but vary in how * **sub** - _(required)_ Unique string to identify the user. This can be a database ID, hashed email address, or similar identifier. * **name** - _(required)_ Full name of the user that will be used for presentation inside Tiny Drive. When the user uploads a file, this name is presented as the creator of that file. -## PHP Token Provider Example +## PHP token provider example This example uses the [Firebase JWT library](https://github.com/firebase/php-jwt) provided through the Composer dependency manager. The private key should be the private key that was generated through your Tiny Account. Each service requires different claims to be provided. The following example shows the sub and name claims needed for Tiny Drive. @@ -68,9 +69,17 @@ $privateKey = << "123", // Unique user id string - "name" => "John Doe", // Full name of user - "exp" => time() + 60 * 10 // 10 minutes expiration + // Unique user id string + "sub" => "123", + + // Full name of user + "name" => "John Doe", + + // Optional custom user root path + // "https://claims.tiny.cloud/drive/root" => "/johndoe", + + // 10 minutes expiration + "exp" => time() + 60 * 10 ); try { @@ -86,7 +95,7 @@ try { ?> ``` -## Node Token Provider Example +## Node token provider example This example shows you how to set up a Node.js express handler that produces the tokens. It requires you to install the Express web framework and the `jsonwebtoken` Node modules. Each service requires different claims to be provided. The following example shows the sub and name claims needed for Tiny Drive. @@ -106,9 +115,17 @@ const privateKey = ` app.post('/jwt', function (req, res) { const payload = { - sub: '123', // Unique user id string - name: 'John Doe', // Full name of user - exp: Math.floor(Date.now() / 1000) + (60 * 10) // 10 minutes expiration + // Unique user id string + sub: '123', + + // Full name of user + name: 'John Doe', + + // Optional custom user root path + // 'https://claims.tiny.cloud/drive/root': '/johndoe', + + // 10 minutes expiration + exp: Math.floor(Date.now() / 1000) + (60 * 10) }; try { @@ -127,7 +144,7 @@ app.post('/jwt', function (req, res) { app.listen(3000); ``` -## Tiny Drive Specific JWT Claims: +## Tiny Drive specific JWT claims: **sub** - (required) Unique string to identify the user. This can be a database id, hashed email address, or similar identifier. diff --git a/plugins/drive.md b/plugins/drive.md index a41c8e6..440ba7e 100644 --- a/plugins/drive.md +++ b/plugins/drive.md @@ -1,6 +1,6 @@ --- layout: default -title: Drive +title: Drive plugin title_nav: Drive description: Cloud-based file and image management for TinyMCE. keywords: tinydrive storage media tiny drive @@ -80,6 +80,22 @@ tinymce.init({ }); ``` +### `tinydrive_max_image_dimension` + +This setting enables you to constrain the width/height of uploaded images. When this is enabled any images with a higher width or height than the specified amount would be proportionally resized down to the specified max dimension. + +**Type:** `Number` + +#### Example + +```js +tinymce.init({ + selector: "textarea", // change this value according to your HTML + plugins: "tinydrive", + tinydrive_max_image_dimension: 1024 +}); +``` + ## Insert File toolbar button Drive will automatically integrate into the Image, Link, and Media dialogs as a file picker. You can also configure it to insert files directly into your content using the `insertfile` button. To enable this button, add it to your toolbar editor setting. @@ -138,4 +154,4 @@ If you move or rename a file, it will still have the same unique URL, so the res ## User specific root -It's common that you want to be able to have user specific paths so that each user within your system gets it's own directory. This can be done by setting the `https://claims.tiny.cloud/drive/root` custom jwt claim to a path within your tiny drive account. This path will automatically be constructured when the user is accessing drive using a jwt key with that claim. The user only be able to see and manage files within that root. +It's common that you want to be able to have user specific paths so that each user within your system gets it's own directory. This can be done by setting the `https://claims.tiny.cloud/drive/root` custom jwt claim to a path within your tiny drive account. This path will automatically be constructured when the user is accessing drive using a jwt key with that claim. The user only be able to see and manage files within that root. \ No newline at end of file