Serverside generated preview URLs (#20021)

* Serverside generated preview URLs

* Add URL provider notation to UrlInfo

* Change preview URL generation to happen at preview time based on provider alias

* Update XML docs

* Always add culture (if available) to preview URL

* Do not log user input (security vulnerability)

* Fix typo

* Re-generate TypeScript client

from Management API

* Deprecated `UmbDocumentPreviewRepository.enter()` (for v19)

Fixed TS errors

Added temp stub for `getPreviewUrl`

* Adds `previewOption` extension-type

* Adds "default" `previewOption` kind

* Relocated "Save and Preview" workspace action

reworked using the "default" `previewOption` kind.

* Added stub for "urlProvider" `previewOption` kind

* Renamed "workspace-action-default-kind.element.ts"

to a more suitable filename.

Exported element so can be reused in other packages,
e.g. documents, for the new "save and preview" feature.

* Refactored "Save and Preview" button

to work with first action's manifest/API.

* Reverted `previewOption` extension-type

Re-engineered to make a "urlProvider" kind for `workspaceActionMenuItem`.
This is to simplify the extension point and surrounding logic.

* Modified `saveAndPreview` Document Workspace Context

to accept a URL Provider Alias.

* Refactored "Save and Preview" button

to extend `UmbWorkspaceActionElement`.

This did mean exposing certain methods/properties to be overridable.

* Used `umbPeekError` to surface any errors to the user

* Renamed `urlProvider` kind to `previewOption`

* Relocated `urlProviderAlias` inside the `meta` property

* also throw an error

* Added missing `await`

* Fix build errors after forward merge

---------

Co-authored-by: leekelleher <[email protected]>
Co-authored-by: Jacob Overgaard <[email protected]>
Co-authored-by: Laura Neto <[email protected]>

Author: 4 people

src/Umbraco.Cms.Api.Management/Controllers/Document/DocumentPreviewUrlController.cs

@@ -0,0 +1,53 @@
+using Asp.Versioning;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Api.Common.Builders;
+using Umbraco.Cms.Api.Management.Factories;
+using Umbraco.Cms.Api.Management.ViewModels.Document;
+using Umbraco.Cms.Core.Models;
+using Umbraco.Cms.Core.Services;
+
+namespace Umbraco.Cms.Api.Management.Controllers.Document;
+
+[ApiVersion("1.0")]
+public class DocumentPreviewUrlController : DocumentControllerBase
+{
+    private readonly IContentService _contentService;
+    private readonly IDocumentUrlFactory _documentUrlFactory;
+
+    public DocumentPreviewUrlController(
+        IContentService contentService,
+        IDocumentUrlFactory documentUrlFactory)
+    {
+        _contentService = contentService;
+        _documentUrlFactory = documentUrlFactory;
+    }
+
+    [MapToApiVersion("1.0")]
+    [HttpGet("{id:guid}/preview-url")]
+    [ProducesResponseType(typeof(DocumentUrlInfo), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
+    public async Task<IActionResult> GetPreviewUrl(Guid id, string providerAlias, string? culture, string? segment)
+    {
+        IContent? content = _contentService.GetById(id);
+        if (content is null)
+        {
+            return NotFound(new ProblemDetailsBuilder()
+                .WithTitle("Document not found")
+                .WithDetail("The requested document did not exist.")
+                .Build());
+        }
+
+        DocumentUrlInfo? previewUrlInfo = await _documentUrlFactory.GetPreviewUrlAsync(content, providerAlias, culture, segment);
+        if (previewUrlInfo is null)
+        {
+            return BadRequest(new ProblemDetailsBuilder()
+                .WithTitle("No preview URL for document")
+                .WithDetail("Failed to produce a preview URL for the requested document.")
+                .Build());
+        }
+
+        return Ok(previewUrlInfo);
+    }
+}

src/Umbraco.Cms.Api.Management/Controllers/Preview/EnterPreviewController.cs

@@ -7,6 +7,7 @@
 namespace Umbraco.Cms.Api.Management.Controllers.Preview;
 
 [ApiVersion("1.0")]
+[Obsolete("Do not use this. Preview state is initiated implicitly by the preview URL generation. Scheduled for removal in V18.")]
 public class EnterPreviewController : PreviewControllerBase
 {
     private readonly IPreviewService _previewService;

src/Umbraco.Cms.Api.Management/Factories/DocumentUrlFactory.cs

@@ -1,24 +1,45 @@
+using Microsoft.Extensions.Logging;
+using Umbraco.Cms.Api.Management.Routing;
 using Umbraco.Cms.Api.Management.ViewModels.Document;
 using Umbraco.Cms.Core.Models;
+using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Routing;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Extensions;
 
 namespace Umbraco.Cms.Api.Management.Factories;
 
 public class DocumentUrlFactory : IDocumentUrlFactory
 {
     private readonly IPublishedUrlInfoProvider _publishedUrlInfoProvider;
+    private readonly UrlProviderCollection _urlProviders;
+    private readonly IPreviewService _previewService;
+    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
+    private readonly IAbsoluteUrlBuilder _absoluteUrlBuilder;
+    private readonly ILogger<DocumentUrlFactory> _logger;
 
-
-    public DocumentUrlFactory(IPublishedUrlInfoProvider publishedUrlInfoProvider)
-        => _publishedUrlInfoProvider = publishedUrlInfoProvider;
+    public DocumentUrlFactory(
+        IPublishedUrlInfoProvider publishedUrlInfoProvider,
+        UrlProviderCollection urlProviders,
+        IPreviewService previewService,
+        IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
+        IAbsoluteUrlBuilder absoluteUrlBuilder,
+        ILogger<DocumentUrlFactory> logger)
+    {
+        _publishedUrlInfoProvider = publishedUrlInfoProvider;
+        _urlProviders = urlProviders;
+        _previewService = previewService;
+        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
+        _absoluteUrlBuilder = absoluteUrlBuilder;
+        _logger = logger;
+    }
 
     public async Task<IEnumerable<DocumentUrlInfo>> CreateUrlsAsync(IContent content)
     {
         ISet<UrlInfo> urlInfos = await _publishedUrlInfoProvider.GetAllAsync(content);
-
         return urlInfos
-            .Where(urlInfo => urlInfo.IsUrl)
-            .Select(urlInfo => new DocumentUrlInfo { Culture = urlInfo.Culture, Url = urlInfo.Text })
+            .Select(urlInfo => CreateDocumentUrlInfo(urlInfo, false))
             .ToArray();
     }
 
@@ -34,4 +55,54 @@ public async Task<IEnumerable<DocumentUrlInfoResponseModel>> CreateUrlSetsAsync(
 
         return documentUrlInfoResourceSets;
     }
+
+    public async Task<DocumentUrlInfo?> GetPreviewUrlAsync(IContent content, string providerAlias, string? culture, string? segment)
+    {
+        IUrlProvider? provider = _urlProviders.FirstOrDefault(provider => provider.Alias.InvariantEquals(providerAlias));
+        if (provider is null)
+        {
+            _logger.LogError("Could not resolve a URL provider requested for preview - it was not registered in the URL providers collection.");
+            return null;
+        }
+
+        UrlInfo? previewUrlInfo = await provider.GetPreviewUrlAsync(content, culture, segment);
+        if (previewUrlInfo is null)
+        {
+            _logger.LogError("The URL provider could not generate a preview URL for content with key: {contentKey}", content.Key);
+            return null;
+        }
+
+        // must initiate preview state for internal preview URLs
+        if (previewUrlInfo.Url is not null && previewUrlInfo.IsExternal is false)
+        {
+            IUser? currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
+            if (currentUser is null)
+            {
+                _logger.LogError("Could not access the current backoffice user while attempting to authenticate for preview.");
+                return null;
+            }
+
+            if (await _previewService.TryEnterPreviewAsync(currentUser) is false)
+            {
+                _logger.LogError("A server error occured, could not initiate an authenticated preview state for the current user.");
+                return null;
+            }
+        }
+
+        return CreateDocumentUrlInfo(previewUrlInfo, previewUrlInfo.IsExternal is false);
+    }
+
+    private DocumentUrlInfo CreateDocumentUrlInfo(UrlInfo urlInfo, bool ensureAbsoluteUrl)
+    {
+        var url = urlInfo.Url?.ToString();
+        return new DocumentUrlInfo
+        {
+            Culture = urlInfo.Culture,
+            Url = ensureAbsoluteUrl && url is not null
+                ? _absoluteUrlBuilder.ToAbsoluteUrl(url).ToString()
+                : url,
+            Message = urlInfo.Message,
+            Provider = urlInfo.Provider,
+        };
+    }
 }

src/Umbraco.Cms.Api.Management/Factories/IDocumentUrlFactory.cs

@@ -8,4 +8,6 @@ public interface IDocumentUrlFactory
     Task<IEnumerable<DocumentUrlInfo>> CreateUrlsAsync(IContent content);
 
     Task<IEnumerable<DocumentUrlInfoResponseModel>> CreateUrlSetsAsync(IEnumerable<IContent> contentItems);
+
+    Task<DocumentUrlInfo?> GetPreviewUrlAsync(IContent content, string providerAlias, string? culture, string? segment);
 }

src/Umbraco.Cms.Api.Management/OpenApi.json

@@ -8659,6 +8659,101 @@
         ]
       }
     },
+    "/umbraco/management/api/v1/document/{id}/preview-url": {
+      "get": {
+        "tags": [
+          "Document"
+        ],
+        "operationId": "GetDocumentByIdPreviewUrl",
+        "parameters": [
+          {
+            "name": "id",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string",
+              "format": "uuid"
+            }
+          },
+          {
+            "name": "providerAlias",
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "culture",
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "segment",
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "oneOf": [
+                    {
+                      "$ref": "#/components/schemas/DocumentUrlInfoModel"
+                    }
+                  ]
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Bad Request",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "oneOf": [
+                    {
+                      "$ref": "#/components/schemas/ProblemDetails"
+                    }
+                  ]
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "Not Found",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "oneOf": [
+                    {
+                      "$ref": "#/components/schemas/ProblemDetails"
+                    }
+                  ]
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "The resource is protected and requires an authentication token"
+          },
+          "403": {
+            "description": "The authenticated user does not have access to this resource"
+          }
+        },
+        "security": [
+          {
+            "Backoffice-User": [ ]
+          }
+        ]
+      }
+    },
     "/umbraco/management/api/v1/document/{id}/public-access": {
       "post": {
         "tags": [
@@ -23869,6 +23964,7 @@
             "description": "The resource is protected and requires an authentication token"
           }
         },
+        "deprecated": true,
         "security": [
           {
             "Backoffice-User": [ ]
@@ -39315,6 +39411,8 @@
       "DocumentUrlInfoModel": {
         "required": [
           "culture",
+          "message",
+          "provider",
           "url"
         ],
         "type": "object",
@@ -39324,6 +39422,14 @@
             "nullable": true
           },
           "url": {
+            "type": "string",
+            "nullable": true
+          },
+          "message": {
+            "type": "string",
+            "nullable": true
+          },
+          "provider": {
             "type": "string"
           }
         },
@@ -41519,7 +41625,8 @@
             "nullable": true
           },
           "url": {
-            "type": "string"
+            "type": "string",
+            "nullable": true
           }
         },
         "additionalProperties": false

src/Umbraco.Cms.Api.Management/ViewModels/Content/ContentUrlInfoBase.cs

@@ -4,5 +4,5 @@ public abstract class ContentUrlInfoBase
 {
     public required string? Culture { get; init; }
 
-    public required string Url { get; init; }
+    public required string? Url { get; init; }
 }

src/Umbraco.Cms.Api.Management/ViewModels/Document/DocumentUrlInfo.cs

@@ -2,6 +2,9 @@
 
 namespace Umbraco.Cms.Api.Management.ViewModels.Document;
 
-public sealed class DocumentUrlInfo : ContentUrlInfoBase
+public class DocumentUrlInfo : ContentUrlInfoBase
 {
+    public required string? Message { get; init; }
+
+    public required string Provider { get; init; }
 }

src/Umbraco.Core/Constants-UrlProviders.cs

@@ -0,0 +1,11 @@
+namespace Umbraco.Cms.Core;
+
+public static partial class Constants
+{
+    public static class UrlProviders
+    {
+        public const string Content = "umbDocumentUrlProvider";
+
+        public const string Media = "umbMediaUrlProvider";
+    }
+}

src/Umbraco.Core/Events/AddUnroutableContentWarningsWhenPublishingNotificationHandler.cs

@@ -108,7 +108,7 @@ public async Task HandleAsync(ContentPublishedNotification notification, Cancell
             EventMessages eventMessages = _eventMessagesFactory.Get();
             foreach (var culture in successfulCultures)
             {
-                if (urls.Where(u => u.Culture == culture || culture == "*").All(u => u.IsUrl is false))
+                if (urls.Where(u => u.Culture == culture || culture == "*").All(u => u.Url is null))
                 {
                     eventMessages.Add(new EventMessage("Content published", "The document does not have a URL, possibly due to a naming collision with another document. More details can be found under Info.", EventMessageType.Warning));