use jwt for securing preview image

op/op.TimelineFeedPreview.php

@@ -38,13 +38,11 @@ require_once("SeedDMS/Preview.php");
 if(empty($_GET['hash']))
 	exit;
 
-$token = new SeedDMS_JwtToken($settings->_extensions['encryptionKey']);
+$token = new SeedDMS_JwtToken($settings->_encryptionKey);
 if(!($tokenstr = $token->jwtDecode($_GET['hash'])))
 	exit;
 
 $tokendata = json_decode($tokenstr, true);
-print_r($tokendata);
-exit;
 
 if (!isset($tokendata['d']) || !is_numeric($tokendata['d'])) {
 	exit;

views/bootstrap/class.TimelineFeed.php

@@ -39,6 +39,7 @@ class SeedDMS_View_TimelineFeed extends SeedDMS_Theme_Style {
 	function show() { /* {{{ */
 		$dms = $this->params['dms'];
 		$user = $this->params['user'];
+		$settings = $this->params['settings'];
 		$httproot = $this->params['httproot'];
 		$skip = $this->params['skip'];
 		$fromdate = $this->params['fromdate'];
@@ -132,7 +133,10 @@ class SeedDMS_View_TimelineFeed extends SeedDMS_Theme_Style {
 						$version = $doc->getContentByVersion($item['version']);
 						$previewer->createPreview($version);
 						if($previewer->hasPreview($version)) {
-							$newItem->addElement('enclosure', null, array('url' => $baseurl.'op/op.TimelineFeedPreview.php?documentid='.$item['document']->getId().'&version='.$version->getVersion().'&width='.$previewwidthdetail, 'length'=>$previewer->getFileSize($version), 'type'=>'image/png'));
+							$token = new SeedDMS_JwtToken($settings->_encryptionKey);
+							$data = array('d'=>$doc->getId(), 'v'=>$item['version'], 'u'=>$user->getId(), 'w'=>$previewwidthdetail,);
+							$hash =  $token->jwtEncode($data);
+							$newItem->addElement('enclosure', null, array('url' => $baseurl.'op/op.TimelineFeedPreview.php?hash='.$hash, 'length'=>$previewer->getFileSize($version), 'type'=>'image/png'));
 						}
 					}
 					$feed->addItem($newItem);