Nextcloud Alpha

cs3org · Dec 28, 2021 · dd3da06 · dd3da06
1 parent 06154a2
commit dd3da06
Show file tree

Hide file tree

Showing 37 changed files with 900 additions and 1,831 deletions.
diff --git a/changelog/unreleased/fix-ocmd-tutorial.md b/changelog/unreleased/fix-ocmd-tutorial.md
@@ -0,0 +1,7 @@
+Bugfix: Accept new userid idp format
+
+The format for userid idp [changed](https://github.com/cs3org/cs3apis/pull/159)
+and this broke [the ocmd tutorial](https://reva.link/docs/tutorials/share-tutorial/#5-1-4-create-the-share)
+This PR makes the provider authorizer interceptor accept both the old and the new string format.
+
+See https://github.com/cs3org/reva/issues/2285 and https://github.com/cs3org/reva/issues/2285
diff --git a/changelog/unreleased/nextcloud-ocm-share-manager.md b/changelog/unreleased/nextcloud-ocm-share-manager.md
@@ -0,0 +1,7 @@
+Enhancement: Nextcloud-based share manager for pkg/ocm/share
+
+Note that pkg/ocm/share is very similar to pkg/share,
+but it deals with cs3/sharing/ocm
+whereas pkg/share deals with cs3/sharing/collaboration
+
+https://github.com/cs3org/reva/pull/2163
diff --git a/examples/nextcloud-integration/revad.toml b/examples/nextcloud-integration/revad.toml
@@ -93,19 +93,19 @@ disable_tus = true
 ".zmd" = "application/compressed-markdown"
 
 [grpc.services.storageprovider.drivers.nextcloud]
-end_point = "http://localhost/apps/sciencemesh/"
+endpoint = "http://localhost/apps/sciencemesh/"
 user_layout = "{{.Username}}"
 
 
 [grpc.services.authprovider]
 auth_manager = "nextcloud"
 [grpc.services.authprovider.drivers.nextcloud]
-end_point = "http://localhost/apps/sciencemesh/"
+endpoint = "http://localhost/apps/sciencemesh/"
 
 [grpc.services.userprovider]
 driver = "nextcloud"
 [grpc.services.userprovider.drivers.nextcloud]
-end_point = "http://localhost/apps/sciencemesh/"
+endpoint = "http://localhost/apps/sciencemesh/"
 
 [http]
 address = "0.0.0.0:19001"

diff --git a/internal/grpc/services/gateway/authprovider.go b/internal/grpc/services/gateway/authprovider.go
@@ -24,7 +24,6 @@ import (
  "strings"
 
  authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
- provider "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
  registry "github.com/cs3org/go-cs3apis/cs3/auth/registry/v1beta1"
  gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
  userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
@@ -55,7 +54,7 @@ func (s *svc) Authenticate(ctx context.Context, req *gateway.AuthenticateRequest
  }, nil
  }
 
- authProviderReq := &provider.AuthenticateRequest{
+ authProviderReq := &authpb.AuthenticateRequest{
  ClientId: req.ClientId,
  ClientSecret: req.ClientSecret,
  }
@@ -200,7 +199,7 @@ func (s *svc) WhoAmI(ctx context.Context, req *gateway.WhoAmIRequest) (*gateway.
  return res, nil
 }
 
-func (s *svc) findAuthProvider(ctx context.Context, authType string) (provider.ProviderAPIClient, error) {
+func (s *svc) findAuthProvider(ctx context.Context, authType string) (authpb.ProviderAPIClient, error) {
  c, err := pool.GetAuthRegistryServiceClient(s.c.AuthRegistryEndpoint)
  if err != nil {
  err = errors.Wrap(err, "gateway: error getting auth registry client")

diff --git a/internal/grpc/services/ocmcore/ocmcore.go b/internal/grpc/services/ocmcore/ocmcore.go
@@ -22,11 +22,11 @@ import (
  "context"
  "encoding/json"
  "fmt"
- "strings"
 
  ocmcore "github.com/cs3org/go-cs3apis/cs3/ocm/core/v1beta1"
  ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
  provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+ typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
  "github.com/cs3org/reva/pkg/errtypes"
  "github.com/cs3org/reva/pkg/ocm/share"
  "github.com/cs3org/reva/pkg/ocm/share/manager/registry"
@@ -107,17 +107,11 @@ func (s *service) UnprotectedEndpoints() []string {
  return []string{"/cs3.ocm.core.v1beta1.OcmCoreAPI/CreateOCMCoreShare"}
 }
 
+// CreateOCMCoreShare is called when an OCM request comes into this reva instance from
 func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCMCoreShareRequest) (*ocmcore.CreateOCMCoreShareResponse, error) {
- parts := strings.Split(req.ProviderId, ":")
- if len(parts) < 2 {
- return &ocmcore.CreateOCMCoreShareResponse{
- Status: status.NewInternal(ctx, "error decoding resource ID"),
- }, nil
- }
-
  resource := &provider.ResourceId{
- StorageId: parts[0],
- OpaqueId: parts[1],
+ StorageId: "remote",
+ OpaqueId: req.Name,
  }
 
  var resourcePermissions *provider.ResourcePermissions
@@ -163,6 +157,15 @@ func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCM
  // For now, we only support user shares.
  // TODO (ishank011): To be updated once this is decided.
  Id: &provider.Grantee_UserId{UserId: req.ShareWith},
+ // passing this in grant.Grantee.Opaque because ShareGrant itself doesn't have a root opaque.
+ Opaque: &typespb.Opaque{
+ Map: map[string]*typespb.OpaqueEntry{
+ "remoteShareId": {
+ Decoder: "plain",
+ Value: []byte(req.ProviderId),
+ },
+ },
+ },
  },
  Permissions: &ocm.SharePermissions{
  Permissions: resourcePermissions,
@@ -178,6 +181,7 @@ func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCM
  }
 
  share, err := s.sm.Share(ctx, resource, grant, req.Name, nil, "", req.Owner, token, shareType)
+
  if err != nil {
  return &ocmcore.CreateOCMCoreShareResponse{
  Status: status.NewInternal(ctx, "error creating ocm core share"),

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -102,8 +102,20 @@ func (s *service) UnprotectedEndpoints() []string {
  return []string{}
 }
 
+// Note: this is for outgoing OCM shares
+// This function is used when you for instance
+// call `ocm-share-create` in reva-cli.
+// For incoming OCM shares from internal/http/services/ocmd/shares.go
+// there is the very similar but slightly different function
+// CreateOCMCoreShare (the "Core" somehow means "incoming").
+// So make sure to keep in mind the difference between this file for outgoing:
+// internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+// and the other one for incoming:
+// internal/grpc/service/ocmcore/ocmcore.go
+// Both functions end up calling the same s.sm.Share function
+// on the OCM share manager:
+// pkg/ocm/share/manager/{json|nextcloud|...}
 func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareRequest) (*ocm.CreateOCMShareResponse, error) {
-
  if req.Opaque == nil {
  return &ocm.CreateOCMShareResponse{
  Status: status.NewInternal(ctx, "can't find resource permissions"),
@@ -144,6 +156,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 
  // discover share type
  sharetype := ocm.Share_SHARE_TYPE_REGULAR
+ // FIXME: https://github.com/cs3org/reva/issues/2402
  protocol, ok := req.Opaque.Map["protocol"]
  if ok {
  switch protocol.Decoder {
@@ -156,9 +169,12 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
  Status: status.NewInternal(ctx, "error creating share"),
  }, nil
  }
+ // token = protocol FIXME!
  }
 
- share, err := s.sm.Share(ctx, req.ResourceId, req.Grant, name, req.RecipientMeshProvider, permissions, nil, "", sharetype)
+ var sharedSecret string = ""
+ share, err := s.sm.Share(ctx, req.ResourceId, req.Grant, name, req.RecipientMeshProvider, permissions, nil, sharedSecret, sharetype)
+
  if err != nil {
  return &ocm.CreateOCMShareResponse{
  Status: status.NewInternal(ctx, "error creating share"),

diff --git a/internal/http/interceptors/providerauthorizer/providerauthorizer.go b/internal/http/interceptors/providerauthorizer/providerauthorizer.go
@@ -21,6 +21,8 @@ package providerauthorizer
 import (
  "fmt"
  "net/http"
+ "net/url"
+ "strings"
 
  ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
  "github.com/cs3org/reva/pkg/appctx"
@@ -83,8 +85,19 @@ func New(m map[string]interface{}, unprotected []string, ocmPrefix string) (glob
  return
  }
 
+ userIdp := ctxpkg.ContextMustGetUser(ctx).Id.Idp
+ if !(strings.Contains(userIdp, "://")) {
+ userIdp = "https://" + userIdp
+ }
+ userIdpURL, err := url.Parse(userIdp)
+ if err != nil {
+ log.Error().Err(err).Msg("error parsing user idp in provider authorizer")
+ w.WriteHeader(http.StatusUnauthorized)
+ return
+ }
+
  err = authorizer.IsProviderAllowed(ctx, &ocmprovider.ProviderInfo{
- Domain: ctxpkg.ContextMustGetUser(ctx).Id.Idp,
+ Domain: userIdpURL.Hostname(),
  })
  if err != nil {
  log.Error().Err(err).Msg("provider not registered in OCM")

diff --git a/internal/http/services/ocmd/config.go b/internal/http/services/ocmd/config.go
@@ -30,7 +30,7 @@ type configData struct {
  Enabled bool `json:"enabled" xml:"enabled"`
  APIVersion string `json:"apiVersion" xml:"apiVersion"`
  Host string `json:"host" xml:"host"`
- Endpoint string `json:"endpoint" xml:"endpoint"`
+ Endpoint string `json:"endPoint" xml:"endPoint"`
  Provider string `json:"provider" xml:"provider"`
  ResourceTypes []resourceTypes `json:"resourceTypes" xml:"resourceTypes"`
 }
@@ -61,7 +61,11 @@ func (h *configHandler) init(c *Config) {
  h.c.Provider = "cernbox"
  }
  h.c.Enabled = true
- h.c.Endpoint = fmt.Sprintf("https://%s/%s", h.c.Host, c.Prefix)
+ if len(c.Prefix) > 0 {
+ h.c.Endpoint = fmt.Sprintf("https://%s/%s", h.c.Host, c.Prefix)
+ } else {
+ h.c.Endpoint = fmt.Sprintf("https://%s", h.c.Host)
+ }
  h.c.ResourceTypes = []resourceTypes{{
  Name: "file",
  ShareTypes: []string{"user"},