commit 2b04573

Merge: 8fb9914 2323410 Author: Michael Barz <mbarz@owncloud.com> Date: Mon Feb 13 22:30:09 2023 +0100 Merge pull request #5559 from owncloud/branding-api Branding api
owncloud · Feb 13, 2023 · 9c3899e · 9c3899e
1 parent b16a8b1
commit 9c3899e
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 22 deletions.
diff --git a/services/_includes/adoc/global_configvars.adoc b/services/_includes/adoc/global_configvars.adoc
@@ -131,7 +131,7 @@ a| [subs=-attributes]
 ++groupOfNames ++
 
 a| [subs=-attributes]
-The object class to use for groups in the default group search filter ('groupOfNames'). 
+The object class to use for groups in the default group search filter like 'groupOfNames'. 
 
 a| `LDAP_GROUP_SCHEMA_DISPLAYNAME`
 
@@ -181,7 +181,7 @@ a| [subs=-attributes]
 ++ownclouduuid ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
+LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.
 
 a| `LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
 
@@ -197,7 +197,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.
+Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.
 
 a| `LDAP_GROUP_SCHEMA_MAIL`
 
@@ -336,7 +336,7 @@ a| [subs=-attributes]
 ++inetOrgPerson ++
 
 a| [subs=-attributes]
-The object class to use for users in the default user search filter ('inetOrgPerson').
+The object class to use for users in the default user search filter like 'inetOrgPerson'.
 
 a| `LDAP_USER_SCHEMA_DISPLAYNAME`
 
@@ -370,7 +370,7 @@ a| [subs=-attributes]
 ++ownclouduuid ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as the unique id for users. This should be a stable globally unique ID like a UUID.
+LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.
 
 a| `LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
 
@@ -386,7 +386,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.
+Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.
 
 a| `LDAP_USER_SCHEMA_MAIL`
 
@@ -456,7 +456,7 @@ a| [subs=-attributes]
 ++ ++
 
 a| [subs=-attributes]
-ID of the user who collects all necessary information for deletion.
+ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.
 
 a| `OCIS_CACHE_STORE_ADDRESS`
 
@@ -467,13 +467,13 @@ a| [subs=attributes+]
 * xref:{s-path}/storage-users.adoc[storage-users] +
 
 a| [subs=-attributes]
-++[]string ++
+++string ++
 
 a| [subs=-attributes]
-++[] ++
+++ ++
 
 a| [subs=-attributes]
-Node addresses to use for the cache store.
+A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd"
 
 a| `OCIS_CACHE_STORE_SIZE`
 
@@ -502,10 +502,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++memory ++
+++ ++
 
 a| [subs=-attributes]
-Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
+The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory"
 
 a| `OCIS_CORS_ALLOW_CREDENTIALS`
 
@@ -538,7 +538,7 @@ a| [subs=-attributes]
 ++[]string ++
 
 a| [subs=-attributes]
-++[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override] ++
+++[Authorization Origin Content-Type Accept X-Requested-With] ++
 
 a| [subs=-attributes]
 A comma-separated list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
@@ -556,7 +556,7 @@ a| [subs=-attributes]
 ++[]string ++
 
 a| [subs=-attributes]
-++[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] ++
+++[GET POST PUT PATCH DELETE OPTIONS] ++
 
 a| [subs=-attributes]
 A comma-separated list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method
@@ -881,6 +881,7 @@ a| [subs=attributes+]
 * xref:{s-path}/storage-system.adoc[storage-system] +
 * xref:{s-path}/storage-users.adoc[storage-users] +
 * xref:{s-path}/users.adoc[users] +
+* xref:{s-path}/web.adoc[web] +
 
 a| [subs=-attributes]
 ++string ++
@@ -1085,7 +1086,7 @@ a| [subs=-attributes]
 ++ ++
 
 a| [subs=-attributes]
-The machine auth API key used to validate internal requests necessary to access resources from other services.
+Machine auth API key used to validate internal requests necessary to access resources from other services.
 
 a| `OCIS_OIDC_ISSUER`
 
@@ -1353,7 +1354,7 @@ a| [subs=-attributes]
 ++https://localhost:9200 ++
 
 a| [subs=-attributes]
-The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
+The public facing URL of the oCIS Web UI, used e.g. when sending notification eMails
 
 a| `REVA_GATEWAY`
 
@@ -1388,7 +1389,7 @@ a| [subs=-attributes]
 ++127.0.0.1:9142 ++
 
 a| [subs=-attributes]
-The CS3 gateway endpoint.
+CS3 gateway used to look up user metadata
 
 a| `STORAGE_TRANSFER_SECRET`
 
@@ -1403,7 +1404,7 @@ a| [subs=-attributes]
 ++ ++
 
 a| [subs=-attributes]
-Transfer secret for signing file up- and download requests.
+The storage transfer secret.
 
 a| `STORAGE_USERS_OCIS_ASYNC_UPLOADS`
 

diff --git a/services/_includes/adoc/web_configvars.adoc b/services/_includes/adoc/web_configvars.adoc
@@ -201,7 +201,7 @@ a|`WEB_ASSET_PATH` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++ ++
+++~/.ocis/web/assets ++
 a| [subs=-attributes]
 Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets.
 
@@ -298,5 +298,24 @@ a| [subs=-attributes]
 ++openid profile email ++
 a| [subs=-attributes]
 OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.
+
+a|`OCIS_JWT_SECRET` +
+`WEB_JWT_SECRET` +
+
+a| [subs=-attributes]
+++string ++
+a| [subs=-attributes]
+++ ++
+a| [subs=-attributes]
+The secret to mint and validate jwt tokens.
+
+a|`WEB_GATEWAY_GRPC_ADDR` +
+
+a| [subs=-attributes]
+++string ++
+a| [subs=-attributes]
+++127.0.0.1:9142 ++
+a| [subs=-attributes]
+The bind address of the GRPC service.
 |===
 
diff --git a/services/_includes/proxy-config-example.yaml b/services/_includes/proxy-config-example.yaml
@@ -42,6 +42,8 @@ policies:
   - endpoint: /.well-known/openid-configuration
     service: com.owncloud.web.idp
     unprotected: true
+  - endpoint: /branding/logo
+    service: com.owncloud.web.web
   - endpoint: /konnect/
     service: com.owncloud.web.idp
     unprotected: true

diff --git a/services/_includes/web-config-example.yaml b/services/_includes/web-config-example.yaml
@@ -25,7 +25,7 @@ http:
   root: /
   cache_ttl: 604800
 asset:
-  path: ""
+  path: ~/.ocis/web/assets
 file: ""
 web:
   path: ""
@@ -64,3 +64,6 @@ web:
       - image/tiff
       - image/bmp
       - image/x-ms-bmp
+token_manager:
+  jwt_secret: ""
+gateway_addr: 127.0.0.1:9142
diff --git a/services/_includes/web_configvars.md b/services/_includes/web_configvars.md
@@ -20,7 +20,7 @@
 | OCIS_HTTP_TLS_KEY | string |  | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.|
 | WEB_HTTP_ROOT | string | / | Subdirectory that serves as the root for this HTTP service.|
 | WEB_CACHE_TTL | int | 604800 | Cache policy in seconds for ownCloud Web assets.|
-| WEB_ASSET_PATH | string |  | Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets.|
+| WEB_ASSET_PATH | string | ~/.ocis/web/assets | Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets.|
 | WEB_UI_CONFIG | string |  | Read the ownCloud Web configuration from this file.|
 | WEB_UI_PATH | string |  | Read the ownCloud Web configuration from this file path.|
 | OCIS_URL<br/>WEB_UI_THEME_SERVER | string | https://localhost:9200 | URL to load themes from. Will be prepended to the theme path.|
@@ -30,4 +30,6 @@
 | OCIS_URL<br/>OCIS_OIDC_ISSUER<br/>WEB_OIDC_AUTHORITY | string | https://localhost:9200 | URL of the OIDC issuer. It defaults to URL of the builtin IDP.|
 | WEB_OIDC_CLIENT_ID | string | web | OIDC client ID, which ownCloud Web uses. This client needs to be set up in your IDP.|
 | WEB_OIDC_RESPONSE_TYPE | string | code | OIDC response type to use for authentication.|
-| WEB_OIDC_SCOPE | string | openid profile email | OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.|
+| WEB_OIDC_SCOPE | string | openid profile email | OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.|
+| OCIS_JWT_SECRET<br/>WEB_JWT_SECRET | string |  | The secret to mint and validate jwt tokens.|
+| WEB_GATEWAY_GRPC_ADDR | string | 127.0.0.1:9142 | The bind address of the GRPC service.|