[full-ci] Refactor proxy to get rid of the hardcoded unprotected lists

[C0rby]

Related Issue

• Fixes Refactor proxy request authentication #4401

Motivation and Context

How Has This Been Tested?

• test environment:
• test case 1:
• test case 2:
• ...

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[kulmann]

Gave it a spin, with following results:

• uploads work
• preview requests throw a http 500, with error message that reveals an internal 401:

  <d:error xmlns:d="DAV" xmlns:s="http://sabredav.org/ns">
     <s:exception></s:exception>
     <s:message>  {&#34;id&#34;:&#34;com.owncloud.api.thumbnails&#34;,&#34;code&#34;:500,&#34;detail&#34;:&#34;could not get image from source: could not get the image \&#34;1284d238-aa92-42ce-bdc4-0b0000009157$06d8eaca-7a6d-4798-9b31-c24ab6b26a91/SpaceX/starship super heavy.jpeg\&#34;. Request returned with statuscode 401 &#34;,&#34;status&#34;:&#34;Internal Server Error&#34;}</s:message>
  </d:error>

• creating a text file failed: PUT to https://localhost:9200/remote.php/dav/spaces/1284d238-aa92-42ce-bdc4-0b0000009157%2406d8eaca-7a6d-4798-9b31-c24ab6b26a91/asdf.txt -> 401 (Unauthorized)
• opening a previously uploaded text file failed with basic auth popup and 401 on GET for https://localhost:9200/remote.php/dav/spaces/1284d238-aa92-42ce-bdc4-0b0000009157%2406d8eaca-7a6d-4798-9b31-c24ab6b26a91/SpaceX/clm0008.txt
• renaming files/folders works
• copying filles/folders failed: COPY to https://localhost:9200/remote.php/dav/spaces/1284d238-aa92-42ce-bdc4-0b0000009157%2406d8eaca-7a6d-4798-9b31-c24ab6b26a91/SpaceX%20asdf -> 500 (Internal Server Error) -> after page reload the file files/folders are there. 🤔

[ownclouders]

💥 Acceptance test Core-API-Tests-ocis-storage-1 failed. Further test are cancelled...

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
6 Code Smells

65.0% Coverage
0.0% Duplication

[kulmann]

Retested a lot of different scenarios, all worked well. Only thing I found was on the archiver route for public links (see comment), but also broken on master, so IMO not a blocker for this PR.

[kulmann]

tough one: when the archiver is opened from a public link it needs to be unprotected as well. Archiver from public link has ?public-token=xyz in the url query.

[kulmann]

I'd be fine solving that in a followup ticket, as it's also currently broken in master.

[rhafer]

Hm, I guess this should be fixable with an addtional QueryRoute. I see if I can address this in another PR.

[rhafer]

Looks good to me apart from a little nit picking about the comment.

[rhafer]

Nit: This comment seems to be not quite correct anymore.

[rhafer]

Hm, I guess this should be fixable with an addtional QueryRoute. I see if I can address this in another PR.

[rhafer]

Turns out that this causes some unstable behavior for routes that match multiple rules 😱. E.g. we have:

                {                                 
                    Endpoint:    "/app/list",
                    Backend:     "http://localhost:9140",
                    Unprotected: true,
                },
                {
                    Endpoint: "/app/", // /app or /apps? ocdav only handles /apps
                    Backend:  "http://localhost:9140",
                },

And now requests on /app/list/ sometimes go through and sometimes fail. (Not this is not exactly a new bug in the code, it just seems that we didn't have overlapping rules of the same type before. I'll open a new issue for that and try to come up with a quick fix. (We might also temporary revert this PR).