add fixes from review

2026-04-08 09:28:09 -04:00 · 2022-04-29 16:10:21 +02:00
parent 4fdd3170cc
commit 1cdb81bd3e
30 changed files with 29 additions and 147 deletions
--- a/docs/helpers/example-config-generator.go.tmpl
+++ b/docs/helpers/example-config-generator.go.tmpl
@@ -23,8 +23,6 @@ func main() {
 		replacer.Replace("{{$value}}"): func() string {
 			fmt.Println("Generating example YAML config for {{ $value -}}")
 			c := pkg{{$key}}.FullDefaultConfig()
-			pkg{{$key}}.EnsureDefaults(c)
-			pkg{{$key}}.Sanitize(c)
 			yml, err := yaml.Marshal(c)
 			if err != nil {
 				log.Fatalf("Marshalling yaml for pkg0 failed: %s\n", err)
--- a/docs/ocis/deployment/systemd.md
+++ b/docs/ocis/deployment/systemd.md
@@ -61,7 +61,7 @@ oCIS will store all data in `/var/lib/ocis`, because we configured it so by sett

 ## Starting the oCIS service

-Initialize the oCIS configuration by running `OCIS_CONFIG_DIR=/etc/ocis ocis init`.
+Initialize the oCIS configuration by running `ocis init --config-path /etc/ocis`.

 You can enable oCIS now by running `systemctl enable --now ocis`. It will ensure that oCIS also is restarted after a reboot of the host.

--- a/extensions/appprovider/pkg/config/parser/parse.go
+++ b/extensions/appprovider/pkg/config/parser/parse.go
@@ -6,6 +6,7 @@ import (
 	"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
 	"github.com/owncloud/ocis/extensions/appprovider/pkg/config/defaults"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/shared"

 	"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
 )
@@ -33,5 +34,9 @@ func ParseConfig(cfg *config.Config) error {
 }

 func Validate(cfg *config.Config) error {
+	if cfg.TokenManager.JWTSecret == "" {
+		return shared.MissingJWTTokenError(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/extensions/appprovider/pkg/config/reva.go
+++ b/extensions/appprovider/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;APP_PROVIDER_JWT_SECRET"`
 }
--- a/extensions/auth-basic/pkg/config/reva.go
+++ b/extensions/auth-basic/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET"`
 }
--- a/extensions/auth-bearer/pkg/config/reva.go
+++ b/extensions/auth-bearer/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET"`
 }
--- a/extensions/auth-machine/pkg/config/reva.go
+++ b/extensions/auth-machine/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_MACHINE_JWT_SECRET"`
 }
--- a/extensions/frontend/pkg/command/command.go
+++ b/extensions/frontend/pkg/command/command.go
@@ -7,7 +7,6 @@ import (
 	"os"
 	"path"
 	"strconv"
-	"strings"

 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
@@ -16,7 +15,6 @@ import (
 	"github.com/owncloud/ocis/extensions/frontend/pkg/config/parser"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/conversions"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
 	"github.com/owncloud/ocis/ocis-pkg/tracing"
@@ -30,11 +28,6 @@ func Frontend(cfg *config.Config) *cli.Command {
 		Name:  "frontend",
 		Usage: "start frontend service",
 		Before: func(ctx *cli.Context) error {
-			// TODO: what !?
-			//if err := loadUserAgent(c, cfg); err != nil {
-			//	return err
-			//}
-			//return nil
 			err := parser.ParseConfig(cfg)
 			if err != nil {
 				fmt.Printf("%v", err)
@@ -60,13 +53,6 @@ func Frontend(cfg *config.Config) *cli.Command {
 			uuid := uuid.Must(uuid.NewV4())
 			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")

-			// pregenerate list of valid localhost ports for the desktop redirect_uri
-			// TODO use custom scheme like "owncloud://localhost/user/callback" tracked in
-			var desktopRedirectURIs [65535 - 1024]string
-			for port := 0; port < len(desktopRedirectURIs); port++ {
-				desktopRedirectURIs[port] = fmt.Sprintf("http://localhost:%d", (port + 1024))
-			}
-
 			archivers := []map[string]interface{}{
 				{
 					"enabled":       true,
@@ -318,31 +304,6 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 	}
 }

-// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of
-// "user-agent":"challenge" locks in for Reva.
-// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e:
-// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
-// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent
-// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we
-// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied
-// in reverse for each individual part
-func loadUserAgent(c *cli.Context, cfg *config.Config) error {
-	cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
-	locks := c.StringSlice("user-agent-whitelist-lock-in")
-
-	for _, v := range locks {
-		vv := conversions.Reverse(v)
-		parts := strings.SplitN(vv, ":", 2)
-		if len(parts) != 2 {
-			return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v)
-		}
-
-		cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
-	}
-
-	return nil
-}
-
 // FrontendSutureService allows for the storage-frontend command to be embedded and supervised by a suture supervisor tree.
 type FrontendSutureService struct {
 	cfg *config.Config
--- a/extensions/frontend/pkg/config/reva.go
+++ b/extensions/frontend/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;FRONTEND_JWT_SECRET"`
 }
--- a/extensions/gateway/pkg/config/reva.go
+++ b/extensions/gateway/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GATEWAY_JWT_SECRET"`
 }
--- a/extensions/graph/pkg/config/defaults/defaultconfig.go
+++ b/extensions/graph/pkg/config/defaults/defaultconfig.go
@@ -42,7 +42,6 @@ func DefaultConfig() *config.Config {
 				URI:                      "ldaps://localhost:9235",
 				Insecure:                 true,
 				BindDN:                   "uid=libregraph,ou=sysusers,o=libregraph-idm",
-				BindPassword:             "idm",
 				UseServerUUID:            false,
 				WriteEnabled:             true,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
--- a/extensions/graph/pkg/config/parser/parse.go
+++ b/extensions/graph/pkg/config/parser/parse.go
@@ -38,5 +38,9 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingJWTTokenError(cfg.Service.Name)
 	}

+	if cfg.Identity.Backend == "ldap" && cfg.Identity.LDAP.BindPassword == "" {
+		return shared.MissingLDAPBindPassword(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/extensions/group/pkg/config/reva.go
+++ b/extensions/group/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GROUPS_JWT_SECRET"`
 }
--- a/extensions/idp/pkg/config/defaults/defaultconfig.go
+++ b/extensions/idp/pkg/config/defaults/defaultconfig.go
@@ -69,7 +69,6 @@ func DefaultConfig() *config.Config {
 			URI:               "ldaps://localhost:9235",
 			TLSCACert:         path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
 			BindDN:            "uid=idp,ou=sysusers,o=libregraph-idm",
-			BindPassword:      "",
 			BaseDN:            "ou=users,o=libregraph-idm",
 			Scope:             "sub",
 			LoginAttribute:    "uid",
--- a/extensions/ocdav/pkg/command/ocdav.go
+++ b/extensions/ocdav/pkg/command/ocdav.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"strings"

 	"github.com/cs3org/reva/v2/pkg/micro/ocdav"
 	"github.com/oklog/run"
@@ -12,7 +11,6 @@ import (
 	"github.com/owncloud/ocis/extensions/ocdav/pkg/config/parser"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/conversions"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
 	"github.com/owncloud/ocis/ocis-pkg/tracing"
@@ -26,13 +24,6 @@ func OCDav(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "ocdav",
 		Usage: "start ocdav service",
-		// TODO: check
-		//Before: func(c *cli.Context) error {
-		//	if err := loadUserAgent(c, cfg); err != nil {
-		//		return err
-		//	}
-		//	return nil
-		//},
 		Before: func(ctx *cli.Context) error {
 			err := parser.ParseConfig(cfg)
 			if err != nil {
@@ -153,28 +144,3 @@ func (s OCDavSutureService) Serve(ctx context.Context) error {

 	return nil
 }
-
-// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of
-// "user-agent":"challenge" locks in for Reva.
-// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e:
-// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
-// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent
-// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we
-// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied
-// in reverse for each individual part
-func loadUserAgent(c *cli.Context, cfg *config.Config) error {
-	cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
-	locks := c.StringSlice("user-agent-whitelist-lock-in")
-
-	for _, v := range locks {
-		vv := conversions.Reverse(v)
-		parts := strings.SplitN(vv, ":", 2)
-		if len(parts) != 2 {
-			return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v)
-		}
-
-		cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
-	}
-
-	return nil
-}
--- a/extensions/ocdav/pkg/config/reva.go
+++ b/extensions/ocdav/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCDAV_JWT_SECRET"`
 }
--- a/extensions/ocs/pkg/server/http/svc_test.go
+++ b/extensions/ocs/pkg/server/http/svc_test.go
@@ -723,9 +723,7 @@ func getService() svc.Service {
 			Root: "/",
 			Addr: "localhost:9110",
 		},
-		Reva: &config.Reva{
-			Address: "",
-		},
+		Reva: &config.Reva{},
 		TokenManager: &config.TokenManager{
 			JWTSecret: jwtSecret,
 		},
--- a/extensions/proxy/pkg/config/defaults/defaultconfig.go
+++ b/extensions/proxy/pkg/config/defaults/defaultconfig.go
@@ -203,14 +203,6 @@ func EnsureDefaults(cfg *config.Config) {
 	} else if cfg.Reva == nil {
 		cfg.Reva = &config.Reva{}
 	}
-
-	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
-		cfg.TokenManager = &config.TokenManager{
-			JWTSecret: cfg.Commons.TokenManager.JWTSecret,
-		}
-	} else if cfg.TokenManager == nil {
-		cfg.TokenManager = &config.TokenManager{}
-	}
 }

 func Sanitize(cfg *config.Config) {
--- a/extensions/sharing/pkg/config/reva.go
+++ b/extensions/sharing/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;SHARING_JWT_SECRET"`
 }
--- a/extensions/storage-metadata/pkg/config/reva.go
+++ b/extensions/storage-metadata/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_METADATA_JWT_SECRET"`
 }
--- a/extensions/storage-publiclink/pkg/config/reva.go
+++ b/extensions/storage-publiclink/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_PUBLICLINK_JWT_SECRET"`
 }
--- a/extensions/storage-shares/pkg/config/reva.go
+++ b/extensions/storage-shares/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_SHARES_JWT_SECRET"`
 }
--- a/extensions/storage-users/pkg/config/reva.go
+++ b/extensions/storage-users/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_USERS_JWT_SECRET"`
 }
--- a/extensions/storage/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage/pkg/config/defaults/defaultconfig.go
@@ -32,7 +32,6 @@ func DefaultConfig() *config.Config {
 			Addr: "127.0.0.1:9109",
 		},
 		Reva: config.Reva{
-			//JWTSecret:             "Pive-Fumkiu4",
 			SkipUserGroupsInToken: false,
 			TransferExpires:       24 * 60 * 60,
 			OIDC: config.OIDC{
@@ -444,7 +443,6 @@ func DefaultConfig() *config.Config {
 			GatewaySVC:      defaultGatewayAddr,
 			Insecure:        false, // true?
 			Timeout:         84300,
-			//JWTSecret:       "Pive-Fumkiu4",
 		},
 		Tracing: config.Tracing{
 			Service: "storage",
@@ -455,11 +453,7 @@ func DefaultConfig() *config.Config {
 }

 func EnsureDefaults(cfg *config.Config) {
-	//if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
-	//	cfg.TransferSecret = cfg.Commons.TransferSecret
-	//}
 }

 func Sanitize(cfg *config.Config) {
-	// TODO: IMPLEMENT ME!
 }
--- a/extensions/storage/pkg/config/parser/parse.go
+++ b/extensions/storage/pkg/config/parser/parse.go
@@ -6,7 +6,6 @@ import (
 	"github.com/owncloud/ocis/extensions/storage-metadata/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/defaults"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/shared"

 	"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
 )
@@ -34,8 +33,5 @@ func ParseConfig(cfg *config.Config) error {
 }

 func Validate(cfg *config.Config) error {
-	if cfg.TransferSecret == "" {
-		return shared.MissingRevaTransferSecretError(cfg.Service.Name)
-	}
 	return nil
 }
--- a/extensions/user/pkg/config/reva.go
+++ b/extensions/user/pkg/config/reva.go
@@ -7,5 +7,5 @@ type Reva struct {

 // TokenManager is the config for using the reva token manager
 type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET"`
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;USERS_JWT_SECRET"`
 }
--- a/ocis-pkg/config/config.go
+++ b/ocis-pkg/config/config.go
@@ -35,11 +35,6 @@ import (
 	webdav "github.com/owncloud/ocis/extensions/webdav/pkg/config"
 )

-// TokenManager is the config for using the reva token manager
-/*type TokenManager struct {
-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET"`
-}*/
-
 const (
 	// SUPERVISED sets the runtime mode as supervised threads.
 	SUPERVISED = iota
--- a/ocis-pkg/generators/generators_suite_test.go
+++ b/ocis-pkg/generators/generators_suite_test.go
@@ -1,13 +0,0 @@
-package generators_test
-
-import (
-	"testing"
-
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-)
-
-func TestGenerators(t *testing.T) {
-	RegisterFailHandler(Fail)
-	RunSpecs(t, "Generators Suite")
-}
--- a/ocis-pkg/generators/generators_test.go
+++ b/ocis-pkg/generators/generators_test.go
@@ -1,13 +0,0 @@
-package generators_test
-
-import (
-	_ "github.com/onsi/ginkgo/v2"
-	_ "github.com/onsi/gomega"
-
-	_ "github.com/owncloud/ocis/ocis-pkg/generators"
-)
-
-//var _ = Describe("Generators", func() {
-//	It("Returns an error ", func() {})
-//	PIt("Returns expected passwords", func() {})
-//})
--- a/ocis/pkg/command/init.go
+++ b/ocis/pkg/command/init.go
@@ -34,9 +34,10 @@ func InitCommand(cfg *config.Config) *cli.Command {
 				Usage:   "Force overwrite existing config file",
 			},
 			&cli.StringFlag{
-				Name:  "config-path",
-				Value: defaults.BaseConfigPath(),
-				Usage: "Config path for the ocis runtime",
+				Name:    "config-path",
+				Value:   defaults.BaseConfigPath(),
+				Usage:   "Config path for the ocis runtime",
+				EnvVars: []string{"OCIS_CONFIG_DIR"},
 			},
 			&cli.StringFlag{
 				Name:    "admin-password",