Bump reva

Signed-off-by: Christian Richter <crichter@owncloud.com>
2026-04-13 03:48:16 -04:00 · 2024-02-01 14:22:55 +01:00
parent 704b372205
commit 82e6e742ff
8 changed files with 92 additions and 15 deletions
--- a/go.mod
+++ b/go.mod
@@ -361,3 +361,5 @@ replace github.com/egirna/icap-client => github.com/fschade/icap-client v0.0.0-2
 // exclude the v2 line of go-sqlite3 which was released accidentally and prevents pulling in newer versions of go-sqlite3
 // see https://github.com/mattn/go-sqlite3/issues/965 for more details
 exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible
+
+replace github.com/cs3org/reva/v2 => github.com/dragonchaser/reva/v2 v2.4.1-0.20240201130351-4b087c2a6b7b
--- a/go.sum
+++ b/go.sum
@@ -1019,8 +1019,6 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.18.1-0.20240129131717-cff0a2eeb959 h1:8uiYRWlbrhQJk4pHawpJUTFx/Yy0G5yvMYam2TMKDYo=
-github.com/cs3org/reva/v2 v2.18.1-0.20240129131717-cff0a2eeb959/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
@@ -1057,6 +1055,8 @@ github.com/dnsimple/dnsimple-go v0.63.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/dragonchaser/reva/v2 v2.4.1-0.20240201130351-4b087c2a6b7b h1:ld5hcVkNivZWgzV2CnMsp1rdRE3ktnscT7PHx6IHKDk=
+github.com/dragonchaser/reva/v2 v2.4.1-0.20240201130351-4b087c2a6b7b/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/context.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/context.go
@@ -0,0 +1,18 @@
+package ocdav
+
+import (
+	"context"
+
+	cs3storage "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+)
+
+type tokenStatInfoKey struct{}
+
+func ContextWithTokenStatInfo(ctx context.Context, info *cs3storage.ResourceInfo) context.Context {
+	return context.WithValue(ctx, tokenStatInfoKey{}, info)
+}
+
+func TokenStatInfoFromContext(ctx context.Context) (*cs3storage.ResourceInfo, bool) {
+	v, ok := ctx.Value(tokenStatInfoKey{}).(*cs3storage.ResourceInfo)
+	return v, ok
+}
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go
@@ -44,8 +44,6 @@ const (
 	_trashbinPath = "trash-bin"
 )

-type tokenStatInfoKey struct{}
-
 // DavHandler routes to the different sub handlers
 type DavHandler struct {
 	AvatarsHandler      *AvatarsHandler
@@ -318,9 +316,9 @@ func (h *DavHandler) Handler(s *svc) http.Handler {
 			}
 			log.Debug().Interface("statInfo", sRes.Info).Msg("Stat info from public link token path")

+			ctx := ContextWithTokenStatInfo(ctx, sRes.Info)
+			r = r.WithContext(ctx)
 			if sRes.Info.Type != provider.ResourceType_RESOURCE_TYPE_CONTAINER {
-				ctx := context.WithValue(ctx, tokenStatInfoKey{}, sRes.Info)
-				r = r.WithContext(ctx)
 				h.PublicFileHandler.Handler(s).ServeHTTP(w, r)
 			} else {
 				h.PublicFolderHandler.Handler(s).ServeHTTP(w, r)
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/errors/error.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/errors/error.go
@@ -159,6 +159,8 @@ var (
 	ErrNoSuchLock = errors.New("webdav: no such lock")
 	// ErrNotImplemented is returned when hitting not implemented code paths
 	ErrNotImplemented = errors.New("webdav: not implemented")
+	// ErrTokenNotFound is returned when a token is not found
+	ErrTokenStatInfoMissing = errors.New("webdav: token stat info missing")
 )

 // HandleErrorStatus checks the status code, logs a Debug or Error level message
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/publicfile.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/publicfile.go
@@ -26,7 +26,7 @@ import (

 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/errors"
+	ocdaverrors "github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/errors"
 	"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net"
 	"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind"
 	"github.com/cs3org/reva/v2/pkg/appctx"
@@ -96,7 +96,16 @@ func (s *svc) handlePropfindOnToken(w http.ResponseWriter, r *http.Request, ns s
 	ctx, span := appctx.GetTracerProvider(r.Context()).Tracer(tracerName).Start(r.Context(), "token_propfind")
 	defer span.End()

-	tokenStatInfo := ctx.Value(tokenStatInfoKey{}).(*provider.ResourceInfo)
+	tokenStatInfo, ok := TokenStatInfoFromContext(ctx)
+	if !ok {
+		span.RecordError(ocdaverrors.ErrTokenStatInfoMissing)
+		span.SetStatus(codes.Error, ocdaverrors.ErrTokenStatInfoMissing.Error())
+		span.SetAttributes(semconv.HTTPStatusCodeKey.Int(http.StatusInternalServerError))
+		w.WriteHeader(http.StatusInternalServerError)
+		b, err := ocdaverrors.Marshal(http.StatusInternalServerError, ocdaverrors.ErrTokenStatInfoMissing.Error(), "")
+		ocdaverrors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
+		return
+	}
 	sublog := appctx.GetLogger(ctx).With().Interface("tokenStatInfo", tokenStatInfo).Logger()
 	sublog.Debug().Msg("handlePropfindOnToken")

@@ -109,20 +118,20 @@ func (s *svc) handlePropfindOnToken(w http.ResponseWriter, r *http.Request, ns s
 		sublog.Debug().Str("depth", dh).Msg(err.Error())
 		w.WriteHeader(http.StatusBadRequest)
 		m := fmt.Sprintf("Invalid Depth header value: %v", dh)
-		b, err := errors.Marshal(http.StatusBadRequest, m, "")
-		errors.HandleWebdavError(&sublog, w, b, err)
+		b, err := ocdaverrors.Marshal(http.StatusBadRequest, m, "")
+		ocdaverrors.HandleWebdavError(&sublog, w, b, err)
 		return
 	}

 	if depth == net.DepthInfinity && !s.c.AllowPropfindDepthInfinitiy {
-		span.RecordError(errors.ErrInvalidDepth)
+		span.RecordError(ocdaverrors.ErrInvalidDepth)
 		span.SetStatus(codes.Error, "DEPTH: infinity is not supported")
 		span.SetAttributes(semconv.HTTPStatusCodeKey.Int(http.StatusBadRequest))
-		sublog.Debug().Str("depth", dh).Msg(errors.ErrInvalidDepth.Error())
+		sublog.Debug().Str("depth", dh).Msg(ocdaverrors.ErrInvalidDepth.Error())
 		w.WriteHeader(http.StatusBadRequest)
 		m := fmt.Sprintf("Invalid Depth header value: %v", dh)
-		b, err := errors.Marshal(http.StatusBadRequest, m, "")
-		errors.HandleWebdavError(&sublog, w, b, err)
+		b, err := ocdaverrors.Marshal(http.StatusBadRequest, m, "")
+		ocdaverrors.HandleWebdavError(&sublog, w, b, err)
 		return
 	}

--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"net/http"
 	"path"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -115,6 +116,15 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http.
 		w.WriteHeader(http.StatusPreconditionFailed)
 		return
 	}
+
+	// Test if the target is a secret filedrop
+	var isSecretFileDrop bool
+	tokenStatInfo, ok := TokenStatInfoFromContext(ctx)
+	// We assume that when the uploader can create containers, but is not allowed to list them, it is a secret file drop
+	if ok && tokenStatInfo.GetPermissionSet().CreateContainer && !tokenStatInfo.GetPermissionSet().ListContainer {
+		isSecretFileDrop = true
+	}
+
 	// r.Header.Get(net.HeaderOCChecksum)
 	// TODO must be SHA1, ADLER32 or MD5 ... in capital letters????
 	// curl -X PUT https://demo.owncloud.com/remote.php/webdav/testcs.bin -u demo:demo -d '123' -v -H 'OC-Checksum: SHA1:40bd001563085fc35165329ea1ff5c5ecbdbbeef'
@@ -158,6 +168,43 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http.
 				return
 			}
 		}
+		if isSecretFileDrop {
+			lReq := &provider.ListContainerRequest{
+				Ref: &provider.Reference{
+					ResourceId: sRes.GetInfo().GetParentId(),
+				},
+			}
+			lRes, err := client.ListContainer(ctx, lReq)
+			if err != nil {
+				log.Error().Err(err).Msg("error sending grpc stat request")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			if lRes.Status.Code != rpc.Code_CODE_OK {
+				log.Debug().Err(err).Msg("error listing container")
+				errors.HandleErrorStatus(&log, w, lRes.Status)
+				return
+			}
+			// iterate over the listing to determine next suffix
+			var itemMap = make(map[string]struct{})
+			for _, fi := range lRes.Infos {
+				itemMap[fi.GetName()] = struct{}{}
+			}
+			ext := filepath.Ext(sRes.GetInfo().GetName())
+			fileName := strings.TrimSuffix(sRes.GetInfo().GetName(), ext)
+			if strings.HasSuffix(fileName, ".tar") {
+				fileName = strings.TrimSuffix(fileName, ".tar")
+				ext = filepath.Ext(fileName) + "." + ext
+			}
+			// starts with two because "normal" humans begin counting with 1 and we say the existing file is the first one
+			for i := 2; i < len(itemMap)+3; i++ {
+				if _, ok := itemMap[fileName+" ("+strconv.Itoa(i)+")"+ext]; !ok {
+					sRes.GetInfo().Name = fileName + " (" + strconv.Itoa(i) + ")" + ext
+					ref.Path = filepath.Join(filepath.Dir(ref.GetPath()), sRes.GetInfo().GetName())
+					break
+				}
+			}
+		}
 	}

 	uploadLength, err := strconv.ParseInt(r.Header.Get(net.HeaderUploadLength), 10, 64)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -362,7 +362,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.18.1-0.20240129131717-cff0a2eeb959
+# github.com/cs3org/reva/v2 v2.18.1-0.20240129131717-cff0a2eeb959 => github.com/dragonchaser/reva/v2 v2.4.1-0.20240201130351-4b087c2a6b7b
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime
@@ -2327,3 +2327,4 @@ stash.kopano.io/kgol/rndm
 # github.com/go-micro/plugins/v4/store/nats-js-kv => github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20231207143248-4d424e3ae348
 # github.com/studio-b12/gowebdav => github.com/aduffeck/gowebdav v0.0.0-20231215102054-212d4a4374f6
 # github.com/egirna/icap-client => github.com/fschade/icap-client v0.0.0-20240123094924-5af178158eaf
+# github.com/cs3org/reva/v2 => github.com/dragonchaser/reva/v2 v2.4.1-0.20240201130351-4b087c2a6b7b