- let ocis init generate jwt token for collaboration service

- separate REVA jwt secret from WOPI jwt secret - fix gatway service name configuration
2026-04-26 02:08:25 -04:00 · 2024-05-14 14:55:37 +02:00
parent 7b47d55837
commit 901a5e27fc
5 changed files with 15 additions and 6 deletions
--- a/ocis/pkg/init/init.go
+++ b/ocis/pkg/init/init.go
@@ -156,6 +156,10 @@ type Clientlog struct {
 	ServiceAccount ServiceAccount `yaml:"service_account"`
 }

+type Collaboration struct {
+	JWTSecret string `yaml:"jwt_secret"`
+}
+
 type Nats struct {
 	// The nats config has a field called nats
 	Nats struct {
@@ -191,6 +195,7 @@ type OcisConfig struct {
 	Graph             GraphService
 	Idp               LdapBasedService
 	Idm               IdmService
+	Collaboration     Collaboration
 	Proxy             ProxyService
 	Frontend          FrontendService
 	AuthBasic         AuthbasicService  `yaml:"auth_basic"`
@@ -289,6 +294,10 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 	if err != nil {
 		return fmt.Errorf("could not generate random password for tokenmanager: %s", err)
 	}
+	collaborationJwtSecret, err := generators.GenerateRandomPassword(passwordLength)
+	if err != nil {
+		return fmt.Errorf("could not generate random password for collaboration service: %s", err)
+	}
 	machineAuthAPIKey, err := generators.GenerateRandomPassword(passwordLength)
 	if err != nil {
 		return fmt.Errorf("could not generate random password for machineauthsecret: %s", err)
@@ -344,6 +353,9 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 				},
 			},
 		},
+		Collaboration: Collaboration{
+			JWTSecret: collaborationJwtSecret,
+		},
 		Groups: UsersAndGroupsService{
 			Drivers: LdapBasedService{
 				Ldap: LdapSettings{
--- a/services/collaboration/README.md
+++ b/services/collaboration/README.md
@@ -10,7 +10,7 @@ The collaboration service requires the target document server (ONLYOFFICE, Colla

 * External document server.
 * The gateway service.
-* The app-provider service.
+* The app-registry service.

 If any of the named services above have not been started or are not reachable, the collaboration service won't start. For the binary or the docker release of Infinite Scale, check with the `ocis list` command if they have been started. If not, you must start them manually upfront before starting the collaboration service.

--- a/services/collaboration/pkg/config/config.go
+++ b/services/collaboration/pkg/config/config.go
@@ -14,7 +14,7 @@ type Config struct {
 	Service Service `yaml:"-"`
 	App     App     `yaml:"app"`

-	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;COLLABORATION_JWT_SECRET" desc:"Used as JWT token and to encrypt access token." introductionVersion:"5.1"`
+	JWTSecret string `yaml:"jwt_secret" env:"COLLABORATION_JWT_SECRET" desc:"Used as mint and verify WOPI JWT tokens and encrypt and decrypt the REVA JWT token embedded in the WOPI JWT token." introductionVersion:"5.1"`

 	GRPC    GRPC    `yaml:"grpc"`
 	HTTP    HTTP    `yaml:"http"`
--- a/services/collaboration/pkg/config/cs3api.go
+++ b/services/collaboration/pkg/config/cs3api.go
@@ -8,7 +8,7 @@ type CS3Api struct {

 // Gateway defines the available configuration for the CS3 API gateway
 type Gateway struct {
-	Name string `yaml: "name" env:"OCIS_REVA_GATEWAY;COLLABORATION_CS3API_GATEWAY_NAME" desc:"The service name of the CS3API gateway." introductionVersion:"5.1"`
+	Name string `yaml:"name" env:"OCIS_REVA_GATEWAY;COLLABORATION_CS3API_GATEWAY_NAME" desc:"The service name of the CS3API gateway." introductionVersion:"5.1"`
 }

 // DataGateway defines the available configuration for the CS3 API data gateway
--- a/services/collaboration/pkg/config/defaults/defaultconfig.go
+++ b/services/collaboration/pkg/config/defaults/defaultconfig.go
@@ -1,7 +1,6 @@
 package defaults

 import (
-	"github.com/owncloud/ocis/v2/ocis-pkg/generators"
 	"github.com/owncloud/ocis/v2/services/collaboration/pkg/config"
 )

@@ -15,7 +14,6 @@ func FullDefaultConfig() *config.Config {

 // DefaultConfig returns a basic default configuration
 func DefaultConfig() *config.Config {
-	secret, _ := generators.GenerateRandomString(generators.AlphaNumChars, 32) // anything to do with the error?
 	return &config.Config{
 		Service: config.Service{
 			Name: "collaboration",
@@ -26,7 +24,6 @@ func DefaultConfig() *config.Config {
 			Icon:        "image-edit",
 			LockName:    "com.github.owncloud.collaboration",
 		},
-		JWTSecret: secret,
 		GRPC: config.GRPC{
 			Addr:      "0.0.0.0:9301",
 			Namespace: "com.owncloud.collaboration",