mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-26 07:40:43 -05:00
Code Issues Packages Projects Releases Wiki Activity
22,235 Commits 51 Branches 39 Tags
readtimeout
Commit Graph

109 Commits

Author SHA1 Message Date
Ralf Haferkamp
8cea8c8cfd feat(proxy): account_resolver multi-tenancy 
Make the account resolve reject users without a tenantid, when
multi-tenancy is enabled.
 2025-10-06 11:21:57 +02:00
Roman Perekhod
c597dfb917 set default timeouts and clean up 2025-09-12 12:18:47 +02:00
Roman Perekhod
9a3fc08dd4 to separate controll ower the http and grpc driven services 2025-09-12 12:18:47 +02:00
Juan Pablo Villafáñez
9e1b80a1be feat: use runners to startup the services 2025-09-12 12:18:47 +02:00
Juan Pablo Villafáñez
c0b4a5daa0 chore: change constant name to camelcase 2025-09-08 17:32:36 +02:00
Juan Pablo Villafáñez
ca2dc823ef feat: use names for connections to the nats event bus 2025-09-08 17:32:35 +02:00
Ralf Haferkamp
86db525cec feat(tracing): Improve tracing for proxy middlewares 
Each middleware adds a new span with a useful name now.
 2025-09-02 17:02:04 +02:00
Ralf Haferkamp
51c32c5e15 fix(tracing): Don't start separate span for request-id attr 
Just add the request id as an attribute to the span created by the
'otelhttp' middleware.
 2025-09-02 12:13:11 +02:00
Ralf Haferkamp
4bdb3bf70f proxy(sign_url_auth): Allow to verify server signed URLs 
With the ocdav service being able to provided signed download URLs we
need the proxy to be able to verify the signatures.
This should also be a first step towards phasing out the weird ocs based
client side signed urls.

Related Tickets: #1104
 2025-07-17 12:01:59 +02:00
Ralf Haferkamp
96684df32d Adjust to new tablewriter release 2025-05-19 19:26:38 +02:00
Ralf Haferkamp
102e92fd73 appauth: Add token and user (with roles) to context 
When successfully authenticating a user via apptoken, resolve the user's
roles and add the user and the token returned by the auth service to the
request context. Rely on the account_resolve middleware to add the reva
token to the outgoing request as the other auth middlewares do.
 2025-04-30 10:17:58 +02:00
Ralf Haferkamp
cda94ce584 Start auth-app service by default 
Co-Authored-By: André Duffeck <a.duffeck@opencloud.eu>
 2025-03-20 15:09:47 +01:00
André Duffeck
e8d35e1280 Use the opencloud reva from now on 2025-01-21 11:16:38 +01:00
Jörn Friedrich Dreyer
747b2879d7 proxy 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2025-01-16 17:31:51 +01:00
Ralf Haferkamp
213e9663a9 Rename go-micro services 2025-01-16 09:45:46 +01:00
André Duffeck
8c8cdd9310 Adapt protobuf naming 2025-01-15 11:04:32 +01:00
Jörn Friedrich Dreyer
b07b5a1149 use plain pkg module 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2025-01-13 16:42:19 +01:00
Jörn Friedrich Dreyer
8e028f17e9 change module name 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2025-01-13 09:58:18 +01:00
Juan Pablo Villafáñez
69864b8ab9 feat: improve logs when a context is canceled in the proxy 2024-11-19 11:25:40 +01:00
Jörn Friedrich Dreyer
dde999d5c2 align shutdown logging 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-10-28 14:47:11 +01:00
jkoberg
c80254c4f1 feat(ocis): remove ocm store 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2024-10-15 17:24:51 +02:00
Christian Richter
0094d30378 code cleanup & refactoring 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2024-10-14 08:39:42 +02:00
Ralf Haferkamp
cb8934081f proxy(oidc): Emit a UserSignedIn event on new session 
Every time the OIDC middleware sees a new access token (i.e when it needs
to update the userinfo cache) we consider that as a new login. In this case
the middleware add a new flag to the context, which is then used by the
accountresolver middleware to publish a UserSignedIn event.
The event needs to be sent by the accountresolver middleware, because only
at that point we know the user id of the user that just logged in.

(It would probably makes sense to merge the auth and account middleware into a
single component to avoid passing flags around via context)
 2024-09-17 16:02:47 +02:00
Christian Richter
84fed8997e make sonarcloud happy 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2024-08-22 10:27:32 +02:00
Christian Richter
3cdc638201 remove code for store service 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2024-08-22 09:28:02 +02:00
Jörn Friedrich Dreyer
4c6551501e use less selectors 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-08-06 12:55:42 +02:00
Jörn Friedrich Dreyer
7999e2969b do not force exit to let all services shutdown gracefully 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-07-24 14:02:52 +02:00
Jörn Friedrich Dreyer
9d1515e8fc rely on context from app 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-07-24 14:02:11 +02:00
Jörn Friedrich Dreyer
008f379a01 pass config context when running apps 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-07-24 13:30:42 +02:00
jkoberg
83e6ba7d09 fix(proxy): fix pipeline 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2024-07-23 08:58:08 +02:00
jkoberg
11103a4220 feat(auth-app): make service optional plus docu 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2024-07-23 08:58:07 +02:00
jkoberg
3b3d30159d fix(proxy): fix build after rebase 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2024-07-23 08:58:07 +02:00
Thomas Müller
4fa7ea0b20 feat: add cli command to generate app token for user 2024-07-23 08:58:07 +02:00
Thomas Müller
43403edfb8 feat: reva app auth 2024-07-23 08:58:07 +02:00
Roman Perekhod
eac5eaea8f Add the backchannel logout event 2024-06-25 12:13:24 +02:00
Roman Perekhod
c7281599d4 replacement for TokenInfo endpoint 2024-05-28 09:29:08 +02:00
Ralf Haferkamp
741dce501b enhancement(autoprovision): Allow to configure which claims to use for auto-provisioning user accounts 
When auto-provisioning user accounts we used a fixed mapping for claims
for the userinfo response to user attributes. This change introduces
configuration options to defined which claims should be user for the
username, display name and email address of the auto-provisioned
accounts.

This also removes the automatic fallback to use the 'mail' claim as the
username when the 'preferred_username' claim does not exist.

Fixes: #8635
 2024-04-30 17:09:19 +02:00
Thomas Müller
bdbba929d0 feat: add CSP and other security related headers in the oCIS proxy service (#8777) 
* feat: add CSP and other security related headers in the oCIS proxy service

* fix: consolidate security related headers - drop middleware.Secure

* fix: use github.com/DeepDiver1975/secure

* fix: acceptance tests

* feat: support env var replacements in csp.yaml
 2024-04-26 09:10:35 +02:00
Jörn Friedrich Dreyer
f8f864e566 always initialize http handler 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-04-24 10:39:12 +02:00
Christian Richter
29549fade7 kill oidc well known middleware and move it to static route 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2024-03-18 16:56:10 +01:00
Christian Richter
1323a554bc move static routes to seperate package 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2024-03-18 16:56:10 +01:00
Jörn Friedrich Dreyer
26136f8f81 drop store service in favor of a micro store implementation (#8419) 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2024-02-26 16:08:03 +01:00
Thomas Müller
b12cff1016 fix: properly check expiry and verify signature of signed urls (#8385) 
fix: signed url expiry validation only checks for expiry and not for used before
 2024-02-07 15:44:33 +01:00
Michael Barz
14553dd6b1 feat: RED metrics 2023-12-20 14:53:16 +01:00
jkoberg
de4f9d78f4 allow authentication for stores 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2023-12-19 10:44:05 +01:00
kobergj
423c28b298 improve store readmes 
Co-authored-by: Martin <github@diemattels.at>
 2023-12-15 13:25:10 +01:00
jkoberg
1f1aa50c54 hard exit when services fail 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
 2023-09-21 13:53:18 +02:00
Ralf Haferkamp
684f5c07e5 Use service user for role assignment and autoprovisioning 
This gets us a rid of the need to configure the reva jwt secret in the
proxy. Also we no longer need to fake an internal admin user for
autoprovsioning user and/or assigning the roles to users from oidc
claims.
 2023-09-07 20:54:14 +02:00
Jörn Friedrich Dreyer
3bf5e5efa4 actually use skip user info config option (#7216) 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-09-05 12:57:01 +02:00
Daniel Swärd
49fc22d532 Add missing tracing references to multiple services. (#7110) 2023-08-23 15:17:17 +02:00