mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-03 03:28:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
22,513 Commits 52 Branches 39 Tags
replaceCIImages
Commit Graph

43 Commits

Author SHA1 Message Date
Ralf Haferkamp
86db525cec feat(tracing): Improve tracing for proxy middlewares 
Each middleware adds a new span with a useful name now.
 2025-09-02 17:02:04 +02:00
Jörn Friedrich Dreyer
747b2879d7 proxy 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2025-01-16 17:31:51 +01:00
Jörn Friedrich Dreyer
8e028f17e9 change module name 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2025-01-13 09:58:18 +01:00
André Duffeck
b17fa1d72b Make /remote.php/dav/ocm/ work as well 2023-12-14 09:30:41 +01:00
André Duffeck
668f917dba Add an ocm service exposing the ocm related http and grpc APIs 2023-10-24 10:29:29 +02:00
Ralf Haferkamp
dfeff633fa proxy: also set the "Www-Authenticate" header for graph request 
There doesn't seem to be a good reason to treat the graph service differently here.
 2023-10-16 10:31:39 +02:00
Ralf Haferkamp
951e1e5a09 proxy: Avoid duplicated Www-Authenticate headers 
For endpoints in the "ProxyWwwAuthenticate" list we accidently set the Www-Authenticate
header twice.
 2023-10-16 10:31:39 +02:00
Daniël Franke
8f7521eff7 Move away from global tracers. (#6591) 
* Move away from global tracers.

This PR moves away from global tracers and instead initialises
a tracer provider at Service setup and passes it where it needs to be.

* Change tracing provider to be set via options.

Also change name for GetServiceTraceProvider.

* Add changelog.
 2023-06-23 14:20:26 +02:00
Jörn Friedrich Dreyer
b8bdd4573a introduce otlp tracing (#5132) 
* introduce otel tracing

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* use new trace provider initialization

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* work

* bump reva

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* remove commented code

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

* add vendor changes

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

---------

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-05-26 22:21:03 +02:00
Jörn Friedrich Dreyer
0edb2b9c5b fix preflight requests 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2023-05-22 16:28:51 +02:00
Michael Barz
df537ea98d do not send www-authenticate basic for Api requests 2023-04-03 11:34:42 +02:00
Jörn Friedrich Dreyer
53d15d329e remove deprecated use of ioutil (#5205) 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2022-12-08 14:44:53 +01:00
Willy Kloucek
0ba134dbf6 discard errors 2022-11-24 17:07:01 +01:00
Willy Kloucek
c6b61cd347 remove any limits 2022-11-24 16:48:25 +01:00
Willy Kloucek
2e2e0cd4b6 fix HTTP1.1 RFC 2616 for bodies smaller than 1GB 2022-11-24 14:09:02 +01:00
Jannik Stehle
dd2abc94ee Make the tokeninfo endpoint unprotected as it is supposed to be available to the public 2022-10-04 09:18:36 +02:00
Ralf Haferkamp
2c6eb888a8 proxy: Clarify comment 2022-09-07 14:30:19 +02:00
David Christofas
69ba80562e add unprotected flag to the proxy routes 
I added an unprotected flag to the proxy routes which is evaluated by
the authentication middleware. This way we won't have to maintain a
hardcoded list of unprotected paths and path prefixes and we will
hopefully reduce the times we encounter the basic auth prompt by web
browsers.
 2022-09-01 12:43:32 +02:00
Benedikt Kulmann
6fc87613d5 fix: add index.html to unprotected paths 2022-08-26 10:37:46 +02:00
Benedikt Kulmann
9d67ab3292 fix: set /external path prefix to unprotected 2022-08-25 10:47:46 +02:00
Benedikt Kulmann
9c9a81026c fix: add index.html to unprotected paths in auth middleware 2022-08-25 10:39:55 +02:00
David Christofas
0d2b7e350b add missing unprotected paths 2022-08-24 16:32:25 +02:00
David Christofas
e65eb15f2c add the settings path to the unprotected paths 2022-08-24 11:04:18 +02:00
David Christofas
28a9bf357e end unprotected path prefixes with a slash 2022-08-24 10:12:34 +05:45
David Christofas
6043e019f4 add the fonts path to the unprotected path prefixes 2022-08-24 10:12:34 +05:45
David Christofas
dfe703291f replace strings.Title with cases.Title 2022-08-22 15:26:00 +02:00
David Christofas
12d42e0074 add missing comments 2022-08-22 14:24:12 +02:00
David Christofas
3f25ca2059 add unprotected path prefix for parallel deployment 2022-08-16 15:45:22 +02:00
David Christofas
905ead629c add unprotected path prefix for external apps 2022-08-16 15:16:48 +02:00
David Christofas
78d85b683d add missing comments 2022-08-16 12:47:44 +02:00
David Christofas
864438b2de add missing unprotected path 2022-08-15 16:04:14 +02:00
David Christofas
3ebfcbff1e add missing unprotected path 2022-08-15 11:38:04 +02:00
David Christofas
5d45f0e856 fix logic of when to add the www-authenticate headers 2022-08-12 10:48:37 +02:00
David Christofas
036c466425 add missing unprotected paths 2022-08-12 10:48:33 +02:00
David Christofas
32f68f91ff add missing www-authentication header on failed authentication 2022-08-12 10:48:29 +02:00
David Christofas
d271ae2451 fix some authentication cases 2022-08-12 10:48:25 +02:00
David Christofas
06ffd9cf8a some more cleaning up 2022-08-12 10:48:21 +02:00
David Christofas
ddfc01bff9 refactor unprotected paths check 2022-08-12 10:47:51 +02:00
David Christofas
f35c8b9205 clean up the authenticators middlewares 2022-08-12 10:47:48 +02:00
David Christofas
e96819bce8 rewrite the auth middleware 
The old approach of the authentication middlewares had the problem that when an authenticator could not authenticate a request it would still send it to the next handler, in case that the next one can authenticate it. But if no authenticator could successfully authenticate the request, it would still be handled, which leads to unauthorized access.
 2022-08-12 10:47:43 +02:00
Ralf Haferkamp
8229567213 Allow to configure the JWKS refresh settings 
This exposes a couple for knobs for the jwks keyfunc module to adjust
timeout and refresh intervals.
 2022-08-03 12:00:31 +02:00
Ralf Haferkamp
eb94530433 Add option to configure access token verification 
Allow to switch jwt access token verification and off. Many (most?) IDP
provide JWT encoded access tokens. If ocis is configure to assume jwt
access tokens (access_token_verify_method==jwt) we now properly verify
the tokens signature and a set of standard claims ("exp", "iat" and nbf"
by way of the jwt module's standard verification and "iss" explicitliy).

This change also allows for introduction of other access token verification
mechanism in the future (e.g. through introspection (RFC7662).
 2022-08-03 12:00:31 +02:00
Christian Richter
78064e6bab rename folder extensions -> services 
Signed-off-by: Christian Richter <crichter@owncloud.com>
 2022-06-27 14:05:36 +02:00