* Use go-micro store to cache the roles
Add custom in-memory implementation
* replace redis with custom etcd implementation
* adjust table name for the cache in the roles manager
* Fix tests
* Fix sonarcloud issues
* Refactor for sonarcloud
* Allow configuration of cache per service
* Reuse parent context in etcd implementation
This introduces a no op broker for go-micro. It is set as the default
broker for all ocis http services. To avoid starting the default http
broker, which opens an unused random http port.
Fixes: https://github.com/owncloud/ocis/issues/3829
* enable a 300sec in memory cache for resource infos when listing shares on the ocs API
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* lint
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* disable ocs cache by default
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
DELETE requess on /graph/v1.0/users also work when specifing a user by
name. For deleting the home space in that case we need to get the User's
id from the backend first.
Fixes: #4195
The endpoints are no longer hashed by path name in the directors map since
that made iterating over the endpoints unstable. They are now stored in a
slice in the order in which the are defined in the configuration.
Closes: #4497
Allows /archiver to be used the "public-token" auth middleware. The
archiver is a bit of a special case, because it can be uses in several
ways: using 'normal' authentication (basic, oidc), using signed-urls or
using sharetokens. As only the "sharetoken" part is handled by the
"PublicShareAuth" middleware, we needed to special-case it a bit.
Up to now the /me/changePassword endpoint return a 500 Status when
issue a password change with the old password set to the wrong password.
This changes the code to return 400 (Bad Request) with an additional
message that the old password is wrong. This does not seem to weaken the
security of /me/changePassword (i.e. for allowing easier brute-force
attacks) as the endpoint is only available to already authenticated
users (and only for changing their own passwords)
See #4480
This is a quickfix for #4497. Before evaluating, we now sort the rules
of a specific type by the length of the endpoints and start evaluation
with the most specific endpoint first. There's obviously quite a bit
room for optimization here and this will only fix the issue for routes
of type `PrefixRoute`. But it should solve the immediate issue.
