Commit Graph

4792 Commits

Author SHA1 Message Date
Dominik Schmidt
7498e8f848 fix(graph): map UNAUTHENTICATED to 401, validate drive/item id pair
Three more Copilot review nits on the colon-syntax middleware:

- CS3 Stat returning UNAUTHENTICATED now surfaces as HTTP 401 (was 500
  via the default-case fallback). Distinct sentinel + handler branch.
- Item-anchored form (/drives/{driveID}/items/{itemID}:/...) now
  validates that driveID's storage/space prefix matches the itemID's,
  short-circuiting to 400 InvalidRequest on mismatch instead of doing
  a CS3 Stat that would only fail at the handler layer.
- ParseID failures on the anchor id now surface as 400 (was 404). In
  practice this branch is defensive — storagespace.ParseID is lenient
  and only errors on empty input, which the regex already filters out
  — but the right semantic for malformed client input is 400, not 404.

Tests: added two new cases (UNAUTHENTICATED → 401, drive/item id
mismatch → 400). The "malformed drive id" case Copilot suggested
isn't reachable in practice given ParseID's leniency, so it's not
covered.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
e49959b833 fix(graph): preserve RawPath workaround + use NopLogger in tests
Two follow-up Copilot review nits on the colon-syntax middleware:

- Don't blank r.URL.RawPath after the rewrite. Graph.ServeHTTP sets
  RawPath = EscapedPath() as a workaround for chi's parameter-binding
  quirks with `$`/`!` in IDs (see go-chi/chi#641). Clearing RawPath
  for rewritten requests negates that workaround. Re-establish the
  same invariant after the rewrite.

- Tests previously used log.NewLogger(), which mutates global zerolog
  state. Switch to log.NopLogger() — order-independent, no global
  side effects.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
f31e50381f fix(graph): address Copilot review feedback on path lookup middleware
- Drop double-decoding of URL path components. r.URL.Path is already
  decoded by net/http; calling url.PathUnescape again would let crafted
  inputs like "%252F" become "/", changing path semantics. Path and
  anchor-id strings now go straight to utils.MakeRelativePath /
  storagespace.ParseID.
- Distinguish operational errors from "not found". Gateway selection
  failure, RPC transport errors, and unexpected CS3 status codes now
  surface as 500 (don't mask outages); only NOT_FOUND and PERMISSION_DENIED
  collapse to 404 (no existence disclosure). Implemented via a sentinel
  errPathNotFound + a 500 fall-through.
- Refactor the two regex-handling branches in rewriteColonPath to share a
  resolution path via a small colonMatch struct + matchInto/extract helpers.
  Removes the SonarCloud duplication finding without changing behavior.
- Update the docstring on ResolveGraphPath to reflect that the rewrite
  preserves the requested API version (/{version}/...) rather than
  hard-coding /v1beta1/...
- Test cleanup: register t.Cleanup to remove the per-subtest selector
  entry from pool's global selectors map after the subtest, and update
  the "unexpected status" case to expect 500 (matches the new error
  semantics).
2026-07-01 17:44:31 +02:00
Dominik Schmidt
0b373817a8 feat(graph): add MS Graph colon-syntax path lookup middleware
Adds a chi middleware that detects MS Graph colon-syntax URLs and rewrites
them to the canonical /items/{itemID}/... form before chi performs route
matching. Existing handlers, routes, and GetDriveAndItemIDParam stay
unchanged.

Two URL shapes are recognized at both /v1.0 and /v1beta1:

  /drives/{driveID}/root:/<path>[:/<suffix>][:]
  /drives/{driveID}/items/{itemID}:/<relativePath>[:/<suffix>][:]

Path resolution runs as the request user via CS3 Stat. Both NOT_FOUND and
PERMISSION_DENIED collapse to a 404 response so existence isn't disclosed
to unauthorized callers. URLs without colon syntax fast-path through with
a single substring check. The original URL is stashed in request context
under OriginalPathContextKey for downstream tracing/logging.

The middleware is registered as a top-level mux.Use so it runs before any
route matching: chi middleware on a sub-router runs after the prefix is
matched but cannot redirect to a different leaf route. Top-level
middleware lets URL rewriting actually re-route the request.

Tests cover regex matching across versions, all rewrite variants
(root/items anchored, with/without suffix, with/without trailing colon,
deep paths), NOT_FOUND -> 404, PERMISSION_DENIED -> 404 (security: no
existence disclosure), and original-URL preservation in request context.
2026-07-01 17:44:31 +02:00
Alex
93fb9cbf6c feat: adjust theme chrome colors and logos (#2599) 2026-07-01 13:20:39 +02:00
Ralf Haferkamp
22485957fe chore: bump version in license-checker clarifications 2026-06-30 18:10:16 +02:00
dependabot[bot]
06c7d6d7af build(deps-dev): bump i18next-conv in /services/idp
Bumps [i18next-conv](https://github.com/i18next/i18next-gettext-converter) from 15.1.2 to 17.0.0.
- [Release notes](https://github.com/i18next/i18next-gettext-converter/releases)
- [Changelog](https://github.com/i18next/i18next-gettext-converter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next-gettext-converter/compare/v15.1.2...v17.0.0)

---
updated-dependencies:
- dependency-name: i18next-conv
  dependency-version: 17.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-30 18:10:16 +02:00
opencloudeu
858f03fde4 [tx] updated from transifex 2026-06-29 23:16:21 +00:00
Benedikt Kulmann
701aa28b22 Merge pull request #3001 from fschade/collaboration-optinal-events
fix: make the collaboration service events optional
2026-06-26 08:38:42 +02:00
Benedikt Kulmann
de5257ece9 fix: add warning to log if events endpoint unconfigured 2026-06-25 10:12:05 +02:00
Ralf Haferkamp
ca6ef15294 Merge pull request #2917 from opencloud-eu/dependabot/npm_and_yarn/services/idp/react-i18next-17.0.8
build(deps): bump react-i18next from 15.7.4 to 17.0.8 in /services/idp
2026-06-24 10:40:34 +02:00
Florian Schade
435b446a6a fix: make the collaboration service events optional 2026-06-23 17:31:39 +02:00
Ralf Haferkamp
3b791e2e61 chore: bump a couple of depencies to close dependabot alerts 2026-06-23 09:07:30 +02:00
Ralf Haferkamp
99d80f30a9 fix: Status codes for Space Disable/Delete
Allow a "permission denied error" from reva to bubble up to the client.
Reva was fixed to return "permission denied" only when the space to be
delete can actually be listed by the user. Other wise it will return
"not found". See reva commit 1bf72cb76394671f373e87f15f23f978cf41ab08.

So when a user with the 'can manage' role tries to purge an already
disabled space it will now get "Forbidden" status instead of a "Not
found".

Also fixes the expected status codes in the tests.
2026-06-22 11:06:26 +02:00
Andre Duffeck
95de5c29d6 Merge pull request #2974 from aduffeck/async-events
Handle events asynchronously
2026-06-19 13:19:10 +02:00
André Duffeck
1ea634e6e3 Do not try to create personal spaces for lightweight or service users
This fixes error logs like

RR error when calling Createhome error="gateway: grpc failed with code CODE_INVALID_ARGUMENT" line=github.com/opencloud-eu/opencloud/services/proxy/pkg/middleware/create_home.go:87 service=proxy

e.g. during internal requests to the data provider.
2026-06-19 11:05:44 +02:00
André Duffeck
06365d9739 Handle events asynchronously
That should help to keep up with the stream of messages and prevent
services from being flagged as slow consumers.
2026-06-18 15:05:49 +02:00
Ralf Haferkamp
fab1986fb6 Revert "fix: disallow thumbnails for tiff and jpeg2000 images"
The alpine base images now has a fixed libvips. So we can enable
previews for these formats again.

This reverts commit c40629dd85.
2026-06-18 11:53:03 +02:00
Benedikt Kulmann
979167599b Merge pull request #2958 from opencloud-eu/typo-webfinger-service
enhance: fix typos in webfinger service description
2026-06-17 13:32:04 +02:00
Benedikt Kulmann
afda0e45e5 chore: bump web to v7.2.0-beta.3 2026-06-17 10:56:23 +02:00
opencloudeu
e84cfc28fc [tx] updated from transifex 2026-06-16 23:16:50 +00:00
Thomas Schweiger
c582d8c9ad enhance: fix typos in webfinger service description 2026-06-16 17:54:51 +02:00
Jörn Friedrich Dreyer
81fd00043e Merge pull request #2063 from opencloud-eu/nats-tls-options
add tls support for all nats connections
2026-06-16 13:21:22 +02:00
dependabot[bot]
e27901b224 build(deps): bump react-i18next from 15.7.4 to 17.0.8 in /services/idp
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.7.4 to 17.0.8.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.7.4...v17.0.8)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 17.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-16 10:57:12 +00:00
Christian Richter
faf3ff1959 change error level for trashing items interaction with search
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
2026-06-15 10:39:23 +02:00
opencloudeu
76a14b550f [tx] updated from transifex 2026-06-14 23:16:54 +00:00
opencloudeu
89353aa7c8 [tx] updated from transifex 2026-06-12 23:16:52 +00:00
opencloudeu
600640bb35 [tx] updated from transifex 2026-06-12 12:21:04 +00:00
opencloudeu
7db40eece4 [tx] updated from transifex 2026-06-12 12:14:52 +00:00
Jannik Stehle
9341a82b87 Merge pull request #2940 from opencloud-eu/chore/bump-web-7.2.0-beta.2
[full-ci] chore: bump web to v7.2.0-beta.2
2026-06-12 11:36:03 +02:00
Florian Schade
836cb980f2 Merge pull request #2928 from opencloud-eu/add-roles
feat: add more roles
2026-06-12 11:31:22 +02:00
Michael Barz
42dfc8b04f feat: add more roles 2026-06-12 10:51:10 +02:00
Jannik Stehle
63b4957b0f chore: bump web to v7.2.0-beta.2 2026-06-12 10:46:36 +02:00
Ralf Haferkamp
490eb5882b Merge pull request #2935 from rhafer/issue/2800
fix(graph): translate sharing roles consistently
2026-06-12 08:11:48 +02:00
opencloudeu
c21ce5d285 [tx] updated from transifex 2026-06-11 23:17:04 +00:00
Ralf Haferkamp
d163c8ed29 fix(graph): translate sharing roles consitently
GetRoleDefinition/s does now handle l10n correctly. Previsouly it just
returned the non-localized string. What made things worse was that
ListPermissions() mutated global list of available roles and replaced
some strings with translated values depending on the `accept-language`
header. Which resulted in GetRoleDefinition returning results in mixed
localization depending on who/what called ListPermissions before.

Fixes: #2800
2026-06-11 14:31:44 +02:00
opencloudeu
3c0d70987d [tx] updated from transifex 2026-06-11 10:00:56 +00:00
opencloudeu
6e0045bd87 [tx] updated from transifex 2026-06-11 09:51:16 +00:00
Florian Schade
40efa88989 Merge pull request #2924 from opencloud-eu/next
next to main
2026-06-11 11:48:49 +02:00
Benedikt Kulmann
235726e8a9 feat: add core apps env variable to override the default core apps 2026-06-11 09:52:10 +02:00
Florian Schade
84b96f6f8c fix: duplicated fontFS initialization 2026-06-11 09:28:37 +02:00
Benedikt Kulmann
35766b37d7 fix: missing returns 2026-06-11 09:28:37 +02:00
Florian Schade
0013836384 chore: cleanup unnecessary changes 2026-06-11 09:28:37 +02:00
Florian Schade
f1208cfa32 enhancement: make collaboration mention functionality public 2026-06-11 09:28:37 +02:00
Florian Schade
159785a3b5 enhancement: make collaboration font management functionality public 2026-06-11 09:28:37 +02:00
Benedikt Kulmann
c270e72a14 feat: add OxAppSuite config option for web 2026-06-11 09:16:25 +02:00
Jannik Stehle
52ab8d3797 Merge pull request #2925 from opencloud-eu/chore/bump-web-7.2.0-beta.1
[full-ci] chore: bump web to v7.2.0-beta.1
2026-06-10 20:43:11 +02:00
Jörn Friedrich Dreyer
77fd4fca69 add tls support for all nats connections
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-06-10 17:04:18 +02:00
Ralf Haferkamp
fbbb03e5c7 fix: Send SSE events for SpaceEnabled/Disabled to affected users
Related: #2844
2026-06-10 13:17:05 +02:00
Heiko-Pohl
5d23251b96 Merge pull request #2912 from opencloud-eu/rename-guest-to-user-light
Rename role_name from "guest" to "user-light"
2026-06-10 11:13:28 +02:00