Commit Graph

23341 Commits

Author SHA1 Message Date
Viktor Scharf
a82aeef2eb add header to release pr. remove 📦️ Dependencies from release description (#3144) 2026-07-17 08:07:28 +02:00
Viktor Scharf
e13b86950a fix(ci): replace deprecated runs_on. Removed skipCheckStep() (#3145)
* fix(ci): replace deprecated runs_on

* drop skipCheckStep()

* fix
2026-07-17 08:06:35 +02:00
Alex
2f9d9c582c add version to apps config (#3139) 2026-07-16 11:28:45 +02:00
Jannik Stehle
d731cb4c0f Merge pull request #3137 from opencloud-eu/refactor/remove-color-palette-from-theme
refactor(web): remove colorPalette from theme
2026-07-16 06:29:50 +02:00
Jannik Stehle
e7f850c2aa refactor(web): remove colorPalette from theme
With the recently added new file type icons in Web, the colorPalette
option in the theme.json becomes obsolete. Hence remove it.

Also see https://github.com/opencloud-eu/web/pull/2892
2026-07-15 08:56:37 +02:00
OpenCloud Devops
85e63ca252 🎉 Release 7.3.0 (#2890)
* 🎉 Release 6.2.1

* 🎉 Release 6.2.1

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 6.3.0

* 🎉 Release 7.0.0

* add release 7.2.0 to changelog

* add release 7.3.0 to changelog

---------

Co-authored-by: v.scharf <v.scharf@opencloud.eu>
v7.3.0
2026-07-14 18:52:14 +02:00
Viktor Scharf
5accb6056b set 7.3.0 version placeholder (#3132) 2026-07-14 18:12:24 +02:00
Elias Schneider
4734c57f2b fix(proxy): honor access token cache ttl 2026-07-14 17:49:40 +02:00
dependabot[bot]
fcde95750b build(deps): bump golang.org/x/image from 0.43.0 to 0.44.0
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/image/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-14 16:38:06 +02:00
dependabot[bot]
eab58b8190 build(deps): bump golang.org/x/text from 0.39.0 to 0.40.0
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.39.0 to 0.40.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-14 16:37:38 +02:00
Jörn Friedrich Dreyer
48e40a385c update collaboration readme
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-07-14 16:29:57 +02:00
Viktor Scharf
4d511a3a42 [full-ci] chore: reva bump -2.47.0 (#3127) 2026-07-14 13:15:54 +02:00
Viktor Scharf
a53eb44083 steps refactoring (#3100) 2026-07-14 09:32:35 +02:00
Benedikt Kulmann
ea1a1dd5e2 Merge pull request #3121 from opencloud-eu/chore/bump-web-v7.2.0
[full-ci] chore: bump web to v7.2.0
2026-07-13 12:30:10 +02:00
v.scharf
ff5bcdee3f add rclone to web-config 2026-07-13 11:56:15 +02:00
v.scharf
559706696a adjust e2e tests in CI 2026-07-13 11:19:51 +02:00
Benedikt Kulmann
02aea2e65e chore: bump web to v7.2.0 2026-07-13 10:29:16 +02:00
Ralf Haferkamp
8c3ef60da1 chore(idp): bump form-data and xmldom
To address issues raised in the security dashboard. Also ran `pnpm
dedupe` for cleanup
2026-07-10 14:46:32 +02:00
dependabot[bot]
b5b6a4ee26 build(deps): bump golang.org/x/term from 0.44.0 to 0.45.0
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.44.0 to 0.45.0.
- [Commits](https://github.com/golang/term/compare/v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-10 13:11:45 +02:00
dependabot[bot]
e992f952d3 build(deps): bump github.com/coreos/go-oidc/v3 from 3.19.0 to 3.20.0
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.19.0 to 3.20.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.19.0...v3.20.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-10 13:11:02 +02:00
Jörn Friedrich Dreyer
e5105ab33f Merge pull request #3097 from opencloud-eu/update-idp-i18n
chore(idp): update i18n, document workflow
2026-07-10 08:38:34 +02:00
opencloudeu
44c51e88ca [tx] updated from transifex 2026-07-09 23:16:27 +00:00
Jörn Friedrich Dreyer
bb028a569f chore(idp): update i18n, document workflow
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-07-09 14:48:34 +02:00
Alex
e4faa179b6 feat: add disableSponsorLink web config option (#3093) 2026-07-09 13:33:07 +02:00
Viktor Scharf
9efc71d42e [decomposed] more cli command tests (#3087)
* more cli command tests

* add tests to expected failures file
2026-07-09 07:51:43 +02:00
Jörn Friedrich Dreyer
415900ab01 chore(idp): update axios
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-07-08 17:09:05 +02:00
Thomas Schweiger
50be30e5db fix: fix typo in proxy service documentation 2026-07-08 10:25:47 +02:00
opencloudeu
95f29d0440 [tx] updated from transifex 2026-07-07 23:16:19 +00:00
dependabot[bot]
ee478ed6a5 build(deps): bump golang.org/x/text from 0.38.0 to 0.39.0
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.38.0 to 0.39.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-07 17:08:57 +02:00
dependabot[bot]
e53c77e2be build(deps): bump github.com/go-chi/chi/v5 from 5.3.0 to 5.3.1
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.3.0 to 5.3.1.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.3.0...v5.3.1)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-07 14:08:35 +02:00
dependabot[bot]
6f838a2131 build(deps): bump github.com/nats-io/nats-server/v2
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.14.2 to 2.14.3.
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](https://github.com/nats-io/nats-server/compare/v2.14.2...v2.14.3)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-07 12:32:16 +02:00
dependabot[bot]
e4dfada264 build(deps): bump github.com/gookit/config/v2 from 2.2.8 to 2.2.9
Bumps [github.com/gookit/config/v2](https://github.com/gookit/config) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/gookit/config/releases)
- [Commits](https://github.com/gookit/config/compare/v2.2.8...v2.2.9)

---
updated-dependencies:
- dependency-name: github.com/gookit/config/v2
  dependency-version: 2.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 17:48:24 +02:00
dependabot[bot]
bce52eec38 build(deps): bump github.com/open-policy-agent/opa from 1.18.1 to 1.18.2
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 15:06:27 +02:00
dependabot[bot]
2683b2db6f build(deps): bump github.com/kovidgoyal/imaging from 1.8.21 to 1.8.22
Bumps [github.com/kovidgoyal/imaging](https://github.com/kovidgoyal/imaging) from 1.8.21 to 1.8.22.
- [Release notes](https://github.com/kovidgoyal/imaging/releases)
- [Commits](https://github.com/kovidgoyal/imaging/compare/v1.8.21...v1.8.22)

---
updated-dependencies:
- dependency-name: github.com/kovidgoyal/imaging
  dependency-version: 1.8.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 15:05:54 +02:00
Benedikt Kulmann
08bb6fe003 chore: add github funding 2026-07-06 11:56:29 +02:00
opencloudeu
7de9ade8aa [tx] updated from transifex 2026-07-05 23:16:18 +00:00
opencloudeu
f714b22dc4 [tx] updated from transifex 2026-07-03 23:16:24 +00:00
opencloudeu
0fd05d3f5c [tx] updated from transifex 2026-07-02 23:16:19 +00:00
dependabot[bot]
85be8e726b build(deps): bump github.com/libregraph/lico from 0.66.0 to 0.67.0
Bumps [github.com/libregraph/lico](https://github.com/libregraph/lico) from 0.66.0 to 0.67.0.
- [Changelog](https://github.com/libregraph/lico/blob/master/CHANGELOG.md)
- [Commits](https://github.com/libregraph/lico/compare/v0.66.0...v0.67.0)

---
updated-dependencies:
- dependency-name: github.com/libregraph/lico
  dependency-version: 0.67.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:15:58 +02:00
Benedikt Kulmann
eee040d066 chore: trigger settings bot 2026-07-02 08:51:29 +02:00
dependabot[bot]
364d090667 build(deps): bump google.golang.org/grpc from 1.81.1 to 1.82.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.81.1 to 1.82.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.81.1...v1.82.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 08:12:25 +02:00
dependabot[bot]
04a924f716 build(deps): bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.1
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.17.1 to 1.18.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.17.1...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 08:11:54 +02:00
opencloudeu
c2ceb923e4 [tx] updated from transifex 2026-07-01 23:16:28 +00:00
Dominik Schmidt
11449b5943 docs(graph): frame colon paths as "encode segments" instead of a raw-colon edge case
Per review discussion: don't document accidental behavior. The contract is
simply "percent-encode each path segment, as MS Graph requires; encode ':'
as %3A" - OpenCloud allows ':' in names (OneDrive forbids it), so it's one
more character in the mandatory encode set, not a special case.

The parser is unchanged (split on ":/", decode once). This only rewrites the
docs (code comment, acceptance feature, PR description) to state the encode
contract, and drops the tests that relied on a raw, unencoded ':' in a file
name - keeping the "%3A" test that reflects the actual contract.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
b6a4a66aef refactor(graph): split colon paths on ":/" so colons in names work
Review feedback: split the anchor/path and path/suffix on the structural
delimiter ":/" instead of a bare ":". Since the path and suffix always
start with "/", ":/" is the real delimiter, and a ":" *inside* a file or
directory name (which OpenCloud allows but MS Graph/OneDrive forbid) is
kept as part of the path instead of being mistaken for a separator.

A ":" sitting at a segment boundary (e.g. a name ending in ":") stays
ambiguous and must be percent-encoded as "%3A": the split works on the
literal ":/", so "%3A" is never a delimiter and decodes back to ":". This
is now documented in the code and the acceptance feature.

Tests: colon inside a name (with and without a suffix), the Stat path
carrying the colon, and the "%3A" boundary escape.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
95544b65ef docs(graph): drop stale regex references from colon-path comments
The colon-syntax parsing is plain string operations now, but a few
comments still referred to "the previous regex" / "captures". Update them
to match: parseColonPath extracts the itemID from the path (driveID comes
from the route param), and the shape checks stand on their own.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
407bb2bc70 refactor(graph): clearer colon-path anchor parsing, pin second-colon rule
parseColonPath split the anchor asymmetrically (root trimmed the delimiter
colon as part of a literal "/root:" prefix, item cut on it), and the root
branch's comment talked about the driveID which isn't this function's
concern. Split once at the first colon into anchor + rest, then classify
the anchor (exactly "/root", or "/items/{id}" with a single-segment id).
Same behavior, easier to follow.

Also add explicit coverage for the rule that a suffix requires a second
colon: "/root:/Documents/children" (no second colon) is the path
"/Documents/children", not the path "/Documents" with a "/children"
suffix. Two tests pin it end-to-end - it must route to the bare item (not
/items/{id}/children) and Stat must receive the full path.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
4b98022688 refactor(graph): parse colon paths with string ops instead of regexes
Review feedback: the two colon-syntax regexes were hard to read. Since the
middleware is scoped to /drives/{driveID}, the RoutePath it inspects is just
the sub-path (/root:/... or /items/{id}:/...), so a regex buys nothing.

Replace rootColonRe/itemColonRe (and the matchInto/extract helpers) with a
single parseColonPath that uses plain string operations
(HasPrefix/TrimPrefix/TrimSuffix/Cut), one commented step at a time.
Behavior is unchanged; the existing table tests (trailing colon, no suffix,
deep paths, multi-segment suffixes, item-anchored, encoded paths) still pass
and pin it.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
1f51bad9d1 refactor(graph): scope colon-path middleware to /drives/{driveID}
Addresses review feedback: a sub-router middleware can re-route after all,
as long as it rewrites chi.RouteContext().RoutePath instead of r.URL.Path.
Once chi has descended into a sub-router its routeHTTP matches against
rctx.RoutePath and ignores r.URL.Path, which is why the earlier top-level
registration was thought to be required.

Move ResolveGraphPath off the top-level mux.Use and attach it to the
/drives/{driveID} sub-routers (v1.0 + v1beta1). It now reads driveID from
chi.URLParam and matches against RoutePath (the part below the drive), so
the regexes drop the version + drive prefix entirely.

RoutePath carries the percent-encoded wire form (Graph.ServeHTTP sets
RawPath), so the captured driveID/itemID/path are PathUnescape'd exactly
once - reproducing the decoded r.URL.Path a normal handler would see,
without the previous RawPath/EscapedPath workaround. r.URL.Path is now
left untouched; only chi's internal RoutePath is rewritten.

Tests are reworked to drive requests through a chi router mirroring the
production nesting (including the Graph.ServeHTTP RawPath behavior), so
chi's sub-router middleware ordering, RoutePath encoding and param
round-trip are all covered indirectly: a chi upgrade that changes any of
them fails these tests instead of silently breaking colon-path lookups.
Adds explicit coverage for percent-decoding (%20, %252F) and the `$`/`!`
sub-delimiter id round-trip.
2026-07-01 17:44:31 +02:00
Dominik Schmidt
8f51a4318a test(graph): pin chi URLParam round-trip for IDs with ! sub-delim
Codacy flagged the colon-path middleware comment claiming both `$`
and `!` need percent-encoding for chi's tree match, while the
implementation only calls r.URL.RawPath = r.URL.EscapedPath() which
does not encode either character per the suggestion's reading.

In practice EscapedPath does encode `!` as `%21` (only `?` is the
hardcoded escape, `!` is escaped because Go's net/url treats it as
needing encoding outside specific contexts). It leaves `$` literal,
which chi handles fine. chi.URLParam returns the encoded segment
verbatim, and downstream OpenCloud handlers (parseIDParam,
GetDriveAndItemIDParam) already PathUnescape before parsing IDs, so
the round-trip works end-to-end. The acceptance tests on this
branch already exercise this with real `$`/`!`-containing IDs.

Add a focused unit test that mounts the middleware behind chi,
sends a colon URL, and asserts the actual contract:
  - driveID (only `$`): chi.URLParam returns it literal
  - itemID (with `!`):  PathUnescape(chi.URLParam(...)) == original

Update the misleading comment so future readers (and reviewers) see
what the encoding actually does and which downstream contract it
relies on.
2026-07-01 17:44:31 +02:00