🎉 Release 2.3.0 (#745)

* 🎉 Release 2.2.1

* 🎉 Release 2.2.1

* 🎉 Release 2.2.1

* 🎉 Release 2.2.1

* 🎉 Release 2.2.1

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

* 🎉 Release 2.3.0

.woodpecker.env

@@ -1,3 +1,3 @@
 # The test runner source for UI tests
-WEB_COMMITID=81996a0479fa7c1aa7b40d96ba2bea14569d46b6
+WEB_COMMITID=8c10b33af6ec3a949f95a57f197ee915d666f343
 WEB_BRANCH=main

.woodpecker.star

@@ -1,12 +1,6 @@
 """OpenCloud CI definition
 """
 
-# Production release tags
-# NOTE: need to be updated if new production releases are determined
-# - follow semver
-# - omit 'v' prefix
-PRODUCTION_RELEASE_TAGS = ["2.0", "3.0"]
-
 # Repository
 
 repo_slug = "opencloud-eu/opencloud"
@@ -132,6 +126,7 @@ config = {
             "suites": [
                 "apiGraph",
                 "apiServiceAvailability",
+                "collaborativePosix",
             ],
             "skip": False,
             "withRemotePhp": [True],
@@ -343,6 +338,20 @@ config = {
     },
     "dockerReleases": {
         "architectures": ["arm64", "amd64"],
+        "production": {
+            # NOTE: need to be updated if new production releases are determined
+            "tags": ["2.0"],
+            "repo": docker_repo_slug,
+            "build_type": "production",
+        },
+        "rolling": {
+            "repo": docker_repo_slug + "-rolling",
+            "build_type": "rolling",
+        },
+        "daily": {
+            "repo": docker_repo_slug + "-rolling",
+            "build_type": "daily",
+        },
     },
     "litmus": True,
     "codestyle": True,
@@ -433,12 +442,12 @@ def main(ctx):
 
     test_pipelines = \
         codestyle(ctx) + \
-        checkGherkinLint() + \
-        checkTestSuitesInExpectedFailures() + \
+        checkGherkinLint(ctx) + \
+        checkTestSuitesInExpectedFailures(ctx) + \
         buildWebCache(ctx) + \
         getGoBinForTesting(ctx) + \
         buildOpencloudBinaryForTesting(ctx) + \
-        checkStarlark() + \
+        checkStarlark(ctx) + \
         build_release_helpers + \
         testOpencloudAndUploadResults(ctx) + \
         testPipelines(ctx)
@@ -479,7 +488,7 @@ def main(ctx):
     pipelineSanityChecks(pipelines)
     return pipelines
 
-def cachePipeline(name, steps):
+def cachePipeline(ctx, name, steps):
     return {
         "name": "build-%s-cache" % name,
         "skip_clone": True,
@@ -489,14 +498,19 @@ def cachePipeline(name, steps):
                 "event": ["push", "manual"],
                 "branch": ["main", "stable-*"],
             },
-            event["pull_request"],
+            {
+                "event": "pull_request",
+                "path": {
+                    "exclude": skipIfUnchanged(ctx, "base"),
+                },
+            },
         ],
     }
 
 def buildWebCache(ctx):
     return [
-        cachePipeline("web", generateWebCache(ctx)),
-        cachePipeline("web-pnpm", generateWebPnpmCache(ctx)),
+        cachePipeline(ctx, "web", generateWebCache(ctx)),
+        cachePipeline(ctx, "web-pnpm", generateWebPnpmCache(ctx)),
     ]
 
 def testOpencloudAndUploadResults(ctx):
@@ -730,7 +744,7 @@ def buildOpencloudBinaryForTesting(ctx):
             {
                 "event": "pull_request",
                 "path": {
-                    "exclude": skipIfUnchanged(ctx, "unit-tests"),
+                    "exclude": skipIfUnchanged(ctx, "base"),
                 },
             },
         ],
@@ -761,7 +775,7 @@ def vendorbinCodesniffer(phpVersion):
         ],
     }]
 
-def checkTestSuitesInExpectedFailures():
+def checkTestSuitesInExpectedFailures(ctx):
     return [{
         "name": "check-suites-in-expected-failures",
         "steps": [
@@ -773,10 +787,18 @@ def checkTestSuitesInExpectedFailures():
                 ],
             },
         ],
-        "when": [event["pull_request"]],
+        "when": [
+            event["base"],
+            {
+                "event": "pull_request",
+                "path": {
+                    "exclude": skipIfUnchanged(ctx, "acceptance-tests"),
+                },
+            },
+        ],
     }]
 
-def checkGherkinLint():
+def checkGherkinLint(ctx):
     return [{
         "name": "check-gherkin-standard",
         "steps": [
@@ -789,7 +811,15 @@ def checkGherkinLint():
                 ],
             },
         ],
-        "when": [event["pull_request"]],
+        "when": [
+            event["base"],
+            {
+                "event": "pull_request",
+                "path": {
+                    "exclude": skipIfUnchanged(ctx, "lint"),
+                },
+            },
+        ],
     }]
 
 def codestyle(ctx):
@@ -900,7 +930,7 @@ def localApiTestPipeline(ctx):
                 for storage in params["storages"]:
                     for run_with_remote_php in params["withRemotePhp"]:
                         pipeline = {
-                            "name": "%s-%s%s-%s" % ("CLI" if name.startswith("cli") else "API", name, "-withoutRemotePhp" if not run_with_remote_php else "", storage),
+                            "name": "%s-%s%s-%s" % ("CLI" if name.startswith("cli") else "API", name, "-withoutRemotePhp" if not run_with_remote_php else "", "decomposed" if name.startswith("cli") else storage),
                             "steps": restoreBuildArtifactCache(ctx, dirs["opencloudBinArtifact"], dirs["opencloudBinPath"]) +
                                      (tikaService() if params["tikaNeeded"] else []) +
                                      (waitForServices("online-offices", ["collabora:9980", "onlyoffice:443", "fakeoffice:8080"]) if params["collaborationServiceNeeded"] else []) +
@@ -931,7 +961,7 @@ def localApiTestPipeline(ctx):
 
 def localApiTests(name, suites, storage = "decomposed", extra_environment = {}, with_remote_php = False):
     test_dir = "%s/tests/acceptance" % dirs["base"]
-    expected_failures_file = "%s/expected-failures-localAPI-on-decomposed-storage.md" % test_dir
+    expected_failures_file = "%s/expected-failures-localAPI-on-%s-storage.md" % (test_dir, storage)
 
     environment = {
         "TEST_SERVER_URL": OC_URL,
@@ -939,12 +969,13 @@ def localApiTests(name, suites, storage = "decomposed", extra_environment = {},
         "SEND_SCENARIO_LINE_REFERENCES": True,
         "STORAGE_DRIVER": storage,
         "BEHAT_SUITES": ",".join(suites),
-        "BEHAT_FILTER_TAGS": "~@skip&&~@skipOnGraph&&~@skipOnOpencloud-%s-Storage" % storage,
+        "BEHAT_FILTER_TAGS": "~@skip&&~@skipOnOpencloud-%s-Storage" % storage,
         "EXPECTED_FAILURES_FILE": expected_failures_file,
         "UPLOAD_DELETE_WAIT_TIME": "1" if storage == "owncloud" else 0,
         "OC_WRAPPER_URL": "http://%s:5200" % OC_SERVER_NAME,
         "WITH_REMOTE_PHP": with_remote_php,
         "COLLABORATION_SERVICE_URL": "http://wopi-fakeoffice:9300",
+        "OC_STORAGE_PATH": "$HOME/.opencloud/storage/users",
     }
 
     for item in extra_environment:
@@ -1107,7 +1138,7 @@ def coreApiTests(ctx, part_number = 1, number_of_parts = 1, with_remote_php = Fa
     storage = "posix"
     if "[decomposed]" in ctx.build.title.lower():
         storage = "decomposed"
-    filterTags = "~@skipOnGraph&&~@skipOnOpencloud-%s-Storage" % storage
+    filterTags = "~@skipOnOpencloud-%s-Storage" % storage
     test_dir = "%s/tests/acceptance" % dirs["base"]
     expected_failures_file = "%s/expected-failures-API-on-%s-storage.md" % (test_dir, storage)
 
@@ -1472,26 +1503,31 @@ def logTracingResults():
 def dockerReleases(ctx):
     pipelines = []
     docker_repos = []
-    build_type = "daily"
+    build_type = ""
 
-    # dockerhub repo
-    #  - "opencloudeu/opencloud-rolling"
-    repo = docker_repo_slug + "-rolling"
-    docker_repos.append(repo)
-
-    # production release repo
     if ctx.build.event == "tag":
         tag = ctx.build.ref.replace("refs/tags/v", "").lower()
-        for prod_tag in PRODUCTION_RELEASE_TAGS:
+
+        is_production = False
+        for prod_tag in config["dockerReleases"]["production"]["tags"]:
             if tag.startswith(prod_tag):
-                docker_repos.append(docker_repo_slug)
+                is_production = True
                 break
 
+        if is_production:
+            docker_repos.append(config["dockerReleases"]["production"]["repo"])
+            build_type = config["dockerReleases"]["production"]["build_type"]
+
+        else:
+            docker_repos.append(config["dockerReleases"]["rolling"]["repo"])
+            build_type = config["dockerReleases"]["rolling"]["build_type"]
+
+    else:
+        docker_repos.append(config["dockerReleases"]["daily"]["repo"])
+        build_type = config["dockerReleases"]["daily"]["build_type"]
+
     for repo in docker_repos:
         repo_pipelines = []
-        if ctx.build.event == "tag":
-            build_type = "rolling" if "rolling" in repo else "production"
-
         repo_pipelines.append(dockerRelease(ctx, repo, build_type))
 
         # manifest = releaseDockerManifest(ctx, repo, build_type)
@@ -1884,6 +1920,7 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
         "OC_JWT_SECRET": "some-opencloud-jwt-secret",
         "EVENTHISTORY_STORE": "memory",
         "OC_TRANSLATION_PATH": "%s/tests/config/translations" % dirs["base"],
+        "ACTIVITYLOG_WRITE_BUFFER_DURATION": "0",  # Disable write buffer so that test expectations are met in time
         # debug addresses required for running services health tests
         "ACTIVITYLOG_DEBUG_ADDR": "0.0.0.0:9197",
         "APP_PROVIDER_DEBUG_ADDR": "0.0.0.0:9165",
@@ -2001,6 +2038,8 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
             },
         },
         "commands": [
+            "apt-get update",
+            "apt-get install -y inotify-tools",
             "%s init --insecure true" % dirs["opencloudBin"],
             "cat $OC_CONFIG_DIR/opencloud.yaml",
             "cp tests/config/woodpecker/app-registry.yaml $OC_CONFIG_DIR/app-registry.yaml",
@@ -2103,7 +2142,7 @@ def skipIfUnchanged(ctx, type):
         skip = base + acceptance
     elif type == "build-binary" or type == "build-docker" or type == "litmus":
         skip = base + unit + acceptance
-    elif type == "cache":
+    elif type == "cache" or type == "base":
         skip = base
 
     return skip
@@ -2183,7 +2222,7 @@ def deploy(config, rebuild):
         ],
     }
 
-def checkStarlark():
+def checkStarlark(ctx):
     return [{
         "name": "check-starlark",
         "steps": [
@@ -2209,7 +2248,15 @@ def checkStarlark():
             },
         ],
         "depends_on": [],
-        "when": [event["pull_request"]],
+        "when": [
+            event["base"],
+            {
+                "event": "pull_request",
+                "path": {
+                    "exclude": skipIfUnchanged(ctx, "base"),
+                },
+            },
+        ],
     }]
 
 def genericCache(name, action, mounts, cache_path):

CHANGELOG.md

@@ -1,5 +1,63 @@
 # Changelog
 
+## [2.3.0](https://github.com/opencloud-eu/opencloud/releases/tag/v2.3.0) - 2025-05-19
+
+### ❤️ Thanks to all contributors! ❤️
+
+@AlexAndBear, @ScharfViktor, @aduffeck, @butonic, @micbar, @rhafer
+
+### ✨ Features
+
+- deployment: Adapt opencloud_full to include radicale [[#773](https://github.com/opencloud-eu/opencloud/pull/773)]
+- proxy(router): Allow to set some outgoing headers [[#756](https://github.com/opencloud-eu/opencloud/pull/756)]
+- feat: set idp logo defaul url [[#746](https://github.com/opencloud-eu/opencloud/pull/746)]
+
+### 📈 Enhancement
+
+- Reduce load caused by the activitylog service [[#842](https://github.com/opencloud-eu/opencloud/pull/842)]
+
+### ✅ Tests
+
+- PosixTest. Check that version, share and link still exist [[#837](https://github.com/opencloud-eu/opencloud/pull/837)]
+- [test-only] test for #452 [[#826](https://github.com/opencloud-eu/opencloud/pull/826)]
+- collaboration posix tests [[#780](https://github.com/opencloud-eu/opencloud/pull/780)]
+- collaborative posix test [[#672](https://github.com/opencloud-eu/opencloud/pull/672)]
+
+### 🐛 Bug Fixes
+
+- nats: Don't enable debug and trace logging by default [[#825](https://github.com/opencloud-eu/opencloud/pull/825)]
+- fix: show special roles at the end of the list [[#806](https://github.com/opencloud-eu/opencloud/pull/806)]
+- fix: idp login logo url exceeds logo [[#742](https://github.com/opencloud-eu/opencloud/pull/742)]
+
+### 📦️ Dependencies
+
+- [full-ci] chore(web): bump web to v2.3.0 [[#885](https://github.com/opencloud-eu/opencloud/pull/885)]
+- chore:reva bump v.2.33 [[#884](https://github.com/opencloud-eu/opencloud/pull/884)]
+- build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 [[#862](https://github.com/opencloud-eu/opencloud/pull/862)]
+- build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 [[#855](https://github.com/opencloud-eu/opencloud/pull/855)]
+- build(deps-dev): bump dotenv-expand from 10.0.0 to 12.0.2 in /services/idp [[#831](https://github.com/opencloud-eu/opencloud/pull/831)]
+- build(deps): bump github.com/libregraph/lico from 0.65.2-0.20250428103211-356e98f98457 to 0.66.0 [[#839](https://github.com/opencloud-eu/opencloud/pull/839)]
+- build(deps): bump i18next from 23.16.8 to 25.1.2 in /services/idp [[#832](https://github.com/opencloud-eu/opencloud/pull/832)]
+- build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 [[#829](https://github.com/opencloud-eu/opencloud/pull/829)]
+- build(deps): bump golang.org/x/image from 0.26.0 to 0.27.0 [[#817](https://github.com/opencloud-eu/opencloud/pull/817)]
+- build(deps): bump github.com/CiscoM31/godata from 1.0.10 to 1.0.11 [[#815](https://github.com/opencloud-eu/opencloud/pull/815)]
+- build(deps): bump github.com/KimMachineGun/automemlimit from 0.7.1 to 0.7.2 [[#803](https://github.com/opencloud-eu/opencloud/pull/803)]
+- build(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 [[#802](https://github.com/opencloud-eu/opencloud/pull/802)]
+- build(deps): bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.2 [[#784](https://github.com/opencloud-eu/opencloud/pull/784)]
+- build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 [[#785](https://github.com/opencloud-eu/opencloud/pull/785)]
+- build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 in /services/idp [[#777](https://github.com/opencloud-eu/opencloud/pull/777)]
+- build(deps): bump github.com/nats-io/nats.go from 1.41.2 to 1.42.0 [[#776](https://github.com/opencloud-eu/opencloud/pull/776)]
+- build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 [[#775](https://github.com/opencloud-eu/opencloud/pull/775)]
+- build(deps): bump i18next-http-backend from 2.5.2 to 3.0.2 in /services/idp [[#774](https://github.com/opencloud-eu/opencloud/pull/774)]
+- build(deps): bump github.com/beevik/etree from 1.5.0 to 1.5.1 [[#759](https://github.com/opencloud-eu/opencloud/pull/759)]
+- build(deps): bump github.com/nats-io/nats-server/v2 from 2.11.2 to 2.11.3 [[#762](https://github.com/opencloud-eu/opencloud/pull/762)]
+- build(deps): bump github.com/nats-io/nats-server/v2 from 2.11.1 to 2.11.2 [[#754](https://github.com/opencloud-eu/opencloud/pull/754)]
+- build(deps): bump github.com/gookit/config/v2 from 2.2.5 to 2.2.6 [[#753](https://github.com/opencloud-eu/opencloud/pull/753)]
+- build(deps-dev): bump css-loader from 5.2.7 to 7.1.2 in /services/idp [[#740](https://github.com/opencloud-eu/opencloud/pull/740)]
+- build(deps): bump react-i18next from 15.1.1 to 15.5.1 in /services/idp [[#741](https://github.com/opencloud-eu/opencloud/pull/741)]
+- build(deps): bump github.com/blevesearch/bleve/v2 from 2.4.4 to 2.5.0 [[#743](https://github.com/opencloud-eu/opencloud/pull/743)]
+- build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.8 to 1.4.9 [[#744](https://github.com/opencloud-eu/opencloud/pull/744)]
+
 ## [2.2.0](https://github.com/opencloud-eu/opencloud/releases/tag/v2.2.0) - 2025-04-28
 
 ### ❤️ Thanks to all contributors! ❤️

deployments/examples/opencloud_full/.env

@@ -182,7 +182,7 @@ COLLABORA=:collabora.yml
 # Domain of Collabora, where you can find the frontend.
 # Defaults to "collabora.opencloud.test"
 COLLABORA_DOMAIN=
-# Domain of the wopiserver which handles OnlyOffice.
+# Domain of the wopiserver which handles Collabora.
 # Defaults to "wopiserver.opencloud.test"
 WOPISERVER_DOMAIN=
 # Admin user for Collabora.
@@ -225,19 +225,10 @@ COLLABORA_SSL_VERIFICATION=false
 # Defaults to "partial"
 #ANTIVIRUS_MAX_SCAN_SIZE_MODE=
 # Image version of the ClamAV container.
-# Defaults to "latest"
+# Defaults to "latest"y
 CLAMAV_DOCKER_TAG=
 
 
-### OnlyOffice Settings ###
-# Note: the leading colon is required to enable the service.
-#ONLYOFFICE=:onlyoffice.yml
-# Domain for OnlyOffice. Defaults to "onlyoffice.opencloud.test".
-ONLYOFFICE_DOMAIN=
-# Domain for the wopiserver which handles OnlyOffice.
-WOPISERVER_ONLYOFFICE_DOMAIN=
-
-
 ### Inbucket Settings ###
 # Inbucket is a mail catcher tool for testing purposes.
 # DO NOT use in Production.
@@ -269,6 +260,11 @@ LDAP_ADMIN_PASSWORD=
 # LDAP manager domain. Defaults to "ldap.opencloud.test"
 LDAP_MANAGER_DOMAIN=
 
+### LibreGraph Connect (lico) IDP ###
+# LibreGraph Connect (lico) implements an OpenID provider (OP) with integrated web login and consent forms.
+# Text hint that appears within the username input field on the sign-in page
+IDP_DEFAULT_SIGNIN_PAGE_TEXT=
+
 ### Keycloak Settings ###
 # Keycloak is an open-source identity and access management solution.
 # We are using Keycloak as the default identity provider on production installations.
@@ -294,8 +290,23 @@ KEYCLOAK_ADMIN_PASSWORD=
 # Autoprovisioning mode. Defaults to "true"
 #KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
 
+### Radicale Setting ###
+# Radicale is a small open-source CalDAV (calendars, to-do lists) and CardDAV (contacts) server.
+# When enabled OpenCloud is configured as a reverse proxy for Radicale, providing all authenticated
+# OpenCloud users access to a Personal Calendar and Addressbook
+#RADICALE=:radicale.yml
+# Docker image to use for the Radicale Container
+#RADICALE_DOCKER_IMAGE=opencloudeu/radicale
+# Docker tag to pull for the Radicale Container
+#RADICALE_DOCKER_TAG=latest
+# Define the storage location for the Radicale data. Set the path to a local path.
+# Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000.
+# This matches the default user inside the container and avoids permission issues when accessing files.
+# Leaving it default stores data in docker internal volumes.
+#RADICALE_DATA_DIR=/your/local/radicale/data
+
 ## IMPORTANT ##
 # This MUST be the last line as it assembles the supplemental compose files to be used.
 # ALL supplemental configs must be added here, whether commented or not.
 # Each var must either be empty or contain :path/file.yml
-COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}
+COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}${RADICALE:-}

deployments/examples/opencloud_full/collabora.yml

@@ -53,7 +53,7 @@ services:
     restart: always
 
   collabora:
-    image: collabora/code:24.04.13.2.1
+    image: collabora/code:25.04.1.1.1
     # release notes: https://www.collaboraonline.com/release-notes/
     networks:
       opencloud-net:
@@ -83,4 +83,5 @@ services:
     entrypoint: ['/bin/bash', '-c']
     command: ['coolconfig generate-proof-key && /start-collabora-online.sh']
     healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/127.0.0.1/9980 && echo -e 'GET /hosting/discovery HTTP/1.1\r\nHost: localhost:9980\r\n\r\n' >&3 && head -n 1 <&3 | grep '200 OK'"]
+

deployments/examples/opencloud_full/config/onlyoffice/entrypoint-override.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-set -e
-
-# we can't mount it directly because the run-document-server.sh script wants to move it
-cp /etc/onlyoffice/documentserver/local.dist.json /etc/onlyoffice/documentserver/local.json
-
-/app/ds/run-document-server.sh

deployments/examples/opencloud_full/config/onlyoffice/local.json

@@ -1,71 +0,0 @@
-{
-  "services": {
-    "CoAuthoring": {
-      "sql": {
-        "type": "postgres",
-        "dbHost": "localhost",
-        "dbPort": "5432",
-        "dbName": "onlyoffice",
-        "dbUser": "onlyoffice",
-        "dbPass": "onlyoffice"
-      },
-      "token": {
-        "enable": {
-          "request": {
-            "inbox": true,
-            "outbox": true
-          },
-          "browser": true
-        },
-        "inbox": {
-          "header": "Authorization"
-        },
-        "outbox": {
-          "header": "Authorization"
-        }
-      },
-      "secret": {
-        "inbox": {
-          "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu"
-        },
-        "outbox": {
-          "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu"
-        },
-        "session": {
-          "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu"
-        }
-      }
-    }
-  },
-  "rabbitmq": {
-    "url": "amqp://guest:guest@localhost"
-  },
-  "FileConverter": {
-		"converter": {
-			"inputLimits": [
-				{
-				"type": "docx;dotx;docm;dotm",
-				"zip": {
-					"uncompressed": "1GB",
-					"template": "*.xml"
-				}
-				},
-				{
-				"type": "xlsx;xltx;xlsm;xltm",
-				"zip": {
-					"uncompressed": "1GB",
-					"template": "*.xml"
-				}
-				},
-				{
-				"type": "pptx;ppsx;potx;pptm;ppsm;potm",
-				"zip": {
-					"uncompressed": "1GB",
-					"template": "*.xml"
-				}
-				}
-			]
-		}
-	}
-
-}

deployments/examples/opencloud_full/config/opencloud/csp.yaml

@@ -19,7 +19,6 @@ directives:
     - 'blob:'
     - 'https://embed.diagrams.net/'
     # In contrary to bash and docker the default is given after the | character
-    - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/'
     - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
     # This is needed for the external-sites web extension when embedding sites
     - 'https://docs.opencloud.eu'
@@ -29,7 +28,6 @@ directives:
     - 'blob:'
     - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
     # In contrary to bash and docker the default is given after the | character
-    - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/'
     - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
   manifest-src:
     - '''self'''

deployments/examples/opencloud_full/config/opencloud/proxy.yaml

@@ -0,0 +1,40 @@
+# This adds four additional routes to the proxy. Forwarding
+# request on '/carddav/', '/caldav/' and the respective '/.well-knwown'
+# endpoints to the radicale container and setting the required headers.
+additional_policies:
+  - name: default
+    routes:
+      - endpoint: /caldav/
+        backend: http://radicale:5232
+        remote_user_header: X-Remote-User
+        skip_x_access_token: true
+        additional_headers:
+          - X-Script-Name: /caldav
+      - endpoint: /.well-known/caldav
+        backend: http://radicale:5232
+        remote_user_header: X-Remote-User
+        skip_x_access_token: true
+        additional_headers:
+          - X-Script-Name: /caldav
+      - endpoint: /carddav/
+        backend: http://radicale:5232
+        remote_user_header: X-Remote-User
+        skip_x_access_token: true
+        additional_headers:
+          - X-Script-Name: /carddav
+      - endpoint: /.well-known/carddav
+        backend: http://radicale:5232
+        remote_user_header: X-Remote-User
+        skip_x_access_token: true
+        additional_headers:
+          - X-Script-Name: /carddav
+# To enable the radicale web UI add this rule.
+# "unprotected" is True because the Web UI itself ask for
+# the password.
+# Also set "type" to "internal" in the config/radicale/config
+#      - endpoint: /caldav/.web/
+#        backend: http://radicale:5232/
+#        unprotected: true
+#        skip_x_access_token: true
+#        additional_headers:
+#          - X-Script-Name: /caldav

deployments/examples/opencloud_full/config/radicale/config

@@ -0,0 +1,325 @@
+# -*- mode: conf -*-
+# vim:ft=cfg
+
+# Config file for Radicale - A simple calendar server
+#
+# Place it into /etc/radicale/config (global)
+# or ~/.config/radicale/config (user)
+#
+# The current values are the default ones
+
+
+[server]
+
+# CalDAV server hostnames separated by a comma
+# IPv4 syntax: address:port
+# IPv6 syntax: [address]:port
+# Hostname syntax (using "getaddrinfo" to resolve to IPv4/IPv6 adress(es)): hostname:port
+# For example: 0.0.0.0:9999, [::]:9999, localhost:9999
+hosts = 0.0.0.0:5232
+
+# Max parallel connections
+#max_connections = 8
+
+# Max size of request body (bytes)
+#max_content_length = 100000000
+
+# Socket timeout (seconds)
+#timeout = 30
+
+# SSL flag, enable HTTPS protocol
+#ssl = False
+
+# SSL certificate path
+#certificate = /etc/ssl/radicale.cert.pem
+
+# SSL private key
+#key = /etc/ssl/radicale.key.pem
+
+# CA certificate for validating clients. This can be used to secure
+# TCP traffic between Radicale and a reverse proxy
+#certificate_authority =
+
+# SSL protocol, secure configuration: ALL -SSLv3 -TLSv1 -TLSv1.1
+#protocol = (default)
+
+# SSL ciphersuite, secure configuration: DHE:ECDHE:-NULL:-SHA (see also "man openssl-ciphers")
+#ciphersuite = (default)
+
+# script name to strip from URI if called by reverse proxy
+#script_name = (default taken from HTTP_X_SCRIPT_NAME or SCRIPT_NAME)
+
+
+[encoding]
+
+# Encoding for responding requests
+#request = utf-8
+
+# Encoding for storing local collections
+#stock = utf-8
+
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
+type = http_x_remote_user
+
+# Cache logins for until expiration time
+#cache_logins = false
+
+# Expiration time for caching successful logins in seconds
+#cache_successful_logins_expiry = 15
+
+## Expiration time of caching failed logins in seconds
+#cache_failed_logins_expiry = 90
+
+# Ignore modifyTimestamp and createTimestamp attributes. Required e.g. for Authentik LDAP server
+#ldap_ignore_attribute_create_modify_timestamp = false
+
+# URI to the LDAP server
+#ldap_uri = ldap://localhost
+
+# The base DN where the user accounts have to be searched
+#ldap_base = ##BASE_DN##
+
+# The reader DN of the LDAP server
+#ldap_reader_dn = CN=ldapreader,CN=Users,##BASE_DN##
+
+# Password of the reader DN
+#ldap_secret = ldapreader-secret
+
+# Path of the file containing password of the reader DN
+#ldap_secret_file = /run/secrets/ldap_password
+
+# the attribute to read the group memberships from in the user's LDAP entry (default: not set)
+#ldap_groups_attribute = memberOf
+
+# The filter to find the DN of the user. This filter must contain a python-style placeholder for the login
+#ldap_filter = (&(objectClass=person)(uid={0}))
+
+# the attribute holding the value to be used as username after authentication
+#ldap_user_attribute = cn
+
+# Use ssl on the ldap connection
+# Soon to be deprecated, use ldap_security instead
+#ldap_use_ssl = False
+
+# the encryption mode to be used: tls, starttls, default is none
+#ldap_security = none
+
+# The certificate verification mode. Works for ssl and starttls. NONE, OPTIONAL, default is REQUIRED
+#ldap_ssl_verify_mode = REQUIRED
+
+# The path to the CA file in pem format which is used to certificate the server certificate
+#ldap_ssl_ca_file =
+
+# Connection type for dovecot authentication (AF_UNIX|AF_INET|AF_INET6)
+# Note: credentials are transmitted in cleartext
+#dovecot_connection_type = AF_UNIX
+
+# The path to the Dovecot client authentication socket (eg. /run/dovecot/auth-client on Fedora). Radicale must have read / write access to the socket.
+#dovecot_socket = /var/run/dovecot/auth-client
+
+# Host of via network exposed dovecot socket
+#dovecot_host = localhost
+
+# Port of via network exposed dovecot socket
+#dovecot_port = 12345
+
+# IMAP server hostname
+# Syntax: address | address:port | [address]:port | imap.server.tld
+#imap_host = localhost
+
+# Secure the IMAP connection
+# Value: tls | starttls | none
+#imap_security = tls
+
+# OAuth2 token endpoint URL
+#oauth2_token_endpoint = <URL>
+
+# PAM service
+#pam_serivce = radicale
+
+# PAM group user should be member of
+#pam_group_membership =
+
+# Htpasswd filename
+#htpasswd_filename = /etc/radicale/users
+
+# Htpasswd encryption method
+# Value: plain | bcrypt | md5 | sha256 | sha512 | autodetect
+# bcrypt requires the installation of 'bcrypt' module.
+#htpasswd_encryption = autodetect
+
+# Enable caching of htpasswd file based on size and mtime_ns
+#htpasswd_cache = False
+
+# Incorrect authentication delay (seconds)
+#delay = 1
+
+# Message displayed in the client when a password is needed
+#realm = Radicale - Password Required
+
+# Convert username to lowercase, must be true for case-insensitive auth providers
+#lc_username = False
+
+# Strip domain name from username
+#strip_domain = False
+
+
+[rights]
+
+# Rights backend
+# Value: authenticated | owner_only | owner_write | from_file
+#type = owner_only
+
+# File for rights management from_file
+#file = /etc/radicale/rights
+
+# Permit delete of a collection (global)
+#permit_delete_collection = True
+
+# Permit overwrite of a collection (global)
+#permit_overwrite_collection = True
+
+
+[storage]
+
+# Storage backend
+# Value: multifilesystem | multifilesystem_nolock
+#type = multifilesystem
+
+# Folder for storing local collections, created if not present
+#filesystem_folder = /var/lib/radicale/collections
+
+# Folder for storing cache of local collections, created if not present
+# Note: only used in case of use_cache_subfolder_* options are active
+# Note: can be used on multi-instance setup to cache files on local node (see below)
+#filesystem_cache_folder = (filesystem_folder)
+
+# Use subfolder 'collection-cache' for 'item' cache file structure instead of inside collection folder
+# Note: can be used on multi-instance setup to cache 'item' on local node
+#use_cache_subfolder_for_item = False
+
+# Use subfolder 'collection-cache' for 'history' cache file structure instead of inside collection folder
+# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
+#use_cache_subfolder_for_history = False
+
+# Use subfolder 'collection-cache' for 'sync-token' cache file structure instead of inside collection folder
+# Note: use only on single-instance setup, will break consistency with client in multi-instance setup
+#use_cache_subfolder_for_synctoken = False
+
+# Use last modifiction time (nanoseconds) and size (bytes) for 'item' cache instead of SHA256 (improves speed)
+# Note: check used filesystem mtime precision before enabling
+# Note: conversion is done on access, bulk conversion can be done offline using storage verification option: radicale --verify-storage
+#use_mtime_and_size_for_item_cache = False
+
+# Use configured umask for folder creation (not applicable for OS Windows)
+# Useful value: 0077 | 0027 | 0007 | 0022
+#folder_umask = (system default, usual 0022)
+
+# Delete sync token that are older (seconds)
+#max_sync_token_age = 2592000
+
+# Skip broken item instead of triggering an exception
+#skip_broken_item = True
+
+# Command that is run after changes to storage, default is emtpy
+#  Supported placeholders:
+#   %(user)s: logged-in user
+#   %(cwd)s : current working directory
+#   %(path)s: full path of item
+#  Command will be executed with base directory defined in filesystem_folder
+#  For "git" check DOCUMENTATION.md for bootstrap instructions
+# Example(test): echo \"user=%(user)s path=%(path)s cwd=%(cwd)s\"
+# Example(git): git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
+#hook =
+
+# Create predefined user collections
+#
+# json format:
+#
+#  {
+#    "def-addressbook": {
+#       "D:displayname": "Personal Address Book",
+#       "tag": "VADDRESSBOOK"
+#    },
+#    "def-calendar": {
+#       "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
+#       "D:displayname": "Personal Calendar",
+#       "tag": "VCALENDAR"
+#    }
+#  }
+#
+predefined_collections = {
+    "def-addressbook": {
+       "D:displayname": "Personal Address Book",
+       "tag": "VADDRESSBOOK"
+    },
+    "def-calendar": {
+       "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
+       "D:displayname": "Personal Calendar",
+       "tag": "VCALENDAR"
+    }
+  }
+
+
+[web]
+
+# Web interface backend
+# Value: none | internal
+type = none
+
+
+[logging]
+
+# Threshold for the logger
+# Value: debug | info | warning | error | critical
+#level = info
+
+# Don't include passwords in logs
+#mask_passwords = True
+
+# Log bad PUT request content
+#bad_put_request_content = False
+
+# Log backtrace on level=debug
+#backtrace_on_debug = False
+
+# Log request header on level=debug
+#request_header_on_debug = False
+
+# Log request content on level=debug
+#request_content_on_debug = False
+
+# Log response content on level=debug
+#response_content_on_debug = False
+
+# Log rights rule which doesn't match on level=debug
+#rights_rule_doesnt_match_on_debug = False
+
+# Log storage cache actions on level=debug
+#storage_cache_actions_on_debug = False
+
+[headers]
+
+# Additional HTTP headers
+#Access-Control-Allow-Origin = *
+
+
+[hook]
+
+# Hook types
+# Value: none | rabbitmq
+#type = none
+#rabbitmq_endpoint =
+#rabbitmq_topic =
+#rabbitmq_queue_type = classic
+
+
+[reporting]
+
+# When returning a free-busy report, limit the number of returned
+# occurences per event to prevent DOS attacks.
+#max_freebusy_occurrence = 10000

deployments/examples/opencloud_full/onlyoffice.yml

@@ -1,86 +0,0 @@
----
-services:
-  traefik:
-    networks:
-      opencloud-net:
-        aliases:
-          - ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
-          - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}
-
-  collaboration-oo:
-    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
-    networks:
-      opencloud-net:
-    depends_on:
-      opencloud:
-        condition: service_started
-      onlyoffice:
-        condition: service_healthy
-    entrypoint:
-      - /bin/sh
-    command: [ "-c", "opencloud collaboration server" ]
-    environment:
-      COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
-      COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
-      MICRO_REGISTRY: "nats-js-kv"
-      MICRO_REGISTRY_ADDRESS: "opencloud:9233"
-      COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}
-      COLLABORATION_APP_NAME: "OnlyOffice"
-      COLLABORATION_APP_PRODUCT: "OnlyOffice"
-      COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
-      COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico
-      COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
-      COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
-      COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
-      COLLABORATION_APP_PROOF_DISABLE: "true"
-      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
-    volumes:
-      # configure the .env file to use own paths instead of docker internal volumes
-      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.collaboration-oo.entrypoints=https"
-      - "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}`)"
-      - "traefik.http.routers.collaboration-oo.tls.certresolver=http"
-      - "traefik.http.routers.collaboration-oo.service=collaboration-oo"
-      - "traefik.http.services.collaboration-oo.loadbalancer.server.port=9300"
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-
-  onlyoffice:
-    # if you want to use oo enterprise edition, use: onlyoffice/documentserver-ee:<version>
-    # note, you also need to add a volume, see below
-    image: onlyoffice/documentserver:8.2.2
-    # changelog https://github.com/ONLYOFFICE/DocumentServer/releases
-    networks:
-      opencloud-net:
-    entrypoint:
-      - /bin/sh
-      - /entrypoint-override.sh
-    environment:
-      WOPI_ENABLED: "true"
-      # self-signed certificates
-      USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}"
-    volumes:
-      # paths are relative to the main compose file
-      - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh
-      - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json
-      # if you want to use oo enterprise edition, you need to add a volume for the license file
-      # for details see: Registering your Enterprise Edition version -->
-      # https://helpcenter.onlyoffice.com/installation/docs-enterprise-install-docker.aspx
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.onlyoffice.entrypoints=https"
-      - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}`)"
-      - "traefik.http.routers.onlyoffice.tls.certresolver=http"
-      - "traefik.http.routers.onlyoffice.service=onlyoffice"
-      - "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
-      # websockets can't be opened when this is omitted
-      - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.onlyoffice.middlewares=onlyoffice"
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/hosting/discovery"]

deployments/examples/opencloud_full/opencloud.yml

@@ -36,6 +36,8 @@ services:
       IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
       # demo users
       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # idp login form settings
+      IDP_DEFAULT_SIGNIN_PAGE_TEXT: "${IDP_DEFAULT_SIGNIN_PAGE_TEXT}"
       # email server (if configured)
       NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
       NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
@@ -53,7 +55,6 @@ services:
       PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
       # these three vars are needed to the csp config file to include the web office apps and the importer
       COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test}
-      ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
       COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test}
       # enable to allow using the banned passwords list
       OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt

deployments/examples/opencloud_full/radicale.yml

@@ -0,0 +1,18 @@
+---
+services:
+  opencloud:
+    volumes:
+      # external sites needs to have additional routes configured in the proxy
+      - ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml
+  radicale:
+    image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest}
+    networks:
+      opencloud-net:
+    logging:
+      driver: ${LOG_DRIVER:-local}
+    restart: always
+    volumes:
+      - ./config/radicale/config:/etc/radicale/config
+      - ${RADICALE_DATA_DIR:-radicale-data}:/var/lib/radicale
+volumes:
+  radicale-data:

go.mod

@@ -3,14 +3,14 @@ module github.com/opencloud-eu/opencloud
 go 1.24.1
 
 require (
-	dario.cat/mergo v1.0.1
-	github.com/CiscoM31/godata v1.0.10
-	github.com/KimMachineGun/automemlimit v0.7.1
+	dario.cat/mergo v1.0.2
+	github.com/CiscoM31/godata v1.0.11
+	github.com/KimMachineGun/automemlimit v0.7.2
 	github.com/Masterminds/semver v1.5.0
 	github.com/MicahParks/keyfunc/v2 v2.1.0
 	github.com/Nerzal/gocloak/v13 v13.9.0
 	github.com/bbalet/stopwords v1.0.0
-	github.com/beevik/etree v1.5.0
+	github.com/beevik/etree v1.5.1
 	github.com/blevesearch/bleve/v2 v2.5.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.14.1
@@ -40,7 +40,7 @@ require (
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-tika v0.3.1
 	github.com/google/uuid v1.6.0
-	github.com/gookit/config/v2 v2.2.5
+	github.com/gookit/config/v2 v2.2.6
 	github.com/gorilla/mux v1.8.1
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3
 	github.com/invopop/validation v0.8.0
@@ -51,21 +51,21 @@ require (
 	github.com/kovidgoyal/imaging v1.6.4
 	github.com/leonelquinteros/gotext v1.7.1
 	github.com/libregraph/idm v0.5.0
-	github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457
+	github.com/libregraph/lico v0.66.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mna/pigeon v1.3.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
-	github.com/nats-io/nats-server/v2 v2.11.1
-	github.com/nats-io/nats.go v1.41.2
+	github.com/nats-io/nats-server/v2 v2.11.3
+	github.com/nats-io/nats.go v1.42.0
 	github.com/oklog/run v1.1.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
-	github.com/open-policy-agent/opa v1.3.0
-	github.com/opencloud-eu/reva/v2 v2.32.0
+	github.com/open-policy-agent/opa v1.4.2
+	github.com/opencloud-eu/libre-graph-api-go v1.0.5
+	github.com/opencloud-eu/reva/v2 v2.33.0
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/xattr v0.4.10
 	github.com/prometheus/client_golang v1.22.0
@@ -74,7 +74,6 @@ require (
 	github.com/rogpeppe/go-internal v1.14.1
 	github.com/rs/cors v1.11.1
 	github.com/rs/zerolog v1.34.0
-	github.com/shamaton/msgpack/v2 v2.2.3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/afero v1.14.0
 	github.com/spf13/cobra v1.9.1
@@ -85,6 +84,7 @@ require (
 	github.com/tus/tusd/v2 v2.8.0
 	github.com/unrolled/secure v1.16.0
 	github.com/urfave/cli/v2 v2.27.6
+	github.com/vmihailenco/msgpack/v5 v5.4.1
 	github.com/xhit/go-simple-mail/v2 v2.16.0
 	go-micro.dev/v4 v4.11.0
 	go.etcd.io/bbolt v1.4.0
@@ -96,16 +96,16 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
 	go.opentelemetry.io/otel/sdk v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
-	golang.org/x/crypto v0.37.0
+	golang.org/x/crypto v0.38.0
 	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac
-	golang.org/x/image v0.26.0
+	golang.org/x/image v0.27.0
 	golang.org/x/net v0.39.0
-	golang.org/x/oauth2 v0.29.0
-	golang.org/x/sync v0.13.0
-	golang.org/x/term v0.31.0
-	golang.org/x/text v0.24.0
+	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sync v0.14.0
+	golang.org/x/term v0.32.0
+	golang.org/x/text v0.25.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb
-	google.golang.org/grpc v1.72.0
+	google.golang.org/grpc v1.72.1
 	google.golang.org/protobuf v1.36.6
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.2
@@ -167,6 +167,7 @@ require (
 	github.com/deckarep/golang-set v1.8.0 // indirect
 	github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
 	github.com/dgraph-io/ristretto v0.2.0 // indirect
+	github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -206,7 +207,7 @@ require (
 	github.com/gobwas/pool v0.2.1 // indirect
 	github.com/gobwas/ws v1.2.1 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/goccy/go-yaml v1.11.2 // indirect
+	github.com/goccy/go-yaml v1.12.0 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
@@ -219,7 +220,7 @@ require (
 	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/google/renameio/v2 v2.0.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
-	github.com/gookit/goutil v0.6.15 // indirect
+	github.com/gookit/goutil v0.6.18 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/schema v1.4.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
@@ -261,7 +262,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nats-io/jwt/v2 v2.7.3 // indirect
+	github.com/nats-io/jwt/v2 v2.7.4 // indirect
 	github.com/nats-io/nkeys v0.4.11 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
@@ -284,12 +285,13 @@ require (
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/russellhaering/goxmldsig v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/segmentio/kafka-go v0.4.47 // indirect
+	github.com/segmentio/kafka-go v0.4.48 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sercand/kuberesolver/v5 v5.1.1 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/sethvargo/go-diceware v0.5.0 // indirect
 	github.com/sethvargo/go-password v0.3.1 // indirect
+	github.com/shamaton/msgpack/v2 v2.2.3 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
 	github.com/skeema/knownhosts v1.3.0 // indirect
@@ -302,6 +304,7 @@ require (
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect
 	github.com/trustelem/zxcvbn v1.0.1 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/wk8/go-ordered-map v1.0.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -322,7 +325,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.23.0 // indirect
 	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.31.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
@@ -341,10 +344,10 @@ replace github.com/egirna/icap-client => github.com/fschade/icap-client v0.0.0-2
 
 replace github.com/unrolled/secure => github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c
 
-replace github.com/go-micro/plugins/v4/store/nats-js-kv => github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20240807130109-f62bb67e8c90
-
 replace go-micro.dev/v4 => github.com/butonic/go-micro/v4 v4.11.1-0.20241115112658-b5d4de5ed9b3
 
 // exclude the v2 line of go-sqlite3 which was released accidentally and prevents pulling in newer versions of go-sqlite3
 // see https://github.com/mattn/go-sqlite3/issues/965 for more details
 exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible
+
+replace github.com/go-micro/plugins/v4/store/nats-js-kv => github.com/opencloud-eu/go-micro-plugins/v4/store/nats-js-kv v0.0.0-20250512152754-23325793059a

go.sum

@@ -36,8 +36,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
 contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg=
 contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ=
-dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
-dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
+dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
@@ -64,12 +64,12 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CiscoM31/godata v1.0.10 h1:DZdJ6M8QNh4HquvDDOqNLu6h77Wl86KGK7Qlbmb90sk=
-github.com/CiscoM31/godata v1.0.10/go.mod h1:ZMiT6JuD3Rm83HEtiTx4JEChsd25YCrxchKGag/sdTc=
+github.com/CiscoM31/godata v1.0.11 h1:w7y8twuW02LdH6mak3/GJ5i0GrCv2IoZUJVqa/g5Yeo=
+github.com/CiscoM31/godata v1.0.11/go.mod h1:ZMiT6JuD3Rm83HEtiTx4JEChsd25YCrxchKGag/sdTc=
 github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c h1:ocsNvQ2tNHme4v/lTs17HROamc7mFzZfzWcg4m+UXN0=
 github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40=
-github.com/KimMachineGun/automemlimit v0.7.1 h1:QcG/0iCOLChjfUweIMC3YL5Xy9C3VBeNmCZHrZfJMBw=
-github.com/KimMachineGun/automemlimit v0.7.1/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
+github.com/KimMachineGun/automemlimit v0.7.2 h1:DyfHI7zLWmZPn2Wqdy2AgTiUvrGPmnYWgwhHXtAegX4=
+github.com/KimMachineGun/automemlimit v0.7.2/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
@@ -130,8 +130,8 @@ github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk
 github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/bbalet/stopwords v1.0.0 h1:0TnGycCtY0zZi4ltKoOGRFIlZHv0WqpoIGUsObjztfo=
 github.com/bbalet/stopwords v1.0.0/go.mod h1:sAWrQoDMfqARGIn4s6dp7OW7ISrshUD8IP2q3KoqPjc=
-github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
-github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
+github.com/beevik/etree v1.5.1 h1:TC3zyxYp+81wAmbsi8SWUpZCurbxa6S8RITYRSkNRwo=
+github.com/beevik/etree v1.5.1/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -257,15 +257,15 @@ github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS3
 github.com/deepmap/oapi-codegen v1.3.11/go.mod h1:suMvK7+rKlx3+tpa8ByptmvoXbAV70wERKTOGH3hLp0=
 github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I=
 github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE=
-github.com/dgraph-io/badger/v4 v4.6.0 h1:acOwfOOZ4p1dPRnYzvkVm7rUk2Y21TgPVepCy5dJdFQ=
-github.com/dgraph-io/badger/v4 v4.6.0/go.mod h1:KSJ5VTuZNC3Sd+YhvVjk2nYua9UZnnTr/SkXvdtiPgI=
+github.com/dgraph-io/badger/v4 v4.7.0 h1:Q+J8HApYAY7UMpL8d9owqiB+odzEc0zn/aqOD9jhc6Y=
+github.com/dgraph-io/badger/v4 v4.7.0/go.mod h1:He7TzG3YBy3j4f5baj5B7Zl2XyfNe5bl4Udl0aPemVA=
 github.com/dgraph-io/ristretto v0.2.0 h1:XAfl+7cmoUDWW/2Lx8TGZQjjxIQ2Ley9DSf52dru4WE=
 github.com/dgraph-io/ristretto v0.2.0/go.mod h1:8uBHCU/PBV4Ag0CJrP47b9Ofby5dqWNh4FicAdoqFNU=
-github.com/dgraph-io/ristretto/v2 v2.1.0 h1:59LjpOJLNDULHh8MC4UaegN52lC4JnO2dITsie/Pa8I=
-github.com/dgraph-io/ristretto/v2 v2.1.0/go.mod h1:uejeqfYXpUomfse0+lO+13ATz4TypQYLJZzBSAemuB4=
+github.com/dgraph-io/ristretto/v2 v2.2.0 h1:bkY3XzJcXoMuELV8F+vS8kzNgicwQFAaGINAEJdWGOM=
+github.com/dgraph-io/ristretto/v2 v2.2.0/go.mod h1:RZrm63UmcBAaYWC1DotLYBmTvgkrs0+XhBd7Npn7/zI=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
-github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
@@ -438,8 +438,8 @@ github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
 github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/goccy/go-yaml v1.11.2 h1:joq77SxuyIs9zzxEjgyLBugMQ9NEgTWxXfz2wVqwAaQ=
-github.com/goccy/go-yaml v1.11.2/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU=
+github.com/goccy/go-yaml v1.12.0 h1:/1WHjnMsI1dlIBQutrvSMGZRQufVO3asrHfTwfACoPM=
+github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
 github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
@@ -552,10 +552,10 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
-github.com/gookit/config/v2 v2.2.5 h1:RECbYYbtherywmzn3LNeu9NA5ZqhD7MSKEMsJ7l+MpU=
-github.com/gookit/config/v2 v2.2.5/go.mod h1:NeX+yiNYn6Ei10eJvCQFXuHEPIE/IPS8bqaFIsszzaM=
-github.com/gookit/goutil v0.6.15 h1:mMQ0ElojNZoyPD0eVROk5QXJPh2uKR4g06slgPDF5Jo=
-github.com/gookit/goutil v0.6.15/go.mod h1:qdKdYEHQdEtyH+4fNdQNZfJHhI0jUZzHxQVAV3DaMDY=
+github.com/gookit/config/v2 v2.2.6 h1:8ZbkSr3gnFg1En8za9X3vldnZca3y3C7kaBLGsdLghE=
+github.com/gookit/config/v2 v2.2.6/go.mod h1:++APDf3Ebj6mjzW1ALkegvg1evQKyx4FpuQqQZ2s2WM=
+github.com/gookit/goutil v0.6.18 h1:MUVj0G16flubWT8zYVicIuisUiHdgirPAkmnfD2kKgw=
+github.com/gookit/goutil v0.6.18/go.mod h1:AY/5sAwKe7Xck+mEbuxj0n/bc3qwrGNe3Oeulln7zBA=
 github.com/gookit/ini/v2 v2.2.3 h1:nSbN+x9OfQPcMObTFP+XuHt8ev6ndv/fWWqxFhPMu2E=
 github.com/gookit/ini/v2 v2.2.3/go.mod h1:Vu6p7P7xcfmb8KYu3L0ek8bqu/Im63N81q208SCCZY4=
 github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4=
@@ -690,8 +690,6 @@ github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2
 github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kobergj/gowebdav v0.0.0-20250102091030-aa65266db202 h1:A1xJ2NKgiYFiaHiLl9B5yw/gUBACSs9crDykTS3GuQI=
 github.com/kobergj/gowebdav v0.0.0-20250102091030-aa65266db202/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
-github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20240807130109-f62bb67e8c90 h1:pfI8Z5yavO6fU6vDGlWhZ4BgDlvj8c6xB7J57HfTPwA=
-github.com/kobergj/plugins/v4/store/nats-js-kv v0.0.0-20240807130109-f62bb67e8c90/go.mod h1:pjcozWijkNPbEtX5SIQaxEW/h8VAVZYTLx+70bmB3LY=
 github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -720,8 +718,8 @@ github.com/leonelquinteros/gotext v1.7.1 h1:/JNPeE3lY5JeVYv2+KBpz39994W3W9fmZCGq
 github.com/leonelquinteros/gotext v1.7.1/go.mod h1:I0WoFDn9u2D3VbPnnDPT8mzZu0iSXG8iih+AH2fHHqg=
 github.com/libregraph/idm v0.5.0 h1:tDMwKbAOZzdeDYMxVlY5PbSqRKO7dbAW9KT42A51WSk=
 github.com/libregraph/idm v0.5.0/go.mod h1:BGMwIQ/6orJSPVzJ1x6kgG2JyG9GY05YFmbsnaD80k0=
-github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457 h1:cwmUM+mSeqWYtZKAHn8QN7ns1nNf3Pc8nUfShka9+x0=
-github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457/go.mod h1:2s2UkO0pY7/k1UlenXwio1qenfHZ217Npx22YyZJfSA=
+github.com/libregraph/lico v0.66.0 h1:7T6fD1YF0Ep9n0g4KN6dvWHTlDC3awrQpgsP5GdYCF4=
+github.com/libregraph/lico v0.66.0/go.mod h1:QI7NfmAkAWQ2y97iVfLv10S8tcvPQjc630uyfHGjIOw=
 github.com/libregraph/oidc-go v1.1.0 h1:RyudjL3UyQblqeBQI06W53PniWobqODeeyAy6v/HumA=
 github.com/libregraph/oidc-go v1.1.0/go.mod h1:qW9ubcXvZrfbbWZBaLMuk7bt5qAUMYyt9/NtXQt07Cw=
 github.com/linode/linodego v0.25.3/go.mod h1:GSBKPpjoQfxEfryoCRcgkuUOCuVtGHWhzI8OMdycNTE=
@@ -820,12 +818,12 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
-github.com/nats-io/jwt/v2 v2.7.3 h1:6bNPK+FXgBeAqdj4cYQ0F8ViHRbi7woQLq4W29nUAzE=
-github.com/nats-io/jwt/v2 v2.7.3/go.mod h1:GvkcbHhKquj3pkioy5put1wvPxs78UlZ7D/pY+BgZk4=
-github.com/nats-io/nats-server/v2 v2.11.1 h1:LwdauqMqMNhTxTN3+WFTX6wGDOKntHljgZ+7gL5HCnk=
-github.com/nats-io/nats-server/v2 v2.11.1/go.mod h1:leXySghbdtXSUmWem8K9McnJ6xbJOb0t9+NQ5HTRZjI=
-github.com/nats-io/nats.go v1.41.2 h1:5UkfLAtu/036s99AhFRlyNDI1Ieylb36qbGjJzHixos=
-github.com/nats-io/nats.go v1.41.2/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/jwt/v2 v2.7.4 h1:jXFuDDxs/GQjGDZGhNgH4tXzSUK6WQi2rsj4xmsNOtI=
+github.com/nats-io/jwt/v2 v2.7.4/go.mod h1:me11pOkwObtcBNR8AiMrUbtVOUGkqYjMQZ6jnSdVUIA=
+github.com/nats-io/nats-server/v2 v2.11.3 h1:AbGtXxuwjo0gBroLGGr/dE0vf24kTKdRnBq/3z/Fdoc=
+github.com/nats-io/nats-server/v2 v2.11.3/go.mod h1:6Z6Fd+JgckqzKig7DYwhgrE7bJ6fypPHnGPND+DqgMY=
+github.com/nats-io/nats.go v1.42.0 h1:ynIMupIOvf/ZWH/b2qda6WGKGNSjwOUutTpWRvAmhaM=
+github.com/nats-io/nats.go v1.42.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
 github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
 github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
@@ -858,10 +856,14 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
-github.com/open-policy-agent/opa v1.3.0 h1:zVvQvQg+9+FuSRBt4LgKNzJwsWl/c85kD5jPozJTydY=
-github.com/open-policy-agent/opa v1.3.0/go.mod h1:t9iPNhaplD2qpiBqeudzJtEX3fKHK8zdA29oFvofAHo=
-github.com/opencloud-eu/reva/v2 v2.32.0 h1:JRWPleHiEl0film95Gkh1iBEhc6eikEsx5FKLfVx6l8=
-github.com/opencloud-eu/reva/v2 v2.32.0/go.mod h1:FDhGVC+ZsRRWdC3am4EbuILBtviTbCDVrTUjFECOqvg=
+github.com/open-policy-agent/opa v1.4.2 h1:ag4upP7zMsa4WE2p1pwAFeG4Pn3mNwfAx9DLhhJfbjU=
+github.com/open-policy-agent/opa v1.4.2/go.mod h1:DNzZPKqKh4U0n0ANxcCVlw8lCSv2c+h5G/3QvSYdWZ8=
+github.com/opencloud-eu/go-micro-plugins/v4/store/nats-js-kv v0.0.0-20250512152754-23325793059a h1:Sakl76blJAaM6NxylVkgSzktjo2dS504iDotEFJsh3M=
+github.com/opencloud-eu/go-micro-plugins/v4/store/nats-js-kv v0.0.0-20250512152754-23325793059a/go.mod h1:pjcozWijkNPbEtX5SIQaxEW/h8VAVZYTLx+70bmB3LY=
+github.com/opencloud-eu/libre-graph-api-go v1.0.5 h1:Wv09oIjCF8zRN8roPzjXXo6ORp2h87/YhmdXE9N4p/A=
+github.com/opencloud-eu/libre-graph-api-go v1.0.5/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q=
+github.com/opencloud-eu/reva/v2 v2.33.0 h1:uFbt4BC21gU0bbrp4CHABhWR4Xk5H+e2kA7KrEUXGEQ=
+github.com/opencloud-eu/reva/v2 v2.33.0/go.mod h1:wRZ/7eJTOfkhjtDlYcNt83Loz2drfXssh+5JMDcq/5o=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
@@ -870,8 +872,6 @@ github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35uk
 github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY=
 github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
 github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA=
-github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea h1:ClVthQOjKb7uI2DhHFzIPy+adc6plptGaryH20KOoxQ=
-github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea/go.mod h1:yXI+rmE8yYx+ZsGVrnCpprw/gZMcxjwntnX2y2+VKxY=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pablodz/inotifywaitgo v0.0.9 h1:njquRbBU7fuwIe5rEvtaniVBjwWzcpdUVptSgzFqZsw=
@@ -989,8 +989,8 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/sacloud/libsacloud v1.36.2/go.mod h1:P7YAOVmnIn3DKHqCZcUKYUXmSwGBm3yS7IBEjKVSrjg=
 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20210127161313-bd30bebeac4f/go.mod h1:CJJ5VAbozOl0yEw7nHB9+7BXTJbIn6h7W+f6Gau5IP8=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/segmentio/kafka-go v0.4.47 h1:IqziR4pA3vrZq7YdRxaT3w1/5fvIH5qpCwstUanQQB0=
-github.com/segmentio/kafka-go v0.4.47/go.mod h1:HjF6XbOKh0Pjlkr5GVZxt6CsjjwnmhVOfURM5KMd8qg=
+github.com/segmentio/kafka-go v0.4.48 h1:9jyu9CWK4W5W+SroCe8EffbrRZVqAOkuaLd/ApID4Vs=
+github.com/segmentio/kafka-go v0.4.48/go.mod h1:HjF6XbOKh0Pjlkr5GVZxt6CsjjwnmhVOfURM5KMd8qg=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/sercand/kuberesolver/v5 v5.1.1 h1:CYH+d67G0sGBj7q5wLK61yzqJJ8gLLC8aeprPTHb6yY=
@@ -1103,6 +1103,10 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC
 github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
 github.com/valyala/fasttemplate v1.1.0/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
 github.com/vinyldns/go-vinyldns v0.0.0-20200917153823-148a5f6b8f14/go.mod h1:RWc47jtnVuQv6+lY3c768WtXCas/Xi+U5UFc5xULmYg=
+github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
+github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
+github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 github.com/vultr/govultr/v2 v2.0.0/go.mod h1:2PsEeg+gs3p/Fo5Pw8F9mv+DUBEOlrNZ8GmCTGmhOhs=
 github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8=
 github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk=
@@ -1223,8 +1227,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1240,8 +1244,8 @@ golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScy
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
-golang.org/x/image v0.26.0 h1:4XjIFEZWQmCZi6Wv8BoxsDhRU3RVnLX04dToTDAEPlY=
-golang.org/x/image v0.26.0/go.mod h1:lcxbMFAovzpnJxzXS3nyL83K27tmqtKzIJpctK8YO5c=
+golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
+golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1331,8 +1335,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
-golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1350,8 +1354,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1432,8 +1436,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1445,8 +1449,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
-golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1462,8 +1466,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1608,8 +1612,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
-google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
+google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
+google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e h1:m7aQHHqd0q89mRwhwS9Bx2rjyl/hsFAeta+uGrHsQaU=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=

opencloud/pkg/backup/provider.go

@@ -10,7 +10,7 @@ import (
 	"sync"
 
 	"github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/node"
-	"github.com/shamaton/msgpack/v2"
+	"github.com/vmihailenco/msgpack/v5"
 )
 
 // ListBlobstore required to check blob consistency

opencloud/pkg/revisions/revisions.go

@@ -10,7 +10,7 @@ import (
 	"sync"
 
 	"github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/node"
-	"github.com/shamaton/msgpack/v2"
+	"github.com/vmihailenco/msgpack/v5"
 )
 
 var (

pkg/conversions/ptr_test.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"testing"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/pkg/conversions"
 )

pkg/keycloak/client.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/Nerzal/gocloak/v13"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // Some attribute constants.

pkg/keycloak/types.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"github.com/Nerzal/gocloak/v13"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // UserAction defines a type for user actions

pkg/middleware/account.go

@@ -42,7 +42,7 @@ func ExtractAccountUUID(opts ...account.Option) func(http.Handler) http.Handler
 	}
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			token := r.Header.Get("x-access-token")
+			token := r.Header.Get(revactx.TokenHeader)
 			if len(token) == 0 {
 				roleIDsJSON, _ := json.Marshal([]string{})
 				ctx := metadata.Set(r.Context(), RoleIDs, string(roleIDsJSON))

pkg/version/version.go

@@ -16,7 +16,7 @@ var (
 	// LatestTag is the latest released version plus the dev meta version.
 	// Will be overwritten by the release pipeline
 	// Needs a manual change for every tagged release
-	LatestTag = "2.2.0+dev"
+	LatestTag = "2.3.0+dev"
 
 	// Date indicates the build date.
 	// This has been removed, it looks like you can only replace static strings with recent go versions

services/activitylog/pkg/config/config.go

@@ -32,6 +32,8 @@ type Config struct {
 	ServiceAccount ServiceAccount `yaml:"service_account"`
 
 	Context context.Context `yaml:"-"`
+
+	WriteBufferDuration time.Duration `yaml:"write_buffer_duration" env:"ACTIVITYLOG_WRITE_BUFFER_DURATION" desc:"The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store." introductionVersion:"%%NEXT%%"`
 }
 
 // Events combines the configuration options for the event bus.

services/activitylog/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,8 @@
 package defaults
 
 import (
+	"time"
+
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/config"
@@ -50,6 +52,7 @@ func DefaultConfig() *config.Config {
 				AllowCredentials: true,
 			},
 		},
+		WriteBufferDuration: 10 * time.Second,
 	}
 }
 

services/activitylog/pkg/server/http/server.go

@@ -88,6 +88,7 @@ func Server(opts ...Option) (http.Service, error) {
 		svc.HistoryClient(options.HistoryClient),
 		svc.ValueClient(options.ValueClient),
 		svc.RegisteredEvents(options.RegisteredEvents),
+		svc.WriteBufferDuration(options.Config.WriteBufferDuration),
 	)
 	if err != nil {
 		return http.Service{}, err

services/activitylog/pkg/service/http.go

@@ -23,7 +23,7 @@ import (
 	"github.com/opencloud-eu/opencloud/pkg/l10n"
 	ehmsg "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/messages/eventhistory/v0"
 	ehsvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/eventhistory/v0"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 var (
@@ -45,7 +45,7 @@ func (s *ActivitylogService) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 // HandleGetItemActivities handles the request to get the activities of an item.
 func (s *ActivitylogService) HandleGetItemActivities(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	ctx = metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, r.Header.Get("X-Access-Token"))
+	ctx = metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, r.Header.Get(revactx.TokenHeader))
 
 	activeUser, ok := revactx.ContextGetUser(ctx)
 	if !ok {

services/activitylog/pkg/service/options.go

@@ -1,6 +1,8 @@
 package service
 
 import (
+	"time"
+
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	"github.com/go-chi/chi/v5"
 	"github.com/opencloud-eu/opencloud/pkg/log"
@@ -18,16 +20,17 @@ type Option func(*Options)
 
 // Options for the activitylog service
 type Options struct {
-	Logger           log.Logger
-	Config           *config.Config
-	TraceProvider    trace.TracerProvider
-	Stream           events.Stream
-	RegisteredEvents []events.Unmarshaller
-	Store            microstore.Store
-	GatewaySelector  pool.Selectable[gateway.GatewayAPIClient]
-	Mux              *chi.Mux
-	HistoryClient    ehsvc.EventHistoryService
-	ValueClient      settingssvc.ValueService
+	Logger              log.Logger
+	Config              *config.Config
+	TraceProvider       trace.TracerProvider
+	Stream              events.Stream
+	RegisteredEvents    []events.Unmarshaller
+	Store               microstore.Store
+	GatewaySelector     pool.Selectable[gateway.GatewayAPIClient]
+	Mux                 *chi.Mux
+	HistoryClient       ehsvc.EventHistoryService
+	ValueClient         settingssvc.ValueService
+	WriteBufferDuration time.Duration
 }
 
 // Logger configures a logger for the activitylog service
@@ -99,3 +102,10 @@ func ValueClient(vs settingssvc.ValueService) Option {
 		o.ValueClient = vs
 	}
 }
+
+// WriteBufferDuration sets the write buffer duration
+func WriteBufferDuration(d time.Duration) Option {
+	return func(o *Options) {
+		o.WriteBufferDuration = d
+	}
+}

services/activitylog/pkg/service/response.go

@@ -14,7 +14,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/pkg/l10n"
 )

services/activitylog/pkg/service/service.go

@@ -1,6 +1,7 @@
 package service
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -12,11 +13,14 @@ import (
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/go-chi/chi/v5"
+	"github.com/jellydator/ttlcache/v2"
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
+	"github.com/vmihailenco/msgpack/v5"
 	microstore "go-micro.dev/v4/store"
+	"go.opentelemetry.io/otel/trace"
 
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	ehsvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/eventhistory/v0"
@@ -36,19 +40,92 @@ type RawActivity struct {
 
 // ActivitylogService logs events per resource
 type ActivitylogService struct {
-	cfg        *config.Config
-	log        log.Logger
-	events     <-chan events.Event
-	store      microstore.Store
-	gws        pool.Selectable[gateway.GatewayAPIClient]
-	mux        *chi.Mux
-	evHistory  ehsvc.EventHistoryService
-	valService settingssvc.ValueService
-	lock       sync.RWMutex
+	cfg           *config.Config
+	log           log.Logger
+	events        <-chan events.Event
+	store         microstore.Store
+	gws           pool.Selectable[gateway.GatewayAPIClient]
+	mux           *chi.Mux
+	evHistory     ehsvc.EventHistoryService
+	valService    settingssvc.ValueService
+	lock          sync.RWMutex
+	tp            trace.TracerProvider
+	tracer        trace.Tracer
+	debouncer     *Debouncer
+	parentIdCache *ttlcache.Cache
 
 	registeredEvents map[string]events.Unmarshaller
 }
 
+type Debouncer struct {
+	after      time.Duration
+	f          func(id string, ra []RawActivity) error
+	pending    sync.Map
+	inProgress sync.Map
+
+	mutex sync.Mutex
+}
+
+type queueItem struct {
+	activities []RawActivity
+	timer      *time.Timer
+}
+
+// NewDebouncer returns a new Debouncer instance
+func NewDebouncer(d time.Duration, f func(id string, ra []RawActivity) error) *Debouncer {
+	return &Debouncer{
+		after:      d,
+		f:          f,
+		pending:    sync.Map{},
+		inProgress: sync.Map{},
+	}
+}
+
+// Debounce restarts the debounce timer for the given space
+func (d *Debouncer) Debounce(id string, ra RawActivity) {
+	if d.after == 0 {
+		d.f(id, []RawActivity{ra})
+		return
+	}
+
+	d.mutex.Lock()
+	defer d.mutex.Unlock()
+
+	activities := []RawActivity{ra}
+	item := &queueItem{
+		activities: activities,
+	}
+	if i, ok := d.pending.Load(id); ok {
+		// if the item is already in the queue, append the new activities
+		item, ok = i.(*queueItem)
+		if ok {
+			item.activities = append(item.activities, ra)
+		}
+	}
+
+	if item.timer == nil {
+		item.timer = time.AfterFunc(d.after, func() {
+			if _, ok := d.inProgress.Load(id); ok {
+				// Reschedule this run for when the previous run has finished
+				d.mutex.Lock()
+				if i, ok := d.pending.Load(id); ok {
+					i.(*queueItem).timer.Reset(d.after)
+				}
+
+				d.mutex.Unlock()
+				return
+			}
+
+			d.pending.Delete(id)
+			d.inProgress.Store(id, true)
+			defer d.inProgress.Delete(id)
+			d.f(id, item.activities)
+		})
+	}
+
+	d.pending.Store(id, item)
+}
+
 // New creates a new ActivitylogService
 func New(opts ...Option) (*ActivitylogService, error) {
 	o := &Options{}
@@ -69,6 +146,12 @@ func New(opts ...Option) (*ActivitylogService, error) {
 		return nil, err
 	}
 
+	cache := ttlcache.NewCache()
+	err = cache.SetTTL(30 * time.Second)
+	if err != nil {
+		return nil, err
+	}
+
 	s := &ActivitylogService{
 		log:              o.Logger,
 		cfg:              o.Config,
@@ -80,7 +163,11 @@ func New(opts ...Option) (*ActivitylogService, error) {
 		valService:       o.ValueClient,
 		lock:             sync.RWMutex{},
 		registeredEvents: make(map[string]events.Unmarshaller),
+		tp:               o.TraceProvider,
+		tracer:           o.TraceProvider.Tracer("github.com/opencloud-eu/opencloud/services/activitylog/pkg/service"),
+		parentIdCache:    cache,
 	}
+	s.debouncer = NewDebouncer(o.WriteBufferDuration, s.storeActivity)
 
 	s.mux.Get("/graph/v1beta1/extensions/org.libregraph/activities", s.HandleGetItemActivities)
 
@@ -100,9 +187,9 @@ func (a *ActivitylogService) Run() {
 		var err error
 		switch ev := e.Event.(type) {
 		case events.UploadReady:
-			err = a.AddActivity(ev.FileRef, e.ID, utils.TSToTime(ev.Timestamp))
+			err = a.AddActivity(ev.FileRef, ev.ParentID, e.ID, utils.TSToTime(ev.Timestamp))
 		case events.FileTouched:
-			err = a.AddActivity(ev.Ref, e.ID, utils.TSToTime(ev.Timestamp))
+			err = a.AddActivity(ev.Ref, ev.ParentID, e.ID, utils.TSToTime(ev.Timestamp))
 		// Disabled https://github.com/owncloud/ocis/issues/10293
 		//case events.FileDownloaded:
 		// we are only interested in public link downloads - so no need to store others.
@@ -110,29 +197,32 @@ func (a *ActivitylogService) Run() {
 		//	err = a.AddActivity(ev.Ref, e.ID, utils.TSToTime(ev.Timestamp))
 		//}
 		case events.ContainerCreated:
-			err = a.AddActivity(ev.Ref, e.ID, utils.TSToTime(ev.Timestamp))
+			err = a.AddActivity(ev.Ref, ev.ParentID, e.ID, utils.TSToTime(ev.Timestamp))
 		case events.ItemTrashed:
-			err = a.AddActivityTrashed(ev.ID, ev.Ref, e.ID, utils.TSToTime(ev.Timestamp))
+			err = a.AddActivityTrashed(ev.ID, ev.Ref, nil, e.ID, utils.TSToTime(ev.Timestamp))
 		case events.ItemPurged:
 			err = a.RemoveResource(ev.ID)
 		case events.ItemMoved:
-			err = a.AddActivity(ev.Ref, e.ID, utils.TSToTime(ev.Timestamp))
+			// remove the cached parent id for this resource
+			a.removeCachedParentID(ev.Ref)
+
+			err = a.AddActivity(ev.Ref, nil, e.ID, utils.TSToTime(ev.Timestamp))
 		case events.ShareCreated:
-			err = a.AddActivity(toRef(ev.ItemID), e.ID, utils.TSToTime(ev.CTime))
+			err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, utils.TSToTime(ev.CTime))
 		case events.ShareUpdated:
 			if ev.Sharer != nil && ev.ItemID != nil && ev.Sharer.GetOpaqueId() != ev.ItemID.GetSpaceId() {
-				err = a.AddActivity(toRef(ev.ItemID), e.ID, utils.TSToTime(ev.MTime))
+				err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, utils.TSToTime(ev.MTime))
 			}
 		case events.ShareRemoved:
-			err = a.AddActivity(toRef(ev.ItemID), e.ID, ev.Timestamp)
+			err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, ev.Timestamp)
 		case events.LinkCreated:
-			err = a.AddActivity(toRef(ev.ItemID), e.ID, utils.TSToTime(ev.CTime))
+			err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, utils.TSToTime(ev.CTime))
 		case events.LinkUpdated:
 			if ev.Sharer != nil && ev.ItemID != nil && ev.Sharer.GetOpaqueId() != ev.ItemID.GetSpaceId() {
-				err = a.AddActivity(toRef(ev.ItemID), e.ID, utils.TSToTime(ev.MTime))
+				err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, utils.TSToTime(ev.MTime))
 			}
 		case events.LinkRemoved:
-			err = a.AddActivity(toRef(ev.ItemID), e.ID, utils.TSToTime(ev.Timestamp))
+			err = a.AddActivity(toRef(ev.ItemID), nil, e.ID, utils.TSToTime(ev.Timestamp))
 		case events.SpaceShared:
 			err = a.AddSpaceActivity(ev.ID, e.ID, ev.Timestamp)
 		case events.SpaceUnshared:
@@ -146,7 +236,7 @@ func (a *ActivitylogService) Run() {
 }
 
 // AddActivity adds the activity to the given resource and all its parents
-func (a *ActivitylogService) AddActivity(initRef *provider.Reference, eventID string, timestamp time.Time) error {
+func (a *ActivitylogService) AddActivity(initRef *provider.Reference, parentId *provider.ResourceId, eventID string, timestamp time.Time) error {
 	gwc, err := a.gws.Next()
 	if err != nil {
 		return fmt.Errorf("cant get gateway client: %w", err)
@@ -156,14 +246,17 @@ func (a *ActivitylogService) AddActivity(initRef *provider.Reference, eventID st
 	if err != nil {
 		return fmt.Errorf("cant get service user context: %w", err)
 	}
+	var span trace.Span
+	ctx, span = a.tracer.Start(ctx, "AddActivity")
+	defer span.End()
 
-	return a.addActivity(initRef, eventID, timestamp, func(ref *provider.Reference) (*provider.ResourceInfo, error) {
+	return a.addActivity(ctx, initRef, parentId, eventID, timestamp, func(ref *provider.Reference) (*provider.ResourceInfo, error) {
 		return utils.GetResource(ctx, ref, gwc)
 	})
 }
 
 // AddActivityTrashed adds the activity to given trashed resource and all its former parents
-func (a *ActivitylogService) AddActivityTrashed(resourceID *provider.ResourceId, reference *provider.Reference, eventID string, timestamp time.Time) error {
+func (a *ActivitylogService) AddActivityTrashed(resourceID *provider.ResourceId, reference *provider.Reference, parentId *provider.ResourceId, eventID string, timestamp time.Time) error {
 	gwc, err := a.gws.Next()
 	if err != nil {
 		return fmt.Errorf("cant get gateway client: %w", err)
@@ -175,7 +268,13 @@ func (a *ActivitylogService) AddActivityTrashed(resourceID *provider.ResourceId,
 	}
 
 	// store activity on trashed item
-	if err := a.storeActivity(storagespace.FormatResourceID(resourceID), eventID, 0, timestamp); err != nil {
+	if err := a.storeActivity(storagespace.FormatResourceID(resourceID), []RawActivity{
+		{
+			EventID:   eventID,
+			Depth:     0,
+			Timestamp: timestamp,
+		},
+	}); err != nil {
 		return fmt.Errorf("could not store activity: %w", err)
 	}
 
@@ -185,7 +284,11 @@ func (a *ActivitylogService) AddActivityTrashed(resourceID *provider.ResourceId,
 		Path:       filepath.Dir(reference.GetPath()),
 	}
 
-	return a.addActivity(ref, eventID, timestamp, func(ref *provider.Reference) (*provider.ResourceInfo, error) {
+	var span trace.Span
+	ctx, span = a.tracer.Start(ctx, "AddActivity")
+	defer span.End()
+
+	return a.addActivity(ctx, ref, parentId, eventID, timestamp, func(ref *provider.Reference) (*provider.ResourceInfo, error) {
 		return utils.GetResource(ctx, ref, gwc)
 	})
 }
@@ -200,7 +303,13 @@ func (a *ActivitylogService) AddSpaceActivity(spaceID *provider.StorageSpaceId,
 		return fmt.Errorf("could not parse space id: %w", err)
 	}
 	rid.OpaqueId = rid.GetSpaceId()
-	return a.storeActivity(storagespace.FormatResourceID(&rid), eventID, 0, timestamp)
+	return a.storeActivity(storagespace.FormatResourceID(&rid), []RawActivity{
+		{
+			EventID:   eventID,
+			Depth:     0,
+			Timestamp: timestamp,
+		},
+	})
 
 }
 
@@ -265,70 +374,118 @@ func (a *ActivitylogService) activities(rid *provider.ResourceId) ([]RawActivity
 	}
 
 	var activities []RawActivity
-	if err := json.Unmarshal(records[0].Value, &activities); err != nil {
-		return nil, fmt.Errorf("could not unmarshal activities: %w", err)
+	if err := msgpack.Unmarshal(records[0].Value, &activities); err != nil {
+		a.log.Debug().Err(err).Str("resourceID", resourceID).Msg("could not unmarshal messagepack, trying json")
+		if err := json.Unmarshal(records[0].Value, &activities); err != nil {
+			return nil, fmt.Errorf("could not unmarshal activities: %w", err)
+		}
 	}
 
 	return activities, nil
 }
 
 // note: getResource is abstracted to allow unit testing, in general this will just be utils.GetResource
-func (a *ActivitylogService) addActivity(initRef *provider.Reference, eventID string, timestamp time.Time, getResource func(*provider.Reference) (*provider.ResourceInfo, error)) error {
+func (a *ActivitylogService) addActivity(ctx context.Context, initRef *provider.Reference, parentId *provider.ResourceId, eventID string, timestamp time.Time, getResource func(*provider.Reference) (*provider.ResourceInfo, error)) error {
 	var (
-		info  *provider.ResourceInfo
 		err   error
 		depth int
 		ref   = initRef
 	)
 	for {
-		info, err = getResource(ref)
-		if err != nil {
-			return fmt.Errorf("could not get resource info: %w", err)
+		var info *provider.ResourceInfo
+		id := ref.GetResourceId()
+		if ref.Path != "" {
+			// Path based reference, we need to resolve the resource id
+			info, err = getResource(ref)
+			if err != nil {
+				return fmt.Errorf("could not get resource info: %w", err)
+			}
+			id = info.GetId()
+		}
+		if id == nil {
+			return fmt.Errorf("resource id is required")
 		}
 
-		if err := a.storeActivity(storagespace.FormatResourceID(info.GetId()), eventID, depth, timestamp); err != nil {
-			return fmt.Errorf("could not store activity: %w", err)
-		}
+		key := storagespace.FormatResourceID(id)
+		_, span := a.tracer.Start(ctx, "queueStoreActivity")
+		a.debouncer.Debounce(key, RawActivity{
+			EventID:   eventID,
+			Depth:     depth,
+			Timestamp: timestamp,
+		})
+		span.End()
 
-		if info != nil && utils.IsSpaceRoot(info) {
+		if id.OpaqueId == id.SpaceId {
+			// we are at the root of the space, no need to go further
 			return nil
 		}
 
+		// check if parent id is cached
+		// parent id is cached in the format <storageid>$<spaceid>!<resourceid>
+		// if it is not cached, get the resource info and cache it
+		if parentId == nil {
+			if v, err := a.parentIdCache.Get(key); err != nil {
+				if info == nil {
+					_, span = a.tracer.Start(ctx, "getResource")
+					info, err = getResource(ref)
+					span.End()
+					if err != nil || info.GetParentId() == nil || info.GetParentId().GetOpaqueId() == "" {
+						return fmt.Errorf("could not get parent id: %w", err)
+					}
+				}
+				parentId = info.GetParentId()
+				a.parentIdCache.Set(key, parentId)
+			} else {
+				parentId = v.(*provider.ResourceId)
+			}
+		} else {
+			a.log.Debug().Msg("parent id is cached")
+		}
+
 		depth++
-		ref = &provider.Reference{ResourceId: info.GetParentId()}
+		ref = &provider.Reference{ResourceId: parentId}
+		parentId = nil // reset parent id so it's not reused in the next iteration
 	}
 }
 
-func (a *ActivitylogService) storeActivity(resourceID string, eventID string, depth int, timestamp time.Time) error {
+func (a *ActivitylogService) storeActivity(resourceID string, activities []RawActivity) error {
 	a.lock.Lock()
 	defer a.lock.Unlock()
 
+	ctx, span := a.tracer.Start(context.Background(), "storeActivity")
+	defer span.End()
+	_, subspan := a.tracer.Start(ctx, "store.Read")
 	records, err := a.store.Read(resourceID)
 	if err != nil && err != microstore.ErrNotFound {
 		return err
 	}
+	subspan.End()
 
-	var activities []RawActivity
+	_, subspan = a.tracer.Start(ctx, "Unmarshal")
+	var existingActivities []RawActivity
 	if len(records) > 0 {
-		if err := json.Unmarshal(records[0].Value, &activities); err != nil {
-			return err
+		if err := msgpack.Unmarshal(records[0].Value, &existingActivities); err != nil {
+			a.log.Debug().Err(err).Str("resourceID", resourceID).Msg("could not unmarshal messagepack, trying json")
+			if err := json.Unmarshal(records[0].Value, &existingActivities); err != nil {
+				return err
+			}
 		}
 	}
+	subspan.End()
 
-	if l := len(activities); l >= _maxActivities {
-		activities = activities[l-_maxActivities+1:]
+	if l := len(existingActivities) + len(activities); l >= _maxActivities {
+		start := min(len(existingActivities), l-_maxActivities+1)
+		existingActivities = existingActivities[start:]
 	}
 
-	activities = append(activities, RawActivity{
-		EventID:   eventID,
-		Depth:     depth,
-		Timestamp: timestamp,
-	})
+	activities = append(existingActivities, activities...)
 
-	b, err := json.Marshal(activities)
+	_, subspan = a.tracer.Start(ctx, "Unmarshal")
+	b, err := msgpack.Marshal(activities)
 	if err != nil {
 		return err
 	}
+	subspan.End()
 
 	return a.store.Write(&microstore.Record{
 		Key:   resourceID,
@@ -347,3 +504,30 @@ func toSpace(r *provider.Reference) *provider.StorageSpaceId {
 		OpaqueId: storagespace.FormatStorageID(r.GetResourceId().GetStorageId(), r.GetResourceId().GetSpaceId()),
 	}
 }
+
+func (a *ActivitylogService) removeCachedParentID(ref *provider.Reference) {
+	purgeId := ref.GetResourceId()
+	if ref.GetPath() != "" {
+		gwc, err := a.gws.Next()
+		if err != nil {
+			a.log.Error().Err(err).Msg("could not get gateway client")
+			return
+		}
+
+		ctx, err := utils.GetServiceUserContext(a.cfg.ServiceAccount.ServiceAccountID, gwc, a.cfg.ServiceAccount.ServiceAccountSecret)
+		if err != nil {
+			a.log.Error().Err(err).Msg("could not get service user context")
+			return
+		}
+
+		info, err := utils.GetResource(ctx, ref, gwc)
+		if err != nil {
+			a.log.Error().Err(err).Msg("could not get resource info")
+			return
+		}
+		purgeId = info.GetId()
+	}
+	if err := a.parentIdCache.Remove(storagespace.FormatResourceID(purgeId)); err != nil {
+		a.log.Error().Interface("event", ref).Err(err).Msg("could not delete parent id cache")
+	}
+}

services/activitylog/pkg/service/service_suite_test.go

@@ -0,0 +1,13 @@
+package service_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestService(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Service Suite")
+}

services/activitylog/pkg/service/service_test.go

@@ -1,147 +1,139 @@
 package service
 
 import (
-	"testing"
+	"context"
 	"time"
 
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/jellydator/ttlcache/v2"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
 	"github.com/opencloud-eu/reva/v2/pkg/store"
-	"github.com/stretchr/testify/require"
+	"go.opentelemetry.io/otel/trace/noop"
 )
 
-func TestAddActivity(t *testing.T) {
-	testCases := []struct {
-		Name       string
-		Tree       map[string]*provider.ResourceInfo
-		Activities map[string]string
-		Expected   map[string][]RawActivity
-	}{
-		{
-			Name: "simple",
-			Tree: map[string]*provider.ResourceInfo{
+var _ = Describe("ActivitylogService", func() {
+	var (
+		alog        *ActivitylogService
+		getResource func(ref *provider.Reference) (*provider.ResourceInfo, error)
+	)
+
+	Context("with a noop debouncer", func() {
+		BeforeEach(func() {
+			alog = &ActivitylogService{
+				store:         store.Create(),
+				tracer:        noop.NewTracerProvider().Tracer("test"),
+				parentIdCache: ttlcache.NewCache(),
+			}
+			alog.debouncer = NewDebouncer(0, alog.storeActivity)
+		})
+
+		Describe("AddActivity", func() {
+			type testCase struct {
+				Name       string
+				Tree       map[string]*provider.ResourceInfo
+				Activities map[string]string
+				Expected   map[string][]RawActivity
+			}
+
+			testCases := []testCase{
+				{
+					Name: "simple",
+					Tree: map[string]*provider.ResourceInfo{
+						"base":    resourceInfo("base", "parent"),
+						"parent":  resourceInfo("parent", "spaceid"),
+						"spaceid": resourceInfo("spaceid", "spaceid"),
+					},
+					Activities: map[string]string{
+						"activity": "base",
+					},
+					Expected: map[string][]RawActivity{
+						"base":    activitites("activity", 0),
+						"parent":  activitites("activity", 1),
+						"spaceid": activitites("activity", 2),
+					},
+				},
+				{
+					Name: "two activities on same resource",
+					Tree: map[string]*provider.ResourceInfo{
+						"base":    resourceInfo("base", "parent"),
+						"parent":  resourceInfo("parent", "spaceid"),
+						"spaceid": resourceInfo("spaceid", "spaceid"),
+					},
+					Activities: map[string]string{
+						"activity1": "base",
+						"activity2": "base",
+					},
+					Expected: map[string][]RawActivity{
+						"base":    activitites("activity1", 0, "activity2", 0),
+						"parent":  activitites("activity1", 1, "activity2", 1),
+						"spaceid": activitites("activity1", 2, "activity2", 2),
+					},
+				},
+				// Add other test cases here...
+			}
+
+			for _, tc := range testCases {
+				tc := tc // capture range variable
+				Context(tc.Name, func() {
+					BeforeEach(func() {
+						getResource = func(ref *provider.Reference) (*provider.ResourceInfo, error) {
+							return tc.Tree[ref.GetResourceId().GetOpaqueId()], nil
+						}
+
+						for k, v := range tc.Activities {
+							err := alog.addActivity(context.Background(), reference(v), nil, k, time.Time{}, getResource)
+							Expect(err).NotTo(HaveOccurred())
+						}
+					})
+
+					It("should match the expected activities", func() {
+						for id, acts := range tc.Expected {
+							activities, err := alog.Activities(resourceID(id))
+							Expect(err).NotTo(HaveOccurred(), tc.Name+":"+id)
+							Expect(activities).To(ConsistOf(acts), tc.Name+":"+id)
+						}
+					})
+				})
+			}
+		})
+	})
+
+	Context("with a debouncing debouncer", func() {
+		var (
+			tree = map[string]*provider.ResourceInfo{
 				"base":    resourceInfo("base", "parent"),
 				"parent":  resourceInfo("parent", "spaceid"),
 				"spaceid": resourceInfo("spaceid", "spaceid"),
-			},
-			Activities: map[string]string{
-				"activity": "base",
-			},
-			Expected: map[string][]RawActivity{
-				"base":    activitites("activity", 0),
-				"parent":  activitites("activity", 1),
-				"spaceid": activitites("activity", 2),
-			},
-		},
-		{
-			Name: "two activities on same resource",
-			Tree: map[string]*provider.ResourceInfo{
-				"base":    resourceInfo("base", "parent"),
-				"parent":  resourceInfo("parent", "spaceid"),
-				"spaceid": resourceInfo("spaceid", "spaceid"),
-			},
-			Activities: map[string]string{
-				"activity1": "base",
-				"activity2": "base",
-			},
-			Expected: map[string][]RawActivity{
-				"base":    activitites("activity1", 0, "activity2", 0),
-				"parent":  activitites("activity1", 1, "activity2", 1),
-				"spaceid": activitites("activity1", 2, "activity2", 2),
-			},
-		},
-		{
-			Name: "two activities on different resources",
-			Tree: map[string]*provider.ResourceInfo{
-				"base1":   resourceInfo("base1", "parent"),
-				"base2":   resourceInfo("base2", "parent"),
-				"parent":  resourceInfo("parent", "spaceid"),
-				"spaceid": resourceInfo("spaceid", "spaceid"),
-			},
-			Activities: map[string]string{
-				"activity1": "base1",
-				"activity2": "base2",
-			},
-			Expected: map[string][]RawActivity{
-				"base1":   activitites("activity1", 0),
-				"base2":   activitites("activity2", 0),
-				"parent":  activitites("activity1", 1, "activity2", 1),
-				"spaceid": activitites("activity1", 2, "activity2", 2),
-			},
-		},
-		{
-			Name: "more elaborate resource tree",
-			Tree: map[string]*provider.ResourceInfo{
-				"base1":   resourceInfo("base1", "parent1"),
-				"base2":   resourceInfo("base2", "parent1"),
-				"parent1": resourceInfo("parent1", "spaceid"),
-				"base3":   resourceInfo("base3", "parent2"),
-				"parent2": resourceInfo("parent2", "spaceid"),
-				"spaceid": resourceInfo("spaceid", "spaceid"),
-			},
-			Activities: map[string]string{
-				"activity1": "base1",
-				"activity2": "base2",
-				"activity3": "base3",
-			},
-			Expected: map[string][]RawActivity{
-				"base1":   activitites("activity1", 0),
-				"base2":   activitites("activity2", 0),
-				"base3":   activitites("activity3", 0),
-				"parent1": activitites("activity1", 1, "activity2", 1),
-				"parent2": activitites("activity3", 1),
-				"spaceid": activitites("activity1", 2, "activity2", 2, "activity3", 2),
-			},
-		},
-		{
-			Name: "different depths within one resource",
-			Tree: map[string]*provider.ResourceInfo{
-				"base1":   resourceInfo("base1", "parent1"),
-				"parent1": resourceInfo("parent1", "parent2"),
-				"base2":   resourceInfo("base2", "parent2"),
-				"parent2": resourceInfo("parent2", "parent3"),
-				"base3":   resourceInfo("base3", "parent3"),
-				"parent3": resourceInfo("parent3", "spaceid"),
-				"spaceid": resourceInfo("spaceid", "spaceid"),
-			},
-			Activities: map[string]string{
-				"activity1": "base1",
-				"activity2": "base2",
-				"activity3": "base3",
-				"activity4": "parent2",
-			},
-			Expected: map[string][]RawActivity{
-				"base1":   activitites("activity1", 0),
-				"base2":   activitites("activity2", 0),
-				"base3":   activitites("activity3", 0),
-				"parent1": activitites("activity1", 1),
-				"parent2": activitites("activity1", 2, "activity2", 1, "activity4", 0),
-				"parent3": activitites("activity1", 3, "activity2", 2, "activity3", 1, "activity4", 1),
-				"spaceid": activitites("activity1", 4, "activity2", 3, "activity3", 2, "activity4", 2),
-			},
-		},
-	}
+			}
+		)
+		BeforeEach(func() {
+			alog = &ActivitylogService{
+				store:         store.Create(),
+				tracer:        noop.NewTracerProvider().Tracer("test"),
+				parentIdCache: ttlcache.NewCache(),
+			}
+			alog.debouncer = NewDebouncer(100*time.Millisecond, alog.storeActivity)
+		})
 
-	for _, tc := range testCases {
-		alog := &ActivitylogService{
-			store: store.Create(),
-		}
+		It("should debounce activities", func() {
+			getResource = func(ref *provider.Reference) (*provider.ResourceInfo, error) {
+				return tree[ref.GetResourceId().GetOpaqueId()], nil
+			}
 
-		getResource := func(ref *provider.Reference) (*provider.ResourceInfo, error) {
-			return tc.Tree[ref.GetResourceId().GetOpaqueId()], nil
-		}
+			err := alog.addActivity(context.Background(), reference("base"), nil, "activity1", time.Time{}, getResource)
+			Expect(err).NotTo(HaveOccurred())
+			err = alog.addActivity(context.Background(), reference("base"), nil, "activity2", time.Time{}, getResource)
+			Expect(err).NotTo(HaveOccurred())
 
-		for k, v := range tc.Activities {
-			err := alog.addActivity(reference(v), k, time.Time{}, getResource)
-			require.NoError(t, err)
-		}
-
-		for id, acts := range tc.Expected {
-			activities, err := alog.Activities(resourceID(id))
-			require.NoError(t, err, tc.Name+":"+id)
-			require.ElementsMatch(t, acts, activities, tc.Name+":"+id)
-		}
-	}
-}
+			Eventually(func(g Gomega) {
+				activities, err := alog.Activities(resourceID("base"))
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(activities).To(ConsistOf(activitites("activity1", 0, "activity2", 0)))
+			}).Should(Succeed())
+		})
+	})
+})
 
 func activitites(acts ...interface{}) []RawActivity {
 	var activities []RawActivity

services/auth-app/pkg/service/service.go

@@ -278,7 +278,7 @@ func (a *AuthAppService) authenticateUser(userID, userName string, gwc gateway.G
 
 func getContext(r *http.Request) context.Context {
 	ctx := r.Context()
-	return metadata.AppendToOutgoingContext(ctx, ctxpkg.TokenHeader, r.Header.Get("X-Access-Token"))
+	return metadata.AppendToOutgoingContext(ctx, ctxpkg.TokenHeader, r.Header.Get(ctxpkg.TokenHeader))
 }
 
 func buildClientID(userID, userName string) string {

services/graph/mocks/base_graph_provider.go

@@ -7,7 +7,7 @@ import (
 
 	collaborationv1beta1 "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	mock "github.com/stretchr/testify/mock"
 

services/graph/mocks/drive_item_permissions_provider.go

@@ -5,7 +5,7 @@ package mocks
 import (
 	context "context"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	mock "github.com/stretchr/testify/mock"
 
 	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"

services/graph/pkg/errorcode/errorcode.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // Error defines a custom error struct, containing and MS Graph error code and a textual error message

services/graph/pkg/identity/backend.go

@@ -8,7 +8,7 @@ import (
 	"github.com/CiscoM31/godata"
 	cs3group "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
 	cs3user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )
 

services/graph/pkg/identity/cache.go

@@ -12,7 +12,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	revautils "github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // IdentityCache implements a simple ttl based cache for looking up users and groups by ID

services/graph/pkg/identity/cs3.go

@@ -14,7 +14,7 @@ import (
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 var (

services/graph/pkg/identity/err_education.go

@@ -3,7 +3,7 @@ package identity
 import (
 	"context"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // ErrEducationBackend is a dummy EducationBackend, doing nothing

services/graph/pkg/identity/ldap.go

@@ -14,7 +14,7 @@ import (
 	"github.com/go-ldap/ldap/v3"
 	"github.com/google/uuid"
 	"github.com/libregraph/idm/pkg/ldapdn"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"

services/graph/pkg/identity/ldap_education_class.go

@@ -8,7 +8,7 @@ import (
 	"github.com/go-ldap/ldap/v3"
 	"github.com/libregraph/idm/pkg/ldapdn"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 type educationClassAttributeMap struct {

services/graph/pkg/identity/ldap_education_class_test.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/go-ldap/ldap/v3"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )

services/graph/pkg/identity/ldap_education_school.go

@@ -11,7 +11,7 @@ import (
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 type educationConfig struct {

services/graph/pkg/identity/ldap_education_school_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )

services/graph/pkg/identity/ldap_education_user.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 
 	"github.com/go-ldap/ldap/v3"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )
 

services/graph/pkg/identity/ldap_education_user_test.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/go-ldap/ldap/v3"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )

services/graph/pkg/identity/ldap_group.go

@@ -12,7 +12,7 @@ import (
 	"github.com/go-ldap/ldap/v3"
 	"github.com/gofrs/uuid"
 	"github.com/libregraph/idm/pkg/ldapdn"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )

services/graph/pkg/identity/ldap_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )

services/graph/pkg/identity/mocks/backend.go

@@ -7,7 +7,7 @@ import (
 
 	godata "github.com/CiscoM31/godata"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	mock "github.com/stretchr/testify/mock"
 

services/graph/pkg/identity/mocks/education_backend.go

@@ -5,7 +5,7 @@ package mocks
 import (
 	context "context"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	mock "github.com/stretchr/testify/mock"
 )

services/graph/pkg/linktype/linktype.go

@@ -6,7 +6,7 @@ import (
 	linkv1beta1 "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/opencloud-eu/reva/v2/pkg/storage/utils/grants"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
 )

services/graph/pkg/linktype/linktype_test.go

@@ -7,7 +7,7 @@ import (
 	. "github.com/onsi/gomega"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/linktype"
 	"github.com/opencloud-eu/reva/v2/pkg/storage/utils/grants"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 var _ = Describe("LinktypeFromPermission", func() {

services/graph/pkg/middleware/auth.go

@@ -11,7 +11,6 @@ import (
 	opkgm "github.com/opencloud-eu/opencloud/pkg/middleware"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/reva/v2/pkg/auth/scope"
-	ctxpkg "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/token/manager/jwt"
 )
@@ -43,7 +42,7 @@ func Auth(opts ...account.Option) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
-			t := r.Header.Get("x-access-token")
+			t := r.Header.Get(revactx.TokenHeader)
 			if t == "" {
 				errorcode.InvalidAuthenticationToken.Render(w, r, http.StatusUnauthorized, "Access token is empty.")
 				/* msgraph error for GET https://graph.microsoft.com/v1.0/me
@@ -84,10 +83,10 @@ func Auth(opts ...account.Option) func(http.Handler) http.Handler {
 			}
 			ctx = metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, t)
 
-			initiatorID := r.Header.Get(ctxpkg.InitiatorHeader)
+			initiatorID := r.Header.Get(revactx.InitiatorHeader)
 			if initiatorID != "" {
-				ctx = ctxpkg.ContextSetInitiator(ctx, initiatorID)
-				ctx = metadata.AppendToOutgoingContext(ctx, ctxpkg.InitiatorHeader, initiatorID)
+				ctx = revactx.ContextSetInitiator(ctx, initiatorID)
+				ctx = metadata.AppendToOutgoingContext(ctx, revactx.InitiatorHeader, initiatorID)
 			}
 
 			next.ServeHTTP(w, r.WithContext(ctx))

services/graph/pkg/service/v0/api_driveitem_permissions.go

@@ -18,7 +18,7 @@ import (
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/publicshare"

services/graph/pkg/service/v0/api_driveitem_permissions_links.go

@@ -17,7 +17,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/linktype"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 func (s DriveItemPermissionsService) CreateLink(ctx context.Context, driveItemID *storageprovider.ResourceId, createLink libregraph.DriveItemCreateLink) (libregraph.Permission, error) {

services/graph/pkg/service/v0/api_driveitem_permissions_links_test.go

@@ -22,7 +22,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/status"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 )
 

services/graph/pkg/service/v0/api_driveitem_permissions_test.go

@@ -21,7 +21,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"github.com/tidwall/gjson"
 	"google.golang.org/grpc"

services/graph/pkg/service/v0/api_drives_drive_item.go

@@ -11,7 +11,7 @@ import (
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"google.golang.org/protobuf/types/known/fieldmaskpb"
 
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"

services/graph/pkg/service/v0/api_drives_drive_item_test.go

@@ -14,7 +14,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"github.com/tidwall/gjson"
 	"google.golang.org/grpc"

services/graph/pkg/service/v0/application.go

@@ -8,7 +8,7 @@ import (
 	"github.com/go-chi/render"
 	settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // ListApplications implements the Service interface.

services/graph/pkg/service/v0/application_test.go

@@ -21,7 +21,7 @@ import (
 	service "github.com/opencloud-eu/opencloud/services/graph/pkg/service/v0"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/approleassignments.go

@@ -12,7 +12,7 @@ import (
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	merrors "go-micro.dev/v4/errors"
 )
 

services/graph/pkg/service/v0/approleassignments_test.go

@@ -25,7 +25,7 @@ import (
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/base.go

@@ -16,7 +16,7 @@ import (
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/protobuf/types/known/fieldmaskpb"
 

services/graph/pkg/service/v0/driveitems.go

@@ -21,7 +21,7 @@ import (
 	storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"golang.org/x/crypto/sha3"
 
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"

services/graph/pkg/service/v0/driveitems_test.go

@@ -15,7 +15,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 

services/graph/pkg/service/v0/drives.go

@@ -22,7 +22,7 @@ import (
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/pkg/errors"
 	merrors "go-micro.dev/v4/errors"
 	"golang.org/x/sync/errgroup"

services/graph/pkg/service/v0/drives_test.go

@@ -5,7 +5,7 @@ import (
 	"time"
 
 	"github.com/CiscoM31/godata"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

services/graph/pkg/service/v0/educationclasses.go

@@ -11,7 +11,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/events"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"

services/graph/pkg/service/v0/educationclasses_test.go

@@ -24,7 +24,7 @@ import (
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/educationschools.go

@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/CiscoM31/godata"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity"
 

services/graph/pkg/service/v0/educationschools_test.go

@@ -27,7 +27,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	identitymocks "github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
 	service "github.com/opencloud-eu/opencloud/services/graph/pkg/service/v0"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 type schoolList struct {

services/graph/pkg/service/v0/educationuser.go

@@ -11,7 +11,7 @@ import (
 	storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"

services/graph/pkg/service/v0/educationuser_test.go

@@ -26,7 +26,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/status"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/graph_test.go

@@ -23,7 +23,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/mock"
 	"github.com/tidwall/gjson"

services/graph/pkg/service/v0/groups.go

@@ -10,7 +10,7 @@ import (
 
 	"github.com/CiscoM31/godata"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"

services/graph/pkg/service/v0/groups_test.go

@@ -26,7 +26,7 @@ import (
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/ordering.go

@@ -3,7 +3,7 @@ package svc
 import (
 	"strings"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // lessSpacesByLastModifiedDateTime reports whether the element i

services/graph/pkg/service/v0/password.go

@@ -8,7 +8,7 @@ import (
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	cs3rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	revactx "github.com/opencloud-eu/reva/v2/pkg/ctx"

services/graph/pkg/service/v0/password_test.go

@@ -25,7 +25,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/status"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/sharedbyme.go

@@ -5,7 +5,7 @@ import (
 
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )

services/graph/pkg/service/v0/sharedbyme_test.go

@@ -31,7 +31,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc"
 )

services/graph/pkg/service/v0/sharedwithme.go

@@ -7,7 +7,7 @@ import (
 	collaboration "github.com/cs3org/go-cs3apis/cs3/sharing/collaboration/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	"github.com/go-chi/render"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 )

services/graph/pkg/service/v0/sharedwithme_test.go

@@ -32,7 +32,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	identitymocks "github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
 	service "github.com/opencloud-eu/opencloud/services/graph/pkg/service/v0"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	// "github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
 )
 

services/graph/pkg/service/v0/tags.go

@@ -13,7 +13,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/tags"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"go-micro.dev/v4/metadata"
 )
 

services/graph/pkg/service/v0/users.go

@@ -30,7 +30,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/status"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // GetMe implements the Service interface.

services/graph/pkg/service/v0/users_filter.go

@@ -7,7 +7,7 @@ import (
 	"github.com/CiscoM31/godata"
 	settingsmsg "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/messages/settings/v0"
 	settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 const (

services/graph/pkg/service/v0/users_test.go

@@ -21,7 +21,7 @@ import (
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/status"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
 	cs3mocks "github.com/opencloud-eu/reva/v2/tests/cs3mocks/mocks"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/mock"
 	"go-micro.dev/v4/client"
 	"google.golang.org/grpc"
@@ -496,7 +496,8 @@ var _ = Describe("Users", func() {
 			},
 			Entry("with invalid filter", "invalid", http.StatusBadRequest),
 			Entry("with unsupported filter for user property", "mail eq 'unsupported'", http.StatusNotImplemented),
-			Entry("with unsupported filter operation", "mail add 10", http.StatusNotImplemented),
+			// This error is caugh by godata's parser already
+			Entry("with unsupported filter operation", "mail add 10", http.StatusBadRequest),
 			Entry("with unsupported logical operation", "memberOf/any(n:n/id eq 1) or memberOf/any(n:n/id eq 2)", http.StatusNotImplemented),
 			Entry("with unsupported lambda query ", `drives/any(n:n/id eq '1')`, http.StatusNotImplemented),
 			Entry("with unsupported lambda token ", "memberOf/all(n:n/id eq 1)", http.StatusNotImplemented),

services/graph/pkg/service/v0/utils.go

@@ -15,7 +15,7 @@ import (
 	storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"golang.org/x/sync/errgroup"
 
 	"github.com/opencloud-eu/opencloud/pkg/log"

services/graph/pkg/service/v0/utils_test.go

@@ -11,7 +11,7 @@ import (
 	. "github.com/onsi/gomega"
 	rConversions "github.com/opencloud-eu/reva/v2/pkg/conversions"
 	"github.com/opencloud-eu/reva/v2/pkg/utils"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/opencloud-eu/reva/v2/pkg/storagespace"

services/graph/pkg/unifiedrole/conversion.go

@@ -5,7 +5,7 @@ import (
 
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/opencloud-eu/reva/v2/pkg/conversions"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 // PermissionsToCS3ResourcePermissions converts the provided libregraph UnifiedRolePermissions to a cs3 ResourcePermissions

services/graph/pkg/unifiedrole/conversion_test.go

@@ -7,7 +7,7 @@ import (
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/types"
 	cs3Conversions "github.com/opencloud-eu/reva/v2/pkg/conversions"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/pkg/conversions"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"

services/graph/pkg/unifiedrole/filter.go

@@ -3,7 +3,7 @@ package unifiedrole
 import (
 	"slices"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 type (

services/graph/pkg/unifiedrole/filter_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	. "github.com/onsi/gomega"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
 )

services/graph/pkg/unifiedrole/roles.go

@@ -5,7 +5,7 @@ import (
 	"slices"
 	"strings"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/opencloud-eu/reva/v2/pkg/conversions"
@@ -226,7 +226,28 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(10),
+		}
+	}()
+
+	// roleSecureViewer creates a secure viewer role
+	roleSecureViewer = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewSecureViewerRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleSecureViewerID),
+			Description: proto.String(_secureViewerUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFile),
+				},
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolder),
+				},
+			},
+			LibreGraphWeight: proto.Int32(20),
 		}
 	}()
 
@@ -255,7 +276,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(30),
 		}
 	}()
 
@@ -272,7 +293,24 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionDrive),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(40),
+		}
+	}()
+
+	// roleEditorLite creates an editor-lite role
+	roleEditorLite = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewEditorLiteRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleEditorLiteID),
+			Description: proto.String(_editorLiteUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionFolder),
+				},
+			},
+			LibreGraphWeight: proto.Int32(50),
 		}
 	}()
 
@@ -293,7 +331,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(60),
 		}
 	}()
 
@@ -314,24 +352,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFolderFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
-		}
-	}()
-
-	// roleSpaceEditor creates an editor role
-	roleSpaceEditor = func() *libregraph.UnifiedRoleDefinition {
-		r := conversions.NewSpaceEditorRole()
-		return &libregraph.UnifiedRoleDefinition{
-			Id:          proto.String(UnifiedRoleSpaceEditorID),
-			Description: proto.String(_spaceEditorUnifiedRoleDescription),
-			DisplayName: proto.String(cs3RoleToDisplayName(r)),
-			RolePermissions: []libregraph.UnifiedRolePermission{
-				{
-					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
-					Condition:              proto.String(UnifiedRoleConditionDrive),
-				},
-			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(70),
 		}
 	}()
 
@@ -348,7 +369,24 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionDrive),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(80),
+		}
+	}()
+
+	// roleSpaceEditor creates an editor role
+	roleSpaceEditor = func() *libregraph.UnifiedRoleDefinition {
+		r := conversions.NewSpaceEditorRole()
+		return &libregraph.UnifiedRoleDefinition{
+			Id:          proto.String(UnifiedRoleSpaceEditorID),
+			Description: proto.String(_spaceEditorUnifiedRoleDescription),
+			DisplayName: proto.String(cs3RoleToDisplayName(r)),
+			RolePermissions: []libregraph.UnifiedRolePermission{
+				{
+					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
+					Condition:              proto.String(UnifiedRoleConditionDrive),
+				},
+			},
+			LibreGraphWeight: proto.Int32(90),
 		}
 	}()
 
@@ -369,7 +407,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(100),
 		}
 	}()
 
@@ -390,24 +428,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFileFederatedUser),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
-		}
-	}()
-
-	// roleEditorLite creates an editor-lite role
-	roleEditorLite = func() *libregraph.UnifiedRoleDefinition {
-		r := conversions.NewEditorLiteRole()
-		return &libregraph.UnifiedRoleDefinition{
-			Id:          proto.String(UnifiedRoleEditorLiteID),
-			Description: proto.String(_editorLiteUnifiedRoleDescription),
-			DisplayName: proto.String(cs3RoleToDisplayName(r)),
-			RolePermissions: []libregraph.UnifiedRolePermission{
-				{
-					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
-					Condition:              proto.String(UnifiedRoleConditionFolder),
-				},
-			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(110),
 		}
 	}()
 
@@ -424,30 +445,10 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionDrive),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(120),
 		}
 	}()
 
-	// roleSecureViewer creates a secure viewer role
-	roleSecureViewer = func() *libregraph.UnifiedRoleDefinition {
-		r := conversions.NewSecureViewerRole()
-		return &libregraph.UnifiedRoleDefinition{
-			Id:          proto.String(UnifiedRoleSecureViewerID),
-			Description: proto.String(_secureViewerUnifiedRoleDescription),
-			DisplayName: proto.String(cs3RoleToDisplayName(r)),
-			RolePermissions: []libregraph.UnifiedRolePermission{
-				{
-					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
-					Condition:              proto.String(UnifiedRoleConditionFile),
-				},
-				{
-					AllowedResourceActions: CS3ResourcePermissionsToLibregraphActions(r.CS3ResourcePermissions()),
-					Condition:              proto.String(UnifiedRoleConditionFolder),
-				},
-			},
-			LibreGraphWeight: proto.Int32(0),
-		}
-	}()
 	// roleDenied creates a secure viewer role
 	roleDenied = func() *libregraph.UnifiedRoleDefinition {
 		r := conversions.NewDeniedRole()
@@ -461,7 +462,7 @@ var (
 					Condition:              proto.String(UnifiedRoleConditionFolder),
 				},
 			},
-			LibreGraphWeight: proto.Int32(0),
+			LibreGraphWeight: proto.Int32(200),
 		}
 	}()
 )
@@ -531,39 +532,17 @@ func GetLegacyRoleName(role libregraph.UnifiedRoleDefinition) string {
 	return legacyNames[role.GetId()]
 }
 
-// weightRoles sorts the provided role definitions by the number of permissions[n].actions they grant,
-// the implementation is optimistic and assumes that the weight relies on the number of available actions.
+// weightRoles sorts the provided role definitions by the number of LibreGraphWeight,
 // descending - false - sorts the roles from least to most permissions
 // descending - true - sorts the roles from most to least permissions
 func weightRoles(roleSet []*libregraph.UnifiedRoleDefinition, constraints string, descending bool) []*libregraph.UnifiedRoleDefinition {
-	slices.SortFunc(roleSet, func(i, j *libregraph.UnifiedRoleDefinition) int {
-		var ia []string
-		for _, rp := range i.GetRolePermissions() {
-			if rp.GetCondition() == constraints {
-				ia = append(ia, rp.GetAllowedResourceActions()...)
-			}
-		}
-
-		var ja []string
-		for _, rp := range j.GetRolePermissions() {
-			if rp.GetCondition() == constraints {
-				ja = append(ja, rp.GetAllowedResourceActions()...)
-			}
-		}
-
-		switch descending {
-		case true:
-			return cmp.Compare(len(ja), len(ia))
-		default:
-			return cmp.Compare(len(ia), len(ja))
+	slices.SortFunc(roleSet, func(a, b *libregraph.UnifiedRoleDefinition) int {
+		if descending {
+			return cmp.Compare(b.GetLibreGraphWeight(), a.GetLibreGraphWeight())
 		}
+		return cmp.Compare(a.GetLibreGraphWeight(), b.GetLibreGraphWeight())
 	})
 
-	for i, role := range roleSet {
-		role.LibreGraphWeight = libregraph.PtrInt32(int32(i) + 1)
-	}
-
-	// return for the sake of consistency, optional because the slice is modified in place
 	return roleSet
 }
 

services/graph/pkg/unifiedrole/roles_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	. "github.com/onsi/gomega"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
@@ -100,16 +100,16 @@ func TestGetRolesByPermissions(t *testing.T) {
 			givenActions: getRoleActions(unifiedrole.RoleViewer),
 			constraints:  unifiedrole.UnifiedRoleConditionFolder,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 			},
 		},
 		"RoleViewer | file": {
 			givenActions: getRoleActions(unifiedrole.RoleViewer),
 			constraints:  unifiedrole.UnifiedRoleConditionFile,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 			},
 		},
 		"RoleViewer | file | federated": {
@@ -124,8 +124,8 @@ func TestGetRolesByPermissions(t *testing.T) {
 			givenActions: getRoleActions(unifiedrole.RoleFileEditor),
 			constraints:  unifiedrole.UnifiedRoleConditionFile,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleFileEditor,
 			},
 		},
@@ -133,8 +133,8 @@ func TestGetRolesByPermissions(t *testing.T) {
 			givenActions: getRoleActions(unifiedrole.RoleEditor),
 			constraints:  unifiedrole.UnifiedRoleConditionFolder,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleEditorLite,
 				unifiedrole.RoleEditor,
 			},
@@ -161,8 +161,8 @@ func TestGetRolesByPermissions(t *testing.T) {
 			givenActions: getRoleActions(unifiedrole.BuildInRoles...),
 			constraints:  unifiedrole.UnifiedRoleConditionFile,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewerListGrants,
 				unifiedrole.RoleFileEditor,
 				unifiedrole.RoleFileEditorListGrants,
@@ -172,13 +172,13 @@ func TestGetRolesByPermissions(t *testing.T) {
 			givenActions: getRoleActions(unifiedrole.BuildInRoles...),
 			constraints:  unifiedrole.UnifiedRoleConditionFolder,
 			unifiedRoleDefinition: []*libregraph.UnifiedRoleDefinition{
-				unifiedrole.RoleDenied,
-				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewer,
+				unifiedrole.RoleSecureViewer,
 				unifiedrole.RoleViewerListGrants,
 				unifiedrole.RoleEditorLite,
 				unifiedrole.RoleEditor,
 				unifiedrole.RoleEditorListGrants,
+				unifiedrole.RoleDenied,
 			},
 		},
 		"BuildInRoles | drive": {
@@ -215,7 +215,7 @@ func TestGetRolesByPermissions(t *testing.T) {
 
 			for i, generatedDefinition := range generatedDefinitions {
 				g.Expect(generatedDefinition.Id).To(Equal(tc.unifiedRoleDefinition[i].Id))
-				g.Expect(*generatedDefinition.LibreGraphWeight).To(Equal(int32(i + 1)))
+				g.Expect(generatedDefinition.LibreGraphWeight).To(Equal(tc.unifiedRoleDefinition[i].LibreGraphWeight))
 			}
 
 			generatedActions := getRoleActions(generatedDefinitions...)

services/graph/pkg/unifiedrole/unifiedrole_suite_test.go

@@ -3,7 +3,7 @@ package unifiedrole_test
 import (
 	"slices"
 
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 )
 
 func getRoleActions(definitions ...*libregraph.UnifiedRoleDefinition) []string {

services/graph/pkg/validate/libregraph.go

@@ -5,7 +5,7 @@ import (
 	"slices"
 
 	"github.com/go-playground/validator/v10"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
 )

services/graph/pkg/validate/libregraph_test.go

@@ -6,7 +6,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	libregraph "github.com/owncloud/libre-graph-api-go"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 
 	"github.com/opencloud-eu/opencloud/pkg/conversions"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"

services/idp/package.json

@@ -85,9 +85,9 @@
     "@types/redux-logger": "^3.0.13",
     "axios": "^1.7.7",
     "classnames": "^2.5.1",
-    "i18next": "^23.16.8",
+    "i18next": "^25.1.2",
     "i18next-browser-languagedetector": "^7.2.1",
-    "i18next-http-backend": "^2.5.2",
+    "i18next-http-backend": "^3.0.2",
     "i18next-resources-to-backend": "^1.2.1",
     "kpop": "https://download.kopano.io/community/kapp:/kpop-2.7.2.tgz",
     "query-string": "^9.1.1",
@@ -117,13 +117,13 @@
     "css-loader": "7.1.2",
     "css-minimizer-webpack-plugin": "^7.0.0",
     "dotenv": "16.4.7",
-    "dotenv-expand": "10.0.0",
+    "dotenv-expand": "12.0.2",
     "eslint": "^7.32.0",
     "eslint-config-react-app": "^6.0.0",
     "eslint-loader": "^4.0.2",
     "eslint-plugin-flowtype": "^5.10.0",
     "eslint-plugin-i18next": "^6.1.1",
-    "eslint-plugin-import": "^2.30.0",
+    "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-jest": "^24.7.0",
     "eslint-plugin-jsx-a11y": "^6.10.2",
     "eslint-plugin-react": "^7.37.2",