mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-20 23:37:55 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
3d0cdbebeef427dadca3976de97e820a993b74fa
opencloud/services/proxy/pkg/config/defaults/defaultconfig.go
Ralf Haferkamp 0f257af6e4 Align default login attribute across services 
Up to now the builtin lico was using the "username" as the login
attribute, while the proxy (and to some extend the auth-basic) service
tried to uniquely identify users by mail address. This aligns the
default configuration of the services to use the username everywhere.

Fixes: #4039
2022-07-14 14:21:34 +02:00

244 lines
6.0 KiB
Go
Raw Blame History

package defaults
import (
"path"
"strings"
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
"github.com/owncloud/ocis/v2/services/proxy/pkg/config"
)
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
func DefaultConfig() *config.Config {
return &config.Config{
Debug: config.Debug{
Addr: "127.0.0.1:9205",
Token: "",
},
HTTP: config.HTTP{
Addr: "0.0.0.0:9200",
Root: "/",
Namespace: "com.owncloud.web",
TLSCert: path.Join(defaults.BaseDataPath(), "proxy", "server.crt"),
TLSKey: path.Join(defaults.BaseDataPath(), "proxy", "server.key"),
TLS: true,
},
Service: config.Service{
Name: "proxy",
},
OIDC: config.OIDC{
Issuer: "https://localhost:9200",
Insecure: true,
//Insecure: true,
UserinfoCache: config.UserinfoCache{
Size: 1024,
TTL: 10,
},
},
PolicySelector: nil,
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
PreSignedURL: config.PreSignedURL{
AllowedHTTPMethods: []string{"GET"},
Enabled: true,
},
AccountBackend: "cs3",
UserOIDCClaim: "preferred_username",
UserCS3Claim: "username",
AutoprovisionAccounts: false,
EnableBasicAuth: false,
InsecureBackends: false,
}
}
func DefaultPolicies() []config.Policy {
return []config.Policy{
{
Name: "ocis",
Routes: []config.Route{
{
Endpoint: "/",
Backend: "http://localhost:9100",
},
{
Endpoint: "/.well-known/",
Backend: "http://localhost:9130",
},
{
Endpoint: "/konnect/",
Backend: "http://localhost:9130",
},
{
Endpoint: "/signin/",
Backend: "http://localhost:9130",
},
{
Endpoint: "/archiver",
Backend: "http://localhost:9140",
},
{
Type: config.RegexRoute,
Endpoint: "/ocs/v[12].php/cloud/user/signing-key", // only `user/signing-key` is left in ocis-ocs
Backend: "http://localhost:9110",
},
{
Endpoint: "/ocs/",
Backend: "http://localhost:9140",
},
{
Type: config.QueryRoute,
Endpoint: "/remote.php/?preview=1",
Backend: "http://localhost:9115",
},
// TODO the actual REPORT goes to /dav/files/{username}, which is user specific ... how would this work in a spaces world?
// TODO what paths are returned? the href contains the full path so it should be possible to return urls from other spaces?
// TODO or we allow a REPORT on /dav/spaces to search all spaces and /dav/space/{spaceid} to search a specific space
// send webdav REPORT requests to search service
{
Method: "REPORT",
Endpoint: "/remote.php/dav/",
Backend: "http://localhost:9115", // TODO use registry?
},
{
Method: "REPORT",
Endpoint: "/remote.php/webdav",
Backend: "http://localhost:9115", // TODO use registry?
},
{
Type: config.QueryRoute,
Endpoint: "/dav/?preview=1",
Backend: "http://localhost:9115",
},
{
Type: config.QueryRoute,
Endpoint: "/webdav/?preview=1",
Backend: "http://localhost:9115",
},
{
Endpoint: "/remote.php/",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/dav/",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/webdav/",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/status",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/status.php",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/index.php/",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/apps/",
Service: "com.owncloud.web.ocdav",
},
{
Endpoint: "/data",
Backend: "http://localhost:9140",
},
{
Endpoint: "/app/", // /app or /apps? ocdav only handles /apps
Backend: "http://localhost:9140",
},
{
Endpoint: "/graph/",
Backend: "http://localhost:9120",
},
{
Endpoint: "/graph-explorer",
Backend: "http://localhost:9135",
},
{
Endpoint: "/api/v0/settings",
Backend: "http://localhost:9190",
},
{
Endpoint: "/settings.js",
Backend: "http://localhost:9190",
},
},
},
}
}
func EnsureDefaults(cfg *config.Config) {
// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
cfg.Log = &config.Log{
Level: cfg.Commons.Log.Level,
Pretty: cfg.Commons.Log.Pretty,
Color: cfg.Commons.Log.Color,
File: cfg.Commons.Log.File,
}
} else if cfg.Log == nil {
cfg.Log = &config.Log{}
}
// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
cfg.Tracing = &config.Tracing{
Enabled: cfg.Commons.Tracing.Enabled,
Type: cfg.Commons.Tracing.Type,
Endpoint: cfg.Commons.Tracing.Endpoint,
Collector: cfg.Commons.Tracing.Collector,
}
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
}
func Sanitize(cfg *config.Config) {
// sanitize config
if cfg.Policies == nil {
cfg.Policies = DefaultPolicies()
}
if cfg.PolicySelector == nil {
cfg.PolicySelector = &config.PolicySelector{
Static: &config.StaticSelectorConf{
Policy: "ocis",
},
}
}
if cfg.HTTP.Root != "/" {
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
}
}
Reference in New Issue View Git Blame Copy Permalink