From 3fe51f4eb92d0df83b0c3e74ecef1359a1fec49c Mon Sep 17 00:00:00 2001 From: kobergj Date: Tue, 28 Feb 2023 21:35:22 +0100 Subject: [PATCH] prevent userlog service from spreading panics (#5681) Signed-off-by: jkoberg --- services/userlog/pkg/service/http.go | 16 +++------------- services/userlog/pkg/service/service.go | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/services/userlog/pkg/service/http.go b/services/userlog/pkg/service/http.go index 65cbd1251d..4ad2011ac1 100644 --- a/services/userlog/pkg/service/http.go +++ b/services/userlog/pkg/service/http.go @@ -8,6 +8,7 @@ import ( "net/http" "time" + storageprovider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" revactx "github.com/cs3org/reva/v2/pkg/ctx" "github.com/cs3org/reva/v2/pkg/events" ehmsg "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/eventhistory/v0" @@ -94,10 +95,11 @@ func (ul *UserlogService) convertEvent(ctx context.Context, event *ehmsg.Event) Timestamp: time.Now().Format(time.RFC3339Nano), } + // TODO: strange bug with getting space -> fix postponed to make master panic-free + var space storageprovider.StorageSpace switch ev := einterface.(type) { // file related case events.UploadReady: - space, _ := ul.getSpace(ctx, ev.FileRef.GetResourceId().GetSpaceId()) noti.UserID = ev.ExecutingUser.GetId().GetOpaqueId() noti.Subject = "File uploaded" noti.Message = fmt.Sprintf("File '%s' was uploaded to space '%s' by user '%s'", ev.Filename, space.GetName(), ev.ExecutingUser.GetUsername()) @@ -144,63 +146,51 @@ func (ul *UserlogService) convertEvent(ctx context.Context, event *ehmsg.Event) noti.Subject = "Space renamed" noti.Message = fmt.Sprintf("Space '%s' was renamed", ev.Name) case events.SpaceEnabled: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space enabled" noti.Message = fmt.Sprintf("Space '%s' was renamed", space.Name) case events.SpaceDisabled: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space disabled" noti.Message = fmt.Sprintf("Space '%s' was disabled", space.Name) case events.SpaceDeleted: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space deleted" noti.Message = fmt.Sprintf("Space '%s' was deleted", space.Name) case events.SpaceShared: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space shared" noti.Message = fmt.Sprintf("Space '%s' was shared", space.Name) case events.SpaceUnshared: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space unshared" noti.Message = fmt.Sprintf("Space '%s' was unshared", space.Name) case events.SpaceUpdated: - space, _ := ul.getSpace(ctx, ev.ID.GetOpaqueId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Space updated" noti.Message = fmt.Sprintf("Space '%s' was updated", space.Name) case events.SpaceMembershipExpired: - space, _ := ul.getSpace(ctx, ev.SpaceID.GetOpaqueId()) noti.UserID = "" noti.Subject = "Space membership expired" noti.Message = fmt.Sprintf("A spacemembership for space '%s' has expired", space.Name) // share related case events.ShareCreated: - space, _ := ul.getSpace(ctx, ev.ItemID.GetSpaceId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Share received" noti.Message = fmt.Sprintf("A file was shared in space %s", space.Name) case events.ShareUpdated: - space, _ := ul.getSpace(ctx, ev.ItemID.GetSpaceId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Share updated" noti.Message = fmt.Sprintf("A share was updated in space %s", space.Name) case events.ShareExpired: - space, _ := ul.getSpace(ctx, ev.ItemID.GetSpaceId()) noti.Subject = "Share expired" noti.Message = fmt.Sprintf("A share has expired in space %s", space.Name) case events.LinkCreated: - space, _ := ul.getSpace(ctx, ev.ItemID.GetSpaceId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Share received" noti.Message = fmt.Sprintf("A link was created in space %s", space.Name) case events.LinkUpdated: - space, _ := ul.getSpace(ctx, ev.ItemID.GetSpaceId()) noti.UserID = ev.Executant.GetOpaqueId() noti.Subject = "Share received" noti.Message = fmt.Sprintf("A link was updated in space %s", space.Name) diff --git a/services/userlog/pkg/service/service.go b/services/userlog/pkg/service/service.go index 75439a33a9..838f75dc9c 100644 --- a/services/userlog/pkg/service/service.go +++ b/services/userlog/pkg/service/service.go @@ -219,10 +219,15 @@ func (ul *UserlogService) DeleteEvents(userid string, evids []string) error { } func (ul *UserlogService) impersonate(u *user.UserId) context.Context { + if u == nil { + ul.log.Debug().Msg("cannot impersonate nil user") + return nil + } + ctx, _, err := utils.Impersonate(u, ul.gwClient, ul.cfg.MachineAuthAPIKey) if err != nil { ul.log.Error().Err(err).Str("userid", u.GetOpaqueId()).Msg("failed to impersonate user") - return context.Background() + return nil } return ctx } @@ -288,6 +293,10 @@ func (ul *UserlogService) alterUserEventList(userid string, alter func([]string) // we need an owner to query space members // we need to check the user has the required role to see the event func (ul *UserlogService) findSpaceMembers(ctx context.Context, spaceID string, requiredRole permissionChecker) ([]string, error) { + if ctx == nil { + return nil, errors.New("need authenticated context to find space members") + } + space, err := ul.getSpace(ctx, spaceID) if err != nil { return nil, err @@ -371,6 +380,10 @@ func (ul *UserlogService) gatherSpaceMembers(ctx context.Context, space *storage // resolves the users of a group func (ul *UserlogService) resolveGroup(ctx context.Context, groupID string) ([]string, error) { + if ctx == nil { + return nil, errors.New("need authenticated context to resolve groups") + } + r, err := ul.gwClient.GetGroup(ctx, &group.GetGroupRequest{GroupId: &group.GroupId{OpaqueId: groupID}}) if err != nil { return nil, err