Add 'proxy/' from commit '201b9a652685cdfb72ba81c7e7b00ba1c60a0e35'

git-subtree-dir: proxy git-subtree-mainline: 571d96e856 git-subtree-split: 201b9a6526
2026-05-08 04:20:59 -05:00 · 2020-09-18 12:47:26 +02:00
parent 571d96e856 201b9a6526
commit 598ca6c405
107 changed files with 8151 additions and 0 deletions
@@ -0,0 +1,5 @@
+Change: Initial release of basic version
+
+Just prepared an initial basic version.
+
+https://github.com/owncloud/ocis-proxy/issues/1
@@ -0,0 +1,7 @@
+Enhancement: Load Proxy Policies at Runtime
+
+While a proxy without policies is of no use, the current state of ocis-proxy expects a config file either at an expected Viper location or specified via -- config-file flag.
+To ease deployments and ensure a working set of policies out of the box we need a series of defaults.
+
+https://github.com/owncloud/ocis-proxy/issues/17
+https://github.com/owncloud/ocis-proxy/pull/16
@@ -0,0 +1,6 @@
+Change: Route requests based on regex or query parameters
+
+Some requests needed to be distinguished based on a pattern or a query parameter.
+We've implemented the functionality to route requests based on different conditions.
+
+https://github.com/owncloud/ocis-proxy/issues/21
@@ -0,0 +1,5 @@
+Enhancement: Proxy client urls in default configuration
+
+Proxy /status.php and index.php/*
+
+https://github.com/owncloud/ocis-proxy/issues/19
@@ -0,0 +1,5 @@
+Enhancement: Make TLS-Cert configurable
+
+Before a generates certificates on every start was used for dev purposes.
+
+https://github.com/owncloud/ocis-proxy/pull/14
@@ -0,0 +1,3 @@
+Bugfix: Set TLS-Certificate correctly
+
+https://github.com/owncloud/ocis-proxy/pull/25
@@ -0,0 +1,8 @@
+Enhancement: Configurable OpenID Connect client
+
+The proxy will try to authenticate every request with the configured OIDC provider.
+
+See configs/proxy-example.oidc.json for an example-configuration.
+
+https://github.com/owncloud/ocis-proxy/pull/27
+
@@ -0,0 +1,10 @@
+Enhancement: Add policy selectors
+
+"Static-Policy" can be configured to always select a specific policy.
+See: config/proxy-example.json.
+
+"Migration-Policy" selects policy depending on existence of the uid in the ocis-accounts service.
+See: config/proxy-example-migration.json
+
+https://github.com/owncloud/ocis-proxy/issues/4
+
@@ -0,0 +1,4 @@
+Change: Insecure http-requests are now redirected to https
+
+https://github.com/owncloud/ocis-proxy/pull/29
+
@@ -0,0 +1,5 @@
+Change: Update ocis-pkg
+
+We updated ocis-pkg from 2.0.2 to 2.2.0.
+
+https://github.com/owncloud/ocis-proxy/pull/30
@@ -0,0 +1,5 @@
+Enhancement: Retrieve Account UUID From User Claims
+
+OIDC Middleware can make use of uuidFromClaims to trade claims.Email for an account's UUID. For this, a general purpose cache was added that caches on a per-request basis, meaning whenever the request parameters match a set of keys, the cached value is returned, saving a round trip to the accounts service that otherwise would happen in every single request.
+
+https://github.com/owncloud/ocis-proxy/pull/36
@@ -0,0 +1,7 @@
+Enhancement: create account if it doesn't exist in ocis-accounts
+
+The accounts_uuid middleware tries to get the account from ocis-accounts.
+If it doens't exist there yet the proxy creates the account using the ocis-account api.
+
+https://github.com/owncloud/ocis-proxy/issues/55
+https://github.com/owncloud/ocis-proxy/issues/58
@@ -0,0 +1,6 @@
+Bugfix: Accounts service response was ignored
+
+We fixed an error in the AccountUUID middleware that was responsible for ignoring an account uuid
+provided by the accounts service.
+
+https://github.com/owncloud/ocis-proxy/pull/43
@@ -0,0 +1,7 @@
+Enhancement: Disable keep-alive on server-side OIDC requests
+
+This should reduce file-descriptor counts
+
+https://github.com/owncloud/ocis/issues/268
+https://github.com/owncloud/ocis-proxy/pull/42
+https://github.com/cs3org/reva/pull/787
@@ -0,0 +1,5 @@
+Enhancement: Make jwt secret configurable
+
+We added a config option for the reva token manager JWTSecret. It was hardcoded before and is now configurable.
+
+https://github.com/owncloud/ocis-proxy/pull/41
@@ -0,0 +1,5 @@
+Change: Point /data endpoint to reva frontend
+
+Adjusted example config files to point /data to the reva frontend.
+
+https://github.com/owncloud/ocis-proxy/pull/45
@@ -0,0 +1,6 @@
+Enhancement: respect account_enabled flag
+
+If the account returned by the accounts service has the account_enabled flag
+set to false, the proxy will return immediately with the status code unauthorized.
+
+https://github.com/owncloud/ocis-proxy/issues/53
@@ -0,0 +1,5 @@
+Change: Send autocreate home request to reva gateway
+
+Send autocreate home request to reva gateway
+
+https://github.com/owncloud/ocis-proxy/pull/51
@@ -0,0 +1,6 @@
+Bugfix: Fix x-access-token in header
+
+We fixed setting the x-access-token in the request header, which was broken before.
+
+https://github.com/owncloud/ocis-proxy/pull/41
+https://github.com/owncloud/ocis-proxy/pull/46
@@ -0,0 +1,5 @@
+Change: Update to new accounts API
+
+Update to new accounts API
+
+https://github.com/owncloud/ocis-proxy/issues/39
@@ -0,0 +1,9 @@
+Enhancement: Add Accounts UI routes
+
+The accounts service has a ui that requires routing
+- `/api/v0/accounts` and
+- `/accounts.js`
+
+to http://localhost:9181
+
+https://github.com/owncloud/ocis-proxy/pull/65
@@ -0,0 +1,9 @@
+Enhancement: Add option to disable TLS
+
+Can be used to disable TLS when the ocis-proxy is behind an
+TLS-Terminating reverse proxy.
+
+env PROXY_TLS=false or --tls=false
+
+https://github.com/owncloud/ocis-proxy/issues/71
+https://github.com/owncloud/ocis-proxy/pull/72
@@ -0,0 +1,11 @@
+Change: Add OIDC config flags
+
+To authenticate requests with an oidc provider we added two environment variables:
+- `PROXY_OIDC_ISSUER="https://localhost:9200"` and
+- `PROXY_OIDC_INSECURE=true`
+
+This changes ocis-proxy to now load the oidc-middleware by default, requiring a bearer token and exchanging the email in the OIDC claims for an account id at the ocis-accounts service.
+
+Setting `PROXY_OIDC_ISSUER=""` will disable the OIDC middleware.
+
+https://github.com/owncloud/ocis-proxy/pull/66
@@ -0,0 +1,7 @@
+Enhancement: only send create home request if an account has been migrated
+
+This change adds a check if an account has been migrated by getting it from the
+ocis-accounts service. If no account is returned it means it hasn't been migrated.
+
+https://github.com/owncloud/ocis-proxy/issues/52
+https://github.com/owncloud/ocis-proxy/pull/63
@@ -0,0 +1,5 @@
+Bugfix: Provide token configuration from config
+
+Fixed a bug that causes the createHome middleware to crash if no configuration for the TokenManager is propagated.
+
+https://github.com/owncloud/ocis-proxy/pull/69
@@ -0,0 +1,5 @@
+Bugfix: Provide token configuration from config
+
+Fixed a bug that causes the createHome middleware to crash if the createHome response has no Status set
+
+https://github.com/owncloud/ocis-proxy/pull/76
@@ -0,0 +1,5 @@
+Enhancement: Create a root span on proxy that propagates down to consumers
+
+In order to propagate and correctly associate a span with a request we need a root span that gets sent to other services.
+
+https://github.com/owncloud/ocis-proxy/pull/64
@@ -0,0 +1,8 @@
+Enhancement: Support signed URLs
+
+We added a middleware that verifies signed urls as generated by the owncloud-sdk. This allows directly downloading large files with browsers instead of using `blob://` urls, which eats memory ...
+
+https://github.com/owncloud/ocis-proxy/issues/73
+https://github.com/owncloud/ocis-proxy/pull/75
+https://github.com/owncloud/ocis-ocs/pull/18
+https://github.com/owncloud/owncloud-sdk/pull/504
@@ -0,0 +1,6 @@
+Change: mint new username property in the reva token
+
+An accounts username is now taken from the on_premises_sam_account_name property instead of the preferred_name.
+Furthermore the group name (also from on_premises_sam_account_name property) is now minted into the token as well.
+
+https://github.com/owncloud/ocis-proxy/pull/62
@@ -0,0 +1,5 @@
+Bugfix: enable new accounts by default
+
+When new accounts are created, they also need to be enabled to be useable.
+
+https://github.com/owncloud/ocis-proxy/pull/79
@@ -0,0 +1,7 @@
+Bugfix: Lookup user by id for presigned URLs
+
+Phoenix will send the `userid`, not the `username` as the `OC-Credential` for presigned URLs. This PR uses the new `ocisid` claim in the OIDC userinfo to pass the userid to the account middleware.
+
+https://github.com/owncloud/ocis-proxy/pull/85
+https://github.com/owncloud/ocis-pkg/pull/50
+https://github.com/owncloud/ocis/issues/436
@@ -0,0 +1,5 @@
+Change: add settings and ocs group routes
+
+Route settings requests and ocs group related requests to new services
+
+https://github.com/owncloud/ocis-proxy/pull/81
@@ -0,0 +1,5 @@
+Bugfix: build docker images with alpine:latest instead of alpine:edge
+
+ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.
+
+https://github.com/owncloud/ocis-proxy/pull/78
@@ -0,0 +1,5 @@
+Change: Add route for user provisioning API in ocis-ocs
+
+We added a route to send requests on the user provisioning API endpoints to ocis-ocs.
+
+https://github.com/owncloud/ocis-proxy/pull/80
@@ -0,0 +1,5 @@
+Enhancement: Add numeric uid and gid to the access token
+
+The eos storage driver is fetching the uid and gid of a user from the access token. This PR is using the response of the accounts service to mint them in the token.
+
+https://github.com/owncloud/ocis-proxy/pull/89
@@ -0,0 +1,7 @@
+Enhancement: add configuration options for the pre-signed url middleware 
+
+Added an option to define allowed http methods for pre-signed url requests.
+This is useful since we only want clients to GET resources and don't upload anything with presigned requests.
+
+https://github.com/owncloud/ocis-proxy/issues/91
+https://github.com/owncloud/product/issues/150
@@ -0,0 +1,53 @@
+{{ $allVersions := . }}
+{{- range $index, $changes := . }}{{ with $changes -}}
+{{ if gt (len $allVersions) 1 -}}
+# Changelog for [{{ .Version }}] ({{ .Date }})
+
+The following sections list the changes for ocis-proxy {{ .Version }}.
+
+{{/* creating version compare links */ -}}
+{{ $next := add1 $index -}}
+{{ if ne (len $allVersions) $next -}}
+{{ $previousVersion := (index $allVersions $next).Version -}}
+{{ if eq .Version "unreleased" -}}
+[{{ .Version }}]: https://github.com/owncloud/ocis-proxy/compare/v{{ $previousVersion }}...master
+
+{{ else -}}
+[{{ .Version }}]: https://github.com/owncloud/ocis-proxy/compare/v{{ $previousVersion }}...v{{ .Version }}
+
+{{ end -}}
+{{ end -}}
+
+{{- /* last version managed by calens, end of the loop */ -}}
+{{ if eq .Version "0.1.0" -}}
+[{{ .Version }}]: https://github.com/owncloud/ocis-proxy/compare/500e303cb544ed93d84153f01219d77eeee44929...v{{ .Version }}
+
+{{ end -}}
+{{ else -}}
+# Changes in {{ .Version }}
+
+{{ end -}}
+
+## Summary
+{{ range $entry := .Entries }}{{ with $entry }}
+* {{ .Type }} - {{ .Title }}: [#{{ .PrimaryID }}]({{ .PrimaryURL }})
+{{- end }}{{ end }}
+
+## Details
+{{ range $entry := .Entries }}{{ with $entry }}
+* {{ .Type }} - {{ .Title }}: [#{{ .PrimaryID }}]({{ .PrimaryURL }})
+{{ range $par := .Paragraphs }}
+   {{ wrapIndent $par 80 3 }}
+{{ end -}}
+{{ range $url := .IssueURLs }}
+   {{ $url -}}
+{{ end -}}
+{{ range $url := .PRURLs }}
+   {{ $url -}}
+{{ end -}}
+{{ range $url := .OtherURLs }}
+   {{ $url -}}
+{{ end }}
+
+{{ end }}{{ end -}}
+{{ end }}{{ end -}}
@@ -0,0 +1,6 @@
+# Changelog
+
+We are using [calens](https://github.com/restic/calens) to properly generate a
+changelog before we are tagging a new release. To get an idea how this could
+look like <https://github.com/restic/restic/tree/master/changelog> would be the
+best reference.
@@ -0,0 +1,11 @@
+Bugfix: Fix behavior for foobar (in present tense)
+
+We've fixed the behavior for foobar, a long-standing annoyance for users. The
+text should be wrapped at 80 characters length.
+
+The text in the paragraphs is written in past tense. The last section is a list
+of issue URLs, PR URLs and other URLs. The first issue ID (or the first PR ID,
+in case there aren't any issue links) is used as the primary ID.
+
+https://github.com/owncloud/ocis-proxy/issues/1234
+https://github.com/owncloud/ocis-proxy/pull/55555
@@ -0,0 +1,5 @@
+Bugfix: Fix director selection
+
+We fixed a bug where simultaneous requests could be executed on the wrong backend.
+
+https://github.com/owncloud/ocis-proxy/pull/99
@@ -0,0 +1,5 @@
+Enhancement: Add hello API and app endpoints to example config and builtin config
+
+We added the ocis-hello API and app endpoints to both the example config and the builtin config.
+
+https://github.com/owncloud/ocis-proxy/pull/96
@@ -0,0 +1,5 @@
+Enhancement: Add roleIDs to the access token
+
+We are using the roleIDs of the authenticated user for permission checks against ocis-settings. We added the roleIDs to the access token to have them available quickly.
+
+https://github.com/owncloud/ocis-proxy/pull/95
@@ -0,0 +1,5 @@
+Change: Remove accounts caching
+
+We removed the accounts cache in order to avoid problems with accounts that have been updated in the accounts service.
+
+https://github.com/owncloud/ocis-proxy/pull/100
@@ -0,0 +1,6 @@
+Bugfix: Add settings API and app endpoints to example config
+
+We had the ocis-settings API and app endpoints in the builtin config already, but they were missing in the example
+config. Added them for consistency.
+
+https://github.com/owncloud/ocis-proxy/pull/93