Merge branch 'master' into config-doc-descriptions

services/frontend/Makefile

@@ -0,0 +1,37 @@
+SHELL := bash
+NAME := frontend
+
+include ../../.make/recursion.mk
+
+############ tooling ############
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
+include ../../.bingo/Variables.mk
+endif
+
+############ go tooling ############
+include ../../.make/go.mk
+
+############ release ############
+include ../../.make/release.mk
+
+############ docs generate ############
+include ../../.make/docs.mk
+
+.PHONY: docs-generate
+docs-generate: config-docs-generate
+
+############ generate ############
+include ../../.make/generate.mk
+
+.PHONY: ci-go-generate
+ci-go-generate: # CI runs ci-node-generate automatically before this target
+
+.PHONY: ci-node-generate
+ci-node-generate:
+
+############ licenses ############
+.PHONY: ci-node-check-licenses
+ci-node-check-licenses:
+
+.PHONY: ci-node-save-licenses
+ci-node-save-licenses:

services/frontend/cmd/frontend/main.go

@@ -0,0 +1,14 @@
+package main
+
+import (
+	"os"
+
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/command"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config/defaults"
+)
+
+func main() {
+	if err := command.Execute(defaults.DefaultConfig()); err != nil {
+		os.Exit(1)
+	}
+}

services/frontend/pkg/command/health.go

@@ -0,0 +1,57 @@
+package command
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config/parser"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/logging"
+	"github.com/urfave/cli/v2"
+)
+
+// Health is the entrypoint for the health command.
+func Health(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:     "health",
+		Usage:    "check health status",
+		Category: "info",
+		Before: func(c *cli.Context) error {
+			err := parser.ParseConfig(cfg)
+			if err != nil {
+				fmt.Printf("%v", err)
+			}
+			return err
+		},
+		Action: func(c *cli.Context) error {
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
+
+			resp, err := http.Get(
+				fmt.Sprintf(
+					"http://%s/healthz",
+					cfg.Debug.Addr,
+				),
+			)
+
+			if err != nil {
+				logger.Fatal().
+					Err(err).
+					Msg("Failed to request health check")
+			}
+
+			defer resp.Body.Close()
+
+			if resp.StatusCode != http.StatusOK {
+				logger.Fatal().
+					Int("code", resp.StatusCode).
+					Msg("Health seems to be in bad state")
+			}
+
+			logger.Debug().
+				Int("code", resp.StatusCode).
+				Msg("Health got a good state")
+
+			return nil
+		},
+	}
+}

services/frontend/pkg/command/root.go

@@ -0,0 +1,64 @@
+package command
+
+import (
+	"context"
+	"os"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/clihelper"
+	ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// GetCommands provides all commands for this service
+func GetCommands(cfg *config.Config) cli.Commands {
+	return []*cli.Command{
+		// start this service
+		Server(cfg),
+
+		// interaction with this service
+
+		// infos about this service
+		Health(cfg),
+		Version(cfg),
+	}
+}
+
+// Execute is the entry point for the ocis-frontend command.
+func Execute(cfg *config.Config) error {
+	app := clihelper.DefaultApp(&cli.App{
+		Name:     "frontend",
+		Usage:    "Provide various ownCloud apis for oCIS",
+		Commands: GetCommands(cfg),
+	})
+
+	cli.HelpFlag = &cli.BoolFlag{
+		Name:  "help,h",
+		Usage: "Show the help",
+	}
+
+	return app.Run(os.Args)
+}
+
+// SutureService allows for the frontend command to be embedded and supervised by a suture supervisor tree.
+type SutureService struct {
+	cfg *config.Config
+}
+
+// NewSutureService creates a new frontend.SutureService
+func NewSutureService(cfg *ociscfg.Config) suture.Service {
+	cfg.Frontend.Commons = cfg.Commons
+	return SutureService{
+		cfg: cfg.Frontend,
+	}
+}
+
+func (s SutureService) Serve(ctx context.Context) error {
+	s.cfg.Context = ctx
+	if err := Execute(s.cfg); err != nil {
+		return err
+	}
+
+	return nil
+}

services/frontend/pkg/command/server.go

@@ -0,0 +1,108 @@
+package command
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path"
+
+	"github.com/cs3org/reva/v2/cmd/revad/runtime"
+	"github.com/gofrs/uuid"
+	"github.com/oklog/run"
+	"github.com/owncloud/ocis/v2/ocis-pkg/service/external"
+	"github.com/owncloud/ocis/v2/ocis-pkg/sync"
+	"github.com/owncloud/ocis/v2/ocis-pkg/version"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config/parser"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/logging"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/revaconfig"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/server/debug"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/tracing"
+	"github.com/urfave/cli/v2"
+)
+
+// Server is the entry point for the server command.
+func Server(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:     "server",
+		Usage:    fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
+		Category: "server",
+		Before: func(c *cli.Context) error {
+			err := parser.ParseConfig(cfg)
+			if err != nil {
+				fmt.Printf("%v", err)
+				os.Exit(1)
+			}
+			return err
+		},
+		Action: func(c *cli.Context) error {
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
+			err := tracing.Configure(cfg, logger)
+			if err != nil {
+				return err
+			}
+			gr := run.Group{}
+			ctx, cancel := defineContext(cfg)
+
+			defer cancel()
+
+			pidFile := path.Join(os.TempDir(), "revad-"+cfg.Service.Name+"-"+uuid.Must(uuid.NewV4()).String()+".pid")
+
+			rcfg := revaconfig.FrontendConfigFromStruct(cfg)
+
+			gr.Add(func() error {
+				runtime.RunWithOptions(rcfg, pidFile, runtime.WithLogger(&logger.Logger))
+				return nil
+			}, func(_ error) {
+				logger.Info().
+					Str("server", cfg.Service.Name).
+					Msg("Shutting down server")
+
+				cancel()
+			})
+
+			debugServer, err := debug.Server(
+				debug.Logger(logger),
+				debug.Context(ctx),
+				debug.Config(cfg),
+			)
+
+			if err != nil {
+				logger.Info().Err(err).Str("server", "debug").Msg("Failed to initialize server")
+				return err
+			}
+
+			gr.Add(debugServer.ListenAndServe, func(_ error) {
+				cancel()
+			})
+
+			if !cfg.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			if err := external.RegisterHTTPEndpoint(
+				ctx,
+				cfg.HTTP.Namespace+"."+cfg.Service.Name,
+				uuid.Must(uuid.NewV4()).String(),
+				cfg.HTTP.Addr,
+				version.GetString(),
+				logger,
+			); err != nil {
+				logger.Fatal().Err(err).Msg("failed to register the http endpoint")
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// defineContext sets the context for the extension. If there is a context configured it will create a new child from it,
+// if not, it will create a root context that can be cancelled.
+func defineContext(cfg *config.Config) (context.Context, context.CancelFunc) {
+	return func() (context.Context, context.CancelFunc) {
+		if cfg.Context == nil {
+			return context.WithCancel(context.Background())
+		}
+		return context.WithCancel(cfg.Context)
+	}()
+}

services/frontend/pkg/command/version.go

@@ -0,0 +1,50 @@
+package command
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
+	"github.com/owncloud/ocis/v2/ocis-pkg/version"
+
+	tw "github.com/olekukonko/tablewriter"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"github.com/urfave/cli/v2"
+)
+
+// Version prints the service versions of all running instances.
+func Version(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:     "version",
+		Usage:    "print the version of this binary and the running extension instances",
+		Category: "info",
+		Action: func(c *cli.Context) error {
+			fmt.Println("Version: " + version.GetString())
+			fmt.Printf("Compiled: %s\n", version.Compiled())
+			fmt.Println("")
+
+			reg := registry.GetRegistry()
+			services, err := reg.GetService(cfg.HTTP.Namespace + "." + cfg.Service.Name)
+			if err != nil {
+				fmt.Println(fmt.Errorf("could not get %s services from the registry: %v", cfg.Service.Name, err))
+				return err
+			}
+
+			if len(services) == 0 {
+				fmt.Println("No running " + cfg.Service.Name + " service found.")
+				return nil
+			}
+
+			table := tw.NewWriter(os.Stdout)
+			table.SetHeader([]string{"Version", "Address", "Id"})
+			table.SetAutoFormatHeaders(false)
+			for _, s := range services {
+				for _, n := range s.Nodes {
+					table.Append([]string{s.Version, n.Address, n.Id})
+				}
+			}
+			table.Render()
+			return nil
+		},
+	}
+}

services/frontend/pkg/config/config.go

@@ -0,0 +1,133 @@
+package config
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
+)
+
+type Config struct {
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Tracing *Tracing        `yaml:"tracing"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
+
+	HTTP HTTPConfig `yaml:"http"`
+
+	// JWTSecret used to verify reva access token
+
+	TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET" desc:"Transfer secret for signing file up- and download requests."`
+
+	TokenManager      *TokenManager `yaml:"token_manager"`
+	Reva              *Reva         `yaml:"reva"`
+	MachineAuthAPIKey string        `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used for accessing the 'auth-machine' service to impersonate users."`
+
+	SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."`
+
+	EnableFavorites          bool   `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES" desc:"Enables the support for favorites in the frontend."`
+	EnableProjectSpaces      bool   `yaml:"enable_project_spaces" env:"FRONTEND_ENABLE_PROJECT_SPACES" desc:"Indicates to clients that project spaces are supposed to be made available."`
+	EnableShareJail          bool   `yaml:"enable_share_jail" env:"FRONTEND_ENABLE_SHARE_JAIL" desc:"Indicates to clients that the share jail is supposed to be used."`
+	UploadMaxChunkSize       int    `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes for uploads via the frontend." `
+	UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advise TUS to replace PATCH requests by POST requests."`
+	DefaultUploadProtocol    string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the frontend (e.g. tus)."`
+	EnableResharing          bool   `yaml:"enable_resharing" env:"FRONTEND_ENABLE_RESHARING" desc:"Enables the support for resharing in the frontend."`
+
+	PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing url of the ocis frontend."`
+
+	AppHandler  AppHandler  `yaml:"app_handler"`
+	Archiver    Archiver    `yaml:"archiver"`
+	DataGateway DataGateway `yaml:"data_gateway"`
+	OCS         OCS         `yaml:"ocs"`
+	Checksums   Checksums   `yaml:"checksums"`
+
+	Middleware Middleware `yaml:"middleware"`
+
+	Supervised bool            `yaml:"-"`
+	Context    context.Context `yaml:"-"`
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;FRONTEND_TRACING_TYPE" desc:"The type of tracing. Defaults to \"\", which is the same as \"jaeger\". Allowed tracing types are \"jaeger\" and \"\" as of now."`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;FRONTEND_TRACING_ENDPOINT" desc:"The endpoint of the tracing agent."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;FRONTEND_TRACING_COLLECTOR" desc:"The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset."`
+}
+
+type Log struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level. Valid values are: \"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", \"trace\"."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;FRONTEND_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;FRONTEND_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;FRONTEND_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"FRONTEND_DEBUG_ADDR" desc:"Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed."`
+	Token  string `yaml:"token" env:"FRONTEND_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint"`
+	Pprof  bool   `yaml:"pprof" env:"FRONTEND_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling"`
+	Zpages bool   `yaml:"zpages" env:"FRONTEND_DEBUG_ZPAGES" desc:"Enables zpages, which can be used for collecting and viewing in-memory traces."`
+}
+
+type HTTPConfig struct {
+	Addr      string `yaml:"addr" env:"FRONTEND_HTTP_ADDR" desc:"The bind address of the HTTP service."`
+	Namespace string `yaml:"-"`
+	Protocol  string `yaml:"protocol" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."`
+	Prefix    string `yaml:"prefix" env:"FRONTEND_HTTP_PREFIX" desc:"The Path prefix where the frontend can be accessed (defaults to /)."`
+}
+
+// Middleware configures reva middlewares.
+type Middleware struct {
+	Auth Auth `yaml:"auth"`
+}
+
+// Auth configures reva http auth middleware.
+type Auth struct {
+	CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"`
+}
+
+type AppHandler struct {
+	Prefix   string `yaml:"-"`
+	Insecure bool   `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APP_HANDLER_INSECURE" desc:"Allow insecure connections to the frontend."`
+}
+
+type Archiver struct {
+	MaxNumFiles int64  `yaml:"max_num_files" env:"FRONTEND_ARCHIVER_MAX_NUM_FILES" desc:"Max number of files that can be packed into an archive."`
+	MaxSize     int64  `yaml:"max_size" env:"FRONTEND_ARCHIVER_MAX_SIZE" desc:"Max size of the zip archive the archiver can create."`
+	Prefix      string `yaml:"-"`
+	Insecure    bool   `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE" desc:"Allow insecure connections to the archiver."`
+}
+
+type DataGateway struct {
+	Prefix string `yaml:"prefix" env:"FRONTEND_DATA_GATEWAY_PREFIX"`
+}
+
+type OCS struct {
+	Prefix                  string             `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"Path prefix for the ocs service"`
+	SharePrefix             string             `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares."`
+	HomeNamespace           string             `yaml:"home_namespace" env:"FRONTEND_OCS_HOME_NAMESPACE" desc:"Homespace namespace identifier."`
+	AdditionalInfoAttribute string             `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user (e.g. {{.Mail}}"`
+	ResourceInfoCacheTTL    int                `yaml:"resource_info_cache_ttl" env:"FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL" desc:"Max TTL for the resource info cache"`
+	CacheWarmupDriver       string             `yaml:"cache_warmup_driver,omitempty"`  // not supported by the oCIS product, therefore not part of docs
+	CacheWarmupDrivers      CacheWarmupDrivers `yaml:"cache_warmup_drivers,omitempty"` // not supported by the oCIS product, therefore not part of docs
+}
+
+type CacheWarmupDrivers struct {
+	CBOX CBOXDriver `yaml:"cbox,omitempty"`
+}
+
+type CBOXDriver struct {
+	DBUsername string `yaml:"db_username,omitempty"`
+	DBPassword string `yaml:"db_password,omitempty"`
+	DBHost     string `yaml:"db_host,omitempty"`
+	DBPort     int    `yaml:"db_port,omitempty"`
+	DBName     string `yaml:"db_name,omitempty"`
+	Namespace  string `yaml:"namespace,omitempty"`
+}
+
+type Checksums struct {
+	SupportedTypes      []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Supported checksum types to be announced to the client (e.g. md5)"`
+	PreferredUploadType string   `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPES" desc:"Preferred checksum types to be announced to the client for uploads (e.g. md5)"`
+}

services/frontend/pkg/config/defaults/defaultconfig.go

@@ -0,0 +1,125 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+	EnsureDefaults(cfg)
+	Sanitize(cfg)
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9141",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		HTTP: config.HTTPConfig{
+			Addr:      "127.0.0.1:9140",
+			Namespace: "com.owncloud.web",
+			Protocol:  "tcp",
+			Prefix:    "",
+		},
+		Service: config.Service{
+			Name: "frontend",
+		},
+		Reva: &config.Reva{
+			Address: "127.0.0.1:9142",
+		},
+		PublicURL:                "https://localhost:9200",
+		EnableFavorites:          false,
+		EnableProjectSpaces:      true,
+		EnableShareJail:          true,
+		UploadMaxChunkSize:       1e+8,
+		UploadHTTPMethodOverride: "",
+		DefaultUploadProtocol:    "tus",
+		EnableResharing:          false,
+		Checksums: config.Checksums{
+			SupportedTypes:      []string{"sha1", "md5", "adler32"},
+			PreferredUploadType: "",
+		},
+		AppHandler: config.AppHandler{
+			Prefix: "app",
+		},
+		Archiver: config.Archiver{
+			Insecure:    false,
+			Prefix:      "archiver",
+			MaxNumFiles: 10000,
+			MaxSize:     1073741824,
+		},
+		DataGateway: config.DataGateway{
+			Prefix: "data",
+		},
+		OCS: config.OCS{
+			Prefix:                  "ocs",
+			SharePrefix:             "/Shares",
+			HomeNamespace:           "/users/{{.Id.OpaqueId}}",
+			AdditionalInfoAttribute: "{{.Mail}}",
+			ResourceInfoCacheTTL:    0,
+		},
+		Middleware: config.Middleware{
+			Auth: config.Auth{
+				CredentialsByUserAgent: map[string]string{},
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+
+	if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
+		cfg.Reva = &config.Reva{
+			Address: cfg.Commons.Reva.Address,
+		}
+	} else if cfg.Reva == nil {
+		cfg.Reva = &config.Reva{}
+	}
+
+	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
+		cfg.TokenManager = &config.TokenManager{
+			JWTSecret: cfg.Commons.TokenManager.JWTSecret,
+		}
+	} else if cfg.TokenManager == nil {
+		cfg.TokenManager = &config.TokenManager{}
+	}
+
+	if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
+		cfg.TransferSecret = cfg.Commons.TransferSecret
+	}
+
+	if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	}
+
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}

services/frontend/pkg/config/parser/parse.go

@@ -0,0 +1,50 @@
+package parser
+
+import (
+	"errors"
+
+	ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config/defaults"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/config/envdecode"
+)
+
+// ParseConfig loads configuration from known paths.
+func ParseConfig(cfg *config.Config) error {
+	_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
+	if err != nil {
+		return err
+	}
+
+	defaults.EnsureDefaults(cfg)
+
+	// load all env variables relevant to the config in the current context.
+	if err := envdecode.Decode(cfg); err != nil {
+		// no environment variable set for this config is an expected "error"
+		if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
+			return err
+		}
+	}
+
+	defaults.Sanitize(cfg)
+
+	return Validate(cfg)
+}
+
+func Validate(cfg *config.Config) error {
+	if cfg.TokenManager.JWTSecret == "" {
+		return shared.MissingJWTTokenError(cfg.Service.Name)
+	}
+
+	if cfg.TransferSecret == "" {
+		return shared.MissingRevaTransferSecretError(cfg.Service.Name)
+	}
+
+	if cfg.MachineAuthAPIKey == "" {
+		return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
+	}
+
+	return nil
+}

services/frontend/pkg/config/reva.go

@@ -0,0 +1,11 @@
+package config
+
+// Reva defines all available REVA configuration.
+type Reva struct {
+	Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."`
+}
+
+// TokenManager is the config for using the reva token manager
+type TokenManager struct {
+	JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;FRONTEND_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."`
+}

services/frontend/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+)
+
+// LoggerFromConfig initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/frontend/pkg/revaconfig/config.go

@@ -0,0 +1,230 @@
+package revaconfig
+
+import (
+	"path"
+	"strconv"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/version"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+)
+
+// FrontendConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
+func FrontendConfigFromStruct(cfg *config.Config) map[string]interface{} {
+	archivers := []map[string]interface{}{
+		{
+			"enabled":       true,
+			"version":       "2.0.0",
+			"formats":       []string{"tar", "zip"},
+			"archiver_url":  path.Join("/", cfg.Archiver.Prefix),
+			"max_num_files": strconv.FormatInt(cfg.Archiver.MaxNumFiles, 10),
+			"max_size":      strconv.FormatInt(cfg.Archiver.MaxSize, 10),
+		},
+	}
+
+	appProviders := []map[string]interface{}{
+		{
+			"enabled":  true,
+			"version":  "1.0.0",
+			"apps_url": "/app/list",
+			"open_url": "/app/open",
+			"new_url":  "/app/new",
+		},
+	}
+
+	filesCfg := map[string]interface{}{
+		"private_links":     false,
+		"bigfilechunking":   false,
+		"blacklisted_files": []string{},
+		"undelete":          true,
+		"versioning":        true,
+		"archivers":         archivers,
+		"app_providers":     appProviders,
+		"favorites":         cfg.EnableFavorites,
+	}
+
+	if cfg.DefaultUploadProtocol == "tus" {
+		filesCfg["tus_support"] = map[string]interface{}{
+			"version":              "1.0.0",
+			"resumable":            "1.0.0",
+			"extension":            "creation,creation-with-upload",
+			"http_method_override": cfg.UploadHTTPMethodOverride,
+			"max_chunk_size":       cfg.UploadMaxChunkSize,
+		}
+	}
+
+	return map[string]interface{}{
+		"core": map[string]interface{}{
+			"tracing_enabled":      cfg.Tracing.Enabled,
+			"tracing_endpoint":     cfg.Tracing.Endpoint,
+			"tracing_collector":    cfg.Tracing.Collector,
+			"tracing_service_name": cfg.Service.Name,
+		},
+		"shared": map[string]interface{}{
+			"jwt_secret":                cfg.TokenManager.JWTSecret,
+			"gatewaysvc":                cfg.Reva.Address, // Todo or address?
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
+		},
+		"http": map[string]interface{}{
+			"network": cfg.HTTP.Protocol,
+			"address": cfg.HTTP.Addr,
+			"middlewares": map[string]interface{}{
+				"cors": map[string]interface{}{
+					"allow_credentials": true,
+				},
+				"auth": map[string]interface{}{
+					"credentials_by_user_agent": cfg.Middleware.Auth.CredentialsByUserAgent,
+					"credential_chain":          []string{"bearer"},
+				},
+			},
+			// TODO build services dynamically
+			"services": map[string]interface{}{
+				// this reva service called "appprovider" comes from
+				// `internal/http/services/appprovider` and is a translation
+				// layer from the grpc app registry to http, used by eg. ownCloud Web
+				// It should not be confused with `internal/grpc/services/appprovider`
+				// which is currently only has only the driver for the CS3org WOPI server
+				"appprovider": map[string]interface{}{
+					"prefix":                 cfg.AppHandler.Prefix,
+					"transfer_shared_secret": cfg.TransferSecret,
+					"timeout":                86400,
+					"insecure":               cfg.AppHandler.Insecure,
+				},
+				"archiver": map[string]interface{}{
+					"prefix":        cfg.Archiver.Prefix,
+					"timeout":       86400,
+					"insecure":      cfg.Archiver.Insecure,
+					"max_num_files": cfg.Archiver.MaxNumFiles,
+					"max_size":      cfg.Archiver.MaxSize,
+				},
+				"datagateway": map[string]interface{}{
+					"prefix":                 cfg.DataGateway.Prefix,
+					"transfer_shared_secret": cfg.TransferSecret,
+					"timeout":                86400,
+					"insecure":               true,
+				},
+				"ocs": map[string]interface{}{
+					"storage_registry_svc":      cfg.Reva.Address,
+					"share_prefix":              cfg.OCS.SharePrefix,
+					"home_namespace":            cfg.OCS.HomeNamespace,
+					"resource_info_cache_ttl":   cfg.OCS.ResourceInfoCacheTTL,
+					"prefix":                    cfg.OCS.Prefix,
+					"additional_info_attribute": cfg.OCS.AdditionalInfoAttribute,
+					"machine_auth_apikey":       cfg.MachineAuthAPIKey,
+					"cache_warmup_driver":       cfg.OCS.CacheWarmupDriver,
+					"cache_warmup_drivers": map[string]interface{}{
+						"cbox": map[string]interface{}{
+							"db_username": cfg.OCS.CacheWarmupDrivers.CBOX.DBUsername,
+							"db_password": cfg.OCS.CacheWarmupDrivers.CBOX.DBPassword,
+							"db_host":     cfg.OCS.CacheWarmupDrivers.CBOX.DBHost,
+							"db_port":     cfg.OCS.CacheWarmupDrivers.CBOX.DBPort,
+							"db_name":     cfg.OCS.CacheWarmupDrivers.CBOX.DBName,
+							"namespace":   cfg.OCS.CacheWarmupDrivers.CBOX.Namespace,
+							"gatewaysvc":  cfg.Reva.Address,
+						},
+					},
+					"config": map[string]interface{}{
+						"version": "1.7",
+						"website": "ownCloud",
+						"host":    cfg.PublicURL,
+						"contact": "",
+						"ssl":     "false",
+					},
+					"default_upload_protocol": cfg.DefaultUploadProtocol,
+					"capabilities": map[string]interface{}{
+						"capabilities": map[string]interface{}{
+							"core": map[string]interface{}{
+								"poll_interval": 60,
+								"webdav_root":   "remote.php/webdav",
+								"status": map[string]interface{}{
+									"installed":      true,
+									"maintenance":    false,
+									"needsDbUpgrade": false,
+									"version":        version.Legacy,
+									"versionstring":  version.LegacyString,
+									"edition":        "Community",
+									"productname":    "Infinite Scale",
+									"product":        "Infinite Scale",
+									"productversion": version.GetString(),
+									"hostname":       "",
+								},
+								"support_url_signing": true,
+							},
+							"checksums": map[string]interface{}{
+								"supported_types":       cfg.Checksums.SupportedTypes,
+								"preferred_upload_type": cfg.Checksums.PreferredUploadType,
+							},
+							"files": filesCfg,
+							"dav": map[string]interface{}{
+								"reports": []string{"search-files"},
+							},
+							"files_sharing": map[string]interface{}{
+								"api_enabled":                       true,
+								"resharing":                         cfg.EnableResharing,
+								"group_sharing":                     true,
+								"auto_accept_share":                 true,
+								"share_with_group_members_only":     true,
+								"share_with_membership_groups_only": true,
+								"default_permissions":               22,
+								"search_min_length":                 3,
+								"public": map[string]interface{}{
+									"enabled":                    true,
+									"send_mail":                  true,
+									"defaultPublicLinkShareName": "Public link",
+									"social_share":               true,
+									"upload":                     true,
+									"multiple":                   true,
+									"supports_upload_only":       true,
+									"password": map[string]interface{}{
+										"enforced": false,
+										"enforced_for": map[string]interface{}{
+											"read_only":   false,
+											"read_write":  false,
+											"upload_only": false,
+										},
+									},
+									"expire_date": map[string]interface{}{
+										"enabled": true,
+									},
+									"can_edit": true,
+								},
+								"user": map[string]interface{}{
+									"send_mail":       true,
+									"profile_picture": false,
+									"settings": []map[string]interface{}{
+										{
+											"enabled": true,
+											"version": "1.0.0",
+										},
+									},
+								},
+								"user_enumeration": map[string]interface{}{
+									"enabled":            true,
+									"group_members_only": true,
+								},
+								"federation": map[string]interface{}{
+									"outgoing": true,
+									"incoming": true,
+								},
+							},
+							"spaces": map[string]interface{}{
+								"version":    "0.0.1",
+								"enabled":    cfg.EnableProjectSpaces || cfg.EnableShareJail,
+								"projects":   cfg.EnableProjectSpaces,
+								"share_jail": cfg.EnableShareJail,
+							},
+						},
+						"version": map[string]interface{}{
+							"product":        "Infinite Scale",
+							"edition":        "Community",
+							"major":          version.ParsedLegacy().Major(),
+							"minor":          version.ParsedLegacy().Minor(),
+							"micro":          version.ParsedLegacy().Patch(),
+							"string":         version.LegacyString,
+							"productversion": version.GetString(),
+						},
+					},
+				},
+			},
+		},
+	}
+}

services/frontend/pkg/server/debug/option.go

@@ -0,0 +1,50 @@
+package debug
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+)
+
+// Option defines a single option function.
+type Option func(o *Options)
+
+// Options defines the available options for this package.
+type Options struct {
+	Logger  log.Logger
+	Context context.Context
+	Config  *config.Config
+}
+
+// newOptions initializes the available default options.
+func newOptions(opts ...Option) Options {
+	opt := Options{}
+
+	for _, o := range opts {
+		o(&opt)
+	}
+
+	return opt
+}
+
+// Logger provides a function to set the logger option.
+func Logger(val log.Logger) Option {
+	return func(o *Options) {
+		o.Logger = val
+	}
+}
+
+// Context provides a function to set the context option.
+func Context(val context.Context) Option {
+	return func(o *Options) {
+		o.Context = val
+	}
+}
+
+// Config provides a function to set the config option.
+func Config(val *config.Config) Option {
+	return func(o *Options) {
+		o.Config = val
+	}
+}

services/frontend/pkg/server/debug/server.go

@@ -0,0 +1,63 @@
+package debug
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/owncloud/ocis/v2/ocis-pkg/service/debug"
+	"github.com/owncloud/ocis/v2/ocis-pkg/version"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+)
+
+// Server initializes the debug service and server.
+func Server(opts ...Option) (*http.Server, error) {
+	options := newOptions(opts...)
+
+	return debug.NewService(
+		debug.Logger(options.Logger),
+		debug.Name(options.Config.Service.Name),
+		debug.Version(version.GetString()),
+		debug.Address(options.Config.Debug.Addr),
+		debug.Token(options.Config.Debug.Token),
+		debug.Pprof(options.Config.Debug.Pprof),
+		debug.Zpages(options.Config.Debug.Zpages),
+		debug.Health(health(options.Config)),
+		debug.Ready(ready(options.Config)),
+		//debug.CorsAllowedOrigins(options.Config.HTTP.CORS.AllowedOrigins),
+		//debug.CorsAllowedMethods(options.Config.HTTP.CORS.AllowedMethods),
+		//debug.CorsAllowedHeaders(options.Config.HTTP.CORS.AllowedHeaders),
+		//debug.CorsAllowCredentials(options.Config.HTTP.CORS.AllowCredentials),
+	), nil
+}
+
+// health implements the health check.
+func health(cfg *config.Config) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		w.WriteHeader(http.StatusOK)
+
+		// TODO: check if services are up and running
+
+		_, err := io.WriteString(w, http.StatusText(http.StatusOK))
+		// io.WriteString should not fail but if it does we want to know.
+		if err != nil {
+			panic(err)
+		}
+	}
+}
+
+// ready implements the ready check.
+func ready(cfg *config.Config) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		w.WriteHeader(http.StatusOK)
+
+		// TODO: check if services are up and running
+
+		_, err := io.WriteString(w, http.StatusText(http.StatusOK))
+		// io.WriteString should not fail but if it does we want to know.
+		if err != nil {
+			panic(err)
+		}
+	}
+}

services/frontend/pkg/tracing/tracing.go

@@ -0,0 +1,18 @@
+package tracing
+
+import (
+	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/ocis-pkg/tracing"
+	"github.com/owncloud/ocis/v2/services/frontend/pkg/config"
+	"go.opentelemetry.io/otel/trace"
+)
+
+var (
+	// TraceProvider is the global trace provider for the service.
+	TraceProvider = trace.NewNoopTracerProvider()
+)
+
+func Configure(cfg *config.Config, logger log.Logger) error {
+	tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
+	return nil
+}