bump reva to 2a6fdbed1

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

changelog/unreleased/bump-reva.md

@@ -2,5 +2,6 @@ Enhancement: Bump reva to 2.xx.x
 
 TODO
 
+https://github.com/owncloud/ocis/pull/10236
 https://github.com/owncloud/ocis/pull/10216
 

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb
-	github.com/cs3org/reva/v2 v2.25.1-0.20241002085034-fcd567b4c0ce
+	github.com/cs3org/reva/v2 v2.25.1-0.20241004072335-2a6fdbed139d
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
 	github.com/egirna/icap-client v0.1.1

go.sum

@@ -255,8 +255,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb h1:KmYZDReplv/yfwc1LNYpDcVhVujC3Pasv6WjXx1haSU=
 github.com/cs3org/go-cs3apis v0.0.0-20240724121416-062c4e3046cb/go.mod h1:yyP8PRo0EZou3nSH7H4qjlzQwaydPeIRNgX50npQHpE=
-github.com/cs3org/reva/v2 v2.25.1-0.20241002085034-fcd567b4c0ce h1:qFVusItMWTqlW4vm1+yeHjDxwsYwcum6l8P7vFLmMMk=
-github.com/cs3org/reva/v2 v2.25.1-0.20241002085034-fcd567b4c0ce/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
+github.com/cs3org/reva/v2 v2.25.1-0.20241004072335-2a6fdbed139d h1:ETrSkU/XK50QzsxCAHQrr0b7klOHb9TVmJjmOsjMhr8=
+github.com/cs3org/reva/v2 v2.25.1-0.20241004072335-2a6fdbed139d/go.mod h1:p7CHBXcg6sSqB+0JMNDfC1S7TSh9FghXkw1kTV3KcJI=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=

vendor/github.com/cs3org/reva/v2/internal/grpc/services/sharesstorageprovider/sharesstorageprovider.go

@@ -798,14 +798,20 @@ func (s *service) Stat(ctx context.Context, req *provider.StatRequest) (*provide
 		return nil, err
 	}
 
-	// when stating a share jail mountpoint we need to rewrite the id and use the share
-	// jail space id as the mountpoint has a different id than the grant
+	// when stating a share jail mountpoint we need to rewrite the ids
 	if statRes.GetStatus().GetCode() == rpc.Code_CODE_OK && receivedShare.MountPoint.Path == strings.TrimPrefix(req.Ref.Path, "./") && statRes.Info != nil {
+		// overwrite id with the share jail mountpoint id
 		statRes.Info.Id = &provider.ResourceId{
 			StorageId: utils.ShareStorageProviderID,
 			SpaceId:   utils.ShareStorageSpaceID,
 			OpaqueId:  receivedShare.GetShare().GetId().GetOpaqueId(),
 		}
+		// overwrite parent id with the share jail root
+		statRes.Info.ParentId = &provider.ResourceId{
+			StorageId: utils.ShareStorageProviderID,
+			SpaceId:   utils.ShareStorageSpaceID,
+			OpaqueId:  utils.ShareStorageSpaceID,
+		}
 	}
 
 	return statRes, nil

vendor/github.com/cs3org/reva/v2/internal/http/services/wellknown/ocm.go

@@ -0,0 +1,148 @@
+// Copyright 2018-2024 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package wellknown
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"path/filepath"
+
+	"github.com/cs3org/reva/v2/pkg/appctx"
+)
+
+const OCMAPIVersion = "1.1.0"
+
+type OcmProviderConfig struct {
+	OCMPrefix    string `docs:"ocm;The prefix URL where the OCM API is served."                                   mapstructure:"ocm_prefix"`
+	Endpoint     string `docs:"This host's full URL. If it's not configured, it is assumed OCM is not available." mapstructure:"endpoint"`
+	Provider     string `docs:"reva;A friendly name that defines this service."                                   mapstructure:"provider"`
+	WebdavRoot   string `docs:"/remote.php/dav/ocm;The root URL of the WebDAV endpoint to serve OCM shares."      mapstructure:"webdav_root"`
+	WebappRoot   string `docs:"/external/sciencemesh;The root URL to serve Web apps via OCM."                     mapstructure:"webapp_root"`
+	EnableWebapp bool   `docs:"false;Whether web apps are enabled in OCM shares."                                 mapstructure:"enable_webapp"`
+	EnableDatatx bool   `docs:"false;Whether data transfers are enabled in OCM shares."                           mapstructure:"enable_datatx"`
+}
+
+type OcmDiscoveryData struct {
+	Enabled       bool            `json:"enabled"       xml:"enabled"`
+	APIVersion    string          `json:"apiVersion"    xml:"apiVersion"`
+	Endpoint      string          `json:"endPoint"      xml:"endPoint"`
+	Provider      string          `json:"provider"      xml:"provider"`
+	ResourceTypes []resourceTypes `json:"resourceTypes" xml:"resourceTypes"`
+	Capabilities  []string        `json:"capabilities"  xml:"capabilities"`
+}
+
+type resourceTypes struct {
+	Name       string            `json:"name"`
+	ShareTypes []string          `json:"shareTypes"`
+	Protocols  map[string]string `json:"protocols"`
+}
+
+type wkocmHandler struct {
+	data *OcmDiscoveryData
+}
+
+func (c *OcmProviderConfig) ApplyDefaults() {
+	if c.OCMPrefix == "" {
+		c.OCMPrefix = "ocm"
+	}
+	if c.Provider == "" {
+		c.Provider = "reva"
+	}
+	if c.WebdavRoot == "" {
+		c.WebdavRoot = "/remote.php/dav/ocm/"
+	}
+	if c.WebdavRoot[len(c.WebdavRoot)-1:] != "/" {
+		c.WebdavRoot += "/"
+	}
+	if c.WebappRoot == "" {
+		c.WebappRoot = "/external/sciencemesh/"
+	}
+	if c.WebappRoot[len(c.WebappRoot)-1:] != "/" {
+		c.WebappRoot += "/"
+	}
+}
+
+func (h *wkocmHandler) init(c *OcmProviderConfig) {
+	// generates the (static) data structure to be exposed by /.well-known/ocm:
+	// first prepare an empty and disabled payload
+	c.ApplyDefaults()
+	d := &OcmDiscoveryData{}
+	d.Enabled = false
+	d.Endpoint = ""
+	d.APIVersion = OCMAPIVersion
+	d.Provider = c.Provider
+	d.ResourceTypes = []resourceTypes{{
+		Name:       "file",
+		ShareTypes: []string{},
+		Protocols:  map[string]string{},
+	}}
+	d.Capabilities = []string{}
+
+	if c.Endpoint == "" {
+		h.data = d
+		return
+	}
+
+	endpointURL, err := url.Parse(c.Endpoint)
+	if err != nil {
+		h.data = d
+		return
+	}
+
+	// now prepare the enabled one
+	d.Enabled = true
+	d.Endpoint, _ = url.JoinPath(c.Endpoint, c.OCMPrefix)
+	rtProtos := map[string]string{}
+	// webdav is always enabled
+	rtProtos["webdav"] = filepath.Join(endpointURL.Path, c.WebdavRoot)
+	if c.EnableWebapp {
+		rtProtos["webapp"] = filepath.Join(endpointURL.Path, c.WebappRoot)
+	}
+	if c.EnableDatatx {
+		rtProtos["datatx"] = filepath.Join(endpointURL.Path, c.WebdavRoot)
+	}
+	d.ResourceTypes = []resourceTypes{{
+		Name:       "file",           // so far we only support `file`
+		ShareTypes: []string{"user"}, // so far we only support `user`
+		Protocols:  rtProtos,         // expose the protocols as per configuration
+	}}
+	// for now we hardcode the capabilities, as this is currently only advisory
+	d.Capabilities = []string{"/invite-accepted"}
+	h.data = d
+}
+
+// This handler implements the OCM discovery endpoint specified in
+// https://cs3org.github.io/OCM-API/docs.html?repo=OCM-API&user=cs3org#/paths/~1ocm-provider/get
+func (h *wkocmHandler) Ocm(w http.ResponseWriter, r *http.Request) {
+	log := appctx.GetLogger(r.Context())
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+	if r.UserAgent() == "Nextcloud Server Crawler" {
+		// Nextcloud decided to only support OCM 1.0 and 1.1, not any 1.x as per SemVer. See
+		// https://github.com/nextcloud/server/pull/39574#issuecomment-1679191188
+		h.data.APIVersion = "1.1"
+	} else {
+		h.data.APIVersion = OCMAPIVersion
+	}
+	indented, _ := json.MarshalIndent(h.data, "", "   ")
+	if _, err := w.Write(indented); err != nil {
+		log.Err(err).Msg("Error writing to ResponseWriter")
+	}
+}

vendor/github.com/cs3org/reva/v2/internal/http/services/wellknown/openidconfiguration.go

@@ -1,97 +0,0 @@
-// Copyright 2018-2021 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package wellknown
-
-import (
-	"encoding/json"
-	"net/http"
-
-	"github.com/cs3org/reva/v2/pkg/appctx"
-)
-
-func (s *svc) doOpenidConfiguration(w http.ResponseWriter, r *http.Request) {
-	log := appctx.GetLogger(r.Context())
-	pm := &ProviderMetadata{
-		Issuer:                s.conf.Issuer,
-		AuthorizationEndpoint: s.conf.AuthorizationEndpoint,
-		JwksURI:               s.conf.JwksURI,
-		TokenEndpoint:         s.conf.TokenEndpoint,
-		RevocationEndpoint:    s.conf.RevocationEndpoint,
-		IntrospectionEndpoint: s.conf.IntrospectionEndpoint,
-		UserinfoEndpoint:      s.conf.UserinfoEndpoint,
-		EndSessionEndpoint:    s.conf.EndSessionEndpoint,
-	}
-
-	b, err := json.Marshal(pm)
-	if err != nil {
-		log.Error().Err(err).Msg("error getting grpc client")
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-	w.Header().Set("Access-Control-Allow-Origin", "*")
-	w.Header().Set("Content-Type", "application/json")
-	_, err = w.Write(b)
-	if err != nil {
-		log.Error().Err(err).Msg("Error writing response")
-		return
-	}
-}
-
-// The ProviderMetadata describes an idp.
-// see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
-// TODO(labkode): do we really need it to validate the token and get user claims?
-type ProviderMetadata struct {
-	AuthorizationEndpoint string `json:"authorization_endpoint,omitempty"`
-	// claims_parameter_supported
-	ClaimsSupported []string `json:"claims_supported,omitempty"`
-	// grant_types_supported
-	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
-	Issuer                           string   `json:"issuer,omitempty"`
-	JwksURI                          string   `json:"jwks_uri,omitempty"`
-	// registration_endpoint
-	// request_object_signing_alg_values_supported
-	// request_parameter_supported
-	// request_uri_parameter_supported
-	// require_request_uri_registration
-	// response_modes_supported
-	ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
-	ScopesSupported        []string `json:"scopes_supported,omitempty"`
-	SubjectTypesSupported  []string `json:"subject_types_supported,omitempty"`
-	TokenEndpoint          string   `json:"token_endpoint,omitempty"`
-	// token_endpoint_auth_methods_supported
-	// token_endpoint_auth_signing_alg_values_supported
-	UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
-	// userinfo_signing_alg_values_supported
-	// code_challenge_methods_supported
-	IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"`
-	// introspection_endpoint_auth_methods_supported
-	// introspection_endpoint_auth_signing_alg_values_supported
-	RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
-	// revocation_endpoint_auth_methods_supported
-	// revocation_endpoint_auth_signing_alg_values_supported
-	// id_token_encryption_alg_values_supported
-	// id_token_encryption_enc_values_supported
-	// userinfo_encryption_alg_values_supported
-	// userinfo_encryption_enc_values_supported
-	// request_object_encryption_alg_values_supported
-	// request_object_encryption_enc_values_supported
-	CheckSessionIframe string `json:"check_session_iframe,omitempty"`
-	EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
-	// claim_types_supported
-}

vendor/github.com/cs3org/reva/v2/internal/http/services/wellknown/webfinger.go

@@ -1,27 +0,0 @@
-// Copyright 2018-2021 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package wellknown
-
-import (
-	"net/http"
-)
-
-func (s *svc) doWebfinger(w http.ResponseWriter, r *http.Request) {
-	w.WriteHeader(http.StatusNotFound)
-}

vendor/github.com/cs3org/reva/v2/internal/http/services/wellknown/wellknown.go

@@ -1,4 +1,4 @@
-// Copyright 2018-2021 CERN
+// Copyright 2018-2024 CERN
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -23,8 +23,8 @@ import (
 
 	"github.com/cs3org/reva/v2/pkg/appctx"
 	"github.com/cs3org/reva/v2/pkg/rhttp/global"
-	"github.com/cs3org/reva/v2/pkg/rhttp/router"
-	"github.com/mitchellh/mapstructure"
+	"github.com/cs3org/reva/v2/pkg/utils/cfg"
+	"github.com/go-chi/chi/v5"
 	"github.com/rs/zerolog"
 )
 
@@ -32,76 +32,61 @@ func init() {
 	global.Register("wellknown", New)
 }
 
-type config struct {
-	Prefix                string `mapstructure:"prefix"`
-	Issuer                string `mapstructure:"issuer"`
-	AuthorizationEndpoint string `mapstructure:"authorization_endpoint"`
-	JwksURI               string `mapstructure:"jwks_uri"`
-	TokenEndpoint         string `mapstructure:"token_endpoint"`
-	RevocationEndpoint    string `mapstructure:"revocation_endpoint"`
-	IntrospectionEndpoint string `mapstructure:"introspection_endpoint"`
-	UserinfoEndpoint      string `mapstructure:"userinfo_endpoint"`
-	EndSessionEndpoint    string `mapstructure:"end_session_endpoint"`
-}
-
-func (c *config) init() {
-	if c.Prefix == "" {
-		c.Prefix = ".well-known"
-	}
-}
-
 type svc struct {
-	conf    *config
-	handler http.Handler
+	router chi.Router
+	Conf   *config
 }
 
-// New returns a new webuisvc
+type config struct {
+	OCMProvider OcmProviderConfig `mapstructure:"ocmprovider"`
+}
+
+// New returns a new wellknown object.
 func New(m map[string]interface{}, log *zerolog.Logger) (global.Service, error) {
-	conf := &config{}
-	if err := mapstructure.Decode(m, conf); err != nil {
+	var c config
+	if err := cfg.Decode(m, &c); err != nil {
 		return nil, err
 	}
 
-	conf.init()
-
+	r := chi.NewRouter()
 	s := &svc{
-		conf: conf,
+		router: r,
+		Conf:   &c,
 	}
-	s.setHandler()
+	if err := s.routerInit(); err != nil {
+		return nil, err
+	}
+
 	return s, nil
 }
 
+func (s *svc) routerInit() error {
+	wkocmHandler := new(wkocmHandler)
+	wkocmHandler.init(&s.Conf.OCMProvider)
+	s.router.Get("/.well-known/ocm", wkocmHandler.Ocm)
+	s.router.Get("/ocm-provider", wkocmHandler.Ocm)
+	return nil
+}
+
 func (s *svc) Close() error {
 	return nil
 }
 
 func (s *svc) Prefix() string {
-	return s.conf.Prefix
-}
-
-func (s *svc) Handler() http.Handler {
-	return s.handler
+	return ""
 }
 
 func (s *svc) Unprotected() []string {
-	return []string{
-		"/openid-configuration",
-	}
+	return []string{"/", "/.well-known/ocm", "/ocm-provider"}
 }
 
-func (s *svc) setHandler() {
-	s.handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+func (s *svc) Handler() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		log := appctx.GetLogger(r.Context())
-		var head string
-		head, r.URL.Path = router.ShiftPath(r.URL.Path)
-		log.Info().Msgf("wellknown routing: head=%s tail=%s", head, r.URL.Path)
-		switch head {
-		case "webfinger":
-			s.doWebfinger(w, r)
-		case "openid-configuration":
-			s.doOpenidConfiguration(w, r)
-		default:
-			w.WriteHeader(http.StatusNotFound)
-		}
+		log.Debug().Str("path", r.URL.Path).Msg(".well-known routing")
+
+		// unset raw path, otherwise chi uses it to route and then fails to match percent encoded path segments
+		r.URL.RawPath = ""
+		s.router.ServeHTTP(w, r)
 	})
 }

vendor/modules.txt

@@ -367,7 +367,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.25.1-0.20241002085034-fcd567b4c0ce
+# github.com/cs3org/reva/v2 v2.25.1-0.20241004072335-2a6fdbed139d
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime