Merge pull request #2745 from owncloud/insecure-options

make all insecure options configurable and change the default to false
2026-04-23 04:28:48 -05:00 · 2021-11-10 17:49:15 +01:00
parent 57c2dab834 28af5f74f3
commit cd99845557
35 changed files with 157 additions and 67 deletions
@@ -171,12 +171,12 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 					"prefix":                 cfg.Reva.Frontend.AppProviderPrefix,
 					"transfer_shared_secret": cfg.Reva.TransferSecret,
 					"timeout":                86400,
-					"insecure":               true,
+					"insecure":               cfg.Reva.Frontend.AppProviderInsecure,
 				},
 				"archiver": map[string]interface{}{
 					"prefix":        cfg.Reva.Frontend.ArchiverPrefix,
 					"timeout":       86400,
-					"insecure":      true,
+					"insecure":      cfg.Reva.Frontend.ArchiverInsecure,
 					"max_num_files": cfg.Reva.Archiver.MaxNumFiles,
 					"max_size":      cfg.Reva.Archiver.MaxSize,
 				},
@@ -191,7 +191,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 					"files_namespace":  cfg.Reva.OCDav.DavFilesNamespace,
 					"webdav_namespace": cfg.Reva.OCDav.WebdavNamespace,
 					"timeout":          86400,
-					"insecure":         true,
+					"insecure":         cfg.Reva.Frontend.OCDavInsecure,
 					"public_url":       cfg.Reva.Frontend.PublicURL,
 				},
 				"ocs": map[string]interface{}{
@@ -128,7 +128,7 @@ func storageHomeConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]
 					"driver":      cfg.Reva.StorageHome.Driver,
 					"drivers":     storagedrivers.HomeDrivers(cfg),
 					"timeout":     86400,
-					"insecure":    true,
+					"insecure":    cfg.Reva.StorageHome.DataProvider.Insecure,
 					"disable_tus": false,
 				},
 			},
@@ -150,7 +150,7 @@ func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]in
 					"driver":      cfg.Reva.StorageMetadata.Driver,
 					"drivers":     storagedrivers.MetadataDrivers(cfg),
 					"timeout":     86400,
-					"insecure":    true,
+					"insecure":    cfg.Reva.StorageMetadata.DataProvider.Insecure,
 					"disable_tus": true,
 				},
 			},
@@ -128,7 +128,7 @@ func storageUsersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string
 					"driver":      cfg.Reva.StorageUsers.Driver,
 					"drivers":     storagedrivers.UserDrivers(cfg),
 					"timeout":     86400,
-					"insecure":    true,
+					"insecure":    cfg.Reva.StorageUsers.DataProvider.Insecure,
 					"disable_tus": false,
 				},
 			},
@@ -144,10 +144,13 @@ type Groups struct {
 type FrontendPort struct {
 	Port

+	AppProviderInsecure        bool
 	AppProviderPrefix          string
+	ArchiverInsecure           bool
 	ArchiverPrefix             string
 	DatagatewayPrefix          string
 	Favorites                  bool
+	OCDavInsecure              bool
 	OCDavPrefix                string
 	OCSPrefix                  string
 	OCSSharePrefix             string
@@ -175,6 +178,10 @@ type DataGatewayPort struct {
 	PublicURL string
 }

+type DataProvider struct {
+	Insecure bool
+}
+
 // StoragePort defines the available storage configuration.
 type StoragePort struct {
 	Port
@@ -186,9 +193,10 @@ type StoragePort struct {
 	DataServerURL string

 	// for HTTP ports with only one http service
-	HTTPPrefix string
-	TempFolder string
-	ReadOnly   bool
+	HTTPPrefix   string
+	TempFolder   string
+	ReadOnly     bool
+	DataProvider DataProvider
 }

 // PublicStorage configures a public storage provider
@@ -30,9 +30,9 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 		},
 		&cli.BoolFlag{
 			Name:        "oidc-insecure",
-			Value:       flags.OverrideDefaultBool(cfg.Reva.OIDC.Insecure, true),
+			Value:       flags.OverrideDefaultBool(cfg.Reva.OIDC.Insecure, false),
 			Usage:       "OIDC allow insecure communication",
-			EnvVars:     []string{"STORAGE_OIDC_INSECURE"},
+			EnvVars:     []string{"STORAGE_OIDC_INSECURE", "OCIS_INSECURE"},
 			Destination: &cfg.Reva.OIDC.Insecure,
 		},
 		&cli.StringFlag{
@@ -119,6 +119,13 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_FRONTEND_APPPROVIDER_PREFIX"},
 			Destination: &cfg.Reva.Frontend.AppProviderPrefix,
 		},
+		&cli.BoolFlag{
+			Name:        "approvider-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.Frontend.AppProviderInsecure, false),
+			Usage:       "approvider insecure",
+			EnvVars:     []string{"STORAGE_FRONTEND_APPPROVIDER_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.Frontend.AppProviderInsecure,
+		},
 		&cli.StringFlag{
 			Name:        "archiver-prefix",
 			Value:       flags.OverrideDefaultString(cfg.Reva.Frontend.ArchiverPrefix, "archiver"),
@@ -126,6 +133,13 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_FRONTEND_ARCHIVER_PREFIX"},
 			Destination: &cfg.Reva.Frontend.ArchiverPrefix,
 		},
+		&cli.BoolFlag{
+			Name:        "archiver-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.Frontend.ArchiverInsecure, false),
+			Usage:       "archiver insecure",
+			EnvVars:     []string{"STORAGE_FRONTEND_ARCHIVER_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.Frontend.ArchiverInsecure,
+		},
 		&cli.StringFlag{
 			Name:        "datagateway-prefix",
 			Value:       flags.OverrideDefaultString(cfg.Reva.Frontend.DatagatewayPrefix, "data"),
@@ -147,6 +161,13 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_FRONTEND_OCDAV_PREFIX"},
 			Destination: &cfg.Reva.Frontend.OCDavPrefix,
 		},
+		&cli.BoolFlag{
+			Name:        "ocdav-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.Frontend.OCDavInsecure, false),
+			Usage:       "owncloud webdav insecure",
+			EnvVars:     []string{"STORAGE_FRONTEND_OCDAV_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.Frontend.OCDavInsecure,
+		},
 		&cli.StringFlag{
 			Name:        "ocs-prefix",
 			Value:       flags.OverrideDefaultString(cfg.Reva.Frontend.OCSPrefix, "ocs"),
@@ -130,6 +130,13 @@ func StorageHomeWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_HOME_TMP_FOLDER"},
 			Destination: &cfg.Reva.StorageHome.TempFolder,
 		},
+		&cli.BoolFlag{
+			Name:        "dataprovider-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.StorageHome.DataProvider.Insecure, false),
+			Usage:       "dataprovider insecure",
+			EnvVars:     []string{"STORAGE_HOME_DATAPROVIDER_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.StorageHome.DataProvider.Insecure,
+		},

 		// some drivers need to look up users at the gateway

@@ -69,6 +69,13 @@ func StorageMetadata(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_METADATA_DRIVER"},
 			Destination: &cfg.Reva.StorageMetadata.Driver,
 		},
+		&cli.BoolFlag{
+			Name:        "dataprovider-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.StorageMetadata.DataProvider.Insecure, false),
+			Usage:       "dataprovider insecure",
+			EnvVars:     []string{"STORAGE_METADATA_DATAPROVIDER_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.StorageMetadata.DataProvider.Insecure,
+		},

 		// some drivers need to look up users at the gateway

@@ -78,6 +78,13 @@ func StorageUsersWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"STORAGE_USERS_DRIVER"},
 			Destination: &cfg.Reva.StorageUsers.Driver,
 		},
+		&cli.BoolFlag{
+			Name:        "dataprovider-insecure",
+			Value:       flags.OverrideDefaultBool(cfg.Reva.StorageUsers.DataProvider.Insecure, false),
+			Usage:       "dataprovider insecure",
+			EnvVars:     []string{"STORAGE_USERS_DATAPROVIDER_INSECURE", "OCIS_INSECURE"},
+			Destination: &cfg.Reva.StorageUsers.DataProvider.Insecure,
+		},
 		&cli.BoolFlag{
 			Name:        "read-only",
 			Value:       flags.OverrideDefaultBool(cfg.Reva.StorageUsers.ReadOnly, false),