set secureview flag based on addr

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

vendor/github.com/cs3org/reva/v2/internal/http/services/appprovider/appprovider.go

@@ -56,12 +56,12 @@ func init() {
 
 // Config holds the config options for the HTTP appprovider service
 type Config struct {
-	Prefix        string `mapstructure:"prefix"`
-	GatewaySvc    string `mapstructure:"gatewaysvc"`
-	Insecure      bool   `mapstructure:"insecure"`
-	WebBaseURI    string `mapstructure:"webbaseuri"`
-	Web           Web    `mapstructure:"web"`
-	SecureViewApp string `mapstructure:"secure_view_app"`
+	Prefix            string `mapstructure:"prefix"`
+	GatewaySvc        string `mapstructure:"gatewaysvc"`
+	Insecure          bool   `mapstructure:"insecure"`
+	WebBaseURI        string `mapstructure:"webbaseuri"`
+	Web               Web    `mapstructure:"web"`
+	SecureViewAppAddr string `mapstructure:"secure_view_app_addr"`
 }
 
 // Web holds the config options for the URL parameters for Web
@@ -342,16 +342,7 @@ func (s *svc) handleList(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	res := filterAppsByUserAgent(listRes.MimeTypes, r.UserAgent())
-
-	// if app name or address matches the configured secure view app add that flag to the response
-	for _, mt := range res {
-		for _, app := range mt.AppProviders {
-			if app.Name == s.conf.SecureViewApp {
-				app.SecureView = true
-			}
-		}
-	}
+	res := buildApps(listRes.MimeTypes, r.UserAgent(), s.conf.SecureViewAppAddr)
 
 	js, err := json.Marshal(map[string]interface{}{"mime-types": res})
 	if err != nil {
@@ -569,19 +560,29 @@ type ProviderInfo struct {
 	SecureView bool `json:"secure_view"`
 }
 
-// filterAppsByUserAgent rewrites the mime type info to only include apps that can be called by the user agent
-// it also wraps the provider info to be able to add a secure view flag
-func filterAppsByUserAgent(mimeTypes []*appregistry.MimeTypeInfo, userAgent string) []*MimeTypeInfo {
+// buildApps rewrites the mime type info to only include apps that
+// * have a name
+// * can be called by the user agent, eg Desktop-only
+//
+// it also
+// * wraps the provider info to be able to add a secure view flag
+// * adds a secure view flag if the address matches the secure view app address and
+// * removes the address from the provider info to not expose internal addresses
+func buildApps(mimeTypes []*appregistry.MimeTypeInfo, userAgent, secureViewAppAddr string) []*MimeTypeInfo {
 	ua := ua.Parse(userAgent)
 	res := []*MimeTypeInfo{}
 	for _, m := range mimeTypes {
 		apps := []*ProviderInfo{}
 		for _, p := range m.AppProviders {
+			ep := &ProviderInfo{ProviderInfo: *p}
+			if p.Address == secureViewAppAddr {
+				ep.SecureView = true
+			}
 			p.Address = "" // address is internal only and not needed in the client
 			// apps are called by name, so if it has no name it cannot be called and should not be advertised
 			// also filter Desktop-only apps if ua is not Desktop
 			if p.Name != "" && (ua.Desktop || !p.DesktopOnly) {
-				apps = append(apps, &ProviderInfo{ProviderInfo: *p})
+				apps = append(apps, ep)
 			}
 		}
 		if len(apps) > 0 {

vendor/github.com/cs3org/reva/v2/pkg/storage/fs/ocis/blobstore/blobstore.go

@@ -32,6 +32,9 @@ import (
 	"github.com/pkg/errors"
 )
 
+// ErrBlobIDEmpty is returned when the BlobID is empty
+var ErrBlobIDEmpty = fmt.Errorf("blobstore: BlobID is empty")
+
 // Blobstore provides an interface to an filesystem based blobstore
 type Blobstore struct {
 	root string
@@ -51,10 +54,12 @@ func New(root string) (*Blobstore, error) {
 
 // Upload stores some data in the blobstore under the given key
 func (bs *Blobstore) Upload(node *node.Node, source string) error {
-	dest, err := bs.path(node)
-	if err != nil {
-		return err
+	if node.BlobID == "" {
+		return ErrBlobIDEmpty
 	}
+
+	dest := bs.Path(node)
+
 	// ensure parent path exists
 	if err := os.MkdirAll(filepath.Dir(dest), 0700); err != nil {
 		return errors.Wrap(err, "Decomposedfs: oCIS blobstore: error creating parent folders for blob")
@@ -87,10 +92,11 @@ func (bs *Blobstore) Upload(node *node.Node, source string) error {
 
 // Download retrieves a blob from the blobstore for reading
 func (bs *Blobstore) Download(node *node.Node) (io.ReadCloser, error) {
-	dest, err := bs.path(node)
-	if err != nil {
-		return nil, err
+	if node.BlobID == "" {
+		return nil, ErrBlobIDEmpty
 	}
+
+	dest := bs.Path(node)
 	file, err := os.Open(dest)
 	if err != nil {
 		return nil, errors.Wrapf(err, "could not read blob '%s'", dest)
@@ -100,10 +106,10 @@ func (bs *Blobstore) Download(node *node.Node) (io.ReadCloser, error) {
 
 // Delete deletes a blob from the blobstore
 func (bs *Blobstore) Delete(node *node.Node) error {
-	dest, err := bs.path(node)
-	if err != nil {
-		return err
+	if node.BlobID == "" {
+		return ErrBlobIDEmpty
 	}
+	dest := bs.Path(node)
 	if err := utils.RemoveItem(dest); err != nil {
 		return errors.Wrapf(err, "could not delete blob '%s'", dest)
 	}
@@ -111,37 +117,28 @@ func (bs *Blobstore) Delete(node *node.Node) error {
 }
 
 // List lists all blobs in the Blobstore
-func (bs *Blobstore) List() ([]string, error) {
+func (bs *Blobstore) List() ([]*node.Node, error) {
 	dirs, err := filepath.Glob(filepath.Join(bs.root, "spaces", "*", "*", "blobs", "*", "*", "*", "*", "*"))
 	if err != nil {
 		return nil, err
 	}
-	blobids := make([]string, 0, len(dirs))
+	blobids := make([]*node.Node, 0, len(dirs))
 	for _, d := range dirs {
-		seps := strings.Split(d, "/")
-		var b string
-		var now bool
-		for _, s := range seps {
-			if now {
-				b += s
-			}
-			if s == "blobs" {
-				now = true
-			}
-		}
-		blobids = append(blobids, b)
+		_, s, _ := strings.Cut(d, "spaces")
+		spaceraw, blobraw, _ := strings.Cut(s, "blobs")
+		blobids = append(blobids, &node.Node{
+			SpaceID: strings.ReplaceAll(spaceraw, "/", ""),
+			BlobID:  strings.ReplaceAll(blobraw, "/", ""),
+		})
 	}
 	return blobids, nil
 }
 
-func (bs *Blobstore) path(node *node.Node) (string, error) {
-	if node.BlobID == "" {
-		return "", fmt.Errorf("blobstore: BlobID is empty")
-	}
+func (bs *Blobstore) Path(node *node.Node) string {
 	return filepath.Join(
 		bs.root,
 		filepath.Clean(filepath.Join(
 			"/", "spaces", lookup.Pathify(node.SpaceID, 1, 2), "blobs", lookup.Pathify(node.BlobID, 4, 2)),
 		),
-	), nil
+	)
 }

vendor/github.com/cs3org/reva/v2/pkg/storage/fs/s3ng/blobstore/blobstore.go

@@ -84,7 +84,7 @@ func (bs *Blobstore) Upload(node *node.Node, source string) error {
 	}
 	defer reader.Close()
 
-	_, err = bs.client.PutObject(context.Background(), bs.bucket, bs.path(node), reader, node.Blobsize, minio.PutObjectOptions{
+	_, err = bs.client.PutObject(context.Background(), bs.bucket, bs.Path(node), reader, node.Blobsize, minio.PutObjectOptions{
 		ContentType:           "application/octet-stream",
 		SendContentMd5:        bs.defaultPutOptions.SendContentMd5,
 		ConcurrentStreamParts: bs.defaultPutOptions.ConcurrentStreamParts,
@@ -95,21 +95,21 @@ func (bs *Blobstore) Upload(node *node.Node, source string) error {
 	})
 
 	if err != nil {
-		return errors.Wrapf(err, "could not store object '%s' into bucket '%s'", bs.path(node), bs.bucket)
+		return errors.Wrapf(err, "could not store object '%s' into bucket '%s'", bs.Path(node), bs.bucket)
 	}
 	return nil
 }
 
 // Download retrieves a blob from the blobstore for reading
 func (bs *Blobstore) Download(node *node.Node) (io.ReadCloser, error) {
-	reader, err := bs.client.GetObject(context.Background(), bs.bucket, bs.path(node), minio.GetObjectOptions{})
+	reader, err := bs.client.GetObject(context.Background(), bs.bucket, bs.Path(node), minio.GetObjectOptions{})
 	if err != nil {
-		return nil, errors.Wrapf(err, "could not download object '%s' from bucket '%s'", bs.path(node), bs.bucket)
+		return nil, errors.Wrapf(err, "could not download object '%s' from bucket '%s'", bs.Path(node), bs.bucket)
 	}
 
 	stat, err := reader.Stat()
 	if err != nil {
-		return nil, errors.Wrapf(err, "blob path: %s", bs.path(node))
+		return nil, errors.Wrapf(err, "blob path: %s", bs.Path(node))
 	}
 
 	if node.Blobsize != stat.Size {
@@ -121,31 +121,34 @@ func (bs *Blobstore) Download(node *node.Node) (io.ReadCloser, error) {
 
 // Delete deletes a blob from the blobstore
 func (bs *Blobstore) Delete(node *node.Node) error {
-	err := bs.client.RemoveObject(context.Background(), bs.bucket, bs.path(node), minio.RemoveObjectOptions{})
+	err := bs.client.RemoveObject(context.Background(), bs.bucket, bs.Path(node), minio.RemoveObjectOptions{})
 	if err != nil {
-		return errors.Wrapf(err, "could not delete object '%s' from bucket '%s'", bs.path(node), bs.bucket)
+		return errors.Wrapf(err, "could not delete object '%s' from bucket '%s'", bs.Path(node), bs.bucket)
 	}
 	return nil
 }
 
 // List lists all blobs in the Blobstore
-func (bs *Blobstore) List() ([]string, error) {
+func (bs *Blobstore) List() ([]*node.Node, error) {
 	ch := bs.client.ListObjects(context.Background(), bs.bucket, minio.ListObjectsOptions{Recursive: true})
 
 	var err error
-	ids := make([]string, 0)
+	ids := make([]*node.Node, 0)
 	for oi := range ch {
 		if oi.Err != nil {
 			err = oi.Err
 			continue
 		}
-		_, blobid, _ := strings.Cut(oi.Key, "/")
-		ids = append(ids, strings.ReplaceAll(blobid, "/", ""))
+		spaceid, blobid, _ := strings.Cut(oi.Key, "/")
+		ids = append(ids, &node.Node{
+			SpaceID: strings.ReplaceAll(spaceid, "/", ""),
+			BlobID:  strings.ReplaceAll(blobid, "/", ""),
+		})
 	}
 	return ids, err
 }
 
-func (bs *Blobstore) path(node *node.Node) string {
+func (bs *Blobstore) Path(node *node.Node) string {
 	// https://aws.amazon.com/de/premiumsupport/knowledge-center/s3-prefix-nested-folders-difference/
 	// Prefixes are used to partion a bucket. A prefix is everything except the filename.
 	// For a file `BucketName/foo/bar/lorem.ipsum`, `BucketName/foo/bar/` is the prefix.