use WhoAmI to look up user for legacy webdav endpoints

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-01-07 04:40:05 -06:00 · 2022-05-05 14:45:24 +00:00
parent 5b49432d2d
commit fd995475b6
3 changed files with 53 additions and 22 deletions
--- a/changelog/unreleased/fix-thumbnails-dav.md
+++ b/changelog/unreleased/fix-thumbnails-dav.md
@@ -1,10 +1,6 @@
 Bugfix: Thumbnails for `/dav/xxx?preview=1` requests

-We've added the thumbnail rendering for `/dav/xxx?preview=1` requests, which was previously not supported because of missing routes. It now returns the same thumbnails as for
+We've added the thumbnail rendering for `/dav/xxx?preview=1`, `/remote.php/webdav/{relative path}?preview=1` and `/webdav/{relative path}?preview=1` requests, which was previously not supported because of missing routes. It now returns the same thumbnails as for
 `/remote.php/dav/xxx?preview=1`.

-We've also ensured that `/remote.php/webdav/xxx?preview=1` and `/webdav/xxx?preview=1` will be
-routed to the correct service and always return a 404 Not Found, because Thumbnails are currently
-not implemented for that route.
-
 https://github.com/owncloud/ocis/pull/3567
--- a/extensions/webdav/pkg/dav/requests/thumbnail.go
+++ b/extensions/webdav/pkg/dav/requests/thumbnail.go
@@ -10,7 +10,7 @@ import (

 	"github.com/go-chi/chi/v5"

-	"github.com/owncloud/ocis/extensions/webdav/pkg/constants"
+	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/constants"
 )

 const (
@@ -47,7 +47,11 @@ func ParseThumbnailRequest(r *http.Request) (*ThumbnailRequest, error) {
 		return nil, errors.New("invalid file path")
 	}

-	id := ctx.Value(constants.ContextKeyID).(string)
+	id := ""
+	v := ctx.Value(constants.ContextKeyID)
+	if v != nil {
+		id = v.(string)
+	}

 	q := r.URL.Query()
 	width, height, err := parseDimensions(q)
--- a/extensions/webdav/pkg/service/v0/service.go
+++ b/extensions/webdav/pkg/service/v0/service.go
@@ -97,11 +97,9 @@ func NewService(opts ...Option) (Service, error) {
 		})

 		r.Group(func(r chi.Router) {
-			// currently not implemented
-			// If we implement this endpoint, we need to get the user from the access token.
-			// We decided against doing it, so that this service can be started without the JWT secret.
-			r.Get("/remote.php/webdav/*", http.NotFound)
-			r.Get("/webdav/*", http.NotFound)
+			r.Use(svc.WebDAVContext())
+			r.Get("/remote.php/webdav/*", svc.Thumbnail)
+			r.Get("/webdav/*", svc.Thumbnail)
 		})

 		// r.MethodFunc("REPORT", "/remote.php/dav/files/{id}/*", svc.Search)
@@ -185,6 +183,21 @@ func (g Webdav) DavPublicContext() func(next http.Handler) http.Handler {
 		})
 	}
 }
+func (g Webdav) WebDAVContext() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			filePath := r.URL.Path
+			filePath = strings.TrimPrefix(filePath, "/remote.php")
+			filePath = strings.TrimPrefix(filePath, "/webdav/")
+
+			ctx := context.WithValue(r.Context(), constants.ContextKeyPath, filePath)
+
+			next.ServeHTTP(w, r.WithContext(ctx))
+
+		})
+	}
+}

 // SpacesThumbnail is the endpoint for retrieving thumbnails inside of spaces.
 func (g Webdav) SpacesThumbnail(w http.ResponseWriter, r *http.Request) {
@@ -238,18 +251,36 @@ func (g Webdav) Thumbnail(w http.ResponseWriter, r *http.Request) {
 	}

 	t := r.Header.Get(TokenHeader)
-	ctx := metadata.AppendToOutgoingContext(r.Context(), TokenHeader, t)
-	userRes, err := g.revaClient.GetUserByClaim(ctx, &userv1beta1.GetUserByClaimRequest{
-		Claim: "username",
-		Value: tr.Identifier,
-	})
-	if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
-		g.log.Error().Err(err).Msg("could not get user")
-		renderError(w, r, errInternalError("could not get user"))
-		return
+
+	var user *userv1beta1.User
+
+	if tr.Identifier == "" {
+		// look up user from token via WhoAmI
+		userRes, err := g.revaClient.WhoAmI(r.Context(), &gatewayv1beta1.WhoAmIRequest{
+			Token: t,
+		})
+		if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+			g.log.Error().Err(err).Msg("could not get user")
+			renderError(w, r, errInternalError("could not get user"))
+			return
+		}
+		user = userRes.GetUser()
+	} else {
+		// look up user from URL via GetUserByClaim
+		ctx := metadata.AppendToOutgoingContext(r.Context(), TokenHeader, t)
+		userRes, err := g.revaClient.GetUserByClaim(ctx, &userv1beta1.GetUserByClaimRequest{
+			Claim: "username",
+			Value: tr.Identifier,
+		})
+		if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+			g.log.Error().Err(err).Msg("could not get user")
+			renderError(w, r, errInternalError("could not get user"))
+			return
+		}
+		user = userRes.GetUser()
 	}

-	fullPath := filepath.Join(templates.WithUser(userRes.User, g.config.WebdavNamespace), tr.Filepath)
+	fullPath := filepath.Join(templates.WithUser(user, g.config.WebdavNamespace), tr.Filepath)
 	rsp, err := g.thumbnailsClient.GetThumbnail(r.Context(), &thumbnailssvc.GetThumbnailRequest{
 		Filepath:      strings.TrimLeft(tr.Filepath, "/"),
 		ThumbnailType: extensionToThumbnailType(strings.TrimLeft(tr.Extension, ".")),