Public Shares CRUD, File Public Shares Manager #681
Conversation
refs
changed the title
refs
changed the title
| @@ -43,6 +43,61 @@ func (s *svc) CreatePublicShare(ctx context.Context, req *link.CreatePublicShare | |||
| return nil, err | |||
| } | |||
|
|
|||
| // Grants are not accessible through a link.PublicShare, in order for a service to access a grant (link.Grant) this needs to be | |||
There was a problem hiding this comment.
WIP. We need to persist the grant for basic authentication password checking. Still need to figure out whether to commit it to the storage or find another way
There was a problem hiding this comment.
Hi @refs I don't think we need to commit the grant to storage for a public share, keeping it outside the storage is good enough. User accessing a public link they cannot access the storage directly anyway. What can be stored in the storage is a reference to the public link ID as metadata.
There was a problem hiding this comment.
That makes a clean separation of concerns. Currently the password is stored on a link.Grant, that is required at the moment of a PublicShare creation, but the PublicShare itself does not include a Grant, by design. So in short, where would you think it would be a good way to store this? We were thinking on the public shares auth provider.
/cc @butonic
There was a problem hiding this comment.
Bump. This is the only opinionated bit that needs to be resolved before having a functional persistent public shares storage
There was a problem hiding this comment.
For the time being I'm running with an in-memory map for the lack of decision here. This should NOT be adopted in production, but as a proof of concept does the job on checking Basic credentials with the stored public share grants.
|
@refs we need to extend the interface to add a password parameter: |
|
Some test results:
|
|
|
fix for cross-storage propfind is here: #778 |
|
I've updated #778 but the propfind is still broken, but in another way |
Use original ref for Depth 1 which works fine. Depth infinity will have its own logic which currently only works within a single storage.
|
@labkode I think we can merge as it is so this doesn't grow larger, and I'll be addressing the remaining issues in the upcoming weeks :) |
| @@ -58,7 +59,10 @@ func (s *service) Close() error { | |||
| return nil | |||
| } | |||
|
|
|||
| func (s *service) UnprotectedEndpoints() []string { return []string{} } | |||
| func (s *service) UnprotectedEndpoints() []string { | |||
| // return []string{"/cs3.sharing.link.v1beta1.LinkAPI/GetPublicShareByToken"} | |||
There was a problem hiding this comment.
I think needs to be unprotected
| } | ||
|
|
||
| publicShareResponse, err := s.gateway.GetPublicShareByToken( | ||
| publicShareResponse, err := driver.GetPublicShare( |
There was a problem hiding this comment.
This was correct, the method is GetPublicShareByToken
What?
displaynamepermissionsexpirationpasswordOther Tasks
Description
The file manager, as per commit
8503ee3needs an existing file to be used as storage, as the revad process doesn't have write permissions(1).The db file is thread safe, all operations lock a mutex, so goroutines consuming the file are sure to be using an up-to-date version.
Example file contents:
{ "KTBfUQmYrEXy": "{\"id\":{\"opaqueId\":\"KTBfUQmYrEXy\"},\"token\":\"VjldgRWfpudX\",\"resourceId\":{\"storageId\":\"1284d238-aa92-42ce-bdc4-0b0000009162\",\"opaqueId\":\"19897125-ddd9-4939-be1d-12d86c503569\"},\"permissions\":{\"permissions\":{\"getPath\":true,\"getQuota\":true,\"initiateFileDownload\":true,\"listGrants\":true,\"listContainer\":true,\"listFileVersions\":true,\"listRecycle\":true,\"stat\":true}},\"owner\":{\"opaqueId\":\"einstein\"},\"creator\":{\"idp\":\"https://localhost:9200\",\"opaqueId\":\"einstein\"},\"ctime\":{\"seconds\":\"1587720640\",\"nanos\":939334000},\"mtime\":{\"seconds\":\"1587720755\",\"nanos\":187107000},\"expiration\":{\"seconds\":\"1587859200\"},\"displayName\":\"empty\"}", "jKoqDYLhZYDU": "{\"id\":{\"opaqueId\":\"jKoqDYLhZYDU\"},\"token\":\"orOSByQWpIvl\",\"resourceId\":{\"storageId\":\"1284d238-aa92-42ce-bdc4-0b0000009162\",\"opaqueId\":\"621502b8-9ed1-43c9-9a4e-b4ecf2711752\"},\"permissions\":{\"permissions\":{\"getPath\":true,\"getQuota\":true,\"initiateFileDownload\":true,\"listGrants\":true,\"listContainer\":true,\"listFileVersions\":true,\"listRecycle\":true,\"stat\":true}},\"owner\":{\"opaqueId\":\"einstein\"},\"creator\":{\"idp\":\"https://localhost:9200\",\"opaqueId\":\"einstein\"},\"ctime\":{\"seconds\":\"1587975510\",\"nanos\":771457000},\"mtime\":{\"seconds\":\"1587975510\",\"nanos\":771457000},\"displayName\":\"demo1\"}", "uJcxqIvypjUo": "{\"id\":{\"opaqueId\":\"uJcxqIvypjUo\"},\"token\":\"RozaxRnMYtjQ\",\"resourceId\":{\"storageId\":\"1284d238-aa92-42ce-bdc4-0b0000009162\",\"opaqueId\":\"19897125-ddd9-4939-be1d-12d86c503569\"},\"permissions\":{\"permissions\":{\"getPath\":true,\"getQuota\":true,\"initiateFileDownload\":true,\"listGrants\":true,\"listContainer\":true,\"listFileVersions\":true,\"listRecycle\":true,\"stat\":true}},\"owner\":{\"opaqueId\":\"einstein\"},\"creator\":{\"idp\":\"https://localhost:9200\",\"opaqueId\":\"einstein\"},\"ctime\":{\"seconds\":\"1587720648\",\"nanos\":135337000},\"mtime\":{\"seconds\":\"1587975296\",\"nanos\":942731000},\"expiration\":{\"seconds\":\"1588204800\"},\"displayName\":\"3\"}" }Share contents comparison (link.PublicShare) is achieved by string comparison, rather than reflection (no reflect.DeepEqual) or a comparison interface. This was a design choice meant to be replaced by https://pkg.go.dev/github.com/google/go-cmp/cmp for comparing protobuf struct.
Operations require a small overhead:
1.1 keys are PublicShares OpaqueID
1.2 contents are serialized json (using jsonpb, deprecated and should use ptorojson instead)
v's data onto a*link.PublicSharestructFrom this point on, a PublicShare struct is available to be used.
Write / Update operations follow the same approach, only an extra step that Marshals the contents of the
*link.PublicShareonto the file on a new key or overriding an existing one.