-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public Shares CRUD, File Public Shares Manager #681
Conversation
@@ -43,6 +43,61 @@ func (s *svc) CreatePublicShare(ctx context.Context, req *link.CreatePublicShare | |||
return nil, err | |||
} | |||
|
|||
// Grants are not accessible through a link.PublicShare, in order for a service to access a grant (link.Grant) this needs to be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WIP. We need to persist the grant for basic authentication password checking. Still need to figure out whether to commit it to the storage or find another way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @refs I don't think we need to commit the grant to storage for a public share, keeping it outside the storage is good enough. User accessing a public link they cannot access the storage directly anyway. What can be stored in the storage is a reference to the public link ID as metadata.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes a clean separation of concerns. Currently the password is stored on a link.Grant, that is required at the moment of a PublicShare creation, but the PublicShare itself does not include a Grant, by design. So in short, where would you think it would be a good way to store this? We were thinking on the public shares auth provider.
/cc @butonic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bump. This is the only opinionated bit that needs to be resolved before having a functional persistent public shares storage
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the time being I'm running with an in-memory map for the lack of decision here. This should NOT be adopted in production, but as a proof of concept does the job on checking Basic
credentials with the stored public share grants.
@refs we need to extend the interface to add a password parameter: |
Some test results:
|
|
fix for cross-storage propfind is here: #778 |
I've updated #778 but the propfind is still broken, but in another way |
Use original ref for Depth 1 which works fine. Depth infinity will have its own logic which currently only works within a single storage.
@labkode I think we can merge as it is so this doesn't grow larger, and I'll be addressing the remaining issues in the upcoming weeks :) |
@@ -58,7 +59,10 @@ func (s *service) Close() error { | |||
return nil | |||
} | |||
|
|||
func (s *service) UnprotectedEndpoints() []string { return []string{} } | |||
func (s *service) UnprotectedEndpoints() []string { | |||
// return []string{"/cs3.sharing.link.v1beta1.LinkAPI/GetPublicShareByToken"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think needs to be unprotected
} | ||
|
||
publicShareResponse, err := s.gateway.GetPublicShareByToken( | ||
publicShareResponse, err := driver.GetPublicShare( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was correct, the method is GetPublicShareByToken
What?
displayname
permissions
expiration
password
Other Tasks
Description
The file manager, as per commit
8503ee3
needs an existing file to be used as storage, as the revad process doesn't have write permissions(1).The db file is thread safe, all operations lock a mutex, so goroutines consuming the file are sure to be using an up-to-date version.
Example file contents:
Share contents comparison (link.PublicShare) is achieved by string comparison, rather than reflection (no reflect.DeepEqual) or a comparison interface. This was a design choice meant to be replaced by https://pkg.go.dev/github.com/google/go-cmp/cmp for comparing protobuf struct.
Operations require a small overhead:
1.1 keys are PublicShares OpaqueID
1.2 contents are serialized json (using jsonpb, deprecated and should use ptorojson instead)
v
's data onto a*link.PublicShare
structFrom this point on, a PublicShare struct is available to be used.
Write / Update operations follow the same approach, only an extra step that Marshals the contents of the
*link.PublicShare
onto the file on a new key or overriding an existing one.