Merge pull request #859 from owncloud/refactor-middlewares

reduce middleware complexity

ocis/tests/acceptance/expected-failures-on-OCIS-storage.txt

@@ -684,11 +684,6 @@ apiSharePublicLink2/uploadToPublicLinkShare.feature:103
 apiSharePublicLink2/uploadToPublicLinkShare.feature:121
 apiSharePublicLink2/uploadToPublicLinkShare.feature:139
 #
-# https://github.com/owncloud/ocis/issues/801 deleting a folder should delete share links to it as well
-#
-apiSharePublicLink2/uploadToPublicLinkShare.feature:48
-apiSharePublicLink2/uploadToPublicLinkShare.feature:49
-#
 # https://github.com/owncloud/ocis-reva/issues/286 Upload-only shares must not overwrite but create a separate file
 #
 apiSharePublicLink2/uploadToPublicLinkShare.feature:23

ocis/tests/acceptance/expected-failures-on-OWNCLOUD-storage.txt

@@ -651,11 +651,6 @@ apiSharePublicLink2/uploadToPublicLinkShare.feature:103
 apiSharePublicLink2/uploadToPublicLinkShare.feature:121
 apiSharePublicLink2/uploadToPublicLinkShare.feature:139
 #
-# https://github.com/owncloud/ocis/issues/801 deleting a folder should delete share links to it as well
-#
-apiSharePublicLink2/uploadToPublicLinkShare.feature:48
-apiSharePublicLink2/uploadToPublicLinkShare.feature:49
-#
 # https://github.com/owncloud/ocis-reva/issues/286 Upload-only shares must not overwrite but create a separate file
 #
 apiSharePublicLink2/uploadToPublicLinkShare.feature:23

ocis/tests/acceptance/features/apiOcisSpecific/apiSharePublicLink2-uploadToPublicLinkShare.feature

@@ -15,19 +15,3 @@ Feature: upload to a public link share
     When user "Alice" deletes file "/FOLDER" using the WebDAV API
     And the public uploads file "does-not-matter.txt" with content "does not matter" using the new public WebDAV API
     Then the HTTP status code should be "500"
-
-  @issue-ocis-801
-  # after fixing all issues delete this Scenario and use the one from oC10 core
-  Scenario Outline: Uploading file to a public upload-only share using old public API that was deleted does not work
-    Given using <dav-path> DAV path
-    And user "Alice" has created a public link share with settings
-      | path        | FOLDER |
-      | permissions | create |
-    When user "Alice" deletes file "/FOLDER" using the WebDAV API
-    Then uploading a file should not work using the old public WebDAV API
-    And the HTTP status code should be "401"
-
-    Examples:
-      | dav-path |
-      | old      |
-      | new      |

proxy/go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/cs3org/go-cs3apis v0.0.0-20201007120910-416ed6cf8b00
 	github.com/cs3org/reva v1.3.1-0.20201023144216-cdb3d6688da5
+	github.com/google/uuid v1.1.2
 	github.com/justinas/alice v1.2.0
 	github.com/micro/cli/v2 v2.1.2
 	github.com/micro/go-micro/v2 v2.9.1

proxy/pkg/command/server.go

@@ -15,13 +15,12 @@ import (
 	"github.com/coreos/go-oidc"
 	"github.com/justinas/alice"
 	"github.com/micro/cli/v2"
-	"github.com/micro/go-micro/v2/client/grpc"
+	"github.com/owncloud/ocis/ocis-pkg/service/grpc"
 	"github.com/oklog/run"
 	openzipkin "github.com/openzipkin/zipkin-go"
 	zipkinhttp "github.com/openzipkin/zipkin-go/reporter/http"
 	acc "github.com/owncloud/ocis/accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis/ocis-pkg/log"
-	ogrpc "github.com/owncloud/ocis/ocis-pkg/service/grpc"
 	"github.com/owncloud/ocis/proxy/pkg/config"
 	"github.com/owncloud/ocis/proxy/pkg/cs3"
 	"github.com/owncloud/ocis/proxy/pkg/flagset"
@@ -247,73 +246,67 @@ func Server(cfg *config.Config) *cli.Command {
 }
 
 func loadMiddlewares(ctx context.Context, l log.Logger, cfg *config.Config) alice.Chain {
-
-	psMW := middleware.PresignedURL(
-		middleware.Logger(l),
-		middleware.Store(storepb.NewStoreService("com.owncloud.api.store", grpc.NewClient())),
-		middleware.PreSignedURLConfig(cfg.PreSignedURL),
-	)
-
-	accounts := acc.NewAccountsService("com.owncloud.api.accounts", ogrpc.DefaultClient)
-	roles := settings.NewRoleService("com.owncloud.api.settings", ogrpc.DefaultClient)
-
-	uuidMW := middleware.AccountUUID(
-		middleware.Logger(l),
-		middleware.TokenManagerConfig(cfg.TokenManager),
-		middleware.AccountsClient(accounts),
-		middleware.SettingsRoleService(roles),
-		middleware.AutoprovisionAccounts(cfg.AutoprovisionAccounts),
-		middleware.EnableBasicAuth(cfg.EnableBasicAuth),
-		middleware.OIDCIss(cfg.OIDC.Issuer),
-	)
-
-	// the connection will be established in a non blocking fashion
-	sc, err := cs3.GetGatewayServiceClient(cfg.Reva.Address)
+	accountsClient := acc.NewAccountsService("com.owncloud.api.accounts", grpc.DefaultClient)
+	rolesClient := settings.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient)
+	storeClient := storepb.NewStoreService("com.owncloud.api.store", grpc.DefaultClient)
+	revaClient, err := cs3.GetGatewayServiceClient(cfg.Reva.Address)
 	if err != nil {
 		l.Error().Err(err).
 			Str("gateway", cfg.Reva.Address).
 			Msg("Failed to create reva gateway service client")
 	}
 
-	chMW := middleware.CreateHome(
-		middleware.Logger(l),
-		middleware.RevaGatewayClient(sc),
-		middleware.AccountsClient(accounts),
-		middleware.TokenManagerConfig(cfg.TokenManager),
-	)
-
-	if cfg.OIDC.Issuer != "" {
-		l.Info().Msg("loading OIDC middleware")
-		l.Debug().Interface("oidc_config", cfg.OIDC).Msg("OIDC-Config")
-
-		var oidcHTTPClient = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: cfg.OIDC.Insecure,
-				},
-				DisableKeepAlives: true,
+	var oidcHTTPClient = &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: cfg.OIDC.Insecure,
 			},
-			Timeout: time.Second * 10,
-		}
-
-		customCtx := context.WithValue(ctx, oauth2.HTTPClient, oidcHTTPClient)
-
-		// Initialize a provider by specifying the issuer URL.
-		// it will fetch the keys from the issuer using the .well-known
-		// endpoint
-		provider := func() (middleware.OIDCProvider, error) {
-			return oidc.NewProvider(customCtx, cfg.OIDC.Issuer)
-		}
+			DisableKeepAlives: true,
+		},
+		Timeout: time.Second * 10,
+	}
 
-		oidcMW := middleware.OpenIDConnect(
+	return alice.New(
+		middleware.HTTPSRedirect,
+		middleware.OIDCAuth(
 			middleware.Logger(l),
+			middleware.OIDCProviderFunc(func() (middleware.OIDCProvider, error) {
+				// Initialize a provider by specifying the issuer URL.
+				// it will fetch the keys from the issuer using the .well-known
+				// endpoint
+				return oidc.NewProvider(
+					context.WithValue(ctx, oauth2.HTTPClient, oidcHTTPClient),
+					cfg.OIDC.Issuer,
+				)
+			}),
 			middleware.HTTPClient(oidcHTTPClient),
-			middleware.OIDCProviderFunc(provider),
 			middleware.OIDCIss(cfg.OIDC.Issuer),
-		)
-
-		return alice.New(middleware.RedirectToHTTPS, oidcMW, psMW, uuidMW, chMW)
-	}
-
-	return alice.New(middleware.RedirectToHTTPS, psMW, uuidMW, chMW)
+		),
+		middleware.BasicAuth(
+			middleware.Logger(l),
+			middleware.EnableBasicAuth(cfg.EnableBasicAuth),
+			middleware.AccountsClient(accountsClient),
+			middleware.OIDCIss(cfg.OIDC.Issuer),
+		),
+		middleware.SignedURLAuth(
+			middleware.Logger(l),
+			middleware.PreSignedURLConfig(cfg.PreSignedURL),
+			middleware.AccountsClient(accountsClient),
+			middleware.Store(storeClient),
+		),
+		middleware.AccountResolver(
+			middleware.Logger(l),
+			middleware.AccountsClient(accountsClient),
+			middleware.OIDCIss(cfg.OIDC.Issuer),
+			middleware.TokenManagerConfig(cfg.TokenManager),
+			middleware.AutoprovisionAccounts(cfg.AutoprovisionAccounts),
+			middleware.SettingsRoleService(rolesClient),
+		),
+		middleware.CreateHome(
+			middleware.Logger(l),
+			middleware.AccountsClient(accountsClient),
+			middleware.TokenManagerConfig(cfg.TokenManager),
+			middleware.RevaGatewayClient(revaClient),
+		),
+	)
 }