Skip to content

Commit

Permalink
Use latest Nextcloud Sessiontoken version that generates independentl…
Browse files Browse the repository at this point in the history
…y external apps key
  • Loading branch information
LoanR committed May 27, 2024
1 parent 2213fd2 commit fbb6b84
Show file tree
Hide file tree
Showing 8 changed files with 18 additions and 17 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ postgres/data/*

nextcloud/html/*
!nextcloud/html/.keep
nextcloud/conf/*

web/logs/*
web/upload/*
Expand Down
6 changes: 3 additions & 3 deletions docker-compose.override.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,6 @@ services:
condition: service_healthy
build:
context: ./nextcloud
env_file:
- ${ENV_FILE_OVERRIDE-web.env} # to get shared NEXTCLOUD_SESSIONTOKEN_KEY
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=postgres
Expand All @@ -62,6 +60,7 @@ services:
- NEXTCLOUD_ALLOW_ORIGIN=http://localhost:5000 # allow local browser to pick nextcloud files
volumes:
- ./nextcloud/html:/var/www/html
- ./nextcloud/conf:/var/www/conf # to share Nextcloud Sessiontoken generated key file
ports:
- 80:80
healthcheck:
Expand All @@ -75,11 +74,12 @@ services:
nextcloud:
condition: service_healthy
env_file:
- ${ENV_FILE_OVERRIDE-web.env} # to get shared NC_LOGIN_API_KEY and NEXTCLOUD_SESSIONTOKEN_KEY
- ${ENV_FILE_OVERRIDE-web.env} # to get shared NC_LOGIN_API_KEY
environment:
- NC_HOST=http://nextcloud # nextcloud service in docker network
volumes:
- ./tokenmock:/var/www/html
- ./nextcloud/conf:/var/www/conf # to get shared Nextcloud Sessiontoken generated key
ports:
- 9000:80

Expand Down
5 changes: 3 additions & 2 deletions documentation/developers/meetingFiles.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,11 @@ Pour vérifier que la communication entre chacun des conteneurs fonctionne corre

#### Vérifier que Nextcloud renvoie des autorisations

- Le plugin [Nextcloud Sessiontoken](https://gitlab.octopuce.fr/octopuce-public/nextcloud-sessiontoken) génère une clé au lancement du service Nextcloud trouvable dans `/nextcloud/conf/key.txt`
- se connecter sur le service `tokenmock` avec `docker exec -it id /bin/bash`
- faire un appel vers le service Nextcloud en passant par le session token et en indiquant l'utilisateur concerné (comme le `bbb-visio-user` par exemple) :
- faire un appel vers le service Nextcloud en passant par le session token et en indiquant la clé générée et l'utilisateur concerné (comme le `bbb-visio-user` par exemple) :
```
curl -X POST $NC_HOST/apps/sessiontoken/token -d "apikey=$NEXTCLOUD_SESSIONTOKEN_KEY&user=relevant-b3desk-username&name=device_name"
curl -X POST $NC_HOST/apps/sessiontoken/token -d "apikey=[nextcloud-sessiontoken-generated-key]&user=relevant-b3desk-username&name=device_name"
```
- le conteneur Nextcloud devrait répondre :
```
Expand Down
11 changes: 5 additions & 6 deletions nextcloud/apache2-sessiontoken
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,14 @@

# deploy the sessiontoken app:
git clone https://gitlab.octopuce.fr/octopuce-public/nextcloud-sessiontoken.git /var/www/html/apps/sessiontoken
cd /var/www/html/apps/sessiontoken
git config --global --add safe.directory '*'
git checkout 7cf4ff5eea1f16820aa20c3995c3a663e74a9eb7
cd /var/www/html
chown -R www-data: /var/www/html/apps/sessiontoken
#
## install the sessiontoken key in /var/www/html/config/config.php
HASH=$(php /var/www/html/apps/sessiontoken/hash-apikey.php "$NEXTCLOUD_SESSIONTOKEN_KEY")
sed -i "/'datadirectory'/a 'sessiontoken_apikey_hash' => '$HASH'," /var/www/html/config/config.php
mkdir -p /var/www/conf
php /var/www/html/apps/sessiontoken/hash-apikey.php | tee > /var/www/conf/key.txt
HASH=$(sed -e '8!d' -e 's/^[ ]*//' -e 's/,$//' /var/www/conf/key.txt)
sed -i "/'datadirectory'/a $HASH," /var/www/html/config/config.php
sed -i -e '5!d' -e 's/[\t ]//g' /var/www/conf/key.txt
#
## enable the sessiontoken app
su -p "www-data" -s /bin/sh -c "php occ app:enable sessiontoken"
Expand Down
2 changes: 1 addition & 1 deletion nextcloud/nextcloudcheck.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

#!/bin/bash

NEXTCLOUD_SESSIONTOKEN_KEY=$(cat /var/www/conf/key.txt)
status_code=$(curl -X POST localhost/apps/sessiontoken/token --silent --output /dev/null -d "apikey=$NEXTCLOUD_SESSIONTOKEN_KEY&user=bbb-visio-user&name=app" --write-out %{http_code})

if [[ "$status_code" -ne 200 ]] ; then
Expand Down
5 changes: 3 additions & 2 deletions tokenmock/config.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
<?php
$NEXTCLOUD_SESSIONTOKEN_KEY = trim(file_get_contents('../conf/key.txt'), "\r\n");
return array(
'API_KEY' => $_ENV['NC_LOGIN_API_KEY'],
'NC_LOGIN_API_KEY' => $_ENV['NC_LOGIN_API_KEY'],
'NC_HOST' => $_ENV['NC_HOST'],
'NEXTCLOUD_SESSIONTOKEN_KEY' => $_ENV['NEXTCLOUD_SESSIONTOKEN_KEY'],
'NEXTCLOUD_SESSIONTOKEN_KEY' => $NEXTCLOUD_SESSIONTOKEN_KEY,
);
?>
4 changes: 2 additions & 2 deletions tokenmock/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@

$config=include('./config.php');

$API_KEY=$config['API_KEY'];
$NC_LOGIN_API_KEY=$config['NC_LOGIN_API_KEY'];
$NEXTCLOUD_SESSIONTOKEN_ENDPOINT=$config['NC_HOST'].'/apps/sessiontoken/token';
$NEXTCLOUD_SESSIONTOKEN_KEY=$config['NEXTCLOUD_SESSIONTOKEN_KEY'];

$data = json_decode(file_get_contents('php://input'), true);

$LOGIN=$data['username'];

if (isset($_SERVER["HTTP_X_API_KEY"]) && $_SERVER["HTTP_X_API_KEY"]==$API_KEY) {
if (isset($_SERVER["HTTP_X_API_KEY"]) && $_SERVER["HTTP_X_API_KEY"]==$NC_LOGIN_API_KEY) {
header("Content-Type: application/json");


Expand Down
1 change: 0 additions & 1 deletion web.env.example
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,6 @@ UPLOAD_DIR=/tmp/b3desk/ # used by dropzone to upload files
FORCE_HTTPS_ON_EXTERNAL_URLS=off
NC_LOGIN_API_URL=http://tokenmock:80/index.php # nextcloud token provider endpoint (currently pointing toward related service in docker network)
NC_LOGIN_API_KEY=MY-TOTALLY-COOL-API-KEY # SHARED between web and tokenmock services as nextcloud credentials
NEXTCLOUD_SESSIONTOKEN_KEY=megatokengeneratedatleast64long # SHARED between nextcloud (sessiontoken app) and tokenmock services
REDIS_URL=broker:6379 # SHARED between worker and web services, used for background file management (currently pointing toward related service in docker network)

# Feature flags
Expand Down

0 comments on commit fbb6b84

Please sign in to comment.