✨ Webdav connector to the Twake Drive #643
Conversation
…the stream immediately before it's being written
rumata-feathers
requested review from
MontaGhanmy,
shepilov and
ericlinagora
and removed request for
MontaGhanmy and
shepilov
| @Column("timeout", "number") | ||
| timeout: number; |
There was a problem hiding this comment.
A duration without unit? at least in a comment...
| @Column("id", "string") | ||
| @Column("id", "uuid", { generator: "uuid" }) |
There was a problem hiding this comment.
How do we migrate existing data?
Is changing type of a column allowed on a production system?
There was a problem hiding this comment.
this, the special ORM doesn't do I think... but that table should be empty for the moment, this is the first actual use, we'll have to remember to test this before deploy
| @Column("password", "string", { generator: "uuid" }) | ||
| password: string; |
There was a problem hiding this comment.
Is this random enough? For such a sensible use case I would make sure I use cryptography grade random with enough entropy.
Also: does it make sense to store a password in clear? What's the impact if it gets read?
If it is stored only for validation later shouldn't we use bcrypt and friends?
There was a problem hiding this comment.
I think we might need a clear text to support digest authentication (if realm is configurable).
The UUID should have enough entropy for crypto https://github.com/uuidjs/uuid
There was a problem hiding this comment.
@rumata-feathers, could you please take a look at how password is encoded in the "user" entity, and do the same with the same salt and the same passwordEncode component
| export const adapterServiceReady = initializeAdapterService(); | ||
|
|
||
| export const getDriveExecutionContext = (url: URL): DriveExecutionContext => ({ | ||
| //TODO[ASH] username will be actually a device, and we will need to get real user by device |
There was a problem hiding this comment.
Partial review.
Disclaimer: I do not know tdrive, I do not know dav.
Feel free to discard comments if irrelevant.
Also: no tests? I see complex logic all across the place and many way things can go bust. It would be invaluable to invest in HTTP layer tests exercising this brand new DAV extension.
(from my experience standards needs extensive tests)
| @@ -116,7 +116,7 @@ export default class WebServerService extends TdriveService<WebServerAPI> implem | |||
| }, | |||
| }); | |||
| this.server.register(formbody); | |||
| this.server.register(corsPlugin, this.configuration.get<FastifyCorsOptions>("cors", {})); | |||
| // this.server.register(corsPlugin, this.configuration.get<FastifyCorsOptions>("cors", {})); | |||
There was a problem hiding this comment.
Am I reading this right ? Does this disable CORS site-wide ????
There was a problem hiding this comment.
yes, it should be reconfigured only for the webdav uri
There was a problem hiding this comment.
i'm surprised webdav clients care at all about CORS
There was a problem hiding this comment.
I had similar issues with JMAP
- CORS do not makes sense for JMAP so native JMAP clients ignores them
- But web based JMAP clients are bound to browser safety limitations hence CORS...
There was a problem hiding this comment.
That makes sense, but still I'd prefer if native clients indeed ignore to keep them everywhere, and if/when we do have a browser client to support, and if it is a problem, then we look into removing them for that
| @@ -118,6 +119,9 @@ export class DriveFile { | |||
| @Type(() => String) | |||
| @Column("scope", "string") | |||
| scope: DriveScope; | |||
|
|
|||
| @Column("locks", "encoded_json") | |||
| locks: DriveLock[]; | |||
There was a problem hiding this comment.
If DriveLocks are stored in that json field, why create the entity and db table and all that ?
| @@ -1317,4 +1328,157 @@ export class DocumentsService { | |||
| throw new CrudException(`Not enough space: ${size}, ${leftQuota}.`, 403); | |||
| } | |||
| }; | |||
|
|
|||
| /** | |||
| * Returns the file | |||
There was a problem hiding this comment.
I dont think this kind of documentation really adds anything ("returns the file" it's not hard to see the return type). However it would be nice, also eg on exported things like DriveLock
| }; | ||
|
|
||
| /** | ||
| * Copies item to destination |
| this.logger.error({ error: `${error}` }, "Failed to grant access to the drive item"); | ||
| throw new CrudException("User does not have access to this item or its children", 401); | ||
| } | ||
| return Promise.resolve(driveFile); |
There was a problem hiding this comment.
No need for Promise.resolve in an async function
| ): Promise<void> => { | ||
| assert(id != null, "Cannot copy null"); | ||
| const item = await this.get(id, context); | ||
| assert(item.item.parent_id != null, "Cannot copy root"); |
There was a problem hiding this comment.
what if id is not found ? How do you return say a 404 ? What about the asserts, shouldn't a lot of them be 400/401 type errors ?
| reply.send({ message: "Test route" }); | ||
| }); | ||
| fastify.all("webdav", (request, reply) => { | ||
| reply.send({ message: "Test route" }); |
| fastify.all("webdav", (request, reply) => { | ||
| reply.send({ message: "Test route" }); | ||
| }); | ||
| console.debug(fastify.printRoutes()); |
|
|
||
| return routes; | ||
| } | ||
| export const routes = eval("import('nephele').then(builder)"); |
There was a problem hiding this comment.
I'd really prefer if we did this horrible eval hack in a single place and exported what we need from there, and documented the raison-d'etre
tdrive/backend/node/tsconfig.json
Outdated
| @@ -16,7 +16,7 @@ | |||
| "src/types/*" | |||
| ], | |||
| "src/*": ["src/*"] | |||
| } | |||
| }, | |||
There was a problem hiding this comment.
technically that's not valid json, seems benign, but also, why in this pr ?
ericlinagora
force-pushed
the
webdav-express
branch
from
cbe6bf0
to
a09fea8
Compare
ericlinagora
force-pushed
the
webdav-express
branch
from
a09fea8
to
06749f6
Compare
| @@ -76,14 +75,6 @@ async function builder(nephele: any) { | |||
| }); | |||
| fastify.use(`${webdavUrl}`, webdavMiddleware); | |||
| }); | |||
| fastify.all("webdav/*", (request, reply) => { | |||
There was a problem hiding this comment.
apparently this chunk is vital, without it, we get 404s only in the webdav stuff....
ericlinagora
force-pushed
the
webdav-express
branch
from
c7b35d9
to
41b8472
Compare
| @@ -62,7 +62,7 @@ jobs: | |||
| - name: e2e-mongo-s3-test | |||
| run: | | |||
| cd tdrive | |||
| docker compose -f docker-compose.tests.yml run --rm -e NODE_OPTIONS=--unhandled-rejections=warn -e SEARCH_DRIVER=mongodb -e DB_DRIVER=mongodb -e PUBSUB_TYPE=local node npm run test:all | |||
| docker compose -f docker-compose.tests.yml run --rm -e "NODE_OPTIONS=--unhandled-rejections=warn --experimental-vm-modules" -e SEARCH_DRIVER=mongodb -e DB_DRIVER=mongodb -e PUBSUB_TYPE=local node npm run test:all | |||
There was a problem hiding this comment.
Still needed after the eval evil hack ?
WebDAV implementation
Description
This is implementation the WebDAV protocol for our application using the nephele library.
Key components of this implementation include:
Related Issue
#573
Motivation and Context
WebDAV protocol is needed for desktop synchronisation
How Has This Been Tested?
Testing environment:
Types of changes
Checklist: