From 076a0abe5d2d77bd608c2b625168840eb074c8d4 Mon Sep 17 00:00:00 2001 From: chenkins Date: Wed, 13 Sep 2023 00:00:27 +0200 Subject: [PATCH] Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). --- backend/CIPHERDUCK.md | 12 ++-- .../cryptomator/hub/api/ConfigResource.java | 41 ++++++------ .../hub/api/cipherduck/VaultJWEBackend.java | 67 ++++++++++++------- .../resources/cipherduck/hubbookmark.duck | 2 +- frontend/src/components/CreateVaultS3.vue | 3 + 5 files changed, 71 insertions(+), 54 deletions(-) diff --git a/backend/CIPHERDUCK.md b/backend/CIPHERDUCK.md index da8beaaf5..213164501 100644 --- a/backend/CIPHERDUCK.md +++ b/backend/CIPHERDUCK.md @@ -23,15 +23,14 @@ backends.backends[0].bucket-prefix=cipherduck backends.backends[0].s3-type=minio backends.backends[0].admin-access-key-id=minioadmin backends.backends[0].admin-secret-key=minioadmin -backends.backends[0].jwe.protocol=s3 -backends.backends[0].jwe.vendor=s3-sts -backends.backends[0].jwe.scheme=http +backends.backends[0].jwe.protocol=s3-sts backends.backends[0].jwe.hostname=minio backends.backends[0].jwe.port=9000 +backends.backends[0].jwe.scheme=http backends.backends[0].jwe.sts-endpoint=http://minio:9000 backends.backends[0].jwe.oauth-redirect-url=x-cipherduck-action:oauth -backends.backends[1].jwe.oauth-authorization-url=https://login1.staging.cryptomator.cloud/realms/cipherduck/protocol/openid-connect/auth -backends.backends[1].jwe.oauth-token-url=https://login1.staging.cryptomator.cloud/realms/cipherduck/protocol/openid-connect/token +backends.backends[0].jwe.oauth-authorization-url=http://localhost:8180/realms/cryptomator/protocol/openid-connect/auth +backends.backends[0].jwe.oauth-token-url=http://localhost:8180/realms/cryptomator/protocol/openid-connect/token backends.backends[0].jwe.oauth-client-id=cryptomator backends.backends[0].jwe.authorization=AuthorizationCode ``` @@ -73,8 +72,7 @@ backends.backends[1].admin-secret-key=XXXX backends.backends[1].oidc-provider=arn:aws:iam::XXXX:oidc-provider/login1.staging.cryptomator.cloud/realms/cipherduck backends.backends[1].sts-role-arn-prefix=arn:aws:iam::XXXX:role/ backends.backends[1].region=eu-central-1 -backends.backends[1].jwe.protocol=s3 -backends.backends[1].jwe.vendor=s3-sts +backends.backends[1].jwe.protocol=s3-sts backends.backends[1].jwe.oauth-redirect-url=x-cipherduck-action:oauth backends.backends[1].jwe.oauth-authorization-url=https://login1.staging.cryptomator.cloud/realms/cipherduck/protocol/openid-connect/auth backends.backends[1].jwe.oauth-token-url=https://login1.staging.cryptomator.cloud/realms/cipherduck/protocol/openid-connect/token diff --git a/backend/src/main/java/org/cryptomator/hub/api/ConfigResource.java b/backend/src/main/java/org/cryptomator/hub/api/ConfigResource.java index 61673440e..948968377 100644 --- a/backend/src/main/java/org/cryptomator/hub/api/ConfigResource.java +++ b/backend/src/main/java/org/cryptomator/hub/api/ConfigResource.java @@ -58,26 +58,27 @@ public ConfigDto getConfig() { return new ConfigDto(keycloakPublicUrl, keycloakRealm, keycloakClientIdHub, keycloakClientIdCryptomator, authUri, tokenUri, Instant.now().truncatedTo(ChronoUnit.MILLIS), 1); } - // / start cipherduck extension - @PermitAll - @GET - @Path("/cipherduckhubbookmark") - @Produces(MediaType.APPLICATION_XML) - @Operation(summary = "get cipherduck bookmark for this hub") - public String cipherduckhubbookmark(@Context UriInfo uriInfo) throws IOException { - final URI requestUri = uriInfo.getRequestUri(); - String template = new String(ConfigResource.class.getResourceAsStream("/cipherduck/hubbookmark.duck").readAllBytes()); - // nickname - template = template.replace("Cipherduck", String.format("Cipherduck (%s://%s:%s)", requestUri.getScheme(), requestUri.getHost(), requestUri.getPort())); - // scheme - template = template.replace("hub-http", String.format("hub-%s", requestUri.getScheme())); - // hostname - template = template.replace("localhost", String.format("%s", requestUri.getHost())); - // port - template = template.replace("8080", String.format("%s", requestUri.getPort())); - // UUID - template = template.replace("c36acf24-e331-4919-9f19-ff52a08e7885", String.format("%s", Settings.get().hubId)); - return template; + // / start cipherduck extension + @PermitAll + @GET + @Path("/cipherduckhubbookmark") + @Produces(MediaType.APPLICATION_XML) + @Operation(summary = "get cipherduck bookmark for this hub") + public String cipherduckhubbookmark(@Context UriInfo uriInfo) throws IOException { + final URI requestUri = uriInfo.getRequestUri(); + String template = new String(ConfigResource.class.getResourceAsStream("/cipherduck/hubbookmark.duck").readAllBytes()); + String hubUrl = String.format("%s://%s:%s", requestUri.getScheme(), requestUri.getHost(), requestUri.getPort()); + // nickname + template = template.replace("Cipherduck", String.format("Cipherduck (%s)", hubUrl)); + // hostname + template = template.replace("localhost", String.format("%s", requestUri.getHost())); + // port + template = template.replace("8080", String.format("%s", requestUri.getPort())); + // UUID + template = template.replace("c36acf24-e331-4919-9f19-ff52a08e7885", String.format("%s", Settings.get().hubId)); + // scheme + template = template.replace("provider", String.format("hub-%s", requestUri.getScheme())); + return template; } // \ end cipherduck extension diff --git a/backend/src/main/java/org/cryptomator/hub/api/cipherduck/VaultJWEBackend.java b/backend/src/main/java/org/cryptomator/hub/api/cipherduck/VaultJWEBackend.java index 52537f61b..7d9e7adb1 100644 --- a/backend/src/main/java/org/cryptomator/hub/api/cipherduck/VaultJWEBackend.java +++ b/backend/src/main/java/org/cryptomator/hub/api/cipherduck/VaultJWEBackend.java @@ -5,43 +5,22 @@ import java.util.Optional; public interface VaultJWEBackend { - @JsonProperty("protocol") - String protocol(); - - @JsonProperty("vendor") - Optional vendor(); - @JsonProperty("hostname") - Optional hostname(); - @JsonProperty("scheme") - Optional scheme(); - - @JsonProperty("port") - Optional port(); - - // TODO https://github.com/chenkins/cipherduck-hub/issues/3 for permanent credentials? - // @JsonProperty("username") - // String username(); - // - // @JsonProperty("password") - // String password(); + // TODO https://github.com/chenkins/cipherduck-hub/issues/4 how generic do we need - which can we put into protocols? + // (1) storage-specific for protocol @JsonProperty("region") Optional region(); @JsonProperty("stsEndpoint") Optional stsEndpoint(); - @JsonProperty("stsRoleArn") - Optional stsRoleArn(); - - @JsonProperty("stsDurationSeconds") - Optional stsDurationSeconds(); + @JsonProperty("scheme") + Optional scheme(); - @JsonProperty("authorization") - Optional authorization(); + // (2) hub-specific for protocol @JsonProperty("oAuthAuthorizationUrl") Optional oauthAuthorizationUrl(); @@ -51,6 +30,12 @@ public interface VaultJWEBackend { @JsonProperty("oAuthClientId") Optional oauthClientId(); + + // (3) hub-independent for protocol + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 we don't need them here. + @JsonProperty("authorization") + Optional authorization(); + @JsonProperty("oAuthRedirectUrl") Optional oauthRedirectUrl(); @@ -62,4 +47,34 @@ public interface VaultJWEBackend { @JsonProperty("tokenConfigurable") Optional tokenConfigurable(); + + + // (4) for bookmark + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 add defaultPath, add UUID? = bucketName + + @JsonProperty("protocol") + String protocol(); + + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 how do we use vendor - if we can inject (1) and (2) on the fly, we can use separate Protocol/Vendor + @JsonProperty("vendor") + Optional vendor(); + + @JsonProperty("hostname") + Optional hostname(); + + @JsonProperty("port") + Optional port(); + + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 for permanent credentials? + // @JsonProperty("username") + // String username(); + // + // @JsonProperty("password") + // String password(); + + @JsonProperty("stsRoleArn") + Optional stsRoleArn(); + + @JsonProperty("stsDurationSeconds") + Optional stsDurationSeconds(); } diff --git a/backend/src/main/resources/cipherduck/hubbookmark.duck b/backend/src/main/resources/cipherduck/hubbookmark.duck index e88c1ff91..0d837765e 100644 --- a/backend/src/main/resources/cipherduck/hubbookmark.duck +++ b/backend/src/main/resources/cipherduck/hubbookmark.duck @@ -7,7 +7,7 @@ Protocol hub Provider - hub-http + provider Nickname Cipherduck Hostname diff --git a/frontend/src/components/CreateVaultS3.vue b/frontend/src/components/CreateVaultS3.vue index 9ecb96606..e306bf0a4 100644 --- a/frontend/src/components/CreateVaultS3.vue +++ b/frontend/src/components/CreateVaultS3.vue @@ -362,8 +362,11 @@ async function createVault() { const bucketName = config["bucketPrefix"] + vaultId if(config.hasOwnProperty("stsRoleArnPrefix") && config["stsRoleArnPrefix"]){ + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 safe - side-effects? config["jwe"]["stsRoleArn"] = config["stsRoleArnPrefix"] + bucketName } + // TODO https://github.com/chenkins/cipherduck-hub/issues/3 how do we use vendor? + config["jwe"]["vendor"] = config["id"]; // \ end cipherduck extension const ownerJwe = await vaultKeys.value.encryptForUser(base64.parse(owner.publicKey) // / start cipherduck extension