Closed michielbdejong closed 2 years ago
Will add the grpc client into https://github.com/michielbdejong/reva/tree/sciencemesh
rest-to-grpc bridge working now with hard-coded example values. next step: make it get values for the outgoing GRPC request from the incoming REST request
curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"localhost:17000"}' http://einstein:relativity@localhost:19001/ocm/send
Done. Next step: call this from NC
Drafted this in https://github.com/pondersource/nc-sciencemesh/commit/79b3ebad Will try it out in the https://github.com/cs3org/ocm-test-suite/tree/revanc branch of the OCM test suite.
On the OCM test net, the curl command would be:
curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"revanc2.docker"}' https://einstein:relativity@revanc1.docker/ocm/send
See https://github.com/ylebre/nextcloud-shareprovider/commit/9f515b1230255182aa070d9bc073e4d4101eaa82 for @ylebre's changes in the nextcloud server code that are needed to add SHARE_TYPE_SCIENCEMESH.
Next issue:
root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~/ocm-test-suite# docker exec -it revanc1.docker /bin/bash
root@a33373f3e22e:/etc/revad# /reva/cmd/reva/reva -insecure -host localhost:19000
reva-cli v1.7.0-388-g2a6ae909 (rev-2a6ae909)
Please use `exit` or `Ctrl-D` to exit this program.
>> login basic
username: einstein
password: OK
>> ocm-share-list
error: code=CODE_INTERNAL msg="error listing shares" support_trace="00000000000000000000000000000000"
>>
root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~# docker logs revanc1.docker
[...]
2021-11-11 13:30:58.476 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:209 > error listing shares error="Post \"~einstein/api/ocm/ListShares\": unsupported protocol scheme \"\"" pid=7 pkg=rgrpc
{"reqId":"zdBgjIXGWw3bJkXL4WAB","level":3,"time":"2021-11-11T14:58:30+00:00","remoteAddr":"172.18.0.4","user":"einstein","app":"PHP","method":"DELETE","url":"/ocs/v2.php/apps/files_sharing/api/v1/shares/1","message":"Undefined property: OCA\\ScienceMesh\\ShareProvider\\ScienceMeshShareProvider::$SHARE_TYPE_SCIENCEMESH at /var/www/html/apps/sciencemesh/lib/ShareProvider/ScienceMeshShareProvider.php#585
curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"stub2.docker"}' https://einstein:relativity@revanc1.docker/send
it's now looping back nc1 -> revanc1 -> nc1.
a call to https://einstein:relativity@revanc1.docker/send should cause https://einstein:relativity@revanc2.docker/ocm/shares or https://einstein:relativity@stub2.docker/ocm/shares but not https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare
Hm, or maybe it should to both
curl -i -d'{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare
[...]
{"message":"Missing arguments"}
Fixed with Content-Type header. Next error:
curl -i -H 'Content-Type: application/json' -d'{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare
HTTP/1.1 400 Bad request
[...]
{"message":"Internal error at https:\/\/nc1.docker"}
Moved this to https://github.com/pondersource/nc-sciencemesh/issues/133 for someone else to pick up from https://github.com/orgs/pondersource/projects/1/views/1?layout=board&filterQuery=todo
Will continue here to test the forward route, temporarily commenting out the call to nc1 addShare
Code path in revanc1:
I created pkg/ocm/share/sender so that the nextcloud-based ocm share manager can use the same code as the json-based one there. Now testing the curl command to https://revanc1.docker/send again.
2021-11-15 12:48:13.548 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="json: error sending post request: Post \"http://127.0.0.1:17001/ocm/shares\": dial tcp 127.0.0.1:17001: connect: connection refused" pid=568 pkg=rgrpc
Next error: In internal/grpc/services/ocmshareprovider/ocmshareprovider#CreateOCMShare! In pkg/ocm/share/manager/nextcloud#Share! 2021-11-15 13:00:07.195 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:165 > am.do https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addReceivedShare {"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}} pid=1121 pkg=rgrpc 2021-11-15 13:00:07.891 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:183 > am.do response 400 {"message":"Internal error at https:\/\/nc1.docker"} pid=1121 pkg=rgrpc
Other than that, it does POST to stub2.docker so that's awesome: root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~/ocm-test-suite# docker logs stub2.docker POST /shares { host: 'stub2.docker', 'user-agent': 'Go-http-client/1.1', 'content-length': '167', 'content-type': 'application/json; param=value', 'x-b3-sampled': '0', 'x-b3-spanid': 'ecd5f6131d4d3af7', 'x-b3-traceid': 'b06ea5e34babd432d145146ecd5b4873', 'accept-encoding': 'gzip' } CHUNK {"meshProvider":"stub2.docker","name":"/home","owner":"marie","protocol":"webdav","providerId":"00000000-0000-0000-0000-000000000000:fileid-/home","shareWith":"marie"} not recognized
Also directly:
curl -H 'Content-Type: application/json' -d '{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addReceivedShare
{"message":"Internal error at https:\/\/nc1.docker"}
root@31398eb023e8:/var/www/html/apps/sciencemesh# tail -f /var/log/apache2/error.log
[Mon Nov 15 13:06:37.827421 2021] [php7:notice] [pid 41] [client 172.18.0.3:46114] {"xdebug_message":"
[Mon Nov 15 13:08:51.219252 2021] [php7:notice] [pid 13] [client 172.18.0.3:46128] splitting user remote: @cern.ch
-> created https://github.com/pondersource/nc-sciencemesh/issues/134 about this.
so apart from that, curl->revanc->stub seems to work, mostly. next step: curl->revanc->revanc
2021-11-15 13:29:46.929 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="json: error sending create ocm core share post request: 401 Unauthorized: {\n \"code\": \"UNAUTHENTICATED\",\n \"message\": \"provider not authorized\"\n}" pid=1121 pkg=rgrpc
and on revanc2: 2021-11-15 13:29:46.927 ERR ../../reva/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go:125 > error verifying mesh provider error="error: not found: revanc2.docker" pid=597 pkg=rgrpc 2021-11-15 13:29:46.927 DBG ../../reva/internal/grpc/interceptors/log/log.go:69 > unary code=OK end="15/Nov/2021:13:29:46 +0000" from=tcp://127.0.0.1:60360 pid=597 pkg=rgrpc start="15/Nov/2021:13:29:46 +0000" time_ns=341215 uri=/cs3.ocm.provider.v1beta1.ProviderAPI/IsProviderAllowed user-agent=grpc-go/1.26.0 2021-11-15 13:29:46.928 DBG ../../reva/internal/grpc/interceptors/log/log.go:69 > unary code=OK end="15/Nov/2021:13:29:46 +0000" from=tcp://127.0.0.1:60350 pid=597 pkg=rgrpc start="15/Nov/2021:13:29:46 +0000" time_ns=2016604 uri=/cs3.gateway.v1beta1.GatewayAPI/IsProviderAllowed user-agent=grpc-go/1.26.0 2021-11-15 13:29:46.928 ERR ../../reva/internal/http/services/ocmd/reqres.go:62 > provider not authorized error="error verifying mesh provider" pid=597 pkg=rhttp
revanc2 as the receiving mesh provider should not be trying to verify revanc2 itself, it should be looking for revanc1 which is the sending mesh provider
should be fixed by editing providers.demo.json in the revanc branch of ocm-test-suite next: 2021-11-15 13:34:48.687 ERR ../../reva/internal/grpc/services/userprovider/userprovider.go:133 > error getting user error="userprovidersvc: error getting user: nextcloud storage driver: error getting user from ctx: error: user required: " pid=611 pkg=rgrpc
docker run --rm -it --network=testnet --name=revanc2.docker -e HOST=revanc2 revad /bin/bash
->
cd /reva ; git checkout sciencemesh ; git pull ; export PATH=$PATH:/usr/local/go/bin ; go mod vendor ; make build-revad ; cd /etc/revad ; echo "127.0.0.1 $HOST.docker" >> /etc/hosts ; /reva/cmd/revad/revad -c /etc/revad/$HOST.toml
docker exec -it nc1.docker /bin/bash
->
mkdir -p data/einstein/files/sciencemesh/home
curl -i -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"revanc2.docker"}' https://einstein:relativity@revanc1.docker/send
next error:
2021-11-16 14:44:41.942 DBG ../../reva/internal/grpc/interceptors/auth/auth.go:93 > skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/CreateOCMShare pid=3396 pkg=rgrpc
In internal/grpc/services/ocmshareprovider/ocmshareprovider#CreateOCMShare!
In pkg/ocm/share/manager/nextcloud#Share!
In pkg/ocm/share/manager/nextcloud#Share: outgoing!
2021-11-16 14:44:41.945 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:169 > am.do https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addSentShare {"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"revanc2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}} pid=3396 pkg=rgrpc
2021-11-16 14:44:42.728 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:187 > am.do response 401 {"message":"Current user is not logged in"} pid=3396 pkg=rgrpc
2021-11-16 14:44:42.746 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="sender: error sending create ocm core share post request: 404 Not Found: {\n \"code\": \"RESOURCE_NOT_FOUND\",\n \"message\": \"user not found\"\n}" pid=3396 pkg=rgrpc
-> not sure how to reproduce this 401 response with curl (seeing a 302 to https://nc1.docker/index.php/apps/dashboard/ instead) -> will postpone debugging this until the owner_opaque_id issue is fixed there. -> will instead concentrate on what revanc2 is doing when the /ocm/shares post comes in there
vim internal/http/services/ocmd/shares.go +132 -> user not found. this must be revanc2 asking nc2 about marie?
now looking at errors in revanc2: 2021-11-16 15:04:27.319 ERR ../../reva/internal/grpc/services/userprovider/userprovider.go:133 > error getting user error="userprovidersvc: error getting user: nextcloud storage driver: error getting user from ctx: error: user required: " pid=3502 pkg=rgrpc [...] 2021-11-16 15:04:27.32 ERR ../../reva/internal/http/services/ocmd/reqres.go:62 > user not found error="error getting user" pid=3502 pkg=rhttp
it's now hitting webdav token not provided on revanc2
that's now fixed, it's calling its own CreateOCMCoreShare grpc method. then, a nil pointer exception
The problem is that in internal/grpc/services/ocmcore/ocmcore.go line 160 req.ShareWith
is nil
fixed some typos in ocm-test-suite#revanc:servers/revad/revanc2.toml and ended up at https://github.com/pondersource/nc-sciencemesh/issues/148
I skipped the GetUser step until that issue is fixed. Next error: error searching recipient
curl -d'{"md":{"storage_id":"remote","opaque_id":"00000000-0000-0000-0000-000000000000:fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"get_quota":true,"initiate_file_download":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' -X POST https://marie:radioactivity@nc2.docker/index.php/apps/sciencemesh/~marie/api/ocm/addReceivedShare
{"message":"Missing arguments"}
It now works if you POST with:
curl -d'{"md":{"storage_id":"remote","opaque_id":"00000000-0000-0000-0000-000000000000:fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"opaque_id":"marie","idp":"revanc2.docker"}}},"permissions":{"permissions":{"get_path":true,"get_quota":true,"initiate_file_download":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' -X POST -H'Content-Type:application/json' -i https://marie:radioactivity@nc2.docker/index.php/apps/sciencemesh/~marie/api/ocm/addReceivedShare
Specifically: {"g":{"grantee":{"Id":{"UserId"{"idp":"revanc2.docker"}}}}}
This is with the addReceivedShare-owner_opaque_id
branch on nc2.docker
Finally got a 200 response in the r->r->n \o/ Will now try the full n->r->r->n
See https://github.com/pondersource/nc-sciencemesh/tree/with-nextcloud-sciencemesh-branch and https://github.com/michielbdejong/server/tree/sciencemesh
Current status: when you share from the NC GUI, it lists Marie as a collaborator search result. If you click Marie, it hits this line: https://github.com/pondersource/nc-sciencemesh/blob/with-nextcloud-sciencemesh-branch/lib/Sharing/ShareAPIHelper.php#L37
Next step: add the stand-alone grpc client in a separate Docker container