n->r->r->n Sciencemesh sharing

pondersource / sciencemesh-php

Connect your Nextcloud server to Sciencemesh

MIT License

0 stars 1 forks source link

n->r->r->n Sciencemesh sharing #35

Closed michielbdejong closed 2 years ago

michielbdejong commented 2 years ago

See https://github.com/pondersource/nc-sciencemesh/tree/with-nextcloud-sciencemesh-branch and https://github.com/michielbdejong/server/tree/sciencemesh

Current status: when you share from the NC GUI, it lists Marie as a collaborator search result. If you click Marie, it hits this line: https://github.com/pondersource/nc-sciencemesh/blob/with-nextcloud-sciencemesh-branch/lib/Sharing/ShareAPIHelper.php#L37

Next step: add the stand-alone grpc client in a separate Docker container

michielbdejong commented 2 years ago

Will add the grpc client into https://github.com/michielbdejong/reva/tree/sciencemesh

michielbdejong commented 2 years ago

rest-to-grpc bridge working now with hard-coded example values. next step: make it get values for the outgoing GRPC request from the incoming REST request

michielbdejong commented 2 years ago

curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"localhost:17000"}' http://einstein:relativity@localhost:19001/ocm/send

michielbdejong commented 2 years ago

Done. Next step: call this from NC

michielbdejong commented 2 years ago

Drafted this in https://github.com/pondersource/nc-sciencemesh/commit/79b3ebad Will try it out in the https://github.com/cs3org/ocm-test-suite/tree/revanc branch of the OCM test suite.

michielbdejong commented 2 years ago

On the OCM test net, the curl command would be:

curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"revanc2.docker"}' https://einstein:relativity@revanc1.docker/ocm/send

michielbdejong commented 2 years ago

See https://github.com/ylebre/nextcloud-shareprovider/commit/9f515b1230255182aa070d9bc073e4d4101eaa82 for @ylebre's changes in the nextcloud server code that are needed to add SHARE_TYPE_SCIENCEMESH.

michielbdejong commented 2 years ago

Next issue:

root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~/ocm-test-suite# docker exec -it revanc1.docker /bin/bash
root@a33373f3e22e:/etc/revad# /reva/cmd/reva/reva -insecure -host localhost:19000
reva-cli v1.7.0-388-g2a6ae909 (rev-2a6ae909)
Please use `exit` or `Ctrl-D` to exit this program.
>> login basic
username: einstein
password: OK
>> ocm-share-list
error: code=CODE_INTERNAL msg="error listing shares" support_trace="00000000000000000000000000000000"
>>

root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~# docker logs revanc1.docker
[...]
2021-11-11 13:30:58.476 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:209 > error listing shares error="Post \"~einstein/api/ocm/ListShares\": unsupported protocol scheme \"\"" pid=7 pkg=rgrpc

michielbdejong commented 2 years ago

{"reqId":"zdBgjIXGWw3bJkXL4WAB","level":3,"time":"2021-11-11T14:58:30+00:00","remoteAddr":"172.18.0.4","user":"einstein","app":"PHP","method":"DELETE","url":"/ocs/v2.php/apps/files_sharing/api/v1/shares/1","message":"Undefined property: OCA\\ScienceMesh\\ShareProvider\\ScienceMeshShareProvider::$SHARE_TYPE_SCIENCEMESH at /var/www/html/apps/sciencemesh/lib/ShareProvider/ScienceMeshShareProvider.php#585

michielbdejong commented 2 years ago

curl -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"stub2.docker"}' https://einstein:relativity@revanc1.docker/send

michielbdejong commented 2 years ago

it's now looping back nc1 -> revanc1 -> nc1.

a call to https://einstein:relativity@revanc1.docker/send should cause https://einstein:relativity@revanc2.docker/ocm/shares or https://einstein:relativity@stub2.docker/ocm/shares but not https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare

michielbdejong commented 2 years ago

Hm, or maybe it should to both

michielbdejong commented 2 years ago

curl -i -d'{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare
[...]
{"message":"Missing arguments"}

michielbdejong commented 2 years ago

Fixed with Content-Type header. Next error:

curl -i -H 'Content-Type: application/json' -d'{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addShare 
HTTP/1.1 400 Bad request
[...]
{"message":"Internal error at https:\/\/nc1.docker"}

michielbdejong commented 2 years ago

Moved this to https://github.com/pondersource/nc-sciencemesh/issues/133 for someone else to pick up from https://github.com/orgs/pondersource/projects/1/views/1?layout=board&filterQuery=todo

Will continue here to test the forward route, temporarily commenting out the call to nc1 addShare

michielbdejong commented 2 years ago

Code path in revanc1:

Incoming POST on /ocm/send
internal/http/services/ocmd/send.go
gatewayClient.CreateOCMShare
internal/grpc/service/ocmshareprovider/ocmshareprovider.go func CreateOCMShare line 168
s.sm.Share
pkg/ocm/share/manager/nextcloud/nextcloud.go line 219 func Share
should also call pkg/ocm/share/manager/json/json.go line 198 func Share

michielbdejong commented 2 years ago

I created pkg/ocm/share/sender so that the nextcloud-based ocm share manager can use the same code as the json-based one there. Now testing the curl command to https://revanc1.docker/send again.

michielbdejong commented 2 years ago

2021-11-15 12:48:13.548 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="json: error sending post request: Post \"http://127.0.0.1:17001/ocm/shares\": dial tcp 127.0.0.1:17001: connect: connection refused" pid=568 pkg=rgrpc

michielbdejong commented 2 years ago

Next error: In internal/grpc/services/ocmshareprovider/ocmshareprovider#CreateOCMShare! In pkg/ocm/share/manager/nextcloud#Share! 2021-11-15 13:00:07.195 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:165 > am.do https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addReceivedShare {"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}} pid=1121 pkg=rgrpc 2021-11-15 13:00:07.891 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:183 > am.do response 400 {"message":"Internal error at https:\/\/nc1.docker"} pid=1121 pkg=rgrpc

michielbdejong commented 2 years ago

Other than that, it does POST to stub2.docker so that's awesome: root@ubuntu-s-4vcpu-8gb-amd-ams3-01:~/ocm-test-suite# docker logs stub2.docker POST /shares { host: 'stub2.docker', 'user-agent': 'Go-http-client/1.1', 'content-length': '167', 'content-type': 'application/json; param=value', 'x-b3-sampled': '0', 'x-b3-spanid': 'ecd5f6131d4d3af7', 'x-b3-traceid': 'b06ea5e34babd432d145146ecd5b4873', 'accept-encoding': 'gzip' } CHUNK {"meshProvider":"stub2.docker","name":"/home","owner":"marie","protocol":"webdav","providerId":"00000000-0000-0000-0000-000000000000:fileid-/home","shareWith":"marie"} not recognized

michielbdejong commented 2 years ago

Also directly:

curl -H 'Content-Type: application/json' -d '{"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"stub2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addReceivedShare

{"message":"Internal error at https:\/\/nc1.docker"}

michielbdejong commented 2 years ago

root@31398eb023e8:/var/www/html/apps/sciencemesh# tail -f /var/log/apache2/error.log

[Mon Nov 15 13:06:37.827421 2021] [php7:notice] [pid 41] [client 172.18.0.3:46114] {"xdebug_message":"<th align='left' bgcolor='#f57900' colspan=\"5\">( ! )<\/span> OCP\\HintException: Invalid Federated Cloud ID in \/var\/www\/html\/apps\/federatedfilesharing\/lib\/AddressHandler.php on line 79<\/i><\/th><\/tr>\nCall Stack<\/th><\/tr>\n#<\/th>Time<\/th>Memory<\/th>Function<\/th>Location<\/th><\/tr>\n1<\/td>0.0001<\/td>359360<\/td>{main}( )<\/td>...\/index.php:<\/b>0<\/td><\/tr>\n2<\/td>0.0818<\/td>2738144<\/td>OC::handleRequest( )<\/td>...\/index.php:<\/b>36<\/td><\/tr>\n3<\/td>0.6065<\/td>3772952<\/td>OC\\Route\\Router->match( )<\/td>...\/base.php:<\/b>1006<\/td><\/tr>\n4<\/td>0.6146<\/td>4070232<\/td>OC\\AppFramework\\App::main( )<\/td>...\/Router.php:<\/b>302<\/td><\/tr>\n5<\/td>0.6479<\/td>4312352<\/td>OC\\AppFramework\\Http\\Dispatcher->dispatch( )<\/td>...\/App.php:<\/b>157<\/td><\/tr>\n6<\/td>0.6581<\/td>4315800<\/td>OC\\AppFramework\\Http\\Dispatcher->executeController( )<\/td>...\/Dispatcher.php:<\/b>126<\/td><\/tr>\n7<\/td>0.6582<\/td>4322392<\/td>OCA\\ScienceMesh\\Controller\\RevaController->addReceivedShare( )<\/td>...\/Dispatcher.php:<\/b>217<\/td><\/tr>\n8<\/td>0.6800<\/td>4519424<\/td>OCA\\FederatedFileSharing\\OCM\\CloudFederationProviderFiles->shareReceived( )<\/td>...\/RevaController.php:<\/b>1046<\/td><\/tr>\n9<\/td>0.6801<\/td>4519424<\/td>OCA\\FederatedFileSharing\\AddressHandler->splitUserRemote( )<\/td>...\/CloudFederationProviderFiles.php:<\/b>199<\/td><\/tr>\n"}

michielbdejong commented 2 years ago

[Mon Nov 15 13:08:51.219252 2021] [php7:notice] [pid 13] [client 172.18.0.3:46128] splitting user remote: @cern.ch

michielbdejong commented 2 years ago

-> created https://github.com/pondersource/nc-sciencemesh/issues/134 about this.

michielbdejong commented 2 years ago

so apart from that, curl->revanc->stub seems to work, mostly. next step: curl->revanc->revanc

michielbdejong commented 2 years ago

2021-11-15 13:29:46.929 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="json: error sending create ocm core share post request: 401 Unauthorized: {\n \"code\": \"UNAUTHENTICATED\",\n \"message\": \"provider not authorized\"\n}" pid=1121 pkg=rgrpc

michielbdejong commented 2 years ago

and on revanc2: 2021-11-15 13:29:46.927 ERR ../../reva/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go:125 > error verifying mesh provider error="error: not found: revanc2.docker" pid=597 pkg=rgrpc 2021-11-15 13:29:46.927 DBG ../../reva/internal/grpc/interceptors/log/log.go:69 > unary code=OK end="15/Nov/2021:13:29:46 +0000" from=tcp://127.0.0.1:60360 pid=597 pkg=rgrpc start="15/Nov/2021:13:29:46 +0000" time_ns=341215 uri=/cs3.ocm.provider.v1beta1.ProviderAPI/IsProviderAllowed user-agent=grpc-go/1.26.0 2021-11-15 13:29:46.928 DBG ../../reva/internal/grpc/interceptors/log/log.go:69 > unary code=OK end="15/Nov/2021:13:29:46 +0000" from=tcp://127.0.0.1:60350 pid=597 pkg=rgrpc start="15/Nov/2021:13:29:46 +0000" time_ns=2016604 uri=/cs3.gateway.v1beta1.GatewayAPI/IsProviderAllowed user-agent=grpc-go/1.26.0 2021-11-15 13:29:46.928 ERR ../../reva/internal/http/services/ocmd/reqres.go:62 > provider not authorized error="error verifying mesh provider" pid=597 pkg=rhttp

michielbdejong commented 2 years ago

revanc2 as the receiving mesh provider should not be trying to verify revanc2 itself, it should be looking for revanc1 which is the sending mesh provider

michielbdejong commented 2 years ago

should be fixed by editing providers.demo.json in the revanc branch of ocm-test-suite next: 2021-11-15 13:34:48.687 ERR ../../reva/internal/grpc/services/userprovider/userprovider.go:133 > error getting user error="userprovidersvc: error getting user: nextcloud storage driver: error getting user from ctx: error: user required: " pid=611 pkg=rgrpc

michielbdejong commented 2 years ago

docker run --rm -it --network=testnet --name=revanc2.docker -e HOST=revanc2 revad /bin/bash -> cd /reva ; git checkout sciencemesh ; git pull ; export PATH=$PATH:/usr/local/go/bin ; go mod vendor ; make build-revad ; cd /etc/revad ; echo "127.0.0.1 $HOST.docker" >> /etc/hosts ; /reva/cmd/revad/revad -c /etc/revad/$HOST.toml

michielbdejong commented 2 years ago

docker exec -it nc1.docker /bin/bash -> mkdir -p data/einstein/files/sciencemesh/home curl -i -d'{"loginType":"basic","loginUsername":"einstein","loginPassword":"relativity","path":"/home","recipientUsername":"marie","recipientHost":"revanc2.docker"}' https://einstein:relativity@revanc1.docker/send

michielbdejong commented 2 years ago

next error:

2021-11-16 14:44:41.942 DBG ../../reva/internal/grpc/interceptors/auth/auth.go:93 > skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/CreateOCMShare pid=3396 pkg=rgrpc In internal/grpc/services/ocmshareprovider/ocmshareprovider#CreateOCMShare! In pkg/ocm/share/manager/nextcloud#Share! In pkg/ocm/share/manager/nextcloud#Share: outgoing! 2021-11-16 14:44:41.945 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:169 > am.do https://einstein:relativity@nc1.docker/index.php/apps/sciencemesh/~einstein/api/ocm/addSentShare {"md":{"storage_id":"00000000-0000-0000-0000-000000000000","opaque_id":"fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"revanc2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}} pid=3396 pkg=rgrpc 2021-11-16 14:44:42.728 INF ../../reva/pkg/ocm/share/manager/nextcloud/nextcloud.go:187 > am.do response 401 {"message":"Current user is not logged in"} pid=3396 pkg=rgrpc 2021-11-16 14:44:42.746 ERR ../../reva/internal/grpc/services/ocmshareprovider/ocmshareprovider.go:171 > error creating share error="sender: error sending create ocm core share post request: 404 Not Found: {\n \"code\": \"RESOURCE_NOT_FOUND\",\n \"message\": \"user not found\"\n}" pid=3396 pkg=rgrpc

-> not sure how to reproduce this 401 response with curl (seeing a 302 to https://nc1.docker/index.php/apps/dashboard/ instead) -> will postpone debugging this until the owner_opaque_id issue is fixed there. -> will instead concentrate on what revanc2 is doing when the /ocm/shares post comes in there

michielbdejong commented 2 years ago

vim internal/http/services/ocmd/shares.go +132 -> user not found. this must be revanc2 asking nc2 about marie?

michielbdejong commented 2 years ago

now looking at errors in revanc2: 2021-11-16 15:04:27.319 ERR ../../reva/internal/grpc/services/userprovider/userprovider.go:133 > error getting user error="userprovidersvc: error getting user: nextcloud storage driver: error getting user from ctx: error: user required: " pid=3502 pkg=rgrpc [...] 2021-11-16 15:04:27.32 ERR ../../reva/internal/http/services/ocmd/reqres.go:62 > user not found error="error getting user" pid=3502 pkg=rhttp

michielbdejong commented 2 years ago

it's now hitting webdav token not provided on revanc2

michielbdejong commented 2 years ago

that's now fixed, it's calling its own CreateOCMCoreShare grpc method. then, a nil pointer exception

michielbdejong commented 2 years ago

The problem is that in internal/grpc/services/ocmcore/ocmcore.go line 160 req.ShareWith is nil

michielbdejong commented 2 years ago

fixed some typos in ocm-test-suite#revanc:servers/revad/revanc2.toml and ended up at https://github.com/pondersource/nc-sciencemesh/issues/148

michielbdejong commented 2 years ago

I skipped the GetUser step until that issue is fixed. Next error: error searching recipient

michielbdejong commented 2 years ago

curl -d'{"md":{"storage_id":"remote","opaque_id":"00000000-0000-0000-0000-000000000000:fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"get_quota":true,"initiate_file_download":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' -X POST https://marie:radioactivity@nc2.docker/index.php/apps/sciencemesh/~marie/api/ocm/addReceivedShare

{"message":"Missing arguments"}

michielbdejong commented 2 years ago

It now works if you POST with:

curl -d'{"md":{"storage_id":"remote","opaque_id":"00000000-0000-0000-0000-000000000000:fileid-/home"},"g":{"grantee":{"type":1,"Id":{"UserId":{"opaque_id":"marie","idp":"revanc2.docker"}}},"permissions":{"permissions":{"get_path":true,"get_quota":true,"initiate_file_download":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' -X POST -H'Content-Type:application/json' -i https://marie:radioactivity@nc2.docker/index.php/apps/sciencemesh/~marie/api/ocm/addReceivedShare

Specifically: {"g":{"grantee":{"Id":{"UserId"{"idp":"revanc2.docker"}}}}}

michielbdejong commented 2 years ago

This is with the addReceivedShare-owner_opaque_id branch on nc2.docker

michielbdejong commented 2 years ago

Finally got a 200 response in the r->r->n \o/ Will now try the full n->r->r->n

© Githubissues.

Githubissues is a development platform for aggregating issues.