```xml
<route>
<url>^api\/w\/nextcloud\/jobs\/.*</url>
<verb>GET,POST,PUT,DELETE</verb>
<access_level>PUBLIC</access_level>
<headers_to_exclude>[]</headers_to_exclude>
<bruteforce_protection>[401, 500]</bruteforce_protection>
</route>
```
Looks like this. ExApps should not implement its own protection, we
should provide a way to enable basic protection from Nextcloud/AppAPI
side.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Andrey Borysenko <andrey18106x@gmail.com>
Yes, it changes the algorithm, but otherwise it does not work in PGSQL
in production.
And so it is a little simpler, since the order of routes in `info.xml`
is not important
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
We forgot to change this in this PR:
https://github.com/cloud-py-api/app_api/pull/277
For Proxy requests there should be no timeout, cause they are coming
from user or external services and not from Nextcloud
Even if they will take a long time, Nextcloud instance will be not slow
down
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
An external packet received by the proxy can have any value in
'X-Origin-IP' - we can't trust it, it's best to set it on our own
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This PR introduces new (mandatory if you use the ExApp proxy) registration of the routes that are allowed to call on ExApp via AppAPI ExApp proxy.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
Treat `PUT` with the same logic as `DELETE`
`$_POST` and `$_FILES` are always empty as PHP automatically does not
parse data during `PUT`
Just send raw request which we received to ExApp.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
We don't have to build the request data again, it's already original in
'php://input'
It is also better to send all headers.
Perhaps we don’t need the code with “buildMultipartFormData” either
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
The system flag and extra table for that `ex_app_users` is removed to
optimize database usage and simplify the system logic.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Currently cookies always rejected when ExApp is installed in DSP with
`HTTPS` - this is now fixed.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This PR made a few changes to ExApp proxy:
1. Fix Get requests proxy to preserve the url params
2. Add pass of cookies to the ExApp with request
3. Fixes Proxy work with multipart requests and files using separate
internal version of requestToExApp with slightly adjusted handling of
query and body params
4. Remove default caching for json requests
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
This PR adds ability for ExApp to have entry in TopMenu and provide it's
own page when clicking on it.
* OCS API for specifying InitialStates, Scripts, Styles, TopMenu
* Small corrections and refactoring of code that relates on UI
* Small bug fixes to other parts of AppAPI, mostly for FileActions Menu.
PR is ready, after merging this, one additional PR will be created that
relates to this one.
That PR will cover missing parts:
* Docs, changelog update
* FileActions Menu rework(icon specifying)
* Fixes of stuff that will be found if any, related to UI
* CI Actions and Makefile adjusting, to keep `js/proxy_js` folder
* Fix of Proxying stuff
Merging this PR will allow nc_py_api's PR to be finished on this theme
and finish first example for testing.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Andrey Borysenko <andrey18106x@gmail.com>
