Resolves#384. If the checks still pass and this gets merged, perhaps we
should take a look at other apps to see if they need to be updated in
the same way.
Signed-off-by: Edward Ly <contact@edward.ly>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
1. Logs are written to a separate file
2. Log level - Warning
3. Only for those requests where "user" is set
Reference:
https://github.com/nextcloud/server/pull/46539#pullrequestreview-2182378157
this is how logs look like:
```json
{"reqId":"t9ThOI2CheVn6sDUsUKO","level":2,"time":"2024-08-13T10:08:42+00:00","remoteAddr":"192.168.65.1","user":"admin","app":"nc_py_api","method":"GET","url":"/ocs/v1.php/cloud/capabilities?format=json","message":"impersonation request","userAgent":"python-httpx/0.25.2","version":"30.0.0.7","data":{"app":"nc_py_api"}}
{"reqId":"tVtHIEwQ5YKhbWUFTmKF","level":2,"time":"2024-08-13T10:08:42+00:00","remoteAddr":"192.168.65.1","user":"admin","app":"nc_py_api","method":"PROPFIND","url":"/remote.php/dav/files/admin","message":"impersonation request","userAgent":"python-httpx/0.25.2","version":"30.0.0.7","data":{"app":"nc_py_api"}}
```
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
It's a refactoring, it doesn't really fix anything(?), but it makes
working with caches in the style of a Nextcloud server repository.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This PR introduces new (mandatory if you use the ExApp proxy) registration of the routes that are allowed to call on ExApp via AppAPI ExApp proxy.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
1. Will be required for future AI ExApps with scaling
2. Will be required for future ExApps with federated support
3. Requited by **WorkflowEngine project** at it's current stage
4. This will make developing of ExApps easier, as usual in
"manual"registration" we use different app version(constant "1.0.0")
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
The system flag and extra table for that `ex_app_users` is removed to
optimize database usage and simplify the system logic.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
For every incoming request to the cloud, we do an extra read from the
database.
For every outgoing request, we do the same.
Anyway, we haven’t used this thing once in a year; it’s easier to remove
it than to transfer this flag to the ex_app table to optimize speed.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Currently cookies always rejected when ExApp is installed in DSP with
`HTTPS` - this is now fixed.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Changes in this PullRequest:
* moved `resetCaches` into `updateExApp`
* always reset all ex_app cache when fail writing to DB
* always update ExApp `status` in DB when enabling ExApp
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This PR made a few changes to ExApp proxy:
1. Fix Get requests proxy to preserve the url params
2. Add pass of cookies to the ExApp with request
3. Fixes Proxy work with multipart requests and files using separate
internal version of requestToExApp with slightly adjusted handling of
query and body params
4. Remove default caching for json requests
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
This PR introduces our internal occ command for sending a request to
ExApp with notification about an event happened. The occ command is
needed to perform the HTTP request in a truly async maner not blocking
the original PHP process during request, that have to improve the user
experience.
The request is limited to 2s timeout, so that this occ command process
shouldn't live too long to not exceed the limits.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
This PR introduces async requestToExApp Public functions + two OCS
endpoints for requestToExApp and exAppRequestWithUserInit.
Some logging level adjustments.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Should fix incorrect type handling by different DBMS during ExApp occ
command registration.
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This PR introduces API for registering OCC commands for ExApps.
Note: **Passing file contents as the input argument is not supported**
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
In our current code, `$appInfo['external-app']['scopes']['value']` is
sometimes an array and sometimes not, depending on the data.
To ensure that `$appInfo['external-app']['scopes']` is always an array,
even if it's just one value, we use the is_array() function to check the
type and then adjust accordingly.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Before this, we didn’t have a `healthcheck` at all, but instead there
was simply a check to see if the container was running.
Checking whether the container is running has been moved to Deploy stage
and now occurs at the end of the deployment process.
And between deployment and “init” there is now a correct health check.
Applications are not required to support healthcheck at all, so it is
only checked if `['State']['Health']['Status']` is present.
Without a timeout, the timeout must be set by the application itself, as
it is usually done for Docker containers healthcheck.
During a healthcheck, an application, for example, can now install some
of its own packages or do something other with its docker container.
It should not communicate with the Nextcloud itself at this
stage(healthcheck), because application is not considered enabled.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
Co-authored-by: Andrey Borysenko <andrey18106x@gmail.com>
We hold pre-defined API Scopes in memory only.
Anyway we currently do not supporting defining API Scopes at runtime and
not sure that we will in future, so better to make it simpler and faster
for now.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
With PHP>=8.2 they will appear like this:
```
/var/www/html/apps-extra/app_api/lib/Service/AppAPIService.php
line 89
OCA\AppAPI\Service\AppAPIService->requestToExAppInternal(
[
"OCA\\AppAPI\\Db\\ExApp",
3
],
"POST",
"http://host.docker.internal:9031/video_to_gif",
[
"SensitiveParameterValue"
]
)
```
Also adjustments in the Nextcloud Server required, to hide headers in
`IClient` calls, we cannot do it from AppAPI side.
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Without this it just throws exception where nothing is clear, better to
return correct error description.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Should significantly improve the performance of anything that uses the
getExAppsList function:
1. Admin page
2. ExAppUIL10N middleware
3. And in many other places where there were multiple cyclic calls to
`getExApp`
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
1. In `AppAPIAuthMiddleware` we should check for `AUTHORIZATION-APP-API`
header to not first perform request to DB.
2. In `validateExAppRequestToNC` we should do the same but for
'EX-APP-ID' header.
3. Removed debug log from `getExApp`, to not spam logs.
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
subj, a little more code, but more secure when "MYSQL Server has gone
away" error occurs
---------
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
Adding `ISpeechToTextProviderWithUserId` interface to STT implementation
after it is merged and available in server.
---------
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
