(GlobalScale) lock federation to internal #19391
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a long awaited feature: having
gs.federation = 'internal'
working.In a GlobalScale setup, in order to have its users being able to share files to users from another instance of Nextcloud, admin must enable the global federation shares. Meaning that it is not possible to enable the federation share only for local instances defined within the lookup-server.
As a side note, the value is currently 'internal' by default, meaning that if the admin does not set the
gs.federation
to'external'
(and open the federated shares to the outside), shares between local instances of GS are not available. This PR respects the default value.This PR will allow to manage those entries in
config/config.php
:gs.federation = 'internal'
to limit all shares only to local instances of the GS.
gs.federation.incoming = 'internal'
to limit incoming shares only to local instances of the GS
gs.federation.outgoing = 'internal'
to limit incoming shares only to local instances of the GS
How is it working:
if the config is set to internal, federated shares a allowed without checking the settings related to federated shares.
When creating a federated shares, if the outgoing shares is limited to internal, we check that the address of the remote recipient is considered as local before initiating the generation of the federated share.
To avoid some spoofing from an external request, a password is added to the share during the exchange, but not stored. The password is based on the token of the share and the jwt key from the
config/config.php
. The password is added regardless of the limitation to internal outgoing shares, as long as the address of the recipient is known by the lookup-server.When receiving a federated share, if the incoming shares is limited to internal, we compare the password of the share.
This way, every instances of the GlobalScale setup can have their own setup regarding internal/external federated shares.
WIP
Tests are not yet implemented, this edit affect so many files and test might ask for a lot of work, please review and confirm the concept first.
dependencies
To retrieve the local instances of a LUS: nextcloud/lookup-server#43