-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate in store
usage and signing keys
#3913
Comments
If we would drop support for presigned keys we could remove this config options: ocis/extensions/proxy/pkg/config/config.go Lines 114 to 118 in ef1f2ba
also the connected middleware could be removed. |
see also #2374 |
see also #1356 |
see also #1357 |
If we would drop the signing-key endpoint, we also could drop the OCS service (that one from the oCIS repo), see ocis/services/proxy/pkg/config/defaults/defaultconfig.go Lines 86 to 90 in 3d2dc3a
|
The @kulmann proposes to also have |
AFAICT the having the store implementation as a dedicated service was the wrong approach. we should be using the go micro store interface and implement a In a similar way we should evaluate see also #4193 (comment) In any case having a dedicated store service is the wrong approach to begin with, IMO. |
the store is meanwhile also used in the proxy ocis/services/proxy/pkg/command/server.go Lines 188 to 193 in d143e92
|
We should use a regular micro store and default it to memory using a ttl to 1h. A new signing key will be generated when it is unset. To get rid of the MS graph uses presigned download thinks for thumbnails like this: https://db3pap003files.storage.live.com/y4mw70OznhAgB518uvI9y8Z4vdU_2km4p8qE5ZzCWKalb9I0FDx9uHP1clxBJWa9CMMSbx4ffrWE3k2KgpwiArTHAaCgIHrnpsehBt7dornOEoKHZ87oa3MsZkGvX9OVVMP6a00NiuEz0UuDHkKmHCIv_inbVcU6nIWrQ_PEMzIuVf3zqxKCtS01g7Xt1Ke3khes-bx0ruxqn3zHc71CbI5cPcgmboZv65SWRAI7r31tp_k008WZxYxSP7nUu-QluI6b9wOEBaJ5APb3J5PWKfSoNjLskBZMxgmephcbS4Hlyfpk7P62O75PAxTI7wNiTCo?width=400&height=400&cropmode=none
The tempauth token here is valid for 6h and the endpointurl seems to be a hash of the request url. so ... we could use a jwt in the download urls for files and thumbnails to 'sign' the request. In ms graph they are valid for 1h btw. |
Using a regular micro store, eg. nats-js kv-store is now possible. Close here? |
Investigate in how the store extensions is used (Background: it is not scalable right now).
Current assumption: It is only used for WebDav signing keys.
Further assumption: Signing keys are not used by clients, eg. ownCloud Web
Conclusion:
The text was updated successfully, but these errors were encountered: