feat(ocm): add wayf specific /discover and /federations endpoints to sciencemesh package #393
Conversation
…sciencemesh package Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
butonic
left a comment
There was a problem hiding this comment.
Awesome! I know you have this on draft, but I wanted to understand this and get involved early.
| ocmClient := ocmd.NewClient(10*time.Second, false) | ||
|
|
||
| log.Debug().Str("domain", domain).Msg("Attempting OCM discovery") | ||
| disco, err := ocmClient.Discover(ctx, domain) |
There was a problem hiding this comment.
hm. domain is taken from the request. and the /discover endpoint is unprotected. That allows anyone to make a GET /.well-known/ocm and GET /ocm-provider request to any host. even internal ones. We need to check if the requested host is in the list of configured federations?
There was a problem hiding this comment.
Yes, so the idea is if Alice invited Bob and Bob cannot find it's home EFSS server name in Alice's WAYF page, he could enter his domain in the UI to be redirected to his EFSS.
Here is a demo with my modified GUI of OpenCloud (will open PR after fixing some corners):
opencloud-to-ocis.webm
There was a problem hiding this comment.
I initially considered implementing it entirely on the client side, but that approach would conflict with CSRF protection mechanisms
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
Instead of creating a client each time a function is called, create client once Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch> Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
@glpatcern recommendations moved types to spec.go used directory urls instead of a file Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
as per @glpatcern recommendations Also return 404 if the remote EFSS doesn't provide an inviteAcceptDialog Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
|
@dragonchaser this PR adds missing enpoints for the current OCM spec. Since you digested that yesterday, can you give it a review? |
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
8397299 to
b45fa51
Compare
|
Thanks for the acceptance! 🥳 I just have a question about: reva/internal/http/services/ocmd/client.go Lines 96 to 111 in 700f617 @dragonchaser did I made a mistake on placing the body closer under err check? |
Although this PR is referenced under cs3org/OCM-STA#1, it is not directly part of the STA funded work. However, since the changes are closely related and beneficial to OCM, I decided to port them here as well for consistency.
Description
This PR implements WAYF (Where Are You From) specific discovery endpoints for the ScienceMesh package, enabling dynamic OCM provider discovery and federation management. The implementation follows the OCM Discovery 1.2 specification.
Technical
Things I've added to Reva
/sciencemesh/federationsendpoint: Lists available federations and their associated servers/sciencemesh/federationsendpoint: Enables active discovery of OCM providers and their capabilitiesInviteAcceptDialogdiscovery: Dynamically retrieves invitation handling URLs from remote providersCode changes
internal/http/services/ocmd/client.go: HTTP client for OCM provider discovery with timeout and TLS configurationinternal/http/services/sciencemesh/wayf.go: Core logic for federation management and provider discoveryinternal/http/services/sciencemesh/sciencemesh.go: Added new endpoints and configuration optionsinternal/http/services/wellknown/ocm.go: Updated API version and addedInviteAcceptDialogsupport