Feature/cipherduck by chenkins · Pull Request #1 · shift7-ch/katta-server

chenkins · 2023-06-28T13:13:18Z

No description provided.

backend/src/main/java/org/cryptomator/hub/cipherduck/KeycloakGrantAccessToVault.java

backend/pom.xml

backend/src/main/resources/dev-realm.json

backend/src/main/resources/application.properties

backend/src/main/resources/dev-realm.json

backend/src/main/java/org/cryptomator/hub/api/StorageDto.java

backend/src/main/java/org/cryptomator/hub/api/StorageResource.java

frontend/src/common/backend.ts

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageResource.java

backend/src/main/resources/dev-realm.json

backend/pom.xml

frontend/src/components/CreateVaultS3.vue

backend/src/main/resources/application.properties

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageConfigDto.java

backend/src/main/java/org/cryptomator/hub/api/VaultResource.java

backend/config/application.properties

overheadhunter

I'll take another look at this later. For now I've skipped certain parts (such as UI).

I want to point out two areas that I want you to focus on:

Use of Optional in fields, which might also solve your

workaround for defaultValue in JSONPrroperty not working as expected
There are plenty of resource in src/main/resources (especially the AWS policy files - which by the way seems redundant with the hardcoded policies in the .ts part...?), which MIGHT cause problems when generating a native image. Maybe Quarkus takes care of this already, otherwise we must add some resource-config.json to tell GraalVM to include those resources.

README.md

backend/src/main/java/org/cryptomator/hub/api/ConfigResource.java

backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java

backend/src/main/java/org/cryptomator/hub/api/cipherduck/StorageConfig.java

frontend/src/common/backend.ts

frontend/src/common/crypto.ts

overheadhunter · 2023-11-22T14:36:25Z

frontend/src/common/settings.ts

@@ -0,0 +1,2 @@
+// TODO review is there a standard way for injecting developer properties?


@tobihagemann may know

frontend/src/router/index.ts

Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.

…rom upstream.

chenkins · 2024-10-10T11:40:08Z

Superseded by #52

chenkins closed this Jun 28, 2023

chenkins reopened this Jun 28, 2023

chenkins force-pushed the feature/cipherduck branch from 4da921b to a765f60 Compare June 28, 2023 15:34

overheadhunter reviewed Jun 30, 2023

View reviewed changes

chenkins commented Jul 3, 2023

View reviewed changes