Skip to content

proxy(sign_url_auth): Allow to verify server signed URLs #1191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rhafer merged 2 commits into from
Jul 17, 2025
Merged

proxy(sign_url_auth): Allow to verify server signed URLs #1191

rhafer merged 2 commits into from
Jul 17, 2025

Conversation

@rhafer
Copy link
Contributor

@rhafer rhafer commented Jul 8, 2025
edited
Loading

With the ocdav service being able to provided signed download URLs we need the proxy to be able to verify the signatures.

This should also be a first step towards phasing out the weird ocs based client side signed urls.

Related Tickets: #1104

This is still a bit of a PoC, but should be good enough for providing allowing some traction on: opencloud-eu/web#704

Unfortunately in its current form it is a breaking change (a new configuration key is required) and would require a major version bump again. I'd be interested in suggestions about how we can make this non-breaking in a simple way.

To use this the new config variable OC_URL_SIGNING_SHARED_SECRET needs to be set. (Just use some randon string content)

@rhafer rhafer self-assigned this Jul 8, 2025
This was referenced Jul 8, 2025
Closed
Open
@AlexAndBear
Copy link
Contributor

AlexAndBear commented Jul 9, 2025

Please enable https://sdk.collaboraonline.com/docs/advanced_integration.html#enableinsertremoteimage

@rhafer
Copy link
Contributor Author

rhafer commented Jul 9, 2025

@AlexAndBear should work now

image

@AlexAndBear
Copy link
Contributor

AlexAndBear commented Jul 9, 2025

TYSM!

@rhafer rhafer mentioned this pull request Jul 14, 2025
Open
@rhafer rhafer force-pushed the issue/1104 branch 3 times, most recently from f440e79 to e1de34d Compare July 17, 2025 07:54
rhafer added 2 commits July 17, 2025 12:01
@rhafer
cleanup(proxy): Remove misleading comment
601bb4c 
The signedurl middleware is already adding the user to the context.
@rhafer
proxy(sign_url_auth): Allow to verify server signed URLs
4bdb3bf 
With the ocdav service being able to provided signed download URLs we
need the proxy to be able to verify the signatures.
This should also be a first step towards phasing out the weird ocs based
client side signed urls.

Related Tickets: opencloud-eu#1104
@rhafer rhafer marked this pull request as ready for review July 17, 2025 10:41
@rhafer rhafer merged commit 3ce2317 into opencloud-eu:main Jul 17, 2025
52 checks passed
This was referenced Jul 17, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduffeck aduffeck aduffeck approved these changes

Assignees

@rhafer rhafer

Labels

Type:Enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rhafer @AlexAndBear @aduffeck