owncloud · kulmann · Jun 2, 2020 · May 27, 2020 · May 27, 2020 · May 27, 2020
diff --git a/changelog/unreleased/use-access-token.md b/changelog/unreleased/use-access-token.md
@@ -0,0 +1,8 @@
+Change: Use account uuid from x-access-token
+
+We are now using an ocis-pkg middleware for extracting the account uuid of the
+authenticated user from the `x-access-token` of the http request header and inject
+it into the Identifier protobuf messages wherever possible. This allows us to use
+`me` instead of an actual account uuid, when the request comes through the proxy.
+
+https://github.com/owncloud/ocis-settings/pull/14
diff --git a/go.mod b/go.mod
@@ -15,14 +15,15 @@ require (
 	github.com/micro/go-micro/v2 v2.6.0
 	github.com/oklog/run v1.0.0
 	github.com/openzipkin/zipkin-go v0.2.2
-	github.com/owncloud/ocis-hello v0.1.0-alpha1
-	github.com/owncloud/ocis-pkg/v2 v2.0.1
+	github.com/owncloud/ocis-pkg/v2 v2.2.2-0.20200527082518-5641fa4a4c8c
 	github.com/restic/calens v0.2.0
 	github.com/spf13/viper v1.6.3
-	go.opencensus.io v0.22.2
+	go.opencensus.io v0.22.3
+	golang.org/x/mod v0.3.0 // indirect
 	golang.org/x/net v0.0.0-20200301022130-244492dfa37a
+	golang.org/x/tools v0.0.0-20200526224456-8b020aee10d2 // indirect
 	google.golang.org/genproto v0.0.0-20200420144010-e5e8543f8aeb
-	google.golang.org/grpc v1.27.0
+	google.golang.org/grpc v1.28.0
 	google.golang.org/protobuf v1.21.0
 )
 

diff --git a/go.sum b/go.sum
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -47,16 +47,22 @@ type Storage struct {
 	RootMountPath string
 }
 
+// TokenManager is the config for using the reva token manager
+type TokenManager struct {
+	JWTSecret string
+}
+
 // Config combines all available configuration parts.
 type Config struct {
-	File    string
-	Storage Storage
-	Log     Log
-	Debug   Debug
-	HTTP    HTTP
-	GRPC    GRPC
-	Tracing Tracing
-	Asset   Asset
+	File         string
+	Storage      Storage
+	Log          Log
+	Debug        Debug
+	HTTP         HTTP
+	GRPC         GRPC
+	Tracing      Tracing
+	Asset        Asset
+	TokenManager TokenManager
 }
 
 // New initializes a new configuration with or without defaults.

diff --git a/pkg/flagset/flagset.go b/pkg/flagset/flagset.go
@@ -163,5 +163,12 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"SETTINGS_ROOT_MOUNT_PATH"},
 			Destination: &cfg.Storage.RootMountPath,
 		},
+		&cli.StringFlag{
+			Name:        "jwt-secret",
+			Value:       "Pive-Fumkiu4",
+			Usage:       "Used to create JWT to talk to reva, should equal reva's jwt-secret",
+			EnvVars:     []string{"SETTINGS_JWT_SECRET"},
+			Destination: &cfg.TokenManager.JWTSecret,
+		},
 	}
 }
diff --git a/pkg/proto/v0/settings.pb.web.go b/pkg/proto/v0/settings.pb.web.go
diff --git a/pkg/server/http/server.go b/pkg/server/http/server.go
@@ -2,6 +2,7 @@ package http
 
 import (
 	"github.com/go-chi/chi"
+	"github.com/owncloud/ocis-pkg/v2/account"
 	"github.com/owncloud/ocis-pkg/v2/middleware"
 	"github.com/owncloud/ocis-pkg/v2/service/http"
 	"github.com/owncloud/ocis-settings/pkg/assets"
@@ -39,6 +40,10 @@ func Server(opts ...Option) http.Service {
 	mux.Use(middleware.Cache)
 	mux.Use(middleware.Cors)
 	mux.Use(middleware.Secure)
+	mux.Use(middleware.ExtractAccountUUID(
+		account.Logger(options.Logger),
+		account.JWTSecret(options.Config.TokenManager.JWTSecret)),
+	)
 
 	mux.Use(middleware.Version(
 		"settings",

diff --git a/pkg/service/v0/service.go b/pkg/service/v0/service.go
@@ -3,11 +3,11 @@ package svc
 import (
 	"context"
 
-	"github.com/owncloud/ocis-settings/pkg/settings"
-	store "github.com/owncloud/ocis-settings/pkg/store/filesystem"
-
+	"github.com/owncloud/ocis-pkg/v2/middleware"
 	"github.com/owncloud/ocis-settings/pkg/config"
 	"github.com/owncloud/ocis-settings/pkg/proto/v0"
+	"github.com/owncloud/ocis-settings/pkg/settings"
+	store "github.com/owncloud/ocis-settings/pkg/store/filesystem"
 )
 
 // Service represents a service.
@@ -26,7 +26,7 @@ func NewService(cfg *config.Config) Service {
 
 // SaveSettingsBundle implements the BundleServiceHandler interface
 func (g Service) SaveSettingsBundle(c context.Context, req *proto.SaveSettingsBundleRequest, res *proto.SaveSettingsBundleResponse) error {
-	req.SettingsBundle.Identifier = getFailsafeIdentifier(req.SettingsBundle.Identifier)
+	req.SettingsBundle.Identifier = getFailsafeIdentifier(c, req.SettingsBundle.Identifier)
 	r, err := g.manager.WriteBundle(req.SettingsBundle)
 	if err != nil {
 		return err
@@ -37,7 +37,7 @@ func (g Service) SaveSettingsBundle(c context.Context, req *proto.SaveSettingsBu
 
 // GetSettingsBundle implements the BundleServiceHandler interface
 func (g Service) GetSettingsBundle(c context.Context, req *proto.GetSettingsBundleRequest, res *proto.GetSettingsBundleResponse) error {
-	r, err := g.manager.ReadBundle(getFailsafeIdentifier(req.Identifier))
+	r, err := g.manager.ReadBundle(getFailsafeIdentifier(c, req.Identifier))
 	if err != nil {
 		return err
 	}
@@ -47,7 +47,7 @@ func (g Service) GetSettingsBundle(c context.Context, req *proto.GetSettingsBund
 
 // ListSettingsBundles implements the BundleServiceHandler interface
 func (g Service) ListSettingsBundles(c context.Context, req *proto.ListSettingsBundlesRequest, res *proto.ListSettingsBundlesResponse) error {
-	r, err := g.manager.ListBundles(getFailsafeIdentifier(req.Identifier))
+	r, err := g.manager.ListBundles(getFailsafeIdentifier(c, req.Identifier))
 	if err != nil {
 		return err
 	}
@@ -57,7 +57,7 @@ func (g Service) ListSettingsBundles(c context.Context, req *proto.ListSettingsB
 
 // SaveSettingsValue implements the ValueServiceHandler interface
 func (g Service) SaveSettingsValue(c context.Context, req *proto.SaveSettingsValueRequest, res *proto.SaveSettingsValueResponse) error {
-	req.SettingsValue.Identifier = getFailsafeIdentifier(req.SettingsValue.Identifier)
+	req.SettingsValue.Identifier = getFailsafeIdentifier(c, req.SettingsValue.Identifier)
 	r, err := g.manager.WriteValue(req.SettingsValue)
 	if err != nil {
 		return err
@@ -68,7 +68,7 @@ func (g Service) SaveSettingsValue(c context.Context, req *proto.SaveSettingsVal
 
 // GetSettingsValue implements the ValueServiceHandler interface
 func (g Service) GetSettingsValue(c context.Context, req *proto.GetSettingsValueRequest, res *proto.GetSettingsValueResponse) error {
-	r, err := g.manager.ReadValue(getFailsafeIdentifier(req.Identifier))
+	r, err := g.manager.ReadValue(getFailsafeIdentifier(c, req.Identifier))
 	if err != nil {
 		return err
 	}
@@ -78,20 +78,28 @@ func (g Service) GetSettingsValue(c context.Context, req *proto.GetSettingsValue
 
 // ListSettingsValues implements the ValueServiceHandler interface
 func (g Service) ListSettingsValues(c context.Context, req *proto.ListSettingsValuesRequest, res *proto.ListSettingsValuesResponse) error {
-	r, err := g.manager.ListValues(getFailsafeIdentifier(req.Identifier))
+	r, err := g.manager.ListValues(getFailsafeIdentifier(c, req.Identifier))
 	if err != nil {
 		return err
 	}
 	res.SettingsValues = r
 	return nil
 }
 
-func getFailsafeIdentifier(identifier *proto.Identifier) *proto.Identifier {
+// getFailsafeIdentifier makes sure that there is an identifier, and that the account uuid is injected if needed.
+func getFailsafeIdentifier(c context.Context, identifier *proto.Identifier) *proto.Identifier {
 	if identifier == nil {
 		identifier = &proto.Identifier{}
 	}
 	if identifier.AccountUuid == "me" {
-		identifier.AccountUuid = "5681371F-4A6E-43BC-8BB5-9C9237FA9C58"
+		ownAccountUUID := c.Value(middleware.UUIDKey).(string)
+		if len(ownAccountUUID) > 0 {
+			identifier.AccountUuid = ownAccountUUID
+		} else {
+			// might be valid for the request not having an AccountUuid in the identifier.
+			// but clear it, instead of passing on `me`.
+			identifier.AccountUuid = ""
+		}
 	}
 	return identifier
 }