Support signature authentication for public links (#118)

C0rby · web-flow · commit aa7f446c1b15 · 2021-03-25T14:32:53.000+01:00
diff --git a/cs3/sharing/link/v1beta1/link_api.proto b/cs3/sharing/link/v1beta1/link_api.proto
@@ -173,6 +173,9 @@ message ListPublicSharesRequest {
   // OPTIONAL.
   // The list of filters to apply if any.
   repeated Filter filters = 2;
+  // OPTIONAL.
+  // If a signature should be included in the share.
+  bool sign = 3;
 }
 
 message ListPublicSharesResponse {
@@ -212,6 +215,9 @@ message GetPublicShareRequest {
   // REQUIRED.
   // The reference to which the action should be performed.
   PublicShareReference ref = 2;
+  // OPTIONAL.
+  // If a signature should be included in the share.
+  bool sign = 3;
 }
 
 message GetPublicShareResponse {
@@ -224,9 +230,6 @@ message GetPublicShareResponse {
   // REQUIRED.
   // The share.
   PublicShare share = 3;
-  // OPTIONAL.
-  // The share password hash.
-  string password_hash = 4;
 }
 
 message GetPublicShareByTokenRequest {
@@ -237,8 +240,11 @@ message GetPublicShareByTokenRequest {
   // The unlisted token to identify the public share.
   string token = 2;
   // OPTIONAL.
-  // The public link can be password protected.
-  string password = 3;
+  // The public link can require authentication.
+  PublicShareAuthentication authentication = 3;
+  // OPTIONAL.
+  // If a signature should be included in the share.
+  bool sign = 4;
 }
 
 message GetPublicShareByTokenResponse {
@@ -253,5 +259,5 @@ message GetPublicShareByTokenResponse {
   PublicShare share = 3;
   // OPTIONAL.
   // The share password hash.
-  string password_hash = 4;
+  string password_hash = 4 [deprecated = true];
 }
diff --git a/cs3/sharing/link/v1beta1/resources.proto b/cs3/sharing/link/v1beta1/resources.proto
@@ -98,6 +98,11 @@ message PublicShare {
   // This field is only useful for informational purposes, like for example,
   // setting the window title in a public share HTML page.
   string display_name = 11;
+  // OPTIONAL.
+  // A time constrained token with which
+  // GetPublicSharebyToken requests can be
+  // authenticated.
+  ShareSignature signature = 12;
 }
 
 // The permissions for a share.
@@ -130,6 +135,28 @@ message PublicShareReference {
   }
 }
 
+// The mechanism to authenticate a request to
+// GetPublicShareByToken.
+message PublicShareAuthentication {
+  oneof spec {
+    // The password of the share.
+    string password = 1;
+    // The signature issued by GetPublicShareByToken.
+    ShareSignature signature = 2;
+  }
+}
+
+// A time constrained token which can be used to
+// authenticate link share requests.
+message ShareSignature {
+  // REQUIRED.
+  // The signature value.
+  string signature = 1;
+  // REQUIRED.
+  // The time until the signature becomes invalid.
+  cs3.types.v1beta1.Timestamp signature_expiration = 2;
+}
+
 // Defines the restrictions for the public share.
 message Grant {
   // REQUIRED.
diff --git a/docs/index.html b/docs/index.html
@@ -1103,6 +1103,10 @@ <h2>Table of Contents</h2>
                   <a href="#cs3.sharing.link.v1beta1.PublicShare"><span class="badge">M</span>PublicShare</a>
                 </li>
               
+                <li>
+                  <a href="#cs3.sharing.link.v1beta1.PublicShareAuthentication"><span class="badge">M</span>PublicShareAuthentication</a>
+                </li>
+              
                 <li>
                   <a href="#cs3.sharing.link.v1beta1.PublicShareId"><span class="badge">M</span>PublicShareId</a>
                 </li>
@@ -1115,6 +1119,10 @@ <h2>Table of Contents</h2>
                   <a href="#cs3.sharing.link.v1beta1.PublicShareReference"><span class="badge">M</span>PublicShareReference</a>
                 </li>
               
+                <li>
+                  <a href="#cs3.sharing.link.v1beta1.ShareSignature"><span class="badge">M</span>ShareSignature</a>
+                </li>
+              
               
               
               
@@ -8482,11 +8490,19 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareByTokenRequest">GetPublicShareByT
                 </tr>
               
                 <tr>
-                  <td>password</td>
-                  <td><a href="#string">string</a></td>
+                  <td>authentication</td>
+                  <td><a href="#cs3.sharing.link.v1beta1.PublicShareAuthentication">PublicShareAuthentication</a></td>
+                  <td></td>
+                  <td><p>OPTIONAL.
+The public link can require authentication. </p></td>
+                </tr>
+              
+                <tr>
+                  <td>sign</td>
+                  <td><a href="#bool">bool</a></td>
                   <td></td>
                   <td><p>OPTIONAL.
-The public link can be password protected. </p></td>
+If a signature should be included in the share. </p></td>
                 </tr>
               
             </tbody>
@@ -8542,6 +8558,27 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareByTokenResponse">GetPublicShareBy
           </table>
 
           
+            
+            
+            <h4>Fields with deprecated option</h4>
+            <table>
+              <thead>
+                <tr>
+                  <td>Name</td>
+                  <td>Option</td>
+                </tr>
+              </thead>
+              <tbody>
+              
+                <tr>
+                  <td>password_hash</td>
+                  <td><p>true</p></td>
+                </tr>
+              
+              </tbody>
+            </table>
+            
+          
 
         
       
@@ -8571,6 +8608,14 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareRequest">GetPublicShareRequest</h
 The reference to which the action should be performed. </p></td>
                 </tr>
               
+                <tr>
+                  <td>sign</td>
+                  <td><a href="#bool">bool</a></td>
+                  <td></td>
+                  <td><p>OPTIONAL.
+If a signature should be included in the share. </p></td>
+                </tr>
+              
             </tbody>
           </table>
 
@@ -8612,14 +8657,6 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareResponse">GetPublicShareResponse<
 The share. </p></td>
                 </tr>
               
-                <tr>
-                  <td>password_hash</td>
-                  <td><a href="#string">string</a></td>
-                  <td></td>
-                  <td><p>OPTIONAL.
-The share password hash. </p></td>
-                </tr>
-              
             </tbody>
           </table>
 
@@ -8653,6 +8690,14 @@ <h3 id="cs3.sharing.link.v1beta1.ListPublicSharesRequest">ListPublicSharesReques
 The list of filters to apply if any. </p></td>
                 </tr>
               
+                <tr>
+                  <td>sign</td>
+                  <td><a href="#bool">bool</a></td>
+                  <td></td>
+                  <td><p>OPTIONAL.
+If a signature should be included in the share. </p></td>
+                </tr>
+              
             </tbody>
           </table>
 
@@ -9243,6 +9288,47 @@ <h3 id="cs3.sharing.link.v1beta1.PublicShare">PublicShare</h3>
 setting the window title in a public share HTML page. </p></td>
                 </tr>
               
+                <tr>
+                  <td>signature</td>
+                  <td><a href="#cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</a></td>
+                  <td></td>
+                  <td><p>OPTIONAL.
+A time constrained token with which
+GetPublicSharebyToken requests can be
+authenticated. </p></td>
+                </tr>
+              
+            </tbody>
+          </table>
+
+          
+
+        
+      
+        <h3 id="cs3.sharing.link.v1beta1.PublicShareAuthentication">PublicShareAuthentication</h3>
+        <p>The mechanism to authenticate a request to</p><p>GetPublicShareByToken.</p>
+
+        
+          <table class="field-table">
+            <thead>
+              <tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
+            </thead>
+            <tbody>
+              
+                <tr>
+                  <td>password</td>
+                  <td><a href="#string">string</a></td>
+                  <td></td>
+                  <td><p>The password of the share. </p></td>
+                </tr>
+              
+                <tr>
+                  <td>signature</td>
+                  <td><a href="#cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</a></td>
+                  <td></td>
+                  <td><p>The signature issued by GetPublicShareByToken. </p></td>
+                </tr>
+              
             </tbody>
           </table>
 
@@ -9332,6 +9418,39 @@ <h3 id="cs3.sharing.link.v1beta1.PublicShareReference">PublicShareReference</h3>
 
         
       
+        <h3 id="cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</h3>
+        <p>A time constrained token which can be used to</p><p>authenticate link share requests.</p>
+
+        
+          <table class="field-table">
+            <thead>
+              <tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
+            </thead>
+            <tbody>
+              
+                <tr>
+                  <td>signature</td>
+                  <td><a href="#string">string</a></td>
+                  <td></td>
+                  <td><p>REQUIRED.
+The signature value. </p></td>
+                </tr>
+              
+                <tr>
+                  <td>signature_expiration</td>
+                  <td><a href="#cs3.types.v1beta1.Timestamp">cs3.types.v1beta1.Timestamp</a></td>
+                  <td></td>
+                  <td><p>REQUIRED.
+The time until the signature becomes invalid. </p></td>
+                </tr>
+              
+            </tbody>
+          </table>
+
+          
+
+        
+      
 
       
 
diff --git a/proto.lock b/proto.lock
