upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
68045 commits 651 branches 1179 tags 8.1 GiB
Commit graph

466 commits

Author SHA1 Message Date
Joas Schilling
3a6bc7aba2
fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Côme Chilliet
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls 
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-04-20 16:52:38 +02:00
Joas Schilling
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text 
feat(SpeechToText): Add SpeechToText OCP provider API
 2023-04-19 16:29:44 +02:00
Christoph Wurst
a06898a2d0 fix(security)!: Use consistent HTTP status for strict cookie checks 
Before: 503/412
Now: 412 + json body explaining the error

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-17 16:06:37 +00:00
Marcel Klehr
317521b607 feat(SpeechToText): Add SpeechToText provider API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-04-11 14:59:57 +02:00
Côme Chilliet
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +02:00
Joas Schilling
2b49861679
Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
c297f8ee96
feat(appframework): Make ITimeFactory extend \PSR\Clock\ClockInterface 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-03 15:37:13 +01:00
Julius Härtl
3e63298381
feat(translations): Add translation provider API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-27 16:52:03 +01:00
Julius Härtl
90d2cb09b1
Merge pull request #36396 from nextcloud/fix/cors 2023-02-17 09:42:08 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Julius Härtl
a705132c8d
Merge pull request #36656 from nextcloud/route-instrumentation 2023-02-14 10:12:19 +01:00
Julius Härtl
610a203d31
Merge pull request #36525 from nextcloud/fix/noid/params-put 
fix: Only get params from PUT content if possible
 2023-02-13 10:25:52 +01:00
Robin Appelman
b68be79464 more routing performance instrumentation 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-10 11:12:26 +01:00
Robin Appelman
fe78ef7a38 instrumentation for app booting 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Robin Appelman
08e7b20c43 add more performance instrumentation for app registering 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Ferdinand Thiessen
ba8a50c059 fix: Throw NotFoundExceptionInterface to fulfill PSR container interface if class not found 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-06 14:16:35 +01:00
Julius Härtl
dc3916e27c
fix: Only get params from PUT content if possible 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-03 22:30:04 +01:00
Louis Chemineau
4ab3c16403 Pluggable share provider 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-02-02 15:41:26 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
907ff68bfc
perf(app-framework): Make the app middleware registration lazy 
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:27:24 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
2a5e18b67a
Fix types in OCS json answer (status code is an int) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
f2cdc4f47d
Fix crash in OCS when getting info about an application 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
0c466b7ff5
Attempt at reducing psalm errors 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Joas Schilling
0af4e9d4fe
Merge pull request #34172 from audriga/add-scim-json-support 
Add support for application/scim+json
 2022-12-20 08:58:33 +01:00
Côme Chilliet
cf508c1e47 Use strict typing in base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Stanimir Bozhilov
7dcd6eb561
Merge branch 'master' into add-scim-json-support 
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
 2022-12-19 09:07:38 +01:00
Vincent Petry
7adfdf5248
Merge pull request #35537 from nextcloud/fix/dependency-injection-error 
Improve dependency injection error message
 2022-12-16 16:49:23 +01:00
Vincent Petry
ae6fe874ed
Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast 
Fix missing cast of double controller parameters
 2022-12-16 16:18:35 +01:00
Christoph Wurst
b6dd1a1d7b
fix(app framework): Fix missing cast of double controller parameters 
``settype`` allows 'double' as alias of 'float'.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 09:33:52 +01:00
Artur Neumann
81f2857f34
check if params given to API are really an array 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2022-12-15 13:45:22 +05:45
Stanimir Bozhilov
b44befa881 Move JSON content type regex to IRequest and make it a const 2022-12-08 15:11:23 +01:00
Julius Härtl
f0a0bfaaee
Move to str_starts_with 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Julius Härtl
3899de12b7
Skip querying the app container for server namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:05 +01:00
Julius Härtl
d7ecbe32d2
Avoid container dance for appName 
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:04 +01:00
Julien Veyssier
4a3f3beb0b
use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Carl Schwan
2a864ec13c Improve dependency injection error message 
Change from display the name of the parameter to the type of the
parameter. This is that in most cases is usefull.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-01 12:46:01 +01:00
Christoph Wurst
41b2466d35
Clean up and deprecate app container aliases 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 19:42:09 +01:00
Julius Härtl
cea2f79bbd
Improve container return type annotations 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-14 10:45:16 +02:00
Stanimir Bozhilov
46c10c77e1 Fix the JSON content type regex to match all MIME types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-26 11:51:44 +02:00
Stanimir Bozhilov
d80f8f6c82 Type hint JSON content type regex and use preg_match less 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-22 11:25:39 +02:00
Stanimir Bozhilov
f286a9d6ac Use regex for all JSON-related content types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 16:36:01 +02:00
Stanimir Bozhilov
0ace70488a Treat application/json and application/scim+json in same if-block 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 15:31:50 +02:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00