Top Menu

Jump to content
Home
    • Projects
    • Work packages
    • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.

    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Professional support

    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?
      Create a new account

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
  • Roadmap
  • Work packages
  • Boards
  • Wiki
    • Table of contents
      • Hierarchy leafFileIDs
      • Hierarchy leafOpenProject edge instance for testing
      • Expanded. Click to collapseCollapsed. Click to showPreparation and Research
        • Hierarchy leafAuthorization and authentication flow
        • Hierarchy leafDevelopment environment
        • Expanded. Click to collapseCollapsed. Click to showFile Upload
          • Hierarchy leafNextcloud's upload API
        • Hierarchy leafLink types in Nextcloud
      • Hierarchy leafRequirements and UX Workshop - November 29, 2021
      • Expanded. Click to collapseCollapsed. Click to showWiki
        • Hierarchy leafSequence Diagram Nextcloud Integration
        • Hierarchy leafcurl API Tests
You are here:
  • Preparation and Research
  • File Upload

Content

File Upload

  • More
    • Print
    • Table of contents

At any point, we will want to implement an upload mechanism in our nextcloud integration. Uploads with the Nextcloud API need logic in the frontend, especially for uploading folders or big files that need chunking.

CORS

Nextcloud has a very restrictive CORS policy, forbidding sending requests to the API from browsers, that are not same origin. For the upload, this will be necessary, as mentioned above. The proposed solution is, using the nextcloud extension WebAppPassword to whitelist additional domains to the CORS policy. In a succeeding step we can check the code of the WebAppPassword , to reimplement the configuration of whitelisted domains to eliminate the need of manual configuration.

Authentication

As the authentication is done by the backend (see explanation), the question remains, how the frontend would authenticate an upload request. Here nextcloud's app passwords could solve the issue. Those are generated, permanent passwords, that can be used together with this user's name in a request.

possible workflow

  • do everything, that is needed to authenticate in backend (different worklow)
  • send request to OP backend asking for access to nextcloud's webdav api for file upload
  • backend generates an app password for the linked nextcloud user of the currently logged in OP user
  • backend responds with the nc user credentials (username and app password)
  • frontend makes upload request
  • when frontend is done (success, abort or error) it tells backend to revoke app password und invalidate the access
  • HINT: backend would need to revoke access in any case, even when frontend doesn't come back with success. After a fixed time?
Loading...