removed "ex_apps_api_scopes" table (#262)

We hold pre-defined API Scopes in memory only.

Anyway we currently do not supporting defining API Scopes at runtime and
not sure that we will in future, so better to make it simpler and faster
for now.

---------

Signed-off-by: Alexander Piskun <[email protected]>

CHANGELOG.md

@@ -5,12 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [2.4.0 - 2024-04-0x]
+## [2.4.0 - 2024-04-04]
 
 ### Added
 
 - API for listening to file system events. #259
 
+### Changed
+
+- Optimizations(1) related to speed up handling the incoming ExApps requests. #262
+- `occ app_api:scopes:list` command removed as not needed. #262
+
 ### Fixed
 
 - Corrected error handling for `occ` commands: `register` and `update`. #258

appinfo/info.xml

@@ -91,7 +91,6 @@ to join us in shaping a more versatile, stable, and secure app landscape.
 		<command>OCA\AppAPI\Command\Daemon\RegisterDaemon</command>
 		<command>OCA\AppAPI\Command\Daemon\UnregisterDaemon</command>
 		<command>OCA\AppAPI\Command\Daemon\ListDaemons</command>
-		<command>OCA\AppAPI\Command\ApiScopes\ListApiScopes</command>
 	</commands>
 	<settings>
 		<admin>OCA\AppAPI\Settings\Admin</admin>

docs/ManagingExternalApplications.rst

@@ -116,13 +116,6 @@ System user
 
 System user (``[system user]``) in the list means that this ExApp was setup as a system ExApp.
 
-List ExApp Scopes
------------------
-
-List accepted scopes (see :ref:`api_scopes`) for ExApp.
-
-Command: ``app_api:app:scopes:list <appid>``
-
 Using the ExApp Management UI
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/tech_details/ApiScopes.rst

@@ -40,9 +40,6 @@ tailored access to the functionalities they need, enhancing performance and user
 As Nextcloud evolves, this list of API groups will continue to grow, offering developers a wide array of tools
 to create innovative and efficient applications.
 
-The command to list registered scopes, `occ app_api:scopes:list`, remains an invaluable tool for developers
-and administrators, offering a quick and easy way to verify the API scopes available and required by applications within the Nextcloud platform.
-
 The streamlined approach to API scopes not only simplifies the application development process
 but also aligns with best practices in software design, emphasizing clarity, security, and efficiency.
 This refinement in the handling of API scopes reflects Nextcloud's commitment to providing a robust and developer-friendly platform.

docs/tech_details/Authentication.rst

@@ -89,3 +89,11 @@ After successful authentication AppAPI sets `app_api` session key to ``true``.
 	$this->session->set('app_api', true);
 
 .. note:: The Nextcloud server verifies this session key and allows **CORS protection** and **Two-Factor authentication** to be bypassed for requests coming from ExApps.
+
+For ``System`` applications additional flag is set:
+
+.. code-block:: php
+
+	$this->session->set('app_api_system', true);
+
+.. note:: The Nextcloud Server skips rate limiting for requests coming from ``System`` ExApps.

lib/Command/ExApp/Register.php

@@ -132,7 +132,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		$appInfo['port'] = $appInfo['port'] ?? $this->exAppService->getExAppFreePort();
 		$appInfo['secret'] = $appInfo['secret'] ?? $this->random->generate(128);
 		$appInfo['daemon_config_name'] = $appInfo['daemon_config_name'] ?? $daemonConfigName;
-		$appInfo['api_scopes'] = array_values($this->exAppApiScopeService->mapScopeNamesToNumbers($appInfo['external-app']['scopes']));
+		$appInfo['api_scopes'] = array_values($this->exAppApiScopeService->mapScopeGroupsToNumbers($appInfo['external-app']['scopes']));
 		$exApp = $this->exAppService->registerExApp($appInfo);
 		if (!$exApp) {
 			$this->logger->error(sprintf('Error during registering ExApp %s.', $appId));
@@ -142,7 +142,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			return 3;
 		}
 		if (count($appInfo['external-app']['scopes']) > 0) {
-			if (!$this->exAppScopesService->registerExAppScopes($exApp, $this->exAppApiScopeService->mapScopeNamesToNumbers($appInfo['external-app']['scopes']))) {
+			if (!$this->exAppScopesService->registerExAppScopes($exApp, $this->exAppApiScopeService->mapScopeGroupsToNumbers($appInfo['external-app']['scopes']))) {
 				$this->logger->error(sprintf('Error while registering API scopes for %s.', $appId));
 				if ($outputConsole) {
 					$output->writeln(sprintf('Error while registering API scopes for %s.', $appId));

lib/Command/ExApp/Update.php

@@ -171,7 +171,7 @@ private function updateExApp(InputInterface $input, OutputInterface $output, str
 			}
 		}
 
-		$appInfo['api_scopes'] = array_values($this->exAppApiScopeService->mapScopeNamesToNumbers($appInfo['external-app']['scopes']));
+		$appInfo['api_scopes'] = array_values($this->exAppApiScopeService->mapScopeGroupsToNumbers($appInfo['external-app']['scopes']));
 		if (!$this->exAppService->updateExAppInfo($exApp, $appInfo)) {
 			$this->logger->error(sprintf('Failed to update ExApp %s info', $appId));
 			if ($outputConsole) {
@@ -244,7 +244,7 @@ private function updateExApp(InputInterface $input, OutputInterface $output, str
 			return $exAppScope->getScopeGroup();
 		}, $this->exAppScopeService->getExAppScopes($exApp));
 		// Prepare for prompt of newly requested ExApp scopes
-		$requiredScopes = $this->compareExAppScopes($currentExAppScopes, $appInfo['external-app']['scopes']);
+		$requiredScopes = array_values(array_diff($this->exAppApiScopeService->mapScopeGroupsToNumbers($appInfo['external-app']['scopes']), $currentExAppScopes));
 
 		$forceScopes = (bool) $input->getOption('force-scopes');
 		$confirmScopes = $forceScopes;
@@ -269,7 +269,7 @@ private function updateExApp(InputInterface $input, OutputInterface $output, str
 		}
 
 		if (!$this->exAppScopeService->registerExAppScopes(
-			$exApp, $this->exAppApiScopeService->mapScopeNamesToNumbers($appInfo['external-app']['scopes']))
+			$exApp, $this->exAppApiScopeService->mapScopeGroupsToNumbers($appInfo['external-app']['scopes']))
 		) {
 			$this->logger->error(sprintf('Failed to update ExApp %s scopes.', $appId));
 			if ($outputConsole) {
@@ -293,15 +293,4 @@ private function updateExApp(InputInterface $input, OutputInterface $output, str
 		}
 		return 0;
 	}
-
-	/**
-	 * Compare ExApp scopes and return difference (new requested)
-	 *
-	 * @param array $currentExAppScopes
-	 * @param array $newExAppScopes
-	 * @return array
-	 */
-	private function compareExAppScopes(array $currentExAppScopes, array $newExAppScopes): array {
-		return array_values(array_diff($this->exAppApiScopeService->mapScopeNamesToNumbers($newExAppScopes), $currentExAppScopes));
-	}
 }

lib/Migration/DataInitializationStep.php

@@ -5,14 +5,12 @@
 namespace OCA\AppAPI\Migration;
 
 use OCA\AppAPI\DeployActions\AIODockerActions;
-use OCA\AppAPI\Service\ExAppApiScopeService;
 
 use OCP\Migration\IOutput;
 use OCP\Migration\IRepairStep;
 
 class DataInitializationStep implements IRepairStep {
 	public function __construct(
-		private readonly ExAppApiScopeService $service,
 		private readonly AIODockerActions     $AIODockerActions,
 	) {
 	}
@@ -22,12 +20,6 @@ public function getName(): string {
 	}
 
 	public function run(IOutput $output): void {
-		if ($this->service->registerInitScopes()) {
-			$output->info('API scopes successfully initialized');
-		} else {
-			$output->warning('Failed to initialize API scopes');
-		}
-
 		// If in AIO - automatically register default DaemonConfig
 		if ($this->AIODockerActions->isAIO()) {
 			$output->info('AIO installation detected. Registering default daemon');

lib/Migration/Version2204Date20240403125002.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\AppAPI\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version2204Date20240403125002 extends SimpleMigrationStep {
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 *
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		if ($schema->hasTable('ex_apps_api_scopes')) {
+			$schema->dropTable('ex_apps_api_scopes');
+		}
+
+		return $schema;
+	}
+}

lib/Service/AppAPIService.php

@@ -285,16 +285,16 @@ public function validateExAppRequestToNC(IRequest $request, bool $isDav = false)
 				}
 
 				// BASIC ApiScope is granted to all ExApps (all API routes with BASIC scope group).
-				if ($apiScope->getScopeGroup() !== ExAppApiScopeService::BASIC_API_SCOPE) {
-					if (!$this->exAppScopesService->passesScopeCheck($exApp, $apiScope->getScopeGroup())) {
+				if ($apiScope['scope_group'] !== ExAppApiScopeService::BASIC_API_SCOPE) {
+					if (!$this->exAppScopesService->passesScopeCheck($exApp, $apiScope['scope_group'])) {
 						$this->logger->error(sprintf('ExApp %s not passed scope group check %s', $exApp->getAppid(), $path));
 						return false;
 					}
 				}
 			}
 
 			// For APIs that not assuming work under user context we do not check ExApp users
-			if ((!$exApp->getIsSystem()) && (($apiScope === null) or ($apiScope->getUserCheck()))) {
+			if ((!$exApp->getIsSystem()) && (($apiScope === null) or ($apiScope['user_check']))) {
 				try {
 					if (!$this->exAppUsersService->exAppUserExists($exApp->getAppid(), $userId)) {
 						$this->logger->error(sprintf('ExApp %s user %s does not exist', $exApp->getAppid(), $userId));