Replies: 1 comment
-
|
Product Board - discussion with the team
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
User stories
cd ..cheat code, I am able to sniff all the files of the userDid these situations sound familiar to you?
To me, yes. That's why I am suggesting both a security and convenience feature to remedy to these problems: App-scoped storages
Design
This feature could be compared to what already exists with Google Drive and iCloud Drive, but (still) not landed (yet) on self hosting platforms like Nextcloud.
The idea is pretty simple: If an app would like to take advantage of the sync capabilities of my cloud storage, but does not require access my own personal files, I will allocate it a private space where it could store its data.
This storage space will act as a chroot jail for the app (it will be unable to see other files), and from a user standpoint, these files could still be seen (as a transparency guarantee), but will be isolated from the rest of my files (e.g. behind an "App Storage" option on the sidebar)
Implementation
Storage
This feature could be implemented by using a hidden special folder in the directory tree of the user's personal space, like:
The main drawback is the user will now be disallowed to create a
._AppSpacefolder in its root directory.The alternative solution would be to move the whole user root into a directory, but this would be a severe breaking change:
Note that the proposed architecture in these examples include app folders with two different kinds of naming conventions (custom and reverse dns). That's because in a first time the token generation will be entirely manual, but in an ideal world, the apps requesting WebDAV access would use OAuth2 directly against the OpenCloud server, and app name would become more unified.
An icon.png file is also present on each App directory, to provide the app icon and therefore show it on the corresponding folder icon (for convenience, again). Ideally, the OAuth2 login connection by apps would also directly provide the server with the icon, so the file would no longer be required.
User experience
For a user, how to grant an App Space?
The most obvious place to implement this would be the App Token page in the user settings.
When creating an app token, the webui will ask between two options:
Why so much steps for an App Storage token?
For the sake of security. On the end of the day, the Token page would look like this:
The main benefits of asking for both the app name and the device are as follows:
And about the ideal login method for apps:
The reverse dns name is used for the App Storage directory name and the icon file is cached by the server (or stored as the icon.png file)
Well... That's a LOT of reading, I know... But this idea was stuck in my head for a long time!
What do you think of this idea?
Beta Was this translation helpful? Give feedback.
All reactions