From 09cc028565fc9029c7b6b2062865f35b1a2f55ed Mon Sep 17 00:00:00 2001
From: Ishank Arora <ishank011@gmail.com>
Date: Mon, 12 Jul 2021 19:50:38 +0200
Subject: [PATCH 1/2] Pass directories with trailing slashes to
 eosclient.GenerateToken

---
 changelog/unreleased/eos-token-dir.md |  3 +++
 pkg/cbox/utils/conversions.go         |  7 ++++++-
 pkg/eosclient/eosbinary/eosbinary.go  | 14 ++++----------
 pkg/storage/utils/eosfs/eosfs.go      | 17 +++++++++++------
 4 files changed, 24 insertions(+), 17 deletions(-)
 create mode 100644 changelog/unreleased/eos-token-dir.md

diff --git a/changelog/unreleased/eos-token-dir.md b/changelog/unreleased/eos-token-dir.md
new file mode 100644
index 0000000000..846bced44f
--- /dev/null
+++ b/changelog/unreleased/eos-token-dir.md
@@ -0,0 +1,3 @@
+Bugfix: Pass directories with trailing slashes to eosclient.GenerateToken
+
+https://github.com/cs3org/reva/pull/1883
diff --git a/pkg/cbox/utils/conversions.go b/pkg/cbox/utils/conversions.go
index 12a5510a89..18c5cda704 100644
--- a/pkg/cbox/utils/conversions.go
+++ b/pkg/cbox/utils/conversions.go
@@ -19,6 +19,7 @@
 package utils
 
 import (
+	"strings"
 	"time"
 
 	grouppb "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1"
@@ -165,7 +166,11 @@ func FormatUserID(u *userpb.UserId) string {
 
 // ExtractUserID retrieves a CS3API user ID from a string
 func ExtractUserID(u string) *userpb.UserId {
-	return &userpb.UserId{OpaqueId: u}
+	t := userpb.UserType_USER_TYPE_PRIMARY
+	if strings.HasPrefix(u, "guest:") {
+		t = userpb.UserType_USER_TYPE_LIGHTWEIGHT
+	}
+	return &userpb.UserId{OpaqueId: u, Type: t}
 }
 
 // FormatGroupID formats a CS3API group ID to a string
diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go
index 34286da4dd..10044983f7 100644
--- a/pkg/eosclient/eosbinary/eosbinary.go
+++ b/pkg/eosclient/eosbinary/eosbinary.go
@@ -304,7 +304,7 @@ func (c *Client) AddACL(ctx context.Context, auth, rootAuth eosclient.Authorizat
 			Key:  lwShareAttrKey,
 			Val:  sysACL,
 		}
-		if err = c.SetAttr(ctx, auth, sysACLAttr, true, path); err != nil {
+		if err = c.SetAttr(ctx, auth, sysACLAttr, finfo.IsDir, path); err != nil {
 			return err
 		}
 		return nil
@@ -361,7 +361,7 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori
 			Key:  lwShareAttrKey,
 			Val:  sysACL,
 		}
-		if err = c.SetAttr(ctx, auth, sysACLAttr, true, path); err != nil {
+		if err = c.SetAttr(ctx, auth, sysACLAttr, finfo.IsDir, path); err != nil {
 			return err
 		}
 		return nil
@@ -373,13 +373,6 @@ func (c *Client) RemoveACL(ctx context.Context, auth, rootAuth eosclient.Authori
 		args = append(args, "--sys", "--recursive")
 	} else {
 		args = append(args, "--user")
-		userACLAttr := &eosclient.Attribute{
-			Type: SystemAttr,
-			Key:  "eval.useracl",
-		}
-		if err = c.UnsetAttr(ctx, auth, userACLAttr, path); err != nil {
-			return err
-		}
 	}
 	args = append(args, sysACL, path)
 
@@ -509,6 +502,7 @@ func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, at
 	if !isValidAttribute(attr) {
 		return errors.New("eos: attr is invalid: " + serializeAttribute(attr))
 	}
+
 	args := []string{"attr", "-r", "rm", fmt.Sprintf("%d.%s", attr.Type, attr.Key), path}
 	_, _, err := c.executeEOS(ctx, args, auth)
 	if err != nil {
@@ -699,7 +693,7 @@ func (c *Client) ReadVersion(ctx context.Context, auth eosclient.Authorization,
 // GenerateToken returns a token on behalf of the resource owner to be used by lightweight accounts
 func (c *Client) GenerateToken(ctx context.Context, auth eosclient.Authorization, p string, a *acl.Entry) (string, error) {
 	expiration := strconv.FormatInt(time.Now().Add(time.Duration(c.opt.TokenExpiry)*time.Second).Unix(), 10)
-	args := []string{"token", "--permission", a.Permissions, "--tree", "--path", path.Clean(p) + "/", "--expires", expiration}
+	args := []string{"token", "--permission", a.Permissions, "--tree", "--path", p, "--expires", expiration}
 	stdout, _, err := c.executeEOS(ctx, args, auth)
 	return stdout, err
 }
diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go
index a4affa4fe9..6110fd1386 100644
--- a/pkg/storage/utils/eosfs/eosfs.go
+++ b/pkg/storage/utils/eosfs/eosfs.go
@@ -191,6 +191,7 @@ func NewEOSFS(c *Config) (storage.FS, error) {
 			Keytab:              c.Keytab,
 			SecProtocol:         c.SecProtocol,
 			VersionInvariant:    c.VersionInvariant,
+			TokenExpiry:         c.TokenExpiry,
 		}
 		eosClient, err = eosbinary.New(eosClientOpts)
 	}
@@ -456,7 +457,7 @@ func (fs *eosfs) SetArbitraryMetadata(ctx context.Context, ref *provider.Referen
 			Val:  v,
 		}
 
-		// TODO(labkode): SetArbitraryMetadata does not has semantic for recursivity.
+		// TODO(labkode): SetArbitraryMetadata does not have semantics for recursivity.
 		// We set it to false
 		err := fs.c.SetAttr(ctx, auth, attr, false, fn)
 		if err != nil {
@@ -1750,29 +1751,33 @@ func (fs *eosfs) getEOSToken(ctx context.Context, u *userpb.User, fn string) (eo
 		},
 	}
 
-	var a *acl.Entry
+	perm := "rwx"
 	for _, e := range info.SysACL.Entries {
 		if e.Type == acl.TypeLightweight && e.Qualifier == u.Id.OpaqueId {
-			a = e
+			perm = e.Permissions
 			break
 		}
 	}
 
 	p := path.Clean(fn)
 	for p != "." && p != fs.conf.Namespace {
-		key := p + "!" + a.Permissions
+		key := p + "!" + perm
 		if tknIf, err := fs.tokenCache.Get(key); err == nil {
 			return eosclient.Authorization{Token: tknIf.(string)}, nil
 		}
 		p = path.Dir(p)
 	}
 
-	tkn, err := fs.c.GenerateToken(ctx, auth, fn, a)
+	if info.IsDir {
+		// EOS expects directories to have a trailing slash when generating tokens
+		fn = path.Clean(fn) + "/"
+	}
+	tkn, err := fs.c.GenerateToken(ctx, auth, fn, &acl.Entry{Permissions: perm})
 	if err != nil {
 		return eosclient.Authorization{}, err
 	}
 
-	key := path.Clean(fn) + "!" + a.Permissions
+	key := path.Clean(fn) + "!" + perm
 	_ = fs.tokenCache.SetWithExpire(key, tkn, time.Second*time.Duration(fs.conf.TokenExpiry))
 
 	return eosclient.Authorization{Token: tkn}, nil

From 93f7a6c27a2b885303fc49321790501c028eac58 Mon Sep 17 00:00:00 2001
From: Ishank Arora <ishank011@gmail.com>
Date: Tue, 13 Jul 2021 12:53:00 +0200
Subject: [PATCH 2/2] Refactor rest cache

---
 pkg/cbox/user/rest/cache.go | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/pkg/cbox/user/rest/cache.go b/pkg/cbox/user/rest/cache.go
index 418cf8fa2b..5361f0c164 100644
--- a/pkg/cbox/user/rest/cache.go
+++ b/pkg/cbox/user/rest/cache.go
@@ -41,22 +41,15 @@ func initRedisPool(address, username, password string) *redis.Pool {
 		IdleTimeout: 240 * time.Second,
 
 		Dial: func() (redis.Conn, error) {
-			var c redis.Conn
-			var err error
-			switch {
-			case username != "":
-				c, err = redis.Dial("tcp", address,
-					redis.DialUsername(username),
-					redis.DialPassword(password),
-				)
-			case password != "":
-				c, err = redis.Dial("tcp", address,
-					redis.DialPassword(password),
-				)
-			default:
-				c, err = redis.Dial("tcp", address)
+			var opts []redis.DialOption
+			if username != "" {
+				opts = append(opts, redis.DialUsername(username))
+			}
+			if password != "" {
+				opts = append(opts, redis.DialPassword(password))
 			}
 
+			c, err := redis.Dial("tcp", address, opts...)
 			if err != nil {
 				return nil, err
 			}