[Owncloud] urlrouting

Frank Karlitschek frank at owncloud.org
Thu Mar 15 02:44:35 UTC 2012


On 15.03.2012, at 00:47, Roland van Laar <roland at micite.net> wrote:

> On 03/14/2012 01:49 PM, Frank Karlitschek wrote:
>> On 14.03.2012, at 01:46, Roland van Laar<roland at micite.net>  wrote:
>> 
>>> Hello,
>>> 
>> Hi Roland,
>> 
>> thank you for your contribution.
> It's nice to be thanked.
> 
>>> I added a url routing feature to owncloud.
>>> For now only the root index and the files/index.php work.
>>> lib/setup.php is also patched to setup a correct .htaccess when it's deployed behind Apache.
>> How does it work if ownCloud is running on a webserver other than apache or if rewrite support is not installed or the user is not allowed to configure rewrites in .htaccess or can´t use .htaccess files at all?
> First, for now it doesn't work when rewriting isn't enabled. (I didn't make a merge request because it's not merge ready).
> 
> And secondly, owncloud shouldn't work when rewrites and/or .htaccess files (or equivalent) aren't possible.
> See my earlier mails about security[1][2] and klaas' response [3]
> and my merge-request[4] which aims to fix this for .htaccess files and Apache.

If .htaccess files are not possible or a different webservers than apache is used than it´s still safe to use ownCloud if the data directory is located outside the htdocs folder. This is the recommended setup for our IIS, nginx, lighttpd or other webserver users.
I agree that we should improve the checks during installation and show a proper security warning to the user if the setup is not secure.



>> One of the main design goal of ownCloud is that is should run on as many servers as possible without problems and don´t require manual configuration from the user.
> 
> That's a good and noble goal, although the 'run everywhere' matra shouldn't come before basic security
> because private files that are accessible for the whole world is a bit of a problem.

sure. But it is of course possible to setup ownCloud in a secure way as described above.


>> 
>>> One of the reasons to add urlrouting is to allow for cleaner urls in owncloud.
>>> It's now possible to remove the .php ending for example.
>>> Another reason is increased security because with urlrouting only files
>>> included in the url patterns are called from apache.
>>> The other files, such as 3rd party libraries are now only accessible via code.
>> I don´t really see the benefit for ownCloud here. ownCloud is a personal space for files and data and not a public website. So we don´t need to care about SEO urls or Google or how convenient it is to remember, tweet or mail urls. I agree that shorter urls without .php are prettier from an esthetics standpoint but this benefit is not strong enough to justify to make ownCloud incompatible with a lot of our users.
> I don't care about SEO and Google either since it's not useful for owncloud installations.
> I do care about nice urls and security, although in this case mainly security.
> 
> One of the options about not having .php is the ability to be able to rewrite the code in another language or framework
> and still have everything work.
> 
> It also opens up a lot of possibilities for owncloud code wise because files and urls aren't linked 1 on 1.
> 
>>> A dispatch.php is added which becomes the starting point for all non img,ajax, css and js requests.
>>> dispatch.php contains the starting point for urls.
>>> 
>>> An example url patterns:
>>> $urlPatterns = Array(
>>>    Array('url' =>  '^/$', 'file' =>  'index.php'),
>>>    Array('url' =>  '^/index.php$', 'file' =>  'index.php'),
>>>    Array('url' =>  '^/files', 'dir_include' =>  'files/'),
>>> );
>>> 
>>> It's possible to include urls.php files in other directories via the
>>> 'dir_include' =>  dir_name syntax in the Array.
>>> 
>>> The code: https://gitorious.org/~rvanlaar/owncloud/rvanlaars-owncloud-urlrouting
>>> 
>>> What do you think?
>>> Is this something that has the potential to be included in owncloud?
>> 
>> I´m really sorry to say but I think that your proposal is not suitable for ownCloud at the moment.
>> I hate to say this to a new contributor but I hope you understand the reason.
> 
> I do understand it. One of the reasons I published the code now is to get feedback.
> In the ideal case the dispatch code would be a class OC_route in lib.
> That  way the code would be cleaner and tie in with the OwnClouds class loader.
> 
> How can this code become suitable for OwnCloud?
> And is urlrouting something that could be incorporated in OwnCloud?

I think urlrouting is a good idea in general. The challenge here is that ownCloud should run on different webservers and with minimal external dependencies. 
If it´s possible to implement this in a way that we don´t loose existing users than I´m fine with it. But I doubt that this is technically possible to be honest.


>> 
>> I suggest to post to this mailing-list earlier next time if you propose big architectural changes so that we can discuss this before you spend a lot of time coding. :-)
> 
> I'm a bit surprised about you saying this. I did communicate about this idea [5][6].
> I also got some advice about it [7].


Yes. Sorry for my late feedback. I´m on vacation at the moment and I´m still catching up with email. Sorry for that.


> There is even a bug report about it.[8]
> 
> However, I wanted to write code that works, instead of talk a lot about it.
> An idea with code is better than an idea without, and I wanted to have a proof
> of concept.
> 
>> There are a lot of areas in ownCloud where we need help.
>> 
>> If you need some inspiration you can have a look at:
>> http://owncloud.org/dev/junior-jobs/  or
>> http://bugs.owncloud.org/
> 
> Well I worked on bug 135 ;-).

Hehe. Yes. :-)
Not every bug that suggest a big design change is necessary a good idea of course. :-)


> 
>> 
>> It would be awesome if you would help us to improve ownCloud in other areas and become a contributor.
> 
> OwnCloud is an interesting project that I would like  to see become more and more useful.
> I already contributed some code and documentation :-).
> And I would like to contribute more.
> 
> However I would like to see (a bit) more action by the current maintainer/committers.
> I made a merge request [4] and there hasn't been any action on it.
> I also wrote and email about security [2] for the installation page [9]
> because the default install on ubuntu is wide open and I haven't seen that being picked up.

You are right of course. Sorry for the late reply.
I promisse to be more responsive in the future. :-)



>> 
>> Thanks a lot :-)
> 
> Thank you for your time, your reply and your positive words.
> 
> Regards,
> 
> Roland
>> 
>> Cheers
>> Frank
> 
> [1] https://mail.kde.org/pipermail/owncloud/2012-February/002261.html
> [2] https://mail.kde.org/pipermail/owncloud/2012-February/002406.html
> [3] https://mail.kde.org/pipermail/owncloud/2012-February/002414.html
> [4] https://gitorious.org/owncloud/owncloud/merge_requests/93
> [5] https://mail.kde.org/pipermail/owncloud/2012-March/002494.html
> [6] https://mail.kde.org/pipermail/owncloud/2012-March/002515.html
> [7] https://mail.kde.org/pipermail/owncloud/2012-March/002527.html
> [8] http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-135
> [9] http://owncloud.org/support/setup-and-installation/linux-server/
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud




More information about the Owncloud mailing list