crowetic/Qortal-Nextcloud-Integration
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Qortal-Nextcloud-Integration/README.md
T

246 lines
10 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Qortal Nextcloud Integration
This repository bootstraps a local development setup for integrating Qortal identity/auth flows with Nextcloud.
## Current scope
1. Local Nextcloud development stack via Docker Compose.
2. A TypeScript broker service for:
- Nextcloud provisioning bridge (create/link users).
- OIDC authorization-code flow (`/authorize`, `/token`, `/userinfo`, `/jwks`).
3. Nextcloud app for:
- admin setup + onboarding workflows,
- user selfservice wallet import/linking,
- QApps gateway proxy + embedded launcher,
- Qortal Account dashboard (live auth validation).
4. Initial architecture and phased implementation notes.
## Repo layout
- `docker-compose.yml`: MySQL/MariaDB local stack.
- `docker-compose.postgres.yml`: PostgreSQL local stack.
- `.env.example`: environment variables for local stack.
- `.env.postgres.example`: environment variables for PostgreSQL stack.
- `Makefile`: helper commands for startup and Nextcloud `occ` tasks.
- `docs/concept.md`: phase plan, contracts, and milestones.
- `docs/external-auth-integration.md`: Qortal External Auth hookup and commands.
- `docs/master-goals.md`: full goals, architecture boundaries, and delivery phases.
- `docs/nextcloud-admin-app.md`: usage for the custom Nextcloud admin app.
- `docs/nextcloud-app-roadmap.md`: roadmap for the custom Nextcloud app.
- `docs/nextcloud-oidc-setup.md`: working `user_oidc` configuration + policy notes.
- `docs/nextcloud-vm-setup.md`: production-style setup for Nextcloud VM.
- `docs/devprod-ssl.md`: HTTPS-enabled dev-prod Docker stack.
- `docs/features-list.md`: full current feature inventory.
- `docs/settings-matrix.md`: admin/personal settings behavior matrix.
- `docs/scripts-reference.md`: script usage and recommended execution flows.
- `docs/testing-guide.md`: end-to-end onboarding test paths and expected results.
- `nextcloud/custom_apps/qortal_integration`: custom admin app for Qortal management inside Nextcloud.
- `nextcloud/html`: bind-mounted Nextcloud web root for Docker stacks.
- `nextcloud/data`: bind-mounted Nextcloud data directory for Docker stacks.
- `services/qortal-oidc-broker`: Node/TypeScript broker + provisioning bridge starter.
- `external-auth/data`: bind-mounted data for bundled External Auth container.
- `qortal/data`: bind-mounted data for bundled Qortal node container.
## Quickstart
1. Run the guided dev setup:
- `./start-dev.sh`
2. Follow logs until Nextcloud is installed:
- `make logs`
3. Open Nextcloud:
- `http://localhost:8080`
4. Install the OIDC app in Nextcloud:
- `make install-oidc`
5. Enable the Qortal integration app:
- `make occ cmd="app:enable qortal_integration"`
Devprod (HTTPS) quickstart:
1. Run guided devprod setup:
- `./start-devprod.sh`
2. Rebuild/recreate after env changes:
- `./recreate-devprod.sh`
- (this now disables/enables the app automatically)
Production-oriented Docker bootstrap:
1. Run installer baseline:
- `./scripts/install-production-docker.sh --mode nossl --with-external-auth`
2. Verify services:
- `docker compose -f docker-compose.devprod.nossl.yml --env-file .env.devprod ps`
PostgreSQL option:
1. (Optional) copy PG env file:
- `cp .env.postgres.example .env.postgres`
2. Start PostgreSQL stack:
- `make up-pg`
3. Stop PostgreSQL stack:
- `make down-pg`
## Useful commands
- MySQL env behavior: `Makefile` uses `.env` if present, otherwise `.env.example`.
- PostgreSQL env behavior: `Makefile` uses `.env.postgres` if present, otherwise `.env.postgres.example`.
- Start: `make up`
- Stop: `make down`
- Logs: `make logs`
- List services: `make ps`
- Run Nextcloud `occ`: `make occ cmd="app:list"`
- Start (PostgreSQL): `make up-pg`
- Stop (PostgreSQL): `make down-pg`
- Logs (PostgreSQL): `make logs-pg`
- List services (PostgreSQL): `make ps-pg`
- Run Nextcloud `occ` (PostgreSQL): `make occ-pg cmd="app:list"`
- Broker logs: `docker compose logs -f broker`
## Qortal External Auth hookup
The broker now supports authenticated calls to your External Auth API.
1. Register an app in your external auth API (or reuse an existing app):
- `POST /apps/register`
2. Set these in `.env` (or `.env.postgres`):
- `BROKER_INTERNAL_API_TOKEN` (required for broker internal APIs)
- `BROKER_CORS_ALLOWED_ORIGINS` (recommended: your Nextcloud public URL)
- `QORTAL_EXTERNAL_AUTH_BASE_URL` (for Docker Desktop: usually `http://gateway.docker.internal:3191`)
- `QORTAL_EXTERNAL_AUTH_APP_ID`
- `QORTAL_EXTERNAL_AUTH_APP_SECRET`
- If your node requires API keys, also set:
- `QORTAL_AUTH_NODE_API_KEY`
- `QORTAL_AUTH_NODE_API_KEY_MODE`
- `QORTAL_AUTH_NODE_API_KEY_PATHS`
3. Restart broker:
- `make up`
Useful broker endpoints:
- `GET /api/qortal/health` (connectivity check)
- `GET /api/qortal/wallets` (wallets accessible to configured app creds)
- `POST /api/qortal/wallets` (create wallet via configured app creds)
- `GET /api/oidc/allowlist` (list allowlisted Qortal addresses for auto-provision)
- `POST /api/oidc/allowlist` (add allowlisted Qortal address)
- `POST /api/oidc/allowlist/remove` (remove allowlisted Qortal address)
- `GET /api/oidc/invites` (list invite tokens)
- `POST /api/oidc/invites` (create invite token)
- `POST /api/oidc/invites/revoke` (revoke invite token)
- `POST /api/provision/upsert-from-wallet` (provision/link via walletId -> address0)
- `POST /api/provision/import-seed-link` (import existing seed + link to Nextcloud user)
- `POST /api/provision/import-backup-link` (import encrypted backup JSON + link to Nextcloud user)
- `POST /api/provision/unlink` (remove mapping)
- `GET /api/provision/mappings/by-nextcloud/:nextcloudUserId` (list mappings for one Nextcloud user)
- `GET /api/provision/mappings` (list persisted mappings)
Internal API security:
- Broker internal APIs under `/api/qortal/*`, `/api/provision/*`, and `/api/oidc/*` require `BROKER_INTERNAL_API_TOKEN`.
- Nextcloud app sends this token automatically when configured via:
- Env in app container: `QORTAL_BROKER_INTERNAL_API_TOKEN` (recommended for docker stacks), or
- Nextcloud Admin setting: `Broker Internal API Token`.
- In bundled devprod stacks, helper scripts auto-generate the token in `.env.devprod`.
Custom Nextcloud app:
- Open Nextcloud Admin settings and go to `Qortal Integration` section.
- Configure broker URL and test connectivity directly from Nextcloud UI.
- Run setup actions from UI:
- wallet create/list
- mapping link/list
- allowlist and invite management for guarded auto-provision
- User self-service panel in Personal Settings:
- import existing wallet by seed or backup JSON + link to current user
- remove linked accounts
- list linked accounts for current user
- Qortal Account dashboard:
- `/apps/qortal_integration/account` (live auth validation)
- Q-Apps launcher:
- `/apps/qortal_integration/qapps` (embedded gateway)
Broker persistence:
- Broker mappings are now stored in PostgreSQL (`identity_mapping` table).
- Configure via `BROKER_DATABASE_URL` and broker DB env vars in `.env`.
## Bundled Qortal node
All compose stacks now include a `qortal_node` container by default:
- Build context defaults to `QORTAL_NODE_CONTEXT=../qortal`
- Node API is published to host via:
- `QORTAL_NODE_API_BIND_HOST` / `QORTAL_NODE_API_HOST_PORT` (default `127.0.0.1:12391`)
- Node P2P is published to host via:
- `QORTAL_NODE_P2P_BIND_HOST` / `QORTAL_NODE_P2P_HOST_PORT` (default `0.0.0.0:12392`)
- Node QDN data is published to host via:
- `QORTAL_NODE_QDN_BIND_HOST` / `QORTAL_NODE_QDN_HOST_PORT` (default `0.0.0.0:12394`)
- External Auth defaults to use the internal node URL:
- `QORTAL_AUTH_NODE_URL=http://qortal_node:12391`
- `QORTAL_AUTH_NODE_API_KEY` (set this when the node requires `X-API-KEY`)
- `QORTAL_AUTH_NODE_API_KEY_MODE=paths`
- `QORTAL_AUTH_NODE_API_KEY_PATHS=/` (send key header for all node API calls)
- Default node settings template:
- `deploy/templates/qortal/default-node-settings.json`
- `scripts/ensure-qortal-settings.sh` initializes `qortal/data/settings.json` from this template when missing (never overwrites existing settings).
- Default JVM start args:
- `scripts/ensure-qortal-start-args.sh` initializes `qortal/data/start-arguments.txt` when missing.
- Container startup reads that file on every restart, so you can tune memory without reinstall.
- Default value: `-XX:MaxRAMPercentage=25 -XX:+UseG1GC -Xss1024k`
- Optional env seed for first-run/empty file: `QORTAL_JVM_MEMORY_ARGS`
When using `./start-dev.sh`, `./start-devprod.sh`, or `./recreate-devprod.sh`,
the script auto-selects `QORTAL_NODE_API_HOST_PORT` in this order:
1. `12391`
2. `22391`, `32391`, `42391`, `52391`
3. `12291`, `22291`, `32291`, `42291`, `52291`
Then it sets:
- `QORTAL_NODE_P2P_HOST_PORT` to `QORTAL_NODE_API_HOST_PORT + 1`
- `QORTAL_NODE_QDN_HOST_PORT` to `QORTAL_NODE_API_HOST_PORT + 3`
## Qortal reverse proxy templates
Installer-ready templates for exposing a local node as both API/render and gateway:
- `deploy/templates/proxy/nginx-qortal-node.conf.template`
- `deploy/templates/proxy/apache-qortal-node.conf.template`
- `deploy/templates/proxy/README.md`
## Smoke test
Create/link a Nextcloud user from the broker:
```bash
curl -sS http://localhost:3000/api/provision/upsert \
-H "X-Broker-Internal-Token: ${BROKER_INTERNAL_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"qortalAddress": "QTESTADDRESS1234567890ABCDEFG",
"displayName": "Qortal Test",
"email": "qortal-test@example.com"
}'
```
Expected first-call behavior:
- `created: true` with a new mapping created.
- If Nextcloud user creation is needed, broker uses an internal random password that is never returned.
Expected repeated-call behavior:
- `created: false` with same `nextcloudUserId` mapping.
Provision/link from wallet (uses Qortal External Auth):
```bash
curl -sS http://localhost:3000/api/provision/upsert-from-wallet \
-H "X-Broker-Internal-Token: ${BROKER_INTERNAL_API_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"walletId": "YOUR_WALLET_ID",
"displayName": "Qortal Wallet User",
"email": "wallet-user@example.com"
}'
```
## Next step focus
- Add admin onboarding campaign APIs + audit events.
- Add Nextcloud app UI for mapping management and campaign triggering.
- Add stricter signed-nonce verification once External Auth exposes a dedicated verify endpoint.
- Add Q-App launch policy + signed launch token flow.
Reference in New Issue View Git Blame Copy Permalink