Merge branch 'main' into feat/noid/apppassword-onetime

Author: marinofaggiana

Sources/NextcloudKit/Models/DeclarativeUI/NKClientIntegration.swift

@@ -0,0 +1,65 @@
+// SPDX-FileCopyrightText: Nextcloud GmbH
+// SPDX-FileCopyrightText: 2025 Milen Pivchev
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+import Foundation
+import Alamofire
+
+public struct NKClientIntegration: Codable {
+    public let apps: [String: AppContext]
+
+    public init(from decoder: Decoder) throws {
+         let container = try decoder.container(keyedBy: DynamicKey.self)
+
+         var dict: [String: AppContext] = [:]
+         for key in container.allKeys {
+             let value = try container.decode(AppContext.self, forKey: key)
+             dict[key.stringValue] = value
+         }
+         self.apps = dict
+     }
+
+    public func encode(to encoder: Encoder) throws {
+         var container = encoder.container(keyedBy: DynamicKey.self)
+         for (key, value) in apps {
+             try container.encode(value, forKey: DynamicKey(stringValue: key)!)
+         }
+     }
+
+    public enum Params: String {
+        case fileId = "fileId"
+        case filePath = "filePath"
+    }
+ }
+
+ struct DynamicKey: CodingKey {
+     var stringValue: String
+     var intValue: Int? { nil }
+     init?(stringValue: String) { self.stringValue = stringValue }
+     init?(intValue: Int) { return nil }
+ }
+
+public struct AppContext: Codable {
+    public let version: Double
+    public let contextMenu: [ContextMenuAction]
+
+    enum CodingKeys: String, CodingKey {
+        case version
+        case contextMenu = "context-menu"
+    }
+}
+
+public struct ContextMenuAction: Codable {
+    public let name: String
+    public let url: String
+    public let method: String
+    public let mimetypeFilters: String?
+    public let params: [String: String]?
+    public let icon: String?
+
+    enum CodingKeys: String, CodingKey {
+        case name, url, method, icon, params
+        case mimetypeFilters = "mimetype_filters"
+    }
+}
+

Sources/NextcloudKit/Models/DeclarativeUI/NKClientIntegrationUIResponse.swift

@@ -0,0 +1,39 @@
+// SPDX-FileCopyrightText: Nextcloud GmbH
+// SPDX-FileCopyrightText: 2025 Milen Pivchev
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+public struct NKClientIntegrationUIResponse: Codable {
+    public let ocs: OCSContainer
+}
+
+public struct OCSContainer: Codable {
+    public let meta: Meta
+    public let data: ResponseData
+}
+
+public struct Meta: Codable {
+    public let status: String
+    public let statuscode: Int
+    public let message: String
+}
+
+public struct ResponseData: Codable {
+    public let version: Double
+    public let tooltip: String?
+    public let root: RootContainer?
+}
+
+public struct RootContainer: Codable {
+    public let orientation: String
+    public let rows: [Row]
+}
+
+public struct Row: Codable {
+    public let children: [Child]
+}
+
+public struct Child: Codable {
+    public let element: String
+    public let text: String
+    public let url: String
+}

Sources/NextcloudKit/Models/NKProperties.swift

@@ -65,7 +65,7 @@ public enum NKProperties: String, CaseIterable {
     /// open-cloud-mesh.org
     case sharepermissionscloudmesh = "<share-permissions xmlns=\"http://open-cloud-mesh.org/ns\"/>"
 
-    static func properties(createProperties: [NKProperties]?, removeProperties: [NKProperties] = []) -> String {
+    static public func properties(createProperties: [NKProperties]?, removeProperties: [NKProperties] = []) -> String {
         var properties = allCases.map { $0.rawValue }.joined()
         if let createProperties {
             properties = ""

Sources/NextcloudKit/NKMonitor.swift

@@ -5,25 +5,78 @@
 import Foundation
 import Alamofire
 
-final class NKMonitor: EventMonitor, Sendable {
-    let nkCommonInstance: NKCommon
-    let queue = DispatchQueue(label: "com.nextcloud.NKMonitor")
+//  Description:
+//
+//  NKMonitor is an Alamofire EventMonitor implementation used to observe
+//  the lifecycle of network requests and responses within the Nextcloud iOS client.
+//
+//  Its primary responsibilities are:
+//
+//  - Logging outgoing requests and incoming responses at different verbosity levels.
+//  - Tracking server-side error codes per account for diagnostic and recovery purposes.
+//  - Detecting potential account mismatches between the logical account assigned
+//    to a request and the user encoded in the WebDAV request path.
+//
+//  Account Safety and Diagnostics:
+//
+//  In a multi-account environment, it is critical to ensure that each request
+//  is executed using the correct account credentials.
+//
+//  To support this, NKMonitor:
+//
+//  - Extracts the logical account identifier from a custom internal HTTP header
+//    attached to each request.
+//  - On authentication failures (HTTP 401), compares the account identifier
+//    against the username declared in the WebDAV path (e.g. /remote.php/dav/files/<user>).
+//  - Logs an explicit error when a mismatch is detected, providing deterministic
+//    evidence of a request executed with inconsistent account context.
+//
+//  This mechanism allows distinguishing between:
+//  - Legitimate authentication failures for the correct account.
+//  - Requests accidentally executed using credentials belonging to a different account.
+//
+//  Threading Model:
+//
+//  - All logging operations are performed on a dedicated background DispatchQueue.
+//  - The monitor does not assume any actor isolation and is intentionally not Sendable.
+//  - Consumers of delegate callbacks are responsible for ensuring thread safety.
+//
+//  Security Notes:
+//
+//  - Authorization headers are never inspected or decoded.
+//  - Only application-internal account identifiers are logged.
+//  - No credentials or sensitive authentication material are exposed.
+//
+//  NKMonitor is intended as an observational and diagnostic component and does not
+//  modify request execution or response handling.
+//
+
+final class NKMonitor: EventMonitor {
+    internal let nkCommonInstance: NKCommon
+    internal let queue = DispatchQueue(label: "com.nextcloud.NKMonitor", qos: .utility)
 
     init(nkCommonInstance: NKCommon) {
         self.nkCommonInstance = nkCommonInstance
     }
 
     func requestDidResume(_ request: Request) {
-        DispatchQueue.global(qos: .utility).async {
+        guard let urlRequest = request.request else {
+            // URLRequest not created yet → skip logging
+            return
+        }
+        let account = urlRequest.allHTTPHeaderFields?[self.nkCommonInstance.headerAccount] ?? "unknown"
+
+        queue.async {
             switch NKLogFileManager.shared.logLevel {
             case .normal:
                 // General-purpose log: full Request description
-                nkLog(info: "Request started: \(request)")
+                nkLog(info: "User: \(account) - Request started: \(request)")
             case .verbose:
                 // Full dump: headers + body
-                let headers = request.request?.allHTTPHeaderFields?.description ?? "None"
-                let body = request.request?.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? "None"
-                
+                let headers = urlRequest.allHTTPHeaderFields?.description ?? "None"
+                let body = urlRequest.httpBody.flatMap { String(data: $0, encoding: .utf8) } ?? "None"
+
+                nkLog(debug: "User: \(account)")
                 nkLog(debug: "Request started: \(request)")
                 nkLog(debug: "Headers: \(headers)")
                 nkLog(debug: "Body: \(body)")
@@ -35,6 +88,7 @@ final class NKMonitor: EventMonitor, Sendable {
 
     func request<Value>(_ request: DataRequest, didParseResponse response: AFDataResponse<Value>) {
         nkCommonInstance.delegate?.request(request, didParseResponse: response)
+        let account = request.request?.allHTTPHeaderFields?[self.nkCommonInstance.headerAccount] ?? "unknown"
 
         // Check for header and account error code tracking
         if let statusCode = response.response?.statusCode,
@@ -46,31 +100,44 @@ final class NKMonitor: EventMonitor, Sendable {
             }
         }
 
-        DispatchQueue.global(qos: .utility).async {
+        // Check 401
+        if response.response?.statusCode == 401 {
+            let pathUser = request.request?.url?
+                .path
+                .components(separatedBy: "/files/")
+                .dropFirst()
+                .first
+
+            if let pathUser, pathUser != account {
+                nkLog(error: "ACCOUNT MISMATCH host=\(request.request?.url?.host ?? "-") pathUser=\(pathUser) headerUser=\(account)")
+            }
+        }
+
+        queue.async {
             switch NKLogFileManager.shared.logLevel {
             case .normal:
                 let resultString = String(describing: response.result)
-
                 if let request = response.request {
-                    nkLog(info: "Network response request: \(request), result: \(resultString)")
+                    nkLog(info: "User: \(account) - Network response request: \(request), result: \(resultString)")
                 } else {
-                    nkLog(info: "Network response result: \(resultString)")
+                    nkLog(info: "User: \(account) - Network response result: \(resultString)")
                 }
 
             case .compact:
                 if let method = request.request?.httpMethod,
                    let url = request.request?.url?.absoluteString,
                    let code = response.response?.statusCode {
 
-                    let responseStatus = (200..<300).contains(code) ? "RESPONSE: SUCCESS" : "RESPONSE: ERROR"
-                    nkLog(network: "\(code) \(method) \(url) \(responseStatus)")
+                    let responseStatus = (200..<300).contains(code) ? "Response: SUCCESS" : "Response: ERROR"
+                    nkLog(network: "User: \(account) Code: \(code) Method: \(method) Url: \(url) - \(responseStatus)")
                 }
 
             case .verbose:
                 let debugDesc = String(describing: response)
                 let headerFields = String(describing: response.response?.allHeaderFields ?? [:])
                 let date = Date().formatted(using: "yyyy-MM-dd' 'HH:mm:ss")
 
+                nkLog(debug: "User: \(account)")
                 nkLog(debug: "Network response result: \(date) " + debugDesc)
                 nkLog(debug: "Network response all headers: \(date) " + headerFields)
 

Sources/NextcloudKit/NextcloudKit+Capabilities.swift

@@ -132,6 +132,7 @@ public extension NextcloudKit {
                         let assistant: Assistant?
                         let recommendations: Recommendations?
                         let termsOfService: TermsOfService?
+                        let clientIntegration: NKClientIntegration?
 
                         enum CodingKeys: String, CodingKey {
                             case downloadLimit = "downloadlimit"
@@ -145,6 +146,7 @@ public extension NextcloudKit {
                             case assistant
                             case recommendations
                             case termsOfService = "terms_of_service"
+                            case clientIntegration = "client_integration"
                         }
 
                         struct DownloadLimit: Codable {
@@ -348,6 +350,32 @@ public extension NextcloudKit {
                         struct Recommendations: Codable {
                             let enabled: Bool?
                         }
+
+//                        struct DeclarativeUI: Codable {
+//                            let contextMenu: [[ContextMenuItem]]
+//
+//                            enum CodingKeys: String, CodingKey {
+//                                case contextMenu = "context-menu"
+//                            }
+//                        }
+
+//
+//                        struct DeclarativeUI: Codable {
+//                            let contextMenus: [ContextMenu]
+//
+//                            enum CodingKeys: String, CodingKey {
+//                                case contextMenus = "context-menu"
+//                            }
+//
+//                            struct ContextMenu: Codable {
+//                                let items
+//                            }
+//
+//                            struct ContextMenuItem: Codable {
+//                                let title: String
+//                                let endpoint: String
+//                            }
+//                        }
                     }
                 }
             }
@@ -365,6 +393,8 @@ public extension NextcloudKit {
             let data = decoded.ocs.data
             let json = data.capabilities
 
+            print(json)
+
             // Initialize capabilities
             let capabilities = NKCapabilities.Capabilities()
 
@@ -434,6 +464,8 @@ public extension NextcloudKit {
             capabilities.recommendations = json.recommendations?.enabled ?? false
             capabilities.termsOfService = json.termsOfService?.enabled ?? false
 
+            capabilities.clientIntegration = json.clientIntegration
+
             // Persist capabilities in shared store
             await NKCapabilities.shared.setCapabilities(for: account, capabilities: capabilities)
             return capabilities
@@ -528,7 +560,9 @@ final public class NKCapabilities: Sendable {
         public var forbiddenFileNameExtensions: [String]            = []
         public var recommendations: Bool                            = false
         public var termsOfService: Bool                             = false
-
+//        public var declarativeUIEnabled: Bool                       = false
+//        public var declarativeUIContextMenu: [ContextMenuItem]                       = []
+        public var clientIntegration: NKClientIntegration?                    = nil
         public var directEditingEditors: [NKEditorDetailsEditor]    = []
         public var directEditingCreators: [NKEditorDetailsCreator]  = []
         public var directEditingTemplates: [NKEditorTemplate]       = []