Merge pull request #2335 from nextcloud/backport/2332/stable33

[stable33] add trusted servers as external

Author: ArtificialOwl

lib/Command/CirclesRemote.php

@@ -18,10 +18,10 @@
 use OCA\Circles\Exceptions\RemoteNotFoundException;
 use OCA\Circles\Exceptions\RemoteUidException;
 use OCA\Circles\Model\Federated\RemoteInstance;
-use OCA\Circles\Service\ConfigService;
 use OCA\Circles\Service\GlobalScaleService;
 use OCA\Circles\Service\InterfaceService;
 use OCA\Circles\Service\RemoteStreamService;
+use OCA\Circles\Service\RemoteSyncService;
 use OCA\Circles\Tools\Exceptions\RequestNetworkException;
 use OCA\Circles\Tools\Exceptions\SignatoryException;
 use OCA\Circles\Tools\Exceptions\SignatureException;
@@ -47,54 +47,17 @@ class CirclesRemote extends Base {
 	use TNCWellKnown;
 	use TStringTools;
 
+	private InputInterface $input;
+	private OutputInterface $output;
 
-	/** @var RemoteRequest */
-	private $remoteRequest;
-
-	/** @var GlobalScaleService */
-	private $globalScaleService;
-
-	/** @var RemoteStreamService */
-	private $remoteStreamService;
-
-	/** @var InterfaceService */
-	private $interfaceService;
-
-	/** @var ConfigService */
-	private $configService;
-
-
-	/** @var InputInterface */
-	private $input;
-
-	/** @var OutputInterface */
-	private $output;
-
-
-	/**
-	 * CirclesRemote constructor.
-	 *
-	 * @param RemoteRequest $remoteRequest
-	 * @param GlobalScaleService $globalScaleService
-	 * @param RemoteStreamService $remoteStreamService
-	 * @param InterfaceService $interfaceService
-	 * @param ConfigService $configService
-	 */
 	public function __construct(
-		RemoteRequest $remoteRequest,
-		GlobalScaleService $globalScaleService,
-		RemoteStreamService $remoteStreamService,
-		InterfaceService $interfaceService,
-		ConfigService $configService,
+		private readonly RemoteRequest $remoteRequest,
+		private GlobalScaleService $globalScaleService,
+		private RemoteStreamService $remoteStreamService,
+		private InterfaceService $interfaceService,
+		private RemoteSyncService $remoteSyncService,
 	) {
 		parent::__construct();
-
-		$this->remoteRequest = $remoteRequest;
-		$this->globalScaleService = $globalScaleService;
-		$this->remoteStreamService = $remoteStreamService;
-		$this->interfaceService = $interfaceService;
-		$this->configService = $configService;
-
 		$this->setup('app', 'circles');
 	}
 
@@ -401,16 +364,12 @@ private function outgoingTest(string $remote, array $payload): NCSignedRequest {
 		return $signedRequest;
 	}
 
-
-	/**
-	 *
-	 */
 	private function checkKnownInstance(): void {
 		$this->verifyGSInstances();
+		$this->remoteSyncService->syncTrustedServers();
 		$this->checkRemoteInstances();
 	}
 
-
 	/**
 	 *
 	 */
@@ -424,35 +383,11 @@ function (RemoteInstance $instance): string {
 
 		$missing = array_diff($instances, $known);
 		foreach ($missing as $instance) {
-			$this->syncGSInstance($instance);
+			$this->remoteSyncService->syncRemoteInstance($instance, RemoteInstance::TYPE_GLOBALSCALE, InterfaceService::IFACE_INTERNAL);
 		}
 	}
 
 
-	/**
-	 * @param string $instance
-	 */
-	private function syncGSInstance(string $instance): void {
-		$this->output->write('Adding <comment>' . $instance . '</comment>: ');
-		if ($this->configService->isLocalInstance($instance)) {
-			$this->output->writeln('<comment>instance is local</comment>');
-			return;
-		}
-
-		try {
-			$this->remoteStreamService->addRemoteInstance(
-				$instance,
-				RemoteInstance::TYPE_GLOBALSCALE,
-				InterfaceService::IFACE_INTERNAL,
-				true
-			);
-			$this->output->writeln('<info>ok</info>');
-		} catch (Exception $e) {
-			$msg = ($e->getMessage() === '') ? '' : ' (' . $e->getMessage() . ')';
-			$this->output->writeln('<error>' . get_class($e) . $msg . '</error>');
-		}
-	}
-
 
 	private function checkRemoteInstances(): void {
 		$instances = $this->remoteRequest->getAllInstances();

lib/Service/ConfigService.php

@@ -13,6 +13,7 @@
 
 use OC;
 use OCA\Circles\AppInfo\Application;
+use OCA\Circles\ConfigLexicon;
 use OCA\Circles\Exceptions\GSStatusException;
 use OCA\Circles\IFederatedUser;
 use OCA\Circles\Model\Circle;
@@ -771,4 +772,9 @@ public function confirmAllowedCircleTypes(Circle $circle): void {
 		$config &= ~$this->getAppValueInt(ConfigService::CIRCLE_TYPES_BLOCK);
 		$circle->setConfig($config);
 	}
+
+	public function isFederatedTeamsEnabled(): bool {
+		return $this->appConfig->getAppValueBool(ConfigLexicon::FEDERATED_TEAMS_ENABLED) &&
+			$this->appConfig->hasAppKey(ConfigLexicon::FEDERATED_TEAMS_FRONTAL, true);
+	}
 }

lib/Service/MaintenanceService.php

@@ -68,6 +68,7 @@ public function __construct(
 		private EventWrapperService $eventWrapperService,
 		private CircleService $circleService,
 		private ConfigService $configService,
+		private RemoteSyncService $remoteSyncService,
 		private LoggerInterface $logger,
 	) {
 	}
@@ -160,6 +161,12 @@ private function runMaintenance2(bool $forceRefresh = false): void {
 			$this->eventWrapperService->retry(EventWrapperService::RETRY_ASAP);
 		} catch (Exception $e) {
 		}
+
+		try {
+			$this->output('Sync unknown trusted server');
+			$this->remoteSyncService->syncTrustedServers();
+		} catch (Exception $e) {
+		}
 	}
 
 

lib/Service/RemoteSyncService.php

@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\Circles\Service;
+
+use Exception;
+use OCA\Circles\Db\RemoteRequest;
+use OCA\Circles\Model\Federated\RemoteInstance;
+use Psr\Log\LoggerInterface;
+
+class RemoteSyncService {
+
+	public function __construct(
+		private ConfigService $configService,
+		private RemoteRequest $remoteRequest,
+		private TrustedServerService $trustedServerService,
+		private RemoteStreamService $remoteStreamService,
+		private LoggerInterface $logger,
+	) {
+	}
+
+	public function syncTrustedServers(): void {
+		if (!$this->configService->isFederatedTeamsEnabled()) {
+			return;
+		}
+
+		$known = array_map(
+			static function (RemoteInstance $instance): string {
+				return $instance->getInstance();
+			}, $this->remoteRequest->getFromType(RemoteInstance::TYPE_EXTERNAL)
+		);
+
+		foreach ($this->trustedServerService->getTrustedServers() as $trusted) {
+			if (in_array($trusted['address'], $known, true)) {
+				continue;
+			}
+
+			$this->syncRemoteInstance(
+				$trusted['address'],
+				RemoteInstance::TYPE_EXTERNAL,
+				InterfaceService::IFACE_FRONTAL
+			);
+		}
+	}
+
+	public function syncRemoteInstance(string $instance, string $type, int $iface): bool {
+		if ($this->configService->isLocalInstance($instance)) {
+			return false;
+		}
+
+		try {
+			$this->remoteStreamService->addRemoteInstance(
+				$instance,
+				$type,
+				$iface,
+				true
+			);
+		} catch (Exception $e) {
+			$this->logger->warning('Could not sync remote instance ' . $instance, ['instance' => $instance, 'type' => $type, 'iface' => $iface, 'exception' => $e]);
+			return false;
+		}
+
+		return true;
+	}
+
+}

lib/Service/TrustedServerService.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\Circles\Service;
+
+use OCA\Federation\TrustedServers;
+use Psr\Log\LoggerInterface;
+
+/**
+ * @psalm-suppress UndefinedClass
+ */
+class TrustedServerService {
+	public function __construct(
+		private readonly TrustedServers $trustedServers,
+		private readonly LoggerInterface $logger,
+	) {
+	}
+
+	/**
+	 * @return list<array{id: int, url: string, url_hash: string, shared_secret: ?string, status: int, sync_token: ?string, address: string}>
+	 */
+	public function getTrustedServers(): array {
+		$trustedServers = [];
+		try {
+			foreach ($this->trustedServers->getServers() as $server) {
+				if (($server['status'] ?? 0) === TrustedServers::STATUS_OK &&
+					str_starts_with($server['url'], 'https://')) {
+					$server['address'] = substr($server['url'], 8);
+					$trustedServers[] = $server;
+				}
+			}
+		} catch (\Exception $e) {
+			$this->logger->warning('Could not get trusted servers', ['exception' => $e]);
+		}
+
+		return $trustedServers;
+	}
+}