ownCloud
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. ownCloud
  2. /
  3. Services
  4. /
  5. Userlog
Edit page

Userlog

Abstract

The userlog service is a mediator between the eventhistory service and clients who want to be informed about user related events. It provides an API to retrieve those.

Table of Contents

The Log Service Ecosystem

Log services like the userlog, clientlog and sse are responsible for composing notifications for a certain audience.

  • The userlog service translates and adjusts messages to be human readable.
  • The clientlog service composes machine readable messages, so clients can act without the need to query the server.
  • The sse service is only responsible for sending these messages. It does not care about their form or language.

Prerequisites

Running the userlog service without running the eventhistory service is not possible.

Storing

The userlog service persists information via the configured store in USERLOG_STORE. Possible stores are:

  • memory: Basic in-memory store and the default.
  • redis-sentinel: Stores data in a configured Redis Sentinel cluster.
  • nats-js-kv: Stores data using key-value-store feature of nats jetstream
  • noop: Stores nothing. Useful for testing. Not recommended in production environments.
  • ocmem: Advanced in-memory store allowing max size. (deprecated)
  • redis: Stores data in a configured Redis cluster. (deprecated)
  • etcd: Stores data in a configured etcd cluster. (deprecated)
  • nats-js: Stores data using object-store feature of nats jetstream (deprecated)

Other store types may work but are not supported currently.

Note: The service can only be scaled if not using memory store and the stores are configured identically over all instances!

Note that if you have used one of the deprecated stores, you should reconfigure to one of the supported ones as the deprecated stores will be removed in a later version.

Store specific notes:

  • When using redis-sentinel, the Redis master to use is configured via e.g. OCIS_CACHE_STORE_NODES in the form of <sentinel-host>:<sentinel-port>/<redis-master> like 10.10.0.200:26379/mymaster.
  • When using nats-js-kv it is recommended to set OCIS_CACHE_STORE_NODES to the same value as OCIS_EVENTS_ENDPOINT. That way the cache uses the same nats instance as the event bus.
  • When using the nats-js-kv store, it is possible to set OCIS_CACHE_DISABLE_PERSISTENCE to instruct nats to not persist cache data on disc.

Configuring

For the time being, the configuration which user related events are of interest is hardcoded and cannot be changed.

Retrieving

The userlog service provides an API to retrieve configured events. For now, this API is mostly following the oc10 notification GET API.

Posting

The userlog service is able to store global messages that will be displayed in the Web UI to all users. If a user deletes the message in the Web UI, it reappears on reload. Global messages use the endpoint /ocs/v2.php/apps/notifications/api/v1/notifications/global and are activated by sending a POST request. Note that sending another POST request of the same type overwrites the previous one. For the time being, only the type deprovision is supported.

Authentication

POST and DELETE endpoints provide notifications to all users. Therefore only certain users can configure them. Two authentication methods for this endpoint are provided. Users with the admin role can always access these endpoints. Additionally, a static secret via the USERLOG_GLOBAL_NOTIFICATIONS_SECRET can be defined to enable access for users knowing this secret, which has to be sent with the header containing the request.

Deprovisioning

Deprovision messages announce a deprovision text including a deprovision date of the instance to all users. With this message, users get informed that the instance will be shut down and deprovisioned and no further access to their data is possible past the given date. This implies that users must download their data before the given date. The text shown to users refers to this information. Note that the task to deprovision the instance does not depend on the message. The text of the message can be translated according to the translation settings, see section Translations. The endpoint only expects a deprovision_date parameter in the POST request body as the final text is assembled automatically. The string hast to be in RFC3339 format, however, this format can be changed by using deprovision_date_format. See the go time formating for more details.

Deleting

To delete events for an user, use a DELETE request to ocs/v2.php/apps/notifications/api/v1/notifications containing the IDs to delete.

Sending a DELETE request to the ocs/v2.php/apps/notifications/api/v1/notifications/global endpoint to remove a global message is a restricted action, see the Authentication section for more details.)

Translations

The userlog service has embedded translations sourced via transifex to provide a basic set of translated languages. These embedded translations are available for all deployment scenarios. In addition, the service supports custom translations, though it is currently not possible to just add custom translations to embedded ones. If custom translations are configured, the embedded ones are not used. To configure custom translations, the USERLOG_TRANSLATION_PATH environment variable needs to point to a base folder that will contain the translation files. This path must be available from all instances of the userlog service, a shared storage is recommended. Translation files must be of type .po or .mo. For each language, the filename needs to be userlog.po (or userlog.mo) and stored in a folder structure defining the language code. In general the path/name pattern for a translation file needs to be:

{USERLOG_TRANSLATION_PATH}/{language-code}/LC_MESSAGES/userlog.po

The language code pattern is composed of language[_territory] where language is the base language and _territory is optional and defines a country.

For example, for the language de, one needs to place the corresponding translation files to {USERLOG_TRANSLATION_PATH}/de_DE/LC_MESSAGES/userlog.po.

Important: For the time being, the embedded ownCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code language_territory, the web frontend does not see it as it only requests language. In consequence, any translations made must exist in the requested language to avoid a fallback to the default.

Translation Rules

  • If a requested language code is not available, the service tries to fall back to the base language if available. For example, if the requested language-code de_DE is not available, the service tries to fall back to translations in the de folder.
  • If the base language de is also not available, the service falls back to the system’s default English (en), which is the source of the texts provided by the code.

Default Language

The default language can be defined via the OCIS_DEFAULT_LANGUAGE environment variable. See the settings service for a detailed description.

Example Yaml Config 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# Autogenerated
# Filename: userlog-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9210
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:0
  root: /
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    - X-Request-Id
    - Ocs-Apirequest
    allow_credentials: true
  tls:
    enabled: false
    cert: ""
    key: ""
grpc_client_tls: null
token_manager:
  jwt_secret: ""
reva_gateway: com.owncloud.api.gateway
translation_path: ""
default_language: ""
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
  username: ""
  password: ""
persistence:
  store: memory
  nodes: []
  database: userlog
  table: events
  ttl: 336h0m0s
  size: 0
  username: ""
  password: ""
disable_sse: false
global_notifications_secret: ""
service_account:
  service_account_id: ""
  service_account_secret: ""

Environment Variables

Name Type Default Value Description
OCIS_TRACING_ENABLED
USERLOG_TRACING_ENABLED		 bool false Activates tracing.
OCIS_TRACING_TYPE
USERLOG_TRACING_TYPE		 string The type of tracing. Defaults to ‘’, which is the same as ‘jaeger’. Allowed tracing types are ‘jaeger’ and ’’ as of now.
OCIS_TRACING_ENDPOINT
USERLOG_TRACING_ENDPOINT		 string The endpoint of the tracing agent.
OCIS_TRACING_COLLECTOR
USERLOG_TRACING_COLLECTOR		 string The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
OCIS_LOG_LEVEL
USERLOG_LOG_LEVEL		 string The log level. Valid values are: ‘panic’, ‘fatal’, ’error’, ‘warn’, ‘info’, ‘debug’, ’trace’.
OCIS_LOG_PRETTY
USERLOG_LOG_PRETTY		 bool false Activates pretty log output.
OCIS_LOG_COLOR
USERLOG_LOG_COLOR		 bool false Activates colorized log output.
OCIS_LOG_FILE
USERLOG_LOG_FILE		 string The path to the log file. Activates logging to this file if set.
USERLOG_DEBUG_ADDR string 127.0.0.1:9210 Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
USERLOG_DEBUG_TOKEN string Token to secure the metrics endpoint.
USERLOG_DEBUG_PPROF bool false Enables pprof, which can be used for profiling.
USERLOG_DEBUG_ZPAGES bool false Enables zpages, which can be used for collecting and viewing in-memory traces.
USERLOG_HTTP_ADDR string 127.0.0.1:0 The bind address of the HTTP service.
USERLOG_HTTP_ROOT string / Subdirectory that serves as the root for this HTTP service.
OCIS_CORS_ALLOW_ORIGINS
USERLOG_CORS_ALLOW_ORIGINS		 []string [*] A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_METHODS
USERLOG_CORS_ALLOW_METHODS		 []string [GET] A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_HEADERS
USERLOG_CORS_ALLOW_HEADERS		 []string [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest] A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_CREDENTIALS
USERLOG_CORS_ALLOW_CREDENTIALS		 bool true Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.
OCIS_HTTP_TLS_ENABLED bool false Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.
OCIS_HTTP_TLS_CERTIFICATE string Path/File name of the TLS server certificate (in PEM format) for the http services.
OCIS_HTTP_TLS_KEY string Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.
OCIS_JWT_SECRET
USERLOG_JWT_SECRET		 string The secret to mint and validate jwt tokens.
OCIS_REVA_GATEWAY string com.owncloud.api.gateway CS3 gateway used to look up user metadata
OCIS_TRANSLATION_PATH
USERLOG_TRANSLATION_PATH		 string (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.
OCIS_DEFAULT_LANGUAGE string The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.
OCIS_EVENTS_ENDPOINT
USERLOG_EVENTS_ENDPOINT		 string 127.0.0.1:9233 The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
OCIS_EVENTS_CLUSTER
USERLOG_EVENTS_CLUSTER		 string ocis-cluster The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
OCIS_INSECURE
USERLOG_EVENTS_TLS_INSECURE		 bool false Whether to verify the server TLS certificates.
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE
USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE		 string The root CA certificate used to validate the server’s TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.
OCIS_EVENTS_ENABLE_TLS
USERLOG_EVENTS_ENABLE_TLS		 bool false Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_USERNAME
USERLOG_EVENTS_AUTH_USERNAME		 string The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_PASSWORD
USERLOG_EVENTS_AUTH_PASSWORD		 string The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_PERSISTENT_STORE
USERLOG_STORE		 string memory The type of the store. Supported values are: ‘memory’, ‘ocmem’, ’etcd’, ‘redis’, ‘redis-sentinel’, ’nats-js’, ’noop’. See the text description for details.
OCIS_PERSISTENT_STORE_NODES
USERLOG_STORE_NODES		 []string [] A list of nodes to access the configured store. This has no effect when ‘memory’ or ‘ocmem’ stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.
USERLOG_STORE_DATABASE string userlog The database name the configured store should use.
USERLOG_STORE_TABLE string events The database table the store should use.
OCIS_PERSISTENT_STORE_TTL
USERLOG_STORE_TTL		 Duration 336h0m0s Time to live for events in the store. Defaults to ‘336h’ (2 weeks). See the Environment Variable Types description for more details.
OCIS_PERSISTENT_STORE_SIZE
USERLOG_STORE_SIZE		 int 0 The maximum quantity of items in the store. Only applies when store type ‘ocmem’ is configured. Defaults to 512 which is derived from the ocmem package though not exclicitely set as default.
OCIS_PERSISTENT_STORE_AUTH_USERNAME
USERLOG_STORE_AUTH_USERNAME		 string The username to authenticate with the store. Only applies when store type ’nats-js-kv’ is configured.
OCIS_PERSISTENT_STORE_AUTH_PASSWORD
USERLOG_STORE_AUTH_PASSWORD		 string The password to authenticate with the store. Only applies when store type ’nats-js-kv’ is configured.
OCIS_DISABLE_SSE,USERLOG_DISABLE_SSE bool false Disables server-sent events (sse). When disabled, clients will no longer receive sse notifications.
USERLOG_GLOBAL_NOTIFICATIONS_SECRET string The secret to secure the global notifications endpoint. Only system admins and users knowing that secret can call the global notifications POST/DELETE endpoints.
OCIS_SERVICE_ACCOUNT_ID
USERLOG_SERVICE_ACCOUNT_ID		 string The ID of the service account the service should use. See the ‘auth-service’ service description for more details.
OCIS_SERVICE_ACCOUNT_SECRET
USERLOG_SERVICE_ACCOUNT_SECRET		 string The service account secret.