feat(collaboration): add UserExtraInfo with avatar and mail to CheckFileInfo

Populate the UserExtraInfo WOPI property in CheckFileInfo so Collabora
Online can display user avatars in the collaborator list during
co-editing sessions.

Note: The avatar URL points to the Graph API photo endpoint, which is
now accessible without authentication for GET requests (proxy route
marked unprotected, graph auth middleware bypassed for photo
GETs) otherwise I was getting auth popups. This follows the same
common user pattern that users expect to.

```json
{
  "avatar": "http://url/to/user/avatar",
  "mail": "user@server.com"
}
```
https://sdk.collaboraonline.com/docs/advanced_integration.html#userextrainfo

so, after this we get in checkfileinfo the email as part of
UserExtraInfo:

```json
{
  "BaseFileName": "Pedro-filled-hazcom.docx",
  "UserFriendlyName": "Admin",
  "UserId": "346364...39323030",
  "UserCanWrite": true,
  "UserCanRename": true,
  "IsAdminUser": true,
  "EnableInsertRemoteImage": true,
  "EnableInsertRemoteFile": true,
  "EnableOwnerTermination": true,
  "UserExtraInfo": {
    "avatar": "https://localhost:9200/graph/v1.0/users/4cd4ae16-11f0-408f-881e-a987da96d136/photo/$value",
    "mail": "admin@example.org"
  },
  "PostMessageOrigin": "https://localhost:9200",
  "message": "CheckFileInfo: success"
}

I have ran:

```
go test ./services/collaboration/... ./services/graph/... ./services/proxy/...
```

all tests have passed.

Signed-off-by: Pedro Pinto Silva <pedro.silva@collabora.com>

Author: pedropintosilva

services/collaboration/pkg/connector/fileconnector.go

@@ -1302,6 +1302,17 @@ func (f *FileConnector) CheckFileInfo(ctx context.Context) (*ConnectorResponse,
 		}
 	}
 
+	if !isPublicShare && !isAnonymousUser {
+		infoMap[fileinfo.KeyUserExtraInfo] = &fileinfo.UserExtraInfo{
+			Avatar: (&url.URL{
+				Scheme: ocURL.Scheme,
+				Host:   ocURL.Host,
+				Path:   path.Join(ocURL.Path, "graph/v1.0/users", user.GetId().GetOpaqueId(), "photo/$value"),
+			}).String(),
+			Mail: user.GetMail(),
+		}
+	}
+
 	// if the file content is empty and a template reference is set, add the template source URL
 	if wopiContext.TemplateReference != nil && statRes.GetInfo().GetSize() == 0 {
 		if tu, err := f.createDownloadURL(wopiContext, collaborationURL); err == nil {

services/collaboration/pkg/connector/fileconnector_test.go

@@ -1994,6 +1994,10 @@ var _ = Describe("FileConnector", func() {
 				PostMessageOrigin:       "https://cloud.opencloud.test",
 				EnableInsertRemoteImage: true,
 				IsAdminUser:             true,
+				UserExtraInfo: &fileinfo.UserExtraInfo{
+					Avatar: "https://cloud.opencloud.test/graph/v1.0/users/aabbcc/photo/$value",
+					Mail:   "shaft@example.com",
+				},
 			}
 
 			response, err := fc.CheckFileInfo(ctx)

services/collaboration/pkg/connector/fileinfo/collabora.go

@@ -1,5 +1,13 @@
 package fileinfo
 
+// UserExtraInfo contains additional user info shared across collaborative
+// editing views, such as the user's avatar image and email.
+// https://sdk.collaboraonline.com/docs/advanced_integration.html#userextrainfo
+type UserExtraInfo struct {
+	Avatar string `json:"avatar,omitempty"`
+	Mail   string `json:"mail,omitempty"`
+}
+
 // Collabora fileInfo properties
 //
 // Collabora WOPI check file info specification:
@@ -62,7 +70,8 @@ type Collabora struct {
 	IsAnonymousUser bool `json:"IsAnonymousUser,omitempty"`
 
 	// JSON object that contains additional info about the user, namely the avatar image.
-	//UserExtraInfo -> requires definition, currently not used
+	// Shared among all views in collaborative editing sessions.
+	UserExtraInfo *UserExtraInfo `json:"UserExtraInfo,omitempty"`
 	// JSON object that contains additional info about the user, but unlike the UserExtraInfo it is not shared among the views in collaborative editing sessions.
 	//UserPrivateInfo -> requires definition, currently not used
 
@@ -131,7 +140,8 @@ func (cinfo *Collabora) SetProperties(props map[string]interface{}) {
 			cinfo.SaveAsPostmessage = value.(bool)
 		case KeyEnableOwnerTermination:
 			cinfo.EnableOwnerTermination = value.(bool)
-		//UserExtraInfo -> requires definition, currently not used
+		case KeyUserExtraInfo:
+			cinfo.UserExtraInfo = value.(*UserExtraInfo)
 		//UserPrivateInfo -> requires definition, currently not used
 		case KeyWatermarkText:
 			cinfo.WatermarkText = value.(string)

services/collaboration/pkg/connector/fileinfo/fileinfo.go

@@ -113,7 +113,7 @@ const (
 	KeyDownloadAsPostMessage   = "DownloadAsPostMessage"
 	KeySaveAsPostmessage       = "SaveAsPostmessage"
 	KeyEnableOwnerTermination  = "EnableOwnerTermination"
-	//KeyUserExtraInfo -> requires definition, currently not used
+	KeyUserExtraInfo = "UserExtraInfo"
 	//KeyUserPrivateInfo -> requires definition, currently not used
 	KeyWatermarkText = "WatermarkText"
 

services/graph/pkg/middleware/auth.go

@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"net/http"
+	"strings"
 
 	gmmetadata "go-micro.dev/v4/metadata"
 	"google.golang.org/grpc/metadata"
@@ -41,6 +42,12 @@ func Auth(opts ...account.Option) func(http.Handler) http.Handler {
 	}
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Allow unauthenticated GET access to user profile photos (avatars).
+			if r.Method == http.MethodGet && strings.Contains(r.URL.Path, "/users/") && strings.HasSuffix(r.URL.Path, "/photo/$value") {
+				next.ServeHTTP(w, r)
+				return
+			}
+
 			ctx := r.Context()
 			t := r.Header.Get(revactx.TokenHeader)
 			if t == "" {

services/proxy/pkg/config/defaults/defaultconfig.go

@@ -273,6 +273,13 @@ func DefaultPolicies() []config.Policy {
 					Endpoint: "/graph/v1.0/invitations",
 					Service:  "eu.opencloud.web.invitations",
 				},
+				{
+					Type:        config.RegexRoute,
+					Method:      "GET",
+					Endpoint:    `/graph/v1\.0/users/[^/]+/photo/\$value`,
+					Service:     "eu.opencloud.web.graph",
+					Unprotected: true,
+				},
 				{
 					Endpoint: "/graph/",
 					Service:  "eu.opencloud.web.graph",