News from ownCloud | Release

ownCloud 9.0 for developers

The public developer API of ownCloud aims to be stable over different releases, which allows developers to have their applications work across ownCloud releases. To enable developers writing more diverse applications and to make their life easier, for this release ownCloud has gained 408 public API methods. 20 functions were deprecated, which means they will […]

ownCloud 9.0 round
The public developer API of ownCloud aims to be stable over different releases, which allows developers to have their applications work across ownCloud releases. To enable developers writing more diverse applications and to make their life easier, for this release ownCloud has gained 408 public API methods. 20 functions were deprecated, which means they will be removed in future versions of ownCloud (in 3 years, as a rule). Read on to find out what’s new and how to use it!

Much of the work around the 9.0 release was aimed at making ownCloud even more scalable for the needs of big organizations that are using ownCloud, such as CERN. This is also reflected in the public API changes which were mostly aimed at providing functionality to enable this.

However, for regular application developers we’ve also made adjustments and added new functionality. In the following we cover some of the changes introduced by the 9.0 release.

Polyfills for Older PHP Versions

While not necessarily a change to the public API, we believe that it is time to allow developers to use some of the functionality of newer PHP versions, as well as in older releases.

This has been done by adding the Symfony Polyfills for PHP 5.5, PHP 5.6 and PHP 7.0. The polyfills basically check whether a function exists in this PHP version, and if not, a generic fallback is used.

Effectively this makes the following PHP functions accessible to developers of ownCloud:

Being able to use newer PHP functions like this has removed the need for us to provide generic fallbacks and, thus, makes our code easier to maintain. For example \OCP\Security\StringUtils::equals can now simply be replaced by hash_equals.

New APIs

When it comes to new APIs, most are focused on providing the new features in ownCloud 9.0 to application developers, such as tagging or commenting. This way people with the need for customized solutions can adjust these, just like with the file cache. Scalability, by integrating deeper into underlying storage systems, is one reason why you’d want to do that, and some other important public API changes are also included below for this specific purpose.

Commenting

ownCloud 9.0 introduces the ability to comment on files. Huge installations may want to store this information in another way, which is possible using these public APIs:

  • \OCP\Comments\ICommentsManager
  • Abstracts the access and creation of comments.
  • \OCP\Comments\IComment
  • Allows custom implementations of storages for comments
The principle of caching - animated

The principle of caching – animated

File Cache

The file cache is a huge part of ownCloud, and by using the new public APIs, it is possible to integrate it in a file system like, for example, CERN is doing:

  • \OCP\Files\Cache\ICache / \OCP\Files\Cache\ICacheEntry
  • Allows custom integrations of metadata for storages.
  • \OCP\Files\Cache\IPropagator
  • Allows a custom implementation for the ETag and MTime propagation.
  • \OCP\Files\Cache\IScanner
  • Allows custom file scanners for a storage
  • \OCP\Files\Cache\IUpdater
  • Allows custom implementations for cache updates
  • \OCP\Files\Cache\IWatcher
  • Allows custom implementations for watching a storage for changes

Shares

We have completely rewritten the sharing code to make it easier to maintain, more reliable and to avoid surprises for users – the user-visible changes are minimal, but important. Developers, you will benefit from the fact that the sharing information can now be completely stored on any storage system.

  • \OCP\Share\IManager / \OCP\Share\IProviderFactory / \OCP\Share\IShare
  • Allows custom implementations for storing share information

Locking

Locking information can now also be stored in anywhere.

  • \OCP\Files\Storage\ILockingStorage
  • Allows custom implementations for storing locks

Tagging

Tagging information can also be stored however you like:

  • \OCP\SystemTag\ISystemTag / \OCP\SystemTag\ISystemTagManager / \OCP\SystemTag\ISystemTagManagerFactory
  • Allows custom implementations for storing tags

Notifications

ownCloud 9.0 allows application developers to integrate our notification API. This API also allows you to define custom actions like accepting or denying an event.

  • \OCP\Notification\IAction / \OCP\Notification\IManager / \OCP\Notification\INotification / \OCP\Notification\INotifier
  • Allows integration with the notification app

More Security Through an Even Stricter CSP

Security is a key requirement for ownCloud. To prevent Cross-Site Scripting vulnerabilities, we’re employing a strict Content-Security-Policy. This means that we’re basically instructing the browser to only communicate with trusted endpoints and not to execute inline Javascript.

While this is a great thing, and applications could already modify their policies, this is only applied to their own views. So if, for example, a Chat application was hooking into any other view, it could not modify the policy.

In ownCloud 9.0 we have hardened the CSP again and have given people the possibility to inject a default policy using \OCP\Security\IContentSecurityPolicyManager::addDefaultPolicy.

Some More Niceness

In addition, some missing methods have been added to the API. It is now, for example, possible to escape like parameters or use ILIKE in the query builder.

  • \OCP\IDBConnection::escapeLikeParameter
  • Escapes a parameter in a way to be used safely in a LIKE query. Prevents “LIKE” injections.
  • \OCP\DB\QueryBuilder\IExpressionBuilder::iLike
  • Adds the case insensitive LIKE parameter to the public API of the query builder.
  • \OCP\Files\FileInfo::getChecksum
  • Allows getting the checksum for a file

Deprecated APIs

Note that ownCloud has a policy of supporting deprecated APIs for three years after we notify users of deprecation. This gives developers enough time to properly port their applications in order to use the new API, and should keep applications working for a long time.

Deprecations can, in this release, be mostly found within functions that we consider to have a negative impact on performance, as well as in areas which didn’t turn out to be useful for external developers or overly simplified APIs.

For example, \OCP\BackgroundJob\IJobList::getAll has been deprecated as well as some methods in \OCP\Files\Cache\ICache, which turned out not to scale properly due to missing pagination.

Furthermore, \OCP\Route\IRouter has been deprecated since this API turned out not to be used by external developers, and was very implementation specific. This limited us in core to enhance the performance of ownCloud even further since we’re bound to this implementation.

\OCP\Security\ISecureRandom is also now easier to use than before. Instead of specifying the strength manually, one can now call \OCP\Security\ISecureRandom::generate directly and strong secure random strings are generated.

Combined, these changes show a further maturing of the ownCloud public API, strengthening our ecosystem. We hope you will enjoy writing apps with the new API and your feedback is more than welcome, either here, in github or on our developer mailing list!

Thanks to Lukas Reschke for providing content for this blog.

ownCloud

March 10, 2016

Read now:

ownCloud Appoints David Walter as CXO

ownCloud Appoints David Walter as CXO

ownCloud, provider of the open source content collaboration platform of the same name, is strengthening its strategic focus on customers and sending a clear signal: With the newly created position of Chief Experience Officer (CXO), the company aims to continuously improve the customer experience and promote consistent communication with all stakeholders.

read more