Heads up: Recognize WebDAV API is changing

[marcelklehr]

Hello 👋

The photos app uses the recognize WebDAV API for displaying the recognized face clusters in the UI. Due to the EU AI Act, we have to limit access to this API and have opted for the following change, starting with Nextcloud 33:

• Every Nextcloud App that wants to use the Recognize WebDAV API needs to generate an API key in the PHP backend by using the following method: OCA\Recognize\Public\ApiKeyManager#generateApiKey():string throws \JsonException
• When sending WebDAV requests to the Recognize WebDAV API, this key must be set as X-Recognize-Api-Key header. Each generated key is valid for one day. I recommend using initial state to send the API key to the client.

Thank you for your cooperation.

[artonge]

How is this limiting the access to the API?

[artonge]

After internal discussion, I am still unconvinced.

If you still want to implement such thing, I think it would be better to keep the logic in the recognize application. Let me know if it is not the case, but you should be able to load a script with Photos, which can proxy WebDAV requests. Kind of in the same way as the e2ee app:

• https://github.com/nextcloud/end_to_end_encryption/blob/master/lib/Listener/LoadAdditionalListener.php
• https://github.com/nextcloud/end_to_end_encryption/blob/master/src/services/webDavProxy.ts#L20

[marcelklehr]

Thank you for thinking along and your suggestion on an alternative mechansim. In my opinion, your solution sounds worse than what I suggested above, as it would pollute the global namespace with a monkey patched fetch implementation and has the potential to break all nextcloud apps. I think we should keep the usage of such solutions to cases where there is absolutely no other way to implement the feature. The API I have outlined above has been approved by Andy, is already implemented in recognize and the memories app is already in the process of implementing it. As such, I would rather like to avoid changing the mechanism again.