workspace share security (#192)

- Improvement: Reworked workspace shares to be more secure. Workspaces and workspace shares can only be created using the `zen workspace` command, the http endpoint is disabled unless zenserver is started with the `--workspaces-allow-changes` option enabled.
  - Each workspace are now configured via a `zenworkspaceconfig.json` file in the root of each workspace
  - A workspace can allow shares to be created via the http interface if the workspace is created with the `--allow-share-create-from-http` option enabled
  - A new http endpoint at `/ws` - issuing a `Get` operation will get you a list of workspaces
  - A new http endpoint at `/ws/refresh` - issuing a `Get` will make zenserver scan for edits in workspaces and workspace shares

1 files changed, 11 insertions, 51 deletions

diff --git a/src/zenserver/config.cpp b/src/zenserver/config.cpp
index cda5aca16..2fd9bbaf3 100644
--- a/src/zenserver/config.cpp
+++ b/src/zenserver/config.cpp
@@ -27,61 +27,12 @@ ZEN_THIRD_PARTY_INCLUDES_END
 #if ZEN_PLATFORM_WINDOWS
 #	include <conio.h>
 #else
-#	include <pwd.h>
 #	include <unistd.h>
 #endif
 
 #include <unordered_map>
 #include <unordered_set>
 
-#if ZEN_PLATFORM_WINDOWS
-
-#	include <zencore/windows.h>
-
-// Used for getting My Documents for default data directory
-#	include <ShlObj.h>
-#	pragma comment(lib, "shell32.lib")
-#	pragma comment(lib, "ole32.lib")
-
-namespace zen {
-
-std::filesystem::path
-PickDefaultSystemRootDirectory()
-{
-	// Pick sensible default
-	PWSTR	ProgramDataDir = nullptr;
-	HRESULT hRes		   = SHGetKnownFolderPath(FOLDERID_ProgramData, 0, NULL, &ProgramDataDir);
-
-	if (SUCCEEDED(hRes))
-	{
-		std::filesystem::path FinalPath(ProgramDataDir);
-		FinalPath /= L"Epic\\Zen";
-		::CoTaskMemFree(ProgramDataDir);
-
-		return FinalPath;
-	}
-
-	return L"";
-}
-
-}  // namespace zen
-
-#else
-
-namespace zen {
-
-std::filesystem::path
-PickDefaultSystemRootDirectory()
-{
-	int			  UserId = getuid();
-	const passwd* Passwd = getpwuid(UserId);
-	return std::filesystem::path(Passwd->pw_dir) / ".zen";
-}
-
-}  // namespace zen
-
-#endif
-
 namespace zen {
 
 std::filesystem::path
@@ -547,6 +498,9 @@ ParseConfigFile(const std::filesystem::path& Path,
 
 	////// workspaces
 	LuaOptions.AddOption("workspaces.enabled"sv, ServerOptions.WorksSpacesConfig.Enabled, "workspaces-enabled"sv);
+	LuaOptions.AddOption("workspaces.allowconfigchanges"sv,
+						 ServerOptions.WorksSpacesConfig.AllowConfigurationChanges,
+						 "workspaces-allow-changes"sv);
 
 	// These have special command line processing so we make sure we export them if they were configured on command line
 	if (!ServerOptions.AuthConfig.OpenIdProviders.empty())
@@ -1063,13 +1017,19 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions)
 					   cxxopts::value<bool>(ServerOptions.StatsConfig.Enabled)->default_value("false"),
 					   "Enable statsd reporter (localhost:8125)");
 
-	options.add_option("stats",
+	options.add_option("workspaces",
 					   "",
 					   "workspaces-enabled",
 					   "",
-					   cxxopts::value<bool>(ServerOptions.WorksSpacesConfig.Enabled)->default_value("false"),
+					   cxxopts::value<bool>(ServerOptions.WorksSpacesConfig.Enabled)->default_value("true"),
 					   "Enable workspaces support with folder sharing");
 
+	options.add_option("workspaces",
+					   "",
+					   "workspaces-allow-changes",
+					   "",
+					   cxxopts::value<bool>(ServerOptions.WorksSpacesConfig.AllowConfigurationChanges)->default_value("false"),
+					   "Allow adding/modifying/deleting of workspace and shares via http endpoint");
 	try
 	{
 		cxxopts::ParseResult Result;