feat: Configuration for sharing inside context configuration (#4615)

Moved sharing configuration from top-level to context-specific settings,
following the same pattern as other context-based configurations

  **Before:**
 ```yaml
  sharing:
    auto_accept_trusted: true
    contexts:
      twake:
        auto_accept_trusted: false
```
  **After:**
  ```yaml
  contexts:
    default:
      sharing:
        auto_accept_trusted: false
    twake:
      sharing:
        auto_accept_trusted: true
  ```

Author: shepilov

cozy.example.yaml

@@ -530,6 +530,25 @@ contexts:
           - src: /logos/1_partner.png
             alt: Partner n°1
             type: secondary
+    # Sharing configuration for cozy-to-cozy sharing trust rules
+    sharing:
+      # Auto-accept sharing invitations from trusted domains or contacts(default: false)
+      auto_accept_trusted: true
+      # Auto-accept sharing invitations from trusted contacts (default: false)
+      auto_accept_trusted_contacts: true
+      # List of trusted domains for automatic sharing acceptance
+      trusted_domains:
+        - example.com
+        - mycompany.twake.app
+
+  # Default context - used as fallback when instance context is not specified
+  # or when a context doesn't have sharing configuration
+  default:
+    sharing:
+      # Conservative defaults for production
+      auto_accept_trusted: false
+      auto_accept_trusted_contacts: false
+      trusted_domains: []
 
 rabbitmq:
   enabled: true

model/sharing/oauth.go

@@ -473,9 +473,9 @@ func (s *Sharing) SendAnswer(inst *instance.Instance, state string) error {
 	s.Active = true
 	s.Initial = s.NbFiles > 0
 
-	options := config.GetConfig().Sharing.OptionsForContext(inst.ContextName)
+	options := config.GetSharingConfig(inst.ContextName)
 	// Mark the sender's contact as trusted since we accepted their sharing
-	if *options.AutoAcceptTrustedContacts && len(s.Members) > 0 && s.Members[0].Email != "" {
+	if options.AutoAcceptTrustedContacts && len(s.Members) > 0 && s.Members[0].Email != "" {
 		c, err := contact.FindByEmail(inst, s.Members[0].Email)
 		if err != nil {
 			// Contact doesn't exist, create it using the standardized method

model/sharing/trust.go

@@ -19,9 +19,9 @@ func IsTrustedMember(inst *instance.Instance, member *Member) bool {
 	if inst == nil || member == nil {
 		return false
 	}
-	options := config.GetConfig().Sharing.OptionsForContext(inst.ContextName)
+	options := config.GetSharingConfig(inst.ContextName)
 
-	if options.AutoAcceptTrusted == nil || !*options.AutoAcceptTrusted {
+	if !options.AutoAcceptTrusted {
 		return false
 	}
 
@@ -48,7 +48,7 @@ func IsTrustedMember(inst *instance.Instance, member *Member) bool {
 	}
 
 	// Check if this member is a trusted contact
-	if options.AutoAcceptTrustedContacts == nil || !*options.AutoAcceptTrustedContacts {
+	if !options.AutoAcceptTrustedContacts {
 		return false
 	}
 	if isTrustedContact(inst, member) {

model/sharing/trust_test.go

@@ -18,12 +18,16 @@ func TestIsTrustedMember(t *testing.T) {
 	inst := setup.GetTestInstance()
 
 	cfg := config.GetConfig()
-	prevSharing := cfg.Sharing
-	cfg.Sharing = config.SharingConfig{
-		AutoAcceptTrusted: true,
-		Contexts:          map[string]config.SharingContext{},
+	prevContexts := cfg.Contexts
+	// Initialize contexts with sharing config
+	cfg.Contexts = map[string]interface{}{
+		config.DefaultInstanceContext: map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+			},
+		},
 	}
-	t.Cleanup(func() { cfg.Sharing = prevSharing })
+	t.Cleanup(func() { cfg.Contexts = prevContexts })
 
 	inst.Domain = "owner.example.com"
 
@@ -40,10 +44,14 @@ func TestIsTrustedMember(t *testing.T) {
 	t.Run("Scenario 1: B2C SaaS (twake.app) - users DON'T trust each other", func(t *testing.T) {
 		// In B2C SaaS, users like alice.twake.app and bob.twake.app should NOT trust each other
 		// Configuration: Don't add twake.app to TrustedDomains
-		cfg.Sharing.Contexts[config.DefaultInstanceContext] = config.SharingContext{
-			TrustedDomains: []string{}, // Empty - no trust between users
+		prevDefault := cfg.Contexts[config.DefaultInstanceContext]
+		cfg.Contexts[config.DefaultInstanceContext] = map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+				"trusted_domains":     []interface{}{}, // Empty - no trust between users
+			},
 		}
-		t.Cleanup(func() { delete(cfg.Sharing.Contexts, config.DefaultInstanceContext) })
+		t.Cleanup(func() { cfg.Contexts[config.DefaultInstanceContext] = prevDefault })
 
 		inst.Domain = "alice.twake.app"
 		member := &Member{Email: "bob@twake.app", Instance: "https://bob.twake.app"}
@@ -56,10 +64,14 @@ func TestIsTrustedMember(t *testing.T) {
 		// In B2B SaaS, users within the same organization should trust each other
 		// Organization: linagora.twake.app
 		// Users: alice.linagora.twake.app, bob.linagora.twake.app
-		cfg.Sharing.Contexts[config.DefaultInstanceContext] = config.SharingContext{
-			TrustedDomains: []string{"linagora.twake.app"},
+		prevDefault := cfg.Contexts[config.DefaultInstanceContext]
+		cfg.Contexts[config.DefaultInstanceContext] = map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+				"trusted_domains":     []interface{}{"linagora.twake.app"},
+			},
 		}
-		t.Cleanup(func() { delete(cfg.Sharing.Contexts, config.DefaultInstanceContext) })
+		t.Cleanup(func() { cfg.Contexts[config.DefaultInstanceContext] = prevDefault })
 
 		t.Run("users in same org trust each other", func(t *testing.T) {
 			inst.Domain = "alice.linagora.twake.app"
@@ -88,10 +100,14 @@ func TestIsTrustedMember(t *testing.T) {
 
 	t.Run("Scenario 3: On-premise - all users trust each other", func(t *testing.T) {
 		// On-premise deployment where all users under *.linagora.com trust each other
-		cfg.Sharing.Contexts[config.DefaultInstanceContext] = config.SharingContext{
-			TrustedDomains: []string{"linagora.com"},
+		prevDefault := cfg.Contexts[config.DefaultInstanceContext]
+		cfg.Contexts[config.DefaultInstanceContext] = map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+				"trusted_domains":     []interface{}{"linagora.com"},
+			},
 		}
-		t.Cleanup(func() { delete(cfg.Sharing.Contexts, config.DefaultInstanceContext) })
+		t.Cleanup(func() { cfg.Contexts[config.DefaultInstanceContext] = prevDefault })
 
 		t.Run("all users under same domain trust each other", func(t *testing.T) {
 			inst.Domain = "alice.linagora.com"
@@ -121,11 +137,15 @@ func TestIsTrustedMember(t *testing.T) {
 	t.Run("Contact-based trust", func(t *testing.T) {
 		// Configure with NO trusted domains
 
-		cfg.Sharing.Contexts[config.DefaultInstanceContext] = config.SharingContext{
-			TrustedDomains:            []string{},
-			AutoAcceptTrustedContacts: &[]bool{true}[0],
+		prevDefault := cfg.Contexts[config.DefaultInstanceContext]
+		cfg.Contexts[config.DefaultInstanceContext] = map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted":          true,
+				"trusted_domains":              []interface{}{},
+				"auto_accept_trusted_contacts": true,
+			},
 		}
-		t.Cleanup(func() { delete(cfg.Sharing.Contexts, config.DefaultInstanceContext) })
+		t.Cleanup(func() { cfg.Contexts[config.DefaultInstanceContext] = prevDefault })
 
 		t.Run("untrusted contact from untrusted domain", func(t *testing.T) {
 			inst.Domain = "alice.example.com"

pkg/config/config/config.go

@@ -33,6 +33,7 @@ import (
 	"github.com/cozy/cozy-stack/pkg/tlsclient"
 	"github.com/cozy/cozy-stack/pkg/utils"
 	"github.com/cozy/gomail"
+	"github.com/mitchellh/mapstructure"
 	"github.com/redis/go-redis/v9"
 	"github.com/spf13/viper"
 )
@@ -131,8 +132,6 @@ type Config struct {
 	Notifications          Notifications
 	Flagship               Flagship
 
-	Sharing SharingConfig
-
 	Lock              lock.Getter
 	Limiter           *limits.RateLimiter
 	SessionStorage    redis.UniversalClient
@@ -319,47 +318,52 @@ type Flagship struct {
 	AppleAppIDs                   []string
 }
 
-// SharingConfig contains configuration for cozy-to-cozy sharing trust rules.
+// SharingConfig contains sharing trust settings for a specific context.
 type SharingConfig struct {
-	AutoAcceptTrusted         bool                      `mapstructure:"auto_accept_trusted"`
-	AutoAcceptTrustedContacts bool                      `mapstructure:"auto_accept_trusted_contacts"`
-	Contexts                  map[string]SharingContext `mapstructure:"contexts"`
-}
-
-// SharingContext allows overriding sharing trust settings for a specific context.
-type SharingContext struct {
-	AutoAcceptTrusted         *bool    `mapstructure:"auto_accept_trusted"`
-	AutoAcceptTrustedContacts *bool    `mapstructure:"auto_accept_trusted_contacts"`
+	AutoAcceptTrusted         bool     `mapstructure:"auto_accept_trusted"`
+	AutoAcceptTrustedContacts bool     `mapstructure:"auto_accept_trusted_contacts"`
 	TrustedDomains            []string `mapstructure:"trusted_domains"`
 }
 
-// OptionsForContext returns the effective sharing configuration for a given context,
-// after applying context-specific overrides to the global settings.
-func (c SharingConfig) OptionsForContext(contextName string) SharingContext {
-	// Start with an empty context
-	var result SharingContext
+// GetSharingConfig returns the sharing configuration for a given context.
+// It reads from contexts.<contextName>.sharing and falls back to contexts.default.sharing
+// if the specific context doesn't have sharing configuration.
+func GetSharingConfig(contextName string) SharingConfig {
+	// Default configuration with safe defaults
+	defaultConfig := SharingConfig{
+		AutoAcceptTrusted:         false,
+		AutoAcceptTrustedContacts: false,
+		TrustedDomains:            []string{},
+	}
 
-	// Try to get specific context, fallback to default context, or create empty
-	if contextName != "" {
-		if ctx, ok := c.Contexts[contextName]; ok {
-			result = ctx
-		} else if defaultCtx, ok := c.Contexts[DefaultInstanceContext]; ok {
-			result = defaultCtx
-		}
-	} else if defaultCtx, ok := c.Contexts[DefaultInstanceContext]; ok {
-		result = defaultCtx
+	if config == nil || config.Contexts == nil {
+		return defaultConfig
 	}
 
-	// Apply global AutoAcceptTrusted if not set in context
-	if result.AutoAcceptTrusted == nil {
-		result.AutoAcceptTrusted = &c.AutoAcceptTrusted
+	// Try to get sharing config from the specific context
+	if contextName != "" {
+		if ctxData, ok := config.Contexts[contextName].(map[string]interface{}); ok {
+			if sharingData, ok := ctxData["sharing"].(map[string]interface{}); ok {
+				var cfg SharingConfig
+				if err := mapstructure.Decode(sharingData, &cfg); err == nil {
+					return cfg
+				}
+			}
+		}
 	}
 
-	if result.AutoAcceptTrustedContacts == nil {
-		result.AutoAcceptTrustedContacts = &c.AutoAcceptTrustedContacts
+	// Fall back to default context
+	if ctxData, ok := config.Contexts[DefaultInstanceContext].(map[string]interface{}); ok {
+		if sharingData, ok := ctxData["sharing"].(map[string]interface{}); ok {
+			var cfg SharingConfig
+			if err := mapstructure.Decode(sharingData, &cfg); err == nil {
+				return cfg
+			}
+		}
 	}
 
-	return result
+	// Return empty config with safe defaults
+	return defaultConfig
 }
 
 // SMS contains the configuration to send notifications by SMS.
@@ -606,7 +610,6 @@ func applyDefaults(v *viper.Viper) {
 	v.SetDefault("assets_polling_interval", 2*time.Minute)
 	v.SetDefault("fs.versioning.max_number_of_versions_to_keep", 20)
 	v.SetDefault("fs.versioning.min_delay_between_two_versions", 15*time.Minute)
-	v.SetDefault("sharing.auto_accept_trusted", false)
 }
 
 func envMap() map[string]string {
@@ -688,11 +691,6 @@ func UseViper(v *viper.Viper) error {
 		return err
 	}
 
-	sharingCfg, err := makeSharingConfig(v)
-	if err != nil {
-		return err
-	}
-
 	var subdomains SubdomainType
 	if subs := v.GetString("subdomains"); subs != "" {
 		switch subs {
@@ -1002,7 +1000,6 @@ func UseViper(v *viper.Viper) error {
 			PlayIntegrityVerificationKeys: v.GetStringSlice("flagship.play_integrity_verification_keys"),
 			AppleAppIDs:                   v.GetStringSlice("flagship.apple_app_ids"),
 		},
-		Sharing:                sharingCfg,
 		Lock:                   lock.New(lockRedis),
 		SessionStorage:         sessionsRedis,
 		DownloadStorage:        downloadRedis,
@@ -1255,22 +1252,6 @@ func makeSMS(raw map[string]interface{}) map[string]SMS {
 	return sms
 }
 
-func makeSharingConfig(v *viper.Viper) (SharingConfig, error) {
-	var cfg SharingConfig
-
-	// Use UnmarshalKey to automatically handle type conversions
-	if err := v.UnmarshalKey("sharing", &cfg); err != nil {
-		return SharingConfig{}, fmt.Errorf("config: failed to unmarshal sharing config: %w", err)
-	}
-
-	// Ensure Contexts map is initialized even if not present in config
-	if cfg.Contexts == nil {
-		cfg.Contexts = map[string]SharingContext{}
-	}
-
-	return cfg, nil
-}
-
 func makeCommonSettings(v *viper.Viper) (map[string]CommonSettings, error) {
 	settings := make(map[string]CommonSettings)
 

pkg/config/config/config_test.go

@@ -125,16 +125,18 @@ func TestConfigUnmarshal(t *testing.T) {
 		},
 	}, cfg.CommonSettings)
 
-	falseVal := false
-	assert.EqualValues(t, SharingConfig{
-		AutoAcceptTrusted: true,
-		Contexts: map[string]SharingContext{
-			"my-context": {
-				AutoAcceptTrusted: &falseVal,
-				TrustedDomains:    []string{"context.example"},
-			},
-		},
-	}, cfg.Sharing)
+	// Test GetSharingConfig for my-context
+	myContextSharing := GetSharingConfig("my-context")
+	assert.Equal(t, true, myContextSharing.AutoAcceptTrusted)
+	assert.Equal(t, []string{"linagora.com"}, myContextSharing.TrustedDomains)
+
+	// Test GetSharingConfig for default context
+	defaultSharing := GetSharingConfig("default")
+	assert.Equal(t, true, defaultSharing.AutoAcceptTrusted)
+
+	// Test GetSharingConfig for non-existent context falls back to default
+	fallbackSharing := GetSharingConfig("non-existent")
+	assert.Equal(t, true, fallbackSharing.AutoAcceptTrusted)
 
 	// Contexts
 	assert.EqualValues(t, map[string]interface{}{
@@ -150,6 +152,10 @@ func TestConfigUnmarshal(t *testing.T) {
 				map[string]interface{}{"home.konnectors.hide-errors": true},
 				map[string]interface{}{"home_hidden_apps": []interface{}{"foobar"}},
 			},
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+				"trusted_domains":     []interface{}{"linagora.com"},
+			},
 			"logos": map[string]interface{}{
 				"coachco2": map[string]interface{}{
 					"light": []interface{}{
@@ -193,6 +199,11 @@ func TestConfigUnmarshal(t *testing.T) {
 				},
 			},
 		},
+		"default": map[string]interface{}{
+			"sharing": map[string]interface{}{
+				"auto_accept_trusted": true,
+			},
+		},
 	}, cfg.Contexts)
 
 	// Authentication

pkg/config/config/testdata/full_config.yaml

@@ -93,14 +93,6 @@ move:
 konnectors:
   cmd: some-cmd
 
-sharing:
-  auto_accept_trusted: true
-  contexts:
-    my-context:
-      auto_accept_trusted: false
-      trusted_domains:
-        - context.example
-
 registries:
   default: []
   example:
@@ -255,3 +247,11 @@ contexts:
           - src: /logos/1_partner.png
             alt: Partner n°1
             type: secondary
+    sharing:
+      auto_accept_trusted: true
+      trusted_domains:
+        - linagora.com
+
+  default:
+    sharing:
+      auto_accept_trusted: true