chore: Adjust REUSE configuration to cover all files

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

REUSE.toml

@@ -6,33 +6,27 @@ SPDX-PackageSupplier = "Nextcloud <info@nextcloud.com>"
 SPDX-PackageDownloadLocation = "https://github.com/nextcloud/suspicious_login"
 
 [[annotations]]
-path = [".tx/config", "l10n/**.js", "l10n/**.json", "screenshots/admin_settings.png", "screenshots/notification_android.png", "screenshots/notification_web.png"]
+path = [".tx/config", "l10n/**.js", "l10n/**.json", "**/composer.json", "**/composer.lock", "package.json", "package-lock.json", "renovate.json", ".github/CODEOWNERS", "tests/psalm-baseline.xml"]
 precedence = "aggregate"
-SPDX-FileCopyrightText = "2019 Nextcloud GmbH and Nextcloud contributors"
-SPDX-License-Identifier = "AGPL-3.0-or-later"
+SPDX-FileCopyrightText = "2021 Nextcloud GmbH and Nextcloud contributors"
+SPDX-License-Identifier = "CC0-1.0"
 
 [[annotations]]
-path = [".github/CODEOWNERS", "renovate.json"]
-precedence = "aggregate"
-SPDX-FileCopyrightText = "2023 Nextcloud GmbH and Nextcloud contributors"
-SPDX-License-Identifier = "AGPL-3.0-or-later"
-
-[[annotations]]
-path = ["composer.json", "composer.lock"]
-precedence = "aggregate"
-SPDX-FileCopyrightText = "2018 Nextcloud GmbH and Nextcloud contributors"
-SPDX-License-Identifier = "AGPL-3.0-or-later"
-
-[[annotations]]
-path = ["vendor-bin/php-cs-fixer/composer.json", "vendor-bin/php-cs-fixer/composer.lock"]
+path = ["tsconfig.json", "vite.config.ts"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2024 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"
 
 [[annotations]]
-path = ["package.json", "package-lock.json", "tests/phpunit.xml"]
+path = ["css/*.css", "css/*.map", "js/*.js.map"]
 precedence = "aggregate"
-SPDX-FileCopyrightText = "2019 Nextcloud GmbH and Nextcloud contributors"
+SPDX-FileCopyrightText = "2024 Nextcloud GmbH and Nextcloud contributors"
+SPDX-License-Identifier = "AGPL-3.0-or-later"
+
+[[annotations]]
+path = ["screenshots/*.png"]
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2024 Nextcloud GmbH and Nextcloud contributors"
 SPDX-License-Identifier = "AGPL-3.0-or-later"
 
 [[annotations]]
@@ -40,9 +34,3 @@ path = ["img/app.svg", "img/app-dark.svg"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2018-2024 Google LLC"
 SPDX-License-Identifier = "Apache-2.0"
-
-[[annotations]]
-path = ["js/settings.js", "js/settings.js.LICENSE.txt", "js/settings.js.map"]
-precedence = "aggregate"
-SPDX-FileCopyrightText = "2019 Nextcloud GmbH and Nextcloud contributors, 2020 Chart.js Contributors, 2014-2022 Evan You, 2011-2023 Tim Wood, Iskren Chernev, Moment.js contributors"
-SPDX-License-Identifier = "AGPL-3.0-or-later AND MIT"

js/settings.js.LICENSE.txt

@@ -1,16 +0,0 @@
-/*!
- * Chart.js v2.9.4
- * https://www.chartjs.org
- * (c) 2020 Chart.js Contributors
- * Released under the MIT License
- */
-
-/*!
- * Vue.js v2.7.14
- * (c) 2014-2022 Evan You
- * Released under the MIT License.
- */
-
-//! moment.js
-
-//! moment.js locale configuration

js/settings.js.license

@@ -0,0 +1,21 @@
+SPDX-License-Identifier: MIT
+SPDX-License-Identifier: AGPL-3.0-or-later
+SPDX-FileCopyrightText: chart.js developers
+SPDX-FileCopyrightText: Tobias Koppers @sokra
+SPDX-FileCopyrightText: Iskren Ivov Chernev <iskren.chernev@gmail.com> (https://github.com/ichernev)
+SPDX-FileCopyrightText: Christoph Wurst
+
+
+This file is generated from multiple sources. Included packages:
+- chart.js
+	- version: 2.9.4
+	- license: MIT
+- moment
+	- version: 2.29.4
+	- license: MIT
+- webpack
+	- version: 5.88.2
+	- license: MIT
+- suspicious_login
+	- version: 9.0.0
+	- license: AGPL-3.0-or-later

lib/Migration/Version0Date20181214103754.php

@@ -10,6 +10,7 @@ declare(strict_types=1);
 namespace OCA\SuspiciousLogin\Migration;
 
 use Closure;
+use Doctrine\DBAL\Types\Type;
 use OCP\DB\ISchemaWrapper;
 use OCP\DB\Types;
 use OCP\Migration\IOutput;
@@ -30,7 +31,7 @@ class Version0Date20181214103754 extends SimpleMigrationStep {
 
 		$table = $schema->getTable('suspicious_login_model');
 		$table->getColumn('app_version')
-			->setType(Types::STRING);
+			->setType(Type::getType(Types::STRING));
 
 		return $schema;
 	}

package.json

@@ -43,5 +43,5 @@
     "extends @nextcloud/browserslist-config"
   ],
   "author": "Christoph Wurst",
-  "license": "AGPL-3.0"
+  "license": "AGPL-3.0-or-later"
 }

psalm.xml

@@ -24,12 +24,15 @@
 		<directory name="vendor" />
 		<directory name="vendor-bin/psalm/vendor/nextcloud/ocp" />
 	</extraFiles>
+	<stubs>
+		<file name="tests/stubs/doctrine_dbal_types_type.php" />
+	</stubs>
 	<issueHandlers>
 		<UndefinedDocblockClass>
 			<errorLevel type="suppress">
+				<referencedClass name="Doctrine\DBAL\Driver\Statement" />
 				<referencedClass name="Doctrine\DBAL\Schema\Schema" />
 				<referencedClass name="Doctrine\DBAL\Schema\SchemaException" />
-				<referencedClass name="Doctrine\DBAL\Driver\Statement" />
 				<referencedClass name="Doctrine\DBAL\Schema\Table" />
 			</errorLevel>
 		</UndefinedDocblockClass>

src/WebpackSPDXPlugin.js

@@ -0,0 +1,221 @@
+'use strict'
+
+/**
+ * Party inspired by https://github.com/FormidableLabs/webpack-stats-plugin
+ *
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: MIT
+ */
+
+const { constants } = require('node:fs')
+const fs = require('node:fs/promises')
+const path = require('node:path')
+const webpack = require('webpack')
+
+class WebpackSPDXPlugin {
+
+	#options
+
+	/**
+	 * @param {object} opts Parameters
+	 * @param {Record<string, string>} opts.override Override licenses for packages
+	 */
+	constructor(opts = {}) {
+		this.#options = { override: {}, ...opts }
+	}
+
+	apply(compiler) {
+		compiler.hooks.thisCompilation.tap('spdx-plugin', (compilation) => {
+			// `processAssets` is one of the last hooks before frozen assets.
+			// We choose `PROCESS_ASSETS_STAGE_REPORT` which is the last possible
+			// stage after which to emit.
+			compilation.hooks.processAssets.tapPromise(
+				{
+					name: 'spdx-plugin',
+					stage: compilation.constructor.PROCESS_ASSETS_STAGE_REPORT,
+				},
+				() => this.emitLicenses(compilation),
+			)
+		})
+	}
+
+	/**
+	 * Find the nearest package.json
+	 * @param {string} dir Directory to start checking
+	 */
+	async #findPackage(dir) {
+		if (!dir || dir === '/' || dir === '.') {
+			return null
+		}
+
+		const packageJson = `${dir}/package.json`
+		try {
+			await fs.access(packageJson, constants.F_OK)
+		} catch (e) {
+			return await this.#findPackage(path.dirname(dir))
+		}
+
+		const { private: isPrivatePacket, name } = JSON.parse(await fs.readFile(packageJson))
+		// "private" is set in internal package.json which should not be resolved but the parent package.json
+		// Same if no name is set in package.json
+		if (isPrivatePacket === true || !name) {
+			return (await this.#findPackage(path.dirname(dir))) ?? packageJson
+		}
+		return packageJson
+	}
+
+	/**
+	 * Emit licenses found in compilation to '.license' files
+	 * @param {webpack.Compilation} compilation Webpack compilation object
+	 * @param {*} callback Callback for old webpack versions
+	 */
+	async emitLicenses(compilation, callback) {
+		const logger = compilation.getLogger('spdx-plugin')
+		// cache the node packages
+		const packageInformation = new Map()
+
+		const warnings = new Set()
+		/** @type {Map<string, Set<webpack.Chunk>>} */
+		const sourceMap = new Map()
+
+		for (const chunk of compilation.chunks) {
+			for (const file of chunk.files) {
+				if (sourceMap.has(file)) {
+					sourceMap.get(file).add(chunk)
+				} else {
+					sourceMap.set(file, new Set([chunk]))
+				}
+			}
+		}
+
+		for (const [asset, chunks] of sourceMap.entries()) {
+			/** @type {Set<webpack.Module>} */
+			const modules = new Set()
+			/**
+			 * @param {webpack.Module} module
+			 */
+			const addModule = (module) => {
+				if (module && !modules.has(module)) {
+					modules.add(module)
+					for (const dep of module.dependencies) {
+						addModule(compilation.moduleGraph.getModule(dep))
+					}
+				}
+			}
+			chunks.forEach((chunk) => chunk.getModules().forEach(addModule))
+
+			const sources = [...modules].map((module) => module.identifier())
+				.map((source) => {
+					const skipped = [
+						'delegated',
+						'external',
+						'container entry',
+						'ignored',
+						'remote',
+						'data:',
+					]
+					// Webpack sources that we can not infer license information or that is not included (external modules)
+					if (skipped.some((prefix) => source.startsWith(prefix))) {
+						return ''
+					}
+					// Internal webpack sources
+					if (source.startsWith('webpack/runtime')) {
+						return require.resolve('webpack')
+					}
+					// Handle webpack loaders
+					if (source.includes('!')) {
+						return source.split('!').at(-1)
+					}
+					if (source.includes('|')) {
+						return source
+							.split('|')
+							.filter((s) => s.startsWith(path.sep))
+							.at(0)
+					}
+					return source
+				})
+				.filter((s) => !!s)
+				.map((s) => s.split('?', 2)[0])
+
+			// Skip assets without modules, these are emitted by webpack plugins
+			if (sources.length === 0) {
+				logger.warn(`Skipping ${asset} because it does not contain any source information`)
+				continue
+			}
+
+			/** packages used by the current asset
+			 * @type {Set<string>}
+			 */
+			const packages = new Set()
+
+			// packages is the list of packages used by the asset
+			for (const sourcePath of sources) {
+				const pkg = await this.#findPackage(path.dirname(sourcePath))
+				if (!pkg) {
+					logger.warn(`No package for source found (${sourcePath})`)
+					continue
+				}
+
+				if (!packageInformation.has(pkg)) {
+					// Get the information from the package
+					const { author: packageAuthor, name, version, license: packageLicense, licenses } = JSON.parse(await fs.readFile(pkg))
+					// Handle legacy packages
+					let license = !packageLicense && licenses
+						? licenses.map((entry) => entry.type ?? entry).join(' OR ')
+						: packageLicense
+					if (license?.includes(' ') && !license?.startsWith('(')) {
+						license = `(${license})`
+					}
+					// Handle both object style and string style author
+					const author = typeof packageAuthor === 'object'
+						? `${packageAuthor.name}` + (packageAuthor.mail ? ` <${packageAuthor.mail}>` : '')
+						: packageAuthor ?? `${name} developers`
+
+					packageInformation.set(pkg, {
+						version,
+						// Fallback to directory name if name is not set
+						name: name ?? path.basename(path.dirname(pkg)),
+						author,
+						license,
+					})
+				}
+				packages.add(pkg)
+			}
+
+			let output = 'This file is generated from multiple sources. Included packages:\n'
+			const authors = new Set()
+			const licenses = new Set()
+			for (const packageName of [...packages].sort()) {
+				const pkg = packageInformation.get(packageName)
+				const license = this.#options.override[pkg.name] ?? pkg.license
+				// Emit warning if not already done
+				if (!license && !warnings.has(pkg.name)) {
+					logger.warn(`Missing license information for package ${pkg.name}, you should add it to the 'override' option.`)
+					warnings.add(pkg.name)
+				}
+				licenses.add(license || 'unknown')
+				authors.add(pkg.author)
+				output += `- ${pkg.name}\n\t- version: ${pkg.version}\n\t- license: ${license}\n`
+			}
+			output = `\n\n${output}`
+			for (const author of [...authors].sort()) {
+				output = `SPDX-FileCopyrightText: ${author}\n${output}`
+			}
+			for (const license of [...licenses].sort()) {
+				output = `SPDX-License-Identifier: ${license}\n${output}`
+			}
+
+			compilation.emitAsset(
+				asset.split('?', 2)[0] + '.license',
+				new webpack.sources.RawSource(output),
+			)
+		}
+
+		if (callback) {
+			return callback()
+		}
+	}
+
+}
+
+module.exports = WebpackSPDXPlugin

src/webpack.prod.js

@@ -3,9 +3,33 @@
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
 const { merge } = require('webpack-merge')
+const SPDXplugin = require('./WebpackSPDXPlugin.js')
 const common = require('./webpack.common.js')
 
-module.exports = merge(common, {
-  mode: 'production',
-  devtool: 'source-map'
+const merged = merge(common, {
+	mode: 'production',
+	devtool: 'source-map'
 })
+
+merged.plugins.push(new SPDXplugin())
+merged.optimization = {
+	minimizer: [{
+		apply: (compiler) => {
+			// Lazy load the Terser plugin
+			const TerserPlugin = require('terser-webpack-plugin')
+			new TerserPlugin({
+				extractComments: false,
+				terserOptions: {
+					format: {
+						comments: false,
+					},
+					compress: {
+						passes: 2,
+					},
+				},
+			}).apply(compiler)
+		},
+	}]
+}
+
+module.exports = merged

tests/phpunit.xml

@@ -1,4 +1,8 @@
 <?xml version="1.0" encoding="utf-8" ?>
+<!--
+	SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
+	SPDX-License-Identifier: CC0-1.0
+-->
 <phpunit bootstrap="bootstrap.php"
 	 verbose="true"
 	 convertDeprecationsToExceptions="true"
@@ -22,4 +26,3 @@
 		<log type="coverage-clover" target="./clover.xml"/>
 	</logging>
 </phpunit>
-

tests/stubs/doctrine_dbal_types_type.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace Doctrine\DBAL\Types;
+
+/**
+ * SPDX-FileCopyrightText: 2006-2018 Doctrine Project
+ * SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: MIT
+ */
+
+abstract class Type {
+	public static function getType($name) {
+		return new static();
+	}
+}