Commit Graph

66 Commits

Author SHA1 Message Date
Simon Ser
ddc11d4c7b Upgrade dependencies 2023-12-19 21:22:36 +01:00
Conrad Hoffmann
bbb170aa68 Improve README: TLS, logging 2022-12-17 21:12:34 +01:00
Krystian Chachuła
0a5e6946fb Add TLS support 2022-12-17 20:48:39 +01:00
Conrad Hoffmann
7b98e643e8 Add some more infos to README 2022-12-14 15:36:07 +01:00
Conrad Hoffmann
b266d53b15 Pass capabilites to principal path handler
The capabilities are added automatically by the default principal path
handlers in the `caldav` and `carddav` packages. However, using the
custom handler, they have to be passed in manually.

These being missing before was a violation of the RFC and the cause for
issues when using e.g. DavX5 client. This is now fixed.
2022-12-14 15:19:02 +01:00
Conrad Hoffmann
c5c9901b9d Update go-webdav to latest version 2022-12-14 15:18:40 +01:00
Conrad Hoffmann
40bae8dc31 Switch to a proper logging library
Structured logs can be enabled with `-log.json`.
2022-12-01 13:46:25 +01:00
Conrad Hoffmann
03fce79e57 storage: break filesystem.go into multiple files 2022-12-01 11:06:15 +01:00
Conrad Hoffmann
68de660456 Switch to latest upstream go-webdav
* Use one, fixed path layout
* New type `ConditionalMatch` for contents of `If-Match`/`If-None-Match`
  header
2022-11-22 16:05:00 +01:00
Conrad Hoffmann
7f0f9fd365 Implement If-Match handling 2022-10-31 12:24:32 +01:00
Conrad Hoffmann
0719d5c32f Use latest go-webdav from dev fork
PRs for all change sets are open on upstream go-webdav.
2022-10-31 12:23:54 +01:00
Conrad Hoffmann
058c063819 Fix errors introduced in previous commit :/ 2022-10-28 19:41:44 +02:00
Conrad Hoffmann
b99f38a1b7 Fix assignment to shadowed variable
This fixes the request that creates the address book returning an error
even though it was successfully created and read.
2022-10-28 12:37:41 +02:00
Conrad Hoffmann
196503553a storage/filesystem: implement DeleteCalendarObject 2022-10-28 12:20:22 +02:00
Conrad Hoffmann
9425b8cc81 Temporarily switch to dev version of go-webdav 2022-10-28 12:19:24 +02:00
Conrad Hoffmann
474048d4cd Update to latest go-webdav 2022-10-18 15:19:30 +02:00
Simon Ser
10587f425b auth: add PAM support
Handy for small local installations.

Disabled by default because it adds a dependency on the PAM
library.
2022-09-13 10:04:45 +02:00
Simon Ser
228384530e storage/filesystem: atomically check for IfNoneMatch
Using a separate os.Stat() call may result in a race where another
request handler running concurrently creates the file in-between
the os.Stat() call and the os.Create() call.

Use O_EXCL to avoid this situation.
2022-06-03 10:15:23 +02:00
Conrad Hoffmann
a3bfd56bf9 Update go-webdav dependency
Latest version includes some improvements for `carddav.Filter()`
2022-06-03 09:49:00 +02:00
Conrad Hoffmann
486a5285db Add filtering of CalDAV query results
Currently, `QueryCalendarObjects()` simply returns all objects. Now that
`caldav.Filter()` is available upstream, use it to actually filter out
events that do not match the query.
2022-06-03 09:45:27 +02:00
Conrad Hoffmann
04a422523a Handle If-None-Match in PUT requests
As objects always get written to the path that is their UID, we don't
have to worry about UID conflicts. Unless, the client creates a new
contact, in which case this header should be set.
2022-06-01 11:55:03 +02:00
Conrad Hoffmann
b2057fe9ef Switch back to upstream go-webdav
It now has all the patches needed. There is still more to come for
providing more functionality, but this can all happen upstream.
2022-06-01 11:11:20 +02:00
Simon Ser
5edd0f5a0e storage/filesystem: simplify UserPrincipalBackend
Use composition to expose UserPrincipalBackend in filesystemBackend.
That way, no need to re-define the CurrentUserPrincipal method.
2022-05-24 13:50:54 +02:00
Simon Ser
e443b02acf auth/imap: close IMAP connection earlier
No need to keep it around after Authenticate succeeds while handling
the HTTP request (via next.ServeHTTP).
2022-05-24 13:27:15 +02:00
Conrad Hoffmann
e349c22ef3 Add build manifest with build and lint steps 2022-05-20 09:55:51 +02:00
Conrad Hoffmann
21514ae6b0 Add usage notes to README
Specifically, mention some of the current limitations.
2022-05-20 09:45:17 +02:00
Conrad Hoffmann
d05d1d486e Add more details to README 2022-05-19 12:22:41 +02:00
Conrad Hoffmann
c033c1dfcb Allow PROPPATCH method
This only tells chi to pass those requests to the regular handler. It is
not really handled well in go-webdav so far (work in progress).
2022-05-18 10:21:31 +02:00
Conrad Hoffmann
a734b3b532 Set content length propery for DAV objects
This makes collections play nice with clients that require it, like
cadaver.
2022-05-17 15:28:09 +02:00
Conrad Hoffmann
5a6306bd83 Properly mark TODO comment 2022-05-17 15:24:43 +02:00
Conrad Hoffmann
be2e21ad37 Add very brief instructions for running tokidoki 2022-05-13 15:54:51 +02:00
Conrad Hoffmann
53b2c88311 Adapt to latest changes in go-webdav
There is now only one last PR missing before we can start using the
vanilla upstream go-webdav again. Thanks a lot to Simon for his patience
reviewing my PRs!
2022-05-13 15:38:02 +02:00
Conrad Hoffmann
4765adc1a3 Use NewHTTPError to return better errors
That function is merged upstream, but the current version still depends
on some stuff not yet merged into upstream go-webdav.
2022-05-06 09:16:17 +02:00
Conrad Hoffmann
c2f35df455 Add some debug output to auth module 2022-05-03 16:59:39 +02:00
Conrad Hoffmann
001917295d Add CalDAV support, refactor
The filesystem storage backend now implements the required functions to
act as a basic CalDAV server. Some refactoring was done based on the
go-webdav development: introduce a UserPrincipalBackend, a new function
to serve the user principal URL, and more. See this PR for lots of
details: https://github.com/emersion/go-webdav/pull/62

Also adds a simple facility for debug output.
2022-05-03 16:06:47 +02:00
Conrad Hoffmann
5728f1ee27 Make sure clients cannot overwrite address book
Tighten the regex for valid resources and change the name of the default
address book file so that it is not covered by that regex. This will
prohibit clients from accidentally or maliciously PUTing to that file.
2022-03-16 15:15:01 +01:00
Conrad Hoffmann
f4a3598191 Use simpler os.Create for writing files 2022-03-16 15:11:06 +01:00
Conrad Hoffmann
29bf819ab1 Avoid empty array allocations 2022-03-16 15:08:42 +01:00
Conrad Hoffmann
e5db18e289 Remove stat call from happy path
Just try to read the file, use it if it works. Only if the file does
not exist, create default address book and try again.
2022-03-16 15:02:18 +01:00
Conrad Hoffmann
86359a5e11 Avoid using pointers for card.Card
It's just a map, Go will do the right thing.
2022-03-16 14:51:26 +01:00
Conrad Hoffmann
e069bc0e9b Use SHA1 streaming hash for Etag 2022-03-16 14:47:47 +01:00
Conrad Hoffmann
b3277148d7 Compile regex globally 2022-03-16 14:47:11 +01:00
Conrad Hoffmann
78bd2a9b84 Keep context keys private
Instead, offer type safe accessors, as documented here:

https://pkg.go.dev/context#Context
2022-03-16 14:33:47 +01:00
Conrad Hoffmann
07c19a6f6c Use base64 encoded user name as their base dir
This is safe in all circumstance and leaves it up to the auth backend to
use whatever name they like for authentication.
2022-03-10 17:56:58 +01:00
Conrad Hoffmann
04be038c05 Implement UID conflict check in PutAddressObject 2022-03-10 17:56:58 +01:00
Conrad Hoffmann
8b3306b580 Depend on latest go-webdav version 2022-03-10 16:52:07 +01:00
Conrad Hoffmann
1d50d6dad8 Harden mapping from request path to FS path
Put strict checks in place to avoid authenticated users accessing files
outside of their actual storage directory. These checks will need
updating if multiple address books are to be supported.
2022-03-10 16:46:56 +01:00
Conrad Hoffmann
18a9f9bf77 Implement query and property filters
The property filters are also used for other operations.
2022-03-01 11:51:34 +01:00
Conrad Hoffmann
9b0d3b87ad Use latest upstream go-webdav 2022-03-01 11:51:34 +01:00
Conrad Hoffmann
8c8d96c2bc Fix conflation of URL and storage path
The path returned must of course be the external URL path, not the
internal storage path.
2022-02-28 19:48:49 +01:00