bewcloud/pages/dav.ts
Bruno Bernardino c26cae625e
Remove fresh
This implements a huge change, where Fresh is removed as a framework and serving files, allowing more control over importing, bundling, and serving files and components.

The biggest challenge was to continue making sure that there weren't too many places to look into for import versions, and `PasswordlessPasskeyLogin.tsx` became a prototype in migrating a component to fully SSR, no need for frontend parsing (via Babel) or bundling (via a custom-script, downloading frontend dependencies from esm.sh). Still, there are too many components to migrate like that, and it's all working, so I likely won't even attempt it unless there's some bug, new feature, or security vulnerability to address that warrants a rewrite of those.

This also updates all dependencies (except `@libs/xml` because that still causes some breaking in DAV endpoints), including Deno!

All other advantages can be seen in the related issues, and the breaking change this (v4.0.0) introduces is related simply to `config.email.tlsMode` (which had a deprecation warning throughout v3), and because, while I tested many things exhaustively, it's not impossible something broke that I didn't see.

Closes #141
Closes #132
2026-02-20 10:54:31 +00:00

268 lines
7.6 KiB
TypeScript

import page, { RequestHandlerParams } from '/lib/page.ts';
import { join } from '@std/path';
import { parse, stringify } from '@libs/xml';
import { AppConfig } from '/lib/config.ts';
import Locker from '/lib/interfaces/locker.ts';
import {
addDavPrefixToKeys,
buildPropFindResponse,
getProperDestinationPath,
getPropertyNames,
} from '/lib/utils/webdav.ts';
import { ensureUserPathIsValidAndSecurelyAccessible, FileModel } from '/lib/models/files.ts';
async function handler({ request, user, match }: RequestHandlerParams): Promise<Response> {
if (!user) {
return new Response('Unauthorized', {
status: 401,
headers: { 'www-authenticate': 'Basic realm="bewCloud", charset="UTF-8"' },
});
}
if (
!(await AppConfig.isAppEnabled('files')) && !(await AppConfig.isAppEnabled('photos')) &&
!(await AppConfig.isAppEnabled('notes'))
) {
return new Response('Forbidden', { status: 403 });
}
let { filePath } = match.pathname.groups;
if (!filePath) {
filePath = '/';
}
filePath = decodeURIComponent(filePath);
const userId = user!.id;
const rootPath = join(await AppConfig.getFilesRootPath(), userId);
if (request.method === 'OPTIONS') {
const headers = new Headers({
DAV: '1, 2',
'Ms-Author-Via': 'DAV',
Allow: 'OPTIONS, DELETE, PROPFIND',
'Content-Length': '0',
Date: new Date().toUTCString(),
});
return new Response(null, { status: 200, headers });
}
if (request.method === 'GET') {
try {
const fileResult = await FileModel.get(userId, filePath);
if (!fileResult.success) {
return new Response('Not Found', { status: 404 });
}
return new Response(fileResult.contents! as BodyInit, {
status: 200,
headers: {
'cache-control': 'no-cache, no-store, must-revalidate',
'content-type': fileResult.contentType!,
'content-length': fileResult.byteSize!.toString(),
},
});
} catch (error) {
console.error(error);
}
return new Response('Not Found', { status: 404 });
}
if (request.method === 'DELETE') {
try {
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
await Deno.remove(join(rootPath, filePath));
return new Response(null, { status: 204 });
} catch (error) {
console.error(error);
}
return new Response('Not Found', { status: 404 });
}
if (request.method === 'PUT') {
const contentLengthString = request.headers.get('content-length');
const contentLength = contentLengthString ? parseInt(contentLengthString, 10) : null;
const body = contentLength === 0 ? new Blob([new Uint8Array([0])]).stream() : request.clone().body;
try {
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
const newFile = await Deno.open(join(rootPath, filePath), {
create: true,
write: true,
truncate: true,
});
await body?.pipeTo(newFile.writable);
return new Response('Created', { status: 201 });
} catch (error) {
console.error(error);
}
return new Response('Not Found', { status: 404 });
}
if (request.method === 'COPY') {
const newFilePath = request.headers.get('destination');
if (newFilePath) {
try {
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
await ensureUserPathIsValidAndSecurelyAccessible(userId, getProperDestinationPath(newFilePath));
await Deno.copyFile(join(rootPath, filePath), join(rootPath, getProperDestinationPath(newFilePath)));
return new Response('Created', { status: 201 });
} catch (error) {
console.error(error);
}
}
return new Response('Bad Request', { status: 400 });
}
if (request.method === 'MOVE') {
const newFilePath = request.headers.get('destination');
if (newFilePath) {
try {
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
await ensureUserPathIsValidAndSecurelyAccessible(userId, getProperDestinationPath(newFilePath));
await Deno.rename(join(rootPath, filePath), join(rootPath, getProperDestinationPath(newFilePath)));
return new Response('Created', { status: 201 });
} catch (error) {
console.error(error);
}
}
}
if (request.method === 'MKCOL') {
try {
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
await Deno.mkdir(join(rootPath, filePath), { recursive: true });
return new Response('Created', { status: 201 });
} catch (error) {
console.error(error);
}
return new Response('Not Found', { status: 404 });
}
if (request.method === 'LOCK') {
const depthString = request.headers.get('depth');
const depth = depthString ? parseInt(depthString, 10) : null;
const xml = await request.clone().text();
const parsedXml = parse(xml) as Record<string, any>;
const lockToken = crypto.randomUUID();
const lock = new Locker(`dav:${lockToken}`);
await lock.acquire();
const responseXml: Record<string, any> = {
xml: {
'@version': '1.0',
'@encoding': 'UTF-8',
},
prop: {
'@xmlns:D': 'DAV:',
lockdiscovery: {
activelock: {
locktype: { write: null },
lockscope: { exclusive: null },
depth,
owner: {
href: parsedXml['D:lockinfo']?.['D:owner']?.['D:href'],
},
timeout: 'Second-600',
locktoken: { href: lockToken },
lockroot: { href: filePath },
},
},
},
};
const responseString = stringify(addDavPrefixToKeys(responseXml));
return new Response(responseString, {
status: 200,
headers: {
'Content-Type': 'application/xml; charset=utf-8',
'Lock-Token': `<${lockToken}>`,
'Content-Length': responseString.length.toString(),
Date: new Date().toUTCString(),
},
});
}
if (request.method === 'UNLOCK') {
const lockToken = request.headers.get('Lock-Token');
const lock = new Locker(`dav:${lockToken}`);
lock.release();
return new Response(null, {
status: 204,
headers: { Date: new Date().toUTCString() },
});
}
if (request.method === 'PROPFIND') {
const depthString = request.headers.get('depth');
const depth = depthString ? parseInt(depthString, 10) : null;
const xml = await request.clone().text();
let properties: string[] = [];
try {
const parsedXml = parse(xml) as Record<string, any>;
properties = getPropertyNames(parsedXml);
} catch (error) {
console.error('Error parsing XML: ', error);
properties = ['allprop'];
}
await ensureUserPathIsValidAndSecurelyAccessible(userId, filePath);
const responseXml = await buildPropFindResponse(properties, rootPath, filePath, depth);
return responseXml['D:multistatus']['D:response'].length === 0
? new Response('Not Found', {
status: 404,
headers: new Headers({ 'Content-Type': 'text/plain; charset=utf-8' }),
})
: new Response(stringify(responseXml), {
status: 207,
headers: new Headers({
'Content-Type': 'text/xml; charset=utf-8',
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Methods': '*',
}),
});
}
return new Response(null, { status: 405 });
}
export default page({
get: handler,
delete: handler,
put: handler,
options: handler,
copy: handler,
move: handler,
mkcol: handler,
lock: handler,
unlock: handler,
propfind: handler,
report: handler,
accessMode: 'public',
});