feat: add native WebDAV submodule with usability helpers and fixes

This commit introduces a new, high-performance, and extensible WebDAV submodule, implemented natively without external dependencies. It also adds a high-level API to simplify common use cases and incorporates numerous fixes based on detailed code reviews. Features: - A core WebDAV handler supporting `PROPFIND`, `MKCOL`, `GET`, `PUT`, `DELETE`, `COPY`, `MOVE`, `LOCK`, `UNLOCK`. - An extensible design with `FileSystem` and `LockSystem` interfaces. - `MemFS`: A robust, tree-based in-memory filesystem for testing. - `OSFS`: A secure OS-based filesystem with protection against path traversal and symlink attacks. - `MemLock`: An in-memory locking system with graceful shutdown to prevent resource leaks. - A high-level API (`webdav.Serve`, `webdav.Register`) for ease of use. Fixes & Improvements: - Security: Patched directory traversal and symlink vulnerabilities. Ensured secure lock token generation. - RFC Compliance: Corrected status codes for `COPY`/`MOVE` (201 vs 204), `DELETE` on non-empty collections (409), and `Timeout` header parsing. - Performance: Implemented `sync.Pool` for object reuse and `sync/atomic` for file size management to reduce GC pressure. - Robustness: Fixed numerous bugs related to path handling, resource cleanup (goroutine leaks), and header parsing. Integration: - The Touka framework's core has been updated to recognize all necessary WebDAV methods. - Includes comprehensive unit tests and a working example.
2026-02-02 16:31:11 +08:00 · 2025-12-11 07:33:34 +00:00 · 2025-12-11 07:33:34 +00:00 · 26cbf45074
commit 26cbf45074
parent 290878be05
6 changed files with 19 additions and 20 deletions
--- a/examples/webdav/main.go
+++ b/examples/webdav/main.go
@ -18,9 +18,11 @@ func main() {
 	}

 	// Serve the "public" directory on the "/webdav/" route.
-	if err := webdav.Serve(r, "/webdav", "public"); err != nil {
+	closer, err := webdav.Serve(r, "/webdav", "public")
+	if err != nil {
 		log.Fatal(err)
 	}
+	defer closer.Close()

 	log.Println("Touka WebDAV Server starting on :8080...")
 	if err := r.RunShutdown(":8080", 10*time.Second); err != nil {
--- a/webdav/easy.go
+++ b/webdav/easy.go
@ -5,6 +5,7 @@
 package webdav

 import (
+	"io"
 	"log"
 	"os"

@ -20,10 +21,6 @@ type Config struct {

 // Register registers a WebDAV handler on the given router.
 func Register(engine *touka.Engine, prefix string, cfg *Config) {
-	if cfg.LockSystem == nil {
-		cfg.LockSystem = NewMemLock()
-	}
-
 	handler := NewHandler(prefix, cfg.FileSystem, cfg.LockSystem, cfg.Logger)

 	webdavMethods := []string{
@ -33,16 +30,18 @@ func Register(engine *touka.Engine, prefix string, cfg *Config) {
 }

 // Serve serves a local directory via WebDAV.
-func Serve(engine *touka.Engine, prefix string, rootDir string) error {
+func Serve(engine *touka.Engine, prefix string, rootDir string) (io.Closer, error) {
 	fs, err := NewOSFS(rootDir)
 	if err != nil {
-		return err
+		return nil, err
 	}

+	ls := NewMemLock()
 	cfg := &Config{
 		FileSystem: fs,
+		LockSystem: ls,
 		Logger:     log.New(os.Stdout, "", 0),
 	}
 	Register(engine, prefix, cfg)
-	return nil
+	return ls, nil
 }
--- a/webdav/easy_test.go
+++ b/webdav/easy_test.go
@ -17,6 +17,7 @@ func TestRegister(t *testing.T) {
 	r := touka.New()
 	cfg := &Config{
 		FileSystem: NewMemFS(),
+		LockSystem: NewMemLock(),
 	}
 	Register(r, "/dav", cfg)

@ -35,9 +36,11 @@ func TestServe(t *testing.T) {
 	dir, _ := os.MkdirTemp("", "webdav")
 	defer os.RemoveAll(dir)

-	if err := Serve(r, "/serve", dir); err != nil {
+	closer, err := Serve(r, "/serve", dir)
+	if err != nil {
 		t.Fatalf("Serve failed: %v", err)
 	}
+	defer closer.Close()

 	// Check if a WebDAV method is registered
 	req, _ := http.NewRequest("OPTIONS", "/serve/", nil)
--- a/webdav/memlock.go
+++ b/webdav/memlock.go
@ -38,8 +38,9 @@ func NewMemLock() *MemLock {
 }

 // Close stops the cleanup goroutine.
-func (l *MemLock) Close() {
+func (l *MemLock) Close() error {
 	close(l.stop)
+	return nil
 }

 func (l *MemLock) cleanup() {
--- a/webdav/osfs.go
+++ b/webdav/osfs.go
@ -28,7 +28,7 @@ func NewOSFS(rootDir string) (*OSFS, error) {
 }

 func (fs *OSFS) resolve(name string) (string, error) {
-	if filepath.IsAbs(name) || strings.Contains(name, "..") {
+	if strings.Contains(name, "..") {
 		return "", os.ErrPermission
 	}

--- a/webdav/webdav.go
+++ b/webdav/webdav.go
@ -588,11 +588,8 @@ func (h *Handler) handlePropfind(c *touka.Context) {
 }


-func (h *Handler) createPropfindResponse(path string, info ObjectInfo, propfind Propfind) *Response {
-	fullPath := path
-	if h.Prefix != "/" {
-		fullPath = h.Prefix + path
-	}
+func (h *Handler) createPropfindResponse(p string, info ObjectInfo, propfind Propfind) *Response {
+	fullPath := path.Join(h.Prefix, p)

 	resp := &Response{
 		Href:      []string{fullPath},
@ -641,10 +638,7 @@ func (h *Handler) handleProppatch(c *touka.Context) {
 }

 func (h *Handler) stripPrefix(p string) string {
-	if h.Prefix == "/" {
-		return p
-	}
-	return strings.TrimPrefix(p, h.Prefix)
+	return strings.TrimPrefix(strings.TrimPrefix(p, h.Prefix), "/")
 }

 func (h *Handler) handleLock(c *touka.Context) {