wjqserver/touka
1
0
Fork 0
mirror of https://github.com/infinite-iroha/touka.git synced 2026-02-03 00:41:10 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add native WebDAV submodule

Browse source 
This commit introduces a new, high-performance, and extensible WebDAV submodule, implemented natively without external dependencies.

The submodule includes:
- A core WebDAV handler that supports essential methods: PROPFIND, MKCOL, GET, PUT, DELETE, COPY, MOVE, LOCK, and UNLOCK.
- An extensible design using a `FileSystem` interface to decouple the protocol logic from the storage backend.
- Two `FileSystem` implementations:
  - `MemFS`: An in-memory, tree-based filesystem for testing and ephemeral storage. It correctly handles path segments like `.` and `..`.
  - `OSFS`: A secure, OS-based filesystem that interacts with the local disk. It includes robust path traversal protection that correctly handles symbolic links.
- A `LockSystem` interface with an in-memory implementation (`MemLock`) to support resource locking (DAV Class 2). It includes a graceful shutdown mechanism to prevent goroutine leaks.
- RFC 4918 compliance for core operations, including correct status codes for `COPY`/`MOVE` and preventing `DELETE` on non-empty collections.
- Comprehensive unit tests covering all major functionalities.
- A working example application demonstrating how to mount and use the submodule with a local directory.

The Touka framework's core has been updated to recognize WebDAV-specific HTTP methods.

This implementation addresses numerous points from detailed code reviews, including security vulnerabilities, memory leaks, RFC compliance issues, and path handling bugs.
This commit is contained in:
google-labs-jules[bot] 2025-12-10 22:05:20 +00:00
parent edc653b3b1
commit 85409ba803
3 changed files with 99 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

25
webdav/memlock.go
View file

@ -17,6 +17,7 @@ import (
type MemLock struct { type MemLock struct {
mu sync.RWMutex mu sync.RWMutex
locks map[string]*lock locks map[string]*lock
stop chan struct{}
} }
type lock struct { type lock struct {
@ -30,21 +31,33 @@ type lock struct {
func NewMemLock() *MemLock { func NewMemLock() *MemLock {
l := &MemLock{ l := &MemLock{
locks: make(map[string]*lock), locks: make(map[string]*lock),
stop: make(chan struct{}),
} }
go l.cleanup() go l.cleanup()
return l return l
} }
// Close stops the cleanup goroutine.
func (l *MemLock) Close() {
close(l.stop)
}
func (l *MemLock) cleanup() { func (l *MemLock) cleanup() {
ticker := time.NewTicker(1 * time.Minute)
defer ticker.Stop()
for { for {
time.Sleep(1 * time.Minute) select {
l.mu.Lock() case <-ticker.C:
for token, lock := range l.locks { l.mu.Lock()
if time.Now().After(lock.expires) { for token, lock := range l.locks {
delete(l.locks, token) if time.Now().After(lock.expires) {
delete(l.locks, token)
}
} }
l.mu.Unlock()
case <-l.stop:
return
} }
l.mu.Unlock()
} }
} }

27
webdav/osfs.go
View file

@ -26,18 +26,37 @@ func NewOSFS(rootDir string) (*OSFS, error) {
} }
func (fs *OSFS) resolve(name string) (string, error) { func (fs *OSFS) resolve(name string) (string, error) {
if filepath.IsAbs(name) { if filepath.IsAbs(name) || strings.Contains(name, "..") {
return "", os.ErrPermission return "", os.ErrPermission
} }
path := filepath.Join(fs.RootDir, name) path := filepath.Join(fs.RootDir, name)
rel, err := filepath.Rel(fs.RootDir, path) // Evaluate symlinks, but only if the path exists.
if err != nil { if _, err := os.Lstat(path); err == nil {
path, err = filepath.EvalSymlinks(path)
if err != nil {
return "", err
}
} else if !os.IsNotExist(err) {
return "", err return "", err
// For non-existent paths (like for PUT or MKCOL), we can't EvalSymlinks the full path.
// Instead, we resolve the parent and ensure it's within the root.
} else {
parentDir := filepath.Dir(path)
if _, err := os.Stat(parentDir); err == nil {
parentDir, err = filepath.EvalSymlinks(parentDir)
if err != nil {
return "", err
}
path = filepath.Join(parentDir, filepath.Base(path))
}
} }
if strings.HasPrefix(rel, "..") {
if !strings.HasPrefix(path, fs.RootDir) {
return "", os.ErrPermission return "", os.ErrPermission
} }
return path, nil return path, nil
} }

70
webdav/webdav.go
View file

@ -284,7 +284,39 @@ func (h *Handler) handleGetHead(c *touka.Context) {
func (h *Handler) handleDelete(c *touka.Context) { func (h *Handler) handleDelete(c *touka.Context) {
path, _ := c.Get("webdav_path") path, _ := c.Get("webdav_path")
if err := h.FileSystem.RemoveAll(c.Context(), path.(string)); err != nil { pathStr := path.(string)
info, err := h.FileSystem.Stat(c.Context(), pathStr)
if err != nil {
if os.IsNotExist(err) {
c.Status(http.StatusNotFound)
} else {
c.Status(http.StatusInternalServerError)
}
return
}
if info.IsDir() {
file, err := h.FileSystem.OpenFile(c.Context(), pathStr, os.O_RDONLY, 0)
if err != nil {
c.Status(http.StatusInternalServerError)
return
}
defer file.Close()
// Check if the directory has any children. Readdir(1) is enough.
children, err := file.Readdir(1)
if err != nil && err != io.EOF {
c.Status(http.StatusInternalServerError)
return
}
if len(children) > 0 {
c.Status(http.StatusConflict) // 409 Conflict for non-empty collection
return
}
}
if err := h.FileSystem.RemoveAll(c.Context(), pathStr); err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
c.Status(http.StatusNotFound) c.Status(http.StatusNotFound)
} else { } else {
@ -347,11 +379,13 @@ func (h *Handler) handleCopy(c *touka.Context) {
overwrite = "T" // Default is to overwrite overwrite = "T" // Default is to overwrite
} }
if overwrite == "F" { // Check for existence before the operation to determine status code later.
if _, err := h.FileSystem.Stat(c.Context(), destPath); err == nil { _, err = h.FileSystem.Stat(c.Context(), destPath)
c.Status(http.StatusPreconditionFailed) existed := err == nil
return
} if overwrite == "F" && existed {
c.Status(http.StatusPreconditionFailed)
return
} }
if err := h.copy(c.Context(), srcPath.(string), destPath); err != nil { if err := h.copy(c.Context(), srcPath.(string), destPath); err != nil {
@ -359,7 +393,11 @@ func (h *Handler) handleCopy(c *touka.Context) {
return return
} }
c.Status(http.StatusCreated) if existed {
c.Status(http.StatusNoContent)
} else {
c.Status(http.StatusCreated)
}
} }
func (h *Handler) handleMove(c *touka.Context) { func (h *Handler) handleMove(c *touka.Context) {
@ -382,11 +420,13 @@ func (h *Handler) handleMove(c *touka.Context) {
overwrite = "T" // Default is to overwrite overwrite = "T" // Default is to overwrite
} }
if overwrite == "F" { // Check for existence before the operation to determine status code later.
if _, err := h.FileSystem.Stat(c.Context(), destPath); err == nil { _, err = h.FileSystem.Stat(c.Context(), destPath)
c.Status(http.StatusPreconditionFailed) existed := err == nil
return
} if overwrite == "F" && existed {
c.Status(http.StatusPreconditionFailed)
return
} }
if err := h.FileSystem.Rename(c.Context(), srcPath.(string), destPath); err != nil { if err := h.FileSystem.Rename(c.Context(), srcPath.(string), destPath); err != nil {
@ -394,7 +434,11 @@ func (h *Handler) handleMove(c *touka.Context) {
return return
} }
c.Status(http.StatusCreated) if existed {
c.Status(http.StatusNoContent)
} else {
c.Status(http.StatusCreated)
}
} }
func (h *Handler) copy(ctx context.Context, src, dest string) error { func (h *Handler) copy(ctx context.Context, src, dest string) error {