This commit introduces a new, high-performance, and extensible WebDAV submodule, implemented natively without external dependencies. It also adds a high-level API to simplify common use cases and incorporates numerous fixes based on detailed code reviews.
Features:
- A core WebDAV handler supporting `PROPFIND`, `MKCOL`, `GET`, `PUT`, `DELETE`, `COPY`, `MOVE`, `LOCK`, `UNLOCK`.
- An extensible design with `FileSystem` and `LockSystem` interfaces.
- `MemFS`: A robust, tree-based in-memory filesystem for testing.
- `OSFS`: A secure OS-based filesystem with protection against path traversal and symlink attacks.
- `MemLock`: An in-memory locking system with graceful shutdown to prevent resource leaks.
- A high-level API (`webdav.Serve`, `webdav.Register`) for ease of use.
Fixes & Improvements:
- Security: Patched directory traversal and symlink vulnerabilities. Ensured secure lock token generation.
- RFC Compliance: Corrected status codes for `COPY`/`MOVE` (201 vs 204), `DELETE` on non-empty collections (409), and `Timeout` header parsing.
- Performance: Implemented `sync.Pool` for object reuse and `sync/atomic` for file size management to reduce GC pressure.
- Robustness: Fixed numerous bugs related to path handling, resource cleanup (goroutine leaks), and header parsing.
Integration:
- The Touka framework's core has been updated to recognize all necessary WebDAV methods.
- Includes comprehensive unit tests and a working example.
This commit introduces a new, high-performance, and extensible WebDAV submodule, implemented natively without external dependencies. It also adds a high-level API to simplify common use cases.
The submodule includes:
- A core WebDAV handler that supports essential methods: PROPFIND, MKCOL, GET, PUT, DELETE, COPY, MOVE, LOCK, and UNLOCK.
- An extensible design using a `FileSystem` interface to decouple the protocol logic from the storage backend.
- Two `FileSystem` implementations:
- `MemFS`: An in-memory, tree-based filesystem for testing and ephemeral storage.
- `OSFS`: A secure, OS-based filesystem that interacts with the local disk, including robust path traversal and symlink protection.
- A `LockSystem` interface with an in-memory implementation (`MemLock`) that supports resource locking and includes a graceful shutdown mechanism.
- A high-level API in `webdav/easy.go` (`Serve`, `Register`) to simplify serving local directories.
- RFC 4918 compliance for core operations.
- Performance optimizations, including `sync.Pool` for object reuse and `sync/atomic` for lock-free field access.
- Comprehensive unit tests and a working example application.
The Touka framework's core has been updated to recognize all WebDAV-specific HTTP methods. This implementation addresses numerous points from detailed code reviews, including security vulnerabilities, memory leaks, RFC compliance issues, and path handling bugs.
