Initial commit

Author: craigcondit

.gitignore

@@ -0,0 +1,5 @@
+/.idea
+/bin
+/sandbox
+._*
+.DS_Store

Makefile

@@ -0,0 +1,25 @@
+BASE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+
+.PHONY: all
+all:
+	$(MAKE) -C $(dir (BASE_DIR)) build
+
+.PHOHNY: build
+build: bin/webdav-server
+
+.PHONY: clean
+clean:
+	@rm -rf bin sandbox
+	go clean -cache -testcache -r
+
+sandbox:
+	@mkdir -p sandbox
+
+bin/webdav-server: sandbox cmd/**/*.go pkg/**/*.go
+	CGO_ENABLED=0 \
+	go build -a -ldflags '-extldflags "-static"' -tags netgo -installsuffix netgo \
+	-o bin/webdav-server ./cmd/webdav
+
+.PHONY:
+run: build
+	bin/webdav-server

cmd/webdav/main.go

@@ -0,0 +1,49 @@
+package main
+
+import (
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/craigcondit/webdav-server/pkg/webdav"
+	"gopkg.in/yaml.v3"
+)
+
+func main() {
+	contentRoot, ok := os.LookupEnv("CONTENT_ROOT")
+	if !ok {
+		contentRoot = "./sandbox"
+	}
+
+	listenAddr, ok := os.LookupEnv("LISTEN_ADDR")
+	if !ok {
+		listenAddr = ":8080"
+	}
+
+	usersFile, ok := os.LookupEnv("USERS_FILE")
+	if !ok {
+		usersFile = "./conf/users.yaml"
+	}
+	users := make(map[string]string)
+	data, err := os.ReadFile(usersFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if err = yaml.Unmarshal(data, &users); err != nil {
+		log.Fatal(err)
+	}
+
+	server := webdav.NewWebDavServer(contentRoot, listenAddr, users)
+	server.Start()
+
+	done := make(chan struct{})
+	go func() {
+		c := make(chan os.Signal, 1)
+		signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+		<-c
+		close(done)
+	}()
+	<-done
+	server.Stop()
+}

conf/users.yaml

@@ -0,0 +1,3 @@
+---
+# test:test
+test: "$apr1$nw/o4A7S$qmck7MVFLZoWJ/9H6ZVm2/"

go.mod

@@ -0,0 +1,14 @@
+module github.com/craigcondit/webdav-server
+
+go 1.20
+
+require (
+	github.com/tg123/go-htpasswd v1.2.1
+	golang.org/x/net v0.8.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 // indirect
+	golang.org/x/crypto v0.6.0 // indirect
+)

go.sum

@@ -0,0 +1,15 @@
+github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 h1:KeNholpO2xKjgaaSyd+DyQRrsQjhbSeS7qe4nEw8aQw=
+github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/tg123/go-htpasswd v1.2.1 h1:i4wfsX1KvvkyoMiHZzjS0VzbAPWfxzI8INcZAKtutoU=
+github.com/tg123/go-htpasswd v1.2.1/go.mod h1:erHp1B86KXdwQf1X5ZrLb7erXZnWueEQezb2dql4q58=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/webdav/auth.go

@@ -0,0 +1,75 @@
+package webdav
+
+import (
+	"encoding/base64"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/tg123/go-htpasswd"
+)
+
+type BasicAuthenticator struct {
+	auth        *htpasswd.File
+	nextHandler http.Handler
+}
+
+var _ http.Handler = &BasicAuthenticator{}
+
+func NewBasicAuthenticator(auth *htpasswd.File, nextHandler http.Handler) *BasicAuthenticator {
+	return &BasicAuthenticator{
+		auth:        auth,
+		nextHandler: nextHandler,
+	}
+}
+
+func (b BasicAuthenticator) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
+	user, ok := b.authenticate(writer, request)
+	if !ok {
+		return
+	}
+	request.Header.Add("X-Remote-User", user)
+	b.nextHandler.ServeHTTP(writer, request)
+}
+
+func (b BasicAuthenticator) authenticate(writer http.ResponseWriter, request *http.Request) (string, bool) {
+	// don't authenticate OPTIONS calls
+	if strings.ToLower(request.Method) == "options" {
+		return "", true
+	}
+
+	s := strings.SplitN(request.Header.Get("Authorization"), " ", 2)
+	if len(s) != 2 {
+		// unauthenticated
+		b.challenge(writer, request)
+		return "", false
+	}
+	b64, err := base64.StdEncoding.DecodeString(s[1])
+	if err != nil {
+		b.challenge(writer, request)
+		return "", false
+	}
+	pair := strings.SplitN(string(b64), ":", 2)
+	if len(pair) != 2 {
+		b.challenge(writer, request)
+		return "", false
+	}
+
+	if !b.auth.Match(pair[0], pair[1]) {
+		b.challenge(writer, request)
+		return "", false
+	}
+
+	return pair[0], true
+}
+
+func (b BasicAuthenticator) challenge(writer http.ResponseWriter, request *http.Request) {
+	writer.Header().Set("WWW-Authenticate", `Basic realm="webdav"`)
+	writer.WriteHeader(401)
+	writer.Write([]byte("401 Unauthorized\n"))
+	remoteAddr := request.RemoteAddr
+	if remoteAddr == "" {
+		remoteAddr = "-"
+	}
+	log.Default().Printf("%s - %s %v\n", remoteAddr, request.Method, request.URL)
+}

pkg/webdav/webdav_server.go

@@ -0,0 +1,75 @@
+package webdav
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/tg123/go-htpasswd"
+	"golang.org/x/net/webdav"
+)
+
+type WebDavServer struct {
+	server      *http.Server
+	contentRoot string
+}
+
+func NewWebDavServer(contentRoot string, listenAddr string, users map[string]string) *WebDavServer {
+	handler := &webdav.Handler{
+		FileSystem: webdav.Dir(contentRoot),
+		LockSystem: webdav.NewMemLS(),
+		Logger: func(r *http.Request, err error) {
+			remoteAddr := r.RemoteAddr
+			if remoteAddr == "" {
+				remoteAddr = "-"
+			}
+			remoteUser := r.Header.Get("X-Remote-User")
+			if remoteUser == "" {
+				remoteUser = "-"
+			}
+			log.Default().Printf("%s %s %s %v\n", remoteAddr, remoteUser, r.Method, r.URL)
+		},
+	}
+	htPasswdFile := ""
+	for user, pw := range users {
+		htPasswdFile = htPasswdFile + fmt.Sprintf("%s:%s\n", user, pw)
+	}
+	auth, err := htpasswd.NewFromReader(strings.NewReader(htPasswdFile), htpasswd.DefaultSystems, nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+	basicAuth := NewBasicAuthenticator(auth, handler)
+	mux := http.NewServeMux()
+	mux.Handle("/", basicAuth)
+	server := &http.Server{
+		Addr:              listenAddr,
+		Handler:           mux,
+		ReadHeaderTimeout: 10 * time.Second,
+	}
+	return &WebDavServer{
+		server:      server,
+		contentRoot: contentRoot,
+	}
+}
+
+func (s *WebDavServer) Start() {
+	log.Default().Printf("Starting WebDAV server on %s using content root '%s'.\n", s.server.Addr, s.contentRoot)
+	go func() {
+		if err := s.server.ListenAndServe(); err != nil {
+			if !errors.Is(err, http.ErrServerClosed) {
+				log.Fatal(err)
+			}
+		}
+	}()
+}
+
+func (s *WebDavServer) Stop() {
+	s.server.Close()
+	if err := s.server.Shutdown(context.Background()); err != nil {
+		log.Fatal(err)
+	}
+}