calligraphy 0.2.0

data/lib/calligraphy/get.rb

@@ -0,0 +1,12 @@
+module Calligraphy
+  class Get < WebDavRequest
+    def request(head: false)
+      if @resource.readable?
+        return :ok if head
+        return :ok, @resource.read
+      else
+        return :not_found
+      end
+    end
+  end
+end

data/lib/calligraphy/lock.rb

@@ -0,0 +1,52 @@
+module Calligraphy
+  class Lock < WebDavRequest
+    include Calligraphy::XML::Utils
+
+    def request
+      if @resource.request_body.blank? && !@resource.locked_to_user?(@headers)
+        lock_properties = @resource.refresh_lock
+      elsif (@resource.locked? && @resource.lock_is_exclusive?) ||
+              (@resource.locked_to_user?(@headers) && !xml_contains_shared_lock?)
+        return :locked
+      else
+        resource_exists_beforehand = @resource.exists?
+
+        xml = xml_for body: body, node: 'lockinfo'
+        return :bad_request if xml == :bad_request
+
+        lock_properties = @resource.lock xml, @headers['Depth']
+      end
+
+      builder = xml_builder
+      xml_res = builder.lock_res lock_properties
+
+      lock_token = lock_properties[-1]
+        .select { |x| x.name == 'locktoken' }[0]
+        .children[0]
+        .text
+
+      response.headers['Lock-Token'] = "<#{lock_token}>"
+      set_xml_content_type
+
+      if resource_exists_beforehand
+        return :ok, xml_res
+      else
+        return :created, xml_res
+      end
+    end
+
+    private
+
+    def xml_contains_shared_lock?
+      lock_type = nil
+      xml = xml_for body: body, node: 'lockinfo'
+      xml.each do |node|
+        next unless node.is_a? Nokogiri::XML::Element
+
+        lock_type = node.children[0].name if node.name == 'lockscope'
+      end
+
+      lock_type == 'shared'
+    end
+  end
+end

data/lib/calligraphy/mkcol.rb

@@ -0,0 +1,20 @@
+module Calligraphy
+  class Mkcol < WebDavRequest
+    def request
+      return :method_not_allowed if @resource.exists?
+      return :conflict unless @resource.ancestor_exist?
+      return :unsupported_media_type unless @resource.request_body.blank?
+
+      @resource.create_collection
+      set_content_location_header
+
+      return :created
+    end
+
+    private
+
+    def set_content_location_header
+      @response.headers['Content-Location'] = @resource.full_request_path
+    end
+  end
+end

data/lib/calligraphy/move.rb

@@ -0,0 +1,31 @@
+module Calligraphy
+  class Move < Copy
+    def request
+      return :locked if @resource.locked_to_user? @headers
+
+      options = copy_move_options
+
+      if @resource.is_true? options[:overwrite]
+        to_path = options[:destination].tap { |s| s.slice! @resource.mount_point }
+        to_resource = @resource.class.new resource: to_path, req: @request, root_dir: @resource.root_dir
+
+        if to_resource.exists?
+          to_resource.delete_collection
+          to_resource_existed = true
+        end
+      end
+
+      copy_status = super
+      return copy_status if [:precondition_failed, :conflict].include? copy_status
+
+      @resource.delete_collection
+
+      if copy_status == :created && to_resource_existed
+        return :no_content
+      else
+        response.headers['Location'] = options[:destination] if copy_status == :created
+        return copy_status
+      end
+    end
+  end
+end

data/lib/calligraphy/propfind.rb

@@ -0,0 +1,18 @@
+module Calligraphy
+  class Propfind < WebDavRequest
+    include Calligraphy::XML::Utils
+
+    def request
+      xml = xml_for body: body, node: 'propfind'
+      return :bad_request if xml == :bad_request
+
+      properties = @resource.propfind xml
+
+      builder = xml_builder
+      xml_res = builder.propfind_res @resource.full_request_path, properties
+
+      set_xml_content_type
+      return :multi_status, xml_res
+    end
+  end
+end

data/lib/calligraphy/proppatch.rb

@@ -0,0 +1,20 @@
+module Calligraphy
+  class Proppatch < WebDavRequest
+    include Calligraphy::XML::Utils
+
+    def request
+      return :locked if @resource.locked_to_user? @headers
+
+      xml = xml_for body: body, node: 'propertyupdate'
+      return :bad_request if xml == :bad_request
+
+      actions = @resource.proppatch xml
+
+      builder = xml_builder
+      xml_res = builder.proppatch_res @resource.full_request_path, actions
+
+      set_xml_content_type
+      return :multi_status, xml_res
+    end
+  end
+end

data/lib/calligraphy/put.rb

@@ -0,0 +1,12 @@
+module Calligraphy
+  class Put < WebDavRequest
+    def request
+      return :locked if @resource.locked_to_user? @headers
+      return :method_not_allowed if @resource.collection?
+
+      @resource.write
+
+      return :created, @resource.contents
+    end
+  end
+end

data/lib/calligraphy/rails/mapper.rb

@@ -0,0 +1,120 @@
+module ActionDispatch::Routing
+  class Mapper
+    module HttpHelpers
+      def copy(*args, &block)
+        args = set_web_dav_args args
+        map_method :copy, args, &block
+      end
+
+      def head(*args, &block)
+        args = set_web_dav_args args
+        map_method :head, args, &block
+      end
+
+      def lock(*args, &block)
+        args = set_web_dav_args args
+        map_method :lock, args, &block
+      end
+
+      def mkcol(*args, &block)
+        args = set_web_dav_args args
+        map_method :mkcol, args, &block
+      end
+
+      def move(*args, &block)
+        args = set_web_dav_args args
+        map_method :move, args, &block
+      end
+
+      def options(*args, &block)
+        args = set_web_dav_args args
+        map_method :options, args, &block
+      end
+
+      def propfind(*args, &block)
+        args = set_web_dav_args args
+        map_method :propfind, args, &block
+      end
+
+      def proppatch(*args, &block)
+        args = set_web_dav_args args
+        map_method :proppatch, args, &block
+      end
+
+      def unlock(*args, &block)
+        args = set_web_dav_args args
+        map_method :unlock, args, &block
+      end
+
+      def web_dav_delete(*args, &block)
+        args = set_web_dav_args args
+        map_method :delete, args, &block
+      end
+
+      def web_dav_get(*args, &block)
+        args = set_web_dav_args args
+        map_method :get, args, &block
+      end
+
+      def web_dav_put(*args, &block)
+        args = set_web_dav_args args
+        map_method :put, args, &block
+      end
+
+      private
+
+      def set_web_dav_args(args)
+        options = {}
+        options[:controller] = 'calligraphy/rails/web_dav_requests'
+        options[:action] = 'invoke_method'
+        [args[0], options]
+      end
+    end
+
+    module Resources
+      class Resource
+        def web_dav_actions
+          if @only
+            Array(@only).map(&:to_sym)
+          elsif @except
+            Calligraphy.web_dav_actions - Array(@except).map(&:to_sym)
+          else
+            Calligraphy.web_dav_actions
+          end
+        end
+      end
+
+      def calligraphy_resource(*resources, &block)
+        options = resources.extract_options!.dup
+
+        if apply_common_behavior_for :calligraphy_resource, resources, options, &block
+          return self
+        end
+
+        with_scope_level(:resource) do
+          options = apply_action_options options
+          singleton_resoure = ActionDispatch::Routing::Mapper::SingletonResource
+          resource_scope(singleton_resoure.new resources.pop, api_only?, @scope[:shallow], options) do
+            yield if block_given?
+
+            concerns(options[:concerns]) if options[:concerns]
+
+            set_mappings_for_web_dav_resources
+          end
+        end
+      end
+
+      private
+
+      def set_mappings_for_web_dav_resources
+        parent_resource.web_dav_actions.each do |action|
+          if [:get, :put, :delete].include? action
+            send "web_dav_#{action.to_s}", '*resource'
+          else
+            send action, '*resource'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/calligraphy/rails/web_dav_requests_controller.rb

@@ -0,0 +1,208 @@
+module Calligraphy::Rails
+  class WebDavRequestsController < ActionController::Base
+    before_action :verify_resource_scope
+    before_action :authenticate_with_digest_authentiation
+    before_action :set_resource
+
+    def invoke_method
+      method = request.request_method.downcase
+
+      if check_preconditions
+        if method == 'head'
+          status = get head: true
+        elsif Calligraphy.allowed_methods.include? method
+          set_resource_client_nonce(method) if Calligraphy.enable_digest_authentication
+
+          status, body = send method
+        else
+          status = :method_not_allowed
+        end
+
+        send_response status: status, body: body
+      else
+        send_response status: :precondition_failed
+      end
+    end
+
+    private
+
+    def verify_resource_scope
+      head :forbidden if params[:resource].include? '..'
+    end
+
+    def authenticate_with_digest_authentiation
+      if Calligraphy.enable_digest_authentication
+        authenticate_or_request_with_http_digest do |username|
+          Calligraphy.digest_password_procedure.call(username)
+        end
+      end
+    end
+
+    def set_resource
+      resource_id = if params[:format]
+        [params[:resource], params[:format]].join '.'
+      else
+        params[:resource]
+      end
+
+      @resource_class = params[:resource_class]
+      @resource_root_path = params[:resource_root_path]
+      @resource = @resource_class.new resource: resource_id, req: request, root_dir: @resource_root_path
+    end
+
+    def check_preconditions
+      return true unless request.headers['If'].present?
+
+      evaluate_if_header
+    end
+
+    def evaluate_if_header
+      conditions_met = false
+
+      condition_lists = get_if_conditions
+      condition_lists.each do |list|
+        conditions = parse_preconditions list
+
+        conditions_met = evaluate_preconditions conditions
+        break if conditions_met
+      end
+
+      conditions_met
+    end
+
+    def get_if_conditions
+      lists = if request.headers['If'][0] == '<'
+        request.headers['If'].split Calligraphy::TAGGED_LIST_REGEX
+      else
+        request.headers['If'].split Calligraphy::UNTAGGAGED_LIST_REGEX
+      end
+
+      lists
+    end
+
+    def parse_preconditions(list)
+      conditions = { dav_no_lock: nil, etag: nil, lock_token: nil, resource: nil }
+
+      conditions[:dav_no_lock] = if list =~ Calligraphy::DAV_NO_LOCK_REGEX
+        list =~ Calligraphy::DAV_NOT_NO_LOCK_REGEX ? nil : true
+      end
+
+      if list =~ Calligraphy::RESOURCE_REGEX
+        conditions[:resource] = list.scan(Calligraphy::RESOURCE_REGEX).flatten[0]
+      end
+
+      if list =~ Calligraphy::LOCK_TOKEN_REGEX
+        conditions[:lock_token] = list.scan(Calligraphy::LOCK_TOKEN_REGEX).flatten[0]
+      end
+
+      if list =~ Calligraphy::ETAG_IF_REGEX
+        conditions[:etag] = list.scan(Calligraphy::ETAG_IF_REGEX).flatten[0]
+      end
+
+      conditions
+    end
+
+    def evaluate_preconditions(conditions)
+      conditions_met = true
+      target = if conditions[:resource]
+        @resource_class.new(
+          resource: conditions[:resource],
+          mount: @resource.mount_point
+        )
+      else
+        @resource
+      end
+
+      if conditions[:lock_token]
+        if target.locked?
+          conditions_met = false unless target.lock_tokens&.include? conditions[:lock_token]
+        else
+          conditions_met = false if target.locked_to_user? request.headers
+        end
+      end
+
+      if conditions[:etag]
+        validators = [@resource.etag, ""]
+        conditions_met = false unless validate_etag validators, conditions[:etag]
+      end
+
+      conditions_met = false if conditions[:dav_no_lock]
+      conditions_met
+    end
+
+    def validate_etag(etag_validators, validate_against)
+      cache_key = ActiveSupport::Cache.expand_cache_key etag_validators
+      "W/\"#{Digest::MD5.hexdigest(cache_key)}\"" == validate_against
+    end
+
+    def web_dav_request
+      { headers: request.headers, request: request, resource: @resource, response: response }
+    end
+
+    def options
+      response.headers['DAV'] = '1, 2, 3'
+      :ok
+    end
+
+    def get(head: false)
+      fresh_when(@resource, etag: @resource.etag) if @resource.readable?
+
+      Calligraphy::Get.new(web_dav_request).request(head: head)
+    end
+
+    def put
+      Calligraphy::Put.new(web_dav_request).request
+    end
+
+    def delete
+      Calligraphy::Delete.new(web_dav_request).request
+    end
+
+    def copy
+      Calligraphy::Copy.new(web_dav_request).request
+    end
+
+    def move
+      Calligraphy::Move.new(web_dav_request).request
+    end
+
+    def mkcol
+      Calligraphy::Mkcol.new(web_dav_request).request
+    end
+
+    def propfind
+      Calligraphy::Propfind.new(web_dav_request).request
+    end
+
+    def proppatch
+      Calligraphy::Proppatch.new(web_dav_request).request
+    end
+
+    def lock
+      Calligraphy::Lock.new(web_dav_request).request
+    end
+
+    def unlock
+      Calligraphy::Unlock.new(web_dav_request).request
+    end
+
+    def send_response(status:, body: nil)
+      if body.nil?
+        head status
+      else
+        render body: body, status: status
+      end
+    end
+
+    def set_resource_client_nonce(method)
+      @resource.client_nonce = get_client_nonce
+    end
+
+    def get_client_nonce
+      auth_header = request.headers["HTTP_AUTHORIZATION"]
+
+      auth = ::ActionController::HttpAuthentication::Digest.decode_credentials auth_header
+      auth[:cnonce]
+    end
+  end
+end