dav4rack 0.0.1

data/lib/dav4rack/remote_file.rb

@@ -0,0 +1,62 @@
+require 'net/http'
+require 'uri'
+
+module DAV4Rack
+  
+  class RemoteFile
+    
+    attr_accessor :path
+    
+    alias :to_path :path
+    
+    # path:: Path to remote file
+    # args:: Optional argument hash. Allowed keys: :size, :mime_type, :last_modified
+    # Create a reference to a remote file. 
+    # NOTE: HTTPError will be raised if path does not return 200 result
+    def initialize(path, args={})
+      @path = path
+      @size = args[:size] || nil
+      @mime_type = args[:mime_type] || 'text/plain'
+      @modified = args[:last_modified] || nil
+      @uri = URI.parse(@path)
+      @con = Net::HTTP.new(@uri.host, @uri.port)
+      @call_path = @uri.path + (@uri.query ? "?#{@uri.query}" : '')
+      res = @con.request_get(@call_path)
+      @heads = res.to_hash
+      res.value
+      @store = nil
+    end
+    
+    def size
+      @heads['content-length'] || @size
+    end
+    
+    def content_type
+      @mime_type || @heads['content-type']
+    end
+    
+    def last_modified
+      @heads['last-modified'] || @modified
+    end
+    
+    def call(env)
+      dup._call(env)
+    end
+
+    def _call(env)
+      serving
+    end
+    
+    def each
+      if(@store)
+        yield @store
+      else
+        @con.request_get(@call_path) do |res|
+          res.read_body(@store) do |part|
+            yield part
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dav4rack/resource.rb

@@ -0,0 +1,250 @@
+module DAV4Rack
+  
+  class LockFailure < RuntimeError
+    attr_reader :path_status
+    def initialize(*args)
+      super(*args)
+      @path_status = {}
+    end
+    
+    def add_failure(path, status)
+      @path_status[path] = status
+    end
+  end
+  
+  class Resource
+    attr_reader :path, :options, :public_path, :request
+    
+    include DAV4Rack::HTTPStatus
+    
+    # public_path:: Path received via request
+    # path:: Internal resource path (Only different from public path when using root_uri's for webdav)
+    # request:: Rack::Request
+    # options:: Any options provided for this resource
+    # Creates a new instance of the resource.
+    # NOTE: path and public_path will only differ if the root_uri has been set for the resource. The
+    #       controller will strip out the starting path so the resource can easily determine what
+    #       it is working on. For example:
+    #       request -> /my/webdav/directory/actual/path
+    #       public_path -> /my/webdav/directory/actual/path
+    #       path -> /actual/path
+    def initialize(public_path, path, request, options)
+      @public_path = public_path.dup
+      @path = path.dup
+      @request = request
+      @options = options.dup
+    end
+        
+    # If this is a collection, return the child resources.
+    def children
+      raise NotImplementedError
+    end
+
+    # Is this resource a collection?
+    def collection?
+      raise NotImplementedError
+    end
+
+    # Does this recource exist?
+    def exist?
+      raise NotImplementedError
+    end
+    
+    # Return the creation time.
+    def creation_date
+      raise NotImplementedError
+    end
+
+    # Return the time of last modification.
+    def last_modified
+      raise NotImplementedError
+    end
+    
+    # Set the time of last modification.
+    def last_modified=(time)
+      raise NotImplementedError
+    end
+
+    # Return an Etag, an unique hash value for this resource.
+    def etag
+      raise NotImplementedError
+    end
+
+    # Return the resource type. Generally only used to specify
+    # resource is a collection.
+    def resource_type
+      :collection if collection?
+    end
+
+    # Return the mime type of this resource.
+    def content_type
+      raise NotImplementedError
+    end
+
+    # Return the size in bytes for this resource.
+    def content_length
+      raise NotImplementedError
+    end
+
+    # HTTP GET request.
+    #
+    # Write the content of the resource to the response.body.
+    def get(request, response)
+      raise NotImplementedError
+    end
+
+    # HTTP PUT request.
+    #
+    # Save the content of the request.body.
+    def put(request, response)
+      raise NotImplementedError
+    end
+    
+    # HTTP POST request.
+    #
+    # Usually forbidden.
+    def post(request, response)
+      raise NotImplementedError
+    end
+    
+    # HTTP DELETE request.
+    #
+    # Delete this resource.
+    def delete
+      raise NotImplementedError
+    end
+    
+    # HTTP COPY request.
+    #
+    # Copy this resource to given destination resource.
+    def copy(dest)
+      raise NotImplementedError
+    end
+  
+    # HTTP MOVE request.
+    #
+    # Move this resource to given destination resource.
+    def move(dest)
+      raise NotImplemented
+    end
+    
+    # args:: Hash of lock arguments
+    # Request for a lock on the given resource. A valid lock should lock
+    # all descendents. Failures should be noted and returned as an exception
+    # using LockFailure.
+    # Valid args keys: :timeout -> requested timeout
+    #                  :depth -> lock depth
+    #                  :scope -> lock scope
+    #                  :type -> lock type
+    #                  :owner -> lock owner
+    # Should return a tuple: [lock_time, locktoken] where lock_time is the
+    # given timeout
+    # NOTE: See section 9.10 of RFC 4918 for guidance about
+    # how locks should be generated and the expected responses
+    # (http://www.webdav.org/specs/rfc4918.html#rfc.section.9.10)
+    def lock(args)
+      raise NotImplemented
+    end
+    
+    def unlock(token)
+      raise NotImplemented
+    end
+
+    # Create this resource as collection.
+    def make_collection
+      raise NotImplementedError
+    end
+
+    # other:: Resource
+    # Returns if current resource is equal to other resource
+    def ==(other)
+      path == other.path
+    end
+
+    # Name of the resource
+    def name
+      File.basename(path)
+    end
+
+    # Name of the resource to be displayed to the client
+    def display_name
+      name
+    end
+    
+    # Available properties
+    def property_names
+      %w(creationdate displayname getlastmodified getetag resourcetype getcontenttype getcontentlength)
+    end
+    
+    # name:: String - Property name
+    # Returns the value of the given property
+    def get_property(name)
+      case name
+      when 'resourcetype'     then resource_type
+      when 'displayname'      then display_name
+      when 'creationdate'     then creation_date.xmlschema 
+      when 'getcontentlength' then content_length.to_s
+      when 'getcontenttype'   then content_type
+      when 'getetag'          then etag
+      when 'getlastmodified'  then last_modified.httpdate
+      end
+    end
+
+    # name:: String - Property name
+    # value:: New value
+    # Set the property to the given value
+    def set_property(name, value)
+      case name
+      when 'resourcetype'    then self.resource_type = value
+      when 'getcontenttype'  then self.content_type = value
+      when 'getetag'         then self.etag = value
+      when 'getlastmodified' then self.last_modified = Time.httpdate(value)
+      end
+    rescue ArgumentError
+      raise HTTPStatus::Conflict
+    end
+
+    # name:: Property name
+    # Remove the property from the resource
+    def remove_property(name)
+      raise HTTPStatus::Forbidden
+    end
+
+    # name:: Name of child
+    # Create a new child with the given name
+    # NOTE:: Include trailing '/' if child is collection
+    def child(name)
+      new_public = public_path.dup
+      new_public = new_public + '/' unless new_public[-1,1] == '/'
+      new_public = '/' + new_public unless new_public[0,1] == '/'
+      new_path = path.dup
+      new_path = new_path + '/' unless new_path[-1,1] == '/'
+      new_path = '/' + new_path unless new_path[0,1] == '/'
+      self.class.new("#{new_public}#{name}", "#{new_path}#{name}", request, options)
+    end
+    
+    # Return parent of this resource
+    def parent
+      elements = @path.scan(/[^\/]+/)
+      return nil if elements.empty?
+      self.class.new(('/' + @public_path.scan(/[^\/]+/)[0..-2].join('/')), ('/' + elements[0..-2].to_a.join('/')), @request, @options)
+    end
+    
+    # Return list of descendants
+    def descendants
+      list = []
+      children.each do |child|
+        list << child
+        list.concat(child.descendants)
+      end
+      list
+    end
+
+    # Does client allow GET redirection
+    def allows_redirect?
+      %w(webdrive cyberduck konqueror).any?{|x| (request.respond_to?(:user_agent) ? request.user_agent.downcase : request.env['HTTP_USER_AGENT'].downcase) =~ /#{Regexp.escape(x)}/}
+    end
+    
+  end
+
+end

data/spec/handler_spec.rb

@@ -0,0 +1,270 @@
+$:.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
+
+require 'rubygems'
+require 'rack_dav'
+require 'fileutils'
+
+describe RackDAV::Handler do
+  DOC_ROOT = File.expand_path(File.dirname(__FILE__) + '/htdocs')
+  METHODS = %w(GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE OPTIONS HEAD LOCK UNLOCK)  
+  
+  before do
+    FileUtils.mkdir(DOC_ROOT) unless File.exists?(DOC_ROOT)
+    @controller = RackDAV::Handler.new(:root => DOC_ROOT)
+  end
+
+  after do
+    FileUtils.rm_rf(DOC_ROOT) if File.exists?(DOC_ROOT)
+  end
+  
+  attr_reader :response
+  
+  def request(method, uri, options={})
+    options = {
+      'HTTP_HOST' => 'localhost',
+      'REMOTE_USER' => 'manni'
+    }.merge(options)
+    request = Rack::MockRequest.new(@controller)
+    @response = request.request(method, uri, options)
+  end
+
+  METHODS.each do |method|
+    define_method(method.downcase) do |*args|
+      request(method, *args)
+    end
+  end  
+  
+  def render
+    xml = Builder::XmlMarkup.new
+    xml.instruct! :xml, :version => "1.0", :encoding => "UTF-8"      
+    xml.namespace('d') do
+      yield xml
+    end
+    xml.target!
+  end
+ 
+  def url_escape(string)
+    string.gsub(/([^ a-zA-Z0-9_.-]+)/n) do
+      '%' + $1.unpack('H2' * $1.size).join('%').upcase
+    end.tr(' ', '+')
+  end
+  
+  def response_xml
+    REXML::Document.new(@response.body)
+  end
+  
+  def multistatus_response(pattern)
+    @response.should be_multi_status
+    REXML::XPath::match(response_xml, "/multistatus/response", '' => 'DAV:').should_not be_empty
+    REXML::XPath::match(response_xml, "/multistatus/response" + pattern, '' => 'DAV:')
+  end
+
+  def propfind_xml(*props)
+    render do |xml|
+      xml.propfind('xmlns:d' => "DAV:") do
+        xml.prop do
+          props.each do |prop|
+          xml.tag! prop
+          end
+        end
+      end
+    end
+  end
+  
+  it 'should return all options' do
+    options('/').should be_ok
+    
+    METHODS.each do |method|
+      response.headers['allow'].should include(method)
+    end
+  end
+  
+  it 'should return headers' do
+    put('/test.html', :input => '<html/>').should be_ok
+    head('/test.html').should be_ok
+    
+    response.headers['etag'].should_not be_nil
+    response.headers['content-type'].should match(/html/)
+    response.headers['last-modified'].should_not be_nil
+  end
+  
+  it 'should not find a nonexistent resource' do
+    get('/not_found').should be_not_found
+  end
+  
+  it 'should not allow directory traversal' do
+    get('/../htdocs').should be_forbidden
+  end
+  
+  it 'should create a resource and allow its retrieval' do
+    put('/test', :input => 'body').should be_ok    
+    get('/test').should be_ok
+    response.body.should == 'body'
+  end
+  it 'should create and find a url with escaped characters' do
+    put(url_escape('/a b'), :input => 'body').should be_ok    
+    get(url_escape('/a b')).should be_ok
+    response.body.should == 'body'
+  end
+  
+  it 'should delete a single resource' do
+    put('/test', :input => 'body').should be_ok
+    delete('/test').should be_no_content
+  end
+  
+  it 'should delete recursively' do
+    mkcol('/folder').should be_created
+    put('/folder/a', :input => 'body').should be_ok
+    put('/folder/b', :input => 'body').should be_ok
+    
+    delete('/folder').should be_no_content
+    get('/folder').should be_not_found
+    get('/folder/a').should be_not_found
+    get('/folder/b').should be_not_found
+  end
+
+  it 'should not allow copy to another domain' do
+    put('/test', :input => 'body').should be_ok
+    copy('http://localhost/', 'HTTP_DESTINATION' => 'http://another/').should be_bad_gateway
+  end
+
+  it 'should not allow copy to the same resource' do
+    put('/test', :input => 'body').should be_ok
+    copy('/test', 'HTTP_DESTINATION' => '/test').should be_forbidden
+  end
+
+  it 'should not allow an invalid destination uri' do
+    put('/test', :input => 'body').should be_ok
+    copy('/test', 'HTTP_DESTINATION' => '%').should be_bad_request
+  end
+
+  it 'should copy a single resource' do
+    put('/test', :input => 'body').should be_ok
+    copy('/test', 'HTTP_DESTINATION' => '/copy').should be_created
+    get('/copy').body.should == 'body'
+  end
+
+  it 'should copy a resource with escaped characters' do
+    put(url_escape('/a b'), :input => 'body').should be_ok
+    copy(url_escape('/a b'), 'HTTP_DESTINATION' => url_escape('/a c')).should be_created
+    get(url_escape('/a c')).should be_ok
+    response.body.should == 'body'
+  end
+  
+  it 'should deny a copy without overwrite' do
+    put('/test', :input => 'body').should be_ok
+    put('/copy', :input => 'copy').should be_ok
+    copy('/test', 'HTTP_DESTINATION' => '/copy', 'HTTP_OVERWRITE' => 'F')
+    
+    multistatus_response('/href').first.text.should == 'http://localhost/test'
+    multistatus_response('/status').first.text.should match(/412 Precondition Failed/)
+    
+    get('/copy').body.should == 'copy'
+  end
+  
+  it 'should allow a copy with overwrite' do
+    put('/test', :input => 'body').should be_ok
+    put('/copy', :input => 'copy').should be_ok
+    copy('/test', 'HTTP_DESTINATION' => '/copy', 'HTTP_OVERWRITE' => 'T').should be_no_content
+    get('/copy').body.should == 'body'
+  end
+  
+  it 'should copy a collection' do
+    mkcol('/folder').should be_created
+    copy('/folder', 'HTTP_DESTINATION' => '/copy').should be_created
+    propfind('/copy', :input => propfind_xml(:resourcetype))
+    multistatus_response('/propstat/prop/resourcetype/collection').should_not be_empty
+  end
+
+  it 'should copy a collection resursively' do
+    mkcol('/folder').should be_created
+    put('/folder/a', :input => 'A').should be_ok
+    put('/folder/b', :input => 'B').should be_ok
+    
+    copy('/folder', 'HTTP_DESTINATION' => '/copy').should be_created
+    propfind('/copy', :input => propfind_xml(:resourcetype))
+    multistatus_response('/propstat/prop/resourcetype/collection').should_not be_empty    
+    
+    get('/copy/a').body.should == 'A'
+    get('/copy/b').body.should == 'B'
+  end
+  
+  it 'should move a collection recursively' do
+    mkcol('/folder').should be_created
+    put('/folder/a', :input => 'A').should be_ok
+    put('/folder/b', :input => 'B').should be_ok
+    
+    move('/folder', 'HTTP_DESTINATION' => '/move').should be_created
+    propfind('/move', :input => propfind_xml(:resourcetype))
+    multistatus_response('/propstat/prop/resourcetype/collection').should_not be_empty    
+    
+    get('/move/a').body.should == 'A'
+    get('/move/b').body.should == 'B'
+    get('/folder/a').should be_not_found
+    get('/folder/b').should be_not_found
+  end
+  
+  it 'should create a collection' do
+    mkcol('/folder').should be_created
+    propfind('/folder', :input => propfind_xml(:resourcetype))
+    multistatus_response('/propstat/prop/resourcetype/collection').should_not be_empty
+  end
+  
+  it 'should not find properties for nonexistent resources' do
+    propfind('/non').should be_not_found
+  end
+  
+  it 'should find all properties' do
+    xml = render do |xml|
+      xml.propfind('xmlns:d' => "DAV:") do
+        xml.allprop
+      end
+    end
+    
+    propfind('http://localhost/', :input => xml)
+    
+    multistatus_response('/href').first.text.strip.should == 'http://localhost/'
+
+    props = %w(creationdate displayname getlastmodified getetag resourcetype getcontenttype getcontentlength)
+    props.each do |prop|
+      multistatus_response('/propstat/prop/' + prop).should_not be_empty
+    end
+  end
+  
+  it 'should find named properties' do
+    put('/test.html', :input => '<html/>').should be_ok    
+    propfind('/test.html', :input => propfind_xml(:getcontenttype, :getcontentlength))
+   
+    multistatus_response('/propstat/prop/getcontenttype').first.text.should == 'text/html'
+    multistatus_response('/propstat/prop/getcontentlength').first.text.should == '7'
+  end
+
+  it 'should lock a resource' do
+    put('/test', :input => 'body').should be_ok
+    
+    xml = render do |xml|
+      xml.lockinfo('xmlns:d' => "DAV:") do
+        xml.lockscope { xml.exclusive }
+        xml.locktype { xml.write }
+        xml.owner { xml.href "http://test.de/" }
+      end      
+    end
+
+    lock('/test', :input => xml)
+    
+    response.should be_ok
+
+    match = lambda do |pattern|
+      REXML::XPath::match(response_xml, "/prop/lockdiscovery/activelock" + pattern, '' => 'DAV:')
+    end
+    
+    match[''].should_not be_empty
+
+    match['/locktype'].should_not be_empty
+    match['/lockscope'].should_not be_empty
+    match['/depth'].should_not be_empty
+    match['/owner'].should_not be_empty
+    match['/timeout'].should_not be_empty
+    match['/locktoken'].should_not be_empty
+  end
+end