dav4rack 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*~
+doc/*
+pkg/*
+test/repo

data/LICENSE

@@ -0,0 +1,42 @@
+Current DAV4Rack license:
+
+Copyright (c) 2010 Chris Roberts <chrisroberts.code@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+Original rack_dav source license:
+
+Copyright (c) 2009 Matthias Georgi <http://www.matthias-georgi.de>
+ 
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+ 
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,137 @@
+== DAV4Rack - Web Authoring for Rack
+
+DAV4Rack is a framework for providing WebDAV via Rack allowing content
+authoring over HTTP. It is based off the {original RackDAV framework}[http://github.com/georgi/rack_dav]
+to provide better Resource support for building customized WebDAV resources
+completely abstracted from the filesystem. Support for authentication and
+locking has been added as well as a move from REXML to Nokogiri. Enjoy!
+
+== Install
+
+=== Via RubyGems
+
+    gem install dav4rack
+
+== Quickstart
+
+If you just want to share a folder over WebDAV, you can just start a
+simple server with:
+
+    dav4rack
+
+This will start a WEBrick server on port 3000, which you can connect
+to without authentication. The simple file resource allows very basic authentication
+which is used for an example. To enable it:
+
+    dav4rack --username=user --password=pass
+
+== Rack Handler
+
+Using DAV4Rack within a rack application is pretty simple. A very slim
+rackup script would look something like this:
+
+  require 'rubygems'
+  require 'dav4rack'
+  
+  use Rack::CommonLogger
+  run DAV4Rack::Handler.new(:root => '/path/to/public/fileshare')
+  
+This will use the included FileResource and set the share path. However,
+DAV4Rack has some nifty little extras that can be enabled in the rackup script. First,
+an example of how to use a custom resource:
+
+  run DAV4Rack::Handler.new(:resource_class => CustomResource, :custom => 'options', :passed => 'to resource')
+  
+Next, lets venture into mapping a path for our WebDAV access. In this example, we 
+will use default FileResource like in the first example, but instead of connecting
+directly to the host, we will have to connect to: http://host/webdav/share/
+
+  require 'rubygems'
+  require 'dav4rack'
+  
+  use Rack::CommonLogger
+  
+  app = Rack::Builder.new{
+    map '/webdav/share/' do
+      run DAV4Rack::Handler.new(:root => '/path/to/public/fileshare', :root_uri_path => '/webdav/share/')
+    end
+  }.to_app
+  run app
+  
+Aside from the #map block, notice the new option passed to the Handler's initialization, :root_uri_path. When
+DAV4Rack receives a request, it will automatically convert the request to the proper path and pass it to
+the resource.
+
+Another tool available when building the rackup script is the Interceptor. The Interceptor's job is  to simply
+intecept WebDAV requests received up the path hierarchy where no resources are currently mapped. For example,
+lets continue with the last example but this time include the interceptor:
+
+  require 'rubygems'
+  require 'dav4rack'
+  
+  use Rack::CommonLogger
+  app = Rack::Builder.new{
+    map '/webdav/share/' do
+      run DAV4Rack::Handler.new(:root => '/path/to/public/fileshare', :root_uri_path => '/webdav/share/')
+    end
+    map '/webdav/share2/' do
+      run DAV4Rack::Handler.new(:resource_class => CustomResource, :root_uri_path => '/webdav/share2/')
+    end
+    map '/' do
+      use DAV4Rack::Interceptor, :mappings => {
+                                                '/webdav/share/' => {:resource_class => FileResource, :options => {:custom => 'option'}},
+                                                '/webdav/share2/' => {:resource_class => CustomResource}
+                                              }
+      use Rails::Rack::Static
+      run ActionController::Dispatcher.new
+    end
+  }.to_app
+  run app
+
+In this example we have two WebDAV resources restricted by path. This means those resources will handle requests to /webdav/share/*
+and /webdav/share2/* but nothing above that. To allow webdav to respond, we provide the Interceptor. The Interceptor does not
+provide any authentication support. It simply creates a virtual file system view to the provided mapped paths. Once the actual
+resources have been reached, authentication will be enforced based on the requirements defined by the individual resource. Also
+note in the root map you can see we are running a Rails application. This is how you can easily enable DAV4Rack with your Rails
+application.
+
+== Custom Resources
+
+Creating your own resource is easy. Simply inherit the DAV4Rack::Resource class, and start redefining all the methods
+you want to customize. The DAV4Rack::Resource class only has implementations for methods that can be provided extremely
+generically. This means that most things will require at least some sort of implementation. However, because the Resource
+is defined so generically, and the Controller simply passes the request on to the Resource, it is easy to create fully
+virtualized resources.
+
+== Helpers
+
+There are some helpers worth mentioning that make things a little easier. DAV4Rack::Resource#accept_redirect? method is available to Resources.
+If true, the currently connected client will accept and properly use a 302 redirect for a GET request. Most clients do not properly
+support this, which can be a real pain when working with virtualized files that may located some where else, like S3. To deal with
+those clients that don't support redirects, a helper has been provided so resources don't have to deal with proxying themselves. The 
+DAV4Rack::RemoteFile allows the resource to simple tell Rack to download and send the file from the provided resource and go away, allowing the 
+process to be freed up to deal with other waiters. A very simple example:
+
+  class MyResource < DAV4Rack::Resource
+    def initialize(*args)
+      super(*args)
+      @item = method_to_fill_this_properly
+    end
+    
+    def get
+      if(accept_redirect?)
+        response.redirect item[:url]
+      else
+        response.body = DAV4Rack::RemoteFile.new(item[:url], :size => content_length, :mime_type => content_type)
+        OK
+      end
+    end
+  end
+  
+== Issues/Bugs/Questions
+
+Please use the issues at github: http://github.com/chrisroberts/dav4rack
+
+== License
+
+Just like RackDAV before it, this software is distributed under the MIT license.

data/bin/dav4rack

@@ -0,0 +1,65 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+require 'dav4rack'
+require 'getoptlong'
+
+def print_help_msg
+  print_version_info
+  puts "Usage: dav4rack [opts]"
+  puts " --help               Print help message"
+  puts " --version            Print version information"
+  puts " --username name      Set username"
+  puts " --password pass      Set password"
+  puts " --root /share/path   Set path to share directory"
+end
+
+def print_version_info
+  puts "DAV 4 Rack - Rack based WebDAV Framework - Version: #{DAV4Rack::VERSION}"
+end
+
+opts = GetoptLong.new(
+  ['--username', '-u', GetoptLong::REQUIRED_ARGUMENT],
+  ['--password', '-p', GetoptLong::REQUIRED_ARGUMENT],
+  ['--help', '-h', GetoptLong::NO_ARGUMENT],
+  ['--version', '-v', GetoptLong::NO_ARGUMENT],
+  ['--root', '-r', GetoptLong::REQUIRED_ARGUMENT]
+)
+
+credentials = {}
+
+opts.each do |opt,arg|
+  case opt
+  when '--help'
+    print_help_msg
+    exit(0)
+  when '--username'
+    credentials[:username] = arg
+  when '--password'
+    credentials[:password] = arg
+  when '--root'
+    credentials[:root] = arg
+    unless(File.exists?(arg) && File.directory?(arg))
+      puts "ERROR: Path provided is not a valid directory (#{arg})"
+      exit(-1)
+    end
+  when '--version'
+    print_version_info
+    exit(0)
+  else
+    puts "ERROR: Unknown option provided"
+    exit(-1)
+  end
+end
+
+app = Rack::Builder.new do
+  use Rack::ShowExceptions
+  use Rack::CommonLogger
+  use Rack::Reloader
+  use Rack::Lint
+  
+  run DAV4Rack::Handler.new(credentials)
+
+end.to_app
+
+Rack::Handler::WEBrick.run(app, :Port => 3000)

data/dav4rack.gemspec

@@ -0,0 +1,31 @@
+require 'dav4rack'
+Gem::Specification.new do |s|
+  s.name = 'dav4rack'
+  s.version = DAV4Rack::VERSION
+  s.summary = 'WebDAV handler for Rack'
+  s.author = 'Chris Roberts'
+  s.email = 'chris@chrisroberts.org'
+  s.homepage = 'http://github.com/dav4rack'
+  s.description = 'WebDAV handler for Rack'
+  s.require_path = 'lib'
+  s.executables << 'dav4rack'
+  s.has_rdoc = true
+  s.extra_rdoc_files = ['README.rdoc']  
+  s.files = %w{
+.gitignore
+LICENSE
+dav4rack.gemspec
+lib/dav4rack.rb
+lib/dav4rack/file_resource.rb
+lib/dav4rack/handler.rb
+lib/dav4rack/controller.rb
+lib/dav4rack/http_status.rb
+lib/dav4rack/resource.rb
+lib/dav4rack/interceptor.rb
+lib/dav4rack/interceptor_resource.rb
+lib/dav4rack/remote_file.rb
+bin/dav4rack
+spec/handler_spec.rb
+README.rdoc
+}
+end

data/lib/dav4rack.rb

@@ -0,0 +1,13 @@
+require 'time'
+require 'uri'
+require 'nokogiri'
+
+require 'rack'
+require 'dav4rack/http_status'
+require 'dav4rack/resource'
+require 'dav4rack/handler'
+require 'dav4rack/controller'
+
+module DAV4Rack
+  VERSION = '0.0.1'
+end

data/lib/dav4rack/controller.rb

@@ -0,0 +1,457 @@
+  module DAV4Rack
+  
+  class Controller
+    include DAV4Rack::HTTPStatus
+    
+    attr_reader :request, :response, :resource
+
+    # request:: Rack::Request
+    # response:: Rack::Response
+    # options:: Options hash
+    # Create a new Controller.
+    # NOTE: options will be passed to Resource
+    def initialize(request, response, options={})
+      @request = request
+      @response = response
+      @options = options
+      @resource = resource_class.new(actual_path, implied_path, @request, @options)
+      authenticate
+      raise Forbidden if request.path_info.include?('../')
+    end
+    
+    # s:: string
+    # Escape URL string
+    def url_escape(s)
+      s.gsub(/([^\/a-zA-Z0-9_.-]+)/n) do
+        '%' + $1.unpack('H2' * $1.size).join('%').upcase
+      end.tr(' ', '+')
+    end
+    
+    # s:: string
+    # Unescape URL string
+    def url_unescape(s)
+      s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/n) do
+        [$1.delete('%')].pack('H*')
+      end
+    end  
+    
+    # Return response to OPTIONS
+    def options
+      response["Allow"] = 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK'
+      response["Dav"] = "2"
+      response["Ms-Author-Via"] = "DAV"
+      NoContent
+    end
+    
+    # Return response to HEAD
+    def head
+      raise NotFound unless resource.exist?
+      response['Etag'] = resource.etag
+      response['Content-Type'] = resource.content_type
+      response['Last-Modified'] = resource.last_modified.httpdate
+      NoContent
+    end
+    
+    # Return response to GET
+    def get
+      raise NotFound unless resource.exist?
+      res = resource.get(request, response)
+      if(response.status == 200 && !resource.collection?)
+        response['Etag'] = resource.etag
+        response['Content-Type'] = resource.content_type
+        response['Content-Length'] = resource.content_length.to_s
+        response['Last-Modified'] = resource.last_modified.httpdate
+      end
+      res
+    end
+
+    # Return response to PUT
+    def put
+      raise Forbidden if resource.collection?
+      resource.put(request, response)
+    end
+
+    # Return response to POST
+    def post
+      resource.post(request, response)
+    end
+
+    # Return response to DELETE
+    def delete
+      raise NotFound unless resource.exist?
+      resource.delete
+    end
+    
+    # Return response to MKCOL
+    def mkcol
+      resource.make_collection
+    end
+    
+    # Return response to COPY
+    def copy
+      move(:copy)
+    end
+
+    # args:: Only argument used: :copy
+    # Move Resource to new location. If :copy is provided,
+    # Resource will be copied (implementation ease)
+    def move(*args)
+      raise NotFound unless resource.exist?
+      dest_uri = URI.parse(env['HTTP_DESTINATION'])
+      destination = url_unescape(dest_uri.path)
+      raise BadGateway if dest_uri.host and dest_uri.host != request.host
+      raise Forbidden if destination == resource.public_path
+      dest = resource_class.new(destination, clean_path(destination), @request, @options)
+      if(args.include?(:copy))
+        resource.copy(dest, overwrite)
+      else
+        raise Conflict unless depth.is_a?(Symbol) || depth > 1
+        resource.move(dest)
+      end
+    end
+    
+    # Return respoonse to PROPFIND
+    def propfind
+      raise NotFound unless resource.exist?
+      unless(request_document.xpath("//#{ns}propfind/#{ns}allprop").empty?)
+        names = resource.property_names
+      else
+        names = request_document.xpath("//#{ns}propfind/#{ns}prop").children.find_all{|n|n.element?}.map{|n|n.name}
+        names = resource.property_names if names.empty?
+      end
+      multistatus do |xml|
+        find_resources.each do |resource|
+          xml.response do
+            xml.href "#{scheme}://#{host}:#{port}#{url_escape(resource.public_path)}"
+            propstats(xml, get_properties(resource, names))
+          end
+        end
+      end
+    end
+    
+    # Return response to PROPPATCH
+    def proppatch
+      raise NotFound unless resource.exist?
+      prop_rem = request_match('/propertyupdate/remove/prop').children.map{|n| [n.name] }
+      prop_set = request_match('/propertyupdate/set/prop').children.map{|n| [n.name, n.text] }
+      multistatus do |xml|
+        find_resources.each do |resource|
+          xml.response do
+            xml.href "#{scheme}://#{host}:#{port}#{url_escape(resource.public_path)}"
+            propstats(xml, set_properties(resource, prop_set))
+          end
+        end
+      end
+    end
+
+
+    # Lock current resource
+    # NOTE: This will pass an argument hash to Resource#lock and
+    # wait for a success/failure response. 
+    def lock
+      raise NotFound unless resource.exist?
+      lockinfo = request_document.xpath("//#{ns}lockinfo")
+      asked = {}
+      asked[:timeout] = request.env['Timeout'].split(',').map{|x|x.strip} if request.env['Timeout']
+      asked[:depth] = depth
+      raise BadRequest unless [0, :infinity].include?(asked[:depth])
+      asked[:scope] = lockinfo.xpath("//#{ns}lockscope").children.find_all{|n|n.element?}.map{|n|n.name}.first
+      asked[:type] = lockinfo.xpath("#{ns}locktype").children.find_all{|n|n.element?}.map{|n|n.name}.first
+      asked[:owner] = lockinfo.xpath("//#{ns}owner/#{ns}href").children.map{|n|n.text}.first
+      begin
+        lock_time, locktoken = resource.lock(asked)
+        render_xml(:prop) do |xml|
+          xml.lockdiscovery do
+            xml.activelock do
+              if(asked[:scope])
+                xml.lockscope do
+                  xml.send(asked[:scope])
+                end
+              end
+              if(asked[:type])
+                xml.locktype do
+                  xml.send(asked[:type])
+                end
+              end
+              xml.depth asked[:depth].to_s
+              xml.timeout lock_time ? "Second-#{lock_time}" : 'infinity'
+              xml.locktoken do
+                xml.href locktoken
+              end
+            end
+          end
+        end
+        response.status = resource.exist? ? OK : Created
+      rescue LockFailure => e
+        multistatus do |xml|
+          e.path_status.each_pair do |path, status|
+            xml.response do
+              xml.href path
+              xml.status "#{http_version} #{status.status_line}"
+            end
+          end
+        end
+        response.status = MultiStatus
+      end
+    end
+
+    # Unlock current resource
+    def unlock
+      resource.unlock(lock_token)
+    end
+
+    # ************************************************************
+    # private methods
+    
+    private
+
+    # Request environment variables
+    def env
+      @request.env
+    end
+    
+    # Current request scheme (http/https)
+    def scheme
+      request.scheme
+    end
+    
+    # Request host
+    def host
+      request.host
+    end
+    
+    # Request port
+    def port
+      request.port
+    end
+    
+    # Class of the resource in use
+    def resource_class
+      @options[:resource_class]
+    end
+
+    # Root URI path for the resource
+    def root_uri_path
+      @options[:root_uri_path]
+    end
+    
+    # Returns Resource path with root URI removed
+    def implied_path
+      clean_path(@request.path.dup)
+    end
+    
+    # x:: request path
+    # Unescapes path and removes root URI if applicable
+    def clean_path(x)
+      ip = url_unescape(x)
+      ip.gsub!(/^#{Regexp.escape(root_uri_path)}/, '') if root_uri_path
+      ip
+    end
+    
+    # Unescaped request path
+    def actual_path
+      url_unescape(@request.path.dup)
+    end
+
+    # Lock token if provided by client
+    def lock_token
+      env['HTTP_LOCK_TOKEN'] || nil
+    end
+    
+    # Requested depth
+    def depth
+      d = env['HTTP_DEPTH']
+      if(d =~ /^\d+$/)
+        d = d.to_i
+      else
+        d = :infinity
+      end
+      d
+    end
+
+    # Current HTTP version being used
+    def http_version
+      env['HTTP_VERSION'] || env['SERVER_PROTOCOL'] || 'HTTP/1.0'
+    end
+    
+    # Overwrite is allowed
+    def overwrite
+      env['HTTP_OVERWRITE'].to_s.upcase != 'F'
+    end
+
+    # Find resources at depth requested
+    def find_resources
+      ary = nil
+      case depth
+      when 0
+        ary = [resource]
+      when 1
+        ary = resource.children
+      else
+        ary = resource.descendants
+      end
+      ary ? ary : []
+    end
+    
+    # XML parsed request
+    def request_document
+      @request_document ||= Nokogiri.XML(request.body.read)
+    rescue
+      raise BadRequest
+    end
+
+    # Namespace being used within XML document
+    # TODO: Make this better
+    def ns
+      _ns = ''
+      if(request_document && request_document.root && request_document.root.namespace_definitions.size > 0)
+        _ns = request_document.root.namespace_definitions.first.prefix.to_s
+        _ns += ':' unless _ns.empty?
+      end
+      _ns
+    end
+    
+    # pattern:: XPath pattern
+    # Search XML document for given XPath
+    def request_match(pattern)
+      nil unless request_document
+      request_document.xpath(pattern, request_document.root.namespaces)
+    end
+
+    # root_type:: Root tag name
+    # Render XML and set Rack::Response#body= to final XML
+    def render_xml(root_type)
+      raise ArgumentError.new 'Expecting block' unless block_given?
+      doc = Nokogiri::XML::Builder.new do |xml|
+        xml.send(root_type.to_s, 'xmlns' => 'DAV:') do
+#           xml.parent.namespace = xml.parent.namespace_definitions.first
+          yield xml
+        end
+      end
+      
+      response.body = doc.to_xml
+      response["Content-Type"] = 'text/xml; charset="utf-8"'
+      response["Content-Length"] = response.body.size.to_s
+    end
+      
+    # block:: block
+    # Creates a multistatus response using #render_xml and
+    # returns the correct status
+    def multistatus(&block)
+      render_xml(:multistatus, &block)
+      MultiStatus
+    end
+    
+    # xml:: Nokogiri::XML::Builder
+    # errors:: Array of errors
+    # Crafts responses for errors
+    def response_errors(xml, errors)
+      for path, status in errors
+        xml.response do
+          xml.href "#{scheme}://#{host}:#{port}#{path}"
+          xml.status "#{http_version} #{status.status_line}"
+        end
+      end
+    end
+
+    # resource:: Resource
+    # names:: Property names
+    # Returns array of property values for given names
+    def get_properties(resource, names)
+      stats = Hash.new { |h, k| h[k] = [] }
+      for name in names
+        begin
+          val = resource.get_property(name)
+          stats[OK].push [name, val] if val
+        rescue Status
+          stats[$!] << name
+        end
+      end
+      stats
+    end
+
+    # resource:: Resource
+    # pairs:: name value pairs
+    # Sets the given properties
+    def set_properties(resource, pairs)
+      stats = Hash.new { |h, k| h[k] = [] }
+      for name, value in pairs
+        begin
+          stats[OK] << [name, resource.set_property(name, value)]
+        rescue Status
+          stats[$!] << name
+        end
+      end
+      stats
+    end
+    
+    # xml:: Nokogiri::XML::Builder
+    # stats:: Array of stats
+    # Build propstats response
+    def propstats(xml, stats)
+      return if stats.empty?
+      for status, props in stats
+        xml.propstat do
+          xml.prop do
+            for name, value in props
+              if(value.is_a?(Nokogiri::XML::Node))
+                xml.send(name) do
+                  xml_convert(xml, value)
+                end
+              elsif(value.is_a?(Symbol))
+                xml.send(name) do
+                  xml.send(value)
+                end
+              else
+                xml.send(name, value)
+              end
+            end
+          end
+          xml.status "#{http_version} #{status.status_line}"
+        end
+      end
+    end
+    
+    # xml:: Nokogiri::XML::Builder
+    # element:: Nokogiri::XML::Element
+    # Converts element into proper text
+    def xml_convert(xml, element)
+      if element.children.empty?
+        if element.text?
+          xml.send(element.name, element.text, element.attributes)
+        else
+          xml.send(element.name, element.attributes)
+        end
+      else
+        xml.send(element.name, element.attributes) do
+          element.elements.each do |child|
+            xml_convert(xml, child)
+          end
+        end
+      end
+    end
+
+    # Perform authentication
+    # NOTE: Authentication will only be performed if the Resource
+    # has defined an #authenticate method
+    def authenticate
+      authed = true
+      if(resource.respond_to?(:authenticate))
+        authed = false
+        if(request.env['HTTP_AUTHORIZATION'])
+          auth = Rack::Auth::Basic::Request.new(request.env)
+          if(auth.basic? && auth.credentials)
+            authed = resource.authenticate(auth.credentials[0], auth.credentials[1])
+          end
+        end
+      end
+      unless(authed)
+        response.body = resource.respond_to?(:authentication_error_msg) ? resource.authentication_error_msg : 'Not Authorized'
+        response['WWW-Authenticate'] = "Basic realm=\"#{resource.respond_to?(:authentication_realm) ? resource.authentication_realm : 'Locked content'}\""
+        raise Unauthorized.new unless authed
+      end
+    end
+
+  end
+
+end