rack_dav_sp 0.2.dev

data/.gitignore

@@ -0,0 +1,4 @@
+*~
+doc/*
+pkg/*
+test/repo

data/CHANGELOG.md

@@ -0,0 +1,27 @@
+= Changelog
+
+== master
+
+* NEW: Added Rakefile, package and test tasks.
+
+* NEW: Added Gemfile and Bundler tasks.
+
+* CHANGED: Upgraded to RSpec 2.0.
+
+* CHANGED: Bump dependency to rack >= 1.2.0
+
+* CHANGED: Removed response.status override/casting in RackDAV::Handler
+  because already performed in Rack::Response#finish.
+
+* FIXED: rack_dav binary crashes if Mongrel is not installed.
+
+
+== Release 0.1.3
+
+* Unknown
+
+
+== Release 0.1.2
+
+* Unknown
+

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in rack_dav.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,31 @@
+PATH
+  remote: .
+  specs:
+    rack_dav (0.2.dev)
+      builder
+      rack (>= 1.2.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    builder (3.0.0)
+    diff-lcs (1.1.2)
+    rack (1.2.3)
+    rspec (2.6.0)
+      rspec-core (~> 2.6.0)
+      rspec-expectations (~> 2.6.0)
+      rspec-mocks (~> 2.6.0)
+    rspec-core (2.6.3)
+    rspec-expectations (2.6.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.6.0)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  builder
+  rack (>= 1.2.0)
+  rack_dav!
+  rspec (~> 2.6.0)

data/LICENSE

@@ -0,0 +1,18 @@
+Copyright (c) 2009 Matthias Georgi <http://www.matthias-georgi.de>
+ 
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+ 
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,107 @@
+---
+title: RackDAV - Web Authoring for Rack
+---
+
+RackDAV is Handler for [Rack][1], which allows content authoring over
+HTTP. RackDAV brings its own file backend, but other backends are
+possible by subclassing RackDAV::Resource.
+
+## Install
+
+Just install the gem from RubyGems:
+
+    $ gem install rack_dav
+
+## Quickstart
+
+If you just want to share a folder over WebDAV, you can just start a
+simple server with:
+
+    $ rack_dav
+
+This will start a WEBrick server on port 3000, which you can connect
+to without authentication.
+
+## Rack Handler
+
+Using RackDAV inside a rack application is quite easy. A simple rackup
+script looks like this:
+
+    require 'rubygems'
+    require 'rack_dav'
+    
+    use Rack::CommonLogger
+    
+    run RackDAV::Handler.new(:root => '/path/to/docs')
+
+## Implementing your own WebDAV resource
+
+RackDAV::Resource is an abstract base class and defines an interface
+for accessing resources.
+
+Each resource will be initialized with a path, which should be used to
+find the real resource.
+
+RackDAV::Handler needs to be initialized with the actual resource class:
+
+    RackDAV::Handler.new(:resource_class => MyResource)
+
+RackDAV needs some information about the resources, so you have to
+implement following methods:
+
+* __children__: If this is a collection, return the child resources.
+
+* __collection?__: Is this resource a collection?
+
+* __exist?__: Does this recource exist?
+
+* __creation\_date__: Return the creation time.
+
+* __last\_modified__: Return the time of last modification.
+
+* __last\_modified=(time)__: Set the time of last modification.
+
+* __etag__: Return an Etag, an unique hash value for this resource.
+
+* __content_type__: Return the mime type of this resource.
+
+* __content\_length__: Return the size in bytes for this resource.
+
+
+Most importantly you have to implement the actions, which are called
+to retrieve and change the resources:
+
+* __get(request, response)__: Write the content of the resource to the response.body.
+
+* __put(request, response)__: Save the content of the request.body.
+
+* __post(request, response)__: Usually forbidden.
+
+* __delete__: Delete this resource.
+
+* __copy(dest)__: Copy this resource to given destination resource.
+
+* __move(dest)__: Move this resource to given destination resource.
+
+* __make\_collection__: Create this resource as collection.
+
+* __lock(token, timeout, scope, type, owner)__: Lock this resource.
+  If scope, type and owner are nil, refresh the given lock.
+
+* __unlock(token)__: Unlock this resource
+
+Note, that it is generally possible, that a resource object is
+instantiated for a not yet existing resource.
+
+For inspiration you should have a look at the FileResource
+implementation. Please let me now, if you are going to implement a new
+type of resource.
+
+
+### RackDAV on GitHub
+
+Download or fork the project on its [Github page][2]
+
+
+[1]: http://github.com/chneukirchen/rack
+[2]: http://github.com/georgi/rack_dav

data/Rakefile

@@ -0,0 +1,36 @@
+require 'bundler'
+require "rspec/core/rake_task"
+
+Bundler::GemHelper.install_tasks
+
+
+task :default => :spec
+
+# Run all the specs in the /spec folder
+RSpec::Core::RakeTask.new
+
+
+namespace :spec do
+  desc "Run RSpec against all Ruby versions"
+  task :rubies => "spec:rubies:default"
+
+  namespace :rubies do
+    RUBIES = %w( 1.8.7-p330 1.9.2-p0 jruby-1.5.6 ree-1.8.7-2010.02 )
+
+    task :default => :ensure_rvm do
+      sh "rvm #{RUBIES.join(",")} rake default"
+    end
+
+    task :ensure_rvm do
+      File.exist?(File.expand_path("~/.rvm/scripts/rvm")) || abort("RVM is not available")
+    end
+
+    RUBIES.each do |ruby|
+      desc "Run RSpec against Ruby #{ruby}"
+      task ruby => :ensure_rvm do
+        sh "rvm #{ruby} rake default"
+      end
+    end
+  end
+
+end

data/bin/rack_dav

@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.expand_path("../../lib", __FILE__))
+
+require 'rack_dav'
+
+app = Rack::Builder.new do
+  use Rack::ShowExceptions
+  use Rack::CommonLogger
+  use Rack::Reloader
+  use Rack::Lint
+
+  run RackDAV::Handler.new
+
+end.to_app
+
+port = ARGV.first || 3000
+
+begin
+  Rack::Handler::Mongrel.run(app, :Port => port)
+rescue LoadError
+  Rack::Handler::WEBrick.run(app, :Port => port)
+end

data/lib/rack_dav.rb

@@ -0,0 +1,14 @@
+require 'rubygems'
+require 'builder'
+require 'time'
+require 'uri'
+require 'rexml/document'
+require 'webrick/httputils'
+
+require 'rack'
+require 'rack_dav/builder_namespace'
+require 'rack_dav/http_status'
+require 'rack_dav/resource'
+require 'rack_dav/file_resource'
+require 'rack_dav/handler'
+require 'rack_dav/controller'

data/lib/rack_dav/builder_namespace.rb

@@ -0,0 +1,21 @@
+module Builder
+
+  class XmlBase
+    def namespace(ns)
+      old_namespace = @namespace
+      @namespace = ns
+      yield
+      @namespace = old_namespace
+      self
+    end
+
+    alias_method :method_missing_without_namespace, :method_missing
+
+    def method_missing(sym, *args, &block)
+      sym = "#{@namespace}:#{sym}" if @namespace
+      method_missing_without_namespace(sym, *args, &block)
+    end
+
+  end
+
+end

data/lib/rack_dav/controller.rb

@@ -0,0 +1,495 @@
+module RackDAV
+
+  class Controller
+    include RackDAV::HTTPStatus
+
+    attr_reader :request, :response, :resource
+
+    def initialize(request, response, options)
+      @request  = request
+      @response = response
+      @options  = options
+      @resource = resource_class.new(url_unescape(request.path_info), @options)
+      raise Forbidden if request.path_info.include?('../')
+    end
+
+    def url_escape(s)
+      s.gsub(/([^\/a-zA-Z0-9_.-]+)/n) do
+        '%' + $1.unpack('H2' * $1.size).join('%').upcase
+      end.tr(' ', '+')
+    end
+
+    def url_unescape(s)
+      s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/n) do
+        [$1.delete('%')].pack('H*')
+      end
+    end
+
+    def options
+      response["Allow"] = 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE'
+      response["Dav"] = "1"
+
+      if resource.lockable?
+        response["Allow"] << ",LOCK,UNLOCK"
+        response["Dav"]   << ",2"
+      end
+
+      response["Ms-Author-Via"] = "DAV"
+    end
+
+    def head
+      raise NotFound if not resource.exist?
+      response['Etag'] = resource.etag
+      response['Content-Type'] = resource.content_type
+      response['Last-Modified'] = resource.last_modified.httpdate
+    end
+
+    def get
+      raise NotFound if not resource.exist?
+      response['Etag'] = resource.etag
+      response['Content-Type'] = resource.content_type
+      response['Content-Length'] = resource.content_length.to_s
+      response['Last-Modified'] = resource.last_modified.httpdate
+      map_exceptions do
+        resource.get(request, response)
+      end
+    end
+
+    def put
+      raise Forbidden if resource.collection?
+      map_exceptions do
+        resource.put(request, response)
+      end
+    end
+
+    def post
+      map_exceptions do
+        resource.post(request, response)
+      end
+    end
+
+    def delete
+      delete_recursive(resource, errors = [])
+
+      if errors.empty?
+        response.status = NoContent
+      else
+        multistatus do |xml|
+          response_errors(xml, errors)
+        end
+      end
+    end
+
+    def mkcol
+      map_exceptions do
+        resource.make_collection
+      end
+      response.status = Created
+    end
+
+    def copy
+      raise NotFound if not resource.exist?
+
+      dest_uri = URI.parse(env['HTTP_DESTINATION'])
+      destination = url_unescape(dest_uri.path)
+
+      raise BadGateway if dest_uri.host and dest_uri.host != request.host
+      raise Forbidden if destination == resource.path
+
+      dest = resource_class.new(destination, @options)
+      dest = dest.child(resource.name) if dest.collection?
+
+      dest_existed = dest.exist?
+
+      copy_recursive(resource, dest, depth, errors = [])
+
+      if errors.empty?
+        response.status = dest_existed ? NoContent : Created
+      else
+        multistatus do |xml|
+          response_errors(xml, errors)
+        end
+      end
+    rescue URI::InvalidURIError => e
+      raise BadRequest.new(e.message)
+    end
+
+    def move
+      raise NotFound if not resource.exist?
+
+      dest_uri = URI.parse(env['HTTP_DESTINATION'])
+      destination = url_unescape(dest_uri.path)
+
+      raise BadGateway if dest_uri.host and dest_uri.host != request.host
+      raise Forbidden if destination == resource.path
+
+      dest = resource_class.new(destination, @options)
+      dest = dest.child(resource.name) if dest.collection?
+
+      dest_existed = dest.exist?
+
+      raise Conflict if depth <= 1
+
+      copy_recursive(resource, dest, depth, errors = [])
+      delete_recursive(resource, errors)
+
+      if errors.empty?
+        response.status = dest_existed ? NoContent : Created
+      else
+        multistatus do |xml|
+          response_errors(xml, errors)
+        end
+      end
+    rescue URI::InvalidURIError => e
+      raise BadRequest.new(e.message)
+    end
+
+    def propfind
+      raise NotFound if not resource.exist?
+
+      if not request_match("/propfind/allprop").empty?
+        names = resource.property_names
+      else
+        names = request_match("/propfind/prop/*").map { |e| e.name }
+        names = resource.property_names if names.empty?
+        raise BadRequest if names.empty?
+      end
+
+      multistatus do |xml|
+        for resource in find_resources
+          resource.path.gsub!(/\/\//, '/')
+          xml.response do
+            xml.href "http://#{host}#{url_escape resource.path}"
+            propstats xml, get_properties(resource, names)
+          end
+        end
+      end
+    end
+
+    def proppatch
+      raise NotFound if not resource.exist?
+
+      prop_rem = request_match("/propertyupdate/remove/prop/*").map { |e| [e.name] }
+      prop_set = request_match("/propertyupdate/set/prop/*").map { |e| [e.name, e.text] }
+
+      multistatus do |xml|
+        for resource in find_resources
+          xml.response do
+            xml.href "http://#{host}#{resource.path}"
+            propstats xml, set_properties(resource, prop_set)
+          end
+        end
+      end
+
+      resource.save
+    end
+
+    def lock
+      raise MethodNotAllowed unless resource.lockable?
+      raise NotFound if not resource.exist?
+
+      timeout = request_timeout
+      if timeout.nil? || timeout.zero?
+        timeout = 60
+      end
+
+      if request_document.to_s.empty?
+        refresh_lock timeout
+      else
+        create_lock timeout
+      end
+    end
+
+    def unlock
+      raise MethodNotAllowed unless resource.lockable?
+
+      locktoken = request_locktoken('LOCK_TOKEN')
+      raise BadRequest if locktoken.nil?
+
+      response.status = resource.unlock(locktoken) ? NoContent : Forbidden
+    end
+
+    private
+
+      def env
+        @request.env
+      end
+
+      def host
+        env['HTTP_HOST']
+      end
+
+      def resource_class
+        @options[:resource_class]
+      end
+
+      def depth
+        case env['HTTP_DEPTH']
+        when '0' then 0
+        when '1' then 1
+        else 100
+        end
+      end
+
+      def overwrite
+        env['HTTP_OVERWRITE'].to_s.upcase != 'F'
+      end
+
+      def find_resources
+        case env['HTTP_DEPTH']
+        when '0'
+          [resource]
+        when '1'
+          [resource] + resource.children
+        else
+          [resource] + resource.descendants
+        end
+      end
+
+      def delete_recursive(res, errors)
+        for child in res.children
+          delete_recursive(child, errors)
+        end
+
+        begin
+          map_exceptions { res.delete } if errors.empty?
+        rescue Status
+          errors << [res.path, $!]
+        end
+      end
+
+      def copy_recursive(res, dest, depth, errors)
+        map_exceptions do
+          if dest.exist?
+            if overwrite
+              delete_recursive(dest, errors)
+            else
+              raise PreconditionFailed
+            end
+          end
+          res.copy(dest)
+        end
+      rescue Status
+        errors << [res.path, $!]
+      else
+        if depth > 0
+          for child in res.children
+            dest_child = dest.child(child.name)
+            copy_recursive(child, dest_child, depth - 1, errors)
+          end
+        end
+      end
+
+      def map_exceptions
+        yield
+      rescue
+        case $!
+        when URI::InvalidURIError then raise BadRequest
+        when Errno::EACCES then raise Forbidden
+        when Errno::ENOENT then raise Conflict
+        when Errno::EEXIST then raise Conflict
+        when Errno::ENOSPC then raise InsufficientStorage
+        else
+          raise
+        end
+      end
+
+      def request_document
+        @request_document ||= REXML::Document.new(request.body.read)
+      rescue REXML::ParseException
+        raise BadRequest
+      end
+
+      def request_match(pattern)
+        REXML::XPath::match(request_document, pattern, '' => 'DAV:')
+      end
+
+      # Quick and dirty parsing of the WEBDAV Timeout header.
+      # Refuses infinity, rejects anything but Second- timeouts
+      #
+      # @return [nil] or [Fixnum]
+      #
+      # @api internal
+      #
+      def request_timeout
+        timeout = request.env['HTTP_TIMEOUT']
+        return if timeout.nil? || timeout.empty?
+
+        timeout = timeout.split /,\s*/
+        timeout.reject! {|t| t !~ /^Second-/}
+        timeout.first.sub('Second-', '').to_i
+      end
+
+      def request_locktoken(header)
+        token = request.env["HTTP_#{header}"]
+        return if token.nil? || token.empty?
+        token.scan /^\(?<?(.+?)>?\)?$/
+        return $1
+      end
+
+      # Creates a new XML document, yields given block
+      # and sets the response.body with the final XML content.
+      # The response length is updated accordingly.
+      #
+      # @return [void]
+      #
+      # @yield  [xml] Yields the Builder XML instance.
+      #
+      # @api internal
+      #
+      def render_xml
+        xml = Builder::XmlMarkup.new(:indent => 2)
+        xml.instruct! :xml, :version => "1.0", :encoding => "UTF-8"
+
+        xml.namespace('D') do
+          yield xml
+        end
+
+        content = xml.target!
+        response.body = [content]
+        response["Content-Type"] = 'text/xml; charset="utf-8"'
+        response["Content-Length"] = Rack::Utils.bytesize(content).to_s
+      end
+
+      def multistatus
+        render_xml do |xml|
+          xml.multistatus('xmlns:D' => "DAV:") do
+            yield xml
+          end
+        end
+
+        response.status = MultiStatus
+      end
+
+      def response_errors(xml, errors)
+        for path, status in errors
+          xml.response do
+            xml.href "http://#{host}#{path}"
+            xml.status "#{request.env['HTTP_VERSION']} #{status.status_line}"
+          end
+        end
+      end
+
+      def get_properties(resource, names)
+        stats = Hash.new { |h, k| h[k] = [] }
+        for name in names
+          begin
+            map_exceptions do
+              stats[OK] << [name, resource.get_property(name)]
+            end
+          rescue Status
+            stats[$!] << name
+          end
+        end
+        stats
+      end
+
+      def set_properties(resource, pairs)
+        stats = Hash.new { |h, k| h[k] = [] }
+        for name, value in pairs
+          begin
+            map_exceptions do
+              stats[OK] << [name, resource.set_property(name, value)]
+            end
+          rescue Status
+            stats[$!] << name
+          end
+        end
+        stats
+      end
+
+      def propstats(xml, stats)
+        return if stats.empty?
+        for status, props in stats
+          xml.propstat do
+            xml.prop do
+              for name, value in props
+                if value.is_a?(REXML::Element)
+                  xml.tag!(name) do
+                    rexml_convert(xml, value)
+                  end
+                else
+                  xml.tag!(name, value)
+                end
+              end
+            end
+            xml.status "#{request.env['HTTP_VERSION']} #{status.status_line}"
+          end
+        end
+      end
+
+      def create_lock(timeout)
+        lockscope = request_match("/lockinfo/lockscope/*")[0].name
+        locktype = request_match("/lockinfo/locktype/*")[0].name
+        owner = request_match("/lockinfo/owner/href")[0]
+        owner = owner.text if owner
+        locktoken = "opaquelocktoken:" + sprintf('%x-%x-%s', Time.now.to_i, Time.now.sec, resource.etag)
+
+        # Quick & Dirty - FIXME: Lock should become a new Class
+        # and this dirty parameter passing refactored.
+        unless resource.lock(locktoken, timeout, lockscope, locktype, owner)
+          raise Forbidden
+        end
+
+        response['Lock-Token'] = locktoken
+
+        render_lockdiscovery locktoken, lockscope, locktype, timeout, owner
+      end
+
+      def refresh_lock(timeout)
+        locktoken = request_locktoken('IF')
+        raise BadRequest if locktoken.nil?
+
+        timeout, lockscope, locktype, owner = resource.lock(locktoken, timeout)
+        unless lockscope && locktype && timeout
+          raise Forbidden
+        end
+
+        render_lockdiscovery locktoken, lockscope, locktype, timeout, owner
+      end
+
+      # FIXME add multiple locks support
+      def render_lockdiscovery(locktoken, lockscope, locktype, timeout, owner)
+        render_xml do |xml|
+          xml.prop('xmlns:D' => "DAV:") do
+            xml.lockdiscovery do
+              render_lock(xml, locktoken, lockscope, locktype, timeout, owner)
+            end
+          end
+        end
+      end
+
+      def render_lock(xml, locktoken, lockscope, locktype, timeout, owner)
+        xml.activelock do
+          xml.lockscope { xml.tag! lockscope }
+          xml.locktype { xml.tag! locktype }
+          xml.depth 'Infinity'
+          if owner
+            xml.owner { xml.href owner }
+          end
+          xml.timeout "Second-#{timeout}"
+          xml.locktoken do
+            xml.href locktoken
+          end
+        end
+      end
+
+      def rexml_convert(xml, element)
+        if element.elements.empty?
+          if element.text
+            xml.tag!(element.name, element.text, element.attributes)
+          else
+            xml.tag!(element.name, element.attributes)
+          end
+        else
+          xml.tag!(element.name, element.attributes) do
+            element.elements.each do |child|
+              rexml_convert(xml, child)
+            end
+          end
+        end
+      end
+
+  end
+
+end