Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
e496c29101 | ||
|
|
47f12834c1 | ||
|
|
b4a65a1af4 | ||
|
|
65aeeda263 | ||
|
|
f61e014d2a | ||
| ce6a5c7477 | |||
|
|
f66f58f67f | ||
|
|
5f036dbc89 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,5 +1,6 @@
|
||||
.direnv
|
||||
server.log
|
||||
shell.nix
|
||||
mem.go
|
||||
nxcaldav
|
||||
in/
|
||||
|
||||
59
config.yaml
59
config.yaml
@@ -3,74 +3,21 @@ database:
|
||||
server:
|
||||
bind_address: 0.0.0.0:14243
|
||||
default_class: CONFIDENTIAL
|
||||
public_url: http://nxc.nx2.site/
|
||||
email_domain: nx2.site
|
||||
public_url: http://example.com/
|
||||
email_domain: example.com
|
||||
redaction_text: '[-]'
|
||||
|
||||
smtp:
|
||||
host: localhost
|
||||
port: 587
|
||||
user: nxcaldav@nx2.site
|
||||
password: Vastly-Wrinkle9-Corsage
|
||||
password_cmd: echo "Vastly-Wrinkle9-Corsage"
|
||||
|
||||
users:
|
||||
- name: daniel
|
||||
password: ll
|
||||
groups:
|
||||
- family
|
||||
- name: lennart
|
||||
password: ll
|
||||
groups:
|
||||
- family
|
||||
- name: shared
|
||||
password: Oxidant-Ageless3-Dispersed
|
||||
|
||||
calendars:
|
||||
- id: preservation
|
||||
owner: lennart
|
||||
color: '#F6F5F4'
|
||||
- id: effort
|
||||
owner: lennart
|
||||
color: '#FF0000'
|
||||
- id: experience
|
||||
owner: lennart
|
||||
color: '#2C33FF'
|
||||
- id: leisure
|
||||
owner: lennart
|
||||
color: '#10B400'
|
||||
- id: daniel
|
||||
owner: daniel
|
||||
color: '#ff2222'
|
||||
- access:
|
||||
- group: family
|
||||
mode: read-write
|
||||
id: family
|
||||
owner: shared
|
||||
color: '#999999'
|
||||
|
||||
address_books:
|
||||
- id: contacts
|
||||
owner: lennart
|
||||
- id: contacts
|
||||
owner: daniel
|
||||
- id: family
|
||||
owner: shared
|
||||
access:
|
||||
- group: family
|
||||
mode: read-write
|
||||
|
||||
aggregates:
|
||||
- access:
|
||||
- group: family
|
||||
mode: read-only
|
||||
- ics: future-only
|
||||
id: lennart-aggregat
|
||||
owner: lennart
|
||||
color: '#dd9999'
|
||||
sources:
|
||||
- preservation
|
||||
- effort
|
||||
- experience
|
||||
- leisure
|
||||
- family
|
||||
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
#!/usr/bin/env python3
|
||||
import os
|
||||
import argparse
|
||||
import psycopg2
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
#!/usr/bin/env python3
|
||||
import os
|
||||
import argparse
|
||||
import psycopg2
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os/exec"
|
||||
"path"
|
||||
"slices"
|
||||
"strings"
|
||||
@@ -140,16 +139,9 @@ func (b *DBBackend) initSchema(ctx context.Context) error {
|
||||
}
|
||||
|
||||
func (b *DBBackend) resolvePassword(u config.User) (string, error) {
|
||||
var raw string
|
||||
if u.PasswordCmd != "" {
|
||||
cmd := exec.Command("sh", "-c", u.PasswordCmd)
|
||||
out, err := cmd.Output()
|
||||
raw, err := config.ResolvePassword(u.Password, u.PasswordCmd)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to run password command for %s: %v", u.Name, err)
|
||||
}
|
||||
raw = strings.TrimSpace(string(out))
|
||||
} else {
|
||||
raw = u.Password
|
||||
return "", fmt.Errorf("failed to resolve password for %s: %v", u.Name, err)
|
||||
}
|
||||
|
||||
// If it already looks like a bcrypt hash, return as is.
|
||||
@@ -237,6 +229,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
|
||||
if a.User != "" {
|
||||
tUsers = append(tUsers, a.User)
|
||||
}
|
||||
tUsers = append(tUsers, a.Users...)
|
||||
if a.Group != "" {
|
||||
tUsers = append(tUsers, groupMembers[a.Group]...)
|
||||
}
|
||||
@@ -307,6 +300,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
|
||||
if a.User != "" {
|
||||
tUsers = append(tUsers, a.User)
|
||||
}
|
||||
tUsers = append(tUsers, a.Users...)
|
||||
if a.Group != "" {
|
||||
tUsers = append(tUsers, groupMembers[a.Group]...)
|
||||
}
|
||||
@@ -358,6 +352,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
|
||||
if a.User != "" {
|
||||
tUsers = append(tUsers, a.User)
|
||||
}
|
||||
tUsers = append(tUsers, a.Users...)
|
||||
if a.Group != "" {
|
||||
tUsers = append(tUsers, groupMembers[a.Group]...)
|
||||
}
|
||||
@@ -1473,3 +1468,18 @@ func (b *DBBackend) DeleteAddressObject(ctx context.Context, p string) error {
|
||||
func (b *DBBackend) QueryAddressObjects(ctx context.Context, p string, query *carddav.AddressBookQuery) ([]carddav.AddressObject, error) {
|
||||
return b.ListAddressObjects(ctx, p, nil)
|
||||
}
|
||||
|
||||
func (b *DBBackend) HasAddressBooks(ctx context.Context) (bool, error) {
|
||||
username, err := b.getUsername(ctx)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
var exists bool
|
||||
err = b.pool.QueryRow(ctx, `
|
||||
SELECT EXISTS (
|
||||
SELECT 1 FROM addressbooks
|
||||
WHERE owner_id = (SELECT id FROM users WHERE name = $1)
|
||||
OR id IN (SELECT addressbook_id FROM addressbook_access WHERE user_id = (SELECT id FROM users WHERE name = $1))
|
||||
)`, username).Scan(&exists)
|
||||
return exists, err
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/emersion/go-ical"
|
||||
"nxcaldav/internal/config"
|
||||
)
|
||||
|
||||
// sendInvitation sends an iMIP (RFC 6047) invitation email.
|
||||
@@ -99,8 +100,14 @@ func (b *DBBackend) sendInvitation(senderName, recipientEmail, summary, descript
|
||||
if err = c.StartTLS(tlsConfig); err != nil { return err }
|
||||
}
|
||||
}
|
||||
if b.smtp.User != "" && b.smtp.Password != "" {
|
||||
auth := smtp.PlainAuth("", b.smtp.User, b.smtp.Password, b.smtp.Host)
|
||||
|
||||
smtpPassword, err := config.ResolvePassword(b.smtp.Password, b.smtp.PasswordCmd)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to resolve SMTP password: %v", err)
|
||||
}
|
||||
|
||||
if b.smtp.User != "" && smtpPassword != "" {
|
||||
auth := smtp.PlainAuth("", b.smtp.User, smtpPassword, b.smtp.Host)
|
||||
if err = c.Auth(auth); err != nil { return err }
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"slices"
|
||||
"strings"
|
||||
|
||||
@@ -11,6 +13,7 @@ import (
|
||||
|
||||
type Access struct {
|
||||
User string `yaml:"user,omitempty"`
|
||||
Users []string `yaml:"users,omitempty"`
|
||||
Group string `yaml:"group,omitempty"`
|
||||
Groups string `yaml:"groups,omitempty"`
|
||||
Mode string `yaml:"mode"` // "read-only" or "read-write"
|
||||
@@ -68,6 +71,7 @@ type SMTPConfig struct {
|
||||
Port int `yaml:"port"`
|
||||
User string `yaml:"user"`
|
||||
Password string `yaml:"password"`
|
||||
PasswordCmd string `yaml:"password_cmd"`
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
@@ -79,6 +83,18 @@ type Config struct {
|
||||
AddressBooks []AddressBook `yaml:"address_books"`
|
||||
Aggregates []Aggregate `yaml:"aggregates"`
|
||||
}
|
||||
|
||||
func ResolvePassword(password, passwordCmd string) (string, error) {
|
||||
if passwordCmd != "" {
|
||||
cmd := exec.Command("sh", "-c", passwordCmd)
|
||||
out, err := cmd.Output()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to run password command: %v", err)
|
||||
}
|
||||
return strings.TrimSpace(string(out)), nil
|
||||
}
|
||||
return password, nil
|
||||
}
|
||||
func (c *Config) setDefaults() {
|
||||
if c.Server.BindAddress == "" { c.Server.BindAddress = ":8080" }
|
||||
if c.Server.Redaction == "" { c.Server.Redaction = "Busy" }
|
||||
|
||||
@@ -107,10 +107,23 @@ func InjectColor(r *http.Request, ctx context.Context, handler http.Handler, w h
|
||||
w.Write(body)
|
||||
}
|
||||
|
||||
// modify caledar probfind
|
||||
//
|
||||
// this again modeled after the Radicale response
|
||||
// Largly AI generated agian
|
||||
func HandleDiscoveryOptions(r *http.Request, ctx context.Context, handler http.Handler, w http.ResponseWriter, be *backend.DBBackend) {
|
||||
buf := &bytes.Buffer{}
|
||||
rw := &responseWriter{w, buf, http.StatusOK}
|
||||
handler.ServeHTTP(rw, r.WithContext(ctx))
|
||||
|
||||
if has, _ := be.HasAddressBooks(ctx); has {
|
||||
dav := w.Header().Get("DAV")
|
||||
if dav == "" {
|
||||
w.Header().Set("DAV", "1, 3, addressbook, calendar-access")
|
||||
} else if !strings.Contains(dav, "addressbook") {
|
||||
w.Header().Set("DAV", dav+", addressbook")
|
||||
}
|
||||
}
|
||||
w.WriteHeader(rw.status)
|
||||
w.Write(buf.Bytes())
|
||||
}
|
||||
|
||||
func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.Handler, w http.ResponseWriter, be *backend.DBBackend) {
|
||||
reqBody, _ := io.ReadAll(r.Body)
|
||||
r.Body = io.NopCloser(bytes.NewBuffer(reqBody))
|
||||
@@ -121,9 +134,19 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
|
||||
|
||||
body := buf.Bytes()
|
||||
|
||||
// 1. Unconditionally add namespaces to root tag
|
||||
reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
|
||||
body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:card="urn:ietf:params:xml:ns:carddav"`))
|
||||
calHome, _ := be.CalendarHomeSetPath(ctx)
|
||||
cardHome, _ := be.AddressBookHomeSetPath(ctx)
|
||||
hasAddressBooks, _ := be.HasAddressBooks(ctx)
|
||||
|
||||
// Ensure DAV: addressbook header is present if user has address books
|
||||
if hasAddressBooks {
|
||||
dav := w.Header().Get("DAV")
|
||||
if dav == "" {
|
||||
w.Header().Set("DAV", "1, 3, addressbook, calendar-access")
|
||||
} else if !strings.Contains(dav, "addressbook") {
|
||||
w.Header().Set("DAV", dav+", addressbook")
|
||||
}
|
||||
}
|
||||
|
||||
// 2. Response processing
|
||||
reResponse := regexp.MustCompile(`(?s)<[a-zA-Z0-9]*:?response.*?>.*?</[a-zA-Z0-9]*:?response>`)
|
||||
@@ -139,10 +162,7 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
|
||||
return resp
|
||||
}
|
||||
|
||||
calHome, _ := be.CalendarHomeSetPath(ctx)
|
||||
cardHome, _ := be.AddressBookHomeSetPath(ctx)
|
||||
|
||||
// Strip these tags ONLY from non-200 propstats
|
||||
// Strip these tags ONLY from non-200 propstats to avoid duplicates or 404 overrides
|
||||
resp = rePropstat.ReplaceAllFunc(resp, func(ps []byte) []byte {
|
||||
if !reStatusOk.Match(ps) {
|
||||
reTags := regexp.MustCompile(`(?s)<[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set).*?/>|<[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set).*?>.*?</[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set)>`)
|
||||
@@ -152,11 +172,13 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
|
||||
})
|
||||
|
||||
props := ""
|
||||
// Inject calendar-home-set if missing (with local namespace definition for safety)
|
||||
if calHome != "" && !strings.Contains(string(resp), "calendar-home-set") {
|
||||
props += fmt.Sprintf("<C:calendar-home-set><href xmlns=\"DAV:\">%s</href></C:calendar-home-set>", calHome)
|
||||
props += fmt.Sprintf("<C:calendar-home-set xmlns:C=\"urn:ietf:params:xml:ns:caldav\"><href xmlns=\"DAV:\">%s</href></C:calendar-home-set>", calHome)
|
||||
}
|
||||
if cardHome != "" && !strings.Contains(string(resp), "addressbook-home-set") {
|
||||
props += fmt.Sprintf("<card:addressbook-home-set><href xmlns=\"DAV:\">%s</href></card:addressbook-home-set>", cardHome)
|
||||
// Inject addressbook-home-set if missing and user has address books
|
||||
if hasAddressBooks && cardHome != "" && !strings.Contains(string(resp), "addressbook-home-set") {
|
||||
props += fmt.Sprintf("<CARD:addressbook-home-set xmlns:CARD=\"urn:ietf:params:xml:ns:carddav\"><href xmlns=\"DAV:\">%s</href></CARD:addressbook-home-set>", cardHome)
|
||||
}
|
||||
|
||||
if props == "" {
|
||||
|
||||
35
main.go
35
main.go
@@ -19,11 +19,9 @@ import (
|
||||
"nxcaldav/internal/extra"
|
||||
)
|
||||
|
||||
|
||||
|
||||
func main() {
|
||||
// -- GET CONFIG
|
||||
path := "config.yaml";
|
||||
path := "config.yaml"
|
||||
if len(os.Args) == 3 {
|
||||
if os.Args[1] == "-c" {
|
||||
path = os.Args[2]
|
||||
@@ -41,18 +39,18 @@ func main() {
|
||||
log.Fatalf("failed to initialize database backend: %v", err)
|
||||
}
|
||||
|
||||
|
||||
// -- GET CONTEXT AND DB
|
||||
caldavHandler := &caldav.Handler{Backend: be}
|
||||
carddavHandler := &carddav.Handler{Backend: be}
|
||||
publicURL, _ := url.Parse(cfg.Server.PublicURL)
|
||||
|
||||
|
||||
// -- DISCOVERIES
|
||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
scheme := r.URL.Scheme
|
||||
if scheme == "" { scheme = "http" }
|
||||
if scheme == "" {
|
||||
scheme = "http"
|
||||
}
|
||||
|
||||
// set host (because reverse proxies exist)
|
||||
if publicURL != nil && publicURL.Host != "" {
|
||||
@@ -60,7 +58,7 @@ func main() {
|
||||
r.URL.Host = publicURL.Host
|
||||
|
||||
// prioritize X-Forwarded-Proto, then PublicURL (e.g. Cloudfalre proxy)
|
||||
scheme := publicURL.Scheme
|
||||
scheme = publicURL.Scheme
|
||||
if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {
|
||||
scheme = proto
|
||||
}
|
||||
@@ -108,20 +106,25 @@ func main() {
|
||||
principalPath := prefix + fmt.Sprintf("/%s/", user)
|
||||
ctx := context.WithValue(r.Context(), "principal", principalPath)
|
||||
|
||||
// set header for carddav
|
||||
// set header for carddav if user has address books
|
||||
if slices.Contains([]string{
|
||||
"/", prefix + "/",
|
||||
"/.well-known/carddav",
|
||||
prefix + "/.well-known/carddav",
|
||||
principalPath,
|
||||
strings.TrimSuffix(principalPath, "/"),
|
||||
}, r.URL.Path) || strings.Contains(r.URL.Path, "/addressbooks/") {
|
||||
if has, _ := be.HasAddressBooks(ctx); has {
|
||||
w.Header().Add("DAV", "addressbook")
|
||||
}
|
||||
}
|
||||
|
||||
// for caldav discovery
|
||||
// for caldav and carddav discovery
|
||||
if slices.Contains([]string{
|
||||
"/.well-known/caldav",
|
||||
prefix + "/.well-known/caldav",
|
||||
"/.well-known/carddav",
|
||||
prefix + "/.well-known/carddav",
|
||||
}, r.URL.Path) {
|
||||
http.Redirect(w, r, fmt.Sprintf("%s://%s%s", scheme, r.Host, principalPath), http.StatusMovedPermanently)
|
||||
return
|
||||
@@ -144,24 +147,20 @@ func main() {
|
||||
// catch weird requests
|
||||
} else {
|
||||
|
||||
if strings.HasSuffix(r.URL.Path, user+"/") || strings.HasSuffix(r.URL.Path, user) {
|
||||
// For principal path, use merged discovery handler
|
||||
if strings.HasSuffix(r.URL.Path, user+"/") || strings.HasSuffix(r.URL.Path, user) || r.URL.Path == "/" || r.URL.Path == prefix+"/" {
|
||||
// For principal path or root, use merged discovery handler
|
||||
if r.Method == "PROPFIND" {
|
||||
extra.HandleDiscoveryPropfind(r, ctx, caldavHandler, w, be)
|
||||
} else if r.Method == "OPTIONS" {
|
||||
extra.HandleDiscoveryOptions(r, ctx, caldavHandler, w, be)
|
||||
} else {
|
||||
caldavHandler.ServeHTTP(w, r.WithContext(ctx))
|
||||
// Ensure DAV header includes addressbook for OPTIONS
|
||||
if r.Method == "OPTIONS" {
|
||||
dav := w.Header().Get("DAV")
|
||||
if dav != "" && !strings.Contains(dav, "addressbook") {
|
||||
w.Header().Set("DAV", dav+", addressbook")
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
http.NotFound(w, r)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
fmt.Printf("Starting CalDAV/CardDAV server on %s...\n", cfg.Server.BindAddress)
|
||||
server := &http.Server{
|
||||
|
||||
Reference in New Issue
Block a user