fix orphans

.gitignore

@@ -1,5 +1,6 @@
 .direnv
 server.log
+shell.nix
 mem.go
 nxcaldav
 in/

config.yaml

@@ -3,74 +3,21 @@ database:
 server:
   bind_address: 0.0.0.0:14243
   default_class: CONFIDENTIAL
-  public_url: http://nxc.nx2.site/
-  email_domain: nx2.site
+  public_url: http://example.com/
+  email_domain: example.com
   redaction_text: '[-]'
 
 smtp:
   host: localhost
   port: 587
   user: nxcaldav@nx2.site
-  password: Vastly-Wrinkle9-Corsage
+  password_cmd: echo "Vastly-Wrinkle9-Corsage"
 
 users:
-  - name: daniel
-    password: ll
-    groups:
-      - family
-  - name: lennart
-    password: ll
-    groups:
-      - family
-  - name: shared
-    password: Oxidant-Ageless3-Dispersed
 
 calendars:
-  - id: preservation
-    owner: lennart
-    color: '#F6F5F4'
-  - id: effort
-    owner: lennart
-    color: '#FF0000'
-  - id: experience
-    owner: lennart
-    color: '#2C33FF'
-  - id: leisure
-    owner: lennart
-    color: '#10B400'
-  - id: daniel
-    owner: daniel
-    color: '#ff2222'
-  - access:
-    - group: family
-      mode: read-write
-    id: family
-    owner: shared
-    color: '#999999'
 
 address_books:
-  - id: contacts
-    owner: lennart
-  - id: contacts
-    owner: daniel
-  - id: family
-    owner: shared
-    access:
-      - group: family
-        mode: read-write
 
 aggregates:
-- access:
-  - group: family
-    mode: read-only
-  - ics: future-only
-  id: lennart-aggregat
-  owner: lennart
-  color: '#dd9999'
-  sources:
-    - preservation
-    - effort
-    - experience
-    - leisure
-    - family
 

export_events.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
 import os
 import argparse
 import psycopg2

import_events.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
 import os
 import argparse
 import psycopg2

internal/backend/db.go

@@ -8,7 +8,6 @@ import (
 	"log"
 	"net/http"
 	"net/url"
-	"os/exec"
 	"path"
 	"slices"
 	"strings"
@@ -103,7 +102,7 @@ func (b *DBBackend) initSchema(ctx context.Context) error {
 		)`,
 		`CREATE TABLE IF NOT EXISTS calendar_objects (
 		    id SERIAL PRIMARY KEY,
-		    calendar_id INTEGER REFERENCES calendars(id) ON DELETE CASCADE,
+		    calendar_id INTEGER NOT NULL REFERENCES calendars(id) ON DELETE CASCADE,
 		    path TEXT NOT NULL,
 		    data TEXT NOT NULL,
 		    etag TEXT NOT NULL,
@@ -111,20 +110,20 @@ func (b *DBBackend) initSchema(ctx context.Context) error {
 		)`,
 		`CREATE TABLE IF NOT EXISTS addressbooks (
 		    id SERIAL PRIMARY KEY,
-		    owner_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+		    owner_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
 		    path TEXT UNIQUE NOT NULL,
 		    name TEXT,
 		    description TEXT
 		)`,
 		`CREATE TABLE IF NOT EXISTS addressbook_access (
-		    addressbook_id INTEGER REFERENCES addressbooks(id) ON DELETE CASCADE,
-		    user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+		    addressbook_id INTEGER NOT NULL REFERENCES addressbooks(id) ON DELETE CASCADE,
+		    user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
 		    mode TEXT NOT NULL,
 		    PRIMARY KEY (addressbook_id, user_id)
 		)`,
 		`CREATE TABLE IF NOT EXISTS addressbook_objects (
 		    id SERIAL PRIMARY KEY,
-		    addressbook_id INTEGER REFERENCES addressbooks(id) ON DELETE CASCADE,
+		    addressbook_id INTEGER NOT NULL REFERENCES addressbooks(id) ON DELETE CASCADE,
 		    path TEXT NOT NULL,
 		    data TEXT NOT NULL,
 		    etag TEXT NOT NULL,
@@ -140,16 +139,9 @@ func (b *DBBackend) initSchema(ctx context.Context) error {
 }
 
 func (b *DBBackend) resolvePassword(u config.User) (string, error) {
-	var raw string
-	if u.PasswordCmd != "" {
-		cmd := exec.Command("sh", "-c", u.PasswordCmd)
-		out, err := cmd.Output()
-		if err != nil {
-			return "", fmt.Errorf("failed to run password command for %s: %v", u.Name, err)
-		}
-		raw = strings.TrimSpace(string(out))
-	} else {
-		raw = u.Password
+	raw, err := config.ResolvePassword(u.Password, u.PasswordCmd)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve password for %s: %v", u.Name, err)
 	}
 
 	// If it already looks like a bcrypt hash, return as is.
@@ -237,6 +229,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
 			if a.User != "" {
 				tUsers = append(tUsers, a.User)
 			}
+			tUsers = append(tUsers, a.Users...)
 			if a.Group != "" {
 				tUsers = append(tUsers, groupMembers[a.Group]...)
 			}
@@ -265,6 +258,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
 		for _, a := range c.Access {
 			if a.ICS != "" {
 				pubPath := prefix + fmt.Sprintf("/public/%s/%s.ics", c.Owner, c.ID)
+				log.Printf("pp: %s", pubPath)
 				b.publicAccess[pubPath] = publicInfo{
 					InternalPath: path,
 					Mode:         a.ICS,
@@ -307,6 +301,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
 			if a.User != "" {
 				tUsers = append(tUsers, a.User)
 			}
+			tUsers = append(tUsers, a.Users...)
 			if a.Group != "" {
 				tUsers = append(tUsers, groupMembers[a.Group]...)
 			}
@@ -358,6 +353,7 @@ func (b *DBBackend) syncConfig(ctx context.Context, cfg *config.Config) error {
 			if a.User != "" {
 				tUsers = append(tUsers, a.User)
 			}
+			tUsers = append(tUsers, a.Users...)
 			if a.Group != "" {
 				tUsers = append(tUsers, groupMembers[a.Group]...)
 			}
@@ -773,14 +769,14 @@ func (b *DBBackend) listAggregateObjects(ctx context.Context, aggPath string, ag
 	username, _ := b.getUsername(ctx)
 
 	for _, sourceID := range agg.Sources {
-		sourcePath := b.prefix + fmt.Sprintf("/%s/calendars/%s/", agg.Owner, sourceID)
-
 		var calID int
 		var ownerName string
+		var sourcePath string
 		err := b.pool.QueryRow(ctx, `
-			SELECT c.id, u.name FROM calendars c 
+			SELECT c.id, u.name, c.path FROM calendars c 
 			JOIN users u ON c.owner_id = u.id 
-			WHERE c.path = $1`, sourcePath).Scan(&calID, &ownerName)
+			WHERE c.name = $1`, sourceID).Scan(&calID, &ownerName, &sourcePath)
+
 		if err != nil {
 			continue
 		}
@@ -805,7 +801,7 @@ func (b *DBBackend) listAggregateObjects(ctx context.Context, aggPath string, ag
 		}
 
 		for _, obj := range objs {
-			// Prepend source name so Diane knows this is a "[calendar]" event
+			// Prepend source name so user knows this is a "[calendar]" event
 			for _, child := range obj.Data.Children {
 				if child.Name == "VEVENT" || child.Name == "VTODO" {
 					descr := child.Props.Get("DESCRIPTION")
@@ -836,7 +832,7 @@ func (b *DBBackend) GetCalendarObject(ctx context.Context, p string, req *caldav
 	fileName := path.Base(p)
 
 	// Step 1: Check if this is a request for a virtual item in an aggregate
-	if agg, ok := b.aggregates[dirPath]; ok {
+	if _, ok := b.aggregates[dirPath]; ok {
 
 		hasAccess := slices.Contains(b.userAggs[username], dirPath)
 		if !hasAccess {
@@ -851,10 +847,10 @@ func (b *DBBackend) GetCalendarObject(ctx context.Context, p string, req *caldav
 		sourceID := parts[0]
 		realFileName := parts[1]
 
-		sourcePath := b.prefix + fmt.Sprintf("/%s/calendars/%s/", agg.Owner, sourceID)
 		var calID int
 		var ownerName string
-		err := b.pool.QueryRow(ctx, "SELECT c.id, u.name FROM calendars c JOIN users u ON c.owner_id = u.id WHERE c.path = $1", sourcePath).Scan(&calID, &ownerName)
+		var sourcePath string
+		err := b.pool.QueryRow(ctx, "SELECT c.id, u.name, c.path FROM calendars c JOIN users u ON c.owner_id = u.id WHERE c.name = $1", sourceID).Scan(&calID, &ownerName, &sourcePath)
 		if err != nil {
 			return nil, webdav.NewHTTPError(http.StatusNotFound, errors.New("source calendar not found"))
 		}
@@ -1473,3 +1469,18 @@ func (b *DBBackend) DeleteAddressObject(ctx context.Context, p string) error {
 func (b *DBBackend) QueryAddressObjects(ctx context.Context, p string, query *carddav.AddressBookQuery) ([]carddav.AddressObject, error) {
 	return b.ListAddressObjects(ctx, p, nil)
 }
+
+func (b *DBBackend) HasAddressBooks(ctx context.Context) (bool, error) {
+	username, err := b.getUsername(ctx)
+	if err != nil {
+		return false, err
+	}
+	var exists bool
+	err = b.pool.QueryRow(ctx, `
+		SELECT EXISTS (
+			SELECT 1 FROM addressbooks 
+			WHERE owner_id = (SELECT id FROM users WHERE name = $1)
+			OR id IN (SELECT addressbook_id FROM addressbook_access WHERE user_id = (SELECT id FROM users WHERE name = $1))
+		)`, username).Scan(&exists)
+	return exists, err
+}

internal/backend/email.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/emersion/go-ical"
+	"nxcaldav/internal/config"
 )
 
 // sendInvitation sends an iMIP (RFC 6047) invitation email.
@@ -99,8 +100,14 @@ func (b *DBBackend) sendInvitation(senderName, recipientEmail, summary, descript
 			if err = c.StartTLS(tlsConfig); err != nil { return err }
 		}
 	}
-	if b.smtp.User != "" && b.smtp.Password != "" {
-		auth := smtp.PlainAuth("", b.smtp.User, b.smtp.Password, b.smtp.Host)
+
+	smtpPassword, err := config.ResolvePassword(b.smtp.Password, b.smtp.PasswordCmd)
+	if err != nil {
+		return fmt.Errorf("failed to resolve SMTP password: %v", err)
+	}
+
+	if b.smtp.User != "" && smtpPassword != "" {
+		auth := smtp.PlainAuth("", b.smtp.User, smtpPassword, b.smtp.Host)
 		if err = c.Auth(auth); err != nil { return err }
 	}
 

internal/config/config.go

@@ -1,8 +1,10 @@
 package config
 
 import (
+	"fmt"
 	"net/url"
 	"os"
+	"os/exec"
 	"slices"
 	"strings"
 
@@ -10,11 +12,12 @@ import (
 )
 
 type Access struct {
-	User   string `yaml:"user,omitempty"`
-	Group  string `yaml:"group,omitempty"`
-	Groups string `yaml:"groups,omitempty"`
-	Mode   string `yaml:"mode"` // "read-only" or "read-write"
-	ICS    string `yaml:"ics,omitempty"`
+	User   string   `yaml:"user,omitempty"`
+	Users  []string `yaml:"users,omitempty"`
+	Group  string   `yaml:"group,omitempty"`
+	Groups string   `yaml:"groups,omitempty"`
+	Mode   string   `yaml:"mode"` // "read-only" or "read-write"
+	ICS    string   `yaml:"ics,omitempty"`
 }
 
 type Calendar struct {
@@ -64,10 +67,11 @@ func (s ServerConfig) BasePath() string {
 
 
 type SMTPConfig struct {
-	Host     string `yaml:"host"`
-	Port     int    `yaml:"port"`
-	User     string `yaml:"user"`
-	Password string `yaml:"password"`
+	Host        string `yaml:"host"`
+	Port        int    `yaml:"port"`
+	User        string `yaml:"user"`
+	Password    string `yaml:"password"`
+	PasswordCmd string `yaml:"password_cmd"`
 }
 
 type Config struct {
@@ -79,6 +83,18 @@ type Config struct {
 	AddressBooks []AddressBook  `yaml:"address_books"`
 	Aggregates   []Aggregate    `yaml:"aggregates"`
 }
+
+func ResolvePassword(password, passwordCmd string) (string, error) {
+	if passwordCmd != "" {
+		cmd := exec.Command("sh", "-c", passwordCmd)
+		out, err := cmd.Output()
+		if err != nil {
+			return "", fmt.Errorf("failed to run password command: %v", err)
+		}
+		return strings.TrimSpace(string(out)), nil
+	}
+	return password, nil
+}
 func (c *Config) setDefaults() {
 	if c.Server.BindAddress == ""  { c.Server.BindAddress = ":8080" }
 	if c.Server.Redaction == ""    { c.Server.Redaction = "Busy" }

internal/extra/injector.go

@@ -39,9 +39,19 @@ func InjectColor(r *http.Request, ctx context.Context, handler http.Handler, w h
 	body := buf.Bytes()
 	
 	// this models after the Radicale Response, largely AI code
-	// 1. Add namespaces to the root multistatus tag
-	reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
-	body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:ICAL="http://apple.com/ns/ical/" xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:CS="http://calendarserver.org/ns/"`))
+	// 1. Add namespaces to the root multistatus tag only if they are missing
+	if !bytes.Contains(body, []byte("xmlns:ICAL=")) {
+		reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
+		body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:ICAL="http://apple.com/ns/ical/"`))
+	}
+	if !bytes.Contains(body, []byte("xmlns:C=")) && !bytes.Contains(body, []byte("xmlns:c=")) {
+		reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
+		body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:C="urn:ietf:params:xml:ns:caldav"`))
+	}
+	if !bytes.Contains(body, []byte("xmlns:CS=")) {
+		reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
+		body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:CS="http://calendarserver.org/ns/"`))
+	}
 
 	// 2. Response processing
 	reResponse :=  regexp.MustCompile(`(?s)<[a-zA-Z0-9]*:?response.*?>.*?</[a-zA-Z0-9]*:?response>`)
@@ -62,7 +72,7 @@ func InjectColor(r *http.Request, ctx context.Context, handler http.Handler, w h
 			return resp
 		}
 
-		// 1. Strip any existing conflicting tags that might be in 404 blocks
+		// 1. Strip any existing conflicting tags that might be in 404 blocks (non-greedy)
 		reStrip := regexp.MustCompile(`(?s)<[a-zA-Z0-9]*:?(calendar-color|getctag|calendar-order).*?/>|<[a-zA-Z0-9]*:?(calendar-color|getctag|calendar-order).*?>.*?</[a-zA-Z0-9]*:?(calendar-color|getctag|calendar-order)>`)
 		resp = reStrip.ReplaceAll(resp, []byte(""))
 
@@ -107,10 +117,23 @@ func InjectColor(r *http.Request, ctx context.Context, handler http.Handler, w h
 	w.Write(body)
 }
 
-// modify caledar probfind
-//
-// this again modeled after the Radicale response
-// Largly AI generated agian
+func HandleDiscoveryOptions(r *http.Request, ctx context.Context, handler http.Handler, w http.ResponseWriter, be *backend.DBBackend) {
+	buf := &bytes.Buffer{}
+	rw := &responseWriter{w, buf, http.StatusOK}
+	handler.ServeHTTP(rw, r.WithContext(ctx))
+
+	if has, _ := be.HasAddressBooks(ctx); has {
+		dav := w.Header().Get("DAV")
+		if dav == "" {
+			w.Header().Set("DAV", "1, 3, addressbook, calendar-access")
+		} else if !strings.Contains(dav, "addressbook") {
+			w.Header().Set("DAV", dav+", addressbook")
+		}
+	}
+	w.WriteHeader(rw.status)
+	w.Write(buf.Bytes())
+}
+
 func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.Handler, w http.ResponseWriter, be *backend.DBBackend) {
 	reqBody, _ := io.ReadAll(r.Body)
 	r.Body = io.NopCloser(bytes.NewBuffer(reqBody))
@@ -121,9 +144,19 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
 
 	body := buf.Bytes()
 
-	// 1. Unconditionally add namespaces to root tag
-	reMultistatus := regexp.MustCompile(`(<[a-zA-Z0-9]*:?multistatus)`)
-	body = reMultistatus.ReplaceAll(body, []byte(`$1 xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:card="urn:ietf:params:xml:ns:carddav"`))
+	calHome, _ := be.CalendarHomeSetPath(ctx)
+	cardHome, _ := be.AddressBookHomeSetPath(ctx)
+	hasAddressBooks, _ := be.HasAddressBooks(ctx)
+
+	// Ensure DAV: addressbook header is present if user has address books
+	if hasAddressBooks {
+		dav := w.Header().Get("DAV")
+		if dav == "" {
+			w.Header().Set("DAV", "1, 3, addressbook, calendar-access")
+		} else if !strings.Contains(dav, "addressbook") {
+			w.Header().Set("DAV", dav+", addressbook")
+		}
+	}
 
 	// 2. Response processing
 	reResponse := regexp.MustCompile(`(?s)<[a-zA-Z0-9]*:?response.*?>.*?</[a-zA-Z0-9]*:?response>`)
@@ -139,10 +172,7 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
 			return resp
 		}
 
-		calHome, _ := be.CalendarHomeSetPath(ctx)
-		cardHome, _ := be.AddressBookHomeSetPath(ctx)
-
-		// Strip these tags ONLY from non-200 propstats
+		// Strip these tags ONLY from non-200 propstats to avoid duplicates or 404 overrides
 		resp = rePropstat.ReplaceAllFunc(resp, func(ps []byte) []byte {
 			if !reStatusOk.Match(ps) {
 				reTags := regexp.MustCompile(`(?s)<[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set).*?/>|<[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set).*?>.*?</[a-zA-Z0-9:]*(calendar-home-set|addressbook-home-set)>`)
@@ -152,11 +182,13 @@ func HandleDiscoveryPropfind(r *http.Request, ctx context.Context, handler http.
 		})
 
 		props := ""
+		// Inject calendar-home-set if missing (with local namespace definition for safety)
 		if calHome != "" && !strings.Contains(string(resp), "calendar-home-set") {
-			props += fmt.Sprintf("<C:calendar-home-set><href xmlns=\"DAV:\">%s</href></C:calendar-home-set>", calHome)
+			props += fmt.Sprintf("<C:calendar-home-set xmlns:C=\"urn:ietf:params:xml:ns:caldav\"><href xmlns=\"DAV:\">%s</href></C:calendar-home-set>", calHome)
 		}
-		if cardHome != "" && !strings.Contains(string(resp), "addressbook-home-set") {
-			props += fmt.Sprintf("<card:addressbook-home-set><href xmlns=\"DAV:\">%s</href></card:addressbook-home-set>", cardHome)
+		// Inject addressbook-home-set if missing and user has address books
+		if hasAddressBooks && cardHome != "" && !strings.Contains(string(resp), "addressbook-home-set") {
+			props += fmt.Sprintf("<CARD:addressbook-home-set xmlns:CARD=\"urn:ietf:params:xml:ns:carddav\"><href xmlns=\"DAV:\">%s</href></CARD:addressbook-home-set>", cardHome)
 		}
 
 		if props == "" {

main.go

@@ -106,20 +106,25 @@ func main() {
 		principalPath := prefix + fmt.Sprintf("/%s/", user)
 		ctx := context.WithValue(r.Context(), "principal", principalPath)
 
-		// set header for carddav
+		// set header for carddav if user has address books
 		if slices.Contains([]string{
+			"/", prefix + "/",
 			"/.well-known/carddav",
 			prefix + "/.well-known/carddav",
 			principalPath,
 			strings.TrimSuffix(principalPath, "/"),
 		}, r.URL.Path) || strings.Contains(r.URL.Path, "/addressbooks/") {
-			w.Header().Add("DAV", "addressbook")
+			if has, _ := be.HasAddressBooks(ctx); has {
+				w.Header().Add("DAV", "addressbook")
+			}
 		}
 
-		// for caldav discovery
+		// for caldav and carddav discovery
 		if slices.Contains([]string{
 			"/.well-known/caldav",
 			prefix + "/.well-known/caldav",
+			"/.well-known/carddav",
+			prefix + "/.well-known/carddav",
 		}, r.URL.Path) {
 			http.Redirect(w, r, fmt.Sprintf("%s://%s%s", scheme, r.Host, principalPath), http.StatusMovedPermanently)
 			return
@@ -142,21 +147,17 @@ func main() {
 			// catch weird requests
 		} else {
 
-			if strings.HasSuffix(r.URL.Path, user+"/") || strings.HasSuffix(r.URL.Path, user) {
-				// For principal path, use merged discovery handler
+			if strings.HasSuffix(r.URL.Path, user+"/") || strings.HasSuffix(r.URL.Path, user) || r.URL.Path == "/" || r.URL.Path == prefix+"/" {
+				// For principal path or root, use merged discovery handler
 				if r.Method == "PROPFIND" {
 					extra.HandleDiscoveryPropfind(r, ctx, caldavHandler, w, be)
+				} else if r.Method == "OPTIONS" {
+					extra.HandleDiscoveryOptions(r, ctx, caldavHandler, w, be)
 				} else {
 					caldavHandler.ServeHTTP(w, r.WithContext(ctx))
-					// Ensure DAV header includes addressbook for OPTIONS
-					if r.Method == "OPTIONS" {
-						dav := w.Header().Get("DAV")
-						if dav != "" && !strings.Contains(dav, "addressbook") {
-							w.Header().Set("DAV", dav+", addressbook")
-						}
-					}
 				}
 			} else {
+				log.Printf("Not found: %s", r)
 				http.NotFound(w, r)
 			}
 		}

shell.nix

@@ -1,12 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }: let
-  my-python = pkgs.python312;
-  python-with-my-packages = my-python.withPackages (p: with p; [
-    ical
-    ics
-    caldav
-    pyyaml
-    psycopg2
-  ]);
-in pkgs.mkShell {
-  buildInputs = [ python-with-my-packages ];
-}