From 22125f6478c9e1efc3f4580e250a8504ec159679 Mon Sep 17 00:00:00 2001 From: tchapi Date: Tue, 13 Feb 2024 23:55:02 +0100 Subject: [PATCH 1/3] chore: add homeCollection to tree --- config/services.yaml | 4 ++-- src/Controller/DAVController.php | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/services.yaml b/config/services.yaml index 5f0d79f..bd218f9 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -51,8 +51,8 @@ services: $inviteAddress: "%env(INVITE_FROM_ADDRESS)%" $authMethod: "%env(AUTH_METHOD)%" $authRealm: "%env(AUTH_REALM)%" - $webdavPublicDir: "%env(WEBDAV_PUBLIC_DIR)%" - $webdavTmpDir: "%env(WEBDAV_TMP_DIR)%" + $webdavPublicDir: "%env(resolve:WEBDAV_PUBLIC_DIR)%" + $webdavTmpDir: "%env(resolve:WEBDAV_TMP_DIR)%" App\Security\LoginFormAuthenticator: arguments: diff --git a/src/Controller/DAVController.php b/src/Controller/DAVController.php index 26415eb..a42a8d1 100644 --- a/src/Controller/DAVController.php +++ b/src/Controller/DAVController.php @@ -207,6 +207,7 @@ private function initServer(string $authMethod, string $authRealm = User::DEFAUL $nodes = [ // /principals new \Sabre\CalDAV\Principal\Collection($principalBackend), + new \Sabre\DAVACL\FS\HomeCollection($principalBackend, $this->webdavPublicDir), ]; if ($this->calDAVEnabled) { From b0ec89bf6719582d12cdcf33c393349916fa1fd2 Mon Sep 17 00:00:00 2001 From: tchapi Date: Wed, 20 Mar 2024 22:38:51 +0100 Subject: [PATCH 2/3] chore: fix --- .env | 6 +++++- config/services.yaml | 1 + src/Controller/DAVController.php | 15 +++++++++++++-- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.env b/.env index f9d1845..da6290e 100644 --- a/.env +++ b/.env @@ -72,7 +72,11 @@ INVITE_FROM_ADDRESS=no-reply@example.org # Make sure that these directories exist, with write permissions for your server. # USE ABSOLUTE PATHS for better predictability WEBDAV_TMP_DIR='/tmp' -WEBDAV_PUBLIC_DIR='/webdav' +WEBDAV_PUBLIC_DIR='/webdav/public' +# By default, home directories are disabled totally (env var set to an empty string). +# If needed, it is recommended to use a folder that is NOT a child of the public dir, +# such as /webdav/homes for instance, so that users cannot access other users' homes. +WEBDAV_HOMES_DIR= # Logging path # By default, it will log in the standard Symfony directory: var/log/prod.log (for production) diff --git a/config/services.yaml b/config/services.yaml index bd218f9..03fa3a4 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -52,6 +52,7 @@ services: $authMethod: "%env(AUTH_METHOD)%" $authRealm: "%env(AUTH_REALM)%" $webdavPublicDir: "%env(resolve:WEBDAV_PUBLIC_DIR)%" + $webdavHomesDir: "%env(resolve:WEBDAV_HOMES_DIR)%" $webdavTmpDir: "%env(resolve:WEBDAV_TMP_DIR)%" App\Security\LoginFormAuthenticator: diff --git a/src/Controller/DAVController.php b/src/Controller/DAVController.php index a42a8d1..b5113a5 100644 --- a/src/Controller/DAVController.php +++ b/src/Controller/DAVController.php @@ -69,6 +69,13 @@ class DAVController extends AbstractController */ protected $webdavPublicDir; + /** + * WebDAV User Homes directory. + * + * @var string | null + */ + protected $webdavHomesDir; + /** * WebDAV Temporary directory. * @@ -128,7 +135,7 @@ class DAVController extends AbstractController */ protected $server; - public function __construct(MailerInterface $mailer, BasicAuth $basicAuthBackend, IMAPAuth $IMAPAuthBackend, LDAPAuth $LDAPAuthBackend, UrlGeneratorInterface $router, EntityManagerInterface $entityManager, LoggerInterface $logger, string $publicDir, bool $calDAVEnabled = true, bool $cardDAVEnabled = true, bool $webDAVEnabled = false, string $inviteAddress = null, string $authMethod = null, string $authRealm = null, string $webdavPublicDir = null, string $webdavTmpDir = null) + public function __construct(MailerInterface $mailer, BasicAuth $basicAuthBackend, IMAPAuth $IMAPAuthBackend, LDAPAuth $LDAPAuthBackend, UrlGeneratorInterface $router, EntityManagerInterface $entityManager, LoggerInterface $logger, string $publicDir, bool $calDAVEnabled = true, bool $cardDAVEnabled = true, bool $webDAVEnabled = false, string $inviteAddress = null, string $authMethod = null, string $authRealm = null, string $webdavPublicDir = null, string $webdavHomesDir = null, string $webdavTmpDir = null) { $this->publicDir = $publicDir; @@ -138,6 +145,7 @@ public function __construct(MailerInterface $mailer, BasicAuth $basicAuthBackend $this->inviteAddress = $inviteAddress ?? null; $this->webdavPublicDir = $webdavPublicDir; + $this->webdavHomesDir = $webdavHomesDir; $this->webdavTmpDir = $webdavTmpDir; $this->em = $entityManager; @@ -207,9 +215,12 @@ private function initServer(string $authMethod, string $authRealm = User::DEFAUL $nodes = [ // /principals new \Sabre\CalDAV\Principal\Collection($principalBackend), - new \Sabre\DAVACL\FS\HomeCollection($principalBackend, $this->webdavPublicDir), ]; + if ($this->webdavHomesDir) { + $nodes[] = new \Sabre\DAVACL\FS\HomeCollection($principalBackend, $this->webdavHomesDir); + } + if ($this->calDAVEnabled) { $calendarBackend = new \Sabre\CalDAV\Backend\PDO($pdo); $nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $calendarBackend); From 1f3ab67b702b89a3786f2212b946ad1fca958de3 Mon Sep 17 00:00:00 2001 From: tchapi Date: Fri, 29 Mar 2024 22:46:46 +0100 Subject: [PATCH 3/3] Update README --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 516eb1c..8439f5c 100644 --- a/README.md +++ b/README.md @@ -118,9 +118,14 @@ f. The paths for the WebDAV installation ``` WEBDAV_TMP_DIR='/tmp' -WEBDAV_PUBLIC_DIR='/webdav' +WEBDAV_PUBLIC_DIR='/webdav/public' +WEBDAV_HOMES_DIR= ``` +> [!NOTE] +> +> By default, home directories are disabled totally (the env var is set to an empty string). If needed, it is recommended to use a folder that is **NOT** a child of the public dir, such as `/webdav/homes` for instance, so that users cannot access other users' homes. + g. The log file path You can use an absolute file path here, and you can use Symfony's `%kernel.logs_dir%` and `%kernel.environment%` placeholders if needed (as in the default value). Setting it to `/dev/null` will disable logging altogether.