micromata / dave Goto Github PK

The given Apache example does not work for me.

<VirtualHost *:443>
  ServerName localhost

  SSLEngine On
  SSLProxyEngine On
  SSLProxyCheckPeerCN Off
  SSLCertificateFile    /data/cert.pem
  SSLCertificateKeyFile /data/key.pem

  ProxyRequests Off
  ProxyPreserveHost On

  RewriteEngine On
  RewriteRule ^/webdav$ /webdav/ [R,L]
  RewriteRule ^/radicale$ /radicale/ [R,L]

  <Location /webdav/>
  ProxyPass           http://localhost:8081/
  ProxyPassReverse    http://localhost:8081/
  </Location>

  <Location "/radicale/">
    ProxyPass        http://localhost:5232/ retry=0
    ProxyPassReverse http://localhost:5232/
    RequestHeader    set X-Script-Name /radicale/
  </Location>

</VirtualHost>

address: "127.0.0.1"    # the bind address
port: "8081"            # the listening port
dir: "/data/webdav/data"     # the provided base dir
#prefix: "/webdav"       # the url-prefix of the original url
users:
  user:
    password:

Hi, we use Dave in production and are quite happy with it. I’d be willing to help maintain the software. I have decent Go experience, having ported the runtime to multiple platforms, and a pretty good software engineering experience.

A few disclaimers:

• I would start working on smaller bugs / features that I think are worth working on: #29, #17, #13; you can see that I have already submitted a PR for #36.
• I would probably not work on #10/#30 because the multiple possible LDAP binding scenarios make it difficult to get right. We successfully use Apache and nginx as authenticating (and caching) frontends for Dave instead.
• I would get rid of the vendor directory, that’s 70 MiB of source data that probably no one needs; go build can fetch it.
• I may consider removing the magefile in the long term, as its complexity seems to surpass its usefulness.

I’m happy to discuss this further. Let me know what you think!

I'm using Windows, but I can't visit the folder contain the folder cannot access.

Responce

<?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/</D:href><D:propstat><D:prop><D:getlastmodified>Tue, 19 Oct 2021 06:01:48 GMT</D:getlastmodified><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname></D:displayname><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response><D:response><D:href>/$360Section/</D:href><D:propstat><D:prop><D:getlastmodified>Sat, 28 Jan 2017 06:21:50 GMT</D:getlastmodified><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname>$360Section</D:displayname><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response><D:response><D:href>/$360Section/360SD/</D:href><D:propstat><D:prop><D:getlastmodified>Sun, 02 Jul 2017 23:46:11 GMT</D:getlastmodified><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname>360SD</D:displayname><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response><D:response><D:href>/$RECYCLE.BIN/</D:href><D:propstat><D:prop><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock><D:getlastmodified>Wed, 11 Aug 2021 08:26:23 GMT</D:getlastmodified><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname>$RECYCLE.BIN</D:displayname></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>Internal Server Error

log

time="2021-10-19T14:11:38+08:00" level=info msg="2021/10/19 14:11:38 http: superfluous response.WriteHeader call from golang.org/x/net/webdav.(*Handler).ServeHTTP (webdav.go:74)"
time="2021-10-19T14:11:38+08:00" level=error msg="open F:\\$RECYCLE.BIN\\S-1-5-18: Access is denied."

Hello team,
I'm currently testing dave to store buttercup vaults.
I configured a couple of users and enabled all the logs.

I was expecting to see a log every time a user updates the vault but looks like only the "read" operations are logged.

here's the log

time="2023-03-25T08:24:22Z" level=info msg="Server is starting and listening" address=0.0.0.0 port=8000 security=none
time="2023-03-25T08:24:52Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:10Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:10Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:10Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:16Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:16Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:25:17Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:26:00Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:18Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:18Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:19Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:32Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:32Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:27:32Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele
time="2023-03-25T08:46:56Z" level=info msg="Opened file" path=/data/test-vault.bcup user=michele

and the file

~/dave$ ls -ln data/
total 4
-rw-r--r-- 1 100 65533 2720 Mar 25 08:27 test-vault.bcup

As you can see file has been updated at 08:27 but there's no evidence of it in the logs

Am I missing something?

Is this possible? I get the message "Method Not Allowed".

Hi! First of all, thanks for this software! 😃

It would be great to have the image in the Docker Hub, so one can do a docker pull without building it manually every time. Thanks in advance for your attention

currently dave works excellently for mostly read-only access, but when I try to write to the DAV directory, it says that there is insufficient space.
Is write support possible?

First, thanks for an excellent project!

As the title says, I would like to see a blacklist function in the application. My primary goal for this is to hinder pollution of the filesystem and repositories, in regards to various garbage different OS-s leave behind, like macOS's infamous .DS_Store and ._* files.

I have experimented with the code, and got a proof of concept working. So this issue is more a request if you want this feature, then I can improve my PoC and request a merge.

Running the docker build as documented fails:

Step 3/9 : RUN go get -u github.com/micromata/dave/cmd/...
 ---> Running in 38f7d68dee7f
package github.com/micromata/dave/cmd/...: github.com/micromata/dave/cmd/...: invalid import path: malformed import path "github.com/micromata/dave/cmd/...": double dot
The command '/bin/sh -c go get -u github.com/micromata/dave/cmd/...' returned a non-zero code: 1                                                               

Are there plans to add LDAP authentication directly in the server?

So far, no release for mips or arm.

The Dockerfile needs to be updated with latest go base image.

#58

If no users are configured I'm getting an authentication popup from my browser

It would be nice to have the ability to explicitly specify a config location using a command line argument e.g. dave --config dave-config.yaml. This would make it easier for instance to use dave as a system service. Alternatively/additionally dave could look for a config location in an absolute location that does not depend on environment variables e.g. /etc/dave/config.yaml.

I am trying to use the standalone binary on a Windows 10 host. However with config.yaml that is made directly from config-sample.yaml except for a change of the dir-directive I get the following error when launching dave:

C:\Users\user\Downloads\dave-0.4.0-windows-amd64>dave
time="2021-07-04T17:14:02+02:00" level=fatal msg="Fatal error config file: While parsing config: yaml: line 26: did not find expected hexdecimal number"

C:\Users\user\Downloads\dave-0.4.0-windows-amd64>

The line number (26) is the dir-directive

I have tried with the following two dir-directive, where I have tried the following two:

dir: "c:\Users\user\Downloads"

and

dir: "c:\\\Users\\\user\\\Downloads"

I can't find anything in the documentation, that might indicate, that it should be written otherwise :(

Moving the line with the dir around, makes the error change to that line, so I am certain it is related to dir...

Hi Chris,

please ship a config-sample.yaml instead of config.yaml so extracting the release zip will not overwrite an existing config file.

Best regards
Joerg

We need a Dockerfile to:

• build the project
• run the project

There must be a possibility to pass some basic config settings like address, port, etc. via environment variables.

Dave is affected by this issue: golang/go#25015

The used logging implementation is logrus. logrus allows a lot of different log formatters (including third party libs).

I think we should support at least the two default log formats:

• text
• json

To allow further log processing with tools like logstash, etc.

The feature should be placed in the config section without capabilities of config live reloading and text as default log output.

first security.handle() calls AuthenticationNeeded() directly, after that, security.handle() calls security.authenticate() , and security.authenticate() also calls AuthenticationNeeded() , that seems superfluous,

is it intentional?

Is there any chance to alternate the user management to a puredb file by pure ftp. Therefore, the config.yml should be obsolete.

The case-scenario is a docker-container, which conclude pureftp and dave to a simple data storage especial for document-scanning.

Hello,

I'm trying to make an app on Android of a client for WebDAV.
I faced the problem when uploading a file larger than about 1.5MB to Dave.

Response message is below:
Response{protocol=http/1.1, code=503, message=Service Unavailable,

Using OkHttp3 Lib,
RequestBody requestBody = RequestBody.create(MediaType.parse(mediaType), file);
Request request = new Request.Builder().url(urlToUpload).put(requestBody).build;
Response response = client.newCall(request).execute();

This works finewhen uploading a file smaller than 1.5MB, but I faved 503 response for files larger than 1.5MB.

How can I avoid this situation ?

And it makes each request to Dave slow as well. Even reducing the cost of our bcrypt hash to 4, there's still 10ms or so more time spent on each request than we'd like! Maybe it's not the ideal hash for this app!

Hi Christian
running swd behind a haproxy sometimes result in an error

swd[15065]: 2018/04/24 07:38:32 http: multiple response.WriteHeader calls

This happens on permission errors.
swd is running as user www-data and www-data has not permission on .gitignore file

Apr 24 08:02:08 het71 swd[15065]: 2018/04/24 08:02:08 http: multiple response.WriteHeader calls
Apr 24 08:02:08 het71 swd[15065]: time="2018-04-24T08:02:08+02:00" level=error msg="open /www/aaa.bbb.de/.gitignore: permission denied"

Jörg

Is it possible to point multiple instances of dave (running in a Docker Swarm) to the same share and load balance them? How is file locking handled for this scenario?

Hello,

i wonder how it is possiblt to use curl with dave?

I read everywhere that simple GET request should work, but with dave i see "method not allowed".
so interested - how it would be possible to get list of files?

I noticed that shares hosted with dave does not correctly identify tif files as an image. Is there a place to configure mime types for the server?

Is it possible to configure read only access?

Currently, when you omit a user configuration the server will start up, but there is no possibility to establish a connection.

We should provide a way of anonymous connections when there is no user configuration.

when trying to mount with windows 10 explorer.exe client with the default admin:foo it insist the credentials are wrong🤔
screenshot:

strangely at #37 someone else get a different error from windows 10, i wonder if it's related

I want to share two different dir in different partition. Is it support now?

Would it be possible to implement the creationdate prop element? Its a peer element to getlastmodified, and apparently suggested RFC4437.
Not a huge deal (and I actually don't see it in the RFC) but I'm working with an older client that crashed because it was missing (I patched this particular client, but others may have trouble.)

Thanks for building this, its awesome!

Many companies use LDAP as role/authentication managment system.
It would be nice if DAVE could provide an ldap integration.

I tried now dave over docker local and over https (k8s nginx ingress)

WebDav clients like filestash online demo can connect without issues,
but Windows 10 Explorer is reporting an error after user-credentials

"The folder you entered does not appear to be valid. Please choose abother"

If you were to log "User x failed to login" I could use fail2ban to stop evil users from brute forcing me. I could use a proxy, but was curios what you thought about adding this security feature?

It would be nice to be able to let a proxy in front of dave handle the user authentication and just accept the username from a HTTP Header. This would open the possibility to use alternative authentication method (LDAP, custom, database, etc.) without adding much complexity to dave.

And example setup is Traefik configured to use forward auth with pinepain/ldap-auth-proxy. When a request hit dave, a user has already been authenticated and it's username is stored in the X-Auth-User header.

Related issue: #10

Currently the http.Server uses the default log implementation. This breaks the logfile pattern and makes it hard for automatic log-processing.

I think we should refactor the http.Server generation part and inject a io.Writer of the logrus logger to solve this problem.

log:
level=error msg="open H:\\System Volume Information: Access is denied."

edit: run dave as system could solve it. (but this can be dangerous)