webdav-handler 0.2.0-alpha.4

handler for the HTTP and Webdav protocols with filesystem backend
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108


# TODO list

## Protocol compliance

### Apply all headers

The RFC says that for COPY/MOVE/DELETE with Depth: Infinity all headers
must be applied to all resources. For example, in RFC4918 9.6.1:

```
Any headers included with DELETE MUST be applied in processing every resource to be deleted.
```

Currently we do not do this- we do apply the If-Match, If-None-Match, If-Modified-Since,
If-Unmodified-Since, and If headers to the request url, but not recursively.

### Props on symbolic links

Should probably disallow that

### In MOVE/DELETE test locks seperately per resource

Right now we check if we hold the locks (if any) for the request url, and paths
below it for Depth: Infinity requests. If we don't, the entire request fails. We
should really check that for every resource to be MOVEd/DELETEd seperately
and only fail those resources.

This does mean that we cannot MOVE a collection by doing a simple rename, we must
do it resource-per-resource, like COPY.

## Race conditions

During long-running requests like MOVE/COPY/DELETE we should really LOCK the resource
so that no other request can race us.

Actually, check if this is true. Isn't the webdav client responsible for this?

Anyway:

- if the resource is locked exclusively and we hold the lock- great, nothing to do
- otherwise:
- lock the request URL exclusively (unless already locked exclusively), Depth: infinite,
  _without checking if any other locks already exist_. This is a temporary lock.
- now check if we actually can lock the request URL and paths below
- if not, unlock, error
- go ahead and do the work
- unlock

The temporary lock should probably have a timeout of say 10 seconds, where we
refresh it every 5 seconds or so, so that a stale lock doesn't hang around
too long if something goes catastrophically wrong. Might only happen when
the lock database is seperate from the webdav server.

## Improvements:

- Do fake locking only for user-agents:

  - /WebDAVFS/					// Apple
  - /Microsoft Office OneNote 2013/'		// MS
  - /^Microsoft-WebDAV/				// MS

  this is the list that NextCloud uses for fake locking.
  probably (WebDAVFS|Microsoft) would do the trick.

- API: perhaps move filesystem interface to Path/PathBuf or similar and hide WebPath

- add documentation
- add tests, tests ...

## Project ideas:

- Add support for properties to localfs.rs on XFS. XFS has unlimited and
  scalable extended attributes. ext2/3/4 can store max 4KB. On XFS we can
  then also store creationdate in an attribute.

- Add support for changing live props like mtime/atime
  - atime could be done with Win32LastAccessTime
  - allow setting apache "executable" prop
  - it appears that there are webdav implementations that allow
    you to set "DAV:getcontentlength".

- we could support (at least return) some Win32FileAttributes:
  - readonly:  00000001   (unix mode)
  - hidden:    00000002   (if file starts with a "."
  - dir:       00000010
  - file:      00000020

  readonly on dirs means "all files in the directory" so that
  is best not implemented.

- allow setting of some windows live props:
  - readonly (on files, via chmod)
  - Win32LastAccessTime, Win32LastModifiedTime
 
- implement [RFC4437 Webdav Redirectref](https://tools.ietf.org/html/rfc4437) -- basically support for symbolic links

- implement [RFC3744 Webdac ACL](https://tools.ietf.org/html/rfc3744)

## Things I thought of but aren't going to work:

### Compression

- support for compressing responses, at least PROPFIND.
- support for compressed PUT requests

Nice, but no webdav client that I know of uses compression.