#!/usr/bin/env python3 """ WebDAV Server Example This example demonstrates how to create a fully-featured WebDAV server using the HTTPServerHandler class. The server implements the WebDAV protocol (RFC 4918) with support for: - File and directory operations (GET, PUT, DELETE, MKCOL) - WebDAV properties (PROPFIND, PROPPATCH) - File locking (LOCK, UNLOCK) - File copying and moving (COPY, MOVE) - WebDAV-compliant XML responses - Integration with file managers and WebDAV clients Usage: python webdavserver.py [directory_path] [host] [port] Example: python webdavserver.py ./webdav-root 127.0.0.1 8080 """ import asyncio import os import urllib.parse import mimetypes import html import h11 import tempfile import re import uuid import time import json from pathlib import Path from datetime import datetime, timezone from xml.etree import ElementTree as ET from xml.dom import minidom from asysocks.unicomm.common.target import UniTarget, UniProto from asysocks.unicomm.protocol.server.http.httpserver import HTTPServerHandler, HTTPServer class WebDAVLock: """Represents a WebDAV lock on a resource.""" def __init__(self, token, scope, type_lock, owner, timeout=3600, depth="0"): self.token = token self.scope = scope # "exclusive" or "shared" self.type = type_lock # "write" self.owner = owner self.timeout = timeout # seconds self.depth = depth # "0", "1", or "infinity" self.created = time.time() def is_expired(self): return time.time() - self.created > self.timeout def to_xml(self, href): """Convert lock to WebDAV XML format.""" lock_elem = ET.Element("D:activelock", xmlns="DAV:") locktype_elem = ET.SubElement(lock_elem, "D:locktype") ET.SubElement(locktype_elem, f"D:{self.type}") lockscope_elem = ET.SubElement(lock_elem, "D:lockscope") ET.SubElement(lockscope_elem, f"D:{self.scope}") depth_elem = ET.SubElement(lock_elem, "D:depth") depth_elem.text = self.depth owner_elem = ET.SubElement(lock_elem, "D:owner") owner_elem.text = self.owner timeout_elem = ET.SubElement(lock_elem, "D:timeout") timeout_elem.text = f"Second-{self.timeout}" locktoken_elem = ET.SubElement(lock_elem, "D:locktoken") href_elem = ET.SubElement(locktoken_elem, "D:href") href_elem.text = f"opaquelocktoken:{self.token}" lockroot_elem = ET.SubElement(lock_elem, "D:lockroot") lockroot_href = ET.SubElement(lockroot_elem, "D:href") lockroot_href.text = href return lock_elem class WebDAVHandler(HTTPServerHandler): """ WebDAV server handler implementing RFC 4918 WebDAV specification. Features: - Complete WebDAV method support (PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK) - XML property handling with namespace support - File locking mechanism - Directory traversal protection - MIME type detection - WebDAV-compliant error responses """ def __init__(self, webdav_root=None, enable_locks=True, default_lock_timeout=3600, max_depth=100, print_cb=None): """ Initialize the WebDAV handler. Args: webdav_root (str): Root directory to serve WebDAV from enable_locks (bool): Whether to enable WebDAV locking default_lock_timeout (int): Default lock timeout in seconds max_depth (int): Maximum depth for PROPFIND operations print_cb (callable): Logging callback function """ super().__init__() self.webdav_root = webdav_root self.enable_locks = enable_locks self.default_lock_timeout = default_lock_timeout self.max_depth = max_depth self.print_cb = print_cb # Lock storage: path -> WebDAVLock self.locks = {} # WebDAV namespaces self.namespaces = { 'D': 'DAV:', 'xml': 'http://www.w3.org/XML/1998/namespace' } if self.webdav_root: # Resolve to absolute path and ensure it exists self.webdav_root = os.path.abspath(self.webdav_root) if not os.path.exists(self.webdav_root): os.makedirs(self.webdav_root) if not os.path.isdir(self.webdav_root): raise ValueError(f"WebDAV root is not a directory: {self.webdav_root}") async def print(self, msg=''): """Log a message if print callback is available.""" if self.print_cb is None: return await self.print_cb(msg) def _sanitize_path(self, path_request): """ Sanitize the requested path to prevent directory traversal attacks. Args: path_request (str): The requested file or directory path Returns: str or None: Safe absolute path or None if invalid """ if not self.webdav_root: return None if not path_request: return self.webdav_root # Normalize the path request normalized_path = path_request.replace('\\', '/') # Remove dangerous path components path_components = [] for component in normalized_path.split('/'): component = component.strip() if not component or component == '.': continue if component == '..': continue # Skip parent directory references if any(char in component for char in [':', '*', '?', '"', '<', '>', '|']): return None path_components.append(component) # Build the safe path safe_path = self.webdav_root for component in path_components: safe_path = os.path.join(safe_path, component) safe_path = os.path.abspath(safe_path) # Ensure the path is within the webdav root try: common_path = os.path.commonpath([safe_path, self.webdav_root]) if common_path != self.webdav_root: return None except ValueError: return None return safe_path def _get_relative_path(self, absolute_path): """Get relative path from WebDAV root.""" if not self.webdav_root or not absolute_path: return "/" try: rel_path = os.path.relpath(absolute_path, self.webdav_root) if rel_path == ".": return "/" return "/" + rel_path.replace(os.sep, "/") except ValueError: return "/" def _get_mime_type(self, filepath): """Get the MIME type for a file.""" mime_type, _ = mimetypes.guess_type(filepath) return mime_type or 'application/octet-stream' def _format_http_date(self, timestamp=None): """Format timestamp as HTTP date.""" if timestamp is None: timestamp = time.time() dt = datetime.fromtimestamp(timestamp, tz=timezone.utc) return dt.strftime('%a, %d %b %Y %H:%M:%S GMT') def _format_iso_date(self, timestamp=None): """Format timestamp as ISO 8601 date.""" if timestamp is None: timestamp = time.time() dt = datetime.fromtimestamp(timestamp, tz=timezone.utc) return dt.strftime('%Y-%m-%dT%H:%M:%SZ') def _parse_depth_header(self, headers): """Parse the Depth header from request.""" for name, value in headers: if name.lower() == b'depth': depth_str = value.decode('ascii').strip() if depth_str.lower() == 'infinity': return 'infinity' try: depth = int(depth_str) if depth < 0: return '0' return str(depth) except ValueError: return '0' return '1' # Default depth def _clean_expired_locks(self): """Remove expired locks.""" expired_paths = [] for path, lock in self.locks.items(): if lock.is_expired(): expired_paths.append(path) for path in expired_paths: del self.locks[path] def _check_lock_conflicts(self, path, token=None): """Check if there are lock conflicts for a path.""" self._clean_expired_locks() if path not in self.locks: return False lock = self.locks[path] # If we have the lock token, no conflict if token and token == lock.token: return False # If it's a shared lock, allow other shared locks if lock.scope == 'shared': return False # Exclusive lock conflict return True async def _read_request_body(self): """Read the full request body.""" body_parts = [] while True: event = await self._wrapper.next_event() if isinstance(event, h11.Data): if event.data: body_parts.append(event.data) elif isinstance(event, h11.EndOfMessage): break else: break return b''.join(body_parts) def _create_xml_response(self, root_element): """Create a formatted XML response.""" # Add namespace declarations to root root_element.set('xmlns:D', 'DAV:') # Create XML string rough_string = ET.tostring(root_element, encoding='unicode') # Pretty print try: reparsed = minidom.parseString(rough_string) pretty = reparsed.documentElement.toprettyxml(indent=" ") # Remove extra whitespace and fix formatting lines = [line for line in pretty.split('\n') if line.strip()] return '\n'.join(lines) except: return rough_string def _get_file_properties(self, file_path, requested_props=None): """Get WebDAV properties for a file or directory.""" try: stat = os.stat(file_path) is_dir = os.path.isdir(file_path) props = {} # Standard WebDAV properties if not requested_props or 'creationdate' in requested_props: props['creationdate'] = self._format_iso_date(stat.st_ctime) if not requested_props or 'displayname' in requested_props: props['displayname'] = os.path.basename(file_path) or 'Root' if not requested_props or 'getcontentlength' in requested_props: if not is_dir: props['getcontentlength'] = str(stat.st_size) if not requested_props or 'getcontenttype' in requested_props: if not is_dir: props['getcontenttype'] = self._get_mime_type(file_path) if not requested_props or 'getlastmodified' in requested_props: props['getlastmodified'] = self._format_http_date(stat.st_mtime) if not requested_props or 'getetag' in requested_props: # Simple ETag based on mtime and size etag = f'"{stat.st_mtime}-{stat.st_size}"' props['getetag'] = etag if not requested_props or 'resourcetype' in requested_props: if is_dir: props['resourcetype'] = '' else: props['resourcetype'] = '' if not requested_props or 'supportedlock' in requested_props: if self.enable_locks: props['supportedlock'] = ''' ''' else: props['supportedlock'] = '' if not requested_props or 'lockdiscovery' in requested_props: rel_path = self._get_relative_path(file_path) if rel_path in self.locks: lock = self.locks[rel_path] if not lock.is_expired(): lock_xml = self._create_xml_response(lock.to_xml(rel_path)) props['lockdiscovery'] = lock_xml else: props['lockdiscovery'] = '' else: props['lockdiscovery'] = '' return props except OSError: return {} async def do_OPTIONS(self, event): """Handle OPTIONS request - advertise WebDAV capabilities.""" await self.print(f"[WEBDAV] OPTIONS {event.target.decode()}") headers = self.basic_headers() headers.extend([ ("Allow", b"OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, PROPFIND, PROPPATCH, COPY, MOVE, MKCOL, LOCK, UNLOCK"), ("DAV", b"1, 2"), ("MS-Author-Via", b"DAV"), ("Content-Length", b"0") ]) response = h11.Response(status_code=200, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) async def do_PROPFIND(self, event): """Handle PROPFIND request - get properties of resources.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] PROPFIND {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_path): await self._serve_error(404, "Not Found") return # Parse depth header depth = self._parse_depth_header(event.headers) # Read request body to get requested properties body = await self._read_request_body() requested_props = None if body: try: root = ET.fromstring(body.decode('utf-8')) # Parse requested properties for prop_elem in root.iter(): if prop_elem.tag.endswith('prop'): requested_props = [child.tag.split('}')[-1] for child in prop_elem] break except: pass # Use all properties if parsing fails # Build multistatus response multistatus = ET.Element('D:multistatus') multistatus.set('xmlns:D', 'DAV:') # Add current resource await self._add_propfind_response(multistatus, safe_path, requested_props) # Add child resources if depth > 0 if depth != '0' and os.path.isdir(safe_path): try: for item in os.listdir(safe_path): child_path = os.path.join(safe_path, item) await self._add_propfind_response(multistatus, child_path, requested_props) # Recursive for infinite depth (with protection) if depth == 'infinity' and os.path.isdir(child_path): await self._add_propfind_recursive(multistatus, child_path, requested_props, 1) except PermissionError: pass # Generate response xml_content = '\n' xml_content += self._create_xml_response(multistatus) body = xml_content.encode('utf-8') headers = self.basic_headers() headers.extend([ ("Content-Type", b"application/xml; charset=utf-8"), ("Content-Length", str(len(body)).encode('ascii')) ]) response = h11.Response(status_code=207, headers=headers) # Multi-Status await self._wrapper.send(response) await self._wrapper.send(h11.Data(data=body)) await self._wrapper.send(h11.EndOfMessage()) async def _add_propfind_response(self, multistatus, file_path, requested_props): """Add a single resource response to PROPFIND multistatus.""" response_elem = ET.SubElement(multistatus, 'D:response') # href rel_path = self._get_relative_path(file_path) href_elem = ET.SubElement(response_elem, 'D:href') href_elem.text = rel_path # propstat propstat_elem = ET.SubElement(response_elem, 'D:propstat') prop_elem = ET.SubElement(propstat_elem, 'D:prop') # Get properties props = self._get_file_properties(file_path, requested_props) for prop_name, prop_value in props.items(): if prop_value or prop_value == '': # Include empty properties prop_sub_elem = ET.SubElement(prop_elem, f'D:{prop_name}') if prop_name == 'resourcetype' and prop_value: # Special handling for resourcetype XML try: if prop_value.strip(): temp_elem = ET.fromstring(f'{prop_value}') for child in temp_elem: prop_sub_elem.append(child) except: prop_sub_elem.text = prop_value elif prop_name == 'supportedlock' and prop_value: # Special handling for supportedlock XML try: if prop_value.strip(): temp_elem = ET.fromstring(f'{prop_value}') for child in temp_elem: prop_sub_elem.append(child) except: pass elif prop_name == 'lockdiscovery' and prop_value: # Special handling for lockdiscovery XML try: if prop_value.strip(): temp_elem = ET.fromstring(prop_value) prop_sub_elem.append(temp_elem) except: pass else: prop_sub_elem.text = str(prop_value) # status status_elem = ET.SubElement(propstat_elem, 'D:status') status_elem.text = 'HTTP/1.1 200 OK' async def _add_propfind_recursive(self, multistatus, dir_path, requested_props, current_depth): """Recursively add PROPFIND responses with depth protection.""" if current_depth > self.max_depth: return try: for item in os.listdir(dir_path): child_path = os.path.join(dir_path, item) await self._add_propfind_response(multistatus, child_path, requested_props) if os.path.isdir(child_path): await self._add_propfind_recursive(multistatus, child_path, requested_props, current_depth + 1) except (PermissionError, OSError): pass async def do_PROPPATCH(self, event): """Handle PROPPATCH request - modify properties of resources.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] PROPPATCH {path}") # For this implementation, we'll return method not allowed # as we don't support property modification await self._serve_error(405, "Property modification not supported") async def do_MKCOL(self, event): """Handle MKCOL request - create a directory.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] MKCOL {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return # Check if resource already exists if os.path.exists(safe_path): await self._serve_error(405, "Resource already exists") return # Check if parent directory exists parent_dir = os.path.dirname(safe_path) if not os.path.exists(parent_dir): await self._serve_error(409, "Parent collection does not exist") return # Check for locks rel_path = self._get_relative_path(safe_path) if self._check_lock_conflicts(rel_path): await self._serve_error(423, "Resource is locked") return try: # Create directory os.makedirs(safe_path) await self.print(f"[WEBDAV] Created directory: {safe_path}") # Success response headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=201, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Failed to create directory: {str(e)}") async def do_GET(self, event): """Handle GET request - download files.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] GET {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_path): await self._serve_error(404, "Not Found") return if os.path.isdir(safe_path): # Return directory listing as HTML await self._serve_directory_listing(safe_path) else: # Serve file await self._serve_file(safe_path, event.headers) async def do_HEAD(self, event): """Handle HEAD request - get headers without body.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] HEAD {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_path): await self._serve_error(404, "Not Found") return try: stat = os.stat(safe_path) mime_type = self._get_mime_type(safe_path) headers = self.basic_headers() headers.extend([ ("Content-Type", mime_type.encode('ascii')), ("Content-Length", str(stat.st_size).encode('ascii')), ("Last-Modified", self._format_http_date(stat.st_mtime).encode('ascii')), ("ETag", f'"{stat.st_mtime}-{stat.st_size}"'.encode('ascii')) ]) response = h11.Response(status_code=200, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Error accessing file: {str(e)}") async def do_PUT(self, event): """Handle PUT request - upload/create files.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] PUT {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return # Check for locks rel_path = self._get_relative_path(safe_path) if self._check_lock_conflicts(rel_path): await self._serve_error(423, "Resource is locked") return # Check if parent directory exists parent_dir = os.path.dirname(safe_path) if not os.path.exists(parent_dir): await self._serve_error(409, "Parent collection does not exist") return is_new_file = not os.path.exists(safe_path) try: # Read request body and write to file with open(safe_path, 'wb') as f: while True: event = await self._wrapper.next_event() if isinstance(event, h11.Data): if event.data: f.write(event.data) elif isinstance(event, h11.EndOfMessage): break else: break await self.print(f"[WEBDAV] {'Created' if is_new_file else 'Updated'} file: {safe_path}") # Success response status_code = 201 if is_new_file else 204 headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=status_code, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Failed to write file: {str(e)}") async def do_DELETE(self, event): """Handle DELETE request - delete files and directories.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] DELETE {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_path): await self._serve_error(404, "Not Found") return # Check for locks rel_path = self._get_relative_path(safe_path) if self._check_lock_conflicts(rel_path): await self._serve_error(423, "Resource is locked") return try: if os.path.isdir(safe_path): # Remove directory and contents import shutil shutil.rmtree(safe_path) await self.print(f"[WEBDAV] Deleted directory: {safe_path}") else: # Remove file os.remove(safe_path) await self.print(f"[WEBDAV] Deleted file: {safe_path}") # Remove any locks on this resource if rel_path in self.locks: del self.locks[rel_path] # Success response headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=204, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Failed to delete: {str(e)}") async def do_COPY(self, event): """Handle COPY request - copy resources.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] COPY {path}") # Get destination from headers destination = None overwrite = True for name, value in event.headers: if name.lower() == b'destination': destination = urllib.parse.unquote(value.decode('utf-8')) elif name.lower() == b'overwrite': overwrite = value.decode('ascii').upper() == 'T' if not destination: await self._serve_error(400, "Destination header required") return safe_source = self._sanitize_path(path) safe_dest = self._sanitize_path(destination) if not safe_source or not safe_dest: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_source): await self._serve_error(404, "Source not found") return # Check if destination exists and overwrite policy dest_exists = os.path.exists(safe_dest) if dest_exists and not overwrite: await self._serve_error(412, "Destination exists and overwrite is false") return # Check for locks on destination rel_dest = self._get_relative_path(safe_dest) if self._check_lock_conflicts(rel_dest): await self._serve_error(423, "Destination is locked") return try: if os.path.isdir(safe_source): # Copy directory import shutil if dest_exists: shutil.rmtree(safe_dest) shutil.copytree(safe_source, safe_dest) await self.print(f"[WEBDAV] Copied directory: {safe_source} -> {safe_dest}") else: # Copy file import shutil # Ensure parent directory exists parent_dir = os.path.dirname(safe_dest) if not os.path.exists(parent_dir): os.makedirs(parent_dir) shutil.copy2(safe_source, safe_dest) await self.print(f"[WEBDAV] Copied file: {safe_source} -> {safe_dest}") # Success response status_code = 204 if dest_exists else 201 headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=status_code, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Failed to copy: {str(e)}") async def do_MOVE(self, event): """Handle MOVE request - move/rename resources.""" path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] MOVE {path}") # Get destination from headers destination = None overwrite = True for name, value in event.headers: if name.lower() == b'destination': destination = urllib.parse.unquote(value.decode('utf-8')) elif name.lower() == b'overwrite': overwrite = value.decode('ascii').upper() == 'T' if not destination: await self._serve_error(400, "Destination header required") return safe_source = self._sanitize_path(path) safe_dest = self._sanitize_path(destination) if not safe_source or not safe_dest: await self._serve_error(400, "Invalid path") return if not os.path.exists(safe_source): await self._serve_error(404, "Source not found") return # Check if destination exists and overwrite policy dest_exists = os.path.exists(safe_dest) if dest_exists and not overwrite: await self._serve_error(412, "Destination exists and overwrite is false") return # Check for locks on both source and destination rel_source = self._get_relative_path(safe_source) rel_dest = self._get_relative_path(safe_dest) if self._check_lock_conflicts(rel_source) or self._check_lock_conflicts(rel_dest): await self._serve_error(423, "Resource is locked") return try: # Ensure parent directory exists parent_dir = os.path.dirname(safe_dest) if not os.path.exists(parent_dir): os.makedirs(parent_dir) # Move the resource if dest_exists: if os.path.isdir(safe_dest): import shutil shutil.rmtree(safe_dest) else: os.remove(safe_dest) os.rename(safe_source, safe_dest) await self.print(f"[WEBDAV] Moved: {safe_source} -> {safe_dest}") # Move any locks if rel_source in self.locks: self.locks[rel_dest] = self.locks[rel_source] del self.locks[rel_source] # Success response status_code = 204 if dest_exists else 201 headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=status_code, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Failed to move: {str(e)}") async def do_LOCK(self, event): """Handle LOCK request - lock resources.""" if not self.enable_locks: await self._serve_error(405, "Locking not supported") return path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] LOCK {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return rel_path = self._get_relative_path(safe_path) # Parse lock request body body = await self._read_request_body() if not body: await self._serve_error(400, "Lock request body required") return try: root = ET.fromstring(body.decode('utf-8')) # Extract lock information lock_scope = 'exclusive' # default lock_type = 'write' # default owner = 'unknown' timeout = self.default_lock_timeout for elem in root.iter(): if elem.tag.endswith('exclusive'): lock_scope = 'exclusive' elif elem.tag.endswith('shared'): lock_scope = 'shared' elif elem.tag.endswith('write'): lock_type = 'write' elif elem.tag.endswith('owner'): owner = elem.text or 'unknown' # Parse timeout from headers for name, value in event.headers: if name.lower() == b'timeout': timeout_str = value.decode('ascii') if timeout_str.startswith('Second-'): try: timeout = int(timeout_str[7:]) except ValueError: pass # Check for existing locks if self._check_lock_conflicts(rel_path): await self._serve_error(423, "Resource already locked") return # Create new lock lock_token = str(uuid.uuid4()) lock = WebDAVLock(lock_token, lock_scope, lock_type, owner, timeout) self.locks[rel_path] = lock await self.print(f"[WEBDAV] Created lock {lock_token} on {rel_path}") # Create lock response prop_elem = ET.Element('D:prop') prop_elem.set('xmlns:D', 'DAV:') lockdiscovery_elem = ET.SubElement(prop_elem, 'D:lockdiscovery') lockdiscovery_elem.append(lock.to_xml(rel_path)) xml_content = '\n' xml_content += self._create_xml_response(prop_elem) body = xml_content.encode('utf-8') headers = self.basic_headers() headers.extend([ ("Content-Type", b"application/xml; charset=utf-8"), ("Content-Length", str(len(body)).encode('ascii')), ("Lock-Token", f"".encode('ascii')) ]) response = h11.Response(status_code=200, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.Data(data=body)) await self._wrapper.send(h11.EndOfMessage()) except ET.ParseError: await self._serve_error(400, "Invalid XML in lock request") except Exception as e: await self._serve_error(500, f"Lock error: {str(e)}") async def do_UNLOCK(self, event): """Handle UNLOCK request - unlock resources.""" if not self.enable_locks: await self._serve_error(405, "Locking not supported") return path = urllib.parse.unquote(event.target.decode('utf-8')) await self.print(f"[WEBDAV] UNLOCK {path}") safe_path = self._sanitize_path(path) if not safe_path: await self._serve_error(400, "Invalid path") return rel_path = self._get_relative_path(safe_path) # Get lock token from headers lock_token = None for name, value in event.headers: if name.lower() == b'lock-token': token_str = value.decode('ascii') # Parse if token_str.startswith(''): lock_token = token_str[17:-1] break if not lock_token: await self._serve_error(400, "Lock-Token header required") return # Check if lock exists and matches if rel_path not in self.locks: await self._serve_error(409, "Resource not locked") return lock = self.locks[rel_path] if lock.token != lock_token: await self._serve_error(403, "Invalid lock token") return # Remove lock del self.locks[rel_path] await self.print(f"[WEBDAV] Removed lock {lock_token} from {rel_path}") # Success response headers = self.basic_headers() headers.append(("Content-Length", b"0")) response = h11.Response(status_code=204, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.EndOfMessage()) async def _serve_file(self, file_path, request_headers): """Serve a file with range support.""" try: file_size = os.path.getsize(file_path) mime_type = self._get_mime_type(file_path) stat = os.stat(file_path) # Check for Range header range_header = None for name, value in request_headers: if name.lower() == b'range': range_header = value.decode('ascii') break start_byte = 0 end_byte = file_size - 1 status_code = 200 # Parse range request if range_header and range_header.startswith('bytes='): try: range_spec = range_header[6:] if '-' in range_spec: start, end = range_spec.split('-', 1) if start: start_byte = int(start) if end: end_byte = int(end) status_code = 206 except (ValueError, IndexError): pass content_length = end_byte - start_byte + 1 headers = self.basic_headers() headers.extend([ ("Content-Type", mime_type.encode('ascii')), ("Content-Length", str(content_length).encode('ascii')), ("Accept-Ranges", b"bytes"), ("Last-Modified", self._format_http_date(stat.st_mtime).encode('ascii')), ("ETag", f'"{stat.st_mtime}-{stat.st_size}"'.encode('ascii')) ]) if status_code == 206: headers.append(("Content-Range", f"bytes {start_byte}-{end_byte}/{file_size}".encode('ascii'))) response = h11.Response(status_code=status_code, headers=headers) await self._wrapper.send(response) # Send file content chunk_size = 64 * 1024 bytes_sent = 0 with open(file_path, 'rb') as f: if start_byte > 0: f.seek(start_byte) while bytes_sent < content_length: read_size = min(chunk_size, content_length - bytes_sent) chunk = f.read(read_size) if not chunk: break await self._wrapper.send(h11.Data(data=chunk)) bytes_sent += len(chunk) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Error serving file: {str(e)}") async def _serve_directory_listing(self, dir_path): """Serve a simple HTML directory listing.""" try: rel_path = self._get_relative_path(dir_path) html_content = f''' WebDAV Directory: {html.escape(rel_path)}

WebDAV Directory: {html.escape(rel_path)}

''' # Add parent directory link if rel_path != '/': parent_path = '/'.join(rel_path.rstrip('/').split('/')[:-1]) or '/' html_content += f''' ''' # List directory contents for item in sorted(os.listdir(dir_path)): item_path = os.path.join(dir_path, item) item_stat = os.stat(item_path) if os.path.isdir(item_path): item_type = "Directory" item_size = "-" item_url = rel_path.rstrip('/') + '/' + item + '/' else: item_type = "File" item_size = str(item_stat.st_size) item_url = rel_path.rstrip('/') + '/' + item modified = self._format_http_date(item_stat.st_mtime) html_content += f''' ''' html_content += '''
Name Type Size Modified
../ Directory - -
{html.escape(item)} {item_type} {item_size} {modified}

WebDAV Server powered by asysocks

''' body = html_content.encode('utf-8') headers = self.basic_headers() headers.extend([ ("Content-Type", b"text/html; charset=utf-8"), ("Content-Length", str(len(body)).encode('ascii')) ]) response = h11.Response(status_code=200, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.Data(data=body)) await self._wrapper.send(h11.EndOfMessage()) except OSError as e: await self._serve_error(500, f"Error listing directory: {str(e)}") async def _serve_error(self, status_code, message): """Serve an error response.""" try: body = f''' WebDAV Error {status_code}

Error {status_code}

{html.escape(message)}

WebDAV Server powered by asysocks

'''.encode('utf-8') headers = self.basic_headers() headers.extend([ ("Content-Type", b"text/html; charset=utf-8"), ("Content-Length", str(len(body)).encode('ascii')) ]) response = h11.Response(status_code=status_code, headers=headers) await self._wrapper.send(response) await self._wrapper.send(h11.Data(data=body)) await self._wrapper.send(h11.EndOfMessage()) except Exception as e: await self.print(f"Error serving error response: {e}") async def run_webdav_server_from_target(target, webdav_root=None, log_callback=None, enable_locks=True, default_lock_timeout=3600): """ Run the WebDAV server from a target. Args: target: Server target configuration webdav_root (str): Root directory for WebDAV operations log_callback: Logging callback function enable_locks (bool): Whether to enable WebDAV locking default_lock_timeout (int): Default lock timeout in seconds """ try: handler_factory = lambda: WebDAVHandler( webdav_root, enable_locks=enable_locks, default_lock_timeout=default_lock_timeout, print_cb=log_callback ) server = HTTPServer(handler_factory, target, log_callback=log_callback) print("WebDAV server starting... Press Ctrl+C to stop") return await server.serve() except Exception as e: return None, e async def run_webdav_server(webdav_root=None, host='127.0.0.1', port=8080, debug=False, enable_locks=True, default_lock_timeout=3600): """ Run the WebDAV server. Args: webdav_root (str): Root directory for WebDAV operations host (str): Host to bind to port (int): Port to bind to debug (bool): Enable debug logging enable_locks (bool): Whether to enable WebDAV locking default_lock_timeout (int): Default lock timeout in seconds """ try: log_callback = None if debug: async def log_callback(msg): print(f"[WEBDAV-SERVER] {msg}") if webdav_root: print(f"Starting WebDAV server on {host}:{port}") print(f"WebDAV root directory: {os.path.abspath(webdav_root)}") else: print(f"Starting WebDAV server on {host}:{port} (no root directory)") if debug: print("Debug mode enabled - verbose logging active") print(f"WebDAV features:") print(f" - File locking: {'Enabled' if enable_locks else 'Disabled'}") if enable_locks: print(f" - Default lock timeout: {default_lock_timeout} seconds") target = UniTarget(host, port, UniProto.SERVER_TCP) server_task, err = await run_webdav_server_from_target( target, webdav_root=webdav_root, log_callback=log_callback, enable_locks=enable_locks, default_lock_timeout=default_lock_timeout ) print(f"Server task: {server_task}") if err is not None: raise err await server_task except KeyboardInterrupt: print("\nWebDAV server stopped by user") except Exception as e: print(f"Server error: {e}") finally: if server_task is not None: server_task.cancel() print("WebDAV server stopped") def main(): """ Main entry point for the WebDAV server. """ import argparse import sys # Create argument parser parser = argparse.ArgumentParser( description='Asysocks WebDAV Server - RFC 4918 compliant WebDAV server', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=''' Examples: %(prog)s # Start server on 127.0.0.1:8080 (no root) %(prog)s /home/user/webdav # Serve WebDAV from directory %(prog)s /home/user/webdav --host 0.0.0.0 # Bind to all interfaces %(prog)s /home/user/webdav --port 9000 # Use custom port %(prog)s /home/user/webdav --debug # Enable debug logging %(prog)s /home/user/webdav --no-locks # Disable file locking %(prog)s --help # Show this help message WebDAV Features: • RFC 4918 compliant WebDAV implementation • File and directory operations (GET, PUT, DELETE, MKCOL) • Property queries and modification (PROPFIND, PROPPATCH) • Resource copying and moving (COPY, MOVE) • File locking and unlocking (LOCK, UNLOCK) • Directory traversal protection • Integration with file managers and WebDAV clients • Range request support for large files Client Compatibility: • Windows Explorer (Map Network Drive) • macOS Finder (Connect to Server) • Linux file managers (Nautilus, Dolphin, etc.) • WebDAV command-line tools (cadaver, davfs2) • Programming libraries (Python requests-webdav, etc.) ''') # Add arguments parser.add_argument( 'directory', nargs='?', help='WebDAV root directory (optional)' ) parser.add_argument( '--host', '-H', default='127.0.0.1', help='Host to bind to (default: 127.0.0.1)' ) parser.add_argument( '--port', '-p', type=int, default=8080, help='Port to bind to (default: 8080)' ) parser.add_argument( '--debug', '-d', action='store_true', help='Enable debug logging (shows detailed server activity)' ) parser.add_argument( '--no-locks', action='store_true', help='Disable WebDAV file locking support' ) parser.add_argument( '--lock-timeout', type=int, default=3600, help='Default lock timeout in seconds (default: 3600)' ) parser.add_argument( '--version', '-v', action='version', version='Asysocks WebDAV Server 1.0.0' ) # Parse arguments args = parser.parse_args() # Validate root directory if provided if args.directory: if not os.path.exists(args.directory): print(f"Creating WebDAV root directory: {args.directory}") try: os.makedirs(args.directory) except OSError as e: print(f"Error: Cannot create directory '{args.directory}': {e}") sys.exit(1) elif not os.path.isdir(args.directory): print(f"Error: '{args.directory}' is not a directory") sys.exit(1) # Validate port range if args.port < 1 or args.port > 65535: print(f"Error: Port must be between 1 and 65535, got {args.port}") sys.exit(1) # Validate lock timeout if args.lock_timeout < 1: print(f"Error: Lock timeout must be at least 1 second, got {args.lock_timeout}") sys.exit(1) # Show startup info print("Asysocks WebDAV Server") print("=" * 50) if args.directory: print(f"WebDAV Root: {os.path.abspath(args.directory)}") else: print("WebDAV Root: None (server-only mode)") print(f"Address: http://{args.host}:{args.port}") if args.debug: print("Debug: Enabled") print(f"File Locking: {'Disabled' if args.no_locks else 'Enabled'}") if not args.no_locks: print(f"Lock Timeout: {args.lock_timeout} seconds") print("=" * 50) print("\nWebDAV URLs:") print(f" Web Browser: http://{args.host}:{args.port}/") print(f" WebDAV URL: http://{args.host}:{args.port}/") print("\nClient Setup Examples:") print(" Windows Explorer: Map Network Drive -> http://server:port/") print(" macOS Finder: Go -> Connect to Server -> http://server:port/") print(" Linux: davfs2, cadaver, or file manager WebDAV support") print("=" * 50) # Run the server try: asyncio.run(run_webdav_server( args.directory, args.host, args.port, args.debug, enable_locks=not args.no_locks, default_lock_timeout=args.lock_timeout )) except KeyboardInterrupt: print("\nWebDAV server stopped by user") except Exception as e: print(f"Failed to start WebDAV server: {e}") sys.exit(1) if __name__ == '__main__': main()