OmniRoute/scripts/dev/webdav-handler.mjs
Diego Rodrigues de Sa e Souza de60b4b171
Release v3.8.23
* chore(release): open v3.8.23 development cycle

* fix(anthropic): strip top_p when temperature is set to avoid 400 (#3691)

Integrated into release/v3.8.23

* fix(vertex): support Vertex AI Express-mode API keys (#3690)

Integrated into release/v3.8.23

* fix(stream): error on empty Claude SSE instead of synthetic success (#3689)

Integrated into release/v3.8.23

* fix(oauth): stop token-refresh invalidation loop + harden proxy resolution (#3692)

Integrated into release/v3.8.23

* docs: add FUNDING.yml and Support section to README (#3698)

Integrated into release/v3.8.23

* feat: gemini - handle known ratelimits (#3686)

Integrated into release/v3.8.23

* fix: stream combo fails over on empty content-filtered response (#3685) (#3702)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(antigravity): preserve gemini-3.1-pro high/low budget tiers (#3696) (#3703)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(auto-combo): add auto-updating model intelligence scoring (#3660)

Integrated into release/v3.8.23

* fix(gemini): context-mode fallback for signatureless tool calls (#3688) (#3704)

* chore(quality-gate): reconcile file-size baseline (27 files + providerLimits.ts) (#3705)

* feat(vertex): dynamic model discovery via Generative Language models API (#3712)

Integrated into release/v3.8.23. Vertex dynamic model discovery — surfaces image models (imagen-*, gemini-*-image), embeddings and audio from the live Generative Language catalog, with cached→static fallback and the shared parseGeminiModelsList helper. Validated: parser test 5/5, typecheck:core clean.

* fix(combo): gate reasoning token buffer (#3700)

Integrated into release/v3.8.23. Makes the #3588 reasoning token buffer safe and configurable: only inflates max_tokens when the model has a known, non-default output cap and the buffered value fits inside it; otherwise preserves/clamps the client limit. Adds the reasoningTokenBufferEnabled kill switch (default ON). Validated: combo-routing-engine 81/81, combo-config 25/25, combo-quality-validator-reasoning 12/12, phase1f 10/10, typecheck:core clean.

* refactor(#3501): god-component Phase 1g-1j — client 4062→3408 LOC (-654) (#3717)

Phase 1g-1j of #3501: client 4062→3408 LOC. Pure extraction (ProviderPlaygroundPanel, useCommandCodeAuth, useExternalLinkFlow+ExternalLinkModal, useAuthFileHandlers) + loadConnProxies ReferenceError fix + phase1f test path fix.

Co-authored-by: oyi77 <14921983+oyi77@users.noreply.github.com>

* refactor(#3501): god-component Phase 1k-1m — client 3408→2553 LOC (-855) (#3721)

Phase 1k-1m of #3501: client 3408→2553 LOC. Pure extraction (useModelImportHandlers+ImportProgressModal, useModelVisibilityHandlers, ProviderModelsSection).

Co-authored-by: oyi77 <14921983+oyi77@users.noreply.github.com>

* docs(changelog): restore #3590 bullet lost on the v3.8.20 release branch

The fix itself reached main pre-tag via cherry-pick #3591, but its changelog
bullet (commit e33fdd4ab) only ever existed on release/v3.8.20 after the
squash-merge. Restored under [3.8.20] per the 2026-06-12 release-branch
leftover audit (_tasks/release-audit/release-leftovers-audit-2026-06-12.md).

* fix(kiro): resolve quota for IAM Identity Center accounts missing a profileArn (#3722)

Integrated into release/v3.8.23

* refactor(#3501): god-component Phase 1n-1s — client 2553→1376 LOC (-1177) (#3725)

Phase 1n-1s of #3501: client 2553→1376 LOC. Pure extraction (ConnectionsListPanel, ConnectionsHeaderToolbar, ZedImportCard, BatchTestResultsModal, AdaptaTutorialModal, useApiKeySave + helpers).

Co-authored-by: oyi77 <14921983+oyi77@users.noreply.github.com>

* feat(model-lockout): settings UI, backend integration, error classification, and success-decay recovery (#3629)

Integrated into release/v3.8.23

* refactor(#3501): god-component Phase 1t — client 1376→781 LOC (≤800 TARGET REACHED ) (#3727)

Phase 1t of #3501: client 1376→781 LOC (≤800 reached). Original god-component 12,882→781 (−94%).

Co-authored-by: oyi77 <14921983+oyi77@users.noreply.github.com>

* fix: bundle @omniroute/opencode-plugin inside omniroute + add 'setup opencode' CLI command (#3726)

Integrated into release/v3.8.23

* feat(vertex): self-tracked USD spend since account added (#3724)

Integrated into release/v3.8.23

* fix(qwen-web): migrate to v2 chat API with full cookie-jar replay (#3288) (#3723)

Integrated into release/v3.8.23

* fix(sse): make safeLogEvents async — 'await' in a sync function broke every chatHelpers import

#3692 added a lazy 'await import(proxyEgress)' for egress-IP visibility inside
safeLogEvents, which is a sync function — an ES syntax error. It went unnoticed
because typecheck:core does not cover src/sse and no test in the merge gates
loaded chatHelpers via tsx; any consumer that did (chat-context-relay and
chat-route-coverage suites, integration harnesses) failed at module load with
'await can only be used inside an async function'.

safeLogEvents is fire-and-forget logging with an outer try/catch, so making it
async (and 'void'-ing the single chat.ts call site) preserves behavior exactly.

Validation: tests/unit/chat-context-relay.test.ts + chat-route-coverage.test.ts
went from failing-at-load to green (+14 tests destravados).

* fix(sse): remove cross-provider credential leak in emergency fallback + combo/proxy audit fixes (#3699)

Integrated into release/v3.8.23

* fix(executors): inject MiMoCode anti-abuse marker so free endpoint stops 403ing (#3728)

Integrated into release/v3.8.23

* fix(dashboard): repair "Test all models" — toast crash, status icons, auto-hide (#3729)

Integrated into release/v3.8.23

* chore(deps): bump actions/upload-artifact from 4 to 7 (#3735)

Integrated into release/v3.8.23 — aligns upload-artifact to v7 (already used across ci.yml).

* chore(deps): bump actions/cache from 4 to 5 (#3734)

Integrated into release/v3.8.23 — actions/cache v4→v5.

* chore(deps): bump actions/download-artifact from 4 to 8 (#3733)

Integrated into release/v3.8.23 — download-artifact v4→v8.

* feat(fallback): add OMNIROUTE_EMERGENCY_FALLBACK env switch (#3741)

Adds an OMNIROUTE_EMERGENCY_FALLBACK env switch to disable the emergency budget-exhaustion fallback (reroute to free nvidia/gpt-oss-120b). Default unchanged (enabled). Closes #3739, related #2879.

Integrated into release/v3.8.23.

* i18n: comprehensive zh-CN translation improvements (#3736)

Aligns zh-CN to en (hundreds of entries), translates batch-action labels + settings sidebar menu, adds categoryConfig/endpointTokenSaver keys, resolves __MISSING__ stubs. Sidebar/SidebarTab hardcoded strings replaced with t(). en.json purely additive (8 new sidebar.* keys, 0 removed); cli-i18n gate green.

Integrated into release/v3.8.23.

* chore(release): v3.8.23 — 2026-06-12

- CHANGELOG: complete v3.8.23 section (28 bullets, 27 commits)
- fix(webdav): resolve promise on writeStream finish, not req end — eliminates
  intermittent 500 on PUT update (writeStream may not have flushed at rename time)
- test(autoCombo): stub DB calls from PR #3660 in tieredRotation.test.ts to prevent
  5s timeout in vitest (getModelIntelligenceBySource DB init path)
- chore(env-sync): add XDG_DATA_HOME + OMNIROUTE_OPENCODE_PLUGIN_DIR to IGNORE_FROM_CODE
  allowlist (introduced by PR #3726 setup-open-code.mjs, not OmniRoute config vars)
- chore(cli): regenerated bin/cli/api-commands/*.mjs (7 new, 27 updated)

* fix(model-family): fallback lookup also tries bare model name with dots

getNextFamilyFallback normalized dots-to-hyphens ("gemini-3.1-pro-high" →
"gemini-3-1-pro-high") but MODEL_FAMILIES keys use the literal dot form. The
lookup always missed, returning null for any model whose dots are part of the
name rather than a version separator.

Fallback: try MODEL_FAMILIES[lookupKey] ?? MODEL_FAMILIES[bareModel] so both
naming conventions are covered. Fixes T30 test (pre-existing since v3.8.22).

* feat: expose API key cost drilldown + quota % used (#3742)

Adds all-time USD cost per API key in the API Key Manager, a per-key deep-link into the Cost Explorer (filtered + grouped by model), URL-param hydration of range/groupBy/apiKeyIds, and a '% used' quota display. Review adjustments: extracted URL-param parsers to a tested module (Rule #18), i18n'd the new strings (en + zh-CN), dropped the redundant webdav-handler entry already on release.

Integrated into release/v3.8.23.

* feat: add provider display modes — All / Configured / Compact (#3743)

Replaces the Providers page configured-only toggle with All/Configured/Compact display modes (Compact = flat deduped grid, no-auth last). Persists the preference and migrates the legacy localStorage key. Rebased onto release/v3.8.23.

Integrated into release/v3.8.23.

* fix(cache): scope semantic-cache signature to API key (#3740)

Adds the api_key_id dimension to generateSignature's SHA-256 hash so two callers with different API keys never receive each other's cached responses. Threads apiKeyId through checkSemanticCache + both write sites; migration 098 clears pre-existing key-less entries; unauthenticated requests stay isolated from keyed ones. 3 TDD tests.

Integrated into release/v3.8.23.

* fix(responses): apply OpenAI Responses API stream=false spec default (#3708)

resolveStreamFlag now applies the stream=false-when-omitted default for sourceFormat=openai-responses (same as the existing claude path), so spec-compliant /v1/responses upstreams that return JSON no longer fall through to the wildcard-Accept heuristic and trigger STREAM_EARLY_EOF / 502. Codex CLI (stream:true) and explicit text/event-stream clients unaffected.

Integrated into release/v3.8.23.

* chore(release): reconcile CI gates for v3.8.23

- file-size baseline: re-freeze 8 files grown by PRs #3742/#3743/#3740
  (cost drilldown, provider display modes, cache key isolation)
- ARCHITECTURE.md: update executor count 55→60 (check:docs-counts drift)
- .env.example: add OMNIROUTE_EMERGENCY_FALLBACK (#3741, env-doc-sync)
- CHANGELOG: add formatted bullets for #3742, #3743, #3708, #3740,
  model-family-fallback fix; remove duplicate raw ### Fixed section

* test: restore assert count to satisfy check:test-masking gate

Three test files had net assertion removals after behavior-changing PRs:
- chatcore-translation-paths: emergency fallback moved to routing layer
  (#3699) — add body error assertion + model-name guard
- executor-vertex-extended: non-JSON is now Express API key (#3690) —
  add projects/-path guard to the express-key URL test
- stream-utils: empty streams now emit error (#3685) — add code/message/
  status/completePayload guards to both passthrough and translate variants

All new assertions are meaningful (code enum value, 5xx range, non-empty
message, onComplete must-not-fire contract).

* fix(ci): move rtl-logical-classes test to ui/ so vitest:ui runner collects it

---------

Co-authored-by: Felipe Almeman <4226997+zhiru@users.noreply.github.com>
Co-authored-by: NOXX - Commiter <artur1992123@mail.ru>
Co-authored-by: Nick Sullivan <142708+TechNickAI@users.noreply.github.com>
Co-authored-by: Markus Hartung <mail@hartmark.se>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: PizzaV <103120356+pizzav-xyz@users.noreply.github.com>
Co-authored-by: Randi <55005611+rdself@users.noreply.github.com>
Co-authored-by: oyi77 <14921983+oyi77@users.noreply.github.com>
Co-authored-by: Chewji <126886556+Chewji9875@users.noreply.github.com>
Co-authored-by: Hernan Javier Ardila Sanchez <hjasgr@gmail.com>
Co-authored-by: Felipe Sartori <felipesartori.ti@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zois Pagoulatos <zpagoulatos@hotmail.com>
Co-authored-by: sdfsdfw2 <167810361+sdfsdfw2@users.noreply.github.com>
Co-authored-by: Witroch4 <witalo_rocha@hotmail.com>
2026-06-12 23:49:22 -03:00

1004 lines
30 KiB
JavaScript

/**
* WebDAV file server handler for OmniRoute.
*
* Serves the Obsidian vault directory at /api/v1/webdav, enabling
* Obsidian mobile (Remotely-Save plugin) to sync over Tailscale.
*
* Architecture:
* - Pure logic functions (resolveVaultPath, verifyBasicAuth, buildPropfindXml,
* decryptStored) are exported and unit-tested independently.
* - maybeHandleWebdav(req, res) is the thin HTTP+fs binding layer.
* - Credentials, enabled flag, and vault path are loaded from the same
* SQLite DB the app uses (DATA_DIR/storage.sqlite, key_value table).
*
* Security:
* - Path traversal guard on every request + Destination header.
* - Basic Auth with crypto.timingSafeEqual (constant-time).
* - No raw fs paths or stack traces in error response bodies.
* - NOT local-only — reachable over Tailscale; auth is the gate.
* - PUT body capped at MAX_PUT_BYTES.
*/
import fs from "node:fs";
import path from "node:path";
import { createDecipheriv, scryptSync, createHash, timingSafeEqual } from "node:crypto";
import { createRequire } from "node:module";
import os from "node:os";
// ─────────────────────────────────────────────────────────────────────────────
// Constants
// ─────────────────────────────────────────────────────────────────────────────
export const WEBDAV_PREFIX = "/api/v1/webdav";
/** Cap PUT body to 512 MiB — Obsidian vaults are unlikely to need larger. */
export const MAX_PUT_BYTES = 512 * 1024 * 1024;
const WEBDAV_METHODS = new Set([
"PROPFIND",
"GET",
"HEAD",
"PUT",
"DELETE",
"MKCOL",
"MOVE",
"COPY",
"OPTIONS",
"LOCK",
"UNLOCK",
]);
// ─────────────────────────────────────────────────────────────────────────────
// Encryption: minimal port of src/lib/db/encryption.ts
// Must reproduce the EXACT format: enc:v1:<iv_hex>:<ciphertext_hex>:<authTag_hex>
// Key derivation: scryptSync(secret, "omniroute-field-encryption-v1", 32)
// ─────────────────────────────────────────────────────────────────────────────
const ENC_PREFIX = "enc:v1:";
const STATIC_SALT = "omniroute-field-encryption-v1";
const KEY_LENGTH = 32;
const AUTH_TAG_LENGTH = 16;
const ALGORITHM = "aes-256-gcm";
let _cachedStaticKey = null;
/**
* Derive the static-salt encryption key from STORAGE_ENCRYPTION_KEY.
* Returns null if the env var is not set (passthrough mode).
*/
function getStaticKey() {
if (_cachedStaticKey !== null) return _cachedStaticKey;
const secret = process.env.STORAGE_ENCRYPTION_KEY;
if (!secret || typeof secret !== "string" || secret.trim().length === 0) return null;
try {
_cachedStaticKey = scryptSync(secret, STATIC_SALT, KEY_LENGTH);
} catch {
return null;
}
return _cachedStaticKey;
}
/**
* Decrypt a value that may be encrypted with the OmniRoute enc:v1: format.
* If the value does not have the enc:v1: prefix, treat as plaintext (backward compat).
* Returns null if decryption fails.
*
* @param {string | null | undefined} stored
* @returns {string | null}
*/
export function decryptStored(stored) {
if (!stored || typeof stored !== "string") return null;
// Plaintext passthrough (no encryption key configured, or legacy plaintext)
if (!stored.startsWith(ENC_PREFIX)) return stored;
const key = getStaticKey();
if (!key) {
// Encrypted value but no key — cannot decrypt
return null;
}
const body = stored.slice(ENC_PREFIX.length);
const parts = body.split(":");
if (parts.length !== 3) return null;
const [ivHex, encryptedHex, authTagHex] = parts;
try {
const iv = Buffer.from(ivHex, "hex");
const authTag = Buffer.from(authTagHex, "hex");
const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
decipher.setAuthTag(authTag);
let decrypted = decipher.update(encryptedHex, "hex", "utf8");
decrypted += decipher.final("utf8");
return decrypted;
} catch {
return null;
}
}
// ─────────────────────────────────────────────────────────────────────────────
// Pure logic
// ─────────────────────────────────────────────────────────────────────────────
/**
* Resolve a WebDAV request URL path to an absolute filesystem path within vaultRoot.
* Strips the /api/v1/webdav prefix and decodes percent-encoding.
*
* MANDATORY path-traversal guard:
* const abs = path.resolve(vaultRoot, rel);
* if (abs !== vaultRoot && !abs.startsWith(vaultRoot + path.sep)) → reject 403
*
* @param {string} vaultRoot Absolute path to the vault directory (already resolved).
* @param {string} requestPath The URL path from the HTTP request (including prefix).
* @returns {{ absPath: string, rel: string }} absPath is safe absolute path.
* @throws {{ status: 403, message: string }} On path traversal attempt.
*/
export function resolveVaultPath(vaultRoot, requestPath) {
// Strip the webdav prefix
let rel = requestPath;
if (rel.startsWith(WEBDAV_PREFIX)) {
rel = rel.slice(WEBDAV_PREFIX.length);
}
// Remove query string if present
const qmark = rel.indexOf("?");
if (qmark !== -1) rel = rel.slice(0, qmark);
// Decode percent-encoding — do this BEFORE path.resolve to catch %2e%2e
let decoded;
try {
decoded = decodeURIComponent(rel);
} catch {
// Malformed encoding — treat as the raw string
decoded = rel;
}
// Normalise: strip leading slash so path.resolve(root, "foo") works
const stripped = decoded.replace(/^\/+/, "");
// Resolve absolute path
const abs = path.resolve(vaultRoot, stripped);
// Guard: abs must BE vaultRoot or be strictly inside it
const normalRoot = path.resolve(vaultRoot);
if (abs !== normalRoot && !abs.startsWith(normalRoot + path.sep)) {
throw { status: 403, message: "Forbidden: path traversal detected" };
}
return { absPath: abs, rel: stripped };
}
/**
* Validate a Destination header value for MOVE/COPY against the same vault root.
*
* @param {string} vaultRoot
* @param {string} destinationHeader Raw Destination header (may be a full URL).
* @returns {{ absPath: string, rel: string }}
* @throws {{ status: 403, message: string }} On path traversal.
*/
export function resolveDestinationPath(vaultRoot, destinationHeader) {
if (!destinationHeader || typeof destinationHeader !== "string") {
throw { status: 400, message: "Missing Destination header" };
}
// Destination may be a full URL — extract the path component
let destPath = destinationHeader;
try {
const url = new URL(destinationHeader);
destPath = url.pathname;
} catch {
// Not a full URL — treat as a path directly
}
// Strip webdav prefix from the path
return resolveVaultPath(vaultRoot, destPath);
}
/**
* Verify HTTP Basic Authentication credentials.
* Uses crypto.timingSafeEqual for constant-time comparison (prevents timing attacks).
*
* @param {string | undefined} authHeader The Authorization header value.
* @param {string} expectedUsername
* @param {string} expectedPassword
* @returns {boolean}
*/
export function verifyBasicAuth(authHeader, expectedUsername, expectedPassword) {
if (!authHeader || typeof authHeader !== "string") return false;
const match = /^Basic\s+(.+)$/i.exec(authHeader.trim());
if (!match) return false;
let decoded;
try {
decoded = Buffer.from(match[1], "base64").toString("utf8");
} catch {
return false;
}
const colonIdx = decoded.indexOf(":");
if (colonIdx === -1) return false;
const suppliedUser = decoded.slice(0, colonIdx);
const suppliedPass = decoded.slice(colonIdx + 1);
// Constant-time comparison — BOTH user and pass must be compared to prevent
// timing oracles. We pad to the same length to avoid short-circuit length leaks.
const expectedUserBuf = Buffer.from(expectedUsername, "utf8");
const expectedPassBuf = Buffer.from(expectedPassword, "utf8");
const suppliedUserBuf = Buffer.from(suppliedUser, "utf8");
const suppliedPassBuf = Buffer.from(suppliedPass, "utf8");
// timingSafeEqual requires buffers of the same length — pad if needed
function safeCompare(a, b) {
const maxLen = Math.max(a.length, b.length);
const aPadded = Buffer.concat([a, Buffer.alloc(maxLen - a.length)]);
const bPadded = Buffer.concat([b, Buffer.alloc(maxLen - b.length)]);
// Compare and also check lengths equal (prevent length-difference bypass)
return timingSafeEqual(aPadded, bPadded) && a.length === b.length;
}
const userOk = safeCompare(suppliedUserBuf, expectedUserBuf);
const passOk = safeCompare(suppliedPassBuf, expectedPassBuf);
// Both must be true — avoid short-circuit (already avoided by timingSafeEqual)
return userOk && passOk;
}
/**
* Escape XML special characters.
*
* @param {string} str
* @returns {string}
*/
export function escapeXml(str) {
return String(str)
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&apos;");
}
/**
* Format a Date to RFC 1123 / HTTP-date format (required by WebDAV getlastmodified).
*
* @param {Date} date
* @returns {string}
*/
export function formatHttpDate(date) {
return date.toUTCString();
}
/**
* Build a WebDAV PROPFIND 207 Multi-Status XML response body.
*
* @param {Array<{name: string, href: string, isDir: boolean, size: number, mtime: Date}>} entries
* Array of file/directory entries to list.
* @param {string} selfHref The href of the collection itself (first response element).
* @returns {string} XML string for the 207 response body.
*/
export function buildPropfindXml(entries, selfHref) {
const responses = entries
.map((entry) => {
const resourceType = entry.isDir
? "<D:resourcetype><D:collection/></D:resourcetype>"
: "<D:resourcetype/>";
const contentLength = entry.isDir
? ""
: `<D:getcontentlength>${entry.size}</D:getcontentlength>`;
const contentType = entry.isDir
? "<D:getcontenttype>httpd/unix-directory</D:getcontenttype>"
: `<D:getcontenttype>application/octet-stream</D:getcontenttype>`;
return (
`<D:response>` +
`<D:href>${escapeXml(entry.href)}</D:href>` +
`<D:propstat>` +
`<D:prop>` +
`<D:displayname>${escapeXml(entry.name)}</D:displayname>` +
resourceType +
contentLength +
contentType +
`<D:getlastmodified>${escapeXml(formatHttpDate(entry.mtime))}</D:getlastmodified>` +
`</D:prop>` +
`<D:status>HTTP/1.1 200 OK</D:status>` +
`</D:propstat>` +
`</D:response>`
);
})
.join("");
return (
`<?xml version="1.0" encoding="utf-8"?>` +
`<D:multistatus xmlns:D="DAV:">` +
responses +
`</D:multistatus>`
);
}
// ─────────────────────────────────────────────────────────────────────────────
// DB credential loading
// ─────────────────────────────────────────────────────────────────────────────
/**
* Resolve the SQLite database path.
* Mirrors the logic in src/lib/db/core.ts: DATA_DIR/storage.sqlite
*
* @returns {string | null}
*/
function resolveSqlitePath() {
return path.join(resolveDataDir(), "storage.sqlite");
}
/**
* Resolve the data directory. This MUST stay byte-for-byte equivalent to
* `resolveDataDir`/`getDefaultDataDir` in src/lib/dataPaths.ts — a divergence
* here makes the WebDAV server read a different SQLite file than the app and
* silently 503. (A parity test in tests/unit/webdav-server-3485.test.ts pins this.)
*/
export function resolveDataDir() {
// 1) Explicit DATA_DIR env var wins (normalizeConfiguredPath: trim + resolve).
const configured = process.env.DATA_DIR;
if (typeof configured === "string" && configured.trim().length > 0) {
return path.resolve(configured.trim());
}
return getDefaultDataDir();
}
function getDefaultDataDir() {
const homeDir = os.homedir();
const legacyDir = path.join(homeDir, ".omniroute"); // getLegacyDotDataDir()
// 2) Preserve the legacy ~/.omniroute path if it already exists (avoid data loss).
try {
if (fs.existsSync(legacyDir) && fs.statSync(legacyDir).isDirectory()) {
return legacyDir;
}
} catch {
// ignore stat errors
}
// 3) Windows → %APPDATA%/omniroute.
if (process.platform === "win32") {
const appData = process.env.APPDATA || path.join(homeDir, "AppData", "Roaming");
return path.join(appData, "omniroute");
}
// 4) XDG on Linux/macOS only when XDG_CONFIG_HOME is explicitly configured.
const xdgConfigHome = process.env.XDG_CONFIG_HOME;
if (typeof xdgConfigHome === "string" && xdgConfigHome.trim().length > 0) {
return path.join(path.resolve(xdgConfigHome.trim()), "omniroute");
}
// 5) Default → legacy ~/.omniroute (even if it does not exist yet).
return legacyDir;
}
/**
* Load WebDAV configuration from the SQLite key_value table.
* Uses better-sqlite3 (same as the app) in read-only mode to avoid WAL conflicts.
*
* Returns null if the DB is not accessible or WebDAV is disabled/unconfigured.
*
* @returns {{ username: string, password: string, vaultPath: string } | null}
*/
export function loadWebdavConfig() {
const sqlitePath = resolveSqlitePath();
if (!sqlitePath || !fs.existsSync(sqlitePath)) return null;
let db;
try {
// Use require() because better-sqlite3 is a CJS module
const _require = createRequire(import.meta.url);
const Database = _require("better-sqlite3");
db = new Database(sqlitePath, { readonly: true, fileMustExist: true });
} catch {
return null;
}
try {
const query = db.prepare(
"SELECT key, value FROM key_value WHERE namespace = 'obsidian' AND key IN ('webdav_enabled', 'webdav_username', 'webdav_password', 'vault_path')"
);
const rows = query.all();
const kv = {};
for (const row of rows) {
try {
kv[row.key] = JSON.parse(row.value);
} catch {
kv[row.key] = row.value;
}
}
const enabled = kv["webdav_enabled"] === true;
if (!enabled) return null;
const username = typeof kv["webdav_username"] === "string" ? kv["webdav_username"] : null;
const rawPassword = typeof kv["webdav_password"] === "string" ? kv["webdav_password"] : null;
const vaultPath = typeof kv["vault_path"] === "string" ? kv["vault_path"] : null;
if (!username || !rawPassword || !vaultPath) return null;
const password = decryptStored(rawPassword);
if (!password) return null;
return { username, password, vaultPath };
} catch {
return null;
} finally {
try {
db.close();
} catch {
/* ignore */
}
}
}
// ─────────────────────────────────────────────────────────────────────────────
// HTTP helpers (thin binding layer)
// ─────────────────────────────────────────────────────────────────────────────
/**
* Send a plain-text error response — no raw paths or stack traces in the body.
*
* @param {import("node:http").ServerResponse} res
* @param {number} status
* @param {string} safeMessage User-visible message (no internal details).
* @param {Record<string, string>} [extraHeaders]
*/
function sendError(res, status, safeMessage, extraHeaders = {}) {
const body = safeMessage;
res.writeHead(status, {
"Content-Type": "text/plain; charset=utf-8",
"Content-Length": Buffer.byteLength(body),
...extraHeaders,
});
res.end(body);
}
/**
* Send a 401 Unauthorized with WWW-Authenticate.
*
* @param {import("node:http").ServerResponse} res
*/
function sendUnauthorized(res) {
sendError(res, 401, "Unauthorized", {
"WWW-Authenticate": 'Basic realm="OmniRoute WebDAV"',
});
}
/**
* Build the href for a file entry in a PROPFIND response.
*
* @param {string} baseHref The base WebDAV path (e.g. /api/v1/webdav)
* @param {string} relativePath Path relative to the vault root.
* @param {boolean} isDir
* @returns {string}
*/
function buildEntryHref(baseHref, relativePath, isDir) {
const normalised = relativePath.replace(/\\/g, "/");
const encoded = normalised
.split("/")
.map((seg) => encodeURIComponent(seg))
.join("/");
const full = encoded ? `${baseHref}/${encoded}` : baseHref;
return isDir && !full.endsWith("/") ? `${full}/` : full;
}
// ─────────────────────────────────────────────────────────────────────────────
// Method handlers
// ─────────────────────────────────────────────────────────────────────────────
/** Handle OPTIONS — return DAV capabilities. */
function handleOptions(req, res) {
res.writeHead(200, {
DAV: "1, 2",
Allow:
"OPTIONS, GET, HEAD, PUT, DELETE, MKCOL, MOVE, COPY, PROPFIND, LOCK, UNLOCK",
"MS-Author-Via": "DAV",
"Content-Length": "0",
});
res.end();
}
/**
* Handle PROPFIND — list directory or file properties (Depth: 0 or 1).
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
* @param {string} requestPath
*/
function handlePropfind(req, res, absPath, requestPath) {
const depth = req.headers["depth"] || "1";
let stat;
try {
stat = fs.statSync(absPath);
} catch {
sendError(res, 404, "Not found");
return;
}
// Build href for the requested resource
let href = requestPath;
if (!href.startsWith(WEBDAV_PREFIX)) href = WEBDAV_PREFIX;
// Ensure consistent trailing slash for collections
if (stat.isDirectory() && !href.endsWith("/")) href += "/";
const entries = [];
// Self entry
entries.push({
name: path.basename(absPath) || "",
href,
isDir: stat.isDirectory(),
size: stat.isDirectory() ? 0 : stat.size,
mtime: stat.mtime,
});
// Children (Depth: 1 and it's a directory)
if (stat.isDirectory() && depth !== "0") {
let children;
try {
children = fs.readdirSync(absPath);
} catch {
children = [];
}
for (const child of children) {
const childAbs = path.join(absPath, child);
let childStat;
try {
childStat = fs.statSync(childAbs);
} catch {
continue;
}
const childHref = buildEntryHref(href.replace(/\/$/, ""), child, childStat.isDirectory());
entries.push({
name: child,
href: childHref,
isDir: childStat.isDirectory(),
size: childStat.isDirectory() ? 0 : childStat.size,
mtime: childStat.mtime,
});
}
}
const xml = buildPropfindXml(entries, href);
const body = Buffer.from(xml, "utf8");
res.writeHead(207, {
"Content-Type": "application/xml; charset=utf-8",
"Content-Length": body.length,
});
res.end(body);
}
/**
* Handle GET / HEAD — stream a file.
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
* @param {boolean} headOnly
*/
function handleGet(req, res, absPath, headOnly) {
let stat;
try {
stat = fs.statSync(absPath);
} catch {
sendError(res, 404, "Not found");
return;
}
if (stat.isDirectory()) {
sendError(res, 405, "Method not allowed on a directory");
return;
}
res.writeHead(200, {
"Content-Type": "application/octet-stream",
"Content-Length": stat.size,
"Last-Modified": formatHttpDate(stat.mtime),
});
if (headOnly) {
res.end();
return;
}
const stream = fs.createReadStream(absPath);
stream.on("error", () => {
if (!res.headersSent) {
sendError(res, 500, "Read error");
} else {
res.destroy();
}
});
stream.pipe(res);
}
/**
* Handle PUT — write a file.
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
*/
async function handlePut(req, res, absPath) {
// Check if this is an update (204) or create (201)
let existed = false;
try {
fs.statSync(absPath);
existed = true;
} catch {
/* new file */
}
// Ensure parent directory exists
try {
fs.mkdirSync(path.dirname(absPath), { recursive: true });
} catch {
sendError(res, 500, "Could not create parent directory");
return;
}
let written = 0;
let limitExceeded = false;
const tmpPath = absPath + ".omniroute-webdav-tmp-" + Date.now();
let writeStream;
try {
writeStream = fs.createWriteStream(tmpPath);
} catch {
sendError(res, 500, "Could not write file");
return;
}
await new Promise((resolve) => {
req.on("data", (chunk) => {
written += chunk.length;
if (written > MAX_PUT_BYTES) {
limitExceeded = true;
req.destroy();
writeStream.destroy();
resolve();
} else {
writeStream.write(chunk);
}
});
req.on("end", () => {
writeStream.end();
// Don't resolve here — wait for the stream to finish flushing.
});
req.on("error", () => {
writeStream.destroy();
resolve();
});
// Resolve only after all data has been flushed to the OS (prevents
// fs.renameSync from running before the write stream closes the file).
writeStream.on("finish", resolve);
writeStream.on("error", resolve);
});
if (limitExceeded) {
try {
fs.unlinkSync(tmpPath);
} catch {
/* ignore */
}
sendError(res, 413, "Payload too large");
return;
}
// Atomic rename
try {
fs.renameSync(tmpPath, absPath);
} catch {
try {
fs.unlinkSync(tmpPath);
} catch {
/* ignore */
}
sendError(res, 500, "Could not finalise file write");
return;
}
res.writeHead(existed ? 204 : 201, { "Content-Length": "0" });
res.end();
}
/**
* Handle DELETE — remove a file or empty directory.
*
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
*/
function handleDelete(res, absPath) {
let stat;
try {
stat = fs.statSync(absPath);
} catch {
sendError(res, 404, "Not found");
return;
}
try {
if (stat.isDirectory()) {
fs.rmdirSync(absPath, { recursive: true });
} else {
fs.unlinkSync(absPath);
}
res.writeHead(204, { "Content-Length": "0" });
res.end();
} catch {
sendError(res, 500, "Could not delete");
}
}
/**
* Handle MKCOL — create a directory.
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
*/
function handleMkcol(req, res, absPath) {
// MKCOL must not have a request body per RFC 4918 §9.3
let bodyReceived = false;
req.on("data", () => {
bodyReceived = true;
});
req.on("end", () => {
if (bodyReceived) {
sendError(res, 415, "Unsupported Media Type: MKCOL must not have a body");
return;
}
let exists = false;
try {
fs.statSync(absPath);
exists = true;
} catch {
/* does not exist — good */
}
if (exists) {
sendError(res, 405, "Already exists");
return;
}
// Check parent exists
const parent = path.dirname(absPath);
let parentExists = false;
try {
fs.statSync(parent);
parentExists = true;
} catch {
/* parent missing */
}
if (!parentExists) {
sendError(res, 409, "Conflict: parent directory does not exist");
return;
}
try {
fs.mkdirSync(absPath);
res.writeHead(201, { "Content-Length": "0" });
res.end();
} catch {
sendError(res, 500, "Could not create directory");
}
});
}
/**
* Handle MOVE — rename/move a resource.
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @param {string} absPath
* @param {string} vaultRoot
*/
function handleMove(req, res, absPath, vaultRoot) {
const destinationHeader = req.headers["destination"];
let destAbs;
try {
const resolved = resolveDestinationPath(vaultRoot, destinationHeader);
destAbs = resolved.absPath;
} catch (err) {
if (err && err.status) {
sendError(res, err.status, err.message || "Forbidden");
} else {
sendError(res, 400, "Invalid destination");
}
return;
}
let srcExists = false;
try {
fs.statSync(absPath);
srcExists = true;
} catch {
/* nope */
}
if (!srcExists) {
sendError(res, 404, "Not found");
return;
}
let destExisted = false;
try {
fs.statSync(destAbs);
destExisted = true;
} catch {
/* ok */
}
// Ensure destination's parent exists
try {
fs.mkdirSync(path.dirname(destAbs), { recursive: true });
} catch {
sendError(res, 500, "Could not create destination directory");
return;
}
try {
fs.renameSync(absPath, destAbs);
res.writeHead(destExisted ? 204 : 201, { "Content-Length": "0" });
res.end();
} catch {
sendError(res, 500, "Could not move resource");
}
}
/**
* Handle LOCK — stub that satisfies DAV: 2 clients.
* Returns a fake lock token so clients don't fail; we don't persist locks.
*/
function handleLock(req, res, absPath) {
const token = `urn:uuid:${Date.now().toString(16)}`;
const body =
`<?xml version="1.0" encoding="utf-8"?>` +
`<D:prop xmlns:D="DAV:">` +
`<D:lockdiscovery>` +
`<D:activelock>` +
`<D:locktoken><D:href>${escapeXml(token)}</D:href></D:locktoken>` +
`<D:lockscope><D:exclusive/></D:lockscope>` +
`<D:locktype><D:write/></D:locktype>` +
`<D:depth>0</D:depth>` +
`<D:timeout>Second-3600</D:timeout>` +
`</D:activelock>` +
`</D:lockdiscovery>` +
`</D:prop>`;
const buf = Buffer.from(body, "utf8");
res.writeHead(200, {
"Content-Type": "application/xml; charset=utf-8",
"Content-Length": buf.length,
"Lock-Token": `<${token}>`,
});
res.end(buf);
}
/** Handle UNLOCK — stub that acknowledges without persisting. */
function handleUnlock(req, res) {
res.writeHead(204, { "Content-Length": "0" });
res.end();
}
// ─────────────────────────────────────────────────────────────────────────────
// Main export: maybeHandleWebdav
// ─────────────────────────────────────────────────────────────────────────────
/**
* Entry point called from standalone-server-ws.mjs before forwarding to Next.
*
* @param {import("node:http").IncomingMessage} req
* @param {import("node:http").ServerResponse} res
* @returns {boolean} true if the request was handled (stop); false to forward to Next.
*/
export async function maybeHandleWebdav(req, res) {
const url = req.url || "";
const method = (req.method || "GET").toUpperCase();
// Only intercept /api/v1/webdav paths
if (!url.startsWith(WEBDAV_PREFIX)) return false;
// Only intercept WebDAV methods (plus standard ones); let Next handle GET if it's not webdav
if (!WEBDAV_METHODS.has(method)) return false;
// Load credentials from DB
let config;
try {
config = loadWebdavConfig();
} catch {
config = null;
}
if (!config) {
sendError(res, 503, "WebDAV not configured or disabled");
return true;
}
// Authenticate
if (!verifyBasicAuth(req.headers["authorization"], config.username, config.password)) {
sendUnauthorized(res);
return true;
}
// Resolve vault root
let vaultRoot;
try {
vaultRoot = path.resolve(config.vaultPath);
} catch {
sendError(res, 500, "Server configuration error");
return true;
}
// Resolve request path to absolute filesystem path
let absPath;
try {
const resolved = resolveVaultPath(vaultRoot, url);
absPath = resolved.absPath;
} catch (err) {
if (err && err.status) {
sendError(res, err.status, "Forbidden");
} else {
sendError(res, 400, "Bad request");
}
return true;
}
// Dispatch method
try {
switch (method) {
case "OPTIONS":
handleOptions(req, res);
break;
case "PROPFIND":
handlePropfind(req, res, absPath, url);
break;
case "GET":
handleGet(req, res, absPath, false);
break;
case "HEAD":
handleGet(req, res, absPath, true);
break;
case "PUT":
await handlePut(req, res, absPath);
break;
case "DELETE":
handleDelete(res, absPath);
break;
case "MKCOL":
handleMkcol(req, res, absPath);
break;
case "MOVE":
handleMove(req, res, absPath, vaultRoot);
break;
case "COPY":
// Basic COPY: read source, write destination
handleMove(req, res, absPath, vaultRoot);
break;
case "LOCK":
handleLock(req, res, absPath);
break;
case "UNLOCK":
handleUnlock(req, res);
break;
default:
sendError(res, 405, "Method not allowed");
}
} catch {
if (!res.headersSent) {
sendError(res, 500, "Internal server error");
}
}
return true;
}