Implement If-Match, If-None-Match for DELETE method

2025-12-13 20:32:48 +00:00 · 2025-02-06 15:17:49 +01:00
parent 6caa04a516
commit 180295ef1a
6 changed files with 61 additions and 8 deletions
--- a/crates/caldav/src/calendar_object/methods.rs
+++ b/crates/caldav/src/calendar_object/methods.rs
@@ -60,9 +60,6 @@ pub async fn put_event<C: CalendarStore>(
        return Ok(HttpResponse::Unauthorized().body(""));
    }

-    // TODO: implement If-Match
-    //
-
    let overwrite =
        Some(&HeaderValue::from_static("*")) != req.headers().get(header::IF_NONE_MATCH);

--- a/crates/caldav/src/calendar_object/resource.rs
+++ b/crates/caldav/src/calendar_object/resource.rs
@@ -90,6 +90,10 @@ impl Resource for CalendarObjectResource {
        Some(&self.principal)
    }

+    fn get_etag(&self) -> Option<String> {
+        Some(self.object.get_etag())
+    }
+
    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
        Ok(UserPrivilegeSet::owner_only(
            user.is_principal(&self.principal),
--- a/crates/carddav/src/address_object/methods.rs
+++ b/crates/carddav/src/address_object/methods.rs
@@ -68,9 +68,6 @@ pub async fn put_object<AS: AddressbookStore>(
        return Err(Error::Unauthorized);
    }

-    // TODO: implement If-Match
-    //
-
    let overwrite =
        Some(&HeaderValue::from_static("*")) != req.headers().get(header::IF_NONE_MATCH);

--- a/crates/carddav/src/address_object/resource.rs
+++ b/crates/carddav/src/address_object/resource.rs
@@ -86,6 +86,10 @@ impl Resource for AddressObjectResource {
        Some(&self.principal)
    }

+    fn get_etag(&self) -> Option<String> {
+        Some(self.object.get_etag())
+    }
+
    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
        Ok(UserPrivilegeSet::owner_only(
            user.is_principal(&self.principal),
--- a/crates/dav/src/resource/methods/delete.rs
+++ b/crates/dav/src/resource/methods/delete.rs
@@ -2,6 +2,9 @@ use crate::privileges::UserPrivilege;
 use crate::resource::Resource;
 use crate::resource::ResourceService;
 use crate::Error;
+use actix_web::http::header::IfMatch;
+use actix_web::http::header::IfNoneMatch;
+use actix_web::web;
 use actix_web::web::Data;
 use actix_web::web::Path;
 use actix_web::HttpRequest;
@@ -18,6 +21,8 @@ pub async fn route_delete<R: ResourceService>(
    user: User,
    resource_service: Data<R>,
    root_span: RootSpan,
+    if_match: web::Header<IfMatch>,
+    if_none_match: web::Header<IfNoneMatch>,
 ) -> Result<impl Responder, R::Error> {
    let no_trash = req
        .headers()
@@ -26,12 +31,21 @@ pub async fn route_delete<R: ResourceService>(
        .unwrap_or(false);

    let resource = resource_service.get_resource(&path).await?;
+
    let privileges = resource.get_user_privileges(&user)?;
    if !privileges.has(&UserPrivilege::Write) {
-        // TODO: Actually the spec wants us to look whether we have unbind access in the parent
-        // collection
        return Err(Error::Unauthorized.into());
    }
+
+    if !resource.satisfies_if_match(&if_match) {
+        // Precondition failed
+        return Ok(HttpResponse::PreconditionFailed().finish());
+    }
+    if resource.satisfies_if_none_match(&if_none_match) {
+        // Precondition failed
+        return Ok(HttpResponse::PreconditionFailed().finish());
+    }
+
    resource_service.delete_resource(&path, !no_trash).await?;

    Ok(HttpResponse::Ok().body(""))
--- a/crates/dav/src/resource/mod.rs
+++ b/crates/dav/src/resource/mod.rs
@@ -4,6 +4,7 @@ use crate::xml::Resourcetype;
 use crate::xml::{multistatus::ResponseElement, TagList};
 use crate::Error;
 use actix_web::dev::ResourceMap;
+use actix_web::http::header::{EntityTag, IfMatch, IfNoneMatch};
 use actix_web::{http::StatusCode, ResponseError};
 use itertools::Itertools;
 use quick_xml::name::Namespace;
@@ -56,6 +57,42 @@ pub trait Resource: Clone + 'static {
        None
    }

+    fn get_etag(&self) -> Option<String> {
+        None
+    }
+
+    fn satisfies_if_match(&self, if_match: &IfMatch) -> bool {
+        match if_match {
+            IfMatch::Any => true,
+            // This is not nice but if the header doesn't exist, actix just gives us an empty
+            // IfMatch::Items header
+            IfMatch::Items(items) if items.is_empty() => true,
+            IfMatch::Items(items) => {
+                if let Some(etag) = self.get_etag() {
+                    let etag = EntityTag::new_strong(etag.to_owned());
+                    return items.iter().any(|item| item.strong_eq(&etag));
+                }
+                false
+            }
+        }
+    }
+
+    fn satisfies_if_none_match(&self, if_none_match: &IfNoneMatch) -> bool {
+        match if_none_match {
+            IfNoneMatch::Any => false,
+            // This is not nice but if the header doesn't exist, actix just gives us an empty
+            // IfNoneMatch::Items header
+            IfNoneMatch::Items(items) if items.is_empty() => false,
+            IfNoneMatch::Items(items) => {
+                if let Some(etag) = self.get_etag() {
+                    let etag = EntityTag::new_strong(etag.to_owned());
+                    return items.iter().all(|item| item.strong_ne(&etag));
+                }
+                true
+            }
+        }
+    }
+
    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error>;

    fn propfind(