Reimplement the OPTIONS handler such that the Allowed methods are actually correct

2025-12-14 05:52:19 +00:00 · 2024-10-04 21:35:07 +02:00
parent 00c1bb74c2
commit 8e1e1d5af5
1 changed files with 26 additions and 22 deletions
--- a/crates/caldav/src/lib.rs
+++ b/crates/caldav/src/lib.rs
@@ -1,8 +1,10 @@
-use actix_web::http::Method;
+use actix_web::dev::Service;
+use actix_web::http::header::{HeaderName, HeaderValue};
+use actix_web::http::{Method, StatusCode};
 use actix_web::web::{self, Data};
-use actix_web::{guard, HttpResponse, Responder};
 use calendar::resource::CalendarResourceService;
 use calendar_object::resource::CalendarObjectResourceService;
+use futures_util::FutureExt;
 use principal::PrincipalResourceService;
 use root::RootResourceService;
 use rustical_dav::resource::ResourceService;
@@ -35,16 +37,32 @@ pub fn configure_dav<AP: AuthenticationProvider, C: CalendarStore + ?Sized>(
    cfg.service(
        web::scope("")
            .wrap(AuthenticationMiddleware::new(auth_provider))
+            .wrap_fn(|req, srv| {
+                // Middleware to set the DAV header
+                // Could be more elegant if actix_web::guard::RegisteredMethods was public :(
+                let method = req.method().clone();
+                srv.call(req).map(move |res| {
+                    if method == Method::OPTIONS {
+                        return res.map(|mut response| {
+                            if response.status() == StatusCode::METHOD_NOT_ALLOWED {
+                                response.headers_mut().insert(
+                                    HeaderName::from_static("dav"),
+                                    HeaderValue::from_static(
+                                        "1, 2, 3, calendar-access, extended-mkcol",
+                                    ),
+                                );
+                                *response.response_mut().status_mut() = StatusCode::OK;
+                            }
+                            response
+                        });
+                    }
+                    res
+                })
+            })
            .app_data(Data::new(CalDavContext {
                store: store.clone(),
            }))
            .app_data(Data::from(store.clone()))
-            .service(
-                web::resource("{path:.*}")
-                    // Without the guard this service would handle all requests
-                    .guard(guard::Method(Method::OPTIONS))
-                    .to(options_handler),
-            )
            .service(RootResourceService::actix_resource())
            .service(
                web::scope("/user").service(
@@ -63,17 +81,3 @@ pub fn configure_dav<AP: AuthenticationProvider, C: CalendarStore + ?Sized>(
            ),
    );
 }
-
-async fn options_handler() -> impl Responder {
-    HttpResponse::Ok()
-        .insert_header((
-            "Allow",
-            "OPTIONS, GET, HEAD, POST, PUT, REPORT, PROPFIND, PROPPATCH, MKCALENDAR",
-        ))
-        .insert_header((
-            "DAV",
-            "1, 2, 3, calendar-access, extended-mkcol",
-            // "1, 2, 3, calendar-access, addressbook, extended-mkcol",
-        ))
-        .body("options")
-}