version 0.9.1

fixes #112

.editorconfig

@@ -2,3 +2,5 @@
 indent_style = space
 indent_size = 4
 
+[docs/**/*.md]
+indent_size = 4

.gitattributes

@@ -1,2 +1,3 @@
 # Otherwise GitHub thinks this is an HTML project
 crates/frontend/public/assets/licenses.html linguist-detectable=false
+crates/frontend/public/assets/js/* linguist-detectable=false

.github/workflows/docker-publish.yml

@@ -41,12 +41,10 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          # As long as we don't have releases everything on the main branch shall be tagged as latest
           tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}

.gitignore

@@ -12,3 +12,7 @@ principals.toml
 .env
 
 site
+
+# Frontend
+**/node_modules
+**/.vite

.sqlx/query-246ec675667992c1297c29348d46496a884c59adb8b64b569d36f4ce10f88f47.json

@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "SELECT id, vcf FROM addressobjects WHERE (principal, addressbook_id, id) = (?, ?, ?) AND ((deleted_at IS NULL) or ?)",
+  "query": "SELECT id, vcf FROM addressobjects WHERE (principal, addressbook_id, id) = (?, ?, ?) AND ((deleted_at IS NULL) OR ?)",
   "describe": {
     "columns": [
       {
@@ -22,5 +22,5 @@
       false
     ]
   },
-  "hash": "395e40a7b3333b79bc2ad50a123d99f74bc2712a16257ee2119dd211fdb61f7e"
+  "hash": "246ec675667992c1297c29348d46496a884c59adb8b64b569d36f4ce10f88f47"
 }

.sqlx/query-27ac68a4eea40c1cac663cad034028cf6c373354b29e3a5290c18f58101913cd.json

@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "SELECT *\n                FROM calendars\n                WHERE principal = ? AND deleted_at IS NOT NULL",
+  "query": "SELECT principal, id, displayname, \"order\", description, color, timezone_id, deleted_at, synctoken, subscription_url, push_topic, comp_event, comp_todo, comp_journal\n                FROM calendars\n                WHERE principal = ? AND deleted_at IS NOT NULL",
   "describe": {
     "columns": [
       {
@@ -14,68 +14,63 @@
         "type_info": "Text"
       },
       {
-        "name": "synctoken",
+        "name": "displayname",
         "ordinal": 2,
-        "type_info": "Integer"
+        "type_info": "Text"
       },
       {
-        "name": "displayname",
+        "name": "order",
         "ordinal": 3,
-        "type_info": "Text"
+        "type_info": "Integer"
       },
       {
         "name": "description",
         "ordinal": 4,
         "type_info": "Text"
       },
-      {
-        "name": "order",
-        "ordinal": 5,
-        "type_info": "Integer"
-      },
       {
         "name": "color",
-        "ordinal": 6,
+        "ordinal": 5,
-        "type_info": "Text"
-      },
-      {
-        "name": "timezone",
-        "ordinal": 7,
         "type_info": "Text"
       },
       {
         "name": "timezone_id",
-        "ordinal": 8,
+        "ordinal": 6,
         "type_info": "Text"
       },
       {
         "name": "deleted_at",
-        "ordinal": 9,
+        "ordinal": 7,
         "type_info": "Datetime"
       },
+      {
+        "name": "synctoken",
+        "ordinal": 8,
+        "type_info": "Integer"
+      },
       {
         "name": "subscription_url",
-        "ordinal": 10,
+        "ordinal": 9,
         "type_info": "Text"
       },
       {
         "name": "push_topic",
-        "ordinal": 11,
+        "ordinal": 10,
         "type_info": "Text"
       },
       {
         "name": "comp_event",
-        "ordinal": 12,
+        "ordinal": 11,
         "type_info": "Bool"
       },
       {
         "name": "comp_todo",
-        "ordinal": 13,
+        "ordinal": 12,
         "type_info": "Bool"
       },
       {
         "name": "comp_journal",
-        "ordinal": 14,
+        "ordinal": 13,
         "type_info": "Bool"
       }
     ],
@@ -85,14 +80,13 @@
     "nullable": [
       false,
       false,
-      false,
-      true,
       true,
       false,
       true,
       true,
       true,
       true,
+      false,
       true,
       false,
       false,
@@ -100,5 +94,5 @@
       false
     ]
   },
-  "hash": "cce62f7829bd688cd8c7928b587bc31f0e50865c214b1df113350bea2c254237"
+  "hash": "27ac68a4eea40c1cac663cad034028cf6c373354b29e3a5290c18f58101913cd"
 }

.sqlx/query-2f043f62a7c0eae1023e319f0bc8f35dfdcf6a8247e03b1de3e2cabb2d3ab8ae.json

@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "\n            REPLACE INTO principals\n            (id, displayname, principal_type, password_hash)\n            VALUES (?, ?, ?, ?)\n        ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 4
-    },
-    "nullable": []
-  },
-  "hash": "2f043f62a7c0eae1023e319f0bc8f35dfdcf6a8247e03b1de3e2cabb2d3ab8ae"
-}

.sqlx/query-3b00b59f047e534a7f7f654984dc880f4aa9281aae5974722d2f22ec6d15cb32.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT principal FROM memberships WHERE member_of = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "3b00b59f047e534a7f7f654984dc880f4aa9281aae5974722d2f22ec6d15cb32"
+}

.sqlx/query-46ae176a06e314492f661c28436d6370883052c854da43475d7ced60cf8326e3.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendars SET principal = ?, id = ?, displayname = ?, description = ?, \"order\" = ?, color = ?, timezone_id = ?, push_topic = ?, comp_event = ?, comp_todo = ?, comp_journal = ?\n                WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 13
+    },
+    "nullable": []
+  },
+  "hash": "46ae176a06e314492f661c28436d6370883052c854da43475d7ced60cf8326e3"
+}

.sqlx/query-5132ee8198f155242aa332a10019c48ec334884bcf7841c8aa03fd5eb11351d9.json

@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "INSERT INTO calendars (principal, id, displayname, description, \"order\", color, subscription_url, timezone, timezone_id, push_topic, comp_event, comp_todo, comp_journal)\n                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 13
-    },
-    "nullable": []
-  },
-  "hash": "5132ee8198f155242aa332a10019c48ec334884bcf7841c8aa03fd5eb11351d9"
-}

.sqlx/query-543838c030550cb09d1af08adfeade8b7ce3575d92fddbc6e9582d141bc9e49d.json

@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "SELECT id, ics FROM calendarobjects WHERE (principal, cal_id, id) = (?, ?, ?)",
+  "query": "SELECT id, ics FROM calendarobjects WHERE (principal, cal_id, id) = (?, ?, ?) AND ((deleted_at IS NULL) OR ?)",
   "describe": {
     "columns": [
       {
@@ -15,12 +15,12 @@
       }
     ],
     "parameters": {
-      "Right": 3
+      "Right": 4
     },
     "nullable": [
       false,
       false
     ]
   },
-  "hash": "d2f7423e2e8f97607f6664200990dcadb927445880ec6edffba3b5aedf4e199b"
+  "hash": "543838c030550cb09d1af08adfeade8b7ce3575d92fddbc6e9582d141bc9e49d"
 }

.sqlx/query-5c09c2a3c052188435409d4ff076575394e625dd19f00dea2d4c71a9f34a5952.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n            INSERT INTO principals\n            (id, displayname, principal_type, password_hash) VALUES (?, ?, ?, ?)\n            ON CONFLICT(id) DO UPDATE SET\n                (displayname, principal_type, password_hash)\n                = (excluded.displayname, excluded.principal_type, excluded.password_hash)\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "5c09c2a3c052188435409d4ff076575394e625dd19f00dea2d4c71a9f34a5952"
+}

.sqlx/query-60b940ff493e7c0fcb2ffe8ae97172c6444525ffeec21b194bd7443d11d06113.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO calendars (principal, id, displayname, description, \"order\", color, subscription_url, timezone_id, push_topic, comp_event, comp_todo, comp_journal)\n                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 12
+    },
+    "nullable": []
+  },
+  "hash": "60b940ff493e7c0fcb2ffe8ae97172c6444525ffeec21b194bd7443d11d06113"
+}

.sqlx/query-660833e0505d3bbcd6dd736cce06b1bf14263d0e0e87b27d89d376d422e4e474.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT length(vcf) AS 'length!: u64', deleted_at AS 'deleted!: bool' FROM addressobjects WHERE principal = ? AND addressbook_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "length!: u64",
+        "ordinal": 0,
+        "type_info": "Null"
+      },
+      {
+        "name": "deleted!: bool",
+        "ordinal": 1,
+        "type_info": "Datetime"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      null,
+      true
+    ]
+  },
+  "hash": "660833e0505d3bbcd6dd736cce06b1bf14263d0e0e87b27d89d376d422e4e474"
+}

.sqlx/query-bb2fa030f2e7c7afdb38c5c54cb31de5293be332d86cf643977d479999542553.json

@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "SELECT *\n                FROM calendars\n                WHERE (principal, id) = (?, ?)",
+  "query": "SELECT *\n                FROM calendars\n                WHERE (principal, id) = (?, ?)\n                AND ((deleted_at IS NULL) OR ?) ",
   "describe": {
     "columns": [
       {
@@ -39,48 +39,43 @@
         "type_info": "Text"
       },
       {
-        "name": "timezone",
+        "name": "timezone_id",
         "ordinal": 7,
         "type_info": "Text"
       },
-      {
-        "name": "timezone_id",
-        "ordinal": 8,
-        "type_info": "Text"
-      },
       {
         "name": "deleted_at",
-        "ordinal": 9,
+        "ordinal": 8,
         "type_info": "Datetime"
       },
       {
         "name": "subscription_url",
-        "ordinal": 10,
+        "ordinal": 9,
         "type_info": "Text"
       },
       {
         "name": "push_topic",
-        "ordinal": 11,
+        "ordinal": 10,
         "type_info": "Text"
       },
       {
         "name": "comp_event",
-        "ordinal": 12,
+        "ordinal": 11,
         "type_info": "Bool"
       },
       {
         "name": "comp_todo",
-        "ordinal": 13,
+        "ordinal": 12,
         "type_info": "Bool"
       },
       {
         "name": "comp_journal",
-        "ordinal": 14,
+        "ordinal": 13,
         "type_info": "Bool"
       }
     ],
     "parameters": {
-      "Right": 2
+      "Right": 3
     },
     "nullable": [
       false,
@@ -93,12 +88,11 @@
       true,
       true,
       true,
-      true,
       false,
       false,
       false,
       false
     ]
   },
-  "hash": "9f930775043a6d4571a8ffd5a981cadf7c51f3f11a189f8461505abec31076e6"
+  "hash": "bb2fa030f2e7c7afdb38c5c54cb31de5293be332d86cf643977d479999542553"
 }

.sqlx/query-cedfb82b38fdd0c7681b9873b1008abee4a2f4ca16abad1b837f256d0bf416b1.json

@@ -39,43 +39,38 @@
         "type_info": "Text"
       },
       {
-        "name": "timezone",
+        "name": "timezone_id",
         "ordinal": 7,
         "type_info": "Text"
       },
-      {
-        "name": "timezone_id",
-        "ordinal": 8,
-        "type_info": "Text"
-      },
       {
         "name": "deleted_at",
-        "ordinal": 9,
+        "ordinal": 8,
         "type_info": "Datetime"
       },
       {
         "name": "subscription_url",
-        "ordinal": 10,
+        "ordinal": 9,
         "type_info": "Text"
       },
       {
         "name": "push_topic",
-        "ordinal": 11,
+        "ordinal": 10,
         "type_info": "Text"
       },
       {
         "name": "comp_event",
-        "ordinal": 12,
+        "ordinal": 11,
         "type_info": "Bool"
       },
       {
         "name": "comp_todo",
-        "ordinal": 13,
+        "ordinal": 12,
         "type_info": "Bool"
       },
       {
         "name": "comp_journal",
-        "ordinal": 14,
+        "ordinal": 13,
         "type_info": "Bool"
       }
     ],
@@ -93,7 +88,6 @@
       true,
       true,
       true,
-      true,
       false,
       false,
       false,

.sqlx/query-d65c9c40606e59dd816a51b9b9ac60fd2ff81aaa358fcc038134e9a68ba45ad7.json

@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "UPDATE calendars SET principal = ?, id = ?, displayname = ?, description = ?, \"order\" = ?, color = ?, timezone = ?, timezone_id = ?, push_topic = ?, comp_event = ?, comp_todo = ?, comp_journal = ?\n                WHERE (principal, id) = (?, ?)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 14
-    },
-    "nullable": []
-  },
-  "hash": "d65c9c40606e59dd816a51b9b9ac60fd2ff81aaa358fcc038134e9a68ba45ad7"
-}

.sqlx/query-d9f14260a46a7ccd137d462c35d350a7fe338a074131776596c5d803fcda1f48.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT length(ics) AS 'length!: u64', deleted_at AS 'deleted!: bool' FROM calendarobjects WHERE principal = ? AND cal_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "length!: u64",
+        "ordinal": 0,
+        "type_info": "Null"
+      },
+      {
+        "name": "deleted!: bool",
+        "ordinal": 1,
+        "type_info": "Datetime"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      null,
+      true
+    ]
+  },
+  "hash": "d9f14260a46a7ccd137d462c35d350a7fe338a074131776596c5d803fcda1f48"
+}

Cargo.toml

@@ -2,7 +2,7 @@
 members = ["crates/*"]
 
 [workspace.package]
-version = "0.1.0"
+version = "0.9.1"
 edition = "2024"
 description = "A CalDAV server"
 repository = "https://github.com/lennart-k/rustical"
@@ -20,6 +20,7 @@ publish = false
 
 [features]
 debug = ["opentelemetry"]
+frontend-dev = ["rustical_frontend/dev"]
 opentelemetry = [
   "dep:opentelemetry",
   "dep:opentelemetry-otlp",
@@ -33,6 +34,7 @@ opentelemetry = [
 debug = 0
 
 [workspace.dependencies]
+matchit = "0.8"
 uuid = { version = "1.11", features = ["v4", "fast-rng"] }
 async-trait = "0.1"
 axum = "0.8"
@@ -93,8 +95,12 @@ strum = "0.27"
 strum_macros = "0.27"
 serde_json = { version = "1.0", features = ["raw_value"] }
 sqlx-sqlite = { version = "0.8", features = ["bundled"] }
-ical = { version = "0.11", features = ["generator", "serde"] }
+ical = { git = "https://github.com/lennart-k/ical-rs", features = [
-toml = "0.8"
+  "generator",
+  "serde",
+  "chrono-tz",
+] }
+toml = "0.9"
 tower = "0.5"
 tower-http = { version = "0.6", features = [
   "trace",
@@ -124,7 +130,7 @@ syn = { version = "2.0", features = ["full"] }
 quote = "1.0"
 proc-macro2 = "1.0"
 heck = "0.5"
-darling = "0.20"
+darling = "0.21"
 reqwest = { version = "0.12", features = [
   "rustls-tls",
   "charset",
@@ -132,6 +138,13 @@ reqwest = { version = "0.12", features = [
 ], default-features = false }
 openidconnect = "4.0"
 clap = { version = "4.5", features = ["derive", "env"] }
+matchit-serde = { git = "https://github.com/lennart-k/matchit-serde", rev = "f0591d13" }
+vtimezones-rs = "0.2"
+ece = { version = "2.3", default-features = false, features = [
+  "backend-openssl",
+] }
+openssl = { version = "0.10", features = ["vendored"] }
+async-std = { version = "1.13", features = ["attributes"] }
 
 [dependencies]
 rustical_store = { workspace = true }

Dockerfile

@@ -1,11 +1,11 @@
-FROM --platform=$BUILDPLATFORM rust:1.86-alpine AS chef
+FROM --platform=$BUILDPLATFORM rust:1.88-alpine AS chef
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 
 # the compiler will otherwise ask for aarch64-linux-musl-gcc
 ENV CC_aarch64_unknown_linux_musl="clang"
-ENV AR_aarch64_unknown_linux_musl="llvm-ar"
+ENV AR_aarch64_unknown_linux_musl="llvm20-ar"
 ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-Clink-self-contained=yes -Clinker=rust-lld"
 
 # Stupid workaound with tempfiles since environment variables
@@ -16,7 +16,7 @@ RUN case $TARGETPLATFORM in \
   *) echo "Unsupported platform ${TARGETPLATFORM}"; exit 1;;  \
   esac
 
-RUN apk add --no-cache musl-dev llvm19 clang \
+RUN apk add --no-cache musl-dev llvm20 clang perl pkgconf make \
   && rustup target add "$(cat /tmp/rust_target)" \
   && cargo install cargo-chef --locked \
   && rm -rf "$CARGO_HOME/registry"

Justfile

@@ -1,2 +1,14 @@
 licenses:
   cargo about generate about.hbs > crates/frontend/public/assets/licenses.html
+
+frontend-dev:
+  cd crates/frontend/js-components && deno task dev
+
+frontend-build:
+  cd crates/frontend/js-components && deno task build
+
+docs:
+  mkdocs build
+
+docs-dev:
+  mkdocs serve

README.md

@@ -3,22 +3,23 @@
 a CalDAV/CardDAV server
 
 > [!WARNING]
-  RustiCal is **not production-ready!**
+  RustiCal is under **active development**!
-  While I've started migrating to RustiCal and becoming more confident,
+  While I've been successfully using RustiCal productively for a few weeks now,
-  please know that bugs and rough edges will still occur.
+  you'd still be one of the first testers so expect bugs and rough edges.
-  Concretely, if you are using Apple Calendar you will want to stay away from assigning groups to users.
   If you still want to play around with it in its current state, absolutely feel free to do so and to open up an issue if something is not working. :)
 
 ## Features
 
 - easy to backup, everything saved in one SQLite database
-- ~~[WebDAV Push](https://github.com/bitfireAT/webdav-push/) support, so near-instant synchronisation to DAVx5~~ (currently broken)
+  - also export feature in the frontend
+- **[WebDAV Push](https://github.com/bitfireAT/webdav-push/)** support, so near-instant synchronisation to DAVx5
 - lightweight (the container image contains only one binary)
 - adequately fast (I'd love to say blazingly fast™ :fire: but I don't have any benchmarks)
 - deleted calendars are recoverable
 - Nextcloud login flow (In DAVx5 you can login through the Nextcloud flow and automatically generate an app token)
 - Apple configuration profiles (skip copy-pasting passwords and instead generate the configuration in the frontend)
-- OpenID Connect support (with option to disable password login)
+- **OpenID Connect** support (with option to disable password login)
+- Group-based **sharing**
 
 ## Getting Started
 
@@ -29,4 +30,6 @@ a CalDAV/CardDAV server
 - DAVx5,
 - GNOME Accounts, GNOME Calendar, GNOME Contacts
 - Evolution
-- Apple Calendar (known issue: If a user is member of multiple groups then Apple Calendar just randomly selects a calendar home)
+- Apple Calendar
+- Home Assistant integration
+- Thunderbird

about.toml

@@ -7,5 +7,7 @@ accepted = [
   "CDLA-Permissive-2.0",
   "Zlib",
   "AGPL-3.0",
+  "GPL-3.0",
+  "MPL-2.0",
 ]
 workarounds = ["ring", "chrono", "rustls"]

compose.oidc.yml

@@ -0,0 +1,22 @@
+services:
+  rustical:
+    image: ghcr.io/lennart-k/rustical:latest
+    restart: unless-stopped
+    environment:
+      RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: "false"
+      RUSTICAL_OIDC__NAME: "Authelia"
+      RUSTICAL_OIDC__ISSUER: "https://auth.example.com"
+      RUSTICAL_OIDC__CLIENT_ID: "{{ rustical_oidc_client_id }}"
+      RUSTICAL_OIDC__CLIENT_SECRET: "{{ rustical_oidc_client_secret }}"
+      RUSTICAL_OIDC__CLAIM_USERID: "preferred_username"
+      RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
+      RUSTICAL_OIDC__REQUIRE_GROUP: "app:rustical" # optional
+      RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
+    volumes:
+      - data:/var/lib/rustical
+    # Here you probably want to you expose instead
+    ports:
+      - 4000:4000
+
+volumes:
+  data:

crates/caldav/Cargo.toml

@@ -7,6 +7,12 @@ repository.workspace = true
 license.workspace = true
 publish = false
 
+[dev-dependencies]
+rustical_store_sqlite = { workspace = true, features = ["test"] }
+rstest.workspace = true
+async-std.workspace = true
+serde_json.workspace = true
+
 [dependencies]
 axum.workspace = true
 axum-extra.workspace = true
@@ -35,3 +41,6 @@ rustical_ical.workspace = true
 http.workspace = true
 headers.workspace = true
 tower-http.workspace = true
+strum.workspace = true
+strum_macros.workspace = true
+vtimezones-rs.workspace = true

crates/caldav/src/calendar/methods/get.rs

@@ -4,12 +4,12 @@ use axum::body::Body;
 use axum::extract::State;
 use axum::{extract::Path, response::Response};
 use headers::{ContentType, HeaderMapExt};
-use http::{HeaderValue, StatusCode, header};
+use http::{HeaderValue, Method, StatusCode, header};
 use ical::generator::{Emitter, IcalCalendarBuilder};
 use ical::property::Property;
 use percent_encoding::{CONTROLS, utf8_percent_encode};
 use rustical_ical::{CalendarObjectComponent, EventObject, JournalObject, TodoObject};
-use rustical_store::{CalendarStore, SubscriptionStore, auth::User};
+use rustical_store::{CalendarStore, SubscriptionStore, auth::Principal};
 use std::collections::HashMap;
 use std::str::FromStr;
 use tracing::instrument;
@@ -18,20 +18,26 @@ use tracing::instrument;
 pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, calendar_id)): Path<(String, String)>,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, true)
+        .await?;
     if !user.is_principal(&calendar.principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, true)
+        .await?;
 
     let mut timezones = HashMap::new();
+    let mut vtimezones = HashMap::new();
     let objects = cal_store.get_objects(&principal, &calendar_id).await?;
 
     let mut ical_calendar_builder = IcalCalendarBuilder::version("4.0")
@@ -58,9 +64,9 @@ pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
             params: None,
         });
     }
-    let mut ical_calendar = ical_calendar_builder.build();
 
     for object in &objects {
+        vtimezones.extend(object.get_vtimezones());
         match object.get_data() {
             CalendarObjectComponent::Event(EventObject {
                 event,
@@ -68,17 +74,25 @@ pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
                 ..
             }) => {
                 timezones.extend(object_timezones);
-                ical_calendar.events.push(event.clone());
+                ical_calendar_builder = ical_calendar_builder.add_event(event.clone());
             }
-            CalendarObjectComponent::Todo(TodoObject { todo, .. }) => {
+            CalendarObjectComponent::Todo(TodoObject(todo)) => {
-                ical_calendar.todos.push(todo.clone());
+                ical_calendar_builder = ical_calendar_builder.add_todo(todo.clone());
             }
-            CalendarObjectComponent::Journal(JournalObject { journal, .. }) => {
+            CalendarObjectComponent::Journal(JournalObject(journal)) => {
-                ical_calendar.journals.push(journal.clone());
+                ical_calendar_builder = ical_calendar_builder.add_journal(journal.clone());
             }
         }
     }
 
+    for vtimezone in vtimezones.into_values() {
+        ical_calendar_builder = ical_calendar_builder.add_tz(vtimezone.to_owned());
+    }
+
+    let ical_calendar = ical_calendar_builder
+        .build()
+        .map_err(|parser_error| Error::IcalError(parser_error.into()))?;
+
     let mut resp = Response::builder().status(StatusCode::OK);
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ContentType::from_str("text/calendar").unwrap());
@@ -92,5 +106,9 @@ pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
         ))
         .unwrap(),
     );
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
         Ok(resp.body(Body::new(ical_calendar.generate())).unwrap())
+    }
 }

crates/caldav/src/calendar/methods/import.rs

@@ -0,0 +1,102 @@
+use crate::Error;
+use crate::calendar::CalendarResourceService;
+use axum::{
+    extract::{Path, State},
+    response::{IntoResponse, Response},
+};
+use http::StatusCode;
+use ical::{
+    generator::Emitter,
+    parser::{Component, ComponentMut},
+};
+use rustical_ical::{CalendarObject, CalendarObjectType};
+use rustical_store::{Calendar, CalendarStore, SubscriptionStore, auth::Principal};
+use std::io::BufReader;
+use tracing::instrument;
+
+#[instrument(skip(resource_service))]
+pub async fn route_import<C: CalendarStore, S: SubscriptionStore>(
+    Path((principal, cal_id)): Path<(String, String)>,
+    user: Principal,
+    State(resource_service): State<CalendarResourceService<C, S>>,
+    body: String,
+) -> Result<Response, Error> {
+    if !user.is_principal(&principal) {
+        return Err(Error::Unauthorized);
+    }
+
+    let mut parser = ical::IcalParser::new(BufReader::new(body.as_bytes()));
+    let mut cal = parser
+        .next()
+        .expect("input must contain calendar")
+        .unwrap()
+        .mutable();
+    if parser.next().is_some() {
+        return Err(rustical_ical::Error::InvalidData(
+            "multiple calendars, only one allowed".to_owned(),
+        )
+        .into());
+    }
+
+    // Extract calendar metadata
+    let displayname = cal
+        .get_property("X-WR-CALNAME")
+        .and_then(|prop| prop.value.to_owned());
+    let description = cal
+        .get_property("X-WR-CALDESC")
+        .and_then(|prop| prop.value.to_owned());
+    let timezone_id = cal
+        .get_property("X-WR-TIMEZONE")
+        .and_then(|prop| prop.value.to_owned());
+    // These properties should not appear in the expanded calendar objects
+    cal.remove_property("X-WR-CALNAME");
+    cal.remove_property("X-WR-CALDESC");
+    cal.remove_property("X-WR-TIMEZONE");
+    let cal = cal.verify().unwrap();
+    // Make sure timezone is valid
+    if let Some(timezone_id) = timezone_id.as_ref() {
+        assert!(
+            vtimezones_rs::VTIMEZONES.contains_key(timezone_id),
+            "Invalid calendar timezone id"
+        );
+    }
+
+    // Extract necessary component types
+    let mut cal_components = vec![];
+    if !cal.events.is_empty() {
+        cal_components.push(CalendarObjectType::Event);
+    }
+    if !cal.journals.is_empty() {
+        cal_components.push(CalendarObjectType::Journal);
+    }
+    if !cal.todos.is_empty() {
+        cal_components.push(CalendarObjectType::Todo);
+    }
+
+    let expanded_cals = cal.expand_calendar();
+    // Janky way to convert between IcalCalendar and CalendarObject
+    let objects = expanded_cals
+        .into_iter()
+        .map(|cal| cal.generate())
+        .map(CalendarObject::from_ics)
+        .collect::<Result<Vec<_>, _>>()?;
+    let new_cal = Calendar {
+        principal,
+        id: cal_id,
+        displayname,
+        order: 0,
+        description,
+        color: None,
+        timezone_id,
+        deleted_at: None,
+        synctoken: 0,
+        subscription_url: None,
+        push_topic: uuid::Uuid::new_v4().to_string(),
+        components: cal_components,
+    };
+
+    let cal_store = resource_service.cal_store;
+    cal_store.import_calendar(new_cal, objects, false).await?;
+
+    Ok(StatusCode::OK.into_response())
+}

crates/caldav/src/calendar/methods/mkcalendar.rs

@@ -4,8 +4,10 @@ use crate::calendar::prop::SupportedCalendarComponentSet;
 use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use http::{Method, StatusCode};
+use ical::IcalParser;
+use rustical_dav::xml::HrefElement;
 use rustical_ical::CalendarObjectType;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{Calendar, CalendarStore, SubscriptionStore};
 use rustical_xml::{Unparsed, XmlDeserialize, XmlDocument, XmlRootTag};
 use tracing::instrument;
@@ -29,6 +31,8 @@ pub struct MkcolCalendarProp {
     resourcetype: Option<Unparsed>,
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     supported_calendar_component_set: Option<SupportedCalendarComponentSet>,
+    #[xml(ns = "rustical_dav::namespace::NS_CALENDARSERVER")]
+    source: Option<HrefElement>,
     // Ignore that property, we don't support it but also don't want to throw an error
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     #[allow(dead_code)]
@@ -60,7 +64,7 @@ struct MkcolRequest {
 #[instrument(skip(cal_store))]
 pub async fn route_mkcalendar<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
     method: Method,
     body: String,
@@ -69,24 +73,53 @@ pub async fn route_mkcalendar<C: CalendarStore, S: SubscriptionStore>(
         return Err(Error::Unauthorized);
     }
 
-    let request = match method.as_str() {
+    let mut request = match method.as_str() {
         "MKCALENDAR" => MkcalendarRequest::parse_str(&body)?.set.prop,
         "MKCOL" => MkcolRequest::parse_str(&body)?.set.prop,
         _ => unreachable!("We never call with another method"),
     };
 
+    if let Some("") = request.displayname.as_deref() {
+        request.displayname = None
+    }
+
+    let timezone_id = if let Some(tzid) = request.calendar_timezone_id {
+        Some(tzid)
+    } else if let Some(tz) = request.calendar_timezone {
+        // TODO: Proper error (calendar-timezone precondition)
+        let calendar = IcalParser::new(tz.as_bytes())
+            .next()
+            .ok_or(rustical_dav::Error::BadRequest(
+                "No timezone data provided".to_owned(),
+            ))?
+            .map_err(|_| rustical_dav::Error::BadRequest("No timezone data provided".to_owned()))?;
+
+        let timezone = calendar
+            .timezones
+            .first()
+            .ok_or(rustical_dav::Error::BadRequest(
+                "No timezone data provided".to_owned(),
+            ))?;
+        let timezone: chrono_tz::Tz = timezone
+            .try_into()
+            .map_err(|_| rustical_dav::Error::BadRequest("No timezone data provided".to_owned()))?;
+
+        Some(timezone.name().to_owned())
+    } else {
+        None
+    };
+
     let calendar = Calendar {
         id: cal_id.to_owned(),
         principal: principal.to_owned(),
         order: request.calendar_order.unwrap_or(0),
         displayname: request.displayname,
-        timezone: request.calendar_timezone,
+        timezone_id,
-        timezone_id: request.calendar_timezone_id,
         color: request.calendar_color,
         description: request.calendar_description,
         deleted_at: None,
         synctoken: 0,
-        subscription_url: None,
+        subscription_url: request.source.map(|href| href.href),
         push_topic: uuid::Uuid::new_v4().to_string(),
         components: request
             .supported_calendar_component_set

crates/caldav/src/calendar/methods/mod.rs

@@ -1,4 +1,5 @@
-pub mod mkcalendar;
-// pub mod post;
 pub mod get;
+pub mod import;
+pub mod mkcalendar;
+pub mod post;
 pub mod report;

crates/caldav/src/calendar/methods/post.rs

@@ -1,12 +1,13 @@
 use crate::Error;
-use crate::calendar::resource::{CalendarResource, CalendarResourceService};
+use crate::calendar::CalendarResourceService;
+use crate::calendar::resource::CalendarResource;
 use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
-use http::{HeaderMap, StatusCode, header};
+use http::{HeaderMap, HeaderValue, StatusCode, header};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_dav_push::register::PushRegister;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{CalendarStore, Subscription, SubscriptionStore};
 use rustical_xml::XmlDocument;
 use tracing::instrument;
@@ -14,7 +15,7 @@ use tracing::instrument;
 #[instrument(skip(resource_service))]
 pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(resource_service): State<CalendarResourceService<C, S>>,
     body: String,
 ) -> Result<Response, Error> {
@@ -24,7 +25,7 @@ pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
 
     let calendar = resource_service
         .cal_store
-        .get_calendar(&principal, &cal_id)
+        .get_calendar(&principal, &cal_id, false)
         .await?;
     let calendar_resource = CalendarResource {
         cal: calendar,
@@ -73,20 +74,17 @@ pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
         .upsert_subscription(subscription)
         .await?;
 
-    // let location = req
+    // TODO: make nicer
-    //     .resource_map()
+    let location = format!("/push_subscription/{sub_id}");
-    //     .url_for(&req, "subscription", &[sub_id])
-    //     .unwrap();
-    //
-    let location = "asd";
     Ok((
         StatusCode::CREATED,
-        HeaderMap::from_iter([(header::LOCATION, location)]),
+        HeaderMap::from_iter([
+            (header::LOCATION, HeaderValue::from_str(&location).unwrap()),
+            (
+                header::EXPIRES,
+                HeaderValue::from_str(&expires.to_rfc2822()).unwrap(),
+            ),
+        ]),
     )
-        .into_response());
+        .into_response())
-
-    Ok(HttpResponse::Created()
-        .append_header((header::LOCATION, location.to_string()))
-        .append_header((header::EXPIRES, expires.to_rfc2822()))
-        .finish())
 }

crates/caldav/src/calendar/methods/report/calendar_multiget.rs

@@ -29,7 +29,7 @@ pub async fn get_objects_calendar_multiget<C: CalendarStore>(
         if let Some(filename) = href.strip_prefix(path) {
             let filename = filename.trim_start_matches("/");
             if let Some(object_id) = filename.strip_suffix(".ics") {
-                match store.get_object(principal, cal_id, object_id).await {
+                match store.get_object(principal, cal_id, object_id, false).await {
                     Ok(object) => result.push(object),
                     Err(rustical_store::Error::NotFound) => not_found.push(href.to_owned()),
                     Err(err) => return Err(err.into()),

crates/caldav/src/calendar/methods/report/calendar_query.rs

@@ -16,6 +16,7 @@ pub(crate) struct TimeRangeElement {
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
 #[allow(dead_code)]
+// https://www.rfc-editor.org/rfc/rfc4791#section-9.7.3
 struct ParamFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     is_not_defined: Option<()>,
@@ -32,11 +33,13 @@ struct TextMatchElement {
     #[xml(ty = "attr")]
     collation: String,
     #[xml(ty = "attr")]
-    negate_collation: String,
+    // "yes" or "no", default: "no"
+    negate_condition: Option<String>,
 }
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
 #[allow(dead_code)]
+// https://www.rfc-editor.org/rfc/rfc4791#section-9.7.2
 pub(crate) struct PropFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     is_not_defined: Option<()>,
@@ -46,6 +49,9 @@ pub(crate) struct PropFilterElement {
     text_match: Option<TextMatchElement>,
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", flatten)]
     param_filter: Vec<ParamFilterElement>,
+
+    #[xml(ty = "attr")]
+    name: String,
 }
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
@@ -61,7 +67,7 @@ pub(crate) struct CompFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", flatten)]
     pub(crate) comp_filter: Vec<CompFilterElement>,
 
-    #[xml(ns = "rustical_dav::namespace::NS_CALDAV", ty = "attr")]
+    #[xml(ty = "attr")]
     pub(crate) name: String,
 }
 
@@ -203,3 +209,102 @@ pub async fn get_objects_calendar_query<C: CalendarStore>(
     }
     Ok(objects)
 }
+
+#[cfg(test)]
+mod tests {
+    use rustical_dav::xml::PropElement;
+    use rustical_xml::XmlDocument;
+
+    use crate::{
+        calendar::methods::report::{
+            ReportRequest,
+            calendar_query::{
+                CalendarQueryRequest, CompFilterElement, FilterElement, ParamFilterElement,
+                PropFilterElement, TextMatchElement,
+            },
+        },
+        calendar_object::{CalendarObjectPropName, CalendarObjectPropWrapperName},
+    };
+
+    #[test]
+    fn calendar_query_7_8_7() {
+        const INPUT: &str = r#"
+            <?xml version="1.0" encoding="utf-8" ?>
+            <C:calendar-query xmlns:C="urn:ietf:params:xml:ns:caldav">
+                <D:prop xmlns:D="DAV:">
+                    <D:getetag/>
+                    <C:calendar-data/>
+                </D:prop>
+                <C:filter>
+                <C:comp-filter name="VCALENDAR">
+                    <C:comp-filter name="VEVENT">
+                        <C:prop-filter name="ATTENDEE">
+                            <C:text-match collation="i;ascii-casemap">mailto:lisa@example.com</C:text-match>
+                            <C:param-filter name="PARTSTAT">
+                                <C:text-match collation="i;ascii-casemap">NEEDS-ACTION</C:text-match>
+                            </C:param-filter>
+                        </C:prop-filter>
+                    </C:comp-filter>
+                </C:comp-filter>
+                </C:filter>
+            </C:calendar-query>
+        "#;
+
+        let report = ReportRequest::parse_str(INPUT).unwrap();
+        let calendar_query: CalendarQueryRequest =
+            if let ReportRequest::CalendarQuery(query) = report {
+                query
+            } else {
+                panic!()
+            };
+        assert_eq!(
+            calendar_query,
+            CalendarQueryRequest {
+                prop: rustical_dav::xml::PropfindType::Prop(PropElement(
+                    vec![
+                        CalendarObjectPropWrapperName::CalendarObject(
+                            CalendarObjectPropName::Getetag,
+                        ),
+                        CalendarObjectPropWrapperName::CalendarObject(
+                            CalendarObjectPropName::CalendarData(Default::default())
+                        ),
+                    ],
+                    vec![]
+                )),
+                filter: Some(FilterElement {
+                    comp_filter: CompFilterElement {
+                        is_not_defined: None,
+                        time_range: None,
+                        prop_filter: vec![],
+                        comp_filter: vec![CompFilterElement {
+                            prop_filter: vec![PropFilterElement {
+                                name: "ATTENDEE".to_owned(),
+                                text_match: Some(TextMatchElement {
+                                    collation: "i;ascii-casemap".to_owned(),
+                                    negate_condition: None
+                                }),
+                                is_not_defined: None,
+                                param_filter: vec![ParamFilterElement {
+                                    is_not_defined: None,
+                                    name: "PARTSTAT".to_owned(),
+                                    text_match: Some(TextMatchElement {
+                                        collation: "i;ascii-casemap".to_owned(),
+                                        negate_condition: None
+                                    }),
+                                }],
+                                time_range: None
+                            }],
+                            comp_filter: vec![],
+                            is_not_defined: None,
+                            name: "VEVENT".to_owned(),
+                            time_range: None
+                        }],
+                        name: "VCALENDAR".to_owned()
+                    }
+                }),
+                timezone: None,
+                timezone_id: None
+            }
+        )
+    }
+}

crates/caldav/src/calendar/methods/report/mod.rs

@@ -21,7 +21,7 @@ use rustical_dav::{
     },
 };
 use rustical_ical::CalendarObject;
-use rustical_store::{CalendarStore, SubscriptionStore, auth::User};
+use rustical_store::{CalendarStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument};
 use sync_collection::handle_sync_collection;
 use tracing::instrument;
@@ -56,7 +56,7 @@ fn objects_response(
     path: &str,
     principal: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     prop: &PropfindType<CalendarObjectPropWrapperName>,
 ) -> Result<MultistatusElement<CalendarObjectPropWrapper, String>, Error> {
     let mut responses = Vec::new();
@@ -67,7 +67,7 @@ fn objects_response(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, prop, puri, user)?,
+            .propfind(&path, prop, None, puri, user)?,
         );
     }
 
@@ -90,7 +90,7 @@ fn objects_response(
 #[instrument(skip(cal_store))]
 pub async fn route_report_calendar<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     Extension(puri): Extension<CalDavPrincipalUri>,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
     OriginalUri(uri): OriginalUri,

crates/caldav/src/calendar/methods/report/sync_collection.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
 };
 use rustical_store::{
     CalendarStore,
-    auth::User,
+    auth::Principal,
     synctoken::{format_synctoken, parse_synctoken},
 };
 
@@ -21,7 +21,7 @@ pub async fn handle_sync_collection<C: CalendarStore>(
     sync_collection: &SyncCollectionRequest<CalendarObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     cal_id: &str,
     cal_store: &C,
@@ -39,7 +39,7 @@ pub async fn handle_sync_collection<C: CalendarStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, &sync_collection.prop, puri, user)?,
+            .propfind(&path, &sync_collection.prop, None, puri, user)?,
         );
     }
 

crates/caldav/src/calendar/mod.rs

@@ -4,3 +4,6 @@ pub mod resource;
 mod service;
 
 pub use service::CalendarResourceService;
+
+#[cfg(test)]
+pub mod tests;

crates/caldav/src/calendar/prop.rs

@@ -1,6 +1,7 @@
 use derive_more::derive::{From, Into};
 use rustical_ical::CalendarObjectType;
 use rustical_xml::{XmlDeserialize, XmlSerialize};
+use strum_macros::VariantArray;
 
 #[derive(Debug, Clone, XmlSerialize, XmlDeserialize, PartialEq, From, Into)]
 pub struct SupportedCalendarComponent {
@@ -58,39 +59,12 @@ pub struct SupportedCalendarData {
     calendar_data: CalendarData,
 }
 
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
+#[derive(Debug, Clone, XmlSerialize, PartialEq, VariantArray)]
 pub enum ReportMethod {
+    #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     CalendarQuery,
+    #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     CalendarMultiget,
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     SyncCollection,
 }
-
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
-pub struct ReportWrapper {
-    report: ReportMethod,
-}
-
-// RFC 3253 section-3.1.5
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
-pub struct SupportedReportSet {
-    #[xml(flatten)]
-    supported_report: Vec<ReportWrapper>,
-}
-
-impl Default for SupportedReportSet {
-    fn default() -> Self {
-        Self {
-            supported_report: vec![
-                ReportWrapper {
-                    report: ReportMethod::CalendarQuery,
-                },
-                ReportWrapper {
-                    report: ReportMethod::CalendarMultiget,
-                },
-                ReportWrapper {
-                    report: ReportMethod::SyncCollection,
-                },
-            ],
-        }
-    }
-}

crates/caldav/src/calendar/resource.rs

@@ -1,20 +1,22 @@
-use super::prop::{SupportedCalendarComponentSet, SupportedCalendarData, SupportedReportSet};
+use super::prop::{SupportedCalendarComponentSet, SupportedCalendarData};
 use crate::Error;
+use crate::calendar::prop::ReportMethod;
 use chrono::{DateTime, Utc};
 use derive_more::derive::{From, Into};
+use ical::IcalParser;
 use rustical_dav::extensions::{
     CommonPropertiesExtension, CommonPropertiesProp, SyncTokenExtension, SyncTokenExtensionProp,
 };
 use rustical_dav::privileges::UserPrivilegeSet;
 use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
-use rustical_dav::xml::{HrefElement, Resourcetype, ResourcetypeInner};
+use rustical_dav::xml::{HrefElement, Resourcetype, ResourcetypeInner, SupportedReportSet};
-use rustical_dav_push::DavPushExtension;
+use rustical_dav_push::{DavPushExtension, DavPushExtensionProp};
 use rustical_ical::CalDateTime;
 use rustical_store::Calendar;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_xml::{EnumVariants, PropName};
 use rustical_xml::{XmlDeserialize, XmlSerialize};
-use std::str::FromStr;
+use serde::Deserialize;
 
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "CalendarPropName")]
@@ -33,15 +35,15 @@ pub enum CalendarProp {
     CalendarTimezoneId(Option<String>),
     #[xml(ns = "rustical_dav::namespace::NS_ICAL")]
     CalendarOrder(Option<i64>),
-    #[xml(ns = "rustical_dav::namespace::NS_CALDAV", skip_deserializing)]
+    #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     SupportedCalendarComponentSet(SupportedCalendarComponentSet),
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", skip_deserializing)]
     SupportedCalendarData(SupportedCalendarData),
     #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     MaxResourceSize(i64),
     #[xml(skip_deserializing)]
-    #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    SupportedReportSet(SupportedReportSet),
+    SupportedReportSet(SupportedReportSet<ReportMethod>),
     #[xml(ns = "rustical_dav::namespace::NS_CALENDARSERVER")]
     Source(Option<HrefElement>),
     #[xml(skip_deserializing)]
@@ -57,11 +59,11 @@ pub enum CalendarProp {
 pub enum CalendarPropWrapper {
     Calendar(CalendarProp),
     SyncToken(SyncTokenExtensionProp),
-    // DavPush(DavPushExtensionProp),
+    DavPush(DavPushExtensionProp),
     Common(CommonPropertiesProp),
 }
 
-#[derive(Clone, Debug, From, Into)]
+#[derive(Clone, Debug, From, Into, Deserialize)]
 pub struct CalendarResource {
     pub cal: Calendar,
     pub read_only: bool,
@@ -94,9 +96,11 @@ impl DavPushExtension for CalendarResource {
 impl Resource for CalendarResource {
     type Prop = CalendarPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         if self.cal.subscription_url.is_none() {
@@ -118,7 +122,7 @@ impl Resource for CalendarResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &CalendarPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -130,7 +134,9 @@ impl Resource for CalendarResource {
                     CalendarProp::CalendarDescription(self.cal.description.clone())
                 }
                 CalendarPropName::CalendarTimezone => {
-                    CalendarProp::CalendarTimezone(self.cal.timezone.clone())
+                    CalendarProp::CalendarTimezone(self.cal.timezone_id.as_ref().and_then(|tzid| {
+                        vtimezones_rs::VTIMEZONES.get(tzid).map(|tz| tz.to_string())
+                    }))
                 }
                 // chrono_tz uses the IANA database
                 CalendarPropName::TimezoneServiceSet => CalendarProp::TimezoneServiceSet(
@@ -150,7 +156,7 @@ impl Resource for CalendarResource {
                 }
                 CalendarPropName::MaxResourceSize => CalendarProp::MaxResourceSize(10000000),
                 CalendarPropName::SupportedReportSet => {
-                    CalendarProp::SupportedReportSet(SupportedReportSet::default())
+                    CalendarProp::SupportedReportSet(SupportedReportSet::all())
                 }
                 CalendarPropName::Source => CalendarProp::Source(
                     self.cal.subscription_url.to_owned().map(HrefElement::from),
@@ -165,9 +171,9 @@ impl Resource for CalendarResource {
             CalendarPropWrapperName::SyncToken(prop) => {
                 CalendarPropWrapper::SyncToken(SyncTokenExtension::get_prop(self, prop)?)
             }
-            // CalendarPropWrapperName::DavPush(prop) => {
+            CalendarPropWrapperName::DavPush(prop) => {
-            //     CalendarPropWrapper::DavPush(DavPushExtension::get_prop(self, prop)?)
+                CalendarPropWrapper::DavPush(DavPushExtension::get_prop(self, prop)?)
-            // }
+            }
             CalendarPropWrapperName::Common(prop) => CalendarPropWrapper::Common(
                 CommonPropertiesExtension::get_prop(self, puri, user, prop)?,
             ),
@@ -189,21 +195,42 @@ impl Resource for CalendarResource {
                     Ok(())
                 }
                 CalendarProp::CalendarTimezone(timezone) => {
-                    // TODO: Ensure that timezone-id is also updated
+                    if let Some(tz) = timezone {
-                    self.cal.timezone = timezone;
+                        // TODO: Proper error (calendar-timezone precondition)
+                        let calendar = IcalParser::new(tz.as_bytes())
+                            .next()
+                            .ok_or(rustical_dav::Error::BadRequest(
+                                "No timezone data provided".to_owned(),
+                            ))?
+                            .map_err(|_| {
+                                rustical_dav::Error::BadRequest(
+                                    "No timezone data provided".to_owned(),
+                                )
+                            })?;
+
+                        let timezone =
+                            calendar
+                                .timezones
+                                .first()
+                                .ok_or(rustical_dav::Error::BadRequest(
+                                    "No timezone data provided".to_owned(),
+                                ))?;
+                        let timezone: chrono_tz::Tz = timezone.try_into().map_err(|_| {
+                            rustical_dav::Error::BadRequest("No timezone data provided".to_owned())
+                        })?;
+
+                        self.cal.timezone_id = Some(timezone.name().to_owned());
+                    }
                     Ok(())
                 }
                 CalendarProp::TimezoneServiceSet(_) => Err(rustical_dav::Error::PropReadOnly),
                 CalendarProp::CalendarTimezoneId(timezone_id) => {
                     if let Some(tzid) = &timezone_id {
-                        // Validate timezone id
+                        if !vtimezones_rs::VTIMEZONES.contains_key(tzid) {
-                        chrono_tz::Tz::from_str(tzid).map_err(|_| {
+                            return Err(rustical_dav::Error::BadRequest(format!(
-                            rustical_dav::Error::BadRequest(format!(
+                                "Invalid timezone-id: {tzid}"
-                                "Invalid timezone-id: {}",
+                            )));
-                                tzid
+                        }
-                            ))
-                        })?;
-                        // TODO: Ensure that timezone is also updated (For now hope that clients play nice)
                     }
                     self.cal.timezone_id = timezone_id;
                     Ok(())
@@ -225,7 +252,7 @@ impl Resource for CalendarResource {
                 CalendarProp::MaxDateTime(_) => Err(rustical_dav::Error::PropReadOnly),
             },
             CalendarPropWrapper::SyncToken(prop) => SyncTokenExtension::set_prop(self, prop),
-            // CalendarPropWrapper::DavPush(prop) => DavPushExtension::set_prop(self, prop),
+            CalendarPropWrapper::DavPush(prop) => DavPushExtension::set_prop(self, prop),
             CalendarPropWrapper::Common(prop) => CommonPropertiesExtension::set_prop(self, prop),
         }
     }
@@ -244,15 +271,11 @@ impl Resource for CalendarResource {
                     self.cal.description = None;
                     Ok(())
                 }
-                CalendarPropName::CalendarTimezone => {
+                CalendarPropName::CalendarTimezone | CalendarPropName::CalendarTimezoneId => {
-                    self.cal.timezone = None;
-                    Ok(())
-                }
-                CalendarPropName::TimezoneServiceSet => Err(rustical_dav::Error::PropReadOnly),
-                CalendarPropName::CalendarTimezoneId => {
                     self.cal.timezone_id = None;
                     Ok(())
                 }
+                CalendarPropName::TimezoneServiceSet => Err(rustical_dav::Error::PropReadOnly),
                 CalendarPropName::CalendarOrder => {
                     self.cal.order = 0;
                     Ok(())
@@ -269,7 +292,7 @@ impl Resource for CalendarResource {
                 CalendarPropName::MaxDateTime => Err(rustical_dav::Error::PropReadOnly),
             },
             CalendarPropWrapperName::SyncToken(prop) => SyncTokenExtension::remove_prop(self, prop),
-            // CalendarPropWrapperName::DavPush(prop) => DavPushExtension::remove_prop(self, prop),
+            CalendarPropWrapperName::DavPush(prop) => DavPushExtension::remove_prop(self, prop),
             CalendarPropWrapperName::Common(prop) => {
                 CommonPropertiesExtension::remove_prop(self, prop)
             }
@@ -288,8 +311,13 @@ impl Resource for CalendarResource {
         Some(&self.cal.principal)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
-        if self.cal.subscription_url.is_some() || self.read_only {
+        if self.cal.subscription_url.is_some() {
+            return Ok(UserPrivilegeSet::owner_write_properties(
+                user.is_principal(&self.cal.principal),
+            ));
+        }
+        if self.read_only {
             return Ok(UserPrivilegeSet::owner_read(
                 user.is_principal(&self.cal.principal),
             ));
@@ -300,3 +328,15 @@ impl Resource for CalendarResource {
         ))
     }
 }
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn test_tzdb_version() {
+        // Ensure that both chrono_tz and vzic_rs use the same tzdb version
+        assert_eq!(
+            chrono_tz::IANA_TZDB_VERSION,
+            vtimezones_rs::IANA_TZDB_VERSION
+        );
+    }
+}

crates/caldav/src/calendar/service.rs

@@ -1,5 +1,7 @@
 use crate::calendar::methods::get::route_get;
+use crate::calendar::methods::import::route_import;
 use crate::calendar::methods::mkcalendar::route_mkcalendar;
+use crate::calendar::methods::post::route_post;
 use crate::calendar::methods::report::route_report_calendar;
 use crate::calendar::resource::CalendarResource;
 use crate::calendar_object::CalendarObjectResourceService;
@@ -12,7 +14,7 @@ use axum::handler::Handler;
 use axum::response::Response;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::convert::Infallible;
 use std::sync::Arc;
@@ -47,16 +49,20 @@ impl<C: CalendarStore, S: SubscriptionStore> ResourceService for CalendarResourc
     type PathComponents = (String, String); // principal, calendar_id
     type Resource = CalendarResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
-    const DAV_HEADER: &str = "1, 3, access-control, calendar-access";
+    const DAV_HEADER: &str = "1, 3, access-control, calendar-access, webdav-push";
 
     async fn get_resource(
         &self,
         (principal, cal_id): &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Error> {
-        let calendar = self.cal_store.get_calendar(principal, cal_id).await?;
+        let calendar = self
+            .cal_store
+            .get_calendar(principal, cal_id, show_deleted)
+            .await?;
         Ok(CalendarResource {
             cal: calendar,
             read_only: self.cal_store.is_read_only(cal_id),
@@ -126,6 +132,20 @@ impl<C: CalendarStore, S: SubscriptionStore> AxumMethods for CalendarResourceSer
         })
     }
 
+    fn post() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
+        Some(|state, req| {
+            let mut service = Handler::with_state(route_post::<C, S>, state);
+            Box::pin(Service::call(&mut service, req))
+        })
+    }
+
+    fn import() -> Option<rustical_dav::resource::MethodFunction<Self>> {
+        Some(|state, req| {
+            let mut service = Handler::with_state(route_import::<C, S>, state);
+            Box::pin(Service::call(&mut service, req))
+        })
+    }
+
     fn mkcalendar() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>>
     {
         Some(|state, req| {

crates/caldav/src/calendar/test_files/propfind.outputs

@@ -0,0 +1,222 @@
+<?xml version="1.0" encoding="utf-8"?>
+<response xmlns:CS="http://calendarserver.org/ns/" xmlns:CARD="urn:ietf:params:xml:ns:carddav" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns="DAV:" xmlns:PUSH="https://bitfire.at/webdav-push">
+    <href>/caldav/principal/user/calendar/</href>
+    <propstat>
+        <prop>
+            <calendar-color xmlns="http://apple.com/ns/ical/"/>
+            <calendar-description xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <calendar-timezone xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <timezone-service-set xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <calendar-timezone-id xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <calendar-order xmlns="http://apple.com/ns/ical/"/>
+            <supported-calendar-component-set xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <supported-calendar-data xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <max-resource-size xmlns="DAV:"/>
+            <supported-report-set xmlns="DAV:"/>
+            <source xmlns="http://calendarserver.org/ns/"/>
+            <min-date-time xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <max-date-time xmlns="urn:ietf:params:xml:ns:caldav"/>
+            <sync-token xmlns="DAV:"/>
+            <getctag xmlns="http://calendarserver.org/ns/"/>
+            <transports xmlns="https://bitfire.at/webdav-push"/>
+            <topic xmlns="https://bitfire.at/webdav-push"/>
+            <supported-triggers xmlns="https://bitfire.at/webdav-push"/>
+            <resourcetype xmlns="DAV:"/>
+            <displayname xmlns="DAV:"/>
+            <current-user-principal xmlns="DAV:"/>
+            <current-user-privilege-set xmlns="DAV:"/>
+            <owner xmlns="DAV:"/>
+        </prop>
+        <status>HTTP/1.1 200 OK</status>
+    </propstat>
+</response>
+
+
+<?xml version="1.0" encoding="utf-8"?>
+<response xmlns:CS="http://calendarserver.org/ns/" xmlns:CARD="urn:ietf:params:xml:ns:carddav" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns="DAV:" xmlns:PUSH="https://bitfire.at/webdav-push">
+    <href>/caldav/principal/user/calendar/</href>
+    <propstat>
+        <prop>
+            <CAL:calendar-timezone>BEGIN:VCALENDAR
+PRODID:-//github.com/lennart-k/vzic-rs//RustiCal Calendar server//EN
+VERSION:2.0
+BEGIN:VTIMEZONE
+TZID:Europe/Berlin
+LAST-MODIFIED:20250723T190331Z
+X-LIC-LOCATION:Europe/Berlin
+X-PROLEPTIC-TZNAME:LMT
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+005328
+TZOFFSETTO:+0100
+DTSTART:18930401T000000
+END:STANDARD
+BEGIN:DAYLIGHT
+TZNAME:CEST
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+DTSTART:19160430T230000
+RDATE:19400401T020000
+RDATE:19430329T020000
+RDATE:19460414T020000
+RDATE:19470406T030000
+RDATE:19480418T020000
+RDATE:19490410T020000
+RDATE:19800406T020000
+END:DAYLIGHT
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19161001T010000
+RDATE:19421102T030000
+RDATE:19431004T030000
+RDATE:19441002T030000
+RDATE:19451118T030000
+RDATE:19461007T030000
+END:STANDARD
+BEGIN:DAYLIGHT
+TZNAME:CEST
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+DTSTART:19170416T020000
+RRULE:FREQ=YEARLY;BYMONTH=4;BYDAY=3MO;UNTIL=19180415T010000Z
+END:DAYLIGHT
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19170917T030000
+RRULE:FREQ=YEARLY;BYMONTH=9;BYDAY=3MO;UNTIL=19180916T010000Z
+END:STANDARD
+BEGIN:DAYLIGHT
+TZNAME:CEST
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+DTSTART:19440403T020000
+RRULE:FREQ=YEARLY;BYMONTH=4;BYDAY=1MO;UNTIL=19450402T010000Z
+END:DAYLIGHT
+BEGIN:DAYLIGHT
+TZNAME:CEMT
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0300
+DTSTART:19450524T020000
+RDATE:19470511T030000
+END:DAYLIGHT
+BEGIN:DAYLIGHT
+TZNAME:CEST
+TZOFFSETFROM:+0300
+TZOFFSETTO:+0200
+DTSTART:19450924T030000
+RDATE:19470629T030000
+END:DAYLIGHT
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0100
+DTSTART:19460101T000000
+RDATE:19800101T000000
+END:STANDARD
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19471005T030000
+RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=1SU;UNTIL=19491002T010000Z
+END:STANDARD
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19800928T030000
+RRULE:FREQ=YEARLY;BYMONTH=9;BYDAY=-1SU;UNTIL=19950924T010000Z
+END:STANDARD
+BEGIN:DAYLIGHT
+TZNAME:CEST
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+DTSTART:19810329T020000
+RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
+END:DAYLIGHT
+BEGIN:STANDARD
+TZNAME:CET
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19961027T030000
+RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
+END:STANDARD
+END:VTIMEZONE
+END:VCALENDAR
+</CAL:calendar-timezone>
+            <CAL:timezone-service-set>
+                <href>https://www.iana.org/time-zones</href>
+            </CAL:timezone-service-set>
+            <CAL:calendar-timezone-id>Europe/Berlin</CAL:calendar-timezone-id>
+            <calendar-order xmlns="http://apple.com/ns/ical/">0</calendar-order>
+            <CAL:supported-calendar-component-set>
+                <CAL:comp name="VEVENT"/>
+                <CAL:comp name="VTODO"/>
+            </CAL:supported-calendar-component-set>
+            <CAL:supported-calendar-data>
+                <CAL:calendar-data content-type="text/calendar" version="2.0"/>
+            </CAL:supported-calendar-data>
+            <max-resource-size>10000000</max-resource-size>
+            <supported-report-set>
+                <supported-report>
+                    <report>
+                        <CAL:calendar-query/>
+                    </report>
+                </supported-report>
+                <supported-report>
+                    <report>
+                        <CAL:calendar-multiget/>
+                    </report>
+                </supported-report>
+                <supported-report>
+                    <report>
+                        <sync-collection/>
+                    </report>
+                </supported-report>
+            </supported-report-set>
+            <CAL:min-date-time>-2621430101T000000Z</CAL:min-date-time>
+            <CAL:max-date-time>+2621421231T235959Z</CAL:max-date-time>
+            <sync-token>github.com/lennart-k/rustical/ns/12</sync-token>
+            <CS:getctag>github.com/lennart-k/rustical/ns/12</CS:getctag>
+            <PUSH:transports>
+                <PUSH:web-push/>
+            </PUSH:transports>
+            <PUSH:topic>b28b41e9-8801-4fc5-ae29-8efb5fadeb36</PUSH:topic>
+            <PUSH:supported-triggers>
+                <PUSH:content-update>
+                    <depth>1</depth>
+                </PUSH:content-update>
+                <PUSH:property-update>
+                    <depth>1</depth>
+                </PUSH:property-update>
+            </PUSH:supported-triggers>
+            <resourcetype>
+                <collection/>
+                <CAL:calendar/>
+            </resourcetype>
+            <displayname>Calendar</displayname>
+            <current-user-principal>
+                <href>/caldav/principal/user/</href>
+            </current-user-principal>
+            <current-user-privilege-set>
+                <privilege>
+                    <read/>
+                </privilege>
+                <privilege>
+                    <read-acl/>
+                </privilege>
+                <privilege>
+                    <read-current-user-privilege-set/>
+                </privilege>
+            </current-user-privilege-set>
+            <owner>
+                <href>/caldav/principal/user/</href>
+            </owner>
+        </prop>
+        <status>HTTP/1.1 200 OK</status>
+    </propstat>
+</response>

crates/caldav/src/calendar/test_files/propfind.principals.json

@@ -0,0 +1,11 @@
+[
+  {
+    "id": "user",
+    "displayname": null,
+    "principal_type": "individual",
+    "password": null,
+    "memberships": [
+      "group"
+    ]
+  }
+]

crates/caldav/src/calendar/test_files/propfind.requests

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<propfind xmlns="DAV:"><propname/></propfind>
+
+
+<?xml version="1.0" encoding="UTF-8"?>
+<propfind xmlns="DAV:"><allprop/></propfind>

crates/caldav/src/calendar/test_files/propfind.resources.json

@@ -0,0 +1,42 @@
+[
+  {
+    "cal": {
+      "principal": "user",
+      "id": "calendar",
+      "displayname": "Calendar",
+      "order": 0,
+      "description": null,
+      "color": null,
+      "timezone_id": "Europe/Berlin",
+      "deleted_at": null,
+      "synctoken": 12,
+      "subscription_url": null,
+      "push_topic": "b28b41e9-8801-4fc5-ae29-8efb5fadeb36",
+      "components": [
+        "VEVENT",
+        "VTODO"
+      ]
+    },
+    "read_only": true
+  },
+  {
+    "cal": {
+      "principal": "user",
+      "id": "calendar",
+      "displayname": "Calendar",
+      "order": 0,
+      "description": null,
+      "color": null,
+      "timezone_id": "Europe/Berlin",
+      "deleted_at": null,
+      "synctoken": 12,
+      "subscription_url": null,
+      "push_topic": "b28b41e9-8801-4fc5-ae29-8efb5fadeb36",
+      "components": [
+        "VEVENT",
+        "VTODO"
+      ]
+    },
+    "read_only": true
+  }
+]

crates/caldav/src/calendar/tests.rs

@@ -0,0 +1,47 @@
+use crate::{CalDavPrincipalUri, calendar::resource::CalendarResource};
+use rustical_dav::resource::Resource;
+use rustical_store::auth::Principal;
+use rustical_xml::XmlSerializeRoot;
+use serde_json::from_str;
+
+// #[tokio::test]
+async fn test_propfind() {
+    let requests: Vec<_> = include_str!("./test_files/propfind.requests")
+        .trim()
+        .split("\n\n")
+        .collect();
+    let principals: Vec<Principal> =
+        from_str(include_str!("./test_files/propfind.principals.json")).unwrap();
+    let resources: Vec<CalendarResource> =
+        from_str(include_str!("./test_files/propfind.resources.json")).unwrap();
+    let outputs: Vec<_> = include_str!("./test_files/propfind.outputs")
+        .trim()
+        .split("\n\n")
+        .collect();
+
+    for principal in principals {
+        for ((request, resource), &expected_output) in requests.iter().zip(&resources).zip(&outputs)
+        {
+            let propfind = CalendarResource::parse_propfind(request).unwrap();
+
+            let response = resource
+                .propfind(
+                    &format!("/caldav/principal/{}/{}", principal.id, resource.cal.id),
+                    &propfind.prop,
+                    propfind.include.as_ref(),
+                    &CalDavPrincipalUri("/caldav"),
+                    &principal,
+                )
+                .unwrap();
+            let expected_output = expected_output.trim();
+            let output = response
+                .serialize_to_string()
+                .unwrap()
+                .trim()
+                .replace("\r\n", "\n");
+            println!("{output}");
+            println!("{}, {} \n\n\n", output.len(), expected_output.len());
+            assert_eq!(output, expected_output);
+        }
+    }
+}

crates/caldav/src/calendar_object/methods.rs

@@ -6,10 +6,10 @@ use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use axum_extra::TypedHeader;
 use headers::{ContentType, ETag, HeaderMapExt, IfNoneMatch};
-use http::{HeaderMap, StatusCode};
+use http::{HeaderMap, Method, StatusCode};
 use rustical_ical::CalendarObject;
 use rustical_store::CalendarStore;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use std::str::FromStr;
 use tracing::instrument;
 
@@ -21,26 +21,33 @@ pub async fn get_event<C: CalendarStore>(
         object_id,
     }): Path<CalendarObjectPathComponents>,
     State(CalendarObjectResourceService { cal_store }): State<CalendarObjectResourceService<C>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, false)
+        .await?;
     if !user.is_principal(&calendar.principal) {
         return Err(crate::Error::Unauthorized);
     }
 
     let event = cal_store
-        .get_object(&principal, &calendar_id, &object_id)
+        .get_object(&principal, &calendar_id, &object_id, false)
         .await?;
 
     let mut resp = Response::builder().status(StatusCode::OK);
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ETag::from_str(&event.get_etag()).unwrap());
     hdrs.typed_insert(ContentType::from_str("text/calendar").unwrap());
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
         Ok(resp.body(Body::new(event.get_ics().to_owned())).unwrap())
+    }
 }
 
 #[instrument(skip(cal_store))]
@@ -51,7 +58,7 @@ pub async fn put_event<C: CalendarStore>(
         object_id,
     }): Path<CalendarObjectPathComponents>,
     State(CalendarObjectResourceService { cal_store }): State<CalendarObjectResourceService<C>>,
-    user: User,
+    user: Principal,
     mut if_none_match: Option<TypedHeader<IfNoneMatch>>,
     header_map: HeaderMap,
     body: String,
@@ -71,12 +78,13 @@ pub async fn put_event<C: CalendarStore>(
         true
     };
 
-    let object = match CalendarObject::from_ics(object_id, body) {
+    let object = match CalendarObject::from_ics(body) {
         Ok(obj) => obj,
         Err(_) => {
             return Err(Error::PreconditionFailed(Precondition::ValidCalendarData));
         }
     };
+    assert_eq!(object.get_id(), object_id);
     cal_store
         .put_object(principal, calendar_id, object, overwrite)
         .await?;

crates/caldav/src/calendar_object/resource.rs

@@ -8,7 +8,7 @@ use rustical_dav::{
     xml::Resourcetype,
 };
 use rustical_ical::CalendarObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, From, Into)]
 pub struct CalendarObjectResource {
@@ -25,9 +25,11 @@ impl ResourceName for CalendarObjectResource {
 impl Resource for CalendarObjectResource {
     type Prop = CalendarObjectPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = false;
+    fn is_collection(&self) -> bool {
+        false
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[])
@@ -36,7 +38,7 @@ impl Resource for CalendarObjectResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &CalendarObjectPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -67,7 +69,6 @@ impl Resource for CalendarObjectResource {
     }
 
     fn get_displayname(&self) -> Option<&str> {
-        // TODO: Extract summary from object
         None
     }
 
@@ -79,7 +80,7 @@ impl Resource for CalendarObjectResource {
         Some(self.object.get_etag())
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal),
         ))

crates/caldav/src/calendar_object/service.rs

@@ -9,7 +9,7 @@ use async_trait::async_trait;
 use axum::{extract::Request, handler::Handler, response::Response};
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::{CalendarStore, auth::User};
+use rustical_store::{CalendarStore, auth::Principal};
 use serde::{Deserialize, Deserializer};
 use std::{convert::Infallible, sync::Arc};
 use tower::Service;
@@ -46,7 +46,7 @@ impl<C: CalendarStore> ResourceService for CalendarObjectResourceService<C> {
     type Resource = CalendarObjectResource;
     type MemberType = CalendarObjectResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, calendar-access";
@@ -58,10 +58,11 @@ impl<C: CalendarStore> ResourceService for CalendarObjectResourceService<C> {
             calendar_id,
             object_id,
         }: &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let object = self
             .cal_store
-            .get_object(principal, calendar_id, object_id)
+            .get_object(principal, calendar_id, object_id, show_deleted)
             .await?;
         Ok(CalendarObjectResource {
             object,

crates/caldav/src/lib.rs

@@ -1,12 +1,10 @@
-use axum::response::Redirect;
-use axum::routing::any;
 use axum::{Extension, Router};
 use derive_more::Constructor;
 use principal::PrincipalResourceService;
 use rustical_dav::resource::{PrincipalUri, ResourceService};
 use rustical_dav::resources::RootResourceService;
 use rustical_store::auth::middleware::AuthenticationLayer;
-use rustical_store::auth::{AuthenticationProvider, User};
+use rustical_store::auth::{AuthenticationProvider, Principal};
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::sync::Arc;
 
@@ -14,8 +12,6 @@ pub mod calendar;
 pub mod calendar_object;
 pub mod error;
 pub mod principal;
-// mod subscription;
-
 pub use error::Error;
 
 #[derive(Debug, Clone, Constructor)]
@@ -35,23 +31,18 @@ pub fn caldav_router<AP: AuthenticationProvider, C: CalendarStore, S: Subscripti
     auth_provider: Arc<AP>,
     store: Arc<C>,
     subscription_store: Arc<S>,
+    simplified_home_set: bool,
 ) -> Router {
-    let principal_service = PrincipalResourceService {
+    Router::new().nest(
+        prefix,
+        RootResourceService::<_, Principal, CalDavPrincipalUri>::new(PrincipalResourceService {
             auth_provider: auth_provider.clone(),
             sub_store: subscription_store.clone(),
             cal_store: store.clone(),
-    };
+            simplified_home_set,
-
+        })
-    Router::new()
-        .nest(
-            prefix,
-            RootResourceService::<_, User, CalDavPrincipalUri>::new(principal_service.clone())
         .axum_router()
         .layer(AuthenticationLayer::new(auth_provider))
         .layer(Extension(CalDavPrincipalUri(prefix))),
     )
-        .route(
-            "/.well-known/caldav",
-            any(async || Redirect::permanent(prefix)),
-        )
 }

crates/caldav/src/principal/mod.rs

@@ -2,17 +2,24 @@ use crate::Error;
 use rustical_dav::extensions::CommonPropertiesExtension;
 use rustical_dav::privileges::UserPrivilegeSet;
 use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
-use rustical_dav::xml::{Resourcetype, ResourcetypeInner};
+use rustical_dav::xml::{
-use rustical_store::auth::User;
+    GroupMemberSet, GroupMembership, Resourcetype, ResourcetypeInner, SupportedReportSet,
+};
+use rustical_store::auth::Principal;
 
 mod service;
 pub use service::*;
 mod prop;
 pub use prop::*;
+#[cfg(test)]
+pub mod tests;
 
-#[derive(Clone)]
+#[derive(Debug, Clone)]
 pub struct PrincipalResource {
-    principal: User,
+    principal: Principal,
+    members: Vec<String>,
+    // If true only return the principal as the calendar home set, otherwise also groups
+    simplified_home_set: bool,
 }
 
 impl ResourceName for PrincipalResource {
@@ -24,9 +31,11 @@ impl ResourceName for PrincipalResource {
 impl Resource for PrincipalResource {
     type Prop = PrincipalPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
@@ -38,19 +47,11 @@ impl Resource for PrincipalResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &PrincipalPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         let principal_url = puri.principal_uri(&self.principal.id);
 
-        let home_set = CalendarHomeSet(
-            self.principal
-                .memberships()
-                .into_iter()
-                .map(|principal| puri.principal_uri(principal).into())
-                .collect(),
-        );
-
         Ok(match prop {
             PrincipalPropWrapperName::Principal(prop) => {
                 PrincipalPropWrapper::Principal(match prop {
@@ -60,10 +61,28 @@ impl Resource for PrincipalResource {
                     PrincipalPropName::PrincipalUrl => {
                         PrincipalProp::PrincipalUrl(principal_url.into())
                     }
-                    PrincipalPropName::CalendarHomeSet => PrincipalProp::CalendarHomeSet(home_set),
+                    PrincipalPropName::CalendarHomeSet => PrincipalProp::CalendarHomeSet(
+                        CalendarHomeSet(if self.simplified_home_set {
+                            vec![principal_url.into()]
+                        } else {
+                            self.principal
+                                .memberships()
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect()
+                        }),
+                    ),
                     PrincipalPropName::CalendarUserAddressSet => {
                         PrincipalProp::CalendarUserAddressSet(principal_url.into())
                     }
+                    PrincipalPropName::GroupMemberSet => {
+                        PrincipalProp::GroupMemberSet(GroupMemberSet(
+                            self.members
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect(),
+                        ))
+                    }
                     PrincipalPropName::GroupMembership => {
                         PrincipalProp::GroupMembership(GroupMembership(
                             self.principal
@@ -74,10 +93,11 @@ impl Resource for PrincipalResource {
                         ))
                     }
                     PrincipalPropName::AlternateUriSet => PrincipalProp::AlternateUriSet,
-                    PrincipalPropName::PrincipalCollectionSet => {
+                    // PrincipalPropName::PrincipalCollectionSet => {
-                        PrincipalProp::PrincipalCollectionSet(PrincipalCollectionSet(
+                    //     PrincipalProp::PrincipalCollectionSet(puri.principal_collection().into())
-                            puri.principal_collection().into(),
+                    // }
-                        ))
+                    PrincipalPropName::SupportedReportSet => {
+                        PrincipalProp::SupportedReportSet(SupportedReportSet::all())
                     }
                 })
             }
@@ -100,8 +120,8 @@ impl Resource for PrincipalResource {
         Some(&self.principal.id)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
-        Ok(UserPrivilegeSet::owner_read(
+        Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal.id),
         ))
     }

crates/caldav/src/principal/prop.rs

@@ -1,6 +1,10 @@
-use rustical_dav::{extensions::CommonPropertiesProp, xml::HrefElement};
+use rustical_dav::{
-use rustical_store::auth::user::PrincipalType;
+    extensions::CommonPropertiesProp,
+    xml::{GroupMemberSet, GroupMembership, HrefElement, SupportedReportSet},
+};
+use rustical_store::auth::PrincipalType;
 use rustical_xml::{EnumVariants, PropName, XmlDeserialize, XmlSerialize};
+use strum_macros::VariantArray;
 
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "PrincipalPropName")]
@@ -16,16 +20,23 @@ pub enum PrincipalProp {
     PrincipalUrl(HrefElement),
     #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     GroupMembership(GroupMembership),
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
+    GroupMemberSet(GroupMemberSet),
     #[xml(ns = "rustical_dav::namespace::NS_DAV", rename = b"alternate-URI-set")]
     AlternateUriSet,
-    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
+    // #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    PrincipalCollectionSet(PrincipalCollectionSet),
+    // PrincipalCollectionSet(HrefElement),
+    #[xml(ns = "rustical_dav::namespace::NS_DAV", skip_deserializing)]
+    SupportedReportSet(SupportedReportSet<ReportMethod>),
 
     // CalDAV (RFC 4791)
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     CalendarHomeSet(CalendarHomeSet),
 }
 
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct CalendarHomeSet(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);
+
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "PrincipalPropWrapperName", untagged)]
 pub enum PrincipalPropWrapper {
@@ -33,11 +44,9 @@ pub enum PrincipalPropWrapper {
     Common(CommonPropertiesProp),
 }
 
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+#[derive(XmlSerialize, PartialEq, Clone, VariantArray)]
-pub struct CalendarHomeSet(#[xml(ty = "untagged", flatten)] pub(super) Vec<HrefElement>);
+pub enum ReportMethod {
-
+    // We don't actually support principal-match
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-pub struct GroupMembership(#[xml(ty = "untagged", flatten)] pub(super) Vec<HrefElement>);
+    PrincipalMatch,
-
+}
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
-pub struct PrincipalCollectionSet(#[xml(ty = "untagged")] pub(super) HrefElement);

crates/caldav/src/principal/service.rs

@@ -5,7 +5,7 @@ use crate::{CalDavPrincipalUri, Error};
 use async_trait::async_trait;
 use axum::Router;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::{AuthenticationProvider, User};
+use rustical_store::auth::{AuthenticationProvider, Principal};
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::sync::Arc;
 
@@ -18,6 +18,8 @@ pub struct PrincipalResourceService<
     pub(crate) auth_provider: Arc<AP>,
     pub(crate) sub_store: Arc<S>,
     pub(crate) cal_store: Arc<CS>,
+    // If true only return the principal as the calendar home set, otherwise also groups
+    pub(crate) simplified_home_set: bool,
 }
 
 impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Clone
@@ -28,6 +30,7 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Clone
             auth_provider: self.auth_provider.clone(),
             sub_store: self.sub_store.clone(),
             cal_store: self.cal_store.clone(),
+            simplified_home_set: self.simplified_home_set,
         }
     }
 }
@@ -40,7 +43,7 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Resour
     type MemberType = CalendarResource;
     type Resource = PrincipalResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, calendar-access";
@@ -48,13 +51,18 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Resour
     async fn get_resource(
         &self,
         (principal,): &Self::PathComponents,
+        _show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let user = self
             .auth_provider
             .get_principal(principal)
             .await?
             .ok_or(crate::Error::NotFound)?;
-        Ok(PrincipalResource { principal: user })
+        Ok(PrincipalResource {
+            members: self.auth_provider.list_members(&user.id).await?,
+            principal: user,
+            simplified_home_set: self.simplified_home_set,
+        })
     }
 
     async fn get_members(

crates/caldav/src/principal/tests.rs

@@ -0,0 +1,83 @@
+use std::sync::Arc;
+
+use crate::{
+    CalDavPrincipalUri,
+    principal::{PrincipalResource, PrincipalResourceService},
+};
+use rstest::rstest;
+use rustical_dav::resource::{Resource, ResourceService};
+use rustical_store::auth::{Principal, PrincipalType::Individual};
+use rustical_store_sqlite::{
+    SqliteStore,
+    calendar_store::SqliteCalendarStore,
+    principal_store::SqlitePrincipalStore,
+    tests::{get_test_calendar_store, get_test_principal_store, get_test_subscription_store},
+};
+use rustical_xml::XmlSerializeRoot;
+
+#[rstest]
+#[tokio::test]
+async fn test_principal_resource(
+    #[from(get_test_calendar_store)]
+    #[future]
+    cal_store: SqliteCalendarStore,
+    #[from(get_test_principal_store)]
+    #[future]
+    auth_provider: SqlitePrincipalStore,
+    #[from(get_test_subscription_store)]
+    #[future]
+    sub_store: SqliteStore,
+) {
+    let service = PrincipalResourceService {
+        cal_store: Arc::new(cal_store.await),
+        sub_store: Arc::new(sub_store.await),
+        auth_provider: Arc::new(auth_provider.await),
+        simplified_home_set: false,
+    };
+
+    assert!(matches!(
+        service
+            .get_resource(&("invalid-user".to_owned(),), true)
+            .await,
+        Err(crate::Error::NotFound)
+    ));
+
+    let _principal_resource = service
+        .get_resource(&("user".to_owned(),), true)
+        .await
+        .unwrap();
+}
+
+#[tokio::test]
+async fn test_propfind() {
+    let propfind = PrincipalResource::parse_propfind(
+        r#"<?xml version="1.0" encoding="UTF-8"?><propfind xmlns="DAV:"><allprop/></propfind>"#,
+    )
+    .unwrap();
+
+    let principal = Principal {
+        id: "user".to_string(),
+        displayname: None,
+        principal_type: Individual,
+        password: None,
+        memberships: vec!["group".to_string()],
+    };
+
+    let resource = PrincipalResource {
+        principal: principal.clone(),
+        members: vec![],
+        simplified_home_set: false,
+    };
+
+    let response = resource
+        .propfind(
+            &format!("/caldav/principal/{}", principal.id),
+            &propfind.prop,
+            propfind.include.as_ref(),
+            &CalDavPrincipalUri("/caldav"),
+            &principal,
+        )
+        .unwrap();
+
+    let output = response.serialize_to_string().unwrap();
+}

crates/caldav/src/subscription.rs

@@ -1,33 +0,0 @@
-use std::sync::Arc;
-
-use actix_web::{
-    HttpResponse,
-    web::{self, Data, Path},
-};
-use rustical_dav::xml::multistatus::PropstatElement;
-use rustical_store::SubscriptionStore;
-use rustical_xml::{XmlRootTag, XmlSerialize};
-
-use crate::calendar::resource::CalendarProp;
-
-async fn handle_delete<S: SubscriptionStore>(
-    store: Data<S>,
-    path: Path<String>,
-) -> Result<HttpResponse, rustical_store::Error> {
-    let id = path.into_inner();
-    store.delete_subscription(&id).await?;
-    Ok(HttpResponse::NoContent().body("Unregistered"))
-}
-
-pub fn subscription_resource<S: SubscriptionStore>(sub_store: Arc<S>) -> actix_web::Resource {
-    web::resource("/subscription/{id}")
-        .app_data(Data::from(sub_store))
-        .name("subscription")
-        .delete(handle_delete::<S>)
-}
-
-#[derive(XmlSerialize, XmlRootTag)]
-#[xml(root = b"push-message", ns = "rustical_dav::namespace::NS_DAVPUSH")]
-pub struct PushMessage {
-    propstat: PropstatElement<CalendarProp>,
-}

crates/carddav/Cargo.toml

@@ -32,3 +32,5 @@ http.workspace = true
 tower-http.workspace = true
 percent-encoding.workspace = true
 ical.workspace = true
+strum.workspace = true
+strum_macros.workspace = true

crates/carddav/src/address_object/methods.rs

@@ -7,12 +7,13 @@ use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use axum_extra::TypedHeader;
 use axum_extra::headers::{ContentType, ETag, HeaderMapExt, IfNoneMatch};
+use http::Method;
 use http::{HeaderMap, StatusCode};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_ical::AddressObject;
 use rustical_store::AddressbookStore;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use std::str::FromStr;
 use tracing::instrument;
 
@@ -24,7 +25,8 @@ pub async fn get_object<AS: AddressbookStore>(
         object_id,
     }): Path<AddressObjectPathComponents>,
     State(AddressObjectResourceService { addr_store }): State<AddressObjectResourceService<AS>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
@@ -49,7 +51,11 @@ pub async fn get_object<AS: AddressbookStore>(
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ETag::from_str(&object.get_etag()).unwrap());
     hdrs.typed_insert(ContentType::from_str("text/vcard").unwrap());
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
         Ok(resp.body(Body::new(object.get_vcf().to_owned())).unwrap())
+    }
 }
 
 #[instrument(skip(addr_store, body))]
@@ -60,7 +66,7 @@ pub async fn put_object<AS: AddressbookStore>(
         object_id,
     }): Path<AddressObjectPathComponents>,
     State(AddressObjectResourceService { addr_store }): State<AddressObjectResourceService<AS>>,
-    user: User,
+    user: Principal,
     mut if_none_match: Option<TypedHeader<IfNoneMatch>>,
     header_map: HeaderMap,
     body: String,

crates/carddav/src/address_object/resource.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
     xml::Resourcetype,
 };
 use rustical_ical::AddressObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, From, Into)]
 pub struct AddressObjectResource {
@@ -30,9 +30,11 @@ impl ResourceName for AddressObjectResource {
 impl Resource for AddressObjectResource {
     type Prop = AddressObjectPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = false;
+    fn is_collection(&self) -> bool {
+        false
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[])
@@ -41,7 +43,7 @@ impl Resource for AddressObjectResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &AddressObjectPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -76,7 +78,7 @@ impl Resource for AddressObjectResource {
         Some(self.object.get_etag())
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal),
         ))

crates/carddav/src/address_object/service.rs

@@ -5,7 +5,7 @@ use axum::{extract::Request, handler::Handler, response::Response};
 use derive_more::derive::Constructor;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::{AddressbookStore, auth::User};
+use rustical_store::{AddressbookStore, auth::Principal};
 use serde::{Deserialize, Deserializer};
 use std::{convert::Infallible, sync::Arc};
 use tower::Service;
@@ -37,7 +37,7 @@ impl<AS: AddressbookStore> ResourceService for AddressObjectResourceService<AS>
     type Resource = AddressObjectResource;
     type MemberType = AddressObjectResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CardDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, addressbook";
@@ -49,10 +49,11 @@ impl<AS: AddressbookStore> ResourceService for AddressObjectResourceService<AS>
             addressbook_id,
             object_id,
         }: &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let object = self
             .addr_store
-            .get_object(principal, addressbook_id, object_id, false)
+            .get_object(principal, addressbook_id, object_id, show_deleted)
             .await?;
         Ok(AddressObjectResource {
             object,

crates/carddav/src/addressbook/methods/get.rs

@@ -5,12 +5,12 @@ use axum::body::Body;
 use axum::extract::{Path, State};
 use axum::response::Response;
 use axum_extra::headers::{ContentType, HeaderMapExt};
-use http::{HeaderValue, StatusCode, header};
+use http::{HeaderValue, Method, StatusCode, header};
 use percent_encoding::{CONTROLS, utf8_percent_encode};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_ical::AddressObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, SubscriptionStore};
 use std::str::FromStr;
 use tracing::instrument;
@@ -19,7 +19,8 @@ use tracing::instrument;
 pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
@@ -46,7 +47,7 @@ pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
     let mut resp = Response::builder().status(StatusCode::OK);
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ContentType::from_str("text/vcard").unwrap());
-    let filename = format!("{}_{}.vcf", principal, addressbook_id);
+    let filename = format!("{principal}_{addressbook_id}.vcf");
     let filename = utf8_percent_encode(&filename, CONTROLS);
     hdrs.insert(
         header::CONTENT_DISPOSITION,
@@ -55,5 +56,9 @@ pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
         ))
         .unwrap(),
     );
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
         Ok(resp.body(Body::new(vcf)).unwrap())
+    }
 }

crates/carddav/src/addressbook/methods/import.rs

@@ -0,0 +1,67 @@
+use std::io::BufReader;
+
+use crate::Error;
+use crate::addressbook::AddressbookResourceService;
+use axum::{
+    extract::{Path, State},
+    response::{IntoResponse, Response},
+};
+use http::StatusCode;
+use ical::{
+    parser::{Component, ComponentMut, vcard},
+    property::Property,
+};
+use rustical_store::{Addressbook, AddressbookStore, SubscriptionStore, auth::Principal};
+use tracing::instrument;
+
+#[instrument(skip(resource_service))]
+pub async fn route_import<AS: AddressbookStore, S: SubscriptionStore>(
+    Path((principal, addressbook_id)): Path<(String, String)>,
+    user: Principal,
+    State(resource_service): State<AddressbookResourceService<AS, S>>,
+    body: String,
+) -> Result<Response, Error> {
+    if !user.is_principal(&principal) {
+        return Err(Error::Unauthorized);
+    }
+
+    let parser = vcard::VcardParser::new(BufReader::new(body.as_bytes()));
+
+    let mut objects = vec![];
+    for res in parser {
+        let mut card = res.unwrap();
+        let uid = card.get_uid();
+        if uid.is_none() {
+            let mut card_mut = card.mutable();
+            card_mut.set_property(Property {
+                name: "UID".to_owned(),
+                value: Some(uuid::Uuid::new_v4().to_string()),
+                params: None,
+            });
+            card = card_mut.verify().unwrap();
+        }
+
+        objects.push(card.try_into().unwrap());
+    }
+
+    if objects.is_empty() {
+        return Ok((StatusCode::BAD_REQUEST, "empty addressbook data").into_response());
+    }
+
+    let addressbook = Addressbook {
+        principal,
+        id: addressbook_id,
+        displayname: None,
+        description: None,
+        deleted_at: None,
+        synctoken: 0,
+        push_topic: uuid::Uuid::new_v4().to_string(),
+    };
+
+    let addr_store = resource_service.addr_store;
+    addr_store
+        .import_addressbook(addressbook, objects, false)
+        .await?;
+
+    Ok(StatusCode::OK.into_response())
+}

crates/carddav/src/addressbook/methods/mkcol.rs

@@ -4,7 +4,7 @@ use axum::{
     response::{IntoResponse, Response},
 };
 use http::StatusCode;
-use rustical_store::{Addressbook, AddressbookStore, SubscriptionStore, auth::User};
+use rustical_store::{Addressbook, AddressbookStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument, XmlRootTag};
 use tracing::instrument;
 
@@ -44,7 +44,7 @@ struct MkcolRequest {
 #[instrument(skip(addr_store))]
 pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
     body: String,
 ) -> Result<Response, Error> {
@@ -52,8 +52,10 @@ pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
         return Err(Error::Unauthorized);
     }
 
-    let request = MkcolRequest::parse_str(&body)?;
+    let mut request = MkcolRequest::parse_str(&body)?.set.prop;
-    let request = request.set.prop;
+    if let Some("") = request.displayname.as_deref() {
+        request.displayname = None
+    }
 
     let addressbook = Addressbook {
         id: addressbook_id.to_owned(),
@@ -86,15 +88,8 @@ pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
         }
     }
 
-    match addr_store.insert_addressbook(addressbook).await {
+    addr_store.insert_addressbook(addressbook).await?;
-        // TODO: The spec says we should return a mkcol-response.
+    Ok(StatusCode::CREATED.into_response())
-        // However, it works without one but breaks on iPadOS when using an empty one :)
-        Ok(()) => Ok(StatusCode::CREATED.into_response()),
-        Err(err) => {
-            dbg!(err.to_string());
-            Err(err.into())
-        }
-    }
 }
 
 #[cfg(test)]

crates/carddav/src/addressbook/methods/mod.rs

@@ -1,5 +1,5 @@
-pub mod mkcol;
-// pub mod post;
 pub mod get;
-pub mod put;
+pub mod import;
+pub mod mkcol;
+pub mod post;
 pub mod report;

crates/carddav/src/addressbook/methods/post.rs

@@ -1,33 +1,40 @@
 use crate::Error;
-use crate::addressbook::resource::AddressbookResourceService;
+use crate::addressbook::AddressbookResourceService;
-use actix_web::http::header;
+use crate::addressbook::resource::AddressbookResource;
-use actix_web::web::{Data, Path};
+use axum::extract::{Path, State};
-use actix_web::{HttpRequest, HttpResponse};
+use axum::response::{IntoResponse, Response};
+use http::{HeaderMap, HeaderValue, StatusCode, header};
+use rustical_dav::privileges::UserPrivilege;
+use rustical_dav::resource::Resource;
 use rustical_dav_push::register::PushRegister;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, Subscription, SubscriptionStore};
 use rustical_xml::XmlDocument;
 use tracing::instrument;
-use tracing_actix_web::RootSpan;
 
-#[instrument(parent = root_span.id(), skip(resource_service, root_span, req))]
+#[instrument(skip(resource_service))]
-pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
+pub async fn route_post<AS: AddressbookStore, S: SubscriptionStore>(
-    path: Path<(String, String)>,
+    Path((principal, addr_id)): Path<(String, String)>,
+    user: Principal,
+    State(resource_service): State<AddressbookResourceService<AS, S>>,
     body: String,
-    user: User,
+) -> Result<Response, Error> {
-    resource_service: Data<AddressbookResourceService<A, S>>,
-    root_span: RootSpan,
-    req: HttpRequest,
-) -> Result<HttpResponse, Error> {
-    let (principal, addressbook_id) = path.into_inner();
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
     }
 
     let addressbook = resource_service
         .addr_store
-        .get_addressbook(&principal, &addressbook_id, false)
+        .get_addressbook(&principal, &addr_id, false)
         .await?;
+    let addressbook_resource = AddressbookResource(addressbook);
+    if !addressbook_resource
+        .get_user_privileges(&user)?
+        .has(&UserPrivilege::Read)
+    {
+        return Err(Error::Unauthorized);
+    }
+
     let request = PushRegister::parse_str(&body)?;
     let sub_id = uuid::Uuid::new_v4().to_string();
 
@@ -44,7 +51,7 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
             .web_push_subscription
             .push_resource
             .to_owned(),
-        topic: addressbook.push_topic,
+        topic: addressbook_resource.0.push_topic,
         expiration: expires.naive_local(),
         public_key: request
             .subscription
@@ -63,13 +70,17 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
         .upsert_subscription(subscription)
         .await?;
 
-    let location = req
+    // TODO: make nicer
-        .resource_map()
+    let location = format!("/push_subscription/{sub_id}");
-        .url_for(&req, "subscription", &[sub_id])
+    Ok((
-        .unwrap();
+        StatusCode::CREATED,
-
+        HeaderMap::from_iter([
-    Ok(HttpResponse::Created()
+            (header::LOCATION, HeaderValue::from_str(&location).unwrap()),
-        .append_header((header::LOCATION, location.to_string()))
+            (
-        .append_header((header::EXPIRES, expires.to_rfc2822()))
+                header::EXPIRES,
-        .finish())
+                HeaderValue::from_str(&expires.to_rfc2822()).unwrap(),
+            ),
+        ]),
+    )
+        .into_response())
 }

crates/carddav/src/addressbook/methods/put.rs

@@ -1,47 +0,0 @@
-use crate::Error;
-use crate::addressbook::AddressbookResourceService;
-use axum::response::IntoResponse;
-use axum::{
-    extract::{Path, State},
-    response::Response,
-};
-use http::StatusCode;
-use ical::VcardParser;
-use rustical_ical::AddressObject;
-use rustical_store::Addressbook;
-use rustical_store::{AddressbookStore, SubscriptionStore, auth::User};
-use tracing::instrument;
-
-#[instrument(skip(addr_store))]
-pub async fn route_put<AS: AddressbookStore, S: SubscriptionStore>(
-    Path((principal, addressbook_id)): Path<(String, String)>,
-    State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
-    user: User,
-    body: String,
-) -> Result<Response, Error> {
-    if !user.is_principal(&principal) {
-        return Err(Error::Unauthorized);
-    }
-
-    let mut objects = vec![];
-    for object in VcardParser::new(body.as_bytes()) {
-        let object = object.map_err(rustical_ical::Error::from)?;
-        objects.push(AddressObject::try_from(object)?);
-    }
-
-    let addressbook = Addressbook {
-        id: addressbook_id.clone(),
-        principal: principal.clone(),
-        displayname: None,
-        description: None,
-        deleted_at: None,
-        synctoken: Default::default(),
-        push_topic: uuid::Uuid::new_v4().to_string(),
-    };
-
-    addr_store
-        .import_addressbook(principal.clone(), addressbook, objects)
-        .await?;
-
-    Ok(StatusCode::CREATED.into_response())
-}

crates/carddav/src/addressbook/methods/report/addressbook_multiget.rs

@@ -10,7 +10,7 @@ use rustical_dav::{
     xml::{MultistatusElement, PropfindType, multistatus::ResponseElement},
 };
 use rustical_ical::AddressObject;
-use rustical_store::{AddressbookStore, auth::User};
+use rustical_store::{AddressbookStore, auth::Principal};
 use rustical_xml::XmlDeserialize;
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
@@ -58,12 +58,13 @@ pub async fn get_objects_addressbook_multiget<AS: AddressbookStore>(
     Ok((result, not_found))
 }
 
+#[allow(clippy::too_many_arguments)]
 pub async fn handle_addressbook_multiget<AS: AddressbookStore>(
     addr_multiget: &AddressbookMultigetRequest,
     prop: &PropfindType<AddressObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     cal_id: &str,
     addr_store: &AS,
@@ -80,7 +81,7 @@ pub async fn handle_addressbook_multiget<AS: AddressbookStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, prop, puri, user)?,
+            .propfind(&path, prop, None, puri, user)?,
         );
     }
 

crates/carddav/src/addressbook/methods/report/mod.rs

@@ -9,7 +9,7 @@ use axum::{
     response::IntoResponse,
 };
 use rustical_dav::xml::{PropfindType, sync_collection::SyncCollectionRequest};
-use rustical_store::{AddressbookStore, SubscriptionStore, auth::User};
+use rustical_store::{AddressbookStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument};
 use sync_collection::handle_sync_collection;
 use tracing::instrument;
@@ -37,7 +37,7 @@ impl ReportRequest {
 #[instrument(skip(addr_store))]
 pub async fn route_report_addressbook<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     OriginalUri(uri): OriginalUri,
     Extension(puri): Extension<CardDavPrincipalUri>,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,

crates/carddav/src/addressbook/methods/report/sync_collection.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
 };
 use rustical_store::{
     AddressbookStore,
-    auth::User,
+    auth::Principal,
     synctoken::{format_synctoken, parse_synctoken},
 };
 
@@ -21,7 +21,7 @@ pub async fn handle_sync_collection<AS: AddressbookStore>(
     sync_collection: &SyncCollectionRequest<AddressObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     addressbook_id: &str,
     addr_store: &AS,
@@ -39,7 +39,7 @@ pub async fn handle_sync_collection<AS: AddressbookStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, &sync_collection.prop, puri, user)?,
+            .propfind(&path, &sync_collection.prop, None, puri, user)?,
         );
     }
 

crates/carddav/src/addressbook/prop.rs

@@ -1,6 +1,10 @@
-use rustical_dav::extensions::{CommonPropertiesProp, SyncTokenExtensionProp};
+use rustical_dav::{
+    extensions::{CommonPropertiesProp, SyncTokenExtensionProp},
+    xml::SupportedReportSet,
+};
 use rustical_dav_push::DavPushExtensionProp;
 use rustical_xml::{EnumVariants, PropName, XmlDeserialize, XmlSerialize};
+use strum_macros::VariantArray;
 
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "AddressbookPropName")]
@@ -10,8 +14,8 @@ pub enum AddressbookProp {
     AddressbookDescription(Option<String>),
     #[xml(ns = "rustical_dav::namespace::NS_CARDDAV", skip_deserializing)]
     SupportedAddressData(SupportedAddressData),
-    #[xml(ns = "rustical_dav::namespace::NS_CARDDAV", skip_deserializing)]
+    #[xml(ns = "rustical_dav::namespace::NS_DAV", skip_deserializing)]
-    SupportedReportSet(SupportedReportSet),
+    SupportedReportSet(SupportedReportSet<ReportMethod>),
     #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     MaxResourceSize(i64),
 }
@@ -56,37 +60,10 @@ impl Default for SupportedAddressData {
     }
 }
 
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
+#[derive(Debug, Clone, XmlSerialize, PartialEq, VariantArray)]
 pub enum ReportMethod {
     #[xml(ns = "rustical_dav::namespace::NS_CARDDAV")]
     AddressbookMultiget,
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     SyncCollection,
 }
-
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
-pub struct SupportedReportWrapper {
-    #[xml(ns = "rustical_dav::namespace::NS_CARDDAV")]
-    report: ReportMethod,
-}
-
-// RFC 3253 section-3.1.5
-#[derive(Debug, Clone, XmlSerialize, PartialEq)]
-pub struct SupportedReportSet {
-    #[xml(ns = "rustical_dav::namespace::NS_CARDDAV", flatten)]
-    supported_report: &'static [SupportedReportWrapper],
-}
-
-impl Default for SupportedReportSet {
-    fn default() -> Self {
-        Self {
-            supported_report: &[
-                SupportedReportWrapper {
-                    report: ReportMethod::AddressbookMultiget,
-                },
-                SupportedReportWrapper {
-                    report: ReportMethod::SyncCollection,
-                },
-            ],
-        }
-    }
-}

crates/carddav/src/addressbook/resource.rs

@@ -1,4 +1,4 @@
-use super::prop::{SupportedAddressData, SupportedReportSet};
+use super::prop::SupportedAddressData;
 use crate::Error;
 use crate::addressbook::prop::{
     AddressbookProp, AddressbookPropName, AddressbookPropWrapper, AddressbookPropWrapperName,
@@ -7,10 +7,10 @@ use derive_more::derive::{From, Into};
 use rustical_dav::extensions::{CommonPropertiesExtension, SyncTokenExtension};
 use rustical_dav::privileges::UserPrivilegeSet;
 use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
-use rustical_dav::xml::{Resourcetype, ResourcetypeInner};
+use rustical_dav::xml::{Resourcetype, ResourcetypeInner, SupportedReportSet};
 use rustical_dav_push::DavPushExtension;
 use rustical_store::Addressbook;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, Debug, From, Into)]
 pub struct AddressbookResource(pub(crate) Addressbook);
@@ -36,9 +36,11 @@ impl DavPushExtension for AddressbookResource {
 impl Resource for AddressbookResource {
     type Prop = AddressbookPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
@@ -50,7 +52,7 @@ impl Resource for AddressbookResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &AddressbookPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -60,7 +62,7 @@ impl Resource for AddressbookResource {
                         AddressbookProp::MaxResourceSize(10000000)
                     }
                     AddressbookPropName::SupportedReportSet => {
-                        AddressbookProp::SupportedReportSet(SupportedReportSet::default())
+                        AddressbookProp::SupportedReportSet(SupportedReportSet::all())
                     }
                     AddressbookPropName::AddressbookDescription => {
                         AddressbookProp::AddressbookDescription(self.0.description.to_owned())
@@ -136,7 +138,7 @@ impl Resource for AddressbookResource {
         Some(&self.0.principal)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.0.principal),
         ))

crates/carddav/src/addressbook/service.rs

@@ -3,7 +3,8 @@ use super::methods::report::route_report_addressbook;
 use crate::address_object::AddressObjectResourceService;
 use crate::address_object::resource::AddressObjectResource;
 use crate::addressbook::methods::get::route_get;
-use crate::addressbook::methods::put::route_put;
+use crate::addressbook::methods::import::route_import;
+use crate::addressbook::methods::post::route_post;
 use crate::addressbook::resource::AddressbookResource;
 use crate::{CardDavPrincipalUri, Error};
 use async_trait::async_trait;
@@ -13,7 +14,7 @@ use axum::handler::Handler;
 use axum::response::Response;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, SubscriptionStore};
 use std::convert::Infallible;
 use std::sync::Arc;
@@ -50,18 +51,19 @@ impl<AS: AddressbookStore, S: SubscriptionStore> ResourceService
     type PathComponents = (String, String); // principal, addressbook_id
     type Resource = AddressbookResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CardDavPrincipalUri;
 
-    const DAV_HEADER: &str = "1, 3, access-control, addressbook";
+    const DAV_HEADER: &str = "1, 3, access-control, addressbook, webdav-push";
 
     async fn get_resource(
         &self,
         (principal, addressbook_id): &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Error> {
         let addressbook = self
             .addr_store
-            .get_addressbook(principal, addressbook_id, false)
+            .get_addressbook(principal, addressbook_id, show_deleted)
             .await
             .map_err(|_e| Error::NotFound)?;
         Ok(addressbook.into())
@@ -130,9 +132,16 @@ impl<AS: AddressbookStore, S: SubscriptionStore> AxumMethods for AddressbookReso
         })
     }
 
-    fn put() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
+    fn post() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
         Some(|state, req| {
-            let mut service = Handler::with_state(route_put::<AS, S>, state);
+            let mut service = Handler::with_state(route_post::<AS, S>, state);
+            Box::pin(Service::call(&mut service, req))
+        })
+    }
+
+    fn import() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
+        Some(|state, req| {
+            let mut service = Handler::with_state(route_import::<AS, S>, state);
             Box::pin(Service::call(&mut service, req))
         })
     }

crates/carddav/src/lib.rs

@@ -9,7 +9,7 @@ use rustical_dav::resources::RootResourceService;
 use rustical_store::auth::middleware::AuthenticationLayer;
 use rustical_store::{
     AddressbookStore, SubscriptionStore,
-    auth::{AuthenticationProvider, User},
+    auth::{AuthenticationProvider, Principal},
 };
 use std::sync::Arc;
 
@@ -44,7 +44,9 @@ pub fn carddav_router<AP: AuthenticationProvider, A: AddressbookStore, S: Subscr
     Router::new()
         .nest(
             prefix,
-            RootResourceService::<_, User, CardDavPrincipalUri>::new(principal_service.clone())
+            RootResourceService::<_, Principal, CardDavPrincipalUri>::new(
+                principal_service.clone(),
+            )
             .axum_router()
             .layer(AuthenticationLayer::new(auth_provider))
             .layer(Extension(CardDavPrincipalUri(prefix))),

crates/carddav/src/principal/mod.rs

@@ -2,8 +2,10 @@ use crate::Error;
 use rustical_dav::extensions::CommonPropertiesExtension;
 use rustical_dav::privileges::UserPrivilegeSet;
 use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
-use rustical_dav::xml::{HrefElement, Resourcetype, ResourcetypeInner};
+use rustical_dav::xml::{
-use rustical_store::auth::User;
+    GroupMemberSet, GroupMembership, HrefElement, Resourcetype, ResourcetypeInner,
+};
+use rustical_store::auth::Principal;
 
 mod service;
 pub use service::*;
@@ -12,7 +14,8 @@ pub use prop::*;
 
 #[derive(Debug, Clone)]
 pub struct PrincipalResource {
-    principal: User,
+    principal: Principal,
+    members: Vec<String>,
 }
 
 impl ResourceName for PrincipalResource {
@@ -24,9 +27,11 @@ impl ResourceName for PrincipalResource {
 impl Resource for PrincipalResource {
     type Prop = PrincipalPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
@@ -38,26 +43,23 @@ impl Resource for PrincipalResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &PrincipalPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
-        let principal_href = HrefElement::new(puri.principal_uri(&user.id));
+        let principal_href = HrefElement::new(puri.principal_uri(&self.principal.id));
-
-        let home_set = AddressbookHomeSet(
-            self.principal
-                .memberships()
-                .into_iter()
-                .map(|principal| puri.principal_uri(principal))
-                .map(HrefElement::new)
-                .collect(),
-        );
 
         Ok(match prop {
             PrincipalPropWrapperName::Principal(prop) => {
                 PrincipalPropWrapper::Principal(match prop {
                     PrincipalPropName::PrincipalUrl => PrincipalProp::PrincipalUrl(principal_href),
                     PrincipalPropName::AddressbookHomeSet => {
-                        PrincipalProp::AddressbookHomeSet(home_set)
+                        PrincipalProp::AddressbookHomeSet(AddressbookHomeSet(
+                            self.principal
+                                .memberships()
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect(),
+                        ))
                     }
                     PrincipalPropName::PrincipalAddress => PrincipalProp::PrincipalAddress(None),
                     PrincipalPropName::GroupMembership => {
@@ -69,11 +71,17 @@ impl Resource for PrincipalResource {
                                 .collect(),
                         ))
                     }
+                    PrincipalPropName::GroupMemberSet => {
+                        PrincipalProp::GroupMemberSet(GroupMemberSet(
+                            self.members
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect(),
+                        ))
+                    }
                     PrincipalPropName::AlternateUriSet => PrincipalProp::AlternateUriSet,
                     PrincipalPropName::PrincipalCollectionSet => {
-                        PrincipalProp::PrincipalCollectionSet(PrincipalCollectionSet(
+                        PrincipalProp::PrincipalCollectionSet(puri.principal_collection().into())
-                            puri.principal_collection().into(),
-                        ))
                     }
                 })
             }
@@ -97,7 +105,7 @@ impl Resource for PrincipalResource {
         Some(&self.principal.id)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal.id),
         ))

crates/carddav/src/principal/prop.rs

@@ -1,4 +1,7 @@
-use rustical_dav::{extensions::CommonPropertiesProp, xml::HrefElement};
+use rustical_dav::{
+    extensions::CommonPropertiesProp,
+    xml::{GroupMemberSet, GroupMembership, HrefElement},
+};
 use rustical_xml::{EnumVariants, PropName, XmlDeserialize, XmlSerialize};
 
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
@@ -10,10 +13,12 @@ pub enum PrincipalProp {
     PrincipalUrl(HrefElement),
     #[xml(ns = "rustical_dav::namespace::NS_DAV")]
     GroupMembership(GroupMembership),
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
+    GroupMemberSet(GroupMemberSet),
     #[xml(ns = "rustical_dav::namespace::NS_DAV", rename = b"alternate-URI-set")]
     AlternateUriSet,
     #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    PrincipalCollectionSet(PrincipalCollectionSet),
+    PrincipalCollectionSet(HrefElement),
 
     // CardDAV (RFC 6352)
     #[xml(ns = "rustical_dav::namespace::NS_CARDDAV")]
@@ -22,18 +27,12 @@ pub enum PrincipalProp {
     PrincipalAddress(Option<HrefElement>),
 }
 
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct AddressbookHomeSet(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);
+
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "PrincipalPropWrapperName", untagged)]
 pub enum PrincipalPropWrapper {
     Principal(PrincipalProp),
     Common(CommonPropertiesProp),
 }
-
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
-pub struct AddressbookHomeSet(#[xml(ty = "untagged", flatten)] pub(super) Vec<HrefElement>);
-
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
-pub struct GroupMembership(#[xml(ty = "untagged", flatten)] pub(super) Vec<HrefElement>);
-
-#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
-pub struct PrincipalCollectionSet(#[xml(ty = "untagged")] pub(super) HrefElement);

crates/carddav/src/principal/service.rs

@@ -5,7 +5,7 @@ use crate::{CardDavPrincipalUri, Error};
 use async_trait::async_trait;
 use axum::Router;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::{AuthenticationProvider, User};
+use rustical_store::auth::{AuthenticationProvider, Principal};
 use rustical_store::{AddressbookStore, SubscriptionStore};
 use std::sync::Arc;
 
@@ -51,7 +51,7 @@ impl<A: AddressbookStore, AP: AuthenticationProvider, S: SubscriptionStore> Reso
     type MemberType = AddressbookResource;
     type Resource = PrincipalResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CardDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, addressbook";
@@ -59,13 +59,17 @@ impl<A: AddressbookStore, AP: AuthenticationProvider, S: SubscriptionStore> Reso
     async fn get_resource(
         &self,
         (principal,): &Self::PathComponents,
+        _show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let user = self
             .auth_provider
             .get_principal(principal)
             .await?
             .ok_or(crate::Error::NotFound)?;
-        Ok(PrincipalResource { principal: user })
+        Ok(PrincipalResource {
+            members: self.auth_provider.list_members(&user.id).await?,
+            principal: user,
+        })
     }
 
     async fn get_members(

crates/dav/Cargo.toml

@@ -25,3 +25,6 @@ tracing.workspace = true
 tokio.workspace = true
 http.workspace = true
 headers.workspace = true
+strum.workspace = true
+matchit.workspace = true
+matchit-serde.workspace = true

crates/dav/src/error.rs

@@ -28,6 +28,9 @@ pub enum Error {
 
     #[error("Precondition Failed")]
     PreconditionFailed,
+
+    #[error("Forbidden")]
+    Forbidden,
 }
 
 impl Error {
@@ -49,6 +52,7 @@ impl Error {
             Error::PropReadOnly => StatusCode::CONFLICT,
             Error::PreconditionFailed => StatusCode::PRECONDITION_FAILED,
             Self::IOError(_) => StatusCode::INTERNAL_SERVER_ERROR,
+            Self::Forbidden => StatusCode::FORBIDDEN,
         }
     }
 }

crates/dav/src/privileges.rs

@@ -1,8 +1,10 @@
+use itertools::Itertools;
 use quick_xml::name::Namespace;
 use rustical_xml::{XmlDeserialize, XmlSerialize};
 use std::collections::{HashMap, HashSet};
 
-#[derive(Debug, Clone, XmlSerialize, XmlDeserialize, Eq, Hash, PartialEq)]
+// https://datatracker.ietf.org/doc/html/rfc3744
+#[derive(Debug, Clone, XmlSerialize, XmlDeserialize, Eq, Hash, PartialEq, PartialOrd, Ord)]
 pub enum UserPrivilege {
     Read,
     Write,
@@ -15,12 +17,12 @@ pub enum UserPrivilege {
 }
 
 impl XmlSerialize for UserPrivilegeSet {
-    fn serialize<W: std::io::Write>(
+    fn serialize(
         &self,
         ns: Option<Namespace>,
         tag: Option<&[u8]>,
         namespaces: &HashMap<Namespace, &[u8]>,
-        writer: &mut quick_xml::Writer<W>,
+        writer: &mut quick_xml::Writer<&mut Vec<u8>>,
     ) -> std::io::Result<()> {
         #[derive(XmlSerialize)]
         pub struct FakeUserPrivilegeSet {
@@ -29,12 +31,11 @@ impl XmlSerialize for UserPrivilegeSet {
         }
 
         FakeUserPrivilegeSet {
-            privileges: self.privileges.iter().cloned().collect(),
+            privileges: self.privileges.iter().cloned().sorted().collect(),
         }
         .serialize(ns, tag, namespaces, writer)
     }
 
-    #[allow(refining_impl_trait)]
     fn attributes<'a>(&self) -> Option<Vec<quick_xml::events::attributes::Attribute<'a>>> {
         None
     }
@@ -47,6 +48,12 @@ pub struct UserPrivilegeSet {
 
 impl UserPrivilegeSet {
     pub fn has(&self, privilege: &UserPrivilege) -> bool {
+        if (privilege == &UserPrivilege::WriteProperties
+            || privilege == &UserPrivilege::WriteContent)
+            && self.privileges.contains(&UserPrivilege::Write)
+        {
+            return true;
+        }
         self.privileges.contains(privilege) || self.privileges.contains(&UserPrivilege::All)
     }
 
@@ -72,6 +79,15 @@ impl UserPrivilegeSet {
         }
     }
 
+    pub fn owner_write_properties(is_owner: bool) -> Self {
+        // Content is read-only but we can write properties
+        if is_owner {
+            Self::write_properties()
+        } else {
+            Self::default()
+        }
+    }
+
     pub fn read_only() -> Self {
         Self {
             privileges: HashSet::from([
@@ -81,6 +97,17 @@ impl UserPrivilegeSet {
             ]),
         }
     }
+
+    pub fn write_properties() -> Self {
+        Self {
+            privileges: HashSet::from([
+                UserPrivilege::Read,
+                UserPrivilege::WriteProperties,
+                UserPrivilege::ReadAcl,
+                UserPrivilege::ReadCurrentUserPrivilegeSet,
+            ]),
+        }
+    }
 }
 
 impl<const N: usize> From<[UserPrivilege; N]> for UserPrivilegeSet {

crates/dav/src/resource/axum_methods.rs

@@ -18,11 +18,6 @@ pub trait AxumMethods: Sized + Send + Sync + 'static {
         None
     }
 
-    #[inline]
-    fn head() -> Option<MethodFunction<Self>> {
-        None
-    }
-
     #[inline]
     fn post() -> Option<MethodFunction<Self>> {
         None
@@ -43,6 +38,11 @@ pub trait AxumMethods: Sized + Send + Sync + 'static {
         None
     }
 
+    #[inline]
+    fn import() -> Option<MethodFunction<Self>> {
+        None
+    }
+
     #[inline]
     fn allow_header() -> Allow {
         let mut allow = vec![
@@ -58,8 +58,6 @@ pub trait AxumMethods: Sized + Send + Sync + 'static {
         }
         if Self::get().is_some() {
             allow.push(Method::GET);
-        }
-        if Self::head().is_some() {
             allow.push(Method::HEAD);
         }
         if Self::post().is_some() {
@@ -74,6 +72,9 @@ pub trait AxumMethods: Sized + Send + Sync + 'static {
         if Self::put().is_some() {
             allow.push(Method::PUT);
         }
+        if Self::import().is_some() {
+            allow.push(Method::from_str("IMPORT").unwrap());
+        }
 
         allow.into_iter().collect()
     }

crates/dav/src/resource/axum_service.rs

@@ -72,16 +72,11 @@ where
                     return svc(self.resource_service.clone(), req);
                 }
             }
-            "GET" => {
+            "GET" | "HEAD" => {
                 if let Some(svc) = RS::get() {
                     return svc(self.resource_service.clone(), req);
                 }
             }
-            "HEAD" => {
-                if let Some(svc) = RS::head() {
-                    return svc(self.resource_service.clone(), req);
-                }
-            }
             "POST" => {
                 if let Some(svc) = RS::post() {
                     return svc(self.resource_service.clone(), req);
@@ -102,6 +97,11 @@ where
                     return svc(self.resource_service.clone(), req);
                 }
             }
+            "IMPORT" => {
+                if let Some(svc) = RS::import() {
+                    return svc(self.resource_service.clone(), req);
+                }
+            }
             _ => {}
         };
         Box::pin(async move {

crates/dav/src/resource/methods/copy.rs

@@ -1,25 +1,54 @@
-use axum::{
-    extract::{Path, State},
-    response::{IntoResponse, Response},
-};
-use http::StatusCode;
-use tracing::instrument;
-
 use crate::{
     header::{Depth, Overwrite},
     resource::ResourceService,
 };
+use axum::{
+    extract::{MatchedPath, Path, State},
+    response::{IntoResponse, Response},
+};
+use http::{HeaderMap, StatusCode, Uri};
+use matchit_serde::ParamsDeserializer;
+use serde::Deserialize;
+use tracing::instrument;
 
-#[instrument(skip(_path, _resource_service,))]
+#[instrument(skip(path, resource_service,))]
 pub(crate) async fn axum_route_copy<R: ResourceService>(
-    Path(_path): Path<R::PathComponents>,
+    Path(path): Path<R::PathComponents>,
-    State(_resource_service): State<R>,
+    State(resource_service): State<R>,
     depth: Option<Depth>,
     principal: R::Principal,
     overwrite: Overwrite,
+    matched_path: MatchedPath,
+    header_map: HeaderMap,
 ) -> Result<Response, R::Error> {
-    // TODO: Actually implement, but to be WebDAV-compliant we must at least support this route but
+    let destination = header_map
-    // can return a 403 error
+        .get("Destination")
-    let _depth = depth.unwrap_or(Depth::Infinity);
+        .ok_or(crate::Error::Forbidden)?
+        .to_str()
+        .map_err(|_| crate::Error::Forbidden)?;
+    let destination_uri: Uri = destination.parse().map_err(|_| crate::Error::Forbidden)?;
+    // TODO: Check that host also matches
+    let destination = destination_uri.path();
+
+    let mut router = matchit::Router::new();
+    router.insert(matched_path.as_str(), ()).unwrap();
+    if let Ok(matchit::Match { params, .. }) = router.at(destination) {
+        let params =
+            matchit_serde::Params::try_from(&params).map_err(|_| crate::Error::Forbidden)?;
+        let dest_path = R::PathComponents::deserialize(&ParamsDeserializer::new(params))
+            .map_err(|_| crate::Error::Forbidden)?;
+
+        if resource_service
+            .copy_resource(&path, &dest_path, &principal, overwrite.is_true())
+            .await?
+        {
+            // Overwritten
+            Ok(StatusCode::NO_CONTENT.into_response())
+        } else {
+            // Not overwritten
+            Ok(StatusCode::CREATED.into_response())
+        }
+    } else {
         Ok(StatusCode::FORBIDDEN.into_response())
+    }
 }

crates/dav/src/resource/methods/delete.rs

@@ -45,10 +45,11 @@ pub async fn route_delete<R: ResourceService>(
     if_match: Option<IfMatch>,
     if_none_match: Option<IfNoneMatch>,
 ) -> Result<(), R::Error> {
-    let resource = resource_service.get_resource(path_components).await?;
+    let resource = resource_service.get_resource(path_components, true).await?;
 
+    // Kind of a bodge since we don't get unbind from the parent
     let privileges = resource.get_user_privileges(principal)?;
-    if !privileges.has(&UserPrivilege::Write) {
+    if !privileges.has(&UserPrivilege::WriteProperties) {
         return Err(Error::Unauthorized.into());
     }
 

crates/dav/src/resource/methods/mv.rs

@@ -1,25 +1,54 @@
-use axum::{
-    extract::{Path, State},
-    response::{IntoResponse, Response},
-};
-use http::StatusCode;
-use tracing::instrument;
-
 use crate::{
     header::{Depth, Overwrite},
     resource::ResourceService,
 };
+use axum::{
+    extract::{MatchedPath, Path, State},
+    response::{IntoResponse, Response},
+};
+use http::{HeaderMap, StatusCode, Uri};
+use matchit_serde::ParamsDeserializer;
+use serde::Deserialize;
+use tracing::instrument;
 
-#[instrument(skip(_path, _resource_service,))]
+#[instrument(skip(path, resource_service,))]
 pub(crate) async fn axum_route_move<R: ResourceService>(
-    Path(_path): Path<R::PathComponents>,
+    Path(path): Path<R::PathComponents>,
-    State(_resource_service): State<R>,
+    State(resource_service): State<R>,
     depth: Option<Depth>,
     principal: R::Principal,
     overwrite: Overwrite,
+    matched_path: MatchedPath,
+    header_map: HeaderMap,
 ) -> Result<Response, R::Error> {
-    // TODO: Actually implement, but to be WebDAV-compliant we must at least support this route but
+    let destination = header_map
-    // can return a 403 error
+        .get("Destination")
-    let _depth = depth.unwrap_or(Depth::Infinity);
+        .ok_or(crate::Error::Forbidden)?
+        .to_str()
+        .map_err(|_| crate::Error::Forbidden)?;
+    let destination_uri: Uri = destination.parse().map_err(|_| crate::Error::Forbidden)?;
+    // TODO: Check that host also matches
+    let destination = destination_uri.path();
+
+    let mut router = matchit::Router::new();
+    router.insert(matched_path.as_str(), ()).unwrap();
+    if let Ok(matchit::Match { params, .. }) = router.at(destination) {
+        let params =
+            matchit_serde::Params::try_from(&params).map_err(|_| crate::Error::Forbidden)?;
+        let dest_path = R::PathComponents::deserialize(&ParamsDeserializer::new(params))
+            .map_err(|_| crate::Error::Forbidden)?;
+
+        if resource_service
+            .copy_resource(&path, &dest_path, &principal, overwrite.is_true())
+            .await?
+        {
+            // Overwritten
+            Ok(StatusCode::NO_CONTENT.into_response())
+        } else {
+            // Not overwritten
+            Ok(StatusCode::CREATED.into_response())
+        }
+    } else {
         Ok(StatusCode::FORBIDDEN.into_response())
+    }
 }

crates/dav/src/resource/methods/propfind.rs

@@ -6,11 +6,7 @@ use crate::resource::Resource;
 use crate::resource::ResourceName;
 use crate::resource::ResourceService;
 use crate::xml::MultistatusElement;
-use crate::xml::PropfindElement;
-use crate::xml::PropfindType;
 use axum::extract::{Extension, OriginalUri, Path, State};
-use rustical_xml::PropName;
-use rustical_xml::XmlDocument;
 use tracing::instrument;
 
 type RSMultistatus<R> = MultistatusElement<
@@ -49,43 +45,39 @@ pub(crate) async fn route_propfind<R: ResourceService>(
     resource_service: &R,
     puri: &impl PrincipalUri,
 ) -> Result<RSMultistatus<R>, R::Error> {
-    let resource = resource_service.get_resource(path_components).await?;
+    let resource = resource_service
+        .get_resource(path_components, false)
+        .await?;
     let privileges = resource.get_user_privileges(principal)?;
     if !privileges.has(&UserPrivilege::Read) {
         return Err(Error::Unauthorized.into());
     }
 
     // A request body is optional. If empty we MUST return all props
-    let propfind_self: PropfindElement<<<R::Resource as Resource>::Prop as PropName>::Names> =
+    let propfind_self = R::Resource::parse_propfind(body).map_err(Error::XmlError)?;
-        if !body.is_empty() {
+    let propfind_member = R::MemberType::parse_propfind(body).map_err(Error::XmlError)?;
-            PropfindElement::parse_str(body).map_err(Error::XmlError)?
-        } else {
-            PropfindElement {
-                prop: PropfindType::Allprop,
-            }
-        };
-    let propfind_member: PropfindElement<<<R::MemberType as Resource>::Prop as PropName>::Names> =
-        if !body.is_empty() {
-            PropfindElement::parse_str(body).map_err(Error::XmlError)?
-        } else {
-            PropfindElement {
-                prop: PropfindType::Allprop,
-            }
-        };
 
     let mut member_responses = Vec::new();
     if depth != &Depth::Zero {
+        // TODO: authorization check for member resources
         for member in resource_service.get_members(path_components).await? {
             member_responses.push(member.propfind(
                 &format!("{}/{}", path.trim_end_matches('/'), member.get_name()),
                 &propfind_member.prop,
+                propfind_member.include.as_ref(),
                 puri,
                 principal,
             )?);
         }
     }
 
-    let response = resource.propfind(path, &propfind_self.prop, puri, principal)?;
+    let response = resource.propfind(
+        path,
+        &propfind_self.prop,
+        propfind_self.include.as_ref(),
+        puri,
+        principal,
+    )?;
 
     Ok(MultistatusElement {
         responses: vec![response],

crates/dav/src/resource/methods/proppatch.rs

@@ -26,21 +26,21 @@ enum SetPropertyPropWrapper<T: XmlDeserialize> {
 // We are <prop>
 #[derive(XmlDeserialize, Clone, Debug)]
 struct SetPropertyPropWrapperWrapper<T: XmlDeserialize>(
-    #[xml(ty = "untagged")] SetPropertyPropWrapper<T>,
+    #[xml(ty = "untagged", flatten)] Vec<SetPropertyPropWrapper<T>>,
 );
 
 // We are <set>
 #[derive(XmlDeserialize, Clone, Debug)]
 struct SetPropertyElement<T: XmlDeserialize> {
     #[xml(ns = "crate::namespace::NS_DAV")]
-    prop: T,
+    prop: SetPropertyPropWrapperWrapper<T>,
 }
 
 #[derive(XmlDeserialize, Clone, Debug)]
 struct TagName(#[xml(ty = "tag_name")] String);
 
 #[derive(XmlDeserialize, Clone, Debug)]
-struct PropertyElement(#[xml(ty = "untagged")] TagName);
+struct PropertyElement(#[xml(ty = "untagged", flatten)] Vec<TagName>);
 
 #[derive(XmlDeserialize, Clone, Debug)]
 struct RemovePropertyElement {
@@ -81,11 +81,12 @@ pub(crate) async fn route_proppatch<R: ResourceService>(
     let href = path.to_owned();
 
     // Extract operations
-    let PropertyupdateElement::<SetPropertyPropWrapperWrapper<<R::Resource as Resource>::Prop>>(
+    let PropertyupdateElement::<<R::Resource as Resource>::Prop>(operations) =
-        operations,
+        XmlDocument::parse_str(body).map_err(Error::XmlError)?;
-    ) = XmlDocument::parse_str(body).map_err(Error::XmlError)?;
 
-    let mut resource = resource_service.get_resource(path_components).await?;
+    let mut resource = resource_service
+        .get_resource(path_components, false)
+        .await?;
     let privileges = resource.get_user_privileges(principal)?;
     if !privileges.has(&UserPrivilege::Write) {
         return Err(Error::Unauthorized.into());
@@ -98,17 +99,17 @@ pub(crate) async fn route_proppatch<R: ResourceService>(
     for operation in operations.into_iter() {
         match operation {
             Operation::Set(SetPropertyElement {
-                prop: SetPropertyPropWrapperWrapper(property),
+                prop: SetPropertyPropWrapperWrapper(properties),
             }) => {
+                for property in properties {
                     match property {
                         SetPropertyPropWrapper::Valid(prop) => {
                             let propname: <<R::Resource as Resource>::Prop as PropName>::Names =
                                 prop.clone().into();
                             let (ns, propname): (Option<Namespace>, &str) = propname.into();
                             match resource.set_prop(prop) {
-                            Ok(()) => {
+                                Ok(()) => props_ok
-                                props_ok.push((ns.map(NamespaceOwned::from), propname.to_owned()))
+                                    .push((ns.map(NamespaceOwned::from), propname.to_owned())),
-                            }
                                 Err(Error::PropReadOnly) => props_conflict
                                     .push((ns.map(NamespaceOwned::from), propname.to_owned())),
                                 Err(err) => return Err(err.into()),
@@ -137,9 +138,12 @@ pub(crate) async fn route_proppatch<R: ResourceService>(
                         }
                     }
                 }
+            }
             Operation::Remove(remove_el) => {
-                let propname = remove_el.prop.0.0;
+                for tagname in remove_el.prop.0 {
-                match <<R::Resource as Resource>::Prop as PropName>::Names::from_str(&propname) {
+                    let propname = tagname.0;
+                    match <<R::Resource as Resource>::Prop as PropName>::Names::from_str(&propname)
+                    {
                         Ok(prop) => match resource.remove_prop(&prop) {
                             Ok(()) => props_ok.push((None, propname)),
                             Err(Error::PropReadOnly) => props_conflict.push({
@@ -154,6 +158,7 @@ pub(crate) async fn route_proppatch<R: ResourceService>(
                 }
             }
         }
+    }
 
     if props_not_found.is_empty() && props_conflict.is_empty() {
         // Only save if no errors occured

crates/dav/src/resource/mod.rs

@@ -1,15 +1,16 @@
 use crate::Principal;
 use crate::privileges::UserPrivilegeSet;
 use crate::xml::multistatus::{PropTagWrapper, PropstatElement, PropstatWrapper};
-use crate::xml::{PropElement, PropfindType, Resourcetype};
+use crate::xml::{PropElement, PropfindElement, PropfindType, Resourcetype};
 use crate::xml::{TagList, multistatus::ResponseElement};
 use headers::{ETag, IfMatch, IfNoneMatch};
 use http::StatusCode;
 use itertools::Itertools;
 use quick_xml::name::Namespace;
 pub use resource_service::ResourceService;
-use rustical_xml::{EnumVariants, NamespaceOwned, PropName, XmlDeserialize, XmlSerialize};
+use rustical_xml::{
-use std::collections::HashSet;
+    EnumVariants, NamespaceOwned, PropName, XmlDeserialize, XmlDocument, XmlSerialize,
+};
 use std::str::FromStr;
 
 mod axum_methods;
@@ -18,7 +19,7 @@ mod methods;
 mod principal_uri;
 mod resource_service;
 
-pub use axum_methods::AxumMethods;
+pub use axum_methods::{AxumMethods, MethodFunction};
 pub use axum_service::AxumService;
 pub use principal_uri::PrincipalUri;
 
@@ -37,7 +38,7 @@ pub trait Resource: Clone + Send + 'static {
     type Error: From<crate::Error>;
     type Principal: Principal;
 
-    const IS_COLLECTION: bool;
+    fn is_collection(&self) -> bool;
 
     fn get_resourcetype(&self) -> Resourcetype;
 
@@ -102,22 +103,35 @@ pub trait Resource: Clone + Send + 'static {
         principal: &Self::Principal,
     ) -> Result<UserPrivilegeSet, Self::Error>;
 
+    fn parse_propfind(
+        body: &str,
+    ) -> Result<PropfindElement<<Self::Prop as PropName>::Names>, rustical_xml::XmlError> {
+        if !body.is_empty() {
+            PropfindElement::parse_str(body)
+        } else {
+            Ok(PropfindElement {
+                prop: PropfindType::Allprop,
+                include: None,
+            })
+        }
+    }
+
     fn propfind(
         &self,
         path: &str,
         prop: &PropfindType<<Self::Prop as PropName>::Names>,
+        include: Option<&PropElement<<Self::Prop as PropName>::Names>>,
         principal_uri: &impl PrincipalUri,
         principal: &Self::Principal,
     ) -> Result<ResponseElement<Self::Prop>, Self::Error> {
         // Collections have a trailing slash
         let mut path = path.to_string();
-        if Self::IS_COLLECTION && !path.ends_with('/') {
+        if self.is_collection() && !path.ends_with('/') {
             path.push('/');
         }
 
-        // TODO: Support include element
+        let (mut props, mut invalid_props): (Vec<<Self::Prop as PropName>::Names>, Vec<_>) =
-        let (props, invalid_props): (HashSet<<Self::Prop as PropName>::Names>, Vec<_>) = match prop
+            match prop {
-        {
                 PropfindType::Propname => {
                     let props = Self::list_props()
                         .into_iter()
@@ -141,11 +155,16 @@ pub trait Resource: Clone + Send + 'static {
                     vec![],
                 ),
                 PropfindType::Prop(PropElement(valid_tags, invalid_tags)) => (
-                valid_tags.iter().cloned().collect(),
+                    valid_tags.iter().unique().cloned().collect(),
                     invalid_tags.to_owned(),
                 ),
             };
 
+        if let Some(PropElement(valid_tags, invalid_tags)) = include {
+            props.extend(valid_tags.clone());
+            invalid_props.extend(invalid_tags.to_owned());
+        }
+
         let prop_responses = props
             .into_iter()
             .map(|prop| self.get_prop(principal_uri, principal, &prop))

crates/dav/src/resource/resource_service.rs

@@ -9,7 +9,13 @@ use serde::Deserialize;
 
 #[async_trait]
 pub trait ResourceService: Clone + Sized + Send + Sync + AxumMethods + 'static {
-    type PathComponents: for<'de> Deserialize<'de> + Sized + Send + Sync + Clone + 'static; // defines how the resource URI maps to parameters, i.e. /{principal}/{calendar} -> (String, String)
+    type PathComponents: std::fmt::Debug
+        + for<'de> Deserialize<'de>
+        + Sized
+        + Send
+        + Sync
+        + Clone
+        + 'static; // defines how the resource URI maps to parameters, i.e. /{principal}/{calendar} -> (String, String)
     type MemberType: Resource<Error = Self::Error, Principal = Self::Principal>
         + super::ResourceName;
     type Resource: Resource<Error = Self::Error, Principal = Self::Principal>;
@@ -28,7 +34,8 @@ pub trait ResourceService: Clone + Sized + Send + Sync + AxumMethods + 'static {
 
     async fn get_resource(
         &self,
-        _path: &Self::PathComponents,
+        path: &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error>;
 
     async fn save_resource(
@@ -47,6 +54,28 @@ pub trait ResourceService: Clone + Sized + Send + Sync + AxumMethods + 'static {
         Err(crate::Error::Unauthorized.into())
     }
 
+    // Returns whether an existing resource was overwritten
+    async fn copy_resource(
+        &self,
+        _path: &Self::PathComponents,
+        _destination: &Self::PathComponents,
+        _user: &Self::Principal,
+        _overwrite: bool,
+    ) -> Result<bool, Self::Error> {
+        Err(crate::Error::Forbidden.into())
+    }
+
+    // Returns whether an existing resource was overwritten
+    async fn move_resource(
+        &self,
+        _path: &Self::PathComponents,
+        _destination: &Self::PathComponents,
+        _user: &Self::Principal,
+        _overwrite: bool,
+    ) -> Result<bool, Self::Error> {
+        Err(crate::Error::Forbidden.into())
+    }
+
     fn axum_service(self) -> AxumService<Self>
     where
         Self: AxumMethods,

crates/dav/src/resources/root.rs

@@ -24,7 +24,9 @@ impl<PR: Resource, P: Principal> Resource for RootResource<PR, P> {
     type Error = PR::Error;
     type Principal = P;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[ResourcetypeInner(
@@ -84,7 +86,11 @@ where
 
     const DAV_HEADER: &str = "1, 3, access-control";
 
-    async fn get_resource(&self, _: &()) -> Result<Self::Resource, Self::Error> {
+    async fn get_resource(
+        &self,
+        _: &(),
+        _show_deleted: bool,
+    ) -> Result<Self::Resource, Self::Error> {
         Ok(RootResource::<PRS::Resource, P>::default())
     }
 

crates/dav/src/xml/group.rs

@@ -0,0 +1,8 @@
+use crate::xml::HrefElement;
+use rustical_xml::{XmlDeserialize, XmlSerialize};
+
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct GroupMembership(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);
+
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct GroupMemberSet(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);

crates/dav/src/xml/mod.rs

@@ -11,3 +11,7 @@ pub use tag_list::TagList;
 mod error;
 pub mod sync_collection;
 pub use error::ErrorElement;
+mod report_set;
+pub use report_set::SupportedReportSet;
+mod group;
+pub use group::*;

crates/dav/src/xml/multistatus.rs

@@ -1,4 +1,5 @@
 use crate::xml::TagList;
+use headers::{CacheControl, ContentType, HeaderMapExt};
 use http::StatusCode;
 use quick_xml::name::Namespace;
 use rustical_xml::{XmlRootTag, XmlSerialize, XmlSerializeRoot};
@@ -18,12 +19,12 @@ pub struct PropstatElement<PropType: XmlSerialize> {
     pub status: StatusCode,
 }
 
-fn xml_serialize_status<W: ::std::io::Write>(
+fn xml_serialize_status(
     status: &StatusCode,
     ns: Option<Namespace>,
     tag: Option<&[u8]>,
     namespaces: &HashMap<Namespace, &[u8]>,
-    writer: &mut quick_xml::Writer<W>,
+    writer: &mut quick_xml::Writer<&mut Vec<u8>>,
 ) -> std::io::Result<()> {
     XmlSerialize::serialize(&format!("HTTP/1.1 {}", status), ns, tag, namespaces, writer)
 }
@@ -38,8 +39,15 @@ pub enum PropstatWrapper<T: XmlSerialize> {
 // RFC 2518
 // <!ELEMENT response (href, ((href*, status)|(propstat+)),
 // responsedescription?) >
-#[derive(XmlSerialize)]
+#[derive(XmlSerialize, XmlRootTag)]
-#[xml(ns = "crate::namespace::NS_DAV")]
+#[xml(ns = "crate::namespace::NS_DAV", root = b"response")]
+#[xml(ns_prefix(
+    crate::namespace::NS_DAV = b"",
+    crate::namespace::NS_CARDDAV = b"CARD",
+    crate::namespace::NS_CALDAV = b"CAL",
+    crate::namespace::NS_CALENDARSERVER = b"CS",
+    crate::namespace::NS_DAVPUSH = b"PUSH"
+))]
 pub struct ResponseElement<PropstatType: XmlSerialize> {
     pub href: String,
     #[xml(serialize_with = "xml_serialize_optional_status")]
@@ -48,12 +56,12 @@ pub struct ResponseElement<PropstatType: XmlSerialize> {
     pub propstat: Vec<PropstatWrapper<PropstatType>>,
 }
 
-fn xml_serialize_optional_status<W: ::std::io::Write>(
+fn xml_serialize_optional_status(
     val: &Option<StatusCode>,
     ns: Option<Namespace>,
     tag: Option<&[u8]>,
     namespaces: &HashMap<Namespace, &[u8]>,
-    writer: &mut quick_xml::Writer<W>,
+    writer: &mut quick_xml::Writer<&mut Vec<u8>>,
 ) -> std::io::Result<()> {
     XmlSerialize::serialize(
         &val.map(|status| format!("HTTP/1.1 {}", status)),
@@ -109,18 +117,16 @@ impl<T1: XmlSerialize, T2: XmlSerialize> axum::response::IntoResponse
 {
     fn into_response(self) -> axum::response::Response {
         use axum::body::Body;
-        use http::header;
 
-        let mut output: Vec<_> = b"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n".into();
+        let output = match self.serialize_to_string() {
-        let mut writer = quick_xml::Writer::new_with_indent(&mut output, b' ', 4);
+            Ok(out) => out,
-        if let Err(err) = self.serialize_root(&mut writer) {
+            Err(err) => return crate::Error::from(err).into_response(),
-            return crate::Error::from(err).into_response();
+        };
-        }
 
         let mut resp = axum::response::Response::builder().status(StatusCode::MULTI_STATUS);
-        resp.headers_mut()
+        let hdrs = resp.headers_mut().unwrap();
-            .unwrap()
+        hdrs.typed_insert(ContentType::xml());
-            .insert(header::CONTENT_TYPE, "application/xml".try_into().unwrap());
+        hdrs.typed_insert(CacheControl::new().with_no_cache());
         resp.body(Body::from(output)).unwrap()
     }
 }

crates/dav/src/xml/propfind.rs

@@ -11,10 +11,11 @@ use rustical_xml::XmlRootTag;
 pub struct PropfindElement<PN: XmlDeserialize> {
     #[xml(ty = "untagged")]
     pub prop: PropfindType<PN>,
+    #[xml(ns = "crate::namespace::NS_DAV")]
+    pub include: Option<PropElement<PN>>,
 }
 
 #[derive(Debug, Clone, PartialEq)]
-// pub struct PropElement<PN: XmlDeserialize = Propname>(#[xml(ty = "untagged", flatten)] pub Vec<PN>);
 pub struct PropElement<PN: XmlDeserialize>(
     // valid
     pub Vec<PN>,

crates/dav/src/xml/report_set.rs

@@ -0,0 +1,34 @@
+use rustical_xml::XmlSerialize;
+use strum::VariantArray;
+
+// RFC 3253 section-3.1.5
+#[derive(Debug, Clone, XmlSerialize, PartialEq)]
+pub struct SupportedReportSet<T: XmlSerialize + 'static> {
+    #[xml(flatten)]
+    #[xml(ns = "crate::namespace::NS_DAV")]
+    supported_report: Vec<ReportWrapper<T>>,
+}
+
+impl<T: XmlSerialize + Clone + 'static> SupportedReportSet<T> {
+    pub fn new(methods: Vec<T>) -> Self {
+        Self {
+            supported_report: methods
+                .into_iter()
+                .map(|method| ReportWrapper { report: method })
+                .collect(),
+        }
+    }
+
+    pub fn all() -> Self
+    where
+        T: VariantArray,
+    {
+        Self::new(T::VARIANTS.to_vec())
+    }
+}
+
+#[derive(Debug, Clone, XmlSerialize, PartialEq)]
+pub struct ReportWrapper<T: XmlSerialize> {
+    #[xml(ns = "crate::namespace::NS_DAV")]
+    report: T,
+}

crates/dav/src/xml/resourcetype.rs

@@ -23,20 +23,23 @@ mod tests {
 
     #[test]
     fn test_serialize_resourcetype() {
-        let mut buf = Vec::new();
+        let out = Document {
-        let mut writer = quick_xml::Writer::new(&mut buf);
-        Document {
             resourcetype: Resourcetype(&[
                 ResourcetypeInner(Some(crate::namespace::NS_DAV), "displayname"),
                 ResourcetypeInner(Some(crate::namespace::NS_CALENDARSERVER), "calendar-color"),
             ]),
         }
-        .serialize_root(&mut writer)
+        .serialize_to_string()
         .unwrap();
-        let out = String::from_utf8(buf).unwrap();
         assert_eq!(
             out,
-            "<document><resourcetype><displayname xmlns=\"DAV:\"/><calendar-color xmlns=\"http://calendarserver.org/ns/\"/></resourcetype></document>"
+            r#"<?xml version="1.0" encoding="utf-8"?>
+<document>
+    <resourcetype>
+        <displayname xmlns="DAV:"/>
+        <calendar-color xmlns="http://calendarserver.org/ns/"/>
+    </resourcetype>
+</document>"#
         )
     }
 }

crates/dav/src/xml/sync_collection.rs

@@ -1,4 +1,4 @@
-use rustical_xml::{ValueDeserialize, ValueSerialize, XmlDeserialize};
+use rustical_xml::{ValueDeserialize, ValueSerialize, XmlDeserialize, XmlRootTag};
 
 use super::PropfindType;
 
@@ -32,11 +32,35 @@ impl ValueSerialize for SyncLevel {
     }
 }
 
+// https://datatracker.ietf.org/doc/html/rfc5323#section-5.17
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
+pub struct LimitElement {
+    #[xml(ns = "crate::namespace::NS_DAV")]
+    pub nresults: NresultsElement,
+}
+
+impl From<u64> for LimitElement {
+    fn from(value: u64) -> Self {
+        Self {
+            nresults: NresultsElement(value),
+        }
+    }
+}
+
+impl From<LimitElement> for u64 {
+    fn from(value: LimitElement) -> Self {
+        value.nresults.0
+    }
+}
+
+#[derive(XmlDeserialize, Clone, Debug, PartialEq)]
+pub struct NresultsElement(#[xml(ty = "text")] u64);
+
+#[derive(XmlDeserialize, Clone, Debug, PartialEq, XmlRootTag)]
 // <!ELEMENT sync-collection (sync-token, sync-level, limit?, prop)>
 //    <!-- DAV:limit defined in RFC 5323, Section 5.17 -->
 //    <!-- DAV:prop defined in RFC 4918, Section 14.18 -->
-#[xml(ns = "crate::namespace::NS_DAV")]
+#[xml(ns = "crate::namespace::NS_DAV", root = b"sync-collection")]
 pub struct SyncCollectionRequest<PN: XmlDeserialize> {
     #[xml(ns = "crate::namespace::NS_DAV")]
     pub sync_token: String,
@@ -45,5 +69,48 @@ pub struct SyncCollectionRequest<PN: XmlDeserialize> {
     #[xml(ns = "crate::namespace::NS_DAV", ty = "untagged")]
     pub prop: PropfindType<PN>,
     #[xml(ns = "crate::namespace::NS_DAV")]
-    pub limit: Option<u64>,
+    pub limit: Option<LimitElement>,
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::xml::{
+        PropElement, PropfindType,
+        sync_collection::{SyncCollectionRequest, SyncLevel},
+    };
+    use rustical_xml::{EnumVariants, PropName, XmlDeserialize, XmlDocument};
+
+    const SYNC_COLLECTION_REQUEST: &str = r#"<?xml version="1.0" encoding="UTF-8"?>
+    <sync-collection xmlns="DAV:">
+        <sync-token />
+        <sync-level>1</sync-level>
+        <limit>
+            <nresults>100</nresults>
+        </limit>
+        <prop>
+            <getetag />
+        </prop>
+    </sync-collection>
+    "#;
+
+    #[derive(XmlDeserialize, PropName, EnumVariants, PartialEq)]
+    #[xml(unit_variants_ident = "TestPropName")]
+    enum TestProp {
+        Getetag(String),
+    }
+
+    #[test]
+    fn test_parse_sync_collection_request() {
+        let request =
+            SyncCollectionRequest::<TestPropName>::parse_str(SYNC_COLLECTION_REQUEST).unwrap();
+        assert_eq!(
+            request,
+            SyncCollectionRequest {
+                sync_token: "".to_owned(),
+                sync_level: SyncLevel::One,
+                prop: PropfindType::Prop(PropElement(vec![TestPropName::Getetag], vec![])),
+                limit: Some(100.into())
+            }
+        )
+    }
 }

crates/dav/src/xml/tag_list.rs

@@ -10,12 +10,12 @@ use std::collections::HashMap;
 pub struct TagList(Vec<(Option<NamespaceOwned>, String)>);
 
 impl XmlSerialize for TagList {
-    fn serialize<W: std::io::Write>(
+    fn serialize(
         &self,
         ns: Option<Namespace>,
         tag: Option<&[u8]>,
         namespaces: &HashMap<Namespace, &[u8]>,
-        writer: &mut quick_xml::Writer<W>,
+        writer: &mut quick_xml::Writer<&mut Vec<u8>>,
     ) -> std::io::Result<()> {
         let prefix = ns
             .map(|ns| namespaces.get(&ns))
@@ -57,7 +57,6 @@ impl XmlSerialize for TagList {
         Ok(())
     }
 
-    #[allow(refining_impl_trait)]
     fn attributes<'a>(&self) -> Option<Vec<quick_xml::events::attributes::Attribute<'a>>> {
         None
     }

crates/dav_push/Cargo.toml

@@ -23,3 +23,7 @@ tokio.workspace = true
 rustical_dav.workspace = true
 rustical_store.workspace = true
 http.workspace = true
+base64.workspace = true
+ece.workspace = true
+axum.workspace = true
+openssl.workspace = true

crates/dav_push/src/endpoints.rs

@@ -0,0 +1,23 @@
+use axum::{
+    Router,
+    extract::{Path, State},
+    response::{IntoResponse, Response},
+    routing::delete,
+};
+use http::StatusCode;
+use rustical_store::SubscriptionStore;
+use std::sync::Arc;
+
+async fn handle_delete<S: SubscriptionStore>(
+    State(store): State<Arc<S>>,
+    Path(id): Path<String>,
+) -> Result<Response, rustical_store::Error> {
+    store.delete_subscription(&id).await?;
+    Ok((StatusCode::NO_CONTENT, "Unregistered").into_response())
+}
+
+pub fn subscription_service<S: SubscriptionStore>(sub_store: Arc<S>) -> Router {
+    Router::new()
+        .route("/push_subscription/{id}", delete(handle_delete::<S>))
+        .with_state(sub_store)
+}

crates/dav_push/src/lib.rs

@@ -1,14 +1,41 @@
 mod extension;
-pub mod notifier;
 mod prop;
 pub mod register;
+use base64::Engine;
 use derive_more::Constructor;
 pub use extension::*;
+use http::{HeaderValue, Method, header};
 pub use prop::*;
-use rustical_store::{CollectionOperation, SubscriptionStore};
+use reqwest::{Body, Url};
-use std::sync::Arc;
+use rustical_store::{
+    CollectionOperation, CollectionOperationInfo, Subscription, SubscriptionStore,
+};
+use rustical_xml::{XmlRootTag, XmlSerialize, XmlSerializeRoot};
+use std::{collections::HashMap, sync::Arc, time::Duration};
 use tokio::sync::mpsc::Receiver;
-use tracing::error;
+use tracing::{error, warn};
+
+mod endpoints;
+pub use endpoints::subscription_service;
+
+#[derive(XmlSerialize, Debug)]
+pub struct ContentUpdate {
+    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
+    sync_token: Option<String>,
+}
+
+#[derive(XmlSerialize, XmlRootTag, Debug)]
+#[xml(root = b"push-message", ns = "rustical_dav::namespace::NS_DAVPUSH")]
+#[xml(ns_prefix(
+    rustical_dav::namespace::NS_DAVPUSH = b"",
+    rustical_dav::namespace::NS_DAV = b"D",
+))]
+struct PushMessage {
+    #[xml(ns = "rustical_dav::namespace::NS_DAVPUSH")]
+    topic: String,
+    #[xml(ns = "rustical_dav::namespace::NS_DAVPUSH")]
+    content_update: Option<ContentUpdate>,
+}
 
 #[derive(Debug, Constructor)]
 pub struct DavPushController<S: SubscriptionStore> {
@@ -18,14 +45,177 @@ pub struct DavPushController<S: SubscriptionStore> {
 
 impl<S: SubscriptionStore> DavPushController<S> {
     pub async fn notifier(&self, mut recv: Receiver<CollectionOperation>) {
-        while let Some(message) = recv.recv().await {
+        loop {
-            let subscribers = match self.sub_store.get_subscriptions(&message.topic).await {
+            // Make sure we don't flood the subscribers
+            tokio::time::sleep(Duration::from_secs(10)).await;
+            let mut messages = vec![];
+            recv.recv_many(&mut messages, 100).await;
+
+            // Right now we just have to show the latest content update by topic
+            // This might become more complicated in the future depending on what kind of updates
+            // we add
+            let mut latest_messages = HashMap::new();
+            for message in messages {
+                if matches!(message.data, CollectionOperationInfo::Content { .. }) {
+                    latest_messages.insert(message.topic.to_string(), message);
+                }
+            }
+            let messages = latest_messages.into_values();
+
+            for message in messages {
+                self.send_message(message).await;
+            }
+        }
+    }
+
+    async fn send_message(&self, message: CollectionOperation) {
+        let subscriptions = match self.sub_store.get_subscriptions(&message.topic).await {
             Ok(subs) => subs,
             Err(err) => {
                 error!("{err}");
-                    continue;
+                return;
             }
         };
+
+        if subscriptions.is_empty() {
+            return;
+        }
+
+        if matches!(message.data, CollectionOperationInfo::Delete) {
+            // Collection has been deleted, but we cannot handle that
+            return;
+        }
+
+        let content_update = if let CollectionOperationInfo::Content { sync_token } = message.data {
+            Some(ContentUpdate {
+                sync_token: Some(sync_token),
+            })
+        } else {
+            None
+        };
+
+        let push_message = PushMessage {
+            topic: message.topic,
+            content_update,
+        };
+
+        let payload = match push_message.serialize_to_string() {
+            Ok(payload) => payload,
+            Err(err) => {
+                error!("Could not serialize push message: {}", err);
+                return;
+            }
+        };
+
+        for subsciption in subscriptions {
+            if let Some(allowed_push_servers) = &self.allowed_push_servers {
+                if let Ok(url) = Url::parse(&subsciption.push_resource) {
+                    let origin = url.origin().unicode_serialization();
+                    if !allowed_push_servers.contains(&origin) {
+                        warn!(
+                            "Deleting subscription {} on topic {} because the endpoint is not in the list of allowed push servers",
+                            subsciption.id, subsciption.topic
+                        );
+                        self.try_delete_subscription(&subsciption.id).await;
+                    }
+                } else {
+                    warn!(
+                        "Deleting subscription {} on topic {} because of invalid URL",
+                        subsciption.id, subsciption.topic
+                    );
+                    self.try_delete_subscription(&subsciption.id).await;
+                };
+            }
+
+            if let Err(err) = self.send_payload(&payload, &subsciption).await {
+                error!("An error occured sending out a push notification: {err}");
+                if err.is_permament_error() {
+                    warn!(
+                        "Deleting subscription {} on topic {}",
+                        subsciption.id, subsciption.topic
+                    );
+                    self.try_delete_subscription(&subsciption.id).await;
+                }
+            }
+        }
+    }
+
+    async fn try_delete_subscription(&self, sub_id: &str) {
+        if let Err(err) = self.sub_store.delete_subscription(sub_id).await {
+            error!("Error deleting subsciption: {err}");
+        }
+    }
+
+    async fn send_payload(
+        &self,
+        payload: &str,
+        subsciption: &Subscription,
+    ) -> Result<(), NotifierError> {
+        if subsciption.public_key_type != "p256dh" {
+            return Err(NotifierError::InvalidPublicKeyType(
+                subsciption.public_key_type.to_string(),
+            ));
+        }
+        let endpoint = subsciption.push_resource.parse().map_err(|_| {
+            NotifierError::InvalidEndpointUrl(subsciption.push_resource.to_string())
+        })?;
+        let ua_public = base64::engine::general_purpose::URL_SAFE_NO_PAD
+            .decode(&subsciption.public_key)
+            .map_err(|_| NotifierError::InvalidKeyEncoding)?;
+        let auth_secret = base64::engine::general_purpose::URL_SAFE_NO_PAD
+            .decode(&subsciption.auth_secret)
+            .map_err(|_| NotifierError::InvalidKeyEncoding)?;
+
+        let client = reqwest::ClientBuilder::new()
+            .build()
+            .map_err(NotifierError::from)?;
+
+        let payload = ece::encrypt(&ua_public, &auth_secret, payload.as_bytes())?;
+
+        let mut request = reqwest::Request::new(Method::POST, endpoint);
+        *request.body_mut() = Some(Body::from(payload));
+        let hdrs = request.headers_mut();
+        hdrs.insert(
+            header::CONTENT_ENCODING,
+            HeaderValue::from_static("aes128gcm"),
+        );
+        hdrs.insert(
+            header::CONTENT_TYPE,
+            HeaderValue::from_static("application/octet-stream"),
+        );
+        hdrs.insert("TTL", HeaderValue::from(60));
+        client.execute(request).await?;
+
+        Ok(())
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+enum NotifierError {
+    #[error("Invalid public key type: {0}")]
+    InvalidPublicKeyType(String),
+    #[error("Invalid endpoint URL: {0}")]
+    InvalidEndpointUrl(String),
+    #[error("Invalid key encoding")]
+    InvalidKeyEncoding,
+    #[error(transparent)]
+    EceError(#[from] ece::Error),
+    #[error(transparent)]
+    ReqwestError(#[from] reqwest::Error),
+}
+
+impl NotifierError {
+    // Decide whether the error should cause the subscription to be removed
+    pub fn is_permament_error(&self) -> bool {
+        match self {
+            Self::InvalidPublicKeyType(_)
+            | Self::InvalidEndpointUrl(_)
+            | Self::InvalidKeyEncoding => true,
+            Self::EceError(err) => matches!(
+                err,
+                ece::Error::InvalidAuthSecret | ece::Error::InvalidKeyLength
+            ),
+            Self::ReqwestError(_) => false,
         }
     }
 }

crates/dav_push/src/notifier.rs

@@ -1,147 +0,0 @@
-use http::StatusCode;
-use reqwest::{
-    Method, Request,
-    header::{self, HeaderName, HeaderValue},
-};
-use rustical_dav::xml::multistatus::PropstatElement;
-use rustical_store::{CollectionOperation, CollectionOperationType, SubscriptionStore};
-use rustical_xml::{XmlRootTag, XmlSerialize, XmlSerializeRoot};
-use std::{str::FromStr, sync::Arc};
-use tokio::sync::mpsc::Receiver;
-use tracing::{error, info, warn};
-// use web_push::{SubscriptionInfo, WebPushMessage, WebPushMessageBuilder};
-
-#[derive(XmlSerialize, Debug)]
-struct PushMessageProp {
-    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    topic: String,
-    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    sync_token: Option<String>,
-}
-
-#[derive(XmlSerialize, XmlRootTag, Debug)]
-#[xml(root = b"push-message", ns = "rustical_dav::namespace::NS_DAVPUSH")]
-#[xml(ns_prefix(
-    rustical_dav::namespace::NS_DAVPUSH = b"",
-    rustical_dav::namespace::NS_DAV = b"D",
-))]
-struct PushMessage {
-    #[xml(ns = "rustical_dav::namespace::NS_DAV")]
-    propstat: PropstatElement<PushMessageProp>,
-}
-
-// pub fn build_request(message: WebPushMessage) -> Request {
-//     // A little janky :)
-//     let url = reqwest::Url::from_str(&message.endpoint.to_string()).unwrap();
-//     let mut builder = Request::new(Method::POST, url);
-//
-//     if let Some(topic) = message.topic {
-//         builder
-//             .headers_mut()
-//             .insert("Topic", HeaderValue::from_str(topic.as_str()).unwrap());
-//     }
-//
-//     if let Some(payload) = message.payload {
-//         builder.headers_mut().insert(
-//             header::CONTENT_ENCODING,
-//             HeaderValue::from_static(payload.content_encoding.to_str()),
-//         );
-//         builder.headers_mut().insert(
-//             header::CONTENT_TYPE,
-//             HeaderValue::from_static("application/octet-stream"),
-//         );
-//
-//         for (k, v) in payload.crypto_headers.into_iter() {
-//             let v: &str = v.as_ref();
-//             builder.headers_mut().insert(
-//                 HeaderName::from_static(k),
-//                 HeaderValue::from_str(&v).unwrap(),
-//             );
-//         }
-//
-//         *builder.body_mut() = Some(reqwest::Body::from(payload.content));
-//     }
-//     builder
-// }
-
-pub async fn push_notifier(
-    allowed_push_servers: Option<Vec<String>>,
-    mut recv: Receiver<CollectionOperation>,
-    sub_store: Arc<impl SubscriptionStore>,
-) {
-    let client = reqwest::Client::new();
-
-    while let Some(message) = recv.recv().await {
-        let subscribers = match sub_store.get_subscriptions(&message.topic).await {
-            Ok(subs) => subs,
-            Err(err) => {
-                error!("{err}");
-                continue;
-            }
-        };
-
-        let status = match message.r#type {
-            CollectionOperationType::Object => StatusCode::OK,
-            CollectionOperationType::Delete => StatusCode::NOT_FOUND,
-        };
-
-        let push_message = PushMessage {
-            propstat: PropstatElement {
-                prop: PushMessageProp {
-                    topic: message.topic,
-                    sync_token: message.sync_token,
-                },
-                status,
-            },
-        };
-
-        let mut output: Vec<_> = b"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n".into();
-        let mut writer = quick_xml::Writer::new_with_indent(&mut output, b' ', 4);
-        if let Err(err) = push_message.serialize_root(&mut writer) {
-            error!("Could not serialize push message: {}", err);
-            continue;
-        }
-        let payload = String::from_utf8(output).unwrap();
-        // for subscriber in subscribers {
-        //     let push_resource = subscriber.push_resource;
-        //
-        //     let sub_info = SubscriptionInfo {
-        //         endpoint: push_resource.to_owned(),
-        //         keys: web_push::SubscriptionKeys {
-        //             p256dh: subscriber.public_key,
-        //             auth: subscriber.auth_secret,
-        //         },
-        //     };
-        //     let mut builder = WebPushMessageBuilder::new(&sub_info);
-        //     builder.set_payload(web_push::ContentEncoding::Aes128Gcm, payload.as_bytes());
-        //     let push_message = builder.build().unwrap();
-        //     let request = build_request(push_message);
-        //
-        //     let allowed = if let Some(allowed_push_servers) = &allowed_push_servers {
-        //         if let Ok(resource_url) = reqwest::Url::parse(&push_resource) {
-        //             let origin = resource_url.origin().ascii_serialization();
-        //             allowed_push_servers
-        //                 .iter()
-        //                 .any(|allowed_push_server| allowed_push_server == &origin)
-        //         } else {
-        //             warn!("Invalid push url: {push_resource}");
-        //             false
-        //         }
-        //     } else {
-        //         true
-        //     };
-        //
-        //     if allowed {
-        //         info!("Sending a push message to {}: {}", push_resource, payload);
-        //         if let Err(err) = client.execute(request).await {
-        //             error!("{err}");
-        //         }
-        //     } else {
-        //         warn!(
-        //             "Not sending a push notification to {} since it's not allowed in dav_push::allowed_push_servers",
-        //             push_resource
-        //         );
-        //     }
-        // }
-    }
-}

crates/frontend/Cargo.toml

@@ -7,6 +7,10 @@ repository.workspace = true
 license.workspace = true
 publish = false
 
+[features]
+default = []
+dev = ["tower-http/fs"]
+
 [dependencies]
 tower.workspace = true
 http.workspace = true
@@ -34,3 +38,4 @@ axum-extra.workspace = true
 headers.workspace = true
 tower-sessions.workspace = true
 percent-encoding.workspace = true
+tower-http = { workspace = true, optional = true }

crates/frontend/js-components/deno.json

@@ -0,0 +1,19 @@
+{
+  "tasks": {
+    "dev": "deno run -A --node-modules-dir npm:vite build --emptyOutDir --watch",
+    "build": "deno run -A --node-modules-dir npm:vite build --emptyOutDir"
+  },
+  "compilerOptions": {
+    "lib": [
+      "ES2024",
+      "DOM",
+      "DOM.Iterable"
+    ]
+  },
+  "imports": {
+    "@deno/vite-plugin": "npm:@deno/vite-plugin@^1.0.4",
+    "lit": "npm:lit@^3.2.1",
+    "vite": "npm:vite@^6.1.1",
+    "webdav": "npm:webdav@^5.8.0"
+  }
+}