version 0.7.0

hopefully fixes #77

.editorconfig

@@ -2,3 +2,5 @@
 indent_style = space
 indent_size = 4
 
+[docs/**/*.md]
+indent_size = 4

.gitattributes

@@ -1,2 +1,3 @@
 # Otherwise GitHub thinks this is an HTML project
 crates/frontend/public/assets/licenses.html linguist-detectable=false
+crates/frontend/public/assets/js/* linguist-detectable=false

.github/workflows/docker-publish.yml

@@ -41,12 +41,10 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          # As long as we don't have releases everything on the main branch shall be tagged as latest
           tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}

.gitignore

@@ -12,3 +12,7 @@ principals.toml
 .env
 
 site
+
+# Frontend
+**/node_modules
+**/.vite

.sqlx/query-0195268daddd2d171577c93d1bae1b8937405bcefffa8f1f9b9c9f7f2084088f.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM app_tokens WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "0195268daddd2d171577c93d1bae1b8937405bcefffa8f1f9b9c9f7f2084088f"
+}

.sqlx/query-02a9260d0ff496a6bf226fc8238ae332f8eb18dddbd80d31989c074804f31dee.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendars SET deleted_at = NULL WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "02a9260d0ff496a6bf226fc8238ae332f8eb18dddbd80d31989c074804f31dee"
+}

.sqlx/query-0fd3167a58cbfb4ee44249dbc346d2d9077adfa04c35c8c6f2a1e24720baf753.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n            INSERT INTO app_tokens\n                (id, principal, token, displayname)\n            VALUES (?, ?, ?, ?)\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "0fd3167a58cbfb4ee44249dbc346d2d9077adfa04c35c8c6f2a1e24720baf753"
+}

.sqlx/query-10325688a6601f6205cde9d9e2d582ca87a46607a1d889af155debc3073d78e1.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendarobjects SET deleted_at = NULL, updated_at = datetime() WHERE (principal, cal_id, id) = (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "10325688a6601f6205cde9d9e2d582ca87a46607a1d889af155debc3073d78e1"
+}

.sqlx/query-130986d03d4d78ceeb15aff6f4d6304f0be0100e4bffad9cc3f6c1a2c6c4b297.json

@@ -0,0 +1,56 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT principal, id, synctoken, displayname, description, deleted_at, push_topic\n                FROM addressbooks\n                WHERE (principal, id) = (?, ?)\n                AND ((deleted_at IS NULL) OR ?) ",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 5,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 6,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      true,
+      false
+    ]
+  },
+  "hash": "130986d03d4d78ceeb15aff6f4d6304f0be0100e4bffad9cc3f6c1a2c6c4b297"
+}

.sqlx/query-16a7e0cb4527060339c168ee2528416036e401f75a03100b6bfbee687b978520.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE addressbooks SET principal = ?, id = ?, displayname = ?, description = ?, push_topic = ?\n                WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 7
+    },
+    "nullable": []
+  },
+  "hash": "16a7e0cb4527060339c168ee2528416036e401f75a03100b6bfbee687b978520"
+}

.sqlx/query-1ebaf3fd99bee2382abc931a1eeb29badc3aabcf6b8fd58e4cf92721588a9966.json

@@ -0,0 +1,38 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, displayname AS name, token, created_at AS \"created_at: _\" FROM app_tokens WHERE principal = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "name",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "token",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at: _",
+        "ordinal": 3,
+        "type_info": "Datetime"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "1ebaf3fd99bee2382abc931a1eeb29badc3aabcf6b8fd58e4cf92721588a9966"
+}

.sqlx/query-23a07f4a732f95ff7483cd1cfe3b74af4fe6b97546a631bc96d03bdc3d764ed0.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "\n            SELECT id, displayname, principal_type, password_hash, json_group_array(member_of) AS \"memberships: Json<Vec<Option<String>>>\"\n            FROM principals\n            LEFT JOIN memberships ON principals.id == memberships.principal\n            GROUP BY principals.id\n        ",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "principal_type",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "memberships: Json<Vec<Option<String>>>",
+        "ordinal": 4,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "23a07f4a732f95ff7483cd1cfe3b74af4fe6b97546a631bc96d03bdc3d764ed0"
+}

.sqlx/query-246ec675667992c1297c29348d46496a884c59adb8b64b569d36f4ce10f88f47.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, vcf FROM addressobjects WHERE (principal, addressbook_id, id) = (?, ?, ?) AND ((deleted_at IS NULL) OR ?)",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "vcf",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "246ec675667992c1297c29348d46496a884c59adb8b64b569d36f4ce10f88f47"
+}

.sqlx/query-2834e16e6a7acb58141a2433f7735d5e2bf913c30f9f3e7bd9fecc7d4376be0f.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM calendars WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "2834e16e6a7acb58141a2433f7735d5e2bf913c30f9f3e7bd9fecc7d4376be0f"
+}

.sqlx/query-2b145d094188fab69371d98520a034c69c0b61583d4e245388d3879d290619d0.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE addressobjects SET deleted_at = NULL, updated_at = datetime() WHERE (principal, addressbook_id, id) = (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "2b145d094188fab69371d98520a034c69c0b61583d4e245388d3879d290619d0"
+}

.sqlx/query-3885219f7e132876fa8bdfd31c0761d54fbcfe2846ffd8e4e94feb40547205be.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM addressbooks WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "3885219f7e132876fa8bdfd31c0761d54fbcfe2846ffd8e4e94feb40547205be"
+}

.sqlx/query-3a1dbfbe9d22a62f1830d004548b7e805bcb9fdd24b49c8c9efa93df149b1002.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM principals WHERE id = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "3a1dbfbe9d22a62f1830d004548b7e805bcb9fdd24b49c8c9efa93df149b1002"
+}

.sqlx/query-3b00b59f047e534a7f7f654984dc880f4aa9281aae5974722d2f22ec6d15cb32.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT principal FROM memberships WHERE member_of = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "3b00b59f047e534a7f7f654984dc880f4aa9281aae5974722d2f22ec6d15cb32"
+}

.sqlx/query-3e1cca532372e891ab3e604ecb79311d8cd64108d4f238db4c79e9467a3b6d2e.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "REPLACE INTO calendarobjects (principal, cal_id, id, ics, first_occurence, last_occurence, etag, object_type) VALUES (?, ?, ?, ?, date(?), date(?), ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 8
+    },
+    "nullable": []
+  },
+  "hash": "3e1cca532372e891ab3e604ecb79311d8cd64108d4f238db4c79e9467a3b6d2e"
+}

.sqlx/query-41b415bfb07113cab4dc5d556d39d1d040025c33dfc24e276eb0b2a27ea1799f.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                SELECT DISTINCT object_id, max(0, synctoken) as \"synctoken!: i64\" from addressobjectchangelog\n                WHERE synctoken > ?\n                ORDER BY synctoken ASC\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "object_id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken!: i64",
+        "ordinal": 1,
+        "type_info": "Null"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      null
+    ]
+  },
+  "hash": "41b415bfb07113cab4dc5d556d39d1d040025c33dfc24e276eb0b2a27ea1799f"
+}

.sqlx/query-508adcac37e0d6751924f65e9aed24c0185ce3b1bc39fd0eab7426f581aafe02.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO addressbooks (principal, id, displayname, description, push_topic)\n                VALUES (?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 5
+    },
+    "nullable": []
+  },
+  "hash": "508adcac37e0d6751924f65e9aed24c0185ce3b1bc39fd0eab7426f581aafe02"
+}

.sqlx/query-5132ee8198f155242aa332a10019c48ec334884bcf7841c8aa03fd5eb11351d9.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO calendars (principal, id, displayname, description, \"order\", color, subscription_url, timezone, timezone_id, push_topic, comp_event, comp_todo, comp_journal)\n                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 13
+    },
+    "nullable": []
+  },
+  "hash": "5132ee8198f155242aa332a10019c48ec334884bcf7841c8aa03fd5eb11351d9"
+}

.sqlx/query-526c4a9326db7f026eee15cca358943b0546fe56fc09204f1dfe90e2614f99b9.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        INSERT INTO addressobjectchangelog (principal, addressbook_id, object_id, \"operation\", synctoken)\n        VALUES (?1, ?2, ?3, ?4, (\n            SELECT synctoken FROM addressbooks WHERE (principal, id) = (?1, ?2)\n        ))",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "526c4a9326db7f026eee15cca358943b0546fe56fc09204f1dfe90e2614f99b9"
+}

.sqlx/query-543838c030550cb09d1af08adfeade8b7ce3575d92fddbc6e9582d141bc9e49d.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, ics FROM calendarobjects WHERE (principal, cal_id, id) = (?, ?, ?) AND ((deleted_at IS NULL) OR ?)",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "ics",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "543838c030550cb09d1af08adfeade8b7ce3575d92fddbc6e9582d141bc9e49d"
+}

.sqlx/query-54c9c0e36a52e6963f11c6aa27f13aafb4204b8aa34b664fd825bd447db80e86.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, ics FROM calendarobjects WHERE principal = ? AND cal_id = ? AND deleted_at IS NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "ics",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "54c9c0e36a52e6963f11c6aa27f13aafb4204b8aa34b664fd825bd447db80e86"
+}

.sqlx/query-557344035d762f2d385e505c15288ab9c89c1572f06e7fb61073e335a801b9db.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, vcf FROM addressobjects WHERE principal = ? AND addressbook_id = ? AND deleted_at IS NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "vcf",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "557344035d762f2d385e505c15288ab9c89c1572f06e7fb61073e335a801b9db"
+}

.sqlx/query-5c09c2a3c052188435409d4ff076575394e625dd19f00dea2d4c71a9f34a5952.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n            INSERT INTO principals\n            (id, displayname, principal_type, password_hash) VALUES (?, ?, ?, ?)\n            ON CONFLICT(id) DO UPDATE SET\n                (displayname, principal_type, password_hash)\n                = (excluded.displayname, excluded.principal_type, excluded.password_hash)\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "5c09c2a3c052188435409d4ff076575394e625dd19f00dea2d4c71a9f34a5952"
+}

.sqlx/query-6327bee90e5df01536a0ddb15adcc37af3027f6902aa3786365c5ab2fbf06bda.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO calendarobjects (principal, cal_id, id, ics, first_occurence, last_occurence, etag, object_type) VALUES (?, ?, ?, ?, date(?), date(?), ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 8
+    },
+    "nullable": []
+  },
+  "hash": "6327bee90e5df01536a0ddb15adcc37af3027f6902aa3786365c5ab2fbf06bda"
+}

.sqlx/query-660833e0505d3bbcd6dd736cce06b1bf14263d0e0e87b27d89d376d422e4e474.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT length(vcf) AS 'length!: u64', deleted_at AS 'deleted!: bool' FROM addressobjects WHERE principal = ? AND addressbook_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "length!: u64",
+        "ordinal": 0,
+        "type_info": "Null"
+      },
+      {
+        "name": "deleted!: bool",
+        "ordinal": 1,
+        "type_info": "Datetime"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      null,
+      true
+    ]
+  },
+  "hash": "660833e0505d3bbcd6dd736cce06b1bf14263d0e0e87b27d89d376d422e4e474"
+}

.sqlx/query-69b92e393e55b0d49d1671abf53d06551452846dd94d54ed67d85eb3ace6b568.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        UPDATE calendars\n        SET synctoken = synctoken + 1\n        WHERE (principal, id) = (?1, ?2)\n        RETURNING synctoken",
+  "describe": {
+    "columns": [
+      {
+        "name": "synctoken",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "69b92e393e55b0d49d1671abf53d06551452846dd94d54ed67d85eb3ace6b568"
+}

.sqlx/query-6d08d3a014743da9b445ab012437ec11f81fd86d3b02fc1df07a036c6b47ace2.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT OR REPLACE INTO davpush_subscriptions (id, topic, expiration, push_resource, public_key, public_key_type, auth_secret) VALUES (?, ?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 7
+    },
+    "nullable": []
+  },
+  "hash": "6d08d3a014743da9b445ab012437ec11f81fd86d3b02fc1df07a036c6b47ace2"
+}

.sqlx/query-77ad562b6d78115ebb726d58cf1e4de69df169c1872cb452488ff8c43ed983a9.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        INSERT INTO calendarobjectchangelog (principal, cal_id, object_id, \"operation\", synctoken)\n        VALUES (?1, ?2, ?3, ?4, (\n            SELECT synctoken FROM calendars WHERE (principal, id) = (?1, ?2)\n        ))",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "77ad562b6d78115ebb726d58cf1e4de69df169c1872cb452488ff8c43ed983a9"
+}

.sqlx/query-7d4348f04ea5ac82e0f362240fb677740288c963c24b85de11bad011ec5da4bc.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM addressobjects WHERE addressbook_id = ? AND id = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "7d4348f04ea5ac82e0f362240fb677740288c963c24b85de11bad011ec5da4bc"
+}

.sqlx/query-7e874304170bef19ceb6f96b3d9803ce6d4553cc2bd57b05d1e546e857f995cf.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendarobjects SET deleted_at = datetime(), updated_at = datetime() WHERE (principal, cal_id, id) = (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "7e874304170bef19ceb6f96b3d9803ce6d4553cc2bd57b05d1e546e857f995cf"
+}

.sqlx/query-809600b79c012e77c5efabe5d355a8b188f23826a723030807dedc96fd24fdcc.json

@@ -0,0 +1,56 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, topic, expiration, push_resource, public_key, public_key_type, auth_secret\n                FROM davpush_subscriptions\n                WHERE (topic) = (?)",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "topic",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "expiration",
+        "ordinal": 2,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "push_resource",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "public_key",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "public_key_type",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "auth_secret",
+        "ordinal": 6,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "809600b79c012e77c5efabe5d355a8b188f23826a723030807dedc96fd24fdcc"
+}

.sqlx/query-879e2717335db3b04884fc91173c8507272f1804b27b6a7f61cbe1fbb01265cd.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM memberships WHERE (principal, member_of) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "879e2717335db3b04884fc91173c8507272f1804b27b6a7f61cbe1fbb01265cd"
+}

.sqlx/query-95dce97b2e3224c327690c36777e3ece84a9529551696198b745dd8c743c8a38.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "\n            SELECT id, displayname, principal_type, password_hash, json_group_array(member_of) AS \"memberships: Json<Vec<Option<String>>>\"\n            FROM (SELECT * FROM principals WHERE id = ?) AS principals\n            LEFT JOIN memberships ON principals.id == memberships.principal\n            GROUP BY principals.id\n        ",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "principal_type",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "memberships: Json<Vec<Option<String>>>",
+        "ordinal": 4,
+        "type_info": "Null"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      true,
+      null
+    ]
+  },
+  "hash": "95dce97b2e3224c327690c36777e3ece84a9529551696198b745dd8c743c8a38"
+}

.sqlx/query-98dba6ddce38d166ef325bbce6055d83fb0092619262c281a271bdc783a0aed9.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "REPLACE INTO addressobjects (principal, addressbook_id, id, vcf) VALUES (?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "98dba6ddce38d166ef325bbce6055d83fb0092619262c281a271bdc783a0aed9"
+}

.sqlx/query-9be5d6df7d30a9a85aece59be810bbbb203bab874860aa05eb311259e4baaf05.json

@@ -0,0 +1,56 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT principal, id, synctoken, displayname, description, deleted_at, push_topic\n                FROM addressbooks\n                WHERE principal = ? AND deleted_at IS NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 5,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 6,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      true,
+      false
+    ]
+  },
+  "hash": "9be5d6df7d30a9a85aece59be810bbbb203bab874860aa05eb311259e4baaf05"
+}

.sqlx/query-a4371f228f94afd8e6f4ac4b0f7d95b6bf86268b64e714fa7ca587eae9e5df15.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendars SET deleted_at = datetime() WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "a4371f228f94afd8e6f4ac4b0f7d95b6bf86268b64e714fa7ca587eae9e5df15"
+}

.sqlx/query-a8b4258868d238d9c226c44aec8c3c4d90d8e3ca526d4d60b340e868bbfd9ddb.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO addressobjects (principal, addressbook_id, id, vcf) VALUES (?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "a8b4258868d238d9c226c44aec8c3c4d90d8e3ca526d4d60b340e868bbfd9ddb"
+}

.sqlx/query-ac0f9e29ea8079c6900ffb0ebde699309fe8db1ac9f95c58bc9ce051b7d70299.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE addressobjects SET deleted_at = datetime(), updated_at = datetime() WHERE (principal, addressbook_id, id) = (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "ac0f9e29ea8079c6900ffb0ebde699309fe8db1ac9f95c58bc9ce051b7d70299"
+}

.sqlx/query-b89be55d6f76591f68520bbdf0ebb6d688b01ee63ae36936692cf1b4f434c7ee.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        UPDATE addressbooks\n        SET synctoken = synctoken + 1\n        WHERE (principal, id) = (?1, ?2)\n        RETURNING synctoken",
+  "describe": {
+    "columns": [
+      {
+        "name": "synctoken",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "b89be55d6f76591f68520bbdf0ebb6d688b01ee63ae36936692cf1b4f434c7ee"
+}

.sqlx/query-bb2fa030f2e7c7afdb38c5c54cb31de5293be332d86cf643977d479999542553.json

@@ -0,0 +1,104 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT *\n                FROM calendars\n                WHERE (principal, id) = (?, ?)\n                AND ((deleted_at IS NULL) OR ?) ",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "order",
+        "ordinal": 5,
+        "type_info": "Integer"
+      },
+      {
+        "name": "color",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 9,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "subscription_url",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "comp_event",
+        "ordinal": 12,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_todo",
+        "ordinal": 13,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_journal",
+        "ordinal": 14,
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "bb2fa030f2e7c7afdb38c5c54cb31de5293be332d86cf643977d479999542553"
+}

.sqlx/query-c550dbf3d5ce7069f28d767ea9045e477ef8d29d6186851760757a06dec42339.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, ics FROM calendarobjects\n                WHERE principal = ? AND cal_id = ? AND deleted_at IS NULL\n                    AND (last_occurence IS NULL OR ? IS NULL OR last_occurence >= date(?))\n                    AND (first_occurence IS NULL OR ? IS NULL OR first_occurence <= date(?))\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "ics",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 6
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "c550dbf3d5ce7069f28d767ea9045e477ef8d29d6186851760757a06dec42339"
+}

.sqlx/query-cbe4be47b2ca1eba485de258f522dec14540a6a9bf383fcde294e8fe14160f22.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                SELECT DISTINCT object_id, max(0, synctoken) as \"synctoken!: i64\" from calendarobjectchangelog\n                WHERE synctoken > ?\n                ORDER BY synctoken ASC\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "object_id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken!: i64",
+        "ordinal": 1,
+        "type_info": "Null"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      null
+    ]
+  },
+  "hash": "cbe4be47b2ca1eba485de258f522dec14540a6a9bf383fcde294e8fe14160f22"
+}

.sqlx/query-cce62f7829bd688cd8c7928b587bc31f0e50865c214b1df113350bea2c254237.json

@@ -0,0 +1,104 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT *\n                FROM calendars\n                WHERE principal = ? AND deleted_at IS NOT NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "order",
+        "ordinal": 5,
+        "type_info": "Integer"
+      },
+      {
+        "name": "color",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 9,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "subscription_url",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "comp_event",
+        "ordinal": 12,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_todo",
+        "ordinal": 13,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_journal",
+        "ordinal": 14,
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "cce62f7829bd688cd8c7928b587bc31f0e50865c214b1df113350bea2c254237"
+}

.sqlx/query-cedfb82b38fdd0c7681b9873b1008abee4a2f4ca16abad1b837f256d0bf416b1.json

@@ -0,0 +1,104 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT *\n                FROM calendars\n                WHERE principal = ? AND deleted_at IS NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "order",
+        "ordinal": 5,
+        "type_info": "Integer"
+      },
+      {
+        "name": "color",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "timezone_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 9,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "subscription_url",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "comp_event",
+        "ordinal": 12,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_todo",
+        "ordinal": 13,
+        "type_info": "Bool"
+      },
+      {
+        "name": "comp_journal",
+        "ordinal": 14,
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "cedfb82b38fdd0c7681b9873b1008abee4a2f4ca16abad1b837f256d0bf416b1"
+}

.sqlx/query-d65c9c40606e59dd816a51b9b9ac60fd2ff81aaa358fcc038134e9a68ba45ad7.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE calendars SET principal = ?, id = ?, displayname = ?, description = ?, \"order\" = ?, color = ?, timezone = ?, timezone_id = ?, push_topic = ?, comp_event = ?, comp_todo = ?, comp_journal = ?\n                WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 14
+    },
+    "nullable": []
+  },
+  "hash": "d65c9c40606e59dd816a51b9b9ac60fd2ff81aaa358fcc038134e9a68ba45ad7"
+}

.sqlx/query-d9f14260a46a7ccd137d462c35d350a7fe338a074131776596c5d803fcda1f48.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT length(ics) AS 'length!: u64', deleted_at AS 'deleted!: bool' FROM calendarobjects WHERE principal = ? AND cal_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "length!: u64",
+        "ordinal": 0,
+        "type_info": "Null"
+      },
+      {
+        "name": "deleted!: bool",
+        "ordinal": 1,
+        "type_info": "Datetime"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      null,
+      true
+    ]
+  },
+  "hash": "d9f14260a46a7ccd137d462c35d350a7fe338a074131776596c5d803fcda1f48"
+}

.sqlx/query-e5cf59ade11c09d90899cc9f87754a78a0ca9f7781fd252ebdaf4d2180fca3ba.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM calendarobjects WHERE cal_id = ? AND id = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "e5cf59ade11c09d90899cc9f87754a78a0ca9f7781fd252ebdaf4d2180fca3ba"
+}

.sqlx/query-e5ded4814aae1fc033bb90d27c745f76d3799958d929e8e8d16aa3ceff98e72d.json

@@ -0,0 +1,56 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT principal, id, synctoken, displayname, description, deleted_at, push_topic\n                FROM addressbooks\n                WHERE principal = ? AND deleted_at IS NOT NULL",
+  "describe": {
+    "columns": [
+      {
+        "name": "principal",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "synctoken",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "displayname",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "deleted_at",
+        "ordinal": 5,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "push_topic",
+        "ordinal": 6,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      true,
+      true,
+      false
+    ]
+  },
+  "hash": "e5ded4814aae1fc033bb90d27c745f76d3799958d929e8e8d16aa3ceff98e72d"
+}

.sqlx/query-e912be3352702bbf035b3ee6e9f239bf75a1ffef20211f1b1e895a67a2310960.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM davpush_subscriptions WHERE id = ? ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "e912be3352702bbf035b3ee6e9f239bf75a1ffef20211f1b1e895a67a2310960"
+}

.sqlx/query-e947709ba03b108765082d1c4cff3dd8cb485fba5819ac914e20cb8e97037da9.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "REPLACE INTO memberships (principal, member_of) VALUES (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "e947709ba03b108765082d1c4cff3dd8cb485fba5819ac914e20cb8e97037da9"
+}

.sqlx/query-ef6cf801df2237b82b55754f1b0a5da51089810fe7a0feb0d68ea801b4e2721c.json

@@ -0,0 +1,56 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, topic, expiration, push_resource, public_key, public_key_type, auth_secret\n                FROM davpush_subscriptions\n                WHERE (id) = (?)",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "topic",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "expiration",
+        "ordinal": 2,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "push_resource",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "public_key",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "public_key_type",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "auth_secret",
+        "ordinal": 6,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "ef6cf801df2237b82b55754f1b0a5da51089810fe7a0feb0d68ea801b4e2721c"
+}

.sqlx/query-fbd776efdbacf6ce039b5d9760b0de181a6f4e066c52bcac4c106118f5435fe7.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE addressbooks SET deleted_at = datetime() WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "fbd776efdbacf6ce039b5d9760b0de181a6f4e066c52bcac4c106118f5435fe7"
+}

.sqlx/query-fcc493f5e491abdac2c2d7d5f636c770e449daf8f5ab4873950ab126edfcce7b.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE addressbooks SET deleted_at = NULL WHERE (principal, id) = (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "fcc493f5e491abdac2c2d7d5f636c770e449daf8f5ab4873950ab126edfcce7b"
+}

Cargo.toml

@@ -2,7 +2,7 @@
 members = ["crates/*"]
 
 [workspace.package]
-version = "0.1.0"
+version = "0.7.0"
 edition = "2024"
 description = "A CalDAV server"
 repository = "https://github.com/lennart-k/rustical"
@@ -20,6 +20,7 @@ publish = false
 
 [features]
 debug = ["opentelemetry"]
+frontend-dev = ["rustical_frontend/dev"]
 opentelemetry = [
   "dep:opentelemetry",
   "dep:opentelemetry-otlp",
@@ -33,6 +34,7 @@ opentelemetry = [
 debug = 0
 
 [workspace.dependencies]
+matchit = "0.8"
 uuid = { version = "1.11", features = ["v4", "fast-rng"] }
 async-trait = "0.1"
 axum = "0.8"
@@ -94,7 +96,7 @@ strum_macros = "0.27"
 serde_json = { version = "1.0", features = ["raw_value"] }
 sqlx-sqlite = { version = "0.8", features = ["bundled"] }
 ical = { version = "0.11", features = ["generator", "serde"] }
-toml = "0.8"
+toml = "0.9"
 tower = "0.5"
 tower-http = { version = "0.6", features = [
   "trace",
@@ -124,7 +126,7 @@ syn = { version = "2.0", features = ["full"] }
 quote = "1.0"
 proc-macro2 = "1.0"
 heck = "0.5"
-darling = "0.20"
+darling = "0.21"
 reqwest = { version = "0.12", features = [
   "rustls-tls",
   "charset",
@@ -132,6 +134,13 @@ reqwest = { version = "0.12", features = [
 ], default-features = false }
 openidconnect = "4.0"
 clap = { version = "4.5", features = ["derive", "env"] }
+matchit-serde = { git = "https://github.com/lennart-k/matchit-serde", rev = "f0591d13" }
+vtimezones-rs = "0.1"
+ece = { version = "2.3", default-features = false, features = [
+  "backend-openssl",
+] }
+openssl = { version = "0.10", features = ["vendored"] }
+async-std = { version = "1.13", features = ["attributes"] }
 
 [dependencies]
 rustical_store = { workspace = true }

Dockerfile

@@ -1,11 +1,11 @@
-FROM --platform=$BUILDPLATFORM rust:1.86-alpine AS chef
+FROM --platform=$BUILDPLATFORM rust:1.88-alpine AS chef
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 
 # the compiler will otherwise ask for aarch64-linux-musl-gcc
 ENV CC_aarch64_unknown_linux_musl="clang"
-ENV AR_aarch64_unknown_linux_musl="llvm-ar"
+ENV AR_aarch64_unknown_linux_musl="llvm20-ar"
 ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-Clink-self-contained=yes -Clinker=rust-lld"
 
 # Stupid workaound with tempfiles since environment variables
@@ -16,7 +16,7 @@ RUN case $TARGETPLATFORM in \
   *) echo "Unsupported platform ${TARGETPLATFORM}"; exit 1;;  \
   esac
 
-RUN apk add --no-cache musl-dev llvm19 clang \
+RUN apk add --no-cache musl-dev llvm20 clang perl pkgconf make \
   && rustup target add "$(cat /tmp/rust_target)" \
   && cargo install cargo-chef --locked \
   && rm -rf "$CARGO_HOME/registry"

Justfile

@@ -1,2 +1,14 @@
 licenses:
   cargo about generate about.hbs > crates/frontend/public/assets/licenses.html
+
+frontend-dev:
+  cd crates/frontend/js-components && deno task dev
+
+frontend-build:
+  cd crates/frontend/js-components && deno task build
+
+docs:
+  mkdocs build
+
+docs-dev:
+  mkdocs serve

README.md

@@ -3,22 +3,23 @@
 a CalDAV/CardDAV server
 
 > [!WARNING]
-  RustiCal is **not production-ready!**
-  While I've started migrating to RustiCal and becoming more confident,
-  please know that bugs and rough edges will still occur.
-  Concretely, if you are using Apple Calendar you will want to stay away from assigning groups to users.
+  RustiCal is under **active development**!
+  While I've been successfully using RustiCal productively for a few weeks now,
+  you'd still be one of the first testers so expect bugs and rough edges.
   If you still want to play around with it in its current state, absolutely feel free to do so and to open up an issue if something is not working. :)
 
 ## Features
 
 - easy to backup, everything saved in one SQLite database
-- ~~[WebDAV Push](https://github.com/bitfireAT/webdav-push/) support, so near-instant synchronisation to DAVx5~~ (currently broken)
+  - also export feature in the frontend
+- **[WebDAV Push](https://github.com/bitfireAT/webdav-push/)** support, so near-instant synchronisation to DAVx5
 - lightweight (the container image contains only one binary)
 - adequately fast (I'd love to say blazingly fast™ :fire: but I don't have any benchmarks)
 - deleted calendars are recoverable
 - Nextcloud login flow (In DAVx5 you can login through the Nextcloud flow and automatically generate an app token)
 - Apple configuration profiles (skip copy-pasting passwords and instead generate the configuration in the frontend)
-- OpenID Connect support (with option to disable password login)
+- **OpenID Connect** support (with option to disable password login)
+- Group-based **sharing**
 
 ## Getting Started
 
@@ -30,3 +31,5 @@ a CalDAV/CardDAV server
 - GNOME Accounts, GNOME Calendar, GNOME Contacts
 - Evolution
 - Apple Calendar
+- Home Assistant integration
+- Thunderbird

about.toml

@@ -7,5 +7,6 @@ accepted = [
   "CDLA-Permissive-2.0",
   "Zlib",
   "AGPL-3.0",
+  "MPL-2.0",
 ]
 workarounds = ["ring", "chrono", "rustls"]

compose.oidc.yml

@@ -0,0 +1,22 @@
+services:
+  rustical:
+    image: ghcr.io/lennart-k/rustical:latest
+    restart: unless-stopped
+    environment:
+      RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: "false"
+      RUSTICAL_OIDC__NAME: "Authelia"
+      RUSTICAL_OIDC__ISSUER: "https://auth.example.com"
+      RUSTICAL_OIDC__CLIENT_ID: "{{ rustical_oidc_client_id }}"
+      RUSTICAL_OIDC__CLIENT_SECRET: "{{ rustical_oidc_client_secret }}"
+      RUSTICAL_OIDC__CLAIM_USERID: "preferred_username"
+      RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
+      RUSTICAL_OIDC__REQUIRE_GROUP: "app:rustical" # optional
+      RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
+    volumes:
+      - data:/var/lib/rustical
+    # Here you probably want to you expose instead
+    ports:
+      - 4000:4000
+
+volumes:
+  data:

crates/caldav/Cargo.toml

@@ -7,6 +7,11 @@ repository.workspace = true
 license.workspace = true
 publish = false
 
+[dev-dependencies]
+rustical_store_sqlite = { workspace = true, features = ["test"] }
+rstest.workspace = true
+async-std.workspace = true
+
 [dependencies]
 axum.workspace = true
 axum-extra.workspace = true
@@ -37,3 +42,4 @@ headers.workspace = true
 tower-http.workspace = true
 strum.workspace = true
 strum_macros.workspace = true
+vtimezones-rs.workspace = true

crates/caldav/src/calendar/methods/get.rs

@@ -4,12 +4,12 @@ use axum::body::Body;
 use axum::extract::State;
 use axum::{extract::Path, response::Response};
 use headers::{ContentType, HeaderMapExt};
-use http::{HeaderValue, StatusCode, header};
+use http::{HeaderValue, Method, StatusCode, header};
 use ical::generator::{Emitter, IcalCalendarBuilder};
 use ical::property::Property;
 use percent_encoding::{CONTROLS, utf8_percent_encode};
 use rustical_ical::{CalendarObjectComponent, EventObject, JournalObject, TodoObject};
-use rustical_store::{CalendarStore, SubscriptionStore, auth::User};
+use rustical_store::{CalendarStore, SubscriptionStore, auth::Principal};
 use std::collections::HashMap;
 use std::str::FromStr;
 use tracing::instrument;
@@ -18,18 +18,23 @@ use tracing::instrument;
 pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, calendar_id)): Path<(String, String)>,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, true)
+        .await?;
     if !user.is_principal(&calendar.principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, true)
+        .await?;
 
     let mut timezones = HashMap::new();
     let objects = cal_store.get_objects(&principal, &calendar_id).await?;
@@ -92,5 +97,9 @@ pub async fn route_get<C: CalendarStore, S: SubscriptionStore>(
         ))
         .unwrap(),
     );
-    Ok(resp.body(Body::new(ical_calendar.generate())).unwrap())
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
+        Ok(resp.body(Body::new(ical_calendar.generate())).unwrap())
+    }
 }

crates/caldav/src/calendar/methods/mkcalendar.rs

@@ -4,8 +4,9 @@ use crate::calendar::prop::SupportedCalendarComponentSet;
 use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use http::{Method, StatusCode};
+use rustical_dav::xml::HrefElement;
 use rustical_ical::CalendarObjectType;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{Calendar, CalendarStore, SubscriptionStore};
 use rustical_xml::{Unparsed, XmlDeserialize, XmlDocument, XmlRootTag};
 use tracing::instrument;
@@ -29,6 +30,8 @@ pub struct MkcolCalendarProp {
     resourcetype: Option<Unparsed>,
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     supported_calendar_component_set: Option<SupportedCalendarComponentSet>,
+    #[xml(ns = "rustical_dav::namespace::NS_CALENDARSERVER")]
+    source: Option<HrefElement>,
     // Ignore that property, we don't support it but also don't want to throw an error
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     #[allow(dead_code)]
@@ -60,7 +63,7 @@ struct MkcolRequest {
 #[instrument(skip(cal_store))]
 pub async fn route_mkcalendar<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
     method: Method,
     body: String,
@@ -69,24 +72,41 @@ pub async fn route_mkcalendar<C: CalendarStore, S: SubscriptionStore>(
         return Err(Error::Unauthorized);
     }
 
-    let request = match method.as_str() {
+    let mut request = match method.as_str() {
         "MKCALENDAR" => MkcalendarRequest::parse_str(&body)?.set.prop,
         "MKCOL" => MkcolRequest::parse_str(&body)?.set.prop,
         _ => unreachable!("We never call with another method"),
     };
 
+    if let Some("") = request.displayname.as_deref() {
+        request.displayname = None
+    }
+
+    let mut timezone = request.calendar_timezone;
+    if let Some(tzid) = request.calendar_timezone_id.as_ref() {
+        // Validate timezone id and set timezone accordingly
+        timezone = Some(
+            vtimezones_rs::VTIMEZONES
+                .get(tzid)
+                .ok_or(rustical_dav::Error::BadRequest(format!(
+                    "Invalid timezone-id: {tzid}"
+                )))?
+                .to_string(),
+        );
+    }
+
     let calendar = Calendar {
         id: cal_id.to_owned(),
         principal: principal.to_owned(),
         order: request.calendar_order.unwrap_or(0),
         displayname: request.displayname,
-        timezone: request.calendar_timezone,
+        timezone,
         timezone_id: request.calendar_timezone_id,
         color: request.calendar_color,
         description: request.calendar_description,
         deleted_at: None,
         synctoken: 0,
-        subscription_url: None,
+        subscription_url: request.source.map(|href| href.href),
         push_topic: uuid::Uuid::new_v4().to_string(),
         components: request
             .supported_calendar_component_set

crates/caldav/src/calendar/methods/mod.rs

@@ -1,4 +1,4 @@
-pub mod mkcalendar;
-// pub mod post;
 pub mod get;
+pub mod mkcalendar;
+pub mod post;
 pub mod report;

crates/caldav/src/calendar/methods/post.rs

@@ -1,12 +1,13 @@
 use crate::Error;
-use crate::calendar::resource::{CalendarResource, CalendarResourceService};
+use crate::calendar::CalendarResourceService;
+use crate::calendar::resource::CalendarResource;
 use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
-use http::{HeaderMap, StatusCode, header};
+use http::{HeaderMap, HeaderValue, StatusCode, header};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_dav_push::register::PushRegister;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{CalendarStore, Subscription, SubscriptionStore};
 use rustical_xml::XmlDocument;
 use tracing::instrument;
@@ -14,7 +15,7 @@ use tracing::instrument;
 #[instrument(skip(resource_service))]
 pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(resource_service): State<CalendarResourceService<C, S>>,
     body: String,
 ) -> Result<Response, Error> {
@@ -24,7 +25,7 @@ pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
 
     let calendar = resource_service
         .cal_store
-        .get_calendar(&principal, &cal_id)
+        .get_calendar(&principal, &cal_id, false)
         .await?;
     let calendar_resource = CalendarResource {
         cal: calendar,
@@ -73,20 +74,17 @@ pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
         .upsert_subscription(subscription)
         .await?;
 
-    // let location = req
-    //     .resource_map()
-    //     .url_for(&req, "subscription", &[sub_id])
-    //     .unwrap();
-    //
-    let location = "asd";
+    // TODO: make nicer
+    let location = format!("/push_subscription/{sub_id}");
     Ok((
         StatusCode::CREATED,
-        HeaderMap::from_iter([(header::LOCATION, location)]),
+        HeaderMap::from_iter([
+            (header::LOCATION, HeaderValue::from_str(&location).unwrap()),
+            (
+                header::EXPIRES,
+                HeaderValue::from_str(&expires.to_rfc2822()).unwrap(),
+            ),
+        ]),
     )
-        .into_response());
-
-    Ok(HttpResponse::Created()
-        .append_header((header::LOCATION, location.to_string()))
-        .append_header((header::EXPIRES, expires.to_rfc2822()))
-        .finish())
+        .into_response())
 }

crates/caldav/src/calendar/methods/report/calendar_multiget.rs

@@ -29,7 +29,7 @@ pub async fn get_objects_calendar_multiget<C: CalendarStore>(
         if let Some(filename) = href.strip_prefix(path) {
             let filename = filename.trim_start_matches("/");
             if let Some(object_id) = filename.strip_suffix(".ics") {
-                match store.get_object(principal, cal_id, object_id).await {
+                match store.get_object(principal, cal_id, object_id, false).await {
                     Ok(object) => result.push(object),
                     Err(rustical_store::Error::NotFound) => not_found.push(href.to_owned()),
                     Err(err) => return Err(err.into()),

crates/caldav/src/calendar/methods/report/calendar_query.rs

@@ -16,6 +16,7 @@ pub(crate) struct TimeRangeElement {
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
 #[allow(dead_code)]
+// https://www.rfc-editor.org/rfc/rfc4791#section-9.7.3
 struct ParamFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     is_not_defined: Option<()>,
@@ -32,11 +33,13 @@ struct TextMatchElement {
     #[xml(ty = "attr")]
     collation: String,
     #[xml(ty = "attr")]
-    negate_collation: String,
+    // "yes" or "no", default: "no"
+    negate_condition: Option<String>,
 }
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
 #[allow(dead_code)]
+// https://www.rfc-editor.org/rfc/rfc4791#section-9.7.2
 pub(crate) struct PropFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     is_not_defined: Option<()>,
@@ -46,6 +49,9 @@ pub(crate) struct PropFilterElement {
     text_match: Option<TextMatchElement>,
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", flatten)]
     param_filter: Vec<ParamFilterElement>,
+
+    #[xml(ty = "attr")]
+    name: String,
 }
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
@@ -61,7 +67,7 @@ pub(crate) struct CompFilterElement {
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", flatten)]
     pub(crate) comp_filter: Vec<CompFilterElement>,
 
-    #[xml(ns = "rustical_dav::namespace::NS_CALDAV", ty = "attr")]
+    #[xml(ty = "attr")]
     pub(crate) name: String,
 }
 
@@ -203,3 +209,102 @@ pub async fn get_objects_calendar_query<C: CalendarStore>(
     }
     Ok(objects)
 }
+
+#[cfg(test)]
+mod tests {
+    use rustical_dav::xml::PropElement;
+    use rustical_xml::XmlDocument;
+
+    use crate::{
+        calendar::methods::report::{
+            ReportRequest,
+            calendar_query::{
+                CalendarQueryRequest, CompFilterElement, FilterElement, ParamFilterElement,
+                PropFilterElement, TextMatchElement,
+            },
+        },
+        calendar_object::{CalendarObjectPropName, CalendarObjectPropWrapperName},
+    };
+
+    #[test]
+    fn calendar_query_7_8_7() {
+        const INPUT: &str = r#"
+            <?xml version="1.0" encoding="utf-8" ?>
+            <C:calendar-query xmlns:C="urn:ietf:params:xml:ns:caldav">
+                <D:prop xmlns:D="DAV:">
+                    <D:getetag/>
+                    <C:calendar-data/>
+                </D:prop>
+                <C:filter>
+                <C:comp-filter name="VCALENDAR">
+                    <C:comp-filter name="VEVENT">
+                        <C:prop-filter name="ATTENDEE">
+                            <C:text-match collation="i;ascii-casemap">mailto:lisa@example.com</C:text-match>
+                            <C:param-filter name="PARTSTAT">
+                                <C:text-match collation="i;ascii-casemap">NEEDS-ACTION</C:text-match>
+                            </C:param-filter>
+                        </C:prop-filter>
+                    </C:comp-filter>
+                </C:comp-filter>
+                </C:filter>
+            </C:calendar-query>
+        "#;
+
+        let report = ReportRequest::parse_str(INPUT).unwrap();
+        let calendar_query: CalendarQueryRequest =
+            if let ReportRequest::CalendarQuery(query) = report {
+                query
+            } else {
+                panic!()
+            };
+        assert_eq!(
+            calendar_query,
+            CalendarQueryRequest {
+                prop: rustical_dav::xml::PropfindType::Prop(PropElement(
+                    vec![
+                        CalendarObjectPropWrapperName::CalendarObject(
+                            CalendarObjectPropName::Getetag,
+                        ),
+                        CalendarObjectPropWrapperName::CalendarObject(
+                            CalendarObjectPropName::CalendarData(Default::default())
+                        ),
+                    ],
+                    vec![]
+                )),
+                filter: Some(FilterElement {
+                    comp_filter: CompFilterElement {
+                        is_not_defined: None,
+                        time_range: None,
+                        prop_filter: vec![],
+                        comp_filter: vec![CompFilterElement {
+                            prop_filter: vec![PropFilterElement {
+                                name: "ATTENDEE".to_owned(),
+                                text_match: Some(TextMatchElement {
+                                    collation: "i;ascii-casemap".to_owned(),
+                                    negate_condition: None
+                                }),
+                                is_not_defined: None,
+                                param_filter: vec![ParamFilterElement {
+                                    is_not_defined: None,
+                                    name: "PARTSTAT".to_owned(),
+                                    text_match: Some(TextMatchElement {
+                                        collation: "i;ascii-casemap".to_owned(),
+                                        negate_condition: None
+                                    }),
+                                }],
+                                time_range: None
+                            }],
+                            comp_filter: vec![],
+                            is_not_defined: None,
+                            name: "VEVENT".to_owned(),
+                            time_range: None
+                        }],
+                        name: "VCALENDAR".to_owned()
+                    }
+                }),
+                timezone: None,
+                timezone_id: None
+            }
+        )
+    }
+}

crates/caldav/src/calendar/methods/report/mod.rs

@@ -21,7 +21,7 @@ use rustical_dav::{
     },
 };
 use rustical_ical::CalendarObject;
-use rustical_store::{CalendarStore, SubscriptionStore, auth::User};
+use rustical_store::{CalendarStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument};
 use sync_collection::handle_sync_collection;
 use tracing::instrument;
@@ -56,7 +56,7 @@ fn objects_response(
     path: &str,
     principal: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     prop: &PropfindType<CalendarObjectPropWrapperName>,
 ) -> Result<MultistatusElement<CalendarObjectPropWrapper, String>, Error> {
     let mut responses = Vec::new();
@@ -67,7 +67,7 @@ fn objects_response(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, prop, puri, user)?,
+            .propfind(&path, prop, None, puri, user)?,
         );
     }
 
@@ -90,7 +90,7 @@ fn objects_response(
 #[instrument(skip(cal_store))]
 pub async fn route_report_calendar<C: CalendarStore, S: SubscriptionStore>(
     Path((principal, cal_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     Extension(puri): Extension<CalDavPrincipalUri>,
     State(CalendarResourceService { cal_store, .. }): State<CalendarResourceService<C, S>>,
     OriginalUri(uri): OriginalUri,

crates/caldav/src/calendar/methods/report/sync_collection.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
 };
 use rustical_store::{
     CalendarStore,
-    auth::User,
+    auth::Principal,
     synctoken::{format_synctoken, parse_synctoken},
 };
 
@@ -21,7 +21,7 @@ pub async fn handle_sync_collection<C: CalendarStore>(
     sync_collection: &SyncCollectionRequest<CalendarObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     cal_id: &str,
     cal_store: &C,
@@ -39,7 +39,7 @@ pub async fn handle_sync_collection<C: CalendarStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, &sync_collection.prop, puri, user)?,
+            .propfind(&path, &sync_collection.prop, None, puri, user)?,
         );
     }
 

crates/caldav/src/calendar/resource.rs

@@ -9,13 +9,12 @@ use rustical_dav::extensions::{
 use rustical_dav::privileges::UserPrivilegeSet;
 use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
 use rustical_dav::xml::{HrefElement, Resourcetype, ResourcetypeInner, SupportedReportSet};
-use rustical_dav_push::DavPushExtension;
+use rustical_dav_push::{DavPushExtension, DavPushExtensionProp};
 use rustical_ical::CalDateTime;
 use rustical_store::Calendar;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_xml::{EnumVariants, PropName};
 use rustical_xml::{XmlDeserialize, XmlSerialize};
-use std::str::FromStr;
 
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "CalendarPropName")]
@@ -34,7 +33,7 @@ pub enum CalendarProp {
     CalendarTimezoneId(Option<String>),
     #[xml(ns = "rustical_dav::namespace::NS_ICAL")]
     CalendarOrder(Option<i64>),
-    #[xml(ns = "rustical_dav::namespace::NS_CALDAV", skip_deserializing)]
+    #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
     SupportedCalendarComponentSet(SupportedCalendarComponentSet),
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV", skip_deserializing)]
     SupportedCalendarData(SupportedCalendarData),
@@ -58,7 +57,7 @@ pub enum CalendarProp {
 pub enum CalendarPropWrapper {
     Calendar(CalendarProp),
     SyncToken(SyncTokenExtensionProp),
-    // DavPush(DavPushExtensionProp),
+    DavPush(DavPushExtensionProp),
     Common(CommonPropertiesProp),
 }
 
@@ -95,9 +94,11 @@ impl DavPushExtension for CalendarResource {
 impl Resource for CalendarResource {
     type Prop = CalendarPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         if self.cal.subscription_url.is_none() {
@@ -119,7 +120,7 @@ impl Resource for CalendarResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &CalendarPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -166,9 +167,9 @@ impl Resource for CalendarResource {
             CalendarPropWrapperName::SyncToken(prop) => {
                 CalendarPropWrapper::SyncToken(SyncTokenExtension::get_prop(self, prop)?)
             }
-            // CalendarPropWrapperName::DavPush(prop) => {
-            //     CalendarPropWrapper::DavPush(DavPushExtension::get_prop(self, prop)?)
-            // }
+            CalendarPropWrapperName::DavPush(prop) => {
+                CalendarPropWrapper::DavPush(DavPushExtension::get_prop(self, prop)?)
+            }
             CalendarPropWrapperName::Common(prop) => CalendarPropWrapper::Common(
                 CommonPropertiesExtension::get_prop(self, puri, user, prop)?,
             ),
@@ -191,20 +192,22 @@ impl Resource for CalendarResource {
                 }
                 CalendarProp::CalendarTimezone(timezone) => {
                     // TODO: Ensure that timezone-id is also updated
+                    // We probably want to prohibit non-IANA timezones
                     self.cal.timezone = timezone;
                     Ok(())
                 }
                 CalendarProp::TimezoneServiceSet(_) => Err(rustical_dav::Error::PropReadOnly),
                 CalendarProp::CalendarTimezoneId(timezone_id) => {
                     if let Some(tzid) = &timezone_id {
-                        // Validate timezone id
-                        chrono_tz::Tz::from_str(tzid).map_err(|_| {
-                            rustical_dav::Error::BadRequest(format!(
-                                "Invalid timezone-id: {}",
-                                tzid
-                            ))
-                        })?;
-                        // TODO: Ensure that timezone is also updated (For now hope that clients play nice)
+                        // Validate timezone id and set timezone accordingly
+                        self.cal.timezone = Some(
+                            vtimezones_rs::VTIMEZONES
+                                .get(tzid)
+                                .ok_or(rustical_dav::Error::BadRequest(format!(
+                                    "Invalid timezone-id: {tzid}"
+                                )))?
+                                .to_string(),
+                        );
                     }
                     self.cal.timezone_id = timezone_id;
                     Ok(())
@@ -226,7 +229,7 @@ impl Resource for CalendarResource {
                 CalendarProp::MaxDateTime(_) => Err(rustical_dav::Error::PropReadOnly),
             },
             CalendarPropWrapper::SyncToken(prop) => SyncTokenExtension::set_prop(self, prop),
-            // CalendarPropWrapper::DavPush(prop) => DavPushExtension::set_prop(self, prop),
+            CalendarPropWrapper::DavPush(prop) => DavPushExtension::set_prop(self, prop),
             CalendarPropWrapper::Common(prop) => CommonPropertiesExtension::set_prop(self, prop),
         }
     }
@@ -270,7 +273,7 @@ impl Resource for CalendarResource {
                 CalendarPropName::MaxDateTime => Err(rustical_dav::Error::PropReadOnly),
             },
             CalendarPropWrapperName::SyncToken(prop) => SyncTokenExtension::remove_prop(self, prop),
-            // CalendarPropWrapperName::DavPush(prop) => DavPushExtension::remove_prop(self, prop),
+            CalendarPropWrapperName::DavPush(prop) => DavPushExtension::remove_prop(self, prop),
             CalendarPropWrapperName::Common(prop) => {
                 CommonPropertiesExtension::remove_prop(self, prop)
             }
@@ -289,8 +292,13 @@ impl Resource for CalendarResource {
         Some(&self.cal.principal)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
-        if self.cal.subscription_url.is_some() || self.read_only {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
+        if self.cal.subscription_url.is_some() {
+            return Ok(UserPrivilegeSet::owner_write_properties(
+                user.is_principal(&self.cal.principal),
+            ));
+        }
+        if self.read_only {
             return Ok(UserPrivilegeSet::owner_read(
                 user.is_principal(&self.cal.principal),
             ));
@@ -301,3 +309,15 @@ impl Resource for CalendarResource {
         ))
     }
 }
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn test_tzdb_version() {
+        // Ensure that both chrono_tz and vzic_rs use the same tzdb version
+        assert_eq!(
+            chrono_tz::IANA_TZDB_VERSION,
+            vtimezones_rs::IANA_TZDB_VERSION
+        );
+    }
+}

crates/caldav/src/calendar/service.rs

@@ -1,5 +1,6 @@
 use crate::calendar::methods::get::route_get;
 use crate::calendar::methods::mkcalendar::route_mkcalendar;
+use crate::calendar::methods::post::route_post;
 use crate::calendar::methods::report::route_report_calendar;
 use crate::calendar::resource::CalendarResource;
 use crate::calendar_object::CalendarObjectResourceService;
@@ -12,7 +13,7 @@ use axum::handler::Handler;
 use axum::response::Response;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::convert::Infallible;
 use std::sync::Arc;
@@ -47,16 +48,20 @@ impl<C: CalendarStore, S: SubscriptionStore> ResourceService for CalendarResourc
     type PathComponents = (String, String); // principal, calendar_id
     type Resource = CalendarResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
-    const DAV_HEADER: &str = "1, 3, access-control, calendar-access, calendar-proxy";
+    const DAV_HEADER: &str = "1, 3, access-control, calendar-access, webdav-push";
 
     async fn get_resource(
         &self,
         (principal, cal_id): &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Error> {
-        let calendar = self.cal_store.get_calendar(principal, cal_id).await?;
+        let calendar = self
+            .cal_store
+            .get_calendar(principal, cal_id, show_deleted)
+            .await?;
         Ok(CalendarResource {
             cal: calendar,
             read_only: self.cal_store.is_read_only(cal_id),
@@ -126,6 +131,13 @@ impl<C: CalendarStore, S: SubscriptionStore> AxumMethods for CalendarResourceSer
         })
     }
 
+    fn post() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
+        Some(|state, req| {
+            let mut service = Handler::with_state(route_post::<C, S>, state);
+            Box::pin(Service::call(&mut service, req))
+        })
+    }
+
     fn mkcalendar() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>>
     {
         Some(|state, req| {

crates/caldav/src/calendar_object/methods.rs

@@ -6,10 +6,10 @@ use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use axum_extra::TypedHeader;
 use headers::{ContentType, ETag, HeaderMapExt, IfNoneMatch};
-use http::{HeaderMap, StatusCode};
+use http::{HeaderMap, Method, StatusCode};
 use rustical_ical::CalendarObject;
 use rustical_store::CalendarStore;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use std::str::FromStr;
 use tracing::instrument;
 
@@ -21,26 +21,33 @@ pub async fn get_event<C: CalendarStore>(
         object_id,
     }): Path<CalendarObjectPathComponents>,
     State(CalendarObjectResourceService { cal_store }): State<CalendarObjectResourceService<C>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(crate::Error::Unauthorized);
     }
 
-    let calendar = cal_store.get_calendar(&principal, &calendar_id).await?;
+    let calendar = cal_store
+        .get_calendar(&principal, &calendar_id, false)
+        .await?;
     if !user.is_principal(&calendar.principal) {
         return Err(crate::Error::Unauthorized);
     }
 
     let event = cal_store
-        .get_object(&principal, &calendar_id, &object_id)
+        .get_object(&principal, &calendar_id, &object_id, false)
         .await?;
 
     let mut resp = Response::builder().status(StatusCode::OK);
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ETag::from_str(&event.get_etag()).unwrap());
     hdrs.typed_insert(ContentType::from_str("text/calendar").unwrap());
-    Ok(resp.body(Body::new(event.get_ics().to_owned())).unwrap())
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
+        Ok(resp.body(Body::new(event.get_ics().to_owned())).unwrap())
+    }
 }
 
 #[instrument(skip(cal_store))]
@@ -51,7 +58,7 @@ pub async fn put_event<C: CalendarStore>(
         object_id,
     }): Path<CalendarObjectPathComponents>,
     State(CalendarObjectResourceService { cal_store }): State<CalendarObjectResourceService<C>>,
-    user: User,
+    user: Principal,
     mut if_none_match: Option<TypedHeader<IfNoneMatch>>,
     header_map: HeaderMap,
     body: String,

crates/caldav/src/calendar_object/resource.rs

@@ -8,7 +8,7 @@ use rustical_dav::{
     xml::Resourcetype,
 };
 use rustical_ical::CalendarObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, From, Into)]
 pub struct CalendarObjectResource {
@@ -25,9 +25,11 @@ impl ResourceName for CalendarObjectResource {
 impl Resource for CalendarObjectResource {
     type Prop = CalendarObjectPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = false;
+    fn is_collection(&self) -> bool {
+        false
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[])
@@ -36,7 +38,7 @@ impl Resource for CalendarObjectResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &CalendarObjectPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -67,7 +69,6 @@ impl Resource for CalendarObjectResource {
     }
 
     fn get_displayname(&self) -> Option<&str> {
-        // TODO: Extract summary from object
         None
     }
 
@@ -79,7 +80,7 @@ impl Resource for CalendarObjectResource {
         Some(self.object.get_etag())
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal),
         ))

crates/caldav/src/calendar_object/service.rs

@@ -9,7 +9,7 @@ use async_trait::async_trait;
 use axum::{extract::Request, handler::Handler, response::Response};
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::{CalendarStore, auth::User};
+use rustical_store::{CalendarStore, auth::Principal};
 use serde::{Deserialize, Deserializer};
 use std::{convert::Infallible, sync::Arc};
 use tower::Service;
@@ -46,7 +46,7 @@ impl<C: CalendarStore> ResourceService for CalendarObjectResourceService<C> {
     type Resource = CalendarObjectResource;
     type MemberType = CalendarObjectResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, calendar-access";
@@ -58,10 +58,11 @@ impl<C: CalendarStore> ResourceService for CalendarObjectResourceService<C> {
             calendar_id,
             object_id,
         }: &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let object = self
             .cal_store
-            .get_object(principal, calendar_id, object_id)
+            .get_object(principal, calendar_id, object_id, show_deleted)
             .await?;
         Ok(CalendarObjectResource {
             object,

crates/caldav/src/lib.rs

@@ -1,12 +1,10 @@
-use axum::response::Redirect;
-use axum::routing::any;
 use axum::{Extension, Router};
 use derive_more::Constructor;
 use principal::PrincipalResourceService;
 use rustical_dav::resource::{PrincipalUri, ResourceService};
 use rustical_dav::resources::RootResourceService;
 use rustical_store::auth::middleware::AuthenticationLayer;
-use rustical_store::auth::{AuthenticationProvider, User};
+use rustical_store::auth::{AuthenticationProvider, Principal};
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::sync::Arc;
 
@@ -14,8 +12,6 @@ pub mod calendar;
 pub mod calendar_object;
 pub mod error;
 pub mod principal;
-// mod subscription;
-
 pub use error::Error;
 
 #[derive(Debug, Clone, Constructor)]
@@ -35,23 +31,18 @@ pub fn caldav_router<AP: AuthenticationProvider, C: CalendarStore, S: Subscripti
     auth_provider: Arc<AP>,
     store: Arc<C>,
     subscription_store: Arc<S>,
+    simplified_home_set: bool,
 ) -> Router {
-    let principal_service = PrincipalResourceService {
-        auth_provider: auth_provider.clone(),
-        sub_store: subscription_store.clone(),
-        cal_store: store.clone(),
-    };
-
-    Router::new()
-        .nest(
-            prefix,
-            RootResourceService::<_, User, CalDavPrincipalUri>::new(principal_service.clone())
-                .axum_router()
-                .layer(AuthenticationLayer::new(auth_provider))
-                .layer(Extension(CalDavPrincipalUri(prefix))),
-        )
-        .route(
-            "/.well-known/caldav",
-            any(async || Redirect::permanent(prefix)),
-        )
+    Router::new().nest(
+        prefix,
+        RootResourceService::<_, Principal, CalDavPrincipalUri>::new(PrincipalResourceService {
+            auth_provider: auth_provider.clone(),
+            sub_store: subscription_store.clone(),
+            cal_store: store.clone(),
+            simplified_home_set,
+        })
+        .axum_router()
+        .layer(AuthenticationLayer::new(auth_provider))
+        .layer(Extension(CalDavPrincipalUri(prefix))),
+    )
 }

crates/caldav/src/principal/mod.rs

@@ -5,17 +5,21 @@ use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
 use rustical_dav::xml::{
     GroupMemberSet, GroupMembership, Resourcetype, ResourcetypeInner, SupportedReportSet,
 };
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 mod service;
 pub use service::*;
 mod prop;
 pub use prop::*;
+#[cfg(test)]
+pub mod tests;
 
-#[derive(Clone)]
+#[derive(Debug, Clone)]
 pub struct PrincipalResource {
-    principal: User,
+    principal: Principal,
     members: Vec<String>,
+    // If true only return the principal as the calendar home set, otherwise also groups
+    simplified_home_set: bool,
 }
 
 impl ResourceName for PrincipalResource {
@@ -27,26 +31,23 @@ impl ResourceName for PrincipalResource {
 impl Resource for PrincipalResource {
     type Prop = PrincipalPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
             ResourcetypeInner(Some(rustical_dav::namespace::NS_DAV), "collection"),
             ResourcetypeInner(Some(rustical_dav::namespace::NS_DAV), "principal"),
-            // https://github.com/apple/ccs-calendarserver/blob/13c706b985fb728b9aab42dc0fef85aae21921c3/doc/Extensions/caldav-proxy.txt
-            ResourcetypeInner(
-                Some(rustical_dav::namespace::NS_CALENDARSERVER),
-                "calendar-proxy-write",
-            ),
         ])
     }
 
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &PrincipalPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         let principal_url = puri.principal_uri(&self.principal.id);
@@ -60,9 +61,17 @@ impl Resource for PrincipalResource {
                     PrincipalPropName::PrincipalUrl => {
                         PrincipalProp::PrincipalUrl(principal_url.into())
                     }
-                    PrincipalPropName::CalendarHomeSet => {
-                        PrincipalProp::CalendarHomeSet(principal_url.into())
-                    }
+                    PrincipalPropName::CalendarHomeSet => PrincipalProp::CalendarHomeSet(
+                        CalendarHomeSet(if self.simplified_home_set {
+                            vec![principal_url.into()]
+                        } else {
+                            self.principal
+                                .memberships()
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect()
+                        }),
+                    ),
                     PrincipalPropName::CalendarUserAddressSet => {
                         PrincipalProp::CalendarUserAddressSet(principal_url.into())
                     }
@@ -111,8 +120,8 @@ impl Resource for PrincipalResource {
         Some(&self.principal.id)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
-        Ok(UserPrivilegeSet::owner_read(
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
+        Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal.id),
         ))
     }

crates/caldav/src/principal/prop.rs

@@ -2,7 +2,7 @@ use rustical_dav::{
     extensions::CommonPropertiesProp,
     xml::{GroupMemberSet, GroupMembership, HrefElement, SupportedReportSet},
 };
-use rustical_store::auth::user::PrincipalType;
+use rustical_store::auth::PrincipalType;
 use rustical_xml::{EnumVariants, PropName, XmlDeserialize, XmlSerialize};
 use strum_macros::VariantArray;
 
@@ -31,9 +31,12 @@ pub enum PrincipalProp {
 
     // CalDAV (RFC 4791)
     #[xml(ns = "rustical_dav::namespace::NS_CALDAV")]
-    CalendarHomeSet(HrefElement),
+    CalendarHomeSet(CalendarHomeSet),
 }
 
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct CalendarHomeSet(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);
+
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "PrincipalPropWrapperName", untagged)]
 pub enum PrincipalPropWrapper {

crates/caldav/src/principal/service.rs

@@ -5,7 +5,7 @@ use crate::{CalDavPrincipalUri, Error};
 use async_trait::async_trait;
 use axum::Router;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::{AuthenticationProvider, User};
+use rustical_store::auth::{AuthenticationProvider, Principal};
 use rustical_store::{CalendarStore, SubscriptionStore};
 use std::sync::Arc;
 
@@ -18,6 +18,8 @@ pub struct PrincipalResourceService<
     pub(crate) auth_provider: Arc<AP>,
     pub(crate) sub_store: Arc<S>,
     pub(crate) cal_store: Arc<CS>,
+    // If true only return the principal as the calendar home set, otherwise also groups
+    pub(crate) simplified_home_set: bool,
 }
 
 impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Clone
@@ -28,6 +30,7 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Clone
             auth_provider: self.auth_provider.clone(),
             sub_store: self.sub_store.clone(),
             cal_store: self.cal_store.clone(),
+            simplified_home_set: self.simplified_home_set,
         }
     }
 }
@@ -40,14 +43,15 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Resour
     type MemberType = CalendarResource;
     type Resource = PrincipalResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CalDavPrincipalUri;
 
-    const DAV_HEADER: &str = "1, 3, access-control, calendar-access, calendar-proxy";
+    const DAV_HEADER: &str = "1, 3, access-control, calendar-access";
 
     async fn get_resource(
         &self,
         (principal,): &Self::PathComponents,
+        _show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let user = self
             .auth_provider
@@ -57,6 +61,7 @@ impl<AP: AuthenticationProvider, S: SubscriptionStore, CS: CalendarStore> Resour
         Ok(PrincipalResource {
             members: self.auth_provider.list_members(&user.id).await?,
             principal: user,
+            simplified_home_set: self.simplified_home_set,
         })
     }
 

crates/caldav/src/principal/tests.rs

@@ -0,0 +1,47 @@
+use std::sync::Arc;
+
+use crate::principal::PrincipalResourceService;
+use rstest::rstest;
+use rustical_dav::resource::ResourceService;
+use rustical_store_sqlite::{
+    SqliteStore,
+    calendar_store::SqliteCalendarStore,
+    principal_store::SqlitePrincipalStore,
+    tests::{get_test_calendar_store, get_test_principal_store, get_test_subscription_store},
+};
+
+#[rstest]
+#[tokio::test]
+async fn test_principal_resource(
+    #[from(get_test_calendar_store)]
+    #[future]
+    cal_store: SqliteCalendarStore,
+    #[from(get_test_principal_store)]
+    #[future]
+    auth_provider: SqlitePrincipalStore,
+    #[from(get_test_subscription_store)]
+    #[future]
+    sub_store: SqliteStore,
+) {
+    let service = PrincipalResourceService {
+        cal_store: Arc::new(cal_store.await),
+        sub_store: Arc::new(sub_store.await),
+        auth_provider: Arc::new(auth_provider.await),
+        simplified_home_set: false,
+    };
+
+    assert!(matches!(
+        service
+            .get_resource(&("invalid-user".to_owned(),), true)
+            .await,
+        Err(crate::Error::NotFound)
+    ));
+
+    let _principal_resource = service
+        .get_resource(&("user".to_owned(),), true)
+        .await
+        .unwrap();
+}
+
+#[tokio::test]
+async fn test_propfind() {}

crates/caldav/src/subscription.rs

@@ -1,33 +0,0 @@
-use std::sync::Arc;
-
-use actix_web::{
-    HttpResponse,
-    web::{self, Data, Path},
-};
-use rustical_dav::xml::multistatus::PropstatElement;
-use rustical_store::SubscriptionStore;
-use rustical_xml::{XmlRootTag, XmlSerialize};
-
-use crate::calendar::resource::CalendarProp;
-
-async fn handle_delete<S: SubscriptionStore>(
-    store: Data<S>,
-    path: Path<String>,
-) -> Result<HttpResponse, rustical_store::Error> {
-    let id = path.into_inner();
-    store.delete_subscription(&id).await?;
-    Ok(HttpResponse::NoContent().body("Unregistered"))
-}
-
-pub fn subscription_resource<S: SubscriptionStore>(sub_store: Arc<S>) -> actix_web::Resource {
-    web::resource("/subscription/{id}")
-        .app_data(Data::from(sub_store))
-        .name("subscription")
-        .delete(handle_delete::<S>)
-}
-
-#[derive(XmlSerialize, XmlRootTag)]
-#[xml(root = b"push-message", ns = "rustical_dav::namespace::NS_DAVPUSH")]
-pub struct PushMessage {
-    propstat: PropstatElement<CalendarProp>,
-}

crates/carddav/src/address_object/methods.rs

@@ -7,12 +7,13 @@ use axum::extract::{Path, State};
 use axum::response::{IntoResponse, Response};
 use axum_extra::TypedHeader;
 use axum_extra::headers::{ContentType, ETag, HeaderMapExt, IfNoneMatch};
+use http::Method;
 use http::{HeaderMap, StatusCode};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_ical::AddressObject;
 use rustical_store::AddressbookStore;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use std::str::FromStr;
 use tracing::instrument;
 
@@ -24,7 +25,8 @@ pub async fn get_object<AS: AddressbookStore>(
         object_id,
     }): Path<AddressObjectPathComponents>,
     State(AddressObjectResourceService { addr_store }): State<AddressObjectResourceService<AS>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
@@ -49,7 +51,11 @@ pub async fn get_object<AS: AddressbookStore>(
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ETag::from_str(&object.get_etag()).unwrap());
     hdrs.typed_insert(ContentType::from_str("text/vcard").unwrap());
-    Ok(resp.body(Body::new(object.get_vcf().to_owned())).unwrap())
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
+        Ok(resp.body(Body::new(object.get_vcf().to_owned())).unwrap())
+    }
 }
 
 #[instrument(skip(addr_store, body))]
@@ -60,7 +66,7 @@ pub async fn put_object<AS: AddressbookStore>(
         object_id,
     }): Path<AddressObjectPathComponents>,
     State(AddressObjectResourceService { addr_store }): State<AddressObjectResourceService<AS>>,
-    user: User,
+    user: Principal,
     mut if_none_match: Option<TypedHeader<IfNoneMatch>>,
     header_map: HeaderMap,
     body: String,

crates/carddav/src/address_object/resource.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
     xml::Resourcetype,
 };
 use rustical_ical::AddressObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, From, Into)]
 pub struct AddressObjectResource {
@@ -30,9 +30,11 @@ impl ResourceName for AddressObjectResource {
 impl Resource for AddressObjectResource {
     type Prop = AddressObjectPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = false;
+    fn is_collection(&self) -> bool {
+        false
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[])
@@ -41,7 +43,7 @@ impl Resource for AddressObjectResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &AddressObjectPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -76,7 +78,7 @@ impl Resource for AddressObjectResource {
         Some(self.object.get_etag())
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal),
         ))

crates/carddav/src/address_object/service.rs

@@ -5,7 +5,7 @@ use axum::{extract::Request, handler::Handler, response::Response};
 use derive_more::derive::Constructor;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::{AddressbookStore, auth::User};
+use rustical_store::{AddressbookStore, auth::Principal};
 use serde::{Deserialize, Deserializer};
 use std::{convert::Infallible, sync::Arc};
 use tower::Service;
@@ -37,7 +37,7 @@ impl<AS: AddressbookStore> ResourceService for AddressObjectResourceService<AS>
     type Resource = AddressObjectResource;
     type MemberType = AddressObjectResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CardDavPrincipalUri;
 
     const DAV_HEADER: &str = "1, 3, access-control, addressbook";
@@ -49,10 +49,11 @@ impl<AS: AddressbookStore> ResourceService for AddressObjectResourceService<AS>
             addressbook_id,
             object_id,
         }: &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Self::Error> {
         let object = self
             .addr_store
-            .get_object(principal, addressbook_id, object_id, false)
+            .get_object(principal, addressbook_id, object_id, show_deleted)
             .await?;
         Ok(AddressObjectResource {
             object,

crates/carddav/src/addressbook/methods/get.rs

@@ -5,12 +5,12 @@ use axum::body::Body;
 use axum::extract::{Path, State};
 use axum::response::Response;
 use axum_extra::headers::{ContentType, HeaderMapExt};
-use http::{HeaderValue, StatusCode, header};
+use http::{HeaderValue, Method, StatusCode, header};
 use percent_encoding::{CONTROLS, utf8_percent_encode};
 use rustical_dav::privileges::UserPrivilege;
 use rustical_dav::resource::Resource;
 use rustical_ical::AddressObject;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, SubscriptionStore};
 use std::str::FromStr;
 use tracing::instrument;
@@ -19,7 +19,8 @@ use tracing::instrument;
 pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
-    user: User,
+    user: Principal,
+    method: Method,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
@@ -46,7 +47,7 @@ pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
     let mut resp = Response::builder().status(StatusCode::OK);
     let hdrs = resp.headers_mut().unwrap();
     hdrs.typed_insert(ContentType::from_str("text/vcard").unwrap());
-    let filename = format!("{}_{}.vcf", principal, addressbook_id);
+    let filename = format!("{principal}_{addressbook_id}.vcf");
     let filename = utf8_percent_encode(&filename, CONTROLS);
     hdrs.insert(
         header::CONTENT_DISPOSITION,
@@ -55,5 +56,9 @@ pub async fn route_get<AS: AddressbookStore, S: SubscriptionStore>(
         ))
         .unwrap(),
     );
-    Ok(resp.body(Body::new(vcf)).unwrap())
+    if matches!(method, Method::HEAD) {
+        Ok(resp.body(Body::empty()).unwrap())
+    } else {
+        Ok(resp.body(Body::new(vcf)).unwrap())
+    }
 }

crates/carddav/src/addressbook/methods/mkcol.rs

@@ -4,7 +4,7 @@ use axum::{
     response::{IntoResponse, Response},
 };
 use http::StatusCode;
-use rustical_store::{Addressbook, AddressbookStore, SubscriptionStore, auth::User};
+use rustical_store::{Addressbook, AddressbookStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument, XmlRootTag};
 use tracing::instrument;
 
@@ -44,7 +44,7 @@ struct MkcolRequest {
 #[instrument(skip(addr_store))]
 pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
     body: String,
 ) -> Result<Response, Error> {
@@ -52,8 +52,10 @@ pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
         return Err(Error::Unauthorized);
     }
 
-    let request = MkcolRequest::parse_str(&body)?;
-    let request = request.set.prop;
+    let mut request = MkcolRequest::parse_str(&body)?.set.prop;
+    if let Some("") = request.displayname.as_deref() {
+        request.displayname = None
+    }
 
     let addressbook = Addressbook {
         id: addressbook_id.to_owned(),
@@ -86,15 +88,8 @@ pub async fn route_mkcol<AS: AddressbookStore, S: SubscriptionStore>(
         }
     }
 
-    match addr_store.insert_addressbook(addressbook).await {
-        // TODO: The spec says we should return a mkcol-response.
-        // However, it works without one but breaks on iPadOS when using an empty one :)
-        Ok(()) => Ok(StatusCode::CREATED.into_response()),
-        Err(err) => {
-            dbg!(err.to_string());
-            Err(err.into())
-        }
-    }
+    addr_store.insert_addressbook(addressbook).await?;
+    Ok(StatusCode::CREATED.into_response())
 }
 
 #[cfg(test)]

crates/carddav/src/addressbook/methods/mod.rs

@@ -1,5 +1,5 @@
-pub mod mkcol;
-// pub mod post;
 pub mod get;
+pub mod mkcol;
+pub mod post;
 pub mod put;
 pub mod report;

crates/carddav/src/addressbook/methods/post.rs

@@ -1,33 +1,40 @@
 use crate::Error;
-use crate::addressbook::resource::AddressbookResourceService;
-use actix_web::http::header;
-use actix_web::web::{Data, Path};
-use actix_web::{HttpRequest, HttpResponse};
+use crate::addressbook::AddressbookResourceService;
+use crate::addressbook::resource::AddressbookResource;
+use axum::extract::{Path, State};
+use axum::response::{IntoResponse, Response};
+use http::{HeaderMap, HeaderValue, StatusCode, header};
+use rustical_dav::privileges::UserPrivilege;
+use rustical_dav::resource::Resource;
 use rustical_dav_push::register::PushRegister;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, Subscription, SubscriptionStore};
 use rustical_xml::XmlDocument;
 use tracing::instrument;
-use tracing_actix_web::RootSpan;
 
-#[instrument(parent = root_span.id(), skip(resource_service, root_span, req))]
-pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
-    path: Path<(String, String)>,
+#[instrument(skip(resource_service))]
+pub async fn route_post<AS: AddressbookStore, S: SubscriptionStore>(
+    Path((principal, addr_id)): Path<(String, String)>,
+    user: Principal,
+    State(resource_service): State<AddressbookResourceService<AS, S>>,
     body: String,
-    user: User,
-    resource_service: Data<AddressbookResourceService<A, S>>,
-    root_span: RootSpan,
-    req: HttpRequest,
-) -> Result<HttpResponse, Error> {
-    let (principal, addressbook_id) = path.into_inner();
+) -> Result<Response, Error> {
     if !user.is_principal(&principal) {
         return Err(Error::Unauthorized);
     }
 
     let addressbook = resource_service
         .addr_store
-        .get_addressbook(&principal, &addressbook_id, false)
+        .get_addressbook(&principal, &addr_id, false)
         .await?;
+    let addressbook_resource = AddressbookResource(addressbook);
+    if !addressbook_resource
+        .get_user_privileges(&user)?
+        .has(&UserPrivilege::Read)
+    {
+        return Err(Error::Unauthorized);
+    }
+
     let request = PushRegister::parse_str(&body)?;
     let sub_id = uuid::Uuid::new_v4().to_string();
 
@@ -44,7 +51,7 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
             .web_push_subscription
             .push_resource
             .to_owned(),
-        topic: addressbook.push_topic,
+        topic: addressbook_resource.0.push_topic,
         expiration: expires.naive_local(),
         public_key: request
             .subscription
@@ -63,13 +70,17 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
         .upsert_subscription(subscription)
         .await?;
 
-    let location = req
-        .resource_map()
-        .url_for(&req, "subscription", &[sub_id])
-        .unwrap();
-
-    Ok(HttpResponse::Created()
-        .append_header((header::LOCATION, location.to_string()))
-        .append_header((header::EXPIRES, expires.to_rfc2822()))
-        .finish())
+    // TODO: make nicer
+    let location = format!("/push_subscription/{sub_id}");
+    Ok((
+        StatusCode::CREATED,
+        HeaderMap::from_iter([
+            (header::LOCATION, HeaderValue::from_str(&location).unwrap()),
+            (
+                header::EXPIRES,
+                HeaderValue::from_str(&expires.to_rfc2822()).unwrap(),
+            ),
+        ]),
+    )
+        .into_response())
 }

crates/carddav/src/addressbook/methods/put.rs

@@ -9,14 +9,14 @@ use http::StatusCode;
 use ical::VcardParser;
 use rustical_ical::AddressObject;
 use rustical_store::Addressbook;
-use rustical_store::{AddressbookStore, SubscriptionStore, auth::User};
+use rustical_store::{AddressbookStore, SubscriptionStore, auth::Principal};
 use tracing::instrument;
 
 #[instrument(skip(addr_store))]
 pub async fn route_put<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,
-    user: User,
+    user: Principal,
     body: String,
 ) -> Result<Response, Error> {
     if !user.is_principal(&principal) {

crates/carddav/src/addressbook/methods/report/addressbook_multiget.rs

@@ -10,7 +10,7 @@ use rustical_dav::{
     xml::{MultistatusElement, PropfindType, multistatus::ResponseElement},
 };
 use rustical_ical::AddressObject;
-use rustical_store::{AddressbookStore, auth::User};
+use rustical_store::{AddressbookStore, auth::Principal};
 use rustical_xml::XmlDeserialize;
 
 #[derive(XmlDeserialize, Clone, Debug, PartialEq)]
@@ -58,12 +58,13 @@ pub async fn get_objects_addressbook_multiget<AS: AddressbookStore>(
     Ok((result, not_found))
 }
 
+#[allow(clippy::too_many_arguments)]
 pub async fn handle_addressbook_multiget<AS: AddressbookStore>(
     addr_multiget: &AddressbookMultigetRequest,
     prop: &PropfindType<AddressObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     cal_id: &str,
     addr_store: &AS,
@@ -80,7 +81,7 @@ pub async fn handle_addressbook_multiget<AS: AddressbookStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, prop, puri, user)?,
+            .propfind(&path, prop, None, puri, user)?,
         );
     }
 

crates/carddav/src/addressbook/methods/report/mod.rs

@@ -9,7 +9,7 @@ use axum::{
     response::IntoResponse,
 };
 use rustical_dav::xml::{PropfindType, sync_collection::SyncCollectionRequest};
-use rustical_store::{AddressbookStore, SubscriptionStore, auth::User};
+use rustical_store::{AddressbookStore, SubscriptionStore, auth::Principal};
 use rustical_xml::{XmlDeserialize, XmlDocument};
 use sync_collection::handle_sync_collection;
 use tracing::instrument;
@@ -37,7 +37,7 @@ impl ReportRequest {
 #[instrument(skip(addr_store))]
 pub async fn route_report_addressbook<AS: AddressbookStore, S: SubscriptionStore>(
     Path((principal, addressbook_id)): Path<(String, String)>,
-    user: User,
+    user: Principal,
     OriginalUri(uri): OriginalUri,
     Extension(puri): Extension<CardDavPrincipalUri>,
     State(AddressbookResourceService { addr_store, .. }): State<AddressbookResourceService<AS, S>>,

crates/carddav/src/addressbook/methods/report/sync_collection.rs

@@ -13,7 +13,7 @@ use rustical_dav::{
 };
 use rustical_store::{
     AddressbookStore,
-    auth::User,
+    auth::Principal,
     synctoken::{format_synctoken, parse_synctoken},
 };
 
@@ -21,7 +21,7 @@ pub async fn handle_sync_collection<AS: AddressbookStore>(
     sync_collection: &SyncCollectionRequest<AddressObjectPropWrapperName>,
     path: &str,
     puri: &impl PrincipalUri,
-    user: &User,
+    user: &Principal,
     principal: &str,
     addressbook_id: &str,
     addr_store: &AS,
@@ -39,7 +39,7 @@ pub async fn handle_sync_collection<AS: AddressbookStore>(
                 object,
                 principal: principal.to_owned(),
             }
-            .propfind(&path, &sync_collection.prop, puri, user)?,
+            .propfind(&path, &sync_collection.prop, None, puri, user)?,
         );
     }
 

crates/carddav/src/addressbook/resource.rs

@@ -10,7 +10,7 @@ use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
 use rustical_dav::xml::{Resourcetype, ResourcetypeInner, SupportedReportSet};
 use rustical_dav_push::DavPushExtension;
 use rustical_store::Addressbook;
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 #[derive(Clone, Debug, From, Into)]
 pub struct AddressbookResource(pub(crate) Addressbook);
@@ -36,9 +36,11 @@ impl DavPushExtension for AddressbookResource {
 impl Resource for AddressbookResource {
     type Prop = AddressbookPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
@@ -50,7 +52,7 @@ impl Resource for AddressbookResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &AddressbookPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         Ok(match prop {
@@ -136,7 +138,7 @@ impl Resource for AddressbookResource {
         Some(&self.0.principal)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.0.principal),
         ))

crates/carddav/src/addressbook/service.rs

@@ -3,6 +3,7 @@ use super::methods::report::route_report_addressbook;
 use crate::address_object::AddressObjectResourceService;
 use crate::address_object::resource::AddressObjectResource;
 use crate::addressbook::methods::get::route_get;
+use crate::addressbook::methods::post::route_post;
 use crate::addressbook::methods::put::route_put;
 use crate::addressbook::resource::AddressbookResource;
 use crate::{CardDavPrincipalUri, Error};
@@ -13,7 +14,7 @@ use axum::handler::Handler;
 use axum::response::Response;
 use futures_util::future::BoxFuture;
 use rustical_dav::resource::{AxumMethods, ResourceService};
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 use rustical_store::{AddressbookStore, SubscriptionStore};
 use std::convert::Infallible;
 use std::sync::Arc;
@@ -50,18 +51,19 @@ impl<AS: AddressbookStore, S: SubscriptionStore> ResourceService
     type PathComponents = (String, String); // principal, addressbook_id
     type Resource = AddressbookResource;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
     type PrincipalUri = CardDavPrincipalUri;
 
-    const DAV_HEADER: &str = "1, 3, access-control, addressbook";
+    const DAV_HEADER: &str = "1, 3, access-control, addressbook, webdav-push";
 
     async fn get_resource(
         &self,
         (principal, addressbook_id): &Self::PathComponents,
+        show_deleted: bool,
     ) -> Result<Self::Resource, Error> {
         let addressbook = self
             .addr_store
-            .get_addressbook(principal, addressbook_id, false)
+            .get_addressbook(principal, addressbook_id, show_deleted)
             .await
             .map_err(|_e| Error::NotFound)?;
         Ok(addressbook.into())
@@ -130,6 +132,13 @@ impl<AS: AddressbookStore, S: SubscriptionStore> AxumMethods for AddressbookReso
         })
     }
 
+    fn post() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
+        Some(|state, req| {
+            let mut service = Handler::with_state(route_post::<AS, S>, state);
+            Box::pin(Service::call(&mut service, req))
+        })
+    }
+
     fn put() -> Option<fn(Self, Request) -> BoxFuture<'static, Result<Response, Infallible>>> {
         Some(|state, req| {
             let mut service = Handler::with_state(route_put::<AS, S>, state);

crates/carddav/src/lib.rs

@@ -9,7 +9,7 @@ use rustical_dav::resources::RootResourceService;
 use rustical_store::auth::middleware::AuthenticationLayer;
 use rustical_store::{
     AddressbookStore, SubscriptionStore,
-    auth::{AuthenticationProvider, User},
+    auth::{AuthenticationProvider, Principal},
 };
 use std::sync::Arc;
 
@@ -44,10 +44,12 @@ pub fn carddav_router<AP: AuthenticationProvider, A: AddressbookStore, S: Subscr
     Router::new()
         .nest(
             prefix,
-            RootResourceService::<_, User, CardDavPrincipalUri>::new(principal_service.clone())
-                .axum_router()
-                .layer(AuthenticationLayer::new(auth_provider))
-                .layer(Extension(CardDavPrincipalUri(prefix))),
+            RootResourceService::<_, Principal, CardDavPrincipalUri>::new(
+                principal_service.clone(),
+            )
+            .axum_router()
+            .layer(AuthenticationLayer::new(auth_provider))
+            .layer(Extension(CardDavPrincipalUri(prefix))),
         )
         .route(
             "/.well-known/carddav",

crates/carddav/src/principal/mod.rs

@@ -5,7 +5,7 @@ use rustical_dav::resource::{PrincipalUri, Resource, ResourceName};
 use rustical_dav::xml::{
     GroupMemberSet, GroupMembership, HrefElement, Resourcetype, ResourcetypeInner,
 };
-use rustical_store::auth::User;
+use rustical_store::auth::Principal;
 
 mod service;
 pub use service::*;
@@ -14,7 +14,7 @@ pub use prop::*;
 
 #[derive(Debug, Clone)]
 pub struct PrincipalResource {
-    principal: User,
+    principal: Principal,
     members: Vec<String>,
 }
 
@@ -27,9 +27,11 @@ impl ResourceName for PrincipalResource {
 impl Resource for PrincipalResource {
     type Prop = PrincipalPropWrapper;
     type Error = Error;
-    type Principal = User;
+    type Principal = Principal;
 
-    const IS_COLLECTION: bool = true;
+    fn is_collection(&self) -> bool {
+        true
+    }
 
     fn get_resourcetype(&self) -> Resourcetype {
         Resourcetype(&[
@@ -41,7 +43,7 @@ impl Resource for PrincipalResource {
     fn get_prop(
         &self,
         puri: &impl PrincipalUri,
-        user: &User,
+        user: &Principal,
         prop: &PrincipalPropWrapperName,
     ) -> Result<Self::Prop, Self::Error> {
         let principal_href = HrefElement::new(puri.principal_uri(&self.principal.id));
@@ -51,7 +53,13 @@ impl Resource for PrincipalResource {
                 PrincipalPropWrapper::Principal(match prop {
                     PrincipalPropName::PrincipalUrl => PrincipalProp::PrincipalUrl(principal_href),
                     PrincipalPropName::AddressbookHomeSet => {
-                        PrincipalProp::AddressbookHomeSet(principal_href)
+                        PrincipalProp::AddressbookHomeSet(AddressbookHomeSet(
+                            self.principal
+                                .memberships()
+                                .iter()
+                                .map(|principal| puri.principal_uri(principal).into())
+                                .collect(),
+                        ))
                     }
                     PrincipalPropName::PrincipalAddress => PrincipalProp::PrincipalAddress(None),
                     PrincipalPropName::GroupMembership => {
@@ -97,7 +105,7 @@ impl Resource for PrincipalResource {
         Some(&self.principal.id)
     }
 
-    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
+    fn get_user_privileges(&self, user: &Principal) -> Result<UserPrivilegeSet, Self::Error> {
         Ok(UserPrivilegeSet::owner_only(
             user.is_principal(&self.principal.id),
         ))

crates/carddav/src/principal/prop.rs

@@ -22,11 +22,14 @@ pub enum PrincipalProp {
 
     // CardDAV (RFC 6352)
     #[xml(ns = "rustical_dav::namespace::NS_CARDDAV")]
-    AddressbookHomeSet(HrefElement),
+    AddressbookHomeSet(AddressbookHomeSet),
     #[xml(ns = "rustical_dav::namespace::NS_CARDDAV")]
     PrincipalAddress(Option<HrefElement>),
 }
 
+#[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone)]
+pub struct AddressbookHomeSet(#[xml(ty = "untagged", flatten)] pub Vec<HrefElement>);
+
 #[derive(XmlDeserialize, XmlSerialize, PartialEq, Clone, EnumVariants, PropName)]
 #[xml(unit_variants_ident = "PrincipalPropWrapperName", untagged)]
 pub enum PrincipalPropWrapper {