🩹 back: webdav: Make CORS plugin leniant and continue evaluation, add…

… Realm to HTTP basic auth for compatibility with multiple clients
linagora · Oct 13, 2024 · 0478634 · 0478634
1 parent a671ba3
commit 0478634
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/tdrive/backend/node/src/core/platform/services/webserver/index.ts b/tdrive/backend/node/src/core/platform/services/webserver/index.ts
@@ -116,8 +116,15 @@ export default class WebServerService extends TdriveService<WebServerAPI> implem
       },
     });
     this.server.register(formbody);
-    //TODO Check that this doesn't cause issues, it may block the OPTIONS verb on the WebDAV path
-    this.server.register(corsPlugin, this.configuration.get<FastifyCorsOptions>("cors", {}));
+    //TODO Ensure the non strict and continuance to preflight isn't an issue in the rest of drive
+    this.server.register(corsPlugin, {
+      // This is required because WebDAV clients don't send CORS headers when querying OPTIONS
+      // See configuration at https://github.com/fastify/fastify-cors
+      strictPreflight: false,
+      // Need to pass on to Nephele to handle, seems ok with the other URLs
+      preflightContinue: true,
+      ...this.configuration.get<FastifyCorsOptions>("cors", {}),
+    });
 
     return this;
   }

diff --git a/tdrive/backend/node/src/services/webdav/nephele/authenticator.ts b/tdrive/backend/node/src/services/webdav/nephele/authenticator.ts
@@ -5,6 +5,8 @@ import { executionStorage } from "../../../core/platform/framework/execution-sto
 import { INepheleAuthenticator, INepheleAuthResponse, INepheleUser, NepheleModule } from "./loader";
 
 export function createAuthenticator(nephele: NepheleModule): INepheleAuthenticator {
+  const setAuthenticateHeader = (response: INepheleAuthResponse) =>
+    response.setHeader("WWW-Authenticate", 'Basic realm="Twake Drive WebDAV", charset="UTF-8"');
   return {
     authenticate: async (
       request: express.Request,
@@ -22,21 +24,21 @@ export function createAuthenticator(nephele: NepheleModule): INepheleAuthenticat
             password: devicePassword,
           });
           if (device.type !== DeviceTypesEnum.WebDAV)
-            throw new Error(`Invalid device ${deviceId} type, expected WebDAV`);
+            throw new nephele.UnauthorizedError(`Invalid device ${deviceId} type, expected WebDAV`);
           response.locals.user = {
             username: device.user_id,
             groupname: device.company_id,
           } as INepheleUser;
           executionStorage.getStore().user_id = device.user_id;
           executionStorage.getStore().company_id = device.company_id;
-          response.setHeader("WWW-Authenticate", "Basic");
+          setAuthenticateHeader(response);
           return response.locals.user;
         } catch (error) {
           throw new nephele.UnauthorizedError("Error while authorising");
         }
       } else {
         response.statusCode = 401;
-        response.setHeader("WWW-Authenticate", "Basic");
+        setAuthenticateHeader(response);
         throw new nephele.UnauthorizedError("Unauthorized user!");
       }
     },
@@ -45,7 +47,7 @@ export function createAuthenticator(nephele: NepheleModule): INepheleAuthenticat
       response: INepheleAuthResponse,
     ): Promise<void> => {
       // TODO: think about cleaning the user
-      response.set("WWW-Authenticate", "Basic");
+      setAuthenticateHeader(response);
     },
   };
 }