Update.

2025-10-03 06:46:11 +02:00 · 2025-10-03 06:46:11 +02:00 · 2a4045b298
commit 2a4045b298
parent 9457562600
9 changed files with 223 additions and 32 deletions
--- a/.env.example
+++ b/.env.example
@ -28,7 +28,7 @@ DB_VACUUM_INTERVAL=86400
 AUTH_METHODS=basic,digest

 # Secret key for JWT and session encryption (generate with: python -c "import secrets; print(secrets.token_hex(32))")
-JWT_SECRET_KEY=your-secret-key-here-change-this-in-production
+JWT_SECRET_KEY=defc76e4175b4d5ca6e156e483495ced

 # Session timeout in seconds (1 hour default)
 SESSION_TIMEOUT=3600
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@ debug_webdav.py
 test_propfind.sh
 test_cache.py
 *.db
+webdav-server
--- a/6
+++ b/6
@ -51,7 +51,7 @@ WORKDIR /app
 COPY --from=builder /install /usr/local

 # Copy application files
-COPY main.py .
+COPY main3.py .
 COPY gunicorn_config.py .
 COPY .env.example .env

@ -60,7 +60,7 @@ RUN mkdir -p /app/webdav /app/logs /app/backups && \
    chown -R webdav:webdav /app

 # Switch to non-root user
-USER webdav
+#USER webdav

 # Expose port
 EXPOSE 8080
@ -75,4 +75,4 @@ ENV HOST=0.0.0.0
 ENV PORT=8080

 # Run application
-CMD ["python", "main.py"]
+CMD ["python", "main3.py"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -113,7 +113,7 @@ services:
      - "443:443"
    
    volumes:
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx.conf:/etc/nginx/conf.d/webdav.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
      - ./logs/nginx:/var/log/nginx
--- a/main.py
+++ b/main.py
@ -1206,7 +1206,7 @@ async def create_default_user(db: Database):
        print("Please change this password immediately!")


-def main():
+def main(**kwargs):
    """Main entry point"""
    
    # Ensure WebDAV root directory exists
@ -1227,7 +1227,8 @@ def main():
        app,
        host=Config.HOST,
        port=Config.PORT,
-        access_log_format='%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"'
+        access_log_format='%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"',
+        **kwargs
    )


--- a/main3.py
+++ b/main3.py
@ -36,6 +36,25 @@ from dotenv import load_dotenv
 # Load environment variables
 load_dotenv()

+class Cache:
+    
+    def __init__(self):
+        self.cache = {}
+
+    def set(self, key, value):
+        self.cache[key] = value
+
+    def get(self, key):
+        return self.cache.get(key)
+
+    def clear(self):
+        self.cache.clear()
+
+    def delete(self, key):
+        try:
+            del self.cache[key]
+        except KeyError:
+            pass
 # ============================================================================
 # Configuration Management
 # ============================================================================
@ -80,7 +99,8 @@ class Database:
        self.db_path = db_path
        self._connection_lock = asyncio.Lock()
        self.init_database()
-    
+        self.property_cache = Cache()
+
    def get_connection(self) -> sqlite3.Connection:
        """Get database connection with row factory"""
        conn = sqlite3.connect(self.db_path, timeout=30.0, check_same_thread=False)
@ -238,18 +258,24 @@ class Database:

    async def get_properties(self, resource_path: str) -> List[Dict]:
        def _get():
+            result = self.property_cache.get(resource_path)
+            if result:
+                return result
            conn = self.get_connection()
            try:
                cursor = conn.cursor()
                cursor.execute('SELECT * FROM properties WHERE resource_path = ?', (resource_path,))
                properties = cursor.fetchall()
-                return [dict(prop) for prop in properties]
+                result = [dict(prop) for prop in properties]
+                self.property_cache.set(resource_path, result)
+                return result
            finally:
                conn.close()
        return await self.run_in_executor(_get)

    async def set_property(self, resource_path: str, namespace: str, property_name: str, property_value: str):
        def _set():
+            self.property_cache.delete(resource_path)
            conn = self.get_connection()
            try:
                cursor = conn.cursor()
@ -260,10 +286,12 @@ class Database:
                conn.commit()
            finally:
                conn.close()
+        
        await self.run_in_executor(_set)

    async def remove_property(self, resource_path: str, namespace: str, property_name: str):
        def _remove():
+            self.property_cache.delete(f"{resource_path}")
            conn = self.get_connection()
            try:
                cursor = conn.cursor()
@ -476,6 +504,7 @@ class WebDAVHandler:
            return ""

    async def handle_get(self, request: web.Request, user: Dict) -> web.Response:
+        
        path = self.get_physical_path(user['username'], request.path)
        if not await self.run_blocking_io(path.exists):
            raise web.HTTPNotFound()
@ -713,7 +742,8 @@ async def webdav_handler_func(request: web.Request):
    app = request.app
    auth_handler: AuthHandler = app['auth']
    webdav_handler: WebDAVHandler = app['webdav']
-    
+    app.shared['counter'] = os.getpid()
+    print(app.shared['counter'],os.getpid())
    # OPTIONS is often unauthenticated (pre-flight)
    if request.method == 'OPTIONS':
        return await webdav_handler.handle_options(request, {})
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -2,8 +2,11 @@
 # Nginx Configuration for WebDAV Server
 # Place this in: /etc/nginx/conf.d/webdav.conf
 # ============================================================================
-
 # Upstream backend
+upstream webdav_backend {
+    server webdav:8080 max_fails=3 fail_timeout=30s;
+    keepalive 32;
+}


 # HTTP Server - Redirect to HTTPS
@ -16,10 +19,6 @@ server {
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
-upstream webdav_backend {
-    server webdav:8080 max_fails=3 fail_timeout=30s;
-    keepalive 32;
-}
    # Redirect all other traffic to HTTPS
    location / {
        return 301 https://$server_name$request_uri;
@ -28,22 +27,6 @@ upstream webdav_backend {

 # HTTPS Server - Main WebDAV
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    server_name webdav.example.com;  # Change to your domain
-
-    # SSL Configuration
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
-    
-    # SSL Security Settings
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
    
    # Security Headers
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
@ -115,7 +98,6 @@ server {
        access_log off;
        log_not_found off;
    }
-}

 # ============================================================================
 # HTTP Configuration without SSL (for development only)
@ -151,3 +133,4 @@ server {
 #         proxy_buffering off;
 #     }
 # }
+}
--- a/nginx/conf.d/webdav.conf
+++ b/nginx/conf.d/webdav.conf
@ -0,0 +1,136 @@
+# ============================================================================
+# Nginx Configuration for WebDAV Server
+# Place this in: /etc/nginx/conf.d/webdav.conf
+# ============================================================================
+# Upstream backend
+upstream webdav_backend {
+    server webdav:8080 max_fails=3 fail_timeout=30s;
+    keepalive 32;
+}
+
+
+# HTTP Server - Redirect to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name webdav.example.com;  # Change to your domain
+
+    # Let's Encrypt ACME challenge
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    # Redirect all other traffic to HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS Server - Main WebDAV
+server {
+    
+    # Security Headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # WebDAV Specific Settings
+    client_max_body_size 1G;                # Maximum file size
+    client_body_buffer_size 128k;
+    client_body_timeout 300s;               # Timeout for client body
+    client_header_timeout 60s;
+    send_timeout 300s;                      # Timeout for sending response
+    
+    # Proxy buffering (disable for large files)
+    proxy_buffering off;
+    proxy_request_buffering off;
+    
+    # Timeouts
+    proxy_connect_timeout 60s;
+    proxy_send_timeout 300s;
+    proxy_read_timeout 300s;
+
+    # Logging
+    access_log /var/log/nginx/webdav_access.log combined;
+    error_log /var/log/nginx/webdav_error.log warn;
+
+    # Root location - WebDAV
+    location / {
+        # Proxy to backend
+        proxy_pass http://webdav_backend;
+        
+        # Standard proxy headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        # WebDAV specific headers
+        proxy_set_header Destination $http_destination;
+        proxy_set_header Depth $http_depth;
+        proxy_set_header Overwrite $http_overwrite;
+        proxy_set_header Lock-Token $http_lock_token;
+        proxy_set_header Timeout $http_timeout;
+        proxy_set_header If $http_if;
+        
+        # HTTP 1.1 support
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        
+        # Disable redirects
+        proxy_redirect off;
+        
+        # Handle errors
+        proxy_intercept_errors off;
+    }
+    
+    # Health check endpoint
+    location /health {
+        proxy_pass http://webdav_backend/health;
+        access_log off;
+    }
+    
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+# ============================================================================
+# HTTP Configuration without SSL (for development only)
+# ============================================================================
+
+# Uncomment this section for development without SSL
+# server {
+#     listen 80;
+#     listen [::]:80;
+#     server_name webdav.example.com;
+#
+#     client_max_body_size 1G;
+#     client_body_buffer_size 128k;
+#     client_body_timeout 300s;
+#     send_timeout 300s;
+#
+#     location / {
+#         proxy_pass http://webdav_backend;
+#         proxy_set_header Host $host;
+#         proxy_set_header X-Real-IP $remote_addr;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header X-Forwarded-Proto $scheme;
+#         
+#         # WebDAV headers
+#         proxy_set_header Destination $http_destination;
+#         proxy_set_header Depth $http_depth;
+#         proxy_set_header Overwrite $http_overwrite;
+#         proxy_set_header Lock-Token $http_lock_token;
+#         
+#         proxy_http_version 1.1;
+#         proxy_set_header Connection "";
+#         proxy_redirect off;
+#         proxy_buffering off;
+#     }
+# }
+}
--- a/prod.py
+++ b/prod.py
@ -0,0 +1,40 @@
+from multiprocessing import Process, Manager
+from socket import SOL_SOCKET, SO_REUSEADDR, socket
+from aiohttp import web
+import logging 
+
+logging.basicConfig(level=logging.DEBUG)
+
+from main3 import init_app
+import asyncio
+
+def serve_multiple(app,workers):
+    sock = socket()
+    sock.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.set_inheritable(True)
+    setattr(app,"shared",Manager().dict())  
+    app.shared['counter'] = 0
+    processes = []
+    for i in range(workers):
+        process = Process(
+            target=web.run_app,
+            name=f'worker-{i}',
+            kwargs=dict(app=app, sock=sock)
+        )
+        process.daemon = True
+        process.start()
+        processes.append(process)
+    
+    try:
+        for process in processes:
+            process.join()
+    except KeyboardInterrupt:
+        pass
+    finally:
+        for process in processes:
+            process.terminate()
+        sock.close()
+
+app = asyncio.run(init_app())
+serve_multiple(app, 3)