Update.

Browse Source
This commit is contained in:
retoor 2025-10-03 06:46:11 +02:00
parent 9457562600
commit 2a4045b298
9 changed files with 223 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env.example
View File

@ -28,7 +28,7 @@ DB_VACUUM_INTERVAL=86400
AUTH_METHODS=basic,digest AUTH_METHODS=basic,digest
# Secret key for JWT and session encryption (generate with: python -c "import secrets; print(secrets.token_hex(32))") # Secret key for JWT and session encryption (generate with: python -c "import secrets; print(secrets.token_hex(32))")
JWT_SECRET_KEY=your-secret-key-here-change-this-in-production JWT_SECRET_KEY=defc76e4175b4d5ca6e156e483495ced
# Session timeout in seconds (1 hour default) # Session timeout in seconds (1 hour default)
SESSION_TIMEOUT=3600 SESSION_TIMEOUT=3600

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ debug_webdav.py
test_propfind.sh test_propfind.sh
test_cache.py test_cache.py
*.db *.db
webdav-server

6
Dockerfile
View File

@ -51,7 +51,7 @@ WORKDIR /app
COPY --from=builder /install /usr/local COPY --from=builder /install /usr/local
# Copy application files # Copy application files
COPY main.py . COPY main3.py .
COPY gunicorn_config.py . COPY gunicorn_config.py .
COPY .env.example .env COPY .env.example .env
@ -60,7 +60,7 @@ RUN mkdir -p /app/webdav /app/logs /app/backups && \
chown -R webdav:webdav /app chown -R webdav:webdav /app
# Switch to non-root user # Switch to non-root user
USER webdav #USER webdav
# Expose port # Expose port
EXPOSE 8080 EXPOSE 8080
@ -75,4 +75,4 @@ ENV HOST=0.0.0.0
ENV PORT=8080 ENV PORT=8080
# Run application # Run application
CMD ["python", "main.py"] CMD ["python", "main3.py"]

2
docker-compose.yml
View File

@ -113,7 +113,7 @@ services:
- "443:443" - "443:443"
volumes: volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx.conf:/etc/nginx/conf.d/webdav.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/ssl:/etc/nginx/ssl:ro - ./nginx/ssl:/etc/nginx/ssl:ro
- ./logs/nginx:/var/log/nginx - ./logs/nginx:/var/log/nginx

5
main.py
View File

@ -1206,7 +1206,7 @@ async def create_default_user(db: Database):
print("Please change this password immediately!") print("Please change this password immediately!")
def main(): def main(**kwargs):
"""Main entry point""" """Main entry point"""
# Ensure WebDAV root directory exists # Ensure WebDAV root directory exists
@ -1227,7 +1227,8 @@ def main():
app, app,
host=Config.HOST, host=Config.HOST,
port=Config.PORT, port=Config.PORT,
access_log_format='%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"' access_log_format='%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"',
**kwargs
) )

34
main3.py
View File

@ -36,6 +36,25 @@ from dotenv import load_dotenv
# Load environment variables # Load environment variables
load_dotenv() load_dotenv()
class Cache:
def __init__(self):
self.cache = {}
def set(self, key, value):
self.cache[key] = value
def get(self, key):
return self.cache.get(key)
def clear(self):
self.cache.clear()
def delete(self, key):
try:
del self.cache[key]
except KeyError:
pass
# ============================================================================ # ============================================================================
# Configuration Management # Configuration Management
# ============================================================================ # ============================================================================
@ -80,6 +99,7 @@ class Database:
self.db_path = db_path self.db_path = db_path
self._connection_lock = asyncio.Lock() self._connection_lock = asyncio.Lock()
self.init_database() self.init_database()
self.property_cache = Cache()
def get_connection(self) -> sqlite3.Connection: def get_connection(self) -> sqlite3.Connection:
"""Get database connection with row factory""" """Get database connection with row factory"""
@ -238,18 +258,24 @@ class Database:
async def get_properties(self, resource_path: str) -> List[Dict]: async def get_properties(self, resource_path: str) -> List[Dict]:
def _get(): def _get():
result = self.property_cache.get(resource_path)
if result:
return result
conn = self.get_connection() conn = self.get_connection()
try: try:
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute('SELECT * FROM properties WHERE resource_path = ?', (resource_path,)) cursor.execute('SELECT * FROM properties WHERE resource_path = ?', (resource_path,))
properties = cursor.fetchall() properties = cursor.fetchall()
return [dict(prop) for prop in properties] result = [dict(prop) for prop in properties]
self.property_cache.set(resource_path, result)
return result
finally: finally:
conn.close() conn.close()
return await self.run_in_executor(_get) return await self.run_in_executor(_get)
async def set_property(self, resource_path: str, namespace: str, property_name: str, property_value: str): async def set_property(self, resource_path: str, namespace: str, property_name: str, property_value: str):
def _set(): def _set():
self.property_cache.delete(resource_path)
conn = self.get_connection() conn = self.get_connection()
try: try:
cursor = conn.cursor() cursor = conn.cursor()
@ -260,10 +286,12 @@ class Database:
conn.commit() conn.commit()
finally: finally:
conn.close() conn.close()
await self.run_in_executor(_set) await self.run_in_executor(_set)
async def remove_property(self, resource_path: str, namespace: str, property_name: str): async def remove_property(self, resource_path: str, namespace: str, property_name: str):
def _remove(): def _remove():
self.property_cache.delete(f"{resource_path}")
conn = self.get_connection() conn = self.get_connection()
try: try:
cursor = conn.cursor() cursor = conn.cursor()
@ -476,6 +504,7 @@ class WebDAVHandler:
return "" return ""
async def handle_get(self, request: web.Request, user: Dict) -> web.Response: async def handle_get(self, request: web.Request, user: Dict) -> web.Response:
path = self.get_physical_path(user['username'], request.path) path = self.get_physical_path(user['username'], request.path)
if not await self.run_blocking_io(path.exists): if not await self.run_blocking_io(path.exists):
raise web.HTTPNotFound() raise web.HTTPNotFound()
@ -713,7 +742,8 @@ async def webdav_handler_func(request: web.Request):
app = request.app app = request.app
auth_handler: AuthHandler = app['auth'] auth_handler: AuthHandler = app['auth']
webdav_handler: WebDAVHandler = app['webdav'] webdav_handler: WebDAVHandler = app['webdav']
app.shared['counter'] = os.getpid()
print(app.shared['counter'],os.getpid())
# OPTIONS is often unauthenticated (pre-flight) # OPTIONS is often unauthenticated (pre-flight)
if request.method == 'OPTIONS': if request.method == 'OPTIONS':
return await webdav_handler.handle_options(request, {}) return await webdav_handler.handle_options(request, {})

27
nginx/nginx.conf → nginx.conf
View File

@ -2,8 +2,11 @@
# Nginx Configuration for WebDAV Server # Nginx Configuration for WebDAV Server
# Place this in: /etc/nginx/conf.d/webdav.conf # Place this in: /etc/nginx/conf.d/webdav.conf
# ============================================================================ # ============================================================================
# Upstream backend # Upstream backend
upstream webdav_backend {
server webdav:8080 max_fails=3 fail_timeout=30s;
keepalive 32;
}
# HTTP Server - Redirect to HTTPS # HTTP Server - Redirect to HTTPS
@ -16,10 +19,6 @@ server {
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /var/www/certbot; root /var/www/certbot;
} }
upstream webdav_backend {
server webdav:8080 max_fails=3 fail_timeout=30s;
keepalive 32;
}
# Redirect all other traffic to HTTPS # Redirect all other traffic to HTTPS
location / { location / {
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
@ -28,22 +27,6 @@ upstream webdav_backend {
# HTTPS Server - Main WebDAV # HTTPS Server - Main WebDAV
server { server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webdav.example.com; # Change to your domain
# SSL Configuration
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# SSL Security Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
# Security Headers # Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
@ -115,7 +98,6 @@ server {
access_log off; access_log off;
log_not_found off; log_not_found off;
} }
}
# ============================================================================ # ============================================================================
# HTTP Configuration without SSL (for development only) # HTTP Configuration without SSL (for development only)
@ -151,3 +133,4 @@ server {
# proxy_buffering off; # proxy_buffering off;
# } # }
# } # }
}

136
nginx/conf.d/webdav.conf Normal file
View File

@ -0,0 +1,136 @@
# ============================================================================
# Nginx Configuration for WebDAV Server
# Place this in: /etc/nginx/conf.d/webdav.conf
# ============================================================================
# Upstream backend
upstream webdav_backend {
server webdav:8080 max_fails=3 fail_timeout=30s;
keepalive 32;
}
# HTTP Server - Redirect to HTTPS
server {
listen 80;
listen [::]:80;
server_name webdav.example.com; # Change to your domain
# Let's Encrypt ACME challenge
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# Redirect all other traffic to HTTPS
location / {
return 301 https://$server_name$request_uri;
}
}
# HTTPS Server - Main WebDAV
server {
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
# WebDAV Specific Settings
client_max_body_size 1G; # Maximum file size
client_body_buffer_size 128k;
client_body_timeout 300s; # Timeout for client body
client_header_timeout 60s;
send_timeout 300s; # Timeout for sending response
# Proxy buffering (disable for large files)
proxy_buffering off;
proxy_request_buffering off;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Logging
access_log /var/log/nginx/webdav_access.log combined;
error_log /var/log/nginx/webdav_error.log warn;
# Root location - WebDAV
location / {
# Proxy to backend
proxy_pass http://webdav_backend;
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# WebDAV specific headers
proxy_set_header Destination $http_destination;
proxy_set_header Depth $http_depth;
proxy_set_header Overwrite $http_overwrite;
proxy_set_header Lock-Token $http_lock_token;
proxy_set_header Timeout $http_timeout;
proxy_set_header If $http_if;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_set_header Connection "";
# Disable redirects
proxy_redirect off;
# Handle errors
proxy_intercept_errors off;
}
# Health check endpoint
location /health {
proxy_pass http://webdav_backend/health;
access_log off;
}
# Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# ============================================================================
# HTTP Configuration without SSL (for development only)
# ============================================================================
# Uncomment this section for development without SSL
# server {
# listen 80;
# listen [::]:80;
# server_name webdav.example.com;
#
# client_max_body_size 1G;
# client_body_buffer_size 128k;
# client_body_timeout 300s;
# send_timeout 300s;
#
# location / {
# proxy_pass http://webdav_backend;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
#
# # WebDAV headers
# proxy_set_header Destination $http_destination;
# proxy_set_header Depth $http_depth;
# proxy_set_header Overwrite $http_overwrite;
# proxy_set_header Lock-Token $http_lock_token;
#
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_redirect off;
# proxy_buffering off;
# }
# }
}

40
prod.py Normal file
View File

@ -0,0 +1,40 @@
from multiprocessing import Process, Manager
from socket import SOL_SOCKET, SO_REUSEADDR, socket
from aiohttp import web
import logging
logging.basicConfig(level=logging.DEBUG)
from main3 import init_app
import asyncio
def serve_multiple(app,workers):
sock = socket()
sock.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
sock.bind(('0.0.0.0', 8080))
sock.set_inheritable(True)
setattr(app,"shared",Manager().dict())
app.shared['counter'] = 0
processes = []
for i in range(workers):
process = Process(
target=web.run_app,
name=f'worker-{i}',
kwargs=dict(app=app, sock=sock)
)
process.daemon = True
process.start()
processes.append(process)
try:
for process in processes:
process.join()
except KeyboardInterrupt:
pass
finally:
for process in processes:
process.terminate()
sock.close()
app = asyncio.run(init_app())
serve_multiple(app, 3)