/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, you can obtain one at http://mozilla.org/MPL/2.0/. */ const EXPORTED_SYMBOLS = ["CalDAVServer"]; const PREFIX_BINDINGS = { c: "urn:ietf:params:xml:ns:caldav", cs: "http://calendarserver.org/ns/", d: "DAV:", i: "http://apple.com/ns/ical/", }; const NAMESPACE_STRING = Object.entries(PREFIX_BINDINGS) .map(([prefix, url]) => `xmlns:${prefix}="${url}"`) .join(" "); const { Assert } = ChromeUtils.importESModule("resource://testing-common/Assert.sys.mjs"); const { CommonUtils } = ChromeUtils.importESModule("resource://services-common/utils.sys.mjs"); const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js"); const logger = console.createInstance({ prefix: "CalDAVServer", maxLogLevel: "Log", }); // The response bodies Google sends if you exceed its rate limit. let MULTIGET_RATELIMIT_ERROR = ` `; let PROPFIND_RATELIMIT_ERROR = ` GData rateLimitExceeded Some text we're not looking at anyway `; var CalDAVServer = { items: new Map(), deletedItems: new Map(), changeCount: 0, server: null, isOpen: false, /** * The "current-user-privilege-set" in responses. Set to null to have no privilege set. */ privileges: "", open(username, password) { this.server = new HttpServer(); this.server.start(-1); this.isOpen = true; this.username = username; this.password = password; this.server.registerPathHandler("/ping", this.ping); this.reset(); }, reset() { this.items.clear(); this.deletedItems.clear(); this.changeCount = 0; this.privileges = ""; this.resetHandlers(); }, resetHandlers() { this.server.registerPathHandler("/.well-known/caldav", this.wellKnown.bind(this)); this.server.registerPathHandler("/principals/", this.principals.bind(this)); this.server.registerPathHandler("/principals/me/", this.myPrincipal.bind(this)); this.server.registerPathHandler("/calendars/me/", this.myCalendars.bind(this)); this.server.registerPathHandler(this.path, this.directoryHandler.bind(this)); this.server.registerPrefixHandler(this.path, this.itemHandler.bind(this)); }, close() { if (!this.isOpen) { return Promise.resolve(); } return new Promise(resolve => this.server.stop({ onStopped: () => { this.isOpen = false; resolve(); }, }) ); }, get origin() { return `http://localhost:${this.server.identity.primaryPort}`; }, get path() { return "/calendars/me/test/"; }, get url() { return `${this.origin}${this.path}`; }, get altPath() { return "/addressbooks/me/default/"; }, get altURL() { return `${this.origin}${this.altPath}`; }, checkAuth(request, response) { if (!this.username || !this.password) { return true; } if (!request.hasHeader("Authorization")) { response.setStatusLine("1.1", 401, "Unauthorized"); response.setHeader("WWW-Authenticate", `Basic realm="test"`); return false; } let value = request.getHeader("Authorization"); if (!value.startsWith("Basic ")) { response.setStatusLine("1.1", 401, "Unauthorized"); response.setHeader("WWW-Authenticate", `Basic realm="test"`); return false; } let [username, password] = atob(value.substring(6)).split(":"); if (username != this.username || password != this.password) { response.setStatusLine("1.1", 401, "Unauthorized"); response.setHeader("WWW-Authenticate", `Basic realm="test"`); return false; } return true; }, ping(request, response) { response.setStatusLine("1.1", 200, "OK"); response.setHeader("Content-Type", "text/plain"); response.write("pong"); }, wellKnown(request, response) { response.setStatusLine("1.1", 301, "Moved Permanently"); response.setHeader("Location", "/principals/"); }, principals(request, response) { if (!this.checkAuth(request, response)) { return; } let input = new DOMParser().parseFromString( CommonUtils.readBytesFromInputStream(request.bodyInputStream), "text/xml" ); let propNames = this._inputProps(input); let propValues = { "d:current-user-principal": "/principals/me/", }; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write( ` /principals/ ${this._outputProps(propNames, propValues)} `.replace(/>\s+<") ); }, myPrincipal(request, response) { if (!this.checkAuth(request, response)) { return; } let input = new DOMParser().parseFromString( CommonUtils.readBytesFromInputStream(request.bodyInputStream), "text/xml" ); let propNames = this._inputProps(input); let propValues = { "d:resourcetype": "", "c:calendar-home-set": "/calendars/me/", "c:calendar-user-address-set": `mailto:me@invalid`, "c:schedule-inbox-URL": "/calendars/me/inbox/", "c:schedule-outbox-URL": "/calendars/me/inbox/", }; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write( ` /principals/me/ ${this._outputProps(propNames, propValues)} `.replace(/>\s+<") ); }, myCalendars(request, response) { if (!this.checkAuth(request, response)) { return; } if (request.method == "OPTIONS") { response.setStatusLine("1.1", 200, "OK"); response.setHeader("DAV", "1,2,3, calendar-access, calendar-schedule"); return; } let input = new DOMParser().parseFromString( CommonUtils.readBytesFromInputStream(request.bodyInputStream), "text/xml" ); let propNames = this._inputProps(input); let propValues = { "d:resourcetype": "", "d:displayname": "CalDAV Test", "i:calendar-color": "#ff8000", "d:current-user-privilege-set": this.privileges, }; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write( ` /addressbooks/me/ ${this._outputProps(propNames, { "d:resourcetype": "", "d:displayname": "#calendars", })} ${this.path} ${this._outputProps(propNames, propValues)} `.replace(/>\s+<") ); }, /** Handle any requests to the calendar itself. */ directoryHandler(request, response) { if (!this.checkAuth(request, response)) { return; } if (request.method == "OPTIONS") { response.setStatusLine("1.1", 204, "No Content"); return; } let input = CommonUtils.readBytesFromInputStream(request.bodyInputStream); logger.log("C: " + input); input = new DOMParser().parseFromString(input, "text/xml"); switch (input.documentElement.localName) { case "calendar-query": Assert.equal(request.method, "REPORT"); Assert.equal(input.documentElement.namespaceURI, PREFIX_BINDINGS.c); this.calendarQuery(input, response); return; case "calendar-multiget": Assert.equal(request.method, "REPORT"); Assert.equal(input.documentElement.namespaceURI, PREFIX_BINDINGS.c); this.calendarMultiGet(input, response); return; case "propfind": Assert.equal(request.method, "PROPFIND"); Assert.equal(input.documentElement.namespaceURI, PREFIX_BINDINGS.d); this.propFind(input, request.hasHeader("Depth") ? request.getHeader("Depth") : 0, response); return; case "sync-collection": Assert.equal(request.method, "REPORT"); Assert.equal(input.documentElement.namespaceURI, PREFIX_BINDINGS.d); this.syncCollection(input, response); return; } Assert.report(true, undefined, undefined, "Should not have reached here"); response.setStatusLine("1.1", 404, "Not Found"); response.setHeader("Content-Type", "text/plain"); response.write(`No handler found for <${input.documentElement.localName}>`); }, calendarQuery(input, response) { let propNames = this._inputProps(input); let output = ``; for (let [href, item] of this.items) { output += this._itemResponse(href, item, propNames); } output += ``; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write(output.replace(/>\s+<")); logger.log("S: " + output.replace(/>\s+<")); }, async calendarMultiGet(input, response) { let propNames = this._inputProps(input); let output = ``; for (let href of input.querySelectorAll("href")) { href = href.textContent; let item = this.items.get(href); if (item) { output += this._itemResponse(href, item, propNames); } } output += ``; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write(output.replace(/>\s+<")); logger.log("S: " + output.replace(/>\s+<")); }, propFind(input, depth, response) { if (this.throwRateLimitErrors) { response.setStatusLine("1.1", 403, "Forbidden"); response.setHeader("Content-Type", "text/xml"); response.write(PROPFIND_RATELIMIT_ERROR); logger.log("S: " + PROPFIND_RATELIMIT_ERROR); return; } let propNames = this._inputProps(input); let propValues = { "d:resourcetype": "", "d:owner": "/principals/me/", "d:current-user-principal": "/principals/me/", "d:current-user-privilege-set": this.privileges, "d:supported-report-set": "" + "", "c:supported-calendar-component-set": "", "d:getcontenttype": "text/calendar; charset=utf-8", "c:calendar-home-set": `/calendars/me/`, "c:calendar-user-address-set": `mailto:me@invalid`, "c:schedule-inbox-url": `/calendars/me/inbox/`, "c:schedule-outbox-url": `/calendars/me/outbox/`, "cs:getctag": this.changeCount, "d:getetag": this.changeCount, }; let output = ` ${this.path} ${this._outputProps(propNames, propValues)} `; if (depth == 1) { for (let [href, item] of this.items) { output += this._itemResponse(href, item, propNames); } } output += ``; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write(output.replace(/>\s+<")); logger.log("S: " + output.replace(/>\s+<")); }, syncCollection(input, response) { if (this.throwRateLimitErrors) { response.setStatusLine("1.1", 403, "Forbidden"); response.setHeader("Content-Type", "text/xml"); response.write(MULTIGET_RATELIMIT_ERROR); logger.log("S: " + MULTIGET_RATELIMIT_ERROR); return; } // The maximum number of responses to make at any one request. let pageSize = 3; // The last-seen token. Changes before this won't be returned. let token = 0; // Which page of responses to return. let page = 0; let tokenStr = input.querySelector("sync-token")?.textContent.replace(/.*\//g, ""); if (tokenStr?.includes("#")) { [token, page] = tokenStr.split("#"); token = parseInt(token, 10); page = parseInt(page, 10); } else if (tokenStr) { token = parseInt(tokenStr, 10); } let nextPage = page + 1; // Collect all responses, even if we know some won't be returned. // This is a test, who cares about performance? let propNames = this._inputProps(input); let responses = []; for (let [href, item] of this.items) { if (item.changed > token) { responses.push(this._itemResponse(href, item, propNames)); } } for (let [href, deleted] of this.deletedItems) { if (deleted > token) { responses.push(` HTTP/1.1 404 Not Found ${href} HTTP/1.1 418 I'm a teapot `); } } let output = ``; // Use only the responses that match those requested. output += responses.slice(page * pageSize, nextPage * pageSize).join(""); if (responses.length > nextPage * pageSize) { output += ` HTTP/1.1 507 Insufficient Storage ${this.path} `; output += `http://mochi.test/sync/${token}#${nextPage}`; } else { output += `http://mochi.test/sync/${this.changeCount}`; } output += ``; response.setStatusLine("1.1", 207, "Multi-Status"); response.setHeader("Content-Type", "text/xml"); response.write(output.replace(/>\s+<")); logger.log("S: " + output.replace(/>\s+<")); }, _itemResponse(href, item, propNames) { let propValues = { "c:calendar-data": item.ics, "d:getetag": item.etag, "d:getcontenttype": "text/calendar; charset=utf-8; component=VEVENT", }; let outString = ` ${href} ${this._outputProps(propNames, propValues)} `; return outString; }, _inputProps(input) { let props = input.querySelectorAll("prop > *"); let propNames = []; for (let p of props) { Assert.equal(p.childElementCount, 0); switch (p.localName) { case "calendar-home-set": case "calendar-user-address-set": case "schedule-inbox-URL": case "schedule-outbox-URL": case "supported-calendar-component-set": case "calendar-data": Assert.equal(p.namespaceURI, PREFIX_BINDINGS.c); propNames.push(`c:${p.localName}`); break; case "getctag": Assert.equal(p.namespaceURI, PREFIX_BINDINGS.cs); propNames.push(`cs:${p.localName}`); break; case "getetag": case "owner": case "current-user-principal": case "current-user-privilege-set": case "supported-report-set": case "displayname": case "resourcetype": case "sync-token": case "getcontenttype": Assert.equal(p.namespaceURI, PREFIX_BINDINGS.d); propNames.push(`d:${p.localName}`); break; case "calendar-color": Assert.equal(p.namespaceURI, PREFIX_BINDINGS.i); propNames.push(`i:${p.localName}`); break; default: Assert.report(true, undefined, undefined, `Unknown property requested: ${p.nodeName}`); break; } } return propNames; }, _outputProps(propNames, propValues) { let output = ""; let found = []; let notFound = []; for (let p of propNames) { if (p in propValues && propValues[p] != null) { found.push(`<${p}>${propValues[p]}`); } else { notFound.push(`<${p}/>`); } } if (found.length > 0) { output += ` ${found.join("\n")} HTTP/1.1 200 OK `; } if (notFound.length > 0) { output += ` ${notFound.join("\n")} HTTP/1.1 404 Not Found `; } return output; }, /** Handle any requests to calendar items. */ itemHandler(request, response) { if (!this.checkAuth(request, response)) { return; } if (!/\/[\w-]+\.ics$/.test(request.path)) { response.setStatusLine("1.1", 404, "Not Found"); response.setHeader("Content-Type", "text/plain"); response.write(`Item not found at ${request.path}`); return; } switch (request.method) { case "GET": this.getItem(request, response); return; case "PUT": this.putItem(request, response); return; case "DELETE": this.deleteItem(request, response); return; } Assert.report(true, undefined, undefined, "Should not have reached here"); response.setStatusLine("1.1", 405, "Method Not Allowed"); response.setHeader("Content-Type", "text/plain"); response.write(`Method not allowed: ${request.method}`); }, async getItem(request, response) { let item = this.items.get(request.path); if (!item) { response.setStatusLine("1.1", 404, "Not Found"); response.setHeader("Content-Type", "text/plain"); response.write(`Item not found at ${request.path}`); return; } response.setStatusLine("1.1", 200, "OK"); response.setHeader("Content-Type", "text/calendar"); response.setHeader("ETag", item.etag); response.write(item.ics); }, async putItem(request, response) { if (request.hasHeader("If-Match")) { let item = this.items.get(request.path); if (!item || item.etag != request.getHeader("If-Match")) { response.setStatusLine("1.1", 412, "Precondition Failed"); return; } } response.processAsync(); let ics = CommonUtils.readBytesFromInputStream(request.bodyInputStream); await this.putItemInternal(request.path, ics); response.setStatusLine("1.1", 204, "No Content"); response.finish(); }, async putItemInternal(name, ics) { if (!name.startsWith("/")) { name = this.path + name; } let hash = await crypto.subtle.digest("sha-1", new TextEncoder().encode(ics)); let etag = Array.from(new Uint8Array(hash), c => c.toString(16).padStart(2, "0")).join(""); this.items.set(name, { etag, ics, changed: ++this.changeCount }); this.deletedItems.delete(name); }, deleteItem(request, response) { this.deleteItemInternal(request.path); response.setStatusLine("1.1", 204, "No Content"); }, deleteItemInternal(name) { if (!name.startsWith("/")) { name = this.path + name; } this.items.delete(name); this.deletedItems.set(name, ++this.changeCount); }, };