From: Lanius Trolling <lanius@laniustrolling.dev>
Date: Sun, 22 Dec 2024 21:00:37 +0000 (-0500)
Subject: Merge remote-tracking branch 'origin/master'
X-Git-Url: https://gitweb.starshipfights.net/?a=commitdiff_plain;h=88f4c4a2db4ab004599ce7cc72f46e31819b4574;p=factbooks

Merge remote-tracking branch 'origin/master'

# Conflicts:
#	src/main/kotlin/info/mechyrdia/route/ResourceWebDav.kt
---

88f4c4a2db4ab004599ce7cc72f46e31819b4574
diff --cc src/main/kotlin/info/mechyrdia/route/ResourceWebDav.kt
index 04eebdc,1d0949a..15742d1
--- a/src/main/kotlin/info/mechyrdia/route/ResourceWebDav.kt
+++ b/src/main/kotlin/info/mechyrdia/route/ResourceWebDav.kt
@@@ -44,8 -41,9 +44,8 @@@ import java.time.ZoneOffse
  import java.time.ZonedDateTime
  import java.time.format.DateTimeFormatter
  import java.util.Base64
 -import java.util.UUID
  
- const val WebDavDomainName = "http://localhost:8180"
+ const val WebDavDomainName = "https://dav.mechyrdia.info"
  
  private val dateTimeFormatter = DateTimeFormatter.ISO_OFFSET_DATE_TIME
  
@@@ -199,9 -197,9 +199,9 @@@ private val base64Decoder = Base64.getD
  
  fun ApplicationRequest.basicAuth(): Pair<String, String>? {
  	val auth = authorization() ?: return null
- 	if (!auth.startsWith(" ")) return null
+ 	if (!auth.startsWith("Basic ")) return null
  	val basic = auth.substring(6)
 -	return String(base64Decoder.decode(basic))
 +	return String(base64Decoder.decode(basic), Utf8)
  		.split(':', limit = 2)
  		.let { (user, pass) -> user to pass }
  }
@@@ -209,16 -207,13 +209,13 @@@
  suspend fun ApplicationCall.beforeWebDav() {
  	attributes.put(WebDavAttributeKey, true)
  	
 -	val (user, token) = request.basicAuth() ?: throw WebDavAuthRequired()
 -	val tokenData = WebDavToken.Table.get(Id(token)) ?: throw WebDavAuthRequired()
 +	response.header(HttpHeaders.DAV, "1,2")
  	
- 	if (Configuration.Current.isDevMode)
- 		return
- 	
 -	if (tokenData.holder.id != user.toNationId() || tokenData.validUntil < Instant.now())
 -		throw WebDavAuthRequired()
 +	val (tokenId, tokenPw) = request.basicAuth() ?: throw WebDavAuthRequired()
 +	val tokenData = WebDavToken.Table.get(Id(tokenId)) ?: throw WebDavAuthRequired()
  	
 -	response.header(HttpHeaders.DAV, "1,2")
 +	if (tokenData.validUntil < Instant.now() || !Argon2Hasher.verifyHash(tokenData.pwHash, tokenPw))
 +		throw WebDavAuthRequired()
  }
  
  suspend fun ApplicationCall.webDavOptions() {