# checker-dav

happyDomain checkers for **CalDAV** (RFC 4791) and **CardDAV** (RFC 6352)
servers. Discovery (RFC 6764) + OPTIONS + authenticated PROPFIND/REPORT
probes, with an opinionated HTML report that foregrounds common misconfigs.

Two binaries are produced from this module:

| Binary           | Checker ID | Entrypoint                      |
|------------------|------------|---------------------------------|
| `checker-caldav` | `caldav`   | `./cmd/checker-caldav`          |
| `checker-carddav`| `carddav`  | `./cmd/checker-carddav`         |

Shared code lives in `internal/dav/`: discovery, OPTIONS parsing, raw-XML
PROPFIND helpers, the rule set, and the HTML template.

## Build

```
make                   # builds both binaries
make checker-caldav    # one binary
make plugin            # .so plugins for in-process loading
make docker            # both Docker images
make test              # unit tests
```

## Run

```
./checker-caldav -listen :8080
```

The SDK exposes `/definition`, `/collect`, `/evaluate`, `/report`, and
`/health` as usual. Pass `Accept: text/html` on `/report` to get the HTML
view; the default is a JSON metrics dump.

## Options

Both checkers accept the same options:

- `domain_name` (auto-filled): required
- `username`, `password`: optional Basic credentials; unlock authenticated
  checks (principal, home-set, collections, REPORT probe)
- `context_url`: optional explicit override, bypasses `/.well-known` + SRV
- `timeout_seconds`: per-request HTTP timeout, default 10

## What is checked

1. **Discovery**: `/.well-known/{caldav,carddav}` (must 3xx, not 200),
   `_caldavs._tcp` / `_carddavs._tcp` SRV, TXT `path=` hint.
2. **Transport**: HTTPS reachable. TLS certificate validation is
   deliberately out of scope; a dedicated TLS checker covers that.
3. **OPTIONS**: `DAV:` advertises `calendar-access` or `addressbook`; Allow
   includes `PROPFIND` and `REPORT`; auth schemes captured for info.
4. **Principal**: PROPFIND `current-user-principal` (auth required).
5. **Home-set**: `calendar-home-set` / `addressbook-home-set`.
6. **Collections**: enumerate, record properties (`supported-calendar-component-set`,
   `supported-address-data`, display name, description, max size).
7. **REPORT probe**: issue a minimal `calendar-query` / `addressbook-query`
   against the first collection.
8. **Scheduling** (CalDAV only): if `calendar-schedule` is advertised,
   verify `schedule-inbox-URL` and `schedule-outbox-URL` on the principal.

The HTML report surfaces the most common failures at the top as callouts:

- `/.well-known` returns 200 instead of 301/302
- No SRV and no well-known → service unreachable
- Plaintext SRV record without secure counterpart
- Server does not advertise the required DAV class (wrong endpoint or stripping proxy)
- No credentials supplied → authenticated phase skipped

## Dependencies

- [`github.com/emersion/go-webdav`](https://github.com/emersion/go-webdav): CalDAV/CardDAV client
- [`git.happydns.org/checker-sdk-go`](https://git.happydns.org/happyDomain/checker-sdk-go): checker SDK