# checker-dav

happyDomain checkers for **CalDAV** (RFC 4791) and **CardDAV** (RFC 6352)
servers. Discovery (RFC 6764) + OPTIONS + authenticated PROPFIND/REPORT
probes, with an opinionated HTML report that foregrounds common misconfigs.

Two binaries are produced from this module:

| Binary           | Checker ID | Entrypoint                      |
|------------------|------------|---------------------------------|
| `checker-caldav` | `caldav`   | `./cmd/checker-caldav`          |
| `checker-carddav`| `carddav`  | `./cmd/checker-carddav`         |

Shared code lives in `internal/dav/`: discovery, OPTIONS parsing, raw-XML
PROPFIND helpers, the rule set, and the HTML template.

## Build

```
make                   # builds both binaries
make checker-caldav    # one binary
make plugin            # .so plugins for in-process loading
make docker            # both Docker images
make test              # unit tests
```

## Run

```
./checker-caldav -listen :8080
```

The SDK exposes `/definition`, `/collect`, `/evaluate`, `/report`, and
`/health` as usual. Pass `Accept: text/html` on `/report` to get the HTML
view; the default is a JSON metrics dump.

## Options

Both checkers accept the same options:

- `domain_name` (auto-filled) — required
- `username`, `password` — optional Basic credentials; unlock authenticated
  checks (principal, home-set, collections, REPORT probe)
- `context_url` — optional explicit override, bypasses `/.well-known` + SRV
- `timeout_seconds` — per-request HTTP timeout, default 10

## What is checked

1. **Discovery** — `/.well-known/{caldav,carddav}` (must 3xx, not 200),
   `_caldavs._tcp` / `_carddavs._tcp` SRV, TXT `path=` hint.
2. **Transport** — HTTPS reachable. TLS certificate validation is
   deliberately out of scope — a dedicated TLS checker covers that.
3. **OPTIONS** — `DAV:` advertises `calendar-access` or `addressbook`; Allow
   includes `PROPFIND` and `REPORT`; auth schemes captured for info.
4. **Principal** — PROPFIND `current-user-principal` (auth required).
5. **Home-set** — `calendar-home-set` / `addressbook-home-set`.
6. **Collections** — enumerate, record properties (`supported-calendar-component-set`,
   `supported-address-data`, display name, description, max size).
7. **REPORT probe** — issue a minimal `calendar-query` / `addressbook-query`
   against the first collection.
8. **Scheduling** (CalDAV only) — if `calendar-schedule` is advertised,
   verify `schedule-inbox-URL` and `schedule-outbox-URL` on the principal.

The HTML report surfaces the most common failures at the top as callouts:

- `/.well-known` returns 200 instead of 301/302
- No SRV and no well-known → service unreachable
- Plaintext SRV record without secure counterpart
- Server does not advertise the required DAV class (wrong endpoint or stripping proxy)
- No credentials supplied → authenticated phase skipped

## Dependencies

- [`github.com/emersion/go-webdav`](https://github.com/emersion/go-webdav) — CalDAV/CardDAV client
- [`git.happydns.org/checker-sdk-go`](https://git.happydns.org/happyDomain/checker-sdk-go) — checker SDK