No description

Go 98.3%
Makefile 1.2%
Dockerfile 0.5%

Find a file

Pierre-Olivier Mercier 8c1f634a92 Don't apply at domain scope		2026-04-29 18:44:50 +07:00
caldav	Don't apply at domain scope	2026-04-29 18:44:50 +07:00
carddav	Don't apply at domain scope	2026-04-29 18:44:50 +07:00
cmd	Initial commit	2026-04-26 21:47:40 +07:00
internal/dav	Initial commit	2026-04-26 21:47:40 +07:00
plugin	Initial commit	2026-04-26 21:47:40 +07:00
.gitignore	Initial commit	2026-04-26 21:47:40 +07:00
Dockerfile	docker: add HEALTHCHECK probing /health	2026-04-26 21:48:01 +07:00
go.mod	docker: add HEALTHCHECK probing /health	2026-04-26 21:48:01 +07:00
go.sum	docker: add HEALTHCHECK probing /health	2026-04-26 21:48:01 +07:00
LICENSE	Initial commit	2026-04-26 21:47:40 +07:00
Makefile	Initial commit	2026-04-26 21:47:40 +07:00
NOTICE	Initial commit	2026-04-26 21:47:40 +07:00
README.md	Initial commit	2026-04-26 21:47:40 +07:00

README.md

checker-dav

happyDomain checkers for CalDAV (RFC 4791) and CardDAV (RFC 6352) servers. Discovery (RFC 6764) + OPTIONS + authenticated PROPFIND/REPORT probes, with an opinionated HTML report that foregrounds common misconfigs.

Two binaries are produced from this module:

Binary	Checker ID	Entrypoint
`checker-caldav`	`caldav`	`./cmd/checker-caldav`
`checker-carddav`	`carddav`	`./cmd/checker-carddav`

Shared code lives in internal/dav/: discovery, OPTIONS parsing, raw-XML PROPFIND helpers, the rule set, and the HTML template.

Build

make                   # builds both binaries
make checker-caldav    # one binary
make plugin            # .so plugins for in-process loading
make docker            # both Docker images
make test              # unit tests

Run

./checker-caldav -listen :8080

The SDK exposes /definition, /collect, /evaluate, /report, and /health as usual. Pass Accept: text/html on /report to get the HTML view; the default is a JSON metrics dump.

Options

Both checkers accept the same options:

domain_name (auto-filled): required
username, password: optional Basic credentials; unlock authenticated checks (principal, home-set, collections, REPORT probe)
context_url: optional explicit override, bypasses /.well-known + SRV
timeout_seconds: per-request HTTP timeout, default 10

What is checked

Discovery: /.well-known/{caldav,carddav} (must 3xx, not 200), _caldavs._tcp / _carddavs._tcp SRV, TXT path= hint.
Transport: HTTPS reachable. TLS certificate validation is deliberately out of scope; a dedicated TLS checker covers that.
OPTIONS: DAV: advertises calendar-access or addressbook; Allow includes PROPFIND and REPORT; auth schemes captured for info.
Principal: PROPFIND current-user-principal (auth required).
Home-set: calendar-home-set / addressbook-home-set.
Collections: enumerate, record properties (supported-calendar-component-set, supported-address-data, display name, description, max size).
REPORT probe: issue a minimal calendar-query / addressbook-query against the first collection.
Scheduling (CalDAV only): if calendar-schedule is advertised, verify schedule-inbox-URL and schedule-outbox-URL on the principal.

The HTML report surfaces the most common failures at the top as callouts:

/.well-known returns 200 instead of 301/302
No SRV and no well-known → service unreachable
Plaintext SRV record without secure counterpart
Server does not advertise the required DAV class (wrong endpoint or stripping proxy)
No credentials supplied → authenticated phase skipped

Dependencies

github.com/emersion/go-webdav: CalDAV/CardDAV client
git.happydns.org/checker-sdk-go: checker SDK