happyDomain/checker-dav
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
checker-dav/README.md
Pierre-Olivier Mercier 7eb0dbddc7 Initial commit 
CalDAV and CardDAV checkers sharing a single Go module. Discovery follows
RFC 6764 (/.well-known + SRV/TXT), authenticated probes cover principal,
home-set, collections and a minimal REPORT query on top of go-webdav.
Common shape in internal/dav/; CalDAV adds a scheduling rule.

Surfaces its context URL (and each secure-SRV target) as TLS endpoints via
the EndpointDiscoverer interface, so the dedicated TLS checker can pick
them up without re-parsing observations.

HTML report foregrounds common misconfigs (well-known returning 200,
missing SRV, plaintext-only SRV, missing DAV capability, skipped auth
phase) as action-item callouts before the full phase breakdown.
2026-04-23 17:35:13 +07:00

75 lines
3.1 KiB
Markdown
Raw Blame History

# checker-dav
happyDomain checkers for **CalDAV** (RFC 4791) and **CardDAV** (RFC 6352)
servers. Discovery (RFC 6764) + OPTIONS + authenticated PROPFIND/REPORT
probes, with an opinionated HTML report that foregrounds common misconfigs.
Two binaries are produced from this module:
| Binary | Checker ID | Entrypoint |
|------------------|------------|---------------------------------|
| `checker-caldav` | `caldav` | `./cmd/checker-caldav` |
| `checker-carddav`| `carddav` | `./cmd/checker-carddav` |
Shared code lives in `internal/dav/`: discovery, OPTIONS parsing, raw-XML
PROPFIND helpers, the rule set, and the HTML template.
## Build
```
make # builds both binaries
make checker-caldav # one binary
make plugin # .so plugins for in-process loading
make docker # both Docker images
make test # unit tests
```
## Run
```
./checker-caldav -listen :8080
```
The SDK exposes `/definition`, `/collect`, `/evaluate`, `/report`, and
`/health` as usual. Pass `Accept: text/html` on `/report` to get the HTML
view; the default is a JSON metrics dump.
## Options
Both checkers accept the same options:
- `domain_name` (auto-filled) — required
- `username`, `password` — optional Basic credentials; unlock authenticated
checks (principal, home-set, collections, REPORT probe)
- `context_url` — optional explicit override, bypasses `/.well-known` + SRV
- `timeout_seconds` — per-request HTTP timeout, default 10
## What is checked
1. **Discovery**`/.well-known/{caldav,carddav}` (must 3xx, not 200),
`_caldavs._tcp` / `_carddavs._tcp` SRV, TXT `path=` hint.
2. **Transport** — HTTPS reachable. TLS certificate validation is
deliberately out of scope — a dedicated TLS checker covers that.
3. **OPTIONS**`DAV:` advertises `calendar-access` or `addressbook`; Allow
includes `PROPFIND` and `REPORT`; auth schemes captured for info.
4. **Principal** — PROPFIND `current-user-principal` (auth required).
5. **Home-set**`calendar-home-set` / `addressbook-home-set`.
6. **Collections** — enumerate, record properties (`supported-calendar-component-set`,
`supported-address-data`, display name, description, max size).
7. **REPORT probe** — issue a minimal `calendar-query` / `addressbook-query`
against the first collection.
8. **Scheduling** (CalDAV only) — if `calendar-schedule` is advertised,
verify `schedule-inbox-URL` and `schedule-outbox-URL` on the principal.
The HTML report surfaces the most common failures at the top as callouts:
- `/.well-known` returns 200 instead of 301/302
- No SRV and no well-known → service unreachable
- Plaintext SRV record without secure counterpart
- Server does not advertise the required DAV class (wrong endpoint or stripping proxy)
- No credentials supplied → authenticated phase skipped
## Dependencies
- [`github.com/emersion/go-webdav`](https://github.com/emersion/go-webdav) — CalDAV/CardDAV client
- [`git.happydns.org/checker-sdk-go`](https://git.happydns.org/happyDomain/checker-sdk-go) — checker SDK
Reference in a new issue View git blame Copy permalink