fix(dav): use of webdav library

nextcloud/server#41202 Signed-off-by: Varun Patil <varunpatil@ucla.edu>
nextcloud-libraries · Oct 30, 2023 · a081072 · a081072
1 parent 5a568e2
commit a081072
Showing 1 changed file with 25 additions and 15 deletions.
diff --git a/lib/dav/dav.ts b/lib/dav/dav.ts
@@ -20,7 +20,7 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  *
  */
-import type { DAVResultResponseProps, FileStat, Response, ResponseDataDetailed, WebDAVClient } from 'webdav'
+import type { DAVResultResponseProps, FileStat, ResponseDataDetailed, WebDAVClient } from 'webdav'
 import type { Node } from '../files/node'
 
 import { File } from '../files/file'
@@ -29,10 +29,9 @@ import { NodeData } from '../files/nodeData'
 import { davParsePermissions } from './davPermissions'
 import { davGetFavoritesReport } from './davProperties'
 
-import { getCurrentUser, getRequestToken } from '@nextcloud/auth'
+import { getCurrentUser, getRequestToken, onRequestTokenUpdate } from '@nextcloud/auth'
 import { generateRemoteUrl } from '@nextcloud/router'
-import { createClient, getPatcher, RequestOptions } from 'webdav'
-import { request } from 'webdav/dist/node/request.js'
+import { createClient, getPatcher } from 'webdav'
 
 /**
  * Nextcloud DAV result response
@@ -59,28 +58,39 @@ export const davRemoteURL = generateRemoteUrl('dav')
  * @param remoteURL The DAV server remote URL
  */
 export const davGetClient = function(remoteURL = davRemoteURL) {
-	const client = createClient(remoteURL, {
-		headers: {
-			requesttoken: getRequestToken() || '',
-		},
-	})
+	const client = createClient(remoteURL);
+
+	// set CSRF token header
+	function setHeaders(token: string | null) {
+		client.setHeaders({
+			// Add this so the server knows it is an request from the browser
+			'X-Requested-With': 'XMLHttpRequest',
+			// Inject user auth
+			requesttoken: token ?? '',
+		});
+	}
+
+	// refresh headers when request token changes
+	onRequestTokenUpdate(setHeaders);
+	setHeaders(getRequestToken());
 
 	/**
 	 * Allow to override the METHOD to support dav REPORT
 	 *
 	 * @see https://github.com/perry-mitchell/webdav-client/blob/8d9694613c978ce7404e26a401c39a41f125f87f/source/request.ts
 	 */
 	const patcher = getPatcher()
-	// https://github.com/perry-mitchell/hot-patcher/issues/6
 	// eslint-disable-next-line @typescript-eslint/ban-ts-comment
 	// @ts-ignore
-	patcher.patch('request', (options: RequestOptions): Promise<Response> => {
-		if (options.headers?.method) {
-			options.method = options.headers.method
-			delete options.headers.method
+	// https://github.com/perry-mitchell/hot-patcher/issues/6
+	patcher.patch('fetch', (url: string, options: RequestInit): Promise<Response> => {
+		if (options.headers?.['method']) {
+			options.method = options.headers['method']
+			delete options.headers['method']
 		}
-		return request(options)
+		return fetch(url, options);
 	})
+
 	return client
 }