curo/kite - kite - Gitea: Git with a cup of tea

curo/kite

Fork 0

Commit Graph

Author	SHA1	Message	Date
curo1305	54ef3357ba	fix(05): cloud API path param, root sentinel, webdav creds in list, upload path cloud.py: list_connections now decrypts and surfaces server_url + connection_username for nextcloud/webdav providers; folder route uses {folder_id:path} to handle slashes; translates "root" sentinel to "". nextcloud_backend.py: skip parent directory entry in PROPFIND Depth:1 results. webdav_backend.py: add cloud_folder + original_filename params to upload_object so files land in the user's chosen folder with their real name. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-30 11:58:01 +02:00
curo1305	311dfa1513	feat(05-04): implement WebDAVBackend with SSRF guard and asyncio wrapping - All 7 StorageBackend methods implemented as async coroutines - validate_cloud_url() called in __init__ (SSRF at construct time) and before every asyncio.to_thread() call (D-17 defense-in-depth / T-05-04-01, T-05-04-02) - _make_path() builds "docuvault/{user_id}/{document_id}{ext}" with urllib.parse.quote encoding on path segments (RESEARCH.md Pitfall 2) - presigned_get_url and generate_presigned_put_url raise NotImplementedError (D-14) - All webdavclient3 sync calls (upload_to, download_from, clean, info, check, mkdir) wrapped in asyncio.to_thread() per MinIOBackend pattern - delete_object silently ignores missing file exceptions (StorageBackend ABC contract)	2026-05-28 21:09:25 +02:00

Author

SHA1

Message

Date

curo1305

54ef3357ba

fix(05): cloud API path param, root sentinel, webdav creds in list, upload path

cloud.py: list_connections now decrypts and surfaces server_url +
connection_username for nextcloud/webdav providers; folder route uses
{folder_id:path} to handle slashes; translates "root" sentinel to "".
nextcloud_backend.py: skip parent directory entry in PROPFIND Depth:1 results.
webdav_backend.py: add cloud_folder + original_filename params to
upload_object so files land in the user's chosen folder with their real name.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-30 11:58:01 +02:00

curo1305

311dfa1513

feat(05-04): implement WebDAVBackend with SSRF guard and asyncio wrapping

- All 7 StorageBackend methods implemented as async coroutines
- validate_cloud_url() called in __init__ (SSRF at construct time) and before
  every asyncio.to_thread() call (D-17 defense-in-depth / T-05-04-01, T-05-04-02)
- _make_path() builds "docuvault/{user_id}/{document_id}{ext}" with urllib.parse.quote
  encoding on path segments (RESEARCH.md Pitfall 2)
- presigned_get_url and generate_presigned_put_url raise NotImplementedError (D-14)
- All webdavclient3 sync calls (upload_to, download_from, clean, info, check, mkdir)
  wrapped in asyncio.to_thread() per MinIOBackend pattern
- delete_object silently ignores missing file exceptions (StorageBackend ABC contract)

2026-05-28 21:09:25 +02:00

2 Commits