opencloud-eu · butonic · Dec 2, 2025 · Dec 5, 2025
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -36,7 +36,7 @@
         // demo users
         "IDM_CREATE_DEMO_USERS": "true",
         // OC_RUN_SERVICES allows to start a subset of services even in the supervised mode
-        //"OC_RUN_SERVICES": "settings,storage-system,graph,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,storage-authmachine,storage-users,storage-shares,storage-publiclink,storage-system,app-provider,sharing,proxy,ocdav",
+        //"OC_RUN_SERVICES": "settings,storage-system,graph,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,storage-authmachine,storage-users,storage-shares,storage-publiclink,storage-system,app-provider,sharing,proxy",
 
         /*
          * Keep secrets and passwords in one block to allow easy uncommenting
@@ -129,8 +129,6 @@
         "IDP_HTTP_ADDR": "127.0.0.1:10130",
         "NATS_DEBUG_ADDR": "127.0.0.1:10234",
         "NATS_NATS_PORT": "10233",
-        "OCDAV_HTTP_ADDR": "127.0.0.1:10350",
-        "OCDAV_DEBUG_ADDR": "127.0.0.1:10163",
         "OCM_DEBUG_ADDR": "127.0.0.1:10281",
         "OCM_HTTP_ADDR": "127.0.0.1:10280",
         "OCM_GRPC_ADDR": "127.0.0.1:10282",

diff --git a/.woodpecker.star b/.woodpecker.star
@@ -2120,7 +2120,6 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
         "IDP_DEBUG_ADDR": "0.0.0.0:9134",
         "INVITATIONS_DEBUG_ADDR": "0.0.0.0:9269",
         "NATS_DEBUG_ADDR": "0.0.0.0:9234",
-        "OCDAV_DEBUG_ADDR": "0.0.0.0:9163",
         "OCM_DEBUG_ADDR": "0.0.0.0:9281",
         "OCS_DEBUG_ADDR": "0.0.0.0:9114",
         "POSTPROCESSING_DEBUG_ADDR": "0.0.0.0:9255",

diff --git a/Makefile b/Makefile
@@ -44,7 +44,6 @@ OC_MODULES = \
 	services/invitations \
 	services/nats \
 	services/notifications \
-	services/ocdav \
 	services/ocm \
 	services/ocs \
 	services/policies \

diff --git a/opencloud/Makefile b/opencloud/Makefile
@@ -17,7 +17,7 @@ include ../.make/docs.mk
 
 .PHONY: dev-docker
 dev-docker:
-	docker build -f docker/Dockerfile.multiarch -t opencloudeu/opencloud:dev ../..
+	docker build -f docker/Dockerfile.multiarch -t opencloudeu/opencloud:dev ..
 
 .PHONY: dev-docker-multiarch
 dev-docker-multiarch:

diff --git a/opencloud/docker/Dockerfile.multiarch b/opencloud/docker/Dockerfile.multiarch
@@ -11,7 +11,7 @@ RUN --mount=type=bind,target=/build,rw \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache \
     GOOS="${TARGETOS:-linux}" GOARCH="${TARGETARCH:-amd64}" ; \
-    make -C opencloud/opencloud release-linux-docker-${TARGETARCH} ENABLE_VIPS=true DIST=/dist
+    make -C opencloud release-linux-docker-${TARGETARCH} ENABLE_VIPS=true DIST=/dist
 
 FROM alpine:3.22
 ARG VERSION

diff --git a/opencloud/pkg/command/services.go b/opencloud/pkg/command/services.go
@@ -30,7 +30,6 @@ import (
 	invitations "github.com/opencloud-eu/opencloud/services/invitations/pkg/command"
 	nats "github.com/opencloud-eu/opencloud/services/nats/pkg/command"
 	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/command"
-	ocdav "github.com/opencloud-eu/opencloud/services/ocdav/pkg/command"
 	ocm "github.com/opencloud-eu/opencloud/services/ocm/pkg/command"
 	ocs "github.com/opencloud-eu/opencloud/services/ocs/pkg/command"
 	policies "github.com/opencloud-eu/opencloud/services/policies/pkg/command"
@@ -163,11 +162,6 @@ var svccmds = []register.Command{
 			cfg.Notifications.Commons = cfg.Commons
 		})
 	},
-	func(cfg *config.Config) *cli.Command {
-		return ServiceCommand(cfg, cfg.OCDav.Service.Name, ocdav.GetCommands(cfg.OCDav), func(c *config.Config) {
-			cfg.OCDav.Commons = cfg.Commons
-		})
-	},
 	func(cfg *config.Config) *cli.Command {
 		return ServiceCommand(cfg, cfg.OCM.Service.Name, ocm.GetCommands(cfg.OCM), func(c *config.Config) {
 			cfg.OCM.Commons = cfg.Commons

diff --git a/opencloud/pkg/init/init.go b/opencloud/pkg/init/init.go
@@ -281,6 +281,7 @@ func CreateConfig(insecure, forceOverwrite, diff bool, configPath, adminPassword
 		cfg.Collaboration.App.Insecure = true
 		cfg.Frontend.AppHandler = _insecureService
 		cfg.Frontend.Archiver = _insecureService
+		cfg.Frontend.OCDav = _insecureService
 		cfg.Graph.Spaces = _insecureService
 		cfg.Graph.Events = _insecureEvents
 		cfg.Notifications.Notifications.Events = _insecureEvents
@@ -289,7 +290,6 @@ func CreateConfig(insecure, forceOverwrite, diff bool, configPath, adminPassword
 		cfg.Sharing.Events = _insecureEvents
 		cfg.StorageUsers.Events = _insecureEvents
 		cfg.Nats.Nats.TLSSkipVerifyClientCert = true
-		cfg.Ocdav = _insecureService
 		cfg.Proxy = ProxyService{
 			InsecureBackends: true,
 			OIDC: InsecureProxyOIDC{

diff --git a/opencloud/pkg/init/structs.go b/opencloud/pkg/init/structs.go
@@ -32,7 +32,6 @@ type OpenCloudConfig struct {
 	AuthBearer        AuthbearerService     `yaml:"auth_bearer"`
 	Users             UsersAndGroupsService `yaml:"users"`
 	Groups            UsersAndGroupsService `yaml:"groups"`
-	Ocdav             InsecureService       `yaml:"ocdav"`
 	Ocm               OcmService            `yaml:"ocm"`
 	Thumbnails        ThumbnailService      `yaml:"thumbnails"`
 	Search            Search                `yaml:"search"`
@@ -105,6 +104,7 @@ type FrontendService struct {
 	AppHandler     InsecureService `yaml:"app_handler"`
 	Archiver       InsecureService
 	ServiceAccount ServiceAccount `yaml:"service_account"`
+	OCDav          InsecureService
 }
 
 // Gateway is the configuration for the gateway

diff --git a/opencloud/pkg/runtime/service/service.go b/opencloud/pkg/runtime/service/service.go
@@ -40,7 +40,6 @@ import (
 	invitations "github.com/opencloud-eu/opencloud/services/invitations/pkg/command"
 	nats "github.com/opencloud-eu/opencloud/services/nats/pkg/command"
 	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/command"
-	ocdav "github.com/opencloud-eu/opencloud/services/ocdav/pkg/command"
 	ocm "github.com/opencloud-eu/opencloud/services/ocm/pkg/command"
 	ocs "github.com/opencloud-eu/opencloud/services/ocs/pkg/command"
 	policies "github.com/opencloud-eu/opencloud/services/policies/pkg/command"
@@ -204,11 +203,6 @@ func NewService(ctx context.Context, options ...Option) (*Service, error) {
 		cfg.IDM.Commons = cfg.Commons
 		return idm.Execute(cfg.IDM)
 	})
-	reg(3, opts.Config.OCDav.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
-		cfg.OCDav.Context = ctx
-		cfg.OCDav.Commons = cfg.Commons
-		return ocdav.Execute(cfg.OCDav)
-	})
 	reg(3, opts.Config.OCS.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
 		cfg.OCS.Context = ctx
 		cfg.OCS.Commons = cfg.Commons

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -24,7 +24,6 @@ import (
 	invitations "github.com/opencloud-eu/opencloud/services/invitations/pkg/config"
 	nats "github.com/opencloud-eu/opencloud/services/nats/pkg/config"
 	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/config"
-	ocdav "github.com/opencloud-eu/opencloud/services/ocdav/pkg/config"
 	ocm "github.com/opencloud-eu/opencloud/services/ocm/pkg/config"
 	ocs "github.com/opencloud-eu/opencloud/services/ocs/pkg/config"
 	policies "github.com/opencloud-eu/opencloud/services/policies/pkg/config"
@@ -105,7 +104,6 @@ type Config struct {
 	Invitations       *invitations.Config    `yaml:"invitations"`
 	Nats              *nats.Config           `yaml:"nats"`
 	Notifications     *notifications.Config  `yaml:"notifications"`
-	OCDav             *ocdav.Config          `yaml:"ocdav"`
 	OCM               *ocm.Config            `yaml:"ocm"`
 	OCS               *ocs.Config            `yaml:"ocs"`
 	Postprocessing    *postprocessing.Config `yaml:"postprocessing"`

diff --git a/pkg/config/defaultconfig.go b/pkg/config/defaultconfig.go
@@ -24,7 +24,6 @@ import (
 	invitations "github.com/opencloud-eu/opencloud/services/invitations/pkg/config/defaults"
 	nats "github.com/opencloud-eu/opencloud/services/nats/pkg/config/defaults"
 	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/config/defaults"
-	ocdav "github.com/opencloud-eu/opencloud/services/ocdav/pkg/config/defaults"
 	ocm "github.com/opencloud-eu/opencloud/services/ocm/pkg/config/defaults"
 	ocs "github.com/opencloud-eu/opencloud/services/ocs/pkg/config/defaults"
 	policies "github.com/opencloud-eu/opencloud/services/policies/pkg/config/defaults"
@@ -80,7 +79,6 @@ func DefaultConfig() *Config {
 		Invitations:       invitations.DefaultConfig(),
 		Nats:              nats.DefaultConfig(),
 		Notifications:     notifications.DefaultConfig(),
-		OCDav:             ocdav.DefaultConfig(),
 		OCM:               ocm.DefaultConfig(),
 		OCS:               ocs.DefaultConfig(),
 		Postprocessing:    postprocessing.DefaultConfig(),

diff --git a/pkg/config/helpers_test.go b/pkg/config/helpers_test.go
@@ -1,9 +1,10 @@
 package config
 
 import (
-	"gotest.tools/v3/assert"
 	"testing"
 	"testing/fstest"
+
+	"gotest.tools/v3/assert"
 )
 
 type TestConfig struct {
@@ -98,6 +99,8 @@ frontend:
   service_account:
     service_account_id: c05389b2-d94c-4d01-a9b5-a2f97952cc14
     service_account_secret: GW5.x1vDM&+NPRi++eV@.P7Tms4vj!=s
+  ocdav:
+    insecure: true
 auth_basic:
   auth_providers:
     ldap:
@@ -114,8 +117,6 @@ groups:
   drivers:
     ldap:
       bind_password: c68JL=V$c@0GHs!%eSb8r&Ps3rgzKnXJ
-ocdav:
-  insecure: true
 ocm:
   service_account:
     service_account_id: c05389b2-d94c-4d01-a9b5-a2f97952cc14

diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go
@@ -44,6 +44,7 @@ type Config struct {
 	Archiver                 Archiver    `yaml:"archiver"`
 	DataGateway              DataGateway `yaml:"data_gateway"`
 	OCS                      OCS         `yaml:"ocs"`
+	OCDav                    OCDav       `yaml:"ocdav"`
 	Checksums                Checksums   `yaml:"checksums"`
 	ReadOnlyUserAttributes   []string    `yaml:"read_only_user_attributes" env:"FRONTEND_READONLY_USER_ATTRIBUTES" desc:"A list of user attributes to indicate as read-only. Supported values: 'user.onPremisesSamAccountName' (username), 'user.displayName', 'user.mail', 'user.passwordProfile' (password), 'user.appRoleAssignments' (role), 'user.memberOf' (groups), 'user.accountEnabled' (login allowed), 'drive.quota' (quota). See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
 	LDAPServerWriteEnabled   bool        `yaml:"ldap_server_write_enabled" env:"OC_LDAP_SERVER_WRITE_ENABLED;FRONTEND_LDAP_SERVER_WRITE_ENABLED" desc:"Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables)." introductionVersion:"1.0.0"`
@@ -152,6 +153,41 @@ type OCS struct {
 	ShowUserEmailInResults               bool               `yaml:"show_email_in_results" env:"OC_SHOW_USER_EMAIL_IN_RESULTS" desc:"Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses." introductionVersion:"1.0.0"`
 }
 
+type OCDav struct {
+	Prefix string `yaml:"prefix" env:"OCDAV_HTTP_PREFIX" desc:"A URL path prefix for the handler." introductionVersion:"1.0.0"`
+
+	SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token." introductionVersion:"1.0.0"`
+
+	WebdavNamespace string `yaml:"webdav_namespace" env:"OCDAV_WEBDAV_NAMESPACE" desc:"Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties." introductionVersion:"1.0.0"`
+	FilesNamespace  string `yaml:"files_namespace" env:"OCDAV_FILES_NAMESPACE" desc:"Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties." introductionVersion:"1.0.0"`
+	SharesNamespace string `yaml:"shares_namespace" env:"OCDAV_SHARES_NAMESPACE" desc:"The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally." introductionVersion:"1.0.0"`
+	OCMNamespace    string `yaml:"ocm_namespace" env:"OCDAV_OCM_NAMESPACE" desc:"The human readable path prefix for the ocm shares." introductionVersion:"1.0.0"`
+	// PublicURL used to redirect /s/{token} URLs to
+	PublicURL string `yaml:"public_url" env:"OC_URL;OCDAV_PUBLIC_URL" desc:"URL where OpenCloud is reachable for users." introductionVersion:"1.0.0"`
+
+	// Insecure certificates allowed when making requests to the gateway
+	Insecure      bool `yaml:"insecure" env:"OC_INSECURE;OCDAV_INSECURE" desc:"Allow insecure connections to the GATEWAY service." introductionVersion:"1.0.0"`
+	EnableHTTPTPC bool `yaml:"enable_http_tpc" env:"OCDAV_ENABLE_HTTP_TPC" desc:"Enable HTTP / WebDAV Third-Party-Copy support." introductionVersion:"%%NEXT%%"`
+	// Timeout in seconds when making requests to the gateway
+	Timeout int64 `yaml:"gateway_request_timeout" env:"OCDAV_GATEWAY_REQUEST_TIMEOUT" desc:"Request timeout in seconds for requests from the oCDAV service to the GATEWAY service." introductionVersion:"1.0.0"`
+
+	MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OC_MACHINE_AUTH_API_KEY;OCDAV_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services." introductionVersion:"1.0.0"`
+
+	Status Status `yaml:"-"`
+
+	AllowPropfindDepthInfinity bool `yaml:"allow_propfind_depth_infinity" env:"OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY" desc:"Allow the use of depth infinity in PROPFINDS. When enabled, a propfind will traverse through all subfolders. If many subfolders are expected, depth infinity can cause heavy server load and/or delayed response times." introductionVersion:"1.0.0"`
+}
+
+// Status holds the configurable values for the status.php
+type Status struct {
+	Version        string
+	VersionString  string
+	Product        string
+	ProductName    string
+	ProductVersion string
+	Edition        string `yaml:"edition" env:"OC_EDITION;OCDAV_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
+}
+
 type CacheWarmupDrivers struct {
 	CBOX CBOXDriver `yaml:"cbox,omitempty"`
 }

diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
+	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
 )
 
@@ -119,6 +120,28 @@ func DefaultConfig() *config.Config {
 			PublicShareMustHavePassword: true,
 			IncludeOCMSharees:           false,
 		},
+		OCDav: config.OCDav{
+			Prefix:                "",
+			SkipUserGroupsInToken: false,
+
+			WebdavNamespace: "/users/{{.Id.OpaqueId}}",
+			FilesNamespace:  "/users/{{.Id.OpaqueId}}",
+			SharesNamespace: "/Shares",
+			OCMNamespace:    "/public",
+			PublicURL:       "https://localhost:9200",
+			Insecure:        false,
+			EnableHTTPTPC:   false,
+			Timeout:         84300,
+			Status: config.Status{
+				Version:        version.Legacy,
+				VersionString:  version.LegacyString,
+				ProductVersion: version.GetString(),
+				Product:        "OpenCloud",
+				ProductName:    "OpenCloud",
+				Edition:        "",
+			},
+			AllowPropfindDepthInfinity: false,
+		},
 		Middleware: config.Middleware{
 			Auth: config.Auth{
 				CredentialsByUserAgent: map[string]string{},

diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go
@@ -357,6 +357,34 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 					"include_ocm_sharees":   cfg.OCS.IncludeOCMSharees,
 					"show_email_in_results": cfg.OCS.ShowUserEmailInResults,
 				},
+				"ocdav": map[string]interface{}{
+					"prefix":           cfg.OCDav.Prefix,
+					"files_namespace":  cfg.OCDav.FilesNamespace,
+					"webdav_namespace": cfg.OCDav.WebdavNamespace,
+					"shares_namespace": cfg.OCDav.SharesNamespace,
+					"ocm_namespace":    cfg.OCDav.OCMNamespace,
+					"gatewaysvc":       cfg.Reva.Address,
+					"timeout":          cfg.OCDav.Timeout,
+					"insecure":         cfg.OCDav.Insecure,
+					"enable_http_tpc":  cfg.OCDav.EnableHTTPTPC,
+					"public_url":       cfg.OCDav.PublicURL,
+					// still not supported
+					//"favorite_storage_driver":   unused,
+					//"favorite_storage_drivers":  unused,
+					"version":              cfg.OCDav.Status.Version,
+					"version_string":       cfg.OCDav.Status.VersionString,
+					"edition":              cfg.OCDav.Status.Edition,
+					"product":              cfg.OCDav.Status.Product,
+					"product_name":         cfg.OCDav.Status.ProductName,
+					"product_version":      cfg.OCDav.Status.ProductVersion,
+					"allow_depth_infinity": cfg.OCDav.AllowPropfindDepthInfinity,
+					"validation":           map[string]interface{}{
+						// "invalid_chars": aka ItemNameInvalidChars option ... unused
+						// "max_length": aka ItemNameMaxLength option ... unused
+					},
+					"url_signing_shared_secret": cfg.Commons.URLSigningSecret,
+					"machine_auth_apikey":       cfg.MachineAuthAPIKey,
+				},
 			},
 		},
 	}, nil

diff --git a/services/ocdav/Makefile b/services/ocdav/Makefile
diff --git a/services/ocdav/README.md b/services/ocdav/README.md
diff --git a/services/ocdav/cmd/ocdav/main.go b/services/ocdav/cmd/ocdav/main.go
diff --git a/services/ocdav/pkg/command/health.go b/services/ocdav/pkg/command/health.go