Skip to content

Comments

implement s3webdav proxy#1

Open
anon-pradip wants to merge 7 commits intomainfrom
implement-auth-proxy
Open

implement s3webdav proxy#1
anon-pradip wants to merge 7 commits intomainfrom
implement-auth-proxy

Conversation

@anon-pradip
Copy link
Contributor

@anon-pradip anon-pradip commented Feb 10, 2026

This PR enables per-request WebDAV backend configuration via --auth-proxy while fully supporting anonymous access (no client credentials) when the flag is omitted.

Core Flow

  1. Client (mc alias set … <bearer_token> 12345678) → signs S3 request.
  2. --auth-key ,12345678 → validates SigV4 using fixed secret (wildcard AccessKey).
  3. If --auth-proxy present
    • auth-proxy.py receives: {"pass": "<bearer_token>", "user": "<session_id>"}
    • Returns WebDAV config with bearer_token = i["pass"]
    • rclone builds per-request remote → proxies to OCIS.
  4. If --auth-proxy absent
    • No auth check; uses static remote $REMOTE_NAME:
    • Client sends empty creds (mc alias set … "" "")
    • Enables true anonymous access (e.g., public WebDAV links).

Key Change: docker/startup

if echo " $PROXY_ARGS " | grep -q ' --auth-proxy '; then
  exec rclone serve s3 $PROXY_ARGS                  # dynamic
else
  exec rclone serve s3 $PROXY_ARGS "$REMOTE_NAME:"  # static / anonymous
fi
  1. I started owncloud/ocis at https://localhost:9200: OCIS_LOG_LEVEL=debug PROXY_ENABLE_BASIC_AUTH=true IDM_CREATE_DEMO_USERS=true OCIS_INSECURE=true ./ocis/bin/ocis server
ocis-access-token
  1. Built the docker image : docker build -t jankari/rclone-webdav-proxy .

Per-user mode (private OCIS account)

Run the docker container:
PROXY_ARGS="--auth-proxy /usr/local/bin/auth-proxy.py --auth-key ,12345678 --no-check-certificate -vv"

docker run --rm --network=host \             
  -e REMOTE_NAME=ocis \
  -e REMOTE_URL="https://localhost:9200/remote.php/webdav" \
  -e REMOTE_VENDOR=owncloud \
  -e PROXY_ARGS="--auth-proxy /usr/local/bin/auth-proxy.py --auth-key ,12345678 --no-check-certificate -vv" \
  jankari/rclone-webdav-proxy

mc alias set myproxy http://localhost:8080 <access-token-from owncloud/ocis> 12345678

List the buckets: mc ls myproxy

[2025-11-17 18:11:37 +0545]     0B Folder1/
[2025-11-17 18:11:48 +0545]     0B Folder2/
[1970-01-01 05:30:00 +0530]     0B Shares/
final-mc-output

Anonymous mode (public link – no credentials)

REMOTE_URL="https://localhost:9200/dav/public-files/A1b2C3d4E5f6G7h8I9j0"
PROXY_ARGS="--no-check-certificate -vv"   # no --auth-proxy, no --auth-key
docker run --rm --network=host \             
  -e REMOTE_NAME=ocis \
  -e REMOTE_URL="https://localhost:9200/dav/public-files/<unique identifier of the public file link>" \
  -e REMOTE_VENDOR=owncloud \
  -e PROXY_ARGS="--no-check-certificate -vv" \
  jankari/rclone-webdav-proxy

where unique identifier of the public file link is the last part of the public link created by ocis

mc alias set myproxy http://localhost:8080 "" ""

List the buckets: mc ls myproxy

[2025-11-19 16:33:00 +0545]     0B sub-folder/
folder-opened-with-public-link

@anon-pradip anon-pradip self-assigned this Feb 10, 2026
@anon-pradip anon-pradip marked this pull request as ready for review February 12, 2026 12:39
@individual-it
Copy link
Member

Good explanation, but I think you could copy over some more from https://github.com/jankariTech/rclone?tab=readme-ov-file#s3-to-webdav-proxy

@anon-pradip anon-pradip force-pushed the implement-auth-proxy branch 3 times, most recently from 4d1194a to 5a567a2 Compare February 16, 2026 10:32
@anon-pradip anon-pradip force-pushed the implement-auth-proxy branch 2 times, most recently from 111e718 to 484c2ea Compare February 19, 2026 04:20
@anon-pradip
Copy link
Contributor Author

I have tested with nextcloud too and I have mentioned that we have tested with ownCloud and nextcloud so far.

@anon-pradip anon-pradip force-pushed the implement-auth-proxy branch 5 times, most recently from 3787ce1 to 97b9b84 Compare February 19, 2026 06:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants