implement s3webdav proxy

[anon-pradip]

This PR enables per-request WebDAV backend configuration via --auth-proxy while fully supporting anonymous access (no client credentials) when the flag is omitted.

Core Flow

1. Client (mc alias set … <bearer_token> 12345678) → signs S3 request.
2. --auth-key ,12345678 → validates SigV4 using fixed secret (wildcard AccessKey).
3. If --auth-proxy present →
   • auth-proxy.py receives: {"pass": "<bearer_token>", "user": "<session_id>"}
   • Returns WebDAV config with bearer_token = i["pass"]
   • rclone builds per-request remote → proxies to OCIS.
4. If --auth-proxy absent →
   • No auth check; uses static remote $REMOTE_NAME:
   • Client sends empty creds (mc alias set … "" "")
   • Enables true anonymous access (e.g., public WebDAV links).

Key Change: docker/startup

if echo " $PROXY_ARGS " | grep -q ' --auth-proxy '; then
  exec rclone serve s3 $PROXY_ARGS                  # dynamic
else
  exec rclone serve s3 $PROXY_ARGS "$REMOTE_NAME:"  # static / anonymous
fi

1. I started owncloud/ocis at https://localhost:9200: OCIS_LOG_LEVEL=debug PROXY_ENABLE_BASIC_AUTH=true IDM_CREATE_DEMO_USERS=true OCIS_INSECURE=true ./ocis/bin/ocis server

2. Built the docker image : docker build -t jankari/rclone-webdav-proxy .

---

Per-user mode (private OCIS account)

Run the docker container:
PROXY_ARGS="--auth-proxy /usr/local/bin/auth-proxy.py --auth-key ,12345678 --no-check-certificate -vv"

docker run --rm --network=host \             
  -e REMOTE_NAME=ocis \
  -e REMOTE_URL="https://localhost:9200/remote.php/webdav" \
  -e REMOTE_VENDOR=owncloud \
  -e PROXY_ARGS="--auth-proxy /usr/local/bin/auth-proxy.py --auth-key ,12345678 --no-check-certificate -vv" \
  jankari/rclone-webdav-proxy

mc alias set myproxy http://localhost:8080 <access-token-from owncloud/ocis> 12345678

List the buckets: mc ls myproxy

[2025-11-17 18:11:37 +0545]     0B Folder1/
[2025-11-17 18:11:48 +0545]     0B Folder2/
[1970-01-01 05:30:00 +0530]     0B Shares/

---

Anonymous mode (public link – no credentials)

REMOTE_URL="https://localhost:9200/dav/public-files/A1b2C3d4E5f6G7h8I9j0"
PROXY_ARGS="--no-check-certificate -vv"   # no --auth-proxy, no --auth-key

docker run --rm --network=host \             
  -e REMOTE_NAME=ocis \
  -e REMOTE_URL="https://localhost:9200/dav/public-files/<unique identifier of the public file link>" \
  -e REMOTE_VENDOR=owncloud \
  -e PROXY_ARGS="--no-check-certificate -vv" \
  jankari/rclone-webdav-proxy

where unique identifier of the public file link is the last part of the public link created by ocis

mc alias set myproxy http://localhost:8080 "" ""

List the buckets: mc ls myproxy

[2025-11-19 16:33:00 +0545]     0B sub-folder/

[individual-it]

Good explanation, but I think you could copy over some more from https://github.com/jankariTech/rclone?tab=readme-ov-file#s3-to-webdav-proxy

[anon-pradip]

I have tested with nextcloud too and I have mentioned that we have tested with ownCloud and nextcloud so far.