Implement read-only exports for calendar events (.ics)

[jeromeschneider]

Implement read-only exports for calendar events (.ics)

[SimonSimCity]

@jeromeschneider, how far have you come with that? I really need this feature and am willing to write the code for it ...

I think we just need to cherry-pick the changes in https://github.com/helgeeichelberg/Baikal/commit/5a463449df2f7efa9d9d79730e867861f3e9e66e and add an option, that you have read-only access for anonymous users or fully implement #73 ...

[lpirl]

I'd love to see an option "Show only 'busy' instead of appointment titles" or similar.
I've done this with other server by granting only "read Free/Busy" so that people can see where an appointment would be possible (human free/busy scheduling).

[SimonSimCity]

@lpirl, I don't know how to set permissions in Baïkal, but the spec has already thought of something like that (http://www.ietf.org/rfc/rfc4791.txt - Chapter 6.1.1: CALDAV:read-free-busy Privilege). This feature seems supported by the underlying library Sabre CalDAV (I've seen some unit-tests for this), so it shouldn't be hard to implement ;)

Requires #51

[dsp1986]

is there any progress to be expected?
I found the ?export option (e.g. http://my.server.com/cal.php/calendars/me/public?export)
This asks name and password though. I would need to have read-only access without login, for a chosen calendar.

[SimonSimCity]

@dsp1986 I did it by using a proxy-server. Here's a sample configuration for nginx:

server {
    location /iCalendar/export {
        proxy_pass http://localhost/baikal/html/cal.php/calendars/{USERNAME}/default?export;
        proxy_set_header Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ=";
    }
}

The encrypted string for basic authentication is created by this: base64_encode("{USERNAME}:{PASSWORD}");

When you now send a request to a domain, where this configuration has been added to, you can use the calendar by calling http://example.org/iCalendar/export

[dsp1986]

i understand this as follows:
if you visit example.org/iCalendar/export from any Browser on any Computer your server adds a header to the original request that tells itself (same server) you are logged in.

I use apache2 and am no big expert on it. Conditional changing of requests rings the mod_rewrite bell for me. Am I thinking the right direction? Can anybody give me a hint what i need to learn to make this happen in Apache?

thank you

[SimonSimCity]

@dsp1986 nearly correct. The system does not need to be the same server, as it is a proxy. In my case, it's a different vhost. You can't access this link externally. You can't do it using mod_rewrite, because mod_rewrite will not do something with proxying, it just rewrites links, that are available to the clients.

What could help is a combination of http://www.zeitoun.net/articles/http-basic-auth-through-reverse-proxy/start and http://httpd.apache.org/docs/2.2/mod/mod_proxy.html so - something like this:

http://stackoverflow.com/questions/567814/apache2-reverse-proxy-to-an-end-point-that-requires-basicauth-but-want-to-hide-t#answer-8901645

Haven't done this with apache until now, but as far as I understand, the second answer to the stackoverflow-question should get you in the right direction.

[dsp1986]

@SimonSimCity thank you for the directions. I'm still looking for some time to try them out. I will post my solution when I find it.

[MatonAnthony]

Hi @SimonSimCity , after many try, I was unable to reproduce your tricks with nginx could you explain it with more details ?

[SimonSimCity]

@MatonAnthony here a 1-2-3 setup for it:

1. Set up a Baïkal installation
2. Activate the ICSExportPlugin, as done in https://github.com/helgeeichelberg/Baikal/commit/5a463449df2f7efa9d9d79730e867861f3e9e66e
3. Verify, that you can export the calendar (read the instructions in the commit-message, linked in step 2)
4. Copy the URL, you used for the calendar-export
5. Create a new directive in your nginx-configuration on a host of your likes
6. Set up a proxy as I did (use the URL you copied as proxy_pass and add the login-credentials as proxy_set_header as described above)

I think, what confused you, was, that I used localhost has hostname here. But this has nothing to say. The Baïkal setup can also run on example.com or another domain, not hosted on the server your nginx-installation runs on.

If you got to step 4, but no further, I advice you to read some tutorials about proxies - what they are, what they do and how to set one up using nginx.

[MatonAnthony]

Ok thanks ! I think it's because I was using the digest auth ...

[MatonAnthony]

@SimonSimCity In fact not, I've make the proxy but it seems the Authentification header don't pass.

server {
    listen 80;
    server_name agenda.local;

    root /Users/anthony/Documents/Mozilla/Agenda/;
    index index.php;

    rewrite ^/.well-known/caldav /cal.php redirect;
    rewrite ^/.well-known/carddav /card.php redirect;

    charset utf-8;

    location ~ /(\.ht|Core|Specific) {
        deny all;
        return 404;
    }

    location ~ ^(.+\.php)(.*)$ {
        try_files $fastcgi_script_name =404;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include /usr/local/etc/nginx/fastcgi_params;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /var/www/nginx-default;
    }
    location /iCalendar {
        proxy_pass http://agenda.local/cal.php/calendars/Mozilla-be/default?export;
        proxy_set_header Authorization "Basic e01vemlsbGEtYmV9OntMb2ZvdHU5NX0=";
    }
}

Thanks a lot for the help.

[SimonSimCity]

@MatonAnthony Sorry, don't know. The configuration looks good, but there's maybe something with your Baïkal configuration ... had myself a pretty hard time on that. You're using basic authentication, on Baïkals side, right? Try to send this request from the command line using curl or turn the verbosity of nginx to debug and view the logs, that's what I did.

Please keep this ticket now focused on updates for native support in Baïkal.

[osiefart]

Hi,
thanks for the description, now it is working for me too. I had to solve two problems until it worked:

1. Configure baikal to basic authentication (Default is Digest, not Basic) in the baikal settings admin page
2. It is important to use the php base64_encode function (and not the command line base64 tool) to generate the UserPasswordHash. On the command line:

php -r 'echo base64_encode("user:password");' 

@MatonAnthony: Maybe this is solving your problem?

[SimonSimCity]

@osiefart, your first decision is depending on the choice you took in the Baïkal administration (Settings - WebDAV authentication type). I don't really know how to create a digest-header, so I just took basic to make the implementation easier for me :)

[MatonAnthony]

@osiefart : Thanks, i've take the decision to use a script write in shell who generate the hash and create the .ics, after my user just have to download it.

[cbmainz]

@MatonAnthony, how does this shell script look like?

@SimonSimCity, how would the Proxy rule look like for Apache2?

[netgusto]

Continued in #282.