#
# Template for WebDAV Sharing
# Defines the configuration for the per-user Apache instance
# Inherits environment variables from per-user launchd plist
#
# This is a parameterized Apache config file where the ${} notation 
# is used for environment variable substitution
#
ServerRoot "/usr"
PidFile "${UserLogDir}/httpd.pid"
Mutex file:${UserLogDir} mpm-accept
Mutex file:${UserLogDir} rewrite-map
MinSpareServers 1
MaxSpareServers 1
StartServers 1
MaxRequestsPerChild 100000
LoadModule authz_core_module libexec/apache2/mod_authz_core.so
LoadModule authz_host_module libexec/apache2/mod_authz_host.so
LoadModule ext_filter_module libexec/apache2/mod_ext_filter.so
LoadModule filter_module libexec/apache2/mod_filter.so
LoadModule log_config_module libexec/apache2/mod_log_config.so
LoadModule env_module libexec/apache2/mod_env.so
LoadModule setenvif_module libexec/apache2/mod_setenvif.so
LoadModule headers_module libexec/apache2/mod_headers.so
LoadModule dav_module libexec/apache2/mod_dav.so
LoadModule dav_fs_module libexec/apache2/mod_dav_fs.so
LoadModule alias_module libexec/apache2/mod_alias.so
LoadModule substitute_module libexec/apache2/mod_substitute.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
LoadModule cgi_module libexec/apache2/mod_cgi.so
LoadModule mime_module libexec/apache2/mod_mime.so
LoadModule unixd_module libexec/apache2/mod_unixd.so
LoadModule access_compat_module libexec/apache2/mod_access_compat.so
LoadModule mpm_prefork_module libexec/apache2/mod_mpm_prefork.so
PassEnv UserUUID UserName UserHomeDir UserLogDir ShareUserHomeDir

User ${UserName}
Group staff
AccessFileName .htaccess
LogLevel warn
UseCanonicalName Off
ErrorLog "${UserLogDir}/apache_error_log"
TraceEnable Off
<IfModule mod_headers.c>
 Header add MS-Author-Via "DAV"
 Header set Content-Disposition attachment
 SetEnvIf Request_Method "PROPFIND" content-xml
 Header set Content-Type: application/octet-stream env=!content-xml
 Header set X-Content-Type-Options: nosniff
 RequestHeader set X_FORWARDED_PROTO 'https' env=https
</IfModule>
Timeout 300
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 15
Listen 127.0.0.1:${UserPort}
Listen [::1]:${UserPort}
ServerAdmin admin@example.com
DocumentRoot "${UserDocRoot}"
CustomLog "${UserLogDir}/apache_access_log" "%h %l %u %t \"%r\" %>s %b"
<IfModule mod_dav.c>
 DAVLockDB "${UserLogDir}/.davlock"
 DAVMinTimeout 600
</IfModule>

# No access to file system, with exceptions for share points
<Directory />
Require all denied
</Directory>

<Directory /usr/libexec/wfs>
Options +ExecCGI
Require ip 127.0.0.1 ::1
</Directory>

<Files /usr/libexec/wfs/webdavsharing_virtual_root>
Require ip 127.0.0.1 ::1
</Files>

<If "%{REQUEST_METHOD} == 'PROPFIND'">
SetOutputFilter SUBSTITUTE
</If>

RewriteEngine On

# No access to any URLs without UUID
RewriteRule !^/${UserUUID}/.* . [F,NS]
 
# Brings in Rewrite, Directory, and Substitute directives specific to share points, if present
IncludeOptional /etc/wfs/httpd_webdavsharing*sharepoints.conf

RewriteRule ^/${UserUUID}/(.*) /$1 [NS]
RewriteCond %{REQUEST_METHOD} (OPTIONS|PROPFIND|GET|PUT)
RewriteRule ^/$ /usr/libexec/wfs/webdavsharing_virtual_root [H=cgi-script]

RewriteCond %{REQUEST_METHOD} (OPTIONS|PROPFIND)
RewriteRule "(^.*/DropBox.*$|^.*/Drop Box.*$|^.*/.*\.dropbox)" /usr/libexec/wfs/webdavsharing_virtual_root [H=cgi-script]

# UUID is not visible to client in responses
Substitute s|/${UserUUID}/|/|n