1Panel-dev · wanghe-fit2cloud · Nov 24, 2025 · Nov 24, 2025
diff --git a/agent/utils/cloud_storage/client/helper/webdav/webdav.go b/agent/utils/cloud_storage/client/helper/webdav/webdav.go
@@ -197,7 +197,7 @@ func (c *Client) MkdirAll(path string, _ os.FileMode) (err error) {
 			return fmt.Errorf("mkdir %s failed, err: %v", item, err)
 		}
 		defer rs.Body.Close()
-		if rs.StatusCode != 201 || rs.StatusCode == 200 {
+		if rs.StatusCode != 201 && rs.StatusCode != 200 {
 			return fmt.Errorf("mkdir %s failed, code: %d,  err: %v", item, rs.StatusCode, rs.Status)
 		}
 	}

diff --git a/core/go.mod b/core/go.mod
@@ -36,7 +36,6 @@ require (
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	github.com/studio-b12/gowebdav v0.9.0
 	github.com/swaggo/files v1.0.1
 	github.com/swaggo/gin-swagger v1.6.0
 	github.com/swaggo/swag v1.16.3
@@ -100,7 +99,6 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.11 // indirect

diff --git a/core/go.sum b/core/go.sum
@@ -315,10 +315,6 @@ github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkr
 github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -470,8 +466,6 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/studio-b12/gowebdav v0.9.0 h1:1j1sc9gQnNxbXXM4M/CebPOX4aXYtr7MojAVcN4dHjU=
-github.com/studio-b12/gowebdav v0.9.0/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
@@ -843,7 +837,6 @@ gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:a
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

diff --git a/core/utils/cloud_storage/client/helper/webdav/auth.go b/core/utils/cloud_storage/client/helper/webdav/auth.go
@@ -0,0 +1,306 @@
+package webdav
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+)
+
+type AuthFactory func(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error)
+
+type Authorizer interface {
+	NewAuthenticator(body io.Reader) (Authenticator, io.Reader)
+	AddAuthenticator(key string, fn AuthFactory)
+}
+
+type Authenticator interface {
+	Authorize(c *http.Client, rq *http.Request, path string) error
+	Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error)
+	Clone() Authenticator
+	io.Closer
+}
+
+type authfactory struct {
+	key    string
+	create AuthFactory
+}
+
+type authorizer struct {
+	factories  []authfactory
+	defAuthMux sync.Mutex
+	defAuth    Authenticator
+}
+
+type preemptiveAuthorizer struct {
+	auth Authenticator
+}
+
+type authShim struct {
+	factory AuthFactory
+	body    io.Reader
+	auth    Authenticator
+}
+
+type negoAuth struct {
+	auths                   []Authenticator
+	setDefaultAuthenticator func(auth Authenticator)
+}
+
+type nullAuth struct{}
+
+type noAuth struct{}
+
+func NewAutoAuth(login string, secret string) Authorizer {
+	fmap := make([]authfactory, 0)
+	az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
+
+	az.AddAuthenticator("basic", func(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
+		return &BasicAuth{user: login, pw: secret}, nil
+	})
+
+	az.AddAuthenticator("digest", func(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
+		return NewDigestAuth(login, secret, rs)
+	})
+
+	az.AddAuthenticator("passport1.4", func(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
+		return NewPassportAuth(c, login, secret, rs.Request.URL.String(), &rs.Header)
+	})
+
+	return az
+}
+
+func NewEmptyAuth() Authorizer {
+	fmap := make([]authfactory, 0)
+	az := &authorizer{factories: fmap, defAuthMux: sync.Mutex{}, defAuth: &nullAuth{}}
+	return az
+}
+
+func NewPreemptiveAuth(auth Authenticator) Authorizer {
+	return &preemptiveAuthorizer{auth: auth}
+}
+
+func (a *authorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
+	var retryBuf io.Reader = body
+	if body != nil {
+		if _, ok := retryBuf.(io.Seeker); ok {
+			body = io.NopCloser(body)
+		} else {
+			buff := &bytes.Buffer{}
+			retryBuf = buff
+			body = io.TeeReader(body, buff)
+		}
+	}
+	a.defAuthMux.Lock()
+	defAuth := a.defAuth.Clone()
+	a.defAuthMux.Unlock()
+
+	return &authShim{factory: a.factory, body: retryBuf, auth: defAuth}, body
+}
+
+func (a *authorizer) AddAuthenticator(key string, fn AuthFactory) {
+	key = strings.ToLower(key)
+	for _, f := range a.factories {
+		if f.key == key {
+			panic("Authenticator exists: " + key)
+		}
+	}
+	a.factories = append(a.factories, authfactory{key, fn})
+}
+
+func (a *authorizer) factory(c *http.Client, rs *http.Response, path string) (auth Authenticator, err error) {
+	headers := rs.Header.Values("Www-Authenticate")
+	if len(headers) > 0 {
+		auths := make([]Authenticator, 0)
+		for _, f := range a.factories {
+			for _, header := range headers {
+				headerLower := strings.ToLower(header)
+				if strings.Contains(headerLower, f.key) {
+					rs.Header.Set("Www-Authenticate", header)
+					if auth, err = f.create(c, rs, path); err == nil {
+						auths = append(auths, auth)
+						break
+					}
+				}
+			}
+		}
+
+		switch len(auths) {
+		case 0:
+			return nil, NewPathError("NoAuthenticator", path, rs.StatusCode)
+		case 1:
+			auth = auths[0]
+		default:
+			auth = &negoAuth{auths: auths, setDefaultAuthenticator: a.setDefaultAuthenticator}
+		}
+	} else {
+		auth = &noAuth{}
+	}
+
+	a.setDefaultAuthenticator(auth)
+
+	return auth, nil
+}
+
+func (a *authorizer) setDefaultAuthenticator(auth Authenticator) {
+	a.defAuthMux.Lock()
+	a.defAuth.Close()
+	a.defAuth = auth
+	a.defAuthMux.Unlock()
+}
+
+func (s *authShim) Authorize(c *http.Client, rq *http.Request, path string) error {
+	if err := s.auth.Authorize(c, rq, path); err != nil {
+		return err
+	}
+	body := s.body
+	rq.GetBody = func() (io.ReadCloser, error) {
+		if body != nil {
+			if sk, ok := body.(io.Seeker); ok {
+				if _, err := sk.Seek(0, io.SeekStart); err != nil {
+					return nil, err
+				}
+			}
+			return io.NopCloser(body), nil
+		}
+		return nil, nil
+	}
+	return nil
+}
+
+func (s *authShim) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
+	redo, err = s.auth.Verify(c, rs, path)
+	if err != nil && errors.Is(err, ErrAuthChanged) {
+		if auth, aerr := s.factory(c, rs, path); aerr == nil {
+			s.auth.Close()
+			s.auth = auth
+			return true, nil
+		} else {
+			return false, aerr
+		}
+	}
+	return
+}
+
+func (s *authShim) Close() error {
+	s.auth.Close()
+	s.auth, s.factory = nil, nil
+	if s.body != nil {
+		if closer, ok := s.body.(io.Closer); ok {
+			return closer.Close()
+		}
+	}
+	return nil
+}
+
+func (s *authShim) Clone() Authenticator {
+	return &noAuth{}
+}
+
+func (s *authShim) String() string {
+	return "AuthShim"
+}
+
+func (n *negoAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
+	if len(n.auths) == 0 {
+		return NewPathError("NoAuthenticator", path, 400)
+	}
+	return n.auths[0].Authorize(c, rq, path)
+}
+
+func (n *negoAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
+	if len(n.auths) == 0 {
+		return false, NewPathError("NoAuthenticator", path, 400)
+	}
+	redo, err = n.auths[0].Verify(c, rs, path)
+	if err != nil {
+		if len(n.auths) > 1 {
+			n.auths[0].Close()
+			n.auths = n.auths[1:]
+			return true, nil
+		}
+	} else if redo {
+		return
+	} else {
+		auth := n.auths[0]
+		n.auths = n.auths[1:]
+		n.setDefaultAuthenticator(auth)
+		return
+	}
+
+	return false, NewPathError("NoAuthenticator", path, rs.StatusCode)
+}
+
+func (n *negoAuth) Close() error {
+	for _, a := range n.auths {
+		a.Close()
+	}
+	n.setDefaultAuthenticator = nil
+	return nil
+}
+
+func (n *negoAuth) Clone() Authenticator {
+	auths := make([]Authenticator, len(n.auths))
+	for i, e := range n.auths {
+		auths[i] = e.Clone()
+	}
+	return &negoAuth{auths: auths, setDefaultAuthenticator: n.setDefaultAuthenticator}
+}
+
+func (n *negoAuth) String() string {
+	return "NegoAuth"
+}
+
+func (n *noAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
+	return nil
+}
+
+func (n *noAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
+	if "" != rs.Header.Get("Www-Authenticate") {
+		err = ErrAuthChanged
+	}
+	return
+}
+
+func (n *noAuth) Close() error {
+	return nil
+}
+
+func (n *noAuth) Clone() Authenticator {
+	return n
+}
+
+func (n *noAuth) String() string {
+	return "NoAuth"
+}
+
+func (n *nullAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
+	rq.Header.Set(XInhibitRedirect, "1")
+	return nil
+}
+
+func (n *nullAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
+	return true, ErrAuthChanged
+}
+
+func (n *nullAuth) Close() error {
+	return nil
+}
+
+func (n *nullAuth) Clone() Authenticator {
+	return n
+}
+
+func (n *nullAuth) String() string {
+	return "NullAuth"
+}
+
+func (b *preemptiveAuthorizer) NewAuthenticator(body io.Reader) (Authenticator, io.Reader) {
+	return b.auth.Clone(), body
+}
+
+func (b *preemptiveAuthorizer) AddAuthenticator(key string, fn AuthFactory) {
+	panic("You're funny! A preemptive authorizer may only have a single authentication method")
+}
diff --git a/core/utils/cloud_storage/client/helper/webdav/auth_basic.go b/core/utils/cloud_storage/client/helper/webdav/auth_basic.go
@@ -0,0 +1,36 @@
+package webdav
+
+import (
+	"fmt"
+	"net/http"
+)
+
+type BasicAuth struct {
+	user string
+	pw   string
+}
+
+func (b *BasicAuth) Authorize(c *http.Client, rq *http.Request, path string) error {
+	rq.SetBasicAuth(b.user, b.pw)
+	return nil
+}
+
+func (b *BasicAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
+	if rs.StatusCode == 401 {
+		err = NewPathError("Authorize", path, rs.StatusCode)
+	}
+	return
+}
+
+func (b *BasicAuth) Close() error {
+	return nil
+}
+
+func (b *BasicAuth) Clone() Authenticator {
+	// no copy due to read only access
+	return b
+}
+
+func (b *BasicAuth) String() string {
+	return fmt.Sprintf("BasicAuth login: %s", b.user)
+}