# @summary Configures a webdav server under nginx
#
# Configures a WebDAV server under a pre-configured nginx instance.
#
# Currently doesn't manage the package, but instead depends on
# nginx-minline-mod-dav-ext being installed.
#
# Also manages basic authentication for those pages.
#
# @param $nginx_server
#   Name of the nginx server resource to create location under.
# @param $file_path
#   Local path used as webdav root
# @param $location
#   Prefix to web-path which will be exported as WebDAV
# @param $passwd_file
#   Path to the user/password file for basic authentication
# @param $owner
#   Owner of created files
# @param $group
#   Group of created file
# @param $users
#   List of [user, password] pairs.
#   Refer to the
#   [Nginx documentation](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html)
#   for the format of the password field.
# @param $dav_methods
#   Dav methods which should be supported, are are implemented by
#   nginxcore.
# @param $dav_ext_methods
#   Extended dav methods which should be supported, as is implemented
#   by the dav_ext module.
# @param $dav_access
#   Default access rules for the dav methods.
# @param ensure
#   Set to absent to remove configuration
define webdav_server (
  String $nginx_server,
  String $file_path,
  String $location = $name,
  String $passwd_file = "${file_path}/.htpasswd",
  String $owner  = 'http',
  String $group = 'share',
  Array[Array[String,2,2]] $users = [],
  Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'],
  Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'],
  Hash[String,String] $dav_access = {
    'user'  => 'rw',
    'group' => 'rw',
  },
  Enum['present', 'absent'] $ensure = 'present',
) {

  # ensure_packages(['nginx-mainline-mod-dav-ext'])

  require ::nginx

  $modname = 'ngx_http_dav_ext_module'
  # This assumes that the directory exists, and that
  # nginx::include_modules_enabled => true
  $fname = "/etc/nginx/modules-enabled/${modname}.conf"
  if $ensure == 'present' {
    file { $fname:
      ensure  => file,
      content => @("EOF")
      load_module /usr/lib/nginx/modules/${modname}.so;
      | EOF
    }
  } else {
    file { $fname:
      ensure => absent,
    }
  }

  $lines = $users.map |$pair| { $pair.join(':') }.join("\n")

  if $ensure == 'present' {
    file {
      default:
        owner => $owner,
        group => $group,
        ;
      $file_path:
        ensure  => 'directory',
        mode    => '0770',
        recurse => 'false',
        ;
      $passwd_file:
        ensure  => 'file',
        mode    => '0660',
        content => @("EOF")
          # File managed by puppet
          ${lines}
          | EOF
        ;
    }
  } else {
    file { [$file_path, $passwd_file]:
      ensure => absent,
    }
  }


  nginx::resource::location { $location:
    ensure               => $ensure,
    server               => $nginx_server,
    location_alias       => $file_path,
    ssl                  => true,
    ssl_only             => true,

    auth_basic           => 'Enter password for dav access',
    auth_basic_user_file => $passwd_file,

    location_cfg_append  => {
      'dav_methods'           => $dav_methods.join(' '),
      'dav_ext_methods'       => $dav_ext_methods.join(' '),
      'dav_access'            => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '),
      'client_body_temp_path' => "${file_path}/tmp",
      'create_full_put_path'  => 'on',
      'autoindex'             => 'on',
      'allow'                 => 'all',
    }
  }
}