up

internal/route/main.go

@@ -124,8 +124,15 @@ func RoutesPublic(r *mux.Router, bd *gorm.DB) {
 		}
 	})
 r.PathPrefix("/webdav/").Handler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		// Authentification HTTP Basic avec vérification en base
-		userEmail, password, ok := req.BasicAuth()
+    authHeader := req.Header.Get("Authorization")
+    if authHeader == "" {
+        w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
+        http.Error(w, "Unauthorized", http.StatusUnauthorized)
+        return
+    }
+
+    // Authentification HTTP Basic en base de données
+    email, password, ok := req.BasicAuth()
     if !ok {
         w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
         http.Error(w, "Unauthorized", http.StatusUnauthorized)
@@ -133,7 +140,7 @@ func RoutesPublic(r *mux.Router, bd *gorm.DB) {
     }
 
     var user models.User
-		result := bd.Where("email = ?", userEmail).First(&user)
+    result := bd.Where("email = ?", email).First(&user)
     if result.Error != nil {
         w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
         http.Error(w, "Unauthorized", http.StatusUnauthorized)
@@ -147,19 +154,17 @@ func RoutesPublic(r *mux.Router, bd *gorm.DB) {
         return
     }
 
-		// Protection lecture seule
+    // Lecture seule
     if req.Method != "GET" && req.Method != "HEAD" && req.Method != "OPTIONS" && req.Method != "PROPFIND" {
         http.Error(w, "Read-Only", http.StatusForbidden)
         return
     }
 
-		log.Printf("✅ WebDAV access for user: %s", userEmail)
+    log.Printf("✅ WebDAV access for user: %s", email)
 
-		// Headers WebDAV attendus
     w.Header().Set("DAV", "1,2")
     w.Header().Set("MS-Author-Via", "DAV")
 
-		// Serve le WebDAV
     webdavHandler := &webdav.Handler{
         Prefix:     "/webdav/",
         FileSystem: webdav.Dir("/app/upload"),