texxasrulez/rounddav

RoundDAV - a SabreDAV-based CalDAV/CardDAV server tailored for Roundcube.

Maintainers

Details

github.com/texxasrulez/rounddav

Homepage

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:project

pkg:composer/texxasrulez/rounddav

0.0.1 2025-12-15 21:58 UTC

Requires

Suggests

GPL-3.0 f494da1c58b86459439d82045843101a573ea49d

  • Gene Hawkins <texxasrulez.woop@yahoo.com>

This package is auto-updated.

Last update: 2025-12-20 00:21:39 UTC

README

Downloads Packagist Downloads Packagist Version Github License GitHub Stars GitHub Issues GitHub Contributors GitHub Forks Donate Paypal

A lightweight CalDAV, CardDAV, and WebDAV storage engine designed for self-hosters who want full control without dragging in a monster stack. RoundDAV powers calendars, contacts, and file storage behind Roundcube — cleanly and predictably.

While this may work like any other sabre based server, this one is tailored for Roundcube specifically.

There are 3 Roundcube plugins to use with this and extend the bridge between the two.

Required for use with Roundcube:

RoundDAV Provision Roundcube Plugin

Recommended Plugins:

RoundDAV Files Roundcube Plugin

RoundDAV Bookmarks Roundcube Plugin

Features

  • CalDAV & CardDAV: Standards-compliant calendars and addressbooks
  • WebDAV Filesystem: Per-user storage rooted at a filesystem path you control
  • Provisioning API: Roundcube can create DAV users automatically
  • SSO-Ready: Includes /public/sso_login.php and /public/sso_logout.php
  • Admin UI: Simple administration panel for principals, calendars, addressbooks
  • Per-User Extras: Extra calendars and addressbooks can be created on first login
  • Clean PHP: No frameworks, minimal dependencies, easy to debug

Directory Layout

Typical layout on disk:

rounddav/
  config/
    config.dist.php
    config.php
  public/
    index.php
    install.php
    admin/
    files/
    api.php
    sso_login.php
    sso_logout.php
  src/
    Provision/
    Dav/
    ...
  • config/ – configuration files
  • public/ – web-exposed entry points (admin UI, files UI, SSO, API)
  • src/ – RoundDAV internals (provisioning, DAV backends, etc.)

Installation

  1. Copy rounddav/ to your server (outside your main vhost if you like).
  2. Point a vhost or alias at rounddav/public/.

Example Nginx snippet:

location /rounddav/ {
    alias /var/www/rounddav/public/;
    index index.php;
}
  1. Run the installer in your browser:
https://your.server/rounddav/public/install.php

  1. Fill in:

    • Database DSN / user / password
    • Files root path (for WebDAV file storage)
    • Admin username + password

  2. Submit. The installer writes config/config.php and initializes the database.

  3. Run composer update in root to install dependencies.

Configuration Overview

config/config.php is generated from config.dist.php and contains (at least):

return [
    'database' => [
        'dsn'      => 'mysql:host=localhost;dbname=rounddav',
        'user'     => 'rounddav',
        'password' => 'secret',
        'options'  => [],
    ],

    'files' => [
        'root'       => '/srv/rounddav/files',
        'public_url' => 'https://your.server/rounddav/public/files/',
    ],

    'admin' => [
        'username'      => 'admin',
        'password'      => 'admin@example.com',  // used to match admin principal
        'password_hash' => '$2y$10$...',
    ],

    'provision' => [
        'shared_secret'    => 'change_me_provision',
        'principal_prefix' => 'principals',
    ],

    'sso' => [
        'enabled' => true,
        'secret'  => 'change_me_sso',
        'ttl'     => 600,
    ],
];

Key points:

  • files.root – base directory for per-user WebDAV storage.
  • files.public_url – where the browser reaches the Files UI.
  • admin.password – used in your templates to identify the admin user.
  • provision.shared_secret – for API calls if you ever protect them further.
  • sso.secret – must match rounddav_sso_secret in the Roundcube rounddav_provision plugin.

Provisioning API

RoundDAV exposes a simple HTTP API for provisioning users:

POST /rounddav/public/api.php?r=provision/user
Content-Type: application/json

Example payload (this is what the Roundcube plugin sends):

{
  "username": "user@example.com",
  "password": "plaintext-or-derived",
  "extra_calendars": [
    {
      "uri": "todo",
      "displayname": "Tasks",
      "mode": "tasks",
      "shared": false
    }
  ],
  "extra_addressbooks": [
    {
      "uri": "work",
      "displayname": "Work Contacts",
      "shared": false
    }
  ]
}

The server will:

  • Ensure the principal and credentials exist
  • Ensure the default calendar + addressbook exist
  • Ensure any additional calendars/addressbooks defined in the request exist

The endpoint replies with JSON, e.g.:

{
  "status": "ok",
  "message": "Provisioning OK for user@example.com",
  "principal_uri": "principals/user@example.com",
  "principal_id": 6
}

SSO Endpoints

These are used by Roundcube (rounddav_provision + rounddav_files) to log users into the web UI without a second login.

Login

GET /rounddav/public/sso_login.php?user=<user>&ts=<unix>&sig=<hmac>
  • user – principal identifier (usually the email / Roundcube username)
  • ts – Unix timestamp when the token was issued
  • sighash_hmac('sha256', "$user|$ts", $config['sso']['secret'])

If valid:

  • Sets $_SESSION['rounddav_files_user'] = $user
  • Redirects the browser to files.public_url or ./files/

Logout

GET /rounddav/public/sso_logout.php?user=<user>&ts=<unix>&sig=<hmac>
  • Signature is based on "$user|$ts|logout"

If valid:

  • Destroys the PHP session
  • Leaves no visible output

Roundcube’s logout hook fires a tiny new Image().src = ".../sso_logout.php?..."; call to trigger this.

Admin UI

Accessible under:

https://your.server/rounddav/public/admin/

You can:

  • View and manage principals
  • Create/delete calendars and addressbooks for each principal
  • Edit calendar/addressbook properties (URI, displayname, flags)
  • Toggle options like “tasks only” vs “events only” vs both

The Admin UI is intentionally minimal, built for admins who already know what DAV is.

Admin README.md

Files UI

Accessible under:

https://your.server/rounddav/public/files/

This is the generic Files interface that rounddav_files embeds in an iframe inside Roundcube. It:

  • Shows per-user directories under your configured files.root
  • Allows uploads, downloads, deletions (depending on your implementation)
  • Is styled to roughly match Roundcube skins when embedded

Philosophy

RoundDAV is meant to be:

  • Small enough to understand
  • Strong enough to be useful
  • Quiet enough to disappear behind Roundcube

If you know Roundcube and a bit of PHP, you should be able to debug or extend this without fighting it.

Enjoy!

💰 Donations 💰

If you use this plugin and would like to show your appreciation by buying me a cup of coffee, I surely would appreciate it. A regular cup of Joe is sufficient, but a Starbucks Coffee would be better ...
Zelle (Zelle is integrated within many major banks Mobile Apps by default) - Just send to texxasrulez at yahoo dot com
No Zelle in your banks mobile app, no problem, just click Paypal and I can make a Starbucks run ...

I appreciate the interest in this plugin and hope all the best ...