From a581851f84843ac13d98b4fc271b41a347de43c3 Mon Sep 17 00:00:00 2001
From: Aaron Liu <abslant.liu@gmail.com>
Date: Fri, 12 Sep 2025 14:04:51 +0800
Subject: [PATCH] feat(webdav): option to disable system file uploads (#2871)

---
 assets                    |  2 +-
 inventory/types/types.go  |  1 +
 pkg/webdav/webdav.go      | 17 ++++++++++++-----
 service/setting/webdav.go | 13 +++++++++----
 4 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/assets b/assets
index e53eb86a..dcf21d5e 160000
--- a/assets
+++ b/assets
@@ -1 +1 @@
-Subproject commit e53eb86a326475487eec2dd831307b6fe71f57ae
+Subproject commit dcf21d5eb9fbb635e81ab3c13b44e1233db5cac9
diff --git a/inventory/types/types.go b/inventory/types/types.go
index 9ba07138..d59806bc 100644
--- a/inventory/types/types.go
+++ b/inventory/types/types.go
@@ -257,6 +257,7 @@ func FileTypeFromString(s string) FileType {
 const (
 	DavAccountReadOnly DavAccountOption = iota
 	DavAccountProxy
+	DavAccountDisableSysFiles
 )
 
 const (
diff --git a/pkg/webdav/webdav.go b/pkg/webdav/webdav.go
index da20873b..fd630736 100644
--- a/pkg/webdav/webdav.go
+++ b/pkg/webdav/webdav.go
@@ -9,6 +9,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+	"time"
+
 	"github.com/cloudreve/Cloudreve/v4/application/dependency"
 	"github.com/cloudreve/Cloudreve/v4/ent"
 	"github.com/cloudreve/Cloudreve/v4/inventory"
@@ -26,11 +32,6 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/samber/lo"
 	"golang.org/x/tools/container/intsets"
-	"net/http"
-	"net/url"
-	"path"
-	"strings"
-	"time"
 )
 
 const (
@@ -228,6 +229,12 @@ func handlePut(c *gin.Context, user *ent.User, fm manager.FileManager) (status i
 		return purposeStatusCodeFromError(err), err
 	}
 
+	if user.Edges.DavAccounts[0].Options.Enabled(int(types.DavAccountDisableSysFiles)) {
+		if strings.HasPrefix(reqPath.Name(), ".") {
+			return http.StatusMethodNotAllowed, nil
+		}
+	}
+
 	release, ls, status, err := confirmLock(c, fm, user, ancestor, nil, uri, nil)
 	if err != nil {
 		return status, err
diff --git a/service/setting/webdav.go b/service/setting/webdav.go
index 640776c7..3ed88001 100644
--- a/service/setting/webdav.go
+++ b/service/setting/webdav.go
@@ -86,10 +86,11 @@ func (service *ListDavAccountsService) List(c *gin.Context) (*ListDavAccountResp
 
 type (
 	CreateDavAccountService struct {
-		Uri      string `json:"uri" binding:"required"`
-		Name     string `json:"name" binding:"required,min=1,max=255"`
-		Readonly bool   `json:"readonly"`
-		Proxy    bool   `json:"proxy"`
+		Uri             string `json:"uri" binding:"required"`
+		Name            string `json:"name" binding:"required,min=1,max=255"`
+		Readonly        bool   `json:"readonly"`
+		Proxy           bool   `json:"proxy"`
+		DisableSysFiles bool   `json:"disable_sys_files"`
 	}
 	CreateDavAccountParamCtx struct{}
 )
@@ -173,6 +174,10 @@ func (service *CreateDavAccountService) validateAndGetBs(user *ent.User) (*bools
 		boolset.Set(types.DavAccountReadOnly, true, &bs)
 	}
 
+	if service.DisableSysFiles {
+		boolset.Set(types.DavAccountDisableSysFiles, true, &bs)
+	}
+
 	if service.Proxy && user.Edges.Group.Permissions.Enabled(int(types.GroupPermissionWebDAVProxy)) {
 		boolset.Set(types.DavAccountProxy, true, &bs)
 	}