Merge remote-tracking branch 'origin/main' into front-styles

app/service/addressesService/addressesService.go

@@ -0,0 +1,152 @@
+package addressesService
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/repos/addressesRepo"
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
+)
+
+type AddressesService struct {
+	repo addressesRepo.UIAddressesRepo
+}
+
+func New() *AddressesService {
+	return &AddressesService{
+		repo: addressesRepo.New(),
+	}
+}
+
+func (s *AddressesService) GetTemplate(country_id uint) (model.AddressField, error) {
+	switch country_id {
+
+	case 1: // Poland
+		return model.AddressPL{}, nil
+
+	case 2: // Great Britain
+		return model.AddressGB{}, nil
+
+	case 3: // Czech Republic
+		return model.AddressCZ{}, nil
+
+	case 4: // Germany
+		return model.AddressDE{}, nil
+
+	default:
+		return nil, responseErrors.ErrInvalidCountryID
+	}
+}
+
+func (s *AddressesService) AddNewAddress(user_id uint, address_info string, country_id uint) error {
+	amt, err := s.repo.UserAddressesAmt(user_id)
+	if err != nil {
+		return err
+	} else if amt >= constdata.MAX_AMOUNT_OF_ADDRESSES_PER_USER {
+		return responseErrors.ErrMaxAmtOfAddressesReached
+	}
+
+	_, err = s.validateAddressJson(address_info, country_id)
+	if err != nil {
+		return err
+	}
+
+	return s.repo.AddNewAddress(user_id, address_info, country_id)
+}
+
+// country_id = 0 means that country_id remains unchanged
+func (s *AddressesService) ModifyAddress(user_id uint, address_id uint, address_info string, country_id uint) error {
+	amt, err := s.repo.UserHasAddress(user_id, address_id)
+	if err != nil {
+		return err
+	} else if amt != 1 {
+		return responseErrors.ErrUserHasNoSuchAddress
+	}
+
+	_, err = s.validateAddressJson(address_info, country_id)
+	if err != nil {
+		return err
+	}
+
+	return s.repo.UpdateAddress(user_id, address_id, address_info, country_id)
+}
+
+func (s *AddressesService) RetrieveAddressesInfo(user_id uint) (*[]model.AddressUnparsed, error) {
+	parsed_addresses, err := s.repo.RetrieveAddresses(user_id)
+	if err != nil {
+		return nil, err
+	}
+
+	var unparsed_addresses []model.AddressUnparsed
+
+	for i := 0; i < len(*parsed_addresses); i++ {
+		var next_address model.AddressUnparsed
+		next_address.ID = (*parsed_addresses)[i].ID
+		next_address.CustomerID = (*parsed_addresses)[i].CustomerID
+		next_address.CountryID = (*parsed_addresses)[i].CountryID
+
+		next_address.AddressInfo, err = s.validateAddressJson((*parsed_addresses)[i].AddressInfo, next_address.CountryID)
+		// log such errors
+		if err != nil {
+			fmt.Printf("err: %v\n", err)
+		}
+
+		unparsed_addresses = append(unparsed_addresses, next_address)
+	}
+
+	return &unparsed_addresses, nil
+}
+
+func (s *AddressesService) DeleteAddress(user_id uint, address_id uint) error {
+	amt, err := s.repo.UserHasAddress(user_id, address_id)
+	if err != nil {
+		return err
+	} else if amt != 1 {
+		return responseErrors.ErrUserHasNoSuchAddress
+	}
+
+	return s.repo.DeleteAddress(user_id, address_id)
+}
+
+// validateAddressJson makes sure that the info string represents a valid json of address in given country
+func (s *AddressesService) validateAddressJson(info string, country_id uint) (model.AddressField, error) {
+	dec := json.NewDecoder(strings.NewReader(info))
+	dec.DisallowUnknownFields()
+
+	switch country_id {
+
+	case 1: // Poland
+		var address model.AddressPL
+		if err := dec.Decode(&address); err != nil {
+			return address, responseErrors.ErrInvalidAddressJSON
+		}
+		return address, nil
+
+	case 2: // Great Britain
+		var address model.AddressGB
+		if err := dec.Decode(&address); err != nil {
+			return address, responseErrors.ErrInvalidAddressJSON
+		}
+		return address, nil
+
+	case 3: // Czech Republic
+		var address model.AddressCZ
+		if err := dec.Decode(&address); err != nil {
+			return address, responseErrors.ErrInvalidAddressJSON
+		}
+		return address, nil
+
+	case 4: // Germany
+		var address model.AddressDE
+		if err := dec.Decode(&address); err != nil {
+			return address, responseErrors.ErrInvalidAddressJSON
+		}
+		return address, nil
+
+	default:
+		return nil, responseErrors.ErrInvalidCountryID
+	}
+}

app/service/authService/auth.go

@@ -11,6 +11,8 @@ import (
 	"git.ma-al.com/goc_daniel/b2b/app/config"
 	"git.ma-al.com/goc_daniel/b2b/app/db"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/repos/customerRepo"
+	roleRepo "git.ma-al.com/goc_daniel/b2b/app/repos/rolesRepo"
 	"git.ma-al.com/goc_daniel/b2b/app/service/emailService"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
@@ -35,17 +37,21 @@ type JWTClaims struct {
 
 // AuthService handles authentication operations
 type AuthService struct {
-	db     *gorm.DB
-	config *config.AuthConfig
-	email  *emailService.EmailService
+	db           *gorm.DB
+	config       *config.AuthConfig
+	email        *emailService.EmailService
+	customerRepo customerRepo.UICustomerRepo
+	roleRepo     roleRepo.UIRolesRepo
 }
 
 // NewAuthService creates a new AuthService instance
 func NewAuthService() *AuthService {
 	svc := &AuthService{
-		db:     db.Get(),
-		config: &config.Get().Auth,
-		email:  emailService.NewEmailService(),
+		db:           db.Get(),
+		config:       &config.Get().Auth,
+		email:        emailService.NewEmailService(),
+		customerRepo: customerRepo.New(),
+		roleRepo:     roleRepo.New(),
 	}
 	// Auto-migrate the refresh_tokens table
 	if svc.db != nil {
@@ -83,6 +89,15 @@ func (s *AuthService) Login(req *model.LoginRequest) (*model.AuthResponse, strin
 	// Update last login time
 	now := time.Now()
 	user.LastLoginAt = &now
+
+	if req.LangID != nil {
+		_, err := s.GetLangISOCode(*req.LangID)
+		if err != nil {
+			return nil, "", responseErrors.ErrBadLangID
+		}
+		user.LangID = *req.LangID
+	}
+
 	s.db.Save(&user)
 
 	// Generate access token (JWT)
@@ -144,7 +159,6 @@ func (s *AuthService) Register(req *model.RegisterRequest) error {
 		Password:                 string(hashedPassword),
 		FirstName:                req.FirstName,
 		LastName:                 req.LastName,
-		Role:                     model.Role{},
 		Provider:                 model.ProviderLocal,
 		IsActive:                 false,
 		EmailVerified:            false,
@@ -443,6 +457,19 @@ func (s *AuthService) GetUserByEmail(email string) (*model.Customer, error) {
 	return &user, nil
 }
 
+func (s *AuthService) GetUserByWebdavToken(rawToken string) (*model.Customer, error) {
+	tokenHash := hashToken(rawToken)
+
+	var user model.Customer
+	if err := s.db.Where("webdav_token = ?", tokenHash).First(&user).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, responseErrors.ErrUserNotFound
+		}
+		return nil, fmt.Errorf("database error: %w", err)
+	}
+	return &user, nil
+}
+
 // createRefreshToken generates a random opaque token, stores its hash in the DB, and returns the raw token.
 func (s *AuthService) createRefreshToken(userID uint) (string, error) {
 	// Generate 32 random bytes → 64-char hex string

app/service/authService/google_oauth.go

@@ -108,26 +108,32 @@ func (s *AuthService) HandleGoogleCallback(code string) (*model.AuthResponse, st
 // findOrCreateGoogleUser finds an existing user by Google provider ID or email,
 // or creates a new one.
 func (s *AuthService) findOrCreateGoogleUser(info *view.GoogleUserInfo) (*model.Customer, error) {
-	var user model.Customer
+	var user *model.Customer
 
 	// Try to find by provider + provider_id
-	err := s.db.Where("provider = ? AND provider_id = ?", model.ProviderGoogle, info.ID).First(&user).Error
+	user, err := s.customerRepo.GetByExternalProviderId(model.ProviderGoogle, info.ID)
 	if err == nil {
 		// Update avatar in case it changed
 		user.AvatarURL = info.Picture
-		s.db.Save(&user)
-		return &user, nil
+		err = s.customerRepo.Save(user)
+		if err != nil {
+			return nil, err
+		}
+		return user, nil
 	}
 
 	// Try to find by email (user may have registered locally before)
-	err = s.db.Where("email = ?", info.Email).First(&user).Error
+	user, err = s.customerRepo.GetByEmail(info.Email)
 	if err == nil {
 		// Link Google provider to existing account
 		user.Provider = model.ProviderGoogle
 		user.ProviderID = info.ID
 		user.AvatarURL = info.Picture
 		user.IsActive = true
-		s.db.Save(&user)
+		err = s.customerRepo.Save(user)
+		if err != nil {
+			return nil, err
+		}
 
 		// If email has not been verified yet, send email to admin.
 		if !user.EmailVerified {
@@ -139,7 +145,7 @@ func (s *AuthService) findOrCreateGoogleUser(info *view.GoogleUserInfo) (*model.
 		}
 		user.EmailVerified = true
 
-		return &user, nil
+		return user, nil
 	}
 
 	// Create new user
@@ -148,16 +154,16 @@ func (s *AuthService) findOrCreateGoogleUser(info *view.GoogleUserInfo) (*model.
 		FirstName:     info.GivenName,
 		LastName:      info.FamilyName,
 		Provider:      model.ProviderGoogle,
+		RoleID:        1, // user
 		ProviderID:    info.ID,
 		AvatarURL:     info.Picture,
-		Role:          model.Role{},
 		IsActive:      true,
 		EmailVerified: true,
 		LangID:        2, // default is english
 		CountryID:     2, // default is England
 	}
 
-	if err := s.db.Create(&newUser).Error; err != nil {
+	if err := s.customerRepo.Create(&newUser); err != nil {
 		return nil, fmt.Errorf("failed to create user: %w", err)
 	}
 
@@ -170,6 +176,13 @@ func (s *AuthService) findOrCreateGoogleUser(info *view.GoogleUserInfo) (*model.
 		}
 	}
 
+	var role *model.Role
+	role, err = s.roleRepo.Get(newUser.RoleID)
+	if err != nil {
+		return nil, err
+	}
+	newUser.Role = role
+
 	return &newUser, nil
 }
 

app/service/customerService/customerService.go

@@ -3,6 +3,8 @@ package customerService
 import (
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/repos/customerRepo"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/query/filters"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/query/find"
 )
 
 type CustomerService struct {
@@ -18,3 +20,7 @@ func New() *CustomerService {
 func (s *CustomerService) GetById(id uint) (*model.Customer, error) {
 	return s.repo.Get(id)
 }
+
+func (s *CustomerService) Find(langId uint, p find.Paging, filt *filters.FiltersList, search string) (*find.Found[model.UserInList], error) {
+	return s.repo.Find(langId, p, filt, search)
+}

app/service/emailService/email.go

@@ -10,6 +10,7 @@ import (
 	"git.ma-al.com/goc_daniel/b2b/app/config"
 	"git.ma-al.com/goc_daniel/b2b/app/service/langsService"
 	"git.ma-al.com/goc_daniel/b2b/app/templ/emails"
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
 	"git.ma-al.com/goc_daniel/b2b/app/view"
 )
@@ -133,6 +134,6 @@ func (s *EmailService) passwordResetEmailTemplate(name, resetURL string, langID
 // newUserAdminNotificationTemplate returns the HTML template for admin notification
 func (s *EmailService) newUserAdminNotificationTemplate(userEmail, userName, baseURL string) string {
 	buf := bytes.Buffer{}
-	emails.EmailAdminNotificationWrapper(view.EmailLayout[view.EmailAdminNotificationData]{LangID: 2, Data: view.EmailAdminNotificationData{UserEmail: userEmail, UserName: userName, BaseURL: baseURL}}).Render(context.Background(), &buf)
+	emails.EmailAdminNotificationWrapper(view.EmailLayout[view.EmailAdminNotificationData]{LangID: constdata.ADMIN_NOTIFICATION_LANGUAGE, Data: view.EmailAdminNotificationData{UserEmail: userEmail, UserName: userName, BaseURL: baseURL}}).Render(context.Background(), &buf)
 	return buf.String()
 }

app/service/listService/listService.go

@@ -1,26 +0,0 @@
-package listService
-
-import (
-	"git.ma-al.com/goc_daniel/b2b/app/model"
-	"git.ma-al.com/goc_daniel/b2b/app/repos/listRepo"
-	"git.ma-al.com/goc_daniel/b2b/app/utils/query/filters"
-	"git.ma-al.com/goc_daniel/b2b/app/utils/query/find"
-)
-
-type ListService struct {
-	listRepo listRepo.UIListRepo
-}
-
-func New() *ListService {
-	return &ListService{
-		listRepo: listRepo.New(),
-	}
-}
-
-func (s *ListService) ListProducts(id_lang uint, p find.Paging, filters *filters.FiltersList) (find.Found[model.ProductInList], error) {
-	return s.listRepo.ListProducts(id_lang, p, filters)
-}
-
-func (s *ListService) ListUsers(id_lang uint, p find.Paging, filters *filters.FiltersList) (find.Found[model.UserInList], error) {
-	return s.listRepo.ListUsers(id_lang, p, filters)
-}

app/service/meiliService/meiliService.go

@@ -27,8 +27,8 @@ type MeiliService struct {
 func New() *MeiliService {
 
 	client := meilisearch.New(
-		config.Get().MailiSearch.ServerURL,
-		meilisearch.WithAPIKey(config.Get().MailiSearch.ApiKey),
+		config.Get().MeiliSearch.ServerURL,
+		meilisearch.WithAPIKey(config.Get().MeiliSearch.ApiKey),
 	)
 
 	return &MeiliService{

app/service/productService/productService.go

@@ -3,8 +3,12 @@ package productService
 import (
 	"encoding/json"
 
+	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/repos/productsRepo"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/query/filters"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/query/find"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
 )
 
 type ProductService struct {
@@ -25,3 +29,47 @@ func (s *ProductService) GetJSON(p_id_product, p_id_lang, p_id_customer, b2b_id_
 
 	return products, nil
 }
+
+func (s *ProductService) Find(id_lang, userID uint, p find.Paging, filters *filters.FiltersList) (find.Found[model.ProductInList], error) {
+	return s.productsRepo.Find(id_lang, userID, p, filters)
+}
+
+func (s *ProductService) AddToFavorites(userID uint, productID uint) error {
+	exists, err := s.productsRepo.ProductInDatabase(productID)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return responseErrors.ErrProductNotFound
+	}
+
+	exists, err = s.productsRepo.ExistsInFavorites(userID, productID)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return responseErrors.ErrAlreadyInFavorites
+	}
+
+	return s.productsRepo.AddToFavorites(userID, productID)
+}
+
+func (s *ProductService) RemoveFromFavorites(userID uint, productID uint) error {
+	exists, err := s.productsRepo.ProductInDatabase(productID)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return responseErrors.ErrProductNotFound
+	}
+
+	exists, err = s.productsRepo.ExistsInFavorites(userID, productID)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return responseErrors.ErrNotInFavorites
+	}
+
+	return s.productsRepo.RemoveFromFavorites(userID, productID)
+}

app/service/productTranslationService/productTranslationService.go

@@ -90,13 +90,24 @@ func (s *ProductTranslationService) GetProductDescription(userID uint, productID
 // Updates relevant fields with the "updates" map
 func (s *ProductTranslationService) SaveProductDescription(userID uint, productID uint, productLangID uint, updates map[string]string) error {
 	// only some fields can be affected
-	allowedFields := []string{"description", "description_short", "meta_description", "meta_title", "name", "available_now", "available_later", "usage"}
+	allowedFields := []string{"description", "description_short", "link_rewrite", "meta_description", "meta_keywords", "meta_title", "name",
+		"available_now", "available_later", "delivery_in_stock", "delivery_out_stock", "usage"}
 	for key := range updates {
 		if !slices.Contains(allowedFields, key) {
 			return responseErrors.ErrBadField
 		}
 	}
 
+	if text, exists := updates["link_rewrite"]; exists {
+		// sanitize and check that link_rewrite is a valid url slug
+		sanitized := SanitizeSlug(text)
+		if !IsValidSlug(sanitized) {
+			return responseErrors.ErrInvalidURLSlug
+		}
+
+		updates["link_rewrite"] = sanitized
+	}
+
 	// check that fields description, description_short and usage, if they exist, have a valid html format
 	mustBeHTML := []string{"description", "description_short", "usage"}
 	for i := 0; i < len(mustBeHTML); i++ {
@@ -138,20 +149,28 @@ func (s *ProductTranslationService) TranslateProductDescription(userID uint, pro
 
 	fields := []*string{&productDescription.Description,
 		&productDescription.DescriptionShort,
+		&productDescription.LinkRewrite,
 		&productDescription.MetaDescription,
+		&productDescription.MetaKeywords,
 		&productDescription.MetaTitle,
 		&productDescription.Name,
 		&productDescription.AvailableNow,
 		&productDescription.AvailableLater,
+		&productDescription.DeliveryInStock,
+		&productDescription.DeliveryOutStock,
 		&productDescription.Usage,
 	}
 	keys := []string{"translation_of_product_description",
 		"translation_of_product_short_description",
+		"translation_of_product_url_link",
 		"translation_of_product_meta_description",
+		"translation_of_product_meta_keywords",
 		"translation_of_product_meta_title",
 		"translation_of_product_name",
-		"translation_of_product_available_now",
-		"translation_of_product_available_later",
+		"translation_of_product_available_now_message",
+		"translation_of_product_available_later_message",
+		"translation_of_product_delivery_in_stock_message",
+		"translation_of_product_delivery_out_stock_message",
 		"translation_of_product_usage",
 	}
 

app/service/productTranslationService/sanitizeURLSlug.go

@@ -0,0 +1,69 @@
+package productTranslationService
+
+import (
+	"strings"
+	"unicode"
+
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"github.com/dlclark/regexp2"
+	"golang.org/x/text/runes"
+	"golang.org/x/text/transform"
+	"golang.org/x/text/unicode/norm"
+)
+
+func IsValidSlug(s string) bool {
+	var slug_regex2 = regexp2.MustCompile(constdata.SLUG_REGEX, regexp2.None)
+
+	ok, _ := slug_regex2.MatchString(s)
+	return ok
+}
+
+func SanitizeSlug(s string) string {
+	s = strings.TrimSpace(strings.ToLower(s))
+
+	// First apply explicit transliteration for language-specific letters.
+	s = transliterateWithTable(s)
+
+	// Then normalize and strip any remaining combining marks.
+	s = removeDiacritics(s)
+
+	// Replace all non-alphanumeric runs with "-"
+	var non_alphanum_regex2 = regexp2.MustCompile(constdata.NON_ALNUM_REGEX, regexp2.None)
+	s, _ = non_alphanum_regex2.Replace(s, "-", -1, -1)
+
+	// Collapse repeated "-" and trim edges
+	var multi_dash_regex2 = regexp2.MustCompile(constdata.MULTI_DASH_REGEX, regexp2.None)
+	s, _ = multi_dash_regex2.Replace(s, "-", -1, -1)
+
+	s = strings.Trim(s, "-")
+
+	return s
+}
+
+func transliterateWithTable(s string) string {
+	var b strings.Builder
+	b.Grow(len(s))
+
+	for _, r := range s {
+		if repl, ok := constdata.TRANSLITERATION_TABLE[r]; ok {
+			b.WriteString(repl)
+		} else {
+			b.WriteRune(r)
+		}
+	}
+
+	return b.String()
+}
+
+func removeDiacritics(s string) string {
+	t := transform.Chain(
+		norm.NFD,
+		runes.Remove(runes.In(unicode.Mn)),
+		norm.NFC,
+	)
+	out, _, err := transform.String(t, s)
+	if err != nil {
+		return s
+	}
+	return out
+}

app/service/storageService/storageService.go

@@ -0,0 +1,283 @@
+package storageService
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/xml"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/repos/storageRepo"
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
+)
+
+type StorageService struct {
+	storageRepo storageRepo.UIStorageRepo
+}
+
+func New() *StorageService {
+	return &StorageService{
+		storageRepo: storageRepo.New(),
+	}
+}
+
+func (s *StorageService) EntryInfo(abs_path string) (os.FileInfo, error) {
+	return s.storageRepo.EntryInfo(abs_path)
+}
+
+func (s *StorageService) NewWebdavToken(user_id uint) (string, error) {
+	b := make([]byte, constdata.NBYTES_IN_WEBDAV_TOKEN)
+
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+
+	raw_token := hex.EncodeToString(b)
+	hash_token_bytes := sha256.Sum256([]byte(raw_token))
+	hash_token := hex.EncodeToString(hash_token_bytes[:])
+	expires_at := time.Now().Add(24 * time.Hour)
+
+	return raw_token, s.storageRepo.SaveWebdavToken(user_id, hash_token, &expires_at)
+}
+
+func (s *StorageService) DownloadFilePrep(abs_path string) (*os.File, string, int64, error) {
+	info, err := s.storageRepo.EntryInfo(abs_path)
+	if err != nil || info.IsDir() {
+		return nil, "", 0, responseErrors.ErrFileDoesNotExist
+	}
+
+	f, err := s.storageRepo.OpenFile(abs_path)
+	if err != nil {
+		return nil, "", 0, err
+	}
+
+	return f, filepath.Base(abs_path), info.Size(), nil
+}
+
+func (s *StorageService) ListContent(abs_path string) (*[]model.EntryInList, error) {
+	info, err := s.storageRepo.EntryInfo(abs_path)
+	if err != nil || !info.IsDir() {
+		return nil, responseErrors.ErrFolderDoesNotExist
+	}
+
+	entries_in_list, err := s.storageRepo.ListContent(abs_path)
+	return entries_in_list, err
+}
+
+func (s *StorageService) Propfind(root string, abs_path string, depth string) (string, error) {
+	href := href(root, abs_path)
+
+	max_depth := 0
+	switch depth {
+	case "0":
+		max_depth = 0
+	case "1":
+		max_depth = 1
+	case "infinity":
+		max_depth = 32
+	default:
+		max_depth = 0
+	}
+
+	info, err := s.storageRepo.EntryInfo(abs_path)
+	if err != nil {
+		return "", err
+	}
+
+	xml := `<?xml version="1.0" encoding="utf-8"?>` +
+		`<D:multistatus xmlns:D="DAV:">`
+
+	if info.IsDir() {
+		href = ensureTrailingSlash(href)
+		next_xml, err := buildDirPropResponse(abs_path, href, info, max_depth)
+		if err != nil {
+			return "", err
+		}
+		xml += next_xml
+	} else {
+		xml += buildFilePropResponse(href, info)
+	}
+
+	xml += `</D:multistatus>`
+
+	return xml, nil
+}
+
+func (s *StorageService) Put(abs_path string, src io.Reader) error {
+	return s.storageRepo.Put(abs_path, src)
+}
+
+func (s *StorageService) Delete(abs_path string) error {
+	return s.storageRepo.Delete(abs_path)
+}
+
+func (s *StorageService) Mkcol(abs_path string) error {
+	_, err := s.storageRepo.EntryInfo(abs_path)
+	if err == nil {
+		return responseErrors.ErrNameTaken
+	} else if os.IsNotExist(err) {
+		return s.storageRepo.Mkcol(abs_path)
+	} else {
+		return err
+	}
+}
+
+func (s *StorageService) Move(src_abs_path string, dest_abs_path string) error {
+	return s.storageRepo.Move(src_abs_path, dest_abs_path)
+}
+
+func (s *StorageService) Copy(src_abs_path string, dest_abs_path string) error {
+	return s.storageRepo.Copy(src_abs_path, dest_abs_path)
+}
+
+func buildFilePropResponse(href string, info os.FileInfo) string {
+	name := info.Name()
+	return "" +
+		"<D:response>" +
+		"<D:href>" + xmlEscape(href) + "</D:href>" +
+		"<D:propstat>" +
+		"<D:prop>" +
+		"<D:displayname>" + xmlEscape(name) + "</D:displayname>" +
+		"<D:getcontentlength>" + strconv.FormatInt(info.Size(), 10) + "</D:getcontentlength>" +
+		"<D:getlastmodified>" + xmlEscape(info.ModTime().UTC().Format(http.TimeFormat)) + "</D:getlastmodified>" +
+		"<D:resourcetype/>" +
+		"</D:prop>" +
+		"<D:status>HTTP/1.1 200 OK</D:status>" +
+		"</D:propstat>" +
+		"</D:response>"
+}
+
+func buildDirPropResponse(abs_path string, href string, info os.FileInfo, max_depth int) (string, error) {
+	name := info.Name()
+
+	xml := "" +
+		"<D:response>" +
+		"<D:href>" + xmlEscape(ensureTrailingSlash(href)) + "</D:href>" +
+		"<D:propstat>" +
+		"<D:prop>" +
+		"<D:displayname>" + xmlEscape(name) + "</D:displayname>" +
+		"<D:resourcetype><D:collection/></D:resourcetype>" +
+		"<D:getlastmodified>" + xmlEscape(info.ModTime().UTC().Format(http.TimeFormat)) + "</D:getlastmodified>" +
+		"</D:prop>" +
+		"<D:status>HTTP/1.1 200 OK</D:status>" +
+		"</D:propstat>" +
+		"</D:response>"
+
+	if max_depth <= 0 {
+		return xml, nil
+	}
+
+	entries, err := os.ReadDir(abs_path)
+	if err != nil {
+		return "", err
+	}
+
+	for _, entry := range entries {
+		child_abs_path := filepath.Join(abs_path, entry.Name())
+		child_href := path.Join(href, entry.Name())
+
+		child_info, err := entry.Info()
+		if err != nil {
+			return "", err
+		}
+
+		var xml_next string
+		if entry.IsDir() {
+			xml_next, err = buildDirPropResponse(child_abs_path, ensureTrailingSlash(child_href), child_info, max_depth-1)
+		} else {
+			xml_next = buildFilePropResponse(child_href, child_info)
+		}
+
+		if err != nil {
+			return "", err
+		}
+		xml += xml_next
+	}
+
+	return xml, nil
+}
+
+func ensureTrailingSlash(s string) string {
+	if s == "/" {
+		return s
+	}
+	if !strings.HasSuffix(s, "/") {
+		return s + "/"
+	}
+	return s
+}
+
+func xmlEscape(s string) string {
+	var b strings.Builder
+	xml.EscapeText(&b, []byte(s))
+	return b.String()
+}
+
+// Returns href based on file's absolute path. Doesn't validate abs_path
+func href(root string, abs_path string) string {
+	rel, _ := filepath.Rel(root, abs_path)
+
+	if rel == "." {
+		return constdata.WEBDAV_HREF_ROOT + "/"
+	}
+
+	rel = filepath.ToSlash(rel)
+
+	parts := strings.Split(rel, "/")
+	for i, p := range parts {
+		parts[i] = url.PathEscape(p)
+	}
+
+	return strings.TrimRight(constdata.WEBDAV_HREF_ROOT, "/") + "/" + strings.Join(parts, "/")
+}
+
+// AbsPath extracts an absolute path and validates it
+func (s *StorageService) AbsPath(root string, relative_path string) (string, error) {
+	decoded, err := url.PathUnescape(relative_path)
+	if err != nil {
+		return "", err
+	}
+
+	clean_name := filepath.Clean(decoded)
+	full_path := filepath.Join(root, clean_name)
+
+	if full_path != root && !strings.HasPrefix(full_path, root+"/") {
+		return "", responseErrors.ErrAccessDenied
+	}
+
+	return full_path, nil
+}
+
+// ObtainDestPath extracts the absolute path based on URL absolute path
+func (s *StorageService) ObtainDestPath(root string, dest_path string) (string, error) {
+	idx := strings.Index(dest_path, constdata.WEBDAV_TRIMMED_ROOT)
+	if idx == -1 {
+		return "", responseErrors.ErrAccessDenied
+	}
+	prefix_removed := dest_path[idx+len(constdata.WEBDAV_TRIMMED_ROOT):]
+
+	decoded, err := url.PathUnescape(prefix_removed)
+	if err != nil {
+		return "", err
+	}
+
+	clean_dest_path := filepath.Clean(decoded)
+	if clean_dest_path == "" {
+		return root, nil
+	} else if strings.HasPrefix(clean_dest_path, "/") {
+		return root + "/" + strings.TrimPrefix(clean_dest_path, "/"), nil
+	} else {
+		return "", responseErrors.ErrAccessDenied
+	}
+}