From 3d395584a89d88a0f9fa08bd9672b3b37849e810 Mon Sep 17 00:00:00 2001
From: Warren <warren@momentry.ddns.net>
Date: Mon, 22 Jun 2026 07:23:57 +0800
Subject: [PATCH] Fix WebDAV: middleware use extensions().get() to not consume

---
 data/auth.sqlite                          | Bin 73728 -> 73728 bytes
 markbase-core/src/cli/interface/webdav.rs |  13 +++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/data/auth.sqlite b/data/auth.sqlite
index 82d5de77d22a630ec6eb1feb4151e59d5831e8fe..c198192413b29632a3d1e6fbe8720795dd90fd93 100644
GIT binary patch
delta 294
zcmZoTz|wGlWr8&0_K7mijN3ORw97CuPd+H6FquR44qK5`6UPMB&97wH7=i4@x(O_k
zzsdb!Dze)AMgBRzBnvOIEK_cNZfaghQ6&c}C$lJ1N@{LC2lM7H`XBfOSXh}knK)P(
z7$6Lws6AFu|Ns7cUJOWpYcpd3vjVdhTh?Uu1CyE9vNkIUoMUB@_nIttT$HECin+Kn
zIXShsSl$yPuzAt3Bu-{8-ss8f7bY|DMsHSB*w4es!OX&#Wl?11wK?VP0w!iJp4!Rm
z4<<A5)B>d+a!>Aj!_DZmx%167Ax4$S4*xfS{q+AoKjV_^U-%jS^Ybo2at{LlKuuK?

delta 256
zcmZoTz|wGlWr8&0rin7njGHzlw97CuOg<>3FquR44qJ*=6UPLm&97wH7=i4@x(SSv
zzsdb!O3~W<MgBRzBqJ}gEK_cNZfaghQ6&cxC$lJ1N@{LC2gBws`XBfO7+IM)nK+mj
z7+Amzpr}1oQUCw`e4Y$QfNL{j0kZ<LCtLSq_5+hQD++vMWs>)tEO=aW^P*!(oXnoQ
zDU;bR03{So@oY}HyMT$=lc#es`vZ{3d+y1#Z@4#4d9zxGQF*e%|4m@m{{PR<xOn>)
Oe#Za&yo-@+VgLX@Sxe0T

diff --git a/markbase-core/src/cli/interface/webdav.rs b/markbase-core/src/cli/interface/webdav.rs
index dd96797..ffd9587 100644
--- a/markbase-core/src/cli/interface/webdav.rs
+++ b/markbase-core/src/cli/interface/webdav.rs
@@ -71,10 +71,12 @@ async fn run_webdav_server(
     let dav_handler = crate::webdav::create_webdav_handler(vfs, home_dir.clone(), upload_hook, user.clone());
 
     async fn webdav_auth_middleware(
-        Extension(expected): Extension<crate::webdav::WebdavCredentials>,
         req: Request,
         next: middleware::Next,
     ) -> impl IntoResponse {
+        // Get credentials from extensions (without consuming)
+        let expected = req.extensions().get::<crate::webdav::WebdavCredentials>().cloned();
+        
         let auth = req
             .headers()
             .get("Authorization")
@@ -90,9 +92,12 @@ async fn run_webdav_server(
                 Some((creds[..colon].to_string(), creds[colon + 1..].to_string()))
             });
 
-        let valid = auth.is_some_and(|(u, p)| {
-            u == expected.username && expected.password.as_ref().is_none_or(|exp| p == *exp)
-        });
+        let valid = match (auth, expected) {
+            (Some((u, p)), Some(exp)) => {
+                u == exp.username && exp.password.as_ref().is_none_or(|exp_p| p == *exp_p)
+            }
+            _ => false,
+        };
 
         if !valid {
             return (