Skip to main content

File sharing server with WebDAV support

Project description

X-wing

X-wing

A self-contained file sharing server with WebDAV support. Works out of the box or integrates with LDAPGate for corporate LDAP/AD authentication.

Features

  • WebDAV server — mount as a drive on Windows, macOS, and Linux using native WebDAV clients
  • Resumable uploads — chunked uploads with session recovery; supports large files (up to 10 GB by default)
  • Browser-based file browser — drag-and-drop upload, directory creation, zip download, file delete
  • In-browser text editor — CodeMirror-powered editor for common text and code file types
  • WebDAV COPY / MOVE — server-side file and directory copy/move via Destination header
  • Per-user access control — YAML config grants each user independent read, write, and delete permissions; reloaded at runtime without restart
  • Optional LDAP / AD authentication — via LDAPGate
  • Single self-contained wheel — no external CDN dependencies; fonts embedded as base64 WOFF2

Install

pip install xwing

For LDAP/AD authentication:

pip install 'xwing[ldap]'

Usage

xwing serve --root /path/to/serve

Opens the file browser at http://127.0.0.1:8989 and launches your default browser.

Options

--root PATH                Root directory to serve. [required]
--host TEXT                Bind host. [default: 127.0.0.1]
--port INTEGER             Bind port. [default: 8989]
--open / --no-open         Open browser on startup. [default: open]
--max-upload-gb FLOAT      Max upload size in GB. [default: 10]
--max-chunk-mb INTEGER     Max size per chunk in MB. [default: 100]
--max-chunks INTEGER       Max chunks per upload session. [default: 10000]
--session-ttl-minutes INT  Upload session expiry in minutes. [default: 60]
--require-auth             Require authentication header (403 if missing).
--users-config FILE        Path to YAML file with per-user permissions.
--user-header TEXT         Header to read username from. [default: X-Forwarded-User]
--trusted-auth-proxy TEXT  Trusted proxy IP/CIDR allowed to supply --user-header.
--reload                   Auto-reload on code changes (dev only).
--ldap-config FILE         Path to LDAPGate YAML config to enable LDAP authentication.

WebDAV Mount Examples

Linux (DAVfs2):

sudo mount.davfs http://localhost:8989 /mnt/xwing -o username=<user>

macOS:

open http://localhost:8989
# Or mount: Finder → Go → Connect to Server → http://localhost:8989

Windows (native WebDAV):

net use Z: \\localhost@8989\DavWWWRoot /persistent:yes

Resumable Upload (Chunked)

For large files, use the chunked upload API:

# 1. Init session
curl -X POST http://localhost:8989/_upload/init \
  -H "Content-Type: application/json" \
  -d '{"filename": "big.iso", "total_chunks": 100, "dir": "/"}'

# 2. Upload each chunk
curl -X PUT http://localhost:8989/_upload/<session_id>/<chunk_index> \
  --data-binary @chunk.part

# 3. Complete
curl -X POST http://localhost:8989/_upload/<session_id>/complete

Chunk size and session limits are configurable via --max-chunk-mb, --max-chunks, and --session-ttl-minutes.

Access Control

Without --users-config, local/no-auth mode is read-only. When a users config is present, unlisted users are denied unless you configure the "*" fallback.

xwing serve --root /data --users-config users.yaml

users.yaml — compact format:

users:
  alice: rwd    # read + write + delete
  bob: rw       # read + write, no delete
  charlie: r    # read only
  "*": r        # fallback for any unlisted user (omit to deny unlisted users)

users.yaml — verbose format:

users:
  alice:
    read: true
    write: true
    delete: true

Verbose field defaults when omitted: read: true, write: false, delete: false. Values must be true or false.

Permission levels:

Flag Grants
r Browse directories, download files (GET, HEAD, PROPFIND)
w Upload files, create directories, copy (PUT, MKCOL, COPY)
d Delete and move files (DELETE, MOVE)

The config file is reloaded automatically when it changes on disk — no restart needed.

LDAP / Active Directory Authentication

X-wing supports two modes for LDAP/AD auth:

Mode 1 — Standalone proxy: Run LDAPGate as a reverse proxy in front of xwing. Authenticated requests get an X-Forwarded-User header that xwing reads only from trusted proxy IPs.

Browser → LDAPGate → xwing
ldapgate serve --config ldapgate.yaml
xwing serve --root /data --require-auth --users-config users.yaml --trusted-auth-proxy 127.0.0.1

Mode 2 — Built-in middleware: Inject LDAPGate directly into xwing as FastAPI middleware:

pip install 'xwing[ldap]'
xwing serve --root /data --ldap-config ldapgate.yaml --users-config users.yaml

Use ldapgate.yaml in this repository as the starting template for X-wing. See the LDAPGate README for config file documentation.

Audit log

LDAP-enabled and --require-auth deployments retain authenticated activity in ~/.local/share/xwing/audit.db by default. The log records the user, method, path, status, and timing. Text and JSON request input is retained up to 16 KiB; large or binary upload bodies are metadata-only. Set XWING_AUDIT_DB (or pass --audit-db) to choose another location.

xwing audit --user alice
xwing audit purge --older-than 90

Development

Requires uv.

git clone https://github.com/anudeepd/xwing
cd xwing
uv sync
uv run xwing serve --root .

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

xwing-0.3.11.tar.gz (592.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

xwing-0.3.11-py3-none-any.whl (581.3 kB view details)

Uploaded Python 3

File details

Details for the file xwing-0.3.11.tar.gz.

File metadata

  • Download URL: xwing-0.3.11.tar.gz
  • Upload date:
  • Size: 592.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.23 {"installer":{"name":"uv","version":"0.11.23","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for xwing-0.3.11.tar.gz
Algorithm Hash digest
SHA256 7d08a2cf6652e67612b885ec8ecd887ca9506b1b7d41f3f7ef0f6ab5fd798830
MD5 610c94768c5aa1ddc9845558c1bb287c
BLAKE2b-256 2364c815a5e6577a4a4b1693d4ead2323deb69003c16d9d3bd0b778204d0a0a5

See more details on using hashes here.

File details

Details for the file xwing-0.3.11-py3-none-any.whl.

File metadata

  • Download URL: xwing-0.3.11-py3-none-any.whl
  • Upload date:
  • Size: 581.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.23 {"installer":{"name":"uv","version":"0.11.23","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for xwing-0.3.11-py3-none-any.whl
Algorithm Hash digest
SHA256 637ad157c7f1283f1ac73cc28dd26b143d55ab0a2847fd590d0581f5837b569b
MD5 1f71c2c98b2328a78f5445f3140cc2f8
BLAKE2b-256 3d46af206b3af48f0b9095e1e7c7c90dc49583585523c8cdce4310eb2def187a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page