Skip to main content

File sharing server with WebDAV support

Project description

X-wing

X-wing

A self-contained file sharing server with WebDAV support. Works out of the box or integrates with LDAPGate for corporate LDAP/AD authentication.

Features

  • WebDAV server — mount as a drive on Windows, macOS, and Linux using native WebDAV clients
  • Resumable uploads — chunked uploads with session recovery; supports large files (up to 10 GB by default)
  • Browser-based file browser — drag-and-drop upload, directory creation, zip download, file delete
  • In-browser text editor — CodeMirror-powered editor for common text and code file types
  • WebDAV COPY / MOVE — server-side file and directory copy/move via Destination header
  • Per-user access control — YAML config grants each user independent read, write, and delete permissions; reloaded at runtime without restart
  • Optional LDAP / AD authentication — via LDAPGate
  • Single self-contained wheel — no external CDN dependencies; fonts embedded as base64 WOFF2

Install

pip install xwing

For LDAP/AD authentication:

pip install 'xwing[ldap]'

Usage

xwing serve --root /path/to/serve

Opens the file browser at http://127.0.0.1:8989 and launches your default browser.

Options

--root PATH                Root directory to serve. [required]
--host TEXT                Bind host. [default: 127.0.0.1]
--port INTEGER             Bind port. [default: 8989]
--open / --no-open         Open browser on startup. [default: open]
--max-upload-gb FLOAT      Max upload size in GB. [default: 10]
--max-chunk-mb INTEGER     Max size per chunk in MB. [default: 100]
--max-chunks INTEGER       Max chunks per upload session. [default: 10000]
--session-ttl-minutes INT  Upload session expiry in minutes. [default: 60]
--require-auth             Require authentication header (403 if missing).
--users-config FILE        Path to YAML file with per-user permissions.
--user-header TEXT         Header to read username from. [default: X-Forwarded-User]
--trusted-auth-proxy TEXT  Trusted proxy IP/CIDR allowed to supply --user-header.
--reload                   Auto-reload on code changes (dev only).
--ldap-config FILE         Path to LDAPGate YAML config to enable LDAP authentication.

WebDAV Mount Examples

Linux (DAVfs2):

sudo mount.davfs http://localhost:8989 /mnt/xwing -o username=<user>

macOS:

open http://localhost:8989
# Or mount: Finder → Go → Connect to Server → http://localhost:8989

Windows (native WebDAV):

net use Z: \\localhost@8989\DavWWWRoot /persistent:yes

Resumable Upload (Chunked)

For large files, use the chunked upload API:

# 1. Init session
curl -X POST http://localhost:8989/_upload/init \
  -H "Content-Type: application/json" \
  -d '{"filename": "big.iso", "total_chunks": 100, "dir": "/"}'

# 2. Upload each chunk
curl -X PUT http://localhost:8989/_upload/<session_id>/<chunk_index> \
  --data-binary @chunk.part

# 3. Complete
curl -X POST http://localhost:8989/_upload/<session_id>/complete

Chunk size and session limits are configurable via --max-chunk-mb, --max-chunks, and --session-ttl-minutes.

Access Control

Without --users-config, local/no-auth mode is read-only. When a users config is present, unlisted users are denied unless you configure the "*" fallback.

xwing serve --root /data --users-config users.yaml

users.yaml — compact format:

users:
  alice: rwd    # read + write + delete
  bob: rw       # read + write, no delete
  charlie: r    # read only
  "*": r        # fallback for any unlisted user (omit to deny unlisted users)

users.yaml — verbose format:

users:
  alice:
    read: true
    write: true
    delete: true

Verbose field defaults when omitted: read: true, write: false, delete: false. Values must be true or false.

Permission levels:

Flag Grants
r Browse directories, download files (GET, HEAD, PROPFIND)
w Upload files, create directories, copy (PUT, MKCOL, COPY)
d Delete and move files (DELETE, MOVE)

The config file is reloaded automatically when it changes on disk — no restart needed.

LDAP / Active Directory Authentication

X-wing supports two modes for LDAP/AD auth:

Mode 1 — Standalone proxy: Run LDAPGate as a reverse proxy in front of xwing. Authenticated requests get an X-Forwarded-User header that xwing reads only from trusted proxy IPs.

Browser → LDAPGate → xwing
ldapgate serve --config ldapgate.yaml
xwing serve --root /data --require-auth --users-config users.yaml --trusted-auth-proxy 127.0.0.1

Mode 2 — Built-in middleware: Inject LDAPGate directly into xwing as FastAPI middleware:

pip install 'xwing[ldap]'
xwing serve --root /data --ldap-config ldapgate.yaml --users-config users.yaml

Use ldapgate.yaml in this repository as the starting template for X-wing. See the LDAPGate README for config file documentation.

Audit log

LDAP-enabled and --require-auth deployments retain authenticated activity in ~/.local/share/xwing/audit.db by default. The log records the user, method, path, status, and timing. Text and JSON request input is retained up to 16 KiB; large or binary upload bodies are metadata-only. Set XWING_AUDIT_DB (or pass --audit-db) to choose another location.

xwing audit --user alice
xwing audit purge --older-than 90

Development

Requires uv.

git clone https://github.com/anudeepd/xwing
cd xwing
uv sync
uv run xwing serve --root .

Frontend source lives in xwing/frontend/src; shipped browser assets are the bundled files under xwing/static/assets. Rebuild them after frontend changes:

cd scripts
npm install
npm run build:app

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

xwing-0.3.15.tar.gz (595.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

xwing-0.3.15-py3-none-any.whl (582.7 kB view details)

Uploaded Python 3

File details

Details for the file xwing-0.3.15.tar.gz.

File metadata

  • Download URL: xwing-0.3.15.tar.gz
  • Upload date:
  • Size: 595.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.23 {"installer":{"name":"uv","version":"0.11.23","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for xwing-0.3.15.tar.gz
Algorithm Hash digest
SHA256 144f332e34fe18df73ee7dfc425d44fe1e8133cb27aca5173e9880f4098c5615
MD5 c2765284a7210a5621bee586b6b6be14
BLAKE2b-256 e47d60223dc9ee408c36fc70875f9653bc82c1e64dbadb83610e24f1239f8bec

See more details on using hashes here.

File details

Details for the file xwing-0.3.15-py3-none-any.whl.

File metadata

  • Download URL: xwing-0.3.15-py3-none-any.whl
  • Upload date:
  • Size: 582.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.23 {"installer":{"name":"uv","version":"0.11.23","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for xwing-0.3.15-py3-none-any.whl
Algorithm Hash digest
SHA256 1411b102675e3d5284f2a05a8b31758e11721e0106327ea2a12cdcb878509c57
MD5 5de4a743687abbc7998ba5a175405d80
BLAKE2b-256 03a057fc70e4bf9b8f35f3b94f992c449486f05944999ff9be26ab75e013b1fd

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page