Lighttpd

I'm new enough to lighttpd and web servers in general so perhaps someone could tell me if I'm on the right track here.
I want to use lighttpd to perform in a similar fashion to Amazon S3 in that it allows HTTP GET PUT and DELETE to any user that supplies a valid query string which is issued by another server.

To that end, I'm using mod_fastcgi to perform the authorization step (using the authorizer mode) and downloads occur through mod_staticfile IFF the query string is correctly validated.

All good so far.

My question is how can I achieve similar behaviour for PUT (or POST) and DELETE operations. I have tried using mod_webdav for this but looking at the code reviews two issues:

a) webdav gets called before fastcgi

response.c:448 plugins_call_handle_physical - webdav gets called here
response.c:645 plugins_call_handle_subrequest_start - fastcgi gets called here

the logs (*see end of post) confirm this:

b) unlike mod_staticfile (since rev 2351) webdav does not check http_status before proceeding (i.e. it doesn't take into account the result of the fastcgi).

b) is easily fixable, but I'm not sure I'm on the right path here. Is this really the best way to get uploads (POST or PUT) to happen in an authenticated manner (http auth is not really an option btw)

I'm using lighty 1.4.20 compiled from source on linux 2.6 with the one line rev 2351 alteration in place.

I'd really appreciate some direction here !

cptBigglesworth

*logs:

Here's a GET request : (note I've added some debug output)
- you can see webdav gets called first

2009-02-12 15:45:40: (response.c.442) -- after doc_root
2009-02-12 15:45:40: (response.c.443) Doc-Root : /home/editout/www/
2009-02-12 15:45:40: (response.c.444) Rel-Path : /3_13139632_68338357_SLOT_4
2009-02-12 15:45:40: (response.c.445) Path : /home/editout/www/3_13139632_68338357_SLOT_4
2009-02-12 15:45:40: (mod_webdav.c.1225) handle subrequest
2009-02-12 15:45:40: (mod_webdav.c.1232) webdav reports http_status is 0
2009-02-12 15:45:40: (response.c.462) -- logical -> physical
2009-02-12 15:45:40: (response.c.463) Doc-Root : /home/editout/www/
2009-02-12 15:45:40: (response.c.464) Rel-Path : /3_13139632_68338357_SLOT_4
2009-02-12 15:45:40: (response.c.465) Path : /home/editout/www/3_13139632_68338357_SLOT_4
2009-02-12 15:45:40: (mod_fastcgi.c.3108) handle subrequest
2009-02-12 15:45:40: (mod_fastcgi.c.3108) handle subrequest
2009-02-12 15:45:40: (mod_fastcgi.c.3005) got proc: pid: 0 socket: tcp:127.0.0.1:10003 load: 1
2009-02-12 15:45:40: (mod_fastcgi.c.3108) handle subrequest
2009-02-12 15:45:40: (response.c.121) Response-Header:
HTTP/1.1 401 Unauthorized
Content-Length: 19
Date: Thu, 12 Feb 2009 15:45:40 GMT
Server: lighttpd/1.4.20

- you can see webdav gets called first and handles the request, presumably returning a HANDLER_FINISHED
- fastcgi cannot does influence webdav

2009-02-12 16:33:14: (response.c.255) URI-path : /3_13139632_68338357_SLOT_1
2009-02-12 16:33:14: (mod_access.c.135) -- mod_access_uri_handler called
2009-02-12 16:33:14: (mod_fastcgi.c.3612) handling it in mod_fastcgi
2009-02-12 16:33:14: (response.c.391) -- before doc_root
2009-02-12 16:33:14: (response.c.392) Doc-Root : /home/editout/www/
2009-02-12 16:33:14: (response.c.393) Rel-Path : /3_13139632_68338357_SLOT_1
2009-02-12 16:33:14: (response.c.394) Path :
2009-02-12 16:33:14: (response.c.442) -- after doc_root
2009-02-12 16:33:14: (response.c.443) Doc-Root : /home/editout/www/
2009-02-12 16:33:14: (response.c.444) Rel-Path : /3_13139632_68338357_SLOT_1
2009-02-12 16:33:14: (response.c.445) Path : /home/editout/www/3_13139632_68338357_SLOT_1
2009-02-12 16:33:14: (mod_webdav.c.1225) handle subrequest
2009-02-12 16:33:14: (mod_webdav.c.1232) webdav reports http_status is 0
2009-02-12 16:33:14: (response.c.121) Response-Header:
HTTP/1.1 201 Created
Content-Length: 0
Date: Thu, 12 Feb 2009 16:33:14 GMT
Server: lighttpd/1.4.20