feat: add CalDAV source provider

Wire CalDavSourceProvider into the backend to support CalDAV
calendar sources (e.g. iCloud) with basic auth. Config accepts
serverUrl, username, lookAheadDays, and timeZone. Credentials
(app-specific password) are stored encrypted via the existing
credential storage infrastructure.

Co-authored-by: Ona <no-reply@ona.com>

apps/admin-dashboard/src/components/source-config-panel.tsx

@@ -20,13 +20,7 @@ import {
 import { Separator } from "@/components/ui/separator"
 import { Switch } from "@/components/ui/switch"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
-import {
-	fetchSourceConfig,
-	pushLocation,
-	replaceSource,
-	updateProviderConfig,
-	updateSourceCredentials,
-} from "@/lib/api"
+import { fetchSourceConfig, pushLocation, replaceSource, updateProviderConfig } from "@/lib/api"
 
 interface SourceConfigPanelProps {
 	source: SourceDefinition
@@ -89,11 +83,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 				(v) => typeof v === "string" && v.length > 0,
 			)
 			if (hasCredentials) {
-				if (source.perUserCredentials) {
-					promises.push(updateSourceCredentials(source.id, credentialFields))
-				} else {
-					promises.push(updateProviderConfig(source.id, { credentials: credentialFields }))
-				}
+				promises.push(updateProviderConfig(source.id, { credentials: credentialFields }))
 			}
 
 			await Promise.all(promises)

apps/admin-dashboard/src/lib/api.ts

@@ -23,8 +23,6 @@ export interface SourceDefinition {
 	name: string
 	description: string
 	alwaysEnabled?: boolean
-	/** When true, secret fields are stored as per-user credentials via /api/sources/:id/credentials. */
-	perUserCredentials?: boolean
 	fields: Record<string, ConfigFieldDef>
 }
 
@@ -80,44 +78,6 @@ const sourceDefinitions: SourceDefinition[] = [
 			},
 		},
 	},
-	{
-		id: "aelis.caldav",
-		name: "CalDAV",
-		description: "Calendar events from any CalDAV server (Nextcloud, Radicale, Baikal, etc.).",
-		perUserCredentials: true,
-		fields: {
-			serverUrl: {
-				type: "string",
-				label: "Server URL",
-				required: true,
-				secret: false,
-				description: "CalDAV server URL (e.g. https://nextcloud.example.com/remote.php/dav)",
-			},
-			username: {
-				type: "string",
-				label: "Username",
-				required: true,
-				secret: false,
-			},
-			password: {
-				type: "string",
-				label: "Password",
-				required: true,
-				secret: true,
-			},
-			lookAheadDays: {
-				type: "number",
-				label: "Look-ahead Days",
-				defaultValue: 0,
-				description: "Number of additional days beyond today to fetch events for",
-			},
-			timeZone: {
-				type: "string",
-				label: "Timezone",
-				description: "IANA timezone for determining \"today\" (e.g. Europe/London). Defaults to UTC.",
-			},
-		},
-	},
 	{
 		id: "aelis.tfl",
 		name: "TfL",
@@ -204,22 +164,6 @@ export async function updateProviderConfig(
 	}
 }
 
-export async function updateSourceCredentials(
-	sourceId: string,
-	credentials: Record<string, unknown>,
-): Promise<void> {
-	const res = await fetch(`${serverBase()}/sources/${sourceId}/credentials`, {
-		method: "PUT",
-		headers: { "Content-Type": "application/json" },
-		credentials: "include",
-		body: JSON.stringify(credentials),
-	})
-	if (!res.ok) {
-		const data = (await res.json()) as { error?: string }
-		throw new Error(data.error ?? `Failed to update credentials: ${res.status}`)
-	}
-}
-
 export interface LocationInput {
 	lat: number
 	lng: number