chore(release): version v0.15.1

empty folder got js error

close: #31

.dockerignore

@@ -0,0 +1,13 @@
+# Directories
+/.git/
+/.github/
+/target/
+/examples/
+/docs/
+/benches/
+/tmp/
+
+# Files
+.gitignore
+*.md
+LICENSE*

.github/workflows/release.yaml

@@ -6,8 +6,10 @@ on:
     - v[0-9]+.[0-9]+.[0-9]+*
 
 jobs:
-  all:
-    name: All
+  release:
+    name: Publish to Github Reelases
+    outputs:
+      rc: ${{ steps.check-tag.outputs.rc }}
 
     strategy:
       matrix:
@@ -123,4 +125,41 @@ jobs:
         files: ${{ steps.package.outputs.archive }}
         prerelease: ${{ steps.check-tag.outputs.rc == 'true' }}
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker:
+    name: Publish to Docker Hub
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ needs.release.outputs.rc == 'false' }}
+          tags: ${{ github.repository }}:latest, ${{ github.repository }}:${{ github.ref_name }}
+          
+  publish-crate:
+    name: Publish to crates.io
+    if: ${{ needs.release.outputs.rc == 'false' }}
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+      - name: Publish
+
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
+        run: cargo publish

CHANGELOG.md

@@ -0,0 +1,245 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.15.1] - 2022-06-11
+
+### Bug Fixes
+
+- Cannot upload ([#32](https://github.com/sigoden/duf/issues/32))
+
+## [0.15.0] - 2022-06-10
+
+### Bug Fixes
+
+- Encode webdav href as uri ([#28](https://github.com/sigoden/duf/issues/28))
+- Query dir param
+
+### Features
+
+- Add basic dark theme ([#29](https://github.com/sigoden/duf/issues/29))
+- Add empty state placeholder to page([#30](https://github.com/sigoden/duf/issues/30))
+
+## [0.14.0] - 2022-06-07
+
+### Bug Fixes
+
+- Send index page with content-type ([#26](https://github.com/sigoden/duf/issues/26))
+
+### Features
+
+- Support ipv6 ([#25](https://github.com/sigoden/duf/issues/25))
+- Add favicon ([#27](https://github.com/sigoden/duf/issues/27))
+
+## [0.13.2] - 2022-06-06
+
+### Bug Fixes
+
+- Filename xml escaping
+- Escape path-prefix/url-prefix different
+
+## [0.13.1] - 2022-06-05
+
+### Bug Fixes
+
+- Escape filename ([#21](https://github.com/sigoden/duf/issues/21))
+
+### Refactor
+
+- Use logger ([#22](https://github.com/sigoden/duf/issues/22))
+
+## [0.13.0] - 2022-06-05
+
+### Bug Fixes
+
+- Ctrl+c not exit sometimes
+
+### Features
+
+- Implement more webdav methods ([#13](https://github.com/sigoden/duf/issues/13))
+- Use digest auth ([#14](https://github.com/sigoden/duf/issues/14))
+- Add webdav proppatch handler ([#18](https://github.com/sigoden/duf/issues/18))
+
+## [0.12.1] - 2022-06-04
+
+### Features
+
+- Support webdav ([#10](https://github.com/sigoden/duf/issues/10))
+- Remove unzip uploaded feature ([#11](https://github.com/sigoden/duf/issues/11))
+
+## [0.11.0] - 2022-06-03
+
+### Features
+
+- Support gracefully shutdown server
+- Listen 0.0.0.0 by default
+
+## [0.10.1] - 2022-06-02
+
+### Bug Fixes
+
+- Panic when bind already used port
+
+## [0.10.0] - 2022-06-02
+
+### Bug Fixes
+
+- Remove unzip file even failed to unzip
+- Rename --no-auth-read to --no-auth-access
+- Broken ui
+
+### Documentation
+
+- Refactor readme
+
+### Features
+
+- Change auth logic/options
+- Improve ui
+
+### Refactor
+
+- Small improvement
+
+## [0.9.0] - 2022-06-02
+
+### Documentation
+
+- Improve readme
+
+### Features
+
+- Support path prefix
+- List all ifaces when listening 0.0.0.0
+- Support tls
+
+## [0.8.0] - 2022-06-01
+
+### Bug Fixes
+
+- Some typos
+- Caught 500 if no permission to access dir
+
+### Features
+
+- Cli add allow-symlink option
+- Add some headers to res
+- Support render-index/render-spa
+
+## [0.7.0] - 2022-05-31
+
+### Bug Fixes
+
+- Downloaded zip file has no.zip ext in firefox
+- Unzip override existed file in uploadonly mode
+- Miss file 500
+- Not found dir when allow_upload is false
+
+### Features
+
+- Drag and drop uploads, upload folder
+
+## [0.6.0] - 2022-05-31
+
+### Features
+
+- Delete confirm
+- Distinct upload and delete operation
+- Support range requests
+
+### Refactor
+
+- Improve code quality
+
+## [0.5.0] - 2022-05-30
+
+### Features
+
+- Add mime and cache headers to response
+- Add no-auth-read options
+- Unzip zip file when unload
+
+## [0.4.0] - 2022-05-29
+
+### Features
+
+- Replace --static option to --no-edit
+- Add cors
+
+## [0.3.0] - 2022-05-29
+
+### Documentation
+
+- Update readme demo png
+
+### Features
+
+- Automatically create dir while uploading
+- Support searching
+
+### Refactor
+
+- Handler zip
+
+### Styling
+
+- Optimize css
+
+## [0.2.1] - 2022-05-28
+
+### Bug Fixes
+
+- Cannot upload in root
+- Optimize download zip
+
+### Documentation
+
+- Improve readme
+
+### Features
+
+- Aware RUST_LOG
+
+## [0.2.0] - 2022-05-28
+
+### Documentation
+
+- Update demo png
+- Improve readme
+
+### Features
+
+- Add logger
+- Download folder as zip file
+
+## [0.1.0] - 2022-05-26
+
+### Bug Fixes
+
+- Caught server error when symlink broken
+
+### Documentation
+
+- Improve readme
+- Update readme
+
+### Features
+
+- Add basic auth and readonly mode
+- Support delete operation
+- Remove parent path
+
+### Styling
+
+- Cargo fmt
+- Update index page
+
+### Build
+
+- Remove dev deps
+
+### Ci
+
+- Init ci
+
+<!-- generated by git-cliff -->

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "duf"
-version = "0.1.0"
+version = "0.15.1"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Duf is a simple file server."
@@ -9,18 +9,35 @@ homepage = "https://github.com/sigoden/duf"
 repository = "https://github.com/sigoden/duf"
 autotests = false
 categories = ["command-line-utilities", "web-programming::http-server"]
-keywords = ["static", "file", "server", "upload", "http", "cli"]
+keywords = ["static", "file", "server", "webdav", "cli"]
 
 [dependencies]
 clap = { version = "3", default-features = false, features = ["std", "cargo"] }
-tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util"]}
+chrono = "0.4"
+tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
+tokio-rustls = "0.23"
+tokio-stream = { version = "0.1", features = ["net"] }
+tokio-util = { version = "0.7",  features = ["codec", "io-util"] }
 hyper = { version = "0.14", features = ["http1", "server", "tcp", "stream"] }
 percent-encoding = "2.1"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-tokio-util = { version = "0.7", features = ["codec", "io-util"] }
 futures = "0.3"
-base64 = "0.13.0"
+base64 = "0.13"
+async_zip = "0.0.7"
+async-walkdir = "0.2.0"
+headers = "0.3.7"
+mime_guess = "2.0.4"
+get_if_addrs = "0.5.3"
+rustls = { version = "0.20", default-features = false, features = ["tls12"] }
+rustls-pemfile = "1"
+md5 = "0.7.0"
+lazy_static = "1.4.0"
+uuid = { version = "1.1.1", features = ["v4", "fast-rng"] }
+urlencoding = "2.1.0"
+xml-rs = "0.8"
+env_logger = { version = "0.9.0", default-features = false, features = ["humantime"] }
+log = "0.4.17"
 
 [profile.release]
 lto = true

Dockerfile

@@ -0,0 +1,10 @@
+FROM rust:1.61 as builder
+RUN rustup target add x86_64-unknown-linux-musl
+RUN apt-get update && apt-get install --no-install-recommends -y musl-tools
+WORKDIR /app
+COPY . .
+RUN cargo build --target x86_64-unknown-linux-musl --release
+
+FROM scratch
+COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/duf /bin/
+ENTRYPOINT ["/bin/duf"]

README.md

@@ -3,15 +3,20 @@
 [![CI](https://github.com/sigoden/duf/actions/workflows/ci.yaml/badge.svg)](https://github.com/sigoden/duf/actions/workflows/ci.yaml)
 [![Crates](https://img.shields.io/crates/v/duf.svg)](https://crates.io/crates/duf)
 
-Duf is a simple file server.
+Duf is a simple file server. Support static serve, search, upload, webdav...
 
-![demo](https://user-images.githubusercontent.com/4012553/170497689-02aa836d-b49e-4dbb-a98b-37db2d5e9e13.png)
+![demo](https://user-images.githubusercontent.com/4012553/171526189-09afc2de-793f-4216-b3d5-31ea408d3610.png)
 
 ## Features
 
 - Serve static files
-- Upload/Delete files
-- Support basic auth
+- Download folder as zip file
+- Upload files and folders (Drag & Drop)
+- Search files
+- Partial responses (Parallel/Resume download)
+- Authentication
+- Support https
+- Support webdav
 - Easy to use with curl
 
 ## Install
@@ -22,11 +27,47 @@ Duf is a simple file server.
 cargo install duf
 ```
 
+### With docker
+
+```
+docker run -v /tmp:/tmp -p 5000:5000 --rm -it docker.io/sigoden/duf /tmp
+```
+
 ### Binaries on macOS, Linux, Windows
 
 Download from [Github Releases](https://github.com/sigoden/duf/releases), unzip and add duf to your $PATH.
 
-## Usage
+## CLI
+
+```
+Duf is a simple file server.
+
+USAGE:
+    duf [OPTIONS] [path]
+
+ARGS:
+    <path>    Path to a root directory for serving files [default: .]
+
+OPTIONS:
+    -a, --auth <user:pass>      Use HTTP authentication
+        --no-auth-access        Not required auth when access static files
+    -A, --allow-all             Allow all operations
+        --allow-delete          Allow delete files/folders
+        --allow-symlink         Allow symlink to files/folders outside root directory
+        --allow-upload          Allow upload files/folders
+    -b, --bind <address>        Specify bind address [default: 0.0.0.0]
+        --cors                  Enable CORS, sets `Access-Control-Allow-Origin: *`
+    -h, --help                  Print help information
+    -p, --port <port>           Specify port to listen on [default: 5000]
+        --path-prefix <path>    Specify an url path prefix
+        --render-index          Render index.html when requesting a directory
+        --render-spa            Render for single-page application
+        --tls-cert <path>       Path to an SSL/TLS certificate to serve with HTTPS
+        --tls-key <path>        Path to the SSL/TLS certificate's private key
+    -V, --version               Print version information
+```
+
+## Examples
 
 You can run this command to start serving your current working directory on 127.0.0.1:5000 by default.
 
@@ -34,23 +75,47 @@ You can run this command to start serving your current working directory on 127.
 duf
 ```
 
-...or specify which folder you want to serve:
+...or specify which folder you want to serve.
 
 ```
 duf folder_name
 ```
 
-Finally, run this command to see a list of all available option
+Allow all operations such as upload, delete
 
+```sh
+duf --allow-all
+```
 
+Only allow upload operation
 
-## Curl
+```
+duf --allow-upload
+```
+
+Serve a single page application (SPA)
+
+```
+duf --render-spa
+```
+
+Use https
+
+```
+duf --tls-cert my.crt --tls-key my.key
+```
+
+## API
 
 Download a file
 ```
 curl http://127.0.0.1:5000/some-file
+```
 
-curl -o some-file.zip http://127.0.0.1:5000/some-file.zip
+Download a folder as zip file
+
+```
+curl -o some-folder.zip http://127.0.0.1:5000/some-folder?zip
 ```
 
 Upload a file

assets/index.css

@@ -0,0 +1,216 @@
+html {
+  font-family: -apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif;
+  line-height: 1.5;
+  color: #24292e;
+}
+
+body {
+  width: 700px;
+}
+
+.hidden {
+  display: none;
+}
+
+.head {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: center;
+  padding: 1em 1em 0;
+}
+
+.breadcrumb {
+  font-size: 1.25em;
+}
+
+.breadcrumb > a {
+  color: #0366d6;
+  text-decoration: none;
+}
+
+.breadcrumb > a:hover {
+  text-decoration: underline;
+}
+
+/* final breadcrumb */
+.breadcrumb > b {
+  color: #24292e;
+}
+
+.breadcrumb > .separator {
+  color: #586069;
+  padding: 0 0.25em;
+}
+
+.breadcrumb svg {
+  height: 100%;
+  fill: rgba(3,47,98,0.5);
+  padding-right: 0.5em;
+  padding-left: 0.5em;
+}
+
+.toolbox {
+  display: flex;
+}
+
+.searchbar {
+  display: flex;
+  flex-wrap: nowrap;
+  width: 246px;
+  height: 22px;
+  background-color: #fafafa;
+  transition: all .15s;
+  border: 1px #ddd solid;
+  border-radius: 15px;
+  margin: 0 0 2px 10px;
+}
+
+.searchbar #search {
+  box-sizing: border-box;
+  width: 100%;
+  height: 100%;
+  font-size: 16px;
+  line-height: 16px;
+  padding: 1px;
+  font-family: helvetica neue,luxi sans,Tahoma,hiragino sans gb,STHeiti,sans-serif;
+  background-color: transparent;
+  border: none;
+  outline: none;
+}
+
+.searchbar .icon {
+  color: #9a9a9a;
+  padding: 3px 3px;
+  cursor: pointer;
+}
+
+.upload-control {
+  cursor: pointer;
+  padding-left: 0.25em;
+}
+
+.upload-control input {
+  display: none;
+}
+
+.main {
+  padding: 0 1em;
+}
+
+.empty-folder {
+  padding-top: 1rem;
+  font-style: italic;
+}
+
+.uploaders-table th,
+.paths-table th {
+  text-align: left;
+  font-weight: unset;
+  color: #5c5c5c;
+  white-space: nowrap;
+}
+
+.uploaders-table td,
+.paths-table td {
+  white-space: nowrap;
+}
+
+.uploaders-table .cell-name,
+.paths-table .cell-name {
+  width: 500px;
+}
+
+.uploaders-table .cell-status {
+  width: 80px;
+  padding-left: 0.6em;
+}
+
+.paths-table .cell-actions {
+  width: 60px;
+  display: flex;
+  padding-left: 0.6em;
+}
+
+.paths-table .cell-mtime {
+  width: 120px;
+  padding-left: 0.6em;
+}
+
+.paths-table .cell-size {
+  text-align: right;
+  width: 70px;
+  padding-left: 0.6em;
+}
+
+
+.path svg {
+  height: 100%;
+  fill: rgba(3,47,98,0.5);
+  padding-right: 0.5em;
+}
+
+.path {
+  display: flex;
+  list-style: none;
+}
+
+.path a {
+  color: #0366d6;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  overflow: hidden;
+  display: block;
+  text-decoration: none;
+}
+
+.path a:hover {
+  text-decoration: underline;
+}
+
+.action-btn {
+  padding-left: 0.4em;
+}
+
+.uploaders-table {
+  padding: 0.5em 0;
+}
+
+.uploader {
+  padding-right: 1em;
+}
+
+/* dark theme */
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #000;
+  }
+
+  html,
+  .breadcrumb>b,
+  .searchbar #search {
+    color: #fff;
+  }
+
+  .uploaders-table th,
+  .paths-table th {
+    color: #ddd;
+  }
+
+  svg,
+  .path svg {
+    fill: #d0e6ff;
+  }
+
+  .searchbar {
+    background-color: #111;
+    border-color: #fff6;
+  }
+
+  .searchbar svg {
+    fill: #fff6;
+  }
+
+  .path a {
+    color: #3191ff;
+  }
+} 

assets/index.html

@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width" />
+  __SLOT__
+</head>
+<body>
+  <div class="head">
+    <div class="breadcrumb"></div>
+    <div class="toolbox">
+      <div>
+        <a href="?zip" title="Download folder as a .zip file">
+          <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>
+        </a>
+      </div>
+      <div class="upload-control hidden" title="Upload files">
+        <label for="file">
+          <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 1.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1-.708.708L8.5 2.707V11.5a.5.5 0 0 1-1 0V2.707L5.354 4.854a.5.5 0 1 1-.708-.708l3-3z"/></svg>
+        </label>
+        <input type="file" id="file" name="file" multiple>
+      </div>
+    </div>
+    <form class="searchbar">
+      <div class="icon">
+        <svg width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z"/></svg>
+      </div>
+      <input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
+      <input type="submit" hidden />
+    </form>
+  </div>
+  <div class="main">
+    <div class="empty-folder hidden"></div>
+    <table class="uploaders-table hidden">
+      <thead>
+        <tr>
+          <th class="cell-name">Name</th>
+          <th class="cell-status">Status</th>
+        </tr>
+      </thead>
+    </table>
+    <table class="paths-table hidden">
+      <thead>
+        <tr>
+          <th class="cell-name">Name</th>
+          <th class="cell-mtime">Date modify</th>
+          <th class="cell-size">Size</th>
+          <th class="cell-actions">Actions</th>
+        </tr>
+      </thead>
+      <tbody>
+      </tbody>
+    </table>
+  </div>
+  <script>
+    window.addEventListener("DOMContentLoaded", ready);
+  </script>
+</body>
+</html>

assets/index.js

@@ -0,0 +1,328 @@
+/**
+ * @typedef {object} PathItem
+ * @property {"Dir"|"SymlinkDir"|"File"|"SymlinkFile"} path_type
+ * @property {boolean} is_symlink
+ * @property {string} name
+ * @property {number} mtime
+ * @property {number} size
+ */
+
+// https://stackoverflow.com/a/901144/3642588
+const params = new Proxy(new URLSearchParams(window.location.search), {
+  get: (searchParams, prop) => searchParams.get(prop),
+});
+
+const dirEmptyNote = params.q ? 'No results' : DATA.dir_exists ? 'Empty folder' : 'Folder will be created when a file is uploaded';
+
+/**
+ * @type Element
+ */
+let $pathsTable;
+/**
+ * @type Element
+ */
+let $pathsTableBody;
+/**
+ * @type Element
+ */
+let $uploadersTable;
+/**
+ * @type Element
+ */
+let $emptyFolder;
+/**
+ * @type string
+ */
+let baseDir;
+
+class Uploader {
+  /**
+   * @type number
+   */
+  idx;
+  /**
+   * @type File
+   */
+  file;
+  /**
+   * @type string
+   */
+  name;
+  /**
+   * @type Element
+   */
+  $uploadStatus;
+  static globalIdx = 0;
+  constructor(file, dirs) {
+    this.name = [...dirs, file.name].join("/");
+    this.idx = Uploader.globalIdx++;
+    this.file = file;
+  }
+
+  upload() {
+    const { file, idx, name } = this;
+    let url = getUrl(name);
+    $uploadersTable.insertAdjacentHTML("beforeend", `
+  <tr id="upload${idx}" class="uploader">
+    <td class="path cell-name">
+      <div>${getSvg("File")}</div>
+      <a href="${url}">${name}</a>
+    </td>
+    <td class="cell-status" id="uploadStatus${idx}"></td>
+  </tr>`);
+    $uploadersTable.classList.remove("hidden");
+    $emptyFolder.classList.add("hidden");
+    this.$uploadStatus = document.getElementById(`uploadStatus${idx}`);
+
+    const ajax = new XMLHttpRequest();
+    ajax.upload.addEventListener("progress", e => this.progress(e), false);
+    ajax.addEventListener("readystatechange", () => {
+      if(ajax.readyState === 4) {
+        if (ajax.status >= 200 && ajax.status < 300) {
+          this.complete();
+        } else {
+          this.fail();
+        }
+      }
+    })
+    ajax.addEventListener("error", () => this.fail(), false);
+    ajax.addEventListener("abort", () => this.fail(), false);
+    ajax.open("PUT", url);
+    ajax.send(file);
+  }
+
+  progress(event) {
+    const percent = (event.loaded / event.total) * 100;
+    this.$uploadStatus.innerHTML = `${percent.toFixed(2)}%`;
+  }
+
+  complete() {
+    this.$uploadStatus.innerHTML = `✓`;
+  }
+
+  fail() {
+    this.$uploadStatus.innerHTML = `✗`;
+  }
+}
+
+/**
+ * Add breadcrumb
+ * @param {string} value 
+ */
+function addBreadcrumb(value) {
+  const $breadcrumb = document.querySelector(".breadcrumb");
+  const parts = value.split("/").filter(v => !!v);
+  const len = parts.length;
+  let path = "";
+  for (let i = 0; i < len; i++) {
+    const name = parts[i];
+    if (i > 0) {
+      path  += "/" + name;
+    }
+    if (i === len - 1) {
+      $breadcrumb.insertAdjacentHTML("beforeend", `<b>${name}</b>`);
+      baseDir = name;
+    } else if (i === 0) {
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="/"><b>${name}</b></a>`);
+    } else {
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${encodeURI(path)}">${name}</a>`);
+    }
+    $breadcrumb.insertAdjacentHTML("beforeend", `<span class="separator">/</span>`);
+  }
+}
+
+/**
+ * Add pathitem
+ * @param {PathItem} file 
+ * @param {number} index 
+ */
+function addPath(file, index) {
+  const url = getUrl(file.name)
+  let actionDelete = "";
+  let actionDownload = "";
+  if (file.path_type.endsWith("Dir")) {
+    actionDownload = `
+    <div class="action-btn">
+      <a href="${url}?zip" title="Download folder as a .zip file">
+        <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>
+      </a>
+    </div>`;
+  } else {
+    actionDownload = `
+    <div class="action-btn" >
+      <a href="${url}" title="Download file" download>
+        <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>
+      </a>
+    </div>`;
+  }
+  if (DATA.allow_delete) {
+    actionDelete = `
+    <div onclick="deletePath(${index})" class="action-btn" id="deleteBtn${index}" title="Delete ${file.name}">
+      <svg width="16" height="16" fill="currentColor"viewBox="0 0 16 16"><path d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z"/><path d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z"/></svg>
+    </div>`;
+  }
+  let actionCell = `
+  <td class="cell-actions">
+    ${actionDownload}
+    ${actionDelete}
+  </td>`
+
+  $pathsTableBody.insertAdjacentHTML("beforeend", `
+<tr id="addPath${index}">
+  <td class="path cell-name">
+    <div>${getSvg(file.path_type)}</div>
+    <a href="${url}" title="${file.name}">${file.name}</a>
+  </td>
+  <td class="cell-mtime">${formatMtime(file.mtime)}</td>
+  <td class="cell-size">${formatSize(file.size)}</td>
+  ${actionCell}
+</tr>`)
+}
+
+/**
+ * Delete pathitem
+ * @param {number} index 
+ * @returns 
+ */
+async function deletePath(index) {
+  const file = DATA.paths[index];
+  if (!file) return;
+
+  if (!confirm(`Delete \`${file.name}\`?`)) return;
+
+  try {
+    const res = await fetch(getUrl(file.name), {
+      method: "DELETE",
+    });
+    if (res.status >= 200 && res.status < 300) {
+        document.getElementById(`addPath${index}`).remove();
+        DATA.paths[index] = null;
+        if (!DATA.paths.find(v => !!v)) {
+          $pathsTable.classList.add("hidden");
+          $emptyFolder.textContent = dirEmptyNote;
+          $emptyFolder.classList.remove("hidden");
+        }
+    } else {
+      throw new Error(await res.text())
+    }
+  } catch (err) {
+    alert(`Cannot delete \`${file.name}\`, ${err.message}`);
+  }
+}
+
+function dropzone() {
+    ["drag", "dragstart", "dragend", "dragover", "dragenter", "dragleave", "drop"].forEach(name => {
+      document.addEventListener(name, e => {
+          e.preventDefault();
+          e.stopPropagation();
+      });
+    });
+    document.addEventListener("drop", e => {
+      if (!e.dataTransfer.items[0].webkitGetAsEntry) {
+        const files = e.dataTransfer.files.filter(v => v.size > 0);
+        for (const file of files) {
+          new Uploader(file, []).upload();
+        }
+      } else {
+        const entries = [];
+        const len = e.dataTransfer.items.length;
+        for (let i = 0; i < len; i++) {
+          entries.push(e.dataTransfer.items[i].webkitGetAsEntry());
+        }
+        addFileEntries(entries, [])
+      }
+    });
+}
+
+async function addFileEntries(entries, dirs) {
+  for (const entry of entries) {
+    if (entry.isFile) {
+      entry.file(file => {
+        new Uploader(file, dirs).upload();
+      });
+    } else if (entry.isDirectory) {
+      const dirReader = entry.createReader()
+      dirReader.readEntries(entries => addFileEntries(entries, [...dirs, entry.name]));
+    }
+  }
+}
+
+
+function getUrl(name) {
+    let url = location.href.split('?')[0];
+    if (!url.endsWith("/")) url += "/";
+    url += encodeURI(name);
+    return url;
+}
+
+function getSvg(path_type) {
+  switch (path_type) {
+    case "Dir":
+      return `<svg height="16" viewBox="0 0 14 16" width="14"><path fill-rule="evenodd" d="M13 4H7V3c0-.66-.31-1-1-1H1c-.55 0-1 .45-1 1v10c0 .55.45 1 1 1h12c.55 0 1-.45 1-1V5c0-.55-.45-1-1-1zM6 4H1V3h5v1z"></path></svg>`;
+    case "File":
+      return `<svg height="16" viewBox="0 0 12 16" width="12"><path fill-rule="evenodd" d="M6 5H2V4h4v1zM2 8h7V7H2v1zm0 2h7V9H2v1zm0 2h7v-1H2v1zm10-7.5V14c0 .55-.45 1-1 1H1c-.55 0-1-.45-1-1V2c0-.55.45-1 1-1h7.5L12 4.5zM11 5L8 2H1v12h10V5z"></path></svg>`;
+    case "SymlinkDir":
+      return `<svg height="16" viewBox="0 0 14 16" width="14"><path fill-rule="evenodd" d="M13 4H7V3c0-.66-.31-1-1-1H1c-.55 0-1 .45-1 1v10c0 .55.45 1 1 1h12c.55 0 1-.45 1-1V5c0-.55-.45-1-1-1zM1 3h5v1H1V3zm6 9v-2c-.98-.02-1.84.22-2.55.7-.71.48-1.19 1.25-1.45 2.3.02-1.64.39-2.88 1.13-3.73C4.86 8.43 5.82 8 7.01 8V6l4 3-4 3H7z"></path></svg>`;
+    default:
+      return `<svg height="16" viewBox="0 0 12 16" width="12"><path fill-rule="evenodd" d="M8.5 1H1c-.55 0-1 .45-1 1v12c0 .55.45 1 1 1h10c.55 0 1-.45 1-1V4.5L8.5 1zM11 14H1V2h7l3 3v9zM6 4.5l4 3-4 3v-2c-.98-.02-1.84.22-2.55.7-.71.48-1.19 1.25-1.45 2.3.02-1.64.39-2.88 1.13-3.73.73-.84 1.69-1.27 2.88-1.27v-2H6z"></path></svg>`;
+  }
+}
+
+function formatMtime(mtime) {
+  if (!mtime) return ""
+  const date = new Date(mtime);
+  const year = date.getFullYear();
+  const month = padZero(date.getMonth() + 1, 2);
+  const day = padZero(date.getDate(), 2);
+  const hours = padZero(date.getHours(), 2);
+  const minutes = padZero(date.getMinutes(), 2);
+  return `${year}/${month}/${day} ${hours}:${minutes}`;
+}
+
+function padZero(value, size) {
+  return ("0".repeat(size) + value).slice(-1 * size)
+}
+
+function formatSize(size) {
+  if (!size) return ""
+  const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
+  if (size == 0) return '0 Byte';
+  const i = parseInt(Math.floor(Math.log(size) / Math.log(1024)));
+  return Math.round(size / Math.pow(1024, i), 2) + ' ' + sizes[i];
+}
+
+function ready() {
+  $pathsTable = document.querySelector(".paths-table")
+  $pathsTableBody = document.querySelector(".paths-table tbody");
+  $uploadersTable = document.querySelector(".uploaders-table");
+  $emptyFolder = document.querySelector(".empty-folder");
+
+  if (params.q) {
+    document.getElementById('search').value = params.q;
+  }
+
+  addBreadcrumb(DATA.breadcrumb);
+  if (Array.isArray(DATA.paths)) {
+    const len = DATA.paths.length;
+    if (len > 0) {
+      $pathsTable.classList.remove("hidden");
+    }
+    for (let i = 0; i < len; i++) {
+      addPath(DATA.paths[i], i);
+    }
+    if (len == 0) {
+      $emptyFolder.textContent = dirEmptyNote;
+      $emptyFolder.classList.remove("hidden");
+    }
+  }
+  if (DATA.allow_upload) {
+    dropzone();
+    document.querySelector(".upload-control").classList.remove("hidden");
+    document.getElementById("file").addEventListener("change", e => {
+      const files = e.target.files;
+      for (let file of files) {
+        new Uploader(file, []).upload();
+      }
+    });
+  }
+}

src/args.rs

@@ -1,52 +1,108 @@
 use clap::crate_description;
 use clap::{Arg, ArgMatches};
-use std::env;
-use std::fs::canonicalize;
-use std::net::SocketAddr;
+use rustls::{Certificate, PrivateKey};
+use std::net::{IpAddr, SocketAddr};
 use std::path::{Path, PathBuf};
+use std::{env, fs, io};
 
+use crate::auth::parse_auth;
 use crate::BoxResult;
 
 const ABOUT: &str = concat!("\n", crate_description!()); // Add extra newline.
 
 fn app() -> clap::Command<'static> {
-    let arg_port = Arg::new("port")
-        .short('p')
-        .long("port")
-        .default_value("5000")
-        .help("Specify port to listen on")
-        .value_name("port");
-
-    let arg_address = Arg::new("address")
-        .short('b')
-        .long("bind")
-        .default_value("127.0.0.1")
-        .help("Specify bind address")
-        .value_name("address");
-
-    let arg_path = Arg::new("path")
-        .default_value(".")
-        .allow_invalid_utf8(true)
-        .help("Path to a directory for serving files");
-
-    let arg_readonly = Arg::new("readonly")
-        .short('r')
-        .long("readonly")
-        .help("Only serve static files, no operations like upload and delete");
-
-    let arg_auth = Arg::new("auth")
-        .short('a')
-        .long("auth")
-        .help("Authenticate with user and pass")
-        .value_name("user:pass");
-
     clap::command!()
         .about(ABOUT)
-        .arg(arg_address)
-        .arg(arg_port)
-        .arg(arg_path)
-        .arg(arg_readonly)
-        .arg(arg_auth)
+        .arg(
+            Arg::new("address")
+                .short('b')
+                .long("bind")
+                .default_value("0.0.0.0")
+                .help("Specify bind address")
+                .value_name("address"),
+        )
+        .arg(
+            Arg::new("port")
+                .short('p')
+                .long("port")
+                .default_value("5000")
+                .help("Specify port to listen on")
+                .value_name("port"),
+        )
+        .arg(
+            Arg::new("path")
+                .default_value(".")
+                .allow_invalid_utf8(true)
+                .help("Path to a root directory for serving files"),
+        )
+        .arg(
+            Arg::new("path-prefix")
+                .long("path-prefix")
+                .value_name("path")
+                .help("Specify an url path prefix"),
+        )
+        .arg(
+            Arg::new("allow-all")
+                .short('A')
+                .long("allow-all")
+                .help("Allow all operations"),
+        )
+        .arg(
+            Arg::new("allow-upload")
+                .long("allow-upload")
+                .help("Allow upload files/folders"),
+        )
+        .arg(
+            Arg::new("allow-delete")
+                .long("allow-delete")
+                .help("Allow delete files/folders"),
+        )
+        .arg(
+            Arg::new("allow-symlink")
+                .long("allow-symlink")
+                .help("Allow symlink to files/folders outside root directory"),
+        )
+        .arg(
+            Arg::new("render-index")
+                .long("render-index")
+                .help("Render index.html when requesting a directory"),
+        )
+        .arg(
+            Arg::new("render-spa")
+                .long("render-spa")
+                .help("Render for single-page application"),
+        )
+        .arg(
+            Arg::new("auth")
+                .short('a')
+                .display_order(1)
+                .long("auth")
+                .help("Use HTTP authentication")
+                .value_name("user:pass"),
+        )
+        .arg(
+            Arg::new("no-auth-access")
+                .display_order(1)
+                .long("no-auth-access")
+                .help("Not required auth when access static files"),
+        )
+        .arg(
+            Arg::new("cors")
+                .long("cors")
+                .help("Enable CORS, sets `Access-Control-Allow-Origin: *`"),
+        )
+        .arg(
+            Arg::new("tls-cert")
+                .long("tls-cert")
+                .value_name("path")
+                .help("Path to an SSL/TLS certificate to serve with HTTPS"),
+        )
+        .arg(
+            Arg::new("tls-key")
+                .long("tls-key")
+                .value_name("path")
+                .help("Path to the SSL/TLS certificate's private key"),
+        )
 }
 
 pub fn matches() -> ArgMatches {
@@ -55,11 +111,19 @@ pub fn matches() -> ArgMatches {
 
 #[derive(Debug, Clone, Eq, PartialEq)]
 pub struct Args {
-    pub address: String,
-    pub port: u16,
+    pub addr: SocketAddr,
     pub path: PathBuf,
-    pub readonly: bool,
-    pub auth: Option<String>,
+    pub path_prefix: String,
+    pub uri_prefix: String,
+    pub auth: Option<(String, String)>,
+    pub no_auth_access: bool,
+    pub allow_upload: bool,
+    pub allow_delete: bool,
+    pub allow_symlink: bool,
+    pub render_index: bool,
+    pub render_spa: bool,
+    pub cors: bool,
+    pub tls: Option<(Vec<Certificate>, PrivateKey)>,
 }
 
 impl Args {
@@ -68,19 +132,53 @@ impl Args {
     /// If a parsing error ocurred, exit the process and print out informative
     /// error message to user.
     pub fn parse(matches: ArgMatches) -> BoxResult<Args> {
-        let address = matches.value_of("address").unwrap_or_default().to_owned();
+        let ip = matches.value_of("address").unwrap_or_default();
         let port = matches.value_of_t::<u16>("port")?;
-        let path = matches.value_of_os("path").unwrap_or_default();
-        let path = Args::parse_path(path)?;
-        let readonly = matches.is_present("readonly");
-        let auth = matches.value_of("auth").map(|v| v.to_owned());
+        let addr = to_addr(ip, port)?;
+        let path = Args::parse_path(matches.value_of_os("path").unwrap_or_default())?;
+        let path_prefix = matches
+            .value_of("path-prefix")
+            .map(|v| v.trim_matches('/').to_owned())
+            .unwrap_or_default();
+        let uri_prefix = if path_prefix.is_empty() {
+            "/".to_owned()
+        } else {
+            format!("/{}/", &path_prefix)
+        };
+        let cors = matches.is_present("cors");
+        let auth = match matches.value_of("auth") {
+            Some(auth) => Some(parse_auth(auth)?),
+            None => None,
+        };
+        let no_auth_access = matches.is_present("no-auth-access");
+        let allow_upload = matches.is_present("allow-all") || matches.is_present("allow-upload");
+        let allow_delete = matches.is_present("allow-all") || matches.is_present("allow-delete");
+        let allow_symlink = matches.is_present("allow-all") || matches.is_present("allow-symlink");
+        let render_index = matches.is_present("render-index");
+        let render_spa = matches.is_present("render-spa");
+        let tls = match (matches.value_of("tls-cert"), matches.value_of("tls-key")) {
+            (Some(certs_file), Some(key_file)) => {
+                let certs = load_certs(certs_file)?;
+                let key = load_private_key(key_file)?;
+                Some((certs, key))
+            }
+            _ => None,
+        };
 
         Ok(Args {
-            address,
-            port,
+            addr,
             path,
-            readonly,
+            path_prefix,
+            uri_prefix,
             auth,
+            no_auth_access,
+            cors,
+            allow_delete,
+            allow_upload,
+            allow_symlink,
+            render_index,
+            render_spa,
+            tls,
         })
     }
 
@@ -88,34 +186,51 @@ impl Args {
     fn parse_path<P: AsRef<Path>>(path: P) -> BoxResult<PathBuf> {
         let path = path.as_ref();
         if !path.exists() {
-            bail!("error: path \"{}\" doesn't exist", path.display());
+            return Err(format!("Path `{}` doesn't exist", path.display()).into());
         }
 
         env::current_dir()
             .and_then(|mut p| {
                 p.push(path); // If path is absolute, it replaces the current path.
-                canonicalize(p)
-            })
-            .or_else(|err| {
-                bail!(
-                    "error: failed to access path \"{}\": {}",
-                    path.display(),
-                    err,
-                )
-            })
-    }
-
-    /// Construct socket address from arguments.
-    pub fn address(&self) -> BoxResult<SocketAddr> {
-        format!("{}:{}", self.address, self.port)
-            .parse()
-            .or_else(|err| {
-                bail!(
-                    "error: invalid address {}:{} : {}",
-                    self.address,
-                    self.port,
-                    err,
-                )
+                std::fs::canonicalize(p)
             })
+            .map_err(|err| format!("Failed to access path `{}`: {}", path.display(), err,).into())
     }
 }
+
+fn to_addr(ip: &str, port: u16) -> BoxResult<SocketAddr> {
+    let ip: IpAddr = ip.parse()?;
+    Ok(SocketAddr::new(ip, port))
+}
+
+// Load public certificate from file.
+fn load_certs(filename: &str) -> BoxResult<Vec<Certificate>> {
+    // Open certificate file.
+    let certfile =
+        fs::File::open(&filename).map_err(|e| format!("Failed to open {}: {}", &filename, e))?;
+    let mut reader = io::BufReader::new(certfile);
+
+    // Load and return certificate.
+    let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
+    if certs.is_empty() {
+        return Err("Expected at least one certificate".into());
+    }
+    Ok(certs.into_iter().map(Certificate).collect())
+}
+
+// Load private key from file.
+fn load_private_key(filename: &str) -> BoxResult<PrivateKey> {
+    // Open keyfile.
+    let keyfile =
+        fs::File::open(&filename).map_err(|e| format!("Failed to open {}: {}", &filename, e))?;
+    let mut reader = io::BufReader::new(keyfile);
+
+    // Load and return a single private key.
+    let keys = rustls_pemfile::rsa_private_keys(&mut reader)
+        .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?;
+
+    if keys.len() != 1 {
+        return Err("Expected a single private key".into());
+    }
+    Ok(PrivateKey(keys[0].to_owned()))
+}

src/auth.rs

@@ -0,0 +1,209 @@
+use headers::HeaderValue;
+use lazy_static::lazy_static;
+use md5::Context;
+use std::{
+    collections::HashMap,
+    time::{SystemTime, UNIX_EPOCH},
+};
+use uuid::Uuid;
+
+use crate::BoxResult;
+
+const REALM: &str = "DUF";
+
+lazy_static! {
+    static ref NONCESTARTHASH: Context = {
+        let mut h = Context::new();
+        h.consume(Uuid::new_v4().as_bytes());
+        h.consume(std::process::id().to_be_bytes());
+        h
+    };
+}
+
+pub fn generate_www_auth(stale: bool) -> String {
+    let str_stale = if stale { "stale=true," } else { "" };
+    format!(
+        "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\",algorithm=\"MD5\"",
+        REALM,
+        create_nonce(),
+        str_stale
+    )
+}
+
+pub fn parse_auth(auth: &str) -> BoxResult<(String, String)> {
+    let p: Vec<&str> = auth.trim().split(':').collect();
+    let err = "Invalid auth value";
+    if p.len() != 2 {
+        return Err(err.into());
+    }
+    let user = p[0];
+    let pass = p[1];
+    let mut h = Context::new();
+    h.consume(format!("{}:{}:{}", user, REALM, pass).as_bytes());
+    Ok((user.to_owned(), format!("{:x}", h.compute())))
+}
+
+pub fn valid_digest(
+    header_value: &HeaderValue,
+    method: &str,
+    auth_user: &str,
+    auth_pass: &str,
+) -> Option<()> {
+    let digest_value = strip_prefix(header_value.as_bytes(), b"Digest ")?;
+    let user_vals = to_headermap(digest_value).ok()?;
+    if let (Some(username), Some(nonce), Some(user_response)) = (
+        user_vals
+            .get(b"username".as_ref())
+            .and_then(|b| std::str::from_utf8(*b).ok()),
+        user_vals.get(b"nonce".as_ref()),
+        user_vals.get(b"response".as_ref()),
+    ) {
+        match validate_nonce(nonce) {
+            Ok(true) => {}
+            _ => return None,
+        }
+        if auth_user != username {
+            return None;
+        }
+        let mut ha = Context::new();
+        ha.consume(method);
+        ha.consume(b":");
+        if let Some(uri) = user_vals.get(b"uri".as_ref()) {
+            ha.consume(uri);
+        }
+        let ha = format!("{:x}", ha.compute());
+        let mut correct_response = None;
+        if let Some(qop) = user_vals.get(b"qop".as_ref()) {
+            if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
+                correct_response = Some({
+                    let mut c = Context::new();
+                    c.consume(&auth_pass);
+                    c.consume(b":");
+                    c.consume(nonce);
+                    c.consume(b":");
+                    if let Some(nc) = user_vals.get(b"nc".as_ref()) {
+                        c.consume(nc);
+                    }
+                    c.consume(b":");
+                    if let Some(cnonce) = user_vals.get(b"cnonce".as_ref()) {
+                        c.consume(cnonce);
+                    }
+                    c.consume(b":");
+                    c.consume(qop);
+                    c.consume(b":");
+                    c.consume(&*ha);
+                    format!("{:x}", c.compute())
+                });
+            }
+        }
+        let correct_response = match correct_response {
+            Some(r) => r,
+            None => {
+                let mut c = Context::new();
+                c.consume(&auth_pass);
+                c.consume(b":");
+                c.consume(nonce);
+                c.consume(b":");
+                c.consume(&*ha);
+                format!("{:x}", c.compute())
+            }
+        };
+        if correct_response.as_bytes() == *user_response {
+            // grant access
+            return Some(());
+        }
+    }
+    None
+}
+
+/// Check if a nonce is still valid.
+/// Return an error if it was never valid
+fn validate_nonce(nonce: &[u8]) -> Result<bool, ()> {
+    if nonce.len() != 34 {
+        return Err(());
+    }
+    //parse hex
+    if let Ok(n) = std::str::from_utf8(nonce) {
+        //get time
+        if let Ok(secs_nonce) = u32::from_str_radix(&n[..8], 16) {
+            //check time
+            let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+            let secs_now = now.as_secs() as u32;
+
+            if let Some(dur) = secs_now.checked_sub(secs_nonce) {
+                //check hash
+                let mut h = NONCESTARTHASH.clone();
+                h.consume(secs_nonce.to_be_bytes());
+                let h = format!("{:x}", h.compute());
+                if h[..26] == n[8..34] {
+                    return Ok(dur < 300); // from the last 5min
+                                          //Authentication-Info ?
+                }
+            }
+        }
+    }
+    Err(())
+}
+
+fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
+    let l = prefix.len();
+    if search.len() < l {
+        return None;
+    }
+    if &search[..l] == prefix {
+        Some(&search[l..])
+    } else {
+        None
+    }
+}
+
+fn to_headermap(header: &[u8]) -> Result<HashMap<&[u8], &[u8]>, ()> {
+    let mut sep = Vec::new();
+    let mut asign = Vec::new();
+    let mut i: usize = 0;
+    let mut esc = false;
+    for c in header {
+        match (c, esc) {
+            (b'=', false) => asign.push(i),
+            (b',', false) => sep.push(i),
+            (b'"', false) => esc = true,
+            (b'"', true) => esc = false,
+            _ => {}
+        }
+        i += 1;
+    }
+    sep.push(i); // same len for both Vecs
+
+    i = 0;
+    let mut ret = HashMap::new();
+    for (&k, &a) in sep.iter().zip(asign.iter()) {
+        while header[i] == b' ' {
+            i += 1;
+        }
+        if a <= i || k <= 1 + a {
+            //keys and vals must contain one char
+            return Err(());
+        }
+        let key = &header[i..a];
+        let val = if header[1 + a] == b'"' && header[k - 1] == b'"' {
+            //escaped
+            &header[2 + a..k - 1]
+        } else {
+            //not escaped
+            &header[1 + a..k]
+        };
+        i = 1 + k;
+        ret.insert(key, val);
+    }
+    Ok(ret)
+}
+
+fn create_nonce() -> String {
+    let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+    let secs = now.as_secs() as u32;
+    let mut h = NONCESTARTHASH.clone();
+    h.consume(secs.to_be_bytes());
+
+    let n = format!("{:08x}{:032x}", secs, h.compute());
+    n[..34].to_string()
+}

src/index.css

@@ -1,119 +0,0 @@
-html {
-  font-family: -apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif;
-  line-height: 1.5;
-  color: #24292e;
-}
-
-.head {
-  display: flex;
-  align-items: baseline;
-  padding: 1em 1em 0;
-}
-
-.head input {
-  display: none;
-}
-
-.breadcrumb {
-  font-size: 1.25em;
-}
-
-.breadcrumb > a {
-  color: #0366d6;
-  text-decoration: none;
-}
-
-.breadcrumb > a:hover {
-  text-decoration: underline;
-}
-
-/* final breadcrumb */
-.breadcrumb > b {
-  color: #24292e;
-}
-
-.breadcrumb > .separator {
-  color: #586069;
-  padding: 0 0.25em;
-}
-
-.breadcrumb svg {
-  height: 100%;
-  fill: rgba(3,47,98,0.5);
-  padding-right: 0.5em;
-  padding-left: 0.5em;
-}
-
-.upload-control {
-  cursor: pointer;
-}
-
-.main {
-  padding: 0 1em;
-}
-
-.main th {
-  text-align: left;
-  font-weight: unset;
-  color: #5c5c5c;
-  white-space: nowrap;
-}
-
-.main td {
-  white-space: nowrap;
-}
-
-.main .cell-name {
-  width: 300px;
-}
-
-.main .cell-mtime {
-  width: 150px;
-  padding-left: 0.6em;
-}
-
-.main .cell-size {
-  text-align: right;
-  width: 100px;
-  padding-left: 0.6em;
-}
-
-.main .cell-actions {
-  width: 100px;
-  padding-left: 0.6em;
-}
-
-
-.path svg {
-  height: 100%;
-  fill: rgba(3,47,98,0.5);
-  padding-right: 0.5em;
-}
-
-.path {
-  display: flex;
-  list-style: none;
-}
-
-.path a {
-  color: #0366d6;
-  text-overflow: ellipsis;
-  white-space: nowrap;
-  overflow: hidden;
-  display: block;
-  text-decoration: none;
-}
-
-.path a:hover {
-  text-decoration: underline;
-}
-
-.uploaders {
-  display: flex;
-  flex-wrap: wrap;
-  padding: 0.5em 0;
-}
-
-.uploader {
-  padding-right: 1em;
-}

src/index.html

@@ -1,210 +0,0 @@
-<!DOCTYPE html>
-<html>
-
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width" />
-  <title>Duf</title>
-  __STYLE__
-</head>
-<body>
-  <div class="head">
-    <div class="breadcrumb"></div>
-  </div>
-  <div class="main">
-    <div class="uploaders">
-    </div>
-    <table>
-      <thead>
-        <tr>
-          <th class="cell-name">Name</th>
-          <th class="cell-mtime">Date modify</th>
-          <th class="cell-size">Size</th>
-        </tr>
-      </thead>
-      <tbody>
-      </tbody>
-    </table>
-  </div>
-  <script>
-
-    const $head = document.querySelector(".head");
-    const $tbody = document.querySelector(".main tbody");
-    const $breadcrumb = document.querySelector(".breadcrumb");
-    const $uploaders = document.querySelector(".uploaders");
-    const $uploadControl = document.querySelector(".upload-control");
-    const { breadcrumb, paths, readonly } = __DATA__;
-    let uploaderIdx = 0;
-
-    class Uploader {
-      idx = 0;
-      file;
-      path;
-      $elem;
-      constructor(idx, file) {
-        this.idx = idx;
-        this.file = file;
-        this.path = location.pathname + "/" + file.name;
-      }
-
-      upload() {
-        const { file, idx, path } = this;
-        $uploaders.insertAdjacentHTML("beforeend", `
-      <div class="uploader path">
-        <div><svg height="16" viewBox="0 0 12 16" width="12"><path fill-rule="evenodd" d="M6 5H2V4h4v1zM2 8h7V7H2v1zm0 2h7V9H2v1zm0 2h7v-1H2v1zm10-7.5V14c0 .55-.45 1-1 1H1c-.55 0-1-.45-1-1V2c0-.55.45-1 1-1h7.5L12 4.5zM11 5L8 2H1v12h10V5z"></path></svg></div>
-        <a href="${path}" id="file${idx}">${file.name} (0%)</a>
-      </div>`);
-        this.$elem = document.getElementById(`file${idx}`);
-
-        const ajax = new XMLHttpRequest();
-        ajax.upload.addEventListener("progress", e => this.progress(e), false);
-        ajax.addEventListener("load", e => this.complete(e), false);
-        ajax.addEventListener("error", e => this.error(e), false);
-        ajax.addEventListener("abort", e => this.abort(e), false);
-        ajax.open("PUT", path);
-        ajax.send(file);
-      }
-
-      progress(event) {
-        const percent = (event.loaded / event.total) * 100;
-        this.$elem.innerHTML = `${this.file.name} (${percent.toFixed(2)}%)`;
-      }
-
-      complete(event) {
-        this.$elem.innerHTML = `${this.file.name}`;
-      }
-
-      error(event) {
-        this.$elem.innerHTML = `${this.file.name} (x)`;
-      }
-      
-      abort(event) {
-        this.$elem.innerHTML = `${this.file.name} (x)`;
-      }
-    }
-
-    function addBreadcrumb(value) {
-      const parts = value.split("/").filter(v => !!v);
-      const len = parts.length;
-      let path = "";
-      for (let i = 0; i < len; i++) {
-        const name = parts[i];
-        if (i > 0) {
-          path  += "/" + name;
-        }
-        if (i === len - 1) {
-          $breadcrumb.insertAdjacentHTML("beforeend", `<b>${name}</b>`);
-        } else if (i === 0) {
-          $breadcrumb.insertAdjacentHTML("beforeend", `<a href="/"><b>${name}</b></a>`);
-        } else {
-          $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${encodeURI(path)}">${name}</a>`);
-        }
-        $breadcrumb.insertAdjacentHTML("beforeend", `<span class="separator">/</span>`);
-      }
-    }
-
-    function addPath(file, index) {
-      const actionTd = readonly ? "" : `
-      <td class="cell-actions">
-        <div onclick="deletePath(${index})" class="delete-btn" id="deleteBtn${index}" title="Delete ${file.name}">
-          <svg width="18" height="18" viewBox="0 0 40 40"><path d="M28,40H11.8c-3.3,0-5.9-2.7-5.9-5.9V16c0-0.6,0.4-1,1-1s1,0.4,1,1v18.1c0,2.2,1.8,3.9,3.9,3.9H28c2.2,0,3.9-1.8,3.9-3.9V16   c0-0.6,0.4-1,1-1s1,0.4,1,1v18.1C33.9,37.3,31.2,40,28,40z"/></g><g><path d="M33.3,4.9h-7.6C25.2,2.1,22.8,0,19.9,0s-5.3,2.1-5.8,4.9H6.5c-2.3,0-4.1,1.8-4.1,4.1S4.2,13,6.5,13h26.9   c2.3,0,4.1-1.8,4.1-4.1S35.6,4.9,33.3,4.9z M19.9,2c1.8,0,3.3,1.2,3.7,2.9h-7.5C16.6,3.2,18.1,2,19.9,2z M33.3,11H6.5   c-1.1,0-2.1-0.9-2.1-2.1c0-1.1,0.9-2.1,2.1-2.1h26.9c1.1,0,2.1,0.9,2.1,2.1C35.4,10.1,34.5,11,33.3,11z"/></g><g><path d="M12.9,35.1c-0.6,0-1-0.4-1-1V17.4c0-0.6,0.4-1,1-1s1,0.4,1,1v16.7C13.9,34.6,13.4,35.1,12.9,35.1z"/></g><g><path d="M26.9,35.1c-0.6,0-1-0.4-1-1V17.4c0-0.6,0.4-1,1-1s1,0.4,1,1v16.7C27.9,34.6,27.4,35.1,26.9,35.1z"/></g><g><path d="M19.9,35.1c-0.6,0-1-0.4-1-1V17.4c0-0.6,0.4-1,1-1s1,0.4,1,1v16.7C20.9,34.6,20.4,35.1,19.9,35.1z"/></svg>
-        </div>
-      </td>`
-
-      $tbody.insertAdjacentHTML("beforeend", `
-  <tr id="addPath${index}">
-    <td class="path cell-name">
-      <div>${getSvg(file.path_type)}</div>
-      <a href="${encodeURI(file.path)}" title="${file.name}">${file.name}</a>
-    </td>
-    <td class="cell-mtime">${formatMtime(file.mtime)}</td>
-    <td class="cell-size">${formatSize(file.size)}</td>
-    ${actionTd}
-  </tr>`)
-    }
-
-    async function deletePath(index) {
-      const file = paths[index];
-      if (!file) return;
-      try {
-        const res = await fetch(encodeURI(file.path), {
-          method: "DELETE",
-        });
-        if (res.status !== 200) {
-          const text = await res.text();
-          throw new Error(text);
-        }
-        document.getElementById(`addPath${index}`).remove();
-      } catch (err) {
-        alert(`Failed to delete ${file.name}, ${err.message}`);
-      }
-    }
-
-    function addUploadControl() {
-      $head.insertAdjacentHTML("beforeend", `
-    <div class="upload-control" title="Upload file">
-      <label for="file">
-        <svg viewBox="0 0 384.97 384.97" width="14" height="14"><path d="M372.939,264.641c-6.641,0-12.03,5.39-12.03,12.03v84.212H24.061v-84.212c0-6.641-5.39-12.03-12.03-12.03 S0,270.031,0,276.671v96.242c0,6.641,5.39,12.03,12.03,12.03h360.909c6.641,0,12.03-5.39,12.03-12.03v-96.242 C384.97,270.019,379.58,264.641,372.939,264.641z"></path><path d="M117.067,103.507l63.46-62.558v235.71c0,6.641,5.438,12.03,12.151,12.03c6.713,0,12.151-5.39,12.151-12.03V40.95 l63.46,62.558c4.74,4.704,12.439,4.704,17.179,0c4.74-4.704,4.752-12.319,0-17.011l-84.2-82.997 c-4.692-4.656-12.584-4.608-17.191,0L99.888,86.496c-4.752,4.704-4.74,12.319,0,17.011 C104.628,108.211,112.327,108.211,117.067,103.507z"></path></svg>
-      </label>
-      <input type="file" id="file" name="file" multiple>
-    </div>
-`);
-    }
-
-    function getSvg(path_type) {
-      switch (path_type) {
-        case "Dir":
-          return `<svg height="16" viewBox="0 0 14 16" width="14"><path fill-rule="evenodd" d="M13 4H7V3c0-.66-.31-1-1-1H1c-.55 0-1 .45-1 1v10c0 .55.45 1 1 1h12c.55 0 1-.45 1-1V5c0-.55-.45-1-1-1zM6 4H1V3h5v1z"></path></svg>`;
-        case "File":
-          return `<svg height="16" viewBox="0 0 12 16" width="12"><path fill-rule="evenodd" d="M6 5H2V4h4v1zM2 8h7V7H2v1zm0 2h7V9H2v1zm0 2h7v-1H2v1zm10-7.5V14c0 .55-.45 1-1 1H1c-.55 0-1-.45-1-1V2c0-.55.45-1 1-1h7.5L12 4.5zM11 5L8 2H1v12h10V5z"></path></svg>`;
-        case "SymlinkDir":
-          return `<svg height="16" viewBox="0 0 14 16" width="14"><path fill-rule="evenodd" d="M13 4H7V3c0-.66-.31-1-1-1H1c-.55 0-1 .45-1 1v10c0 .55.45 1 1 1h12c.55 0 1-.45 1-1V5c0-.55-.45-1-1-1zM1 3h5v1H1V3zm6 9v-2c-.98-.02-1.84.22-2.55.7-.71.48-1.19 1.25-1.45 2.3.02-1.64.39-2.88 1.13-3.73C4.86 8.43 5.82 8 7.01 8V6l4 3-4 3H7z"></path></svg>`;
-        default:
-          return `<svg height="16" viewBox="0 0 12 16" width="12"><path fill-rule="evenodd" d="M8.5 1H1c-.55 0-1 .45-1 1v12c0 .55.45 1 1 1h10c.55 0 1-.45 1-1V4.5L8.5 1zM11 14H1V2h7l3 3v9zM6 4.5l4 3-4 3v-2c-.98-.02-1.84.22-2.55.7-.71.48-1.19 1.25-1.45 2.3.02-1.64.39-2.88 1.13-3.73.73-.84 1.69-1.27 2.88-1.27v-2H6z"></path></svg>`;
-      }
-    }
-
-    function formatMtime(mtime) {
-      if (!mtime) return ""
-      const date = new Date(mtime);
-      const year = date.getFullYear();
-      const month = padZero(date.getMonth() + 1, 2);
-      const day = padZero(date.getDate(), 2);
-      const hours = padZero(date.getHours(), 2);
-      const minutes = padZero(date.getMinutes(), 2);
-      return `${year}/${month}/${day} ${hours}:${minutes}`;
-    }
-
-    function padZero(value, size) {
-      return ("0".repeat(size) + value).slice(-1 * size)
-    }
-
-    function formatSize(size) {
-      if (!size) return ""
-      const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB'];
-      if (size == 0) return '0 Byte';
-      const i = parseInt(Math.floor(Math.log(size) / Math.log(1024)));
-      return Math.round(size / Math.pow(1024, i), 2) + ' ' + sizes[i];
-    }
-
-
-
-    document.addEventListener('DOMContentLoaded', () => {
-      addBreadcrumb(breadcrumb);
-      paths.forEach((file, index) => addPath(file, index));
-      if (!readonly) {
-        addUploadControl();
-        document.querySelector(".main thead tr").insertAdjacentHTML("beforeend", `<th class="cell-actions">Actions</th>`);
-        document.getElementById("file").addEventListener("change", e => {
-          const files = e.target.files;
-          for (const file of files) {
-            uploaderIdx += 1;
-            const uploader = new Uploader(uploaderIdx, file);
-            uploader.upload();
-          }
-        });
-      }
-    });
-  </script>
-</body>
-</html>

src/main.rs

@@ -1,27 +1,52 @@
-macro_rules! bail {
-    ($($tt:tt)*) => {
-        return Err(From::from(format!($($tt)*)))
-    }
-}
-
 mod args;
+mod auth;
 mod server;
 
+#[macro_use]
+extern crate log;
+
 pub type BoxResult<T> = Result<T, Box<dyn std::error::Error>>;
 
+use std::env;
+use std::io::Write;
+
 use crate::args::{matches, Args};
 use crate::server::serve;
 
 #[tokio::main]
 async fn main() {
-    Args::parse(matches())
-        .map(serve)
-        .unwrap_or_else(handle_err)
-        .await
-        .unwrap_or_else(handle_err);
+    run().await.unwrap_or_else(handle_err)
+}
+
+async fn run() -> BoxResult<()> {
+    if env::var("RUST_LOG").is_err() {
+        env::set_var("RUST_LOG", "info")
+    }
+    env_logger::builder()
+        .format(|buf, record| {
+            let timestamp = buf.timestamp();
+            writeln!(buf, "[{} {}] {}", timestamp, record.level(), record.args())
+        })
+        .init();
+
+    let args = Args::parse(matches())?;
+    tokio::select! {
+        ret = serve(args) => {
+            ret
+        },
+        _ = shutdown_signal() => {
+            Ok(())
+        },
+    }
 }
 
 fn handle_err<T>(err: Box<dyn std::error::Error>) -> T {
-    eprintln!("Server error: {}", err);
+    eprintln!("error: {}", err);
     std::process::exit(1);
 }
+
+async fn shutdown_signal() {
+    tokio::signal::ctrl_c()
+        .await
+        .expect("Failed to install CTRL+C signal handler")
+}