chore(release): version v0.19.0

close #50

BREAKING CHANGE: rename duf to dufs

.dockerignore

@@ -0,0 +1,13 @@
+# Directories
+/.git/
+/.github/
+/target/
+/examples/
+/docs/
+/benches/
+/tmp/
+
+# Files
+.gitignore
+*.md
+LICENSE*

.github/workflows/release.yaml

@@ -6,8 +6,10 @@ on:
     - v[0-9]+.[0-9]+.[0-9]+*
 
 jobs:
-  all:
-    name: All
+  release:
+    name: Publish to Github Reelases
+    outputs:
+      rc: ${{ steps.check-tag.outputs.rc }}
 
     strategy:
       matrix:
@@ -123,4 +125,41 @@ jobs:
         files: ${{ steps.package.outputs.archive }}
         prerelease: ${{ steps.check-tag.outputs.rc == 'true' }}
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker:
+    name: Publish to Docker Hub
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ needs.release.outputs.rc == 'false' }}
+          tags: ${{ github.repository }}:latest, ${{ github.repository }}:${{ github.ref_name }}
+          
+  publish-crate:
+    name: Publish to crates.io
+    if: ${{ needs.release.outputs.rc == 'false' }}
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+      - name: Publish
+
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
+        run: cargo publish

CHANGELOG.md

@@ -2,6 +2,138 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.19.0] - 2022-06-19
+
+### Features
+
+- [**breaking**] Path level access control ([#52](https://github.com/sigoden/dufs/issues/52))
+- Serve single file ([#54](https://github.com/sigoden/dufs/issues/54))
+- Ui hidden root dirname ([#58](https://github.com/sigoden/dufs/issues/58))
+- Reactive webpage ([#51](https://github.com/sigoden/dufs/issues/51))
+- [**breaking**] Rename to dufs ([#59](https://github.com/sigoden/dufs/issues/59))
+
+### Refactor
+
+- [**breaking**] Rename --cors to --enable-cors ([#57](https://github.com/sigoden/dufs/issues/57))
+
+## [0.18.0] - 2022-06-18
+
+### Features
+
+- Add option --render-try-index ([#47](https://github.com/sigoden/dufs/issues/47))
+- Add slash to end of dir href
+
+## [0.17.1] - 2022-06-16
+
+### Bug Fixes
+
+- Range request ([#44](https://github.com/sigoden/dufs/issues/44))
+
+## [0.17.0] - 2022-06-15
+
+### Bug Fixes
+
+- Webdav propfind dir with slash ([#42](https://github.com/sigoden/dufs/issues/42))
+
+### Features
+
+- Listen both ipv4 and ipv6 by default ([#40](https://github.com/sigoden/dufs/issues/40))
+
+### Refactor
+
+- Trival changes ([#41](https://github.com/sigoden/dufs/issues/41))
+
+## [0.16.0] - 2022-06-12
+
+### Features
+
+- Implement head method ([#33](https://github.com/sigoden/dufs/issues/33))
+- Display upload speed and time left ([#34](https://github.com/sigoden/dufs/issues/34))
+- Support tls-key in pkcs#8 format ([#35](https://github.com/sigoden/dufs/issues/35))
+- Options method return status 200
+
+### Testing
+
+- Add integration tests ([#36](https://github.com/sigoden/dufs/issues/36))
+
+## [0.15.1] - 2022-06-11
+
+### Bug Fixes
+
+- Cannot upload ([#32](https://github.com/sigoden/dufs/issues/32))
+
+## [0.15.0] - 2022-06-10
+
+### Bug Fixes
+
+- Encode webdav href as uri ([#28](https://github.com/sigoden/dufs/issues/28))
+- Query dir param
+
+### Features
+
+- Add basic dark theme ([#29](https://github.com/sigoden/dufs/issues/29))
+- Add empty state placeholder to page([#30](https://github.com/sigoden/dufs/issues/30))
+
+## [0.14.0] - 2022-06-07
+
+### Bug Fixes
+
+- Send index page with content-type ([#26](https://github.com/sigoden/dufs/issues/26))
+
+### Features
+
+- Support ipv6 ([#25](https://github.com/sigoden/dufs/issues/25))
+- Add favicon ([#27](https://github.com/sigoden/dufs/issues/27))
+
+## [0.13.2] - 2022-06-06
+
+### Bug Fixes
+
+- Filename xml escaping
+- Escape path-prefix/url-prefix different
+
+## [0.13.1] - 2022-06-05
+
+### Bug Fixes
+
+- Escape filename ([#21](https://github.com/sigoden/dufs/issues/21))
+
+### Refactor
+
+- Use logger ([#22](https://github.com/sigoden/dufs/issues/22))
+
+## [0.13.0] - 2022-06-05
+
+### Bug Fixes
+
+- Ctrl+c not exit sometimes
+
+### Features
+
+- Implement more webdav methods ([#13](https://github.com/sigoden/dufs/issues/13))
+- Use digest auth ([#14](https://github.com/sigoden/dufs/issues/14))
+- Add webdav proppatch handler ([#18](https://github.com/sigoden/dufs/issues/18))
+
+## [0.12.1] - 2022-06-04
+
+### Features
+
+- Support webdav ([#10](https://github.com/sigoden/dufs/issues/10))
+- Remove unzip uploaded feature ([#11](https://github.com/sigoden/dufs/issues/11))
+
+## [0.11.0] - 2022-06-03
+
+### Features
+
+- Support gracefully shutdown server
+- Listen 0.0.0.0 by default
+
+## [0.10.1] - 2022-06-02
+
+### Bug Fixes
+
+- Panic when bind already used port
+
 ## [0.10.0] - 2022-06-02
 
 ### Bug Fixes
@@ -19,10 +151,6 @@ All notable changes to this project will be documented in this file.
 - Change auth logic/options
 - Improve ui
 
-### Miscellaneous Tasks
-
-- Insert cli output
-
 ### Refactor
 
 - Small improvement
@@ -52,12 +180,6 @@ All notable changes to this project will be documented in this file.
 - Add some headers to res
 - Support render-index/render-spa
 
-### Miscellaneous Tasks
-
-- Move src/assets out of src
-- Update description
-- Upgrade version
-
 ## [0.7.0] - 2022-05-31
 
 ### Bug Fixes
@@ -71,10 +193,6 @@ All notable changes to this project will be documented in this file.
 
 - Drag and drop uploads, upload folder
 
-### Miscellaneous Tasks
-
-- Upgrade version
-
 ## [0.6.0] - 2022-05-31
 
 ### Features
@@ -83,10 +201,6 @@ All notable changes to this project will be documented in this file.
 - Distinct upload and delete operation
 - Support range requests
 
-### Miscellaneous Tasks
-
-- Upgrade version
-
 ### Refactor
 
 - Improve code quality
@@ -99,12 +213,6 @@ All notable changes to this project will be documented in this file.
 - Add no-auth-read options
 - Unzip zip file when unload
 
-### Miscellaneous Tasks
-
-- Reorganize web static files
-- Rename src/static to src/assets
-- Upgrade version
-
 ## [0.4.0] - 2022-05-29
 
 ### Features
@@ -112,10 +220,6 @@ All notable changes to this project will be documented in this file.
 - Replace --static option to --no-edit
 - Add cors
 
-### Miscellaneous Tasks
-
-- Upgrade version
-
 ## [0.3.0] - 2022-05-29
 
 ### Documentation
@@ -162,10 +266,6 @@ All notable changes to this project will be documented in this file.
 - Add logger
 - Download folder as zip file
 
-### Miscellaneous Tasks
-
-- Update cargo metadata
-
 ## [0.1.0] - 2022-05-26
 
 ### Bug Fixes
@@ -183,11 +283,6 @@ All notable changes to this project will be documented in this file.
 - Support delete operation
 - Remove parent path
 
-### Miscellaneous Tasks
-
-- Add readme and license
-- Update cargo metadata
-
 ### Styling
 
 - Cargo fmt

Cargo.toml

@@ -1,23 +1,21 @@
 [package]
-name = "duf"
-version = "0.10.0"
+name = "dufs"
+version = "0.19.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
-description = "Duf is a fully functional file server."
+description = "Dufs is a simple file server."
 license = "MIT OR Apache-2.0"
-homepage = "https://github.com/sigoden/duf"
-repository = "https://github.com/sigoden/duf"
-autotests = false
+homepage = "https://github.com/sigoden/dufs"
+repository = "https://github.com/sigoden/dufs"
 categories = ["command-line-utilities", "web-programming::http-server"]
-keywords = ["static", "file", "server", "http", "cli"]
+keywords = ["static", "file", "server", "webdav", "cli"]
 
 [dependencies]
-clap = { version = "3", default-features = false, features = ["std", "cargo"] }
+clap = { version = "3", default-features = false, features = ["std"] }
 chrono = "0.4"
-tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util"]}
+tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
 tokio-rustls = "0.23"
-tokio-stream = { version = "0.1", features = ["net"] }
-tokio-util = { version = "0.7",  features = ["codec", "io-util"] }
+tokio-util = { version = "0.7",  features = ["io-util"] }
 hyper = { version = "0.14", features = ["http1", "server", "tcp", "stream"] }
 percent-encoding = "2.1"
 serde = { version = "1", features = ["derive"] }
@@ -25,12 +23,34 @@ serde_json = "1"
 futures = "0.3"
 base64 = "0.13"
 async_zip = "0.0.7"
-async-walkdir = "0.2.0"
-headers = "0.3.7"
-mime_guess = "2.0.4"
-get_if_addrs = "0.5.3"
+async-walkdir = "0.2"
+headers = "0.3"
+mime_guess = "2.0"
+get_if_addrs = "0.5"
 rustls = { version = "0.20", default-features = false, features = ["tls12"] }
 rustls-pemfile = "1"
+md5 = "0.7"
+lazy_static = "1.4"
+uuid = { version = "1.1", features = ["v4", "fast-rng"] }
+urlencoding = "2.1"
+xml-rs = "0.8"
+env_logger = { version = "0.9", default-features = false, features = ["humantime"] }
+log = "0.4"
+socket2 = "0.4"
+async-stream = "0.3"
+
+[dev-dependencies]
+assert_cmd = "2"
+reqwest = { version = "0.11", features = ["blocking", "multipart", "rustls-tls"], default-features = false }
+assert_fs = "1"
+select = "0.5"
+port_check = "0.1"
+rstest = "0.13"
+regex = "1"
+pretty_assertions = "1.2"
+url = "2"
+diqwest = { version = "1", features = ["blocking"] }
+predicates = "2"
 
 [profile.release]
 lto = true

Dockerfile

@@ -0,0 +1,10 @@
+FROM rust:1.61 as builder
+RUN rustup target add x86_64-unknown-linux-musl
+RUN apt-get update && apt-get install --no-install-recommends -y musl-tools
+WORKDIR /app
+COPY . .
+RUN cargo build --target x86_64-unknown-linux-musl --release
+
+FROM scratch
+COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/dufs /bin/
+ENTRYPOINT ["/bin/dufs"]

README.md

@@ -1,23 +1,22 @@
-# Duf
+# Dufs (Old Name: Duf)
 
-[![CI](https://github.com/sigoden/duf/actions/workflows/ci.yaml/badge.svg)](https://github.com/sigoden/duf/actions/workflows/ci.yaml)
-[![Crates](https://img.shields.io/crates/v/duf.svg)](https://crates.io/crates/duf)
+[![CI](https://github.com/sigoden/dufs/actions/workflows/ci.yaml/badge.svg)](https://github.com/sigoden/dufs/actions/workflows/ci.yaml)
+[![Crates](https://img.shields.io/crates/v/dufs.svg)](https://crates.io/crates/dufs)
 
-Duf is a fully functional file server.
+Dufs is a simple file server. Support static serve, search, upload, webdav...
 
-![demo](https://user-images.githubusercontent.com/4012553/171526189-09afc2de-793f-4216-b3d5-31ea408d3610.png)
+![demo](https://user-images.githubusercontent.com/4012553/174486522-7af350e6-0195-4f4a-8480-d9464fc6452f.png)
 
 ## Features
 
 - Serve static files
 - Download folder as zip file
-- Search files
 - Upload files and folders (Drag & Drop)
-- Delete files
-- Basic authentication
-- Upload zip file then unzip
+- Search files
 - Partial responses (Parallel/Resume download)
-- Support https/tls
+- Path level access control
+- Support https
+- Support webdav
 - Easy to use with curl
 
 ## Install
@@ -25,126 +24,168 @@ Duf is a fully functional file server.
 ### With cargo
 
 ```
-cargo install duf
+cargo install dufs
+```
+
+### With docker
+
+```
+docker run -v `pwd`:/data -p 5000:5000 --rm -it sigoden/dufs /data
 ```
 
 ### Binaries on macOS, Linux, Windows
 
-Download from [Github Releases](https://github.com/sigoden/duf/releases), unzip and add duf to your $PATH.
+Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip and add dufs to your $PATH.
 
 ## CLI
 
 ```
-Duf is a fully functional file server.
+Dufs is a simple file server. - https://github.com/sigoden/dufs
 
 USAGE:
-    duf [OPTIONS] [path]
+    dufs [OPTIONS] [--] [path]
 
 ARGS:
     <path>    Path to a root directory for serving files [default: .]
 
 OPTIONS:
-    -a, --auth <user:pass>      Use HTTP authentication
-        --no-auth-access        Not required auth when access static files
-    -A, --allow-all             Allow all operations
-        --allow-delete          Allow delete files/folders
-        --allow-symlink         Allow symlink to files/folders outside root directory
-        --allow-upload          Allow upload files/folders
-    -b, --bind <address>        Specify bind address [default: 127.0.0.1]
-        --cors                  Enable CORS, sets `Access-Control-Allow-Origin: *`
-    -h, --help                  Print help information
+    -b, --bind <addr>...        Specify bind address
     -p, --port <port>           Specify port to listen on [default: 5000]
         --path-prefix <path>    Specify an url path prefix
+    -a, --auth <rule>...        Add auth for path
+    -A, --allow-all             Allow all operations
+        --allow-upload          Allow upload files/folders
+        --allow-delete          Allow delete files/folders
+        --allow-symlink         Allow symlink to files/folders outside root directory
+        --enable-cors           Enable CORS, sets `Access-Control-Allow-Origin: *`
         --render-index          Render index.html when requesting a directory
+        --render-try-index      Render index.html if it exists when requesting a directory
         --render-spa            Render for single-page application
         --tls-cert <path>       Path to an SSL/TLS certificate to serve with HTTPS
         --tls-key <path>        Path to the SSL/TLS certificate's private key
+    -h, --help                  Print help information
     -V, --version               Print version information
 ```
 
 ## Examples
 
-You can run this command to start serving your current working directory on 127.0.0.1:5000 by default.
+Serve current working directory, no upload/delete
 
 ```
-duf
+dufs
 ```
 
-...or specify which folder you want to serve.
+Allow upload/delete
 
 ```
-duf folder_name
+dufs -A
 ```
 
-Listen on all Interfaces and port 3000
+Listen on a specific port
 
 ```
-duf -b 0.0.0.0 -p 3000
+dufs -p 80
 ```
 
-Allow all operations such as upload, delete
-
-```sh
-duf --allow-all
-# or
-duf -A
-```
-
-Only allow upload operation
+For a single page application (SPA)
 
 ```
-duf --allow-upload
+dufs --render-spa
 ```
 
-Serve a single page application (SPA)
+Use https
 
 ```
-duf --render-spa
-```
-
-Serve https 
-
-```
-duf --tls-cert my.crt --tls-key my.key
+dufs --tls-cert my.crt --tls-key my.key
 ```
 
 ## API
 
 Download a file
 ```
-curl http://127.0.0.1:5000/some-file
-
-curl -o some-file2 http://127.0.0.1:5000/some-file
+curl http://127.0.0.1:5000/path-to-file
 ```
 
 Download a folder as zip file
 
 ```
-curl -o some-folder.zip http://127.0.0.1:5000/some-folder?zip
+curl -o path-to-folder.zip http://127.0.0.1:5000/path-to-folder?zip
 ```
 
 Upload a file
 
 ```
-curl --upload-file some-file http://127.0.0.1:5000/some-file
-```
-
-Unzip zip file when unload
-
-```
-curl --upload-file some-folder.zip http://127.0.0.1:5000/some-folder.zip?unzip
+curl --upload-file path-to-file http://127.0.0.1:5000/path-to-file
 ```
 
 Delete a file/folder
 
 ```
-curl -X DELETE http://127.0.0.1:5000/some-file
+curl -X DELETE http://127.0.0.1:5000/path-to-file
 ```
 
+## Details
+
+<details>
+<summary>
+
+#### 1. Control render logic
+
+</summary>
+
+
+The default render logic is:
+
+-  If request for a folder, rendering the directory listing. 
+-  If request for a file, rendering the file.
+-  If request target does not exist, returns 404.
+
+The `--render-*` options change the render logic:
+
+- `--render-index`: If request for a folder, rendering index.html in the folder. If the index.html file does not exist, return 404.
+- `--render-try-index`: Like `--render-index`, rendering the directory listing if the index.html file does not exist, other than return 404.
+- `--render-spa`: If request target does not exist, rendering `/index.html`
+
+</details>
+
+<details>
+<summary>
+
+#### 2. Path level access control
+
+</summary>
+
+```
+dufs -a <path>@<readwrite>[@<readonly>]
+```
+
+- `<path>`: Path to protected
+- `<readwrite>`: Account with readwrite permission, required
+- `<readonly>`: Account with readonly permission, optional
+
+> `*` as `<readonly>` means `<path>` is public, everyone can access/download it.
+
+For example:
+
+```
+dufs -a /@admin:pass@* -a /ui@designer:pass1 -A
+```
+- All files/folders are public to access/download.
+- Account `admin:pass` can upload/delete/download any files/folders.
+- Account `designer:pass1` can upload/delete/download any files/folders in the `ui` folder.
+
+Curl with digest auth:
+
+```
+curl --digest -u designer:pass1 http://127.0.0.1:5000/ui/path-to-file
+```
+
+</details>
+
 ## License
 
-Copyright (c) 2022 duf-developers.
+Copyright (c) 2022 dufs-developers.
 
-duf is made available under the terms of either the MIT License or the Apache License 2.0, at your option.
+dufs is made available under the terms of either the MIT License or the Apache License 2.0, at your option.
 
 See the LICENSE-APACHE and LICENSE-MIT files for license details.

assets/index.css

@@ -4,10 +4,6 @@ html {
   color: #24292e;
 }
 
-body {
-  width: 700px;
-}
-
 .hidden {
   display: none;
 }
@@ -21,6 +17,7 @@ body {
 
 .breadcrumb {
   font-size: 1.25em;
+  padding-right: 0.6em;
 }
 
 .breadcrumb > a {
@@ -45,12 +42,11 @@ body {
 .breadcrumb svg {
   height: 100%;
   fill: rgba(3,47,98,0.5);
-  padding-right: 0.5em;
-  padding-left: 0.5em;
 }
 
 .toolbox {
   display: flex;
+  margin-right: 10px;
 }
 
 .searchbar {
@@ -62,7 +58,7 @@ body {
   transition: all .15s;
   border: 1px #ddd solid;
   border-radius: 15px;
-  margin: 0 0 2px 10px;
+  margin-bottom: 2px;
 }
 
 .searchbar #search {
@@ -93,10 +89,20 @@ body {
   display: none;
 }
 
+.upload-status span {
+  width: 70px;
+  display: inline-block;
+}
+
 .main {
   padding: 0 1em;
 }
 
+.empty-folder {
+  padding-top: 1rem;
+  font-style: italic;
+}
+
 .uploaders-table th,
 .paths-table th {
   text-align: left;
@@ -142,10 +148,10 @@ body {
   height: 100%;
   fill: rgba(3,47,98,0.5);
   padding-right: 0.5em;
+  vertical-align: text-top;
 }
 
 .path {
-  display: flex;
   list-style: none;
 }
 
@@ -156,6 +162,8 @@ body {
   overflow: hidden;
   display: block;
   text-decoration: none;
+  max-width: calc(100vw - 375px);
+  min-width: 400px;
 }
 
 .path a:hover {
@@ -173,3 +181,39 @@ body {
 .uploader {
   padding-right: 1em;
 }
+
+/* dark theme */
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #000;
+  }
+
+  html,
+  .breadcrumb>b,
+  .searchbar #search {
+    color: #fff;
+  }
+
+  .uploaders-table th,
+  .paths-table th {
+    color: #ddd;
+  }
+
+  svg,
+  .path svg {
+    fill: #fff;
+  }
+
+  .searchbar {
+    background-color: #111;
+    border-color: #fff6;
+  }
+
+  .searchbar svg {
+    fill: #fff6;
+  }
+
+  .path a {
+    color: #3191ff;
+  }
+} 

assets/index.html

@@ -31,19 +31,20 @@
     </form>
   </div>
   <div class="main">
+    <div class="empty-folder hidden"></div>
     <table class="uploaders-table hidden">
       <thead>
         <tr>
-          <th class="cell-name">Name</th>
-          <th class="cell-status">Status</th>
+          <th class="cell-name" colspan="2">Name</th>
+          <th class="cell-status">Progress</th>
         </tr>
       </thead>
     </table>
     <table class="paths-table hidden">
       <thead>
         <tr>
-          <th class="cell-name">Name</th>
-          <th class="cell-mtime">Date modify</th>
+          <th class="cell-name" colspan="2">Name</th>
+          <th class="cell-mtime">Last modified</th>
           <th class="cell-size">Size</th>
           <th class="cell-actions">Actions</th>
         </tr>

assets/index.js

@@ -1,11 +1,60 @@
-let $pathsTable, $pathsTableBody, $uploadersTable;
-let baseDir;
+/**
+ * @typedef {object} PathItem
+ * @property {"Dir"|"SymlinkDir"|"File"|"SymlinkFile"} path_type
+ * @property {string} name
+ * @property {number} mtime
+ * @property {number} size
+ */
+
+// https://stackoverflow.com/a/901144/3642588
+const params = new Proxy(new URLSearchParams(window.location.search), {
+  get: (searchParams, prop) => searchParams.get(prop),
+});
+
+const dirEmptyNote = params.q ? 'No results' : DATA.dir_exists ? 'Empty folder' : 'Folder will be created when a file is uploaded';
+
+/**
+ * @type Element
+ */
+let $pathsTable;
+/**
+ * @type Element
+ */
+let $pathsTableBody;
+/**
+ * @type Element
+ */
+let $uploadersTable;
+/**
+ * @type Element
+ */
+let $emptyFolder;
 
 class Uploader {
+  /**
+   * @type number
+   */
   idx;
+  /**
+   * @type File
+   */
   file;
+  /**
+   * @type string
+   */
   name;
+  /**
+   * @type Element
+   */
   $uploadStatus;
+  /**
+   * @type number
+   */
+  uploaded = 0;
+  /**
+   * @type number
+   */
+  lastUptime = 0;
   static globalIdx = 0;
   constructor(file, dirs) {
     this.name = [...dirs, file.name].join("/");
@@ -16,25 +65,26 @@ class Uploader {
   upload() {
     const { file, idx, name } = this;
     let url = getUrl(name);
-    if (file.name == baseDir + ".zip") {
-      url += "?unzip";
-    }
     $uploadersTable.insertAdjacentHTML("beforeend", `
   <tr id="upload${idx}" class="uploader">
+    <td class="path cell-icon">
+      ${getSvg(file.path_type)}
+    </td>
     <td class="path cell-name">
-      <div>${getSvg("File")}</div>
       <a href="${url}">${name}</a>
     </td>
-    <td class="cell-status" id="uploadStatus${idx}"></td>
+    <td class="cell-status upload-status" id="uploadStatus${idx}"></td>
   </tr>`);
     $uploadersTable.classList.remove("hidden");
+    $emptyFolder.classList.add("hidden");
     this.$uploadStatus = document.getElementById(`uploadStatus${idx}`);
+    this.lastUptime = Date.now();
 
     const ajax = new XMLHttpRequest();
     ajax.upload.addEventListener("progress", e => this.progress(e), false);
     ajax.addEventListener("readystatechange", () => {
       if(ajax.readyState === 4) {
-        if (ajax.status == 200) {
+        if (ajax.status >= 200 && ajax.status < 300) {
           this.complete();
         } else {
           this.fail();
@@ -48,8 +98,15 @@ class Uploader {
   }
 
   progress(event) {
-    const percent = (event.loaded / event.total) * 100;
-    this.$uploadStatus.innerHTML = `${percent.toFixed(2)}%`;
+    let now = Date.now();
+    let speed = (event.loaded - this.uploaded) / (now - this.lastUptime) * 1000;
+    let [speedValue, speedUnit] = formatSize(speed);
+    const speedText = `${speedValue}${speedUnit.toLowerCase()}/s`;
+    const progress = formatPercent((event.loaded / event.total) * 100);
+    const duration = formatDuration((event.total - event.loaded) / speed)
+    this.$uploadStatus.innerHTML = `<span>${speedText}</span><span>${progress}</span><span>${duration}</span>`;
+    this.uploaded = event.loaded;
+    this.lastUptime = now;
   }
 
   complete() {
@@ -61,33 +118,53 @@ class Uploader {
   }
 }
 
-function addBreadcrumb(value) {
+/**
+ * Add breadcrumb
+ * @param {string} href 
+ * @param {string} uri_prefix
+ */
+function addBreadcrumb(href, uri_prefix) {
   const $breadcrumb = document.querySelector(".breadcrumb");
-  const parts = value.split("/").filter(v => !!v);
+  let parts = [];
+  if (href === "/") {
+    parts = [""];
+  } else {
+    parts = href.split("/");
+  }
   const len = parts.length;
-  let path = "";
+  let path = uri_prefix;
   for (let i = 0; i < len; i++) {
     const name = parts[i];
     if (i > 0) {
-      path  += "/" + name;
+      if (!path.endsWith("/")) {
+        path  += "/";
+      }
+      path += encodeURI(name);
     }
-    if (i === len - 1) {
+    if (i === 0) {
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}"><svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5z"/></svg></a>`);
+    } else if (i === len - 1) {
       $breadcrumb.insertAdjacentHTML("beforeend", `<b>${name}</b>`);
-      baseDir = name;
-    } else if (i === 0) {
-      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="/"><b>${name}</b></a>`);
     } else {
-      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${encodeURI(path)}">${name}</a>`);
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}">${name}</a>`);
+    }
+    if (i !== len - 1) {
+      $breadcrumb.insertAdjacentHTML("beforeend", `<span class="separator">/</span>`);
     }
-    $breadcrumb.insertAdjacentHTML("beforeend", `<span class="separator">/</span>`);
   }
 }
 
+/**
+ * Add pathitem
+ * @param {PathItem} file 
+ * @param {number} index 
+ */
 function addPath(file, index) {
-  const url = getUrl(file.name)
+  let url = getUrl(file.name)
   let actionDelete = "";
   let actionDownload = "";
   if (file.path_type.endsWith("Dir")) {
+    url += "/";
     actionDownload = `
     <div class="action-btn">
       <a href="${url}?zip" title="Download folder as a .zip file">
@@ -116,16 +193,23 @@ function addPath(file, index) {
 
   $pathsTableBody.insertAdjacentHTML("beforeend", `
 <tr id="addPath${index}">
+  <td class="path cell-icon">
+    ${getSvg(file.path_type)}
+  </td>
   <td class="path cell-name">
-    <div>${getSvg(file.path_type)}</div>
     <a href="${url}" title="${file.name}">${file.name}</a>
   </td>
   <td class="cell-mtime">${formatMtime(file.mtime)}</td>
-  <td class="cell-size">${formatSize(file.size)}</td>
+  <td class="cell-size">${formatSize(file.size).join(" ")}</td>
   ${actionCell}
 </tr>`)
 }
 
+/**
+ * Delete pathitem
+ * @param {number} index 
+ * @returns 
+ */
 async function deletePath(index) {
   const file = DATA.paths[index];
   if (!file) return;
@@ -136,11 +220,13 @@ async function deletePath(index) {
     const res = await fetch(getUrl(file.name), {
       method: "DELETE",
     });
-    if (res.status === 200) {
+    if (res.status >= 200 && res.status < 300) {
         document.getElementById(`addPath${index}`).remove();
         DATA.paths[index] = null;
         if (!DATA.paths.find(v => !!v)) {
           $pathsTable.classList.add("hidden");
+          $emptyFolder.textContent = dirEmptyNote;
+          $emptyFolder.classList.remove("hidden");
         }
     } else {
       throw new Error(await res.text())
@@ -216,7 +302,7 @@ function formatMtime(mtime) {
   const day = padZero(date.getDate(), 2);
   const hours = padZero(date.getHours(), 2);
   const minutes = padZero(date.getMinutes(), 2);
-  return `${year}/${month}/${day} ${hours}:${minutes}`;
+  return `${year}-${month}-${day} ${hours}:${minutes}`;
 }
 
 function padZero(value, size) {
@@ -224,19 +310,40 @@ function padZero(value, size) {
 }
 
 function formatSize(size) {
-  if (!size) return ""
+  if (!size) return []
   const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
-  if (size == 0) return '0 Byte';
+  if (size == 0) return [0, "Byte"];
   const i = parseInt(Math.floor(Math.log(size) / Math.log(1024)));
-  return Math.round(size / Math.pow(1024, i), 2) + ' ' + sizes[i];
+  return [Math.round(size / Math.pow(1024, i), 2), sizes[i]];
+}
+
+function formatDuration(seconds) {
+  seconds = Math.ceil(seconds);
+  let h = Math.floor(seconds / 3600);
+  let m = Math.floor((seconds - h * 3600) / 60);
+  let s = seconds - h * 3600 - m * 60
+  return `${padZero(h, 2)}:${padZero(m, 2)}:${padZero(s, 2)}`;
+}
+
+function formatPercent(precent) {
+  if (precent > 10) {
+    return precent.toFixed(1) + "%";
+  } else {
+    return precent.toFixed(2) + "%";
+  }
 }
 
 function ready() {
   $pathsTable = document.querySelector(".paths-table")
   $pathsTableBody = document.querySelector(".paths-table tbody");
   $uploadersTable = document.querySelector(".uploaders-table");
+  $emptyFolder = document.querySelector(".empty-folder");
 
-  addBreadcrumb(DATA.breadcrumb);
+  if (params.q) {
+    document.getElementById('search').value = params.q;
+  }
+
+  addBreadcrumb(DATA.href, DATA.uri_prefix);
   if (Array.isArray(DATA.paths)) {
     const len = DATA.paths.length;
     if (len > 0) {
@@ -245,6 +352,10 @@ function ready() {
     for (let i = 0; i < len; i++) {
       addPath(DATA.paths[i], i);
     }
+    if (len == 0) {
+      $emptyFolder.textContent = dirEmptyNote;
+      $emptyFolder.classList.remove("hidden");
+    }
   }
   if (DATA.allow_upload) {
     dropzone();

src/args.rs

@@ -1,24 +1,31 @@
-use clap::crate_description;
-use clap::{Arg, ArgMatches};
+use clap::{AppSettings, Arg, ArgMatches, Command};
 use rustls::{Certificate, PrivateKey};
-use std::net::SocketAddr;
+use std::env;
+use std::net::IpAddr;
 use std::path::{Path, PathBuf};
-use std::{env, fs, io};
 
+use crate::auth::AccessControl;
+use crate::tls::{load_certs, load_private_key};
 use crate::BoxResult;
 
-const ABOUT: &str = concat!("\n", crate_description!()); // Add extra newline.
-
-fn app() -> clap::Command<'static> {
-    clap::command!()
-        .about(ABOUT)
+fn app() -> Command<'static> {
+    Command::new(env!("CARGO_CRATE_NAME"))
+        .version(env!("CARGO_PKG_VERSION"))
+        .author(env!("CARGO_PKG_AUTHORS"))
+        .about(concat!(
+            env!("CARGO_PKG_DESCRIPTION"),
+            " - ",
+            env!("CARGO_PKG_REPOSITORY")
+        ))
+        .global_setting(AppSettings::DeriveDisplayOrder)
         .arg(
-            Arg::new("address")
+            Arg::new("bind")
                 .short('b')
                 .long("bind")
-                .default_value("127.0.0.1")
                 .help("Specify bind address")
-                .value_name("address"),
+                .multiple_values(true)
+                .multiple_occurrences(true)
+                .value_name("addr"),
         )
         .arg(
             Arg::new("port")
@@ -40,6 +47,15 @@ fn app() -> clap::Command<'static> {
                 .value_name("path")
                 .help("Specify an url path prefix"),
         )
+        .arg(
+            Arg::new("auth")
+                .short('a')
+                .long("auth")
+                .help("Add auth for path")
+                .multiple_values(true)
+                .multiple_occurrences(true)
+                .value_name("rule"),
+        )
         .arg(
             Arg::new("allow-all")
                 .short('A')
@@ -61,35 +77,26 @@ fn app() -> clap::Command<'static> {
                 .long("allow-symlink")
                 .help("Allow symlink to files/folders outside root directory"),
         )
+        .arg(
+            Arg::new("enable-cors")
+                .long("enable-cors")
+                .help("Enable CORS, sets `Access-Control-Allow-Origin: *`"),
+        )
         .arg(
             Arg::new("render-index")
                 .long("render-index")
                 .help("Render index.html when requesting a directory"),
         )
+        .arg(
+            Arg::new("render-try-index")
+                .long("render-try-index")
+                .help("Render index.html if it exists when requesting a directory"),
+        )
         .arg(
             Arg::new("render-spa")
                 .long("render-spa")
                 .help("Render for single-page application"),
         )
-        .arg(
-            Arg::new("auth")
-                .short('a')
-                .display_order(1)
-                .long("auth")
-                .help("Use HTTP authentication")
-                .value_name("user:pass"),
-        )
-        .arg(
-            Arg::new("no-auth-access")
-                .display_order(1)
-                .long("no-auth-access")
-                .help("Not required auth when access static files"),
-        )
-        .arg(
-            Arg::new("cors")
-                .long("cors")
-                .help("Enable CORS, sets `Access-Control-Allow-Origin: *`"),
-        )
         .arg(
             Arg::new("tls-cert")
                 .long("tls-cert")
@@ -108,20 +115,22 @@ pub fn matches() -> ArgMatches {
     app().get_matches()
 }
 
-#[derive(Debug, Clone, Eq, PartialEq)]
+#[derive(Debug, Clone)]
 pub struct Args {
-    pub address: String,
+    pub addrs: Vec<IpAddr>,
     pub port: u16,
     pub path: PathBuf,
-    pub path_prefix: Option<String>,
-    pub auth: Option<String>,
-    pub no_auth_access: bool,
+    pub path_is_file: bool,
+    pub path_prefix: String,
+    pub uri_prefix: String,
+    pub auth: AccessControl,
     pub allow_upload: bool,
     pub allow_delete: bool,
     pub allow_symlink: bool,
     pub render_index: bool,
     pub render_spa: bool,
-    pub cors: bool,
+    pub render_try_index: bool,
+    pub enable_cors: bool,
     pub tls: Option<(Vec<Certificate>, PrivateKey)>,
 }
 
@@ -131,17 +140,34 @@ impl Args {
     /// If a parsing error ocurred, exit the process and print out informative
     /// error message to user.
     pub fn parse(matches: ArgMatches) -> BoxResult<Args> {
-        let address = matches.value_of("address").unwrap_or_default().to_owned();
         let port = matches.value_of_t::<u16>("port")?;
+        let addrs = matches
+            .values_of("bind")
+            .map(|v| v.collect())
+            .unwrap_or_else(|| vec!["0.0.0.0", "::"]);
+        let addrs: Vec<IpAddr> = Args::parse_addrs(&addrs)?;
         let path = Args::parse_path(matches.value_of_os("path").unwrap_or_default())?;
-        let path_prefix = matches.value_of("path-prefix").map(|v| v.to_owned());
-        let cors = matches.is_present("cors");
-        let auth = matches.value_of("auth").map(|v| v.to_owned());
-        let no_auth_access = matches.is_present("no-auth-access");
+        let path_is_file = path.metadata()?.is_file();
+        let path_prefix = matches
+            .value_of("path-prefix")
+            .map(|v| v.trim_matches('/').to_owned())
+            .unwrap_or_default();
+        let uri_prefix = if path_prefix.is_empty() {
+            "/".to_owned()
+        } else {
+            format!("/{}/", &path_prefix)
+        };
+        let enable_cors = matches.is_present("enable-cors");
+        let auth: Vec<&str> = matches
+            .values_of("auth")
+            .map(|v| v.collect())
+            .unwrap_or_default();
+        let auth = AccessControl::new(&auth, &uri_prefix)?;
         let allow_upload = matches.is_present("allow-all") || matches.is_present("allow-upload");
         let allow_delete = matches.is_present("allow-all") || matches.is_present("allow-delete");
         let allow_symlink = matches.is_present("allow-all") || matches.is_present("allow-symlink");
         let render_index = matches.is_present("render-index");
+        let render_try_index = matches.is_present("render-try-index");
         let render_spa = matches.is_present("render-spa");
         let tls = match (matches.value_of("tls-cert"), matches.value_of("tls-key")) {
             (Some(certs_file), Some(key_file)) => {
@@ -153,27 +179,47 @@ impl Args {
         };
 
         Ok(Args {
-            address,
+            addrs,
             port,
             path,
+            path_is_file,
             path_prefix,
+            uri_prefix,
             auth,
-            no_auth_access,
-            cors,
+            enable_cors,
             allow_delete,
             allow_upload,
             allow_symlink,
             render_index,
+            render_try_index,
             render_spa,
             tls,
         })
     }
 
-    /// Parse path.
+    fn parse_addrs(addrs: &[&str]) -> BoxResult<Vec<IpAddr>> {
+        let mut ip_addrs = vec![];
+        let mut invalid_addrs = vec![];
+        for addr in addrs {
+            match addr.parse::<IpAddr>() {
+                Ok(v) => {
+                    ip_addrs.push(v);
+                }
+                Err(_) => {
+                    invalid_addrs.push(*addr);
+                }
+            }
+        }
+        if !invalid_addrs.is_empty() {
+            return Err(format!("Invalid bind address `{}`", invalid_addrs.join(",")).into());
+        }
+        Ok(ip_addrs)
+    }
+
     fn parse_path<P: AsRef<Path>>(path: P) -> BoxResult<PathBuf> {
         let path = path.as_ref();
         if !path.exists() {
-            bail!("error: path \"{}\" doesn't exist", path.display());
+            return Err(format!("Path `{}` doesn't exist", path.display()).into());
         }
 
         env::current_dir()
@@ -181,58 +227,6 @@ impl Args {
                 p.push(path); // If path is absolute, it replaces the current path.
                 std::fs::canonicalize(p)
             })
-            .or_else(|err| {
-                bail!(
-                    "error: failed to access path \"{}\": {}",
-                    path.display(),
-                    err,
-                )
-            })
-    }
-
-    /// Construct socket address from arguments.
-    pub fn address(&self) -> BoxResult<SocketAddr> {
-        format!("{}:{}", self.address, self.port)
-            .parse()
-            .or_else(|err| {
-                bail!(
-                    "error: invalid address {}:{} : {}",
-                    self.address,
-                    self.port,
-                    err,
-                )
-            })
+            .map_err(|err| format!("Failed to access path `{}`: {}", path.display(), err,).into())
     }
 }
-
-// Load public certificate from file.
-pub fn load_certs(filename: &str) -> BoxResult<Vec<Certificate>> {
-    // Open certificate file.
-    let certfile =
-        fs::File::open(&filename).map_err(|e| format!("Failed to open {}: {}", &filename, e))?;
-    let mut reader = io::BufReader::new(certfile);
-
-    // Load and return certificate.
-    let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
-    if certs.is_empty() {
-        return Err("Expected at least one certificate".into());
-    }
-    Ok(certs.into_iter().map(Certificate).collect())
-}
-
-// Load private key from file.
-pub fn load_private_key(filename: &str) -> BoxResult<PrivateKey> {
-    // Open keyfile.
-    let keyfile =
-        fs::File::open(&filename).map_err(|e| format!("Failed to open {}: {}", &filename, e))?;
-    let mut reader = io::BufReader::new(keyfile);
-
-    // Load and return a single private key.
-    let keys = rustls_pemfile::rsa_private_keys(&mut reader)
-        .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?;
-
-    if keys.len() != 1 {
-        return Err("Expected a single private key".into());
-    }
-    Ok(PrivateKey(keys[0].to_owned()))
-}

src/auth.rs

@@ -0,0 +1,343 @@
+use headers::HeaderValue;
+use hyper::Method;
+use lazy_static::lazy_static;
+use md5::Context;
+use std::{
+    collections::HashMap,
+    time::{SystemTime, UNIX_EPOCH},
+};
+use uuid::Uuid;
+
+use crate::utils::encode_uri;
+use crate::BoxResult;
+
+const REALM: &str = "DUFS";
+
+lazy_static! {
+    static ref NONCESTARTHASH: Context = {
+        let mut h = Context::new();
+        h.consume(Uuid::new_v4().as_bytes());
+        h.consume(std::process::id().to_be_bytes());
+        h
+    };
+}
+
+#[derive(Debug, Clone)]
+pub struct AccessControl {
+    rules: HashMap<String, PathControl>,
+}
+
+#[derive(Debug, Clone)]
+pub struct PathControl {
+    readwrite: Account,
+    readonly: Option<Account>,
+    share: bool,
+}
+
+impl AccessControl {
+    pub fn new(raw_rules: &[&str], uri_prefix: &str) -> BoxResult<Self> {
+        let mut rules = HashMap::default();
+        if raw_rules.is_empty() {
+            return Ok(Self { rules });
+        }
+        for rule in raw_rules {
+            let parts: Vec<&str> = rule.split('@').collect();
+            let create_err = || format!("Invalid auth `{}`", rule).into();
+            match parts.as_slice() {
+                [path, readwrite] => {
+                    let control = PathControl {
+                        readwrite: Account::new(readwrite).ok_or_else(create_err)?,
+                        readonly: None,
+                        share: false,
+                    };
+                    rules.insert(sanitize_path(path, uri_prefix), control);
+                }
+                [path, readwrite, readonly] => {
+                    let (readonly, share) = if *readonly == "*" {
+                        (None, true)
+                    } else {
+                        (Some(Account::new(readonly).ok_or_else(create_err)?), false)
+                    };
+                    let control = PathControl {
+                        readwrite: Account::new(readwrite).ok_or_else(create_err)?,
+                        readonly,
+                        share,
+                    };
+                    rules.insert(sanitize_path(path, uri_prefix), control);
+                }
+                _ => return Err(create_err()),
+            }
+        }
+        Ok(Self { rules })
+    }
+
+    pub fn guard(
+        &self,
+        path: &str,
+        method: &Method,
+        authorization: Option<&HeaderValue>,
+    ) -> GuardType {
+        if self.rules.is_empty() {
+            return GuardType::ReadWrite;
+        }
+        let mut controls = vec![];
+        for path in walk_path(path) {
+            if let Some(control) = self.rules.get(path) {
+                controls.push(control);
+                if let Some(authorization) = authorization {
+                    let Account { user, pass } = &control.readwrite;
+                    if valid_digest(authorization, method.as_str(), user, pass).is_some() {
+                        return GuardType::ReadWrite;
+                    }
+                }
+            }
+        }
+        if is_readonly_method(method) {
+            for control in controls.into_iter() {
+                if control.share {
+                    return GuardType::ReadOnly;
+                }
+                if let Some(authorization) = authorization {
+                    if let Some(Account { user, pass }) = &control.readonly {
+                        if valid_digest(authorization, method.as_str(), user, pass).is_some() {
+                            return GuardType::ReadOnly;
+                        }
+                    }
+                }
+            }
+        }
+        GuardType::Reject
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
+pub enum GuardType {
+    Reject,
+    ReadWrite,
+    ReadOnly,
+}
+
+impl GuardType {
+    pub fn is_reject(&self) -> bool {
+        *self == GuardType::Reject
+    }
+}
+
+fn sanitize_path(path: &str, uri_prefix: &str) -> String {
+    encode_uri(&format!("{}{}", uri_prefix, path.trim_matches('/')))
+}
+
+fn walk_path(path: &str) -> impl Iterator<Item = &str> {
+    let mut idx = 0;
+    path.split('/').enumerate().map(move |(i, part)| {
+        let end = if i == 0 { 1 } else { idx + part.len() + i };
+        let value = &path[..end];
+        idx += part.len();
+        value
+    })
+}
+
+fn is_readonly_method(method: &Method) -> bool {
+    method == Method::GET
+        || method == Method::OPTIONS
+        || method == Method::HEAD
+        || method.as_str() == "PROPFIND"
+}
+
+#[derive(Debug, Clone)]
+struct Account {
+    user: String,
+    pass: String,
+}
+
+impl Account {
+    fn new(data: &str) -> Option<Self> {
+        let p: Vec<&str> = data.trim().split(':').collect();
+        if p.len() != 2 {
+            return None;
+        }
+        let user = p[0];
+        let pass = p[1];
+        let mut h = Context::new();
+        h.consume(format!("{}:{}:{}", user, REALM, pass).as_bytes());
+        Some(Account {
+            user: user.to_owned(),
+            pass: format!("{:x}", h.compute()),
+        })
+    }
+}
+
+pub fn generate_www_auth(stale: bool) -> String {
+    let str_stale = if stale { "stale=true," } else { "" };
+    format!(
+        "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\"",
+        REALM,
+        create_nonce(),
+        str_stale
+    )
+}
+
+pub fn valid_digest(
+    authorization: &HeaderValue,
+    method: &str,
+    auth_user: &str,
+    auth_pass: &str,
+) -> Option<()> {
+    let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
+    let user_vals = to_headermap(digest_value).ok()?;
+    if let (Some(username), Some(nonce), Some(user_response)) = (
+        user_vals
+            .get(b"username".as_ref())
+            .and_then(|b| std::str::from_utf8(*b).ok()),
+        user_vals.get(b"nonce".as_ref()),
+        user_vals.get(b"response".as_ref()),
+    ) {
+        match validate_nonce(nonce) {
+            Ok(true) => {}
+            _ => return None,
+        }
+        if auth_user != username {
+            return None;
+        }
+        let mut ha = Context::new();
+        ha.consume(method);
+        ha.consume(b":");
+        if let Some(uri) = user_vals.get(b"uri".as_ref()) {
+            ha.consume(uri);
+        }
+        let ha = format!("{:x}", ha.compute());
+        let mut correct_response = None;
+        if let Some(qop) = user_vals.get(b"qop".as_ref()) {
+            if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
+                correct_response = Some({
+                    let mut c = Context::new();
+                    c.consume(&auth_pass);
+                    c.consume(b":");
+                    c.consume(nonce);
+                    c.consume(b":");
+                    if let Some(nc) = user_vals.get(b"nc".as_ref()) {
+                        c.consume(nc);
+                    }
+                    c.consume(b":");
+                    if let Some(cnonce) = user_vals.get(b"cnonce".as_ref()) {
+                        c.consume(cnonce);
+                    }
+                    c.consume(b":");
+                    c.consume(qop);
+                    c.consume(b":");
+                    c.consume(&*ha);
+                    format!("{:x}", c.compute())
+                });
+            }
+        }
+        let correct_response = match correct_response {
+            Some(r) => r,
+            None => {
+                let mut c = Context::new();
+                c.consume(&auth_pass);
+                c.consume(b":");
+                c.consume(nonce);
+                c.consume(b":");
+                c.consume(&*ha);
+                format!("{:x}", c.compute())
+            }
+        };
+        if correct_response.as_bytes() == *user_response {
+            // grant access
+            return Some(());
+        }
+    }
+    None
+}
+
+/// Check if a nonce is still valid.
+/// Return an error if it was never valid
+fn validate_nonce(nonce: &[u8]) -> Result<bool, ()> {
+    if nonce.len() != 34 {
+        return Err(());
+    }
+    //parse hex
+    if let Ok(n) = std::str::from_utf8(nonce) {
+        //get time
+        if let Ok(secs_nonce) = u32::from_str_radix(&n[..8], 16) {
+            //check time
+            let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+            let secs_now = now.as_secs() as u32;
+
+            if let Some(dur) = secs_now.checked_sub(secs_nonce) {
+                //check hash
+                let mut h = NONCESTARTHASH.clone();
+                h.consume(secs_nonce.to_be_bytes());
+                let h = format!("{:x}", h.compute());
+                if h[..26] == n[8..34] {
+                    return Ok(dur < 300); // from the last 5min
+                                          //Authentication-Info ?
+                }
+            }
+        }
+    }
+    Err(())
+}
+
+fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
+    let l = prefix.len();
+    if search.len() < l {
+        return None;
+    }
+    if &search[..l] == prefix {
+        Some(&search[l..])
+    } else {
+        None
+    }
+}
+
+fn to_headermap(header: &[u8]) -> Result<HashMap<&[u8], &[u8]>, ()> {
+    let mut sep = Vec::new();
+    let mut asign = Vec::new();
+    let mut i: usize = 0;
+    let mut esc = false;
+    for c in header {
+        match (c, esc) {
+            (b'=', false) => asign.push(i),
+            (b',', false) => sep.push(i),
+            (b'"', false) => esc = true,
+            (b'"', true) => esc = false,
+            _ => {}
+        }
+        i += 1;
+    }
+    sep.push(i); // same len for both Vecs
+
+    i = 0;
+    let mut ret = HashMap::new();
+    for (&k, &a) in sep.iter().zip(asign.iter()) {
+        while header[i] == b' ' {
+            i += 1;
+        }
+        if a <= i || k <= 1 + a {
+            //keys and vals must contain one char
+            return Err(());
+        }
+        let key = &header[i..a];
+        let val = if header[1 + a] == b'"' && header[k - 1] == b'"' {
+            //escaped
+            &header[2 + a..k - 1]
+        } else {
+            //not escaped
+            &header[1 + a..k]
+        };
+        i = 1 + k;
+        ret.insert(key, val);
+    }
+    Ok(ret)
+}
+
+fn create_nonce() -> String {
+    let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+    let secs = now.as_secs() as u32;
+    let mut h = NONCESTARTHASH.clone();
+    h.consume(secs.to_be_bytes());
+
+    let n = format!("{:08x}{:032x}", secs, h.compute());
+    n[..34].to_string()
+}

src/main.rs

@@ -1,16 +1,30 @@
-macro_rules! bail {
-    ($($tt:tt)*) => {
-        return Err(From::from(format!($($tt)*)))
-    }
-}
-
 mod args;
+mod auth;
 mod server;
+mod streamer;
+mod tls;
+mod utils;
 
-pub type BoxResult<T> = Result<T, Box<dyn std::error::Error>>;
+#[macro_use]
+extern crate log;
 
 use crate::args::{matches, Args};
-use crate::server::serve;
+use crate::server::{Request, Server};
+use crate::tls::{TlsAcceptor, TlsStream};
+
+use std::io::Write;
+use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
+use std::{env, sync::Arc};
+
+use futures::future::join_all;
+use tokio::net::TcpListener;
+use tokio::task::JoinHandle;
+
+use hyper::server::conn::{AddrIncoming, AddrStream};
+use hyper::service::{make_service_fn, service_fn};
+use rustls::ServerConfig;
+
+pub type BoxResult<T> = Result<T, Box<dyn std::error::Error>>;
 
 #[tokio::main]
 async fn main() {
@@ -18,11 +32,158 @@ async fn main() {
 }
 
 async fn run() -> BoxResult<()> {
+    if env::var("RUST_LOG").is_err() {
+        env::set_var("RUST_LOG", "info")
+    }
+    env_logger::builder()
+        .format(|buf, record| {
+            let timestamp = buf.timestamp_millis();
+            writeln!(buf, "[{} {}] {}", timestamp, record.level(), record.args())
+        })
+        .init();
+
     let args = Args::parse(matches())?;
-    serve(args).await
+    let args = Arc::new(args);
+    let handles = serve(args.clone())?;
+    print_listening(args)?;
+
+    tokio::select! {
+        ret = join_all(handles) => {
+            for r in ret {
+                if let Err(e) = r {
+                    error!("{}", e);
+                }
+            }
+            Ok(())
+        },
+        _ = shutdown_signal() => {
+            Ok(())
+        },
+    }
+}
+
+fn serve(args: Arc<Args>) -> BoxResult<Vec<JoinHandle<Result<(), hyper::Error>>>> {
+    let inner = Arc::new(Server::new(args.clone()));
+    let mut handles = vec![];
+    let port = args.port;
+    for ip in args.addrs.iter() {
+        let inner = inner.clone();
+        let incoming = create_addr_incoming(SocketAddr::new(*ip, port))
+            .map_err(|e| format!("Failed to bind `{}:{}`, {}", ip, port, e))?;
+        let serv_func = move |remote_addr: SocketAddr| {
+            let inner = inner.clone();
+            async move {
+                Ok::<_, hyper::Error>(service_fn(move |req: Request| {
+                    let inner = inner.clone();
+                    inner.call(req, remote_addr)
+                }))
+            }
+        };
+        match args.tls.clone() {
+            Some((certs, key)) => {
+                let config = ServerConfig::builder()
+                    .with_safe_defaults()
+                    .with_no_client_auth()
+                    .with_single_cert(certs, key)?;
+                let config = Arc::new(config);
+                let accepter = TlsAcceptor::new(config.clone(), incoming);
+                let new_service = make_service_fn(move |socket: &TlsStream| {
+                    let remote_addr = socket.remote_addr();
+                    serv_func(remote_addr)
+                });
+                let server = tokio::spawn(hyper::Server::builder(accepter).serve(new_service));
+                handles.push(server);
+            }
+            None => {
+                let new_service = make_service_fn(move |socket: &AddrStream| {
+                    let remote_addr = socket.remote_addr();
+                    serv_func(remote_addr)
+                });
+                let server = tokio::spawn(hyper::Server::builder(incoming).serve(new_service));
+                handles.push(server);
+            }
+        };
+    }
+    Ok(handles)
+}
+
+fn create_addr_incoming(addr: SocketAddr) -> BoxResult<AddrIncoming> {
+    use socket2::{Domain, Protocol, Socket, Type};
+    let socket = Socket::new(Domain::for_address(addr), Type::STREAM, Some(Protocol::TCP))?;
+    if addr.is_ipv6() {
+        socket.set_only_v6(true)?;
+    }
+    socket.set_reuse_address(true)?;
+    socket.bind(&addr.into())?;
+    socket.listen(1024 /* Default backlog */)?;
+    let std_listener = StdTcpListener::from(socket);
+    std_listener.set_nonblocking(true)?;
+    let incoming = AddrIncoming::from_listener(TcpListener::from_std(std_listener)?)?;
+    Ok(incoming)
+}
+
+fn print_listening(args: Arc<Args>) -> BoxResult<()> {
+    let mut addrs = vec![];
+    let (mut ipv4, mut ipv6) = (false, false);
+    for ip in args.addrs.iter() {
+        if ip.is_unspecified() {
+            if ip.is_ipv6() {
+                ipv6 = true;
+            } else {
+                ipv4 = true;
+            }
+        } else {
+            addrs.push(*ip);
+        }
+    }
+    if ipv4 || ipv6 {
+        let ifaces = get_if_addrs::get_if_addrs()
+            .map_err(|e| format!("Failed to get local interface addresses: {}", e))?;
+        for iface in ifaces.into_iter() {
+            let local_ip = iface.ip();
+            if ipv4 && local_ip.is_ipv4() {
+                addrs.push(local_ip)
+            }
+            if ipv6 && local_ip.is_ipv6() {
+                addrs.push(local_ip)
+            }
+        }
+    }
+    addrs.sort_unstable();
+    let urls = addrs
+        .into_iter()
+        .map(|addr| match addr {
+            IpAddr::V4(_) => format!("{}:{}", addr, args.port),
+            IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
+        })
+        .map(|addr| match &args.tls {
+            Some(_) => format!("https://{}", addr),
+            None => format!("http://{}", addr),
+        })
+        .map(|url| format!("{}{}", url, args.uri_prefix))
+        .collect::<Vec<_>>();
+
+    if urls.len() == 1 {
+        println!("Listening on {}", urls[0]);
+    } else {
+        let info = urls
+            .iter()
+            .map(|v| format!("  {}", v))
+            .collect::<Vec<String>>()
+            .join("\n");
+        println!("Listening on:\n{}\n", info);
+    }
+
+    Ok(())
 }
 
 fn handle_err<T>(err: Box<dyn std::error::Error>) -> T {
-    eprintln!("Server error: {}", err);
+    eprintln!("error: {}", err);
     std::process::exit(1);
 }
+
+async fn shutdown_signal() {
+    tokio::signal::ctrl_c()
+        .await
+        .expect("Failed to install CTRL+C signal handler")
+}

src/streamer.rs

@@ -0,0 +1,68 @@
+use async_stream::stream;
+use futures::{Stream, StreamExt};
+use std::io::Error;
+use std::pin::Pin;
+use tokio::io::{AsyncRead, AsyncReadExt};
+
+pub struct Streamer<R>
+where
+    R: AsyncRead + Unpin + Send + 'static,
+{
+    reader: R,
+    buf_size: usize,
+}
+
+impl<R> Streamer<R>
+where
+    R: AsyncRead + Unpin + Send + 'static,
+{
+    #[inline]
+    pub fn new(reader: R, buf_size: usize) -> Self {
+        Self { reader, buf_size }
+    }
+    pub fn into_stream(
+        mut self,
+    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
+        let stream = stream! {
+            loop {
+                let mut buf = vec![0; self.buf_size];
+                let r = self.reader.read(&mut buf).await?;
+                if r == 0 {
+                    break
+                }
+                buf.truncate(r);
+                yield Ok(buf);
+            }
+        };
+        stream.boxed()
+    }
+    // allow truncation as truncated remaining is always less than buf_size: usize
+    pub fn into_stream_sized(
+        mut self,
+        max_length: u64,
+    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
+        let stream = stream! {
+        let mut remaining = max_length;
+            loop {
+                if remaining == 0 {
+                    break;
+                }
+                let bs = if remaining >= self.buf_size as u64 {
+                    self.buf_size
+                } else {
+                    remaining as usize
+                };
+                let mut buf = vec![0; bs];
+                let r = self.reader.read(&mut buf).await?;
+                if r == 0 {
+                    break;
+                } else {
+                    buf.truncate(r);
+                    yield Ok(buf);
+                }
+                remaining -= r as u64;
+            }
+        };
+        stream.boxed()
+    }
+}

src/tls.rs

@@ -0,0 +1,158 @@
+use core::task::{Context, Poll};
+use futures::ready;
+use hyper::server::accept::Accept;
+use hyper::server::conn::{AddrIncoming, AddrStream};
+use rustls::{Certificate, PrivateKey};
+use std::future::Future;
+use std::net::SocketAddr;
+use std::pin::Pin;
+use std::sync::Arc;
+use std::{fs, io};
+use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
+use tokio_rustls::rustls::ServerConfig;
+
+enum State {
+    Handshaking(tokio_rustls::Accept<AddrStream>),
+    Streaming(tokio_rustls::server::TlsStream<AddrStream>),
+}
+
+// tokio_rustls::server::TlsStream doesn't expose constructor methods,
+// so we have to TlsAcceptor::accept and handshake to have access to it
+// TlsStream implements AsyncRead/AsyncWrite handshaking tokio_rustls::Accept first
+pub struct TlsStream {
+    state: State,
+    remote_addr: SocketAddr,
+}
+
+impl TlsStream {
+    fn new(stream: AddrStream, config: Arc<ServerConfig>) -> TlsStream {
+        let remote_addr = stream.remote_addr();
+        let accept = tokio_rustls::TlsAcceptor::from(config).accept(stream);
+        TlsStream {
+            state: State::Handshaking(accept),
+            remote_addr,
+        }
+    }
+    pub fn remote_addr(&self) -> SocketAddr {
+        self.remote_addr
+    }
+}
+
+impl AsyncRead for TlsStream {
+    fn poll_read(
+        self: Pin<&mut Self>,
+        cx: &mut Context,
+        buf: &mut ReadBuf,
+    ) -> Poll<io::Result<()>> {
+        let pin = self.get_mut();
+        match pin.state {
+            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
+                Ok(mut stream) => {
+                    let result = Pin::new(&mut stream).poll_read(cx, buf);
+                    pin.state = State::Streaming(stream);
+                    result
+                }
+                Err(err) => Poll::Ready(Err(err)),
+            },
+            State::Streaming(ref mut stream) => Pin::new(stream).poll_read(cx, buf),
+        }
+    }
+}
+
+impl AsyncWrite for TlsStream {
+    fn poll_write(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<io::Result<usize>> {
+        let pin = self.get_mut();
+        match pin.state {
+            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
+                Ok(mut stream) => {
+                    let result = Pin::new(&mut stream).poll_write(cx, buf);
+                    pin.state = State::Streaming(stream);
+                    result
+                }
+                Err(err) => Poll::Ready(Err(err)),
+            },
+            State::Streaming(ref mut stream) => Pin::new(stream).poll_write(cx, buf),
+        }
+    }
+
+    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        match self.state {
+            State::Handshaking(_) => Poll::Ready(Ok(())),
+            State::Streaming(ref mut stream) => Pin::new(stream).poll_flush(cx),
+        }
+    }
+
+    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        match self.state {
+            State::Handshaking(_) => Poll::Ready(Ok(())),
+            State::Streaming(ref mut stream) => Pin::new(stream).poll_shutdown(cx),
+        }
+    }
+}
+
+pub struct TlsAcceptor {
+    config: Arc<ServerConfig>,
+    incoming: AddrIncoming,
+}
+
+impl TlsAcceptor {
+    pub fn new(config: Arc<ServerConfig>, incoming: AddrIncoming) -> TlsAcceptor {
+        TlsAcceptor { config, incoming }
+    }
+}
+
+impl Accept for TlsAcceptor {
+    type Conn = TlsStream;
+    type Error = io::Error;
+
+    fn poll_accept(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+    ) -> Poll<Option<Result<Self::Conn, Self::Error>>> {
+        let pin = self.get_mut();
+        match ready!(Pin::new(&mut pin.incoming).poll_accept(cx)) {
+            Some(Ok(sock)) => Poll::Ready(Some(Ok(TlsStream::new(sock, pin.config.clone())))),
+            Some(Err(e)) => Poll::Ready(Some(Err(e))),
+            None => Poll::Ready(None),
+        }
+    }
+}
+
+// Load public certificate from file.
+pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error::Error>> {
+    // Open certificate file.
+    let certfile = fs::File::open(&filename)
+        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
+    let mut reader = io::BufReader::new(certfile);
+
+    // Load and return certificate.
+    let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
+    if certs.is_empty() {
+        return Err("No supported certificate in file".into());
+    }
+    Ok(certs.into_iter().map(Certificate).collect())
+}
+
+// Load private key from file.
+pub fn load_private_key(filename: &str) -> Result<PrivateKey, Box<dyn std::error::Error>> {
+    // Open keyfile.
+    let keyfile = fs::File::open(&filename)
+        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
+    let mut reader = io::BufReader::new(keyfile);
+
+    // Load and return a single private key.
+    let keys = rustls_pemfile::read_all(&mut reader)
+        .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?
+        .into_iter()
+        .find_map(|item| match item {
+            rustls_pemfile::Item::RSAKey(key) | rustls_pemfile::Item::PKCS8Key(key) => Some(key),
+            _ => None,
+        })
+        .ok_or("No supported private key in file")?;
+
+    Ok(PrivateKey(keys))
+}

src/utils.rs

@@ -0,0 +1,12 @@
+use std::borrow::Cow;
+
+pub fn encode_uri(v: &str) -> String {
+    let parts: Vec<_> = v.split('/').map(urlencoding::encode).collect();
+    parts.join("/")
+}
+
+pub fn decode_uri(v: &str) -> Option<Cow<str>> {
+    percent_encoding::percent_decode(v.as_bytes())
+        .decode_utf8()
+        .ok()
+}

tests/allow.rs

@@ -0,0 +1,61 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer};
+use rstest::rstest;
+
+#[rstest]
+fn default_not_allow_upload(server: TestServer) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn default_not_allow_delete(server: TestServer) -> Result<(), Error> {
+    let url = format!("{}test.html", server.url());
+    let resp = fetch!(b"DELETE", &url).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn default_not_exist_dir(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}404/", server.url()))?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn allow_upload_not_exist_dir(
+    #[with(&["--allow-upload"])] server: TestServer,
+) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}404/", server.url()))?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn allow_upload_no_override(#[with(&["--allow-upload"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn allow_delete_no_override(#[with(&["--allow-delete"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn allow_upload_delete_can_override(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}

tests/args.rs

@@ -0,0 +1,53 @@
+mod fixtures;
+mod utils;
+
+use assert_cmd::prelude::*;
+use assert_fs::fixture::TempDir;
+use fixtures::{port, server, tmpdir, wait_for_port, Error, TestServer};
+use rstest::rstest;
+use std::process::{Command, Stdio};
+
+#[rstest]
+fn path_prefix_index(#[with(&["--path-prefix", "xyz"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), "xyz"))?;
+    assert_index_resp!(resp);
+    Ok(())
+}
+
+#[rstest]
+fn path_prefix_file(#[with(&["--path-prefix", "xyz"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}/index.html", server.url(), "xyz"))?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.text()?, "This is index.html");
+    Ok(())
+}
+
+#[rstest]
+fn path_prefix_propfind(
+    #[with(&["--path-prefix", "xyz"])] server: TestServer,
+) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", format!("{}{}", server.url(), "xyz")).send()?;
+    let text = resp.text()?;
+    assert!(text.contains("<D:href>/xyz/</D:href>"));
+    Ok(())
+}
+
+#[rstest]
+#[case("index.html")]
+fn serve_single_file(tmpdir: TempDir, port: u16, #[case] file: &str) -> Result<(), Error> {
+    let mut child = Command::cargo_bin("dufs")?
+        .env("RUST_LOG", "false")
+        .arg(tmpdir.path().join(file))
+        .arg("-p")
+        .arg(port.to_string())
+        .stdout(Stdio::piped())
+        .spawn()?;
+
+    wait_for_port(port);
+
+    let resp = reqwest::blocking::get(format!("http://localhost:{}/index.html", port))?;
+    assert_eq!(resp.text()?, "This is index.html");
+
+    child.kill()?;
+    Ok(())
+}

tests/auth.rs

@@ -0,0 +1,82 @@
+mod fixtures;
+mod utils;
+
+use diqwest::blocking::WithDigestAuth;
+use fixtures::{server, Error, TestServer};
+use rstest::rstest;
+
+#[rstest]
+fn no_auth(#[with(&["--auth", "/@user:pass", "-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    assert_eq!(resp.status(), 401);
+    assert!(resp.headers().contains_key("www-authenticate"));
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    Ok(())
+}
+
+#[rstest]
+fn auth(#[with(&["--auth", "/@user:pass", "-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}
+
+#[rstest]
+fn auth_skip(#[with(&["--auth", "/@user:pass@*"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn auth_readonly(
+    #[with(&["--auth", "/@user:pass@user2:pass2", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"GET", &url).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"GET", &url).send_with_digest_auth("user2", "pass2")?;
+    assert_eq!(resp.status(), 200);
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user2", "pass2")?;
+    assert_eq!(resp.status(), 401);
+    Ok(())
+}
+
+#[rstest]
+fn auth_nest(
+    #[with(&["--auth", "/@user:pass@user2:pass2", "--auth", "/dira@user3:pass3", "-A"])]
+    server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}dira/file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user3", "pass3")?;
+    assert_eq!(resp.status(), 201);
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}
+
+#[rstest]
+fn auth_nest_share(
+    #[with(&["--auth", "/@user:pass@*", "--auth", "/dira@user3:pass3", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"GET", &url).send()?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}

tests/bind.rs

@@ -0,0 +1,87 @@
+mod fixtures;
+
+use fixtures::{port, server, tmpdir, wait_for_port, Error, TestServer};
+
+use assert_cmd::prelude::*;
+use assert_fs::fixture::TempDir;
+use regex::Regex;
+use rstest::rstest;
+use std::io::{BufRead, BufReader};
+use std::process::{Command, Stdio};
+
+#[rstest]
+#[case(&["-b", "20.205.243.166"])]
+fn bind_fails(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error> {
+    Command::cargo_bin("dufs")?
+        .env("RUST_LOG", "false")
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(args)
+        .assert()
+        .stderr(predicates::str::contains("Failed to bind"))
+        .failure();
+
+    Ok(())
+}
+
+#[rstest]
+#[case(server(&[] as &[&str]), true, true)]
+#[case(server(&["-b", "0.0.0.0"]), true, false)]
+#[case(server(&["-b", "127.0.0.1", "-b", "::1"]), true, true)]
+fn bind_ipv4_ipv6(
+    #[case] server: TestServer,
+    #[case] bind_ipv4: bool,
+    #[case] bind_ipv6: bool,
+) -> Result<(), Error> {
+    assert_eq!(
+        reqwest::blocking::get(format!("http://127.0.0.1:{}", server.port()).as_str()).is_ok(),
+        bind_ipv4
+    );
+    assert_eq!(
+        reqwest::blocking::get(format!("http://[::1]:{}", server.port()).as_str()).is_ok(),
+        bind_ipv6
+    );
+
+    Ok(())
+}
+
+#[rstest]
+#[case(&[] as &[&str])]
+#[case(&["--path-prefix", "/prefix"])]
+fn validate_printed_urls(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error> {
+    let mut child = Command::cargo_bin("dufs")?
+        .env("RUST_LOG", "false")
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(args)
+        .stdout(Stdio::piped())
+        .spawn()?;
+
+    wait_for_port(port);
+
+    // WARN assumes urls list is terminated by an empty line
+    let url_lines = BufReader::new(child.stdout.take().unwrap())
+        .lines()
+        .map(|line| line.expect("Error reading stdout"))
+        .take_while(|line| !line.is_empty()) /* non-empty lines */
+        .collect::<Vec<_>>();
+    let url_lines = url_lines.join("\n");
+
+    let urls = Regex::new(r"http://[a-zA-Z0-9\.\[\]:/]+")
+        .unwrap()
+        .captures_iter(url_lines.as_str())
+        .map(|caps| caps.get(0).unwrap().as_str())
+        .collect::<Vec<_>>();
+
+    assert!(!urls.is_empty());
+
+    for url in urls {
+        reqwest::blocking::get(url)?.error_for_status()?;
+    }
+
+    child.kill()?;
+
+    Ok(())
+}

tests/cors.rs

@@ -0,0 +1,37 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer};
+use rstest::rstest;
+
+#[rstest]
+fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+
+    assert_eq!(
+        resp.headers().get("access-control-allow-origin").unwrap(),
+        "*"
+    );
+    assert_eq!(
+        resp.headers().get("access-control-allow-headers").unwrap(),
+        "range, content-type, accept, origin, www-authenticate"
+    );
+
+    Ok(())
+}
+
+#[rstest]
+fn cors_options(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"OPTIONS", server.url()).send()?;
+
+    assert_eq!(
+        resp.headers().get("access-control-allow-origin").unwrap(),
+        "*"
+    );
+    assert_eq!(
+        resp.headers().get("access-control-allow-headers").unwrap(),
+        "range, content-type, accept, origin, www-authenticate"
+    );
+
+    Ok(())
+}

tests/data/cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCTCCAvGgAwIBAgIUcegjikATvwNSIbN43QybKWIcKSMwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDYxMTA4NTQyMloXDTMyMDYw
+ODA4NTQyMlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAo2wdMbFPkX7CAF/Y+hVj5bwm4dlxhwW2Z9Ic2RZFC5w2
+oK2XwyasDBEqDlgv/bN4xObAVlDZ/4/SuTVSDrNB8dtQl7GTWptpbFKJUdNocU88
+wqd4k/cLZg2aiQqnZKD88w/AxXnYw+F8yU0pFGj9GX0S5at3/V1hrBVxVO8Y99bb
+gnJA8NMm0Pw2xYZS++ULuzoECk0xbNdtbtPrIuweI5mMvsJvtiw67EIdl3N9Lj5p
+L4a7X1C0Xk5H4mOcwM0qq3m31HsCW91PMCjU6suo764rx5Jqv0n9HCNxdiSEadCw
+f+GrmKtFOw3DcGPETg5AJR8H3rG1agKKjI+vRtL/tZ7coFOhZKXdjGvvUFcWcqO+
+GppHh16pzJDXi2qeD9Cu5b2ayM2uBnfV7Q3FjOeDqD+BCJ0ClaqNmAD9TF2htzdu
+Inl+G3OJb4cqaYjaF5YmiZISfrimK5eR2I3et5cqnbuDHMKvDfUd9Jgj/2IqPOHJ
+EguuXSO7WNKfQmlTv7EN/xrD6jiB/M8ADaSxjCqTbtKNyCbJlu2Wy9WlDXwPkNW8
+g70T4Br4U4Iy3N/0w2lAAhiizdC2jkehSKmWE2nmixGSXxkSOMgXQXDJ9RBtDQfd
+8ym/ADfyVndUSnHvf9jCH1NPHlFbB7RVSvUHX22Qq63NUvhV32ct+/IyD/qPpl0C
+AwEAAaNTMFEwHQYDVR0OBBYEFKwSSbPXBIkmzja3/cNJyqhWy96WMB8GA1UdIwQY
+MBaAFKwSSbPXBIkmzja3/cNJyqhWy96WMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAHcrdu1nGDN5YvcHXzbBx73AC921fmn5xxzeFRO7af157g5h
+4zornLMk4Obp+UGkMbWK4K0NAQXKKm5WjcmoOHNRg7TgTE7b1gcVuS4phdwlIqA6
+eZGg+NWZyeaIJNjdHgWgGoe+S+5Ne1I7sDKiEXrOzITJrDcQgBKFF08kqT6UNY2W
+q90m+olPtrewAMgWllpxJ90u4qifPcwP+neDZJim9MhVYtHHeFsmyzlS185iasj8
+sxvp5HDTopmz0tDuiLHvOMKmyf7vapsnbqEGngQi2qV9rBmldyRLnWSe8u/FN31f
+zhSk1ikSm1cQ/iyL898XexSmTafyaF8ELswdIMHkGZkVQurWeKn3/CEDXokXkpMI
+4dlCSgM7SU+XtcjtXbR8/pHpcW2ZnBR0la/qIv81aNKkJeUkTcPC8BUv4jI/oT6z
+LRrvRjMnHJjnADACuutlNRU4/e7h1XuvlXgFHsp63k7GJXouoIwdHjfkErZXsoEX
+WeS+pPatkT7wbhfgYVwglMRIpgCu++htSRCV/lbSuYzCG6mKtxJyy4eslSjpHNPG
+wELDKgzsgLtuTyNfP458O9i8x6wf9J6eVaHe3nqgqkOnnmQxEYnsPaFUMWG1/DYi
+U+mA/VdQrPe3J4Z082sCe4MVmTzWlWCDpNFFQpv51NbWzc/kuIZuJCAwoZD0
+-----END CERTIFICATE-----

tests/data/generate_tls_certs.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout key_pkcs8.pem -out cert.pem -nodes -days 3650
+openssl rsa -in key_pkcs8.pem -out key_pkcs1.pem

tests/data/key_pkcs1.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAo2wdMbFPkX7CAF/Y+hVj5bwm4dlxhwW2Z9Ic2RZFC5w2oK2X
+wyasDBEqDlgv/bN4xObAVlDZ/4/SuTVSDrNB8dtQl7GTWptpbFKJUdNocU88wqd4
+k/cLZg2aiQqnZKD88w/AxXnYw+F8yU0pFGj9GX0S5at3/V1hrBVxVO8Y99bbgnJA
+8NMm0Pw2xYZS++ULuzoECk0xbNdtbtPrIuweI5mMvsJvtiw67EIdl3N9Lj5pL4a7
+X1C0Xk5H4mOcwM0qq3m31HsCW91PMCjU6suo764rx5Jqv0n9HCNxdiSEadCwf+Gr
+mKtFOw3DcGPETg5AJR8H3rG1agKKjI+vRtL/tZ7coFOhZKXdjGvvUFcWcqO+GppH
+h16pzJDXi2qeD9Cu5b2ayM2uBnfV7Q3FjOeDqD+BCJ0ClaqNmAD9TF2htzduInl+
+G3OJb4cqaYjaF5YmiZISfrimK5eR2I3et5cqnbuDHMKvDfUd9Jgj/2IqPOHJEguu
+XSO7WNKfQmlTv7EN/xrD6jiB/M8ADaSxjCqTbtKNyCbJlu2Wy9WlDXwPkNW8g70T
+4Br4U4Iy3N/0w2lAAhiizdC2jkehSKmWE2nmixGSXxkSOMgXQXDJ9RBtDQfd8ym/
+ADfyVndUSnHvf9jCH1NPHlFbB7RVSvUHX22Qq63NUvhV32ct+/IyD/qPpl0CAwEA
+AQKCAgAPM29DwAp2riO9hSzZlkPEisvTFjbJKG7fGVw1lSy298DdEUicjmxScwZG
+b02He7owFoatgLfGXcpsD9miJGpt5MiKU6oxM2OK/+JmChQc9hHgyVMd8EzPIVTO
+in8njRH6SezUcZEIJ2FEGDlJ/LoONOQdGOYAWz9KknQIQnVAGGwypg4EWJ+zsMIn
+fWcapyOANtVJYATI6wDy3iNxDCWBijbdR5i8iUCx2TSHceai9osyMIYdR5R/cSie
+lkVuaacebCP9T7PYd611/VZQwMDmCn1oAuaLBIbWpzVWl+75KMBCJOuhN80owQ78
+1UrdN9YfndNNk5ocUkAw8uyK2fWO+TcdFddHrx0tnEIsnkzy+Jtp/j5Eq/JGVlSY
+03dck4FIjDSM/M+6HP5R2jfGCsitono03XGjzNsJou0UnordY+VL4qolItoovWkf
+N5hudmbste4gS3/dSvtoByto5SAqUGUS0VNjhsU5w+IyMFK+kImlJthb3+GNF/7h
+NPn4MwuxIFXEy1cVPu+wwoFoL5+7stp68mlYnrxmEIFOJNcjF1urfqCMAXWXxad+
+71TtBiRit5tAZVHjTz9NBkyvCcXOEq3RMEjAzCtTGlduUwNQpmmdCyHk2SnrWieV
+LqyTt55r1FhzEZ0AqHiWmHCNRnqz/PJFBIKfX9YKnkK2xVAgAQKCAQEA0jcvZ0cf
+GGIo8WG/r5mitpnVeQy9XZ+Ic7Js9T73ZLcG+qo/2XDhEXcR4OKZoSMIJIotMIJ1
+TZKdNN9QgFp7IuUWnYpnp2h+Hyfv8h7DHZwohHw4Ys9AJY9j4WVGP/NKVcPrTY/F
+kJ3VHKiVd10FXoNn0qEw5y3oa4zRtRYFrp7gvOoRMwoWADLN/hwuQ2QRrBPt0zth
+qfbeTtQE4g950tkqMy6V6uahkZEvQmSd1UpD35aGKMwxOpK9ew9CAKduftDVOu9x
+3vKAOh0uXs9DxMUfJFKf8ISI2JB3vFmrAJ2l6qSGEdoVdiXkwHdRsaEBJbDrR3uq
+R5ovM0qVk2s23QKCAQEAxwPqqv5SuPPMksBCBSds692cEsXA1xbvw1IsOugqG22f
+CPDSIr0w9c5xU3QSv2BFmaCLJQEVAPoI/jqPMqIdOWC9lSXEuKw297i0r/GAMcNc
+e1N+Xz1ahyVE3Ak65Jwi/vgr0D38thtQJlF//BB0hPFvvt4GQ2E4O5ELwTXIPr46
+wQFGf0IfqvufpHoKiszJ5F5liyTtB50J4Is2CKUMUuXq6XlWMrCNLyaGW42cttci
+gbNAPagnQANHFUIO9M06dAU9WVnUJG9eNDd/tDw0XDLjRqTRXlNoqWRwWMl38ZXi
+HI9oHpOqHjeAXevdu5nkqsmtSQ50LiHOlK9/cO51gQKCAQBHlj9wXkn6lcL3oKAU
+fq9om66U0H/UWDWxoLt2MQEyrRmVV1DzDXu35OKTwNcshq+JMfz9ng+wYRNkJABY
+FXgFhBpVgAKYgf8hQQp3W356oOkzZNIW5BkmMVSEN2ba9FEGL/f7q9BN1VHztn1f
+7q+bZgh/NCFhOMMDjSsFDgDVXImQC+3bgb3IR4Ta2mHu1S8neInu+zPhG47NLWqU
+SUzlPsseLuki23N+DQEZDQaq0eWXSL1bO14wYjRgqeuCKYJ5cUiMD2qpz89W+wUF
+iHO9mJtoVTLeR2QKy/fajnareQQ9idWWUrwoRfNGj9ukL/4iBcO5ziVIyPr17ppN
+X5+JAoIBAClkoCeGlDARzUfsow6tX5NDWZXx+aUDCUVnzvlFlpRz3XMfm6VMEmXd
+1WZVKx0Q6gkFAkvlCLhWSQ6PoX8XhtqLS4M9AsiiUSB/E13Q7ifriU3BVPR8L1sS
+nlrhtJUeAI1lkr9SVUCPN8FwjB0iUwnfqa1aQpU7IFYLWhWKmSarrE6+dCo915ZZ
+lZ/BHnY2F/vewmIJgR9nQ0mnyspLgd+wIIcFDK+oVwUqjyF1t9Wzs2KkpMTuN5Ox
+2tQKFFBIa1L8UAFIlL4rR722mWIkb4OJtgnYeA+Va5xn3pIo/UCLOydTkIVjkyuL
+wbBHQawmWxBGuDsMvY9myq/UPL6BaoECggEBAJeY5OgVbJHB6YageBtUBPe0tLIb
+nrYPYXIPsLycZ+PXo73ASbpbHh6av7CdP288Ouu+zE0P6iAdrIrU41kc+2Tx7K8b
+Qb0pDrX0pQZQAIzoBWKouwra8kSeS1dkiLOLiOhnYDn+OYE4tN5ePe7AlBk7b1/x
+ybNuCyTYdaH1uPaI56RaPB8aHJXnxtPHUvYm0oMfm3EPjgF/FjGdpE7rPcdYWqKU
+Ek5UPmcGVVs+yHRSsEDna5zXBqQoDaLn+7KfgcO8UxhhL2cdcQ2vsC1C7QIPu043
+lAIXge5d+1hNwrZjHw/9SkV3UItnEGnxyaZ2NMmRKjdT3g2ilTgkAB2w/Kk=
+-----END RSA PRIVATE KEY-----

tests/data/key_pkcs8.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCjbB0xsU+RfsIA
+X9j6FWPlvCbh2XGHBbZn0hzZFkULnDagrZfDJqwMESoOWC/9s3jE5sBWUNn/j9K5
+NVIOs0Hx21CXsZNam2lsUolR02hxTzzCp3iT9wtmDZqJCqdkoPzzD8DFedjD4XzJ
+TSkUaP0ZfRLlq3f9XWGsFXFU7xj31tuCckDw0ybQ/DbFhlL75Qu7OgQKTTFs121u
+0+si7B4jmYy+wm+2LDrsQh2Xc30uPmkvhrtfULReTkfiY5zAzSqrebfUewJb3U8w
+KNTqy6jvrivHkmq/Sf0cI3F2JIRp0LB/4auYq0U7DcNwY8RODkAlHwfesbVqAoqM
+j69G0v+1ntygU6Fkpd2Ma+9QVxZyo74amkeHXqnMkNeLap4P0K7lvZrIza4Gd9Xt
+DcWM54OoP4EInQKVqo2YAP1MXaG3N24ieX4bc4lvhyppiNoXliaJkhJ+uKYrl5HY
+jd63lyqdu4Mcwq8N9R30mCP/Yio84ckSC65dI7tY0p9CaVO/sQ3/GsPqOIH8zwAN
+pLGMKpNu0o3IJsmW7ZbL1aUNfA+Q1byDvRPgGvhTgjLc3/TDaUACGKLN0LaOR6FI
+qZYTaeaLEZJfGRI4yBdBcMn1EG0NB93zKb8AN/JWd1RKce9/2MIfU08eUVsHtFVK
+9QdfbZCrrc1S+FXfZy378jIP+o+mXQIDAQABAoICAA8zb0PACnauI72FLNmWQ8SK
+y9MWNskobt8ZXDWVLLb3wN0RSJyObFJzBkZvTYd7ujAWhq2At8ZdymwP2aIkam3k
+yIpTqjEzY4r/4mYKFBz2EeDJUx3wTM8hVM6KfyeNEfpJ7NRxkQgnYUQYOUn8ug40
+5B0Y5gBbP0qSdAhCdUAYbDKmDgRYn7Owwid9ZxqnI4A21UlgBMjrAPLeI3EMJYGK
+Nt1HmLyJQLHZNIdx5qL2izIwhh1HlH9xKJ6WRW5ppx5sI/1Ps9h3rXX9VlDAwOYK
+fWgC5osEhtanNVaX7vkowEIk66E3zSjBDvzVSt031h+d002TmhxSQDDy7IrZ9Y75
+Nx0V10evHS2cQiyeTPL4m2n+PkSr8kZWVJjTd1yTgUiMNIz8z7oc/lHaN8YKyK2i
+ejTdcaPM2wmi7RSeit1j5UviqiUi2ii9aR83mG52Zuy17iBLf91K+2gHK2jlICpQ
+ZRLRU2OGxTnD4jIwUr6QiaUm2Fvf4Y0X/uE0+fgzC7EgVcTLVxU+77DCgWgvn7uy
+2nryaVievGYQgU4k1yMXW6t+oIwBdZfFp37vVO0GJGK3m0BlUeNPP00GTK8Jxc4S
+rdEwSMDMK1MaV25TA1CmaZ0LIeTZKetaJ5UurJO3nmvUWHMRnQCoeJaYcI1GerP8
+8kUEgp9f1gqeQrbFUCABAoIBAQDSNy9nRx8YYijxYb+vmaK2mdV5DL1dn4hzsmz1
+Pvdktwb6qj/ZcOERdxHg4pmhIwgkii0wgnVNkp0031CAWnsi5RadimenaH4fJ+/y
+HsMdnCiEfDhiz0Alj2PhZUY/80pVw+tNj8WQndUcqJV3XQVeg2fSoTDnLehrjNG1
+FgWunuC86hEzChYAMs3+HC5DZBGsE+3TO2Gp9t5O1ATiD3nS2SozLpXq5qGRkS9C
+ZJ3VSkPfloYozDE6kr17D0IAp25+0NU673He8oA6HS5ez0PExR8kUp/whIjYkHe8
+WasAnaXqpIYR2hV2JeTAd1GxoQElsOtHe6pHmi8zSpWTazbdAoIBAQDHA+qq/lK4
+88ySwEIFJ2zr3ZwSxcDXFu/DUiw66CobbZ8I8NIivTD1znFTdBK/YEWZoIslARUA
++gj+Oo8yoh05YL2VJcS4rDb3uLSv8YAxw1x7U35fPVqHJUTcCTrknCL++CvQPfy2
+G1AmUX/8EHSE8W++3gZDYTg7kQvBNcg+vjrBAUZ/Qh+q+5+kegqKzMnkXmWLJO0H
+nQngizYIpQxS5erpeVYysI0vJoZbjZy21yKBs0A9qCdAA0cVQg70zTp0BT1ZWdQk
+b140N3+0PDRcMuNGpNFeU2ipZHBYyXfxleIcj2gek6oeN4Bd6927meSqya1JDnQu
+Ic6Ur39w7nWBAoIBAEeWP3BeSfqVwvegoBR+r2ibrpTQf9RYNbGgu3YxATKtGZVX
+UPMNe7fk4pPA1yyGr4kx/P2eD7BhE2QkAFgVeAWEGlWAApiB/yFBCndbfnqg6TNk
+0hbkGSYxVIQ3Ztr0UQYv9/ur0E3VUfO2fV/ur5tmCH80IWE4wwONKwUOANVciZAL
+7duBvchHhNraYe7VLyd4ie77M+Ebjs0tapRJTOU+yx4u6SLbc34NARkNBqrR5ZdI
+vVs7XjBiNGCp64IpgnlxSIwPaqnPz1b7BQWIc72Ym2hVMt5HZArL99qOdqt5BD2J
+1ZZSvChF80aP26Qv/iIFw7nOJUjI+vXumk1fn4kCggEAKWSgJ4aUMBHNR+yjDq1f
+k0NZlfH5pQMJRWfO+UWWlHPdcx+bpUwSZd3VZlUrHRDqCQUCS+UIuFZJDo+hfxeG
+2otLgz0CyKJRIH8TXdDuJ+uJTcFU9HwvWxKeWuG0lR4AjWWSv1JVQI83wXCMHSJT
+Cd+prVpClTsgVgtaFYqZJqusTr50Kj3XllmVn8EedjYX+97CYgmBH2dDSafKykuB
+37AghwUMr6hXBSqPIXW31bOzYqSkxO43k7Ha1AoUUEhrUvxQAUiUvitHvbaZYiRv
+g4m2Cdh4D5VrnGfekij9QIs7J1OQhWOTK4vBsEdBrCZbEEa4Owy9j2bKr9Q8voFq
+gQKCAQEAl5jk6BVskcHphqB4G1QE97S0shuetg9hcg+wvJxn49ejvcBJulseHpq/
+sJ0/bzw6677MTQ/qIB2sitTjWRz7ZPHsrxtBvSkOtfSlBlAAjOgFYqi7CtryRJ5L
+V2SIs4uI6GdgOf45gTi03l497sCUGTtvX/HJs24LJNh1ofW49ojnpFo8HxoclefG
+08dS9ibSgx+bcQ+OAX8WMZ2kTus9x1haopQSTlQ+ZwZVWz7IdFKwQOdrnNcGpCgN
+ouf7sp+Bw7xTGGEvZx1xDa+wLULtAg+7TjeUAheB7l37WE3CtmMfD/1KRXdQi2cQ
+afHJpnY0yZEqN1PeDaKVOCQAHbD8qQ==
+-----END PRIVATE KEY-----

tests/favicon.rs

@@ -0,0 +1,25 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer};
+use rstest::rstest;
+
+#[rstest]
+fn default_favicon(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}favicon.ico", server.url()))?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.headers().get("content-type").unwrap(), "image/x-icon");
+    Ok(())
+}
+
+#[rstest]
+fn exist_favicon(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}favicon.ico", server.url());
+    let data = b"abc";
+    let resp = fetch!(b"PUT", &url).body(data.to_vec()).send()?;
+    assert_eq!(resp.status(), 201);
+    let resp = reqwest::blocking::get(url)?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.bytes()?, data.to_vec());
+    Ok(())
+}

tests/fixtures.rs

@@ -0,0 +1,195 @@
+use assert_cmd::prelude::*;
+use assert_fs::fixture::TempDir;
+use assert_fs::prelude::*;
+use port_check::free_local_port;
+use reqwest::Url;
+use rstest::fixture;
+use std::process::{Child, Command, Stdio};
+use std::thread::sleep;
+use std::time::{Duration, Instant};
+
+#[allow(dead_code)]
+pub type Error = Box<dyn std::error::Error>;
+
+/// File names for testing purpose
+#[allow(dead_code)]
+pub static FILES: &[&str] = &[
+    "test.txt",
+    "test.html",
+    "index.html",
+    "test.mkv",
+    #[cfg(not(windows))]
+    "test \" \' & < >.csv",
+    "😀.data",
+    "⎙.mp4",
+    "#[]{}()@!$&'`+,;= %20.test",
+    #[cfg(unix)]
+    ":?#[]{}<>()@!$&'`|*+,;= %20.test",
+    #[cfg(not(windows))]
+    "foo\\bar.test",
+];
+
+/// Directory names for testing diretory don't exist
+#[allow(dead_code)]
+pub static DIR_NO_FOUND: &str = "dir-no-found/";
+
+/// Directory names for testing diretory don't have index.html
+#[allow(dead_code)]
+pub static DIR_NO_INDEX: &str = "dir-no-index/";
+
+/// Directory names for testing purpose
+#[allow(dead_code)]
+pub static DIRECTORIES: &[&str] = &["dira/", "dirb/", "dirc/", DIR_NO_INDEX];
+
+/// Name of a deeply nested file
+#[allow(dead_code)]
+pub static DEEPLY_NESTED_FILE: &str = "very/deeply/nested/test.rs";
+
+/// Test fixture which creates a temporary directory with a few files and directories inside.
+/// The directories also contain files.
+#[fixture]
+#[allow(dead_code)]
+pub fn tmpdir() -> TempDir {
+    let tmpdir = assert_fs::TempDir::new().expect("Couldn't create a temp dir for tests");
+    for file in FILES {
+        tmpdir
+            .child(file)
+            .write_str(&format!("This is {}", file))
+            .expect("Couldn't write to file");
+    }
+    for directory in DIRECTORIES {
+        for file in FILES {
+            if *directory == DIR_NO_INDEX && *file == "index.html" {
+                continue;
+            }
+            tmpdir
+                .child(format!("{}{}", directory, file))
+                .write_str(&format!("This is {}{}", directory, file))
+                .expect("Couldn't write to file");
+        }
+    }
+
+    tmpdir
+        .child(&DEEPLY_NESTED_FILE)
+        .write_str("File in a deeply nested directory.")
+        .expect("Couldn't write to file");
+    tmpdir
+}
+
+/// Get a free port.
+#[fixture]
+#[allow(dead_code)]
+pub fn port() -> u16 {
+    free_local_port().expect("Couldn't find a free local port")
+}
+
+/// Run dufs as a server; Start with a temporary directory, a free port and some
+/// optional arguments then wait for a while for the server setup to complete.
+#[fixture]
+#[allow(dead_code)]
+pub fn server<I>(#[default(&[] as &[&str])] args: I) -> TestServer
+where
+    I: IntoIterator + Clone,
+    I::Item: AsRef<std::ffi::OsStr>,
+{
+    let port = port();
+    let tmpdir = tmpdir();
+    let child = Command::cargo_bin("dufs")
+        .expect("Couldn't find test binary")
+        .env("RUST_LOG", "false")
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(args.clone())
+        .stdout(Stdio::null())
+        .spawn()
+        .expect("Couldn't run test binary");
+    let is_tls = args
+        .into_iter()
+        .any(|x| x.as_ref().to_str().unwrap().contains("tls"));
+
+    wait_for_port(port);
+    TestServer::new(port, tmpdir, child, is_tls)
+}
+
+/// Same as `server()` but ignore stderr
+#[fixture]
+#[allow(dead_code)]
+pub fn server_no_stderr<I>(#[default(&[] as &[&str])] args: I) -> TestServer
+where
+    I: IntoIterator + Clone,
+    I::Item: AsRef<std::ffi::OsStr>,
+{
+    let port = port();
+    let tmpdir = tmpdir();
+    let child = Command::cargo_bin("dufs")
+        .expect("Couldn't find test binary")
+        .env("RUST_LOG", "false")
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(args.clone())
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .spawn()
+        .expect("Couldn't run test binary");
+    let is_tls = args
+        .into_iter()
+        .any(|x| x.as_ref().to_str().unwrap().contains("tls"));
+
+    wait_for_port(port);
+    TestServer::new(port, tmpdir, child, is_tls)
+}
+
+/// Wait a max of 1s for the port to become available.
+pub fn wait_for_port(port: u16) {
+    let start_wait = Instant::now();
+
+    while !port_check::is_port_reachable(format!("localhost:{}", port)) {
+        sleep(Duration::from_millis(100));
+
+        if start_wait.elapsed().as_secs() > 1 {
+            panic!("timeout waiting for port {}", port);
+        }
+    }
+}
+
+#[allow(dead_code)]
+pub struct TestServer {
+    port: u16,
+    tmpdir: TempDir,
+    child: Child,
+    is_tls: bool,
+}
+
+#[allow(dead_code)]
+impl TestServer {
+    pub fn new(port: u16, tmpdir: TempDir, child: Child, is_tls: bool) -> Self {
+        Self {
+            port,
+            tmpdir,
+            child,
+            is_tls,
+        }
+    }
+
+    pub fn url(&self) -> Url {
+        let protocol = if self.is_tls { "https" } else { "http" };
+        Url::parse(&format!("{}://localhost:{}", protocol, self.port)).unwrap()
+    }
+
+    pub fn path(&self) -> &std::path::Path {
+        self.tmpdir.path()
+    }
+
+    pub fn port(&self) -> u16 {
+        self.port
+    }
+}
+
+impl Drop for TestServer {
+    fn drop(&mut self) {
+        self.child.kill().expect("Couldn't kill test server");
+        self.child.wait().unwrap();
+    }
+}

tests/http.rs

@@ -0,0 +1,185 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer};
+use rstest::rstest;
+
+#[rstest]
+fn get_dir(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    assert_index_resp!(resp);
+    Ok(())
+}
+
+#[rstest]
+fn head_dir(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", server.url()).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "text/html; charset=utf-8"
+    );
+    assert_eq!(resp.text()?, "");
+    Ok(())
+}
+
+#[rstest]
+fn get_dir_404(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}404/", server.url()))?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn head_dir_404(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", format!("{}404/", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn get_dir_zip(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}?zip", server.url()))?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "application/zip"
+    );
+    assert!(resp.headers().contains_key("content-disposition"));
+    Ok(())
+}
+
+#[rstest]
+fn head_dir_zip(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", format!("{}?zip", server.url())).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "application/zip"
+    );
+    assert!(resp.headers().contains_key("content-disposition"));
+    assert_eq!(resp.text()?, "");
+    Ok(())
+}
+
+#[rstest]
+fn get_dir_search(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
+    assert_eq!(resp.status(), 200);
+    let paths = utils::retrive_index_paths(&resp.text()?);
+    assert!(!paths.is_empty());
+    for p in paths {
+        assert!(p.contains(&"test.html"));
+    }
+    Ok(())
+}
+
+#[rstest]
+fn head_dir_search(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", format!("{}?q={}", server.url(), "test.html")).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "text/html; charset=utf-8"
+    );
+    assert_eq!(resp.text()?, "");
+    Ok(())
+}
+
+#[rstest]
+fn get_file(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}index.html", server.url()))?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.headers().get("content-type").unwrap(), "text/html");
+    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
+    assert!(resp.headers().contains_key("etag"));
+    assert!(resp.headers().contains_key("last-modified"));
+    assert!(resp.headers().contains_key("content-length"));
+    assert_eq!(resp.text()?, "This is index.html");
+    Ok(())
+}
+
+#[rstest]
+fn head_file(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", format!("{}index.html", server.url())).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.headers().get("content-type").unwrap(), "text/html");
+    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
+    assert!(resp.headers().contains_key("content-disposition"));
+    assert!(resp.headers().contains_key("etag"));
+    assert!(resp.headers().contains_key("last-modified"));
+    assert!(resp.headers().contains_key("content-length"));
+    assert_eq!(resp.text()?, "");
+    Ok(())
+}
+
+#[rstest]
+fn get_file_404(server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}404", server.url()))?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn head_file_404(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"HEAD", format!("{}404", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn options_dir(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"OPTIONS", format!("{}index.html", server.url())).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("allow").unwrap(),
+        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+    );
+    assert_eq!(resp.headers().get("dav").unwrap(), "1,2");
+    Ok(())
+}
+
+#[rstest]
+fn put_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 201);
+    let resp = reqwest::blocking::get(url)?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn put_file_create_dir(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}xyz/file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 201);
+    let resp = reqwest::blocking::get(url)?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn put_file_conflict_dir(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}dira", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn delete_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let url = format!("{}test.html", server.url());
+    let resp = fetch!(b"DELETE", &url).send()?;
+    assert_eq!(resp.status(), 204);
+    let resp = reqwest::blocking::get(url)?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn delete_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"DELETE", format!("{}file1", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}

tests/range.rs

@@ -0,0 +1,45 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer};
+use headers::HeaderValue;
+use rstest::rstest;
+
+#[rstest]
+fn get_file_range(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
+        .header("range", HeaderValue::from_static("bytes=0-6"))
+        .send()?;
+    assert_eq!(resp.status(), 206);
+    assert_eq!(resp.headers().get("content-range").unwrap(), "bytes 0-6/18");
+    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
+    assert_eq!(resp.headers().get("content-length").unwrap(), "7");
+    assert_eq!(resp.text()?, "This is");
+    Ok(())
+}
+
+#[rstest]
+fn get_file_range_beyond(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
+        .header("range", HeaderValue::from_static("bytes=12-20"))
+        .send()?;
+    assert_eq!(resp.status(), 206);
+    assert_eq!(
+        resp.headers().get("content-range").unwrap(),
+        "bytes 12-17/18"
+    );
+    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
+    assert_eq!(resp.headers().get("content-length").unwrap(), "6");
+    assert_eq!(resp.text()?, "x.html");
+    Ok(())
+}
+
+#[rstest]
+fn get_file_range_invalid(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
+        .header("range", HeaderValue::from_static("bytes=20-"))
+        .send()?;
+    assert_eq!(resp.status(), 416);
+    assert_eq!(resp.headers().get("content-range").unwrap(), "bytes */18");
+    Ok(())
+}

tests/render.rs

@@ -0,0 +1,67 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer, DIR_NO_FOUND, DIR_NO_INDEX};
+use rstest::rstest;
+
+#[rstest]
+fn render_index(#[with(&["--render-index"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    let text = resp.text()?;
+    assert_eq!(text, "This is index.html");
+    Ok(())
+}
+
+#[rstest]
+fn render_index2(#[with(&["--render-index"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), DIR_NO_INDEX))?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn render_try_index(#[with(&["--render-try-index"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    let text = resp.text()?;
+    assert_eq!(text, "This is index.html");
+    Ok(())
+}
+
+#[rstest]
+fn render_try_index2(#[with(&["--render-try-index"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), DIR_NO_INDEX))?;
+    let files: Vec<&str> = self::fixtures::FILES
+        .iter()
+        .filter(|v| **v != "index.html")
+        .cloned()
+        .collect();
+    assert_index_resp!(resp, files);
+    Ok(())
+}
+
+#[rstest]
+fn render_try_index3(#[with(&["--render-try-index"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}?zip", server.url(), DIR_NO_INDEX))?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "application/zip"
+    );
+    Ok(())
+}
+
+#[rstest]
+fn render_spa(#[with(&["--render-spa"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    let text = resp.text()?;
+    assert_eq!(text, "This is index.html");
+    Ok(())
+}
+
+#[rstest]
+fn render_spa2(#[with(&["--render-spa"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), DIR_NO_FOUND))?;
+    let text = resp.text()?;
+    assert_eq!(text, "This is index.html");
+    Ok(())
+}

tests/symlink.rs

@@ -0,0 +1,46 @@
+mod fixtures;
+mod utils;
+
+use assert_fs::fixture::TempDir;
+use fixtures::{server, tmpdir, Error, TestServer};
+use rstest::rstest;
+
+#[cfg(unix)]
+use std::os::unix::fs::symlink as symlink_dir;
+#[cfg(windows)]
+use std::os::windows::fs::symlink_dir;
+
+#[rstest]
+fn default_not_allow_symlink(server: TestServer, tmpdir: TempDir) -> Result<(), Error> {
+    // Create symlink directory "foo" to point outside the root
+    let dir = "foo";
+    symlink_dir(tmpdir.path(), server.path().join(dir)).expect("Couldn't create symlink");
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), dir))?;
+    assert_eq!(resp.status(), 404);
+    let resp = reqwest::blocking::get(format!("{}{}/index.html", server.url(), dir))?;
+    assert_eq!(resp.status(), 404);
+    let resp = reqwest::blocking::get(server.url())?;
+    let paths = utils::retrive_index_paths(&resp.text()?);
+    assert!(!paths.is_empty());
+    assert!(!paths.contains(&format!("{}/", dir)));
+    Ok(())
+}
+
+#[rstest]
+fn allow_symlink(
+    #[with(&["--allow-symlink"])] server: TestServer,
+    tmpdir: TempDir,
+) -> Result<(), Error> {
+    // Create symlink directory "foo" to point outside the root
+    let dir = "foo";
+    symlink_dir(tmpdir.path(), server.path().join(dir)).expect("Couldn't create symlink");
+    let resp = reqwest::blocking::get(format!("{}{}", server.url(), dir))?;
+    assert_eq!(resp.status(), 200);
+    let resp = reqwest::blocking::get(format!("{}{}/index.html", server.url(), dir))?;
+    assert_eq!(resp.status(), 200);
+    let resp = reqwest::blocking::get(server.url())?;
+    let paths = utils::retrive_index_paths(&resp.text()?);
+    assert!(!paths.is_empty());
+    assert!(paths.contains(&format!("{}/", dir)));
+    Ok(())
+}

tests/tls.rs

@@ -0,0 +1,51 @@
+mod fixtures;
+mod utils;
+
+use assert_cmd::Command;
+use fixtures::{server, Error, TestServer};
+use predicates::str::contains;
+use reqwest::blocking::ClientBuilder;
+use rstest::rstest;
+
+/// Can start the server with TLS and receive encrypted responses.
+#[rstest]
+#[case(server(&[
+        "--tls-cert", "tests/data/cert.pem",
+        "--tls-key", "tests/data/key_pkcs8.pem",
+]))]
+#[case(server(&[
+        "--tls-cert", "tests/data/cert.pem",
+        "--tls-key", "tests/data/key_pkcs1.pem",
+]))]
+fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
+    let client = ClientBuilder::new()
+        .danger_accept_invalid_certs(true)
+        .build()?;
+    let resp = client.get(server.url()).send()?.error_for_status()?;
+    assert_index_resp!(resp);
+    Ok(())
+}
+
+/// Wrong path for cert throws error.
+#[rstest]
+fn wrong_path_cert() -> Result<(), Error> {
+    Command::cargo_bin("dufs")?
+        .args(&["--tls-cert", "wrong", "--tls-key", "tests/data/key.pem"])
+        .assert()
+        .failure()
+        .stderr(contains("error: Failed to access `wrong`"));
+
+    Ok(())
+}
+
+/// Wrong paths for key throws errors.
+#[rstest]
+fn wrong_path_key() -> Result<(), Error> {
+    Command::cargo_bin("dufs")?
+        .args(&["--tls-cert", "tests/data/cert.pem", "--tls-key", "wrong"])
+        .assert()
+        .failure()
+        .stderr(contains("error: Failed to access `wrong`"));
+
+    Ok(())
+}

tests/utils.rs

@@ -0,0 +1,61 @@
+use serde_json::Value;
+use std::collections::HashSet;
+
+#[macro_export]
+macro_rules! assert_index_resp {
+    ($resp:ident) => {
+        assert_index_resp!($resp, self::fixtures::FILES)
+    };
+    ($resp:ident, $files:expr) => {
+        assert_eq!($resp.status(), 200);
+        let body = $resp.text()?;
+        let paths = self::utils::retrive_index_paths(&body);
+        assert!(!paths.is_empty());
+        for file in $files {
+            assert!(paths.contains(&file.to_string()));
+        }
+    };
+}
+
+#[macro_export]
+macro_rules! fetch {
+    ($method:literal, $url:expr) => {
+        reqwest::blocking::Client::new().request(hyper::Method::from_bytes($method)?, $url)
+    };
+}
+
+#[allow(dead_code)]
+pub fn retrive_index_paths(index: &str) -> HashSet<String> {
+    retrive_index_paths_impl(index).unwrap_or_default()
+}
+
+#[allow(dead_code)]
+pub fn encode_uri(v: &str) -> String {
+    let parts: Vec<_> = v.split('/').map(urlencoding::encode).collect();
+    parts.join("/")
+}
+
+fn retrive_index_paths_impl(index: &str) -> Option<HashSet<String>> {
+    let lines: Vec<&str> = index.lines().collect();
+    let (i, _) = lines
+        .iter()
+        .enumerate()
+        .find(|(_, v)| v.contains("const DATA"))?;
+    let line = lines.get(i + 1)?;
+    let value: Value = line.parse().ok()?;
+    let paths = value
+        .get("paths")?
+        .as_array()?
+        .iter()
+        .flat_map(|v| {
+            let name = v.get("name")?.as_str()?;
+            let path_type = v.get("path_type")?.as_str()?;
+            if path_type.ends_with("Dir") {
+                Some(format!("{}/", name))
+            } else {
+                Some(name.to_owned())
+            }
+        })
+        .collect();
+    Some(paths)
+}

tests/webdav.rs

@@ -0,0 +1,203 @@
+mod fixtures;
+mod utils;
+
+use fixtures::{server, Error, TestServer, FILES};
+use rstest::rstest;
+use xml::escape::escape_str_pcdata;
+
+#[rstest]
+fn propfind_dir(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", format!("{}dira", server.url())).send()?;
+    assert_eq!(resp.status(), 207);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/dira/</D:href>"));
+    assert!(body.contains("<D:displayname>dira</D:displayname>"));
+    for f in FILES {
+        assert!(body.contains(&format!("<D:href>/dira/{}</D:href>", utils::encode_uri(f))));
+        assert!(body.contains(&format!(
+            "<D:displayname>{}</D:displayname>",
+            escape_str_pcdata(f)
+        )));
+    }
+    Ok(())
+}
+
+#[rstest]
+fn propfind_dir_depth0(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", format!("{}dira", server.url()))
+        .header("depth", "0")
+        .send()?;
+    assert_eq!(resp.status(), 207);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/dira/</D:href>"));
+    assert!(body.contains("<D:displayname>dira</D:displayname>"));
+    assert_eq!(
+        body.lines()
+            .filter(|v| *v == "<D:status>HTTP/1.1 200 OK</D:status>")
+            .count(),
+        1
+    );
+    Ok(())
+}
+
+#[rstest]
+fn propfind_404(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", format!("{}404", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn propfind_file(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", format!("{}test.html", server.url())).send()?;
+    assert_eq!(resp.status(), 207);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/test.html</D:href>"));
+    assert!(body.contains("<D:displayname>test.html</D:displayname>"));
+    assert_eq!(
+        body.lines()
+            .filter(|v| *v == "<D:status>HTTP/1.1 200 OK</D:status>")
+            .count(),
+        1
+    );
+    Ok(())
+}
+
+#[rstest]
+fn proppatch_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPPATCH", format!("{}test.html", server.url())).send()?;
+    assert_eq!(resp.status(), 207);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/test.html</D:href>"));
+    Ok(())
+}
+
+#[rstest]
+fn proppatch_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"PROPPATCH", format!("{}404", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn mkcol_dir(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"MKCOL", format!("{}newdir", server.url())).send()?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}
+
+#[rstest]
+fn mkcol_not_allow_upload(server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"MKCOL", format!("{}newdir", server.url())).send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn copy_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"COPY", format!("{}test.html", server.url()))
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 204);
+    let resp = reqwest::blocking::get(new_url)?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn copy_not_allow_upload(server: TestServer) -> Result<(), Error> {
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"COPY", format!("{}test.html", server.url()))
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn copy_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"COPY", format!("{}404", server.url()))
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn move_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let origin_url = format!("{}test.html", server.url());
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"MOVE", &origin_url)
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 204);
+    let resp = reqwest::blocking::get(new_url)?;
+    assert_eq!(resp.status(), 200);
+    let resp = reqwest::blocking::get(origin_url)?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn move_not_allow_upload(#[with(&["--allow-delete"])] server: TestServer) -> Result<(), Error> {
+    let origin_url = format!("{}test.html", server.url());
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"MOVE", &origin_url)
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn move_not_allow_delete(#[with(&["--allow-upload"])] server: TestServer) -> Result<(), Error> {
+    let origin_url = format!("{}test.html", server.url());
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"MOVE", &origin_url)
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 403);
+    Ok(())
+}
+
+#[rstest]
+fn move_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let new_url = format!("{}test2.html", server.url());
+    let resp = fetch!(b"MOVE", format!("{}404", server.url()))
+        .header("Destination", &new_url)
+        .send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn lock_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"LOCK", format!("{}test.html", server.url())).send()?;
+    assert_eq!(resp.status(), 200);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/test.html</D:href>"));
+    Ok(())
+}
+
+#[rstest]
+fn lock_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"LOCK", format!("{}404", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}
+
+#[rstest]
+fn unlock_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"LOCK", format!("{}test.html", server.url())).send()?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn unlock_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = fetch!(b"LOCK", format!("{}404", server.url())).send()?;
+    assert_eq!(resp.status(), 404);
+    Ok(())
+}