chore: update changelog

* some small css fixes and changes

* added basic auth
https://stackoverflow.com/a/9534652/3642588

* most tests are passing

* fixed all the tests

* maybe now CI will pass

* implemented sigoden's suggestions

* test basic auth

* fixed some little things

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.20.0] - 2022-06-20
+
+### Bug Fixes
+
+- DecodeURI searching string ([#61](https://github.com/sigoden/dufs/issues/61))
+
+### Features
+
+- Added basic auth ([#60](https://github.com/sigoden/dufs/issues/60))
+- Add option --allow-search ([#62](https://github.com/sigoden/dufs/issues/62))
+
 ## [0.19.0] - 2022-06-19
 
 ### Features

Cargo.lock

@@ -423,6 +423,7 @@ dependencies = [
  "bitflags",
  "clap_lex",
  "indexmap",
+ "terminal_size",
  "textwrap",
 ]
 
@@ -571,7 +572,7 @@ checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
 
 [[package]]
 name = "dufs"
-version = "0.19.0"
+version = "0.20.0"
 dependencies = [
  "assert_cmd",
  "assert_fs",
@@ -2146,6 +2147,16 @@ dependencies = [
  "utf-8",
 ]
 
+[[package]]
+name = "terminal_size"
+version = "0.1.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "633c1a546cee861a1a6d0dc69ebeca693bf4296661ba7852b9d21d159e0506df"
+dependencies = [
+ "libc",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "termtree"
 version = "0.2.4"
@@ -2157,6 +2168,9 @@ name = "textwrap"
 version = "0.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb"
+dependencies = [
+ "terminal_size",
+]
 
 [[package]]
 name = "thiserror"

Cargo.toml

@@ -1,9 +1,9 @@
 [package]
 name = "dufs"
-version = "0.19.0"
+version = "0.20.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
-description = "Dufs is a simple file server."
+description = "Dufs is a distinctive utility file server"
 license = "MIT OR Apache-2.0"
 homepage = "https://github.com/sigoden/dufs"
 repository = "https://github.com/sigoden/dufs"
@@ -11,7 +11,7 @@ categories = ["command-line-utilities", "web-programming::http-server"]
 keywords = ["static", "file", "server", "webdav", "cli"]
 
 [dependencies]
-clap = { version = "3", default-features = false, features = ["std"] }
+clap = { version = "3", default-features = false, features = ["std", "wrap_help"] }
 chrono = "0.4"
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
 tokio-rustls = "0.23"

README.md

@@ -3,7 +3,7 @@
 [![CI](https://github.com/sigoden/dufs/actions/workflows/ci.yaml/badge.svg)](https://github.com/sigoden/dufs/actions/workflows/ci.yaml)
 [![Crates](https://img.shields.io/crates/v/dufs.svg)](https://crates.io/crates/dufs)
 
-Dufs is a simple file server. Support static serve, search, upload, webdav...
+Dufs is a distinctive utility file server that supports static serving, uploading, searching, accessing control, webdav...
 
 ![demo](https://user-images.githubusercontent.com/4012553/174486522-7af350e6-0195-4f4a-8480-d9464fc6452f.png)
 
@@ -40,27 +40,29 @@ Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip
 ## CLI
 
 ```
-Dufs is a simple file server. - https://github.com/sigoden/dufs
+Dufs is a distinctive utility file server - https://github.com/sigoden/dufs
 
 USAGE:
     dufs [OPTIONS] [--] [path]
 
 ARGS:
-    <path>    Path to a root directory for serving files [default: .]
+    <path>    Specific path to serve [default: .]
 
 OPTIONS:
     -b, --bind <addr>...         Specify bind address
     -p, --port <port>            Specify port to listen on [default: 5000]
-        --path-prefix <path>    Specify an url path prefix
+        --path-prefix <path>     Specify an path prefix
     -a, --auth <rule>...         Add auth for path
+        --auth-method <value>    Select auth method [default: digest] [possible values: basic, digest]
     -A, --allow-all              Allow all operations
         --allow-upload           Allow upload files/folders
         --allow-delete           Allow delete files/folders
+        --allow-search           Allow search files/folders
         --allow-symlink          Allow symlink to files/folders outside root directory
         --enable-cors            Enable CORS, sets `Access-Control-Allow-Origin: *`
-        --render-index          Render index.html when requesting a directory
+        --render-index           Serve index.html when requesting a directory, returns 404 if not found index.html
-        --render-try-index      Render index.html if it exists when requesting a directory
+        --render-try-index       Serve index.html when requesting a directory, returns file listing if not found index.html
-        --render-spa            Render for single-page application
+        --render-spa             Serve SPA(Single Page Application)
         --tls-cert <path>        Path to an SSL/TLS certificate to serve with HTTPS
         --tls-key <path>         Path to the SSL/TLS certificate's private key
     -h, --help                   Print help information
@@ -69,30 +71,60 @@ OPTIONS:
 
 ## Examples
 
-Serve current working directory, no upload/delete
+Serve current working directory
 
 ```
 dufs
 ```
 
-Allow upload/delete
+Explicitly allow all operations including upload/delete 
 
 ```
 dufs -A
 ```
 
+Only allow upload operation
+
+```
+dufs --allow-upload
+```
+
+Serve a directory
+
+```
+dufs Downloads
+```
+
+Serve a single file
+
+```
+dufs linux-distro.iso
+```
+
+Serve index.html when requesting a directory
+
+```
+dufs --render-index
+```
+
+Serve SPA(Single Page Application)
+
+```
+dufs --render-spa
+```
+
+Require username/password
+
+```
+dufs -a /@admin:123
+```
+
 Listen on a specific port
 
 ```
 dufs -p 80
 ```
 
-For a single page application (SPA)
-
-```
-dufs --render-spa
-```
-
 Use https
 
 ```
@@ -124,36 +156,9 @@ Delete a file/folder
 curl -X DELETE http://127.0.0.1:5000/path-to-file
 ```
 
-## Details
+## Access Control
 
-<details>
+Dufs supports path level access control. You can control who can do what on which path with `--auth`/`-a`.
-<summary>
-
-#### 1. Control render logic
-
-</summary>
-
-
-The default render logic is:
-
--  If request for a folder, rendering the directory listing. 
--  If request for a file, rendering the file.
--  If request target does not exist, returns 404.
-
-The `--render-*` options change the render logic:
-
-- `--render-index`: If request for a folder, rendering index.html in the folder. If the index.html file does not exist, return 404.
-- `--render-try-index`: Like `--render-index`, rendering the directory listing if the index.html file does not exist, other than return 404.
-- `--render-spa`: If request target does not exist, rendering `/index.html`
-
-</details>
-
-<details>
-<summary>
-
-#### 2. Path level access control
-
-</summary>
 
 ```
 dufs -a <path>@<readwrite>[@<readonly>]
@@ -163,7 +168,7 @@ dufs -a <path>@<readwrite>[@<readonly>]
 - `<readwrite>`: Account with readwrite permission, required
 - `<readonly>`: Account with readonly permission, optional
 
-> `*` as `<readonly>` means `<path>` is public, everyone can access/download it.
+> `<readonly>` can be `*` means `<path>` is public, everyone can access/download it.
 
 For example:
 
@@ -174,14 +179,6 @@ dufs -a /@admin:pass@* -a /ui@designer:pass1 -A
 - Account `admin:pass` can upload/delete/download any files/folders.
 - Account `designer:pass1` can upload/delete/download any files/folders in the `ui` folder.
 
-Curl with digest auth:
-
-```
-curl --digest -u designer:pass1 http://127.0.0.1:5000/ui/path-to-file
-```
-
-</details>
-
 ## License
 
 Copyright (c) 2022 dufs-developers.

assets/index.css

@@ -1,11 +1,16 @@
 html {
-  font-family: -apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif;
+  font-family: -apple-system,BlinkMacSystemFont,Roboto,Helvetica,Arial,sans-serif;
   line-height: 1.5;
   color: #24292e;
 }
 
+body {
+  /* prevent premature breadcrumb wrapping on mobile */
+  min-width: 500px;
+}
+
 .hidden {
-  display: none;
+  display: none !important;
 }
 
 .head {
@@ -49,6 +54,11 @@ html {
   margin-right: 10px;
 }
 
+.toolbox > div {
+  /* vertically align with breadcrumb text */
+  height: 1.1rem;
+}
+
 .searchbar {
   display: flex;
   flex-wrap: nowrap;
@@ -116,11 +126,6 @@ html {
   white-space: nowrap;
 }
 
-.uploaders-table .cell-name,
-.paths-table .cell-name {
-  width: 500px;
-}
-
 .uploaders-table .cell-status {
   width: 80px;
   padding-left: 0.6em;
@@ -143,7 +148,6 @@ html {
   padding-left: 0.6em;
 }
 
-
 .path svg {
   height: 100%;
   fill: rgba(3,47,98,0.5);
@@ -163,7 +167,7 @@ html {
   display: block;
   text-decoration: none;
   max-width: calc(100vw - 375px);
-  min-width: 400px;
+  min-width: 200px;
 }
 
 .path a:hover {
@@ -182,6 +186,12 @@ html {
   padding-right: 1em;
 }
 
+@media (min-width: 768px) {
+  .path a {
+    min-width: 400px;
+  }
+}
+
 /* dark theme */
 @media (prefers-color-scheme: dark) {
   body {
@@ -200,7 +210,8 @@ html {
   }
 
   svg,
-  .path svg {
+  .path svg,
+  .breadcrumb svg {
     fill: #fff;
   }
 

assets/index.html

@@ -22,7 +22,7 @@
         <input type="file" id="file" name="file" multiple>
       </div>
     </div>
-    <form class="searchbar">
+    <form class="searchbar hidden">
       <div class="icon">
         <svg width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z"/></svg>
       </div>

assets/index.js

@@ -339,9 +339,13 @@ function ready() {
   $uploadersTable = document.querySelector(".uploaders-table");
   $emptyFolder = document.querySelector(".empty-folder");
 
+  if (DATA.allow_search) {
+    document.querySelector(".searchbar").classList.remove("hidden");
     if (params.q) {
       document.getElementById('search').value = params.q;
     }
+  }
+
 
   addBreadcrumb(DATA.href, DATA.uri_prefix);
   if (Array.isArray(DATA.paths)) {

src/args.rs

@@ -5,6 +5,7 @@ use std::net::IpAddr;
 use std::path::{Path, PathBuf};
 
 use crate::auth::AccessControl;
+use crate::auth::AuthMethod;
 use crate::tls::{load_certs, load_private_key};
 use crate::BoxResult;
 
@@ -39,13 +40,13 @@ fn app() -> Command<'static> {
             Arg::new("path")
                 .default_value(".")
                 .allow_invalid_utf8(true)
-                .help("Path to a root directory for serving files"),
+                .help("Specific path to serve"),
         )
         .arg(
             Arg::new("path-prefix")
                 .long("path-prefix")
                 .value_name("path")
-                .help("Specify an url path prefix"),
+                .help("Specify an path prefix"),
         )
         .arg(
             Arg::new("auth")
@@ -56,6 +57,14 @@ fn app() -> Command<'static> {
                 .multiple_occurrences(true)
                 .value_name("rule"),
         )
+        .arg(
+            Arg::new("auth-method")
+                .long("auth-method")
+                .help("Select auth method")
+                .possible_values(["basic", "digest"])
+                .default_value("digest")
+                .value_name("value"),
+        )
         .arg(
             Arg::new("allow-all")
                 .short('A')
@@ -72,6 +81,11 @@ fn app() -> Command<'static> {
                 .long("allow-delete")
                 .help("Allow delete files/folders"),
         )
+        .arg(
+            Arg::new("allow-search")
+                .long("allow-search")
+                .help("Allow search files/folders"),
+        )
         .arg(
             Arg::new("allow-symlink")
                 .long("allow-symlink")
@@ -85,17 +99,17 @@ fn app() -> Command<'static> {
         .arg(
             Arg::new("render-index")
                 .long("render-index")
-                .help("Render index.html when requesting a directory"),
+                .help("Serve index.html when requesting a directory, returns 404 if not found index.html"),
         )
         .arg(
             Arg::new("render-try-index")
                 .long("render-try-index")
-                .help("Render index.html if it exists when requesting a directory"),
+                .help("Serve index.html when requesting a directory, returns file listing if not found index.html"),
         )
         .arg(
             Arg::new("render-spa")
                 .long("render-spa")
-                .help("Render for single-page application"),
+                .help("Serve SPA(Single Page Application)"),
         )
         .arg(
             Arg::new("tls-cert")
@@ -115,7 +129,7 @@ pub fn matches() -> ArgMatches {
     app().get_matches()
 }
 
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 pub struct Args {
     pub addrs: Vec<IpAddr>,
     pub port: u16,
@@ -123,9 +137,11 @@ pub struct Args {
     pub path_is_file: bool,
     pub path_prefix: String,
     pub uri_prefix: String,
+    pub auth_method: AuthMethod,
     pub auth: AccessControl,
     pub allow_upload: bool,
     pub allow_delete: bool,
+    pub allow_search: bool,
     pub allow_symlink: bool,
     pub render_index: bool,
     pub render_spa: bool,
@@ -162,9 +178,14 @@ impl Args {
             .values_of("auth")
             .map(|v| v.collect())
             .unwrap_or_default();
+        let auth_method = match matches.value_of("auth-method").unwrap() {
+            "basic" => AuthMethod::Basic,
+            _ => AuthMethod::Digest,
+        };
         let auth = AccessControl::new(&auth, &uri_prefix)?;
         let allow_upload = matches.is_present("allow-all") || matches.is_present("allow-upload");
         let allow_delete = matches.is_present("allow-all") || matches.is_present("allow-delete");
+        let allow_search = matches.is_present("allow-all") || matches.is_present("allow-search");
         let allow_symlink = matches.is_present("allow-all") || matches.is_present("allow-symlink");
         let render_index = matches.is_present("render-index");
         let render_try_index = matches.is_present("render-try-index");
@@ -185,10 +206,12 @@ impl Args {
             path_is_file,
             path_prefix,
             uri_prefix,
+            auth_method,
             auth,
             enable_cors,
             allow_delete,
             allow_upload,
+            allow_search,
             allow_symlink,
             render_index,
             render_try_index,

src/auth.rs

@@ -22,12 +22,12 @@ lazy_static! {
     };
 }
 
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 pub struct AccessControl {
     rules: HashMap<String, PathControl>,
 }
 
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 pub struct PathControl {
     readwrite: Account,
     readonly: Option<Account>,
@@ -76,6 +76,7 @@ impl AccessControl {
         path: &str,
         method: &Method,
         authorization: Option<&HeaderValue>,
+        auth_method: AuthMethod,
     ) -> GuardType {
         if self.rules.is_empty() {
             return GuardType::ReadWrite;
@@ -86,7 +87,10 @@ impl AccessControl {
                 controls.push(control);
                 if let Some(authorization) = authorization {
                     let Account { user, pass } = &control.readwrite;
-                    if valid_digest(authorization, method.as_str(), user, pass).is_some() {
+                    if auth_method
+                        .validate(authorization, method.as_str(), user, pass)
+                        .is_some()
+                    {
                         return GuardType::ReadWrite;
                     }
                 }
@@ -99,7 +103,10 @@ impl AccessControl {
                 }
                 if let Some(authorization) = authorization {
                     if let Some(Account { user, pass }) = &control.readonly {
-                        if valid_digest(authorization, method.as_str(), user, pass).is_some() {
+                        if auth_method
+                            .validate(authorization, method.as_str(), user, pass)
+                            .is_some()
+                        {
                             return GuardType::ReadOnly;
                         }
                     }
@@ -167,7 +174,19 @@ impl Account {
     }
 }
 
-pub fn generate_www_auth(stale: bool) -> String {
+#[derive(Debug, Clone)]
+pub enum AuthMethod {
+    Basic,
+    Digest,
+}
+
+impl AuthMethod {
+    pub fn www_auth(&self, stale: bool) -> String {
+        match self {
+            AuthMethod::Basic => {
+                format!("Basic realm=\"{}\"", REALM)
+            }
+            AuthMethod::Digest => {
                 let str_stale = if stale { "stale=true," } else { "" };
                 format!(
                     "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\"",
@@ -175,14 +194,39 @@ pub fn generate_www_auth(stale: bool) -> String {
                     create_nonce(),
                     str_stale
                 )
-}
+            }
-
+        }
-pub fn valid_digest(
+    }
+    pub fn validate(
+        &self,
         authorization: &HeaderValue,
         method: &str,
         auth_user: &str,
         auth_pass: &str,
-) -> Option<()> {
+    ) -> Option<()> {
+        match self {
+            AuthMethod::Basic => {
+                let value: Vec<u8> =
+                    base64::decode(strip_prefix(authorization.as_bytes(), b"Basic ").unwrap())
+                        .unwrap();
+                let parts: Vec<&str> = std::str::from_utf8(&value).unwrap().split(':').collect();
+
+                if parts[0] != auth_user {
+                    return None;
+                }
+
+                let mut h = Context::new();
+                h.consume(format!("{}:{}:{}", parts[0], REALM, parts[1]).as_bytes());
+
+                let http_pass = format!("{:x}", h.compute());
+
+                if http_pass == auth_pass {
+                    return Some(());
+                }
+
+                None
+            }
+            AuthMethod::Digest => {
                 let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
                 let user_vals = to_headermap(digest_value).ok()?;
                 if let (Some(username), Some(nonce), Some(user_response)) = (
@@ -248,6 +292,9 @@ pub fn valid_digest(
                     }
                 }
                 None
+            }
+        }
+    }
 }
 
 /// Check if a nonce is still valid.

src/server.rs

@@ -1,4 +1,3 @@
-use crate::auth::generate_www_auth;
 use crate::streamer::Streamer;
 use crate::utils::{decode_uri, encode_uri};
 use crate::{Args, BoxResult};
@@ -96,7 +95,12 @@ impl Server {
         }
 
         let authorization = headers.get(AUTHORIZATION);
-        let guard_type = self.args.auth.guard(req_path, &method, authorization);
+        let guard_type = self.args.auth.guard(
+            req_path,
+            &method,
+            authorization,
+            self.args.auth_method.clone(),
+        );
         if guard_type.is_reject() {
             self.auth_reject(&mut res);
             return Ok(res);
@@ -129,6 +133,7 @@ impl Server {
 
         let allow_upload = self.args.allow_upload;
         let allow_delete = self.args.allow_delete;
+        let allow_search = self.args.allow_search;
         let render_index = self.args.render_index;
         let render_spa = self.args.render_spa;
         let render_try_index = self.args.render_try_index;
@@ -148,8 +153,9 @@ impl Server {
                             .await?;
                     } else if query == "zip" {
                         self.handle_zip_dir(path, head_only, &mut res).await?;
-                    } else if let Some(q) = query.strip_prefix("q=") {
+                    } else if allow_search && query.starts_with("q=") {
-                        self.handle_query_dir(path, q, head_only, &mut res).await?;
+                        let q = decode_uri(&query[2..]).unwrap_or_default();
+                        self.handle_query_dir(path, &q, head_only, &mut res).await?;
                     } else {
                         self.handle_ls_dir(path, true, head_only, &mut res).await?;
                     }
@@ -691,6 +697,7 @@ impl Server {
             paths,
             allow_upload: self.args.allow_upload,
             allow_delete: self.args.allow_delete,
+            allow_search: self.args.allow_search,
             dir_exists: exist,
         };
         let data = serde_json::to_string(&data).unwrap();
@@ -720,7 +727,7 @@ const DATA =
     }
 
     fn auth_reject(&self, res: &mut Response) {
-        let value = generate_www_auth(false);
+        let value = self.args.auth_method.www_auth(false);
         set_webdav_headers(res);
         res.headers_mut().typed_insert(Connection::close());
         res.headers_mut()
@@ -819,6 +826,7 @@ struct IndexData {
     paths: Vec<PathItem>,
     allow_upload: bool,
     allow_delete: bool,
+    allow_search: bool,
     dir_exists: bool,
 }
 

tests/allow.rs

@@ -59,3 +59,15 @@ fn allow_upload_delete_can_override(#[with(&["-A"])] server: TestServer) -> Resu
     assert_eq!(resp.status(), 201);
     Ok(())
 }
+
+#[rstest]
+fn allow_search(#[with(&["--allow-search"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
+    assert_eq!(resp.status(), 200);
+    let paths = utils::retrive_index_paths(&resp.text()?);
+    assert!(!paths.is_empty());
+    for p in paths {
+        assert!(p.contains(&"test.html"));
+    }
+    Ok(())
+}

tests/auth.rs

@@ -80,3 +80,18 @@ fn auth_nest_share(
     assert_eq!(resp.status(), 200);
     Ok(())
 }
+
+#[rstest]
+fn auth_basic(
+    #[with(&["--auth", "/@user:pass", "--auth-method", "basic", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .basic_auth("user", Some("pass"))
+        .send()?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}

tests/http.rs

@@ -63,7 +63,7 @@ fn head_dir_zip(server: TestServer) -> Result<(), Error> {
 }
 
 #[rstest]
-fn get_dir_search(server: TestServer) -> Result<(), Error> {
+fn get_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
     let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
     assert_eq!(resp.status(), 200);
     let paths = utils::retrive_index_paths(&resp.text()?);
@@ -75,7 +75,19 @@ fn get_dir_search(server: TestServer) -> Result<(), Error> {
 }
 
 #[rstest]
-fn head_dir_search(server: TestServer) -> Result<(), Error> {
+fn get_dir_search2(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "😀.data"))?;
+    assert_eq!(resp.status(), 200);
+    let paths = utils::retrive_index_paths(&resp.text()?);
+    assert!(!paths.is_empty());
+    for p in paths {
+        assert!(p.contains(&"😀.data"));
+    }
+    Ok(())
+}
+
+#[rstest]
+fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
     let resp = fetch!(b"HEAD", format!("{}?q={}", server.url(), "test.html")).send()?;
     assert_eq!(resp.status(), 200);
     assert_eq!(