chore: release v0.43.0 (#476 )

feat: provide healthcheck API (#474 )
feat: support binding abstract unix socket (#468 )
2026-04-10 01:20:38 +03:00 · 2024-11-05 17:08:43 +08:00 · 2024-10-28 07:37:21 +08:00 · 2024-10-23 06:57:45 +08:00 · 2024-09-25 22:19:25 +08:00 · 2024-09-07 17:57:05 +08:00
50 changed files with 6468 additions and 2879 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -5,13 +5,24 @@ about: Create a report to help us improve
 **Problem**
-<!-- A clear and concise description of what the bug is. -->
+<!-- Provide a clear and concise description of the bug you're experiencing. What did you expect to happen, and what actually happened? -->
 **Configuration**
 <!-- Please specify the Dufs command-line arguments or configuration used. -->
 <!-- If the issue is related to authentication/permissions, include auth configurations while concealing sensitive information (e.g., passwords). -->
 **Log**
-If applicable, add logs to help explain your problem.
+<!-- Attach relevant log outputs that can help diagnose the issue. -->
-**Environment:**
+**Screenshots/Media**
 <!-- If applicable, add screenshots or videos that help illustrate the issue, especially for WebUI problems. -->
 **Environment Information**
 - Dufs version:
- - Browser/Webdav Info: 
+ - Browser/Webdav info:
- - OS Info: 
+ - OS info:
 - Proxy server (if any):  <!-- e.g. nginx, cloudflare -->
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,6 +0,0 @@
 version: 2
 updates:
  - package-ecosystem: "cargo" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "monthly"
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -29,16 +29,12 @@ jobs:
      RUSTFLAGS: --deny warnings
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
    - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
      with:
        components: clippy, rustfmt
        override: true
        toolchain: stable
-    - uses: Swatinem/rust-cache@v1
+    - uses: Swatinem/rust-cache@v2
    - name: Test
      run: cargo test --all
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -7,7 +7,9 @@ on:
 jobs:
  release:
-    name: Publish to Github Relases
+    name: Publish to Github Releases
    permissions:
      contents: write
    outputs:
      rc: ${{ steps.check-tag.outputs.rc }}
@@ -25,7 +27,7 @@ jobs:
        - target: aarch64-pc-windows-msvc
          os: windows-latest
          use-cross: true
-          cargo-flags: "--no-default-features"
+          cargo-flags: ""
        - target: x86_64-apple-darwin
          os: macos-latest
          cargo-flags: ""
@@ -52,47 +54,42 @@ jobs:
          os: ubuntu-latest
          use-cross: true
          cargo-flags: ""
-        - target: mips-unknown-linux-musl
+
          os: ubuntu-latest
          use-cross: true
          cargo-flags: "--no-default-features"
        - target: mipsel-unknown-linux-musl
          os: ubuntu-latest
          use-cross: true
          cargo-flags: "--no-default-features"
        - target: mips64-unknown-linux-gnuabi64
          os: ubuntu-latest
          use-cross: true
          cargo-flags: "--no-default-features"
        - target: mips64el-unknown-linux-gnuabi64
          os: ubuntu-latest
          use-cross: true
          cargo-flags: "--no-default-features"
    runs-on: ${{matrix.os}}
    env:
      BUILD_CMD: cargo
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
    - name: Check Tag
      id: check-tag
      shell: bash
      run: |
-        tag=${GITHUB_REF##*/}
+        ver=${GITHUB_REF##*/}
-        echo "::set-output name=version::$tag"
+        echo "version=$ver" >> $GITHUB_OUTPUT
-        if [[ "$tag" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
+        if [[ "$ver" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
-          echo "::set-output name=rc::false"
+          echo "rc=false" >> $GITHUB_OUTPUT
        else
-          echo "::set-output name=rc::true"
+          echo "rc=true" >> $GITHUB_OUTPUT
        fi
    - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
      with:
-        override: true
+        targets: ${{ matrix.target }}
-        target: ${{ matrix.target }}
+
-        toolchain: stable
+    - name: Install cross
-        profile: minimal # minimal component installation (ie, no documentation)
+      if: matrix.use-cross
      uses: taiki-e/install-action@v2
      with:
        tool: cross
    - name: Overwrite build command env variable
      if: matrix.use-cross
      shell: bash
      run: echo "BUILD_CMD=cross" >> $GITHUB_ENV
    - name: Show Version Information (Rust, cargo, GCC)
      shell: bash
@@ -105,11 +102,8 @@ jobs:
        rustc -V
    - name: Build
-      uses: actions-rs/cargo@v1
+      shell: bash
-      with:
+      run: $BUILD_CMD build --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
        use-cross: ${{ matrix.use-cross }}
        command: build
        args: --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
    - name: Build Archive
      shell: bash
@@ -121,8 +115,7 @@ jobs:
        set -euxo pipefail
        bin=${GITHUB_REPOSITORY##*/}
-        src=`pwd`
+        dist_dir=`pwd`/dist
        dist=$src/dist
        name=$bin-$version-$target
        executable=target/$target/release/$bin
@@ -130,29 +123,27 @@ jobs:
          executable=$executable.exe
        fi
-        mkdir $dist
+        mkdir $dist_dir
-        cp $executable $dist
+        cp $executable $dist_dir
-        cd $dist
+        cd $dist_dir
        if [[ "$RUNNER_OS" == "Windows" ]]; then
-            archive=$dist/$name.zip
+            archive=$dist_dir/$name.zip
            7z a $archive *
-            echo "::set-output name=archive::`pwd -W`/$name.zip"
+            echo "archive=dist/$name.zip" >> $GITHUB_OUTPUT
        else
-            archive=$dist/$name.tar.gz
+            archive=$dist_dir/$name.tar.gz
-            tar czf $archive *
+            tar -czf $archive *
-            echo "::set-output name=archive::$archive"
+            echo "archive=dist/$name.tar.gz" >> $GITHUB_OUTPUT
        fi
    - name: Publish Archive
-      uses: softprops/action-gh-release@v0.1.5
+      uses: softprops/action-gh-release@v2
      if: ${{ startsWith(github.ref, 'refs/tags/') }}
      with:
        draft: false
        files: ${{ steps.package.outputs.archive }}
        prerelease: ${{ steps.check-tag.outputs.rc == 'true' }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  docker:
    name: Publish to Docker Hub
@@ -161,17 +152,18 @@ jobs:
    needs: release
    steps:
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
      - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ github.repository_owner	}}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
        with:
          file: Dockerfile-release
          build-args: |
            REPO=${{ github.repository }}
            VER=${{ github.ref_name }}
@@ -189,13 +181,11 @@ jobs:
    runs-on: ubuntu-latest
    needs: release
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
      - name: Publish
      - uses: dtolnay/rust-toolchain@stable
      - name: Publish
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
        run: cargo publish
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,289 @@
 All notable changes to this project will be documented in this file.
-## [0.27.0] - 2022-07-21
+## [0.43.0] - 2024-11-04
 ### Bug Fixes
 - Auth failed if password contains `:` ([#449](https://github.com/sigoden/dufs/issues/449))
 - Resolve speed bottleneck in 10G network ([#451](https://github.com/sigoden/dufs/issues/451))
 ### Features
 - Webui displays subdirectory items ([#457](https://github.com/sigoden/dufs/issues/457))
 - Support binding abstract unix socket ([#468](https://github.com/sigoden/dufs/issues/468))
 - Provide healthcheck API ([#474](https://github.com/sigoden/dufs/issues/474))
 ### Refactor
 - Do not show size for Dir ([#447](https://github.com/sigoden/dufs/issues/447))
 ## [0.42.0] - 2024-09-01
 ### Bug Fixes
 - Garbled characters caused by atob ([#422](https://github.com/sigoden/dufs/issues/422))
 - Webui unexpected save-btn when file is non-editable ([#429](https://github.com/sigoden/dufs/issues/429))
 - Login succeeded but popup `Forbidden` ([#437](https://github.com/sigoden/dufs/issues/437))
 ### Features
 - Implements remaining http cache conditionalss ([#407](https://github.com/sigoden/dufs/issues/407))
 - Base64 index-data to avoid misencoding ([#421](https://github.com/sigoden/dufs/issues/421))
 - Webui support logout ([#439](https://github.com/sigoden/dufs/issues/439))
 ### Refactor
 - No inline scripts in HTML ([#391](https://github.com/sigoden/dufs/issues/391))
 - Return 400 for propfind request when depth is neither 0 nor 1 ([#403](https://github.com/sigoden/dufs/issues/403))
 - Remove sabredav-partialupdate from DAV res header ([#415](https://github.com/sigoden/dufs/issues/415))
 - Date formatting in cache tests ([#428](https://github.com/sigoden/dufs/issues/428))
 - Some query params work as flag and must not accept a value ([#431](https://github.com/sigoden/dufs/issues/431))
 - Improve logout at asserts/index.js ([#440](https://github.com/sigoden/dufs/issues/440))
 - Make logout works on safari ([#442](https://github.com/sigoden/dufs/issues/442))
 ## [0.41.0] - 2024-05-22
 ### Bug Fixes
 - Timestamp format of getlastmodified in dav xml ([#366](https://github.com/sigoden/dufs/issues/366))
 - Strange issue that occurs only on Microsoft WebDAV ([#382](https://github.com/sigoden/dufs/issues/382))
 - Head div overlap main contents when wrap ([#386](https://github.com/sigoden/dufs/issues/386))
 ### Features
 - Tls handshake timeout ([#368](https://github.com/sigoden/dufs/issues/368))
 - Add api to get the hash of a file ([#375](https://github.com/sigoden/dufs/issues/375))
 - Add log-file option ([#383](https://github.com/sigoden/dufs/issues/383))
 ### Refactor
 - Digest_auth related tests ([#372](https://github.com/sigoden/dufs/issues/372))
 - Add fixed-width numerals to date and size on file list page ([#378](https://github.com/sigoden/dufs/issues/378))
 ## [0.40.0] - 2024-02-13
 ### Bug Fixes
 - Guard req and destination path ([#359](https://github.com/sigoden/dufs/issues/359))
 ### Features
 - Revert supporting for forbidden permission ([#352](https://github.com/sigoden/dufs/issues/352))
 ### Refactor
 - Do not try to bind ipv6 if no ipv6 ([#348](https://github.com/sigoden/dufs/issues/348))
 - Improve invalid auth ([#356](https://github.com/sigoden/dufs/issues/356))
 - Improve resolve_path and handle_assets, abandon guard_path ([#360](https://github.com/sigoden/dufs/issues/360))
 ## [0.39.0] - 2024-01-11
 ### Bug Fixes
 - Upload more than 100 files in directory ([#317](https://github.com/sigoden/dufs/issues/317))
 - Auth precedence ([#325](https://github.com/sigoden/dufs/issues/325))
 - Serve files with names containing newline char ([#328](https://github.com/sigoden/dufs/issues/328))
 - Corrupted zip when downloading large folders ([#337](https://github.com/sigoden/dufs/issues/337))
 ### Features
 - Empty search `?q=` list all paths ([#311](https://github.com/sigoden/dufs/issues/311))
 - Add `--compress` option ([#319](https://github.com/sigoden/dufs/issues/319))
 - Upgrade to hyper 1.0 ([#321](https://github.com/sigoden/dufs/issues/321))
 - Auth supports forbidden permissions ([#329](https://github.com/sigoden/dufs/issues/329))
 - Supports resumable uploads ([#343](https://github.com/sigoden/dufs/issues/343))
 ### Refactor
 - Change the format of www-authenticate ([#312](https://github.com/sigoden/dufs/issues/312))
 - Change the value name of `--config` ([#313](https://github.com/sigoden/dufs/issues/313))
 - Optimize http range parsing and handling ([#323](https://github.com/sigoden/dufs/issues/323))
 - Propfind with auth no need to list all ([#344](https://github.com/sigoden/dufs/issues/344))
 ## [0.38.0] - 2023-11-28
 ### Bug Fixes
 - Unable to start if config file omit bind/port fields ([#294](https://github.com/sigoden/dufs/issues/294))
 ### Features
 - Password can contain `:` `@` `|` ([#297](https://github.com/sigoden/dufs/issues/297))
 - Deprecate the use of `|` to separate auth rules ([#298](https://github.com/sigoden/dufs/issues/298))
 - More flexible config values ([#299](https://github.com/sigoden/dufs/issues/299))
 - Ui supports view file ([#301](https://github.com/sigoden/dufs/issues/301))
 ### Refactor
 - Take improvements from the edge browser ([#289](https://github.com/sigoden/dufs/issues/289))
 - Ui change the cursor for upload-btn to a pointer ([#291](https://github.com/sigoden/dufs/issues/291))
 - Ui improve uploading progress ([#296](https://github.com/sigoden/dufs/issues/296))
 ## [0.37.1] - 2023-11-08
 ### Bug Fixes
 - Use DUFS_CONFIG to specify the config file path ([#286](https://github.com/sigoden/dufs/issues/286)
 ## [0.37.0] - 2023-11-08
 ### Bug Fixes
 - Sort path ignore case ([#264](https://github.com/sigoden/dufs/issues/264))
 - Ui show user-name next to the user-icon ([#278](https://github.com/sigoden/dufs/issues/278))
 - Auto delete half-uploaded files ([#280](https://github.com/sigoden/dufs/issues/280))
 ### Features
 - Deprecate `--auth-method`,  as both options are available ([#279](https://github.com/sigoden/dufs/issues/279))
 - Support config file with `--config` option ([#281](https://github.com/sigoden/dufs/issues/281))
 - Support hashed password ([#283](https://github.com/sigoden/dufs/issues/283))
 ### Refactor
 - Remove one clone on `assets_prefix` ([#270](https://github.com/sigoden/dufs/issues/270))
 - Optimize tests
 - Improve code quality ([#282](https://github.com/sigoden/dufs/issues/282))
 ## [0.36.0] - 2023-08-24
 ### Bug Fixes
 - Ui readonly if no write perm ([#258](https://github.com/sigoden/dufs/issues/258))
 ### Testing
 - Remove dependency on native tls ([#255](https://github.com/sigoden/dufs/issues/255))
 ## [0.35.0] - 2023-08-14
 ### Bug Fixes
 - Search should ignore entry path ([#235](https://github.com/sigoden/dufs/issues/235))
 - Typo __ASSERTS_PREFIX__ ([#252](https://github.com/sigoden/dufs/issues/252))
 ### Features
 - Sort by type first, then sort by name/mtime/size ([#241](https://github.com/sigoden/dufs/issues/241))
 ## [0.34.2] - 2023-06-05
 ### Bug Fixes
 - Ui refresh page after login ([#230](https://github.com/sigoden/dufs/issues/230))
 - Webdav only see public folder even logging in ([#231](https://github.com/sigoden/dufs/issues/231))
 ## [0.34.1] - 2023-06-02
 ### Bug Fixes
 - Auth logic ([#224](https://github.com/sigoden/dufs/issues/224))
 - Allow all cors headers and methods ([#225](https://github.com/sigoden/dufs/issues/225))
 ### Refactor
 - Ui checkAuth ([#226](https://github.com/sigoden/dufs/issues/226))
 ## [0.34.0] - 2023-06-01
 ### Bug Fixes
 - URL-encoded filename when downloading in safari ([#203](https://github.com/sigoden/dufs/issues/203))
 - Ui path table show move action ([#219](https://github.com/sigoden/dufs/issues/219))
 - Ui set default max uploading to 1 ([#220](https://github.com/sigoden/dufs/issues/220))
 ### Features
 - Webui editing support multiple encodings ([#197](https://github.com/sigoden/dufs/issues/197))
 - Add timestamp metadata to generated zip file ([#204](https://github.com/sigoden/dufs/issues/204))
 - Show precise file size with decimal ([#210](https://github.com/sigoden/dufs/issues/210))
 - [**breaking**] New auth ([#218](https://github.com/sigoden/dufs/issues/218))
 ### Refactor
 - Cli positional rename root => SERVE_PATH([#215](https://github.com/sigoden/dufs/issues/215))
 ## [0.33.0] - 2023-03-17
 ### Bug Fixes
 - Cors allow-request-header add content-type ([#184](https://github.com/sigoden/dufs/issues/184))
 - Hidden don't works on some files ([#188](https://github.com/sigoden/dufs/issues/188))
 - Basic auth sometimes does not work ([#194](https://github.com/sigoden/dufs/issues/194))
 ### Features
 - Guess plain text encoding then set content-type charset ([#186](https://github.com/sigoden/dufs/issues/186))
 ### Refactor
 - Improve error handle ([#195](https://github.com/sigoden/dufs/issues/195))
 ## [0.32.0] - 2023-02-22
 ### Bug Fixes
 - Set the STOPSIGNAL to SIGINT for Dockerfile
 - Remove Method::Options auth check ([#168](https://github.com/sigoden/dufs/issues/168))
 - Clear search input also clear query ([#178](https://github.com/sigoden/dufs/issues/178))
 ### Features
 - [**breaking**] Add option --allow-archive ([#152](https://github.com/sigoden/dufs/issues/152))
 - Use env var for args ([#170](https://github.com/sigoden/dufs/issues/170))
 - Hiding only directories instead of files ([#175](https://github.com/sigoden/dufs/issues/175))
 - API to search and list directories ([#177](https://github.com/sigoden/dufs/issues/177))
 - Support edit files ([#179](https://github.com/sigoden/dufs/issues/179))
 - Support new file ([#180](https://github.com/sigoden/dufs/issues/180))
 - Ui improves the login experience ([#182](https://github.com/sigoden/dufs/issues/182))
 ## [0.31.0] - 2022-11-11
 ### Bug Fixes
 - Auth not works with --path-prefix ([#138](https://github.com/sigoden/dufs/issues/138))
 - Don't search on empty query string ([#140](https://github.com/sigoden/dufs/issues/140))
 - Status code for MKCOL on existing resource ([#142](https://github.com/sigoden/dufs/issues/142))
 - Panic on PROPFIND // ([#144](https://github.com/sigoden/dufs/issues/144))
 ### Features
 - Support unix sockets ([#145](https://github.com/sigoden/dufs/issues/145))
 ## [0.30.0] - 2022-09-09
 ### Bug Fixes
 - Hide path by ext name ([#126](https://github.com/sigoden/dufs/issues/126))
 ### Features
 - Support sort by name, mtime, size ([#128](https://github.com/sigoden/dufs/issues/128))
 - Add --assets options to override assets ([#134](https://github.com/sigoden/dufs/issues/134))
 ## [0.29.0] - 2022-08-03
 ### Bug Fixes
 - Table row hover highlighting in dark mode ([#122](https://github.com/sigoden/dufs/issues/122))
 ### Features
 - Support ecdsa tls cert ([#119](https://github.com/sigoden/dufs/issues/119))
 ## [0.28.0] - 2022-08-01
 ### Bug Fixes
 - File path contains special characters ([#114](https://github.com/sigoden/dufs/issues/114))
 ### Features
 - Add table row hover ([#115](https://github.com/sigoden/dufs/issues/115))
 - Support customize http log format ([#116](https://github.com/sigoden/dufs/issues/116))
 ## [0.27.0] - 2022-07-25
 ### Features
@@ -33,7 +315,7 @@ All notable changes to this project will be documented in this file.
 ### Bug Fixes
- Unexpect stack overflow when searching a lot ([#87](https://github.com/sigoden/dufs/issues/87))
+- Unexpected stack overflow when searching a lot ([#87](https://github.com/sigoden/dufs/issues/87))
 ### Features
@@ -126,7 +408,7 @@ All notable changes to this project will be documented in this file.
 ### Refactor
- Trival changes ([#41](https://github.com/sigoden/dufs/issues/41))
+- Trivial changes ([#41](https://github.com/sigoden/dufs/issues/41))
 ## [0.16.0] - 2022-06-12
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dufs"
-version = "0.27.0"
+version = "0.43.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Dufs is a distinctive utility file server"
@@ -11,52 +11,67 @@ categories = ["command-line-utilities", "web-programming::http-server"]
 keywords = ["static", "file", "server", "webdav", "cli"]
 [dependencies]
-clap = { version = "3", default-features = false, features = ["std", "wrap_help"] }
+clap = { version = "4.5", features = ["wrap_help", "env"] }
-clap_complete = "3"
+clap_complete = "4.5"
-chrono = "0.4"
+chrono = { version = "0.4", default-features = false, features = ["clock"] }
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
-tokio-util = { version = "0.7",  features = ["io-util"] }
+tokio-util = { version = "0.7",  features = ["io-util", "compat"] }
-hyper = { version = "0.14", features = ["http1", "server", "tcp", "stream"] }
+hyper = { version = "1", features = ["http1", "server"] }
-percent-encoding = "2.1"
+percent-encoding = "2.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-futures = "0.3"
+futures-util = { version = "0.3", default-features = false, features = ["alloc"] }
-base64 = "0.13"
+async_zip = { version = "0.0.17", default-features = false, features = ["deflate", "bzip2", "xz", "chrono", "tokio"] }
-async_zip = { version = "0.0.8", default-features = false, features = ["deflate"] }
+headers = "0.4"
 headers = "0.3"
 mime_guess = "2.0"
-if-addrs = "0.7"
+if-addrs = "0.13"
-rustls = { version = "0.20", default-features = false, features = ["tls12"], optional = true }
+rustls-pemfile = { version = "2.0", optional = true }
-rustls-pemfile = { version = "1", optional = true }
+tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["ring", "tls12"]}
 tokio-rustls = { version = "0.23", optional = true }
 md5 = "0.7"
 lazy_static = "1.4"
-uuid = { version = "1.1", features = ["v4", "fast-rng"] }
+uuid = { version = "1.7", features = ["v4", "fast-rng"] }
 urlencoding = "2.1"
 xml-rs = "0.8"
-log = "0.4"
+log = { version = "0.4", features = ["std"] }
-socket2 = "0.4"
+socket2 = "0.5"
 async-stream = "0.3"
 walkdir = "2.3"
 form_urlencoded = "1.2"
 alphanumeric-sort = "1.4"
 content_inspector = "0.2"
 anyhow = "1.0"
 chardetng = "0.1"
 glob = "0.3"
 indexmap = "2.2"
 serde_yaml = "0.9"
 sha-crypt = "0.5"
 base64 = "0.22"
 smart-default = "0.7"
 rustls-pki-types = "1.2"
 hyper-util = { version = "0.1", features = ["server-auto", "tokio"] }
 http-body-util = "0.1"
 bytes = "1.5"
 pin-project-lite = "0.2"
 sha2 = "0.10.8"
 [features]
 default = ["tls"]
-tls = ["rustls", "rustls-pemfile", "tokio-rustls"]
+tls = ["rustls-pemfile", "tokio-rustls"]
 [dev-dependencies]
 assert_cmd = "2"
-reqwest = { version = "0.11", features = ["blocking", "multipart", "rustls-tls"], default-features = false }
+reqwest = { version = "0.12", features = ["blocking", "multipart", "rustls-tls"], default-features = false }
 assert_fs = "1"
-select = "0.5"
+port_check = "0.2"
-port_check = "0.1"
+rstest = "0.23"
 rstest = "0.15"
 regex = "1"
 pretty_assertions = "1.2"
 url = "2"
-diqwest = { version = "1", features = ["blocking"] }
+predicates = "3"
-predicates = "2"
+digest_auth = "0.3.1"
 [profile.release]
 opt-level = 3
 lto = true
-strip = true
+codegen-units = 1
-opt-level = "z"
+panic = "abort"
 strip = "symbols"
--- a/24
+++ b/24
@@ -1,18 +1,14 @@
-FROM alpine as builder
+FROM --platform=linux/amd64 messense/rust-musl-cross:x86_64-musl AS amd64
-ARG REPO VER TARGETPLATFORM
+COPY . .
-RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ 
+RUN cargo install --path . --root /
-        TARGET="x86_64-unknown-linux-musl"; \
+
-    elif [  "$TARGETPLATFORM" = "linux/arm64" ]; then \
+FROM --platform=linux/amd64 messense/rust-musl-cross:aarch64-musl AS arm64
-        TARGET="aarch64-unknown-linux-musl"; \
+COPY . .
-    elif [  "$TARGETPLATFORM" = "linux/386" ]; then \
+RUN cargo install --path . --root /
-        TARGET="i686-unknown-linux-musl"; \
+
-    elif [  "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
+FROM ${TARGETARCH} AS builder
        TARGET="armv7-unknown-linux-musleabihf"; \
    fi && \
    wget https://github.com/${REPO}/releases/download/${VER}/dufs-${VER}-${TARGET}.tar.gz && \
    tar -xf dufs-${VER}-${TARGET}.tar.gz && \
    mv dufs /bin/
 FROM scratch
 COPY --from=builder /bin/dufs /bin/dufs
 STOPSIGNAL SIGINT
 ENTRYPOINT ["/bin/dufs"]
--- a/19
+++ b/19
@@ -0,0 +1,19 @@
 FROM alpine as builder
 ARG REPO VER TARGETPLATFORM
 RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ 
        TARGET="x86_64-unknown-linux-musl"; \
    elif [  "$TARGETPLATFORM" = "linux/arm64" ]; then \
        TARGET="aarch64-unknown-linux-musl"; \
    elif [  "$TARGETPLATFORM" = "linux/386" ]; then \
        TARGET="i686-unknown-linux-musl"; \
    elif [  "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
        TARGET="armv7-unknown-linux-musleabihf"; \
    fi && \
    wget https://github.com/${REPO}/releases/download/${VER}/dufs-${VER}-${TARGET}.tar.gz && \
    tar -xf dufs-${VER}-${TARGET}.tar.gz && \
    mv dufs /bin/
 FROM scratch
 COPY --from=builder /bin/dufs /bin/dufs
 STOPSIGNAL SIGINT
 ENTRYPOINT ["/bin/dufs"]
--- a/README.md
+++ b/README.md
@@ -2,19 +2,20 @@
 [![CI](https://github.com/sigoden/dufs/actions/workflows/ci.yaml/badge.svg)](https://github.com/sigoden/dufs/actions/workflows/ci.yaml)
 [![Crates](https://img.shields.io/crates/v/dufs.svg)](https://crates.io/crates/dufs)
 [![Docker Pulls](https://img.shields.io/docker/pulls/sigoden/dufs)](https://hub.docker.com/r/sigoden/dufs)
 Dufs is a distinctive utility file server that supports static serving, uploading, searching, accessing control, webdav...
-![demo](https://user-images.githubusercontent.com/4012553/177549931-130383ef-0480-4911-b9c2-0d9534a624b7.png)
+![demo](https://user-images.githubusercontent.com/4012553/220513063-ff0f186b-ac54-4682-9af4-47a9781dee0d.png)
 ## Features
 - Serve static files
 - Download folder as zip file
 - Upload files and folders (Drag & Drop)
- Search files
+- Create/Edit/Search files
- Partial responses (Parallel/Resume download)
+- Resumable/partial uploads/downloads
- Path level access control
+- Access control
 - Support https
 - Support webdav
 - Easy to use with curl
@@ -30,7 +31,13 @@ cargo install dufs
 ### With docker
 ```
-docker run -v `pwd`:/data -p 5000:5000 --rm -it sigoden/dufs /data -A
+docker run -v `pwd`:/data -p 5000:5000 --rm sigoden/dufs /data -A
 ```
 ### With [Homebrew](https://brew.sh)
 ```
 brew install dufs
 ```
 ### Binaries on macOS, Linux, Windows
@@ -42,44 +49,48 @@ Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip
 ```
 Dufs is a distinctive utility file server - https://github.com/sigoden/dufs
-USAGE:
+Usage: dufs [OPTIONS] [serve-path]
    dufs [OPTIONS] [--] [path]
-ARGS:
+Arguments:
-    <path>    Specific path to serve [default: .]
+  [serve-path]  Specific path to serve [default: .]
-OPTIONS:
+Options:
-    -b, --bind <addr>...         Specify bind address
+  -c, --config <file>        Specify configuration file
-    -p, --port <port>            Specify port to listen on [default: 5000]
+  -b, --bind <addrs>         Specify bind address or unix socket
-        --path-prefix <path>     Specify a path prefix
+  -p, --port <port>          Specify port to listen on [default: 5000]
-        --hidden <value>         Hide directories from directory listings, separated by `,`
+      --path-prefix <path>   Specify a path prefix
-    -a, --auth <rule>...         Add auth for path
+      --hidden <value>       Hide paths from directory listings, e.g. tmp,*.log,*.lock
-        --auth-method <value>    Select auth method [default: digest] [possible values: basic, digest]
+  -a, --auth <rules>         Add auth roles, e.g. user:pass@/dir1:rw,/dir2
-    -A, --allow-all              Allow all operations
+  -A, --allow-all            Allow all operations
-        --allow-upload           Allow upload files/folders
+      --allow-upload         Allow upload files/folders
-        --allow-delete           Allow delete files/folders
+      --allow-delete         Allow delete files/folders
-        --allow-search           Allow search files/folders
+      --allow-search         Allow search files/folders
-        --allow-symlink          Allow symlink to files/folders outside root directory
+      --allow-symlink        Allow symlink to files/folders outside root directory
-        --enable-cors            Enable CORS, sets `Access-Control-Allow-Origin: *`
+      --allow-archive        Allow zip archive generation
-        --render-index           Serve index.html when requesting a directory, returns 404 if not found index.html
+      --enable-cors          Enable CORS, sets `Access-Control-Allow-Origin: *`
-        --render-try-index       Serve index.html when requesting a directory, returns directory listing if not found index.html
+      --render-index         Serve index.html when requesting a directory, returns 404 if not found index.html
-        --render-spa             Serve SPA(Single Page Application)
+      --render-try-index     Serve index.html when requesting a directory, returns directory listing if not found index.html
-        --completions <shell>    Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
+      --render-spa           Serve SPA(Single Page Application)
-        --tls-cert <path>        Path to an SSL/TLS certificate to serve with HTTPS
+      --assets <path>        Set the path to the assets directory for overriding the built-in assets
-        --tls-key <path>         Path to the SSL/TLS certificate's private key
+      --log-format <format>  Customize http log format
-    -h, --help                   Print help information
+      --log-file <file>      Specify the file to save logs to, other than stdout/stderr
-    -V, --version                Print version information
+      --compress <level>     Set zip compress level [default: low] [possible values: none, low, medium, high]
      --completions <shell>  Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
      --tls-key <path>       Path to the SSL/TLS certificate's private key
  -h, --help                 Print help
  -V, --version              Print version
 ```
 ## Examples
-Serve current working directory
+Serve current working directory in read-only mode
 ```
 dufs
 ```
-Allow all operations like upload/delete/search...
+Allow all operations like upload/delete/search/create/edit...
 ```
 dufs -A
@@ -118,19 +129,18 @@ dufs --render-index
 Require username/password
 ```
-dufs -a /@admin:123
+dufs -a admin:123@/:rw
 ```
-Listen on a specific port
+Listen on specific host:ip 
 ```
-dufs -p 80
+dufs -b 127.0.0.1 -p 80
 ```
-Hide directories from directory listings
+Listen on unix socket
 ```
-dufs --hidden .git,.DS_Store
+dufs -b /tmp/dufs.socket
 ```
 Use https
@@ -143,53 +153,268 @@ dufs --tls-cert my.crt --tls-key my.key
 Upload a file
-```
+```sh
 curl -T path-to-file http://127.0.0.1:5000/new-path/path-to-file
 ```
 Download a file
-```
+```sh
-curl http://127.0.0.1:5000/path-to-file
+curl http://127.0.0.1:5000/path-to-file           # download the file
 curl http://127.0.0.1:5000/path-to-file?hash      # retrieve the sha256 hash of the file
 ```
 Download a folder as zip file
-```
+```sh
 curl -o path-to-folder.zip http://127.0.0.1:5000/path-to-folder?zip
 ```
 Delete a file/folder
-```
+```sh
 curl -X DELETE http://127.0.0.1:5000/path-to-file-or-folder
 ```
-## Access Control
+Create a directory
-Dufs supports path level access control. You can control who can do what on which path with `--auth`/`-a`.
+```sh
-
+curl -X MKCOL http://127.0.0.1:5000/path-to-folder
 ```
 dufs -a <path>@<readwrite>[@<readonly>|@*]
 ```
- `<path>`: Protected url path
+Move the file/folder to the new path
 - `<readwrite>`: Account with upload/delete/view/download permission, required
 - `<readonly>`: Account with view/download permission, optional
-> `*` means `<path>` is public, everyone can view/download it.
+```sh
 curl -X MOVE http://127.0.0.1:5000/path -H "Destination: http://127.0.0.1:5000/new-path"
 ```
-For example:
+List/search directory contents
 ```sh
 curl http://127.0.0.1:5000?q=Dockerfile           # search for files, similar to `find -name Dockerfile`
 curl http://127.0.0.1:5000?simple                 # output names only, similar to `ls -1`
 curl http://127.0.0.1:5000?json                   # output paths in json format
 ```
 With authorization (Both basic or digest auth works)
 ```sh
 curl http://127.0.0.1:5000/file --user user:pass                 # basic auth
 curl http://127.0.0.1:5000/file --user user:pass --digest        # digest auth
 ```
 Resumable downloads
 ```sh
 curl -C- -o file http://127.0.0.1:5000/file
 ```
 Resumable uploads
 ```sh
 upload_offset=$(curl -I -s http://127.0.0.1:5000/file | tr -d '\r' | sed -n 's/content-length: //p')
 dd skip=$upload_offset if=file status=none ibs=1 | \
  curl -X PATCH -H "X-Update-Range: append" --data-binary @- http://127.0.0.1:5000/file
 ```
 Health checks
 ```sh
 curl http://127.0.0.1:5000/__dufs__/health
 ```
 <details>
 <summary><h2>Advanced Topics</h2></summary>
 ### Access Control
 Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`.
 ```
-dufs -a /@admin:pass1@* -a /ui@designer:pass2 -A
+dufs -a admin:admin@/:rw -a guest:guest@/
 dufs -a user:pass@/:rw,/dir1 -a @/
 ```
- All files/folders are public to view/download.
+
- Account `admin:pass1` can upload/delete/view/download any files/folders.
+1. Use `@` to separate the account and paths. No account means anonymous user.
- Account `designer:pass2` can upload/delete/view/download any files/folders in the `ui` folder.
+2. Use `:` to separate the username and password of the account.
 3. Use `,` to separate paths.
 4. Use path suffix `:rw`/`:ro` set permissions: `read-write`/`read-only`. `:ro` can be omitted.
 - `-a admin:admin@/:rw`: `admin` has complete permissions for all paths.
 - `-a guest:guest@/`: `guest` has read-only permissions for all paths.
 - `-a user:pass@/:rw,/dir1`: `user` has read-write permissions for `/*`, has read-only permissions for `/dir1/*`.
 - `-a @/`: All paths is publicly accessible, everyone can view/download it.
 > There are no restrictions on using ':' and '@' characters in a password. For example, `user:pa:ss@1@/:rw` is valid, the password is `pa:ss@1`.
 #### Hashed Password
 DUFS supports the use of sha-512 hashed password.
 Create hashed password
 ```
 $ mkpasswd -m sha-512 123456
 $6$tWMB51u6Kb2ui3wd$5gVHP92V9kZcMwQeKTjyTRgySsYJu471Jb1I6iHQ8iZ6s07GgCIO69KcPBRuwPE5tDq05xMAzye0NxVKuJdYs/
 ```
 Use hashed password
 ```
 dufs -a 'admin:$6$tWMB51u6Kb2ui3wd$5gVHP92V9kZcMwQeKTjyTRgySsYJu471Jb1I6iHQ8iZ6s07GgCIO69KcPBRuwPE5tDq05xMAzye0NxVKuJdYs/@/:rw'
 ```
 Two important things for hashed passwords:
 1. Dufs only supports sha-512 hashed passwords, so ensure that the password string always starts with `$6$`.
 2. Digest authentication does not function properly with hashed passwords.
 ### Hide Paths
 Dufs supports hiding paths from directory listings via option `--hidden <glob>,...`.
 ```
 dufs --hidden .git,.DS_Store,tmp
 ```
 > The glob used in --hidden only matches file and directory names, not paths. So `--hidden dir1/file` is invalid.
 ```sh
 dufs --hidden '.*'                          # hidden dotfiles
 dufs --hidden '*/'                          # hidden all folders
 dufs --hidden '*.log,*.lock'                # hidden by exts
 dufs --hidden '*.log' --hidden '*.lock'
 ```
 ### Log Format
 Dufs supports customize http log format with option `--log-format`.
 The log format can use following variables.
 | variable     | description                                                               |
 | ------------ | ------------------------------------------------------------------------- |
 | $remote_addr | client address                                                            |
 | $remote_user | user name supplied with authentication                                    |
 | $request     | full original request line                                                |
 | $status      | response status                                                           |
 | $http_       | arbitrary request header field. examples: $http_user_agent, $http_referer |
 The default log format is `'$remote_addr "$request" $status'`.
 ```
 2022-08-06T06:59:31+08:00 INFO - 127.0.0.1 "GET /" 200
 ```
 Disable http log
 ```
 dufs --log-format=''
 ```
 Log user-agent
 ```
 dufs --log-format '$remote_addr "$request" $status $http_user_agent'
 ```
 ```
 2022-08-06T06:53:55+08:00 INFO - 127.0.0.1 "GET /" 200 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
 ```
 Log remote-user
 ```
 dufs --log-format '$remote_addr $remote_user "$request" $status' -a /@admin:admin -a /folder1@user1:pass1
 ```
 ```
 2022-08-06T07:04:37+08:00 INFO - 127.0.0.1 admin "GET /" 200
 ```
 ## Environment variables
 All options can be set using environment variables prefixed with `DUFS_`.
 ```
 [serve-path]                DUFS_SERVE_PATH="."
    --config <file>         DUFS_CONFIG=config.yaml
 -b, --bind <addrs>          DUFS_BIND=0.0.0.0
 -p, --port <port>           DUFS_PORT=5000
    --path-prefix <path>    DUFS_PATH_PREFIX=/dufs
    --hidden <value>        DUFS_HIDDEN=tmp,*.log,*.lock
 -a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
 -A, --allow-all             DUFS_ALLOW_ALL=true
    --allow-upload          DUFS_ALLOW_UPLOAD=true
    --allow-delete          DUFS_ALLOW_DELETE=true
    --allow-search          DUFS_ALLOW_SEARCH=true
    --allow-symlink         DUFS_ALLOW_SYMLINK=true
    --allow-archive         DUFS_ALLOW_ARCHIVE=true
    --enable-cors           DUFS_ENABLE_CORS=true
    --render-index          DUFS_RENDER_INDEX=true
    --render-try-index      DUFS_RENDER_TRY_INDEX=true
    --render-spa            DUFS_RENDER_SPA=true
    --assets <path>         DUFS_ASSETS=./assets
    --log-format <format>   DUFS_LOG_FORMAT=""
    --log-file <file>       DUFS_LOG_FILE=./dufs.log
    --compress <compress>   DUFS_COMPRESS=low
    --tls-cert <path>       DUFS_TLS_CERT=cert.pem
    --tls-key <path>        DUFS_TLS_KEY=key.pem
 ```
 ## Configuration File
 You can specify and use the configuration file by selecting the option `--config <path-to-config.yaml>`.
 The following are the configuration items:
 ```yaml
 serve-path: '.'
 bind: 0.0.0.0
 port: 5000
 path-prefix: /dufs
 hidden:
  - tmp
  - '*.log'
  - '*.lock'
 auth:
  - admin:admin@/:rw
  - user:pass@/src:rw,/share
  - '@/'  # According to the YAML spec, quoting is required.
 allow-all: false
 allow-upload: true
 allow-delete: true
 allow-search: true
 allow-symlink: true
 allow-archive: true
 enable-cors: true
 render-index: true
 render-try-index: true
 render-spa: true
 assets: ./assets/
 log-format: '$remote_addr "$request" $status $http_user_agent'
 log-file: ./dufs.log
 compress: low
 tls-cert: tests/data/cert.pem
 tls-key: tests/data/key_pkcs1.pem
 ```
 ### Customize UI
 Dufs allows users to customize the UI with your own assets.
 ```
 dufs --assets my-assets-dir/
 ```
 > If you only need to make slight adjustments to the current UI, you copy dufs's [assets](https://github.com/sigoden/dufs/tree/main/assets) directory and modify it accordingly. The current UI doesn't use any frameworks, just plain HTML/JS/CSS. As long as you have some basic knowledge of web development, it shouldn't be difficult to modify.
 Your assets folder must contains a `index.html` file.
 `index.html` can use the following placeholder variables to retrieve internal data.
 - `__INDEX_DATA__`: directory listing data
 - `__ASSETS_PREFIX__`: assets url prefix
 </details>
 ## License
-Copyright (c) 2022 dufs-developers.
+Copyright (c) 2022-2024 dufs-developers.
 dufs is made available under the terms of either the MIT License or the Apache License 2.0, at your option.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
 # Security Policy
 ## Supported Versions
 The latest release of *dufs* is supported. The fixes for any security issues found will be included
 in the next release.
 ## Reporting a Vulnerability
 Please [use *dufs*'s security advisory reporting tool provided by
 GitHub](https://github.com/sigoden/dufs/security/advisories/new) to report security issues.
 We strive to fix security issues as quickly as possible. Across the industry, often the developers'
 slowness in developing and releasing a fix is the biggest delay in the process; we take pride in
 minimizing this delay as much as we practically can. We encourage you to also minimize the delay
 between when you find an issue and when you contact us. You do not need to convince us to take your
 report seriously. You don't need to create a PoC or a patch if that would slow down your reporting.
 You don't need an elaborate write-up. A short, informal note about the issue is good. We can always
 communicate later to fill in any details we need after that first note is shared with us.
--- a/assets/favicon.ico
+++ b/assets/favicon.ico
--- a/assets/index.css
+++ b/assets/index.css
@@ -1,12 +1,13 @@
 html {
-  font-family: -apple-system,BlinkMacSystemFont,Roboto,Helvetica,Arial,sans-serif;
+  font-family: -apple-system, BlinkMacSystemFont, Roboto, Helvetica, Arial, sans-serif;
  line-height: 1.5;
  color: #24292e;
 }
 body {
  /* prevent premature breadcrumb wrapping on mobile */
-  min-width: 500px;
+  min-width: 538px;
  margin: 0;
 }
 .hidden {
@@ -17,36 +18,40 @@ body {
  display: flex;
  flex-wrap: wrap;
  align-items: center;
-  padding: 1em 1em 0;
+  padding: 0.6em 1em;
  position: sticky;
  top: 0;
  background-color: white;
 }
 .breadcrumb {
  font-size: 1.25em;
  padding-right: 0.6em;
  word-break: break-all;
 }
-.breadcrumb > a {
+.breadcrumb>a {
  color: #0366d6;
  text-decoration: none;
 }
-.breadcrumb > a:hover {
+.breadcrumb>a:hover {
  text-decoration: underline;
 }
 /* final breadcrumb */
-.breadcrumb > b {
+.breadcrumb>b {
  color: #24292e;
 }
-.breadcrumb > .separator {
+.breadcrumb>.separator {
  color: #586069;
  padding: 0 0.25em;
 }
 .breadcrumb svg {
  height: 100%;
-  fill: rgba(3,47,98,0.5);
+  fill: rgba(3, 47, 98, 0.5);
 }
 .toolbox {
@@ -54,7 +59,8 @@ body {
  margin-right: 10px;
 }
-.toolbox > div {
+.toolbox>a,
 .toolbox>div {
  /* vertically align with breadcrumb text */
  height: 1.1rem;
 }
@@ -68,6 +74,10 @@ body {
  display: none;
 }
 .upload-file label {
  cursor: pointer;
 }
 .searchbar {
  display: flex;
  flex-wrap: nowrap;
@@ -87,7 +97,6 @@ body {
  font-size: 16px;
  line-height: 16px;
  padding: 1px;
  font-family: helvetica neue,luxi sans,Tahoma,hiragino sans gb,STHeiti,sans-serif;
  background-color: transparent;
  border: none;
  outline: none;
@@ -99,17 +108,11 @@ body {
  cursor: pointer;
 }
 .upload-status span {
  width: 70px;
  display: inline-block;
 }
 .main {
  padding: 0 1em;
 }
 .empty-folder {
  padding-top: 1rem;
  font-style: italic;
 }
@@ -131,26 +134,45 @@ body {
  padding-left: 0.6em;
 }
 .cell-status span {
  display: inline-block;
 }
 .paths-table thead a {
  color: unset;
  text-decoration: none;
 }
 .paths-table thead a>span {
  padding-left: 2px;
 }
 .paths-table tbody tr:hover {
  background-color: #fafafa;
 }
 .paths-table .cell-actions {
-  width: 75px;
+  width: 90px;
  display: flex;
-  padding-left: 0.6em;
+  padding-left: 0.5em;
 }
 .paths-table .cell-mtime {
  width: 120px;
-  padding-left: 0.6em;
+  padding-left: 0.5em;
  font-variant-numeric: tabular-nums;
 }
 .paths-table .cell-size {
  text-align: right;
  width: 70px;
-  padding-left: 0.6em;
+  padding-left: 0.5em;
  font-variant-numeric: tabular-nums;
 }
 .path svg {
  height: 16px;
-  fill: rgba(3,47,98,0.5);
+  fill: rgba(3, 47, 98, 0.5);
  padding-right: 0.5em;
  vertical-align: text-top;
 }
@@ -167,7 +189,7 @@ body {
  display: block;
  text-decoration: none;
  max-width: calc(100vw - 375px);
-  min-width: 200px;
+  min-width: 170px;
 }
 .path a:hover {
@@ -176,6 +198,7 @@ body {
 .action-btn {
  padding-right: 0.3em;
  cursor: pointer;
 }
 .uploaders-table {
@@ -186,6 +209,47 @@ body {
  padding-right: 1em;
 }
 .editor {
  width: 100%;
  height: calc(100vh - 5rem);
  border: 1px solid #ced4da;
  outline: none;
  padding: 5px;
 }
 .toolbox-right {
  margin-left: auto;
  margin-right: 2em;
 }
 .login-btn {
  cursor: pointer;
 }
 .save-btn {
  cursor: pointer;
  -webkit-user-select: none;
  user-select: none;
 }
 .logout-btn {
  cursor: pointer;
  display: flex;
  align-items: center;
 }
 .user-name {
  padding-left: 3px;
 }
 .not-editable {
  font-style: italic;
 }
 .retry-btn {
  cursor: pointer;
 }
@media (min-width: 768px) {
  .path a {
    min-width: 400px;
@@ -215,6 +279,10 @@ body {
    fill: #fff;
  }
  .head {
    background-color: #111;
  }
  .searchbar {
    background-color: #111;
    border-color: #fff6;
@@ -227,4 +295,13 @@ body {
  .path a {
    color: #3191ff;
  }
  .paths-table tbody tr:hover {
    background-color: #1a1a1a;
  }
  .editor {
    background: black;
    color: white;
  }
 }
--- a/assets/index.html
+++ b/assets/index.html
@@ -1,66 +1,129 @@
 <!DOCTYPE html>
-<html>
+<html lang="en-US">
 <head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width" />
-  __SLOT__
+  <link rel="icon" type="image/x-icon" href="__ASSETS_PREFIX__favicon.ico">
  <link rel="stylesheet" href="__ASSETS_PREFIX__index.css">
 </head>
 <body>
  <div class="head">
    <div class="breadcrumb"></div>
    <div class="toolbox">
-      <div>
+      <a href="" class="control download hidden" title="Download file" download="">
-        <a href="?zip" title="Download folder as a .zip file">
+        <svg width="16" height="16" viewBox="0 0 16 16">
-          <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>
+          <path
-        </a>
+            d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z" />
          <path
            d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z" />
        </svg>
      </a>
      <div class="control move-file hidden" title="Move to new path">
        <svg class="icon-move" width="16" height="16" viewBox="0 0 16 16">
          <path fill-rule="evenodd"
            d="M1.5 1.5A.5.5 0 0 0 1 2v4.8a2.5 2.5 0 0 0 2.5 2.5h9.793l-3.347 3.346a.5.5 0 0 0 .708.708l4.2-4.2a.5.5 0 0 0 0-.708l-4-4a.5.5 0 0 0-.708.708L13.293 8.3H3.5A1.5 1.5 0 0 1 2 6.8V2a.5.5 0 0 0-.5-.5z">
          </path>
        </svg>
      </div>
      <div class="control delete-file hidden" title="Delete">
        <svg class="icon-delete" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
          <path
            d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z" />
          <path
            d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z" />
        </svg>
      </div>
      <div class="control upload-file hidden" title="Upload files">
        <label for="file">
-          <svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 1.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1-.708.708L8.5 2.707V11.5a.5.5 0 0 1-1 0V2.707L5.354 4.854a.5.5 0 1 1-.708-.708l3-3z"/></svg>
+          <svg width="16" height="16" viewBox="0 0 16 16">
            <path
              d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z" />
            <path
              d="M7.646 1.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1-.708.708L8.5 2.707V11.5a.5.5 0 0 1-1 0V2.707L5.354 4.854a.5.5 0 1 1-.708-.708l3-3z" />
          </svg>
        </label>
-        <input type="file" id="file" name="file" multiple>
+        <input type="file" id="file" title="Upload files" name="file" multiple>
      </div>
      <div class="control new-folder hidden" title="New folder">
        <svg width="16" height="16" viewBox="0 0 16 16">
-          <path d="m.5 3 .04.87a1.99 1.99 0 0 0-.342 1.311l.637 7A2 2 0 0 0 2.826 14H9v-1H2.826a1 1 0 0 1-.995-.91l-.637-7A1 1 0 0 1 2.19 4h11.62a1 1 0 0 1 .996 1.09L14.54 8h1.005l.256-2.819A2 2 0 0 0 13.81 3H9.828a2 2 0 0 1-1.414-.586l-.828-.828A2 2 0 0 0 6.172 1H2.5a2 2 0 0 0-2 2zm5.672-1a1 1 0 0 1 .707.293L7.586 3H2.19c-.24 0-.47.042-.683.12L1.5 2.98a1 1 0 0 1 1-.98h3.672z"/>
+          <path
-          <path d="M13.5 10a.5.5 0 0 1 .5.5V12h1.5a.5.5 0 1 1 0 1H14v1.5a.5.5 0 1 1-1 0V13h-1.5a.5.5 0 0 1 0-1H13v-1.5a.5.5 0 0 1 .5-.5z"/>
+            d="m.5 3 .04.87a1.99 1.99 0 0 0-.342 1.311l.637 7A2 2 0 0 0 2.826 14H9v-1H2.826a1 1 0 0 1-.995-.91l-.637-7A1 1 0 0 1 2.19 4h11.62a1 1 0 0 1 .996 1.09L14.54 8h1.005l.256-2.819A2 2 0 0 0 13.81 3H9.828a2 2 0 0 1-1.414-.586l-.828-.828A2 2 0 0 0 6.172 1H2.5a2 2 0 0 0-2 2zm5.672-1a1 1 0 0 1 .707.293L7.586 3H2.19c-.24 0-.47.042-.683.12L1.5 2.98a1 1 0 0 1 1-.98h3.672z" />
          <path
            d="M13.5 10a.5.5 0 0 1 .5.5V12h1.5a.5.5 0 1 1 0 1H14v1.5a.5.5 0 1 1-1 0V13h-1.5a.5.5 0 0 1 0-1H13v-1.5a.5.5 0 0 1 .5-.5z" />
        </svg>
      </div>
      <div class="control new-file hidden" title="New File">
        <svg width="16" height="16" viewBox="0 0 16 16">
          <path
            d="M8 6.5a.5.5 0 0 1 .5.5v1.5H10a.5.5 0 0 1 0 1H8.5V11a.5.5 0 0 1-1 0V9.5H6a.5.5 0 0 1 0-1h1.5V7a.5.5 0 0 1 .5-.5z" />
          <path
            d="M14 4.5V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2h5.5L14 4.5zm-3 0A1.5 1.5 0 0 1 9.5 3V1H4a1 1 0 0 0-1 1v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1V4.5h-2z" />
        </svg>
      </div>
    </div>
    <form class="searchbar hidden">
      <div class="icon">
-        <svg width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z"/></svg>
+        <svg width="16" height="16" viewBox="0 0 16 16">
          <path
            d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z" />
        </svg>
      </div>
-      <input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
+      <input id="search" title="Searching for folders or files" name="q" type="text" maxlength="128" autocomplete="off"
        tabindex="1">
      <input type="submit" hidden />
    </form>
    <div class="toolbox-right">
      <div class="login-btn hidden" title="Login">
        <svg width="16" height="16" viewBox="0 0 16 16">
          <path fill-rule="evenodd"
            d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z" />
          <path fill-rule="evenodd"
            d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z" />
        </svg>
      </div>
      <div class="logout-btn hidden" title="Logout">
        <svg width="16" height="16" viewBox="0 0 16 16">
          <path fill-rule="evenodd" d="M10 3.5a.5.5 0 0 0-.5-.5h-8a.5.5 0 0 0-.5.5v9a.5.5 0 0 0 .5.5h8a.5.5 0 0 0 .5-.5v-2a.5.5 0 0 1 1 0v2A1.5 1.5 0 0 1 9.5 14h-8A1.5 1.5 0 0 1 0 12.5v-9A1.5 1.5 0 0 1 1.5 2h8A1.5 1.5 0 0 1 11 3.5v2a.5.5 0 0 1-1 0z"/>
          <path fill-rule="evenodd" d="M4.146 8.354a.5.5 0 0 1 0-.708l3-3a.5.5 0 1 1 .708.708L5.707 7.5H14.5a.5.5 0 0 1 0 1H5.707l2.147 2.146a.5.5 0 0 1-.708.708z"/>
        </svg>
        <span class="user-name"></span>
      </div>
      <div class="save-btn hidden" title="Save file">
        <svg viewBox="0 0 1024 1024" width="24" height="24">
          <path
            d="M426.666667 682.666667v42.666666h170.666666v-42.666666h-170.666666z m-42.666667-85.333334h298.666667v128h42.666666V418.133333L605.866667 298.666667H298.666667v426.666666h42.666666v-128h42.666667z m260.266667-384L810.666667 379.733333V810.666667H213.333333V213.333333h430.933334zM341.333333 341.333333h85.333334v170.666667H341.333333V341.333333z"
            fill="#444444" p-id="8311"></path>
        </svg>
      </div>
    </div>
  </div>
  <div class="main">
-    <div class="empty-folder hidden"></div>
+    <div class="index-page hidden">
-    <table class="uploaders-table hidden">
+      <div class="empty-folder hidden"></div>
-      <thead>
+      <table class="uploaders-table hidden">
-        <tr>
+        <thead>
-          <th class="cell-name" colspan="2">Name</th>
+          <tr>
-          <th class="cell-status">Progress</th>
+            <th class="cell-name" colspan="2">Name</th>
-        </tr>
+            <th class="cell-status">Progress</th>
-      </thead>
+          </tr>
-    </table>
+        </thead>
-    <table class="paths-table hidden">
+      </table>
-      <thead>
+      <table class="paths-table hidden">
-        <tr>
+        <thead>
-          <th class="cell-name" colspan="2">Name</th>
+        </thead>
-          <th class="cell-mtime">Last modified</th>
+        <tbody>
-          <th class="cell-size">Size</th>
+        </tbody>
-          <th class="cell-actions">Actions</th>
+      </table>
-        </tr>
+    </div>
-      </thead>
+    <div class="editor-page hidden">
-      <tbody>
+      <div class="not-editable hidden"></div>
-      </tbody>
+      <textarea id="editor" class="editor hidden" aria-label="Editor" cols="10"></textarea>
-    </table>
+    </div>
  </div>
-  <script>
+  <template id="index-data">__INDEX_DATA__</template>
-    window.addEventListener("DOMContentLoaded", ready);
+  <script src="__ASSETS_PREFIX__index.js"></script>
  </script>
 </body>
 </html>
--- a/assets/index.js
+++ b/assets/index.js
--- a/src/args.rs
+++ b/src/args.rs
@@ -1,19 +1,19 @@
-use clap::{value_parser, AppSettings, Arg, ArgMatches, Command};
+use anyhow::{bail, Context, Result};
 use async_zip::Compression;
 use clap::builder::{PossibleValue, PossibleValuesParser};
 use clap::{value_parser, Arg, ArgAction, ArgMatches, Command, ValueEnum};
 use clap_complete::{generate, Generator, Shell};
-#[cfg(feature = "tls")]
+use serde::{Deserialize, Deserializer};
-use rustls::{Certificate, PrivateKey};
+use smart_default::SmartDefault;
 use std::env;
 use std::net::IpAddr;
 use std::path::{Path, PathBuf};
 use crate::auth::AccessControl;
-use crate::auth::AuthMethod;
+use crate::http_logger::HttpLogger;
 #[cfg(feature = "tls")]
 use crate::tls::{load_certs, load_private_key};
 use crate::utils::encode_uri;
 use crate::BoxResult;
-pub fn build_cli() -> Command<'static> {
+pub fn build_cli() -> Command {
    let app = Command::new(env!("CARGO_CRATE_NAME"))
        .version(env!("CARGO_PKG_VERSION"))
        .author(env!("CARGO_PKG_AUTHORS"))
@@ -22,105 +22,199 @@ pub fn build_cli() -> Command<'static> {
            " - ",
            env!("CARGO_PKG_REPOSITORY")
        ))
-        .global_setting(AppSettings::DeriveDisplayOrder)
+        .arg(
            Arg::new("serve-path")
                .env("DUFS_SERVE_PATH")
 				.hide_env(true)
                .value_parser(value_parser!(PathBuf))
                .help("Specific path to serve [default: .]"),
        )
        .arg(
            Arg::new("config")
                .env("DUFS_CONFIG")
 				.hide_env(true)
                .short('c')
                .long("config")
                .value_parser(value_parser!(PathBuf))
                .help("Specify configuration file")
                .value_name("file"),
        )
        .arg(
            Arg::new("bind")
                .env("DUFS_BIND")
 				.hide_env(true)
                .short('b')
                .long("bind")
-                .help("Specify bind address")
+                .help("Specify bind address or unix socket")
-                .multiple_values(true)
+                .action(ArgAction::Append)
-                .multiple_occurrences(true)
+                .value_delimiter(',')
-                .value_name("addr"),
+                .value_name("addrs"),
        )
        .arg(
            Arg::new("port")
                .env("DUFS_PORT")
 				.hide_env(true)
                .short('p')
                .long("port")
-                .default_value("5000")
+                .value_parser(value_parser!(u16))
-                .help("Specify port to listen on")
+                .help("Specify port to listen on [default: 5000]")
                .value_name("port"),
        )
        .arg(
            Arg::new("path")
                .default_value(".")
                .allow_invalid_utf8(true)
                .help("Specific path to serve"),
        )
        .arg(
            Arg::new("path-prefix")
                .env("DUFS_PATH_PREFIX")
 				.hide_env(true)
                .long("path-prefix")
                .value_name("path")
                .help("Specify a path prefix"),
        )
        .arg(
            Arg::new("hidden")
                .env("DUFS_HIDDEN")
 				.hide_env(true)
                .long("hidden")
-                .help("Hide directories from directory listings, separated by `,`")
+                .action(ArgAction::Append)
                .value_delimiter(',')
                .help("Hide paths from directory listings, e.g. tmp,*.log,*.lock")
                .value_name("value"),
        )
        .arg(
            Arg::new("auth")
                .env("DUFS_AUTH")
 				.hide_env(true)
                .short('a')
                .long("auth")
-                .help("Add auth for path")
+                .help("Add auth roles, e.g. user:pass@/dir1:rw,/dir2")
-                .multiple_values(true)
+                .action(ArgAction::Append)
-                .multiple_occurrences(true)
+                .value_name("rules"),
                .value_name("rule"),
        )
        .arg(
            Arg::new("auth-method")
                .hide(true)
                .env("DUFS_AUTH_METHOD")
 				.hide_env(true)
                .long("auth-method")
                .help("Select auth method")
-                .possible_values(["basic", "digest"])
+                .value_parser(PossibleValuesParser::new(["basic", "digest"]))
                .default_value("digest")
                .value_name("value"),
        )
        .arg(
            Arg::new("allow-all")
                .env("DUFS_ALLOW_ALL")
 				.hide_env(true)
                .short('A')
                .long("allow-all")
                .action(ArgAction::SetTrue)
                .help("Allow all operations"),
        )
        .arg(
            Arg::new("allow-upload")
                .env("DUFS_ALLOW_UPLOAD")
 				.hide_env(true)
                .long("allow-upload")
                .action(ArgAction::SetTrue)
                .help("Allow upload files/folders"),
        )
        .arg(
            Arg::new("allow-delete")
                .env("DUFS_ALLOW_DELETE")
 				.hide_env(true)
                .long("allow-delete")
                .action(ArgAction::SetTrue)
                .help("Allow delete files/folders"),
        )
        .arg(
            Arg::new("allow-search")
                .env("DUFS_ALLOW_SEARCH")
 				.hide_env(true)
                .long("allow-search")
                .action(ArgAction::SetTrue)
                .help("Allow search files/folders"),
        )
        .arg(
            Arg::new("allow-symlink")
                .env("DUFS_ALLOW_SYMLINK")
 				.hide_env(true)
                .long("allow-symlink")
                .action(ArgAction::SetTrue)
                .help("Allow symlink to files/folders outside root directory"),
        )
        .arg(
            Arg::new("allow-archive")
                .env("DUFS_ALLOW_ARCHIVE")
 				.hide_env(true)
                .long("allow-archive")
                .action(ArgAction::SetTrue)
                .help("Allow zip archive generation"),
        )
        .arg(
            Arg::new("enable-cors")
                .env("DUFS_ENABLE_CORS")
 				.hide_env(true)
                .long("enable-cors")
                .action(ArgAction::SetTrue)
                .help("Enable CORS, sets `Access-Control-Allow-Origin: *`"),
        )
        .arg(
            Arg::new("render-index")
                .env("DUFS_RENDER_INDEX")
 				.hide_env(true)
                .long("render-index")
                .action(ArgAction::SetTrue)
                .help("Serve index.html when requesting a directory, returns 404 if not found index.html"),
        )
        .arg(
            Arg::new("render-try-index")
                .env("DUFS_RENDER_TRY_INDEX")
 				.hide_env(true)
                .long("render-try-index")
                .action(ArgAction::SetTrue)
                .help("Serve index.html when requesting a directory, returns directory listing if not found index.html"),
        )
        .arg(
            Arg::new("render-spa")
                .env("DUFS_RENDER_SPA")
 				.hide_env(true)
                .long("render-spa")
                .action(ArgAction::SetTrue)
                .help("Serve SPA(Single Page Application)"),
        )
        .arg(
            Arg::new("assets")
                .env("DUFS_ASSETS")
 				.hide_env(true)
                .long("assets")
                .help("Set the path to the assets directory for overriding the built-in assets")
                .value_parser(value_parser!(PathBuf))
                .value_name("path")
        )
        .arg(
            Arg::new("log-format")
                .env("DUFS_LOG_FORMAT")
                .hide_env(true)
                .long("log-format")
                .value_name("format")
                .help("Customize http log format"),
        )
        .arg(
            Arg::new("log-file")
                .env("DUFS_LOG_FILE")
                .hide_env(true)
                .long("log-file")
                .value_name("file")
                .value_parser(value_parser!(PathBuf))
                .help("Specify the file to save logs to, other than stdout/stderr"),
        )
        .arg(
            Arg::new("compress")
                .env("DUFS_COMPRESS")
                .hide_env(true)
                .value_parser(clap::builder::EnumValueParser::<Compress>::new())
                .long("compress")
                .value_name("level")
                .help("Set zip compress level [default: low]")
        )
        .arg(
            Arg::new("completions")
                .long("completions")
@@ -133,14 +227,20 @@ pub fn build_cli() -> Command<'static> {
    let app = app
        .arg(
            Arg::new("tls-cert")
                .env("DUFS_TLS_CERT")
                .hide_env(true)
                .long("tls-cert")
                .value_name("path")
                .value_parser(value_parser!(PathBuf))
                .help("Path to an SSL/TLS certificate to serve with HTTPS"),
        )
        .arg(
            Arg::new("tls-key")
                .env("DUFS_TLS_KEY")
                .hide_env(true)
                .long("tls-key")
                .value_name("path")
                .value_parser(value_parser!(PathBuf))
                .help("Path to the SSL/TLS certificate's private key"),
        );
@@ -151,132 +251,195 @@ pub fn print_completions<G: Generator>(gen: G, cmd: &mut Command) {
    generate(gen, cmd, cmd.get_name().to_string(), &mut std::io::stdout());
 }
-#[derive(Debug)]
+#[derive(Debug, Deserialize, SmartDefault, PartialEq)]
 #[serde(default)]
 #[serde(rename_all = "kebab-case")]
 pub struct Args {
-    pub addrs: Vec<IpAddr>,
+    #[serde(default = "default_serve_path")]
    #[default(default_serve_path())]
    pub serve_path: PathBuf,
    #[serde(deserialize_with = "deserialize_bind_addrs")]
    #[serde(rename = "bind")]
    #[serde(default = "default_addrs")]
    #[default(default_addrs())]
    pub addrs: Vec<BindAddr>,
    #[serde(default = "default_port")]
    #[default(default_port())]
    pub port: u16,
-    pub path: PathBuf,
+    #[serde(skip)]
    pub path_is_file: bool,
    pub path_prefix: String,
    #[serde(skip)]
    pub uri_prefix: String,
    #[serde(deserialize_with = "deserialize_string_or_vec")]
    pub hidden: Vec<String>,
-    pub auth_method: AuthMethod,
+    #[serde(deserialize_with = "deserialize_access_control")]
    pub auth: AccessControl,
    pub allow_all: bool,
    pub allow_upload: bool,
    pub allow_delete: bool,
    pub allow_search: bool,
    pub allow_symlink: bool,
    pub allow_archive: bool,
    pub render_index: bool,
    pub render_spa: bool,
    pub render_try_index: bool,
    pub enable_cors: bool,
-    #[cfg(feature = "tls")]
+    pub assets: Option<PathBuf>,
-    pub tls: Option<(Vec<Certificate>, PrivateKey)>,
+    #[serde(deserialize_with = "deserialize_log_http")]
-    #[cfg(not(feature = "tls"))]
+    #[serde(rename = "log-format")]
-    pub tls: Option<()>,
+    pub http_logger: HttpLogger,
    pub log_file: Option<PathBuf>,
    pub compress: Compress,
    pub tls_cert: Option<PathBuf>,
    pub tls_key: Option<PathBuf>,
 }
 impl Args {
    /// Parse command-line arguments.
    ///
-    /// If a parsing error ocurred, exit the process and print out informative
+    /// If a parsing error occurred, exit the process and print out informative
    /// error message to user.
-    pub fn parse(matches: ArgMatches) -> BoxResult<Args> {
+    pub fn parse(matches: ArgMatches) -> Result<Args> {
-        let port = matches.value_of_t::<u16>("port")?;
+        let mut args = Self::default();
-        let addrs = matches
+
-            .values_of("bind")
+        if let Some(config_path) = matches.get_one::<PathBuf>("config") {
-            .map(|v| v.collect())
+            let contents = std::fs::read_to_string(config_path)
-            .unwrap_or_else(|| vec!["0.0.0.0", "::"]);
+                .with_context(|| format!("Failed to read config at {}", config_path.display()))?;
-        let addrs: Vec<IpAddr> = Args::parse_addrs(&addrs)?;
+            args = serde_yaml::from_str(&contents)
-        let path = Args::parse_path(matches.value_of_os("path").unwrap_or_default())?;
+                .with_context(|| format!("Failed to load config at {}", config_path.display()))?;
-        let path_is_file = path.metadata()?.is_file();
+        }
-        let path_prefix = matches
+
-            .value_of("path-prefix")
+        if let Some(path) = matches.get_one::<PathBuf>("serve-path") {
-            .map(|v| v.trim_matches('/').to_owned())
+            args.serve_path.clone_from(path)
-            .unwrap_or_default();
+        }
-        let uri_prefix = if path_prefix.is_empty() {
+
        args.serve_path = Self::sanitize_path(args.serve_path)?;
        if let Some(port) = matches.get_one::<u16>("port") {
            args.port = *port
        }
        if let Some(addrs) = matches.get_many::<String>("bind") {
            let addrs: Vec<_> = addrs.map(|v| v.as_str()).collect();
            args.addrs = BindAddr::parse_addrs(&addrs)?;
        }
        args.path_is_file = args.serve_path.metadata()?.is_file();
        if let Some(path_prefix) = matches.get_one::<String>("path-prefix") {
            args.path_prefix.clone_from(path_prefix)
        }
        args.path_prefix = args.path_prefix.trim_matches('/').to_string();
        args.uri_prefix = if args.path_prefix.is_empty() {
            "/".to_owned()
        } else {
-            format!("/{}/", &encode_uri(&path_prefix))
+            format!("/{}/", &encode_uri(&args.path_prefix))
        };
-        let hidden: Vec<String> = matches
+
-            .value_of("hidden")
+        if let Some(hidden) = matches.get_many::<String>("hidden") {
-            .map(|v| v.split(',').map(|x| x.to_string()).collect())
+            args.hidden = hidden.cloned().collect();
-            .unwrap_or_default();
+        } else {
-        let enable_cors = matches.is_present("enable-cors");
+            let mut hidden = vec![];
-        let auth: Vec<&str> = matches
+            std::mem::swap(&mut args.hidden, &mut hidden);
-            .values_of("auth")
+            args.hidden = hidden
-            .map(|v| v.collect())
+                .into_iter()
-            .unwrap_or_default();
+                .flat_map(|v| v.split(',').map(|v| v.to_string()).collect::<Vec<String>>())
-        let auth_method = match matches.value_of("auth-method").unwrap() {
+                .collect();
-            "basic" => AuthMethod::Basic,
+        }
-            _ => AuthMethod::Digest,
+
-        };
+        if !args.enable_cors {
-        let auth = AccessControl::new(&auth, &uri_prefix)?;
+            args.enable_cors = matches.get_flag("enable-cors");
-        let allow_upload = matches.is_present("allow-all") || matches.is_present("allow-upload");
+        }
-        let allow_delete = matches.is_present("allow-all") || matches.is_present("allow-delete");
+
-        let allow_search = matches.is_present("allow-all") || matches.is_present("allow-search");
+        if let Some(rules) = matches.get_many::<String>("auth") {
-        let allow_symlink = matches.is_present("allow-all") || matches.is_present("allow-symlink");
+            let rules: Vec<_> = rules.map(|v| v.as_str()).collect();
-        let render_index = matches.is_present("render-index");
+            args.auth = AccessControl::new(&rules)?;
-        let render_try_index = matches.is_present("render-try-index");
+        }
-        let render_spa = matches.is_present("render-spa");
+
        if !args.allow_all {
            args.allow_all = matches.get_flag("allow-all");
        }
        let allow_all = args.allow_all;
        if !args.allow_upload {
            args.allow_upload = allow_all || matches.get_flag("allow-upload");
        }
        if !args.allow_delete {
            args.allow_delete = allow_all || matches.get_flag("allow-delete");
        }
        if !args.allow_search {
            args.allow_search = allow_all || matches.get_flag("allow-search");
        }
        if !args.allow_symlink {
            args.allow_symlink = allow_all || matches.get_flag("allow-symlink");
        }
        if !args.allow_archive {
            args.allow_archive = allow_all || matches.get_flag("allow-archive");
        }
        if !args.render_index {
            args.render_index = matches.get_flag("render-index");
        }
        if !args.render_try_index {
            args.render_try_index = matches.get_flag("render-try-index");
        }
        if !args.render_spa {
            args.render_spa = matches.get_flag("render-spa");
        }
        if let Some(assets_path) = matches.get_one::<PathBuf>("assets") {
            args.assets = Some(assets_path.clone());
        }
        if let Some(assets_path) = &args.assets {
            args.assets = Some(Args::sanitize_assets_path(assets_path)?);
        }
        if let Some(log_format) = matches.get_one::<String>("log-format") {
            args.http_logger = log_format.parse()?;
        }
        if let Some(log_file) = matches.get_one::<PathBuf>("log-file") {
            args.log_file = Some(log_file.clone());
        }
        if let Some(compress) = matches.get_one::<Compress>("compress") {
            args.compress = *compress;
        }
        #[cfg(feature = "tls")]
-        let tls = match (matches.value_of("tls-cert"), matches.value_of("tls-key")) {
+        {
-            (Some(certs_file), Some(key_file)) => {
+            if let Some(tls_cert) = matches.get_one::<PathBuf>("tls-cert") {
-                let certs = load_certs(certs_file)?;
+                args.tls_cert = Some(tls_cert.clone())
                let key = load_private_key(key_file)?;
                Some((certs, key))
            }
-            _ => None,
+
-        };
+            if let Some(tls_key) = matches.get_one::<PathBuf>("tls-key") {
                args.tls_key = Some(tls_key.clone())
            }
            match (&args.tls_cert, &args.tls_key) {
                (Some(_), Some(_)) => {}
                (Some(_), _) => bail!("No tls-key set"),
                (_, Some(_)) => bail!("No tls-cert set"),
                (None, None) => {}
            }
        }
        #[cfg(not(feature = "tls"))]
-        let tls = None;
+        {
            args.tls_cert = None;
            args.tls_key = None;
        }
-        Ok(Args {
+        Ok(args)
            addrs,
            port,
            path,
            path_is_file,
            path_prefix,
            uri_prefix,
            hidden,
            auth_method,
            auth,
            enable_cors,
            allow_delete,
            allow_upload,
            allow_search,
            allow_symlink,
            render_index,
            render_try_index,
            render_spa,
            tls,
        })
    }
-    fn parse_addrs(addrs: &[&str]) -> BoxResult<Vec<IpAddr>> {
+    fn sanitize_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
        let mut ip_addrs = vec![];
        let mut invalid_addrs = vec![];
        for addr in addrs {
            match addr.parse::<IpAddr>() {
                Ok(v) => {
                    ip_addrs.push(v);
                }
                Err(_) => {
                    invalid_addrs.push(*addr);
                }
            }
        }
        if !invalid_addrs.is_empty() {
            return Err(format!("Invalid bind address `{}`", invalid_addrs.join(",")).into());
        }
        Ok(ip_addrs)
    }
    fn parse_path<P: AsRef<Path>>(path: P) -> BoxResult<PathBuf> {
        let path = path.as_ref();
        if !path.exists() {
-            return Err(format!("Path `{}` doesn't exist", path.display()).into());
+            bail!("Path `{}` doesn't exist", path.display());
        }
        env::current_dir()
@@ -284,6 +447,305 @@ impl Args {
                p.push(path); // If path is absolute, it replaces the current path.
                std::fs::canonicalize(p)
            })
-            .map_err(|err| format!("Failed to access path `{}`: {}", path.display(), err,).into())
+            .with_context(|| format!("Failed to access path `{}`", path.display()))
    }
    fn sanitize_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
        let path = Self::sanitize_path(path)?;
        if !path.join("index.html").exists() {
            bail!("Path `{}` doesn't contains index.html", path.display());
        }
        Ok(path)
    }
 }
 #[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
 pub enum BindAddr {
    IpAddr(IpAddr),
    #[cfg(unix)]
    SocketPath(String),
 }
 impl BindAddr {
    fn parse_addrs(addrs: &[&str]) -> Result<Vec<Self>> {
        let mut bind_addrs = vec![];
        #[cfg(not(unix))]
        let mut invalid_addrs = vec![];
        for addr in addrs {
            match addr.parse::<IpAddr>() {
                Ok(v) => {
                    bind_addrs.push(BindAddr::IpAddr(v));
                }
                Err(_) => {
                    #[cfg(unix)]
                    bind_addrs.push(BindAddr::SocketPath(addr.to_string()));
                    #[cfg(not(unix))]
                    invalid_addrs.push(*addr);
                }
            }
        }
        #[cfg(not(unix))]
        if !invalid_addrs.is_empty() {
            bail!("Invalid bind address `{}`", invalid_addrs.join(","));
        }
        Ok(bind_addrs)
    }
 }
 #[derive(Debug, Clone, Copy, PartialEq, Deserialize)]
 #[serde(rename_all = "lowercase")]
 pub enum Compress {
    None,
    Low,
    Medium,
    High,
 }
 impl Default for Compress {
    fn default() -> Self {
        Self::Low
    }
 }
 impl ValueEnum for Compress {
    fn value_variants<'a>() -> &'a [Self] {
        &[Self::None, Self::Low, Self::Medium, Self::High]
    }
    fn to_possible_value(&self) -> Option<clap::builder::PossibleValue> {
        Some(match self {
            Compress::None => PossibleValue::new("none"),
            Compress::Low => PossibleValue::new("low"),
            Compress::Medium => PossibleValue::new("medium"),
            Compress::High => PossibleValue::new("high"),
        })
    }
 }
 impl Compress {
    pub fn to_compression(self) -> Compression {
        match self {
            Compress::None => Compression::Stored,
            Compress::Low => Compression::Deflate,
            Compress::Medium => Compression::Bz,
            Compress::High => Compression::Xz,
        }
    }
 }
 fn deserialize_bind_addrs<'de, D>(deserializer: D) -> Result<Vec<BindAddr>, D::Error>
 where
    D: Deserializer<'de>,
 {
    struct StringOrVec;
    impl<'de> serde::de::Visitor<'de> for StringOrVec {
        type Value = Vec<BindAddr>;
        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
            formatter.write_str("string or list of strings")
        }
        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
        where
            E: serde::de::Error,
        {
            BindAddr::parse_addrs(&[s]).map_err(serde::de::Error::custom)
        }
        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
        where
            S: serde::de::SeqAccess<'de>,
        {
            let addrs: Vec<&'de str> =
                Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))?;
            BindAddr::parse_addrs(&addrs).map_err(serde::de::Error::custom)
        }
    }
    deserializer.deserialize_any(StringOrVec)
 }
 fn deserialize_string_or_vec<'de, D>(deserializer: D) -> Result<Vec<String>, D::Error>
 where
    D: Deserializer<'de>,
 {
    struct StringOrVec;
    impl<'de> serde::de::Visitor<'de> for StringOrVec {
        type Value = Vec<String>;
        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
            formatter.write_str("string or list of strings")
        }
        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
        where
            E: serde::de::Error,
        {
            Ok(vec![s.to_owned()])
        }
        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
        where
            S: serde::de::SeqAccess<'de>,
        {
            Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))
        }
    }
    deserializer.deserialize_any(StringOrVec)
 }
 fn deserialize_access_control<'de, D>(deserializer: D) -> Result<AccessControl, D::Error>
 where
    D: Deserializer<'de>,
 {
    let rules: Vec<&str> = Vec::deserialize(deserializer)?;
    AccessControl::new(&rules).map_err(serde::de::Error::custom)
 }
 fn deserialize_log_http<'de, D>(deserializer: D) -> Result<HttpLogger, D::Error>
 where
    D: Deserializer<'de>,
 {
    let value: String = Deserialize::deserialize(deserializer)?;
    value.parse().map_err(serde::de::Error::custom)
 }
 fn default_serve_path() -> PathBuf {
    PathBuf::from(".")
 }
 fn default_addrs() -> Vec<BindAddr> {
    BindAddr::parse_addrs(&["0.0.0.0", "::"]).unwrap()
 }
 fn default_port() -> u16 {
    5000
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use assert_fs::prelude::*;
    #[test]
    fn test_default() {
        let cli = build_cli();
        let matches = cli.try_get_matches_from(vec![""]).unwrap();
        let args = Args::parse(matches).unwrap();
        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
        assert_eq!(args.serve_path, cwd);
        assert_eq!(args.port, default_port());
        assert_eq!(args.addrs, default_addrs());
    }
    #[test]
    fn test_args_from_cli1() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec![
                "",
                "--hidden",
                "tmp,*.log,*.lock",
                &tmpdir.to_string_lossy(),
            ])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
    #[test]
    fn test_args_from_cli2() {
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec![
                "", "--hidden", "tmp", "--hidden", "*.log", "--hidden", "*.lock",
            ])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
    #[test]
    fn test_args_from_empty_config_file() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        config_file.write_str("").unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
        assert_eq!(args.serve_path, cwd);
        assert_eq!(args.port, default_port());
        assert_eq!(args.addrs, default_addrs());
    }
    #[test]
    fn test_args_from_config_file1() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        let contents = format!(
            r#"
 serve-path: {}
 bind: 0.0.0.0
 port: 3000
 allow-upload: true
 hidden: tmp,*.log,*.lock
 "#,
            tmpdir.display()
        );
        config_file.write_str(&contents).unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
        assert_eq!(
            args.addrs,
            vec![BindAddr::IpAddr("0.0.0.0".parse().unwrap())]
        );
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
        assert_eq!(args.port, 3000);
        assert!(args.allow_upload);
    }
    #[test]
    fn test_args_from_config_file2() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        let contents = r#"
 bind:
  - 127.0.0.1
  - 192.168.8.10
 hidden:
  - tmp
  - '*.log'
  - '*.lock'
 "#;
        config_file.write_str(contents).unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(
            args.addrs,
            vec![
                BindAddr::IpAddr("127.0.0.1".parse().unwrap()),
                BindAddr::IpAddr("192.168.8.10".parse().unwrap())
            ]
        );
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
 }
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,18 +1,20 @@
 use crate::{args::Args, server::Response, utils::unix_now};
 use anyhow::{anyhow, bail, Result};
 use base64::{engine::general_purpose::STANDARD, Engine as _};
 use headers::HeaderValue;
-use hyper::Method;
+use hyper::{header::WWW_AUTHENTICATE, Method};
 use indexmap::IndexMap;
 use lazy_static::lazy_static;
 use md5::Context;
 use std::{
    collections::HashMap,
-    time::{SystemTime, UNIX_EPOCH},
+    path::{Path, PathBuf},
 };
 use uuid::Uuid;
 use crate::utils::encode_uri;
 use crate::BoxResult;
 const REALM: &str = "DUFS";
-const DIGEST_AUTH_TIMEOUT: u32 = 86400;
+const DIGEST_AUTH_TIMEOUT: u32 = 604800; // 7 days
 lazy_static! {
    static ref NONCESTARTHASH: Context = {
@@ -23,53 +25,74 @@ lazy_static! {
    };
 }
-#[derive(Debug)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct AccessControl {
-    rules: HashMap<String, PathControl>,
+    use_hashed_password: bool,
    users: IndexMap<String, (String, AccessPaths)>,
    anonymous: Option<AccessPaths>,
 }
-#[derive(Debug)]
+impl Default for AccessControl {
-pub struct PathControl {
+    fn default() -> Self {
-    readwrite: Account,
+        AccessControl {
-    readonly: Option<Account>,
+            use_hashed_password: false,
-    share: bool,
+            users: IndexMap::new(),
            anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)),
        }
    }
 }
 impl AccessControl {
-    pub fn new(raw_rules: &[&str], uri_prefix: &str) -> BoxResult<Self> {
+    pub fn new(raw_rules: &[&str]) -> Result<Self> {
        let mut rules = HashMap::default();
        if raw_rules.is_empty() {
-            return Ok(Self { rules });
+            return Ok(Default::default());
        }
-        for rule in raw_rules {
+        let new_raw_rules = split_rules(raw_rules);
-            let parts: Vec<&str> = rule.split('@').collect();
+        let mut use_hashed_password = false;
-            let create_err = || format!("Invalid auth `{}`", rule).into();
+        let mut annoy_paths = None;
-            match parts.as_slice() {
+        let mut account_paths_pairs = vec![];
-                [path, readwrite] => {
+        for rule in &new_raw_rules {
-                    let control = PathControl {
+            let (account, paths) =
-                        readwrite: Account::new(readwrite).ok_or_else(create_err)?,
+                split_account_paths(rule).ok_or_else(|| anyhow!("Invalid auth `{rule}`"))?;
-                        readonly: None,
+            if account.is_empty() {
-                        share: false,
+                if annoy_paths.is_some() {
-                    };
+                    bail!("Invalid auth, no duplicate anonymous rules");
                    rules.insert(sanitize_path(path, uri_prefix), control);
                }
-                [path, readwrite, readonly] => {
+                annoy_paths = Some(paths)
-                    let (readonly, share) = if *readonly == "*" {
+            } else if let Some((user, pass)) = account.split_once(':') {
-                        (None, true)
+                if user.is_empty() || pass.is_empty() {
-                    } else {
+                    bail!("Invalid auth `{rule}`");
                        (Some(Account::new(readonly).ok_or_else(create_err)?), false)
                    };
                    let control = PathControl {
                        readwrite: Account::new(readwrite).ok_or_else(create_err)?,
                        readonly,
                        share,
                    };
                    rules.insert(sanitize_path(path, uri_prefix), control);
                }
-                _ => return Err(create_err()),
+                account_paths_pairs.push((user, pass, paths));
            }
        }
-        Ok(Self { rules })
+        let mut anonymous = None;
        if let Some(paths) = annoy_paths {
            let mut access_paths = AccessPaths::default();
            access_paths.merge(paths);
            anonymous = Some(access_paths);
        }
        let mut users = IndexMap::new();
        for (user, pass, paths) in account_paths_pairs.into_iter() {
            let mut access_paths = anonymous.clone().unwrap_or_default();
            access_paths
                .merge(paths)
                .ok_or_else(|| anyhow!("Invalid auth `{user}:{pass}@{paths}"))?;
            if pass.starts_with("$6$") {
                use_hashed_password = true;
            }
            users.insert(user.to_string(), (pass.to_string(), access_paths));
        }
        Ok(Self {
            use_hashed_password,
            users,
            anonymous,
        })
    }
    pub fn exist(&self) -> bool {
        !self.users.is_empty()
    }
    pub fn guard(
@@ -77,239 +100,314 @@ impl AccessControl {
        path: &str,
        method: &Method,
        authorization: Option<&HeaderValue>,
-        auth_method: AuthMethod,
+        guard_options: bool,
-    ) -> GuardType {
+    ) -> (Option<String>, Option<AccessPaths>) {
-        if self.rules.is_empty() {
+        if let Some(authorization) = authorization {
-            return GuardType::ReadWrite;
+            if let Some(user) = get_auth_user(authorization) {
-        }
+                if let Some((pass, paths)) = self.users.get(&user) {
-        let mut controls = vec![];
+                    if method == Method::OPTIONS {
-        for path in walk_path(path) {
+                        return (Some(user), Some(AccessPaths::new(AccessPerm::ReadOnly)));
-            if let Some(control) = self.rules.get(path) {
+                    }
-                controls.push(control);
+                    if check_auth(authorization, method.as_str(), &user, pass).is_some() {
-                if let Some(authorization) = authorization {
+                        return (Some(user), paths.find(path, !is_readonly_method(method)));
                    let Account { user, pass } = &control.readwrite;
                    if auth_method
                        .validate(authorization, method.as_str(), user, pass)
                        .is_some()
                    {
                        return GuardType::ReadWrite;
                    }
                }
            }
            return (None, None);
        }
-        if is_readonly_method(method) {
+
-            for control in controls.into_iter() {
+        if !guard_options && method == Method::OPTIONS {
-                if control.share {
+            return (None, Some(AccessPaths::new(AccessPerm::ReadOnly)));
                    return GuardType::ReadOnly;
                }
                if let Some(authorization) = authorization {
                    if let Some(Account { user, pass }) = &control.readonly {
                        if auth_method
                            .validate(authorization, method.as_str(), user, pass)
                            .is_some()
                        {
                            return GuardType::ReadOnly;
                        }
                    }
                }
            }
        }
-        GuardType::Reject
+
        if let Some(paths) = self.anonymous.as_ref() {
            return (None, paths.find(path, !is_readonly_method(method)));
        }
        (None, None)
    }
 }
-#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
+#[derive(Debug, Default, Clone, PartialEq, Eq)]
-pub enum GuardType {
+pub struct AccessPaths {
-    Reject,
+    perm: AccessPerm,
-    ReadWrite,
+    children: IndexMap<String, AccessPaths>,
    ReadOnly,
 }
-impl GuardType {
+impl AccessPaths {
-    pub fn is_reject(&self) -> bool {
+    pub fn new(perm: AccessPerm) -> Self {
-        *self == GuardType::Reject
+        Self {
            perm,
            ..Default::default()
        }
    }
 }
-fn sanitize_path(path: &str, uri_prefix: &str) -> String {
+    pub fn perm(&self) -> AccessPerm {
-    encode_uri(&format!("{}{}", uri_prefix, path.trim_matches('/')))
+        self.perm
-}
+    }
-fn walk_path(path: &str) -> impl Iterator<Item = &str> {
+    pub fn set_perm(&mut self, perm: AccessPerm) {
-    let mut idx = 0;
+        if !perm.indexonly() {
-    path.split('/').enumerate().map(move |(i, part)| {
+            self.perm = perm;
-        let end = if i == 0 { 1 } else { idx + part.len() + i };
+        }
-        let value = &path[..end];
+    }
        idx += part.len();
        value
    })
 }
-fn is_readonly_method(method: &Method) -> bool {
+    pub fn merge(&mut self, paths: &str) -> Option<()> {
-    method == Method::GET
+        for item in paths.trim_matches(',').split(',') {
-        || method == Method::OPTIONS
+            let (path, perm) = match item.split_once(':') {
-        || method == Method::HEAD
+                None => (item, AccessPerm::ReadOnly),
-        || method.as_str() == "PROPFIND"
+                Some((path, "ro")) => (path, AccessPerm::ReadOnly),
-}
+                Some((path, "rw")) => (path, AccessPerm::ReadWrite),
                _ => return None,
            };
            self.add(path, perm);
        }
        Some(())
    }
-#[derive(Debug, Clone)]
+    fn add(&mut self, path: &str, perm: AccessPerm) {
-struct Account {
+        let path = path.trim_matches('/');
-    user: String,
+        if path.is_empty() {
-    pass: String,
+            self.set_perm(perm);
-}
+        } else {
            let parts: Vec<&str> = path.split('/').collect();
            self.add_impl(&parts, perm);
        }
    }
-impl Account {
+    fn add_impl(&mut self, parts: &[&str], perm: AccessPerm) {
-    fn new(data: &str) -> Option<Self> {
+        let parts_len = parts.len();
-        let p: Vec<&str> = data.trim().split(':').collect();
+        if parts_len == 0 {
-        if p.len() != 2 {
+            self.set_perm(perm);
            return;
        }
        let child = self.children.entry(parts[0].to_string()).or_default();
        child.add_impl(&parts[1..], perm)
    }
    pub fn find(&self, path: &str, writable: bool) -> Option<AccessPaths> {
        let parts: Vec<&str> = path
            .trim_matches('/')
            .split('/')
            .filter(|v| !v.is_empty())
            .collect();
        let target = self.find_impl(&parts, self.perm)?;
        if writable && !target.perm().readwrite() {
            return None;
        }
-        let user = p[0];
+        Some(target)
        let pass = p[1];
        let mut h = Context::new();
        h.consume(format!("{}:{}:{}", user, REALM, pass).as_bytes());
        Some(Account {
            user: user.to_owned(),
            pass: format!("{:x}", h.compute()),
        })
    }
 }
-#[derive(Debug, Clone)]
+    fn find_impl(&self, parts: &[&str], perm: AccessPerm) -> Option<AccessPaths> {
-pub enum AuthMethod {
+        let perm = if !self.perm.indexonly() {
-    Basic,
+            self.perm
-    Digest,
+        } else {
-}
+            perm
-
+        };
-impl AuthMethod {
+        if parts.is_empty() {
-    pub fn www_auth(&self, stale: bool) -> String {
+            if perm.indexonly() {
-        match self {
+                return Some(self.clone());
-            AuthMethod::Basic => {
+            } else {
-                format!("Basic realm=\"{}\"", REALM)
+                return Some(AccessPaths::new(perm));
            }
            AuthMethod::Digest => {
                let str_stale = if stale { "stale=true," } else { "" };
                format!(
                    "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\"",
                    REALM,
                    create_nonce(),
                    str_stale
                )
            }
        }
-    }
+        let child = match self.children.get(parts[0]) {
-    pub fn validate(
+            Some(v) => v,
-        &self,
+            None => {
-        authorization: &HeaderValue,
+                if perm.indexonly() {
        method: &str,
        auth_user: &str,
        auth_pass: &str,
    ) -> Option<()> {
        match self {
            AuthMethod::Basic => {
                let value: Vec<u8> =
                    base64::decode(strip_prefix(authorization.as_bytes(), b"Basic ").unwrap())
                        .unwrap();
                let parts: Vec<&str> = std::str::from_utf8(&value).unwrap().split(':').collect();
                if parts[0] != auth_user {
                    return None;
                } else {
                    return Some(AccessPaths::new(perm));
                }
                let mut h = Context::new();
                h.consume(format!("{}:{}:{}", parts[0], REALM, parts[1]).as_bytes());
                let http_pass = format!("{:x}", h.compute());
                if http_pass == auth_pass {
                    return Some(());
                }
                None
            }
-            AuthMethod::Digest => {
+        };
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
+        child.find_impl(&parts[1..], perm)
-                let user_vals = to_headermap(digest_value).ok()?;
+    }
-                if let (Some(username), Some(nonce), Some(user_response)) = (
+
-                    user_vals
+    pub fn child_names(&self) -> Vec<&String> {
-                        .get(b"username".as_ref())
+        self.children.keys().collect()
-                        .and_then(|b| std::str::from_utf8(*b).ok()),
+    }
-                    user_vals.get(b"nonce".as_ref()),
+
-                    user_vals.get(b"response".as_ref()),
+    pub fn child_paths(&self, base: &Path) -> Vec<PathBuf> {
-                ) {
+        if !self.perm().indexonly() {
-                    match validate_nonce(nonce) {
+            return vec![base.to_path_buf()];
-                        Ok(true) => {}
+        }
-                        _ => return None,
+        let mut output = vec![];
-                    }
+        self.child_paths_impl(&mut output, base);
-                    if auth_user != username {
+        output
-                        return None;
+    }
-                    }
+
-                    let mut ha = Context::new();
+    fn child_paths_impl(&self, output: &mut Vec<PathBuf>, base: &Path) {
-                    ha.consume(method);
+        for (name, child) in self.children.iter() {
-                    ha.consume(b":");
+            let base = base.join(name);
-                    if let Some(uri) = user_vals.get(b"uri".as_ref()) {
+            if child.perm().indexonly() {
-                        ha.consume(uri);
+                child.child_paths_impl(output, &base);
-                    }
+            } else {
-                    let ha = format!("{:x}", ha.compute());
+                output.push(base)
                    let mut correct_response = None;
                    if let Some(qop) = user_vals.get(b"qop".as_ref()) {
                        if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
                            correct_response = Some({
                                let mut c = Context::new();
                                c.consume(&auth_pass);
                                c.consume(b":");
                                c.consume(nonce);
                                c.consume(b":");
                                if let Some(nc) = user_vals.get(b"nc".as_ref()) {
                                    c.consume(nc);
                                }
                                c.consume(b":");
                                if let Some(cnonce) = user_vals.get(b"cnonce".as_ref()) {
                                    c.consume(cnonce);
                                }
                                c.consume(b":");
                                c.consume(qop);
                                c.consume(b":");
                                c.consume(&*ha);
                                format!("{:x}", c.compute())
                            });
                        }
                    }
                    let correct_response = match correct_response {
                        Some(r) => r,
                        None => {
                            let mut c = Context::new();
                            c.consume(&auth_pass);
                            c.consume(b":");
                            c.consume(nonce);
                            c.consume(b":");
                            c.consume(&*ha);
                            format!("{:x}", c.compute())
                        }
                    };
                    if correct_response.as_bytes() == *user_response {
                        // grant access
                        return Some(());
                    }
                }
                None
            }
        }
    }
 }
 #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Default)]
 pub enum AccessPerm {
    #[default]
    IndexOnly,
    ReadOnly,
    ReadWrite,
 }
 impl AccessPerm {
    pub fn indexonly(&self) -> bool {
        self == &AccessPerm::IndexOnly
    }
    pub fn readwrite(&self) -> bool {
        self == &AccessPerm::ReadWrite
    }
 }
 pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> {
    if args.auth.use_hashed_password {
        let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
        res.headers_mut().insert(WWW_AUTHENTICATE, basic);
    } else {
        let nonce = create_nonce()?;
        let digest = HeaderValue::from_str(&format!(
            "Digest realm=\"{}\", nonce=\"{}\", qop=\"auth\"",
            REALM, nonce
        ))?;
        let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
        res.headers_mut().append(WWW_AUTHENTICATE, digest);
        res.headers_mut().append(WWW_AUTHENTICATE, basic);
    }
    Ok(())
 }
 pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> {
    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
        let value: Vec<u8> = STANDARD.decode(value).ok()?;
        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
        Some(parts[0].to_string())
    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
        let digest_map = to_headermap(value).ok()?;
        let username = digest_map.get(b"username".as_ref())?;
        std::str::from_utf8(username).map(|v| v.to_string()).ok()
    } else {
        None
    }
 }
 pub fn check_auth(
    authorization: &HeaderValue,
    method: &str,
    auth_user: &str,
    auth_pass: &str,
 ) -> Option<()> {
    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
        let value: Vec<u8> = STANDARD.decode(value).ok()?;
        let (user, pass) = std::str::from_utf8(&value).ok()?.split_once(':')?;
        if user != auth_user {
            return None;
        }
        if auth_pass.starts_with("$6$") {
            if let Ok(()) = sha_crypt::sha512_check(pass, auth_pass) {
                return Some(());
            }
        } else if pass == auth_pass {
            return Some(());
        }
        None
    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
        let digest_map = to_headermap(value).ok()?;
        if let (Some(username), Some(nonce), Some(user_response)) = (
            digest_map
                .get(b"username".as_ref())
                .and_then(|b| std::str::from_utf8(b).ok()),
            digest_map.get(b"nonce".as_ref()),
            digest_map.get(b"response".as_ref()),
        ) {
            match validate_nonce(nonce) {
                Ok(true) => {}
                _ => return None,
            }
            if auth_user != username {
                return None;
            }
            let mut h = Context::new();
            h.consume(format!("{}:{}:{}", auth_user, REALM, auth_pass).as_bytes());
            let auth_pass = format!("{:x}", h.compute());
            let mut ha = Context::new();
            ha.consume(method);
            ha.consume(b":");
            if let Some(uri) = digest_map.get(b"uri".as_ref()) {
                ha.consume(uri);
            }
            let ha = format!("{:x}", ha.compute());
            let mut correct_response = None;
            if let Some(qop) = digest_map.get(b"qop".as_ref()) {
                if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
                    correct_response = Some({
                        let mut c = Context::new();
                        c.consume(&auth_pass);
                        c.consume(b":");
                        c.consume(nonce);
                        c.consume(b":");
                        if let Some(nc) = digest_map.get(b"nc".as_ref()) {
                            c.consume(nc);
                        }
                        c.consume(b":");
                        if let Some(cnonce) = digest_map.get(b"cnonce".as_ref()) {
                            c.consume(cnonce);
                        }
                        c.consume(b":");
                        c.consume(qop);
                        c.consume(b":");
                        c.consume(&*ha);
                        format!("{:x}", c.compute())
                    });
                }
            }
            let correct_response = match correct_response {
                Some(r) => r,
                None => {
                    let mut c = Context::new();
                    c.consume(&auth_pass);
                    c.consume(b":");
                    c.consume(nonce);
                    c.consume(b":");
                    c.consume(&*ha);
                    format!("{:x}", c.compute())
                }
            };
            if correct_response.as_bytes() == *user_response {
                return Some(());
            }
        }
        None
    } else {
        None
    }
 }
 /// Check if a nonce is still valid.
 /// Return an error if it was never valid
-fn validate_nonce(nonce: &[u8]) -> Result<bool, ()> {
+fn validate_nonce(nonce: &[u8]) -> Result<bool> {
    if nonce.len() != 34 {
-        return Err(());
+        bail!("invalid nonce");
    }
    //parse hex
    if let Ok(n) = std::str::from_utf8(nonce) {
        //get time
        if let Ok(secs_nonce) = u32::from_str_radix(&n[..8], 16) {
            //check time
-            let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+            let now = unix_now()?;
            let secs_now = now.as_secs() as u32;
            if let Some(dur) = secs_now.checked_sub(secs_nonce) {
@@ -323,7 +421,16 @@ fn validate_nonce(nonce: &[u8]) -> Result<bool, ()> {
            }
        }
    }
-    Err(())
+    bail!("invalid nonce");
 }
 fn is_readonly_method(method: &Method) -> bool {
    method == Method::GET
        || method == Method::OPTIONS
        || method == Method::HEAD
        || method.as_str() == "PROPFIND"
        || method.as_str() == "CHECKAUTH"
        || method.as_str() == "LOGOUT"
 }
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
@@ -340,12 +447,12 @@ fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
 fn to_headermap(header: &[u8]) -> Result<HashMap<&[u8], &[u8]>, ()> {
    let mut sep = Vec::new();
-    let mut asign = Vec::new();
+    let mut assign = Vec::new();
    let mut i: usize = 0;
    let mut esc = false;
    for c in header {
        match (c, esc) {
-            (b'=', false) => asign.push(i),
+            (b'=', false) => assign.push(i),
            (b',', false) => sep.push(i),
            (b'"', false) => esc = true,
            (b'"', true) => esc = false,
@@ -353,16 +460,16 @@ fn to_headermap(header: &[u8]) -> Result<HashMap<&[u8], &[u8]>, ()> {
        }
        i += 1;
    }
-    sep.push(i); // same len for both Vecs
+    sep.push(i);
    i = 0;
    let mut ret = HashMap::new();
-    for (&k, &a) in sep.iter().zip(asign.iter()) {
+    for (&k, &a) in sep.iter().zip(assign.iter()) {
        while header[i] == b' ' {
            i += 1;
        }
        if a <= i || k <= 1 + a {
-            //keys and vals must contain one char
+            //keys and values must contain one char
            return Err(());
        }
        let key = &header[i..a];
@@ -379,12 +486,133 @@ fn to_headermap(header: &[u8]) -> Result<HashMap<&[u8], &[u8]>, ()> {
    Ok(ret)
 }
-fn create_nonce() -> String {
+fn create_nonce() -> Result<String> {
-    let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
+    let now = unix_now()?;
    let secs = now.as_secs() as u32;
    let mut h = NONCESTARTHASH.clone();
    h.consume(secs.to_be_bytes());
    let n = format!("{:08x}{:032x}", secs, h.compute());
-    n[..34].to_string()
+    Ok(n[..34].to_string())
 }
 fn split_account_paths(s: &str) -> Option<(&str, &str)> {
    let i = s.find("@/")?;
    Some((&s[0..i], &s[i + 1..]))
 }
 fn split_rules(rules: &[&str]) -> Vec<String> {
    let mut output = vec![];
    for rule in rules {
        let parts: Vec<&str> = rule.split('|').collect();
        let mut rules_list = vec![];
        let mut concated_part = String::new();
        for (i, part) in parts.iter().enumerate() {
            if part.contains("@/") {
                concated_part.push_str(part);
                let mut concated_part_tmp = String::new();
                std::mem::swap(&mut concated_part_tmp, &mut concated_part);
                rules_list.push(concated_part_tmp);
                continue;
            }
            concated_part.push_str(part);
            if i < parts.len() - 1 {
                concated_part.push('|');
            }
        }
        if !concated_part.is_empty() {
            rules_list.push(concated_part)
        }
        output.extend(rules_list);
    }
    output
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_split_account_paths() {
        assert_eq!(
            split_account_paths("user:pass@/:rw"),
            Some(("user:pass", "/:rw"))
        );
        assert_eq!(
            split_account_paths("user:pass@@/:rw"),
            Some(("user:pass@", "/:rw"))
        );
        assert_eq!(
            split_account_paths("user:pass@1@/:rw"),
            Some(("user:pass@1", "/:rw"))
        );
    }
    #[test]
    fn test_compact_split_rules() {
        assert_eq!(
            split_rules(&["user1:pass1@/:rw|user2:pass2@/:rw"]),
            ["user1:pass1@/:rw", "user2:pass2@/:rw"]
        );
        assert_eq!(
            split_rules(&["user1:pa|ss1@/:rw|user2:pa|ss2@/:rw"]),
            ["user1:pa|ss1@/:rw", "user2:pa|ss2@/:rw"]
        );
        assert_eq!(
            split_rules(&["user1:pa|ss1@/:rw|@/"]),
            ["user1:pa|ss1@/:rw", "@/"]
        );
    }
    #[test]
    fn test_access_paths() {
        let mut paths = AccessPaths::default();
        paths.add("/dir1", AccessPerm::ReadWrite);
        paths.add("/dir2/dir21", AccessPerm::ReadWrite);
        paths.add("/dir2/dir21/dir211", AccessPerm::ReadOnly);
        paths.add("/dir2/dir22", AccessPerm::ReadOnly);
        paths.add("/dir2/dir22/dir221", AccessPerm::ReadWrite);
        paths.add("/dir2/dir23/dir231", AccessPerm::ReadWrite);
        assert_eq!(
            paths.child_paths(Path::new("/tmp")),
            [
                "/tmp/dir1",
                "/tmp/dir2/dir21",
                "/tmp/dir2/dir22",
                "/tmp/dir2/dir23/dir231",
            ]
            .iter()
            .map(PathBuf::from)
            .collect::<Vec<_>>()
        );
        assert_eq!(
            paths
                .find("dir2", false)
                .map(|v| v.child_paths(Path::new("/tmp/dir2"))),
            Some(
                [
                    "/tmp/dir2/dir21",
                    "/tmp/dir2/dir22",
                    "/tmp/dir2/dir23/dir231"
                ]
                .iter()
                .map(PathBuf::from)
                .collect::<Vec<_>>()
            )
        );
        assert_eq!(paths.find("dir2", true), None);
        assert_eq!(
            paths.find("dir1/file", true),
            Some(AccessPaths::new(AccessPerm::ReadWrite))
        );
        assert_eq!(
            paths.find("dir2/dir21/file", true),
            Some(AccessPaths::new(AccessPerm::ReadWrite))
        );
        assert_eq!(
            paths.find("dir2/dir21/dir211/file", false),
            Some(AccessPaths::new(AccessPerm::ReadOnly))
        );
        assert_eq!(paths.find("dir2/dir21/dir211/file", true), None);
    }
 }
--- a/src/http_logger.rs
+++ b/src/http_logger.rs
@@ -0,0 +1,103 @@
 use std::{collections::HashMap, str::FromStr};
 use crate::{auth::get_auth_user, server::Request};
 pub const DEFAULT_LOG_FORMAT: &str = r#"$remote_addr "$request" $status"#;
 #[derive(Debug, Clone, PartialEq)]
 pub struct HttpLogger {
    elements: Vec<LogElement>,
 }
 impl Default for HttpLogger {
    fn default() -> Self {
        DEFAULT_LOG_FORMAT.parse().unwrap()
    }
 }
 #[derive(Debug, Clone, PartialEq)]
 enum LogElement {
    Variable(String),
    Header(String),
    Literal(String),
 }
 impl HttpLogger {
    pub fn data(&self, req: &Request) -> HashMap<String, String> {
        let mut data = HashMap::default();
        for element in self.elements.iter() {
            match element {
                LogElement::Variable(name) => match name.as_str() {
                    "request" => {
                        data.insert(name.to_string(), format!("{} {}", req.method(), req.uri()));
                    }
                    "remote_user" => {
                        if let Some(user) =
                            req.headers().get("authorization").and_then(get_auth_user)
                        {
                            data.insert(name.to_string(), user);
                        }
                    }
                    _ => {}
                },
                LogElement::Header(name) => {
                    if let Some(value) = req.headers().get(name).and_then(|v| v.to_str().ok()) {
                        data.insert(name.to_string(), value.to_string());
                    }
                }
                LogElement::Literal(_) => {}
            }
        }
        data
    }
    pub fn log(&self, data: &HashMap<String, String>, err: Option<String>) {
        if self.elements.is_empty() {
            return;
        }
        let mut output = String::new();
        for element in self.elements.iter() {
            match element {
                LogElement::Literal(value) => output.push_str(value.as_str()),
                LogElement::Header(name) | LogElement::Variable(name) => {
                    output.push_str(data.get(name).map(|v| v.as_str()).unwrap_or("-"))
                }
            }
        }
        match err {
            Some(err) => error!("{} {}", output, err),
            None => info!("{}", output),
        }
    }
 }
 impl FromStr for HttpLogger {
    type Err = anyhow::Error;
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        let mut elements = vec![];
        let mut is_var = false;
        let mut cache = String::new();
        for c in format!("{s} ").chars() {
            if c == '$' {
                if !cache.is_empty() {
                    elements.push(LogElement::Literal(cache.to_string()));
                }
                cache.clear();
                is_var = true;
            } else if is_var && !(c.is_alphanumeric() || c == '_') {
                if let Some(value) = cache.strip_prefix("$http_") {
                    elements.push(LogElement::Header(value.replace('_', "-").to_string()));
                } else if let Some(value) = cache.strip_prefix('$') {
                    elements.push(LogElement::Variable(value.to_string()));
                }
                cache.clear();
                is_var = false;
            }
            cache.push(c);
        }
        let cache = cache.trim();
        if !cache.is_empty() {
            elements.push(LogElement::Literal(cache.to_string()));
        }
        Ok(Self { elements })
    }
 }
--- a/src/http_utils.rs
+++ b/src/http_utils.rs
@@ -0,0 +1,105 @@
 use bytes::{Bytes, BytesMut};
 use futures_util::Stream;
 use http_body_util::{combinators::BoxBody, BodyExt, Full};
 use hyper::body::{Body, Incoming};
 use std::{
    pin::Pin,
    task::{Context, Poll},
 };
 use tokio::io::AsyncRead;
 use tokio_util::io::poll_read_buf;
 #[derive(Debug)]
 pub struct IncomingStream {
    inner: Incoming,
 }
 impl IncomingStream {
    pub fn new(inner: Incoming) -> Self {
        Self { inner }
    }
 }
 impl Stream for IncomingStream {
    type Item = Result<Bytes, anyhow::Error>;
    #[inline]
    fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
        loop {
            match futures_util::ready!(Pin::new(&mut self.inner).poll_frame(cx)?) {
                Some(frame) => match frame.into_data() {
                    Ok(data) => return Poll::Ready(Some(Ok(data))),
                    Err(_frame) => {}
                },
                None => return Poll::Ready(None),
            }
        }
    }
 }
 pin_project_lite::pin_project! {
    pub struct LengthLimitedStream<R> {
        #[pin]
        reader: Option<R>,
        remaining: usize,
        buf: BytesMut,
        capacity: usize,
    }
 }
 impl<R> LengthLimitedStream<R> {
    pub fn new(reader: R, limit: usize) -> Self {
        Self {
            reader: Some(reader),
            remaining: limit,
            buf: BytesMut::new(),
            capacity: 4096,
        }
    }
 }
 impl<R: AsyncRead> Stream for LengthLimitedStream<R> {
    type Item = std::io::Result<Bytes>;
    fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
        let mut this = self.as_mut().project();
        if *this.remaining == 0 {
            self.project().reader.set(None);
            return Poll::Ready(None);
        }
        let reader = match this.reader.as_pin_mut() {
            Some(r) => r,
            None => return Poll::Ready(None),
        };
        if this.buf.capacity() == 0 {
            this.buf.reserve(*this.capacity);
        }
        match poll_read_buf(reader, cx, &mut this.buf) {
            Poll::Pending => Poll::Pending,
            Poll::Ready(Err(err)) => {
                self.project().reader.set(None);
                Poll::Ready(Some(Err(err)))
            }
            Poll::Ready(Ok(0)) => {
                self.project().reader.set(None);
                Poll::Ready(None)
            }
            Poll::Ready(Ok(_)) => {
                let mut chunk = this.buf.split();
                let chunk_size = (*this.remaining).min(chunk.len());
                chunk.truncate(chunk_size);
                *this.remaining -= chunk_size;
                Poll::Ready(Some(Ok(chunk.freeze())))
            }
        }
    }
 }
 pub fn body_full(content: impl Into<hyper::body::Bytes>) -> BoxBody<Bytes, anyhow::Error> {
    Full::new(content.into())
        .map_err(anyhow::Error::new)
        .boxed()
 }
--- a/src/logger.rs
+++ b/src/logger.rs
@@ -1,8 +1,14 @@
 use anyhow::{Context, Result};
 use chrono::{Local, SecondsFormat};
-use log::{Level, Metadata, Record};
+use log::{Level, LevelFilter, Metadata, Record};
-use log::{LevelFilter, SetLoggerError};
+use std::fs::{File, OpenOptions};
 use std::io::Write;
 use std::path::PathBuf;
 use std::sync::Mutex;
-struct SimpleLogger;
+struct SimpleLogger {
    file: Option<Mutex<File>>,
 }
 impl log::Log for SimpleLogger {
    fn enabled(&self, metadata: &Metadata) -> bool {
@@ -12,10 +18,20 @@ impl log::Log for SimpleLogger {
    fn log(&self, record: &Record) {
        if self.enabled(record.metadata()) {
            let timestamp = Local::now().to_rfc3339_opts(SecondsFormat::Secs, true);
-            if record.level() < Level::Info {
+            let text = format!("{} {} - {}", timestamp, record.level(), record.args());
-                eprintln!("{} {} - {}", timestamp, record.level(), record.args());
+            match &self.file {
-            } else {
+                Some(file) => {
-                println!("{} {} - {}", timestamp, record.level(), record.args());
+                    if let Ok(mut file) = file.lock() {
                        let _ = writeln!(file, "{text}");
                    }
                }
                None => {
                    if record.level() < Level::Info {
                        eprintln!("{text}");
                    } else {
                        println!("{text}");
                    }
                }
            }
        }
    }
@@ -23,8 +39,23 @@ impl log::Log for SimpleLogger {
    fn flush(&self) {}
 }
-static LOGGER: SimpleLogger = SimpleLogger;
+pub fn init(log_file: Option<PathBuf>) -> Result<()> {
-
+    let file = match log_file {
-pub fn init() -> Result<(), SetLoggerError> {
+        None => None,
-    log::set_logger(&LOGGER).map(|()| log::set_max_level(LevelFilter::Info))
+        Some(log_file) => {
            let file = OpenOptions::new()
                .create(true)
                .append(true)
                .open(&log_file)
                .with_context(|| {
                    format!("Failed to open the log file at '{}'", log_file.display())
                })?;
            Some(Mutex::new(file))
        }
    };
    let logger = SimpleLogger { file };
    log::set_boxed_logger(Box::new(logger))
        .map(|_| log::set_max_level(LevelFilter::Info))
        .with_context(|| "Failed to init logger")?;
    Ok(())
 }
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,43 +1,42 @@
 mod args;
 mod auth;
 mod http_logger;
 mod http_utils;
 mod logger;
 mod server;
 mod streamer;
 #[cfg(feature = "tls")]
 mod tls;
 mod utils;
 #[macro_use]
 extern crate log;
 use crate::args::{build_cli, print_completions, Args};
-use crate::server::{Request, Server};
+use crate::server::Server;
 #[cfg(feature = "tls")]
-use crate::tls::{TlsAcceptor, TlsStream};
+use crate::utils::{load_certs, load_private_key};
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::Arc;
 use anyhow::{anyhow, Context, Result};
 use args::BindAddr;
 use clap_complete::Shell;
-use futures::future::join_all;
+use futures_util::future::join_all;
 use tokio::net::TcpListener;
 use tokio::task::JoinHandle;
-use hyper::server::conn::{AddrIncoming, AddrStream};
+use hyper::{body::Incoming, service::service_fn, Request};
-use hyper::service::{make_service_fn, service_fn};
+use hyper_util::{
    rt::{TokioExecutor, TokioIo},
    server::conn::auto::Builder,
 };
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
 use std::sync::{
    atomic::{AtomicBool, Ordering},
    Arc,
 };
 use std::time::Duration;
 use tokio::time::timeout;
 use tokio::{net::TcpListener, task::JoinHandle};
 #[cfg(feature = "tls")]
-use rustls::ServerConfig;
+use tokio_rustls::{rustls::ServerConfig, TlsAcceptor};
 pub type BoxResult<T> = Result<T, Box<dyn std::error::Error>>;
 #[tokio::main]
-async fn main() {
+async fn main() -> Result<()> {
    run().await.unwrap_or_else(handle_err)
 }
 async fn run() -> BoxResult<()> {
    logger::init().map_err(|e| format!("Failed to init logger, {}", e))?;
    let cmd = build_cli();
    let matches = cmd.get_matches();
    if let Some(generator) = matches.get_one::<Shell>("completions") {
@@ -45,11 +44,14 @@ async fn run() -> BoxResult<()> {
        print_completions(*generator, &mut cmd);
        return Ok(());
    }
-    let args = Args::parse(matches)?;
+    let mut args = Args::parse(matches)?;
-    let args = Arc::new(args);
+    logger::init(args.log_file.clone()).map_err(|e| anyhow!("Failed to init logger, {e}"))?;
    let (new_addrs, print_addrs) = check_addrs(&args)?;
    args.addrs = new_addrs;
    let running = Arc::new(AtomicBool::new(true));
-    let handles = serve(args.clone(), running.clone())?;
+    let listening = print_listening(&args, &print_addrs)?;
-    print_listening(args)?;
+    let handles = serve(args, running.clone())?;
    println!("{listening}");
    tokio::select! {
        ret = join_all(handles) => {
@@ -67,60 +69,130 @@ async fn run() -> BoxResult<()> {
    }
 }
-fn serve(
+fn serve(args: Args, running: Arc<AtomicBool>) -> Result<Vec<JoinHandle<()>>> {
-    args: Arc<Args>,
+    let addrs = args.addrs.clone();
    running: Arc<AtomicBool>,
 ) -> BoxResult<Vec<JoinHandle<Result<(), hyper::Error>>>> {
    let inner = Arc::new(Server::new(args.clone(), running));
    let mut handles = vec![];
    let port = args.port;
-    for ip in args.addrs.iter() {
+    let tls_config = (args.tls_cert.clone(), args.tls_key.clone());
-        let inner = inner.clone();
+    let server_handle = Arc::new(Server::init(args, running)?);
-        let incoming = create_addr_incoming(SocketAddr::new(*ip, port))
+    let mut handles = vec![];
-            .map_err(|e| format!("Failed to bind `{}:{}`, {}", ip, port, e))?;
+    for bind_addr in addrs.iter() {
-        let serv_func = move |remote_addr: SocketAddr| {
+        let server_handle = server_handle.clone();
-            let inner = inner.clone();
+        match bind_addr {
-            async move {
+            BindAddr::IpAddr(ip) => {
-                Ok::<_, hyper::Error>(service_fn(move |req: Request| {
+                let listener = create_listener(SocketAddr::new(*ip, port))
-                    let inner = inner.clone();
+                    .with_context(|| format!("Failed to bind `{ip}:{port}`"))?;
-                    inner.call(req, remote_addr)
+
-                }))
+                match &tls_config {
                    #[cfg(feature = "tls")]
                    (Some(cert_file), Some(key_file)) => {
                        let certs = load_certs(cert_file)?;
                        let key = load_private_key(key_file)?;
                        let mut config = ServerConfig::builder()
                            .with_no_client_auth()
                            .with_single_cert(certs, key)?;
                        config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
                        let config = Arc::new(config);
                        let tls_accepter = TlsAcceptor::from(config);
                        let handshake_timeout = Duration::from_secs(10);
                        let handle = tokio::spawn(async move {
                            loop {
                                let Ok((stream, addr)) = listener.accept().await else {
                                    continue;
                                };
                                let Some(stream) =
                                    timeout(handshake_timeout, tls_accepter.accept(stream))
                                        .await
                                        .ok()
                                        .and_then(|v| v.ok())
                                else {
                                    continue;
                                };
                                let stream = TokioIo::new(stream);
                                tokio::spawn(handle_stream(
                                    server_handle.clone(),
                                    stream,
                                    Some(addr),
                                ));
                            }
                        });
                        handles.push(handle);
                    }
                    (None, None) => {
                        let handle = tokio::spawn(async move {
                            loop {
                                let Ok((stream, addr)) = listener.accept().await else {
                                    continue;
                                };
                                let stream = TokioIo::new(stream);
                                tokio::spawn(handle_stream(
                                    server_handle.clone(),
                                    stream,
                                    Some(addr),
                                ));
                            }
                        });
                        handles.push(handle);
                    }
                    _ => {
                        unreachable!()
                    }
                };
            }
-        };
+            #[cfg(unix)]
-        match args.tls.as_ref() {
+            BindAddr::SocketPath(path) => {
-            #[cfg(feature = "tls")]
+                let socket_path = if path.starts_with("@")
-            Some((certs, key)) => {
+                    && cfg!(any(target_os = "linux", target_os = "android"))
-                let config = ServerConfig::builder()
+                {
-                    .with_safe_defaults()
+                    let mut path_buf = path.as_bytes().to_vec();
-                    .with_no_client_auth()
+                    path_buf[0] = b'\0';
-                    .with_single_cert(certs.clone(), key.clone())?;
+                    unsafe { std::ffi::OsStr::from_encoded_bytes_unchecked(&path_buf) }
-                let config = Arc::new(config);
+                        .to_os_string()
-                let accepter = TlsAcceptor::new(config.clone(), incoming);
+                } else {
-                let new_service = make_service_fn(move |socket: &TlsStream| {
+                    let _ = std::fs::remove_file(path);
-                    let remote_addr = socket.remote_addr();
+                    path.into()
-                    serv_func(remote_addr)
+                };
                let listener = tokio::net::UnixListener::bind(socket_path)
                    .with_context(|| format!("Failed to bind `{}`", path))?;
                let handle = tokio::spawn(async move {
                    loop {
                        let Ok((stream, _addr)) = listener.accept().await else {
                            continue;
                        };
                        let stream = TokioIo::new(stream);
                        tokio::spawn(handle_stream(server_handle.clone(), stream, None));
                    }
                });
-                let server = tokio::spawn(hyper::Server::builder(accepter).serve(new_service));
+
-                handles.push(server);
+                handles.push(handle);
            }
-            #[cfg(not(feature = "tls"))]
+        }
            Some(_) => {
                unreachable!()
            }
            None => {
                let new_service = make_service_fn(move |socket: &AddrStream| {
                    let remote_addr = socket.remote_addr();
                    serv_func(remote_addr)
                });
                let server = tokio::spawn(hyper::Server::builder(incoming).serve(new_service));
                handles.push(server);
            }
        };
    }
    Ok(handles)
 }
-fn create_addr_incoming(addr: SocketAddr) -> BoxResult<AddrIncoming> {
+async fn handle_stream<T>(handle: Arc<Server>, stream: TokioIo<T>, addr: Option<SocketAddr>)
 where
    T: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin + Send + 'static,
 {
    let hyper_service =
        service_fn(move |request: Request<Incoming>| handle.clone().call(request, addr));
    match Builder::new(TokioExecutor::new())
        .serve_connection_with_upgrades(stream, hyper_service)
        .await
    {
        Ok(()) => {}
        Err(_err) => {
            // This error only appears when the client doesn't send a request and terminate the connection.
            //
            // If client sends one request then terminate connection whenever, it doesn't appear.
        }
    }
 }
 fn create_listener(addr: SocketAddr) -> Result<TcpListener> {
    use socket2::{Domain, Protocol, Socket, Type};
    let socket = Socket::new(Domain::for_address(addr), Type::STREAM, Some(Protocol::TCP))?;
    if addr.is_ipv6() {
@@ -131,68 +203,99 @@ fn create_addr_incoming(addr: SocketAddr) -> BoxResult<AddrIncoming> {
    socket.listen(1024 /* Default backlog */)?;
    let std_listener = StdTcpListener::from(socket);
    std_listener.set_nonblocking(true)?;
-    let incoming = AddrIncoming::from_listener(TcpListener::from_std(std_listener)?)?;
+    let listener = TcpListener::from_std(std_listener)?;
-    Ok(incoming)
+    Ok(listener)
 }
-fn print_listening(args: Arc<Args>) -> BoxResult<()> {
+fn check_addrs(args: &Args) -> Result<(Vec<BindAddr>, Vec<BindAddr>)> {
-    let mut addrs = vec![];
+    let mut new_addrs = vec![];
-    let (mut ipv4, mut ipv6) = (false, false);
+    let mut print_addrs = vec![];
-    for ip in args.addrs.iter() {
+    let (ipv4_addrs, ipv6_addrs) = interface_addrs()?;
-        if ip.is_unspecified() {
+    for bind_addr in args.addrs.iter() {
-            if ip.is_ipv6() {
+        match bind_addr {
-                ipv6 = true;
+            BindAddr::IpAddr(ip) => match &ip {
-            } else {
+                IpAddr::V4(_) => {
-                ipv4 = true;
+                    if !ipv4_addrs.is_empty() {
-            }
+                        new_addrs.push(bind_addr.clone());
-        } else {
+                        if ip.is_unspecified() {
-            addrs.push(*ip);
+                            print_addrs.extend(ipv4_addrs.clone());
-        }
+                        } else {
-    }
+                            print_addrs.push(bind_addr.clone());
-    if ipv4 || ipv6 {
+                        }
-        let ifaces = if_addrs::get_if_addrs()
+                    }
-            .map_err(|e| format!("Failed to get local interface addresses: {}", e))?;
+                }
-        for iface in ifaces.into_iter() {
+                IpAddr::V6(_) => {
-            let local_ip = iface.ip();
+                    if !ipv6_addrs.is_empty() {
-            if ipv4 && local_ip.is_ipv4() {
+                        new_addrs.push(bind_addr.clone());
-                addrs.push(local_ip)
+                        if ip.is_unspecified() {
-            }
+                            print_addrs.extend(ipv6_addrs.clone());
-            if ipv6 && local_ip.is_ipv6() {
+                        } else {
-                addrs.push(local_ip)
+                            print_addrs.push(bind_addr.clone())
                        }
                    }
                }
            },
            #[cfg(unix)]
            _ => {
                new_addrs.push(bind_addr.clone());
                print_addrs.push(bind_addr.clone())
            }
        }
    }
-    addrs.sort_unstable();
+    print_addrs.sort_unstable();
-    let urls = addrs
+    Ok((new_addrs, print_addrs))
-        .into_iter()
+}
-        .map(|addr| match addr {
+
-            IpAddr::V4(_) => format!("{}:{}", addr, args.port),
+fn interface_addrs() -> Result<(Vec<BindAddr>, Vec<BindAddr>)> {
-            IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
+    let (mut ipv4_addrs, mut ipv6_addrs) = (vec![], vec![]);
    let ifaces =
        if_addrs::get_if_addrs().with_context(|| "Failed to get local interface addresses")?;
    for iface in ifaces.into_iter() {
        let ip = iface.ip();
        if ip.is_ipv4() {
            ipv4_addrs.push(BindAddr::IpAddr(ip))
        }
        if ip.is_ipv6() {
            ipv6_addrs.push(BindAddr::IpAddr(ip))
        }
    }
    Ok((ipv4_addrs, ipv6_addrs))
 }
 fn print_listening(args: &Args, print_addrs: &[BindAddr]) -> Result<String> {
    let mut output = String::new();
    let urls = print_addrs
        .iter()
        .map(|bind_addr| match bind_addr {
            BindAddr::IpAddr(addr) => {
                let addr = match addr {
                    IpAddr::V4(_) => format!("{}:{}", addr, args.port),
                    IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
                };
                let protocol = if args.tls_cert.is_some() {
                    "https"
                } else {
                    "http"
                };
                format!("{}://{}{}", protocol, addr, args.uri_prefix)
            }
            #[cfg(unix)]
            BindAddr::SocketPath(path) => path.to_string(),
        })
        .map(|addr| match &args.tls {
            Some(_) => format!("https://{}", addr),
            None => format!("http://{}", addr),
        })
        .map(|url| format!("{}{}", url, args.uri_prefix))
        .collect::<Vec<_>>();
    if urls.len() == 1 {
-        println!("Listening on {}", urls[0]);
+        output.push_str(&format!("Listening on {}", urls[0]))
    } else {
        let info = urls
            .iter()
-            .map(|v| format!("  {}", v))
+            .map(|v| format!("  {v}"))
            .collect::<Vec<String>>()
            .join("\n");
-        println!("Listening on:\n{}\n", info);
+        output.push_str(&format!("Listening on:\n{info}\n"))
    }
-    Ok(())
+    Ok(output)
 }
 fn handle_err<T>(err: Box<dyn std::error::Error>) -> T {
    eprintln!("error: {}", err);
    std::process::exit(1);
 }
 async fn shutdown_signal() {
--- a/src/server.rs
+++ b/src/server.rs
--- a/src/streamer.rs
+++ b/src/streamer.rs
@@ -1,68 +0,0 @@
 use async_stream::stream;
 use futures::{Stream, StreamExt};
 use std::io::Error;
 use std::pin::Pin;
 use tokio::io::{AsyncRead, AsyncReadExt};
 pub struct Streamer<R>
 where
    R: AsyncRead + Unpin + Send + 'static,
 {
    reader: R,
    buf_size: usize,
 }
 impl<R> Streamer<R>
 where
    R: AsyncRead + Unpin + Send + 'static,
 {
    #[inline]
    pub fn new(reader: R, buf_size: usize) -> Self {
        Self { reader, buf_size }
    }
    pub fn into_stream(
        mut self,
    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
        let stream = stream! {
            loop {
                let mut buf = vec![0; self.buf_size];
                let r = self.reader.read(&mut buf).await?;
                if r == 0 {
                    break
                }
                buf.truncate(r);
                yield Ok(buf);
            }
        };
        stream.boxed()
    }
    // allow truncation as truncated remaining is always less than buf_size: usize
    pub fn into_stream_sized(
        mut self,
        max_length: u64,
    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
        let stream = stream! {
        let mut remaining = max_length;
            loop {
                if remaining == 0 {
                    break;
                }
                let bs = if remaining >= self.buf_size as u64 {
                    self.buf_size
                } else {
                    remaining as usize
                };
                let mut buf = vec![0; bs];
                let r = self.reader.read(&mut buf).await?;
                if r == 0 {
                    break;
                } else {
                    buf.truncate(r);
                    yield Ok(buf);
                }
                remaining -= r as u64;
            }
        };
        stream.boxed()
    }
 }
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -1,158 +0,0 @@
 use core::task::{Context, Poll};
 use futures::ready;
 use hyper::server::accept::Accept;
 use hyper::server::conn::{AddrIncoming, AddrStream};
 use rustls::{Certificate, PrivateKey};
 use std::future::Future;
 use std::net::SocketAddr;
 use std::pin::Pin;
 use std::sync::Arc;
 use std::{fs, io};
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 use tokio_rustls::rustls::ServerConfig;
 enum State {
    Handshaking(tokio_rustls::Accept<AddrStream>),
    Streaming(tokio_rustls::server::TlsStream<AddrStream>),
 }
 // tokio_rustls::server::TlsStream doesn't expose constructor methods,
 // so we have to TlsAcceptor::accept and handshake to have access to it
 // TlsStream implements AsyncRead/AsyncWrite handshaking tokio_rustls::Accept first
 pub struct TlsStream {
    state: State,
    remote_addr: SocketAddr,
 }
 impl TlsStream {
    fn new(stream: AddrStream, config: Arc<ServerConfig>) -> TlsStream {
        let remote_addr = stream.remote_addr();
        let accept = tokio_rustls::TlsAcceptor::from(config).accept(stream);
        TlsStream {
            state: State::Handshaking(accept),
            remote_addr,
        }
    }
    pub fn remote_addr(&self) -> SocketAddr {
        self.remote_addr
    }
 }
 impl AsyncRead for TlsStream {
    fn poll_read(
        self: Pin<&mut Self>,
        cx: &mut Context,
        buf: &mut ReadBuf,
    ) -> Poll<io::Result<()>> {
        let pin = self.get_mut();
        match pin.state {
            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
                Ok(mut stream) => {
                    let result = Pin::new(&mut stream).poll_read(cx, buf);
                    pin.state = State::Streaming(stream);
                    result
                }
                Err(err) => Poll::Ready(Err(err)),
            },
            State::Streaming(ref mut stream) => Pin::new(stream).poll_read(cx, buf),
        }
    }
 }
 impl AsyncWrite for TlsStream {
    fn poll_write(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &[u8],
    ) -> Poll<io::Result<usize>> {
        let pin = self.get_mut();
        match pin.state {
            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
                Ok(mut stream) => {
                    let result = Pin::new(&mut stream).poll_write(cx, buf);
                    pin.state = State::Streaming(stream);
                    result
                }
                Err(err) => Poll::Ready(Err(err)),
            },
            State::Streaming(ref mut stream) => Pin::new(stream).poll_write(cx, buf),
        }
    }
    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        match self.state {
            State::Handshaking(_) => Poll::Ready(Ok(())),
            State::Streaming(ref mut stream) => Pin::new(stream).poll_flush(cx),
        }
    }
    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        match self.state {
            State::Handshaking(_) => Poll::Ready(Ok(())),
            State::Streaming(ref mut stream) => Pin::new(stream).poll_shutdown(cx),
        }
    }
 }
 pub struct TlsAcceptor {
    config: Arc<ServerConfig>,
    incoming: AddrIncoming,
 }
 impl TlsAcceptor {
    pub fn new(config: Arc<ServerConfig>, incoming: AddrIncoming) -> TlsAcceptor {
        TlsAcceptor { config, incoming }
    }
 }
 impl Accept for TlsAcceptor {
    type Conn = TlsStream;
    type Error = io::Error;
    fn poll_accept(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
    ) -> Poll<Option<Result<Self::Conn, Self::Error>>> {
        let pin = self.get_mut();
        match ready!(Pin::new(&mut pin.incoming).poll_accept(cx)) {
            Some(Ok(sock)) => Poll::Ready(Some(Ok(TlsStream::new(sock, pin.config.clone())))),
            Some(Err(e)) => Poll::Ready(Some(Err(e))),
            None => Poll::Ready(None),
        }
    }
 }
 // Load public certificate from file.
 pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error::Error>> {
    // Open certificate file.
    let certfile = fs::File::open(&filename)
        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
    let mut reader = io::BufReader::new(certfile);
    // Load and return certificate.
    let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
    if certs.is_empty() {
        return Err("No supported certificate in file".into());
    }
    Ok(certs.into_iter().map(Certificate).collect())
 }
 // Load private key from file.
 pub fn load_private_key(filename: &str) -> Result<PrivateKey, Box<dyn std::error::Error>> {
    // Open keyfile.
    let keyfile = fs::File::open(&filename)
        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
    let mut reader = io::BufReader::new(keyfile);
    // Load and return a single private key.
    let keys = rustls_pemfile::read_all(&mut reader)
        .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?
        .into_iter()
        .find_map(|item| match item {
            rustls_pemfile::Item::RSAKey(key) | rustls_pemfile::Item::PKCS8Key(key) => Some(key),
            _ => None,
        })
        .ok_or("No supported private key in file")?;
    Ok(PrivateKey(keys))
 }
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -1,5 +1,18 @@
-use crate::BoxResult;
+use anyhow::{anyhow, Context, Result};
-use std::{borrow::Cow, path::Path};
+use chrono::{DateTime, Utc};
 #[cfg(feature = "tls")]
 use rustls_pki_types::{CertificateDer, PrivateKeyDer};
 use std::{
    borrow::Cow,
    path::Path,
    time::{Duration, SystemTime, UNIX_EPOCH},
 };
 pub fn unix_now() -> Result<Duration> {
    SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .with_context(|| "Invalid system time")
 }
 pub fn encode_uri(v: &str) -> String {
    let parts: Vec<_> = v.split('/').map(urlencoding::encode).collect();
@@ -18,66 +31,144 @@ pub fn get_file_name(path: &Path) -> &str {
        .unwrap_or_default()
 }
-pub fn try_get_file_name(path: &Path) -> BoxResult<&str> {
+#[cfg(unix)]
 pub async fn get_file_mtime_and_mode(path: &Path) -> Result<(DateTime<Utc>, u16)> {
    use std::os::unix::prelude::MetadataExt;
    let meta = tokio::fs::metadata(path).await?;
    let datetime: DateTime<Utc> = meta.modified()?.into();
    Ok((datetime, meta.mode() as u16))
 }
 #[cfg(not(unix))]
 pub async fn get_file_mtime_and_mode(path: &Path) -> Result<(DateTime<Utc>, u16)> {
    let meta = tokio::fs::metadata(&path).await?;
    let datetime: DateTime<Utc> = meta.modified()?.into();
    Ok((datetime, 0o644))
 }
 pub fn try_get_file_name(path: &Path) -> Result<&str> {
    path.file_name()
        .and_then(|v| v.to_str())
-        .ok_or_else(|| format!("Failed to get file name of `{}`", path.display()).into())
+        .ok_or_else(|| anyhow!("Failed to get file name of `{}`", path.display()))
 }
-pub fn glob(source: &str, target: &str) -> bool {
+pub fn glob(pattern: &str, target: &str) -> bool {
-    let ss: Vec<char> = source.chars().collect();
+    let pat = match ::glob::Pattern::new(pattern) {
-    let mut iter = target.chars();
+        Ok(pat) => pat,
-    let mut i = 0;
+        Err(_) => return false,
-    'outer: while i < ss.len() {
+    };
-        let s = ss[i];
+    pat.matches(target)
-        match s {
+}
-            '*' => match ss.get(i + 1) {
+
-                Some(s_next) => {
+// Load public certificate from file.
-                    for t in iter.by_ref() {
+#[cfg(feature = "tls")]
-                        if t == *s_next {
+pub fn load_certs<T: AsRef<Path>>(filename: T) -> Result<Vec<CertificateDer<'static>>> {
-                            i += 2;
+    // Open certificate file.
-                            continue 'outer;
+    let cert_file = std::fs::File::open(filename.as_ref())
-                        }
+        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
-                    }
+    let mut reader = std::io::BufReader::new(cert_file);
-                    return true;
+
-                }
+    // Load and return certificate.
-                None => return true,
+    let mut certs = vec![];
-            },
+    for cert in rustls_pemfile::certs(&mut reader) {
-            '?' => match iter.next() {
+        let cert = cert.with_context(|| "Failed to load certificate")?;
-                Some(_) => {
+        certs.push(cert)
-                    i += 1;
+    }
-                    continue;
+    if certs.is_empty() {
-                }
+        anyhow::bail!("No supported certificate in file");
-                None => return false,
+    }
-            },
+    Ok(certs)
-            _ => match iter.next() {
+}
-                Some(t) => {
+
-                    if s == t {
+// Load private key from file.
-                        i += 1;
+#[cfg(feature = "tls")]
-                        continue;
+pub fn load_private_key<T: AsRef<Path>>(filename: T) -> Result<PrivateKeyDer<'static>> {
-                    }
+    let key_file = std::fs::File::open(filename.as_ref())
-                    return false;
+        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
-                }
+    let mut reader = std::io::BufReader::new(key_file);
-                None => return false,
+
-            },
+    // Load and return a single private key.
    for key in rustls_pemfile::read_all(&mut reader) {
        let key = key.with_context(|| "There was a problem with reading private key")?;
        match key {
            rustls_pemfile::Item::Pkcs1Key(key) => return Ok(PrivateKeyDer::Pkcs1(key)),
            rustls_pemfile::Item::Pkcs8Key(key) => return Ok(PrivateKeyDer::Pkcs8(key)),
            rustls_pemfile::Item::Sec1Key(key) => return Ok(PrivateKeyDer::Sec1(key)),
            _ => {}
        }
    }
-    iter.next().is_none()
+    anyhow::bail!("No supported private key in file");
 }
-#[test]
+pub fn parse_range(range: &str, size: u64) -> Option<(u64, u64)> {
-fn test_glob_key() {
+    let (unit, range) = range.split_once('=')?;
-    assert!(glob("", ""));
+    if unit != "bytes" || range.contains(',') {
-    assert!(glob(".*", ".git"));
+        return None;
-    assert!(glob("abc", "abc"));
+    }
-    assert!(glob("a*c", "abc"));
+    let (start, end) = range.split_once('-')?;
-    assert!(glob("a?c", "abc"));
+    if start.is_empty() {
-    assert!(glob("a*c", "abbc"));
+        let offset = end.parse::<u64>().ok()?;
-    assert!(glob("*c", "abc"));
+        if offset <= size {
-    assert!(glob("a*", "abc"));
+            Some((size - offset, size - 1))
-    assert!(glob("?c", "bc"));
+        } else {
-    assert!(glob("a?", "ab"));
+            None
-    assert!(!glob("abc", "adc"));
+        }
-    assert!(!glob("abc", "abcd"));
+    } else {
-    assert!(!glob("a?c", "abbc"));
+        let start = start.parse::<u64>().ok()?;
        if start < size {
            if end.is_empty() {
                Some((start, size - 1))
            } else {
                let end = end.parse::<u64>().ok()?;
                if end < size {
                    Some((start, end))
                } else {
                    None
                }
            }
        } else {
            None
        }
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_glob_key() {
        assert!(glob("", ""));
        assert!(glob(".*", ".git"));
        assert!(glob("abc", "abc"));
        assert!(glob("a*c", "abc"));
        assert!(glob("a?c", "abc"));
        assert!(glob("a*c", "abbc"));
        assert!(glob("*c", "abc"));
        assert!(glob("a*", "abc"));
        assert!(glob("?c", "bc"));
        assert!(glob("a?", "ab"));
        assert!(!glob("abc", "adc"));
        assert!(!glob("abc", "abcd"));
        assert!(!glob("a?c", "abbc"));
        assert!(!glob("*.log", "log"));
        assert!(glob("*.abc-cba", "xyz.abc-cba"));
        assert!(glob("*.abc-cba", "123.xyz.abc-cba"));
        assert!(glob("*.log", ".log"));
        assert!(glob("*.log", "a.log"));
        assert!(glob("*/", "abc/"));
        assert!(!glob("*/", "abc"));
    }
    #[test]
    fn test_parse_range() {
        assert_eq!(parse_range("bytes=0-499", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=0-", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=299-", 500), Some((299, 499)));
        assert_eq!(parse_range("bytes=-500", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=-300", 500), Some((200, 499)));
        assert_eq!(parse_range("bytes=500-", 500), None);
        assert_eq!(parse_range("bytes=-501", 500), None);
        assert_eq!(parse_range("bytes=0-500", 500), None);
    }
 }
--- a/tests/allow.rs
+++ b/tests/allow.rs
@@ -20,6 +20,13 @@ fn default_not_allow_delete(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn default_not_allow_archive(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?zip", server.url()))?;
    assert_eq!(resp.status(), 404);
    Ok(())
 }
 #[rstest]
 fn default_not_exist_dir(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}404/", server.url()))?;
@@ -64,10 +71,22 @@ fn allow_upload_delete_can_override(#[with(&["-A"])] server: TestServer) -> Resu
 fn allow_search(#[with(&["--allow-search"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(!paths.is_empty());
    for p in paths {
        assert!(p.contains("test.html"));
    }
    Ok(())
 }
 #[rstest]
 fn allow_archive(#[with(&["--allow-archive"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?zip", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "application/zip"
    );
    assert!(resp.headers().contains_key("content-disposition"));
    Ok(())
 }
--- a/tests/assets.rs
+++ b/tests/assets.rs
@@ -1,27 +1,31 @@
 mod fixtures;
 mod utils;
-use fixtures::{server, Error, TestServer};
+use assert_cmd::prelude::*;
 use assert_fs::fixture::TempDir;
 use fixtures::{port, server, tmpdir, wait_for_port, Error, TestServer, DIR_ASSETS};
 use rstest::rstest;
 use std::process::{Command, Stdio};
 #[rstest]
 fn assets(server: TestServer) -> Result<(), Error> {
    let ver = env!("CARGO_PKG_VERSION");
    let resp = reqwest::blocking::get(server.url())?;
-    let index_js = format!("/__dufs_v{}_index.js", ver);
+    let index_js = format!("/__dufs_v{ver}__/index.js");
-    let index_css = format!("/__dufs_v{}_index.css", ver);
+    let index_css = format!("/__dufs_v{ver}__/index.css");
-    let favicon_ico = format!("/__dufs_v{}_favicon.ico", ver);
+    let favicon_ico = format!("/__dufs_v{ver}__/favicon.ico");
    let text = resp.text()?;
-    assert!(text.contains(&format!(r#"href="{}""#, index_css)));
+    println!("{text}");
-    assert!(text.contains(&format!(r#"href="{}""#, favicon_ico)));
+    assert!(text.contains(&format!(r#"href="{index_css}""#)));
-    assert!(text.contains(&format!(r#"src="{}""#, index_js)));
+    assert!(text.contains(&format!(r#"href="{favicon_ico}""#)));
    assert!(text.contains(&format!(r#"src="{index_js}""#)));
    Ok(())
 }
 #[rstest]
 fn asset_js(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_index.js",
+        "{}__dufs_v{}__/index.js",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -29,7 +33,7 @@ fn asset_js(server: TestServer) -> Result<(), Error> {
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
    );
    Ok(())
 }
@@ -37,20 +41,23 @@ fn asset_js(server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn asset_css(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_index.css",
+        "{}__dufs_v{}__/index.css",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
    let resp = reqwest::blocking::get(url)?;
    assert_eq!(resp.status(), 200);
-    assert_eq!(resp.headers().get("content-type").unwrap(), "text/css");
+    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/css; charset=UTF-8"
    );
    Ok(())
 }
 #[rstest]
 fn asset_ico(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_favicon.ico",
+        "{}__dufs_v{}__/favicon.ico",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -64,13 +71,13 @@ fn asset_ico(server: TestServer) -> Result<(), Error> {
 fn assets_with_prefix(#[with(&["--path-prefix", "xyz"])] server: TestServer) -> Result<(), Error> {
    let ver = env!("CARGO_PKG_VERSION");
    let resp = reqwest::blocking::get(format!("{}xyz/", server.url()))?;
-    let index_js = format!("/xyz/__dufs_v{}_index.js", ver);
+    let index_js = format!("/xyz/__dufs_v{ver}__/index.js");
-    let index_css = format!("/xyz/__dufs_v{}_index.css", ver);
+    let index_css = format!("/xyz/__dufs_v{ver}__/index.css");
-    let favicon_ico = format!("/xyz/__dufs_v{}_favicon.ico", ver);
+    let favicon_ico = format!("/xyz/__dufs_v{ver}__/favicon.ico");
    let text = resp.text()?;
-    assert!(text.contains(&format!(r#"href="{}""#, index_css)));
+    assert!(text.contains(&format!(r#"href="{index_css}""#)));
-    assert!(text.contains(&format!(r#"href="{}""#, favicon_ico)));
+    assert!(text.contains(&format!(r#"href="{favicon_ico}""#)));
-    assert!(text.contains(&format!(r#"src="{}""#, index_js)));
+    assert!(text.contains(&format!(r#"src="{index_js}""#)));
    Ok(())
 }
@@ -79,7 +86,7 @@ fn asset_js_with_prefix(
    #[with(&["--path-prefix", "xyz"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!(
-        "{}xyz/__dufs_v{}_index.js",
+        "{}xyz/__dufs_v{}__/index.js",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -87,7 +94,33 @@ fn asset_js_with_prefix(
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
    );
    Ok(())
 }
 #[rstest]
 fn assets_override(tmpdir: TempDir, port: u16) -> Result<(), Error> {
    let mut child = Command::cargo_bin("dufs")?
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .arg("--assets")
        .arg(tmpdir.join(DIR_ASSETS))
        .stdout(Stdio::piped())
        .spawn()?;
    wait_for_port(port);
    let url = format!("http://localhost:{port}");
    let resp = reqwest::blocking::get(&url)?;
    assert!(resp.text()?.starts_with(&format!(
        "/__dufs_v{}__/index.js;<template id=\"index-data\">",
        env!("CARGO_PKG_VERSION")
    )));
    let resp = reqwest::blocking::get(&url)?;
    assert_resp_paths!(resp);
    child.kill()?;
    Ok(())
 }
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -1,15 +1,25 @@
 mod digest_auth_util;
 mod fixtures;
 mod utils;
-use diqwest::blocking::WithDigestAuth;
+use digest_auth_util::send_with_digest_auth;
 use fixtures::{server, Error, TestServer};
 use indexmap::IndexSet;
 use rstest::rstest;
 #[rstest]
-fn no_auth(#[with(&["--auth", "/@user:pass", "-A"])] server: TestServer) -> Result<(), Error> {
+fn no_auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    assert_eq!(resp.status(), 401);
-    assert!(resp.headers().contains_key("www-authenticate"));
+    let values: Vec<&str> = resp
        .headers()
        .get_all("www-authenticate")
        .iter()
        .map(|v| v.to_str().unwrap())
        .collect();
    assert!(values[0].starts_with("Digest"));
    assert!(values[1].starts_with("Basic"));
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
@@ -17,63 +27,168 @@ fn no_auth(#[with(&["--auth", "/@user:pass", "-A"])] server: TestServer) -> Resu
 }
 #[rstest]
-fn auth(#[with(&["--auth", "/@user:pass", "-A"])] server: TestServer) -> Result<(), Error> {
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
 #[case(server(&["--auth", "user:pa:ss@1@/:rw", "-A"]), "user", "pa:ss@1")]
 fn auth(#[case] server: TestServer, #[case] user: &str, #[case] pass: &str) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
-    let resp = fetch!(b"PUT", &url)
+    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), user, pass)?;
        .body(b"abc".to_vec())
        .send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
 #[rstest]
-fn auth_skip(#[with(&["--auth", "/@user:pass@*"])] server: TestServer) -> Result<(), Error> {
+fn invalid_auth(
    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"GET", server.url())
        .basic_auth("user", Some("-"))
        .send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"GET", server.url())
        .basic_auth("-", Some("pass"))
        .send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"GET", server.url())
        .header("Authorization", "Basic Og==")
        .send()?;
    assert_eq!(resp.status(), 401);
    Ok(())
 }
 #[rstest]
 #[case(server(&["--auth", "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw", "-A"]), "user", "pass")]
 #[case(server(&["--auth", "user:$6$YV1J6OHZAAgbzCbS$V55ZEgvJ6JFdz1nLO4AD696PRHAJYhfQf.Gy2HafrCz5itnbgNTtTgfUSqZrt4BJ7FcpRfSt/QZzAan68pido0@/:rw", "-A"]), "user", "pa:ss@1")]
 fn auth_hashed_password(
    #[case] server: TestServer,
    #[case] user: &str,
    #[case] pass: &str,
 ) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
    if let Err(err) = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), user, pass)
    {
        assert_eq!(
            err.to_string(),
            r#"Missing "realm" in header: Basic realm="DUFS""#
        );
    }
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
        .basic_auth(user, Some(pass))
        .send()?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
 #[rstest]
 fn auth_and_public(
    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user", "pass")?;
    assert_eq!(resp.status(), 201);
    let resp = fetch!(b"GET", &url).send()?;
    assert_eq!(resp.status(), 200);
    assert_eq!(resp.text()?, "abc");
    Ok(())
 }
 #[rstest]
 fn auth_skip(#[with(&["--auth", "@/"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_skip_on_options_method(
    #[with(&["--auth", "user:pass@/:rw"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"OPTIONS", &url).send()?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_check(
    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"CHECKAUTH", &url).send()?;
    assert_eq!(resp.status(), 401);
    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?;
    assert_eq!(resp.status(), 200);
    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user2", "pass2")?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_check2(
    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"CHECKAUTH", &url).send()?;
    assert_eq!(resp.status(), 401);
    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?;
    assert_eq!(resp.status(), 200);
    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user2", "pass2")?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_logout(
    #[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"LOGOUT", &url).send()?;
    assert_eq!(resp.status(), 401);
    let resp = send_with_digest_auth(fetch!(b"LOGOUT", &url), "user", "pass")?;
    assert_eq!(resp.status(), 401);
    Ok(())
 }
 #[rstest]
 fn auth_readonly(
-    #[with(&["--auth", "/@user:pass@user2:pass2", "-A"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"GET", &url).send()?;
    assert_eq!(resp.status(), 401);
-    let resp = fetch!(b"GET", &url).send_with_digest_auth("user2", "pass2")?;
+    let resp = send_with_digest_auth(fetch!(b"GET", &url), "user2", "pass2")?;
    assert_eq!(resp.status(), 200);
    let url = format!("{}file1", server.url());
-    let resp = fetch!(b"PUT", &url)
+    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user2", "pass2")?;
-        .body(b"abc".to_vec())
+    assert_eq!(resp.status(), 403);
        .send_with_digest_auth("user2", "pass2")?;
    assert_eq!(resp.status(), 401);
    Ok(())
 }
 #[rstest]
 fn auth_nest(
-    #[with(&["--auth", "/@user:pass@user2:pass2", "--auth", "/dira@user3:pass3", "-A"])]
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "--auth", "user3:pass3@/dir1:rw", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
-    let url = format!("{}dira/file1", server.url());
+    let url = format!("{}dir1/file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
-    let resp = fetch!(b"PUT", &url)
+    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user3", "pass3")?;
        .body(b"abc".to_vec())
        .send_with_digest_auth("user3", "pass3")?;
    assert_eq!(resp.status(), 201);
-    let resp = fetch!(b"PUT", &url)
+    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user", "pass")?;
        .body(b"abc".to_vec())
        .send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
 #[rstest]
 fn auth_nest_share(
-    #[with(&["--auth", "/@user:pass@*", "--auth", "/dira@user3:pass3", "-A"])] server: TestServer,
+    #[with(&["--auth", "@/", "--auth", "user:pass@/:rw", "--auth", "user3:pass3@/dir1:rw", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"GET", &url).send()?;
@@ -82,15 +197,19 @@ fn auth_nest_share(
 }
 #[rstest]
 #[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
 #[case(server(&["--auth", "u1:p1@/:rw", "-A"]), "u1", "p1")]
 fn auth_basic(
-    #[with(&["--auth", "/@user:pass", "--auth-method", "basic", "-A"])] server: TestServer,
+    #[case] server: TestServer,
    #[case] user: &str,
    #[case] pass: &str,
 ) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
-        .basic_auth("user", Some("pass"))
+        .basic_auth(user, Some(pass))
        .send()?;
    assert_eq!(resp.status(), 201);
    Ok(())
@@ -98,26 +217,125 @@ fn auth_basic(
 #[rstest]
 fn auth_webdav_move(
-    #[with(&["--auth", "/@user:pass@*", "--auth", "/dira@user3:pass3", "-A"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user3:pass3@/dir1:rw", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
-    let origin_url = format!("{}dira/test.html", server.url());
+    let origin_url = format!("{}dir1/test.html", server.url());
    let new_url = format!("{}test2.html", server.url());
-    let resp = fetch!(b"MOVE", &origin_url)
+    let resp = send_with_digest_auth(
-        .header("Destination", &new_url)
+        fetch!(b"MOVE", &origin_url).header("Destination", &new_url),
-        .send_with_digest_auth("user3", "pass3")?;
+        "user3",
        "pass3",
    )?;
    assert_eq!(resp.status(), 403);
    Ok(())
 }
 #[rstest]
 fn auth_webdav_copy(
-    #[with(&["--auth", "/@user:pass@*", "--auth", "/dira@user3:pass3", "-A"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user3:pass3@/dir1:rw", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
-    let origin_url = format!("{}dira/test.html", server.url());
+    let origin_url = format!("{}dir1/test.html", server.url());
    let new_url = format!("{}test2.html", server.url());
-    let resp = fetch!(b"COPY", &origin_url)
+    let resp = send_with_digest_auth(
-        .header("Destination", &new_url)
+        fetch!(b"COPY", &origin_url).header("Destination", &new_url),
-        .send_with_digest_auth("user3", "pass3")?;
+        "user3",
        "pass3",
    )?;
    assert_eq!(resp.status(), 403);
    Ok(())
 }
 #[rstest]
 fn auth_path_prefix(
    #[with(&["--auth", "user:pass@/:rw", "--path-prefix", "xyz", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}xyz/index.html", server.url());
    let resp = fetch!(b"GET", &url).send()?;
    assert_eq!(resp.status(), 401);
    let resp = send_with_digest_auth(fetch!(b"GET", &url), "user", "pass")?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_partial_index(
    #[with(&["--auth", "user:pass@/dir1:rw,/dir2:rw", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = send_with_digest_auth(fetch!(b"GET", server.url()), "user", "pass")?;
    assert_eq!(resp.status(), 200);
    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert_eq!(paths, IndexSet::from(["dir1/".into(), "dir2/".into()]));
    let resp = send_with_digest_auth(
        fetch!(b"GET", format!("{}?q={}", server.url(), "test.html")),
        "user",
        "pass",
    )?;
    assert_eq!(resp.status(), 200);
    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert_eq!(
        paths,
        IndexSet::from(["dir1/test.html".into(), "dir2/test.html".into()])
    );
    Ok(())
 }
 #[rstest]
 fn no_auth_propfind_dir(
    #[with(&["--auth", "admin:admin@/:rw", "--auth", "@/dir-assets", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", server.url()).send()?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
    assert!(body.contains("<D:href>/dir-assets/</D:href>"));
    assert!(body.contains("<D:href>/dir1/</D:href>"));
    Ok(())
 }
 #[rstest]
 fn auth_propfind_dir(
    #[with(&["--auth", "admin:admin@/:rw", "--auth", "user:pass@/dir-assets", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
    let resp = send_with_digest_auth(fetch!(b"PROPFIND", server.url()), "user", "pass")?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
    assert!(body.contains("<D:href>/dir-assets/</D:href>"));
    assert!(!body.contains("<D:href>/dir1/</D:href>"));
    Ok(())
 }
 #[rstest]
 fn auth_data(
    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    let content = resp.text()?;
    let json = utils::retrieve_json(&content).unwrap();
    assert_eq!(json["allow_delete"], serde_json::Value::Bool(false));
    assert_eq!(json["allow_upload"], serde_json::Value::Bool(false));
    let resp = fetch!(b"GET", server.url())
        .basic_auth("user", Some("pass"))
        .send()?;
    let content = resp.text()?;
    let json = utils::retrieve_json(&content).unwrap();
    assert_eq!(json["allow_delete"], serde_json::Value::Bool(true));
    assert_eq!(json["allow_upload"], serde_json::Value::Bool(true));
    Ok(())
 }
 #[rstest]
 fn auth_precedence(
    #[with(&["--auth", "user:pass@/dir1:rw,/dir1/test.txt", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}dir1/test.txt", server.url());
    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user", "pass")?;
    assert_eq!(resp.status(), 403);
    let url = format!("{}dir1/file1", server.url());
    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user", "pass")?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
--- a/tests/bind.rs
+++ b/tests/bind.rs
@@ -76,9 +76,7 @@ fn validate_printed_urls(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> R
        .collect::<Vec<_>>();
    assert!(!urls.is_empty());
-    for url in urls {
+    reqwest::blocking::get(urls[0])?.error_for_status()?;
        reqwest::blocking::get(url)?.error_for_status()?;
    }
    child.kill()?;
--- a/tests/cache.rs
+++ b/tests/cache.rs
@@ -0,0 +1,80 @@
 mod fixtures;
 mod utils;
 use chrono::{DateTime, Duration};
 use fixtures::{server, Error, TestServer};
 use reqwest::header::{
    HeaderName, ETAG, IF_MATCH, IF_MODIFIED_SINCE, IF_NONE_MATCH, IF_UNMODIFIED_SINCE,
    LAST_MODIFIED,
 };
 use reqwest::StatusCode;
 use rstest::rstest;
 #[rstest]
 #[case(IF_UNMODIFIED_SINCE, Duration::days(1), StatusCode::OK)]
 #[case(IF_UNMODIFIED_SINCE, Duration::days(0), StatusCode::OK)]
 #[case(IF_UNMODIFIED_SINCE, Duration::days(-1), StatusCode::PRECONDITION_FAILED)]
 #[case(IF_MODIFIED_SINCE, Duration::days(1), StatusCode::NOT_MODIFIED)]
 #[case(IF_MODIFIED_SINCE, Duration::days(0), StatusCode::NOT_MODIFIED)]
 #[case(IF_MODIFIED_SINCE, Duration::days(-1), StatusCode::OK)]
 fn get_file_with_if_modified_since_condition(
    #[case] header_condition: HeaderName,
    #[case] duration_after_file_modified: Duration,
    #[case] expected_code: StatusCode,
    server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}index.html", server.url())).send()?;
    let last_modified = resp
        .headers()
        .get(LAST_MODIFIED)
        .and_then(|h| h.to_str().ok())
        .and_then(|s| DateTime::parse_from_rfc2822(s).ok())
        .expect("Received no valid last modified header");
    let req_modified_time = (last_modified + duration_after_file_modified)
        .format("%a, %d %b %Y %T GMT")
        .to_string();
    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
        .header(header_condition, req_modified_time)
        .send()?;
    assert_eq!(resp.status(), expected_code);
    Ok(())
 }
 fn same_etag(etag: &str) -> String {
    etag.to_owned()
 }
 fn different_etag(etag: &str) -> String {
    format!("{}1234", etag)
 }
 #[rstest]
 #[case(IF_MATCH, same_etag, StatusCode::OK)]
 #[case(IF_MATCH, different_etag, StatusCode::PRECONDITION_FAILED)]
 #[case(IF_NONE_MATCH, same_etag, StatusCode::NOT_MODIFIED)]
 #[case(IF_NONE_MATCH, different_etag, StatusCode::OK)]
 fn get_file_with_etag_match(
    #[case] header_condition: HeaderName,
    #[case] etag_modifier: fn(&str) -> String,
    #[case] expected_code: StatusCode,
    server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}index.html", server.url())).send()?;
    let etag = resp
        .headers()
        .get(ETAG)
        .and_then(|h| h.to_str().ok())
        .expect("Received no valid etag header");
    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
        .header(header_condition, etag_modifier(etag))
        .send()?;
    assert_eq!(resp.status(), expected_code);
    Ok(())
 }
--- a/tests/config.rs
+++ b/tests/config.rs
@@ -0,0 +1,55 @@
 mod digest_auth_util;
 mod fixtures;
 mod utils;
 use assert_cmd::prelude::*;
 use assert_fs::TempDir;
 use digest_auth_util::send_with_digest_auth;
 use fixtures::{port, tmpdir, wait_for_port, Error};
 use rstest::rstest;
 use std::path::PathBuf;
 use std::process::{Command, Stdio};
 #[rstest]
 fn use_config_file(tmpdir: TempDir, port: u16) -> Result<(), Error> {
    let config_path = get_config_path().display().to_string();
    let mut child = Command::cargo_bin("dufs")?
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .args(["--config", &config_path])
        .stdout(Stdio::piped())
        .spawn()?;
    wait_for_port(port);
    let url = format!("http://localhost:{port}/dufs/index.html");
    let resp = fetch!(b"GET", &url).send()?;
    assert_eq!(resp.status(), 401);
    let url = format!("http://localhost:{port}/dufs/index.html");
    let resp = send_with_digest_auth(fetch!(b"GET", &url), "user", "pass")?;
    assert_eq!(resp.text()?, "This is index.html");
    let url = format!("http://localhost:{port}/dufs?simple");
    let resp = send_with_digest_auth(fetch!(b"GET", &url), "user", "pass")?;
    let text: String = resp.text().unwrap();
    assert!(text.split('\n').any(|c| c == "dir1/"));
    assert!(!text.split('\n').any(|c| c == "dir3/"));
    assert!(!text.split('\n').any(|c| c == "test.txt"));
    let url = format!("http://localhost:{port}/dufs/dir1/upload.txt");
    let resp = send_with_digest_auth(fetch!(b"PUT", &url).body("Hello"), "user", "pass")?;
    assert_eq!(resp.status(), 201);
    child.kill()?;
    Ok(())
 }
 fn get_config_path() -> PathBuf {
    let mut path = std::env::current_dir().expect("Failed to get current directory");
    path.push("tests");
    path.push("data");
    path.push("config.yaml");
    path
 }
--- a/tests/cors.rs
+++ b/tests/cors.rs
@@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
    );
    assert_eq!(
        resp.headers().get("access-control-allow-methods").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "*"
    );
    assert_eq!(
        resp.headers().get("access-control-allow-headers").unwrap(),
-        "Authorization,Destination,Range"
+        "Authorization,*"
    );
    assert_eq!(
        resp.headers().get("access-control-expose-headers").unwrap(),
-        "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
+        "Authorization,*"
    );
    Ok(())
 }
--- a/tests/data/cert_ecdsa.pem
+++ b/tests/data/cert_ecdsa.pem
@@ -0,0 +1,11 @@
 -----BEGIN CERTIFICATE-----
 MIIBfTCCASOgAwIBAgIUfrAUHXIfeM54OLnTIUD9xT6FIwkwCgYIKoZIzj0EAwIw
 FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDgwMjAxMjQ1NFoXDTMyMDczMDAx
 MjQ1NFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
 AQcDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3944R
 JPT6S5wRTHFpF0BJhQRfiuW4K2EUcaNTMFEwHQYDVR0OBBYEFEebUDkiMJoV2d5W
 8o+6p4DauHFFMB8GA1UdIwQYMBaAFEebUDkiMJoV2d5W8o+6p4DauHFFMA8GA1Ud
 EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPJvmzqaq/S5yYxeB4se8k2z
 6pnVNxrTT2CqdPD8Z+7rAiBZAyU+5+KbQq3aZsmuNUx+YOqTDMkaUR/nd/tjnnOX
 gA==
 -----END CERTIFICATE-----
--- a/tests/data/config.yaml
+++ b/tests/data/config.yaml
@@ -0,0 +1,9 @@
 bind:
  - 0.0.0.0
 path-prefix: dufs
 hidden:
  - dir3
  - test.txt
 auth: 
  - user:pass@/:rw
 allow-upload: true
--- a/tests/data/generate_tls_certs.sh
+++ b/tests/data/generate_tls_certs.sh
@@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout key_pkcs8.pem -out cert.pem -nodes -days 3650
 openssl rsa -in key_pkcs8.pem -out key_pkcs1.pem
 openssl ecparam -name prime256v1 -genkey -noout -out key_ecdsa.pem
 openssl req -subj '/CN=localhost' -x509 -key key_ecdsa.pem -out cert_ecdsa.pem -nodes -days 3650
--- a/tests/data/key_ecdsa.pem
+++ b/tests/data/key_ecdsa.pem
@@ -0,0 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEILOQ44lHqD4w12HJKlZJ+Y3u91eUKjabu3UKPSahhC89oAoGCCqGSM49
 AwEHoUQDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3
 944RJPT6S5wRTHFpF0BJhQRfiuW4K2EUcQ==
 -----END EC PRIVATE KEY-----
--- a/tests/digest_auth_util.rs
+++ b/tests/digest_auth_util.rs
@@ -0,0 +1,91 @@
 /// Refs https://github.dev/maoertel/diqwest/blob/main/src/blocking.rs
 use anyhow::{anyhow, Result};
 use digest_auth::{AuthContext, AuthorizationHeader, HttpMethod};
 use hyper::{header::AUTHORIZATION, HeaderMap, StatusCode};
 use reqwest::blocking::{RequestBuilder, Response};
 use url::Position;
 pub fn send_with_digest_auth(
    request_builder: RequestBuilder,
    username: &str,
    password: &str,
 ) -> Result<Response> {
    let first_response = try_clone_request_builder(&request_builder)?.send()?;
    match first_response.status() {
        StatusCode::UNAUTHORIZED => {
            try_digest_auth(request_builder, first_response, username, password)
        }
        _ => Ok(first_response),
    }
 }
 fn try_digest_auth(
    request_builder: RequestBuilder,
    first_response: Response,
    username: &str,
    password: &str,
 ) -> Result<Response> {
    if let Some(answer) = get_answer(
        &request_builder,
        first_response.headers(),
        username,
        password,
    )? {
        return Ok(request_builder
            .header(AUTHORIZATION, answer.to_header_string())
            .send()?);
    };
    Ok(first_response)
 }
 fn try_clone_request_builder(request_builder: &RequestBuilder) -> Result<RequestBuilder> {
    request_builder
        .try_clone()
        .ok_or_else(|| anyhow!("Request body must not be a stream"))
 }
 fn get_answer(
    request_builder: &RequestBuilder,
    first_response: &HeaderMap,
    username: &str,
    password: &str,
 ) -> Result<Option<AuthorizationHeader>> {
    let answer = calculate_answer(request_builder, first_response, username, password);
    match answer {
        Ok(answer) => Ok(Some(answer)),
        Err(error) => Err(error),
    }
 }
 fn calculate_answer(
    request_builder: &RequestBuilder,
    headers: &HeaderMap,
    username: &str,
    password: &str,
 ) -> Result<AuthorizationHeader> {
    let request = try_clone_request_builder(request_builder)?.build()?;
    let path = &request.url()[Position::AfterPort..];
    let method = HttpMethod::from(request.method().as_str());
    let body = request.body().and_then(|b| b.as_bytes());
    parse_digest_auth_header(headers, path, method, body, username, password)
 }
 fn parse_digest_auth_header(
    header: &HeaderMap,
    path: &str,
    method: HttpMethod,
    body: Option<&[u8]>,
    username: &str,
    password: &str,
 ) -> Result<AuthorizationHeader> {
    let www_auth = header
        .get("www-authenticate")
        .ok_or_else(|| anyhow!("The header 'www-authenticate' is missing."))?
        .to_str()?;
    let context = AuthContext::new_with_method(username, password, path, body, method);
    let mut prompt = digest_auth::parse(www_auth)?;
    Ok(prompt.respond(&context)?)
 }
--- a/tests/fixtures.rs
+++ b/tests/fixtures.rs
@@ -11,15 +11,25 @@ use std::time::{Duration, Instant};
 #[allow(dead_code)]
 pub type Error = Box<dyn std::error::Error>;
 #[allow(dead_code)]
 pub const BIN_FILE: &str = "😀.bin";
 /// File names for testing purpose
 #[allow(dead_code)]
-pub static FILES: &[&str] = &["test.txt", "test.html", "index.html", "😀.bin"];
+pub static FILES: &[&str] = &[
    "test.txt",
    "test.html",
    "index.html",
    #[cfg(not(target_os = "windows"))]
    "file\n1.txt",
    BIN_FILE,
 ];
-/// Directory names for testing diretory don't exist
+/// Directory names for testing directory don't exist
 #[allow(dead_code)]
 pub static DIR_NO_FOUND: &str = "dir-no-found/";
-/// Directory names for testing diretory don't have index.html
+/// Directory names for testing directory don't have index.html
 #[allow(dead_code)]
 pub static DIR_NO_INDEX: &str = "dir-no-index/";
@@ -27,9 +37,13 @@ pub static DIR_NO_INDEX: &str = "dir-no-index/";
 #[allow(dead_code)]
 pub static DIR_GIT: &str = ".git/";
 /// Directory names for testings assets override
 #[allow(dead_code)]
 pub static DIR_ASSETS: &str = "dir-assets/";
 /// Directory names for testing purpose
 #[allow(dead_code)]
-pub static DIRECTORIES: &[&str] = &["dira/", "dirb/", "dirc/", DIR_NO_INDEX, DIR_GIT];
+pub static DIRECTORIES: &[&str] = &["dir1/", "dir2/", "dir3/", DIR_NO_INDEX, DIR_GIT, DIR_ASSETS];
 /// Test fixture which creates a temporary directory with a few files and directories inside.
 /// The directories also contain files.
@@ -38,22 +52,61 @@ pub static DIRECTORIES: &[&str] = &["dira/", "dirb/", "dirc/", DIR_NO_INDEX, DIR
 pub fn tmpdir() -> TempDir {
    let tmpdir = assert_fs::TempDir::new().expect("Couldn't create a temp dir for tests");
    for file in FILES {
-        tmpdir
+        if *file == BIN_FILE {
-            .child(file)
+            tmpdir.child(file).write_binary(b"bin\0\x00123").unwrap();
-            .write_str(&format!("This is {}", file))
+        } else {
            .expect("Couldn't write to file");
    }
    for directory in DIRECTORIES {
        for file in FILES {
            if *directory == DIR_NO_INDEX && *file == "index.html" {
                continue;
            }
            tmpdir
-                .child(format!("{}{}", directory, file))
+                .child(file)
-                .write_str(&format!("This is {}{}", directory, file))
+                .write_str(&format!("This is {file}"))
-                .expect("Couldn't write to file");
+                .unwrap();
        }
    }
    for directory in DIRECTORIES {
        if *directory == DIR_ASSETS {
            tmpdir
                .child(format!("{}{}", directory, "index.html"))
                .write_str("__ASSETS_PREFIX__index.js;<template id=\"index-data\">__INDEX_DATA__</template>")
                .unwrap();
        } else {
            for file in FILES {
                if *directory == DIR_NO_INDEX && *file == "index.html" {
                    continue;
                }
                if *file == BIN_FILE {
                    tmpdir
                        .child(format!("{directory}{file}"))
                        .write_binary(b"bin\0\x00123")
                        .unwrap();
                } else {
                    tmpdir
                        .child(format!("{directory}{file}"))
                        .write_str(&format!("This is {directory}{file}"))
                        .unwrap();
                }
            }
        }
    }
    tmpdir.child("dir4/hidden").touch().unwrap();
    tmpdir
        .child("content-types/bin.tar")
        .write_binary(b"\x7f\x45\x4c\x46\x02\x01\x00\x00")
        .unwrap();
    tmpdir
        .child("content-types/bin")
        .write_binary(b"\x7f\x45\x4c\x46\x02\x01\x00\x00")
        .unwrap();
    tmpdir
        .child("content-types/file-utf8.txt")
        .write_str("世界")
        .unwrap();
    tmpdir
        .child("content-types/file-gbk.txt")
        .write_binary(b"\xca\xc0\xbd\xe7")
        .unwrap();
    tmpdir
        .child("content-types/file")
        .write_str("世界")
        .unwrap();
    tmpdir
 }
@@ -93,43 +146,15 @@ where
    TestServer::new(port, tmpdir, child, is_tls)
 }
 /// Same as `server()` but ignore stderr
 #[fixture]
 #[allow(dead_code)]
 pub fn server_no_stderr<I>(#[default(&[] as &[&str])] args: I) -> TestServer
 where
    I: IntoIterator + Clone,
    I::Item: AsRef<std::ffi::OsStr>,
 {
    let port = port();
    let tmpdir = tmpdir();
    let child = Command::cargo_bin("dufs")
        .expect("Couldn't find test binary")
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .args(args.clone())
        .stdout(Stdio::null())
        .stderr(Stdio::null())
        .spawn()
        .expect("Couldn't run test binary");
    let is_tls = args
        .into_iter()
        .any(|x| x.as_ref().to_str().unwrap().contains("tls"));
    wait_for_port(port);
    TestServer::new(port, tmpdir, child, is_tls)
 }
 /// Wait a max of 1s for the port to become available.
 pub fn wait_for_port(port: u16) {
    let start_wait = Instant::now();
-    while !port_check::is_port_reachable(format!("localhost:{}", port)) {
+    while !port_check::is_port_reachable(format!("localhost:{port}")) {
        sleep(Duration::from_millis(100));
        if start_wait.elapsed().as_secs() > 1 {
-            panic!("timeout waiting for port {}", port);
+            panic!("timeout waiting for port {port}");
        }
    }
 }
--- a/tests/health.rs
+++ b/tests/health.rs
@@ -0,0 +1,31 @@
 mod fixtures;
 mod utils;
 use fixtures::{server, Error, TestServer};
 use rstest::rstest;
 const HEALTH_CHECK_PATH: &str = "__dufs__/health";
 const HEALTH_CHECK_RESPONSE: &str = r#"{"status":"OK"}"#;
 #[rstest]
 fn normal_health(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}{HEALTH_CHECK_PATH}", server.url()))?;
    assert_eq!(resp.text()?, HEALTH_CHECK_RESPONSE);
    Ok(())
 }
 #[rstest]
 fn auth_health(
    #[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}{HEALTH_CHECK_PATH}", server.url()))?;
    assert_eq!(resp.text()?, HEALTH_CHECK_RESPONSE);
    Ok(())
 }
 #[rstest]
 fn path_prefix_health(#[with(&["--path-prefix", "xyz"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}xyz/{HEALTH_CHECK_PATH}", server.url()))?;
    assert_eq!(resp.text()?, HEALTH_CHECK_RESPONSE);
    Ok(())
 }
--- a/tests/hidden.rs
+++ b/tests/hidden.rs
@@ -10,12 +10,26 @@ use rstest::rstest;
 fn hidden_get_dir(#[case] server: TestServer, #[case] exist: bool) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(paths.contains("dir1/"));
    assert_eq!(paths.contains(".git/"), exist);
    assert_eq!(paths.contains("index.html"), exist);
    Ok(())
 }
 #[rstest]
 #[case(server(&[] as &[&str]), true)]
 #[case(server(&["--hidden", "*.html"]), false)]
 fn hidden_get_dir2(#[case] server: TestServer, #[case] exist: bool) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    assert_eq!(resp.status(), 200);
    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(paths.contains("dir1/"));
    assert_eq!(paths.contains("index.html"), exist);
    assert_eq!(paths.contains("test.html"), exist);
    Ok(())
 }
 #[rstest]
 #[case(server(&[] as &[&str]), true)]
 #[case(server(&["--hidden", ".git,index.html"]), false)]
@@ -23,6 +37,7 @@ fn hidden_propfind_dir(#[case] server: TestServer, #[case] exist: bool) -> Resul
    let resp = fetch!(b"PROPFIND", server.url()).send()?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
    assert!(body.contains("<D:href>/dir1/</D:href>"));
    assert_eq!(body.contains("<D:href>/.git/</D:href>"), exist);
    assert_eq!(body.contains("<D:href>/index.html</D:href>"), exist);
    Ok(())
@@ -34,9 +49,24 @@ fn hidden_propfind_dir(#[case] server: TestServer, #[case] exist: bool) -> Resul
 fn hidden_search_dir(#[case] server: TestServer, #[case] exist: bool) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    for p in paths {
        assert_eq!(p.contains("test.html"), exist);
    }
    Ok(())
 }
 #[rstest]
 #[case(server(&["--hidden", "hidden/"]), "dir4/", 1)]
 #[case(server(&["--hidden", "hidden"]), "dir4/", 0)]
 fn hidden_dir_only(
    #[case] server: TestServer,
    #[case] dir: &str,
    #[case] count: usize,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}{}", server.url(), dir))?;
    assert_eq!(resp.status(), 200);
    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert_eq!(paths.len(), count);
    Ok(())
 }
--- a/tests/http.rs
+++ b/tests/http.rs
@@ -1,8 +1,10 @@
 mod fixtures;
 mod utils;
-use fixtures::{server, Error, TestServer};
+use fixtures::{server, Error, TestServer, BIN_FILE};
 use rstest::rstest;
 use serde_json::Value;
 use utils::retrieve_edit_file;
 #[rstest]
 fn get_dir(server: TestServer) -> Result<(), Error> {
@@ -38,7 +40,12 @@ fn head_dir_404(server: TestServer) -> Result<(), Error> {
 }
 #[rstest]
-fn get_dir_zip(server: TestServer) -> Result<(), Error> {
+#[case(server(&["--allow-archive"] as &[&str]))]
 #[case(server(&["--allow-archive", "--compress", "none"]))]
 #[case(server(&["--allow-archive", "--compress", "low"]))]
 #[case(server(&["--allow-archive", "--compress", "medium"]))]
 #[case(server(&["--allow-archive", "--compress", "high"]))]
 fn get_dir_zip(#[case] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?zip", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
@@ -50,7 +57,33 @@ fn get_dir_zip(server: TestServer) -> Result<(), Error> {
 }
 #[rstest]
-fn head_dir_zip(server: TestServer) -> Result<(), Error> {
+fn get_dir_json(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?json", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "application/json"
    );
    let json: Value = serde_json::from_str(&resp.text().unwrap()).unwrap();
    assert!(json["paths"].as_array().is_some());
    Ok(())
 }
 #[rstest]
 fn get_dir_simple(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?simple", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/html; charset=utf-8"
    );
    let text = resp.text().unwrap();
    assert!(text.split('\n').any(|v| v == "index.html"));
    Ok(())
 }
 #[rstest]
 fn head_dir_zip(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}?zip", server.url())).send()?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
@@ -66,7 +99,7 @@ fn head_dir_zip(server: TestServer) -> Result<(), Error> {
 fn get_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "test.html"))?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(!paths.is_empty());
    for p in paths {
        assert!(p.contains("test.html"));
@@ -76,16 +109,34 @@ fn get_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn get_dir_search2(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
-    let resp = reqwest::blocking::get(format!("{}?q={}", server.url(), "😀.bin"))?;
+    let resp = reqwest::blocking::get(format!("{}?q={BIN_FILE}", server.url()))?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(!paths.is_empty());
    for p in paths {
-        assert!(p.contains("😀.bin"));
+        assert!(p.contains(BIN_FILE));
    }
    Ok(())
 }
 #[rstest]
 fn get_dir_search3(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q={}&simple", server.url(), "test.html"))?;
    assert_eq!(resp.status(), 200);
    let text = resp.text().unwrap();
    assert!(text.split('\n').any(|v| v == "test.html"));
    Ok(())
 }
 #[rstest]
 fn get_dir_search4(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}dir1?q=dir1&simple", server.url()))?;
    assert_eq!(resp.status(), 200);
    let text = resp.text().unwrap();
    assert!(text.is_empty());
    Ok(())
 }
 #[rstest]
 fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}?q={}", server.url(), "test.html")).send()?;
@@ -98,11 +149,21 @@ fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn empty_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q=", server.url()))?;
    assert_resp_paths!(resp);
    Ok(())
 }
 #[rstest]
 fn get_file(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}index.html", server.url()))?;
    assert_eq!(resp.status(), 200);
-    assert_eq!(resp.headers().get("content-type").unwrap(), "text/html");
+    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/html; charset=UTF-8"
    );
    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
    assert!(resp.headers().contains_key("etag"));
    assert!(resp.headers().contains_key("last-modified"));
@@ -115,7 +176,10 @@ fn get_file(server: TestServer) -> Result<(), Error> {
 fn head_file(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}index.html", server.url())).send()?;
    assert_eq!(resp.status(), 200);
-    assert_eq!(resp.headers().get("content-type").unwrap(), "text/html");
+    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/html; charset=UTF-8"
    );
    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
    assert!(resp.headers().contains_key("content-disposition"));
    assert!(resp.headers().contains_key("etag"));
@@ -125,6 +189,21 @@ fn head_file(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn hash_file(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}index.html?hash", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/html; charset=utf-8"
    );
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.text()?,
        "c8dd395e3202674b9512f7b7f956e0d96a8ba8f572e785b0d5413ab83766dbc4"
    );
    Ok(())
 }
 #[rstest]
 fn get_file_404(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}404", server.url()))?;
@@ -132,6 +211,47 @@ fn get_file_404(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn get_file_emoji_path(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}{BIN_FILE}", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-disposition").unwrap(),
        "inline; filename=\"😀.bin\"; filename*=UTF-8''%F0%9F%98%80.bin"
    );
    Ok(())
 }
 #[cfg(not(target_os = "windows"))]
 #[rstest]
 fn get_file_newline_path(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}file%0A1.txt", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-disposition").unwrap(),
        "inline; filename=\"file 1.txt\""
    );
    Ok(())
 }
 #[rstest]
 fn get_file_edit(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"GET", format!("{}index.html?edit", server.url())).send()?;
    assert_eq!(resp.status(), 200);
    let editable = retrieve_edit_file(&resp.text().unwrap()).unwrap();
    assert!(editable);
    Ok(())
 }
 #[rstest]
 fn get_file_edit_bin(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"GET", format!("{}{BIN_FILE}?edit", server.url())).send()?;
    assert_eq!(resp.status(), 200);
    let editable = retrieve_edit_file(&resp.text().unwrap()).unwrap();
    assert!(!editable);
    Ok(())
 }
 #[rstest]
 fn head_file_404(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}404", server.url())).send()?;
@@ -145,9 +265,9 @@ fn options_dir(server: TestServer) -> Result<(), Error> {
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("allow").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE,CHECKAUTH,LOGOUT"
    );
-    assert_eq!(resp.headers().get("dav").unwrap(), "1,2");
+    assert_eq!(resp.headers().get("dav").unwrap(), "1, 2, 3");
    Ok(())
 }
@@ -173,7 +293,7 @@ fn put_file_create_dir(#[with(&["-A"])] server: TestServer) -> Result<(), Error>
 #[rstest]
 fn put_file_conflict_dir(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
-    let url = format!("{}dira", server.url());
+    let url = format!("{}dir1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 403);
    Ok(())
@@ -195,3 +315,49 @@ fn delete_file_404(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    assert_eq!(resp.status(), 404);
    Ok(())
 }
 #[rstest]
 fn get_file_content_type(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}content-types/bin.tar", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "application/x-tar"
    );
    let resp = reqwest::blocking::get(format!("{}content-types/bin", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "application/octet-stream"
    );
    let resp = reqwest::blocking::get(format!("{}content-types/file-utf8.txt", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/plain; charset=UTF-8"
    );
    let resp = reqwest::blocking::get(format!("{}content-types/file-gbk.txt", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/plain; charset=GBK"
    );
    let resp = reqwest::blocking::get(format!("{}content-types/file", server.url()))?;
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/plain; charset=UTF-8"
    );
    Ok(())
 }
 #[rstest]
 fn resumable_upload(#[with(&["--allow-upload"])] server: TestServer) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 201);
    let resp = fetch!(b"PATCH", &url)
        .header("X-Update-Range", "append")
        .body(b"123".to_vec())
        .send()?;
    assert_eq!(resp.status(), 204);
    let resp = reqwest::blocking::get(url)?;
    assert_eq!(resp.status(), 200);
    assert_eq!(resp.text().unwrap(), "abc123");
    Ok(())
 }
--- a/tests/http_logger.rs
+++ b/tests/http_logger.rs
@@ -0,0 +1,81 @@
 mod digest_auth_util;
 mod fixtures;
 mod utils;
 use digest_auth_util::send_with_digest_auth;
 use fixtures::{port, tmpdir, wait_for_port, Error};
 use assert_cmd::prelude::*;
 use assert_fs::fixture::TempDir;
 use rstest::rstest;
 use std::io::Read;
 use std::process::{Command, Stdio};
 #[rstest]
 #[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], false)]
 #[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], true)]
 fn log_remote_user(
    tmpdir: TempDir,
    port: u16,
    #[case] args: &[&str],
    #[case] is_basic: bool,
 ) -> Result<(), Error> {
    let mut child = Command::cargo_bin("dufs")?
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .args(args)
        .stdout(Stdio::piped())
        .spawn()?;
    wait_for_port(port);
    let stdout = child.stdout.as_mut().expect("Failed to get stdout");
    let req_builder = fetch!(b"GET", &format!("http://localhost:{port}"));
    let resp = if is_basic {
        req_builder.basic_auth("user", Some("pass")).send()?
    } else {
        send_with_digest_auth(req_builder, "user", "pass")?
    };
    assert_eq!(resp.status(), 200);
    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;
    assert!(output.lines().last().unwrap().ends_with("user"));
    child.kill()?;
    Ok(())
 }
 #[rstest]
 #[case(&["--log-format", ""])]
 fn no_log(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error> {
    let mut child = Command::cargo_bin("dufs")?
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .args(args)
        .stdout(Stdio::piped())
        .spawn()?;
    wait_for_port(port);
    let stdout = child.stdout.as_mut().expect("Failed to get stdout");
    let resp = fetch!(b"GET", &format!("http://localhost:{port}")).send()?;
    assert_eq!(resp.status(), 200);
    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;
    assert_eq!(output.lines().last().unwrap(), "");
    child.kill()?;
    Ok(())
 }
--- a/tests/range.rs
+++ b/tests/range.rs
@@ -2,7 +2,7 @@ mod fixtures;
 mod utils;
 use fixtures::{server, Error, TestServer};
-use headers::HeaderValue;
+use reqwest::header::HeaderValue;
 use rstest::rstest;
 #[rstest]
@@ -23,14 +23,10 @@ fn get_file_range_beyond(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
        .header("range", HeaderValue::from_static("bytes=12-20"))
        .send()?;
-    assert_eq!(resp.status(), 206);
+    assert_eq!(resp.status(), 416);
-    assert_eq!(
+    assert_eq!(resp.headers().get("content-range").unwrap(), "bytes */18");
        resp.headers().get("content-range").unwrap(),
        "bytes 12-17/18"
    );
    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
-    assert_eq!(resp.headers().get("content-length").unwrap(), "6");
+    assert_eq!(resp.headers().get("content-length").unwrap(), "0");
    assert_eq!(resp.text()?, "x.html");
    Ok(())
 }
--- a/tests/render.rs
+++ b/tests/render.rs
@@ -1,7 +1,7 @@
 mod fixtures;
 mod utils;
-use fixtures::{server, Error, TestServer, DIR_NO_FOUND, DIR_NO_INDEX, FILES};
+use fixtures::{server, Error, TestServer, BIN_FILE, DIR_NO_FOUND, DIR_NO_INDEX, FILES};
 use rstest::rstest;
 #[rstest]
@@ -40,7 +40,9 @@ fn render_try_index2(#[with(&["--render-try-index"])] server: TestServer) -> Res
 }
 #[rstest]
-fn render_try_index3(#[with(&["--render-try-index"])] server: TestServer) -> Result<(), Error> {
+fn render_try_index3(
    #[with(&["--render-try-index", "--allow-archive"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}{}?zip", server.url(), DIR_NO_INDEX))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
@@ -54,11 +56,10 @@ fn render_try_index3(#[with(&["--render-try-index"])] server: TestServer) -> Res
 #[case(server(&["--render-try-index"] as &[&str]), false)]
 #[case(server(&["--render-try-index", "--allow-search"] as &[&str]), true)]
 fn render_try_index4(#[case] server: TestServer, #[case] searched: bool) -> Result<(), Error> {
-    let resp = reqwest::blocking::get(format!("{}{}?q={}", server.url(), DIR_NO_INDEX, "😀.bin"))?;
+    let resp = reqwest::blocking::get(format!("{}{}?q={}", server.url(), DIR_NO_INDEX, BIN_FILE))?;
    assert_eq!(resp.status(), 200);
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
-    assert!(!paths.is_empty());
+    assert_eq!(paths.iter().all(|v| v.contains(BIN_FILE)), searched);
    assert_eq!(paths.iter().all(|v| v.contains("😀.bin")), searched);
    Ok(())
 }
--- a/tests/single_file.rs
+++ b/tests/single_file.rs
@@ -21,11 +21,11 @@ fn single_file(tmpdir: TempDir, port: u16, #[case] file: &str) -> Result<(), Err
    wait_for_port(port);
-    let resp = reqwest::blocking::get(format!("http://localhost:{}", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}"))?;
    assert_eq!(resp.text()?, "This is index.html");
-    let resp = reqwest::blocking::get(format!("http://localhost:{}/", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}/"))?;
    assert_eq!(resp.text()?, "This is index.html");
-    let resp = reqwest::blocking::get(format!("http://localhost:{}/index.html", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}/index.html"))?;
    assert_eq!(resp.text()?, "This is index.html");
    child.kill()?;
@@ -46,14 +46,14 @@ fn path_prefix_single_file(tmpdir: TempDir, port: u16, #[case] file: &str) -> Re
    wait_for_port(port);
-    let resp = reqwest::blocking::get(format!("http://localhost:{}/xyz", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}/xyz"))?;
    assert_eq!(resp.text()?, "This is index.html");
-    let resp = reqwest::blocking::get(format!("http://localhost:{}/xyz/", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}/xyz/"))?;
    assert_eq!(resp.text()?, "This is index.html");
-    let resp = reqwest::blocking::get(format!("http://localhost:{}/xyz/index.html", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}/xyz/index.html"))?;
    assert_eq!(resp.text()?, "This is index.html");
-    let resp = reqwest::blocking::get(format!("http://localhost:{}", port))?;
+    let resp = reqwest::blocking::get(format!("http://localhost:{port}"))?;
-    assert_eq!(resp.status(), 404);
+    assert_eq!(resp.status(), 400);
    child.kill()?;
    Ok(())
--- a/tests/sort.rs
+++ b/tests/sort.rs
@@ -0,0 +1,29 @@
 mod fixtures;
 mod utils;
 use fixtures::{server, Error, TestServer};
 use rstest::rstest;
 #[rstest]
 fn ls_dir_sort_by_name(server: TestServer) -> Result<(), Error> {
    let url = server.url();
    let resp = reqwest::blocking::get(format!("{url}?sort=name&order=asc"))?;
    let paths1 = self::utils::retrieve_index_paths(&resp.text()?);
    let resp = reqwest::blocking::get(format!("{url}?sort=name&order=desc"))?;
    let mut paths2 = self::utils::retrieve_index_paths(&resp.text()?);
    paths2.reverse();
    assert_eq!(paths1, paths2);
    Ok(())
 }
 #[rstest]
 fn search_dir_sort_by_name(server: TestServer) -> Result<(), Error> {
    let url = server.url();
    let resp = reqwest::blocking::get(format!("{url}?q=test.html&sort=name&order=asc"))?;
    let paths1 = self::utils::retrieve_index_paths(&resp.text()?);
    let resp = reqwest::blocking::get(format!("{url}?q=test.html&sort=name&order=desc"))?;
    let mut paths2 = self::utils::retrieve_index_paths(&resp.text()?);
    paths2.reverse();
    assert_eq!(paths1, paths2);
    Ok(())
 }
--- a/tests/symlink.rs
+++ b/tests/symlink.rs
@@ -20,9 +20,9 @@ fn default_not_allow_symlink(server: TestServer, tmpdir: TempDir) -> Result<(),
    let resp = reqwest::blocking::get(format!("{}{}/index.html", server.url(), dir))?;
    assert_eq!(resp.status(), 404);
    let resp = reqwest::blocking::get(server.url())?;
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(!paths.is_empty());
-    assert!(!paths.contains(&format!("{}/", dir)));
+    assert!(!paths.contains(&format!("{dir}/")));
    Ok(())
 }
@@ -39,8 +39,8 @@ fn allow_symlink(
    let resp = reqwest::blocking::get(format!("{}{}/index.html", server.url(), dir))?;
    assert_eq!(resp.status(), 200);
    let resp = reqwest::blocking::get(server.url())?;
-    let paths = utils::retrive_index_paths(&resp.text()?);
+    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(!paths.is_empty());
-    assert!(paths.contains(&format!("{}/", dir)));
+    assert!(paths.contains(&format!("{dir}/")));
    Ok(())
 }
--- a/tests/tls.rs
+++ b/tests/tls.rs
@@ -7,6 +7,8 @@ use predicates::str::contains;
 use reqwest::blocking::ClientBuilder;
 use rstest::rstest;
 use crate::fixtures::port;
 /// Can start the server with TLS and receive encrypted responses.
 #[rstest]
 #[case(server(&[
@@ -17,6 +19,10 @@ use rstest::rstest;
        "--tls-cert", "tests/data/cert.pem",
        "--tls-key", "tests/data/key_pkcs1.pem",
 ]))]
 #[case(server(&[
        "--tls-cert", "tests/data/cert_ecdsa.pem",
        "--tls-key", "tests/data/key_ecdsa.pem",
 ]))]
 fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
    let client = ClientBuilder::new()
        .danger_accept_invalid_certs(true)
@@ -29,11 +35,19 @@ fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
 /// Wrong path for cert throws error.
 #[rstest]
 fn wrong_path_cert() -> Result<(), Error> {
    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(&["--tls-cert", "wrong", "--tls-key", "tests/data/key.pem"])
+        .args([
            "--tls-cert",
            "wrong",
            "--tls-key",
            "tests/data/key.pem",
            "--port",
            &port,
        ])
        .assert()
        .failure()
-        .stderr(contains("error: Failed to access `wrong`"));
+        .stderr(contains("Failed to access `wrong`"));
    Ok(())
 }
@@ -41,11 +55,19 @@ fn wrong_path_cert() -> Result<(), Error> {
 /// Wrong paths for key throws errors.
 #[rstest]
 fn wrong_path_key() -> Result<(), Error> {
    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(&["--tls-cert", "tests/data/cert.pem", "--tls-key", "wrong"])
+        .args([
            "--tls-cert",
            "tests/data/cert.pem",
            "--tls-key",
            "wrong",
            "--port",
            &port,
        ])
        .assert()
        .failure()
-        .stderr(contains("error: Failed to access `wrong`"));
+        .stderr(contains("Failed to access `wrong`"));
    Ok(())
 }
--- a/tests/utils.rs
+++ b/tests/utils.rs
@@ -1,5 +1,6 @@
 use base64::{engine::general_purpose::STANDARD, Engine as _};
 use indexmap::IndexSet;
 use serde_json::Value;
 use std::collections::HashSet;
 #[macro_export]
 macro_rules! assert_resp_paths {
@@ -9,7 +10,7 @@ macro_rules! assert_resp_paths {
    ($resp:ident, $files:expr) => {
        assert_eq!($resp.status(), 200);
        let body = $resp.text()?;
-        let paths = self::utils::retrive_index_paths(&body);
+        let paths = self::utils::retrieve_index_paths(&body);
        assert!(!paths.is_empty());
        for file in $files {
            assert!(paths.contains(&file.to_string()));
@@ -20,13 +21,37 @@ macro_rules! assert_resp_paths {
 #[macro_export]
 macro_rules! fetch {
    ($method:literal, $url:expr) => {
-        reqwest::blocking::Client::new().request(hyper::Method::from_bytes($method)?, $url)
+        reqwest::blocking::Client::new().request(reqwest::Method::from_bytes($method)?, $url)
    };
 }
 #[allow(dead_code)]
-pub fn retrive_index_paths(index: &str) -> HashSet<String> {
+pub fn retrieve_index_paths(content: &str) -> IndexSet<String> {
-    retrive_index_paths_impl(index).unwrap_or_default()
+    let value = retrieve_json(content).unwrap();
    let paths = value
        .get("paths")
        .unwrap()
        .as_array()
        .unwrap()
        .iter()
        .flat_map(|v| {
            let name = v.get("name")?.as_str()?;
            let path_type = v.get("path_type")?.as_str()?;
            if path_type.ends_with("Dir") {
                Some(format!("{name}/"))
            } else {
                Some(name.to_owned())
            }
        })
        .collect();
    paths
 }
 #[allow(dead_code)]
 pub fn retrieve_edit_file(content: &str) -> Option<bool> {
    let value = retrieve_json(content).unwrap();
    let value = value.get("editable").unwrap();
    Some(value.as_bool().unwrap())
 }
 #[allow(dead_code)]
@@ -35,23 +60,23 @@ pub fn encode_uri(v: &str) -> String {
    parts.join("/")
 }
-fn retrive_index_paths_impl(index: &str) -> Option<HashSet<String>> {
+#[allow(dead_code)]
-    let lines: Vec<&str> = index.lines().collect();
+pub fn retrieve_json(content: &str) -> Option<Value> {
-    let line = lines.iter().find(|v| v.contains("DATA ="))?;
+    let lines: Vec<&str> = content.lines().collect();
-    let value: Value = line[7..].parse().ok()?;
+    let start_tag = "<template id=\"index-data\">";
-    let paths = value
+    let end_tag = "</template>";
-        .get("paths")?
+
-        .as_array()?
+    let line = lines.iter().find(|v| v.contains(start_tag))?;
-        .iter()
+
-        .flat_map(|v| {
+    let start_index = line.find(start_tag)?;
-            let name = v.get("name")?.as_str()?;
+    let start_content_index = start_index + start_tag.len();
-            let path_type = v.get("path_type")?.as_str()?;
+
-            if path_type.ends_with("Dir") {
+    let end_index = line[start_content_index..].find(end_tag)?;
-                Some(format!("{}/", name))
+    let end_content_index = start_content_index + end_index;
-            } else {
+
-                Some(name.to_owned())
+    let value = &line[start_content_index..end_content_index];
-            }
+    let value = STANDARD.decode(value).ok()?;
-        })
+    let value = serde_json::from_slice(&value).ok()?;
-        .collect();
+
-    Some(paths)
+    Some(value)
 }
--- a/tests/webdav.rs
+++ b/tests/webdav.rs
@@ -7,13 +7,13 @@ use xml::escape::escape_str_pcdata;
 #[rstest]
 fn propfind_dir(server: TestServer) -> Result<(), Error> {
-    let resp = fetch!(b"PROPFIND", format!("{}dira", server.url())).send()?;
+    let resp = fetch!(b"PROPFIND", format!("{}dir1", server.url())).send()?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
-    assert!(body.contains("<D:href>/dira/</D:href>"));
+    assert!(body.contains("<D:href>/dir1/</D:href>"));
-    assert!(body.contains("<D:displayname>dira</D:displayname>"));
+    assert!(body.contains("<D:displayname>dir1</D:displayname>"));
    for f in FILES {
-        assert!(body.contains(&format!("<D:href>/dira/{}</D:href>", utils::encode_uri(f))));
+        assert!(body.contains(&format!("<D:href>/dir1/{}</D:href>", utils::encode_uri(f))));
        assert!(body.contains(&format!(
            "<D:displayname>{}</D:displayname>",
            escape_str_pcdata(f)
@@ -24,13 +24,13 @@ fn propfind_dir(server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn propfind_dir_depth0(server: TestServer) -> Result<(), Error> {
-    let resp = fetch!(b"PROPFIND", format!("{}dira", server.url()))
+    let resp = fetch!(b"PROPFIND", format!("{}dir1", server.url()))
        .header("depth", "0")
        .send()?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
-    assert!(body.contains("<D:href>/dira/</D:href>"));
+    assert!(body.contains("<D:href>/dir1/</D:href>"));
-    assert!(body.contains("<D:displayname>dira</D:displayname>"));
+    assert!(body.contains("<D:displayname>dir1</D:displayname>"));
    assert_eq!(
        body.lines()
            .filter(|v| *v == "<D:status>HTTP/1.1 200 OK</D:status>")
@@ -40,6 +40,17 @@ fn propfind_dir_depth0(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn propfind_dir_depth2(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", format!("{}dir1", server.url()))
        .header("depth", "2")
        .send()?;
    assert_eq!(resp.status(), 400);
    let body = resp.text()?;
    assert_eq!(body, "Invalid depth: only 0 and 1 are allowed.");
    Ok(())
 }
 #[rstest]
 fn propfind_404(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", format!("{}404", server.url())).send()?;
@@ -47,6 +58,13 @@ fn propfind_404(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn propfind_double_slash(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", server.url()).send()?;
    assert_eq!(resp.status(), 207);
    Ok(())
 }
 #[rstest]
 fn propfind_file(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", format!("{}test.html", server.url())).send()?;
@@ -93,6 +111,13 @@ fn mkcol_not_allow_upload(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn mkcol_already_exists(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"MKCOL", format!("{}dir1", server.url())).send()?;
    assert_eq!(resp.status(), 405);
    Ok(())
 }
 #[rstest]
 fn copy_file(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let new_url = format!("{}test2.html", server.url());
Author	SHA1	Message	Date
sigoden	835438fc2a	chore: release v0.43.0 (#476 )	2024-11-05 17:08:43 +08:00
sigoden	d445b78f96	feat: provide healthcheck API (#474 )	2024-10-28 07:37:21 +08:00
sigoden	881a67e1a4	feat: support binding abstract unix socket (#468 )	2024-10-23 06:57:45 +08:00
sigoden	bb5a5564b4	feat: webui displays subdirectory items (#457 )	2024-09-25 22:19:25 +08:00
clxcore	2cf6d39032	fix: resolve speed bottleneck in 10G network (#451 ) Co-authored-by: clxcore <clxcore@gmail.com>	2024-09-07 17:57:05 +08:00
sigoden	c500ce7acc	fix: auth failed if password contains `:` (#449 )	2024-09-06 21:22:28 +08:00
freedit-dev	f87c52fda2	refactor: do not show size for Dir (#447 )	2024-09-06 07:36:15 +08:00
sigoden	2c5cc60965	chore: release v0.42.0 (#446 )	2024-09-02 11:57:13 +08:00
sigoden	972cf2377f	chore: improve bug_report issue template (#444 )	2024-08-28 09:40:10 +08:00
sigoden	5b338c40da	refactor: make logout works on safari (#442 )	2024-08-27 16:07:17 +08:00
sigoden	964bf61c37	refactor: improve logout at asserts/index.js (#440 )	2024-08-24 15:52:29 +08:00
sigoden	4bf92cc47a	feat: webui support logout (#439 )	2024-08-24 15:38:13 +08:00
sigoden	7d17d9c415	fix: login successed but popup `Forbidden` (#437 )	2024-08-22 08:52:50 +08:00
sigoden	1db263efae	refactor: some query params work as flag and must not accept a value (#431 )	2024-08-14 08:57:46 +08:00
sigoden	5d26103ea2	fix: webui unexpected save-btn when file is non-editable (#429 )	2024-08-07 20:38:12 +08:00
Matthias Möller	3727dec115	refactor: date formatting in cache tests (#428 )	2024-08-07 20:18:30 +08:00
sigoden	0311c9fb90	chore: update deps	2024-07-24 02:01:02 +00:00
sigoden	e9ce4b2dc3	chore: fix typos	2024-07-24 01:58:55 +00:00
52funny	7aba3fe0b6	fix: garbled characters caused by atob (#422 )	2024-07-22 18:10:01 +08:00
sigoden	ca5c3d7c54	feat: base64 index-data to avoid misencoding (#421 )	2024-07-22 08:02:32 +08:00
sigoden	ec2b064a9a	refactor: remove sabredav-partialupdate from DAV res header (#415 )	2024-07-14 08:31:07 +08:00
sigoden	cadea9a3bf	chore: update deps	2024-07-11 11:47:05 +00:00
sigoden	3e0e6b2e8a	chore: update bug_report issue_template	2024-07-11 11:42:39 +00:00
Matthias Möller	632f7a41bf	feat: implements remaining http cache conditionalss (#407 ) * implements remaining http conditionals * computed etag is not optional	2024-06-23 20:25:07 +08:00
sigoden	f1e90686dc	refactor: return 400 for propfind request when depth is neither 0 nor 1 (#403 )	2024-06-14 22:16:50 +08:00
Need4Swede	dc7a7cbb3f	refactor: no inline scripts in HTML (#391 ) * Moved 'ready' func call from index.html Inline script moved to index.js * Moved <script> out from index.html * moved inline-styling to css * minor formatting changes * changed ratio from const to let * refactor * fix tests --------- Co-authored-by: sigoden <sigoden@gmail.com>	2024-05-31 08:51:59 +08:00
sigoden	ce740b1fb1	chore: release v0.41.0 (#389 )	2024-05-22 11:20:24 +08:00
sigoden	1eb69f6806	chore: ui minior refinement	2024-05-22 01:56:06 +00:00
sigoden	5f0369aa39	chore: js format	2024-05-14 09:04:49 +00:00
sigoden	fe2358506d	fix: head div overlap main contents when wrap (#386 )	2024-05-14 17:04:06 +08:00
sigoden	6b6d69a8ef	feat: add log-file option (#383 )	2024-05-11 17:13:31 +08:00
sigoden	cb7d417fd3	fix: strange issue that occurs only on Microsoft WebDAV (#382 )	2024-05-11 16:18:18 +08:00
sigoden	75f06f749c	chore: fix typos and clippy (#379 )	2024-05-05 06:23:18 +08:00
sigoden	d0c79a95e5	chore: update issue tempalte for bug report	2024-04-27 04:00:02 +00:00
Qishuai Liu	ffc0991a12	refactor: add fixed-width numerals to date and size on file list page (#378 )	2024-04-26 17:34:38 +08:00
sigoden	51f9c87e65	chore: update deps	2024-04-19 01:41:41 +00:00
sigoden	529bb33f0b	chore: update ci	2024-04-19 01:39:36 +00:00
sigoden	3d3bb822ee	chore: update readme	2024-04-19 01:06:34 +00:00
sigoden	9353b2e759	feat: add api to get the hash of a file (#375 )	2024-04-19 08:48:54 +08:00
sigoden	a277698322	chore: update docker	2024-04-07 23:01:59 +00:00
sigoden	0ff2b15c9a	refactor: digest_auth related tests (#372 )	2024-04-08 06:56:51 +08:00
sigoden	319333cd22	chore: update deps	2024-04-07 21:19:34 +00:00
sigoden	d66c9de8c8	feat: tls handshake timeout (#368 )	2024-03-08 10:29:12 +08:00
sigoden	7c0fa3dab7	chore: update deps	2024-03-08 00:52:31 +00:00
sigoden	48066d79e0	chore: fix typo	2024-03-08 00:46:35 +00:00
tobyp	1c41db0c2d	fix: timestamp format of getlastmodified in dav xml (#366 )	2024-02-22 08:30:01 +08:00
Matthias Möller	76ef7ba0fb	chore: removes unnecessary clone (#364 )	2024-02-17 20:09:20 +08:00
sigoden	3deac84cc9	chore: add docker pulls badge to readme	2024-02-14 11:54:59 +00:00
sigoden	638b715bc2	chore: release v0.40.0 (#361 ) * chore: release v0.40.0 * update deps	2024-02-13 12:05:46 +08:00
sigoden	920b70abc4	refactor: improve resolve_path and handle_assets, abandon guard_path (#360 )	2024-02-07 16:27:22 +08:00
sigoden	015713bc6d	chore: update deps	2024-02-06 09:32:31 +00:00
sigoden	3c75a9c4cc	fix: guard req and destination path (#359 )	2024-02-06 17:23:18 +08:00
sigoden	871e8276ff	chore: add SECURITY.md	2024-02-05 00:09:25 +00:00
sigoden	f92c8ee91d	refactor: improve invalid auth (#356 )	2024-01-19 10:25:11 +08:00
sigoden	95eb648411	feat: revert supporting for forbidden permission (#352 )	2024-01-17 11:31:26 +08:00
sigoden	3354b1face	refactor: do not try to bind ipv6 if no ipv6 (#348 )	2024-01-16 09:03:27 +08:00
sigoden	9b348fc945	chore: fix typos	2024-01-15 12:53:59 +00:00
sigoden	e1fabc7349	chore: update readme	2024-01-11 09:07:40 +00:00
sigoden	58a46f7c3a	chore: release v0.39.0 (#345 )	2024-01-11 16:50:25 +08:00
sigoden	ef757281b3	chore: release v0.39.0	2024-01-11 08:31:56 +00:00
sigoden	de0614816a	refactor: propfind with auth no need to list all (#344 )	2024-01-11 16:10:10 +08:00
sigoden	81d2c49e3f	chore: update bug_report issue template	2024-01-11 07:04:44 +00:00
sigoden	ee21894452	feat: supports resumable uploads (#343 )	2024-01-11 14:56:30 +08:00
sigoden	0ac0c048ec	fix: corrupted zip when downloading large folders (#337 )	2024-01-07 10:50:15 +08:00
sigoden	17063454d3	chore: update bug_report issue tempalte	2024-01-05 00:37:41 +00:00
sigoden	af347f9cf0	feat: auth supports forbidden permissions (#329 )	2023-12-23 18:36:46 +08:00
sigoden	006e03ed30	fix: serve files with names containing newline char (#328 )	2023-12-23 15:40:41 +08:00
sigoden	77f86a4c60	fix: auth precedence (#325 )	2023-12-21 17:28:13 +08:00
sigoden	a66f95b39f	chore: log error during connection	2023-12-21 08:08:15 +00:00
sigoden	52506bc01f	refactor: optimize http range parsing and handling (#323 )	2023-12-21 15:46:55 +08:00
sigoden	270cc0cba2	feat: upgrade to hyper 1.0 (#321 )	2023-12-21 14:24:20 +08:00
sigoden	5988442d5c	chore: remove debug print	2023-12-14 11:08:10 +00:00
sigoden	3873f4794a	feat: add `--compress` option (#319 )	2023-12-14 18:59:28 +08:00
plantatorbob	cd84dff87f	fix: upload more than 100 files in directory (#317 )	2023-12-11 18:28:11 +08:00
sigoden	8590f3e841	chore: improve readme	2023-12-09 09:17:36 +00:00
sigoden	44a4ddf973	refactor: change the value name of `--config` (#313 )	2023-12-07 15:14:41 +08:00
sigoden	37800f630d	refactor: change the format of www-authenticate (#312 )	2023-12-07 15:04:14 +08:00
sigoden	5c850256f4	feat: empty search `?q=` list all paths (#311 )	2023-12-07 06:55:17 +08:00
sigoden	0cec573579	chore: release v0.38.0	2023-11-29 07:49:50 +08:00
sigoden	073b098111	feat: ui supports view file (#301 )	2023-11-28 07:14:53 +08:00
sigoden	6ff8b29b69	feat: more flexible config values (#299 )	2023-11-27 04:24:25 +08:00
sigoden	7584fe3d08	feat: deprecate the use of `\|` to separate auth rules (#298 )	2023-11-26 22:15:49 +08:00
sigoden	653cd167d0	feat: password can contain `:` `@` `\|` (#297 )	2023-11-26 20:47:57 +08:00
sigoden	ab29e39148	chore: trivial updates	2023-11-26 15:04:12 +08:00
sigoden	f8d6859354	refactor: ui improve uploading progress (#296 )	2023-11-26 10:23:37 +08:00
sigoden	130435c387	chore: update readme	2023-11-25 19:07:37 +08:00
sigoden	afdfde01f0	fix: unable to start if config file omit bind/port fields (#294 )	2023-11-25 18:54:36 +08:00
sigoden	ae97c714d6	refactor: ui change the cursor for upload-btn to a pointer (#291 )	2023-11-21 16:24:59 +08:00
sigoden	c352dab470	refactor: take improvements from the edge browser (#289 )	2023-11-15 19:44:44 +08:00
sigoden	743db47f90	chore: release v0.37.1	2023-11-08 11:11:36 +08:00
sigoden	a476c15a09	fix: use DUFS_CONFIG to specify the config file path (#286 )	2023-11-08 11:10:47 +08:00
sigoden	0d74fa3ec5	chore: release v0.37.0	2023-11-08 10:41:24 +08:00
sigoden	b83cc6938b	chore: update readme	2023-11-07 22:45:53 +08:00
sigoden	a187b14885	chore: update deps and ci (#284 )	2023-11-04 19:47:13 +08:00
sigoden	d3de3db0d9	feat: support hashed password (#283 )	2023-11-04 18:12:58 +08:00
sigoden	80ac9afe68	refactor: improve code quanity (#282 ) - rename LogHttp to HttpLogger	2023-11-04 17:10:38 +08:00
sigoden	4ef07737e1	feat: support config file with `--config` option (#281 )	2023-11-04 16:58:19 +08:00
sigoden	5782c5f413	chore: update description for `--auth`	2023-11-03 21:08:05 +08:00
sigoden	8b4cab1e69	fix: auto delete half-uploaded files (#280 )	2023-11-03 20:58:53 +08:00
sigoden	70300b133c	feat: deprecate `--auth-method`, as both options are available (#279 ) * feat: deprecate `--auth-method`, both are avaiable * send one www-authenticate with two schemes	2023-11-03 20:36:23 +08:00
sigoden	7ea4bb808d	refactor: optimize tests	2023-11-03 15:25:20 +08:00
sigoden	6766e0d437	fix: ui show user-name next to the user-icon (#278 )	2023-11-03 14:55:07 +08:00
tieway59	53c9bc8bea	refactor: remove one clone on `assets_prefix` (#270 ) This clone is not consist with the usage of `assets_prefix` in following code and it's unnecessary. Signed-off-by: TieWay59 <tieway59@foxmail.com>	2023-10-05 08:50:24 +08:00
sigoden	60df3b473c	fix: sort path ignore case (#264 )	2023-09-06 23:25:04 +08:00
sigoden	6510ae8be9	chore: release v0.36.0	2023-08-24 18:46:30 +08:00
sigoden	9545fb6e37	fix: ui readonly if no write perm (#258 )	2023-08-24 18:32:34 +08:00
sigoden	0fd0f11298	chore: update deps	2023-08-24 16:46:38 +08:00
figsoda	46aa8fcc02	test: remove dependency on native tls (#255 )	2023-08-15 11:01:25 +08:00
sigoden	09bb738866	chore: update changelog	2023-08-15 07:29:02 +08:00
sigoden	3612ef10d1	chore: release 0.35.0 (#254 ) * chore: release 0.35.0 * update release profile	2023-08-15 07:24:22 +08:00
sigoden	7ac2039a36	chore: update deps	2023-08-14 17:31:52 +08:00
sigoden	7f83de765a	fix: typo __ASSERTS_PREFIX__ (#252 )	2023-08-13 15:05:45 +08:00
sigoden	9b3779b13a	chore: update readme close #247	2023-07-20 06:33:17 +08:00
sigoden	11a52f29c4	chore: fix release ci (#244 )	2023-07-15 16:34:22 +08:00
sigoden	10204c723f	chore: fix clippy (#245 )	2023-07-15 16:27:13 +08:00
sigoden	204421643d	chore: update ci (#242 )	2023-07-04 10:25:49 +08:00
sigoden	d9706d75ef	feat: sort by type first, then sort by name/mtime/size (#241 )	2023-07-04 10:10:48 +08:00
sigoden	40df0bd2f9	chore: update readme	2023-06-18 08:55:42 +08:00
sigoden	a53411b4d6	fix: search should ignore entry path (#235 )	2023-06-15 08:28:21 +08:00
ElmTran	609017b2f5	chore: Update README.md (#233 ) update examples on new auth.	2023-06-13 08:23:05 +08:00
sigoden	7dc0b0e218	chore: release v0.34.2	2023-06-05 11:51:56 +08:00
sigoden	6be36b8e51	fix: webdav only see public folder even logging in (#231 )	2023-06-05 11:40:31 +08:00
sigoden	8be545d3da	fix: ui refresh page after login (#230 )	2023-06-03 10:09:02 +08:00
sigoden	4f3a8d275b	chore: release v0.34.1	2023-06-02 19:44:35 +08:00
sigoden	9c412f4276	refactor: ui checkAuth (#226 )	2023-06-02 19:35:30 +08:00
sigoden	27c269d6a0	fix: allow all cors headers and methods (#225 )	2023-06-02 19:07:43 +08:00
sigoden	57b4a74279	fix: auth logic (#224 )	2023-06-02 18:38:59 +08:00
sigoden	1112b936b8	chore: release v0.34.0	2023-06-02 07:16:43 +08:00
sigoden	033d37c4d4	chore: update cli `--auth` help text	2023-06-02 06:49:06 +08:00
sigoden	577eea5fa4	chore: ui js refactor	2023-06-01 22:22:36 +08:00
sigoden	d22be95dda	chore: update deps	2023-06-01 22:06:01 +08:00
sigoden	8d7c1fbf53	fix: ui set default max uploading to 1 (#220 )	2023-06-01 21:32:22 +08:00
sigoden	4622c48120	fix: ui path table show move action (#219 )	2023-06-01 20:33:21 +08:00
sigoden	f8ea41638f	feat: new auth (#218 ) The access level path control used by dufs has two disadvantages: 1. One path cannot support multiple users 2. It is very troublesome to set multiple paths for one user So it needs to be refactored. The new auth is account based, it closes #207, closes #208. BREAKING CHANGE: new auth	2023-06-01 18:52:05 +08:00
nq5	2890b3929d	chore: correct spelling and grammar in index.js (#216 )	2023-06-01 07:35:41 +08:00
sigoden	f5c0aefd8e	refactor: cli positional rename root => SERVE_PATH(#215 )	2023-05-30 16:49:16 +08:00
Jesse Hu	8a1e7674df	feat: show precise file size with decimal (#210 )	2023-05-18 12:01:02 +08:00
sigoden	3c6206849f	chore: trivial improvements	2023-04-01 16:10:34 +08:00
sigoden	652f836c23	feat: add timestamp metadata to generated zip file (#204 )	2023-03-31 23:48:23 +08:00
sigoden	fb5b50f059	fix: URL-encoded filename when downloading in safari (#203 ) * fix: URL-encoded filename when downloading in safari * add test	2023-03-31 22:52:07 +08:00
sigoden	e43554b795	feat: webui editing support multiple encodings (#197 )	2023-03-17 11:22:21 +08:00
sigoden	10ec34872d	chore(release): version 0.33.0	2023-03-17 09:06:01 +08:00
sigoden	3ff16d254b	chore: update deps	2023-03-17 08:54:38 +08:00
sigoden	29a04c8d74	refactor: improve error handle (#195 )	2023-03-12 15:20:40 +08:00
sigoden	c92e45f2da	fix: basic auth sometimes does not work (#194 )	2023-03-12 12:58:36 +08:00
sigoden	8d7a9053e2	chore: update deps	2023-03-06 10:09:24 +08:00
sigoden	0e12b285cd	fix: hidden don't works on some files (#188 ) like --hidden '*.abc-cba' matches xyz.abc-cba but do not matches 123.xyz.abc-cba	2023-03-03 07:15:46 +08:00
sigoden	45f4f5fc58	feat: guess plain text encoding then set content-type charset (#186 )	2023-03-01 09:36:59 +08:00
horizon	6dcb4dcd76	fix: cors allow-request-header add content-type (#184 ) * fix: cors allow-request-header add content-type * add content-type test	2023-02-27 07:28:33 +08:00
sigoden	65da9bedee	chore(release): version 0.32.0 (#183 )	2023-02-24 08:21:57 +08:00
sigoden	e468d823cc	chore: update readme	2023-02-22 11:26:17 +08:00
sigoden	902a60563d	chore: ui change edit icon	2023-02-22 10:37:54 +08:00
sigoden	f6c2ed2974	chore: optimize ui	2023-02-22 10:09:34 +08:00
sigoden	8f4cbb4826	chore: use anyhow to handle error	2023-02-21 17:23:24 +08:00
sigoden	2064d7803a	chore: bump deps	2023-02-21 16:39:57 +08:00
sigoden	ad0be71557	chore: optimize for test auth	2023-02-21 16:16:49 +08:00
sigoden	6d9758c71d	feat: ui improves the login experience (#182 ) close #157 #158	2023-02-21 12:42:40 +08:00
sigoden	a61fda6e80	feat: support new file (#180 )	2023-02-21 08:45:52 +08:00
sigoden	6625c4d3d0	chore: optimize ui	2023-02-21 08:14:03 +08:00
sigoden	dd6973468c	feat: support edit files (#179 ) close #172	2023-02-20 22:50:24 +08:00
sigoden	c6c78a16c5	chore: optimize ui	2023-02-20 17:23:31 +08:00
sigoden	111103f26b	fix: clear search input also clear query (#178 ) close #161	2023-02-20 12:07:40 +08:00
sigoden	7d6d7d49ca	feat: API to search and list directories (#177 ) use `?simple` to output path name only. use `?json` to output paths in json format. By default, output html page. close #166	2023-02-20 11:05:53 +08:00
sigoden	c6dcaf95d4	chore: hide env keys from help text (#176 )	2023-02-19 22:48:41 +08:00
sigoden	b7c5119c2e	feat: hiding only directories instead of files (#175 ) A `--hidden` pattern with `/` suffix means hiding only directories not files. A `--hidden` pattern without `/` will hide matching files and directories.	2023-02-19 22:03:59 +08:00
horizon	0000bd27f5	fix: remove Method::Options auth check (#168 ) * fix: remove Method::Options auth check * add tests --------- Co-authored-by: sigoden <sigoden@gmail.com>	2023-02-19 12:30:14 +08:00
sigoden	47883376c1	chore: fix cargo clippy (#174 )	2023-02-19 12:24:42 +08:00
MuXiu1997	fea9bf988a	feat: use env var for args (#170 ) closed #160	2023-02-19 11:40:14 +08:00
MoonFruit	b6d555158c	chore: add install instruction for Homebrew (#163 )	2022-12-27 10:16:23 +08:00
sigoden	628d863d2e	chore: improve code quanity	2022-12-11 15:18:44 +08:00
sigoden	8d9705caa4	feat: add option --allow-archive (#152 ) BREAKING CHANGE: explicitly allow download folder as zip file	2022-12-10 11:09:42 +08:00
Kian-Meng Ang	7eef4407fc	docs: fix typos (#147 ) Found via `codespell -S target -L crate,nd`	2022-12-10 09:18:54 +08:00
Sylvain Prat	f061365587	fix: set the STOPSIGNAL to SIGINT for Dockerfile	2022-12-10 08:31:46 +08:00
sigoden	d35cea4c36	chore(release): version 0.31.0	2022-11-12 08:43:13 +08:00
sigoden	1329e42b9a	chore: upgrade clap to v4 (#146 )	2022-11-11 21:46:07 +08:00
sigoden	6ebf619430	feat: support unix sockets (#145 )	2022-11-11 08:57:44 +08:00
sigoden	8b4727c3a4	fix: panic on PROPFIND // (#144 )	2022-11-10 19:28:01 +08:00
Aneesh Agrawal	604ccc6556	fix: status code for MKCOL on existing resource (#142 ) * Fix status code for MKCOL on existing resource Per https://datatracker.ietf.org/doc/html/rfc4918#section-9.3.1, MKCOL should return a 405 if the resource already exists. Impetus for this change: I am using dufs as a webdav server for [Joplin](https://joplinapp.org/) which interpreted the previous behavior of returning a 403 as an error, preventing syncing from working. * add test Co-authored-by: sigoden <sigoden@gmail.com>	2022-11-10 18:41:10 +08:00
David Politis	1a9990f04e	fix: don't search on empty query string (#140 ) * fix: don't search on empty query string * refactor Co-authored-by: sigoden <sigoden@gmail.com>	2022-11-10 18:02:55 +08:00
sigoden	bd07783cde	chore: cargo clippy	2022-11-10 15:38:35 +08:00
sigoden	dbf2de9cb9	fix: auth not works with --path-prefix (#138 ) close #137	2022-10-08 09:14:42 +08:00
sigoden	3b3ea718d9	chore: improve readme	2022-09-09 21:43:40 +08:00
sigoden	3debf88da1	chore: improve readme	2022-09-09 21:37:07 +08:00
sigoden	7eaa6f2484	chore: undo hidden arg changes	2022-09-09 21:30:27 +08:00
sigoden	68def1c1d9	chore: update screenshot.png in readme	2022-09-09 21:22:03 +08:00
sigoden	868f4158f5	chore(release): version 0.30.0	2022-09-09 21:04:05 +08:00
sigoden	3063dca0a6	chore: update readme	2022-09-05 10:34:18 +08:00
sigoden	a74e40aee5	feat: add --assets options to override assets (#134 ) * feat: add --assets options to override assets * update readme	2022-09-05 10:30:45 +08:00
sigoden	bde06fef94	chore: refactor clap multiple_occurrences and multiple_values (#130 )	2022-08-27 10:30:08 +08:00
sigoden	31c832a742	feat: support sort by name, mtime, size (#128 )	2022-08-23 14:24:42 +08:00
Daniel Flannery	9f8171a22f	chore: Corrected type in README (#127 )	2022-08-17 07:41:02 +08:00
sigoden	0fb9f3b2c8	chore: update readme	2022-08-06 08:30:19 +08:00
sigoden	3ae75d3558	fix: hide path by ext name (#126 )	2022-08-06 07:48:34 +08:00
sigoden	dff489398e	chore(release): version v0.29.0	2022-08-03 09:05:39 +08:00
sigoden	64e397d18a	chore: update --hidden help message	2022-08-03 08:58:52 +08:00
sigoden	cc0014c183	chore: fix typo	2022-08-03 08:51:12 +08:00
sigoden	a489c5647a	fix: table row hover highlighting in dark mode (#122 )	2022-08-03 07:02:58 +08:00
sigoden	0918fb3fe4	feat: support ecdsa tls cert (#119 )	2022-08-02 09:32:11 +08:00
sigoden	14efeb6360	chore: update readme	2022-08-02 07:07:53 +08:00
sigoden	30b8f75bba	chore: update deps and remove dependabot	2022-08-02 07:07:33 +08:00
sigoden	a39065beff	chore: update readme	2022-08-01 15:12:25 +08:00
sigoden	a493c13734	chore(release): version v0.28.0	2022-08-01 08:47:18 +08:00
sigoden	ae2f878e62	feat: support customize http log format (#116 )	2022-07-31 08:27:09 +08:00
sigoden	277d9d22d4	feat(ui): add table row hover (#115 )	2022-07-30 08:04:31 +08:00
sigoden	c62926d19c	fix(ui): file path contains special charactors (#114 )	2022-07-30 07:53:27 +08:00
sigoden	cccbbe9ea4	chore: update deps	2022-07-29 08:54:46 +08:00