mirror of
https://github.com/sigoden/dufs.git
synced 2026-04-09 17:13:02 +03:00
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
4f3a8d275b | ||
|
|
9c412f4276 | ||
|
|
27c269d6a0 | ||
|
|
57b4a74279 |
11
CHANGELOG.md
11
CHANGELOG.md
@@ -2,6 +2,17 @@
|
|||||||
|
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
## [0.34.1] - 2023-06-02
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- Auth logic ([#224](https://github.com/sigoden/dufs/issues/224))
|
||||||
|
- Allow all cors headers and methods ([#225](https://github.com/sigoden/dufs/issues/225))
|
||||||
|
|
||||||
|
### Refactor
|
||||||
|
|
||||||
|
- Ui checkAuth ([#226](https://github.com/sigoden/dufs/issues/226))
|
||||||
|
|
||||||
## [0.34.0] - 2023-06-01
|
## [0.34.0] - 2023-06-01
|
||||||
|
|
||||||
### Bug Fixes
|
### Bug Fixes
|
||||||
|
|||||||
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -436,7 +436,7 @@ checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "dufs"
|
name = "dufs"
|
||||||
version = "0.34.0"
|
version = "0.34.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"alphanumeric-sort",
|
"alphanumeric-sort",
|
||||||
"anyhow",
|
"anyhow",
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "dufs"
|
name = "dufs"
|
||||||
version = "0.34.0"
|
version = "0.34.1"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
authors = ["sigoden <sigoden@gmail.com>"]
|
authors = ["sigoden <sigoden@gmail.com>"]
|
||||||
description = "Dufs is a distinctive utility file server"
|
description = "Dufs is a distinctive utility file server"
|
||||||
|
|||||||
@@ -218,8 +218,11 @@ Uploader.runQueue = async () => {
|
|||||||
let uploader = Uploader.queues.shift();
|
let uploader = Uploader.queues.shift();
|
||||||
if (!Uploader.auth) {
|
if (!Uploader.auth) {
|
||||||
Uploader.auth = true;
|
Uploader.auth = true;
|
||||||
const success = await checkAuth(true);
|
try {
|
||||||
Uploader.auth = !!success;
|
await checkAuth()
|
||||||
|
} catch {
|
||||||
|
Uploader.auth = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
uploader.ajax();
|
uploader.ajax();
|
||||||
}
|
}
|
||||||
@@ -439,7 +442,13 @@ function setupAuth() {
|
|||||||
} else {
|
} else {
|
||||||
const $loginBtn = document.querySelector(".login-btn");
|
const $loginBtn = document.querySelector(".login-btn");
|
||||||
$loginBtn.classList.remove("hidden");
|
$loginBtn.classList.remove("hidden");
|
||||||
$loginBtn.addEventListener("click", () => checkAuth(true));
|
$loginBtn.addEventListener("click", async () => {
|
||||||
|
try {
|
||||||
|
await checkAuth()
|
||||||
|
} catch (err) {
|
||||||
|
alert(err.message);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -651,25 +660,15 @@ async function saveChange() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async function checkAuth(alert = false) {
|
async function checkAuth() {
|
||||||
if (!DATA.auth) return;
|
if (!DATA.auth) return;
|
||||||
try {
|
const res = await fetch(baseUrl(), {
|
||||||
const res = await fetch(baseUrl(), {
|
method: "WRITEABLE",
|
||||||
method: "WRITEABLE",
|
});
|
||||||
});
|
await assertResOK(res);
|
||||||
await assertResOK(res);
|
document.querySelector(".login-btn").classList.add("hidden");
|
||||||
document.querySelector(".login-btn").classList.add("hidden");
|
$userBtn.classList.remove("hidden");
|
||||||
$userBtn.classList.remove("hidden");
|
$userBtn.title = "";
|
||||||
$userBtn.title = "";
|
|
||||||
return true;
|
|
||||||
} catch (err) {
|
|
||||||
let message = `Check auth, ${err.message}`;
|
|
||||||
if (alert) {
|
|
||||||
alert(message);
|
|
||||||
} else {
|
|
||||||
throw new Error(message);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -808,7 +807,7 @@ function encodedStr(rawStr) {
|
|||||||
|
|
||||||
async function assertResOK(res) {
|
async function assertResOK(res) {
|
||||||
if (!(res.status >= 200 && res.status < 300)) {
|
if (!(res.status >= 200 && res.status < 300)) {
|
||||||
throw new Error(await res.text())
|
throw new Error(await res.text() || `Invalid status ${res.status}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
14
src/auth.rs
14
src/auth.rs
@@ -229,8 +229,8 @@ impl AccessPaths {
|
|||||||
pub enum AccessPerm {
|
pub enum AccessPerm {
|
||||||
#[default]
|
#[default]
|
||||||
IndexOnly,
|
IndexOnly,
|
||||||
ReadWrite,
|
|
||||||
ReadOnly,
|
ReadOnly,
|
||||||
|
ReadWrite,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AccessPerm {
|
impl AccessPerm {
|
||||||
@@ -519,4 +519,16 @@ mod tests {
|
|||||||
assert_eq!(paths.find("dir2", true), None);
|
assert_eq!(paths.find("dir2", true), None);
|
||||||
assert!(paths.find("dir1/file", true).is_some());
|
assert!(paths.find("dir1/file", true).is_some());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_access_paths_perm() {
|
||||||
|
let mut paths = AccessPaths::default();
|
||||||
|
assert_eq!(paths.perm(), AccessPerm::IndexOnly);
|
||||||
|
paths.set_perm(AccessPerm::ReadOnly);
|
||||||
|
assert_eq!(paths.perm(), AccessPerm::ReadOnly);
|
||||||
|
paths.set_perm(AccessPerm::ReadWrite);
|
||||||
|
assert_eq!(paths.perm(), AccessPerm::ReadWrite);
|
||||||
|
paths.set_perm(AccessPerm::ReadOnly);
|
||||||
|
assert_eq!(paths.perm(), AccessPerm::ReadWrite);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
|
|||||||
.typed_insert(AccessControlAllowCredentials);
|
.typed_insert(AccessControlAllowCredentials);
|
||||||
res.headers_mut().insert(
|
res.headers_mut().insert(
|
||||||
"Access-Control-Allow-Methods",
|
"Access-Control-Allow-Methods",
|
||||||
HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
|
HeaderValue::from_static("*"),
|
||||||
);
|
);
|
||||||
res.headers_mut().insert(
|
res.headers_mut().insert(
|
||||||
"Access-Control-Allow-Headers",
|
"Access-Control-Allow-Headers",
|
||||||
HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
|
HeaderValue::from_static("Authorization,*"),
|
||||||
);
|
);
|
||||||
res.headers_mut().insert(
|
res.headers_mut().insert(
|
||||||
"Access-Control-Expose-Headers",
|
"Access-Control-Expose-Headers",
|
||||||
HeaderValue::from_static(
|
HeaderValue::from_static("Authorization,*"),
|
||||||
"WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
|
|
||||||
),
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -29,6 +29,23 @@ fn auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Resu
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[rstest]
|
||||||
|
fn auth_and_public(
|
||||||
|
#[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
|
||||||
|
) -> Result<(), Error> {
|
||||||
|
let url = format!("{}file1", server.url());
|
||||||
|
let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
|
||||||
|
assert_eq!(resp.status(), 401);
|
||||||
|
let resp = fetch!(b"PUT", &url)
|
||||||
|
.body(b"abc".to_vec())
|
||||||
|
.send_with_digest_auth("user", "pass")?;
|
||||||
|
assert_eq!(resp.status(), 201);
|
||||||
|
let resp = fetch!(b"GET", &url).send()?;
|
||||||
|
assert_eq!(resp.status(), 200);
|
||||||
|
assert_eq!(resp.text()?, "abc");
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
#[rstest]
|
#[rstest]
|
||||||
fn auth_skip(#[with(&["--auth", "@/"])] server: TestServer) -> Result<(), Error> {
|
fn auth_skip(#[with(&["--auth", "@/"])] server: TestServer) -> Result<(), Error> {
|
||||||
let resp = reqwest::blocking::get(server.url())?;
|
let resp = reqwest::blocking::get(server.url())?;
|
||||||
|
|||||||
@@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
|
|||||||
);
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
resp.headers().get("access-control-allow-methods").unwrap(),
|
resp.headers().get("access-control-allow-methods").unwrap(),
|
||||||
"GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
|
"*"
|
||||||
);
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
resp.headers().get("access-control-allow-headers").unwrap(),
|
resp.headers().get("access-control-allow-headers").unwrap(),
|
||||||
"Authorization,Destination,Range,Content-Type"
|
"Authorization,*"
|
||||||
);
|
);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
resp.headers().get("access-control-expose-headers").unwrap(),
|
resp.headers().get("access-control-expose-headers").unwrap(),
|
||||||
"WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
|
"Authorization,*"
|
||||||
);
|
);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user