chore: release v0.34.1

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.34.1] - 2023-06-02
+
+### Bug Fixes
+
+- Auth logic ([#224](https://github.com/sigoden/dufs/issues/224))
+- Allow all cors headers and methods ([#225](https://github.com/sigoden/dufs/issues/225))
+
+### Refactor
+
+- Ui checkAuth ([#226](https://github.com/sigoden/dufs/issues/226))
+
 ## [0.34.0] - 2023-06-01
 
 ### Bug Fixes

Cargo.lock

@@ -436,7 +436,7 @@ checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
 
 [[package]]
 name = "dufs"
-version = "0.34.0"
+version = "0.34.1"
 dependencies = [
  "alphanumeric-sort",
  "anyhow",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dufs"
-version = "0.34.0"
+version = "0.34.1"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Dufs is a distinctive utility file server"

assets/index.js

@@ -218,8 +218,11 @@ Uploader.runQueue = async () => {
   let uploader = Uploader.queues.shift();
   if (!Uploader.auth) {
     Uploader.auth = true;
-    const success = await checkAuth(true);
-    Uploader.auth = !!success;
+    try {
+      await checkAuth()
+    } catch {
+      Uploader.auth = false;
+    }
   }
   uploader.ajax();
 }
@@ -439,7 +442,13 @@ function setupAuth() {
   } else {
     const $loginBtn = document.querySelector(".login-btn");
     $loginBtn.classList.remove("hidden");
-    $loginBtn.addEventListener("click", () => checkAuth(true));
+    $loginBtn.addEventListener("click", async () => {
+      try {
+        await checkAuth()
+      } catch (err) {
+        alert(err.message);
+      }
+    });
   }
 }
 
@@ -651,9 +660,8 @@ async function saveChange() {
   }
 }
 
-async function checkAuth(alert = false) {
+async function checkAuth() {
   if (!DATA.auth) return;
-  try {
   const res = await fetch(baseUrl(), {
     method: "WRITEABLE",
   });
@@ -661,15 +669,6 @@ async function checkAuth(alert = false) {
   document.querySelector(".login-btn").classList.add("hidden");
   $userBtn.classList.remove("hidden");
   $userBtn.title = "";
-    return true;
-  } catch (err) {
-    let message = `Check auth, ${err.message}`;
-    if (alert) {
-      alert(message);
-    } else {
-      throw new Error(message);
-    }
-  }
 }
 
 /**
@@ -808,7 +807,7 @@ function encodedStr(rawStr) {
 
 async function assertResOK(res) {
   if (!(res.status >= 200 && res.status < 300)) {
-    throw new Error(await res.text())
+    throw new Error(await res.text() || `Invalid status ${res.status}`);
   }
 }
 

src/auth.rs

@@ -229,8 +229,8 @@ impl AccessPaths {
 pub enum AccessPerm {
     #[default]
     IndexOnly,
-    ReadWrite,
     ReadOnly,
+    ReadWrite,
 }
 
 impl AccessPerm {
@@ -519,4 +519,16 @@ mod tests {
         assert_eq!(paths.find("dir2", true), None);
         assert!(paths.find("dir1/file", true).is_some());
     }
+
+    #[test]
+    fn test_access_paths_perm() {
+        let mut paths = AccessPaths::default();
+        assert_eq!(paths.perm(), AccessPerm::IndexOnly);
+        paths.set_perm(AccessPerm::ReadOnly);
+        assert_eq!(paths.perm(), AccessPerm::ReadOnly);
+        paths.set_perm(AccessPerm::ReadWrite);
+        assert_eq!(paths.perm(), AccessPerm::ReadWrite);
+        paths.set_perm(AccessPerm::ReadOnly);
+        assert_eq!(paths.perm(), AccessPerm::ReadWrite);
+    }
 }

src/server.rs

@@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
         .typed_insert(AccessControlAllowCredentials);
     res.headers_mut().insert(
         "Access-Control-Allow-Methods",
-        HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
+        HeaderValue::from_static("*"),
     );
     res.headers_mut().insert(
         "Access-Control-Allow-Headers",
-        HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
+        HeaderValue::from_static("Authorization,*"),
     );
     res.headers_mut().insert(
         "Access-Control-Expose-Headers",
-        HeaderValue::from_static(
-            "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
-        ),
+        HeaderValue::from_static("Authorization,*"),
     );
 }
 

tests/auth.rs

@@ -29,6 +29,23 @@ fn auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Resu
     Ok(())
 }
 
+#[rstest]
+fn auth_and_public(
+    #[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 201);
+    let resp = fetch!(b"GET", &url).send()?;
+    assert_eq!(resp.status(), 200);
+    assert_eq!(resp.text()?, "abc");
+    Ok(())
+}
+
 #[rstest]
 fn auth_skip(#[with(&["--auth", "@/"])] server: TestServer) -> Result<(), Error> {
     let resp = reqwest::blocking::get(server.url())?;

tests/cors.rs

@@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
     );
     assert_eq!(
         resp.headers().get("access-control-allow-methods").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "*"
     );
     assert_eq!(
         resp.headers().get("access-control-allow-headers").unwrap(),
-        "Authorization,Destination,Range,Content-Type"
+        "Authorization,*"
     );
     assert_eq!(
         resp.headers().get("access-control-expose-headers").unwrap(),
-        "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
+        "Authorization,*"
     );
     Ok(())
 }