chore: release v0.38.0

- rename LogHttp to HttpLogger

.github/workflows/ci.yaml

@@ -29,16 +29,12 @@ jobs:
       RUSTFLAGS: --deny warnings
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
-      with:
-        components: clippy, rustfmt
-        override: true
-        toolchain: stable
 
-    - uses: Swatinem/rust-cache@v1
+    - uses: Swatinem/rust-cache@v2
 
     - name: Test
       run: cargo test --all

.github/workflows/release.yaml

@@ -27,7 +27,7 @@ jobs:
         - target: aarch64-pc-windows-msvc
           os: windows-latest
           use-cross: true
-          cargo-flags: "--no-default-features"
+          cargo-flags: ""
         - target: x86_64-apple-darwin
           os: macos-latest
           cargo-flags: ""
@@ -71,30 +71,42 @@ jobs:
           use-cross: true
           cargo-flags: "--no-default-features"
     runs-on: ${{matrix.os}}
+    env:
+      BUILD_CMD: cargo
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Check Tag
       id: check-tag
       shell: bash
       run: |
-        tag=${GITHUB_REF##*/}
+        ver=${GITHUB_REF##*/}
-        echo "::set-output name=version::$tag"
+        echo "version=$ver" >> $GITHUB_OUTPUT
-        if [[ "$tag" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
+        if [[ "$ver" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
-          echo "::set-output name=rc::false"
+          echo "rc=false" >> $GITHUB_OUTPUT
         else
-          echo "::set-output name=rc::true"
+          echo "rc=true" >> $GITHUB_OUTPUT
         fi
 
 
     - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
       with:
-        override: true
+        targets: ${{ matrix.target }}
-        target: ${{ matrix.target }}
+        #  Since rust 1.72, mips platforms are tier 3
-        toolchain: stable
+        toolchain: 1.71
-        profile: minimal # minimal component installation (ie, no documentation)
+
+    - name: Install cross
+      if: matrix.use-cross
+      uses: taiki-e/install-action@v2
+      with:
+        tool: cross
+  
+    - name: Overwrite build command env variable
+      if: matrix.use-cross
+      shell: bash
+      run: echo "BUILD_CMD=cross" >> $GITHUB_ENV
 
     - name: Show Version Information (Rust, cargo, GCC)
       shell: bash
@@ -107,11 +119,8 @@ jobs:
         rustc -V
       
     - name: Build
-      uses: actions-rs/cargo@v1
+      shell: bash
-      with:
+      run: $BUILD_CMD build --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
-        use-cross: ${{ matrix.use-cross }}
-        command: build
-        args: --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
 
     - name: Build Archive
       shell: bash
@@ -123,8 +132,7 @@ jobs:
         set -euxo pipefail
 
         bin=${GITHUB_REPOSITORY##*/}
-        src=`pwd`
+        dist_dir=`pwd`/dist
-        dist=$src/dist
         name=$bin-$version-$target
         executable=target/$target/release/$bin
 
@@ -132,22 +140,22 @@ jobs:
           executable=$executable.exe
         fi
 
-        mkdir $dist
+        mkdir $dist_dir
-        cp $executable $dist
+        cp $executable $dist_dir
-        cd $dist
+        cd $dist_dir
 
         if [[ "$RUNNER_OS" == "Windows" ]]; then
-            archive=$dist/$name.zip
+            archive=$dist_dir/$name.zip
             7z a $archive *
-            echo "::set-output name=archive::`pwd -W`/$name.zip"
+            echo "archive=dist/$name.zip" >> $GITHUB_OUTPUT
         else
-            archive=$dist/$name.tar.gz
+            archive=$dist_dir/$name.tar.gz
-            tar czf $archive *
+            tar -czf $archive *
-            echo "::set-output name=archive::$archive"
+            echo "archive=dist/$name.tar.gz" >> $GITHUB_OUTPUT
         fi
 
     - name: Publish Archive
-      uses: softprops/action-gh-release@v0.1.5
+      uses: softprops/action-gh-release@v1
       if: ${{ startsWith(github.ref, 'refs/tags/') }}
       with:
         draft: false
@@ -163,16 +171,16 @@ jobs:
     needs: release
     steps:
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           build-args: |
             REPO=${{ github.repository }}
@@ -191,13 +199,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: release
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-      - name: Publish
 
+      - uses: dtolnay/rust-toolchain@stable
+
+      - name: Publish
         env:
           CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
         run: cargo publish

CHANGELOG.md

@@ -2,6 +2,79 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.38.0] - 2023-11-28
+
+### Bug Fixes
+
+- Unable to start if config file omit bind/port fields ([#294](https://github.com/sigoden/dufs/issues/294))
+
+### Features
+
+- Password can contain `:` `@` `|` ([#297](https://github.com/sigoden/dufs/issues/297))
+- Deprecate the use of `|` to separate auth rules ([#298](https://github.com/sigoden/dufs/issues/298))
+- More flexible config values ([#299](https://github.com/sigoden/dufs/issues/299))
+- Ui supports view file ([#301](https://github.com/sigoden/dufs/issues/301))
+
+### Refactor
+
+- Take improvements from the edge browser ([#289](https://github.com/sigoden/dufs/issues/289))
+- Ui change the cursor for upload-btn to a pointer ([#291](https://github.com/sigoden/dufs/issues/291))
+- Ui improve uploading progress ([#296](https://github.com/sigoden/dufs/issues/296))
+
+## [0.37.1] - 2023-11-08
+
+### Bug Fixes
+
+- Use DUFS_CONFIG to specify the config file path ([#286](https://github.com/sigoden/dufs/issues/286)
+
+## [0.37.0] - 2023-11-08
+
+### Bug Fixes
+
+- Sort path ignore case ([#264](https://github.com/sigoden/dufs/issues/264))
+- Ui show user-name next to the user-icon ([#278](https://github.com/sigoden/dufs/issues/278))
+- Auto delete half-uploaded files ([#280](https://github.com/sigoden/dufs/issues/280))
+
+### Features
+
+- Deprecate `--auth-method`,  as both options are available ([#279](https://github.com/sigoden/dufs/issues/279))
+- Support config file with `--config` option ([#281](https://github.com/sigoden/dufs/issues/281))
+- Support hashed password ([#283](https://github.com/sigoden/dufs/issues/283))
+
+### Refactor
+
+- Remove one clone on `assets_prefix` ([#270](https://github.com/sigoden/dufs/issues/270))
+- Optimize tests
+- Improve code quanity ([#282](https://github.com/sigoden/dufs/issues/282))
+
+## [0.36.0] - 2023-08-24
+
+### Bug Fixes
+
+- Ui readonly if no write perm ([#258](https://github.com/sigoden/dufs/issues/258))
+
+### Testing
+
+- Remove dependency on native tls ([#255](https://github.com/sigoden/dufs/issues/255))
+
+## [0.35.0] - 2023-08-14
+
+### Bug Fixes
+
+- Search should ignore entry path ([#235](https://github.com/sigoden/dufs/issues/235))
+- Typo __ASSERTS_PREFIX__ ([#252](https://github.com/sigoden/dufs/issues/252))
+
+### Features
+
+- Sort by type first, then sort by name/mtime/size ([#241](https://github.com/sigoden/dufs/issues/241))
+
+## [0.34.2] - 2023-06-05
+
+### Bug Fixes
+
+- Ui refresh page after login ([#230](https://github.com/sigoden/dufs/issues/230))
+- Webdav only see public folder even logging in ([#231](https://github.com/sigoden/dufs/issues/231))
+
 ## [0.34.1] - 2023-06-02
 
 ### Bug Fixes

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dufs"
-version = "0.34.1"
+version = "0.38.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Dufs is a distinctive utility file server"
@@ -13,15 +13,14 @@ keywords = ["static", "file", "server", "webdav", "cli"]
 [dependencies]
 clap = { version = "4", features = ["wrap_help", "env"] }
 clap_complete = "4"
-chrono = "0.4"
+chrono = { version = "0.4", default-features = false, features = ["clock"] }
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
 tokio-util = { version = "0.7",  features = ["io-util", "compat"] }
 hyper = { version = "0.14", features = ["http1", "server", "tcp", "stream"] }
-percent-encoding = "2.1"
+percent-encoding = "2.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 futures = "0.3"
-base64 = "0.21"
 async_zip = { version = "0.0.15", default-features = false, features = ["deflate", "chrono", "tokio"] }
 headers = "0.3"
 mime_guess = "2.0"
@@ -31,20 +30,24 @@ rustls-pemfile = { version = "1", optional = true }
 tokio-rustls = { version = "0.24", optional = true }
 md5 = "0.7"
 lazy_static = "1.4"
-uuid = { version = "1.1", features = ["v4", "fast-rng"] }
+uuid = { version = "1.4", features = ["v4", "fast-rng"] }
 urlencoding = "2.1"
 xml-rs = "0.8"
 log = "0.4"
 socket2 = "0.5"
 async-stream = "0.3"
 walkdir = "2.3"
-form_urlencoded = "1.0"
+form_urlencoded = "1.2"
 alphanumeric-sort = "1.4"
 content_inspector = "0.2"
 anyhow = "1.0"
 chardetng = "0.1"
 glob = "0.3.1"
-indexmap = "1.9"
+indexmap = "2.0"
+serde_yaml = "0.9.27"
+sha-crypt = "0.5.0"
+base64 = "0.21.5"
+smart-default = "0.7.1"
 
 [features]
 default = ["tls"]
@@ -55,13 +58,15 @@ assert_cmd = "2"
 reqwest = { version = "0.11", features = ["blocking", "multipart", "rustls-tls"], default-features = false }
 assert_fs = "1"
 port_check = "0.1"
-rstest = "0.17"
+rstest = "0.18"
 regex = "1"
 url = "2"
-diqwest = { version = "1", features = ["blocking"] }
+diqwest = { version = "1", features = ["blocking", "rustls-tls"], default-features = false }
 predicates = "3"
 
 [profile.release]
+opt-level = 3
 lto = true
-strip = true
+codegen-units = 1
-opt-level = "z"
+panic = "abort"
+strip = "symbols"

README.md

@@ -48,18 +48,18 @@ Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip
 ```
 Dufs is a distinctive utility file server - https://github.com/sigoden/dufs
 
-Usage: dufs [OPTIONS] [serve_path]
+Usage: dufs [OPTIONS] [serve-path]
 
 Arguments:
-  [serve_path]  Specific path to serve [default: .]
+  [serve-path]  Specific path to serve [default: .]
 
 Options:
+  -c, --config <config>      Specify configuration file
   -b, --bind <addrs>         Specify bind address or unix socket
   -p, --port <port>          Specify port to listen on [default: 5000]
       --path-prefix <path>   Specify a path prefix
-      --hidden <value>       Hide paths from directory listings, separated by `,`
+      --hidden <value>       Hide paths from directory listings, e.g. tmp,*.log,*.lock
-  -a, --auth <rules>         Add auth role
+  -a, --auth <rules>         Add auth roles, e.g. user:pass@/dir1:rw,/dir2
-      --auth-method <value>  Select auth method [default: digest] [possible values: basic, digest]
   -A, --allow-all            Allow all operations
       --allow-upload         Allow upload files/folders
       --allow-delete         Allow delete files/folders
@@ -70,18 +70,18 @@ Options:
       --render-index         Serve index.html when requesting a directory, returns 404 if not found index.html
       --render-try-index     Serve index.html when requesting a directory, returns directory listing if not found index.html
       --render-spa           Serve SPA(Single Page Application)
-      --assets <path>        Use custom assets to override builtin assets
+      --assets <path>        Set the path to the assets directory for overriding the built-in assets
-      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
-      --tls-key <path>       Path to the SSL/TLS certificate's private key
       --log-format <format>  Customize http log format
       --completions <shell>  Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
+      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
+      --tls-key <path>       Path to the SSL/TLS certificate's private key
   -h, --help                 Print help
   -V, --version              Print version
 ```
 
 ## Examples
 
-Serve current working directory in readonly mode
+Serve current working directory in read-only mode
 
 ```
 dufs
@@ -126,7 +126,7 @@ dufs --render-index
 Require username/password
 
 ```
-dufs -a /@admin:123
+dufs -a admin:123@/:rw
 ```
 
 Listen on specific host:ip 
@@ -186,16 +186,16 @@ curl -X MOVE https://127.0.0.1:5000/path -H "Destination: https://127.0.0.1:5000
 List/search directory contents
 
 ```
-curl http://127.0.0.1:5000?simple                 # output names only, just like `ls -1`
+curl http://127.0.0.1:5000?q=Dockerfile           # search for files, similar to `find -name Dockerfile`
+curl http://127.0.0.1:5000?simple                 # output names only, similar to `ls -1`
 curl http://127.0.0.1:5000?json                   # output paths in json format
-curl http://127.0.0.1:5000?q=Dockerfile&simple    # search for files, just like `find -name Dockerfile`
 ```
 
 With authorization
 
 ```
-curl --user user:pass --digest http://192.168.8.10:5000/file  # digest auth
+curl http://192.168.8.10:5000/file --user user:pass                 # basic auth
-curl --user user:pass http://192.168.8.10:5000/file           # basic auth
+curl http://192.168.8.10:5000/file --user user:pass --digest        # digest auth
 ```
 
 <details>
@@ -206,44 +206,43 @@ curl --user user:pass http://192.168.8.10:5000/file           # basic auth
 Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`.
 
 ```
-dufs -a [user:pass]@path[:rw][,path[:rw]...][|...]
+dufs -a user:pass@/path1:rw,/path2 -a user2:pass2@/path3 -a @/path4
 ```
-1: Multiple rules are separated by "|"
+
-2: User and pass are the account name and password, if omitted, it is an anonymous user
+1. Use `@` to separate the account and paths. No account means anonymous user.
-3: One rule can set multiple paths, separated by ","
+2. Use `:` to separate the username and password of the account.
-4: Add `:rw` after the path to indicate that the path has read and write permissions, otherwise the path has readonly permissions.
+3. Use `,` to separate paths.
+4. Use `:rw` suffix to indicate that the account has read-write permission on the path.
+
+- `-a admin:amdin@/:rw`: `admin` has complete permissions for all paths.
+- `-a guest:guest@/`: `guest` has read-only permissions for all paths.
+- `-a user:pass@/dir1:rw,/dir2`: `user` has complete permissions for `/dir1/*`, has read-only permissions for `/dir2/`.
+- `-a @/`: All paths is publicly accessible, everyone can view/download it.
+
+> There are no restrictions on using ':' and '@' characters in a password, `user:pa:ss@1@/:rw` is valid, and the password is `pa:ss@1`.
+
+#### Hashed Password
+
+DUFS supports the use of sha-512 hashed password.
+
+Create hashed password
 
 ```
-dufs -A -a admin:admin@/:rw
+$ mkpasswd  -m sha-512 -s
+Password: 123456 
+$6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/
 ```
-`admin` has all permissions for all paths.
 
+Use hashed password
 ```
-dufs -A -a admin:admin@/:rw -a guest:guest@/
+dufs -a 'admin:$6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/@/:rw'
 ```
-`guest` has readonly permissions for all paths.
 
-```
+Two important things for hashed passwords:
-dufs -A -a admin:admin@/:rw -a @/
-```
-All paths is public, everyone can view/download it.
 
-```
+1. Dufs only supports sha-512 hashed passwords, so ensure that the password string always starts with `$6$`.
-dufs -A -a admin:admin@/:rw -a user1:pass1@/user1:rw -a user2:pass2@/user2
+2. Digest authentication does not function properly with hashed passwords.
-dufs -A -a "admin:admin@/:rw|user1:pass1@/user1:rw|user2:pass2@/user2"
-```
-`user1` has all permissions for `/user1/*` path.
-`user2` has all permissions for `/user2/*` path.
 
-```
-dufs -A -a user:pass@/dir1:rw,/dir2:rw,dir3
-```
-`user` has all permissions for `/dir1/*` and `/dir2/*`, has readonly permissions for `/dir3/`.
-
-```
-dufs -a admin:admin@/
-```
-Since dufs only allows viewing/downloading, `admin` can only view/download files.
 
 ### Hide Paths
 
@@ -259,6 +258,7 @@ dufs --hidden .git,.DS_Store,tmp
 dufs --hidden '.*'                          # hidden dotfiles
 dufs --hidden '*/'                          # hidden all folders
 dufs --hidden '*.log,*.lock'                # hidden by exts
+dufs --hidden '*.log' --hidden '*.lock'
 ```
 
 ### Log Format
@@ -307,14 +307,14 @@ dufs --log-format '$remote_addr $remote_user "$request" $status' -a /@admin:admi
 All options can be set using environment variables prefixed with `DUFS_`.
 
 ```
-  [ROOT_DIR]                  DUFS_ROOT_DIR=/dir
+[serve-path]                DUFS_SERVE_PATH="."
-  -b, --bind <addrs>          DUFS_BIND=0.0.0.0
+    --config <path>         DUFS_CONFIG=config.yaml
-  -p, --port <port>           DUFS_PORT=5000
+-b, --bind <addrs>          DUFS_BIND=0.0.0.0
-      --path-prefix <path>    DUFS_PATH_RREFIX=/path
+-p, --port <port>           DUFS_PORT=5000
-      --hidden <value>        DUFS_HIDDEN=*.log
+    --path-prefix <path>    DUFS_PATH_PREFIX=/static
-  -a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
+    --hidden <value>        DUFS_HIDDEN=tmp,*.log,*.lock
-      --auth-method <value>   DUFS_AUTH_METHOD=basic
+-a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
-  -A, --allow-all             DUFS_ALLOW_ALL=true
+-A, --allow-all             DUFS_ALLOW_ALL=true
     --allow-upload          DUFS_ALLOW_UPLOAD=true
     --allow-delete          DUFS_ALLOW_DELETE=true
     --allow-search          DUFS_ALLOW_SEARCH=true
@@ -325,9 +325,43 @@ All options can be set using environment variables prefixed with `DUFS_`.
     --render-try-index      DUFS_RENDER_TRY_INDEX=true
     --render-spa            DUFS_RENDER_SPA=true
     --assets <path>         DUFS_ASSETS=/assets
+    --log-format <format>   DUFS_LOG_FORMAT=""
     --tls-cert <path>       DUFS_TLS_CERT=cert.pem
     --tls-key <path>        DUFS_TLS_KEY=key.pem
-      --log-format <format>   DUFS_LOG_FORMAT=""
+```
+
+## Configuration File
+
+You can specify and use the configuration file by selecting the option `--config <path-to-config.yaml>`.
+
+The following are the configuration items:
+
+```yaml
+serve-path: '.'
+bind: 0.0.0.0
+port: 5000
+path-prefix: /dufs
+hidden:
+  - tmp
+  - '*.log'
+  - '*.lock'
+auth:
+  - admin:admin@/:rw
+  - user:pass@/src:rw,/share
+allow-all: false
+allow-upload: true
+allow-delete: true
+allow-search: true
+allow-symlink: true
+allow-archive: true
+enable-cors: true
+render-index: true
+render-try-index: true
+render-spa: true
+assets: ./assets/
+log-format: '$remote_addr "$request" $status $http_user_agent'
+tls-cert: tests/data/cert.pem
+tls-key: tests/data/key_pkcs1.pem
 ```
 
 ### Customize UI
@@ -343,7 +377,7 @@ Your assets folder must contains a `index.html` file.
 `index.html` can use the following placeholder variables to retrieve internal data.
 
 - `__INDEX_DATA__`: directory listing data
-- `__ASSERTS_PREFIX__`: assets url prefix
+- `__ASSETS_PREFIX__`: assets url prefix
 
 </details>
 

assets/index.css

@@ -73,6 +73,10 @@ body {
   display: none;
 }
 
+.upload-file label {
+  cursor: pointer;
+}
+
 .searchbar {
   display: flex;
   flex-wrap: nowrap;
@@ -103,11 +107,6 @@ body {
   cursor: pointer;
 }
 
-.upload-status span {
-  width: 70px;
-  display: inline-block;
-}
-
 .main {
   padding: 3.3em 1em 0;
 }
@@ -134,6 +133,11 @@ body {
   padding-left: 0.6em;
 }
 
+.cell-status span {
+  width: 80px;
+  display: inline-block;
+}
+
 .paths-table thead a {
   color: unset;
   text-decoration: none;
@@ -208,18 +212,29 @@ body {
   height: calc(100vh - 5rem);
   border: 1px solid #ced4da;
   outline: none;
+  padding: 5px;
 }
 
-.toolbox2 {
+.toolbox-right {
   margin-left: auto;
   margin-right: 2em;
 }
 
 .save-btn {
   cursor: pointer;
+  -webkit-user-select: none;
   user-select: none;
 }
 
+.user-btn {
+    display: flex;
+    align-items: center;
+}
+
+.user-name {
+  padding-left: 3px;
+}
+
 .not-editable {
   font-style: italic;
 }

assets/index.html

@@ -1,15 +1,15 @@
 <!DOCTYPE html>
-<html>
+<html lang="en-US">
 
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width" />
-  <link rel="icon" type="image/x-icon" href="__ASSERTS_PREFIX__favicon.ico">
+  <link rel="icon" type="image/x-icon" href="__ASSETS_PREFIX__favicon.ico">
-  <link rel="stylesheet" href="__ASSERTS_PREFIX__index.css">
+  <link rel="stylesheet" href="__ASSETS_PREFIX__index.css">
   <script>
     DATA = __INDEX_DATA__
   </script>
-  <script src="__ASSERTS_PREFIX__index.js"></script>
+  <script src="__ASSETS_PREFIX__index.js"></script>
 </head>
 
 <body>
@@ -48,7 +48,7 @@
               d="M7.646 1.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1-.708.708L8.5 2.707V11.5a.5.5 0 0 1-1 0V2.707L5.354 4.854a.5.5 0 1 1-.708-.708l3-3z" />
           </svg>
         </label>
-        <input type="file" id="file" name="file" multiple>
+        <input type="file" id="file" title="Upload files" name="file" multiple>
       </div>
       <div class="control new-folder hidden" title="New folder">
         <svg width="16" height="16" viewBox="0 0 16 16">
@@ -74,10 +74,10 @@
             d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z" />
         </svg>
       </div>
-      <input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
+      <input id="search" title="Searching for folders or files" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
       <input type="submit" hidden />
     </form>
-    <div class="toolbox2">
+    <div class="toolbox-right">
       <div class="login-btn hidden" title="Login for upload/move/delete/edit permissions">
         <svg width="16" height="16" viewBox="0 0 16 16">
           <path fill-rule="evenodd"
@@ -91,6 +91,7 @@
           <path
             d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6Zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0Zm4 8c0 1-1 1-1 1H3s-1 0-1-1 1-4 6-4 6 3 6 4Zm-1-.004c-.001-.246-.154-.986-.832-1.664C11.516 10.68 10.289 10 8 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10Z" />
         </svg>
+        <span class="user-name"></span>
       </div>
       <div class="save-btn hidden" title="Save file">
         <svg viewBox="0 0 1024 1024" width="24" height="24">
@@ -121,7 +122,7 @@
     </div>
     <div class="editor-page hidden">
       <div class="not-editable hidden"></div>
-      <textarea class="editor hidden" cols="10"></textarea>
+      <textarea id="editor" class="editor hidden" aria-label="Editor" cols="10"></textarea>
     </div>
   </div>
   <script>

assets/index.js

@@ -10,7 +10,7 @@
  * @typedef {object} DATA
  * @property {string} href
  * @property {string} uri_prefix
- * @property {"Index" | "Edit"} kind
+ * @property {"Index" | "Edit" | "View"} kind
  * @property {PathItem[]} paths
  * @property {boolean} allow_upload
  * @property {boolean} allow_delete
@@ -55,7 +55,8 @@ const ICONS = {
   download: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>`,
   move: `<svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.5 1.5A.5.5 0 0 0 1 2v4.8a2.5 2.5 0 0 0 2.5 2.5h9.793l-3.347 3.346a.5.5 0 0 0 .708.708l4.2-4.2a.5.5 0 0 0 0-.708l-4-4a.5.5 0 0 0-.708.708L13.293 8.3H3.5A1.5 1.5 0 0 1 2 6.8V2a.5.5 0 0 0-.5-.5z"/></svg>`,
   edit: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M12.146.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1 0 .708l-10 10a.5.5 0 0 1-.168.11l-5 2a.5.5 0 0 1-.65-.65l2-5a.5.5 0 0 1 .11-.168l10-10zM11.207 2.5 13.5 4.793 14.793 3.5 12.5 1.207 11.207 2.5zm1.586 3L10.5 3.207 4 9.707V10h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.293l6.5-6.5zm-9.761 5.175-.106.106-1.528 3.821 3.821-1.528.106-.106A.5.5 0 0 1 5 12.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.468-.325z"/></svg>`,
-  delete: `<svg width="16" height="16" fill="currentColor"viewBox="0 0 16 16"><path d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z"/><path d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z"/></svg>`,
+  delete: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z"/><path d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z"/></svg>`,
+  view: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M4 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2zm0 1h8a1 1 0 0 1 1 1v12a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1"/></svg>`,
 }
 
 /**
@@ -86,6 +87,10 @@ let $editor;
  * @type Element
  */
 let $userBtn;
+/**
+ * @type Element
+ */
+let $userName;
 
 function ready() {
   $pathsTable = document.querySelector(".paths-table")
@@ -95,6 +100,7 @@ function ready() {
   $emptyFolder = document.querySelector(".empty-folder");
   $editor = document.querySelector(".editor");
   $userBtn = document.querySelector(".user-btn");
+  $userName = document.querySelector(".user-name");
 
   addBreadcrumb(DATA.href, DATA.uri_prefix);
 
@@ -108,7 +114,12 @@ function ready() {
     document.title = `Edit ${DATA.href} - Dufs`;
     document.querySelector(".editor-page").classList.remove("hidden");;
 
-    setupEditPage();
+    setupEditorPage();
+  } else if (DATA.kind == "View") {
+    document.title = `View ${DATA.href} - Dufs`;
+    document.querySelector(".editor-page").classList.remove("hidden");;
+
+    setupEditorPage();
   }
 }
 
@@ -178,10 +189,10 @@ class Uploader {
     const now = Date.now();
     const speed = (event.loaded - this.uploaded) / (now - this.lastUptime) * 1000;
     const [speedValue, speedUnit] = formatSize(speed);
-    const speedText = `${speedValue}${speedUnit.toLowerCase()}/s`;
+    const speedText = `${speedValue} ${speedUnit}/s`;
     const progress = formatPercent((event.loaded / event.total) * 100);
     const duration = formatDuration((event.total - event.loaded) / speed)
-    this.$uploadStatus.innerHTML = `<span>${speedText}</span><span>${progress}</span><span>${duration}</span>`;
+    this.$uploadStatus.innerHTML = `<span>${speedText}</span><span>${progress} ${duration}</span>`;
     this.uploaded = event.loaded;
     this.lastUptime = now;
   }
@@ -252,7 +263,7 @@ function addBreadcrumb(href, uri_prefix) {
     }
     const encodedName = encodedStr(name);
     if (i === 0) {
-      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}"><svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5z"/></svg></a>`);
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}" title="Root"><svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5z"/></svg></a>`);
     } else if (i === len - 1) {
       $breadcrumb.insertAdjacentHTML("beforeend", `<b>${encodedName}</b>`);
     } else {
@@ -316,13 +327,13 @@ function renderPathsTableHead() {
     <tr>
       ${headerItems.map(item => {
     let svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M11.5 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L11 2.707V14.5a.5.5 0 0 0 .5.5zm-7-14a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L4 13.293V1.5a.5.5 0 0 1 .5-.5z"/></svg>`;
-    let order = "asc";
+    let order = "desc";
     if (PARAMS.sort === item.name) {
-      if (PARAMS.order === "asc") {
+      if (PARAMS.order === "desc") {
-        order = "desc";
+        order = "asc";
-        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
-      } else {
         svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 1a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L7.5 13.293V1.5A.5.5 0 0 1 8 1z"/></svg>`
+      } else {
+        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
       }
     }
     const qs = new URLSearchParams({ ...PARAMS, order, sort: item.name }).toString();
@@ -364,6 +375,7 @@ function addPath(file, index) {
   let actionDownload = "";
   let actionMove = "";
   let actionEdit = "";
+  let actionView = "";
   let isDir = file.path_type.endsWith("Dir");
   if (isDir) {
     url += "/";
@@ -389,9 +401,13 @@ function addPath(file, index) {
     actionDelete = `
     <div onclick="deletePath(${index})" class="action-btn" id="deleteBtn${index}" title="Delete">${ICONS.delete}</div>`;
   }
+  if (!actionEdit && !isDir) {
+    actionView = `<a class="action-btn" title="View file" target="_blank" href="${url}?view">${ICONS.view}</a>`;
+  }
   let actionCell = `
   <td class="cell-actions">
     ${actionDownload}
+    ${actionView}
     ${actionMove}
     ${actionDelete}
     ${actionEdit}
@@ -438,13 +454,14 @@ function setupDropzone() {
 function setupAuth() {
   if (DATA.user) {
     $userBtn.classList.remove("hidden");
-    $userBtn.title = DATA.user;
+    $userName.textContent = DATA.user;
   } else {
     const $loginBtn = document.querySelector(".login-btn");
     $loginBtn.classList.remove("hidden");
     $loginBtn.addEventListener("click", async () => {
       try {
         await checkAuth()
+        location.reload();
       } catch (err) {
         alert(err.message);
       }
@@ -498,13 +515,14 @@ function setupNewFile() {
   });
 }
 
-async function setupEditPage() {
+async function setupEditorPage() {
   const url = baseUrl();
 
   const $download = document.querySelector(".download");
   $download.classList.remove("hidden");
   $download.href = url;
 
+  if (DATA.kind == "Edit") {
     const $moveFile = document.querySelector(".move-file");
     $moveFile.classList.remove("hidden");
     $moveFile.addEventListener("click", async () => {
@@ -525,6 +543,13 @@ async function setupEditPage() {
       });
     })
 
+    const $saveBtn = document.querySelector(".save-btn");
+    $saveBtn.classList.remove("hidden");
+    $saveBtn.addEventListener("click", saveChange);
+  } else if (DATA.kind == "View") {
+    $editor.readonly = true;
+  }
+
   if (!DATA.editable) {
     const $notEditable = document.querySelector(".not-editable");
     const url = baseUrl();
@@ -538,10 +563,6 @@ async function setupEditPage() {
     return;
   }
 
-  const $saveBtn = document.querySelector(".save-btn");
-  $saveBtn.classList.remove("hidden");
-  $saveBtn.addEventListener("click", saveChange);
-
   $editor.classList.remove("hidden");
   try {
     const res = await fetch(baseUrl());
@@ -668,7 +689,7 @@ async function checkAuth() {
   await assertResOK(res);
   document.querySelector(".login-btn").classList.add("hidden");
   $userBtn.classList.remove("hidden");
-  $userBtn.title = "";
+  $userName.textContent = "";
 }
 
 /**

src/args.rs

@@ -2,17 +2,14 @@ use anyhow::{bail, Context, Result};
 use clap::builder::PossibleValuesParser;
 use clap::{value_parser, Arg, ArgAction, ArgMatches, Command};
 use clap_complete::{generate, Generator, Shell};
-#[cfg(feature = "tls")]
+use serde::{Deserialize, Deserializer};
-use rustls::{Certificate, PrivateKey};
+use smart_default::SmartDefault;
 use std::env;
 use std::net::IpAddr;
 use std::path::{Path, PathBuf};
 
 use crate::auth::AccessControl;
-use crate::auth::AuthMethod;
+use crate::http_logger::HttpLogger;
-use crate::log_http::{LogHttp, DEFAULT_LOG_FORMAT};
-#[cfg(feature = "tls")]
-use crate::tls::{load_certs, load_private_key};
 use crate::utils::encode_uri;
 
 pub fn build_cli() -> Command {
@@ -25,12 +22,20 @@ pub fn build_cli() -> Command {
             env!("CARGO_PKG_REPOSITORY")
         ))
         .arg(
-            Arg::new("serve_path")
+            Arg::new("serve-path")
                 .env("DUFS_SERVE_PATH")
 				.hide_env(true)
-                .default_value(".")
                 .value_parser(value_parser!(PathBuf))
-                .help("Specific path to serve"),
+                .help("Specific path to serve [default: .]"),
+        )
+        .arg(
+            Arg::new("config")
+                .env("DUFS_CONFIG")
+				.hide_env(true)
+                .short('c')
+                .long("config")
+                .value_parser(value_parser!(PathBuf))
+                .help("Specify configuration file"),
         )
         .arg(
             Arg::new("bind")
@@ -49,9 +54,8 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                 .short('p')
                 .long("port")
-                .default_value("5000")
                 .value_parser(value_parser!(u16))
-                .help("Specify port to listen on")
+                .help("Specify port to listen on [default: 5000]")
                 .value_name("port"),
         )
         .arg(
@@ -67,7 +71,9 @@ pub fn build_cli() -> Command {
                 .env("DUFS_HIDDEN")
 				.hide_env(true)
                 .long("hidden")
-                .help("Hide paths from directory listings, separated by `,`")
+                .action(ArgAction::Append)
+                .value_delimiter(',')
+                .help("Hide paths from directory listings, e.g. tmp,*.log,*.lock")
                 .value_name("value"),
         )
         .arg(
@@ -76,13 +82,13 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                 .short('a')
                 .long("auth")
-                .help("Add auth role")
+                .help("Add auth roles, e.g. user:pass@/dir1:rw,/dir2")
                 .action(ArgAction::Append)
-                .value_delimiter('|')
                 .value_name("rules"),
         )
         .arg(
             Arg::new("auth-method")
+                .hide(true)
                 .env("DUFS_AUTH_METHOD")
 				.hide_env(true)
                 .long("auth-method")
@@ -177,9 +183,24 @@ pub fn build_cli() -> Command {
                 .env("DUFS_ASSETS")
 				.hide_env(true)
                 .long("assets")
-                .help("Use custom assets to override builtin assets")
+                .help("Set the path to the assets directory for overriding the built-in assets")
                 .value_parser(value_parser!(PathBuf))
                 .value_name("path")
+        )
+        .arg(
+            Arg::new("log-format")
+                .env("DUFS_LOG_FORMAT")
+                .hide_env(true)
+                .long("log-format")
+                .value_name("format")
+                .help("Customize http log format"),
+        )
+        .arg(
+            Arg::new("completions")
+                .long("completions")
+                .value_name("shell")
+                .value_parser(value_parser!(Shell))
+                .help("Print shell completion script for <shell>"),
         );
 
     #[cfg(feature = "tls")]
@@ -203,38 +224,38 @@ pub fn build_cli() -> Command {
                 .help("Path to the SSL/TLS certificate's private key"),
         );
 
-    app.arg(
+    app
-        Arg::new("log-format")
-            .env("DUFS_LOG_FORMAT")
-            .hide_env(true)
-            .long("log-format")
-            .value_name("format")
-            .help("Customize http log format"),
-    )
-    .arg(
-        Arg::new("completions")
-            .long("completions")
-            .value_name("shell")
-            .value_parser(value_parser!(Shell))
-            .help("Print shell completion script for <shell>"),
-    )
 }
 
 pub fn print_completions<G: Generator>(gen: G, cmd: &mut Command) {
     generate(gen, cmd, cmd.get_name().to_string(), &mut std::io::stdout());
 }
 
-#[derive(Debug)]
+#[derive(Debug, Deserialize, SmartDefault, PartialEq)]
+#[serde(default)]
+#[serde(rename_all = "kebab-case")]
 pub struct Args {
+    #[serde(default = "default_serve_path")]
+    #[default(default_serve_path())]
+    pub serve_path: PathBuf,
+    #[serde(deserialize_with = "deserialize_bind_addrs")]
+    #[serde(rename = "bind")]
+    #[serde(default = "default_addrs")]
+    #[default(default_addrs())]
     pub addrs: Vec<BindAddr>,
+    #[serde(default = "default_port")]
+    #[default(default_port())]
     pub port: u16,
-    pub path: PathBuf,
+    #[serde(skip)]
     pub path_is_file: bool,
     pub path_prefix: String,
+    #[serde(skip)]
     pub uri_prefix: String,
+    #[serde(deserialize_with = "deserialize_string_or_vec")]
     pub hidden: Vec<String>,
-    pub auth_method: AuthMethod,
+    #[serde(deserialize_with = "deserialize_access_control")]
     pub auth: AccessControl,
+    pub allow_all: bool,
     pub allow_upload: bool,
     pub allow_delete: bool,
     pub allow_search: bool,
@@ -244,12 +265,12 @@ pub struct Args {
     pub render_spa: bool,
     pub render_try_index: bool,
     pub enable_cors: bool,
-    pub assets_path: Option<PathBuf>,
+    pub assets: Option<PathBuf>,
-    pub log_http: LogHttp,
+    #[serde(deserialize_with = "deserialize_log_http")]
-    #[cfg(feature = "tls")]
+    #[serde(rename = "log-format")]
-    pub tls: Option<(Vec<Certificate>, PrivateKey)>,
+    pub http_logger: HttpLogger,
-    #[cfg(not(feature = "tls"))]
+    pub tls_cert: Option<PathBuf>,
-    pub tls: Option<()>,
+    pub tls_key: Option<PathBuf>,
 }
 
 impl Args {
@@ -258,95 +279,164 @@ impl Args {
     /// If a parsing error occurred, exit the process and print out informative
     /// error message to user.
     pub fn parse(matches: ArgMatches) -> Result<Args> {
-        let port = *matches.get_one::<u16>("port").unwrap();
+        let mut args = Self::default();
-        let addrs = matches
+
-            .get_many::<String>("bind")
+        if let Some(config_path) = matches.get_one::<PathBuf>("config") {
-            .map(|bind| bind.map(|v| v.as_str()).collect())
+            let contents = std::fs::read_to_string(config_path)
-            .unwrap_or_else(|| vec!["0.0.0.0", "::"]);
+                .with_context(|| format!("Failed to read config at {}", config_path.display()))?;
-        let addrs: Vec<BindAddr> = Args::parse_addrs(&addrs)?;
+            args = serde_yaml::from_str(&contents)
-        let path = Args::parse_path(matches.get_one::<PathBuf>("serve_path").unwrap())?;
+                .with_context(|| format!("Failed to load config at {}", config_path.display()))?;
-        let path_is_file = path.metadata()?.is_file();
+        }
-        let path_prefix = matches
+
-            .get_one::<String>("path-prefix")
+        if let Some(path) = matches.get_one::<PathBuf>("serve-path") {
-            .map(|v| v.trim_matches('/').to_owned())
+            args.serve_path = path.clone()
-            .unwrap_or_default();
+        }
-        let uri_prefix = if path_prefix.is_empty() {
+
+        args.serve_path = Self::sanitize_path(args.serve_path)?;
+
+        if let Some(port) = matches.get_one::<u16>("port") {
+            args.port = *port
+        }
+
+        if let Some(addrs) = matches.get_many::<String>("bind") {
+            let addrs: Vec<_> = addrs.map(|v| v.as_str()).collect();
+            args.addrs = BindAddr::parse_addrs(&addrs)?;
+        }
+
+        args.path_is_file = args.serve_path.metadata()?.is_file();
+        if let Some(path_prefix) = matches.get_one::<String>("path-prefix") {
+            args.path_prefix = path_prefix.clone();
+        }
+        args.path_prefix = args.path_prefix.trim_matches('/').to_string();
+
+        args.uri_prefix = if args.path_prefix.is_empty() {
             "/".to_owned()
         } else {
-            format!("/{}/", &encode_uri(&path_prefix))
+            format!("/{}/", &encode_uri(&args.path_prefix))
         };
-        let hidden: Vec<String> = matches
+
-            .get_one::<String>("hidden")
+        if let Some(hidden) = matches.get_many::<String>("hidden") {
-            .map(|v| v.split(',').map(|x| x.to_string()).collect())
+            args.hidden = hidden.cloned().collect();
-            .unwrap_or_default();
+        } else {
-        let enable_cors = matches.get_flag("enable-cors");
+            let mut hidden = vec![];
-        let auth: Vec<&str> = matches
+            std::mem::swap(&mut args.hidden, &mut hidden);
-            .get_many::<String>("auth")
+            args.hidden = hidden
-            .map(|auth| auth.map(|v| v.as_str()).collect())
+                .into_iter()
-            .unwrap_or_default();
+                .flat_map(|v| v.split(',').map(|v| v.to_string()).collect::<Vec<String>>())
-        let auth_method = match matches.get_one::<String>("auth-method").unwrap().as_str() {
+                .collect();
-            "basic" => AuthMethod::Basic,
+        }
-            _ => AuthMethod::Digest,
+
-        };
+        if !args.enable_cors {
-        let auth = AccessControl::new(&auth)?;
+            args.enable_cors = matches.get_flag("enable-cors");
-        let allow_upload = matches.get_flag("allow-all") || matches.get_flag("allow-upload");
+        }
-        let allow_delete = matches.get_flag("allow-all") || matches.get_flag("allow-delete");
+
-        let allow_search = matches.get_flag("allow-all") || matches.get_flag("allow-search");
+        if let Some(rules) = matches.get_many::<String>("auth") {
-        let allow_symlink = matches.get_flag("allow-all") || matches.get_flag("allow-symlink");
+            let rules: Vec<_> = rules.map(|v| v.as_str()).collect();
-        let allow_archive = matches.get_flag("allow-all") || matches.get_flag("allow-archive");
+            args.auth = AccessControl::new(&rules)?;
-        let render_index = matches.get_flag("render-index");
+        }
-        let render_try_index = matches.get_flag("render-try-index");
+
-        let render_spa = matches.get_flag("render-spa");
+        if !args.allow_all {
+            args.allow_all = matches.get_flag("allow-all");
+        }
+
+        let allow_all = args.allow_all;
+
+        if !args.allow_upload {
+            args.allow_upload = allow_all || matches.get_flag("allow-upload");
+        }
+        if !args.allow_delete {
+            args.allow_delete = allow_all || matches.get_flag("allow-delete");
+        }
+        if !args.allow_search {
+            args.allow_search = allow_all || matches.get_flag("allow-search");
+        }
+        if !args.allow_symlink {
+            args.allow_symlink = allow_all || matches.get_flag("allow-symlink");
+        }
+        if !args.allow_archive {
+            args.allow_archive = allow_all || matches.get_flag("allow-archive");
+        }
+        if !args.render_index {
+            args.render_index = matches.get_flag("render-index");
+        }
+
+        if !args.render_try_index {
+            args.render_try_index = matches.get_flag("render-try-index");
+        }
+
+        if !args.render_spa {
+            args.render_spa = matches.get_flag("render-spa");
+        }
+
+        if let Some(log_format) = matches.get_one::<String>("log-format") {
+            args.http_logger = log_format.parse()?;
+        }
+
+        if let Some(assets_path) = matches.get_one::<PathBuf>("assets") {
+            args.assets = Some(assets_path.clone());
+        }
+
+        if let Some(assets_path) = &args.assets {
+            args.assets = Some(Args::sanitize_assets_path(assets_path)?);
+        }
+
         #[cfg(feature = "tls")]
-        let tls = match (
+        {
-            matches.get_one::<PathBuf>("tls-cert"),
+            if let Some(tls_cert) = matches.get_one::<PathBuf>("tls-cert") {
-            matches.get_one::<PathBuf>("tls-key"),
+                args.tls_cert = Some(tls_cert.clone())
-        ) {
+            }
-            (Some(certs_file), Some(key_file)) => {
+
-                let certs = load_certs(certs_file)?;
+            if let Some(tls_key) = matches.get_one::<PathBuf>("tls-key") {
-                let key = load_private_key(key_file)?;
+                args.tls_key = Some(tls_key.clone())
-                Some((certs, key))
+            }
+
+            match (&args.tls_cert, &args.tls_key) {
+                (Some(_), Some(_)) => {}
+                (Some(_), _) => bail!("No tls-key set"),
+                (_, Some(_)) => bail!("No tls-cert set"),
+                (None, None) => {}
+            }
         }
-            _ => None,
-        };
         #[cfg(not(feature = "tls"))]
-        let tls = None;
+        {
-        let log_http: LogHttp = matches
+            args.tls_cert = None;
-            .get_one::<String>("log-format")
+            args.tls_key = None;
-            .map(|v| v.as_str())
-            .unwrap_or(DEFAULT_LOG_FORMAT)
-            .parse()?;
-        let assets_path = match matches.get_one::<PathBuf>("assets") {
-            Some(v) => Some(Args::parse_assets_path(v)?),
-            None => None,
-        };
-
-        Ok(Args {
-            addrs,
-            port,
-            path,
-            path_is_file,
-            path_prefix,
-            uri_prefix,
-            hidden,
-            auth_method,
-            auth,
-            enable_cors,
-            allow_delete,
-            allow_upload,
-            allow_search,
-            allow_symlink,
-            allow_archive,
-            render_index,
-            render_try_index,
-            render_spa,
-            tls,
-            log_http,
-            assets_path,
-        })
         }
 
-    fn parse_addrs(addrs: &[&str]) -> Result<Vec<BindAddr>> {
+        Ok(args)
+    }
+
+    fn sanitize_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
+        let path = path.as_ref();
+        if !path.exists() {
+            bail!("Path `{}` doesn't exist", path.display());
+        }
+
+        env::current_dir()
+            .and_then(|mut p| {
+                p.push(path); // If path is absolute, it replaces the current path.
+                std::fs::canonicalize(p)
+            })
+            .with_context(|| format!("Failed to access path `{}`", path.display()))
+    }
+
+    fn sanitize_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
+        let path = Self::sanitize_path(path)?;
+        if !path.join("index.html").exists() {
+            bail!("Path `{}` doesn't contains index.html", path.display());
+        }
+        Ok(path)
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+pub enum BindAddr {
+    Address(IpAddr),
+    Path(PathBuf),
+}
+
+impl BindAddr {
+    fn parse_addrs(addrs: &[&str]) -> Result<Vec<Self>> {
         let mut bind_addrs = vec![];
         let mut invalid_addrs = vec![];
         for addr in addrs {
@@ -368,32 +458,221 @@ impl Args {
         }
         Ok(bind_addrs)
     }
-
-    fn parse_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
-        let path = path.as_ref();
-        if !path.exists() {
-            bail!("Path `{}` doesn't exist", path.display());
-        }
-
-        env::current_dir()
-            .and_then(|mut p| {
-                p.push(path); // If path is absolute, it replaces the current path.
-                std::fs::canonicalize(p)
-            })
-            .with_context(|| format!("Failed to access path `{}`", path.display()))
-    }
-
-    fn parse_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
-        let path = Self::parse_path(path)?;
-        if !path.join("index.html").exists() {
-            bail!("Path `{}` doesn't contains index.html", path.display());
-        }
-        Ok(path)
-    }
 }
 
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+fn deserialize_bind_addrs<'de, D>(deserializer: D) -> Result<Vec<BindAddr>, D::Error>
-pub enum BindAddr {
+where
-    Address(IpAddr),
+    D: Deserializer<'de>,
-    Path(PathBuf),
+{
+    struct StringOrVec;
+
+    impl<'de> serde::de::Visitor<'de> for StringOrVec {
+        type Value = Vec<BindAddr>;
+
+        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
+            formatter.write_str("string or list of strings")
+        }
+
+        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
+        where
+            E: serde::de::Error,
+        {
+            BindAddr::parse_addrs(&[s]).map_err(serde::de::Error::custom)
+        }
+
+        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
+        where
+            S: serde::de::SeqAccess<'de>,
+        {
+            let addrs: Vec<&'de str> =
+                Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))?;
+            BindAddr::parse_addrs(&addrs).map_err(serde::de::Error::custom)
+        }
+    }
+
+    deserializer.deserialize_any(StringOrVec)
+}
+
+fn deserialize_string_or_vec<'de, D>(deserializer: D) -> Result<Vec<String>, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    struct StringOrVec;
+
+    impl<'de> serde::de::Visitor<'de> for StringOrVec {
+        type Value = Vec<String>;
+
+        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
+            formatter.write_str("string or list of strings")
+        }
+
+        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
+        where
+            E: serde::de::Error,
+        {
+            Ok(vec![s.to_owned()])
+        }
+
+        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
+        where
+            S: serde::de::SeqAccess<'de>,
+        {
+            Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))
+        }
+    }
+
+    deserializer.deserialize_any(StringOrVec)
+}
+
+fn deserialize_access_control<'de, D>(deserializer: D) -> Result<AccessControl, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let rules: Vec<&str> = Vec::deserialize(deserializer)?;
+    AccessControl::new(&rules).map_err(serde::de::Error::custom)
+}
+
+fn deserialize_log_http<'de, D>(deserializer: D) -> Result<HttpLogger, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let value: String = Deserialize::deserialize(deserializer)?;
+    value.parse().map_err(serde::de::Error::custom)
+}
+
+fn default_serve_path() -> PathBuf {
+    PathBuf::from(".")
+}
+
+fn default_addrs() -> Vec<BindAddr> {
+    BindAddr::parse_addrs(&["0.0.0.0", "::"]).unwrap()
+}
+
+fn default_port() -> u16 {
+    5000
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    use assert_fs::prelude::*;
+
+    #[test]
+    fn test_default() {
+        let cli = build_cli();
+        let matches = cli.try_get_matches_from(vec![""]).unwrap();
+        let args = Args::parse(matches).unwrap();
+        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
+        assert_eq!(args.serve_path, cwd);
+        assert_eq!(args.port, default_port());
+        assert_eq!(args.addrs, default_addrs());
+    }
+
+    #[test]
+    fn test_args_from_cli1() {
+        let tmpdir = assert_fs::TempDir::new().unwrap();
+        let cli = build_cli();
+        let matches = cli
+            .try_get_matches_from(vec![
+                "",
+                "--hidden",
+                "tmp,*.log,*.lock",
+                &tmpdir.to_string_lossy(),
+            ])
+            .unwrap();
+        let args = Args::parse(matches).unwrap();
+        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
+        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
+    }
+
+    #[test]
+    fn test_args_from_cli2() {
+        let cli = build_cli();
+        let matches = cli
+            .try_get_matches_from(vec![
+                "", "--hidden", "tmp", "--hidden", "*.log", "--hidden", "*.lock",
+            ])
+            .unwrap();
+        let args = Args::parse(matches).unwrap();
+        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
+    }
+
+    #[test]
+    fn test_args_from_empty_config_file() {
+        let tmpdir = assert_fs::TempDir::new().unwrap();
+        let config_file = tmpdir.child("config.yaml");
+        config_file.write_str("").unwrap();
+
+        let cli = build_cli();
+        let matches = cli
+            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
+            .unwrap();
+        let args = Args::parse(matches).unwrap();
+        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
+        assert_eq!(args.serve_path, cwd);
+        assert_eq!(args.port, default_port());
+        assert_eq!(args.addrs, default_addrs());
+    }
+
+    #[test]
+    fn test_args_from_config_file1() {
+        let tmpdir = assert_fs::TempDir::new().unwrap();
+        let config_file = tmpdir.child("config.yaml");
+        let contents = format!(
+            r#"
+serve-path: {}
+bind: 0.0.0.0
+port: 3000
+allow-upload: true
+hidden: tmp,*.log,*.lock
+"#,
+            tmpdir.display()
+        );
+        config_file.write_str(&contents).unwrap();
+
+        let cli = build_cli();
+        let matches = cli
+            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
+            .unwrap();
+        let args = Args::parse(matches).unwrap();
+        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
+        assert_eq!(
+            args.addrs,
+            vec![BindAddr::Address("0.0.0.0".parse().unwrap())]
+        );
+        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
+        assert_eq!(args.port, 3000);
+        assert!(args.allow_upload);
+    }
+
+    #[test]
+    fn test_args_from_config_file2() {
+        let tmpdir = assert_fs::TempDir::new().unwrap();
+        let config_file = tmpdir.child("config.yaml");
+        let contents = r#"
+bind:
+  - 127.0.0.1
+  - 192.168.8.10
+hidden:
+  - tmp
+  - '*.log'
+  - '*.lock'
+"#;
+        config_file.write_str(contents).unwrap();
+
+        let cli = build_cli();
+        let matches = cli
+            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
+            .unwrap();
+        let args = Args::parse(matches).unwrap();
+        assert_eq!(
+            args.addrs,
+            vec![
+                BindAddr::Address("127.0.0.1".parse().unwrap()),
+                BindAddr::Address("192.168.8.10".parse().unwrap())
+            ]
+        );
+        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
+    }
 }

src/auth.rs

@@ -11,10 +11,10 @@ use std::{
 };
 use uuid::Uuid;
 
-use crate::utils::unix_now;
+use crate::{args::Args, utils::unix_now};
 
 const REALM: &str = "DUFS";
-const DIGEST_AUTH_TIMEOUT: u32 = 86400;
+const DIGEST_AUTH_TIMEOUT: u32 = 604800; // 7 days
 
 lazy_static! {
     static ref NONCESTARTHASH: Context = {
@@ -25,49 +25,64 @@ lazy_static! {
     };
 }
 
-#[derive(Debug, Default)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct AccessControl {
+    use_hashed_password: bool,
     users: IndexMap<String, (String, AccessPaths)>,
     anony: Option<AccessPaths>,
 }
 
+impl Default for AccessControl {
+    fn default() -> Self {
+        AccessControl {
+            use_hashed_password: false,
+            anony: Some(AccessPaths::new(AccessPerm::ReadWrite)),
+            users: IndexMap::new(),
+        }
+    }
+}
+
 impl AccessControl {
     pub fn new(raw_rules: &[&str]) -> Result<Self> {
         if raw_rules.is_empty() {
-            return Ok(AccessControl {
+            return Ok(Default::default());
-                anony: Some(AccessPaths::new(AccessPerm::ReadWrite)),
-                users: IndexMap::new(),
-            });
         }
-
+        let new_raw_rules = compact_split_rules(raw_rules);
+        if new_raw_rules.len() != raw_rules.len() {
+            eprintln!("Warning: deprecate the use of `|` to separate auth rules.")
+        }
+        let mut use_hashed_password = false;
         let create_err = |v: &str| anyhow!("Invalid auth `{v}`");
         let mut anony = None;
         let mut anony_paths = vec![];
         let mut users = IndexMap::new();
-        for rule in raw_rules {
+        for rule in &new_raw_rules {
-            let (user, list) = rule.split_once('@').ok_or_else(|| create_err(rule))?;
+            let (account, paths) = split_account_paths(rule).ok_or_else(|| create_err(rule))?;
-            if user.is_empty() && anony.is_some() {
+            if account.is_empty() && anony.is_some() {
                 bail!("Invalid auth, duplicate anonymous rules");
             }
-            let mut paths = AccessPaths::default();
+            let mut access_paths = AccessPaths::default();
-            for value in list.trim_matches(',').split(',') {
+            for item in paths.trim_matches(',').split(',') {
-                let (path, perm) = match value.split_once(':') {
+                let (path, perm) = match item.split_once(':') {
-                    None => (value, AccessPerm::ReadOnly),
+                    None => (item, AccessPerm::ReadOnly),
                     Some((path, "rw")) => (path, AccessPerm::ReadWrite),
                     _ => return Err(create_err(rule)),
                 };
-                if user.is_empty() {
+                if account.is_empty() {
                     anony_paths.push((path, perm));
                 }
-                paths.add(path, perm);
+                access_paths.add(path, perm);
             }
-            if user.is_empty() {
+            if account.is_empty() {
-                anony = Some(paths);
+                anony = Some(access_paths);
-            } else if let Some((user, pass)) = user.split_once(':') {
+            } else if let Some((user, pass)) = account.split_once(':') {
                 if user.is_empty() || pass.is_empty() {
                     return Err(create_err(rule));
                 }
-                users.insert(user.to_string(), (pass.to_string(), paths));
+                if pass.starts_with("$6$") {
+                    use_hashed_password = true;
+                }
+                users.insert(user.to_string(), (pass.to_string(), access_paths));
             } else {
                 return Err(create_err(rule));
             }
@@ -77,11 +92,15 @@ impl AccessControl {
                 paths.add(path, perm)
             }
         }
-        Ok(Self { users, anony })
+        Ok(Self {
+            use_hashed_password,
+            users,
+            anony,
+        })
     }
 
-    pub fn valid(&self) -> bool {
+    pub fn exist(&self) -> bool {
-        !self.users.is_empty() || self.anony.is_some()
+        !self.users.is_empty()
     }
 
     pub fn guard(
@@ -89,18 +108,14 @@ impl AccessControl {
         path: &str,
         method: &Method,
         authorization: Option<&HeaderValue>,
-        auth_method: AuthMethod,
     ) -> (Option<String>, Option<AccessPaths>) {
         if let Some(authorization) = authorization {
-            if let Some(user) = auth_method.get_user(authorization) {
+            if let Some(user) = get_auth_user(authorization) {
                 if let Some((pass, paths)) = self.users.get(&user) {
                     if method == Method::OPTIONS {
                         return (Some(user), Some(AccessPaths::new(AccessPerm::ReadOnly)));
                     }
-                    if auth_method
+                    if check_auth(authorization, method.as_str(), &user, pass).is_some() {
-                        .check(authorization, method.as_str(), &user, pass)
-                        .is_some()
-                    {
                         return (Some(user), paths.find(path, !is_readonly_method(method)));
                     } else {
                         return (None, None);
@@ -243,82 +258,58 @@ impl AccessPerm {
     }
 }
 
-fn is_readonly_method(method: &Method) -> bool {
+pub fn www_authenticate(args: &Args) -> Result<HeaderValue> {
-    method == Method::GET
+    let value = if args.auth.use_hashed_password {
-        || method == Method::OPTIONS
+        format!("Basic realm=\"{}\"", REALM)
-        || method == Method::HEAD
+    } else {
-        || method.as_str() == "PROPFIND"
+        let nonce = create_nonce()?;
+        format!(
+            "Digest realm=\"{}\", nonce=\"{}\", qop=\"auth\", Basic realm=\"{}\"",
+            REALM, nonce, REALM
+        )
+    };
+    Ok(HeaderValue::from_str(&value)?)
 }
 
-#[derive(Debug, Clone)]
+pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> {
-pub enum AuthMethod {
+    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
-    Basic,
+        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
-    Digest,
-}
-
-impl AuthMethod {
-    pub fn www_auth(&self, stale: bool) -> Result<String> {
-        match self {
-            AuthMethod::Basic => Ok(format!("Basic realm=\"{REALM}\"")),
-            AuthMethod::Digest => {
-                let str_stale = if stale { "stale=true," } else { "" };
-                Ok(format!(
-                    "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\"",
-                    REALM,
-                    create_nonce()?,
-                    str_stale
-                ))
-            }
-        }
-    }
-
-    pub fn get_user(&self, authorization: &HeaderValue) -> Option<String> {
-        match self {
-            AuthMethod::Basic => {
-                let value: Vec<u8> = general_purpose::STANDARD
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
-                    .ok()?;
         let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
         Some(parts[0].to_string())
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
+        let digest_map = to_headermap(value).ok()?;
+        let username = digest_map.get(b"username".as_ref())?;
+        std::str::from_utf8(username).map(|v| v.to_string()).ok()
+    } else {
+        None
     }
-            AuthMethod::Digest => {
+}
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
-                let digest_map = to_headermap(digest_value).ok()?;
-                digest_map
-                    .get(b"username".as_ref())
-                    .and_then(|b| std::str::from_utf8(b).ok())
-                    .map(|v| v.to_string())
-            }
-        }
-    }
 
-    fn check(
+pub fn check_auth(
-        &self,
     authorization: &HeaderValue,
     method: &str,
     auth_user: &str,
     auth_pass: &str,
-    ) -> Option<()> {
+) -> Option<()> {
-        match self {
+    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
-            AuthMethod::Basic => {
+        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
-                let basic_value: Vec<u8> = general_purpose::STANDARD
+        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
-                    .ok()?;
-                let parts: Vec<&str> = std::str::from_utf8(&basic_value).ok()?.split(':').collect();
 
         if parts[0] != auth_user {
             return None;
         }
 
-                if parts[1] == auth_pass {
+        if auth_pass.starts_with("$6$") {
+            if let Ok(()) = sha_crypt::sha512_check(parts[1], auth_pass) {
+                return Some(());
+            }
+        } else if parts[1] == auth_pass {
             return Some(());
         }
 
         None
-            }
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
-            AuthMethod::Digest => {
+        let digest_map = to_headermap(value).ok()?;
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
-                let digest_map = to_headermap(digest_value).ok()?;
         if let (Some(username), Some(nonce), Some(user_response)) = (
             digest_map
                 .get(b"username".as_ref())
@@ -386,8 +377,8 @@ impl AuthMethod {
             }
         }
         None
-            }
+    } else {
-        }
+        None
     }
 }
 
@@ -419,6 +410,13 @@ fn validate_nonce(nonce: &[u8]) -> Result<bool> {
     bail!("invalid nonce");
 }
 
+fn is_readonly_method(method: &Method) -> bool {
+    method == Method::GET
+        || method == Method::OPTIONS
+        || method == Method::HEAD
+        || method.as_str() == "PROPFIND"
+}
+
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
     let l = prefix.len();
     if search.len() < l {
@@ -482,10 +480,75 @@ fn create_nonce() -> Result<String> {
     Ok(n[..34].to_string())
 }
 
+fn split_account_paths(s: &str) -> Option<(&str, &str)> {
+    let i = s.find("@/")?;
+    Some((&s[0..i], &s[i + 1..]))
+}
+
+/// Compatible with deprecated usage of `|` for role separation
+fn compact_split_rules(rules: &[&str]) -> Vec<String> {
+    let mut output = vec![];
+    for rule in rules {
+        let parts: Vec<&str> = rule.split('|').collect();
+        let mut rules_list = vec![];
+        let mut concated_part = String::new();
+        for (i, part) in parts.iter().enumerate() {
+            if part.contains("@/") {
+                concated_part.push_str(part);
+                let mut concated_part_tmp = String::new();
+                std::mem::swap(&mut concated_part_tmp, &mut concated_part);
+                rules_list.push(concated_part_tmp);
+                continue;
+            }
+            concated_part.push_str(part);
+            if i < parts.len() - 1 {
+                concated_part.push('|');
+            }
+        }
+        if !concated_part.is_empty() {
+            rules_list.push(concated_part)
+        }
+        output.extend(rules_list);
+    }
+    output
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
 
+    #[test]
+    fn test_split_account_paths() {
+        assert_eq!(
+            split_account_paths("user:pass@/:rw"),
+            Some(("user:pass", "/:rw"))
+        );
+        assert_eq!(
+            split_account_paths("user:pass@@/:rw"),
+            Some(("user:pass@", "/:rw"))
+        );
+        assert_eq!(
+            split_account_paths("user:pass@1@/:rw"),
+            Some(("user:pass@1", "/:rw"))
+        );
+    }
+
+    #[test]
+    fn test_compact_split_rules() {
+        assert_eq!(
+            compact_split_rules(&["user1:pass1@/:rw|user2:pass2@/:rw"]),
+            ["user1:pass1@/:rw", "user2:pass2@/:rw"]
+        );
+        assert_eq!(
+            compact_split_rules(&["user1:pa|ss1@/:rw|user2:pa|ss2@/:rw"]),
+            ["user1:pa|ss1@/:rw", "user2:pa|ss2@/:rw"]
+        );
+        assert_eq!(
+            compact_split_rules(&["user1:pa|ss1@/:rw|@/"]),
+            ["user1:pa|ss1@/:rw", "@/"]
+        );
+    }
+
     #[test]
     fn test_access_paths() {
         let mut paths = AccessPaths::default();

src/http_logger.rs

@@ -1,23 +1,29 @@
-use std::{collections::HashMap, str::FromStr, sync::Arc};
+use std::{collections::HashMap, str::FromStr};
 
-use crate::{args::Args, server::Request};
+use crate::{auth::get_auth_user, server::Request};
 
 pub const DEFAULT_LOG_FORMAT: &str = r#"$remote_addr "$request" $status"#;
 
-#[derive(Debug)]
+#[derive(Debug, Clone, PartialEq)]
-pub struct LogHttp {
+pub struct HttpLogger {
     elements: Vec<LogElement>,
 }
 
-#[derive(Debug)]
+impl Default for HttpLogger {
+    fn default() -> Self {
+        DEFAULT_LOG_FORMAT.parse().unwrap()
+    }
+}
+
+#[derive(Debug, Clone, PartialEq)]
 enum LogElement {
     Variable(String),
     Header(String),
     Literal(String),
 }
 
-impl LogHttp {
+impl HttpLogger {
-    pub fn data(&self, req: &Request, args: &Arc<Args>) -> HashMap<String, String> {
+    pub fn data(&self, req: &Request) -> HashMap<String, String> {
         let mut data = HashMap::default();
         for element in self.elements.iter() {
             match element {
@@ -26,10 +32,8 @@ impl LogHttp {
                         data.insert(name.to_string(), format!("{} {}", req.method(), req.uri()));
                     }
                     "remote_user" => {
-                        if let Some(user) = req
+                        if let Some(user) =
-                            .headers()
+                            req.headers().get("authorization").and_then(get_auth_user)
-                            .get("authorization")
-                            .and_then(|v| args.auth_method.get_user(v))
                         {
                             data.insert(name.to_string(), user);
                         }
@@ -66,7 +70,7 @@ impl LogHttp {
     }
 }
 
-impl FromStr for LogHttp {
+impl FromStr for HttpLogger {
     type Err = anyhow::Error;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         let mut elements = vec![];

src/main.rs

@@ -1,6 +1,6 @@
 mod args;
 mod auth;
-mod log_http;
+mod http_logger;
 mod logger;
 mod server;
 mod streamer;
@@ -16,7 +16,7 @@ extern crate log;
 use crate::args::{build_cli, print_completions, Args};
 use crate::server::{Request, Server};
 #[cfg(feature = "tls")]
-use crate::tls::{TlsAcceptor, TlsStream};
+use crate::tls::{load_certs, load_private_key, TlsAcceptor, TlsStream};
 
 use anyhow::{anyhow, Context, Result};
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
@@ -88,9 +88,12 @@ fn serve(
             BindAddr::Address(ip) => {
                 let incoming = create_addr_incoming(SocketAddr::new(*ip, port))
                     .with_context(|| format!("Failed to bind `{ip}:{port}`"))?;
-                match args.tls.as_ref() {
+
+                match (&args.tls_cert, &args.tls_key) {
                     #[cfg(feature = "tls")]
-                    Some((certs, key)) => {
+                    (Some(cert_file), Some(key_file)) => {
+                        let certs = load_certs(cert_file)?;
+                        let key = load_private_key(key_file)?;
                         let config = ServerConfig::builder()
                             .with_safe_defaults()
                             .with_no_client_auth()
@@ -105,11 +108,7 @@ fn serve(
                             tokio::spawn(hyper::Server::builder(accepter).serve(new_service));
                         handles.push(server);
                     }
-                    #[cfg(not(feature = "tls"))]
+                    (None, None) => {
-                    Some(_) => {
-                        unreachable!()
-                    }
-                    None => {
                         let new_service = make_service_fn(move |socket: &AddrStream| {
                             let remote_addr = socket.remote_addr();
                             serve_func(Some(remote_addr))
@@ -118,6 +117,9 @@ fn serve(
                             tokio::spawn(hyper::Server::builder(incoming).serve(new_service));
                         handles.push(server);
                     }
+                    _ => {
+                        unreachable!()
+                    }
                 };
             }
             BindAddr::Path(path) => {
@@ -195,7 +197,11 @@ fn print_listening(args: Arc<Args>) -> Result<()> {
                     IpAddr::V4(_) => format!("{}:{}", addr, args.port),
                     IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
                 };
-                let protocol = if args.tls.is_some() { "https" } else { "http" };
+                let protocol = if args.tls_cert.is_some() {
+                    "https"
+                } else {
+                    "http"
+                };
                 format!("{}://{}{}", protocol, addr, args.uri_prefix)
             }
             BindAddr::Path(path) => path.display().to_string(),

src/server.rs

@@ -1,6 +1,6 @@
 #![allow(clippy::too_many_arguments)]
 
-use crate::auth::AccessPaths;
+use crate::auth::{www_authenticate, AccessPaths, AccessPerm};
 use crate::streamer::Streamer;
 use crate::utils::{
     decode_uri, encode_uri, get_file_mtime_and_mode, get_file_name, glob, try_get_file_name,
@@ -15,9 +15,9 @@ use async_zip::{Compression, ZipDateTime, ZipEntryBuilder};
 use chrono::{LocalResult, TimeZone, Utc};
 use futures::TryStreamExt;
 use headers::{
-    AcceptRanges, AccessControlAllowCredentials, AccessControlAllowOrigin, ContentLength,
+    AcceptRanges, AccessControlAllowCredentials, AccessControlAllowOrigin, CacheControl,
-    ContentType, ETag, HeaderMap, HeaderMapExt, IfModifiedSince, IfNoneMatch, IfRange,
+    ContentLength, ContentType, ETag, HeaderMap, HeaderMapExt, IfModifiedSince, IfNoneMatch,
-    LastModified, Range,
+    IfRange, LastModified, Range,
 };
 use hyper::header::{
     HeaderValue, AUTHORIZATION, CONTENT_DISPOSITION, CONTENT_LENGTH, CONTENT_RANGE, CONTENT_TYPE,
@@ -26,12 +26,13 @@ use hyper::header::{
 use hyper::{Body, Method, StatusCode, Uri};
 use serde::Serialize;
 use std::borrow::Cow;
+use std::cmp::Ordering;
 use std::collections::HashMap;
 use std::fs::Metadata;
 use std::io::SeekFrom;
 use std::net::SocketAddr;
 use std::path::{Path, PathBuf};
-use std::sync::atomic::{AtomicBool, Ordering};
+use std::sync::atomic::{self, AtomicBool};
 use std::sync::Arc;
 use std::time::SystemTime;
 use tokio::fs::File;
@@ -70,13 +71,13 @@ impl Server {
                 encode_uri(&format!(
                     "{}{}",
                     &args.uri_prefix,
-                    get_file_name(&args.path)
+                    get_file_name(&args.serve_path)
                 )),
             ]
         } else {
             vec![]
         };
-        let html = match args.assets_path.as_ref() {
+        let html = match args.assets.as_ref() {
             Some(path) => Cow::Owned(std::fs::read_to_string(path.join("index.html"))?),
             None => Cow::Borrowed(INDEX_HTML),
         };
@@ -95,9 +96,9 @@ impl Server {
         addr: Option<SocketAddr>,
     ) -> Result<Response, hyper::Error> {
         let uri = req.uri().clone();
-        let assets_prefix = self.assets_prefix.clone();
+        let assets_prefix = &self.assets_prefix;
         let enable_cors = self.args.enable_cors;
-        let mut http_log_data = self.args.log_http.data(&req, &self.args);
+        let mut http_log_data = self.args.http_logger.data(&req);
         if let Some(addr) = addr {
             http_log_data.insert("remote_addr".to_string(), addr.ip().to_string());
         }
@@ -105,8 +106,8 @@ impl Server {
         let mut res = match self.clone().handle(req).await {
             Ok(res) => {
                 http_log_data.insert("status".to_string(), res.status().as_u16().to_string());
-                if !uri.path().starts_with(&assets_prefix) {
+                if !uri.path().starts_with(assets_prefix) {
-                    self.args.log_http.log(&http_log_data, None);
+                    self.args.http_logger.log(&http_log_data, None);
                 }
                 res
             }
@@ -116,7 +117,7 @@ impl Server {
                 *res.status_mut() = status;
                 http_log_data.insert("status".to_string(), status.as_u16().to_string());
                 self.args
-                    .log_http
+                    .http_logger
                     .log(&http_log_data, Some(err.to_string()));
                 res
             }
@@ -148,12 +149,7 @@ impl Server {
             }
         };
 
-        let guard = self.args.auth.guard(
+        let guard = self.args.auth.guard(&relative_path, &method, authorization);
-            &relative_path,
-            &method,
-            authorization,
-            self.args.auth_method.clone(),
-        );
 
         let (user, access_paths) = match guard {
             (None, None) => {
@@ -184,7 +180,7 @@ impl Server {
                 .iter()
                 .any(|v| v.as_str() == req_path)
             {
-                self.handle_send_file(&self.args.path, headers, head_only, &mut res)
+                self.handle_send_file(&self.args.serve_path, headers, head_only, &mut res)
                     .await?;
             } else {
                 status_not_found(&mut res);
@@ -294,7 +290,10 @@ impl Server {
                     }
                 } else if is_file {
                     if query_params.contains_key("edit") {
-                        self.handle_edit_file(path, head_only, user, &mut res)
+                        self.handle_deal_file(path, DataKind::Edit, head_only, user, &mut res)
+                            .await?;
+                    } else if query_params.contains_key("view") {
+                        self.handle_deal_file(path, DataKind::View, head_only, user, &mut res)
                             .await?;
                     } else {
                         self.handle_send_file(path, headers, head_only, &mut res)
@@ -340,6 +339,12 @@ impl Server {
             method => match method.as_str() {
                 "PROPFIND" => {
                     if is_dir {
+                        let access_paths = if access_paths.perm().indexonly() {
+                            // see https://github.com/sigoden/dufs/issues/229
+                            AccessPaths::new(AccessPerm::ReadOnly)
+                        } else {
+                            access_paths
+                        };
                         self.handle_propfind_dir(path, headers, access_paths, &mut res)
                             .await?;
                     } else if is_file {
@@ -425,7 +430,12 @@ impl Server {
 
         futures::pin_mut!(body_reader);
 
-        io::copy(&mut body_reader, &mut file).await?;
+        let ret = io::copy(&mut body_reader, &mut file).await;
+        if ret.is_err() {
+            tokio::fs::remove_file(&path).await?;
+
+            ret?;
+        }
 
         *res.status_mut() = StatusCode::CREATED;
         Ok(())
@@ -453,7 +463,7 @@ impl Server {
     ) -> Result<()> {
         let mut paths = vec![];
         if exist {
-            paths = match self.list_dir(path, path, access_paths).await {
+            paths = match self.list_dir(path, path, access_paths.clone()).await {
                 Ok(paths) => paths,
                 Err(_) => {
                     status_forbid(res);
@@ -461,7 +471,16 @@ impl Server {
                 }
             }
         };
-        self.send_index(path, paths, exist, query_params, head_only, user, res)
+        self.send_index(
+            path,
+            paths,
+            exist,
+            query_params,
+            head_only,
+            user,
+            access_paths,
+            res,
+        )
     }
 
     async fn handle_search_dir(
@@ -483,12 +502,14 @@ impl Server {
             let hidden = Arc::new(self.args.hidden.to_vec());
             let hidden = hidden.clone();
             let running = self.running.clone();
+            let access_paths = access_paths.clone();
             let search_paths = tokio::task::spawn_blocking(move || {
                 let mut paths: Vec<PathBuf> = vec![];
                 for dir in access_paths.leaf_paths(&path_buf) {
                     let mut it = WalkDir::new(&dir).into_iter();
+                    it.next();
                     while let Some(Ok(entry)) = it.next() {
-                        if !running.load(Ordering::SeqCst) {
+                        if !running.load(atomic::Ordering::SeqCst) {
                             break;
                         }
                         let entry_path = entry.path();
@@ -526,7 +547,16 @@ impl Server {
                 }
             }
         }
-        self.send_index(path, paths, true, query_params, head_only, user, res)
+        self.send_index(
+            path,
+            paths,
+            true,
+            query_params,
+            head_only,
+            user,
+            access_paths,
+            res,
+        )
     }
 
     async fn handle_zip_dir(
@@ -593,7 +623,7 @@ impl Server {
         res: &mut Response,
     ) -> Result<()> {
         if path.extension().is_none() {
-            let path = self.args.path.join(INDEX_NAME);
+            let path = self.args.serve_path.join(INDEX_NAME);
             self.handle_send_file(&path, headers, head_only, res)
                 .await?;
         } else {
@@ -609,7 +639,7 @@ impl Server {
         res: &mut Response,
     ) -> Result<bool> {
         if let Some(name) = req_path.strip_prefix(&self.assets_prefix) {
-            match self.args.assets_path.as_ref() {
+            match self.args.assets.as_ref() {
                 Some(assets_path) => {
                     let path = assets_path.join(name);
                     self.handle_send_file(&path, headers, false, res).await?;
@@ -619,13 +649,15 @@ impl Server {
                         *res.body_mut() = Body::from(INDEX_JS);
                         res.headers_mut().insert(
                             "content-type",
-                            HeaderValue::from_static("application/javascript"),
+                            HeaderValue::from_static("application/javascript; charset=UTF-8"),
                         );
                     }
                     "index.css" => {
                         *res.body_mut() = Body::from(INDEX_CSS);
-                        res.headers_mut()
+                        res.headers_mut().insert(
-                            .insert("content-type", HeaderValue::from_static("text/css"));
+                            "content-type",
+                            HeaderValue::from_static("text/css; charset=UTF-8"),
+                        );
                     }
                     "favicon.ico" => {
                         *res.body_mut() = Body::from(FAVICON_ICO);
@@ -639,7 +671,11 @@ impl Server {
             }
             res.headers_mut().insert(
                 "cache-control",
-                HeaderValue::from_static("max-age=2592000, public"),
+                HeaderValue::from_static("public, max-age=31536000, immutable"),
+            );
+            res.headers_mut().insert(
+                "x-content-type-options",
+                HeaderValue::from_static("nosniff"),
             );
             Ok(true)
         } else {
@@ -740,26 +776,30 @@ impl Server {
         Ok(())
     }
 
-    async fn handle_edit_file(
+    async fn handle_deal_file(
         &self,
         path: &Path,
+        kind: DataKind,
         head_only: bool,
         user: Option<String>,
         res: &mut Response,
     ) -> Result<()> {
         let (file, meta) = tokio::join!(fs::File::open(path), fs::metadata(path),);
         let (file, meta) = (file?, meta?);
-        let href = format!("/{}", normalize_path(path.strip_prefix(&self.args.path)?));
+        let href = format!(
+            "/{}",
+            normalize_path(path.strip_prefix(&self.args.serve_path)?)
+        );
         let mut buffer: Vec<u8> = vec![];
         file.take(1024).read_to_end(&mut buffer).await?;
         let editable = meta.len() <= TEXT_MAX_SIZE && content_inspector::inspect(&buffer).is_text();
         let data = EditData {
             href,
-            kind: DataKind::Edit,
+            kind,
             uri_prefix: self.args.uri_prefix.clone(),
             allow_upload: self.args.allow_upload,
             allow_delete: self.args.allow_delete,
-            auth: self.args.auth.valid(),
+            auth: self.args.auth.exist(),
             user,
             editable,
         };
@@ -767,7 +807,7 @@ impl Server {
             .typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8));
         let output = self
             .html
-            .replace("__ASSERTS_PREFIX__", &self.assets_prefix)
+            .replace("__ASSETS_PREFIX__", &self.assets_prefix)
             .replace("__INDEX_DATA__", &serde_json::to_string(&data)?);
         res.headers_mut()
             .typed_insert(ContentLength(output.as_bytes().len() as u64));
@@ -795,12 +835,15 @@ impl Server {
             },
             None => 1,
         };
-        let mut paths = match self.to_pathitem(path, &self.args.path).await? {
+        let mut paths = match self.to_pathitem(path, &self.args.serve_path).await? {
             Some(v) => vec![v],
             None => vec![],
         };
         if depth != 0 {
-            match self.list_dir(path, &self.args.path, access_paths).await {
+            match self
+                .list_dir(path, &self.args.serve_path, access_paths)
+                .await
+            {
                 Ok(child) => paths.extend(child),
                 Err(_) => {
                     status_forbid(res);
@@ -820,7 +863,7 @@ impl Server {
     }
 
     async fn handle_propfind_file(&self, path: &Path, res: &mut Response) -> Result<()> {
-        if let Some(pathitem) = self.to_pathitem(path, &self.args.path).await? {
+        if let Some(pathitem) = self.to_pathitem(path, &self.args.serve_path).await? {
             res_multistatus(res, &pathitem.to_dav_xml(self.args.uri_prefix.as_str()));
         } else {
             status_not_found(res);
@@ -920,17 +963,16 @@ impl Server {
         query_params: &HashMap<String, String>,
         head_only: bool,
         user: Option<String>,
+        access_paths: AccessPaths,
         res: &mut Response,
     ) -> Result<()> {
         if let Some(sort) = query_params.get("sort") {
             if sort == "name" {
-                paths.sort_by(|v1, v2| {
+                paths.sort_by(|v1, v2| v1.sort_by_name(v2))
-                    alphanumeric_sort::compare_str(v1.name.to_lowercase(), v2.name.to_lowercase())
-                })
             } else if sort == "mtime" {
-                paths.sort_by(|v1, v2| v1.mtime.cmp(&v2.mtime))
+                paths.sort_by(|v1, v2| v1.sort_by_mtime(v2))
             } else if sort == "size" {
-                paths.sort_by(|v1, v2| v1.size.unwrap_or(0).cmp(&v2.size.unwrap_or(0)))
+                paths.sort_by(|v1, v2| v1.sort_by_size(v2))
             }
             if query_params
                 .get("order")
@@ -940,7 +982,7 @@ impl Server {
                 paths.reverse()
             }
         } else {
-            paths.sort_unstable();
+            paths.sort_by(|v1, v2| v1.sort_by_name(v2))
         }
         if query_params.contains_key("simple") {
             let output = paths
@@ -964,17 +1006,21 @@ impl Server {
             }
             return Ok(());
         }
-        let href = format!("/{}", normalize_path(path.strip_prefix(&self.args.path)?));
+        let href = format!(
+            "/{}",
+            normalize_path(path.strip_prefix(&self.args.serve_path)?)
+        );
+        let readwrite = access_paths.perm().readwrite();
         let data = IndexData {
             kind: DataKind::Index,
             href,
             uri_prefix: self.args.uri_prefix.clone(),
-            allow_upload: self.args.allow_upload,
+            allow_upload: self.args.allow_upload && readwrite,
-            allow_delete: self.args.allow_delete,
+            allow_delete: self.args.allow_delete && readwrite,
             allow_search: self.args.allow_search,
             allow_archive: self.args.allow_archive,
             dir_exists: exist,
-            auth: self.args.auth.valid(),
+            auth: self.args.auth.exist(),
             user,
             paths,
         };
@@ -986,11 +1032,17 @@ impl Server {
             res.headers_mut()
                 .typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8));
             self.html
-                .replace("__ASSERTS_PREFIX__", &self.assets_prefix)
+                .replace("__ASSETS_PREFIX__", &self.assets_prefix)
                 .replace("__INDEX_DATA__", &serde_json::to_string(&data)?)
         };
         res.headers_mut()
             .typed_insert(ContentLength(output.as_bytes().len() as u64));
+        res.headers_mut()
+            .typed_insert(CacheControl::new().with_no_cache());
+        res.headers_mut().insert(
+            "x-content-type-options",
+            HeaderValue::from_static("nosniff"),
+        );
         if head_only {
             return Ok(());
         }
@@ -999,9 +1051,9 @@ impl Server {
     }
 
     fn auth_reject(&self, res: &mut Response) -> Result<()> {
-        let value = self.args.auth_method.www_auth(false)?;
         set_webdav_headers(res);
-        res.headers_mut().insert(WWW_AUTHENTICATE, value.parse()?);
+        res.headers_mut()
+            .append(WWW_AUTHENTICATE, www_authenticate(&self.args)?);
         // set 401 to make the browser pop up the login box
         *res.status_mut() = StatusCode::UNAUTHORIZED;
         Ok(())
@@ -1011,7 +1063,7 @@ impl Server {
         fs::canonicalize(path)
             .await
             .ok()
-            .map(|v| v.starts_with(&self.args.path))
+            .map(|v| v.starts_with(&self.args.serve_path))
             .unwrap_or_default()
     }
 
@@ -1034,12 +1086,10 @@ impl Server {
         };
 
         let authorization = headers.get(AUTHORIZATION);
-        let guard = self.args.auth.guard(
+        let guard = self
-            &relative_path,
+            .args
-            req.method(),
+            .auth
-            authorization,
+            .guard(&relative_path, req.method(), authorization);
-            self.args.auth_method.clone(),
-        );
 
         match guard {
             (_, Some(_)) => {}
@@ -1079,14 +1129,14 @@ impl Server {
 
     fn join_path(&self, path: &str) -> Option<PathBuf> {
         if path.is_empty() {
-            return Some(self.args.path.clone());
+            return Some(self.args.serve_path.clone());
         }
         let path = if cfg!(windows) {
             path.replace('/', "\\")
         } else {
             path.to_string()
         };
-        Some(self.args.path.join(path))
+        Some(self.args.serve_path.join(path))
     }
 
     async fn list_dir(
@@ -1152,10 +1202,11 @@ impl Server {
     }
 }
 
-#[derive(Debug, Serialize)]
+#[derive(Debug, Serialize, PartialEq)]
 enum DataKind {
     Index,
     Edit,
+    View,
 }
 
 #[derive(Debug, Serialize)]
@@ -1242,12 +1293,45 @@ impl PathItem {
             ),
         }
     }
+
     pub fn base_name(&self) -> &str {
         self.name.split('/').last().unwrap_or_default()
     }
+
+    pub fn sort_by_name(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => {
+                alphanumeric_sort::compare_str(self.name.to_lowercase(), other.name.to_lowercase())
+            }
+            v => v,
+        }
+    }
+
+    pub fn sort_by_mtime(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => self.mtime.cmp(&other.mtime),
+            v => v,
+        }
+    }
+
+    pub fn sort_by_size(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => {
+                if self.is_dir() {
+                    alphanumeric_sort::compare_str(
+                        self.name.to_lowercase(),
+                        other.name.to_lowercase(),
+                    )
+                } else {
+                    self.size.unwrap_or(0).cmp(&other.size.unwrap_or(0))
+                }
+            }
+            v => v,
+        }
+    }
 }
 
-#[derive(Debug, Serialize, Eq, PartialEq, Ord, PartialOrd)]
+#[derive(Debug, Serialize, Eq, PartialEq)]
 enum PathType {
     Dir,
     SymlinkDir,
@@ -1255,6 +1339,24 @@ enum PathType {
     SymlinkFile,
 }
 
+impl Ord for PathType {
+    fn cmp(&self, other: &Self) -> Ordering {
+        let to_value = |t: &Self| -> u8 {
+            if matches!(t, Self::Dir | Self::SymlinkDir) {
+                0
+            } else {
+                1
+            }
+        };
+        to_value(self).cmp(&to_value(other))
+    }
+}
+impl PartialOrd for PathType {
+    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
+        Some(self.cmp(other))
+    }
+}
+
 fn to_timestamp(time: &SystemTime) -> u64 {
     time.duration_since(SystemTime::UNIX_EPOCH)
         .unwrap_or_default()
@@ -1327,8 +1429,9 @@ async fn zip_dir<W: AsyncWrite + Unpin>(
         let mut paths: Vec<PathBuf> = vec![];
         for dir in access_paths.leaf_paths(&dir_clone) {
             let mut it = WalkDir::new(&dir).into_iter();
+            it.next();
             while let Some(Ok(entry)) = it.next() {
-                if !running.load(Ordering::SeqCst) {
+                if !running.load(atomic::Ordering::SeqCst) {
                     break;
                 }
                 let entry_path = entry.path();

tests/assets.rs

@@ -32,7 +32,7 @@ fn asset_js(server: TestServer) -> Result<(), Error> {
     assert_eq!(resp.status(), 200);
     assert_eq!(
         resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
     );
     Ok(())
 }
@@ -46,7 +46,10 @@ fn asset_css(server: TestServer) -> Result<(), Error> {
     );
     let resp = reqwest::blocking::get(url)?;
     assert_eq!(resp.status(), 200);
-    assert_eq!(resp.headers().get("content-type").unwrap(), "text/css");
+    assert_eq!(
+        resp.headers().get("content-type").unwrap(),
+        "text/css; charset=UTF-8"
+    );
     Ok(())
 }
 
@@ -90,7 +93,7 @@ fn asset_js_with_prefix(
     assert_eq!(resp.status(), 200);
     assert_eq!(
         resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
     );
     Ok(())
 }

tests/auth.rs

@@ -18,20 +18,48 @@ fn no_auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> R
 }
 
 #[rstest]
-fn auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Result<(), Error> {
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
+#[case(server(&["--auth", "user:pa:ss@1@/:rw", "-A"]), "user", "pa:ss@1")]
+fn auth(#[case] server: TestServer, #[case] user: &str, #[case] pass: &str) -> Result<(), Error> {
     let url = format!("{}file1", server.url());
     let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
     assert_eq!(resp.status(), 401);
     let resp = fetch!(b"PUT", &url)
         .body(b"abc".to_vec())
-        .send_with_digest_auth("user", "pass")?;
+        .send_with_digest_auth(user, pass)?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}
+
+const HASHED_PASSWORD_AUTH: &str =  "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw"; // user:pass
+
+#[rstest]
+fn auth_hashed_password(
+    #[with(&["--auth", HASHED_PASSWORD_AUTH, "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    if let Err(err) = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user", "pass")
+    {
+        assert_eq!(
+            format!("{err:?}"),
+            r#"DigestAuth(MissingRequired("realm", "Basic realm=\"DUFS\""))"#
+        );
+    }
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .basic_auth("user", Some("pass"))
+        .send()?;
     assert_eq!(resp.status(), 201);
     Ok(())
 }
 
 #[rstest]
 fn auth_and_public(
-    #[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
+    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}file1", server.url());
     let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
@@ -65,6 +93,20 @@ fn auth_skip_on_options_method(
 
 #[rstest]
 fn auth_check(
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"WRITEABLE", &url).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = fetch!(b"WRITEABLE", &url).send_with_digest_auth("user2", "pass2")?;
+    assert_eq!(resp.status(), 403);
+    let resp = fetch!(b"WRITEABLE", &url).send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
+#[rstest]
+fn auth_compact_rules(
     #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
@@ -79,7 +121,7 @@ fn auth_check(
 
 #[rstest]
 fn auth_readonly(
-    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
     let resp = fetch!(b"GET", &url).send()?;
@@ -96,7 +138,7 @@ fn auth_readonly(
 
 #[rstest]
 fn auth_nest(
-    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "--auth", "user3:pass3@/dir1:rw", "-A"])]
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "--auth", "user3:pass3@/dir1:rw", "-A"])]
     server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}dir1/file1", server.url());
@@ -125,8 +167,8 @@ fn auth_nest_share(
 }
 
 #[rstest]
-#[case(server(&["--auth", "user:pass@/:rw", "--auth-method", "basic", "-A"]), "user", "pass")]
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
-#[case(server(&["--auth", "u1:p1@/:rw", "--auth-method", "basic", "-A"]), "u1", "p1")]
+#[case(server(&["--auth", "u1:p1@/:rw", "-A"]), "u1", "p1")]
 fn auth_basic(
     #[case] server: TestServer,
     #[case] user: &str,
@@ -201,3 +243,34 @@ fn auth_partial_index(
     );
     Ok(())
 }
+
+#[rstest]
+fn no_auth_propfind_dir(
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "@/dir-assets", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let resp = fetch!(b"PROPFIND", server.url()).send()?;
+    assert_eq!(resp.status(), 207);
+    let body = resp.text()?;
+    assert!(body.contains("<D:href>/dir-assets/</D:href>"));
+    assert!(body.contains("<D:href>/dir1/</D:href>"));
+    Ok(())
+}
+
+#[rstest]
+fn auth_data(
+    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(server.url())?;
+    let content = resp.text()?;
+    let json = utils::retrive_json(&content).unwrap();
+    assert_eq!(json["allow_delete"], serde_json::Value::Bool(false));
+    assert_eq!(json["allow_upload"], serde_json::Value::Bool(false));
+    let resp = fetch!(b"GET", server.url())
+        .basic_auth("user", Some("pass"))
+        .send()?;
+    let content = resp.text()?;
+    let json = utils::retrive_json(&content).unwrap();
+    assert_eq!(json["allow_delete"], serde_json::Value::Bool(true));
+    assert_eq!(json["allow_upload"], serde_json::Value::Bool(true));
+    Ok(())
+}

tests/bind.rs

@@ -76,9 +76,7 @@ fn validate_printed_urls(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> R
         .collect::<Vec<_>>();
 
     assert!(!urls.is_empty());
-    for url in urls {
+    reqwest::blocking::get(urls[0])?.error_for_status()?;
-        reqwest::blocking::get(url)?.error_for_status()?;
-    }
 
     child.kill()?;
 

tests/config.rs

@@ -0,0 +1,56 @@
+mod fixtures;
+mod utils;
+
+use assert_cmd::prelude::*;
+use assert_fs::TempDir;
+use diqwest::blocking::WithDigestAuth;
+use fixtures::{port, tmpdir, wait_for_port, Error};
+use rstest::rstest;
+use std::path::PathBuf;
+use std::process::{Command, Stdio};
+
+#[rstest]
+fn use_config_file(tmpdir: TempDir, port: u16) -> Result<(), Error> {
+    let config_path = get_config_path().display().to_string();
+    let mut child = Command::cargo_bin("dufs")?
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(["--config", &config_path])
+        .stdout(Stdio::piped())
+        .spawn()?;
+
+    wait_for_port(port);
+
+    let url = format!("http://localhost:{port}/dufs/index.html");
+    let resp = fetch!(b"GET", &url).send()?;
+    assert_eq!(resp.status(), 401);
+
+    let url = format!("http://localhost:{port}/dufs/index.html");
+    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.text()?, "This is index.html");
+
+    let url = format!("http://localhost:{port}/dufs?simple");
+    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
+    let text: String = resp.text().unwrap();
+    assert!(text.split('\n').any(|c| c == "dir1/"));
+    assert!(!text.split('\n').any(|c| c == "dir3/"));
+    assert!(!text.split('\n').any(|c| c == "test.txt"));
+
+    let url = format!("http://localhost:{port}/dufs/dir1/upload.txt");
+    let resp = fetch!(b"PUT", &url)
+        .body("Hello")
+        .send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 201);
+
+    child.kill()?;
+    Ok(())
+}
+
+fn get_config_path() -> PathBuf {
+    let mut path = std::env::current_dir().expect("Failed to get current directory");
+    path.push("tests");
+    path.push("data");
+    path.push("config.yaml");
+    path
+}

tests/data/config.yaml

@@ -0,0 +1,9 @@
+bind:
+  - 0.0.0.0
+path-prefix: dufs
+hidden:
+  - dir3
+  - test.txt
+auth: 
+  - user:pass@/:rw
+allow-upload: true

tests/fixtures.rs

@@ -46,7 +46,7 @@ pub fn tmpdir() -> TempDir {
     let tmpdir = assert_fs::TempDir::new().expect("Couldn't create a temp dir for tests");
     for file in FILES {
         if *file == BIN_FILE {
-            tmpdir.child(file).write_binary(b"bin\0\0123").unwrap();
+            tmpdir.child(file).write_binary(b"bin\0\x00123").unwrap();
         } else {
             tmpdir
                 .child(file)
@@ -58,7 +58,7 @@ pub fn tmpdir() -> TempDir {
         if *directory == DIR_ASSETS {
             tmpdir
                 .child(format!("{}{}", directory, "index.html"))
-                .write_str("__ASSERTS_PREFIX__index.js;DATA = __INDEX_DATA__")
+                .write_str("__ASSETS_PREFIX__index.js;DATA = __INDEX_DATA__")
                 .unwrap();
         } else {
             for file in FILES {
@@ -68,7 +68,7 @@ pub fn tmpdir() -> TempDir {
                 if *file == BIN_FILE {
                     tmpdir
                         .child(format!("{directory}{file}"))
-                        .write_binary(b"bin\0\0123")
+                        .write_binary(b"bin\0\x00123")
                         .unwrap();
                 } else {
                     tmpdir

tests/http.rs

@@ -123,6 +123,15 @@ fn get_dir_search3(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
     Ok(())
 }
 
+#[rstest]
+fn get_dir_search4(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+    let resp = reqwest::blocking::get(format!("{}dir1?q=dir1&simple", server.url()))?;
+    assert_eq!(resp.status(), 200);
+    let text = resp.text().unwrap();
+    assert!(text.is_empty());
+    Ok(())
+}
+
 #[rstest]
 fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
     let resp = fetch!(b"HEAD", format!("{}?q={}", server.url(), "test.html")).send()?;

tests/http_logger.rs

@@ -12,7 +12,7 @@ use std::process::{Command, Stdio};
 
 #[rstest]
 #[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], false)]
-#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user", "--auth-method", "basic"], true)]
+#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], true)]
 fn log_remote_user(
     tmpdir: TempDir,
     port: u16,
@@ -41,7 +41,7 @@ fn log_remote_user(
 
     assert_eq!(resp.status(), 200);
 
-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
     let buf_len = stdout.read(&mut buf)?;
     let output = std::str::from_utf8(&buf[0..buf_len])?;
 
@@ -69,10 +69,12 @@ fn no_log(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error
     let resp = fetch!(b"GET", &format!("http://localhost:{port}")).send()?;
     assert_eq!(resp.status(), 200);
 
-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
     let buf_len = stdout.read(&mut buf)?;
     let output = std::str::from_utf8(&buf[0..buf_len])?;
 
     assert_eq!(output.lines().last().unwrap(), "");
+
+    child.kill()?;
     Ok(())
 }

tests/tls.rs

@@ -7,6 +7,8 @@ use predicates::str::contains;
 use reqwest::blocking::ClientBuilder;
 use rstest::rstest;
 
+use crate::fixtures::port;
+
 /// Can start the server with TLS and receive encrypted responses.
 #[rstest]
 #[case(server(&[
@@ -33,8 +35,16 @@ fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
 /// Wrong path for cert throws error.
 #[rstest]
 fn wrong_path_cert() -> Result<(), Error> {
+    let port = port().to_string();
     Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "wrong", "--tls-key", "tests/data/key.pem"])
+        .args([
+            "--tls-cert",
+            "wrong",
+            "--tls-key",
+            "tests/data/key.pem",
+            "--port",
+            &port,
+        ])
         .assert()
         .failure()
         .stderr(contains("Failed to access `wrong`"));
@@ -45,8 +55,16 @@ fn wrong_path_cert() -> Result<(), Error> {
 /// Wrong paths for key throws errors.
 #[rstest]
 fn wrong_path_key() -> Result<(), Error> {
+    let port = port().to_string();
     Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "tests/data/cert.pem", "--tls-key", "wrong"])
+        .args([
+            "--tls-cert",
+            "tests/data/cert.pem",
+            "--tls-key",
+            "wrong",
+            "--port",
+            &port,
+        ])
         .assert()
         .failure()
         .stderr(contains("Failed to access `wrong`"));

tests/utils.rs

@@ -59,7 +59,8 @@ pub fn encode_uri(v: &str) -> String {
     parts.join("/")
 }
 
-fn retrive_json(content: &str) -> Option<Value> {
+#[allow(dead_code)]
+pub fn retrive_json(content: &str) -> Option<Value> {
     let lines: Vec<&str> = content.lines().collect();
     let line = lines.iter().find(|v| v.contains("DATA ="))?;
     let line_col = line.find("DATA =").unwrap() + 6;