update deps

chore: release v0.40.0
refactor: improve resolve_path and handle_assets, abandon guard_path (#360 )
2026-04-09 17:13:02 +03:00 · 2024-02-13 03:16:57 +00:00 · 2024-02-13 01:19:40 +00:00 · 2024-02-07 16:27:22 +08:00 · 2024-02-06 09:32:31 +00:00 · 2024-02-06 17:23:18 +08:00
35 changed files with 3219 additions and 1950 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -9,9 +9,10 @@ about: Create a report to help us improve
 **Log**
-If applicable, add logs to help explain your problem.
+The dufs log is crucial for locating the problem, so please do not omit it.
 **Environment:**
 - Dufs version:
- - Browser/Webdav Info: 
+ - Browser/Webdav info:
- - OS Info: 
+ - OS info:
 - Proxy server:  e.g. nginx, cloudflare
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -29,16 +29,12 @@ jobs:
      RUSTFLAGS: --deny warnings
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
      with:
        components: clippy, rustfmt
        override: true
        toolchain: stable
-    - uses: Swatinem/rust-cache@v1
+    - uses: Swatinem/rust-cache@v2
    - name: Test
      run: cargo test --all
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -27,7 +27,7 @@ jobs:
        - target: aarch64-pc-windows-msvc
          os: windows-latest
          use-cross: true
-          cargo-flags: "--no-default-features"
+          cargo-flags: ""
        - target: x86_64-apple-darwin
          os: macos-latest
          cargo-flags: ""
@@ -71,31 +71,43 @@ jobs:
          use-cross: true
          cargo-flags: "--no-default-features"
    runs-on: ${{matrix.os}}
    env:
      BUILD_CMD: cargo
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Check Tag
      id: check-tag
      shell: bash
      run: |
-        tag=${GITHUB_REF##*/}
+        ver=${GITHUB_REF##*/}
-        echo "::set-output name=version::$tag"
+        echo "version=$ver" >> $GITHUB_OUTPUT
-        if [[ "$tag" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
+        if [[ "$ver" =~ [0-9]+.[0-9]+.[0-9]+$ ]]; then
-          echo "::set-output name=rc::false"
+          echo "rc=false" >> $GITHUB_OUTPUT
        else
-          echo "::set-output name=rc::true"
+          echo "rc=true" >> $GITHUB_OUTPUT
        fi
    - name: Install Rust Toolchain Components
-      uses: actions-rs/toolchain@v1
+      uses: dtolnay/rust-toolchain@stable
      with:
-        override: true
+        targets: ${{ matrix.target }}
-        target: ${{ matrix.target }}
+        #  Since rust 1.72, mips platforms are tier 3
-        toolchain: stable
+        toolchain: 1.71
-        profile: minimal # minimal component installation (ie, no documentation)
+
    - name: Install cross
      if: matrix.use-cross
      uses: taiki-e/install-action@v2
      with:
        tool: cross
    - name: Overwrite build command env variable
      if: matrix.use-cross
      shell: bash
      run: echo "BUILD_CMD=cross" >> $GITHUB_ENV
    - name: Show Version Information (Rust, cargo, GCC)
      shell: bash
      run: |
@@ -107,11 +119,8 @@ jobs:
        rustc -V
    - name: Build
-      uses: actions-rs/cargo@v1
+      shell: bash
-      with:
+      run: $BUILD_CMD build --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
        use-cross: ${{ matrix.use-cross }}
        command: build
        args: --locked --release --target=${{ matrix.target }} ${{ matrix.cargo-flags }}
    - name: Build Archive
      shell: bash
@@ -123,8 +132,7 @@ jobs:
        set -euxo pipefail
        bin=${GITHUB_REPOSITORY##*/}
-        src=`pwd`
+        dist_dir=`pwd`/dist
        dist=$src/dist
        name=$bin-$version-$target
        executable=target/$target/release/$bin
@@ -132,22 +140,22 @@ jobs:
          executable=$executable.exe
        fi
-        mkdir $dist
+        mkdir $dist_dir
-        cp $executable $dist
+        cp $executable $dist_dir
-        cd $dist
+        cd $dist_dir
        if [[ "$RUNNER_OS" == "Windows" ]]; then
-            archive=$dist/$name.zip
+            archive=$dist_dir/$name.zip
            7z a $archive *
-            echo "::set-output name=archive::`pwd -W`/$name.zip"
+            echo "archive=dist/$name.zip" >> $GITHUB_OUTPUT
        else
-            archive=$dist/$name.tar.gz
+            archive=$dist_dir/$name.tar.gz
-            tar czf $archive *
+            tar -czf $archive *
-            echo "::set-output name=archive::$archive"
+            echo "archive=dist/$name.tar.gz" >> $GITHUB_OUTPUT
        fi
    - name: Publish Archive
-      uses: softprops/action-gh-release@v0.1.5
+      uses: softprops/action-gh-release@v1
      if: ${{ startsWith(github.ref, 'refs/tags/') }}
      with:
        draft: false
@@ -163,16 +171,16 @@ jobs:
    needs: release
    steps:
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          build-args: |
            REPO=${{ github.repository }}
@@ -184,20 +192,18 @@ jobs:
            linux/arm/v7
          push: ${{ needs.release.outputs.rc == 'false' }}
          tags: ${{ github.repository }}:latest, ${{ github.repository }}:${{ github.ref_name }}
-          
+
  publish-crate:
    name: Publish to crates.io
    if: ${{ needs.release.outputs.rc == 'false' }}
    runs-on: ubuntu-latest
    needs: release
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
      - name: Publish
      - uses: dtolnay/rust-toolchain@stable
      - name: Publish
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
        run: cargo publish
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,119 @@
 All notable changes to this project will be documented in this file.
 ## [0.40.0] - 2024-02-13
 ### Bug Fixes
 - Guard req and destination path ([#359](https://github.com/sigoden/dufs/issues/359))
 ### Features
 - Revert supporting for forbidden permission ([#352](https://github.com/sigoden/dufs/issues/352))
 ### Refactor
 - Do not try to bind ipv6 if no ipv6 ([#348](https://github.com/sigoden/dufs/issues/348))
 - Improve invalid auth ([#356](https://github.com/sigoden/dufs/issues/356))
 - Improve resolve_path and handle_assets, abandon guard_path ([#360](https://github.com/sigoden/dufs/issues/360))
 ## [0.39.0] - 2024-01-11
 ### Bug Fixes
 - Upload more than 100 files in directory ([#317](https://github.com/sigoden/dufs/issues/317))
 - Auth precedence ([#325](https://github.com/sigoden/dufs/issues/325))
 - Serve files with names containing newline char ([#328](https://github.com/sigoden/dufs/issues/328))
 - Corrupted zip when downloading large folders ([#337](https://github.com/sigoden/dufs/issues/337))
 ### Features
 - Empty search `?q=` list all paths ([#311](https://github.com/sigoden/dufs/issues/311))
 - Add `--compress` option ([#319](https://github.com/sigoden/dufs/issues/319))
 - Upgrade to hyper 1.0 ([#321](https://github.com/sigoden/dufs/issues/321))
 - Auth supports forbidden permissions ([#329](https://github.com/sigoden/dufs/issues/329))
 - Supports resumable uploads ([#343](https://github.com/sigoden/dufs/issues/343))
 ### Refactor
 - Change the format of www-authenticate ([#312](https://github.com/sigoden/dufs/issues/312))
 - Change the value name of `--config` ([#313](https://github.com/sigoden/dufs/issues/313))
 - Optimize http range parsing and handling ([#323](https://github.com/sigoden/dufs/issues/323))
 - Propfind with auth no need to list all ([#344](https://github.com/sigoden/dufs/issues/344))
 ## [0.38.0] - 2023-11-28
 ### Bug Fixes
 - Unable to start if config file omit bind/port fields ([#294](https://github.com/sigoden/dufs/issues/294))
 ### Features
 - Password can contain `:` `@` `|` ([#297](https://github.com/sigoden/dufs/issues/297))
 - Deprecate the use of `|` to separate auth rules ([#298](https://github.com/sigoden/dufs/issues/298))
 - More flexible config values ([#299](https://github.com/sigoden/dufs/issues/299))
 - Ui supports view file ([#301](https://github.com/sigoden/dufs/issues/301))
 ### Refactor
 - Take improvements from the edge browser ([#289](https://github.com/sigoden/dufs/issues/289))
 - Ui change the cursor for upload-btn to a pointer ([#291](https://github.com/sigoden/dufs/issues/291))
 - Ui improve uploading progress ([#296](https://github.com/sigoden/dufs/issues/296))
 ## [0.37.1] - 2023-11-08
 ### Bug Fixes
 - Use DUFS_CONFIG to specify the config file path ([#286](https://github.com/sigoden/dufs/issues/286)
 ## [0.37.0] - 2023-11-08
 ### Bug Fixes
 - Sort path ignore case ([#264](https://github.com/sigoden/dufs/issues/264))
 - Ui show user-name next to the user-icon ([#278](https://github.com/sigoden/dufs/issues/278))
 - Auto delete half-uploaded files ([#280](https://github.com/sigoden/dufs/issues/280))
 ### Features
 - Deprecate `--auth-method`,  as both options are available ([#279](https://github.com/sigoden/dufs/issues/279))
 - Support config file with `--config` option ([#281](https://github.com/sigoden/dufs/issues/281))
 - Support hashed password ([#283](https://github.com/sigoden/dufs/issues/283))
 ### Refactor
 - Remove one clone on `assets_prefix` ([#270](https://github.com/sigoden/dufs/issues/270))
 - Optimize tests
 - Improve code quanity ([#282](https://github.com/sigoden/dufs/issues/282))
 ## [0.36.0] - 2023-08-24
 ### Bug Fixes
 - Ui readonly if no write perm ([#258](https://github.com/sigoden/dufs/issues/258))
 ### Testing
 - Remove dependency on native tls ([#255](https://github.com/sigoden/dufs/issues/255))
 ## [0.35.0] - 2023-08-14
 ### Bug Fixes
 - Search should ignore entry path ([#235](https://github.com/sigoden/dufs/issues/235))
 - Typo __ASSERTS_PREFIX__ ([#252](https://github.com/sigoden/dufs/issues/252))
 ### Features
 - Sort by type first, then sort by name/mtime/size ([#241](https://github.com/sigoden/dufs/issues/241))
 ## [0.34.2] - 2023-06-05
 ### Bug Fixes
 - Ui refresh page after login ([#230](https://github.com/sigoden/dufs/issues/230))
 - Webdav only see public folder even logging in ([#231](https://github.com/sigoden/dufs/issues/231))
 ## [0.34.1] - 2023-06-02
 ### Bug Fixes
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dufs"
-version = "0.34.1"
+version = "0.40.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Dufs is a distinctive utility file server"
@@ -11,57 +11,66 @@ categories = ["command-line-utilities", "web-programming::http-server"]
 keywords = ["static", "file", "server", "webdav", "cli"]
 [dependencies]
-clap = { version = "4", features = ["wrap_help", "env"] }
+clap = { version = "~4.4", features = ["wrap_help", "env"] }
-clap_complete = "4"
+clap_complete = "~4.4"
-chrono = "0.4"
+chrono = { version = "0.4", default-features = false, features = ["clock"] }
 tokio = { version = "1", features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"]}
 tokio-util = { version = "0.7",  features = ["io-util", "compat"] }
-hyper = { version = "0.14", features = ["http1", "server", "tcp", "stream"] }
+hyper = { version = "1.0", features = ["http1", "server"] }
-percent-encoding = "2.1"
+percent-encoding = "2.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-futures = "0.3"
+futures-util = { version = "0.3", default-features = false, features = ["alloc"] }
-base64 = "0.21"
+async_zip = { version = "0.0.16", default-features = false, features = ["deflate", "bzip2", "xz", "chrono", "tokio"] }
-async_zip = { version = "0.0.15", default-features = false, features = ["deflate", "chrono", "tokio"] }
+headers = "0.4"
 headers = "0.3"
 mime_guess = "2.0"
-if-addrs = "0.10.1"
+if-addrs = "0.11"
-rustls = { version = "0.21", default-features = false, features = ["tls12"], optional = true }
+rustls-pemfile = { version = "2.0", optional = true }
-rustls-pemfile = { version = "1", optional = true }
+tokio-rustls = { version = "0.25", optional = true }
 tokio-rustls = { version = "0.24", optional = true }
 md5 = "0.7"
 lazy_static = "1.4"
-uuid = { version = "1.1", features = ["v4", "fast-rng"] }
+uuid = { version = "1.7", features = ["v4", "fast-rng"] }
 urlencoding = "2.1"
 xml-rs = "0.8"
 log = "0.4"
 socket2 = "0.5"
 async-stream = "0.3"
 walkdir = "2.3"
-form_urlencoded = "1.0"
+form_urlencoded = "1.2"
 alphanumeric-sort = "1.4"
 content_inspector = "0.2"
 anyhow = "1.0"
 chardetng = "0.1"
-glob = "0.3.1"
+glob = "0.3"
-indexmap = "1.9"
+indexmap = "2.2"
 serde_yaml = "0.9"
 sha-crypt = "0.5"
 base64 = "0.21"
 smart-default = "0.7"
 rustls-pki-types = "1.2"
 hyper-util = { version = "0.1", features = ["server-auto", "tokio"] }
 http-body-util = "0.1"
 bytes = "1.5"
 pin-project-lite = "0.2"
 [features]
 default = ["tls"]
-tls = ["rustls", "rustls-pemfile", "tokio-rustls"]
+tls = ["rustls-pemfile", "tokio-rustls"]
 [dev-dependencies]
 assert_cmd = "2"
 reqwest = { version = "0.11", features = ["blocking", "multipart", "rustls-tls"], default-features = false }
 assert_fs = "1"
 port_check = "0.1"
-rstest = "0.17"
+rstest = "0.18"
 regex = "1"
 url = "2"
-diqwest = { version = "1", features = ["blocking"] }
+diqwest = { version = "2.0", features = ["blocking"], default-features = false }
 predicates = "3"
 [profile.release]
 opt-level = 3
 lto = true
-strip = true
+codegen-units = 1
-opt-level = "z"
+panic = "abort"
 strip = "symbols"
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Dufs is a distinctive utility file server that supports static serving, uploadin
 - Download folder as zip file
 - Upload files and folders (Drag & Drop)
 - Create/Edit/Search files
- Partial responses (Parallel/Resume download)
+- Resumable/partial uploads/downloads
 - Access control
 - Support https
 - Support webdav
@@ -48,18 +48,18 @@ Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip
 ```
 Dufs is a distinctive utility file server - https://github.com/sigoden/dufs
-Usage: dufs [OPTIONS] [serve_path]
+Usage: dufs [OPTIONS] [serve-path]
 Arguments:
-  [serve_path]  Specific path to serve [default: .]
+  [serve-path]  Specific path to serve [default: .]
 Options:
  -c, --config <file>        Specify configuration file
  -b, --bind <addrs>         Specify bind address or unix socket
  -p, --port <port>          Specify port to listen on [default: 5000]
      --path-prefix <path>   Specify a path prefix
-      --hidden <value>       Hide paths from directory listings, separated by `,`
+      --hidden <value>       Hide paths from directory listings, e.g. tmp,*.log,*.lock
-  -a, --auth <rules>         Add auth role
+  -a, --auth <rules>         Add auth roles, e.g. user:pass@/dir1:rw,/dir2
      --auth-method <value>  Select auth method [default: digest] [possible values: basic, digest]
  -A, --allow-all            Allow all operations
      --allow-upload         Allow upload files/folders
      --allow-delete         Allow delete files/folders
@@ -70,18 +70,19 @@ Options:
      --render-index         Serve index.html when requesting a directory, returns 404 if not found index.html
      --render-try-index     Serve index.html when requesting a directory, returns directory listing if not found index.html
      --render-spa           Serve SPA(Single Page Application)
-      --assets <path>        Use custom assets to override builtin assets
+      --assets <path>        Set the path to the assets directory for overriding the built-in assets
      --log-format <format>  Customize http log format
      --compress <level>     Set zip compress level [default: low] [possible values: none, low, medium, high]
      --completions <shell>  Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
      --tls-key <path>       Path to the SSL/TLS certificate's private key
      --log-format <format>  Customize http log format
      --completions <shell>  Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
  -h, --help                 Print help
  -V, --version              Print version
 ```
 ## Examples
-Serve current working directory in readonly mode
+Serve current working directory in read-only mode
 ```
 dufs
@@ -126,7 +127,7 @@ dufs --render-index
 Require username/password
 ```
-dufs -a /@admin:123
+dufs -a admin:123@/:rw
 ```
 Listen on specific host:ip 
@@ -150,52 +151,66 @@ dufs --tls-cert my.crt --tls-key my.key
 Upload a file
-```
+```sh
 curl -T path-to-file http://127.0.0.1:5000/new-path/path-to-file
 ```
 Download a file
-```
+```sh
 curl http://127.0.0.1:5000/path-to-file
 ```
 Download a folder as zip file
-```
+```sh
 curl -o path-to-folder.zip http://127.0.0.1:5000/path-to-folder?zip
 ```
 Delete a file/folder
-```
+```sh
 curl -X DELETE http://127.0.0.1:5000/path-to-file-or-folder
 ```
 Create a directory
-```
+```sh
 curl -X MKCOL https://127.0.0.1:5000/path-to-folder
 ```
 Move the file/folder to the new path
-```
+```sh
 curl -X MOVE https://127.0.0.1:5000/path -H "Destination: https://127.0.0.1:5000/new-path"
 ```
 List/search directory contents
-```
+```sh
-curl http://127.0.0.1:5000?simple                 # output names only, just like `ls -1`
+curl http://127.0.0.1:5000?q=Dockerfile           # search for files, similar to `find -name Dockerfile`
 curl http://127.0.0.1:5000?simple                 # output names only, similar to `ls -1`
 curl http://127.0.0.1:5000?json                   # output paths in json format
 curl http://127.0.0.1:5000?q=Dockerfile&simple    # search for files, just like `find -name Dockerfile`
 ```
-With authorization
+With authorization (Both basic or digest auth works)
 ```sh
 curl http://127.0.0.1:5000/file --user user:pass                 # basic auth
 curl http://127.0.0.1:5000/file --user user:pass --digest        # digest auth
 ```
-curl --user user:pass --digest http://192.168.8.10:5000/file  # digest auth
+
-curl --user user:pass http://192.168.8.10:5000/file           # basic auth
+Resumable downloads
 ```sh
 curl -C- -o file http://127.0.0.1:5000/file
 ```
 Resumable uploads
 ```sh
 upload_offset=$(curl -I -s http://127.0.0.1:5000/file | tr -d '\r' | sed -n 's/content-length: //p')
 dd skip=$upload_offset if=file status=none ibs=1 | \
  curl -X PATCH -H "X-Update-Range: append" --data-binary @- http://127.0.0.1:5000/file
 ```
 <details>
@@ -206,44 +221,44 @@ curl --user user:pass http://192.168.8.10:5000/file           # basic auth
 Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`.
 ```
-dufs -a [user:pass]@path[:rw][,path[:rw]...][|...]
+dufs -a admin:admin@/:rw -a guest:guest@/
 dufs -a user:pass@/:rw,/dir1 -a @/
 ```
-1: Multiple rules are separated by "|"
+
-2: User and pass are the account name and password, if omitted, it is an anonymous user
+1. Use `@` to separate the account and paths. No account means anonymous user.
-3: One rule can set multiple paths, separated by ","
+2. Use `:` to separate the username and password of the account.
-4: Add `:rw` after the path to indicate that the path has read and write permissions, otherwise the path has readonly permissions.
+3. Use `,` to separate paths.
 4. Use path suffix `:rw`/`:ro` set permissions: `read-write`/`read-only`. `:ro` can be omitted.
 - `-a admin:admin@/:rw`: `admin` has complete permissions for all paths.
 - `-a guest:guest@/`: `guest` has read-only permissions for all paths.
 - `-a user:pass@/:rw,/dir1`: `user` has read-write permissions for `/*`, has read-only permissions for `/dir1/*`.
 - `-a @/`: All paths is publicly accessible, everyone can view/download it.
 > There are no restrictions on using ':' and '@' characters in a password. For example, `user:pa:ss@1@/:rw` is valid, the password is `pa:ss@1`.
 #### Hashed Password
 DUFS supports the use of sha-512 hashed password.
 Create hashed password
 ```
-dufs -A -a admin:admin@/:rw
+$ mkpasswd  -m sha-512 -s
 Password: 123456 
 $6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/
 ```
 `admin` has all permissions for all paths.
 Use hashed password
 ```
-dufs -A -a admin:admin@/:rw -a guest:guest@/
+dufs -a 'admin:$6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/@/:rw'
 ```
 `guest` has readonly permissions for all paths.
-```
+Two important things for hashed passwords:
 dufs -A -a admin:admin@/:rw -a @/
 ```
 All paths is public, everyone can view/download it.
-```
+1. Dufs only supports sha-512 hashed passwords, so ensure that the password string always starts with `$6$`.
-dufs -A -a admin:admin@/:rw -a user1:pass1@/user1:rw -a user2:pass2@/user2
+2. Digest authentication does not function properly with hashed passwords.
 dufs -A -a "admin:admin@/:rw|user1:pass1@/user1:rw|user2:pass2@/user2"
 ```
 `user1` has all permissions for `/user1/*` path.
 `user2` has all permissions for `/user2/*` path.
 ```
 dufs -A -a user:pass@/dir1:rw,/dir2:rw,dir3
 ```
 `user` has all permissions for `/dir1/*` and `/dir2/*`, has readonly permissions for `/dir3/`.
 ```
 dufs -a admin:admin@/
 ```
 Since dufs only allows viewing/downloading, `admin` can only view/download files.
 ### Hide Paths
@@ -256,9 +271,10 @@ dufs --hidden .git,.DS_Store,tmp
 > The glob used in --hidden only matches file and directory names, not paths. So `--hidden dir1/file` is invalid.
 ```sh
-dufs --hidden '.*'            # hidden dotfiles
+dufs --hidden '.*'                          # hidden dotfiles
-dufs --hidden '*/'            # hidden all folders
+dufs --hidden '*/'                          # hidden all folders
-dufs --hidden '*.log,*.lock'  # hidden by exts
+dufs --hidden '*.log,*.lock'                # hidden by exts
 dufs --hidden '*.log' --hidden '*.lock'
 ```
 ### Log Format
@@ -307,27 +323,64 @@ dufs --log-format '$remote_addr $remote_user "$request" $status' -a /@admin:admi
 All options can be set using environment variables prefixed with `DUFS_`.
 ```
-  [ROOT_DIR]                  DUFS_ROOT_DIR=/dir
+[serve-path]                DUFS_SERVE_PATH="."
-  -b, --bind <addrs>          DUFS_BIND=0.0.0.0
+    --config <file>         DUFS_CONFIG=config.yaml
-  -p, --port <port>           DUFS_PORT=5000
+-b, --bind <addrs>          DUFS_BIND=0.0.0.0
-      --path-prefix <path>    DUFS_PATH_RREFIX=/path
+-p, --port <port>           DUFS_PORT=5000
-      --hidden <value>        DUFS_HIDDEN=*.log
+    --path-prefix <path>    DUFS_PATH_PREFIX=/static
-  -a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
+    --hidden <value>        DUFS_HIDDEN=tmp,*.log,*.lock
-      --auth-method <value>   DUFS_AUTH_METHOD=basic
+-a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
-  -A, --allow-all             DUFS_ALLOW_ALL=true
+-A, --allow-all             DUFS_ALLOW_ALL=true
-      --allow-upload          DUFS_ALLOW_UPLOAD=true
+    --allow-upload          DUFS_ALLOW_UPLOAD=true
-      --allow-delete          DUFS_ALLOW_DELETE=true
+    --allow-delete          DUFS_ALLOW_DELETE=true
-      --allow-search          DUFS_ALLOW_SEARCH=true
+    --allow-search          DUFS_ALLOW_SEARCH=true
-      --allow-symlink         DUFS_ALLOW_SYMLINK=true
+    --allow-symlink         DUFS_ALLOW_SYMLINK=true
-      --allow-archive         DUFS_ALLOW_ARCHIVE=true
+    --allow-archive         DUFS_ALLOW_ARCHIVE=true
-      --enable-cors           DUFS_ENABLE_CORS=true
+    --enable-cors           DUFS_ENABLE_CORS=true
-      --render-index          DUFS_RENDER_INDEX=true
+    --render-index          DUFS_RENDER_INDEX=true
-      --render-try-index      DUFS_RENDER_TRY_INDEX=true
+    --render-try-index      DUFS_RENDER_TRY_INDEX=true
-      --render-spa            DUFS_RENDER_SPA=true
+    --render-spa            DUFS_RENDER_SPA=true
-      --assets <path>         DUFS_ASSETS=/assets
+    --assets <path>         DUFS_ASSETS=/assets
-      --tls-cert <path>       DUFS_TLS_CERT=cert.pem
+    --log-format <format>   DUFS_LOG_FORMAT=""
-      --tls-key <path>        DUFS_TLS_KEY=key.pem
+    --compress <compress>   DUFS_COMPRESS="low"
-      --log-format <format>   DUFS_LOG_FORMAT=""
+    --tls-cert <path>       DUFS_TLS_CERT=cert.pem
    --tls-key <path>        DUFS_TLS_KEY=key.pem
 ```
 ## Configuration File
 You can specify and use the configuration file by selecting the option `--config <path-to-config.yaml>`.
 The following are the configuration items:
 ```yaml
 serve-path: '.'
 bind: 0.0.0.0
 port: 5000
 path-prefix: /dufs
 hidden:
  - tmp
  - '*.log'
  - '*.lock'
 auth:
  - admin:admin@/:rw
  - user:pass@/src:rw,/share
  - '@/'  # According to the YAML spec, quoting is required.
 allow-all: false
 allow-upload: true
 allow-delete: true
 allow-search: true
 allow-symlink: true
 allow-archive: true
 enable-cors: true
 render-index: true
 render-try-index: true
 render-spa: true
 assets: ./assets/
 log-format: '$remote_addr "$request" $status $http_user_agent'
 compress: low
 tls-cert: tests/data/cert.pem
 tls-key: tests/data/key_pkcs1.pem
 ```
 ### Customize UI
@@ -343,13 +396,13 @@ Your assets folder must contains a `index.html` file.
 `index.html` can use the following placeholder variables to retrieve internal data.
 - `__INDEX_DATA__`: directory listing data
- `__ASSERTS_PREFIX__`: assets url prefix
+- `__ASSETS_PREFIX__`: assets url prefix
 </details>
 ## License
-Copyright (c) 2022 dufs-developers.
+Copyright (c) 2022-2024 dufs-developers.
 dufs is made available under the terms of either the MIT License or the Apache License 2.0, at your option.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
 # Security Policy
 ## Supported Versions
 The latest release of *dufs* is supported. The fixes for any security issues found will be included
 in the next release.
 ## Reporting a Vulnerability
 Please [use *dufs*'s security advisory reporting tool provided by
 GitHub](https://github.com/sigoden/dufs/security/advisories/new) to report security issues.
 We strive to fix security issues as quickly as possible. Across the industry, often the developers'
 slowness in developing and releasing a fix is the biggest delay in the process; we take pride in
 minimizing this delay as much as we practically can. We encourage you to also minimize the delay
 between when you find an issue and when you contact us. You do not need to convince us to take your
 report seriously. You don't need to create a PoC or a patch if that would slow down your reporting.
 You don't need an elaborate write-up. A short, informal note about the issue is good. We can always
 communicate later to fill in any details we need after that first note is shared with us.
--- a/assets/index.css
+++ b/assets/index.css
@@ -73,6 +73,10 @@ body {
  display: none;
 }
 .upload-file label {
  cursor: pointer;
 }
 .searchbar {
  display: flex;
  flex-wrap: nowrap;
@@ -103,11 +107,6 @@ body {
  cursor: pointer;
 }
 .upload-status span {
  width: 70px;
  display: inline-block;
 }
 .main {
  padding: 3.3em 1em 0;
 }
@@ -134,6 +133,10 @@ body {
  padding-left: 0.6em;
 }
 .cell-status span {
  display: inline-block;
 }
 .paths-table thead a {
  color: unset;
  text-decoration: none;
@@ -208,22 +211,37 @@ body {
  height: calc(100vh - 5rem);
  border: 1px solid #ced4da;
  outline: none;
  padding: 5px;
 }
-.toolbox2 {
+.toolbox-right {
  margin-left: auto;
  margin-right: 2em;
 }
 .save-btn {
  cursor: pointer;
  -webkit-user-select: none;
  user-select: none;
 }
 .user-btn {
    display: flex;
    align-items: center;
 }
 .user-name {
  padding-left: 3px;
 }
 .not-editable {
  font-style: italic;
 }
 .retry-btn {
  cursor: pointer;
 }
@media (min-width: 768px) {
  .path a {
    min-width: 400px;
--- a/assets/index.html
+++ b/assets/index.html
@@ -1,15 +1,15 @@
 <!DOCTYPE html>
-<html>
+<html lang="en-US">
 <head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width" />
-  <link rel="icon" type="image/x-icon" href="__ASSERTS_PREFIX__favicon.ico">
+  <link rel="icon" type="image/x-icon" href="__ASSETS_PREFIX__favicon.ico">
-  <link rel="stylesheet" href="__ASSERTS_PREFIX__index.css">
+  <link rel="stylesheet" href="__ASSETS_PREFIX__index.css">
  <script>
    DATA = __INDEX_DATA__
  </script>
-  <script src="__ASSERTS_PREFIX__index.js"></script>
+  <script src="__ASSETS_PREFIX__index.js"></script>
 </head>
 <body>
@@ -48,7 +48,7 @@
              d="M7.646 1.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1-.708.708L8.5 2.707V11.5a.5.5 0 0 1-1 0V2.707L5.354 4.854a.5.5 0 1 1-.708-.708l3-3z" />
          </svg>
        </label>
-        <input type="file" id="file" name="file" multiple>
+        <input type="file" id="file" title="Upload files" name="file" multiple>
      </div>
      <div class="control new-folder hidden" title="New folder">
        <svg width="16" height="16" viewBox="0 0 16 16">
@@ -74,10 +74,10 @@
            d="M11.742 10.344a6.5 6.5 0 1 0-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 0 0 1.415-1.414l-3.85-3.85a1.007 1.007 0 0 0-.115-.1zM12 6.5a5.5 5.5 0 1 1-11 0 5.5 5.5 0 0 1 11 0z" />
        </svg>
      </div>
-      <input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
+      <input id="search" title="Searching for folders or files" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
      <input type="submit" hidden />
    </form>
-    <div class="toolbox2">
+    <div class="toolbox-right">
      <div class="login-btn hidden" title="Login for upload/move/delete/edit permissions">
        <svg width="16" height="16" viewBox="0 0 16 16">
          <path fill-rule="evenodd"
@@ -91,6 +91,7 @@
          <path
            d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6Zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0Zm4 8c0 1-1 1-1 1H3s-1 0-1-1 1-4 6-4 6 3 6 4Zm-1-.004c-.001-.246-.154-.986-.832-1.664C11.516 10.68 10.289 10 8 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10Z" />
        </svg>
        <span class="user-name"></span>
      </div>
      <div class="save-btn hidden" title="Save file">
        <svg viewBox="0 0 1024 1024" width="24" height="24">
@@ -121,7 +122,7 @@
    </div>
    <div class="editor-page hidden">
      <div class="not-editable hidden"></div>
-      <textarea class="editor hidden" cols="10"></textarea>
+      <textarea id="editor" class="editor hidden" aria-label="Editor" cols="10"></textarea>
    </div>
  </div>
  <script>
--- a/assets/index.js
+++ b/assets/index.js
@@ -10,7 +10,7 @@
 * @typedef {object} DATA
 * @property {string} href
 * @property {string} uri_prefix
- * @property {"Index" | "Edit"} kind
+ * @property {"Index" | "Edit" | "View"} kind
 * @property {PathItem[]} paths
 * @property {boolean} allow_upload
 * @property {boolean} allow_delete
@@ -55,9 +55,15 @@ const ICONS = {
  download: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v-2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v-2.5a.5.5 0 0 1 .5-.5z"/><path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3z"/></svg>`,
  move: `<svg width="16" height="16" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.5 1.5A.5.5 0 0 0 1 2v4.8a2.5 2.5 0 0 0 2.5 2.5h9.793l-3.347 3.346a.5.5 0 0 0 .708.708l4.2-4.2a.5.5 0 0 0 0-.708l-4-4a.5.5 0 0 0-.708.708L13.293 8.3H3.5A1.5 1.5 0 0 1 2 6.8V2a.5.5 0 0 0-.5-.5z"/></svg>`,
  edit: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M12.146.146a.5.5 0 0 1 .708 0l3 3a.5.5 0 0 1 0 .708l-10 10a.5.5 0 0 1-.168.11l-5 2a.5.5 0 0 1-.65-.65l2-5a.5.5 0 0 1 .11-.168l10-10zM11.207 2.5 13.5 4.793 14.793 3.5 12.5 1.207 11.207 2.5zm1.586 3L10.5 3.207 4 9.707V10h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.293l6.5-6.5zm-9.761 5.175-.106.106-1.528 3.821 3.821-1.528.106-.106A.5.5 0 0 1 5 12.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.468-.325z"/></svg>`,
-  delete: `<svg width="16" height="16" fill="currentColor"viewBox="0 0 16 16"><path d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z"/><path d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z"/></svg>`,
+  delete: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.854 7.146a.5.5 0 1 0-.708.708L7.293 9l-1.147 1.146a.5.5 0 0 0 .708.708L8 9.707l1.146 1.147a.5.5 0 0 0 .708-.708L8.707 9l1.147-1.146a.5.5 0 0 0-.708-.708L8 8.293 6.854 7.146z"/><path d="M14 14V4.5L9.5 0H4a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2zM9.5 3A1.5 1.5 0 0 0 11 4.5h2V14a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1h5.5v2z"/></svg>`,
  view: `<svg width="16" height="16" viewBox="0 0 16 16"><path d="M4 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2zm0 1h8a1 1 0 0 1 1 1v12a1 1 0 0 1-1 1H4a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1"/></svg>`,
 }
 /**
 * @type Map<string, Uploader>
 */
 const failUploaders = new Map();
 /**
 * @type Element
 */
@@ -86,6 +92,10 @@ let $editor;
 * @type Element
 */
 let $userBtn;
 /**
 * @type Element
 */
 let $userName;
 function ready() {
  $pathsTable = document.querySelector(".paths-table")
@@ -95,6 +105,7 @@ function ready() {
  $emptyFolder = document.querySelector(".empty-folder");
  $editor = document.querySelector(".editor");
  $userBtn = document.querySelector(".user-btn");
  $userName = document.querySelector(".user-name");
  addBreadcrumb(DATA.href, DATA.uri_prefix);
@@ -108,32 +119,38 @@ function ready() {
    document.title = `Edit ${DATA.href} - Dufs`;
    document.querySelector(".editor-page").classList.remove("hidden");;
-    setupEditPage();
+    setupEditorPage();
  } else if (DATA.kind == "View") {
    document.title = `View ${DATA.href} - Dufs`;
    document.querySelector(".editor-page").classList.remove("hidden");;
    setupEditorPage();
  }
 }
 class Uploader {
  /**
-   * 
+   *
-   * @param {File} file 
+   * @param {File} file
-   * @param {string[]} dirs 
+   * @param {string[]} pathParts
   */
-  constructor(file, dirs) {
+  constructor(file, pathParts) {
    /**
     * @type Element
     */
    this.$uploadStatus = null
    this.uploaded = 0;
    this.uploadOffset = 0;
    this.lastUptime = 0;
-    this.name = [...dirs, file.name].join("/");
+    this.name = [...pathParts, file.name].join("/");
    this.idx = Uploader.globalIdx++;
    this.file = file;
    this.url = newUrl(this.name);
  }
  upload() {
-    const { idx, name } = this;
+    const { idx, name, url } = this;
    const url = newUrl(name);
    const encodedName = encodedStr(name);
    $uploadersTable.insertAdjacentHTML("beforeend", `
  <tr id="upload${idx}" class="uploader">
@@ -149,13 +166,25 @@ class Uploader {
    $emptyFolder.classList.add("hidden");
    this.$uploadStatus = document.getElementById(`uploadStatus${idx}`);
    this.$uploadStatus.innerHTML = '-';
    this.$uploadStatus.addEventListener("click", e => {
      const nodeId = e.target.id;
      const matches = /^retry(\d+)$/.exec(nodeId);
      if (matches) {
        const id = parseInt(matches[1]);
        let uploader = failUploaders.get(id);
        if (uploader) uploader.retry();
      }
    });
    Uploader.queues.push(this);
    Uploader.runQueue();
  }
  ajax() {
-    const url = newUrl(this.name);
+    const { url } = this;
    this.uploaded = 0;
    this.lastUptime = Date.now();
    const ajax = new XMLHttpRequest();
    ajax.upload.addEventListener("progress", e => this.progress(e), false);
    ajax.addEventListener("readystatechange", () => {
@@ -163,37 +192,64 @@ class Uploader {
        if (ajax.status >= 200 && ajax.status < 300) {
          this.complete();
        } else {
-          this.fail();
+          if (ajax.status != 0) {
            this.fail(`${ajax.status} ${ajax.statusText}`);
          }
        }
      }
    })
    ajax.addEventListener("error", () => this.fail(), false);
    ajax.addEventListener("abort", () => this.fail(), false);
-    ajax.open("PUT", url);
+    if (this.uploadOffset > 0) {
-    ajax.send(this.file);
+      ajax.open("PATCH", url);
      ajax.setRequestHeader("X-Update-Range", "append");
      ajax.send(this.file.slice(this.uploadOffset));
    } else {
      ajax.open("PUT", url);
      ajax.send(this.file);
      // setTimeout(() => ajax.abort(), 3000);
    }
  }
  async retry() {
    const { url } = this;
    let res = await fetch(url, {
      method: "HEAD",
    });
    let uploadOffset = 0;
    if (res.status == 200) {
      let value = res.headers.get("content-length");
      uploadOffset = parseInt(value) || 0;
    }
    this.uploadOffset = uploadOffset;
    this.ajax()
  }
  progress(event) {
    const now = Date.now();
    const speed = (event.loaded - this.uploaded) / (now - this.lastUptime) * 1000;
    const [speedValue, speedUnit] = formatSize(speed);
-    const speedText = `${speedValue}${speedUnit.toLowerCase()}/s`;
+    const speedText = `${speedValue} ${speedUnit}/s`;
-    const progress = formatPercent((event.loaded / event.total) * 100);
+    const progress = formatPercent(((event.loaded + this.uploadOffset) / this.file.size) * 100);
    const duration = formatDuration((event.total - event.loaded) / speed)
-    this.$uploadStatus.innerHTML = `<span>${speedText}</span><span>${progress}</span><span>${duration}</span>`;
+    this.$uploadStatus.innerHTML = `<span style="width: 80px;">${speedText}</span><span>${progress} ${duration}</span>`;
    this.uploaded = event.loaded;
    this.lastUptime = now;
  }
  complete() {
-    this.$uploadStatus.innerHTML = `✓`;
+    const $uploadStatusNew = this.$uploadStatus.cloneNode(true);
    $uploadStatusNew.innerHTML = `✓`;
    this.$uploadStatus.parentNode.replaceChild($uploadStatusNew, this.$uploadStatus);
    this.$uploadStatus = null;
    failUploaders.delete(this.idx);
    Uploader.runnings--;
    Uploader.runQueue();
  }
-  fail() {
+  fail(reason = "") {
-    this.$uploadStatus.innerHTML = `✗`;
+    this.$uploadStatus.innerHTML = `<span style="width: 20px;" title="${reason}">✗</span><span class="retry-btn" id="retry${this.idx}" title="Retry">↻</span>`;
    failUploaders.set(this.idx, this);
    Uploader.runnings--;
    Uploader.runQueue();
  }
@@ -229,7 +285,7 @@ Uploader.runQueue = async () => {
 /**
 * Add breadcrumb
- * @param {string} href 
+ * @param {string} href
 * @param {string} uri_prefix
 */
 function addBreadcrumb(href, uri_prefix) {
@@ -252,7 +308,7 @@ function addBreadcrumb(href, uri_prefix) {
    }
    const encodedName = encodedStr(name);
    if (i === 0) {
-      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}"><svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5z"/></svg></a>`);
+      $breadcrumb.insertAdjacentHTML("beforeend", `<a href="${path}" title="Root"><svg width="16" height="16" viewBox="0 0 16 16"><path d="M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5z"/></svg></a>`);
    } else if (i === len - 1) {
      $breadcrumb.insertAdjacentHTML("beforeend", `<b>${encodedName}</b>`);
    } else {
@@ -316,13 +372,13 @@ function renderPathsTableHead() {
    <tr>
      ${headerItems.map(item => {
    let svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M11.5 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L11 2.707V14.5a.5.5 0 0 0 .5.5zm-7-14a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L4 13.293V1.5a.5.5 0 0 1 .5-.5z"/></svg>`;
-    let order = "asc";
+    let order = "desc";
    if (PARAMS.sort === item.name) {
-      if (PARAMS.order === "asc") {
+      if (PARAMS.order === "desc") {
-        order = "desc";
+        order = "asc";
        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
      } else {
        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 1a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L7.5 13.293V1.5A.5.5 0 0 1 8 1z"/></svg>`
      } else {
        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
      }
    }
    const qs = new URLSearchParams({ ...PARAMS, order, sort: item.name }).toString();
@@ -354,8 +410,8 @@ function renderPathsTableBody() {
 /**
 * Add pathitem
- * @param {PathItem} file 
+ * @param {PathItem} file
- * @param {number} index 
+ * @param {number} index
 */
 function addPath(file, index) {
  const encodedName = encodedStr(file.name);
@@ -364,6 +420,7 @@ function addPath(file, index) {
  let actionDownload = "";
  let actionMove = "";
  let actionEdit = "";
  let actionView = "";
  let isDir = file.path_type.endsWith("Dir");
  if (isDir) {
    url += "/";
@@ -389,9 +446,13 @@ function addPath(file, index) {
    actionDelete = `
    <div onclick="deletePath(${index})" class="action-btn" id="deleteBtn${index}" title="Delete">${ICONS.delete}</div>`;
  }
  if (!actionEdit && !isDir) {
    actionView = `<a class="action-btn" title="View file" target="_blank" href="${url}?view">${ICONS.view}</a>`;
  }
  let actionCell = `
  <td class="cell-actions">
    ${actionDownload}
    ${actionView}
    ${actionMove}
    ${actionDelete}
    ${actionEdit}
@@ -438,13 +499,14 @@ function setupDropzone() {
 function setupAuth() {
  if (DATA.user) {
    $userBtn.classList.remove("hidden");
-    $userBtn.title = DATA.user;
+    $userName.textContent = DATA.user;
  } else {
    const $loginBtn = document.querySelector(".login-btn");
    $loginBtn.classList.remove("hidden");
    $loginBtn.addEventListener("click", async () => {
      try {
        await checkAuth()
        location.reload();
      } catch (err) {
        alert(err.message);
      }
@@ -498,32 +560,40 @@ function setupNewFile() {
  });
 }
-async function setupEditPage() {
+async function setupEditorPage() {
  const url = baseUrl();
  const $download = document.querySelector(".download");
  $download.classList.remove("hidden");
  $download.href = url;
-  const $moveFile = document.querySelector(".move-file");
+  if (DATA.kind == "Edit") {
-  $moveFile.classList.remove("hidden");
+    const $moveFile = document.querySelector(".move-file");
-  $moveFile.addEventListener("click", async () => {
+    $moveFile.classList.remove("hidden");
-    const query = location.href.slice(url.length);
+    $moveFile.addEventListener("click", async () => {
-    const newFileUrl = await doMovePath(url);
+      const query = location.href.slice(url.length);
-    if (newFileUrl) {
+      const newFileUrl = await doMovePath(url);
-      location.href = newFileUrl + query;
+      if (newFileUrl) {
-    }
+        location.href = newFileUrl + query;
-  });
+      }
  const $deleteFile = document.querySelector(".delete-file");
  $deleteFile.classList.remove("hidden");
  $deleteFile.addEventListener("click", async () => {
    const url = baseUrl();
    const name = baseName(url);
    await doDeletePath(name, url, () => {
      location.href = location.href.split("/").slice(0, -1).join("/");
    });
-  })
+
    const $deleteFile = document.querySelector(".delete-file");
    $deleteFile.classList.remove("hidden");
    $deleteFile.addEventListener("click", async () => {
      const url = baseUrl();
      const name = baseName(url);
      await doDeletePath(name, url, () => {
        location.href = location.href.split("/").slice(0, -1).join("/");
      });
    })
    const $saveBtn = document.querySelector(".save-btn");
    $saveBtn.classList.remove("hidden");
    $saveBtn.addEventListener("click", saveChange);
  } else if (DATA.kind == "View") {
    $editor.readonly = true;
  }
  if (!DATA.editable) {
    const $notEditable = document.querySelector(".not-editable");
@@ -538,10 +608,6 @@ async function setupEditPage() {
    return;
  }
  const $saveBtn = document.querySelector(".save-btn");
  $saveBtn.classList.remove("hidden");
  $saveBtn.addEventListener("click", saveChange);
  $editor.classList.remove("hidden");
  try {
    const res = await fetch(baseUrl());
@@ -562,8 +628,8 @@ async function setupEditPage() {
 /**
 * Delete path
- * @param {number} index 
+ * @param {number} index
- * @returns 
+ * @returns
 */
 async function deletePath(index) {
  const file = DATA.paths[index];
@@ -595,8 +661,8 @@ async function doDeletePath(name, url, cb) {
 /**
 * Move path
- * @param {number} index 
+ * @param {number} index
- * @returns 
+ * @returns
 */
 async function movePath(index) {
  const file = DATA.paths[index];
@@ -668,12 +734,12 @@ async function checkAuth() {
  await assertResOK(res);
  document.querySelector(".login-btn").classList.add("hidden");
  $userBtn.classList.remove("hidden");
-  $userBtn.title = "";
+  $userName.textContent = "";
 }
 /**
 * Create a folder
- * @param {string} name 
+ * @param {string} name
 */
 async function createFolder(name) {
  const url = newUrl(name);
@@ -711,8 +777,16 @@ async function addFileEntries(entries, dirs) {
        new Uploader(file, dirs).upload();
      });
    } else if (entry.isDirectory) {
-      const dirReader = entry.createReader()
+      const dirReader = entry.createReader();
-      dirReader.readEntries(entries => addFileEntries(entries, [...dirs, entry.name]));
+
      const successCallback = entries => {
        if (entries.length > 0) {
          addFileEntries(entries, [...dirs, entry.name]);
          dirReader.readEntries(successCallback);
        }
      };
      dirReader.readEntries(successCallback);
    }
  }
 }
@@ -772,7 +846,7 @@ function padZero(value, size) {
 }
 function formatSize(size) {
-  if (size == null) return []
+  if (size == null) return [0, "B"]
  const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
  if (size == 0) return [0, "B"];
  const i = parseInt(Math.floor(Math.log(size) / Math.log(1024)));
--- a/src/args.rs
+++ b/src/args.rs
@@ -1,18 +1,16 @@
 use anyhow::{bail, Context, Result};
-use clap::builder::PossibleValuesParser;
+use async_zip::Compression;
-use clap::{value_parser, Arg, ArgAction, ArgMatches, Command};
+use clap::builder::{PossibleValue, PossibleValuesParser};
 use clap::{value_parser, Arg, ArgAction, ArgMatches, Command, ValueEnum};
 use clap_complete::{generate, Generator, Shell};
-#[cfg(feature = "tls")]
+use serde::{Deserialize, Deserializer};
-use rustls::{Certificate, PrivateKey};
+use smart_default::SmartDefault;
 use std::env;
 use std::net::IpAddr;
 use std::path::{Path, PathBuf};
 use crate::auth::AccessControl;
-use crate::auth::AuthMethod;
+use crate::http_logger::HttpLogger;
 use crate::log_http::{LogHttp, DEFAULT_LOG_FORMAT};
 #[cfg(feature = "tls")]
 use crate::tls::{load_certs, load_private_key};
 use crate::utils::encode_uri;
 pub fn build_cli() -> Command {
@@ -25,12 +23,21 @@ pub fn build_cli() -> Command {
            env!("CARGO_PKG_REPOSITORY")
        ))
        .arg(
-            Arg::new("serve_path")
+            Arg::new("serve-path")
                .env("DUFS_SERVE_PATH")
 				.hide_env(true)
                .default_value(".")
                .value_parser(value_parser!(PathBuf))
-                .help("Specific path to serve"),
+                .help("Specific path to serve [default: .]"),
        )
        .arg(
            Arg::new("config")
                .env("DUFS_CONFIG")
 				.hide_env(true)
                .short('c')
                .long("config")
                .value_parser(value_parser!(PathBuf))
                .help("Specify configuration file")
                .value_name("file"),
        )
        .arg(
            Arg::new("bind")
@@ -49,9 +56,8 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                .short('p')
                .long("port")
                .default_value("5000")
                .value_parser(value_parser!(u16))
-                .help("Specify port to listen on")
+                .help("Specify port to listen on [default: 5000]")
                .value_name("port"),
        )
        .arg(
@@ -67,7 +73,9 @@ pub fn build_cli() -> Command {
                .env("DUFS_HIDDEN")
 				.hide_env(true)
                .long("hidden")
-                .help("Hide paths from directory listings, separated by `,`")
+                .action(ArgAction::Append)
                .value_delimiter(',')
                .help("Hide paths from directory listings, e.g. tmp,*.log,*.lock")
                .value_name("value"),
        )
        .arg(
@@ -76,13 +84,13 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                .short('a')
                .long("auth")
-                .help("Add auth role")
+                .help("Add auth roles, e.g. user:pass@/dir1:rw,/dir2")
                .action(ArgAction::Append)
                .value_delimiter('|')
                .value_name("rules"),
        )
        .arg(
            Arg::new("auth-method")
                .hide(true)
                .env("DUFS_AUTH_METHOD")
 				.hide_env(true)
                .long("auth-method")
@@ -177,9 +185,33 @@ pub fn build_cli() -> Command {
                .env("DUFS_ASSETS")
 				.hide_env(true)
                .long("assets")
-                .help("Use custom assets to override builtin assets")
+                .help("Set the path to the assets directory for overriding the built-in assets")
                .value_parser(value_parser!(PathBuf))
                .value_name("path")
        )
        .arg(
            Arg::new("log-format")
                .env("DUFS_LOG_FORMAT")
                .hide_env(true)
                .long("log-format")
                .value_name("format")
                .help("Customize http log format"),
        )
        .arg(
            Arg::new("compress")
                .env("DUFS_COMPRESS")
                .hide_env(true)
                .value_parser(clap::builder::EnumValueParser::<Compress>::new())
                .long("compress")
                .value_name("level")
                .help("Set zip compress level [default: low]")
        )
        .arg(
            Arg::new("completions")
                .long("completions")
                .value_name("shell")
                .value_parser(value_parser!(Shell))
                .help("Print shell completion script for <shell>"),
        );
    #[cfg(feature = "tls")]
@@ -203,38 +235,38 @@ pub fn build_cli() -> Command {
                .help("Path to the SSL/TLS certificate's private key"),
        );
-    app.arg(
+    app
        Arg::new("log-format")
            .env("DUFS_LOG_FORMAT")
            .hide_env(true)
            .long("log-format")
            .value_name("format")
            .help("Customize http log format"),
    )
    .arg(
        Arg::new("completions")
            .long("completions")
            .value_name("shell")
            .value_parser(value_parser!(Shell))
            .help("Print shell completion script for <shell>"),
    )
 }
 pub fn print_completions<G: Generator>(gen: G, cmd: &mut Command) {
    generate(gen, cmd, cmd.get_name().to_string(), &mut std::io::stdout());
 }
-#[derive(Debug)]
+#[derive(Debug, Deserialize, SmartDefault, PartialEq)]
 #[serde(default)]
 #[serde(rename_all = "kebab-case")]
 pub struct Args {
    #[serde(default = "default_serve_path")]
    #[default(default_serve_path())]
    pub serve_path: PathBuf,
    #[serde(deserialize_with = "deserialize_bind_addrs")]
    #[serde(rename = "bind")]
    #[serde(default = "default_addrs")]
    #[default(default_addrs())]
    pub addrs: Vec<BindAddr>,
    #[serde(default = "default_port")]
    #[default(default_port())]
    pub port: u16,
-    pub path: PathBuf,
+    #[serde(skip)]
    pub path_is_file: bool,
    pub path_prefix: String,
    #[serde(skip)]
    pub uri_prefix: String,
    #[serde(deserialize_with = "deserialize_string_or_vec")]
    pub hidden: Vec<String>,
-    pub auth_method: AuthMethod,
+    #[serde(deserialize_with = "deserialize_access_control")]
    pub auth: AccessControl,
    pub allow_all: bool,
    pub allow_upload: bool,
    pub allow_delete: bool,
    pub allow_search: bool,
@@ -244,12 +276,13 @@ pub struct Args {
    pub render_spa: bool,
    pub render_try_index: bool,
    pub enable_cors: bool,
-    pub assets_path: Option<PathBuf>,
+    pub assets: Option<PathBuf>,
-    pub log_http: LogHttp,
+    #[serde(deserialize_with = "deserialize_log_http")]
-    #[cfg(feature = "tls")]
+    #[serde(rename = "log-format")]
-    pub tls: Option<(Vec<Certificate>, PrivateKey)>,
+    pub http_logger: HttpLogger,
-    #[cfg(not(feature = "tls"))]
+    pub compress: Compress,
-    pub tls: Option<()>,
+    pub tls_cert: Option<PathBuf>,
    pub tls_key: Option<PathBuf>,
 }
 impl Args {
@@ -258,95 +291,168 @@ impl Args {
    /// If a parsing error occurred, exit the process and print out informative
    /// error message to user.
    pub fn parse(matches: ArgMatches) -> Result<Args> {
-        let port = *matches.get_one::<u16>("port").unwrap();
+        let mut args = Self::default();
-        let addrs = matches
+
-            .get_many::<String>("bind")
+        if let Some(config_path) = matches.get_one::<PathBuf>("config") {
-            .map(|bind| bind.map(|v| v.as_str()).collect())
+            let contents = std::fs::read_to_string(config_path)
-            .unwrap_or_else(|| vec!["0.0.0.0", "::"]);
+                .with_context(|| format!("Failed to read config at {}", config_path.display()))?;
-        let addrs: Vec<BindAddr> = Args::parse_addrs(&addrs)?;
+            args = serde_yaml::from_str(&contents)
-        let path = Args::parse_path(matches.get_one::<PathBuf>("serve_path").unwrap())?;
+                .with_context(|| format!("Failed to load config at {}", config_path.display()))?;
-        let path_is_file = path.metadata()?.is_file();
+        }
-        let path_prefix = matches
+
-            .get_one::<String>("path-prefix")
+        if let Some(path) = matches.get_one::<PathBuf>("serve-path") {
-            .map(|v| v.trim_matches('/').to_owned())
+            args.serve_path = path.clone()
-            .unwrap_or_default();
+        }
-        let uri_prefix = if path_prefix.is_empty() {
+
        args.serve_path = Self::sanitize_path(args.serve_path)?;
        if let Some(port) = matches.get_one::<u16>("port") {
            args.port = *port
        }
        if let Some(addrs) = matches.get_many::<String>("bind") {
            let addrs: Vec<_> = addrs.map(|v| v.as_str()).collect();
            args.addrs = BindAddr::parse_addrs(&addrs)?;
        }
        args.path_is_file = args.serve_path.metadata()?.is_file();
        if let Some(path_prefix) = matches.get_one::<String>("path-prefix") {
            args.path_prefix = path_prefix.clone();
        }
        args.path_prefix = args.path_prefix.trim_matches('/').to_string();
        args.uri_prefix = if args.path_prefix.is_empty() {
            "/".to_owned()
        } else {
-            format!("/{}/", &encode_uri(&path_prefix))
+            format!("/{}/", &encode_uri(&args.path_prefix))
        };
        let hidden: Vec<String> = matches
            .get_one::<String>("hidden")
            .map(|v| v.split(',').map(|x| x.to_string()).collect())
            .unwrap_or_default();
        let enable_cors = matches.get_flag("enable-cors");
        let auth: Vec<&str> = matches
            .get_many::<String>("auth")
            .map(|auth| auth.map(|v| v.as_str()).collect())
            .unwrap_or_default();
        let auth_method = match matches.get_one::<String>("auth-method").unwrap().as_str() {
            "basic" => AuthMethod::Basic,
            _ => AuthMethod::Digest,
        };
        let auth = AccessControl::new(&auth)?;
        let allow_upload = matches.get_flag("allow-all") || matches.get_flag("allow-upload");
        let allow_delete = matches.get_flag("allow-all") || matches.get_flag("allow-delete");
        let allow_search = matches.get_flag("allow-all") || matches.get_flag("allow-search");
        let allow_symlink = matches.get_flag("allow-all") || matches.get_flag("allow-symlink");
        let allow_archive = matches.get_flag("allow-all") || matches.get_flag("allow-archive");
        let render_index = matches.get_flag("render-index");
        let render_try_index = matches.get_flag("render-try-index");
        let render_spa = matches.get_flag("render-spa");
        #[cfg(feature = "tls")]
        let tls = match (
            matches.get_one::<PathBuf>("tls-cert"),
            matches.get_one::<PathBuf>("tls-key"),
        ) {
            (Some(certs_file), Some(key_file)) => {
                let certs = load_certs(certs_file)?;
                let key = load_private_key(key_file)?;
                Some((certs, key))
            }
            _ => None,
        };
        #[cfg(not(feature = "tls"))]
        let tls = None;
        let log_http: LogHttp = matches
            .get_one::<String>("log-format")
            .map(|v| v.as_str())
            .unwrap_or(DEFAULT_LOG_FORMAT)
            .parse()?;
        let assets_path = match matches.get_one::<PathBuf>("assets") {
            Some(v) => Some(Args::parse_assets_path(v)?),
            None => None,
        };
-        Ok(Args {
+        if let Some(hidden) = matches.get_many::<String>("hidden") {
-            addrs,
+            args.hidden = hidden.cloned().collect();
-            port,
+        } else {
-            path,
+            let mut hidden = vec![];
-            path_is_file,
+            std::mem::swap(&mut args.hidden, &mut hidden);
-            path_prefix,
+            args.hidden = hidden
-            uri_prefix,
+                .into_iter()
-            hidden,
+                .flat_map(|v| v.split(',').map(|v| v.to_string()).collect::<Vec<String>>())
-            auth_method,
+                .collect();
-            auth,
+        }
-            enable_cors,
+
-            allow_delete,
+        if !args.enable_cors {
-            allow_upload,
+            args.enable_cors = matches.get_flag("enable-cors");
-            allow_search,
+        }
-            allow_symlink,
+
-            allow_archive,
+        if let Some(rules) = matches.get_many::<String>("auth") {
-            render_index,
+            let rules: Vec<_> = rules.map(|v| v.as_str()).collect();
-            render_try_index,
+            args.auth = AccessControl::new(&rules)?;
-            render_spa,
+        }
-            tls,
+
-            log_http,
+        if !args.allow_all {
-            assets_path,
+            args.allow_all = matches.get_flag("allow-all");
-        })
+        }
        let allow_all = args.allow_all;
        if !args.allow_upload {
            args.allow_upload = allow_all || matches.get_flag("allow-upload");
        }
        if !args.allow_delete {
            args.allow_delete = allow_all || matches.get_flag("allow-delete");
        }
        if !args.allow_search {
            args.allow_search = allow_all || matches.get_flag("allow-search");
        }
        if !args.allow_symlink {
            args.allow_symlink = allow_all || matches.get_flag("allow-symlink");
        }
        if !args.allow_archive {
            args.allow_archive = allow_all || matches.get_flag("allow-archive");
        }
        if !args.render_index {
            args.render_index = matches.get_flag("render-index");
        }
        if !args.render_try_index {
            args.render_try_index = matches.get_flag("render-try-index");
        }
        if !args.render_spa {
            args.render_spa = matches.get_flag("render-spa");
        }
        if let Some(assets_path) = matches.get_one::<PathBuf>("assets") {
            args.assets = Some(assets_path.clone());
        }
        if let Some(assets_path) = &args.assets {
            args.assets = Some(Args::sanitize_assets_path(assets_path)?);
        }
        if let Some(log_format) = matches.get_one::<String>("log-format") {
            args.http_logger = log_format.parse()?;
        }
        if let Some(compress) = matches.get_one::<Compress>("compress") {
            args.compress = *compress;
        }
        #[cfg(feature = "tls")]
        {
            if let Some(tls_cert) = matches.get_one::<PathBuf>("tls-cert") {
                args.tls_cert = Some(tls_cert.clone())
            }
            if let Some(tls_key) = matches.get_one::<PathBuf>("tls-key") {
                args.tls_key = Some(tls_key.clone())
            }
            match (&args.tls_cert, &args.tls_key) {
                (Some(_), Some(_)) => {}
                (Some(_), _) => bail!("No tls-key set"),
                (_, Some(_)) => bail!("No tls-cert set"),
                (None, None) => {}
            }
        }
        #[cfg(not(feature = "tls"))]
        {
            args.tls_cert = None;
            args.tls_key = None;
        }
        Ok(args)
    }
-    fn parse_addrs(addrs: &[&str]) -> Result<Vec<BindAddr>> {
+    fn sanitize_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
        let path = path.as_ref();
        if !path.exists() {
            bail!("Path `{}` doesn't exist", path.display());
        }
        env::current_dir()
            .and_then(|mut p| {
                p.push(path); // If path is absolute, it replaces the current path.
                std::fs::canonicalize(p)
            })
            .with_context(|| format!("Failed to access path `{}`", path.display()))
    }
    fn sanitize_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
        let path = Self::sanitize_path(path)?;
        if !path.join("index.html").exists() {
            bail!("Path `{}` doesn't contains index.html", path.display());
        }
        Ok(path)
    }
 }
 #[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
 pub enum BindAddr {
    Address(IpAddr),
    Path(PathBuf),
 }
 impl BindAddr {
    fn parse_addrs(addrs: &[&str]) -> Result<Vec<Self>> {
        let mut bind_addrs = vec![];
        let mut invalid_addrs = vec![];
        for addr in addrs {
@@ -368,32 +474,262 @@ impl Args {
        }
        Ok(bind_addrs)
    }
 }
-    fn parse_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
+#[derive(Debug, Clone, Copy, PartialEq, Deserialize)]
-        let path = path.as_ref();
+#[serde(rename_all = "lowercase")]
-        if !path.exists() {
+pub enum Compress {
-            bail!("Path `{}` doesn't exist", path.display());
+    None,
-        }
+    Low,
    Medium,
    High,
 }
-        env::current_dir()
+impl Default for Compress {
-            .and_then(|mut p| {
+    fn default() -> Self {
-                p.push(path); // If path is absolute, it replaces the current path.
+        Self::Low
                std::fs::canonicalize(p)
            })
            .with_context(|| format!("Failed to access path `{}`", path.display()))
    }
    fn parse_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
        let path = Self::parse_path(path)?;
        if !path.join("index.html").exists() {
            bail!("Path `{}` doesn't contains index.html", path.display());
        }
        Ok(path)
    }
 }
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+impl ValueEnum for Compress {
-pub enum BindAddr {
+    fn value_variants<'a>() -> &'a [Self] {
-    Address(IpAddr),
+        &[Self::None, Self::Low, Self::Medium, Self::High]
-    Path(PathBuf),
+    }
    fn to_possible_value(&self) -> Option<clap::builder::PossibleValue> {
        Some(match self {
            Compress::None => PossibleValue::new("none"),
            Compress::Low => PossibleValue::new("low"),
            Compress::Medium => PossibleValue::new("medium"),
            Compress::High => PossibleValue::new("high"),
        })
    }
 }
 impl Compress {
    pub fn to_compression(self) -> Compression {
        match self {
            Compress::None => Compression::Stored,
            Compress::Low => Compression::Deflate,
            Compress::Medium => Compression::Bz,
            Compress::High => Compression::Xz,
        }
    }
 }
 fn deserialize_bind_addrs<'de, D>(deserializer: D) -> Result<Vec<BindAddr>, D::Error>
 where
    D: Deserializer<'de>,
 {
    struct StringOrVec;
    impl<'de> serde::de::Visitor<'de> for StringOrVec {
        type Value = Vec<BindAddr>;
        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
            formatter.write_str("string or list of strings")
        }
        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
        where
            E: serde::de::Error,
        {
            BindAddr::parse_addrs(&[s]).map_err(serde::de::Error::custom)
        }
        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
        where
            S: serde::de::SeqAccess<'de>,
        {
            let addrs: Vec<&'de str> =
                Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))?;
            BindAddr::parse_addrs(&addrs).map_err(serde::de::Error::custom)
        }
    }
    deserializer.deserialize_any(StringOrVec)
 }
 fn deserialize_string_or_vec<'de, D>(deserializer: D) -> Result<Vec<String>, D::Error>
 where
    D: Deserializer<'de>,
 {
    struct StringOrVec;
    impl<'de> serde::de::Visitor<'de> for StringOrVec {
        type Value = Vec<String>;
        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
            formatter.write_str("string or list of strings")
        }
        fn visit_str<E>(self, s: &str) -> Result<Self::Value, E>
        where
            E: serde::de::Error,
        {
            Ok(vec![s.to_owned()])
        }
        fn visit_seq<S>(self, seq: S) -> Result<Self::Value, S::Error>
        where
            S: serde::de::SeqAccess<'de>,
        {
            Deserialize::deserialize(serde::de::value::SeqAccessDeserializer::new(seq))
        }
    }
    deserializer.deserialize_any(StringOrVec)
 }
 fn deserialize_access_control<'de, D>(deserializer: D) -> Result<AccessControl, D::Error>
 where
    D: Deserializer<'de>,
 {
    let rules: Vec<&str> = Vec::deserialize(deserializer)?;
    AccessControl::new(&rules).map_err(serde::de::Error::custom)
 }
 fn deserialize_log_http<'de, D>(deserializer: D) -> Result<HttpLogger, D::Error>
 where
    D: Deserializer<'de>,
 {
    let value: String = Deserialize::deserialize(deserializer)?;
    value.parse().map_err(serde::de::Error::custom)
 }
 fn default_serve_path() -> PathBuf {
    PathBuf::from(".")
 }
 fn default_addrs() -> Vec<BindAddr> {
    BindAddr::parse_addrs(&["0.0.0.0", "::"]).unwrap()
 }
 fn default_port() -> u16 {
    5000
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use assert_fs::prelude::*;
    #[test]
    fn test_default() {
        let cli = build_cli();
        let matches = cli.try_get_matches_from(vec![""]).unwrap();
        let args = Args::parse(matches).unwrap();
        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
        assert_eq!(args.serve_path, cwd);
        assert_eq!(args.port, default_port());
        assert_eq!(args.addrs, default_addrs());
    }
    #[test]
    fn test_args_from_cli1() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec![
                "",
                "--hidden",
                "tmp,*.log,*.lock",
                &tmpdir.to_string_lossy(),
            ])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
    #[test]
    fn test_args_from_cli2() {
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec![
                "", "--hidden", "tmp", "--hidden", "*.log", "--hidden", "*.lock",
            ])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
    #[test]
    fn test_args_from_empty_config_file() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        config_file.write_str("").unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        let cwd = Args::sanitize_path(std::env::current_dir().unwrap()).unwrap();
        assert_eq!(args.serve_path, cwd);
        assert_eq!(args.port, default_port());
        assert_eq!(args.addrs, default_addrs());
    }
    #[test]
    fn test_args_from_config_file1() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        let contents = format!(
            r#"
 serve-path: {}
 bind: 0.0.0.0
 port: 3000
 allow-upload: true
 hidden: tmp,*.log,*.lock
 "#,
            tmpdir.display()
        );
        config_file.write_str(&contents).unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(args.serve_path, Args::sanitize_path(&tmpdir).unwrap());
        assert_eq!(
            args.addrs,
            vec![BindAddr::Address("0.0.0.0".parse().unwrap())]
        );
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
        assert_eq!(args.port, 3000);
        assert!(args.allow_upload);
    }
    #[test]
    fn test_args_from_config_file2() {
        let tmpdir = assert_fs::TempDir::new().unwrap();
        let config_file = tmpdir.child("config.yaml");
        let contents = r#"
 bind:
  - 127.0.0.1
  - 192.168.8.10
 hidden:
  - tmp
  - '*.log'
  - '*.lock'
 "#;
        config_file.write_str(contents).unwrap();
        let cli = build_cli();
        let matches = cli
            .try_get_matches_from(vec!["", "-c", &config_file.to_string_lossy()])
            .unwrap();
        let args = Args::parse(matches).unwrap();
        assert_eq!(
            args.addrs,
            vec![
                BindAddr::Address("127.0.0.1".parse().unwrap()),
                BindAddr::Address("192.168.8.10".parse().unwrap())
            ]
        );
        assert_eq!(args.hidden, ["tmp", "*.log", "*.lock"]);
    }
 }
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,7 +1,9 @@
 use crate::{args::Args, server::Response, utils::unix_now};
 use anyhow::{anyhow, bail, Result};
 use base64::{engine::general_purpose, Engine as _};
 use headers::HeaderValue;
-use hyper::Method;
+use hyper::{header::WWW_AUTHENTICATE, Method};
 use indexmap::IndexMap;
 use lazy_static::lazy_static;
 use md5::Context;
@@ -11,10 +13,8 @@ use std::{
 };
 use uuid::Uuid;
 use crate::utils::unix_now;
 const REALM: &str = "DUFS";
-const DIGEST_AUTH_TIMEOUT: u32 = 86400;
+const DIGEST_AUTH_TIMEOUT: u32 = 604800; // 7 days
 lazy_static! {
    static ref NONCESTARTHASH: Context = {
@@ -25,63 +25,74 @@ lazy_static! {
    };
 }
-#[derive(Debug, Default)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct AccessControl {
    use_hashed_password: bool,
    users: IndexMap<String, (String, AccessPaths)>,
-    anony: Option<AccessPaths>,
+    anonymous: Option<AccessPaths>,
 }
 impl Default for AccessControl {
    fn default() -> Self {
        AccessControl {
            use_hashed_password: false,
            users: IndexMap::new(),
            anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)),
        }
    }
 }
 impl AccessControl {
    pub fn new(raw_rules: &[&str]) -> Result<Self> {
        if raw_rules.is_empty() {
-            return Ok(AccessControl {
+            return Ok(Default::default());
-                anony: Some(AccessPaths::new(AccessPerm::ReadWrite)),
+        }
-                users: IndexMap::new(),
+        let new_raw_rules = split_rules(raw_rules);
-            });
+        let mut use_hashed_password = false;
        let mut annoy_paths = None;
        let mut account_paths_pairs = vec![];
        for rule in &new_raw_rules {
            let (account, paths) =
                split_account_paths(rule).ok_or_else(|| anyhow!("Invalid auth `{rule}`"))?;
            if account.is_empty() {
                if annoy_paths.is_some() {
                    bail!("Invalid auth, no duplicate anonymous rules");
                }
                annoy_paths = Some(paths)
            } else if let Some((user, pass)) = account.split_once(':') {
                if user.is_empty() || pass.is_empty() {
                    bail!("Invalid auth `{rule}`");
                }
                account_paths_pairs.push((user, pass, paths));
            }
        }
        let mut anonymous = None;
        if let Some(paths) = annoy_paths {
            let mut access_paths = AccessPaths::default();
            access_paths.merge(paths);
            anonymous = Some(access_paths);
        }
        let mut users = IndexMap::new();
        for (user, pass, paths) in account_paths_pairs.into_iter() {
            let mut access_paths = anonymous.clone().unwrap_or_default();
            access_paths
                .merge(paths)
                .ok_or_else(|| anyhow!("Invalid auth `{user}:{pass}@{paths}"))?;
            if pass.starts_with("$6$") {
                use_hashed_password = true;
            }
            users.insert(user.to_string(), (pass.to_string(), access_paths));
        }
-        let create_err = |v: &str| anyhow!("Invalid auth `{v}`");
+        Ok(Self {
-        let mut anony = None;
+            use_hashed_password,
-        let mut anony_paths = vec![];
+            users,
-        let mut users = IndexMap::new();
+            anonymous,
-        for rule in raw_rules {
+        })
            let (user, list) = rule.split_once('@').ok_or_else(|| create_err(rule))?;
            if user.is_empty() && anony.is_some() {
                bail!("Invalid auth, duplicate anonymous rules");
            }
            let mut paths = AccessPaths::default();
            for value in list.trim_matches(',').split(',') {
                let (path, perm) = match value.split_once(':') {
                    None => (value, AccessPerm::ReadOnly),
                    Some((path, "rw")) => (path, AccessPerm::ReadWrite),
                    _ => return Err(create_err(rule)),
                };
                if user.is_empty() {
                    anony_paths.push((path, perm));
                }
                paths.add(path, perm);
            }
            if user.is_empty() {
                anony = Some(paths);
            } else if let Some((user, pass)) = user.split_once(':') {
                if user.is_empty() || pass.is_empty() {
                    return Err(create_err(rule));
                }
                users.insert(user.to_string(), (pass.to_string(), paths));
            } else {
                return Err(create_err(rule));
            }
        }
        for (path, perm) in anony_paths {
            for (_, (_, paths)) in users.iter_mut() {
                paths.add(path, perm)
            }
        }
        Ok(Self { users, anony })
    }
-    pub fn valid(&self) -> bool {
+    pub fn exist(&self) -> bool {
-        !self.users.is_empty() || self.anony.is_some()
+        !self.users.is_empty()
    }
    pub fn guard(
@@ -89,31 +100,27 @@ impl AccessControl {
        path: &str,
        method: &Method,
        authorization: Option<&HeaderValue>,
        auth_method: AuthMethod,
    ) -> (Option<String>, Option<AccessPaths>) {
        if let Some(authorization) = authorization {
-            if let Some(user) = auth_method.get_user(authorization) {
+            if let Some(user) = get_auth_user(authorization) {
                if let Some((pass, paths)) = self.users.get(&user) {
                    if method == Method::OPTIONS {
                        return (Some(user), Some(AccessPaths::new(AccessPerm::ReadOnly)));
                    }
-                    if auth_method
+                    if check_auth(authorization, method.as_str(), &user, pass).is_some() {
                        .check(authorization, method.as_str(), &user, pass)
                        .is_some()
                    {
                        return (Some(user), paths.find(path, !is_readonly_method(method)));
                    } else {
                        return (None, None);
                    }
                }
            }
            return (None, None);
        }
        if method == Method::OPTIONS {
            return (None, Some(AccessPaths::new(AccessPerm::ReadOnly)));
        }
-        if let Some(paths) = self.anony.as_ref() {
+        if let Some(paths) = self.anonymous.as_ref() {
            return (None, paths.find(path, !is_readonly_method(method)));
        }
@@ -139,13 +146,26 @@ impl AccessPaths {
        self.perm
    }
-    fn set_perm(&mut self, perm: AccessPerm) {
+    pub fn set_perm(&mut self, perm: AccessPerm) {
-        if self.perm < perm {
+        if !perm.indexonly() {
-            self.perm = perm
+            self.perm = perm;
        }
    }
-    pub fn add(&mut self, path: &str, perm: AccessPerm) {
+    pub fn merge(&mut self, paths: &str) -> Option<()> {
        for item in paths.trim_matches(',').split(',') {
            let (path, perm) = match item.split_once(':') {
                None => (item, AccessPerm::ReadOnly),
                Some((path, "ro")) => (path, AccessPerm::ReadOnly),
                Some((path, "rw")) => (path, AccessPerm::ReadWrite),
                _ => return None,
            };
            self.add(path, perm);
        }
        Some(())
    }
    fn add(&mut self, path: &str, perm: AccessPerm) {
        let path = path.trim_matches('/');
        if path.is_empty() {
            self.set_perm(perm);
@@ -179,7 +199,11 @@ impl AccessPaths {
    }
    fn find_impl(&self, parts: &[&str], perm: AccessPerm) -> Option<AccessPaths> {
-        let perm = self.perm.max(perm);
+        let perm = if !self.perm.indexonly() {
            self.perm
        } else {
            perm
        };
        if parts.is_empty() {
            if perm.indexonly() {
                return Some(self.clone());
@@ -200,24 +224,24 @@ impl AccessPaths {
        child.find_impl(&parts[1..], perm)
    }
-    pub fn child_paths(&self) -> Vec<&String> {
+    pub fn child_names(&self) -> Vec<&String> {
        self.children.keys().collect()
    }
-    pub fn leaf_paths(&self, base: &Path) -> Vec<PathBuf> {
+    pub fn child_paths(&self, base: &Path) -> Vec<PathBuf> {
        if !self.perm().indexonly() {
            return vec![base.to_path_buf()];
        }
        let mut output = vec![];
-        self.leaf_paths_impl(&mut output, base);
+        self.child_paths_impl(&mut output, base);
        output
    }
-    fn leaf_paths_impl(&self, output: &mut Vec<PathBuf>, base: &Path) {
+    fn child_paths_impl(&self, output: &mut Vec<PathBuf>, base: &Path) {
        for (name, child) in self.children.iter() {
            let base = base.join(name);
            if child.perm().indexonly() {
-                child.leaf_paths_impl(output, &base);
+                child.child_paths_impl(output, &base);
            } else {
                output.push(base)
            }
@@ -234,160 +258,140 @@ pub enum AccessPerm {
 }
 impl AccessPerm {
    pub fn readwrite(&self) -> bool {
        self == &AccessPerm::ReadWrite
    }
    pub fn indexonly(&self) -> bool {
        self == &AccessPerm::IndexOnly
    }
 }
-fn is_readonly_method(method: &Method) -> bool {
+    pub fn readwrite(&self) -> bool {
-    method == Method::GET
+        self == &AccessPerm::ReadWrite
        || method == Method::OPTIONS
        || method == Method::HEAD
        || method.as_str() == "PROPFIND"
 }
 #[derive(Debug, Clone)]
 pub enum AuthMethod {
    Basic,
    Digest,
 }
 impl AuthMethod {
    pub fn www_auth(&self, stale: bool) -> Result<String> {
        match self {
            AuthMethod::Basic => Ok(format!("Basic realm=\"{REALM}\"")),
            AuthMethod::Digest => {
                let str_stale = if stale { "stale=true," } else { "" };
                Ok(format!(
                    "Digest realm=\"{}\",nonce=\"{}\",{}qop=\"auth\"",
                    REALM,
                    create_nonce()?,
                    str_stale
                ))
            }
        }
    }
 }
-    pub fn get_user(&self, authorization: &HeaderValue) -> Option<String> {
+pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> {
-        match self {
+    if args.auth.use_hashed_password {
-            AuthMethod::Basic => {
+        let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
-                let value: Vec<u8> = general_purpose::STANDARD
+        res.headers_mut().insert(WWW_AUTHENTICATE, basic);
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
+    } else {
-                    .ok()?;
+        let nonce = create_nonce()?;
-                let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
+        let digest = HeaderValue::from_str(&format!(
-                Some(parts[0].to_string())
+            "Digest realm=\"{}\", nonce=\"{}\", qop=\"auth\"",
-            }
+            REALM, nonce
-            AuthMethod::Digest => {
+        ))?;
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
+        let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
-                let digest_map = to_headermap(digest_value).ok()?;
+        res.headers_mut().append(WWW_AUTHENTICATE, digest);
-                digest_map
+        res.headers_mut().append(WWW_AUTHENTICATE, basic);
                    .get(b"username".as_ref())
                    .and_then(|b| std::str::from_utf8(b).ok())
                    .map(|v| v.to_string())
            }
        }
    }
    Ok(())
 }
-    fn check(
+pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> {
-        &self,
+    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
-        authorization: &HeaderValue,
+        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
-        method: &str,
+        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
-        auth_user: &str,
+        Some(parts[0].to_string())
-        auth_pass: &str,
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
-    ) -> Option<()> {
+        let digest_map = to_headermap(value).ok()?;
-        match self {
+        let username = digest_map.get(b"username".as_ref())?;
-            AuthMethod::Basic => {
+        std::str::from_utf8(username).map(|v| v.to_string()).ok()
-                let basic_value: Vec<u8> = general_purpose::STANDARD
+    } else {
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
+        None
-                    .ok()?;
+    }
-                let parts: Vec<&str> = std::str::from_utf8(&basic_value).ok()?.split(':').collect();
+}
-                if parts[0] != auth_user {
+pub fn check_auth(
-                    return None;
+    authorization: &HeaderValue,
-                }
+    method: &str,
    auth_user: &str,
    auth_pass: &str,
 ) -> Option<()> {
    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
-                if parts[1] == auth_pass {
+        if parts[0] != auth_user {
-                    return Some(());
+            return None;
-                }
+        }
-                None
+        if auth_pass.starts_with("$6$") {
            if let Ok(()) = sha_crypt::sha512_check(parts[1], auth_pass) {
                return Some(());
            }
-            AuthMethod::Digest => {
+        } else if parts[1] == auth_pass {
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
+            return Some(());
-                let digest_map = to_headermap(digest_value).ok()?;
+        }
                if let (Some(username), Some(nonce), Some(user_response)) = (
                    digest_map
                        .get(b"username".as_ref())
                        .and_then(|b| std::str::from_utf8(b).ok()),
                    digest_map.get(b"nonce".as_ref()),
                    digest_map.get(b"response".as_ref()),
                ) {
                    match validate_nonce(nonce) {
                        Ok(true) => {}
                        _ => return None,
                    }
                    if auth_user != username {
                        return None;
                    }
-                    let mut h = Context::new();
+        None
-                    h.consume(format!("{}:{}:{}", auth_user, REALM, auth_pass).as_bytes());
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
-                    let auth_pass = format!("{:x}", h.compute());
+        let digest_map = to_headermap(value).ok()?;
        if let (Some(username), Some(nonce), Some(user_response)) = (
            digest_map
                .get(b"username".as_ref())
                .and_then(|b| std::str::from_utf8(b).ok()),
            digest_map.get(b"nonce".as_ref()),
            digest_map.get(b"response".as_ref()),
        ) {
            match validate_nonce(nonce) {
                Ok(true) => {}
                _ => return None,
            }
            if auth_user != username {
                return None;
            }
-                    let mut ha = Context::new();
+            let mut h = Context::new();
-                    ha.consume(method);
+            h.consume(format!("{}:{}:{}", auth_user, REALM, auth_pass).as_bytes());
-                    ha.consume(b":");
+            let auth_pass = format!("{:x}", h.compute());
-                    if let Some(uri) = digest_map.get(b"uri".as_ref()) {
+
-                        ha.consume(uri);
+            let mut ha = Context::new();
-                    }
+            ha.consume(method);
-                    let ha = format!("{:x}", ha.compute());
+            ha.consume(b":");
-                    let mut correct_response = None;
+            if let Some(uri) = digest_map.get(b"uri".as_ref()) {
-                    if let Some(qop) = digest_map.get(b"qop".as_ref()) {
+                ha.consume(uri);
-                        if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
+            }
-                            correct_response = Some({
+            let ha = format!("{:x}", ha.compute());
-                                let mut c = Context::new();
+            let mut correct_response = None;
-                                c.consume(&auth_pass);
+            if let Some(qop) = digest_map.get(b"qop".as_ref()) {
-                                c.consume(b":");
+                if qop == &b"auth".as_ref() || qop == &b"auth-int".as_ref() {
-                                c.consume(nonce);
+                    correct_response = Some({
-                                c.consume(b":");
+                        let mut c = Context::new();
-                                if let Some(nc) = digest_map.get(b"nc".as_ref()) {
+                        c.consume(&auth_pass);
-                                    c.consume(nc);
+                        c.consume(b":");
-                                }
+                        c.consume(nonce);
-                                c.consume(b":");
+                        c.consume(b":");
-                                if let Some(cnonce) = digest_map.get(b"cnonce".as_ref()) {
+                        if let Some(nc) = digest_map.get(b"nc".as_ref()) {
-                                    c.consume(cnonce);
+                            c.consume(nc);
                                }
                                c.consume(b":");
                                c.consume(qop);
                                c.consume(b":");
                                c.consume(&*ha);
                                format!("{:x}", c.compute())
                            });
                        }
-                    }
+                        c.consume(b":");
-                    let correct_response = match correct_response {
+                        if let Some(cnonce) = digest_map.get(b"cnonce".as_ref()) {
-                        Some(r) => r,
+                            c.consume(cnonce);
                        None => {
                            let mut c = Context::new();
                            c.consume(&auth_pass);
                            c.consume(b":");
                            c.consume(nonce);
                            c.consume(b":");
                            c.consume(&*ha);
                            format!("{:x}", c.compute())
                        }
-                    };
+                        c.consume(b":");
-                    if correct_response.as_bytes() == *user_response {
+                        c.consume(qop);
-                        return Some(());
+                        c.consume(b":");
-                    }
+                        c.consume(&*ha);
                        format!("{:x}", c.compute())
                    });
                }
-                None
+            }
            let correct_response = match correct_response {
                Some(r) => r,
                None => {
                    let mut c = Context::new();
                    c.consume(&auth_pass);
                    c.consume(b":");
                    c.consume(nonce);
                    c.consume(b":");
                    c.consume(&*ha);
                    format!("{:x}", c.compute())
                }
            };
            if correct_response.as_bytes() == *user_response {
                return Some(());
            }
        }
        None
    } else {
        None
    }
 }
@@ -419,6 +423,13 @@ fn validate_nonce(nonce: &[u8]) -> Result<bool> {
    bail!("invalid nonce");
 }
 fn is_readonly_method(method: &Method) -> bool {
    method == Method::GET
        || method == Method::OPTIONS
        || method == Method::HEAD
        || method.as_str() == "PROPFIND"
 }
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
    let l = prefix.len();
    if search.len() < l {
@@ -482,24 +493,90 @@ fn create_nonce() -> Result<String> {
    Ok(n[..34].to_string())
 }
 fn split_account_paths(s: &str) -> Option<(&str, &str)> {
    let i = s.find("@/")?;
    Some((&s[0..i], &s[i + 1..]))
 }
 fn split_rules(rules: &[&str]) -> Vec<String> {
    let mut output = vec![];
    for rule in rules {
        let parts: Vec<&str> = rule.split('|').collect();
        let mut rules_list = vec![];
        let mut concated_part = String::new();
        for (i, part) in parts.iter().enumerate() {
            if part.contains("@/") {
                concated_part.push_str(part);
                let mut concated_part_tmp = String::new();
                std::mem::swap(&mut concated_part_tmp, &mut concated_part);
                rules_list.push(concated_part_tmp);
                continue;
            }
            concated_part.push_str(part);
            if i < parts.len() - 1 {
                concated_part.push('|');
            }
        }
        if !concated_part.is_empty() {
            rules_list.push(concated_part)
        }
        output.extend(rules_list);
    }
    output
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_split_account_paths() {
        assert_eq!(
            split_account_paths("user:pass@/:rw"),
            Some(("user:pass", "/:rw"))
        );
        assert_eq!(
            split_account_paths("user:pass@@/:rw"),
            Some(("user:pass@", "/:rw"))
        );
        assert_eq!(
            split_account_paths("user:pass@1@/:rw"),
            Some(("user:pass@1", "/:rw"))
        );
    }
    #[test]
    fn test_compact_split_rules() {
        assert_eq!(
            split_rules(&["user1:pass1@/:rw|user2:pass2@/:rw"]),
            ["user1:pass1@/:rw", "user2:pass2@/:rw"]
        );
        assert_eq!(
            split_rules(&["user1:pa|ss1@/:rw|user2:pa|ss2@/:rw"]),
            ["user1:pa|ss1@/:rw", "user2:pa|ss2@/:rw"]
        );
        assert_eq!(
            split_rules(&["user1:pa|ss1@/:rw|@/"]),
            ["user1:pa|ss1@/:rw", "@/"]
        );
    }
    #[test]
    fn test_access_paths() {
        let mut paths = AccessPaths::default();
        paths.add("/dir1", AccessPerm::ReadWrite);
-        paths.add("/dir2/dir1", AccessPerm::ReadWrite);
+        paths.add("/dir2/dir21", AccessPerm::ReadWrite);
-        paths.add("/dir2/dir2", AccessPerm::ReadOnly);
+        paths.add("/dir2/dir21/dir211", AccessPerm::ReadOnly);
-        paths.add("/dir2/dir3/dir1", AccessPerm::ReadWrite);
+        paths.add("/dir2/dir22", AccessPerm::ReadOnly);
        paths.add("/dir2/dir22/dir221", AccessPerm::ReadWrite);
        paths.add("/dir2/dir23/dir231", AccessPerm::ReadWrite);
        assert_eq!(
-            paths.leaf_paths(Path::new("/tmp")),
+            paths.child_paths(Path::new("/tmp")),
            [
                "/tmp/dir1",
-                "/tmp/dir2/dir1",
+                "/tmp/dir2/dir21",
-                "/tmp/dir2/dir2",
+                "/tmp/dir2/dir22",
-                "/tmp/dir2/dir3/dir1"
+                "/tmp/dir2/dir23/dir231",
            ]
            .iter()
            .map(PathBuf::from)
@@ -508,27 +585,31 @@ mod tests {
        assert_eq!(
            paths
                .find("dir2", false)
-                .map(|v| v.leaf_paths(Path::new("/tmp/dir2"))),
+                .map(|v| v.child_paths(Path::new("/tmp/dir2"))),
            Some(
-                ["/tmp/dir2/dir1", "/tmp/dir2/dir2", "/tmp/dir2/dir3/dir1"]
+                [
-                    .iter()
+                    "/tmp/dir2/dir21",
-                    .map(PathBuf::from)
+                    "/tmp/dir2/dir22",
-                    .collect::<Vec<_>>()
+                    "/tmp/dir2/dir23/dir231"
                ]
                .iter()
                .map(PathBuf::from)
                .collect::<Vec<_>>()
            )
        );
        assert_eq!(paths.find("dir2", true), None);
-        assert!(paths.find("dir1/file", true).is_some());
+        assert_eq!(
-    }
+            paths.find("dir1/file", true),
-
+            Some(AccessPaths::new(AccessPerm::ReadWrite))
-    #[test]
+        );
-    fn test_access_paths_perm() {
+        assert_eq!(
-        let mut paths = AccessPaths::default();
+            paths.find("dir2/dir21/file", true),
-        assert_eq!(paths.perm(), AccessPerm::IndexOnly);
+            Some(AccessPaths::new(AccessPerm::ReadWrite))
-        paths.set_perm(AccessPerm::ReadOnly);
+        );
-        assert_eq!(paths.perm(), AccessPerm::ReadOnly);
+        assert_eq!(
-        paths.set_perm(AccessPerm::ReadWrite);
+            paths.find("dir2/dir21/dir211/file", false),
-        assert_eq!(paths.perm(), AccessPerm::ReadWrite);
+            Some(AccessPaths::new(AccessPerm::ReadOnly))
-        paths.set_perm(AccessPerm::ReadOnly);
+        );
-        assert_eq!(paths.perm(), AccessPerm::ReadWrite);
+        assert_eq!(paths.find("dir2/dir21/dir211/file", true), None);
    }
 }
--- a/src/http_logger.rs
+++ b/src/http_logger.rs
@@ -1,23 +1,29 @@
-use std::{collections::HashMap, str::FromStr, sync::Arc};
+use std::{collections::HashMap, str::FromStr};
-use crate::{args::Args, server::Request};
+use crate::{auth::get_auth_user, server::Request};
 pub const DEFAULT_LOG_FORMAT: &str = r#"$remote_addr "$request" $status"#;
-#[derive(Debug)]
+#[derive(Debug, Clone, PartialEq)]
-pub struct LogHttp {
+pub struct HttpLogger {
    elements: Vec<LogElement>,
 }
-#[derive(Debug)]
+impl Default for HttpLogger {
    fn default() -> Self {
        DEFAULT_LOG_FORMAT.parse().unwrap()
    }
 }
 #[derive(Debug, Clone, PartialEq)]
 enum LogElement {
    Variable(String),
    Header(String),
    Literal(String),
 }
-impl LogHttp {
+impl HttpLogger {
-    pub fn data(&self, req: &Request, args: &Arc<Args>) -> HashMap<String, String> {
+    pub fn data(&self, req: &Request) -> HashMap<String, String> {
        let mut data = HashMap::default();
        for element in self.elements.iter() {
            match element {
@@ -26,10 +32,8 @@ impl LogHttp {
                        data.insert(name.to_string(), format!("{} {}", req.method(), req.uri()));
                    }
                    "remote_user" => {
-                        if let Some(user) = req
+                        if let Some(user) =
-                            .headers()
+                            req.headers().get("authorization").and_then(get_auth_user)
                            .get("authorization")
                            .and_then(|v| args.auth_method.get_user(v))
                        {
                            data.insert(name.to_string(), user);
                        }
@@ -66,7 +70,7 @@ impl LogHttp {
    }
 }
-impl FromStr for LogHttp {
+impl FromStr for HttpLogger {
    type Err = anyhow::Error;
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        let mut elements = vec![];
--- a/src/http_utils.rs
+++ b/src/http_utils.rs
@@ -0,0 +1,105 @@
 use bytes::{Bytes, BytesMut};
 use futures_util::Stream;
 use http_body_util::{combinators::BoxBody, BodyExt, Full};
 use hyper::body::{Body, Incoming};
 use std::{
    pin::Pin,
    task::{Context, Poll},
 };
 use tokio::io::AsyncRead;
 use tokio_util::io::poll_read_buf;
 #[derive(Debug)]
 pub struct IncomingStream {
    inner: Incoming,
 }
 impl IncomingStream {
    pub fn new(inner: Incoming) -> Self {
        Self { inner }
    }
 }
 impl Stream for IncomingStream {
    type Item = Result<Bytes, anyhow::Error>;
    #[inline]
    fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
        loop {
            match futures_util::ready!(Pin::new(&mut self.inner).poll_frame(cx)?) {
                Some(frame) => match frame.into_data() {
                    Ok(data) => return Poll::Ready(Some(Ok(data))),
                    Err(_frame) => {}
                },
                None => return Poll::Ready(None),
            }
        }
    }
 }
 pin_project_lite::pin_project! {
    pub struct LengthLimitedStream<R> {
        #[pin]
        reader: Option<R>,
        remaining: usize,
        buf: BytesMut,
        capacity: usize,
    }
 }
 impl<R> LengthLimitedStream<R> {
    pub fn new(reader: R, limit: usize) -> Self {
        Self {
            reader: Some(reader),
            remaining: limit,
            buf: BytesMut::new(),
            capacity: 4096,
        }
    }
 }
 impl<R: AsyncRead> Stream for LengthLimitedStream<R> {
    type Item = std::io::Result<Bytes>;
    fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
        let mut this = self.as_mut().project();
        if *this.remaining == 0 {
            self.project().reader.set(None);
            return Poll::Ready(None);
        }
        let reader = match this.reader.as_pin_mut() {
            Some(r) => r,
            None => return Poll::Ready(None),
        };
        if this.buf.capacity() == 0 {
            this.buf.reserve(*this.capacity);
        }
        match poll_read_buf(reader, cx, &mut this.buf) {
            Poll::Pending => Poll::Pending,
            Poll::Ready(Err(err)) => {
                self.project().reader.set(None);
                Poll::Ready(Some(Err(err)))
            }
            Poll::Ready(Ok(0)) => {
                self.project().reader.set(None);
                Poll::Ready(None)
            }
            Poll::Ready(Ok(_)) => {
                let mut chunk = this.buf.split();
                let chunk_size = (*this.remaining).min(chunk.len());
                chunk.truncate(chunk_size);
                *this.remaining -= chunk_size;
                Poll::Ready(Some(Ok(chunk.freeze())))
            }
        }
    }
 }
 pub fn body_full(content: impl Into<hyper::body::Bytes>) -> BoxBody<Bytes, anyhow::Error> {
    Full::new(content.into())
        .map_err(anyhow::Error::new)
        .boxed()
 }
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,38 +1,37 @@
 mod args;
 mod auth;
-mod log_http;
+mod http_logger;
 mod http_utils;
 mod logger;
 mod server;
 mod streamer;
 #[cfg(feature = "tls")]
 mod tls;
 #[cfg(unix)]
 mod unix;
 mod utils;
 #[macro_use]
 extern crate log;
 use crate::args::{build_cli, print_completions, Args};
-use crate::server::{Request, Server};
+use crate::server::Server;
 #[cfg(feature = "tls")]
-use crate::tls::{TlsAcceptor, TlsStream};
+use crate::utils::{load_certs, load_private_key};
 use anyhow::{anyhow, Context, Result};
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::Arc;
 use args::BindAddr;
 use clap_complete::Shell;
-use futures::future::join_all;
+use futures_util::future::join_all;
 use tokio::net::TcpListener;
 use tokio::task::JoinHandle;
-use hyper::server::conn::{AddrIncoming, AddrStream};
+use hyper::{body::Incoming, service::service_fn, Request};
-use hyper::service::{make_service_fn, service_fn};
+use hyper_util::{
    rt::{TokioExecutor, TokioIo},
    server::conn::auto::Builder,
 };
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
 use std::sync::{
    atomic::{AtomicBool, Ordering},
    Arc,
 };
 use tokio::{net::TcpListener, task::JoinHandle};
 #[cfg(feature = "tls")]
-use rustls::ServerConfig;
+use tokio_rustls::{rustls::ServerConfig, TlsAcceptor};
 #[tokio::main]
 async fn main() -> Result<()> {
@@ -44,11 +43,13 @@ async fn main() -> Result<()> {
        print_completions(*generator, &mut cmd);
        return Ok(());
    }
-    let args = Args::parse(matches)?;
+    let mut args = Args::parse(matches)?;
-    let args = Arc::new(args);
+    let (new_addrs, print_addrs) = check_addrs(&args)?;
    args.addrs = new_addrs;
    let running = Arc::new(AtomicBool::new(true));
-    let handles = serve(args.clone(), running.clone())?;
+    let listening = print_listening(&args, &print_addrs)?;
-    print_listening(args)?;
+    let handles = serve(args, running.clone())?;
    println!("{listening}");
    tokio::select! {
        ret = join_all(handles) => {
@@ -66,58 +67,66 @@ async fn main() -> Result<()> {
    }
 }
-fn serve(
+fn serve(args: Args, running: Arc<AtomicBool>) -> Result<Vec<JoinHandle<()>>> {
-    args: Arc<Args>,
+    let addrs = args.addrs.clone();
    running: Arc<AtomicBool>,
 ) -> Result<Vec<JoinHandle<Result<(), hyper::Error>>>> {
    let inner = Arc::new(Server::init(args.clone(), running)?);
    let mut handles = vec![];
    let port = args.port;
-    for bind_addr in args.addrs.iter() {
+    let tls_config = (args.tls_cert.clone(), args.tls_key.clone());
-        let inner = inner.clone();
+    let server_handle = Arc::new(Server::init(args, running)?);
-        let serve_func = move |remote_addr: Option<SocketAddr>| {
+    let mut handles = vec![];
-            let inner = inner.clone();
+    for bind_addr in addrs.iter() {
-            async move {
+        let server_handle = server_handle.clone();
                Ok::<_, hyper::Error>(service_fn(move |req: Request| {
                    let inner = inner.clone();
                    inner.call(req, remote_addr)
                }))
            }
        };
        match bind_addr {
            BindAddr::Address(ip) => {
-                let incoming = create_addr_incoming(SocketAddr::new(*ip, port))
+                let listener = create_listener(SocketAddr::new(*ip, port))
                    .with_context(|| format!("Failed to bind `{ip}:{port}`"))?;
-                match args.tls.as_ref() {
+
                match &tls_config {
                    #[cfg(feature = "tls")]
-                    Some((certs, key)) => {
+                    (Some(cert_file), Some(key_file)) => {
-                        let config = ServerConfig::builder()
+                        let certs = load_certs(cert_file)?;
-                            .with_safe_defaults()
+                        let key = load_private_key(key_file)?;
                        let mut config = ServerConfig::builder()
                            .with_no_client_auth()
-                            .with_single_cert(certs.clone(), key.clone())?;
+                            .with_single_cert(certs, key)?;
                        config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
                        let config = Arc::new(config);
-                        let accepter = TlsAcceptor::new(config.clone(), incoming);
+                        let tls_accepter = TlsAcceptor::from(config);
-                        let new_service = make_service_fn(move |socket: &TlsStream| {
+
-                            let remote_addr = socket.remote_addr();
+                        let handle = tokio::spawn(async move {
-                            serve_func(Some(remote_addr))
+                            loop {
                                let (cnx, addr) = listener.accept().await.unwrap();
                                let Ok(stream) = tls_accepter.accept(cnx).await else {
                                    warn!("During cls handshake connection from {}", addr);
                                    continue;
                                };
                                let stream = TokioIo::new(stream);
                                tokio::spawn(handle_stream(
                                    server_handle.clone(),
                                    stream,
                                    Some(addr),
                                ));
                            }
                        });
-                        let server =
+
-                            tokio::spawn(hyper::Server::builder(accepter).serve(new_service));
+                        handles.push(handle);
                        handles.push(server);
                    }
-                    #[cfg(not(feature = "tls"))]
+                    (None, None) => {
-                    Some(_) => {
+                        let handle = tokio::spawn(async move {
                            loop {
                                let (cnx, addr) = listener.accept().await.unwrap();
                                let stream = TokioIo::new(cnx);
                                tokio::spawn(handle_stream(
                                    server_handle.clone(),
                                    stream,
                                    Some(addr),
                                ));
                            }
                        });
                        handles.push(handle);
                    }
                    _ => {
                        unreachable!()
                    }
                    None => {
                        let new_service = make_service_fn(move |socket: &AddrStream| {
                            let remote_addr = socket.remote_addr();
                            serve_func(Some(remote_addr))
                        });
                        let server =
                            tokio::spawn(hyper::Server::builder(incoming).serve(new_service));
                        handles.push(server);
                    }
                };
            }
            BindAddr::Path(path) => {
@@ -128,10 +137,15 @@ fn serve(
                {
                    let listener = tokio::net::UnixListener::bind(path)
                        .with_context(|| format!("Failed to bind `{}`", path.display()))?;
-                    let acceptor = unix::UnixAcceptor::from_listener(listener);
+                    let handle = tokio::spawn(async move {
-                    let new_service = make_service_fn(move |_| serve_func(None));
+                        loop {
-                    let server = tokio::spawn(hyper::Server::builder(acceptor).serve(new_service));
+                            let (cnx, _) = listener.accept().await.unwrap();
-                    handles.push(server);
+                            let stream = TokioIo::new(cnx);
                            tokio::spawn(handle_stream(server_handle.clone(), stream, None));
                        }
                    });
                    handles.push(handle);
                }
            }
        }
@@ -139,7 +153,30 @@ fn serve(
    Ok(handles)
 }
-fn create_addr_incoming(addr: SocketAddr) -> Result<AddrIncoming> {
+async fn handle_stream<T>(handle: Arc<Server>, stream: TokioIo<T>, addr: Option<SocketAddr>)
 where
    T: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin + Send + 'static,
 {
    let hyper_service =
        service_fn(move |request: Request<Incoming>| handle.clone().call(request, addr));
    let ret = Builder::new(TokioExecutor::new())
        .serve_connection_with_upgrades(stream, hyper_service)
        .await;
    if let Err(err) = ret {
        let scope = match addr {
            Some(addr) => format!(" from {}", addr),
            None => String::new(),
        };
        match err.downcast_ref::<std::io::Error>() {
            Some(err) if err.kind() == std::io::ErrorKind::UnexpectedEof => {}
            _ => warn!("Serving connection{}: {}", scope, err),
        }
    }
 }
 fn create_listener(addr: SocketAddr) -> Result<TcpListener> {
    use socket2::{Domain, Protocol, Socket, Type};
    let socket = Socket::new(Domain::for_address(addr), Type::STREAM, Some(Protocol::TCP))?;
    if addr.is_ipv6() {
@@ -150,52 +187,79 @@ fn create_addr_incoming(addr: SocketAddr) -> Result<AddrIncoming> {
    socket.listen(1024 /* Default backlog */)?;
    let std_listener = StdTcpListener::from(socket);
    std_listener.set_nonblocking(true)?;
-    let incoming = AddrIncoming::from_listener(TcpListener::from_std(std_listener)?)?;
+    let listener = TcpListener::from_std(std_listener)?;
-    Ok(incoming)
+    Ok(listener)
 }
-fn print_listening(args: Arc<Args>) -> Result<()> {
+fn check_addrs(args: &Args) -> Result<(Vec<BindAddr>, Vec<BindAddr>)> {
-    let mut bind_addrs = vec![];
+    let mut new_addrs = vec![];
-    let (mut ipv4, mut ipv6) = (false, false);
+    let mut print_addrs = vec![];
    let (ipv4_addrs, ipv6_addrs) = interface_addrs()?;
    for bind_addr in args.addrs.iter() {
        match bind_addr {
-            BindAddr::Address(ip) => {
+            BindAddr::Address(ip) => match &ip {
-                if ip.is_unspecified() {
+                IpAddr::V4(_) => {
-                    if ip.is_ipv6() {
+                    if !ipv4_addrs.is_empty() {
-                        ipv6 = true;
+                        new_addrs.push(bind_addr.clone());
-                    } else {
+                        if ip.is_unspecified() {
-                        ipv4 = true;
+                            print_addrs.extend(ipv4_addrs.clone());
                        } else {
                            print_addrs.push(bind_addr.clone());
                        }
                    }
                } else {
                    bind_addrs.push(bind_addr.clone());
                }
-            }
+                IpAddr::V6(_) => {
-            _ => bind_addrs.push(bind_addr.clone()),
+                    if !ipv6_addrs.is_empty() {
-        }
+                        new_addrs.push(bind_addr.clone());
-    }
+                        if ip.is_unspecified() {
-    if ipv4 || ipv6 {
+                            print_addrs.extend(ipv6_addrs.clone());
-        let ifaces =
+                        } else {
-            if_addrs::get_if_addrs().with_context(|| "Failed to get local interface addresses")?;
+                            print_addrs.push(bind_addr.clone())
-        for iface in ifaces.into_iter() {
+                        }
-            let local_ip = iface.ip();
+                    }
-            if ipv4 && local_ip.is_ipv4() {
+                }
-                bind_addrs.push(BindAddr::Address(local_ip))
+            },
-            }
+            _ => {
-            if ipv6 && local_ip.is_ipv6() {
+                new_addrs.push(bind_addr.clone());
-                bind_addrs.push(BindAddr::Address(local_ip))
+                print_addrs.push(bind_addr.clone())
            }
        }
    }
-    bind_addrs.sort_unstable();
+    print_addrs.sort_unstable();
-    let urls = bind_addrs
+    Ok((new_addrs, print_addrs))
-        .into_iter()
+}
 fn interface_addrs() -> Result<(Vec<BindAddr>, Vec<BindAddr>)> {
    let (mut ipv4_addrs, mut ipv6_addrs) = (vec![], vec![]);
    let ifaces =
        if_addrs::get_if_addrs().with_context(|| "Failed to get local interface addresses")?;
    for iface in ifaces.into_iter() {
        let ip = iface.ip();
        if ip.is_ipv4() {
            ipv4_addrs.push(BindAddr::Address(ip))
        }
        if ip.is_ipv6() {
            ipv6_addrs.push(BindAddr::Address(ip))
        }
    }
    Ok((ipv4_addrs, ipv6_addrs))
 }
 fn print_listening(args: &Args, print_addrs: &[BindAddr]) -> Result<String> {
    let mut output = String::new();
    let urls = print_addrs
        .iter()
        .map(|bind_addr| match bind_addr {
            BindAddr::Address(addr) => {
                let addr = match addr {
                    IpAddr::V4(_) => format!("{}:{}", addr, args.port),
                    IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
                };
-                let protocol = if args.tls.is_some() { "https" } else { "http" };
+                let protocol = if args.tls_cert.is_some() {
                    "https"
                } else {
                    "http"
                };
                format!("{}://{}{}", protocol, addr, args.uri_prefix)
            }
            BindAddr::Path(path) => path.display().to_string(),
@@ -203,17 +267,17 @@ fn print_listening(args: Arc<Args>) -> Result<()> {
        .collect::<Vec<_>>();
    if urls.len() == 1 {
-        println!("Listening on {}", urls[0]);
+        output.push_str(&format!("Listening on {}", urls[0]))
    } else {
        let info = urls
            .iter()
            .map(|v| format!("  {v}"))
            .collect::<Vec<String>>()
            .join("\n");
-        println!("Listening on:\n{info}\n");
+        output.push_str(&format!("Listening on:\n{info}\n"))
    }
-    Ok(())
+    Ok(output)
 }
 async fn shutdown_signal() {
--- a/src/server.rs
+++ b/src/server.rs
--- a/src/streamer.rs
+++ b/src/streamer.rs
@@ -1,68 +0,0 @@
 use async_stream::stream;
 use futures::{Stream, StreamExt};
 use std::io::Error;
 use std::pin::Pin;
 use tokio::io::{AsyncRead, AsyncReadExt};
 pub struct Streamer<R>
 where
    R: AsyncRead + Unpin + Send + 'static,
 {
    reader: R,
    buf_size: usize,
 }
 impl<R> Streamer<R>
 where
    R: AsyncRead + Unpin + Send + 'static,
 {
    #[inline]
    pub fn new(reader: R, buf_size: usize) -> Self {
        Self { reader, buf_size }
    }
    pub fn into_stream(
        mut self,
    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
        let stream = stream! {
            loop {
                let mut buf = vec![0; self.buf_size];
                let r = self.reader.read(&mut buf).await?;
                if r == 0 {
                    break
                }
                buf.truncate(r);
                yield Ok(buf);
            }
        };
        stream.boxed()
    }
    // allow truncation as truncated remaining is always less than buf_size: usize
    pub fn into_stream_sized(
        mut self,
        max_length: u64,
    ) -> Pin<Box<impl ?Sized + Stream<Item = Result<Vec<u8>, Error>> + 'static>> {
        let stream = stream! {
        let mut remaining = max_length;
            loop {
                if remaining == 0 {
                    break;
                }
                let bs = if remaining >= self.buf_size as u64 {
                    self.buf_size
                } else {
                    remaining as usize
                };
                let mut buf = vec![0; bs];
                let r = self.reader.read(&mut buf).await?;
                if r == 0 {
                    break;
                } else {
                    buf.truncate(r);
                    yield Ok(buf);
                }
                remaining -= r as u64;
            }
        };
        stream.boxed()
    }
 }
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -1,161 +0,0 @@
 use anyhow::{anyhow, bail, Context as AnyhowContext, Result};
 use core::task::{Context, Poll};
 use futures::ready;
 use hyper::server::accept::Accept;
 use hyper::server::conn::{AddrIncoming, AddrStream};
 use rustls::{Certificate, PrivateKey};
 use std::future::Future;
 use std::net::SocketAddr;
 use std::path::Path;
 use std::pin::Pin;
 use std::sync::Arc;
 use std::{fs, io};
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 use tokio_rustls::rustls::ServerConfig;
 enum State {
    Handshaking(tokio_rustls::Accept<AddrStream>),
    Streaming(tokio_rustls::server::TlsStream<AddrStream>),
 }
 // tokio_rustls::server::TlsStream doesn't expose constructor methods,
 // so we have to TlsAcceptor::accept and handshake to have access to it
 // TlsStream implements AsyncRead/AsyncWrite handshaking tokio_rustls::Accept first
 pub struct TlsStream {
    state: State,
    remote_addr: SocketAddr,
 }
 impl TlsStream {
    fn new(stream: AddrStream, config: Arc<ServerConfig>) -> TlsStream {
        let remote_addr = stream.remote_addr();
        let accept = tokio_rustls::TlsAcceptor::from(config).accept(stream);
        TlsStream {
            state: State::Handshaking(accept),
            remote_addr,
        }
    }
    pub fn remote_addr(&self) -> SocketAddr {
        self.remote_addr
    }
 }
 impl AsyncRead for TlsStream {
    fn poll_read(
        self: Pin<&mut Self>,
        cx: &mut Context,
        buf: &mut ReadBuf,
    ) -> Poll<io::Result<()>> {
        let pin = self.get_mut();
        match pin.state {
            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
                Ok(mut stream) => {
                    let result = Pin::new(&mut stream).poll_read(cx, buf);
                    pin.state = State::Streaming(stream);
                    result
                }
                Err(err) => Poll::Ready(Err(err)),
            },
            State::Streaming(ref mut stream) => Pin::new(stream).poll_read(cx, buf),
        }
    }
 }
 impl AsyncWrite for TlsStream {
    fn poll_write(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &[u8],
    ) -> Poll<io::Result<usize>> {
        let pin = self.get_mut();
        match pin.state {
            State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) {
                Ok(mut stream) => {
                    let result = Pin::new(&mut stream).poll_write(cx, buf);
                    pin.state = State::Streaming(stream);
                    result
                }
                Err(err) => Poll::Ready(Err(err)),
            },
            State::Streaming(ref mut stream) => Pin::new(stream).poll_write(cx, buf),
        }
    }
    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        match self.state {
            State::Handshaking(_) => Poll::Ready(Ok(())),
            State::Streaming(ref mut stream) => Pin::new(stream).poll_flush(cx),
        }
    }
    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        match self.state {
            State::Handshaking(_) => Poll::Ready(Ok(())),
            State::Streaming(ref mut stream) => Pin::new(stream).poll_shutdown(cx),
        }
    }
 }
 pub struct TlsAcceptor {
    config: Arc<ServerConfig>,
    incoming: AddrIncoming,
 }
 impl TlsAcceptor {
    pub fn new(config: Arc<ServerConfig>, incoming: AddrIncoming) -> TlsAcceptor {
        TlsAcceptor { config, incoming }
    }
 }
 impl Accept for TlsAcceptor {
    type Conn = TlsStream;
    type Error = io::Error;
    fn poll_accept(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
    ) -> Poll<Option<Result<Self::Conn, Self::Error>>> {
        let pin = self.get_mut();
        match ready!(Pin::new(&mut pin.incoming).poll_accept(cx)) {
            Some(Ok(sock)) => Poll::Ready(Some(Ok(TlsStream::new(sock, pin.config.clone())))),
            Some(Err(e)) => Poll::Ready(Some(Err(e))),
            None => Poll::Ready(None),
        }
    }
 }
 // Load public certificate from file.
 pub fn load_certs<T: AsRef<Path>>(filename: T) -> Result<Vec<Certificate>> {
    // Open certificate file.
    let cert_file = fs::File::open(filename.as_ref())
        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
    let mut reader = io::BufReader::new(cert_file);
    // Load and return certificate.
    let certs = rustls_pemfile::certs(&mut reader).with_context(|| "Failed to load certificate")?;
    if certs.is_empty() {
        bail!("No supported certificate in file");
    }
    Ok(certs.into_iter().map(Certificate).collect())
 }
 // Load private key from file.
 pub fn load_private_key<T: AsRef<Path>>(filename: T) -> Result<PrivateKey> {
    let key_file = fs::File::open(filename.as_ref())
        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
    let mut reader = io::BufReader::new(key_file);
    // Load and return a single private key.
    let keys = rustls_pemfile::read_all(&mut reader)
        .with_context(|| "There was a problem with reading private key")?
        .into_iter()
        .find_map(|item| match item {
            rustls_pemfile::Item::RSAKey(key)
            | rustls_pemfile::Item::PKCS8Key(key)
            | rustls_pemfile::Item::ECKey(key) => Some(key),
            _ => None,
        })
        .ok_or_else(|| anyhow!("No supported private key in file"))?;
    Ok(PrivateKey(keys))
 }
--- a/src/unix.rs
+++ b/src/unix.rs
@@ -1,31 +0,0 @@
 use hyper::server::accept::Accept;
 use tokio::net::UnixListener;
 use std::pin::Pin;
 use std::task::{Context, Poll};
 pub struct UnixAcceptor {
    inner: UnixListener,
 }
 impl UnixAcceptor {
    pub fn from_listener(listener: UnixListener) -> Self {
        Self { inner: listener }
    }
 }
 impl Accept for UnixAcceptor {
    type Conn = tokio::net::UnixStream;
    type Error = std::io::Error;
    fn poll_accept(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
    ) -> Poll<Option<Result<Self::Conn, Self::Error>>> {
        match self.inner.poll_accept(cx) {
            Poll::Pending => Poll::Pending,
            Poll::Ready(Ok((socket, _addr))) => Poll::Ready(Some(Ok(socket))),
            Poll::Ready(Err(err)) => Poll::Ready(Some(Err(err))),
        }
    }
 }
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -1,5 +1,7 @@
 use anyhow::{anyhow, Context, Result};
 use chrono::{DateTime, Utc};
 #[cfg(feature = "tls")]
 use rustls_pki_types::{CertificateDer, PrivateKeyDer};
 use std::{
    borrow::Cow,
    path::Path,
@@ -58,26 +60,115 @@ pub fn glob(pattern: &str, target: &str) -> bool {
    pat.matches(target)
 }
-#[test]
+// Load public certificate from file.
-fn test_glob_key() {
+#[cfg(feature = "tls")]
-    assert!(glob("", ""));
+pub fn load_certs<T: AsRef<Path>>(filename: T) -> Result<Vec<CertificateDer<'static>>> {
-    assert!(glob(".*", ".git"));
+    // Open certificate file.
-    assert!(glob("abc", "abc"));
+    let cert_file = std::fs::File::open(filename.as_ref())
-    assert!(glob("a*c", "abc"));
+        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
-    assert!(glob("a?c", "abc"));
+    let mut reader = std::io::BufReader::new(cert_file);
-    assert!(glob("a*c", "abbc"));
+
-    assert!(glob("*c", "abc"));
+    // Load and return certificate.
-    assert!(glob("a*", "abc"));
+    let mut certs = vec![];
-    assert!(glob("?c", "bc"));
+    for cert in rustls_pemfile::certs(&mut reader) {
-    assert!(glob("a?", "ab"));
+        let cert = cert.with_context(|| "Failed to load certificate")?;
-    assert!(!glob("abc", "adc"));
+        certs.push(cert)
-    assert!(!glob("abc", "abcd"));
+    }
-    assert!(!glob("a?c", "abbc"));
+    if certs.is_empty() {
-    assert!(!glob("*.log", "log"));
+        anyhow::bail!("No supported certificate in file");
-    assert!(glob("*.abc-cba", "xyz.abc-cba"));
+    }
-    assert!(glob("*.abc-cba", "123.xyz.abc-cba"));
+    Ok(certs)
-    assert!(glob("*.log", ".log"));
+}
-    assert!(glob("*.log", "a.log"));
+
-    assert!(glob("*/", "abc/"));
+// Load private key from file.
-    assert!(!glob("*/", "abc"));
+#[cfg(feature = "tls")]
 pub fn load_private_key<T: AsRef<Path>>(filename: T) -> Result<PrivateKeyDer<'static>> {
    let key_file = std::fs::File::open(filename.as_ref())
        .with_context(|| format!("Failed to access `{}`", filename.as_ref().display()))?;
    let mut reader = std::io::BufReader::new(key_file);
    // Load and return a single private key.
    for key in rustls_pemfile::read_all(&mut reader) {
        let key = key.with_context(|| "There was a problem with reading private key")?;
        match key {
            rustls_pemfile::Item::Pkcs1Key(key) => return Ok(PrivateKeyDer::Pkcs1(key)),
            rustls_pemfile::Item::Pkcs8Key(key) => return Ok(PrivateKeyDer::Pkcs8(key)),
            rustls_pemfile::Item::Sec1Key(key) => return Ok(PrivateKeyDer::Sec1(key)),
            _ => {}
        }
    }
    anyhow::bail!("No supported private key in file");
 }
 pub fn parse_range(range: &str, size: u64) -> Option<(u64, u64)> {
    let (unit, range) = range.split_once('=')?;
    if unit != "bytes" || range.contains(',') {
        return None;
    }
    let (start, end) = range.split_once('-')?;
    if start.is_empty() {
        let offset = end.parse::<u64>().ok()?;
        if offset <= size {
            Some((size - offset, size - 1))
        } else {
            None
        }
    } else {
        let start = start.parse::<u64>().ok()?;
        if start < size {
            if end.is_empty() {
                Some((start, size - 1))
            } else {
                let end = end.parse::<u64>().ok()?;
                if end < size {
                    Some((start, end))
                } else {
                    None
                }
            }
        } else {
            None
        }
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_glob_key() {
        assert!(glob("", ""));
        assert!(glob(".*", ".git"));
        assert!(glob("abc", "abc"));
        assert!(glob("a*c", "abc"));
        assert!(glob("a?c", "abc"));
        assert!(glob("a*c", "abbc"));
        assert!(glob("*c", "abc"));
        assert!(glob("a*", "abc"));
        assert!(glob("?c", "bc"));
        assert!(glob("a?", "ab"));
        assert!(!glob("abc", "adc"));
        assert!(!glob("abc", "abcd"));
        assert!(!glob("a?c", "abbc"));
        assert!(!glob("*.log", "log"));
        assert!(glob("*.abc-cba", "xyz.abc-cba"));
        assert!(glob("*.abc-cba", "123.xyz.abc-cba"));
        assert!(glob("*.log", ".log"));
        assert!(glob("*.log", "a.log"));
        assert!(glob("*/", "abc/"));
        assert!(!glob("*/", "abc"));
    }
    #[test]
    fn test_parse_range() {
        assert_eq!(parse_range("bytes=0-499", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=0-", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=299-", 500), Some((299, 499)));
        assert_eq!(parse_range("bytes=-500", 500), Some((0, 499)));
        assert_eq!(parse_range("bytes=-300", 500), Some((200, 499)));
        assert_eq!(parse_range("bytes=500-", 500), None);
        assert_eq!(parse_range("bytes=-501", 500), None);
        assert_eq!(parse_range("bytes=0-500", 500), None);
    }
 }
--- a/tests/assets.rs
+++ b/tests/assets.rs
@@ -11,10 +11,11 @@ use std::process::{Command, Stdio};
 fn assets(server: TestServer) -> Result<(), Error> {
    let ver = env!("CARGO_PKG_VERSION");
    let resp = reqwest::blocking::get(server.url())?;
-    let index_js = format!("/__dufs_v{ver}_index.js");
+    let index_js = format!("/__dufs_v{ver}__/index.js");
-    let index_css = format!("/__dufs_v{ver}_index.css");
+    let index_css = format!("/__dufs_v{ver}__/index.css");
-    let favicon_ico = format!("/__dufs_v{ver}_favicon.ico");
+    let favicon_ico = format!("/__dufs_v{ver}__/favicon.ico");
    let text = resp.text()?;
    println!("{text}");
    assert!(text.contains(&format!(r#"href="{index_css}""#)));
    assert!(text.contains(&format!(r#"href="{favicon_ico}""#)));
    assert!(text.contains(&format!(r#"src="{index_js}""#)));
@@ -24,7 +25,7 @@ fn assets(server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn asset_js(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_index.js",
+        "{}__dufs_v{}__/index.js",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -32,7 +33,7 @@ fn asset_js(server: TestServer) -> Result<(), Error> {
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
    );
    Ok(())
 }
@@ -40,20 +41,23 @@ fn asset_js(server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn asset_css(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_index.css",
+        "{}__dufs_v{}__/index.css",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
    let resp = reqwest::blocking::get(url)?;
    assert_eq!(resp.status(), 200);
-    assert_eq!(resp.headers().get("content-type").unwrap(), "text/css");
+    assert_eq!(
        resp.headers().get("content-type").unwrap(),
        "text/css; charset=UTF-8"
    );
    Ok(())
 }
 #[rstest]
 fn asset_ico(server: TestServer) -> Result<(), Error> {
    let url = format!(
-        "{}__dufs_v{}_favicon.ico",
+        "{}__dufs_v{}__/favicon.ico",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -67,9 +71,9 @@ fn asset_ico(server: TestServer) -> Result<(), Error> {
 fn assets_with_prefix(#[with(&["--path-prefix", "xyz"])] server: TestServer) -> Result<(), Error> {
    let ver = env!("CARGO_PKG_VERSION");
    let resp = reqwest::blocking::get(format!("{}xyz/", server.url()))?;
-    let index_js = format!("/xyz/__dufs_v{ver}_index.js");
+    let index_js = format!("/xyz/__dufs_v{ver}__/index.js");
-    let index_css = format!("/xyz/__dufs_v{ver}_index.css");
+    let index_css = format!("/xyz/__dufs_v{ver}__/index.css");
-    let favicon_ico = format!("/xyz/__dufs_v{ver}_favicon.ico");
+    let favicon_ico = format!("/xyz/__dufs_v{ver}__/favicon.ico");
    let text = resp.text()?;
    assert!(text.contains(&format!(r#"href="{index_css}""#)));
    assert!(text.contains(&format!(r#"href="{favicon_ico}""#)));
@@ -82,7 +86,7 @@ fn asset_js_with_prefix(
    #[with(&["--path-prefix", "xyz"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!(
-        "{}xyz/__dufs_v{}_index.js",
+        "{}xyz/__dufs_v{}__/index.js",
        server.url(),
        env!("CARGO_PKG_VERSION")
    );
@@ -90,7 +94,7 @@ fn asset_js_with_prefix(
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-type").unwrap(),
-        "application/javascript"
+        "application/javascript; charset=UTF-8"
    );
    Ok(())
 }
@@ -111,7 +115,7 @@ fn assets_override(tmpdir: TempDir, port: u16) -> Result<(), Error> {
    let url = format!("http://localhost:{port}");
    let resp = reqwest::blocking::get(&url)?;
    assert!(resp.text()?.starts_with(&format!(
-        "/__dufs_v{}_index.js;DATA",
+        "/__dufs_v{}__/index.js;DATA",
        env!("CARGO_PKG_VERSION")
    )));
    let resp = reqwest::blocking::get(&url)?;
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -10,7 +10,15 @@ use rstest::rstest;
 fn no_auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    assert_eq!(resp.status(), 401);
-    assert!(resp.headers().contains_key("www-authenticate"));
+    let values: Vec<&str> = resp
        .headers()
        .get_all("www-authenticate")
        .iter()
        .map(|v| v.to_str().unwrap())
        .collect();
    assert!(values[0].starts_with("Digest"));
    assert!(values[1].starts_with("Basic"));
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
@@ -18,20 +26,67 @@ fn no_auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> R
 }
 #[rstest]
-fn auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Result<(), Error> {
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
 #[case(server(&["--auth", "user:pa:ss@1@/:rw", "-A"]), "user", "pa:ss@1")]
 fn auth(#[case] server: TestServer, #[case] user: &str, #[case] pass: &str) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
-        .send_with_digest_auth("user", "pass")?;
+        .send_with_digest_auth(user, pass)?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
 #[rstest]
 fn invalid_auth(
    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"GET", server.url())
        .basic_auth("user", Some("-"))
        .send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"GET", server.url())
        .basic_auth("-", Some("pass"))
        .send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"GET", server.url())
        .header("Authorization", "Basic Og==")
        .send()?;
    assert_eq!(resp.status(), 401);
    Ok(())
 }
 const HASHED_PASSWORD_AUTH: &str =  "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw"; // user:pass
 #[rstest]
 fn auth_hashed_password(
    #[with(&["--auth", HASHED_PASSWORD_AUTH, "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 401);
    if let Err(err) = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
        .send_with_digest_auth("user", "pass")
    {
        assert_eq!(
            format!("{err:?}"),
            r#"DigestAuth(MissingRequired("realm", "Basic realm=\"DUFS\""))"#
        );
    }
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
        .basic_auth("user", Some("pass"))
        .send()?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
 #[rstest]
 fn auth_and_public(
-    #[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
+    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
@@ -65,6 +120,20 @@ fn auth_skip_on_options_method(
 #[rstest]
 fn auth_check(
    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"WRITEABLE", &url).send()?;
    assert_eq!(resp.status(), 401);
    let resp = fetch!(b"WRITEABLE", &url).send_with_digest_auth("user2", "pass2")?;
    assert_eq!(resp.status(), 403);
    let resp = fetch!(b"WRITEABLE", &url).send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 200);
    Ok(())
 }
 #[rstest]
 fn auth_compact_rules(
    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
@@ -79,7 +148,7 @@ fn auth_check(
 #[rstest]
 fn auth_readonly(
-    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}index.html", server.url());
    let resp = fetch!(b"GET", &url).send()?;
@@ -96,7 +165,7 @@ fn auth_readonly(
 #[rstest]
 fn auth_nest(
-    #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "--auth", "user3:pass3@/dir1:rw", "-A"])]
+    #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "--auth", "user3:pass3@/dir1:rw", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}dir1/file1", server.url());
@@ -125,8 +194,8 @@ fn auth_nest_share(
 }
 #[rstest]
-#[case(server(&["--auth", "user:pass@/:rw", "--auth-method", "basic", "-A"]), "user", "pass")]
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
-#[case(server(&["--auth", "u1:p1@/:rw", "--auth-method", "basic", "-A"]), "u1", "p1")]
+#[case(server(&["--auth", "u1:p1@/:rw", "-A"]), "u1", "p1")]
 fn auth_basic(
    #[case] server: TestServer,
    #[case] user: &str,
@@ -201,3 +270,66 @@ fn auth_partial_index(
    );
    Ok(())
 }
 #[rstest]
 fn no_auth_propfind_dir(
    #[with(&["--auth", "admin:admin@/:rw", "--auth", "@/dir-assets", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", server.url()).send()?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
    assert!(body.contains("<D:href>/dir-assets/</D:href>"));
    assert!(body.contains("<D:href>/dir1/</D:href>"));
    Ok(())
 }
 #[rstest]
 fn auth_propfind_dir(
    #[with(&["--auth", "admin:admin@/:rw", "--auth", "user:pass@/dir-assets", "-A"])]
    server: TestServer,
 ) -> Result<(), Error> {
    let resp = fetch!(b"PROPFIND", server.url()).send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 207);
    let body = resp.text()?;
    assert!(body.contains("<D:href>/dir-assets/</D:href>"));
    assert!(!body.contains("<D:href>/dir1/</D:href>"));
    Ok(())
 }
 #[rstest]
 fn auth_data(
    #[with(&["-a", "user:pass@/:rw", "-a", "@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    let content = resp.text()?;
    let json = utils::retrive_json(&content).unwrap();
    assert_eq!(json["allow_delete"], serde_json::Value::Bool(false));
    assert_eq!(json["allow_upload"], serde_json::Value::Bool(false));
    let resp = fetch!(b"GET", server.url())
        .basic_auth("user", Some("pass"))
        .send()?;
    let content = resp.text()?;
    let json = utils::retrive_json(&content).unwrap();
    assert_eq!(json["allow_delete"], serde_json::Value::Bool(true));
    assert_eq!(json["allow_upload"], serde_json::Value::Bool(true));
    Ok(())
 }
 #[rstest]
 fn auth_precedence(
    #[with(&["--auth", "user:pass@/dir1:rw,/dir1/test.txt", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let url = format!("{}dir1/test.txt", server.url());
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
        .send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 403);
    let url = format!("{}dir1/file1", server.url());
    let resp = fetch!(b"PUT", &url)
        .body(b"abc".to_vec())
        .send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 201);
    Ok(())
 }
--- a/tests/bind.rs
+++ b/tests/bind.rs
@@ -76,9 +76,7 @@ fn validate_printed_urls(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> R
        .collect::<Vec<_>>();
    assert!(!urls.is_empty());
-    for url in urls {
+    reqwest::blocking::get(urls[0])?.error_for_status()?;
        reqwest::blocking::get(url)?.error_for_status()?;
    }
    child.kill()?;
--- a/tests/config.rs
+++ b/tests/config.rs
@@ -0,0 +1,56 @@
 mod fixtures;
 mod utils;
 use assert_cmd::prelude::*;
 use assert_fs::TempDir;
 use diqwest::blocking::WithDigestAuth;
 use fixtures::{port, tmpdir, wait_for_port, Error};
 use rstest::rstest;
 use std::path::PathBuf;
 use std::process::{Command, Stdio};
 #[rstest]
 fn use_config_file(tmpdir: TempDir, port: u16) -> Result<(), Error> {
    let config_path = get_config_path().display().to_string();
    let mut child = Command::cargo_bin("dufs")?
        .arg(tmpdir.path())
        .arg("-p")
        .arg(port.to_string())
        .args(["--config", &config_path])
        .stdout(Stdio::piped())
        .spawn()?;
    wait_for_port(port);
    let url = format!("http://localhost:{port}/dufs/index.html");
    let resp = fetch!(b"GET", &url).send()?;
    assert_eq!(resp.status(), 401);
    let url = format!("http://localhost:{port}/dufs/index.html");
    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.text()?, "This is index.html");
    let url = format!("http://localhost:{port}/dufs?simple");
    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
    let text: String = resp.text().unwrap();
    assert!(text.split('\n').any(|c| c == "dir1/"));
    assert!(!text.split('\n').any(|c| c == "dir3/"));
    assert!(!text.split('\n').any(|c| c == "test.txt"));
    let url = format!("http://localhost:{port}/dufs/dir1/upload.txt");
    let resp = fetch!(b"PUT", &url)
        .body("Hello")
        .send_with_digest_auth("user", "pass")?;
    assert_eq!(resp.status(), 201);
    child.kill()?;
    Ok(())
 }
 fn get_config_path() -> PathBuf {
    let mut path = std::env::current_dir().expect("Failed to get current directory");
    path.push("tests");
    path.push("data");
    path.push("config.yaml");
    path
 }
--- a/tests/data/config.yaml
+++ b/tests/data/config.yaml
@@ -0,0 +1,9 @@
 bind:
  - 0.0.0.0
 path-prefix: dufs
 hidden:
  - dir3
  - test.txt
 auth: 
  - user:pass@/:rw
 allow-upload: true
--- a/tests/fixtures.rs
+++ b/tests/fixtures.rs
@@ -16,7 +16,14 @@ pub const BIN_FILE: &str = "😀.bin";
 /// File names for testing purpose
 #[allow(dead_code)]
-pub static FILES: &[&str] = &["test.txt", "test.html", "index.html", BIN_FILE];
+pub static FILES: &[&str] = &[
    "test.txt",
    "test.html",
    "index.html",
    #[cfg(not(target_os = "windows"))]
    "file\n1.txt",
    BIN_FILE,
 ];
 /// Directory names for testing directory don't exist
 #[allow(dead_code)]
@@ -46,7 +53,7 @@ pub fn tmpdir() -> TempDir {
    let tmpdir = assert_fs::TempDir::new().expect("Couldn't create a temp dir for tests");
    for file in FILES {
        if *file == BIN_FILE {
-            tmpdir.child(file).write_binary(b"bin\0\0123").unwrap();
+            tmpdir.child(file).write_binary(b"bin\0\x00123").unwrap();
        } else {
            tmpdir
                .child(file)
@@ -58,7 +65,7 @@ pub fn tmpdir() -> TempDir {
        if *directory == DIR_ASSETS {
            tmpdir
                .child(format!("{}{}", directory, "index.html"))
-                .write_str("__ASSERTS_PREFIX__index.js;DATA = __INDEX_DATA__")
+                .write_str("__ASSETS_PREFIX__index.js;DATA = __INDEX_DATA__")
                .unwrap();
        } else {
            for file in FILES {
@@ -68,7 +75,7 @@ pub fn tmpdir() -> TempDir {
                if *file == BIN_FILE {
                    tmpdir
                        .child(format!("{directory}{file}"))
-                        .write_binary(b"bin\0\0123")
+                        .write_binary(b"bin\0\x00123")
                        .unwrap();
                } else {
                    tmpdir
--- a/tests/hidden.rs
+++ b/tests/hidden.rs
@@ -59,7 +59,7 @@ fn hidden_search_dir(#[case] server: TestServer, #[case] exist: bool) -> Result<
 #[rstest]
 #[case(server(&["--hidden", "hidden/"]), "dir4/", 1)]
 #[case(server(&["--hidden", "hidden"]), "dir4/", 0)]
-fn hidden_dir_noly(
+fn hidden_dir_only(
    #[case] server: TestServer,
    #[case] dir: &str,
    #[case] count: usize,
--- a/tests/http.rs
+++ b/tests/http.rs
@@ -40,7 +40,12 @@ fn head_dir_404(server: TestServer) -> Result<(), Error> {
 }
 #[rstest]
-fn get_dir_zip(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
+#[case(server(&["--allow-archive"] as &[&str]))]
 #[case(server(&["--allow-archive", "--compress", "none"]))]
 #[case(server(&["--allow-archive", "--compress", "low"]))]
 #[case(server(&["--allow-archive", "--compress", "medium"]))]
 #[case(server(&["--allow-archive", "--compress", "high"]))]
 fn get_dir_zip(#[case] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?zip", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
@@ -123,6 +128,15 @@ fn get_dir_search3(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[rstest]
 fn get_dir_search4(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}dir1?q=dir1&simple", server.url()))?;
    assert_eq!(resp.status(), 200);
    let text = resp.text().unwrap();
    assert!(text.is_empty());
    Ok(())
 }
 #[rstest]
 fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"HEAD", format!("{}?q={}", server.url(), "test.html")).send()?;
@@ -138,9 +152,7 @@ fn head_dir_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn empty_search(#[with(&["-A"])] server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}?q=", server.url()))?;
-    assert_eq!(resp.status(), 200);
+    assert_resp_paths!(resp);
    let paths = utils::retrieve_index_paths(&resp.text()?);
    assert!(paths.is_empty());
    Ok(())
 }
@@ -195,6 +207,18 @@ fn get_file_emoji_path(server: TestServer) -> Result<(), Error> {
    Ok(())
 }
 #[cfg(not(target_os = "windows"))]
 #[rstest]
 fn get_file_newline_path(server: TestServer) -> Result<(), Error> {
    let resp = reqwest::blocking::get(format!("{}file%0A1.txt", server.url()))?;
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("content-disposition").unwrap(),
        "inline; filename=\"file 1.txt\""
    );
    Ok(())
 }
 #[rstest]
 fn get_file_edit(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"GET", format!("{}index.html?edit", server.url())).send()?;
@@ -226,9 +250,12 @@ fn options_dir(server: TestServer) -> Result<(), Error> {
    assert_eq!(resp.status(), 200);
    assert_eq!(
        resp.headers().get("allow").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE"
    );
    assert_eq!(
        resp.headers().get("dav").unwrap(),
        "1, 2, 3, sabredav-partialupdate"
    );
    assert_eq!(resp.headers().get("dav").unwrap(), "1,2");
    Ok(())
 }
@@ -306,3 +333,19 @@ fn get_file_content_type(server: TestServer) -> Result<(), Error> {
    );
    Ok(())
 }
 #[rstest]
 fn resumable_upload(#[with(&["--allow-upload"])] server: TestServer) -> Result<(), Error> {
    let url = format!("{}file1", server.url());
    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
    assert_eq!(resp.status(), 201);
    let resp = fetch!(b"PATCH", &url)
        .header("X-Update-Range", "append")
        .body(b"123".to_vec())
        .send()?;
    assert_eq!(resp.status(), 204);
    let resp = reqwest::blocking::get(url)?;
    assert_eq!(resp.status(), 200);
    assert_eq!(resp.text().unwrap(), "abc123");
    Ok(())
 }
--- a/tests/http_logger.rs
+++ b/tests/http_logger.rs
@@ -12,7 +12,7 @@ use std::process::{Command, Stdio};
 #[rstest]
 #[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], false)]
-#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user", "--auth-method", "basic"], true)]
+#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], true)]
 fn log_remote_user(
    tmpdir: TempDir,
    port: u16,
@@ -41,7 +41,7 @@ fn log_remote_user(
    assert_eq!(resp.status(), 200);
-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;
@@ -69,10 +69,12 @@ fn no_log(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error
    let resp = fetch!(b"GET", &format!("http://localhost:{port}")).send()?;
    assert_eq!(resp.status(), 200);
-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;
    assert_eq!(output.lines().last().unwrap(), "");
    child.kill()?;
    Ok(())
 }
--- a/tests/range.rs
+++ b/tests/range.rs
@@ -2,7 +2,7 @@ mod fixtures;
 mod utils;
 use fixtures::{server, Error, TestServer};
-use headers::HeaderValue;
+use reqwest::header::HeaderValue;
 use rstest::rstest;
 #[rstest]
@@ -23,14 +23,10 @@ fn get_file_range_beyond(server: TestServer) -> Result<(), Error> {
    let resp = fetch!(b"GET", format!("{}index.html", server.url()))
        .header("range", HeaderValue::from_static("bytes=12-20"))
        .send()?;
-    assert_eq!(resp.status(), 206);
+    assert_eq!(resp.status(), 416);
-    assert_eq!(
+    assert_eq!(resp.headers().get("content-range").unwrap(), "bytes */18");
        resp.headers().get("content-range").unwrap(),
        "bytes 12-17/18"
    );
    assert_eq!(resp.headers().get("accept-ranges").unwrap(), "bytes");
-    assert_eq!(resp.headers().get("content-length").unwrap(), "6");
+    assert_eq!(resp.headers().get("content-length").unwrap(), "0");
    assert_eq!(resp.text()?, "x.html");
    Ok(())
 }
--- a/tests/single_file.rs
+++ b/tests/single_file.rs
@@ -53,7 +53,7 @@ fn path_prefix_single_file(tmpdir: TempDir, port: u16, #[case] file: &str) -> Re
    let resp = reqwest::blocking::get(format!("http://localhost:{port}/xyz/index.html"))?;
    assert_eq!(resp.text()?, "This is index.html");
    let resp = reqwest::blocking::get(format!("http://localhost:{port}"))?;
-    assert_eq!(resp.status(), 403);
+    assert_eq!(resp.status(), 400);
    child.kill()?;
    Ok(())
--- a/tests/tls.rs
+++ b/tests/tls.rs
@@ -7,6 +7,8 @@ use predicates::str::contains;
 use reqwest::blocking::ClientBuilder;
 use rstest::rstest;
 use crate::fixtures::port;
 /// Can start the server with TLS and receive encrypted responses.
 #[rstest]
 #[case(server(&[
@@ -33,8 +35,16 @@ fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
 /// Wrong path for cert throws error.
 #[rstest]
 fn wrong_path_cert() -> Result<(), Error> {
    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "wrong", "--tls-key", "tests/data/key.pem"])
+        .args([
            "--tls-cert",
            "wrong",
            "--tls-key",
            "tests/data/key.pem",
            "--port",
            &port,
        ])
        .assert()
        .failure()
        .stderr(contains("Failed to access `wrong`"));
@@ -45,8 +55,16 @@ fn wrong_path_cert() -> Result<(), Error> {
 /// Wrong paths for key throws errors.
 #[rstest]
 fn wrong_path_key() -> Result<(), Error> {
    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "tests/data/cert.pem", "--tls-key", "wrong"])
+        .args([
            "--tls-cert",
            "tests/data/cert.pem",
            "--tls-key",
            "wrong",
            "--port",
            &port,
        ])
        .assert()
        .failure()
        .stderr(contains("Failed to access `wrong`"));
--- a/tests/utils.rs
+++ b/tests/utils.rs
@@ -20,7 +20,7 @@ macro_rules! assert_resp_paths {
 #[macro_export]
 macro_rules! fetch {
    ($method:literal, $url:expr) => {
-        reqwest::blocking::Client::new().request(hyper::Method::from_bytes($method)?, $url)
+        reqwest::blocking::Client::new().request(reqwest::Method::from_bytes($method)?, $url)
    };
 }
@@ -59,7 +59,8 @@ pub fn encode_uri(v: &str) -> String {
    parts.join("/")
 }
-fn retrive_json(content: &str) -> Option<Value> {
+#[allow(dead_code)]
 pub fn retrive_json(content: &str) -> Option<Value> {
    let lines: Vec<&str> = content.lines().collect();
    let line = lines.iter().find(|v| v.contains("DATA ="))?;
    let line_col = line.find("DATA =").unwrap() + 6;
--- a/tests/webdav.rs
+++ b/tests/webdav.rs
@@ -49,7 +49,7 @@ fn propfind_404(server: TestServer) -> Result<(), Error> {
 #[rstest]
 fn propfind_double_slash(server: TestServer) -> Result<(), Error> {
-    let resp = fetch!(b"PROPFIND", format!("{}/", server.url())).send()?;
+    let resp = fetch!(b"PROPFIND", server.url()).send()?;
    assert_eq!(resp.status(), 207);
    Ok(())
 }
Author	SHA1	Message	Date
sigoden	22cf74e3c0	update deps	2024-02-13 03:16:57 +00:00
sigoden	6a6ac37be4	chore: release v0.40.0	2024-02-13 01:19:40 +00:00
sigoden	920b70abc4	refactor: improve resolve_path and handle_assets, abandon guard_path (#360 )	2024-02-07 16:27:22 +08:00
sigoden	015713bc6d	chore: update deps	2024-02-06 09:32:31 +00:00
sigoden	3c75a9c4cc	fix: guard req and destination path (#359 )	2024-02-06 17:23:18 +08:00
sigoden	871e8276ff	chore: add SECURITY.md	2024-02-05 00:09:25 +00:00
sigoden	f92c8ee91d	refactor: improve invalid auth (#356 )	2024-01-19 10:25:11 +08:00
sigoden	95eb648411	feat: revert supporting for forbidden permission (#352 )	2024-01-17 11:31:26 +08:00
sigoden	3354b1face	refactor: do not try to bind ipv6 if no ipv6 (#348 )	2024-01-16 09:03:27 +08:00
sigoden	9b348fc945	chore: fix typos	2024-01-15 12:53:59 +00:00
sigoden	e1fabc7349	chore: update readme	2024-01-11 09:07:40 +00:00
sigoden	58a46f7c3a	chore: release v0.39.0 (#345 )	2024-01-11 16:50:25 +08:00
sigoden	ef757281b3	chore: release v0.39.0	2024-01-11 08:31:56 +00:00
sigoden	de0614816a	refactor: propfind with auth no need to list all (#344 )	2024-01-11 16:10:10 +08:00
sigoden	81d2c49e3f	chore: update bug_report issue template	2024-01-11 07:04:44 +00:00
sigoden	ee21894452	feat: supports resumable uploads (#343 )	2024-01-11 14:56:30 +08:00
sigoden	0ac0c048ec	fix: corrupted zip when downloading large folders (#337 )	2024-01-07 10:50:15 +08:00
sigoden	17063454d3	chore: update bug_report issue tempalte	2024-01-05 00:37:41 +00:00
sigoden	af347f9cf0	feat: auth supports forbidden permissions (#329 )	2023-12-23 18:36:46 +08:00
sigoden	006e03ed30	fix: serve files with names containing newline char (#328 )	2023-12-23 15:40:41 +08:00
sigoden	77f86a4c60	fix: auth precedence (#325 )	2023-12-21 17:28:13 +08:00
sigoden	a66f95b39f	chore: log error during connection	2023-12-21 08:08:15 +00:00
sigoden	52506bc01f	refactor: optimize http range parsing and handling (#323 )	2023-12-21 15:46:55 +08:00
sigoden	270cc0cba2	feat: upgrade to hyper 1.0 (#321 )	2023-12-21 14:24:20 +08:00
sigoden	5988442d5c	chore: remove debug print	2023-12-14 11:08:10 +00:00
sigoden	3873f4794a	feat: add `--compress` option (#319 )	2023-12-14 18:59:28 +08:00
plantatorbob	cd84dff87f	fix: upload more than 100 files in directory (#317 )	2023-12-11 18:28:11 +08:00
sigoden	8590f3e841	chore: improve readme	2023-12-09 09:17:36 +00:00
sigoden	44a4ddf973	refactor: change the value name of `--config` (#313 )	2023-12-07 15:14:41 +08:00
sigoden	37800f630d	refactor: change the format of www-authenticate (#312 )	2023-12-07 15:04:14 +08:00
sigoden	5c850256f4	feat: empty search `?q=` list all paths (#311 )	2023-12-07 06:55:17 +08:00
sigoden	0cec573579	chore: release v0.38.0	2023-11-29 07:49:50 +08:00
sigoden	073b098111	feat: ui supports view file (#301 )	2023-11-28 07:14:53 +08:00
sigoden	6ff8b29b69	feat: more flexible config values (#299 )	2023-11-27 04:24:25 +08:00
sigoden	7584fe3d08	feat: deprecate the use of `\|` to separate auth rules (#298 )	2023-11-26 22:15:49 +08:00
sigoden	653cd167d0	feat: password can contain `:` `@` `\|` (#297 )	2023-11-26 20:47:57 +08:00
sigoden	ab29e39148	chore: trivial updates	2023-11-26 15:04:12 +08:00
sigoden	f8d6859354	refactor: ui improve uploading progress (#296 )	2023-11-26 10:23:37 +08:00
sigoden	130435c387	chore: update readme	2023-11-25 19:07:37 +08:00
sigoden	afdfde01f0	fix: unable to start if config file omit bind/port fields (#294 )	2023-11-25 18:54:36 +08:00
sigoden	ae97c714d6	refactor: ui change the cursor for upload-btn to a pointer (#291 )	2023-11-21 16:24:59 +08:00
sigoden	c352dab470	refactor: take improvements from the edge browser (#289 )	2023-11-15 19:44:44 +08:00
sigoden	743db47f90	chore: release v0.37.1	2023-11-08 11:11:36 +08:00
sigoden	a476c15a09	fix: use DUFS_CONFIG to specify the config file path (#286 )	2023-11-08 11:10:47 +08:00
sigoden	0d74fa3ec5	chore: release v0.37.0	2023-11-08 10:41:24 +08:00
sigoden	b83cc6938b	chore: update readme	2023-11-07 22:45:53 +08:00
sigoden	a187b14885	chore: update deps and ci (#284 )	2023-11-04 19:47:13 +08:00
sigoden	d3de3db0d9	feat: support hashed password (#283 )	2023-11-04 18:12:58 +08:00
sigoden	80ac9afe68	refactor: improve code quanity (#282 ) - rename LogHttp to HttpLogger	2023-11-04 17:10:38 +08:00
sigoden	4ef07737e1	feat: support config file with `--config` option (#281 )	2023-11-04 16:58:19 +08:00
sigoden	5782c5f413	chore: update description for `--auth`	2023-11-03 21:08:05 +08:00
sigoden	8b4cab1e69	fix: auto delete half-uploaded files (#280 )	2023-11-03 20:58:53 +08:00
sigoden	70300b133c	feat: deprecate `--auth-method`, as both options are available (#279 ) * feat: deprecate `--auth-method`, both are avaiable * send one www-authenticate with two schemes	2023-11-03 20:36:23 +08:00
sigoden	7ea4bb808d	refactor: optimize tests	2023-11-03 15:25:20 +08:00
sigoden	6766e0d437	fix: ui show user-name next to the user-icon (#278 )	2023-11-03 14:55:07 +08:00
tieway59	53c9bc8bea	refactor: remove one clone on `assets_prefix` (#270 ) This clone is not consist with the usage of `assets_prefix` in following code and it's unnecessary. Signed-off-by: TieWay59 <tieway59@foxmail.com>	2023-10-05 08:50:24 +08:00
sigoden	60df3b473c	fix: sort path ignore case (#264 )	2023-09-06 23:25:04 +08:00
sigoden	6510ae8be9	chore: release v0.36.0	2023-08-24 18:46:30 +08:00
sigoden	9545fb6e37	fix: ui readonly if no write perm (#258 )	2023-08-24 18:32:34 +08:00
sigoden	0fd0f11298	chore: update deps	2023-08-24 16:46:38 +08:00
figsoda	46aa8fcc02	test: remove dependency on native tls (#255 )	2023-08-15 11:01:25 +08:00
sigoden	09bb738866	chore: update changelog	2023-08-15 07:29:02 +08:00
sigoden	3612ef10d1	chore: release 0.35.0 (#254 ) * chore: release 0.35.0 * update release profile	2023-08-15 07:24:22 +08:00
sigoden	7ac2039a36	chore: update deps	2023-08-14 17:31:52 +08:00
sigoden	7f83de765a	fix: typo __ASSERTS_PREFIX__ (#252 )	2023-08-13 15:05:45 +08:00
sigoden	9b3779b13a	chore: update readme close #247	2023-07-20 06:33:17 +08:00
sigoden	11a52f29c4	chore: fix release ci (#244 )	2023-07-15 16:34:22 +08:00
sigoden	10204c723f	chore: fix clippy (#245 )	2023-07-15 16:27:13 +08:00
sigoden	204421643d	chore: update ci (#242 )	2023-07-04 10:25:49 +08:00
sigoden	d9706d75ef	feat: sort by type first, then sort by name/mtime/size (#241 )	2023-07-04 10:10:48 +08:00
sigoden	40df0bd2f9	chore: update readme	2023-06-18 08:55:42 +08:00
sigoden	a53411b4d6	fix: search should ignore entry path (#235 )	2023-06-15 08:28:21 +08:00
ElmTran	609017b2f5	chore: Update README.md (#233 ) update examples on new auth.	2023-06-13 08:23:05 +08:00
sigoden	7dc0b0e218	chore: release v0.34.2	2023-06-05 11:51:56 +08:00
sigoden	6be36b8e51	fix: webdav only see public folder even logging in (#231 )	2023-06-05 11:40:31 +08:00
sigoden	8be545d3da	fix: ui refresh page after login (#230 )	2023-06-03 10:09:02 +08:00