chore: release v0.37.0

chore: update readme
chore: update deps and ci (#284 )
2026-04-10 01:20:38 +03:00 · 2023-11-08 10:41:24 +08:00 · 2023-11-07 22:45:53 +08:00 · 2023-11-04 19:47:13 +08:00 · 2023-11-04 18:12:58 +08:00 · 2023-11-04 17:10:38 +08:00
19 changed files with 1018 additions and 752 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -27,7 +27,7 @@ jobs:
        - target: aarch64-pc-windows-msvc
          os: windows-latest
          use-cross: true
-          cargo-flags: "--no-default-features"
+          cargo-flags: ""
        - target: x86_64-apple-darwin
          os: macos-latest
          cargo-flags: ""
@@ -94,6 +94,8 @@ jobs:
      uses: dtolnay/rust-toolchain@stable
      with:
        targets: ${{ matrix.target }}
+        #  Since rust 1.72, mips platforms are tier 3
+        toolchain: 1.71

    - name: Install cross
      if: matrix.use-cross
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,26 @@

 All notable changes to this project will be documented in this file.

+## [0.37.0] - 2023-11-08
+
+### Bug Fixes
+
+- Sort path ignore case ([#264](https://github.com/sigoden/dufs/issues/264))
+- Ui show user-name next to the user-icon ([#278](https://github.com/sigoden/dufs/issues/278))
+- Auto delete half-uploaded files ([#280](https://github.com/sigoden/dufs/issues/280))
+
+### Features
+
+- Deprecate `--auth-method`,  as both options are available ([#279](https://github.com/sigoden/dufs/issues/279))
+- Support config file with `--config` option ([#281](https://github.com/sigoden/dufs/issues/281))
+- Support hashed password ([#283](https://github.com/sigoden/dufs/issues/283))
+
+### Refactor
+
+- Remove one clone on `assets_prefix` ([#270](https://github.com/sigoden/dufs/issues/270))
+- Optimize tests
+- Improve code quanity ([#282](https://github.com/sigoden/dufs/issues/282))
+
 ## [0.36.0] - 2023-08-24

 ### Bug Fixes
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dufs"
-version = "0.36.0"
+version = "0.37.0"
 edition = "2021"
 authors = ["sigoden <sigoden@gmail.com>"]
 description = "Dufs is a distinctive utility file server"
@@ -21,7 +21,6 @@ percent-encoding = "2.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 futures = "0.3"
-base64 = "0.21"
 async_zip = { version = "0.0.15", default-features = false, features = ["deflate", "chrono", "tokio"] }
 headers = "0.3"
 mime_guess = "2.0"
@@ -45,6 +44,9 @@ anyhow = "1.0"
 chardetng = "0.1"
 glob = "0.3.1"
 indexmap = "2.0"
+serde_yaml = "0.9.27"
+sha-crypt = "0.5.0"
+base64 = "0.21.5"

 [features]
 default = ["tls"]
--- a/README.md
+++ b/README.md
@@ -48,18 +48,18 @@ Download from [Github Releases](https://github.com/sigoden/dufs/releases), unzip
 ```
 Dufs is a distinctive utility file server - https://github.com/sigoden/dufs

-Usage: dufs [OPTIONS] [serve_path]
+Usage: dufs [OPTIONS] [serve-path]

 Arguments:
-  [serve_path]  Specific path to serve [default: .]
+  [serve-path]  Specific path to serve [default: .]

 Options:
+  -c, --config <config>      Specify configuration file
  -b, --bind <addrs>         Specify bind address or unix socket
  -p, --port <port>          Specify port to listen on [default: 5000]
      --path-prefix <path>   Specify a path prefix
-      --hidden <value>       Hide paths from directory listings, separated by `,`
-  -a, --auth <rules>         Add auth role
-      --auth-method <value>  Select auth method [default: digest] [possible values: basic, digest]
+      --hidden <value>       Hide paths from directory listings, e.g. tmp,*.log,*.lock
+  -a, --auth <rules>         Add auth roles, e.g. user:pass@/dir1:rw,/dir2
  -A, --allow-all            Allow all operations
      --allow-upload         Allow upload files/folders
      --allow-delete         Allow delete files/folders
@@ -70,11 +70,11 @@ Options:
      --render-index         Serve index.html when requesting a directory, returns 404 if not found index.html
      --render-try-index     Serve index.html when requesting a directory, returns directory listing if not found index.html
      --render-spa           Serve SPA(Single Page Application)
-      --assets <path>        Use custom assets to override builtin assets
-      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
-      --tls-key <path>       Path to the SSL/TLS certificate's private key
+      --assets <path>        Set the path to the assets directory for overriding the built-in assets
      --log-format <format>  Customize http log format
      --completions <shell>  Print shell completion script for <shell> [possible values: bash, elvish, fish, powershell, zsh]
+      --tls-cert <path>      Path to an SSL/TLS certificate to serve with HTTPS
+      --tls-key <path>       Path to the SSL/TLS certificate's private key
  -h, --help                 Print help
  -V, --version              Print version
 ```
@@ -194,8 +194,8 @@ curl http://127.0.0.1:5000?q=Dockerfile&simple    # search for files, just like
 With authorization

 ```
-curl --user user:pass --digest http://192.168.8.10:5000/file  # digest auth
-curl --user user:pass http://192.168.8.10:5000/file           # basic auth
+curl http://192.168.8.10:5000/file --user user:pass                 # basic auth
+curl http://192.168.8.10:5000/file --user user:pass --digest        # digest auth
 ```

 <details>
@@ -206,7 +206,8 @@ curl --user user:pass http://192.168.8.10:5000/file           # basic auth
 Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`.

 ```
-dufs -a [user:pass]@path[:rw][,path[:rw]...][|...]
+dufs -a user:pass@path1:rw,path2|user2:pass2@path1
+dufs -a user:pass@path1:rw,path2 -a user2:pass2@path1
 ```

 1. Multiple rules are separated by "|"
@@ -242,10 +243,33 @@ dufs -A -a user:pass@/dir1:rw,/dir2:rw,dir3
 `user` has all permissions for `/dir1/*` and `/dir2/*`, has readonly permissions for `/dir3/`.

 ```
-dufs -a admin:admin@/
+dufs -A -a admin:admin@/
 ```
 Since dufs only allows viewing/downloading, `admin` can only view/download files.

+#### Hashed Password
+
+DUFS supports the use of sha-512 hashed password.
+
+Create hashed password
+
+```
+$ mkpasswd  -m sha-512 -s
+Password: 123456 
+$6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/
+```
+
+Use hashed password
+```
+dufs -A -a 'admin:$6$qCAVUG7yn7t/hH4d$BWm8r5MoDywNmDP/J3V2S2a6flmKHC1IpblfoqZfuK.LtLBZ0KFXP9QIfJP8RqL8MCw4isdheoAMTuwOz.pAO/@/:rw'
+```
+
+Two important things for hashed passwords:
+
+1. Dufs only supports SHA-512 hashed passwords, so ensure that the password string always starts with `$6$`.
+2. Digest auth does not work with hashed passwords.
+
+
 ### Hide Paths

 Dufs supports hiding paths from directory listings via option `--hidden <glob>,...`.
@@ -308,13 +332,12 @@ dufs --log-format '$remote_addr $remote_user "$request" $status' -a /@admin:admi
 All options can be set using environment variables prefixed with `DUFS_`.

 ```
-  [SERVE_PATH]                DUFS_SERVE_PATH=/dir
+  [serve-path]                DUFS_SERVE_PATH=/dir
  -b, --bind <addrs>          DUFS_BIND=0.0.0.0
  -p, --port <port>           DUFS_PORT=5000
      --path-prefix <path>    DUFS_PATH_PREFIX=/path
      --hidden <value>        DUFS_HIDDEN=*.log
  -a, --auth <rules>          DUFS_AUTH="admin:admin@/:rw|@/" 
-      --auth-method <value>   DUFS_AUTH_METHOD=basic
  -A, --allow-all             DUFS_ALLOW_ALL=true
      --allow-upload          DUFS_ALLOW_UPLOAD=true
      --allow-delete          DUFS_ALLOW_DELETE=true
@@ -326,9 +349,44 @@ All options can be set using environment variables prefixed with `DUFS_`.
      --render-try-index      DUFS_RENDER_TRY_INDEX=true
      --render-spa            DUFS_RENDER_SPA=true
      --assets <path>         DUFS_ASSETS=/assets
+      --log-format <format>   DUFS_LOG_FORMAT=""
      --tls-cert <path>       DUFS_TLS_CERT=cert.pem
      --tls-key <path>        DUFS_TLS_KEY=key.pem
-      --log-format <format>   DUFS_LOG_FORMAT=""
+```
+
+## Configuration File
+
+You can specify and use the configuration file by selecting the option `--config <path-to-config.yaml>`.
+
+The following are the configuration items:
+
+```yaml
+serve-path: '.'
+bind:
+  - 192.168.8.10
+port: 5000
+path-prefix: /dufs
+hidden:
+  - tmp
+  - '*.log'
+  - '*.lock'
+auth:
+  - admin:admin@/:rw
+  - user:pass@/src:rw,/share
+allow-all: false
+allow-upload: true
+allow-delete: true
+allow-search: true
+allow-symlink: true
+allow-archive: true
+enable-cors: true
+render-index: true
+render-try-index: true
+render-spa: true
+assets: ./assets/
+log-format: '$remote_addr "$request" $status $http_user_agent'
+tls-cert: tests/data/cert.pem
+tls-key: tests/data/key_pkcs1.pem
 ```

 ### Customize UI
--- a/assets/index.css
+++ b/assets/index.css
@@ -210,7 +210,7 @@ body {
  outline: none;
 }

-.toolbox2 {
+.toolbox-right {
  margin-left: auto;
  margin-right: 2em;
 }
@@ -220,6 +220,15 @@ body {
  user-select: none;
 }

+.user-btn {
+    display: flex;
+    align-items: center;
+}
+
+.user-name {
+  padding-left: 3px;
+}
+
 .not-editable {
  font-style: italic;
 }
--- a/assets/index.html
+++ b/assets/index.html
@@ -77,7 +77,7 @@
      <input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
      <input type="submit" hidden />
    </form>
-    <div class="toolbox2">
+    <div class="toolbox-right">
      <div class="login-btn hidden" title="Login for upload/move/delete/edit permissions">
        <svg width="16" height="16" viewBox="0 0 16 16">
          <path fill-rule="evenodd"
@@ -91,6 +91,7 @@
          <path
            d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6Zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0Zm4 8c0 1-1 1-1 1H3s-1 0-1-1 1-4 6-4 6 3 6 4Zm-1-.004c-.001-.246-.154-.986-.832-1.664C11.516 10.68 10.289 10 8 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10Z" />
        </svg>
+        <span class="user-name"></span>
      </div>
      <div class="save-btn hidden" title="Save file">
        <svg viewBox="0 0 1024 1024" width="24" height="24">
--- a/assets/index.js
+++ b/assets/index.js
@@ -86,6 +86,10 @@ let $editor;
 * @type Element
 */
 let $userBtn;
+/**
+ * @type Element
+ */
+let $userName;

 function ready() {
  $pathsTable = document.querySelector(".paths-table")
@@ -95,6 +99,7 @@ function ready() {
  $emptyFolder = document.querySelector(".empty-folder");
  $editor = document.querySelector(".editor");
  $userBtn = document.querySelector(".user-btn");
+  $userName = document.querySelector(".user-name");

  addBreadcrumb(DATA.href, DATA.uri_prefix);

@@ -316,13 +321,13 @@ function renderPathsTableHead() {
    <tr>
      ${headerItems.map(item => {
    let svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M11.5 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L11 2.707V14.5a.5.5 0 0 0 .5.5zm-7-14a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L4 13.293V1.5a.5.5 0 0 1 .5-.5z"/></svg>`;
-    let order = "asc";
+    let order = "desc";
    if (PARAMS.sort === item.name) {
-      if (PARAMS.order === "asc") {
-        order = "desc";
-        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
-      } else {
+      if (PARAMS.order === "desc") {
+        order = "asc";
        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 1a.5.5 0 0 1 .5.5v11.793l3.146-3.147a.5.5 0 0 1 .708.708l-4 4a.5.5 0 0 1-.708 0l-4-4a.5.5 0 0 1 .708-.708L7.5 13.293V1.5A.5.5 0 0 1 8 1z"/></svg>`
+      } else {
+        svg = `<svg width="12" height="12" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 15a.5.5 0 0 0 .5-.5V2.707l3.146 3.147a.5.5 0 0 0 .708-.708l-4-4a.5.5 0 0 0-.708 0l-4 4a.5.5 0 1 0 .708.708L7.5 2.707V14.5a.5.5 0 0 0 .5.5z"/></svg>`
      }
    }
    const qs = new URLSearchParams({ ...PARAMS, order, sort: item.name }).toString();
@@ -438,7 +443,7 @@ function setupDropzone() {
 function setupAuth() {
  if (DATA.user) {
    $userBtn.classList.remove("hidden");
-    $userBtn.title = DATA.user;
+    $userName.textContent = DATA.user;
  } else {
    const $loginBtn = document.querySelector(".login-btn");
    $loginBtn.classList.remove("hidden");
@@ -669,7 +674,7 @@ async function checkAuth() {
  await assertResOK(res);
  document.querySelector(".login-btn").classList.add("hidden");
  $userBtn.classList.remove("hidden");
-  $userBtn.title = "";
+  $userName.textContent = "";
 }

 /**
--- a/src/args.rs
+++ b/src/args.rs
@@ -2,17 +2,13 @@ use anyhow::{bail, Context, Result};
 use clap::builder::PossibleValuesParser;
 use clap::{value_parser, Arg, ArgAction, ArgMatches, Command};
 use clap_complete::{generate, Generator, Shell};
-#[cfg(feature = "tls")]
-use rustls::{Certificate, PrivateKey};
+use serde::{Deserialize, Deserializer};
 use std::env;
 use std::net::IpAddr;
 use std::path::{Path, PathBuf};

 use crate::auth::AccessControl;
-use crate::auth::AuthMethod;
-use crate::log_http::{LogHttp, DEFAULT_LOG_FORMAT};
-#[cfg(feature = "tls")]
-use crate::tls::{load_certs, load_private_key};
+use crate::http_logger::HttpLogger;
 use crate::utils::encode_uri;

 pub fn build_cli() -> Command {
@@ -25,12 +21,20 @@ pub fn build_cli() -> Command {
            env!("CARGO_PKG_REPOSITORY")
        ))
        .arg(
-            Arg::new("serve_path")
+            Arg::new("serve-path")
                .env("DUFS_SERVE_PATH")
 				.hide_env(true)
-                .default_value(".")
                .value_parser(value_parser!(PathBuf))
-                .help("Specific path to serve"),
+                .help("Specific path to serve [default: .]"),
+        )
+        .arg(
+            Arg::new("config")
+                .env("DUFS_SERVE_PATH")
+				.hide_env(true)
+                .short('c')
+                .long("config")
+                .value_parser(value_parser!(PathBuf))
+                .help("Specify configuration file"),
        )
        .arg(
            Arg::new("bind")
@@ -49,9 +53,8 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                .short('p')
                .long("port")
-                .default_value("5000")
                .value_parser(value_parser!(u16))
-                .help("Specify port to listen on")
+                .help("Specify port to listen on [default: 5000]")
                .value_name("port"),
        )
        .arg(
@@ -67,7 +70,7 @@ pub fn build_cli() -> Command {
                .env("DUFS_HIDDEN")
 				.hide_env(true)
                .long("hidden")
-                .help("Hide paths from directory listings, separated by `,`")
+                .help("Hide paths from directory listings, e.g. tmp,*.log,*.lock")
                .value_name("value"),
        )
        .arg(
@@ -76,13 +79,14 @@ pub fn build_cli() -> Command {
 				.hide_env(true)
                .short('a')
                .long("auth")
-                .help("Add auth role")
+                .help("Add auth roles, e.g. user:pass@/dir1:rw,/dir2")
                .action(ArgAction::Append)
                .value_delimiter('|')
                .value_name("rules"),
        )
        .arg(
            Arg::new("auth-method")
+                .hide(true)
                .env("DUFS_AUTH_METHOD")
 				.hide_env(true)
                .long("auth-method")
@@ -177,9 +181,24 @@ pub fn build_cli() -> Command {
                .env("DUFS_ASSETS")
 				.hide_env(true)
                .long("assets")
-                .help("Use custom assets to override builtin assets")
+                .help("Set the path to the assets directory for overriding the built-in assets")
                .value_parser(value_parser!(PathBuf))
                .value_name("path")
+        )
+        .arg(
+            Arg::new("log-format")
+                .env("DUFS_LOG_FORMAT")
+                .hide_env(true)
+                .long("log-format")
+                .value_name("format")
+                .help("Customize http log format"),
+        )
+        .arg(
+            Arg::new("completions")
+                .long("completions")
+                .value_name("shell")
+                .value_parser(value_parser!(Shell))
+                .help("Print shell completion script for <shell>"),
        );

    #[cfg(feature = "tls")]
@@ -203,38 +222,32 @@ pub fn build_cli() -> Command {
                .help("Path to the SSL/TLS certificate's private key"),
        );

-    app.arg(
-        Arg::new("log-format")
-            .env("DUFS_LOG_FORMAT")
-            .hide_env(true)
-            .long("log-format")
-            .value_name("format")
-            .help("Customize http log format"),
-    )
-    .arg(
-        Arg::new("completions")
-            .long("completions")
-            .value_name("shell")
-            .value_parser(value_parser!(Shell))
-            .help("Print shell completion script for <shell>"),
-    )
+    app
 }

 pub fn print_completions<G: Generator>(gen: G, cmd: &mut Command) {
    generate(gen, cmd, cmd.get_name().to_string(), &mut std::io::stdout());
 }

-#[derive(Debug)]
+#[derive(Debug, Deserialize, Default)]
+#[serde(default)]
+#[serde(rename_all = "kebab-case")]
 pub struct Args {
+    #[serde(default = "default_serve_path")]
+    pub serve_path: PathBuf,
+    #[serde(deserialize_with = "deserialize_bind_addrs")]
+    #[serde(rename = "bind")]
    pub addrs: Vec<BindAddr>,
    pub port: u16,
-    pub path: PathBuf,
+    #[serde(skip)]
    pub path_is_file: bool,
    pub path_prefix: String,
+    #[serde(skip)]
    pub uri_prefix: String,
    pub hidden: Vec<String>,
-    pub auth_method: AuthMethod,
+    #[serde(deserialize_with = "deserialize_access_control")]
    pub auth: AccessControl,
+    pub allow_all: bool,
    pub allow_upload: bool,
    pub allow_delete: bool,
    pub allow_search: bool,
@@ -244,12 +257,12 @@ pub struct Args {
    pub render_spa: bool,
    pub render_try_index: bool,
    pub enable_cors: bool,
-    pub assets_path: Option<PathBuf>,
-    pub log_http: LogHttp,
-    #[cfg(feature = "tls")]
-    pub tls: Option<(Vec<Certificate>, PrivateKey)>,
-    #[cfg(not(feature = "tls"))]
-    pub tls: Option<()>,
+    pub assets: Option<PathBuf>,
+    #[serde(deserialize_with = "deserialize_log_http")]
+    #[serde(rename = "log-format")]
+    pub http_logger: HttpLogger,
+    pub tls_cert: Option<PathBuf>,
+    pub tls_key: Option<PathBuf>,
 }

 impl Args {
@@ -258,95 +271,164 @@ impl Args {
    /// If a parsing error occurred, exit the process and print out informative
    /// error message to user.
    pub fn parse(matches: ArgMatches) -> Result<Args> {
-        let port = *matches.get_one::<u16>("port").unwrap();
-        let addrs = matches
-            .get_many::<String>("bind")
-            .map(|bind| bind.map(|v| v.as_str()).collect())
-            .unwrap_or_else(|| vec!["0.0.0.0", "::"]);
-        let addrs: Vec<BindAddr> = Args::parse_addrs(&addrs)?;
-        let path = Args::parse_path(matches.get_one::<PathBuf>("serve_path").unwrap())?;
-        let path_is_file = path.metadata()?.is_file();
-        let path_prefix = matches
-            .get_one::<String>("path-prefix")
-            .map(|v| v.trim_matches('/').to_owned())
-            .unwrap_or_default();
-        let uri_prefix = if path_prefix.is_empty() {
+        let mut args = Self {
+            serve_path: default_serve_path(),
+            addrs: BindAddr::parse_addrs(&["0.0.0.0", "::"]).unwrap(),
+            port: 5000,
+            ..Default::default()
+        };
+
+        if let Some(config_path) = matches.get_one::<PathBuf>("config") {
+            let contents = std::fs::read_to_string(config_path)
+                .with_context(|| format!("Failed to read config at {}", config_path.display()))?;
+            args = serde_yaml::from_str(&contents)
+                .with_context(|| format!("Failed to load config at {}", config_path.display()))?;
+        }
+
+        if let Some(path) = matches.get_one::<PathBuf>("serve-path") {
+            args.serve_path = path.clone()
+        }
+        args.serve_path = Self::sanitize_path(args.serve_path)?;
+
+        if let Some(port) = matches.get_one::<u16>("port") {
+            args.port = *port
+        }
+
+        if let Some(addrs) = matches.get_many::<String>("bind") {
+            let addrs: Vec<_> = addrs.map(|v| v.as_str()).collect();
+            args.addrs = BindAddr::parse_addrs(&addrs)?;
+        }
+
+        args.path_is_file = args.serve_path.metadata()?.is_file();
+        if let Some(path_prefix) = matches.get_one::<String>("path-prefix") {
+            args.path_prefix = path_prefix.clone();
+        }
+        args.path_prefix = args.path_prefix.trim_matches('/').to_string();
+
+        args.uri_prefix = if args.path_prefix.is_empty() {
            "/".to_owned()
        } else {
-            format!("/{}/", &encode_uri(&path_prefix))
+            format!("/{}/", &encode_uri(&args.path_prefix))
        };
-        let hidden: Vec<String> = matches
+
+        if let Some(hidden) = matches
            .get_one::<String>("hidden")
            .map(|v| v.split(',').map(|x| x.to_string()).collect())
-            .unwrap_or_default();
-        let enable_cors = matches.get_flag("enable-cors");
-        let auth: Vec<&str> = matches
-            .get_many::<String>("auth")
-            .map(|auth| auth.map(|v| v.as_str()).collect())
-            .unwrap_or_default();
-        let auth_method = match matches.get_one::<String>("auth-method").unwrap().as_str() {
-            "basic" => AuthMethod::Basic,
-            _ => AuthMethod::Digest,
-        };
-        let auth = AccessControl::new(&auth)?;
-        let allow_upload = matches.get_flag("allow-all") || matches.get_flag("allow-upload");
-        let allow_delete = matches.get_flag("allow-all") || matches.get_flag("allow-delete");
-        let allow_search = matches.get_flag("allow-all") || matches.get_flag("allow-search");
-        let allow_symlink = matches.get_flag("allow-all") || matches.get_flag("allow-symlink");
-        let allow_archive = matches.get_flag("allow-all") || matches.get_flag("allow-archive");
-        let render_index = matches.get_flag("render-index");
-        let render_try_index = matches.get_flag("render-try-index");
-        let render_spa = matches.get_flag("render-spa");
+        {
+            args.hidden = hidden;
+        }
+
+        if !args.enable_cors {
+            args.enable_cors = matches.get_flag("enable-cors");
+        }
+
+        if let Some(rules) = matches.get_many::<String>("auth") {
+            let rules: Vec<_> = rules.map(|v| v.as_str()).collect();
+            args.auth = AccessControl::new(&rules)?;
+        }
+
+        if !args.allow_all {
+            args.allow_all = matches.get_flag("allow-all");
+        }
+
+        let allow_all = args.allow_all;
+
+        if !args.allow_upload {
+            args.allow_upload = allow_all || matches.get_flag("allow-upload");
+        }
+        if !args.allow_delete {
+            args.allow_delete = allow_all || matches.get_flag("allow-delete");
+        }
+        if !args.allow_search {
+            args.allow_search = allow_all || matches.get_flag("allow-search");
+        }
+        if !args.allow_symlink {
+            args.allow_symlink = allow_all || matches.get_flag("allow-symlink");
+        }
+        if !args.allow_archive {
+            args.allow_archive = allow_all || matches.get_flag("allow-archive");
+        }
+        if !args.render_index {
+            args.render_index = matches.get_flag("render-index");
+        }
+
+        if !args.render_try_index {
+            args.render_try_index = matches.get_flag("render-try-index");
+        }
+
+        if !args.render_spa {
+            args.render_spa = matches.get_flag("render-spa");
+        }
+
+        if let Some(log_format) = matches.get_one::<String>("log-format") {
+            args.http_logger = log_format.parse()?;
+        }
+
+        if let Some(assets_path) = matches.get_one::<PathBuf>("assets") {
+            args.assets = Some(assets_path.clone());
+        }
+
+        if let Some(assets_path) = &args.assets {
+            args.assets = Some(Args::sanitize_assets_path(assets_path)?);
+        }
+
        #[cfg(feature = "tls")]
-        let tls = match (
-            matches.get_one::<PathBuf>("tls-cert"),
-            matches.get_one::<PathBuf>("tls-key"),
-        ) {
-            (Some(certs_file), Some(key_file)) => {
-                let certs = load_certs(certs_file)?;
-                let key = load_private_key(key_file)?;
-                Some((certs, key))
+        {
+            if let Some(tls_cert) = matches.get_one::<PathBuf>("tls-cert") {
+                args.tls_cert = Some(tls_cert.clone())
+            }
+
+            if let Some(tls_key) = matches.get_one::<PathBuf>("tls-key") {
+                args.tls_key = Some(tls_key.clone())
+            }
+
+            match (&args.tls_cert, &args.tls_key) {
+                (Some(_), Some(_)) => {}
+                (Some(_), _) => bail!("No tls-key set"),
+                (_, Some(_)) => bail!("No tls-cert set"),
+                (None, None) => {}
+            }
        }
-            _ => None,
-        };
        #[cfg(not(feature = "tls"))]
-        let tls = None;
-        let log_http: LogHttp = matches
-            .get_one::<String>("log-format")
-            .map(|v| v.as_str())
-            .unwrap_or(DEFAULT_LOG_FORMAT)
-            .parse()?;
-        let assets_path = match matches.get_one::<PathBuf>("assets") {
-            Some(v) => Some(Args::parse_assets_path(v)?),
-            None => None,
-        };
-
-        Ok(Args {
-            addrs,
-            port,
-            path,
-            path_is_file,
-            path_prefix,
-            uri_prefix,
-            hidden,
-            auth_method,
-            auth,
-            enable_cors,
-            allow_delete,
-            allow_upload,
-            allow_search,
-            allow_symlink,
-            allow_archive,
-            render_index,
-            render_try_index,
-            render_spa,
-            tls,
-            log_http,
-            assets_path,
-        })
+        {
+            args.tls_cert = None;
+            args.tls_key = None;
        }

-    fn parse_addrs(addrs: &[&str]) -> Result<Vec<BindAddr>> {
+        Ok(args)
+    }
+
+    fn sanitize_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
+        let path = path.as_ref();
+        if !path.exists() {
+            bail!("Path `{}` doesn't exist", path.display());
+        }
+
+        env::current_dir()
+            .and_then(|mut p| {
+                p.push(path); // If path is absolute, it replaces the current path.
+                std::fs::canonicalize(p)
+            })
+            .with_context(|| format!("Failed to access path `{}`", path.display()))
+    }
+
+    fn sanitize_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
+        let path = Self::sanitize_path(path)?;
+        if !path.join("index.html").exists() {
+            bail!("Path `{}` doesn't contains index.html", path.display());
+        }
+        Ok(path)
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
+pub enum BindAddr {
+    Address(IpAddr),
+    Path(PathBuf),
+}
+
+impl BindAddr {
+    fn parse_addrs(addrs: &[&str]) -> Result<Vec<Self>> {
        let mut bind_addrs = vec![];
        let mut invalid_addrs = vec![];
        for addr in addrs {
@@ -368,32 +450,32 @@ impl Args {
        }
        Ok(bind_addrs)
    }
-
-    fn parse_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
-        let path = path.as_ref();
-        if !path.exists() {
-            bail!("Path `{}` doesn't exist", path.display());
 }

-        env::current_dir()
-            .and_then(|mut p| {
-                p.push(path); // If path is absolute, it replaces the current path.
-                std::fs::canonicalize(p)
-            })
-            .with_context(|| format!("Failed to access path `{}`", path.display()))
+fn deserialize_bind_addrs<'de, D>(deserializer: D) -> Result<Vec<BindAddr>, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let addrs: Vec<&str> = Vec::deserialize(deserializer)?;
+    BindAddr::parse_addrs(&addrs).map_err(serde::de::Error::custom)
 }

-    fn parse_assets_path<P: AsRef<Path>>(path: P) -> Result<PathBuf> {
-        let path = Self::parse_path(path)?;
-        if !path.join("index.html").exists() {
-            bail!("Path `{}` doesn't contains index.html", path.display());
-        }
-        Ok(path)
-    }
+fn deserialize_access_control<'de, D>(deserializer: D) -> Result<AccessControl, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let rules: Vec<&str> = Vec::deserialize(deserializer)?;
+    AccessControl::new(&rules).map_err(serde::de::Error::custom)
 }

-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
-pub enum BindAddr {
-    Address(IpAddr),
-    Path(PathBuf),
+fn deserialize_log_http<'de, D>(deserializer: D) -> Result<HttpLogger, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let value: String = Deserialize::deserialize(deserializer)?;
+    value.parse().map_err(serde::de::Error::custom)
+}
+
+fn default_serve_path() -> PathBuf {
+    PathBuf::from(".")
 }
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -11,10 +11,10 @@ use std::{
 };
 use uuid::Uuid;

-use crate::utils::unix_now;
+use crate::{args::Args, utils::unix_now};

 const REALM: &str = "DUFS";
-const DIGEST_AUTH_TIMEOUT: u32 = 86400;
+const DIGEST_AUTH_TIMEOUT: u32 = 604800; // 7 days

 lazy_static! {
    static ref NONCESTARTHASH: Context = {
@@ -25,21 +25,29 @@ lazy_static! {
    };
 }

-#[derive(Debug, Default)]
+#[derive(Debug)]
 pub struct AccessControl {
+    use_hashed_password: bool,
    users: IndexMap<String, (String, AccessPaths)>,
    anony: Option<AccessPaths>,
 }

+impl Default for AccessControl {
+    fn default() -> Self {
+        AccessControl {
+            use_hashed_password: false,
+            anony: Some(AccessPaths::new(AccessPerm::ReadWrite)),
+            users: IndexMap::new(),
+        }
+    }
+}
+
 impl AccessControl {
    pub fn new(raw_rules: &[&str]) -> Result<Self> {
        if raw_rules.is_empty() {
-            return Ok(AccessControl {
-                anony: Some(AccessPaths::new(AccessPerm::ReadWrite)),
-                users: IndexMap::new(),
-            });
+            return Ok(Default::default());
        }
-
+        let mut use_hashed_password = false;
        let create_err = |v: &str| anyhow!("Invalid auth `{v}`");
        let mut anony = None;
        let mut anony_paths = vec![];
@@ -67,6 +75,9 @@ impl AccessControl {
                if user.is_empty() || pass.is_empty() {
                    return Err(create_err(rule));
                }
+                if pass.starts_with("$6$") {
+                    use_hashed_password = true;
+                }
                users.insert(user.to_string(), (pass.to_string(), paths));
            } else {
                return Err(create_err(rule));
@@ -77,7 +88,11 @@ impl AccessControl {
                paths.add(path, perm)
            }
        }
-        Ok(Self { users, anony })
+        Ok(Self {
+            use_hashed_password,
+            users,
+            anony,
+        })
    }

    pub fn exist(&self) -> bool {
@@ -89,18 +104,14 @@ impl AccessControl {
        path: &str,
        method: &Method,
        authorization: Option<&HeaderValue>,
-        auth_method: AuthMethod,
    ) -> (Option<String>, Option<AccessPaths>) {
        if let Some(authorization) = authorization {
-            if let Some(user) = auth_method.get_user(authorization) {
+            if let Some(user) = get_auth_user(authorization) {
                if let Some((pass, paths)) = self.users.get(&user) {
                    if method == Method::OPTIONS {
                        return (Some(user), Some(AccessPaths::new(AccessPerm::ReadOnly)));
                    }
-                    if auth_method
-                        .check(authorization, method.as_str(), &user, pass)
-                        .is_some()
-                    {
+                    if check_auth(authorization, method.as_str(), &user, pass).is_some() {
                        return (Some(user), paths.find(path, !is_readonly_method(method)));
                    } else {
                        return (None, None);
@@ -243,78 +254,58 @@ impl AccessPerm {
    }
 }

-fn is_readonly_method(method: &Method) -> bool {
-    method == Method::GET
-        || method == Method::OPTIONS
-        || method == Method::HEAD
-        || method.as_str() == "PROPFIND"
+pub fn www_authenticate(args: &Args) -> Result<HeaderValue> {
+    let value = if args.auth.use_hashed_password {
+        format!("Basic realm=\"{}\"", REALM)
+    } else {
+        let nonce = create_nonce()?;
+        format!(
+            "Digest realm=\"{}\", nonce=\"{}\", qop=\"auth\", Basic realm=\"{}\"",
+            REALM, nonce, REALM
+        )
+    };
+    Ok(HeaderValue::from_str(&value)?)
 }

-#[derive(Debug, Clone)]
-pub enum AuthMethod {
-    Basic,
-    Digest,
-}
-
-impl AuthMethod {
-    pub fn www_auth(&self) -> Result<String> {
-        match self {
-            AuthMethod::Basic => Ok(format!("Basic realm=\"{REALM}\"")),
-            AuthMethod::Digest => Ok(format!(
-                "Digest realm=\"{}\",nonce=\"{}\",qop=\"auth\"",
-                REALM,
-                create_nonce()?,
-            )),
-        }
-    }
-
-    pub fn get_user(&self, authorization: &HeaderValue) -> Option<String> {
-        match self {
-            AuthMethod::Basic => {
-                let value: Vec<u8> = general_purpose::STANDARD
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
-                    .ok()?;
+pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> {
+    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
+        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
        Some(parts[0].to_string())
-            }
-            AuthMethod::Digest => {
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
-                let digest_map = to_headermap(digest_value).ok()?;
-                digest_map
-                    .get(b"username".as_ref())
-                    .and_then(|b| std::str::from_utf8(b).ok())
-                    .map(|v| v.to_string())
-            }
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
+        let digest_map = to_headermap(value).ok()?;
+        let username = digest_map.get(b"username".as_ref())?;
+        std::str::from_utf8(username).map(|v| v.to_string()).ok()
+    } else {
+        None
    }
 }

-    fn check(
-        &self,
+pub fn check_auth(
    authorization: &HeaderValue,
    method: &str,
    auth_user: &str,
    auth_pass: &str,
 ) -> Option<()> {
-        match self {
-            AuthMethod::Basic => {
-                let basic_value: Vec<u8> = general_purpose::STANDARD
-                    .decode(strip_prefix(authorization.as_bytes(), b"Basic ")?)
-                    .ok()?;
-                let parts: Vec<&str> = std::str::from_utf8(&basic_value).ok()?.split(':').collect();
+    if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
+        let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?;
+        let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();

        if parts[0] != auth_user {
            return None;
        }

-                if parts[1] == auth_pass {
+        if auth_pass.starts_with("$6$") {
+            if let Ok(()) = sha_crypt::sha512_check(parts[1], auth_pass) {
+                return Some(());
+            }
+        } else if parts[1] == auth_pass {
            return Some(());
        }

        None
-            }
-            AuthMethod::Digest => {
-                let digest_value = strip_prefix(authorization.as_bytes(), b"Digest ")?;
-                let digest_map = to_headermap(digest_value).ok()?;
+    } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
+        let digest_map = to_headermap(value).ok()?;
        if let (Some(username), Some(nonce), Some(user_response)) = (
            digest_map
                .get(b"username".as_ref())
@@ -382,8 +373,8 @@ impl AuthMethod {
            }
        }
        None
-            }
-        }
+    } else {
+        None
    }
 }

@@ -415,6 +406,13 @@ fn validate_nonce(nonce: &[u8]) -> Result<bool> {
    bail!("invalid nonce");
 }

+fn is_readonly_method(method: &Method) -> bool {
+    method == Method::GET
+        || method == Method::OPTIONS
+        || method == Method::HEAD
+        || method.as_str() == "PROPFIND"
+}
+
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {
    let l = prefix.len();
    if search.len() < l {
--- a/src/http_logger.rs
+++ b/src/http_logger.rs
@@ -1,14 +1,20 @@
-use std::{collections::HashMap, str::FromStr, sync::Arc};
+use std::{collections::HashMap, str::FromStr};

-use crate::{args::Args, server::Request};
+use crate::{auth::get_auth_user, server::Request};

 pub const DEFAULT_LOG_FORMAT: &str = r#"$remote_addr "$request" $status"#;

 #[derive(Debug)]
-pub struct LogHttp {
+pub struct HttpLogger {
    elements: Vec<LogElement>,
 }

+impl Default for HttpLogger {
+    fn default() -> Self {
+        DEFAULT_LOG_FORMAT.parse().unwrap()
+    }
+}
+
 #[derive(Debug)]
 enum LogElement {
    Variable(String),
@@ -16,8 +22,8 @@ enum LogElement {
    Literal(String),
 }

-impl LogHttp {
-    pub fn data(&self, req: &Request, args: &Arc<Args>) -> HashMap<String, String> {
+impl HttpLogger {
+    pub fn data(&self, req: &Request) -> HashMap<String, String> {
        let mut data = HashMap::default();
        for element in self.elements.iter() {
            match element {
@@ -26,10 +32,8 @@ impl LogHttp {
                        data.insert(name.to_string(), format!("{} {}", req.method(), req.uri()));
                    }
                    "remote_user" => {
-                        if let Some(user) = req
-                            .headers()
-                            .get("authorization")
-                            .and_then(|v| args.auth_method.get_user(v))
+                        if let Some(user) =
+                            req.headers().get("authorization").and_then(get_auth_user)
                        {
                            data.insert(name.to_string(), user);
                        }
@@ -66,7 +70,7 @@ impl LogHttp {
    }
 }

-impl FromStr for LogHttp {
+impl FromStr for HttpLogger {
    type Err = anyhow::Error;
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        let mut elements = vec![];
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,6 @@
 mod args;
 mod auth;
-mod log_http;
+mod http_logger;
 mod logger;
 mod server;
 mod streamer;
@@ -16,7 +16,7 @@ extern crate log;
 use crate::args::{build_cli, print_completions, Args};
 use crate::server::{Request, Server};
 #[cfg(feature = "tls")]
-use crate::tls::{TlsAcceptor, TlsStream};
+use crate::tls::{load_certs, load_private_key, TlsAcceptor, TlsStream};

 use anyhow::{anyhow, Context, Result};
 use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
@@ -88,9 +88,12 @@ fn serve(
            BindAddr::Address(ip) => {
                let incoming = create_addr_incoming(SocketAddr::new(*ip, port))
                    .with_context(|| format!("Failed to bind `{ip}:{port}`"))?;
-                match args.tls.as_ref() {
+
+                match (&args.tls_cert, &args.tls_key) {
                    #[cfg(feature = "tls")]
-                    Some((certs, key)) => {
+                    (Some(cert_file), Some(key_file)) => {
+                        let certs = load_certs(cert_file)?;
+                        let key = load_private_key(key_file)?;
                        let config = ServerConfig::builder()
                            .with_safe_defaults()
                            .with_no_client_auth()
@@ -105,11 +108,7 @@ fn serve(
                            tokio::spawn(hyper::Server::builder(accepter).serve(new_service));
                        handles.push(server);
                    }
-                    #[cfg(not(feature = "tls"))]
-                    Some(_) => {
-                        unreachable!()
-                    }
-                    None => {
+                    (None, None) => {
                        let new_service = make_service_fn(move |socket: &AddrStream| {
                            let remote_addr = socket.remote_addr();
                            serve_func(Some(remote_addr))
@@ -118,6 +117,9 @@ fn serve(
                            tokio::spawn(hyper::Server::builder(incoming).serve(new_service));
                        handles.push(server);
                    }
+                    _ => {
+                        unreachable!()
+                    }
                };
            }
            BindAddr::Path(path) => {
@@ -195,7 +197,11 @@ fn print_listening(args: Arc<Args>) -> Result<()> {
                    IpAddr::V4(_) => format!("{}:{}", addr, args.port),
                    IpAddr::V6(_) => format!("[{}]:{}", addr, args.port),
                };
-                let protocol = if args.tls.is_some() { "https" } else { "http" };
+                let protocol = if args.tls_cert.is_some() {
+                    "https"
+                } else {
+                    "http"
+                };
                format!("{}://{}{}", protocol, addr, args.uri_prefix)
            }
            BindAddr::Path(path) => path.display().to_string(),
--- a/src/server.rs
+++ b/src/server.rs
@@ -1,6 +1,6 @@
 #![allow(clippy::too_many_arguments)]

-use crate::auth::{AccessPaths, AccessPerm};
+use crate::auth::{www_authenticate, AccessPaths, AccessPerm};
 use crate::streamer::Streamer;
 use crate::utils::{
    decode_uri, encode_uri, get_file_mtime_and_mode, get_file_name, glob, try_get_file_name,
@@ -71,13 +71,13 @@ impl Server {
                encode_uri(&format!(
                    "{}{}",
                    &args.uri_prefix,
-                    get_file_name(&args.path)
+                    get_file_name(&args.serve_path)
                )),
            ]
        } else {
            vec![]
        };
-        let html = match args.assets_path.as_ref() {
+        let html = match args.assets.as_ref() {
            Some(path) => Cow::Owned(std::fs::read_to_string(path.join("index.html"))?),
            None => Cow::Borrowed(INDEX_HTML),
        };
@@ -96,9 +96,9 @@ impl Server {
        addr: Option<SocketAddr>,
    ) -> Result<Response, hyper::Error> {
        let uri = req.uri().clone();
-        let assets_prefix = self.assets_prefix.clone();
+        let assets_prefix = &self.assets_prefix;
        let enable_cors = self.args.enable_cors;
-        let mut http_log_data = self.args.log_http.data(&req, &self.args);
+        let mut http_log_data = self.args.http_logger.data(&req);
        if let Some(addr) = addr {
            http_log_data.insert("remote_addr".to_string(), addr.ip().to_string());
        }
@@ -106,8 +106,8 @@ impl Server {
        let mut res = match self.clone().handle(req).await {
            Ok(res) => {
                http_log_data.insert("status".to_string(), res.status().as_u16().to_string());
-                if !uri.path().starts_with(&assets_prefix) {
-                    self.args.log_http.log(&http_log_data, None);
+                if !uri.path().starts_with(assets_prefix) {
+                    self.args.http_logger.log(&http_log_data, None);
                }
                res
            }
@@ -117,7 +117,7 @@ impl Server {
                *res.status_mut() = status;
                http_log_data.insert("status".to_string(), status.as_u16().to_string());
                self.args
-                    .log_http
+                    .http_logger
                    .log(&http_log_data, Some(err.to_string()));
                res
            }
@@ -149,12 +149,7 @@ impl Server {
            }
        };

-        let guard = self.args.auth.guard(
-            &relative_path,
-            &method,
-            authorization,
-            self.args.auth_method.clone(),
-        );
+        let guard = self.args.auth.guard(&relative_path, &method, authorization);

        let (user, access_paths) = match guard {
            (None, None) => {
@@ -185,7 +180,7 @@ impl Server {
                .iter()
                .any(|v| v.as_str() == req_path)
            {
-                self.handle_send_file(&self.args.path, headers, head_only, &mut res)
+                self.handle_send_file(&self.args.serve_path, headers, head_only, &mut res)
                    .await?;
            } else {
                status_not_found(&mut res);
@@ -432,7 +427,12 @@ impl Server {

        futures::pin_mut!(body_reader);

-        io::copy(&mut body_reader, &mut file).await?;
+        let ret = io::copy(&mut body_reader, &mut file).await;
+        if ret.is_err() {
+            tokio::fs::remove_file(&path).await?;
+
+            ret?;
+        }

        *res.status_mut() = StatusCode::CREATED;
        Ok(())
@@ -620,7 +620,7 @@ impl Server {
        res: &mut Response,
    ) -> Result<()> {
        if path.extension().is_none() {
-            let path = self.args.path.join(INDEX_NAME);
+            let path = self.args.serve_path.join(INDEX_NAME);
            self.handle_send_file(&path, headers, head_only, res)
                .await?;
        } else {
@@ -636,7 +636,7 @@ impl Server {
        res: &mut Response,
    ) -> Result<bool> {
        if let Some(name) = req_path.strip_prefix(&self.assets_prefix) {
-            match self.args.assets_path.as_ref() {
+            match self.args.assets.as_ref() {
                Some(assets_path) => {
                    let path = assets_path.join(name);
                    self.handle_send_file(&path, headers, false, res).await?;
@@ -776,7 +776,10 @@ impl Server {
    ) -> Result<()> {
        let (file, meta) = tokio::join!(fs::File::open(path), fs::metadata(path),);
        let (file, meta) = (file?, meta?);
-        let href = format!("/{}", normalize_path(path.strip_prefix(&self.args.path)?));
+        let href = format!(
+            "/{}",
+            normalize_path(path.strip_prefix(&self.args.serve_path)?)
+        );
        let mut buffer: Vec<u8> = vec![];
        file.take(1024).read_to_end(&mut buffer).await?;
        let editable = meta.len() <= TEXT_MAX_SIZE && content_inspector::inspect(&buffer).is_text();
@@ -822,12 +825,15 @@ impl Server {
            },
            None => 1,
        };
-        let mut paths = match self.to_pathitem(path, &self.args.path).await? {
+        let mut paths = match self.to_pathitem(path, &self.args.serve_path).await? {
            Some(v) => vec![v],
            None => vec![],
        };
        if depth != 0 {
-            match self.list_dir(path, &self.args.path, access_paths).await {
+            match self
+                .list_dir(path, &self.args.serve_path, access_paths)
+                .await
+            {
                Ok(child) => paths.extend(child),
                Err(_) => {
                    status_forbid(res);
@@ -847,7 +853,7 @@ impl Server {
    }

    async fn handle_propfind_file(&self, path: &Path, res: &mut Response) -> Result<()> {
-        if let Some(pathitem) = self.to_pathitem(path, &self.args.path).await? {
+        if let Some(pathitem) = self.to_pathitem(path, &self.args.serve_path).await? {
            res_multistatus(res, &pathitem.to_dav_xml(self.args.uri_prefix.as_str()));
        } else {
            status_not_found(res);
@@ -952,28 +958,11 @@ impl Server {
    ) -> Result<()> {
        if let Some(sort) = query_params.get("sort") {
            if sort == "name" {
-                paths.sort_by(|v1, v2| match v1.path_type.cmp(&v2.path_type) {
-                    Ordering::Equal => {
-                        alphanumeric_sort::compare_str(v1.name.clone(), v2.name.clone())
-                    }
-                    v => v,
-                })
+                paths.sort_by(|v1, v2| v1.sort_by_name(v2))
            } else if sort == "mtime" {
-                paths.sort_by(|v1, v2| match v1.path_type.cmp(&v2.path_type) {
-                    Ordering::Equal => v1.mtime.cmp(&v2.mtime),
-                    v => v,
-                })
+                paths.sort_by(|v1, v2| v1.sort_by_mtime(v2))
            } else if sort == "size" {
-                paths.sort_by(|v1, v2| match v1.path_type.cmp(&v2.path_type) {
-                    Ordering::Equal => {
-                        if v1.is_dir() {
-                            alphanumeric_sort::compare_str(v1.name.clone(), v2.name.clone())
-                        } else {
-                            v1.size.unwrap_or(0).cmp(&v2.size.unwrap_or(0))
-                        }
-                    }
-                    v => v,
-                })
+                paths.sort_by(|v1, v2| v1.sort_by_size(v2))
            }
            if query_params
                .get("order")
@@ -983,7 +972,7 @@ impl Server {
                paths.reverse()
            }
        } else {
-            paths.sort_unstable();
+            paths.sort_by(|v1, v2| v1.sort_by_name(v2))
        }
        if query_params.contains_key("simple") {
            let output = paths
@@ -1007,7 +996,10 @@ impl Server {
            }
            return Ok(());
        }
-        let href = format!("/{}", normalize_path(path.strip_prefix(&self.args.path)?));
+        let href = format!(
+            "/{}",
+            normalize_path(path.strip_prefix(&self.args.serve_path)?)
+        );
        let readwrite = access_paths.perm().readwrite();
        let data = IndexData {
            kind: DataKind::Index,
@@ -1043,9 +1035,9 @@ impl Server {
    }

    fn auth_reject(&self, res: &mut Response) -> Result<()> {
-        let value = self.args.auth_method.www_auth()?;
        set_webdav_headers(res);
-        res.headers_mut().insert(WWW_AUTHENTICATE, value.parse()?);
+        res.headers_mut()
+            .append(WWW_AUTHENTICATE, www_authenticate(&self.args)?);
        // set 401 to make the browser pop up the login box
        *res.status_mut() = StatusCode::UNAUTHORIZED;
        Ok(())
@@ -1055,7 +1047,7 @@ impl Server {
        fs::canonicalize(path)
            .await
            .ok()
-            .map(|v| v.starts_with(&self.args.path))
+            .map(|v| v.starts_with(&self.args.serve_path))
            .unwrap_or_default()
    }

@@ -1078,12 +1070,10 @@ impl Server {
        };

        let authorization = headers.get(AUTHORIZATION);
-        let guard = self.args.auth.guard(
-            &relative_path,
-            req.method(),
-            authorization,
-            self.args.auth_method.clone(),
-        );
+        let guard = self
+            .args
+            .auth
+            .guard(&relative_path, req.method(), authorization);

        match guard {
            (_, Some(_)) => {}
@@ -1123,14 +1113,14 @@ impl Server {

    fn join_path(&self, path: &str) -> Option<PathBuf> {
        if path.is_empty() {
-            return Some(self.args.path.clone());
+            return Some(self.args.serve_path.clone());
        }
        let path = if cfg!(windows) {
            path.replace('/', "\\")
        } else {
            path.to_string()
        };
-        Some(self.args.path.join(path))
+        Some(self.args.serve_path.join(path))
    }

    async fn list_dir(
@@ -1286,9 +1276,42 @@ impl PathItem {
            ),
        }
    }
+
    pub fn base_name(&self) -> &str {
        self.name.split('/').last().unwrap_or_default()
    }
+
+    pub fn sort_by_name(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => {
+                alphanumeric_sort::compare_str(self.name.to_lowercase(), other.name.to_lowercase())
+            }
+            v => v,
+        }
+    }
+
+    pub fn sort_by_mtime(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => self.mtime.cmp(&other.mtime),
+            v => v,
+        }
+    }
+
+    pub fn sort_by_size(&self, other: &Self) -> Ordering {
+        match self.path_type.cmp(&other.path_type) {
+            Ordering::Equal => {
+                if self.is_dir() {
+                    alphanumeric_sort::compare_str(
+                        self.name.to_lowercase(),
+                        other.name.to_lowercase(),
+                    )
+                } else {
+                    self.size.unwrap_or(0).cmp(&other.size.unwrap_or(0))
+                }
+            }
+            v => v,
+        }
+    }
 }

 #[derive(Debug, Serialize, Eq, PartialEq)]
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -29,6 +29,32 @@ fn auth(#[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer) -> Resu
    Ok(())
 }

+const HASHED_PASSWORD_AUTH: &str =  "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw"; // user:pass
+
+#[rstest]
+fn auth_hashed_password(
+    #[with(&["--auth", HASHED_PASSWORD_AUTH, "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}file1", server.url());
+    let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
+    assert_eq!(resp.status(), 401);
+    if let Err(err) = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .send_with_digest_auth("user", "pass")
+    {
+        assert_eq!(
+            format!("{err:?}"),
+            r#"DigestAuth(MissingRequired("realm", "Basic realm=\"DUFS\""))"#
+        );
+    }
+    let resp = fetch!(b"PUT", &url)
+        .body(b"abc".to_vec())
+        .basic_auth("user", Some("pass"))
+        .send()?;
+    assert_eq!(resp.status(), 201);
+    Ok(())
+}
+
 #[rstest]
 fn auth_and_public(
    #[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
@@ -125,8 +151,8 @@ fn auth_nest_share(
 }

 #[rstest]
-#[case(server(&["--auth", "user:pass@/:rw", "--auth-method", "basic", "-A"]), "user", "pass")]
-#[case(server(&["--auth", "u1:p1@/:rw", "--auth-method", "basic", "-A"]), "u1", "p1")]
+#[case(server(&["--auth", "user:pass@/:rw", "-A"]), "user", "pass")]
+#[case(server(&["--auth", "u1:p1@/:rw", "-A"]), "u1", "p1")]
 fn auth_basic(
    #[case] server: TestServer,
    #[case] user: &str,
@@ -216,7 +242,7 @@ fn no_auth_propfind_dir(

 #[rstest]
 fn auth_data(
-    #[with(&["--auth", "user:pass@/:rw|@/", "-A", "--auth-method", "basic"])] server: TestServer,
+    #[with(&["--auth", "user:pass@/:rw|@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
    let resp = reqwest::blocking::get(server.url())?;
    let content = resp.text()?;
--- a/tests/bind.rs
+++ b/tests/bind.rs
@@ -76,9 +76,7 @@ fn validate_printed_urls(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> R
        .collect::<Vec<_>>();

    assert!(!urls.is_empty());
-    for url in urls {
-        reqwest::blocking::get(url)?.error_for_status()?;
-    }
+    reqwest::blocking::get(urls[0])?.error_for_status()?;

    child.kill()?;

--- a/tests/config.rs
+++ b/tests/config.rs
@@ -0,0 +1,56 @@
+mod fixtures;
+mod utils;
+
+use assert_cmd::prelude::*;
+use assert_fs::TempDir;
+use diqwest::blocking::WithDigestAuth;
+use fixtures::{port, tmpdir, wait_for_port, Error};
+use rstest::rstest;
+use std::path::PathBuf;
+use std::process::{Command, Stdio};
+
+#[rstest]
+fn use_config_file(tmpdir: TempDir, port: u16) -> Result<(), Error> {
+    let config_path = get_config_path().display().to_string();
+    let mut child = Command::cargo_bin("dufs")?
+        .arg(tmpdir.path())
+        .arg("-p")
+        .arg(port.to_string())
+        .args(["--config", &config_path])
+        .stdout(Stdio::piped())
+        .spawn()?;
+
+    wait_for_port(port);
+
+    let url = format!("http://localhost:{port}/dufs/index.html");
+    let resp = fetch!(b"GET", &url).send()?;
+    assert_eq!(resp.status(), 401);
+
+    let url = format!("http://localhost:{port}/dufs/index.html");
+    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.text()?, "This is index.html");
+
+    let url = format!("http://localhost:{port}/dufs?simple");
+    let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
+    let text: String = resp.text().unwrap();
+    assert!(text.split('\n').any(|c| c == "dir1/"));
+    assert!(!text.split('\n').any(|c| c == "dir3/"));
+    assert!(!text.split('\n').any(|c| c == "test.txt"));
+
+    let url = format!("http://localhost:{port}/dufs/dir1/upload.txt");
+    let resp = fetch!(b"PUT", &url)
+        .body("Hello")
+        .send_with_digest_auth("user", "pass")?;
+    assert_eq!(resp.status(), 201);
+
+    child.kill()?;
+    Ok(())
+}
+
+fn get_config_path() -> PathBuf {
+    let mut path = std::env::current_dir().expect("Failed to get current directory");
+    path.push("tests");
+    path.push("data");
+    path.push("config.yaml");
+    path
+}
--- a/tests/data/config.yaml
+++ b/tests/data/config.yaml
@@ -0,0 +1,9 @@
+bind:
+  - 0.0.0.0
+path-prefix: dufs
+hidden:
+  - dir3
+  - test.txt
+auth: 
+  - user:pass@/:rw
+allow-upload: true
--- a/tests/http_logger.rs
+++ b/tests/http_logger.rs
@@ -12,7 +12,7 @@ use std::process::{Command, Stdio};

 #[rstest]
 #[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], false)]
-#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user", "--auth-method", "basic"], true)]
+#[case(&["-a", "user:pass@/:rw", "--log-format", "$remote_user"], true)]
 fn log_remote_user(
    tmpdir: TempDir,
    port: u16,
@@ -41,7 +41,7 @@ fn log_remote_user(

    assert_eq!(resp.status(), 200);

-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;

@@ -69,7 +69,7 @@ fn no_log(tmpdir: TempDir, port: u16, #[case] args: &[&str]) -> Result<(), Error
    let resp = fetch!(b"GET", &format!("http://localhost:{port}")).send()?;
    assert_eq!(resp.status(), 200);

-    let mut buf = [0; 1000];
+    let mut buf = [0; 2048];
    let buf_len = stdout.read(&mut buf)?;
    let output = std::str::from_utf8(&buf[0..buf_len])?;

--- a/tests/tls.rs
+++ b/tests/tls.rs
@@ -7,6 +7,8 @@ use predicates::str::contains;
 use reqwest::blocking::ClientBuilder;
 use rstest::rstest;

+use crate::fixtures::port;
+
 /// Can start the server with TLS and receive encrypted responses.
 #[rstest]
 #[case(server(&[
@@ -33,8 +35,16 @@ fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
 /// Wrong path for cert throws error.
 #[rstest]
 fn wrong_path_cert() -> Result<(), Error> {
+    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "wrong", "--tls-key", "tests/data/key.pem"])
+        .args([
+            "--tls-cert",
+            "wrong",
+            "--tls-key",
+            "tests/data/key.pem",
+            "--port",
+            &port,
+        ])
        .assert()
        .failure()
        .stderr(contains("Failed to access `wrong`"));
@@ -45,8 +55,16 @@ fn wrong_path_cert() -> Result<(), Error> {
 /// Wrong paths for key throws errors.
 #[rstest]
 fn wrong_path_key() -> Result<(), Error> {
+    let port = port().to_string();
    Command::cargo_bin("dufs")?
-        .args(["--tls-cert", "tests/data/cert.pem", "--tls-key", "wrong"])
+        .args([
+            "--tls-cert",
+            "tests/data/cert.pem",
+            "--tls-key",
+            "wrong",
+            "--port",
+            &port,
+        ])
        .assert()
        .failure()
        .stderr(contains("Failed to access `wrong`"));
Author	SHA1	Message	Date
sigoden	0d74fa3ec5	chore: release v0.37.0	2023-11-08 10:41:24 +08:00
sigoden	b83cc6938b	chore: update readme	2023-11-07 22:45:53 +08:00
sigoden	a187b14885	chore: update deps and ci (#284 )	2023-11-04 19:47:13 +08:00
sigoden	d3de3db0d9	feat: support hashed password (#283 )	2023-11-04 18:12:58 +08:00
sigoden	80ac9afe68	refactor: improve code quanity (#282 ) - rename LogHttp to HttpLogger	2023-11-04 17:10:38 +08:00
sigoden	4ef07737e1	feat: support config file with `--config` option (#281 )	2023-11-04 16:58:19 +08:00
sigoden	5782c5f413	chore: update description for `--auth`	2023-11-03 21:08:05 +08:00
sigoden	8b4cab1e69	fix: auto delete half-uploaded files (#280 )	2023-11-03 20:58:53 +08:00
sigoden	70300b133c	feat: deprecate `--auth-method`, as both options are available (#279 ) * feat: deprecate `--auth-method`, both are avaiable * send one www-authenticate with two schemes	2023-11-03 20:36:23 +08:00
sigoden	7ea4bb808d	refactor: optimize tests	2023-11-03 15:25:20 +08:00
sigoden	6766e0d437	fix: ui show user-name next to the user-icon (#278 )	2023-11-03 14:55:07 +08:00
tieway59	53c9bc8bea	refactor: remove one clone on `assets_prefix` (#270 ) This clone is not consist with the usage of `assets_prefix` in following code and it's unnecessary. Signed-off-by: TieWay59 <tieway59@foxmail.com>	2023-10-05 08:50:24 +08:00
sigoden	60df3b473c	fix: sort path ignore case (#264 )	2023-09-06 23:25:04 +08:00