[PR #218] [MERGED] feat: new auth #518

New Issue

Closed

opened 2026-04-08 16:53:15 +03:00 by zhus · 0 comments

zhus commented 2026-04-08 16:53:15 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/sigoden/dufs/pull/218
Author: @sigoden
Created: 6/1/2023
Status: ✅ Merged
Merged: 6/1/2023
Merged by: @sigoden

Base: main ← Head: new-auth

---

📝 Commits (1)

• b43f7ea breaking: new auth

📊 Changes

7 files changed (+481 additions, -273 deletions)

View changed files

📝 Cargo.toml (+1 -1)
📝 src/args.rs (+2 -2)
📝 src/auth.rs (+231 -128)
📝 src/server.rs (+206 -124)
📝 tests/auth.rs (+38 -15)
📝 tests/log_http.rs (+2 -2)
📝 tests/single_file.rs (+1 -1)

📄 Description

The access level path control used by dufs has two disadvantages:

1. One path cannot support multiple users
2. It is very troublesome to set multiple paths for one user

So it needs to be refactored.
The new auth is account based, it closes #207, closes #208.

Access Control

Dufs supports account based access control. You can control who can do what on which path with --auth/-a.

dufs -a [user:pass]@path[:rw][,path[:rw]...][|...]

1: Multiple rules are separated by "|"
2: User and pass are the account name and password, if omitted, it is an anonymous user
3: One rule can set multiple paths, separated by ","
4: Add :rw after the path to indicate that the path has read and write permissions, otherwise the path has readonly permissions.

dufs -A -a admin:admin@/:rw

admin has all permissions for all paths.

dufs -A -a admin:admin@/:rw -a guest:guest@/

guest has readonly permissions for all paths.

dufs -A -a admin:admin@/:rw -a @/

All paths is public, everyone can view/download it.

dufs -A -a admin:admin@/:rw -a user1:pass1@/user1:rw -a user2:pass2@/user2
dufs -A -a "admin:admin@/:rw|user1:pass1@/user1:rw|user2:pass2@/user2"

user1 has all permissions for /user1/* path.
user2 has all permissions for /user2/* path.

dufs -A -a user:pass@/dir1:rw,/dir2:rw,dir3

user has all permissions for /dir1/* and /dir2/*, has readonly permissions for /dir3/.

dufs -a admin:admin@/

Since dufs only allows viewing/downloading, admin can only view/download files.

BREAKING CHANGE: new auth

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/sigoden/dufs/pull/218 **Author:** [@sigoden](https://github.com/sigoden) **Created:** 6/1/2023 **Status:** ✅ Merged **Merged:** 6/1/2023 **Merged by:** [@sigoden](https://github.com/sigoden) **Base:** `main` ← **Head:** `new-auth` --- ### 📝 Commits (1) - [`b43f7ea`](https://github.com/sigoden/dufs/commit/b43f7eaf0e95ffc8c7b250054d0cffabbec453b9) breaking: new auth ### 📊 Changes **7 files changed** (+481 additions, -273 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.toml` (+1 -1) 📝 `src/args.rs` (+2 -2) 📝 `src/auth.rs` (+231 -128) 📝 `src/server.rs` (+206 -124) 📝 `tests/auth.rs` (+38 -15) 📝 `tests/log_http.rs` (+2 -2) 📝 `tests/single_file.rs` (+1 -1) </details> ### 📄 Description The access level path control used by dufs has two disadvantages: 1. One path cannot support multiple users 2. It is very troublesome to set multiple paths for one user So it needs to be refactored. The new auth is account based, it closes #207, closes #208. ### Access Control Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`. ``` dufs -a [user:pass]@path[:rw][,path[:rw]...][|...] ``` 1: Multiple rules are separated by "|" 2: User and pass are the account name and password, if omitted, it is an anonymous user 3: One rule can set multiple paths, separated by "," 4: Add `:rw` after the path to indicate that the path has read and write permissions, otherwise the path has readonly permissions. ``` dufs -A -a admin:admin@/:rw ``` `admin` has all permissions for all paths. ``` dufs -A -a admin:admin@/:rw -a guest:guest@/ ``` `guest` has readonly permissions for all paths. ``` dufs -A -a admin:admin@/:rw -a @/ ``` All paths is public, everyone can view/download it. ``` dufs -A -a admin:admin@/:rw -a user1:pass1@/user1:rw -a user2:pass2@/user2 dufs -A -a "admin:admin@/:rw|user1:pass1@/user1:rw|user2:pass2@/user2" ``` `user1` has all permissions for `/user1/*` path. `user2` has all permissions for `/user2/*` path. ``` dufs -A -a user:pass@/dir1:rw,/dir2:rw,dir3 ``` `user` has all permissions for `/dir1/*` and `/dir2/*`, has readonly permissions for `/dir3/`. ``` dufs -a admin:admin@/ ``` Since dufs only allows viewing/downloading, `admin` can only view/download files. BREAKING CHANGE: new auth --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

zhus added the pull-request label 2026-04-08 16:53:15 +03:00

zhus closed this issue 2026-04-08 16:53:15 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

chore-release

v0.46.0-rc1

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.0

v0.35.0

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.1

v0.17.0

v0.16.0

v0.15.1

v0.15.0

v0.14.0

v0.13.2

v0.13.1

v0.13.0

v0.12.1

v0.11.0

v0.10.1

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zhus

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#518