[PR #595] [CLOSED] feat: support authentication via token (#522) #649

New Issue

zhus · 2026-04-08T16:53:49+03:00

zhus commented

2026-04-08 16:53:49 +03:00

📋 Pull Request Information

Original PR: https://github.com/sigoden/dufs/pull/595
Author: @52funny
Created: 7/15/2025
Status: ❌ Closed

Base: main ← Head: issue522

📝 Commits (1)

f26e22e feat: support authentication via token (#522)

📊 Changes

5 files changed (+130 additions, -29 deletions)

View changed files

📝 Cargo.lock (+6 -5)
📝 Cargo.toml (+2 -0)
📝 assets/index.js (+11 -8)
📝 src/auth.rs (+77 -3)
📝 src/server.rs (+34 -13)

📄 Description

This PR introduces a token-based access mechanism to support authenticated access to resource files via URL parameters. With this enhancement, clients can include a token in the URL to bypass unauthorized status codes and access protected resources directly.

Example

Resource access URLs are transformed as follows:

http://192.168.1.2:5000/a.txt
==>
http://192.168.1.2:5000/a.txt?token=45744af16aec4611dacf91f9b35de8a32ce96f82308e8af9e8052da7f826c78e

Token Design

Each token is a 32-byte random value.
The last 8 bytes are XORed with the current timestamp to reduce collision probability.
Tokens are encapsulated in a UserToken struct: auth.rs#L50
The UserToken is currently a wrapper around a String, making it easy to switch to other token formats (e.g., JWT) in the future.

Access Policy

The access flow is defined as follows: auth.rs#L160

If a valid token is present in the URL, access is granted.
If the token is invalid, the server falls back to the WWW-Authenticate header.
If both methods fail, the request is denied.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/sigoden/dufs/pull/595 **Author:** [@52funny](https://github.com/52funny) **Created:** 7/15/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `issue522` --- ### 📝 Commits (1) - [`f26e22e`](https://github.com/sigoden/dufs/commit/f26e22e726bc9cf624621a937e9562e0800d00a1) feat: support authentication via token (#522) ### 📊 Changes **5 files changed** (+130 additions, -29 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+6 -5) 📝 `Cargo.toml` (+2 -0) 📝 `assets/index.js` (+11 -8) 📝 `src/auth.rs` (+77 -3) 📝 `src/server.rs` (+34 -13) </details> ### 📄 Description This PR introduces a **token-based access mechanism** to support authenticated access to resource files via URL parameters. With this enhancement, clients can include a token in the URL to bypass unauthorized status codes and access protected resources directly. ### Example Resource access URLs are transformed as follows: ``` http://192.168.1.2:5000/a.txt ==> http://192.168.1.2:5000/a.txt?token=45744af16aec4611dacf91f9b35de8a32ce96f82308e8af9e8052da7f826c78e ``` ### Token Design - Each token is a **32-byte random value**. - The **last 8 bytes are XORed with the current timestamp** to reduce collision probability. - Tokens are encapsulated in a `UserToken` struct: [`auth.rs#L50`](https://github.com/52funny/dufs/blob/f26e22e726bc9cf624621a937e9562e0800d00a1/src/auth.rs#L50) - The `UserToken` is currently a wrapper around a `String`, making it easy to switch to other token formats (e.g., JWT) in the future. ### Access Policy The access flow is defined as follows: [`auth.rs#L160`](https://github.com/52funny/dufs/blob/f26e22e726bc9cf624621a937e9562e0800d00a1/src/auth.rs#L160) - If a valid `token` is present in the URL, access is granted. - If the token is **invalid**, the server falls back to the `WWW-Authenticate` header. - If both methods fail, the request is **denied**. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

zhus added the pull-request label 2026-04-08 16:53:49 +03:00

zhus closed this issue

2026-04-08 16:53:49 +03:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#649