outline: none;
}
-.save-btn {
+.toolbox2 {
margin-left: auto;
margin-right: 2em;
+}
+
+.save-btn {
cursor: pointer;
user-select: none;
}
<input id="search" name="q" type="text" maxlength="128" autocomplete="off" tabindex="1">
<input type="submit" hidden />
</form>
- <div class="save-btn hidden" title="Save file">
- <svg viewBox="0 0 1024 1024" width="24" height="24">
- <path
- d="M426.666667 682.666667v42.666666h170.666666v-42.666666h-170.666666z m-42.666667-85.333334h298.666667v128h42.666666V418.133333L605.866667 298.666667H298.666667v426.666666h42.666666v-128h42.666667z m260.266667-384L810.666667 379.733333V810.666667H213.333333V213.333333h430.933334zM341.333333 341.333333h85.333334v170.666667H341.333333V341.333333z"
- fill="#444444" p-id="8311"></path>
- </svg>
+ <div class="toolbox2">
+ <div class="login-btn hidden" title="Login">
+ <svg width="16" height="16" viewBox="0 0 16 16">
+ <path fill-rule="evenodd"
+ d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z" />
+ <path fill-rule="evenodd"
+ d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z" />
+ </svg>
+ </div>
+ <div class="user-btn hidden">
+ <svg width="16" height="16" viewBox="0 0 16 16">
+ <path d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6Zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0Zm4 8c0 1-1 1-1 1H3s-1 0-1-1 1-4 6-4 6 3 6 4Zm-1-.004c-.001-.246-.154-.986-.832-1.664C11.516 10.68 10.289 10 8 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10Z"/>
+ </svg>
+ </div>
+ <div class="save-btn hidden" title="Save file">
+ <svg viewBox="0 0 1024 1024" width="24" height="24">
+ <path
+ d="M426.666667 682.666667v42.666666h170.666666v-42.666666h-170.666666z m-42.666667-85.333334h298.666667v128h42.666666V418.133333L605.866667 298.666667H298.666667v426.666666h42.666666v-128h42.666667z m260.266667-384L810.666667 379.733333V810.666667H213.333333V213.333333h430.933334zM341.333333 341.333333h85.333334v170.666667H341.333333V341.333333z"
+ fill="#444444" p-id="8311"></path>
+ </svg>
+ </div>
</div>
</div>
<div class="main">
* @property {boolean} allow_delete
* @property {boolean} allow_search
* @property {boolean} allow_archive
+ * @property {boolean} auth
+ * @property {string} user
* @property {boolean} dir_exists
* @property {string} editable
*/
* @type Element
*/
let $editor;
+/**
+ * @type Element
+ */
+let $userBtn;
function ready() {
$pathsTable = document.querySelector(".paths-table")
$uploadersTable = document.querySelector(".uploaders-table");
$emptyFolder = document.querySelector(".empty-folder");
$editor = document.querySelector(".editor");
+ $userBtn = document.querySelector(".user-btn");
addBreadcrumb(DATA.href, DATA.uri_prefix);
document.title = `Index of ${DATA.href} - Dufs`;
document.querySelector(".index-page").classList.remove("hidden");
+ if (DATA.auth) {
+ setupAuth();
+ }
+
if (DATA.allow_search) {
setupSearch()
}
document.title = `Edit of ${DATA.href} - Dufs`;
document.querySelector(".editor-page").classList.remove("hidden");;
-
setupEditor();
}
}
Uploader.runnings = 0;
+Uploader.auth = false;
+
/**
* @type Uploader[]
*/
Uploader.queues = [];
-Uploader.runQueue = () => {
+Uploader.runQueue = async () => {
if (Uploader.runnings > 2) return;
let uploader = Uploader.queues.shift();
if (!uploader) return;
+ if (!Uploader.auth) {
+ Uploader.auth = true;
+ await login();
+ }
uploader.ajax();
}
${getPathSvg(file.path_type)}
</td>
<td class="path cell-name">
- <a href="${url}">${encodedName}</a>
+ <a href="${url}" target="_blank">${encodedName}</a>
</td>
<td class="cell-mtime">${formatMtime(file.mtime)}</td>
<td class="cell-size">${formatSize(file.size).join(" ")}</td>
if (!confirm(`Delete \`${file.name}\`?`)) return;
try {
+ await login();
const res = await fetch(newUrl(file.name), {
method: "DELETE",
});
- await assertFetch(res);
+ await assertResOK(res);
document.getElementById(`addPath${index}`).remove();
DATA.paths[index] = null;
if (!DATA.paths.find(v => !!v)) {
const newFileUrl = fileUrlObj.origin + prefix + newPath.split("/").map(encodeURIComponent).join("/");
try {
+ await login();
const res = await fetch(fileUrl, {
method: "MOVE",
headers: {
"Destination": newFileUrl,
}
});
- await assertFetch(res);
- location.href = newFileUrl.split("/").slice(0, -1).join("/")
+ await assertResOK(res);
+ location.href = newFileUrl.split("/").slice(0, -1).join("/");
} catch (err) {
alert(`Cannot move \`${filePath}\` to \`${newPath}\`, ${err.message}`);
}
e.stopPropagation();
});
});
- document.addEventListener("drop", e => {
+ document.addEventListener("drop", async e => {
if (!e.dataTransfer.items[0].webkitGetAsEntry) {
const files = e.dataTransfer.files.filter(v => v.size > 0);
for (const file of files) {
});
}
+function setupAuth() {
+ if (DATA.user) {
+ $userBtn.classList.remove("hidden");
+ $userBtn.title = DATA.user;
+ } else {
+ const $loginBtn = document.querySelector(".login-btn");
+ $loginBtn.classList.remove("hidden");
+ $loginBtn.addEventListener("click", () => login(true));
+ }
+}
+
+
/**
* Setup searchbar
*/
if (name) createFolder(name);
});
document.querySelector(".upload-file").classList.remove("hidden");
- document.getElementById("file").addEventListener("change", e => {
+ document.getElementById("file").addEventListener("change", async e => {
const files = e.target.files;
for (let file of files) {
new Uploader(file, []).upload();
$editor.classList.remove("hidden");
try {
const res = await fetch(baseUrl());
- await assertFetch(res);
+ await assertResOK(res);
const text = await res.text();
$editor.value = text;
} catch (err) {
}
}
+async function login(alert = false) {
+ if (!DATA.auth) return;
+ try {
+ const res = await fetch(baseUrl() + "?auth");
+ await assertResOK(res);
+ document.querySelector(".login-btn").classList.add("hidden");
+ $userBtn.classList.remove("hidden");
+ $userBtn.title = "";
+ } catch (err) {
+ let message = `Cannot login, ${err.message}`;
+ if (alert) {
+ alert(message);
+ } else {
+ throw new Error(message);
+ }
+ }
+}
+
/**
* Create a folder
* @param {string} name
async function createFolder(name) {
const url = newUrl(name);
try {
+ await login();
const res = await fetch(url, {
method: "MKCOL",
});
- await assertFetch(res);
+ await assertResOK(res);
location.href = url;
} catch (err) {
alert(`Cannot create folder \`${name}\`, ${err.message}`);
async function createFile(name) {
const url = newUrl(name);
try {
+ await login();
const res = await fetch(url, {
method: "PUT",
body: "",
});
- await assertFetch(res);
+ await assertResOK(res);
location.href = url + "?edit";
} catch (err) {
alert(`Cannot create file \`${name}\`, ${err.message}`);
});
}
-async function assertFetch(res) {
+async function assertResOK(res) {
if (!(res.status >= 200 && res.status < 300)) {
throw new Error(await res.text())
}
Ok(Self { rules })
}
+ pub fn valid(&self) -> bool {
+ !self.rules.is_empty()
+ }
+
pub fn guard(
&self,
path: &str,
pub fn is_reject(&self) -> bool {
*self == GuardType::Reject
}
+ pub fn is_readwrite(&self) -> bool {
+ *self == GuardType::ReadWrite
+ }
}
fn sanitize_path(path: &str, uri_prefix: &str) -> String {
return Ok(res);
}
+ let query = req.uri().query().unwrap_or_default();
+ let query_params: HashMap<String, String> = form_urlencoded::parse(query.as_bytes())
+ .map(|(k, v)| (k.to_string(), v.to_string()))
+ .collect();
+
+ if query_params.contains_key("auth") {
+ if !guard_type.is_readwrite() {
+ self.auth_reject(&mut res);
+ }
+ return Ok(res);
+ }
+
let head_only = method == Method::HEAD;
if self.args.path_is_file {
let path = path.as_path();
- let query = req.uri().query().unwrap_or_default();
- let query_params: HashMap<String, String> = form_urlencoded::parse(query.as_bytes())
- .map(|(k, v)| (k.to_string(), v.to_string()))
- .collect();
-
let (is_miss, is_dir, is_file, size) = match fs::metadata(path).await.ok() {
Some(meta) => (false, meta.is_dir(), meta.is_file(), meta.len()),
None => (true, false, false, 0),
}
self.handle_zip_dir(path, head_only, &mut res).await?;
} else if allow_search && query_params.contains_key("q") {
- self.handle_search_dir(path, &query_params, head_only, &mut res)
+ let user = self.retrieve_user(authorization);
+ self.handle_search_dir(path, &query_params, head_only, user, &mut res)
.await?;
} else {
+ let user = self.retrieve_user(authorization);
self.handle_render_index(
path,
&query_params,
headers,
head_only,
+ user,
&mut res,
)
.await?;
}
} else if render_index || render_spa {
- self.handle_render_index(path, &query_params, headers, head_only, &mut res)
- .await?;
+ let user = self.retrieve_user(authorization);
+ self.handle_render_index(
+ path,
+ &query_params,
+ headers,
+ head_only,
+ user,
+ &mut res,
+ )
+ .await?;
} else if query_params.contains_key("zip") {
if !allow_archive {
status_not_found(&mut res);
}
self.handle_zip_dir(path, head_only, &mut res).await?;
} else if allow_search && query_params.contains_key("q") {
- self.handle_search_dir(path, &query_params, head_only, &mut res)
+ let user = self.retrieve_user(authorization);
+ self.handle_search_dir(path, &query_params, head_only, user, &mut res)
.await?;
} else {
- self.handle_ls_dir(path, true, &query_params, head_only, &mut res)
+ let user = self.retrieve_user(authorization);
+ self.handle_ls_dir(path, true, &query_params, head_only, user, &mut res)
.await?;
}
} else if is_file {
if query_params.contains_key("edit") {
- self.handle_edit_file(path, head_only, &mut res).await?;
+ let user = self.retrieve_user(authorization);
+ self.handle_edit_file(path, head_only, user, &mut res)
+ .await?;
} else {
self.handle_send_file(path, headers, head_only, &mut res)
.await?;
self.handle_render_spa(path, headers, head_only, &mut res)
.await?;
} else if allow_upload && req_path.ends_with('/') {
- self.handle_ls_dir(path, false, &query_params, head_only, &mut res)
+ let user = self.retrieve_user(authorization);
+ self.handle_ls_dir(path, false, &query_params, head_only, user, &mut res)
.await?;
} else {
status_not_found(&mut res);
exist: bool,
query_params: &HashMap<String, String>,
head_only: bool,
+ user: Option<String>,
res: &mut Response,
) -> BoxResult<()> {
let mut paths = vec![];
}
}
};
- self.send_index(path, paths, exist, query_params, head_only, res)
+ self.send_index(path, paths, exist, query_params, head_only, user, res)
}
async fn handle_search_dir(
path: &Path,
query_params: &HashMap<String, String>,
head_only: bool,
+ user: Option<String>,
res: &mut Response,
) -> BoxResult<()> {
let mut paths: Vec<PathItem> = vec![];
}
}
}
- self.send_index(path, paths, true, query_params, head_only, res)
+ self.send_index(path, paths, true, query_params, head_only, user, res)
}
async fn handle_zip_dir(
query_params: &HashMap<String, String>,
headers: &HeaderMap<HeaderValue>,
head_only: bool,
+ user: Option<String>,
res: &mut Response,
) -> BoxResult<()> {
let index_path = path.join(INDEX_NAME);
self.handle_send_file(&index_path, headers, head_only, res)
.await?;
} else if self.args.render_try_index {
- self.handle_ls_dir(path, true, query_params, head_only, res)
+ self.handle_ls_dir(path, true, query_params, head_only, user, res)
.await?;
} else {
status_not_found(res)
&self,
path: &Path,
head_only: bool,
+ user: Option<String>,
res: &mut Response,
) -> BoxResult<()> {
let (file, meta) = tokio::join!(fs::File::open(path), fs::metadata(path),);
uri_prefix: self.args.uri_prefix.clone(),
allow_upload: self.args.allow_upload,
allow_delete: self.args.allow_delete,
+ auth: self.args.auth.valid(),
+ user,
editable,
};
res.headers_mut()
Ok(())
}
+ #[allow(clippy::too_many_arguments)]
fn send_index(
&self,
path: &Path,
exist: bool,
query_params: &HashMap<String, String>,
head_only: bool,
+ user: Option<String>,
res: &mut Response,
) -> BoxResult<()> {
if let Some(sort) = query_params.get("sort") {
allow_search: self.args.allow_search,
allow_archive: self.args.allow_archive,
dir_exists: exist,
+ auth: self.args.auth.valid(),
+ user,
paths,
};
let output = if query_params.contains_key("json") {
size,
}))
}
+
+ fn retrieve_user(&self, authorization: Option<&HeaderValue>) -> Option<String> {
+ self.args.auth_method.get_user(authorization?)
+ }
}
#[derive(Debug, Serialize)]
allow_search: bool,
allow_archive: bool,
dir_exists: bool,
+ auth: bool,
+ user: Option<String>,
paths: Vec<PathItem>,
}
uri_prefix: String,
allow_upload: bool,
allow_delete: bool,
+ auth: bool,
+ user: Option<String>,
editable: bool,
}
Ok(())
}
+#[rstest]
+fn auth_check(
+ #[with(&["--auth", "/@user:pass@user2:pass2", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+ let url = format!("{}index.html?auth", server.url());
+ let resp = fetch!(b"GET", &url).send()?;
+ assert_eq!(resp.status(), 401);
+ let resp = fetch!(b"GET", &url).send_with_digest_auth("user2", "pass2")?;
+ assert_eq!(resp.status(), 401);
+ let resp = fetch!(b"GET", &url).send_with_digest_auth("user", "pass")?;
+ assert_eq!(resp.status(), 200);
+ Ok(())
+}
+
#[rstest]
fn auth_readonly(
#[with(&["--auth", "/@user:pass@user2:pass2", "-A"])] server: TestServer,
projects / ozva-cloud / commitdiff