github
/
dufs
mirror of https://gh.cary.cc/https://github.com/sigoden/dufs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update args.rs, auth.rs and server.rs 

An optional HSTS header has been added to the auth and internal response.
pull/550/head
alth0 2025-02-22 19:31:19 +01:00 committed by GitHub
parent eda9769b2a
commit 7197e4ab78
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/args.rs
View File

@ -214,6 +214,14 @@ pub fn build_cli() -> Command {
.long("compress") .long("compress")
.value_name("level") .value_name("level")
.help("Set zip compress level [default: low]") .help("Set zip compress level [default: low]")
)
.arg(
Arg::new("enable-hsts")
.env("DUFS_ENABLE_HSTS")
.hide_env(true)
.long("enable-hsts")
.action(ArgAction::SetTrue)
.help("Enable HTTP Strict Transport Security (HSTS) headers"),
) )
.arg( .arg(
Arg::new("completions") Arg::new("completions")
@ -223,6 +231,8 @@ pub fn build_cli() -> Command {
.help("Print shell completion script for <shell>"), .help("Print shell completion script for <shell>"),
); );
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
let app = app let app = app
.arg( .arg(
@ -291,6 +301,7 @@ pub struct Args {
pub http_logger: HttpLogger, pub http_logger: HttpLogger,
pub log_file: Option<PathBuf>, pub log_file: Option<PathBuf>,
pub compress: Compress, pub compress: Compress,
pub enable_hsts: bool,
pub tls_cert: Option<PathBuf>, pub tls_cert: Option<PathBuf>,
pub tls_key: Option<PathBuf>, pub tls_key: Option<PathBuf>,
} }
@ -405,6 +416,10 @@ impl Args {
if let Some(log_file) = matches.get_one::<PathBuf>("log-file") { if let Some(log_file) = matches.get_one::<PathBuf>("log-file") {
args.log_file = Some(log_file.clone()); args.log_file = Some(log_file.clone());
} }
if !args.enable_hsts {
args.enable_hsts = matches.get_flag("enable-hsts");
}
if let Some(compress) = matches.get_one::<Compress>("compress") { if let Some(compress) = matches.get_one::<Compress>("compress") {
args.compress = *compress; args.compress = *compress;

6
src/auth.rs
View File

@ -296,6 +296,12 @@ impl AccessPerm {
} }
pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> { pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> {
if args.enable_hsts {
res.headers_mut().insert(
"strict-transport-security",
HeaderValue::from_static("max-age=31536000"),
);
}
if args.auth.use_hashed_password { if args.auth.use_hashed_password {
let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?; let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
res.headers_mut().insert(WWW_AUTHENTICATE, basic); res.headers_mut().insert(WWW_AUTHENTICATE, basic);

12
src/server.rs
View File

@ -778,6 +778,12 @@ impl Server {
"x-content-type-options", "x-content-type-options",
HeaderValue::from_static("nosniff"), HeaderValue::from_static("nosniff"),
); );
if self.args.enable_hsts {
res.headers_mut().insert(
"strict-transport-security",
HeaderValue::from_static("max-age=31536000"),
);
}
Ok(true) Ok(true)
} else if req_path == HEALTH_CHECK_PATH { } else if req_path == HEALTH_CHECK_PATH {
res.headers_mut() res.headers_mut()
@ -1239,6 +1245,12 @@ impl Server {
"x-content-type-options", "x-content-type-options",
HeaderValue::from_static("nosniff"), HeaderValue::from_static("nosniff"),
); );
if self.args.enable_hsts {
res.headers_mut().insert(
"strict-transport-security",
HeaderValue::from_static("max-age=31536000"),
);
}
if head_only { if head_only {
return Ok(()); return Ok(());
} }