github
/
dufs
mirror of https://gh.cary.cc/https://github.com/sigoden/dufs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: perms on `dufs -A -a @/:ro`

pull/619/head
sigoden 2025-08-19 07:14:47 +08:00
parent 7f8269881d
commit 8ca6067ed2
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/auth.rs
View File

@ -30,6 +30,7 @@ lazy_static! {
#[derive(Debug, Clone, PartialEq)] #[derive(Debug, Clone, PartialEq)]
pub struct AccessControl { pub struct AccessControl {
empty: bool,
use_hashed_password: bool, use_hashed_password: bool,
users: IndexMap<String, (String, AccessPaths)>, users: IndexMap<String, (String, AccessPaths)>,
anonymous: Option<AccessPaths>, anonymous: Option<AccessPaths>,
@ -38,6 +39,7 @@ pub struct AccessControl {
impl Default for AccessControl { impl Default for AccessControl {
fn default() -> Self { fn default() -> Self {
AccessControl { AccessControl {
empty: true,
use_hashed_password: false, use_hashed_password: false,
users: IndexMap::new(), users: IndexMap::new(),
anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)), anonymous: Some(AccessPaths::new(AccessPerm::ReadWrite)),
@ -48,7 +50,7 @@ impl Default for AccessControl {
impl AccessControl { impl AccessControl {
pub fn new(raw_rules: &[&str]) -> Result<Self> { pub fn new(raw_rules: &[&str]) -> Result<Self> {
if raw_rules.is_empty() { if raw_rules.is_empty() {
return Ok(Default::default()); return Ok(Self::default());
} }
let new_raw_rules = split_rules(raw_rules); let new_raw_rules = split_rules(raw_rules);
let mut use_hashed_password = false; let mut use_hashed_password = false;
@ -93,13 +95,14 @@ impl AccessControl {
} }
Ok(Self { Ok(Self {
empty: false,
use_hashed_password, use_hashed_password,
users, users,
anonymous, anonymous,
}) })
} }
pub fn exist(&self) -> bool { pub fn has_users(&self) -> bool {
!self.users.is_empty() !self.users.is_empty()
} }
@ -111,7 +114,7 @@ impl AccessControl {
token: Option<&String>, token: Option<&String>,
guard_options: bool, guard_options: bool,
) -> (Option<String>, Option<AccessPaths>) { ) -> (Option<String>, Option<AccessPaths>) {
if self.users.is_empty() { if self.empty {
return (None, Some(AccessPaths::new(AccessPerm::ReadWrite))); return (None, Some(AccessPaths::new(AccessPerm::ReadWrite)));
} }

4
src/server.rs
View File

@ -962,7 +962,7 @@ impl Server {
uri_prefix: self.args.uri_prefix.clone(), uri_prefix: self.args.uri_prefix.clone(),
allow_upload: self.args.allow_upload, allow_upload: self.args.allow_upload,
allow_delete: self.args.allow_delete, allow_delete: self.args.allow_delete,
auth: self.args.auth.exist(), auth: self.args.auth.has_users(),
user, user,
editable, editable,
}; };
@ -1226,7 +1226,7 @@ impl Server {
allow_search: self.args.allow_search, allow_search: self.args.allow_search,
allow_archive: self.args.allow_archive, allow_archive: self.args.allow_archive,
dir_exists: exist, dir_exists: exist,
auth: self.args.auth.exist(), auth: self.args.auth.has_users(),
user, user,
paths, paths,
}; };

18
tests/auth.rs
View File

@ -125,6 +125,24 @@ fn auth_skip_if_no_auth_user(server: TestServer) -> Result<(), Error> {
Ok(()) Ok(())
} }
#[rstest]
fn auth_no_skip_if_anonymous(
#[with(&["--auth", "@/:ro"])] server: TestServer,
) -> Result<(), Error> {
let url = format!("{}index.html", server.url());
let resp = fetch!(b"GET", &url)
.basic_auth("user", Some("pass"))
.send()?;
assert_eq!(resp.status(), 401);
let resp = fetch!(b"GET", &url).send()?;
assert_eq!(resp.status(), 200);
let resp = fetch!(b"DELETE", &url)
.basic_auth("user", Some("pass"))
.send()?;
assert_eq!(resp.status(), 401);
Ok(())
}
#[rstest] #[rstest]
fn auth_check( fn auth_check(
#[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer, #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,