Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple Improvements #32

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Multiple Improvements #32

wants to merge 2 commits into from

Conversation

richard-uk1
Copy link
Contributor

@richard-uk1 richard-uk1 commented Mar 5, 2021
edited
Loading

I've bundled up all my previous PRs into a single PR and added basic auth. I needed all this stuff for some use of my own, but hope that the work is useful to others. This PR includes

  • Protection against accessing files or folders outside of the root directory (and a switch to turn it off)
  • Turn a panic into an error when a socket is already in use.
  • URLs not found are redirected to root, unless they look like a file. The 'unless they look like a file' part I added because I found it confusing when I'd misspelled a file name and got the index.html rather than a not found.
  • A very liberal impl of basic http auth, which will accept empty usernames, passwords. This isn't designed to be secure: I intent to use it to keep a website embargoed, but I don't care if someone guesses the password: there isn't anything private on the website. It shouldn't be used for securing things properly.

Closes #23
Closes #22
Closes #19

@richard-uk1
Various improvements:
0fccd8f 
 - SPA redirect to index.html when extensions are turned on
 - Protection from accessing files outside root by default.
 - Return rather than panic when failing to bind to socket.
@richard-uk1
Add basic auth
016c4e0
richard-uk1
richard-uk1 commented Mar 6, 2021
View reviewed changes
src/main.rs
// Serve the requested file.
let resp = serve_file(&req, &config.root_dir).await;
// Here we pass a `&PathBuf` to a function expecting a `&Path`. This works because of *deref
// coercions*, in this case meaning that `PathBuf` implements `Deref` with `Target=Path`.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is out of date. Needs removing.

src/main.rs

impl std::str::FromStr for Auth {
type Err = &'static str;
fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made this parser very lenient, to the point that it cannot fail! I think it's still a good idea to leave it in FromStr, so it could be made less lenient in the future by only altering code here.

@anderejd
Copy link

Patiently awaiting these improvements 👍

@richard-uk1
Copy link
Contributor Author

Pingy ping 🙂

@richard-uk1
Copy link
Contributor Author

Hi @brson hope you don't mind another ping. I promise it's an easy to review PR. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@richard-uk1 @anderejd