From fc6e179d6e613d7274c3b3ee27f5d4f68d11b9e6 Mon Sep 17 00:00:00 2001 From: Proudmuslim Date: Thu, 20 Jul 2023 22:58:40 -0700 Subject: Add ability to read auth from file --- src/args.rs | 6 +++++- src/config.rs | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/args.rs b/src/args.rs index f7b42f1..020539a 100644 --- a/src/args.rs +++ b/src/args.rs @@ -72,6 +72,10 @@ pub struct CliArgs { )] pub auth: Vec, + /// Read authentication values from a file. + #[arg(long, value_hint = ValueHint::FilePath, env = "MINISERVE_AUTH_FILE")] + pub auth_file: Option, + /// Use a specific route prefix #[arg(long = "route-prefix", env = "MINISERVE_ROUTE_PREFIX")] pub route_prefix: Option, @@ -241,7 +245,7 @@ fn parse_interface(src: &str) -> Result { } /// Parse authentication requirement -fn parse_auth(src: &str) -> Result { +pub fn parse_auth(src: &str) -> Result { let mut split = src.splitn(3, ':'); let invalid_auth_format = Err(ContextualError::InvalidAuthFormat); diff --git a/src/config.rs b/src/config.rs index 8976d35..e353afd 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,6 +1,7 @@ #[cfg(feature = "tls")] use std::{fs::File, io::BufReader}; use std::{ + io::BufRead, net::{IpAddr, Ipv4Addr, Ipv6Addr}, path::PathBuf, }; @@ -14,7 +15,7 @@ use http::HeaderMap; use rustls_pemfile as pemfile; use crate::{ - args::{CliArgs, MediaType}, + args::{parse_auth, CliArgs, MediaType}, auth::RequiredAuth, file_upload::sanitize_path, renderer::ThemeSlug, @@ -157,6 +158,17 @@ impl MiniserveConfig { _ => "".to_owned(), }; + let mut auth = args.auth; + + if let Some(path) = args.auth_file { + let file = File::open(path)?; + let lines = BufReader::new(file).lines(); + + for line in lines { + auth.push(parse_auth(line?.as_str())?); + } + } + // Generate some random routes for the favicon and css so that they are very unlikely to conflict with // real files. // If --random-route is enabled , in order to not leak the random generated route, we must not use it @@ -239,7 +251,7 @@ impl MiniserveConfig { path: args.path.unwrap_or_else(|| PathBuf::from(".")), port, interfaces, - auth: args.auth, + auth, path_explicitly_chosen, no_symlinks: args.no_symlinks, show_hidden: args.hidden, -- cgit v1.2.3 From 086ca31ce84f416350220fb89d2568064eeaeb4e Mon Sep 17 00:00:00 2001 From: proudmuslim-dev <69869443+proudmuslim-dev@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:02:24 +0000 Subject: Update src/args.rs Co-authored-by: Sven-Hendrik Haase --- src/args.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/args.rs b/src/args.rs index 020539a..9e66580 100644 --- a/src/args.rs +++ b/src/args.rs @@ -72,7 +72,7 @@ pub struct CliArgs { )] pub auth: Vec, - /// Read authentication values from a file. + /// Read authentication values from a file #[arg(long, value_hint = ValueHint::FilePath, env = "MINISERVE_AUTH_FILE")] pub auth_file: Option, -- cgit v1.2.3 From be54a9d3364166039f2b84f85f23b26a6edd09ba Mon Sep 17 00:00:00 2001 From: proudmuslim-dev <69869443+proudmuslim-dev@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:06:21 +0000 Subject: Add file content example to `--auth-file` argument --- src/args.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/args.rs b/src/args.rs index 9e66580..87ecabb 100644 --- a/src/args.rs +++ b/src/args.rs @@ -72,7 +72,11 @@ pub struct CliArgs { )] pub auth: Vec, - /// Read authentication values from a file + /// Read authentication values from a file. Example file content: + /// + /// joe:123 + /// bob:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 + /// bill: #[arg(long, value_hint = ValueHint::FilePath, env = "MINISERVE_AUTH_FILE")] pub auth_file: Option, -- cgit v1.2.3 From d5671c75db400dbd4d4024a8f9f530f0b67b6d7f Mon Sep 17 00:00:00 2001 From: proudmuslim-dev <69869443+proudmuslim-dev@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:09:13 +0000 Subject: Add `--auth-file` argument to README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 56701db..dbdf564 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,10 @@ Sometimes this is just a more practical and quick way than doing things properly pw=$(echo -n "123" | sha256sum | cut -f 1 -d ' ') miniserve --auth joe:sha256:$pw unreleased-linux-distros/ + +### Require username/password from file (separate logins with new lines): + + miniserve --auth-file auth.txt unreleased-linux-distros/ ### Generate random 6-hexdigit URL: -- cgit v1.2.3 From 3dbebb2493f4a29628529adf1539d3b841ec007a Mon Sep 17 00:00:00 2001 From: Proudmuslim Date: Tue, 8 Aug 2023 12:12:46 -0700 Subject: Add tests for `--auth-file` flag --- tests/auth_file.rs | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/data/auth1.txt | 3 +++ 2 files changed, 65 insertions(+) create mode 100644 tests/auth_file.rs create mode 100644 tests/data/auth1.txt diff --git a/tests/auth_file.rs b/tests/auth_file.rs new file mode 100644 index 0000000..e022a3d --- /dev/null +++ b/tests/auth_file.rs @@ -0,0 +1,62 @@ +mod fixtures; + +use fixtures::{server, server_no_stderr, Error, FILES}; +use http::StatusCode; +use reqwest::blocking::Client; +use rstest::rstest; +use select::document::Document; +use select::predicate::Text; + +#[rstest( + cli_auth_file_arg, client_username, client_password, + case("tests/data/auth1.txt", "joe", "123"), + case("tests/data/auth1.txt", "bob", "123"), + case("tests/data/auth1.txt", "bill", ""), +)] +fn auth_file_accepts( + cli_auth_file_arg: &str, + client_username: &str, + client_password: &str +) -> Result<(), Error> { + let server = server(&["--auth-file", cli_auth_file_arg]); + let client = Client::new(); + let response = client + .get(server.url()) + .basic_auth(client_username, Some(client_password)) + .send()?; + + let status_code = response.status(); + assert_eq!(status_code, StatusCode::OK); + + let body = response.error_for_status()?; + let parsed = Document::from_read(body)?; + for &file in FILES { + assert!(parsed.find(Text).any(|x| x.text() == file)); + } + + Ok(()) +} + +#[rstest( + cli_auth_file_arg, client_username, client_password, + case("tests/data/auth1.txt", "joe", "wrongpassword"), + case("tests/data/auth1.txt", "bob", ""), + case("tests/data/auth1.txt", "nonexistentuser", "wrongpassword"), +)] +fn auth_file_rejects( + cli_auth_file_arg: &str, + client_username: &str, + client_password: &str, +) -> Result<(), Error> { + let server = server_no_stderr(&["--auth-file", cli_auth_file_arg]); + let client = Client::new(); + let status = client + .get(server.url()) + .basic_auth(client_username, Some(client_password)) + .send()? + .status(); + + assert_eq!(status, StatusCode::UNAUTHORIZED); + + Ok(()) +} diff --git a/tests/data/auth1.txt b/tests/data/auth1.txt new file mode 100644 index 0000000..3744d61 --- /dev/null +++ b/tests/data/auth1.txt @@ -0,0 +1,3 @@ +joe:123 +bob:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 +bill: -- cgit v1.2.3