feat: enable upload/mkdir/delete for specified users

Author: marjune163

README.md

@@ -20,7 +20,7 @@ go build main.go
 Will generate executable file "main" in current directory.
 
 ## Examples
-Start server on port 8080, root directory is current working  directory:
+Start server on port 8080, root directory is current working directory:
 ```sh
 ghfs -l 8080
 ``` 
@@ -172,13 +172,33 @@ ghfs [options]
 --header-dir <separator><fs-path><separator><name><separator><value> ...
     Similar to --header, but use file system path instead of url path.
 
+--user [<username>]:[<password>] ...
+    Specify users for current virtual host for Basic Auth, empty username and/or password is allowed.
+--user-base64 [<username>]:[<base64-password>] ...
+--user-md5 [<username>]:<md5-password> ...
+--user-sha1 [<username>]:<sha1-password> ...
+--user-sha256 [<username>]:<sha256-password> ...
+--user-sha512 [<username>]:<sha512-password> ...
+    Specify users for Basic Auth, with encoded password.
+
+--global-auth
+    Use Basic Auth for all url path.
+--auth <url-path> ...
+--auth-user <separator><url-path>[<separator><allowed-username>...] ...
+    Use Basic Auth for specific url paths(and sub paths).
+--auth-dir <fs-path> ...
+--auth-dir-user <separator><fs-path>[<separator><allowed-username>...] ...
+    Use Basic Auth for specific file system paths(and sub paths).
+
 -U|--global-upload
     Allow upload files for all url paths.
     Use it with care.
 -u|--upload <url-path> ...
+--upload-user <separator><url-path>[<separator><allowed-username>...] ...
     Set url paths(and sub paths) that allows to upload files.
     Use it with care.
 --upload-dir <fs-path> ...
+--upload-dir-user <separator><fs-path>[<separator><allowed-username>...] ...
     Similar to --upload, but use file system path instead of url path.
     Use it with care.
 
@@ -191,8 +211,10 @@ ghfs [options]
 --global-mkdir
     Allow create sub directory under all url paths.
 --mkdir <url-path> ...
+--mkdir-user <separator><url-path>[<separator><allowed-username>...] ...
     Allow create sub directory under specific url paths(and sub paths).
 --mkdir-dir <fs-path> ...
+--mkdir-dir-user <separator><fs-path>[<separator><allowed-username>...] ...
     Similar to --mkdir, but use file system path instead of url path.
 
     Notes for mkdir options:
@@ -201,8 +223,10 @@ ghfs [options]
 --global-delete
     Allow delete items under all url paths.
 --delete <url-path> ...
+--delete-user <separator><url-path>[<separator><allowed-username>...] ...
     Allow delete items under specific url paths(and sub paths).
 --delete-dir <fs-path> ...
+--delete-dir-user <separator><fs-path>[<separator><allowed-username>...] ...
     Similar to --delete, but use file system path instead of url path.
 
     Notes for delete options:
@@ -226,24 +250,6 @@ ghfs [options]
 --cors-dir <fs-path> ...
     Allow CORS requests for specific file system paths(and sub paths).
 
---user [<username>]:[<password>] ...
-    Specify users for current virtual host for Basic Auth, empty username and/or password is allowed.
---user-base64 [<username>]:[<base64-password>] ...
---user-md5 [<username>]:<md5-password> ...
---user-sha1 [<username>]:<sha1-password> ...
---user-sha256 [<username>]:<sha256-password> ...
---user-sha512 [<username>]:<sha512-password> ...
-    Specify users for Basic Auth, with encoded password.
-
---global-auth
-    Use Basic Auth for all url path.
---auth <url-path> ...
---auth-user <separator><url-path>[<separator><allowed-username>...] ...
-    Use Basic Auth for specific url paths(and sub paths).
---auth-dir <fs-path> ...
---auth-dir-user <separator><fs-path>[<separator><allowed-username>...] ...
-    Use Basic Auth for specific file system paths(and sub paths).
-
 -c|--cert <file> ...
     Specify TLS certificate file.
 

README.zh-CN.md

@@ -163,13 +163,33 @@ ghfs [选项]
 --header-dir <分隔符><文件系统路径><分隔符><名称><分隔符><值> ...
     与--header类似，但指定的是文件系统路径，而不是URL路径。
 
+--user [<用户名>]:[<密码>] ...
+    为当前虚拟主机指定用于http基本验证的用户，允许空的用户名和/或密码。
+--user-base64 [<用户名>]:[<base64密码>] ...
+--user-md5 [<用户名>]:<md5密码> ...
+--user-sha1 [<用户名>]:<sha1密码> ...
+--user-sha256 [<用户名>]:<sha256密码> ...
+--user-sha512 [<用户名>]:<sha512密码> ...
+    指定http基本验证的用户，对密码使用特定的编码。
+
+--global-auth
+    对所有URL路径启用http基本验证(Basic Auth)。
+--auth <URL路径> ...
+--auth-user <分隔符><URL路径>[<分隔符><允许的用户名>...] ...
+    对指定URL路径（及子路径）启用http基本验证。
+--auth-dir <文件系统路径> ...
+--auth-dir-user <分隔符><文件系统路径>[<分隔符><允许的用户名>...] ...
+    对指定文件系统路径（及子路径）启用http基本验证。
+
 -U|--global-upload
     对所有URL路径开启上传权限。
     请谨慎使用。
 -u|--upload <URL路径> ...
+--upload-user <分隔符><URL路径>[<分隔符><允许的用户名>...] ...
     设置允许上传的URL路径（及子路径）。
     请谨慎使用。
 --upload-dir <文件系统路径> ...
+--upload-dir-user <分隔符><文件系统路径>[<分隔符><允许的用户名>...] ...
     与--upload类似，但指定的是文件系统路径，而不是URL路径。
 
     上传选项注意事项：
@@ -181,8 +201,10 @@ ghfs [选项]
 --global-mkdir
     对所有URL路径开启创建子目录权限。
 --mkdir <URL路径> ...
+--mkdir-user <分隔符><URL路径>[<分隔符><允许的用户名>...] ...
     设置允许创建子目录的URL路径（及子路径）。
 --mkdir-dir <文件系统路径> ...
+--mkdir-dir-user <分隔符><文件系统路径>[<分隔符><允许的用户名>...] ...
     与--mkdir类似，但指定的是文件系统路径，而不是URL路径。
 
     创建子目录选项注意事项：
@@ -191,8 +213,10 @@ ghfs [选项]
 --global-delete
     对所有URL路径开启删除子项权限。
 --delete <URL路径> ...
+--delete-user <分隔符><URL路径>[<分隔符><允许的用户名>...] ...
     设置允许删除子项的URL路径（及子路径）。
 --delete-dir <文件系统路径> ...
+--delete-dir-user <分隔符><文件系统路径>[<分隔符><允许的用户名>...] ...
     与--delete类似，但指定的是文件系统路径，而不是URL路径。
 
     删除选项注意事项：
@@ -216,24 +240,6 @@ ghfs [选项]
 --cors-dir <文件系统路径> ...
     接受指定文件系统路径（及子路径）的CORS跨域请求。
 
---user [<用户名>]:[<密码>] ...
-    为当前虚拟主机指定用于http基本验证的用户，允许空的用户名和/或密码。
---user-base64 [<用户名>]:[<base64密码>] ...
---user-md5 [<用户名>]:<md5密码> ...
---user-sha1 [<用户名>]:<sha1密码> ...
---user-sha256 [<用户名>]:<sha256密码> ...
---user-sha512 [<用户名>]:<sha512密码> ...
-    指定http基本验证的用户，对密码使用特定的编码。
-
---global-auth
-    对所有URL路径启用http基本验证(Basic Auth)。
---auth <URL路径> ...
---auth-user <分隔符><URL路径>[<分隔符><允许的用户名>...] ...
-    对指定URL路径（及子路径）启用http基本验证。
---auth-dir <文件系统路径> ...
---auth-dir-user <分隔符><文件系统路径>[<分隔符><允许的用户名>...] ...
-    对指定文件系统路径（及子路径）启用http基本验证。
-
 -c|--cert <证书文件> ...
     指定TLS证书文件。
 

src/param/cli.go

@@ -75,49 +75,49 @@ func NewCliCmd() *goNixArgParser.Command {
 	err = options.AddFlagValues("authdirsusers", "--auth-dir-user", "", nil, "file system path that require Basic Auth for specific users, <sep><fs-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("globalrestrictaccess", "--global-restrict-access", "GHFS_GLOBAL_RESTRICT_ACCESS", []string{}, "restrict access to all url paths from current host, with optional extra allow list")
+	err = options.AddFlags("globalupload", []string{"-U", "--global-upload"}, "", "allow upload files for all url paths")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("restrictaccessurls", "--restrict-access", "", []string{}, "restrict access to specific url paths from current host, with optional extra allow list, <sep><url-path>[<sep><allowed-host>...]")
+	err = options.AddFlagsValues("uploadurls", []string{"-u", "--upload"}, "", nil, "url path that allow upload files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("restrictaccessdirs", "--restrict-access-dir", "", []string{}, "restrict access to specific file system paths from current host, with optional extra allow list, <sep><fs-path>[<sep><allowed-host>...]")
+	err = options.AddFlagValues("uploadurlsusers", "--upload-user", "", nil, "url path that allow upload files for specific users, <sep><url-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("globalheaders", "--global-header", "GHFS_GLOBAL_HEADER", []string{}, "custom headers for all url paths, e.g. <name>:<value>")
+	err = options.AddFlagsValues("uploaddirs", []string{"-p", "--upload-dir"}, "", nil, "file system path that allow upload files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("headersurls", "--header", "", []string{}, "url path for custom headers, <sep><url><sep><name><sep><value>")
+	err = options.AddFlagValues("uploaddirsusers", "--upload-dir-user", "", nil, "file system path that allow upload files for specific users, <sep><fs-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("headersdirs", "--header-dir", "", []string{}, "file system path for custom headers, <sep><dir><sep><name><sep><value>")
+	err = options.AddFlag("globalmkdir", "--global-mkdir", "", "allow mkdir files for all url paths")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlags("globalupload", []string{"-U", "--global-upload"}, "", "allow upload files for all url paths")
+	err = options.AddFlagValues("mkdirurls", "--mkdir", "", nil, "url path that allow mkdir files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagsValues("uploadurls", []string{"-u", "--upload"}, "", nil, "url path that allow upload files")
+	err = options.AddFlagValues("mkdirurlsusers", "--mkdir-user", "", nil, "url path that allow mkdir files for specific users, <sep><url-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagsValues("uploaddirs", []string{"-p", "--upload-dir"}, "", nil, "file system path that allow upload files")
+	err = options.AddFlagValues("mkdirdirs", "--mkdir-dir", "", nil, "file system path that allow mkdir files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlag("globalmkdir", "--global-mkdir", "", "allow mkdir files for all url paths")
+	err = options.AddFlagValues("mkdirdirsusers", "--mkdir-dir-user", "", nil, "file system path that allow mkdir files for specific users, <sep><fs-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("mkdirurls", "--mkdir", "", nil, "url path that allow mkdir files")
+	err = options.AddFlag("globaldelete", "--global-delete", "", "allow delete files for all url paths")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("mkdirdirs", "--mkdir-dir", "", nil, "file system path that allow mkdir files")
+	err = options.AddFlagValues("deleteurls", "--delete", "", nil, "url path that allow delete files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlag("globaldelete", "--global-delete", "", "allow delete files for all url paths")
+	err = options.AddFlagValues("deleteurlsusers", "--delete-user", "", nil, "url path that allow delete files for specific users, <sep><url-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("deleteurls", "--delete", "", nil, "url path that allow delete files")
+	err = options.AddFlagValues("deletedirs", "--delete-dir", "", nil, "file system path that allow delete files")
 	serverError.CheckFatal(err)
 
-	err = options.AddFlagValues("deletedirs", "--delete-dir", "", nil, "file system path that allow delete files")
+	err = options.AddFlagValues("deletedirsusers", "--delete-dir-user", "", nil, "file system path that allow delete files for specific users, <sep><fs-path>[<sep><user>...]")
 	serverError.CheckFatal(err)
 
 	err = options.AddFlags("globalarchive", []string{"-A", "--global-archive"}, "GHFS_GLOBAL_ARCHIVE", "enable download archive for all directories")
@@ -138,6 +138,24 @@ func NewCliCmd() *goNixArgParser.Command {
 	err = options.AddFlagValues("corsdirs", "--cors-dir", "", nil, "file system path that enable CORS headers")
 	serverError.CheckFatal(err)
 
+	err = options.AddFlagValues("globalrestrictaccess", "--global-restrict-access", "GHFS_GLOBAL_RESTRICT_ACCESS", []string{}, "restrict access to all url paths from current host, with optional extra allow list")
+	serverError.CheckFatal(err)
+
+	err = options.AddFlagValues("restrictaccessurls", "--restrict-access", "", []string{}, "restrict access to specific url paths from current host, with optional extra allow list, <sep><url-path>[<sep><allowed-host>...]")
+	serverError.CheckFatal(err)
+
+	err = options.AddFlagValues("restrictaccessdirs", "--restrict-access-dir", "", []string{}, "restrict access to specific file system paths from current host, with optional extra allow list, <sep><fs-path>[<sep><allowed-host>...]")
+	serverError.CheckFatal(err)
+
+	err = options.AddFlagValues("globalheaders", "--global-header", "GHFS_GLOBAL_HEADER", []string{}, "custom headers for all url paths, e.g. <name>:<value>")
+	serverError.CheckFatal(err)
+
+	err = options.AddFlagValues("headersurls", "--header", "", []string{}, "url path for custom headers, <sep><url><sep><name><sep><value>")
+	serverError.CheckFatal(err)
+
+	err = options.AddFlagValues("headersdirs", "--header-dir", "", []string{}, "file system path for custom headers, <sep><dir><sep><name><sep><value>")
+	serverError.CheckFatal(err)
+
 	err = options.AddFlagsValues("certs", []string{"-c", "--cert"}, "GHFS_CERT", nil, "TLS certificate path")
 	serverError.CheckFatal(err)
 
@@ -316,6 +334,70 @@ func CmdResultsToParams(results []*goNixArgParser.ParseResult) (params Params, e
 		// dir indexes
 		param.DirIndexes, _ = result.GetStrings("dirindexes")
 
+		// users
+		arrUsersPlain, _ := result.GetStrings("users")
+		param.UsersPlain = entriesToUsers(arrUsersPlain)
+		arrUsersBase64, _ := result.GetStrings("usersbase64")
+		param.UsersBase64 = entriesToUsers(arrUsersBase64)
+		arrUsersMd5, _ := result.GetStrings("usersmd5")
+		param.UsersMd5 = entriesToUsers(arrUsersMd5)
+		arrUsersSha1, _ := result.GetStrings("userssha1")
+		param.UsersSha1 = entriesToUsers(arrUsersSha1)
+		arrUsersSha256, _ := result.GetStrings("userssha256")
+		param.UsersSha256 = entriesToUsers(arrUsersSha256)
+		arrUsersSha512, _ := result.GetStrings("userssha512")
+		param.UsersSha512 = entriesToUsers(arrUsersSha512)
+
+		// auth/upload/mkdir/delete/archive/cors urls/dirs
+		param.GlobalAuth = result.HasKey("globalauth")
+		param.AuthUrls, _ = result.GetStrings("authurls")
+		param.AuthDirs, _ = result.GetStrings("authdirs")
+
+		param.GlobalUpload = result.HasKey("globalupload")
+		param.UploadUrls, _ = result.GetStrings("uploadurls")
+		param.UploadDirs, _ = result.GetStrings("uploaddirs")
+
+		param.GlobalMkdir = result.HasKey("globalmkdir")
+		param.MkdirUrls, _ = result.GetStrings("mkdirurls")
+		param.MkdirDirs, _ = result.GetStrings("mkdirdirs")
+
+		param.GlobalDelete = result.HasKey("globaldelete")
+		param.DeleteUrls, _ = result.GetStrings("deleteurls")
+		param.DeleteDirs, _ = result.GetStrings("deletedirs")
+
+		param.GlobalArchive = result.HasKey("globalarchive")
+		param.ArchiveUrls, _ = result.GetStrings("archiveurls")
+		param.ArchiveDirs, _ = result.GetStrings("archivedirs")
+
+		param.GlobalCors = result.HasKey("globalcors")
+		param.CorsUrls, _ = result.GetStrings("corsurls")
+		param.CorsDirs, _ = result.GetStrings("corsdirs")
+
+		// auth/upload/mkdir/delete urls/dirs urls users
+		authUrlsUsers, _ := result.GetStrings("authurlsusers")
+		param.AuthUrlsUsers = SplitAllKeyValues(authUrlsUsers)
+
+		authDirsUsers, _ := result.GetStrings("authdirsusers")
+		param.AuthDirsUsers = SplitAllKeyValues(authDirsUsers)
+
+		uploadUrlsUsers, _ := result.GetStrings("uploadurlsusers")
+		param.UploadUrlsUsers = SplitAllKeyValues(uploadUrlsUsers)
+
+		uploadDirsUsers, _ := result.GetStrings("uploaddirsusers")
+		param.UploadDirsUsers = SplitAllKeyValues(uploadDirsUsers)
+
+		mkdirUrlsUsers, _ := result.GetStrings("mkdirurlsusers")
+		param.MkdirUrlsUsers = SplitAllKeyValues(mkdirUrlsUsers)
+
+		mkdirDirsUsers, _ := result.GetStrings("mkdirdirsusers")
+		param.MkdirDirsUsers = SplitAllKeyValues(mkdirDirsUsers)
+
+		deleteUrlsUsers, _ := result.GetStrings("deleteurlsusers")
+		param.DeleteUrlsUsers = SplitAllKeyValues(deleteUrlsUsers)
+
+		deleteDirsUsers, _ := result.GetStrings("deletedirsusers")
+		param.DeleteDirsUsers = SplitAllKeyValues(deleteDirsUsers)
+
 		// global restrict access
 		if result.HasKey("globalrestrictaccess") {
 			param.GlobalRestrictAccess, _ = result.GetStrings("globalrestrictaccess")
@@ -348,51 +430,6 @@ func CmdResultsToParams(results []*goNixArgParser.ParseResult) (params Params, e
 		errs = append(errs, es...)
 		param.Certificates = certs
 
-		// upload/mkdir/delete/archive/cors/auth urls/dirs
-		param.GlobalUpload = result.HasKey("globalupload")
-		param.UploadUrls, _ = result.GetStrings("uploadurls")
-		param.UploadDirs, _ = result.GetStrings("uploaddirs")
-
-		param.GlobalMkdir = result.HasKey("globalmkdir")
-		param.MkdirUrls, _ = result.GetStrings("mkdirurls")
-		param.MkdirDirs, _ = result.GetStrings("mkdirdirs")
-
-		param.GlobalDelete = result.HasKey("globaldelete")
-		param.DeleteUrls, _ = result.GetStrings("deleteurls")
-		param.DeleteDirs, _ = result.GetStrings("deletedirs")
-
-		param.GlobalArchive = result.HasKey("globalarchive")
-		param.ArchiveUrls, _ = result.GetStrings("archiveurls")
-		param.ArchiveDirs, _ = result.GetStrings("archivedirs")
-
-		param.GlobalCors = result.HasKey("globalcors")
-		param.CorsUrls, _ = result.GetStrings("corsurls")
-		param.CorsDirs, _ = result.GetStrings("corsdirs")
-
-		param.GlobalAuth = result.HasKey("globalauth")
-		param.AuthUrls, _ = result.GetStrings("authurls")
-		param.AuthDirs, _ = result.GetStrings("authdirs")
-		// auth urls users
-		authUrlsUsers, _ := result.GetStrings("authurlsusers")
-		param.AuthUrlsUsers = SplitAllKeyValues(authUrlsUsers)
-		// auth dirs users
-		authDirsUsers, _ := result.GetStrings("authdirsusers")
-		param.AuthDirsUsers = SplitAllKeyValues(authDirsUsers)
-
-		// users
-		arrUsersPlain, _ := result.GetStrings("users")
-		param.UsersPlain = entriesToUsers(arrUsersPlain)
-		arrUsersBase64, _ := result.GetStrings("usersbase64")
-		param.UsersBase64 = entriesToUsers(arrUsersBase64)
-		arrUsersMd5, _ := result.GetStrings("usersmd5")
-		param.UsersMd5 = entriesToUsers(arrUsersMd5)
-		arrUsersSha1, _ := result.GetStrings("userssha1")
-		param.UsersSha1 = entriesToUsers(arrUsersSha1)
-		arrUsersSha256, _ := result.GetStrings("userssha256")
-		param.UsersSha256 = entriesToUsers(arrUsersSha256)
-		arrUsersSha512, _ := result.GetStrings("userssha512")
-		param.UsersSha512 = entriesToUsers(arrUsersSha512)
-
 		// listen
 		listens, _ := result.GetStrings("listens")
 		param.Listens = append(param.Listens, listens...)