refactor: make logout works on safari (#442)

assets/index.js

@@ -91,6 +91,10 @@ let $emptyFolder;
  * @type Element
  */
 let $editor;
+/**
+ * @type Element
+ */
+let $loginBtn;
 /**
  * @type Element
  */
@@ -121,6 +125,7 @@ async function ready() {
   $uploadersTable = document.querySelector(".uploaders-table");
   $emptyFolder = document.querySelector(".empty-folder");
   $editor = document.querySelector(".editor");
+  $loginBtn = document.querySelector(".login-btn");
   $logoutBtn = document.querySelector(".logout-btn");
   $userName = document.querySelector(".user-name");
 
@@ -517,13 +522,12 @@ async function setupAuth() {
     $logoutBtn.addEventListener("click", logout);
     $userName.textContent = DATA.user;
   } else {
-    const $loginBtn = document.querySelector(".login-btn");
     $loginBtn.classList.remove("hidden");
     $loginBtn.addEventListener("click", async () => {
       try {
         await checkAuth();
-        location.reload();
       } catch {}
+      location.reload();
     });
   }
 }
@@ -745,19 +749,19 @@ async function saveChange() {
 async function checkAuth() {
   if (!DATA.auth) return;
   const res = await fetch(baseUrl(), {
-    method: "AUTH",
+    method: "CHECKAUTH",
   });
   await assertResOK(res);
-  document.querySelector(".login-btn").classList.add("hidden");
+  $loginBtn.classList.add("hidden");
   $logoutBtn.classList.remove("hidden");
-  $userName.textContent = "";
+  $userName.textContent = await res.text();
 }
 
 function logout() {
   if (!DATA.auth) return;
   const url = baseUrl();
   const xhr = new XMLHttpRequest();
-  xhr.open("AUTH", url, true, ":");
+  xhr.open("LOGOUT", url, true, DATA.user);
   xhr.onload = () => {
     location.href = url;
   }

src/auth.rs

@@ -429,7 +429,8 @@ fn is_readonly_method(method: &Method) -> bool {
         || method == Method::OPTIONS
         || method == Method::HEAD
         || method.as_str() == "PROPFIND"
-        || method.as_str() == "AUTH"
+        || method.as_str() == "CHECKAUTH"
+        || method.as_str() == "LOGOUT"
 }
 
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {

src/server.rs

@@ -200,10 +200,16 @@ impl Server {
             .map(|(k, v)| (k.to_string(), v.to_string()))
             .collect();
 
-        if method.as_str() == "AUTH" {
-            if user.is_none() {
-                self.auth_reject(&mut res)?;
+        if method.as_str() == "CHECKAUTH" {
+            match user.clone() {
+                Some(user) => {
+                    *res.body_mut() = body_full(user);
                 }
+                None => self.auth_reject(&mut res)?,
+            }
+            return Ok(res);
+        } else if method.as_str() == "LOGOUT" {
+            self.auth_reject(&mut res)?;
             return Ok(res);
         }
 
@@ -1722,7 +1728,9 @@ fn is_hidden(hidden: &[String], file_name: &str, is_dir_type: bool) -> bool {
 fn set_webdav_headers(res: &mut Response) {
     res.headers_mut().insert(
         "Allow",
-        HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE"),
+        HeaderValue::from_static(
+            "GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE,CHECKAUTH,LOGOUT",
+        ),
     );
     res.headers_mut()
         .insert("DAV", HeaderValue::from_static("1, 2, 3"));

tests/auth.rs

@@ -119,29 +119,41 @@ fn auth_check(
     #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
-    let resp = fetch!(b"AUTH", &url).send()?;
+    let resp = fetch!(b"CHECKAUTH", &url).send()?;
     assert_eq!(resp.status(), 401);
-    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
+    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?;
     assert_eq!(resp.status(), 200);
-    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
+    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user2", "pass2")?;
     assert_eq!(resp.status(), 200);
     Ok(())
 }
 
 #[rstest]
-fn auth_compact_rules(
+fn auth_check2(
     #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
-    let resp = fetch!(b"AUTH", &url).send()?;
+    let resp = fetch!(b"CHECKAUTH", &url).send()?;
     assert_eq!(resp.status(), 401);
-    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
+    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user", "pass")?;
     assert_eq!(resp.status(), 200);
-    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
+    let resp = send_with_digest_auth(fetch!(b"CHECKAUTH", &url), "user2", "pass2")?;
     assert_eq!(resp.status(), 200);
     Ok(())
 }
 
+#[rstest]
+fn auth_logout(
+    #[with(&["--auth", "user:pass@/:rw", "-A"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"LOGOUT", &url).send()?;
+    assert_eq!(resp.status(), 401);
+    let resp = send_with_digest_auth(fetch!(b"LOGOUT", &url), "user", "pass")?;
+    assert_eq!(resp.status(), 401);
+    Ok(())
+}
+
 #[rstest]
 fn auth_readonly(
     #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,

tests/http.rs

@@ -265,7 +265,7 @@ fn options_dir(server: TestServer) -> Result<(), Error> {
     assert_eq!(resp.status(), 200);
     assert_eq!(
         resp.headers().get("allow").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE"
+        "GET,HEAD,PUT,OPTIONS,DELETE,PATCH,PROPFIND,COPY,MOVE,CHECKAUTH,LOGOUT"
     );
     assert_eq!(resp.headers().get("dav").unwrap(), "1, 2, 3");
     Ok(())