chore(release): 2.52.0

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

.dockerignore

@@ -1,3 +1,7 @@
-testdata/
-.github/
-**.git
+.venv
+dist
+.idea
+frontend/node_modules
+frontend/dist
+filebrowser.db
+docs/index.md

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @filebrowser/maintainers

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,22 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
----
-
-**Description**
-A clear and concise description of what the issue is about. What are you trying to do?
-
-**Expected behaviour**
-What did you expect to happen?
-
-**What is happening instead?**
-Please, give full error messages and/or log.
-
-**Additional context**
-Add any other context about the problem here. If applicable, add screenshots to help explain your problem.
-
-**How to reproduce?**
-Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behaviour as minimally as possible?
-
-**Files**
-A list of relevant files for this issue. Large files can be uploaded one-by-one or in a tarball/zipfile.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,53 @@
+name: Bug Report
+description: Report a bug in FileBrowser.
+labels: [bug, 'waiting: triage']
+body:
+  - type: checkboxes
+    attributes:
+      label: Checklist
+      description: Please verify that you've followed these steps
+      options:
+        - label: This is a bug report, not a question.
+          required: true
+        - label: I have searched on the [issue tracker](https://github.com/filebrowser/filebrowser/issues?q=is%3Aissue) for my bug.
+          required: true
+        - label: I am running the latest [FileBrowser version](https://github.com/filebrowser/filebrowser/releases) or have an issue updating.
+          required: true
+  - type: textarea
+    id: version
+    attributes:
+      label: Version
+      render: Text
+      description: |
+        Enter the version of FileBrowser you are using.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Description
+      description: |
+        A clear and concise description of what the issue is about. What are you trying to do?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What actually happened?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reproduction Steps
+      description: |
+        Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behavior as minimally as possible?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Files
+      description: |
+        A list of relevant files for this issue. Large files can be uploaded one-by-one or in a tarball/zipfile.

.github/ISSUE_TEMPLATE/caddy_bug_report.md

@@ -1,33 +0,0 @@
----
-name: Caddy related bug report
-about: Create a report to help us improve
----
-
-**Are you asking for help with using Caddy or File Browser?**
-Please use our forum instead: https://forum.caddyserver.com.
-
-**When did you download File Browser from caddyserver.com?**
-
-**What is your entire Caddyfile?**
-
-```text
-(Put Caddyfile here)
-```
-
-**Description**
-A clear and concise description of what the issue is about. What are you trying to do?
-
-**Expected behaviour**
-What did you expect to happen?
-
-**What is happening instead?**
-Please, give full error messages and/or log.
-
-**Additional context**
-Add any other context about the problem here. If applicable, add screenshots to help explain your problem.
-
-**How to reproduce?**
-Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behaviour as minimally as possible?
-
-**Files**
-A list of relevant files for this issue. Large files can be uploaded one-by-one or in a tarball/zipfile.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: GitHub Discussions
+    url: https://github.com/filebrowser/filebrowser/discussions
+    about: Please ask questions and discuss features here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,16 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
----
-
-**Is your feature request related to a problem? Please describe.**
-Add a clear and concise description of what the problem is. E.g. *I'm always frustrated when [...]*
-
-**Describe the solution you'd like**
-Add a clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-Add a clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,16 +1,16 @@
-**Description**
-Please explain the changes you made here.
-If the feature changes current behaviour, explain why your solution is better.
+## Description
 
-:rotating_light: Before submitting your PR, please read [community](https://github.com/filebrowser/community), and indicate which issues (in any of the repos) are either fixed or closed by this PR. See [GitHub Help: Closing issues using keywords](https://help.github.com/articles/closing-issues-via-commit-messages/).
+<!-- Please explain the changes you made here. -->
 
-- [ ] DO make sure you are requesting to **pull a topic/feature/bugfix branch** (right side). Don't request your master!
-- [ ] DO make sure you are making a pull request against the **master branch** (left side). Also you should start *your branch* off *our master*.
-- [ ] DO make sure that File Browser can be successfully built. See [builds](https://github.com/filebrowser/community/blob/master/builds.md) and [development](https://github.com/filebrowser/community/blob/master/development.md).
-- [ ] DO make sure that related issues are opened in other repositories. I.e., the frontend, caddy plugins or the web page need to be updated accordingly.
-- [ ] AVOID breaking the continuous integration build.
+## Additional Information
 
-**Further comments**
-If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did, what alternatives you considered, etc.
+<!-- If it is a relatively large or complex change, please add more information to explain what you did, how you did it, if you considered any alternatives, etc. -->
 
-:heart: Thank you!
+## Checklist
+
+Before submitting your PR, please indicate which issues are either fixed or closed by this PR. See [GitHub Help: Closing issues using keywords](https://help.github.com/articles/closing-issues-via-commit-messages/).
+
+- [ ] I am aware the project is currently in maintenance-only mode. See [README](https://github.com/filebrowser/community/blob/master/README.md)
+- [ ] I am aware that translations MUST be made through [Transifex](https://app.transifex.com/file-browser/file-browser/) and that this PR is NOT a translation update
+- [ ] I am making a PR against the `master` branch.
+- [ ] I am sure File Browser can be successfully built. See [builds](https://github.com/filebrowser/community/blob/master/builds.md) and [development](https://github.com/filebrowser/community/blob/master/development.md).

.github/workflows/ci.yaml

@@ -0,0 +1,115 @@
+name: Continuous Integration
+
+on:
+  push:
+    branches:
+      - "master"
+    tags:
+      - "v*"
+  pull_request:
+
+jobs:
+  lint-frontend:
+    name: Lint Frontend
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: pnpm/action-setup@v4
+        with:
+          package_json_file: "frontend/package.json"
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "24.x"
+          cache: "pnpm"
+          cache-dependency-path: "frontend/pnpm-lock.yaml"
+      - working-directory: frontend
+        run: |
+          pnpm install --frozen-lockfile
+          pnpm run lint
+
+  lint-backend:
+    name: Lint Backend
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: "1.25.x"
+      - uses: golangci/golangci-lint-action@v9
+        with:
+          version: "latest"
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: "1.25.x"
+      - run: go test --race ./...
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version: '1.25'
+      - uses: pnpm/action-setup@v4
+        with:
+          package_json_file: "frontend/package.json"
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "24.x"
+          cache: "pnpm"
+          cache-dependency-path: "frontend/pnpm-lock.yaml"
+      - name: Install Task
+        uses: go-task/setup-task@v1
+      - run: task build
+
+  release:
+    name: Release
+    needs: ["lint-frontend", "lint-backend", "test", "build"]
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version: '1.25'
+      - uses: pnpm/action-setup@v4
+        with:
+          package_json_file: "frontend/package.json"
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "24.x"
+          cache: "pnpm"
+          cache-dependency-path: "frontend/pnpm-lock.yaml"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Install Task
+        uses: go-task/setup-task@v1
+      - run: task build:frontend
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+
+
+

.github/workflows/docs.yml

@@ -0,0 +1,52 @@
+name: Docs
+
+on:
+  pull_request:
+    paths:
+      - 'www'
+      - '*.md'
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build Docs
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Install Task
+        uses: go-task/setup-task@v1
+      - name: Build site
+        run: task docs
+
+  build-and-release:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    name: Build and Release Docs
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Install Task
+        uses: go-task/setup-task@v1
+      - name: Build site
+        run: task docs
+      - name: Upload static files as artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: www/public
+      - name: Deploy to GitHub Pages
+        uses: actions/deploy-pages@v4

.github/workflows/lint-pr.yaml

@@ -0,0 +1,46 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: write
+
+jobs:
+  main:
+    name: Validate Title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v6
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+            
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+            
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

.gitignore

@@ -1,15 +1,39 @@
-.DS_Store
-*/dist/*
 *.db
-*.db.lock
-.idea
-.vscode
-Dockerfile
-filebrowser
+*.bak
+_old
 rice-box.go
-vendor
+.idea/
+/filebrowser
+/filebrowser.exe
+/dist
+.venv
+
+.DS_Store
+node_modules
+
+# local env files
+.env.local
+.env.*.local
+
+# Log files
 npm-debug.log*
-package-lock.json
 yarn-debug.log*
 yarn-error.log*
-yarn.lock
+
+# Editor directories and files
+.idea
+.vscode
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw*
+bin/
+build/
+
+# Vue distributable files
+/frontend/dist/*
+!/frontend/dist/.gitkeep
+
+default.nix
+Dockerfile.dev

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "frontend"]
-	path = frontend
-	url = https://github.com/filebrowser/frontend

.golangci.yml

@@ -1,20 +1,14 @@
-run:
-  deadline: 5m
+version: "2"
 
 linters:
+  default: standard
   enable:
-    - deadcode
+    - gocritic
     - govet
-    - ineffassign
-    - interfacer
-    - maligned
-    - megacheck
-    - structcheck
-    - unconvert
-    - varcheck
-  enable-all: false
-  disable-all: true
-#  presets:
-#    - bugs
-#    - unused
-  fast: false
+    - revive
+  exclusions:
+    presets:
+      - std-error-handling
+      - comments
+    paths:
+      - frontend/

.goreleaser.yml

@@ -1,59 +1,197 @@
+version: 2
+
 project_name: filebrowser
 
-build:
-  env:
-    - CGO_ENABLED=0
-  main: cli/main.go
-  binary: filebrowser
-  goos:
-    - darwin
-    - linux
-    - windows
-    - freebsd
-    - netbsd
-    - openbsd
-    - dragonfly
-    - solaris
-  goarch:
-    - amd64
-    - 386
-    - arm
-    - arm64
-  goarm:
-    - 5
-    - 6
-    - 7
-  ignore:
-    - goos: darwin
-      goarch: 386
-    - goos: openbsd
-      goarch: arm
-    - goos: freebsd
-      goarch: arm
-    - goos: netbsd
-      goarch: arm
-    - goos: solaris
-      goarch: arm
+env:
+  - GO111MODULE=on
 
-archive:
-  name_template: "{{.Os}}-{{.Arch}}{{if .Arm}}v{{.Arm}}{{end}}-{{ .ProjectName }}"
-  format: tar.gz
-  format_overrides:
-    - goos: windows
-      format: zip
+builds:
+  - env:
+      - CGO_ENABLED=0
+    ldflags:
+      - -s -w -X github.com/filebrowser/filebrowser/v2/version.Version={{ .Version }} -X github.com/filebrowser/filebrowser/v2/version.CommitSHA={{ .ShortCommit }}
+    main: main.go
+    binary: filebrowser
+    goos:
+      - darwin
+      - linux
+      - windows
+      - freebsd
+    goarch:
+      - amd64
+      - "386"
+      - arm
+      - arm64
+      - riscv64
+    goarm:
+      - "5"
+      - "6"
+      - "7"
+    ignore:
+      - goos: darwin
+        goarch: "386"
+      - goos: freebsd
+        goarch: arm
 
-release:
-  disable: true
+archives:
+  - name_template: "{{.Os}}-{{.Arch}}{{if .Arm}}v{{.Arm}}{{end}}-{{ .ProjectName }}"
+    formats: ["tar.gz"]
+    format_overrides:
+      - goos: windows
+        formats: ["zip"]
 
 dockers:
-  -
+  # Alpine docker images
+  - dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/amd64"
     goos: linux
     goarch: amd64
-    goarm: ''
-    image: filebrowser/filebrowser
-    skip_push: true
-    tag_templates:
-      - "{{ .Tag }}"
-      - latest
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64"
+      - "filebrowser/filebrowser:v{{ .Major }}-amd64"
     extra_files:
-      - Docker.json
+      - docker
+  - dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/arm64"
+    goos: linux
+    goarch: arm64
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64"
+      - "filebrowser/filebrowser:v{{ .Major }}-arm64"
+    extra_files:
+      - docker
+  - dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/arm/v6"
+    goos: linux
+    goarch: arm
+    goarm: "6"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-armv6"
+      - "filebrowser/filebrowser:v{{ .Major }}-armv6"
+    extra_files:
+      - docker
+  - dockerfile: Dockerfile
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/arm/v7"
+    goos: linux
+    goarch: arm
+    goarm: "7"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-armv7"
+      - "filebrowser/filebrowser:v{{ .Major }}-armv7"
+    extra_files:
+      - docker
+
+  ## s6-overlay docker images
+  - dockerfile: Dockerfile.s6
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/amd64"
+    goos: linux
+    goarch: amd64
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64-s6"
+      - "filebrowser/filebrowser:v{{ .Major }}-amd64-s6"
+    extra_files:
+      - docker
+  - dockerfile: Dockerfile.s6
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/arm64"
+    goos: linux
+    goarch: arm64
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64-s6"
+      - "filebrowser/filebrowser:v{{ .Major }}-arm64-s6"
+    extra_files:
+      - docker
+
+docker_manifests:
+  - name_template: "filebrowser/filebrowser:latest"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64"
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64"
+      - "filebrowser/filebrowser:{{ .Tag }}-armv7"
+  - name_template: "filebrowser/filebrowser:{{ .Tag }}"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64"
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64"
+      - "filebrowser/filebrowser:{{ .Tag }}-armv7"
+  - name_template: "filebrowser/filebrowser:v{{ .Major }}"
+    image_templates:
+      - "filebrowser/filebrowser:v{{ .Major }}-amd64"
+      - "filebrowser/filebrowser:v{{ .Major }}-arm64"
+      - "filebrowser/filebrowser:v{{ .Major }}-armv7"
+  ## s6 image manifests
+  - name_template: "filebrowser/filebrowser:s6"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64-s6"
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64-s6"
+  - name_template: "filebrowser/filebrowser:{{ .Tag }}-s6"
+    image_templates:
+      - "filebrowser/filebrowser:{{ .Tag }}-amd64-s6"
+      - "filebrowser/filebrowser:{{ .Tag }}-arm64-s6"
+  - name_template: "filebrowser/filebrowser:v{{ .Major }}-s6"
+    image_templates:
+      - "filebrowser/filebrowser:v{{ .Major }}-amd64-s6"
+      - "filebrowser/filebrowser:v{{ .Major }}-arm64-s6"
+
+homebrew_casks:
+  - name: filebrowser
+    repository:
+      owner: filebrowser
+      name: homebrew-tap
+    commit_author:
+      name: FileBrowser Robot
+      email: robot@filebrowser.org
+    homepage: https://github.com/filebrowser/filebrowser
+    description: File Browser is a create-your-own-cloud-kind of software where you can install it on a server, direct it to a path and then access your files through a nice web interface
+    hooks:
+      post:
+        install: |
+          if system_command("/usr/bin/xattr", args: ["-h"]).exit_status == 0
+            system_command "/usr/bin/xattr", args: ["-dr", "com.apple.quarantine", "#{staged_path}/filebrowser"]
+          end

.travis.yml

@@ -1,50 +0,0 @@
-os: linux
-services: docker
-language: minimal
-install: skip
-addons:
-  apt:
-    packages:
-    - docker-ce
-    - pass
-env:
-  global:
-  - USE_DOCKER="true"
-stages:
-  - lint
-  - test
-  - release
-cache:
-  directories:
-    - lib/rice-box.go
-jobs:
-  include:
-  - stage: lint
-    script: "./build/run_linters.sh"
-  - stage: test
-    script: "./build/build_all.sh"
-    deploy:
-      provider: script
-      skip_cleanup: true
-      script: docker build -t filebrowser/filebrowser . && ./build/docker_login.sh && docker push filebrowser/filebrowser && docker logout
-      on:
-        tags: false
-        repo: filebrowser/filebrowser
-        branch: master
-  - stage: release
-    script:
-      - docker run --rm -itv $(pwd):/src -w /src -v /var/run/docker.sock:/var/run/docker.sock filebrowser/dev sh -c "go get ./... && goreleaser"
-      - ./build/push_images.sh
-      - ./build/push_ricebox.sh
-    if: tag IS present
-    deploy:
-      provider: releases
-      skip_cleanup: true
-      api_key:
-        secure: GCURbl9xmjOmeNc7cYSvfSwbEp46cacWmJRczcsU6rQa0aWqzjELYdyIsl6HWW+o0dzuZvbWRD6muxYqIud92oPLYDuXSnra9tM3mCjswrjiPCJ57bksWkSPBfFQcxIyB6c3o+A/FMnX3nnSE/2r5HYZnPNFbEcBbC7WSgwx9ejXUuyWn1PUFK9YQWANdl6J7b7EKsk+9MxS9Pmw6M2ycBwX8ScUQdofkUPvR/nqlXISm+3hs30VubqQi9Ha6DM9Bw3aFK3/Ts/ujCOxP1ZoMCBZ6tfnaQOElIG96WTwnt77eDYlZezBOLym3Z18iif+Qny+XndFKDbexaiUT06VlWFXCKtt3iLs6HJwRcjmiHmB0Z3v+W4cKPl3cEyxxrU2aal54k1PBhU+5L0Xc8ileKbDMYg5tps88zWHNefeZVfaxYSVrmUHkuygMe481oaBLacDXTxs4t6XEpStREuLmvx9NLTwTFAbWjMNM0PqlueDMxO4bdwNvzXg/TcKLWV9FezqAlre8lFNZK5wX6lKFVSZ3hFjxCfwrJL2cPwg5A8Yd5EOC4Nh81WdgYuFGOxZzMAoSJlaVRvQS1trCUP/++ONnDep3ExSxvw4B7vijGZWeXUhrOMiPQHXu+t6BnrlnDjQ4gi44QTW0y/iM2WC2DBKfgYjAKwyHx13hFrmOCg=
-      file: "dist/*.*"
-      file_glob: true
-      on:
-        repo: filebrowser/filebrowser
-        all_branches: true
-        tags: true

.versionrc

@@ -0,0 +1,14 @@
+{
+  "types": [
+    { "type": "feat", "section": "Features" },
+    { "type": "fix", "section": "Bug Fixes" },
+    { "type": "perf", "section": "Performance improvements" },
+    { "type": "revert", "section": "Reverts" },
+    { "type": "refactor", "section": "Refactorings" },
+    { "type": "build", "section": "Build" },
+    { "type": "ci", "hidden": true },
+    { "type": "test", "hidden": true },
+    { "type": "chore", "hidden": true },
+    { "type": "docs", "hidden": true }
+  ]
+}

CODE-OF-CONDUCT.md

@@ -0,0 +1,46 @@
+# Code of Conduct
+
+## Contributor Covenant Code of Conduct
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+### Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at hacdias@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.4, available at [https://contributor-covenant.org/version/1/4](https://contributor-covenant.org/version/1/4).
+

CONTRIBUTING.md

@@ -0,0 +1,128 @@
+# Contributing
+
+If you're interested in contributing to this project, this is the best place to start. Before contributing to this project, please take a bit of time to read our [Code of Conduct](code-of-conduct.md). Also, note that this project is open-source and licensed under [Apache License 2.0](LICENSE).
+
+## Project Structure
+
+The backend side of the application is written in [Go](https://golang.org/), while the frontend (located on a subdirectory of the same name) is written in [Vue.js](https://vuejs.org/). Due to the tight coupling required by some features, basic knowledge of both Go and Vue.js is recommended.
+
+* Learn Go: [https://github.com/golang/go/wiki/Learn](https://github.com/golang/go/wiki/Learn)
+* Learn Vue.js: [https://vuejs.org/guide/introduction.html](https://vuejs.org/guide/introduction.html)
+
+We encourage you to use git to manage your fork. To clone the main repository, just run:
+
+```bash
+git clone https://github.com/filebrowser/filebrowser
+```
+
+We use [Taskfile](https://taskfile.dev/) to manage the different processes (building, releasing, etc) automatically.
+
+## Build
+
+You can fully build the project in order to produce a binary by running:
+
+```bash
+task build
+```
+
+## Development
+
+For development, there are a few things to have in mind.
+
+### Frontend
+
+We use [Node.js](https://nodejs.org/en/) on the frontend to manage the build process. Prepare the frontend environment:
+
+```bash
+# From the root of the repo, go to frontend/
+cd frontend
+
+# Install the dependencies
+pnpm install
+```
+
+If you just want to develop the backend, you can create a static build of the frontend:
+
+```bash
+pnpm run build
+```
+
+If you want to develop the frontend, start a development server which watches for changes:
+
+```bash
+pnpm run dev
+```
+
+Please note that you need to access File Browser's interface through the development server of the frontend.
+
+### Backend
+
+First prepare the backend environment by downloading all required dependencies:
+
+```bash
+go mod download
+```
+
+You can now build or run File Browser as any other Go project:
+
+```bash
+# Build
+go build
+
+# Run
+go run .
+```
+
+## Documentation
+
+We rely on Docker to abstract all the dependencies required for building the documentation.
+
+To build the documentation to `www/public`:
+
+```bash
+task docs
+```
+
+To start a local server on port `8000` to view the built documentation:
+
+```bash
+task docs:serve
+```
+
+## Release
+
+To make a release, just run:
+
+```bash
+task release
+```
+
+## Translations
+
+Translations are managed on Transifex, which is an online website where everyone can contribute and translate strings for our project. It automatically syncs with the main language file \(in English\) and,, for you to contribute, you just need to:
+
+1. Go to our Transifex web page: [app.transifex.com/file-browser/file-browser](https://app.transifex.com/file-browser/file-browser/)
+2. Click on **Join the project** and pick your language. We'll accept you as soon as possible. If you're language is not on the list, please request it via the interface.
+
+Translations are automatically pushed to GitHub via an integration.
+
+## Authentication Provider
+
+To build a new authentication provider, you need to implement the [Auther interface](https://github.com/filebrowser/filebrowser/blob/master/auth/auth.go), whose method will be called on the login page after the user has submitted their login data.
+
+```go
+// Auther is the authentication interface.
+type Auther interface {
+    // Auth is called to authenticate a request.
+    Auth(r *http.Request, s *users.Storage, root string) (*users.User, error)
+}
+```
+
+After implementing the interface you should:
+
+1. Add it to [`auth` directory](https://github.com/filebrowser/filebrowser/blob/master/auth).
+2. Add it to the [configuration parser](https://github.com/filebrowser/filebrowser/blob/master/cmd/config.go) for the CLI.
+3. Add it to the [`authBackend.Get`](https://github.com/filebrowser/filebrowser/blob/master/storage/bolt/auth.go).
+
+If you need to add more flags, please update the function `addConfigFlags`.
+

Docker.json

@@ -1,12 +0,0 @@
-{
-  "port": 80,
-  "address": "",
-  "database": "/database.db",
-  "defaults": {
-    "scope": "/srv",
-    "allowCommands": true,
-    "allowEdit": true,
-    "allowNew": true,
-    "commands": []
-  }
-}

Dockerfile

@@ -1,12 +1,46 @@
-FROM scratch
+## Multistage build: First stage fetches dependencies
+FROM alpine:3.23 AS fetcher
 
-COPY --from=filebrowser/dev /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+# install and copy ca-certificates, mailcap, and tini-static; download JSON.sh
+RUN apk update && \
+    apk --no-cache add ca-certificates mailcap tini-static && \
+    wget -O /JSON.sh https://raw.githubusercontent.com/dominictarr/JSON.sh/0d5e5c77365f63809bf6e77ef44a1f34b0e05840/JSON.sh
+
+## Second stage: Use lightweight BusyBox image for final runtime environment
+FROM busybox:1.37.0-musl
+
+# Define non-root user UID and GID
+ENV UID=1000
+ENV GID=1000
+
+# Create user group and user
+RUN addgroup -g $GID user && \
+    adduser -D -u $UID -G user user
+
+# Copy binary, scripts, and configurations into image with proper ownership
+COPY --chown=user:user filebrowser /bin/filebrowser
+COPY --chown=user:user docker/common/ /
+COPY --chown=user:user docker/alpine/ /
+COPY --chown=user:user --from=fetcher /sbin/tini-static /bin/tini
+COPY --from=fetcher /JSON.sh /JSON.sh
+COPY --from=fetcher /etc/ca-certificates.conf /etc/ca-certificates.conf
+COPY --from=fetcher /etc/ca-certificates /etc/ca-certificates
+COPY --from=fetcher /etc/mime.types /etc/mime.types
+COPY --from=fetcher /etc/ssl /etc/ssl
+
+# Create data directories, set ownership, and ensure healthcheck script is executable
+RUN mkdir -p /config /database /srv && \
+    chown -R user:user /config /database /srv \
+    && chmod +x /healthcheck.sh
+
+# Define healthcheck script
+HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
+
+# Set the user, volumes and exposed ports
+USER user
+
+VOLUME /srv /config /database
 
-VOLUME /tmp
-VOLUME /srv
 EXPOSE 80
 
-COPY filebrowser /filebrowser
-COPY Docker.json /.filebrowser.json
-
-ENTRYPOINT ["/filebrowser"]
+ENTRYPOINT [ "tini", "--", "/init.sh" ]

Dockerfile.s6

@@ -0,0 +1,24 @@
+FROM ghcr.io/linuxserver/baseimage-alpine:3.23
+
+RUN apk update && \
+  apk --no-cache add ca-certificates mailcap jq libcap
+
+# Make user and create necessary directories
+RUN mkdir -p /config /database /srv && \
+  chown -R abc:abc /config /database /srv
+
+# Copy files and set permissions
+COPY filebrowser /bin/filebrowser
+COPY docker/common/ /
+COPY docker/s6/ /
+
+RUN chown -R abc:abc /bin/filebrowser /defaults healthcheck.sh && \
+  setcap 'cap_net_bind_service=+ep' /bin/filebrowser
+
+# Define healthcheck script
+HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
+
+# Set the volumes and exposed ports
+VOLUME /srv /config /database
+
+EXPOSE 80

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2018 File Browser contributors
+   Copyright 2018 File Browser Contributors
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,86 +1,30 @@
-ℹ INFO: **This project is not under active development ATM. A small group of developers keeps the project alive, but due to lack of time, we can't continue adding new features or doing deep changes. Please read [#532](https://github.com/filebrowser/filebrowser/issues/532) for more info!**
-
-ℹ INFO: in Q2 2018, this project was renamed from `filemanager` to `filebrowser`, and the main repo was moved from [hacdias/filemanager](https://github.com/hacdias/filemanager) to [filebrowser/filebrowser](https://github.com/filebrowser/filebrowser). At the same time, the official docker image was changed to [`filebrowser/filebrowser`](https://hub.docker.com/r/filebrowser/filebrowser/). Users are encouraged to check their sources and update them accordingly.
-
----
-
 <p align="center">
-  <img src="https://raw.githubusercontent.com/filebrowser/logo/master/banner.png" width="550"/>
+  <img src="https://raw.githubusercontent.com/filebrowser/filebrowser/master/branding/banner.png" width="550"/>
 </p>
 
-![Preview](https://user-images.githubusercontent.com/5447088/28537288-39be4288-70a2-11e7-8ce9-0813d59f46b7.gif)
+[![Build](https://github.com/filebrowser/filebrowser/actions/workflows/ci.yaml/badge.svg)](https://github.com/filebrowser/filebrowser/actions/workflows/ci.yaml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/filebrowser/filebrowser/v2)](https://goreportcard.com/report/github.com/filebrowser/filebrowser/v2)
+[![Version](https://img.shields.io/github/release/filebrowser/filebrowser.svg)](https://github.com/filebrowser/filebrowser/releases/latest)
 
-# filebrowser
+File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview and edit your files. It is a **create-your-own-cloud**-kind of software where you can just install it on your server, direct it to a path and access your files through a nice web interface.
 
-[![Travis](https://img.shields.io/travis/com/filebrowser/filebrowser.svg?style=flat-square)](https://travis-ci.com/filebrowser/filebrowser)
-[![Go Report Card](https://goreportcard.com/badge/github.com/filebrowser/filebrowser?style=flat-square)](https://goreportcard.com/report/github.com/filebrowser/filebrowser)
-[![Documentation](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](http://godoc.org/github.com/filebrowser/filebrowser)
-[![Version](https://img.shields.io/github/release/filebrowser/filebrowser.svg?style=flat-square)](https://github.com/filebrowser/filebrowser/releases/latest)
-[![Chat IRC](https://img.shields.io/badge/freenode-%23filebrowser-blue.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23filebrowser)
+## Documentation
 
-filebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files. It allows the creation of multiple users and each user can have its own directory. It can be used as a standalone app or as a middleware.
+Documentation on how to install, configure, and contribute to this project is hosted at [filebrowser.org](https://filebrowser.org).
 
-# Table of contents
+## Project Status
 
-+ [Getting started](#getting-started)
-+ [Features](#features)
-  - [Users](#users)
-  - [Search](#search)
-+ [Contributing](#contributing)
-+ [Donate](#donate)
+This project is a finished product which fulfills its goal: be a single binary web File Browser which can be run by anyone anywhere. That means that File Browser is currently on **maintenance-only** mode. Therefore, please note the following:
 
-# Getting started
+- It can take a while until someone gets back to you. Please be patient.
+- [Issues](https://github.com/filebrowser/filebrowser/issues) are meant to track bugs. Unrelated issues will be converted into [discussions](https://github.com/filebrowser/filebrowser/discussions).
+- No new features will be implemented by maintainers. Pull requests for new features will be reviewed on a case by case basis.
+- The priority is triaging issues, addressing security issues and reviewing pull requests meant to solve bugs.
 
-You can find the Getting Started guide on the [documentation](https://filebrowser.github.io/quick-start/).
+## Contributing
 
-# Features
+Contributions are always welcome. To start contributing to this project, read our [guidelines](CONTRIBUTING.md) first.
 
-Easy login system.
+## License
 
-![Login Page](https://user-images.githubusercontent.com/5447088/42046516-fe702976-7af5-11e8-9d72-c996150b09f5.png)
-
-Listings of your files, available in two styles: mosaic and list. You can delete, move, rename, upload and create new files, as well as directories. Single files can be downloaded directly, and multiple files as *.zip*, *.tar*, *.tar.gz*, *.tar.bz2* or *.tar.xz*.
-
-![Mosaic Listing](https://user-images.githubusercontent.com/5447088/42046515-fe3f7d58-7af5-11e8-8f87-270947ed755f.png)
-
-File Browser editor is powered by [Codemirror](https://codemirror.net/) and if you're working with markdown files with metadata, both parts will be separated from each other so you can focus on the content.
-
-![Markdown Editor](https://user-images.githubusercontent.com/5447088/42046519-ff17b81c-7af5-11e8-90f3-184e0ad24b7c.png)
-
-On the settings page, a regular user can set its own custom CSS to personalize the experience and change its password. For admins, they can manage the permissions of each user, set commands which can be executed when certain events are triggered (such as before saving and after saving) and change plugin's settings.
-
-![Settings](https://user-images.githubusercontent.com/5447088/42046517-fea206e4-7af5-11e8-88fe-b88513b43f43.png)
-
-We also allow the users to search in the directories and execute commands if allowed.
-
-## Users
-
-We support multiple users and each user can have its own scope and custom stylesheet. The administrator is able to choose which permissions should be given to the users, as well as the commands they can execute. Each user also have a set of rules, in which he can be prevented or allowed to access some directories (regular expressions included!).
-
-![Users](https://user-images.githubusercontent.com/5447088/42046518-fed14440-7af5-11e8-9a57-f4a611e9598d.png)
-
-## Search
-
-File Browser allows you to search through your files and it has some options. By default, your search will be something like this:
-
-```
-this are keywords
-```
-
-If you search for that it will look at every file that contains "this", "are" or "keywords" on their name. If you want to search for an exact term, you should surround your search by double quotes:
-
-```
-"this is the name"
-```
-
-That will search for any file that contains "this is the name" on its name. It won't search for each separated term this time.
-
-By default, every search will be case insensitive. Although, you can make a case sensitive search by adding `case:sensitive` to the search terms, like this:
-
-```
-this are keywords case:sensitive
-```
-
-# Contributing
-
-The contributing guidelines can be found [here](https://github.com/filebrowser/community).
+[Apache License 2.0](LICENSE) © File Browser Contributors

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x     | :white_check_mark: |
+| < 2.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Vulnerabilities with critical impact should be reported on the [Security](https://github.com/filebrowser/filebrowser/security) page of this repository, which is a private way of communicating vulnerabilities to maintainers. This project is in maintenance-only mode and it can take a while until someone gets back to you.
+
+If it is not a critical vulnerability, please open an issue and we will categorize it as a security issue. By giving visibility, we can get more help from the community at fixing such issues.
+
+When reporting an issue, where possible, please provide at least:
+
+* The commit version the issue was identified at
+* A proof of concept (plaintext; no binaries)
+* Steps to reproduce
+* Your recommended remediation(s), if any.
+
+The File Browser team is a volunteer-only effort, and may reach back out for clarification.

Taskfile.yml

@@ -0,0 +1,83 @@
+version: '3'
+
+vars:
+  SITE_DOCKER_FLAGS: >-
+    -v ./www:/docs
+    -v ./LICENSE:/docs/docs/LICENSE
+    -v ./SECURITY.md:/docs/docs/security.md
+    -v ./CHANGELOG.md:/docs/docs/changelog.md
+    -v ./CODE-OF-CONDUCT.md:/docs/docs/code-of-conduct.md
+    -v ./CONTRIBUTING.md:/docs/docs/contributing.md
+
+tasks:
+  build:frontend:
+    desc: Build frontend assets
+    dir: frontend
+    cmds:
+      - pnpm install --frozen-lockfile
+      - pnpm run build
+
+  build:backend:
+    desc: Build backend binary
+    cmds:
+      - go build -ldflags='-s -w -X "github.com/filebrowser/filebrowser/v2/version.Version={{.VERSION}}" -X "github.com/filebrowser/filebrowser/v2/version.CommitSHA={{.GIT_COMMIT}}"' -o filebrowser .
+    vars:
+      GIT_COMMIT:
+        sh: git log -n 1 --format=%h
+      VERSION:
+        sh: git describe --tags --abbrev=0 --match=v* | cut -c 2-
+
+  build:
+    desc: Build both frontend and backend
+    cmds:
+      - task: build:frontend
+      - task: build:backend
+
+  release:make:
+    internal: true
+    prompt: Do you wish to proceed?
+    cmds:
+      - pnpm dlx commit-and-tag-version -s
+
+  release:dry-run:
+    internal: true
+    cmds:
+      - pnpm dlx commit-and-tag-version --dry-run --skip
+
+  release:
+    desc: Create a new release
+    cmds:
+      - task: docs:cli:generate
+      - git add www/docs/cli
+      - |
+        if [[ `git status www/docs/cli --porcelain` ]]; then
+          git commit -m 'chore(docs): update CLI documentation'
+        fi
+      - task: release:dry-run
+      - task: release:make
+
+  docs:cli:generate:
+    cmds:
+      - rm -rf www/docs/cli
+      - mkdir -p www/docs/cli
+      - go run . docs
+    generates:
+      - www/docs/cli
+
+  docs:docker:generate:
+    internal: true
+    cmds: 
+      - docker build -f www/Dockerfile --progress=plain -t filebrowser.site www
+
+  docs:
+    desc: Generate documentation
+    cmds:
+      - rm -rf www/public
+      - task: docs:docker:generate
+      - docker run --rm {{.SITE_DOCKER_FLAGS}} filebrowser.site build -d "public"
+
+  docs:serve:
+    desc: Serve documentation
+    cmds:
+      - task: docs:docker:generate
+      - docker run --rm -it -p 8000:8000 {{.SITE_DOCKER_FLAGS}} filebrowser.site

auth/auth.go

@@ -0,0 +1,16 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// Auther is the authentication interface.
+type Auther interface {
+	// Auth is called to authenticate a request.
+	Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error)
+	// LoginPage indicates if this auther needs a login page.
+	LoginPage() bool
+}

auth/hook.go

@@ -0,0 +1,298 @@
+package auth
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"os/exec"
+	"slices"
+	"strings"
+
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
+	"github.com/filebrowser/filebrowser/v2/files"
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodHookAuth is used to identify hook auth.
+const MethodHookAuth settings.AuthMethod = "hook"
+
+type hookCred struct {
+	Password string `json:"password"`
+	Username string `json:"username"`
+}
+
+// HookAuth is a hook implementation of an Auther.
+type HookAuth struct {
+	Users    users.Store        `json:"-"`
+	Settings *settings.Settings `json:"-"`
+	Server   *settings.Server   `json:"-"`
+	Cred     hookCred           `json:"-"`
+	Fields   hookFields         `json:"-"`
+	Command  string             `json:"command"`
+}
+
+// Auth authenticates the user via a json in content body.
+func (a *HookAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error) {
+	var cred hookCred
+
+	if r.Body == nil {
+		return nil, os.ErrPermission
+	}
+
+	err := json.NewDecoder(r.Body).Decode(&cred)
+	if err != nil {
+		return nil, os.ErrPermission
+	}
+
+	a.Users = usr
+	a.Settings = stg
+	a.Server = srv
+	a.Cred = cred
+
+	action, err := a.RunCommand()
+	if err != nil {
+		return nil, err
+	}
+
+	switch action {
+	case "auth":
+		u, err := a.SaveUser()
+		if err != nil {
+			return nil, err
+		}
+		return u, nil
+	case "block":
+		return nil, os.ErrPermission
+	case "pass":
+		u, err := a.Users.Get(a.Server.Root, a.Cred.Username)
+		if err != nil || !users.CheckPwd(a.Cred.Password, u.Password) {
+			return nil, os.ErrPermission
+		}
+		return u, nil
+	default:
+		return nil, fmt.Errorf("invalid hook action: %s", action)
+	}
+}
+
+// LoginPage tells that hook auth requires a login page.
+func (a *HookAuth) LoginPage() bool {
+	return true
+}
+
+// RunCommand starts the hook command and returns the action
+func (a *HookAuth) RunCommand() (string, error) {
+	command := strings.Split(a.Command, " ")
+	envMapping := func(key string) string {
+		switch key {
+		case "USERNAME":
+			return a.Cred.Username
+		case "PASSWORD":
+			return a.Cred.Password
+		default:
+			return os.Getenv(key)
+		}
+	}
+	for i, arg := range command {
+		if i == 0 {
+			continue
+		}
+		command[i] = os.Expand(arg, envMapping)
+	}
+
+	cmd := exec.Command(command[0], command[1:]...)
+	cmd.Env = append(os.Environ(), fmt.Sprintf("USERNAME=%s", a.Cred.Username))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", a.Cred.Password))
+	out, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+
+	a.GetValues(string(out))
+
+	return a.Fields.Values["hook.action"], nil
+}
+
+// GetValues creates a map with values from the key-value format string
+func (a *HookAuth) GetValues(s string) {
+	m := map[string]string{}
+
+	// make line breaks consistent on Windows platform
+	s = strings.ReplaceAll(s, "\r\n", "\n")
+
+	// iterate input lines
+	for val := range strings.Lines(s) {
+		v := strings.SplitN(val, "=", 2)
+
+		// skips non key and value format
+		if len(v) != 2 {
+			continue
+		}
+
+		fieldKey := strings.TrimSpace(v[0])
+		fieldValue := strings.TrimSpace(v[1])
+
+		if a.Fields.IsValid(fieldKey) {
+			m[fieldKey] = fieldValue
+		}
+	}
+
+	a.Fields.Values = m
+}
+
+// SaveUser updates the existing user or creates a new one when not found
+func (a *HookAuth) SaveUser() (*users.User, error) {
+	u, err := a.Users.Get(a.Server.Root, a.Cred.Username)
+	if err != nil && !errors.Is(err, fberrors.ErrNotExist) {
+		return nil, err
+	}
+
+	if u == nil {
+		pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
+		if err != nil {
+			return nil, err
+		}
+
+		// create user with the provided credentials
+		d := &users.User{
+			Username:     a.Cred.Username,
+			Password:     pass,
+			Scope:        a.Settings.Defaults.Scope,
+			Locale:       a.Settings.Defaults.Locale,
+			ViewMode:     a.Settings.Defaults.ViewMode,
+			SingleClick:  a.Settings.Defaults.SingleClick,
+			Sorting:      a.Settings.Defaults.Sorting,
+			Perm:         a.Settings.Defaults.Perm,
+			Commands:     a.Settings.Defaults.Commands,
+			HideDotfiles: a.Settings.Defaults.HideDotfiles,
+		}
+		u = a.GetUser(d)
+
+		userHome, err := a.Settings.MakeUserDir(u.Username, u.Scope, a.Server.Root)
+		if err != nil {
+			return nil, fmt.Errorf("user: failed to mkdir user home dir: [%s]", userHome)
+		}
+		u.Scope = userHome
+		log.Printf("user: %s, home dir: [%s].", u.Username, userHome)
+
+		err = a.Users.Save(u)
+		if err != nil {
+			return nil, err
+		}
+	} else if p := !users.CheckPwd(a.Cred.Password, u.Password); len(a.Fields.Values) > 1 || p {
+		u = a.GetUser(u)
+
+		// update the password when it doesn't match the current
+		if p {
+			pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
+			if err != nil {
+				return nil, err
+			}
+			u.Password = pass
+		}
+
+		// update user with provided fields
+		err := a.Users.Update(u)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return u, nil
+}
+
+// GetUser returns a User filled with hook values or provided defaults
+func (a *HookAuth) GetUser(d *users.User) *users.User {
+	// adds all permissions when user is admin
+	isAdmin := a.Fields.GetBoolean("user.perm.admin", d.Perm.Admin)
+	perms := users.Permissions{
+		Admin:    isAdmin,
+		Execute:  isAdmin || a.Fields.GetBoolean("user.perm.execute", d.Perm.Execute),
+		Create:   isAdmin || a.Fields.GetBoolean("user.perm.create", d.Perm.Create),
+		Rename:   isAdmin || a.Fields.GetBoolean("user.perm.rename", d.Perm.Rename),
+		Modify:   isAdmin || a.Fields.GetBoolean("user.perm.modify", d.Perm.Modify),
+		Delete:   isAdmin || a.Fields.GetBoolean("user.perm.delete", d.Perm.Delete),
+		Share:    isAdmin || a.Fields.GetBoolean("user.perm.share", d.Perm.Share),
+		Download: isAdmin || a.Fields.GetBoolean("user.perm.download", d.Perm.Download),
+	}
+	user := users.User{
+		ID:          d.ID,
+		Username:    d.Username,
+		Password:    d.Password,
+		Scope:       a.Fields.GetString("user.scope", d.Scope),
+		Locale:      a.Fields.GetString("user.locale", d.Locale),
+		ViewMode:    users.ViewMode(a.Fields.GetString("user.viewMode", string(d.ViewMode))),
+		SingleClick: a.Fields.GetBoolean("user.singleClick", d.SingleClick),
+		Sorting: files.Sorting{
+			Asc: a.Fields.GetBoolean("user.sorting.asc", d.Sorting.Asc),
+			By:  a.Fields.GetString("user.sorting.by", d.Sorting.By),
+		},
+		Commands:     a.Fields.GetArray("user.commands", d.Commands),
+		HideDotfiles: a.Fields.GetBoolean("user.hideDotfiles", d.HideDotfiles),
+		Perm:         perms,
+		LockPassword: true,
+	}
+
+	return &user
+}
+
+// hookFields is used to access fields from the hook
+type hookFields struct {
+	Values map[string]string
+}
+
+// validHookFields contains names of the fields that can be used
+var validHookFields = []string{
+	"hook.action",
+	"user.scope",
+	"user.locale",
+	"user.viewMode",
+	"user.singleClick",
+	"user.sorting.by",
+	"user.sorting.asc",
+	"user.commands",
+	"user.hideDotfiles",
+	"user.perm.admin",
+	"user.perm.execute",
+	"user.perm.create",
+	"user.perm.rename",
+	"user.perm.modify",
+	"user.perm.delete",
+	"user.perm.share",
+	"user.perm.download",
+}
+
+// IsValid checks if the provided field is on the valid fields list
+func (hf *hookFields) IsValid(field string) bool {
+	return slices.Contains(validHookFields, field)
+}
+
+// GetString returns the string value or provided default
+func (hf *hookFields) GetString(k, dv string) string {
+	val, ok := hf.Values[k]
+	if ok {
+		return val
+	}
+	return dv
+}
+
+// GetBoolean returns the bool value or provided default
+func (hf *hookFields) GetBoolean(k string, dv bool) bool {
+	val, ok := hf.Values[k]
+	if ok {
+		return val == "true"
+	}
+	return dv
+}
+
+// GetArray returns the array value or provided default
+func (hf *hookFields) GetArray(k string, dv []string) []string {
+	val, ok := hf.Values[k]
+	if ok && strings.TrimSpace(val) != "" {
+		return strings.Split(val, " ")
+	}
+	return dv
+}

auth/json.go

@@ -0,0 +1,108 @@
+package auth
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodJSONAuth is used to identify json auth.
+const MethodJSONAuth settings.AuthMethod = "json"
+
+type jsonCred struct {
+	Password  string `json:"password"`
+	Username  string `json:"username"`
+	ReCaptcha string `json:"recaptcha"`
+}
+
+// JSONAuth is a json implementation of an Auther.
+type JSONAuth struct {
+	ReCaptcha *ReCaptcha `json:"recaptcha" yaml:"recaptcha"`
+}
+
+// Auth authenticates the user via a json in content body.
+func (a JSONAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
+	var cred jsonCred
+
+	if r.Body == nil {
+		return nil, os.ErrPermission
+	}
+
+	err := json.NewDecoder(r.Body).Decode(&cred)
+	if err != nil {
+		return nil, os.ErrPermission
+	}
+
+	// If ReCaptcha is enabled, check the code.
+	if a.ReCaptcha != nil && a.ReCaptcha.Secret != "" {
+		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha)
+
+		if err != nil {
+			return nil, err
+		}
+
+		if !ok {
+			return nil, os.ErrPermission
+		}
+	}
+
+	u, err := usr.Get(srv.Root, cred.Username)
+	if err != nil || !users.CheckPwd(cred.Password, u.Password) {
+		return nil, os.ErrPermission
+	}
+
+	return u, nil
+}
+
+// LoginPage tells that json auth doesn't require a login page.
+func (a JSONAuth) LoginPage() bool {
+	return true
+}
+
+const reCaptchaAPI = "/recaptcha/api/siteverify"
+
+// ReCaptcha identifies a recaptcha connection.
+type ReCaptcha struct {
+	Host   string `json:"host"`
+	Key    string `json:"key"`
+	Secret string `json:"secret"`
+}
+
+// Ok checks if a reCaptcha responde is correct.
+func (r *ReCaptcha) Ok(response string) (bool, error) {
+	body := url.Values{}
+	body.Set("secret", r.Secret)
+	body.Add("response", response)
+
+	client := &http.Client{}
+
+	resp, err := client.Post(
+		r.Host+reCaptchaAPI,
+		"application/x-www-form-urlencoded",
+		strings.NewReader(body.Encode()),
+	)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return false, nil
+	}
+
+	var data struct {
+		Success bool `json:"success"`
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(&data)
+	if err != nil {
+		return false, err
+	}
+
+	return data.Success, nil
+}

auth/none.go

@@ -0,0 +1,24 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodNoAuth is used to identify no auth.
+const MethodNoAuth settings.AuthMethod = "noauth"
+
+// NoAuth is no auth implementation of auther.
+type NoAuth struct{}
+
+// Auth uses authenticates user 1.
+func (a NoAuth) Auth(_ *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
+	return usr.Get(srv.Root, uint(1))
+}
+
+// LoginPage tells that no auth doesn't require a login page.
+func (a NoAuth) LoginPage() bool {
+	return false
+}

auth/proxy.go

@@ -0,0 +1,68 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodProxyAuth is used to identify no auth.
+const MethodProxyAuth settings.AuthMethod = "proxy"
+
+// ProxyAuth is a proxy implementation of an auther.
+type ProxyAuth struct {
+	Header string `json:"header"`
+}
+
+// Auth authenticates the user via an HTTP header.
+func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Settings, srv *settings.Server) (*users.User, error) {
+	username := r.Header.Get(a.Header)
+	user, err := usr.Get(srv.Root, username)
+	if errors.Is(err, fberrors.ErrNotExist) {
+		return a.createUser(usr, setting, srv, username)
+	}
+	return user, err
+}
+
+func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *settings.Server, username string) (*users.User, error) {
+	const randomPasswordLength = settings.DefaultMinimumPasswordLength + 10
+	pwd, err := users.RandomPwd(randomPasswordLength)
+	if err != nil {
+		return nil, err
+	}
+
+	var hashedRandomPassword string
+	hashedRandomPassword, err = users.ValidateAndHashPwd(pwd, setting.MinimumPasswordLength)
+	if err != nil {
+		return nil, err
+	}
+
+	user := &users.User{
+		Username:     username,
+		Password:     hashedRandomPassword,
+		LockPassword: true,
+	}
+	setting.Defaults.Apply(user)
+
+	var userHome string
+	userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
+	if err != nil {
+		return nil, err
+	}
+	user.Scope = userHome
+
+	err = usr.Save(user)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+// LoginPage tells that proxy auth doesn't require a login page.
+func (a ProxyAuth) LoginPage() bool {
+	return false
+}

auth/storage.go

@@ -0,0 +1,33 @@
+package auth
+
+import (
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// StorageBackend is a storage backend for auth storage.
+type StorageBackend interface {
+	Get(settings.AuthMethod) (Auther, error)
+	Save(Auther) error
+}
+
+// Storage is a auth storage.
+type Storage struct {
+	back  StorageBackend
+	users *users.Storage
+}
+
+// NewStorage creates a auth storage from a backend.
+func NewStorage(back StorageBackend, userStore *users.Storage) *Storage {
+	return &Storage{back: back, users: userStore}
+}
+
+// Get wraps a StorageBackend.Get.
+func (s *Storage) Get(t settings.AuthMethod) (Auther, error) {
+	return s.back.Get(t)
+}
+
+// Save wraps a StorageBackend.Save.
+func (s *Storage) Save(a Auther) error {
+	return s.back.Save(a)
+}

branding/icon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="700" height="700" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" image-rendering="optimizeQuality" fill-rule="evenodd" clip-rule="evenodd"><defs><style>.prefix__fil1{fill:#fefefe}.prefix__fil6{fill:#006498}.prefix__fil5{fill:#bdeaff}</style></defs><g id="prefix__Layer_x0020_1"><path d="M80 0h540c44 0 80 36 80 80v540c0 44-36 80-80 80H80c-44 0-80-36-80-80V80C0 36 36 0 80 0z" fill="#455a64"/><path class="prefix__fil1" d="M350 71c154 0 279 125 279 279S504 629 350 629 71 504 71 350 196 71 350 71z"/><path d="M475 236l118 151c3 116-149 252-292 198l-76-99 114-156s138-95 136-94z" fill="#332c2b" fill-opacity=".149"/><path d="M231 211h208l38 24v246c0 5-3 8-8 8H231c-5 0-8-3-8-8V219c0-5 3-8 8-8z" fill="#2bbcff"/><path d="M231 211h208l38 24v2l-37-23H231c-4 0-7 3-7 7v263c-1-1-1-2-1-3V219c0-5 3-8 8-8z" fill="#53c6fc"/><path class="prefix__fil5" d="M305 212h113v98H305zM255 363h189c3 0 5 2 5 4v116H250V367c0-2 2-4 5-4z"/><path class="prefix__fil6" d="M250 470h199v13H250zM380 226h10c3 0 6 2 6 5v40c0 3-3 6-6 6h-10c-3 0-6-3-6-6v-40c0-3 3-5 6-5z"/><path class="prefix__fil1" d="M254 226c10 0 17 7 17 17 0 9-7 16-17 16-9 0-17-7-17-16 0-10 8-17 17-17z"/><path class="prefix__fil6" d="M267 448h165c2 0 3 1 3 3 0 1-1 3-3 3H267c-2 0-3-2-3-3 0-2 1-3 3-3zM267 415h165c2 0 3 1 3 3 0 1-1 2-3 2H267c-2 0-3-1-3-2 0-2 1-3 3-3zM267 381h165c2 0 3 2 3 3 0 2-1 3-3 3H267c-2 0-3-1-3-3 0-1 1-3 3-3z"/><path class="prefix__fil1" d="M236 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5zM463 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z"/><path class="prefix__fil6" d="M305 212h-21v98h21z"/><path d="M477 479v2c0 5-3 8-8 8H231c-5 0-8-3-8-8v-2c0 4 3 8 8 8h238c5 0 8-4 8-8z" fill="#0ea5eb"/><path d="M350 70c155 0 280 125 280 280S505 630 350 630 70 505 70 350 195 70 350 70zm0 46c129 0 234 105 234 234S479 584 350 584 116 479 116 350s105-234 234-234z" fill="#2979ff"/></g></svg>

branding/logo.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="560" height="560" version="1.1" id="prefix__svg44" clip-rule="evenodd" fill-rule="evenodd" image-rendering="optimizeQuality" shape-rendering="geometricPrecision" text-rendering="geometricPrecision"><defs id="prefix__defs4"><style type="text/css" id="style2">.prefix__fil1{fill:#fefefe}.prefix__fil6{fill:#006498}.prefix__fil5{fill:#bdeaff}</style></defs><g id="prefix__g85" transform="translate(-70 -70)"><path class="prefix__fil1" d="M350 71c154 0 279 125 279 279S504 629 350 629 71 504 71 350 196 71 350 71z" id="prefix__path9" fill="#fefefe"/><path d="M475 236l118 151c3 116-149 252-292 198l-76-99 114-156s138-95 136-94z" id="prefix__path11" fill="#332c2b" fill-opacity=".149"/><path d="M231 211h208l38 24v246c0 5-3 8-8 8H231c-5 0-8-3-8-8V219c0-5 3-8 8-8z" id="prefix__path13" fill="#2bbcff"/><path d="M231 211h208l38 24v2l-37-23H231c-4 0-7 3-7 7v263c-1-1-1-2-1-3V219c0-5 3-8 8-8z" id="prefix__path15" fill="#53c6fc"/><path class="prefix__fil5" id="prefix__polygon17" fill="#bdeaff" d="M305 212h113v98H305z"/><path class="prefix__fil5" d="M255 363h189c3 0 5 2 5 4v116H250V367c0-2 2-4 5-4z" id="prefix__path19" fill="#bdeaff"/><path class="prefix__fil6" id="prefix__polygon21" fill="#006498" d="M250 470h199v13H250z"/><path class="prefix__fil6" d="M380 226h10c3 0 6 2 6 5v40c0 3-3 6-6 6h-10c-3 0-6-3-6-6v-40c0-3 3-5 6-5z" id="prefix__path23" fill="#006498"/><path class="prefix__fil1" d="M254 226c10 0 17 7 17 17 0 9-7 16-17 16-9 0-17-7-17-16 0-10 8-17 17-17z" id="prefix__path25" fill="#fefefe"/><path class="prefix__fil6" d="M267 448h165c2 0 3 1 3 3 0 1-1 3-3 3H267c-2 0-3-2-3-3 0-2 1-3 3-3z" id="prefix__path27" fill="#006498"/><path class="prefix__fil6" d="M267 415h165c2 0 3 1 3 3 0 1-1 2-3 2H267c-2 0-3-1-3-2 0-2 1-3 3-3z" id="prefix__path29" fill="#006498"/><path class="prefix__fil6" d="M267 381h165c2 0 3 2 3 3 0 2-1 3-3 3H267c-2 0-3-1-3-3 0-1 1-3 3-3z" id="prefix__path31" fill="#006498"/><path class="prefix__fil1" d="M236 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z" id="prefix__path33" fill="#fefefe"/><path class="prefix__fil1" d="M463 472c3 0 5 2 5 5 0 2-2 4-5 4s-5-2-5-4c0-3 2-5 5-5z" id="prefix__path35" fill="#fefefe"/><path class="prefix__fil6" id="prefix__polygon37" fill="#006498" d="M305 212h-21v98h21z"/><path d="M477 479v2c0 5-3 8-8 8H231c-5 0-8-3-8-8v-2c0 4 3 8 8 8h238c5 0 8-4 8-8z" id="prefix__path39" fill="#0ea5eb"/><path d="M350 70c155 0 280 125 280 280S505 630 350 630 70 505 70 350 195 70 350 70zm0 46c129 0 234 105 234 234S479 584 350 584 116 479 116 350s105-234 234-234z" id="prefix__path41" fill="#2979ff"/></g></svg>

build/build.sh

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd $(dirname $0)/../cli
-
-go get -v ./...
-
-if [ "$COMMIT_SHA" != "" ]; then
-  echo "Set version to ($COMMIT_SHA)"
-  sed -i.bak "s|(untracked)|($COMMIT_SHA)|g" ../lib/filebrowser.go
-fi
-
-echo "Build CLI"
-go build -a -o filebrowser
-
-if [ "$COMMIT_SHA" != "" ]; then
-  echo "Reset version to (untracked)"
-  sed -i "s|($COMMIT_SHA)|(untracked)|g" ../lib/filebrowser.go
-fi

build/build_all.sh

@@ -1,37 +0,0 @@
-#!/bin/sh
-
-cd $(dirname $0)/..
-
-if [ -d lib/"rice-box.go" ]; then
-  rm -rf lib/rice-box.go
-fi
-
-if [ "$USE_DOCKER" != "" ]; then
-  if [ -d "frontend/dist" ]; then
-    rm -rf frontend/dist
-  fi;
-
-  if [ "$(command -v git)" != "" ]; then
-    COMMIT_SHA="$(git rev-parse HEAD | cut -c1-8)"
-  else
-    COMMIT_SHA="untracked"
-  fi
-
-  $(command -v winpty) docker run --rm -it \
-    -v /$(pwd):/src:z \
-    -w //src \
-    -e COMMIT_SHA=$COMMIT_SHA \
-    filebrowser/dev \
-    sh -c "\
-      cd build && \
-      dos2unix build_assets.sh && \
-      dos2unix build.sh && \
-      ./build_assets.sh && \
-      ./build.sh &&
-      mv ../cli/filebrowser ../ \
-    "
-else
-  set -e
-  ./build/build_assets.sh
-  ./build/build.sh
-fi

build/build_assets.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd $(dirname $0)/..
-
-# Clean the dist folder and build the assets
-cd frontend
-if [ -d "dist" ]; then
-  rm -rf dist/*
-fi;
-yarn install
-yarn build
-cd ..
-
-# Install rice tool if not present
-if ! [ -x "$(command -v rice)" ]; then
-  go get github.com/GeertJohan/go.rice/rice
-fi
-
-# Embed the assets using rice
-cd lib
-rice embed-go

build/docker_login.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# init key for pass
-gpg --batch --gen-key <<-EOF
-%echo Generating a standard key
-Key-Type: DSA
-Key-Length: 1024
-Subkey-Type: ELG-E
-Subkey-Length: 1024
-Name-Real: Meshuggah Rocks
-Name-Email: meshuggah@example.com
-Expire-Date: 0
-# Do a commit here, so that we can later print "done" :-)
-%commit
-%echo done
-EOF
-
-key=$(gpg --no-auto-check-trustdb --list-secret-keys | grep ^sec | cut -d/ -f2 | cut -d" " -f1)
-pass init $key
-
-if [ "$(command -v docker-credential-pass)" = "" ]; then
-  docker run --rm -itv /usr/local/bin:/src filebrowser/dev sh -c "cp /go/bin/docker-credential-pass /src"
-fi
-
-echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin

build/push_images.sh

@@ -1,14 +0,0 @@
-#! /bin/sh
-
-set -e
-
-cd $(dirname $0)
-
-./docker_login.sh
-
-for tag in `echo $(docker images filebrowser/filebrowser* | awk -F ' ' '{print $1 ":" $2}') | cut -d ' ' -f2-`; do
-  if [ "$tag" = "REPOSITORY:TAG" ]; then break; fi
-  docker push $tag
-done
-
-docker logout

build/push_ricebox.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd $(dirname $0)
-
-COMMIT_SHA="$(git rev-parse --verify HEAD | cut -c1-8)"
-
-eval `ssh-agent -s`
-openssl aes-256-cbc -K $encrypted_9ca81b5594f5_key -iv $encrypted_9ca81b5594f5_iv -in ./deploy_key.enc -d | ssh-add -
-
-git clone git@github.com:filebrowser/caddy caddy
-cd caddy
-cp ../../lib/rice-box.go assets/
-sed -i 's/package lib/package assets/g' assets/rice-box.go
-git checkout -b update-rice-box origin/master
-git config --local user.name "Filebrowser Bot"
-git config --local user.email "FilebrowserBot@users.noreply.github.com"
-git commit -am "update rice-box $COMMIT_SHA"
-
-if [ $(git tag | grep "$TRAVIS_TAG" | wc -l) -ne 0 ]; then
-  git tag -d "$TRAVIS_TAG"
-fi
-
-git tag "$TRAVIS_TAG"
-
-if [ "$(git ls-remote --heads origin update-rice-box)" != "" ]; then
-  git push -u origin update-rice-box
-else
-  git push origin +update-rice-box
-fi
-
-if [ "$(git ls-remote --heads origin update-rice-box)" != "" ]; then
-  git push origin "$TRAVIS_TAG"
-else
-  git push origin :"$TRAVIS_TAG"
-  git push origin "$TRAVIS_TAG"
-fi
-

build/release.sh

@@ -1,55 +0,0 @@
-#!/bin/bash
-
-set -e
-
-cd $(dirname $0)/..
-
-echo "> Checking semver format"
-
-if [ $# -ne 1 ]; then
-  echo "This release script requires a single argument corresponding to the semver to be released. See semver.org"
-  exit 1
-fi
-
-semver=$(grep -P '^v(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)' <<< "$1")
-
-if [ $? -ne 0 ]; then
-  echo "Not valid semver format. See semver.org"
-  exit 1
-fi
-
-echo "> Checking matching $semver in frontend submodule"
-
-cd frontend
-git fetch --all
-
-if [ $(git tag | grep "$semver" | wc -l) -eq 0 ]; then
-  echo "Tag $semver does not exist in submodule 'frontend'. Tag it and run this script again."
-  exit 1
-fi
-
-git rev-parse --verify --quiet release
-if [ $? -ne 0 ]; then
-  git checkout -b release "$semver"
-else
-  git checkout release
-  git reset --hard "$semver"
-fi
-
-cd ..
-
-echo "> Updating submodule ref to $semver"
-
-sed -i "s|(untracked)|$1|g" filebrowser.go
-git commit -am "chore: version $semver"
-git tag "$1"
-git push
-git push --tags
-
-echo "> Commiting untracked version notice..."
-
-sed -i "s|$1|(untracked)|g" filebrowser.go
-git commit -am "chore: setting untracked version [ci skip]"
-git push
-
-echo "> Done!"

build/run_linters.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd $(dirname $0)/..
-
-if [ "$USE_DOCKER" != "" ]; then
-  $(command -v winpty) docker run --rm -itv "/$(pwd)://src" -w "//src" filebrowser/dev sh -c "\
-    go get -v ./... && \
-    golangci-lint run -v"
-else
-  golangci-lint run -v
-fi

cli/cmd/db.go

@@ -1,24 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-)
-
-// dbCmd represents the db command
-var dbCmd = &cobra.Command{
-	Use:     "db",
-	Version: rootCmd.Version,
-	Aliases: []string{"database"},
-	Short:   "Manage a filebrowser database",
-	Long: `This is a CLI tool to ease the management of
-filebrowser database files.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("db called. Command not implemented, yet.")
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(dbCmd)
-}

cli/cmd/root.go

@@ -1,76 +0,0 @@
-package cmd
-
-import (
-	"log"
-	"strings"
-
-	fb "github.com/filebrowser/filebrowser/lib"
-	homedir "github.com/mitchellh/go-homedir"
-	"github.com/spf13/cobra"
-	v "github.com/spf13/viper"
-)
-
-var cfgFile string
-
-// rootCmd represents the base command when called without any subcommands
-var rootCmd = &cobra.Command{
-	Use:     "filebrowser",
-	Version: fb.Version,
-	Aliases: []string{"serve"},
-	Short:   "A stylish web-based file manager",
-	Long: `Command 'serve' is the default. Filebrowser is started
-with the provided envvars, flags and/or config file. For example:
-
-filebrowser -c config.json -p 80 -s ./srv
-
-File Browser is a static binary composed of a golang backend and
-a Vue.js frontend to create, edit, copy, move, download your files
-easily, everywhere, every time.`,
-	//	Run: func(cmd *cobra.Command, args []string) {},
-}
-
-// Execute adds all child commands to the root command and sets flags appropriately.
-// This is called by main.main(). It only needs to happen once to the rootCmd.
-func Execute() {
-	checkRootAlias()
-	if err := rootCmd.Execute(); err != nil {
-		panic(err)
-	}
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-	rootCmd.SetVersionTemplate("File Browser {{printf \"version %s\" .Version}}\n")
-
-	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "config file (defaults are './.filebrowser[ext]', '$HOME/.filebrowser[ext]' or '/etc/filebrowser/.filebrowser[ext]')")
-}
-
-// initConfig reads in config file and ENV variables if set.
-func initConfig() {
-	if cfgFile == "" {
-		// Find home directory.
-		home, err := homedir.Dir()
-		if err != nil {
-			panic(err)
-		}
-		v.AddConfigPath(".")
-		v.AddConfigPath(home)
-		v.AddConfigPath("/etc/filebrowser/")
-		v.SetConfigName(".filebrowser")
-	} else {
-		// Use config file from the flag.
-		v.SetConfigFile(cfgFile)
-	}
-
-	v.SetEnvPrefix("FB")
-	v.AutomaticEnv()
-	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
-
-	if err := v.ReadInConfig(); err != nil {
-		if _, ok := err.(v.ConfigParseError); ok {
-			panic(err)
-		}
-	} else {
-		log.Println("Using config file:", v.ConfigFileUsed())
-	}
-}

cli/cmd/rootalias.go

@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"log"
-	"os"
-)
-
-// checkRootAlias compares the first argument provided in the CLI with a list of
-// subcmds and aliases. If no match is found, the first alias of rootCmd is added.
-func checkRootAlias() {
-	l := len(rootCmd.Aliases)
-	if l == 0 {
-		return
-	}
-	if l > 1 {
-		log.Printf("rootCmd.Aliases should contain a single string. '%s' is used.\n", rootCmd.Aliases[0])
-	}
-	if len(os.Args) > 1 {
-		for _, v := range append(nonRootSubCmds(), []string{"--help", "--version"}...) {
-			if os.Args[1] == v {
-				return
-			}
-		}
-	}
-	os.Args = append([]string{os.Args[0], rootCmd.Aliases[0]}, os.Args[1:]...)
-}
-
-// nonRootSubCmds traverses the list of subcommands of rootCmd and returns a string
-// slice containing the names and aliases of all the subcmds, except the one defined
-// in the Aliases field of rootCmd.
-func nonRootSubCmds() (l []string) {
-	for _, c := range rootCmd.Commands() {
-		isAlias := false
-		for _, a := range append(c.Aliases, c.Name()) {
-			if a == rootCmd.Aliases[0] {
-				isAlias = true
-				break
-			}
-		}
-		if !isAlias {
-			l = append(l, c.Name())
-			l = append(l, c.Aliases...)
-		}
-	}
-	return
-}

cli/cmd/serve.go

@@ -1,111 +0,0 @@
-package cmd
-
-import (
-	filebrowser "github.com/filebrowser/filebrowser/lib"
-	"github.com/spf13/cobra"
-	v "github.com/spf13/viper"
-)
-
-// serveCmd represents the serve command
-var serveCmd = &cobra.Command{
-	Use:     "serve",
-	Version: rootCmd.Version,
-	Aliases: []string{"server"},
-	Short:   "Start filebrowser service",
-	Long:    rootCmd.Long,
-	Run: func(cmd *cobra.Command, args []string) {
-		Serve()
-	},
-	Args: cobra.NoArgs,
-}
-
-func init() {
-	rootCmd.AddCommand(serveCmd)
-
-	f := serveCmd.PersistentFlags()
-
-	flag := func(k string, i interface{}, u string) {
-		switch y := i.(type) {
-		case bool:
-			f.Bool(k, y, u)
-		case int:
-			f.Int(k, y, u)
-		case string:
-			f.String(k, y, u)
-		}
-		v.SetDefault(k, i)
-	}
-
-	flagP := func(k, p string, i interface{}, u string) {
-		switch y := i.(type) {
-		case bool:
-			f.BoolP(k, p, y, u)
-		case int:
-			f.IntP(k, p, y, u)
-		case string:
-			f.StringP(k, p, y, u)
-		}
-		v.SetDefault(k, i)
-	}
-
-	deprecated := func(k string, i interface{}, u, m string) {
-		switch y := i.(type) {
-		case bool:
-			f.Bool(k, y, u)
-		case int:
-			f.Int(k, y, u)
-		case string:
-			f.String(k, y, u)
-		}
-		f.MarkDeprecated(k, m)
-	}
-
-	// Global settings
-	flagP("port", "p", 0, "HTTP Port (default is random)")
-	flagP("address", "a", "", "Address to listen to (default is all of them)")
-	flagP("database", "d", "./filebrowser.db", "Database file")
-	flagP("log", "l", "stdout", "Errors logger; can use 'stdout', 'stderr' or file")
-	flagP("baseurl", "b", "", "Base URL")
-	flag("prefixurl", "", "Prefix URL")
-	flag("staticgen", "", "Static Generator you want to enable")
-
-	// User default settings
-	f.String("defaults.commands", "git svn hg", "Default commands option for new users")
-	v.SetDefault("defaults.commands", []string{"git", "svn", "hg"})
-
-	flagP("defaults.scope", "s", ".", "Default scope option for new users")
-	flag("defaults.viewMode", filebrowser.MosaicViewMode, "Default view mode for new users")
-	flag("defaults.allowCommands", true, "Default allow commands option for new users")
-	flag("defaults.allowEdit", true, "Default allow edit option for new users")
-	flag("defaults.allowNew", true, "Default allow new option for new users")
-	flag("defaults.allowPublish", true, "Default allow publish option for new users")
-	flag("defaults.locale", "", "Default locale for new users, set it empty to enable auto detect from browser")
-
-	// Recaptcha settings
-	flag("recaptcha.host", "https://www.google.com", "Use another host for ReCAPTCHA. recaptcha.net might be useful in China")
-	flag("recaptcha.key", "", "ReCaptcha site key")
-	flag("recaptcha.secret", "", "ReCaptcha secret")
-
-	// Auth settings
-	flag("auth.method", "default", "Switch between 'none', 'default' and 'proxy' authentication")
-	flag("auth.header", "X-Forwarded-User", "The header name used for proxy authentication")
-
-	// Bind the full flag set to the configuration
-	if err := v.BindPFlags(f); err != nil {
-		panic(err)
-	}
-
-	// Deprecated flags
-	deprecated("no-auth", false, "Disables authentication", "use --auth.method='none' instead")
-	deprecated("alternative-recaptcha", false, "Use recaptcha.net for serving and handling, useful in China", "use --recaptcha.host instead")
-	deprecated("recaptcha-key", "", "ReCaptcha site key", "use --recaptcha.key instead")
-	deprecated("recaptcha-secret", "", "ReCaptcha secret", "use --recaptcha.secret instead")
-	deprecated("scope", ".", "Default scope option for new users", "use --defaults.scope instead")
-	deprecated("commands", "git svn hg", "Default commands option for new users", "use --defaults.commands instead")
-	deprecated("view-mode", "mosaic", "Default view mode for new users", "use --defaults.viewMode instead")
-	deprecated("locale", "", "Default locale for new users, set it empty to enable auto detect from browser", "use --defaults.locale instead")
-	deprecated("allow-commands", true, "Default allow commands option for new users", "use --defaults.allowCommands instead")
-	deprecated("allow-edit", true, "Default allow edit option for new users", "use --defaults.allowEdit instead")
-	deprecated("allow-publish", true, "Default allow publish option for new users", "use --defaults.allowPublish instead")
-	deprecated("allow-new", true, "Default allow new option for new users", "use --defaults.allowNew instead")
-}

cli/cmd/server.go

@@ -1,150 +0,0 @@
-package cmd
-
-import (
-	"io/ioutil"
-	"log"
-	"net"
-	"net/http"
-	"os"
-	"path/filepath"
-
-	"github.com/asdine/storm"
-	filebrowser "github.com/filebrowser/filebrowser/lib"
-	"github.com/filebrowser/filebrowser/lib/bolt"
-	h "github.com/filebrowser/filebrowser/lib/http"
-	"github.com/filebrowser/filebrowser/lib/staticgen"
-	"github.com/hacdias/fileutils"
-	"github.com/spf13/viper"
-	lumberjack "gopkg.in/natefinch/lumberjack.v2"
-)
-
-func Serve() {
-	// Set up process log before anything bad happens.
-	switch l := viper.GetString("log"); l {
-	case "stdout":
-		log.SetOutput(os.Stdout)
-	case "stderr":
-		log.SetOutput(os.Stderr)
-	case "":
-		log.SetOutput(ioutil.Discard)
-	default:
-		log.SetOutput(&lumberjack.Logger{
-			Filename:   l,
-			MaxSize:    100,
-			MaxAge:     14,
-			MaxBackups: 10,
-		})
-	}
-
-	// Validate the provided config before moving forward
-	{
-		// Map of valid authentication methods, containing a boolean value to indicate the need of Auth.Header
-		validMethods := make(map[string]bool)
-		validMethods["none"] = false
-		validMethods["default"] = false
-		validMethods["proxy"] = true
-
-		m := viper.GetString("auth.method")
-		b, ok := validMethods[m]
-		if !ok {
-			log.Fatal("The property 'auth.method' needs to be set to 'none', 'default' or 'proxy'.")
-		}
-
-		if b {
-			if viper.GetString("auth.header") == "" {
-				log.Fatal("The 'auth.header' needs to be specified when '", m, "' authentication is used.")
-			}
-			log.Println("[WARN] Filebrowser authentication is configured to '", m, "' authentication. This can cause a huge security issue if the infrastructure is not configured correctly.")
-		}
-	}
-
-	// Builds the address and a listener.
-	laddr := viper.GetString("address") + ":" + viper.GetString("port")
-	listener, err := net.Listen("tcp", laddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Tell the user the port in which is listening.
-	log.Println("Listening on", listener.Addr().String())
-
-	// Starts the server.
-	if err := http.Serve(listener, handler()); err != nil {
-		log.Fatal(err)
-	}
-}
-
-func handler() http.Handler {
-	db, err := storm.Open(viper.GetString("database"))
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fb := &filebrowser.FileBrowser{
-		Auth: &filebrowser.Auth{
-			Method: viper.GetString("auth.method"),
-			Header: viper.GetString("auth.header"),
-		},
-		ReCaptcha: &filebrowser.ReCaptcha{
-			Host:   viper.GetString("recaptcha.host"),
-			Key:    viper.GetString("recaptcha.key"),
-			Secret: viper.GetString("recaptcha.secret"),
-		},
-		DefaultUser: &filebrowser.User{
-			AllowCommands: viper.GetBool("defaults.allowCommands"),
-			AllowEdit:     viper.GetBool("defaults.allowEdit"),
-			AllowNew:      viper.GetBool("defaults.allowNew"),
-			AllowPublish:  viper.GetBool("defaults.allowPublish"),
-			Commands:      viper.GetStringSlice("defaults.commands"),
-			Rules:         []*filebrowser.Rule{},
-			Locale:        viper.GetString("defaults.locale"),
-			CSS:           "",
-			Scope:         viper.GetString("defaults.scope"),
-			FileSystem:    fileutils.Dir(viper.GetString("defaults.scope")),
-			ViewMode:      viper.GetString("defaults.viewMode"),
-		},
-		Store: &filebrowser.Store{
-			Config: bolt.ConfigStore{DB: db},
-			Users:  bolt.UsersStore{DB: db},
-			Share:  bolt.ShareStore{DB: db},
-		},
-		NewFS: func(scope string) filebrowser.FileSystem {
-			return fileutils.Dir(scope)
-		},
-	}
-
-	fb.SetBaseURL(viper.GetString("baseurl"))
-	fb.SetPrefixURL(viper.GetString("prefixurl"))
-
-	err = fb.Setup()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	switch viper.GetString("staticgen") {
-	case "hugo":
-		hugo := &staticgen.Hugo{
-			Root:        viper.GetString("Scope"),
-			Public:      filepath.Join(viper.GetString("Scope"), "public"),
-			Args:        []string{},
-			CleanPublic: true,
-		}
-
-		if err = fb.Attach(hugo); err != nil {
-			log.Fatal(err)
-		}
-	case "jekyll":
-		jekyll := &staticgen.Jekyll{
-			Root:        viper.GetString("Scope"),
-			Public:      filepath.Join(viper.GetString("Scope"), "_site"),
-			Args:        []string{"build"},
-			CleanPublic: true,
-		}
-
-		if err = fb.Attach(jekyll); err != nil {
-			log.Fatal(err)
-		}
-	}
-
-	return h.Handler(fb)
-}

cli/cmd/version.go

@@ -1,28 +0,0 @@
-package cmd
-
-import (
-	"text/template"
-
-	"github.com/spf13/cobra"
-)
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Print the version number of File Browser",
-	Long:  `All software has versions. This is File Browser's`,
-	Run: func(cmd *cobra.Command, args []string) {
-		// https://github.com/spf13/cobra/issues/724
-		t := template.New("version")
-		template.Must(t.Parse(rootCmd.VersionTemplate()))
-		err := t.Execute(rootCmd.OutOrStdout(), rootCmd)
-		if err != nil {
-			rootCmd.Println(err)
-		}
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(versionCmd)
-	serveCmd.AddCommand(versionCmd)
-	dbCmd.AddCommand(versionCmd)
-}

cli/main.go

@@ -1,7 +0,0 @@
-package main
-
-import "github.com/filebrowser/filebrowser/cli/cmd"
-
-func main() {
-	cmd.Execute()
-}

cmd/cmd.go

@@ -0,0 +1,6 @@
+package cmd
+
+// Execute executes the commands.
+func Execute() error {
+	return rootCmd.Execute()
+}

cmd/cmd_test.go

@@ -0,0 +1,35 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/samber/lo"
+	"github.com/spf13/cobra"
+)
+
+// TestEnvCollisions ensures that there are no collisions in the produced environment
+// variable names for all commands and their flags.
+func TestEnvCollisions(t *testing.T) {
+	testEnvCollisions(t, rootCmd)
+}
+
+func testEnvCollisions(t *testing.T, cmd *cobra.Command) {
+	for _, cmd := range cmd.Commands() {
+		testEnvCollisions(t, cmd)
+	}
+
+	replacements := generateEnvKeyReplacements(cmd)
+	envVariables := []string{}
+
+	for i := range replacements {
+		if i%2 != 0 {
+			envVariables = append(envVariables, replacements[i])
+		}
+	}
+
+	duplicates := lo.FindDuplicates(envVariables)
+
+	if len(duplicates) > 0 {
+		t.Errorf("Found duplicate environment variable keys for command %q: %v", cmd.Name(), duplicates)
+	}
+}

cmd/cmds.go

@@ -0,0 +1,26 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	rootCmd.AddCommand(cmdsCmd)
+}
+
+var cmdsCmd = &cobra.Command{
+	Use:   "cmds",
+	Short: "Command runner management utility",
+	Long:  `Command runner management utility.`,
+	Args:  cobra.NoArgs,
+}
+
+func printEvents(m map[string][]string) {
+	for evt, cmds := range m {
+		for i, cmd := range cmds {
+			fmt.Printf("%s(%d): %s\n", evt, i, cmd)
+		}
+	}
+}

cmd/cmds_add.go

@@ -0,0 +1,32 @@
+package cmd
+
+import (
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	cmdsCmd.AddCommand(cmdsAddCmd)
+}
+
+var cmdsAddCmd = &cobra.Command{
+	Use:   "add <event> <command>",
+	Short: "Add a command to run on a specific event",
+	Long:  `Add a command to run on a specific event.`,
+	Args:  cobra.MinimumNArgs(2),
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		s, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+		command := strings.Join(args[1:], " ")
+		s.Commands[args[0]] = append(s.Commands[args[0]], command)
+		err = st.Settings.Save(s)
+		if err != nil {
+			return err
+		}
+		printEvents(s.Commands)
+		return nil
+	}, storeOptions{}),
+}

cmd/cmds_ls.go

@@ -0,0 +1,39 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	cmdsCmd.AddCommand(cmdsLsCmd)
+	cmdsLsCmd.Flags().StringP("event", "e", "", "event name, without 'before' or 'after'")
+}
+
+var cmdsLsCmd = &cobra.Command{
+	Use:   "ls",
+	Short: "List all commands for each event",
+	Long:  `List all commands for each event.`,
+	Args:  cobra.NoArgs,
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
+		s, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+
+		evt, err := cmd.Flags().GetString("event")
+		if err != nil {
+			return err
+		}
+
+		if evt == "" {
+			printEvents(s.Commands)
+		} else {
+			show := map[string][]string{}
+			show["before_"+evt] = s.Commands["before_"+evt]
+			show["after_"+evt] = s.Commands["after_"+evt]
+			printEvents(show)
+		}
+
+		return nil
+	}, storeOptions{}),
+}

cmd/cmds_rm.go

@@ -0,0 +1,65 @@
+package cmd
+
+import (
+	"strconv"
+
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	cmdsCmd.AddCommand(cmdsRmCmd)
+}
+
+var cmdsRmCmd = &cobra.Command{
+	Use:   "rm <event> <index> [index_end]",
+	Short: "Removes a command from an event hooker",
+	Long: `Removes a command from an event hooker. The provided index
+is the same that's printed when you run 'cmds ls'. Note
+that after each removal/addition, the index of the
+commands change. So be careful when removing them after each
+other.
+
+You can also specify an optional parameter (index_end) so
+you can remove all commands from 'index' to 'index_end',
+including 'index_end'.`,
+	Args: func(cmd *cobra.Command, args []string) error {
+		if err := cobra.RangeArgs(2, 3)(cmd, args); err != nil {
+			return err
+		}
+
+		for _, arg := range args[1:] {
+			if _, err := strconv.Atoi(arg); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	},
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		s, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+		evt := args[0]
+
+		i, err := strconv.Atoi(args[1])
+		if err != nil {
+			return err
+		}
+		f := i
+		if len(args) == 3 {
+			f, err = strconv.Atoi(args[2])
+			if err != nil {
+				return err
+			}
+		}
+
+		s.Commands[evt] = append(s.Commands[evt][:i], s.Commands[evt][f+1:]...)
+		err = st.Settings.Save(s)
+		if err != nil {
+			return err
+		}
+		printEvents(s.Commands)
+		return nil
+	}, storeOptions{}),
+}

cmd/config.go

@@ -0,0 +1,387 @@
+package cmd
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+	"text/tabwriter"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+
+	"github.com/filebrowser/filebrowser/v2/auth"
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
+	"github.com/filebrowser/filebrowser/v2/settings"
+)
+
+func init() {
+	rootCmd.AddCommand(configCmd)
+}
+
+var configCmd = &cobra.Command{
+	Use:   "config",
+	Short: "Configuration management utility",
+	Long:  `Configuration management utility.`,
+	Args:  cobra.NoArgs,
+}
+
+func addConfigFlags(flags *pflag.FlagSet) {
+	addServerFlags(flags)
+	addUserFlags(flags)
+
+	flags.BoolP("signup", "s", false, "allow users to signup")
+	flags.Bool("hideLoginButton", false, "hide login button from public pages")
+	flags.Bool("createUserDir", false, "generate user's home directory automatically")
+	flags.Uint("minimumPasswordLength", settings.DefaultMinimumPasswordLength, "minimum password length for new users")
+	flags.String("shell", "", "shell command to which other commands should be appended")
+
+	// NB: these are string so they can be presented as octal in the help text
+	// as that's the conventional representation for modes in Unix.
+	flags.String("fileMode", fmt.Sprintf("%O", settings.DefaultFileMode), "mode bits that new files are created with")
+	flags.String("dirMode", fmt.Sprintf("%O", settings.DefaultDirMode), "mode bits that new directories are created with")
+
+	flags.String("auth.method", string(auth.MethodJSONAuth), "authentication type")
+	flags.String("auth.header", "", "HTTP header for auth.method=proxy")
+	flags.String("auth.command", "", "command for auth.method=hook")
+	flags.String("auth.logoutPage", "", "url of custom logout page")
+
+	flags.String("recaptcha.host", "https://www.google.com", "use another host for ReCAPTCHA. recaptcha.net might be useful in China")
+	flags.String("recaptcha.key", "", "ReCaptcha site key")
+	flags.String("recaptcha.secret", "", "ReCaptcha secret")
+
+	flags.String("branding.name", "", "replace 'File Browser' by this name")
+	flags.String("branding.theme", "", "set the theme")
+	flags.String("branding.color", "", "set the theme color")
+	flags.String("branding.files", "", "path to directory with images and custom styles")
+	flags.Bool("branding.disableExternal", false, "disable external links such as GitHub links")
+	flags.Bool("branding.disableUsedPercentage", false, "disable used disk percentage graph")
+
+	flags.Uint64("tus.chunkSize", settings.DefaultTusChunkSize, "the tus chunk size")
+	flags.Uint16("tus.retryCount", settings.DefaultTusRetryCount, "the tus retry count")
+}
+
+func getAuthMethod(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, map[string]interface{}, error) {
+	methodStr, err := flags.GetString("auth.method")
+	if err != nil {
+		return "", nil, err
+	}
+	method := settings.AuthMethod(methodStr)
+
+	var defaultAuther map[string]interface{}
+	if len(defaults) > 0 {
+		if hasAuth := defaults[0]; hasAuth != true {
+			for _, arg := range defaults {
+				switch def := arg.(type) {
+				case *settings.Settings:
+					method = def.AuthMethod
+				case auth.Auther:
+					ms, err := json.Marshal(def)
+					if err != nil {
+						return "", nil, err
+					}
+					err = json.Unmarshal(ms, &defaultAuther)
+					if err != nil {
+						return "", nil, err
+					}
+				}
+			}
+		}
+	}
+
+	return method, defaultAuther, nil
+}
+
+func getProxyAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
+	header, err := flags.GetString("auth.header")
+	if err != nil {
+		return nil, err
+	}
+
+	if header == "" {
+		header = defaultAuther["header"].(string)
+	}
+
+	if header == "" {
+		return nil, errors.New("you must set the flag 'auth.header' for method 'proxy'")
+	}
+
+	return &auth.ProxyAuth{Header: header}, nil
+}
+
+func getNoAuth() auth.Auther {
+	return &auth.NoAuth{}
+}
+
+func getJSONAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
+	jsonAuth := &auth.JSONAuth{}
+	host, err := flags.GetString("recaptcha.host")
+	if err != nil {
+		return nil, err
+	}
+
+	key, err := flags.GetString("recaptcha.key")
+	if err != nil {
+		return nil, err
+	}
+
+	secret, err := flags.GetString("recaptcha.secret")
+	if err != nil {
+		return nil, err
+	}
+
+	if key == "" {
+		if kmap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
+			key = kmap["key"].(string)
+		}
+	}
+
+	if secret == "" {
+		if smap, ok := defaultAuther["recaptcha"].(map[string]interface{}); ok {
+			secret = smap["secret"].(string)
+		}
+	}
+
+	if key != "" && secret != "" {
+		jsonAuth.ReCaptcha = &auth.ReCaptcha{
+			Host:   host,
+			Key:    key,
+			Secret: secret,
+		}
+	}
+	return jsonAuth, nil
+}
+
+func getHookAuth(flags *pflag.FlagSet, defaultAuther map[string]interface{}) (auth.Auther, error) {
+	command, err := flags.GetString("auth.command")
+	if err != nil {
+		return nil, err
+	}
+	if command == "" {
+		command = defaultAuther["command"].(string)
+	}
+
+	if command == "" {
+		return nil, errors.New("you must set the flag 'auth.command' for method 'hook'")
+	}
+
+	return &auth.HookAuth{Command: command}, nil
+}
+
+func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.AuthMethod, auth.Auther, error) {
+	method, defaultAuther, err := getAuthMethod(flags, defaults...)
+	if err != nil {
+		return "", nil, err
+	}
+
+	var auther auth.Auther
+	switch method {
+	case auth.MethodProxyAuth:
+		auther, err = getProxyAuth(flags, defaultAuther)
+	case auth.MethodNoAuth:
+		auther = getNoAuth()
+	case auth.MethodJSONAuth:
+		auther, err = getJSONAuth(flags, defaultAuther)
+	case auth.MethodHookAuth:
+		auther, err = getHookAuth(flags, defaultAuther)
+	default:
+		return "", nil, fberrors.ErrInvalidAuthMethod
+	}
+
+	if err != nil {
+		return "", nil, err
+	}
+
+	return method, auther, nil
+}
+
+func printSettings(ser *settings.Server, set *settings.Settings, auther auth.Auther) error {
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+
+	fmt.Fprintf(w, "Sign up:\t%t\n", set.Signup)
+	fmt.Fprintf(w, "Hide Login Button:\t%t\n", set.HideLoginButton)
+	fmt.Fprintf(w, "Create User Dir:\t%t\n", set.CreateUserDir)
+	fmt.Fprintf(w, "Logout Page:\t%s\n", set.LogoutPage)
+	fmt.Fprintf(w, "Minimum Password Length:\t%d\n", set.MinimumPasswordLength)
+	fmt.Fprintf(w, "Auth Method:\t%s\n", set.AuthMethod)
+	fmt.Fprintf(w, "Shell:\t%s\t\n", strings.Join(set.Shell, " "))
+
+	fmt.Fprintln(w, "\nBranding:")
+	fmt.Fprintf(w, "\tName:\t%s\n", set.Branding.Name)
+	fmt.Fprintf(w, "\tFiles override:\t%s\n", set.Branding.Files)
+	fmt.Fprintf(w, "\tDisable external links:\t%t\n", set.Branding.DisableExternal)
+	fmt.Fprintf(w, "\tDisable used disk percentage graph:\t%t\n", set.Branding.DisableUsedPercentage)
+	fmt.Fprintf(w, "\tColor:\t%s\n", set.Branding.Color)
+	fmt.Fprintf(w, "\tTheme:\t%s\n", set.Branding.Theme)
+
+	fmt.Fprintln(w, "\nServer:")
+	fmt.Fprintf(w, "\tLog:\t%s\n", ser.Log)
+	fmt.Fprintf(w, "\tPort:\t%s\n", ser.Port)
+	fmt.Fprintf(w, "\tBase URL:\t%s\n", ser.BaseURL)
+	fmt.Fprintf(w, "\tRoot:\t%s\n", ser.Root)
+	fmt.Fprintf(w, "\tSocket:\t%s\n", ser.Socket)
+	fmt.Fprintf(w, "\tAddress:\t%s\n", ser.Address)
+	fmt.Fprintf(w, "\tTLS Cert:\t%s\n", ser.TLSCert)
+	fmt.Fprintf(w, "\tTLS Key:\t%s\n", ser.TLSKey)
+	fmt.Fprintf(w, "\tToken Expiration Time:\t%s\n", ser.TokenExpirationTime)
+	fmt.Fprintf(w, "\tExec Enabled:\t%t\n", ser.EnableExec)
+	fmt.Fprintf(w, "\tThumbnails Enabled:\t%t\n", ser.EnableThumbnails)
+	fmt.Fprintf(w, "\tResize Preview:\t%t\n", ser.ResizePreview)
+	fmt.Fprintf(w, "\tType Detection by Header:\t%t\n", ser.TypeDetectionByHeader)
+
+	fmt.Fprintln(w, "\nTUS:")
+	fmt.Fprintf(w, "\tChunk size:\t%d\n", set.Tus.ChunkSize)
+	fmt.Fprintf(w, "\tRetry count:\t%d\n", set.Tus.RetryCount)
+
+	fmt.Fprintln(w, "\nDefaults:")
+	fmt.Fprintf(w, "\tScope:\t%s\n", set.Defaults.Scope)
+	fmt.Fprintf(w, "\tHideDotfiles:\t%t\n", set.Defaults.HideDotfiles)
+	fmt.Fprintf(w, "\tLocale:\t%s\n", set.Defaults.Locale)
+	fmt.Fprintf(w, "\tView mode:\t%s\n", set.Defaults.ViewMode)
+	fmt.Fprintf(w, "\tSingle Click:\t%t\n", set.Defaults.SingleClick)
+	fmt.Fprintf(w, "\tFile Creation Mode:\t%O\n", set.FileMode)
+	fmt.Fprintf(w, "\tDirectory Creation Mode:\t%O\n", set.DirMode)
+	fmt.Fprintf(w, "\tCommands:\t%s\n", strings.Join(set.Defaults.Commands, " "))
+	fmt.Fprintf(w, "\tAce editor syntax highlighting theme:\t%s\n", set.Defaults.AceEditorTheme)
+
+	fmt.Fprintf(w, "\tSorting:\n")
+	fmt.Fprintf(w, "\t\tBy:\t%s\n", set.Defaults.Sorting.By)
+	fmt.Fprintf(w, "\t\tAsc:\t%t\n", set.Defaults.Sorting.Asc)
+
+	fmt.Fprintf(w, "\tPermissions:\n")
+	fmt.Fprintf(w, "\t\tAdmin:\t%t\n", set.Defaults.Perm.Admin)
+	fmt.Fprintf(w, "\t\tExecute:\t%t\n", set.Defaults.Perm.Execute)
+	fmt.Fprintf(w, "\t\tCreate:\t%t\n", set.Defaults.Perm.Create)
+	fmt.Fprintf(w, "\t\tRename:\t%t\n", set.Defaults.Perm.Rename)
+	fmt.Fprintf(w, "\t\tModify:\t%t\n", set.Defaults.Perm.Modify)
+	fmt.Fprintf(w, "\t\tDelete:\t%t\n", set.Defaults.Perm.Delete)
+	fmt.Fprintf(w, "\t\tShare:\t%t\n", set.Defaults.Perm.Share)
+	fmt.Fprintf(w, "\t\tDownload:\t%t\n", set.Defaults.Perm.Download)
+
+	w.Flush()
+
+	b, err := json.MarshalIndent(auther, "", "  ")
+	if err != nil {
+		return err
+	}
+	fmt.Printf("\nAuther configuration (raw):\n\n%s\n\n", string(b))
+	return nil
+}
+
+func getSettings(flags *pflag.FlagSet, set *settings.Settings, ser *settings.Server, auther auth.Auther, all bool) (auth.Auther, error) {
+	errs := []error{}
+	hasAuth := false
+
+	visit := func(flag *pflag.Flag) {
+		var err error
+
+		switch flag.Name {
+		// Server flags from [addServerFlags]
+		case "address":
+			ser.Address, err = flags.GetString(flag.Name)
+		case "log":
+			ser.Log, err = flags.GetString(flag.Name)
+		case "port":
+			ser.Port, err = flags.GetString(flag.Name)
+		case "cert":
+			ser.TLSCert, err = flags.GetString(flag.Name)
+		case "key":
+			ser.TLSKey, err = flags.GetString(flag.Name)
+		case "root":
+			ser.Root, err = flags.GetString(flag.Name)
+		case "socket":
+			ser.Socket, err = flags.GetString(flag.Name)
+		case "baseURL":
+			ser.BaseURL, err = flags.GetString(flag.Name)
+		case "tokenExpirationTime":
+			ser.TokenExpirationTime, err = flags.GetString(flag.Name)
+		case "disableThumbnails":
+			ser.EnableThumbnails, err = flags.GetBool(flag.Name)
+			ser.EnableThumbnails = !ser.EnableThumbnails
+		case "disablePreviewResize":
+			ser.ResizePreview, err = flags.GetBool(flag.Name)
+			ser.ResizePreview = !ser.ResizePreview
+		case "disableExec":
+			ser.EnableExec, err = flags.GetBool(flag.Name)
+			ser.EnableExec = !ser.EnableExec
+		case "disableTypeDetectionByHeader":
+			ser.TypeDetectionByHeader, err = flags.GetBool(flag.Name)
+			ser.TypeDetectionByHeader = !ser.TypeDetectionByHeader
+
+		// Settings flags from [addConfigFlags]
+		case "signup":
+			set.Signup, err = flags.GetBool(flag.Name)
+		case "hideLoginButton":
+			set.HideLoginButton, err = flags.GetBool(flag.Name)
+		case "createUserDir":
+			set.CreateUserDir, err = flags.GetBool(flag.Name)
+		case "minimumPasswordLength":
+			set.MinimumPasswordLength, err = flags.GetUint(flag.Name)
+		case "shell":
+			var shell string
+			shell, err = flags.GetString(flag.Name)
+			if err == nil {
+				set.Shell = convertCmdStrToCmdArray(shell)
+			}
+		case "fileMode":
+			set.FileMode, err = getAndParseFileMode(flags, flag.Name)
+		case "dirMode":
+			set.DirMode, err = getAndParseFileMode(flags, flag.Name)
+		case "auth.method":
+			hasAuth = true
+		case "auth.logoutPage":
+			set.LogoutPage, err = flags.GetString(flag.Name)
+		case "branding.name":
+			set.Branding.Name, err = flags.GetString(flag.Name)
+		case "branding.theme":
+			set.Branding.Theme, err = flags.GetString(flag.Name)
+		case "branding.color":
+			set.Branding.Color, err = flags.GetString(flag.Name)
+		case "branding.files":
+			set.Branding.Files, err = flags.GetString(flag.Name)
+		case "branding.disableExternal":
+			set.Branding.DisableExternal, err = flags.GetBool(flag.Name)
+		case "branding.disableUsedPercentage":
+			set.Branding.DisableUsedPercentage, err = flags.GetBool(flag.Name)
+		case "tus.chunkSize":
+			set.Tus.ChunkSize, err = flags.GetUint64(flag.Name)
+		case "tus.retryCount":
+			set.Tus.RetryCount, err = flags.GetUint16(flag.Name)
+		}
+
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	if all {
+		flags.VisitAll(visit)
+	} else {
+		flags.Visit(visit)
+	}
+
+	err := errors.Join(errs...)
+	if err != nil {
+		return nil, err
+	}
+
+	err = getUserDefaults(flags, &set.Defaults, all)
+	if err != nil {
+		return nil, err
+	}
+
+	if all {
+		set.AuthMethod, auther, err = getAuthentication(flags)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		set.AuthMethod, auther, err = getAuthentication(flags, hasAuth, set, auther)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return auther, nil
+}

cmd/config_cat.go

@@ -0,0 +1,31 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	configCmd.AddCommand(configCatCmd)
+}
+
+var configCatCmd = &cobra.Command{
+	Use:   "cat",
+	Short: "Prints the configuration",
+	Long:  `Prints the configuration.`,
+	Args:  cobra.NoArgs,
+	RunE: withStore(func(_ *cobra.Command, _ []string, st *store) error {
+		set, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+		ser, err := st.Settings.GetServer()
+		if err != nil {
+			return err
+		}
+		auther, err := st.Auth.Get(set.AuthMethod)
+		if err != nil {
+			return err
+		}
+		return printSettings(ser, set, auther)
+	}, storeOptions{}),
+}

cmd/config_export.go

@@ -0,0 +1,46 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	configCmd.AddCommand(configExportCmd)
+}
+
+var configExportCmd = &cobra.Command{
+	Use:   "export <path>",
+	Short: "Export the configuration to a file",
+	Long: `Export the configuration to a file. The path must be for a
+json or yaml file. This exported configuration can be changed,
+and imported again with 'config import' command.`,
+	Args: jsonYamlArg,
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		settings, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+
+		server, err := st.Settings.GetServer()
+		if err != nil {
+			return err
+		}
+
+		auther, err := st.Auth.Get(settings.AuthMethod)
+		if err != nil {
+			return err
+		}
+
+		data := &settingsFile{
+			Settings: settings,
+			Auther:   auther,
+			Server:   server,
+		}
+
+		err = marshal(args[0], data)
+		if err != nil {
+			return err
+		}
+		return nil
+	}, storeOptions{}),
+}

cmd/config_import.go

@@ -0,0 +1,122 @@
+package cmd
+
+import (
+	"encoding/json"
+	"errors"
+	"path/filepath"
+	"reflect"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/auth"
+	"github.com/filebrowser/filebrowser/v2/settings"
+)
+
+func init() {
+	configCmd.AddCommand(configImportCmd)
+}
+
+type settingsFile struct {
+	Settings *settings.Settings `json:"settings"`
+	Server   *settings.Server   `json:"server"`
+	Auther   interface{}        `json:"auther"`
+}
+
+var configImportCmd = &cobra.Command{
+	Use:   "import <path>",
+	Short: "Import a configuration file",
+	Long: `Import a configuration file. This will replace all the existing
+configuration. Can be used with or without unexisting databases.
+
+If used with a nonexisting database, a key will be generated
+automatically. Otherwise the key will be kept the same as in the
+database.
+
+The path must be for a json or yaml file.`,
+	Args: jsonYamlArg,
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		var key []byte
+		var err error
+		if st.databaseExisted {
+			settings, settingErr := st.Settings.Get()
+			if settingErr != nil {
+				return settingErr
+			}
+			key = settings.Key
+		} else {
+			key = generateKey()
+		}
+
+		file := settingsFile{}
+		err = unmarshal(args[0], &file)
+		if err != nil {
+			return err
+		}
+
+		file.Settings.Key = key
+		err = st.Settings.Save(file.Settings)
+		if err != nil {
+			return err
+		}
+
+		err = st.Settings.SaveServer(file.Server)
+		if err != nil {
+			return err
+		}
+
+		var rawAuther interface{}
+		if filepath.Ext(args[0]) != ".json" {
+			rawAuther = cleanUpInterfaceMap(file.Auther.(map[interface{}]interface{}))
+		} else {
+			rawAuther = file.Auther
+		}
+
+		var auther auth.Auther
+		var autherErr error
+		switch file.Settings.AuthMethod {
+		case auth.MethodJSONAuth:
+			var a interface{}
+			a, autherErr = getAuther(auth.JSONAuth{}, rawAuther)
+			auther = a.(*auth.JSONAuth)
+		case auth.MethodNoAuth:
+			var a interface{}
+			a, autherErr = getAuther(auth.NoAuth{}, rawAuther)
+			auther = a.(*auth.NoAuth)
+		case auth.MethodProxyAuth:
+			var a interface{}
+			a, autherErr = getAuther(auth.ProxyAuth{}, rawAuther)
+			auther = a.(*auth.ProxyAuth)
+		case auth.MethodHookAuth:
+			var a interface{}
+			a, autherErr = getAuther(&auth.HookAuth{}, rawAuther)
+			auther = a.(*auth.HookAuth)
+		default:
+			return errors.New("invalid auth method")
+		}
+
+		if autherErr != nil {
+			return autherErr
+		}
+
+		err = st.Auth.Save(auther)
+		if err != nil {
+			return err
+		}
+
+		return printSettings(file.Server, file.Settings, auther)
+	}, storeOptions{allowsNoDatabase: true}),
+}
+
+func getAuther(sample auth.Auther, data interface{}) (interface{}, error) {
+	authType := reflect.TypeOf(sample)
+	auther := reflect.New(authType).Interface()
+	bytes, err := json.Marshal(data)
+	if err != nil {
+		return nil, err
+	}
+	err = json.Unmarshal(bytes, &auther)
+	if err != nil {
+		return nil, err
+	}
+	return auther, nil
+}

cmd/config_init.go

@@ -0,0 +1,61 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+)
+
+func init() {
+	configCmd.AddCommand(configInitCmd)
+	addConfigFlags(configInitCmd.Flags())
+}
+
+var configInitCmd = &cobra.Command{
+	Use:   "init",
+	Short: "Initialize a new database",
+	Long: `Initialize a new database to use with File Browser. All of
+this options can be changed in the future with the command
+'filebrowser config set'. The user related flags apply
+to the defaults when creating new users and you don't
+override the options.`,
+	Args: cobra.NoArgs,
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
+		flags := cmd.Flags()
+
+		// Initialize config
+		s := &settings.Settings{Key: generateKey()}
+		ser := &settings.Server{}
+
+		// Fill config with options
+		auther, err := getSettings(flags, s, ser, nil, true)
+		if err != nil {
+			return err
+		}
+
+		// Save updated config
+		err = st.Settings.Save(s)
+		if err != nil {
+			return err
+		}
+
+		err = st.Settings.SaveServer(ser)
+		if err != nil {
+			return err
+		}
+
+		err = st.Auth.Save(auther)
+		if err != nil {
+			return err
+		}
+
+		fmt.Printf(`
+Congratulations! You've set up your database to use with File Browser.
+Now add your first user via 'filebrowser users add' and then you just
+need to call the main command to boot up the server.
+`)
+		return printSettings(ser, s, auther)
+	}, storeOptions{expectsNoDatabase: true}),
+}

cmd/config_set.go

@@ -0,0 +1,61 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	configCmd.AddCommand(configSetCmd)
+	addConfigFlags(configSetCmd.Flags())
+}
+
+var configSetCmd = &cobra.Command{
+	Use:   "set",
+	Short: "Updates the configuration",
+	Long: `Updates the configuration. Set the flags for the options
+you want to change. Other options will remain unchanged.`,
+	Args: cobra.NoArgs,
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
+		flags := cmd.Flags()
+
+		// Read existing config
+		set, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+
+		ser, err := st.Settings.GetServer()
+		if err != nil {
+			return err
+		}
+
+		auther, err := st.Auth.Get(set.AuthMethod)
+		if err != nil {
+			return err
+		}
+
+		// Get updated config
+		auther, err = getSettings(flags, set, ser, auther, false)
+		if err != nil {
+			return err
+		}
+
+		// Save updated config
+		err = st.Auth.Save(auther)
+		if err != nil {
+			return err
+		}
+
+		err = st.Settings.Save(set)
+		if err != nil {
+			return err
+		}
+
+		err = st.Settings.SaveServer(ser)
+		if err != nil {
+			return err
+		}
+
+		return printSettings(ser, set, auther)
+	}, storeOptions{}),
+}

cmd/docs.go

@@ -0,0 +1,82 @@
+package cmd
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path"
+	"regexp"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/cobra/doc"
+)
+
+func init() {
+	rootCmd.AddCommand(docsCmd)
+	docsCmd.Flags().String("out", "www/docs/cli", "directory to write the docs to")
+}
+
+var docsCmd = &cobra.Command{
+	Use:    "docs",
+	Hidden: true,
+	Args:   cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, _ []string) error {
+		outputDir, err := cmd.Flags().GetString("out")
+		if err != nil {
+			return err
+		}
+
+		tempDir, err := os.MkdirTemp(os.TempDir(), "filebrowser-docs-")
+		if err != nil {
+			return err
+		}
+		defer os.RemoveAll(tempDir)
+
+		rootCmd.Root().DisableAutoGenTag = true
+
+		err = doc.GenMarkdownTreeCustom(cmd.Root(), tempDir, func(_ string) string {
+			return ""
+		}, func(s string) string {
+			return s
+		})
+		if err != nil {
+			return err
+		}
+
+		entries, err := os.ReadDir(tempDir)
+		if err != nil {
+			return err
+		}
+
+		headerRegex := regexp.MustCompile(`(?m)^(##)(.*)$`)
+		linkRegex := regexp.MustCompile(`\(filebrowser(.*)\.md\)`)
+
+		fmt.Println("Generated Documents:")
+
+		for _, entry := range entries {
+			srcPath := path.Join(tempDir, entry.Name())
+			dstPath := path.Join(outputDir, strings.ReplaceAll(entry.Name(), "_", "-"))
+
+			data, err := os.ReadFile(srcPath)
+			if err != nil {
+				return err
+			}
+
+			data = headerRegex.ReplaceAll(data, []byte("#$2"))
+			data = linkRegex.ReplaceAllFunc(data, func(b []byte) []byte {
+				return bytes.ReplaceAll(b, []byte("_"), []byte("-"))
+			})
+			data = bytes.ReplaceAll(data, []byte("## SEE ALSO"), []byte("## See Also"))
+
+			err = os.WriteFile(dstPath, data, 0666)
+			if err != nil {
+				return err
+			}
+
+			fmt.Println("- " + dstPath)
+		}
+
+		return nil
+	},
+}

cmd/hash.go

@@ -0,0 +1,28 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	rootCmd.AddCommand(hashCmd)
+}
+
+var hashCmd = &cobra.Command{
+	Use:   "hash <password>",
+	Short: "Hashes a password",
+	Long:  `Hashes a password using bcrypt algorithm.`,
+	Args:  cobra.ExactArgs(1),
+	RunE: func(_ *cobra.Command, args []string) error {
+		pwd, err := users.HashPwd(args[0])
+		if err != nil {
+			return err
+		}
+		fmt.Println(pwd)
+		return nil
+	},
+}

cmd/root.go

@@ -0,0 +1,482 @@
+package cmd
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/spf13/afero"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	lumberjack "gopkg.in/natefinch/lumberjack.v2"
+
+	"github.com/filebrowser/filebrowser/v2/auth"
+	"github.com/filebrowser/filebrowser/v2/diskcache"
+	"github.com/filebrowser/filebrowser/v2/frontend"
+	fbhttp "github.com/filebrowser/filebrowser/v2/http"
+	"github.com/filebrowser/filebrowser/v2/img"
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/storage"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+var (
+	flagNamesMigrations = map[string]string{
+		"file-mode":                        "fileMode",
+		"dir-mode":                         "dirMode",
+		"hide-login-button":                "hideLoginButton",
+		"create-user-dir":                  "createUserDir",
+		"minimum-password-length":          "minimumPasswordLength",
+		"socket-perm":                      "socketPerm",
+		"disable-thumbnails":               "disableThumbnails",
+		"disable-preview-resize":           "disablePreviewResize",
+		"disable-exec":                     "disableExec",
+		"disable-type-detection-by-header": "disableTypeDetectionByHeader",
+		"img-processors":                   "imageProcessors",
+		"cache-dir":                        "cacheDir",
+		"token-expiration-time":            "tokenExpirationTime",
+		"baseurl":                          "baseURL",
+	}
+
+	warnedFlags = map[string]bool{}
+)
+
+// TODO(remove): remove after July 2026.
+func migrateFlagNames(_ *pflag.FlagSet, name string) pflag.NormalizedName {
+	if newName, ok := flagNamesMigrations[name]; ok {
+
+		if !warnedFlags[name] {
+			warnedFlags[name] = true
+			log.Printf("DEPRECATION NOTICE: Flag --%s has been deprecated, use --%s instead\n", name, newName)
+		}
+
+		name = newName
+	}
+
+	return pflag.NormalizedName(name)
+}
+
+func init() {
+	rootCmd.SilenceUsage = true
+	rootCmd.SetGlobalNormalizationFunc(migrateFlagNames)
+
+	cobra.MousetrapHelpText = ""
+
+	rootCmd.SetVersionTemplate("File Browser version {{printf \"%s\" .Version}}\n")
+
+	// Flags available across the whole program
+	persistent := rootCmd.PersistentFlags()
+	persistent.StringP("config", "c", "", "config file path")
+	persistent.StringP("database", "d", "./filebrowser.db", "database path")
+
+	// Runtime flags for the root command
+	flags := rootCmd.Flags()
+	flags.Bool("noauth", false, "use the noauth auther when using quick setup")
+	flags.String("username", "admin", "username for the first user when using quick setup")
+	flags.String("password", "", "hashed password for the first user when using quick setup")
+	flags.Uint32("socketPerm", 0666, "unix socket file permissions")
+	flags.String("cacheDir", "", "file cache directory (disabled if empty)")
+	flags.Int("imageProcessors", 4, "image processors count")
+	addServerFlags(flags)
+}
+
+// addServerFlags adds server related flags to the given FlagSet. These flags are available
+// in both the root command, config set and config init commands.
+func addServerFlags(flags *pflag.FlagSet) {
+	flags.StringP("address", "a", "127.0.0.1", "address to listen on")
+	flags.StringP("log", "l", "stdout", "log output")
+	flags.StringP("port", "p", "8080", "port to listen on")
+	flags.StringP("cert", "t", "", "tls certificate")
+	flags.StringP("key", "k", "", "tls key")
+	flags.StringP("root", "r", ".", "root to prepend to relative paths")
+	flags.String("socket", "", "socket to listen to (cannot be used with address, port, cert nor key flags)")
+	flags.StringP("baseURL", "b", "", "base url")
+	flags.String("tokenExpirationTime", "2h", "user session timeout")
+	flags.Bool("disableThumbnails", false, "disable image thumbnails")
+	flags.Bool("disablePreviewResize", false, "disable resize of image previews")
+	flags.Bool("disableExec", true, "disables Command Runner feature")
+	flags.Bool("disableTypeDetectionByHeader", false, "disables type detection by reading file headers")
+}
+
+var rootCmd = &cobra.Command{
+	Use:   "filebrowser",
+	Short: "A stylish web-based file browser",
+	Long: `File Browser CLI lets you create the database to use with File Browser,
+manage your users and all the configurations without accessing the
+web interface.
+
+If you've never run File Browser, you'll need to have a database for
+it. Don't worry: you don't need to setup a separate database server.
+We're using Bolt DB which is a single file database and all managed
+by ourselves.
+
+For this command, all flags are available as environmental variables,
+except for "--config", which specifies the configuration file to use.
+The environment variables are prefixed by "FB_" followed by the flag name in
+UPPER_SNAKE_CASE. For example, the flag "--disablePreviewResize" is available
+as FB_DISABLE_PREVIEW_RESIZE.
+
+If "--config" is not specified, File Browser will look for a configuration
+file named .filebrowser.{json, toml, yaml, yml} in the following directories:
+
+- ./
+- $HOME/
+- /etc/filebrowser/
+
+The precedence of the configuration values are as follows:
+
+- Flags
+- Environment variables
+- Configuration file
+- Database values
+- Defaults
+
+Also, if the database path doesn't exist, File Browser will enter into
+the quick setup mode and a new database will be bootstrapped and a new
+user created with the credentials from options "username" and "password".`,
+	RunE: withViperAndStore(func(_ *cobra.Command, _ []string, v *viper.Viper, st *store) error {
+		if !st.databaseExisted {
+			err := quickSetup(v, st.Storage)
+			if err != nil {
+				return err
+			}
+		}
+
+		// build img service
+		imgWorkersCount := v.GetInt("imageProcessors")
+		if imgWorkersCount < 1 {
+			return errors.New("image resize workers count could not be < 1")
+		}
+		imageService := img.New(imgWorkersCount)
+
+		var fileCache diskcache.Interface = diskcache.NewNoOp()
+		cacheDir := v.GetString("cacheDir")
+		if cacheDir != "" {
+			if err := os.MkdirAll(cacheDir, 0700); err != nil {
+				return fmt.Errorf("can't make directory %s: %w", cacheDir, err)
+			}
+			fileCache = diskcache.New(afero.NewOsFs(), cacheDir)
+		}
+
+		server, err := getServerSettings(v, st.Storage)
+		if err != nil {
+			return err
+		}
+		setupLog(server.Log)
+
+		root, err := filepath.Abs(server.Root)
+		if err != nil {
+			return err
+		}
+		server.Root = root
+
+		adr := server.Address + ":" + server.Port
+
+		var listener net.Listener
+
+		switch {
+		case server.Socket != "":
+			listener, err = net.Listen("unix", server.Socket)
+			if err != nil {
+				return err
+			}
+			socketPerm := v.GetUint32("socketPerm")
+			err = os.Chmod(server.Socket, os.FileMode(socketPerm))
+			if err != nil {
+				return err
+			}
+		case server.TLSKey != "" && server.TLSCert != "":
+			cer, err := tls.LoadX509KeyPair(server.TLSCert, server.TLSKey)
+			if err != nil {
+				return err
+			}
+			listener, err = tls.Listen("tcp", adr, &tls.Config{
+				MinVersion:   tls.VersionTLS12,
+				Certificates: []tls.Certificate{cer}},
+			)
+			if err != nil {
+				return err
+			}
+		default:
+			listener, err = net.Listen("tcp", adr)
+			if err != nil {
+				return err
+			}
+		}
+
+		assetsFs, err := fs.Sub(frontend.Assets(), "dist")
+		if err != nil {
+			panic(err)
+		}
+
+		handler, err := fbhttp.NewHandler(imageService, fileCache, st.Storage, server, assetsFs)
+		if err != nil {
+			return err
+		}
+
+		defer listener.Close()
+
+		log.Println("Listening on", listener.Addr().String())
+		srv := &http.Server{
+			Handler:           handler,
+			ReadHeaderTimeout: 60 * time.Second,
+		}
+
+		go func() {
+			if err := srv.Serve(listener); !errors.Is(err, http.ErrServerClosed) {
+				log.Fatalf("HTTP server error: %v", err)
+			}
+
+			log.Println("Stopped serving new connections.")
+		}()
+
+		sigc := make(chan os.Signal, 1)
+		signal.Notify(sigc,
+			os.Interrupt,
+			syscall.SIGHUP,
+			syscall.SIGINT,
+			syscall.SIGTERM,
+			syscall.SIGQUIT,
+		)
+		sig := <-sigc
+		log.Println("Got signal:", sig)
+
+		shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
+		defer shutdownRelease()
+
+		if err := srv.Shutdown(shutdownCtx); err != nil {
+			log.Fatalf("HTTP shutdown error: %v", err)
+		}
+		log.Println("Graceful shutdown complete.")
+
+		return nil
+	}, storeOptions{allowsNoDatabase: true}),
+}
+
+func getServerSettings(v *viper.Viper, st *storage.Storage) (*settings.Server, error) {
+	server, err := st.Settings.GetServer()
+	if err != nil {
+		return nil, err
+	}
+
+	isSocketSet := false
+	isAddrSet := false
+
+	if v.IsSet("address") {
+		server.Address = v.GetString("address")
+		isAddrSet = true
+	}
+
+	if v.IsSet("log") {
+		server.Log = v.GetString("log")
+	}
+
+	if v.IsSet("port") {
+		server.Port = v.GetString("port")
+		isAddrSet = true
+	}
+
+	if v.IsSet("cert") {
+		server.TLSCert = v.GetString("cert")
+		isAddrSet = true
+	}
+
+	if v.IsSet("key") {
+		server.TLSKey = v.GetString("key")
+		isAddrSet = true
+	}
+
+	if v.IsSet("root") {
+		server.Root = v.GetString("root")
+	}
+
+	if v.IsSet("socket") {
+		server.Socket = v.GetString("socket")
+		isSocketSet = true
+	}
+
+	if v.IsSet("baseURL") {
+		server.BaseURL = v.GetString("baseURL")
+		// TODO(remove): remove after July 2026.
+	} else if v := os.Getenv("FB_BASEURL"); v != "" {
+		log.Println("DEPRECATION NOTICE: Environment variable FB_BASEURL has been deprecated, use FB_BASE_URL instead")
+		server.BaseURL = v
+	}
+
+	if v.IsSet("tokenExpirationTime") {
+		server.TokenExpirationTime = v.GetString("tokenExpirationTime")
+	}
+
+	if v.IsSet("disableThumbnails") {
+		server.EnableThumbnails = !v.GetBool("disableThumbnails")
+	}
+
+	if v.IsSet("disablePreviewResize") {
+		server.ResizePreview = !v.GetBool("disablePreviewResize")
+	}
+
+	if v.IsSet("disableTypeDetectionByHeader") {
+		server.TypeDetectionByHeader = !v.GetBool("disableTypeDetectionByHeader")
+	}
+
+	if v.IsSet("disableExec") {
+		server.EnableExec = !v.GetBool("disableExec")
+	}
+
+	if isAddrSet && isSocketSet {
+		return nil, errors.New("--socket flag cannot be used with --address, --port, --key nor --cert")
+	}
+
+	// Do not use saved Socket if address was manually set.
+	if isAddrSet && server.Socket != "" {
+		server.Socket = ""
+	}
+
+	if server.EnableExec {
+		log.Println("WARNING: Command Runner feature enabled!")
+		log.Println("WARNING: This feature has known security vulnerabilities and should not")
+		log.Println("WARNING: you fully understand the risks involved. For more information")
+		log.Println("WARNING: read https://github.com/filebrowser/filebrowser/issues/5199")
+	}
+
+	return server, nil
+}
+
+func setupLog(logMethod string) {
+	switch logMethod {
+	case "stdout":
+		log.SetOutput(os.Stdout)
+	case "stderr":
+		log.SetOutput(os.Stderr)
+	case "":
+		log.SetOutput(io.Discard)
+	default:
+		log.SetOutput(&lumberjack.Logger{
+			Filename:   logMethod,
+			MaxSize:    100,
+			MaxAge:     14,
+			MaxBackups: 10,
+		})
+	}
+}
+
+func quickSetup(v *viper.Viper, s *storage.Storage) error {
+	log.Println("Performing quick setup")
+
+	set := &settings.Settings{
+		Key:                   generateKey(),
+		Signup:                false,
+		HideLoginButton:       true,
+		CreateUserDir:         false,
+		MinimumPasswordLength: settings.DefaultMinimumPasswordLength,
+		UserHomeBasePath:      settings.DefaultUsersHomeBasePath,
+		Defaults: settings.UserDefaults{
+			Scope:          ".",
+			Locale:         "en",
+			SingleClick:    false,
+			AceEditorTheme: v.GetString("defaults.aceEditorTheme"),
+			Perm: users.Permissions{
+				Admin:    false,
+				Execute:  true,
+				Create:   true,
+				Rename:   true,
+				Modify:   true,
+				Delete:   true,
+				Share:    true,
+				Download: true,
+			},
+		},
+		AuthMethod: "",
+		Branding:   settings.Branding{},
+		Tus: settings.Tus{
+			ChunkSize:  settings.DefaultTusChunkSize,
+			RetryCount: settings.DefaultTusRetryCount,
+		},
+		Commands: nil,
+		Shell:    nil,
+		Rules:    nil,
+	}
+
+	var err error
+	if v.GetBool("noauth") {
+		set.AuthMethod = auth.MethodNoAuth
+		err = s.Auth.Save(&auth.NoAuth{})
+	} else {
+		set.AuthMethod = auth.MethodJSONAuth
+		err = s.Auth.Save(&auth.JSONAuth{})
+	}
+	if err != nil {
+		return err
+	}
+
+	err = s.Settings.Save(set)
+	if err != nil {
+		return err
+	}
+
+	ser := &settings.Server{
+		BaseURL:               v.GetString("baseURL"),
+		Port:                  v.GetString("port"),
+		Log:                   v.GetString("log"),
+		TLSKey:                v.GetString("key"),
+		TLSCert:               v.GetString("cert"),
+		Address:               v.GetString("address"),
+		Root:                  v.GetString("root"),
+		TokenExpirationTime:   v.GetString("tokenExpirationTime"),
+		EnableThumbnails:      !v.GetBool("disableThumbnails"),
+		ResizePreview:         !v.GetBool("disablePreviewResize"),
+		EnableExec:            !v.GetBool("disableExec"),
+		TypeDetectionByHeader: !v.GetBool("disableTypeDetectionByHeader"),
+	}
+
+	err = s.Settings.SaveServer(ser)
+	if err != nil {
+		return err
+	}
+
+	username := v.GetString("username")
+	password := v.GetString("password")
+
+	if password == "" {
+		var pwd string
+		pwd, err = users.RandomPwd(set.MinimumPasswordLength)
+		if err != nil {
+			return err
+		}
+
+		log.Printf("User '%s' initialized with randomly generated password: %s\n", username, pwd)
+		password, err = users.ValidateAndHashPwd(pwd, set.MinimumPasswordLength)
+		if err != nil {
+			return err
+		}
+	} else {
+		log.Printf("User '%s' initialize wth user-provided password\n", username)
+	}
+
+	if username == "" || password == "" {
+		log.Fatal("username and password cannot be empty during quick setup")
+	}
+
+	user := &users.User{
+		Username:     username,
+		Password:     password,
+		LockPassword: false,
+	}
+
+	set.Defaults.Apply(user)
+	user.Perm.Admin = true
+
+	return s.Users.Save(user)
+}

cmd/rule_rm.go

@@ -0,0 +1,68 @@
+package cmd
+
+import (
+	"strconv"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	rulesCmd.AddCommand(rulesRmCommand)
+	rulesRmCommand.Flags().Uint("index", 0, "index of rule to remove")
+	_ = rulesRmCommand.MarkFlagRequired("index")
+}
+
+var rulesRmCommand = &cobra.Command{
+	Use:   "rm <index> [index_end]",
+	Short: "Remove a global rule or user rule",
+	Long: `Remove a global rule or user rule. The provided index
+is the same that's printed when you run 'rules ls'. Note
+that after each removal/addition, the index of the
+commands change. So be careful when removing them after each
+other.
+
+You can also specify an optional parameter (index_end) so
+you can remove all commands from 'index' to 'index_end',
+including 'index_end'.`,
+	Args: func(cmd *cobra.Command, args []string) error {
+		if err := cobra.RangeArgs(1, 2)(cmd, args); err != nil {
+			return err
+		}
+
+		for _, arg := range args {
+			if _, err := strconv.Atoi(arg); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	},
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
+		i, err := strconv.Atoi(args[0])
+		if err != nil {
+			return err
+		}
+		f := i
+		if len(args) == 2 {
+			f, err = strconv.Atoi(args[1])
+			if err != nil {
+				return err
+			}
+		}
+
+		user := func(u *users.User) error {
+			u.Rules = append(u.Rules[:i], u.Rules[f+1:]...)
+			return st.Users.Save(u)
+		}
+
+		global := func(s *settings.Settings) error {
+			s.Rules = append(s.Rules[:i], s.Rules[f+1:]...)
+			return st.Settings.Save(s)
+		}
+
+		return runRules(st.Storage, cmd, user, global)
+	}, storeOptions{}),
+}

cmd/rules.go

@@ -0,0 +1,114 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+
+	"github.com/filebrowser/filebrowser/v2/rules"
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/storage"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	rootCmd.AddCommand(rulesCmd)
+	rulesCmd.PersistentFlags().StringP("username", "u", "", "username of user to which the rules apply")
+	rulesCmd.PersistentFlags().UintP("id", "i", 0, "id of user to which the rules apply")
+}
+
+var rulesCmd = &cobra.Command{
+	Use:   "rules",
+	Short: "Rules management utility",
+	Long: `On each subcommand you'll have available at least two flags:
+"username" and "id". You must either set only one of them
+or none. If you set one of them, the command will apply to
+an user, otherwise it will be applied to the global set or
+rules.`,
+	Args: cobra.NoArgs,
+}
+
+func runRules(st *storage.Storage, cmd *cobra.Command, usersFn func(*users.User) error, globalFn func(*settings.Settings) error) error {
+	id, err := getUserIdentifier(cmd.Flags())
+	if err != nil {
+		return err
+	}
+	if id != nil {
+		var user *users.User
+		user, err = st.Users.Get("", id)
+		if err != nil {
+			return err
+		}
+
+		if usersFn != nil {
+			err = usersFn(user)
+			if err != nil {
+				return err
+			}
+		}
+
+		printRules(user.Rules, id)
+		return nil
+	}
+
+	s, err := st.Settings.Get()
+	if err != nil {
+		return err
+	}
+
+	if globalFn != nil {
+		err = globalFn(s)
+		if err != nil {
+			return err
+		}
+	}
+
+	printRules(s.Rules, id)
+	return nil
+}
+
+func getUserIdentifier(flags *pflag.FlagSet) (interface{}, error) {
+	id, err := flags.GetUint("id")
+	if err != nil {
+		return nil, err
+	}
+
+	username, err := flags.GetString("username")
+	if err != nil {
+		return nil, err
+	}
+
+	if id != 0 {
+		return id, nil
+	} else if username != "" {
+		return username, nil
+	}
+
+	return nil, nil
+}
+
+func printRules(rulez []rules.Rule, id interface{}) {
+	if id == nil {
+		fmt.Printf("Global Rules:\n\n")
+	} else {
+		fmt.Printf("Rules for user %v:\n\n", id)
+	}
+
+	for id, rule := range rulez {
+		fmt.Printf("(%d) ", id)
+		if rule.Regex {
+			if rule.Allow {
+				fmt.Printf("Allow Regex: \t%s\n", rule.Regexp.Raw)
+			} else {
+				fmt.Printf("Disallow Regex: \t%s\n", rule.Regexp.Raw)
+			}
+		} else {
+			if rule.Allow {
+				fmt.Printf("Allow Path: \t%s\n", rule.Path)
+			} else {
+				fmt.Printf("Disallow Path: \t%s\n", rule.Path)
+			}
+		}
+	}
+}

cmd/rules_add.go

@@ -0,0 +1,66 @@
+package cmd
+
+import (
+	"regexp"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/rules"
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	rulesCmd.AddCommand(rulesAddCmd)
+	rulesAddCmd.Flags().BoolP("allow", "a", false, "indicates this is an allow rule")
+	rulesAddCmd.Flags().BoolP("regex", "r", false, "indicates this is a regex rule")
+}
+
+var rulesAddCmd = &cobra.Command{
+	Use:   "add <path|expression>",
+	Short: "Add a global rule or user rule",
+	Long:  `Add a global rule or user rule.`,
+	Args:  cobra.ExactArgs(1),
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
+		flags := cmd.Flags()
+
+		allow, err := flags.GetBool("allow")
+		if err != nil {
+			return err
+		}
+
+		regex, err := flags.GetBool("regex")
+		if err != nil {
+			return err
+		}
+
+		exp := args[0]
+
+		if regex {
+			regexp.MustCompile(exp)
+		}
+
+		rule := rules.Rule{
+			Allow: allow,
+			Regex: regex,
+		}
+
+		if regex {
+			rule.Regexp = &rules.Regexp{Raw: exp}
+		} else {
+			rule.Path = exp
+		}
+
+		user := func(u *users.User) error {
+			u.Rules = append(u.Rules, rule)
+			return st.Users.Save(u)
+		}
+
+		global := func(s *settings.Settings) error {
+			s.Rules = append(s.Rules, rule)
+			return st.Settings.Save(s)
+		}
+
+		return runRules(st.Storage, cmd, user, global)
+	}, storeOptions{}),
+}

cmd/rules_ls.go

@@ -0,0 +1,19 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	rulesCmd.AddCommand(rulesLsCommand)
+}
+
+var rulesLsCommand = &cobra.Command{
+	Use:   "ls",
+	Short: "List global rules or user specific rules",
+	Long:  `List global rules or user specific rules.`,
+	Args:  cobra.NoArgs,
+	RunE: withStore(func(cmd *cobra.Command, _ []string, st *store) error {
+		return runRules(st.Storage, cmd, nil, nil)
+	}, storeOptions{}),
+}

cmd/users.go

@@ -0,0 +1,153 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+	"text/tabwriter"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	rootCmd.AddCommand(usersCmd)
+}
+
+var usersCmd = &cobra.Command{
+	Use:   "users",
+	Short: "Users management utility",
+	Long:  `Users management utility.`,
+	Args:  cobra.NoArgs,
+}
+
+func printUsers(usrs []*users.User) {
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+	fmt.Fprintln(w, "ID\tUsername\tScope\tLocale\tV. Mode\tS.Click\tAdmin\tExecute\tCreate\tRename\tModify\tDelete\tShare\tDownload\tPwd Lock")
+
+	for _, u := range usrs {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%s\t%s\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t%t\t\n",
+			u.ID,
+			u.Username,
+			u.Scope,
+			u.Locale,
+			u.ViewMode,
+			u.SingleClick,
+			u.Perm.Admin,
+			u.Perm.Execute,
+			u.Perm.Create,
+			u.Perm.Rename,
+			u.Perm.Modify,
+			u.Perm.Delete,
+			u.Perm.Share,
+			u.Perm.Download,
+			u.LockPassword,
+		)
+	}
+
+	w.Flush()
+}
+
+func parseUsernameOrID(arg string) (username string, id uint) {
+	id64, err := strconv.ParseUint(arg, 10, 64)
+	if err != nil {
+		return arg, 0
+	}
+	return "", uint(id64)
+}
+
+func addUserFlags(flags *pflag.FlagSet) {
+	flags.Bool("perm.admin", false, "admin perm for users")
+	flags.Bool("perm.execute", true, "execute perm for users")
+	flags.Bool("perm.create", true, "create perm for users")
+	flags.Bool("perm.rename", true, "rename perm for users")
+	flags.Bool("perm.modify", true, "modify perm for users")
+	flags.Bool("perm.delete", true, "delete perm for users")
+	flags.Bool("perm.share", true, "share perm for users")
+	flags.Bool("perm.download", true, "download perm for users")
+	flags.String("sorting.by", "name", "sorting mode (name, size or modified)")
+	flags.Bool("sorting.asc", false, "sorting by ascending order")
+	flags.Bool("lockPassword", false, "lock password")
+	flags.StringSlice("commands", nil, "a list of the commands a user can execute")
+	flags.String("scope", ".", "scope for users")
+	flags.String("locale", "en", "locale for users")
+	flags.String("viewMode", string(users.ListViewMode), "view mode for users")
+	flags.Bool("singleClick", false, "use single clicks only")
+	flags.Bool("dateFormat", false, "use date format (true for absolute time, false for relative)")
+	flags.Bool("hideDotfiles", false, "hide dotfiles")
+	flags.String("aceEditorTheme", "", "ace editor's syntax highlighting theme for users")
+}
+
+func getAndParseViewMode(flags *pflag.FlagSet) (users.ViewMode, error) {
+	viewModeStr, err := flags.GetString("viewMode")
+	if err != nil {
+		return "", err
+	}
+
+	viewMode := users.ViewMode(viewModeStr)
+	if viewMode != users.ListViewMode && viewMode != users.MosaicViewMode {
+		return "", errors.New("view mode must be \"" + string(users.ListViewMode) + "\" or \"" + string(users.MosaicViewMode) + "\"")
+	}
+
+	return viewMode, nil
+}
+
+func getUserDefaults(flags *pflag.FlagSet, defaults *settings.UserDefaults, all bool) error {
+	errs := []error{}
+
+	visit := func(flag *pflag.Flag) {
+		var err error
+		switch flag.Name {
+		case "scope":
+			defaults.Scope, err = flags.GetString(flag.Name)
+		case "locale":
+			defaults.Locale, err = flags.GetString(flag.Name)
+		case "viewMode":
+			defaults.ViewMode, err = getAndParseViewMode(flags)
+		case "singleClick":
+			defaults.SingleClick, err = flags.GetBool(flag.Name)
+		case "aceEditorTheme":
+			defaults.AceEditorTheme, err = flags.GetString(flag.Name)
+		case "perm.admin":
+			defaults.Perm.Admin, err = flags.GetBool(flag.Name)
+		case "perm.execute":
+			defaults.Perm.Execute, err = flags.GetBool(flag.Name)
+		case "perm.create":
+			defaults.Perm.Create, err = flags.GetBool(flag.Name)
+		case "perm.rename":
+			defaults.Perm.Rename, err = flags.GetBool(flag.Name)
+		case "perm.modify":
+			defaults.Perm.Modify, err = flags.GetBool(flag.Name)
+		case "perm.delete":
+			defaults.Perm.Delete, err = flags.GetBool(flag.Name)
+		case "perm.share":
+			defaults.Perm.Share, err = flags.GetBool(flag.Name)
+		case "perm.download":
+			defaults.Perm.Download, err = flags.GetBool(flag.Name)
+		case "commands":
+			defaults.Commands, err = flags.GetStringSlice(flag.Name)
+		case "sorting.by":
+			defaults.Sorting.By, err = flags.GetString(flag.Name)
+		case "sorting.asc":
+			defaults.Sorting.Asc, err = flags.GetBool(flag.Name)
+		case "hideDotfiles":
+			defaults.HideDotfiles, err = flags.GetBool(flag.Name)
+		}
+
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	if all {
+		flags.VisitAll(visit)
+	} else {
+		flags.Visit(visit)
+	}
+
+	return errors.Join(errs...)
+}

cmd/users_add.go

@@ -0,0 +1,82 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	usersCmd.AddCommand(usersAddCmd)
+	addUserFlags(usersAddCmd.Flags())
+}
+
+var usersAddCmd = &cobra.Command{
+	Use:   "add <username> <password>",
+	Short: "Create a new user",
+	Long:  `Create a new user and add it to the database.`,
+	Args:  cobra.ExactArgs(2),
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
+		flags := cmd.Flags()
+		s, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+		err = getUserDefaults(flags, &s.Defaults, false)
+		if err != nil {
+			return err
+		}
+
+		password, err := users.ValidateAndHashPwd(args[1], s.MinimumPasswordLength)
+		if err != nil {
+			return err
+		}
+
+		user := &users.User{
+			Username: args[0],
+			Password: password,
+		}
+
+		user.LockPassword, err = flags.GetBool("lockPassword")
+		if err != nil {
+			return err
+		}
+
+		user.DateFormat, err = flags.GetBool("dateFormat")
+		if err != nil {
+			return err
+		}
+
+		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
+		if err != nil {
+			return err
+		}
+
+		s.Defaults.Apply(user)
+
+		servSettings, err := st.Settings.GetServer()
+		if err != nil {
+			return err
+		}
+		// since getUserDefaults() polluted s.Defaults.Scope
+		// which makes the Scope not the one saved in the db
+		// we need the right s.Defaults.Scope here
+		s2, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+
+		userHome, err := s2.MakeUserDir(user.Username, user.Scope, servSettings.Root)
+		if err != nil {
+			return err
+		}
+		user.Scope = userHome
+
+		err = st.Users.Save(user)
+		if err != nil {
+			return err
+		}
+		printUsers([]*users.User{user})
+		return nil
+	}, storeOptions{}),
+}

cmd/users_export.go

@@ -0,0 +1,29 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	usersCmd.AddCommand(usersExportCmd)
+}
+
+var usersExportCmd = &cobra.Command{
+	Use:   "export <path>",
+	Short: "Export all users to a file.",
+	Long: `Export all users to a json or yaml file. Please indicate the
+path to the file where you want to write the users.`,
+	Args: jsonYamlArg,
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		list, err := st.Users.Gets("")
+		if err != nil {
+			return err
+		}
+
+		err = marshal(args[0], list)
+		if err != nil {
+			return err
+		}
+		return nil
+	}, storeOptions{}),
+}

cmd/users_find.go

@@ -0,0 +1,54 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	usersCmd.AddCommand(usersFindCmd)
+	usersCmd.AddCommand(usersLsCmd)
+}
+
+var usersFindCmd = &cobra.Command{
+	Use:   "find <id|username>",
+	Short: "Find a user by username or id",
+	Long:  `Find a user by username or id. If no flag is set, all users will be printed.`,
+	Args:  cobra.ExactArgs(1),
+	RunE:  findUsers,
+}
+
+var usersLsCmd = &cobra.Command{
+	Use:   "ls",
+	Short: "List all users.",
+	Args:  cobra.NoArgs,
+	RunE:  findUsers,
+}
+
+var findUsers = withStore(func(_ *cobra.Command, args []string, st *store) error {
+	var (
+		list []*users.User
+		user *users.User
+		err  error
+	)
+
+	if len(args) == 1 {
+		username, id := parseUsernameOrID(args[0])
+		if username != "" {
+			user, err = st.Users.Get("", username)
+		} else {
+			user, err = st.Users.Get("", id)
+		}
+
+		list = []*users.User{user}
+	} else {
+		list, err = st.Users.Gets("")
+	}
+
+	if err != nil {
+		return err
+	}
+	printUsers(list)
+	return nil
+}, storeOptions{})

cmd/users_import.go

@@ -0,0 +1,113 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	usersCmd.AddCommand(usersImportCmd)
+	usersImportCmd.Flags().Bool("overwrite", false, "overwrite users with the same id/username combo")
+	usersImportCmd.Flags().Bool("replace", false, "replace the entire user base")
+}
+
+var usersImportCmd = &cobra.Command{
+	Use:   "import <path>",
+	Short: "Import users from a file",
+	Long: `Import users from a file. The path must be for a json or yaml
+file. You can use this command to import new users to your
+installation. For that, just don't place their ID on the files
+list or set it to 0.`,
+	Args: jsonYamlArg,
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
+		flags := cmd.Flags()
+		fd, err := os.Open(args[0])
+		if err != nil {
+			return err
+		}
+		defer fd.Close()
+
+		list := []*users.User{}
+		err = unmarshal(args[0], &list)
+		if err != nil {
+			return err
+		}
+
+		for _, user := range list {
+			err = user.Clean("")
+			if err != nil {
+				return err
+			}
+		}
+
+		replace, err := flags.GetBool("replace")
+		if err != nil {
+			return err
+		}
+
+		if replace {
+			oldUsers, userImportErr := st.Users.Gets("")
+			if userImportErr != nil {
+				return userImportErr
+			}
+
+			err = marshal("users.backup.json", list)
+			if err != nil {
+				return err
+			}
+
+			for _, user := range oldUsers {
+				err = st.Users.Delete(user.ID)
+				if err != nil {
+					return err
+				}
+			}
+		}
+
+		overwrite, err := flags.GetBool("overwrite")
+		if err != nil {
+			return err
+		}
+
+		for _, user := range list {
+			onDB, err := st.Users.Get("", user.ID)
+
+			// User exists in DB.
+			if err == nil {
+				if !overwrite {
+					return errors.New("user " + strconv.Itoa(int(user.ID)) + " is already registered")
+				}
+
+				// If the usernames mismatch, check if there is another one in the DB
+				// with the new username. If there is, print an error and cancel the
+				// operation
+				if user.Username != onDB.Username {
+					if conflictuous, err := st.Users.Get("", user.Username); err == nil {
+						return usernameConflictError(user.Username, conflictuous.ID, user.ID)
+					}
+				}
+			} else {
+				// If it doesn't exist, set the ID to 0 to automatically get a new
+				// one that make sense in this DB.
+				user.ID = 0
+			}
+
+			err = st.Users.Save(user)
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	}, storeOptions{}),
+}
+
+func usernameConflictError(username string, originalID, newID uint) error {
+	return fmt.Errorf(`can't import user with ID %d and username "%s" because the username is already registered with the user %d`,
+		newID, username, originalID)
+}

cmd/users_rm.go

@@ -0,0 +1,34 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	usersCmd.AddCommand(usersRmCmd)
+}
+
+var usersRmCmd = &cobra.Command{
+	Use:   "rm <id|username>",
+	Short: "Delete a user by username or id",
+	Long:  `Delete a user by username or id`,
+	Args:  cobra.ExactArgs(1),
+	RunE: withStore(func(_ *cobra.Command, args []string, st *store) error {
+		username, id := parseUsernameOrID(args[0])
+		var err error
+
+		if username != "" {
+			err = st.Users.Delete(username)
+		} else {
+			err = st.Users.Delete(id)
+		}
+
+		if err != nil {
+			return err
+		}
+		fmt.Println("user deleted successfully")
+		return nil
+	}, storeOptions{}),
+}

cmd/users_update.go

@@ -0,0 +1,109 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+func init() {
+	usersCmd.AddCommand(usersUpdateCmd)
+
+	usersUpdateCmd.Flags().StringP("password", "p", "", "new password")
+	usersUpdateCmd.Flags().StringP("username", "u", "", "new username")
+	addUserFlags(usersUpdateCmd.Flags())
+}
+
+var usersUpdateCmd = &cobra.Command{
+	Use:   "update <id|username>",
+	Short: "Updates an existing user",
+	Long: `Updates an existing user. Set the flags for the
+options you want to change.`,
+	Args: cobra.ExactArgs(1),
+	RunE: withStore(func(cmd *cobra.Command, args []string, st *store) error {
+		flags := cmd.Flags()
+		username, id := parseUsernameOrID(args[0])
+		password, err := flags.GetString("password")
+		if err != nil {
+			return err
+		}
+
+		newUsername, err := flags.GetString("username")
+		if err != nil {
+			return err
+		}
+
+		s, err := st.Settings.Get()
+		if err != nil {
+			return err
+		}
+
+		var (
+			user *users.User
+		)
+		if id != 0 {
+			user, err = st.Users.Get("", id)
+		} else {
+			user, err = st.Users.Get("", username)
+		}
+		if err != nil {
+			return err
+		}
+
+		defaults := settings.UserDefaults{
+			Scope:       user.Scope,
+			Locale:      user.Locale,
+			ViewMode:    user.ViewMode,
+			SingleClick: user.SingleClick,
+			Perm:        user.Perm,
+			Sorting:     user.Sorting,
+			Commands:    user.Commands,
+		}
+
+		err = getUserDefaults(flags, &defaults, false)
+		if err != nil {
+			return err
+		}
+
+		user.Scope = defaults.Scope
+		user.Locale = defaults.Locale
+		user.ViewMode = defaults.ViewMode
+		user.SingleClick = defaults.SingleClick
+		user.Perm = defaults.Perm
+		user.Commands = defaults.Commands
+		user.Sorting = defaults.Sorting
+		user.LockPassword, err = flags.GetBool("lockPassword")
+		if err != nil {
+			return err
+		}
+
+		user.DateFormat, err = flags.GetBool("dateFormat")
+		if err != nil {
+			return err
+		}
+
+		user.HideDotfiles, err = flags.GetBool("hideDotfiles")
+		if err != nil {
+			return err
+		}
+
+		if newUsername != "" {
+			user.Username = newUsername
+		}
+
+		if password != "" {
+			user.Password, err = users.ValidateAndHashPwd(password, s.MinimumPasswordLength)
+			if err != nil {
+				return err
+			}
+		}
+
+		err = st.Users.Update(user)
+		if err != nil {
+			return err
+		}
+		printUsers([]*users.User{user})
+		return nil
+	}, storeOptions{}),
+}

cmd/utils.go

@@ -0,0 +1,289 @@
+package cmd
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/fs"
+	"log"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/asdine/storm/v3"
+	homedir "github.com/mitchellh/go-homedir"
+	"github.com/samber/lo"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	yaml "gopkg.in/yaml.v3"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/storage"
+	"github.com/filebrowser/filebrowser/v2/storage/bolt"
+)
+
+const databasePermissions = 0640
+
+func getAndParseFileMode(flags *pflag.FlagSet, name string) (fs.FileMode, error) {
+	mode, err := flags.GetString(name)
+	if err != nil {
+		return 0, err
+	}
+
+	b, err := strconv.ParseUint(mode, 0, 32)
+	if err != nil {
+		return 0, err
+	}
+
+	return fs.FileMode(b), nil
+}
+
+func generateKey() []byte {
+	k, err := settings.GenerateKey()
+	if err != nil {
+		panic(err)
+	}
+	return k
+}
+
+func dbExists(path string) (bool, error) {
+	stat, err := os.Stat(path)
+	if err == nil {
+		return stat.Size() != 0, nil
+	}
+
+	if os.IsNotExist(err) {
+		d := filepath.Dir(path)
+		_, err = os.Stat(d)
+		if os.IsNotExist(err) {
+			if err := os.MkdirAll(d, 0700); err != nil {
+				return false, err
+			}
+			return false, nil
+		}
+	}
+
+	return false, err
+}
+
+// Generate the replacements for all environment variables. This allows to
+// use FB_BRANDING_DISABLE_EXTERNAL environment variables, even when the
+// option name is branding.disableExternal.
+func generateEnvKeyReplacements(cmd *cobra.Command) []string {
+	replacements := []string{}
+
+	cmd.Flags().VisitAll(func(f *pflag.Flag) {
+		oldName := strings.ToUpper(f.Name)
+		newName := strings.ToUpper(lo.SnakeCase(f.Name))
+		replacements = append(replacements, oldName, newName)
+	})
+
+	return replacements
+}
+
+func initViper(cmd *cobra.Command) (*viper.Viper, error) {
+	v := viper.New()
+
+	// Get config file from flag
+	cfgFile, err := cmd.Flags().GetString("config")
+	if err != nil {
+		return nil, err
+	}
+
+	// Configuration file
+	if cfgFile == "" {
+		home, err := homedir.Dir()
+		if err != nil {
+			return nil, err
+		}
+		v.AddConfigPath(".")
+		v.AddConfigPath(home)
+		v.AddConfigPath("/etc/filebrowser/")
+		v.SetConfigName(".filebrowser")
+	} else {
+		v.SetConfigFile(cfgFile)
+	}
+
+	// Environment variables
+	v.SetEnvPrefix("FB")
+	v.AutomaticEnv()
+	v.SetEnvKeyReplacer(strings.NewReplacer(generateEnvKeyReplacements(cmd)...))
+
+	// Bind the flags
+	err = v.BindPFlags(cmd.Flags())
+	if err != nil {
+		return nil, err
+	}
+
+	// Read in configuration
+	if err := v.ReadInConfig(); err != nil {
+		if errors.Is(err, viper.ConfigParseError{}) {
+			return nil, err
+		}
+
+		log.Println("No config file used")
+	} else {
+		log.Printf("Using config file: %s", v.ConfigFileUsed())
+	}
+
+	// Return Viper
+	return v, nil
+}
+
+type store struct {
+	*storage.Storage
+	databaseExisted bool
+}
+
+type storeOptions struct {
+	expectsNoDatabase bool
+	allowsNoDatabase  bool
+}
+
+type cobraFunc func(cmd *cobra.Command, args []string) error
+
+// withViperAndStore initializes Viper and the storage.Store and passes them to the callback function.
+// This function should only be used by [withStore] and the root command. No other command should call
+// this function directly.
+func withViperAndStore(fn func(cmd *cobra.Command, args []string, v *viper.Viper, store *store) error, options storeOptions) cobraFunc {
+	return func(cmd *cobra.Command, args []string) error {
+		v, err := initViper(cmd)
+		if err != nil {
+			return err
+		}
+
+		path, err := filepath.Abs(v.GetString("database"))
+		if err != nil {
+			return err
+		}
+
+		exists, err := dbExists(path)
+		switch {
+		case err != nil:
+			return err
+		case exists && options.expectsNoDatabase:
+			log.Fatal(path + " already exists")
+		case !exists && !options.expectsNoDatabase && !options.allowsNoDatabase:
+			log.Fatal(path + " does not exist. Please run 'filebrowser config init' first.")
+		case !exists && !options.expectsNoDatabase:
+			log.Println("WARNING: filebrowser.db can't be found. Initialing in " + strings.TrimSuffix(path, "filebrowser.db"))
+		}
+
+		log.Println("Using database: " + path)
+
+		db, err := storm.Open(path, storm.BoltOptions(databasePermissions, nil))
+		if err != nil {
+			return err
+		}
+		defer db.Close()
+
+		storage, err := bolt.NewStorage(db)
+		if err != nil {
+			return err
+		}
+
+		store := &store{
+			Storage:         storage,
+			databaseExisted: exists,
+		}
+
+		return fn(cmd, args, v, store)
+	}
+}
+
+func withStore(fn func(cmd *cobra.Command, args []string, store *store) error, options storeOptions) cobraFunc {
+	return withViperAndStore(func(cmd *cobra.Command, args []string, _ *viper.Viper, store *store) error {
+		return fn(cmd, args, store)
+	}, options)
+}
+
+func marshal(filename string, data interface{}) error {
+	fd, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	defer fd.Close()
+
+	switch ext := filepath.Ext(filename); ext {
+	case ".json":
+		encoder := json.NewEncoder(fd)
+		encoder.SetIndent("", "    ")
+		return encoder.Encode(data)
+	case ".yml", ".yaml":
+		encoder := yaml.NewEncoder(fd)
+		return encoder.Encode(data)
+	default:
+		return errors.New("invalid format: " + ext)
+	}
+}
+
+func unmarshal(filename string, data interface{}) error {
+	fd, err := os.Open(filename)
+	if err != nil {
+		return err
+	}
+	defer fd.Close()
+
+	switch ext := filepath.Ext(filename); ext {
+	case ".json":
+		return json.NewDecoder(fd).Decode(data)
+	case ".yml", ".yaml":
+		return yaml.NewDecoder(fd).Decode(data)
+	default:
+		return errors.New("invalid format: " + ext)
+	}
+}
+
+func jsonYamlArg(cmd *cobra.Command, args []string) error {
+	if err := cobra.ExactArgs(1)(cmd, args); err != nil {
+		return err
+	}
+
+	switch ext := filepath.Ext(args[0]); ext {
+	case ".json", ".yml", ".yaml":
+		return nil
+	default:
+		return errors.New("invalid format: " + ext)
+	}
+}
+
+func cleanUpInterfaceMap(in map[interface{}]interface{}) map[string]interface{} {
+	result := make(map[string]interface{})
+	for k, v := range in {
+		result[fmt.Sprintf("%v", k)] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpInterfaceArray(in []interface{}) []interface{} {
+	result := make([]interface{}, len(in))
+	for i, v := range in {
+		result[i] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpMapValue(v interface{}) interface{} {
+	switch v := v.(type) {
+	case []interface{}:
+		return cleanUpInterfaceArray(v)
+	case map[interface{}]interface{}:
+		return cleanUpInterfaceMap(v)
+	default:
+		return v
+	}
+}
+
+// convertCmdStrToCmdArray checks if cmd string is blank (whitespace included)
+// then returns empty string array, else returns the split word array of cmd.
+// This is to ensure the result will never be []string{""}
+func convertCmdStrToCmdArray(cmd string) []string {
+	var cmdArray []string
+	trimmedCmdStr := strings.TrimSpace(cmd)
+	if trimmedCmdStr != "" {
+		cmdArray = strings.Split(trimmedCmdStr, " ")
+	}
+	return cmdArray
+}

cmd/version.go

@@ -0,0 +1,21 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	"github.com/filebrowser/filebrowser/v2/version"
+)
+
+func init() {
+	rootCmd.AddCommand(versionCmd)
+}
+
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Print the version number",
+	Run: func(_ *cobra.Command, _ []string) {
+		fmt.Println("File Browser v" + version.Version + "/" + version.CommitSHA)
+	},
+}

diskcache/cache.go

@@ -0,0 +1,11 @@
+package diskcache
+
+import (
+	"context"
+)
+
+type Interface interface {
+	Store(ctx context.Context, key string, value []byte) error
+	Load(ctx context.Context, key string) (value []byte, exist bool, err error)
+	Delete(ctx context.Context, key string) error
+}

diskcache/file_cache.go

@@ -0,0 +1,110 @@
+package diskcache
+
+import (
+	"context"
+	"crypto/sha1"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"github.com/spf13/afero"
+)
+
+type FileCache struct {
+	fs afero.Fs
+
+	// granular locks
+	scopedLocks struct {
+		sync.Mutex
+		sync.Once
+		locks map[string]sync.Locker
+	}
+}
+
+func New(fs afero.Fs, root string) *FileCache {
+	return &FileCache{
+		fs: afero.NewBasePathFs(fs, root),
+	}
+}
+
+func (f *FileCache) Store(_ context.Context, key string, value []byte) error {
+	mu := f.getScopedLocks(key)
+	mu.Lock()
+	defer mu.Unlock()
+
+	fileName := f.getFileName(key)
+	if err := f.fs.MkdirAll(filepath.Dir(fileName), 0700); err != nil {
+		return err
+	}
+
+	if err := afero.WriteFile(f.fs, fileName, value, 0700); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (f *FileCache) Load(_ context.Context, key string) (value []byte, exist bool, err error) {
+	r, ok, err := f.open(key)
+	if err != nil || !ok {
+		return nil, ok, err
+	}
+	defer r.Close()
+
+	value, err = io.ReadAll(r)
+	if err != nil {
+		return nil, false, err
+	}
+	return value, true, nil
+}
+
+func (f *FileCache) Delete(_ context.Context, key string) error {
+	mu := f.getScopedLocks(key)
+	mu.Lock()
+	defer mu.Unlock()
+
+	fileName := f.getFileName(key)
+	if err := f.fs.Remove(fileName); err != nil && !errors.Is(err, os.ErrNotExist) {
+		return err
+	}
+	return nil
+}
+
+func (f *FileCache) open(key string) (afero.File, bool, error) {
+	fileName := f.getFileName(key)
+	file, err := f.fs.Open(fileName)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil, false, nil
+		}
+		return nil, false, err
+	}
+
+	return file, true, nil
+}
+
+// getScopedLocks pull lock from the map if found or create a new one
+func (f *FileCache) getScopedLocks(key string) (lock sync.Locker) {
+	f.scopedLocks.Do(func() { f.scopedLocks.locks = map[string]sync.Locker{} })
+
+	f.scopedLocks.Lock()
+	lock, ok := f.scopedLocks.locks[key]
+	if !ok {
+		lock = &sync.Mutex{}
+		f.scopedLocks.locks[key] = lock
+	}
+	f.scopedLocks.Unlock()
+
+	return lock
+}
+
+func (f *FileCache) getFileName(key string) string {
+	hasher := sha1.New()
+	_, _ = hasher.Write([]byte(key))
+	hash := hex.EncodeToString(hasher.Sum(nil))
+	return fmt.Sprintf("%s/%s/%s", hash[:1], hash[1:3], hash)
+}

diskcache/file_cache_test.go

@@ -0,0 +1,55 @@
+package diskcache
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	"github.com/spf13/afero"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFileCache(t *testing.T) {
+	ctx := context.Background()
+	const (
+		key            = "key"
+		value          = "some text"
+		newValue       = "new text"
+		cacheRoot      = "/cache"
+		cachedFilePath = "a/62/a62f2225bf70bfaccbc7f1ef2a397836717377de"
+	)
+
+	fs := afero.NewMemMapFs()
+	cache := New(fs, "/cache")
+
+	// store new key
+	err := cache.Store(ctx, key, []byte(value))
+	require.NoError(t, err)
+	checkValue(ctx, t, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, value)
+
+	// update existing key
+	err = cache.Store(ctx, key, []byte(newValue))
+	require.NoError(t, err)
+	checkValue(ctx, t, fs, filepath.Join(cacheRoot, cachedFilePath), cache, key, newValue)
+
+	// delete key
+	err = cache.Delete(ctx, key)
+	require.NoError(t, err)
+	exists, err := afero.Exists(fs, filepath.Join(cacheRoot, cachedFilePath))
+	require.NoError(t, err)
+	require.False(t, exists)
+}
+
+func checkValue(ctx context.Context, t *testing.T, fs afero.Fs, fileFullPath string, cache *FileCache, key, wantValue string) {
+	t.Helper()
+	// check actual file content
+	b, err := afero.ReadFile(fs, fileFullPath)
+	require.NoError(t, err)
+	require.Equal(t, wantValue, string(b))
+
+	// check cache content
+	b, ok, err := cache.Load(ctx, key)
+	require.NoError(t, err)
+	require.True(t, ok)
+	require.Equal(t, wantValue, string(b))
+}

diskcache/noop_cache.go

@@ -0,0 +1,24 @@
+package diskcache
+
+import (
+	"context"
+)
+
+type NoOp struct {
+}
+
+func NewNoOp() *NoOp {
+	return &NoOp{}
+}
+
+func (n *NoOp) Store(_ context.Context, _ string, _ []byte) error {
+	return nil
+}
+
+func (n *NoOp) Load(_ context.Context, _ string) (value []byte, exist bool, err error) {
+	return nil, false, nil
+}
+
+func (n *NoOp) Delete(_ context.Context, _ string) error {
+	return nil
+}

docker/alpine/healthcheck.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+PORT=${FB_PORT:-$(cat /config/settings.json | sh /JSON.sh | grep '\["port"\]' | awk '{print $2}')}
+ADDRESS=${FB_ADDRESS:-$(cat /config/settings.json | sh /JSON.sh | grep '\["address"\]' | awk '{print $2}' | sed 's/"//g')}
+ADDRESS=${ADDRESS:-localhost}
+
+wget -q --spider http://$ADDRESS:$PORT/health || exit 1

docker/alpine/init.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+# Ensure configuration exists
+if [ ! -f "/config/settings.json" ]; then
+  cp -a /defaults/settings.json /config/settings.json
+fi
+
+# Extract config file path from arguments
+config_file=""
+next_is_config=0
+for arg in "$@"; do
+  if [ "$next_is_config" -eq 1 ]; then
+    config_file="$arg"
+    break
+  fi
+  case "$arg" in
+    -c|--config)
+      next_is_config=1
+      ;;
+    -c=*|--config=*)
+      config_file="${arg#*=}"
+      break
+      ;;
+  esac
+done
+
+# If no config argument is provided, set the default and add it to the args                                                                 
+if [ -z "$config_file" ]; then 
+  config_file="/config/settings.json"                                                                                                                                                                                                 
+  set -- --config=/config/settings.json "$@"                                                                                                       
+fi                                                                                                                                                                                                                                                                                                                                                             
+
+exec filebrowser "$@"

docker/common/defaults/settings.json

@@ -0,0 +1,8 @@
+{
+  "port": 80,
+  "baseURL": "",
+  "address": "",
+  "log": "stdout",
+  "database": "/database/filebrowser.db",
+  "root": "/srv"
+}

docker/common/healthcheck.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+PORT=${FB_PORT:-$(jq -r .port /config/settings.json)}
+ADDRESS=${FB_ADDRESS:-$(jq -r .address /config/settings.json)}
+ADDRESS=${ADDRESS:-localhost}
+
+wget -q --spider http://$ADDRESS:$PORT/health || exit 1

docker/s6/custom-cont-init.d/20-config

@@ -0,0 +1,12 @@
+#!/usr/bin/with-contenv bash
+
+# Ensure configuration exists
+if [ ! -f "/config/settings.json" ]; then
+  cp -a /defaults/settings.json /config/settings.json
+fi
+
+# permissions
+chown abc:abc \
+	/config/settings.json \
+	/database \
+	/srv

docker/s6/etc/services.d/filebrowser/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv bash
+
+exec s6-setuidgid abc filebrowser -c /config/settings.json;

errors/errors.go

@@ -0,0 +1,33 @@
+package fberrors
+
+import (
+	"errors"
+	"fmt"
+)
+
+var (
+	ErrEmptyKey             = errors.New("empty key")
+	ErrExist                = errors.New("the resource already exists")
+	ErrNotExist             = errors.New("the resource does not exist")
+	ErrEmptyPassword        = errors.New("password is empty")
+	ErrEasyPassword         = errors.New("password is too easy")
+	ErrEmptyUsername        = errors.New("username is empty")
+	ErrEmptyRequest         = errors.New("empty request")
+	ErrScopeIsRelative      = errors.New("scope is a relative path")
+	ErrInvalidDataType      = errors.New("invalid data type")
+	ErrIsDirectory          = errors.New("file is directory")
+	ErrInvalidOption        = errors.New("invalid option")
+	ErrInvalidAuthMethod    = errors.New("invalid auth method")
+	ErrPermissionDenied     = errors.New("permission denied")
+	ErrInvalidRequestParams = errors.New("invalid request params")
+	ErrSourceIsParent       = errors.New("source is parent")
+	ErrRootUserDeletion     = errors.New("user with id 1 can't be deleted")
+)
+
+type ErrShortPassword struct {
+	MinimumLength uint
+}
+
+func (e ErrShortPassword) Error() string {
+	return fmt.Sprintf("password is too short, minimum length is %d", e.MinimumLength)
+}

files/file.go

@@ -0,0 +1,466 @@
+package files
+
+import (
+	"crypto/md5"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/hex"
+	"errors"
+	"hash"
+	"image"
+	"io"
+	"io/fs"
+	"log"
+	"mime"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/spf13/afero"
+
+	fberrors "github.com/filebrowser/filebrowser/v2/errors"
+	"github.com/filebrowser/filebrowser/v2/rules"
+)
+
+var (
+	reSubDirs = regexp.MustCompile("(?i)^sub(s|titles)$")
+	reSubExts = regexp.MustCompile("(?i)(.vtt|.srt|.ass|.ssa)$")
+)
+
+// FileInfo describes a file.
+type FileInfo struct {
+	*Listing
+	Fs         afero.Fs          `json:"-"`
+	Path       string            `json:"path"`
+	Name       string            `json:"name"`
+	Size       int64             `json:"size"`
+	Extension  string            `json:"extension"`
+	ModTime    time.Time         `json:"modified"`
+	Mode       os.FileMode       `json:"mode"`
+	IsDir      bool              `json:"isDir"`
+	IsSymlink  bool              `json:"isSymlink"`
+	Type       string            `json:"type"`
+	Subtitles  []string          `json:"subtitles,omitempty"`
+	Content    string            `json:"content,omitempty"`
+	Checksums  map[string]string `json:"checksums,omitempty"`
+	Token      string            `json:"token,omitempty"`
+	currentDir []os.FileInfo     `json:"-"`
+	Resolution *ImageResolution  `json:"resolution,omitempty"`
+}
+
+// FileOptions are the options when getting a file info.
+type FileOptions struct {
+	Fs         afero.Fs
+	Path       string
+	Modify     bool
+	Expand     bool
+	ReadHeader bool
+	Token      string
+	Checker    rules.Checker
+	Content    bool
+}
+
+type ImageResolution struct {
+	Width  int `json:"width"`
+	Height int `json:"height"`
+}
+
+// NewFileInfo creates a File object from a path and a given user. This File
+// object will be automatically filled depending on if it is a directory
+// or a file. If it's a video file, it will also detect any subtitles.
+func NewFileInfo(opts *FileOptions) (*FileInfo, error) {
+	if !opts.Checker.Check(opts.Path) {
+		return nil, os.ErrPermission
+	}
+
+	file, err := stat(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	// Do not expose the name of root directory.
+	if file.Path == "/" {
+		file.Name = ""
+	}
+
+	if opts.Expand {
+		if file.IsDir {
+			if err := file.readListing(opts.Checker, opts.ReadHeader); err != nil {
+				return nil, err
+			}
+			return file, nil
+		}
+
+		err = file.detectType(opts.Modify, opts.Content, true)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return file, err
+}
+
+func stat(opts *FileOptions) (*FileInfo, error) {
+	var file *FileInfo
+
+	if lstaterFs, ok := opts.Fs.(afero.Lstater); ok {
+		info, _, err := lstaterFs.LstatIfPossible(opts.Path)
+		if err != nil {
+			return nil, err
+		}
+		file = &FileInfo{
+			Fs:        opts.Fs,
+			Path:      opts.Path,
+			Name:      info.Name(),
+			ModTime:   info.ModTime(),
+			Mode:      info.Mode(),
+			IsDir:     info.IsDir(),
+			IsSymlink: IsSymlink(info.Mode()),
+			Size:      info.Size(),
+			Extension: filepath.Ext(info.Name()),
+			Token:     opts.Token,
+		}
+	}
+
+	// regular file
+	if file != nil && !file.IsSymlink {
+		return file, nil
+	}
+
+	// fs doesn't support afero.Lstater interface or the file is a symlink
+	info, err := opts.Fs.Stat(opts.Path)
+	if err != nil {
+		// can't follow symlink
+		if file != nil && file.IsSymlink {
+			return file, nil
+		}
+		return nil, err
+	}
+
+	// set correct file size in case of symlink
+	if file != nil && file.IsSymlink {
+		file.Size = info.Size()
+		file.IsDir = info.IsDir()
+		return file, nil
+	}
+
+	file = &FileInfo{
+		Fs:        opts.Fs,
+		Path:      opts.Path,
+		Name:      info.Name(),
+		ModTime:   info.ModTime(),
+		Mode:      info.Mode(),
+		IsDir:     info.IsDir(),
+		Size:      info.Size(),
+		Extension: filepath.Ext(info.Name()),
+		Token:     opts.Token,
+	}
+
+	return file, nil
+}
+
+// Checksum checksums a given File for a given User, using a specific
+// algorithm. The checksums data is saved on File object.
+func (i *FileInfo) Checksum(algo string) error {
+	if i.IsDir {
+		return fberrors.ErrIsDirectory
+	}
+
+	if i.Checksums == nil {
+		i.Checksums = map[string]string{}
+	}
+
+	reader, err := i.Fs.Open(i.Path)
+	if err != nil {
+		return err
+	}
+	defer reader.Close()
+
+	var h hash.Hash
+
+	switch algo {
+	case "md5":
+		h = md5.New()
+	case "sha1":
+		h = sha1.New()
+	case "sha256":
+		h = sha256.New()
+	case "sha512":
+		h = sha512.New()
+	default:
+		return fberrors.ErrInvalidOption
+	}
+
+	_, err = io.Copy(h, reader)
+	if err != nil {
+		return err
+	}
+
+	i.Checksums[algo] = hex.EncodeToString(h.Sum(nil))
+	return nil
+}
+
+func (i *FileInfo) RealPath() string {
+	if realPathFs, ok := i.Fs.(interface {
+		RealPath(name string) (fPath string, err error)
+	}); ok {
+		realPath, err := realPathFs.RealPath(i.Path)
+		if err == nil {
+			return realPath
+		}
+	}
+
+	return i.Path
+}
+
+func (i *FileInfo) detectType(modify, saveContent, readHeader bool) error {
+	if IsNamedPipe(i.Mode) {
+		i.Type = "blob"
+		return nil
+	}
+	// failing to detect the type should not return error.
+	// imagine the situation where a file in a dir with thousands
+	// of files couldn't be opened: we'd have immediately
+	// a 500 even though it doesn't matter. So we just log it.
+
+	mimetype := mime.TypeByExtension(i.Extension)
+
+	var buffer []byte
+	if readHeader {
+		buffer = i.readFirstBytes()
+
+		if mimetype == "" {
+			mimetype = http.DetectContentType(buffer)
+		}
+	}
+
+	switch {
+	case strings.HasPrefix(mimetype, "video"):
+		i.Type = "video"
+		i.detectSubtitles()
+		return nil
+	case strings.HasPrefix(mimetype, "audio"):
+		i.Type = "audio"
+		return nil
+	case strings.HasPrefix(mimetype, "image"):
+		i.Type = "image"
+		resolution, err := calculateImageResolution(i.Fs, i.Path)
+		if err != nil {
+			log.Printf("Error calculating image resolution: %v", err)
+		} else {
+			i.Resolution = resolution
+		}
+		return nil
+	case strings.HasSuffix(mimetype, "pdf"):
+		i.Type = "pdf"
+		return nil
+	case (strings.HasPrefix(mimetype, "text") || !isBinary(buffer)) && i.Size <= 10*1024*1024: // 10 MB
+		i.Type = "text"
+
+		if !modify {
+			i.Type = "textImmutable"
+		}
+
+		if saveContent {
+			afs := &afero.Afero{Fs: i.Fs}
+			content, err := afs.ReadFile(i.Path)
+			if err != nil {
+				return err
+			}
+
+			i.Content = string(content)
+		}
+		return nil
+	default:
+		i.Type = "blob"
+	}
+
+	return nil
+}
+
+func calculateImageResolution(fSys afero.Fs, filePath string) (*ImageResolution, error) {
+	file, err := fSys.Open(filePath)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if cErr := file.Close(); cErr != nil {
+			log.Printf("Failed to close file: %v", cErr)
+		}
+	}()
+
+	config, _, err := image.DecodeConfig(file)
+	if err != nil {
+		return nil, err
+	}
+
+	return &ImageResolution{
+		Width:  config.Width,
+		Height: config.Height,
+	}, nil
+}
+
+func (i *FileInfo) readFirstBytes() []byte {
+	reader, err := i.Fs.Open(i.Path)
+	if err != nil {
+		log.Print(err)
+		i.Type = "blob"
+		return nil
+	}
+	defer reader.Close()
+
+	buffer := make([]byte, 512)
+	n, err := reader.Read(buffer)
+	if err != nil && !errors.Is(err, io.EOF) {
+		log.Print(err)
+		i.Type = "blob"
+		return nil
+	}
+
+	return buffer[:n]
+}
+
+func (i *FileInfo) detectSubtitles() {
+	if i.Type != "video" {
+		return
+	}
+
+	i.Subtitles = []string{}
+	ext := filepath.Ext(i.Path)
+
+	// detect multiple languages. Base*.vtt
+	parentDir := strings.TrimRight(i.Path, i.Name)
+	var dir []os.FileInfo
+	if len(i.currentDir) > 0 {
+		dir = i.currentDir
+	} else {
+		var err error
+		dir, err = afero.ReadDir(i.Fs, parentDir)
+		if err != nil {
+			return
+		}
+	}
+
+	base := strings.TrimSuffix(i.Name, ext)
+	for _, f := range dir {
+		// load all supported subtitles from subs directories
+		// should cover all instances of subtitle distributions
+		// like tv-shows with multiple episodes in single dir
+		if f.IsDir() && reSubDirs.MatchString(f.Name()) {
+			subsDir := path.Join(parentDir, f.Name())
+			i.loadSubtitles(subsDir, base, true)
+		} else if isSubtitleMatch(f, base) {
+			i.addSubtitle(path.Join(parentDir, f.Name()))
+		}
+	}
+}
+
+func (i *FileInfo) loadSubtitles(subsPath, baseName string, recursive bool) {
+	dir, err := afero.ReadDir(i.Fs, subsPath)
+	if err == nil {
+		for _, f := range dir {
+			if isSubtitleMatch(f, "") {
+				i.addSubtitle(path.Join(subsPath, f.Name()))
+			} else if f.IsDir() && recursive && strings.HasPrefix(f.Name(), baseName) {
+				subsDir := path.Join(subsPath, f.Name())
+				i.loadSubtitles(subsDir, baseName, false)
+			}
+		}
+	}
+}
+
+func IsSupportedSubtitle(fileName string) bool {
+	return reSubExts.MatchString(fileName)
+}
+
+func isSubtitleMatch(f fs.FileInfo, baseName string) bool {
+	return !f.IsDir() && strings.HasPrefix(f.Name(), baseName) &&
+		IsSupportedSubtitle(f.Name())
+}
+
+func (i *FileInfo) addSubtitle(fPath string) {
+	i.Subtitles = append(i.Subtitles, fPath)
+}
+
+func (i *FileInfo) readListing(checker rules.Checker, readHeader bool) error {
+	afs := &afero.Afero{Fs: i.Fs}
+	dir, err := afs.ReadDir(i.Path)
+	if err != nil {
+		return err
+	}
+
+	listing := &Listing{
+		Items:    []*FileInfo{},
+		NumDirs:  0,
+		NumFiles: 0,
+	}
+
+	for _, f := range dir {
+		name := f.Name()
+		fPath := path.Join(i.Path, name)
+
+		if !checker.Check(fPath) {
+			continue
+		}
+
+		isSymlink, isInvalidLink := false, false
+		if IsSymlink(f.Mode()) {
+			isSymlink = true
+			// It's a symbolic link. We try to follow it. If it doesn't work,
+			// we stay with the link information instead of the target's.
+			info, err := i.Fs.Stat(fPath)
+			if err == nil {
+				f = info
+			} else {
+				isInvalidLink = true
+			}
+		}
+
+		file := &FileInfo{
+			Fs:         i.Fs,
+			Name:       name,
+			Size:       f.Size(),
+			ModTime:    f.ModTime(),
+			Mode:       f.Mode(),
+			IsDir:      f.IsDir(),
+			IsSymlink:  isSymlink,
+			Extension:  filepath.Ext(name),
+			Path:       fPath,
+			currentDir: dir,
+		}
+
+		if !file.IsDir && strings.HasPrefix(mime.TypeByExtension(file.Extension), "image/") {
+			resolution, err := calculateImageResolution(file.Fs, file.Path)
+			if err != nil {
+				log.Printf("Error calculating resolution for image %s: %v", file.Path, err)
+			} else {
+				file.Resolution = resolution
+			}
+		}
+
+		if file.IsDir {
+			listing.NumDirs++
+		} else {
+			listing.NumFiles++
+
+			if isInvalidLink {
+				file.Type = "invalid_link"
+			} else {
+				err := file.detectType(true, false, readHeader)
+				if err != nil {
+					return err
+				}
+			}
+		}
+
+		listing.Items = append(listing.Items, file)
+	}
+
+	i.Listing = listing
+	return nil
+}

files/listing.go

@@ -0,0 +1,108 @@
+package files
+
+import (
+	"sort"
+	"strings"
+
+	"github.com/maruel/natural"
+)
+
+// Listing is a collection of files.
+type Listing struct {
+	Items    []*FileInfo `json:"items"`
+	NumDirs  int         `json:"numDirs"`
+	NumFiles int         `json:"numFiles"`
+	Sorting  Sorting     `json:"sorting"`
+}
+
+// ApplySort applies the sort order using .Order and .Sort
+func (l Listing) ApplySort() {
+	// Check '.Order' to know how to sort
+	if !l.Sorting.Asc {
+		switch l.Sorting.By {
+		case "name":
+			sort.Sort(sort.Reverse(byName(l)))
+		case "size":
+			sort.Sort(sort.Reverse(bySize(l)))
+		case "modified":
+			sort.Sort(sort.Reverse(byModified(l)))
+		default:
+			// If not one of the above, do nothing
+			return
+		}
+	} else { // If we had more Orderings we could add them here
+		switch l.Sorting.By {
+		case "name":
+			sort.Sort(byName(l))
+		case "size":
+			sort.Sort(bySize(l))
+		case "modified":
+			sort.Sort(byModified(l))
+		default:
+			sort.Sort(byName(l))
+			return
+		}
+	}
+}
+
+// Implement sorting for Listing
+type byName Listing
+type bySize Listing
+type byModified Listing
+
+// By Name
+func (l byName) Len() int {
+	return len(l.Items)
+}
+
+func (l byName) Swap(i, j int) {
+	l.Items[i], l.Items[j] = l.Items[j], l.Items[i]
+}
+
+// Treat upper and lower case equally
+func (l byName) Less(i, j int) bool {
+	if l.Items[i].IsDir && !l.Items[j].IsDir {
+		return l.Sorting.Asc
+	}
+
+	if !l.Items[i].IsDir && l.Items[j].IsDir {
+		return !l.Sorting.Asc
+	}
+
+	return natural.Less(strings.ToLower(l.Items[j].Name), strings.ToLower(l.Items[i].Name))
+}
+
+// By Size
+func (l bySize) Len() int {
+	return len(l.Items)
+}
+
+func (l bySize) Swap(i, j int) {
+	l.Items[i], l.Items[j] = l.Items[j], l.Items[i]
+}
+
+const directoryOffset = -1 << 31 // = math.MinInt32
+func (l bySize) Less(i, j int) bool {
+	iSize, jSize := l.Items[i].Size, l.Items[j].Size
+	if l.Items[i].IsDir {
+		iSize = directoryOffset + iSize
+	}
+	if l.Items[j].IsDir {
+		jSize = directoryOffset + jSize
+	}
+	return iSize < jSize
+}
+
+// By Modified
+func (l byModified) Len() int {
+	return len(l.Items)
+}
+
+func (l byModified) Swap(i, j int) {
+	l.Items[i], l.Items[j] = l.Items[j], l.Items[i]
+}
+
+func (l byModified) Less(i, j int) bool {
+	iModified, jModified := l.Items[i].ModTime, l.Items[j].ModTime
+	return iModified.Sub(jModified) < 0
+}

files/mime.go

@@ -0,0 +1,608 @@
+package files
+
+// This file contains code primarily sourced from::
+// github.com/kataras/iris
+
+import (
+	"mime"
+)
+
+const (
+	// ContentBinaryHeaderValue header value for binary data.
+	ContentBinaryHeaderValue = "application/octet-stream"
+	// ContentWebassemblyHeaderValue header value for web assembly files.
+	ContentWebassemblyHeaderValue = "application/wasm"
+	// ContentHTMLHeaderValue is the  string of text/html response header's content type value.
+	ContentHTMLHeaderValue = "text/html"
+	// ContentJSONHeaderValue header value for JSON data.
+	ContentJSONHeaderValue = "application/json"
+	// ContentJSONProblemHeaderValue header value for JSON API problem error.
+	// Read more at: https://tools.ietf.org/html/rfc7807
+	ContentJSONProblemHeaderValue = "application/problem+json"
+	// ContentXMLProblemHeaderValue header value for XML API problem error.
+	// Read more at: https://tools.ietf.org/html/rfc7807
+	ContentXMLProblemHeaderValue = "application/problem+xml"
+	// ContentJavascriptHeaderValue header value for JSONP & Javascript data.
+	ContentJavascriptHeaderValue = "text/javascript"
+	// ContentTextHeaderValue header value for Text data.
+	ContentTextHeaderValue = "text/plain"
+	// ContentXMLHeaderValue header value for XML data.
+	ContentXMLHeaderValue = "text/xml"
+	// ContentXMLUnreadableHeaderValue obsolete header value for XML.
+	ContentXMLUnreadableHeaderValue = "application/xml"
+	// ContentMarkdownHeaderValue custom key/content type, the real is the text/html.
+	ContentMarkdownHeaderValue = "text/markdown"
+	// ContentYAMLHeaderValue header value for YAML data.
+	ContentYAMLHeaderValue = "application/x-yaml"
+	// ContentYAMLTextHeaderValue header value for YAML plain text.
+	ContentYAMLTextHeaderValue = "text/yaml"
+	// ContentProtobufHeaderValue header value for Protobuf messages data.
+	ContentProtobufHeaderValue = "application/x-protobuf"
+	// ContentMsgPackHeaderValue header value for MsgPack data.
+	ContentMsgPackHeaderValue = "application/msgpack"
+	// ContentMsgPack2HeaderValue alternative header value for MsgPack data.
+	ContentMsgPack2HeaderValue = "application/x-msgpack"
+	// ContentFormHeaderValue header value for post form data.
+	ContentFormHeaderValue = "application/x-www-form-urlencoded"
+	// ContentFormMultipartHeaderValue header value for post multipart form data.
+	ContentFormMultipartHeaderValue = "multipart/form-data"
+	// ContentMultipartRelatedHeaderValue header value for multipart related data.
+	ContentMultipartRelatedHeaderValue = "multipart/related"
+	// ContentGRPCHeaderValue Content-Type header value for gRPC.
+	ContentGRPCHeaderValue = "application/grpc"
+)
+
+var types = map[string]string{
+	".3dm":       "x-world/x-3dmf",
+	".3dmf":      "x-world/x-3dmf",
+	".7z":        "application/x-7z-compressed",
+	".a":         "application/octet-stream",
+	".aab":       "application/x-authorware-bin",
+	".aam":       "application/x-authorware-map",
+	".aas":       "application/x-authorware-seg",
+	".abc":       "text/vndabc",
+	".ace":       "application/x-ace-compressed",
+	".acgi":      "text/html",
+	".afl":       "video/animaflex",
+	".ai":        "application/postscript",
+	".aif":       "audio/aiff",
+	".aifc":      "audio/aiff",
+	".aiff":      "audio/aiff",
+	".aim":       "application/x-aim",
+	".aip":       "text/x-audiosoft-intra",
+	".alz":       "application/x-alz-compressed",
+	".ani":       "application/x-navi-animation",
+	".aos":       "application/x-nokia-9000-communicator-add-on-software",
+	".aps":       "application/mime",
+	".apk":       "application/vnd.android.package-archive",
+	".arc":       "application/x-arc-compressed",
+	".arj":       "application/arj",
+	".art":       "image/x-jg",
+	".asf":       "video/x-ms-asf",
+	".asm":       "text/x-asm",
+	".asp":       "text/asp",
+	".asx":       "application/x-mplayer2",
+	".au":        "audio/basic",
+	".avi":       "video/x-msvideo",
+	".avs":       "video/avs-video",
+	".bcpio":     "application/x-bcpio",
+	".bin":       "application/mac-binary",
+	".bmp":       "image/bmp",
+	".boo":       "application/book",
+	".book":      "application/book",
+	".boz":       "application/x-bzip2",
+	".bsh":       "application/x-bsh",
+	".bz2":       "application/x-bzip2",
+	".bz":        "application/x-bzip",
+	".c++":       ContentTextHeaderValue,
+	".c":         "text/x-c",
+	".cab":       "application/vnd.ms-cab-compressed",
+	".cat":       "application/vndms-pkiseccat",
+	".cc":        "text/x-c",
+	".ccad":      "application/clariscad",
+	".cco":       "application/x-cocoa",
+	".cdf":       "application/cdf",
+	".cer":       "application/pkix-cert",
+	".cha":       "application/x-chat",
+	".chat":      "application/x-chat",
+	".chrt":      "application/vnd.kde.kchart",
+	".class":     "application/java",
+	".com":       ContentTextHeaderValue,
+	".conf":      ContentTextHeaderValue,
+	".cpio":      "application/x-cpio",
+	".cpp":       "text/x-c",
+	".cpt":       "application/mac-compactpro",
+	".crl":       "application/pkcs-crl",
+	".crt":       "application/pkix-cert",
+	".crx":       "application/x-chrome-extension",
+	".csh":       "text/x-scriptcsh",
+	".css":       "text/css",
+	".csv":       "text/csv",
+	".cxx":       ContentTextHeaderValue,
+	".dar":       "application/x-dar",
+	".dcr":       "application/x-director",
+	".deb":       "application/x-debian-package",
+	".deepv":     "application/x-deepv",
+	".def":       ContentTextHeaderValue,
+	".der":       "application/x-x509-ca-cert",
+	".dif":       "video/x-dv",
+	".dir":       "application/x-director",
+	".divx":      "video/divx",
+	".dl":        "video/dl",
+	".dmg":       "application/x-apple-diskimage",
+	".doc":       "application/msword",
+	".dot":       "application/msword",
+	".dp":        "application/commonground",
+	".drw":       "application/drafting",
+	".dump":      "application/octet-stream",
+	".dv":        "video/x-dv",
+	".dvi":       "application/x-dvi",
+	".dwf":       "drawing/x-dwf=(old)",
+	".dwg":       "application/acad",
+	".dxf":       "application/dxf",
+	".dxr":       "application/x-director",
+	".el":        "text/x-scriptelisp",
+	".elc":       "application/x-bytecodeelisp=(compiled=elisp)",
+	".eml":       "message/rfc822",
+	".env":       "application/x-envoy",
+	".eps":       "application/postscript",
+	".es":        "application/x-esrehber",
+	".etx":       "text/x-setext",
+	".evy":       "application/envoy",
+	".exe":       "application/octet-stream",
+	".f77":       "text/x-fortran",
+	".f90":       "text/x-fortran",
+	".f":         "text/x-fortran",
+	".fdf":       "application/vndfdf",
+	".fif":       "application/fractals",
+	".fli":       "video/fli",
+	".flo":       "image/florian",
+	".flv":       "video/x-flv",
+	".flx":       "text/vndfmiflexstor",
+	".fmf":       "video/x-atomic3d-feature",
+	".for":       "text/x-fortran",
+	".fpx":       "image/vndfpx",
+	".frl":       "application/freeloader",
+	".funk":      "audio/make",
+	".g3":        "image/g3fax",
+	".g":         ContentTextHeaderValue,
+	".gif":       "image/gif",
+	".gl":        "video/gl",
+	".gsd":       "audio/x-gsm",
+	".gsm":       "audio/x-gsm",
+	".gsp":       "application/x-gsp",
+	".gss":       "application/x-gss",
+	".gtar":      "application/x-gtar",
+	".gz":        "application/x-compressed",
+	".gzip":      "application/x-gzip",
+	".h":         "text/x-h",
+	".hdf":       "application/x-hdf",
+	".help":      "application/x-helpfile",
+	".hgl":       "application/vndhp-hpgl",
+	".hh":        "text/x-h",
+	".hlb":       "text/x-script",
+	".hlp":       "application/hlp",
+	".hpg":       "application/vndhp-hpgl",
+	".hpgl":      "application/vndhp-hpgl",
+	".hqx":       "application/binhex",
+	".hta":       "application/hta",
+	".htc":       "text/x-component",
+	".htm":       "text/html",
+	".html":      "text/html",
+	".htmls":     "text/html",
+	".htt":       "text/webviewhtml",
+	".htx":       "text/html",
+	".ice":       "x-conference/x-cooltalk",
+	".ico":       "image/x-icon",
+	".ics":       "text/calendar",
+	".icz":       "text/calendar",
+	".idc":       ContentTextHeaderValue,
+	".ief":       "image/ief",
+	".iefs":      "image/ief",
+	".iges":      "application/iges",
+	".igs":       "application/iges",
+	".ima":       "application/x-ima",
+	".imap":      "application/x-httpd-imap",
+	".inf":       "application/inf",
+	".ins":       "application/x-internett-signup",
+	".ip":        "application/x-ip2",
+	".isu":       "video/x-isvideo",
+	".it":        "audio/it",
+	".iv":        "application/x-inventor",
+	".ivr":       "i-world/i-vrml",
+	".ivy":       "application/x-livescreen",
+	".jam":       "audio/x-jam",
+	".jav":       "text/x-java-source",
+	".java":      "text/x-java-source",
+	".jcm":       "application/x-java-commerce",
+	".jfif-tbnl": "image/jpeg",
+	".jfif":      "image/jpeg",
+	".jnlp":      "application/x-java-jnlp-file",
+	".jpe":       "image/jpeg",
+	".jpeg":      "image/jpeg",
+	".jpg":       "image/jpeg",
+	".jps":       "image/x-jps",
+	".js":        ContentJavascriptHeaderValue,
+	".mjs":       ContentJavascriptHeaderValue,
+	".json":      ContentJSONHeaderValue,
+	".vue":       ContentJavascriptHeaderValue,
+	".jut":       "image/jutvision",
+	".kar":       "audio/midi",
+	".karbon":    "application/vnd.kde.karbon",
+	".kfo":       "application/vnd.kde.kformula",
+	".flw":       "application/vnd.kde.kivio",
+	".kml":       "application/vnd.google-earth.kml+xml",
+	".kmz":       "application/vnd.google-earth.kmz",
+	".kon":       "application/vnd.kde.kontour",
+	".kpr":       "application/vnd.kde.kpresenter",
+	".kpt":       "application/vnd.kde.kpresenter",
+	".ksp":       "application/vnd.kde.kspread",
+	".kwd":       "application/vnd.kde.kword",
+	".kwt":       "application/vnd.kde.kword",
+	".ksh":       "text/x-scriptksh",
+	".la":        "audio/nspaudio",
+	".lam":       "audio/x-liveaudio",
+	".latex":     "application/x-latex",
+	".lha":       "application/lha",
+	".lhx":       "application/octet-stream",
+	".list":      ContentTextHeaderValue,
+	".lma":       "audio/nspaudio",
+	".log":       ContentTextHeaderValue,
+	".lsp":       "text/x-scriptlisp",
+	".lst":       ContentTextHeaderValue,
+	".lsx":       "text/x-la-asf",
+	".ltx":       "application/x-latex",
+	".lzh":       "application/octet-stream",
+	".lzx":       "application/lzx",
+	".m1v":       "video/mpeg",
+	".m2a":       "audio/mpeg",
+	".m2v":       "video/mpeg",
+	".m3u":       "audio/x-mpegurl",
+	".m":         "text/x-m",
+	".man":       "application/x-troff-man",
+	".manifest":  "text/cache-manifest",
+	".map":       "application/x-navimap",
+	".mar":       ContentTextHeaderValue,
+	".mbd":       "application/mbedlet",
+	".mc$":       "application/x-magic-cap-package-10",
+	".mcd":       "application/mcad",
+	".mcf":       "text/mcf",
+	".mcp":       "application/netmc",
+	".me":        "application/x-troff-me",
+	".mht":       "message/rfc822",
+	".mhtml":     "message/rfc822",
+	".mid":       "application/x-midi",
+	".midi":      "application/x-midi",
+	".mif":       "application/x-frame",
+	".mime":      "message/rfc822",
+	".mjf":       "audio/x-vndaudioexplosionmjuicemediafile",
+	".mjpg":      "video/x-motion-jpeg",
+	".mm":        "application/base64",
+	".mme":       "application/base64",
+	".mod":       "audio/mod",
+	".moov":      "video/quicktime",
+	".mov":       "video/quicktime",
+	".movie":     "video/x-sgi-movie",
+	".mp2":       "audio/mpeg",
+	".mp3":       "audio/mpeg",
+	".mp4":       "video/mp4",
+	".mpa":       "audio/mpeg",
+	".mpc":       "application/x-project",
+	".mpe":       "video/mpeg",
+	".mpeg":      "video/mpeg",
+	".mpg":       "video/mpeg",
+	".mpga":      "audio/mpeg",
+	".mpp":       "application/vndms-project",
+	".mpt":       "application/x-project",
+	".mpv":       "application/x-project",
+	".mpx":       "application/x-project",
+	".mrc":       "application/marc",
+	".ms":        "application/x-troff-ms",
+	".mv":        "video/x-sgi-movie",
+	".my":        "audio/make",
+	".mzz":       "application/x-vndaudioexplosionmzz",
+	".nap":       "image/naplps",
+	".naplps":    "image/naplps",
+	".nc":        "application/x-netcdf",
+	".ncm":       "application/vndnokiaconfiguration-message",
+	".nif":       "image/x-niff",
+	".niff":      "image/x-niff",
+	".nix":       "application/x-mix-transfer",
+	".nsc":       "application/x-conference",
+	".nvd":       "application/x-navidoc",
+	".o":         "application/octet-stream",
+	".oda":       "application/oda",
+	".odb":       "application/vnd.oasis.opendocument.database",
+	".odc":       "application/vnd.oasis.opendocument.chart",
+	".odf":       "application/vnd.oasis.opendocument.formula",
+	".odg":       "application/vnd.oasis.opendocument.graphics",
+	".odi":       "application/vnd.oasis.opendocument.image",
+	".odm":       "application/vnd.oasis.opendocument.text-master",
+	".odp":       "application/vnd.oasis.opendocument.presentation",
+	".ods":       "application/vnd.oasis.opendocument.spreadsheet",
+	".odt":       "application/vnd.oasis.opendocument.text",
+	".oga":       "audio/ogg",
+	".ogg":       "audio/ogg",
+	".ogv":       "video/ogg",
+	".omc":       "application/x-omc",
+	".omcd":      "application/x-omcdatamaker",
+	".omcr":      "application/x-omcregerator",
+	".otc":       "application/vnd.oasis.opendocument.chart-template",
+	".otf":       "application/vnd.oasis.opendocument.formula-template",
+	".otg":       "application/vnd.oasis.opendocument.graphics-template",
+	".oth":       "application/vnd.oasis.opendocument.text-web",
+	".oti":       "application/vnd.oasis.opendocument.image-template",
+	".otm":       "application/vnd.oasis.opendocument.text-master",
+	".otp":       "application/vnd.oasis.opendocument.presentation-template",
+	".ots":       "application/vnd.oasis.opendocument.spreadsheet-template",
+	".ott":       "application/vnd.oasis.opendocument.text-template",
+	".p10":       "application/pkcs10",
+	".p12":       "application/pkcs-12",
+	".p7a":       "application/x-pkcs7-signature",
+	".p7c":       "application/pkcs7-mime",
+	".p7m":       "application/pkcs7-mime",
+	".p7r":       "application/x-pkcs7-certreqresp",
+	".p7s":       "application/pkcs7-signature",
+	".p":         "text/x-pascal",
+	".part":      "application/pro_eng",
+	".pas":       "text/pascal",
+	".pbm":       "image/x-portable-bitmap",
+	".pcl":       "application/vndhp-pcl",
+	".pct":       "image/x-pict",
+	".pcx":       "image/x-pcx",
+	".pdb":       "chemical/x-pdb",
+	".pdf":       "application/pdf",
+	".pfunk":     "audio/make",
+	".pgm":       "image/x-portable-graymap",
+	".pic":       "image/pict",
+	".pict":      "image/pict",
+	".pkg":       "application/x-newton-compatible-pkg",
+	".pko":       "application/vndms-pkipko",
+	".pl":        "text/x-scriptperl",
+	".plx":       "application/x-pixclscript",
+	".pm4":       "application/x-pagemaker",
+	".pm5":       "application/x-pagemaker",
+	".pm":        "text/x-scriptperl-module",
+	".png":       "image/png",
+	".pnm":       "application/x-portable-anymap",
+	".pot":       "application/mspowerpoint",
+	".pov":       "model/x-pov",
+	".ppa":       "application/vndms-powerpoint",
+	".ppm":       "image/x-portable-pixmap",
+	".pps":       "application/mspowerpoint",
+	".ppt":       "application/mspowerpoint",
+	".ppz":       "application/mspowerpoint",
+	".pre":       "application/x-freelance",
+	".prt":       "application/pro_eng",
+	".ps":        "application/postscript",
+	".psd":       "application/octet-stream",
+	".pvu":       "paleovu/x-pv",
+	".pwz":       "application/vndms-powerpoint",
+	".py":        "text/x-scriptphyton",
+	".pyc":       "application/x-bytecodepython",
+	".qcp":       "audio/vndqcelp",
+	".qd3":       "x-world/x-3dmf",
+	".qd3d":      "x-world/x-3dmf",
+	".qif":       "image/x-quicktime",
+	".qt":        "video/quicktime",
+	".qtc":       "video/x-qtc",
+	".qti":       "image/x-quicktime",
+	".qtif":      "image/x-quicktime",
+	".ra":        "audio/x-pn-realaudio",
+	".ram":       "audio/x-pn-realaudio",
+	".rar":       "application/x-rar-compressed",
+	".ras":       "application/x-cmu-raster",
+	".rast":      "image/cmu-raster",
+	".rexx":      "text/x-scriptrexx",
+	".rf":        "image/vndrn-realflash",
+	".rgb":       "image/x-rgb",
+	".rm":        "application/vndrn-realmedia",
+	".rmi":       "audio/mid",
+	".rmm":       "audio/x-pn-realaudio",
+	".rmp":       "audio/x-pn-realaudio",
+	".rng":       "application/ringing-tones",
+	".rnx":       "application/vndrn-realplayer",
+	".roff":      "application/x-troff",
+	".rp":        "image/vndrn-realpix",
+	".rpm":       "audio/x-pn-realaudio-plugin",
+	".rt":        "text/vndrn-realtext",
+	".rtf":       "text/richtext",
+	".rtx":       "text/richtext",
+	".rv":        "video/vndrn-realvideo",
+	".s":         "text/x-asm",
+	".s3m":       "audio/s3m",
+	".s7z":       "application/x-7z-compressed",
+	".saveme":    "application/octet-stream",
+	".sbk":       "application/x-tbook",
+	".scm":       "text/x-scriptscheme",
+	".sdml":      ContentTextHeaderValue,
+	".sdp":       "application/sdp",
+	".sdr":       "application/sounder",
+	".sea":       "application/sea",
+	".set":       "application/set",
+	".sgm":       "text/x-sgml",
+	".sgml":      "text/x-sgml",
+	".sh":        "text/x-scriptsh",
+	".shar":      "application/x-bsh",
+	".shtml":     "text/x-server-parsed-html",
+	".sid":       "audio/x-psid",
+	".skd":       "application/x-koan",
+	".skm":       "application/x-koan",
+	".skp":       "application/x-koan",
+	".skt":       "application/x-koan",
+	".sit":       "application/x-stuffit",
+	".sitx":      "application/x-stuffitx",
+	".sl":        "application/x-seelogo",
+	".smi":       "application/smil",
+	".smil":      "application/smil",
+	".snd":       "audio/basic",
+	".sol":       "application/solids",
+	".spc":       "text/x-speech",
+	".spl":       "application/futuresplash",
+	".spr":       "application/x-sprite",
+	".sprite":    "application/x-sprite",
+	".spx":       "audio/ogg",
+	".src":       "application/x-wais-source",
+	".ssi":       "text/x-server-parsed-html",
+	".ssm":       "application/streamingmedia",
+	".sst":       "application/vndms-pkicertstore",
+	".step":      "application/step",
+	".stl":       "application/sla",
+	".stp":       "application/step",
+	".sv4cpio":   "application/x-sv4cpio",
+	".sv4crc":    "application/x-sv4crc",
+	".svf":       "image/vnddwg",
+	".svg":       "image/svg+xml",
+	".svr":       "application/x-world",
+	".swf":       "application/x-shockwave-flash",
+	".t":         "application/x-troff",
+	".talk":      "text/x-speech",
+	".tar":       "application/x-tar",
+	".tbk":       "application/toolbook",
+	".tcl":       "text/x-scripttcl",
+	".tcsh":      "text/x-scripttcsh",
+	".tex":       "application/x-tex",
+	".texi":      "application/x-texinfo",
+	".texinfo":   "application/x-texinfo",
+	".text":      ContentTextHeaderValue,
+	".tgz":       "application/gnutar",
+	".tif":       "image/tiff",
+	".tiff":      "image/tiff",
+	".tr":        "application/x-troff",
+	".tsi":       "audio/tsp-audio",
+	".tsp":       "application/dsptype",
+	".tsv":       "text/tab-separated-values",
+	".turbot":    "image/florian",
+	".txt":       ContentTextHeaderValue,
+	".uil":       "text/x-uil",
+	".uni":       "text/uri-list",
+	".unis":      "text/uri-list",
+	".unv":       "application/i-deas",
+	".uri":       "text/uri-list",
+	".uris":      "text/uri-list",
+	".ustar":     "application/x-ustar",
+	".uu":        "text/x-uuencode",
+	".uue":       "text/x-uuencode",
+	".vcd":       "application/x-cdlink",
+	".vcf":       "text/x-vcard",
+	".vcard":     "text/x-vcard",
+	".vcs":       "text/x-vcalendar",
+	".vda":       "application/vda",
+	".vdo":       "video/vdo",
+	".vew":       "application/groupwise",
+	".viv":       "video/vivo",
+	".vivo":      "video/vivo",
+	".vmd":       "application/vocaltec-media-desc",
+	".vmf":       "application/vocaltec-media-file",
+	".voc":       "audio/voc",
+	".vos":       "video/vosaic",
+	".vox":       "audio/voxware",
+	".vqe":       "audio/x-twinvq-plugin",
+	".vqf":       "audio/x-twinvq",
+	".vql":       "audio/x-twinvq-plugin",
+	".vrml":      "application/x-vrml",
+	".vrt":       "x-world/x-vrt",
+	".vsd":       "application/x-visio",
+	".vst":       "application/x-visio",
+	".vsw":       "application/x-visio",
+	".w60":       "application/wordperfect60",
+	".w61":       "application/wordperfect61",
+	".w6w":       "application/msword",
+	".wav":       "audio/wav",
+	".wb1":       "application/x-qpro",
+	".wbmp":      "image/vnd.wap.wbmp",
+	".web":       "application/vndxara",
+	".wiz":       "application/msword",
+	".wk1":       "application/x-123",
+	".wmf":       "windows/metafile",
+	".wml":       "text/vnd.wap.wml",
+	".wmlc":      "application/vnd.wap.wmlc",
+	".wmls":      "text/vnd.wap.wmlscript",
+	".wmlsc":     "application/vnd.wap.wmlscriptc",
+	".word":      "application/msword",
+	".wp5":       "application/wordperfect",
+	".wp6":       "application/wordperfect",
+	".wp":        "application/wordperfect",
+	".wpd":       "application/wordperfect",
+	".wq1":       "application/x-lotus",
+	".wri":       "application/mswrite",
+	".wrl":       "application/x-world",
+	".wrz":       "model/vrml",
+	".wsc":       "text/scriplet",
+	".wsrc":      "application/x-wais-source",
+	".wtk":       "application/x-wintalk",
+	".x-png":     "image/png",
+	".xbm":       "image/x-xbitmap",
+	".xdr":       "video/x-amt-demorun",
+	".xgz":       "xgl/drawing",
+	".xif":       "image/vndxiff",
+	".xl":        "application/excel",
+	".xla":       "application/excel",
+	".xlb":       "application/excel",
+	".xlc":       "application/excel",
+	".xld":       "application/excel",
+	".xlk":       "application/excel",
+	".xll":       "application/excel",
+	".xlm":       "application/excel",
+	".xls":       "application/excel",
+	".xlt":       "application/excel",
+	".xlv":       "application/excel",
+	".xlw":       "application/excel",
+	".xm":        "audio/xm",
+	".xml":       ContentXMLHeaderValue,
+	".xmz":       "xgl/movie",
+	".xpix":      "application/x-vndls-xpix",
+	".xpm":       "image/x-xpixmap",
+	".xsr":       "video/x-amt-showrun",
+	".xwd":       "image/x-xwd",
+	".xyz":       "chemical/x-pdb",
+	".z":         "application/x-compress",
+	".zip":       "application/zip",
+	".zoo":       "application/octet-stream",
+	".zsh":       "text/x-scriptzsh",
+	".docx":      "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+	".docm":      "application/vnd.ms-word.document.macroEnabled.12",
+	".dotx":      "application/vnd.openxmlformats-officedocument.wordprocessingml.template",
+	".dotm":      "application/vnd.ms-word.template.macroEnabled.12",
+	".xlsx":      "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+	".xlsm":      "application/vnd.ms-excel.sheet.macroEnabled.12",
+	".xltx":      "application/vnd.openxmlformats-officedocument.spreadsheetml.template",
+	".xltm":      "application/vnd.ms-excel.template.macroEnabled.12",
+	".xlsb":      "application/vnd.ms-excel.sheet.binary.macroEnabled.12",
+	".xlam":      "application/vnd.ms-excel.addin.macroEnabled.12",
+	".pptx":      "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+	".pptm":      "application/vnd.ms-powerpoint.presentation.macroEnabled.12",
+	".ppsx":      "application/vnd.openxmlformats-officedocument.presentationml.slideshow",
+	".ppsm":      "application/vnd.ms-powerpoint.slideshow.macroEnabled.12",
+	".potx":      "application/vnd.openxmlformats-officedocument.presentationml.template",
+	".potm":      "application/vnd.ms-powerpoint.template.macroEnabled.12",
+	".ppam":      "application/vnd.ms-powerpoint.addin.macroEnabled.12",
+	".sldx":      "application/vnd.openxmlformats-officedocument.presentationml.slide",
+	".sldm":      "application/vnd.ms-powerpoint.slide.macroEnabled.12",
+	".thmx":      "application/vnd.ms-officetheme",
+	".onetoc":    "application/onenote",
+	".onetoc2":   "application/onenote",
+	".onetmp":    "application/onenote",
+	".onepkg":    "application/onenote",
+	".xpi":       "application/x-xpinstall",
+	".wasm":      "application/wasm",
+	".m4a":       "audio/mp4",
+	".flac":      "audio/x-flac",
+	".amr":       "audio/amr",
+	".aac":       "audio/aac",
+	".opus":      "video/ogg",
+	".m4v":       "video/mp4",
+	".mkv":       "video/x-matroska",
+	".caf":       "audio/x-caf",
+	".m3u8":      "application/x-mpegURL",
+	".mpd":       "application/dash+xml",
+	".webp":      "image/webp",
+	".epub":      "application/epub+zip",
+}
+
+func init() {
+	for ext, typ := range types {
+		// skip errors
+		_ = mime.AddExtensionType(ext, typ)
+	}
+}

files/sorting.go

@@ -0,0 +1,7 @@
+package files
+
+// Sorting contains a sorting order.
+type Sorting struct {
+	By  string `json:"by"`
+	Asc bool   `json:"asc"`
+}

files/utils.go

@@ -0,0 +1,59 @@
+package files
+
+import (
+	"os"
+	"unicode/utf8"
+)
+
+func isBinary(content []byte) bool {
+	maybeStr := string(content)
+	runeCnt := utf8.RuneCount(content)
+	runeIndex := 0
+	gotRuneErrCnt := 0
+	firstRuneErrIndex := -1
+
+	const (
+		// 8 and below are control chars (e.g. backspace, null, eof, etc)
+		maxControlCharsCode = 8
+		// 0xFFFD(65533) is  the "error" Rune or "Unicode replacement character"
+		// see https://golang.org/pkg/unicode/utf8/#pkg-constants
+		unicodeReplacementChar = 0xFFFD
+	)
+
+	for _, b := range maybeStr {
+		if b <= maxControlCharsCode {
+			return true
+		}
+
+		if b == unicodeReplacementChar {
+			// if it is not the last (utf8.UTFMax - x) rune
+			if runeCnt > utf8.UTFMax && runeIndex < runeCnt-utf8.UTFMax {
+				return true
+			}
+			// else it is the last (utf8.UTFMax - x) rune
+			// there maybe Vxxx, VVxx, VVVx, thus, we may got max 3 0xFFFD rune (assume V is the byte we got)
+			// for Chinese, it can only be Vxx, VVx, we may got max 2 0xFFFD rune
+			gotRuneErrCnt++
+
+			// mark the first time
+			if firstRuneErrIndex == -1 {
+				firstRuneErrIndex = runeIndex
+			}
+		}
+		runeIndex++
+	}
+
+	// if last (utf8.UTFMax - x ) rune has the "error" Rune, but not all
+	if firstRuneErrIndex != -1 && gotRuneErrCnt != runeCnt-firstRuneErrIndex {
+		return true
+	}
+	return false
+}
+
+func IsNamedPipe(mode os.FileMode) bool {
+	return mode&os.ModeNamedPipe != 0
+}
+
+func IsSymlink(mode os.FileMode) bool {
+	return mode&os.ModeSymlink != 0
+}

fileutils/copy.go

@@ -0,0 +1,40 @@
+package fileutils
+
+import (
+	"io/fs"
+	"os"
+	"path"
+
+	"github.com/spf13/afero"
+)
+
+// Copy copies a file or folder from one place to another.
+func Copy(afs afero.Fs, src, dst string, fileMode, dirMode fs.FileMode) error {
+	if src = path.Clean("/" + src); src == "" {
+		return os.ErrNotExist
+	}
+
+	if dst = path.Clean("/" + dst); dst == "" {
+		return os.ErrNotExist
+	}
+
+	if src == "/" || dst == "/" {
+		// Prohibit copying from or to the virtual root directory.
+		return os.ErrInvalid
+	}
+
+	if dst == src {
+		return os.ErrInvalid
+	}
+
+	info, err := afs.Stat(src)
+	if err != nil {
+		return err
+	}
+
+	if info.IsDir() {
+		return CopyDir(afs, src, dst, fileMode, dirMode)
+	}
+
+	return CopyFile(afs, src, dst, fileMode, dirMode)
+}