PyPI - pyfileserv - Versions diffs - 0.2.2__py3-none-any.whl - Mend

pyfileserv 0.2.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

file_server/__init__.py +23 -0
file_server/__main__.py +5 -0
file_server/auth.py +175 -0
file_server/cli.py +186 -0
file_server/config.py +44 -0
file_server/handlers.py +230 -0
file_server/server.py +87 -0
file_server/templates.py +359 -0
pyfileserv-0.2.2.dist-info/METADATA +178 -0
pyfileserv-0.2.2.dist-info/RECORD +12 -0
pyfileserv-0.2.2.dist-info/WHEEL +4 -0
pyfileserv-0.2.2.dist-info/entry_points.txt +2 -0

file_server/__init__.py ADDED Viewed

@@ -0,0 +1,23 @@
+"""
+带登录认证的安全文件服务器
+"""
+__version__ = "0.2.2"
+from .config import ServerConfig
+from .auth import (
+    PasswordHasher,
+    UserStore,
+    SessionManager,
+    Authenticator,
+)
+from .server import run_server
+__all__ = [
+    'ServerConfig',
+    'PasswordHasher',
+    'UserStore',
+    'SessionManager',
+    'Authenticator',
+    'run_server',
+]

file_server/__main__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""命令行入口点"""
+from .cli import main
+if __name__ == "__main__":
+    main()

file_server/auth.py ADDED Viewed

@@ -0,0 +1,175 @@
+"""认证模块 - 密码哈希、用户存储、会话管理"""
+import json
+import logging
+import secrets
+import time
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Dict, Optional, Tuple
+import bcrypt
+logger = logging.getLogger(__name__)
+@dataclass
+class Session:
+    """会话数据"""
+    session_id: str
+    username: str
+    expires: float
+    created_at: float
+class PasswordHasher:
+    """密码哈希工具"""
+    def __init__(self, rounds: int = 12):
+        self.rounds = rounds
+    def hash_password(self, password: str) -> str:
+        """使用 bcrypt 加密密码"""
+        salt = bcrypt.gensalt(rounds=self.rounds)
+        hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
+        return hashed.decode('utf-8')
+    def verify_password(self, password: str, hashed_password: str) -> bool:
+        """验证密码"""
+        try:
+            return bcrypt.checkpw(
+                password.encode('utf-8'),
+                hashed_password.encode('utf-8')
+            )
+        except Exception:
+            return False
+class UserStore:
+    """用户存储 - 负责用户数据的读写"""
+    def __init__(self, users_file_path: Path):
+        self.users_file_path = Path(users_file_path)
+    def load_users(self) -> Dict[str, dict]:
+        """加载用户数据"""
+        if not self.users_file_path.exists():
+            return {}
+        with open(self.users_file_path, 'r', encoding='utf-8') as f:
+            return json.load(f)
+    def save_users(self, users: Dict[str, dict]) -> None:
+        """保存用户数据"""
+        self.users_file_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(self.users_file_path, 'w', encoding='utf-8') as f:
+            json.dump(users, f, indent=2, ensure_ascii=False)
+    def user_exists(self, username: str) -> bool:
+        """检查用户是否存在"""
+        return username in self.load_users()
+    def get_user(self, username: str) -> Optional[dict]:
+        """获取用户数据"""
+        users = self.load_users()
+        return users.get(username)
+    def add_user(self, username: str, password_hash: str) -> None:
+        """添加用户"""
+        users = self.load_users()
+        users[username] = {
+            "password": password_hash,
+            "created_at": str(time.time())
+        }
+        self.save_users(users)
+    def update_password(self, username: str, password_hash: str) -> None:
+        """更新密码"""
+        users = self.load_users()
+        if username in users:
+            users[username]["password"] = password_hash
+            self.save_users(users)
+    def delete_user(self, username: str) -> bool:
+        """删除用户"""
+        users = self.load_users()
+        if username in users:
+            del users[username]
+            self.save_users(users)
+            return True
+        return False
+class SessionManager:
+    """会话管理器"""
+    def __init__(self, timeout_seconds: int = 3600):
+        self.timeout = timeout_seconds
+        self._sessions: Dict[str, Session] = {}
+    def create_session(self, username: str) -> str:
+        """创建新会话，返回 session_id"""
+        session_id = secrets.token_hex(32)
+        now = time.time()
+        self._sessions[session_id] = Session(
+            session_id=session_id,
+            username=username,
+            expires=now + self.timeout,
+            created_at=now
+        )
+        return session_id
+    def validate_session(self, session_id: str) -> Tuple[bool, Optional[str]]:
+        """验证会话，返回 (是否有效, 用户名)"""
+        if not session_id or session_id not in self._sessions:
+            return False, None
+        session = self._sessions[session_id]
+        if time.time() > session.expires:
+            del self._sessions[session_id]
+            return False, None
+        # 刷新会话过期时间
+        session.expires = time.time() + self.timeout
+        return True, session.username
+    def get_username(self, session_id: str) -> Optional[str]:
+        """获取会话对应的用户名"""
+        valid, username = self.validate_session(session_id)
+        return username if valid else None
+    def destroy_session(self, session_id: str) -> Optional[str]:
+        """销毁会话，返回被销毁会话的用户名"""
+        if session_id in self._sessions:
+            username = self._sessions[session_id].username
+            del self._sessions[session_id]
+            return username
+        return None
+class Authenticator:
+    """认证器 - 整合密码验证和会话管理"""
+    def __init__(self, user_store: UserStore, hasher: PasswordHasher,
+                 session_manager: SessionManager):
+        self.user_store = user_store
+        self.hasher = hasher
+        self.session_manager = session_manager
+    def authenticate(self, username: str, password: str) -> Tuple[bool, Optional[str]]:
+        """
+        验证用户凭据
+        返回: (是否成功, 失败原因或session_id)
+        """
+        user_data = self.user_store.get_user(username)
+        if not user_data:
+            logger.warning(f"登录失败 - 用户不存在: {username}")
+            return False, "用户不存在"
+        stored_hash = user_data['password']
+        if not self.hasher.verify_password(password, stored_hash):
+            logger.warning(f"登录失败 - 密码错误: {username}")
+            return False, "密码错误"
+        session_id = self.session_manager.create_session(username)
+        logger.info(f"登录成功 - 用户: {username}")
+        return True, session_id

file_server/cli.py ADDED Viewed

@@ -0,0 +1,186 @@
+"""命令行工具 - 服务器启动和用户管理"""
+import argparse
+import getpass
+import logging
+from pathlib import Path
+from .config import ServerConfig
+from .server import run_server
+from .auth import PasswordHasher, UserStore
+def main() -> None:
+    """主入口"""
+    logging.basicConfig(
+        level=logging.INFO,
+        format='%(asctime)s - %(levelname)s - %(message)s',
+        datefmt='%Y-%m-%d %H:%M:%S'
+    )
+    parser = argparse.ArgumentParser(
+        description='带登录认证的文件服务器',
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+示例:
+  python -m file_server              # 启动服务器
+  python -m file_server -p 9000      # 指定端口
+  python -m file_server user create  # 创建用户
+  python -m file_server user list    # 列出用户
+        """
+    )
+    subparsers = parser.add_subparsers(dest='command', help='子命令')
+    # 服务器命令 (默认)
+    parser.add_argument('-p', '--port', type=int, default=8000,
+                        help='端口号 (默认: 8000)')
+    parser.add_argument('-d', '--directory', default='.',
+                        help='文件服务目录')
+    parser.add_argument('-c', '--config-dir',
+                        help='配置文件目录')
+    parser.add_argument('-s', '--static-dir',
+                        help='静态文件目录')
+    # 用户管理命令
+    user_parser = subparsers.add_parser('user', help='用户管理')
+    user_subparsers = user_parser.add_subparsers(dest='user_command')
+    # user create
+    create_parser = user_subparsers.add_parser('create', help='创建用户')
+    create_parser.add_argument('-u', '--username', help='用户名')
+    # user list
+    user_subparsers.add_parser('list', help='列出用户')
+    # user delete
+    delete_parser = user_subparsers.add_parser('delete', help='删除用户')
+    delete_parser.add_argument('-u', '--username', help='用户名')
+    # user passwd
+    passwd_parser = user_subparsers.add_parser('passwd', help='修改密码')
+    passwd_parser.add_argument('-u', '--username', help='用户名')
+    args = parser.parse_args()
+    if args.command == 'user':
+        _handle_user_command(args)
+    elif args.command is None:
+        config = ServerConfig.from_args(
+            port=args.port,
+            directory=args.directory,
+            config_dir=args.config_dir,
+            static_dir=args.static_dir
+        )
+        run_server(config)
+    else:
+        parser.print_help()
+def _handle_user_command(args) -> None:
+    """处理用户管理命令"""
+    users_file = Path("users.json")
+    user_store = UserStore(users_file)
+    hasher = PasswordHasher()
+    if args.user_command == 'create':
+        _create_user(user_store, hasher, args.username)
+    elif args.user_command == 'list':
+        _list_users(user_store)
+    elif args.user_command == 'delete':
+        _delete_user(user_store, args.username)
+    elif args.user_command == 'passwd':
+        _change_password(user_store, hasher, args.username)
+    else:
+        print("未知用户命令，使用 --help 查看帮助")
+def _create_user(user_store: UserStore, hasher: PasswordHasher,
+                 username: str = None) -> None:
+    """创建用户"""
+    if not username:
+        username = input("用户名: ").strip()
+    if not username:
+        print("错误: 用户名不能为空")
+        return
+    if user_store.user_exists(username):
+        print(f"错误: 用户 '{username}' 已存在")
+        return
+    password = getpass.getpass("密码: ")
+    if len(password) < 6:
+        print("错误: 密码长度至少为6位")
+        return
+    confirm = getpass.getpass("确认密码: ")
+    if password != confirm:
+        print("错误: 两次密码不一致")
+        return
+    password_hash = hasher.hash_password(password)
+    user_store.add_user(username, password_hash)
+    print(f"用户 '{username}' 创建成功")
+def _list_users(user_store: UserStore) -> None:
+    """列出用户"""
+    users = user_store.load_users()
+    if not users:
+        print("暂无用户")
+        return
+    print("\n用户列表:")
+    for username in users:
+        print(f"  - {username}")
+def _delete_user(user_store: UserStore, username: str = None) -> None:
+    """删除用户"""
+    if not username:
+        username = input("要删除的用户名: ").strip()
+    if not user_store.user_exists(username):
+        print(f"错误: 用户 '{username}' 不存在")
+        return
+    confirm = input(f"确认删除用户 '{username}'? (yes/no): ").strip().lower()
+    if confirm == 'yes':
+        user_store.delete_user(username)
+        print(f"用户 '{username}' 已删除")
+    else:
+        print("已取消")
+def _change_password(user_store: UserStore, hasher: PasswordHasher,
+                     username: str = None) -> None:
+    """修改密码"""
+    if not username:
+        username = input("用户名: ").strip()
+    user_data = user_store.get_user(username)
+    if not user_data:
+        print(f"错误: 用户 '{username}' 不存在")
+        return
+    old_password = getpass.getpass("原密码: ")
+    if not hasher.verify_password(old_password, user_data['password']):
+        print("错误: 原密码不正确")
+        return
+    new_password = getpass.getpass("新密码: ")
+    if len(new_password) < 6:
+        print("错误: 密码长度至少为6位")
+        return
+    confirm = getpass.getpass("确认新密码: ")
+    if new_password != confirm:
+        print("错误: 两次密码不一致")
+        return
+    user_store.update_password(username, hasher.hash_password(new_password))
+    print("密码修改成功")
+if __name__ == "__main__":
+    main()

file_server/config.py ADDED Viewed

@@ -0,0 +1,44 @@
+"""配置模块"""
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Optional
+@dataclass
+class ServerConfig:
+    """服务器配置"""
+    # 服务配置
+    port: int = 8000
+    host: str = ""
+    # 路径配置
+    config_dir: Optional[Path] = None
+    static_dir: Optional[Path] = None
+    serve_dir: Optional[Path] = None
+    # 用户文件
+    users_file: str = "users.json"
+    # 会话配置
+    session_timeout: int = 3600  # 秒 (1小时)
+    # 密码哈希配置
+    bcrypt_rounds: int = 12
+    def get_users_file_path(self) -> Path:
+        """获取用户文件完整路径"""
+        if self.config_dir:
+            return self.config_dir / self.users_file
+        return Path(self.users_file)
+    @classmethod
+    def from_args(cls, port: int = 8000, directory: str = ".",
+                  config_dir: Optional[str] = None,
+                  static_dir: Optional[str] = None) -> "ServerConfig":
+        """从命令行参数创建配置"""
+        return cls(
+            port=port,
+            config_dir=Path(config_dir) if config_dir else None,
+            static_dir=Path(static_dir) if static_dir else None,
+            serve_dir=Path(directory) if directory else None,
+        )

file_server/handlers.py ADDED Viewed

@@ -0,0 +1,230 @@
+"""HTTP 请求处理器"""
+import http.server
+import logging
+import os
+import urllib.parse
+from pathlib import Path
+from typing import Optional
+from .auth import Authenticator, SessionManager
+from .templates import render_login_page, render_file_list_page
+from .config import ServerConfig
+logger = logging.getLogger(__name__)
+class SecureHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
+    """安全文件服务器请求处理器"""
+    # 类级别注入依赖
+    authenticator: Optional[Authenticator] = None
+    session_manager: Optional[SessionManager] = None
+    config: Optional[ServerConfig] = None
+    def log_request_info(self, method: str) -> None:
+        """记录请求信息"""
+        client_ip = self.client_address[0]
+        client_port = self.client_address[1]
+        logger.info(f"[{method}] {client_ip}:{client_port} - {self.path}")
+    def get_current_username(self) -> Optional[str]:
+        """获取当前登录用户名"""
+        session_id = self._get_session_id()
+        if session_id and self.session_manager:
+            return self.session_manager.get_username(session_id)
+        return None
+    def is_authenticated(self) -> bool:
+        """检查是否已认证"""
+        session_id = self._get_session_id()
+        if session_id and self.session_manager:
+            valid, _ = self.session_manager.validate_session(session_id)
+            return valid
+        return False
+    def _get_session_id(self) -> Optional[str]:
+        """从 Cookie 获取 session_id"""
+        if 'Cookie' in self.headers:
+            cookies = self.headers['Cookie'].split(';')
+            for cookie in cookies:
+                if cookie.strip().startswith('session_id='):
+                    return cookie.strip()[11:]
+        return None
+    def do_GET(self) -> None:
+        """处理 GET 请求"""
+        self.log_request_info('GET')
+        # 未认证用户只能访问登录页
+        if not self.is_authenticated():
+            if self.path in ('/login', '/do_login'):
+                self._handle_login_page()
+            else:
+                self._redirect_to_login()
+            return
+        # 已认证用户的路由
+        if self.path == '/logout':
+            self._handle_logout()
+        elif self.path.startswith('/download/'):
+            self._handle_download()
+        else:
+            super().do_GET()
+    def do_POST(self) -> None:
+        """处理 POST 请求"""
+        self.log_request_info('POST')
+        if self.path == '/do_login':
+            self._handle_login()
+        elif self.path == '/do_logout':
+            self._handle_logout()
+        else:
+            self.send_error(404, "Not Found")
+    def _redirect_to_login(self) -> None:
+        """重定向到登录页"""
+        logger.info(f"未认证用户访问 {self.path}, 重定向到登录页")
+        self.send_response(302)
+        self.send_header('Location', '/login')
+        self.end_headers()
+    def _handle_login_page(self, error_msg: str = "") -> None:
+        """显示登录页面"""
+        session_timeout = self.config.session_timeout if self.config else 3600
+        html = render_login_page(error_msg, session_timeout)
+        self._send_html_response(html)
+    def _handle_login(self) -> None:
+        """处理登录请求"""
+        # 解析表单数据
+        content_length = int(self.headers.get('Content-Length', 0))
+        post_data = self.rfile.read(content_length).decode('utf-8')
+        params = urllib.parse.parse_qs(post_data)
+        username = params.get('username', [''])[0].strip()
+        password = params.get('password', [''])[0]
+        logger.info(f"登录尝试 - 用户名: {username}")
+        # 认证
+        if self.authenticator:
+            success, result = self.authenticator.authenticate(username, password)
+            if success:
+                # 登录成功，result 是 session_id
+                self.send_response(302)
+                self.send_header('Location', '/')
+                self.send_header('Set-Cookie',
+                                 f'session_id={result}; Path=/; HttpOnly; SameSite=Strict')
+                self.end_headers()
+                return
+        # 登录失败
+        self._handle_login_page("用户名或密码错误")
+    def _handle_logout(self) -> None:
+        """处理登出"""
+        session_id = self._get_session_id()
+        username = None
+        if session_id and self.session_manager:
+            username = self.session_manager.destroy_session(session_id)
+        logger.info(f"用户登出: {username or '未知用户'}")
+        self.send_response(302)
+        self.send_header('Location', '/login')
+        self.send_header('Set-Cookie',
+                         'session_id=; Max-Age=0; Path=/; HttpOnly; SameSite=Strict')
+        self.end_headers()
+    def _handle_download(self) -> None:
+        """处理文件下载"""
+        username = self.get_current_username() or 'Unknown'
+        if not self.is_authenticated():
+            logger.warning("未认证用户尝试下载文件")
+            self.send_error(403, "Forbidden")
+            return
+        file_name = self.path[len('/download/'):].lstrip('/')
+        file_name = urllib.parse.unquote(file_name)
+        file_path = Path(self.directory) / file_name
+        if file_path.exists() and file_path.is_file():
+            try:
+                file_size = file_path.stat().st_size
+                logger.info(f"文件下载 - 用户: {username}, 文件: {file_name}")
+                # RFC 5987: 支持 UTF-8 编码的文件名
+                encoded_filename = urllib.parse.quote(file_path.name)
+                content_disposition = f"attachment; filename*=UTF-8''{encoded_filename}"
+                self.send_response(200)
+                self.send_header('Content-Type', 'application/octet-stream')
+                self.send_header('Content-Disposition', content_disposition)
+                self.send_header('Content-Length', str(file_size))
+                self.end_headers()
+                with open(file_path, 'rb') as f:
+                    self.copyfile(f, self.wfile)
+                logger.info(f"文件下载完成 - {file_name}")
+            except Exception as e:
+                logger.error(f"下载文件出错 - 文件: {file_name}, 错误: {e}")
+                self.send_error(500, "Download error")
+        else:
+            logger.warning(f"文件不存在 - {file_path}")
+            self.send_error(404, "File not found")
+    def list_directory(self, path: str):
+        """重写目录列表方法"""
+        username = self.get_current_username() or 'Unknown'
+        if not self.is_authenticated():
+            logger.warning(f"未认证用户尝试访问目录列表: {path}")
+            self.send_error(403, "Forbidden")
+            return None
+        logger.info(f"目录列表访问 - 用户: {username}, 路径: {path}")
+        try:
+            entries = os.listdir(path)
+        except OSError as e:
+            logger.error(f"无法列出目录: {path}, 错误: {e}")
+            self.send_error(404, "No permission to list directory")
+            return None
+        # 排除隐藏文件和目录
+        files = [f for f in entries if not f.startswith('.')
+                 and os.path.isfile(os.path.join(path, f))]
+        # 分离HTML文件和其他文件
+        html_files = []
+        other_files = []
+        for f in files:
+            file_path = os.path.join(path, f)
+            file_size = os.path.getsize(file_path)
+            if f.lower().endswith(('.html', '.htm')):
+                html_files.append((f, file_size))
+            else:
+                other_files.append((f, file_size))
+        # 渲染页面
+        html = render_file_list_page(path, username, html_files, other_files)
+        self.send_response(200)
+        self.send_header("Content-type", "text/html; charset=utf-8")
+        self.send_header("Content-Length", str(len(html.encode('utf-8'))))
+        self.end_headers()
+        self.wfile.write(html.encode('utf-8'))
+        return None
+    def _send_html_response(self, html: str) -> None:
+        """发送 HTML 响应"""
+        content = html.encode('utf-8')
+        self.send_response(200)
+        self.send_header('Content-type', 'text/html; charset=utf-8')
+        self.send_header('Content-Length', str(len(content)))
+        self.end_headers()
+        self.wfile.write(content)

file_server/server.py ADDED Viewed

@@ -0,0 +1,87 @@
+"""文件服务器主模块"""
+import logging
+import os
+import platform
+import socket
+import socketserver
+from pathlib import Path
+from .auth import Authenticator, PasswordHasher, SessionManager, UserStore
+from .config import ServerConfig
+from .handlers import SecureHTTPRequestHandler
+logger = logging.getLogger(__name__)
+def run_server(config: ServerConfig) -> None:
+    """启动文件服务器"""
+    logger.info("=" * 60)
+    logger.info(f"启动服务器: port={config.port}")
+    # 初始化组件
+    user_store = UserStore(config.get_users_file_path())
+    hasher = PasswordHasher(rounds=config.bcrypt_rounds)
+    session_manager = SessionManager(timeout_seconds=config.session_timeout)
+    authenticator = Authenticator(user_store, hasher, session_manager)
+    # 检查用户文件
+    if not config.get_users_file_path().exists():
+        logger.warning(f"用户文件不存在: {config.get_users_file_path()}")
+        logger.info("请先运行 'python -m file_server user create' 创建用户")
+        return
+    # 确定服务目录
+    serve_dir = config.static_dir or config.serve_dir or Path.cwd()
+    if not serve_dir.exists():
+        logger.error(f"文件服务目录不存在: {serve_dir}")
+        return
+    # 配置请求处理器
+    SecureHTTPRequestHandler.authenticator = authenticator
+    SecureHTTPRequestHandler.session_manager = session_manager
+    SecureHTTPRequestHandler.config = config
+    SecureHTTPRequestHandler.directory = str(serve_dir)
+    # 打印启动信息
+    _print_startup_info(config, serve_dir)
+    # 切换工作目录
+    os.chdir(serve_dir)
+    # 启动服务器
+    with socketserver.TCPServer((config.host, config.port), SecureHTTPRequestHandler) as httpd:
+        try:
+            httpd.serve_forever()
+        except KeyboardInterrupt:
+            logger.info("服务器已停止")
+        finally:
+            httpd.server_close()
+def _print_startup_info(config: ServerConfig, serve_dir: Path) -> None:
+    """打印启动信息"""
+    logger.info(f"文件服务目录: {serve_dir.absolute()}")
+    logger.info(f"配置文件目录: {config.config_dir or '当前目录'}")
+    logger.info(f"认证文件: {config.get_users_file_path()}")
+    logger.info(f"访问地址: http://localhost:{config.port}")
+    # 获取局域网 IP
+    try:
+        lan_ip = _get_lan_ip()
+        logger.info(f"局域网访问: http://{lan_ip}:{config.port}")
+    except Exception as e:
+        logger.warning(f"获取局域网IP失败: {e}")
+    logger.info("按 Ctrl+C 停止服务器")
+    logger.info("=" * 60)
+def _get_lan_ip() -> str:
+    """获取局域网 IP"""
+    if platform.system() == "Windows":
+        hostname = socket.gethostname()
+        return socket.gethostbyname(hostname)
+    else:
+        with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
+            s.connect(("8.8.8.8", 80))
+            return s.getsockname()[0]

file_server/templates.py ADDED Viewed

@@ -0,0 +1,359 @@
+"""HTML 模板"""
+from datetime import datetime
+from typing import List, Tuple
+import urllib.parse
+# CSS 样式常量
+CSS_COMMON = """
+* {
+    margin: 0;
+    padding: 0;
+    box-sizing: border-box;
+}
+"""
+CSS_GRADIENT_PRIMARY = "linear-gradient(135deg, #667eea 0%, #764ba2 100%)"
+def render_login_page(error_msg: str = "", session_timeout: int = 3600) -> str:
+    """渲染登录页面"""
+    timeout_text = f"{session_timeout // 3600}小时" if session_timeout >= 3600 else f"{session_timeout // 60}分钟"
+    error_html = f'<div class="error">{error_msg}</div>' if error_msg else ""
+    return f"""
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>登录 - 文件服务器</title>
+    <style>
+        {CSS_COMMON}
+        body {{
+            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            background: {CSS_GRADIENT_PRIMARY};
+            min-height: 100vh;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            padding: 20px;
+        }}
+        .login-container {{
+            background: white;
+            border-radius: 15px;
+            box-shadow: 0 10px 40px rgba(0, 0, 0, 0.2);
+            padding: 40px;
+            width: 100%;
+            max-width: 400px;
+        }}
+        .login-header {{
+            text-align: center;
+            margin-bottom: 30px;
+        }}
+        .login-header h1 {{
+            color: #333;
+            font-size: 28px;
+            margin-bottom: 10px;
+        }}
+        .login-header p {{
+            color: #666;
+            font-size: 14px;
+        }}
+        .form-group {{
+            margin-bottom: 20px;
+        }}
+        .form-group label {{
+            display: block;
+            margin-bottom: 8px;
+            color: #333;
+            font-weight: 600;
+            font-size: 14px;
+        }}
+        .form-group input {{
+            width: 100%;
+            padding: 12px 15px;
+            border: 2px solid #e0e0e0;
+            border-radius: 8px;
+            font-size: 14px;
+            transition: border-color 0.3s;
+        }}
+        .form-group input:focus {{
+            outline: none;
+            border-color: #667eea;
+        }}
+        .error {{
+            background: #fff3f3;
+            border: 1px solid #ff6b6b;
+            color: #d63031;
+            padding: 12px;
+            border-radius: 6px;
+            margin-bottom: 20px;
+            font-size: 14px;
+        }}
+        .btn-login {{
+            width: 100%;
+            padding: 14px;
+            background: {CSS_GRADIENT_PRIMARY};
+            color: white;
+            border: none;
+            border-radius: 8px;
+            font-size: 16px;
+            font-weight: 600;
+            cursor: pointer;
+            transition: transform 0.2s, box-shadow 0.2s;
+        }}
+        .btn-login:hover {{
+            transform: translateY(-2px);
+            box-shadow: 0 5px 20px rgba(102, 126, 234, 0.4);
+        }}
+        .footer {{
+            text-align: center;
+            margin-top: 20px;
+            color: #999;
+            font-size: 12px;
+        }}
+    </style>
+</head>
+<body>
+    <div class="login-container">
+        <div class="login-header">
+            <h1>文件服务器</h1>
+            <p>请输入用户名和密码登录</p>
+        </div>
+        {error_html}
+        <form method="POST" action="/do_login">
+            <div class="form-group">
+                <label for="username">用户名</label>
+                <input type="text" id="username" name="username" required autofocus>
+            </div>
+            <div class="form-group">
+                <label for="password">密码</label>
+                <input type="password" id="password" name="password" required>
+            </div>
+            <button type="submit" class="btn-login">登录</button>
+        </form>
+        <div class="footer">
+            <p>会话超时: {timeout_text}</p>
+        </div>
+    </div>
+</body>
+</html>
+"""
+def format_size(size: int) -> str:
+    """格式化文件大小"""
+    if size < 1024:
+        return f"{size} B"
+    elif size < 1024 * 1024:
+        return f"{size / 1024:.1f} KB"
+    elif size < 1024 * 1024 * 1024:
+        return f"{size / (1024 * 1024):.1f} MB"
+    else:
+        return f"{size / (1024 * 1024 * 1024):.1f} GB"
+def render_file_list_page(
+    path: str,
+    username: str,
+    html_files: List[Tuple[str, int]],
+    other_files: List[Tuple[str, int]]
+) -> str:
+    """渲染文件列表页面
+    Args:
+        path: 当前路径
+        username: 当前用户名
+        html_files: HTML文件列表 [(文件名, 大小), ...]
+        other_files: 其他文件列表 [(文件名, 大小), ...]
+    """
+    # 生成 HTML 文件列表
+    html_items = ""
+    for filename, size in html_files:
+        html_items += f"""
+                        <li class="file-item html-file">
+                            <a href="{urllib.parse.quote(filename)}" class="file-link">{filename}</a>
+                            <span class="file-info">{format_size(size)}</span>
+                        </li>
+        """
+    if not html_files:
+        html_items = '<li class="file-item">暂无HTML文件</li>'
+    # 生成其他文件列表
+    other_items = ""
+    for filename, size in other_files:
+        other_items += f"""
+                        <li class="file-item download-file">
+                            <a href="/download/{urllib.parse.quote(filename)}" class="file-link">{filename}</a>
+                            <span class="file-info">{format_size(size)} | 点击下载</span>
+                        </li>
+        """
+    if not other_files:
+        other_items = '<li class="file-item">暂无其他文件</li>'
+    return f"""
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>文件列表 - {path}</title>
+    <style>
+        {CSS_COMMON}
+        body {{
+            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            background: #f5f6fa;
+            padding: 20px;
+        }}
+        .header {{
+            background: {CSS_GRADIENT_PRIMARY};
+            color: white;
+            padding: 20px 30px;
+            border-radius: 10px;
+            margin-bottom: 30px;
+            box-shadow: 0 4px 15px rgba(0, 0, 0, 0.1);
+        }}
+        .header h1 {{
+            font-size: 28px;
+            margin-bottom: 10px;
+        }}
+        .header .user-info {{
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            font-size: 14px;
+            opacity: 0.9;
+        }}
+        .header .logout-btn {{
+            background: rgba(255, 255, 255, 0.2);
+            border: 1px solid rgba(255, 255, 255, 0.3);
+            color: white;
+            padding: 8px 20px;
+            border-radius: 20px;
+            text-decoration: none;
+            transition: all 0.3s;
+        }}
+        .header .logout-btn:hover {{
+            background: rgba(255, 255, 255, 0.3);
+            transform: translateY(-2px);
+        }}
+        .container {{
+            max-width: 1200px;
+            margin: 0 auto;
+            background: white;
+            border-radius: 10px;
+            padding: 30px;
+            box-shadow: 0 2px 10px rgba(0, 0, 0, 0.05);
+        }}
+        .section {{
+            margin-bottom: 30px;
+        }}
+        .section-title {{
+            font-size: 20px;
+            color: #333;
+            margin-bottom: 15px;
+            padding-bottom: 10px;
+            border-bottom: 2px solid #667eea;
+        }}
+        .file-list {{
+            list-style: none;
+        }}
+        .file-item {{
+            margin: 10px 0;
+            padding: 15px;
+            border: 1px solid #e0e0e0;
+            border-radius: 8px;
+            background: #f8f9fa;
+            transition: all 0.3s;
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+        }}
+        .file-item:hover {{
+            background: #e9ecef;
+            border-color: #667eea;
+            transform: translateX(5px);
+        }}
+        .file-item.html-file {{
+            background: #d4edda;
+            border-color: #c3e6cb;
+        }}
+        .file-item.html-file:hover {{
+            background: #c3e6cb;
+        }}
+        .file-item.download-file {{
+            background: #d1ecf1;
+            border-color: #bee5eb;
+        }}
+        .file-item.download-file:hover {{
+            background: #bee5eb;
+        }}
+        .file-link {{
+            text-decoration: none;
+            color: #667eea;
+            font-weight: 600;
+            font-size: 16px;
+            flex: 1;
+        }}
+        .file-link:hover {{
+            color: #4834d4;
+        }}
+        .file-info {{
+            color: #666;
+            font-size: 13px;
+            margin-left: 15px;
+            white-space: nowrap;
+        }}
+        .path-info {{
+            color: #666;
+            font-size: 14px;
+            margin-top: 20px;
+            padding: 10px;
+            background: #f8f9fa;
+            border-radius: 5px;
+        }}
+        @media (max-width: 768px) {{
+            .file-item {{
+                flex-direction: column;
+                align-items: flex-start;
+            }}
+            .file-info {{
+                margin-left: 0;
+                margin-top: 8px;
+            }}
+        }}
+    </style>
+</head>
+<body>
+    <div class="header">
+        <h1>文件列表</h1>
+        <div class="user-info">
+            <span>当前用户: {username}</span>
+            <a href="/logout" class="logout-btn">退出登录</a>
+        </div>
+    </div>
+    <div class="container">
+        <div class="section">
+            <div class="section-title">HTML文件</div>
+            <ul class="file-list">
+                {html_items}
+            </ul>
+        </div>
+        <div class="section">
+            <div class="section-title">其他文件 (点击下载)</div>
+            <ul class="file-list">
+                {other_items}
+            </ul>
+        </div>
+        <div class="path-info">
+            <strong>当前路径:</strong> {path}<br>
+            <strong>服务器时间:</strong> {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+        </div>
+    </div>
+</body>
+</html>
+"""

pyfileserv-0.2.2.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,178 @@
+Metadata-Version: 2.4
+Name: pyfileserv
+Version: 0.2.2
+Summary: 带登录认证的安全文件服务器
+Project-URL: Homepage, https://github.com/yucheng/file-server
+Project-URL: Repository, https://github.com/yucheng/file-server
+Author-email: yucheng <yucheng@example.com>
+License-Expression: MIT
+Keywords: authentication,bcrypt,file-server,http
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Requires-Python: >=3.13
+Requires-Dist: bcrypt>=5.0.0
+Provides-Extra: test
+Requires-Dist: pytest>=7.0.0; extra == 'test'
+Description-Content-Type: text/markdown
+# File Server
+带登录认证的安全文件服务器。
+## 功能特性
+- **用户认证系统** - 基于用户名/密码的登录认证，使用 bcrypt 加密存储密码
+- **会话管理** - 基于 Cookie 的安全会话机制，1小时超时
+- **文件浏览** - 目录列表功能，分开展示 HTML 文件和其他文件
+- **文件下载** - 支持任意文件下载，显示文件大小
+- **用户管理** - 创建、删除、修改用户密码
+## 安全特性
+- bcrypt 密码加密（rounds=12）
+- 安全会话 ID（secrets.token_hex）
+- HttpOnly + SameSite Cookie
+- 会话超时机制
+- 访问控制（未认证用户重定向到登录页）
+## 安装
+```bash
+pip install file-server
+```
+或使用 pipx 安装（推荐）：
+```bash
+pipx install file-server
+```
+## 使用方法
+### 1. 创建用户
+```bash
+file-server user create
+# 或指定用户名
+file-server user create -u admin
+```
+### 2. 启动服务器
+```bash
+file-server
+# 或指定端口
+file-server -p 9000
+```
+### 命令行参数
+| 参数 | 说明 | 默认值 |
+|------|------|--------|
+| `-p, --port` | 服务器端口 | 8000 |
+| `-d, --directory` | 文件服务目录 | 当前目录 |
+| `-c, --config-dir` | 配置文件目录 | 脚本目录 |
+| `-s, --static-dir` | 静态文件目录 | 脚本目录 |
+### 用户管理命令
+```bash
+# 创建用户
+file-server user create [-u 用户名]
+# 列出用户
+file-server user list
+# 删除用户
+file-server user delete [-u 用户名]
+# 修改密码
+file-server user passwd [-u 用户名]
+```
+### 示例
+```bash
+# 在端口 9000 启动服务器
+file-server -p 9000
+# 指定文件服务目录
+file-server -d /path/to/files
+# 自定义配置和静态文件目录
+file-server -c /etc/file-server -s /var/www/files
+```
+## 访问
+启动后访问 `http://localhost:8000` 或局域网 IP 地址。
+## 项目结构
+```
+file-server/
+├── src/file_server/
+│   ├── __init__.py      # 包入口
+│   ├── __main__.py      # CLI 入口
+│   ├── config.py        # 配置模块
+│   ├── auth.py          # 认证模块
+│   ├── templates.py     # HTML 模板
+│   ├── handlers.py      # HTTP 处理器
+│   ├── server.py        # 服务器启动
+│   └── cli.py           # 命令行工具
+├── tests/
+│   ├── test_auth.py     # 认证模块测试
+│   └── test_config.py   # 配置模块测试
+├── users.json           # 用户数据存储
+├── pyproject.toml       # 项目配置
+└── README.md            # 文档
+```
+## 开发与发布
+### 安装开发依赖
+```bash
+pip install -e ".[test]"
+```
+### 运行测试
+```bash
+pytest tests/ -v
+```
+### 构建
+```bash
+pip install build
+python -m build
+```
+### 发布到 TestPyPI
+```bash
+pip install twine
+python -m twine upload --repository testpypi dist/*
+```
+### 发布到 PyPI
+```bash
+python -m twine upload dist/*
+```
+## 要求
+- Python >= 3.13
+- bcrypt >= 5.0.0
+## 许可证
+MIT License

pyfileserv-0.2.2.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,12 @@
+file_server/__init__.py,sha256=IErFRAr_-MQs7M0BytLkYo3pw0tobbgtyNWfigIY_S4,367
+file_server/__main__.py,sha256=MeEzcrQwjyCicqzsCHajIPZFQAbaMytOShsCgCyuno4,86
+file_server/auth.py,sha256=uxn7fv8nkW0GGKhibCGWJME6sT06Lu60Ud7xybMizpA,5606
+file_server/cli.py,sha256=kLt2NJztcNObcpW92cLIV-kgKgWMrixGFKy6tf1OW5Q,5714
+file_server/config.py,sha256=VQ_f_UVBQWbiO0OJn9onhglPY28ejAZyoFtilu5MDB0,1236
+file_server/handlers.py,sha256=qHK8swATnxu9gIi1kPD330DFtyvmnzICMFNksJWmtbE,8415
+file_server/server.py,sha256=aMmS9osU5nSIw2RkuHSrFRHnHac4UrB4YG-1s-xMBbI,2906
+file_server/templates.py,sha256=DF4NrIJUNXJv_JbIOvt8v0g1n-gqDGwAx1oYuwtCQTc,10376
+pyfileserv-0.2.2.dist-info/METADATA,sha256=qxxbO7FaJikC8POHGymBJ-A9bk1ENn3WNuakFd_hPOE,3879
+pyfileserv-0.2.2.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+pyfileserv-0.2.2.dist-info/entry_points.txt,sha256=qi7yHHBquvosz3c8saBJi28JiY9m4zi1G4xc9UwJmqU,58
+pyfileserv-0.2.2.dist-info/RECORD,,

pyfileserv-0.2.2.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

pyfileserv-0.2.2.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ file-server = file_server.__main__:main