feat: added item count in explorer view

chore: integrated host extractor, updated dependencies

Author: nicolaspernoud

.github/workflows/build.yml

@@ -23,6 +23,12 @@ jobs:
     name: Build backend with web frontend as docker image and push to docker hub
     runs-on: ubuntu-latest
     steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: false
+          docker-images: false
       - name: Code Checkout
         uses: actions/checkout@v3
       - name: Set up QEMU

.github/workflows/nosetcap-image.yml

@@ -9,6 +9,12 @@ jobs:
     name: Build backend with web frontend with no setcap as docker image and push to docker hub
     runs-on: ubuntu-latest
     steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: false
+          docker-images: false
       - name: Code Checkout
         uses: actions/checkout@v3
       - name: Set up QEMU

.github/workflows/security-audit.yml

@@ -20,6 +20,6 @@ jobs:
       - uses: actions-rs/audit-check@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
         with:
-          rust-version: "1.86.0"
+          rust-version: "1.92.0"

Dockerfile

@@ -7,15 +7,16 @@ ARG RUST_VERSION
 ARG FLUTTER_VERSION
 
 # Set up an environnement to cross-compile the app for musl to create a statically-linked binary
-FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-bookworm AS backend-builder
+FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-trixie AS backend-builder
 ARG TARGETPLATFORM
 RUN case "$TARGETPLATFORM" in \
     "linux/amd64") echo x86_64-unknown-linux-gnu > /rust_target.txt ;; \
     "linux/arm64") echo aarch64-unknown-linux-gnu > /rust_target.txt ;; \
     "linux/arm/v7") echo armv7-unknown-linux-gnueabihf > /rust_target.txt ;; \
-    "linux/arm/v6") echo arm-unknown-linux-musleabihf > /rust_target.txt ;; \
+    "linux/arm/v6") wget https://github.com/cross-tools/musl-cross/releases/download/20250929/arm-unknown-linux-musleabihf.tar.xz -O - | tar -xJf - -C /opt && echo arm-unknown-linux-musleabihf > /rust_target.txt ;; \
     *) exit 1 ;; \
     esac
+ENV PATH="/opt/arm-unknown-linux-musleabihf/bin:$PATH"
 RUN rustup target add $(cat /rust_target.txt)
 RUN apt update && apt install -y clang cmake gcc-aarch64-linux-gnu gcc-arm-linux-gnueabihf libc6-dev-i386 libcap2-bin libclang-dev musl-dev musl-tools
 RUN ln -s /usr/include/asm-generic /usr/include/asm
@@ -66,9 +67,9 @@ RUN flutter build web
 # Stage 3 : Final image #
 #########################
 
-FROM --platform=linux/amd64 gcr.io/distroless/cc-debian12 AS base-amd64
-FROM --platform=linux/arm64 gcr.io/distroless/cc-debian12 AS base-arm64
-FROM --platform=linux/arm/v7 gcr.io/distroless/cc-debian12 AS base-armv7
+FROM --platform=linux/amd64 gcr.io/distroless/cc-debian13 AS base-amd64
+FROM --platform=linux/arm64 gcr.io/distroless/cc-debian13 AS base-arm64
+FROM --platform=linux/arm/v7 gcr.io/distroless/cc-debian13 AS base-armv7
 FROM --platform=linux/arm/v6 scratch AS base-armv6
 
 FROM base-${TARGETARCH}${TARGETVARIANT}

backend/.cargo/config.toml

@@ -1,5 +1,5 @@
 [target.arm-unknown-linux-musleabihf]
-linker = "arm-linux-gnueabihf-gcc"
+linker = "arm-unknown-linux-musleabihf-gcc"
 
 [target.armv7-unknown-linux-gnueabihf]
 linker = "arm-linux-gnueabihf-gcc"

backend/Cargo.toml

@@ -16,11 +16,11 @@ argon2 = { features = ["alloc", "password-hash"], default-features = false, vers
 async_zip = { features = ["deflate", "tokio"], default-features = false, version = "0.0.18" }
 async-stream = "0.3.6"
 async-walkdir = "2.1.0"
-aws-lc-rs = { version = "1.15.1", default-features = false, features = ["bindgen"] }
-axum = { version = "0.8.7", features = ["http2", "json", "query", "tokio"], default-features = false }
-axum-extra = { version = "0.12.2", features = ["cookie-private", "typed-header"], default-features = false }
-axum-server = { version = "0.7.3", default-features = false, features = ["tls-rustls"] }
-base64ct = { version = "1.8.0", features = ["alloc"] }
+aws-lc-rs = { version = "1.15.2", default-features = false, features = ["bindgen"] }
+axum = { version = "0.8.8", features = ["http2", "json", "query", "tokio"], default-features = false }
+axum-extra = { version = "0.12.5", features = ["cookie-private", "typed-header"], default-features = false }
+axum-server = { version = "0.8.0", default-features = false, features = ["tls-rustls"] }
+base64ct = { version = "1.8.2", features = ["alloc"] }
 chacha20poly1305 = { version = "0.10.1", features = ["stream"], default-features = false }
 chrono = { default-features = false, version = "0.4.42" }
 filetime = "0.2.26"
@@ -34,29 +34,29 @@ hyper-hickory = { version = "0.8.0", default-features = false, features = ["syst
 hyper-rustls = { version = "0.27.7", features = ["aws-lc-rs", "http1", "http2", "tls12", "webpki-tokio"], default-features = false }
 hyper-util = { version = "0.1.19", features = ["client-legacy", "http1", "tokio"], default-features = false }
 jsonwebtoken = { version = "10.2.0", features = ["aws_lc_rs"], default-features = false }
-maxminddb = "0.27.0"
+maxminddb = "0.27.1"
 mime_guess = { default-features = false, version = "2.0.5" }
 oauth2 = { version = "5.0.0", default-features = false }
 percent-encoding = { default-features = false, version = "2.3.2" }
 quick-xml = "0.38.4"
 rand = { default-features = false, version = "0.9.2", features = ["os_rng"] }
-rcgen = { version = "0.14.5", default-features = false, optional = true, features = ["aws_lc_rs", "crypto", "pem"] }
+rcgen = { version = "0.14.6", default-features = false, optional = true, features = ["aws_lc_rs", "crypto", "pem"] }
 rustls = { default-features = false, version = "0.23.35", features = ["aws_lc_rs"] }
-rustls-acme = { version = "0.14.1", features = ["aws-lc-rs", "axum", "webpki-roots"], default-features = false }
-rustls-pki-types = { version = "1.13.1" }
+rustls-acme = { version = "0.15.0", features = ["aws-lc-rs", "axum", "webpki-roots"], default-features = false }
+rustls-pki-types = { version = "1.13.2" }
 serde = { version = "1.0.228", default-features = false }
-serde_json = { default-features = false, version = "1.0.145" }
+serde_json = { default-features = false, version = "1.0.148" }
 serde_yaml_ng = "0.10.0"
 sha2 = { default-features = false, version = "0.10.9" }
 sysinfo = { default-features = false, version = "0.37.2", features = ["disk", "system"] }
 time = { default-features = false, version = "0.3.44" }
-tokio = { version = "1.48.0", features = ["full"], default-features = false }
-tokio-stream = { version = "0.1.17", default-features = false }
-tokio-util = { version = "0.7.17", default-features = false }
+tokio = { version = "1.49.0", features = ["full"], default-features = false }
+tokio-stream = { version = "0.1.18", default-features = false }
+tokio-util = { version = "0.7.18", default-features = false }
 tower = { default-features = false, version = "0.5.2", features = ["util"] }
-tower-http = { version = "0.6.7", features = ["fs"], default-features = false }
+tower-http = { version = "0.6.8", features = ["fs"], default-features = false }
 tower-service = "0.3.3"
-tracing = { default-features = false, version = "0.1.43", features = ["attributes"] }
+tracing = { default-features = false, version = "0.1.44", features = ["attributes"] }
 tracing-appender = "0.2.4"
 tracing-subscriber = { version = "0.3.22", features = ["ansi", "env-filter", "local-time"], default-features = false }
 trim-in-place = "0.1.7"
@@ -69,8 +69,9 @@ self_signed = ["dep:rcgen"]
 
 [dev-dependencies]
 async-tungstenite = { version = "0.32.0", features = ["tokio-runtime"] }
-reqwest = { version = "0.12.24", default-features = false, features = ["cookies", "json", "native-tls", "stream"] }
-tempfile = "3.23.0"
+axum = { version = "0.8.8", features = ["__private"], default-features = false }
+reqwest = { version = "0.13.1", default-features = false, features = ["cookies", "json", "native-tls", "stream"] }
+tempfile = "3.24.0"
 tungstenite = "0.28.0"
 
 [profile.release_optimized]

backend/deny.toml

@@ -88,7 +88,7 @@ ignore = [
 # List of explicitly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.11 short identifier (+ optional exception)].
-allow = ["AGPL-3.0", "Apache-2.0", "BSD-3-Clause", "CDLA-Permissive-2.0", "ISC", "MIT", "OpenSSL", "Unicode-3.0"]
+allow = ["AGPL-3.0-or-later", "Apache-2.0", "BSD-3-Clause", "CDLA-Permissive-2.0", "ISC", "MIT", "OpenSSL", "Unicode-3.0"]
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.

backend/src/apps/mod.rs

@@ -1,3 +1,4 @@
+use super::extract::Host;
 use axum::{
     Json,
     body::Body,
@@ -8,7 +9,6 @@ use axum::{
     },
     response::IntoResponse,
 };
-use axum_extra::extract::Host;
 use base64ct::Encoding;
 use headers::HeaderValue;
 use http::{
@@ -128,7 +128,7 @@ pub async fn proxy_handler<S>(
     user: Option<UserTokenWithoutXSRFCheck>,
     ConnectInfo(addr): ConnectInfo<SocketAddr>,
     app: HostType,
-    Host(hostname): Host,
+    host: Host,
     State(config): State<ConfigState>,
     State(client): State<S>,
     mut req: Request<Body>,
@@ -137,7 +137,7 @@ where
     S: tower_service::Service<Request<Body>, Response = http::Response<hyper::body::Incoming>>,
     <S as tower_service::Service<Request<Body>>>::Error: std::fmt::Debug,
 {
-    authorized_or_redirect_to_login(&app, &user, &hostname, &req, &config).map_err(|b| *b)?;
+    authorized_or_redirect_to_login(&app, &user, host.as_str(), &req, &config).map_err(|b| *b)?;
 
     let app = match app {
         HostType::SkipVerifyReverseApp(app) | HostType::ReverseApp(app) => app,
@@ -153,11 +153,11 @@ where
     if app.forward_authority.port().is_some() {
         req.headers_mut().insert(
             "X-Forwarded-Host",
-            HeaderValue::from_str(&hostname).map_err(ProxyError::from)?,
+            HeaderValue::from_str(host.as_str()).map_err(ProxyError::from)?,
         );
         req.headers_mut().insert(
             HOST,
-            HeaderValue::from_str(&hostname).map_err(ProxyError::from)?,
+            HeaderValue::from_str(host.as_str()).map_err(ProxyError::from)?,
         );
         req.headers_mut().insert(
             "X-Forwarded-Proto",
@@ -224,9 +224,7 @@ where
             // if so, replace the target service host with the front service host
             let mut parts = location_uri.into_parts();
             parts.scheme = Some(app.app_scheme);
-            if let Ok(authority) = hostname.parse::<Authority>() {
-                parts.authority = Some(authority);
-            }
+            parts.authority = Some(host.into());
             if let Ok(uri) = Uri::from_parts(parts)
                 && let Ok(uri) = HeaderValue::from_str(&uri.to_string())
             {

backend/src/configuration.rs

@@ -3,6 +3,7 @@ use crate::{
     appstate::{ConfigMap, ConfigState},
     davs::model::Dav,
     errors::Error,
+    extract,
     oauth2::{RolesMap, openid_configuration},
     users::User,
     utils::{is_default, option_string_trim, string_trim},
@@ -366,17 +367,13 @@ where
     async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
         let configmap = ConfigMap::from_ref(state);
 
-        let host = <axum_extra::extract::Host as FromRequestParts<S>>::from_request_parts(
-            parts, state,
-        )
-        .await
-        .map_err(|_| StatusCode::NOT_FOUND)?;
-
-        let hostname = host.0.split_once(':').unwrap_or((&host.0, "")).0;
+        let host = <extract::Host as FromRequestParts<S>>::from_request_parts(parts, state)
+            .await
+            .map_err(|_| StatusCode::NOT_FOUND)?;
 
         // Work out where to target to
         let target = configmap
-            .get(hostname)
+            .get(host.hostname())
             .ok_or(())
             .map_err(|_| StatusCode::NOT_FOUND)?;
         let target = (*target).clone();

backend/src/davs/mod.rs

@@ -4,6 +4,7 @@ pub(crate) mod headers;
 pub mod model;
 pub(crate) mod webdav_server;
 
+use super::extract::Host;
 use crate::{
     appstate::MAXMIND_READER,
     configuration::HostType,
@@ -15,7 +16,6 @@ use axum::{
     extract::ConnectInfo,
     http::{Request, Response},
 };
-use axum_extra::extract::Host;
 use http::Method;
 use std::{net::SocketAddr, sync::LazyLock};
 use tracing::info;
@@ -37,7 +37,7 @@ pub async fn webdav_handler(
     user: Option<UserToken>,
     ConnectInfo(addr): ConnectInfo<SocketAddr>,
     dav: HostType,
-    Host(hostname): Host,
+    host: Host,
     req: Request<Body>,
 ) -> Response<Body> {
     let method = req.method().to_owned();
@@ -49,11 +49,9 @@ pub async fn webdav_handler(
         user.as_ref().map_or_else(|| "unknown user", |u| &u.login),
         city_from_ip(addr, MAXMIND_READER.get())
     );
-    let domain = hostname.split(':').next().unwrap_or_default();
-
     if method != Method::OPTIONS
         && let Err(access_denied_resp) =
-            check_authorization(&dav, user.as_ref(), domain, req.uri().path())
+            check_authorization(&dav, user.as_ref(), host.hostname(), req.uri().path())
     {
         tokio::spawn(async move {
             info!("FILE ACCESS DENIED: {log_str}");