hfs 0.26.6 → 0.26.8

package/src/perm.js

@@ -1,176 +0,0 @@
-"use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.anyAccountCanLoginAdmin = exports.accountCanLoginAdmin = exports.accountCanLogin = exports.accountHasPassword = exports.getFromAccount = exports.delAccount = exports.setAccount = exports.addAccount = exports.renameAccount = exports.updateAccount = exports.allowClearTextLogin = exports.saveSrpInfo = exports.getAccount = exports.getCurrentUsernameExpanded = exports.getCurrentUsername = exports.getAccounts = void 0;
-const lodash_1 = __importDefault(require("lodash"));
-const crypt_1 = require("./crypt");
-const misc_1 = require("./misc");
-const config_1 = require("./config");
-const tssrp6a_1 = require("tssrp6a");
-const events_1 = __importDefault(require("./events"));
-let accounts = {};
-function getAccounts() {
-    return accounts;
-}
-exports.getAccounts = getAccounts;
-function getCurrentUsername(ctx) {
-    var _a, _b;
-    return ((_a = ctx.state.account) === null || _a === void 0 ? void 0 : _a.username) || ((_b = ctx.session) === null || _b === void 0 ? void 0 : _b.username) || '';
-}
-exports.getCurrentUsername = getCurrentUsername;
-// provides the username and all other usernames it inherits based on the 'belongs' attribute. Useful to check permissions
-function getCurrentUsernameExpanded(ctx) {
-    const who = getCurrentUsername(ctx);
-    if (!who)
-        return [];
-    const ret = [who];
-    for (const u of ret) {
-        const a = getAccount(u);
-        if (a === null || a === void 0 ? void 0 : a.belongs)
-            ret.push(...a.belongs);
-    }
-    return ret;
-}
-exports.getCurrentUsernameExpanded = getCurrentUsernameExpanded;
-function getAccount(username) {
-    return username ? accounts[username] : undefined;
-}
-exports.getAccount = getAccount;
-function saveSrpInfo(account, salt, verifier) {
-    account.srp = String(salt) + '|' + String(verifier);
-}
-exports.saveSrpInfo = saveSrpInfo;
-exports.allowClearTextLogin = (0, config_1.defineConfig)('allow_clear_text_login');
-const srp6aNimbusRoutines = new tssrp6a_1.SRPRoutines(new tssrp6a_1.SRPParameters());
-async function updateAccount(account, changer) {
-    const was = JSON.stringify(account);
-    await (changer === null || changer === void 0 ? void 0 : changer(account));
-    const { username } = account;
-    if (account.password) {
-        console.debug('hashing password for', username);
-        if (exports.allowClearTextLogin.get())
-            account.hashed_password = await (0, crypt_1.hashPassword)(account.password);
-        const res = await (0, tssrp6a_1.createVerifierAndSalt)(srp6aNimbusRoutines, username, account.password);
-        saveSrpInfo(account, res.s, res.v);
-        delete account.password;
-    }
-    else if (!account.srp && account.hashed_password) {
-        console.log('please reset password for account', username);
-        process.exit(1);
-    }
-    if (account.belongs)
-        account.belongs = (0, misc_1.wantArray)(account.belongs).filter(b => b in accounts // at this stage the group record may still be null if specified later in the file
-            || console.error(`account ${username} belongs to non-existing ${b}`));
-    if (was !== JSON.stringify(account))
-        saveAccountsAsap();
-}
-exports.updateAccount = updateAccount;
-const saveAccountsAsap = config_1.saveConfigAsap;
-const accountsConfig = (0, config_1.defineConfig)('accounts', {});
-accountsConfig.sub(async (v) => {
-    // we should validate content here
-    accounts = v; // keep local reference
-    await Promise.all(lodash_1.default.map(accounts, async (rec, k) => {
-        const norm = normalizeUsername(k);
-        if (!rec) // an empty object in yaml is stored as null
-            rec = accounts[norm] = { username: norm };
-        else
-            (0, misc_1.objRenameKey)(accounts, k, norm);
-        (0, misc_1.setHidden)(rec, { username: norm });
-        await updateAccount(rec);
-    }));
-});
-function normalizeUsername(username) {
-    return username.toLocaleLowerCase();
-}
-function renameAccount(from, to) {
-    from = normalizeUsername(from);
-    to = normalizeUsername(to);
-    if (!to || !accounts[from] || accounts[to])
-        return false;
-    if (to === from)
-        return true;
-    (0, misc_1.objRenameKey)(accounts, from, to);
-    updateReferences();
-    saveAccountsAsap();
-    return true;
-    function updateReferences() {
-        var _a;
-        (0, misc_1.setHidden)(accounts[to], { username: to });
-        for (const a of Object.values(accounts)) {
-            const idx = (_a = a.belongs) === null || _a === void 0 ? void 0 : _a.indexOf(from);
-            if (idx !== undefined && idx >= 0)
-                a.belongs[idx] = to;
-        }
-        events_1.default.emit('accountRenamed', from, to); // everybody, take care of your stuff
-    }
-}
-exports.renameAccount = renameAccount;
-// we consider all the following fields, when falsy, as equivalent to be missing. If this changes in the future, please adjust addAccount and setAccount
-const assignableProps = ['redirect', 'ignore_limits', 'belongs', 'admin'];
-function addAccount(username, props) {
-    if (!username || accounts[username])
-        return;
-    const copy = (0, misc_1.setHidden)(lodash_1.default.pickBy(lodash_1.default.pick(props, assignableProps), Boolean), { username }); // have the field in the object but hidden so that stringification won't include it
-    accountsConfig.set(accounts => Object.assign(accounts, { [username]: copy }));
-    saveAccountsAsap().then();
-    return copy;
-}
-exports.addAccount = addAccount;
-function setAccount(username, changes) {
-    const acc = getAccount(username);
-    if (!acc)
-        return false;
-    const rest = lodash_1.default.pick(changes, assignableProps);
-    for (const [k, v] of Object.entries(rest))
-        if (!v)
-            rest[k] = undefined;
-    Object.assign(acc, rest);
-    if (changes.username)
-        renameAccount(username, changes.username);
-    saveAccountsAsap().then();
-    return true;
-}
-exports.setAccount = setAccount;
-function delAccount(username) {
-    if (!getAccount(username))
-        return false;
-    accountsConfig.set(accounts => Object.assign(accounts, { [username]: undefined }));
-    saveAccountsAsap().then();
-    return true;
-}
-exports.delAccount = delAccount;
-// get some property from account, searching in its groups if necessary. Search is breadth-first, and this determines priority of inheritance.
-function getFromAccount(account, getter) {
-    const search = [account];
-    for (const accountOrUsername of search) {
-        const a = typeof accountOrUsername === 'string' ? getAccount(accountOrUsername) : accountOrUsername;
-        if (!a)
-            continue;
-        const res = getter(a);
-        if (res !== undefined)
-            return res;
-        if (a.belongs)
-            search.push(...a.belongs);
-    }
-}
-exports.getFromAccount = getFromAccount;
-function accountHasPassword(account) {
-    return Boolean(account.password || account.hashed_password || account.srp);
-}
-exports.accountHasPassword = accountHasPassword;
-function accountCanLogin(account) {
-    return accountHasPassword(account);
-}
-exports.accountCanLogin = accountCanLogin;
-function accountCanLoginAdmin(account) {
-    return accountCanLogin(account) && getFromAccount(account, a => a.admin);
-}
-exports.accountCanLoginAdmin = accountCanLoginAdmin;
-function anyAccountCanLoginAdmin() {
-    return Object.values(accounts).find(accountCanLoginAdmin);
-}
-exports.anyAccountCanLoginAdmin = anyAccountCanLoginAdmin;

package/src/plugins.js

@@ -1,343 +0,0 @@
-"use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.parsePluginSource = exports.rescan = exports.pluginsConfig = exports.enablePlugins = exports.pluginsWatcher = exports.getAvailablePlugins = exports.Plugin = exports.pluginsMiddleware = exports.getPluginConfigFields = exports.mapPlugins = exports.getPluginInfo = exports.setPluginConfig = exports.enablePlugin = exports.isPluginRunning = exports.DISABLING_POSTFIX = exports.PATH = void 0;
-const fast_glob_1 = __importDefault(require("fast-glob"));
-const watchLoad_1 = require("./watchLoad");
-const lodash_1 = __importDefault(require("lodash"));
-const path_1 = __importDefault(require("path"));
-const const_1 = require("./const");
-const Const = __importStar(require("./const"));
-const misc_1 = require("./misc");
-const config_1 = require("./config");
-const serveFile_1 = require("./serveFile");
-const events_1 = __importDefault(require("./events"));
-const promises_1 = require("fs/promises");
-const fs_1 = require("fs");
-const connections_1 = require("./connections");
-exports.PATH = 'plugins';
-exports.DISABLING_POSTFIX = '-disabled';
-const plugins = {};
-function isPluginRunning(id) {
-    var _a;
-    return (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.started;
-}
-exports.isPluginRunning = isPluginRunning;
-function enablePlugin(id, state = true) {
-    exports.enablePlugins.set(arr => arr.includes(id) === state ? arr
-        : state ? [...arr, id]
-            : arr.filter((x) => x !== id));
-}
-exports.enablePlugin = enablePlugin;
-// nullish values are equivalent to defaultValues
-function setPluginConfig(id, changes) {
-    exports.pluginsConfig.set(allConfigs => {
-        const fields = getPluginConfigFields(id);
-        const oldConfig = allConfigs[id];
-        const newConfig = lodash_1.default.pickBy({ ...oldConfig, ...changes }, (v, k) => { var _a; return v != null && !(0, misc_1.same)(v, (_a = fields === null || fields === void 0 ? void 0 : fields[k]) === null || _a === void 0 ? void 0 : _a.defaultValue); });
-        return { ...allConfigs, [id]: lodash_1.default.isEmpty(newConfig) ? undefined : newConfig };
-    });
-}
-exports.setPluginConfig = setPluginConfig;
-function getPluginInfo(id) {
-    var _a;
-    const running = (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.getData();
-    return running && Object.assign(running, { id }) || availablePlugins[id];
-}
-exports.getPluginInfo = getPluginInfo;
-function mapPlugins(cb) {
-    return lodash_1.default.map(plugins, (pl, plName) => {
-        try {
-            return cb(pl, plName);
-        }
-        catch (e) {
-            console.log('plugin error', plName, String(e));
-        }
-    }).filter(x => x !== undefined);
-}
-exports.mapPlugins = mapPlugins;
-function getPluginConfigFields(id) {
-    var _a;
-    return (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.getData().config;
-}
-exports.getPluginConfigFields = getPluginConfigFields;
-function pluginsMiddleware() {
-    return async (ctx, next) => {
-        var _a;
-        const after = [];
-        // run middleware plugins
-        for (const id in plugins)
-            try {
-                const pl = plugins[id];
-                const res = await ((_a = pl.middleware) === null || _a === void 0 ? void 0 : _a.call(pl, ctx));
-                if (res === true)
-                    ctx.pluginStopped = true;
-                if (typeof res === 'function')
-                    after.push(res);
-            }
-            catch (e) {
-                console.log('error middleware plugin', id, String(e));
-                console.debug(e);
-            }
-        // expose public plugins' files
-        const { path } = ctx;
-        if (!ctx.pluginStopped) {
-            if (path.startsWith(const_1.PLUGINS_PUB_URI)) {
-                const a = path.substring(const_1.PLUGINS_PUB_URI.length).split('/');
-                if (plugins.hasOwnProperty(a[0])) { // do it only if the plugin is loaded
-                    a.splice(1, 0, 'public');
-                    await (0, serveFile_1.serveFile)(exports.PATH + '/' + a.join('/'), 'auto')(ctx, next);
-                }
-            }
-            await next();
-        }
-        for (const f of after)
-            await f();
-    };
-}
-exports.pluginsMiddleware = pluginsMiddleware;
-class Plugin {
-    constructor(id, data, unwatch) {
-        this.id = id;
-        this.data = data;
-        this.unwatch = unwatch;
-        this.started = new Date();
-        if (!data)
-            throw 'invalid data';
-        if (plugins[id])
-            throw "unload first: " + id;
-        plugins[id] = this;
-        this.data = data = { ...data }; // clone to make object modifiable. Objects coming from import are not.
-        // some validation
-        for (const k of ['frontend_css', 'frontend_js']) {
-            const v = data[k];
-            if (typeof v === 'string')
-                data[k] = [v];
-            else if (v && !Array.isArray(v)) {
-                delete data[k];
-                console.warn('invalid', k);
-            }
-        }
-    }
-    get middleware() {
-        var _a;
-        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.middleware;
-    }
-    get frontend_css() {
-        var _a;
-        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.frontend_css;
-    }
-    get frontend_js() {
-        var _a;
-        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.frontend_js;
-    }
-    get onDirEntry() {
-        var _a;
-        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.onDirEntry;
-    }
-    getData() {
-        return { ...this.data };
-    }
-    async unload(reloading = false) {
-        var _a, _b;
-        const { id } = this;
-        try {
-            await ((_b = (_a = this.data) === null || _a === void 0 ? void 0 : _a.unload) === null || _b === void 0 ? void 0 : _b.call(_a));
-            console.log('unloaded plugin', id);
-        }
-        catch (e) {
-            console.log('error unloading plugin', id, String(e));
-        }
-        delete plugins[id];
-        if (reloading)
-            return;
-        this.unwatch();
-        if (availablePlugins[id])
-            events_1.default.emit('pluginStopped', availablePlugins[id]);
-        else
-            events_1.default.emit('pluginUninstalled', id);
-    }
-}
-exports.Plugin = Plugin;
-let availablePlugins = {};
-function getAvailablePlugins() {
-    return Object.values(availablePlugins);
-}
-exports.getAvailablePlugins = getAvailablePlugins;
-const rescanAsap = (0, misc_1.debounceAsync)(rescan, 1000);
-if (!(0, fs_1.existsSync)(exports.PATH))
-    try {
-        (0, fs_1.mkdirSync)(exports.PATH);
-    }
-    catch (_a) { }
-exports.pluginsWatcher = (0, misc_1.watchDir)(exports.PATH, rescanAsap);
-exports.enablePlugins = (0, config_1.defineConfig)('enable_plugins', ['antibrute']);
-exports.enablePlugins.sub(rescanAsap);
-exports.pluginsConfig = (0, config_1.defineConfig)('plugins_config', {});
-async function rescan() {
-    console.debug('scanning plugins');
-    const found = [];
-    const foundDisabled = {};
-    const MASK = exports.PATH + '/*/plugin.js'; // be sure to not use path.join as fast-glob doesn't work with \
-    for (const f of await (0, fast_glob_1.default)([(0, misc_1.adjustStaticPathForGlob)(const_1.APP_PATH) + '/' + MASK, MASK])) {
-        const id = f.split('/').slice(-2)[0];
-        if (id.endsWith(exports.DISABLING_POSTFIX))
-            continue;
-        if (!exports.enablePlugins.get().includes(id)) {
-            try {
-                const source = await (0, promises_1.readFile)(f, 'utf8');
-                foundDisabled[id] = parsePluginSource(id, source);
-            }
-            catch (_a) { }
-            continue;
-        }
-        found.push(id);
-        if (plugins[id]) // already loaded
-            continue;
-        const module = path_1.default.resolve(f);
-        const { unwatch } = (0, watchLoad_1.watchLoad)(f, async () => {
-            try {
-                const alreadyRunning = plugins[id];
-                console.log(alreadyRunning ? "reloading plugin" : "loading plugin", id);
-                const { init, ...data } = await Promise.resolve().then(() => __importStar(require(module)));
-                delete data.default;
-                deleteModule(require.resolve(module)); // avoid caching at next import
-                calculateBadApi(data);
-                if (data.badApi)
-                    console.log("plugin", id, data.badApi);
-                await (alreadyRunning === null || alreadyRunning === void 0 ? void 0 : alreadyRunning.unload(true));
-                console.debug("starting plugin", id);
-                const res = await (init === null || init === void 0 ? void 0 : init.call(null, {
-                    srcDir: __dirname,
-                    const: Const,
-                    require,
-                    getConnections: connections_1.getConnections,
-                    events: events_1.default,
-                    log(...args) {
-                        console.log('plugin', id, ':', ...args);
-                    },
-                    getConfig: (cfgKey) => { var _a, _b, _c, _d, _e; return (_c = (_b = (_a = exports.pluginsConfig.get()) === null || _a === void 0 ? void 0 : _a[id]) === null || _b === void 0 ? void 0 : _b[cfgKey]) !== null && _c !== void 0 ? _c : (_e = (_d = data.config) === null || _d === void 0 ? void 0 : _d[cfgKey]) === null || _e === void 0 ? void 0 : _e.defaultValue; },
-                    setConfig: (cfgKey, value) => setPluginConfig(id, { [cfgKey]: value }),
-                    subscribeConfig(cfgKey, cb) {
-                        let last = this.getConfig(cfgKey);
-                        cb(last);
-                        return exports.pluginsConfig.sub(() => {
-                            const now = this.getConfig(cfgKey);
-                            if ((0, misc_1.same)(now, last))
-                                return;
-                            try {
-                                cb(last = now);
-                            }
-                            catch (e) {
-                                console.log('plugin', id, String(e));
-                            }
-                        });
-                    },
-                    getHfsConfig: config_1.getConfig,
-                }));
-                Object.assign(data, res);
-                const plugin = new Plugin(id, data, unwatch);
-                if (alreadyRunning)
-                    events_1.default.emit('pluginUpdated', Object.assign(lodash_1.default.pick(plugin, 'started'), getPluginInfo(id)));
-                else {
-                    const wasInstalled = availablePlugins[id];
-                    if (wasInstalled)
-                        delete availablePlugins[id];
-                    events_1.default.emit(wasInstalled ? 'pluginStarted' : 'pluginInstalled', plugin);
-                }
-            }
-            catch (e) {
-                console.log("plugin error:", e);
-            }
-        });
-    }
-    for (const id in foundDisabled) {
-        const p = foundDisabled[id];
-        const a = availablePlugins[id];
-        if ((0, misc_1.same)(a, p))
-            continue;
-        availablePlugins[id] = p;
-        if (a)
-            events_1.default.emit('pluginUpdated', p);
-        else if (!plugins[id])
-            events_1.default.emit('pluginInstalled', p);
-    }
-    for (const id in availablePlugins)
-        if (!foundDisabled[id] && !found.includes(id) && !plugins[id]) {
-            delete availablePlugins[id];
-            events_1.default.emit('pluginUninstalled', id);
-        }
-    for (const id in plugins)
-        if (!found.includes(id))
-            await plugins[id].unload();
-}
-exports.rescan = rescan;
-function deleteModule(id) {
-    var _a;
-    const { cache } = require;
-    // build reversed map of dependencies
-    const requiredBy = { '.': ['.'] }; // don't touch main entry
-    for (const k in cache)
-        if (k !== id)
-            for (const child of (0, misc_1.wantArray)((_a = cache[k]) === null || _a === void 0 ? void 0 : _a.children))
-                (0, misc_1.getOrSet)(requiredBy, child.id, () => []).push(k);
-    const deleted = [];
-    recur(id);
-    function recur(id) {
-        let mod = cache[id];
-        if (!mod)
-            return;
-        delete cache[id];
-        deleted.push(id);
-        for (const child of mod.children)
-            if (!lodash_1.default.difference(requiredBy[child.id], deleted).length)
-                recur(child.id);
-    }
-}
-(0, misc_1.onProcessExit)(() => Promise.allSettled(mapPlugins(pl => pl.unload())));
-function parsePluginSource(id, source) {
-    var _a, _b, _c, _d, _e, _f;
-    const pl = { id };
-    pl.description = (0, misc_1.tryJson)((_a = /exports.description *= *(".*")/.exec(source)) === null || _a === void 0 ? void 0 : _a[1]);
-    pl.repo = (_b = /exports.repo *= *"(.*)"/.exec(source)) === null || _b === void 0 ? void 0 : _b[1];
-    pl.version = (_d = Number((_c = /exports.version *= *(\d*\.?\d+)/.exec(source)) === null || _c === void 0 ? void 0 : _c[1])) !== null && _d !== void 0 ? _d : undefined;
-    pl.apiRequired = (_f = (0, misc_1.tryJson)((_e = /exports.apiRequired *= *([ \d.,[\]]+)/.exec(source)) === null || _e === void 0 ? void 0 : _e[1])) !== null && _f !== void 0 ? _f : undefined;
-    if (Array.isArray(pl.apiRequired) && (pl.apiRequired.length !== 2 || !pl.apiRequired.every(lodash_1.default.isFinite))) // validate [from,to] form
-        pl.apiRequired = undefined;
-    calculateBadApi(pl);
-    return pl;
-}
-exports.parsePluginSource = parsePluginSource;
-function calculateBadApi(data) {
-    const r = data.apiRequired;
-    const [min, max] = Array.isArray(r) ? r : [r, r]; // normalize data type
-    data.badApi = min > const_1.API_VERSION ? "may not work correctly as it is designed for a newer version of HFS - check for updates"
-        : max < const_1.COMPATIBLE_API_VERSION ? "may not work correctly as it is designed for an older version of HFS - check for updates"
-            : undefined;
-}

package/src/serveFile.js

@@ -1,104 +0,0 @@
-"use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getRange = exports.serveFile = exports.serveFileNode = void 0;
-const fs_1 = require("fs");
-const const_1 = require("./const");
-const vfs_1 = require("./vfs");
-const mime_types_1 = __importDefault(require("mime-types"));
-const config_1 = require("./config");
-const micromatch_1 = require("micromatch");
-const lodash_1 = __importDefault(require("lodash"));
-const path_1 = __importDefault(require("path"));
-const util_1 = require("util");
-const allowedReferer = (0, config_1.defineConfig)('allowed_referer', '');
-function serveFileNode(node) {
-    const { source, mime } = node;
-    const name = (0, vfs_1.getNodeName)(node);
-    const mimeString = typeof mime === 'string' ? mime
-        : lodash_1.default.find(mime, (val, mask) => (0, micromatch_1.isMatch)(name, mask));
-    return (ctx, next) => {
-        var _a;
-        const allowed = allowedReferer.get();
-        if (allowed) {
-            const ref = (_a = /\/\/([^:/]+)/.exec(ctx.get('referer'))) === null || _a === void 0 ? void 0 : _a[1]; // extract host from url
-            if (ref && ref !== host() // automatic accept if referer is basically the hosting domain
-                && !(0, micromatch_1.isMatch)(ref, allowed))
-                return ctx.status = const_1.FORBIDDEN;
-            function host() {
-                const s = ctx.get('host');
-                return s[0] === '[' ? s.slice(1, s.indexOf(']')) : s === null || s === void 0 ? void 0 : s.split(':')[0];
-            }
-        }
-        ctx.vfsNode = node; // useful to tell service files from files shared by the user
-        return serveFile(source || '', mimeString)(ctx, next);
-    };
-}
-exports.serveFileNode = serveFileNode;
-const mimeCfg = (0, config_1.defineConfig)('mime', { '*': 'auto' });
-function serveFile(source, mime, content) {
-    return async (ctx) => {
-        if (!source)
-            return;
-        const fn = path_1.default.basename(source);
-        mime = mime !== null && mime !== void 0 ? mime : lodash_1.default.find(mimeCfg.get(), (v, k) => k > '' && (0, micromatch_1.isMatch)(fn, k)); // isMatch throws on an empty string
-        if (mime === vfs_1.MIME_AUTO)
-            mime = mime_types_1.default.lookup(source) || '';
-        if (mime)
-            ctx.type = mime;
-        if (ctx.method === 'OPTIONS') {
-            ctx.status = const_1.NO_CONTENT;
-            ctx.set({ Allow: 'OPTIONS, GET, HEAD' });
-            return;
-        }
-        if (ctx.method !== 'GET')
-            return ctx.status = const_1.METHOD_NOT_ALLOWED;
-        try {
-            const stats = await (0, util_1.promisify)(fs_1.stat)(source); // using fs's function instead of fs/promises, because only the former is supported by pkg
-            ctx.set('Last-Modified', stats.mtime.toUTCString());
-            ctx.fileSource = source;
-            ctx.status = 200;
-            if (ctx.fresh)
-                return ctx.status = 304;
-            if (content !== undefined)
-                return ctx.body = content;
-            const range = getRange(ctx, stats.size);
-            ctx.body = (0, fs_1.createReadStream)(source, range);
-        }
-        catch (_a) {
-            return ctx.status = 404;
-        }
-    };
-}
-exports.serveFile = serveFile;
-function getRange(ctx, totalSize) {
-    ctx.set('Accept-Ranges', 'bytes');
-    const { range } = ctx.request.header;
-    if (!range) {
-        ctx.response.length = totalSize;
-        return;
-    }
-    const ranges = range.split('=')[1];
-    if (ranges.includes(','))
-        return ctx.throw(400, 'multi-range not supported');
-    let bytes = ranges === null || ranges === void 0 ? void 0 : ranges.split('-');
-    if (!(bytes === null || bytes === void 0 ? void 0 : bytes.length))
-        return ctx.throw(400, 'bad range');
-    const max = totalSize - 1;
-    const start = bytes[0] ? Number(bytes[0]) : Math.max(0, totalSize - Number(bytes[1])); // a negative start is relative to the end
-    const end = bytes[0] ? Number(bytes[1] || max) : max; // NaN in case we are asked for last N bytes without knowing max
-    if (isNaN(end) || end > max || start > max) {
-        ctx.status = 416;
-        ctx.set('Content-Range', `bytes ${totalSize}`);
-        ctx.body = 'Requested Range Not Satisfiable';
-        return;
-    }
-    ctx.status = 206;
-    ctx.set('Content-Range', `bytes ${start}-${end}/${isNaN(totalSize) ? '*' : totalSize}`);
-    ctx.response.length = end - start + 1;
-    return { start, end };
-}
-exports.getRange = getRange;