hfs 0.26.8 → 0.26.9

package/src/vfs.js

@@ -0,0 +1,230 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cantReadStatusCode = exports.walkNode = exports.hasPermission = exports.nodeIsDirectory = exports.getNodeName = exports.saveVfs = exports.vfs = exports.urlToNode = exports.MIME_AUTO = exports.defaultPerms = void 0;
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = require("path");
+const micromatch_1 = require("micromatch");
+const misc_1 = require("./misc");
+const lodash_1 = __importDefault(require("lodash"));
+const config_1 = require("./config");
+const const_1 = require("./const");
+const events_1 = __importDefault(require("./events"));
+const perm_1 = require("./perm");
+const misc_2 = require("./misc");
+const WHO_ANYONE = true;
+const WHO_NO_ONE = false;
+const WHO_ANY_ACCOUNT = '*';
+exports.defaultPerms = {
+    can_see: WHO_ANYONE,
+    can_read: WHO_ANYONE,
+};
+exports.MIME_AUTO = 'auto';
+function inheritFromParent(parent, child) {
+    var _a;
+    for (const k of (0, misc_1.typedKeys)(exports.defaultPerms)) {
+        const v = parent[k];
+        if (v !== undefined)
+            (_a = child[k]) !== null && _a !== void 0 ? _a : (child[k] = v);
+    }
+    if (typeof parent.mime === 'object' && typeof child.mime === 'object')
+        lodash_1.default.defaults(child.mime, parent.mime);
+    else
+        child.mime || (child.mime = parent.mime);
+    return child;
+}
+async function urlToNode(url, ctx, parent = exports.vfs) {
+    var _a;
+    let initialSlashes = 0;
+    while (url[initialSlashes] === '/')
+        initialSlashes++;
+    let nextSlash = url.indexOf('/', initialSlashes);
+    const name = decodeURIComponent(url.slice(initialSlashes, nextSlash < 0 ? undefined : nextSlash));
+    if (!name)
+        return parent;
+    const rest = nextSlash < 0 ? '' : url.slice(nextSlash + 1, url.endsWith('/') ? -1 : undefined);
+    if ((0, misc_1.dirTraversal)(name) || /[\/]/.test(name)) {
+        if (ctx)
+            ctx.status = 418;
+        return;
+    }
+    const parents = parent.parents || []; // don't waste time cloning the array, as we won't keep intermediate nodes
+    const ret = {
+        isTemp: true,
+        url: (0, misc_1.enforceFinal)('/', parent.url || '') + name,
+        parents,
+    };
+    parents.push(parent);
+    inheritFromParent(parent, ret);
+    inheritMasks(ret, parent, name);
+    applyMasks(ret, parent, name);
+    // does the tree node have a child that goes by this name?
+    const sameName = !const_1.IS_WINDOWS ? (x) => x === name // easy
+        : (0, misc_2.with_)(name.toLowerCase(), lc => (x) => x.toLowerCase() === lc);
+    const child = (_a = parent.children) === null || _a === void 0 ? void 0 : _a.find(x => sameName(getNodeName(x)));
+    if (child) // yes
+        return urlToNode(rest, ctx, Object.assign(ret, child, { original: child }));
+    // not in the tree, we can see consider continuing on the disk
+    if (!parent.source)
+        return; // but then we need the current node to be linked to the disk, otherwise, we give up
+    let onDisk = name;
+    if (parent.rename) { // reverse the mapping
+        for (const [from, to] of Object.entries(parent.rename))
+            if (name === to) {
+                onDisk = from;
+                break; // found, search no more
+            }
+        ret.rename = renameUnderPath(parent.rename, name);
+    }
+    ret.source = (0, misc_1.enforceFinal)('/', parent.source) + onDisk;
+    if (parent.default)
+        inheritFromParent({ mime: { '*': exports.MIME_AUTO } }, ret);
+    if (rest)
+        return urlToNode(rest, ctx, ret);
+    if (ret.source)
+        try {
+            await promises_1.default.stat(ret.source);
+        } // check existence
+        catch (_b) {
+            return;
+        }
+    return ret;
+}
+exports.urlToNode = urlToNode;
+exports.vfs = {};
+(0, config_1.defineConfig)('vfs', {}).sub(data => exports.vfs = data);
+function saveVfs() {
+    return (0, config_1.setConfig)({ vfs: lodash_1.default.cloneDeep(exports.vfs) }, true);
+}
+exports.saveVfs = saveVfs;
+function getNodeName(node) {
+    return node.name
+        || node.source && (/^[a-zA-Z]:\\?$/.test(node.source) && node.source.slice(0, 2)
+            || (0, path_1.basename)(node.source)
+            || node.source)
+        || ''; // should happen only for root
+}
+exports.getNodeName = getNodeName;
+async function nodeIsDirectory(node) {
+    return Boolean(!node.source || await (0, misc_1.isDirectory)(node.source));
+}
+exports.nodeIsDirectory = nodeIsDirectory;
+function hasPermission(node, perm, ctx) {
+    var _a;
+    return matchWho((_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm], ctx)
+        && (perm !== 'can_see' || hasPermission(node, 'can_read', ctx)); // for can_see you must also can_read
+}
+exports.hasPermission = hasPermission;
+async function* walkNode(parent, ctx, depth = 0, prefixPath = '') {
+    var _a;
+    const { children, source } = parent;
+    if (children)
+        for (let idx = 0; idx < children.length; idx++) {
+            const child = children[idx];
+            yield* workItem({
+                ...child,
+                name: prefixPath ? (prefixPath + getNodeName(child)) : child.name
+            }, depth > 0 && await nodeIsDirectory(child).catch(() => false));
+        }
+    if (!source)
+        return;
+    try {
+        for await (const path of (0, misc_1.dirStream)(source, depth)) {
+            if (ctx === null || ctx === void 0 ? void 0 : ctx.req.aborted)
+                return;
+            const renamed = (_a = parent.rename) === null || _a === void 0 ? void 0 : _a[path];
+            yield* workItem({
+                name: prefixPath + (renamed || path),
+                source: (0, path_1.join)(source, path),
+                rename: renameUnderPath(parent.rename, path),
+            });
+        }
+    }
+    catch (e) {
+        console.debug('glob', source, e); // ENOTDIR, or lacking permissions
+    }
+    // item will be changed, so be sure to pass a temp node
+    async function* workItem(item, recur = false) {
+        const name = getNodeName(item);
+        // we basename for depth>0 where we already have the rest of the path in the parent's url, and would be duplicated
+        const virtualBasename = (0, path_1.basename)(name);
+        const url = (0, misc_1.enforceFinal)('/', parent.url || '') + virtualBasename;
+        Object.assign(item, {
+            isTemp: true,
+            url,
+            parents: [...parent.parents || [], parent],
+        });
+        inheritFromParent(parent, item);
+        applyMasks(item, parent, virtualBasename);
+        if (ctx && !hasPermission(item, 'can_see', ctx))
+            return;
+        yield item;
+        if (!recur)
+            return;
+        inheritMasks(item, parent, virtualBasename);
+        yield* walkNode(item, ctx, depth - 1, name + '/');
+    }
+}
+exports.walkNode = walkNode;
+function applyMasks(item, parent, virtualBasename) {
+    const { masks } = parent;
+    if (!masks)
+        return;
+    for (const k in masks)
+        if (k.startsWith('**/') && (0, micromatch_1.isMatch)(virtualBasename, k.slice(3))
+            || !k.includes('/') && (0, micromatch_1.isMatch)(virtualBasename, k))
+            Object.assign(item, masks[k]);
+}
+function inheritMasks(item, parent, virtualBasename) {
+    const { masks } = parent;
+    if (!masks)
+        return;
+    const o = {};
+    for (const k in masks)
+        if (k.startsWith('**/'))
+            o[k.slice(3)] = masks[k];
+        else if (k.startsWith(virtualBasename + '/'))
+            o[k.slice(virtualBasename.length + 1)] = masks[k];
+    if (Object.keys(o).length)
+        item.masks = o;
+}
+function renameUnderPath(rename, path) {
+    if (!rename)
+        return rename;
+    const match = path + '/';
+    rename = Object.fromEntries(Object.entries(rename).map(([k, v]) => [k.startsWith(match) ? k.slice(match.length) : '', v]));
+    delete rename[''];
+    return lodash_1.default.isEmpty(rename) ? undefined : rename;
+}
+function matchWho(who, ctx) {
+    return who === WHO_ANYONE
+        || who === WHO_ANY_ACCOUNT && Boolean(ctx.state.account)
+        || Array.isArray(who) && (() => // check if I or any ancestor match `who`, but cache ancestors' usernames inside context state
+         (0, misc_1.getOrSet)(ctx.state, 'usernames', () => (0, perm_1.getCurrentUsernameExpanded)(ctx)).some((u) => who.includes(u)))();
+}
+function cantReadStatusCode(node) {
+    return node.can_read === false ? const_1.FORBIDDEN : const_1.UNAUTHORIZED;
+}
+exports.cantReadStatusCode = cantReadStatusCode;
+events_1.default.on('accountRenamed', (from, to) => {
+    recur(exports.vfs);
+    saveVfs();
+    function recur(n) {
+        var _a;
+        replace(n.can_see);
+        replace(n.can_read);
+        if (n.masks)
+            Object.values(n.masks).forEach(recur);
+        (_a = n.children) === null || _a === void 0 ? void 0 : _a.forEach(recur);
+    }
+    function replace(a) {
+        if (!Array.isArray(a))
+            return;
+        for (let i = 0; i < a.length; i++)
+            if (a[i] === from)
+                a[i] = to;
+    }
+});

package/src/watchLoad.js

@@ -0,0 +1,73 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.watchLoad = void 0;
+const fs_1 = require("fs");
+const promises_1 = __importDefault(require("fs/promises"));
+const yaml_1 = __importDefault(require("yaml"));
+const misc_1 = require("./misc");
+function watchLoad(path, parser, { failedOnFirstAttempt } = {}) {
+    let doing = false;
+    let watcher;
+    const debounced = (0, misc_1.debounceAsync)(load, 500, { leading: true });
+    let retry;
+    let saving;
+    let lastStats;
+    init().then(ok => ok || (failedOnFirstAttempt === null || failedOnFirstAttempt === void 0 ? void 0 : failedOnFirstAttempt()));
+    return {
+        unwatch() {
+            watcher === null || watcher === void 0 ? void 0 : watcher.close();
+            clearTimeout(retry);
+            watcher = undefined;
+        },
+        save(...args) {
+            return Promise.resolve(saving).then(() => // wait in case another is ongoing
+             saving = promises_1.default.writeFile(...args).finally(() => // save but also keep track of the current operation
+             saving = undefined)); // clear
+        }
+    };
+    async function init() {
+        try {
+            debounced().then();
+            watcher = (0, fs_1.watch)(path, () => {
+                if (!saving)
+                    debounced().then();
+            });
+            return true; // used actually just by the first invocation
+        }
+        catch (e) {
+            retry = setTimeout(init, 3000); // manual watching until watch is successful
+        }
+    }
+    async function load() {
+        if (doing)
+            return;
+        doing = true;
+        let data;
+        try {
+            try { // I've seen watch() firing 'change' without any change, so we'll check if any change is detectable before going on
+                const stats = await promises_1.default.stat(path);
+                if (stats.mtimeMs === (lastStats === null || lastStats === void 0 ? void 0 : lastStats.mtimeMs))
+                    return;
+                lastStats = stats;
+                data = await (0, misc_1.readFileBusy)(path);
+                console.debug('loaded', path);
+            }
+            catch (e) {
+                if (e.code === 'EPERM')
+                    console.error("missing permissions on file", path); // warn user, who could be clueless about this problem
+                return; // ignore read errors
+            }
+            if (path.endsWith('.yaml'))
+                data = yaml_1.default.parse(data);
+            await parser(data);
+        }
+        finally {
+            doing = false;
+        }
+    }
+}
+exports.watchLoad = watchLoad;

package/src/zip.js

@@ -0,0 +1,72 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.zipStreamFromFolder = void 0;
+const vfs_1 = require("./vfs");
+const misc_1 = require("./misc");
+const QuickZipStream_1 = require("./QuickZipStream");
+const fs_1 = require("fs");
+const promises_1 = __importDefault(require("fs/promises"));
+const config_1 = require("./config");
+const path_1 = require("path");
+const serveFile_1 = require("./serveFile");
+async function zipStreamFromFolder(node, ctx) {
+    ctx.status = 200;
+    ctx.mime = 'zip';
+    const name = (0, vfs_1.getNodeName)(node);
+    ctx.attachment((name || 'archive') + '.zip');
+    const filter = (0, misc_1.pattern2filter)(String(ctx.query.search || ''));
+    const { list } = ctx.query;
+    const walker = !list ? (0, vfs_1.walkNode)(node, ctx, Infinity)
+        : (async function* () {
+            for await (const el of String(list).split('*')) { // we are using * as separator because it cannot be used in a file name and doesn't need url encoding
+                const subNode = await (0, vfs_1.urlToNode)(el, ctx, node);
+                if (!subNode || !(0, vfs_1.hasPermission)(subNode, 'can_read', ctx))
+                    continue;
+                if (await (0, vfs_1.nodeIsDirectory)(subNode)) { // a directory needs to walked
+                    yield* (0, vfs_1.walkNode)(subNode, ctx, Infinity, el + '/');
+                    continue;
+                }
+                let folder = (0, path_1.dirname)(el);
+                folder = folder === '.' ? '' : folder + '/';
+                yield { ...subNode, name: folder + (0, vfs_1.getNodeName)(subNode) }; // reflect relative path in archive, otherwise way may have name-clashes
+            }
+        })();
+    const mappedWalker = (0, misc_1.filterMapGenerator)(walker, async (el) => {
+        const { source } = el;
+        const name = (0, vfs_1.getNodeName)(el);
+        if (!source || ctx.req.aborted || !filter(name))
+            return;
+        try {
+            const st = await promises_1.default.stat(source);
+            if (!st || !st.isFile())
+                return;
+            return {
+                path: name,
+                size: st.size,
+                ts: st.mtime || st.ctime,
+                mode: st.mode,
+                sourcePath: source,
+                getData: () => (0, fs_1.createReadStream)(source, { start: 0, end: Math.max(0, st.size - 1) })
+            };
+        }
+        catch (_a) { }
+    });
+    const zip = new QuickZipStream_1.QuickZipStream(mappedWalker);
+    const time = 1000 * zipSeconds.get();
+    const size = await zip.calculateSize(time);
+    ctx.response.length = size;
+    const range = (0, serveFile_1.getRange)(ctx, size); // keep var size as ctx.response.length won't preserve a NaN
+    if (ctx.status >= 400)
+        return;
+    if (range)
+        zip.applyRange(range.start, range.end);
+    ctx.body = zip;
+    ctx.req.on('close', () => zip.destroy());
+    ctx.state.archive = 'zip';
+}
+exports.zipStreamFromFolder = zipStreamFromFolder;
+const zipSeconds = (0, config_1.defineConfig)('zip_calculate_size_for_seconds', 1);

package/admin/.eslintrc

@@ -1,8 +0,0 @@
-{
-  "extends": "react-app",
-  "rules": {
-    "no-mixed-operators": 0,
-    "no-ex-assign": 0,
-	"no-throw-literal": 0
-  }
-}

package/admin/.gitignore

@@ -1,23 +0,0 @@
-# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
-
-# dependencies
-/node_modules
-/.pnp
-.pnp.js
-
-# testing
-/coverage
-
-# production
-/build
-
-# misc
-.DS_Store
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
-
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*

package/admin/package.json

@@ -1,67 +0,0 @@
-{
-  "name": "@hfs/admin",
-  "private": true,
-  "proxy": "http://localhost",
-  "scripts": {
-    "start": "vite",
-    "build": "tsc && vite build",
-    "preview": "vite preview",
-    "test-dep": "npm audit --production"
-  },
-  "dependencies": {
-    "@emotion/react": "^11.10.0",
-    "@hfs/mui-grid-form": "*",
-    "@hfs/shared": "*",
-    "@emotion/styled": "^11.10.0",
-    "@mui/icons-material": "^5.8.4",
-    "@mui/lab": "^5.0.0-alpha.94",
-    "@mui/material": "^5.10.0",
-    "@mui/x-data-grid": "^5.15.1",
-    "js-sha512": "^0.8.0",
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-router-dom": "^6.2.1",
-    "react-window": "^1.8.6",
-    "tssrp6a": "^3.0.0",
-    "valtio": "^1.2.9",
-    "immer": "^9.0.15",
-    "web-vitals": "^2.1.4"
-  },
-  "devDependencies": {
-    "@types/node": "^16.11.21",
-    "@types/react": "^18.0.15",
-    "@types/react-dom": "^18.0.6",
-    "@types/react-window": "^1.8.5",
-    "@types/react-virtualized-auto-sizer": "^1.0.1",
-    "vite": "^3.0.0",
-    "vite-plugin-babel-import": "github:rejetto/vite-plugin-babel-import"
-  },
-  "eslintConfig": {
-    "extends": [
-      "react-app",
-      "react-app/jest"
-    ],
-    "overrides": [
-      {
-        "files": [
-          "*.ts"
-        ],
-        "rules": {
-          "no-mixed-operators": "off"
-        }
-      }
-    ]
-  },
-  "browserslist": {
-    "production": [
-      ">0.2%",
-      "not dead",
-      "not op_mini all"
-    ],
-    "development": [
-      "last 1 chrome version",
-      "last 1 firefox version",
-      "last 1 safari version"
-    ]
-  }
-}

package/admin/src/AccountForm.ts

@@ -1,92 +0,0 @@
-import { createElement as h, useEffect, useRef, useState } from 'react'
-import { BoolField, Form, MultiSelectField } from '@hfs/mui-grid-form'
-import { Box, Button } from '@mui/material'
-import { apiCall } from './api'
-import { alertDialog } from './dialog'
-import { isEqualLax, modifiedSx } from './misc'
-import { Account, account2icon } from './AccountsPage'
-import { createVerifierAndSalt, SRPParameters, SRPRoutines } from 'tssrp6a'
-
-interface FormProps { account: Account, groups: string[], done: (username: string)=>void, close: ()=>void }
-export default function AccountForm({ account, done, groups, close }: FormProps) {
-    const [values, setValues] = useState<Account & { password?: string, password2?: string }>(account)
-    const [belongsOptions, setBelongOptions] = useState<string[]>([])
-    useEffect(() => {
-        setValues(account)
-        setBelongOptions(groups.filter(x => x !== account.username ))
-        ref.current?.querySelector('input')?.focus()
-    }, [JSON.stringify(account)]) //eslint-disable-line
-    const add = !account.username
-    const group = !values.hasPassword
-    const ref = useRef<HTMLFormElement>()
-    return h(Form, {
-        formRef:  ref,
-        values,
-        set(v, k) {
-            setValues({ ...values, [k]: v })
-        },
-        addToBar: [
-            h(Button, { onClick: close, sx: { ml: 2 } }, "Close"),
-            h(Box, { flex:1 }),
-            account2icon(values, { fontSize: 'large', sx: { p: 1 }})
-        ],
-        fields: [
-            { k: 'username', label: group ? 'Group name' : undefined, autoComplete: 'off', required: true, xl: group ? 12 : 4,
-                getError: v => v !== account.username && apiCall('get_account', { username: v }).then(() => "already used", () => false),
-            },
-            !group && { k: 'password', md: 6, xl: 4, type: 'password', autoComplete: 'new-password', required: add,
-                label: add ? "Password" : "Change password"
-            },
-            !group && { k: 'password2', md: 6, xl: 4, type: 'password', autoComplete: 'new-password', label: 'Repeat password',
-                getError: (x, { values }) => (x||'') !== (values.password||'') && "Enter same password" },
-            { k: 'ignore_limits', comp: BoolField, xl: 6,
-                helperText: values.ignore_limits ? "Speed limits don't apply to this account" : "Speed limits apply to this account" },
-            { k: 'admin', comp: BoolField, xl: 6, fromField: (v:boolean) => v||null, label: "Permission to access Admin interface",
-                helperText: "To access THIS interface you are using right now",
-                ...account.adminActualAccess && { value: true, disabled: true, helperText: "This permission is inherited" },
-            },
-            { k: 'belongs', comp: MultiSelectField, label: "Inherits from", options: belongsOptions,
-                helperText: "Specify groups to inherit permissions from."
-                    + (belongsOptions.length ? '' : " There are no groups available, create one first.")
-            },
-            { k: 'redirect', helperText: "If you want this account to be redirected to a specific folder/address at login time" },
-        ],
-        onError: alertDialog,
-        save: {
-            sx: modifiedSx( !isEqualLax(values, account)),
-            async onClick() {
-                const { password='', password2, adminActualAccess, ...withoutPassword } = values
-                const { username } = values
-                if (add) {
-                    await apiCall('add_account', withoutPassword)
-                    if (password)
-                        try { await apiNewPassword(username, password) }
-                        catch(e) {
-                            apiCall('del_account', { username }).then() // best effort, don't wait
-                            throw e
-                        }
-                    done(username)
-                    return alertDialog("Account created", 'success')
-                }
-                await apiCall('set_account', {
-                    username: account.username,
-                    changes: withoutPassword,
-                })
-                if (password)
-                    await apiNewPassword(username, password)
-                done(username)
-                return alertDialog("Account modified", 'success')
-            }
-        }
-    })
-}
-
-async function apiNewPassword(username: string, password: string) {
-    const srp6aNimbusRoutines = new SRPRoutines(new SRPParameters())
-    const res = await createVerifierAndSalt(srp6aNimbusRoutines, username, password)
-    return apiCall('change_srp_others', { username, salt: String(res.s), verifier: String(res.v) }).catch(e => {
-        if (e.code !== 406) // 406 = server was configured to support clear text authentication
-            throw e
-        return apiCall('change_password_others', { username, newPassword: password }) // unencrypted version
-    })
-}