hfs 0.26.8 → 0.26.9

package/src/perm.js

@@ -0,0 +1,181 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.anyAccountCanLoginAdmin = exports.accountCanLoginAdmin = exports.accountCanLogin = exports.accountHasPassword = exports.getFromAccount = exports.delAccount = exports.setAccount = exports.addAccount = exports.renameAccount = exports.normalizeUsername = exports.updateAccount = exports.allowClearTextLogin = exports.saveSrpInfo = exports.getAccount = exports.getCurrentUsernameExpanded = exports.getCurrentUsername = exports.getAccounts = void 0;
+const lodash_1 = __importDefault(require("lodash"));
+const crypt_1 = require("./crypt");
+const misc_1 = require("./misc");
+const config_1 = require("./config");
+const tssrp6a_1 = require("tssrp6a");
+const events_1 = __importDefault(require("./events"));
+let accounts = {};
+function getAccounts() {
+    return accounts;
+}
+exports.getAccounts = getAccounts;
+function getCurrentUsername(ctx) {
+    var _a;
+    return ((_a = ctx.state.account) === null || _a === void 0 ? void 0 : _a.username) || '';
+}
+exports.getCurrentUsername = getCurrentUsername;
+// provides the username and all other usernames it inherits based on the 'belongs' attribute. Useful to check permissions
+function getCurrentUsernameExpanded(ctx) {
+    const who = getCurrentUsername(ctx);
+    if (!who)
+        return [];
+    const ret = [who];
+    for (const u of ret) {
+        const a = getAccount(u);
+        if (a === null || a === void 0 ? void 0 : a.belongs)
+            ret.push(...a.belongs);
+    }
+    return ret;
+}
+exports.getCurrentUsernameExpanded = getCurrentUsernameExpanded;
+function getAccount(username, normalize = true) {
+    if (normalize)
+        username = normalizeUsername(username);
+    return username ? accounts[username] : undefined;
+}
+exports.getAccount = getAccount;
+function saveSrpInfo(account, salt, verifier) {
+    account.srp = String(salt) + '|' + String(verifier);
+}
+exports.saveSrpInfo = saveSrpInfo;
+exports.allowClearTextLogin = (0, config_1.defineConfig)('allow_clear_text_login');
+const srp6aNimbusRoutines = new tssrp6a_1.SRPRoutines(new tssrp6a_1.SRPParameters());
+async function updateAccount(account, changer) {
+    const was = JSON.stringify(account);
+    await (changer === null || changer === void 0 ? void 0 : changer(account));
+    const { username } = account;
+    if (account.password) {
+        console.debug('hashing password for', username);
+        if (exports.allowClearTextLogin.get())
+            account.hashed_password = await (0, crypt_1.hashPassword)(account.password);
+        const res = await (0, tssrp6a_1.createVerifierAndSalt)(srp6aNimbusRoutines, username, account.password);
+        saveSrpInfo(account, res.s, res.v);
+        delete account.password;
+    }
+    else if (!account.srp && account.hashed_password) {
+        console.log('please reset password for account', username);
+        process.exit(1);
+    }
+    if (account.belongs)
+        account.belongs = (0, misc_1.wantArray)(account.belongs).filter(b => b in accounts // at this stage the group record may still be null if specified later in the file
+            || console.error(`account ${username} belongs to non-existing ${b}`));
+    if (was !== JSON.stringify(account))
+        saveAccountsAsap();
+}
+exports.updateAccount = updateAccount;
+const saveAccountsAsap = config_1.saveConfigAsap;
+const accountsConfig = (0, config_1.defineConfig)('accounts', {});
+accountsConfig.sub(async (v) => {
+    // we should validate content here
+    accounts = v; // keep local reference
+    await Promise.all(lodash_1.default.map(accounts, async (rec, k) => {
+        const norm = normalizeUsername(k);
+        if (!rec) // an empty object in yaml is stored as null
+            rec = accounts[norm] = { username: norm };
+        else if ((0, misc_1.objRenameKey)(accounts, k, norm))
+            saveAccountsAsap();
+        (0, misc_1.setHidden)(rec, { username: norm });
+        await updateAccount(rec); // work password fields
+    }));
+});
+function normalizeUsername(username) {
+    return username.toLocaleLowerCase();
+}
+exports.normalizeUsername = normalizeUsername;
+function renameAccount(from, to) {
+    from = normalizeUsername(from);
+    to = normalizeUsername(to);
+    if (!to || !accounts[from] || accounts[to])
+        return false;
+    if (to === from)
+        return true;
+    (0, misc_1.objRenameKey)(accounts, from, to);
+    updateReferences();
+    saveAccountsAsap();
+    return true;
+    function updateReferences() {
+        var _a;
+        (0, misc_1.setHidden)(accounts[to], { username: to });
+        for (const a of Object.values(accounts)) {
+            const idx = (_a = a.belongs) === null || _a === void 0 ? void 0 : _a.indexOf(from);
+            if (idx !== undefined && idx >= 0)
+                a.belongs[idx] = to;
+        }
+        events_1.default.emit('accountRenamed', from, to); // everybody, take care of your stuff
+    }
+}
+exports.renameAccount = renameAccount;
+// we consider all the following fields, when falsy, as equivalent to be missing. If this changes in the future, please adjust addAccount and setAccount
+const assignableProps = ['redirect', 'ignore_limits', 'belongs', 'admin'];
+function addAccount(username, props) {
+    username = normalizeUsername(username);
+    if (!username || getAccount(username, false))
+        return;
+    const filteredProps = lodash_1.default.pickBy(lodash_1.default.pick(props, assignableProps), Boolean);
+    const copy = (0, misc_1.setHidden)(filteredProps, { username }); // have the field in the object but hidden so that stringification won't include it
+    accountsConfig.set(accounts => Object.assign(accounts, { [username]: copy }));
+    saveAccountsAsap().then();
+    return copy;
+}
+exports.addAccount = addAccount;
+function setAccount(username, changes) {
+    const acc = getAccount(username);
+    if (!acc)
+        return false;
+    const rest = lodash_1.default.pick(changes, assignableProps);
+    for (const [k, v] of Object.entries(rest))
+        if (!v)
+            rest[k] = undefined;
+    Object.assign(acc, rest);
+    if (changes.username)
+        renameAccount(username, changes.username);
+    saveAccountsAsap().then();
+    return acc;
+}
+exports.setAccount = setAccount;
+function delAccount(username) {
+    if (!getAccount(username))
+        return false;
+    accountsConfig.set(accounts => Object.assign(accounts, { [normalizeUsername(username)]: undefined }));
+    saveAccountsAsap().then();
+    return true;
+}
+exports.delAccount = delAccount;
+// get some property from account, searching in its groups if necessary. Search is breadth-first, and this determines priority of inheritance.
+function getFromAccount(account, getter) {
+    const search = [account];
+    for (const accountOrUsername of search) {
+        const a = typeof accountOrUsername === 'string' ? getAccount(accountOrUsername) : accountOrUsername;
+        if (!a)
+            continue;
+        const res = getter(a);
+        if (res !== undefined)
+            return res;
+        if (a.belongs)
+            search.push(...a.belongs);
+    }
+}
+exports.getFromAccount = getFromAccount;
+function accountHasPassword(account) {
+    return Boolean(account.password || account.hashed_password || account.srp);
+}
+exports.accountHasPassword = accountHasPassword;
+function accountCanLogin(account) {
+    return accountHasPassword(account);
+}
+exports.accountCanLogin = accountCanLogin;
+function accountCanLoginAdmin(account) {
+    return accountCanLogin(account) && getFromAccount(account, a => a.admin);
+}
+exports.accountCanLoginAdmin = accountCanLoginAdmin;
+function anyAccountCanLoginAdmin() {
+    return Object.values(accounts).find(accountCanLoginAdmin);
+}
+exports.anyAccountCanLoginAdmin = anyAccountCanLoginAdmin;

package/src/plugins.js

@@ -0,0 +1,343 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parsePluginSource = exports.rescan = exports.pluginsConfig = exports.enablePlugins = exports.pluginsWatcher = exports.getAvailablePlugins = exports.Plugin = exports.pluginsMiddleware = exports.getPluginConfigFields = exports.mapPlugins = exports.getPluginInfo = exports.setPluginConfig = exports.enablePlugin = exports.isPluginRunning = exports.DISABLING_POSTFIX = exports.PATH = void 0;
+const fast_glob_1 = __importDefault(require("fast-glob"));
+const watchLoad_1 = require("./watchLoad");
+const lodash_1 = __importDefault(require("lodash"));
+const path_1 = __importDefault(require("path"));
+const const_1 = require("./const");
+const Const = __importStar(require("./const"));
+const misc_1 = require("./misc");
+const config_1 = require("./config");
+const serveFile_1 = require("./serveFile");
+const events_1 = __importDefault(require("./events"));
+const promises_1 = require("fs/promises");
+const fs_1 = require("fs");
+const connections_1 = require("./connections");
+exports.PATH = 'plugins';
+exports.DISABLING_POSTFIX = '-disabled';
+const plugins = {};
+function isPluginRunning(id) {
+    var _a;
+    return (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.started;
+}
+exports.isPluginRunning = isPluginRunning;
+function enablePlugin(id, state = true) {
+    exports.enablePlugins.set(arr => arr.includes(id) === state ? arr
+        : state ? [...arr, id]
+            : arr.filter((x) => x !== id));
+}
+exports.enablePlugin = enablePlugin;
+// nullish values are equivalent to defaultValues
+function setPluginConfig(id, changes) {
+    exports.pluginsConfig.set(allConfigs => {
+        const fields = getPluginConfigFields(id);
+        const oldConfig = allConfigs[id];
+        const newConfig = lodash_1.default.pickBy({ ...oldConfig, ...changes }, (v, k) => { var _a; return v != null && !(0, misc_1.same)(v, (_a = fields === null || fields === void 0 ? void 0 : fields[k]) === null || _a === void 0 ? void 0 : _a.defaultValue); });
+        return { ...allConfigs, [id]: lodash_1.default.isEmpty(newConfig) ? undefined : newConfig };
+    });
+}
+exports.setPluginConfig = setPluginConfig;
+function getPluginInfo(id) {
+    var _a;
+    const running = (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.getData();
+    return running && Object.assign(running, { id }) || availablePlugins[id];
+}
+exports.getPluginInfo = getPluginInfo;
+function mapPlugins(cb) {
+    return lodash_1.default.map(plugins, (pl, plName) => {
+        try {
+            return cb(pl, plName);
+        }
+        catch (e) {
+            console.log('plugin error', plName, String(e));
+        }
+    }).filter(x => x !== undefined);
+}
+exports.mapPlugins = mapPlugins;
+function getPluginConfigFields(id) {
+    var _a;
+    return (_a = plugins[id]) === null || _a === void 0 ? void 0 : _a.getData().config;
+}
+exports.getPluginConfigFields = getPluginConfigFields;
+function pluginsMiddleware() {
+    return async (ctx, next) => {
+        var _a;
+        const after = [];
+        // run middleware plugins
+        for (const id in plugins)
+            try {
+                const pl = plugins[id];
+                const res = await ((_a = pl.middleware) === null || _a === void 0 ? void 0 : _a.call(pl, ctx));
+                if (res === true)
+                    ctx.pluginStopped = true;
+                if (typeof res === 'function')
+                    after.push(res);
+            }
+            catch (e) {
+                console.log('error middleware plugin', id, String(e));
+                console.debug(e);
+            }
+        // expose public plugins' files
+        const { path } = ctx;
+        if (!ctx.pluginStopped) {
+            if (path.startsWith(const_1.PLUGINS_PUB_URI)) {
+                const a = path.substring(const_1.PLUGINS_PUB_URI.length).split('/');
+                if (plugins.hasOwnProperty(a[0])) { // do it only if the plugin is loaded
+                    a.splice(1, 0, 'public');
+                    await (0, serveFile_1.serveFile)(exports.PATH + '/' + a.join('/'), 'auto')(ctx, next);
+                }
+            }
+            await next();
+        }
+        for (const f of after)
+            await f();
+    };
+}
+exports.pluginsMiddleware = pluginsMiddleware;
+class Plugin {
+    constructor(id, data, unwatch) {
+        this.id = id;
+        this.data = data;
+        this.unwatch = unwatch;
+        this.started = new Date();
+        if (!data)
+            throw 'invalid data';
+        if (plugins[id])
+            throw "unload first: " + id;
+        plugins[id] = this;
+        this.data = data = { ...data }; // clone to make object modifiable. Objects coming from import are not.
+        // some validation
+        for (const k of ['frontend_css', 'frontend_js']) {
+            const v = data[k];
+            if (typeof v === 'string')
+                data[k] = [v];
+            else if (v && !Array.isArray(v)) {
+                delete data[k];
+                console.warn('invalid', k);
+            }
+        }
+    }
+    get middleware() {
+        var _a;
+        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.middleware;
+    }
+    get frontend_css() {
+        var _a;
+        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.frontend_css;
+    }
+    get frontend_js() {
+        var _a;
+        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.frontend_js;
+    }
+    get onDirEntry() {
+        var _a;
+        return (_a = this.data) === null || _a === void 0 ? void 0 : _a.onDirEntry;
+    }
+    getData() {
+        return { ...this.data };
+    }
+    async unload(reloading = false) {
+        var _a, _b;
+        const { id } = this;
+        try {
+            await ((_b = (_a = this.data) === null || _a === void 0 ? void 0 : _a.unload) === null || _b === void 0 ? void 0 : _b.call(_a));
+            console.log('unloaded plugin', id);
+        }
+        catch (e) {
+            console.log('error unloading plugin', id, String(e));
+        }
+        delete plugins[id];
+        if (reloading)
+            return;
+        this.unwatch();
+        if (availablePlugins[id])
+            events_1.default.emit('pluginStopped', availablePlugins[id]);
+        else
+            events_1.default.emit('pluginUninstalled', id);
+    }
+}
+exports.Plugin = Plugin;
+let availablePlugins = {};
+function getAvailablePlugins() {
+    return Object.values(availablePlugins);
+}
+exports.getAvailablePlugins = getAvailablePlugins;
+const rescanAsap = (0, misc_1.debounceAsync)(rescan, 1000);
+if (!(0, fs_1.existsSync)(exports.PATH))
+    try {
+        (0, fs_1.mkdirSync)(exports.PATH);
+    }
+    catch (_a) { }
+exports.pluginsWatcher = (0, misc_1.watchDir)(exports.PATH, rescanAsap);
+exports.enablePlugins = (0, config_1.defineConfig)('enable_plugins', ['antibrute']);
+exports.enablePlugins.sub(rescanAsap);
+exports.pluginsConfig = (0, config_1.defineConfig)('plugins_config', {});
+async function rescan() {
+    console.debug('scanning plugins');
+    const found = [];
+    const foundDisabled = {};
+    const MASK = exports.PATH + '/*/plugin.js'; // be sure to not use path.join as fast-glob doesn't work with \
+    for (const f of await (0, fast_glob_1.default)([(0, misc_1.adjustStaticPathForGlob)(const_1.APP_PATH) + '/' + MASK, MASK])) {
+        const id = f.split('/').slice(-2)[0];
+        if (id.endsWith(exports.DISABLING_POSTFIX))
+            continue;
+        if (!exports.enablePlugins.get().includes(id)) {
+            try {
+                const source = await (0, promises_1.readFile)(f, 'utf8');
+                foundDisabled[id] = parsePluginSource(id, source);
+            }
+            catch (_a) { }
+            continue;
+        }
+        found.push(id);
+        if (plugins[id]) // already loaded
+            continue;
+        const module = path_1.default.resolve(f);
+        const { unwatch } = (0, watchLoad_1.watchLoad)(f, async () => {
+            try {
+                const alreadyRunning = plugins[id];
+                console.log(alreadyRunning ? "reloading plugin" : "loading plugin", id);
+                const { init, ...data } = await Promise.resolve().then(() => __importStar(require(module)));
+                delete data.default;
+                deleteModule(require.resolve(module)); // avoid caching at next import
+                calculateBadApi(data);
+                if (data.badApi)
+                    console.log("plugin", id, data.badApi);
+                await (alreadyRunning === null || alreadyRunning === void 0 ? void 0 : alreadyRunning.unload(true));
+                console.debug("starting plugin", id);
+                const res = await (init === null || init === void 0 ? void 0 : init.call(null, {
+                    srcDir: __dirname,
+                    const: Const,
+                    require,
+                    getConnections: connections_1.getConnections,
+                    events: events_1.default,
+                    log(...args) {
+                        console.log('plugin', id, ':', ...args);
+                    },
+                    getConfig: (cfgKey) => { var _a, _b, _c, _d, _e; return (_c = (_b = (_a = exports.pluginsConfig.get()) === null || _a === void 0 ? void 0 : _a[id]) === null || _b === void 0 ? void 0 : _b[cfgKey]) !== null && _c !== void 0 ? _c : (_e = (_d = data.config) === null || _d === void 0 ? void 0 : _d[cfgKey]) === null || _e === void 0 ? void 0 : _e.defaultValue; },
+                    setConfig: (cfgKey, value) => setPluginConfig(id, { [cfgKey]: value }),
+                    subscribeConfig(cfgKey, cb) {
+                        let last = this.getConfig(cfgKey);
+                        cb(last);
+                        return exports.pluginsConfig.sub(() => {
+                            const now = this.getConfig(cfgKey);
+                            if ((0, misc_1.same)(now, last))
+                                return;
+                            try {
+                                cb(last = now);
+                            }
+                            catch (e) {
+                                console.log('plugin', id, String(e));
+                            }
+                        });
+                    },
+                    getHfsConfig: config_1.getConfig,
+                }));
+                Object.assign(data, res);
+                const plugin = new Plugin(id, data, unwatch);
+                if (alreadyRunning)
+                    events_1.default.emit('pluginUpdated', Object.assign(lodash_1.default.pick(plugin, 'started'), getPluginInfo(id)));
+                else {
+                    const wasInstalled = availablePlugins[id];
+                    if (wasInstalled)
+                        delete availablePlugins[id];
+                    events_1.default.emit(wasInstalled ? 'pluginStarted' : 'pluginInstalled', plugin);
+                }
+            }
+            catch (e) {
+                console.log("plugin error:", e);
+            }
+        });
+    }
+    for (const id in foundDisabled) {
+        const p = foundDisabled[id];
+        const a = availablePlugins[id];
+        if ((0, misc_1.same)(a, p))
+            continue;
+        availablePlugins[id] = p;
+        if (a)
+            events_1.default.emit('pluginUpdated', p);
+        else if (!plugins[id])
+            events_1.default.emit('pluginInstalled', p);
+    }
+    for (const id in availablePlugins)
+        if (!foundDisabled[id] && !found.includes(id) && !plugins[id]) {
+            delete availablePlugins[id];
+            events_1.default.emit('pluginUninstalled', id);
+        }
+    for (const id in plugins)
+        if (!found.includes(id))
+            await plugins[id].unload();
+}
+exports.rescan = rescan;
+function deleteModule(id) {
+    var _a;
+    const { cache } = require;
+    // build reversed map of dependencies
+    const requiredBy = { '.': ['.'] }; // don't touch main entry
+    for (const k in cache)
+        if (k !== id)
+            for (const child of (0, misc_1.wantArray)((_a = cache[k]) === null || _a === void 0 ? void 0 : _a.children))
+                (0, misc_1.getOrSet)(requiredBy, child.id, () => []).push(k);
+    const deleted = [];
+    recur(id);
+    function recur(id) {
+        let mod = cache[id];
+        if (!mod)
+            return;
+        delete cache[id];
+        deleted.push(id);
+        for (const child of mod.children)
+            if (!lodash_1.default.difference(requiredBy[child.id], deleted).length)
+                recur(child.id);
+    }
+}
+(0, misc_1.onProcessExit)(() => Promise.allSettled(mapPlugins(pl => pl.unload())));
+function parsePluginSource(id, source) {
+    var _a, _b, _c, _d, _e, _f;
+    const pl = { id };
+    pl.description = (0, misc_1.tryJson)((_a = /exports.description *= *(".*")/.exec(source)) === null || _a === void 0 ? void 0 : _a[1]);
+    pl.repo = (_b = /exports.repo *= *"(.*)"/.exec(source)) === null || _b === void 0 ? void 0 : _b[1];
+    pl.version = (_d = Number((_c = /exports.version *= *(\d*\.?\d+)/.exec(source)) === null || _c === void 0 ? void 0 : _c[1])) !== null && _d !== void 0 ? _d : undefined;
+    pl.apiRequired = (_f = (0, misc_1.tryJson)((_e = /exports.apiRequired *= *([ \d.,[\]]+)/.exec(source)) === null || _e === void 0 ? void 0 : _e[1])) !== null && _f !== void 0 ? _f : undefined;
+    if (Array.isArray(pl.apiRequired) && (pl.apiRequired.length !== 2 || !pl.apiRequired.every(lodash_1.default.isFinite))) // validate [from,to] form
+        pl.apiRequired = undefined;
+    calculateBadApi(pl);
+    return pl;
+}
+exports.parsePluginSource = parsePluginSource;
+function calculateBadApi(data) {
+    const r = data.apiRequired;
+    const [min, max] = Array.isArray(r) ? r : [r, r]; // normalize data type
+    data.badApi = min > const_1.API_VERSION ? "may not work correctly as it is designed for a newer version of HFS - check for updates"
+        : max < const_1.COMPATIBLE_API_VERSION ? "may not work correctly as it is designed for an older version of HFS - check for updates"
+            : undefined;
+}

package/src/serveFile.js

@@ -0,0 +1,105 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRange = exports.serveFile = exports.serveFileNode = void 0;
+const fs_1 = require("fs");
+const const_1 = require("./const");
+const vfs_1 = require("./vfs");
+const mime_types_1 = __importDefault(require("mime-types"));
+const config_1 = require("./config");
+const micromatch_1 = require("micromatch");
+const lodash_1 = __importDefault(require("lodash"));
+const path_1 = __importDefault(require("path"));
+const util_1 = require("util");
+const allowedReferer = (0, config_1.defineConfig)('allowed_referer', '');
+function serveFileNode(node) {
+    const { source, mime } = node;
+    const name = (0, vfs_1.getNodeName)(node);
+    const mimeString = typeof mime === 'string' ? mime
+        : lodash_1.default.find(mime, (val, mask) => (0, micromatch_1.isMatch)(name, mask));
+    return (ctx, next) => {
+        var _a;
+        const allowed = allowedReferer.get();
+        if (allowed) {
+            const ref = (_a = /\/\/([^:/]+)/.exec(ctx.get('referer'))) === null || _a === void 0 ? void 0 : _a[1]; // extract host from url
+            if (ref && ref !== host() // automatic accept if referer is basically the hosting domain
+                && !(0, micromatch_1.isMatch)(ref, allowed))
+                return ctx.status = const_1.FORBIDDEN;
+            function host() {
+                const s = ctx.get('host');
+                return s[0] === '[' ? s.slice(1, s.indexOf(']')) : s === null || s === void 0 ? void 0 : s.split(':')[0];
+            }
+        }
+        ctx.vfsNode = node; // useful to tell service files from files shared by the user
+        return serveFile(source || '', mimeString)(ctx, next);
+    };
+}
+exports.serveFileNode = serveFileNode;
+const mimeCfg = (0, config_1.defineConfig)('mime', { '*': 'auto' });
+function serveFile(source, mime, content) {
+    return async (ctx) => {
+        if (!source)
+            return;
+        const fn = path_1.default.basename(source);
+        mime = mime !== null && mime !== void 0 ? mime : lodash_1.default.find(mimeCfg.get(), (v, k) => k > '' && (0, micromatch_1.isMatch)(fn, k)); // isMatch throws on an empty string
+        if (mime === vfs_1.MIME_AUTO)
+            mime = mime_types_1.default.lookup(source) || '';
+        if (mime)
+            ctx.type = mime;
+        if (ctx.method === 'OPTIONS') {
+            ctx.status = const_1.NO_CONTENT;
+            ctx.set({ Allow: 'OPTIONS, GET, HEAD' });
+            return;
+        }
+        if (ctx.method !== 'GET')
+            return ctx.status = const_1.METHOD_NOT_ALLOWED;
+        try {
+            const stats = await (0, util_1.promisify)(fs_1.stat)(source); // using fs's function instead of fs/promises, because only the former is supported by pkg
+            ctx.set('Last-Modified', stats.mtime.toUTCString());
+            ctx.fileSource = source;
+            ctx.status = 200;
+            if (ctx.fresh)
+                return ctx.status = 304;
+            if (content !== undefined)
+                return ctx.body = content;
+            const range = getRange(ctx, stats.size);
+            ctx.body = (0, fs_1.createReadStream)(source, range);
+        }
+        catch (_a) {
+            return ctx.status = 404;
+        }
+    };
+}
+exports.serveFile = serveFile;
+function getRange(ctx, totalSize) {
+    ctx.set('Accept-Ranges', 'bytes');
+    const { range } = ctx.request.header;
+    if (!range) {
+        ctx.response.length = totalSize;
+        return;
+    }
+    const ranges = range.split('=')[1];
+    if (ranges.includes(','))
+        return ctx.throw(400, 'multi-range not supported');
+    let bytes = ranges === null || ranges === void 0 ? void 0 : ranges.split('-');
+    if (!(bytes === null || bytes === void 0 ? void 0 : bytes.length))
+        return ctx.throw(400, 'bad range');
+    const max = totalSize - 1;
+    const start = bytes[0] ? Number(bytes[0]) : Math.max(0, totalSize - Number(bytes[1])); // a negative start is relative to the end
+    const end = bytes[0] ? Number(bytes[1] || max) : max;
+    // we don't support last-bytes without knowing max
+    if (isNaN(end) && isNaN(max) || end > max || start > max) {
+        ctx.status = 416;
+        ctx.set('Content-Range', `bytes ${totalSize}`);
+        ctx.body = 'Requested Range Not Satisfiable';
+        return;
+    }
+    ctx.status = 206;
+    ctx.set('Content-Range', `bytes ${start}-${isNaN(end) ? '' : end}/${isNaN(totalSize) ? '*' : totalSize}`);
+    ctx.response.length = end - start + 1;
+    return { start, end };
+}
+exports.getRange = getRange;