hfs 0.26.8 → 0.27.2

package/src/api.plugins.js

@@ -0,0 +1,128 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const plugins_1 = require("./plugins");
+const lodash_1 = __importDefault(require("lodash"));
+const assert_1 = __importDefault(require("assert"));
+const misc_1 = require("./misc");
+const apiMiddleware_1 = require("./apiMiddleware");
+const events_1 = __importDefault(require("./events"));
+const promises_1 = require("fs/promises");
+const github_1 = require("./github");
+const apis = {
+    get_plugins({}, ctx) {
+        const list = new apiMiddleware_1.SendListReadable({ addAtStart: [...(0, plugins_1.mapPlugins)(serialize), ...(0, plugins_1.getAvailablePlugins)()] });
+        return list.events(ctx, {
+            pluginInstalled: p => list.add(serialize(p)),
+            'pluginStarted pluginStopped pluginUpdated': p => {
+                const { id, ...rest } = serialize(p);
+                list.update({ id }, rest);
+            },
+            pluginUninstalled: id => list.remove({ id }),
+        });
+        function serialize(p) {
+            const o = 'getData' in p ? Object.assign(lodash_1.default.pick(p, ['id', 'started']), p.getData())
+                : { ...p }; // _.defaults mutates object, and we don't want that
+            return lodash_1.default.defaults(o, { started: null, badApi: null }); // nulls should be used to be sure to overwrite previous values,
+        }
+    },
+    async get_plugin_updates() {
+        const list = new apiMiddleware_1.SendListReadable();
+        setTimeout(async () => {
+            for (const [folder, repo] of Object.entries((0, github_1.getFolder2repo)()))
+                try {
+                    if (!repo)
+                        continue;
+                    const online = await (0, github_1.readOnlinePlugin)(await (0, github_1.getRepoInfo)(repo));
+                    if (!online.apiRequired || online.badApi)
+                        continue;
+                    const disk = (0, plugins_1.getPluginInfo)(folder);
+                    if (online.version > disk.version)
+                        list.add(online);
+                }
+                catch (err) {
+                    list.error(err.code || err.message);
+                }
+            list.close();
+        });
+        return list;
+    },
+    async set_plugin({ id, enabled, config }) {
+        (0, assert_1.default)(id, 'id');
+        if (enabled !== undefined)
+            (0, plugins_1.enablePlugin)(id, enabled);
+        if (config)
+            (0, plugins_1.setPluginConfig)(id, config);
+        return {};
+    },
+    async get_plugin({ id }) {
+        return {
+            enabled: plugins_1.enablePlugins.get().includes(id),
+            config: {
+                ...(0, misc_1.objSameKeys)((0, plugins_1.getPluginConfigFields)(id) || {}, v => v === null || v === void 0 ? void 0 : v.defaultValue),
+                ...plugins_1.pluginsConfig.get()[id]
+            }
+        };
+    },
+    search_online_plugins({ text }, ctx) {
+        return new apiMiddleware_1.SendListReadable({
+            async doAtStart(list) {
+                try {
+                    const folder2repo = (0, github_1.getFolder2repo)();
+                    for await (const pl of (0, github_1.searchPlugins)(text)) {
+                        const repo = pl.id;
+                        const folder = lodash_1.default.findKey(folder2repo, x => x === repo);
+                        const installed = folder && (0, plugins_1.getPluginInfo)(folder);
+                        Object.assign(pl, {
+                            installed: lodash_1.default.includes(folder2repo, repo),
+                            update: installed && installed.version < pl.version,
+                        });
+                        list.add(pl);
+                        // watch for events about this plugin, until this request is closed
+                        ctx.req.on('close', (0, misc_1.onOff)(events_1.default, {
+                            pluginInstalled: p => {
+                                if (p.repo === repo)
+                                    list.update({ id: repo }, { installed: true });
+                            },
+                            pluginUninstalled: folder => {
+                                if (repo === (0, github_1.getFolder2repo)()[folder])
+                                    list.update({ id: repo }, { installed: false });
+                            },
+                            pluginUpdated: p => {
+                                if (p.repo === repo)
+                                    list.update({ id: repo }, { update: p.version < pl.version });
+                            },
+                            ['pluginDownload_' + repo](status) {
+                                list.update({ id: repo }, { downloading: status !== null && status !== void 0 ? status : null });
+                            }
+                        }));
+                    }
+                }
+                catch (err) {
+                    list.error(err.code || err.message);
+                }
+                list.ready();
+            }
+        });
+    },
+    async download_plugin(pl) {
+        const res = await (0, github_1.downloadPlugin)(pl.id, pl.branch);
+        return typeof res === 'string' ? (0, plugins_1.getPluginInfo)(res) : res;
+    },
+    async update_plugin(pl) {
+        await (0, github_1.downloadPlugin)(pl.id, pl.branch, true);
+        return {};
+    },
+    async uninstall_plugin({ id }) {
+        while ((0, plugins_1.isPluginRunning)(id)) {
+            (0, plugins_1.enablePlugin)(id, false);
+            await (0, misc_1.wait)(500);
+        }
+        await (0, promises_1.rm)(plugins_1.PATH + '/' + id, { recursive: true, force: true });
+        return {};
+    }
+};
+exports.default = apis;

package/src/api.vfs.js

@@ -0,0 +1,167 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const vfs_1 = require("./vfs");
+const lodash_1 = __importDefault(require("lodash"));
+const promises_1 = require("fs/promises");
+const apiMiddleware_1 = require("./apiMiddleware");
+const path_1 = require("path");
+const misc_1 = require("./misc");
+const child_process_1 = require("child_process");
+const util_1 = require("util");
+const const_1 = require("./const");
+const micromatch_1 = require("micromatch");
+// to manipulate the tree we need the original node
+async function urlToNodeOriginal(uri) {
+    const n = await (0, vfs_1.urlToNode)(uri);
+    return (n === null || n === void 0 ? void 0 : n.isTemp) ? n.original : n;
+}
+const apis = {
+    async get_vfs() {
+        return {
+            root: vfs_1.vfs && await recur(vfs_1.vfs),
+            defaultPerms: vfs_1.defaultPerms,
+        };
+        async function recur(node) {
+            const dir = await (0, vfs_1.nodeIsDirectory)(node);
+            const stats = {};
+            try {
+                if (!dir)
+                    Object.assign(stats, lodash_1.default.pick(await (0, promises_1.stat)(node.source), ['size', 'ctime', 'mtime']));
+            }
+            catch (_a) {
+                stats.size = -1;
+            }
+            if (stats && Number(stats.mtime) === Number(stats.ctime))
+                delete stats.mtime;
+            const isRoot = node === vfs_1.vfs;
+            return {
+                ...stats,
+                ...node,
+                website: dir && node.source && await (0, promises_1.stat)((0, path_1.join)(node.source, 'index.html')).then(() => true, () => undefined)
+                    || undefined,
+                name: isRoot ? undefined : (0, vfs_1.getNodeName)(node),
+                type: dir ? 'folder' : undefined,
+                children: node.children && await Promise.all(node.children.map(recur)),
+            };
+        }
+    },
+    async set_vfs({ uri, props }) {
+        const n = await urlToNodeOriginal(uri);
+        if (!n)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'path not found');
+        props = pickProps(props, ['name', 'source', 'masks', 'default', ...Object.keys(vfs_1.defaultPerms)]);
+        props = (0, misc_1.objSameKeys)(props, v => v === null ? undefined : v); // null is a way to serialize undefined, that will restore default values
+        if (props.masks && typeof props.masks !== 'object')
+            delete props.masks;
+        Object.assign(n, props);
+        if ((0, vfs_1.getNodeName)(lodash_1.default.omit(n, ['name'])) === n.name) // name only if necessary
+            n.name = undefined;
+        await (0, vfs_1.saveVfs)();
+        return n;
+    },
+    async add_vfs({ under, source, name }) {
+        const n = under ? await urlToNodeOriginal(under) : vfs_1.vfs;
+        if (!n)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'invalid under');
+        if (n.isTemp || !await (0, vfs_1.nodeIsDirectory)(n))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_FORBIDDEN, 'invalid under');
+        if ((0, misc_1.isWindowsDrive)(source))
+            source += '\\'; // slash must be included, otherwise it will refer to the cwd of that drive
+        const a = n.children || (n.children = []);
+        if (source && a.find(x => x.source === source))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'already present');
+        a.unshift({ source, name });
+        await (0, vfs_1.saveVfs)();
+        return {};
+    },
+    async del_vfs({ uris }) {
+        if (!uris || !Array.isArray(uris))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'invalid uris');
+        return {
+            errors: await Promise.all(uris.map(async (uri) => {
+                if (typeof uri !== 'string')
+                    return const_1.HTTP_BAD_REQUEST;
+                const node = await urlToNodeOriginal(uri);
+                if (!node)
+                    return const_1.HTTP_NOT_FOUND;
+                const parent = (0, path_1.dirname)(uri);
+                const parentNode = await urlToNodeOriginal(parent);
+                if (!parentNode)
+                    return const_1.HTTP_FORBIDDEN;
+                const { children } = parentNode;
+                if (!children) // shouldn't happen
+                    return const_1.HTTP_SERVER_ERROR;
+                const idx = children.indexOf(node);
+                children.splice(idx, 1);
+                (0, vfs_1.saveVfs)();
+                return 0; // error code 0 is OK
+            }))
+        };
+    },
+    get_cwd() {
+        return { path: process.cwd() };
+    },
+    async resolve_path({ path, closestFolder }) {
+        path = (0, path_1.resolve)(path);
+        if (closestFolder)
+            while (path && !await (0, promises_1.stat)(path).then(x => x.isDirectory(), () => 0))
+                path = (0, path_1.dirname)(path);
+        return { path };
+    },
+    async *ls({ path, files = true, fileMask }, ctx) {
+        if (!path && const_1.IS_WINDOWS) {
+            try {
+                for (const n of await getDrives())
+                    yield { add: { n, k: 'd' } };
+            }
+            catch (error) {
+                console.debug(error);
+            }
+            return;
+        }
+        try {
+            path = (0, misc_1.isWindowsDrive)(path) ? path + '\\' : (0, path_1.resolve)(path || '/');
+            for await (const name of (0, misc_1.dirStream)(path)) {
+                if (ctx.req.aborted)
+                    return;
+                try {
+                    const stats = await (0, promises_1.stat)((0, path_1.join)(path, name));
+                    if (stats.isFile())
+                        if (!files || fileMask && !(0, micromatch_1.isMatch)(name, fileMask))
+                            continue;
+                    yield {
+                        add: {
+                            n: name,
+                            s: stats.size,
+                            c: stats.ctime,
+                            m: stats.mtime,
+                            k: stats.isDirectory() ? 'd' : undefined,
+                        }
+                    };
+                }
+                catch (_a) { } // just ignore entries we can't stat
+            }
+        }
+        catch (e) {
+            yield { error: e.code || e.message || String(e) };
+        }
+    }
+};
+exports.default = apis;
+// pick only selected props, and consider null and empty string as undefined
+function pickProps(o, keys) {
+    const ret = {};
+    if (o && typeof o === 'object')
+        for (const k of keys)
+            if (k in o)
+                ret[k] = o[k] === null || o[k] === '' ? undefined : o[k];
+    return ret;
+}
+async function getDrives() {
+    const { stdout } = await (0, util_1.promisify)(child_process_1.exec)('wmic logicaldisk get name');
+    return stdout.split('\n').slice(1).map(x => x.trim()).filter(Boolean);
+}

package/src/apiMiddleware.js

@@ -0,0 +1,123 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SendListReadable = exports.apiMiddleware = exports.ApiError = void 0;
+const sse_1 = __importDefault(require("./sse"));
+const stream_1 = require("stream");
+const misc_1 = require("./misc");
+const events_1 = __importDefault(require("./events"));
+const const_1 = require("./const");
+const lodash_1 = __importDefault(require("lodash"));
+class ApiError extends Error {
+    constructor(status, message) {
+        super(typeof message === 'string' ? message : message === null || message === void 0 ? void 0 : message.message);
+        this.status = status;
+    }
+}
+exports.ApiError = ApiError;
+function apiMiddleware(apis) {
+    return async (ctx) => {
+        const { params } = ctx;
+        console.debug('API', ctx.method, ctx.path, { ...params });
+        if (!apis.hasOwnProperty(ctx.path)) {
+            ctx.body = 'invalid api';
+            return ctx.status = const_1.HTTP_NOT_FOUND;
+        }
+        const csrf = ctx.cookies.get('csrf');
+        // we don't rely on SameSite cookie option because it's https-only
+        let res = csrf && csrf !== params.csrf ? new ApiError(const_1.HTTP_UNAUTHORIZED, 'csrf')
+            : await apis[ctx.path](params || {}, ctx);
+        if (isAsyncGenerator(res))
+            res = (0, misc_1.asyncGeneratorToReadable)(res);
+        if (res instanceof stream_1.Readable) { // Readable, we'll go SSE-mode
+            res.pipe((0, sse_1.default)(ctx));
+            const stillRes = res; // satisfy ts
+            ctx.req.on('close', () => // by closing the generated stream, creator of the stream will know the request is over without having to access anything else
+             stillRes.destroy());
+            return;
+        }
+        if (res instanceof ApiError) {
+            ctx.body = res.message;
+            return ctx.status = res.status;
+        }
+        if (res instanceof Error) { // generic exception
+            ctx.body = String(res);
+            return ctx.status = const_1.HTTP_BAD_REQUEST;
+        }
+        ctx.body = res;
+    };
+}
+exports.apiMiddleware = apiMiddleware;
+function isAsyncGenerator(x) {
+    return typeof (x === null || x === void 0 ? void 0 : x.next) === 'function';
+}
+class SendListReadable extends stream_1.Readable {
+    constructor({ addAtStart, doAtStart, bufferTime } = {}) {
+        super({ objectMode: true, read() { } });
+        this.buffer = [];
+        if (!bufferTime)
+            bufferTime = 100;
+        this.processBuffer = lodash_1.default.debounce(() => {
+            this.push(this.buffer);
+            this.buffer = [];
+        }, bufferTime, { maxWait: bufferTime });
+        this.on('end', () => this.destroy());
+        if (doAtStart)
+            setTimeout(() => doAtStart(this)); // work later, when list object has been received by Koa
+        if (addAtStart) {
+            for (const x of addAtStart)
+                this.add(x);
+            this.ready();
+        }
+    }
+    _push(rec) {
+        this.buffer.push(rec);
+        if (this.buffer.length > 10000) // hard limit
+            this.processBuffer.flush();
+        else
+            this.processBuffer();
+    }
+    add(rec) {
+        this._push({ add: rec });
+    }
+    remove(key) {
+        this._push({ remove: [key] });
+    }
+    update(search, change) {
+        this._push({ update: [{ search, change }] });
+    }
+    ready() {
+        this._push('ready');
+    }
+    custom(data) {
+        this._push(data);
+    }
+    props(props) {
+        this._push({ props });
+    }
+    error(msg, close = false) {
+        this._push({ error: msg });
+        this.lastError = msg;
+        if (close)
+            this.close();
+    }
+    getLastError() {
+        return this.lastError;
+    }
+    close() {
+        this.processBuffer.flush();
+        this.push(null);
+    }
+    events(ctx, eventMap) {
+        const off = (0, misc_1.onOff)(events_1.default, eventMap);
+        ctx.res.once('close', off);
+        return this;
+    }
+    isClosed() {
+        return this.destroyed;
+    }
+}
+exports.SendListReadable = SendListReadable;

package/src/block.js

@@ -0,0 +1,34 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyBlock = void 0;
+const config_1 = require("./config");
+const connections_1 = require("./connections");
+const misc_1 = require("./misc");
+const cidr_tools_1 = __importDefault(require("cidr-tools"));
+const lodash_1 = __importDefault(require("lodash"));
+(0, config_1.defineConfig)('block', []).sub(rules => {
+    compileBlock(rules);
+    for (const { socket, ip } of (0, connections_1.getConnections)())
+        applyBlock(socket, ip);
+});
+let blockFunctions = []; // "compiled" versions of the rules in config.block
+function compileBlock(rules) {
+    blockFunctions = !Array.isArray(rules) ? []
+        : (0, misc_1.onlyTruthy)(rules.map(rule => !rule ? null
+            : (0, misc_1.with_)(rule.ip, ip => typeof ip !== 'string' ? null
+                : ip.includes('/') ? x => cidr_tools_1.default.contains(ip, x)
+                    : ip.includes('*') ? (0, misc_1.with_)(ipMask2regExp(ip), re => x => re.test(x))
+                        : x => x === ip)));
+    function ipMask2regExp(ipMask) {
+        return new RegExp(lodash_1.default.escapeRegExp(ipMask).replace(/\\\*/g, '.*'));
+    }
+}
+function applyBlock(socket, ip = (0, connections_1.normalizeIp)(socket.remoteAddress || '')) {
+    if (ip && blockFunctions.find(rule => rule(ip)))
+        return socket.destroy();
+}
+exports.applyBlock = applyBlock;

package/src/commands.js

@@ -0,0 +1,125 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const perm_1 = require("./perm");
+const config_1 = require("./config");
+const lodash_1 = __importDefault(require("lodash"));
+const update_1 = require("./update");
+const listen_1 = require("./listen");
+const yaml_1 = __importDefault(require("yaml"));
+const const_1 = require("./const");
+const readline_1 = require("readline");
+try {
+    /*
+    is this try-block useful in case the stdin is unavailable?
+    Not sure, but someone reported a problem using nohup https://github.com/rejetto/hfs/issues/74
+    and I've found this example try-catching https://github.com/DefinitelyTyped/DefinitelyTyped/blob/dda83a906914489e09ca28afea12948529015d4a/types/node/readline.d.ts#L489
+    */
+    (0, readline_1.createInterface)({ input: process.stdin }).on('line', parseCommandLine);
+    console.log(`HINT: type "help" for help`);
+}
+catch (_a) {
+    console.log("console commands not available");
+}
+function parseCommandLine(line) {
+    if (!line)
+        return;
+    const [name, ...params] = line.trim().split(/ +/);
+    const cmd = commands[name];
+    if (!cmd)
+        return console.error("cannot understand entered command, try 'help'");
+    if (cmd.cb.length > params.length)
+        return console.error("insufficient parameters, expected: " + cmd.params);
+    cmd.cb(...params).then(() => console.log("+++ command executed"), (err) => {
+        if (typeof err === 'string')
+            console.error("command failed:", err);
+        else
+            throw err;
+    });
+}
+const commands = {
+    help: {
+        params: '',
+        async cb() {
+            console.log("supported commands:", ...lodash_1.default.map(commands, ({ params }, name) => '\n - ' + name + ' ' + params));
+        }
+    },
+    'show-admin': {
+        params: '',
+        cb() {
+            (0, listen_1.openAdmin)();
+        }
+    },
+    'create-admin': {
+        params: '<password> [<username>=admin]',
+        async cb(password, username = 'admin') {
+            if ((0, perm_1.getAccount)(username))
+                throw `user ${username} already exists`;
+            const acc = (0, perm_1.addAccount)(username, { admin: true });
+            await (0, perm_1.updateAccount)(acc, acc => {
+                acc.password = password;
+            });
+        }
+    },
+    'change-password': {
+        params: '<user> <password>',
+        async cb(user, password) {
+            const acc = (0, perm_1.getAccount)(user);
+            if (!acc)
+                throw "user doesn't exist";
+            await (0, perm_1.updateAccount)(acc, acc => {
+                acc.password = password;
+            });
+        }
+    },
+    config: {
+        params: '<key> <value>',
+        async cb(key, value) {
+            const conf = (0, config_1.getConfigDefinition)(key);
+            if (!conf)
+                throw "specified key doesn't exist";
+            let v = value;
+            try {
+                v = JSON.parse(v);
+            }
+            catch (_a) { }
+            (0, config_1.setConfig)({ [key]: v });
+        }
+    },
+    'show-config': {
+        params: '<key>',
+        async cb(key) {
+            const conf = (0, config_1.getConfigDefinition)(key);
+            if (!conf)
+                throw "specified key doesn't exist";
+            console.log(yaml_1.default.stringify((0, config_1.getConfig)(key), { lineWidth: 1000 }).trim());
+        }
+    },
+    quit: {
+        params: '',
+        async cb() {
+            process.exit(0);
+        }
+    },
+    update: {
+        params: '',
+        cb: update_1.update
+    },
+    'check-update': {
+        params: '',
+        async cb() {
+            const update = await (0, update_1.getUpdate)();
+            console.log("new version available", update.name);
+        }
+    },
+    version: {
+        params: '',
+        async cb() {
+            console.log(const_1.VERSION);
+            console.log(const_1.BUILD_TIMESTAMP);
+        }
+    },
+};