hfs 0.26.8 → 0.27.2

package/src/listen.js

@@ -0,0 +1,235 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getUrls = exports.getStatus = exports.httpsPortCfg = exports.openAdmin = exports.portCfg = void 0;
+const http = __importStar(require("http"));
+const config_1 = require("./config");
+const index_1 = require("./index");
+const https = __importStar(require("https"));
+const watchLoad_1 = require("./watchLoad");
+const os_1 = require("os");
+const connections_1 = require("./connections");
+const open_1 = __importDefault(require("open"));
+const misc_1 = require("./misc");
+const const_1 = require("./const");
+const find_process_1 = __importDefault(require("find-process"));
+const perm_1 = require("./perm");
+const lodash_1 = __importDefault(require("lodash"));
+let httpSrv;
+let httpsSrv;
+const openBrowserAtStart = (0, config_1.defineConfig)('open_browser_at_start', !const_1.DEV);
+exports.portCfg = (0, config_1.defineConfig)('port', 80);
+exports.portCfg.sub(async (port) => {
+    while (!index_1.app)
+        await (0, misc_1.wait)(100);
+    stopServer(httpSrv).then();
+    httpSrv = Object.assign(http.createServer(index_1.app.callback()), { name: 'http' });
+    port = await startServer(httpSrv, { port });
+    if (!port)
+        return;
+    httpSrv.on('connection', connections_1.newConnection);
+    printUrls(port, 'http');
+    if (openBrowserAtStart.get())
+        openAdmin();
+});
+function openAdmin() {
+    for (const srv of [httpSrv, httpsSrv]) {
+        const a = srv.address();
+        if (!a || typeof a === 'string')
+            continue;
+        const baseUrl = srv.name + '://localhost:' + a.port;
+        (0, open_1.default)(baseUrl + const_1.ADMIN_URI, { wait: true }).catch(e => {
+            console.debug(String(e));
+            console.warn("cannot launch browser on this machine >PLEASE< open your browser and reach one of these (you may need a different address)", ...Object.values(getUrls()).flat().map(x => '\n - ' + x + const_1.ADMIN_URI));
+            if (!(0, perm_1.anyAccountCanLoginAdmin)())
+                console.log(`HINT: you can enter command: create-admin YOUR_PASSWORD`);
+        });
+        return true;
+    }
+    console.log("openAdmin failed");
+}
+exports.openAdmin = openAdmin;
+const considerHttps = (0, misc_1.debounceAsync)(async () => {
+    var _a, _b;
+    stopServer(httpsSrv).then();
+    let port = exports.httpsPortCfg.get();
+    try {
+        while (!index_1.app)
+            await (0, misc_1.wait)(100);
+        httpsSrv = Object.assign(https.createServer(port < 0 ? {} : { key: httpsOptions.private_key, cert: httpsOptions.cert }, index_1.app.callback()), { name: 'https', error: undefined });
+        if (port >= 0) {
+            const namesForOutput = { cert: 'certificate', private_key: 'private key' };
+            const missing = (_a = httpsNeeds.find(x => !x.get())) === null || _a === void 0 ? void 0 : _a.key();
+            if (missing)
+                return httpsSrv.error = "missing " + namesForOutput[missing];
+            const cantRead = (_b = httpsNeeds.find(x => !httpsOptions[x.key()])) === null || _b === void 0 ? void 0 : _b.key();
+            if (cantRead)
+                return httpsSrv.error = "cannot read " + namesForOutput[cantRead];
+        }
+    }
+    catch (e) {
+        httpsSrv.error = "bad private key or certificate";
+        console.log("failed to create https server: check your private key and certificate", String(e));
+        return;
+    }
+    port = await startServer(httpsSrv, { port });
+    if (!port)
+        return;
+    httpsSrv.on('connection', connections_1.newConnection);
+    printUrls(port, 'https');
+});
+const cert = (0, config_1.defineConfig)('cert');
+const privateKey = (0, config_1.defineConfig)('private_key');
+const httpsNeeds = [cert, privateKey];
+const httpsOptions = { cert: '', private_key: '' };
+for (const cfg of httpsNeeds) {
+    let unwatch;
+    cfg.sub(async (v) => {
+        unwatch === null || unwatch === void 0 ? void 0 : unwatch();
+        const k = cfg.key();
+        httpsOptions[k] = v;
+        if (!v || v.includes('\n'))
+            return considerHttps();
+        // v is a path
+        httpsOptions[k] = '';
+        unwatch = (0, watchLoad_1.watchLoad)(v, data => {
+            httpsOptions[k] = data;
+            considerHttps();
+        }).unwatch;
+        await considerHttps();
+    });
+}
+exports.httpsPortCfg = (0, config_1.defineConfig)('https_port', -1);
+exports.httpsPortCfg.sub(considerHttps);
+function startServer(srv, { port, host }) {
+    return new Promise(async (resolve) => {
+        try {
+            if (port < 0 || !host && !await testIpV4()) // !host means ipV4+6, and if v4 port alone is busy we won't be notified of the failure, so we'll first test it on its own
+                return resolve(0);
+            port = await listen(host);
+            if (port)
+                console.log(srv.name, "serving on", host || "any network", ':', port);
+            resolve(port);
+        }
+        catch (e) {
+            srv.error = String(e);
+            console.error(srv.name, "couldn't listen on port", port, srv.error);
+            resolve(0);
+        }
+    });
+    async function testIpV4() {
+        const res = await listen('0.0.0.0');
+        await new Promise(res => srv.close(res));
+        return res > 0;
+    }
+    function listen(host) {
+        return new Promise(async (resolve, reject) => {
+            srv.listen({ port, host }, () => {
+                const ad = srv.address();
+                if (!ad)
+                    return reject('no address');
+                if (typeof ad === 'string') {
+                    srv.close();
+                    return reject('type of socket not supported');
+                }
+                resolve(ad.port);
+            }).on('error', async (e) => {
+                srv.error = String(e);
+                srv.busy = undefined;
+                const { code } = e;
+                if (code === 'EADDRINUSE') {
+                    srv.busy = (0, find_process_1.default)('port', port).then(res => { var _a; return ((_a = res === null || res === void 0 ? void 0 : res[0]) === null || _a === void 0 ? void 0 : _a.name) || ''; }, () => '');
+                    srv.error = `port ${port} busy: ${await srv.busy || "unknown process"}`;
+                }
+                console.error(srv.name, srv.error);
+                const k = (srv === httpSrv ? exports.portCfg : exports.httpsPortCfg).key();
+                console.log(` >> try specifying a different port, enter this command: config ${k} 8011`);
+                resolve(0);
+            });
+        });
+    }
+}
+function stopServer(srv) {
+    return new Promise(resolve => {
+        if (!(srv === null || srv === void 0 ? void 0 : srv.listening))
+            return resolve(null);
+        const ad = srv.address();
+        if (ad && typeof ad !== 'string')
+            console.log("stopped port", ad.port);
+        srv.close(err => {
+            if (err && err.code !== 'ERR_SERVER_NOT_RUNNING')
+                console.debug("failed to stop server", String(err));
+            resolve(err);
+        });
+    });
+}
+function getStatus() {
+    return {
+        httpSrv,
+        httpsSrv,
+    };
+}
+exports.getStatus = getStatus;
+const ignore = /^(lo|.*loopback.*|virtualbox.*|.*\(wsl\).*|llw\d|awdl\d|utun\d|anpi\d)$/i; // avoid giving too much information
+function getUrls() {
+    return Object.fromEntries((0, misc_1.onlyTruthy)([httpSrv, httpsSrv].map(srv => {
+        var _a;
+        if (!(srv === null || srv === void 0 ? void 0 : srv.listening))
+            return false;
+        const port = (_a = srv === null || srv === void 0 ? void 0 : srv.address()) === null || _a === void 0 ? void 0 : _a.port;
+        const appendPort = port === (srv.name === 'https' ? 443 : 80) ? '' : ':' + port;
+        const urls = (0, misc_1.onlyTruthy)(Object.entries((0, os_1.networkInterfaces)()).map(([name, nets]) => nets && !ignore.test(name) && nets.map(net => {
+            if (net.internal)
+                return;
+            let { address } = net;
+            if (address.includes(':'))
+                address = '[' + address + ']';
+            return srv.name + '://' + address + appendPort;
+        })).flat());
+        return urls.length && [srv.name, urls];
+    })));
+}
+exports.getUrls = getUrls;
+function printUrls(port, proto) {
+    if (!port)
+        return;
+    for (const [name, nets] of Object.entries((0, os_1.networkInterfaces)())) {
+        if (!nets || ignore.test(name))
+            continue;
+        lodash_1.default.remove(nets, 'internal');
+        if (!nets.length)
+            continue;
+        const best = lodash_1.default.find(nets, { family: 'IPv4' }) || nets[0];
+        const appendPort = port === (proto === 'https' ? 443 : 80) ? '' : ':' + port;
+        let { address } = best;
+        if (address.includes(':'))
+            address = '[' + address + ']';
+        console.log('network', name, proto + '://' + address + appendPort);
+    }
+}

package/src/log.js

@@ -0,0 +1,137 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.log = exports.loggers = void 0;
+const config_1 = require("./config");
+const fs_1 = require("fs");
+const util = __importStar(require("util"));
+const promises_1 = require("fs/promises");
+const const_1 = require("./const");
+const events_1 = __importDefault(require("./events"));
+const lodash_1 = __importDefault(require("lodash"));
+const util_files_1 = require("./util-files");
+const perm_1 = require("./perm");
+class Logger {
+    constructor(name) {
+        this.name = name;
+        this.path = '';
+    }
+    async setPath(path) {
+        var _a;
+        this.path = path;
+        (_a = this.stream) === null || _a === void 0 ? void 0 : _a.end();
+        this.last = undefined;
+        if (!path)
+            return this.stream = undefined;
+        try {
+            const stats = await (0, promises_1.stat)(path);
+            this.last = stats.mtime || stats.ctime;
+        }
+        catch (_b) {
+            if (await (0, util_files_1.prepareFolder)(path) === false)
+                console.log("cannot create folder for", path);
+        }
+        this.reopen();
+    }
+    reopen() {
+        return this.stream = (0, fs_1.createWriteStream)(this.path, { flags: 'a' })
+            .on('error', () => this.stream = undefined);
+    }
+}
+// we'll have names same as config keys. These are used also by the get_log api.
+const accessLogger = new Logger('log');
+const accessErrorLog = new Logger('error_log');
+exports.loggers = [accessLogger, accessErrorLog];
+(0, config_1.defineConfig)('log', 'logs/access.log').sub(path => {
+    console.debug('access log file: ' + (path || 'disabled'));
+    accessLogger.setPath(path);
+});
+const errorLogFile = (0, config_1.defineConfig)(accessErrorLog.name, 'logs/access-error.log');
+errorLogFile.sub(path => {
+    console.debug('access error log: ' + (path || 'disabled'));
+    accessErrorLog.setPath(path);
+});
+const logRotation = (0, config_1.defineConfig)('log_rotation', 'weekly');
+function log() {
+    const debounce = lodash_1.default.debounce(cb => cb(), 1000);
+    return async (ctx, next) => {
+        var _a;
+        await next();
+        const isError = ctx.status >= 400;
+        const logger = isError && accessErrorLog || accessLogger;
+        const rotate = (_a = logRotation.get()) === null || _a === void 0 ? void 0 : _a[0];
+        let { stream, last, path } = logger;
+        if (!stream)
+            return;
+        const now = new Date();
+        const a = now.toString().split(' ');
+        logger.last = now;
+        if (rotate && last) { // rotation enabled and a file exists?
+            const passed = Number(now) - Number(last)
+                - 3600000; // be pessimistic and count a possible DST change
+            if (rotate === 'm' && (passed >= 31 * const_1.DAY || now.getMonth() !== last.getMonth())
+                || rotate === 'd' && (passed >= const_1.DAY || now.getDate() !== last.getDate()) // checking passed will solve the case when the day of the month is the same but a month has passed
+                || rotate === 'w' && (passed >= 7 * const_1.DAY || now.getDay() < last.getDay())) {
+                stream.end();
+                const postfix = last.getFullYear() + '-' + doubleDigit(last.getMonth() + 1) + '-' + doubleDigit(last.getDate());
+                try { // other logging requests shouldn't happen while we are renaming. Since this is very infrequent we can tolerate solving this by making it sync.
+                    (0, fs_1.renameSync)(path, path + '-' + postfix);
+                }
+                catch (e) { // ok, rename failed, but this doesn't mean we ain't gonna log
+                    console.error(e);
+                }
+                stream = logger.reopen(); // keep variable updated
+                if (!stream)
+                    return;
+            }
+        }
+        const format = '%s - %s [%s] "%s %s HTTP/%s" %d %s\n'; // Apache's Common Log Format
+        const date = a[2] + '/' + a[1] + '/' + a[3] + ':' + a[4] + ' ' + a[5].slice(3);
+        const user = (0, perm_1.getCurrentUsername)(ctx);
+        events_1.default.emit(logger.name, Object.assign(lodash_1.default.pick(ctx, ['ip', 'method', 'status', 'length']), { user, ts: now, uri: ctx.path }));
+        console.debug(ctx.status, ctx.method, ctx.path);
+        debounce(() => // once in a while we check if the file is still good (not deleted, etc), or we'll reopen it
+         (0, promises_1.stat)(logger.path).catch(() => logger.reopen())); // async = smoother but we may lose some entries
+        stream.write(util.format(format, ctx.ip, user || '-', date, ctx.method, ctx.path, ctx.req.httpVersion, ctx.status, ctx.length ? ctx.length.toString() : '-'));
+    };
+}
+exports.log = log;
+function doubleDigit(n) {
+    return n > 9 ? n : '0' + n;
+}
+// dump console.error to file
+const debugLogFile = (0, fs_1.createWriteStream)('debug.log', { flags: 'a' });
+debugLogFile.on('open', () => {
+    const was = console.error;
+    console.error = function (...args) {
+        was.apply(this, args);
+        const params = args.map(x => typeof x === 'string' ? x : JSON.stringify(x)).join(' ');
+        debugLogFile.write(new Date().toLocaleString() + ': ' + params + '\n');
+    };
+}).on('error', () => console.log("cannot create debug.log"));

package/src/middlewares.js

@@ -0,0 +1,195 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.paramsDecoder = exports.prepareState = exports.getProxyDetected = exports.someSecurity = exports.serveGuiAndSharedFiles = exports.sessions = exports.headRequests = exports.gzipper = void 0;
+const koa_compress_1 = __importDefault(require("koa-compress"));
+const koa_session_1 = __importDefault(require("koa-session"));
+const const_1 = require("./const");
+const const_2 = require("./const");
+const vfs_1 = require("./vfs");
+const misc_1 = require("./misc");
+const zip_1 = require("./zip");
+const serveFile_1 = require("./serveFile");
+const serveGuiFiles_1 = require("./serveGuiFiles");
+const koa_mount_1 = __importDefault(require("koa-mount"));
+const stream_1 = require("stream");
+const block_1 = require("./block");
+const perm_1 = require("./perm");
+const connections_1 = require("./connections");
+const basic_auth_1 = __importDefault(require("basic-auth"));
+const tssrp6a_1 = require("tssrp6a");
+const api_auth_1 = require("./api.auth");
+const path_1 = require("path");
+const fs_1 = require("fs");
+const promises_1 = require("stream/promises");
+exports.gzipper = (0, koa_compress_1.default)({
+    threshold: 2048,
+    gzip: { flush: require('zlib').constants.Z_SYNC_FLUSH },
+    deflate: { flush: require('zlib').constants.Z_SYNC_FLUSH },
+    br: false,
+    filter(type) {
+        return /text|javascript|style/i.test(type);
+    },
+});
+const headRequests = async (ctx, next) => {
+    const head = ctx.method === 'HEAD';
+    if (head)
+        ctx.method = 'GET'; // let other middlewares work, so we can collect the size at the end
+    await next();
+    if (!head || ctx.body === undefined)
+        return;
+    const { length, status } = ctx.response;
+    if (ctx.body)
+        ctx.body = stream_1.Readable.from(''); // empty the body for this is a HEAD request. Using Readable avoids koa from trying to set length to 0
+    ctx.status = status;
+    if (length)
+        ctx.response.length = length;
+};
+exports.headRequests = headRequests;
+const sessions = (app) => (0, koa_session_1.default)({
+    key: 'hfs_$id',
+    signed: true,
+    rolling: true,
+    maxAge: const_1.SESSION_DURATION,
+}, app);
+exports.sessions = sessions;
+const serveFrontendFiles = (0, serveGuiFiles_1.serveGuiFiles)(process.env.FRONTEND_PROXY, const_2.FRONTEND_URI);
+const serveFrontendPrefixed = (0, koa_mount_1.default)(const_2.FRONTEND_URI.slice(0, -1), serveFrontendFiles);
+const serveAdminPrefixed = (0, koa_mount_1.default)(const_1.ADMIN_URI.slice(0, -1), (0, serveGuiFiles_1.serveGuiFiles)(process.env.ADMIN_PROXY, const_1.ADMIN_URI));
+const serveGuiAndSharedFiles = async (ctx, next) => {
+    const { path } = ctx;
+    if (ctx.body)
+        return next();
+    if (path.startsWith(const_2.FRONTEND_URI))
+        return serveFrontendPrefixed(ctx, next);
+    if (path + '/' === const_1.ADMIN_URI)
+        return ctx.redirect(const_1.ADMIN_URI);
+    if (path.startsWith(const_1.ADMIN_URI))
+        return serveAdminPrefixed(ctx, next);
+    if (ctx.method === 'PUT') { // curl -T file url/
+        const decPath = decodeURI(path);
+        let rest = (0, path_1.basename)(decPath);
+        const folder = await (0, vfs_1.urlToNode)((0, path_1.dirname)(decPath), ctx, vfs_1.vfs, v => rest = v + '/' + rest);
+        if (!folder)
+            return ctx.status = const_1.HTTP_NOT_FOUND;
+        return await receiveUpload(folder, rest, ctx.req, ctx);
+    }
+    const node = await (0, vfs_1.urlToNode)(path, ctx);
+    if (!node)
+        return ctx.status = const_1.HTTP_NOT_FOUND;
+    const canRead = (0, vfs_1.hasPermission)(node, 'can_read', ctx);
+    const isFolder = await (0, vfs_1.nodeIsDirectory)(node);
+    if (isFolder && !path.endsWith('/'))
+        return ctx.redirect(path + '/');
+    if (canRead && !isFolder)
+        return node.source ? (0, serveFile_1.serveFileNode)(node)(ctx, next)
+            : next();
+    if (!canRead) {
+        ctx.status = (0, vfs_1.cantReadStatusCode)(node);
+        if (ctx.status === const_1.HTTP_FORBIDDEN)
+            return;
+        const browserDetected = ctx.get('Upgrade-Insecure-Requests') || ctx.get('Sec-Fetch-Mode'); // ugh, heuristics
+        if (!browserDetected) // we don't want to trigger basic authentication on browsers, it's meant for download managers only
+            return ctx.set('WWW-Authenticate', 'Basic'); // we support basic authentication
+        ctx.state.serveApp = true;
+        return serveFrontendFiles(ctx, next);
+    }
+    ctx.set({ server: 'HFS ' + const_1.BUILD_TIMESTAMP });
+    const { get } = ctx.query;
+    if (get === 'zip')
+        return await (0, zip_1.zipStreamFromFolder)(node, ctx);
+    if (node.default) {
+        const def = await (0, vfs_1.urlToNode)(path + node.default, ctx);
+        return !def ? next()
+            : (0, vfs_1.hasPermission)(def, 'can_read', ctx) ? (0, serveFile_1.serveFileNode)(def)(ctx, next)
+                : ctx.status = (0, vfs_1.cantReadStatusCode)(def);
+    }
+    return serveFrontendFiles(ctx, next);
+};
+exports.serveGuiAndSharedFiles = serveGuiAndSharedFiles;
+async function receiveUpload(base, path, stream, ctx) {
+    if (!base.source || !(0, vfs_1.hasPermission)(base, 'can_upload', ctx))
+        return ctx.status = base.can_upload === false ? const_1.HTTP_FORBIDDEN : const_1.HTTP_UNAUTHORIZED;
+    path = (0, path_1.join)(base.source, path);
+    await (0, misc_1.prepareFolder)(path);
+    const dest = (0, fs_1.createWriteStream)(path);
+    await (0, promises_1.pipeline)(stream, dest);
+    ctx.body = '{}';
+}
+let proxyDetected = false;
+const someSecurity = async (ctx, next) => {
+    ctx.request.ip = (0, connections_1.normalizeIp)(ctx.ip);
+    try {
+        let proxy = ctx.get('X-Forwarded-For');
+        // we have some dev-proxies to ignore
+        if (const_1.DEV && proxy && [process.env.FRONTEND_PROXY, process.env.ADMIN_PROXY].includes(ctx.get('X-Forwarded-port')))
+            proxy = '';
+        if ((0, misc_1.dirTraversal)(decodeURI(ctx.path)))
+            return ctx.status = const_1.HTTP_FOOL;
+        if ((0, block_1.applyBlock)(ctx.socket, ctx.ip))
+            return;
+        proxyDetected || (proxyDetected = proxy > '');
+        ctx.state.proxiedFor = proxy;
+    }
+    catch (_a) {
+        return ctx.status = const_1.HTTP_FOOL;
+    }
+    return next();
+};
+exports.someSecurity = someSecurity;
+// this is only about http proxies
+function getProxyDetected() {
+    return proxyDetected;
+}
+exports.getProxyDetected = getProxyDetected;
+const prepareState = async (ctx, next) => {
+    var _a, _b;
+    // calculate these once and for all
+    ctx.state.account = (_a = await getHttpAccount(ctx)) !== null && _a !== void 0 ? _a : (0, perm_1.getAccount)((_b = ctx.session) === null || _b === void 0 ? void 0 : _b.username, false);
+    const conn = ctx.state.connection = (0, connections_1.socket2connection)(ctx.socket);
+    await next();
+    if (conn)
+        (0, connections_1.updateConnection)(conn, { ctx });
+};
+exports.prepareState = prepareState;
+async function getHttpAccount(ctx) {
+    const credentials = (0, basic_auth_1.default)(ctx.req);
+    const account = (0, perm_1.getAccount)((credentials === null || credentials === void 0 ? void 0 : credentials.name) || '');
+    if (account && await srpCheck(account.username, credentials.pass))
+        return account;
+}
+async function srpCheck(username, password) {
+    const account = (0, perm_1.getAccount)(username);
+    if (!(account === null || account === void 0 ? void 0 : account.srp) || !password)
+        return false;
+    const { step1, salt, pubKey } = await (0, api_auth_1.srpStep1)(account);
+    const client = new tssrp6a_1.SRPClientSession(new tssrp6a_1.SRPRoutines(new tssrp6a_1.SRPParameters()));
+    const clientRes1 = await client.step1(username, password);
+    const clientRes2 = await clientRes1.step2(BigInt(salt), BigInt(pubKey));
+    return await step1.step2(clientRes2.A, clientRes2.M1).then(() => true, () => false);
+}
+// unify get/post parameters, with JSON decoding to not be limited to strings
+const paramsDecoder = async (ctx, next) => {
+    ctx.params = ctx.method === 'POST' ? (0, misc_1.tryJson)(await stream2string(ctx.req))
+        : (0, misc_1.objSameKeys)(ctx.query, x => Array.isArray(x) ? x : (0, misc_1.tryJson)(x));
+    await next();
+};
+exports.paramsDecoder = paramsDecoder;
+async function stream2string(stream) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        stream.on('data', chunk => data += chunk);
+        stream.on('error', reject);
+        stream.on('end', () => {
+            try {
+                resolve(data);
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    });
+}