hfs 0.26.9 → 0.29.0

package/src/vfs.js

@@ -1,5 +1,5 @@
 "use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -21,6 +21,7 @@ const WHO_ANY_ACCOUNT = '*';
 exports.defaultPerms = {
     can_see: WHO_ANYONE,
     can_read: WHO_ANYONE,
+    can_upload: WHO_NO_ONE,
 };
 exports.MIME_AUTO = 'auto';
 function inheritFromParent(parent, child) {
@@ -36,7 +37,7 @@ function inheritFromParent(parent, child) {
         child.mime || (child.mime = parent.mime);
     return child;
 }
-async function urlToNode(url, ctx, parent = exports.vfs) {
+async function urlToNode(url, ctx, parent = exports.vfs, getRest) {
     var _a;
     let initialSlashes = 0;
     while (url[initialSlashes] === '/')
@@ -48,25 +49,23 @@ async function urlToNode(url, ctx, parent = exports.vfs) {
     const rest = nextSlash < 0 ? '' : url.slice(nextSlash + 1, url.endsWith('/') ? -1 : undefined);
     if ((0, misc_1.dirTraversal)(name) || /[\/]/.test(name)) {
         if (ctx)
-            ctx.status = 418;
+            ctx.status = const_1.HTTP_FOOL;
         return;
     }
-    const parents = parent.parents || []; // don't waste time cloning the array, as we won't keep intermediate nodes
+    // does the tree node have a child that goes by this name?
+    const sameName = !const_1.IS_WINDOWS ? (x) => x === name // easy
+        : (0, misc_2.with_)(name.toLowerCase(), lc => (x) => x.toLowerCase() === lc);
+    const child = (_a = parent.children) === null || _a === void 0 ? void 0 : _a.find(x => sameName(getNodeName(x)));
     const ret = {
+        ...child,
+        original: child,
         isTemp: true,
-        url: (0, misc_1.enforceFinal)('/', parent.url || '') + name,
-        parents,
     };
-    parents.push(parent);
     inheritFromParent(parent, ret);
     inheritMasks(ret, parent, name);
     applyMasks(ret, parent, name);
-    // does the tree node have a child that goes by this name?
-    const sameName = !const_1.IS_WINDOWS ? (x) => x === name // easy
-        : (0, misc_2.with_)(name.toLowerCase(), lc => (x) => x.toLowerCase() === lc);
-    const child = (_a = parent.children) === null || _a === void 0 ? void 0 : _a.find(x => sameName(getNodeName(x)));
     if (child) // yes
-        return urlToNode(rest, ctx, Object.assign(ret, child, { original: child }));
+        return urlToNode(rest, ctx, ret, getRest);
     // not in the tree, we can see consider continuing on the disk
     if (!parent.source)
         return; // but then we need the current node to be linked to the disk, otherwise, we give up
@@ -83,13 +82,16 @@ async function urlToNode(url, ctx, parent = exports.vfs) {
     if (parent.default)
         inheritFromParent({ mime: { '*': exports.MIME_AUTO } }, ret);
     if (rest)
-        return urlToNode(rest, ctx, ret);
+        return urlToNode(rest, ctx, ret, getRest);
     if (ret.source)
         try {
             await promises_1.default.stat(ret.source);
         } // check existence
         catch (_b) {
-            return;
+            if (!getRest)
+                return;
+            getRest(onDisk);
+            return parent;
         }
     return ret;
 }
@@ -101,11 +103,17 @@ function saveVfs() {
 }
 exports.saveVfs = saveVfs;
 function getNodeName(node) {
-    return node.name
-        || node.source && (/^[a-zA-Z]:\\?$/.test(node.source) && node.source.slice(0, 2)
-            || (0, path_1.basename)(node.source)
-            || node.source)
-        || ''; // should happen only for root
+    const { name, source: s } = node;
+    if (name)
+        return name;
+    if (!s)
+        return ''; // should happen only for root
+    if (/^[a-zA-Z]:\\?$/.test(s))
+        return s.slice(0, 2); // exclude trailing slash
+    const base = (0, path_1.basename)(s);
+    if (/^[./\\]*$/.test(base)) // if empty or special-chars-only
+        return (0, path_1.basename)((0, path_1.resolve)(s)); // resolve to try to get more
+    return base;
 }
 exports.getNodeName = getNodeName;
 async function nodeIsDirectory(node) {
@@ -115,18 +123,20 @@ exports.nodeIsDirectory = nodeIsDirectory;
 function hasPermission(node, perm, ctx) {
     var _a;
     return matchWho((_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm], ctx)
-        && (perm !== 'can_see' || hasPermission(node, 'can_read', ctx)); // for can_see you must also can_read
+        && (perm !== 'can_see' || hasPermission(node, 'can_read', ctx)); // can_see is used to hide something you nonetheless can_read, so you MUST also can_read
 }
 exports.hasPermission = hasPermission;
 async function* walkNode(parent, ctx, depth = 0, prefixPath = '') {
     var _a;
     const { children, source } = parent;
+    const took = prefixPath ? undefined : new Set();
     if (children)
-        for (let idx = 0; idx < children.length; idx++) {
-            const child = children[idx];
+        for (const child of children) {
+            const name = prefixPath + getNodeName(child);
+            took === null || took === void 0 ? void 0 : took.add(name);
             yield* workItem({
                 ...child,
-                name: prefixPath ? (prefixPath + getNodeName(child)) : child.name
+                name,
             }, depth > 0 && await nodeIsDirectory(child).catch(() => false));
         }
     if (!source)
@@ -135,9 +145,11 @@ async function* walkNode(parent, ctx, depth = 0, prefixPath = '') {
         for await (const path of (0, misc_1.dirStream)(source, depth)) {
             if (ctx === null || ctx === void 0 ? void 0 : ctx.req.aborted)
                 return;
-            const renamed = (_a = parent.rename) === null || _a === void 0 ? void 0 : _a[path];
+            const name = prefixPath + (((_a = parent.rename) === null || _a === void 0 ? void 0 : _a[path]) || path);
+            if (took === null || took === void 0 ? void 0 : took.has(name))
+                continue;
             yield* workItem({
-                name: prefixPath + (renamed || path),
+                name,
                 source: (0, path_1.join)(source, path),
                 rename: renameUnderPath(parent.rename, path),
             });
@@ -151,12 +163,7 @@ async function* walkNode(parent, ctx, depth = 0, prefixPath = '') {
         const name = getNodeName(item);
         // we basename for depth>0 where we already have the rest of the path in the parent's url, and would be duplicated
         const virtualBasename = (0, path_1.basename)(name);
-        const url = (0, misc_1.enforceFinal)('/', parent.url || '') + virtualBasename;
-        Object.assign(item, {
-            isTemp: true,
-            url,
-            parents: [...parent.parents || [], parent],
-        });
+        item.isTemp = true;
         inheritFromParent(parent, item);
         applyMasks(item, parent, virtualBasename);
         if (ctx && !hasPermission(item, 'can_see', ctx))
@@ -183,11 +190,11 @@ function inheritMasks(item, parent, virtualBasename) {
     if (!masks)
         return;
     const o = {};
-    for (const k in masks)
+    for (const [k, v] of Object.entries(masks))
         if (k.startsWith('**/'))
-            o[k.slice(3)] = masks[k];
+            o[k.slice(3)] = v;
         else if (k.startsWith(virtualBasename + '/'))
-            o[k.slice(virtualBasename.length + 1)] = masks[k];
+            o[k.slice(virtualBasename.length + 1)] = v;
     if (Object.keys(o).length)
         item.masks = o;
 }
@@ -206,7 +213,7 @@ function matchWho(who, ctx) {
          (0, misc_1.getOrSet)(ctx.state, 'usernames', () => (0, perm_1.getCurrentUsernameExpanded)(ctx)).some((u) => who.includes(u)))();
 }
 function cantReadStatusCode(node) {
-    return node.can_read === false ? const_1.FORBIDDEN : const_1.UNAUTHORIZED;
+    return node.can_read === false ? const_1.HTTP_FORBIDDEN : const_1.HTTP_UNAUTHORIZED;
 }
 exports.cantReadStatusCode = cantReadStatusCode;
 events_1.default.on('accountRenamed', (from, to) => {
@@ -214,8 +221,8 @@ events_1.default.on('accountRenamed', (from, to) => {
     saveVfs();
     function recur(n) {
         var _a;
-        replace(n.can_see);
-        replace(n.can_read);
+        for (const k of (0, misc_1.typedKeys)(exports.defaultPerms))
+            replace(n[k]);
         if (n.masks)
             Object.values(n.masks).forEach(recur);
         (_a = n.children) === null || _a === void 0 ? void 0 : _a.forEach(recur);

package/src/watchLoad.js

@@ -1,5 +1,5 @@
 "use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };

package/src/zip.js

@@ -1,5 +1,5 @@
 "use strict";
-// This file is part of HFS - Copyright 2021-2022, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -13,16 +13,19 @@ const promises_1 = __importDefault(require("fs/promises"));
 const config_1 = require("./config");
 const path_1 = require("path");
 const serveFile_1 = require("./serveFile");
+const const_1 = require("./const");
 async function zipStreamFromFolder(node, ctx) {
-    ctx.status = 200;
+    var _a;
+    ctx.status = const_1.HTTP_OK;
     ctx.mime = 'zip';
-    const name = (0, vfs_1.getNodeName)(node);
-    ctx.attachment((name || 'archive') + '.zip');
+    // ctx.query.list is undefined | string | string[]
+    const list = (_a = (0, misc_1.wantArray)(ctx.query.list)[0]) === null || _a === void 0 ? void 0 : _a.split('*'); // we are using * as separator because it cannot be used in a file name and doesn't need url encoding
+    const name = (list === null || list === void 0 ? void 0 : list.length) === 1 ? (0, path_1.basename)(list[0]) : (0, vfs_1.getNodeName)(node);
+    ctx.attachment(((0, misc_1.isWindowsDrive)(name) ? name[0] : (name || 'archive')) + '.zip');
     const filter = (0, misc_1.pattern2filter)(String(ctx.query.search || ''));
-    const { list } = ctx.query;
     const walker = !list ? (0, vfs_1.walkNode)(node, ctx, Infinity)
         : (async function* () {
-            for await (const el of String(list).split('*')) { // we are using * as separator because it cannot be used in a file name and doesn't need url encoding
+            for await (const el of list) {
                 const subNode = await (0, vfs_1.urlToNode)(el, ctx, node);
                 if (!subNode || !(0, vfs_1.hasPermission)(subNode, 'can_read', ctx))
                     continue;