npm - hfs - Versions diffs - 0.30.2 → 0.32.0 - Mend

hfs 0.30.2 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +1 -0
package/admin/assets/{index-14c10e11.js → index-9a29f12d.js} +118 -118
package/{frontend/assets/sha512-f6c517af.js → admin/assets/sha512-f75a38b7.js} +1 -1
package/admin/index.html +1 -1
package/frontend/assets/index-5318f55f.css +1 -0
package/frontend/assets/index-f7c62045.js +85 -0
package/{admin/assets/sha512-774b52d4.js → frontend/assets/sha512-0dc3c526.js} +1 -1
package/frontend/fontello.css +5 -3
package/frontend/fontello.woff2 +0 -0
package/frontend/index.html +2 -2
package/package.json +1 -1
package/plugins/download-counter/public/hits.js +1 -1
package/src/adminApis.js +2 -1
package/src/api.vfs.js +23 -4
package/src/apiMiddleware.js +9 -3
package/src/const.js +1 -1
package/src/frontEndApis.js +23 -1
package/src/middlewares.js +7 -3
package/src/util-files.js +5 -1
package/frontend/assets/index-6f1b310f.css +0 -1
package/frontend/assets/index-ea9ae7b4.js +0 -85

package/{admin/assets/sha512-774b52d4.js → frontend/assets/sha512-0dc3c526.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import{c as SF}from"./index-14c10e11.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
+import{c as SF}from"./index-f7c62045.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
  * [js-sha512]{@link https://github.com/emn178/js-sha512}
  *
  * @version 0.8.0

package/frontend/fontello.css CHANGED Viewed

@@ -1,6 +1,6 @@
 @font-face {
   font-family: 'fontello';
-  src: url('fontello.woff2?13171865') format('woff2');
+  src: url('fontello.woff2?1378305') format('woff2');
   font-weight: normal;
   font-style: normal;
 }
@@ -10,7 +10,7 @@
 @media screen and (-webkit-min-device-pixel-ratio:0) {
   @font-face {
     font-family: 'fontello';
-    src: url('../font/fontello.svg?13171865#fontello') format('svg');
+    src: url('../font/fontello.svg?1378305#fontello') format('svg');
   }
 }
 */
@@ -62,7 +62,9 @@
 .fa-user:before { content: '\e80a'; } /* '' */
 .fa-home:before { content: '\e80b'; } /* '' */
 .fa-key:before { content: '\e80c'; } /* '' */
+.fa-to-start:before { content: '\e80e'; } /* '' */
 .fa-retweet:before { content: '\e80f'; } /* '' */
+.fa-to-end:before { content: '\e810'; } /* '' */
 .fa-cancel-circled:before { content: '\e811'; } /* '' */
 .fa-search:before { content: '\e813'; } /* '' */
 .fa-logout:before { content: '\e814'; } /* '' */
@@ -74,4 +76,4 @@
 .fa-unlink:before { content: '\f127'; } /* '' */
 .fa-level-up:before { content: '\f148'; } /* '' */
 .fa-file-archive:before { content: '\f1c6'; } /* '' */
-.fa-trash:before { content: '\f1f8'; } /* '' */
+.fa-trash:before { content: '\e80d'; } /* '' */

package/frontend/fontello.woff2 CHANGED Viewed

Binary file

package/frontend/index.html CHANGED Viewed

@@ -6,8 +6,8 @@
     <link href="/fontello.css" rel="stylesheet" />
     <script>SESSION = _HFS_SESSION_</script>
     <title>File Server</title>
-    <script type="module" crossorigin src="/assets/index-ea9ae7b4.js"></script>
-    <link rel="stylesheet" href="/assets/index-6f1b310f.css">
+    <script type="module" crossorigin src="/assets/index-f7c62045.js"></script>
+    <link rel="stylesheet" href="/assets/index-5318f55f.css">
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hfs",
-  "version": "0.30.2",
+  "version": "0.32.0",
   "description": "HTTP File Server",
   "keywords": [
     "file server",

package/plugins/download-counter/public/hits.js CHANGED Viewed

@@ -1,5 +1,5 @@
 HFS.onEvent('additionalEntryProps', ({ entry }) => {
     const n = entry.hits
     if (typeof n === 'number')
-        return 'Hits: ' + n + ' - '
+        return 'Hits: ' + n + ' — '
 })

package/src/adminApis.js CHANGED Viewed

@@ -27,7 +27,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ctxAdminAccess = exports.localhostAdmin = exports.adminApis = void 0;
+exports.ctxAdminAccess = exports.favicon = exports.localhostAdmin = exports.adminApis = void 0;
 const apiMiddleware_1 = require("./apiMiddleware");
 const config_1 = require("./config");
 const listen_1 = require("./listen");
@@ -159,6 +159,7 @@ for (const [k, was] of Object.entries(exports.adminApis))
             : new apiMiddleware_1.ApiError(const_1.HTTP_UNAUTHORIZED, props);
     };
 exports.localhostAdmin = (0, config_1.defineConfig)('localhost_admin', true);
+exports.favicon = (0, config_1.defineConfig)('favicon');
 function ctxAdminAccess(ctx) {
     return !ctx.state.proxiedFor // we consider localhost_admin only if no proxy is detected
         && exports.localhostAdmin.get() && (0, misc_1.isLocalHost)(ctx)

package/src/api.vfs.js CHANGED Viewed

@@ -48,6 +48,25 @@ const apis = {
             };
         }
     },
+    async move_vfs({ from, parent }) {
+        var _a;
+        if (from <= '/' || !parent)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST);
+        const fromNode = await urlToNodeOriginal(from);
+        if (!fromNode)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'from not found');
+        const parentNode = await urlToNodeOriginal(parent);
+        if (!parentNode)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'parent not found');
+        const name = (0, vfs_1.getNodeName)(fromNode);
+        if ((_a = parentNode.children) === null || _a === void 0 ? void 0 : _a.find(x => name === (0, vfs_1.getNodeName)(x)))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'item with same name already present in destination');
+        const oldParent = await urlToNodeOriginal((0, path_1.dirname)(from));
+        lodash_1.default.pull(oldParent.children, fromNode);
+        (parentNode.children || (parentNode.children = [])).push(fromNode);
+        await (0, vfs_1.saveVfs)();
+        return {};
+    },
     async set_vfs({ uri, props }) {
         const n = await urlToNodeOriginal(uri);
         if (!n)
@@ -62,12 +81,12 @@ const apis = {
         await (0, vfs_1.saveVfs)();
         return n;
     },
-    async add_vfs({ under, source, name }) {
-        const n = under ? await urlToNodeOriginal(under) : vfs_1.vfs;
+    async add_vfs({ parent, source, name }) {
+        const n = parent ? await urlToNodeOriginal(parent) : vfs_1.vfs;
         if (!n)
-            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'invalid under');
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'invalid parent');
         if (n.isTemp || !await (0, vfs_1.nodeIsDirectory)(n))
-            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_ACCEPTABLE, 'invalid under');
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_ACCEPTABLE, 'invalid parent');
         if ((0, misc_1.isWindowsDrive)(source))
             source += '\\'; // slash must be included, otherwise it will refer to the cwd of that drive
         const a = n.children || (n.children = []);

package/src/apiMiddleware.js CHANGED Viewed

@@ -29,8 +29,14 @@ function apiMiddleware(apis) {
         }
         const csrf = ctx.cookies.get('csrf');
         // we don't rely on SameSite cookie option because it's https-only
-        let res = csrf && csrf !== ctx.params.csrf ? new ApiError(const_1.HTTP_UNAUTHORIZED, 'csrf')
-            : await apiFun(ctx.params || {}, ctx);
+        let res;
+        try {
+            res = csrf && csrf !== ctx.params.csrf ? new ApiError(const_1.HTTP_UNAUTHORIZED, 'csrf')
+                : await apiFun(ctx.params || {}, ctx);
+        }
+        catch (e) {
+            res = e;
+        }
         if (isAsyncGenerator(res))
             res = (0, misc_1.asyncGeneratorToReadable)(res);
         if (res instanceof stream_1.Readable) { // Readable, we'll go SSE-mode
@@ -45,7 +51,7 @@ function apiMiddleware(apis) {
             return ctx.status = res.status;
         }
         if (res instanceof Error) { // generic exception
-            ctx.body = String(res);
+            ctx.body = res.message || String(res);
             return ctx.status = const_1.HTTP_BAD_REQUEST;
         }
         ctx.body = res;

package/src/const.js CHANGED Viewed

@@ -38,7 +38,7 @@ exports.DEV = process.env.DEV || exports.argv.dev ? 'DEV' : '';
 exports.ORIGINAL_CWD = process.cwd();
 exports.HFS_STARTED = new Date();
 const PKG_PATH = (0, path_1.join)(__dirname, '..', 'package.json');
-exports.BUILD_TIMESTAMP = "2023-02-10T14:09:18.632Z";
+exports.BUILD_TIMESTAMP = "2023-02-13T10:07:32.320Z";
 const pkg = JSON.parse(fs.readFileSync(PKG_PATH, 'utf8'));
 exports.VERSION = pkg.version;
 exports.DAY = 86400000;

package/src/frontEndApis.js CHANGED Viewed

@@ -33,6 +33,11 @@ const api_file_list_1 = require("./api.file_list");
 const api_auth = __importStar(require("./api.auth"));
 const config_1 = require("./config");
 const events_1 = __importDefault(require("./events"));
+const util_files_1 = require("./util-files");
+const const_1 = require("./const");
+const vfs_1 = require("./vfs");
+const promises_1 = require("fs/promises");
+const path_1 = require("path");
 const customHeader = (0, config_1.defineConfig)('custom_header');
 exports.frontEndApis = {
     file_list: api_file_list_1.file_list,
@@ -48,7 +53,24 @@ exports.frontEndApis = {
                 list.custom({ name, data });
             }
         });
-    }
+    },
+    async create_folder({ path, name }, ctx) {
+        if (!(0, util_files_1.isValidFileName)(name) || (0, util_files_1.dirTraversal)(name))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad name');
+        const parentNode = await (0, vfs_1.urlToNode)(path);
+        if (!parentNode)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'parent not found');
+        const { source } = parentNode;
+        if (!source || !(0, vfs_1.hasPermission)(parentNode, 'can_upload', ctx))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_FORBIDDEN);
+        try {
+            await (0, promises_1.mkdir)((0, path_1.join)(source, name));
+            return {};
+        }
+        catch (e) {
+            return new apiMiddleware_1.ApiError(e.code === 'EEXIST' ? const_1.HTTP_CONFLICT : const_1.HTTP_BAD_REQUEST, e);
+        }
+    },
 };
 function notifyClient(ctx, name, data) {
     const { notificationChannel } = ctx.query;

package/src/middlewares.js CHANGED Viewed

@@ -26,6 +26,7 @@ const path_1 = require("path");
 const promises_1 = require("stream/promises");
 const formidable_1 = __importDefault(require("formidable"));
 const upload_1 = require("./upload");
+const adminApis_1 = require("./adminApis");
 exports.gzipper = (0, koa_compress_1.default)({
     threshold: 2048,
     gzip: { flush: require('zlib').constants.Z_SYNC_FLUSH },
@@ -95,6 +96,8 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
         }
         return;
     }
+    if (ctx.originalUrl === '/favicon.ico' && adminApis_1.favicon.get()) // originalUrl to not be subject to changes (vhosting plugin)
+        return (0, serveFile_1.serveFile)(adminApis_1.favicon.get())(ctx, next);
     const node = await (0, vfs_1.urlToNode)(path, ctx);
     if (!node)
         return ctx.status = const_1.HTTP_NOT_FOUND;
@@ -148,14 +151,14 @@ const someSecurity = async (ctx, next) => {
         if (const_1.DEV && proxy && [process.env.FRONTEND_PROXY, process.env.ADMIN_PROXY].includes(ctx.get('X-Forwarded-port')))
             proxy = '';
         if ((0, misc_1.dirTraversal)(decodeURI(ctx.path)))
-            return ctx.status = 418;
+            return ctx.status = const_1.HTTP_FOOL;
         if ((0, block_1.applyBlock)(ctx.socket, ctx.ip))
             return;
         proxyDetected || (proxyDetected = proxy > '');
         ctx.state.proxiedFor = proxy;
     }
     catch (_a) {
-        return ctx.status = 418;
+        return ctx.status = const_1.HTTP_FOOL;
     }
     return next();
 };
@@ -193,7 +196,8 @@ async function srpCheck(username, password) {
 }
 // unify get/post parameters, with JSON decoding to not be limited to strings
 const paramsDecoder = async (ctx, next) => {
-    ctx.params = ctx.method === 'POST' ? (0, misc_1.tryJson)(await (0, misc_1.stream2string)(ctx.req))
+    ctx.params = ctx.method === 'POST' && ctx.originalUrl.startsWith(const_1.API_URI)
+        ? (0, misc_1.tryJson)(await (0, misc_1.stream2string)(ctx.req))
         : (0, misc_1.objSameKeys)(ctx.query, x => Array.isArray(x) ? x : (0, misc_1.tryJson)(x));
     await next();
 };

package/src/util-files.js CHANGED Viewed

@@ -4,7 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.prepareFolder = exports.unzip = exports.dirStream = exports.adjustStaticPathForGlob = exports.isWindowsDrive = exports.dirTraversal = exports.watchDir = exports.readFileBusy = exports.isFile = exports.isDirectory = void 0;
+exports.isValidFileName = exports.prepareFolder = exports.unzip = exports.dirStream = exports.adjustStaticPathForGlob = exports.isWindowsDrive = exports.dirTraversal = exports.watchDir = exports.readFileBusy = exports.isFile = exports.isDirectory = void 0;
 const promises_1 = __importDefault(require("fs/promises"));
 const misc_1 = require("./misc");
 const fs_1 = require("fs");
@@ -152,3 +152,7 @@ async function prepareFolder(path, dirnameIt = true) {
     }
 }
 exports.prepareFolder = prepareFolder;
+function isValidFileName(name) {
+    return !/^\.\.?$|[/:*?"<>|\\]/.test(name);
+}
+exports.isValidFileName = isValidFileName;

package/frontend/assets/index-6f1b310f.css DELETED Viewed

@@ -1 +0,0 @@

- @charset "UTF-8";:root{height:100dvh;--bg: #fff;--text: #555;--faint-contrast: #0002;--mild-contrast: #0005;--good-contrast: #000a;--button-bg: #68a;--button-text: #fff;--focus-color: #468}:root .theme-dark{--bg: #000;--text: #999;--faint-contrast: #fff2;--mild-contrast: #fff5;--good-contrast: #fffa;--button-bg: #345;--button-text: #999;color-scheme:dark}:root .theme-dark a{color:#8ac}:root .theme-dark .dialog-closer{background:#633}:root .theme-dark .dialog-icon{color:#ccc}:root .theme-dark .dialog-icon .icon{color:#aaa;margin-left:-1px;font-size:95%}:root .theme-dark .dialog-backdrop{background:rgba(51,51,51,.7333333333)}:root .theme-dark .error-msg{color:#b88;background-color:#623}body{background:var(--bg);margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}body,button,select,input{font-size:12pt}#root{max-width:50em;margin:auto;min-height:100vh;display:flex;flex-direction:column}body,input{color:var(--text)}code{font-family:source-code-pro,Menlo,Monaco,Consolas,Courier New,monospace}input,select{padding:.3em .4em;border-radius:.5em;background:var(--bg);border-color:var(--mild-contrast);color:var(--good-contrast);max-width:100%;box-sizing:border-box}input[type=checkbox]{transform:scale(1.7);accent-color:var(--button-bg)}label input[type=checkbox]{margin-right:.8em}.hidden{display:none!important}.icon{font-size:1.2em}.icon.mirror:before{transform:scaleX(-1)}a{text-decoration:none;color:#57a}button{background-color:var(--button-bg);color:var(--button-text);padding:.5em 1em;border:transparent;text-decoration:none;border-radius:.3em;vertical-align:middle;cursor:pointer}button.toggled{opacity:.6}button:focus-visible,.breadcrumb:focus-visible{outline:3px solid var(--focus-color)}input:focus-visible,select:focus-visible,ul a:focus-visible{border-radius:.3em;border-color:transparent;outline:2px solid var(--focus-color)}.error-msg{background-color:#faa;color:#833;padding:.5em 1em}header{position:sticky;top:0;background:var(--bg);padding:.2em;z-index:1}.ani-working{animation:1s blink infinite}@keyframes blink{0%{opacity:1}50%{opacity:.2}}@keyframes spin{to{transform:rotate(360deg)}}@keyframes fade-in{0%{opacity:0}to{opacity:1}}.spinner,.icon.spinner:before{animation:1.5s spin infinite linear}.icon.emoji.spinner{display:inline-block}.breadcrumb{padding:.1em .6em .2em;line-height:1.8em;border-radius:.7em;background-color:var(--button-bg);color:var(--button-text);border-top:1px solid #666;margin-right:-.1em}.breadcrumb:nth-child(-n+3) .icon{padding:0 .2em}#folder-stats{font-size:90%;margin:.4em 0 0 .5em;float:right}#folder-stats .icon{margin-right:.3em}#filter{flex:1;margin:.2em auto;box-sizing:border-box}#filter-bar{display:flex;align-items:center;gap:.3em;margin:.3em 0 .1em;padding-left:11px}#filter-bar input[type=checkbox]{margin-right:.7em}ul.dir{flex:1;padding:0;margin:0;clear:both}ul.dir li{display:block;list-style-type:none;margin-bottom:.3em;padding:.3em;border-top:1px solid var(--button-bg)}ul.dir li input[type=checkbox]{margin:0 .8em}ul.dir li a{word-break:break-word;padding-right:.3em}ul.dir li a .icon{margin-right:.3em}ul.dir li a.container-folder:hover{text-decoration:underline}ul.dir li .entry-props{float:right;font-size:90%;margin-left:12px;margin-top:.2em}ul.dir li .entry-props .icon{margin:0 .3em}ul.dir li .entry-props .entry-size{display:inline-block}#menu-panel{margin-bottom:.2em}#menu-bar{display:flex;justify-content:space-evenly;flex-wrap:wrap}#menu-bar>*{flex:auto;margin:.1em}#menu-bar button{padding-left:0;padding-right:0}#menu-bar>a>button{width:100%}#searched{margin:.2em}#user-panel{display:flex;flex-direction:column;gap:1em}#user-panel a>button{width:100%}button label{cursor:inherit;margin-left:.5em}.dialog-backdrop.working{font-size:5em;animation:1s fade-in}.dialog-content{padding:.2em}.dialog{min-width:10em;--color: var(--button-bg)}#paging{display:flex;position:sticky;bottom:0;background:var(--bg);gap:.5em;overflow-x:auto}#paging>button{flex:1;background:var(--button-bg);text-align:center}.upload-progress:before{content:" \2013 "}.upload-progress{min-width:4em;display:inline-block;margin-left:.5em}.upload-list td:nth-child(1){width:0}.upload-list td:nth-child(2){text-align:right;width:0;white-space:nowrap;padding-left:.5em}.upload-list td:nth-child(3){padding:.2em .5em;word-break:break-word}.dialog-login form{display:flex;flex-direction:column;gap:1.2em}.dialog-login label{display:block;margin-bottom:.5em;margin-left:.1em}*{scrollbar-width:thin;scrollbar-color:var(--button-bg) var(--faint-contrast)}*::-webkit-scrollbar{width:12px}*::-webkit-scrollbar-track{background:var(--faint-contrast)}*::-webkit-scrollbar-thumb{background-color:var(--button-bg);border-radius:20px;border:1px solid var(--faint-contrast)}@media (max-width: 42em){body,button,select{font-size:14pt}#menu-bar button label,#filter-bar button label{display:none}#filter-bar{margin:.2em 0}#filter-bar button{width:17.6vw;height:2.3em}.breadcrumb{word-break:break-all}.breadcrumb .icon{font-size:24px}}.dialog-backdrop{position:fixed;inset:0;background:#888a;display:flex;justify-content:center;align-items:center;z-index:1000}.dialog{background:#fff;background:var(--bg);padding:max(.5em,1vw);border-radius:1em;position:relative;margin:0 3vw;overflow:hidden;max-height:calc(100vh - 2em)}.dialog-icon{color:#fff;background-color:var(--color);position:absolute;top:0;width:1.8em;height:1.7em;text-align:center;border-radius:.8em 0}.dialog-title{margin-top:-.4em;font-size:110%}.dialog-icon~.dialog-title{text-align:center}.dialog-closer{border-radius:0 .8em;right:0;padding:0;background-color:#c88}.dialog-icon~.dialog-content{margin-top:2em}.dialog-type{left:0;top:0;overflow:hidden;line-height:1.7em;opacity:.8}.dialog-content{overflow:auto;max-height:calc(100vh - 4.5em)}.dialog-content p{white-space:pre-wrap;margin:.5em 0}.dialog-confirm .dialog-content button{margin-top:1em}.dialog-alert-info{--color: #282 }.dialog-alert-warning{--color: #c91 }.dialog-alert-error{--color: #822}@media (max-width: 50em){.dialog-closer{font-size:120%}.dialog-icon~.dialog-content{margin-top:2em}}.dialog-prompt label{display:block;margin-bottom:.5em;margin-left:.1em}