hfs 0.35.0 → 0.37.0

package/{admin/assets/sha512-1ab69ff8.js → frontend/assets/sha512-065c5d7c.js}

@@ -1,4 +1,4 @@
-import{c as SF}from"./index-0859bb0d.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
+import{c as SF}from"./index-420a7286.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
  * [js-sha512]{@link https://github.com/emn178/js-sha512}
  *
  * @version 0.8.0

package/frontend/index.html

@@ -6,9 +6,9 @@
     <link href="/fontello.css" rel="stylesheet" />
     <link rel="icon"/>
     <script>SESSION = _HFS_SESSION_</script>
-    <title>File Server</title>
-    <script type="module" crossorigin src="/assets/index-21e40dc5.js"></script>
-    <link rel="stylesheet" href="/assets/index-c4c325e9.css">
+    <title>_HFS_TITLE_</title>
+    <script type="module" crossorigin src="/assets/index-420a7286.js"></script>
+    <link rel="stylesheet" href="/assets/index-216f7ea9.css">
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hfs",
-  "version": "0.35.0",
+  "version": "0.37.0",
   "description": "HTTP File Server",
   "keywords": [
     "file server",
@@ -27,7 +27,7 @@
     "dist-bin": "npm run dist-modules && cd dist && pkg . -C gzip && mv -f hfs-win-x64.exe hfs.exe && zip hfs-windows.zip hfs.exe -r plugins && cp -f hfs-linux-x64 hfs && zip hfs-linux.zip hfs -r plugins && cp -f hfs-macos-x64 hfs && zip hfs-mac.zip hfs -r plugins && cp -f hfs-macos-arm64 hfs && zip hfs-mac-arm.zip hfs -r plugins && rm hfs",
     "dist-modules": "cp package*.json dist && cd dist && npm ci --omit=dev && npm run dist-crclib && rm package-lock.json && cd .. && node prune_modules",
     "dist-crclib": "npm i -f --no-save --omit=dev @node-rs/crc32-win32-x64-msvc @node-rs/crc32-darwin-arm64 @node-rs/crc32-darwin-x64  ",
-    "dist-win": "npm run dist-modules && cd dist && pkg . -C gzip -t node16-win-x64 && zip hfs-windows.zip hfs.exe -r plugins",
+    "dist-win": "cp package*.json dist && cd dist && npm ci --omit=dev && npm i -f --no-save --omit=dev @node-rs/crc32-win32 && pkg . -C gzip -t node16-win-x64",
     "dist-node": "npm run dist-modules && cd dist && zip hfs-node.zip -r * -x *.zip *.exe hfs-* *.log logs"
   },
   "engines": {

package/src/adminApis.js

@@ -27,7 +27,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ctxAdminAccess = exports.favicon = exports.localhostAdmin = exports.adminApis = void 0;
+exports.ctxAdminAccess = exports.title = exports.favicon = exports.localhostAdmin = exports.adminApis = void 0;
 const apiMiddleware_1 = require("./apiMiddleware");
 const config_1 = require("./config");
 const listen_1 = require("./listen");
@@ -162,6 +162,7 @@ for (const [k, was] of Object.entries(exports.adminApis))
     };
 exports.localhostAdmin = (0, config_1.defineConfig)('localhost_admin', true);
 exports.favicon = (0, config_1.defineConfig)('favicon');
+exports.title = (0, config_1.defineConfig)('title', "File server");
 function ctxAdminAccess(ctx) {
     return !ctx.state.proxiedFor // we consider localhost_admin only if no proxy is detected
         && exports.localhostAdmin.get() && (0, misc_1.isLocalHost)(ctx)

package/src/api.monitor.js

@@ -77,6 +77,7 @@ const apis = {
         function fromCtx(ctx) {
             return ctx && {
                 user: (0, perm_1.getCurrentUsername)(ctx),
+                agent: getBrowser(ctx.get('user-agent')),
                 archive: ctx.state.archive,
                 path: (ctx.fileSource || ctx.state.archive) && ctx.path // only for downloading files
             };
@@ -102,3 +103,36 @@ function getConnAddress(conn) {
         port: conn.socket.remotePort,
     };
 }
+function getBrowser(agent) {
+    for (const [name, re] of Object.entries(BROWSERS))
+        if (re.test(agent))
+            return name;
+    return '';
+}
+const BROWSERS = {
+    YaBrowser: /yabrowser/i,
+    AlamoFire: /alamofire/i,
+    Edge: /edge|edga|edgios|edg/i,
+    PhantomJS: /phantomjs/i,
+    Konqueror: /konqueror/i,
+    Amaya: /amaya/i,
+    Epiphany: /epiphany/i,
+    SeaMonkey: /seamonkey/i,
+    Flock: /flock/i,
+    OmniWeb: /omniweb/i,
+    Opera: /opera|OPR\//i,
+    Chromium: /chromium/i,
+    Facebook: /FBA[NV]/,
+    Chrome: /chrome|crios/i,
+    WinJs: /msapphost/i,
+    IE: /msie|trident/i,
+    Firefox: /firefox|fxios/i,
+    Safari: /safari/i,
+    PS5: /playstation 5/i,
+    PS4: /playstation 4/i,
+    PS3: /playstation 3/i,
+    PSP: /playstation portable/i,
+    PS: /playstation/i,
+    Xbox: /xbox/i,
+    UC: /UCBrowser/i,
+};

package/src/api.vfs.js

@@ -63,10 +63,16 @@ const apis = {
         return {};
     },
     async set_vfs({ uri, props }) {
+        var _a;
         const n = await urlToNodeOriginal(uri);
         if (!n)
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'path not found');
         props = pickProps(props, ['name', 'source', 'masks', 'default', ...Object.keys(vfs_1.defaultPerms)]);
+        if (props.name && props.name !== (0, vfs_1.getNodeName)(n)) {
+            const parent = await urlToNodeOriginal((0, path_1.dirname)(uri));
+            if ((_a = parent === null || parent === void 0 ? void 0 : parent.children) === null || _a === void 0 ? void 0 : _a.find(x => (0, vfs_1.getNodeName)(x) === props.name))
+                return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'name already present');
+        }
         props = (0, misc_1.objSameKeys)(props, v => v === null ? undefined : v); // null is a way to serialize undefined, that will restore default values
         if (props.masks && typeof props.masks !== 'object')
             delete props.masks;
@@ -84,10 +90,10 @@ const apis = {
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_ACCEPTABLE, 'invalid parent');
         if ((0, misc_1.isWindowsDrive)(source))
             source += '\\'; // slash must be included, otherwise it will refer to the cwd of that drive
-        const a = n.children || (n.children = []);
-        if (source && a.find(x => x.source === source))
+        n.children || (n.children = []);
+        if (n.children.find(x => x.source === source || (0, vfs_1.getNodeName)(x) === name))
             return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'already present');
-        a.unshift({ source, name });
+        n.children.unshift({ source, name });
         await (0, vfs_1.saveVfs)();
         return {};
     },

package/src/const.js

@@ -27,7 +27,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.APP_PATH = exports.IS_WINDOWS = exports.HTTP_SERVER_ERROR = exports.HTTP_FOOL = exports.HTTP_RANGE_NOT_SATISFIABLE = exports.HTTP_PAYLOAD_TOO_LARGE = exports.HTTP_CONFLICT = exports.HTTP_NOT_ACCEPTABLE = exports.HTTP_METHOD_NOT_ALLOWED = exports.HTTP_NOT_FOUND = exports.HTTP_FORBIDDEN = exports.HTTP_UNAUTHORIZED = exports.HTTP_BAD_REQUEST = exports.HTTP_NOT_MODIFIED = exports.HTTP_TEMPORARY_REDIRECT = exports.HTTP_PARTIAL_CONTENT = exports.HTTP_NO_CONTENT = exports.HTTP_OK = exports.PLUGINS_PUB_URI = exports.API_URI = exports.ADMIN_URI = exports.FRONTEND_URI = exports.SPECIAL_URI = exports.COMPATIBLE_API_VERSION = exports.API_VERSION = exports.SESSION_DURATION = exports.DAY = exports.VERSION = exports.BUILD_TIMESTAMP = exports.HFS_STARTED = exports.ORIGINAL_CWD = exports.DEV = exports.argv = void 0;
+exports.APP_PATH = exports.IS_BINARY = exports.IS_WINDOWS = exports.HTTP_SERVER_ERROR = exports.HTTP_FOOL = exports.HTTP_RANGE_NOT_SATISFIABLE = exports.HTTP_PAYLOAD_TOO_LARGE = exports.HTTP_CONFLICT = exports.HTTP_NOT_ACCEPTABLE = exports.HTTP_METHOD_NOT_ALLOWED = exports.HTTP_NOT_FOUND = exports.HTTP_FORBIDDEN = exports.HTTP_UNAUTHORIZED = exports.HTTP_BAD_REQUEST = exports.HTTP_NOT_MODIFIED = exports.HTTP_TEMPORARY_REDIRECT = exports.HTTP_PARTIAL_CONTENT = exports.HTTP_NO_CONTENT = exports.HTTP_OK = exports.PLUGINS_PUB_URI = exports.API_URI = exports.ADMIN_URI = exports.FRONTEND_URI = exports.SPECIAL_URI = exports.COMPATIBLE_API_VERSION = exports.API_VERSION = exports.SESSION_DURATION = exports.DAY = exports.VERSION = exports.BUILD_TIMESTAMP = exports.HFS_STARTED = exports.ORIGINAL_CWD = exports.DEV = exports.argv = void 0;
 const minimist_1 = __importDefault(require("minimist"));
 const fs = __importStar(require("fs"));
 const os_1 = require("os");
@@ -38,7 +38,7 @@ exports.DEV = process.env.DEV || exports.argv.dev ? 'DEV' : '';
 exports.ORIGINAL_CWD = process.cwd();
 exports.HFS_STARTED = new Date();
 const PKG_PATH = (0, path_1.join)(__dirname, '..', 'package.json');
-exports.BUILD_TIMESTAMP = "2023-02-20T11:41:13.654Z";
+exports.BUILD_TIMESTAMP = "2023-02-24T21:59:58.935Z";
 const pkg = JSON.parse(fs.readFileSync(PKG_PATH, 'utf8'));
 exports.VERSION = pkg.version;
 exports.DAY = 86400000;
@@ -67,8 +67,8 @@ exports.HTTP_RANGE_NOT_SATISFIABLE = 416;
 exports.HTTP_FOOL = 418;
 exports.HTTP_SERVER_ERROR = 500;
 exports.IS_WINDOWS = process.platform === 'win32';
-const IS_BINARY = !(0, path_1.basename)(process.argv0).includes('node'); // this won't be node if pkg was used
-exports.APP_PATH = (0, path_1.dirname)(IS_BINARY ? process.argv0 : __dirname);
+exports.IS_BINARY = !(0, path_1.basename)(process.execPath).includes('node'); // this won't be node if pkg was used
+exports.APP_PATH = (0, path_1.dirname)(exports.IS_BINARY ? process.execPath : __dirname);
 // we want this to be the first stuff to be printed, then we print it in this module, that is executed at the beginning
 if (exports.DEV)
     console.clear();
@@ -81,7 +81,7 @@ console.log('version', exports.VERSION || '-');
 console.log('build', exports.BUILD_TIMESTAMP || '-');
 if (exports.argv.cwd)
     process.chdir(exports.argv.cwd);
-else if (!process.argv0.endsWith('.exe')) { // still considering whether to use this behavior with Windows users, who may be less accustomed to it
+else if (!process.execPath.endsWith('.exe')) { // still considering whether to use this behavior with Windows users, who may be less accustomed to it
     const dir = (0, path_1.join)((0, os_1.homedir)(), '.hfs');
     try {
         (0, fs_1.mkdirSync)(dir);

package/src/frontEndApis.js

@@ -63,11 +63,10 @@ exports.frontEndApis = {
         const parentNode = await (0, vfs_1.urlToNode)(path, ctx);
         if (!parentNode)
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'parent not found');
-        const { source } = parentNode;
-        if (!source || !(0, vfs_1.hasPermission)(parentNode, 'can_upload', ctx))
+        if (!(0, vfs_1.hasPermission)(parentNode, 'can_upload', ctx))
             return new apiMiddleware_1.ApiError(const_1.HTTP_FORBIDDEN);
         try {
-            await (0, promises_1.mkdir)((0, path_1.join)(source, name));
+            await (0, promises_1.mkdir)((0, path_1.join)(parentNode.source, name));
             return {};
         }
         catch (e) {

package/src/middlewares.js

@@ -115,7 +115,7 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
     const canRead = (0, vfs_1.hasPermission)(node, 'can_read', ctx);
     const isFolder = await (0, vfs_1.nodeIsDirectory)(node);
     if (isFolder && !path.endsWith('/'))
-        return ctx.redirect(path + '/');
+        return ctx.redirect(ctx.originalUrl + '/');
     if (canRead && !isFolder)
         return node.source ? (0, serveFile_1.serveFileNode)(node)(ctx, next)
             : next();

package/src/serveGuiFiles.js

@@ -82,6 +82,7 @@ async function treatIndex(ctx, body, filesUri) {
     return body
         .replace(/((?:src|href) *= *['"])\/?(?![a-z]+:\/\/)/g, '$1' + filesUri)
         .replace('<link rel="icon"/>', `<link rel="icon" href="${adminApis_1.favicon.get() ? '/favicon.ico' : 'data:;'}" />`)
+        .replace('_HFS_TITLE_', adminApis_1.title.get())
         .replace('_HFS_SESSION_', session instanceof apiMiddleware_1.ApiError ? 'null' : JSON.stringify(session))
         // replacing this text allow us to avoid injecting in frontends that don't support plugins. Don't use a <--comment--> or it will be removed by webpack
         .replace('_HFS_PLUGINS_', pluginsInjection);

package/src/update.js

@@ -19,7 +19,7 @@ async function getUpdate() {
 }
 exports.getUpdate = getUpdate;
 async function update() {
-    if (process.argv0.endsWith('node'))
+    if (!const_1.IS_BINARY)
         throw "only binary versions are supported for now";
     const update = await getUpdate();
     const assetSearch = { win32: 'windows', darwin: 'mac', linux: 'linux' }[process.platform];
@@ -30,7 +30,7 @@ async function update() {
         throw "asset not found";
     const url = asset.browser_download_url;
     console.log("downloading", url);
-    const bin = process.argv0;
+    const bin = process.execPath;
     const binPath = (0, path_1.dirname)(bin);
     const binFile = (0, path_1.basename)(bin);
     const newBinFile = 'new-' + binFile;
@@ -64,7 +64,7 @@ async function update() {
 }
 exports.update = update;
 if (const_1.argv.updating) { // we were launched with a temporary name, restore original name to avoid breaking references
-    const bin = process.argv0;
+    const bin = process.execPath;
     (0, fs_1.renameSync)(bin, (0, path_1.join)((0, path_1.dirname)(bin), const_1.argv.updating));
     console.log("renamed binary file to", const_1.argv.updating);
 }

package/src/upload.js

@@ -14,21 +14,25 @@ const config_1 = require("./config");
 const util_os_1 = require("./util-os");
 exports.deleteUnfinishedUploadsAfter = (0, config_1.defineConfig)('delete_unfinished_uploads_after');
 exports.minAvailableMb = (0, config_1.defineConfig)('min_available_mb', 100);
+const dontOverwriteUploading = (0, config_1.defineConfig)('dont_overwrite_uploading', false);
 const waitingToBeDeleted = {};
 function uploadWriter(base, path, ctx) {
-    if (!base.source || !(0, vfs_1.hasPermission)(base, 'can_upload', ctx))
+    if (!(0, vfs_1.hasPermission)(base, 'can_upload', ctx))
         return fail(base.can_upload === false ? const_1.HTTP_FORBIDDEN : const_1.HTTP_UNAUTHORIZED);
     const fullPath = (0, path_1.join)(base.source, path);
     const dir = (0, path_1.dirname)(fullPath);
     const min = exports.minAvailableMb.get() * (1 << 20);
     const reqSize = Number(ctx.headers["content-length"]);
-    if (min && reqSize)
+    if (reqSize)
         try {
-            if (reqSize > (0, util_os_1.getFreeDiskSync)(dir) - min)
+            const free = (0, util_os_1.getFreeDiskSync)(dir);
+            if (typeof free !== 'number' || isNaN(free))
+                throw '';
+            if (reqSize > (0, util_os_1.getFreeDiskSync)(dir) - (min || 0))
                 return fail(const_1.HTTP_PAYLOAD_TOO_LARGE);
         }
         catch (e) {
-            console.warn("can't check disk size", String(e));
+            console.warn("can't check disk size", e.message || String(e));
         }
     fs_1.default.mkdirSync(dir, { recursive: true });
     const keepName = (0, path_1.basename)(fullPath).slice(-200);
@@ -59,12 +63,22 @@ function uploadWriter(base, path, ctx) {
     }
     cancelDeletion(tempName);
     ret.on('close', () => {
-        if (!ctx.req.aborted)
-            return fs_1.default.rename(tempName, fullPath, err => {
-                err && console.error("couldn't rename temp to", fullPath, String(err));
+        if (!ctx.req.aborted) {
+            let dest = fullPath;
+            if (dontOverwriteUploading.get() && fs_1.default.existsSync(dest)) {
+                const ext = (0, path_1.extname)(dest);
+                const base = dest.slice(0, -ext.length);
+                let i = 1;
+                do
+                    dest = `${base} (${i++})${ext}`;
+                while (fs_1.default.existsSync(dest));
+            }
+            return fs_1.default.rename(tempName, dest, err => {
+                err && console.error("couldn't rename temp to", dest, String(err));
                 if (resumable)
                     delayedDelete(resumable, 0);
             });
+        }
         if (resumable) // we don't want to be left with 2 temp files
             return delayedDelete(tempName, 0);
         const sec = exports.deleteUnfinishedUploadsAfter.get();

package/src/vfs.js

@@ -62,9 +62,9 @@ async function urlToNode(url, ctx, parent = exports.vfs, getRest) {
         original: child,
         isTemp: true,
     };
-    inheritFromParent(parent, ret);
     inheritMasks(ret, parent, name);
     applyMasks(ret, parent, name);
+    inheritFromParent(parent, ret);
     if (child) // yes
         return urlToNode(rest, ctx, ret, getRest);
     // not in the tree, we can see consider continuing on the disk
@@ -123,7 +123,8 @@ async function nodeIsDirectory(node) {
 exports.nodeIsDirectory = nodeIsDirectory;
 function hasPermission(node, perm, ctx) {
     var _a;
-    return matchWho((_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm], ctx)
+    return (node.source || perm !== 'can_upload') // Upload possible only if we know where to store. First check node.source because is supposedly faster.
+        && matchWho((_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm], ctx)
         && (perm !== 'can_see' || hasPermission(node, 'can_read', ctx)); // can_see is used to hide something you nonetheless can_read, so you MUST also can_read
 }
 exports.hasPermission = hasPermission;
@@ -165,8 +166,8 @@ async function* walkNode(parent, ctx, depth = 0, prefixPath = '') {
         // we basename for depth>0 where we already have the rest of the path in the parent's url, and would be duplicated
         const virtualBasename = (0, path_1.basename)(name);
         item.isTemp = true;
-        inheritFromParent(parent, item);
         applyMasks(item, parent, virtualBasename);
+        inheritFromParent(parent, item);
         if (ctx && !hasPermission(item, 'can_see', ctx))
             return;
         yield item;
@@ -181,10 +182,10 @@ function applyMasks(item, parent, virtualBasename) {
     const { masks } = parent;
     if (!masks)
         return;
-    for (const k in masks)
+    for (const [k, v] of Object.entries(masks))
         if (k.startsWith('**/') && (0, micromatch_1.isMatch)(virtualBasename, k.slice(3))
             || !k.includes('/') && (0, micromatch_1.isMatch)(virtualBasename, k))
-            Object.assign(item, masks[k]);
+            lodash_1.default.defaults(item, v);
 }
 function inheritMasks(item, parent, virtualBasename) {
     const { masks } = parent;
@@ -197,7 +198,7 @@ function inheritMasks(item, parent, virtualBasename) {
         else if (k.startsWith(virtualBasename + '/'))
             o[k.slice(virtualBasename.length + 1)] = v;
     if (Object.keys(o).length)
-        item.masks = o;
+        item.masks = lodash_1.default.defaults(item.masks, o);
 }
 function renameUnderPath(rename, path) {
     if (!rename)