hfs 0.38.2 → 0.40.0

package/frontend/assets/index-ffbcd4c9.css

@@ -0,0 +1 @@
+@charset "UTF-8";:root{height:100dvh;--bg: #fff;--text: #555;--ghost-contrast: #8882;--faint-contrast: #8884;--mild-contrast: #8886;--good-contrast: #000a;--button-bg: #68a;--button-text: #eaeaea;--focus-color: #468;--separator: " \2013  "}:root .theme-dark{--bg: #000;--text: #999;--good-contrast: #fffa;--button-bg: #345;--button-text: #999;color-scheme:dark}:root .theme-dark a{color:#8ac}:root .theme-dark .dialog-closer{background:#633}:root .theme-dark .dialog-icon{color:#ccc}:root .theme-dark .dialog-icon .icon{color:#aaa;margin-left:-1px;font-size:95%}:root .theme-dark .dialog-backdrop{background:rgba(51,51,51,.7333333333)}:root .theme-dark .error-msg{color:#b88;background-color:#623}:root .theme-dark button.toggled{color:#eee}body{background:var(--bg);margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}body,button,select,input{font-size:12pt}#root{max-width:50em;margin:auto;min-height:100vh;display:flex;flex-direction:column}body,input{color:var(--text)}code{font-family:source-code-pro,Menlo,Monaco,Consolas,Courier New,monospace}input:not([type=checkbox]),select{padding:.3em .4em;border-radius:.5em;background:var(--bg);border-color:var(--mild-contrast);color:var(--good-contrast);max-width:100%;box-sizing:border-box;width:100%}input[type=checkbox]{transform:scale(1.7);accent-color:var(--button-bg)}label input[type=checkbox]{margin-right:.8em}select{text-align:center}.hidden{display:none!important}.icon{font-size:1.2em}.icon.mirror:before{transform:scaleX(-1)}a{text-decoration:none;color:#57a}button{background-color:var(--button-bg);color:var(--button-text);padding:.5em 1em;border:transparent;text-decoration:none;border-radius:.3em;vertical-align:middle;cursor:pointer}button.toggled{color:#fff;text-shadow:0 0 3px #fff}button:focus-visible,.breadcrumb:focus-visible{outline:3px solid var(--focus-color)}a>button{width:100%}input:focus-visible,select:focus-visible,ul a:focus-visible{border-radius:.3em;border-color:transparent;outline:2px solid var(--focus-color)}.error-msg{background-color:#faa;color:#833;padding:.5em 1em}header{position:sticky;top:0;background:var(--bg);padding:.2em;z-index:1}.before-sliding{width:0!important;flex:0!important;margin:0!important;height:0!important;padding:0!important;overflow:hidden!important;transition:all .5s}.show-sliding{transition:all .5s;overflow:clip;flex:1;white-space:nowrap}.ani-working{animation:1s blink infinite}@keyframes blink{0%{opacity:1}50%{opacity:.2}}@keyframes spin{to{transform:rotate(360deg)}}@keyframes fade-in{0%{opacity:0}to{opacity:1}}.spinner,.icon.spinner:before{animation:1.5s spin infinite linear}.icon.emoji.spinner{display:inline-block}.breadcrumb{padding:.1em .6em .2em;line-height:1.8em;border-radius:.7em;background-color:var(--button-bg);color:var(--button-text);border-top:1px solid #666;margin-right:-.1em}.breadcrumb:nth-child(-n+3) .icon{padding:0 .2em}#folder-stats,#filter-bar>span{font-size:90%}#folder-stats{margin:.4em 0 0 .5em;float:right}#folder-stats .icon{margin-right:.3em}#filter{flex:1;box-sizing:border-box}#filter-bar{display:flex;align-items:center;gap:.8em;margin:.2em 0 0;padding:2px 0 1px 11px;height:1.8em}#filter-bar input[type=checkbox]{margin-top:.5em}#filter-bar span:empty{display:none}ul.dir{flex:1;padding:0;margin:0;clear:both}ul.dir>p{text-align:center}ul.dir li{display:block;list-style-type:none;padding:.3em .3em .4em;border-bottom:1px solid var(--faint-contrast)}ul.dir li:nth-of-type(odd){background-color:var(--ghost-contrast)}ul.dir li input[type=checkbox]{margin:0 .8em}ul.dir li a:last-of-type{word-break:break-word;padding-right:.3em}ul.dir li a .icon{margin-right:.3em}ul.dir li a:hover{text-decoration:underline}ul.dir li .entry-props{float:right;font-size:90%;margin-left:4px;margin-top:.3em;font-variant-numeric:tabular-nums}ul.dir li .entry-props .entry-size-unit{margin-left:.3em}ul.dir li>div:last-of-type{clear:both}ul.dir li.page-separator{margin-top:1em;position:relative}ul.dir li.page-separator:before{content:attr(label);position:absolute;top:-1.8em;font-size:smaller;margin-left:calc(50% - 1em);opacity:.9}#menu-bar{display:flex;justify-content:space-evenly;flex-wrap:wrap}#menu-bar>*{flex:1;margin:.1em}#menu-bar button{padding-left:0;padding-right:0}#searched{margin:.2em}#user-panel{display:flex;flex-direction:column;gap:1em}#user-panel a>button{width:100%}button label{cursor:inherit;margin-left:.5em}.dialog-backdrop.working{font-size:5em;animation:1s fade-in}.dialog-content{padding:.2em}.dialog-alert .dialog-content{text-align:center}.dialog-alert .dialog-content p{text-align:left;display:inline-block}.dialog{min-width:11em;--color: var(--button-bg)}#paging{position:sticky;bottom:0;display:flex;gap:.1em;background:var(--bg);padding:0 .2em .2em}#paging>button{z-index:1}#paging button{box-shadow:0 0 .3em .3em #0003}#paging #paging-middle{padding:0 .5em;margin:0 -.3em;display:flex;gap:.5em;flex:1;overflow-x:auto}#paging #paging-middle>button{flex:1;padding-top:0;padding-bottom:0}#paging button{background:var(--button-bg);text-align:center;white-space:nowrap;padding:.5em}.upload-progress:before{content:var(--separator)}.entry-size:after{content:var(--separator)}.upload-progress{min-width:4em;display:inline-block;margin-left:.5em}.upload-list td:nth-child(1){width:0}.upload-list td:nth-child(2){text-align:right;width:0;white-space:nowrap;padding-left:.5em}.upload-list td:nth-child(3){padding:.2em .5em;word-break:break-word}.dialog-login form{display:flex;flex-direction:column;gap:1.2em}.dialog-login label{display:block;margin-bottom:.5em;margin-left:.1em}@media (min-width: 42em){body{scrollbar-width:thin;scrollbar-color:var(--button-bg) var(--ghost-contrast)}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:var(--ghost-contrast)}body::-webkit-scrollbar-thumb{background-color:var(--button-bg);border-radius:20px;border:1px solid var(--ghost-contrast)}}@media (max-width: 42em){:root{--ghost-contrast: #8883}body,button,select{font-size:14pt}#menu-bar button label,#filter-bar button label{display:none}#filter-bar{margin-top:.4em}#filter-bar button{width:17.6vw;height:2.3em}.breadcrumb{word-break:break-all}.breadcrumb .icon{font-size:24px}}.dialog-backdrop{position:fixed;inset:0;background:#888a;display:flex;justify-content:center;align-items:center;z-index:1000}.dialog{background:#fff;background:var(--bg);padding:max(.5em,1vw);border-radius:1em;position:relative;margin:0 3vw;overflow:hidden;max-height:calc(100vh - 2em);display:flex;justify-content:center}.dialog-icon{color:#fff;background-color:var(--color);position:absolute;top:0;width:1.8em;height:1.7em;text-align:center;border-radius:.8em 0}.dialog-title{margin-top:-.4em;font-size:110%;position:absolute}.dialog-icon~.dialog-title{text-align:center}.dialog-closer{border-radius:0 .8em;right:0;padding:0;background-color:#c88}.dialog-icon~.dialog-content{margin-top:2em}.dialog-type{left:0;top:0;overflow:hidden;line-height:1.7em;opacity:.8}.dialog-content{overflow:auto;max-height:calc(100vh - 4.5em)}.dialog-content p{white-space:pre-wrap;margin:.5em 0}.dialog-confirm .dialog-content button{margin-top:1em}.dialog-alert-info{--color: #282 }.dialog-alert-warning{--color: #c91 }.dialog-alert-error{--color: #822}@media (max-width: 42em){.dialog-icon{font-size:120%}.dialog-icon~.dialog-content{margin-top:2.5em}.dialog-title{margin-top:-.2em}}.dialog-prompt label{display:block;margin-bottom:.5em;margin-left:.1em}

package/{admin/assets/sha512-7ecaaeed.js → frontend/assets/sha512-5acbfc40.js}

@@ -1,4 +1,4 @@
-import{c as SF}from"./index-c7c100fa.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
+import{c as SF}from"./index-31f0430a.js";function OF(iF,hF){for(var eF=0;eF<hF.length;eF++){const tF=hF[eF];if(typeof tF!="string"&&!Array.isArray(tF)){for(const w in tF)if(w!=="default"&&!(w in iF)){const lF=Object.getOwnPropertyDescriptor(tF,w);lF&&Object.defineProperty(iF,w,lF.get?lF:{enumerable:!0,get:()=>tF[w]})}}}return Object.freeze(Object.defineProperty(iF,Symbol.toStringTag,{value:"Module"}))}var EF={},UF={get exports(){return EF},set exports(iF){EF=iF}};/*
  * [js-sha512]{@link https://github.com/emn178/js-sha512}
  *
  * @version 0.8.0

package/frontend/fontello.css

@@ -1,7 +1,6 @@
 @font-face {
   font-family: 'fontello';
-  src: url('fontello.woff2?1378305') format('woff2');
-  font-weight: normal;
+  src: url('fontello.woff2?66723712') format('woff2');  font-weight: normal;
   font-style: normal;
 }
 /* Chrome hack: SVG is rendered more smooth in Windozze. 100% magic, uncomment if you need it. */
@@ -10,7 +9,7 @@
 @media screen and (-webkit-min-device-pixel-ratio:0) {
   @font-face {
     font-family: 'fontello';
-    src: url('../font/fontello.svg?1378305#fontello') format('svg');
+    src: url('../font/fontello.svg?66723712#fontello') format('svg');
   }
 }
 */
@@ -50,11 +49,9 @@
 }
 
 .fa-cog:before { content: '\e800'; } /* '' */
-.fa-check-circled:before { content: '\e801'; } /* '' */
 .fa-doc:before { content: '\e802'; } /* '' */
 .fa-stop:before { content: '\e803'; } /* '' */
-.fa-download:before { content: '\e804'; } /* '' */
-.fa-upload:before { content: '\e805'; } /* '' */
+.fa-play:before { content: '\e804'; } /* '' */
 .fa-cancel:before { content: '\e806'; } /* '' */
 .fa-edit:before { content: '\e807'; } /* '' */
 .fa-check:before { content: '\e808'; } /* '' */
@@ -62,18 +59,19 @@
 .fa-user:before { content: '\e80a'; } /* '' */
 .fa-home:before { content: '\e80b'; } /* '' */
 .fa-key:before { content: '\e80c'; } /* '' */
-.fa-to-start:before { content: '\e80e'; } /* '' */
+.fa-trash:before { content: '\e80d'; } /* '' */
+.fa-to_start:before { content: '\e80e'; } /* '' */
 .fa-retweet:before { content: '\e80f'; } /* '' */
-.fa-to-end:before { content: '\e810'; } /* '' */
-.fa-cancel-circled:before { content: '\e811'; } /* '' */
+.fa-to_end:before { content: '\e810'; } /* '' */
 .fa-search:before { content: '\e813'; } /* '' */
 .fa-logout:before { content: '\e814'; } /* '' */
 .fa-spin6:before { content: '\e839'; } /* '' */
 .fa-crown:before { content: '\e844'; } /* '' */
+.fa-download:before { content: '\f02e'; } /* '' */
+.fa-upload:before { content: '\f02f'; } /* '' */
 .fa-filter:before { content: '\f0b0'; } /* '' */
 .fa-menu:before { content: '\f0c9'; } /* '' */
-.fa-quote-left:before { content: '\f10d'; } /* '' */
+.fa-quote:before { content: '\f10d'; } /* '' */
 .fa-unlink:before { content: '\f127'; } /* '' */
 .fa-level-up:before { content: '\f148'; } /* '' */
-.fa-file-archive:before { content: '\f1c6'; } /* '' */
-.fa-trash:before { content: '\e80d'; } /* '' */
+.fa-archive:before { content: '\f1c6'; } /* '' */

package/frontend/index.html

@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=0" />
     <link href="/fontello.css" rel="stylesheet" />
     
-    <script type="module" crossorigin src="/assets/index-4b763f31.js"></script>
-    <link rel="stylesheet" href="/assets/index-6d4e81f7.css">
+    <script type="module" crossorigin src="/assets/index-31f0430a.js"></script>
+    <link rel="stylesheet" href="/assets/index-ffbcd4c9.css">
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hfs",
-  "version": "0.38.2",
+  "version": "0.40.0",
   "description": "HTTP File Server",
   "keywords": [
     "file server",

package/plugins/vhosting/plugin.js

@@ -27,7 +27,7 @@ exports.init = api => {
                 if (!ctx.path.startsWith(api.const.API_URI) || ctx.params.path === undefined) return
                 let { referer } = ctx.headers
                 referer &&= new URL(referer).pathname
-                if (referer?.startsWith(api.const.ADMIN_URI)) return
+                if (referer?.startsWith(ctx.state.revProxyPath + api.const.ADMIN_URI)) return
                 toModify = ctx.params
             }
             const hosts = api.getConfig('hosts')

package/src/api.auth.js

@@ -117,7 +117,7 @@ exports.logout = logout;
 const refresh_session = async ({}, ctx) => {
     return !ctx.session ? new apiMiddleware_1.ApiError(const_1.HTTP_SERVER_ERROR) : {
         username: (0, perm_1.getCurrentUsername)(ctx),
-        adminUrl: (0, adminApis_1.ctxAdminAccess)(ctx) ? const_1.ADMIN_URI : undefined,
+        adminUrl: (0, adminApis_1.ctxAdminAccess)(ctx) ? ctx.state.revProxyPath + const_1.ADMIN_URI : undefined,
         ...makeExp(),
     };
 };

package/src/api.file_list.js

@@ -22,7 +22,9 @@ const file_list = async ({ path, offset, limit, search, omit, sse }, ctx) => {
     if ((0, misc_1.dirTraversal)(search))
         return fail(const_1.HTTP_FOOL);
     if (node.default)
-        return (sse ? list.custom : lodash_1.default.identity)({ redirect: path }); // sse will wrap the object in a 'custom' message, otherwise we plainly return the object
+        return (sse ? list.custom : lodash_1.default.identity)({
+            redirect: path // tell the browser to access the folder (instead of using this api), so it will get the default file
+        });
     if (!await (0, vfs_1.nodeIsDirectory)(node))
         return fail(const_1.HTTP_METHOD_NOT_ALLOWED);
     offset = Number(offset);

package/src/api.lang.js

@@ -8,8 +8,8 @@ const apiMiddleware_1 = require("./apiMiddleware");
 const lodash_1 = __importDefault(require("lodash"));
 const fast_glob_1 = __importDefault(require("fast-glob"));
 const promises_1 = require("fs/promises");
-const util_files_1 = require("./util-files");
 const const_1 = require("./const");
+const misc_1 = require("./misc");
 const PREFIX = 'hfs-lang-';
 const SUFFIX = '.json';
 const apis = {
@@ -44,7 +44,11 @@ const apis = {
             if (code.endsWith(SUFFIX)) // filename, actually
                 code = code.slice(PREFIX.length, -SUFFIX.length);
             validateCode(code);
-            await (0, promises_1.writeFile)(code2file(code), String(content), 'utf8');
+            const fn = code2file(code);
+            const s = content = String(content);
+            if (!(0, misc_1.tryJson)(s))
+                return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_ACCEPTABLE, "bad content for file " + fn);
+            await (0, promises_1.writeFile)(fn, s, 'utf8');
         }
         return {};
     }
@@ -54,6 +58,6 @@ function code2file(code) {
     return PREFIX + code.toLowerCase() + SUFFIX;
 }
 function validateCode(code) {
-    if (!(0, util_files_1.isValidFileName)(code) || (0, util_files_1.dirTraversal)(code))
-        throw new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad code');
+    if (!/^(\w\w)(-\w\w)*$/.test(code))
+        throw new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad code/filename');
 }

package/src/api.monitor.js

@@ -12,12 +12,17 @@ const throttler_1 = require("./throttler");
 const perm_1 = require("./perm");
 const apis = {
     async disconnect({ ip, port, wait }) {
+        var _a, _b;
         const match = lodash_1.default.matches({ ip, port });
         const c = (0, connections_1.getConnections)().find(c => match(getConnAddress(c)));
-        const waiter = (0, misc_1.pendingPromise)();
-        c === null || c === void 0 ? void 0 : c.socket.end(waiter.resolve);
-        if (wait)
-            await waiter;
+        if (c) {
+            const waiter = (0, misc_1.pendingPromise)();
+            c.socket.end(waiter.resolve);
+            (_a = c.ctx) === null || _a === void 0 ? void 0 : _a.res.end();
+            (_b = c.ctx) === null || _b === void 0 ? void 0 : _b.req.socket.end('');
+            if (wait)
+                await waiter;
+        }
         return { result: Boolean(c) };
     },
     get_connections({}, ctx) {

package/src/api.vfs.js

@@ -25,6 +25,7 @@ const apis = {
             defaultPerms: vfs_1.defaultPerms,
         };
         async function recur(node) {
+            var _a;
             const stats = Boolean(node.source) && await (0, promises_1.stat)(node.source).catch(e => false);
             const isDir = !node.source || stats && stats.isDirectory();
             const copyStats = stats ? lodash_1.default.pick(stats, ['size', 'ctime', 'mtime'])
@@ -35,7 +36,8 @@ const apis = {
             return {
                 ...copyStats,
                 ...node,
-                website: isDir && node.source && await (0, promises_1.stat)((0, path_1.join)(node.source, 'index.html')).then(() => true, () => undefined)
+                website: Boolean((_a = node.children) === null || _a === void 0 ? void 0 : _a.find((0, vfs_1.isSameFilenameAs)('index.html')))
+                    || isDir && node.source && await (0, promises_1.stat)((0, path_1.join)(node.source, 'index.html')).then(() => true, () => undefined)
                     || undefined,
                 name: isRoot ? undefined : (0, vfs_1.getNodeName)(node),
                 type: isDir ? 'folder' : undefined,
@@ -58,6 +60,8 @@ const apis = {
             return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'item with same name already present in destination');
         const oldParent = await urlToNodeOriginal((0, path_1.dirname)(from));
         lodash_1.default.pull(oldParent.children, fromNode);
+        if (lodash_1.default.isEmpty(oldParent.children))
+            delete oldParent.children;
         (parentNode.children || (parentNode.children = [])).push(fromNode);
         await (0, vfs_1.saveVfs)();
         return {};
@@ -91,7 +95,8 @@ const apis = {
         if ((0, misc_1.isWindowsDrive)(source))
             source += '\\'; // slash must be included, otherwise it will refer to the cwd of that drive
         n.children || (n.children = []);
-        if (n.children.find(x => x.source === source || (0, vfs_1.getNodeName)(x) === name))
+        const sameName = (0, vfs_1.isSameFilenameAs)(name);
+        if (n.children.find(x => source && source === x.source || sameName(x)))
             return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'already present');
         n.children.unshift({ source, name });
         await (0, vfs_1.saveVfs)();

package/src/apiMiddleware.js

@@ -31,8 +31,10 @@ function apiMiddleware(apis) {
         // we don't rely on SameSite cookie option because it's https-only
         let res;
         try {
-            res = csrf && csrf !== ctx.params.csrf ? new ApiError(const_1.HTTP_UNAUTHORIZED, 'csrf')
-                : await apiFun(ctx.params || {}, ctx);
+            if (params.path)
+                params.path = (0, misc_1.removeStarting)(ctx.state.revProxyPath, params.path);
+            res = csrf && csrf !== params.csrf ? new ApiError(const_1.HTTP_UNAUTHORIZED, 'csrf')
+                : await apiFun(params || {}, ctx);
         }
         catch (e) {
             res = e;

package/src/const.js

@@ -38,7 +38,7 @@ exports.DEV = process.env.DEV || exports.argv.dev ? 'DEV' : '';
 exports.ORIGINAL_CWD = process.cwd();
 exports.HFS_STARTED = new Date();
 const PKG_PATH = (0, path_1.join)(__dirname, '..', 'package.json');
-exports.BUILD_TIMESTAMP = "2023-03-07T12:16:23.728Z";
+exports.BUILD_TIMESTAMP = "2023-03-13T19:06:29.589Z";
 const pkg = JSON.parse(fs.readFileSync(PKG_PATH, 'utf8'));
 exports.VERSION = pkg.version;
 exports.DAY = 86400000;

package/src/index.js

@@ -43,6 +43,7 @@ function errorHandler(err) {
     if (const_1.DEV && code === 'ENOENT' && err.path.endsWith('sockjs-node'))
         return; // spam out dev stuff
     if (code === 'ECANCELED' || code === 'ECONNRESET' || code === 'ECONNABORTED' || code === 'EPIPE'
+        || code === 'ERR_STREAM_WRITE_AFTER_END' // happens disconnecting uploads, don't care
         || code === 'HPE_INVALID_EOF_STATE')
         return; // someone interrupted, don't care
     console.error('server error', err);

package/src/log.js

@@ -28,6 +28,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.log = exports.loggers = void 0;
+const stream_1 = require("stream");
 const config_1 = require("./config");
 const fs_1 = require("fs");
 const util = __importStar(require("util"));
@@ -81,44 +82,47 @@ const logRotation = (0, config_1.defineConfig)('log_rotation', 'weekly');
 function log() {
     const debounce = lodash_1.default.debounce(cb => cb(), 1000);
     return async (ctx, next) => {
-        var _a, _b;
-        await next();
-        const isError = ctx.status >= 400;
-        const logger = isError && accessErrorLog || accessLogger;
-        const rotate = (_a = logRotation.get()) === null || _a === void 0 ? void 0 : _a[0];
-        let { stream, last, path } = logger;
-        if (!stream)
-            return;
         const now = new Date();
-        const a = now.toString().split(' ');
-        logger.last = now;
-        if (rotate && last) { // rotation enabled and a file exists?
-            const passed = Number(now) - Number(last)
-                - 3600000; // be pessimistic and count a possible DST change
-            if (rotate === 'm' && (passed >= 31 * const_1.DAY || now.getMonth() !== last.getMonth())
-                || rotate === 'd' && (passed >= const_1.DAY || now.getDate() !== last.getDate()) // checking passed will solve the case when the day of the month is the same but a month has passed
-                || rotate === 'w' && (passed >= 7 * const_1.DAY || now.getDay() < last.getDay())) {
-                stream.end();
-                const postfix = last.getFullYear() + '-' + doubleDigit(last.getMonth() + 1) + '-' + doubleDigit(last.getDate());
-                try { // other logging requests shouldn't happen while we are renaming. Since this is very infrequent we can tolerate solving this by making it sync.
-                    (0, fs_1.renameSync)(path, path + '-' + postfix);
-                }
-                catch (e) { // ok, rename failed, but this doesn't mean we ain't gonna log
-                    console.error(e);
+        await next();
+        console.debug(ctx.status, ctx.method, ctx.path);
+        Promise.race([(0, stream_1.once)(ctx.res, 'finish'), (0, stream_1.once)(ctx.res, 'close')]).then(() => {
+            var _a, _b, _c, _d;
+            const isError = ctx.status >= 400;
+            const logger = isError && accessErrorLog || accessLogger;
+            const rotate = (_a = logRotation.get()) === null || _a === void 0 ? void 0 : _a[0];
+            let { stream, last, path } = logger;
+            if (!stream)
+                return;
+            logger.last = now;
+            if (rotate && last) { // rotation enabled and a file exists?
+                const passed = Number(now) - Number(last)
+                    - 3600000; // be pessimistic and count a possible DST change
+                if (rotate === 'm' && (passed >= 31 * const_1.DAY || now.getMonth() !== last.getMonth())
+                    || rotate === 'd' && (passed >= const_1.DAY || now.getDate() !== last.getDate()) // checking passed will solve the case when the day of the month is the same but a month has passed
+                    || rotate === 'w' && (passed >= 7 * const_1.DAY || now.getDay() < last.getDay())) {
+                    stream.end();
+                    const postfix = last.getFullYear() + '-' + doubleDigit(last.getMonth() + 1) + '-' + doubleDigit(last.getDate());
+                    try { // other logging requests shouldn't happen while we are renaming. Since this is very infrequent we can tolerate solving this by making it sync.
+                        (0, fs_1.renameSync)(path, path + '-' + postfix);
+                    }
+                    catch (e) { // ok, rename failed, but this doesn't mean we ain't gonna log
+                        console.error(e);
+                    }
+                    stream = logger.reopen(); // keep variable updated
+                    if (!stream)
+                        return;
                 }
-                stream = logger.reopen(); // keep variable updated
-                if (!stream)
-                    return;
             }
-        }
-        const format = '%s - %s [%s] "%s %s HTTP/%s" %d %s\n'; // Apache's Common Log Format
-        const date = a[2] + '/' + a[1] + '/' + a[3] + ':' + a[4] + ' ' + ((_b = a[5]) === null || _b === void 0 ? void 0 : _b.slice(3));
-        const user = (0, perm_1.getCurrentUsername)(ctx);
-        events_1.default.emit(logger.name, Object.assign(lodash_1.default.pick(ctx, ['ip', 'method', 'status', 'length']), { user, ts: now, uri: ctx.path }));
-        console.debug(ctx.status, ctx.method, ctx.path);
-        debounce(() => // once in a while we check if the file is still good (not deleted, etc), or we'll reopen it
-         (0, promises_1.stat)(logger.path).catch(() => logger.reopen())); // async = smoother but we may lose some entries
-        stream.write(util.format(format, ctx.ip, user || '-', date, ctx.method, ctx.path, ctx.req.httpVersion, ctx.status, ctx.length ? ctx.length.toString() : '-'));
+            const format = '%s - %s [%s] "%s %s HTTP/%s" %d %s\n'; // Apache's Common Log Format
+            const a = now.toString().split(' ');
+            const date = a[2] + '/' + a[1] + '/' + a[3] + ':' + a[4] + ' ' + ((_b = a[5]) === null || _b === void 0 ? void 0 : _b.slice(3));
+            const user = (0, perm_1.getCurrentUsername)(ctx);
+            const length = (_c = ctx.state.length) !== null && _c !== void 0 ? _c : ctx.length;
+            events_1.default.emit(logger.name, Object.assign(lodash_1.default.pick(ctx, ['ip', 'method', 'status']), { length, user, ts: now, uri: ctx.path }));
+            debounce(() => // once in a while we check if the file is still good (not deleted, etc), or we'll reopen it
+             (0, promises_1.stat)(logger.path).catch(() => logger.reopen())); // async = smoother but we may lose some entries
+            stream.write(util.format(format, ctx.ip, user || '-', date, ctx.method, ctx.path, ctx.req.httpVersion, ctx.status, (_d = length === null || length === void 0 ? void 0 : length.toString()) !== null && _d !== void 0 ? _d : '-'));
+        });
     };
 }
 exports.log = log;

package/src/middlewares.js

@@ -79,8 +79,8 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
         return next();
     if (path.startsWith(const_2.FRONTEND_URI))
         return serveFrontendPrefixed(ctx, next);
-    if (path + '/' === const_1.ADMIN_URI)
-        return ctx.redirect(const_1.ADMIN_URI);
+    if (path.length === const_1.ADMIN_URI.length - 1 && const_1.ADMIN_URI.startsWith(path))
+        return ctx.redirect(ctx.state.revProxyPath + const_1.ADMIN_URI);
     if (path.startsWith(const_1.ADMIN_URI))
         return serveAdminPrefixed(ctx, next);
     if (ctx.method === 'PUT') { // curl -T file url/
@@ -97,7 +97,7 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
         return;
     }
     if (ctx.originalUrl === '/favicon.ico' && adminApis_1.favicon.get()) // originalUrl to not be subject to changes (vhosting plugin)
-        return (0, serveFile_1.serveFile)(adminApis_1.favicon.get())(ctx, next);
+        return (0, serveFile_1.serveFile)(ctx, adminApis_1.favicon.get());
     const node = await (0, vfs_1.urlToNode)(path, ctx);
     if (!node)
         return ctx.status = const_1.HTTP_NOT_FOUND;
@@ -115,9 +115,9 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
     const canRead = (0, vfs_1.hasPermission)(node, 'can_read', ctx);
     const isFolder = await (0, vfs_1.nodeIsDirectory)(node);
     if (isFolder && !path.endsWith('/'))
-        return ctx.redirect(ctx.originalUrl + '/');
+        return ctx.redirect(ctx.state.revProxyPath + ctx.originalUrl + '/');
     if (canRead && !isFolder)
-        return node.source ? (0, serveFile_1.serveFileNode)(node)(ctx, next)
+        return node.source ? (0, serveFile_1.serveFileNode)(ctx, node)
             : next();
     if (!canRead) {
         ctx.status = (0, vfs_1.cantReadStatusCode)(node);
@@ -136,7 +136,7 @@ const serveGuiAndSharedFiles = async (ctx, next) => {
     if (node.default) {
         const def = await (0, vfs_1.urlToNode)(path + node.default, ctx);
         return !def ? next()
-            : (0, vfs_1.hasPermission)(def, 'can_read', ctx) ? (0, serveFile_1.serveFileNode)(def)(ctx, next)
+            : (0, vfs_1.hasPermission)(def, 'can_read', ctx) ? (0, serveFile_1.serveFileNode)(ctx, def)
                 : ctx.status = (0, vfs_1.cantReadStatusCode)(def);
     }
     return serveFrontendFiles(ctx, next);
@@ -173,6 +173,7 @@ const prepareState = async (ctx, next) => {
     // calculate these once and for all
     ctx.state.account = (_a = await getHttpAccount(ctx)) !== null && _a !== void 0 ? _a : (0, perm_1.getAccount)((_b = ctx.session) === null || _b === void 0 ? void 0 : _b.username, false);
     const conn = ctx.state.connection = (0, connections_1.socket2connection)(ctx.socket);
+    ctx.state.revProxyPath = ctx.get('x-forwarded-prefix');
     await next();
     if (conn)
         (0, connections_1.updateConnection)(conn, { ctx });

package/src/misc.js

@@ -18,7 +18,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.try_ = exports.stream2string = exports.tryJson = exports.same = exports.isLocalHost = exports.with_ = exports.typedKeys = exports.objRenameKey = exports.onOff = exports.pendingPromise = exports.onlyTruthy = exports.truthy = exports.pattern2filter = exports.onFirstEvent = exports.onProcessExit = exports.randomId = exports.getOrSet = exports.wantArray = exports.waitFor = exports.wait = exports.newObj = exports.setHidden = exports.prefix = exports.enforceFinal = exports.debounceAsync = void 0;
+exports.try_ = exports.stream2string = exports.tryJson = exports.same = exports.isLocalHost = exports.with_ = exports.typedKeys = exports.objRenameKey = exports.onOff = exports.pendingPromise = exports.onlyTruthy = exports.truthy = exports.pattern2filter = exports.onFirstEvent = exports.onProcessExit = exports.randomId = exports.getOrSet = exports.wantArray = exports.waitFor = exports.wait = exports.newObj = exports.setHidden = exports.prefix = exports.removeStarting = exports.enforceFinal = exports.debounceAsync = void 0;
 const path_1 = require("path");
 const lodash_1 = __importDefault(require("lodash"));
 const assert_1 = __importDefault(require("assert"));
@@ -31,6 +31,10 @@ function enforceFinal(sub, s) {
     return s.endsWith(sub) ? s : s + sub;
 }
 exports.enforceFinal = enforceFinal;
+function removeStarting(sub, s) {
+    return s.startsWith(sub) ? s.slice(sub.length) : s;
+}
+exports.removeStarting = removeStarting;
 function prefix(pre, v, post = '') {
     return v ? pre + v + post : '';
 }
@@ -104,7 +108,7 @@ onFirstEvent(process, ['exit', 'SIGQUIT', 'SIGTERM', 'SIGINT', 'SIGHUP'], signal
 function onFirstEvent(emitter, events, cb) {
     let already = false;
     for (const e of events)
-        emitter.on(e, (...args) => {
+        emitter.once(e, (...args) => {
             if (already)
                 return;
             already = true;

package/src/plugins.js

@@ -90,7 +90,7 @@ exports.getPluginConfigFields = getPluginConfigFields;
 function pluginsMiddleware() {
     return async (ctx, next) => {
         var _a;
-        const after = [];
+        const after = {};
         // run middleware plugins
         for (const [id, pl] of Object.entries(plugins))
             try {
@@ -98,11 +98,10 @@ function pluginsMiddleware() {
                 if (res === true)
                     ctx.pluginStopped = true;
                 if (typeof res === 'function')
-                    after.push(res);
+                    after[id] = res;
             }
             catch (e) {
-                console.log('error middleware plugin', id, String(e));
-                console.debug(e);
+                printError(id, e);
             }
         // expose public plugins' files
         const { path } = ctx;
@@ -111,14 +110,23 @@ function pluginsMiddleware() {
                 const a = path.substring(const_1.PLUGINS_PUB_URI.length).split('/');
                 const name = a.shift();
                 if (plugins.hasOwnProperty(name)) // do it only if the plugin is loaded
-                    await (0, serveFile_1.serveFile)(plugins[name].folder + '/public/' + a.join('/'), 'auto')(ctx, next);
+                    await (0, serveFile_1.serveFile)(ctx, plugins[name].folder + '/public/' + a.join('/'), 'auto');
                 return;
             }
             await next();
         }
-        for (const f of after)
-            await f();
+        for (const [id, f] of Object.entries(after))
+            try {
+                await f();
+            }
+            catch (e) {
+                printError(id, e);
+            }
     };
+    function printError(id, e) {
+        console.log('error middleware plugin', id, String(e));
+        console.debug(e);
+    }
 }
 exports.pluginsMiddleware = pluginsMiddleware;
 class Plugin {
@@ -222,10 +230,11 @@ async function rescan() {
             continue;
         const module = (0, path_1.resolve)(f);
         const { unwatch } = (0, watchLoad_1.watchLoad)(f, async () => {
+            var _a;
             try {
                 const alreadyRunning = plugins[id];
                 console.log(alreadyRunning ? "reloading plugin" : "loading plugin", id);
-                const { init, ...data } = await Promise.resolve().then(() => __importStar(require(module)));
+                const { init, ...data } = await (_a = module, Promise.resolve().then(() => __importStar(require(_a))));
                 delete data.default;
                 deleteModule(require.resolve(module)); // avoid caching at next import
                 calculateBadApi(data);

package/src/serveFile.js

@@ -15,63 +15,61 @@ const lodash_1 = __importDefault(require("lodash"));
 const path_1 = __importDefault(require("path"));
 const util_1 = require("util");
 const allowedReferer = (0, config_1.defineConfig)('allowed_referer', '');
-function serveFileNode(node) {
+function serveFileNode(ctx, node) {
+    var _a;
     const { source, mime } = node;
     const name = (0, vfs_1.getNodeName)(node);
     const mimeString = typeof mime === 'string' ? mime
         : lodash_1.default.find(mime, (val, mask) => (0, micromatch_1.isMatch)(name, mask));
-    return (ctx, next) => {
-        var _a;
-        const allowed = allowedReferer.get();
-        if (allowed) {
-            const ref = (_a = /\/\/([^:/]+)/.exec(ctx.get('referer'))) === null || _a === void 0 ? void 0 : _a[1]; // extract host from url
-            if (ref && ref !== host() // automatic accept if referer is basically the hosting domain
-                && !(0, micromatch_1.isMatch)(ref, allowed))
-                return ctx.status = const_1.HTTP_FORBIDDEN;
-            function host() {
-                const s = ctx.get('host');
-                return s[0] === '[' ? s.slice(1, s.indexOf(']')) : s === null || s === void 0 ? void 0 : s.split(':')[0];
-            }
+    const allowed = allowedReferer.get();
+    if (allowed) {
+        const ref = (_a = /\/\/([^:/]+)/.exec(ctx.get('referer'))) === null || _a === void 0 ? void 0 : _a[1]; // extract host from url
+        if (ref && ref !== host() // automatic accept if referer is basically the hosting domain
+            && !(0, micromatch_1.isMatch)(ref, allowed))
+            return ctx.status = const_1.HTTP_FORBIDDEN;
+        function host() {
+            const s = ctx.get('host');
+            return s[0] === '[' ? s.slice(1, s.indexOf(']')) : s === null || s === void 0 ? void 0 : s.split(':')[0];
         }
-        ctx.vfsNode = node; // useful to tell service files from files shared by the user
-        return serveFile(source || '', mimeString)(ctx, next);
-    };
+    }
+    ctx.vfsNode = node; // useful to tell service files from files shared by the user
+    return serveFile(ctx, source || '', mimeString);
 }
 exports.serveFileNode = serveFileNode;
 const mimeCfg = (0, config_1.defineConfig)('mime', { '*': 'auto' });
-function serveFile(source, mime, content) {
-    return async (ctx) => {
-        if (!source)
-            return;
-        const fn = path_1.default.basename(source);
-        mime = mime !== null && mime !== void 0 ? mime : lodash_1.default.find(mimeCfg.get(), (v, k) => k > '' && (0, micromatch_1.isMatch)(fn, k)); // isMatch throws on an empty string
-        if (mime === vfs_1.MIME_AUTO)
-            mime = mime_types_1.default.lookup(source) || '';
-        if (mime)
-            ctx.type = mime;
-        if (ctx.method === 'OPTIONS') {
-            ctx.status = const_1.HTTP_NO_CONTENT;
-            ctx.set({ Allow: 'OPTIONS, GET, HEAD' });
-            return;
-        }
-        if (ctx.method !== 'GET')
-            return ctx.status = const_1.HTTP_METHOD_NOT_ALLOWED;
-        try {
-            const stats = await (0, util_1.promisify)(fs_1.stat)(source); // using fs's function instead of fs/promises, because only the former is supported by pkg
-            ctx.set('Last-Modified', stats.mtime.toUTCString());
-            ctx.fileSource = source;
-            ctx.status = const_1.HTTP_OK;
-            if (ctx.fresh)
-                return ctx.status = const_1.HTTP_NOT_MODIFIED;
-            if (content !== undefined)
-                return ctx.body = content;
-            const range = getRange(ctx, stats.size);
-            ctx.body = (0, fs_1.createReadStream)(source, range);
-        }
-        catch (e) {
-            return ctx.status = const_1.HTTP_NOT_FOUND;
-        }
-    };
+async function serveFile(ctx, source, mime, content) {
+    if (!source)
+        return;
+    const fn = path_1.default.basename(source);
+    if (ctx.params.dl !== undefined) // please, download
+        ctx.attachment(fn);
+    mime = mime !== null && mime !== void 0 ? mime : lodash_1.default.find(mimeCfg.get(), (v, k) => k > '' && (0, micromatch_1.isMatch)(fn, k)); // isMatch throws on an empty string
+    if (mime === vfs_1.MIME_AUTO)
+        mime = mime_types_1.default.lookup(source) || '';
+    if (mime)
+        ctx.type = mime;
+    if (ctx.method === 'OPTIONS') {
+        ctx.status = const_1.HTTP_NO_CONTENT;
+        ctx.set({ Allow: 'OPTIONS, GET, HEAD' });
+        return;
+    }
+    if (ctx.method !== 'GET')
+        return ctx.status = const_1.HTTP_METHOD_NOT_ALLOWED;
+    try {
+        const stats = await (0, util_1.promisify)(fs_1.stat)(source); // using fs's function instead of fs/promises, because only the former is supported by pkg
+        ctx.set('Last-Modified', stats.mtime.toUTCString());
+        ctx.fileSource = source;
+        ctx.status = const_1.HTTP_OK;
+        if (ctx.fresh)
+            return ctx.status = const_1.HTTP_NOT_MODIFIED;
+        if (content !== undefined)
+            return ctx.body = content;
+        const range = getRange(ctx, stats.size);
+        ctx.body = (0, fs_1.createReadStream)(source, range);
+    }
+    catch (e) {
+        return ctx.status = const_1.HTTP_NOT_FOUND;
+    }
 }
 exports.serveFile = serveFile;
 function getRange(ctx, totalSize) {