hfs 0.43.0 → 0.44.0

package/src/vfs.js

@@ -4,7 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.masksCouldGivePermission = exports.walkNode = exports.statusCodeForMissingPerm = exports.hasPermission = exports.nodeIsDirectory = exports.getNodeName = exports.saveVfs = exports.vfs = exports.urlToNode = exports.isSameFilenameAs = exports.MIME_AUTO = exports.defaultPerms = exports.WHO_ANY_ACCOUNT = exports.WHO_NO_ONE = exports.WHO_ANYONE = void 0;
+exports.parentMaskApplier = exports.masksCouldGivePermission = exports.walkNode = exports.statusCodeForMissingPerm = exports.hasPermission = exports.nodeIsDirectory = exports.getNodeName = exports.saveVfs = exports.vfs = exports.urlToNode = exports.applyParentToChild = exports.isSameFilenameAs = exports.MIME_AUTO = exports.PERM_KEYS = exports.defaultPerms = exports.WHO_ANY_ACCOUNT = exports.WHO_NO_ONE = exports.WHO_ANYONE = void 0;
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = require("path");
 const misc_1 = require("./misc");
@@ -17,17 +17,21 @@ exports.WHO_ANYONE = true;
 exports.WHO_NO_ONE = false;
 exports.WHO_ANY_ACCOUNT = '*';
 exports.defaultPerms = {
-    can_see: exports.WHO_ANYONE,
+    can_see: 'can_read',
     can_read: exports.WHO_ANYONE,
-    can_list: exports.WHO_ANYONE,
+    can_list: 'can_read',
     can_upload: exports.WHO_NO_ONE,
     can_delete: exports.WHO_NO_ONE,
 };
+exports.PERM_KEYS = (0, misc_1.typedKeys)(exports.defaultPerms);
 exports.MIME_AUTO = 'auto';
 function inheritFromParent(parent, child) {
     var _a, _b, _c;
-    for (const k of (0, misc_1.typedKeys)(exports.defaultPerms))
-        (_a = child[k]) !== null && _a !== void 0 ? _a : (child[k] = parent[k]);
+    for (const k of (0, misc_1.typedKeys)(exports.defaultPerms)) {
+        const v = parent[k];
+        if (v !== undefined) // small optimization: don't expand the object
+            (_a = child[k]) !== null && _a !== void 0 ? _a : (child[k] = v);
+    }
     if (typeof parent.mime === 'object' && typeof child.mime === 'object')
         lodash_1.default.defaults(child.mime, parent.mime);
     else
@@ -40,6 +44,20 @@ function isSameFilenameAs(name) {
     return (other) => lc === (typeof other === 'string' ? other : getNodeName(other)).toLowerCase();
 }
 exports.isSameFilenameAs = isSameFilenameAs;
+function applyParentToChild(child, parent, name) {
+    const ret = {
+        ...child,
+        original: child,
+        isTemp: true,
+        parent,
+    };
+    name || (name = child ? getNodeName(child) : '');
+    inheritMasks(ret, parent, name);
+    parentMaskApplier(parent)(ret, name);
+    inheritFromParent(parent, ret);
+    return ret;
+}
+exports.applyParentToChild = applyParentToChild;
 async function urlToNode(url, ctx, parent = exports.vfs, getRest) {
     var _a;
     let initialSlashes = 0;
@@ -57,19 +75,11 @@ async function urlToNode(url, ctx, parent = exports.vfs, getRest) {
     }
     // does the tree node have a child that goes by this name?
     const child = (_a = parent.children) === null || _a === void 0 ? void 0 : _a.find(isSameFilenameAs(name));
-    const ret = {
-        ...child,
-        original: child,
-        isTemp: true,
-    };
-    inheritMasks(ret, parent, name);
-    applyMasks(ret, parent, name);
-    inheritFromParent(parent, ret);
+    if (!child && !parent.source)
+        return; // on tree or on disk
+    const ret = applyParentToChild(child, parent, name);
     if (child) // yes
         return urlToNode(rest, ctx, ret, getRest);
-    // not in the tree, we can see consider continuing on the disk
-    if (!parent.source)
-        return; // but then we need the current node to be linked to the disk, otherwise, we give up
     let onDisk = name;
     if (parent.rename) { // reverse the mapping
         for (const [from, to] of Object.entries(parent.rename))
@@ -124,15 +134,38 @@ async function nodeIsDirectory(node) {
 }
 exports.nodeIsDirectory = nodeIsDirectory;
 function hasPermission(node, perm, ctx) {
-    var _a;
-    return (node.source || perm !== 'can_upload') // Upload possible only if we know where to store. First check node.source because is supposedly faster.
-        && matchWho((_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm], ctx);
+    return !statusCodeForMissingPerm(node, perm, ctx, false);
 }
 exports.hasPermission = hasPermission;
-function statusCodeForMissingPerm(node, perm, ctx) {
-    if (hasPermission(node, perm, ctx))
-        return false;
-    return ctx.status = node[perm] === false ? const_1.HTTP_FORBIDDEN : const_1.HTTP_UNAUTHORIZED;
+function statusCodeForMissingPerm(node, perm, ctx, assign = true) {
+    const ret = getCode();
+    if (ret && assign)
+        ctx.status = ret;
+    return ret;
+    function getCode() {
+        var _a;
+        if (!node.source && perm === 'can_upload') // Upload possible only if we know where to store. First check node.source because is supposedly faster.
+            return const_1.HTTP_FORBIDDEN;
+        // calculate value of permission resolving references to other permissions, avoiding infinite loop
+        let who;
+        let max = exports.PERM_KEYS.length;
+        do {
+            who = (_a = node[perm]) !== null && _a !== void 0 ? _a : exports.defaultPerms[perm];
+            if (!max-- || typeof who !== 'string' || who === exports.WHO_ANY_ACCOUNT)
+                break;
+            perm = who;
+        } while (1);
+        if (Array.isArray(who)) {
+            const arr = who; // shut up ts
+            // check if I or any ancestor match `who`, but cache ancestors' usernames inside context state
+            const some = (0, misc_1.getOrSet)(ctx.state, 'usernames', () => (0, perm_1.getCurrentUsernameExpanded)(ctx))
+                .some((u) => arr.includes(u));
+            return some ? 0 : const_1.HTTP_UNAUTHORIZED;
+        }
+        return typeof who === 'boolean' ? (who ? 0 : const_1.HTTP_FORBIDDEN)
+            : who === exports.WHO_ANY_ACCOUNT ? (ctx.state.account ? 0 : const_1.HTTP_UNAUTHORIZED)
+                : (() => { throw Error('invalid permission: ' + who); })();
+    }
 }
 exports.statusCodeForMissingPerm = statusCodeForMissingPerm;
 // it's responsibility of the caller to verify you have list permission on parent, as callers have different needs.
@@ -141,6 +174,7 @@ async function* walkNode(parent, ctx, depth = 0, prefixPath = '', requiredPerm)
     var _a;
     const { children, source } = parent;
     const took = prefixPath ? undefined : new Set();
+    const maskApplier = parentMaskApplier(parent);
     if (children)
         for (const child of children) {
             const nodeName = getNodeName(child);
@@ -196,7 +230,7 @@ async function* walkNode(parent, ctx, depth = 0, prefixPath = '', requiredPerm)
     // item will be changed, so be sure to pass a temp node
     function canSee(item) {
         // we basename for depth>0 where we already have the rest of the path in the parent's url, and would be duplicated
-        applyMasks(item, parent, (0, path_1.basename)(getNodeName(item)));
+        maskApplier(item, (0, path_1.basename)(getNodeName(item)));
         inheritFromParent(parent, item);
         if (ctx && !hasPermission(item, 'can_see', ctx))
             return;
@@ -209,25 +243,45 @@ function masksCouldGivePermission(masks, perm) {
     return masks !== undefined && Object.values(masks).some(props => props[perm] || masksCouldGivePermission(props.masks, perm));
 }
 exports.masksCouldGivePermission = masksCouldGivePermission;
-function applyMasks(item, parent, virtualBasename) {
-    const { masks } = parent;
-    if (!masks)
-        return;
-    for (const [k, v] of Object.entries(masks))
-        if (k.startsWith('**/') && (0, misc_1.matches)(virtualBasename, k.slice(3))
-            || !k.includes('/') && (0, misc_1.matches)(virtualBasename, k))
-            lodash_1.default.defaults(item, v);
+function parentMaskApplier(parent) {
+    const matchers = Object.entries(parent.masks || {}).map(([k, v]) => {
+        k = k.startsWith('**/') ? k.slice(3) : !k.includes('/') ? k : '';
+        if (!k)
+            return;
+        const m = (0, misc_1.makeMatcher)(k);
+        return [m, v];
+    });
+    return (item, virtualBasename) => {
+        if (virtualBasename === undefined)
+            virtualBasename = getNodeName(item);
+        for (const entry of matchers) {
+            if (!entry)
+                continue;
+            const [matcher, mods] = entry;
+            if (!matcher(virtualBasename))
+                continue;
+            if (item.masks)
+                item.masks = lodash_1.default.merge(lodash_1.default.cloneDeep(mods.masks), item.masks); // item.masks must take precedence
+            lodash_1.default.defaults(item, mods);
+        }
+    };
 }
+exports.parentMaskApplier = parentMaskApplier;
 function inheritMasks(item, parent, virtualBasename) {
     const { masks } = parent;
     if (!masks)
         return;
     const o = {};
-    for (const [k, v] of Object.entries(masks))
-        if (k.startsWith('**/'))
-            o[k.slice(3)] = v;
-        else if (k.startsWith(virtualBasename + '/'))
-            o[k.slice(virtualBasename.length + 1)] = v;
+    for (const [k, v] of Object.entries(masks)) {
+        const neg = k[0] === '!' && k[1] !== '(' ? '!' : '';
+        const withoutNeg = neg ? k.slice(1) : k;
+        if (withoutNeg.startsWith('**'))
+            o[k] = v;
+        else if (withoutNeg.startsWith('*/'))
+            o[neg + withoutNeg.slice(2)] = v;
+        else if (withoutNeg.startsWith(virtualBasename + '/'))
+            o[neg + withoutNeg.slice(virtualBasename.length + 1)] = v;
+    }
     if (Object.keys(o).length)
         item.masks = lodash_1.default.defaults(item.masks, o);
 }
@@ -239,24 +293,18 @@ function renameUnderPath(rename, path) {
     delete rename[''];
     return lodash_1.default.isEmpty(rename) ? undefined : rename;
 }
-function matchWho(who, ctx) {
-    return who === exports.WHO_ANYONE
-        || who === exports.WHO_ANY_ACCOUNT && Boolean(ctx.state.account)
-        || Array.isArray(who) // check if I or any ancestor match `who`, but cache ancestors' usernames inside context state
-            && (0, misc_1.getOrSet)(ctx.state, 'usernames', () => (0, perm_1.getCurrentUsernameExpanded)(ctx)).some((u) => who.includes(u));
-}
 events_1.default.on('accountRenamed', (from, to) => {
-    recur(exports.vfs);
-    saveVfs();
-    function recur(n) {
+    ;
+    (function renameInNode(n) {
         var _a;
-        for (const k of (0, misc_1.typedKeys)(exports.defaultPerms))
-            replace(n[k]);
+        for (const k of exports.PERM_KEYS)
+            renameInPerm(n[k]);
         if (n.masks)
-            Object.values(n.masks).forEach(recur);
-        (_a = n.children) === null || _a === void 0 ? void 0 : _a.forEach(recur);
-    }
-    function replace(a) {
+            Object.values(n.masks).forEach(renameInNode);
+        (_a = n.children) === null || _a === void 0 ? void 0 : _a.forEach(renameInNode);
+    })(exports.vfs);
+    saveVfs();
+    function renameInPerm(a) {
         if (!Array.isArray(a))
             return;
         for (let i = 0; i < a.length; i++)

package/src/zip.js

@@ -26,16 +26,16 @@ async function zipStreamFromFolder(node, ctx) {
     const filter = (0, misc_1.pattern2filter)(String(ctx.query.search || ''));
     const walker = !list ? (0, vfs_1.walkNode)(node, ctx, Infinity, '', 'can_read')
         : (async function* () {
-            for await (const el of list) {
-                const subNode = await (0, vfs_1.urlToNode)(el, ctx, node);
+            for await (const uri of list) {
+                const subNode = await (0, vfs_1.urlToNode)(uri, ctx, node);
                 if (!subNode)
                     continue;
                 if (await (0, vfs_1.nodeIsDirectory)(subNode)) { // a directory needs to walked
                     if ((0, vfs_1.hasPermission)(subNode, 'can_list', ctx))
-                        yield* (0, vfs_1.walkNode)(subNode, ctx, Infinity, el + '/', 'can_read');
+                        yield* (0, vfs_1.walkNode)(subNode, ctx, Infinity, uri + '/', 'can_read');
                     continue;
                 }
-                let folder = (0, path_1.dirname)(el);
+                let folder = (0, path_1.dirname)(decodeURIComponent(uri)); // decodeURI() won't account for %23=#
                 folder = folder === '.' ? '' : folder + '/';
                 yield { ...subNode, name: folder + (0, vfs_1.getNodeName)(subNode) }; // reflect relative path in archive, otherwise way may have name-clashes
             }