npm - hfs - Versions diffs - 3.0.7 → 3.1.0-alpha2 - Mend

hfs 3.0.7 → 3.1.0-alpha2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/README.md +1 -1
package/admin/assets/index-CDiYkO8j.css +1 -0
package/admin/assets/index-Dm5BN1iZ.js +1 -0
package/admin/assets/index-P5i8LyWl.js +822 -0
package/admin/assets/{sha512-gDcjPgJS.js → sha512-DG-ElrDe.js} +1 -1
package/admin/flags/freakflags.css +284 -0
package/admin/flags/sprite.png +0 -0
package/admin/index.html +3 -2
package/frontend/assets/index-legacy-CG_og8xL.js +1 -0
package/frontend/assets/index-legacy-DDLKWGcm.js +9 -0
package/frontend/assets/{sha512-legacy-BBwwadDl.js → sha512-legacy-D1zEZzDe.js} +1 -1
package/frontend/fontello.css +3 -1
package/frontend/fontello.woff2 +0 -0
package/frontend/index.html +1 -1
package/npm-shrinkwrap.json +16409 -0
package/package.json +12 -11
package/plugins/antibrute/plugin.js +14 -3
package/src/AsapStream.js +49 -0
package/src/ThrottledStream.js +1 -1
package/src/adminApis.js +16 -5
package/src/api.accounts.js +1 -6
package/src/api.auth.js +103 -100
package/src/api.get_file_list.js +7 -0
package/src/api.lang.js +1 -0
package/src/api.log.js +5 -3
package/src/api.monitor.js +5 -0
package/src/api.net.js +5 -0
package/src/api.plugins.js +13 -2
package/src/api.vfs.js +41 -28
package/src/apiMiddleware.js +5 -4
package/src/auth.js +39 -6
package/src/commands.js +16 -27
package/src/comments.js +4 -4
package/src/config.js +5 -2
package/src/const.js +2 -16
package/src/cross-const.js +5 -2
package/src/cross.js +21 -15
package/src/expiringCache.js +16 -5
package/src/fileAttr.js +1 -1
package/src/first.js +7 -4
package/src/frontEndApis.js +88 -102
package/src/github.js +32 -21
package/src/ips.js +1 -1
package/src/log.js +5 -3
package/src/middlewares.js +2 -1
package/src/misc.js +2 -20
package/src/perm.js +27 -12
package/src/persistence.js +1 -1
package/src/plugins.js +12 -6
package/src/serveFile.js +3 -3
package/src/serveGuiAndSharedFiles.js +3 -0
package/src/serveGuiFiles.js +2 -1
package/src/srp.js +5 -6
package/src/stat.js +4 -1
package/src/update.js +18 -25
package/src/upload.js +4 -3
package/src/util-files.js +2 -1
package/src/util-http.js +3 -3
package/src/vfs.js +4 -2
package/src/webdav.js +297 -0
package/admin/assets/index-Bj9Dk3JN.js +0 -822
package/admin/assets/index-Byv1_NxP.css +0 -1
package/admin/flags/ad.png +0 -0
package/admin/flags/ae.png +0 -0
package/admin/flags/af.png +0 -0
package/admin/flags/ag.png +0 -0
package/admin/flags/ai.png +0 -0
package/admin/flags/al.png +0 -0
package/admin/flags/am.png +0 -0
package/admin/flags/ao.png +0 -0
package/admin/flags/aq.png +0 -0
package/admin/flags/ar.png +0 -0
package/admin/flags/as.png +0 -0
package/admin/flags/at.png +0 -0
package/admin/flags/au.png +0 -0
package/admin/flags/aw.png +0 -0
package/admin/flags/ax.png +0 -0
package/admin/flags/az.png +0 -0
package/admin/flags/ba.png +0 -0
package/admin/flags/bb.png +0 -0
package/admin/flags/bd.png +0 -0
package/admin/flags/be.png +0 -0
package/admin/flags/bf.png +0 -0
package/admin/flags/bg.png +0 -0
package/admin/flags/bh.png +0 -0
package/admin/flags/bi.png +0 -0
package/admin/flags/bj.png +0 -0
package/admin/flags/bl.png +0 -0
package/admin/flags/bm.png +0 -0
package/admin/flags/bn.png +0 -0
package/admin/flags/bo.png +0 -0
package/admin/flags/bq.png +0 -0
package/admin/flags/br.png +0 -0
package/admin/flags/bs.png +0 -0
package/admin/flags/bt.png +0 -0
package/admin/flags/bv.png +0 -0
package/admin/flags/bw.png +0 -0
package/admin/flags/by.png +0 -0
package/admin/flags/bz.png +0 -0
package/admin/flags/ca.png +0 -0
package/admin/flags/cc.png +0 -0
package/admin/flags/cd.png +0 -0
package/admin/flags/cf.png +0 -0
package/admin/flags/cg.png +0 -0
package/admin/flags/ch.png +0 -0
package/admin/flags/ci.png +0 -0
package/admin/flags/ck.png +0 -0
package/admin/flags/cl.png +0 -0
package/admin/flags/cm.png +0 -0
package/admin/flags/cn.png +0 -0
package/admin/flags/co.png +0 -0
package/admin/flags/cr.png +0 -0
package/admin/flags/cu.png +0 -0
package/admin/flags/cv.png +0 -0
package/admin/flags/cw.png +0 -0
package/admin/flags/cx.png +0 -0
package/admin/flags/cy.png +0 -0
package/admin/flags/cz.png +0 -0
package/admin/flags/de.png +0 -0
package/admin/flags/dj.png +0 -0
package/admin/flags/dk.png +0 -0
package/admin/flags/dm.png +0 -0
package/admin/flags/do.png +0 -0
package/admin/flags/dz.png +0 -0
package/admin/flags/ec.png +0 -0
package/admin/flags/ee.png +0 -0
package/admin/flags/eg.png +0 -0
package/admin/flags/eh.png +0 -0
package/admin/flags/er.png +0 -0
package/admin/flags/es.png +0 -0
package/admin/flags/et.png +0 -0
package/admin/flags/fi.png +0 -0
package/admin/flags/fj.png +0 -0
package/admin/flags/fk.png +0 -0
package/admin/flags/fm.png +0 -0
package/admin/flags/fo.png +0 -0
package/admin/flags/fr.png +0 -0
package/admin/flags/ga.png +0 -0
package/admin/flags/gb-eng.png +0 -0
package/admin/flags/gb-nir.png +0 -0
package/admin/flags/gb-sct.png +0 -0
package/admin/flags/gb-wls.png +0 -0
package/admin/flags/gb.png +0 -0
package/admin/flags/gd.png +0 -0
package/admin/flags/ge.png +0 -0
package/admin/flags/gf.png +0 -0
package/admin/flags/gg.png +0 -0
package/admin/flags/gh.png +0 -0
package/admin/flags/gi.png +0 -0
package/admin/flags/gl.png +0 -0
package/admin/flags/gm.png +0 -0
package/admin/flags/gn.png +0 -0
package/admin/flags/gp.png +0 -0
package/admin/flags/gq.png +0 -0
package/admin/flags/gr.png +0 -0
package/admin/flags/gs.png +0 -0
package/admin/flags/gt.png +0 -0
package/admin/flags/gu.png +0 -0
package/admin/flags/gw.png +0 -0
package/admin/flags/gy.png +0 -0
package/admin/flags/hk.png +0 -0
package/admin/flags/hm.png +0 -0
package/admin/flags/hn.png +0 -0
package/admin/flags/hr.png +0 -0
package/admin/flags/ht.png +0 -0
package/admin/flags/hu.png +0 -0
package/admin/flags/id.png +0 -0
package/admin/flags/ie.png +0 -0
package/admin/flags/il.png +0 -0
package/admin/flags/im.png +0 -0
package/admin/flags/in.png +0 -0
package/admin/flags/io.png +0 -0
package/admin/flags/iq.png +0 -0
package/admin/flags/ir.png +0 -0
package/admin/flags/is.png +0 -0
package/admin/flags/it.png +0 -0
package/admin/flags/je.png +0 -0
package/admin/flags/jm.png +0 -0
package/admin/flags/jo.png +0 -0
package/admin/flags/jp.png +0 -0
package/admin/flags/ke.png +0 -0
package/admin/flags/kg.png +0 -0
package/admin/flags/kh.png +0 -0
package/admin/flags/ki.png +0 -0
package/admin/flags/km.png +0 -0
package/admin/flags/kn.png +0 -0
package/admin/flags/kp.png +0 -0
package/admin/flags/kr.png +0 -0
package/admin/flags/kw.png +0 -0
package/admin/flags/ky.png +0 -0
package/admin/flags/kz.png +0 -0
package/admin/flags/la.png +0 -0
package/admin/flags/lb.png +0 -0
package/admin/flags/lc.png +0 -0
package/admin/flags/li.png +0 -0
package/admin/flags/lk.png +0 -0
package/admin/flags/lr.png +0 -0
package/admin/flags/ls.png +0 -0
package/admin/flags/lt.png +0 -0
package/admin/flags/lu.png +0 -0
package/admin/flags/lv.png +0 -0
package/admin/flags/ly.png +0 -0
package/admin/flags/ma.png +0 -0
package/admin/flags/mc.png +0 -0
package/admin/flags/md.png +0 -0
package/admin/flags/me.png +0 -0
package/admin/flags/mf.png +0 -0
package/admin/flags/mg.png +0 -0
package/admin/flags/mh.png +0 -0
package/admin/flags/mk.png +0 -0
package/admin/flags/ml.png +0 -0
package/admin/flags/mm.png +0 -0
package/admin/flags/mn.png +0 -0
package/admin/flags/mo.png +0 -0
package/admin/flags/mp.png +0 -0
package/admin/flags/mq.png +0 -0
package/admin/flags/mr.png +0 -0
package/admin/flags/ms.png +0 -0
package/admin/flags/mt.png +0 -0
package/admin/flags/mu.png +0 -0
package/admin/flags/mv.png +0 -0
package/admin/flags/mw.png +0 -0
package/admin/flags/mx.png +0 -0
package/admin/flags/my.png +0 -0
package/admin/flags/mz.png +0 -0
package/admin/flags/na.png +0 -0
package/admin/flags/nc.png +0 -0
package/admin/flags/ne.png +0 -0
package/admin/flags/nf.png +0 -0
package/admin/flags/ng.png +0 -0
package/admin/flags/ni.png +0 -0
package/admin/flags/nl.png +0 -0
package/admin/flags/no.png +0 -0
package/admin/flags/np.png +0 -0
package/admin/flags/nr.png +0 -0
package/admin/flags/nu.png +0 -0
package/admin/flags/nz.png +0 -0
package/admin/flags/om.png +0 -0
package/admin/flags/pa.png +0 -0
package/admin/flags/pe.png +0 -0
package/admin/flags/pf.png +0 -0
package/admin/flags/pg.png +0 -0
package/admin/flags/ph.png +0 -0
package/admin/flags/pk.png +0 -0
package/admin/flags/pl.png +0 -0
package/admin/flags/pm.png +0 -0
package/admin/flags/pn.png +0 -0
package/admin/flags/pr.png +0 -0
package/admin/flags/ps.png +0 -0
package/admin/flags/pt.png +0 -0
package/admin/flags/pw.png +0 -0
package/admin/flags/py.png +0 -0
package/admin/flags/qa.png +0 -0
package/admin/flags/re.png +0 -0
package/admin/flags/ro.png +0 -0
package/admin/flags/rs.png +0 -0
package/admin/flags/ru.png +0 -0
package/admin/flags/rw.png +0 -0
package/admin/flags/sa.png +0 -0
package/admin/flags/sb.png +0 -0
package/admin/flags/sc.png +0 -0
package/admin/flags/sd.png +0 -0
package/admin/flags/se.png +0 -0
package/admin/flags/sg.png +0 -0
package/admin/flags/sh.png +0 -0
package/admin/flags/si.png +0 -0
package/admin/flags/sj.png +0 -0
package/admin/flags/sk.png +0 -0
package/admin/flags/sl.png +0 -0
package/admin/flags/sm.png +0 -0
package/admin/flags/sn.png +0 -0
package/admin/flags/so.png +0 -0
package/admin/flags/sr.png +0 -0
package/admin/flags/ss.png +0 -0
package/admin/flags/st.png +0 -0
package/admin/flags/sv.png +0 -0
package/admin/flags/sx.png +0 -0
package/admin/flags/sy.png +0 -0
package/admin/flags/sz.png +0 -0
package/admin/flags/tc.png +0 -0
package/admin/flags/td.png +0 -0
package/admin/flags/tf.png +0 -0
package/admin/flags/tg.png +0 -0
package/admin/flags/th.png +0 -0
package/admin/flags/tj.png +0 -0
package/admin/flags/tk.png +0 -0
package/admin/flags/tl.png +0 -0
package/admin/flags/tm.png +0 -0
package/admin/flags/tn.png +0 -0
package/admin/flags/to.png +0 -0
package/admin/flags/tr.png +0 -0
package/admin/flags/tt.png +0 -0
package/admin/flags/tv.png +0 -0
package/admin/flags/tw.png +0 -0
package/admin/flags/tz.png +0 -0
package/admin/flags/ua.png +0 -0
package/admin/flags/ug.png +0 -0
package/admin/flags/um.png +0 -0
package/admin/flags/us.png +0 -0
package/admin/flags/uy.png +0 -0
package/admin/flags/uz.png +0 -0
package/admin/flags/va.png +0 -0
package/admin/flags/vc.png +0 -0
package/admin/flags/ve.png +0 -0
package/admin/flags/vg.png +0 -0
package/admin/flags/vi.png +0 -0
package/admin/flags/vn.png +0 -0
package/admin/flags/vu.png +0 -0
package/admin/flags/wf.png +0 -0
package/admin/flags/ws.png +0 -0
package/admin/flags/xk.png +0 -0
package/admin/flags/ye.png +0 -0
package/admin/flags/yt.png +0 -0
package/admin/flags/za.png +0 -0
package/admin/flags/zm.png +0 -0
package/admin/flags/zw.png +0 -0
package/frontend/assets/index-legacy-COBT1YmS.js +0 -50

package/src/srp.js CHANGED Viewed

@@ -3,19 +3,18 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.srpClientSequence = srpClientSequence;
 exports.srpClientPart = srpClientPart;
-const tssrp6a_1 = require("tssrp6a");
-async function srpClientSequence(username, password, apiCall, extra) {
+async function srpClientSequence(srp, username, password, apiCall, extra) {
     const { pubKey, salt } = await apiCall('loginSrp1', { username });
     if (!salt)
         throw Error('salt');
-    const client = await srpClientPart(username, password, salt, pubKey);
+    const client = await srpClientPart(srp, username, password, salt, pubKey);
     const res = await apiCall('loginSrp2', { pubKey: String(client.A), proof: String(client.M1), ...extra }); // bigint-s must be cast to string to be json-ed
     await client.step3(BigInt(res.proof)).catch(() => Promise.reject('trust'));
     return res;
 }
-async function srpClientPart(username, password, salt, pubKey) {
-    const srp6aNimbusRoutines = new tssrp6a_1.SRPRoutines(new tssrp6a_1.SRPParameters());
-    const srpClient = new tssrp6a_1.SRPClientSession(srp6aNimbusRoutines);
+async function srpClientPart(srp, username, password, salt, pubKey) {
+    const srp6aNimbusRoutines = new srp.SRPRoutines(new srp.SRPParameters());
+    const srpClient = new srp.SRPClientSession(srp6aNimbusRoutines);
     const res = await srpClient.step1(username, password);
     return await res.step2(BigInt(salt), BigInt(pubKey));
 }

package/src/stat.js CHANGED Viewed

@@ -4,9 +4,12 @@ exports.getStatWorker = getStatWorker;
 const node_worker_threads_1 = require("node:worker_threads");
 const node_fs_1 = require("node:fs");
 const cross_1 = require("./cross");
+const first_1 = require("./first");
 // all stat requests for the same worker are serialized, potentially introducing extra latency
 const pool = new Map();
 function getStatWorker(key) {
+    if (first_1.quitting)
+        return () => Promise.reject('quitting');
     const existing = pool.get(key);
     if (existing)
         return existing;
@@ -15,7 +18,7 @@ function getStatWorker(key) {
     const requests = new Map();
     worker.on('message', (msg) => {
         const k = msg.path;
-        requests.get(k)?.resolve(msg.error ? Promise.reject(new Error(msg.error))
+        requests.get(k)?.resolve(msg.error ? Promise.reject(Error(msg.error))
             : Object.setPrototypeOf(msg.result, node_fs_1.Stats.prototype));
         requests.delete(k);
     });

package/src/update.js CHANGED Viewed

@@ -19,7 +19,6 @@ const misc_1 = require("./misc");
 const fs_1 = require("fs");
 const plugins_1 = require("./plugins");
 const promises_1 = require("fs/promises");
-const open_1 = __importDefault(require("open"));
 const config_1 = require("./config");
 const util_os_1 = require("./util-os");
 const first_1 = require("./first");
@@ -134,14 +133,18 @@ async function update(tagOrUrl = '') {
     }
     if (url) {
         console.log("downloading", url);
-        const { body } = await (0, misc_1.httpWithBody)(url);
-        if (!body)
-            throw "Download failed for " + url;
-        await (0, promises_1.writeFile)(LOCAL_UPDATE, body);
+        try {
+            await (0, promises_1.writeFile)(LOCAL_UPDATE, await (0, misc_1.httpStream)(url));
+        }
+        catch (e) {
+            await (0, promises_1.rm)(LOCAL_UPDATE).catch(() => { }); // no leftovers
+            throw "Download failed for " + url + (0, misc_1.prefix)(' – ', e?.message);
+        }
+        console.debug("download finished");
     }
     const bin = process.execPath;
     const binPath = (0, path_1.dirname)(bin);
-    const binFile = 'hfs' + (const_1.IS_WINDOWS ? '.exe' : ''); // currently running bin could have been renamed
+    const binFile = 'hfs' + (const_1.IS_WINDOWS ? '.exe' : ''); // the bin we are currently running could have been renamed
     let newBinFile = binFile;
     do {
         newBinFile = 'new-' + newBinFile;
@@ -170,7 +173,7 @@ async function update(tagOrUrl = '') {
             catch { }
             (0, fs_1.renameSync)(bin, oldBin);
             console.log("launching new version in background", newBinFile);
-            launch(newBin, ['--updating', binFile, '--cwd .'], { sync: true }); // sync necessary to work on Mac by double-click
+            (0, child_process_1.spawnSync)((0, util_os_1.cmdEscape)(newBin), ['--updating', binFile, '--cwd .'], { shell: true, stdio: [0, 1, 2] }); // sync necessary to work on Mac by double-click
         });
         console.log("quitting");
         setTimeout(() => process.exit()); // give time to return (and caller to complete, eg: rest api to reply)
@@ -180,28 +183,18 @@ async function update(tagOrUrl = '') {
         throw e?.message || String(e);
     }
 }
-function launch(cmd, pars = [], options) {
-    return (options?.sync ? child_process_1.spawnSync : child_process_1.spawn)((0, util_os_1.cmdEscape)(cmd), pars, { detached: true, shell: true, stdio: [0, 1, 2], ...options });
-}
 if (argv_1.argv.updating) { // we were launched with a temporary name, restore original name to avoid breaking references
     const bin = process.execPath;
     const dest = (0, path_1.join)((0, path_1.dirname)(bin), argv_1.argv.updating);
     (0, fs_1.renameSync)(bin, dest);
-    // have to relaunch with the new name, or otherwise next update will fail with EBUSY on hfs.exe
+    // have to relaunch with the new name, or otherwise the next update will fail with EBUSY on hfs.exe
     console.log(`renamed binary file to "${argv_1.argv.updating}" and now restarting`);
-    // be sure to test launching both double-clicking and in a terminal
-    if (const_1.IS_WINDOWS) // this method on Mac works only once, and without console
-        (0, first_1.onProcessExit)(() => launch(dest, ['--updated', '--cwd .'])); // launch+sync here would cause old process to stay open, locking ports
-    else {
-        /* open() is the only consistent way that I could find working on macos preserving console input/output over relaunching,
-         * but I couldn't find a way to pass parameters, at least on Linux. The workaround I'm using is to write them to a temp file, that's read and deleted at restart.
-         * For the record, on mac you can: write "./hfs arg1 arg2" to /tmp/tmp.sh with 0o700, and then spawn "open -a Terminal /tmp/tmp.sh"
-         */
-        try {
-            (0, fs_1.writeFileSync)(const_1.ARGS_FILE, JSON.stringify(['--updated', '--cwd', process.cwd().replaceAll(' ', '\\ ')]));
-        }
-        catch { }
-        void (0, open_1.default)(dest);
-    }
+    // if you change anything, be sure to test launching both double-clicking and in a terminal
+    if (const_1.IS_WINDOWS) // windows-only; this method on Mac works only once, and without the console
+        (0, first_1.onProcessExit)(() => (0, child_process_1.spawn)((0, util_os_1.cmdEscape)(dest), ['--updated', '--cwd .'], { detached: true, shell: true, stdio: [0, 1, 2] })); // launch+sync here would cause the old process to stay open, locking ports
+    else if (process.stdin.isTTY && process.stdout.isTTY) // keep interactive terminal users attached to the restarted process
+        (0, child_process_1.spawnSync)(dest, ['--updated', '--cwd', process.cwd()], { stdio: [0, 1, 2] });
+    else
+        (0, child_process_1.spawn)(dest, ['--updated', '--cwd', process.cwd()], { detached: true, stdio: 'ignore' }).unref();
     process.exit();
 }

package/src/upload.js CHANGED Viewed

@@ -54,7 +54,7 @@ const diskSpaceCache = (0, expiringCache_1.expiringCache)(3_000); // invalidate
 const uploadingFiles = new Map();
 // initially sync for formidable; still sync to avoid async races and PUT piping gaps
 function uploadWriter(base, baseUri, filename, ctx) {
-    if (!filename || !(0, misc_1.isValidFileName)(filename))
+    if (!filename || !(0, misc_1.isValidFileName)(filename) || !filename)
         return fail(const_1.HTTP_FOOL);
     if ((0, vfs_1.statusCodeForMissingPerm)(base, 'can_upload', ctx))
         return fail();
@@ -133,10 +133,10 @@ function uploadWriter(base, baseUri, filename, ctx) {
             fs_1.default.unlinkSync(tempName);
         const writeStream = (0, misc_1.createStreamLimiter)(contentLength ?? Infinity);
         const fullSize = stillToWrite + resume;
-        ctx.state.uploadDestinationPath = tempName;
         // allow plugins to mess with the write-stream, because the read-stream can be complicated in case of multipart
         const obj = { ctx, writeStream, fullPath, tempName, resume, fullSize, uri: '' };
         const resEvent = events_1.default.emit('uploadStart', obj);
+        ctx.state.uploadDestinationPath = tempName;
         if (resEvent?.isDefaultPrevented())
             return;
         const fileStream = fs_1.default.createWriteStream(tempName, resume ? { flags: 'r+', start: resume } : undefined);
@@ -282,7 +282,8 @@ function uploadWriter(base, baseUri, filename, ctx) {
         if (msg)
             ctx.body = msg;
         if (status >= 400 // with other codes Chrome will report ERR_CONNECTION_RESET
-            && !ctx.get('x-hfs-wait')) // you can disable the following behavior
+            && !ctx.get('x-hfs-wait') // you can disable the following behavior
+            && !ctx.req.complete) // if request body is already complete, forcing a disconnect can interfere with follow-up requests on reused sockets.
             setTimeout(() => (0, connections_1.disconnect)(ctx), 200); // don't wait, if the upload is still in progress
     }
 }

package/src/util-files.js CHANGED Viewed

@@ -6,6 +6,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseFileCache = void 0;
 exports.statWithTimeout = statWithTimeout;
+exports.getUncHost = getUncHost;
 exports.isDirectory = isDirectory;
 exports.readFileWithBusyRetry = readFileWithBusyRetry;
 exports.watchDir = watchDir;
@@ -163,7 +164,7 @@ async function createSafeWriteStream(path, options) {
     });
 }
 function isValidFileName(name, acceptUnreadable = false) {
-    return name !== '.' && !(const_1.IS_WINDOWS ? /[/:"*?<>|\\]/ : /\//).test(name) && !hasDirTraversal(name)
+    return name && name !== '.' && !(const_1.IS_WINDOWS ? /[/:"*?<>|\\]/ : /\//).test(name) && !hasDirTraversal(name)
         && (acceptUnreadable || !/[\u0000-\u001F\u007F]/.test(name));
 }
 function exists(path) {

package/src/util-http.js CHANGED Viewed

@@ -112,15 +112,15 @@ function httpStream(url, { body, proxy, jar, noRedirect, httpThrow = true, ...op
                         delete hostJar[k];
                 }
             if (!res.statusCode || httpThrow && res.statusCode >= 400)
-                return reject(new Error(String(res.statusCode), { cause: res }));
+                return reject(Error(String(res.statusCode), { cause: res }));
             let r = res.headers.location;
             if (r && !noRedirect) {
                 const dest = new URL(r, url); // rewrite in case r is just a path, and thus relative to the current url
                 r = dest.toString();
                 const src = new URL(url);
                 const sameOrigin = src.protocol === dest.protocol && src.host === dest.host;
-                return redirected.includes(r) ? reject(new Error('endless http redirection'))
-                    : redirected.length > 20 ? reject(new Error('excessive http redirection'))
+                return redirected.includes(r) ? reject(Error('endless http redirection'))
+                    : redirected.length > 20 ? reject(Error('excessive http redirection'))
                         : resolve(httpStream(r, {
                             httpThrow, jar, proxy,
                             ...lodash_1.default.pick(options, ['agent', 'rejectUnauthorized', 'timeout']),

package/src/vfs.js CHANGED Viewed

@@ -170,10 +170,12 @@ async function getNodeByName(name, parent, assumeMissingToBeFolder = false) {
         return ret;
     }
 }
+const smartUncFolderDetection = (0, config_1.defineConfig)('smart_unc_folder_detection', true);
 async function setIsFolder(node) {
     if (!node.source)
         return;
-    const isFolder = /[\\/]$/.test(node.source) || await nodeStats(node).then(x => x?.isDirectory(), () => undefined);
+    const isFolder = smartUncFolderDetection.get() && (0, misc_1.getUncHost)(node.source) ? !(0, path_1.basename)(node.source).includes('.') // no dot = folder – not very reliable but fast for unreachable unc hosts, and you can opt-out
+        : /[\\/]$/.test(node.source) || await nodeStats(node).then(x => x?.isDirectory(), () => undefined);
     (0, misc_1.setHidden)(node, { isFolder });
     return isFolder;
 }
@@ -328,7 +330,7 @@ async function* walkNode(parent, { ctx, depth = Infinity, prefixPath = '', requi
                             stream.push(null);
                             return null;
                         }
-                        if ((0, comments_1.usingDescriptIon)() && entry.name === comments_1.DESCRIPT_ION)
+                        if ((0, comments_1.usingDescriptIon)() && (entry.name === comments_1.DESCRIPT_ION || entry.name === comments_1.DESCRIPT_ION_ALT))
                             return;
                         const { path } = entry; // this path is not the original deprecated property: we are overwriting/reusing it
                         const isFolder = entry.isDirectory();

package/src/webdav.js ADDED Viewed

@@ -0,0 +1,297 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handledWebdav = handledWebdav;
+const vfs_1 = require("./vfs");
+const cross_1 = require("./cross");
+const stream_1 = require("stream");
+const promises_1 = require("fs/promises");
+const misc_1 = require("./misc");
+const path_1 = require("path");
+const frontEndApis_1 = require("./frontEndApis");
+const node_crypto_1 = require("node:crypto");
+const const_1 = require("./const");
+const child_process_1 = require("child_process");
+const auth_1 = require("./auth");
+const config_1 = require("./config");
+const expiringCache_1 = require("./expiringCache");
+const forceWebdavLogin = (0, config_1.defineConfig)(cross_1.CFG.force_webdav_login, true, compileWebdavAgentRegex);
+const webdavInitialAuth = (0, config_1.defineConfig)(cross_1.CFG.webdav_initial_auth, 'WebDAVFS', compileWebdavAgentRegex);
+const webdavPrompted = (0, expiringCache_1.expiringCache)(cross_1.DAY);
+const webdavDetectedAgents = new Set();
+const TOKEN_HEADER = 'lock-token';
+const WEBDAV_METHODS = new Set(['PROPFIND', 'PROPPATCH', 'MKCOL', 'MOVE', 'LOCK', 'UNLOCK']);
+const WEBDAV_HINT_HEADERS = ['depth', 'destination', 'overwrite', 'translate', 'if', TOKEN_HEADER, 'x-expected-entity-length'];
+const KNOWN_UA = /webdav|miniredir|davclnt/i;
+const canOverwrite = new Set();
+const locks = new Map();
+function isLocked(path, ctx) {
+    const lock = locks.get(path);
+    if (!lock)
+        return false;
+    const ifHeader = ctx.get('If');
+    const tokenHeader = ctx.get(TOKEN_HEADER);
+    if (hasToken(ifHeader, lock.token) || hasToken(tokenHeader, lock.token))
+        return false;
+    ctx.status = cross_1.HTTP_LOCKED;
+    return true;
+}
+function hasToken(header, token) {
+    if (!header)
+        return false;
+    return header.includes(`<${token}>`) || header.split(/[,;\s]+/).includes(token);
+}
+async function handledWebdav(ctx) {
+    const { path } = ctx;
+    const isWebdavAuthRequest = WEBDAV_METHODS.has(ctx.method) || WEBDAV_HINT_HEADERS.some(h => !!ctx.get(h));
+    const ua = ctx.get('user-agent');
+    if (isWebdavAuthRequest && (0, auth_1.getCurrentUsername)(ctx)) {
+        if (ua)
+            webdavDetectedAgents.add(ua);
+    }
+    if (ctx.path.includes('/._') && ua?.startsWith('WebDAVFS')) { // too much spam from Finder for these files that can contain metas
+        ctx.state.dontLog = true;
+        return ctx.status = cross_1.HTTP_FORBIDDEN;
+    }
+    if (ctx.method === 'OPTIONS') {
+        if (ctx.get('Access-Control-Request-Method'))
+            return; // it's a preflight cors request, not webdav
+        setWebdavHeaders();
+        ctx.body = '';
+        return true;
+    }
+    if (isWebdavAuthRequest && shouldChallengeWebdav())
+        return true;
+    if (ctx.method === 'PUT') {
+        if (isLocked(path, ctx))
+            return true;
+        // Finder first creates an empty file (a test?) then wants to overwrite it, which requires deletion permission, but the user may not have it, causing a renamed upload. To solve, so we give it special permission for a few seconds.
+        const x = ctx.get('x-expected-entity-length'); // field used by Finder's webdav on actual upload, after
+        if (!x && !ctx.length) {
+            canOverwrite.add(path);
+            setTimeout(() => canOverwrite.delete(path), 10_000); // grace period
+        }
+        else if (canOverwrite.has(path)) {
+            canOverwrite.delete(path);
+            const node = await (0, vfs_1.urlToNode)(path, ctx);
+            if (node?.source)
+                await (0, promises_1.rm)(node.source).catch(() => { });
+        }
+        if (x && ctx.length === undefined) // missing length can make PUT fail
+            ctx.req.headers['content-length'] = x;
+        if (KNOWN_UA.test(ua) || webdavDetectedAgents.has(ua))
+            ctx.query.existing ??= 'overwrite'; // with webdav this is our default
+        return; // default handling
+    }
+    if (ctx.method === 'MKCOL') {
+        setWebdavHeaders();
+        if (isLocked(path, ctx))
+            return true;
+        const node = await (0, vfs_1.urlToNode)(path, ctx);
+        if (node)
+            return ctx.status = cross_1.HTTP_METHOD_NOT_ALLOWED;
+        let name = '';
+        const parentNode = await (0, vfs_1.urlToNode)(path, ctx, vfs_1.vfs, v => name = v);
+        if (!parentNode)
+            return ctx.status = cross_1.HTTP_NOT_FOUND;
+        if (!(0, misc_1.isValidFileName)(name))
+            return ctx.status = cross_1.HTTP_BAD_REQUEST;
+        if ((0, vfs_1.statusCodeForMissingPerm)(parentNode, 'can_upload', ctx)) {
+            if (ctx.status === cross_1.HTTP_UNAUTHORIZED)
+                setWebdavHeaders(true);
+            return true;
+        }
+        try {
+            await (0, promises_1.mkdir)((0, path_1.join)(parentNode.source, name));
+            return ctx.status = cross_1.HTTP_CREATED;
+        }
+        catch (e) {
+            return ctx.status = cross_1.HTTP_SERVER_ERROR;
+        }
+    }
+    if (ctx.method === 'MOVE') {
+        setWebdavHeaders();
+        if (isLocked(path, ctx))
+            return true;
+        const node = await (0, vfs_1.urlToNode)(path, ctx);
+        if (!node)
+            return;
+        let dest = ctx.get('destination');
+        const i = dest.indexOf('//');
+        if (i >= 0)
+            dest = dest.slice(dest.indexOf('/', i + 2));
+        if (isLocked(dest, ctx))
+            return true;
+        if ((0, path_1.dirname)(path) === (0, path_1.dirname)(dest)) // rename. `path` is is encoded, so we test before decoding `dest`
+            try {
+                await (0, frontEndApis_1.requestedRename)(node, (0, path_1.basename)(decodeURI(dest)), ctx);
+                return ctx.status = cross_1.HTTP_CREATED;
+            }
+            catch (e) {
+                return ctx.status = e.status || cross_1.HTTP_SERVER_ERROR;
+            }
+        const moveRes = await (0, frontEndApis_1.moveFiles)([path], (0, path_1.dirname)(dest), ctx);
+        if (moveRes instanceof Error)
+            return ctx.status = moveRes.status || cross_1.HTTP_SERVER_ERROR;
+        const err = moveRes?.errors?.[0];
+        return ctx.status = !err ? cross_1.HTTP_CREATED : typeof err === 'number' ? err : cross_1.HTTP_SERVER_ERROR;
+    }
+    if (ctx.method === 'DELETE') {
+        setWebdavHeaders();
+        if (isLocked(path, ctx))
+            return true;
+        return; // allow default handling in serveGuiAndSharedFiles.ts
+    }
+    if (ctx.method === 'UNLOCK') {
+        setWebdavHeaders();
+        const x = ctx.get(TOKEN_HEADER).slice(1, -1);
+        const lock = locks.get(path);
+        if (x !== lock?.token)
+            return ctx.status = cross_1.HTTP_BAD_REQUEST;
+        clearTimeout(lock.timeout);
+        locks.delete(path);
+        ctx.set(TOKEN_HEADER, x);
+        if (const_1.IS_MAC)
+            (0, vfs_1.urlToNode)(path, ctx).then(x => x?.source && dotClean((0, path_1.dirname)(x.source)));
+        return ctx.status = cross_1.HTTP_NO_CONTENT;
+    }
+    if (ctx.method === 'LOCK') {
+        setWebdavHeaders();
+        if (locks.has(path))
+            return ctx.status = 423;
+        const token = 'urn:uuid:' + (0, node_crypto_1.randomUUID)();
+        ctx.set(TOKEN_HEADER, token);
+        const seconds = 3600;
+        const timeout = setTimeout(() => locks.delete(path), seconds * 1000);
+        locks.set(path, { token, timeout });
+        ctx.body = `<?xml version="1.0" encoding="utf-8"?><prop xmlns="DAV:"><lockdiscovery><activelock>
+            <locktype><write/></locktype>
+            <lockscope><exclusive/></lockscope>
+            <locktoken><href>${token}</href></locktoken>
+            <lockroot><href>${path}</href></lockroot>
+            <depth>0</depth>
+            <timeout>Second-${seconds}</timeout>
+        </activelock></lockdiscovery></prop>`;
+        return true;
+    }
+    if (ctx.method === 'PROPFIND') {
+        setWebdavHeaders();
+        const node = await (0, vfs_1.urlToNode)(path, ctx);
+        if (!node)
+            return;
+        let depth = Number(ctx.get('depth'));
+        depth = isNaN(depth) ? Infinity : depth;
+        const isList = depth !== 0;
+        if ((0, vfs_1.statusCodeForMissingPerm)(node, isList ? 'can_list' : 'can_see', ctx)) {
+            if (ctx.status === cross_1.HTTP_UNAUTHORIZED)
+                setWebdavHeaders(true);
+            return true;
+        }
+        ctx.type = 'xml';
+        ctx.status = 207;
+        const pathSlash = (0, cross_1.enforceFinal)('/', path);
+        const res = ctx.body = new stream_1.PassThrough({ encoding: 'utf8' });
+        res.write(`<?xml version="1.0" encoding="utf-8" ?><multistatus xmlns="DAV:">`);
+        await sendEntry(node);
+        if (isList) {
+            depth = Math.max(0, depth - 1);
+            for await (const n of (0, vfs_1.walkNode)(node, { ctx, depth }))
+                await sendEntry(n, true);
+        }
+        res.write(`</multistatus>`);
+        res.end();
+        return true;
+        async function sendEntry(node, append = false) {
+            if ((0, vfs_1.nodeIsLink)(node))
+                return;
+            const name = (0, vfs_1.getNodeName)(node);
+            const isDir = await (0, vfs_1.nodeIsFolder)(node);
+            const st = await (0, vfs_1.nodeStats)(node);
+            res.write(`<response>
+              <href>${pathSlash + (append ? (0, cross_1.pathEncode)(name, true) + (isDir ? '/' : '') : '')}</href>
+              <propstat>
+                <status>HTTP/1.1 200 OK</status>
+                <prop>
+                    ${(0, cross_1.prefix)('<getlastmodified>', st?.mtime?.toGMTString(), '</getlastmodified>')}
+                    ${(0, cross_1.prefix)('<creationdate>', (st?.birthtime || st?.ctime)?.toISOString().replace(/\..*/, '-00:00'), '</creationdate>')}
+                    ${isDir ? '<resourcetype><collection/></resourcetype>'
+                : `<resourcetype/><getcontentlength>${st?.size}</getcontentlength>`}
+                </prop>
+              </propstat>
+              </response>
+            `);
+        }
+    }
+    if (ctx.method === 'PROPPATCH') {
+        setWebdavHeaders();
+        if (isLocked(path, ctx))
+            return true;
+        const node = await (0, vfs_1.urlToNode)(path, ctx);
+        if (!node)
+            return;
+        if ((0, vfs_1.statusCodeForMissingPerm)(node, 'can_see', ctx)) {
+            if (ctx.status === cross_1.HTTP_UNAUTHORIZED)
+                setWebdavHeaders(true);
+            return true;
+        }
+        ctx.type = 'xml';
+        ctx.status = 207;
+        ctx.body = `<?xml version="1.0" encoding="utf-8"?>
+            <multistatus xmlns="DAV:">
+              <response>
+                <href>${path}</href>
+                <propstat>
+                  <status>HTTP/1.1 200 OK</status>
+                  <prop/>
+                </propstat>
+              </response>
+            </multistatus>`;
+        return true;
+    }
+    function setWebdavHeaders(authenticate = false) {
+        ctx.set('DAV', '1,2');
+        ctx.set('MS-Author-Via', 'DAV');
+        ctx.set('Allow', 'PROPFIND,PROPPATCH,OPTIONS,DELETE,MOVE,LOCK,UNLOCK,MKCOL,PUT');
+        if (authenticate)
+            ctx.set('WWW-Authenticate', `Basic realm="HFS WebDAV"`); // keep a dedicated realm for WebDAV so Windows credential cache is isolated from other basic-auth flows
+    }
+    function shouldChallengeWebdav() {
+        if ((0, auth_1.getCurrentUsername)(ctx))
+            return false;
+        if (forceWebdavLogin.compiled()?.test(ua))
+            return challengeWebdav();
+        if (!webdavInitialAuth.compiled()?.test(ua))
+            return false;
+        if (ctx.get('authorization'))
+            return challengeWebdav();
+        const key = `${ctx.ip}|${ctx.host}|${ua || ''}`;
+        if (webdavPrompted.has(key))
+            return false;
+        webdavPrompted.try(key, () => true);
+        return challengeWebdav();
+        function challengeWebdav() {
+            setWebdavHeaders(true);
+            ctx.status = cross_1.HTTP_UNAUTHORIZED;
+            ctx.body = '';
+            return true;
+        }
+    }
+}
+function compileWebdavAgentRegex(v) {
+    return !v ? null : v === true ? /.*/ : new RegExp(v.trim(), 'i');
+}
+// Finder will upload special attributes as files with name ._* that can be merged using system utility "dot_clean"
+const cleaners = {};
+function dotClean(path) {
+    (0, cross_1.getOrSet)(cleaners, path, () => setTimeout(() => {
+        try {
+            (0, child_process_1.exec)('dot_clean .', { cwd: path }, (err, out) => done(err || out));
+        }
+        catch (e) {
+            done(e);
+        }
+        function done(log) {
+            console.debug('dot_clean', path, log);
+            delete cleaners[path];
+        }
+    }, 10_000));
+}