npm - hfs - Versions diffs - 3.0.7 → 3.1.0-alpha2 - Mend

hfs 3.0.7 → 3.1.0-alpha2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/README.md +1 -1
package/admin/assets/index-CDiYkO8j.css +1 -0
package/admin/assets/index-Dm5BN1iZ.js +1 -0
package/admin/assets/index-P5i8LyWl.js +822 -0
package/admin/assets/{sha512-gDcjPgJS.js → sha512-DG-ElrDe.js} +1 -1
package/admin/flags/freakflags.css +284 -0
package/admin/flags/sprite.png +0 -0
package/admin/index.html +3 -2
package/frontend/assets/index-legacy-CG_og8xL.js +1 -0
package/frontend/assets/index-legacy-DDLKWGcm.js +9 -0
package/frontend/assets/{sha512-legacy-BBwwadDl.js → sha512-legacy-D1zEZzDe.js} +1 -1
package/frontend/fontello.css +3 -1
package/frontend/fontello.woff2 +0 -0
package/frontend/index.html +1 -1
package/npm-shrinkwrap.json +16409 -0
package/package.json +12 -11
package/plugins/antibrute/plugin.js +14 -3
package/src/AsapStream.js +49 -0
package/src/ThrottledStream.js +1 -1
package/src/adminApis.js +16 -5
package/src/api.accounts.js +1 -6
package/src/api.auth.js +103 -100
package/src/api.get_file_list.js +7 -0
package/src/api.lang.js +1 -0
package/src/api.log.js +5 -3
package/src/api.monitor.js +5 -0
package/src/api.net.js +5 -0
package/src/api.plugins.js +13 -2
package/src/api.vfs.js +41 -28
package/src/apiMiddleware.js +5 -4
package/src/auth.js +39 -6
package/src/commands.js +16 -27
package/src/comments.js +4 -4
package/src/config.js +5 -2
package/src/const.js +2 -16
package/src/cross-const.js +5 -2
package/src/cross.js +21 -15
package/src/expiringCache.js +16 -5
package/src/fileAttr.js +1 -1
package/src/first.js +7 -4
package/src/frontEndApis.js +88 -102
package/src/github.js +32 -21
package/src/ips.js +1 -1
package/src/log.js +5 -3
package/src/middlewares.js +2 -1
package/src/misc.js +2 -20
package/src/perm.js +27 -12
package/src/persistence.js +1 -1
package/src/plugins.js +12 -6
package/src/serveFile.js +3 -3
package/src/serveGuiAndSharedFiles.js +3 -0
package/src/serveGuiFiles.js +2 -1
package/src/srp.js +5 -6
package/src/stat.js +4 -1
package/src/update.js +18 -25
package/src/upload.js +4 -3
package/src/util-files.js +2 -1
package/src/util-http.js +3 -3
package/src/vfs.js +4 -2
package/src/webdav.js +297 -0
package/admin/assets/index-Bj9Dk3JN.js +0 -822
package/admin/assets/index-Byv1_NxP.css +0 -1
package/admin/flags/ad.png +0 -0
package/admin/flags/ae.png +0 -0
package/admin/flags/af.png +0 -0
package/admin/flags/ag.png +0 -0
package/admin/flags/ai.png +0 -0
package/admin/flags/al.png +0 -0
package/admin/flags/am.png +0 -0
package/admin/flags/ao.png +0 -0
package/admin/flags/aq.png +0 -0
package/admin/flags/ar.png +0 -0
package/admin/flags/as.png +0 -0
package/admin/flags/at.png +0 -0
package/admin/flags/au.png +0 -0
package/admin/flags/aw.png +0 -0
package/admin/flags/ax.png +0 -0
package/admin/flags/az.png +0 -0
package/admin/flags/ba.png +0 -0
package/admin/flags/bb.png +0 -0
package/admin/flags/bd.png +0 -0
package/admin/flags/be.png +0 -0
package/admin/flags/bf.png +0 -0
package/admin/flags/bg.png +0 -0
package/admin/flags/bh.png +0 -0
package/admin/flags/bi.png +0 -0
package/admin/flags/bj.png +0 -0
package/admin/flags/bl.png +0 -0
package/admin/flags/bm.png +0 -0
package/admin/flags/bn.png +0 -0
package/admin/flags/bo.png +0 -0
package/admin/flags/bq.png +0 -0
package/admin/flags/br.png +0 -0
package/admin/flags/bs.png +0 -0
package/admin/flags/bt.png +0 -0
package/admin/flags/bv.png +0 -0
package/admin/flags/bw.png +0 -0
package/admin/flags/by.png +0 -0
package/admin/flags/bz.png +0 -0
package/admin/flags/ca.png +0 -0
package/admin/flags/cc.png +0 -0
package/admin/flags/cd.png +0 -0
package/admin/flags/cf.png +0 -0
package/admin/flags/cg.png +0 -0
package/admin/flags/ch.png +0 -0
package/admin/flags/ci.png +0 -0
package/admin/flags/ck.png +0 -0
package/admin/flags/cl.png +0 -0
package/admin/flags/cm.png +0 -0
package/admin/flags/cn.png +0 -0
package/admin/flags/co.png +0 -0
package/admin/flags/cr.png +0 -0
package/admin/flags/cu.png +0 -0
package/admin/flags/cv.png +0 -0
package/admin/flags/cw.png +0 -0
package/admin/flags/cx.png +0 -0
package/admin/flags/cy.png +0 -0
package/admin/flags/cz.png +0 -0
package/admin/flags/de.png +0 -0
package/admin/flags/dj.png +0 -0
package/admin/flags/dk.png +0 -0
package/admin/flags/dm.png +0 -0
package/admin/flags/do.png +0 -0
package/admin/flags/dz.png +0 -0
package/admin/flags/ec.png +0 -0
package/admin/flags/ee.png +0 -0
package/admin/flags/eg.png +0 -0
package/admin/flags/eh.png +0 -0
package/admin/flags/er.png +0 -0
package/admin/flags/es.png +0 -0
package/admin/flags/et.png +0 -0
package/admin/flags/fi.png +0 -0
package/admin/flags/fj.png +0 -0
package/admin/flags/fk.png +0 -0
package/admin/flags/fm.png +0 -0
package/admin/flags/fo.png +0 -0
package/admin/flags/fr.png +0 -0
package/admin/flags/ga.png +0 -0
package/admin/flags/gb-eng.png +0 -0
package/admin/flags/gb-nir.png +0 -0
package/admin/flags/gb-sct.png +0 -0
package/admin/flags/gb-wls.png +0 -0
package/admin/flags/gb.png +0 -0
package/admin/flags/gd.png +0 -0
package/admin/flags/ge.png +0 -0
package/admin/flags/gf.png +0 -0
package/admin/flags/gg.png +0 -0
package/admin/flags/gh.png +0 -0
package/admin/flags/gi.png +0 -0
package/admin/flags/gl.png +0 -0
package/admin/flags/gm.png +0 -0
package/admin/flags/gn.png +0 -0
package/admin/flags/gp.png +0 -0
package/admin/flags/gq.png +0 -0
package/admin/flags/gr.png +0 -0
package/admin/flags/gs.png +0 -0
package/admin/flags/gt.png +0 -0
package/admin/flags/gu.png +0 -0
package/admin/flags/gw.png +0 -0
package/admin/flags/gy.png +0 -0
package/admin/flags/hk.png +0 -0
package/admin/flags/hm.png +0 -0
package/admin/flags/hn.png +0 -0
package/admin/flags/hr.png +0 -0
package/admin/flags/ht.png +0 -0
package/admin/flags/hu.png +0 -0
package/admin/flags/id.png +0 -0
package/admin/flags/ie.png +0 -0
package/admin/flags/il.png +0 -0
package/admin/flags/im.png +0 -0
package/admin/flags/in.png +0 -0
package/admin/flags/io.png +0 -0
package/admin/flags/iq.png +0 -0
package/admin/flags/ir.png +0 -0
package/admin/flags/is.png +0 -0
package/admin/flags/it.png +0 -0
package/admin/flags/je.png +0 -0
package/admin/flags/jm.png +0 -0
package/admin/flags/jo.png +0 -0
package/admin/flags/jp.png +0 -0
package/admin/flags/ke.png +0 -0
package/admin/flags/kg.png +0 -0
package/admin/flags/kh.png +0 -0
package/admin/flags/ki.png +0 -0
package/admin/flags/km.png +0 -0
package/admin/flags/kn.png +0 -0
package/admin/flags/kp.png +0 -0
package/admin/flags/kr.png +0 -0
package/admin/flags/kw.png +0 -0
package/admin/flags/ky.png +0 -0
package/admin/flags/kz.png +0 -0
package/admin/flags/la.png +0 -0
package/admin/flags/lb.png +0 -0
package/admin/flags/lc.png +0 -0
package/admin/flags/li.png +0 -0
package/admin/flags/lk.png +0 -0
package/admin/flags/lr.png +0 -0
package/admin/flags/ls.png +0 -0
package/admin/flags/lt.png +0 -0
package/admin/flags/lu.png +0 -0
package/admin/flags/lv.png +0 -0
package/admin/flags/ly.png +0 -0
package/admin/flags/ma.png +0 -0
package/admin/flags/mc.png +0 -0
package/admin/flags/md.png +0 -0
package/admin/flags/me.png +0 -0
package/admin/flags/mf.png +0 -0
package/admin/flags/mg.png +0 -0
package/admin/flags/mh.png +0 -0
package/admin/flags/mk.png +0 -0
package/admin/flags/ml.png +0 -0
package/admin/flags/mm.png +0 -0
package/admin/flags/mn.png +0 -0
package/admin/flags/mo.png +0 -0
package/admin/flags/mp.png +0 -0
package/admin/flags/mq.png +0 -0
package/admin/flags/mr.png +0 -0
package/admin/flags/ms.png +0 -0
package/admin/flags/mt.png +0 -0
package/admin/flags/mu.png +0 -0
package/admin/flags/mv.png +0 -0
package/admin/flags/mw.png +0 -0
package/admin/flags/mx.png +0 -0
package/admin/flags/my.png +0 -0
package/admin/flags/mz.png +0 -0
package/admin/flags/na.png +0 -0
package/admin/flags/nc.png +0 -0
package/admin/flags/ne.png +0 -0
package/admin/flags/nf.png +0 -0
package/admin/flags/ng.png +0 -0
package/admin/flags/ni.png +0 -0
package/admin/flags/nl.png +0 -0
package/admin/flags/no.png +0 -0
package/admin/flags/np.png +0 -0
package/admin/flags/nr.png +0 -0
package/admin/flags/nu.png +0 -0
package/admin/flags/nz.png +0 -0
package/admin/flags/om.png +0 -0
package/admin/flags/pa.png +0 -0
package/admin/flags/pe.png +0 -0
package/admin/flags/pf.png +0 -0
package/admin/flags/pg.png +0 -0
package/admin/flags/ph.png +0 -0
package/admin/flags/pk.png +0 -0
package/admin/flags/pl.png +0 -0
package/admin/flags/pm.png +0 -0
package/admin/flags/pn.png +0 -0
package/admin/flags/pr.png +0 -0
package/admin/flags/ps.png +0 -0
package/admin/flags/pt.png +0 -0
package/admin/flags/pw.png +0 -0
package/admin/flags/py.png +0 -0
package/admin/flags/qa.png +0 -0
package/admin/flags/re.png +0 -0
package/admin/flags/ro.png +0 -0
package/admin/flags/rs.png +0 -0
package/admin/flags/ru.png +0 -0
package/admin/flags/rw.png +0 -0
package/admin/flags/sa.png +0 -0
package/admin/flags/sb.png +0 -0
package/admin/flags/sc.png +0 -0
package/admin/flags/sd.png +0 -0
package/admin/flags/se.png +0 -0
package/admin/flags/sg.png +0 -0
package/admin/flags/sh.png +0 -0
package/admin/flags/si.png +0 -0
package/admin/flags/sj.png +0 -0
package/admin/flags/sk.png +0 -0
package/admin/flags/sl.png +0 -0
package/admin/flags/sm.png +0 -0
package/admin/flags/sn.png +0 -0
package/admin/flags/so.png +0 -0
package/admin/flags/sr.png +0 -0
package/admin/flags/ss.png +0 -0
package/admin/flags/st.png +0 -0
package/admin/flags/sv.png +0 -0
package/admin/flags/sx.png +0 -0
package/admin/flags/sy.png +0 -0
package/admin/flags/sz.png +0 -0
package/admin/flags/tc.png +0 -0
package/admin/flags/td.png +0 -0
package/admin/flags/tf.png +0 -0
package/admin/flags/tg.png +0 -0
package/admin/flags/th.png +0 -0
package/admin/flags/tj.png +0 -0
package/admin/flags/tk.png +0 -0
package/admin/flags/tl.png +0 -0
package/admin/flags/tm.png +0 -0
package/admin/flags/tn.png +0 -0
package/admin/flags/to.png +0 -0
package/admin/flags/tr.png +0 -0
package/admin/flags/tt.png +0 -0
package/admin/flags/tv.png +0 -0
package/admin/flags/tw.png +0 -0
package/admin/flags/tz.png +0 -0
package/admin/flags/ua.png +0 -0
package/admin/flags/ug.png +0 -0
package/admin/flags/um.png +0 -0
package/admin/flags/us.png +0 -0
package/admin/flags/uy.png +0 -0
package/admin/flags/uz.png +0 -0
package/admin/flags/va.png +0 -0
package/admin/flags/vc.png +0 -0
package/admin/flags/ve.png +0 -0
package/admin/flags/vg.png +0 -0
package/admin/flags/vi.png +0 -0
package/admin/flags/vn.png +0 -0
package/admin/flags/vu.png +0 -0
package/admin/flags/wf.png +0 -0
package/admin/flags/ws.png +0 -0
package/admin/flags/xk.png +0 -0
package/admin/flags/ye.png +0 -0
package/admin/flags/yt.png +0 -0
package/admin/flags/za.png +0 -0
package/admin/flags/zm.png +0 -0
package/admin/flags/zw.png +0 -0
package/frontend/assets/index-legacy-COBT1YmS.js +0 -50

package/src/api.plugins.js CHANGED Viewed

@@ -7,7 +7,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkDependencies = checkDependencies;
 const plugins_1 = require("./plugins");
 const lodash_1 = __importDefault(require("lodash"));
-const assert_1 = __importDefault(require("assert"));
 const misc_1 = require("./misc");
 const apiMiddleware_1 = require("./apiMiddleware");
 const promises_1 = require("fs/promises");
@@ -72,6 +71,7 @@ const apis = {
         });
     },
     async start_plugin({ id }) {
+        assertPluginId(id);
         if ((0, plugins_1.isPluginRunning)(id))
             return { msg: 'already running' };
         if (plugins_1.suspendPlugins.get())
@@ -80,13 +80,14 @@ const apis = {
         return (0, plugins_1.startPlugin)(id).then(() => ({}), e => new apiMiddleware_1.ApiError(const_1.HTTP_SERVER_ERROR, e.message));
     },
     async stop_plugin({ id }) {
+        assertPluginId(id);
         if (!(0, plugins_1.isPluginRunning)(id))
             return { msg: 'already stopped' };
         await (0, plugins_1.stopPlugin)(id);
         return {};
     },
     async set_plugin({ id, enabled, config }) {
-        (0, assert_1.default)(id, 'id');
+        assertPluginId(id);
         if (config)
             (0, plugins_1.setPluginConfig)(id, config);
         if (enabled !== undefined)
@@ -94,6 +95,7 @@ const apis = {
         return {};
     },
     async get_plugin({ id }) {
+        assertPluginId(id);
         return {
             enabled: plugins_1.enablePlugins.get().includes(id),
             config: {
@@ -103,6 +105,8 @@ const apis = {
         };
     },
     get_online_plugins({ text }, ctx) {
+        if (text !== undefined && !lodash_1.default.isString(text))
+            return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad text');
         return new SendList_1.SendListReadable({
             async doAtStart(list) {
                 const repos = [];
@@ -142,6 +146,7 @@ const apis = {
         });
     },
     async download_plugin({ id, branch, stop }) {
+        assertPluginId(id);
         await checkDependencies(await (0, github_1.readOnlinePlugin)(id, branch));
         const folder = await (0, github_1.downloadPlugin)(id, { branch });
         if (stop) // be sure this is not automatically started
@@ -150,6 +155,7 @@ const apis = {
             || new apiMiddleware_1.ApiError(const_1.HTTP_SERVER_ERROR);
     },
     async update_plugin({ id }) {
+        assertPluginId(id);
         const found = (0, plugins_1.getPluginInfo)(id);
         if (!found)
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND);
@@ -161,6 +167,7 @@ const apis = {
         return {};
     },
     async uninstall_plugin({ id, deleteConfig }) {
+        assertPluginId(id);
         await (0, plugins_1.stopPlugin)(id);
         await (0, promises_1.rm)(plugins_1.PATH + '/' + id, { recursive: true, force: true });
         if (deleteConfig)
@@ -168,6 +175,7 @@ const apis = {
         return {};
     },
     get_plugin_log({ id }, ctx) {
+        assertPluginId(id);
         const p = (0, plugins_1.getPluginInfo)(id);
         if (!p)
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND);
@@ -178,6 +186,9 @@ const apis = {
     },
 };
 exports.default = apis;
+function assertPluginId(id) {
+    (0, misc_1.apiAssertTypes)({ string: { id } });
+}
 function serialize(p) {
     let o = 'getData' in p ? Object.assign(lodash_1.default.pick(p, ['id', 'started']), p.getData())
         : { ...p }; // _.defaults mutates object, and we don't want that

package/src/api.vfs.js CHANGED Viewed

@@ -22,8 +22,6 @@ async function urlToNodeOriginal(uri) {
     const n = await (0, vfs_1.urlToNode)(uri);
     return n?.isTemp ? n.original : n;
 }
-const ALLOWED_KEYS = ['name', 'source', 'masks', 'default', 'accept', 'rename', 'mime', 'url',
-    'target', 'comment', 'icon', 'order', ...misc_1.PERM_KEYS];
 exports.default = {
     async get_vfs() {
         return { root: await recur() };
@@ -44,7 +42,7 @@ exports.default = {
                 ...node.original || node,
                 inherited,
                 byMasks: lodash_1.default.isEmpty(byMasks) ? undefined : byMasks,
-                website: Boolean(node.children?.find((0, vfs_1.isSameFilenameAs)('index.html')))
+                website: node.children?.some((0, vfs_1.isSameFilenameAs)('index.html'))
                     || isFolder && source && await (0, misc_1.statWithTimeout)((0, path_1.join)(source, 'index.html')).then(() => true, () => undefined)
                     || undefined,
                 name: (0, vfs_1.getNodeName)(node),
@@ -53,6 +51,25 @@ exports.default = {
             };
         }
     },
+    async set_vfs({ uri, props }) {
+        const n = uri && await urlToNodeOriginal(uri);
+        if (!n)
+            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'path not found');
+        if (props.name && props.name !== (0, vfs_1.getNodeName)(n)) {
+            if (!(0, misc_1.isValidFileName)(props.name))
+                return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad name');
+            // check for siblings with the same name
+            const parent = await urlToNodeOriginal((0, path_1.dirname)(uri));
+            if (parent?.children?.find(x => (0, vfs_1.getNodeName)(x) === props.name))
+                return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'name already present');
+        }
+        Object.assign(n, sanitizeVfsProps(props));
+        simplifyName(n);
+        n.isFolder = undefined; // reset field, it will be set by saveVfs
+        await (0, vfs_1.saveVfs)();
+        return n;
+    },
+    // legacy – not currently used by the UI
     async move_vfs({ from, parent }) {
         if (!from || !parent)
             return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST);
@@ -71,35 +88,19 @@ exports.default = {
             return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'item with same name already present in destination');
         const oldParent = await urlToNodeOriginal((0, path_1.dirname)(from));
         lodash_1.default.pull(oldParent.children, fromNode);
-        if (lodash_1.default.isEmpty(oldParent.children))
+        if (lodash_1.default.isEmpty(oldParent.children)) {
             delete oldParent.children;
+        }
+        ;
         (parentNode.children ||= []).push(fromNode);
         await (0, vfs_1.saveVfs)();
         return {};
     },
-    async set_vfs({ uri, props }) {
-        const n = await urlToNodeOriginal(uri);
-        if (!n)
-            return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'path not found');
-        if (props.name && props.name !== (0, vfs_1.getNodeName)(n)) {
-            if (!(0, misc_1.isValidFileName)(props.name))
-                return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad name');
-            const parent = await urlToNodeOriginal((0, path_1.dirname)(uri));
-            if (parent?.children?.find(x => (0, vfs_1.getNodeName)(x) === props.name))
-                return new apiMiddleware_1.ApiError(const_1.HTTP_CONFLICT, 'name already present');
-        }
-        if (props.masks && typeof props.masks !== 'object')
-            delete props.masks;
-        Object.assign(n, pickProps(props, ALLOWED_KEYS));
-        simplifyName(n);
-        n.isFolder = undefined; // reset field, it will be set by saveVfs
-        await (0, vfs_1.saveVfs)();
-        return n;
-    },
+    // legacy – not currently used by the UI
     async add_vfs({ parent, source, name, ...rest }) {
         if (!source && !name)
             return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'name or source required');
-        if (!(0, misc_1.isValidFileName)(name))
+        if (name && !(0, misc_1.isValidFileName)(name))
             return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad name');
         const parentNode = parent ? await urlToNodeOriginal(parent) : vfs_1.vfs;
         if (!parentNode)
@@ -111,7 +112,7 @@ exports.default = {
         const isFolder = source && await (0, misc_1.isDirectory)(source);
         if (source && isFolder === undefined)
             return new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND, 'source not found');
-        const child = { source, name, ...pickProps(rest, ALLOWED_KEYS) };
+        const child = { source, name, ...sanitizeVfsProps(rest) };
         name = (0, vfs_1.getNodeName)(child); // could be not given as input
         const ext = (0, path_1.extname)(name);
         const noExt = ext ? name.slice(0, -ext.length) : name;
@@ -128,6 +129,7 @@ exports.default = {
             + (isFolder ? '/' : '');
         return { name, link };
     },
+    // legacy – not currently used by the UI
     async del_vfs({ uris }) {
         if (!uris || !Array.isArray(uris))
             return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad uris');
@@ -169,7 +171,7 @@ exports.default = {
         return {};
     },
     get_disk_spaces: util_os_1.getDiskSpaces,
-    get_ls({ path, files, fileMask }, ctx) {
+    get_ls({ path, files = true, fileMask }, ctx) {
         return new SendList_1.SendListReadable({
             async doAtStart(list) {
                 if (!path && const_1.IS_WINDOWS) {
@@ -253,11 +255,22 @@ exports.default = {
 function pickProps(o, keys) {
     const ret = {};
     if (o && typeof o === 'object')
-        for (const k of keys)
-            if (k in o)
+        for (const k in o)
+            if (keys.includes(k))
                 ret[k] = o[k] === null || o[k] === '' ? undefined : o[k];
     return ret;
 }
+function sanitizeVfsProps(props) {
+    const ret = pickProps(props, misc_1.VFS_STORED_KEYS);
+    if (ret.masks && typeof ret.masks !== 'object')
+        ret.masks = undefined;
+    if (props?.children === null)
+        delete ret.children;
+    else if (Array.isArray(props?.children))
+        ret.children = !props.children.length ? undefined
+            : props.children.map(sanitizeVfsProps);
+    return ret;
+}
 function simplifyName(node) {
     const { name, ...noName } = node;
     if ((0, vfs_1.getNodeName)(noName) === name)

package/src/apiMiddleware.js CHANGED Viewed

@@ -29,10 +29,11 @@ function apiMiddleware(apis) {
         const params = isPost ? ctx.state.params || {} : ctx.query;
         const apiName = ctx.path;
         console.debug('API', ctx.method, apiName, { ...params });
-        const noBrowser = ctx.get('user-agent')?.startsWith('curl');
-        const safe = noBrowser || isPost && ctx.get('x-hfs-anti-csrf') // POST is safe because browser will enforce SameSite cookie
-            || apiName.startsWith('get_'); // "get_" apis are safe because they make no change
-        if (!safe)
+        const csrfSafe = !isPost
+            || ctx.get('x-hfs-anti-csrf') // automatic browser actions won't carry this header
+            || apiName.startsWith('get_') // "get_" apis are safe because they make no change
+            || /^(curl|wget|python|go-|java|axios|postman|httpie|insomnia|bruno)/i.test(ctx.get('user-agent') || ''); // only browser are subject to CSRF
+        if (!csrfSafe)
             return send(const_1.HTTP_FOOL, "missing header x-hfs-anti-csrf=1");
         const customApiRest = apiName.startsWith(const_1.PLUGIN_CUSTOM_REST_PREFIX) && apiName.slice(const_1.PLUGIN_CUSTOM_REST_PREFIX.length);
         const apiFun = customApiRest && (0, plugins_1.firstPlugin)(pl => pl.getData().customRest?.[customApiRest])

package/src/auth.js CHANGED Viewed

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -11,20 +44,20 @@ exports.clearTextLogin = clearTextLogin;
 exports.setLoggedIn = setLoggedIn;
 const perm_1 = require("./perm");
 const cross_const_1 = require("./cross-const");
-const tssrp6a_1 = require("tssrp6a");
+const srp = __importStar(require("tssrp6a"));
 const srp_1 = require("./srp");
 const cross_1 = require("./cross");
 const expiringCache_1 = require("./expiringCache");
 const node_crypto_1 = require("node:crypto");
 const events_1 = __importDefault(require("./events"));
-const srp6aNimbusRoutines = new tssrp6a_1.SRPRoutines(new tssrp6a_1.SRPParameters());
+const srp6aNimbusRoutines = new srp.SRPRoutines(new srp.SRPParameters());
 async function srpServerStep1(account) {
     if (!account.srp)
         throw cross_const_1.HTTP_NOT_ACCEPTABLE;
     const [salt, verifier] = account.srp.split('|');
     if (!salt || !verifier)
         throw Error("malformed account");
-    const srpSession = new tssrp6a_1.SRPServerSession(srp6aNimbusRoutines);
+    const srpSession = new srp.SRPServerSession(srp6aNimbusRoutines);
     const srpServer = await srpSession.step1(account.username, BigInt(salt), BigInt(verifier));
     return { srpServer, salt, pubKey: String(srpServer.B) }; // cast to string cause bigint can't be jsonized
 }
@@ -36,7 +69,7 @@ async function srpCheck(username, password) {
     const k = (0, node_crypto_1.createHash)('sha256').update(username + password + account.srp).digest("hex");
     const good = await cache.try(k, async () => {
         const { srpServer, salt, pubKey } = await srpServerStep1(account);
-        const client = await (0, srp_1.srpClientPart)(username, password, salt, pubKey);
+        const client = await (0, srp_1.srpClientPart)(srp, username, password, salt, pubKey);
         return srpServer.step2(client.A, client.M1).then(() => true, () => false);
     });
     return good ? account : undefined;
@@ -65,10 +98,10 @@ async function setLoggedIn(ctx, username) {
         if (s.username)
             events_1.default.emit('logout', ctx);
         delete ctx.state.account;
-        delete s.username;
-        delete s.allowNet;
+        ctx.session = null;
         return;
     }
+    delete s.loggingIn; // clear pending SRP handshake state
     const a = ctx.state.account = (0, perm_1.getAccount)(username);
     if (!a)
         return;

package/src/commands.js CHANGED Viewed

@@ -19,8 +19,7 @@ const github_1 = require("./github");
 const cross_1 = require("./cross");
 const api_monitor_1 = __importDefault(require("./api.monitor"));
 const argv_1 = require("./argv");
-const consoleLog_1 = require("./consoleLog");
-const debounceAsync_1 = require("./debounceAsync");
+const listen_2 = require("./listen");
 if (!argv_1.argv.updating && !config_1.showHelp) {
     try {
         // Not sure if the try is necessary for when stdin is unavailable, but someone reported a problem using nohup https://github.com/rejetto/hfs/issues/74 and I've found this example try-catching https://github.com/DefinitelyTyped/DefinitelyTyped/blob/dda83a906914489e09ca28afea12948529015d4a/types/node/readline.d.ts#L489
@@ -29,55 +28,43 @@ if (!argv_1.argv.updating && !config_1.showHelp) {
             .on('line', x => parseCommandLine(x).then(showPrompt))
             .on('SIGINT', () => process.emit('SIGINT')); // readline swallows the first ctrl+c unless we forward it to process-level handlers
         let isClean = true;
-        let cleaning;
-        const showPrompt = tty && (0, debounceAsync_1.debounceAsync)(async () => {
-            await cleaning;
+        const showPrompt = tty && lodash_1.default.debounce(() => {
             if (first_1.quitting || !tty)
                 return;
             prompter.prompt(true);
             isClean = false;
-        }, { wait: 100 });
+        }, 100);
         function clean() {
             if (isClean)
                 return;
-            return cleaning ||= new Promise(resolve => {
-                (0, node_readline_1.cursorTo)(process.stdout, 0, undefined, () => {
-                    resolve();
-                    cleaning = undefined;
-                    isClean = true;
-                });
-            });
+            // keep console methods synchronous: reposition the cursor immediately and let stream ordering preserve output sequence
+            (0, node_readline_1.cursorTo)(process.stdout, 0); // we don't need to clean as long as the prompt is never longer than the printed line
+            isClean = true;
         }
         showPrompt?.();
-        // print this hint when we have not been printing anything else for a while, to not get mixed too much
-        let printHintOnce = tty && lodash_1.default.debounce(() => {
-            (0, consoleLog_1.consoleHint)("this is an interactive console, you can enter commands");
-            printHintOnce = undefined; // never more
-        }, 2000);
-        setTimeout(() => lodash_1.default.each(console, (v, k) => {
-            if (!lodash_1.default.isFunction(v))
-                return;
-            console[k] = async (...args) => {
+        for (const k of ['log', 'warn', 'error', 'debug']) {
+            const v = console[k];
+            console[k] = (...args) => {
                 if (!first_1.quitting && tty)
-                    await clean();
+                    clean();
                 try {
                     v(...args);
                 }
                 finally {
                     showPrompt?.();
-                    printHintOnce?.();
                 }
             };
-        }), 1000); // avoid messing in making console methods async too soon and so preventing fatal errors to be printed before process.exit – TODO investigate how to avoid this async thing at all
+        }
     }
     catch {
         console.log("console commands not available");
     }
 }
 async function parseCommandLine(line) {
-    if (!line)
+    const tokens = Array.from(line.trim().matchAll(/"((?:\\.|[^"\\])*)"|'((?:\\.|[^'\\])*)'|((?:\\.|[^\s"'\\])+)/g)).map(m => (m[1] ?? m[2] ?? m[3] ?? '').replace(/\\([\\ "'"])/g, '$1')); // unescape
+    if (!tokens.length)
         return;
-    let [name, ...params] = line.trim().split(/ +/);
+    let [name, ...params] = tokens;
     name = aliases[name] || name;
     let cmd = commands[name];
     if (cmd?.alias)
@@ -195,6 +182,8 @@ const commands = {
     status: {
         params: '',
         async cb() {
+            const ports = await (0, listen_2.getServerStatus)(false);
+            console.log(lodash_1.default.map(ports, (x, k) => `${k.toUpperCase()} ${x.configuredPort < 0 ? "disabled" : x.listening ? `on port ${x.port}` : (x.error || "not working")}`).join(" – "));
             const conn = (await api_monitor_1.default.get_connection_stats().next()).value;
             if (conn) {
                 const { sent_got: sg } = conn;

package/src/comments.js CHANGED Viewed

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DESCRIPT_ION = void 0;
+exports.DESCRIPT_ION_ALT = exports.DESCRIPT_ION = void 0;
 exports.usingDescriptIon = usingDescriptIon;
 exports.getCommentFor = getCommentFor;
 exports.setCommentFor = setCommentFor;
@@ -17,7 +17,7 @@ const lodash_1 = __importDefault(require("lodash"));
 const iconv_lite_1 = __importDefault(require("iconv-lite"));
 const promises_1 = require("node:fs/promises");
 exports.DESCRIPT_ION = 'descript.ion';
-const DESCRIPT_ION_ALT = 'DESCRIPT.ION';
+exports.DESCRIPT_ION_ALT = 'DESCRIPT.ION';
 const commentsStorage = (0, config_1.defineConfig)(cross_1.CFG.comments_storage, '', v => ['', 'attr+ion'].includes(v)); // compiled tell us if we are using descript.ion
 (0, config_1.defineConfig)('descript_ion', true, (v, more) => {
     if (!v && more.version?.olderThan('0.57.0-alpha1'))
@@ -77,7 +77,7 @@ function areCommentsEnabled() {
 }
 async function filePathHelper(folder) {
     const main = (0, path_1.join)(folder, exports.DESCRIPT_ION);
-    const alt = (0, path_1.join)(folder, DESCRIPT_ION_ALT);
+    const alt = (0, path_1.join)(folder, exports.DESCRIPT_ION_ALT);
     return await (0, util_files_1.exists)(alt) && !await (0, util_files_1.exists)(main) ? alt : main;
 }
 const MULTILINE_SUFFIX = Buffer.from([4, 0xC2]);
@@ -102,6 +102,6 @@ async function readDescriptIon(path) {
 }
 descriptIonEncoding.sub(() => {
     for (const k of util_files_1.parseFileCache.keys())
-        if (k.endsWith(exports.DESCRIPT_ION) || k.endsWith(DESCRIPT_ION_ALT))
+        if (k.endsWith(exports.DESCRIPT_ION) || k.endsWith(exports.DESCRIPT_ION_ALT))
             util_files_1.parseFileCache.delete(k);
 });

package/src/config.js CHANGED Viewed

@@ -181,8 +181,11 @@ const saveDebounced = (0, debounceAsync_1.debounceAsync)(async () => {
     const aWeekAgo = Date.now() - cross_1.DAY * 7;
     if (await (0, util_files_1.statWithTimeout)(bak).then(x => aWeekAgo > x.mtimeMs, () => true))
         await (0, promises_1.copyFile)(filePath, bak).catch(() => { }); // ignore errors
-    await exports.configFile.save(stringify({ ...state, version: const_1.VERSION }))
-        .catch(err => console.error('Failed at saving config file, please ensure it is writable.', String(err)));
+    await exports.configFile.save(stringify({
+        ...state,
+        version: const_1.VERSION,
+        platform: `${process.platform}-${process.arch}${(0, cross_1.prefix)('-', !const_1.IS_BINARY && (0, path_1.basename)(process.execPath))}`,
+    })).catch(err => console.error('Failed at saving config file, please ensure it is writable.', String(err)));
 });
 const saveConfigAsap = () => void saveDebounced();
 exports.saveConfigAsap = saveConfigAsap;

package/src/const.js CHANGED Viewed

@@ -36,30 +36,16 @@ var __importStar = (this && this.__importStar) || (function () {
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CONFIG_FILE = exports.MIME_AUTO = exports.APP_PATH = exports.IS_BINARY = exports.IS_MAC = exports.IS_WINDOWS = exports.RUNNING_BETA = exports.VERSION = exports.BUILD_TIMESTAMP = exports.HFS_STARTED = exports.ORIGINAL_CWD = exports.DEV = exports.ARGS_FILE = exports.COMPATIBLE_API_VERSION = exports.API_VERSION = void 0;
-const minimist_1 = __importDefault(require("minimist"));
+exports.CONFIG_FILE = exports.MIME_AUTO = exports.APP_PATH = exports.IS_BINARY = exports.IS_MAC = exports.IS_WINDOWS = exports.RUNNING_BETA = exports.VERSION = exports.BUILD_TIMESTAMP = exports.HFS_STARTED = exports.ORIGINAL_CWD = exports.DEV = exports.COMPATIBLE_API_VERSION = exports.API_VERSION = void 0;
 const fs = __importStar(require("fs"));
 const os_1 = require("os");
-const lodash_1 = __importDefault(require("lodash"));
 const path_1 = require("path");
 const cross_1 = require("./cross");
 const argv_1 = require("./argv");
 __exportStar(require("./cross-const"), exports);
-exports.API_VERSION = 12.97;
+exports.API_VERSION = 13;
 exports.COMPATIBLE_API_VERSION = 1; // the day we break with the past, we'll update this
-// you can add arguments with this file, currently used for the update process on mac/linux
-exports.ARGS_FILE = (0, path_1.join)((0, os_1.homedir)(), 'hfs-args');
-try {
-    const s = fs.readFileSync(exports.ARGS_FILE, 'utf-8');
-    console.log('additional arguments', s);
-    lodash_1.default.defaults(argv_1.argv, (0, minimist_1.default)(JSON.parse(s)));
-    fs.unlinkSync(exports.ARGS_FILE);
-}
-catch { }
 exports.DEV = process.env.DEV ? 'DEV' : '';
 exports.ORIGINAL_CWD = process.cwd();
 exports.HFS_STARTED = new Date();

package/src/cross-const.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HTTP_MESSAGES = exports.HTTP_INSUFFICIENT_STORAGE = exports.HTTP_SERVICE_UNAVAILABLE = exports.HTTP_SERVER_ERROR = exports.HTTP_TOO_MANY_REQUESTS = exports.HTTP_FAILED_DEPENDENCY = exports.HTTP_FOOL = exports.HTTP_RANGE_NOT_SATISFIABLE = exports.HTTP_PAYLOAD_TOO_LARGE = exports.HTTP_PRECONDITION_FAILED = exports.HTTP_CONFLICT = exports.HTTP_NOT_ACCEPTABLE = exports.HTTP_METHOD_NOT_ALLOWED = exports.HTTP_NOT_FOUND = exports.HTTP_FORBIDDEN = exports.HTTP_UNAUTHORIZED = exports.HTTP_BAD_REQUEST = exports.HTTP_NOT_MODIFIED = exports.HTTP_TEMPORARY_REDIRECT = exports.HTTP_MOVED_PERMANENTLY = exports.HTTP_PARTIAL_CONTENT = exports.HTTP_NO_CONTENT = exports.HTTP_OK = exports.EMBEDDED_LANGUAGE = exports.HIDE_IN_TESTS = exports.ALLOW_SESSION_IP_CHANGE = exports.PREVIOUS_TAG = exports.MTIME_CHECK = exports.UPLOAD_TEMP_HASH = exports.HFS_REPO = exports.PLUGIN_CUSTOM_REST_PREFIX = exports.NBSP = exports.PORT_DISABLED = exports.ICONS_URI = exports.PLUGINS_PUB_URI = exports.API_URI = exports.ADMIN_URI = exports.FRONTEND_URI = exports.SPECIAL_URI = void 0;
+exports.HTTP_MESSAGES = exports.HTTP_INSUFFICIENT_STORAGE = exports.HTTP_SERVICE_UNAVAILABLE = exports.HTTP_SERVER_ERROR = exports.HTTP_TOO_MANY_REQUESTS = exports.HTTP_FAILED_DEPENDENCY = exports.HTTP_LOCKED = exports.HTTP_FOOL = exports.HTTP_RANGE_NOT_SATISFIABLE = exports.HTTP_PAYLOAD_TOO_LARGE = exports.HTTP_PRECONDITION_FAILED = exports.HTTP_CONFLICT = exports.HTTP_NOT_ACCEPTABLE = exports.HTTP_METHOD_NOT_ALLOWED = exports.HTTP_NOT_FOUND = exports.HTTP_FORBIDDEN = exports.HTTP_UNAUTHORIZED = exports.HTTP_BAD_REQUEST = exports.HTTP_NOT_MODIFIED = exports.HTTP_TEMPORARY_REDIRECT = exports.HTTP_MOVED_PERMANENTLY = exports.HTTP_PARTIAL_CONTENT = exports.HTTP_NO_CONTENT = exports.HTTP_CREATED = exports.HTTP_OK = exports.EMBEDDED_LANGUAGE = exports.MASK_IN_TESTS = exports.HIDE_IN_TESTS = exports.ALLOW_SESSION_IP_CHANGE = exports.PREVIOUS_TAG = exports.MTIME_CHECK = exports.UPLOAD_TEMP_HASH = exports.HFS_REPO = exports.PLUGIN_CUSTOM_REST_PREFIX = exports.NBSP = exports.PORT_DISABLED = exports.ICONS_URI = exports.PLUGINS_PUB_URI = exports.API_URI = exports.ADMIN_URI = exports.FRONTEND_URI = exports.SPECIAL_URI = void 0;
 exports.SPECIAL_URI = '/~/';
 exports.FRONTEND_URI = exports.SPECIAL_URI + 'frontend/';
 exports.ADMIN_URI = exports.SPECIAL_URI + 'admin/';
@@ -16,8 +16,10 @@ exports.MTIME_CHECK = 'x-mtime-check';
 exports.PREVIOUS_TAG = 'previous';
 exports.ALLOW_SESSION_IP_CHANGE = 'allow_session_ip_change';
 exports.HIDE_IN_TESTS = 'hideInTests'; // elements that have variable size, where masking would produce changes, must be hidden
-exports.EMBEDDED_LANGUAGE = 'en'; // frontend includes this language in the code, and not need to import the translation json
+exports.MASK_IN_TESTS = 'maskInTests';
+exports.EMBEDDED_LANGUAGE = 'en'; // frontend includes this language in the code, and not need to import the translation-json
 exports.HTTP_OK = 200;
+exports.HTTP_CREATED = 201;
 exports.HTTP_NO_CONTENT = 204;
 exports.HTTP_PARTIAL_CONTENT = 206;
 exports.HTTP_MOVED_PERMANENTLY = 301;
@@ -34,6 +36,7 @@ exports.HTTP_PRECONDITION_FAILED = 412;
 exports.HTTP_PAYLOAD_TOO_LARGE = 413;
 exports.HTTP_RANGE_NOT_SATISFIABLE = 416;
 exports.HTTP_FOOL = 418;
+exports.HTTP_LOCKED = 423;
 exports.HTTP_FAILED_DEPENDENCY = 424;
 exports.HTTP_TOO_MANY_REQUESTS = 429;
 exports.HTTP_SERVER_ERROR = 500;

package/src/cross.js CHANGED Viewed

@@ -17,7 +17,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PERM_KEYS = exports.defaultPerms = exports.WHO_ANY_ACCOUNT = exports.WHO_NO_ONE = exports.WHO_ANYONE = exports.LIST = exports.CFG = exports.THEME_OPTIONS = exports.SORT_BY_OPTIONS = exports.FRONTEND_OPTIONS = exports.MAX_TILE_SIZE = exports.DAY = exports.HOUR = exports.MINUTE = exports.WIKI_URL = exports.REPO_URL = exports.WEBSITE = void 0;
+exports.VFS_STORED_KEYS = exports.PERM_KEYS = exports.defaultPerms = exports.WHO_ANY_ACCOUNT = exports.WHO_NO_ONE = exports.WHO_ANYONE = exports.LIST = exports.CFG = exports.THEME_OPTIONS = exports.SORT_BY_OPTIONS = exports.FRONTEND_OPTIONS = exports.MAX_TILE_SIZE = exports.DAY = exports.HOUR = exports.MINUTE = exports.WIKI_URL = exports.REPO_URL = exports.WEBSITE = void 0;
 exports.isWhoObject = isWhoObject;
 exports.formatBytes = formatBytes;
 exports.formatSpeed = formatSpeed;
@@ -44,8 +44,6 @@ exports.wantArray = wantArray;
 exports._log = _log;
 exports._dbg = _dbg;
 exports.pendingPromise = pendingPromise;
-exports.basename = basename;
-exports.dirname = dirname;
 exports.tryJson = tryJson;
 exports.swap = swap;
 exports.isOrderedEqual = isOrderedEqual;
@@ -59,6 +57,7 @@ exports.typedKeys = typedKeys;
 exports.typedEntries = typedEntries;
 exports.hasProp = hasProp;
 exports.throw_ = throw_;
+exports.isAsyncIterable = isAsyncIterable;
 exports.filterMapGenerator = filterMapGenerator;
 exports.asyncGeneratorToArray = asyncGeneratorToArray;
 exports.repeat = repeat;
@@ -109,6 +108,7 @@ exports.MAX_TILE_SIZE = 10;
 exports.FRONTEND_OPTIONS = {
     file_menu_on_link: true,
     tile_size: 0,
+    page_size: 100,
     sort_by: 'name',
     invert_order: false,
     folders_first: true,
@@ -125,7 +125,7 @@ exports.CFG = constMap(['geo_enable', 'geo_allow', 'geo_list', 'geo_allow_unknow
     'log', 'error_log', 'log_rotation', 'dont_log_net', 'log_gui', 'log_api', 'log_ua', 'log_spam', 'track_ips',
     'max_downloads', 'max_downloads_per_ip', 'max_downloads_per_account', 'roots', 'force_address', 'split_uploads',
     'force_lang', 'suspend_plugins', 'base_url', 'size_1024', 'disable_custom_html', 'comments_storage',
-    'outbound_proxy']);
+    'force_webdav_login', 'webdav_initial_auth', 'outbound_proxy']);
 exports.LIST = { add: '+', remove: '-', update: '=', props: 'props', ready: 'ready', error: 'e' };
 exports.WHO_ANYONE = true;
 exports.WHO_NO_ONE = false;
@@ -139,6 +139,8 @@ exports.defaultPerms = {
     can_archive: 'can_read'
 };
 exports.PERM_KEYS = typedKeys(exports.defaultPerms);
+exports.VFS_STORED_KEYS = ['name', 'source', 'masks', 'default', 'accept', 'rename',
+    'mime', 'url', 'target', 'comment', 'icon', 'order', 'children', ...exports.PERM_KEYS];
 function constMap(a) {
     return Object.fromEntries(a.map(x => [x, x]));
 }
@@ -256,12 +258,6 @@ function pendingPromise() {
     const ret = new Promise((resolve, reject) => takeOut = { resolve, reject });
     return Object.assign(ret, takeOut);
 }
-function basename(path) {
-    return path.match(/([^\\/]+)[\\/]*$/)?.[1] || '';
-}
-function dirname(path) {
-    return path.slice(0, Math.max(0, path.lastIndexOf('/', path.length - 1)));
-}
 function tryJson(s, except) {
     try {
         return s && JSON.parse(s);
@@ -328,6 +324,9 @@ async function waitFor(cb, { interval = 200, timeout = Infinity } = {}) {
     }
 }
 function getOrSet(o, k, creator) {
+    if (o instanceof Map)
+        return o.get(k)
+            || with_(creator(), x => o.set(k, x) && x);
     return k in o ? o[k]
         : (o[k] = creator());
 }
@@ -359,6 +358,9 @@ function hasProp(obj, key) {
 function throw_(err) {
     throw err;
 }
+function isAsyncIterable(iterable) {
+    return Symbol.asyncIterator in iterable;
+}
 async function* filterMapGenerator(generator, filterMap) {
     for await (const x of generator) {
         const res = await filterMap(x);
@@ -449,8 +451,8 @@ async function promiseBestEffort(promises) {
     return res.filter(x => x.status === 'fulfilled').map((x) => x.value);
 }
 // encode paths leaving / separator unencoded (not like encodeURIComponent), but still encode #
-function pathEncode(s) {
-    return s.replace(/[:&#'"% ?\\]/g, escape); // escape() is not utf8, but we are encoding only ascii chars
+function pathEncode(s, all = false) {
+    return all ? encodeURI(s).replace(/#/g, escape) : s.replace(/[:&#'"% ?\\]/g, escape); // escape() is not utf8, but we are encoding only ascii chars
 }
 function pathDecode(s) { return decodeURI(s).replace(/%23/g, '#'); }
 // run at a specific point in time, also solving the limit of setTimeout, which doesn't work with +32bit delays
@@ -498,11 +500,12 @@ function inCommon(a, b) {
         i++;
     return i;
 }
-function mapFilter(arr, map, filter = (x) => x === undefined, invert = false) {
+function mapFilter(arr, map, filter, invert = false) {
+    const keep = filter ?? ((x) => x !== undefined);
     return arr[invert ? 'reduceRight' : 'reduce']((ret, x, idx) => {
         const y = map(x, idx);
-        if (filter(y))
-            ret.push(y); // push is much faster than unshift, therefore invert using reduceRight https://measurethat.net/Benchmarks/Show/29/0/array-push-vs-unshift
+        if (keep(y))
+            ret.push(y); // push is much faster than unshift, therefore, invert using reduceRight https://measurethat.net/Benchmarks/Show/29/0/array-push-vs-unshift
         return ret;
     }, []);
 }
@@ -573,4 +576,7 @@ const BROWSERS = {
     PS: /playstation/i,
     Xbox: /xbox/i,
     UC: /UCBrowser/i,
+    Finder: /WebDAVFS.+Darwin|WebDAVLib/,
+    Cyberduck: /^Cyberduck/,
+    ForkLift: /^ForkLift/,
 };