npm - hfs - Versions diffs - 3.1.4 → 3.2.0-alpha1.1 - Mend

hfs 3.1.4 → 3.2.0-alpha1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (219) hide show

package/admin/assets/af-RjyQ-neT.js +1 -0
package/admin/assets/am-PptHpglb.js +1 -0
package/admin/assets/ar-Du3syDxa.js +1 -0
package/admin/assets/ar-dz-CiziRh1x.js +1 -0
package/admin/assets/ar-iq-hCKg0CRP.js +1 -0
package/admin/assets/ar-kw-COYePt-p.js +1 -0
package/admin/assets/ar-ly-CY5yETqb.js +1 -0
package/admin/assets/ar-ma-DczXi97r.js +1 -0
package/admin/assets/ar-sa-Bu7sTKzl.js +1 -0
package/admin/assets/ar-tn-BrG0r6qZ.js +1 -0
package/admin/assets/az-DYRCrdk0.js +1 -0
package/admin/assets/be-DObSs5HX.js +1 -0
package/admin/assets/bg-BDBkMe50.js +1 -0
package/admin/assets/bi-CApXFwc6.js +1 -0
package/admin/assets/bm-CjxCV8Lr.js +1 -0
package/admin/assets/bn-DzWZbDi3.js +1 -0
package/admin/assets/bn-bd-ijdPRJbb.js +1 -0
package/admin/assets/bo-BDDfj5XH.js +1 -0
package/admin/assets/br-DRHEjait.js +1 -0
package/admin/assets/bs-B0Zv2Agm.js +1 -0
package/admin/assets/ca-DuZAUqU_.js +1 -0
package/admin/assets/cs-DVkylosR.js +1 -0
package/admin/assets/cv-8Is1Fns9.js +1 -0
package/admin/assets/cy-Bk30Or_y.js +1 -0
package/admin/assets/da-C41DIdZK.js +1 -0
package/admin/assets/de--qvLJgIE.js +1 -0
package/admin/assets/de-at-D5vCBlsw.js +1 -0
package/admin/assets/de-ch-Oh2cO23c.js +1 -0
package/admin/assets/dv-4ZO2KNbw.js +1 -0
package/admin/assets/el-CobOUqyu.js +1 -0
package/admin/assets/en-C9afClpS.js +1 -0
package/admin/assets/en-au-C_QMghEl.js +1 -0
package/admin/assets/en-ca-C80KILwc.js +1 -0
package/admin/assets/en-gb-BwQ0asAI.js +1 -0
package/admin/assets/en-ie-ConCcQkq.js +1 -0
package/admin/assets/en-il-CAOzD4DD.js +1 -0
package/admin/assets/en-in-87gardaO.js +1 -0
package/admin/assets/en-nz-uMTjgkDP.js +1 -0
package/admin/assets/en-sg-BlbiLv4L.js +1 -0
package/admin/assets/en-tt-BXXmBax2.js +1 -0
package/admin/assets/eo-BBL7o-0W.js +1 -0
package/admin/assets/es-DuNej-79.js +1 -0
package/admin/assets/es-do-bZWKFwTE.js +1 -0
package/admin/assets/es-mx-C2Lfb86F.js +1 -0
package/admin/assets/es-pr-wU3Du8m-.js +1 -0
package/admin/assets/es-us-qcU-zRiw.js +1 -0
package/admin/assets/et-B-4PjN_n.js +1 -0
package/admin/assets/eu-D0pNDZ9i.js +1 -0
package/admin/assets/fa-R_zmYBGc.js +1 -0
package/admin/assets/fi-CWYS_0Hg.js +1 -0
package/admin/assets/fo-aJYpcnWS.js +1 -0
package/admin/assets/fr-BHFrWfwB.js +1 -0
package/admin/assets/fr-ca-ihwmO47n.js +1 -0
package/admin/assets/fr-ch-Cb8XbRfE.js +1 -0
package/admin/assets/fy-DT9BUc6t.js +1 -0
package/admin/assets/ga-B8p4naXJ.js +1 -0
package/admin/assets/gd-Dzrl6rPc.js +1 -0
package/admin/assets/gl-bN2tXl9d.js +1 -0
package/admin/assets/gom-latn-DUK8PgIJ.js +1 -0
package/admin/assets/gu-CxAIP8fw.js +1 -0
package/admin/assets/he-Bm9XJVAj.js +1 -0
package/admin/assets/hi-CHik9Qxx.js +1 -0
package/admin/assets/hr-Dn57_dqN.js +1 -0
package/admin/assets/ht-BRS-FrJq.js +1 -0
package/admin/assets/hu-hVaGcZ-U.js +1 -0
package/admin/assets/hy-am-heLxXhpz.js +1 -0
package/admin/assets/id-B6AkO4h8.js +1 -0
package/admin/assets/{index-DTxjaflW.js → index-Buyl8rI8.js} +1 -1
package/admin/assets/index-CFWd-FDo.css +1 -0
package/admin/assets/index-WXxQwyJV.js +889 -0
package/admin/assets/is-BUADPoni.js +1 -0
package/admin/assets/it-Ce3gssOP.js +1 -0
package/admin/assets/it-ch-CJzj2czr.js +1 -0
package/admin/assets/ja-DykMIu-9.js +1 -0
package/admin/assets/jv-Cum6DLwa.js +1 -0
package/admin/assets/ka-foCPVFxw.js +1 -0
package/admin/assets/kk-CMNu1ysC.js +1 -0
package/admin/assets/km-BfMisGaD.js +1 -0
package/admin/assets/kn-R_9S5KJz.js +1 -0
package/admin/assets/ko-DYRND-mM.js +1 -0
package/admin/assets/ku-CNZ_weGy.js +1 -0
package/admin/assets/ky-BhTAWL4I.js +1 -0
package/admin/assets/lb-CxWhQxwF.js +1 -0
package/admin/assets/lo-DBL_XLkE.js +1 -0
package/admin/assets/lt-BakZVm4p.js +1 -0
package/admin/assets/lv-CCn-slXG.js +1 -0
package/admin/assets/me-xPEA4qjE.js +1 -0
package/admin/assets/mi-6cCs2Mzx.js +1 -0
package/admin/assets/mk-CwWbHJPS.js +1 -0
package/admin/assets/ml-Dp7Ab1SV.js +1 -0
package/admin/assets/mn-ClotGWAe.js +1 -0
package/admin/assets/mr-GiM-paTF.js +1 -0
package/admin/assets/ms-BiZ1_eVR.js +1 -0
package/admin/assets/ms-my-oevI0fOH.js +1 -0
package/admin/assets/mt-BaIHeOl1.js +1 -0
package/admin/assets/my-Cg5Fc_1j.js +1 -0
package/admin/assets/nb-ZPODjT6R.js +1 -0
package/admin/assets/ne-C0ti-ZX2.js +1 -0
package/admin/assets/nl-DP2PkkGx.js +1 -0
package/admin/assets/nl-be-VPC0QyaW.js +1 -0
package/admin/assets/nn-NLidKyJd.js +1 -0
package/admin/assets/oc-lnc-Ddj9_PnD.js +1 -0
package/admin/assets/pa-in-DSAWffhb.js +1 -0
package/admin/assets/pl-Yojex5aS.js +1 -0
package/admin/assets/pt-BQMs2la2.js +1 -0
package/admin/assets/pt-br-DVeeNZu8.js +1 -0
package/admin/assets/rn-CKkTrK3f.js +1 -0
package/admin/assets/ro-BbgGULSZ.js +1 -0
package/admin/assets/ru-mAZX3DTa.js +1 -0
package/admin/assets/rw-CYErOxKd.js +1 -0
package/admin/assets/sd-kfPTqkSy.js +1 -0
package/admin/assets/se-D0bN3rDS.js +1 -0
package/admin/assets/{sha512-D936QW8l.js → sha512-99nhg44S.js} +1 -1
package/admin/assets/si-COjb_4Hy.js +1 -0
package/admin/assets/sk-Co95XNOo.js +1 -0
package/admin/assets/sl-DUXa5wTF.js +1 -0
package/admin/assets/sq-B-KU0nWK.js +1 -0
package/admin/assets/sr-Cb_b-zPG.js +1 -0
package/admin/assets/sr-cyrl-csuTDIB6.js +1 -0
package/admin/assets/ss-BDnE-cG6.js +1 -0
package/admin/assets/sv-CzWdOHcE.js +1 -0
package/admin/assets/sv-fi-IK8oi5nB.js +1 -0
package/admin/assets/sw-fPHo5hof.js +1 -0
package/admin/assets/ta-TteN0nyU.js +1 -0
package/admin/assets/te-2gsQb1fF.js +1 -0
package/admin/assets/tet-ClTpDYJv.js +1 -0
package/admin/assets/tg-Bel7Uc6z.js +1 -0
package/admin/assets/th-pDQttM9V.js +1 -0
package/admin/assets/tk-CxoKYZH6.js +1 -0
package/admin/assets/tl-ph-D9htRcOQ.js +1 -0
package/admin/assets/tlh-7UqvDBxU.js +1 -0
package/admin/assets/tr-NjJrq1iC.js +1 -0
package/admin/assets/tzl-CzGaXn8M.js +1 -0
package/admin/assets/tzm-BiuscZFr.js +1 -0
package/admin/assets/tzm-latn-IeWkCgWf.js +1 -0
package/admin/assets/ug-cn-5LK64x5v.js +1 -0
package/admin/assets/uk-CzacUaQe.js +1 -0
package/admin/assets/ur-BRV7z4Gu.js +1 -0
package/admin/assets/uz-C4G77QOI.js +1 -0
package/admin/assets/uz-latn-CQFrzZ6F.js +1 -0
package/admin/assets/vi-DEFXdlJi.js +1 -0
package/admin/assets/x-pseudo-sWj5RKxR.js +1 -0
package/admin/assets/yo-CBDjk96e.js +1 -0
package/admin/assets/zh-CQtX_fkD.js +1 -0
package/admin/assets/zh-cn-D6dF0jKM.js +1 -0
package/admin/assets/zh-hk-DY-Jaqdg.js +1 -0
package/admin/assets/zh-tw-BdmVby0R.js +1 -0
package/admin/index.html +2 -2
package/frontend/assets/index-legacy-BtoTkZho.js +9 -0
package/frontend/assets/{index-legacy-CQ3_LTGh.js → index-legacy-CQovmh_0.js} +1 -1
package/frontend/assets/{sha512-legacy-DLqdsV8R.js → sha512-legacy-CXU3efCO.js} +1 -1
package/frontend/index.html +1 -1
package/npm-shrinkwrap.json +170 -81
package/package.json +9 -9
package/plugins/antibrute/plugin.js +150 -19
package/plugins/list-uploader/public/main.js +1 -1
package/src/acme.js +11 -7
package/src/api.accounts.js +3 -3
package/src/api.auth.js +3 -1
package/src/api.get_file_list.js +16 -12
package/src/api.monitor.js +47 -43
package/src/api.net.js +4 -3
package/src/api.vfs.js +1 -1
package/src/commands.js +54 -1
package/src/config.js +9 -5
package/src/consoleLog.js +39 -1
package/src/const.js +5 -1
package/src/cross.js +22 -1
package/src/errorPages.js +20 -10
package/src/events.js +1 -0
package/src/fileAttr.js +73 -15
package/src/frontEndApis.js +3 -1
package/src/index.js +2 -1
package/src/langs/hfs-lang-ar.json +2 -1
package/src/langs/hfs-lang-bg.json +2 -1
package/src/langs/hfs-lang-de.json +2 -1
package/src/langs/hfs-lang-el.json +2 -1
package/src/langs/hfs-lang-es.json +2 -1
package/src/langs/hfs-lang-fi.json +2 -1
package/src/langs/hfs-lang-fr.json +2 -1
package/src/langs/hfs-lang-hu.json +2 -1
package/src/langs/hfs-lang-it.json +2 -1
package/src/langs/hfs-lang-ja.json +2 -1
package/src/langs/hfs-lang-ko.json +2 -1
package/src/langs/hfs-lang-lt.json +2 -1
package/src/langs/hfs-lang-ms.json +2 -0
package/src/langs/hfs-lang-nl.json +2 -1
package/src/langs/hfs-lang-pt-br.json +2 -1
package/src/langs/hfs-lang-ro.json +2 -1
package/src/langs/hfs-lang-ru.json +2 -1
package/src/langs/hfs-lang-sr-latn.json +2 -1
package/src/langs/hfs-lang-sr.json +2 -1
package/src/langs/hfs-lang-th.json +2 -1
package/src/langs/hfs-lang-tr.json +2 -1
package/src/langs/hfs-lang-uk.json +2 -1
package/src/langs/hfs-lang-vi.json +2 -1
package/src/langs/hfs-lang-zh-tw.json +2 -1
package/src/langs/hfs-lang-zh.json +2 -1
package/src/listen.js +2 -1
package/src/log.js +27 -2
package/src/middlewares.js +8 -2
package/src/misc.js +14 -0
package/src/nat.js +57 -20
package/src/outboundProxy.js +1 -1
package/src/perm.js +5 -1
package/src/plugins.js +34 -5
package/src/serveGuiAndSharedFiles.js +1 -0
package/src/serveGuiFiles.js +1 -0
package/src/update.js +9 -15
package/src/urlList.js +32 -0
package/src/util-files.js +15 -5
package/src/util-http.js +2 -0
package/src/vfs.js +1 -1
package/src/walkDir.js +7 -1
package/src/webdav.js +4 -1
package/src/zip.js +2 -1
package/admin/assets/index-B66w-a0v.css +0 -1
package/admin/assets/index-Df6vYR7s.js +0 -822
package/frontend/assets/index-legacy-D6nPw49_.js +0 -9

package/plugins/antibrute/plugin.js CHANGED Viewed

@@ -1,4 +1,4 @@
-exports.version = 3.1
+exports.version = 3.2
 exports.description = "Introduce increasing delays between login attempts."
 exports.apiRequired = 9.6 // addBlock
@@ -8,42 +8,173 @@ exports.config = {
     blockAfter: { type: 'number', xs: 6, min: 1, max: 9999, defaultValue: 100, label: "Block IP after", unit: "attempts", helperText: "localhost excluded" },
     blockForHours: { type: 'number', xs: 6, min: 0, defaultValue: 24, label: "Block for", unit: "hours" },
     exclude: { type: 'string', defaultValue: '', label: "Exclude IPs", helperText: "Net mask syntax" },
+    maxQueuePerIp: { type: 'number', min: 1, max: 9999, defaultValue: 32, label: "Max queued per IP" },
+    maxQueuePerAccount: { type: 'number', min: 1, max: 9999, defaultValue: 16, label: "Max queued per account" },
+    maxQueueGlobal: { type: 'number', min: 1, max: 999999, defaultValue: 512, label: "Max queued globally" },
 }
 exports.configDialog = {
     maxWidth: 'xs',
 }
 const byIp = {}
+const byAccount = {}
+const laneByIp = {}
+const laneByAccount = {}
+const UNKNOWN_ACCOUNT = 'unknown\t'
 exports.init = api => {
     const { isLocalHost, HOUR, netMatches } = api.misc
+    const { makeQ } = api.require('./makeQ')
+    const gateQ = makeQ(1)
+    let waitingGlobal = 0
+    const QUEUE_FULL = Symbol('queue_full')
     api.events.multi({
-        async attemptingLogin({ ctx }) {
+        async attemptingLogin({ ctx, username }) {
             const { ip } = ctx
-            const now = new Date
-            const rec = byIp[ip] ||= { attempts: 0, next: now }
-            const max = api.getConfig('max') * 1000
-            const delay = Math.min(max, 1000 * api.getConfig('increment') * ++rec.attempts)
-            const wait = rec.next - now
-            rec.next = new Date(+rec.next + delay)
-            if (rec.attempts > api.getConfig('blockAfter') && !isLocalHost(ctx) && !isExcluded(ip)) {
-                const hours = api.getConfig('blockForHours')
-                api.addBlock({ ip, comment: "From antibrute plugin", expire: hours ? new Date(now.getTime() + hours * HOUR) : undefined })
+            const account = getAccountKey(username)
+            const ipRec = getRecord(byIp, ip)
+            const accountRec = getRecord(byAccount, account)
+            let admitted = false
+            try {
+                await runGate(() => {
+                    if (ipRec.waiting >= api.getConfig('maxQueuePerIp')
+                    || accountRec.waiting >= api.getConfig('maxQueuePerAccount')
+                    || waitingGlobal >= api.getConfig('maxQueueGlobal'))
+                        throw QUEUE_FULL
+                    // reserve all buckets atomically so we never exceed limits due to parallel requests
+                    ipRec.waiting++
+                    accountRec.waiting++
+                    waitingGlobal++
+                    admitted = true
+                })
+                // serialize waits per ip and per account so parallel bursts can't consume the same penalty window
+                await runInLane(getLane(laneByIp, ip), () =>
+                    runInLane(getLane(laneByAccount, account), async () => {
+                        const now = Date.now()
+                        const wait = Math.max(0, ipRec.next - now, accountRec.next - now)
+                        if (wait <= 0) return
+                        api.log('delaying', ip, 'for', Math.round(wait / 1000))
+                        ctx.set('x-anti-brute-force', wait)
+                        await new Promise(resolve => setTimeout(resolve, wait))
+                    }))
+            }
+            catch (e) {
+                if (e === QUEUE_FULL) {
+                    ctx.status = 429
+                        return api.events.stop
+                }
+                throw e
             }
-            clearTimeout(rec.timer)
-            if (wait > 0) {
-                api.log('delaying', ip, 'for', Math.round(wait / 1000))
-                ctx.set('x-anti-brute-force', wait)
-                await new Promise(resolve => setTimeout(resolve, wait))
+            finally {
+                if (admitted) {
+                    ipRec.waiting--
+                    accountRec.waiting--
+                    waitingGlobal--
+                }
+                armCleanup(byIp, ip, ipRec)
+                armCleanup(byAccount, account, accountRec)
+                dropLaneIfIdle(laneByIp, ip)
+                dropLaneIfIdle(laneByAccount, account)
             }
-            rec.timer = setTimeout(() => delete byIp[ip], 24 * HOUR) // no memory leak
+        },
+        failedLogin({ ctx, username }) {
+            const { ip } = ctx
+            const account = getAccountKey(username)
+            const now = Date.now()
+            const ipRec = getRecord(byIp, ip)
+            const accountRec = getRecord(byAccount, account)
+            const ipAttempts = increasePenalty(ipRec, now)
+            increasePenalty(accountRec, now)
+            if (ipAttempts > api.getConfig('blockAfter') && !isLocalHost(ctx) && !isExcluded(ip)) {
+                const hours = api.getConfig('blockForHours')
+                api.addBlock({ ip, comment: "From antibrute plugin", expire: hours ? new Date(now + hours * HOUR) : undefined })
+            }
+            armCleanup(byIp, ip, ipRec)
+            armCleanup(byAccount, account, accountRec)
+            dropLaneIfIdle(laneByIp, ip)
+            dropLaneIfIdle(laneByAccount, account)
         },
         login(ctx) {
-            if (ctx.state.account)
-                delete byIp[ctx.ip] // reset if login was successful
+            if (ctx.state.account) {
+                const { ip } = ctx
+                const account = getAccountKey(ctx.state.account.username)
+                resetRecord(byIp, ip)
+                resetRecord(byAccount, account)
+                dropLaneIfIdle(laneByIp, ip)
+                dropLaneIfIdle(laneByAccount, account)
+            }
         }
     })
+    function getRecord(container, key) {
+        return container[key] ||= { failures: 0, next: 0, waiting: 0 }
+    }
+    function increasePenalty(rec, now) {
+        const attempts = ++rec.failures
+        const max = api.getConfig('max') * 1000
+        const delay = Math.min(max, attempts * api.getConfig('increment') * 1000)
+        rec.next = Math.max(now, rec.next) + delay
+        return attempts
+    }
+    function armCleanup(records, key, rec) {
+        clearTimeout(rec.timer)
+        rec.timer = setTimeout(() => {
+            // keep records while there are in-flight admissions, otherwise later releases may touch deleted state
+            if (rec.waiting)
+                return armCleanup(records, key, rec)
+            delete records[key]
+        }, 24 * HOUR) // no memory leak
+    }
+    function runGate(job) {
+        return new Promise((resolve, reject) => {
+            gateQ.add(async () => {
+                try { resolve(await job()) }
+                catch (e) { reject(e) }
+            })
+        })
+    }
+    function getLane(container, key) {
+        return container[key] ||= makeQ(1)
+    }
+    function runInLane(q, job) {
+        return new Promise((resolve, reject) => {
+            q.add(async () => {
+                try { resolve(await job()) }
+                catch (e) { reject(e) }
+            })
+        })
+    }
+    function dropLaneIfIdle(container, key) {
+        const q = container[key]
+        if (q?.isWorking() || q?.queueSize()) return
+        delete container[key]
+    }
+    function resetRecord(container, key) {
+        const rec = container[key]
+        if (!rec) return
+        if (rec.waiting) {
+            // successful login must clear penalties without dropping admission counters still needed by concurrent requests
+            rec.failures = 0
+            rec.next = 0
+            return
+        }
+        delete container[key]
+    }
+    function getAccountKey(username) {
+        // fold unknown usernames together to avoid unbounded memory growth from random names
+        if (!username || !api.getAccount(String(username)))
+            return UNKNOWN_ACCOUNT
+        return String(username).toLowerCase()
+    }
     function isExcluded(ip) {
         const mask = api.getConfig('exclude')
         if (!mask) return false

package/plugins/list-uploader/public/main.js CHANGED Viewed

@@ -6,7 +6,7 @@
         HFS.h(Uploader, entry))
     function Uploader({ uri }) {
-        const { data } = HFS.useBatch(getDetails, uri)
+        const { data } = HFS.useBatch(getDetails, uri, { depend: HFS.state.isAdmin })
         const text = React.useMemo(() => {
             if (!data || data === true) return ''
             const { upload: x } = data

package/src/acme.js CHANGED Viewed

@@ -32,17 +32,21 @@ const acmeMiddleware = (ctx, next) => {
         return next();
 };
 exports.acmeMiddleware = acmeMiddleware;
-const TEMP_MAP = { private: 80, public: { host: '', port: 80 }, description: 'hfs temporary', ttl: 5000 }; // from my tests (zyxel VMG8825), lower values won't make a working mapping
+const TEMP_MAP = (0, nat_1.upnpMappingParam)(80, 80, 'hfs temporary', 5000); // from my tests (zyxel VMG8825), lower values won't make a working mapping
+// remove temporary port mapping, if any is left from previous execution
 (0, misc_1.repeat)(misc_1.MINUTE, async (stop) => {
-    await nat_1.upnpClient.getGateway(); // without this, the next call will break upnp support
-    const res = await nat_1.upnpClient.getMappings();
+    if (!await nat_1.upnpEnabled.getWhenReady())
+        return stop();
+    const client = (0, nat_1.getUpnpClient)();
+    await client.getGateway(); // without this, the next call will break upnp support
+    const res = await client.getMappings();
     const leftover = res.find(x => x.description === TEMP_MAP.description); // in case the process is interrupted
     if (!leftover)
         return void stop(); // we are good
     if (acmeOngoing)
         return; // it doesn't count, as we are in the middle of something. Retry later
     stop();
-    return nat_1.upnpClient.removeMapping(TEMP_MAP);
+    return client.removeMapping(TEMP_MAP);
 });
 async function generateSSLCert(domain, email, altNames) {
     // will answer the challenge through our koa app (if on port 80) or must we spawn a dedicated server?
@@ -63,7 +67,7 @@ async function generateSSLCert(domain, email, altNames) {
         let check = await (0, selfCheck_1.selfCheck)(checkUrl); // some check services may not consider the domain, but we already verified that
         if (check?.success === false && nat.upnp && !nat.mapped80) {
             console.debug("Setting temporary port forward");
-            tempMap = await (0, misc_1.haveTimeout)(10_000, nat_1.upnpClient.createMapping(TEMP_MAP).catch(() => { })).catch(() => { });
+            tempMap = await (0, misc_1.haveTimeout)(10_000, (0, nat_1.getUpnpClient)().createMapping(TEMP_MAP)).catch(() => { });
             check = await (0, selfCheck_1.selfCheck)(checkUrl); // repeat test
         }
         //if (!check) throw new ApiError(HTTP_FAILED_DEPENDENCY, "couldn't test port 80")
@@ -88,9 +92,9 @@ async function generateSSLCert(domain, email, altNames) {
         return { key, cert };
     }
     finally {
-        if (tempMap) {
+        if (tempMap && nat_1.upnpEnabled.get()) {
             console.debug("Removing temporary port forward");
-            nat_1.upnpClient.removeMapping(TEMP_MAP).catch(() => { }); // clean after ourselves
+            (0, nat_1.getUpnpClient)().removeMapping(TEMP_MAP).catch(() => { }); // clean after ourselves
         }
         acmeOngoing = false;
         if (tempSrv)

package/src/api.accounts.js CHANGED Viewed

@@ -16,9 +16,9 @@ function prepareAccount(ac) {
         ...lodash_1.default.omit(ac, ['password', 'hashed_password', 'srp']),
         username: ac.username, // omit won't copy it because it's a hidden prop
         hasPassword: (0, perm_1.accountHasPassword)(ac),
-        isGroup: !ac.plugin?.auth && !(0, perm_1.accountHasPassword)(ac),
+        isGroup: !(0, perm_1.accountHasLoginMethod)(ac),
         adminActualAccess: (0, perm_1.accountCanLoginAdmin)(ac),
-        canLogin: (0, perm_1.accountHasPassword)(ac) ? (0, perm_1.accountCanLogin)(ac) : undefined,
+        canLogin: (0, perm_1.accountHasLoginMethod)(ac) ? (0, perm_1.accountCanLogin)(ac) : undefined,
         canChangePassword: (0, perm_1.accountCanChangePassword)(ac),
         invalidated: auth_1.invalidateSessionBefore.get(ac.username),
         directMembers: Object.values(perm_1.accounts.get()).filter(a => a.belongs?.includes(ac.username)).map(x => x.username),
@@ -33,7 +33,7 @@ function prepareAccount(ac) {
         })
     };
 }
-const ALLOWED_KEYS = ['admin', 'allow_net', 'belongs', 'days_to_live', 'disable_password_change',
+const ALLOWED_KEYS = ['admin', 'allow_net', 'auto_login_net', 'belongs', 'days_to_live', 'disable_password_change',
     'disabled', 'expire', 'ignore_limits', 'notes', 'password', 'redirect', 'require_password_change', 'username'];
 exports.default = {
     get_usernames() {

package/src/api.auth.js CHANGED Viewed

@@ -18,10 +18,12 @@ const ongoingLogins = {}; // store data that doesn't fit session object
 const keepSessionAlive = (0, config_1.defineConfig)('keep_session_alive', true);
 const refresh_session = async ({}, ctx) => {
     const username = (0, auth_1.getCurrentUsername)(ctx);
+    const isAdmin = (0, adminApis_1.ctxAdminAccess)(ctx) || undefined;
     return !ctx.session ? new apiMiddleware_1.ApiError(const_1.HTTP_SERVER_ERROR) : {
         username,
         expandedUsername: Array.from((0, perm_1.expandUsername)(username)),
-        adminUrl: (0, adminApis_1.ctxAdminAccess)(ctx) ? ctx.state.revProxyPath + const_1.ADMIN_URI : undefined,
+        isAdmin,
+        adminUrl: isAdmin && ctx.state.revProxyPath + const_1.ADMIN_URI,
         canChangePassword: (0, perm_1.accountCanChangePassword)(ctx.state.account),
         requireChangePassword: ctx.state.account?.require_password_change,
         exp: username && keepSessionAlive.get() ? new Date(Date.now() + middlewares_1.sessionDuration.compiled()) : undefined,

package/src/api.get_file_list.js CHANGED Viewed

@@ -44,7 +44,7 @@ const get_file_list = async ({ uri = '/', offset, limit, c, onlyFolders, onlyFil
     limit = Number(limit);
     const { filterName, filterComment, fileMask, depth } = paramsToFilter(rest);
     const walker = (0, vfs_1.walkNode)(node, { ctx: admin ? undefined : ctx, onlyFolders, onlyFiles, depth });
-    const onDirEntryHandlers = (0, plugins_1.mapPlugins)(plug => plug.onDirEntry);
+    const onDirEntryHandlers = (0, plugins_1.mapPlugins)((plug, id) => plug.onDirEntry && { id, cb: plug.onDirEntry });
     const can_upload = admin || (0, vfs_1.hasPermission)(node, 'can_upload', ctx);
     const can_delete = admin || (0, vfs_1.hasPermission)(node, 'can_delete', ctx);
     const fakeChild = await (0, vfs_1.applyParentToChild)({ source: 'dummy-file', original: undefined }, node); // used to check permission; simple but can produce false results; 'original' to simulate a non-vfs node
@@ -74,7 +74,7 @@ const get_file_list = async ({ uri = '/', offset, limit, c, onlyFolders, onlyFil
     async function* produceEntries() {
         for await (const sub of walker) {
             let name = (0, vfs_1.getNodeName)(sub);
-            name = (0, path_1.basename)(name) || name; // on windows, basename('C:') === ''
+            name = (0, path_1.basename)(name) || name; // on Windows, basename('C:') === ''
             if (filterName && !filterName(name) || fileMask && !(0, vfs_1.nodeIsFolder)(sub) && !fileMask(name)
                 || filterComment && !filterComment(await (0, comments_1.getCommentFor)(sub.source) || ''))
                 continue;
@@ -83,15 +83,15 @@ const get_file_list = async ({ uri = '/', offset, limit, c, onlyFolders, onlyFil
                 continue;
             const cbParams = { entry, ctx, listUri: uri, node: sub };
             try {
-                const res = await Promise.all(onDirEntryHandlers.map(cb => cb(cbParams)));
+                const res = await Promise.all(onDirEntryHandlers.map(({ id, cb }) => Promise.resolve().then(() => cb(cbParams)).catch(error => { throw { id, error }; })));
                 if (res.some(x => x === false))
                     continue;
-                if ((await events_1.default.emitAsync('dirEntry', cbParams))?.isDefaultPrevented())
-                    continue;
             }
             catch (e) {
-                console.warn("A plugin is causing problems on dirEntry:", e);
+                console.warn(`Plugin ${e?.id || '?'} is causing problems on onDirEntry:`, e?.error ?? e);
             }
+            if ((await events_1.default.emitAsync('dirEntry', cbParams))?.isDefaultPrevented())
+                continue;
             if (offset) {
                 --offset;
                 continue;
@@ -111,10 +111,14 @@ const get_file_list = async ({ uri = '/', offset, limit, c, onlyFolders, onlyFil
         const name = (0, vfs_1.getNodeName)(node);
         const isFolder = (0, vfs_1.nodeIsFolder)(node);
         try {
-            const st = source ? await (node.stats || (0, misc_1.statWithTimeout)(source).catch(e => {
-                if (!isFolder || !node.children?.length) // folders with virtual children, keep them
-                    throw e;
-            })) : undefined;
+            const [web, comment, st] = await Promise.all([
+                (0, vfs_1.hasDefaultFile)(node, ctx).then(x => x ? true : undefined),
+                node.comment ?? (0, comments_1.getCommentFor)(source),
+                (0, vfs_1.nodeStats)(node).catch(e => {
+                    if (!isFolder || !node.children?.length) // folders with virtual children, keep them
+                        throw e;
+                })
+            ]);
             // permissions of entries are sent as a difference with permissions of parent
             const pl = node.can_list === misc_1.WHO_NO_ONE ? 'l'
                 : !(0, vfs_1.hasPermission)(node, 'can_list', ctx) ? 'L'
@@ -136,9 +140,9 @@ const get_file_list = async ({ uri = '/', offset, limit, c, onlyFolders, onlyFil
                 url,
                 target: node.target,
                 order: node.order,
-                comment: node.comment ?? await (0, comments_1.getCommentFor)(source),
+                comment,
                 icon: getNodeIcon(node),
-                web: await (0, vfs_1.hasDefaultFile)(node, ctx) ? true : undefined,
+                web,
             };
         }
         catch {

package/src/api.monitor.js CHANGED Viewed

@@ -4,6 +4,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.serializeConnection = serializeConnection;
+exports.inferOperation = inferOperation;
 const lodash_1 = __importDefault(require("lodash"));
 const connections_1 = require("./connections");
 const misc_1 = require("./misc");
@@ -11,6 +13,7 @@ const throttler_1 = require("./throttler");
 const auth_1 = require("./auth");
 const SendList_1 = require("./SendList");
 const persistence_1 = require("./persistence");
+const cross_1 = require("./cross");
 exports.default = {
     async disconnect({ ip, port, allButLocalhost }) {
         (0, misc_1.apiAssertTypes)({
@@ -28,25 +31,21 @@ exports.default = {
     get_connections({}, ctx) {
         const list = new SendList_1.SendListReadable({
             diff: true,
-            addAtStart: (0, connections_1.getConnections)().map(c => !ignore(c) && serializeConnection(c)).filter(Boolean),
+            addAtStart: (0, connections_1.getConnections)().map(serializeConnection),
         });
         list.props({ you: ctx.ip });
         return list.events(ctx, {
             connection(conn) {
-                if (ignore(conn))
-                    return;
                 list.add(serializeConnection(conn));
             },
             connectionClosed(conn) {
-                if (ignore(conn))
-                    return;
                 list.remove(getConnAddress(conn));
             },
             connectionNewIp(conn, oldIp, newIp) {
                 list.update(getConnAddress(conn, oldIp), { ip: newIp });
             },
             connectionUpdated(conn, change) {
-                if (conn.socket.closed || ignore(conn) || ignore(change) || lodash_1.default.isEmpty(change))
+                if (conn.socket.closed || lodash_1.default.isEmpty(change))
                     return;
                 if (change.ctx) {
                     Object.assign(change, fromCtx(change.ctx));
@@ -55,48 +54,16 @@ exports.default = {
                 list.update(getConnAddress(conn), change);
             },
         });
-        function serializeConnection(conn) {
-            const { socket, started, secure } = conn;
-            return {
-                ...getConnAddress(conn),
-                v: (socket.remoteFamily?.endsWith('6') ? 6 : 4),
-                got: socket.bytesRead,
-                sent: socket.bytesWritten,
-                country: conn.country,
-                started,
-                secure: (secure || undefined), // undefined will save some space once json-ed
-                ...fromCtx(conn.ctx),
-            };
-        }
-        function fromCtx(ctx) {
-            if (!ctx)
-                return;
-            const s = ctx.state; // short alias
-            return {
-                user: (0, auth_1.getCurrentUsername)(ctx),
-                agent: (0, misc_1.shortenAgent)(ctx.get('user-agent')),
-                archive: s.archive,
-                ...s.browsing ? { op: 'browsing', path: (0, misc_1.safeDecodeURIComponent)(s.browsing) }
-                    : s.uploadPath ? { op: 'upload', path: (0, misc_1.safeDecodeURIComponent)(s.uploadPath) }
-                        : {
-                            op: !s.considerAsGui && (ctx.state.archive || ctx.state.vfsNode) ? 'download' : undefined,
-                            path: (0, misc_1.safeDecodeURIComponent)(ctx.originalUrl),
-                        },
-                opProgress: lodash_1.default.isNumber(s.opProgress) ? lodash_1.default.round(s.opProgress, 3) : undefined,
-                opTotal: s.opTotal,
-                opOffset: s.opOffset,
-            };
-        }
     },
     async *get_connection_stats() {
         while (1) {
-            const filtered = (0, connections_1.getConnections)().filter(x => !ignore(x));
+            const connections = (0, connections_1.getConnections)();
             yield {
                 outSpeedKb: throttler_1.totalOutSpeedKb,
                 inSpeedKb: throttler_1.totalInSpeedKb,
                 sent_got: [throttler_1.totalSent.get(), throttler_1.totalGot.get(), totalGotSentResetTime.get()],
-                connections: filtered.length,
-                ips: lodash_1.default.uniqBy(filtered, x => x.ip).length,
+                connections: connections.length,
+                ips: (0, cross_1.countUniqueBy)(connections, conn => conn.ip),
             };
             await (0, misc_1.wait)(1000);
         }
@@ -108,8 +75,45 @@ exports.default = {
             void persistence_1.storedMap.del(x);
     },
 };
-function ignore(conn) {
-    return false; //conn.socket && isLocalHost(conn)
+function serializeConnection(conn) {
+    const { socket, started, secure } = conn;
+    return {
+        ...getConnAddress(conn),
+        v: (socket.remoteFamily?.endsWith('6') ? 6 : 4),
+        // connection fields are request-scoped once transfer tracking starts; socket counters cover earlier snapshots
+        got: conn.got || socket.bytesRead,
+        sent: conn.sent || socket.bytesWritten,
+        outSpeedKb: conn.outSpeedKb,
+        inSpeedKb: conn.inSpeedKb,
+        country: conn.country,
+        started,
+        secure: (secure || undefined), // undefined will save some space once json-ed
+        ...fromCtx(conn.ctx),
+    };
+}
+function fromCtx(ctx) {
+    if (!ctx)
+        return;
+    return {
+        user: (0, auth_1.getCurrentUsername)(ctx),
+        agent: (0, misc_1.shortenAgent)(ctx.get('user-agent')),
+        ...inferOperation(ctx)
+    };
+}
+function inferOperation(ctx) {
+    const s = ctx.state; // short alias
+    return {
+        archive: s.archive,
+        ...s.browsing ? { op: 'browsing', path: (0, misc_1.safeDecodeURIComponent)(s.browsing) }
+            : s.uploadPath ? { op: 'upload', path: (0, misc_1.safeDecodeURIComponent)(s.uploadPath) }
+                : {
+                    op: !s.considerAsGui && (ctx.state.archive || ctx.state.vfsNode) ? 'download' : undefined,
+                    path: (0, misc_1.safeDecodeURIComponent)(ctx.originalUrl),
+                },
+        opProgress: lodash_1.default.isNumber(s.opProgress) ? lodash_1.default.round(s.opProgress, 3) : undefined,
+        opTotal: s.opTotal,
+        opOffset: s.opOffset,
+    };
 }
 function getConnAddress(conn, overrideIp) {
     return {

package/src/api.net.js CHANGED Viewed

@@ -52,16 +52,17 @@ exports.default = {
             return new apiMiddleware_1.ApiError(const_1.HTTP_FAILED_DEPENDENCY, "no internal port");
         if (externalPort)
             try {
-                await nat_1.upnpClient.removeMapping({ public: { host: '', port: externalPort } });
+                await (0, nat_1.getUpnpClient)().removeMapping({ public: { host: '', port: externalPort } });
             }
             catch (e) {
                 return new apiMiddleware_1.ApiError(const_1.HTTP_SERVER_ERROR, "removeMapping failed: " + String(e));
             }
-        if (external) // must use the object form of 'public' to work around a bug of the library
-            await nat_1.upnpClient.createMapping({ private: internal || internalPort, public: { host: '', port: external }, description: 'hfs', ttl: 0 })
+        if (external)
+            await (0, nat_1.getUpnpClient)().createMapping((0, nat_1.upnpMappingParam)(internal || internalPort, external))
                 .catch(res => {
                 throw new apiMiddleware_1.ApiError(res.errorCode || const_1.HTTP_SERVER_ERROR, res.errorCode === 718 ? "Port not available" : res.errorDescription || res.message || "unknown error");
             });
+        nat_1.mappedPort.set(external || 0); // remember only successful HFS mappings
         return {};
     },
     async self_check({ url }) {

package/src/api.vfs.js CHANGED Viewed

@@ -225,7 +225,7 @@ exports.default = {
         for (const k of ['*', 'Directory']) {
             await (0, util_os_1.reg)('add', WINDOWS_REG_KEY.replace('*', k), '/ve', '/f', '/d', 'Add to HFS (new)');
             await (0, util_os_1.reg)('add', WINDOWS_REG_KEY.replace('*', k), '/v', 'icon', '/f', '/d', const_1.IS_BINARY ? process.execPath : const_1.APP_PATH + '\\hfs.ico');
-            await (0, util_os_1.reg)('add', WINDOWS_REG_KEY.replace('*', k) + '\\command', '/ve', '/f', '/d', `powershell -WindowStyle Hidden -Command "
+            await (0, util_os_1.reg)('add', WINDOWS_REG_KEY.replace('*', k) + '\\command', '/ve', '/f', '/d', `powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -WindowStyle Hidden -Command "
             [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12;
             $wsh = New-Object -ComObject Wscript.Shell;
             $j = @{parent=@'\n${parent}\n'@; source=@'\n%1\n'@} | ConvertTo-Json -Compress

package/src/commands.js CHANGED Viewed

@@ -1,5 +1,38 @@
 "use strict";
 // This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -17,7 +50,8 @@ const plugins_1 = require("./plugins");
 const fileAttr_1 = require("./fileAttr");
 const github_1 = require("./github");
 const cross_1 = require("./cross");
-const api_monitor_1 = __importDefault(require("./api.monitor"));
+const api_monitor_1 = __importStar(require("./api.monitor"));
+const connections_1 = require("./connections");
 const argv_1 = require("./argv");
 const listen_2 = require("./listen");
 let debugEnabled = argv_1.argv.debug || process.env.HFS_DEBUG || const_1.DEV;
@@ -191,11 +225,30 @@ const commands = {
         params: '',
         cb: fileAttr_1.purgeFileAttr,
     },
+    transfers: {
+        params: '',
+        cb() {
+            const transfers = (0, connections_1.getConnections)().map(api_monitor_1.serializeConnection).filter(x => x.op === 'upload' || x.op === 'download');
+            if (!transfers.length)
+                return console.log("No ongoing uploads/downloads");
+            console.table(transfers.map(x => ({
+                type: x.op,
+                progress: (0, cross_1.with_)(x.opProgress ?? x.opOffset, v => v == null ? '' : (0, cross_1.formatPerc)(v)),
+                transferred: (0, cross_1.formatBytes)(Math.max(x.sent || 0, x.got || 0)),
+                total: x.opTotal == null ? '' : (0, cross_1.formatBytes)(x.opTotal),
+                speed: (0, cross_1.formatSpeed)(Math.max(x.outSpeedKb || 0, x.inSpeedKb || 0) * 1000),
+                user: x.user,
+                path: x.path,
+            })));
+        }
+    },
     status: {
         params: '',
         async cb() {
             const ports = await (0, listen_2.getServerStatus)(false);
             console.log(lodash_1.default.map(ports, (x, k) => `${k.toUpperCase()} ${x.configuredPort < 0 ? "disabled" : x.listening ? `on port ${x.port}` : (x.error || "not working")}`).join(" – "));
+            const operations = lodash_1.default.countBy((0, connections_1.getConnections)(), x => x.ctx && (0, api_monitor_1.inferOperation)(x.ctx).op);
+            console.log(`Active downloads ↑ ${operations.download || 0} – uploads ↓ ${operations.upload || 0}`);
             const conn = (await api_monitor_1.default.get_connection_stats().next()).value;
             if (conn) {
                 const { sent_got: sg } = conn;