hfs 3.1.5 → 3.2.0-beta2

package/src/langs/hfs-lang-th.json

@@ -57,7 +57,8 @@
         "Create folder": "สร้างโฟลเดอร์",
         "Pick files": "เลือกไฟล์",
         "Pick folder": "เลือกโฟลเดอร์",
-        "send_files": "Send {n,plural,one{# file} other{# files}}, {size}",
+        "ready_to_upload": "{n,plural,one{# ไฟล์} other{# ไฟล์}}, {size}, พร้อมอัปโหลด",
+        "Send": "ส่ง",
         "Clear": "ล้าง",
         "failed_upload": "ไม่สามารถอัปโหลด {name}",
         "confirm_resume": "ดำเนินการอัปโหลดต่อหรือไม่?",

package/src/langs/hfs-lang-tr.json

@@ -57,7 +57,8 @@
         "Create folder": "Klasör Oluştur",
         "Pick files": "Dosya(lar)ı Seç",
         "Pick folder": "Klasör Seç",
-        "send_files": "{n,plural,one{# file} other{# files}} dosyayı gönder (UPLOAD), {size}",
+        "ready_to_upload": "{n,plural,one{# dosya} other{# dosya}}, {size}, yüklemeye hazır",
+        "Send": "Gönder",
         "Clear": "Temizle",
         "failed_upload": "{name} UPLOAD edilemedi (veri aktarım sorunu)",
         "confirm_resume": "UPLOAD kaldığı yerden devam etsin mi?",

package/src/langs/hfs-lang-uk.json

@@ -57,7 +57,8 @@
         "Create folder": "Створити теку",
         "Pick files": "Вибрати файли",
         "Pick folder": "Вибрати теку",
-        "send_files": "Завантажити {n,plural, one{# файл} few{# файли} many{# файлів}}, {size}",
+        "ready_to_upload": "{n,plural, one{# файл} few{# файли} many{# файлів}}, {size}, готово до завантаження",
+        "Send": "Завантажити",
         "Clear": "Очистити",
         "failed_upload": "Не вдалося завантажити {name}",
         "confirm_resume": "Відновити завантаження?",

package/src/langs/hfs-lang-vi.json

@@ -58,7 +58,8 @@
         "Create folder": "Tạo folder...",
         "Pick files": "Chọn file...",
         "Pick folder": "Chọn folder...",
-        "send_files": "Gửi {n,plural,one{# file} other{# file}}, {size}",
+        "ready_to_upload": "{n,plural,one{# file} other{# file}}, {size}, sẵn sàng tải lên",
+        "Send": "Gửi",
         "Clear": "Dọn.",
         "failed_upload": "Không thể upload {name}!",
         "confirm_resume": "Tiếp tục upload?",

package/src/langs/hfs-lang-zh-tw.json

@@ -57,7 +57,8 @@
         "Create folder": "建立資料夾",
         "Pick files": "選擇檔案",
         "Pick folder": "選擇資料夾",
-        "send_files": "開始上傳 {n,plural,one{# 個檔案} other{# 個檔案}}, {size}",
+        "ready_to_upload": "{n,plural,one{# 個檔案} other{# 個檔案}}, {size}，準備上傳",
+        "Send": "傳送",
         "Clear": "清空",
         "failed_upload": "無法上傳 {name}",
         "confirm_resume": "繼續上傳?",

package/src/langs/hfs-lang-zh.json

@@ -57,7 +57,8 @@
         "Create folder": "创建文件夹",
         "Pick files": "选择文件",
         "Pick folder": "选择文件夹",
-        "send_files": "开始上传 {n,plural,other{# 个文件}}，{size}",
+        "ready_to_upload": "{n,plural,other{# 个文件}}，{size}，准备上传",
+        "Send": "发送",
         "Clear": "清除",
         "failed_upload": "无法上传 {name}",
         "confirm_resume": "是否重命名？",

package/src/listen.js

@@ -68,6 +68,7 @@ const persistence_1 = require("./persistence");
 const argv_1 = require("./argv");
 const consoleLog_1 = require("./consoleLog");
 const first_1 = require("./first");
+const fileAttr_1 = require("./fileAttr");
 let httpSrv;
 let httpsSrv;
 // the update relaunch can keep a bridge process alive, so we proactively close listeners here to release ports before the next binary binds; do it before (5) the storage file is closed, because sockets write there
@@ -86,7 +87,7 @@ const commonServerOptions = {
 };
 // these are properties that can be assigned to the server object
 const commonServerAssign = { headersTimeout: 30_000, timeout: misc_1.MINUTE }; // 'headersTimeout' is not recognized by type lib, and 'timeout' is not effective when passed in parameters
-const readyToListen = Promise.all([persistence_1.storedMap.isOpening(), events_1.default.once('app')]);
+const readyToListen = Promise.all([persistence_1.storedMap.isOpening(), fileAttr_1.fileAttrDb.isOpening(), events_1.default.once('app')]);
 const considerHttp = (0, misc_1.debounceAsync)(async () => {
     await readyToListen;
     void stopServer(httpSrv);

package/src/log.js

@@ -38,6 +38,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.logMw = exports.loggers = void 0;
+exports.zipLogFile = zipLogFile;
 exports.getRotatedFiles = getRotatedFiles;
 const events_1 = require("events");
 const config_1 = require("./config");
@@ -48,6 +49,9 @@ const util_files_1 = require("./util-files");
 const auth_1 = require("./auth");
 const misc_1 = require("./misc");
 const path_1 = require("path");
+const yazl_1 = __importDefault(require("yazl"));
+const promises_1 = require("stream/promises");
+const promises_2 = require("fs/promises");
 const events_2 = __importDefault(require("./events"));
 const connections_1 = require("./connections");
 const index_1 = require("./index");
@@ -143,6 +147,7 @@ const logMw = async (ctx, next) => {
                 const newPath = (0, misc_1.strinsert)(path, path.length - (0, path_1.extname)(path).length, suffix);
                 try { // other logging requests shouldn't happen while we are renaming. Since this is very infrequent we can tolerate solving this by making it sync.
                     (0, fs_1.renameSync)(path, newPath);
+                    void zipLogFile(newPath, last).catch(console.error);
                 }
                 catch (e) { // ok, rename failed, but this doesn't mean we ain't gonna log
                     console.error(e.message || String(e));
@@ -177,7 +182,7 @@ const logMw = async (ctx, next) => {
         debounce(() => // once in a while we check if the file is still good (not deleted, etc), or we'll reopen it
          (0, util_files_1.statWithTimeout)(logger.path).catch(() => logger.reopen())); // async = smoother but we may lose some entries
         stream.write(util.format(format, ctx.ip, user || '-', date, ctx.method, uri, ctx.req.httpVersion, ctx.status, length?.toString() ?? '-', lodash_1.default.isEmpty(extra) ? '' : JSON.stringify(JSON.stringify(extra))));
-    });
+    }).catch(e => console.error('log completion:', e.message || String(e)));
 };
 exports.logMw = logMw;
 events_2.default.once('app', () => {
@@ -185,13 +190,33 @@ events_2.default.once('app', () => {
         lodash_1.default.merge(this.state, { logExtra: { ...anything, params } }); // params will be considered as parameters of the API
     };
 });
+async function zipLogFile(path, touch) {
+    const zipPath = path + '.zip';
+    try {
+        const zip = new yazl_1.default.ZipFile();
+        const output = (0, fs_1.createWriteStream)(zipPath);
+        zip.addFile(path, (0, path_1.basename)(path));
+        zip.end();
+        await (0, promises_1.pipeline)(zip.outputStream, output);
+    }
+    catch (e) {
+        await (0, promises_2.rm)(zipPath, { force: true }).catch(() => { });
+        throw e;
+    }
+    await (0, promises_2.utimes)(zipPath, touch, touch).catch(console.error);
+    await events_2.default.emitAsync('logRotated', { path, zipPath });
+    await (0, promises_2.unlink)(path).catch(console.error);
+}
 function doubleDigit(n) {
     return n > 9 ? n : '0' + n;
 }
 async function getRotatedFiles() {
     return Object.fromEntries(await Promise.all(exports.loggers.map(async (x) => {
         const mask = (0, misc_1.strinsert)(x.path, x.path.length - (0, path_1.extname)(x.path).length, '-2*'); // including 2, initial digit of the year, will only take rotated files and not "-error"
-        return [x.name, (await (0, fast_glob_1.default)(mask, { stats: true })).map(x => ({ path: x.path, size: x.stats?.size }))];
+        const list = await Promise.all(['', '.zip'].map(async (postfix) => // before 3.2 rotated logs were not zipped, and even today there's a very small (negligible) chance that the zipping fails
+         (await (0, fast_glob_1.default)(mask + postfix, { stats: true }))
+            .map(x => ({ path: x.path, size: x.stats?.size }))));
+        return [x.name, list.flat()];
     })));
 }
 // dump console.error to file

package/src/middlewares.js

@@ -52,7 +52,6 @@ const headRequests = async (ctx, next) => {
 exports.headRequests = headRequests;
 let proxyDetected;
 const someSecurity = (ctx, next) => {
-    ctx.request.ip = (0, connections_1.normalizeIp)(ctx.ip);
     const ss = ctx.session;
     if (ss?.username && !ss?.[misc_1.ALLOW_SESSION_IP_CHANGE])
         if (!ss.ip)
@@ -91,6 +90,8 @@ function getProxyDetected() {
     return proxyDetected && { from: proxyDetected.socket.remoteAddress, for: proxyDetected.get('X-Forwarded-For') };
 }
 const prepareState = async (ctx, next) => {
+    // normalize once so auth, filters and logging agree on the same client address
+    ctx.request.ip = (0, connections_1.normalizeIp)(ctx.ip);
     const s = ctx.session;
     if (s?.username) {
         if (s.ts < auth_1.invalidateSessionBefore.get(s?.username))
@@ -99,7 +100,8 @@ const prepareState = async (ctx, next) => {
     }
     // calculate these once and for all
     ctx.state.connection = (0, connections_1.socket2connection)(ctx.socket);
-    let a = await urlLogin() || await getHttpAccount();
+    // explicit credentials and existing sessions must take precedence, so a matching IP cannot override a chosen account
+    let a = await urlLogin() || await getHttpAccount() || !s?.username && autoLogin();
     const loggedInNotBySession = a;
     ctx.state.account = a ||= (0, perm_1.getAccount)(s?.username, false); // with least precedence, we consider session
     if (a)
@@ -133,6 +135,10 @@ const prepareState = async (ctx, next) => {
         }
         catch { }
     }
+    function autoLogin() {
+        // keep the mask direct so group inheritance cannot make identity depend on account order
+        return Object.values(perm_1.accounts.get()).find(a => (0, perm_1.accountCanLogin)(a) && a.auto_login_net && (0, misc_1.netMatches)(ctx.ip, a.auto_login_net, true));
+    }
 };
 exports.prepareState = prepareState;
 function failAllowNet(ctx, a) {

package/src/misc.js

@@ -26,6 +26,7 @@ exports.same = same;
 exports.asyncGeneratorToReadable = asyncGeneratorToReadable;
 exports.apiAssertTypes = apiAssertTypes;
 exports.createStreamLimiter = createStreamLimiter;
+exports.retrySync = retrySync;
 const path_1 = require("path");
 __exportStar(require("./util-http"), exports);
 __exportStar(require("./util-files"), exports);
@@ -155,3 +156,16 @@ function createStreamLimiter(limit) {
         }
     });
 }
+function retrySync(cb, attempts = 20, sleep = 500) {
+    const sleepSyncBuffer = new Int32Array(new SharedArrayBuffer(4));
+    for (let retry = 0;; retry++) {
+        try {
+            return cb();
+        }
+        catch (e) {
+            if (e?.code !== 'EBUSY' || retry >= attempts)
+                throw e;
+            Atomics.wait(sleepSyncBuffer, 0, 0, sleep);
+        }
+    }
+}

package/src/nat.js

@@ -3,7 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getNatInfo = exports.getPublicIps = exports.upnpClient = exports.defaultBaseUrl = void 0;
+exports.getNatInfo = exports.getPublicIps = exports.upnpEnabled = exports.mappedPort = exports.defaultBaseUrl = void 0;
+exports.upnpMappingParam = upnpMappingParam;
+exports.getUpnpClient = getUpnpClient;
 const valtio_1 = require("valtio");
 const nat_upnp_1 = require("@rejetto/nat-upnp");
 const debounceAsync_1 = require("./debounceAsync");
@@ -16,6 +18,7 @@ const net_1 = require("net");
 const listen_1 = require("./listen");
 const child_process_1 = require("child_process");
 const const_1 = require("./const");
+const config_1 = require("./config");
 exports.defaultBaseUrl = (0, valtio_1.proxy)({
     proto: 'http',
     publicIps: [],
@@ -30,20 +33,23 @@ exports.defaultBaseUrl = (0, valtio_1.proxy)({
         return `${this.proto}://${(0, cross_1.ipForUrl)(ip || 'localhost')}${!port || port === defPort ? '' : ':' + port}`;
     }
 });
-exports.upnpClient = new nat_upnp_1.Client({ timeout: 4_000 });
-const originalMethod = exports.upnpClient.getGateway;
-// other client methods call getGateway too, so this will ensure they reuse this same result
-exports.upnpClient.getGateway = (0, debounceAsync_1.debounceAsync)(() => originalMethod.apply(exports.upnpClient), { retain: cross_1.HOUR, retainFailure: 30_000 });
-exports.upnpClient.getGateway().then(res => {
-    console.log("UPnP found", res.gateway.description);
-}, e => console.debug('UPnP failed:', e.message || String(e)));
-// poll external ip – asking the modem is cheap, so it can be done often
-(0, cross_1.repeat)(cross_1.MINUTE, () => exports.upnpClient.getPublicIp().then(v => {
-    if (v === exports.defaultBaseUrl.externalIp)
+exports.mappedPort = (0, config_1.defineConfig)('mapped_port', 0);
+exports.upnpEnabled = (0, config_1.defineConfig)(cross_1.CFG.upnp_enabled, true);
+let upnpClient;
+// poll external ip – when UPnP is enabled, asking the modem is inexpensive, so it can be done often
+(0, cross_1.repeat)(cross_1.MINUTE, async () => {
+    if (!await exports.upnpEnabled.getWhenReady())
+        return;
+    const v = await getUpnpClient().getPublicIp().catch(() => '');
+    if (!v || v === exports.defaultBaseUrl.externalIp)
         return;
     exports.getPublicIps.clearRetain();
-    return exports.defaultBaseUrl.externalIp = v;
-}, () => { }));
+    exports.defaultBaseUrl.externalIp = v;
+});
+function upnpMappingParam(privatePort, publicPort, description = 'hfs', ttl = 0) {
+    // nat-upnp-rejetto requires the object form of `public` to preserve the host field correctly
+    return { private: privatePort, public: { host: '', port: publicPort }, description, ttl };
+}
 exports.getPublicIps = (0, debounceAsync_1.debounceAsync)(async () => {
     const res = await (0, github_1.getProjectInfo)();
     const groupedByVersion = Object.values(lodash_1.default.groupBy(res.publicIpServices, x => x.v ?? 4));
@@ -70,25 +76,36 @@ exports.getPublicIps = (0, debounceAsync_1.debounceAsync)(async () => {
             throw "no good";
         return validIps;
     }))));
-    return exports.defaultBaseUrl.publicIps = lodash_1.default.uniq(ips.flat());
+    const ret = exports.defaultBaseUrl.publicIps = lodash_1.default.uniq(ips.flat());
+    if (!ret.length) // don't keep empty results for long
+        setTimeout(() => exports.getPublicIps.clearRetain(), 5_000);
+    return ret;
 }, { retain: 10 * cross_1.MINUTE });
 exports.getNatInfo = (0, debounceAsync_1.debounceAsync)(async () => {
+    const upnp = await exports.upnpEnabled.getWhenReady() ? getUpnpClient() : null;
     const gatewayIpPromise = findGateway().catch(() => undefined);
-    const res = await (0, cross_1.haveTimeout)(10_000, exports.upnpClient.getGateway()).catch(() => null);
+    const gw = upnp && await (0, cross_1.haveTimeout)(10_000, upnp.getGateway()).catch(() => null);
     const status = await (0, listen_1.getServerStatus)();
-    const mappings = res && await (0, cross_1.haveTimeout)(5_000, exports.upnpClient.getMappings()).catch(() => null);
-    console.debug("Mappings found:", mappings?.map(x => x.description).join(', ') || "none");
+    let mappings = gw && await (0, cross_1.haveTimeout)(5_000, upnp.getMappings())?.catch(() => null);
+    console.debug(gw ? "Mappings found:" : "Mappings not queried:", mappings?.map(x => x.description).join(', ') || (gw ? "none" : upnp ? "gateway not found" : "UPnP disabled"));
     const localIps = await (0, listen_1.getIps)(false);
     const gatewayIp = await gatewayIpPromise;
-    const localIp = res?.address || (gatewayIp ? lodash_1.default.maxBy(localIps, x => (0, cross_1.inCommon)(x, gatewayIp)) : localIps[0]);
+    const localIp = gw?.address || (gatewayIp ? lodash_1.default.maxBy(localIps, x => (0, cross_1.inCommon)(x, gatewayIp)) : localIps[0]);
     const internalPort = status?.https?.listening && status.https.port || status?.http?.listening && status.http.port || undefined;
-    const mapped = lodash_1.default.find(mappings, x => x.private.host === localIp && x.private.port === internalPort);
+    let mapped = lodash_1.default.find(mappings, x => x.private.host === localIp && x.private.port === internalPort);
+    if (upnp && mappings && localIp && internalPort && !mapped && exports.mappedPort.get())
+        // restore the HFS-created mapping after routers that forget UPnP state across reboots
+        await (0, cross_1.haveTimeout)(5_000, upnp.createMapping(upnpMappingParam(internalPort, exports.mappedPort.get()))).then(async () => {
+            // confirm router state after restore instead of trusting the AddPortMapping result
+            mappings = await (0, cross_1.haveTimeout)(5_000, upnp.getMappings());
+            mapped = lodash_1.default.find(mappings, x => x.private.host === localIp && x.private.port === internalPort);
+        }).catch(e => console.warn('UPnP mapping restore failed:', e?.message || String(e)));
     const externalPort = mapped?.public.port;
     if (localIp)
         exports.defaultBaseUrl.localIp = localIp;
     exports.defaultBaseUrl.port = externalPort || internalPort || 0;
     return {
-        upnp: Boolean(res),
+        upnp: Boolean(gw),
         localIp,
         gatewayIp,
         externalIp: exports.defaultBaseUrl.externalIp,
@@ -99,7 +116,30 @@ exports.getNatInfo = (0, debounceAsync_1.debounceAsync)(async () => {
         proto: status?.https?.listening ? 'https' : status?.http?.listening ? 'http' : '',
     };
 }, { reuseRunning: true });
-(0, exports.getNatInfo)();
+exports.upnpEnabled.sub(v => {
+    exports.getNatInfo.clearRetain();
+    if (v) {
+        getUpnpClient().getGateway().then(res => console.log("UPnP found", res.gateway.description), e => console.debug('UPnP failed:', e.message || String(e)));
+        return;
+    }
+    // closing the client guarantees the disabled setting also stops any existing SSDP socket
+    upnpClient?.close();
+    upnpClient = undefined;
+    exports.defaultBaseUrl.externalIp = '';
+    exports.getPublicIps.clearRetain();
+});
+config_1.configReady.then(exports.getNatInfo).catch(() => { });
+function getUpnpClient() {
+    if (!exports.upnpEnabled.get()) // keep this guard upstream so disabled UPnP cannot leak SSDP traffic through callers
+        throw Error("UPnP disabled");
+    if (!upnpClient) {
+        upnpClient = new nat_upnp_1.Client({ timeout: 4_000 });
+        const originalMethod = upnpClient.getGateway;
+        // other client methods call getGateway too, so this will ensure they reuse this same result
+        upnpClient.getGateway = (0, debounceAsync_1.debounceAsync)(() => originalMethod.apply(upnpClient), { retain: cross_1.HOUR, retainFailure: 30_000 });
+    }
+    return upnpClient;
+}
 function findGateway() {
     return new Promise((resolve, reject) => (0, child_process_1.exec)(const_1.IS_WINDOWS || const_1.IS_MAC ? 'netstat -rn' : 'route -n', (err, out) => {
         if (err)

package/src/outboundProxy.js

@@ -22,7 +22,7 @@ const outboundProxy = (0, config_1.defineConfig)(cross_1.CFG.outbound_proxy, '',
         return '';
     }
 });
-config_1.configReady.then(async ([startedWithoutConfig]) => {
+config_1.configReady.then(async (startedWithoutConfig) => {
     if (!const_1.IS_WINDOWS || !startedWithoutConfig)
         return;
     // try to read Windows system setting for proxy

package/src/perm.js

@@ -18,6 +18,7 @@ exports.addAccount = addAccount;
 exports.delAccount = delAccount;
 exports.getFromAccount = getFromAccount;
 exports.accountHasPassword = accountHasPassword;
+exports.accountHasLoginMethod = accountHasLoginMethod;
 exports.accountCanLogin = accountCanLogin;
 exports.accountIsDisabled = accountIsDisabled;
 exports.accountCanLoginAdmin = accountCanLoginAdmin;
@@ -208,8 +209,11 @@ function getFromAccount(account, getter) {
 function accountHasPassword(account) {
     return Boolean(account.password || account.srp);
 }
+function accountHasLoginMethod(account) {
+    return Boolean(accountHasPassword(account) || account.plugin?.auth || account.auto_login_net);
+}
 function accountCanLogin(account) {
-    return (accountHasPassword(account) || account.plugin?.auth) && !accountIsDisabled(account);
+    return accountHasLoginMethod(account) && !accountIsDisabled(account);
 }
 function accountIsDisabled(account) {
     return Boolean(account.disabled

package/src/plugins.js

@@ -157,9 +157,30 @@ async function initPlugin(pl, morePassedToInit) {
     const timeouts = [];
     const controlledEvents = Object.create(events_1.default, (0, misc_1.objFromKeys)(['on', 'once', 'multi'], k => ({
         value() {
+            if (k === 'multi')
+                arguments[0] = (0, misc_1.objSameKeys)(arguments[0], trap);
+            else
+                arguments[1] = trap(arguments[1]);
             const ret = events_1.default[k](...arguments);
             undoEvents.push(ret);
             return ret;
+            function trap(cb) {
+                return (...args) => {
+                    try {
+                        if (!lodash_1.default.isFunction(cb))
+                            return;
+                        const ret = cb(...args);
+                        return ret instanceof Promise ? ret.catch(printError) : ret;
+                    }
+                    catch (e) {
+                        printError(e);
+                    }
+                    function printError(e) {
+                        const { event } = args.at(-1);
+                        console.error(`plugin ${morePassedToInit?.id || '?'} on event ${event}:`, e);
+                    }
+                };
+            }
         }
     })));
     const res = await pl.init?.({
@@ -174,8 +195,16 @@ async function initPlugin(pl, morePassedToInit) {
             timeouts.push(ret); // intervals can be canceled by clearTimeout (source: MDN)
             return ret;
         },
-        setTimeout() {
-            const ret = setTimeout(...arguments);
+        setTimeout(cb, delay = 0, ...args) {
+            let ret;
+            if (lodash_1.default.isFunction(cb)) {
+                const original = cb;
+                cb = function () {
+                    lodash_1.default.pull(timeouts, ret);
+                    return original.apply(this, args);
+                };
+            }
+            ret = setTimeout(cb, delay, ...args); // 'any' to allow build of frontend and admin
             timeouts.push(ret);
             return ret;
         },
@@ -426,17 +455,17 @@ async function rescan() {
     const patterns = [exports.PATH + '/*'];
     if (const_1.APP_PATH !== process.cwd())
         patterns.unshift((0, misc_1.escapeGlobPath)(const_1.APP_PATH) + '/' + patterns[0]); // first search bundled plugins, because otherwise they won't be loaded because of the folders with same name in .hfs/plugins (used for storage)
-    const existing = [];
+    const existing = new Set();
     for (const { path, dirent } of await (0, fast_glob_1.default)(patterns, { onlyFiles: false, suppressErrors: true, objectMode: true })) {
         if (!dirent.isDirectory() || path.endsWith(exports.DISABLING_SUFFIX))
             continue;
         const id = path.split('/').slice(-1)[0];
-        existing.push(id);
+        existing.add(id);
         if (!pluginWatchers.has(id))
             pluginWatchers.set(id, watchPlugin(id, (0, path_1.join)(path, exports.PLUGIN_MAIN_FILE)));
     }
     for (const [id, cancelWatcher] of pluginWatchers.entries())
-        if (!existing.includes(id)) {
+        if (!existing.has(id)) {
             enablePlugin(id, false);
             cancelWatcher();
             pluginWatchers.delete(id);

package/src/roots.js

@@ -32,7 +32,7 @@ const rootsMiddleware = (ctx, next) => (() => {
     }
     if (lodash_1.default.isEmpty(exports.roots.get()))
         return;
-    const root = ctx.state.root = exports.roots.compiled()?.(ctx.host);
+    const root = ctx.state.root = exports.roots.compiled()(ctx.host);
     if (!ctx.state.skipFilters && forceAddress.get()
         && root === undefined && !(0, misc_1.isLocalHost)(ctx) && ctx.host !== listen_1.baseUrl.compiled())
         return (0, connections_1.disconnect)(ctx, forceAddress.key()); // returning truthy will not call next

package/src/selfCheck.js

@@ -38,7 +38,8 @@ async function selfCheck(url) {
                     console.debug(svc);
                     body = applySymbols(body);
                     serviceUrl = applySymbols(serviceUrl);
-                    const res = await (0, cross_1.haveTimeout)(8_000, (0, util_http_1.httpString)(serviceUrl, { family, ...rest, body }));
+                    const timeout = 8_000;
+                    const res = await (0, cross_1.haveTimeout)(timeout, (0, util_http_1.httpString)(serviceUrl, { family, timeout, ...rest, body }));
                     const success = new RegExp(regexpSuccess).test(res);
                     const failure = new RegExp(regexpFailure).test(res);
                     if (success === failure)

package/src/serveGuiAndSharedFiles.js

@@ -28,6 +28,7 @@ const comments_1 = require("./comments");
 const basicWeb_1 = require("./basicWeb");
 const icons_1 = require("./icons");
 const plugins_1 = require("./plugins");
+const roots_1 = require("./roots");
 const serveFrontendFiles = (0, serveGuiFiles_1.serveGuiFiles)(process.env.FRONTEND_PROXY, cross_const_1.FRONTEND_URI);
 const serveFrontendPrefixed = (0, koa_mount_1.default)(cross_const_1.FRONTEND_URI.slice(0, -1), serveFrontendFiles);
 const serveAdminFiles = (0, serveGuiFiles_1.serveGuiFiles)(process.env.ADMIN_PROXY, cross_const_1.ADMIN_URI);
@@ -110,6 +111,7 @@ const serveSharedFiles = async (ctx, next) => {
             if ((await events_1.default.emitAsync('deleting', { node, ctx }))?.isDefaultPrevented())
                 return ctx.status = cross_const_1.HTTP_FAILED_DEPENDENCY;
             await (0, promises_1.rm)(source, { recursive: true });
+            await (0, misc_1.deleteStoredFileAttrs)(source);
             void (0, comments_1.setCommentFor)(source, ''); // necessary only to clean a possible descript.ion or kvstorage
             return ctx.status = cross_const_1.HTTP_OK;
         }
@@ -118,11 +120,10 @@ const serveSharedFiles = async (ctx, next) => {
             return ctx.status = cross_const_1.HTTP_SERVER_ERROR;
         }
     }
-    if (node.default && path.endsWith('/') && !get) { // final/ needed on browser to make resource urls correctly with html pages
-        const found = await (0, vfs_1.urlToNode)(node.default, ctx, node);
-        if (found && /\.html?/i.test(node.default))
+    if (path.endsWith('/') && !get) { // final slash needed on browsers to make resource urls working with html pages
+        const found = await (0, vfs_1.getDefaultFile)(node, ctx);
+        if (found && /\.html?/i.test((0, vfs_1.getNodeName)(node = found)))
             ctx.state.considerAsGui = true;
-        node = found ?? node;
     }
     if (get === 'icon')
         return (0, serveFile_1.serveFile)(ctx, node.icon || '|'); // pipe to cause not-found
@@ -159,9 +160,19 @@ async function sendFolderList(node, ctx) {
     ctx.type = 'text';
     if (prepend === undefined || prepend === '*') { // * = force auto-detection even if we have baseUrl set
         const { URL } = ctx;
-        const base = prepend === undefined && listen_1.baseUrl.get()
-            || URL.protocol + '//' + URL.host + ctx.state.revProxyPath;
-        prepend = base + (0, misc_1.pathEncode)(decodeURI(ctx.path)); // redo the encoding our way, keeping unicode chars unchanged
+        const requestBase = URL.protocol + '//' + URL.host + ctx.state.revProxyPath;
+        const configuredBaseUrl = prepend === undefined && listen_1.baseUrl.get();
+        const configuredRoot = configuredBaseUrl && roots_1.roots.compiled()(listen_1.baseUrl.compiled() || '');
+        const pathInConfiguredRoot = configuredRoot && (configuredRoot === '/' ? ctx.path
+            : ctx.path.startsWith(configuredRoot) ? ctx.path.slice(configuredRoot.length - 1)
+                : ctx.path === configuredRoot.slice(0, -1) ? '/'
+                    : false);
+        // base_url may expose a host-rooted home; use it only for VFS paths inside that host root
+        const [base, path] = !configuredBaseUrl ? [requestBase, ctx.path]
+            : pathInConfiguredRoot === false ? [requestBase, ctx.path]
+                : [configuredBaseUrl, pathInConfiguredRoot || ctx.path];
+        // redo the encoding our way, keeping unicode chars unchanged. decode each segment separately because decodeURI preserves reserved escapes like %3A, which pathEncode would double-encode
+        prepend = base + (0, misc_1.pathDecodeSegments)(path, misc_1.pathEncode);
     }
     const walker = (0, vfs_1.walkNode)(node, { ctx, depth: depth === '*' ? Infinity : Number(depth), parallelizeRecursion: false }); // parallelization produces out-of-order results, and we don't want it like that here
     ctx.body = (0, misc_1.asyncGeneratorToReadable)((0, misc_1.filterMapGenerator)(walker, async (el) => {

package/src/serveGuiFiles.js

@@ -39,7 +39,7 @@ function serveStatic(uri) {
             return ctx.status = const_1.HTTP_METHOD_NOT_ALLOWED;
         const serveApp = shouldServeApp(ctx);
         const fullPath = (0, path_1.join)(__dirname, '..', folder, serveApp ? '/index.html' : ctx.path);
-        const content = await (0, misc_1.parseFile)(fullPath, raw => serveApp || !raw.length ? raw : adjustBundlerLinks(ctx, uri, raw))
+        const content = await (0, misc_1.parseFile)(fullPath, raw => serveApp || !raw.length ? raw : adjustBundlerLinks(ctx, uri, raw), 1000)
             .catch(e => {
             if (e?.code !== 'ENOENT') // not supposed to happen, and yet a user reported a strange behavior
                 console.error(`serveStatic/parseFile: ${String(e)}`);
@@ -170,6 +170,7 @@ function serveProxied(port, uri) {
     let proxy;
     import('koa-better-http-proxy').then(lib => // dynamic import to avoid having this in final distribution
      proxy = lib.default('127.0.0.1:' + port, {
+        parseReqBody: false, // the dev GUI proxy serves app/assets, so avoid koa-better-http-proxy trying to reread ctx.req
         proxyReqPathResolver: (ctx) => shouldServeApp(ctx) ? '/' : ctx.path,
         userResDecorator(res, data, ctx) {
             return shouldServeApp(ctx) ? treatIndex(ctx, uri, String(data))

package/src/update.js

@@ -27,6 +27,7 @@ const first_1 = require("./first");
 const persistence_1 = require("./persistence");
 const lodash_1 = __importDefault(require("lodash"));
 const argv_1 = require("./argv");
+const promises_2 = require("stream/promises");
 const updateToBeta = (0, config_1.defineConfig)('update_to_beta', false);
 const autoCheckUpdate = (0, config_1.defineConfig)('auto_check_update', true);
 const lastCheckUpdate = persistence_1.storedMap.singleSync('lastCheckUpdate', 0);
@@ -127,9 +128,7 @@ async function update(tagOrUrl = '') {
             throw "No update has been found";
         const plat = '-' + (0, misc_1.xlate)(process.platform, { win32: 'windows', darwin: 'mac' });
         const assetSearch = `${plat}-${process.arch}`;
-        const legacyAssetSearch = `${plat}${(0, misc_1.prefix)('-', (0, misc_1.xlate)(process.arch, { x64: '', arm64: 'arm' }))}.zip`; // legacy pre-0.53.0-rc16
-        const asset = update.assets.find((x) => x.name.includes(assetSearch) && x.name.endsWith('.zip'))
-            || update.assets.find((x) => x.name.endsWith(legacyAssetSearch));
+        const asset = update.assets.find((x) => x.name.includes(assetSearch) && x.name.endsWith('.zip'));
         if (!asset)
             throw `Asset not found: ${assetSearch}`;
         url = asset.browser_download_url;
@@ -139,7 +138,13 @@ async function update(tagOrUrl = '') {
         const temp = LOCAL_UPDATE + '-temp';
         await (0, promises_1.rm)(temp, { force: true });
         try {
-            await (0, promises_1.writeFile)(temp, await (0, misc_1.httpStream)(url));
+            const stream = await (0, misc_1.httpStream)(url);
+            const total = Number(stream.headers['content-length']) || 0;
+            let downloadedSize = 0;
+            const progress = total && setInterval(() => console.log("Download progress", (0, misc_1.formatPerc)(downloadedSize / total)), 5_000);
+            stream.on('data', chunk => downloadedSize += chunk.length);
+            await (0, promises_2.pipeline)(stream, (0, fs_1.createWriteStream)(temp))
+                .finally(() => clearInterval(progress));
         }
         catch (e) {
             await (0, promises_1.rm)(temp).catch(() => { }); // no leftovers
@@ -182,7 +187,7 @@ async function update(tagOrUrl = '') {
             (0, fs_1.renameSync)(bin, oldBin);
             if (!preserveTerminal) {
                 try {
-                    renameSyncWithBusyRetry(newBin, (0, path_1.join)(binPath, binFile));
+                    (0, misc_1.retrySync)(() => (0, fs_1.renameSync)(newBin, (0, path_1.join)(binPath, binFile)));
                 }
                 catch (e) {
                     try {
@@ -209,19 +214,6 @@ async function update(tagOrUrl = '') {
         throw e?.message || String(e);
     }
 }
-function renameSyncWithBusyRetry(src, dest) {
-    const sleepSyncBuffer = new Int32Array(new SharedArrayBuffer(4));
-    for (let retry = 0;; retry++) {
-        try {
-            return (0, fs_1.renameSync)(src, dest);
-        }
-        catch (e) {
-            if (e?.code !== 'EBUSY' || retry >= 20)
-                throw e;
-            Atomics.wait(sleepSyncBuffer, 0, 0, 500);
-        }
-    }
-}
 if (argv_1.argv.updating) { // we were launched with a temporary name, restore original name to avoid breaking references
     const bin = process.execPath;
     const dest = (0, path_1.join)((0, path_1.dirname)(bin), argv_1.argv.updating);