npm - hfs - Versions diffs - 3.1.5 → 3.2.0-beta2 - Mend

hfs 3.1.5 → 3.2.0-beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (224) hide show

package/admin/assets/af-DWEYq388.js +1 -0
package/admin/assets/am-DgLbAgj6.js +1 -0
package/admin/assets/ar-DgEWkO74.js +1 -0
package/admin/assets/ar-dz-DHq--Sr8.js +1 -0
package/admin/assets/ar-iq-D1r3nsb9.js +1 -0
package/admin/assets/ar-kw-C85fGHwp.js +1 -0
package/admin/assets/ar-ly-Bq6pjGjs.js +1 -0
package/admin/assets/ar-ma-SGvmh6Mj.js +1 -0
package/admin/assets/ar-sa-Bv8hiFi6.js +1 -0
package/admin/assets/ar-tn-Bdvo77v3.js +1 -0
package/admin/assets/az-7fPndoov.js +1 -0
package/admin/assets/be-wjXeIeAK.js +1 -0
package/admin/assets/bg-DZwBvjzH.js +1 -0
package/admin/assets/bi-qCtxvMhO.js +1 -0
package/admin/assets/bm-BVPWvreb.js +1 -0
package/admin/assets/bn-CdWvye7d.js +1 -0
package/admin/assets/bn-bd-B5-3blmz.js +1 -0
package/admin/assets/bo-BEVcgyN2.js +1 -0
package/admin/assets/br-DGQD6fFs.js +1 -0
package/admin/assets/bs-So4MoRua.js +1 -0
package/admin/assets/ca-Bk5ytG4g.js +1 -0
package/admin/assets/cs-C4NU8eW-.js +1 -0
package/admin/assets/cv-Ct-s-zrW.js +1 -0
package/admin/assets/cy-ojtDPj8_.js +1 -0
package/admin/assets/da-CYGin6vm.js +1 -0
package/admin/assets/de-BEbJ01zH.js +1 -0
package/admin/assets/de-at-C7UwE1rJ.js +1 -0
package/admin/assets/de-ch-CsZ7YQc_.js +1 -0
package/admin/assets/dv-DaVliwLd.js +1 -0
package/admin/assets/el-DM_KqKEP.js +1 -0
package/admin/assets/en-DedtOfaf.js +1 -0
package/admin/assets/en-au-52Bzk5D9.js +1 -0
package/admin/assets/en-ca-3pzEPK2N.js +1 -0
package/admin/assets/en-gb-BrwDQS2G.js +1 -0
package/admin/assets/en-ie-BUXSHrkL.js +1 -0
package/admin/assets/en-il-a22drDCn.js +1 -0
package/admin/assets/en-in-BUjecjkp.js +1 -0
package/admin/assets/en-nz-Bbo7tnB_.js +1 -0
package/admin/assets/en-sg-CZVDddmd.js +1 -0
package/admin/assets/en-tt-DmSGwRia.js +1 -0
package/admin/assets/eo-B71nkHZU.js +1 -0
package/admin/assets/es-Dk6VCuuk.js +1 -0
package/admin/assets/es-do-DMErY8ol.js +1 -0
package/admin/assets/es-mx-BMRmqa3u.js +1 -0
package/admin/assets/es-pr-CtBQz48p.js +1 -0
package/admin/assets/es-us-CrDl5pnO.js +1 -0
package/admin/assets/et-CO9OHqio.js +1 -0
package/admin/assets/eu-Bip44atW.js +1 -0
package/admin/assets/fa-CHbJ_dTM.js +1 -0
package/admin/assets/fi-DKfoLmaQ.js +1 -0
package/admin/assets/fo-DG1kOEfw.js +1 -0
package/admin/assets/fr-DV73GZR4.js +1 -0
package/admin/assets/fr-ca-BK-RoZiC.js +1 -0
package/admin/assets/fr-ch-DjqEC5E_.js +1 -0
package/admin/assets/fy-znrRQdeC.js +1 -0
package/admin/assets/ga-BlZeKu0N.js +1 -0
package/admin/assets/gd-BmrycMnC.js +1 -0
package/admin/assets/gl-CuT8e5mi.js +1 -0
package/admin/assets/gom-latn-BSWVd0A6.js +1 -0
package/admin/assets/gu-BHK6LfvD.js +1 -0
package/admin/assets/he-DPoTUevR.js +1 -0
package/admin/assets/hi-BRuLafoW.js +1 -0
package/admin/assets/hr-Bzge-10P.js +1 -0
package/admin/assets/ht-Ck9BCna1.js +1 -0
package/admin/assets/hu-CzqqbYmU.js +1 -0
package/admin/assets/hy-am-C-eV4E8v.js +1 -0
package/admin/assets/id-Dv8GZQvB.js +1 -0
package/admin/assets/{index-DTxjaflW.js → index-BPIX0qPj.js} +1 -1
package/admin/assets/index-CFWd-FDo.css +1 -0
package/admin/assets/index-D3HviM6x.js +889 -0
package/admin/assets/is-CK6VY3M_.js +1 -0
package/admin/assets/it-1gtki4a5.js +1 -0
package/admin/assets/it-ch-C0Mj3-pC.js +1 -0
package/admin/assets/ja-Dl3AfnM1.js +1 -0
package/admin/assets/jv-CznX-tGV.js +1 -0
package/admin/assets/ka-BNjZxCug.js +1 -0
package/admin/assets/kk-80J_xldf.js +1 -0
package/admin/assets/km-CuWChDRB.js +1 -0
package/admin/assets/kn-BZp_PBdl.js +1 -0
package/admin/assets/ko-RirpyUl_.js +1 -0
package/admin/assets/ku-Dz8ACD5w.js +1 -0
package/admin/assets/ky-BN3ylOhj.js +1 -0
package/admin/assets/lb-D7h_YoEn.js +1 -0
package/admin/assets/lo-BrlbTUPD.js +1 -0
package/admin/assets/lt-cXuHFdTa.js +1 -0
package/admin/assets/lv-CjIpv13Q.js +1 -0
package/admin/assets/me-B-jTh39Z.js +1 -0
package/admin/assets/mi-D06xdVmt.js +1 -0
package/admin/assets/mk-iLbuxyOf.js +1 -0
package/admin/assets/ml-2W0y6Zb2.js +1 -0
package/admin/assets/mn-6zbvKjeb.js +1 -0
package/admin/assets/mr-7-jrgLyw.js +1 -0
package/admin/assets/ms-CRH6rEXt.js +1 -0
package/admin/assets/ms-my-BIJmu2S-.js +1 -0
package/admin/assets/mt-CbXmxK-D.js +1 -0
package/admin/assets/my-BvMUsxU8.js +1 -0
package/admin/assets/nb-DvKHgF7L.js +1 -0
package/admin/assets/ne-DiZZ3Lm6.js +1 -0
package/admin/assets/nl-be-Dy7PYRbC.js +1 -0
package/admin/assets/nl-t_2A_VAT.js +1 -0
package/admin/assets/nn-Cw7EwosO.js +1 -0
package/admin/assets/oc-lnc-CuFfB75K.js +1 -0
package/admin/assets/pa-in-DOFyZ-Ft.js +1 -0
package/admin/assets/pl-BD7FyCJj.js +1 -0
package/admin/assets/pt-DSKLLE_u.js +1 -0
package/admin/assets/pt-br-BhL4gb5Z.js +1 -0
package/admin/assets/rn-DoHoZZPd.js +1 -0
package/admin/assets/ro-B0v-_lH0.js +1 -0
package/admin/assets/ru-BMVOk5eA.js +1 -0
package/admin/assets/rw-CWF0w6eL.js +1 -0
package/admin/assets/sd-DO2rrjch.js +1 -0
package/admin/assets/se-CAolO9WQ.js +1 -0
package/admin/assets/{sha512-D936QW8l.js → sha512-ZlUYj4Hr.js} +1 -1
package/admin/assets/si-D03dHfb5.js +1 -0
package/admin/assets/sk-_GcZGaN3.js +1 -0
package/admin/assets/sl-Cb1lUGab.js +1 -0
package/admin/assets/sq-Czzt23Tr.js +1 -0
package/admin/assets/sr-D76dVqKJ.js +1 -0
package/admin/assets/sr-cyrl-CuoFbJjW.js +1 -0
package/admin/assets/ss-g-fGaM29.js +1 -0
package/admin/assets/sv-CZxc8I45.js +1 -0
package/admin/assets/sv-fi-D8REJeLz.js +1 -0
package/admin/assets/sw-B1n3PjWG.js +1 -0
package/admin/assets/ta-K5mexJNT.js +1 -0
package/admin/assets/te-DT6dj5B6.js +1 -0
package/admin/assets/tet-DXwYNm_H.js +1 -0
package/admin/assets/tg-BCcZKcE2.js +1 -0
package/admin/assets/th-CeeeseFX.js +1 -0
package/admin/assets/tk-CJ6KW44d.js +1 -0
package/admin/assets/tl-ph-DzE8lDmm.js +1 -0
package/admin/assets/tlh-ER6KiMxG.js +1 -0
package/admin/assets/tr-D48NGNpr.js +1 -0
package/admin/assets/tzl-5AsmDTYM.js +1 -0
package/admin/assets/tzm-2AzZ1YPf.js +1 -0
package/admin/assets/tzm-latn-Cd5hPQuT.js +1 -0
package/admin/assets/ug-cn-DU-MZ9Vx.js +1 -0
package/admin/assets/uk-hn6vcOkn.js +1 -0
package/admin/assets/ur-jOObtqB6.js +1 -0
package/admin/assets/uz-BlftYfHF.js +1 -0
package/admin/assets/uz-latn-BpuI0ccM.js +1 -0
package/admin/assets/vi-DVo3LusT.js +1 -0
package/admin/assets/x-pseudo-BuVzNhqi.js +1 -0
package/admin/assets/yo-BvWGwb4m.js +1 -0
package/admin/assets/zh-D9-tfba1.js +1 -0
package/admin/assets/zh-cn-CFL5sbIW.js +1 -0
package/admin/assets/zh-hk-DRP8u65r.js +1 -0
package/admin/assets/zh-tw-CtVs1ihI.js +1 -0
package/admin/index.html +2 -2
package/frontend/assets/index-legacy-D3BTBYs5.js +9 -0
package/frontend/assets/{index-legacy-vmpqwZZf.js → index-legacy-DcrWtKxQ.js} +1 -1
package/frontend/assets/{sha512-legacy-wI89-UHR.js → sha512-legacy-DJvEwScE.js} +1 -1
package/frontend/index.html +1 -1
package/npm-shrinkwrap.json +144 -71
package/package.json +9 -9
package/plugins/antibrute/plugin.js +150 -19
package/plugins/list-uploader/public/main.js +1 -1
package/src/acme.js +11 -7
package/src/api.accounts.js +3 -3
package/src/api.auth.js +3 -1
package/src/api.get_file_list.js +17 -13
package/src/api.monitor.js +47 -43
package/src/api.net.js +4 -3
package/src/api.vfs.js +1 -1
package/src/basicWeb.js +1 -1
package/src/commands.js +54 -1
package/src/comments.js +7 -4
package/src/config.js +9 -5
package/src/consoleLog.js +39 -1
package/src/const.js +4 -0
package/src/cross.js +33 -6
package/src/errorPages.js +20 -10
package/src/events.js +3 -3
package/src/expiringCache.js +8 -7
package/src/fileAttr.js +73 -15
package/src/frontEndApis.js +20 -15
package/src/index.js +2 -1
package/src/langs/hfs-lang-ar.json +2 -1
package/src/langs/hfs-lang-bg.json +2 -1
package/src/langs/hfs-lang-de.json +2 -1
package/src/langs/hfs-lang-el.json +2 -1
package/src/langs/hfs-lang-es.json +2 -1
package/src/langs/hfs-lang-fi.json +2 -1
package/src/langs/hfs-lang-fr.json +2 -1
package/src/langs/hfs-lang-hu.json +2 -1
package/src/langs/hfs-lang-it.json +2 -1
package/src/langs/hfs-lang-ja.json +2 -1
package/src/langs/hfs-lang-ko.json +2 -1
package/src/langs/hfs-lang-lt.json +2 -1
package/src/langs/hfs-lang-ms.json +2 -0
package/src/langs/hfs-lang-nl.json +2 -1
package/src/langs/hfs-lang-pt-br.json +2 -1
package/src/langs/hfs-lang-ro.json +2 -1
package/src/langs/hfs-lang-ru.json +2 -1
package/src/langs/hfs-lang-sr-latn.json +2 -1
package/src/langs/hfs-lang-sr.json +2 -1
package/src/langs/hfs-lang-th.json +2 -1
package/src/langs/hfs-lang-tr.json +2 -1
package/src/langs/hfs-lang-uk.json +2 -1
package/src/langs/hfs-lang-vi.json +2 -1
package/src/langs/hfs-lang-zh-tw.json +2 -1
package/src/langs/hfs-lang-zh.json +2 -1
package/src/listen.js +2 -1
package/src/log.js +27 -2
package/src/middlewares.js +8 -2
package/src/misc.js +14 -0
package/src/nat.js +61 -21
package/src/outboundProxy.js +1 -1
package/src/perm.js +5 -1
package/src/plugins.js +34 -5
package/src/roots.js +1 -1
package/src/selfCheck.js +2 -1
package/src/serveGuiAndSharedFiles.js +18 -7
package/src/serveGuiFiles.js +2 -1
package/src/update.js +10 -18
package/src/urlList.js +32 -0
package/src/util-files.js +24 -9
package/src/util-http.js +4 -0
package/src/vfs.js +21 -9
package/src/walkDir.js +7 -1
package/src/webdav.js +4 -1
package/src/zip.js +3 -2
package/admin/assets/index-B66w-a0v.css +0 -1
package/admin/assets/index-Df6vYR7s.js +0 -822
package/frontend/assets/index-legacy-emBsvICj.js +0 -9

package/src/urlList.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+// This file is part of HFS - Copyright 2021-2023, Massimo Melina <a@rejetto.com> - License https://www.gnu.org/licenses/gpl-3.0.txt
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encodeUrlList = encodeUrlList;
+exports.decodeUrlList = decodeUrlList;
+// utilities to pass a list of files via url
+// not easy to find chars that are not allowed in file names both for windows and unix
+const URL_LIST_SEPARATOR = '//';
+const URL_LIST_SAME_FOLDER = '\0'; // nul cannot be a valid file name char, and query encoding carries it as %00 without conflicting with path slashes
+function encodeUrlList(entries) {
+    let previousFolder = '';
+    return entries.map(entry => {
+        const slash = entry.lastIndexOf('/');
+        const folder = slash < 0 ? '' : entry.slice(0, slash + 1);
+        const name = slash < 0 ? entry : entry.slice(slash + 1);
+        if (folder && folder === previousFolder)
+            return URL_LIST_SAME_FOLDER + name;
+        previousFolder = folder;
+        return entry;
+    }).join(URL_LIST_SEPARATOR);
+}
+function decodeUrlList(list) {
+    let previousFolder = '';
+    return list?.split(URL_LIST_SEPARATOR).map(entry => {
+        const sameFolder = entry.startsWith(URL_LIST_SAME_FOLDER);
+        if (sameFolder && previousFolder)
+            entry = previousFolder + entry.slice(URL_LIST_SAME_FOLDER.length);
+        const slash = entry.lastIndexOf('/');
+        previousFolder = slash < 0 ? '' : entry.slice(0, slash + 1);
+        return entry;
+    });
+}

package/src/util-files.js CHANGED Viewed

@@ -29,8 +29,7 @@ const fast_glob_1 = __importDefault(require("fast-glob"));
 const const_1 = require("./const");
 const promises_2 = require("stream/promises");
 const stat_1 = require("./stat");
-// @ts-ignore
-const unzip_stream_1 = __importDefault(require("unzip-stream"));
+const unzipper_1 = __importDefault(require("unzipper"));
 const fileTimeout = (0, config_1.defineConfig)('file_timeout', 3, x => x * 1000);
 // a smart (and a bit arbitrary) way to decide if we need the stat-workers functionality. Without it, we may be a bit faster. We'll see with experience if we need a dedicated configuration.
 const disableStatWorkers = Number(process.env.UV_THREADPOOL_SIZE) >= 10;
@@ -104,18 +103,29 @@ function escapeGlobPath(path) {
     return fast_glob_1.default.escapePath(path.replace(/\\/g, '/'));
 }
 async function unzip(stream, cb) {
+    const extracted = new Map();
     let chain = Promise.resolve();
-    return new Promise((resolve, reject) => stream.pipe(unzip_stream_1.default.Parse())
-        .on('end', () => chain.then(resolve))
+    return new Promise((resolve, reject) => stream.pipe(unzipper_1.default.Parse())
+        .on('close', () => chain.then(resolve, reject))
         .on('error', reject)
         .on('entry', (entry) => chain = chain.then(async () => {
         const { path, type } = entry;
         const dest = await (0, cross_1.try_)(() => cb(path), e => console.warn(String(e)));
         if (!dest || type !== 'File')
-            return entry.autodrain();
+            return entry.autodrain().promise();
+        extracted.set(path, dest);
         console.debug('Unzip', dest);
+        // keep writes serialized so archive entries can't race while callers map paths asynchronously
         const thisFile = entry.pipe(await createSafeWriteStream(dest));
         await (0, promises_2.finished)(thisFile);
+    }))
+        // unix modes live in the central directory, so we reapply them after the file stream has been written
+        .on('entryInCentral', (entry) => chain = chain.then(async () => {
+        if (entry.type !== 'File')
+            return;
+        const dest = extracted.get(entry.path);
+        if (dest && entry.unixAttrs)
+            await (0, promises_1.chmod)(dest, entry.unixAttrs).catch(() => { });
     })));
 }
 async function ensureParentFolder(path, dirnameIt = true) {
@@ -172,19 +182,24 @@ function exists(path) {
 }
 // parse a file, caching unless timestamp has changed
 exports.parseFileCache = new Map();
-async function loadFileCached(path, loader) {
+async function loadFileCached(path, loader, minInterval = 0) {
     const cached = exports.parseFileCache.get(path);
+    const now = Date.now();
+    if (cached && now - cached.lastCheck < minInterval)
+        return cached.parsed;
     const ts = await statWithTimeout(path).then(x => x.mtime, e => {
         if (e?.message !== 'timeout')
             throw e;
         return cached?.ts || new Date(0); // on timeout (e.g. thread pool saturated), serve cache if any, or attempt the loader
     });
+    if (cached)
+        cached.lastCheck = now;
     if (cached && Number(ts) === Number(cached.ts))
         return cached.parsed;
     const parsed = loader(path);
-    exports.parseFileCache.set(path, { ts, parsed });
+    exports.parseFileCache.set(path, { ts, parsed, lastCheck: now });
     return parsed;
 }
-async function parseFile(path, parse) {
-    return loadFileCached(path, () => (0, promises_1.readFile)(path).then(parse));
+async function parseFile(path, parse, skipStatBefore = 0) {
+    return loadFileCached(path, () => (0, promises_1.readFile)(path).then(parse), skipStatBefore);
 }

package/src/util-http.js CHANGED Viewed

@@ -67,6 +67,8 @@ function httpStream(url, { body, proxy, jar, noRedirect, httpThrow = true, ...op
     return Object.assign(new Promise(async (resolve, reject) => {
         proxy ??= httpStream.defaultProxy;
         options.headers ??= {};
+        if (httpStream.defaultUA && !Object.keys(options.headers).find(k => k.toLowerCase() === 'user-agent'))
+            options.headers['user-agent'] = httpStream.defaultUA;
         if (body) {
             options.method ||= 'POST';
             if (lodash_1.default.isPlainObject(body)) {
@@ -135,6 +137,8 @@ function httpStream(url, { body, proxy, jar, noRedirect, httpThrow = true, ...op
             e.cause ??= req; // enrich the error
             reject(e);
         });
+        if (options.timeout) // node only emits the timeout event, so destroy the request to unblock callers waiting for the body
+            req.setTimeout(options.timeout, () => req.destroy(Object.assign(Error('timeout'), { code: 'ETIMEDOUT' })));
         if (body && body instanceof node_stream_1.Readable)
             body.pipe(req).on('end', () => req.end());
         else

package/src/vfs.js CHANGED Viewed

@@ -15,10 +15,11 @@ exports.getNodeByName = getNodeByName;
 exports.isRoot = isRoot;
 exports.getNodeName = getNodeName;
 exports.nodeIsFolder = nodeIsFolder;
-exports.hasDefaultFile = hasDefaultFile;
+exports.getDefaultFile = getDefaultFile;
 exports.nodeIsLink = nodeIsLink;
 exports.hasPermission = hasPermission;
 exports.statusCodeForMissingPerm = statusCodeForMissingPerm;
+exports.simpleWhoToError = simpleWhoToError;
 exports.walkNode = walkNode;
 exports.masksCouldGivePermission = masksCouldGivePermission;
 exports.parentMaskApplier = parentMaskApplier;
@@ -35,6 +36,7 @@ const fswin_1 = __importDefault(require("fswin"));
 const comments_1 = require("./comments");
 const walkDir_1 = require("./walkDir");
 const node_stream_1 = require("node:stream");
+const adminApis_1 = require("./adminApis");
 const showHiddenFiles = (0, config_1.defineConfig)('show_hidden_files', false);
 function permsFromParent(parent, child) {
     const ret = {};
@@ -225,7 +227,7 @@ function nodeIsFolder(node) {
         return undefined;
     }
 }
-async function hasDefaultFile(node, ctx) {
+async function getDefaultFile(node, ctx) {
     return node.default && nodeIsFolder(node) && await urlToNode(node.default, ctx, node) || undefined;
 }
 function nodeIsLink(node) {
@@ -254,7 +256,7 @@ function statusCodeForMissingPerm(node, perm, ctx, assign = true) {
             if ((0, misc_1.isWhoObject)(who))
                 who = who.this;
             who ??= misc_1.defaultPerms[cur];
-            if (typeof who !== 'string' || who === misc_1.WHO_ANY_ACCOUNT)
+            if (typeof who !== 'string' || who === misc_1.WHO_ANY_ACCOUNT || who === misc_1.WHO_ADMIN)
                 break;
             if (!max--) {
                 console.error(`Endless loop in permission ${perm}=${node[perm] ?? misc_1.defaultPerms[perm]} for ${node.url || getNodeName(node)}`);
@@ -262,19 +264,29 @@ function statusCodeForMissingPerm(node, perm, ctx, assign = true) {
             }
             cur = who;
         } while (1);
+        if ((0, misc_1.isWhoObject)(who) || isWhoVfsPerms(who))
+            throw Error(`permission type-guard: ${JSON.stringify(who)}`);
         const eventName = 'checkVfsPermission';
         if (events_1.default.anyListener(eventName)) {
             const first = lodash_1.default.max(events_1.default.emit(eventName, { who, node, perm, ctx }));
             if (first !== undefined)
                 return first;
         }
-        if (Array.isArray(who))
-            return (0, perm_1.ctxBelongsTo)(ctx, who) ? 0 : const_1.HTTP_UNAUTHORIZED;
-        return typeof who === 'boolean' ? (who ? 0 : const_1.HTTP_FORBIDDEN)
-            : who === misc_1.WHO_ANY_ACCOUNT ? ((0, auth_1.getCurrentUsername)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
-                : (0, misc_1.throw_)(Error(`invalid permission: ${perm}=${(0, misc_1.try_)(() => JSON.stringify(who))}`));
+        return simpleWhoToError(who, ctx)
+            ?? (0, misc_1.throw_)(Error(`invalid permission: ${perm}=${(0, misc_1.try_)(() => JSON.stringify(who))}`));
     }
 }
+function simpleWhoToError(who, ctx) {
+    if (Array.isArray(who))
+        return (0, perm_1.ctxBelongsTo)(ctx, who) ? 0 : const_1.HTTP_UNAUTHORIZED;
+    return typeof who === 'boolean' ? (who ? 0 : const_1.HTTP_FORBIDDEN)
+        : who === misc_1.WHO_ANY_ACCOUNT ? ((0, auth_1.getCurrentUsername)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
+            : who === misc_1.WHO_ADMIN ? ((0, adminApis_1.ctxAdminAccess)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
+                : undefined;
+}
+function isWhoVfsPerms(who) {
+    return typeof who === 'string' && misc_1.PERM_KEYS.includes(who);
+}
 // it's the responsibility of the caller to verify you have list permission on parent, as callers have different needs.
 async function* walkNode(parent, { ctx, depth = Infinity, prefixPath = '', requiredPerm, onlyFolders = false, onlyFiles = false, parallelizeRecursion = true, } = {}) {
     let started = false;
@@ -337,7 +349,7 @@ async function* walkNode(parent, { ctx, depth = Infinity, prefixPath = '', requi
                         const name = prefixPath + (renamed || path);
                         if (taken?.has(normalizeFilename(name))) // taken by vfs node above
                             return false; // false just in case it's a folder
-                        const item = { name, isFolder, source: (0, path_1.join)(source, path), parent };
+                        const item = { name, isFolder, source: (0, path_1.join)(source, path), parent, stats: entry.stats };
                         // masks containing '/' must be matched against the relative path while keeping walkDir recursion enabled
                         await pathMaskApplier(item, renamed || path);
                         if (await cantSee(item)) // can't see: don't produce and don't recur

package/src/walkDir.js CHANGED Viewed

@@ -56,7 +56,13 @@ function walkDir(path, { depth = 0, hidden = true, parallelizeRecursion = false,
                 work(Object.assign(Object.create(direntMethods), {
                     isDir: f.IS_DIRECTORY,
                     name: f.LONG_NAME,
-                    stats: { size: f.SIZE, birthtime: f.CREATION_TIME, mtime: f.LAST_WRITE_TIME }
+                    stats: {
+                        size: f.SIZE,
+                        birthtime: f.CREATION_TIME, birthtimeMs: f.CREATION_TIME.getTime(),
+                        mtime: f.LAST_WRITE_TIME, mtimeMs: f.LAST_WRITE_TIME.getTime(),
+                        isFile: () => !f.IS_DIRECTORY,
+                        isDirectory: () => f.IS_DIRECTORY,
+                    }
                 }));
             }, true));
         }

package/src/webdav.js CHANGED Viewed

@@ -23,6 +23,7 @@ const config_1 = require("./config");
 const expiringCache_1 = require("./expiringCache");
 const fast_xml_parser_1 = require("fast-xml-parser");
 const lodash_1 = __importDefault(require("lodash"));
+const fileAttr_1 = require("./fileAttr");
 const forceWebdavLogin = (0, config_1.defineConfig)(cross_1.CFG.force_webdav_login, true, compileWebdavAgentRegex);
 const webdavInitialAuth = (0, config_1.defineConfig)(cross_1.CFG.webdav_initial_auth, 'WebDAVFS', compileWebdavAgentRegex);
 const webdavPrompted = (0, expiringCache_1.expiringCache)(cross_1.DAY);
@@ -148,7 +149,9 @@ const webdav = async (ctx, next) => {
             canOverwrite.delete(overwriteGraceKey);
             const node = await (0, vfs_1.urlToNode)(path, ctx);
             if (node?.source)
-                await (0, promises_1.rm)(node.source).catch(() => { });
+                await (0, promises_1.rm)(node.source)
+                    .then(() => (0, fileAttr_1.deleteStoredFileAttrs)(node.source))
+                    .catch(() => { });
         }
         if (x && ctx.length === undefined) // missing length can make PUT fail
             ctx.req.headers['content-length'] = x;

package/src/zip.js CHANGED Viewed

@@ -12,9 +12,10 @@ const serveFile_1 = require("./serveFile");
 const const_1 = require("./const");
 const api_get_file_list_1 = require("./api.get_file_list");
 const comments_1 = require("./comments");
+const urlList_1 = require("./urlList");
 // expects 'node' to have had permissions checked by caller
 async function zipStreamFromFolder(node, ctx) {
-    const list = (0, misc_1.wantArray)(ctx.query.list)[0]?.split('//'); // slash is the only char not allowed in file names both for windows and unix, but still we need to encode whole paths, so the only safe choice to separate the entries is the double slash
+    const list = (0, urlList_1.decodeUrlList)((0, misc_1.wantArray)(ctx.query.list)[0]);
     if (!list && (0, vfs_1.statusCodeForMissingPerm)(node, 'can_archive', ctx))
         return;
     ctx.status = const_1.HTTP_OK;
@@ -39,7 +40,7 @@ async function zipStreamFromFolder(node, ctx) {
                 if ((0, vfs_1.nodeIsFolder)(subNode)) { // a directory needs to be walked
                     if ((0, vfs_1.hasPermission)(subNode, 'can_list', ctx) && (0, vfs_1.hasPermission)(subNode, 'can_archive', ctx)) {
                         yield subNode; // it could be empty
-                        yield* (0, vfs_1.walkNode)(subNode, { ctx, prefixPath: decodeURI(uri) + '/', requiredPerm: 'can_archive' });
+                        yield* (0, vfs_1.walkNode)(subNode, { ctx, prefixPath: (0, misc_1.pathDecodeSegments)(uri) + '/', requiredPerm: 'can_archive' });
                     }
                     continue;
                 }

package/admin/assets/index-B66w-a0v.css DELETED Viewed

@@ -1 +0,0 @@

- .ariaOnly{position:absolute;clip-path:rect(1px 1px 1px 1px);clip:rect(1px,1px,1px,1px)}.icon{font-size:1.2em;height:1.2em;width:1.4em;display:inline-block;text-align:center}@keyframes blink{0%{opacity:1}50%{opacity:.3}}:root{height:100dvh;--success: #5c5}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;height:100vh;background:#000}#root{min-height:100%;display:flex}main{word-break:break-word}code{font-family:source-code-pro,Menlo,Monaco,Consolas,Courier New,monospace}img.flag{width:1.5em;height:1em;vertical-align:text-top;margin-top:1px}.icon-w-text{margin-right:.5em}form{max-width:100%}.MuiSvgIcon-root{vertical-align:bottom}div.MuiTreeItem-content{padding:0}.MuiDataGrid-columnHeaders{background-color:#8882}.MuiDataGrid-cell{line-height:1.2em}.MuiDataGrid-filterForm{flex-wrap:wrap;justify-content:space-evenly;row-gap:1em}.wrap[role=cell]{white-space:normal!important}ol,ul{margin-top:.2em;margin-bottom:.2em;padding-left:1.5em}h2.MuiDialogTitle-root{padding-top:2px;padding-bottom:2px}.dialog-alert .MuiDialogContent-root{max-width:45em;padding:.5em 1em;white-space:pre-wrap}.release code{font-size:95%;background-color:#8883;padding:0 .2em;border-radius:.2em}.MuiAppBar-root .MuiAlert-standardInfo .MuiAlert-icon{color:#fff8!important}.MuiAppBar-root .MuiAlert-standardInfo .MuiAlert-message{color:#fffa!important}.MuiAppBar-root .MuiAlert-colorWarning .MuiAlert-icon{color:#ff08!important}.MuiAppBar-root .MuiAlert-colorWarning .MuiAlert-message{color:#ff0a!important}.animated-dashed-line{width:100%;height:2px;background-image:linear-gradient(to right,currentColor 50%,transparent 50%);background-size:10px 100%;animation:animate-dash 1s alternate linear infinite}@keyframes animate-dash{to{background-position:20px 0}}@keyframes success{50%{transform:scale(1.3);color:var(--success)}to{transform:inherit;color:inherit}}::-webkit-scrollbar{width:4px}::-webkit-scrollbar-thumb{background:#8888}::-webkit-scrollbar-track{background:#8882}.token.operator{background:unset!important}.fflag{width:26px;height:17px;vertical-align:text-bottom;border:none}.dialog-backdrop{position:fixed;inset:0;background:#8886;backdrop-filter:blur(2px);display:flex;justify-content:center;align-items:center;z-index:1000}.dialog{background:#fff;background:var(--bg);padding:.5em;padding:max(.5em,1vw,2vh);padding-top:0;border-radius:1em;position:relative;margin:0 3vw;overflow:hidden;max-height:calc(100vh - 2em);display:flex;flex-direction:column;justify-content:center}.dialog-icon{color:#fff;background-color:var(--color);position:absolute;top:0;width:2em;height:1.8em;text-align:center;border-radius:.8em 0}.dialog-icon-text{display:flex;align-items:center;justify-content:center}.dialog-title{font-size:120%;font-weight:400;margin:.3em 0;padding:0 .5em;min-height:1.2em}.dialog-closer~.dialog-title{margin-right:2em}.dialog-type~.dialog-title{margin-left:2em}.dialog-icon~.dialog-title{text-align:center}.dialog-closer{border-radius:0 .8em;right:0;padding:0;background-color:#c88}.dialog-icon~.dialog-content{margin-top:1em}.dialog-type{left:0;top:0;overflow:hidden;opacity:.7}.dialog-content{overflow:auto;max-height:calc(100vh - 4.5em)}.dialog-content p{white-space:pre-wrap;margin:.5em 0}.dialog-confirm .dialog-content button{margin-top:1em}.dialog-alert-info{--color: #282 }.dialog-alert-warning{--color: #c91 }.dialog-alert-error{--color: #822}@media (max-width: 42em){.dialog-icon{font-size:120%}.dialog-icon~.dialog-content{margin-top:1.5em}}.dialog-prompt label{display:block;margin:.5em .1em}.toasts{position:fixed;right:0;display:flex;flex-direction:column;margin-top:.5em;gap:.5em;z-index:1001}.toast{background:var(--faint-contrast);color:var(--text-high-contrast);transition:all .5s ease-in;position:relative;left:-.5em;overflow:hidden;display:flex;align-items:center;padding:.3em .6em;border-radius:.5em;box-shadow:0 0 .3em .3em #8883;box-sizing:border-box}.toast .toast-icon{margin-right:.3em;animation:zoomRotating 1.5s}.toast.toast-success{background-color:var(--success)}.toast.toast-warning{background-color:var(--warning)}.toast.toast-error{background-color:var(--error)}.toast.before{left:100%;transform:scale(.1);padding-top:0;padding-bottom:0}.toast.after{height:0!important;padding-top:0;padding-bottom:0;transition-duration:.2s;transform:scale(0)}@keyframes zoomRotating{0%{transform:scale(0)}to{transform:scale(1) rotate(360deg)}}code[class*=language-],pre[class*=language-]{color:#657b83;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;font-size:1em;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;word-wrap:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none}pre[class*=language-]::-moz-selection,pre[class*=language-] ::-moz-selection,code[class*=language-]::-moz-selection,code[class*=language-] ::-moz-selection{background:#073642}pre[class*=language-]::selection,pre[class*=language-] ::selection,code[class*=language-]::selection,code[class*=language-] ::selection{background:#073642}pre[class*=language-]{padding:1em;margin:.5em 0;overflow:auto;border-radius:.3em}:not(pre)>code[class*=language-],pre[class*=language-]{background-color:#fdf6e3}:not(pre)>code[class*=language-]{padding:.1em;border-radius:.3em}.token.comment,.token.prolog,.token.doctype,.token.cdata{color:#93a1a1}.token.punctuation{color:#586e75}.token.namespace{opacity:.7}.token.property,.token.tag,.token.boolean,.token.number,.token.constant,.token.symbol,.token.deleted{color:#268bd2}.token.selector,.token.attr-name,.token.string,.token.char,.token.builtin,.token.url,.token.inserted{color:#2aa198}.token.entity{color:#657b83;background:#eee8d5}.token.atrule,.token.attr-value,.token.keyword{color:#859900}.token.function,.token.class-name{color:#b58900}.token.regex,.token.important,.token.variable{color:#cb4b16}.token.important,.token.bold{font-weight:700}.token.italic{font-style:italic}.token.entity{cursor:help}