npm - hfs - Versions diffs - 3.2.0-alpha1.1 → 3.2.0-beta2 - Mend

hfs 3.2.0-alpha1.1 → 3.2.0-beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/src/expiringCache.js CHANGED Viewed

@@ -6,24 +6,25 @@ function expiringCache(ttlMs) {
         throw Error('invalid TTL');
     const o = new Map();
     return Object.assign(o, {
-        // creator can return undefined if the value should not be cached. `invalidate` is useful in case you have some custom logic for it, other than ttl.
+        invalidate,
+        // creator can return undefined if the value should not be cached
         try(k, creator) {
             let ret = o.get(k);
             if (ret === undefined) { // undefined = missing, as we don't accept this value in our cache
-                ret = creator(invalidate);
+                ret = creator(k);
                 if (ret !== undefined) {
                     o.set(k, ret);
                     Promise.resolve(ret).then(v => {
                         if (v === undefined) // even in a promise, we'll consider undefined as a request to cancel the caching
-                            invalidate();
+                            invalidate(k);
                     }, () => { }) // avoid js warning
-                        .finally(() => setTimeout(invalidate, ttlMs)); // wait for async (in case) before starting the timer
-                }
-                function invalidate() {
-                    o.delete(k);
+                        .finally(() => setTimeout(() => invalidate(k), ttlMs)); // wait for async (in case) before starting the timer
                 }
             }
             return ret;
         },
     });
+    function invalidate(k) {
+        o.delete(k);
+    }
 }

package/src/frontEndApis.js CHANGED Viewed

@@ -20,11 +20,13 @@ const promises_1 = require("fs/promises");
 const path_1 = require("path");
 const upload_1 = require("./upload");
 const misc_1 = require("./misc");
+const config_1 = require("./config");
 const comments_1 = require("./comments");
 const SendList_1 = require("./SendList");
 const adminApis_1 = require("./adminApis");
 const lodash_1 = __importDefault(require("lodash"));
 const partialFolderSize = {};
+const showUploader = (0, config_1.defineConfig)(misc_1.CFG.show_uploader, misc_1.WHO_ADMIN);
 exports.frontEndApis = {
     get_file_list: api_get_file_list_1.get_file_list,
     ...api_auth_1.authApis,
@@ -43,19 +45,20 @@ exports.frontEndApis = {
             return new apiMiddleware_1.ApiError(const_1.HTTP_BAD_REQUEST, 'bad uris');
         const isAdmin = (0, adminApis_1.ctxAdminAccess)(ctx);
         return {
-            details: await Promise.all(uris.map(async (uri) => {
-                if (typeof uri !== 'string')
-                    return false; // false means error
-                const node = await (0, vfs_1.urlToNode)(uri, ctx);
-                if (!node || !(0, vfs_1.hasPermission)(node, 'can_see', ctx))
-                    return false;
-                let upload = node.source && await (0, upload_1.getUploadMeta)(node.source).catch(() => undefined);
-                if (!upload)
-                    return;
-                if (!isAdmin)
-                    upload = lodash_1.default.omit(upload, 'ip');
-                return { upload };
-            }))
+            details: (0, vfs_1.simpleWhoToError)(showUploader.get(), ctx) ? [] // return early because at the moment we only have the uploader
+                : await Promise.all(uris.map(async (uri) => {
+                    if (typeof uri !== 'string')
+                        return false; // false means error
+                    const node = await (0, vfs_1.urlToNode)(uri, ctx);
+                    if (!node || !(0, vfs_1.hasPermission)(node, 'can_see', ctx))
+                        return false;
+                    let upload = node.source && await (0, upload_1.getUploadMeta)(node.source).catch(() => undefined);
+                    if (!upload)
+                        return;
+                    if (!isAdmin)
+                        upload = lodash_1.default.omit(upload, 'ip');
+                    return { upload };
+                }))
         };
     },
     async create_folder({ uri, name }, ctx) {
@@ -126,7 +129,7 @@ exports.frontEndApis = {
         await (0, comments_1.setCommentFor)(node.source, comment);
         return {};
     },
-    async get_folder_size_partial({ id }, ctx) {
+    async get_folder_size_partial({ id }) {
         (0, misc_1.apiAssertTypes)({ string: { id } });
         return partialFolderSize[id] || new apiMiddleware_1.ApiError(const_1.HTTP_NOT_FOUND);
     },

package/src/listen.js CHANGED Viewed

@@ -298,7 +298,8 @@ function stopServer(srv) {
                 console.debug("Failed to stop server", String(err));
             resolve(err);
         });
-        srv.closeAllConnections();
+        if (first_1.quitting)
+            srv.closeAllConnections();
     });
 }
 function getCurrentPort(srv) {

package/src/nat.js CHANGED Viewed

@@ -76,7 +76,10 @@ exports.getPublicIps = (0, debounceAsync_1.debounceAsync)(async () => {
             throw "no good";
         return validIps;
     }))));
-    return exports.defaultBaseUrl.publicIps = lodash_1.default.uniq(ips.flat());
+    const ret = exports.defaultBaseUrl.publicIps = lodash_1.default.uniq(ips.flat());
+    if (!ret.length) // don't keep empty results for long
+        setTimeout(() => exports.getPublicIps.clearRetain(), 5_000);
+    return ret;
 }, { retain: 10 * cross_1.MINUTE });
 exports.getNatInfo = (0, debounceAsync_1.debounceAsync)(async () => {
     const upnp = await exports.upnpEnabled.getWhenReady() ? getUpnpClient() : null;

package/src/roots.js CHANGED Viewed

@@ -32,7 +32,7 @@ const rootsMiddleware = (ctx, next) => (() => {
     }
     if (lodash_1.default.isEmpty(exports.roots.get()))
         return;
-    const root = ctx.state.root = exports.roots.compiled()?.(ctx.host);
+    const root = ctx.state.root = exports.roots.compiled()(ctx.host);
     if (!ctx.state.skipFilters && forceAddress.get()
         && root === undefined && !(0, misc_1.isLocalHost)(ctx) && ctx.host !== listen_1.baseUrl.compiled())
         return (0, connections_1.disconnect)(ctx, forceAddress.key()); // returning truthy will not call next

package/src/selfCheck.js CHANGED Viewed

@@ -38,7 +38,8 @@ async function selfCheck(url) {
                     console.debug(svc);
                     body = applySymbols(body);
                     serviceUrl = applySymbols(serviceUrl);
-                    const res = await (0, cross_1.haveTimeout)(6_000, (0, util_http_1.httpString)(serviceUrl, { family, ...rest, body }));
+                    const timeout = 8_000;
+                    const res = await (0, cross_1.haveTimeout)(timeout, (0, util_http_1.httpString)(serviceUrl, { family, timeout, ...rest, body }));
                     const success = new RegExp(regexpSuccess).test(res);
                     const failure = new RegExp(regexpFailure).test(res);
                     if (success === failure)

package/src/serveGuiAndSharedFiles.js CHANGED Viewed

@@ -28,6 +28,7 @@ const comments_1 = require("./comments");
 const basicWeb_1 = require("./basicWeb");
 const icons_1 = require("./icons");
 const plugins_1 = require("./plugins");
+const roots_1 = require("./roots");
 const serveFrontendFiles = (0, serveGuiFiles_1.serveGuiFiles)(process.env.FRONTEND_PROXY, cross_const_1.FRONTEND_URI);
 const serveFrontendPrefixed = (0, koa_mount_1.default)(cross_const_1.FRONTEND_URI.slice(0, -1), serveFrontendFiles);
 const serveAdminFiles = (0, serveGuiFiles_1.serveGuiFiles)(process.env.ADMIN_PROXY, cross_const_1.ADMIN_URI);
@@ -119,11 +120,10 @@ const serveSharedFiles = async (ctx, next) => {
             return ctx.status = cross_const_1.HTTP_SERVER_ERROR;
         }
     }
-    if (node.default && path.endsWith('/') && !get) { // final/ needed on browser to make resource urls correctly with html pages
-        const found = await (0, vfs_1.urlToNode)(node.default, ctx, node);
-        if (found && /\.html?/i.test(node.default))
+    if (path.endsWith('/') && !get) { // final slash needed on browsers to make resource urls working with html pages
+        const found = await (0, vfs_1.getDefaultFile)(node, ctx);
+        if (found && /\.html?/i.test((0, vfs_1.getNodeName)(node = found)))
             ctx.state.considerAsGui = true;
-        node = found ?? node;
     }
     if (get === 'icon')
         return (0, serveFile_1.serveFile)(ctx, node.icon || '|'); // pipe to cause not-found
@@ -160,9 +160,19 @@ async function sendFolderList(node, ctx) {
     ctx.type = 'text';
     if (prepend === undefined || prepend === '*') { // * = force auto-detection even if we have baseUrl set
         const { URL } = ctx;
-        const base = prepend === undefined && listen_1.baseUrl.get()
-            || URL.protocol + '//' + URL.host + ctx.state.revProxyPath;
-        prepend = base + (0, misc_1.pathEncode)(decodeURI(ctx.path)); // redo the encoding our way, keeping unicode chars unchanged
+        const requestBase = URL.protocol + '//' + URL.host + ctx.state.revProxyPath;
+        const configuredBaseUrl = prepend === undefined && listen_1.baseUrl.get();
+        const configuredRoot = configuredBaseUrl && roots_1.roots.compiled()(listen_1.baseUrl.compiled() || '');
+        const pathInConfiguredRoot = configuredRoot && (configuredRoot === '/' ? ctx.path
+            : ctx.path.startsWith(configuredRoot) ? ctx.path.slice(configuredRoot.length - 1)
+                : ctx.path === configuredRoot.slice(0, -1) ? '/'
+                    : false);
+        // base_url may expose a host-rooted home; use it only for VFS paths inside that host root
+        const [base, path] = !configuredBaseUrl ? [requestBase, ctx.path]
+            : pathInConfiguredRoot === false ? [requestBase, ctx.path]
+                : [configuredBaseUrl, pathInConfiguredRoot || ctx.path];
+        // redo the encoding our way, keeping unicode chars unchanged. decode each segment separately because decodeURI preserves reserved escapes like %3A, which pathEncode would double-encode
+        prepend = base + (0, misc_1.pathDecodeSegments)(path, misc_1.pathEncode);
     }
     const walker = (0, vfs_1.walkNode)(node, { ctx, depth: depth === '*' ? Infinity : Number(depth), parallelizeRecursion: false }); // parallelization produces out-of-order results, and we don't want it like that here
     ctx.body = (0, misc_1.asyncGeneratorToReadable)((0, misc_1.filterMapGenerator)(walker, async (el) => {

package/src/serveGuiFiles.js CHANGED Viewed

@@ -39,7 +39,7 @@ function serveStatic(uri) {
             return ctx.status = const_1.HTTP_METHOD_NOT_ALLOWED;
         const serveApp = shouldServeApp(ctx);
         const fullPath = (0, path_1.join)(__dirname, '..', folder, serveApp ? '/index.html' : ctx.path);
-        const content = await (0, misc_1.parseFile)(fullPath, raw => serveApp || !raw.length ? raw : adjustBundlerLinks(ctx, uri, raw))
+        const content = await (0, misc_1.parseFile)(fullPath, raw => serveApp || !raw.length ? raw : adjustBundlerLinks(ctx, uri, raw), 1000)
             .catch(e => {
             if (e?.code !== 'ENOENT') // not supposed to happen, and yet a user reported a strange behavior
                 console.error(`serveStatic/parseFile: ${String(e)}`);

package/src/update.js CHANGED Viewed

@@ -128,9 +128,7 @@ async function update(tagOrUrl = '') {
             throw "No update has been found";
         const plat = '-' + (0, misc_1.xlate)(process.platform, { win32: 'windows', darwin: 'mac' });
         const assetSearch = `${plat}-${process.arch}`;
-        const legacyAssetSearch = `${plat}${(0, misc_1.prefix)('-', (0, misc_1.xlate)(process.arch, { x64: '', arm64: 'arm' }))}.zip`; // legacy pre-0.53.0-rc16
-        const asset = update.assets.find((x) => x.name.includes(assetSearch) && x.name.endsWith('.zip'))
-            || update.assets.find((x) => x.name.endsWith(legacyAssetSearch));
+        const asset = update.assets.find((x) => x.name.includes(assetSearch) && x.name.endsWith('.zip'));
         if (!asset)
             throw `Asset not found: ${assetSearch}`;
         url = asset.browser_download_url;

package/src/util-files.js CHANGED Viewed

@@ -182,19 +182,24 @@ function exists(path) {
 }
 // parse a file, caching unless timestamp has changed
 exports.parseFileCache = new Map();
-async function loadFileCached(path, loader) {
+async function loadFileCached(path, loader, minInterval = 0) {
     const cached = exports.parseFileCache.get(path);
+    const now = Date.now();
+    if (cached && now - cached.lastCheck < minInterval)
+        return cached.parsed;
     const ts = await statWithTimeout(path).then(x => x.mtime, e => {
         if (e?.message !== 'timeout')
             throw e;
         return cached?.ts || new Date(0); // on timeout (e.g. thread pool saturated), serve cache if any, or attempt the loader
     });
+    if (cached)
+        cached.lastCheck = now;
     if (cached && Number(ts) === Number(cached.ts))
         return cached.parsed;
     const parsed = loader(path);
-    exports.parseFileCache.set(path, { ts, parsed });
+    exports.parseFileCache.set(path, { ts, parsed, lastCheck: now });
     return parsed;
 }
-async function parseFile(path, parse) {
-    return loadFileCached(path, () => (0, promises_1.readFile)(path).then(parse));
+async function parseFile(path, parse, skipStatBefore = 0) {
+    return loadFileCached(path, () => (0, promises_1.readFile)(path).then(parse), skipStatBefore);
 }

package/src/util-http.js CHANGED Viewed

@@ -137,6 +137,8 @@ function httpStream(url, { body, proxy, jar, noRedirect, httpThrow = true, ...op
             e.cause ??= req; // enrich the error
             reject(e);
         });
+        if (options.timeout) // node only emits the timeout event, so destroy the request to unblock callers waiting for the body
+            req.setTimeout(options.timeout, () => req.destroy(Object.assign(Error('timeout'), { code: 'ETIMEDOUT' })));
         if (body && body instanceof node_stream_1.Readable)
             body.pipe(req).on('end', () => req.end());
         else

package/src/vfs.js CHANGED Viewed

@@ -15,10 +15,11 @@ exports.getNodeByName = getNodeByName;
 exports.isRoot = isRoot;
 exports.getNodeName = getNodeName;
 exports.nodeIsFolder = nodeIsFolder;
-exports.hasDefaultFile = hasDefaultFile;
+exports.getDefaultFile = getDefaultFile;
 exports.nodeIsLink = nodeIsLink;
 exports.hasPermission = hasPermission;
 exports.statusCodeForMissingPerm = statusCodeForMissingPerm;
+exports.simpleWhoToError = simpleWhoToError;
 exports.walkNode = walkNode;
 exports.masksCouldGivePermission = masksCouldGivePermission;
 exports.parentMaskApplier = parentMaskApplier;
@@ -35,6 +36,7 @@ const fswin_1 = __importDefault(require("fswin"));
 const comments_1 = require("./comments");
 const walkDir_1 = require("./walkDir");
 const node_stream_1 = require("node:stream");
+const adminApis_1 = require("./adminApis");
 const showHiddenFiles = (0, config_1.defineConfig)('show_hidden_files', false);
 function permsFromParent(parent, child) {
     const ret = {};
@@ -225,7 +227,7 @@ function nodeIsFolder(node) {
         return undefined;
     }
 }
-async function hasDefaultFile(node, ctx) {
+async function getDefaultFile(node, ctx) {
     return node.default && nodeIsFolder(node) && await urlToNode(node.default, ctx, node) || undefined;
 }
 function nodeIsLink(node) {
@@ -254,7 +256,7 @@ function statusCodeForMissingPerm(node, perm, ctx, assign = true) {
             if ((0, misc_1.isWhoObject)(who))
                 who = who.this;
             who ??= misc_1.defaultPerms[cur];
-            if (typeof who !== 'string' || who === misc_1.WHO_ANY_ACCOUNT)
+            if (typeof who !== 'string' || who === misc_1.WHO_ANY_ACCOUNT || who === misc_1.WHO_ADMIN)
                 break;
             if (!max--) {
                 console.error(`Endless loop in permission ${perm}=${node[perm] ?? misc_1.defaultPerms[perm]} for ${node.url || getNodeName(node)}`);
@@ -262,19 +264,29 @@ function statusCodeForMissingPerm(node, perm, ctx, assign = true) {
             }
             cur = who;
         } while (1);
+        if ((0, misc_1.isWhoObject)(who) || isWhoVfsPerms(who))
+            throw Error(`permission type-guard: ${JSON.stringify(who)}`);
         const eventName = 'checkVfsPermission';
         if (events_1.default.anyListener(eventName)) {
             const first = lodash_1.default.max(events_1.default.emit(eventName, { who, node, perm, ctx }));
             if (first !== undefined)
                 return first;
         }
-        if (Array.isArray(who))
-            return (0, perm_1.ctxBelongsTo)(ctx, who) ? 0 : const_1.HTTP_UNAUTHORIZED;
-        return typeof who === 'boolean' ? (who ? 0 : const_1.HTTP_FORBIDDEN)
-            : who === misc_1.WHO_ANY_ACCOUNT ? ((0, auth_1.getCurrentUsername)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
-                : (0, misc_1.throw_)(Error(`invalid permission: ${perm}=${(0, misc_1.try_)(() => JSON.stringify(who))}`));
+        return simpleWhoToError(who, ctx)
+            ?? (0, misc_1.throw_)(Error(`invalid permission: ${perm}=${(0, misc_1.try_)(() => JSON.stringify(who))}`));
     }
 }
+function simpleWhoToError(who, ctx) {
+    if (Array.isArray(who))
+        return (0, perm_1.ctxBelongsTo)(ctx, who) ? 0 : const_1.HTTP_UNAUTHORIZED;
+    return typeof who === 'boolean' ? (who ? 0 : const_1.HTTP_FORBIDDEN)
+        : who === misc_1.WHO_ANY_ACCOUNT ? ((0, auth_1.getCurrentUsername)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
+            : who === misc_1.WHO_ADMIN ? ((0, adminApis_1.ctxAdminAccess)(ctx) ? 0 : const_1.HTTP_UNAUTHORIZED)
+                : undefined;
+}
+function isWhoVfsPerms(who) {
+    return typeof who === 'string' && misc_1.PERM_KEYS.includes(who);
+}
 // it's the responsibility of the caller to verify you have list permission on parent, as callers have different needs.
 async function* walkNode(parent, { ctx, depth = Infinity, prefixPath = '', requiredPerm, onlyFolders = false, onlyFiles = false, parallelizeRecursion = true, } = {}) {
     let started = false;

package/src/zip.js CHANGED Viewed

@@ -40,7 +40,7 @@ async function zipStreamFromFolder(node, ctx) {
                 if ((0, vfs_1.nodeIsFolder)(subNode)) { // a directory needs to be walked
                     if ((0, vfs_1.hasPermission)(subNode, 'can_list', ctx) && (0, vfs_1.hasPermission)(subNode, 'can_archive', ctx)) {
                         yield subNode; // it could be empty
-                        yield* (0, vfs_1.walkNode)(subNode, { ctx, prefixPath: decodeURI(uri) + '/', requiredPerm: 'can_archive' });
+                        yield* (0, vfs_1.walkNode)(subNode, { ctx, prefixPath: (0, misc_1.pathDecodeSegments)(uri) + '/', requiredPerm: 'can_archive' });
                     }
                     continue;
                 }