most-box 0.1.0 → 0.1.2

package/server/src/utils/auth.js

@@ -0,0 +1,63 @@
+import { verifyMessage } from 'ethers'
+import { mostSignMessage } from './mostWallet.js'
+
+export const AUTH_MAX_AGE_MS = 5 * 60 * 1000
+
+export function normalizeAddress(address) {
+  const value = String(address || '').trim()
+  return /^0x[a-fA-F0-9]{40}$/.test(value) ? value.toLowerCase() : ''
+}
+
+export function buildAuthMessage(timestamp, method, path) {
+  return `${timestamp}:${String(method || 'GET').toUpperCase()}:${normalizeAuthPath(path)}`
+}
+
+export function normalizeAuthPath(path) {
+  try {
+    return new URL(path, 'http://most.box').pathname
+  } catch {
+    return String(path || '').split('?')[0] || '/'
+  }
+}
+
+export async function buildAuthHeaders(identity, method, path) {
+  if (!identity?.danger) return {}
+  const timestamp = Date.now().toString()
+  const message = buildAuthMessage(timestamp, method, path)
+  const { address, signature } = await mostSignMessage(identity.danger, message)
+  return {
+    Authorization: `${address},${timestamp},${signature}`,
+  }
+}
+
+export function verifyAuthHeader(header, method, path, options = {}) {
+  const [addressRaw, timestampRaw, signature] = String(header || '').split(',')
+  const address = normalizeAddress(addressRaw)
+  const timestamp = Number(timestampRaw)
+  const now = options.now || Date.now()
+
+  if (!address || !Number.isFinite(timestamp) || !signature) {
+    return { ok: false, error: 'Missing or invalid authorization' }
+  }
+  if (Math.abs(now - timestamp) > (options.maxAgeMs || AUTH_MAX_AGE_MS)) {
+    return { ok: false, error: 'Authorization expired' }
+  }
+
+  try {
+    const message = buildAuthMessage(timestampRaw, method, path)
+    const recovered = normalizeAddress(verifyMessage(message, signature))
+    if (recovered !== address) {
+      return { ok: false, error: 'Authorization address mismatch' }
+    }
+    return { ok: true, address }
+  } catch {
+    return { ok: false, error: 'Invalid authorization signature' }
+  }
+}
+
+export function parseInviteList(value = '') {
+  return String(value || '')
+    .split(',')
+    .map(item => item.trim())
+    .filter(Boolean)
+}

package/server/src/utils/dateTime.js

@@ -0,0 +1,30 @@
+import dayjs from 'dayjs'
+
+export function formatDate(time) {
+  if (!time) return ''
+  const date = dayjs(Number(time))
+  const hour = date.hour()
+  let timeOfDay
+
+  if (hour >= 0 && hour < 3) {
+    timeOfDay = '凌晨'
+  } else if (hour >= 3 && hour < 6) {
+    timeOfDay = '拂晓'
+  } else if (hour >= 6 && hour < 9) {
+    timeOfDay = '早晨'
+  } else if (hour >= 9 && hour < 12) {
+    timeOfDay = '上午'
+  } else if (hour >= 12 && hour < 15) {
+    timeOfDay = '下午'
+  } else if (hour >= 15 && hour < 18) {
+    timeOfDay = '傍晚'
+  } else if (hour >= 18 && hour < 21) {
+    timeOfDay = '晚上'
+  } else {
+    timeOfDay = '深夜'
+  }
+
+  return date.format(`YYYY年M月D日 ${timeOfDay}h:m`)
+}
+
+export const formatTime = formatDate

package/server/src/utils/downloadMessages.js

@@ -0,0 +1,89 @@
+import { parseMostLink } from '../core/mostLink.js'
+
+const DOWNLOAD_CHECK_MESSAGES = {
+  timeout:
+    '检测等待超时，暂时没有等到在线种子响应。请确认分享者或其他下载者仍在线做种，稍后再检测。',
+  offline: '无法连接本地节点，请确认 MostBox 后端正在运行后再检测。',
+  missingApi: '当前后端还没有检测接口，请重启 MostBox 后端后再试。',
+  validation:
+    '链接格式不正确，请粘贴完整的 most://<cid>?filename=... 分享链接。',
+  nameConflict: '下载目录已有同名文件，请先重命名或移走后再检测。',
+  noPeer:
+    '暂时没有发现在线种子。请确认分享者或其他下载者仍在线做种，稍后再检测。',
+  permission: '下载目录不可写，请检查目录权限后再检测。',
+  starting: '本地节点还没有启动完成，请稍等几秒后重新检测。',
+  server: '本地节点检测时出错，请稍后重试或查看节点日志。',
+  fallback: '检测未通过，请确认链接完整、发布者在线且本机网络正常。',
+}
+
+const LINK_VALIDATION_MESSAGES = {
+  'Link must be a valid most:// URL':
+    '链接无法解析，请粘贴完整的 most://<cid>?filename=... 分享链接。',
+  'Link must use most:// protocol': '链接协议不正确，应以 most:// 开头。',
+  'Link path is not supported':
+    '链接里不应包含路径，请使用 most://<cid>?filename=... 格式。',
+  'Invalid CID format': 'CID 无效，请确认 most:// 后面的内容没有缺失或被截断。',
+  'Invalid CID format: CID v1 required':
+    'CID 格式不符合 MostBox 要求，请确认分享链接完整。',
+  'CID digest must be 32 bytes':
+    'CID 格式不符合 MostBox 要求，请确认分享链接完整。',
+  'filename is required':
+    '链接缺少 filename 参数，请复制完整分享链接后再检测。',
+}
+
+export function getDownloadCheckErrorMessageFromPayload(
+  data = {},
+  errorName = ''
+) {
+  if (errorName === 'TimeoutError') return DOWNLOAD_CHECK_MESSAGES.timeout
+  if (!data.status) return DOWNLOAD_CHECK_MESSAGES.offline
+  if (data.status === 404) return DOWNLOAD_CHECK_MESSAGES.missingApi
+
+  switch (data.code) {
+    case 'VALIDATION_ERROR':
+      return DOWNLOAD_CHECK_MESSAGES.validation
+    case 'CONFLICT':
+      return data.error
+        ? `${data.error}，请先处理同名文件后再下载。`
+        : DOWNLOAD_CHECK_MESSAGES.nameConflict
+    case 'PEER_NOT_FOUND':
+      return DOWNLOAD_CHECK_MESSAGES.noPeer
+    case 'PERMISSION_ERROR':
+      return data.error
+        ? `下载目录不可写：${data.error}`
+        : DOWNLOAD_CHECK_MESSAGES.permission
+    case 'ENGINE_NOT_INITIALIZED':
+      return DOWNLOAD_CHECK_MESSAGES.starting
+    default:
+      break
+  }
+
+  if (data.status === 503) return DOWNLOAD_CHECK_MESSAGES.noPeer
+  if (data.status >= 500) return DOWNLOAD_CHECK_MESSAGES.server
+  return data.error
+    ? `检测未通过：${data.error}`
+    : DOWNLOAD_CHECK_MESSAGES.fallback
+}
+
+export function getDownloadLinkValidationMessage(link = '') {
+  const value = String(link || '').trim()
+  if (!value) return '请先粘贴 most:// 分享链接。'
+
+  const result = parseMostLink(value)
+  if (!result.error) {
+    return result.fileName?.trim()
+      ? null
+      : LINK_VALIDATION_MESSAGES['filename is required']
+  }
+
+  if (result.error.startsWith('Unsupported query parameter: ')) {
+    const unsupportedParam = result.error.slice(
+      'Unsupported query parameter: '.length
+    )
+    return `链接包含暂不支持的参数 ${unsupportedParam}，请只保留 filename。`
+  }
+
+  return (
+    LINK_VALIDATION_MESSAGES[result.error] || DOWNLOAD_CHECK_MESSAGES.validation
+  )
+}

package/server/src/utils/errors.js

@@ -58,6 +58,20 @@ export class PermissionError extends AppError {
   }
 }
 
+export class ConflictError extends AppError {
+  constructor(message = 'Resource conflict') {
+    super(message, 'CONFLICT')
+    this.name = 'ConflictError'
+  }
+}
+
+export class StorageCapacityError extends AppError {
+  constructor(message = 'Storage capacity exceeded') {
+    super(message, 'STORAGE_CAPACITY_ERROR')
+    this.name = 'StorageCapacityError'
+  }
+}
+
 export class EngineNotInitializedError extends AppError {
   constructor(message = 'Engine not initialized. Call start() first.') {
     super(message, 'ENGINE_NOT_INITIALIZED')

package/server/src/utils/mostWallet.js

@@ -1,4 +1,6 @@
 import {
+  decodeBase64,
+  encodeBase64,
   pbkdf2,
   sha256,
   getBytes,
@@ -10,8 +12,15 @@ import {
 import nacl from 'tweetnacl'
 
 const SALT_PREFIX = '/most.box/'
-const PBKDF2_ITERATIONS = 3
+const PBKDF2_ITERATIONS = 50_000
 const PBKDF2_KEY_LENGTH = 32
+const BOX_TOKEN_VERSION = 1
+const BOX_TIMESTAMP_BYTES = 8
+const BOX_TOKEN_HEADER_BYTES =
+  1 + BOX_TIMESTAMP_BYTES + nacl.secretbox.nonceLength
+const BOX_TOKEN_MIN_BYTES =
+  BOX_TOKEN_HEADER_BYTES + nacl.secretbox.overheadLength
+const BOX_LABEL = new TextEncoder().encode('MP-AE')
 
 export function mostWallet(username, password) {
   const salt = toUtf8Bytes(SALT_PREFIX + username)
@@ -40,3 +49,178 @@ export function most25519(danger) {
     ed_public_key: hexlify(ed25519KeyPair.publicKey),
   }
 }
+
+export async function mostSignMessage(danger, message) {
+  const account = HDNodeWallet.fromPhrase(mostMnemonic(danger))
+  return {
+    address: account.address,
+    signature: await account.signMessage(message),
+  }
+}
+
+export function mostEncode(text, danger) {
+  const bytes = new TextEncoder().encode(text)
+  const nonce = nacl.randomBytes(nacl.secretbox.nonceLength)
+  const key = getBytes(danger).slice(0, nacl.secretbox.keyLength)
+  const encrypted = nacl.secretbox(bytes, nonce, key)
+
+  return ['mp://1', encodeBase64(nonce), encodeBase64(encrypted)].join('.')
+}
+
+export function mostDecode(data, danger) {
+  const [prefix, nonce64, encrypted64] = String(data || '').split('.')
+  if (prefix !== 'mp://1' || !nonce64 || !encrypted64) return ''
+
+  const key = getBytes(danger).slice(0, nacl.secretbox.keyLength)
+  const decrypted = nacl.secretbox.open(
+    decodeBase64(encrypted64),
+    decodeBase64(nonce64),
+    key
+  )
+
+  return decrypted ? new TextDecoder().decode(decrypted) : ''
+}
+
+function concatBytes(parts) {
+  const total = parts.reduce((sum, part) => sum + part.length, 0)
+  const output = new Uint8Array(total)
+  let offset = 0
+  for (const part of parts) {
+    output.set(part, offset)
+    offset += part.length
+  }
+  return output
+}
+
+function encodeBase64Url(bytes) {
+  return encodeBase64(bytes)
+    .replaceAll('+', '-')
+    .replaceAll('/', '_')
+    .replaceAll('=', '')
+}
+
+function decodeBase64Url(value) {
+  const token = String(value || '').trim()
+  if (!token || !/^[A-Za-z0-9_-]+$/.test(token)) return null
+
+  try {
+    const standard = token
+      .replaceAll('-', '+')
+      .replaceAll('_', '/')
+      .padEnd(Math.ceil(token.length / 4) * 4, '=')
+    return decodeBase64(standard)
+  } catch {
+    return null
+  }
+}
+
+function encodeTimestampMs(value) {
+  const output = new Uint8Array(BOX_TIMESTAMP_BYTES)
+  const view = new DataView(output.buffer)
+  view.setBigUint64(0, BigInt(value), false)
+  return output
+}
+
+function decodeTimestampMs(bytes) {
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength)
+  return Number(view.getBigUint64(0, false))
+}
+
+function readBoxTokenPayload(data) {
+  const payload = decodeBase64Url(data)
+  if (
+    !payload ||
+    payload.length < BOX_TOKEN_MIN_BYTES ||
+    payload[0] !== BOX_TOKEN_VERSION
+  ) {
+    return null
+  }
+
+  const timestampBytes = payload.slice(1, 1 + BOX_TIMESTAMP_BYTES)
+  const nonce = payload.slice(1 + BOX_TIMESTAMP_BYTES, BOX_TOKEN_HEADER_BYTES)
+  const encrypted = payload.slice(BOX_TOKEN_HEADER_BYTES)
+
+  return {
+    version: payload[0],
+    timestampMs: decodeTimestampMs(timestampBytes),
+    nonce,
+    encrypted,
+  }
+}
+
+function deriveDirectionalBoxKey(
+  senderPublicKey,
+  recipientPublicKey,
+  sharedKey
+) {
+  return nacl
+    .hash(
+      concatBytes([BOX_LABEL, senderPublicKey, recipientPublicKey, sharedKey])
+    )
+    .slice(0, nacl.secretbox.keyLength)
+}
+
+export function mostBoxEncrypt(text, { senderPrivateKey, recipientPublicKey }) {
+  const senderSecretKey = getBytes(senderPrivateKey)
+  const senderPublicKey =
+    nacl.box.keyPair.fromSecretKey(senderSecretKey).publicKey
+  const recipientPublicKeyBytes = getBytes(recipientPublicKey)
+  const sharedKey = nacl.box.before(recipientPublicKeyBytes, senderSecretKey)
+  const boxKey = deriveDirectionalBoxKey(
+    senderPublicKey,
+    recipientPublicKeyBytes,
+    sharedKey
+  )
+  const nonce = nacl.randomBytes(nacl.secretbox.nonceLength)
+  const encrypted = nacl.secretbox(
+    new TextEncoder().encode(text),
+    nonce,
+    boxKey
+  )
+  const payload = concatBytes([
+    new Uint8Array([BOX_TOKEN_VERSION]),
+    encodeTimestampMs(Date.now()),
+    nonce,
+    encrypted,
+  ])
+
+  return encodeBase64Url(payload)
+}
+
+export function parseMostBoxToken(data) {
+  const payload = readBoxTokenPayload(data)
+  if (!payload) return null
+
+  return {
+    version: payload.version,
+    timestampMs: payload.timestampMs,
+    nonce: encodeBase64Url(payload.nonce),
+  }
+}
+
+export function mostBoxDecrypt(data, { senderPublicKey, recipientPrivateKey }) {
+  const payload = readBoxTokenPayload(data)
+  if (!payload) return ''
+
+  try {
+    const recipientSecretKey = getBytes(recipientPrivateKey)
+    const recipientPublicKey =
+      nacl.box.keyPair.fromSecretKey(recipientSecretKey).publicKey
+    const senderPublicKeyBytes = getBytes(senderPublicKey)
+    const sharedKey = nacl.box.before(senderPublicKeyBytes, recipientSecretKey)
+    const boxKey = deriveDirectionalBoxKey(
+      senderPublicKeyBytes,
+      recipientPublicKey,
+      sharedKey
+    )
+    const decrypted = nacl.secretbox.open(
+      payload.encrypted,
+      payload.nonce,
+      boxKey
+    )
+
+    return decrypted ? new TextDecoder().decode(decrypted) : ''
+  } catch {
+    return ''
+  }
+}

package/server/src/utils/mp.js

@@ -1,7 +1,7 @@
 import { getBytes } from 'ethers'
-import dayjs from 'dayjs'
 import nacl from 'tweetnacl'
 import { generateAvatar } from './avatar.js'
+import { formatTime } from './dateTime.js'
 
 const BASE36_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyz'
 
@@ -77,29 +77,5 @@ export const getIPNS = (private_key, ed_public_key) => {
   return 'k' + baseXEncode(cidBytes, BASE36_ALPHABET)
 }
 
-export const formatTime = time => {
-  if (!time) return ''
-  const date = dayjs(Number(time))
-  const hour = date.hour()
-  let timeOfDay
-  if (hour >= 0 && hour < 3) {
-    timeOfDay = '凌晨'
-  } else if (hour >= 3 && hour < 6) {
-    timeOfDay = '拂晓'
-  } else if (hour >= 6 && hour < 9) {
-    timeOfDay = '早晨'
-  } else if (hour >= 9 && hour < 12) {
-    timeOfDay = '上午'
-  } else if (hour >= 12 && hour < 15) {
-    timeOfDay = '下午'
-  } else if (hour >= 15 && hour < 18) {
-    timeOfDay = '傍晚'
-  } else if (hour >= 18 && hour < 21) {
-    timeOfDay = '薄暮'
-  } else {
-    timeOfDay = '深夜'
-  }
-  return date.format(`YYYY年M月D日 ${timeOfDay}h点`)
-}
-
 export const avatar = generateAvatar
+export { formatTime }

package/server/src/utils/noteBackup.js

@@ -0,0 +1,116 @@
+import { mostDecode, mostEncode, mostSignMessage } from './mostWallet.js'
+import { calculateNoteCid } from './noteUtils.js'
+
+export const NOTE_BACKUP_API_URL = 'https://api.most.box/auth/backup'
+
+async function readBackupApiError(response, fallback) {
+  const data = await response
+    .clone()
+    .json()
+    .catch(() => null)
+  return data?.error || fallback
+}
+
+export function encryptNotesBackup(notes, danger) {
+  return mostEncode(JSON.stringify({ notes: notes || [] }), danger)
+}
+
+export function decryptNotesBackup(content, danger) {
+  if (!String(content || '').startsWith('mp://1')) {
+    throw new Error('无效的备份数据格式')
+  }
+
+  const decrypted = mostDecode(content, danger)
+  if (!decrypted) {
+    throw new Error('解密失败，请确认当前 Web3 登录账号正确')
+  }
+
+  const data = JSON.parse(decrypted)
+  if (!Array.isArray(data.notes)) {
+    throw new Error('备份数据缺少 notes')
+  }
+  return data
+}
+
+export async function calculateNotesBackupCid(notes) {
+  return calculateNoteCid(JSON.stringify({ notes: notes || [] }))
+}
+
+export async function getBackupAuthHeaders(
+  wallet,
+  method,
+  url = NOTE_BACKUP_API_URL
+) {
+  const timestamp = Date.now().toString()
+  const path = new URL(url).pathname
+  const message = `${timestamp}:${String(method).toUpperCase()}:${path}`
+  const { address, signature } = await mostSignMessage(wallet.danger, message)
+  return {
+    Authorization: `${address},${timestamp},${signature}`,
+  }
+}
+
+export async function buildNotesBackupUpload(wallet, notes) {
+  const payload = JSON.stringify({ notes: notes || [] })
+  const cid = await calculateNoteCid(payload)
+  const encrypted = encryptNotesBackup(notes, wallet.danger)
+  return {
+    cid,
+    body: encrypted,
+    headers: {
+      'Content-Type': 'text/plain',
+      'x-backup-cid': cid,
+      ...(await getBackupAuthHeaders(wallet, 'PUT', NOTE_BACKUP_API_URL)),
+    },
+  }
+}
+
+export async function uploadNotesBackup(
+  wallet,
+  notes,
+  url = NOTE_BACKUP_API_URL
+) {
+  const upload = await buildNotesBackupUpload(wallet, notes)
+  const response = await fetch(url, {
+    method: 'PUT',
+    headers: upload.headers,
+    body: upload.body,
+  })
+  if (!response.ok) {
+    throw new Error(await readBackupApiError(response, '云备份失败'))
+  }
+  return {
+    cid: upload.cid,
+  }
+}
+
+export async function downloadNotesBackup(wallet, url = NOTE_BACKUP_API_URL) {
+  const response = await fetch(url, {
+    method: 'GET',
+    headers: await getBackupAuthHeaders(wallet, 'GET', url),
+  })
+  if (response.status === 404) {
+    return {
+      found: false,
+      cid: '',
+      time: 0,
+      notes: [],
+    }
+  }
+  if (!response.ok) {
+    throw new Error(await readBackupApiError(response, '云端恢复失败'))
+  }
+
+  const encrypted = await response.text()
+  if (!encrypted) {
+    throw new Error('云端无备份数据')
+  }
+
+  const data = decryptNotesBackup(encrypted, wallet.danger)
+  return {
+    found: true,
+    cid: response.headers.get('x-backup-cid') || '',
+    time: Number(response.headers.get('x-backup-time') || 0),
+    notes: data.notes,
+  }
+}

package/server/src/utils/noteUtils.js

@@ -0,0 +1,128 @@
+import { CID } from 'multiformats/cid'
+import * as raw from 'multiformats/codecs/raw'
+import { sha256 } from 'multiformats/hashes/sha2'
+
+export function normalizeNotePath(input = '') {
+  return String(input)
+    .replace(/\\/g, '/')
+    .split('/')
+    .map(part => part.trim())
+    .filter(part => part && part !== '.')
+    .filter(part => part !== '..')
+    .join('/')
+}
+
+export function getNoteFullPath(note) {
+  const path = normalizeNotePath(note?.path || '')
+  const name = String(note?.name || '').trim()
+  return path ? `${path}/${name}` : name
+}
+
+export function validateNoteName(name) {
+  const value = String(name || '').trim()
+  if (!value) return { valid: false, error: '请输入名称' }
+  if (value.includes('/')) return { valid: false, error: '名称不能包含 /' }
+  if (value.includes('\\')) return { valid: false, error: '名称不能包含 \\' }
+  return { valid: true, name: value }
+}
+
+export async function calculateNoteCid(content = '') {
+  const bytes = new TextEncoder().encode(String(content))
+  const hash = await sha256.digest(bytes)
+  return CID.create(1, raw.code, hash).toString()
+}
+
+export function filterNotesByPath(notes, currentPath = '', query = '') {
+  const normalizedCurrentPath = normalizeNotePath(currentPath)
+  const normalizedQuery = query.trim().toLowerCase()
+  const files = Array.isArray(notes) ? notes : []
+
+  if (normalizedQuery) {
+    return files
+      .filter(note =>
+        String(note.name || '')
+          .toLowerCase()
+          .includes(normalizedQuery)
+      )
+      .sort(sortNotesForExplorer)
+  }
+
+  const directItems = []
+  const inferredDirs = new Map()
+
+  for (const note of files) {
+    const notePath = normalizeNotePath(note.path || '')
+
+    if (notePath === normalizedCurrentPath) {
+      directItems.push(note)
+      continue
+    }
+
+    if (
+      normalizedCurrentPath === '' ||
+      notePath.startsWith(`${normalizedCurrentPath}/`)
+    ) {
+      const relativePath =
+        normalizedCurrentPath === ''
+          ? notePath
+          : notePath.slice(normalizedCurrentPath.length + 1)
+      const firstSegment = relativePath.split('/').filter(Boolean)[0]
+
+      if (firstSegment && !inferredDirs.has(firstSegment)) {
+        inferredDirs.set(firstSegment, {
+          name: firstSegment,
+          type: 'directory',
+          path: normalizedCurrentPath,
+          size: 0,
+          cid: `__dir__${normalizedCurrentPath}/${firstSegment}`,
+          created_at: note.created_at || Date.now(),
+          updated_at: note.updated_at || note.created_at || Date.now(),
+        })
+      }
+    }
+  }
+
+  return [...inferredDirs.values(), ...directItems].sort(sortNotesForExplorer)
+}
+
+export function renameNotesByPath(notes, oldFullPath, targetPath, targetName) {
+  const oldPath = normalizeNotePath(oldFullPath)
+  const newPath = normalizeNotePath(targetPath)
+  const cleanName = String(targetName || '').trim()
+  const targetFullPath = normalizeNotePath(
+    newPath ? `${newPath}/${cleanName}` : cleanName
+  )
+  const now = Date.now()
+
+  return notes.map(note => {
+    const fullPath = getNoteFullPath(note)
+
+    if (fullPath === oldPath) {
+      return { ...note, path: newPath, name: cleanName, updated_at: now }
+    }
+
+    if (fullPath.startsWith(`${oldPath}/`)) {
+      const relativePath = fullPath.slice(oldPath.length + 1)
+      const nextFullPath = normalizeNotePath(
+        `${targetFullPath}/${relativePath}`
+      )
+      const lastSlash = nextFullPath.lastIndexOf('/')
+      return {
+        ...note,
+        path: lastSlash === -1 ? '' : nextFullPath.slice(0, lastSlash),
+        name: nextFullPath.slice(lastSlash + 1),
+        updated_at: now,
+      }
+    }
+
+    return note
+  })
+}
+
+function sortNotesForExplorer(a, b) {
+  if (a.type === 'directory' && b.type !== 'directory') return -1
+  if (a.type !== 'directory' && b.type === 'directory') return 1
+  return (
+    (b.updated_at || b.created_at || 0) - (a.updated_at || a.created_at || 0)
+  )
+}