PyPI - copyparty - Versions diffs - 1.13.7__py3-none-any.whl → 1.14.0__py3-none-any.whl - Mend

copyparty 1.13.7py3-none-any.whl → 1.14.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

copyparty/__main__.py +58 -2
copyparty/__version__.py +3 -3
copyparty/authsrv.py +224 -11
copyparty/httpcli.py +186 -26
copyparty/httpsrv.py +15 -2
copyparty/svchub.py +77 -5
copyparty/tcpsrv.py +22 -1
copyparty/u2idx.py +19 -3
copyparty/up2k.py +67 -13
copyparty/util.py +1 -1
copyparty/web/browser.css.gz +0 -0
copyparty/web/browser.html +4 -4
copyparty/web/browser.js.gz +0 -0
copyparty/web/browser2.html +2 -2
copyparty/web/md.html +2 -2
copyparty/web/shares.css.gz +0 -0
copyparty/web/shares.html +74 -0
copyparty/web/shares.js.gz +0 -0
copyparty/web/splash.css.gz +0 -0
copyparty/web/splash.html +13 -6
copyparty/web/splash.js.gz +0 -0
copyparty/web/util.js.gz +0 -0
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/METADATA +55 -3
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/RECORD +28 -25
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/WHEEL +1 -1
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/LICENSE +0 -0
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/entry_points.txt +0 -0
{copyparty-1.13.7.dist-info → copyparty-1.14.0.dist-info}/top_level.txt +0 -0

copyparty/__main__.py CHANGED Viewed

@@ -521,6 +521,41 @@ def showlic()  :
 def get_sects():
     return [
+        [
+            "bind",
+            "configure listening",
+            dedent(
+                """
+            \033[33m-i\033[0m takes a comma-separated list of interfaces to listen on;
+            IP-addresses and/or unix-sockets (Unix Domain Sockets)
+            the default (\033[32m-i ::\033[0m) means all IPv4 and IPv6 addresses
+            \033[32m-i 0.0.0.0\033[0m    listens on all IPv4 NICs/subnets
+            \033[32m-i 127.0.0.1\033[0m  listens on IPv4 localhost only
+            \033[32m-i 127.1\033[0m      listens on IPv4 localhost only
+            \033[32m-i 127.1,192.168.123.1\033[0m = IPv4 localhost and 192.168.123.1
+            \033[33m-p\033[0m takes a comma-separated list of tcp ports to listen on;
+            the default is \033[32m-p 3923\033[0m but as root you can \033[32m-p 80,443,3923\033[0m
+            when running behind a reverse-proxy, it's recommended to
+            use unix-sockets for improved performance and security;
+            \033[32m-i unix:770:www:\033[33m/tmp/a.sock\033[0m listens on \033[33m/tmp/a.sock\033[0m with
+            permissions \033[33m0770\033[0m; only accessible to members of the \033[33mwww\033[0m
+            group. This is the best approach. Alternatively,
+            \033[32m-i unix:777:\033[33m/tmp/a.sock\033[0m sets perms \033[33m0777\033[0m so anyone can
+            access it; bad unless it's inside a restricted folder
+            \033[32m-i unix:\033[33m/tmp/a.sock\033[0m keeps umask-defined permissions
+            (usually \033[33m0600\033[0m) and the same user/group as copyparty
+            \033[33m-p\033[0m (tcp ports) is ignored for unix sockets
+            """
+            ),
+        ],
         [
             "accounts",
             "accounts and volumes",
@@ -931,6 +966,15 @@ def add_fs(ap):
     ap2.add_argument("--mtab-age", metavar="SEC", type=int, default=60, help="rebuild mountpoint cache every \033[33mSEC\033[0m to keep track of sparse-files support; keep low on servers with removable media")
+def add_share(ap):
+    db_path = os.path.join(E.cfg, "shares.db")
+    ap2 = ap.add_argument_group('share-url options')
+    ap2.add_argument("--shr", metavar="URL", default="", help="base url for shared files, for example [\033[32m/share\033[0m] (must be a toplevel subfolder)")
+    ap2.add_argument("--shr-db", metavar="PATH", default=db_path, help="database to store shares in")
+    ap2.add_argument("--shr-adm", metavar="U,U", default="", help="comma-separated list of users allowed to view/delete any share")
+    ap2.add_argument("--shr-v", action="store_true", help="debug")
 def add_upload(ap):
     ap2 = ap.add_argument_group('upload options')
     ap2.add_argument("--dotpart", action="store_true", help="dotfile incomplete uploads, hiding them from clients unless \033[33m-ed\033[0m")
@@ -963,8 +1007,8 @@ def add_upload(ap):
 def add_network(ap):
     ap2 = ap.add_argument_group('network options')
-    ap2.add_argument("-i", metavar="IP", type=u, default="::", help="ip to bind (comma-sep.) and/or [\033[32munix:/tmp/a.sock\033[0m], default: all IPv4 and IPv6")
-    ap2.add_argument("-p", metavar="PORT", type=u, default="3923", help="ports to bind (comma/range); ignored for unix-sockets")
+    ap2.add_argument("-i", metavar="IP", type=u, default="::", help="IPs and/or unix-sockets to listen on (see \033[33m--help-bind\033[0m). Default: all IPv4 and IPv6")
+    ap2.add_argument("-p", metavar="PORT", type=u, default="3923", help="ports to listen on (comma/range); ignored for unix-sockets")
     ap2.add_argument("--ll", action="store_true", help="include link-local IPv4/IPv6 in mDNS replies, even if the NIC has routable IPs (breaks some mDNS clients)")
     ap2.add_argument("--rproxy", metavar="DEPTH", type=int, default=1, help="which ip to associate clients with; [\033[32m0\033[0m]=tcp, [\033[32m1\033[0m]=origin (first x-fwd, unsafe), [\033[32m2\033[0m]=outermost-proxy, [\033[32m3\033[0m]=second-proxy, [\033[32m-1\033[0m]=closest-proxy")
     ap2.add_argument("--xff-hdr", metavar="NAME", type=u, default="x-forwarded-for", help="if reverse-proxied, which http header to read the client's real ip from")
@@ -1024,6 +1068,16 @@ def add_auth(ap):
     ap2.add_argument("--bauth-last", action="store_true", help="keeps basic-authentication enabled, but only as a last-resort; if a cookie is also provided then the cookie wins")
+def add_chpw(ap):
+    db_path = os.path.join(E.cfg, "chpw.json")
+    ap2 = ap.add_argument_group('user-changeable passwords options')
+    ap2.add_argument("--chpw", action="store_true", help="allow users to change their own passwords")
+    ap2.add_argument("--chpw-no", metavar="U,U,U", type=u, action="append", help="do not allow password-changes for this comma-separated list of usernames")
+    ap2.add_argument("--chpw-db", metavar="PATH", type=u, default=db_path, help="where to store the passwords database (if you run multiple copyparty instances, make sure they use different DBs)")
+    ap2.add_argument("--chpw-len", metavar="N", type=int, default=8, help="minimum password length")
+    ap2.add_argument("--chpw-v", metavar="LVL", type=int, default=2, help="verbosity of summary on config load [\033[32m0\033[0m] = nothing at all, [\033[32m1\033[0m] = number of users, [\033[32m2\033[0m] = list users with default-pw, [\033[32m3\033[0m] = list all users")
 def add_zeroconf(ap):
     ap2 = ap.add_argument_group("Zeroconf options")
     ap2.add_argument("-z", action="store_true", help="enable all zeroconf backends (mdns, ssdp)")
@@ -1432,11 +1486,13 @@ def run_argparse(
     add_tls(ap, cert_path)
     add_cert(ap, cert_path)
     add_auth(ap)
+    add_chpw(ap)
     add_qr(ap, tty)
     add_zeroconf(ap)
     add_zc_mdns(ap)
     add_zc_ssdp(ap)
     add_fs(ap)
+    add_share(ap)
     add_upload(ap)
     add_db_general(ap, hcores)
     add_db_metadata(ap)

copyparty/__version__.py CHANGED Viewed

@@ -1,8 +1,8 @@
 # coding: utf-8
-VERSION = (1, 13, 7)
-CODENAME = "race the beam"
-BUILD_DT = (2024, 8, 12)
+VERSION = (1, 14, 0)
+CODENAME = "one step forward"
+BUILD_DT = (2024, 8, 18)
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py CHANGED Viewed

@@ -4,6 +4,7 @@ from __future__ import print_function, unicode_literals
 import argparse
 import base64
 import hashlib
+import json
 import os
 import re
 import stat
@@ -37,6 +38,7 @@ from .util import (
     uncyg,
     undot,
     unhumanize,
+    vjoin,
     vsplit,
 )
@@ -334,6 +336,7 @@ class VFS(object):
         self.histtab   = {}  # all realpath->histpath
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
+        self.shr_src   = None  # source vfs+rem of a share
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -358,6 +361,8 @@ class VFS(object):
             self.all_aps = []
             self.all_vps = []
+        self.get_dbv = self._get_dbv
     def __repr__(self)  :
         return "VFS(%s)" % (
             ", ".join(
@@ -519,7 +524,15 @@ class VFS(object):
         return vn, rem
-    def get_dbv(self, vrem )   :
+    def _get_share_src(self, vrem )   :
+        src = self.shr_src
+        if not src:
+            return self._get_dbv(vrem)
+        shv, srem = src
+        return shv, vjoin(srem, vrem)
+    def _get_dbv(self, vrem )   :
         dbv = self.dbv
         if not dbv:
             return self, vrem
@@ -800,6 +813,7 @@ class AuthSrv(object):
         self.vfs = VFS(log_func, "", "", AXS(), {})
         self.acct   = {}
         self.iacct   = {}
+        self.defpw   = {}
         self.grps   = {}
         self.re_pwd  = None
@@ -1345,7 +1359,7 @@ class AuthSrv(object):
         flags[name] = vals
         self._e("volflag [{}] += {}  ({})".format(name, vals, desc))
-    def reload(self)  :
+    def reload(self, verbosity  = 9)  :
         """
         construct a flat list of mountpoints and usernames
         first from the commandline arguments
@@ -1353,9 +1367,9 @@ class AuthSrv(object):
         before finally building the VFS
         """
         with self.mutex:
-            self._reload()
+            self._reload(verbosity)
-    def _reload(self)  :
+    def _reload(self, verbosity  = 9)  :
         acct   = {}  # username:password
         grps   = {}  # groupname:usernames
         daxs   = {}
@@ -1433,6 +1447,8 @@ class AuthSrv(object):
                     raise
         self.setup_pwhash(acct)
+        defpw = acct.copy()
+        self.setup_chpw(acct)
         # case-insensitive; normalize
         if WINDOWS:
@@ -1448,9 +1464,8 @@ class AuthSrv(object):
             vfs = VFS(self.log_func, absreal("."), "", axs, {})
         elif "" not in mount:
             # there's volumes but no root; make root inaccessible
-            vfs = VFS(self.log_func, "", "", AXS(), {})
-            vfs.flags["tcolor"] = self.args.tcolor
-            vfs.flags["d2d"] = True
+            zsd = {"d2d": True, "tcolor": self.args.tcolor}
+            vfs = VFS(self.log_func, "", "", AXS(), zsd)
         maxdepth = 0
         for dst in sorted(mount.keys(), key=lambda x: (x.count("/"), len(x))):
@@ -1479,6 +1494,52 @@ class AuthSrv(object):
             vol.all_vps.sort(key=lambda x: len(x[0]), reverse=True)
             vol.root = vfs
+        enshare = self.args.shr
+        shr = enshare[1:-1]
+        shrs = enshare[1:]
+        if enshare:
+            import sqlite3
+            shv = VFS(self.log_func, "", shr, AXS(), {"d2d": True})
+            par = vfs.all_vols[""]
+            db_path = self.args.shr_db
+            db = sqlite3.connect(db_path)
+            cur = db.cursor()
+            now = time.time()
+            for row in cur.execute("select * from sh"):
+                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                if s_t1 and s_t1 < now:
+                    continue
+                if self.args.shr_v:
+                    t = "loading %s share [%s] by [%s] => [%s]"
+                    self.log(t % (s_pr, s_k, s_un, s_vp))
+                if s_pw:
+                    sun = "s_%s" % (s_k,)
+                    acct[sun] = s_pw
+                else:
+                    sun = "*"
+                s_axs = AXS(
+                    [sun] if "r" in s_pr else [],
+                    [sun] if "w" in s_pr else [],
+                    [sun] if "m" in s_pr else [],
+                    [sun] if "d" in s_pr else [],
+                )
+                # don't know the abspath yet + wanna ensure the user
+                # still has the privs they granted, so nullmap it
+                shv.nodes[s_k] = VFS(
+                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, par.flags.copy()
+                )
+            vfs.nodes[shr] = vfs.all_vols[shr] = shv
+            for vol in shv.nodes.values():
+                vfs.all_vols[vol.vpath] = vol
+                vol.get_dbv = vol._get_share_src
         zss = set(acct)
         zss.update(self.idp_accs)
         zss.discard("*")
@@ -1497,7 +1558,7 @@ class AuthSrv(object):
             for usr in unames:
                 for vp, vol in vfs.all_vols.items():
                     zx = getattr(vol.axs, axs_key)
-                    if usr in zx:
+                    if usr in zx and (not enshare or not vp.startswith(shrs)):
                         umap[usr].append(vp)
                 umap[usr].sort()
             setattr(vfs, "a" + perm, umap)
@@ -1547,6 +1608,8 @@ class AuthSrv(object):
         for usr in acct:
             if usr not in associated_users:
+                if enshare and usr.startswith("s_"):
+                    continue
                 if len(vfs.all_vols) > 1:
                     # user probably familiar enough that the verbose message is not necessary
                     t = "account [%s] is not mentioned in any volume definitions; see --help-accounts"
@@ -1982,7 +2045,7 @@ class AuthSrv(object):
         have_e2t = False
         t = "volumes and permissions:\n"
         for zv in vfs.all_vols.values():
-            if not self.warn_anonwrite:
+            if not self.warn_anonwrite or verbosity < 5:
                 break
             t += '\n\033[36m"/{}"  \033[33m{}\033[0m'.format(zv.vpath, zv.realpath)
@@ -2011,7 +2074,7 @@ class AuthSrv(object):
             t += "\n"
-        if self.warn_anonwrite:
+        if self.warn_anonwrite and verbosity > 4:
             if not self.args.no_voldump:
                 self.log(t)
@@ -2035,7 +2098,7 @@ class AuthSrv(object):
         try:
             zv, _ = vfs.get("", "*", False, True, err=999)
-            if self.warn_anonwrite and os.getcwd() == zv.realpath:
+            if self.warn_anonwrite and verbosity > 4 and os.getcwd() == zv.realpath:
                 t = "anyone can write to the current directory: {}\n"
                 self.log(t.format(zv.realpath), c=1)
@@ -2062,6 +2125,7 @@ class AuthSrv(object):
         self.vfs = vfs
         self.acct = acct
+        self.defpw = defpw
         self.grps = grps
         self.iacct = {v: k for k, v in acct.items()}
@@ -2082,6 +2146,155 @@ class AuthSrv(object):
                 MIMES[ext] = mime
             EXTS.update({v: k for k, v in MIMES.items()})
+        if enshare:
+            # hide shares from controlpanel
+            vfs.all_vols = {
+                x: y
+                for x, y in vfs.all_vols.items()
+                if x != shr and not x.startswith(shrs)
+            }
+            assert cur  # type: ignore
+            assert shv  # type: ignore
+            for row in cur.execute("select * from sh"):
+                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                shn = shv.nodes.get(s_k, None)
+                if not shn:
+                    continue
+                try:
+                    s_vfs, s_rem = vfs.get(
+                        s_vp, s_un, "r" in s_pr, "w" in s_pr, "m" in s_pr, "d" in s_pr
+                    )
+                except Exception as ex:
+                    t = "removing share [%s] by [%s] to [%s] due to %r"
+                    self.log(t % (s_k, s_un, s_vp, ex), 3)
+                    shv.nodes.pop(s_k)
+                    continue
+                shn.shr_src = (s_vfs, s_rem)
+                shn.realpath = s_vfs.canonical(s_rem)
+                if self.args.shr_v:
+                    t = "mapped %s share [%s] by [%s] => [%s] => [%s]"
+                    self.log(t % (s_pr, s_k, s_un, s_vp, shn.realpath))
+            # transplant shadowing into shares
+            for vn in shv.nodes.values():
+                svn, srem = vn.shr_src  # type: ignore
+                if srem:
+                    continue  # free branch, safe
+                ap = svn.canonical(srem)
+                if bos.path.isfile(ap):
+                    continue  # also fine
+                for zs in svn.nodes.keys():
+                    # hide subvolume
+                    vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
+    def chpw(self, broker , uname, pw)   :
+        if not self.args.chpw:
+            return False, "feature disabled in server config"
+        if uname == "*" or uname not in self.defpw:
+            return False, "not logged in"
+        if uname in self.args.chpw_no:
+            return False, "not allowed for this account"
+        if len(pw) < self.args.chpw_len:
+            t = "minimum password length: %d characters"
+            return False, t % (self.args.chpw_len,)
+        hpw = self.ah.hash(pw) if self.ah.on else pw
+        if hpw == self.acct[uname]:
+            return False, "that's already your password my dude"
+        if hpw in self.iacct:
+            return False, "password is taken"
+        with self.mutex:
+            ap = self.args.chpw_db
+            if not bos.path.exists(ap):
+                pwdb = {}
+            else:
+                with open(ap, "r", encoding="utf-8") as f:
+                    pwdb = json.load(f)
+            pwdb = [x for x in pwdb if x[0] != uname]
+            pwdb.append((uname, self.defpw[uname], hpw))
+            with open(ap, "w", encoding="utf-8") as f:
+                json.dump(pwdb, f, separators=(",\n", ": "))
+            self.log("reinitializing due to password-change for user [%s]" % (uname,))
+            if not broker:
+                # only true for tests
+                self._reload()
+                return True, "new password OK"
+        broker.ask("_reload_blocking", False, False).get()
+        return True, "new password OK"
+    def setup_chpw(self, acct  )  :
+        ap = self.args.chpw_db
+        if not self.args.chpw or not bos.path.exists(ap):
+            return
+        with open(ap, "r", encoding="utf-8") as f:
+            pwdb = json.load(f)
+        useen = set()
+        urst = set()
+        uok = set()
+        for usr, orig, mod in pwdb:
+            useen.add(usr)
+            if usr not in acct:
+                # previous user, no longer known
+                continue
+            if acct[usr] != orig:
+                urst.add(usr)
+                continue
+            uok.add(usr)
+            acct[usr] = mod
+        if not self.args.chpw_v:
+            return
+        for usr in acct:
+            if usr not in useen:
+                urst.add(usr)
+        for zs in uok:
+            urst.discard(zs)
+        if self.args.chpw_v == 1 or (self.args.chpw_v == 2 and not urst):
+            t = "chpw: %d changed, %d unchanged"
+            self.log(t % (len(uok), len(urst)))
+            return
+        elif self.args.chpw_v == 2:
+            t = "chpw: %d changed" % (len(uok))
+            if urst:
+                t += ", \033[0munchanged:\033[35m %s" % (", ".join(list(urst)))
+            self.log(t, 6)
+            return
+        msg = ""
+        if uok:
+            t = "\033[0mchanged: \033[32m%s"
+            msg += t % (", ".join(list(uok)),)
+        if urst:
+            t = "%s\033[0munchanged: \033[35m%s"
+            msg += t % (
+                ", " if msg else "",
+                ", ".join(list(urst)),
+            )
+        self.log("chpw: " + msg, 6)
     def setup_pwhash(self, acct  )  :
         self.ah = PWHash(self.args)
         if not self.ah.on:

copyparty 1.13.7__py3-none-any.whl → 1.14.0__py3-none-any.whl

copyparty 1.13.7py3-none-any.whl → 1.14.0py3-none-any.whl