copyparty 1.13.8__py3-none-any.whl → 1.14.1__py3-none-any.whl

copyparty/httpcli.py

@@ -45,6 +45,7 @@ from .util import unquote  # type: ignore
 from .util import (
     APPLESAN_RE,
     BITNESS,
+    HAVE_SQLITE3,
     HTTPCODE,
     META_NOBOTS,
     UTC,
@@ -450,7 +451,7 @@ class HttpCli(object):
                 t = "incorrect --rp-loc or webserver config; expected vpath starting with [{}] but got [{}]"
                 self.log(t.format(self.args.R, vpath), 1)
 
-        self.ouparam = {k: zs for k, zs in uparam.items()}
+        self.ouparam = uparam.copy()
 
         if self.args.rsp_slp:
             time.sleep(self.args.rsp_slp)
@@ -459,6 +460,9 @@ class HttpCli(object):
 
         zso = self.headers.get("cookie")
         if zso:
+            if len(zso) > 8192:
+                self.loud_reply("cookie header too big", status=400)
+                return False
             zsll = [x.split("=", 1) for x in zso.split(";") if "=" in x]
             cookies = {k.strip(): unescape_cookie(zs) for k, zs in zsll}
             cookie_pw = cookies.get("cppws") or cookies.get("cppwd") or ""
@@ -964,10 +968,10 @@ class HttpCli(object):
         status  = 200,
         use302  = False,
     )  :
-        vp = self.args.RS + vpath
+        vp = self.args.SRS + vpath
         html = self.j2s(
             "msg",
-            h2='<a href="/{}">{} /{}</a>'.format(
+            h2='<a href="{}">{} {}</a>'.format(
                 quotep(vp) + suf, flavor, html_escape(vp, crlf=True) + suf
             ),
             pre=msg,
@@ -975,7 +979,7 @@ class HttpCli(object):
         ).encode("utf-8", "replace")
 
         if use302:
-            self.reply(html, status=302, headers={"Location": "/" + vpath})
+            self.reply(html, status=302, headers={"Location": vp})
         else:
             self.reply(html, status=status)
 
@@ -1137,7 +1141,7 @@ class HttpCli(object):
             if "move" in self.uparam:
                 return self.handle_mv()
 
-        if not self.vpath:
+        if not self.vpath and self.ouparam:
             if "reload" in self.uparam:
                 return self.handle_reload()
 
@@ -1159,23 +1163,12 @@ class HttpCli(object):
             if "hc" in self.uparam:
                 return self.tx_svcs()
 
+            if "shares" in self.uparam:
+                return self.tx_shares()
+
         if "h" in self.uparam:
             return self.tx_mounts()
 
-        # conditional redirect to single volumes
-        if not self.vpath and not self.ouparam:
-            nread = len(self.rvol)
-            nwrite = len(self.wvol)
-            if nread + nwrite == 1 or (self.rvol == self.wvol and nread == 1):
-                if nread == 1:
-                    vpath = self.rvol[0]
-                else:
-                    vpath = self.wvol[0]
-
-                if self.vpath != vpath:
-                    self.redirect(vpath, flavor="redirecting to", use302=True)
-                    return True
-
         return self.tx_browser()
 
     def handle_propfind(self)  :
@@ -1614,6 +1607,9 @@ class HttpCli(object):
         if "delete" in self.uparam:
             return self.handle_rm([])
 
+        if "unshare" in self.uparam:
+            return self.handle_unshare()
+
         if "application/octet-stream" in ctype:
             return self.handle_post_binary()
 
@@ -2085,6 +2081,9 @@ class HttpCli(object):
         if act == "zip":
             return self.handle_zip_post()
 
+        if act == "chpw":
+            return self.handle_chpw()
+
         raise Pebkac(422, 'invalid action "{}"'.format(act))
 
     def handle_zip_post(self)  :
@@ -2143,6 +2142,9 @@ class HttpCli(object):
         if "srch" in self.uparam or "srch" in body:
             return self.handle_search(body)
 
+        if "share" in self.uparam:
+            return self.handle_share(body)
+
         if "delete" in self.uparam:
             return self.handle_rm(body)
 
@@ -2199,7 +2201,9 @@ class HttpCli(object):
     def handle_search(self, body  )  :
         idx = self.conn.get_u2idx()
         if not idx or not hasattr(idx, "p_end"):
-            raise Pebkac(500, "server busy, or sqlite3 not available; cannot search")
+            if not HAVE_SQLITE3:
+                raise Pebkac(500, "sqlite3 not found on server; search is disabled")
+            raise Pebkac(500, "server busy, cannot search; please retry in a bit")
 
         vols  = []
         seen   = {}
@@ -2389,6 +2393,22 @@ class HttpCli(object):
         self.reply(b"thank")
         return True
 
+    def handle_chpw(self)  :
+        assert self.parser
+        pwd = self.parser.require("pw", 64)
+        self.parser.drop()
+
+        ok, msg = self.asrv.chpw(self.conn.hsrv.broker, self.uname, pwd)
+        if ok:
+            ok, msg = self.get_pwd_cookie(pwd)
+            if ok:
+                msg = "new password OK"
+
+        redir = (self.args.SRS + "?h") if ok else ""
+        html = self.j2s("msg", h1=msg, h2='<a href="/?h">ack</a>', redir=redir)
+        self.reply(html.encode("utf-8"))
+        return True
+
     def handle_login(self)  :
         assert self.parser
         pwd = self.parser.require("cppwd", 64)
@@ -2413,12 +2433,12 @@ class HttpCli(object):
             dst += "&" if "?" in dst else "?"
             dst += "_=1#" + html_escape(uhash, True, True)
 
-        msg = self.get_pwd_cookie(pwd)
+        _, msg = self.get_pwd_cookie(pwd)
         html = self.j2s("msg", h1=msg, h2='<a href="' + dst + '">ack</a>', redir=dst)
         self.reply(html.encode("utf-8"))
         return True
 
-    def get_pwd_cookie(self, pwd )  :
+    def get_pwd_cookie(self, pwd )   :
         hpwd = self.asrv.ah.hash(pwd)
         uname = self.asrv.iacct.get(hpwd)
         if uname:
@@ -2450,7 +2470,7 @@ class HttpCli(object):
             ck = gencookie(k, pwd, self.args.R, self.is_https, dur, "; HttpOnly")
             self.out_headerlist.append(("Set-Cookie", ck))
 
-        return msg
+        return dur > 0, msg
 
     def handle_mkdir(self)  :
         assert self.parser
@@ -2489,7 +2509,7 @@ class HttpCli(object):
             except:
                 raise Pebkac(500, min_ex())
 
-        self.out_headers["X-New-Dir"] = quotep(vpath)
+        self.out_headers["X-New-Dir"] = quotep(self.args.RS + vpath)
 
         if dav:
             self.reply(b"", 201)
@@ -3944,6 +3964,7 @@ class HttpCli(object):
             k304=self.k304(),
             k304vis=self.args.k304 > 0,
             ver=S_VERSION if self.args.ver else "",
+            chpw=self.args.chpw and self.uname != "*",
             ahttps="" if self.is_https else "https://" + self.host + self.req,
         )
         self.reply(html.encode("utf-8"))
@@ -4078,7 +4099,9 @@ class HttpCli(object):
             dst = dst[len(top) + 1 :]
 
         ret = self.gen_tree(top, dst, self.uparam.get("k", ""))
-        if self.is_vproxied:
+        if self.is_vproxied and not self.uparam["tree"]:
+            # uparam is '' on initial load, which is
+            # the only time we gotta fill in the blanks
             parents = self.args.R.split("/")
             for parent in reversed(parents):
                 ret = {"k%s" % (parent,): ret, "a": []}
@@ -4153,7 +4176,9 @@ class HttpCli(object):
     def tx_ups(self)  :
         idx = self.conn.get_u2idx()
         if not idx or not hasattr(idx, "p_end"):
-            raise Pebkac(500, "sqlite3 is not available on the server; cannot unpost")
+            if not HAVE_SQLITE3:
+                raise Pebkac(500, "sqlite3 not found on server; unpost is disabled")
+            raise Pebkac(500, "server busy, cannot unpost; please retry in a bit")
 
         filt = self.uparam.get("filter") or ""
         lm = "ups [{}]".format(filt)
@@ -4242,6 +4267,137 @@ class HttpCli(object):
         self.reply(jtxt.encode("utf-8", "replace"), mime="application/json")
         return True
 
+    def tx_shares(self)  :
+        if self.uname == "*":
+            self.loud_reply("you're not logged in")
+            return True
+
+        idx = self.conn.get_u2idx()
+        if not idx or not hasattr(idx, "p_end"):
+            if not HAVE_SQLITE3:
+                raise Pebkac(500, "sqlite3 not found on server; sharing is disabled")
+            raise Pebkac(500, "server busy, cannot list shares; please retry in a bit")
+
+        cur = idx.get_shr()
+        if not cur:
+            raise Pebkac(400, "huh, sharing must be disabled in the server config...")
+
+        rows = cur.execute("select * from sh").fetchall()
+        rows = [list(x) for x in rows]
+
+        if self.uname != self.args.shr_adm:
+            rows = [x for x in rows if x[5] == self.uname]
+
+        for x in rows:
+            x[1] = "yes" if x[1] else ""
+
+        html = self.j2s(
+            "shares", this=self, shr=self.args.shr, rows=rows, now=int(time.time())
+        )
+        self.reply(html.encode("utf-8"), status=200)
+        return True
+
+    def handle_unshare(self)  :
+        idx = self.conn.get_u2idx()
+        if not idx or not hasattr(idx, "p_end"):
+            if not HAVE_SQLITE3:
+                raise Pebkac(500, "sqlite3 not found on server; sharing is disabled")
+            raise Pebkac(500, "server busy, cannot create share; please retry in a bit")
+
+        if self.args.shr_v:
+            self.log("handle_unshare: " + self.req)
+
+        cur = idx.get_shr()
+        if not cur:
+            raise Pebkac(400, "huh, sharing must be disabled in the server config...")
+
+        skey = self.vpath.split("/")[-1]
+
+        uns = cur.execute("select un from sh where k = ?", (skey,)).fetchall()
+        un = uns[0][0] if uns and uns[0] else ""
+
+        if not un:
+            raise Pebkac(400, "that sharekey didn't match anything")
+
+        if un != self.uname and self.uname != self.args.shr_adm:
+            t = "your username (%r) does not match the sharekey's owner (%r) and you're not admin"
+            raise Pebkac(400, t % (self.uname, un))
+
+        cur.execute("delete from sh where k = ?", (skey,))
+        cur.connection.commit()
+
+        self.redirect(self.args.SRS + "?shares")
+        return True
+
+    def handle_share(self, req  )  :
+        idx = self.conn.get_u2idx()
+        if not idx or not hasattr(idx, "p_end"):
+            if not HAVE_SQLITE3:
+                raise Pebkac(500, "sqlite3 not found on server; sharing is disabled")
+            raise Pebkac(500, "server busy, cannot create share; please retry in a bit")
+
+        if self.args.shr_v:
+            self.log("handle_share: " + json.dumps(req, indent=4))
+
+        skey = req["k"]
+        vp = req["vp"].strip("/")
+        if self.is_vproxied and (vp == self.args.R or vp.startswith(self.args.RS)):
+            vp = vp[len(self.args.RS) :]
+
+        m = re.search(r"([^0-9a-zA-Z_\.-]|\.\.|^\.)", skey)
+        if m:
+            raise Pebkac(400, "sharekey has illegal character [%s]" % (m[1],))
+
+        if vp.startswith(self.args.shr[1:]):
+            raise Pebkac(400, "yo dawg...")
+
+        cur = idx.get_shr()
+        if not cur:
+            raise Pebkac(400, "huh, sharing must be disabled in the server config...")
+
+        q = "select * from sh where k = ?"
+        qr = cur.execute(q, (skey,)).fetchall()
+        if qr and qr[0]:
+            self.log("sharekey taken by %r" % (qr,))
+            raise Pebkac(400, "sharekey [%s] is already in use" % (skey,))
+
+        # ensure user has requested perms
+        s_rd = "read" in req["perms"]
+        s_wr = "write" in req["perms"]
+        s_mv = "move" in req["perms"]
+        s_del = "delete" in req["perms"]
+        try:
+            vfs, rem = self.asrv.vfs.get(vp, self.uname, s_rd, s_wr, s_mv, s_del)
+        except:
+            raise Pebkac(400, "you dont have all the perms you tried to grant")
+
+        ap = vfs.canonical(rem)
+        st = bos.stat(ap)
+        ist = 2 if stat.S_ISDIR(st.st_mode) else 1
+
+        pw = req.get("pw") or ""
+        now = int(time.time())
+        sexp = req["exp"]
+        exp = now + int(sexp) * 60 if sexp else 0
+        pr = "".join(zc for zc, zb in zip("rwmd", (s_rd, s_wr, s_mv, s_del)) if zb)
+
+        q = "insert into sh values (?,?,?,?,?,?,?,?)"
+        cur.execute(q, (skey, pw, vp, pr, ist, self.uname, now, exp))
+        cur.connection.commit()
+
+        self.conn.hsrv.broker.ask("_reload_blocking", False, False).get()
+        self.conn.hsrv.broker.ask("up2k.wake_rescanner").get()
+
+        surl = "%s://%s%s%s%s" % (
+            "https" if self.is_https else "http",
+            self.host,
+            self.args.SR,
+            self.args.shr,
+            skey,
+        )
+        self.loud_reply(surl, status=201)
+        return True
+
     def handle_rm(self, req )  :
         if not req and not self.can_delete:
             raise Pebkac(403, "not allowed for user " + self.uname)
@@ -4640,6 +4796,7 @@ class HttpCli(object):
             "have_mv": (not self.args.no_mv),
             "have_del": (not self.args.no_del),
             "have_zip": (not self.args.no_zip),
+            "have_shr": self.args.shr,
             "have_unpost": int(self.args.unpost),
             "sb_md": "" if "no_sb_md" in vf else (vf.get("md_sbf") or "y"),
             "dgrid": "grid" in vf,

copyparty/httpsrv.py

@@ -151,7 +151,17 @@ class HttpSrv(object):
 
         env = jinja2.Environment()
         env.loader = jinja2.FileSystemLoader(os.path.join(self.E.mod, "web"))
-        jn = ["splash", "svcs", "browser", "browser2", "msg", "md", "mde", "cf"]
+        jn = [
+            "splash",
+            "shares",
+            "svcs",
+            "browser",
+            "browser2",
+            "msg",
+            "md",
+            "mde",
+            "cf",
+        ]
         self.j2 = {x: env.get_template(x + ".html") for x in jn}
         zs = os.path.join(self.E.mod, "web", "deps", "prism.js.gz")
         self.prism = os.path.exists(zs)
@@ -362,7 +372,7 @@ class HttpSrv(object):
                         cip = cip[7:]
                     addr = (cip, saddr[1])
                 else:
-                    addr = (ip, sck.fileno())
+                    addr = ("127.8.3.7", sck.fileno())
             except (OSError, socket.error) as ex:
                 if self.stopping:
                     break

copyparty/svchub.py

@@ -202,6 +202,20 @@ class SvcHub(object):
             t = "WARNING: --s-rd-sz (%d) is larger than --iobuf (%d); this may lead to reduced performance"
             self.log("root", t % (args.s_rd_sz, args.iobuf), 3)
 
+        if args.chpw and args.idp_h_usr:
+            t = "ERROR: user-changeable passwords is incompatible with IdP/identity-providers; you must disable either --chpw or --idp-h-usr"
+            self.log("root", t, 1)
+            raise Exception(t)
+
+        noch = set()
+        for zs in args.chpw_no or []:
+            zsl = [x.strip() for x in zs.split(",")]
+            noch.update([x for x in zsl if x])
+        args.chpw_no = noch
+
+        if args.shr:
+            self.setup_share_db()
+
         bri = "zy"[args.theme % 2 :][:1]
         ch = "abcdefghijklmnopqrstuvwx"[int(args.theme / 2)]
         args.theme = "{0}{1} {0} {1}".format(ch, bri)
@@ -347,6 +361,61 @@ class SvcHub(object):
 
         self.broker = Broker(self)
 
+    def setup_share_db(self)  :
+        al = self.args
+        if not HAVE_SQLITE3:
+            self.log("root", "sqlite3 not available; disabling --shr", 1)
+            al.shr = ""
+            return
+
+        import sqlite3
+
+        al.shr = "/%s/" % (al.shr.strip("/"))
+
+        create = True
+        db_path = self.args.shr_db
+        self.log("root", "initializing shares-db %s" % (db_path,))
+        for n in range(2):
+            try:
+                db = sqlite3.connect(db_path)
+                cur = db.cursor()
+                try:
+                    cur.execute("select count(*) from sh").fetchone()
+                    create = False
+                    break
+                except:
+                    pass
+            except Exception as ex:
+                if n:
+                    raise
+                t = "shares-db corrupt; deleting and recreating: %r"
+                self.log("root", t % (ex,), 3)
+                try:
+                    cur.close()  # type: ignore
+                except:
+                    pass
+                try:
+                    db.close()  # type: ignore
+                except:
+                    pass
+                os.unlink(db_path)
+
+        assert db  # type: ignore
+        assert cur  # type: ignore
+        if create:
+            for cmd in [
+                # sharekey, password, src, perms, type, owner, created, expires
+                r"create table sh (k text, pw text, vp text, pr text, st int, un text, t0 int, t1 int)",
+                r"create table kv (k text, v int)",
+                r"insert into kv values ('sver', {})".format(1),
+            ]:
+                cur.execute(cmd)
+            db.commit()
+            self.log("root", "created new shares-db")
+
+        cur.close()
+        db.close()
+
     def start_ftpd(self)  :
         time.sleep(30)
 
@@ -809,18 +878,21 @@ class SvcHub(object):
         Daemon(self._reload, "reloading")
         return "reload initiated"
 
-    def _reload(self, rescan_all_vols  = True)  :
+    def _reload(self, rescan_all_vols  = True, up2k  = True)  :
         with self.up2k.mutex:
             if self.reloading != 1:
                 return
             self.reloading = 2
             self.log("root", "reloading config")
-            self.asrv.reload()
-            self.up2k.reload(rescan_all_vols)
+            self.asrv.reload(9 if up2k else 4)
+            if up2k:
+                self.up2k.reload(rescan_all_vols)
+            else:
+                self.log("root", "reload done")
             self.broker.reload()
             self.reloading = 0
 
-    def _reload_blocking(self, rescan_all_vols  = True)  :
+    def _reload_blocking(self, rescan_all_vols  = True, up2k  = True)  :
         while True:
             with self.up2k.mutex:
                 if self.reloading < 2:
@@ -831,7 +903,7 @@ class SvcHub(object):
         # try to handle multiple pending IdP reloads at once:
         time.sleep(0.2)
 
-        self._reload(rescan_all_vols=rescan_all_vols)
+        self._reload(rescan_all_vols=rescan_all_vols, up2k=up2k)
 
     def stop_thr(self)  :
         while not self.stop_req:

copyparty/tcpsrv.py

@@ -223,10 +223,22 @@ class TcpSrv(object):
         self.log("tcpsrv", msg, c)
 
     def _listen(self, ip , port )  :
+        uds_perm = uds_gid = -1
         if "unix:" in ip:
             tcp = False
             ipv = socket.AF_UNIX
-            ip = ip.split("unix:")[1]
+            uds = ip.split(":")
+            ip = uds[-1]
+            if len(uds) > 2:
+                uds_perm = int(uds[1], 8)
+            if len(uds) > 3:
+                try:
+                    uds_gid = int(uds[2])
+                except:
+                    import grp
+
+                    uds_gid = grp.getgrnam(uds[2]).gr_gid
+
         elif ":" in ip:
             tcp = True
             ipv = socket.AF_INET6
@@ -262,7 +274,13 @@ class TcpSrv(object):
                     srv.bind(ip)
                 else:
                     tf = "%s.%d" % (ip, os.getpid())
+                    if os.path.exists(tf):
+                        os.unlink(tf)
                     srv.bind(tf)
+                    if uds_gid != -1:
+                        os.chown(tf, -1, uds_gid)
+                    if uds_perm != -1:
+                        os.chmod(tf, uds_perm)
                     atomic_move(self.nlog, tf, ip, VF_CAREFUL)
 
             sport = srv.getsockname()[1] if tcp else port

copyparty/u2idx.py

@@ -56,6 +56,8 @@ class U2idx(object):
         self.mem_cur = sqlite3.connect(":memory:", check_same_thread=False).cursor()
         self.mem_cur.execute(r"create table a (b text)")
 
+        self.sh_cur  = None
+
         self.p_end = 0.0
         self.p_dur = 0.0
 
@@ -92,17 +94,31 @@ class U2idx(object):
         except:
             raise Pebkac(500, min_ex())
 
-    def get_cur(self, vn )  :
-        if not HAVE_SQLITE3:
+    def get_shr(self)  :
+        if self.sh_cur:
+            return self.sh_cur
+
+        if not HAVE_SQLITE3 or not self.args.shr:
             return None
 
+        assert sqlite3  # type: ignore
+
+        db = sqlite3.connect(self.args.shr_db, timeout=2, check_same_thread=False)
+        cur = db.cursor()
+        cur.execute('pragma table_info("sh")').fetchall()
+        self.sh_cur = cur
+        return cur
+
+    def get_cur(self, vn )  :
         cur = self.cur.get(vn.realpath)
         if cur:
             return cur
 
-        if "e2d" not in vn.flags:
+        if not HAVE_SQLITE3 or "e2d" not in vn.flags:
             return None
 
+        assert sqlite3  # type: ignore
+
         ptop = vn.realpath
         histpath = self.asrv.vfs.histtab.get(ptop)
         if not histpath: