copyparty 1.14.1__py3-none-any.whl → 1.14.2__py3-none-any.whl

copyparty/__main__.py

@@ -969,8 +969,8 @@ def add_fs(ap):
 def add_share(ap):
     db_path = os.path.join(E.cfg, "shares.db")
     ap2 = ap.add_argument_group('share-url options')
-    ap2.add_argument("--shr", metavar="URL", default="", help="base url for shared files, for example [\033[32m/share\033[0m] (must be a toplevel subfolder)")
-    ap2.add_argument("--shr-db", metavar="PATH", default=db_path, help="database to store shares in")
+    ap2.add_argument("--shr", metavar="DIR", default="", help="toplevel virtual folder for shared files/folders, for example [\033[32m/share\033[0m]")
+    ap2.add_argument("--shr-db", metavar="FILE", default=db_path, help="database to store shares in")
     ap2.add_argument("--shr-adm", metavar="U,U", default="", help="comma-separated list of users allowed to view/delete any share")
     ap2.add_argument("--shr-v", action="store_true", help="debug")
 
@@ -1406,7 +1406,7 @@ def add_ui(ap, retry):
     ap2 = ap.add_argument_group('ui options')
     ap2.add_argument("--grid", action="store_true", help="show grid/thumbnails by default (volflag=grid)")
     ap2.add_argument("--gsel", action="store_true", help="select files in grid by ctrl-click (volflag=gsel)")
-    ap2.add_argument("--lang", metavar="LANG", type=u, default="eng", help="language; one of the following: \033[32meng nor\033[0m")
+    ap2.add_argument("--lang", metavar="LANG", type=u, default="eng", help="language; one of the following: \033[32meng nor chi\033[0m")
     ap2.add_argument("--theme", metavar="NUM", type=int, default=0, help="default theme to use (0..7)")
     ap2.add_argument("--themes", metavar="NUM", type=int, default=8, help="number of themes installed")
     ap2.add_argument("--au-vol", metavar="0-100", type=int, default=50, choices=range(0, 101), help="default audio/video volume percent")

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 14, 1)
+VERSION = (1, 14, 2)
 CODENAME = "one step forward"
-BUILD_DT = (2024, 8, 19)
+BUILD_DT = (2024, 8, 23)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py

@@ -35,6 +35,7 @@ from .util import (
     odfusion,
     relchk,
     statdir,
+    ub64enc,
     uncyg,
     undot,
     unhumanize,
@@ -337,6 +338,7 @@ class VFS(object):
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
+        self.shr_files  = set()  # filenames to include from shr_src
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -362,6 +364,7 @@ class VFS(object):
             self.all_vps = []
 
         self.get_dbv = self._get_dbv
+        self.ls = self._ls
 
     def __repr__(self)  :
         return "VFS(%s)" % (
@@ -558,7 +561,26 @@ class VFS(object):
         ad, fn = os.path.split(ap)
         return os.path.join(absreal(ad), fn)
 
-    def ls(
+    def _ls_nope(
+        self, *a, **ka
+    )      :
+        raise Pebkac(500, "nope.avi")
+
+    def _ls_shr(
+        self,
+        rem ,
+        uname ,
+        scandir ,
+        permsets ,
+        lstat  = False,
+    )      :
+        """replaces _ls for certain shares (single-file, or file selection)"""
+        vn, rem = self.shr_src  # type: ignore
+        abspath, real, _ = vn.ls(rem, "\n", scandir, permsets, lstat)
+        real = [x for x in real if os.path.basename(x[0]) in self.shr_files]
+        return abspath, real, {}
+
+    def _ls(
         self,
         rem ,
         uname ,
@@ -1501,14 +1523,14 @@ class AuthSrv(object):
             import sqlite3
 
             shv = VFS(self.log_func, "", shr, AXS(), {"d2d": True})
-            par = vfs.all_vols[""]
 
             db_path = self.args.shr_db
             db = sqlite3.connect(db_path)
             cur = db.cursor()
+            cur2 = db.cursor()
             now = time.time()
             for row in cur.execute("select * from sh"):
-                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                s_k, s_pw, s_vp, s_pr, s_nf, s_un, s_t0, s_t1 = row
                 if s_t1 and s_t1 < now:
                     continue
 
@@ -1517,7 +1539,10 @@ class AuthSrv(object):
                     self.log(t % (s_pr, s_k, s_un, s_vp))
 
                 if s_pw:
-                    sun = "s_%s" % (s_k,)
+                    # gotta reuse the "account" for all shares with this pw,
+                    # so do a light scramble as this appears in the web-ui
+                    zs = ub64enc(hashlib.sha512(s_pw.encode("utf-8")).digest())[4:16]
+                    sun = "s_%s" % (zs.decode("utf-8"),)
                     acct[sun] = s_pw
                 else:
                     sun = "*"
@@ -1532,13 +1557,14 @@ class AuthSrv(object):
                 # don't know the abspath yet + wanna ensure the user
                 # still has the privs they granted, so nullmap it
                 shv.nodes[s_k] = VFS(
-                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, par.flags.copy()
+                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, shv.flags.copy()
                 )
 
             vfs.nodes[shr] = vfs.all_vols[shr] = shv
             for vol in shv.nodes.values():
                 vfs.all_vols[vol.vpath] = vol
                 vol.get_dbv = vol._get_share_src
+                vol.ls = vol._ls_nope
 
         zss = set(acct)
         zss.update(self.idp_accs)
@@ -2048,6 +2074,9 @@ class AuthSrv(object):
             if not self.warn_anonwrite or verbosity < 5:
                 break
 
+            if enshare and (zv.vpath == shr or zv.vpath.startswith(shrs)):
+                continue
+
             t += '\n\033[36m"/{}"  \033[33m{}\033[0m'.format(zv.vpath, zv.realpath)
             for txt, attr in [
                 ["  read", "uread"],
@@ -2154,10 +2183,9 @@ class AuthSrv(object):
                 if x != shr and not x.startswith(shrs)
             }
 
-            assert cur  # type: ignore
-            assert shv  # type: ignore
+            assert db and cur and cur2 and shv  # type: ignore
             for row in cur.execute("select * from sh"):
-                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                s_k, s_pw, s_vp, s_pr, s_nf, s_un, s_t0, s_t1 = row
                 shn = shv.nodes.get(s_k, None)
                 if not shn:
                     continue
@@ -2172,6 +2200,17 @@ class AuthSrv(object):
                     shv.nodes.pop(s_k)
                     continue
 
+                fns = []
+                if s_nf:
+                    q = "select vp from sf where k = ?"
+                    for (s_fn,) in cur2.execute(q, (s_k,)):
+                        fns.append(s_fn)
+
+                    shn.shr_files = set(fns)
+                    shn.ls = shn._ls_shr
+                else:
+                    shn.ls = shn._ls
+
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
@@ -2191,6 +2230,10 @@ class AuthSrv(object):
                     # hide subvolume
                     vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
 
+            cur2.close()
+            cur.close()
+            db.close()
+
     def chpw(self, broker , uname, pw)   :
         if not self.args.chpw:
             return False, "feature disabled in server config"

copyparty/httpcli.py

@@ -3262,7 +3262,8 @@ class HttpCli(object):
                     raise Exception("not found in registry")
                 self.pipes.set(req_path, job)
             except Exception as ex:
-                self.log("will not pipe [%s]; %s" % (ap_data, ex), 6)
+                if getattr(ex, "errno", 0) != errno.ENOENT:
+                    self.log("will not pipe [%s]; %s" % (ap_data, ex), 6)
                 ptop = None
 
         #
@@ -3954,6 +3955,7 @@ class HttpCli(object):
             rvol=rvol,
             wvol=wvol,
             avol=avol,
+            in_shr=self.args.shr and self.vpath.startswith(self.args.shr[1:]),
             vstate=vstate,
             scanning=vs["scanning"],
             hashq=vs["hashq"],
@@ -4002,10 +4004,10 @@ class HttpCli(object):
     def tx_404(self, is_403  = False)  :
         rc = 404
         if self.args.vague_403:
-            t = '<h1 id="n">404 not found &nbsp;┐( ´ -`)┌</h1><p id="o">or maybe you don\'t have access -- try logging in or <a href="{}/?h">go home</a></p>'
-            pt = "404 not found  ┐( ´ -`)┌   (or maybe you don't have access -- try logging in)"
+            t = '<h1 id="n">404 not found &nbsp;┐( ´ -`)┌</h1><p id="o">or maybe you don\'t have access -- try a password or <a href="{}/?h">go home</a></p>'
+            pt = "404 not found  ┐( ´ -`)┌   (or maybe you don't have access -- try a password)"
         elif is_403:
-            t = '<h1 id="p">403 forbiddena &nbsp;~┻━┻</h1><p id="q">you\'ll have to log in or <a href="{}/?h">go home</a></p>'
+            t = '<h1 id="p">403 forbiddena &nbsp;~┻━┻</h1><p id="q">use a password or <a href="{}/?h">go home</a></p>'
             pt = "403 forbiddena ~┻━┻   (you'll have to log in)"
             rc = 403
         else:
@@ -4022,7 +4024,8 @@ class HttpCli(object):
 
         t = t.format(self.args.SR)
         qv = quotep(self.vpaths) + self.ourlq()
-        html = self.j2s("splash", this=self, qvpath=qv, msg=t)
+        in_shr = self.args.shr and self.vpath.startswith(self.args.shr[1:])
+        html = self.j2s("splash", this=self, qvpath=qv, in_shr=in_shr, msg=t)
         self.reply(html.encode("utf-8"), status=rc)
         return True
 
@@ -4340,11 +4343,31 @@ class HttpCli(object):
             self.log("handle_share: " + json.dumps(req, indent=4))
 
         skey = req["k"]
-        vp = req["vp"].strip("/")
+        vps = req["vp"]
+        fns = []
+        if len(vps) == 1:
+            vp = vps[0]
+            if not vp.endswith("/"):
+                vp, zs = vp.rsplit("/", 1)
+                fns = [zs]
+        else:
+            for zs in vps:
+                if zs.endswith("/"):
+                    t = "you cannot select more than one folder, or mix flies and folders in one selection"
+                    raise Pebkac(400, t)
+            vp = vps[0].rsplit("/", 1)[0]
+            for zs in vps:
+                vp2, fn = zs.rsplit("/", 1)
+                fns.append(fn)
+                if vp != vp2:
+                    t = "mismatching base paths in selection:\n  [%s]\n  [%s]"
+                    raise Pebkac(400, t % (vp, vp2))
+
+        vp = vp.strip("/")
         if self.is_vproxied and (vp == self.args.R or vp.startswith(self.args.RS)):
             vp = vp[len(self.args.RS) :]
 
-        m = re.search(r"([^0-9a-zA-Z_\.-]|\.\.|^\.)", skey)
+        m = re.search(r"([^0-9a-zA-Z_-])", skey)
         if m:
             raise Pebkac(400, "sharekey has illegal character [%s]" % (m[1],))
 
@@ -4371,29 +4394,41 @@ class HttpCli(object):
         except:
             raise Pebkac(400, "you dont have all the perms you tried to grant")
 
-        ap = vfs.canonical(rem)
-        st = bos.stat(ap)
-        ist = 2 if stat.S_ISDIR(st.st_mode) else 1
+        ap, reals, _ = vfs.ls(
+            rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]]
+        )
+        rfns = set([x[0] for x in reals])
+        for fn in fns:
+            if fn not in rfns:
+                raise Pebkac(400, "selected file not found on disk: [%s]" % (fn,))
 
         pw = req.get("pw") or ""
         now = int(time.time())
         sexp = req["exp"]
-        exp = now + int(sexp) * 60 if sexp else 0
+        exp = int(sexp) if sexp else 0
+        exp = now + exp * 60 if exp else 0
         pr = "".join(zc for zc, zb in zip("rwmd", (s_rd, s_wr, s_mv, s_del)) if zb)
 
         q = "insert into sh values (?,?,?,?,?,?,?,?)"
-        cur.execute(q, (skey, pw, vp, pr, ist, self.uname, now, exp))
-        cur.connection.commit()
+        cur.execute(q, (skey, pw, vp, pr, len(fns), self.uname, now, exp))
+
+        q = "insert into sf values (?,?)"
+        for fn in fns:
+            cur.execute(q, (skey, fn))
 
+        cur.connection.commit()
         self.conn.hsrv.broker.ask("_reload_blocking", False, False).get()
         self.conn.hsrv.broker.ask("up2k.wake_rescanner").get()
 
-        surl = "%s://%s%s%s%s" % (
+        fn = quotep(fns[0]) if len(fns) == 1 else ""
+
+        surl = "created share: %s://%s%s%s%s/%s" % (
             "https" if self.is_https else "http",
             self.host,
             self.args.SR,
             self.args.shr,
             skey,
+            fn,
         )
         self.loud_reply(surl, status=201)
         return True

copyparty/svchub.py

@@ -370,11 +370,18 @@ class SvcHub(object):
 
         import sqlite3
 
-        al.shr = "/%s/" % (al.shr.strip("/"))
+        al.shr = al.shr.strip("/")
+        if "/" in al.shr or not al.shr:
+            t = "config error: --shr must be the name of a virtual toplevel directory to put shares inside"
+            self.log("root", t, 1)
+            raise Exception(t)
+
+        al.shr = "/%s/" % (al.shr,)
 
         create = True
+        modified = False
         db_path = self.args.shr_db
-        self.log("root", "initializing shares-db %s" % (db_path,))
+        self.log("root", "opening shares-db %s" % (db_path,))
         for n in range(2):
             try:
                 db = sqlite3.connect(db_path)
@@ -400,18 +407,43 @@ class SvcHub(object):
                     pass
                 os.unlink(db_path)
 
+        sch1 = [
+            r"create table kv (k text, v int)",
+            r"create table sh (k text, pw text, vp text, pr text, st int, un text, t0 int, t1 int)",
+            # sharekey, password, src, perms, numFiles, owner, created, expires
+        ]
+        sch2 = [
+            r"create table sf (k text, vp text)",
+            r"create index sf_k on sf(k)",
+            r"create index sh_k on sh(k)",
+            r"create index sh_t1 on sh(t1)",
+        ]
+
         assert db  # type: ignore
         assert cur  # type: ignore
         if create:
+            dver = 2
+            modified = True
+            for cmd in sch1 + sch2:
+                cur.execute(cmd)
+            self.log("root", "created new shares-db")
+        else:
+            (dver,) = cur.execute("select v from kv where k = 'sver'").fetchall()[0]
+
+        if dver == 1:
+            modified = True
+            for cmd in sch2:
+                cur.execute(cmd)
+            cur.execute("update sh set st = 0")
+            self.log("root", "shares-db schema upgrade ok")
+
+        if modified:
             for cmd in [
-                # sharekey, password, src, perms, type, owner, created, expires
-                r"create table sh (k text, pw text, vp text, pr text, st int, un text, t0 int, t1 int)",
-                r"create table kv (k text, v int)",
-                r"insert into kv values ('sver', {})".format(1),
+                r"delete from kv where k = 'sver'",
+                r"insert into kv values ('sver', %d)" % (2,),
             ]:
                 cur.execute(cmd)
             db.commit()
-            self.log("root", "created new shares-db")
 
         cur.close()
         db.close()

copyparty/up2k.py

@@ -577,8 +577,8 @@ class Up2k(object):
         rm = [x[0] for x in cur.execute(q, (now,))]
         if rm:
             self.log("forgetting expired shares %s" % (rm,))
-            q = "delete from sh where k=?"
-            cur.executemany(q, [(x,) for x in rm])
+            cur.executemany("delete from sh where k=?", [(x,) for x in rm])
+            cur.executemany("delete from sf where k=?", [(x,) for x in rm])
             db.commit()
             Daemon(self.hub._reload_blocking, "sharedrop", (False, False))
 

copyparty/web/a/u2c.py

@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 from __future__ import print_function, unicode_literals
 
-S_VERSION = "1.22"
-S_BUILD_DT = "2024-08-08"
+S_VERSION = "1.23"
+S_BUILD_DT = "2024-08-22"
 
 """
 u2c.py: upload to copyparty
@@ -1236,7 +1236,7 @@ source file/folder selection uses rsync syntax, meaning that:
     ap.add_argument("-v", action="store_true", help="verbose")
     ap.add_argument("-a", metavar="PASSWD", help="password or $filepath")
     ap.add_argument("-s", action="store_true", help="file-search (disables upload)")
-    ap.add_argument("-x", type=unicode, metavar="REGEX", default="", help="skip file if filesystem-abspath matches REGEX, example: '.*/\\.hist/.*'")
+    ap.add_argument("-x", type=unicode, metavar="REGEX", action="append", help="skip file if filesystem-abspath matches REGEX (option can be repeated), example: '.*/\\.hist/.*'")
     ap.add_argument("--ok", action="store_true", help="continue even if some local files are inaccessible")
     ap.add_argument("--touch", action="store_true", help="if last-modified timestamps differ, push local to server (need write+delete perms)")
     ap.add_argument("--ow", action="store_true", help="overwrite existing files instead of autorenaming")
@@ -1283,6 +1283,8 @@ source file/folder selection uses rsync syntax, meaning that:
     if ar.dr:
         ar.ow = True
 
+    ar.x = "|".join(ar.x or [])
+
     for k in "dl dr drd".split():
         errs = []
         if ar.safe and getattr(ar, k):

copyparty/web/shares.html

@@ -15,25 +15,25 @@
 <body>
 	<div id="wrap">
 		<a id="a" href="{{ r }}/?shares" class="af">refresh</a>
-		<a id="a" href="{{ r }}/?h" class="af">controlpanel</a>
+		<a id="a" href="{{ r }}/?h" class="af">control-panel</a>
 
         <span>axs = perms (read,write,move,delet)</span>
-        <span>st 1=file 2=dir</span>
+        <span>nf = numFiles (0=dir)</span>
         <span>min/hrs = time left</span>
 
-        <table><tr>
+        <table id="tab"><thead><tr>
             <th>delete</th>
             <th>sharekey</th>
             <th>pw</th>
             <th>source</th>
             <th>axs</th>
-            <th>st</th>
+            <th>nf</th>
             <th>user</th>
             <th>created</th>
             <th>expires</th>
             <th>min</th>
             <th>hrs</th>
-        </tr>
+        </tr></thead><tbody>
         {% for k, pw, vp, pr, st, un, t0, t1 in rows %}
         <tr>
             <td><a href="#" k="{{ k }}">delete</a></td>
@@ -45,11 +45,11 @@
             <td>{{ un|e }}</td>
             <td>{{ t0 }}</td>
             <td>{{ t1 }}</td>
-            <td>{{ (t1 - now) // 60 if t1 else "never" }}</td>
-            <td>{{ (t1 - now) // 3600 if t1 else "never" }}</td>
+            <td>{{ ((t1 - now) / 60)   | round(1) if t1 else "inf" }}</td>
+            <td>{{ ((t1 - now) / 3600) | round(1) if t1 else "inf" }}</td>
         </tr>
         {% endfor %}
-        </table>
+        </tbody></table>
         {% if not rows %}
         (you don't have any active shares btw)
         {% endif %}

copyparty/web/splash.html

@@ -14,6 +14,7 @@
 
 <body>
 	<div id="wrap">
+		{%- if not in_shr %}
 		<a id="a" href="{{ r }}/?h" class="af">refresh</a>
 		<a id="v" href="{{ r }}/?hc" class="af">connect</a>
 
@@ -23,6 +24,7 @@
 			<a id="c" href="{{ r }}/?pw=x" class="logout">logout</a>
 			<p><span id="m">welcome back,</span> <strong>{{ this.uname|e }}</strong></p>
 		{%- endif %}
+		{%- endif %}
 
 		{%- if msg %}
 		<div id="msg">
@@ -76,6 +78,37 @@
 		</ul>
 		{%- endif %}
 
+		{%- if in_shr %}
+		<h1 id="z">unlock this share:</h1>
+		<div>
+			<form id="lf" method="post" enctype="multipart/form-data" action="{{ r }}/{{ qvpath }}">
+				<input type="hidden" id="la" name="act" value="login" />
+				<input type="password" id="lp" name="cppwd" placeholder=" password" />
+				<input type="hidden" name="uhash" id="uhash" value="x" />
+				<input type="submit" id="ls" value="Unlock" />
+				{% if ahttps %}
+				<a id="w" href="{{ ahttps }}">switch to https</a>
+				{% endif %}
+			</form>
+		</div>
+		{%- else %}
+		<h1 id="l">login for more:</h1>
+		<div>
+			<form id="lf" method="post" enctype="multipart/form-data" action="{{ r }}/{{ qvpath }}">
+				<input type="hidden" id="la" name="act" value="login" />
+				<input type="password" id="lp" name="cppwd" placeholder=" password" />
+				<input type="hidden" name="uhash" id="uhash" value="x" />
+				<input type="submit" id="ls" value="Login" />
+				{% if chpw %}
+				<a id="x" href="#">change password</a>
+				{% endif %}
+				{% if ahttps %}
+				<a id="w" href="{{ ahttps }}">switch to https</a>
+				{% endif %}
+			</form>
+		</div>
+		{%- endif %}
+
 		<h1 id="cc">other stuff:</h1>
 		<ul>
 			{%- if this.uname != '*' and this.args.shr %}
@@ -94,21 +127,6 @@
 			<li><a id="k" href="{{ r }}/?reset" class="r" onclick="localStorage.clear();return true">reset client settings</a></li>
 		</ul>
 
-		<h1 id="l">login for more:</h1>
-		<div>
-			<form id="lf" method="post" enctype="multipart/form-data" action="{{ r }}/{{ qvpath }}">
-				<input type="hidden" id="la" name="act" value="login" />
-				<input type="password" id="lp" name="cppwd" placeholder=" password" />
-				<input type="hidden" name="uhash" id="uhash" value="x" />
-				<input type="submit" id="ls" value="Login" />
-				{% if chpw %}
-				<a id="x" href="#">change password</a>
-				{% endif %}
-				{% if ahttps %}
-				<a id="w" href="{{ ahttps }}">switch to https</a>
-				{% endif %}
-			</form>
-		</div>
 	</div>
 	<a href="#" id="repl">π</a>
 	{%- if not this.args.nb %}

{copyparty-1.14.1.dist-info → copyparty-1.14.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: copyparty
-Version: 1.14.1
+Version: 1.14.2
 Summary: Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -804,14 +804,16 @@ you can move files across browser tabs (cut in one tab, paste in another)
 
 share a file or folder by creating a temporary link
 
-when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or select a file first to share only that file
+when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or alternatively:
+* select a folder first to share that folder instead
+* select one or more files to share only those files
 
 this feature was made with [identity providers](#identity-providers) in mind -- configure your reverseproxy to skip the IdP's access-control for a given URL prefix and use that to safely share specific files/folders sans the usual auth checks
 
 when creating a share, the creator can choose any of the following options:
 
 * password-protection
-* expire after a certain time
+* expire after a certain time; `0` or blank means infinite
 * allow visitors to upload (if the user who creates the share has write-access)
 
 semi-intentional limitations:
@@ -822,10 +824,15 @@ semi-intentional limitations:
   * when linking something to discord (for example) it'll get accessed by their scraper and that would count as a hit
   * browsers wouldn't be able to resume a broken download unless the requester's IP gets allowlisted for X minutes (ref. tricky)
 
-the links are created inside a specific toplevel folder which must be specified with server-config `--shr`, for example `--shr /share/` (this also enables the feature)
+specify `--shr /foobar` to enable this feature; a toplevel virtual folder named `foobar` is then created, and that's where all the shares will be served from
+
+* you can name it whatever, `foobar` is just an example
+* if you're using config files, put `shr: /foobar` inside the `[global]` section instead
 
 users can delete their own shares in the controlpanel, and a list of privileged users (`--shr-adm`) are allowed to see and/or delet any share on the server
 
+**security note:** using this feature does not mean that you can skip the [accounts and volumes](#accounts-and-volumes) section -- you still need to restrict access to volumes that you do not intend to share with unauthenticated users! it is not sufficient to use rules in the reverseproxy to restrict access to just the `/share` folder.
+
 
 ## batch rename
 

{copyparty-1.14.1.dist-info → copyparty-1.14.2.dist-info}/RECORD

@@ -1,7 +1,7 @@
 copyparty/__init__.py,sha256=fUINM1abqDGzCCH_JcXdOnLdKOV-SrTI2Xo2QgQW2P4,1703
-copyparty/__main__.py,sha256=JBSVuRhMEnI_LMdRe5VLs09Li7WRJFcLlYGStcu0F90,107832
-copyparty/__version__.py,sha256=dTu12M9eISQGxeta4ssAuHyXgdmB0G1mXgoIPbzdzt8,258
-copyparty/authsrv.py,sha256=5LEz9yBB4PGEgbVsnJne-XevAsHbolFP-yfanOsDsUs,94305
+copyparty/__main__.py,sha256=T9fipgzSsr9hc5ApvEpoWMe0CPoYpm1jOE2kNznV9Fg,107828
+copyparty/__version__.py,sha256=wDXrZl0rzt2I3ONTXVvCQwVk8Dh7I819X_mTUcCs4bI,258
+copyparty/authsrv.py,sha256=jWXTjZLT8cGymfa9wBwGJqyBIi80aXcvzAMgI74G8iA,95750
 copyparty/broker_mp.py,sha256=YFe1S6Zziht8Qc__dCLj_ff8z0DDny9lqk_Mi5ajsJk,3868
 copyparty/broker_mpw.py,sha256=4ZI7bJYOwUibeAJVv9_FPGNmHrr9eOtkj_Kz0JEppTU,3197
 copyparty/broker_thr.py,sha256=eKr--HJGig5zqvNGwH9UoBG9Nvi9mT2axrRmJwknd0s,1759
@@ -11,7 +11,7 @@ copyparty/cfg.py,sha256=i8-bjWgbguQooxiA172RcptqR_SEOwDHJ4cqldrZ8oQ,9792
 copyparty/dxml.py,sha256=lZpg-kn-kQsXRtNY1n6fRaS-b7uXzMCyv8ovKnhZcZc,1548
 copyparty/fsutil.py,sha256=hnEHgySI43-XJJKbI8n6t1A6oVHzR_nYdsBcAwtreBk,4610
 copyparty/ftpd.py,sha256=1vD-KTy07xfEEEk1dx37pUYModpNO2gIhVXvFUr205M,17497
-copyparty/httpcli.py,sha256=xk8ZjiZkb3Cko-_A95bgFgm68rpHrmASLwqRmlOss1U,180620
+copyparty/httpcli.py,sha256=nlSmnZ6ejFzUGdfyWZ1v2C9ycuDdhDArXL3MZJcxYBI,181984
 copyparty/httpconn.py,sha256=mwIDup85cBowIfJOse8rla5bqTz7nf-ChgfR-5-V0JM,6938
 copyparty/httpsrv.py,sha256=8_1Ivg3eco7HJDjqL_rUB58IOUaUnoXGhO62bOMXLBk,17242
 copyparty/ico.py,sha256=eWSxEae4wOCfheHl-m-wchYvFRAR_97kJDb4NGaB-Z8,3561
@@ -24,14 +24,14 @@ copyparty/smbd.py,sha256=8zkC9BjVtGiKXMLajbdakxoKeFzACdM75SW0_SvqXJA,14490
 copyparty/ssdp.py,sha256=8iyF5sqIjATJLWcAtnJa8eadHosOn0CP4ywltzJ7bVY,7023
 copyparty/star.py,sha256=tV5BbX6AiQ7N4UU8DYtSTckNYeoeey4DBqq4LjfymbY,3818
 copyparty/sutil.py,sha256=JTMrQwcWH85hXB_cKG206eDZ967WZDGaP00AWvl_gB0,3214
-copyparty/svchub.py,sha256=eAvlDGhKAXUYxAHd03lHY-iNat32Bbt1rZHZwF46Kzg,37367
+copyparty/svchub.py,sha256=fiH7d8UXiW_LC7m2MU0AtS6KWwy49QXbSp4gIoyT2SM,38364
 copyparty/szip.py,sha256=tor4yjdHhEL4Ox-Xg7-cuUFrMO0IwQD29aRX5Cp8MYs,8605
 copyparty/tcpsrv.py,sha256=jM_Za64O8LEMfMrU4irJluIJZrU494e2b759r_KhaUQ,19881
 copyparty/tftpd.py,sha256=i1-oZ05DJq2_nDOW3g3PfTkMoUCr2lAcDYFMWArwtKA,13568
 copyparty/th_cli.py,sha256=o6FMkerYvAXS455z3DUossVztu_nzFlYSQhs6qN6Jt8,4636
 copyparty/th_srv.py,sha256=27IftjIXUQzRRiUytt-CgXkybEoP3HHHoXaDAvxEmLo,29217
 copyparty/u2idx.py,sha256=t4mzjj2GDrkjIHt0RM68y1EgT5qOBoz6mkYgjMbqA38,13526
-copyparty/up2k.py,sha256=Ys3tbEm4RW4FLxaFwrdgG7RSsDd0Hr2832I0nCvLtfM,153049
+copyparty/up2k.py,sha256=HNn5EzOM-pExt3waU-0n6_tqGweI--QAO4gKhNSACsU,153107
 copyparty/util.py,sha256=S7FuQBPbl2FX7ULIH9VNgiB7Z_rceqTJssXz4SGErwA,88625
 copyparty/bos/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 copyparty/bos/bos.py,sha256=Wb7eWsXJgR5AFlBR9ZOyKrLTwy-Kct9RrGiOu4Jo37Y,1622
@@ -55,9 +55,9 @@ copyparty/stolen/ifaddr/_posix.py,sha256=-67NdfGrCktfQPakT2fLbjl2U00QMvyBGkSvrUu
 copyparty/stolen/ifaddr/_shared.py,sha256=uNC4SdEIgdSLKvuUzsf1aM-H1Xrc_9mpLoOT43YukGs,6206
 copyparty/stolen/ifaddr/_win32.py,sha256=EE-QyoBgeB7lYQ6z62VjXNaRozaYfCkaJBHGNA8QtZM,4026
 copyparty/web/baguettebox.js.gz,sha256=4dS8-r4si84ca71l98672ahnRI86Aq95MU-bc5knykk,7962
-copyparty/web/browser.css.gz,sha256=tE4SKTvB2l6t91Mb_bhadKbV0QMLrYbAcVE-JQ7MPUk,11494
+copyparty/web/browser.css.gz,sha256=PoW_IIwFigZaMo3atpPU0o05Jj5Flbsm1bhW_KfcX-U,11491
 copyparty/web/browser.html,sha256=vvfWiu_aOFRar8u5lridMRKQSPF4R0YkA41zrsh82Qs,4878
-copyparty/web/browser.js.gz,sha256=lF2coe19rlOIwgDZlcqdnascDjqCJDVzVxtyZopQE2Y,71016
+copyparty/web/browser.js.gz,sha256=0eqpm-iVRYZc-A9rpNNj8I1S_cV90nBb8VOWq-Lk6Zc,80814
 copyparty/web/browser2.html,sha256=NRUZ08GH-e2YcGXcoz0UjYg6JIVF42u4IMX4HHwWTmg,1587
 copyparty/web/cf.html,sha256=lJThtNFNAQT1ClCHHlivAkDGE0LutedwopXD62Z8Nys,589
 copyparty/web/dbg-audio.js.gz,sha256=Ma-KZtK8LnmiwNvNKFKXMPYl_Nn_3U7GsJ6-DRWC2HE,688
@@ -71,21 +71,21 @@ copyparty/web/mde.html,sha256=ImBhQAaEUCke2M85QU_fl4X2XQExRLcEzgCEN8RNe9o,1759
 copyparty/web/mde.js.gz,sha256=kN2eUSvr4mFuksfK4-4LimJmWdwsao39Sea2lWtu8L0,2224
 copyparty/web/msg.css.gz,sha256=u90fXYAVrMD-jqwf5XFVC1ptSpSHZUe8Mez6PX101P8,300
 copyparty/web/msg.html,sha256=w9CM3hkLLGJX9fWEaG4gSbTOPe2GcPqW8BpSCDiFzOI,977
-copyparty/web/shares.css.gz,sha256=4OqsDr0aby14LPy61nU6JdEsgDyBw3TMQiClLvOPFds,477
-copyparty/web/shares.html,sha256=sogrhA6HCzG413qSrHar8-RFSocuBxACTWArO_HOP28,2208
-copyparty/web/shares.js.gz,sha256=PYOZ2jjzDTy_g7lali1kozUjUoI-97LsjXxKUzoThiU,319
-copyparty/web/splash.css.gz,sha256=lCleyzwvc5KdkFtuLhImeOeRZKYi_ISiLppCDcmRK7Y,1023
-copyparty/web/splash.html,sha256=FDCcWzO8E_mm_D4EaCWgeMyFSkMTAnGxWwPh9dn1e4Y,4221
-copyparty/web/splash.js.gz,sha256=RUH5mxrYtCAQ4eLsOUfLl0ryHa1f6-kf_I2j8FitMB0,1840
+copyparty/web/shares.css.gz,sha256=m-nRqTGPiU3ohZxvGaROzFr98F_jmohQnjieqEAyjBo,496
+copyparty/web/shares.html,sha256=j3nXy0cWBXHx0kx-NsFwxbtCSRbRowGy5DhF_n6y7iQ,2276
+copyparty/web/shares.js.gz,sha256=St2Ep6md8XhpmJhxcppYjHCER5Q1GmIdfHtIM3x4iWU,514
+copyparty/web/splash.css.gz,sha256=4DOtEKBWyaDKel7fdnwvnc9FrKlkht-ec7R2nRlruPU,1023
+copyparty/web/splash.html,sha256=dAo4KXKmXUMGcIwetZkFtVxk-mCMNkscD36BxLwRdow,4804
+copyparty/web/splash.js.gz,sha256=0HMVU21vpeA4Jbi6cGsPtKTwhdtT8-puVOQOiQAHGIc,2592
 copyparty/web/svcs.html,sha256=v0C3cOFWXYlvp3GEifz1Qj0W3MD8JANT3WTON05GZ9o,11797
 copyparty/web/svcs.js.gz,sha256=k81ZvZ3I-f4fMHKrNGGOgOlvXnCBz0mVjD-8mieoWCA,520
 copyparty/web/ui.css.gz,sha256=GnR_PxnZGcNs2IJnb5hFffnhlW3cUHkPad3tNIm-7DQ,2637
 copyparty/web/up2k.js.gz,sha256=KufMtRViAZQo2rVj67iEWbdPxlVeXW85emRYVJoY3aA,22946
-copyparty/web/util.js.gz,sha256=9LeqbO0j_Z4pEXH2pl9FxWxv5eG7d-SE997AFGboK74,14682
+copyparty/web/util.js.gz,sha256=dPuhXEBJ_T-d2tYUUufGTUul4FYIbuh6GQmtK7iBkEo,14682
 copyparty/web/w.hash.js.gz,sha256=7wP9EZQNXQxwZnCCFUVsi_-6TM9PLZJeZ9krutXRRj8,1060
 copyparty/web/a/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 copyparty/web/a/partyfuse.py,sha256=MuRkaSuYsdfWfBFMOkbPwDXqSvNTw3sd7QhhlKCDZ8I,32311
-copyparty/web/a/u2c.py,sha256=eJlcAN70lKeh46eNq9ae7CO-kgA8oGrMfiOBJivzCXk,42419
+copyparty/web/a/u2c.py,sha256=WG9njRxY9g9xjO93-fas9Wo-AM8vtrWrUTwpJ5Afmvk,42482
 copyparty/web/a/webdav-cfg.bat,sha256=Y4NoGZlksAIg4cBMb7KdJrpKC6Nx97onaTl6yMjaimk,1449
 copyparty/web/dd/2.png,sha256=gJ14XFPzaw95L6z92fSq9eMPikSQyu-03P1lgiGe0_I,258
 copyparty/web/dd/3.png,sha256=4lho8Koz5tV7jJ4ODo6GMTScZfkqsT05yp48EDFIlyg,252
@@ -105,9 +105,9 @@ copyparty/web/deps/prismd.css.gz,sha256=ObUlksQVr-OuYlTz-I4B23TeBg2QDVVGRnWBz8cV
 copyparty/web/deps/scp.woff2,sha256=w99BDU5i8MukkMEL-iW0YO9H4vFFZSPWxbkH70ytaAg,8612
 copyparty/web/deps/sha512.ac.js.gz,sha256=lFZaCLumgWxrvEuDr4bqdKHsqjX82AbVAb7_F45Yk88,7033
 copyparty/web/deps/sha512.hw.js.gz,sha256=vqoXeracj-99Z5MfY3jK2N4WiSzYQdfjy0RnUlQDhSU,8110
-copyparty-1.14.1.dist-info/LICENSE,sha256=gOr4h33pCsBEg9uIy9AYmb7qlocL4V9t2uPJS5wllr0,1072
-copyparty-1.14.1.dist-info/METADATA,sha256=AXs4o0mUOTU-WVhn3Kh5QyI-swMa36Rqrk3a4v1Gp38,130962
-copyparty-1.14.1.dist-info/WHEEL,sha256=HiCZjzuy6Dw0hdX5R3LCFPDmFS4BWl8H-8W39XfmgX4,91
-copyparty-1.14.1.dist-info/entry_points.txt,sha256=4zw6a3rqASywQomiYLObjjlxybaI65LYYOTJwgKz7b0,128
-copyparty-1.14.1.dist-info/top_level.txt,sha256=LnYUPsDyk-8kFgM6YJLG4h820DQekn81cObKSu9g-sI,10
-copyparty-1.14.1.dist-info/RECORD,,
+copyparty-1.14.2.dist-info/LICENSE,sha256=gOr4h33pCsBEg9uIy9AYmb7qlocL4V9t2uPJS5wllr0,1072
+copyparty-1.14.2.dist-info/METADATA,sha256=fDuptsXfw2sOmf6nms6NIZRX5cgtutScqpw_UA0DqmE,131543
+copyparty-1.14.2.dist-info/WHEEL,sha256=Mdi9PDNwEZptOjTlUcAth7XJDFtKrHYaQMPulZeBCiQ,91
+copyparty-1.14.2.dist-info/entry_points.txt,sha256=4zw6a3rqASywQomiYLObjjlxybaI65LYYOTJwgKz7b0,128
+copyparty-1.14.2.dist-info/top_level.txt,sha256=LnYUPsDyk-8kFgM6YJLG4h820DQekn81cObKSu9g-sI,10
+copyparty-1.14.2.dist-info/RECORD,,

{copyparty-1.14.1.dist-info → copyparty-1.14.2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (72.2.0)
+Generator: setuptools (73.0.1)
 Root-Is-Purelib: true
 Tag: py3-none-any