copyparty 1.16.16__py3-none-any.whl → 1.16.17__py3-none-any.whl

copyparty/__main__.py

@@ -65,6 +65,7 @@ from .util import (
     load_resource,
     min_ex,
     pybin,
+    read_utf8,
     termsize,
     wrap,
 )
@@ -249,8 +250,7 @@ def get_srvname(verbose)  :
     if verbose:
         lprint("using hostname from {}\n".format(fp))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().decode("utf-8", "replace").strip()
+        return read_utf8(None, fp, True).strip()
     except:
         ret = ""
         namelen = 5
@@ -259,47 +259,18 @@ def get_srvname(verbose)  :
             ret = re.sub("[234567=]", "", ret)[:namelen]
         with open(fp, "wb") as f:
             f.write(ret.encode("utf-8") + b"\n")
-
-    return ret
-
-
-def get_fk_salt()  :
-    fp = os.path.join(E.cfg, "fk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(18))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
-
-
-def get_dk_salt()  :
-    fp = os.path.join(E.cfg, "dk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(30))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret
 
 
-def get_ah_salt()  :
-    fp = os.path.join(E.cfg, "ah-salt.txt")
+def get_salt(name , nbytes )  :
+    fp = os.path.join(E.cfg, "%s-salt.txt" % (name,))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
+        return read_utf8(None, fp, True).strip()
     except:
-        ret = b64enc(os.urandom(18))
+        ret = b64enc(os.urandom(nbytes))
         with open(fp, "wb") as f:
             f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret.decode("utf-8")
 
 
 def ensure_locale()  :
@@ -1257,6 +1228,10 @@ def add_optouts(ap):
     ap2.add_argument("-nih", action="store_true", help="no info hostname -- don't show in UI")
     ap2.add_argument("-nid", action="store_true", help="no info disk-usage -- don't show in UI")
     ap2.add_argument("-nb", action="store_true", help="no powered-by-copyparty branding in UI")
+    ap2.add_argument("--zipmaxn", metavar="N", type=u, default="0", help="reject download-as-zip if more than \033[33mN\033[0m files in total; optionally takes a unit suffix: [\033[32m256\033[0m], [\033[32m9K\033[0m], [\033[32m4G\033[0m] (volflag=zipmaxn)")
+    ap2.add_argument("--zipmaxs", metavar="SZ", type=u, default="0", help="reject download-as-zip if total download size exceeds \033[33mSZ\033[0m bytes; optionally takes a unit suffix: [\033[32m256M\033[0m], [\033[32m4G\033[0m], [\033[32m2T\033[0m] (volflag=zipmaxs)")
+    ap2.add_argument("--zipmaxt", metavar="TXT", type=u, default="", help="custom errormessage when download size exceeds max (volflag=zipmaxt)")
+    ap2.add_argument("--zipmaxu", action="store_true", help="authenticated users bypass the zip size limit (volflag=zipmaxu)")
     ap2.add_argument("--zip-who", metavar="LVL", type=int, default=3, help="who can download as zip/tar? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=authenticated-with-read-access, [\033[32m3\033[0m]=everyone-with-read-access (volflag=zip_who)\n\033[1;31mWARNING:\033[0m if a nested volume has a more restrictive value than a parent volume, then this will be \033[33mignored\033[0m if the download is initiated from the parent, more lenient volume")
     ap2.add_argument("--no-zip", action="store_true", help="disable download as zip/tar; same as \033[33m--zip-who=0\033[0m")
     ap2.add_argument("--no-tarcmp", action="store_true", help="disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...)")
@@ -1544,9 +1519,9 @@ def run_argparse(
 
     cert_path = os.path.join(E.cfg, "cert.pem")
 
-    fk_salt = get_fk_salt()
-    dk_salt = get_dk_salt()
-    ah_salt = get_ah_salt()
+    fk_salt = get_salt("fk", 18)
+    dk_salt = get_salt("dk", 30)
+    ah_salt = get_salt("ah", 18)
 
     # alpine peaks at 5 threads for some reason,
     # all others scale past that (but try to avoid SMT),

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 16, 16)
+VERSION = (1, 16, 17)
 CODENAME = "COPYparty"
-BUILD_DT = (2025, 2, 28)
+BUILD_DT = (2025, 3, 16)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py

@@ -33,6 +33,7 @@ from .util import (
     get_df,
     humansize,
     odfusion,
+    read_utf8,
     relchk,
     statdir,
     ub64enc,
@@ -64,6 +65,8 @@ SSEELOG = " ({})".format(SEE_LOG)
 BAD_CFG = "invalid config; {}".format(SEE_LOG)
 SBADCFG = " ({})".format(BAD_CFG)
 
+PTN_U_GRP = re.compile(r"\$\{u%([+-])([^}]+)\}")
+
 
 class CfgEx(Exception):
     pass
@@ -335,22 +338,26 @@ class VFS(object):
         log ,
         realpath ,
         vpath ,
+        vpath0 ,
         axs ,
         flags  ,
     )  :
         self.log = log
         self.realpath = realpath  # absolute path on host filesystem
         self.vpath = vpath  # absolute path in the virtual filesystem
+        self.vpath0 = vpath0  # original vpath (before idp expansion)
         self.axs = axs
         self.flags = flags  # config options
         self.root = self
         self.dev = 0  # st_dev
+        self.badcfg1 = False
         self.nodes   = {}  # child nodes
         self.histtab   = {}  # all realpath->histpath
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
         self.shr_files  = set()  # filenames to include from shr_src
+        self.shr_owner  = ""  # uname
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -368,7 +375,7 @@ class VFS(object):
             vp = vpath + ("/" if vpath else "")
             self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
             self.all_vols = {vpath: self}  # flattened recursive
-            self.all_nodes = {vpath: self}  # also jumpvols
+            self.all_nodes = {vpath: self}  # also jumpvols/shares
             self.all_aps = [(rp, self)]
             self.all_vps = [(vp, self)]
         else:
@@ -408,7 +415,7 @@ class VFS(object):
         for v in self.nodes.values():
             v.get_all_vols(vols, nodes, aps, vps)
 
-    def add(self, src , dst )  :
+    def add(self, src , dst , dst0 )  :
         """get existing, or add new path to the vfs"""
         assert src == "/" or not src.endswith("/")  # nosec
         assert not dst.endswith("/")  # nosec
@@ -416,20 +423,22 @@ class VFS(object):
         if "/" in dst:
             # requires breadth-first population (permissions trickle down)
             name, dst = dst.split("/", 1)
+            name0, dst0 = dst0.split("/", 1)
             if name in self.nodes:
                 # exists; do not manipulate permissions
-                return self.nodes[name].add(src, dst)
+                return self.nodes[name].add(src, dst, dst0)
 
             vn = VFS(
                 self.log,
                 os.path.join(self.realpath, name) if self.realpath else "",
                 "{}/{}".format(self.vpath, name).lstrip("/"),
+                "{}/{}".format(self.vpath0, name0).lstrip("/"),
                 self.axs,
                 self._copy_flags(name),
             )
             vn.dbv = self.dbv or self
             self.nodes[name] = vn
-            return vn.add(src, dst)
+            return vn.add(src, dst, dst0)
 
         if dst in self.nodes:
             # leaf exists; return as-is
@@ -437,7 +446,8 @@ class VFS(object):
 
         # leaf does not exist; create and keep permissions blank
         vp = "{}/{}".format(self.vpath, dst).lstrip("/")
-        vn = VFS(self.log, src, vp, AXS(), {})
+        vp0 = "{}/{}".format(self.vpath0, dst0).lstrip("/")
+        vn = VFS(self.log, src, vp, vp0, AXS(), {})
         vn.dbv = self.dbv or self
         self.nodes[dst] = vn
         return vn
@@ -854,7 +864,7 @@ class AuthSrv(object):
         self.indent = ""
 
         # fwd-decl
-        self.vfs = VFS(log_func, "", "", AXS(), {})
+        self.vfs = VFS(log_func, "", "", "", AXS(), {})
         self.acct   = {}  # uname->pw
         self.iacct   = {}  # pw->uname
         self.ases   = {}  # uname->session
@@ -922,7 +932,7 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        mount   ,
         daxs  ,
         mflags   ,
         un_gns  ,
@@ -938,12 +948,24 @@ class AuthSrv(object):
             un_gn = [("", "")]
 
         for un, gn in un_gn:
+            m = PTN_U_GRP.search(dst0)
+            if m:
+                req, gnc = m.groups()
+                hit = gnc in (un_gns.get(un) or [])
+                if req == "+":
+                    if not hit:
+                        continue
+                elif hit:
+                    continue
+
             # if ap/vp has a user/group placeholder, make sure to keep
             # track so the same user/group is mapped when setting perms;
             # otherwise clear un/gn to indicate it's a regular volume
 
             src1 = src0.replace("${u}", un or "\n")
             dst1 = dst0.replace("${u}", un or "\n")
+            src1 = PTN_U_GRP.sub(un or "\n", src1)
+            dst1 = PTN_U_GRP.sub(un or "\n", dst1)
             if src0 == src1 and dst0 == dst1:
                 un = ""
 
@@ -960,7 +982,7 @@ class AuthSrv(object):
                 continue
             visited.add(label)
 
-            src, dst = self._map_volume(src, dst, mount, daxs, mflags)
+            src, dst = self._map_volume(src, dst, dst0, mount, daxs, mflags)
             if src:
                 ret.append((src, dst, un, gn))
                 if un or gn:
@@ -972,7 +994,8 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        dst0 ,
+        mount   ,
         daxs  ,
         mflags   ,
     )   :
@@ -982,13 +1005,13 @@ class AuthSrv(object):
 
         if dst in mount:
             t = "multiple filesystem-paths mounted at [/{}]:\n  [{}]\n  [{}]"
-            self.log(t.format(dst, mount[dst], src), c=1)
+            self.log(t.format(dst, mount[dst][0], src), c=1)
             raise Exception(BAD_CFG)
 
         if src in mount.values():
             t = "filesystem-path [{}] mounted in multiple locations:"
             t = t.format(src)
-            for v in [k for k, v in mount.items() if v == src] + [dst]:
+            for v in [k for k, v in mount.items() if v[0] == src] + [dst]:
                 t += "\n  /{}".format(v)
 
             self.log(t, c=3)
@@ -997,7 +1020,7 @@ class AuthSrv(object):
         if not bos.path.isdir(src):
             self.log("warning: filesystem-path does not exist: {}".format(src), 3)
 
-        mount[dst] = src
+        mount[dst] = (src, dst0)
         daxs[dst] = AXS()
         mflags[dst] = {}
         return (src, dst)
@@ -1058,7 +1081,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
     )  :
         self.line_ctr = 0
 
@@ -1083,7 +1106,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
         npass ,
     )  :
         self.line_ctr = 0
@@ -1442,8 +1465,8 @@ class AuthSrv(object):
         acct   = {}  # username:password
         grps   = {}  # groupname:usernames
         daxs   = {}
-        mflags    = {}  # moutpoint:flags
-        mount   = {}  # dst:src (mountpoint:realpath)
+        mflags    = {}  # vpath:flags
+        mount    = {}  # dst:src (vp:(ap,vp0))
 
         self.idp_vols = {}  # yolo
 
@@ -1522,8 +1545,8 @@ class AuthSrv(object):
         # case-insensitive; normalize
         if WINDOWS:
             cased = {}
-            for k, v in mount.items():
-                cased[k] = absreal(v)
+            for vp, (ap, vp0) in mount.items():
+                cased[vp] = (absreal(ap), vp0)
 
             mount = cased
 
@@ -1538,25 +1561,28 @@ class AuthSrv(object):
                 t = "Read-access has been disabled due to failsafe: No volumes were defined by the config-file. This failsafe is to prevent unintended access if this is due to accidental loss of config. You can override this safeguard and allow read/write to the working-directory by adding the following arguments:  -v .::rw"
                 self.log(t, 1)
                 axs = AXS()
-            vfs = VFS(self.log_func, absreal("."), "", axs, {})
+            vfs = VFS(self.log_func, absreal("."), "", "", axs, {})
+            if not axs.uread:
+                vfs.badcfg1 = True
         elif "" not in mount:
             # there's volumes but no root; make root inaccessible
             zsd = {"d2d": True, "tcolor": self.args.tcolor}
-            vfs = VFS(self.log_func, "", "", AXS(), zsd)
+            vfs = VFS(self.log_func, "", "", "", AXS(), zsd)
 
         maxdepth = 0
         for dst in sorted(mount.keys(), key=lambda x: (x.count("/"), len(x))):
             depth = dst.count("/")
             assert maxdepth <= depth  # nosec
             maxdepth = depth
+            src, dst0 = mount[dst]
 
             if dst == "":
                 # rootfs was mapped; fully replaces the default CWD vfs
-                vfs = VFS(self.log_func, mount[dst], dst, daxs[dst], mflags[dst])
+                vfs = VFS(self.log_func, src, dst, dst0, daxs[dst], mflags[dst])
                 continue
 
             assert vfs  # type: ignore
-            zv = vfs.add(mount[dst], dst)
+            zv = vfs.add(src, dst, dst0)
             zv.axs = daxs[dst]
             zv.flags = mflags[dst]
             zv.dbv = None
@@ -1590,7 +1616,8 @@ class AuthSrv(object):
         if enshare:
             import sqlite3
 
-            shv = VFS(self.log_func, "", shr, AXS(), {})
+            zsd = {"d2d": True, "tcolor": self.args.tcolor}
+            shv = VFS(self.log_func, "", shr, shr, AXS(), zsd)
 
             db_path = self.args.shr_db
             db = sqlite3.connect(db_path)
@@ -1624,9 +1651,8 @@ class AuthSrv(object):
 
                 # don't know the abspath yet + wanna ensure the user
                 # still has the privs they granted, so nullmap it
-                shv.nodes[s_k] = VFS(
-                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, shv.flags.copy()
-                )
+                vp = "%s/%s" % (shr, s_k)
+                shv.nodes[s_k] = VFS(self.log_func, "", vp, vp, s_axs, shv.flags.copy())
 
             vfs.nodes[shr] = vfs.all_vols[shr] = shv
             for vol in shv.nodes.values():
@@ -1787,6 +1813,24 @@ class AuthSrv(object):
             rhisttab[histp] = zv
             vfs.histtab[zv.realpath] = histp
 
+        for vol in vfs.all_vols.values():
+            use = False
+            for k in ["zipmaxn", "zipmaxs"]:
+                try:
+                    zs = vol.flags[k]
+                except:
+                    zs = getattr(self.args, k)
+                if zs in ("", "0"):
+                    vol.flags[k] = 0
+                    continue
+
+                zf = unhumanize(zs)
+                vol.flags[k + "_v"] = zf
+                if zf:
+                    use = True
+            if use:
+                vol.flags["zipmax"] = True
+
         for vol in vfs.all_vols.values():
             lim = Lim(self.log_func)
             use = False
@@ -2269,22 +2313,56 @@ class AuthSrv(object):
         except Pebkac:
             self.warn_anonwrite = True
 
-        idp_err = "WARNING! The following IdP volumes are mounted directly below another volume where anonymous users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by anonymous users UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+        self.idp_warn = []
+        self.idp_err = []
         for idp_vp in self.idp_vols:
-            parent_vp = vsplit(idp_vp)[0]
-            vn, _ = vfs.get(parent_vp, "*", False, False)
-            zs = (
-                "READABLE"
-                if "*" in vn.axs.uread
-                else "WRITABLE"
-                if "*" in vn.axs.uwrite
-                else ""
-            )
-            if zs:
-                t = '\nWARNING: Volume "/%s" appears below "/%s" and would be WORLD-%s'
-                idp_err += t % (idp_vp, vn.vpath, zs)
-        if "\n" in idp_err:
-            self.log(idp_err, 1)
+            idp_vn, _ = vfs.get(idp_vp, "*", False, False)
+            idp_vp0 = idp_vn.vpath0
+
+            sigils = set(re.findall(r"(\${[ug][}%])", idp_vp0))
+            if len(sigils) > 1:
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has multiple IdP placeholders: %s'
+                self.idp_warn.append(t % (idp_vp, idp_vp0, list(sigils)))
+                continue
+
+            sigil = sigils.pop()
+            par_vp = idp_vp
+            while par_vp:
+                par_vp = vsplit(par_vp)[0]
+                par_vn, _ = vfs.get(par_vp, "*", False, False)
+                if sigil in par_vn.vpath0:
+                    continue  # parent was spawned for and by same user
+
+                oth_read = []
+                oth_write = []
+                for usr in par_vn.axs.uread:
+                    if usr not in idp_vn.axs.uread:
+                        oth_read.append(usr)
+                for usr in par_vn.axs.uwrite:
+                    if usr not in idp_vn.axs.uwrite:
+                        oth_write.append(usr)
+
+                if "*" in oth_read:
+                    taxs = "WORLD-READABLE"
+                elif "*" in oth_write:
+                    taxs = "WORLD-WRITABLE"
+                elif oth_read:
+                    taxs = "READABLE BY %r" % (oth_read,)
+                elif oth_write:
+                    taxs = "WRITABLE BY %r" % (oth_write,)
+                else:
+                    break  # no sigil; not idp; safe to stop
+
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has parent/grandparent "/%s" and would be %s'
+                self.idp_err.append(t % (idp_vp, idp_vp0, par_vn.vpath, taxs))
+
+        if self.idp_warn:
+            t = "WARNING! Some IdP volumes include multiple IdP placeholders; this is too complex to automatically determine if safe or not. To ensure that no users gain unintended access, please use only a single placeholder for each IdP volume."
+            self.log(t + "".join(self.idp_warn), 1)
+
+        if self.idp_err:
+            t = "WARNING! The following IdP volumes are mounted below another volume where other users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by an unexpected set of permissions UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+            self.log(t + "".join(self.idp_err), 1)
 
         self.vfs = vfs
         self.acct = acct
@@ -2319,11 +2397,6 @@ class AuthSrv(object):
                 for x, y in vfs.all_vols.items()
                 if x != shr and not x.startswith(shrs)
             }
-            vfs.all_nodes = {
-                x: y
-                for x, y in vfs.all_nodes.items()
-                if x != shr and not x.startswith(shrs)
-            }
 
             assert db and cur and cur2 and shv  # type: ignore
             for row in cur.execute("select * from sh"):
@@ -2353,6 +2426,7 @@ class AuthSrv(object):
                 else:
                     shn.ls = shn._ls
 
+                shn.shr_owner = s_un
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
@@ -2370,7 +2444,7 @@ class AuthSrv(object):
                     continue  # also fine
                 for zs in svn.nodes.keys():
                     # hide subvolume
-                    vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
+                    vn.nodes[zs] = VFS(self.log_func, "", "", "", AXS(), {})
 
             cur2.close()
             cur.close()
@@ -2378,7 +2452,9 @@ class AuthSrv(object):
 
         self.js_ls = {}
         self.js_htm = {}
-        for vn in self.vfs.all_nodes.values():
+        for vp, vn in self.vfs.all_nodes.items():
+            if enshare and vp.startswith(shrs):
+                continue  # propagates later in this func
             vf = vn.flags
             vn.js_ls = {
                 "idx": "e2d" in vf,
@@ -2435,8 +2511,12 @@ class AuthSrv(object):
 
         vols = list(vfs.all_nodes.values())
         if enshare:
-            vols.append(shv)
-            vols.extend(list(shv.nodes.values()))
+            for vol in shv.nodes.values():
+                if vol.vpath not in vfs.all_nodes:
+                    self.log("BUG: /%s not in all_nodes" % (vol.vpath,), 1)
+                    vols.append(vol)
+            if shr in vfs.all_nodes:
+                self.log("BUG: %s found in all_nodes" % (shr,), 1)
 
         for vol in vols:
             dbv = vol.get_dbv("")[0]
@@ -2539,8 +2619,8 @@ class AuthSrv(object):
             if not bos.path.exists(ap):
                 pwdb = {}
             else:
-                with open(ap, "r", encoding="utf-8") as f:
-                    pwdb = json.load(f)
+                jtxt = read_utf8(self.log, ap, True)
+                pwdb = json.loads(jtxt)
 
             pwdb = [x for x in pwdb if x[0] != uname]
             pwdb.append((uname, self.defpw[uname], hpw))
@@ -2563,8 +2643,8 @@ class AuthSrv(object):
         if not self.args.chpw or not bos.path.exists(ap):
             return
 
-        with open(ap, "r", encoding="utf-8") as f:
-            pwdb = json.load(f)
+        jtxt = read_utf8(self.log, ap, True)
+        pwdb = json.loads(jtxt)
 
         useen = set()
         urst = set()
@@ -3060,8 +3140,9 @@ def expand_config_file(
     ipath += " -> " + fp
     ret.append("#\033[36m opening cfg file{}\033[0m".format(ipath))
 
-    with open(fp, "rb") as f:
-        for oln in [x.decode("utf-8").rstrip() for x in f]:
+    cfg_lines = read_utf8(log, fp, True).split("\n")
+    if True:  # diff-golf
+        for oln in [x.rstrip() for x in cfg_lines]:
             ln = oln.split("  #")[0].strip()
             if ln.startswith("% "):
                 pad = " " * len(oln.split("%")[0])

copyparty/cfg.py

@@ -55,6 +55,7 @@ def vf_bmap()   :
         "xdev",
         "xlink",
         "xvol",
+        "zipmaxu",
     ):
         ret[k] = k
     return ret
@@ -101,6 +102,9 @@ def vf_vmap()   :
         "u2ts",
         "ups_who",
         "zip_who",
+        "zipmaxn",
+        "zipmaxs",
+        "zipmaxt",
     ):
         ret[k] = k
     return ret
@@ -299,6 +303,10 @@ flagcats = {
         "rss": "allow '?rss' URL suffix (experimental)",
         "ups_who=2": "restrict viewing the list of recent uploads",
         "zip_who=2": "restrict access to download-as-zip/tar",
+        "zipmaxn=9k": "reject download-as-zip if more than 9000 files",
+        "zipmaxs=2g": "reject download-as-zip if size over 2 GiB",
+        "zipmaxt=no": "reply with 'no' if download-as-zip exceeds max",
+        "zipmaxu": "zip-size-limit does not apply to authenticated users",
         "nopipe": "disable race-the-beam (download unfinished uploads)",
         "mv_retry": "ms-windows: timeout for renaming busy files",
         "rm_retry": "ms-windows: timeout for deleting busy files",

copyparty/fsutil.py

@@ -72,7 +72,7 @@ class Fstab(object):
             return vid
 
     def build_fallback(self)  :
-        self.tab = VFS(self.log_func, "idk", "/", AXS(), {})
+        self.tab = VFS(self.log_func, "idk", "/", "/", AXS(), {})
         self.trusted = False
 
     def build_tab(self)  :
@@ -105,9 +105,10 @@ class Fstab(object):
 
         tab1.sort(key=lambda x: (len(x[0]), x[0]))
         path1, fs1 = tab1[0]
-        tab = VFS(self.log_func, fs1, path1, AXS(), {})
+        tab = VFS(self.log_func, fs1, path1, path1, AXS(), {})
         for path, fs in tab1[1:]:
-            tab.add(fs, path.lstrip("/"))
+            zs = path.lstrip("/")
+            tab.add(fs, zs, zs)
 
         self.tab = tab
         self.srctab = srctab
@@ -123,9 +124,10 @@ class Fstab(object):
         if not self.trusted:
             # no mtab access; have to build as we go
             if "/" in rem:
-                self.tab.add("idk", os.path.join(vn.vpath, rem.split("/")[0]))
+                zs = os.path.join(vn.vpath, rem.split("/")[0])
+                self.tab.add("idk", zs, zs)
             if rem:
-                self.tab.add(nval, path)
+                self.tab.add(nval, path, path)
             else:
                 vn.realpath = nval
 

copyparty/httpcli.py

@@ -22,6 +22,7 @@ from datetime import datetime
 from operator import itemgetter
 
 import jinja2  # typechk
+from ipaddress import IPv6Network
 
 try:
     if os.environ.get("PRTY_NO_LZMA"):
@@ -89,6 +90,7 @@ from .util import (
     read_socket,
     read_socket_chunked,
     read_socket_unbounded,
+    read_utf8,
     relchk,
     ren_open,
     runhook,
@@ -382,11 +384,12 @@ class HttpCli(object):
                         t += '  Note: if you are behind cloudflare, then this default header is not a good choice; please first make sure your local reverse-proxy (if any) does not allow non-cloudflare IPs from providing cf-* headers, and then add this additional global setting: "--xff-hdr=cf-connecting-ip"'
                     else:
                         t += '  Note: depending on your reverse-proxy, and/or WAF, and/or other intermediates, you may want to read the true client IP from another header by also specifying "--xff-hdr=SomeOtherHeader"'
-                    zs = (
-                        ".".join(pip.split(".")[:2]) + "."
-                        if "." in pip
-                        else ":".join(pip.split(":")[:4]) + ":"
-                    ) + "0.0/16"
+
+                    if "." in pip:
+                        zs = ".".join(pip.split(".")[:2]) + ".0.0/16"
+                    else:
+                        zs = IPv6Network(pip + "/64", False).compressed
+
                     zs2 = ' or "--xff-src=lan"' if self.conn.xff_lan.map(pip) else ""
                     self.log(t % (self.args.xff_hdr, pip, cli_ip, zso, zs, zs2), 3)
                     self.bad_xff = True
@@ -863,8 +866,7 @@ class HttpCli(object):
             html = html.replace("%", "", 1)
 
         if html.startswith("@"):
-            with open(html[1:], "rb") as f:
-                html = f.read().decode("utf-8")
+            html = read_utf8(self.log, html[1:], True)
 
         if html.startswith("%"):
             html = html[1:]
@@ -1231,14 +1233,7 @@ class HttpCli(object):
                     return self.tx_404(True)
             else:
                 vfs = self.asrv.vfs
-                if (
-                    not vfs.nodes
-                    and not vfs.axs.uread
-                    and not vfs.axs.uwrite
-                    and not vfs.axs.uget
-                    and not vfs.axs.uhtml
-                    and not vfs.axs.uadmin
-                ):
+                if vfs.badcfg1:
                     t = "<h2>access denied due to failsafe; check server log</h2>"
                     html = self.j2s("splash", this=self, msg=t)
                     self.reply(html.encode("utf-8", "replace"), 500)
@@ -3720,8 +3715,7 @@ class HttpCli(object):
                     continue
                 fn = "%s/%s" % (abspath, fn)
                 if bos.path.isfile(fn):
-                    with open(fsenc(fn), "rb") as f:
-                        logues[n] = f.read().decode("utf-8")
+                    logues[n] = read_utf8(self.log, fsenc(fn), False)
                     if "exp" in vn.flags:
                         logues[n] = self._expand(
                             logues[n], vn.flags.get("exp_lg") or []
@@ -3742,9 +3736,8 @@ class HttpCli(object):
             for fn in fns:
                 fn = "%s/%s" % (abspath, fn)
                 if bos.path.isfile(fn):
-                    with open(fsenc(fn), "rb") as f:
-                        txt = f.read().decode("utf-8")
-                        break
+                    txt = read_utf8(self.log, fsenc(fn), False)
+                    break
 
             if txt and "exp" in vn.flags:
                 txt = self._expand(txt, vn.flags.get("exp_md") or [])
@@ -3777,6 +3770,16 @@ class HttpCli(object):
 
         return txt
 
+    def _can_zip(self, volflags  )  :
+        lvl = volflags["zip_who"]
+        if self.args.no_zip or not lvl:
+            return "download-as-zip/tar is disabled in server config"
+        elif lvl <= 1 and not self.can_admin:
+            return "download-as-zip/tar is admin-only on this server"
+        elif lvl <= 2 and self.uname in ("", "*"):
+            return "you must be authenticated to download-as-zip/tar on this server"
+        return ""
+
     def tx_res(self, req_path )  :
         status = 200
         logmsg = "{:4} {} ".format("", self.req)
@@ -4307,13 +4310,8 @@ class HttpCli(object):
         rem ,
         items ,
     )  :
-        lvl = vn.flags["zip_who"]
-        if self.args.no_zip or not lvl:
-            raise Pebkac(400, "download-as-zip/tar is disabled in server config")
-        elif lvl <= 1 and not self.can_admin:
-            raise Pebkac(400, "download-as-zip/tar is admin-only on this server")
-        elif lvl <= 2 and self.uname in ("", "*"):
-            t = "you must be authenticated to download-as-zip/tar on this server"
+        t = self._can_zip(vn.flags)
+        if t:
             raise Pebkac(400, t)
 
         logmsg = "{:4} {} ".format("", self.req)
@@ -4346,6 +4344,33 @@ class HttpCli(object):
         else:
             fn = self.host.split(":")[0]
 
+        if vn.flags.get("zipmax") and (not self.uname or not "zipmaxu" in vn.flags):
+            maxs = vn.flags.get("zipmaxs_v") or 0
+            maxn = vn.flags.get("zipmaxn_v") or 0
+            nf = 0
+            nb = 0
+            fgen = vn.zipgen(
+                vpath, rem, set(items), self.uname, False, not self.args.no_scandir
+            )
+            t = "total size exceeds a limit specified in server config"
+            t = vn.flags.get("zipmaxt") or t
+            if maxs and maxn:
+                for zd in fgen:
+                    nf += 1
+                    nb += zd["st"].st_size
+                    if maxs < nb or maxn < nf:
+                        raise Pebkac(400, t)
+            elif maxs:
+                for zd in fgen:
+                    nb += zd["st"].st_size
+                    if maxs < nb:
+                        raise Pebkac(400, t)
+            elif maxn:
+                for zd in fgen:
+                    nf += 1
+                    if maxn < nf:
+                        raise Pebkac(400, t)
+
         safe = (string.ascii_letters + string.digits).replace("%", "")
         afn = "".join([x if x in safe.replace('"', "") else "_" for x in fn])
         bascii = unicode(safe).encode("utf-8")
@@ -4991,6 +5016,8 @@ class HttpCli(object):
     def get_dls(self)  :
         ret = []
         dls = self.conn.hsrv.tdls
+        enshare = self.args.shr
+        shrs = enshare[1:]
         for dl_id, (t0, sz, vn, vp, uname) in self.conn.hsrv.tdli.items():
             t1, sent = dls[dl_id]
             if sent > 0x100000:  # 1m; buffers 2~4
@@ -4999,6 +5026,15 @@ class HttpCli(object):
                 vp = ""
             elif self.uname not in vn.axs.udot and (vp.startswith(".") or "/." in vp):
                 vp = ""
+            elif (
+                enshare
+                and vp.startswith(shrs)
+                and self.uname != vn.shr_owner
+                and self.uname not in vn.axs.uadmin
+                and self.uname not in self.args.shr_adm
+                and not dl_id.startswith(self.ip + ":")
+            ):
+                vp = ""
             if self.uname not in vn.axs.uadmin:
                 dl_id = uname = ""
 
@@ -5980,6 +6016,8 @@ class HttpCli(object):
                 zs = self.gen_fk(2, self.args.dk_salt, abspath, 0, 0)[:add_dk]
                 ls_ret["dk"] = cgv["dk"] = zs
 
+        no_zip = bool(self._can_zip(vf))
+
         dirs = []
         files = []
         ptn_hr = RE_HR
@@ -6005,7 +6043,7 @@ class HttpCli(object):
             is_dir = stat.S_ISDIR(inf.st_mode)
             if is_dir:
                 href += "/"
-                if self.args.no_zip:
+                if no_zip:
                     margin = "DIR"
                 elif add_dk:
                     zs = absreal(fspath)
@@ -6018,7 +6056,7 @@ class HttpCli(object):
                         quotep(href),
                     )
             elif fn in hist:
-                margin = '<a href="%s.hist/%s">#%s</a>' % (
+                margin = '<a href="%s.hist/%s" rel="nofollow">#%s</a>' % (
                     base,
                     html_escape(hist[fn][2], quot=True, crlf=True),
                     hist[fn][0],
@@ -6229,9 +6267,7 @@ class HttpCli(object):
                 docpath = os.path.join(abspath, doc)
                 sz = bos.path.getsize(docpath)
                 if sz < 1024 * self.args.txt_max:
-                    with open(fsenc(docpath), "rb") as f:
-                        doctxt = f.read().decode("utf-8", "replace")
-
+                    doctxt = read_utf8(self.log, fsenc(docpath), False)
                     if doc.lower().endswith(".md") and "exp" in vn.flags:
                         doctxt = self._expand(doctxt, vn.flags.get("exp_md") or [])
                 else:

copyparty/svchub.py

@@ -1250,7 +1250,7 @@ class SvcHub(object):
                 raise
 
     def check_mp_support(self)  :
-        if MACOS:
+        if MACOS and not os.environ.get("PRTY_FORCE_MP"):
             return "multiprocessing is wonky on mac osx;"
         elif sys.version_info < (3, 3):
             return "need python 3.3 or newer for multiprocessing;"
@@ -1270,7 +1270,7 @@ class SvcHub(object):
             return False
 
         try:
-            if mp.cpu_count() <= 1:
+            if mp.cpu_count() <= 1 and not os.environ.get("PRTY_FORCE_MP"):
                 raise Exception()
         except:
             self.log("svchub", "only one CPU detected; multiprocessing disabled")

copyparty/up2k.py

@@ -1112,7 +1112,7 @@ class Up2k(object):
         ft = "\033[0;32m{}{:.0}"
         ff = "\033[0;35m{}{:.0}"
         fv = "\033[0;36m{}:\033[90m{}"
-        zs = "ext_th_d html_head mv_re_r mv_re_t rm_re_r rm_re_t srch_re_dots srch_re_nodot"
+        zs = "ext_th_d html_head mv_re_r mv_re_t rm_re_r rm_re_t srch_re_dots srch_re_nodot zipmax zipmaxn_v zipmaxs_v"
         fx = set(zs.split())
         fd = vf_bmap()
         fd.update(vf_cmap())
@@ -3410,6 +3410,7 @@ class Up2k(object):
         rm  = False,
         lmod  = 0,
         fsrc  = None,
+        is_mv  = False,
     )  :
         if src == dst or (fsrc and fsrc == dst):
             t = "symlinking a file to itself?? orig(%s) fsrc(%s) link(%s)"
@@ -3426,7 +3427,7 @@ class Up2k(object):
 
         linked = False
         try:
-            if not flags.get("dedup"):
+            if not is_mv and not flags.get("dedup"):
                 raise Exception("dedup is disabled in config")
 
             lsrc = src
@@ -4578,7 +4579,7 @@ class Up2k(object):
                 dlink = bos.readlink(sabs)
                 dlink = os.path.join(os.path.dirname(sabs), dlink)
                 dlink = bos.path.abspath(dlink)
-                self._symlink(dlink, dabs, dvn.flags, lmod=ftime)
+                self._symlink(dlink, dabs, dvn.flags, lmod=ftime, is_mv=True)
                 wunlink(self.log, sabs, svn.flags)
             else:
                 atomic_move(self.log, sabs, dabs, svn.flags)
@@ -4796,7 +4797,7 @@ class Up2k(object):
             flags = self.flags.get(ptop) or {}
             atomic_move(self.log, sabs, slabs, flags)
             bos.utime(slabs, (int(time.time()), int(mt)), False)
-            self._symlink(slabs, sabs, flags, False)
+            self._symlink(slabs, sabs, flags, False, is_mv=True)
             full[slabs] = (ptop, rem)
             sabs = slabs
 
@@ -4855,7 +4856,9 @@ class Up2k(object):
             # (for example a volume with symlinked dupes but no --dedup);
             # fsrc=sabs is then a source that currently resolves to copy
 
-            self._symlink(dabs, alink, flags, False, lmod=lmod or 0, fsrc=sabs)
+            self._symlink(
+                dabs, alink, flags, False, lmod=lmod or 0, fsrc=sabs, is_mv=True
+            )
 
         return len(full) + len(links)
 

copyparty/util.py

@@ -572,6 +572,38 @@ except Exception as ex:
         print("using fallback base64 codec due to %r" % (ex,))
 
 
+class NotUTF8(Exception):
+    pass
+
+
+def read_utf8(log , ap  , strict )  :
+    with open(ap, "rb") as f:
+        buf = f.read()
+
+    try:
+        return buf.decode("utf-8", "strict")
+    except UnicodeDecodeError as ex:
+        eo = ex.start
+        eb = buf[eo : eo + 1]
+
+    if not strict:
+        t = "WARNING: The file [%s] is not using the UTF-8 character encoding; some characters in the file will be skipped/ignored. The first unreadable character was byte %r at offset %d. Please convert this file to UTF-8 by opening the file in your text-editor and saving it as UTF-8."
+        t = t % (ap, eb, eo)
+        if log:
+            log(t, 3)
+        else:
+            print(t)
+        return buf.decode("utf-8", "replace")
+
+    t = "ERROR: The file [%s] is not using the UTF-8 character encoding, and cannot be loaded. The first unreadable character was byte %r at offset %d. Please convert this file to UTF-8 by opening the file in your text-editor and saving it as UTF-8."
+    t = t % (ap, eb, eo)
+    if log:
+        log(t, 3)
+    else:
+        print(t)
+    raise NotUTF8(t)
+
+
 class Daemon(threading.Thread):
     def __init__(
         self,

{copyparty-1.16.16.dist-info → copyparty-1.16.17.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: copyparty
-Version: 1.16.16
+Version: 1.16.17
 Summary:   Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -157,6 +157,7 @@ turn almost any device into a file server with resumable uploads/downloads using
         * [custom mimetypes](#custom-mimetypes) - change the association of a file extension
         * [GDPR compliance](#GDPR-compliance) - imagine using copyparty professionally...
         * [feature chickenbits](#feature-chickenbits) - buggy feature? rip it out
+        * [feature beefybits](#feature-beefybits) - force-enable incompatible features
 * [packages](#packages) - the party might be closer than you think
     * [arch package](#arch-package) - now [available on aur](https://aur.archlinux.org/packages/copyparty) maintained by [@icxes](https://github.com/icxes)
     * [fedora package](#fedora-package) - does not exist yet
@@ -1893,7 +1894,7 @@ tell search engines you don't wanna be indexed,  either using the good old [robo
 * volflag `[...]:c,norobots` does the same thing for that single volume
 * volflag `[...]:c,robots` ALLOWS search-engine crawling for that volume, even if `--no-robots` is set globally
 
-also, `--force-js` disables the plain HTML folder listing, making things harder to parse for search engines
+also, `--force-js` disables the plain HTML folder listing, making things harder to parse for *some* search engines -- note that crawlers which understand javascript (such as google) will not be affected
 
 
 ## themes
@@ -2194,6 +2195,15 @@ buggy feature? rip it out  by setting any of the following environment variables
 example: `PRTY_NO_IFADDR=1 python3 copyparty-sfx.py`
 
 
+### feature beefybits
+
+force-enable features with known issues on your OS/env  by setting any of the following environment variables, also affectionately known as `fuckitbits` or `hail-mary-bits`
+
+| env-var                  | what it does |
+| ------------------------ | ------------ |
+| `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
+
+
 # packages
 
 the party might be closer than you think

{copyparty-1.16.16.dist-info → copyparty-1.16.17.dist-info}/RECORD

@@ -1,17 +1,17 @@
 copyparty/__init__.py,sha256=VR6ZZhB9IxaK5TDXDTBM_OIP5ydkrdbaEnstktLM__s,2649
-copyparty/__main__.py,sha256=JDjMsCiOMMBPs8HR8vpgEJMgnxq-qjX-hcgxKHF9WX4,117137
-copyparty/__version__.py,sha256=k9LRMLdD2c_LzklrEl5kBzwA4LXuQlPPCEKasLrNXqw,252
-copyparty/authsrv.py,sha256=iWMMp4hqejVDyK5g3hwK4xZ9oZIqWBa_OBMr8pPAM2g,107740
+copyparty/__main__.py,sha256=hlYwQuq_c1ML_Mkn4U3YSOllU-SavqtkMt72VMdi9os,117346
+copyparty/__version__.py,sha256=ouQegJYN1YmTy_TtphfQsiIWHiCpzBMamgsfT-_sPxU,252
+copyparty/authsrv.py,sha256=nZ27CC3HxwVbbCLPMEO9v6NZV7pLYP3euwrQ9qwT3gg,111163
 copyparty/broker_mp.py,sha256=QdOXXvV2Xn6J0CysEqyY3GZbqxQMyWnTpnba-a5lMc0,4987
 copyparty/broker_mpw.py,sha256=PpSS4SK3pItlpfD8OwVr3QmJEPKlUgaf2nuMOozixgU,3347
 copyparty/broker_thr.py,sha256=fjoYtpSscUA7-nMl4r1n2R7UK3J9lrvLS3rUZ-iJzKQ,1721
 copyparty/broker_util.py,sha256=76mfnFOpX1gUUvtjm8UQI7jpTIaVINX10QonM-B7ggc,1680
 copyparty/cert.py,sha256=0ZAPeXeMR164vWn9GQU3JDKooYXEq_NOQkDeg543ivg,8009
-copyparty/cfg.py,sha256=7LDVvUkhcqArE3Jmz8JVjcJC6xPvAjf2g0lUhw6p1k4,13634
+copyparty/cfg.py,sha256=cL2_gysqgLR6kU_sqaq6XheED0jbbTcqBFGEnYj_pA4,13996
 copyparty/dxml.py,sha256=vu5uZQtwvwoqnFHbULs2Zh_y2DETu0T-ENpMZ1i2CV4,2505
-copyparty/fsutil.py,sha256=IVOFG8zBQPMQDDv7RIStSJHwHiAnVNROZS37O5k465A,4524
+copyparty/fsutil.py,sha256=NC_CJC4TDag399vVDH9_uQfdfpTMwRFLNxERSWhlVvs,4594
 copyparty/ftpd.py,sha256=T97SFS7JFtvRLbJX8C4fJSYwe13vhN3-E6emtlVmqLA,17608
-copyparty/httpcli.py,sha256=DT2ZV-Hrxg1itfmeTkkHIctJHdG8nxtnIZJ8Whufxxo,219291
+copyparty/httpcli.py,sha256=O7iCliCPY57KzD_QI64cu7kS8UQIv1fo4BpmXo783kg,220444
 copyparty/httpconn.py,sha256=mQSgljh0Q-jyWjF4tQLrHbRKRe9WKl19kGqsGMsJpWo,6880
 copyparty/httpsrv.py,sha256=pxH_Eh8ElBLvOEDejgpP9Bvk65HNEou-03aYIcgXhrs,18090
 copyparty/ico.py,sha256=eWSxEae4wOCfheHl-m-wchYvFRAR_97kJDb4NGaB-Z8,3561
@@ -24,15 +24,15 @@ copyparty/smbd.py,sha256=dixFl2wlWymq_Cycc8a4cVB4gY8RSg2e3tE7Xr-aDa0,14614
 copyparty/ssdp.py,sha256=R1Z61GZOxBMF2Sk4RTxKWMOemogmcjEWG-CvLihd45k,7023
 copyparty/star.py,sha256=tV5BbX6AiQ7N4UU8DYtSTckNYeoeey4DBqq4LjfymbY,3818
 copyparty/sutil.py,sha256=6zEEGl4hRe6bTB83Y_RtnBGxr2JcUa__GdiAMqNJZnY,3208
-copyparty/svchub.py,sha256=gBp7x1hGF4b6_nanW5QUQcz8UmMCad6DzdE2KD5cLvE,41462
+copyparty/svchub.py,sha256=EPkbchicmP5Acq64rhpIshL-zvGEltcRJelkzW_dx5s,41542
 copyparty/szip.py,sha256=HFtnwOiBgx0HMLUf-h_T84zSlRijPxmhRo5PM613kRA,8602
 copyparty/tcpsrv.py,sha256=2q18dGR8jnezA4SMfUXa-wrGRGX3nHIwkxkWvkTzF2A,19889
 copyparty/tftpd.py,sha256=PXgG4rTmiaU_TavSyZWD5cFphdfChs9YvNY21qfExt8,13611
 copyparty/th_cli.py,sha256=PxDAmUvO_8Vm5edXiWtsCft0Fw69QL9rCHf9zLmUNeA,4800
 copyparty/th_srv.py,sha256=tHbh_Ve3v8tYclWH2thLs5oFufeXgJi1duUMveKIx9k,30725
 copyparty/u2idx.py,sha256=G6MDbD4I_sJSOwaNFZ6XLTQhnEDrB12pVKuKhzQ_leE,13676
-copyparty/up2k.py,sha256=c8llviRN10hoFHTE-z-APwGnzQ6mVC4KrNIcngusIU0,177199
-copyparty/util.py,sha256=Y_znSn3hBNYaaduwcCB7mmBYsi6vv9CYC1zJ9rq9yeQ,99435
+copyparty/up2k.py,sha256=abULiz0KK3dcuw9hsapJBnueaqrCWry6rQe8VgsJITM,177330
+copyparty/util.py,sha256=QOl_gNH8eHYNrnvoNPpGgkGAq8vV-r_Kr5Tp30qZo-M,100520
 copyparty/bos/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 copyparty/bos/bos.py,sha256=Wb7eWsXJgR5AFlBR9ZOyKrLTwy-Kct9RrGiOu4Jo37Y,1622
 copyparty/bos/path.py,sha256=yEjCq2ki9CvxA5sCT8pS0keEXwugs0ZeUyUhdBziOCI,777
@@ -57,7 +57,7 @@ copyparty/stolen/ifaddr/_win32.py,sha256=EE-QyoBgeB7lYQ6z62VjXNaRozaYfCkaJBHGNA8
 copyparty/web/baguettebox.js.gz,sha256=r2c_hOZV_RTyl4CqWWX14FDWP8nnDVwGkDl4Sfk0rU4,8239
 copyparty/web/browser.css.gz,sha256=_HiFW5vPUusWadoqdY8ZihuWizY9UECAc5nIamBPRi4,11654
 copyparty/web/browser.html,sha256=auvhLVE_t0aIN0q-nk0zOWFqITgDhroMAAviBNLoFfc,4788
-copyparty/web/browser.js.gz,sha256=dZ0sELnKXMnfQ_hrYb19xZ0SE9wFlYbDOCy-TEnFono,92091
+copyparty/web/browser.js.gz,sha256=48fDqIqQKCkrH0VsYVj03sDOx9gEZ-DfiHDaqEUuyr0,92341
 copyparty/web/browser2.html,sha256=NRUZ08GH-e2YcGXcoz0UjYg6JIVF42u4IMX4HHwWTmg,1587
 copyparty/web/cf.html,sha256=lJThtNFNAQT1ClCHHlivAkDGE0LutedwopXD62Z8Nys,589
 copyparty/web/dbg-audio.js.gz,sha256=Ma-KZtK8LnmiwNvNKFKXMPYl_Nn_3U7GsJ6-DRWC2HE,688
@@ -83,8 +83,8 @@ copyparty/web/splash.js.gz,sha256=4VqNznN10-bT33IJm3VWzBEJ1s08XZyxFB1TYPUkuAo,27
 copyparty/web/svcs.html,sha256=dnE1fG15zOpq7u0GYt8ij6BUv_LTwsiipFeneVYlMsM,14140
 copyparty/web/svcs.js.gz,sha256=lMXEP9W-VlXyANlva4q0ASSxvvHYlE2CrmxGgZXZop0,713
 copyparty/web/ui.css.gz,sha256=0sHIwGsL3_xH8Uu6N0Ag3bKBTjf-e_yfFbKynEZXAnk,2800
-copyparty/web/up2k.js.gz,sha256=0XPd3HafOgJe2TlCc2VIgpJCcR0SI0adwM-MjpT08qo,24071
-copyparty/web/util.js.gz,sha256=wD3tP5j1iE5Uj5AvLW5zZbQJXDIFDlqgBTGdXeRVqo0,15110
+copyparty/web/up2k.js.gz,sha256=VQVWBXK2gEz1b8if_ujXHNHnfBO7cdrKoSjqX397VUI,24519
+copyparty/web/util.js.gz,sha256=rD9iLfVLKRhxC8hmakal-s18xN_rs6GuOqyRPii6HQ8,15110
 copyparty/web/w.hash.js.gz,sha256=JhJagnqIkcKng_hs6otEgzcuQE7keToG_r5dd2o3EfU,1108
 copyparty/web/a/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 copyparty/web/a/partyfuse.py,sha256=9p5Hpg_IBiSimv7j9kmPhCGpy-FLXSRUOYnLjJ5JifU,28049
@@ -109,9 +109,9 @@ copyparty/web/deps/prismd.css.gz,sha256=ObUlksQVr-OuYlTz-I4B23TeBg2QDVVGRnWBz8cV
 copyparty/web/deps/scp.woff2,sha256=w99BDU5i8MukkMEL-iW0YO9H4vFFZSPWxbkH70ytaAg,8612
 copyparty/web/deps/sha512.ac.js.gz,sha256=lFZaCLumgWxrvEuDr4bqdKHsqjX82AbVAb7_F45Yk88,7033
 copyparty/web/deps/sha512.hw.js.gz,sha256=UAed2_ocklZCnIzcSYz2h4P1ycztlCLj-ewsRTud2lU,7939
-copyparty-1.16.16.dist-info/LICENSE,sha256=gOr4h33pCsBEg9uIy9AYmb7qlocL4V9t2uPJS5wllr0,1072
-copyparty-1.16.16.dist-info/METADATA,sha256=n_4WfJgIHsqlaYd8Mq5G0e9bK9Z-v4fpIiayX6tmXfM,158045
-copyparty-1.16.16.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
-copyparty-1.16.16.dist-info/entry_points.txt,sha256=4zw6a3rqASywQomiYLObjjlxybaI65LYYOTJwgKz7b0,128
-copyparty-1.16.16.dist-info/top_level.txt,sha256=LnYUPsDyk-8kFgM6YJLG4h820DQekn81cObKSu9g-sI,10
-copyparty-1.16.16.dist-info/RECORD,,
+copyparty-1.16.17.dist-info/LICENSE,sha256=gOr4h33pCsBEg9uIy9AYmb7qlocL4V9t2uPJS5wllr0,1072
+copyparty-1.16.17.dist-info/METADATA,sha256=mv4zOlv-ElE_ldsed5zneXRYtUjsFF5L9vCh7cTSi7Q,158632
+copyparty-1.16.17.dist-info/WHEEL,sha256=52BFRY2Up02UkjOa29eZOS2VxUrpPORXg1pkohGGUS8,91
+copyparty-1.16.17.dist-info/entry_points.txt,sha256=4zw6a3rqASywQomiYLObjjlxybaI65LYYOTJwgKz7b0,128
+copyparty-1.16.17.dist-info/top_level.txt,sha256=LnYUPsDyk-8kFgM6YJLG4h820DQekn81cObKSu9g-sI,10
+copyparty-1.16.17.dist-info/RECORD,,

{copyparty-1.16.16.dist-info → copyparty-1.16.17.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.2)
+Generator: setuptools (76.0.0)
 Root-Is-Purelib: true
 Tag: py3-none-any