copyparty 1.16.16__py3-none-any.whl → 1.16.18__py3-none-any.whl

copyparty/__main__.py

@@ -40,6 +40,7 @@ from .cfg import flagcats, onedash
 from .svchub import SvcHub
 from .util import (
     APPLESAN_TXT,
+    BAD_BOTS,
     DEF_EXP,
     DEF_MTE,
     DEF_MTH,
@@ -65,6 +66,7 @@ from .util import (
     load_resource,
     min_ex,
     pybin,
+    read_utf8,
     termsize,
     wrap,
 )
@@ -249,8 +251,7 @@ def get_srvname(verbose)  :
     if verbose:
         lprint("using hostname from {}\n".format(fp))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().decode("utf-8", "replace").strip()
+        return read_utf8(None, fp, True).strip()
     except:
         ret = ""
         namelen = 5
@@ -259,47 +260,18 @@ def get_srvname(verbose)  :
             ret = re.sub("[234567=]", "", ret)[:namelen]
         with open(fp, "wb") as f:
             f.write(ret.encode("utf-8") + b"\n")
-
-    return ret
-
-
-def get_fk_salt()  :
-    fp = os.path.join(E.cfg, "fk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(18))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
-
-
-def get_dk_salt()  :
-    fp = os.path.join(E.cfg, "dk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(30))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret
 
 
-def get_ah_salt()  :
-    fp = os.path.join(E.cfg, "ah-salt.txt")
+def get_salt(name , nbytes )  :
+    fp = os.path.join(E.cfg, "%s-salt.txt" % (name,))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
+        return read_utf8(None, fp, True).strip()
     except:
-        ret = b64enc(os.urandom(18))
+        ret = b64enc(os.urandom(nbytes))
         with open(fp, "wb") as f:
             f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret.decode("utf-8")
 
 
 def ensure_locale()  :
@@ -1050,6 +1022,8 @@ def add_network(ap):
         ap2.add_argument("--reuseaddr", action="store_true", help="set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances")
     else:
         ap2.add_argument("--freebind", action="store_true", help="allow listening on IPs which do not yet exist, for example if the network interfaces haven't finished going up. Only makes sense for IPs other than '0.0.0.0', '127.0.0.1', '::', and '::1'. May require running as root (unless net.ipv6.ip_nonlocal_bind)")
+    ap2.add_argument("--wr-h-eps", metavar="PATH", type=u, default="", help="write list of listening-on ip:port to textfile at \033[33mPATH\033[0m when http-servers have started")
+    ap2.add_argument("--wr-h-aon", metavar="PATH", type=u, default="", help="write list of accessible-on ip:port to textfile at \033[33mPATH\033[0m when http-servers have started")
     ap2.add_argument("--s-thead", metavar="SEC", type=int, default=120, help="socket timeout (read request header)")
     ap2.add_argument("--s-tbody", metavar="SEC", type=float, default=128.0, help="socket timeout (read/write request/response bodies). Use 60 on fast servers (default is extremely safe). Disable with 0 if reverse-proxied for a 2%% speed boost")
     ap2.add_argument("--s-rd-sz", metavar="B", type=int, default=256*1024, help="socket read size in bytes (indirectly affects filesystem writes; recommendation: keep equal-to or lower-than \033[33m--iobuf\033[0m)")
@@ -1243,6 +1217,7 @@ def add_yolo(ap):
     ap2 = ap.add_argument_group('yolo options')
     ap2.add_argument("--allow-csrf", action="store_true", help="disable csrf protections; let other domains/sites impersonate you through cross-site requests")
     ap2.add_argument("--getmod", action="store_true", help="permit ?move=[...] and ?delete as GET")
+    ap2.add_argument("--wo-up-readme", action="store_true", help="allow users with write-only access to upload logues and readmes without adding the _wo_ filename prefix (volflag=wo_up_readme)")
 
 
 def add_optouts(ap):
@@ -1257,7 +1232,12 @@ def add_optouts(ap):
     ap2.add_argument("-nih", action="store_true", help="no info hostname -- don't show in UI")
     ap2.add_argument("-nid", action="store_true", help="no info disk-usage -- don't show in UI")
     ap2.add_argument("-nb", action="store_true", help="no powered-by-copyparty branding in UI")
+    ap2.add_argument("--zipmaxn", metavar="N", type=u, default="0", help="reject download-as-zip if more than \033[33mN\033[0m files in total; optionally takes a unit suffix: [\033[32m256\033[0m], [\033[32m9K\033[0m], [\033[32m4G\033[0m] (volflag=zipmaxn)")
+    ap2.add_argument("--zipmaxs", metavar="SZ", type=u, default="0", help="reject download-as-zip if total download size exceeds \033[33mSZ\033[0m bytes; optionally takes a unit suffix: [\033[32m256M\033[0m], [\033[32m4G\033[0m], [\033[32m2T\033[0m] (volflag=zipmaxs)")
+    ap2.add_argument("--zipmaxt", metavar="TXT", type=u, default="", help="custom errormessage when download size exceeds max (volflag=zipmaxt)")
+    ap2.add_argument("--zipmaxu", action="store_true", help="authenticated users bypass the zip size limit (volflag=zipmaxu)")
     ap2.add_argument("--zip-who", metavar="LVL", type=int, default=3, help="who can download as zip/tar? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=authenticated-with-read-access, [\033[32m3\033[0m]=everyone-with-read-access (volflag=zip_who)\n\033[1;31mWARNING:\033[0m if a nested volume has a more restrictive value than a parent volume, then this will be \033[33mignored\033[0m if the download is initiated from the parent, more lenient volume")
+    ap2.add_argument("--ua-nozip", metavar="PTN", type=u, default=BAD_BOTS, help="regex of user-agents to reject from download-as-zip/tar; disable with [\033[32mno\033[0m] or blank")
     ap2.add_argument("--no-zip", action="store_true", help="disable download as zip/tar; same as \033[33m--zip-who=0\033[0m")
     ap2.add_argument("--no-tarcmp", action="store_true", help="disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...)")
     ap2.add_argument("--no-lifetime", action="store_true", help="do not allow clients (or server config) to schedule an upload to be deleted after a given time")
@@ -1448,6 +1428,7 @@ def add_txt(ap):
     ap2.add_argument("--exp", action="store_true", help="enable textfile expansion -- replace {{self.ip}} and such; see \033[33m--help-exp\033[0m (volflag=exp)")
     ap2.add_argument("--exp-md", metavar="V,V,V", type=u, default=DEF_EXP, help="comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan (volflag=exp_md)")
     ap2.add_argument("--exp-lg", metavar="V,V,V", type=u, default=DEF_EXP, help="comma/space-separated list of placeholders to expand in prologue/epilogue files (volflag=exp_lg)")
+    ap2.add_argument("--ua-nodoc", metavar="PTN", type=u, default=BAD_BOTS, help="regex of user-agents to reject from viewing documents through ?doc=[...]; disable with [\033[32mno\033[0m] or blank")
 
 
 def add_og(ap):
@@ -1544,9 +1525,9 @@ def run_argparse(
 
     cert_path = os.path.join(E.cfg, "cert.pem")
 
-    fk_salt = get_fk_salt()
-    dk_salt = get_dk_salt()
-    ah_salt = get_ah_salt()
+    fk_salt = get_salt("fk", 18)
+    dk_salt = get_salt("dk", 30)
+    ah_salt = get_salt("ah", 18)
 
     # alpine peaks at 5 threads for some reason,
     # all others scale past that (but try to avoid SMT),

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 16, 16)
+VERSION = (1, 16, 18)
 CODENAME = "COPYparty"
-BUILD_DT = (2025, 2, 28)
+BUILD_DT = (2025, 3, 23)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py

@@ -33,6 +33,7 @@ from .util import (
     get_df,
     humansize,
     odfusion,
+    read_utf8,
     relchk,
     statdir,
     ub64enc,
@@ -64,6 +65,8 @@ SSEELOG = " ({})".format(SEE_LOG)
 BAD_CFG = "invalid config; {}".format(SEE_LOG)
 SBADCFG = " ({})".format(BAD_CFG)
 
+PTN_U_GRP = re.compile(r"\$\{u%([+-])([^}]+)\}")
+
 
 class CfgEx(Exception):
     pass
@@ -335,22 +338,26 @@ class VFS(object):
         log ,
         realpath ,
         vpath ,
+        vpath0 ,
         axs ,
         flags  ,
     )  :
         self.log = log
         self.realpath = realpath  # absolute path on host filesystem
         self.vpath = vpath  # absolute path in the virtual filesystem
+        self.vpath0 = vpath0  # original vpath (before idp expansion)
         self.axs = axs
         self.flags = flags  # config options
         self.root = self
         self.dev = 0  # st_dev
+        self.badcfg1 = False
         self.nodes   = {}  # child nodes
         self.histtab   = {}  # all realpath->histpath
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
         self.shr_files  = set()  # filenames to include from shr_src
+        self.shr_owner  = ""  # uname
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -368,7 +375,7 @@ class VFS(object):
             vp = vpath + ("/" if vpath else "")
             self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
             self.all_vols = {vpath: self}  # flattened recursive
-            self.all_nodes = {vpath: self}  # also jumpvols
+            self.all_nodes = {vpath: self}  # also jumpvols/shares
             self.all_aps = [(rp, self)]
             self.all_vps = [(vp, self)]
         else:
@@ -408,7 +415,7 @@ class VFS(object):
         for v in self.nodes.values():
             v.get_all_vols(vols, nodes, aps, vps)
 
-    def add(self, src , dst )  :
+    def add(self, src , dst , dst0 )  :
         """get existing, or add new path to the vfs"""
         assert src == "/" or not src.endswith("/")  # nosec
         assert not dst.endswith("/")  # nosec
@@ -416,20 +423,22 @@ class VFS(object):
         if "/" in dst:
             # requires breadth-first population (permissions trickle down)
             name, dst = dst.split("/", 1)
+            name0, dst0 = dst0.split("/", 1)
             if name in self.nodes:
                 # exists; do not manipulate permissions
-                return self.nodes[name].add(src, dst)
+                return self.nodes[name].add(src, dst, dst0)
 
             vn = VFS(
                 self.log,
                 os.path.join(self.realpath, name) if self.realpath else "",
                 "{}/{}".format(self.vpath, name).lstrip("/"),
+                "{}/{}".format(self.vpath0, name0).lstrip("/"),
                 self.axs,
                 self._copy_flags(name),
             )
             vn.dbv = self.dbv or self
             self.nodes[name] = vn
-            return vn.add(src, dst)
+            return vn.add(src, dst, dst0)
 
         if dst in self.nodes:
             # leaf exists; return as-is
@@ -437,7 +446,8 @@ class VFS(object):
 
         # leaf does not exist; create and keep permissions blank
         vp = "{}/{}".format(self.vpath, dst).lstrip("/")
-        vn = VFS(self.log, src, vp, AXS(), {})
+        vp0 = "{}/{}".format(self.vpath0, dst0).lstrip("/")
+        vn = VFS(self.log, src, vp, vp0, AXS(), {})
         vn.dbv = self.dbv or self
         self.nodes[dst] = vn
         return vn
@@ -854,7 +864,7 @@ class AuthSrv(object):
         self.indent = ""
 
         # fwd-decl
-        self.vfs = VFS(log_func, "", "", AXS(), {})
+        self.vfs = VFS(log_func, "", "", "", AXS(), {})
         self.acct   = {}  # uname->pw
         self.iacct   = {}  # pw->uname
         self.ases   = {}  # uname->session
@@ -922,7 +932,7 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        mount   ,
         daxs  ,
         mflags   ,
         un_gns  ,
@@ -938,12 +948,24 @@ class AuthSrv(object):
             un_gn = [("", "")]
 
         for un, gn in un_gn:
+            m = PTN_U_GRP.search(dst0)
+            if m:
+                req, gnc = m.groups()
+                hit = gnc in (un_gns.get(un) or [])
+                if req == "+":
+                    if not hit:
+                        continue
+                elif hit:
+                    continue
+
             # if ap/vp has a user/group placeholder, make sure to keep
             # track so the same user/group is mapped when setting perms;
             # otherwise clear un/gn to indicate it's a regular volume
 
             src1 = src0.replace("${u}", un or "\n")
             dst1 = dst0.replace("${u}", un or "\n")
+            src1 = PTN_U_GRP.sub(un or "\n", src1)
+            dst1 = PTN_U_GRP.sub(un or "\n", dst1)
             if src0 == src1 and dst0 == dst1:
                 un = ""
 
@@ -960,7 +982,7 @@ class AuthSrv(object):
                 continue
             visited.add(label)
 
-            src, dst = self._map_volume(src, dst, mount, daxs, mflags)
+            src, dst = self._map_volume(src, dst, dst0, mount, daxs, mflags)
             if src:
                 ret.append((src, dst, un, gn))
                 if un or gn:
@@ -972,7 +994,8 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        dst0 ,
+        mount   ,
         daxs  ,
         mflags   ,
     )   :
@@ -982,13 +1005,13 @@ class AuthSrv(object):
 
         if dst in mount:
             t = "multiple filesystem-paths mounted at [/{}]:\n  [{}]\n  [{}]"
-            self.log(t.format(dst, mount[dst], src), c=1)
+            self.log(t.format(dst, mount[dst][0], src), c=1)
             raise Exception(BAD_CFG)
 
         if src in mount.values():
             t = "filesystem-path [{}] mounted in multiple locations:"
             t = t.format(src)
-            for v in [k for k, v in mount.items() if v == src] + [dst]:
+            for v in [k for k, v in mount.items() if v[0] == src] + [dst]:
                 t += "\n  /{}".format(v)
 
             self.log(t, c=3)
@@ -997,7 +1020,7 @@ class AuthSrv(object):
         if not bos.path.isdir(src):
             self.log("warning: filesystem-path does not exist: {}".format(src), 3)
 
-        mount[dst] = src
+        mount[dst] = (src, dst0)
         daxs[dst] = AXS()
         mflags[dst] = {}
         return (src, dst)
@@ -1058,7 +1081,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
     )  :
         self.line_ctr = 0
 
@@ -1083,7 +1106,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
         npass ,
     )  :
         self.line_ctr = 0
@@ -1442,8 +1465,8 @@ class AuthSrv(object):
         acct   = {}  # username:password
         grps   = {}  # groupname:usernames
         daxs   = {}
-        mflags    = {}  # moutpoint:flags
-        mount   = {}  # dst:src (mountpoint:realpath)
+        mflags    = {}  # vpath:flags
+        mount    = {}  # dst:src (vp:(ap,vp0))
 
         self.idp_vols = {}  # yolo
 
@@ -1522,8 +1545,8 @@ class AuthSrv(object):
         # case-insensitive; normalize
         if WINDOWS:
             cased = {}
-            for k, v in mount.items():
-                cased[k] = absreal(v)
+            for vp, (ap, vp0) in mount.items():
+                cased[vp] = (absreal(ap), vp0)
 
             mount = cased
 
@@ -1538,25 +1561,28 @@ class AuthSrv(object):
                 t = "Read-access has been disabled due to failsafe: No volumes were defined by the config-file. This failsafe is to prevent unintended access if this is due to accidental loss of config. You can override this safeguard and allow read/write to the working-directory by adding the following arguments:  -v .::rw"
                 self.log(t, 1)
                 axs = AXS()
-            vfs = VFS(self.log_func, absreal("."), "", axs, {})
+            vfs = VFS(self.log_func, absreal("."), "", "", axs, {})
+            if not axs.uread:
+                vfs.badcfg1 = True
         elif "" not in mount:
             # there's volumes but no root; make root inaccessible
             zsd = {"d2d": True, "tcolor": self.args.tcolor}
-            vfs = VFS(self.log_func, "", "", AXS(), zsd)
+            vfs = VFS(self.log_func, "", "", "", AXS(), zsd)
 
         maxdepth = 0
         for dst in sorted(mount.keys(), key=lambda x: (x.count("/"), len(x))):
             depth = dst.count("/")
             assert maxdepth <= depth  # nosec
             maxdepth = depth
+            src, dst0 = mount[dst]
 
             if dst == "":
                 # rootfs was mapped; fully replaces the default CWD vfs
-                vfs = VFS(self.log_func, mount[dst], dst, daxs[dst], mflags[dst])
+                vfs = VFS(self.log_func, src, dst, dst0, daxs[dst], mflags[dst])
                 continue
 
             assert vfs  # type: ignore
-            zv = vfs.add(mount[dst], dst)
+            zv = vfs.add(src, dst, dst0)
             zv.axs = daxs[dst]
             zv.flags = mflags[dst]
             zv.dbv = None
@@ -1590,7 +1616,8 @@ class AuthSrv(object):
         if enshare:
             import sqlite3
 
-            shv = VFS(self.log_func, "", shr, AXS(), {})
+            zsd = {"d2d": True, "tcolor": self.args.tcolor}
+            shv = VFS(self.log_func, "", shr, shr, AXS(), zsd)
 
             db_path = self.args.shr_db
             db = sqlite3.connect(db_path)
@@ -1624,9 +1651,8 @@ class AuthSrv(object):
 
                 # don't know the abspath yet + wanna ensure the user
                 # still has the privs they granted, so nullmap it
-                shv.nodes[s_k] = VFS(
-                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, shv.flags.copy()
-                )
+                vp = "%s/%s" % (shr, s_k)
+                shv.nodes[s_k] = VFS(self.log_func, "", vp, vp, s_axs, shv.flags.copy())
 
             vfs.nodes[shr] = vfs.all_vols[shr] = shv
             for vol in shv.nodes.values():
@@ -1787,6 +1813,24 @@ class AuthSrv(object):
             rhisttab[histp] = zv
             vfs.histtab[zv.realpath] = histp
 
+        for vol in vfs.all_vols.values():
+            use = False
+            for k in ["zipmaxn", "zipmaxs"]:
+                try:
+                    zs = vol.flags[k]
+                except:
+                    zs = getattr(self.args, k)
+                if zs in ("", "0"):
+                    vol.flags[k] = 0
+                    continue
+
+                zf = unhumanize(zs)
+                vol.flags[k + "_v"] = zf
+                if zf:
+                    use = True
+            if use:
+                vol.flags["zipmax"] = True
+
         for vol in vfs.all_vols.values():
             lim = Lim(self.log_func)
             use = False
@@ -2269,22 +2313,56 @@ class AuthSrv(object):
         except Pebkac:
             self.warn_anonwrite = True
 
-        idp_err = "WARNING! The following IdP volumes are mounted directly below another volume where anonymous users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by anonymous users UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+        self.idp_warn = []
+        self.idp_err = []
         for idp_vp in self.idp_vols:
-            parent_vp = vsplit(idp_vp)[0]
-            vn, _ = vfs.get(parent_vp, "*", False, False)
-            zs = (
-                "READABLE"
-                if "*" in vn.axs.uread
-                else "WRITABLE"
-                if "*" in vn.axs.uwrite
-                else ""
-            )
-            if zs:
-                t = '\nWARNING: Volume "/%s" appears below "/%s" and would be WORLD-%s'
-                idp_err += t % (idp_vp, vn.vpath, zs)
-        if "\n" in idp_err:
-            self.log(idp_err, 1)
+            idp_vn, _ = vfs.get(idp_vp, "*", False, False)
+            idp_vp0 = idp_vn.vpath0
+
+            sigils = set(re.findall(r"(\${[ug][}%])", idp_vp0))
+            if len(sigils) > 1:
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has multiple IdP placeholders: %s'
+                self.idp_warn.append(t % (idp_vp, idp_vp0, list(sigils)))
+                continue
+
+            sigil = sigils.pop()
+            par_vp = idp_vp
+            while par_vp:
+                par_vp = vsplit(par_vp)[0]
+                par_vn, _ = vfs.get(par_vp, "*", False, False)
+                if sigil in par_vn.vpath0:
+                    continue  # parent was spawned for and by same user
+
+                oth_read = []
+                oth_write = []
+                for usr in par_vn.axs.uread:
+                    if usr not in idp_vn.axs.uread:
+                        oth_read.append(usr)
+                for usr in par_vn.axs.uwrite:
+                    if usr not in idp_vn.axs.uwrite:
+                        oth_write.append(usr)
+
+                if "*" in oth_read:
+                    taxs = "WORLD-READABLE"
+                elif "*" in oth_write:
+                    taxs = "WORLD-WRITABLE"
+                elif oth_read:
+                    taxs = "READABLE BY %r" % (oth_read,)
+                elif oth_write:
+                    taxs = "WRITABLE BY %r" % (oth_write,)
+                else:
+                    break  # no sigil; not idp; safe to stop
+
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has parent/grandparent "/%s" and would be %s'
+                self.idp_err.append(t % (idp_vp, idp_vp0, par_vn.vpath, taxs))
+
+        if self.idp_warn:
+            t = "WARNING! Some IdP volumes include multiple IdP placeholders; this is too complex to automatically determine if safe or not. To ensure that no users gain unintended access, please use only a single placeholder for each IdP volume."
+            self.log(t + "".join(self.idp_warn), 1)
+
+        if self.idp_err:
+            t = "WARNING! The following IdP volumes are mounted below another volume where other users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by an unexpected set of permissions UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+            self.log(t + "".join(self.idp_err), 1)
 
         self.vfs = vfs
         self.acct = acct
@@ -2319,11 +2397,6 @@ class AuthSrv(object):
                 for x, y in vfs.all_vols.items()
                 if x != shr and not x.startswith(shrs)
             }
-            vfs.all_nodes = {
-                x: y
-                for x, y in vfs.all_nodes.items()
-                if x != shr and not x.startswith(shrs)
-            }
 
             assert db and cur and cur2 and shv  # type: ignore
             for row in cur.execute("select * from sh"):
@@ -2353,6 +2426,7 @@ class AuthSrv(object):
                 else:
                     shn.ls = shn._ls
 
+                shn.shr_owner = s_un
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
@@ -2370,7 +2444,7 @@ class AuthSrv(object):
                     continue  # also fine
                 for zs in svn.nodes.keys():
                     # hide subvolume
-                    vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
+                    vn.nodes[zs] = VFS(self.log_func, "", "", "", AXS(), {})
 
             cur2.close()
             cur.close()
@@ -2378,7 +2452,9 @@ class AuthSrv(object):
 
         self.js_ls = {}
         self.js_htm = {}
-        for vn in self.vfs.all_nodes.values():
+        for vp, vn in self.vfs.all_nodes.items():
+            if enshare and vp.startswith(shrs):
+                continue  # propagates later in this func
             vf = vn.flags
             vn.js_ls = {
                 "idx": "e2d" in vf,
@@ -2435,8 +2511,12 @@ class AuthSrv(object):
 
         vols = list(vfs.all_nodes.values())
         if enshare:
-            vols.append(shv)
-            vols.extend(list(shv.nodes.values()))
+            for vol in shv.nodes.values():
+                if vol.vpath not in vfs.all_nodes:
+                    self.log("BUG: /%s not in all_nodes" % (vol.vpath,), 1)
+                    vols.append(vol)
+            if shr in vfs.all_nodes:
+                self.log("BUG: %s found in all_nodes" % (shr,), 1)
 
         for vol in vols:
             dbv = vol.get_dbv("")[0]
@@ -2539,8 +2619,8 @@ class AuthSrv(object):
             if not bos.path.exists(ap):
                 pwdb = {}
             else:
-                with open(ap, "r", encoding="utf-8") as f:
-                    pwdb = json.load(f)
+                jtxt = read_utf8(self.log, ap, True)
+                pwdb = json.loads(jtxt)
 
             pwdb = [x for x in pwdb if x[0] != uname]
             pwdb.append((uname, self.defpw[uname], hpw))
@@ -2563,8 +2643,8 @@ class AuthSrv(object):
         if not self.args.chpw or not bos.path.exists(ap):
             return
 
-        with open(ap, "r", encoding="utf-8") as f:
-            pwdb = json.load(f)
+        jtxt = read_utf8(self.log, ap, True)
+        pwdb = json.loads(jtxt)
 
         useen = set()
         urst = set()
@@ -3060,8 +3140,9 @@ def expand_config_file(
     ipath += " -> " + fp
     ret.append("#\033[36m opening cfg file{}\033[0m".format(ipath))
 
-    with open(fp, "rb") as f:
-        for oln in [x.decode("utf-8").rstrip() for x in f]:
+    cfg_lines = read_utf8(log, fp, True).split("\n")
+    if True:  # diff-golf
+        for oln in [x.rstrip() for x in cfg_lines]:
             ln = oln.split("  #")[0].strip()
             if ln.startswith("% "):
                 pad = " " * len(oln.split("%")[0])

copyparty/cfg.py

@@ -52,9 +52,11 @@ def vf_bmap()   :
         "og_s_title",
         "rand",
         "rss",
+        "wo_up_readme",
         "xdev",
         "xlink",
         "xvol",
+        "zipmaxu",
     ):
         ret[k] = k
     return ret
@@ -101,6 +103,9 @@ def vf_vmap()   :
         "u2ts",
         "ups_who",
         "zip_who",
+        "zipmaxn",
+        "zipmaxs",
+        "zipmaxt",
     ):
         ret[k] = k
     return ret
@@ -169,6 +174,7 @@ flagcats = {
         "vmaxb=1g": "total volume size max 1 GiB (suffixes: b, k, m, g, t)",
         "vmaxn=4k": "max 4096 files in volume (suffixes: b, k, m, g, t)",
         "medialinks": "return medialinks for non-up2k uploads (not hotlinks)",
+        "wo_up_readme": "write-only users can upload logues without getting renamed",
         "rand": "force randomized filenames, 9 chars long by default",
         "nrand=N": "randomized filenames are N chars long",
         "u2ow=N": "overwrite existing files? 0=no 1=if-older 2=always",
@@ -299,6 +305,10 @@ flagcats = {
         "rss": "allow '?rss' URL suffix (experimental)",
         "ups_who=2": "restrict viewing the list of recent uploads",
         "zip_who=2": "restrict access to download-as-zip/tar",
+        "zipmaxn=9k": "reject download-as-zip if more than 9000 files",
+        "zipmaxs=2g": "reject download-as-zip if size over 2 GiB",
+        "zipmaxt=no": "reply with 'no' if download-as-zip exceeds max",
+        "zipmaxu": "zip-size-limit does not apply to authenticated users",
         "nopipe": "disable race-the-beam (download unfinished uploads)",
         "mv_retry": "ms-windows: timeout for renaming busy files",
         "rm_retry": "ms-windows: timeout for deleting busy files",

copyparty/fsutil.py

@@ -72,7 +72,7 @@ class Fstab(object):
             return vid
 
     def build_fallback(self)  :
-        self.tab = VFS(self.log_func, "idk", "/", AXS(), {})
+        self.tab = VFS(self.log_func, "idk", "/", "/", AXS(), {})
         self.trusted = False
 
     def build_tab(self)  :
@@ -105,9 +105,10 @@ class Fstab(object):
 
         tab1.sort(key=lambda x: (len(x[0]), x[0]))
         path1, fs1 = tab1[0]
-        tab = VFS(self.log_func, fs1, path1, AXS(), {})
+        tab = VFS(self.log_func, fs1, path1, path1, AXS(), {})
         for path, fs in tab1[1:]:
-            tab.add(fs, path.lstrip("/"))
+            zs = path.lstrip("/")
+            tab.add(fs, zs, zs)
 
         self.tab = tab
         self.srctab = srctab
@@ -123,9 +124,10 @@ class Fstab(object):
         if not self.trusted:
             # no mtab access; have to build as we go
             if "/" in rem:
-                self.tab.add("idk", os.path.join(vn.vpath, rem.split("/")[0]))
+                zs = os.path.join(vn.vpath, rem.split("/")[0])
+                self.tab.add("idk", zs, zs)
             if rem:
-                self.tab.add(nval, path)
+                self.tab.add(nval, path, path)
             else:
                 vn.realpath = nval