copyparty 1.16.17__py3-none-any.whl → 1.16.19__py3-none-any.whl

copyparty/__init__.py

@@ -11,7 +11,7 @@ _=(0,0)  # _____________________________________________________________________
 # fmt: on
 
 try:
-    from typing import TYPE_CHECKING
+    TYPE_CHECKING = False
 except:
     TYPE_CHECKING = False
 

copyparty/__main__.py

@@ -40,6 +40,7 @@ from .cfg import flagcats, onedash
 from .svchub import SvcHub
 from .util import (
     APPLESAN_TXT,
+    BAD_BOTS,
     DEF_EXP,
     DEF_MTE,
     DEF_MTH,
@@ -221,7 +222,23 @@ def init_E(EE )  :
     if E.mod.endswith("__init__"):
         E.mod = os.path.dirname(E.mod)
 
-    if sys.platform == "win32":
+    try:
+        p = os.environ.get("XDG_CONFIG_HOME")
+        if not p:
+            raise Exception()
+        if p.startswith("~"):
+            p = os.path.expanduser(p)
+        p = os.path.abspath(os.path.realpath(p))
+        p = os.path.join(p, "copyparty")
+        if not os.path.isdir(p):
+            os.mkdir(p)
+        os.listdir(p)
+    except:
+        p = ""
+
+    if p:
+        E.cfg = p
+    elif sys.platform == "win32":
         bdir = os.environ.get("APPDATA") or os.environ.get("TEMP") or "."
         E.cfg = os.path.normpath(bdir + "/copyparty")
     elif sys.platform == "darwin":
@@ -1002,7 +1019,7 @@ def add_upload(ap):
     ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; [\033[32m-1\033[0m] = forbidden/always-off, [\033[32m0\033[0m] = default-off and warn if enabled, [\033[32m1\033[0m] = default-off, [\033[32m2\033[0m] = on, [\033[32m3\033[0m] = on and disable datecheck")
     ap2.add_argument("--u2j", metavar="JOBS", type=int, default=2, help="web-client: number of file chunks to upload in parallel; 1 or 2 is good for low-latency (same-country) connections, 4-8 for android clients, 16 for cross-atlantic (max=64)")
     ap2.add_argument("--u2sz", metavar="N,N,N", type=u, default="1,64,96", help="web-client: default upload chunksize (MiB); sets \033[33mmin,default,max\033[0m in the settings gui. Each HTTP POST will aim for \033[33mdefault\033[0m, and never exceed \033[33mmax\033[0m. Cloudflare max is 96. Big values are good for cross-atlantic but may increase HDD fragmentation on some FS. Disable this optimization with [\033[32m1,1,1\033[0m]")
-    ap2.add_argument("--u2ow", metavar="NUM", type=int, default=0, help="web-client: default setting for when to overwrite existing files; [\033[32m0\033[0m]=never, [\033[32m1\033[0m]=if-client-newer, [\033[32m2\033[0m]=always (volflag=u2ow)")
+    ap2.add_argument("--u2ow", metavar="NUM", type=int, default=0, help="web-client: default setting for when to replace/overwrite existing files; [\033[32m0\033[0m]=never, [\033[32m1\033[0m]=if-client-newer, [\033[32m2\033[0m]=always (volflag=u2ow)")
     ap2.add_argument("--u2sort", metavar="TXT", type=u, default="s", help="upload order; [\033[32ms\033[0m]=smallest-first, [\033[32mn\033[0m]=alphabetical, [\033[32mfs\033[0m]=force-s, [\033[32mfn\033[0m]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine")
     ap2.add_argument("--write-uplog", action="store_true", help="write POST reports to textfiles in working-directory")
 
@@ -1021,6 +1038,8 @@ def add_network(ap):
         ap2.add_argument("--reuseaddr", action="store_true", help="set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances")
     else:
         ap2.add_argument("--freebind", action="store_true", help="allow listening on IPs which do not yet exist, for example if the network interfaces haven't finished going up. Only makes sense for IPs other than '0.0.0.0', '127.0.0.1', '::', and '::1'. May require running as root (unless net.ipv6.ip_nonlocal_bind)")
+    ap2.add_argument("--wr-h-eps", metavar="PATH", type=u, default="", help="write list of listening-on ip:port to textfile at \033[33mPATH\033[0m when http-servers have started")
+    ap2.add_argument("--wr-h-aon", metavar="PATH", type=u, default="", help="write list of accessible-on ip:port to textfile at \033[33mPATH\033[0m when http-servers have started")
     ap2.add_argument("--s-thead", metavar="SEC", type=int, default=120, help="socket timeout (read request header)")
     ap2.add_argument("--s-tbody", metavar="SEC", type=float, default=128.0, help="socket timeout (read/write request/response bodies). Use 60 on fast servers (default is extremely safe). Disable with 0 if reverse-proxied for a 2%% speed boost")
     ap2.add_argument("--s-rd-sz", metavar="B", type=int, default=256*1024, help="socket read size in bytes (indirectly affects filesystem writes; recommendation: keep equal-to or lower-than \033[33m--iobuf\033[0m)")
@@ -1214,6 +1233,7 @@ def add_yolo(ap):
     ap2 = ap.add_argument_group('yolo options')
     ap2.add_argument("--allow-csrf", action="store_true", help="disable csrf protections; let other domains/sites impersonate you through cross-site requests")
     ap2.add_argument("--getmod", action="store_true", help="permit ?move=[...] and ?delete as GET")
+    ap2.add_argument("--wo-up-readme", action="store_true", help="allow users with write-only access to upload logues and readmes without adding the _wo_ filename prefix (volflag=wo_up_readme)")
 
 
 def add_optouts(ap):
@@ -1233,6 +1253,7 @@ def add_optouts(ap):
     ap2.add_argument("--zipmaxt", metavar="TXT", type=u, default="", help="custom errormessage when download size exceeds max (volflag=zipmaxt)")
     ap2.add_argument("--zipmaxu", action="store_true", help="authenticated users bypass the zip size limit (volflag=zipmaxu)")
     ap2.add_argument("--zip-who", metavar="LVL", type=int, default=3, help="who can download as zip/tar? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=authenticated-with-read-access, [\033[32m3\033[0m]=everyone-with-read-access (volflag=zip_who)\n\033[1;31mWARNING:\033[0m if a nested volume has a more restrictive value than a parent volume, then this will be \033[33mignored\033[0m if the download is initiated from the parent, more lenient volume")
+    ap2.add_argument("--ua-nozip", metavar="PTN", type=u, default=BAD_BOTS, help="regex of user-agents to reject from download-as-zip/tar; disable with [\033[32mno\033[0m] or blank")
     ap2.add_argument("--no-zip", action="store_true", help="disable download as zip/tar; same as \033[33m--zip-who=0\033[0m")
     ap2.add_argument("--no-tarcmp", action="store_true", help="disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...)")
     ap2.add_argument("--no-lifetime", action="store_true", help="do not allow clients (or server config) to schedule an upload to be deleted after a given time")
@@ -1380,6 +1401,7 @@ def add_db_general(ap, hcores):
     ap2.add_argument("-e2vu", action="store_true", help="on hash mismatch: update the database with the new hash")
     ap2.add_argument("-e2vp", action="store_true", help="on hash mismatch: panic and quit copyparty")
     ap2.add_argument("--hist", metavar="PATH", type=u, default="", help="where to store volume data (db, thumbs); default is a folder named \".hist\" inside each volume (volflag=hist)")
+    ap2.add_argument("--dbpath", metavar="PATH", type=u, default="", help="override where the volume databases are to be placed; default is the same as \033[33m--hist\033[0m (volflag=dbpath)")
     ap2.add_argument("--no-hash", metavar="PTN", type=u, default="", help="regex: disable hashing of matching absolute-filesystem-paths during e2ds folder scans (volflag=nohash)")
     ap2.add_argument("--no-idx", metavar="PTN", type=u, default=noidx, help="regex: disable indexing of matching absolute-filesystem-paths during e2ds folder scans (volflag=noidx)")
     ap2.add_argument("--no-dirsz", action="store_true", help="do not show total recursive size of folders in listings, show inode size instead; slightly faster (volflag=nodirsz)")
@@ -1418,11 +1440,13 @@ def add_db_metadata(ap):
 
 def add_txt(ap):
     ap2 = ap.add_argument_group('textfile options')
+    ap2.add_argument("--md-hist", metavar="TXT", type=u, default="s", help="where to store old version of markdown files; [\033[32ms\033[0m]=subfolder, [\033[32mv\033[0m]=volume-histpath, [\033[32mn\033[0m]=nope/disabled (volflag=md_hist)")
     ap2.add_argument("-mcr", metavar="SEC", type=int, default=60, help="the textfile editor will check for serverside changes every \033[33mSEC\033[0m seconds")
     ap2.add_argument("-emp", action="store_true", help="enable markdown plugins -- neat but dangerous, big XSS risk")
     ap2.add_argument("--exp", action="store_true", help="enable textfile expansion -- replace {{self.ip}} and such; see \033[33m--help-exp\033[0m (volflag=exp)")
     ap2.add_argument("--exp-md", metavar="V,V,V", type=u, default=DEF_EXP, help="comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan (volflag=exp_md)")
     ap2.add_argument("--exp-lg", metavar="V,V,V", type=u, default=DEF_EXP, help="comma/space-separated list of placeholders to expand in prologue/epilogue files (volflag=exp_lg)")
+    ap2.add_argument("--ua-nodoc", metavar="PTN", type=u, default=BAD_BOTS, help="regex of user-agents to reject from viewing documents through ?doc=[...]; disable with [\033[32mno\033[0m] or blank")
 
 
 def add_og(ap):

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 16, 17)
+VERSION = (1, 16, 19)
 CODENAME = "COPYparty"
-BUILD_DT = (2025, 3, 16)
+BUILD_DT = (2025, 4, 8)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py

@@ -353,6 +353,7 @@ class VFS(object):
         self.badcfg1 = False
         self.nodes   = {}  # child nodes
         self.histtab   = {}  # all realpath->histpath
+        self.dbpaths   = {}  # all realpath->dbpath
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
@@ -374,12 +375,13 @@ class VFS(object):
             rp = realpath + ("" if realpath.endswith(os.sep) else os.sep)
             vp = vpath + ("/" if vpath else "")
             self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
+            self.dbpath = self.histpath
             self.all_vols = {vpath: self}  # flattened recursive
             self.all_nodes = {vpath: self}  # also jumpvols/shares
             self.all_aps = [(rp, self)]
             self.all_vps = [(vp, self)]
         else:
-            self.histpath = ""
+            self.histpath = self.dbpath = ""
             self.all_vols = {}
             self.all_nodes = {}
             self.all_aps = []
@@ -454,17 +456,23 @@ class VFS(object):
 
     def _copy_flags(self, name )   :
         flags = {k: v for k, v in self.flags.items()}
+
         hist = flags.get("hist")
         if hist and hist != "-":
             zs = "{}/{}".format(hist.rstrip("/"), name)
             flags["hist"] = os.path.expandvars(os.path.expanduser(zs))
 
+        dbp = flags.get("dbpath")
+        if dbp and dbp != "-":
+            zs = "{}/{}".format(dbp.rstrip("/"), name)
+            flags["dbpath"] = os.path.expandvars(os.path.expanduser(zs))
+
         return flags
 
     def bubble_flags(self)  :
         if self.dbv:
             for k, v in self.dbv.flags.items():
-                if k not in ["hist"]:
+                if k not in ("hist", "dbpath"):
                     self.flags[k] = v
 
         for n in self.nodes.values():
@@ -1752,7 +1760,7 @@ class AuthSrv(object):
                 pass
             elif vflag:
                 vflag = os.path.expandvars(os.path.expanduser(vflag))
-                vol.histpath = uncyg(vflag) if WINDOWS else vflag
+                vol.histpath = vol.dbpath = uncyg(vflag) if WINDOWS else vflag
             elif self.args.hist:
                 for nch in range(len(hid)):
                     hpath = os.path.join(self.args.hist, hid[: nch + 1])
@@ -1773,12 +1781,45 @@ class AuthSrv(object):
                         with open(powner, "wb") as f:
                             f.write(me)
 
-                    vol.histpath = hpath
+                    vol.histpath = vol.dbpath = hpath
                     break
 
             vol.histpath = absreal(vol.histpath)
+
+        for vol in vfs.all_vols.values():
+            hid = self.hid_cache[vol.realpath]
+            vflag = vol.flags.get("dbpath")
+            if vflag == "-":
+                pass
+            elif vflag:
+                vflag = os.path.expandvars(os.path.expanduser(vflag))
+                vol.dbpath = uncyg(vflag) if WINDOWS else vflag
+            elif self.args.dbpath:
+                for nch in range(len(hid)):
+                    hpath = os.path.join(self.args.dbpath, hid[: nch + 1])
+                    bos.makedirs(hpath)
+
+                    powner = os.path.join(hpath, "owner.txt")
+                    try:
+                        with open(powner, "rb") as f:
+                            owner = f.read().rstrip()
+                    except:
+                        owner = None
+
+                    me = afsenc(vol.realpath).rstrip()
+                    if owner not in [None, me]:
+                        continue
+
+                    if owner is None:
+                        with open(powner, "wb") as f:
+                            f.write(me)
+
+                    vol.dbpath = hpath
+                    break
+
+            vol.dbpath = absreal(vol.dbpath)
             if vol.dbv:
-                if bos.path.exists(os.path.join(vol.histpath, "up2k.db")):
+                if bos.path.exists(os.path.join(vol.dbpath, "up2k.db")):
                     promote.append(vol)
                     vol.dbv = None
                 else:
@@ -1793,9 +1834,7 @@ class AuthSrv(object):
                 "\n  the following jump-volumes were generated to assist the vfs.\n  As they contain a database (probably from v0.11.11 or older),\n  they are promoted to full volumes:"
             ]
             for vol in promote:
-                ta.append(
-                    "  /{}  ({})  ({})".format(vol.vpath, vol.realpath, vol.histpath)
-                )
+                ta.append("  /%s  (%s)  (%s)" % (vol.vpath, vol.realpath, vol.dbpath))
 
             self.log("\n\n".join(ta) + "\n", c=3)
 
@@ -1806,13 +1845,27 @@ class AuthSrv(object):
             is_shr = shr and zv.vpath.split("/")[0] == shr
             if histp and not is_shr and histp in rhisttab:
                 zv2 = rhisttab[histp]
-                t = "invalid config; multiple volumes share the same histpath (database location):\n  histpath: %s\n  volume 1: /%s  [%s]\n  volume 2: %s  [%s]"
+                t = "invalid config; multiple volumes share the same histpath (database+thumbnails location):\n  histpath: %s\n  volume 1: /%s  [%s]\n  volume 2: %s  [%s]"
                 t = t % (histp, zv2.vpath, zv2.realpath, zv.vpath, zv.realpath)
                 self.log(t, 1)
                 raise Exception(t)
             rhisttab[histp] = zv
             vfs.histtab[zv.realpath] = histp
 
+        rdbpaths = {}
+        vfs.dbpaths = {}
+        for zv in vfs.all_vols.values():
+            dbp = zv.dbpath
+            is_shr = shr and zv.vpath.split("/")[0] == shr
+            if dbp and not is_shr and dbp in rdbpaths:
+                zv2 = rdbpaths[dbp]
+                t = "invalid config; multiple volumes share the same dbpath (database location):\n  dbpath: %s\n  volume 1: /%s  [%s]\n  volume 2: %s  [%s]"
+                t = t % (dbp, zv2.vpath, zv2.realpath, zv.vpath, zv.realpath)
+                self.log(t, 1)
+                raise Exception(t)
+            rdbpaths[dbp] = zv
+            vfs.dbpaths[zv.realpath] = dbp
+
         for vol in vfs.all_vols.values():
             use = False
             for k in ["zipmaxn", "zipmaxs"]:

copyparty/cfg.py

@@ -52,6 +52,7 @@ def vf_bmap()   :
         "og_s_title",
         "rand",
         "rss",
+        "wo_up_readme",
         "xdev",
         "xlink",
         "xvol",
@@ -82,6 +83,7 @@ def vf_vmap()   :
         "md_sbf",
         "lg_sba",
         "md_sba",
+        "md_hist",
         "nrand",
         "u2ow",
         "og_desc",
@@ -173,6 +175,7 @@ flagcats = {
         "vmaxb=1g": "total volume size max 1 GiB (suffixes: b, k, m, g, t)",
         "vmaxn=4k": "max 4096 files in volume (suffixes: b, k, m, g, t)",
         "medialinks": "return medialinks for non-up2k uploads (not hotlinks)",
+        "wo_up_readme": "write-only users can upload logues without getting renamed",
         "rand": "force randomized filenames, 9 chars long by default",
         "nrand=N": "randomized filenames are N chars long",
         "u2ow=N": "overwrite existing files? 0=no 1=if-older 2=always",
@@ -202,6 +205,7 @@ flagcats = {
         "d2v": "disables file verification, overrides -e2v*",
         "d2d": "disables all database stuff, overrides -e2*",
         "hist=/tmp/cdb": "puts thumbnails and indexes at that location",
+        "dbpath=/tmp/cdb": "puts indexes at that location",
         "scan=60": "scan for new files every 60sec, same as --re-maxage",
         "nohash=\\.iso$": "skips hashing file contents if path matches *.iso",
         "noidx=\\.iso$": "fully ignores the contents at paths matching *.iso",
@@ -289,6 +293,7 @@ flagcats = {
         "og_ua": "if defined: only send OG html if useragent matches this regex",
     },
     "textfiles": {
+        "md_hist": "where to put markdown backups; s=subfolder, v=volHist, n=nope",
         "exp": "enable textfile expansion; see --help-exp",
         "exp_md": "placeholders to expand in markdown files; see --help",
         "exp_lg": "placeholders to expand in prologue/epilogue; see --help",

copyparty/ftpd.py

@@ -19,6 +19,7 @@ from .__init__ import PY2, TYPE_CHECKING
 from .authsrv import VFS
 from .bos import bos
 from .util import (
+    FN_EMB,
     VF_CAREFUL,
     Daemon,
     ODict,
@@ -166,6 +167,16 @@ class FtpFs(AbstractedFS):
             fn = sanitize_fn(fn or "", "")
             vpath = vjoin(rd, fn)
             vfs, rem = self.hub.asrv.vfs.get(vpath, self.uname, r, w, m, d)
+            if (
+                w
+                and fn.lower() in FN_EMB
+                and self.h.uname not in vfs.axs.uread
+                and "wo_up_readme" not in vfs.flags
+            ):
+                fn = "_wo_" + fn
+                vpath = vjoin(rd, fn)
+                vfs, rem = self.hub.asrv.vfs.get(vpath, self.uname, r, w, m, d)
+
             if not vfs.realpath:
                 t = "No filesystem mounted at [{}]"
                 raise FSE(t.format(vpath))

copyparty/httpcli.py

@@ -4,7 +4,6 @@ from __future__ import print_function, unicode_literals
 import argparse  # typechk
 import copy
 import errno
-import gzip
 import hashlib
 import itertools
 import json
@@ -46,6 +45,7 @@ from .util import (
     APPLESAN_RE,
     BITNESS,
     DAV_ALLPROPS,
+    FN_EMB,
     HAVE_SQLITE3,
     HTTPCODE,
     META_NOBOTS,
@@ -57,6 +57,7 @@ from .util import (
     UnrecvEOF,
     WrongPostKey,
     absreal,
+    afsenc,
     alltrace,
     atomic_move,
     b64dec,
@@ -69,6 +70,7 @@ from .util import (
     get_df,
     get_spd,
     guess_mime,
+    gzip,
     gzip_file_orig_sz,
     gzip_orig_sz,
     has_resource,
@@ -2539,6 +2541,16 @@ class HttpCli(object):
         vfs, rem = self.asrv.vfs.get(self.vpath, self.uname, False, True)
         dbv, vrem = vfs.get_dbv(rem)
 
+        name = sanitize_fn(name, "")
+        if (
+            not self.can_read
+            and self.can_write
+            and name.lower() in FN_EMB
+            and "wo_up_readme" not in dbv.flags
+        ):
+            name = "_wo_" + name
+
+        body["name"] = name
         body["vtop"] = dbv.vpath
         body["ptop"] = dbv.realpath
         body["prel"] = vrem
@@ -2972,9 +2984,6 @@ class HttpCli(object):
         vfs, rem = self.asrv.vfs.get(vpath, self.uname, False, True)
         rem = sanitize_vpath(rem, "/")
         fn = vfs.canonical(rem)
-        if not fn.startswith(vfs.realpath):
-            self.log("invalid mkdir %r %r" % (self.gctx, vpath), 1)
-            raise Pebkac(422)
 
         if not nullwrite:
             fdir = os.path.dirname(fn)
@@ -3473,6 +3482,7 @@ class HttpCli(object):
 
         fp = os.path.join(fp, fn)
         rem = "{}/{}".format(rp, fn).strip("/")
+        dbv, vrem = vfs.get_dbv(rem)
 
         if not rem.endswith(".md") and not self.can_delete:
             raise Pebkac(400, "only markdown pls")
@@ -3527,13 +3537,27 @@ class HttpCli(object):
             mdir, mfile = os.path.split(fp)
             fname, fext = mfile.rsplit(".", 1) if "." in mfile else (mfile, "md")
             mfile2 = "{}.{:.3f}.{}".format(fname, srv_lastmod, fext)
-            try:
+
+            dp = ""
+            hist_cfg = dbv.flags["md_hist"]
+            if hist_cfg == "v":
+                vrd = vsplit(vrem)[0]
+                zb = hashlib.sha512(afsenc(vrd)).digest()
+                zs = ub64enc(zb).decode("ascii")[:24].lower()
+                dp = "%s/md/%s/%s/%s" % (dbv.histpath, zs[:2], zs[2:4], zs)
+                self.log("moving old version to %s/%s" % (dp, mfile2))
+                if bos.makedirs(dp):
+                    with open(os.path.join(dp, "dir.txt"), "wb") as f:
+                        f.write(afsenc(vrd))
+            elif hist_cfg == "s":
                 dp = os.path.join(mdir, ".hist")
-                bos.mkdir(dp)
-                hidedir(dp)
-            except:
-                pass
-            wrename(self.log, fp, os.path.join(mdir, ".hist", mfile2), vfs.flags)
+                try:
+                    bos.mkdir(dp)
+                    hidedir(dp)
+                except:
+                    pass
+            if dp:
+                wrename(self.log, fp, os.path.join(dp, mfile2), vfs.flags)
 
         p_field, _, p_data = next(self.parser.gen)
         if p_field != "body":
@@ -3605,13 +3629,12 @@ class HttpCli(object):
             wunlink(self.log, fp, vfs.flags)
             raise Pebkac(403, t)
 
-        vfs, rem = vfs.get_dbv(rem)
         self.conn.hsrv.broker.say(
             "up2k.hash_file",
-            vfs.realpath,
-            vfs.vpath,
-            vfs.flags,
-            vsplit(rem)[0],
+            dbv.realpath,
+            dbv.vpath,
+            dbv.flags,
+            vsplit(vrem)[0],
             fn,
             self.ip,
             new_lastmod,
@@ -3778,6 +3801,9 @@ class HttpCli(object):
             return "download-as-zip/tar is admin-only on this server"
         elif lvl <= 2 and self.uname in ("", "*"):
             return "you must be authenticated to download-as-zip/tar on this server"
+        elif self.args.ua_nozip and self.args.ua_nozip.search(self.ua):
+            t = "this URL contains no valuable information for bots/crawlers"
+            raise Pebkac(403, t)
         return ""
 
     def tx_res(self, req_path )  :
@@ -4835,7 +4861,7 @@ class HttpCli(object):
             self.reply(pt.encode("utf-8"), status=rc)
             return True
 
-        if "th" in self.ouparam:
+        if "th" in self.ouparam and str(self.ouparam["th"])[:1] in "jw":
             return self.tx_svg("e" + pt[:3])
 
         # most webdav clients will not send credentials until they
@@ -5762,7 +5788,13 @@ class HttpCli(object):
 
                 thp = None
                 if self.thumbcli and not nothumb:
-                    thp = self.thumbcli.get(dbv, vrem, int(st.st_mtime), th_fmt)
+                    try:
+                        thp = self.thumbcli.get(dbv, vrem, int(st.st_mtime), th_fmt)
+                    except Pebkac as ex:
+                        if ex.code == 500 and th_fmt[:1] in "jw":
+                            self.log("failed to convert [%s]:\n%s" % (abspath, ex), 3)
+                            return self.tx_svg("--error--\ncheck\nserver\nlog")
+                        raise
 
                 if thp:
                     return self.tx_file(thp)
@@ -5984,9 +6016,11 @@ class HttpCli(object):
         # check for old versions of files,
         # [num-backups, most-recent, hist-path]
         hist     = {}
-        histdir = os.path.join(fsroot, ".hist")
-        ptn = RE_MDV
         try:
+            if vf["md_hist"] != "s":
+                raise Exception()
+            histdir = os.path.join(fsroot, ".hist")
+            ptn = RE_MDV
             for hfn in bos.listdir(histdir):
                 m = ptn.match(hfn)
                 if not m:
@@ -6257,6 +6291,10 @@ class HttpCli(object):
 
         doc = self.uparam.get("doc") if self.can_read else None
         if doc:
+            zp = self.args.ua_nodoc
+            if zp and zp.search(self.ua):
+                t = "this URL contains no valuable information for bots/crawlers"
+                raise Pebkac(403, t)
             j2a["docname"] = doc
             doctxt = None
             dfn = lnames.get(doc.lower())

copyparty/ico.py

@@ -94,10 +94,21 @@ class Ico(object):
 <?xml version="1.0" encoding="UTF-8"?>
 <svg version="1.1" viewBox="0 0 100 {}" xmlns="http://www.w3.org/2000/svg"><g>
 <rect width="100%" height="100%" fill="#{}" />
-<text x="50%" y="50%" dominant-baseline="middle" text-anchor="middle" xml:space="preserve"
+<text x="50%" y="{}" dominant-baseline="middle" text-anchor="middle" xml:space="preserve"
   fill="#{}" font-family="monospace" font-size="14px" style="letter-spacing:.5px">{}</text>
 </g></svg>
 """
-        svg = svg.format(h, c[:6], c[6:], html_escape(ext, True))
+
+        txt = html_escape(ext, True)
+        if "\n" in txt:
+            lines = txt.split("\n")
+            n = len(lines)
+            y = "20%" if n == 2 else "10%" if n == 3 else "0"
+            zs = '<tspan x="50%%" dy="1.2em">%s</tspan>'
+            txt = "".join([zs % (x,) for x in lines])
+        else:
+            y = "50%"
+
+        svg = svg.format(h, c[:6], y, c[6:], txt)
 
         return "image/svg+xml", svg.encode("utf-8")

copyparty/mtag.py

@@ -18,6 +18,7 @@ from .util import (
     REKOBO_LKEY,
     VF_CAREFUL,
     fsenc,
+    gzip,
     min_ex,
     pybin,
     retchk,
@@ -132,8 +133,6 @@ def au_unpk(
         fd, ret = tempfile.mkstemp("." + au)
 
         if pk == "gz":
-            import gzip
-
             fi = gzip.GzipFile(abspath, mode="rb")
 
         elif pk == "xz":

copyparty/pwhash.py

@@ -15,7 +15,7 @@ try:
         raise Exception()
 
     HAVE_ARGON2 = True
-    from argon2 import __version__ as argon2ver
+    from argon2 import exceptions as argon2ex
 except:
     HAVE_ARGON2 = False