copyparty 1.17.2__py3-none-any.whl → 1.18.1__py3-none-any.whl

copyparty/httpcli.py

@@ -1294,6 +1294,9 @@ class HttpCli(object):
             if "ru" in self.uparam:
                 return self.tx_rups()
 
+            if "idp" in self.uparam:
+                return self.tx_idp()
+
         if "h" in self.uparam:
             return self.tx_mounts()
 
@@ -1407,7 +1410,13 @@ class HttpCli(object):
         except:
             pass
 
+        ap = ""
+        use_magic = "rmagic" in self.vn.flags
+
         for i in hits:
+            if use_magic:
+                ap = os.path.join(self.vn.realpath, i["rp"])
+
             iurl = html_escape("%s%s" % (baseurl, i["rp"]), True, True)
             title = unquotep(i["rp"].split("?")[0].split("/")[-1])
             title = html_escape(title, True, True)
@@ -1415,7 +1424,7 @@ class HttpCli(object):
             tag_a = str(i["tags"].get("artist") or "")
             desc = "%s - %s" % (tag_a, tag_t) if tag_t and tag_a else (tag_t or tag_a)
             desc = html_escape(desc, True, True) if desc else title
-            mime = html_escape(guess_mime(title))
+            mime = html_escape(guess_mime(title, ap))
             lmod = formatdate(max(0, i["ts"]))
             zsa = (iurl, iurl, title, desc, lmod, iurl, mime, i["sz"])
             zs = (
@@ -1568,6 +1577,9 @@ class HttpCli(object):
             None, 207, "text/xml; charset=" + enc, {"Transfer-Encoding": "chunked"}
         )
 
+        ap = ""
+        use_magic = "rmagic" in vn.flags
+
         ret = '<?xml version="1.0" encoding="{}"?>\n<D:multistatus xmlns:D="DAV:">'
         ret = ret.format(uenc)
         for x in fgen:
@@ -1594,7 +1606,9 @@ class HttpCli(object):
                 "supportedlock": '<D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry>',
             }
             if not isdir:
-                pvs["getcontenttype"] = html_escape(guess_mime(rp))
+                if use_magic:
+                    ap = os.path.join(tap, x["vp"])
+                pvs["getcontenttype"] = html_escape(guess_mime(rp, ap))
                 pvs["getcontentlength"] = str(st.st_size)
 
             for k, v in pvs.items():
@@ -2705,6 +2719,7 @@ class HttpCli(object):
         locked = chashes  # remaining chunks to be received in this request
         written = []  # chunks written to disk, but not yet released by up2k
         num_left = -1  # num chunks left according to most recent up2k release
+        bail1 = False  # used in sad path to avoid contradicting error-text
         treport = time.time()  # ratelimit up2k reporting to reduce overhead
 
         if "x-up2k-subc" in self.headers:
@@ -2843,7 +2858,6 @@ class HttpCli(object):
             except:
                 # maybe busted handle (eg. disk went full)
                 f.close()
-                chashes = []  # exception flag
                 raise
         finally:
             if locked:
@@ -2852,13 +2866,14 @@ class HttpCli(object):
                 num_left, t = x.get()
                 if num_left < 0:
                     self.loud_reply(t, status=500)
-                    if chashes:  # kills exception bubbling otherwise
-                        return False
+                    bail1 = True
                 else:
                     t = "got %d more chunks, %d left"
                     self.log(t % (len(written), num_left), 6)
 
         if num_left < 0:
+            if bail1:
+                return False
             raise Pebkac(500, "unconfirmed; see serverlog")
 
         if not num_left and fpool:
@@ -3795,6 +3810,20 @@ class HttpCli(object):
 
         return txt
 
+    def _can_tail(self, volflags  )  :
+        zp = self.args.ua_nodoc
+        if zp and zp.search(self.ua):
+            t = "this URL contains no valuable information for bots/crawlers"
+            raise Pebkac(403, t)
+        lvl = volflags["tail_who"]
+        if "notail" in volflags or not lvl:
+            raise Pebkac(400, "tail is disabled in server config")
+        elif lvl <= 1 and not self.can_admin:
+            raise Pebkac(400, "tail is admin-only on this server")
+        elif lvl <= 2 and self.uname in ("", "*"):
+            raise Pebkac(400, "you must be authenticated to use ?tail on this server")
+        return True
+
     def _can_zip(self, volflags  )  :
         lvl = volflags["zip_who"]
         if self.args.no_zip or not lvl:
@@ -3939,6 +3968,8 @@ class HttpCli(object):
         logmsg = "{:4} {} ".format("", self.req)
         logtail = ""
 
+        is_tail = "tail" in self.uparam and self._can_tail(self.vn.flags)
+
         if ptop is not None:
             ap_data = "<%s>" % (req_path,)
             try:
@@ -4051,6 +4082,7 @@ class HttpCli(object):
             and can_range
             and file_sz
             and "," not in hrange
+            and not is_tail
         ):
             try:
                 if not hrange.lower().startswith("bytes"):
@@ -4119,6 +4151,8 @@ class HttpCli(object):
             mime = "text/plain; charset={}".format(self.uparam["txt"] or "utf-8")
         elif "mime" in self.uparam:
             mime = str(self.uparam.get("mime"))
+        elif "rmagic" in self.vn.flags:
+            mime = guess_mime(req_path, fs_path)
         else:
             mime = guess_mime(req_path)
 
@@ -4136,13 +4170,18 @@ class HttpCli(object):
             return True
 
         dls = self.conn.hsrv.dls
+        if is_tail:
+            upper = 1 << 30
+            if len(dls) > self.args.tail_cmax:
+                raise Pebkac(400, "too many active downloads to start a new tail")
+
         if upper - lower > 0x400000:  # 4m
             now = time.time()
             self.dl_id = "%s:%s" % (self.ip, self.addr[1])
             dls[self.dl_id] = (now, 0)
             self.conn.hsrv.dli[self.dl_id] = (
                 now,
-                upper - lower,
+                0 if is_tail else upper - lower,
                 self.vn,
                 self.vpath,
                 self.uname,
@@ -4152,6 +4191,9 @@ class HttpCli(object):
             return self.tx_pipe(
                 ptop, req_path, ap_data, job, lower, upper, status, mime, logmsg
             )
+        elif is_tail:
+            self.tx_tail(open_args, status, mime)
+            return False
 
         ret = True
         with open_func(*open_args) as f:
@@ -4181,6 +4223,131 @@ class HttpCli(object):
 
         return ret
 
+    def tx_tail(
+        self,
+        open_args ,
+        status ,
+        mime ,
+    )  :
+        vf = self.vn.flags
+        self.send_headers(length=None, status=status, mime=mime)
+        abspath  = open_args[0]
+        sec_rate = vf["tail_rate"]
+        sec_max = vf["tail_tmax"]
+        sec_fd = vf["tail_fd"]
+        sec_ka = self.args.tail_ka
+        wr_slp = self.args.s_wr_slp
+        wr_sz = self.args.s_wr_sz
+        dls = self.conn.hsrv.dls
+        dl_id = self.dl_id
+
+        # non-numeric = full file from start
+        # positive = absolute offset from start
+        # negative = start that many bytes from eof
+        try:
+            ofs = int(self.uparam["tail"])
+        except:
+            ofs = 0
+
+        t0 = time.time()
+        ofs0 = ofs
+        f = None
+        try:
+            st = os.stat(abspath)
+            f = open(*open_args)
+            f.seek(0, os.SEEK_END)
+            eof = f.tell()
+            f.seek(0)
+            if ofs < 0:
+                ofs = max(0, ofs + eof)
+
+            self.log("tailing from byte %d: %r" % (ofs, abspath), 6)
+
+            # send initial data asap
+            remains = sendfile_py(
+                self.log,  # d/c
+                ofs,
+                eof,
+                f,
+                self.s,
+                wr_sz,
+                wr_slp,
+                False,  # d/c
+                dls,
+                dl_id,
+            )
+            sent = (eof - ofs) - remains
+            ofs = eof - remains
+            f.seek(ofs)
+
+            try:
+                st2 = os.stat(open_args[0])
+                if st.st_ino == st2.st_ino:
+                    st = st2  # for filesize
+            except:
+                pass
+
+            gone = 0
+            t_fd = t_ka = time.time()
+            while True:
+                buf = f.read(4096)
+                now = time.time()
+
+                if sec_max and now - t0 >= sec_max:
+                    self.log("max duration exceeded; kicking client", 6)
+                    zb = b"\n\n*** max duration exceeded; disconnecting ***\n"
+                    self.s.sendall(zb)
+                    break
+
+                if buf:
+                    t_fd = t_ka = now
+                    self.s.sendall(buf)
+                    sent += len(buf)
+                    dls[dl_id] = (time.time(), sent)
+                    continue
+
+                time.sleep(sec_rate)
+                if t_ka < now - sec_ka:
+                    t_ka = now
+                    self.s.send(b"\x00")
+                if t_fd < now - sec_fd:
+                    try:
+                        st2 = os.stat(open_args[0])
+                        if (
+                            st2.st_ino != st.st_ino
+                            or st2.st_size < sent
+                            or st2.st_size < st.st_size
+                        ):
+                            # open new file before closing previous to avoid toctous (open may fail; cannot null f before)
+                            f2 = open(*open_args)
+                            f.close()
+                            f = f2
+                            f.seek(0, os.SEEK_END)
+                            eof = f.tell()
+                            if eof < sent:
+                                ofs = sent = 0  # shrunk; send from start
+                                zb = b"\n\n*** file size decreased -- rewinding to the start of the file ***\n\n"
+                                self.s.sendall(zb)
+                                if ofs0 < 0 and eof > -ofs0:
+                                    ofs = eof + ofs0
+                            else:
+                                ofs = sent  # just new fd? resume from same ofs
+                            f.seek(ofs)
+                            self.log("reopened at byte %d: %r" % (ofs, abspath), 6)
+                            gone = 0
+                        st = st2
+                    except:
+                        gone += 1
+                        if gone > 3:
+                            self.log("file deleted; disconnecting")
+                            break
+        except IOError as ex:
+            if ex.errno not in (errno.EPIPE, errno.ESHUTDOWN, errno.EBADFD):
+                raise
+        finally:
+            if f:
+                f.close()
+
     def tx_pipe(
         self,
         ptop ,
@@ -4740,7 +4907,6 @@ class HttpCli(object):
             if zi == 2 or (zi == 1 and self.avol):
                 dl_list = self.get_dls()
         for t0, t1, sent, sz, vp, dl_id, uname in dl_list:
-            rem = sz - sent
             td = max(0.1, now - t0)
             rd, fn = vsplit(vp)
             if not rd:
@@ -4914,15 +5080,24 @@ class HttpCli(object):
         return ""  # unhandled / fallthrough
 
     def scanvol(self)  :
-        if not self.can_admin:
-            raise Pebkac(403, "'scanvol' not allowed for user " + self.uname)
-
         if self.args.no_rescan:
             raise Pebkac(403, "the rescan feature is disabled in server config")
 
-        vn, _ = self.asrv.vfs.get(self.vpath, self.uname, True, True)
+        vpaths = self.uparam["scan"].split(",/")
+        if vpaths == [""]:
+            vpaths = [self.vpath]
+
+        vols = []
+        for vpath in vpaths:
+            vn, _ = self.asrv.vfs.get(vpath, self.uname, True, True)
+            vols.append(vn.vpath)
+            if self.uname not in vn.axs.uadmin:
+                self.log("rejected scanning [%s] => [%s];" % (vpath, vn.vpath), 3)
+                raise Pebkac(403, "'scanvol' not allowed for user " + self.uname)
+
+        self.log("trying to rescan %d volumes: %r" % (len(vols), vols))
 
-        args = [self.asrv.vfs.all_vols, [vn.vpath], False, True]
+        args = [self.asrv.vfs.all_vols, vols, False, True]
 
         x = self.conn.hsrv.broker.ask("up2k.rescan", *args)
         err = x.get()
@@ -5341,6 +5516,32 @@ class HttpCli(object):
         self.reply(html.encode("utf-8"), status=200)
         return True
 
+    def tx_idp(self)  :
+        if self.uname.lower() not in self.args.idp_adm_set:
+            raise Pebkac(403, "'idp' not allowed for user " + self.uname)
+
+        cmd = self.uparam["idp"]
+        if cmd.startswith("rm="):
+            import sqlite3
+
+            db = sqlite3.connect(self.args.idp_db)
+            db.execute("delete from us where un=?", (cmd[3:],))
+            db.commit()
+            db.close()
+
+            self.conn.hsrv.broker.ask("reload", False, False).get()
+
+            self.redirect("", "?idp")
+            return True
+
+        rows = [
+            [k, "[%s]" % ("], [".join(v))]
+            for k, v in sorted(self.asrv.idp_accs.items())
+        ]
+        html = self.j2s("idp", this=self, rows=rows, now=int(time.time()))
+        self.reply(html.encode("utf-8"), status=200)
+        return True
+
     def tx_shares(self)  :
         if self.uname == "*":
             self.loud_reply("you're not logged in")
@@ -5415,7 +5616,7 @@ class HttpCli(object):
             self.conn.hsrv.broker.ask("reload", False, False).get()
             self.conn.hsrv.broker.ask("up2k.wake_rescanner").get()
 
-        self.redirect(self.args.SRS + "?shares")
+        self.redirect("", "?shares")
         return True
 
     def handle_share(self, req  )  :

copyparty/httpconn.py

@@ -219,3 +219,6 @@ class HttpConn(object):
             if self.u2idx:
                 self.hsrv.put_u2idx(str(self.addr), self.u2idx)
                 self.u2idx = None
+
+            if self.rproxy:
+                self.set_rproxy()

copyparty/httpsrv.py

@@ -171,6 +171,7 @@ class HttpSrv(object):
             "browser",
             "browser2",
             "cf",
+            "idp",
             "md",
             "mde",
             "msg",
@@ -308,6 +309,8 @@ class HttpSrv(object):
 
         Daemon(self.broker.say, "sig-hsrv-up1", ("cb_httpsrv_up",))
 
+        saddr = ("", 0)  # fwd-decl for `except TypeError as ex:`
+
         while not self.stopping:
             if self.args.log_conn:
                 self.log(self.name, "|%sC-ncli" % ("-" * 1,), c="90")
@@ -389,6 +392,19 @@ class HttpSrv(object):
                 self.log(self.name, "accept({}): {}".format(fno, ex), c=6)
                 time.sleep(0.02)
                 continue
+            except TypeError as ex:
+                # on macOS, accept() may return a None saddr if blocked by LittleSnitch;
+                # unicode(saddr[0]) ==> TypeError: 'NoneType' object is not subscriptable
+                if tcp and not saddr:
+                    t = "accept(%s): failed to accept connection from client due to firewall or network issue"
+                    self.log(self.name, t % (fno,), c=3)
+                    try:
+                        sck.close()  # type: ignore
+                    except:
+                        pass
+                    time.sleep(0.02)
+                    continue
+                raise
 
             if self.args.log_conn:
                 t = "|{}C-acc2 \033[0;36m{} \033[3{}m{}".format(

copyparty/svchub.py

@@ -82,6 +82,7 @@ if PY2:
     range = xrange  # type: ignore
 
 
+VER_IDP_DB = 1
 VER_SESSION_DB = 1
 VER_SHARES_DB = 2
 
@@ -252,11 +253,15 @@ class SvcHub(object):
                 self.log("root", "effective %s is %s" % (zs, getattr(args, zs)))
 
         if args.ah_cli or args.ah_gen:
+            args.idp_store = 0
             args.no_ses = True
             args.shr = ""
 
+        if args.idp_store and args.idp_h_usr:
+            self.setup_db("idp")
+
         if not self.args.no_ses:
-            self.setup_session_db()
+            self.setup_db("ses")
 
         args.shr1 = ""
         if args.shr:
@@ -415,25 +420,57 @@ class SvcHub(object):
             except:
                 pass
 
-    def setup_session_db(self)  :
+    def _db_onfail_ses(self)  :
+        self.args.no_ses = True
+
+    def _db_onfail_idp(self)  :
+        self.args.idp_store = 0
+
+    def setup_db(self, which )  :
+        """
+        the "non-mission-critical" databases; if something looks broken then just nuke it
+        """
+        if which == "ses":
+            native_ver = VER_SESSION_DB
+            db_path = self.args.ses_db
+            desc = "sessions-db"
+            pathopt = "ses-db"
+            sanchk_q = "select count(*) from us"
+            createfun = self._create_session_db
+            failfun = self._db_onfail_ses
+        elif which == "idp":
+            native_ver = VER_IDP_DB
+            db_path = self.args.idp_db
+            desc = "idp-db"
+            pathopt = "idp-db"
+            sanchk_q = "select count(*) from us"
+            createfun = self._create_idp_db
+            failfun = self._db_onfail_idp
+        else:
+            raise Exception("unknown cachetype")
+
+        if not db_path.endswith(".db"):
+            zs = "config option --%s (the %s) was configured to [%s] which is invalid; must be a filepath ending with .db"
+            self.log("root", zs % (pathopt, desc, db_path), 1)
+            raise Exception(BAD_CFG)
+
         if not HAVE_SQLITE3:
-            self.args.no_ses = True
-            t = "WARNING: sqlite3 not available; disabling sessions, will use plaintext passwords in cookies"
-            self.log("root", t, 3)
+            failfun()
+            if which == "ses":
+                zs = "disabling sessions, will use plaintext passwords in cookies"
+            elif which == "idp":
+                zs = "disabling idp-db, will be unable to remember IdP-volumes after a restart"
+            self.log("root", "WARNING: sqlite3 not available; %s" % (zs,), 3)
             return
 
 
-        # policy:
-        # the sessions-db is whatever, if something looks broken then just nuke it
-
-        db_path = self.args.ses_db
         db_lock = db_path + ".lock"
         try:
             create = not os.path.getsize(db_path)
         except:
             create = True
         zs = "creating new" if create else "opening"
-        self.log("root", "%s sessions-db %s" % (zs, db_path))
+        self.log("root", "%s %s %s" % (zs, desc, db_path))
 
         for tries in range(2):
             sver = 0
@@ -443,17 +480,19 @@ class SvcHub(object):
                 try:
                     zs = "select v from kv where k='sver'"
                     sver = cur.execute(zs).fetchall()[0][0]
-                    if sver > VER_SESSION_DB:
-                        zs = "this version of copyparty only understands session-db v%d and older; the db is v%d"
-                        raise Exception(zs % (VER_SESSION_DB, sver))
+                    if sver > native_ver:
+                        zs = "this version of copyparty only understands %s v%d and older; the db is v%d"
+                        raise Exception(zs % (desc, native_ver, sver))
 
-                    cur.execute("select count(*) from us").fetchone()
+                    cur.execute(sanchk_q).fetchone()
                 except:
                     if sver:
                         raise
-                    sver = 1
-                    self._create_session_db(cur)
-                err = self._verify_session_db(cur, sver, db_path)
+                    sver = createfun(cur)
+
+                err = self._verify_db(
+                    cur, which, pathopt, db_path, desc, sver, native_ver
+                )
                 if err:
                     tries = 99
                     self.args.no_ses = True
@@ -461,10 +500,10 @@ class SvcHub(object):
                 break
 
             except Exception as ex:
-                if tries or sver > VER_SESSION_DB:
+                if tries or sver > native_ver:
                     raise
-                t = "sessions-db is unusable; deleting and recreating: %r"
-                self.log("root", t % (ex,), 3)
+                t = "%s is unusable; deleting and recreating: %r"
+                self.log("root", t % (desc, ex), 3)
                 try:
                     cur.close()  # type: ignore
                 except:
@@ -492,8 +531,31 @@ class SvcHub(object):
         for cmd in sch:
             cur.execute(cmd)
         self.log("root", "created new sessions-db")
+        return 1
 
-    def _verify_session_db(self, cur , sver , db_path )  :
+    def _create_idp_db(self, cur )  :
+        sch = [
+            r"create table kv (k text, v int)",
+            r"create table us (un text, gs text)",
+            # username, groups
+            r"create index us_un on us(un)",
+            r"insert into kv values ('sver', 1)",
+        ]
+        for cmd in sch:
+            cur.execute(cmd)
+        self.log("root", "created new idp-db")
+        return 1
+
+    def _verify_db(
+        self,
+        cur ,
+        which ,
+        pathopt ,
+        db_path ,
+        desc ,
+        sver ,
+        native_ver ,
+    )  :
         # ensure writable (maybe owned by other user)
         db = cur.connection
 
@@ -505,9 +567,16 @@ class SvcHub(object):
         except:
             owner = 0
 
+        if which == "ses":
+            cons = "Will now disable sessions and instead use plaintext passwords in cookies."
+        elif which == "idp":
+            cons = "Each IdP-volume will not become available until its associated user sends their first request."
+        else:
+            raise Exception()
+
         if not lock_file(db_path + ".lock"):
-            t = "the sessions-db [%s] is already in use by another copyparty instance (pid:%d). This is not supported; please provide another database with --ses-db or give this copyparty-instance its entirely separate config-folder by setting another path in the XDG_CONFIG_HOME env-var. You can also disable this safeguard by setting env-var PRTY_NO_DB_LOCK=1. Will now disable sessions and instead use plaintext passwords in cookies."
-            return t % (db_path, owner)
+            t = "the %s [%s] is already in use by another copyparty instance (pid:%d). This is not supported; please provide another database with --%s or give this copyparty-instance its entirely separate config-folder by setting another path in the XDG_CONFIG_HOME env-var. You can also disable this safeguard by setting env-var PRTY_NO_DB_LOCK=1. %s"
+            return t % (desc, db_path, owner, pathopt, cons)
 
         vars = (("pid", os.getpid()), ("ts", int(time.time() * 1000)))
         if owner:
@@ -519,9 +588,9 @@ class SvcHub(object):
             for k, v in vars:
                 cur.execute("insert into kv values(?, ?)", (k, v))
 
-        if sver < VER_SESSION_DB:
+        if sver < native_ver:
             cur.execute("delete from kv where k='sver'")
-            cur.execute("insert into kv values('sver',?)", (VER_SESSION_DB,))
+            cur.execute("insert into kv values('sver',?)", (native_ver,))
 
         db.commit()
         cur.close()
@@ -870,6 +939,12 @@ class SvcHub(object):
                 vs = os.path.expandvars(os.path.expanduser(vs))
                 setattr(al, k, vs)
 
+        for k in "idp_adm".split(" "):
+            vs = getattr(al, k)
+            vsa = [x.strip() for x in vs.split(",")]
+            vsa = [x.lower() for x in vsa if x]
+            setattr(al, k + "_set", set(vsa))
+
         zs = "dav_ua1 sus_urls nonsus_urls ua_nodoc ua_nozip"
         for k in zs.split(" "):
             vs = getattr(al, k)

copyparty/th_srv.py

@@ -93,6 +93,10 @@ try:
         if os.environ.get("PRTY_NO_PIL_AVIF"):
             raise Exception()
 
+        if ".avif" in Image.registered_extensions():
+            HAVE_AVIF = True
+            raise Exception()
+
         import pillow_avif  # noqa: F401  # pylint: disable=unused-import
 
         HAVE_AVIF = True

copyparty/util.py

@@ -153,9 +153,15 @@ try:
 except:
     HAVE_PSUTIL = False
 
-if TYPE_CHECKING:
+try:
+    if os.environ.get("PRTY_NO_MAGIC"):
+        raise Exception()
+
     import magic
+except:
+    pass
 
+if TYPE_CHECKING:
     from .authsrv import VFS
     from .broker_util import BrokerCli
     from .up2k import Up2k
@@ -1174,8 +1180,6 @@ class Magician(object):
         self.magic  = None
 
     def ext(self, fpath )  :
-        import magic
-
         try:
             if self.bad_magic:
                 raise Exception()
@@ -3065,11 +3069,13 @@ def unescape_cookie(orig )  :
     return "".join(ret)
 
 
-def guess_mime(url , fallback  = "application/octet-stream")  :
+def guess_mime(
+    url , path  = "", fallback  = "application/octet-stream"
+)  :
     try:
         ext = url.rsplit(".", 1)[1].lower()
     except:
-        return fallback
+        ext = ""
 
     ret = MIMES.get(ext)
 
@@ -3077,6 +3083,16 @@ def guess_mime(url , fallback  = "application/octet-stream")  :
         x = mimetypes.guess_type(url)
         ret = "application/{}".format(x[1]) if x[1] else x[0]
 
+    if not ret and path:
+        try:
+            with open(fsenc(path), "rb", 0) as f:
+                ret = magic.from_buffer(f.read(4096), mime=True)
+                if ret.startswith("text/htm"):
+                    # avoid serving up HTML content unless there was actually a .html extension
+                    ret = "text/plain"
+        except Exception as ex:
+            pass
+
     if not ret:
         ret = fallback