copyparty 1.19.15__py3-none-any.whl → 1.19.17__py3-none-any.whl

copyparty/httpcli.py

@@ -34,8 +34,8 @@ from .__init__ import ANYWIN, RES, TYPE_CHECKING, EnvParams, unicode
 from .__version__ import S_VERSION
 from .authsrv import LEELOO_DALLAS, VFS  # typechk
 from .bos import bos
+from .qrkode import QrCode, qr2svg, qrgen
 from .star import StreamTar
-from .stolen.qrcodegen import QrCode, qr2svg
 from .sutil import StreamArc, gfilter
 from .szip import StreamZip
 from .up2k import up2k_chunksize
@@ -270,7 +270,7 @@ class HttpCli(object):
         tpl = self.conn.hsrv.j2[name]
         ka["r"] = self.args.SR if self.is_vproxied else ""
         ka["ts"] = self.conn.hsrv.cachebuster()
-        ka["lang"] = self.args.lang
+        ka["lang"] = self.cookies.get("cplng") or self.args.lang
         ka["favico"] = self.args.favico
         ka["s_doctitle"] = self.args.doctitle
         ka["tcolor"] = self.vn.flags["tcolor"]
@@ -857,6 +857,16 @@ class HttpCli(object):
             return self.conn.iphash.s(self.ip)
 
     def cbonk(self, g , v , reason , descr )  :
+        cond = self.args.dont_ban
+        if (
+            cond == "any"
+            or (cond == "auth" and self.uname != "*")
+            or (cond == "aa" and self.avol)
+            or (cond == "av" and self.can_admin)
+            or (cond == "rw" and self.can_read and self.can_write)
+        ):
+            return False
+
         self.conn.hsrv.nsus += 1
         if not g.lim:
             return False
@@ -881,7 +891,7 @@ class HttpCli(object):
             0,
             self.ip,
             time.time(),
-            reason,
+            [reason, reason],
         ):
             self.log("client banned: %s" % (descr,), 1)
             self.conn.hsrv.bans[ip] = bonk
@@ -1420,10 +1430,10 @@ class HttpCli(object):
 
         hits = idx.run_query(self.uname, [self.vn], uq, uv, False, False, nmax)[0]
 
-        pw = self.ouparam.get("pw")
-        if pw:
-            q_pw = "?pw=%s" % (html_escape(pw, True, True),)
-            a_pw = "&pw=%s" % (html_escape(pw, True, True),)
+        if "pw" in self.ouparam and "nopw" not in self.ouparam:
+            zs = self.ouparam["pw"]
+            q_pw = "?pw=%s" % (quotep(zs),)
+            a_pw = "&pw=%s" % (quotep(zs),)
             for i in hits:
                 i["rp"] += a_pw if "?" in i["rp"] else q_pw
         else:
@@ -1437,6 +1447,8 @@ class HttpCli(object):
             self.host,
         )
         feed = baseurl + self.req[1:]
+        if "pw" in self.ouparam and self.ouparam.get("nopw") == "a":
+            feed = re.sub(r"&pw=[^&]*", "", feed)
         if self.is_vproxied:
             baseurl += self.args.RS
         efeed = html_escape(feed, True, True)
@@ -1514,6 +1526,64 @@ class HttpCli(object):
         self.log("rss: %d hits, %d bytes" % (len(hits), len(bret)))
         return True
 
+    def tx_zls(self, abspath)  :
+        if self.do_log:
+            self.log("zls %s @%s" % (self.req, self.uname))
+        if self.args.no_zls:
+            raise Pebkac(405, "zip browsing is disabled in server config")
+
+        import zipfile
+
+        try:
+            with zipfile.ZipFile(abspath, "r") as zf:
+                filelist = [{"fn": f.filename} for f in zf.infolist()]
+                ret = json.dumps(filelist).encode("utf-8", "replace")
+                self.reply(ret, mime="application/json")
+                return True
+        except (zipfile.BadZipfile, RuntimeError):
+            raise Pebkac(404, "requested file is not a valid zip file")
+
+    def tx_zget(self, abspath)  :
+        maxsz = 1024 * 1024 * 64
+
+        inner_path = self.uparam.get("zget")
+        if not inner_path:
+            raise Pebkac(405, "inner path is required")
+        if self.do_log:
+            self.log(
+                "zget %s \033[35m%s\033[0m @%s" % (self.req, inner_path, self.uname)
+            )
+        if self.args.no_zls:
+            raise Pebkac(405, "zip browsing is disabled in server config")
+
+        import zipfile
+
+        try:
+            with zipfile.ZipFile(abspath, "r") as zf:
+                zi = zf.getinfo(inner_path)
+                if zi.file_size >= maxsz:
+                    raise Pebkac(404, "zip bomb defused")
+                with zf.open(zi, "r") as fi:
+                    self.send_headers(length=zi.file_size, mime=guess_mime(inner_path))
+
+                    sendfile_py(
+                        self.log,
+                        0,
+                        zi.file_size,
+                        fi,
+                        self.s,
+                        self.args.s_wr_sz,
+                        self.args.s_wr_slp,
+                        not self.args.no_poll,
+                        {},
+                        "",
+                    )
+        except KeyError:
+            raise Pebkac(404, "no such file in archive")
+        except (zipfile.BadZipfile, RuntimeError):
+            raise Pebkac(404, "requested file is not a valid zip file")
+        return True
+
     def handle_propfind(self)  :
         if self.do_log:
             self.log("PFIND %s @%s" % (self.req, self.uname))
@@ -2077,7 +2147,7 @@ class HttpCli(object):
                     t = "urlform_raw %d @ %r\n  %r\n"
                     self.log(t % (len(orig), "/" + self.vpath, orig))
                     try:
-                        zb = unquote(buf.replace(b"+", b" "))
+                        zb = unquote(buf.replace(b"+", b" ").replace(b"&", b"\n"))
                         plain = zb.decode("utf-8", "replace")
                         if buf.startswith(b"msg="):
                             plain = plain[4:]
@@ -2098,7 +2168,7 @@ class HttpCli(object):
                                     len(buf),
                                     self.ip,
                                     time.time(),
-                                    plain,
+                                    [plain, orig],
                                 )
 
                         t = "urlform_dec %d @ %r\n  %r\n"
@@ -2257,7 +2327,7 @@ class HttpCli(object):
                 remains,
                 self.ip,
                 at,
-                "",
+                None,
             )
             t = hr.get("rejectmsg") or ""
             if t or not hr:
@@ -2392,7 +2462,7 @@ class HttpCli(object):
                 post_sz,
                 self.ip,
                 at,
-                "",
+                None,
             )
             t = hr.get("rejectmsg") or ""
             if t or not hr:
@@ -3224,7 +3294,7 @@ class HttpCli(object):
                     0,
                     self.ip,
                     time.time(),
-                    "",
+                    None,
                 )
                 t = hr.get("rejectmsg") or ""
                 if t or not hr:
@@ -3396,7 +3466,7 @@ class HttpCli(object):
                         0,
                         self.ip,
                         at,
-                        "",
+                        None,
                     )
                     t = hr.get("rejectmsg") or ""
                     if t or not hr:
@@ -3503,7 +3573,7 @@ class HttpCli(object):
                             sz,
                             self.ip,
                             at,
-                            "",
+                            None,
                         )
                         t = hr.get("rejectmsg") or ""
                         if t or not hr:
@@ -3814,7 +3884,7 @@ class HttpCli(object):
                 0,
                 self.ip,
                 time.time(),
-                "",
+                None,
             )
             t = hr.get("rejectmsg") or ""
             if t or not hr:
@@ -3862,7 +3932,7 @@ class HttpCli(object):
                 sz,
                 self.ip,
                 new_lastmod,
-                "",
+                None,
             )
             t = hr.get("rejectmsg") or ""
             if t or not hr:
@@ -4929,7 +4999,7 @@ class HttpCli(object):
             url += "#" + uhash
 
         self.log("qrcode(%r)" % (url,))
-        ret = qr2svg(QrCode.encode_binary(url.encode("utf-8")), 2)
+        ret = qr2svg(qrgen(url.encode("utf-8")), 2)
         self.reply(ret.encode("utf-8"), mime="image/svg+xml")
         return True
 
@@ -4996,7 +5066,7 @@ class HttpCli(object):
             "edit": "edit" in self.uparam,
             "title": html_escape(self.vpath, crlf=True),
             "lastmod": int(ts_md * 1000),
-            "lang": self.args.lang,
+            "lang": self.cookies.get("cplng") or self.args.lang,
             "favico": self.args.favico,
             "have_emp": int(self.args.emp),
             "md_no_br": int(vn.flags.get("md_no_br") or 0),
@@ -5381,13 +5451,20 @@ class HttpCli(object):
         return self.redirect("", "?h", x.get(), "return to", False)
 
     def tx_stack(self)  :
-        if not self.avol and not [x for x in self.wvol if x in self.rvol]:
+        zs = self.args.stack_who
+        if zs == "all" or (
+            (zs == "a" and self.avol)
+            or (zs == "rw" and [x for x in self.wvol if x in self.rvol])
+        ):
+            pass
+        else:
             raise Pebkac(403, "'stack' not allowed for user " + self.uname)
 
-        if self.args.no_stack:
-            raise Pebkac(403, "the stackdump feature is disabled in server config")
-
-        ret = "<pre>{}\n{}".format(time.time(), html_escape(alltrace()))
+        ret = html_escape(alltrace(self.args.stack_v))
+        if self.args.stack_v:
+            ret = "<pre>%s\n%s" % (time.time(), ret)
+        else:
+            ret = "<pre>%s" % (ret,)
         self.reply(ret.encode("utf-8"))
         return True
 
@@ -6454,14 +6531,23 @@ class HttpCli(object):
             ):
                 return self.tx_md(vn, abspath)
 
+            if "zls" in self.uparam:
+                return self.tx_zls(abspath)
+            if "zget" in self.uparam:
+                return self.tx_zget(abspath)
+
             if not add_og or not og_fn:
-                return self.tx_file(
-                    abspath, None if st.st_size or "nopipe" in vn.flags else vn.realpath
-                )
+                if st.st_size or "nopipe" in vn.flags:
+                    return self.tx_file(abspath, None)
+                else:
+                    return self.tx_file(abspath, vn.get_dbv("")[0].realpath)
 
         elif is_dir and not self.can_read:
             if use_dirkey:
                 is_dk = True
+            elif self.can_get and "doc" in self.uparam:
+                zs = vjoin(self.vpath, self.uparam["doc"]) + "?v"
+                return self.redirect(zs, flavor="redirecting to", use302=True)
             elif not self.can_write:
                 return self.tx_404(True)
 
@@ -6469,7 +6555,7 @@ class HttpCli(object):
 
         try:
             if not self.args.nih:
-                srv_info.append(self.args.name)
+                srv_info.append(self.args.name_html)
         except:
             self.log("#wow #whoa")
 
@@ -6543,6 +6629,7 @@ class HttpCli(object):
             "acct": self.uname,
             "perms": perms,
         }
+        # also see `js_htm` in authsrv.py
         j2a = {
             "cgv1": vn.js_htm,
             "cgv": cgv,

copyparty/mdns.py

@@ -2,6 +2,7 @@
 from __future__ import print_function, unicode_literals
 
 import errno
+import os
 import random
 import select
 import socket
@@ -12,28 +13,62 @@ from ipaddress import IPv4Network, IPv6Network
 from .__init__ import TYPE_CHECKING
 from .__init__ import unicode as U
 from .multicast import MC_Sck, MCast
-from .stolen.dnslib import (
-    AAAA,
-)
-from .stolen.dnslib import CLASS as DC
-from .stolen.dnslib import (
-    NSEC,
-    PTR,
-    QTYPE,
-    RR,
-    SRV,
-    TXT,
-    A,
-    DNSHeader,
-    DNSQuestion,
-    DNSRecord,
-    set_avahi_379,
-)
 from .util import IP6_LL, CachedSet, Daemon, Netdev, list_ips, min_ex
 
+try:
+    if os.getenv("PRTY_SYS_ALL") or os.getenv("PRTY_SYS_DNSLIB"):
+        raise ImportError()
+    from .stolen.dnslib import (
+        AAAA,
+    )
+    from .stolen.dnslib import CLASS as DC
+    from .stolen.dnslib import (
+        NSEC,
+        PTR,
+        QTYPE,
+        RR,
+        SRV,
+        TXT,
+        A,
+        DNSHeader,
+        DNSQuestion,
+        DNSRecord,
+        set_avahi_379,
+    )
+
+    DNS_VND = True
+except ImportError:
+    DNS_VND = False
+    from dnslib import (
+        AAAA,
+    )
+    from dnslib import CLASS as DC
+    from dnslib import (
+        NSEC,
+        PTR,
+        QTYPE,
+        RR,
+        SRV,
+        TXT,
+        A,
+        Bimap,
+        DNSHeader,
+        DNSQuestion,
+        DNSRecord,
+    )
+
+    DC.forward[0x8001] = "F_IN"
+    DC.reverse["F_IN"] = 0x8001
+
 if TYPE_CHECKING:
     from .svchub import SvcHub
 
+if os.getenv("PRTY_MODSPEC"):
+    from inspect import getsourcefile
+
+    print("PRTY_MODSPEC: dnslib:", getsourcefile(A))
+
+
 MDNS4 = "224.0.0.251"
 MDNS6 = "ff02::fb"
 
@@ -71,7 +106,7 @@ class MDNS(MCast):
         self.ngen = ngen
         self.ttl = 300
 
-        if not self.args.zm_nwa_1:
+        if not self.args.zm_nwa_1 and DNS_VND:
             set_avahi_379()
 
         zs = self.args.zm_fqdn or (self.args.name + ".local")

copyparty/mtag.py

@@ -162,12 +162,12 @@ def au_unpk(
             znil = [x for x in znil if "cover" in x[0]] or znil
             znil = [x for x in znil if CBZ_01.search(x[0])] or znil
             t = "cbz: %d files, %d hits" % (nf, len(znil))
+            if not znil:
+                raise Exception("no images inside cbz")
             using = sorted(znil)[0][1].filename
             if znil:
                 t += ", using " + using
             log(t)
-            if not znil:
-                raise Exception("no images inside cbz")
             fi = zf.open(using)
 
         elif pk == "epub":
@@ -193,9 +193,10 @@ def au_unpk(
 
     except Exception as ex:
         if ret:
-            t = "failed to decompress audio file %r: %r"
+            t = "failed to decompress file %r: %r"
             log(t % (abspath, ex))
             wunlink(log, ret, vn.flags if vn else VF_CAREFUL)
+            return ""
 
         return abspath
 
@@ -415,10 +416,17 @@ def get_cover_from_epub(log , abspath )  :
             # This might be an EPUB2 file, try the legacy way of specifying covers
             coverimage_path = _get_cover_from_epub2(log, package_root, package_ns)
 
+        if not coverimage_path:
+            raise Exception("no cover inside epub")
+
         # This url is either absolute (in the .epub) or relative to the package document
         adjusted_cover_path = urljoin(rootfile_path, coverimage_path)
 
-        return z.open(adjusted_cover_path)
+        try:
+            return z.open(adjusted_cover_path)
+        except KeyError:
+            t = "epub: cover specified in package document, but doesn't exist: %s"
+            log(t % (adjusted_cover_path,))
 
 
 def _get_cover_from_epub2(
@@ -636,6 +644,9 @@ class MTag(object):
             return self._get(abspath)
 
         ap = au_unpk(self.log, self.args.au_unpk, abspath)
+        if not ap:
+            return {}
+
         ret = self._get(ap)
         if ap != abspath:
             wunlink(self.log, ap, VF_CAREFUL)
@@ -741,6 +752,9 @@ class MTag(object):
             ap = abspath
 
         ret   = {}
+        if not ap:
+            return ret
+
         for tagname, parser in sorted(parsers.items(), key=lambda x: (x[1].pri, x[0])):
             try:
                 cmd = [parser.bin, ap]

copyparty/qrkode.py

@@ -0,0 +1,107 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import os
+
+try:
+    if os.getenv("PRTY_SYS_ALL") or os.getenv("PRTY_SYS_QRCG"):
+        raise ImportError()
+    from .stolen.qrcodegen import QrCode
+
+    qrgen = QrCode.encode_binary
+    VENDORED = True
+except ImportError:
+    VENDORED = False
+    from qrcodegen import QrCode
+
+if os.getenv("PRTY_MODSPEC"):
+    from inspect import getsourcefile
+
+    print("PRTY_MODSPEC: qrcode:", getsourcefile(QrCode))
+
+if not VENDORED:
+
+    def _qrgen(data  )  :
+        ret = None
+        V = QrCode.Ecc
+        for e in [V.HIGH, V.QUARTILE, V.MEDIUM, V.LOW]:
+            qr = QrCode.encode_binary(data, e)
+            qr.size = qr._size
+            qr.modules = qr._modules
+            if not ret or ret.size > qr.size:
+                ret = qr
+        return ret
+
+    qrgen = _qrgen
+
+
+def qr2txt(qr , zoom  = 1, pad  = 4)  :
+    tab = qr.modules
+    sz = qr.size
+    if sz % 2 and zoom == 1:
+        tab.append([False] * sz)
+
+    tab = [[False] * sz] * pad + tab + [[False] * sz] * pad
+    tab = [[False] * pad + x + [False] * pad for x in tab]
+
+    rows  = []
+    if zoom == 1:
+        for y in range(0, len(tab), 2):
+            row = ""
+            for x in range(len(tab[y])):
+                v = 2 if tab[y][x] else 0
+                v += 1 if tab[y + 1][x] else 0
+                row += " ▄▀█"[v]
+            rows.append(row)
+    else:
+        for tr in tab:
+            row = ""
+            for zb in tr:
+                row += " █"[int(zb)] * 2
+            rows.append(row)
+
+    return "\n".join(rows)
+
+
+def qr2png(
+    qr ,
+    zoom ,
+    pad ,
+    bg   ,
+    fg   ,
+    ap ,
+)  :
+    from PIL import Image
+
+    tab = qr.modules
+    sz = qr.size
+    psz = sz + pad * 2
+    if bg:
+        img = Image.new("RGB", (psz, psz), bg)
+    else:
+        img = Image.new("RGBA", (psz, psz), (0, 0, 0, 0))
+        fg = (fg[0], fg[1], fg[2], 255)
+    for y in range(sz):
+        for x in range(sz):
+            if tab[y][x]:
+                img.putpixel((x + pad, y + pad), fg)
+    if zoom != 1:
+        img = img.resize((sz * zoom, sz * zoom), Image.Resampling.NEAREST)
+    img.save(ap)
+
+
+def qr2svg(qr , border )  :
+    parts  = []
+    for y in range(qr.size):
+        sy = border + y
+        for x in range(qr.size):
+            if qr.modules[y][x]:
+                parts.append("M%d,%dh1v1h-1z" % (border + x, sy))
+    t = """\
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 {0} {0}" stroke="none">
+<rect width="100%" height="100%" fill="#F7F7F7"/>
+<path d="{1}" fill="#111111"/>
+</svg>
+"""
+    return t.format(qr.size + border * 2, " ".join(parts))