lfss 0.1.0__py3-none-any.whl → 0.2.1__py3-none-any.whl

lfss/cli/panel.py

@@ -0,0 +1,45 @@
+""" A static file server to serve frontend panel """
+import uvicorn
+from fastapi import FastAPI
+from fastapi.staticfiles import StaticFiles
+
+import argparse
+from contextlib import asynccontextmanager
+from pathlib import Path
+
+__this_dir = Path(__file__).parent
+__frontend_dir = __this_dir.parent.parent / "frontend"
+
+browser_open_config = {
+    "enabled": True,
+    "host": "",
+    "port": 0
+}
+
+@asynccontextmanager
+async def app_lifespan(app: FastAPI):
+    if browser_open_config["enabled"]:
+        import webbrowser
+        webbrowser.open(f"http://{browser_open_config['host']}:{browser_open_config['port']}")
+    yield
+
+assert (__frontend_dir / "index.html").exists(), "Frontend panel not found"
+
+app = FastAPI(lifespan=app_lifespan)
+app.mount("/", StaticFiles(directory=__frontend_dir, html=True), name="static")
+
+def main():
+    parser = argparse.ArgumentParser(description="Serve frontend panel")
+    parser.add_argument("--host", default="127.0.0.1", help="Host to serve")
+    parser.add_argument("--port", type=int, default=8009, help="Port to serve")
+    parser.add_argument("--open", action="store_true", help="Open browser")
+    args = parser.parse_args()
+
+    browser_open_config["enabled"] = args.open
+    browser_open_config["host"] = args.host
+    browser_open_config["port"] = args.port
+    
+    uvicorn.run(app, host=args.host, port=args.port)
+
+if __name__ == "__main__":
+    main()

lfss/cli/user.py

@@ -1,5 +1,14 @@
 import argparse, asyncio
-from ..src.database import Database
+from ..src.database import Database, FileReadPermission
+
+def parse_storage_size(s: str) -> int:
+    if s[-1] in 'Kk':
+        return int(s[:-1]) * 1024
+    if s[-1] in 'Mm':
+        return int(s[:-1]) * 1024 * 1024
+    if s[-1] in 'Gg':
+        return int(s[:-1]) * 1024 * 1024 * 1024
+    return int(s)
 
 async def _main():
     parser = argparse.ArgumentParser()
@@ -8,6 +17,8 @@ async def _main():
     sp_add.add_argument('username', type=str)
     sp_add.add_argument('password', type=str)
     sp_add.add_argument('--admin', action='store_true')
+    sp_add.add_argument('--permission', type=FileReadPermission, default=FileReadPermission.UNSET)
+    sp_add.add_argument('--max-storage', type=parse_storage_size, default="1G")
     
     sp_delete = sp.add_parser('delete')
     sp_delete.add_argument('username', type=str)
@@ -22,6 +33,8 @@ async def _main():
     sp_set.add_argument('username', type=str)
     sp_set.add_argument('-p', '--password', type=str, default=None)
     sp_set.add_argument('-a', '--admin', type=parse_bool, default=None)
+    sp_set.add_argument('--permission', type=int, default=None)
+    sp_set.add_argument('--max-storage', type=parse_storage_size, default=None)
     
     sp_list = sp.add_parser('list')
     sp_list.add_argument("-l", "--long", action="store_true")
@@ -31,7 +44,7 @@ async def _main():
     
     try:
         if args.subparser_name == 'add':
-            await conn.user.create_user(args.username, args.password, args.admin)
+            await conn.user.create_user(args.username, args.password, args.admin, max_storage=args.max_storage, permission=args.permission)
             user = await conn.user.get_user(args.username)
             assert user is not None
             print('User created, credential:', user.credential)
@@ -50,7 +63,7 @@ async def _main():
             if user is None:
                 print('User not found')
                 exit(1)
-            await conn.user.set_user(user.username, args.password, args.admin)
+            await conn.user.update_user(user.username, args.password, args.admin, max_storage=args.max_storage, permission=args.permission)
             user = await conn.user.get_user(args.username)
             assert user is not None
             print('User updated, credential:', user.credential)

lfss/src/database.py

@@ -14,6 +14,7 @@ from asyncio import Lock
 from .config import DATA_HOME
 from .log import get_logger
 from .utils import decode_uri_compnents
+from .error import *
 
 _g_conn: Optional[aiosqlite.Connection] = None
 
@@ -40,6 +41,12 @@ class DBConnBase(ABC):
     async def commit(self):
         await self.conn.commit()
 
+class FileReadPermission(IntEnum):
+    UNSET = 0           # not set
+    PUBLIC = 1          # accessible by anyone
+    PROTECTED = 2       # accessible by any user
+    PRIVATE = 3         # accessible by owner only (including admin)
+
 @dataclasses.dataclass
 class DBUserRecord:
     id: int
@@ -48,11 +55,13 @@ class DBUserRecord:
     is_admin: bool
     create_time: str
     last_active: str
+    max_storage: int
+    permission: 'FileReadPermission'
 
     def __str__(self):
-        return f"User {self.username} (id={self.id}, admin={self.is_admin}, created at {self.create_time}, last active at {self.last_active})"
+        return f"User {self.username} (id={self.id}, admin={self.is_admin}, created at {self.create_time}, last active at {self.last_active}), storage={self.max_storage}, permission={self.permission}"
 
-DECOY_USER = DBUserRecord(0, 'decoy', 'decoy', False, '2021-01-01 00:00:00', '2021-01-01 00:00:00')
+DECOY_USER = DBUserRecord(0, 'decoy', 'decoy', False, '2021-01-01 00:00:00', '2021-01-01 00:00:00', 0, FileReadPermission.PRIVATE)
 class UserConn(DBConnBase):
 
     @staticmethod
@@ -61,6 +70,7 @@ class UserConn(DBConnBase):
 
     async def init(self):
         await super().init()
+        # default to 1GB (1024x1024x1024 bytes)
         await self.conn.execute('''
         CREATE TABLE IF NOT EXISTS user (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -68,9 +78,18 @@ class UserConn(DBConnBase):
             credential VARCHAR(255) NOT NULL,
             is_admin BOOLEAN DEFAULT FALSE,
             create_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, 
-            last_active TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+            last_active TIMESTAMP DEFAULT CURRENT_TIMESTAMP, 
+            max_storage INTEGER DEFAULT 1073741824,
+            permission INTEGER DEFAULT 0
         )
         ''')
+        await self.conn.execute('''
+        CREATE INDEX IF NOT EXISTS idx_user_username ON user(username)
+        ''')
+        await self.conn.execute('''
+        CREATE INDEX IF NOT EXISTS idx_user_credential ON user(credential)
+        ''')
+
         return self
     
     async def get_user(self, username: str) -> Optional[DBUserRecord]:
@@ -94,37 +113,43 @@ class UserConn(DBConnBase):
         if res is None: return None
         return self.parse_record(res)
     
-    async def create_user(self, username: str, password: str, is_admin: bool = False) -> int:
+    async def create_user(
+        self, username: str, password: str, is_admin: bool = False, 
+        max_storage: int = 1073741824, permission: FileReadPermission = FileReadPermission.UNSET
+        ) -> int:
         assert not username.startswith('_'), "Error: reserved username"
         assert not ('/' in username or len(username) > 255), "Invalid username"
         assert urllib.parse.quote(username) == username, "Invalid username, must be URL safe"
         self.logger.debug(f"Creating user {username}")
         credential = hash_credential(username, password)
         assert await self.get_user(username) is None, "Duplicate username"
-        async with self.conn.execute("INSERT INTO user (username, credential, is_admin) VALUES (?, ?, ?)", (username, credential, is_admin)) as cursor:
+        async with self.conn.execute("INSERT INTO user (username, credential, is_admin, max_storage, permission) VALUES (?, ?, ?, ?, ?)", (username, credential, is_admin, max_storage, permission)) as cursor:
             self.logger.info(f"User {username} created")
             assert cursor.lastrowid is not None
             return cursor.lastrowid
     
-    async def set_user(self, username: str, password: Optional[str] = None, is_admin: Optional[bool] = None):
+    async def update_user(
+        self, username: str, password: Optional[str] = None, is_admin: Optional[bool] = None, 
+        max_storage: Optional[int] = None, permission: Optional[FileReadPermission] = None
+        ):
         assert not username.startswith('_'), "Error: reserved username"
         assert not ('/' in username or len(username) > 255), "Invalid username"
         assert urllib.parse.quote(username) == username, "Invalid username, must be URL safe"
+
+        current_record = await self.get_user(username)
+        if current_record is None:
+            raise ValueError(f"User {username} not found")
+
         if password is not None:
             credential = hash_credential(username, password)
         else:
-            async with self.conn.execute("SELECT credential FROM user WHERE username = ?", (username, )) as cursor:
-                res = await cursor.fetchone()
-                assert res is not None, f"User {username} not found"
-                credential = res[0]
+            credential = current_record.credential
         
-        if is_admin is None:
-            async with self.conn.execute("SELECT is_admin FROM user WHERE username = ?", (username, )) as cursor:
-                res = await cursor.fetchone()
-                assert res is not None, f"User {username} not found"
-                is_admin = res[0]
-
-        await self.conn.execute("UPDATE user SET credential = ?, is_admin = ? WHERE username = ?", (credential, is_admin, username))
+        if is_admin is None: is_admin = current_record.is_admin
+        if max_storage is None: max_storage = current_record.max_storage
+        if permission is None: permission = current_record.permission
+        
+        await self.conn.execute("UPDATE user SET credential = ?, is_admin = ?, max_storage = ?, permission = ? WHERE username = ?", (credential, is_admin, max_storage, permission, username))
         self.logger.info(f"User {username} updated")
     
     async def all(self):
@@ -139,11 +164,6 @@ class UserConn(DBConnBase):
         await self.conn.execute("DELETE FROM user WHERE username = ?", (username, ))
         self.logger.info(f"Delete user {username}")
 
-class FileReadPermission(IntEnum):
-    PUBLIC = 0          # accessible by anyone
-    PROTECTED = 1       # accessible by any user
-    PRIVATE = 2         # accessible by owner only (including admin)
-
 @dataclasses.dataclass
 class FileDBRecord:
     url: str
@@ -196,6 +216,25 @@ class FileConn(DBConnBase):
         )
         ''')
 
+        # user file size table
+        await self.conn.execute('''
+        CREATE TABLE IF NOT EXISTS usize (
+            user_id INTEGER PRIMARY KEY,
+            size INTEGER DEFAULT 0
+        )
+        ''')
+        # backward compatibility, since 0.2.1
+        async with self.conn.execute("SELECT * FROM user") as cursor:
+            res = await cursor.fetchall()
+        for r in res:
+            async with self.conn.execute("SELECT user_id FROM usize WHERE user_id = ?", (r[0], )) as cursor:
+                size = await cursor.fetchone()
+            if size is None:
+                async with self.conn.execute("SELECT SUM(file_size) FROM fmeta WHERE owner_id = ?", (r[0], )) as cursor:
+                    size = await cursor.fetchone()
+                if size is not None and size[0] is not None:
+                    await self.user_size_inc(r[0], size[0])
+
         return self
     
     async def get_file_record(self, url: str) -> Optional[FileDBRecord]:
@@ -291,6 +330,19 @@ class FileConn(DBConnBase):
             
         return (dirs, files)
     
+    async def user_size(self, user_id: int) -> int:
+        async with self.conn.execute("SELECT size FROM usize WHERE user_id = ?", (user_id, )) as cursor:
+            res = await cursor.fetchone()
+        if res is None:
+            return -1
+        return res[0]
+    async def user_size_inc(self, user_id: int, inc: int):
+        self.logger.debug(f"Increasing user {user_id} size by {inc}")
+        await self.conn.execute("INSERT OR REPLACE INTO usize (user_id, size) VALUES (?, COALESCE((SELECT size FROM usize WHERE user_id = ?), 0) + ?)", (user_id, user_id, inc))
+    async def user_size_dec(self, user_id: int, dec: int):
+        self.logger.debug(f"Decreasing user {user_id} size by {dec}")
+        await self.conn.execute("INSERT OR REPLACE INTO usize (user_id, size) VALUES (?, COALESCE((SELECT size FROM usize WHERE user_id = ?), 0) - ?)", (user_id, user_id, dec))
+    
     async def path_size(self, url: str, include_subpath = False) -> int:
         if not url.endswith('/'):
             url += '/'
@@ -303,24 +355,35 @@ class FileConn(DBConnBase):
         assert res is not None
         return res[0] or 0
     
-    async def set_file_record(self, url: str, owner_id: int, file_id: str, file_size: int, permission: Optional[ FileReadPermission ] = None):
+    async def set_file_record(
+        self, url: str, 
+        owner_id: Optional[int] = None, 
+        file_id: Optional[str] = None, 
+        file_size: Optional[int] = None, 
+        permission: Optional[ FileReadPermission ] = None
+        ):
         self.logger.debug(f"Updating fmeta {url}: user_id={owner_id}, file_id={file_id}")
 
         old = await self.get_file_record(url)
         if old is not None:
-            assert old.owner_id == owner_id, f"User mismatch: {old.owner_id} != {owner_id}"
-            if permission is None:
-                permission = old.permission
+            # should delete the old blob if file_id is changed
+            assert file_id is None, "Cannot update file id"
+            assert file_size is None, "Cannot update file size"
+
+            if owner_id is None: owner_id = old.owner_id
+            if permission is None: permission = old.permission
             await self.conn.execute(
                 """
-                UPDATE fmeta SET file_id = ?, file_size = ?, permission = ?, 
+                UPDATE fmeta SET owner_id = ?, file_id = ?, file_size = ?, permission = ?, 
                 access_time = CURRENT_TIMESTAMP WHERE url = ?
-                """, (file_id, file_size, permission, url))
+                """, (owner_id, file_id, file_size, permission, url))
             self.logger.info(f"File {url} updated")
         else:
             if permission is None:
-                permission = FileReadPermission.PUBLIC
+                permission = FileReadPermission.UNSET
+            assert owner_id is not None and file_id is not None and file_size is not None, "Missing required fields"
             await self.conn.execute("INSERT INTO fmeta (url, owner_id, file_id, file_size, permission) VALUES (?, ?, ?, ?, ?)", (url, owner_id, file_id, file_size, permission))
+            await self.user_size_inc(owner_id, file_size)
             self.logger.info(f"File {url} created")
     
     async def log_access(self, url: str):
@@ -330,24 +393,35 @@ class FileConn(DBConnBase):
         file_record = await self.get_file_record(url)
         if file_record is None: return
         await self.conn.execute("DELETE FROM fmeta WHERE url = ?", (url, ))
+        await self.user_size_dec(file_record.owner_id, file_record.file_size)
         self.logger.info(f"Deleted fmeta {url}")
     
     async def delete_user_file_records(self, owner_id: int):
         async with self.conn.execute("SELECT * FROM fmeta WHERE owner_id = ?", (owner_id, )) as cursor:
             res = await cursor.fetchall()
         await self.conn.execute("DELETE FROM fmeta WHERE owner_id = ?", (owner_id, ))
+        await self.conn.execute("DELETE FROM usize WHERE user_id = ?", (owner_id, ))
         self.logger.info(f"Deleted {len(res)} files for user {owner_id}") # type: ignore
     
     async def delete_path_records(self, path: str):
         """Delete all records with url starting with path"""
         async with self.conn.execute("SELECT * FROM fmeta WHERE url LIKE ?", (path + '%', )) as cursor:
+            all_f_rec = await cursor.fetchall()
+        
+        # update user size
+        async with self.conn.execute("SELECT DISTINCT owner_id FROM fmeta WHERE url LIKE ?", (path + '%', )) as cursor:
             res = await cursor.fetchall()
+            for r in res:
+                async with self.conn.execute("SELECT SUM(file_size) FROM fmeta WHERE owner_id = ? AND url LIKE ?", (r[0], path + '%')) as cursor:
+                    size = await cursor.fetchone()
+                if size is not None:
+                    await self.user_size_dec(r[0], size[0])
+        
         await self.conn.execute("DELETE FROM fmeta WHERE url LIKE ?", (path + '%', ))
-        self.logger.info(f"Deleted {len(res)} files for path {path}") # type: ignore
+        self.logger.info(f"Deleted {len(all_f_rec)} files for path {path}") # type: ignore
     
-    async def set_file_blob(self, file_id: str, blob: bytes) -> int:
+    async def set_file_blob(self, file_id: str, blob: bytes):
         await self.conn.execute("INSERT OR REPLACE INTO fdata (file_id, data) VALUES (?, ?)", (file_id, blob))
-        return len(blob)
     
     async def get_file_blob(self, file_id: str) -> Optional[bytes]:
         async with self.conn.execute("SELECT data FROM fdata WHERE file_id = ?", (file_id, )) as cursor:
@@ -402,8 +476,9 @@ class Database:
     logger = get_logger('database', global_instance=True)
 
     async def init(self):
-        await self.user.init()
-        await self.file.init()
+        async with transaction(self):
+            await self.user.init()
+            await self.file.init()
         return self
     
     async def commit(self):
@@ -435,14 +510,20 @@ class Database:
         first_component = url.split('/')[0]
         if first_component != user.username:
             if not user.is_admin:
-                raise ValueError(f"Permission denied: {user.username} cannot write to {url}")
+                raise PermissionDeniedError(f"Permission denied: {user.username} cannot write to {url}")
             else:
                 if await get_user(self, first_component) is None:
-                    raise ValueError(f"Invalid path: {first_component} is not a valid username")
+                    raise PermissionDeniedError(f"Invalid path: {first_component} is not a valid username")
+        
+        # check if fize_size is within limit
+        file_size = len(blob)
+        user_size_used = await self.file.user_size(user.id)
+        if user_size_used + file_size > user.max_storage:
+            raise StorageExceededError(f"Unable to save file, user {user.username} has storage limit of {user.max_storage}, used {user_size_used}, requested {file_size}")
 
         f_id = uuid.uuid4().hex
         async with transaction(self):
-            file_size = await self.file.set_file_blob(f_id, blob)
+            await self.file.set_file_blob(f_id, blob)
             await self.file.set_file_record(url, owner_id=user.id, file_id=f_id, file_size=file_size)
             await self.user.set_active(user.username)
 
@@ -520,4 +601,32 @@ class Database:
                 zf.writestr(rel_path, blob)
 
         buffer.seek(0)
-        return buffer
+        return buffer
+
+def check_user_permission(user: DBUserRecord, owner: DBUserRecord, file: FileDBRecord) -> tuple[bool, str]:
+    if user.is_admin:
+        return True, ""
+    
+    # check permission of the file
+    if file.permission == FileReadPermission.PRIVATE:
+        if user.id != owner.id:
+            return False, "Permission denied, private file"
+    elif file.permission == FileReadPermission.PROTECTED:
+        if user.id == 0:
+            return False, "Permission denied, protected file"
+    elif file.permission == FileReadPermission.PUBLIC:
+        return True, ""
+    else:
+        assert file.permission == FileReadPermission.UNSET
+
+    # use owner's permission as fallback
+    if owner.permission == FileReadPermission.PRIVATE:
+        if user.id != owner.id:
+            return False, "Permission denied, private user file"
+    elif owner.permission == FileReadPermission.PROTECTED:
+        if user.id == 0:
+            return False, "Permission denied, protected user file"
+    else:
+        assert owner.permission == FileReadPermission.PUBLIC or owner.permission == FileReadPermission.UNSET
+
+    return True, ""

lfss/src/error.py

@@ -0,0 +1,6 @@
+
+class LFSSExceptionBase(Exception):...
+
+class PermissionDeniedError(LFSSExceptionBase, PermissionError):...
+
+class StorageExceededError(LFSSExceptionBase):...

lfss/src/server.py

@@ -1,4 +1,5 @@
 from typing import Optional
+from functools import wraps
 
 from fastapi import FastAPI, APIRouter, Depends, Request, Response
 from fastapi.exceptions import HTTPException 
@@ -10,10 +11,11 @@ import json
 import mimetypes
 from contextlib import asynccontextmanager
 
+from .error import *
 from .log import get_logger
 from .config import MAX_BUNDLE_BYTES
 from .utils import ensure_uri_compnents
-from .database import Database, DBUserRecord, DECOY_USER, FileReadPermission
+from .database import Database, DBUserRecord, DECOY_USER, FileDBRecord, check_user_permission, FileReadPermission
 
 logger = get_logger("server")
 conn = Database()
@@ -23,12 +25,40 @@ async def lifespan(app: FastAPI):
     global conn
     await conn.init()
     yield
+    await conn.commit()
     await conn.close()
 
-async def get_current_user(token: HTTPAuthorizationCredentials = Depends(HTTPBearer(auto_error=False))):
-    if not token:
-        return DECOY_USER
-    user = await conn.user.get_user_by_credential(token.credentials)
+def handle_exception(fn):
+    @wraps(fn)
+    async def wrapper(*args, **kwargs):
+        try:
+            return await fn(*args, **kwargs)
+        except Exception as e:
+            logger.error(f"Error in {fn.__name__}: {e}")
+            if isinstance(e, HTTPException): raise e
+            elif isinstance(e, StorageExceededError): raise HTTPException(status_code=413, detail=str(e))
+            elif isinstance(e, PermissionDeniedError): raise HTTPException(status_code=403, detail=str(e))
+            else: raise HTTPException(status_code=500, detail=str(e))
+    return wrapper
+
+async def get_credential_from_params(request: Request):
+    return request.query_params.get("token")
+async def get_current_user(
+    token: HTTPAuthorizationCredentials = Depends(HTTPBearer(auto_error=False)), 
+    q_token: Optional[str] = Depends(get_credential_from_params)
+    ):
+    """
+    First try to get the user from the bearer token, 
+    if not found, try to get the user from the query parameter
+    """
+    if token:
+        user = await conn.user.get_user_by_credential(token.credentials)
+    else:
+        if not q_token:
+            return DECOY_USER
+        else:
+            user = await conn.user.get_user_by_credential(q_token)
+
     if not user:
         raise HTTPException(status_code=401, detail="Invalid token")
     return user
@@ -47,6 +77,8 @@ router_fs = APIRouter(prefix="")
 @router_fs.get("/{path:path}")
 async def get_file(path: str, asfile = False, user: DBUserRecord = Depends(get_current_user)):
     path = ensure_uri_compnents(path)
+
+    # handle directory query
     if path == "": path = "/"
     if path.endswith("/"):
         # return file under the path as json
@@ -67,23 +99,16 @@ async def get_file(path: str, asfile = False, user: DBUserRecord = Depends(get_c
             "dirs": dirs,
             "files": files
         }
-
+    
     file_record = await conn.file.get_file_record(path)
     if not file_record:
         raise HTTPException(status_code=404, detail="File not found")
-    
-    # permission check
-    perm = file_record.permission
-    if perm == FileReadPermission.PRIVATE:
-        if not user.is_admin and user.id != file_record.owner_id:
-            raise HTTPException(status_code=403, detail="Permission denied")
-        else:
-            assert path.startswith(f"{user.username}/")
-    elif perm == FileReadPermission.PROTECTED:
-        if user.id == 0:
-            raise HTTPException(status_code=403, detail="Permission denied")
-    else:
-        assert perm == FileReadPermission.PUBLIC
+
+    owner = await conn.user.get_user_by_id(file_record.owner_id)
+    assert owner is not None, "Owner not found"
+    allow_access, reason = check_user_permission(user, owner, file_record)
+    if not allow_access:
+        raise HTTPException(status_code=403, detail=reason)
     
     fname = path.split("/")[-1]
     async def send(media_type: Optional[str] = None, disposition = "attachment"):
@@ -110,7 +135,7 @@ async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get
     path = ensure_uri_compnents(path)
     if user.id == 0:
         logger.debug("Reject put request from DECOY_USER")
-        raise HTTPException(status_code=403, detail="Permission denied")
+        raise HTTPException(status_code=401, detail="Permission denied")
     if not path.startswith(f"{user.username}/") and not user.is_admin:
         logger.debug(f"Reject put request from {user.username} to {path}")
         raise HTTPException(status_code=403, detail="Permission denied")
@@ -128,20 +153,20 @@ async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get
     logger.debug(f"Content-Type: {content_type}")
     if content_type == "application/json":
         body = await request.json()
-        await conn.save_file(user.id, path, json.dumps(body).encode('utf-8'))
+        await handle_exception(conn.save_file)(user.id, path, json.dumps(body).encode('utf-8'))
     elif content_type == "application/x-www-form-urlencoded":
         # may not work...
         body = await request.form()
         file = body.get("file")
         if isinstance(file, str) or file is None:
             raise HTTPException(status_code=400, detail="Invalid form data, file required")
-        await conn.save_file(user.id, path, await file.read())
+        await handle_exception(conn.save_file)(user.id, path, await file.read())
     elif content_type == "application/octet-stream":
         body = await request.body()
-        await conn.save_file(user.id, path, body)
+        await handle_exception(conn.save_file)(user.id, path, body)
     else:
         body = await request.body()
-        await conn.save_file(user.id, path, body)
+        await handle_exception(conn.save_file)(user.id, path, body)
 
     # https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Methods/PUT
     if exists_flag:
@@ -157,7 +182,7 @@ async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get
 async def delete_file(path: str, user: DBUserRecord = Depends(get_current_user)):
     path = ensure_uri_compnents(path)
     if user.id == 0:
-        raise HTTPException(status_code=403, detail="Permission denied")
+        raise HTTPException(status_code=401, detail="Permission denied")
     if not path.startswith(f"{user.username}/") and not user.is_admin:
         raise HTTPException(status_code=403, detail="Permission denied")
     
@@ -184,12 +209,24 @@ async def bundle_files(path: str, user: DBUserRecord = Depends(get_current_user)
     if not path == "" and path[0] == "/":   # adapt to both /path and path
         path = path[1:]
     
-    # TODO: maybe check permission here...
-
-    # return bundle of files
+    owner_records_cache = {}     # cache owner records, ID -> UserRecord
+    async def is_access_granted(file_record: FileDBRecord):
+        owner_id = file_record.owner_id
+        owner = owner_records_cache.get(owner_id, None)
+        if owner is None:
+            owner = await conn.user.get_user_by_id(owner_id)
+            assert owner is not None, f"File owner not found: id={owner_id}"
+            owner_records_cache[owner_id] = owner
+            
+        allow_access, _ = check_user_permission(user, owner, file_record)
+        return allow_access
+    
     files = await conn.file.list_path(path, flat = True)
+    files = [f for f in files if await is_access_granted(f)]
     if len(files) == 0:
         raise HTTPException(status_code=404, detail="No files found")
+
+    # return bundle of files
     total_size = sum([f.file_size for f in files])
     if total_size > MAX_BUNDLE_BYTES:
         raise HTTPException(status_code=400, detail="Too large to zip")
@@ -214,6 +251,40 @@ async def get_file_meta(path: str, user: DBUserRecord = Depends(get_current_user
         raise HTTPException(status_code=404, detail="File not found")
     return file_record
 
+@router_api.post("/fmeta")
+async def update_file_meta(
+    path: str, 
+    perm: Optional[int] = None, 
+    user: DBUserRecord = Depends(get_current_user)
+    ):
+    if user.id == 0:
+        raise HTTPException(status_code=401, detail="Permission denied")
+    path = ensure_uri_compnents(path)
+    file_record = await conn.file.get_file_record(path)
+    if not file_record:
+        logger.debug(f"Reject update meta request from {user.username} to {path}")
+        raise HTTPException(status_code=404, detail="File not found")
+    
+    if not (user.is_admin or user.id == file_record.owner_id):
+        logger.debug(f"Reject update meta request from {user.username} to {path}")
+        raise HTTPException(status_code=403, detail="Permission denied")
+    
+    if perm is not None:
+        logger.info(f"Update permission of {path} to {perm}")
+        await conn.file.set_file_record(
+            url = file_record.url, 
+            permission = FileReadPermission(perm)
+        )
+    return Response(status_code=200, content="OK")
+    
+@router_api.get("/whoami")
+async def whoami(user: DBUserRecord = Depends(get_current_user)):
+    if user.id == 0:
+        raise HTTPException(status_code=401, detail="Login required")
+    user.credential = "__HIDDEN__"
+    return user
+
+
 # order matters
 app.include_router(router_api)
 app.include_router(router_fs)