lfss 0.2.4__tar.gz → 0.3.1__tar.gz

{lfss-0.2.4 → lfss-0.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: lfss
-Version: 0.2.4
+Version: 0.3.1
 Summary: Lightweight file storage service
 Home-page: https://github.com/MenxLi/lfss
 Author: li, mengxun
@@ -24,7 +24,7 @@ A lightweight file/object storage service!
 
 Usage: 
 ```sh
-pip install .
+pip install lfss
 lfss-user add <username> <password>
 lfss-serve
 ```
@@ -32,15 +32,15 @@ lfss-serve
 By default, the data will be stored in `.storage_data`. 
 You can change storage directory using the `LFSS_DATA` environment variable.
 
-I provide a simple client to interact with the service.  
-Just start a web server at `/frontend` and open `index.html` in your browser, or use:
+I provide a simple client to interact with the service: 
 ```sh
-lfss-panel
+lfss-panel --open
 ```
+Or, you can start a web server at `/frontend` and open `index.html` in your browser. 
 
 The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/url` path.  
-Authentication is done via `Authorization` header, with the value `Bearer <token>`.  
-You can refer to `frontend` as an application example, and `frontend/api.js` for the API usage.
+Authentication is done via `Authorization` header with the value `Bearer <token>`, or through the `token` query parameter.  
+You can refer to `frontend` as an application example, and `frontend/api.js` or `lfss.client.api.py` for the API usage.
 
 By default, the service exposes all files to the public for `GET` requests, 
 but file-listing is restricted to the user's own files.  

{lfss-0.2.4 → lfss-0.3.1}/Readme.md

@@ -5,7 +5,7 @@ A lightweight file/object storage service!
 
 Usage: 
 ```sh
-pip install .
+pip install lfss
 lfss-user add <username> <password>
 lfss-serve
 ```
@@ -13,15 +13,15 @@ lfss-serve
 By default, the data will be stored in `.storage_data`. 
 You can change storage directory using the `LFSS_DATA` environment variable.
 
-I provide a simple client to interact with the service.  
-Just start a web server at `/frontend` and open `index.html` in your browser, or use:
+I provide a simple client to interact with the service: 
 ```sh
-lfss-panel
+lfss-panel --open
 ```
+Or, you can start a web server at `/frontend` and open `index.html` in your browser. 
 
 The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/url` path.  
-Authentication is done via `Authorization` header, with the value `Bearer <token>`.  
-You can refer to `frontend` as an application example, and `frontend/api.js` for the API usage.
+Authentication is done via `Authorization` header with the value `Bearer <token>`, or through the `token` query parameter.  
+You can refer to `frontend` as an application example, and `frontend/api.js` or `lfss.client.api.py` for the API usage.
 
 By default, the service exposes all files to the public for `GET` requests, 
 but file-listing is restricted to the user's own files.  

{lfss-0.2.4 → lfss-0.3.1}/frontend/index.html

@@ -48,9 +48,11 @@
         <div class="input-group">
             <input type="file" id="file-selector" accept="*">
             <label for="file-name" id="upload-file-prefix"></label>
-            <input type="text" id="file-name" placeholder="Destination file path" autocomplete="off">
-            <span id='randomize-fname-btn'>🎲</span>
-            <button id="upload-btn">Upload</button>
+            <div class="input-group">
+                <input type="text" id="file-name" placeholder="Destination file path" autocomplete="off">
+                <span id='randomize-fname-btn'>🎲</span>
+                <button id="upload-btn">Upload</button>
+            </div>
         </div>
     </div>
 

{lfss-0.2.4 → lfss-0.3.1}/frontend/scripts.js

@@ -129,6 +129,9 @@ uploadButton.addEventListener('click', () => {
             refreshFileList();
             uploadFileNameInput.value = '';
             onFileNameInpuChange();
+        }, 
+        (err) => {
+            showPopup('Failed to upload file: ' + err, {level: 'error', timeout: 5000});
         }
     );
 });
@@ -261,7 +264,9 @@ function refreshFileList(){
 
                     const downloadButton = document.createElement('a');
                     downloadButton.textContent = 'Download';
-                    downloadButton.href = conn.config.endpoint + '/_api/bundle?path=' + dir.url + (dir.url.endsWith('/') ? '' : '/');
+                    downloadButton.href = conn.config.endpoint + '/_api/bundle?' + 
+                        'token=' + conn.config.token + '&' +
+                        'path=' + dir.url + (dir.url.endsWith('/') ? '' : '/');
                     actContainer.appendChild(downloadButton);
 
                     const deleteButton = document.createElement('a');
@@ -401,7 +406,7 @@ function refreshFileList(){
 
                     const downloadBtn = document.createElement('a');
                     downloadBtn.textContent = 'Download';
-                    downloadBtn.href = conn.config.endpoint + '/' + file.url + '?asfile=true&token=' + conn.config.token;
+                    downloadBtn.href = conn.config.endpoint + '/' + file.url + '?download=true&token=' + conn.config.token;
                     actContainer.appendChild(downloadBtn);
 
                     const deleteButton = document.createElement('a');

lfss-0.3.1/lfss/client/api.py

@@ -0,0 +1,91 @@
+from typing import Optional, Literal
+import os
+import requests
+import urllib.parse
+from lfss.src.database import (
+    FileReadPermission, FileRecord, UserRecord, PathContents
+    )
+
+_default_endpoint = os.environ.get('LFSS_ENDPOINT', 'http://localhost:8000')
+_default_token = os.environ.get('LFSS_TOKEN', '')
+
+class Connector:
+    def __init__(self, endpoint=_default_endpoint, token=_default_token):
+        assert token, "No token provided. Please set LFSS_TOKEN environment variable."
+        self.config = {
+            "endpoint": endpoint,
+            "token": token
+        }
+    
+    def _fetch(
+        self, method: Literal['GET', 'POST', 'PUT', 'DELETE'], 
+        path: str, search_params: dict = {}
+    ):
+        if path.startswith('/'):
+            path = path[1:]
+        def f(**kwargs):
+            url = f"{self.config['endpoint']}/{path}" + "?" + urllib.parse.urlencode(search_params)
+            headers: dict = kwargs.pop('headers', {})
+            headers.update({
+                'Authorization': f"Bearer {self.config['token']}",
+            })
+            response = requests.request(method, url, headers=headers, **kwargs)
+            response.raise_for_status()
+            return response
+        return f
+
+    def put(self, path: str, file_data: bytes):
+        """Uploads a file to the specified path."""
+        response = self._fetch('PUT', path)(
+            data=file_data, 
+            headers={'Content-Type': 'application/octet-stream'}
+        )
+        return response.json()
+    
+    def get(self, path: str) -> Optional[bytes]:
+        """Downloads a file from the specified path."""
+        try:
+            response = self._fetch('GET', path)()
+        except requests.exceptions.HTTPError as e:
+            if e.response.status_code == 404:
+                return None
+            raise e
+        return response.content
+    
+    def delete(self, path: str):
+        """Deletes the file at the specified path."""
+        if path.startswith('/'):
+            path = path[1:]
+        self._fetch('DELETE', path)()
+    
+    def get_metadata(self, path: str) -> Optional[FileRecord]:
+        """Gets the metadata for the file at the specified path."""
+        try:
+            response = self._fetch('GET', '_api/fmeta', {'path': path})()
+            return FileRecord(**response.json())
+        except requests.exceptions.HTTPError as e:
+            if e.response.status_code == 404:
+                return None
+            raise e
+    
+    def list_path(self, path: str) -> PathContents:
+        assert path.endswith('/')
+        response = self._fetch('GET', path)()
+        return PathContents(**response.json())
+
+    def set_file_permission(self, path: str, permission: int | FileReadPermission):
+        """Sets the file permission for the specified path."""
+        self._fetch('POST', '_api/fmeta', {'path': path, 'perm': int(permission)})(
+            headers={'Content-Type': 'application/www-form-urlencoded'}
+        )
+        
+    def move_file(self, path: str, new_path: str):
+        """Moves a file to a new location."""
+        self._fetch('POST', '_api/fmeta', {'path': path, 'new_path': new_path})(
+            headers = {'Content-Type': 'application/www-form-urlencoded'}
+        )
+        
+    def whoami(self) -> UserRecord:
+        """Gets information about the current user."""
+        response = self._fetch('GET', '_api/whoami')()
+        return UserRecord(**response.json())

{lfss-0.2.4 → lfss-0.3.1}/lfss/src/config.py

@@ -8,4 +8,5 @@ if not DATA_HOME.exists():
     DATA_HOME.mkdir()
     print(f"[init] Created data home at {DATA_HOME}")
 
-MAX_BUNDLE_BYTES = 128 * 1024 * 1024   # 128MB
+MAX_FILE_BYTES = 256 * 1024 * 1024   # 256MB
+MAX_BUNDLE_BYTES = 256 * 1024 * 1024   # 256MB

{lfss-0.2.4 → lfss-0.3.1}/lfss/src/database.py

@@ -1,5 +1,5 @@
 
-from typing import Optional, overload, Literal
+from typing import Optional, overload, Literal, AsyncIterable
 from abc import ABC, abstractmethod
 
 import urllib.parse
@@ -24,10 +24,7 @@ def hash_credential(username, password):
 
 _atomic_lock = Lock()
 def atomic(func):
-    """
-    Ensure non-reentrancy. 
-    Can be skipped if the function only executes a single SQL statement.
-    """
+    """ Ensure non-reentrancy """
     @wraps(func)
     async def wrapper(*args, **kwargs):
         async with _atomic_lock:
@@ -61,7 +58,7 @@ class FileReadPermission(IntEnum):
     PRIVATE = 3         # accessible by owner only (including admin)
 
 @dataclasses.dataclass
-class DBUserRecord:
+class UserRecord:
     id: int
     username: str
     credential: str
@@ -74,12 +71,12 @@ class DBUserRecord:
     def __str__(self):
         return f"User {self.username} (id={self.id}, admin={self.is_admin}, created at {self.create_time}, last active at {self.last_active}), storage={self.max_storage}, permission={self.permission}"
 
-DECOY_USER = DBUserRecord(0, 'decoy', 'decoy', False, '2021-01-01 00:00:00', '2021-01-01 00:00:00', 0, FileReadPermission.PRIVATE)
+DECOY_USER = UserRecord(0, 'decoy', 'decoy', False, '2021-01-01 00:00:00', '2021-01-01 00:00:00', 0, FileReadPermission.PRIVATE)
 class UserConn(DBConnBase):
 
     @staticmethod
-    def parse_record(record) -> DBUserRecord:
-        return DBUserRecord(*record)
+    def parse_record(record) -> UserRecord:
+        return UserRecord(*record)
 
     async def init(self):
         await super().init()
@@ -105,21 +102,21 @@ class UserConn(DBConnBase):
 
         return self
     
-    async def get_user(self, username: str) -> Optional[DBUserRecord]:
+    async def get_user(self, username: str) -> Optional[UserRecord]:
         async with self.conn.execute("SELECT * FROM user WHERE username = ?", (username, )) as cursor:
             res = await cursor.fetchone()
         
         if res is None: return None
         return self.parse_record(res)
     
-    async def get_user_by_id(self, user_id: int) -> Optional[DBUserRecord]:
+    async def get_user_by_id(self, user_id: int) -> Optional[UserRecord]:
         async with self.conn.execute("SELECT * FROM user WHERE id = ?", (user_id, )) as cursor:
             res = await cursor.fetchone()
         
         if res is None: return None
         return self.parse_record(res)
     
-    async def get_user_by_credential(self, credential: str) -> Optional[DBUserRecord]:
+    async def get_user_by_credential(self, credential: str) -> Optional[UserRecord]:
         async with self.conn.execute("SELECT * FROM user WHERE credential = ?", (credential, )) as cursor:
             res = await cursor.fetchone()
         
@@ -175,15 +172,17 @@ class UserConn(DBConnBase):
             async for record in cursor:
                 yield self.parse_record(record)
     
+    @atomic
     async def set_active(self, username: str):
         await self.conn.execute("UPDATE user SET last_active = CURRENT_TIMESTAMP WHERE username = ?", (username, ))
     
+    @atomic
     async def delete_user(self, username: str):
         await self.conn.execute("DELETE FROM user WHERE username = ?", (username, ))
         self.logger.info(f"Delete user {username}")
 
 @dataclasses.dataclass
-class FileDBRecord:
+class FileRecord:
     url: str
     owner_id: int
     file_id: str      # defines mapping from fmata to fdata
@@ -203,12 +202,17 @@ class DirectoryRecord:
 
     def __str__(self):
         return f"Directory {self.url} (size={self.size})"
+
+@dataclasses.dataclass
+class PathContents:
+    dirs: list[DirectoryRecord]
+    files: list[FileRecord]
     
 class FileConn(DBConnBase):
 
     @staticmethod
-    def parse_record(record) -> FileDBRecord:
-        return FileDBRecord(*record)
+    def parse_record(record) -> FileRecord:
+        return FileRecord(*record)
     
     async def init(self):
         await super().init()
@@ -251,30 +255,30 @@ class FileConn(DBConnBase):
                 async with self.conn.execute("SELECT SUM(file_size) FROM fmeta WHERE owner_id = ?", (r[0], )) as cursor:
                     size = await cursor.fetchone()
                 if size is not None and size[0] is not None:
-                    await self.user_size_inc(r[0], size[0])
+                    await self._user_size_inc(r[0], size[0])
 
         return self
     
-    async def get_file_record(self, url: str) -> Optional[FileDBRecord]:
+    async def get_file_record(self, url: str) -> Optional[FileRecord]:
         async with self.conn.execute("SELECT * FROM fmeta WHERE url = ?", (url, )) as cursor:
             res = await cursor.fetchone()
         if res is None:
             return None
         return self.parse_record(res)
     
-    async def get_file_records(self, urls: list[str]) -> list[FileDBRecord]:
+    async def get_file_records(self, urls: list[str]) -> list[FileRecord]:
         async with self.conn.execute("SELECT * FROM fmeta WHERE url IN ({})".format(','.join(['?'] * len(urls))), urls) as cursor:
             res = await cursor.fetchall()
         if res is None:
             return []
         return [self.parse_record(r) for r in res]
     
-    async def get_user_file_records(self, owner_id: int) -> list[FileDBRecord]:
+    async def get_user_file_records(self, owner_id: int) -> list[FileRecord]:
         async with self.conn.execute("SELECT * FROM fmeta WHERE owner_id = ?", (owner_id, )) as cursor:
             res = await cursor.fetchall()
         return [self.parse_record(r) for r in res]
     
-    async def get_path_records(self, url: str) -> list[FileDBRecord]:
+    async def get_path_records(self, url: str) -> list[FileRecord]:
         async with self.conn.execute("SELECT * FROM fmeta WHERE url LIKE ?", (url + '%', )) as cursor:
             res = await cursor.fetchall()
         return [self.parse_record(r) for r in res]
@@ -297,11 +301,11 @@ class FileConn(DBConnBase):
             return dirs
     
     @overload
-    async def list_path(self, url: str, flat: Literal[True]) -> list[FileDBRecord]:...
+    async def list_path(self, url: str, flat: Literal[True]) -> list[FileRecord]:...
     @overload
-    async def list_path(self, url: str, flat: Literal[False]) -> tuple[list[DirectoryRecord], list[FileDBRecord]]:...
+    async def list_path(self, url: str, flat: Literal[False]) -> PathContents:...
     
-    async def list_path(self, url: str, flat: bool = False) -> list[FileDBRecord] | tuple[list[DirectoryRecord], list[FileDBRecord]]:
+    async def list_path(self, url: str, flat: bool = False) -> list[FileRecord] | PathContents:
         """
         List all files and directories under the given path, 
         if flat is True, return a list of FileDBRecord, recursively including all subdirectories. 
@@ -318,7 +322,7 @@ class FileConn(DBConnBase):
                 return [self.parse_record(r) for r in res]
 
             else:
-                return (await self.list_root(), [])
+                return PathContents(await self.list_root(), [])
         
         if flat:
             async with self.conn.execute("SELECT * FROM fmeta WHERE url LIKE ?", (url + '%', )) as cursor:
@@ -346,7 +350,7 @@ class FileConn(DBConnBase):
         dirs_str = [r[0] + '/' for r in res if r[0] != '/']
         dirs = [DirectoryRecord(url + d, await self.path_size(url + d, include_subpath=True)) for d in dirs_str]
             
-        return (dirs, files)
+        return PathContents(dirs, files)
     
     async def user_size(self, user_id: int) -> int:
         async with self.conn.execute("SELECT size FROM usize WHERE user_id = ?", (user_id, )) as cursor:
@@ -354,10 +358,10 @@ class FileConn(DBConnBase):
         if res is None:
             return -1
         return res[0]
-    async def user_size_inc(self, user_id: int, inc: int):
+    async def _user_size_inc(self, user_id: int, inc: int):
         self.logger.debug(f"Increasing user {user_id} size by {inc}")
         await self.conn.execute("INSERT OR REPLACE INTO usize (user_id, size) VALUES (?, COALESCE((SELECT size FROM usize WHERE user_id = ?), 0) + ?)", (user_id, user_id, inc))
-    async def user_size_dec(self, user_id: int, dec: int):
+    async def _user_size_dec(self, user_id: int, dec: int):
         self.logger.debug(f"Decreasing user {user_id} size by {dec}")
         await self.conn.execute("INSERT OR REPLACE INTO usize (user_id, size) VALUES (?, COALESCE((SELECT size FROM usize WHERE user_id = ?), 0) - ?)", (user_id, user_id, dec))
     
@@ -406,7 +410,7 @@ class FileConn(DBConnBase):
                 "INSERT INTO fmeta (url, owner_id, file_id, file_size, permission) VALUES (?, ?, ?, ?, ?)", 
                 (url, owner_id, file_id, file_size, int(permission))
                 )
-            await self.user_size_inc(owner_id, file_size)
+            await self._user_size_inc(owner_id, file_size)
             self.logger.info(f"File {url} created")
     
     @atomic
@@ -428,7 +432,7 @@ class FileConn(DBConnBase):
         file_record = await self.get_file_record(url)
         if file_record is None: return
         await self.conn.execute("DELETE FROM fmeta WHERE url = ?", (url, ))
-        await self.user_size_dec(file_record.owner_id, file_record.file_size)
+        await self._user_size_dec(file_record.owner_id, file_record.file_size)
         self.logger.info(f"Deleted fmeta {url}")
     
     @atomic
@@ -452,11 +456,12 @@ class FileConn(DBConnBase):
                 async with self.conn.execute("SELECT SUM(file_size) FROM fmeta WHERE owner_id = ? AND url LIKE ?", (r[0], path + '%')) as cursor:
                     size = await cursor.fetchone()
                 if size is not None:
-                    await self.user_size_dec(r[0], size[0])
+                    await self._user_size_dec(r[0], size[0])
         
         await self.conn.execute("DELETE FROM fmeta WHERE url LIKE ?", (path + '%', ))
         self.logger.info(f"Deleted {len(all_f_rec)} files for path {path}") # type: ignore
     
+    @atomic
     async def set_file_blob(self, file_id: str, blob: bytes):
         await self.conn.execute("INSERT OR REPLACE INTO fdata (file_id, data) VALUES (?, ?)", (file_id, blob))
     
@@ -467,9 +472,11 @@ class FileConn(DBConnBase):
             return None
         return res[0]
     
+    @atomic
     async def delete_file_blob(self, file_id: str):
         await self.conn.execute("DELETE FROM fdata WHERE file_id = ?", (file_id, ))
     
+    @atomic
     async def delete_file_blobs(self, file_ids: list[str]):
         await self.conn.execute("DELETE FROM fdata WHERE file_id IN ({})".format(','.join(['?'] * len(file_ids))), file_ids)
 
@@ -488,7 +495,7 @@ def validate_url(url: str, is_file = True):
     if not ret:
         raise InvalidPathError(f"Invalid URL: {url}")
 
-async def get_user(db: "Database", user: int | str) -> Optional[DBUserRecord]:
+async def get_user(db: "Database", user: int | str) -> Optional[UserRecord]:
     if isinstance(user, str):
         return await db.user.get_user(user)
     elif isinstance(user, int):
@@ -584,7 +591,7 @@ class Database:
 
         return blob
 
-    async def delete_file(self, url: str) -> Optional[FileDBRecord]:
+    async def delete_file(self, url: str) -> Optional[FileRecord]:
         validate_url(url)
 
         async with transaction(self):
@@ -624,32 +631,37 @@ class Database:
             await self.file.delete_file_blobs([r.file_id for r in records])
             await self.file.delete_user_file_records(user.id)
             await self.user.delete_user(user.username)
-
-    async def zip_path(self, top_url: str, urls: Optional[list[str]]) -> io.BytesIO:
+    
+    async def iter_path(self, top_url: str, urls: Optional[list[str]]) -> AsyncIterable[tuple[FileRecord, bytes]]:
         if urls is None:
             urls = [r.url for r in await self.file.list_path(top_url, flat=True)]
 
+        for url in urls:
+            if not url.startswith(top_url):
+                continue
+            r = await self.file.get_file_record(url)
+            if r is None:
+                continue
+            f_id = r.file_id
+            blob = await self.file.get_file_blob(f_id)
+            if blob is None:
+                self.logger.warning(f"Blob not found for {url}")
+                continue
+            yield r, blob
+
+    async def zip_path(self, top_url: str, urls: Optional[list[str]]) -> io.BytesIO:
+        if top_url.startswith('/'):
+            top_url = top_url[1:]
         buffer = io.BytesIO()
         with zipfile.ZipFile(buffer, 'w') as zf:
-            for url in urls:
-                if not url.startswith(top_url):
-                    continue
-                r = await self.file.get_file_record(url)
-                if r is None:
-                    continue
-                f_id = r.file_id
-                blob = await self.file.get_file_blob(f_id)
-                if blob is None:
-                    continue
-
-                rel_path = url[len(top_url):]
+            async for (r, blob) in self.iter_path(top_url, urls):
+                rel_path = r.url[len(top_url):]
                 rel_path = decode_uri_compnents(rel_path)
                 zf.writestr(rel_path, blob)
-
         buffer.seek(0)
         return buffer
 
-def check_user_permission(user: DBUserRecord, owner: DBUserRecord, file: FileDBRecord) -> tuple[bool, str]:
+def check_user_permission(user: UserRecord, owner: UserRecord, file: FileRecord) -> tuple[bool, str]:
     if user.is_admin:
         return True, ""
     

{lfss-0.2.4 → lfss-0.3.1}/lfss/src/server.py

@@ -13,9 +13,9 @@ from contextlib import asynccontextmanager
 
 from .error import *
 from .log import get_logger
-from .config import MAX_BUNDLE_BYTES
+from .config import MAX_BUNDLE_BYTES, MAX_FILE_BYTES
 from .utils import ensure_uri_compnents
-from .database import Database, DBUserRecord, DECOY_USER, FileDBRecord, check_user_permission, FileReadPermission
+from .database import Database, UserRecord, DECOY_USER, FileRecord, check_user_permission, FileReadPermission
 
 logger = get_logger("server")
 conn = Database()
@@ -78,7 +78,7 @@ app.add_middleware(
 router_fs = APIRouter(prefix="")
 
 @router_fs.get("/{path:path}")
-async def get_file(path: str, asfile = False, user: DBUserRecord = Depends(get_current_user)):
+async def get_file(path: str, download = False, user: UserRecord = Depends(get_current_user)):
     path = ensure_uri_compnents(path)
 
     # handle directory query
@@ -97,11 +97,7 @@ async def get_file(path: str, asfile = False, user: DBUserRecord = Depends(get_c
         if not path.startswith(f"{user.username}/") and not user.is_admin:
             raise HTTPException(status_code=403, detail="Permission denied, path must start with username")
 
-        dirs, files = await conn.file.list_path(path, flat = False)
-        return {
-            "dirs": dirs,
-            "files": files
-        }
+        return await conn.file.list_path(path, flat = False)
     
     file_record = await conn.file.get_file_record(path)
     if not file_record:
@@ -128,13 +124,13 @@ async def get_file(path: str, asfile = False, user: DBUserRecord = Depends(get_c
             }
         )
     
-    if asfile:
+    if download:
         return await send('application/octet-stream', "attachment")
     else:
         return await send(None, "inline")
 
 @router_fs.put("/{path:path}")
-async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get_current_user)):
+async def put_file(request: Request, path: str, user: UserRecord = Depends(get_current_user)):
     path = ensure_uri_compnents(path)
     if user.id == 0:
         logger.debug("Reject put request from DECOY_USER")
@@ -143,6 +139,13 @@ async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get
         logger.debug(f"Reject put request from {user.username} to {path}")
         raise HTTPException(status_code=403, detail="Permission denied")
     
+    content_length = request.headers.get("Content-Length")
+    if content_length is not None:
+        content_length = int(content_length)
+        if content_length > MAX_FILE_BYTES:
+            logger.debug(f"Reject put request from {user.username} to {path}, file too large")
+            raise HTTPException(status_code=413, detail="File too large")
+    
     logger.info(f"PUT {path}, user: {user.username}")
     exists_flag = False
     file_record = await conn.file.get_file_record(path)
@@ -182,7 +185,7 @@ async def put_file(request: Request, path: str, user: DBUserRecord = Depends(get
         }, content=json.dumps({"url": path}))
 
 @router_fs.delete("/{path:path}")
-async def delete_file(path: str, user: DBUserRecord = Depends(get_current_user)):
+async def delete_file(path: str, user: UserRecord = Depends(get_current_user)):
     path = ensure_uri_compnents(path)
     if user.id == 0:
         raise HTTPException(status_code=401, detail="Permission denied")
@@ -204,7 +207,7 @@ async def delete_file(path: str, user: DBUserRecord = Depends(get_current_user))
 router_api = APIRouter(prefix="/_api")
 
 @router_api.get("/bundle")
-async def bundle_files(path: str, user: DBUserRecord = Depends(get_current_user)):
+async def bundle_files(path: str, user: UserRecord = Depends(get_current_user)):
     logger.info(f"GET bundle({path}), user: {user.username}")
     if user.id == 0:
         raise HTTPException(status_code=401, detail="Permission denied")
@@ -215,7 +218,7 @@ async def bundle_files(path: str, user: DBUserRecord = Depends(get_current_user)
         path = path[1:]
     
     owner_records_cache = {}     # cache owner records, ID -> UserRecord
-    async def is_access_granted(file_record: FileDBRecord):
+    async def is_access_granted(file_record: FileRecord):
         owner_id = file_record.owner_id
         owner = owner_records_cache.get(owner_id, None)
         if owner is None:
@@ -246,7 +249,7 @@ async def bundle_files(path: str, user: DBUserRecord = Depends(get_current_user)
     )
 
 @router_api.get("/fmeta")
-async def get_file_meta(path: str, user: DBUserRecord = Depends(get_current_user)):
+async def get_file_meta(path: str, user: UserRecord = Depends(get_current_user)):
     logger.info(f"GET meta({path}), user: {user.username}")
     if path.endswith("/"):
         raise HTTPException(status_code=400, detail="Invalid path")
@@ -261,7 +264,7 @@ async def update_file_meta(
     path: str, 
     perm: Optional[int] = None, 
     new_path: Optional[str] = None,
-    user: DBUserRecord = Depends(get_current_user)
+    user: UserRecord = Depends(get_current_user)
     ):
     if user.id == 0:
         raise HTTPException(status_code=401, detail="Permission denied")
@@ -290,7 +293,7 @@ async def update_file_meta(
     return Response(status_code=200, content="OK")
     
 @router_api.get("/whoami")
-async def whoami(user: DBUserRecord = Depends(get_current_user)):
+async def whoami(user: UserRecord = Depends(get_current_user)):
     if user.id == 0:
         raise HTTPException(status_code=401, detail="Login required")
     user.credential = "__HIDDEN__"

{lfss-0.2.4 → lfss-0.3.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "lfss"
-version = "0.2.4"
+version = "0.3.1"
 description = "Lightweight file storage service"
 authors = ["li, mengxun <limengxun45@outlook.com>"]
 readme = "Readme.md"