PyPI - lfss - Versions diffs - 0.8.3__py3-none-any.whl → 0.9.0__py3-none-any.whl - Mend

lfss 0.8.3py3-none-any.whl → 0.9.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

Readme.md +12 -4
docs/Permission.md +38 -26
frontend/api.js +21 -10
frontend/thumb.js +8 -4
lfss/api/connector.py +10 -6
lfss/cli/cli.py +6 -10
lfss/cli/user.py +28 -1
lfss/sql/init.sql +9 -0
lfss/src/connection_pool.py +22 -3
lfss/src/database.py +184 -66
lfss/src/datatype.py +18 -3
lfss/src/error.py +3 -0
lfss/src/server.py +50 -67
lfss/src/utils.py +9 -6
{lfss-0.8.3.dist-info → lfss-0.9.0.dist-info}/METADATA +13 -5
{lfss-0.8.3.dist-info → lfss-0.9.0.dist-info}/RECORD +18 -18
{lfss-0.8.3.dist-info → lfss-0.9.0.dist-info}/WHEEL +0 -0
{lfss-0.8.3.dist-info → lfss-0.9.0.dist-info}/entry_points.txt +0 -0

lfss/src/database.py CHANGED Viewed

@@ -1,5 +1,6 @@
-from typing import Optional, Literal, AsyncIterable
+from typing import Optional, Literal, AsyncIterable, overload
+from contextlib import asynccontextmanager
 from abc import ABC
 import urllib.parse
@@ -12,7 +13,8 @@ import mimetypes, mimesniff
 from .connection_pool import execute_sql, unique_cursor, transaction
 from .datatype import (
-    UserRecord, FileReadPermission, FileRecord, DirectoryRecord, PathContents,
+    UserRecord, AccessLevel,
+    FileReadPermission, FileRecord, DirectoryRecord, PathContents,
     FileSortKey, DirSortKey, isValidFileSortKey, isValidDirSortKey
     )
 from .config import LARGE_BLOB_DIR, CHUNK_SIZE, LARGE_FILE_BYTES, MAX_MEM_FILE_BYTES
@@ -57,11 +59,16 @@ class UserConn(DBObjectBase):
         if res is None: return None
         return self.parse_record(res)
-    async def get_user_by_id(self, user_id: int) -> Optional[UserRecord]:
+    @overload
+    async def get_user_by_id(self, user_id: int, throw: Literal[True]) -> UserRecord: ...
+    @overload
+    async def get_user_by_id(self, user_id: int, throw: Literal[False] = False) -> Optional[UserRecord]: ...
+    async def get_user_by_id(self, user_id: int, throw = False) -> Optional[UserRecord]:
         await self.cur.execute("SELECT * FROM user WHERE id = ?", (user_id, ))
         res = await self.cur.fetchone()
-        if res is None: return None
+        if res is None:
+            if throw: raise ValueError(f"User {user_id} not found")
+            return None
         return self.parse_record(res)
     async def get_user_by_credential(self, credential: str) -> Optional[UserRecord]:
@@ -122,8 +129,58 @@ class UserConn(DBObjectBase):
         await self.cur.execute("UPDATE user SET last_active = CURRENT_TIMESTAMP WHERE username = ?", (username, ))
     async def delete_user(self, username: str):
+        await self.cur.execute("DELETE FROM upeer WHERE src_user_id = (SELECT id FROM user WHERE username = ?) OR dst_user_id = (SELECT id FROM user WHERE username = ?)", (username, username))
         await self.cur.execute("DELETE FROM user WHERE username = ?", (username, ))
         self.logger.info(f"Delete user {username}")
+    async def set_peer_level(self, src_user: int | str, dst_user: int | str, level: AccessLevel):
+        """ src_user can do [AccessLevel] to dst_user """
+        assert int(level) >= AccessLevel.NONE, f"Cannot set alias level to {level}"
+        match (src_user, dst_user):
+            case (int(), int()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES (?, ?, ?)", (src_user, dst_user, int(level)))
+            case (str(), str()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES ((SELECT id FROM user WHERE username = ?), (SELECT id FROM user WHERE username = ?), ?)", (src_user, dst_user, int(level)))
+            case (str(), int()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES ((SELECT id FROM user WHERE username = ?), ?, ?)", (src_user, dst_user, int(level)))
+            case (int(), str()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES (?, (SELECT id FROM user WHERE username = ?), ?)", (src_user, dst_user, int(level)))
+            case (_, _):
+                raise ValueError("Invalid arguments")
+    async def query_peer_level(self, src_user_id: int, dst_user_id: int) -> AccessLevel:
+        """ src_user can do [AliasLevel] to dst_user """
+        if src_user_id == dst_user_id:
+            return AccessLevel.ALL
+        await self.cur.execute("SELECT access_level FROM upeer WHERE src_user_id = ? AND dst_user_id = ?", (src_user_id, dst_user_id))
+        res = await self.cur.fetchone()
+        if res is None:
+            return AccessLevel.NONE
+        return AccessLevel(res[0])
+    async def list_peer_users(self, src_user: int | str, level: AccessLevel) -> list[UserRecord]:
+        """
+        List all users that src_user can do [AliasLevel] to, with level >= level,
+        Note: the returned list does not include src_user and admin users
+        """
+        assert int(level) > AccessLevel.NONE, f"Invalid level, {level}"
+        match src_user:
+            case int():
+                await self.cur.execute("""
+                    SELECT * FROM user WHERE id IN (
+                        SELECT dst_user_id FROM upeer WHERE src_user_id = ? AND access_level >= ?
+                    )
+                """, (src_user, int(level)))
+            case str():
+                await self.cur.execute("""
+                    SELECT * FROM user WHERE id IN (
+                        SELECT dst_user_id FROM upeer WHERE src_user_id = (SELECT id FROM user WHERE username = ?) AND access_level >= ?
+                    )
+                """, (src_user, int(level)))
+            case _:
+                raise ValueError("Invalid arguments")
+        res = await self.cur.fetchall()
+        return [self.parse_record(r) for r in res]
 class FileConn(DBObjectBase):
@@ -135,10 +192,15 @@ class FileConn(DBObjectBase):
     def parse_record(record) -> FileRecord:
         return FileRecord(*record)
-    async def get_file_record(self, url: str) -> Optional[FileRecord]:
+    @overload
+    async def get_file_record(self, url: str, throw: Literal[True]) -> FileRecord: ...
+    @overload
+    async def get_file_record(self, url: str, throw: Literal[False] = False) -> Optional[FileRecord]: ...
+    async def get_file_record(self, url: str, throw = False):
         cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url = ?", (url, ))
         res = await cursor.fetchone()
         if res is None:
+            if throw: raise FileNotFoundError(f"File {url} not found")
             return None
         return self.parse_record(res)
@@ -552,7 +614,7 @@ class Database:
             if r is None:
                 raise PathNotFoundError(f"File {url} not found")
             if op_user is not None:
-                if r.owner_id != op_user.id and not op_user.is_admin:
+                if await check_path_permission(url, op_user) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot update file {url}")
             await fconn.update_file_record(url, permission=permission)
@@ -576,60 +638,70 @@ class Database:
             user_size_used = await fconn_r.user_size(user.id)
             f_id = uuid.uuid4().hex
-            async with aiofiles.tempfile.SpooledTemporaryFile(max_size=MAX_MEM_FILE_BYTES) as f:
-                async for chunk in blob_stream:
-                    await f.write(chunk)
-                file_size = await f.tell()
-                if user_size_used + file_size > user.max_storage:
-                    raise StorageExceededError(f"Unable to save file, user {user.username} has storage limit of {user.max_storage}, used {user_size_used}, requested {file_size}")
-                # check mime type
-                if mime_type is None:
-                    mime_type, _ = mimetypes.guess_type(url)
-                if mime_type is None:
-                    await f.seek(0)
-                    mime_type = mimesniff.what(await f.read(1024))
-                if mime_type is None:
-                    mime_type = 'application/octet-stream'
+        async with aiofiles.tempfile.SpooledTemporaryFile(max_size=MAX_MEM_FILE_BYTES) as f:
+            async for chunk in blob_stream:
+                await f.write(chunk)
+            file_size = await f.tell()
+            if user_size_used + file_size > user.max_storage:
+                raise StorageExceededError(f"Unable to save file, user {user.username} has storage limit of {user.max_storage}, used {user_size_used}, requested {file_size}")
+            # check mime type
+            if mime_type is None:
+                mime_type, _ = mimetypes.guess_type(url)
+            if mime_type is None:
                 await f.seek(0)
-                if file_size < LARGE_FILE_BYTES:
-                    blob = await f.read()
-                    async with transaction() as w_cur:
-                        fconn_w = FileConn(w_cur)
-                        await fconn_w.set_file_blob(f_id, blob)
-                        await fconn_w.set_file_record(
-                            url, owner_id=user.id, file_id=f_id, file_size=file_size,
-                            permission=permission, external=False, mime_type=mime_type)
-                else:
-                    async def blob_stream_tempfile():
-                        nonlocal f
-                        while True:
-                            chunk = await f.read(CHUNK_SIZE)
-                            if not chunk: break
-                            yield chunk
-                    await FileConn.set_file_blob_external(f_id, blob_stream_tempfile())
-                    async with transaction() as w_cur:
-                        await FileConn(w_cur).set_file_record(
-                            url, owner_id=user.id, file_id=f_id, file_size=file_size,
-                            permission=permission, external=True, mime_type=mime_type)
+                mime_type = mimesniff.what(await f.read(1024))
+            if mime_type is None:
+                mime_type = 'application/octet-stream'
+            await f.seek(0)
+            if file_size < LARGE_FILE_BYTES:
+                blob = await f.read()
+                async with transaction() as w_cur:
+                    fconn_w = FileConn(w_cur)
+                    await fconn_w.set_file_blob(f_id, blob)
+                    await fconn_w.set_file_record(
+                        url, owner_id=user.id, file_id=f_id, file_size=file_size,
+                        permission=permission, external=False, mime_type=mime_type)
+            else:
+                async def blob_stream_tempfile():
+                    nonlocal f
+                    while True:
+                        chunk = await f.read(CHUNK_SIZE)
+                        if not chunk: break
+                        yield chunk
+                await FileConn.set_file_blob_external(f_id, blob_stream_tempfile())
+                async with transaction() as w_cur:
+                    await FileConn(w_cur).set_file_record(
+                        url, owner_id=user.id, file_id=f_id, file_size=file_size,
+                        permission=permission, external=True, mime_type=mime_type)
         return file_size
     async def read_file(self, url: str, start_byte = -1, end_byte = -1) -> AsyncIterable[bytes]:
-        # end byte is exclusive: [start_byte, end_byte)
+        """
+        Read a file from the database.
+        end byte is exclusive: [start_byte, end_byte)
+        """
+        # The implementation is tricky, should not keep the cursor open for too long
         validate_url(url)
         async with unique_cursor() as cur:
             fconn = FileConn(cur)
             r = await fconn.get_file_record(url)
             if r is None:
                 raise FileNotFoundError(f"File {url} not found")
             if r.external:
-                ret = fconn.get_file_blob_external(r.file_id, start_byte=start_byte, end_byte=end_byte)
+                _blob_stream = fconn.get_file_blob_external(r.file_id, start_byte=start_byte, end_byte=end_byte)
+                async def blob_stream():
+                    async for chunk in _blob_stream:
+                        yield chunk
             else:
+                blob = await fconn.get_file_blob(r.file_id, start_byte=start_byte, end_byte=end_byte)
                 async def blob_stream():
-                    yield await fconn.get_file_blob(r.file_id, start_byte=start_byte, end_byte=end_byte)
-                ret = blob_stream()
+                    yield blob
+        ret = blob_stream()
         return ret
     async def delete_file(self, url: str, op_user: Optional[UserRecord] = None) -> Optional[FileRecord]:
@@ -641,7 +713,8 @@ class Database:
             if r is None:
                 return None
             if op_user is not None:
-                if r.owner_id != op_user.id and not op_user.is_admin:
+                if  r.owner_id != op_user.id and \
+                    await check_path_permission(r.url, op_user, cursor=cur) < AccessLevel.WRITE:
                     # will rollback
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot delete file {url}")
             f_id = r.file_id
@@ -661,7 +734,7 @@ class Database:
             if r is None:
                 raise FileNotFoundError(f"File {old_url} not found")
             if op_user is not None:
-                if r.owner_id != op_user.id:
+                if await check_path_permission(old_url, op_user) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move file {old_url}")
             await fconn.move_file(old_url, new_url)
@@ -681,20 +754,14 @@ class Database:
         assert old_url.endswith('/'), "Old path must end with /"
         assert new_url.endswith('/'), "New path must end with /"
-        async with transaction() as cur:
-            first_component = new_url.split('/')[0]
-            if not (first_component == op_user.username or op_user.is_admin):
-                raise PermissionDeniedError(f"Permission denied: path must start with {op_user.username}")
-            elif op_user.is_admin:
-                uconn = UserConn(cur)
-                _is_user = await uconn.get_user(first_component)
-                if not _is_user:
-                    raise PermissionDeniedError(f"Invalid path: {first_component} is not a valid username")
-            # check if old path is under user's directory (non-admin)
-            if not old_url.startswith(op_user.username + '/') and not op_user.is_admin:
-                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move path {old_url}")
+        async with unique_cursor() as cur:
+            if not (
+                await check_path_permission(old_url, op_user) >= AccessLevel.WRITE and
+                await check_path_permission(new_url, op_user) >= AccessLevel.WRITE
+                ):
+                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move path {old_url} to {new_url}")
+        async with transaction() as cur:
             fconn = FileConn(cur)
             await fconn.move_path(old_url, new_url, 'overwrite', op_user.id)
@@ -718,7 +785,7 @@ class Database:
     async def delete_path(self, url: str, op_user: Optional[UserRecord] = None) -> Optional[list[FileRecord]]:
         validate_url(url, is_file=False)
-        from_owner_id = op_user.id if op_user is not None and not op_user.is_admin else None
+        from_owner_id = op_user.id if op_user is not None and not (op_user.is_admin or await check_path_permission(url, op_user) >= AccessLevel.WRITE) else None
         async with transaction() as cur:
             fconn = FileConn(cur)
@@ -786,7 +853,15 @@ class Database:
         buffer.seek(0)
         return buffer
-def check_user_permission(user: UserRecord, owner: UserRecord, file: FileRecord) -> tuple[bool, str]:
+def check_file_read_permission(user: UserRecord, owner: UserRecord, file: FileRecord) -> tuple[bool, str]:
+    """
+    This does not consider alias level permission,
+    use check_path_permission for alias level permission check first:
+    ```
+    if await check_path_permission(path, user) < AccessLevel.READ:
+        read_allowed, reason = check_file_read_permission(user, owner, file)
+    ```
+    """
     if user.is_admin:
         return True, ""
@@ -812,4 +887,47 @@ def check_user_permission(user: UserRecord, owner: UserRecord, file: FileRecord)
     else:
         assert owner.permission == FileReadPermission.PUBLIC or owner.permission == FileReadPermission.UNSET
-    return True, ""
+    return True, ""
+async def check_path_permission(path: str, user: UserRecord, cursor: Optional[aiosqlite.Cursor] = None) -> AccessLevel:
+    """
+    Check if the user has access to the path.
+    If the user is admin, the user will have all access.
+    If the path is a file, the user will have all access if the user is the owner.
+    Otherwise, the user will have alias level access w.r.t. the path user.
+    """
+    if user.id == 0:
+        return AccessLevel.GUEST
+    @asynccontextmanager
+    async def this_cur():
+        if cursor is None:
+            async with unique_cursor() as _cur:
+                yield _cur
+        else:
+            yield cursor
+    # check if path user exists
+    path_username = path.split('/')[0]
+    async with this_cur() as cur:
+        uconn = UserConn(cur)
+        path_user = await uconn.get_user(path_username)
+    if path_user is None:
+        raise PathNotFoundError(f"Invalid path: {path_username} is not a valid username")
+    # check if user is admin
+    if user.is_admin or user.username == path_username:
+        return AccessLevel.ALL
+    # if the path is a file, check if the user is the owner
+    if not path.endswith('/'):
+        async with this_cur() as cur:
+            fconn = FileConn(cur)
+            file = await fconn.get_file_record(path)
+        if file and file.owner_id == user.id:
+            return AccessLevel.ALL
+    # check alias level
+    async with this_cur() as cur:
+        uconn = UserConn(cur)
+        return await uconn.query_peer_level(user.id, path_user.id)

lfss/src/datatype.py CHANGED Viewed

@@ -1,5 +1,6 @@
 from enum import IntEnum
 import dataclasses, typing
+from .utils import fmt_storage_size
 class FileReadPermission(IntEnum):
     UNSET = 0           # not set
@@ -7,6 +8,13 @@ class FileReadPermission(IntEnum):
     PROTECTED = 2       # accessible by any user
     PRIVATE = 3         # accessible by owner only (including admin)
+class AccessLevel(IntEnum):
+    GUEST = -1          # guest, no permission
+    NONE  = 0           # no permission
+    READ  = 1           # read permission
+    WRITE = 2           # write/delete permission
+    ALL   = 10          # all permission, currently same as WRITE
 @dataclasses.dataclass
 class UserRecord:
     id: int
@@ -18,8 +26,12 @@ class UserRecord:
     max_storage: int
     permission: 'FileReadPermission'
+    def __post_init__(self):
+        self.permission = FileReadPermission(self.permission)
     def __str__(self):
-        return f"User {self.username} (id={self.id}, admin={self.is_admin}, created at {self.create_time}, last active at {self.last_active}, storage={self.max_storage}, permission={self.permission})"
+        return  f"User {self.username} (id={self.id}, admin={self.is_admin}, created at {self.create_time}, last active at {self.last_active}, " + \
+                f"storage={fmt_storage_size(self.max_storage)}, permission={self.permission.name})"
 @dataclasses.dataclass
 class FileRecord:
@@ -33,9 +45,12 @@ class FileRecord:
     external: bool
     mime_type: str
+    def __post_init__(self):
+        self.permission = FileReadPermission(self.permission)
     def __str__(self):
         return  f"File {self.url} [{self.mime_type}] (owner={self.owner_id}, created at {self.create_time}, accessed at {self.access_time}, " + \
-                f"file_id={self.file_id}, permission={self.permission}, size={self.file_size}, external={self.external})"
+                f"file_id={self.file_id}, permission={self.permission.name}, size={fmt_storage_size(self.file_size)}, external={self.external})"
 @dataclasses.dataclass
 class DirectoryRecord:
@@ -47,7 +62,7 @@ class DirectoryRecord:
     n_files: int = -1
     def __str__(self):
-        return f"Directory {self.url} (size={self.size}, created at {self.create_time}, updated at {self.update_time}, accessed at {self.access_time}, n_files={self.n_files})"
+        return f"Directory {self.url} (size={fmt_storage_size(self.size)}, created at {self.create_time}, updated at {self.update_time}, accessed at {self.access_time}, n_files={self.n_files})"
 @dataclasses.dataclass
 class PathContents:

lfss/src/error.py CHANGED Viewed

@@ -1,6 +1,9 @@
+import sqlite3
 class LFSSExceptionBase(Exception):...
+class DatabaseLockedError(LFSSExceptionBase, sqlite3.DatabaseError):...
 class PathNotFoundError(LFSSExceptionBase, FileNotFoundError):...
 class PermissionDeniedError(LFSSExceptionBase, PermissionError):...

lfss 0.8.3__py3-none-any.whl → 0.9.0__py3-none-any.whl

lfss 0.8.3py3-none-any.whl → 0.9.0py3-none-any.whl