lfss 0.8.4__py3-none-any.whl → 0.9.1__py3-none-any.whl

lfss/{src → eng}/database.py

@@ -1,5 +1,6 @@
 
-from typing import Optional, Literal, AsyncIterable
+from typing import Optional, Literal, AsyncIterable, overload
+from contextlib import asynccontextmanager
 from abc import ABC
 
 import urllib.parse
@@ -12,12 +13,13 @@ import mimetypes, mimesniff
 
 from .connection_pool import execute_sql, unique_cursor, transaction
 from .datatype import (
-    UserRecord, FileReadPermission, FileRecord, DirectoryRecord, PathContents, 
+    UserRecord, AccessLevel, 
+    FileReadPermission, FileRecord, DirectoryRecord, PathContents, 
     FileSortKey, DirSortKey, isValidFileSortKey, isValidDirSortKey
     )
 from .config import LARGE_BLOB_DIR, CHUNK_SIZE, LARGE_FILE_BYTES, MAX_MEM_FILE_BYTES
 from .log import get_logger
-from .utils import decode_uri_compnents, hash_credential, concurrent_wrap, debounce_async
+from .utils import decode_uri_compnents, hash_credential, concurrent_wrap, debounce_async, copy_file
 from .error import *
 
 class DBObjectBase(ABC):
@@ -57,11 +59,16 @@ class UserConn(DBObjectBase):
         if res is None: return None
         return self.parse_record(res)
     
-    async def get_user_by_id(self, user_id: int) -> Optional[UserRecord]:
+    @overload
+    async def get_user_by_id(self, user_id: int, throw: Literal[True]) -> UserRecord: ...
+    @overload
+    async def get_user_by_id(self, user_id: int, throw: Literal[False] = False) -> Optional[UserRecord]: ...
+    async def get_user_by_id(self, user_id: int, throw = False) -> Optional[UserRecord]:
         await self.cur.execute("SELECT * FROM user WHERE id = ?", (user_id, ))
         res = await self.cur.fetchone()
-        
-        if res is None: return None
+        if res is None:
+            if throw: raise ValueError(f"User {user_id} not found")
+            return None
         return self.parse_record(res)
     
     async def get_user_by_credential(self, credential: str) -> Optional[UserRecord]:
@@ -122,8 +129,58 @@ class UserConn(DBObjectBase):
         await self.cur.execute("UPDATE user SET last_active = CURRENT_TIMESTAMP WHERE username = ?", (username, ))
     
     async def delete_user(self, username: str):
+        await self.cur.execute("DELETE FROM upeer WHERE src_user_id = (SELECT id FROM user WHERE username = ?) OR dst_user_id = (SELECT id FROM user WHERE username = ?)", (username, username))
         await self.cur.execute("DELETE FROM user WHERE username = ?", (username, ))
         self.logger.info(f"Delete user {username}")
+    
+    async def set_peer_level(self, src_user: int | str, dst_user: int | str, level: AccessLevel):
+        """ src_user can do [AccessLevel] to dst_user """
+        assert int(level) >= AccessLevel.NONE, f"Cannot set alias level to {level}"
+        match (src_user, dst_user):
+            case (int(), int()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES (?, ?, ?)", (src_user, dst_user, int(level)))
+            case (str(), str()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES ((SELECT id FROM user WHERE username = ?), (SELECT id FROM user WHERE username = ?), ?)", (src_user, dst_user, int(level)))
+            case (str(), int()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES ((SELECT id FROM user WHERE username = ?), ?, ?)", (src_user, dst_user, int(level)))
+            case (int(), str()):
+                await self.cur.execute("INSERT OR REPLACE INTO upeer (src_user_id, dst_user_id, access_level) VALUES (?, (SELECT id FROM user WHERE username = ?), ?)", (src_user, dst_user, int(level)))
+            case (_, _):
+                raise ValueError("Invalid arguments")
+    
+    async def query_peer_level(self, src_user_id: int, dst_user_id: int) -> AccessLevel:
+        """ src_user can do [AliasLevel] to dst_user """
+        if src_user_id == dst_user_id:
+            return AccessLevel.ALL
+        await self.cur.execute("SELECT access_level FROM upeer WHERE src_user_id = ? AND dst_user_id = ?", (src_user_id, dst_user_id))
+        res = await self.cur.fetchone()
+        if res is None:
+            return AccessLevel.NONE
+        return AccessLevel(res[0])
+    
+    async def list_peer_users(self, src_user: int | str, level: AccessLevel) -> list[UserRecord]:
+        """
+        List all users that src_user can do [AliasLevel] to, with level >= level, 
+        Note: the returned list does not include src_user and admin users
+        """
+        assert int(level) > AccessLevel.NONE, f"Invalid level, {level}"
+        match src_user:
+            case int():
+                await self.cur.execute("""
+                    SELECT * FROM user WHERE id IN (
+                        SELECT dst_user_id FROM upeer WHERE src_user_id = ? AND access_level >= ?
+                    )
+                """, (src_user, int(level)))
+            case str():
+                await self.cur.execute("""
+                    SELECT * FROM user WHERE id IN (
+                        SELECT dst_user_id FROM upeer WHERE src_user_id = (SELECT id FROM user WHERE username = ?) AND access_level >= ?
+                    )
+                """, (src_user, int(level)))
+            case _:
+                raise ValueError("Invalid arguments")
+        res = await self.cur.fetchall()
+        return [self.parse_record(r) for r in res]
 
 class FileConn(DBObjectBase):
 
@@ -135,10 +192,15 @@ class FileConn(DBObjectBase):
     def parse_record(record) -> FileRecord:
         return FileRecord(*record)
     
-    async def get_file_record(self, url: str) -> Optional[FileRecord]:
+    @overload
+    async def get_file_record(self, url: str, throw: Literal[True]) -> FileRecord: ...
+    @overload
+    async def get_file_record(self, url: str, throw: Literal[False] = False) -> Optional[FileRecord]: ...
+    async def get_file_record(self, url: str, throw = False):
         cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url = ?", (url, ))
         res = await cursor.fetchone()
         if res is None:
+            if throw: raise FileNotFoundError(f"File {url} not found")
             return None
         return self.parse_record(res)
     
@@ -343,6 +405,57 @@ class FileConn(DBObjectBase):
             )
         await self._user_size_inc(owner_id, file_size)
         self.logger.info(f"File {url} created")
+
+    # not tested
+    async def copy_file(self, old_url: str, new_url: str, user_id: Optional[int] = None):
+        old = await self.get_file_record(old_url)
+        if old is None:
+            raise FileNotFoundError(f"File {old_url} not found")
+        new_exists = await self.get_file_record(new_url)
+        if new_exists is not None:
+            raise FileExistsError(f"File {new_url} already exists")
+        new_fid = str(uuid.uuid4())
+        user_id = old.owner_id if user_id is None else user_id
+        await self.cur.execute(
+            "INSERT INTO fmeta (url, owner_id, file_id, file_size, permission, external, mime_type) VALUES (?, ?, ?, ?, ?, ?, ?)", 
+            (new_url, user_id, new_fid, old.file_size, old.permission, old.external, old.mime_type)
+            )
+        if not old.external:
+            await self.set_file_blob(new_fid, await self.get_file_blob(old.file_id))
+        else:
+            await copy_file(LARGE_BLOB_DIR / old.file_id, LARGE_BLOB_DIR / new_fid)
+        await self._user_size_inc(user_id, old.file_size)
+        self.logger.info(f"Copied file {old_url} to {new_url}")
+    
+    # not tested
+    async def copy_path(self, old_url: str, new_url: str, conflict_handler: Literal['skip', 'overwrite'] = 'overwrite', user_id: Optional[int] = None):
+        assert old_url.endswith('/'), "Old path must end with /"
+        assert new_url.endswith('/'), "New path must end with /"
+        if user_id is None:
+            cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url LIKE ?", (old_url + '%', ))
+            res = await cursor.fetchall()
+        else:
+            cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url LIKE ? AND owner_id = ?", (old_url + '%', user_id))
+            res = await cursor.fetchall()
+        for r in res:
+            old_record = FileRecord(*r)
+            new_r = new_url + old_record.url[len(old_url):]
+            if conflict_handler == 'overwrite':
+                await self.cur.execute("DELETE FROM fmeta WHERE url = ?", (new_r, ))
+            elif conflict_handler == 'skip':
+                if (await self.cur.execute("SELECT url FROM fmeta WHERE url = ?", (new_r, ))) is not None:
+                    continue
+            new_fid = str(uuid.uuid4())
+            user_id = old_record.owner_id if user_id is None else user_id
+            await self.cur.execute(
+                "INSERT INTO fmeta (url, owner_id, file_id, file_size, permission, external, mime_type) VALUES (?, ?, ?, ?, ?, ?, ?)", 
+                (new_r, user_id, new_fid, old_record.file_size, old_record.permission, old_record.external, old_record.mime_type)
+                )
+            if not old_record.external:
+                await self.set_file_blob(new_fid, await self.get_file_blob(old_record.file_id))
+            else:
+                await copy_file(LARGE_BLOB_DIR / old_record.file_id, LARGE_BLOB_DIR / new_fid)
+            await self._user_size_inc(user_id, old_record.file_size)
     
     async def move_file(self, old_url: str, new_url: str):
         old = await self.get_file_record(old_url)
@@ -552,7 +665,7 @@ class Database:
             if r is None:
                 raise PathNotFoundError(f"File {url} not found")
             if op_user is not None:
-                if r.owner_id != op_user.id and not op_user.is_admin:
+                if await check_path_permission(url, op_user) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot update file {url}")
             await fconn.update_file_record(url, permission=permission)
     
@@ -571,65 +684,78 @@ class Database:
         async with unique_cursor() as cur:
             user = await get_user(cur, u)
             assert user is not None, f"User {u} not found"
+
+            if await check_path_permission(url, user, cursor=cur) < AccessLevel.WRITE:
+                raise PermissionDeniedError(f"Permission denied: {user.username} cannot write to {url}")
             
             fconn_r = FileConn(cur)
             user_size_used = await fconn_r.user_size(user.id)
 
             f_id = uuid.uuid4().hex
-            async with aiofiles.tempfile.SpooledTemporaryFile(max_size=MAX_MEM_FILE_BYTES) as f:
-                async for chunk in blob_stream:
-                    await f.write(chunk)
-                file_size = await f.tell()
-                if user_size_used + file_size > user.max_storage:
-                    raise StorageExceededError(f"Unable to save file, user {user.username} has storage limit of {user.max_storage}, used {user_size_used}, requested {file_size}")
-                
-                # check mime type
-                if mime_type is None:
-                    mime_type, _ = mimetypes.guess_type(url)
-                if mime_type is None:
-                    await f.seek(0)
-                    mime_type = mimesniff.what(await f.read(1024))
-                if mime_type is None:
-                    mime_type = 'application/octet-stream'
+
+        async with aiofiles.tempfile.SpooledTemporaryFile(max_size=MAX_MEM_FILE_BYTES) as f:
+            async for chunk in blob_stream:
+                await f.write(chunk)
+            file_size = await f.tell()
+            if user_size_used + file_size > user.max_storage:
+                raise StorageExceededError(f"Unable to save file, user {user.username} has storage limit of {user.max_storage}, used {user_size_used}, requested {file_size}")
+            
+            # check mime type
+            if mime_type is None:
+                mime_type, _ = mimetypes.guess_type(url)
+            if mime_type is None:
                 await f.seek(0)
-                
-                if file_size < LARGE_FILE_BYTES:
-                    blob = await f.read()
-                    async with transaction() as w_cur:
-                        fconn_w = FileConn(w_cur)
-                        await fconn_w.set_file_blob(f_id, blob)
-                        await fconn_w.set_file_record(
-                            url, owner_id=user.id, file_id=f_id, file_size=file_size, 
-                            permission=permission, external=False, mime_type=mime_type)
-                
-                else:
-                    async def blob_stream_tempfile():
-                        nonlocal f
-                        while True:
-                            chunk = await f.read(CHUNK_SIZE)
-                            if not chunk: break
-                            yield chunk
-                    await FileConn.set_file_blob_external(f_id, blob_stream_tempfile())
-                    async with transaction() as w_cur:
-                        await FileConn(w_cur).set_file_record(
-                            url, owner_id=user.id, file_id=f_id, file_size=file_size, 
-                            permission=permission, external=True, mime_type=mime_type)
+                mime_type = mimesniff.what(await f.read(1024))
+            if mime_type is None:
+                mime_type = 'application/octet-stream'
+            await f.seek(0)
+            
+            if file_size < LARGE_FILE_BYTES:
+                blob = await f.read()
+                async with transaction() as w_cur:
+                    fconn_w = FileConn(w_cur)
+                    await fconn_w.set_file_blob(f_id, blob)
+                    await fconn_w.set_file_record(
+                        url, owner_id=user.id, file_id=f_id, file_size=file_size, 
+                        permission=permission, external=False, mime_type=mime_type)
+            
+            else:
+                async def blob_stream_tempfile():
+                    nonlocal f
+                    while True:
+                        chunk = await f.read(CHUNK_SIZE)
+                        if not chunk: break
+                        yield chunk
+                await FileConn.set_file_blob_external(f_id, blob_stream_tempfile())
+                async with transaction() as w_cur:
+                    await FileConn(w_cur).set_file_record(
+                        url, owner_id=user.id, file_id=f_id, file_size=file_size, 
+                        permission=permission, external=True, mime_type=mime_type)
         return file_size
 
     async def read_file(self, url: str, start_byte = -1, end_byte = -1) -> AsyncIterable[bytes]:
-        # end byte is exclusive: [start_byte, end_byte)
+        """
+        Read a file from the database.
+        end byte is exclusive: [start_byte, end_byte)
+        """
+        # The implementation is tricky, should not keep the cursor open for too long
         validate_url(url)
         async with unique_cursor() as cur:
             fconn = FileConn(cur)
             r = await fconn.get_file_record(url)
             if r is None:
                 raise FileNotFoundError(f"File {url} not found")
+
             if r.external:
-                ret = fconn.get_file_blob_external(r.file_id, start_byte=start_byte, end_byte=end_byte)
+                _blob_stream = fconn.get_file_blob_external(r.file_id, start_byte=start_byte, end_byte=end_byte)
+                async def blob_stream():
+                    async for chunk in _blob_stream:
+                        yield chunk
             else:
+                blob = await fconn.get_file_blob(r.file_id, start_byte=start_byte, end_byte=end_byte)
                 async def blob_stream():
-                    yield await fconn.get_file_blob(r.file_id, start_byte=start_byte, end_byte=end_byte)
-                ret = blob_stream()
+                    yield blob
+        ret = blob_stream()
         return ret
 
     async def delete_file(self, url: str, op_user: Optional[UserRecord] = None) -> Optional[FileRecord]:
@@ -641,7 +767,8 @@ class Database:
             if r is None:
                 return None
             if op_user is not None:
-                if r.owner_id != op_user.id and not op_user.is_admin:
+                if  r.owner_id != op_user.id and \
+                    await check_path_permission(r.url, op_user, cursor=cur) < AccessLevel.WRITE:
                     # will rollback
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot delete file {url}")
             f_id = r.file_id
@@ -661,7 +788,7 @@ class Database:
             if r is None:
                 raise FileNotFoundError(f"File {old_url} not found")
             if op_user is not None:
-                if r.owner_id != op_user.id:
+                if await check_path_permission(old_url, op_user, cursor=cur) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move file {old_url}")
             await fconn.move_file(old_url, new_url)
 
@@ -669,6 +796,23 @@ class Database:
             if not new_mime is None:
                 await fconn.update_file_record(new_url, mime_type=new_mime)
     
+    # not tested
+    async def copy_file(self, old_url: str, new_url: str, op_user: Optional[UserRecord] = None):
+        validate_url(old_url)
+        validate_url(new_url)
+
+        async with transaction() as cur:
+            fconn = FileConn(cur)
+            r = await fconn.get_file_record(old_url)
+            if r is None:
+                raise FileNotFoundError(f"File {old_url} not found")
+            if op_user is not None:
+                if await check_path_permission(old_url, op_user, cursor=cur) < AccessLevel.READ:
+                    raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy file {old_url}")
+                if await check_path_permission(new_url, op_user, cursor=cur) < AccessLevel.WRITE:
+                    raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy file to {new_url}")
+            await fconn.copy_file(old_url, new_url, user_id=op_user.id if op_user is not None else None)
+    
     async def move_path(self, old_url: str, new_url: str, op_user: UserRecord):
         validate_url(old_url, is_file=False)
         validate_url(new_url, is_file=False)
@@ -681,22 +825,40 @@ class Database:
         assert old_url.endswith('/'), "Old path must end with /"
         assert new_url.endswith('/'), "New path must end with /"
 
-        async with transaction() as cur:
-            first_component = new_url.split('/')[0]
-            if not (first_component == op_user.username or op_user.is_admin):
-                raise PermissionDeniedError(f"Permission denied: path must start with {op_user.username}")
-            elif op_user.is_admin:
-                uconn = UserConn(cur)
-                _is_user = await uconn.get_user(first_component)
-                if not _is_user:
-                    raise PermissionDeniedError(f"Invalid path: {first_component} is not a valid username")
-            
-            # check if old path is under user's directory (non-admin)
-            if not old_url.startswith(op_user.username + '/') and not op_user.is_admin:
-                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move path {old_url}")
+        async with unique_cursor() as cur:
+            if not (
+                await check_path_permission(old_url, op_user, cursor=cur) >= AccessLevel.WRITE and
+                await check_path_permission(new_url, op_user, cursor=cur) >= AccessLevel.WRITE
+                ):
+                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move path {old_url} to {new_url}")
 
+        async with transaction() as cur:
             fconn = FileConn(cur)
             await fconn.move_path(old_url, new_url, 'overwrite', op_user.id)
+    
+    # not tested
+    async def copy_path(self, old_url: str, new_url: str, op_user: UserRecord):
+        validate_url(old_url, is_file=False)
+        validate_url(new_url, is_file=False)
+        
+        if new_url.startswith('/'):
+            new_url = new_url[1:]
+        if old_url.startswith('/'):
+            old_url = old_url[1:]
+        assert old_url != new_url, "Old and new path must be different"
+        assert old_url.endswith('/'), "Old path must end with /"
+        assert new_url.endswith('/'), "New path must end with /"
+
+        async with unique_cursor() as cur:
+            if not (
+                await check_path_permission(old_url, op_user, cursor=cur) >= AccessLevel.READ and
+                await check_path_permission(new_url, op_user, cursor=cur) >= AccessLevel.WRITE
+                ):
+                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy path {old_url} to {new_url}")
+        
+        async with transaction() as cur:
+            fconn = FileConn(cur)
+            await fconn.copy_path(old_url, new_url, 'overwrite', op_user.id)
 
     async def __batch_delete_file_blobs(self, fconn: FileConn, file_records: list[FileRecord], batch_size: int = 512):
         # https://github.com/langchain-ai/langchain/issues/10321
@@ -718,7 +880,7 @@ class Database:
 
     async def delete_path(self, url: str, op_user: Optional[UserRecord] = None) -> Optional[list[FileRecord]]:
         validate_url(url, is_file=False)
-        from_owner_id = op_user.id if op_user is not None and not op_user.is_admin else None
+        from_owner_id = op_user.id if op_user is not None and not (op_user.is_admin or await check_path_permission(url, op_user) >= AccessLevel.WRITE) else None
 
         async with transaction() as cur:
             fconn = FileConn(cur)
@@ -786,7 +948,15 @@ class Database:
         buffer.seek(0)
         return buffer
 
-def check_user_permission(user: UserRecord, owner: UserRecord, file: FileRecord) -> tuple[bool, str]:
+def check_file_read_permission(user: UserRecord, owner: UserRecord, file: FileRecord) -> tuple[bool, str]:
+    """
+    This does not consider alias level permission,
+    use check_path_permission for alias level permission check first:
+    ```
+    if await check_path_permission(path, user) < AccessLevel.READ:
+        read_allowed, reason = check_file_read_permission(user, owner, file)
+    ```
+    """
     if user.is_admin:
         return True, ""
     
@@ -812,4 +982,47 @@ def check_user_permission(user: UserRecord, owner: UserRecord, file: FileRecord)
     else:
         assert owner.permission == FileReadPermission.PUBLIC or owner.permission == FileReadPermission.UNSET
 
-    return True, ""
+    return True, ""
+
+async def check_path_permission(path: str, user: UserRecord, cursor: Optional[aiosqlite.Cursor] = None) -> AccessLevel:
+    """
+    Check if the user has access to the path. 
+    If the user is admin, the user will have all access.
+    If the path is a file, the user will have all access if the user is the owner.
+    Otherwise, the user will have alias level access w.r.t. the path user.
+    """
+    if user.id == 0:
+        return AccessLevel.GUEST
+    
+    @asynccontextmanager
+    async def this_cur():
+        if cursor is None:
+            async with unique_cursor() as _cur:
+                yield _cur
+        else:
+            yield cursor
+
+    # check if path user exists
+    path_username = path.split('/')[0]
+    async with this_cur() as cur:
+        uconn = UserConn(cur)
+        path_user = await uconn.get_user(path_username)
+    if path_user is None:
+        raise PathNotFoundError(f"Invalid path: {path_username} is not a valid username")
+
+    # check if user is admin
+    if user.is_admin or user.username == path_username:
+        return AccessLevel.ALL
+    
+    # if the path is a file, check if the user is the owner
+    if not path.endswith('/'):
+        async with this_cur() as cur:
+            fconn = FileConn(cur)
+            file = await fconn.get_file_record(path)
+        if file and file.owner_id == user.id:
+            return AccessLevel.ALL
+    
+    # check alias level
+    async with this_cur() as cur:
+        uconn = UserConn(cur)
+        return await uconn.query_peer_level(user.id, path_user.id)

lfss/{src → eng}/datatype.py

@@ -8,6 +8,13 @@ class FileReadPermission(IntEnum):
     PROTECTED = 2       # accessible by any user
     PRIVATE = 3         # accessible by owner only (including admin)
 
+class AccessLevel(IntEnum):
+    GUEST = -1          # guest, no permission
+    NONE  = 0           # no permission
+    READ  = 1           # read permission
+    WRITE = 2           # write/delete permission
+    ALL   = 10          # all permission, currently same as WRITE
+
 @dataclasses.dataclass
 class UserRecord:
     id: int

lfss/{src → eng}/error.py

@@ -1,6 +1,13 @@
+import sqlite3
 
 class LFSSExceptionBase(Exception):...
 
+class FileLockedError(LFSSExceptionBase):...
+
+class InvalidOptionsError(LFSSExceptionBase, ValueError):...
+
+class DatabaseLockedError(LFSSExceptionBase, sqlite3.DatabaseError):...
+
 class PathNotFoundError(LFSSExceptionBase, FileNotFoundError):...
 
 class PermissionDeniedError(LFSSExceptionBase, PermissionError):...

lfss/{src → eng}/thumb.py

@@ -1,6 +1,6 @@
-from lfss.src.config import THUMB_DB, THUMB_SIZE
-from lfss.src.database import FileConn
-from lfss.src.connection_pool import unique_cursor
+from lfss.eng.config import THUMB_DB, THUMB_SIZE
+from lfss.eng.database import FileConn
+from lfss.eng.connection_pool import unique_cursor
 from typing import Optional
 from PIL import Image
 from io import BytesIO
@@ -69,12 +69,13 @@ async def get_thumb(path: str) -> Optional[tuple[bytes, str]]:
     async with unique_cursor() as main_c:
         fconn = FileConn(main_c)
         r = await fconn.get_file_record(path)
-        if r is None:
-            async with cache_cursor() as cur:
-                await _delete_cache_thumb(cur, path)
-            raise FileNotFoundError(f'File not found: {path}')
-        if not r.mime_type.startswith('image/'):
-            return None
+
+    if r is None:
+        async with cache_cursor() as cur:
+            await _delete_cache_thumb(cur, path)
+        raise FileNotFoundError(f'File not found: {path}')
+    if not r.mime_type.startswith('image/'):
+        return None
 
     async with cache_cursor() as cur:
         c_time = r.create_time

lfss/{src → eng}/utils.py

@@ -1,8 +1,10 @@
 import datetime, time
 import urllib.parse
-import asyncio
+import pathlib
 import functools
 import hashlib
+import aiofiles
+import asyncio
 from asyncio import Lock
 from collections import OrderedDict
 from concurrent.futures import ThreadPoolExecutor
@@ -11,6 +13,12 @@ from functools import wraps, partial
 from uuid import uuid4
 import os
 
+async def copy_file(source: str|pathlib.Path, destination: str|pathlib.Path):
+    async with aiofiles.open(source, mode='rb') as src:
+        async with aiofiles.open(destination, mode='wb') as dest:
+            while chunk := await src.read(1024):
+                await dest.write(chunk)
+
 def hash_credential(username: str, password: str):
     return hashlib.sha256((username + password).encode()).hexdigest()
 
@@ -47,13 +55,15 @@ def debounce_async(delay: float = 0.1, max_wait: float = 1.):
     """
     def debounce_wrap(func):
         task_record: tuple[str, asyncio.Task] | None = None
+        fn_execution_lock = Lock()
         last_execution_time = 0
 
         async def delayed_func(*args, **kwargs):
             nonlocal last_execution_time
             await asyncio.sleep(delay)
-            await func(*args, **kwargs)
-            last_execution_time = time.monotonic()
+            async with fn_execution_lock:
+                await func(*args, **kwargs)
+                last_execution_time = time.monotonic()
 
         @functools.wraps(func)
         async def wrapper(*args, **kwargs):
@@ -64,10 +74,11 @@ def debounce_async(delay: float = 0.1, max_wait: float = 1.):
                     task_record[1].cancel()
                     g_debounce_tasks.pop(task_record[0], None)
             
-            if time.monotonic() - last_execution_time > max_wait:
-                await func(*args, **kwargs)
-                last_execution_time = time.monotonic()
-                return
+            async with fn_execution_lock:
+                if time.monotonic() - last_execution_time > max_wait:
+                    await func(*args, **kwargs)
+                    last_execution_time = time.monotonic()
+                    return
 
             task = asyncio.create_task(delayed_func(*args, **kwargs))
             task_uid = uuid4().hex

lfss/sql/init.sql

@@ -27,6 +27,15 @@ CREATE TABLE IF NOT EXISTS usize (
     size INTEGER DEFAULT 0
 );
 
+CREATE TABLE IF NOT EXISTS upeer (
+    src_user_id INTEGER NOT NULL,
+    dst_user_id INTEGER NOT NULL,
+    access_level INTEGER DEFAULT 0,
+    PRIMARY KEY(src_user_id, dst_user_id),
+    FOREIGN KEY(src_user_id) REFERENCES user(id),
+    FOREIGN KEY(dst_user_id) REFERENCES user(id)
+); 
+
 CREATE INDEX IF NOT EXISTS idx_fmeta_url ON fmeta(url);
 
 CREATE INDEX IF NOT EXISTS idx_user_username ON user(username);

lfss/svc/app.py

@@ -0,0 +1,9 @@
+from .app_native import *
+import os
+
+# order matters
+app.include_router(router_api)
+if os.environ.get("LFSS_WEBDAV", "0") == "1":
+    from .app_dav import *
+    app.include_router(router_dav)
+app.include_router(router_fs)