lfss 0.9.0__tar.gz → 0.9.1__tar.gz

{lfss-0.9.0 → lfss-0.9.1}/PKG-INFO

@@ -1,10 +1,10 @@
 Metadata-Version: 2.1
 Name: lfss
-Version: 0.9.0
+Version: 0.9.1
 Summary: Lightweight file storage service
 Home-page: https://github.com/MenxLi/lfss
-Author: li, mengxun
-Author-email: limengxun45@outlook.com
+Author: li_mengxun
+Author-email: limengxun45@outlookc.com
 Requires-Python: >=3.10
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
@@ -32,6 +32,7 @@ My experiment on a lightweight and high-performance file/object storage service.
 - Pagination and sorted file listing for vast number of files.  
 - High performance: high concurrency, near-native speed on stress tests.
 - Support range requests, so you can stream large files / resume download.
+- WebDAV compatible ([NOTE](./docs/Webdav.md)).
 
 It stores small files and metadata in sqlite, large files in the filesystem.  
 Tested on 2 million files, and it is still fast.
@@ -53,7 +54,11 @@ lfss-panel --open
 Or, you can start a web server at `/frontend` and open `index.html` in your browser. 
 
 The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/url` path.  
-Authentication via `Authorization` header with the value `Bearer <token>`, or through the `token` query parameter.  
+The authentication can be acheived through one of the following methods:
+1. `Authorization` header with the value `Bearer sha256(<username><password>)`.
+2. `token` query parameter with the value `sha256(<username><password>)`.
+3. HTTP Basic Authentication with the username and password. 
+
 You can refer to `frontend` as an application example, `lfss/api/connector.py` for more APIs. 
 
 By default, the service exposes all files to the public for `GET` requests, 

{lfss-0.9.0 → lfss-0.9.1}/Readme.md

@@ -9,6 +9,7 @@ My experiment on a lightweight and high-performance file/object storage service.
 - Pagination and sorted file listing for vast number of files.  
 - High performance: high concurrency, near-native speed on stress tests.
 - Support range requests, so you can stream large files / resume download.
+- WebDAV compatible ([NOTE](./docs/Webdav.md)).
 
 It stores small files and metadata in sqlite, large files in the filesystem.  
 Tested on 2 million files, and it is still fast.
@@ -30,7 +31,11 @@ lfss-panel --open
 Or, you can start a web server at `/frontend` and open `index.html` in your browser. 
 
 The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/url` path.  
-Authentication via `Authorization` header with the value `Bearer <token>`, or through the `token` query parameter.  
+The authentication can be acheived through one of the following methods:
+1. `Authorization` header with the value `Bearer sha256(<username><password>)`.
+2. `token` query parameter with the value `sha256(<username><password>)`.
+3. HTTP Basic Authentication with the username and password. 
+
 You can refer to `frontend` as an application example, `lfss/api/connector.py` for more APIs. 
 
 By default, the service exposes all files to the public for `GET` requests, 

lfss-0.9.1/docs/Webdav.md

@@ -0,0 +1,22 @@
+# WebDAV
+
+It is convinient to make LFSS WebDAV compatible, because they both use HTTP `GET`, `PUT`, `DELETE` methods to interact with files.
+
+However, WebDAV utilize more HTTP methods, 
+which are disabled by default in LFSS, because they may not be supported by many middlewares or clients.   
+
+The WebDAV support can be enabled by setting the `LFSS_WEBDAV` environment variable to `1`. 
+i.e. 
+```sh
+LFSS_WEBDAV=1 lfss-serve
+```
+Please note:
+1. **WebDAV support is experimental, and is currently not well-tested.**
+2. LFSS not allow creating files in the root directory, however some client such as [Finder](https://sabre.io/dav/clients/finder/) will try to create files in the root directory. Thus, it is safer to mount the user directory only, e.g. `http://localhost:8000/<username>/`.
+3. LFSS not allow directory creation, instead it creates directoy implicitly when a file is uploaded to a non-exist directory. 
+   i.e. `PUT http://localhost:8000/<username>/dir/file.txt` will create the `dir` directory if it does not exist. 
+   However, the WebDAV `MKCOL` method requires the directory to be created explicitly, so WebDAV `MKCOL` method instead create a decoy file on the path (`.lfss-keep`), and hide the file from the file listing by `PROPFIND` method. 
+   This leads to: 
+   1) You may see a `.lfss-keep` file in the directory with native file listing (e.g. `/_api/list-files`), but it is hidden in WebDAV clients.
+   2) The directory may be deleted if there is no file in it and the `.lfss-keep` file is not created by WebDAV client.  
+

{lfss-0.9.0 → lfss-0.9.1}/lfss/api/__init__.py

@@ -1,9 +1,9 @@
 import os, time, pathlib
 from threading import Lock
 from .connector import Connector
-from ..src.datatype import FileRecord
-from ..src.utils import decode_uri_compnents
-from ..src.bounded_pool import BoundedThreadPoolExecutor
+from ..eng.datatype import FileRecord
+from ..eng.utils import decode_uri_compnents
+from ..eng.bounded_pool import BoundedThreadPoolExecutor
 
 def upload_file(
     connector: Connector, 

{lfss-0.9.0 → lfss-0.9.1}/lfss/api/connector.py

@@ -5,12 +5,12 @@ import requests
 import requests.adapters
 import urllib.parse
 from tempfile import SpooledTemporaryFile
-from lfss.src.error import PathNotFoundError
-from lfss.src.datatype import (
+from lfss.eng.error import PathNotFoundError
+from lfss.eng.datatype import (
     FileReadPermission, FileRecord, DirectoryRecord, UserRecord, PathContents, 
     FileSortKey, DirSortKey
     )
-from lfss.src.utils import ensure_uri_compnents
+from lfss.eng.utils import ensure_uri_compnents
 
 _default_endpoint = os.environ.get('LFSS_ENDPOINT', 'http://localhost:8000')
 _default_token = os.environ.get('LFSS_TOKEN', '')

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/balance.py

@@ -2,14 +2,14 @@
 Balance the storage by ensuring that large file thresholds are met.
 """
 
-from lfss.src.config import LARGE_BLOB_DIR, LARGE_FILE_BYTES
+from lfss.eng.config import LARGE_BLOB_DIR, LARGE_FILE_BYTES
 import argparse, time, itertools
 from functools import wraps
 from asyncio import Semaphore
 import aiofiles, asyncio
 import aiofiles.os
-from lfss.src.database import transaction, unique_cursor
-from lfss.src.connection_pool import global_entrance
+from lfss.eng.database import transaction, unique_cursor
+from lfss.eng.connection_pool import global_entrance
 
 sem: Semaphore
 

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/cli.py

@@ -1,8 +1,8 @@
 from pathlib import Path
 import argparse, typing
 from lfss.api import Connector, upload_directory, upload_file, download_file, download_directory
-from lfss.src.datatype import FileReadPermission, FileSortKey, DirSortKey
-from lfss.src.utils import decode_uri_compnents
+from lfss.eng.datatype import FileReadPermission, FileSortKey, DirSortKey
+from lfss.eng.utils import decode_uri_compnents
 from . import catch_request_error, line_sep
 
 def parse_permission(s: str) -> FileReadPermission:

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/panel.py

@@ -2,6 +2,7 @@
 import uvicorn
 from fastapi import FastAPI
 from fastapi.staticfiles import StaticFiles
+from fastapi.middleware.cors import CORSMiddleware
 
 import argparse
 from contextlib import asynccontextmanager
@@ -27,6 +28,13 @@ assert (__frontend_dir / "index.html").exists(), "Frontend panel not found"
 
 app = FastAPI(lifespan=app_lifespan)
 app.mount("/", StaticFiles(directory=__frontend_dir, html=True), name="static")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
 
 def main():
     parser = argparse.ArgumentParser(description="Serve frontend panel")

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/serve.py

@@ -1,7 +1,9 @@
 import argparse
 from uvicorn import Config, Server
 from uvicorn.config import LOGGING_CONFIG
-from ..src.server import *
+from ..eng.config import DEBUG_MODE
+from ..svc.app_base import logger
+from ..svc.app import app
 
 def main():
     parser = argparse.ArgumentParser()
@@ -19,7 +21,7 @@ def main():
         app=app,
         host=args.host,
         port=args.port,
-        access_log=False,
+        access_log=True if DEBUG_MODE else False,
         workers=args.workers,
         log_config=default_logging_config
     )

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/user.py

@@ -1,10 +1,10 @@
 import argparse, asyncio, os
 from contextlib import asynccontextmanager
 from .cli import parse_permission, FileReadPermission
-from ..src.utils import parse_storage_size, fmt_storage_size
-from ..src.datatype import AccessLevel
-from ..src.database import Database, FileReadPermission, transaction, UserConn, unique_cursor, FileConn
-from ..src.connection_pool import global_entrance
+from ..eng.utils import parse_storage_size, fmt_storage_size
+from ..eng.datatype import AccessLevel
+from ..eng.database import Database, FileReadPermission, transaction, UserConn, unique_cursor, FileConn
+from ..eng.connection_pool import global_entrance
 
 def parse_access_level(s: str) -> AccessLevel:
     for p in AccessLevel:

{lfss-0.9.0 → lfss-0.9.1}/lfss/cli/vacuum.py

@@ -2,17 +2,17 @@
 Vacuum the database and external storage to ensure that the storage is consistent and minimal.
 """
 
-from lfss.src.config import LARGE_BLOB_DIR
+from lfss.eng.config import LARGE_BLOB_DIR
 import argparse, time
 from functools import wraps
 from asyncio import Semaphore
 import aiofiles, asyncio
 import aiofiles.os
 from contextlib import contextmanager
-from lfss.src.database import transaction, unique_cursor
-from lfss.src.stat import RequestDB
-from lfss.src.utils import now_stamp
-from lfss.src.connection_pool import global_entrance
+from lfss.eng.database import transaction, unique_cursor
+from lfss.svc.request_log import RequestDB
+from lfss.eng.utils import now_stamp
+from lfss.eng.connection_pool import global_entrance
 
 sem: Semaphore
 

{lfss-0.9.0/lfss/src → lfss-0.9.1/lfss/eng}/config.py

@@ -21,6 +21,7 @@ else:
 MAX_MEM_FILE_BYTES = 128 * 1024 * 1024   # 128MB
 MAX_BUNDLE_BYTES = 512 * 1024 * 1024   # 512MB
 CHUNK_SIZE = 1024 * 1024   # 1MB chunks for streaming (on large files)
+DEBUG_MODE = os.environ.get('LFSS_DEBUG', '0') == '1'
 
 THUMB_DB = DATA_HOME / 'thumbs.db'
 THUMB_SIZE = (48, 48)

{lfss-0.9.0/lfss/src → lfss-0.9.1/lfss/eng}/database.py

@@ -19,7 +19,7 @@ from .datatype import (
     )
 from .config import LARGE_BLOB_DIR, CHUNK_SIZE, LARGE_FILE_BYTES, MAX_MEM_FILE_BYTES
 from .log import get_logger
-from .utils import decode_uri_compnents, hash_credential, concurrent_wrap, debounce_async
+from .utils import decode_uri_compnents, hash_credential, concurrent_wrap, debounce_async, copy_file
 from .error import *
 
 class DBObjectBase(ABC):
@@ -405,6 +405,57 @@ class FileConn(DBObjectBase):
             )
         await self._user_size_inc(owner_id, file_size)
         self.logger.info(f"File {url} created")
+
+    # not tested
+    async def copy_file(self, old_url: str, new_url: str, user_id: Optional[int] = None):
+        old = await self.get_file_record(old_url)
+        if old is None:
+            raise FileNotFoundError(f"File {old_url} not found")
+        new_exists = await self.get_file_record(new_url)
+        if new_exists is not None:
+            raise FileExistsError(f"File {new_url} already exists")
+        new_fid = str(uuid.uuid4())
+        user_id = old.owner_id if user_id is None else user_id
+        await self.cur.execute(
+            "INSERT INTO fmeta (url, owner_id, file_id, file_size, permission, external, mime_type) VALUES (?, ?, ?, ?, ?, ?, ?)", 
+            (new_url, user_id, new_fid, old.file_size, old.permission, old.external, old.mime_type)
+            )
+        if not old.external:
+            await self.set_file_blob(new_fid, await self.get_file_blob(old.file_id))
+        else:
+            await copy_file(LARGE_BLOB_DIR / old.file_id, LARGE_BLOB_DIR / new_fid)
+        await self._user_size_inc(user_id, old.file_size)
+        self.logger.info(f"Copied file {old_url} to {new_url}")
+    
+    # not tested
+    async def copy_path(self, old_url: str, new_url: str, conflict_handler: Literal['skip', 'overwrite'] = 'overwrite', user_id: Optional[int] = None):
+        assert old_url.endswith('/'), "Old path must end with /"
+        assert new_url.endswith('/'), "New path must end with /"
+        if user_id is None:
+            cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url LIKE ?", (old_url + '%', ))
+            res = await cursor.fetchall()
+        else:
+            cursor = await self.cur.execute("SELECT * FROM fmeta WHERE url LIKE ? AND owner_id = ?", (old_url + '%', user_id))
+            res = await cursor.fetchall()
+        for r in res:
+            old_record = FileRecord(*r)
+            new_r = new_url + old_record.url[len(old_url):]
+            if conflict_handler == 'overwrite':
+                await self.cur.execute("DELETE FROM fmeta WHERE url = ?", (new_r, ))
+            elif conflict_handler == 'skip':
+                if (await self.cur.execute("SELECT url FROM fmeta WHERE url = ?", (new_r, ))) is not None:
+                    continue
+            new_fid = str(uuid.uuid4())
+            user_id = old_record.owner_id if user_id is None else user_id
+            await self.cur.execute(
+                "INSERT INTO fmeta (url, owner_id, file_id, file_size, permission, external, mime_type) VALUES (?, ?, ?, ?, ?, ?, ?)", 
+                (new_r, user_id, new_fid, old_record.file_size, old_record.permission, old_record.external, old_record.mime_type)
+                )
+            if not old_record.external:
+                await self.set_file_blob(new_fid, await self.get_file_blob(old_record.file_id))
+            else:
+                await copy_file(LARGE_BLOB_DIR / old_record.file_id, LARGE_BLOB_DIR / new_fid)
+            await self._user_size_inc(user_id, old_record.file_size)
     
     async def move_file(self, old_url: str, new_url: str):
         old = await self.get_file_record(old_url)
@@ -633,6 +684,9 @@ class Database:
         async with unique_cursor() as cur:
             user = await get_user(cur, u)
             assert user is not None, f"User {u} not found"
+
+            if await check_path_permission(url, user, cursor=cur) < AccessLevel.WRITE:
+                raise PermissionDeniedError(f"Permission denied: {user.username} cannot write to {url}")
             
             fconn_r = FileConn(cur)
             user_size_used = await fconn_r.user_size(user.id)
@@ -734,7 +788,7 @@ class Database:
             if r is None:
                 raise FileNotFoundError(f"File {old_url} not found")
             if op_user is not None:
-                if await check_path_permission(old_url, op_user) < AccessLevel.WRITE:
+                if await check_path_permission(old_url, op_user, cursor=cur) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move file {old_url}")
             await fconn.move_file(old_url, new_url)
 
@@ -742,6 +796,23 @@ class Database:
             if not new_mime is None:
                 await fconn.update_file_record(new_url, mime_type=new_mime)
     
+    # not tested
+    async def copy_file(self, old_url: str, new_url: str, op_user: Optional[UserRecord] = None):
+        validate_url(old_url)
+        validate_url(new_url)
+
+        async with transaction() as cur:
+            fconn = FileConn(cur)
+            r = await fconn.get_file_record(old_url)
+            if r is None:
+                raise FileNotFoundError(f"File {old_url} not found")
+            if op_user is not None:
+                if await check_path_permission(old_url, op_user, cursor=cur) < AccessLevel.READ:
+                    raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy file {old_url}")
+                if await check_path_permission(new_url, op_user, cursor=cur) < AccessLevel.WRITE:
+                    raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy file to {new_url}")
+            await fconn.copy_file(old_url, new_url, user_id=op_user.id if op_user is not None else None)
+    
     async def move_path(self, old_url: str, new_url: str, op_user: UserRecord):
         validate_url(old_url, is_file=False)
         validate_url(new_url, is_file=False)
@@ -756,14 +827,38 @@ class Database:
 
         async with unique_cursor() as cur:
             if not (
-                await check_path_permission(old_url, op_user) >= AccessLevel.WRITE and
-                await check_path_permission(new_url, op_user) >= AccessLevel.WRITE
+                await check_path_permission(old_url, op_user, cursor=cur) >= AccessLevel.WRITE and
+                await check_path_permission(new_url, op_user, cursor=cur) >= AccessLevel.WRITE
                 ):
                 raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move path {old_url} to {new_url}")
 
         async with transaction() as cur:
             fconn = FileConn(cur)
             await fconn.move_path(old_url, new_url, 'overwrite', op_user.id)
+    
+    # not tested
+    async def copy_path(self, old_url: str, new_url: str, op_user: UserRecord):
+        validate_url(old_url, is_file=False)
+        validate_url(new_url, is_file=False)
+        
+        if new_url.startswith('/'):
+            new_url = new_url[1:]
+        if old_url.startswith('/'):
+            old_url = old_url[1:]
+        assert old_url != new_url, "Old and new path must be different"
+        assert old_url.endswith('/'), "Old path must end with /"
+        assert new_url.endswith('/'), "New path must end with /"
+
+        async with unique_cursor() as cur:
+            if not (
+                await check_path_permission(old_url, op_user, cursor=cur) >= AccessLevel.READ and
+                await check_path_permission(new_url, op_user, cursor=cur) >= AccessLevel.WRITE
+                ):
+                raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot copy path {old_url} to {new_url}")
+        
+        async with transaction() as cur:
+            fconn = FileConn(cur)
+            await fconn.copy_path(old_url, new_url, 'overwrite', op_user.id)
 
     async def __batch_delete_file_blobs(self, fconn: FileConn, file_records: list[FileRecord], batch_size: int = 512):
         # https://github.com/langchain-ai/langchain/issues/10321

{lfss-0.9.0/lfss/src → lfss-0.9.1/lfss/eng}/error.py

@@ -2,6 +2,10 @@ import sqlite3
 
 class LFSSExceptionBase(Exception):...
 
+class FileLockedError(LFSSExceptionBase):...
+
+class InvalidOptionsError(LFSSExceptionBase, ValueError):...
+
 class DatabaseLockedError(LFSSExceptionBase, sqlite3.DatabaseError):...
 
 class PathNotFoundError(LFSSExceptionBase, FileNotFoundError):...

{lfss-0.9.0/lfss/src → lfss-0.9.1/lfss/eng}/thumb.py

@@ -1,6 +1,6 @@
-from lfss.src.config import THUMB_DB, THUMB_SIZE
-from lfss.src.database import FileConn
-from lfss.src.connection_pool import unique_cursor
+from lfss.eng.config import THUMB_DB, THUMB_SIZE
+from lfss.eng.database import FileConn
+from lfss.eng.connection_pool import unique_cursor
 from typing import Optional
 from PIL import Image
 from io import BytesIO
@@ -69,12 +69,13 @@ async def get_thumb(path: str) -> Optional[tuple[bytes, str]]:
     async with unique_cursor() as main_c:
         fconn = FileConn(main_c)
         r = await fconn.get_file_record(path)
-        if r is None:
-            async with cache_cursor() as cur:
-                await _delete_cache_thumb(cur, path)
-            raise FileNotFoundError(f'File not found: {path}')
-        if not r.mime_type.startswith('image/'):
-            return None
+
+    if r is None:
+        async with cache_cursor() as cur:
+            await _delete_cache_thumb(cur, path)
+        raise FileNotFoundError(f'File not found: {path}')
+    if not r.mime_type.startswith('image/'):
+        return None
 
     async with cache_cursor() as cur:
         c_time = r.create_time

{lfss-0.9.0/lfss/src → lfss-0.9.1/lfss/eng}/utils.py

@@ -1,8 +1,10 @@
 import datetime, time
 import urllib.parse
-import asyncio
+import pathlib
 import functools
 import hashlib
+import aiofiles
+import asyncio
 from asyncio import Lock
 from collections import OrderedDict
 from concurrent.futures import ThreadPoolExecutor
@@ -11,6 +13,12 @@ from functools import wraps, partial
 from uuid import uuid4
 import os
 
+async def copy_file(source: str|pathlib.Path, destination: str|pathlib.Path):
+    async with aiofiles.open(source, mode='rb') as src:
+        async with aiofiles.open(destination, mode='wb') as dest:
+            while chunk := await src.read(1024):
+                await dest.write(chunk)
+
 def hash_credential(username: str, password: str):
     return hashlib.sha256((username + password).encode()).hexdigest()
 

lfss-0.9.1/lfss/svc/app.py

@@ -0,0 +1,9 @@
+from .app_native import *
+import os
+
+# order matters
+app.include_router(router_api)
+if os.environ.get("LFSS_WEBDAV", "0") == "1":
+    from .app_dav import *
+    app.include_router(router_dav)
+app.include_router(router_fs)

lfss-0.9.1/lfss/svc/app_base.py

@@ -0,0 +1,152 @@
+import asyncio, time
+from contextlib import asynccontextmanager
+from typing import Optional
+from functools import wraps
+
+from fastapi import FastAPI, HTTPException, Request, Response, APIRouter, Depends
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials, HTTPBasic, HTTPBasicCredentials
+
+from ..eng.log import get_logger
+from ..eng.datatype import UserRecord
+from ..eng.connection_pool import unique_cursor
+from ..eng.database import Database, UserConn, delayed_log_activity, DECOY_USER
+from ..eng.connection_pool import global_connection_init, global_connection_close
+from ..eng.utils import wait_for_debounce_tasks, now_stamp, hash_credential
+from ..eng.error import *
+from ..eng.config import DEBUG_MODE
+from .request_log import RequestDB
+
+logger = get_logger("server", term_level="DEBUG")
+logger_failed_request = get_logger("failed_requests", term_level="INFO")
+db = Database()
+req_conn = RequestDB()
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    global db
+    try:
+        await global_connection_init(n_read = 2)
+        await asyncio.gather(db.init(), req_conn.init())
+        yield
+        await req_conn.commit()
+    finally:
+        await wait_for_debounce_tasks()
+        await asyncio.gather(req_conn.close(), global_connection_close())
+
+def handle_exception(fn):
+    @wraps(fn)
+    async def wrapper(*args, **kwargs):
+        try:
+            return await fn(*args, **kwargs)
+        except Exception as e:
+            if isinstance(e, HTTPException): 
+                print(f"HTTPException: {e}, detail: {e.detail}")
+            if isinstance(e, HTTPException): raise e
+            if isinstance(e, StorageExceededError): raise HTTPException(status_code=413, detail=str(e))
+            if isinstance(e, PermissionError): raise HTTPException(status_code=403, detail=str(e))
+            if isinstance(e, InvalidPathError): raise HTTPException(status_code=400, detail=str(e))
+            if isinstance(e, FileNotFoundError): raise HTTPException(status_code=404, detail=str(e))
+            if isinstance(e, FileExistsError): raise HTTPException(status_code=409, detail=str(e))
+            if isinstance(e, TooManyItemsError): raise HTTPException(status_code=400, detail=str(e))
+            if isinstance(e, DatabaseLockedError): raise HTTPException(status_code=503, detail=str(e))
+            if isinstance(e, FileLockedError): raise HTTPException(status_code=423, detail=str(e))
+            if isinstance(e, InvalidOptionsError): raise HTTPException(status_code=400, detail=str(e))
+            logger.error(f"Uncaptured error in {fn.__name__}: {e}")
+            raise 
+    return wrapper
+
+app = FastAPI(docs_url=None, redoc_url=None, lifespan=lifespan)
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+@app.middleware("http")
+async def log_requests(request: Request, call_next):
+
+    request_time_stamp = now_stamp()
+    start_time = time.perf_counter()
+    response: Response = await call_next(request)
+    end_time = time.perf_counter()
+    response_time = end_time - start_time
+    response.headers["X-Response-Time"] = str(response_time)
+
+    if response.headers.get("X-Skip-Log", None) is not None:
+        return response
+
+    if response.status_code >= 400:
+        logger_failed_request.error(f"{request.method} {request.url.path} \033[91m{response.status_code}\033[0m")
+    if DEBUG_MODE:
+        print(f"{request.method} {request.url.path} {response.status_code} {response_time:.3f}s")
+        print(f"Request headers: {dict(request.headers)}")
+    await req_conn.log_request(
+        request_time_stamp, 
+        request.method, request.url.path, response.status_code, response_time,
+        headers = dict(request.headers), 
+        query = dict(request.query_params), 
+        client = request.client, 
+        request_size = int(request.headers.get("Content-Length", 0)),
+        response_size = int(response.headers.get("Content-Length", 0))
+    )
+    await req_conn.ensure_commit_once()
+    return response
+
+def skip_request_log(fn):
+    @wraps(fn)
+    async def wrapper(*args, **kwargs):
+        response = await fn(*args, **kwargs)
+        assert isinstance(response, Response), "Response expected"
+        response.headers["X-Skip-Log"] = "1"
+        return response
+    return wrapper
+
+async def get_credential_from_params(request: Request):
+    return request.query_params.get("token")
+async def get_current_user(
+    h_token: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)), 
+    b_token: Optional[HTTPBasicCredentials] = Depends(HTTPBasic(auto_error=False)),
+    q_token: Optional[str] = Depends(get_credential_from_params)
+    ):
+    """
+    First try to get the user from the bearer token, 
+    if not found, try to get the user from the query parameter
+    """
+    async with unique_cursor() as conn:
+        uconn = UserConn(conn)
+        if h_token:
+            user = await uconn.get_user_by_credential(h_token.credentials)
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
+        elif b_token:
+            user = await uconn.get_user_by_credential(hash_credential(b_token.username, b_token.password))
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
+        elif q_token:
+            user = await uconn.get_user_by_credential(q_token)
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
+        else:
+            return DECOY_USER
+
+    if not user.id == 0:
+        await delayed_log_activity(user.username)
+
+    return user
+
+async def registered_user(user: UserRecord = Depends(get_current_user)):
+    if user.id == 0:
+        raise HTTPException(status_code=401, detail="Permission denied", headers={"WWW-Authenticate": "Basic"})
+    return user
+
+
+router_api = APIRouter(prefix="/_api")
+router_dav = APIRouter(prefix="")
+router_fs = APIRouter(prefix="")
+
+__all__ = [
+    "app", "db", "logger", 
+    "handle_exception", "skip_request_log", 
+    "router_api", "router_fs", "router_dav", 
+    "get_current_user", "registered_user"
+    ]