lfss 0.9.1__py3-none-any.whl → 0.9.2__py3-none-any.whl

Readme.md

@@ -34,10 +34,12 @@ The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/ur
 The authentication can be acheived through one of the following methods:
 1. `Authorization` header with the value `Bearer sha256(<username><password>)`.
 2. `token` query parameter with the value `sha256(<username><password>)`.
-3. HTTP Basic Authentication with the username and password. 
+3. HTTP Basic Authentication with the username and password (If WebDAV is enabled).
 
 You can refer to `frontend` as an application example, `lfss/api/connector.py` for more APIs. 
 
 By default, the service exposes all files to the public for `GET` requests, 
 but file-listing is restricted to the user's own files.  
-Please refer to [docs/Permission.md](./docs/Permission.md) for more details on the permission system.
+Please refer to [docs/Permission.md](./docs/Permission.md) for more details on the permission system. 
+
+More can be found in the [docs](./docs) directory.

docs/Enviroment_variables.md

@@ -0,0 +1,12 @@
+
+# Enviroment variables
+
+**Server**
+- `LFSS_DATA`: The directory to store the data. Default is `.storage_data`.
+- `LFSS_WEBDAV`: Enable WebDAV support. Default is `0`, set to `1` to enable.
+- `LFSS_LARGE_FILE`: The size limit of the file to store in the database. Default is `8m`.
+- `LFSS_DEBUG`: Enable debug mode for more verbose logging. Default is `0`, set to `1` to enable.
+
+**Client**
+- `LFSS_ENDPOINT`: The fallback server endpoint. Default is `http://localhost:8000`.
+- `LFSS_TOKEN`: The fallback token to authenticate. Should be `sha256(<username><password>)`.

docs/Known_issues.md

@@ -1 +1,3 @@
-[Safari 中文输入法回车捕获](https://github.com/anse-app/anse/issues/127)
+[Safari 中文输入法回车捕获](https://github.com/anse-app/anse/issues/127)
+
+[Word 临时文件](https://answers.microsoft.com/en-us/msoffice/forum/all/mac-os-word-temp-sb-folders-created-on-smb-share/40fda56c-c77c-4365-8fa3-eb87ac814207?page=1)

frontend/api.js

@@ -384,6 +384,27 @@ export default class Connector {
         }
     }
 
+    /**
+     * @param {string} srcPath - file path(url)
+     * @param {string} dstPath - new file path(url)
+     */
+    async copy(srcPath, dstPath){
+        if (srcPath.startsWith('/')){ srcPath = srcPath.slice(1); }
+        if (dstPath.startsWith('/')){ dstPath = dstPath.slice(1); }
+        const dst = new URL(this.config.endpoint + '/_api/copy');
+        dst.searchParams.append('src', srcPath);
+        dst.searchParams.append('dst', dstPath);
+        const res = await fetch(dst.toString(), {
+            method: 'POST',
+            headers: {
+                'Authorization': 'Bearer ' + this.config.token,
+                'Content-Type': 'application/www-form-urlencoded'
+            },
+        });
+        if (!(res.status == 200 || res.status == 201)){
+            throw new Error(`Failed to copy file, status code: ${res.status}, message: ${await fmtFailedResponse(res)}`);
+        }
+    }
 }
 
 /**

frontend/scripts.js

@@ -347,7 +347,7 @@ async function refreshFileList(){
                                 }
                             );
                         }, {
-                            text: 'Enter the destination path: ',
+                            text: 'Enter the destination path (Move): ',
                             placeholder: 'Destination path',
                             value: decodePathURI(dirurl), 
                             select: "last-pathname"
@@ -355,6 +355,30 @@ async function refreshFileList(){
                     });
                     actContainer.appendChild(moveButton);
 
+                    const copyButton = document.createElement('a');
+                    copyButton.textContent = 'Copy';
+                    copyButton.style.cursor = 'pointer';
+                    copyButton.addEventListener('click', () => {
+                        showFloatingWindowLineInput((dstPath) => {
+                            dstPath = encodePathURI(dstPath);
+                            console.log("Copying", dirurl, "to", dstPath);
+                            conn.copy(dirurl, dstPath)
+                                .then(() => {
+                                    refreshFileList();
+                                }, 
+                                (err) => {
+                                    showPopup('Failed to copy path: ' + err, {level: 'error'});
+                                }
+                            );
+                        }, {
+                            text: 'Enter the destination path (Copy): ',
+                            placeholder: 'Destination path',
+                            value: decodePathURI(dirurl), 
+                            select: "last-pathname"
+                        });
+                    });
+                    actContainer.appendChild(copyButton);
+
                     const downloadButton = document.createElement('a');
                     downloadButton.textContent = 'Download';
                     downloadButton.href = conn.config.endpoint + '/_api/bundle?' + 
@@ -478,7 +502,7 @@ async function refreshFileList(){
                                 }
                             );
                         }, {
-                            text: 'Enter the destination path: ',
+                            text: 'Enter the destination path (Move): ',
                             placeholder: 'Destination path',
                             value: decodePathURI(file.url), 
                             select: "last-filename"
@@ -486,6 +510,29 @@ async function refreshFileList(){
                     });
                     actContainer.appendChild(moveButton);
 
+                    const copyButton = document.createElement('a');
+                    copyButton.textContent = 'Copy';
+                    copyButton.style.cursor = 'pointer';
+                    copyButton.addEventListener('click', () => {
+                        showFloatingWindowLineInput((dstPath) => {
+                            dstPath = encodePathURI(dstPath);
+                            conn.copy(file.url, dstPath)
+                                .then(() => {
+                                    refreshFileList();
+                                }, 
+                                (err) => {
+                                    showPopup('Failed to copy file: ' + err, {level: 'error'});
+                                }
+                            );
+                        }, {
+                            text: 'Enter the destination path (Copy): ',
+                            placeholder: 'Destination path',
+                            value: decodePathURI(file.url), 
+                            select: "last-filename"
+                        });
+                    });
+                    actContainer.appendChild(copyButton);
+
                     const downloadBtn = document.createElement('a');
                     downloadBtn.textContent = 'Download';
                     downloadBtn.href = conn.config.endpoint + '/' + file.url + '?download=true&token=' + conn.config.token;

lfss/api/connector.py

@@ -270,6 +270,12 @@ class Connector:
         self._fetch_factory('POST', '_api/meta', {'path': path, 'new_path': new_path})(
             headers = {'Content-Type': 'application/www-form-urlencoded'}
         )
+    
+    def copy(self, src: str, dst: str):
+        """Copy file from src to dst."""
+        self._fetch_factory('POST', '_api/copy', {'src': src, 'dst': dst})(
+            headers = {'Content-Type': 'application/www-form-urlencoded'}
+        )
         
     def whoami(self) -> UserRecord:
         """Gets information about the current user."""

lfss/eng/database.py

@@ -467,7 +467,7 @@ class FileConn(DBObjectBase):
         await self.cur.execute("UPDATE fmeta SET url = ?, create_time = CURRENT_TIMESTAMP WHERE url = ?", (new_url, old_url))
         self.logger.info(f"Moved file {old_url} to {new_url}")
     
-    async def move_path(self, old_url: str, new_url: str, conflict_handler: Literal['skip', 'overwrite'] = 'overwrite', user_id: Optional[int] = None):
+    async def move_path(self, old_url: str, new_url: str, user_id: Optional[int] = None):
         assert old_url.endswith('/'), "Old path must end with /"
         assert new_url.endswith('/'), "New path must end with /"
         if user_id is None:
@@ -478,11 +478,9 @@ class FileConn(DBObjectBase):
             res = await cursor.fetchall()
         for r in res:
             new_r = new_url + r[0][len(old_url):]
-            if conflict_handler == 'overwrite':
-                await self.cur.execute("DELETE FROM fmeta WHERE url = ?", (new_r, ))
-            elif conflict_handler == 'skip':
-                if (await self.cur.execute("SELECT url FROM fmeta WHERE url = ?", (new_r, ))) is not None:
-                    continue
+            if await (await self.cur.execute("SELECT url FROM fmeta WHERE url = ?", (new_r, ))).fetchone():
+                self.logger.error(f"File {new_r} already exists on move path: {old_url} -> {new_url}")
+                raise FileDuplicateError(f"File {new_r} already exists")
             await self.cur.execute("UPDATE fmeta SET url = ?, create_time = CURRENT_TIMESTAMP WHERE url = ?", (new_r, r[0]))
     
     async def log_access(self, url: str):
@@ -790,6 +788,8 @@ class Database:
             if op_user is not None:
                 if await check_path_permission(old_url, op_user, cursor=cur) < AccessLevel.WRITE:
                     raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move file {old_url}")
+                if await check_path_permission(new_url, op_user, cursor=cur) < AccessLevel.WRITE:
+                    raise PermissionDeniedError(f"Permission denied: {op_user.username} cannot move file to {new_url}")
             await fconn.move_file(old_url, new_url)
 
             new_mime, _ = mimetypes.guess_type(new_url)
@@ -834,7 +834,7 @@ class Database:
 
         async with transaction() as cur:
             fconn = FileConn(cur)
-            await fconn.move_path(old_url, new_url, 'overwrite', op_user.id)
+            await fconn.move_path(old_url, new_url, op_user.id)
     
     # not tested
     async def copy_path(self, old_url: str, new_url: str, op_user: UserRecord):

lfss/eng/error.py

@@ -10,6 +10,8 @@ class DatabaseLockedError(LFSSExceptionBase, sqlite3.DatabaseError):...
 
 class PathNotFoundError(LFSSExceptionBase, FileNotFoundError):...
 
+class FileDuplicateError(LFSSExceptionBase, FileExistsError):...
+
 class PermissionDeniedError(LFSSExceptionBase, PermissionError):...
 
 class InvalidPathError(LFSSExceptionBase, ValueError):...

lfss/svc/app.py

@@ -1,9 +1,9 @@
+from .app_base import ENABLE_WEBDAV
 from .app_native import *
-import os
 
 # order matters
 app.include_router(router_api)
-if os.environ.get("LFSS_WEBDAV", "0") == "1":
+if ENABLE_WEBDAV:
     from .app_dav import *
     app.include_router(router_dav)
 app.include_router(router_fs)

lfss/svc/app_base.py

@@ -1,4 +1,4 @@
-import asyncio, time
+import asyncio, time, os
 from contextlib import asynccontextmanager
 from typing import Optional
 from functools import wraps
@@ -17,6 +17,7 @@ from ..eng.error import *
 from ..eng.config import DEBUG_MODE
 from .request_log import RequestDB
 
+ENABLE_WEBDAV = os.environ.get("LFSS_WEBDAV", "0") == "1"
 logger = get_logger("server", term_level="DEBUG")
 logger_failed_request = get_logger("failed_requests", term_level="INFO")
 db = Database()
@@ -47,6 +48,7 @@ def handle_exception(fn):
             if isinstance(e, PermissionError): raise HTTPException(status_code=403, detail=str(e))
             if isinstance(e, InvalidPathError): raise HTTPException(status_code=400, detail=str(e))
             if isinstance(e, FileNotFoundError): raise HTTPException(status_code=404, detail=str(e))
+            if isinstance(e, FileDuplicateError): raise HTTPException(status_code=409, detail=str(e))
             if isinstance(e, FileExistsError): raise HTTPException(status_code=409, detail=str(e))
             if isinstance(e, TooManyItemsError): raise HTTPException(status_code=400, detail=str(e))
             if isinstance(e, DatabaseLockedError): raise HTTPException(status_code=503, detail=str(e))
@@ -119,13 +121,13 @@ async def get_current_user(
         uconn = UserConn(conn)
         if h_token:
             user = await uconn.get_user_by_credential(h_token.credentials)
-            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
-        elif b_token:
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic" if ENABLE_WEBDAV else "Bearer"})
+        elif ENABLE_WEBDAV and b_token:
             user = await uconn.get_user_by_credential(hash_credential(b_token.username, b_token.password))
-            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic" if ENABLE_WEBDAV else "Bearer"})
         elif q_token:
             user = await uconn.get_user_by_credential(q_token)
-            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic"})
+            if not user: raise HTTPException(status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Basic" if ENABLE_WEBDAV else "Bearer"})
         else:
             return DECOY_USER
 
@@ -136,10 +138,9 @@ async def get_current_user(
 
 async def registered_user(user: UserRecord = Depends(get_current_user)):
     if user.id == 0:
-        raise HTTPException(status_code=401, detail="Permission denied", headers={"WWW-Authenticate": "Basic"})
+        raise HTTPException(status_code=401, detail="Permission denied", headers={"WWW-Authenticate": "Basic" if ENABLE_WEBDAV else "Bearer"})
     return user
 
-
 router_api = APIRouter(prefix="/_api")
 router_dav = APIRouter(prefix="")
 router_fs = APIRouter(prefix="")

lfss/svc/app_dav.py

@@ -3,16 +3,17 @@
 from fastapi import Request, Response, Depends, HTTPException
 import time, uuid, os
 import aiosqlite
+import asyncio
 from typing import Literal, Optional
 import xml.etree.ElementTree as ET
 from ..eng.connection_pool import unique_cursor
 from ..eng.error import *
-from ..eng.config import DATA_HOME
+from ..eng.config import DATA_HOME, DEBUG_MODE
 from ..eng.datatype import UserRecord, FileRecord, DirectoryRecord
 from ..eng.database import FileConn
-from ..eng.utils import ensure_uri_compnents, decode_uri_compnents, format_last_modified
+from ..eng.utils import ensure_uri_compnents, decode_uri_compnents, format_last_modified, static_vars
 from .app_base import *
-from .common_impl import get_file_impl, put_file_impl, delete_file_impl
+from .common_impl import get_file_impl, put_file_impl, delete_impl, copy_impl
 
 LOCK_DB_PATH = DATA_HOME / "lock.db"
 MKDIR_PLACEHOLDER = ".lfss_keep"
@@ -79,12 +80,14 @@ CREATE TABLE IF NOT EXISTS locks (
     path TEXT PRIMARY KEY,
     user TEXT,
     token TEXT,
+    depth TEXT,
     timeout float,
     lock_time float
 );
 """
-async def lock_path(user: UserRecord, p: str, token: str, timeout: int = 600):
+async def lock_path(user: UserRecord, p: str, token: str, depth: str, timeout: int = 1800):
     async with aiosqlite.connect(LOCK_DB_PATH) as conn:
+        await conn.execute("BEGIN EXCLUSIVE")
         await conn.execute(lock_table_create_sql)
         async with conn.execute("SELECT user, timeout, lock_time FROM locks WHERE path=?", (p,)) as cur:
             row = await cur.fetchone()
@@ -93,10 +96,11 @@ async def lock_path(user: UserRecord, p: str, token: str, timeout: int = 600):
                 curr_time = time.time()
                 if timeout > 0 and curr_time - lock_time_ < timeout_:
                     raise FileLockedError(f"File is locked (by {user_}) [{p}]")
-            await cur.execute("INSERT OR REPLACE INTO locks VALUES (?, ?, ?, ?, ?)", (p, user.username, token, timeout, time.time()))
+            await cur.execute("INSERT OR REPLACE INTO locks VALUES (?, ?, ?, ?, ?, ?)", (p, user.username, token, depth, timeout, time.time()))
             await conn.commit()
 async def unlock_path(user: UserRecord, p: str, token: str):
     async with aiosqlite.connect(LOCK_DB_PATH) as conn:
+        await conn.execute("BEGIN EXCLUSIVE")
         await conn.execute(lock_table_create_sql)
         async with conn.execute("SELECT user, token FROM locks WHERE path=?", (p,)) as cur:
             row = await cur.fetchone()
@@ -108,29 +112,32 @@ async def unlock_path(user: UserRecord, p: str, token: str):
             await conn.commit()
 async def query_lock_el(p: str, top_el_name: str = f"{{{DAV_NS}}}lockinfo") -> Optional[ET.Element]:
     async with aiosqlite.connect(LOCK_DB_PATH) as conn:
+        await conn.execute("BEGIN EXCLUSIVE")
         await conn.execute(lock_table_create_sql)
-        async with conn.execute("SELECT user, token, timeout, lock_time FROM locks WHERE path=?", (p,)) as cur:
+        async with conn.execute("SELECT user, token, depth, timeout, lock_time FROM locks WHERE path=?", (p,)) as cur:
             row = await cur.fetchone()
             if not row: return None
             curr_time = time.time()
-            user_, token, timeout, lock_time = row
+            username, token, depth, timeout, lock_time = row
             if timeout > 0 and curr_time - lock_time > timeout:
                 await cur.execute("DELETE FROM locks WHERE path=?", (p,))
                 await conn.commit()
                 return None
-            lock_info = ET.Element(top_el_name)
-            locktype = ET.SubElement(lock_info, f"{{{DAV_NS}}}locktype")
-            ET.SubElement(locktype, f"{{{DAV_NS}}}write")
-            lockscope = ET.SubElement(lock_info, f"{{{DAV_NS}}}lockscope")
-            ET.SubElement(lockscope, f"{{{DAV_NS}}}exclusive")
-            owner = ET.SubElement(lock_info, f"{{{DAV_NS}}}owner")
-            owner.text = user_
-            timeout = ET.SubElement(lock_info, f"{{{DAV_NS}}}timeout")
-            timeout.text = f"Second-{timeout}"
-            locktoken = ET.SubElement(lock_info, f"{{{DAV_NS}}}locktoken")
-            href = ET.SubElement(locktoken, f"{{{DAV_NS}}}href")
-            href.text = f"{token}"
-            return lock_info
+        lock_info = ET.Element(top_el_name)
+        locktype = ET.SubElement(lock_info, f"{{{DAV_NS}}}locktype")
+        ET.SubElement(locktype, f"{{{DAV_NS}}}write")
+        lockscope = ET.SubElement(lock_info, f"{{{DAV_NS}}}lockscope")
+        ET.SubElement(lockscope, f"{{{DAV_NS}}}exclusive")
+        owner = ET.SubElement(lock_info, f"{{{DAV_NS}}}owner")
+        owner.text = username
+        depth_el = ET.SubElement(lock_info, f"{{{DAV_NS}}}depth")
+        depth_el.text = depth
+        timeout = ET.SubElement(lock_info, f"{{{DAV_NS}}}timeout")
+        timeout.text = f"Second-{timeout}"
+        locktoken = ET.SubElement(lock_info, f"{{{DAV_NS}}}locktoken")
+        href = ET.SubElement(locktoken, f"{{{DAV_NS}}}href")
+        href.text = f"{token}"
+        return lock_info
 
 async def create_file_xml_element(frecord: FileRecord) -> ET.Element:
     file_el = ET.Element(f"{{{DAV_NS}}}response")
@@ -143,9 +150,9 @@ async def create_file_xml_element(frecord: FileRecord) -> ET.Element:
     ET.SubElement(prop, f"{{{DAV_NS}}}getcontentlength").text = str(frecord.file_size)
     ET.SubElement(prop, f"{{{DAV_NS}}}getlastmodified").text = format_last_modified(frecord.create_time)
     ET.SubElement(prop, f"{{{DAV_NS}}}getcontenttype").text = frecord.mime_type
-    lock_discovery = ET.SubElement(prop, f"{{{DAV_NS}}}lockdiscovery")
     lock_el = await query_lock_el(frecord.url, top_el_name=f"{{{DAV_NS}}}activelock")
     if lock_el is not None:
+        lock_discovery = ET.SubElement(prop, f"{{{DAV_NS}}}lockdiscovery")
         lock_discovery.append(lock_el)
     return file_el
 
@@ -160,9 +167,9 @@ async def create_dir_xml_element(drecord: DirectoryRecord) -> ET.Element:
     if drecord.size >= 0:
         ET.SubElement(prop, f"{{{DAV_NS}}}getlastmodified").text = format_last_modified(drecord.create_time)
         ET.SubElement(prop, f"{{{DAV_NS}}}getcontentlength").text = str(drecord.size)
-    lock_discovery = ET.SubElement(prop, f"{{{DAV_NS}}}lockdiscovery")
     lock_el = await query_lock_el(drecord.url, top_el_name=f"{{{DAV_NS}}}activelock")
     if lock_el is not None:
+        lock_discovery = ET.SubElement(prop, f"{{{DAV_NS}}}lockdiscovery")
         lock_discovery.append(lock_el)
     return dir_el
 
@@ -185,10 +192,10 @@ async def dav_options(request: Request, path: str):
 
 @router_dav.get("/{path:path}")
 @handle_exception
-async def dav_get(request: Request, path: str, user: UserRecord = Depends(registered_user)):
+async def dav_get(request: Request, path: str, user: UserRecord = Depends(get_current_user)):
     ptype, path, _ = await eval_path(path)
     if ptype is None: raise PathNotFoundError(path)
-    elif ptype == "dir": raise InvalidOptionsError("Directory should not be fetched")
+    # elif ptype == "dir": raise InvalidOptionsError("Directory should not be fetched")
     else: return await get_file_impl(request, user=user, path=path)
 
 @router_dav.head("/{path:path}")
@@ -210,7 +217,7 @@ async def dav_put(request: Request, path: str, user: UserRecord = Depends(regist
 @handle_exception
 async def dav_delete(path: str, user: UserRecord = Depends(registered_user)):
     _, path, _ = await eval_path(path)
-    return await delete_file_impl(user=user, path=path)
+    return await delete_impl(user=user, path=path)
 
 @router_dav.api_route("/{path:path}", methods=["PROPFIND"])
 @handle_exception
@@ -308,25 +315,17 @@ async def dav_copy(request: Request, path: str, user: UserRecord = Depends(regis
     ptype, lfss_path, _ = await eval_path(path)
     if ptype is None:
         raise PathNotFoundError(path)
-    dptype, dlfss_path, ddav_path = await eval_path(destination)
+    dptype, dlfss_path, _ = await eval_path(destination)
     if dptype is not None:
         raise HTTPException(status_code=409, detail="Conflict")
     
     logger.info(f"COPY {path} -> {destination}")
-    if ptype == "file":
-        assert not lfss_path.endswith("/"), "File path should not end with /"
-        assert not dlfss_path.endswith("/"), "File path should not end with /"
-        await db.copy_file(lfss_path, dlfss_path, user)
-    else:
-        assert ptype == "dir", "Directory path should end with /"
-        assert lfss_path.endswith("/"), "Directory path should end with /"
-        assert dlfss_path.endswith("/"), "Directory path should end with /"
-        await db.copy_path(lfss_path, dlfss_path, user)
-    return Response(status_code=201)
+    return await copy_impl(op_user=user, src_path=lfss_path, dst_path=dlfss_path)
 
 @router_dav.api_route("/{path:path}", methods=["LOCK"])
 @handle_exception
-async def dav_lock(request: Request, path: str, user: UserRecord = Depends(registered_user)):
+@static_vars(lock = asyncio.Lock())
+async def dav_lock(request: Request, path: str, user: UserRecord = Depends(registered_user), body: ET.Element = Depends(xml_request_body)):
     raw_timeout = request.headers.get("Timeout", "Second-3600")
     if raw_timeout == "Infinite": timeout = -1
     else:
@@ -334,16 +333,20 @@ async def dav_lock(request: Request, path: str, user: UserRecord = Depends(regis
             raise HTTPException(status_code=400, detail="Bad Request, invalid timeout: " + raw_timeout + ", expected Second-<seconds> or Infinite")
         _, timeout_str = raw_timeout.split("-")
         timeout = int(timeout_str)
-
+    
+    lock_depth = request.headers.get("Depth", "0")
     _, path, _ = await eval_path(path)
     # lock_token = f"opaquelocktoken:{uuid.uuid4().hex}"
     lock_token = f"urn:uuid:{uuid.uuid4()}"
-    logger.info(f"LOCK {path} (timeout: {timeout}), token: {lock_token}")
-    await lock_path(user, path, lock_token, timeout=timeout)
-    response_elem = ET.Element(f"{{{DAV_NS}}}prop")
-    lockdiscovery = ET.SubElement(response_elem, f"{{{DAV_NS}}}lockdiscovery")
-    activelock = await query_lock_el(path, top_el_name=f"{{{DAV_NS}}}activelock")
-    assert activelock is not None, "Lock info should not be None"
+    logger.info(f"LOCK {path} (timeout: {timeout}), token: {lock_token}, depth: {lock_depth}")
+    if DEBUG_MODE:
+        print("Lock-body:", ET.tostring(body, encoding="utf-8", method="xml"))
+    async with dav_lock.lock:
+        await lock_path(user, path, lock_token, lock_depth, timeout=timeout)
+        response_elem = ET.Element(f"{{{DAV_NS}}}prop")
+        lockdiscovery = ET.SubElement(response_elem, f"{{{DAV_NS}}}lockdiscovery")
+        activelock = await query_lock_el(path, top_el_name=f"{{{DAV_NS}}}activelock")
+        assert activelock is not None
     lockdiscovery.append(activelock)
     lock_response = ET.tostring(response_elem, encoding="utf-8", method="xml")
     return Response(content=lock_response, media_type="application/xml", status_code=201, headers={
@@ -352,13 +355,15 @@ async def dav_lock(request: Request, path: str, user: UserRecord = Depends(regis
 
 @router_dav.api_route("/{path:path}", methods=["UNLOCK"])
 @handle_exception
-async def dav_unlock(request: Request, path: str, user: UserRecord = Depends(registered_user)):
+async def dav_unlock(request: Request, path: str, user: UserRecord = Depends(registered_user), body: ET.Element = Depends(xml_request_body)):
     lock_token = request.headers.get("Lock-Token")
     if not lock_token:
         raise HTTPException(status_code=400, detail="Lock-Token header is required")
     if lock_token.startswith("<") and lock_token.endswith(">"):
         lock_token = lock_token[1:-1]
     logger.info(f"UNLOCK {path}, token: {lock_token}")
+    if DEBUG_MODE:
+        print("Unlock-body:", ET.tostring(body, encoding="utf-8", method="xml"))
     _, path, _ = await eval_path(path)
     await unlock_path(user, path, lock_token)
     return Response(status_code=204)

lfss/svc/app_native.py

@@ -13,7 +13,7 @@ from ..eng.datatype import (
 )
 
 from .app_base import *
-from .common_impl import get_file_impl, put_file_impl, post_file_impl, delete_file_impl
+from .common_impl import get_file_impl, put_file_impl, post_file_impl, delete_impl, copy_impl
 
 @router_fs.get("/{path:path}")
 @handle_exception
@@ -75,7 +75,7 @@ async def post_file(
 @router_fs.delete("/{path:path}")
 @handle_exception
 async def delete_file(path: str, user: UserRecord = Depends(registered_user)):
-    return await delete_file_impl(path, user)
+    return await delete_impl(path, user)
 
 
 @router_api.get("/bundle")
@@ -181,11 +181,19 @@ async def update_file_meta(
         if new_path is not None:
             new_path = ensure_uri_compnents(new_path)
             logger.info(f"Update path of {path} to {new_path}")
-            # currently only move own file, with overwrite
+            # will raise duplicate path error if same name path exists in the new path
             await db.move_path(path, new_path, user)
 
     return Response(status_code=200, content="OK")
 
+@router_api.post("/copy")
+@handle_exception
+async def copy_file(
+    src: str, dst: str, 
+    user: UserRecord = Depends(registered_user)
+    ):
+    return await copy_impl(src_path = src, dst_path = dst, op_user = user)
+
 async def validate_path_read_permission(path: str, user: UserRecord):
     if not path.endswith("/"):
         raise HTTPException(status_code=400, detail="Path must end with /")

lfss/svc/common_impl.py

@@ -252,7 +252,7 @@ async def post_file_impl(
         "Content-Type": "application/json",
     }, content=json.dumps({"url": path}))
 
-async def delete_file_impl(path: str, user: UserRecord):
+async def delete_impl(path: str, user: UserRecord):
     path = ensure_uri_compnents(path)
     if await check_path_permission(path, user) < AccessLevel.WRITE:
         raise HTTPException(status_code=403, detail="Permission denied")
@@ -268,3 +268,32 @@ async def delete_file_impl(path: str, user: UserRecord):
         return Response(status_code=200, content="Deleted")
     else:
         return Response(status_code=404, content="Not found")
+
+async def copy_impl(
+    op_user: UserRecord, src_path: str, dst_path: str,
+):
+    src_path = ensure_uri_compnents(src_path)
+    dst_path = ensure_uri_compnents(dst_path)
+    copy_type = "file" if not src_path[-1] == "/" else "directory"
+    if (src_path[-1] == "/") != (dst_path[-1] == "/"):
+        raise HTTPException(status_code=400, detail="Source and destination must be same type")
+
+    if src_path == dst_path:
+        raise HTTPException(status_code=400, detail="Source and destination are the same")
+    
+    logger.info(f"Copy {src_path} to {dst_path}, user: {op_user.username}")
+    if copy_type == "file":
+        async with unique_cursor() as cur:
+            fconn = FileConn(cur)
+            dst_record = await fconn.get_file_record(dst_path)
+        if dst_record:
+            raise HTTPException(status_code=409, detail="Destination exists")
+        await db.copy_file(src_path, dst_path, op_user)
+    else:
+        async with unique_cursor() as cur:
+            fconn = FileConn(cur)
+            dst_fcount = await fconn.count_path_files(dst_path, flat=True)
+        if dst_fcount > 0:
+            raise HTTPException(status_code=409, detail="Destination exists")
+        await db.copy_path(src_path, dst_path, op_user)
+    return Response(status_code=201, content="OK")

{lfss-0.9.1.dist-info → lfss-0.9.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: lfss
-Version: 0.9.1
+Version: 0.9.2
 Summary: Lightweight file storage service
 Home-page: https://github.com/MenxLi/lfss
 Author: li_mengxun
@@ -57,10 +57,12 @@ The API usage is simple, just `GET`, `PUT`, `DELETE` to the `/<username>/file/ur
 The authentication can be acheived through one of the following methods:
 1. `Authorization` header with the value `Bearer sha256(<username><password>)`.
 2. `token` query parameter with the value `sha256(<username><password>)`.
-3. HTTP Basic Authentication with the username and password. 
+3. HTTP Basic Authentication with the username and password (If WebDAV is enabled).
 
 You can refer to `frontend` as an application example, `lfss/api/connector.py` for more APIs. 
 
 By default, the service exposes all files to the public for `GET` requests, 
 but file-listing is restricted to the user's own files.  
-Please refer to [docs/Permission.md](./docs/Permission.md) for more details on the permission system.
+Please refer to [docs/Permission.md](./docs/Permission.md) for more details on the permission system. 
+
+More can be found in the [docs](./docs) directory.

{lfss-0.9.1.dist-info → lfss-0.9.2.dist-info}/RECORD

@@ -1,8 +1,9 @@
-Readme.md,sha256=6gOvhb93ma83VKC4-pfi4TccZxCq4kj3GEB9qa9ols4,1759
-docs/Known_issues.md,sha256=rfdG3j1OJF-59S9E06VPyn0nZKbW-ybPxkoZ7MEZWp8,81
+Readme.md,sha256=JVe9T6N1Rz4hTiiCVoDYe2VB0dAi60VcBgb2twQdfZc,1834
+docs/Enviroment_variables.md,sha256=LUZF1o70emp-5UPsvXPjcxapP940OqEZzSyyUUT9bEQ,569
+docs/Known_issues.md,sha256=ZqETcWP8lzTOel9b2mxEgCnADFF8IxOrEtiVO1NoMAk,251
 docs/Permission.md,sha256=mvK8gVBBgoIFJqikcaReU_bUo-mTq_ECqJaDDJoQF7Q,3126
 docs/Webdav.md,sha256=9Q41ROEJodVVAnlo1Tf0jqsyrbuHhv_ElSsXbIPXYIg,1547
-frontend/api.js,sha256=hMV6Fc1JxkFQgv7BV1Y_Su7pqsWeF_92hPMmDBcXC04,18485
+frontend/api.js,sha256=GlQsNoZFEcy7QUUsLbXv7aP-KxRnIxM37FQHTaakGiQ,19387
 frontend/index.html,sha256=-k0bJ5FRqdl_H-O441D_H9E-iejgRCaL_z5UeYaS2qc,3384
 frontend/info.css,sha256=Ny0N3GywQ3a9q1_Qph_QFEKB4fEnTe_2DJ1Y5OsLLmQ,595
 frontend/info.js,sha256=xGUJPCSrtDhuSu0ELLQZ77PmVWldg-prU1mwQGbdEoA,5797
@@ -10,14 +11,14 @@ frontend/login.css,sha256=VMM0QfbDFYerxKWKSGhMI1yg5IRBXg0TTdLJEEhQZNk,355
 frontend/login.js,sha256=QoO8yKmBHDVP-ZomCMOaV7xVUVIhpl7esJrb6T5aHQE,2466
 frontend/popup.css,sha256=TJZYFW1ZcdD1IVTlNPYNtMWKPbN6XDbQ4hKBOFK8uLg,1284
 frontend/popup.js,sha256=3PgaGZmxSdV1E-D_MWgcR7aHWkcsHA1BNKSOkmP66tA,5191
-frontend/scripts.js,sha256=nWH6NgavZTVmjK44i2DeRi6mJzGSe4qeQPUbDaEVt58,21735
+frontend/scripts.js,sha256=2-Omsb1-s4Wc859_SYw8JGyeUSiADaH9va4w87Mozns,24134
 frontend/state.js,sha256=vbNL5DProRKmSEY7xu9mZH6IY0PBenF8WGxPtGgDnLI,1680
 frontend/styles.css,sha256=xcNLqI3KBsY5TLnku8UIP0Jfr7QLajr1_KNlZj9eheM,4935
 frontend/thumb.css,sha256=rNsx766amYS2DajSQNabhpQ92gdTpNoQKmV69OKvtpI,295
 frontend/thumb.js,sha256=46ViD2TlTTWy0fx6wjoAs_5CQ4ajYB90vVzM7UO2IHw,6182
 frontend/utils.js,sha256=IYUZl77ugiXKcLxSNOWC4NSS0CdD5yRgUsDb665j0xM,2556
 lfss/api/__init__.py,sha256=8IJqrpWK1doIyVVbntvVic82A57ncwl5b0BRHX4Ri6A,6660
-lfss/api/connector.py,sha256=gLn-eW1m6trjqj54YXzPqByQFT56WlSy08kUm1UX4LE,11573
+lfss/api/connector.py,sha256=hHSEEWecKQGZH6oxAmYoG3q7lFfacCbOKVZiUIXT2y8,11819
 lfss/cli/__init__.py,sha256=lPwPmqpa7EXQ4zlU7E7LOe6X2kw_xATGdwoHphUEirA,827
 lfss/cli/balance.py,sha256=fUbKKAUyaDn74f7mmxMfBL4Q4voyBLHu6Lg_g8GfMOQ,4121
 lfss/cli/cli.py,sha256=aYjB8d4k6JUd9efxZK-XOj-mlG4JeOr_0lnj2qqCiK0,8066
@@ -29,21 +30,21 @@ lfss/eng/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 lfss/eng/bounded_pool.py,sha256=BI1dU-MBf82TMwJBYbjhEty7w1jIUKc5Bn9SnZ_-hoY,1288
 lfss/eng/config.py,sha256=DmnUYMeLOL-45OstysyMpSBPmLofgzvcSrsWjHvssYs,915
 lfss/eng/connection_pool.py,sha256=-tePasJxiZZ73ymgWf_kFnaKouc4Rrr4K6EXwjb7Mm4,6141
-lfss/eng/database.py,sha256=81wp6LczdByk05RYcJfLjd0tx4ZT3Ue2k994UYMiDZI,47172
+lfss/eng/database.py,sha256=cfMq7Hgj8cHFtynDzpRiqb0XYNb6OKWMYc8PcWl8eVw,47285
 lfss/eng/datatype.py,sha256=27UB7-l9SICy5lAvKjdzpTL_GohZjzstQcr9PtAq7nM,2709
-lfss/eng/error.py,sha256=61hcjeQ-y5htKhImDtDuWDf0GPrwbj5LySibeHiKFxc,529
+lfss/eng/error.py,sha256=sDbXo2R3APJAV0KtoYGCHx2qVZso7svtDzq-WjnzhAw,595
 lfss/eng/log.py,sha256=u6WRZZsE7iOx6_CV2NHh1ugea26p408FI4WstZh896A,5139
 lfss/eng/thumb.py,sha256=YO1yTI8WzW7pBpQN9x5PtPayxhftb32IJl1zPSS9mks,3243
 lfss/eng/utils.py,sha256=zZ7r9BsNV8XJJVNOxfIqRCO1bxNzh7bc9vEJiCkgbKI,6208
 lfss/sql/init.sql,sha256=8LjHx0TBCkBD62xFfssSeHDqKYVQQJkZAg4rSm046f4,1496
 lfss/sql/pragma.sql,sha256=uENx7xXjARmro-A3XAK8OM8v5AxDMdCCRj47f86UuXg,206
-lfss/svc/app.py,sha256=XK0hx5yKMk8JViJ2BXgsFr3hgSdWn_equJ0JoJwMiuc,221
-lfss/svc/app_base.py,sha256=LjH9tJzaFcP7PB8OBUizG9kvNhts2eq0JxNMBUCoHw0,6312
-lfss/svc/app_dav.py,sha256=8Etdoh_NmvZpEG8J9m97xRF4i-GNGJNvNfgjfLIDjzk,17224
-lfss/svc/app_native.py,sha256=ML-PR-zdoi5j3-KrGhIaYPMbSoW9Lesh7NROPNPUINU,9221
-lfss/svc/common_impl.py,sha256=m3lMA97a4yd_VFG3IrVYIsDzyUEseX7sU633qj7iyDI,10858
+lfss/svc/app.py,sha256=ftWCpepBx-gTSG7i-TB-IdinPPstAYYQjCgnTfeMZeI,219
+lfss/svc/app_base.py,sha256=nc02DP4iMKP41fRl8M-iAhbHwyb4QJJTKKSJwtdCox4,6617
+lfss/svc/app_dav.py,sha256=nPMdPsYNcgxqHOt5bDaaA0Wy8AdRDJajEda_-KxOoHA,17466
+lfss/svc/app_native.py,sha256=xwMCOWp4ne3rmtiiYhfxETi__V-zPEfHw-c4iWNtXWc,9471
+lfss/svc/common_impl.py,sha256=_biK0F_AAw4PnMNWR0WuHJSRyIp1iTSOOIPBauZCJ9M,12143
 lfss/svc/request_log.py,sha256=v8yXEIzPjaksu76Oh5vgdbUEUrw8Kt4etLAXBWSGie8,3207
-lfss-0.9.1.dist-info/METADATA,sha256=CZuVoVTKJG002grUK_hXtgy0b_j3m-eNHDK0SRyVLL4,2519
-lfss-0.9.1.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-lfss-0.9.1.dist-info/entry_points.txt,sha256=VJ8svMz7RLtMCgNk99CElx7zo7M-N-z7BWDVw2HA92E,205
-lfss-0.9.1.dist-info/RECORD,,
+lfss-0.9.2.dist-info/METADATA,sha256=0Q5klZ2iwBF1ZUQ5iximW02mMmoAM5ib08s0IsdyuLE,2594
+lfss-0.9.2.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+lfss-0.9.2.dist-info/entry_points.txt,sha256=VJ8svMz7RLtMCgNk99CElx7zo7M-N-z7BWDVw2HA92E,205
+lfss-0.9.2.dist-info/RECORD,,