diff --git a/README.md b/README.md index a1dcb4e4..9900a096 100644 --- a/README.md +++ b/README.md @@ -1852,6 +1852,8 @@ share specific folders in a volume without giving away full read-access to the volflag `dk` generates dirkeys (per-directory accesskeys) for all folders, granting read-access to that folder; by default only that folder itself, no subfolders +volflag `dky` disables the actual key-check, meaning anyone can see the contents of a folder where they have `g` access, but not its subdirectories + volflag `dks` lets people enter subfolders as well, and also enables download-as-zip/tar dirkeys are generated based on another salt (`--dk-salt`) + filesystem-path and have a few limitations: diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py index a846dce8..7e2cbcde 100644 --- a/copyparty/authsrv.py +++ b/copyparty/authsrv.py @@ -1688,8 +1688,15 @@ class AuthSrv(object): dk = vol.flags.get("dk") dks = vol.flags.get("dks") + dky = vol.flags.get("dky") + if dks is not None and dky is not None: + t = "WARNING: volume /%s has both dks and dky enabled; this is too yolo and not permitted" + raise Exception(t % (vol.vpath,)) + if dks and not dk: dk = dks + if dky and not dk: + dk = dky if dk: vol.flags["dk"] = int(dk) if dk is not True else 8 diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py index 643a6d8d..355ba035 100644 --- a/copyparty/httpcli.py +++ b/copyparty/httpcli.py @@ -2879,6 +2879,9 @@ class HttpCli(object): if self.can_read or not self.can_get: return False + if self.vn.flags.get("dky"): + return True + req = self.uparam.get("k") or "" if not req: return False @@ -4234,8 +4237,11 @@ class HttpCli(object): add_fk = vf.get("fk") fk_alg = 2 if "fka" in vf else 1 if add_dk: - zs = self.gen_fk(2, self.args.dk_salt, abspath, 0, 0)[:add_dk] - ls_ret["dk"] = cgv["dk"] = zs + if vf.get("dky"): + add_dk = False + else: + zs = self.gen_fk(2, self.args.dk_salt, abspath, 0, 0)[:add_dk] + ls_ret["dk"] = cgv["dk"] = zs dirs = [] files = []