misc

README.md

@@ -1215,7 +1215,7 @@ below are some tweaks roughly ordered by usefulness:
 * `--no-htp --hash-mt=0 --mtag-mt=1 --th-mt=1` minimizes the number of threads; can help in some eccentric environments (like the vscode debugger)
 * `-j` enables multiprocessing (actual multithreading) and can make copyparty perform better in cpu-intensive workloads, for example:
   * huge amount of short-lived connections
-  * really heavy traffic (downloads/uploads)
+  * simultaneous downloads and uploads saturating a 20gbps connection
   
   ...however it adds an overhead to internal communication so it might be a net loss, see if it works 4 u
 

copyparty/__main__.py

@@ -858,7 +858,7 @@ def add_safety(ap, fk_salt):
     ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="no", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (disabled by default since turbo-up2k counts as 404s)")
     ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0")
     ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [\033[32m0\033[0m]")
-    ap2.add_argument("--acao", metavar="V[,V]", type=u, default="*", help="Access-Control-Allow-Origin; list of origins (domains) to accept requests from. Default (*) allows requests from any site but will ignore cookies and http-auth (except for ?pw=hunter2)")
+    ap2.add_argument("--acao", metavar="V[,V]", type=u, default="*", help="Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [\033[32mhttps://1.2.3.4\033[0m]. Default [\033[32m*\033[0m] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives")
     ap2.add_argument("--acam", metavar="V[,V]", type=u, default="GET,HEAD", help="Access-Control-Allow-Methods; list of methods to accept from offsite ('*' behaves like described in --acao)")
 
 

copyparty/httpcli.py

@@ -346,7 +346,7 @@ class HttpCli(object):
         if zso:
             zsll = [x.split("=", 1) for x in zso.split(";") if "=" in x]
             cookies = {k.strip(): unescape_cookie(zs) for k, zs in zsll}
-            cookie_pw = cookies.get("cppws") or cookies.get("cppwd")
+            cookie_pw = cookies.get("cppws") or cookies.get("cppwd") or ""
             if "b" in cookies and "b" not in uparam:
                 uparam["b"] = cookies["b"]
         else:
@@ -652,15 +652,14 @@ class HttpCli(object):
             return True
 
         oh = self.out_headers
-        origin = re.sub(r"(:[0-9]{1,5})?/?$", "", origin.lower())
-        methods = ", ".join(self.conn.hsrv.mallow)
+        origin = origin.lower()
         good_origins = self.args.acao + [
             "{}://{}".format(
                 "https" if self.is_https else "http",
                 self.host.lower().split(":")[0],
             )
         ]
-        if origin in good_origins:
+        if re.sub(r"(:[0-9]{1,5})?/?$", "", origin) in good_origins:
             good_origin = True
             bad_hdrs = ("",)
         else:
@@ -676,7 +675,7 @@ class HttpCli(object):
         )
         if self.args.allow_csrf:
             acao = origin or acao or "*"  # explicitly permit impersonation
-            acam = ", ".join(methods)  # and all methods + headers
+            acam = ", ".join(self.conn.hsrv.mallow)  # and all methods + headers
             oh["Access-Control-Allow-Credentials"] = "true"
             good_origin = True
         else:
@@ -2031,7 +2030,13 @@ class HttpCli(object):
         else:
             lifetime = 0
 
-        return rnd, want_url, lifetime, vfs.flags.get("xbu"), vfs.flags.get("xau")
+        return (
+            rnd,
+            want_url,
+            lifetime,
+            vfs.flags.get("xbu") or [],
+            vfs.flags.get("xau") or [],
+        )
 
     def handle_plain_upload(self) -> bool:
         assert self.parser

copyparty/web/browser.js

@@ -851,7 +851,7 @@ var Ls = {
 		"u_hashdone": 'befaring ferdig',
 		"u_hashing": 'les',
 		"u_fixed": "OK!  Løste seg 👍",
-		"u_cuerr": "kunne ikke laste opp del {0} av {1};\nsikkert harmløst, fortsetter\n\nfil: {2}",
+		"u_cuerr": "kunne ikke laste opp del {0} av {1};\nsikkert greit, fortsetter\n\nfil: {2}",
 		"u_cuerr2": "server nektet opplastningen (del {0} av {1});\nprøver igjen senere\n\nfil: {2}\n\nerror ",
 		"u_ehstmp": "prøver igjen; se mld nederst",
 		"u_ehsfin": "server nektet forespørselen om å ferdigstille filen; prøver igjen...",

docs/changelog.md

@@ -1,3 +1,25 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-0112-0515  `v1.5.6`  many hands
+
+hello from warsaw airport (goodbye japan ;_;)
+* read-only demo server at https://a.ocv.me/pub/demo/
+
+## new features
+* multiple upload handshakes in parallel
+  * around **5x faster** when uploading small files
+  * or **50x faster** if the server is on the other side of the planet
+    * just crank up the `parallel uploads` like crazy (max is 64)
+* upload ui: total time and average speed is shown on completion
+
+## bugfixes
+* browser ui didn't allow specifying number of threads for file search
+* dont panic if a digit key is pressed while viewing an image
+* workaround [linux kernel bug](https://utcc.utoronto.ca/~cks/space/blog/linux/KernelBindBugIn6016) causing log spam on dualstack
+  * ~~related issue (also mostly harmless) will be fixed next relese 010770684db95bece206943768621f2c7c27bace~~ 
+    * they fixed it in linux 6.1 so these workarounds will be gone too
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2022-1230-0754  `v1.5.5`  made in japan
 

scripts/make-sfx.sh

@@ -266,6 +266,14 @@ necho() {
 		cp -p "$f2" "$f1"
 	); done
 
+	# resolve symlinks on windows
+	[ "$OSTYPE" = msys ] &&
+	(cd ..; git ls-files -s | awk '/^120000/{print$4}') |
+	while IFS= read -r x; do
+		[ $(wc -l <"$x") -gt 1 ] && continue
+		(cd "${x%/*}"; cp -p "../$(cat "${x##*/}")" ${x##*/})
+	done
+
 	# insert asynchat
 	mkdir copyparty/vend
 	for n in asyncore.py asynchat.py; do

tests/util.py

@@ -98,7 +98,7 @@ class Cfg(Namespace):
     def __init__(self, a=None, v=None, c=None):
         ka = {}
 
-        ex = "daw dav_inf dav_mac e2d e2ds e2dsa e2t e2ts e2tsr e2v e2vu e2vp ed emp force_js ihead magic nid nih no_acode no_athumb no_dav no_del no_dupe no_logues no_mv no_readme no_robots no_scandir no_thumb no_vthumb no_zip nw xdev xlink xvol"
+        ex = "daw dav_inf dav_mac e2d e2ds e2dsa e2t e2ts e2tsr e2v e2vu e2vp ed emp force_js getmod hardlink ihead magic never_symlink nid nih no_acode no_athumb no_dav no_dedup no_del no_dupe no_logues no_mv no_readme no_robots no_scandir no_thumb no_vthumb no_zip nw xdev xlink xvol"
         ka.update(**{k: False for k in ex.split()})
 
         ex = "dotpart no_rescan no_sendfile no_voldump plain_ip"
@@ -113,6 +113,9 @@ class Cfg(Namespace):
         ex = "doctitle favico html_head log_fk mth textfiles R RS SR"
         ka.update(**{k: "" for k in ex.split()})
 
+        ex = "xad xar xau xbd xbr xbu xm"
+        ka.update(**{k: [] for k in ex.split()})
+
         super(Cfg, self).__init__(
             a=a or [],
             v=v or [],
@@ -193,4 +196,5 @@ class VHttpConn(object):
         self.nbyte = 0
         self.ico = None
         self.thumbcli = None
+        self.freshen_pwd = 0.0
         self.t0 = time.time()