mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2026-04-12 23:32:32 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

ver-chk: tests, docs, fix -j0 jank

Browse source
This commit is contained in:
ed 2026-03-07 23:06:38 +00:00
parent c6965f0614
commit 7908d880da
6 changed files with 50 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
README.md
View file

@ -64,6 +64,7 @@ built in Norway 🇳🇴 with contributions from [not-norway](https://github.com
* [other tricks](#other-tricks)
* [searching](#searching) - search by size, date, path/name, mp3-tags, ...
* [server config](#server-config) - using arguments or config files, or a mix of both
* [update-checker](#update-checker) - sleep better at night
* [zeroconf](#zeroconf) - announce enabled services on the LAN ([pic](https://user-images.githubusercontent.com/241032/215344737-0eae8d98-9496-4256-9aa8-cd2f6971810d.png))
* [mdns](#mdns) - LAN domain-name and feature announcer
* [ssdp](#ssdp) - windows-explorer announcer
@ -1313,6 +1314,31 @@ using arguments or config files, or a mix of both:
* or if you prefer plaintext, https://copyparty.eu/helptext.txt
## update-checker
sleep better at night by telling copyparty to periodically check whether your version has a [known vulnerability](https://github.com/9001/copyparty/security/advisories)
this feature can be enabled by setting the global-option `--vc-url` to one of the following URLs; all of them provide the same information, so which one you choose is whatever
* `https://api.copyparty.eu/advisories`
* `https://api.github.com/repos/9001/copyparty/security-advisories?per_page=9`
> to see what happens when a bad version is detected, try `--vc-url https://api.copyparty.eu/advisories-test`
also consider the following options:
* global-option `--vc-age` is how often (in hours) to check that URL; default is 3
* global-option `--vc-exit` can be enabled to panic and immediately exit if a vulnerability is indicated
* if `--vc-exit` is not enabled, it just shows a warning on the controlpanel for all users with permission `a` or `A`
config file example:
```yaml
[global]
vc-url: https://api.copyparty.eu/advisories
vc-age: 3 # how many hours to wait between each check
vc-exit # emergency-exit if current version is vulnerable
```
## zeroconf
announce enabled services on the LAN ([pic](https://user-images.githubusercontent.com/241032/215344737-0eae8d98-9496-4256-9aa8-cd2f6971810d.png)) -- `-z` enables both [mdns](#mdns) and [ssdp](#ssdp)

6
contrib/podman-systemd/copyparty.conf
View file

@ -22,6 +22,12 @@
# stats, nos-dup # enable the prometheus endpoint, but disable the dupes counter (too slow)
# no-robots, force-js # make it harder for search engines to read your server
# enable version-checking by uncommenting one of the vc-url lines below;
# shows a warning-banner in the controlpanel if your version has a known vulnerability
#vc-url: https://api.github.com/repos/9001/copyparty/security-advisories?per_page=9
#vc-url: https://api.copyparty.eu/advisories
vc-exit # panic and shutdown instead of just showing the warning
[accounts]
ed: wark # username: password

9
copyparty/svchub.py
View file

@ -1244,6 +1244,13 @@ class SvcHub(object):
except:
raise Exception("invalid --mv-retry [%s]" % (self.args.mv_retry,))
if self.args.vc_url:
zi = max(1, int(self.args.vc_age))
if zi < 3 and "api.copyparty.eu" in self.args.vc_url:
zi = 3
self.log("vc-age too low for copyparty.eu; will use 3 hours")
self.args.vc_age = zi
al.js_utc = "false" if al.localtime else "true"
al.tcolor = al.tcolor.lstrip("#")
@ -1855,7 +1862,7 @@ class SvcHub(object):
self.log("ver-chk", t % (S_VERSION, zs), 1)
self.broker.say("httpsrv.set_bad_ver")
if self.args.vc_exit:
self.shutdown()
self.sigterm()
return
else:
t = "%sok; v%s and newer is safe"

6
docs/examples/docker/basic-docker-compose/copyparty.conf
View file

@ -22,6 +22,12 @@
# stats, nos-dup # enable the prometheus endpoint, but disable the dupes counter (too slow)
# no-robots, force-js # make it harder for search engines to read your server
# enable version-checking by uncommenting one of the vc-url lines below;
# shows a warning-banner in the controlpanel if your version has a known vulnerability
#vc-url: https://api.github.com/repos/9001/copyparty/security-advisories?per_page=9
#vc-url: https://api.copyparty.eu/advisories
vc-exit # panic and shutdown instead of just showing the warning
[accounts]
ed: wark # username: password

3
docs/versus.md
View file

@ -319,7 +319,7 @@ symbol legend,
| speed throttle | | █ | █ | | | █ | | | █ | | | █ | |
| anti-bruteforce | █ | █ | █ | █ | █ | | | | • | | | █ | • |
| dyndns updater | | █ | █ | | | | | | | | | | |
| self-updater | | | █ | | | | | | | | | | █ |
| self-updater | | | █ | | | | | | | | | | █ |
| log rotation | █ | | █ | █ | █ | | | • | █ | | | █ | • |
| upload tracking / log | █ | █ | • | █ | █ | | | █ | █ | | | | █ |
| prometheus metrics | █ | | | █ | | | | | | | | █ | |
@ -343,6 +343,7 @@ symbol legend,
* can hot-reload config files (with just a few exceptions)
* can set per-folder permissions if that folder is made into a separate volume, so there is configuration overhead
* `index.html` on its own does not prevent directory listing, but permission `h` (instead of `r`) enforces index.html to be returned instead of folder contents
* [update-checker](https://github.com/9001/copyparty/#update-checker) can check if the current version has a known vulnerability and immediately exit/shutdown, but automatic self-updating is **not** available
* [event hooks](https://github.com/9001/copyparty/tree/hovudstraum/bin/hooks) ([discord](https://user-images.githubusercontent.com/241032/215304439-1c1cb3c8-ec6f-4c17-9f27-81f969b1811a.png), [desktop](https://user-images.githubusercontent.com/241032/215335767-9c91ed24-d36e-4b6b-9766-fb95d12d163f.png)) inspired by filebrowser, as well as the more complex [media parser](https://github.com/9001/copyparty/tree/hovudstraum/bin/mtag) alternative
* upload history can be visualized using [partyjournal](https://github.com/9001/copyparty/blob/hovudstraum/bin/partyjournal.py)
* `k`/filegator remarks:

3
tests/util.py
View file

@ -164,7 +164,7 @@ class Cfg(Namespace):
ex = "ctl_re db_act forget_ip idp_cookie idp_store k304 loris no304 nosubtle qr_pin qr_wait re_maxage rproxy rsp_jtr rsp_slp s_wr_slp snap_wri theme themes turbo u2ow zipmaxn zipmaxs"
ka.update(**{k: 0 for k in ex.split()})
ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico fika ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr1 shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vname xff_src zipmaxt R RS SR"
ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico fika ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr1 shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vc_url vname xff_src zipmaxt R RS SR"
ka.update(**{k: "" for k in ex.split()})
ex = "apnd_who ban_403 ban_404 ban_422 ban_pw ban_pwc ban_url dont_ban cachectl http_vary rcm rss_fmt_d rss_fmt_t spinner"
@ -299,6 +299,7 @@ class VHttpSrv(object):
self.hub = None
self.broker = NullBroker(args, asrv)
self.bad_ver = False
self.prism = None
self.ipr = None
self.bans = {}