misc tweaks

This commit is contained in:
ed 2022-06-19 16:05:48 +02:00
parent 715727b811
commit 9ad3af1ef6
4 changed files with 37 additions and 12 deletions

View file

@ -358,11 +358,13 @@ the browser has the following hotkeys (always qwerty)
* `U/O` skip 10sec back/forward * `U/O` skip 10sec back/forward
* `0..9` jump to 0%..90% * `0..9` jump to 0%..90%
* `P` play/pause (also starts playing the folder) * `P` play/pause (also starts playing the folder)
* `Y` download file
* when viewing images / playing videos: * when viewing images / playing videos:
* `J/L, Left/Right` prev/next file * `J/L, Left/Right` prev/next file
* `Home/End` first/last file * `Home/End` first/last file
* `S` toggle selection * `S` toggle selection
* `R` rotate clockwise (shift=ccw) * `R` rotate clockwise (shift=ccw)
* `Y` download file
* `Esc` close viewer * `Esc` close viewer
* videos: * videos:
* `U/O` skip 10sec back/forward * `U/O` skip 10sec back/forward
@ -989,13 +991,25 @@ when uploading files,
some notes on hardening some notes on hardening
on public copyparty instances with anonymous upload enabled: * option `-s` is a shortcut to set the following options:
* `--no-thumb` disables thumbnails and audio transcoding to stop copyparty from running `FFmpeg`/`Pillow`/`VIPS` on uploaded files, which is a [good idea](https://www.cvedetails.com/vulnerability-list.php?vendor_id=3611) if anonymous upload is enabled
* `--no-mtag-ff` uses `mutagen` to grab music tags instead of `FFmpeg`, which is safer and faster but less accurate
* `--dotpart` hides uploads from directory listings while they're still incoming
* `--no-robots` and `--force-js` makes life harder for crawlers, see [hiding from google](#hiding-from-google)
* users can upload html/css/js which will evaluate for other visitors in a few ways, * option `-ss` is a shortcut for the above plus:
* unless `--no-readme` is set: by uploading/modifying a file named `readme.md` * `--no-logues` and `--no-readme` disables support for readme's and prologues / epilogues in directory listings, which otherwise lets people upload arbitrary `<script>` tags
* if `move` access is granted AND none of `--no-logues`, `--no-dot-mv`, `--no-dot-ren` is set: by uploading some .html file and renaming it to `.epilogue.html` (uploading it directly is blocked) * `--unpost 0`, `--no-del`, `--no-mv` disables all move/delete support
* `--hardlink` creates hardlinks instead of symlinks when deduplicating uploads, which is less maintenance
* however note if you edit one file it will also affect the other copies
* `--vague-403` returns a "404 not found" instead of "403 forbidden" which is a common enterprise meme
* `--nih` removes the server hostname from directory listings
other misc: * option `-sss` is a shortcut for the above plus:
* `-lo cpp-%Y-%m%d-%H%M%S.txt.xz` enables logging to disk
* `-ls **,*,ln,p,r` does a scan on startup for any dangerous symlinks
other misc notes:
* you can disable directory listings by giving permission `g` instead of `r`, only accepting direct URLs to files * you can disable directory listings by giving permission `g` instead of `r`, only accepting direct URLs to files
* combine this with volume-flag `c,fk` to generate per-file accesskeys; users which have full read-access will then see URLs with `?k=...` appended to the end, and `g` users must provide that URL including the correct key to avoid a 404 * combine this with volume-flag `c,fk` to generate per-file accesskeys; users which have full read-access will then see URLs with `?k=...` appended to the end, and `g` users must provide that URL including the correct key to avoid a 404

View file

@ -63,7 +63,7 @@ set -e
EOF EOF
chmod 755 /usr/local/bin/chromium-browser chmod 755 /usr/local/bin/chromium-browser
# start the server (note: replace `-v.::rw:` with `-v.::r:` to disallow retrieving uploaded stuff) # start the server (note: replace `-v.::rw:` with `-v.::w:` to disallow retrieving uploaded stuff)
cd ~/Downloads; python3 copyparty-sfx.py --urlform save,get -v.::rw:c,e2d,e2t,mte=+a1:c,mtp=a1=ad,very-bad-idea.py cd ~/Downloads; python3 copyparty-sfx.py --urlform save,get -v.::rw:c,e2d,e2t,mte=+a1:c,mtp=a1=ad,very-bad-idea.py
""" """

View file

@ -64,8 +64,8 @@ class SvcHub(object):
if args.ss or args.s >= 2: if args.ss or args.s >= 2:
args.s = True args.s = True
args.no_dot_mv = True args.no_logues = True
args.no_dot_ren = True args.no_readme = True
args.unpost = 0 args.unpost = 0
args.no_del = True args.no_del = True
args.no_mv = True args.no_mv = True

View file

@ -371,7 +371,7 @@ html.dz {
--bg: #010; --bg: #010;
--bgg: var(--bg); --bgg: var(--bg);
--bg-d1: #000; --bg-d1: #000;
--bg-d2: #000; --bg-d2: #020;
--bg-d3: #000; --bg-d3: #000;
--bg-max: #000; --bg-max: #000;
@ -381,8 +381,8 @@ html.dz {
--scroll: #0f0; --scroll: #0f0;
--a: #9f9; --a: #9f9;
--a-b: #fff; --a-b: #cfc;
--a-hil: #fff; --a-hil: #cfc;
--a-dark: #afa; --a-dark: #afa;
--a-gray: #2a2; --a-gray: #2a2;
@ -458,7 +458,7 @@ html.dz {
--f-sh1: 0.33; --f-sh1: 0.33;
--f-sh2: 0.02; --f-sh2: 0.02;
--f-sh3: 0.2; --f-sh3: 0.2;
--f-h-b1: rgba(128,128,128,0.7); --f-h-b1: #3b3;
--f-play-bg: #fc5; --f-play-bg: #fc5;
--f-play-fg: #000; --f-play-fg: #000;
@ -2778,6 +2778,17 @@ html.cy #files tbody div a:last-child {
html.dz * {
border-radius: 0 !important;
}
html.d #treepar {
border-bottom: .2em solid var(--f-h-b1);
}
@media (min-width: 70em) { @media (min-width: 70em) {
#barpos, #barpos,
#barbuf { #barbuf {