From 9e10af6885881d2f9d105c8870baa98b7653f87f Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Fri, 1 Oct 2021 19:51:51 +0200
Subject: [PATCH] make the 404/403 vagueness optional

---
 copyparty/__main__.py |  1 +
 copyparty/httpcli.py  | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index e38adb8c..e2d0f50d 100644
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -378,6 +378,7 @@ def run_argparse(argv, formatter):
     ap2.add_argument("--no-dot-ren", action="store_true", help="disallow renaming dotfiles; makes it impossible to make something a dotfile")
     ap2.add_argument("--no-logues", action="store_true", help="disable rendering .prologue/.epilogue.html into directory listings")
     ap2.add_argument("--no-readme", action="store_true", help="disable rendering readme.md into directory listings")
+    ap2.add_argument("--vague-403", action="store_true", help="send 404 instead of 403 (security through ambiguity, very enterprise)")
 
     ap2 = ap.add_argument_group('logging options')
     ap2.add_argument("-q", action="store_true", help="quiet")
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 0c1d5c63..7b5eaeee 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -389,7 +389,7 @@ class HttpCli(object):
         if not self.can_read and not self.can_write and not self.can_get:
             if self.vpath:
                 self.log("inaccessible: [{}]".format(self.vpath))
-                return self.tx_404()
+                return self.tx_404(True)
 
             self.uparam["h"] = False
 
@@ -1565,7 +1565,7 @@ class HttpCli(object):
 
         if not self.can_write:
             if "edit" in self.uparam or "edit2" in self.uparam:
-                return self.tx_404()
+                return self.tx_404(True)
 
         tpl = "mde" if "edit2" in self.uparam else "md"
         html_path = os.path.join(E.mod, "web", "{}.html".format(tpl))
@@ -1667,8 +1667,14 @@ class HttpCli(object):
         self.reply(html.encode("utf-8"))
         return True
 
-    def tx_404(self):
-        m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p>or maybe you don\'t have access -- try logging in or <a href="/?h">go home</a></p>'
+    def tx_404(self, is_403=False):
+        if self.args.vague_403:
+            m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p>or maybe you don\'t have access -- try logging in or <a href="/?h">go home</a></p>'
+        elif is_403:
+            m = '<h1>403 forbiddena &nbsp;~┻━┻</h1><p>you\'ll have to log in or <a href="/?h">go home</a></p>'
+        else:
+            m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p><a href="/?h">go home</a></p>'
+
         html = self.j2("splash", this=self, qvpath=quotep(self.vpath), msg=m)
         self.reply(html.encode("utf-8"), status=404)
         return True
@@ -1895,7 +1901,7 @@ class HttpCli(object):
             return self.tx_file(abspath)
 
         elif is_dir and not self.can_read and not self.can_write:
-            return self.tx_404()
+            return self.tx_404(True)
 
         srv_info = []
 
@@ -2000,7 +2006,7 @@ class HttpCli(object):
                 return True
 
             if not stat.S_ISDIR(st.st_mode):
-                return self.tx_404()
+                return self.tx_404(True)
 
             if "zip" in self.uparam or "tar" in self.uparam:
                 raise Pebkac(403)