mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2026-04-12 23:32:32 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
4558 commits 4 branches 377 tags 31 MiB
Commit graph

3546 commits

Author SHA1 Message Date
ed ff2200ff85 v1.20.6 2026-01-31 20:01:36 +00:00
ed 0a41d0c03b shares: require at least one permission 2026-01-31 19:57:48 +00:00
ed 72224d29d6 allow X-Forwarded-HTTP-Version; 
the request-header safeguard added in v1.20.5 was too strict
 2026-01-31 19:11:16 +00:00
ed 95b827f1a5 shares: add get perm (closes #1264); 
option was available in ui but never implemented serverside
 2026-01-31 18:06:22 +00:00
ed e2dc6d33bf v1.20.5 2026-01-30 21:45:16 +00:00
ed 9c14972da6 ctrl-c also copies links to clipboard; closes #1182 2026-01-30 20:39:48 +00:00
ed 08b0abdbdd small optimizations 2026-01-30 20:08:29 +00:00
ed ed6a8d5a73 optimize CL/TE check; 
replace the heavyhanded connection:close added in b4fddbc3d
with a comparison of content-length to num bytes consumed

this approach also covers incorrectly configured servers
where the reverseproxy was not detected

also adds explicit TE/CL handling, even though most
(all?) reverseproxies already prevent such issues

also adds explicit sanchk of up2k chunk-receiver,
in case any bugs are ever added there
 2026-01-30 20:06:02 +00:00
Skye 73d06eaf84
add support for GraalPy (#1260) 
Co-authored-by: ed <s@ocv.me>
 2026-01-30 17:49:02 +00:00
stackxp 22cdc0f8c9
remove nth and fix nih description (#1257) 
Co-authored-by: ed <s@ocv.me>
 2026-01-29 18:28:21 +00:00
ed 2f57228fd4 webdeps: vendor busy.mp3 (#1252); 
mainly with reproducible builds in mind,
and after all it's only 106 bytes
 2026-01-26 23:34:06 +00:00
ed b6bf6d5f7a shares: fix lifetime-extend; closes #1248 2026-01-25 21:40:16 +00:00
ed 24141b494b another request-smuggling failsafe; 
could concievably help when behind a buggy reverseproxy
 2026-01-25 21:38:18 +00:00
ed 8e046fb6a8 webdav: fix macos-finder connect delay (closes #1242); 
if both `quota-available-bytes` and `quotaused` are ignored
(not even returned as 404), then macos Finder is able to
connect instantly, avoiding this longstanding bug in macos

the presence of `quotaused` is the trigger for this logic, which
is a property apple invented and only apple uses, meaning we can
safely break the webdav spec as required in this case

thx @freddyheppell for the observation
 2026-01-25 16:35:15 +00:00
Josh Willox 296362fc84
webdav: x-oc-mtime as float (#1240); closes #1239 2026-01-25 16:31:45 +00:00
ed b20d32593e prism: change language subset; 
* add nasm (+0.3 K)
* rm autohotkey (-3.8 K)
* rm cmake (-4.0 K)
 2026-01-25 16:26:23 +00:00
000yesnt 69fa1d10bc
update Portuguese translation (#1245) 
* portuguese tl: verify and adjust strings
* portuguese tl: fix newlines
* portuguese tl: change rc_zip wording
 2026-01-25 16:25:30 +00:00
ed 5c4ba376a0 fix ie11 spinlock in write-only folders 2026-01-25 00:25:24 +00:00
ed bef30ac04d webdeps: vendor asmcrypto.js; 
npm is no longer able to build it, and the build output
never changed since copyparty v0.11.20 (2021-06-20) /
asmcrypto 2821dd1dedd1196c378f5854037dda5c869313f3 (2018-12-02)

one final pass of reasonable size-golfing was done by hand

deflated with pigz -11 -I250
 2026-01-25 00:22:54 +00:00
ed c249ee457b v1.20.4 2026-01-23 00:55:08 +00:00
ed b4fddbc3d2 no keepalive when request is proxied; 
consider each request individually
rather than the previous general approach
 2026-01-23 00:46:05 +00:00
ed 81e5eb7b27 shares: lan button; closes #1232 2026-01-23 00:31:13 +00:00
/dev/urandom 1142ac2563
Esperanto translation update (#1229) 
Important changes:

The "shift" key is called "MAJ" (short for "majuskla" for "uppercase") in the translation, so the new lines have been updated.

"beligi json" is technically a valid string, but the "-on" ending could be confused for a grammatical ending, with the whole string being interpreted as "beautify javascript" instead, so instead "JSON" is capitalized and another "on" ending is added.

A few commas are added for readability.

Signed-off-by: /dev/urandom <53902042+slashdevslashurandom@users.noreply.github.com>
 2026-01-23 00:14:30 +00:00
Diego Passos Couto ffca67f25a
rcm: new file/folder in gridview (#1235) 
enables creation of files/folders in grid-view

---------

Co-authored-by: ed <s@ocv.me>
 2026-01-23 00:06:11 +00:00
ed e1eff21623 no keepalive when proxied (#1231); 
might help prevent desync
 2026-01-22 23:54:42 +00:00
ed c41ee3fc27 v1.20.3 2026-01-21 05:05:50 +00:00
ed 6dcb1efb7c add ?smsg 2026-01-21 04:55:50 +00:00
ed 0a3a80725a fix jumpvol ?ls v2 
the missing part of 66750391ae
 2026-01-21 03:24:00 +00:00
ed ba67b27946 no racing 2026-01-21 03:19:41 +00:00
ed b4df8fa23c multipart-parser correctness (closes #1227); 
makes it possible to login from the webbrowser dillo;

* unlike every other browser, dillo does NOT send a trailing "\r\n"
   after the terminating "--"; turns out that dillo got this right
   and every other browser didn't, fun

* dillo announces the boundary in quotes, which is spec-optional

the multipart-parser is now 2% slower
 2026-01-21 03:19:32 +00:00
ed cab9feb225 v1.20.2 2026-01-19 01:26:37 +00:00
ed e752005543 rcm: config sets defaults; 
also rename ren/rdb to reduce probability of
localstorage conflicts with other softwares
 2026-01-19 00:28:00 +00:00
ed 206b1752e6 mtl new strings 2026-01-19 00:09:55 +00:00
ed df8b395380 ( ´_ゝ`) 2026-01-18 23:22:13 +00:00
ed c17c3be008 wo_up_readme according to volflags; 
now that the filenames of logues/readmes can be customized,
match against the configured names rather than the defaults
 2026-01-18 23:10:11 +00:00
ed 22b9c283d1 dsel: boomer-proofing 
s/boomer/ed/
 2026-01-18 22:22:40 +00:00
ed 60ceea4b42 add nospawn, assert_root 2026-01-18 22:15:34 +00:00
ed 826e84c8ec add --flo (logfile format) 2026-01-18 21:03:43 +00:00
ed d925553810 override domain for uploads (closes #255); 
`up-site` will override the scheme and domain (https://example.com/)
in the links to newly uploaded files, making it possible to upload a
file from a LAN IP while obtaining an external URL in return
 2026-01-18 00:30:46 +00:00
ed 41d3bae929 override domain for shares (closes #1211); 
`shr-site` will override the scheme and domain (https://example.com/)
in the link to a newly created share, making it possible to create a
share from a LAN IP while obtaining an external URL in return

---------

Co-authored-by: mechabubba <stevenvanniisprettycool@gmail.com>
 2026-01-17 23:58:57 +00:00
stackxp ffb2560322
rcm: add share options (#1216) 2026-01-17 23:24:53 +00:00
ed 40fb263097 rephrase "see serverlog" 2026-01-17 20:35:06 +00:00
ed 4e67b467a9 don't mkdir jumpvol realpath 2026-01-17 20:23:31 +00:00
exci 72c59405e7
dsel: fix bugs, improve selection (#1214) 
* additive/subtractive select (hold shift/alt while releasing LMB)
* mobile support
 2026-01-16 21:17:01 +00:00
ed 5d7cf80ff0 dsel: default on desktop + ie11 2026-01-16 01:11:26 +00:00
exci 3e3228e0f6
add drag-selection to gridview (#1212) 2026-01-16 00:52:19 +00:00
ed 930e864239 idxh: ensure trailing slash 2026-01-15 22:56:10 +00:00
ed bef07720d9 dedup: use chmod/chown volflags; closes #1203 2026-01-15 19:19:27 +00:00
hackysphere d32704ed37
rcm: search-results fix (#1206) 
* fix: show rcm on empty space and make search header not selectable

---------

Co-authored-by: ed <s@ocv.me>
 2026-01-15 08:39:03 +00:00
hackysphere 04f612ff63
rcm in search results; closes #1202 (#1198) 
* fix: make right-click menu work in search view
* fix: allow for markdown files to be opened in viewer when in search view

---------

Co-authored-by: ed <s@ocv.me>
 2026-01-14 23:53:07 +00:00
ed 66750391ae fix jumpvol ?ls 2026-01-14 23:46:35 +00:00
ed c46cd7f57a add html id for css; closes #1200 2026-01-13 20:38:46 +00:00
ed 8240ef6151 index xattrs as tags; closes #134 2026-01-13 02:50:32 +00:00
ed bc24604a83 dl-button: skip folders (would give html) 2026-01-12 18:46:47 +00:00
ed 266489113a fix unlistc* for filevols 2026-01-12 18:06:05 +00:00
ed caf831fc28 fix ipu nullmapping; closes #1191 
regression added in v1.19.21 / 79e1078671
 2026-01-11 17:10:16 +00:00
stackxp 25a8b96fd1
rcm: add rename, some fixes (#1184) 
Signed-off-by: stackxp <170874486+stackxp@users.noreply.github.com>
 2026-01-11 16:45:39 +01:00
ed 7357d46f43 http415 on failed transcode; closes #1179 2026-01-10 22:38:23 +00:00
ed 3aebfabd5c mtag: truncate stderr 2026-01-10 22:16:50 +00:00
ed ecd4fcc1b3 v1.20.1 2026-01-09 00:52:35 +00:00
ed 738a419b2b append: only allow with reflink or !dedup; 
un-dedup of target file is likely too expensive, and
relying on up2k.db to do it conditionally too dangerous
 2026-01-09 00:29:44 +00:00
ed 3a16d3461d rcm: fix copy-link filekeys 2026-01-08 23:29:58 +00:00
ed 3a52096205 octalize 2026-01-08 23:27:59 +00:00
ed 87a5c22a34 per-protocol ip binds; closes #1176 2026-01-07 23:27:03 +00:00
ed 7d6e59f347 enable japanese translation 2026-01-07 22:35:12 +00:00
tkymmm b918b592ca
Add Japanese translation (#1174) 
Signed-off-by: tkymmm <136296842+tkymmm@users.noreply.github.com>
 2026-01-07 22:32:02 +00:00
ed cbeb439ad2 mtl new strings 2026-01-07 22:25:45 +00:00
ed 2f4a30b620 sftp: fix default chmod (#1170) 2026-01-07 21:40:07 +00:00
ed 6c41bac6d2 sftp: fix nested write-only folders (could not browse) 2026-01-07 21:34:50 +00:00
ed 8c9e1016de sftp: allow ENOENT from rm (closes #1170); 
some sftp clients will try to rm a file before creating it,
expecting ENOENT even in write-only folders
 2026-01-07 20:58:23 +00:00
ed 9030828494 sftp: loosen stat restrictions (#1170); 
some sftp clients always expect correct stat results, even in
write-only folders, so this slight info-leak must be allowed
 2026-01-07 20:56:51 +00:00
ed 13055c6451 sftp: improve logging 2026-01-07 20:36:34 +00:00
ed 038af50777 shares: fix vmaxb 2026-01-05 18:32:39 +00:00
seaslug feabbf3e6a
rcm: gridview support (#1164) 2026-01-04 12:18:57 +00:00
ed cce1210792 v1.20.0 2026-01-02 00:07:31 +00:00
ed e55e5a4585 toggle unlist with dotfiles-button 2026-01-02 20:47:24 +00:00
ed af3f777ec9 detect browsers failing to load various js files 2026-01-02 20:16:38 +00:00
ed 80a3749238 splashpage: don't add trailing slash to filevols; 
it prevented opening the link on Windows CE 4.20
(internet explorer 4.01)
 2026-01-02 17:55:47 +00:00
ed 2f3591d036 new-file: warn on missing required .md$ 2026-01-02 16:59:18 +00:00
ed 65391a9d8c more linter fixing 2026-01-02 16:56:03 +00:00
stackxp fd141c61b5
rcm: more fixes (#1160) 
Co-authored-by: stackxp <tillijungblut@gmail.com>
 2026-01-02 15:35:53 +00:00
ed 3ee91dffad linter denoise 2026-01-02 15:23:31 +00:00
ed ec7ea30951 sftp: misc fixes + add to docker-im 2026-01-02 15:18:11 +00:00
stackxp 4e9cf95e8d
Fix right-click menu (#1159) 
Co-authored-by: stackxp <tillijungblut@gmail.com>
 2026-01-02 14:23:39 +01:00
AppleTheGolden 3bf80c8152
update german translations (#1158) 2026-01-02 12:37:54 +01:00
ed 5b89a2e3b2 config-files can extend groups 2026-01-02 01:39:51 +00:00
ed f81d80bcad option to change the "pw" header/uparam name; 
useful to force basic-auth and such
 2026-01-01 23:59:16 +00:00
ed f08cb25ccc load idp groups also for native accounts; 
previously, if a native user was authed by an idp instead of the
config password, it would not load and register the idp groups
 2026-01-01 21:50:25 +00:00
ed 7d7a1510fb download-as-zip: option to skip dotfiles 2026-01-01 21:41:11 +00:00
ed 63d8e5a033 append to existing files with PUT 2026-01-01 20:32:33 +00:00
ed ec51d3241c mtl new strings 2026-01-01 18:02:20 +01:00
ed 85639ad2cd button to skip conflicts on copy/move; closes #1124 2026-01-01 16:04:06 +01:00
ed 05a4472075 rcm: fixes; 
* reload with ?ls
* menu positioning
* close with ESC
 2026-01-01 14:33:56 +01:00
stackxp 82c496092f
Add right-click menu (#1135) 2026-01-01 13:44:55 +01:00
ed 8551472bf0 add workaround for #1147; 
certain browser-extensions can erroneously unmap modals
 2026-01-01 13:38:05 +01:00
ed d1ddcb19f5 fix dks in grid; closes #1157 2026-01-01 13:13:10 +01:00
ed 4714c2fa5a add sftp server (powered by 39c3) 2025-12-30 23:38:54 +00:00
ed 4642d32366 dedicated tcp-port for tricky webdav clients; 
there are webdav-clients (for example zotero) which fully pretend
to be a graphical webbrowser, going as far as faking the firefox
user-agent, which means they get the graphical login-page
instead of 401 (basic-authentication challenge)

these webdav-clients unfortunately also refuse to send credentials
unless they get 401'd, so until now it was impossible to connect them

the obvious solution of adding a suffix to
links in PROPFIND responses is a nonstarter;

* windows-webdav ignores the <displayname> property and shows the
   <href> as the filename, so this would show up in windows explorer
   and probably make most file operations impossible

* rclone is the opposite; ignores the <href> property (so it wouldn't
   even see the suffix) and builds its own URL from the <displayname>

so we need a new weapon:

gloabl-option dav-port makes copyparty listen on another port which
is dedicated to webdav-clients that otherwise don't look the part

global-option p-nodav is the opposite; tags a listening-port as
only accepting connections from graphical browsers, just in case

closes #1142
 2025-12-26 17:21:58 +00:00
ed 2c26aecd87 descript.ion for folders; closes #1127 2025-12-24 11:21:58 +00:00
ed d8c732469b show vmaxb instead of fs total-size (#1120) 2025-12-24 11:06:49 +00:00
ed 4c73704ce7 fix ui-notree; closes #1123 2025-12-23 22:49:04 +00:00
ed e0845b2363 use vmaxb in the web-ui too; 
also caches the volume usage to restore most of the performance lost in 511dc01615
 2025-12-23 22:11:38 +00:00
Rabid 511dc01615
webdav: reply with vmaxb as disk size (#1120) 
if vmaxb smaller than available disk space, then reply with vmaxb instead
 2025-12-23 20:06:36 +00:00
AppleTheGolden fa32e15958
up2k: add "skip if file exists" (#1128) 2025-12-23 19:08:29 +00:00
ed 2d1d295a4d windows: fix download-as-zip; 
zipfiles generated on windows were flattened
(slash was substituted with fullwidth)
 2025-12-23 10:52:50 +00:00
ed c82a3cb226 this fell off 485c60cf25 2025-12-21 17:07:58 +00:00
ed 485c60cf25 bbox: copy rotation to next pic 2025-12-21 16:06:27 +00:00
ed c0e167fd97 bbox: fix rotate w/ zoom 2025-12-21 15:34:46 +00:00
ed 7bfd370b6c mte can enable: w .up_at up_by up_ip 2025-12-20 15:54:42 +00:00
ed 1f6e811674 show perms in ?h&ls + fix unlistc* 2025-12-19 21:54:19 +00:00
ed d006cecaef v1.19.23 2025-12-17 00:14:13 +00:00
ed b6c2ec15db fix @acct without idp-h-grp; closes #1113 2025-12-17 00:01:23 +00:00
ed 0b6d2d2424 safari: workaround another apple bug (closes #1111); 
seemingly as of iOS / macos 26.1, safari started requesting
favicons -- specifically only favicons -- with the incorrect
browser context (they probably forgot to initialize something)

instead of the correct user-agent, it would send:
* iOS: NetworkingExtension/8623.1.14.10.9
* macos: com.apple.WebKit.Networking/21623.1.14.11.9

further, it would NOT send any SameSite=Strict cookies,
which the session-cookie is (for good reason)

putting these two together, safari now looks like a webdav client,
and copyparty sends the only appropriate response (http 401),
resulting in a basic-authentication popup

left with no good options, this is what we can do to mitigate:

* add a new option --ua-nodav which is a regex of user-agents
   which are definitely not webdav clients, as macos-finder still
   flipflops between WebDAVLib/1.3 and WebDAVFS/3.0.0 like normal

* use the "js=y" cookie as another flag that this is a webbrowser

merry christmas
 2025-12-16 22:38:51 +00:00
ed 8d46cf1823 login-ui password max-length hint; closes #1029 2025-12-16 21:54:36 +00:00
ed c8f3b4ef05 warning in controlpanel for rproxy misconfig 2025-12-16 21:31:32 +00:00
ed 9c64788d43 add x-forwarded-proto fallback (closes #1110); 
some reverseproxies do not include a compatible alternative to
x-forwarded-proto by default, while also lacking the option to
set custom headers

add --xf-proto-fb to set a fixed protocol to assume
 2025-12-16 21:15:44 +00:00
ed 5e1d9a58d8 simplify idp-groups with spaces 2025-12-16 21:07:09 +00:00
ed 336842192c add --ipar (reverseproxy-capable ipa); closes #1109 2025-12-16 20:38:37 +00:00
ed db38cb2f79 mtl new strings 2025-12-16 20:27:09 +00:00
ed d4a9787c6c enable vietnamese translation 2025-12-16 20:17:55 +00:00
thatfrozenfrog b60eb3f01a
add Vietnamese translation (#1080) 2025-12-16 19:52:07 +00:00
ed a3eec23cef v1.19.22 2025-12-14 23:04:36 +00:00
ed 2e7390a4c5 new-file: suggest .md rather than .txt 2025-12-14 22:19:57 +00:00
ed 56e15009c7 controlpanel: use english for untranslated strings 2025-12-14 20:14:05 +00:00
stackxp 08474dbe14
reject blank password in login ui (#1105) 
inlines css in msg.html to remove a roundtrip; response now requires
multiple tcp-packets but probably always did realistically (https)

Co-authored-by: stackxp <tillijungblut@gmail.com>
Co-authored-by: ed <s@ocv.me>
 2025-12-14 20:05:22 +00:00
ed 3bc0bf19b0 cache-control volflag; closes #964 2025-12-14 18:28:53 +00:00
ed efc6a09dd3 allow existing blank chpw.json (closes #1038); 
previously, would crash on startup if chpw.json exists and is blank,
because valid json was enforced

now allowing a blank initial file to match the behavior of sqlite
 2025-12-14 17:24:54 +00:00
ed 921954037b warn that rss requires e2d; closes #1104 2025-12-14 17:17:44 +00:00
ed fecc3fd507 rename metadata-property "date" to "tdate"; 
"date" is reserved for the last-modified-timestamp of each file

if extraction of the audio metadata property "date" was enabled
(not default), this would have collided; rename the audio prop

discovered thanks to #1053
 2025-12-14 00:15:12 +00:00
ed 5e85e3d628 rss: title/description templating; closes #1047 
also closes #1053, a PR which inspired this commit heavily
(slightly different approach for flexibility and performance)

Co-authored-by: Dawson Jeane <dawsonmjeane@gmail.com>
 2025-12-14 00:06:54 +00:00
ed 965a4a6949 logging: date format; closes #1049 2025-12-13 22:35:55 +00:00
ed 14bef85b87 custom logue/md names; closes #1068, closes #1089 2025-12-13 22:05:29 +00:00
ed 594ec39481 fix ipu with idp users; closes #1094 2025-12-13 20:09:08 +00:00
ed ba017f7b53 only use fs-legal chars in names (closes #1010); 
uploading a folder named COMPLE:X into exfat on linux would fail
because exfat behaves like windows, rejecting <>:|?*"\/

this would also fail on windows, but then due to
sanitize_fn being overly aggressive

fix this by detecting filesystem traits on startup and
also translating vpath early on windows
 2025-12-13 19:44:56 +00:00
ed 3bbed1bc46 fstab: deref fuseblk to real fs 2025-12-13 16:21:49 +00:00
ed 4b0064b209 discard rejected connection 2025-12-13 14:41:16 +00:00
ed e440578cae apply ?nosrvi to #srv_info2 too; closes #1102 2025-12-12 23:35:21 +00:00
ed 1a9d4c04d5 mediaplayer: cache now-playing tags; 
fixes copy-to-irc after navigating to another folder
 2025-12-12 22:52:18 +00:00
ed 8e2fb05ab8 audioplayer: fix preload in huge folders; 
it would skip to next folder instead of untruncating
 2025-12-12 22:29:33 +00:00
ed ca6c4deaac delete thumbnail-cache if settings change 2025-12-12 21:25:33 +00:00
ed a1cbac0252 option to set thumbnail quality (#1092); 
plus these fixes:

* adds a previously missed libvips optimization,
   giving much smaller files at the same quality

* try to align the quality-scale of each backend
   (pillow, libvips, ffmpeg) by filesize
 2025-12-12 07:51:01 +00:00
ed 1b222fb576 revert to X-Forwarded-Host being optional; 
turns out reverseproxies keeping the initial Host value is the
far more common case; requiring X-Forwarded-Host is a bad idea

partially reverts ad45de9441
 2025-12-11 22:15:46 +00:00
ed ce2eeba226 custom ban-message 2025-12-11 21:38:36 +00:00
ed ad45de9441 enforce x-forwarded-host when reverse-proxied; 
if x-forwarded-for is present, then also require
x-forwarded-host and x-forwarded-proto

avoids displaying subtly-incorrect values on the connect-page
and instead shows blatantly-incorrect values ("example.com")

the headernames x-forwarded-host and x-forwarded-proto can
be configured with global-options xf-host and xf-proto
 2025-12-11 21:32:43 +00:00
ed 7d526eaba3 fix termsz on windows 2025-12-11 16:41:55 +00:00
ed fa918228d5 wram: also prevent moves 
in addition to write-perms, also drop move-perms from ramdisks
since that is another potential source for confusion

additionally, write-access was correctly prevented, but
the ui would still indicate write permission, so fix that too
 2025-12-04 17:50:17 +00:00
ed cdffde7813 v1.19.21 2025-12-02 20:47:01 +00:00
ed d9f76882e7 md-edit: fix sbs in ff52/chrome49 2025-12-02 19:20:04 +00:00
ed 89cab5b520 textfile-viewer: add json-beautifier; closes #794 2025-12-02 17:05:21 +00:00
ed fd8c5bfcbc md-editor: add json beautifier (#794) 2025-12-02 15:54:38 +00:00