mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-19 01:42:20 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
3071 commits 4 branches 344 tags 56 MiB
Commit graph

2435 commits

Author SHA1 Message Date
ed bac733113c up2k-hasher robustness: 
webdav clients tend to upload and then immediately delete
files to test for write-access and available disk space,
so don't crash and burn when that happens
 2023-11-11 16:21:54 +00:00
ed 32ab65d7cb add cfssl to packaging + improve certgen expiration check 2023-11-11 15:30:03 +00:00
ed 736aa125a8 fix dumb 2023-11-11 13:52:06 +00:00
ed dabdaaee33 v1.9.16 2023-11-04 21:58:01 +00:00
ed 65e4d67c3e mkdir with leading slash works as expected 2023-11-04 22:21:56 +00:00
ed 4b720f4150 add more prometheus metrics; breaking changes: 
* cpp_uptime is now a gauge
* cpp_bans is now cpp_active_bans (and also a gauge)

and other related fixes:
* stop emitting invalid cpp_disk_size/free for offline volumes
* support overriding the spec-mandatory mimetype with ?mime=foo
 2023-11-04 20:32:34 +00:00
ed 2e85a25614 improve service listing 2023-11-04 10:23:37 +00:00
ed 713fffcb8e also mkdir missing intermediates, 
unless requester is a webdav client (those expect a 409)
 2023-11-03 23:23:49 +00:00
ed 8020b11ea0 improve/simplify validation/errorhandling: 
* some malicious requests are now answered with HTTP 422,
   so that they count against --ban-422
* do not include request headers when replying to invalid requests,
   in case there is a reverse-proxy inserting something interesting
 2023-11-03 23:07:16 +00:00
ed 2523d76756 windows: fix symlinks 2023-11-03 17:16:12 +00:00
ed 95566e8388 cosmetics: 
* fix toast/tooltip colors on splashpage
* properly warn if --ah-cli or --ah-gen is used without --ah-alg
* support ^D during --ah-cli
* improve flavor texts
 2023-11-03 16:52:43 +00:00
ed 76afb62b7b make each segment of links separately selectable 2023-10-25 12:21:39 +00:00
ed c07e0110f8 v1.9.15 2023-10-24 16:43:26 +00:00
ed 2808734047 drc: further reduce volume skip between songs 2023-10-24 16:38:29 +00:00
ed 1f75314463 placeholder expansion in readme and logues; closes #56 
also fixes the "scan" volflag which broke in v1.9.14
 2023-10-24 16:37:32 +00:00
ed 063fa3efde drc: fix volume jump on song change 
(in exchange for a chance of clipping, which should be fine because
all browsers appear to have a limiter on the output anyways)
 2023-10-23 09:05:31 +00:00
ed cea746377e v1.9.14 2023-10-21 14:43:11 +00:00
ed 250aa28185 v1.9.13 2023-10-21 13:14:41 +00:00
ed 5280792cd7 list existing tags even if tagscanning is disabled 2023-10-21 13:09:37 +00:00
ed 2529aa151d tersen volume listing on startup 2023-10-21 12:11:49 +00:00
ed fc658e5b9e utcfromtimestamp was deprecated and nobody told me, 
not even the deprecationwarning that got silently generated burning
20~30% of all CPU-time without actually displaying it anywhere, nice

python 3.12.0 is now only 5% slower than 3.11.6

also fixes some other, less-performance-fatal deprecations
 2023-10-20 23:41:58 +00:00
ed a4bad62b60 add clientside DRC / dynamic range compressor 2023-10-20 20:51:00 +00:00
ed e1d78d8b23 increase timeout of unfinished uploads from 6 to 24 hours 
plus make it configurable
 2023-10-20 18:31:28 +00:00
ed c7f826dbbe search by upload time 2023-10-19 23:57:27 +00:00
ed 801da8079b only 404-ban accounts with permission [gGh]: 
never bonk anyone with read-access (able to see directory-listing)
or write-only (not able to retrieve any files at all) due to
either --ban-404 or --ban-url

fixes accidental ban when webdav-uploading files which
match any of the --ban-url patterns (#55)

also default-enables --ban-404 since it is now generally safe
(even when up2k is in turbo mode), plus make turbo smart enough to
disengage when necessary
 2023-10-18 22:14:09 +00:00
ed 7d797dba3f strip filekeys from -txt- links; 
accessing the syntax hilighter using a filekey is impossible anyways
because the client expects to build its state from the folder listing
and the backend refuses to return a listing given just a filekey
 2023-10-18 20:57:53 +00:00
ed 4b5a0787ab option to show upload timestamps in directory listing; 
enable with -mte +.ip_at
or volflag mte=+.ip_at

worst-case performance impact: 18%
 2023-10-17 17:51:27 +00:00
ed ac40dccc8f v1.9.12 2023-10-15 20:06:46 +00:00
ed 9ca8154651 prefer the new TTF in pillow 10.1 + pyinstaller 6.1 fixes 2023-10-15 18:47:34 +00:00
ed db668ba491 spectrograms are never cropped; share thumbcache 2023-10-15 11:42:57 +00:00
ed edbafd94c2 avoid iphone jank: 
safari can immediately popstate when alt-tabbing back to the browser,
causing the page to load twice in parallel:

2174 log-capture ok
2295 h-repl $location
2498 h-pop $location <==
2551 sha-ok  # from initial load
 2023-10-15 11:27:27 +00:00
ed 2df76eb6e1 client decides if thumbnails should be cropped or not 
this carries some intentional side-effects; each thumbnail format will
now be stored in its own subfolder under .hist/th/ making cleanup more
effective (jpeg and webm are dropped separately)
 2023-10-15 10:21:25 +00:00
ed 9b77c9ce7d more intuitive upload/filesearch toggle: 
restore preferred mode after leaving a restricted folder
 2023-10-15 09:00:57 +00:00
ed dc2b67f155 ui-button to use upload-time instead of local last-modified 2023-10-15 08:46:23 +00:00
ed 9f32e9e11d set default sort order; --sort or volflag "sort" 2023-10-14 22:17:37 +00:00
ed 7086d2a305 ie9 support 2023-10-14 10:01:03 +00:00
ed 575615ca2d slight refactor; 7% faster, 1% more maintainable 2023-10-14 09:54:49 +00:00
ed e4001550c1 v1.9.11 2023-10-09 00:36:54 +00:00
ed e9f65be86a add cachebuster for dynamically loaded js files 2023-10-09 00:22:16 +00:00
ed acc363133f v1.9.10 2023-10-08 20:51:49 +00:00
ed 8f2d502d4d configurable printing of failed login attempts 2023-10-08 20:41:02 +00:00
ed 2ae93ad715 clear response headers for each request 2023-10-08 20:38:51 +00:00
ed e7fff77735 v1.9.9 2023-10-07 22:29:37 +00:00
ed 753e3cfbaf revert 68c6794d (v1.6.2) and fix it better: 
moving deduplicated files between volumes could drop some links
 2023-10-07 22:25:44 +00:00
ed fcc3336760 v1.9.8 2023-10-06 17:50:35 +00:00
ed 0dc3c23b42 add alternative filekey generator; closes #52 2023-10-06 13:41:22 +00:00
ed fae5a36e6f v1.9.7 2023-09-30 23:32:51 +00:00
ed fc9b729fc2 fix #51: 
* handle unexpected localstorage values
* handle unsupported --lang values
 2023-09-30 22:54:21 +00:00
ed 8620ae5bb7 fix column-hiding ux on phones: 
table header click-handler didn't cover the entire cell so it was
easy to sort the table by accident; also do not exit hiding mode
automatically since you usually want to hide several columns
(so also adjust css to make it obvious you're in hiding mode)
 2023-09-28 09:28:26 +02:00
ed cae5ccea62 v1.9.6 2023-09-23 12:15:24 +00:00
ed 3768cb4723 add chat 2023-09-23 11:34:32 +00:00
ed 0815dce4c1 ensure indexing runs with --ign-ebind-all 2023-09-22 23:20:57 +00:00
ed a62f744a18 prevent losing an out-of-volume index 
if the server is started while an external drive is not mounted,
it would drop the database because all the files are missing
 2023-09-22 23:05:07 +00:00
ed 163e3fce46 improve reverse-proxy support when containerized: 
the x-forwarded-for header would get rejected since the reverse-proxy
is not asking from 127.0.0.1 or ::1, so make this allowlist configurable
 2023-09-22 22:39:20 +00:00
ed e76a50cb9d add indexer benchmark + bump default num cores from 4 to 5 
and make the mtag deps build better on fedora
 2023-09-22 20:40:52 +00:00
ed 72fc76ef48 golf / normalize window.location 2023-09-20 22:07:40 +00:00
ed c47047c30d configurable real-ip header from reverse proxy 2023-09-20 21:56:39 +00:00
ed 3b8f66c0d5 fix a client crash when uploading from glitchy net 
prevent reattempting chunks / handshakes after an upload has completed
since that is both pointless and crashy

bugreport ocr'ed from deepfried pic (thx kipu):
stack: exec_handshake -> xhr.onload -> tasked -> exec_upload -> do_send

529226 crash: t.fobj is null; firefox 117, win64
529083 zombie handshake onerror, some.flac
529081 chunkpit onerror,, 1, another.flac
528933 retrying stuck handshake
498842 ^
464213 zombie handshake onload, some.flac
464208 ^
462858 ignoring dupe-segment error, some.flac
462766 ^
462751 ^
462667 ^
462403 ^
462316 ^
461321 zombie handshake onload, some.flac
461302 ^
461152 ^
461114 ^
461110 ^
460769 ^
459954 ^
459492 ignoring dupe-segment error, some.flac
 2023-09-20 21:25:59 +00:00
ed aa96a1acdc misc optimizations / cleanup: 
* slightly faster startup / shutdown
* forgot a jinja2 golf
* waste 4KiB changing prismjs back to gz since brotli is https-gated ;_;
* broke support for firefox<52 (non-var functions must be toplevel
   or immediately within another function), now even firefox 10 /
   centos 6 is somewhat supported again
 2023-09-17 13:02:18 +00:00
ed 91cafc2511 faster startup on windows by asking for ffmpeg.exe explicitly 
rather than just "ffmpeg" which makes windows try to open each of
ffmpeg.BAT,CMD,COM,EXE,JS,JSE,MSC,VBE,VBS,WSF,WSH one by one
(ffmpeg.js? hello??)
 2023-09-13 23:32:19 +00:00
ed 23ca00bba8 support jython and graalpy 2023-09-13 23:24:56 +00:00
ed a996a09bba v1.9.5 2023-09-09 13:36:56 +00:00
ed 18c763ac08 smb: upgrade to impacket 0.11, full user account support, 
permissions are now per-account instead of coalescing

also stops windows from freaking out if there's an offline volume
 2023-09-09 12:46:37 +00:00
ed 3d9fb753ba stuff 2023-09-08 21:42:05 +00:00
ed 714fd1811a add option to generate pax-format tar archives 
and forgot to commit the nix module
 2023-09-08 21:13:23 +00:00
ed 4364581705 fix accidental 422-ban when uploading lots of dupes 2023-09-08 19:49:29 +00:00
ed ba02c9cc12 readme fix + make hacker theme more hacker 2023-09-08 19:35:12 +00:00
ed 11eefaf968 create / edit non-markdown textfiles (if user has delete-access) 
also enables the ansi escape code parser if the text looks like ansi
 2023-09-08 18:47:31 +00:00
ed 5a968f9e47 add permission 'h': folders redirect to index.html; 
safest way to make copyparty like a general-purpose webserver where
index.html is returned as expected yet directory listing is entirely
disabled / unavailable
 2023-09-07 23:30:01 +00:00
ed 6420c4bd03 up to 2.6x faster download-as-zip 
when there's lots of files, and especially small ones
and also reduces cpu load by at least 15%
 2023-09-05 22:57:03 +00:00
ed 0f9877201b support cache directives in --css-browser, --js-browser; 
for example --css-browser=/the.css?cache=600 (seconds)
or --js-browser=/.res/the.js?cache=i (7 days)
 2023-09-03 19:50:31 +00:00
ed 9ba2dec9b2 lightbox: fix ccw rotation hotkey 2023-09-03 19:23:29 +00:00
ed cadaeeeace v1.9.4 2023-09-02 00:18:53 +00:00
ed 767696185b add ?tar=gz, ?tar=bz2, ?tar=xz with optional level; 
defaults are ?tar=gz:3, ?tar=bz2:9, ?tar=xz:1
 2023-09-01 23:44:10 +00:00
ed c1efd227b7 fix inconsistent use of symlink mtimes in database; 
on upload, dupes are by default handled by symlinking to the existing
copy on disk, writing the uploader's local mtime into the symlink mtime,
which is also what gets indexed in the db

this worked as intended, however during an -e2dsa rescan on startup the
symlink destination timestamps would be used instead, causing a reindex
and the resulting loss of uploader metadata (ip, timestamp)

will now always use the symlink's mtime;
worst-case 1% slower startup (no dhash)

this change will cause a reindex of incorrectly indexed files, however
as this has already happened at least once due to the bug being fixed,
there will be no additional loss of metadata
 2023-09-01 20:29:55 +00:00
ed a50d0563c3 instantly perform search when URL contains a raw query 2023-09-01 20:16:19 +00:00
ed 700111ffeb v1.9.3 2023-08-31 22:11:31 +00:00
ed b8adeb824a misc http correctness; 
some of this looks shady af but appears to have been harmless
(decent amount of testing came out ok)

* some location normalization happened before unquoting; however vfs
   handled this correctly so the outcome was just confusing messages
* some url parameters were double-decoded (unpost filter, move
   destinations), causing some operations to fail unexpectedly
* invalid cache-control headers could be generated,
   but not in a maliciously-beneficial way
   (there are safeguards stripping newlines and control-characters)

also adds an exception-message cleanup step to strip away the
filesystem path that copyparty's python files are located at,
in case that could be interesting knowledge
 2023-08-31 21:51:58 +00:00
ed 30cc9defcb cosmetics: 
* in case someone gets a confusing access-related error message,
  include more context in serverlogs (exact path)
* fix js console spam in search results
* same markdown line-height in viewer and browser
 2023-08-31 21:27:14 +00:00
ed 61875bd773 slightly reduce flickering during page load on chrome 2023-08-31 20:02:33 +00:00
ed 30905c6f5d add convenient debugs in case the fight is not over 2023-08-31 20:00:14 +00:00
ed 9986136dfb apple/ios/iphone: maybe fix background album playback 
good news: apple finally added support for samplerates other than
44100 for AudioContext, meaning it would now have been possible to
set non-100% volume for audio files including opus files

bad news: apple broke AudioContext in a way that makes it bug out
mediaSessions, causing lockscreen controls to become mostly useless

bad news: apple broke AudioContext additionally where it randomly
causes playback issues, blocking playback of audio files, even if
the AudioContext is sitting idle doing nothing (which is a
requirement for reliable upload speeds on other platforms)

disable AudioContext on iOS
 2023-08-31 19:57:05 +00:00
ed 1c0d978979 ios/iphone: autoreplace smart-quotes with sane quotes, 
as the iphone keyboard is not able to produce ' or "
 2023-08-31 19:29:37 +00:00
ed 0a0364e9f8 FTPd: fix py3.12 support; workaround until next release: 
run sfx twice with PYTHONPATH=/tmp/pe-copyparty.$(id -u)/copyparty/vend
 2023-08-28 00:25:33 +00:00
ed ac21fa7782 v1.9.2 2023-08-26 21:16:30 +00:00
ed c1c8dc5e82 ok lets try that again 2023-08-26 19:07:23 +00:00
ed 5a38311481 mark offline volumes in directory tree sidebar 2023-08-26 19:00:46 +00:00
ed 9f8edb7f32 make markdown slightly safer without the nohtml volflag 
by running dompurify after marked.parse if plugins are not enabled;
adds no protection against the more practical approach of just
putting a malicious <script> in an html file and uploading that,
but one footgun less is one less footgun
 2023-08-26 17:37:02 +00:00
ed c5a6ac8417 persist dotfile preference as cookie for initial listing 2023-08-26 15:50:57 +00:00
ed 50e01d6904 add more autoban triggers: 
* --ban-url: URLs which 404 and also match --sus-urls (bot-scan)
* --ban-403: trying to access volumes that dont exist or require auth
* --ban-422: invalid POST messages, fuzzing and such
* --nonsus-urls: regex of 404s which  shouldn't trigger --ban-404

in may situations it makes sense to handle this logic inside copyparty,
since stuff like cloudflare and running copyparty on another physical
box than the nginx frontend is on becomes fairly clunky
 2023-08-26 13:52:24 +00:00
ed 9b46291a20 add option to force-disable turbo, 
making it safer to enable --ban-404
(u2c can still get banned inadvertently)
 2023-08-26 13:19:38 +00:00
ed f7ceae5a5f add filetable range-select with shift-pgup/pgdn, 
and retain file selection cursor when lazyloading more files
 2023-08-25 19:34:37 +00:00
ed c9492d16ba fix textfile navigation hotkeys (broke in 5d13ebb4) 2023-08-25 18:41:45 +00:00
ed 9fb9ada3aa dont whine about inaccessible root on rootless configs, 
and make it easier for on403 to invoke the homepage-redirect
 2023-08-25 18:33:15 +00:00
ed db0abbfdda typo 2023-08-21 00:05:39 +00:00
ed 4444f0f6ff v1.9.1 2023-08-20 23:38:42 +00:00
ed cafe53c055 v1.9.0 2023-08-20 22:02:40 +00:00
ed 7673beef72 actually impl --mc-hop (and improve --zm-spam) 2023-08-20 21:27:28 +00:00
ed b28bfe64c0 explain apple bullshit 2023-08-20 22:09:00 +02:00
ed 135ece3fbd immediately allow uploading an interrupted and 
deleted incomplete upload to another location
 2023-08-20 19:16:35 +00:00
ed bd3640d256 change to openmetrics 2023-08-20 18:50:14 +00:00
ed fc0405c8f3 add prometheus metrics; closes #49 2023-08-20 17:58:06 +00:00
ed 8341041857 mdns: option to ignore spec to avoid issues on 
networks where clients have multiple IPs of which some are subnets that
the copyparty server is not
 2023-08-19 21:45:26 +00:00
ed 1b7634932d tar/zip-download: add opus transcoding filter 2023-08-19 19:40:46 +00:00
ed 48a3898aa6 suggest enabling the database on startup 2023-08-16 19:57:19 +00:00
ed 5d13ebb4ac avoid firefox-android quirk(?): 
when repeatedly tapping the next-folder button, occasionally it will
reload the entire page instead of ajax'ing the directory contents.

Navigation happens by simulating a click in the directory sidebar,
so the incorrect behavior matches what would happen if the link to the
folder didn't have its onclick-handler attached, so should probably
double-check if there's some way for that to happen

Issue observed fairly easily in firefox on android, regardless if
copyparty is running locally or on a server in a different country.
Unable to reproduce with android-chrome or desktop-firefox

Could also be due to an addon (dark-reader, noscript, ublock-origin)

anyways, avoiding this by doing the navigation more explicitly
 2023-08-16 19:56:47 +00:00
ed 015b87ee99 performance / cosmetic: 
* js: use .call instead of .bind when possible
* when running without e2d, the message on startup regarding
  unfinished uploads didn't show the correct filesystem path
 2023-08-16 19:32:43 +00:00
ed 0a48acf6be limit each column of the files table to screen width 2023-08-16 03:55:53 +00:00
ed 2b6a3afd38 fix iOS randomly increasing fontsize of some things: 
* links which are wider than the display width
* probably input fields too
 2023-08-16 03:47:19 +00:00
ed 18aa82fb2f make browser resizing smoother / less expensive 2023-08-15 16:55:19 +00:00
ed f5407b2997 docker: persist autogenerated seeds, disable certgen, and 
mention how to run the containers with selinux enabled
* assumes that a /cfg docker volume is provided
 2023-08-15 15:07:33 +00:00
ed 474d5a155b android's got hella strict filename rules 2023-08-15 06:46:57 +02:00
ed 4f80e44ff7 option to exactly specify browser title prefix 2023-08-15 03:17:01 +02:00
ed 406e413594 hint at additional context in exceptions 2023-08-15 01:42:13 +02:00
ed bee26e853b show server hostname in html titles: 
* --doctitle defines most titles, prefixed with "--name: " by default
* the file browser is only prefixed with the --name itself
* --nth ("no-title-hostname") removes it
* also removed by --nih ("no-info-hostname")
 2023-08-14 23:50:13 +02:00
ed 04a1f7040e adjustable timestamp resolution in log messages 2023-08-14 17:22:22 +02:00
ed f9d5bb3b29 support upload by dragdrop from other browser windows, 
hello from LO484 https://ocv.me/stuff/aircode.jpg
 2023-07-28 21:43:40 +02:00
ed 999ee2e7bc v1.8.8 2023-07-25 15:50:48 +00:00
ed 1ff7f968e8 fix tls-cert regeneration on windows 2023-07-25 15:27:27 +00:00
ed 3966266207 remember ?edit and trailing-slash during login redirect 2023-07-25 15:14:47 +00:00
ed d03e96a392 html5 strips the first leading LF in textareas; stop it 2023-07-25 14:16:54 +00:00
ed 4c843c6df9 fix md-editor lastmod cmp when browsercache is belligerent 2023-07-25 14:06:53 +00:00
ed 0896c5295c range-select fixes: 
* dont crash when shiftclicking between folders
* remember origin when lazyloading more files
 2023-07-25 14:06:31 +02:00
ed d0aa20e17c v1.8.7 2023-07-23 15:43:38 +00:00
ed 1a658dedb7 fix infinite playback spin on servers with one single file 2023-07-23 14:52:42 +00:00
ed 8d376b854c this is the wrong way around 2023-07-23 14:10:23 +00:00
ed 490c16b01d be even stricter with ?hc 2023-07-23 13:23:52 +00:00
ed 2437a4e864 the CVE-2023-37474 fix was overly strict; loosen 2023-07-23 11:31:11 +00:00
ed 007d948cb9 fix GHSA-f54q-j679-p9hh: reflected-XSS in cookie-setters; 
it was possible to set cookie values which contained newlines,
thus terminating the http header and bleeding into the body.

We now disallow control-characters in queries,
but still allow them in paths, as copyparty supports
filenames containing newlines and other mojibake.

The changes in `set_k304` are not necessary in fixing the vulnerability,
but makes the behavior more correct.
 2023-07-23 10:55:08 +00:00
ed 9eaa9904e0 v1.8.6 2023-07-21 00:36:37 +00:00
ed 0778da6c4d fix GHSA-cw7j-v52w-fp5r: reflected-XSS through /?hc 2023-07-21 00:35:43 +00:00
ed 1441ccee4f v1.8.4 2023-07-18 07:46:22 +00:00
ed 3dcc386b6f v1.8.3 2023-07-16 22:00:04 +00:00
ed 5aa54d1217 shift/ctrl-click improvements: 
* always enable shift-click selection in list-view
* shift-clicking thumbnails opens in new window by default as expected
* enable shift-select in grid-view when multiselect is on
* invert select when the same shift-select is made repeatedly
 2023-07-16 18:15:56 +00:00
ed 88b876027c option to range-select files with shift-click; closes #47 
also restores the browser-default behavior of
opening links in a new tab with CTRL / new window with SHIFT
 2023-07-16 14:05:09 +00:00
ed f2f5e266b4 support listing uploader IPs in d2t volumes 2023-07-15 18:50:35 +00:00
ed e17bf8f325 require the new admin permission for the admin-panel 2023-07-15 18:39:41 +00:00
ed 85a637af09 v1.8.2 2023-07-14 15:58:39 +00:00
ed 043e3c7dd6 fix traversal vulnerability GHSA-pxfv-7rr3-2qjg: 
the /.cpr endpoint allowed full access to server filesystem,
unless mitigated by prisonparty
 2023-07-14 15:55:49 +00:00
ed 8f59afb159 fix another race (unpost): 
unposting could collide with most other database-related activities,
causing one or the other to fail.
luckily the unprotected query performed by the unpost API happens to be
very cheap, so also the most likely to fail, and would succeed upon a
manual reattempt from the UI.
even in the worst case scenario, there would be no unrecoverable damage
as the next rescan would auto-repair any resulting inconsistencies.
 2023-07-14 15:21:14 +00:00
ed 77f1e51444 fix unlikely race (e2tsr): 
if someone with admin rights refreshes the homepage exactly as the
directory indexer decides to `_drop_caches`, the indexer thread would
die and the up2k instance would become inoperable...
luckily the probability of hitting this by chance is absolutely minimal,
and the worst case scenario is having to restart copyparty if this
happens immediately after startup; there is no risk of database damage
 2023-07-14 15:20:25 +00:00
ed 22fc4bb938 add event-hook for banning users 2023-07-13 22:29:32 +00:00
ed 50c7bba6ea volflag "nohtml" to never return html or rendered markdown from potentially unsafe volumes 2023-07-13 21:57:52 +00:00
ed 551d99b71b add permission "a" to show uploader IPs (#45) 2023-07-12 21:36:55 +00:00
ed b54b7213a7 more thumbnailer configs available as volflags: 
--th-convt = convt
--th-no-crop = nocrop
--th-size = thsize
 2023-07-11 22:15:37 +00:00
ed a10cad54fc v1.8.1 2023-07-07 22:20:01 +00:00
ed 8568b7702a add pillow10 support + improve text rendering 2023-07-07 22:13:04 +00:00
ed 5d8cb34885 404/403 can be handled with plugins 2023-07-07 21:33:40 +00:00
ed 8d248333e8 dont disable quickedit when hashing passwords interactively 2023-07-07 18:29:30 +00:00
ed 99e2ef7f33 ux: fix tabs clipping in fedora-ff, hackertheme up2k flags 2023-07-07 18:24:58 +00:00
ed a0c1239246 v1.8.0 2023-06-26 00:05:12 +00:00
ed b8e851c332 cloudflare update + cosmetics: 
* toastb padding fixes scrollbar on norwegian 403 in firefox
* fix text aspect ratio in seekbaron compact toggle
* crashpage had link overlaps on homepage
 2023-06-25 23:09:29 +00:00
ed baaf2eb24d include mdns names in tls cert 2023-06-25 22:06:35 +00:00
ed e197895c10 support hashed passwords; closes #39 2023-06-25 21:50:33 +00:00
ed cb75efa05d md-editor: index file and trigger upload hooks 2023-06-20 18:11:35 +00:00
ed 8b0cf2c982 volflags to limit volume size / num files; closes #40 2023-06-19 00:42:45 +00:00
ed 10caafa34c v1.7.6 2023-06-11 08:14:45 +00:00
ed 22cc22225a v1.7.5 2023-06-11 01:32:56 +00:00
ed a00ff2b086 v1.7.4 2023-06-11 00:07:38 +00:00
ed e4acddc23b v1.7.3 2023-06-11 00:03:03 +00:00
ed 2b2d8e4e02 tls / gencert fixes 2023-06-10 23:34:34 +00:00
ed 5501d49032 prefer urandom for fk-salt unless cert.pem exists 2023-06-10 22:47:39 +00:00
ed fa54b2eec4 generate tls certs 2023-06-10 22:46:24 +00:00
ed 93a723d588 add --ansi to systemd, fix grid controls bg, 
mention folder thumbs dependency on -e2d,
improve make-sfx warnings,
update changelog
 2023-06-06 22:04:39 +00:00
ed 8ebe1fb5e8 mention cfssl.sh in the default-certificate warning, 
and improve documentation inside cfssl.sh
 2023-06-06 21:41:19 +00:00
clach04 2acdf685b1 Fix issue #33 - no color output expected when redirecting stdout 2023-06-05 01:58:49 +02:00
ed 03be26fafc improve check for type-hint support 2023-06-04 22:59:25 +00:00
ed c355f9bd91 catch common environment issues (#32): 
* error-message which explains how to run on py2 / older py3
   when trying to run from source
* check compatibility between jinja2 and cpython on startup
* verify that webdeps are present on startup
* verify that webdeps are present when building sfx
* make-sfx.sh grabs the strip-hints dependency
 2023-06-04 13:13:36 +00:00
ed 9c28ba417e option to regex-exclude files in browser listings 2023-06-02 21:54:25 +00:00
ed 705b58c741 support the NO_COLOR environment variable 
https://no-color.org/ and more importantly
https://youtu.be/biW5UVGkPMA?t=150
 2023-06-02 20:22:57 +00:00
ed 510302d667 support ftps-only; closes #30 2023-06-02 19:02:50 +00:00
ed 025a537413 add option to show thumbs by default; closes #31 2023-06-02 18:41:21 +00:00
ed 60a1ff0fc0 macos: mute select() noise on wake from suspend 2023-05-19 16:37:52 +02:00
ed 4ccfeeb2cd v1.7.2 2023-05-13 00:00:07 +00:00
ed 2cca6e0922 warn when sharing certain system locations 2023-05-12 21:38:16 +00:00
ed db51f1b063 cfg: allow trailing colon on category headers 2023-05-12 21:01:34 +00:00
ed d979c47f50 optimize clearTimeout + always shrink upload panes after completion + fix GET alignment 2023-05-12 20:46:45 +00:00
ed e64b87b99b dont hardlink symlinks (they could be relative) 2023-05-12 20:41:09 +00:00
ed deca082623 v1.7.1 2023-05-07 18:34:39 +00:00
ed 0ea8bb7c83 forgot the u2c symlink + sfx listing 2023-05-07 15:45:20 +00:00
ed 572aa4b26c rename up2k.py (client) to u2c.py 2023-05-07 15:35:56 +00:00
ed b1359f039f linter cleanup 2023-05-07 14:38:30 +00:00
ed 867d8ee49e replace setup.py with pyproject.toml + misc cleanup 2023-05-07 14:37:57 +00:00
ed 04c86e8a89 webdav: support write-only folders + force auth option 2023-05-06 20:33:29 +00:00
ed bc0cb43ef9 include usernames in request logs 2023-05-06 20:17:56 +00:00
ed 769454fdce ftpd: only log invalid passwords 2023-05-06 19:16:52 +00:00
ed 4ee81af8f6 support ';' in passwords 2023-05-06 18:54:55 +00:00
ed 8b0e66122f smoother playback cursor on short songs + optimize 2023-05-06 16:31:04 +00:00
ed b6fd555038 panic if two accounts have the same password 2023-05-05 20:24:24 +00:00
ed 1e22222c60 v1.7.0 2023-04-29 21:14:38 +00:00
ed 544e0549bc make xvol and xdev apply at runtime (closes #24): 
* when accessing files inside an xdev volume, verify that the file
   exists on the same device/filesystem as the volume root

* when accessing files inside an xvol volume, verify that the file
   exists within any volume where the user has read access
 2023-04-29 21:10:02 +00:00
ed 83178d0836 preserve empty folders (closes #23): 
* when deleting files, do not cascade upwards through empty folders
* when moving folders, also move any empty folders inside

the only remaining action which autoremoves empty folders is
files getting deleted as they expire volume lifetimes

also prevents accidentally moving parent folders into subfolders
(even though that actually worked surprisingly well)
 2023-04-29 11:30:43 +00:00
ed 138f5bc989 warn about android powersave settings on music interruption + fix eq on folder change 2023-04-29 09:31:53 +00:00
ed e4759f86ef ftpd correctness: 
* winscp mkdir failed because the folder-not-found error got repeated
* rmdir fails after all files in the folder have poofed; that's OK
* add --ftp4 as a precaution
 2023-04-28 20:50:45 +00:00
ed d71416437a show file selection summary 2023-04-27 19:33:52 +00:00
ed d3ccd3f174 v1.6.15 2023-04-26 23:00:55 +00:00
ed cb6de0387d a bit faster 2023-04-26 19:56:27 +00:00
ed abff40519d eyecandy: restore playback indicator on folder hop 2023-04-26 19:09:16 +00:00
ed 55c74ad164 30% faster folder listings (wtf...) 2023-04-26 18:55:53 +00:00
ed 673b4f7e23 option to show symlink's lastmod instead of deref; 
mainly motivated by u2cli's folder syncing in turbo mode
which would un-turbo on most dupes due to wrong lastmod

disabled by default for regular http listings
(to avoid confusion in most regular usecases),
enable per-request with urlparam lt

enabled by default for single-level webdav listings
(because rclone hits the same issue as u2cli),
can be disabled with arg --dav-rt or volflag davrt

impossible to enable for recursive webdav listings
 2023-04-26 18:54:21 +00:00
ed 33442026b8 try to discourage android from stopping playback... 
...when continuing into the next folder

accidentally introduces a neat bonus feature where the music
no longer stops while you go looking for stuff to play next
 2023-04-26 18:33:30 +00:00
ed 03193de6d0 socket read/write timeout 2023-04-24 20:04:22 +00:00
ed d88889d3fc v1.6.14 2023-04-24 06:09:44 +00:00
ed cacca663b3 v1.6.13 2023-04-23 23:05:31 +00:00
ed d5109be559 ftp: track login state isolated from pyftpdlib; 
for convenience, the password can be provided as the username
but that confuses pyftpd a little so let's do this
 2023-04-23 21:06:19 +00:00
ed d999f06bb9 volflags can be -unset 2023-04-23 21:05:29 +00:00
ed a1a8a8c7b5 configurable tls-certificate location 2023-04-23 20:56:55 +00:00
ed fdd6f3b4a6 tar/zip: use volume name as toplevel fallback 2023-04-23 20:55:34 +00:00
ed 42099baeff v1.6.12 2023-04-20 21:41:47 +00:00
ed 6acf436573 u2idx pool instead of per-socket; 
prevents running out of FDs thanks to thousands of sqlite3 sessions
and neatly sidesteps what could possibly be a race in python's
sqlite3 bindings where it sometimes forgets to close the fd
 2023-04-20 20:36:13 +00:00
ed f217e1ce71 correctly ignore multirange requests 2023-04-20 19:14:38 +00:00
ed 8f5f8a3cda expand userhomes everywhere: 
* -c
* -lo
* --hist
* hist volflag
* --ssl-log
 2023-04-14 18:55:19 +02:00
ed c8938fc033 fix ipv4 location header on dualstack 2023-04-14 14:06:44 +02:00
ed d6a0a738ce add windows example + update docs + some cosmetics 2023-04-12 22:06:44 +00:00
ed f5fe3678ee more safari-on-touchbar-macbook workarounds: 
* safari invokes pause on the mediasession
   whenever any Audio loads a new src (preload)

* ...and on some(?) seeks
 2023-04-07 23:04:01 +02:00
ed f2a7925387 avoid safari bugs on touchbar macbooks: 
* songs would play backwards
* playback started immediately on folder change
 2023-04-07 12:38:37 +02:00
ed f0000d9861 v1.6.11 2023-04-01 21:12:54 +00:00
ed 4e67516719 last.fm web-scrobbler support 2023-04-01 21:02:03 +00:00
ed 852499e296 dont panic in case of extension-injected css 2023-04-01 16:08:45 +00:00
ed 2a37e81bd8 add rclone optimization, closes #21 2023-04-01 10:21:21 +00:00
ed 854ba0ec06 add audio filter plugin thing 2023-03-31 20:20:28 +00:00
ed 209b49d771 remind sqlite we have indexes 2023-03-30 21:45:58 +00:00
ed 949baae539 integrate markdown thumbs with image gallery 2023-03-30 21:21:21 +00:00
ed 592b7d6315 gdi js 2023-03-26 02:06:49 +00:00
ed 0880bf55a1 markdown thumbnails 2023-03-26 01:53:41 +00:00
ed e2bc573e61 webdav correctness: 
* generally respond without body
   (rclone likes this)
* don't connection:close on most mkcol errors
 2023-03-23 23:25:00 +00:00
ed c01cad091e v1.6.10 2023-03-20 21:56:31 +00:00
ed eb349f339c update foldersync / rclone docs 2023-03-20 21:54:08 +00:00
ed 24d8caaf3e switch rclone to owncloud mode so it sends lastmod 2023-03-20 21:45:52 +00:00
ed 5ac2c20959 basic support for rclone sync 2023-03-20 21:17:53 +00:00
ed bb72e6bf30 support propfind of files (not just dirs) 2023-03-20 20:58:51 +00:00
ed d8142e866a accept last-modified from owncloud webdav extension 2023-03-20 20:28:26 +00:00
ed 749616d09d help iOS understand short audio files 2023-03-19 20:03:35 +00:00
ed ca04a00662 v1.6.9 2023-03-16 21:06:18 +00:00
ed 8a09601be8 url-param ?v disables index.html 2023-03-16 20:52:43 +00:00
ed 1fe0d4693e fix logues bleeding into navpane 2023-03-16 20:23:01 +00:00
ed bba8a3c6bc fix truncated search results 2023-03-16 20:12:13 +00:00
ed e3d7f0c7d5 add tooltip delay to android too 2023-03-16 19:48:44 +00:00
ed be7bb71bbc add option to show index.html instead of listing 2023-03-16 19:41:33 +00:00
ed e0c4829ec6 verify covers against db instead of fs 2023-03-15 19:48:43 +00:00
ed b0cc396bca v1.6.8 2023-03-12 16:10:07 +00:00
ed 2be2e9a0d8 index folder thumbs in db 2023-03-11 11:43:29 +00:00
ed c269b0dd91 show an error (instead of crashing) if a pic is 404 2023-03-09 22:37:12 +00:00
ed 8c3211263a keep scanning folders for more music to play 2023-03-09 22:26:41 +00:00
ed c7c6e48b1a didn't compress numbered logfiles 2023-03-09 21:59:59 +00:00
ed 974ca773be just to be extra sure 2023-03-09 21:49:29 +00:00
ed 9270c2df19 evict basic-browser from crawlers 2023-03-09 21:35:07 +00:00
ed c39c93725f v1.6.7 2023-03-05 20:18:16 +00:00
ed d00f0b9fa7 ftp: support filezilla mkdir 2023-03-05 20:18:02 +00:00
ed 01cfc70982 add example for webdav automount 2023-03-05 19:52:45 +00:00
ed e6aec189bd fix flickering toast on upload finish 2023-03-05 19:49:54 +00:00
ed c98fff1647 fix chunkpost-handshake race (affects --no-dedup only); 
a handshake arriving in the middle of the final chunk could cause
dupes to become empty -- worst case leading to loss of data
 2023-03-05 19:45:50 +00:00
ed 0009e31bd3 heavy webworker load can park the main thread of a 
background chrome tab for 10sec; piggyback some pokes off postmessage
 2023-03-02 22:35:32 +00:00
ed db95e880b2 thats not how it works 2023-02-28 22:19:06 +00:00
ed ecdec75b4e v1.6.6 2023-02-26 20:30:17 +00:00
ed 5cb2e33353 update readmes + fix typo 2023-02-26 19:22:54 +00:00
ed 43ff2e531a add deadline for filling data into a reserved filename 2023-02-26 19:13:35 +00:00
ed 1c2c9db8f0 retain upload time (but not ip) on file reindex 2023-02-26 19:09:24 +00:00
ed 7ea183baef let http thread handle upload verification plugins 2023-02-26 19:07:49 +00:00
ed ab87fac6d8 db got the wrong lastmod when linking dupes 2023-02-26 18:52:04 +00:00
ed 1e3b7eee3b dont rmdir volume top on cleanup 2023-02-26 18:28:37 +00:00
ed 4de028fc3b let controlpanel rescan button override lack of e2dsa 2023-02-26 18:27:10 +00:00
ed 604e5dfaaf improve error handling / messages 2023-02-26 18:26:13 +00:00
ed 05e0c2ec9e add xiu (batching hook; runs on idle after uploads) + 
bunch of tweaks/fixes for hooks
 2023-02-26 18:23:32 +00:00
ed 76bd005bdc cgen fixes 2023-02-21 19:42:08 +00:00
ed 5effaed352 add reminder that SSDP launches IE by default 2023-02-21 19:38:35 +00:00
ed 6deaf5c268 add jitter simlation 2023-02-20 21:34:30 +00:00
ed 14ad5916fc freebsd: fancy console listing for fetch 2023-02-19 22:14:21 +00:00
ed 1a46738649 raise edgecases (broken envs on windows) 2023-02-19 22:13:33 +00:00
ed 292ce75cc2 return to previous url after login 2023-02-19 19:58:15 +00:00
ed 96d6bcf26e if non-TLS, show warning in the login form 2023-02-17 22:49:03 +00:00
ed 49e8df25ac ie11: support back button 2023-02-17 22:21:13 +00:00
ed 6a05850f21 also undupe search hits from overlapping volumes 2023-02-17 20:48:57 +00:00
ed 6eba9feffe condense uploads listing on view change 2023-02-14 21:58:15 +00:00
ed 8adfcf5950 win10-based copyparty64.exe 2023-02-14 21:50:14 +00:00
ed dc2e2cbd4b v1.6.5 2023-02-12 14:11:45 +00:00
ed 5c12dac30f most ffmpeg builds dont support compressed modules 2023-02-12 14:02:43 +00:00
ed 641929191e fix reading smb shares on windows 2023-02-12 13:59:34 +00:00
ed cdec42c1ae v1.6.4 2023-02-11 18:02:05 +00:00
ed c48f469e39 park all clients waiting for a transcode 2023-02-11 17:23:29 +00:00
ed 44909cc7b8 print ffmpeg download url on windows 2023-02-11 17:22:24 +00:00
ed 8f61e1568c transcode chiptunes to opus; 
* new audio/MPT formats: apac bonk dfpwm ilbc it itgz itr itz mo3 mod mptm mt2 okt s3gz s3m s3r s3z xm xmgz xmr xmz xpk
* new image/PIL formats: blp dcx emf eps fits flc fli fpx im j2k j2p psd spi wmf
 2023-02-11 11:17:37 +00:00
ed dbdb9574b1 doc-browser: fix md scaling + download hotkey 2023-02-10 21:33:48 +00:00
ed 853ae6386c config load summary + safer windows defaults 2023-02-10 21:32:42 +00:00
ed a4b56c74c7 support long filepaths on win7 + misc windows fixes 2023-02-10 18:37:37 +00:00
ed d7f1951e44 fix --cgen for 'g' perms 2023-02-08 22:38:21 +00:00
ed 7e2ff9825e ensure -e2tsr takes effect by ignoring dhash 2023-02-08 22:33:02 +00:00
ed 9b423396ec better description for anonymous permissions 2023-02-07 20:12:45 +00:00
ed 781146b2fb describe all database volflags in --help-flags 2023-02-07 20:07:06 +00:00
ed 84937d1ce0 add v2 config syntax (#20) 2023-02-07 19:54:08 +00:00
ed 98cce66aa4 cgen: update set of multivalue keys 2023-02-06 07:26:23 +00:00
ed 043c2d4858 cgen: fix permissions listing 2023-02-06 07:23:35 +00:00
ed 99cc434779 add config explainer + generator (#20) 2023-02-05 22:09:17 +00:00
ed 87d835ae37 dont allow multiple volumes at the same fs-path 2023-02-05 21:16:36 +00:00
ed 4ad6e45216 only load *.conf files when including a folder 2023-02-05 00:01:10 +00:00
ed b0db14d8b0 indicate forced-randomized filenames 2023-02-04 15:18:09 +00:00
ed 2b644fa81b don't alias randomized filenames 2023-02-04 13:41:43 +00:00
ed 190ccee820 add optional version number on controlpanel 2023-02-04 13:41:34 +00:00
ed 4de61defc9 add a link exporter to the unpost ui too 2023-02-02 22:57:59 +00:00
ed 0aa88590d0 should generalize this somehow 2023-02-02 22:35:13 +00:00