v1.11.1

if building from an untagged git commit, the third value in the
VERSION tuple (in __version__.py) was a string instead of an int,
causing the version to compare and sort incorrectly

README.md

@@ -75,6 +75,7 @@ turn almost any device into a file server with resumable uploads/downloads using
     * [themes](#themes)
     * [complete examples](#complete-examples)
     * [reverse-proxy](#reverse-proxy) - running copyparty next to other websites
+        * [real-ip](#real-ip) - teaching copyparty how to see client IPs
     * [prometheus](#prometheus) - metrics/stats can be enabled
 * [packages](#packages) - the party might be closer than you think
     * [arch package](#arch-package) - now [available on aur](https://aur.archlinux.org/packages/copyparty) maintained by [@icxes](https://github.com/icxes)
@@ -357,6 +358,9 @@ upgrade notes
 * firefox refuses to connect over https, saying "Secure Connection Failed" or "SEC_ERROR_BAD_SIGNATURE", but the usual button to "Accept the Risk and Continue" is not shown
   * firefox has corrupted its certstore; fix this by exiting firefox, then find and delete the file named `cert9.db` somewhere in your firefox profile folder
 
+* the server keeps saying `thank you for playing` when I try to access the website
+  * you've gotten banned for malicious traffic! if this happens by mistake, and you're running a reverse-proxy and/or something like cloudflare, see [real-ip](#real-ip) on how to fix this
+
 * copyparty seems to think I am using http, even though the URL is https
   * your reverse-proxy is not sending the `X-Forwarded-Proto: https` header; this could be because your reverse-proxy itself is confused. Ensure that none of the intermediates (such as cloudflare) are terminating https before the traffic hits your entrypoint
 
@@ -597,7 +601,7 @@ this initiates an upload using `up2k`; there are two uploaders available:
 * `[🎈] bup`, the basic uploader, supports almost every browser since netscape 4.0
 * `[🚀] up2k`, the good / fancy one
 
-NB: you can undo/delete your own uploads with `[🧯]` [unpost](#unpost)
+NB: you can undo/delete your own uploads with `[🧯]` [unpost](#unpost) (and this is also where you abort unfinished uploads, but you have to refresh the page first)
 
 up2k has several advantages:
 * you can drop folders into the browser (files are added recursively)
@@ -1383,6 +1387,15 @@ example webserver configs:
 * [apache2 config](contrib/apache/copyparty.conf) -- location-based
 
 
+### real-ip
+
+teaching copyparty how to see client IPs  when running behind a reverse-proxy, or a WAF, or another protection service such as cloudflare
+
+if you (and maybe everybody else) keep getting a message that says `thank you for playing`, then you've gotten banned for malicious traffic. This ban applies to the IP address that copyparty *thinks* identifies the shady client -- so, depending on your setup, you might have to tell copyparty where to find the correct IP
+
+for most common setups, there should be a helpful message in the server-log explaining what to do, but see [docs/xff.md](docs/xff.md) if you want to learn more, including a quick hack to **just make it work** (which is **not** recommended, but hey...)
+
+
 ## prometheus
 
 metrics/stats can be enabled  at URL `/.cpr/metrics` for grafana / prometheus / etc (openmetrics 1.0.0)

bin/mtag/install-deps.sh

@@ -223,7 +223,10 @@ install_vamp() {
 	#   use msys2 in mingw-w64 mode
 	#   pacman -S --needed mingw-w64-x86_64-{ffmpeg,python,python-pip,vamp-plugin-sdk}
 	
-	$pybin -m pip install --user vamp
+	$pybin -m pip install --user vamp || {
+		printf '\n\033[7malright, trying something else...\033[0m\n'
+		$pybin -m pip install --user --no-build-isolation vamp
+	}
 
 	cd "$td"
 	echo '#include <vamp-sdk/Plugin.h>' | g++ -x c++ -c -o /dev/null - || [ -e ~/pe/vamp-sdk ] || {

contrib/nginx/copyparty.conf

@@ -11,6 +11,14 @@
 # (5'000 requests per second, or 20gbps upload/download in parallel)
 #
 # on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1
+#
+# if you are behind cloudflare (or another protection service),
+# remember to reject all connections which are not coming from your
+# protection service -- for cloudflare in particular, you can
+# generate the list of permitted IP ranges like so:
+#   (curl -s https://www.cloudflare.com/ips-v{4,6} | sed 's/^/allow /; s/$/;/'; echo; echo "deny all;") > /etc/nginx/cloudflare-only.conf
+#
+# and then enable it below by uncomenting the cloudflare-only.conf line
 
 upstream cpp {
 	server 127.0.0.1:3923 fail_timeout=1s;
@@ -21,7 +29,10 @@ server {
 	listen [::]:443 ssl;
 
 	server_name fs.example.com;
-	
+
+	# uncomment the following line to reject non-cloudflare connections, ensuring client IPs cannot be spoofed:
+	#include /etc/nginx/cloudflare-only.conf;
+
 	location / {
 		proxy_pass http://cpp;
 		proxy_redirect off;

contrib/package/arch/PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: icxes <dev.null@need.moe>
 pkgname=copyparty
-pkgver="1.10.2"
+pkgver="1.11.0"
 pkgrel=1
 pkgdesc="File server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++"
 arch=("any")
@@ -21,7 +21,7 @@ optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tag
 )
 source=("https://github.com/9001/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz")
 backup=("etc/${pkgname}.d/init" )
-sha256sums=("001be979a0fdd8ace7d48cab79a137c13b87b78be35fc9633430f45a2831c3ed")
+sha256sums=("95f39a239dc38844fc27c5a1473635d07d8907bc98679dc79eb1de475e36fe42")
 
 build() {
     cd "${srcdir}/${pkgname}-${pkgver}"

contrib/package/nix/copyparty/pin.json

@@ -1,5 +1,5 @@
 {
-    "url": "https://github.com/9001/copyparty/releases/download/v1.10.2/copyparty-sfx.py",
-    "version": "1.10.2",
-    "hash": "sha256-O9lkN30gy3kwIH+39O4dN7agZPkuH36BDTk8mEsQCVg="
+    "url": "https://github.com/9001/copyparty/releases/download/v1.11.0/copyparty-sfx.py",
+    "version": "1.11.0",
+    "hash": "sha256-MkNp+tI/Pl5QB4FMdJNOePbSUPO1MHWJLLC7gNh9K+c="
 }

copyparty/__main__.py

@@ -1122,6 +1122,7 @@ def add_safety(ap):
     ap2.add_argument("--ban-url", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m sus URL's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; applies only to permissions g/G/h (decent replacement for \033[33m--ban-404\033[0m if that can't be used)")
     ap2.add_argument("--sus-urls", metavar="R", type=u, default=r"\.php$|(^|/)wp-(admin|content|includes)/", help="URLs which are considered sus / eligible for banning; disable with blank or [\033[32mno\033[0m]")
     ap2.add_argument("--nonsus-urls", metavar="R", type=u, default=r"^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known", help="harmless URLs ignored from 404-bans; disable with blank or [\033[32mno\033[0m]")
+    ap2.add_argument("--early-ban", action="store_true", help="if a client is banned, reject its connection as soon as possible; not a good idea to enable when proxied behind cloudflare since it could ban your reverse-proxy")
     ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for \033[33mMIN\033[0m minutes (and also kill its active connections) -- disable with 0")
     ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for \033[33mB\033[0m minutes; disable with [\033[32m0\033[0m]")
     ap2.add_argument("--acao", metavar="V[,V]", type=u, default="*", help="Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [\033[32mhttps://1.2.3.4\033[0m]. Default [\033[32m*\033[0m] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives")

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 11, 0)
+VERSION = (1, 11, 1)
 CODENAME = "You Can (Not) Proceed"
-BUILD_DT = (2024, 3, 15)
+BUILD_DT = (2024, 3, 18)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/httpcli.py

@@ -228,7 +228,7 @@ class HttpCli(object):
             "Cache-Control": "no-store, max-age=0",
         }
 
-        if self.is_banned():
+        if self.args.early_ban and self.is_banned():
             return False
 
         if self.conn.ipa_nm and not self.conn.ipa_nm.map(self.conn.addr[0]):
@@ -323,9 +323,7 @@ class HttpCli(object):
                         if "." in pip
                         else ":".join(pip.split(":")[:4]) + ":"
                     ) + "0.0/16"
-                    zs2 = (
-                        ' or "--xff-src=lan"' if self.conn.hsrv.xff_lan.map(pip) else ""
-                    )
+                    zs2 = ' or "--xff-src=lan"' if self.conn.xff_lan.map(pip) else ""
                     self.log(t % (self.args.xff_hdr, pip, cli_ip, zso, zs, zs2), 3)
                 else:
                     self.ip = cli_ip
@@ -496,9 +494,7 @@ class HttpCli(object):
                             else ":".join(pip.split(":")[:4]) + ":"
                         ) + "0.0/16"
                         zs2 = (
-                            ' or "--xff-src=lan"'
-                            if self.conn.hsrv.xff_lan.map(pip)
-                            else ""
+                            ' or "--xff-src=lan"' if self.conn.xff_lan.map(pip) else ""
                         )
                         self.log(t % (pip, idp_usr, idp_grp, zs, zs2), 3)
 
@@ -3605,8 +3601,6 @@ class HttpCli(object):
         return ret
 
     def tx_ups(self) -> bool:
-        have_unpost = self.args.unpost and "e2d" in self.vn.flags
-
         idx = self.conn.get_u2idx()
         if not idx or not hasattr(idx, "p_end"):
             raise Pebkac(500, "sqlite3 is not available on the server; cannot unpost")
@@ -3630,8 +3624,14 @@ class HttpCli(object):
         )
         uret = x.get()
 
-        allvols = self.asrv.vfs.all_vols if have_unpost else {}
-        for vol in allvols.values():
+        if not self.args.unpost:
+            allvols = []
+        else:
+            allvols = list(self.asrv.vfs.all_vols.values())
+
+        allvols = [x for x in allvols if "e2d" in x.flags]
+
+        for vol in allvols:
             cur = idx.get_cur(vol.realpath)
             if not cur:
                 continue
@@ -3683,7 +3683,7 @@ class HttpCli(object):
             for v in ret:
                 v["vp"] = self.args.SR + v["vp"]
 
-        if not have_unpost:
+        if not allvols:
             ret = [{"kinshi": 1}]
 
         jtxt = '{"u":%s,"c":%s}' % (uret, json.dumps(ret, indent=0))

copyparty/httpconn.py

@@ -55,8 +55,9 @@ class HttpConn(object):
         self.E: EnvParams = self.args.E
         self.asrv: AuthSrv = hsrv.asrv  # mypy404
         self.u2fh: Util.FHC = hsrv.u2fh  # mypy404
-        self.ipa_nm: NetMap = hsrv.ipa_nm
-        self.xff_nm: NetMap = hsrv.xff_nm
+        self.ipa_nm: Optional[NetMap] = hsrv.ipa_nm
+        self.xff_nm: Optional[NetMap] = hsrv.xff_nm
+        self.xff_lan: NetMap = hsrv.xff_lan  # type: ignore
         self.iphash: HMaccas = hsrv.broker.iphash
         self.bans: dict[str, int] = hsrv.bans
         self.aclose: dict[str, int] = hsrv.aclose

copyparty/httpsrv.py

@@ -104,7 +104,7 @@ class HttpSrv(object):
         self.t0 = time.time()
         nsuf = "-n{}-i{:x}".format(nid, os.getpid()) if nid else ""
         self.magician = Magician()
-        self.nm = NetMap([], {})
+        self.nm = NetMap([], [])
         self.ssdp: Optional["SSDPr"] = None
         self.gpwd = Garda(self.args.ban_pw)
         self.g404 = Garda(self.args.ban_404)

copyparty/tftpd.py

@@ -97,8 +97,6 @@ class Tftpd(object):
             cbak = []
             if not self.args.tftp_no_fast and not EXE:
                 try:
-                    import inspect
-
                     ptn = re.compile(r"(^\s*)log\.debug\(.*\)$")
                     for C in Cs:
                         cbak.append(C.__dict__)

docs/changelog.md

@@ -1,3 +1,82 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2024-0315-2047  `v1.11.0`  You Can (Not) Proceed
+
+this release was made possible by [stoltzekleiven, kvikklunsj, and tako](https://a.ocv.me/pub/g/nerd-stuff/2024-0310-stoltzekleiven.jpg)
+
+## new features
+
+* #62 support for [identity providers](https://github.com/9001/copyparty#identity-providers) and automatically creating volumes for each user/group ("home folders")
+  * login with passkeys / fido2 / webauthn / yubikey / ldap / active directory / oauth / many other single-sign-on contraptions
+  * [documentation](https://github.com/9001/copyparty/blob/hovudstraum/docs/idp.md) and [examples](https://github.com/9001/copyparty/tree/hovudstraum/docs/examples/docker/idp-authelia-traefik) could still use some help (I did my best)
+* #77 UI to cancel unfinished uploads (available in the 🧯 unpost tab) 3f05b665
+  * the user's IP and username must match the upload by default; can be changed with global-option / volflag `u2abort`
+* new volflag `sparse` to pretend sparse files are supported even if the filesystem doesn't 8785d2f9
+  * gives drastically better performance when writing to s3 buckets through juicefs/geesefs
+  * only for when you know the filesystem can deal with it (so juicefs/geesefs is OK, but **definitely not** fat32)
+* `--xff-src` and `--ipa` now support CIDR notation (but the old syntax still works) b377791b
+* ux:
+  * #74 option to use [custom fonts](https://github.com/9001/copyparty/tree/hovudstraum/docs/rice) 263adec7 6cc7101d 8016e671
+  * option to disable autoplay when page url contains a song hash 8413ed6d
+    * good if you're using copyparty to listen to music at the office and the office policy is to have the webbrowser automatically restart to install updates, meaning your coworkers are suddenly and involuntarily enjoying some loud af jcore while you're asleep at home
+
+## bugfixes
+
+* don't panic if cloudflare (or another reverse-proxy) decides to hijack json responses and replace them with html 7741870d
+* #73 the fancy markdown editor was incompatible with caddy (a reverse-proxy) ac96fd9c
+* media player could get confused if neighboring folders had songs with the same filenames 206af8f1
+* benign race condition in the config reloader (could only be triggered by admins and/or SIGUSR1) 096de508
+* running tftp with optimizations enabled would cause issues for `--ipa` b377791b
+* cosmetic tftp bugs 115020ba
+* ux:
+  * up2k rendering glitch if the last couple uploads were dupes 547a4863
+  * up2k rendering glitch when switching between readonly/writeonly folders 51a83b04
+  * markdown editor preview was glitchy on tiny screens e5582605
+
+## other changes
+
+* add a [sharex v12.1](https://github.com/9001/copyparty/tree/hovudstraum/contrib#sharexsxcu) config example 2527e903
+* make it easier to discover/diagnose issues with docker and/or reverse-proxy config d744f3ff
+* stop recommending the use of `--xff-src=any` in the log messages 7f08f10c
+* ux:
+  * remove the `k304` togglebutton in the controlpanel by default 1c011ff0
+  * mention that a full restart is required for `[global]` config changes to take effect 0c039219
+* docs e78af022
+  * [how to use copyparty with amazon aws s3](https://github.com/9001/copyparty#using-the-cloud-as-storage)
+  * faq: http/https confusion caused by incorrectly configured cloudflare
+  * #76 docker: ftp-server howto
+* copyparty.exe: updated pyinstaller to 6.5.0 bdbcbbb0
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2024-0221-2132  `v1.10.2`  tall thumbs
+
+## new features
+
+* thumbnails can be way taller when centercrop is disabled in the browser UI 5026b212
+  * good for folders with lots of portrait pics (no more letterboxing)
+* more thumbnail stuff:
+  * zoom levels are twice as granular 5026b212
+  * write-only folders get an "upload-only" icon 89c6c2e0
+  * inaccessible files/folders get a 403/404 icon 8a38101e
+
+## bugfixes
+
+* tftp fixes d07859e8
+  * server could crash if a nic disappeared / got restarted mid-transfer
+  * tiny resource leak if dualstack causes ipv4 bind to fail
+* thumbnails:
+  * when behind a caching proxy (cloudflare), icons in folders would be a random mix of png and svg 43ee6b9f
+  * produce valid folder icons when thumbnails are disabled 14af136f
+* trailing newline in html responses d39a99c9
+
+## other changes
+
+* webdeps: update dompurify 13e77777
+* copyparty.exe: update jinja2, markupsafe, pyinstaller, upx 13e77777
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2024-0218-1554  `v1.10.1`  big thumbs
 

docs/xff.md

@@ -0,0 +1,45 @@
+when running behind a reverse-proxy, or a WAF, or another protection service such as cloudflare:
+
+if you (and maybe everybody else) keep getting a message that says `thank you for playing`, then you've gotten banned for malicious traffic. This ban applies to the IP-address that copyparty *thinks* identifies the shady client -- so, depending on your setup, you might have to tell copyparty where to find the correct IP
+
+knowing the correct IP is also crucial for some other features, such as the unpost feature which lets you delete your own recent uploads -- but if everybody has the same IP, well...
+
+----
+
+for most common setups, there should be a helpful message in the server-log explaining what to do, something like `--xff-src=10.88.0.0/16` or `--xff-src=lan` to accept the `X-Forwarded-For` header from your reverse-proxy with a LAN IP of `10.88.x.y`
+
+if you are behind cloudflare, it is recommended to also set `--xff-hdr=cf-connecting-ip` to use a more trustworthy source of info, but then it's also very important to ensure your reverse-proxy does not accept connections from anything BUT cloudflare; you can do this by generating an ip-address allowlist and reject all other connections
+
+* if you are using nginx as your reverse-proxy, see the [example nginx config](https://github.com/9001/copyparty/blob/hovudstraum/contrib/nginx/copyparty.conf) on how the cloudflare allowlist can be done
+
+----
+
+the server-log will give recommendations in the form of commandline arguments;
+
+to do the same thing using config files, take the options that are suggested in the serverlog and put them into the `[global]` section in your `copyparty.conf` like so:
+
+```yaml
+[global]
+  xff-src: lan
+  xff-hdr: cf-connecting-ip
+```
+
+----
+
+# but if you just want to get it working:
+
+...and don't care about security, you can optionally disable the bot-detectors, either by specifying commandline-args `--ban-404=no --ban-403=no --ban-422=no --ban-url=no --ban-pw=no`
+
+or by adding these lines inside the `[global]` section in your `copyparty.conf`:
+
+```yaml
+[global]
+  ban-404: no
+  ban-403: no
+  ban-422: no
+  ban-url: no
+  ban-pw: no
+```
+
+but remember that this will make other features insecure as well, such as unpost
+

scripts/docker/Dockerfile.djf

@@ -1,4 +1,4 @@
-FROM    fedora:38
+FROM    fedora:39
 WORKDIR /z
 LABEL   org.opencontainers.image.url="https://github.com/9001/copyparty" \
         org.opencontainers.image.source="https://github.com/9001/copyparty/tree/hovudstraum/scripts/docker" \
@@ -21,7 +21,7 @@ RUN     dnf install -y \
             vips vips-jxl vips-poppler vips-magick \
             python3-numpy fftw libsndfile \
             gcc gcc-c++ make cmake patchelf jq \
-            python3-devel ffmpeg-devel fftw-devel libsndfile-devel python3-setuptools \
+            python3-devel ffmpeg-devel fftw-devel libsndfile-devel python3-setuptools python3-wheel \
             vamp-plugin-sdk qm-vamp-plugins \
             vamp-plugin-sdk-devel vamp-plugin-sdk-static \
         && rm -f /usr/lib/python3*/EXTERNALLY-MANAGED \
@@ -29,7 +29,7 @@ RUN     dnf install -y \
         && bash install-deps.sh \
         && dnf erase -y \
             gcc gcc-c++ make cmake patchelf jq \
-            python3-devel ffmpeg-devel fftw-devel libsndfile-devel python3-setuptools \
+            python3-devel ffmpeg-devel fftw-devel libsndfile-devel python3-setuptools python3-wheel \
             vamp-plugin-sdk-devel vamp-plugin-sdk-static \
         && dnf clean all \
         && find /usr/ -name __pycache__ | xargs rm -rf \

scripts/make-sfx.sh

@@ -368,7 +368,7 @@ git describe --tags >/dev/null 2>/dev/null && {
 
 	printf '%s\n' "$git_ver" | grep -qE '^v[0-9\.]+-[0-9]+-g[0-9a-f]+$' && {
 		# long format (unreleased commit)
-		t_ver="$(printf '%s\n' "$ver" | sed -r 's/\./, /g; s/(.*) (.*)/\1 "\2"/')"
+		t_ver="$(printf '%s\n' "$ver" | sed -r 's/[-.]/, /g; s/(.*) (.*)/\1 "\2"/')"
 	}
 
 	[ -z "$t_ver" ] && {

tests/util.py

@@ -110,7 +110,7 @@ class Cfg(Namespace):
     def __init__(self, a=None, v=None, c=None, **ka0):
         ka = {}
 
-        ex = "daw dav_auth dav_inf dav_mac dav_rt e2d e2ds e2dsa e2t e2ts e2tsr e2v e2vu e2vp ed emp exp force_js getmod grid hardlink ih ihead magic never_symlink nid nih no_acode no_athumb no_dav no_dedup no_del no_dupe no_lifetime no_logues no_mv no_readme no_robots no_sb_md no_sb_lg no_scandir no_tarcmp no_thumb no_vthumb no_zip nrand nw q rand smb srch_dbg stats vague_403 vc ver xdev xlink xvol"
+        ex = "daw dav_auth dav_inf dav_mac dav_rt e2d e2ds e2dsa e2t e2ts e2tsr e2v e2vu e2vp early_ban ed emp exp force_js getmod grid hardlink ih ihead magic never_symlink nid nih no_acode no_athumb no_dav no_dedup no_del no_dupe no_lifetime no_logues no_mv no_readme no_robots no_sb_md no_sb_lg no_scandir no_tarcmp no_thumb no_vthumb no_zip nrand nw q rand smb srch_dbg stats vague_403 vc ver xdev xlink xvol"
         ka.update(**{k: False for k in ex.split()})
 
         ex = "dotpart dotsrch no_dhash no_fastboot no_rescan no_sendfile no_voldump re_dhash plain_ip"