v1.9.22

add --ftp-ipa
mention the new auth feature
2023-12-01 00:31:02 +00:00 · 2023-11-30 23:36:46 +00:00 · 2023-11-30 23:01:05 +00:00 · 2023-11-30 22:41:16 +00:00 · 2023-11-30 22:40:30 +00:00 · 2023-11-30 20:45:43 +00:00
42 changed files with 646 additions and 301 deletions
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ turn almost any device into a file server with resumable uploads/downloads using
    * [event hooks](#event-hooks) - trigger a program on uploads, renames etc ([examples](./bin/hooks/))
        * [upload events](#upload-events) - the older, more powerful approach ([examples](./bin/mtag/))
    * [handlers](#handlers) - redefine behavior with plugins ([examples](./bin/handlers/))
+    * [identity providers](#identity-providers) - replace copyparty passwords with oauth and such
    * [hiding from google](#hiding-from-google) - tell search engines you dont wanna be indexed
    * [themes](#themes)
    * [complete examples](#complete-examples)
@@ -119,8 +120,8 @@ just run **[copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/
 enable thumbnails (images/audio/video), media indexing, and audio transcoding by installing some recommended deps:

 * **Alpine:** `apk add py3-pillow ffmpeg`
-* **Debian:** `apt install python3-pil ffmpeg`
-* **Fedora:** `dnf install python3-pillow ffmpeg`
+* **Debian:** `apt install --no-install-recommends python3-pil ffmpeg`
+* **Fedora:** rpmfusion + `dnf install python3-pillow ffmpeg`
 * **FreeBSD:** `pkg install py39-sqlite3 py39-pillow ffmpeg`
 * **MacOS:** `port install py-Pillow ffmpeg`
 * **MacOS** (alternative): `brew install pillow ffmpeg`
@@ -1193,6 +1194,17 @@ redefine behavior with plugins ([examples](./bin/handlers/))
 replace 404 and 403 errors with something completely different (that's it for now)


+## identity providers
+
+replace copyparty passwords with oauth and such
+
+work is [ongoing](https://github.com/9001/copyparty/issues/62) to support authenticating / authorizing users based on a separate authentication proxy, which makes it possible to support oauth, single-sign-on, etc.
+
+it is currently possible to specify `--hdr-au-usr x-username`; copyparty will then skip password validation and blindly trust the username specified in the `X-Username` request header
+
+the remaining stuff (accepting user groups through another header, creating volumes on the fly) are still to-do
+
+
 ## hiding from google

 tell search engines you dont wanna be indexed,  either using the good old [robots.txt](https://www.robotstxt.org/robotstxt.html) or through copyparty settings:
@@ -1366,9 +1378,13 @@ now [available on copr-pypi](https://copr.fedorainfracloud.org/coprs/g/copr/PyPI
 ```bash
 dnf copr enable @copr/PyPI
 dnf install python3-copyparty  # just a minimal install, or... 
-dnf install python3-{copyparty,pillow,argon2-cffi,pyftpdlib,pyOpenSSL} ffmpeg-free  # with recommended deps
+dnf install python3-{copyparty,pillow,argon2-cffi,pyftpdlib,pyOpenSSL} ffmpeg  # with recommended deps
 ```

+`ffmpeg` comes from [rpmfusion](https://rpmfusion.org/Configuration#Command_Line_Setup_using_rpm) so it's recommended to enable that (you don't want `ffmpeg-free` since it fails to thumbnail most h264/mkv/mp4 videos)
+
+to run copyparty as a service, use the [systemd service scripts](https://github.com/9001/copyparty/tree/hovudstraum/contrib/systemd), just replace `/usr/bin/python3 /usr/local/bin/copyparty-sfx.py` with `/usr/bin/copyparty`
+
 this *may* also work on RHEL but [I'm not paying IBM to verify that](https://www.jeffgeerling.com/blog/2023/dear-red-hat-are-you-dumb)


@@ -1505,7 +1521,7 @@ TLDR: yes
 | play ogg/opus   |  -  |  -   |  -   |  -   |  yep  | yep  | `*3` | yep |
 | **= feature =** | ie6 | ie9  | ie10 | ie11 | ff 52 | c 49 | iOS | Andr |

-* internet explorer 6 to 8 behave the same
+* internet explorer 6 through 8 behave the same
 * firefox 52 and chrome 49 are the final winxp versions
 * `*1` yes, but extremely slow (ie10: `1 MiB/s`, ie11: `270 KiB/s`)
 * `*3` iOS 11 and newer, opus only, and requires FFmpeg on the server
--- a/bin/dbtool.py
+++ b/bin/dbtool.py
@@ -207,7 +207,7 @@ def examples():


 def main():
-    global NC, BY_PATH
+    global NC, BY_PATH  # pylint: disable=global-statement
    os.system("")
    print()

@@ -282,7 +282,8 @@ def main():
        if ver == "corrupt":
            die("{} database appears to be corrupt, sorry")

-        if ver < DB_VER1 or ver > DB_VER2:
+        iver = int(ver)
+        if iver < DB_VER1 or iver > DB_VER2:
            m = f"{n} db is version {ver}, this tool only supports versions between {DB_VER1} and {DB_VER2}, please upgrade it with copyparty first"
            die(m)

--- a/bin/partyfuse.py
+++ b/bin/partyfuse.py
@@ -53,7 +53,13 @@ from urllib.parse import unquote_to_bytes as unquote
 WINDOWS = sys.platform == "win32"
 MACOS = platform.system() == "Darwin"
 UTC = timezone.utc
-info = log = dbg = None
+
+
+def print(*args, **kwargs):
+    try:
+        builtins.print(*list(args), **kwargs)
+    except:
+        builtins.print(termsafe(" ".join(str(x) for x in args)), **kwargs)


 print(
@@ -65,6 +71,13 @@ print(
 )


+def null_log(msg):
+    pass
+
+
+info = log = dbg = null_log
+
+
 try:
    from fuse import FUSE, FuseOSError, Operations
 except:
@@ -84,13 +97,6 @@ except:
    raise


-def print(*args, **kwargs):
-    try:
-        builtins.print(*list(args), **kwargs)
-    except:
-        builtins.print(termsafe(" ".join(str(x) for x in args)), **kwargs)
-
-
 def termsafe(txt):
    try:
        return txt.encode(sys.stdout.encoding, "backslashreplace").decode(
@@ -119,10 +125,6 @@ def fancy_log(msg):
    print("{:10.6f} {} {}\n".format(time.time() % 900, rice_tid(), msg), end="")


-def null_log(msg):
-    pass
-
-
 def hexler(binary):
    return binary.replace("\r", "\\r").replace("\n", "\\n")
    return " ".join(["{}\033[36m{:02x}\033[0m".format(b, ord(b)) for b in binary])
--- a/bin/prisonparty.sh
+++ b/bin/prisonparty.sh
@@ -12,13 +12,13 @@ done
 help() { cat <<'EOF'

 usage:
-  ./prisonparty.sh <ROOTDIR> <UID> <GID> [VOLDIR [VOLDIR...]] -- python3 copyparty-sfx.py [...]
+  ./prisonparty.sh <ROOTDIR> <USER|UID> <GROUP|GID> [VOLDIR [VOLDIR...]] -- python3 copyparty-sfx.py [...]

 example:
-  ./prisonparty.sh /var/lib/copyparty-jail 1000 1000 /mnt/nas/music -- python3 copyparty-sfx.py -v /mnt/nas/music::rwmd
+  ./prisonparty.sh /var/lib/copyparty-jail cpp cpp /mnt/nas/music -- python3 copyparty-sfx.py -v /mnt/nas/music::rwmd

 example for running straight from source (instead of using an sfx):
-  PYTHONPATH=$PWD ./prisonparty.sh /var/lib/copyparty-jail 1000 1000 /mnt/nas/music -- python3 -um copyparty -v /mnt/nas/music::rwmd
+  PYTHONPATH=$PWD ./prisonparty.sh /var/lib/copyparty-jail cpp cpp /mnt/nas/music -- python3 -um copyparty -v /mnt/nas/music::rwmd

 note that if you have python modules installed as --user (such as bpm/key detectors),
  you should add /home/foo/.local as a VOLDIR
@@ -28,6 +28,16 @@ exit 1
 }


+errs=
+for c in awk chroot dirname getent lsof mknod mount realpath sed sort stat uniq; do
+	command -v $c >/dev/null || {
+		echo ERROR: command not found: $c
+		errs=1
+	}
+done
+[ $errs ] && exit 1
+
+
 # read arguments
 trap help EXIT
 jail="$(realpath "$1")"; shift
@@ -58,11 +68,18 @@ cpp="$1"; shift
 }
 trap - EXIT

+usr="$(getent passwd $uid | cut -d: -f1)"
+[ "$usr" ] || { echo "ERROR invalid username/uid $uid"; exit 1; }
+uid="$(getent passwd $uid | cut -d: -f3)"
+
+grp="$(getent group $gid | cut -d: -f1)"
+[ "$grp" ] || { echo "ERROR invalid groupname/gid $gid"; exit 1; }
+gid="$(getent group $gid | cut -d: -f3)"

 # debug/vis
 echo
 echo "chroot-dir = $jail"
-echo "user:group = $uid:$gid"
+echo "user:group = $uid:$gid ($usr:$grp)"
 echo " copyparty = $cpp"
 echo
 printf '\033[33m%s\033[0m\n' "copyparty can access these folders and all their subdirectories:"
@@ -80,34 +97,39 @@ jail="${jail%/}"


 # bind-mount system directories and volumes
+for a in {1..30}; do mkdir "$jail/.prisonlock" && break; sleep 0.1; done
 printf '%s\n' "${sysdirs[@]}" "${vols[@]}" | sed -r 's`/$``' | LC_ALL=C sort | uniq |
 while IFS= read -r v; do
 	[ -e "$v" ] || {
 		printf '\033[1;31mfolder does not exist:\033[0m %s\n' "$v"
 		continue
 	}
-	i1=$(stat -c%D.%i "$v"      2>/dev/null || echo a)
-	i2=$(stat -c%D.%i "$jail$v" 2>/dev/null || echo b)
-	# echo "v [$v] i1 [$i1] i2 [$i2]"
+	i1=$(stat -c%D.%i "$v/"      2>/dev/null || echo a)
+	i2=$(stat -c%D.%i "$jail$v/" 2>/dev/null || echo b)
 	[ $i1 = $i2 ] && continue
-	
+	mount | grep -qF " $jail$v " && echo wtf $i1 $i2 $v && continue
 	mkdir -p "$jail$v"
 	mount --bind "$v" "$jail$v"
 done
+rmdir "$jail/.prisonlock" || true


 cln() {
-	rv=$?
-	wait -f -p rv $p || true
+	trap - EXIT
+	wait -f -n $p && rv=0 || rv=$?
 	cd /
 	echo "stopping chroot..."
-	lsof "$jail" | grep -F "$jail" &&
+	for a in {1..30}; do mkdir "$jail/.prisonlock" && break; sleep 0.1; done
+	lsof "$jail" 2>/dev/null | grep -F "$jail" &&
 		echo "chroot is in use; will not unmount" ||
 	{
 		mount | grep -F " on $jail" |
 		awk '{sub(/ type .*/,"");sub(/.* on /,"");print}' |
-		LC_ALL=C sort -r  | tee /dev/stderr | tr '\n' '\0' | xargs -r0 umount
+		LC_ALL=C sort -r | while IFS= read -r v; do
+			umount "$v" && echo "umount OK: $v"
+		done
 	}
+	rmdir "$jail/.prisonlock" || true
 	exit $rv
 }
 trap cln EXIT
@@ -128,8 +150,8 @@ chmod 777 "$jail/tmp"


 # run copyparty
-export HOME=$(getent passwd $uid | cut -d: -f6)
-export USER=$(getent passwd $uid | cut -d: -f1)
+export HOME="$(getent passwd $uid | cut -d: -f6)"
+export USER="$usr"
 export LOGNAME="$USER"
 #echo "pybin [$pybin]"
 #echo "pyarg [$pyarg]"
@@ -137,5 +159,5 @@ export LOGNAME="$USER"
 chroot --userspec=$uid:$gid "$jail" "$pybin" $pyarg "$cpp" "$@" &
 p=$!
 trap 'kill -USR1 $p' USR1
-trap 'kill $p' INT TERM
+trap 'trap - INT TERM; kill $p' INT TERM
 wait
--- a/bin/u2c.py
+++ b/bin/u2c.py
@@ -105,8 +105,8 @@ class File(object):
        # set by handshake
        self.recheck = False  # duplicate; redo handshake after all files done
        self.ucids = []  # type: list[str]  # chunks which need to be uploaded
-        self.wark = None  # type: str
-        self.url = None  # type: str
+        self.wark = ""  # type: str
+        self.url = ""  # type: str
        self.nhs = 0

        # set by upload
@@ -223,6 +223,7 @@ class MTHash(object):

    def hash_at(self, nch):
        f = self.f
+        assert f
        ofs = ofs0 = nch * self.csz
        hashobj = hashlib.sha512()
        chunk_sz = chunk_rem = min(self.csz, self.sz - ofs)
@@ -463,7 +464,7 @@ def quotep(btxt):
    if not PY2:
        quot1 = quot1.encode("ascii")

-    return quot1.replace(b" ", b"+")
+    return quot1.replace(b" ", b"+")  # type: ignore


 # from copyparty/util.py
@@ -500,7 +501,7 @@ def up2k_chunksize(filesize):

 # mostly from copyparty/up2k.py
 def get_hashlist(file, pcb, mth):
-    # type: (File, any, any) -> None
+    # type: (File, Any, Any) -> None
    """generates the up2k hashlist from file contents, inserts it into `file`"""

    chunk_sz = up2k_chunksize(file.size)
@@ -1116,7 +1117,7 @@ source file/folder selection uses rsync syntax, meaning that:
    ap.add_argument("-v", action="store_true", help="verbose")
    ap.add_argument("-a", metavar="PASSWORD", help="password or $filepath")
    ap.add_argument("-s", action="store_true", help="file-search (disables upload)")
-    ap.add_argument("-x", type=unicode, metavar="REGEX", default="", help="skip file if filesystem-abspath matches REGEX, example: '.*/\.hist/.*'")
+    ap.add_argument("-x", type=unicode, metavar="REGEX", default="", help="skip file if filesystem-abspath matches REGEX, example: '.*/\\.hist/.*'")
    ap.add_argument("--ok", action="store_true", help="continue even if some local files are inaccessible")
    ap.add_argument("--version", action="store_true", help="show version and exit")

--- a/bin/unforget.py
+++ b/bin/unforget.py
@@ -66,7 +66,7 @@ def main():
                ofs = ln.find("{")
                j = json.loads(ln[ofs:])
            except:
-                pass
+                continue

            w = j["wark"]
            if db.execute("select w from up where w = ?", (w,)).fetchone():
--- a/contrib/package/arch/PKGBUILD
+++ b/contrib/package/arch/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: icxes <dev.null@need.moe>
 pkgname=copyparty
-pkgver="1.9.18"
+pkgver="1.9.21"
 pkgrel=1
 pkgdesc="File server with accelerated resumable uploads, dedup, WebDAV, FTP, zeroconf, media indexer, thumbnails++"
 arch=("any")
@@ -21,7 +21,7 @@ optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tag
 )
 source=("https://github.com/9001/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz")
 backup=("etc/${pkgname}.d/init" )
-sha256sums=("2f89ace0c5bc6a6990e85b6aa635c96dac16a6b399e4c9d040743695f35edb52")
+sha256sums=("1ef2685aa8804ebab64c05e3e9d95ace47279f497284c3783e668d096490a730")

 build() {
    cd "${srcdir}/${pkgname}-${pkgver}"
--- a/contrib/package/arch/prisonparty.service
+++ b/contrib/package/arch/prisonparty.service
@@ -1,11 +1,11 @@
 # this will start `/usr/bin/copyparty-sfx.py`
-# in a chroot, preventing accidental access elsewhere
-# and read config from `/etc/copyparty.d/*.conf`
+# in a chroot, preventing accidental access elsewhere,
+# and read copyparty config from `/etc/copyparty.d/*.conf`
 #
 # expose additional filesystem locations to copyparty
-#   by listing them between the last `1000` and `--`
+#   by listing them between the last `cpp` and `--`
 #
-# `1000 1000` = what user to run copyparty as
+# `cpp cpp` = user/group to run copyparty as; can be IDs (1000 1000)
 #
 # unless you add -q to disable logging, you may want to remove the
 #   following line to allow buffering (slightly better performance):
@@ -24,7 +24,9 @@ ExecReload=/bin/kill -s USR1 $MAINPID
 ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'

 # run copyparty
-ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail 1000 1000 /etc/copyparty.d -- \
+ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail cpp cpp \
+  /etc/copyparty.d \
+  -- \
  /usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init

 [Install]
--- a/contrib/package/nix/copyparty/pin.json
+++ b/contrib/package/nix/copyparty/pin.json
@@ -1,5 +1,5 @@
 {
-    "url": "https://github.com/9001/copyparty/releases/download/v1.9.18/copyparty-sfx.py",
-    "version": "1.9.18",
-    "hash": "sha256-Qun8qzlThNjO+DUH33p7pkPXAJq20B6tEVbR+I4d0Uc="
+    "url": "https://github.com/9001/copyparty/releases/download/v1.9.21/copyparty-sfx.py",
+    "version": "1.9.21",
+    "hash": "sha256-UI1gvNUUNIcBzTj/OTr7/kskUVh/x3D+xtZHpvUU2AI="
 }
--- a/contrib/systemd/copyparty.conf
+++ b/contrib/systemd/copyparty.conf
@@ -0,0 +1,42 @@
+# not actually YAML but lets pretend:
+# -*- mode: yaml -*-
+# vim: ft=yaml:
+
+
+# put this file in /etc/
+
+
+[global]
+  e2dsa  # enable file indexing and filesystem scanning
+  e2ts   # and enable multimedia indexing
+  ansi   # and colors in log messages
+
+  # disable logging to stdout/journalctl and log to a file instead;
+  # $LOGS_DIRECTORY is usually /var/log/copyparty (comes from systemd)
+  # and copyparty replaces %Y-%m%d with Year-MonthDay, so the
+  # full path will be something like /var/log/copyparty/2023-1130.txt
+  # (note: enable compression by adding .xz at the end)
+  q, lo: $LOGS_DIRECTORY/%Y-%m%d.log
+
+  # p: 80,443,3923   # listen on 80/443 as well (requires CAP_NET_BIND_SERVICE)
+  # i: 127.0.0.1     # only allow connections from localhost (reverse-proxies)
+  # ftp: 3921        # enable ftp server on port 3921
+  # p: 3939          # listen on another port
+  # df: 16           # stop accepting uploads if less than 16 GB free disk space
+  # ver              # show copyparty version in the controlpanel
+  # grid             # show thumbnails/grid-view by default
+  # theme: 2         # monokai
+  # name: datasaver  # change the server-name that's displayed in the browser
+  # stats, nos-dup   # enable the prometheus endpoint, but disable the dupes counter (too slow)
+  # no-robots, force-js  # make it harder for search engines to read your server
+
+
+[accounts]
+  ed: wark  # username: password
+
+
+[/]            # create a volume at "/" (the webroot), which will
+  /mnt         # share the contents of the "/mnt" folder
+  accs:
+    rw: *      # everyone gets read-write access, but
+    rwmda: ed  # the user "ed" gets read-write-move-delete-admin
--- a/contrib/systemd/copyparty.service
+++ b/contrib/systemd/copyparty.service
@@ -1,28 +1,27 @@
-# this will start `/usr/local/bin/copyparty-sfx.py`
-# and share '/mnt' with anonymous read+write
+# this will start `/usr/local/bin/copyparty-sfx.py` and
+# read copyparty config from `/etc/copyparty.conf`, for example:
+# https://github.com/9001/copyparty/blob/hovudstraum/contrib/systemd/copyparty.conf
 #
 # installation:
 #   wget https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py -O /usr/local/bin/copyparty-sfx.py
-#   cp -pv copyparty.service /etc/systemd/system/
-#   restorecon -vr /etc/systemd/system/copyparty.service  # on fedora/rhel
-#   firewall-cmd --permanent --add-port={80,443,3923}/tcp  # --zone=libvirt
+#   useradd -r -s /sbin/nologin -d /var/lib/copyparty copyparty
+#   firewall-cmd --permanent --add-port=3923/tcp  # --zone=libvirt
 #   firewall-cmd --reload
+#   cp -pv copyparty.service /etc/systemd/system/
+#   cp -pv copyparty.conf /etc/
+#   restorecon -vr /etc/systemd/system/copyparty.service  # on fedora/rhel
 #   systemctl daemon-reload && systemctl enable --now copyparty
 #
 # if it fails to start, first check this: systemctl status copyparty
-# then try starting it while viewing logs: journalctl -fan 100
+# then try starting it while viewing logs:
+#   journalctl -fan 100
+#   tail -Fn 100 /var/log/copyparty/$(date +%Y-%m%d.log)
 #
 # you may want to:
-#   change "User=cpp" and "/home/cpp/" to another user
-#   remove the nft lines to only listen on port 3923
+#  - change "User=copyparty" and "/var/lib/copyparty/" to another user
+#  - edit /etc/copyparty.conf to configure copyparty
 # and in the ExecStart= line:
-#   change '/usr/bin/python3' to another interpreter
-#   change '/mnt::rw' to another location or permission-set
-#   add '-q' to disable logging on busy servers
-#   add '-i 127.0.0.1' to only allow local connections
-#   add '-e2dsa' to enable filesystem scanning + indexing
-#   add '-e2ts' to enable metadata indexing
-#   remove '--ansi' to disable colored logs
+#  - change '/usr/bin/python3' to another interpreter
 #
 # with `Type=notify`, copyparty will signal systemd when it is ready to
 #   accept connections; correctly delaying units depending on copyparty.
@@ -30,11 +29,9 @@
 #   python disabling line-buffering, so messages are out-of-order:
 #   https://user-images.githubusercontent.com/241032/126040249-cb535cc7-c599-4931-a796-a5d9af691bad.png
 #
-# unless you add -q to disable logging, you may want to remove the
-#   following line to allow buffering (slightly better performance):
-#   Environment=PYTHONUNBUFFERED=x
-#
-# keep ExecStartPre before ExecStart, at least on rhel8
+########################################################################
+########################################################################
+

 [Unit]
 Description=copyparty file server
@@ -44,23 +41,52 @@ Type=notify
 SyslogIdentifier=copyparty
 Environment=PYTHONUNBUFFERED=x
 ExecReload=/bin/kill -s USR1 $MAINPID
+PermissionsStartOnly=true

-# user to run as + where the TLS certificate is (if any)
-User=cpp
-Environment=XDG_CONFIG_HOME=/home/cpp/.config
+## user to run as + where the TLS certificate is (if any)
+##
+User=copyparty
+Group=copyparty
+WorkingDirectory=/var/lib/copyparty
+Environment=XDG_CONFIG_HOME=/var/lib/copyparty/.config

-# OPTIONAL: setup forwarding from ports 80 and 443 to port 3923
-ExecStartPre=+/bin/bash -c 'nft -n -a list table nat | awk "/ to :3923 /{print\$NF}" | xargs -rL1 nft delete rule nat prerouting handle; true'
-ExecStartPre=+nft add table ip nat
-ExecStartPre=+nft -- add chain ip nat prerouting { type nat hook prerouting priority -100 \; }
-ExecStartPre=+nft add rule ip nat prerouting tcp dport 80 redirect to :3923
-ExecStartPre=+nft add rule ip nat prerouting tcp dport 443 redirect to :3923
+## OPTIONAL: allow copyparty to listen on low ports (like 80/443);
+##   you need to uncomment the "p: 80,443,3923" in the config too
+##   ------------------------------------------------------------
+##   a slightly safer alternative is to enable partyalone.service
+##   which does portforwarding with nftables instead, but an even
+##   better option is to use a reverse-proxy (nginx/caddy/...)
+##
+AmbientCapabilities=CAP_NET_BIND_SERVICE

-# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running
-ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'
+## some quick hardening; TODO port more from the nixos package
+##
+MemoryMax=50%
+MemorySwapMax=50%
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true

-# copyparty settings
-ExecStart=/usr/bin/python3 /usr/local/bin/copyparty-sfx.py --ansi -e2d -v /mnt::rw
+## create a directory for logfiles;
+##   this defines $LOGS_DIRECTORY which is used in copyparty.conf
+##
+LogsDirectory=copyparty
+
+## finally, start copyparty and give it the config file:
+##
+ExecStart=/usr/bin/python3 /usr/local/bin/copyparty-sfx.py -c /etc/copyparty.conf
+
+# NOTE: if you installed copyparty from an OS package repo (nice)
+#   then you probably want something like this instead:
+#ExecStart=/usr/bin/copyparty -c /etc/copyparty.conf

 [Install]
 WantedBy=multi-user.target
--- a/contrib/systemd/prisonparty.service
+++ b/contrib/systemd/prisonparty.service
@@ -1,5 +1,5 @@
 # this will start `/usr/local/bin/copyparty-sfx.py`
-# in a chroot, preventing accidental access elsewhere
+# in a chroot, preventing accidental access elsewhere,
 # and share '/mnt' with anonymous read+write
 #
 # installation:
@@ -7,9 +7,9 @@
 #   2) cp -pv prisonparty.service /etc/systemd/system && systemctl enable --now prisonparty
 #
 # expose additional filesystem locations to copyparty
-#   by listing them between the last `1000` and `--`
+#   by listing them between the last `cpp` and `--`
 #
-# `1000 1000` = what user to run copyparty as
+# `cpp cpp` = user/group to run copyparty as; can be IDs (1000 1000)
 #
 # you may want to:
 #   change '/mnt::rw' to another location or permission-set
@@ -32,7 +32,9 @@ ExecReload=/bin/kill -s USR1 $MAINPID
 ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'

 # run copyparty
-ExecStart=/bin/bash /usr/local/bin/prisonparty.sh /var/lib/copyparty-jail 1000 1000 /mnt -- \
+ExecStart=/bin/bash /usr/local/bin/prisonparty.sh /var/lib/copyparty-jail cpp cpp \
+  /mnt \
+  -- \
  /usr/bin/python3 /usr/local/bin/copyparty-sfx.py -q -v /mnt::rw

 [Install]
--- a/copyparty/init.py
+++ b/copyparty/init.py
@@ -23,7 +23,7 @@ if not PY2:
    unicode: Callable[[Any], str] = str
 else:
    sys.dont_write_bytecode = True
-    unicode = unicode  # noqa: F821  # pylint: disable=undefined-variable,self-assigning-variable
+    unicode = unicode  # type: ignore

 WINDOWS: Any = (
    [int(x) for x in platform.version().split(".")]
--- a/copyparty/main.py
+++ b/copyparty/main.py
@@ -143,9 +143,11 @@ def warn(msg: str) -> None:
    lprint("\033[1mwarning:\033[0;33m {}\033[0m\n".format(msg))


-def init_E(E: EnvParams) -> None:
+def init_E(EE: EnvParams) -> None:
    # __init__ runs 18 times when oxidized; do expensive stuff here

+    E = EE  # pylint: disable=redefined-outer-name
+
    def get_unixdir() -> str:
        paths: list[tuple[Callable[..., Any], str]] = [
            (os.environ.get, "XDG_CONFIG_HOME"),
@@ -246,7 +248,7 @@ def get_srvname() -> str:
    return ret


-def get_fk_salt(cert_path) -> str:
+def get_fk_salt() -> str:
    fp = os.path.join(E.cfg, "fk-salt.txt")
    try:
        with open(fp, "rb") as f:
@@ -320,6 +322,7 @@ def configure_ssl_ver(al: argparse.Namespace) -> None:
    # oh man i love openssl
    # check this out
    # hold my beer
+    assert ssl
    ptn = re.compile(r"^OP_NO_(TLS|SSL)v")
    sslver = terse_sslver(al.ssl_ver).split(",")
    flags = [k for k in ssl.__dict__ if ptn.match(k)]
@@ -353,6 +356,7 @@ def configure_ssl_ver(al: argparse.Namespace) -> None:


 def configure_ssl_ciphers(al: argparse.Namespace) -> None:
+    assert ssl
    ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    if al.ssl_ver:
        ctx.options &= ~al.ssl_flags_en
@@ -432,9 +436,9 @@ def disable_quickedit() -> None:
    if PY2:
        wintypes.LPDWORD = ctypes.POINTER(wintypes.DWORD)

-    k32.GetStdHandle.errcheck = ecb
-    k32.GetConsoleMode.errcheck = ecb
-    k32.SetConsoleMode.errcheck = ecb
+    k32.GetStdHandle.errcheck = ecb    # type: ignore
+    k32.GetConsoleMode.errcheck = ecb  # type: ignore
+    k32.SetConsoleMode.errcheck = ecb  # type: ignore
    k32.GetConsoleMode.argtypes = (wintypes.HANDLE, wintypes.LPDWORD)
    k32.SetConsoleMode.argtypes = (wintypes.HANDLE, wintypes.DWORD)

@@ -830,7 +834,7 @@ def add_qr(ap, tty):
    ap2.add_argument("--qr", action="store_true", help="show http:// QR-code on startup")
    ap2.add_argument("--qrs", action="store_true", help="show https:// QR-code on startup")
    ap2.add_argument("--qrl", metavar="PATH", type=u, default="", help="location to include in the url, for example [\033[32mpriv/?pw=hunter2\033[0m]")
-    ap2.add_argument("--qri", metavar="PREFIX", type=u, default="", help="select IP which starts with PREFIX; [\033[32m.\033[0m] to force default IP when mDNS URL would have been used instead")
+    ap2.add_argument("--qri", metavar="PREFIX", type=u, default="", help="select IP which starts with \033[33mPREFIX\033[0m; [\033[32m.\033[0m] to force default IP when mDNS URL would have been used instead")
    ap2.add_argument("--qr-fg", metavar="COLOR", type=int, default=0 if tty else 16, help="foreground; try [\033[32m0\033[0m] if the qr-code is unreadable")
    ap2.add_argument("--qr-bg", metavar="COLOR", type=int, default=229, help="background (white=255)")
    ap2.add_argument("--qrp", metavar="CELLS", type=int, default=4, help="padding (spec says 4 or more, but 1 is usually fine)")
@@ -842,7 +846,7 @@ def add_upload(ap):
    ap2.add_argument("--dotpart", action="store_true", help="dotfile incomplete uploads, hiding them from clients unless -ed")
    ap2.add_argument("--plain-ip", action="store_true", help="when avoiding filename collisions by appending the uploader's ip to the filename: append the plaintext ip instead of salting and hashing the ip")
    ap2.add_argument("--unpost", metavar="SEC", type=int, default=3600*12, help="grace period where uploads can be deleted by the uploader, even without delete permissions; 0=disabled")
-    ap2.add_argument("--blank-wt", metavar="SEC", type=int, default=300, help="file write grace period (any client can write to a blank file last-modified more recently than SEC seconds ago)")
+    ap2.add_argument("--blank-wt", metavar="SEC", type=int, default=300, help="file write grace period (any client can write to a blank file last-modified more recently than \033[33mSEC\033[0m seconds ago)")
    ap2.add_argument("--reg-cap", metavar="N", type=int, default=38400, help="max number of uploads to keep in memory when running without -e2d; roughly 1 MiB RAM per 600")
    ap2.add_argument("--no-fpool", action="store_true", help="disable file-handle pooling -- instead, repeatedly close and reopen files during upload (very slow on windows)")
    ap2.add_argument("--use-fpool", action="store_true", help="force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...)")
@@ -851,13 +855,13 @@ def add_upload(ap):
    ap2.add_argument("--no-dedup", action="store_true", help="disable symlink/hardlink creation; copy file contents instead (volflag=copydupes)")
    ap2.add_argument("--no-dupe", action="store_true", help="reject duplicate files during upload; only matches within the same volume (volflag=nodupe)")
    ap2.add_argument("--no-snap", action="store_true", help="disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually")
-    ap2.add_argument("--snap-wri", metavar="SEC", type=int, default=300, help="write upload state to ./hist/up2k.snap every SEC seconds; allows resuming incomplete uploads after a server crash")
-    ap2.add_argument("--snap-drop", metavar="MIN", type=float, default=1440, help="forget unfinished uploads after MIN minutes; impossible to resume them after that (360=6h, 1440=24h)")
+    ap2.add_argument("--snap-wri", metavar="SEC", type=int, default=300, help="write upload state to ./hist/up2k.snap every \033[33mSEC\033[0m seconds; allows resuming incomplete uploads after a server crash")
+    ap2.add_argument("--snap-drop", metavar="MIN", type=float, default=1440, help="forget unfinished uploads after \033[33mMIN\033[0m minutes; impossible to resume them after that (360=6h, 1440=24h)")
    ap2.add_argument("--u2ts", metavar="TXT", type=u, default="c", help="how to timestamp uploaded files; [\033[32mc\033[0m]=client-last-modified, [\033[32mu\033[0m]=upload-time, [\033[32mfc\033[0m]=force-c, [\033[32mfu\033[0m]=force-u (volflag=u2ts)")
    ap2.add_argument("--rand", action="store_true", help="force randomized filenames, --nrand chars long (volflag=rand)")
    ap2.add_argument("--nrand", metavar="NUM", type=int, default=9, help="randomized filenames length (volflag=nrand)")
    ap2.add_argument("--magic", action="store_true", help="enable filetype detection on nameless uploads (volflag=magic)")
-    ap2.add_argument("--df", metavar="GiB", type=float, default=0, help="ensure GiB free disk space by rejecting upload requests")
+    ap2.add_argument("--df", metavar="GiB", type=float, default=0, help="ensure \033[33mGiB\033[0m free disk space by rejecting upload requests")
    ap2.add_argument("--sparse", metavar="MiB", type=int, default=4, help="windows-only: minimum size of incoming uploads through up2k before they are made into sparse files")
    ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; [\033[32m-1\033[0m] = forbidden/always-off, [\033[32m0\033[0m] = default-off and warn if enabled, [\033[32m1\033[0m] = default-off, [\033[32m2\033[0m] = on, [\033[32m3\033[0m] = on and disable datecheck")
    ap2.add_argument("--u2sort", metavar="TXT", type=u, default="s", help="upload order; [\033[32ms\033[0m]=smallest-first, [\033[32mn\033[0m]=alphabetical, [\033[32mfs\033[0m]=force-s, [\033[32mfn\033[0m]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine")
@@ -872,6 +876,7 @@ def add_network(ap):
    ap2.add_argument("--rproxy", metavar="DEPTH", type=int, default=1, help="which ip to keep; [\033[32m0\033[0m]=tcp, [\033[32m1\033[0m]=origin (first x-fwd, unsafe), [\033[32m2\033[0m]=outermost-proxy, [\033[32m3\033[0m]=second-proxy, [\033[32m-1\033[0m]=closest-proxy")
    ap2.add_argument("--xff-hdr", metavar="NAME", type=u, default="x-forwarded-for", help="if reverse-proxied, which http header to read the client's real ip from (argument must be lowercase, but not the actual header)")
    ap2.add_argument("--xff-src", metavar="IP", type=u, default="127., ::1", help="comma-separated list of trusted reverse-proxy IPs; only accept the real-ip header (--xff-hdr) if the incoming connection is from an IP starting with either of these. Can be disabled with [\033[32many\033[0m] if you are behind cloudflare (or similar) and are using --xff-hdr=cf-connecting-ip (or similar)")
+    ap2.add_argument("--ipa", metavar="PREFIX", type=u, default="", help="only accept connections from IP-addresses starting with \033[33mPREFIX\033[0m; example: [\033[32m127., 10.89., 192.168.\033[0m]")
    ap2.add_argument("--rp-loc", metavar="PATH", type=u, default="", help="if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here (eg. /foo/bar)")
    if ANYWIN:
        ap2.add_argument("--reuseaddr", action="store_true", help="set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances")
@@ -882,7 +887,7 @@ def add_network(ap):
    ap2.add_argument("--s-wr-sz", metavar="B", type=int, default=256*1024, help="socket write size in bytes")
    ap2.add_argument("--s-wr-slp", metavar="SEC", type=float, default=0, help="debug: socket write delay in seconds")
    ap2.add_argument("--rsp-slp", metavar="SEC", type=float, default=0, help="debug: response delay in seconds")
-    ap2.add_argument("--rsp-jtr", metavar="SEC", type=float, default=0, help="debug: response delay, random duration 0..SEC")
+    ap2.add_argument("--rsp-jtr", metavar="SEC", type=float, default=0, help="debug: response delay, random duration 0..\033[33mSEC\033[0m")


 def add_tls(ap, cert_path):
@@ -915,14 +920,19 @@ def add_cert(ap, cert_path):
    ap2.add_argument("--crt-alg", metavar="S-N", type=u, default="ecdsa-256", help="algorithm and keysize; one of these: ecdsa-256 rsa-4096 rsa-2048")


+def add_auth(ap):
+    ap2 = ap.add_argument_group('user authentication options')
+    ap2.add_argument("--hdr-au-usr", metavar="HN", type=u, default="", help="bypass the copyparty authentication checks and assume the request-header \033[33mHN\033[0m contains the username of the requesting user (for use with authentik/oauth/...)\n\033[1;31mWARNING:\033[0m if you enable this, make sure clients are unable to specify this header themselves; must be washed away and replaced by a reverse-proxy. Also, the argument must be lowercase, but not the actual header")
+
+
 def add_zeroconf(ap):
    ap2 = ap.add_argument_group("Zeroconf options")
    ap2.add_argument("-z", action="store_true", help="enable all zeroconf backends (mdns, ssdp)")
    ap2.add_argument("--z-on", metavar="NETS", type=u, default="", help="enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes\n └─example: \033[32meth0, wlo1, virhost0, 192.168.123.0/24, fd00:fda::/96\033[0m")
    ap2.add_argument("--z-off", metavar="NETS", type=u, default="", help="disable zeroconf on the comma-separated list of subnets and/or interface names/indexes")
-    ap2.add_argument("--z-chk", metavar="SEC", type=int, default=10, help="check for network changes every SEC seconds (0=disable)")
+    ap2.add_argument("--z-chk", metavar="SEC", type=int, default=10, help="check for network changes every \033[33mSEC\033[0m seconds (0=disable)")
    ap2.add_argument("-zv", action="store_true", help="verbose all zeroconf backends")
-    ap2.add_argument("--mc-hop", metavar="SEC", type=int, default=0, help="rejoin multicast groups every SEC seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [\033[32m300\033[0m] or [\033[32m180\033[0m]")
+    ap2.add_argument("--mc-hop", metavar="SEC", type=int, default=0, help="rejoin multicast groups every \033[33mSEC\033[0m seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [\033[32m300\033[0m] or [\033[32m180\033[0m]")


 def add_zc_mdns(ap):
@@ -942,7 +952,7 @@ def add_zc_mdns(ap):
    ap2.add_argument("--zm-mnic", action="store_true", help="merge NICs which share subnets; assume that same subnet means same network")
    ap2.add_argument("--zm-msub", action="store_true", help="merge subnets on each NIC -- always enabled for ipv6 -- reduces network load, but gnome-gvfs clients may stop working, and clients cannot be in subnets that the server is not")
    ap2.add_argument("--zm-noneg", action="store_true", help="disable NSEC replies -- try this if some clients don't see copyparty")
-    ap2.add_argument("--zm-spam", metavar="SEC", type=float, default=0, help="send unsolicited announce every SEC; useful if clients have IPs in a subnet which doesn't overlap with the server")
+    ap2.add_argument("--zm-spam", metavar="SEC", type=float, default=0, help="send unsolicited announce every \033[33mSEC\033[0m; useful if clients have IPs in a subnet which doesn't overlap with the server")


 def add_zc_ssdp(ap):
@@ -957,11 +967,12 @@ def add_zc_ssdp(ap):

 def add_ftp(ap):
    ap2 = ap.add_argument_group('FTP options')
-    ap2.add_argument("--ftp", metavar="PORT", type=int, help="enable FTP server on PORT, for example \033[32m3921")
-    ap2.add_argument("--ftps", metavar="PORT", type=int, help="enable FTPS server on PORT, for example \033[32m3990")
+    ap2.add_argument("--ftp", metavar="PORT", type=int, help="enable FTP server on \033[33mPORT\033[0m, for example \033[32m3921")
+    ap2.add_argument("--ftps", metavar="PORT", type=int, help="enable FTPS server on \033[33mPORT\033[0m, for example \033[32m3990")
    ap2.add_argument("--ftpv", action="store_true", help="verbose")
    ap2.add_argument("--ftp4", action="store_true", help="only listen on IPv4")
-    ap2.add_argument("--ftp-wt", metavar="SEC", type=int, default=7, help="grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than SEC seconds ago)")
+    ap2.add_argument("--ftp-ipa", metavar="PFX", type=u, default="", help="only accept connections from IP-addresses starting with \033[33mPFX\033[0m; specify [\033[32many\033[0m] to disable inheriting \033[33m--ipa\033[0m. Example: [\033[32m127., 10.89., 192.168.\033[0m]")
+    ap2.add_argument("--ftp-wt", metavar="SEC", type=int, default=7, help="grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than \033[33mSEC\033[0m seconds ago)")
    ap2.add_argument("--ftp-nat", metavar="ADDR", type=u, help="the NAT address to use for passive connections")
    ap2.add_argument("--ftp-pr", metavar="P-P", type=u, help="the range of TCP ports to use for passive connections, for example \033[32m12000-13000")

@@ -998,15 +1009,15 @@ def add_handlers(ap):

 def add_hooks(ap):
    ap2 = ap.add_argument_group('event hooks (see --help-hooks)')
-    ap2.add_argument("--xbu", metavar="CMD", type=u, action="append", help="execute CMD before a file upload starts")
-    ap2.add_argument("--xau", metavar="CMD", type=u, action="append", help="execute CMD after  a file upload finishes")
-    ap2.add_argument("--xiu", metavar="CMD", type=u, action="append", help="execute CMD after  all uploads finish and volume is idle")
-    ap2.add_argument("--xbr", metavar="CMD", type=u, action="append", help="execute CMD before a file move/rename")
-    ap2.add_argument("--xar", metavar="CMD", type=u, action="append", help="execute CMD after  a file move/rename")
-    ap2.add_argument("--xbd", metavar="CMD", type=u, action="append", help="execute CMD before a file delete")
-    ap2.add_argument("--xad", metavar="CMD", type=u, action="append", help="execute CMD after  a file delete")
-    ap2.add_argument("--xm", metavar="CMD", type=u, action="append", help="execute CMD on message")
-    ap2.add_argument("--xban", metavar="CMD", type=u, action="append", help="execute CMD if someone gets banned (pw/404/403/url)")
+    ap2.add_argument("--xbu", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m before a file upload starts")
+    ap2.add_argument("--xau", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m after  a file upload finishes")
+    ap2.add_argument("--xiu", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m after  all uploads finish and volume is idle")
+    ap2.add_argument("--xbr", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m before a file move/rename")
+    ap2.add_argument("--xar", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m after  a file move/rename")
+    ap2.add_argument("--xbd", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m before a file delete")
+    ap2.add_argument("--xad", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m after  a file delete")
+    ap2.add_argument("--xm", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m on message")
+    ap2.add_argument("--xban", metavar="CMD", type=u, action="append", help="execute \033[33mCMD\033[0m if someone gets banned (pw/404/403/url)")


 def add_stats(ap):
@@ -1056,7 +1067,7 @@ def add_safety(ap):
    ap2.add_argument("--vague-403", action="store_true", help="send 404 instead of 403 (security through ambiguity, very enterprise)")
    ap2.add_argument("--force-js", action="store_true", help="don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore --no-robots")
    ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything (volflag=norobots)")
-    ap2.add_argument("--logout", metavar="H", type=float, default="8086", help="logout clients after H hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
+    ap2.add_argument("--logout", metavar="H", type=float, default="8086", help="logout clients after \033[33mH\033[0m hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
    ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
    ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="50,60,1440", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; only affects users who cannot see directory listings because their access is either g/G/h")
    ap2.add_argument("--ban-403", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m 403's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week, [\033[32m43200\033[0m]=month")
@@ -1064,8 +1075,8 @@ def add_safety(ap):
    ap2.add_argument("--ban-url", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m sus URL's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; applies only to access g/G/h (decent replacement for --ban-404 if that can't be used)")
    ap2.add_argument("--sus-urls", metavar="R", type=u, default=r"\.php$|(^|/)wp-(admin|content|includes)/", help="URLs which are considered sus / eligible for banning; disable with blank or [\033[32mno\033[0m]")
    ap2.add_argument("--nonsus-urls", metavar="R", type=u, default=r"^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known", help="harmless URLs ignored from 404-bans; disable with blank or [\033[32mno\033[0m]")
-    ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0")
-    ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [\033[32m0\033[0m]")
+    ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for \033[33mMIN\033[0m minutes (and also kill its active connections) -- disable with 0")
+    ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for \033[33mB\033[0m minutes; disable with [\033[32m0\033[0m]")
    ap2.add_argument("--acao", metavar="V[,V]", type=u, default="*", help="Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [\033[32mhttps://1.2.3.4\033[0m]. Default [\033[32m*\033[0m] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives")
    ap2.add_argument("--acam", metavar="V[,V]", type=u, default="GET,HEAD", help="Access-Control-Allow-Methods; list of methods to accept from offsite ('*' behaves like described in --acao)")

@@ -1084,7 +1095,7 @@ def add_shutdown(ap):
    ap2 = ap.add_argument_group('shutdown options')
    ap2.add_argument("--ign-ebind", action="store_true", help="continue running even if it's impossible to listen on some of the requested endpoints")
    ap2.add_argument("--ign-ebind-all", action="store_true", help="continue running even if it's impossible to receive connections at all")
-    ap2.add_argument("--exit", metavar="WHEN", type=u, default="", help="shutdown after WHEN has finished; [\033[32mcfg\033[0m] config parsing, [\033[32midx\033[0m] volscan + multimedia indexing")
+    ap2.add_argument("--exit", metavar="WHEN", type=u, default="", help="shutdown after \033[33mWHEN\033[0m has finished; [\033[32mcfg\033[0m] config parsing, [\033[32midx\033[0m] volscan + multimedia indexing")


 def add_logging(ap):
@@ -1093,13 +1104,14 @@ def add_logging(ap):
    ap2.add_argument("-lo", metavar="PATH", type=u, help="logfile, example: \033[32mcpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz")
    ap2.add_argument("--no-ansi", action="store_true", default=not VT100, help="disable colors; same as environment-variable NO_COLOR")
    ap2.add_argument("--ansi", action="store_true", help="force colors; overrides environment-variable NO_COLOR")
+    ap2.add_argument("--no-logflush", action="store_true", help="don't flush the logfile after each write; tiny bit faster")
    ap2.add_argument("--no-voldump", action="store_true", help="do not list volumes and permissions on startup")
    ap2.add_argument("--log-tdec", metavar="N", type=int, default=3, help="timestamp resolution / number of timestamp decimals")
    ap2.add_argument("--log-badpwd", metavar="N", type=int, default=1, help="log failed login attempt passwords: 0=terse, 1=plaintext, 2=hashed")
    ap2.add_argument("--log-conn", action="store_true", help="debug: print tcp-server msgs")
    ap2.add_argument("--log-htp", action="store_true", help="debug: print http-server threadpool scaling")
    ap2.add_argument("--ihead", metavar="HEADER", type=u, action='append', help="dump incoming header")
-    ap2.add_argument("--lf-url", metavar="RE", type=u, default=r"^/\.cpr/|\?th=[wj]$|/\.(_|ql_|DS_Store$|localized$)", help="dont log URLs matching")
+    ap2.add_argument("--lf-url", metavar="RE", type=u, default=r"^/\.cpr/|\?th=[wj]$|/\.(_|ql_|DS_Store$|localized$)", help="dont log URLs matching regex \033[33mRE\033[0m")


 def add_admin(ap):
@@ -1123,7 +1135,7 @@ def add_thumbnail(ap):
    ap2.add_argument("--th-no-webp", action="store_true", help="disable webp output")
    ap2.add_argument("--th-ff-jpg", action="store_true", help="force jpg output for video thumbs")
    ap2.add_argument("--th-ff-swr", action="store_true", help="use swresample instead of soxr for audio thumbs")
-    ap2.add_argument("--th-poke", metavar="SEC", type=int, default=300, help="activity labeling cooldown -- avoids doing keepalive pokes (updating the mtime) on thumbnail folders more often than SEC seconds")
+    ap2.add_argument("--th-poke", metavar="SEC", type=int, default=300, help="activity labeling cooldown -- avoids doing keepalive pokes (updating the mtime) on thumbnail folders more often than \033[33mSEC\033[0m seconds")
    ap2.add_argument("--th-clean", metavar="SEC", type=int, default=43200, help="cleanup interval; 0=disabled")
    ap2.add_argument("--th-maxage", metavar="SEC", type=int, default=604800, help="max folder age -- folders which haven't been poked for longer than --th-poke seconds will get deleted every --th-clean seconds")
    ap2.add_argument("--th-covers", metavar="N,N", type=u, default="folder.png,folder.jpg,cover.png,cover.jpg", help="folder thumbnails to stat/look for; enabling -e2d will make these case-insensitive, and also automatically select thumbnails for all folders that contain pics, even if none match this pattern")
@@ -1141,7 +1153,7 @@ def add_transcoding(ap):
    ap2 = ap.add_argument_group('transcoding options')
    ap2.add_argument("--no-acode", action="store_true", help="disable audio transcoding")
    ap2.add_argument("--no-bacode", action="store_true", help="disable batch audio transcoding by folder download (zip/tar)")
-    ap2.add_argument("--ac-maxage", metavar="SEC", type=int, default=86400, help="delete cached transcode output after SEC seconds")
+    ap2.add_argument("--ac-maxage", metavar="SEC", type=int, default=86400, help="delete cached transcode output after \033[33mSEC\033[0m seconds")


 def add_db_general(ap, hcores):
@@ -1162,8 +1174,8 @@ def add_db_general(ap, hcores):
    ap2.add_argument("--xlink", action="store_true", help="on upload: check all volumes for dupes, not just the target volume (volflag=xlink)")
    ap2.add_argument("--hash-mt", metavar="CORES", type=int, default=hcores, help="num cpu cores to use for file hashing; set 0 or 1 for single-core hashing")
    ap2.add_argument("--re-maxage", metavar="SEC", type=int, default=0, help="disk rescan volume interval, 0=off (volflag=scan)")
-    ap2.add_argument("--db-act", metavar="SEC", type=float, default=10, help="defer any scheduled volume reindexing until SEC seconds after last db write (uploads, renames, ...)")
-    ap2.add_argument("--srch-time", metavar="SEC", type=int, default=45, help="search deadline -- terminate searches running for more than SEC seconds")
+    ap2.add_argument("--db-act", metavar="SEC", type=float, default=10, help="defer any scheduled volume reindexing until \033[33mSEC\033[0m seconds after last db write (uploads, renames, ...)")
+    ap2.add_argument("--srch-time", metavar="SEC", type=int, default=45, help="search deadline -- terminate searches running for more than \033[33mSEC\033[0m seconds")
    ap2.add_argument("--srch-hits", metavar="N", type=int, default=7999, help="max search results to allow clients to fetch; 125 results will be shown initially")
    ap2.add_argument("--dotsrch", action="store_true", help="show dotfiles in search results (volflags: dotsrch | nodotsrch)")

@@ -1182,12 +1194,12 @@ def add_db_metadata(ap):
    ap2.add_argument("-mtm", metavar="M=t,t,t", type=u, action="append", help="add/replace metadata mapping")
    ap2.add_argument("-mte", metavar="M,M,M", type=u, help="tags to index/display (comma-sep.); either an entire replacement list, or add/remove stuff on the default-list with +foo or /bar", default=DEF_MTE)
    ap2.add_argument("-mth", metavar="M,M,M", type=u, help="tags to hide by default (comma-sep.); assign/add/remove same as -mte", default=DEF_MTH)
-    ap2.add_argument("-mtp", metavar="M=[f,]BIN", type=u, action="append", help="read tag M using program BIN to parse the file")
+    ap2.add_argument("-mtp", metavar="M=[f,]BIN", type=u, action="append", help="read tag \033[33mM\033[0m using program \033[33mBIN\033[0m to parse the file")


 def add_txt(ap):
    ap2 = ap.add_argument_group('textfile options')
-    ap2.add_argument("-mcr", metavar="SEC", type=int, default=60, help="textfile editor checks for serverside changes every SEC seconds")
+    ap2.add_argument("-mcr", metavar="SEC", type=int, default=60, help="textfile editor checks for serverside changes every \033[33mSEC\033[0m seconds")
    ap2.add_argument("-emp", action="store_true", help="enable markdown plugins -- neat but dangerous, big XSS risk")
    ap2.add_argument("--exp", action="store_true", help="enable textfile expansion -- replace {{self.ip}} and such; see --help-exp (volflag=exp)")
    ap2.add_argument("--exp-md", metavar="V,V,V", type=u, default=DEF_EXP, help="comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan (volflag=exp_md)")
@@ -1201,7 +1213,7 @@ def add_ui(ap, retry):
    ap2.add_argument("--theme", metavar="NUM", type=int, default=0, help="default theme to use")
    ap2.add_argument("--themes", metavar="NUM", type=int, default=8, help="number of themes installed")
    ap2.add_argument("--sort", metavar="C,C,C", type=u, default="href", help="default sort order, comma-separated column IDs (see header tooltips), prefix with '-' for descending. Examples: \033[32mhref -href ext sz ts tags/Album tags/.tn\033[0m (volflag=sort)")
-    ap2.add_argument("--unlist", metavar="REGEX", type=u, default="", help="don't show files matching REGEX in file list. Purely cosmetic! Does not affect API calls, just the browser. Example: [\033[32m\\.(js|css)$\033[0m] (volflag=unlist)")
+    ap2.add_argument("--unlist", metavar="REGEX", type=u, default="", help="don't show files matching \033[33mREGEX\033[0m in file list. Purely cosmetic! Does not affect API calls, just the browser. Example: [\033[32m\\.(js|css)$\033[0m] (volflag=unlist)")
    ap2.add_argument("--favico", metavar="TXT", type=u, default="c 000 none" if retry else "🎉 000 none", help="\033[33mfavicon-text\033[0m [ \033[33mforeground\033[0m [ \033[33mbackground\033[0m ] ], set blank to disable")
    ap2.add_argument("--mpmc", metavar="URL", type=u, default="", help="change the mediaplayer-toggle mouse cursor; URL to a folder with {2..5}.png inside (or disable with [\033[32m.\033[0m])")
    ap2.add_argument("--js-browser", metavar="L", type=u, help="URL to additional JS to include")
@@ -1230,12 +1242,12 @@ def add_debug(ap):
    ap2.add_argument("--no-htp", action="store_true", help="disable httpserver threadpool, create threads as-needed instead")
    ap2.add_argument("--srch-dbg", action="store_true", help="explain search processing, and do some extra expensive sanity checks")
    ap2.add_argument("--rclone-mdns", action="store_true", help="use mdns-domain instead of server-ip on /?hc")
-    ap2.add_argument("--stackmon", metavar="P,S", type=u, help="write stacktrace to Path every S second, for example --stackmon=\033[32m./st/%%Y-%%m/%%d/%%H%%M.xz,60")
-    ap2.add_argument("--log-thrs", metavar="SEC", type=float, help="list active threads every SEC")
-    ap2.add_argument("--log-fk", metavar="REGEX", type=u, default="", help="log filekey params for files where path matches REGEX; [\033[32m.\033[0m] (a single dot) = all files")
+    ap2.add_argument("--stackmon", metavar="P,S", type=u, help="write stacktrace to \033[33mP\033[0math every \033[33mS\033[0m second, for example --stackmon=\033[32m./st/%%Y-%%m/%%d/%%H%%M.xz,60")
+    ap2.add_argument("--log-thrs", metavar="SEC", type=float, help="list active threads every \033[33mSEC\033[0m")
+    ap2.add_argument("--log-fk", metavar="REGEX", type=u, default="", help="log filekey params for files where path matches \033[33mREGEX\033[0m; [\033[32m.\033[0m] (a single dot) = all files")
    ap2.add_argument("--bak-flips", action="store_true", help="[up2k] if a client uploads a bitflipped/corrupted chunk, store a copy according to --bf-nc and --bf-dir")
-    ap2.add_argument("--bf-nc", metavar="NUM", type=int, default=200, help="bak-flips: stop if there's more than NUM files at --kf-dir already; default: 6.3 GiB max (200*32M)")
-    ap2.add_argument("--bf-dir", metavar="PATH", type=u, default="bf", help="bak-flips: store corrupted chunks at PATH; default: folder named 'bf' wherever copyparty was started")
+    ap2.add_argument("--bf-nc", metavar="NUM", type=int, default=200, help="bak-flips: stop if there's more than \033[33mNUM\033[0m files at --kf-dir already; default: 6.3 GiB max (200*32M)")
+    ap2.add_argument("--bf-dir", metavar="PATH", type=u, default="bf", help="bak-flips: store corrupted chunks at \033[33mPATH\033[0m; default: folder named 'bf' wherever copyparty was started")


 # fmt: on
@@ -1252,7 +1264,7 @@ def run_argparse(

    cert_path = os.path.join(E.cfg, "cert.pem")

-    fk_salt = get_fk_salt(cert_path)
+    fk_salt = get_fk_salt()
    ah_salt = get_ah_salt()

    # alpine peaks at 5 threads for some reason,
@@ -1268,6 +1280,7 @@ def run_argparse(
    add_network(ap)
    add_tls(ap, cert_path)
    add_cert(ap, cert_path)
+    add_auth(ap)
    add_qr(ap, tty)
    add_zeroconf(ap)
    add_zc_mdns(ap)
--- a/copyparty/version.py
+++ b/copyparty/version.py
@@ -1,8 +1,8 @@
 # coding: utf-8

-VERSION = (1, 9, 19)
+VERSION = (1, 9, 22)
 CODENAME = "prometheable"
-BUILD_DT = (2023, 11, 19)
+BUILD_DT = (2023, 12, 1)

 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -414,7 +414,7 @@ class VFS(object):
        hist = flags.get("hist")
        if hist and hist != "-":
            zs = "{}/{}".format(hist.rstrip("/"), name)
-            flags["hist"] = os.path.expanduser(zs) if zs.startswith("~") else zs
+            flags["hist"] = os.path.expandvars(os.path.expanduser(zs))

        return flags

@@ -947,9 +947,7 @@ class AuthSrv(object):

            if vp is not None and ap is None:
                ap = ln
-                if ap.startswith("~"):
-                    ap = os.path.expanduser(ap)
-
+                ap = os.path.expandvars(os.path.expanduser(ap))
                ap = absreal(ap)
                self._l(ln, 2, "bound to filesystem-path [{}]".format(ap))
                self._map_volume(ap, vp, mount, daxs, mflags)
@@ -959,6 +957,7 @@ class AuthSrv(object):
                err = ""
                try:
                    self._l(ln, 5, "volume access config:")
+                    assert vp
                    sk, sv = ln.split(":")
                    if re.sub("[rwmdgGha]", "", sk) or not sk:
                        err = "invalid accs permissions list; "
@@ -976,6 +975,7 @@ class AuthSrv(object):
                err = ""
                try:
                    self._l(ln, 6, "volume-specific config:")
+                    assert vp
                    zd = split_cfg_ln(ln)
                    fstr = ""
                    for sk, sv in zd.items():
@@ -1186,12 +1186,13 @@ class AuthSrv(object):
                vfs = VFS(self.log_func, mount[dst], dst, daxs[dst], mflags[dst])
                continue

+            assert vfs  # type: ignore
            zv = vfs.add(mount[dst], dst)
            zv.axs = daxs[dst]
            zv.flags = mflags[dst]
            zv.dbv = None

-        assert vfs
+        assert vfs  # type: ignore
        vfs.all_vols = {}
        vfs.all_aps = []
        vfs.all_vps = []
@@ -1259,9 +1260,7 @@ class AuthSrv(object):
            if vflag == "-":
                pass
            elif vflag:
-                if vflag.startswith("~"):
-                    vflag = os.path.expanduser(vflag)
-
+                vflag = os.path.expandvars(os.path.expanduser(vflag))
                vol.histpath = uncyg(vflag) if WINDOWS else vflag
            elif self.args.hist:
                for nch in range(len(hid)):
--- a/copyparty/broker_mp.py
+++ b/copyparty/broker_mp.py
@@ -46,8 +46,8 @@ class BrokerMp(object):
        self.num_workers = self.args.j or CORES
        self.log("broker", "booting {} subprocesses".format(self.num_workers))
        for n in range(1, self.num_workers + 1):
-            q_pend: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(1)
-            q_yield: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(64)
+            q_pend: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(1)  # type: ignore
+            q_yield: queue.Queue[tuple[int, str, list[Any]]] = mp.Queue(64)  # type: ignore

            proc = MProcess(q_pend, q_yield, MpWorker, (q_pend, q_yield, self.args, n))
            Daemon(self.collector, "mp-sink-{}".format(n), (proc,))
--- a/copyparty/ftpd.py
+++ b/copyparty/ftpd.py
@@ -15,7 +15,7 @@ from pyftpdlib.handlers import FTPHandler
 from pyftpdlib.ioloop import IOLoop
 from pyftpdlib.servers import FTPServer

-from .__init__ import ANYWIN, PY2, TYPE_CHECKING, E
+from .__init__ import PY2, TYPE_CHECKING
 from .authsrv import VFS
 from .bos import bos
 from .util import (
@@ -88,8 +88,8 @@ class FtpAuth(DummyAuthorizer):
                    bans[ip] = bonk
                    try:
                        # only possible if multiprocessing disabled
-                        self.hub.broker.httpsrv.bans[ip] = bonk
-                        self.hub.broker.httpsrv.nban += 1
+                        self.hub.broker.httpsrv.bans[ip] = bonk  # type: ignore
+                        self.hub.broker.httpsrv.nban += 1  # type: ignore
                    except:
                        pass

@@ -404,7 +404,16 @@ class FtpHandler(FTPHandler):
            super(FtpHandler, self).__init__(conn, server, ioloop)

        cip = self.remote_ip
-        self.cli_ip = cip[7:] if cip.startswith("::ffff:") else cip
+        if cip.startswith("::ffff:"):
+            cip = cip[7:]
+
+        if self.args.ftp_ipa_re and not self.args.ftp_ipa_re.match(cip):
+            logging.warning("client rejected (--ftp-ipa): %s", cip)
+            self.connected = False
+            conn.close()
+            return
+
+        self.cli_ip = cip

        # abspath->vpath mapping to resolve log_transfer paths
        self.vfs_map: dict[str, str] = {}
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -81,7 +81,7 @@ from .util import (
    sendfile_py,
    undot,
    unescape_cookie,
-    unquote,
+    unquote,  # type: ignore
    unquotep,
    vjoin,
    vol_san,
@@ -236,6 +236,10 @@ class HttpCli(object):
        if self.is_banned():
            return False

+        if self.args.ipa_re and not self.args.ipa_re.match(self.conn.addr[0]):
+            self.log("client rejected (--ipa)", 3)
+            return False
+
        try:
            self.s.settimeout(2)
            headerlines = read_header(self.sr, self.args.s_thead, self.args.s_thead)
@@ -439,8 +443,16 @@ class HttpCli(object):
            except:
                pass

-        self.pw = uparam.get("pw") or self.headers.get("pw") or bauth or cookie_pw
-        self.uname = self.asrv.iacct.get(self.asrv.ah.hash(self.pw)) or "*"
+        if self.args.hdr_au_usr:
+            self.pw = ""
+            self.uname = self.headers.get(self.args.hdr_au_usr) or "*"
+            if self.uname not in self.asrv.vfs.aread:
+                self.log("unknown username: [%s]" % (self.uname), 1)
+                self.uname = "*"
+        else:
+            self.pw = uparam.get("pw") or self.headers.get("pw") or bauth or cookie_pw
+            self.uname = self.asrv.iacct.get(self.asrv.ah.hash(self.pw)) or "*"
+
        self.rvol = self.asrv.vfs.aread[self.uname]
        self.wvol = self.asrv.vfs.awrite[self.uname]
        self.mvol = self.asrv.vfs.amove[self.uname]
@@ -888,7 +900,11 @@ class HttpCli(object):
                return self.tx_ico(self.vpath.split("/")[-1], exact=True)

            if self.vpath.startswith(".cpr/ssdp"):
-                return self.conn.hsrv.ssdp.reply(self)
+                if self.conn.hsrv.ssdp:
+                    return self.conn.hsrv.ssdp.reply(self)
+                else:
+                    self.reply(b"ssdp is disabled in server config", 404)
+                    return False

            if self.vpath.startswith(".cpr/dd/") and self.args.mpmc:
                if self.args.mpmc == ".":
@@ -2161,17 +2177,17 @@ class HttpCli(object):

            msg = "naw dude"
            pwd = "x"  # nosec
-            dur = None
+            dur = 0

        if pwd == "x":
            # reset both plaintext and tls
            # (only affects active tls cookies when tls)
            for k in ("cppwd", "cppws") if self.is_https else ("cppwd",):
-                ck = gencookie(k, pwd, self.args.R, False, dur)
+                ck = gencookie(k, pwd, self.args.R, False)
                self.out_headerlist.append(("Set-Cookie", ck))
        else:
            k = "cppws" if self.is_https else "cppwd"
-            ck = gencookie(k, pwd, self.args.R, self.is_https, dur)
+            ck = gencookie(k, pwd, self.args.R, self.is_https, dur, "; HttpOnly")
            self.out_headerlist.append(("Set-Cookie", ck))

        return msg
@@ -3299,7 +3315,7 @@ class HttpCli(object):
        if v == "y":
            dur = 86400 * 299
        else:
-            dur = None
+            dur = 0
            v = "x"

        ck = gencookie("k304", v, self.args.R, False, dur)
@@ -3309,7 +3325,7 @@ class HttpCli(object):

    def setck(self) -> bool:
        k, v = self.uparam["setck"].split("=", 1)
-        t = None if v == "" else 86400 * 299
+        t = 0 if v == "" else 86400 * 299
        ck = gencookie(k, v, self.args.R, False, t)
        self.out_headerlist.append(("Set-Cookie", ck))
        self.reply(b"o7\n")
@@ -3317,7 +3333,7 @@ class HttpCli(object):

    def set_cfg_reset(self) -> bool:
        for k in ("k304", "js", "idxh", "cppwd", "cppws"):
-            cookie = gencookie(k, "x", self.args.R, False, None)
+            cookie = gencookie(k, "x", self.args.R, False)
            self.out_headerlist.append(("Set-Cookie", cookie))

        self.redirect("", "?h#cc")
--- a/copyparty/ico.py
+++ b/copyparty/ico.py
@@ -8,7 +8,7 @@ import re

 from .__init__ import PY2
 from .th_srv import HAVE_PIL, HAVE_PILF
-from .util import BytesIO
+from .util import BytesIO  # type: ignore


 class Ico(object):
@@ -22,7 +22,7 @@ class Ico(object):
        ext = bext.decode("utf-8")
        zb = hashlib.sha1(bext).digest()[2:4]
        if PY2:
-            zb = [ord(x) for x in zb]
+            zb = [ord(x) for x in zb]  # type: ignore

        c1 = colorsys.hsv_to_rgb(zb[0] / 256.0, 1, 0.3)
        c2 = colorsys.hsv_to_rgb(zb[0] / 256.0, 0.8 if HAVE_PILF else 1, 1)
@@ -91,20 +91,6 @@ class Ico(object):
                img.save(buf, format="PNG", compress_level=1)
                return "image/png", buf.getvalue()

-            elif False:
-                # 48s, too slow
-                import pyvips
-
-                h = int(192 * h / w)
-                w = 192
-                img = pyvips.Image.text(
-                    ext, width=w, height=h, dpi=192, align=pyvips.Align.CENTRE
-                )
-                img = img.ifthenelse(ci[3:], ci[:3], blend=True)
-                # i = i.resize(3, kernel=pyvips.Kernel.NEAREST)
-                buf = img.write_to_buffer(".png[compression=1]")
-                return "image/png", buf
-
        svg = """\
 <?xml version="1.0" encoding="UTF-8"?>
 <svg version="1.1" viewBox="0 0 100 {}" xmlns="http://www.w3.org/2000/svg"><g>
--- a/copyparty/mtag.py
+++ b/copyparty/mtag.py
@@ -118,7 +118,7 @@ def ffprobe(
        b"--",
        fsenc(abspath),
    ]
-    rc, so, se = runcmd(cmd, timeout=timeout)
+    rc, so, se = runcmd(cmd, timeout=timeout, nice=True)
    retchk(rc, cmd, se)
    return parse_ffprobe(so)

@@ -261,7 +261,8 @@ def parse_ffprobe(txt: str) -> tuple[dict[str, tuple[int, Any]], dict[str, list[
    if ".resw" in ret and ".resh" in ret:
        ret["res"] = "{}x{}".format(ret[".resw"], ret[".resh"])

-    zd = {k: (0, v) for k, v in ret.items()}
+    zero = int("0")
+    zd = {k: (zero, v) for k, v in ret.items()}

    return zd, md

@@ -562,6 +563,7 @@ class MTag(object):

                args = {
                    "env": env,
+                    "nice": True,
                    "timeout": parser.timeout,
                    "kill": parser.kill,
                    "capture": parser.capture,
@@ -572,11 +574,6 @@ class MTag(object):
                    zd.update(ret)
                    args["sin"] = json.dumps(zd).encode("utf-8", "replace")

-                if WINDOWS:
-                    args["creationflags"] = 0x4000
-                else:
-                    cmd = ["nice"] + cmd
-
                bcmd = [sfsenc(x) for x in cmd[:-1]] + [fsenc(cmd[-1])]
                rc, v, err = runcmd(bcmd, **args)  # type: ignore
                retchk(rc, bcmd, err, self.log, 5, self.args.mtag_v)
--- a/copyparty/smbd.py
+++ b/copyparty/smbd.py
@@ -406,6 +406,7 @@ class SMB(object):

        smbserver.os.path.abspath = self._hook
        smbserver.os.path.expanduser = self._hook
+        smbserver.os.path.expandvars = self._hook
        smbserver.os.path.getatime = self._hook
        smbserver.os.path.getctime = self._hook
        smbserver.os.path.getmtime = self._hook
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@@ -411,13 +411,14 @@ class SvcHub(object):
            if not vl:
                continue

-            vl = [os.path.expanduser(x) if x.startswith("~") else x for x in vl]
+            vl = [os.path.expandvars(os.path.expanduser(x)) for x in vl]
            setattr(al, k, vl)

        for k in "lo hist ssl_log".split(" "):
            vs = getattr(al, k)
-            if vs and vs.startswith("~"):
-                setattr(al, k, os.path.expanduser(vs))
+            if vs:
+                vs = os.path.expandvars(os.path.expanduser(vs))
+                setattr(al, k, vs)

        for k in "sus_urls nonsus_urls".split(" "):
            vs = getattr(al, k)
@@ -431,11 +432,9 @@ class SvcHub(object):
        elif al.ban_url == "no":
            al.sus_urls = None

-        if al.xff_src in ("any", "0", ""):
-            al.xff_re = None
-        else:
-            zs = al.xff_src.replace(" ", "").replace(".", "\\.").replace(",", "|")
-            al.xff_re = re.compile("^(?:" + zs + ")")
+        al.xff_re = self._ipa2re(al.xff_src)
+        al.ipa_re = self._ipa2re(al.ipa)
+        al.ftp_ipa_re = self._ipa2re(al.ftp_ipa or al.ipa)

        mte = ODict.fromkeys(DEF_MTE.split(","), True)
        al.mte = odfusion(mte, al.mte)
@@ -454,6 +453,13 @@ class SvcHub(object):

        return True

+    def _ipa2re(self, txt) -> Optional[re.Pattern]:
+        if txt in ("any", "0", ""):
+            return None
+        
+        zs = txt.replace(" ", "").replace(".", "\\.").replace(",", "|")
+        return re.compile("^(?:" + zs + ")")
+
    def _setlimits(self) -> None:
        try:
            import resource
@@ -516,12 +522,17 @@ class SvcHub(object):
                sel_fn = "{}.{}".format(fn, ctr)

        fn = sel_fn
+        try:
+            os.makedirs(os.path.dirname(fn))
+        except:
+            pass

        try:
            if do_xz:
                import lzma

                lh = lzma.open(fn, "wt", encoding="utf-8", errors="replace", preset=0)
+                self.args.no_logflush = True
            else:
                lh = open(fn, "wt", encoding="utf-8", errors="replace")
        except:
@@ -751,7 +762,24 @@ class SvcHub(object):
                (zd.hour * 100 + zd.minute) * 100 + zd.second,
                zd.microsecond // self.log_div,
            )
-            self.logf.write("@%s [%s\033[0m] %s\n" % (ts, src, msg))
+
+            if c and not self.args.no_ansi:
+                if isinstance(c, int):
+                    msg = "\033[3%sm%s\033[0m" % (c, msg)
+                elif "\033" not in c:
+                    msg = "\033[%sm%s\033[0m" % (c, msg)
+                else:
+                    msg = "%s%s\033[0m" % (c, msg)
+
+            if "\033" in src:
+                src += "\033[0m"
+
+            if "\033" in msg:
+                msg += "\033[0m"
+
+            self.logf.write("@%s [%s] %s\n" % (ts, src, msg))
+            if not self.args.no_logflush:
+                self.logf.flush()

            now = time.time()
            if now >= self.next_day:
@@ -827,6 +855,8 @@ class SvcHub(object):

            if self.logf:
                self.logf.write(msg)
+                if not self.args.no_logflush:
+                    self.logf.flush()

    def pr(self, *a: Any, **ka: Any) -> None:
        try:
--- a/copyparty/th_srv.py
+++ b/copyparty/th_srv.py
@@ -18,7 +18,7 @@ from .bos import bos
 from .mtag import HAVE_FFMPEG, HAVE_FFPROBE, ffprobe
 from .util import (
    FFMPEG_URL,
-    BytesIO,
+    BytesIO,  # type: ignore
    Cooldown,
    Daemon,
    Pebkac,
@@ -411,6 +411,7 @@ class ThumbSrv(object):
                if c == crops[-1]:
                    raise

+        assert img  # type: ignore
        img.write_to_file(tpath, Q=40)

    def conv_ffmpeg(self, abspath: str, tpath: str, fmt: str, vn: VFS) -> None:
@@ -468,7 +469,7 @@ class ThumbSrv(object):

    def _run_ff(self, cmd: list[bytes], vn: VFS) -> None:
        # self.log((b" ".join(cmd)).decode("utf-8"))
-        ret, _, serr = runcmd(cmd, timeout=vn.flags["convt"])
+        ret, _, serr = runcmd(cmd, timeout=vn.flags["convt"], nice=True)
        if not ret:
            return

--- a/copyparty/u2idx.py
+++ b/copyparty/u2idx.py
@@ -307,7 +307,13 @@ class U2idx(object):

        ret = []
        seen_rps: set[str] = set()
-        lim = min(lim, int(self.args.srch_hits))
+        clamp = int(self.args.srch_hits)
+        if lim >= clamp:
+            lim = clamp
+            clamped = True
+        else:
+            clamped = False
+
        taglist = {}
        for (vtop, ptop, flags) in vols:
            if lim < 0:
@@ -420,7 +426,7 @@ class U2idx(object):

        ret.sort(key=itemgetter("rp"))

-        return ret, list(taglist.keys()), lim < 0
+        return ret, list(taglist.keys()), lim < 0 and not clamped

    def terminator(self, identifier: str, done_flag: list[bool]) -> None:
        for _ in range(self.timeout):
--- a/copyparty/up2k.py
+++ b/copyparty/up2k.py
@@ -882,7 +882,9 @@ class Up2k(object):
        try:
            if bos.makedirs(histpath):
                hidedir(histpath)
-        except:
+        except Exception as ex:
+            t = "failed to initialize volume '/%s': %s"
+            self.log(t % (vpath, ex), 1)
            return None

        try:
@@ -1283,8 +1285,8 @@ class Up2k(object):
                    db.t = time.time()

        if not self.args.no_dhash:
-            db.c.execute("delete from dh where d = ?", (drd,))
-            db.c.execute("insert into dh values (?,?)", (drd, dhash))
+            db.c.execute("delete from dh where d = ?", (drd,))  # type: ignore
+            db.c.execute("insert into dh values (?,?)", (drd, dhash))  # type: ignore

        if self.stop:
            return -1
@@ -1303,7 +1305,7 @@ class Up2k(object):
            if n:
                t = "forgetting {} shadowed autoindexed files in [{}] > [{}]"
                self.log(t.format(n, top, sh_rd))
-                assert sh_erd
+                assert sh_erd  # type: ignore

                q = "delete from dh where (d = ? or d like ?||'%')"
                db.c.execute(q, (sh_erd, sh_erd + "/"))
@@ -2202,7 +2204,7 @@ class Up2k(object):
            t = "native sqlite3 backup failed; using fallback method:\n"
            self.log(t + min_ex())
        finally:
-            c2.close()
+            c2.close()  # type: ignore

        db = cur.connection
        cur.close()
--- a/copyparty/util.py
+++ b/copyparty/util.py
@@ -115,6 +115,11 @@ if True:  # pylint: disable=using-constant-test
    import typing
    from typing import Any, Generator, Optional, Pattern, Protocol, Union

+    try:
+        from typing import LiteralString
+    except:
+        pass
+
    class RootLogger(Protocol):
        def __call__(self, src: str, msg: str, c: Union[int, str] = 0) -> None:
            return None
@@ -144,15 +149,15 @@ if not PY2:
    from urllib.parse import quote_from_bytes as quote
    from urllib.parse import unquote_to_bytes as unquote
 else:
-    from StringIO import StringIO as BytesIO
-    from urllib import quote  # pylint: disable=no-name-in-module
-    from urllib import unquote  # pylint: disable=no-name-in-module
+    from StringIO import StringIO as BytesIO  # type: ignore
+    from urllib import quote  # type: ignore # pylint: disable=no-name-in-module
+    from urllib import unquote  # type: ignore # pylint: disable=no-name-in-module


 try:
    struct.unpack(b">i", b"idgi")
-    spack = struct.pack
-    sunpack = struct.unpack
+    spack = struct.pack  # type: ignore
+    sunpack = struct.unpack  # type: ignore
 except:

    def spack(fmt: bytes, *a: Any) -> bytes:
@@ -378,6 +383,7 @@ def py_desc() -> str:


 def _sqlite_ver() -> str:
+    assert sqlite3  # type: ignore
    try:
        co = sqlite3.connect(":memory:")
        cur = co.cursor()
@@ -1647,16 +1653,15 @@ def gen_filekey_dbg(
    return ret


-def gencookie(k: str, v: str, r: str, tls: bool, dur: Optional[int]) -> str:
+def gencookie(k: str, v: str, r: str, tls: bool, dur: int = 0, txt: str = "") -> str:
    v = v.replace("%", "%25").replace(";", "%3B")
    if dur:
        exp = formatdate(time.time() + dur, usegmt=True)
    else:
        exp = "Fri, 15 Aug 1997 01:00:00 GMT"

-    return "{}={}; Path=/{}; Expires={}{}; SameSite=Lax".format(
-        k, v, r, exp, "; Secure" if tls else ""
-    )
+    t = "%s=%s; Path=/%s; Expires=%s%s%s; SameSite=Lax"
+    return t % (k, v, r, exp, "; Secure" if tls else "", txt)


 def humansize(sz: float, terse: bool = False) -> str:
@@ -1818,7 +1823,7 @@ def exclude_dotfiles(filepaths: list[str]) -> list[str]:
    return [x for x in filepaths if not x.split("/")[-1].startswith(".")]


-def odfusion(base: ODict[str, bool], oth: str) -> ODict[str, bool]:
+def odfusion(base: Union[ODict[str, bool], ODict["LiteralString", bool]], oth: str) -> ODict[str, bool]:
    # merge an "ordered set" (just a dict really) with another list of keys
    words0 = [x for x in oth.split(",") if x]
    words1 = [x for x in oth[1:].split(",") if x]
@@ -1988,10 +1993,10 @@ else:
    # moonrunes become \x3f with bytestrings,
    # losing mojibake support is worth
    def _not_actually_mbcs_enc(txt: str) -> bytes:
-        return txt
+        return txt  # type: ignore

    def _not_actually_mbcs_dec(txt: bytes) -> str:
-        return txt
+        return txt  # type: ignore

    fsenc = afsenc = sfsenc = _not_actually_mbcs_enc
    fsdec = _not_actually_mbcs_dec
@@ -2050,6 +2055,7 @@ def atomic_move(usrc: str, udst: str) -> None:
 def get_df(abspath: str) -> tuple[Optional[int], Optional[int]]:
    try:
        # some fuses misbehave
+        assert ctypes
        if ANYWIN:
            bfree = ctypes.c_ulonglong(0)
            ctypes.windll.kernel32.GetDiskFreeSpaceExW(  # type: ignore
@@ -2452,6 +2458,7 @@ def getalive(pids: list[int], pgid: int) -> list[int]:
                    alive.append(pid)
            else:
                # windows doesn't have pgroups; assume
+                assert psutil
                psutil.Process(pid)
                alive.append(pid)
        except:
@@ -2469,6 +2476,7 @@ def killtree(root: int) -> None:
        pgid = 0

    if HAVE_PSUTIL:
+        assert psutil
        pids = [root]
        parent = psutil.Process(root)
        for child in parent.children(recursive=True):
@@ -2508,9 +2516,34 @@ def killtree(root: int) -> None:
            pass


+def _find_nice() -> str:
+    if WINDOWS:
+        return ""  # use creationflags
+
+    try:
+        zs = shutil.which("nice")
+        if zs:
+            return zs
+    except:
+        pass
+
+    # busted PATHs and/or py2
+    for zs in ("/bin", "/sbin", "/usr/bin", "/usr/sbin"):
+        zs += "/nice"
+        if os.path.exists(zs):
+            return zs
+
+    return ""
+
+
+NICES = _find_nice()
+NICEB = NICES.encode("utf-8")
+
+
 def runcmd(
    argv: Union[list[bytes], list[str]], timeout: Optional[float] = None, **ka: Any
 ) -> tuple[int, str, str]:
+    isbytes = isinstance(argv[0], (bytes, bytearray))
    kill = ka.pop("kill", "t")  # [t]ree [m]ain [n]one
    capture = ka.pop("capture", 3)  # 0=none 1=stdout 2=stderr 3=both

@@ -2524,13 +2557,22 @@ def runcmd(
    berr: bytes

    if ANYWIN:
-        if isinstance(argv[0], (bytes, bytearray)):
+        if isbytes:
            if argv[0] in CMD_EXEB:
                argv[0] += b".exe"
        else:
            if argv[0] in CMD_EXES:
                argv[0] += ".exe"

+    if ka.pop("nice", None):
+        if WINDOWS:
+            ka["creationflags"] = 0x4000
+        elif NICEB:
+            if isbytes:
+                argv = [NICEB] + argv
+            else:
+                argv = [NICES] + argv
+
    p = sp.Popen(argv, stdout=cout, stderr=cerr, **ka)
    if not timeout or PY2:
        bout, berr = p.communicate(sin)
@@ -2678,13 +2720,13 @@ def _parsehook(

    sp_ka = {
        "env": env,
+        "nice": True,
        "timeout": tout,
        "kill": kill,
        "capture": cap,
    }

-    if cmd.startswith("~"):
-        cmd = os.path.expanduser(cmd)
+    cmd = os.path.expandvars(os.path.expanduser(cmd))

    return chk, fork, jtxt, wait, sp_ka, cmd

@@ -2823,9 +2865,7 @@ def loadpy(ap: str, hot: bool) -> Any:
    depending on what other inconveniently named files happen
    to be in the same folder
    """
-    if ap.startswith("~"):
-        ap = os.path.expanduser(ap)
-
+    ap = os.path.expandvars(os.path.expanduser(ap))
    mdir, mfile = os.path.split(absreal(ap))
    mname = mfile.rsplit(".", 1)[0]
    sys.path.insert(0, mdir)
@@ -2833,7 +2873,7 @@ def loadpy(ap: str, hot: bool) -> Any:
    if PY2:
        mod = __import__(mname)
        if hot:
-            reload(mod)
+            reload(mod)  # type: ignore
    else:
        import importlib

@@ -2976,6 +3016,7 @@ def termsize() -> tuple[int, int]:
 def hidedir(dp) -> None:
    if ANYWIN:
        try:
+            assert ctypes
            k32 = ctypes.WinDLL("kernel32")
            attrs = k32.GetFileAttributesW(dp)
            if attrs >= 0:
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
@@ -327,8 +327,8 @@ var Ls = {
 		"tv_xe1": "could not load textfile:\n\nerror ",
 		"tv_xe2": "404, file not found",
 		"tv_lst": "list of textfiles in",
-		"tvt_close": "return to folder view$NHotkey: M\">❌ close",
-		"tvt_dl": "download this file\">💾 download",
+		"tvt_close": "return to folder view$NHotkey: M (or Esc)\">❌ close",
+		"tvt_dl": "download this file$NHotkey: Y\">💾 download",
 		"tvt_prev": "show previous document$NHotkey: i\">⬆ prev",
 		"tvt_next": "show next document$NHotkey: K\">⬇ next",
 		"tvt_sel": "select file &nbsp; ( for cut / delete / ... )$NHotkey: S\">sel",
@@ -559,8 +559,9 @@ var Ls = {
 				"dokumentviser",
 				["I/K", "forr./neste fil"],
 				["M", "lukk tekstdokument"],
-				["E", "rediger tekstdokument"]
-				["S", "velg fil (for F2/ctrl-x/...)"]
+				["E", "rediger tekstdokument"],
+				["S", "velg fil (for F2/ctrl-x/...)"],
+				["Y", "last ned tekstfil"],
 			]
 		],

@@ -806,8 +807,8 @@ var Ls = {
 		"tv_xe1": "kunne ikke laste tekstfil:\n\nfeil ",
 		"tv_xe2": "404, Fil ikke funnet",
 		"tv_lst": "tekstfiler i mappen",
-		"tvt_close": "gå tilbake til mappen$NSnarvei: M\">❌ lukk",
-		"tvt_dl": "last ned denne filen\">💾 last ned",
+		"tvt_close": "gå tilbake til mappen$NSnarvei: M (eller Esc)\">❌ lukk",
+		"tvt_dl": "last ned denne filen$NSnarvei: Y\">💾 last ned",
 		"tvt_prev": "vis forrige dokument$NSnarvei: i\">⬆ forr.",
 		"tvt_next": "vis neste dokument$NSnarvei: K\">⬇ neste",
 		"tvt_sel": "markér filen &nbsp; ( for utklipp / sletting / ... )$NSnarvei: S\">merk",
@@ -1505,7 +1506,6 @@ var mpl = (function () {
 			artist = (np.circle && np.circle != np.artist ? np.circle + ' // ' : '') + (np.artist || (fns.length > 1 ? fns[0] : '')),
 			title = np.title || fns.pop(),
 			cover = '',
-			pcover = '',
 			tags = { title: title };

 		if (artist)
@@ -1520,20 +1520,14 @@ var mpl = (function () {

 			for (var a = 0, aa = files.length; a < aa; a++) {
 				if (/^(cover|folder)\.(jpe?g|png|gif)$/i.test(files[a].textContent)) {
-					cover = noq_href(files[a]);
+					cover = files[a].getAttribute('href');
 					break;
 				}
 			}

 			if (cover) {
 				cover += (cover.indexOf('?') === -1 ? '?' : '&') + 'th=j';
-				pcover = cover;
-
-				var pwd = get_pwd();
-				if (pwd)
-					pcover += '&pw=' + uricom_enc(pwd);
-
-				tags.artwork = [{ "src": pcover, type: "image/jpeg" }];
+				tags.artwork = [{ "src": cover, type: "image/jpeg" }];
 			}
 		}

@@ -1545,7 +1539,7 @@ var mpl = (function () {
 		ebi('np_dur').textContent = np['.dur'] || '';
 		ebi('np_url').textContent = get_vpath() + np.file.split('?')[0];
 		if (!MOBILE)
-			ebi('np_img').setAttribute('src', cover || ''); // dont give last.fm the pwd
+			ebi('np_img').setAttribute('src', cover || '');

 		navigator.mediaSession.metadata = new MediaMetadata(tags);
 		navigator.mediaSession.setActionHandler('play', mplay);
@@ -1723,7 +1717,7 @@ function MPlayer() {
 		var t0 = Date.now();

 		if (mpl.waves)
-			fetch(url + '&th=p').then(function (x) {
+			fetch(url.replace(/\bth=opus&/, '') + '&th=p').then(function (x) {
 				x.body.getReader().read();
 			});

@@ -2243,7 +2237,7 @@ function song_skip(n, dirskip) {
 		return;
 	}

-	if (tid)
+	if (tid && !dirskip)
 		play(ofs + n);
 	else
 		play(mp.order[n == -1 ? mp.order.length - 1 : 0]);
@@ -2276,6 +2270,21 @@ function next_song_cmn(e) {
 	mpl.traversals = 0;
 	t_fchg = 0;
 }
+function last_song(e) {
+	ev(e);
+	if (mp.order.length) {
+		mpl.traversals = 0;
+		return song_skip(-1, true);
+	}
+	if (mpl.traversals++ < 5) {
+		treectl.ls_cb = last_song;
+		return tree_neigh(-1);
+	}
+	toast.inf(10, L.mm_nof);
+	console.log("mm_nof2");
+	mpl.traversals = 0;
+	t_fchg = 0;
+}
 function prev_song(e) {
 	ev(e);

@@ -2920,7 +2929,7 @@ function play(tid, is_ev, seek) {
 			tn = mp.order.length - 1;
 		}
 		else if (mpl.pb_mode == 'next') {
-			treectl.ls_cb = prev_song;
+			treectl.ls_cb = last_song;
 			return tree_neigh(-1);
 		}
 	}
@@ -3004,7 +3013,7 @@ function play(tid, is_ev, seek) {

 		pbar.unwave();
 		if (mpl.waves)
-			pbar.loadwaves(url + '&th=p');
+			pbar.loadwaves(url.replace(/\bth=opus&/, '') + '&th=p');

 		mpui.progress_updater();
 		pbar.onresize();
@@ -4118,7 +4127,10 @@ var showfile = (function () {
 			if (lang == 'md' && td.textContent != '-')
 				continue;

-			td.innerHTML = '<a href="#" class="doc bri" hl="' + link.id + '">-txt-</a>';
+			td.innerHTML = '<a href="#" id="t' +
+				link.id + '" class="doc bri" hl="' +
+				link.id + '">-txt-</a>';
+
 			td.getElementsByTagName('a')[0].setAttribute('href', '?doc=' + fn);
 		}
 		r.mktree();
@@ -4212,6 +4224,9 @@ var showfile = (function () {
 			el.textContent = txt;
 			el.innerHTML = '<code>' + el.innerHTML + '</code>';
 			if (!window.no_prism) {
+				if ((lang == 'conf' || lang == 'cfg') && ('\n' + txt).indexOf('\n# -*- mode: yaml -*-') + 1)
+					lang = 'yaml';
+
 				el.className = 'prism linkable-line-numbers line-numbers language-' + lang;
 				if (!defer)
 					fun(el.firstChild);
@@ -4502,7 +4517,10 @@ var thegrid = (function () {
 	function gclick(e, dbl) {
 		var oth = ebi(this.getAttribute('ref')),
 			href = noq_href(this),
-			aplay = ebi('a' + oth.getAttribute('id')),
+			fid = oth.getAttribute('id'),
+			aplay = ebi('a' + fid),
+			atext = ebi('t' + fid),
+			is_txt = atext && showfile.getlang(href),
 			is_img = /\.(a?png|avif|bmp|gif|heif|jpe?g|jfif|svg|webp|webm|mkv|mp4)(\?|$)/i.test(href),
 			is_dir = href.endsWith('/'),
 			is_srch = !!ebi('unsearch'),
@@ -4517,15 +4535,21 @@ var thegrid = (function () {
 				return r.loadsel();
 			clmod(this, 'sel', clgot(tr, 'sel'));
 		}
-		else if (widget.is_open && aplay)
-			aplay.click();
-
 		else if (in_tree && !have_sel)
 			in_tree.click();

+		else if (oth.hasAttribute('download'))
+			oth.click();
+
+		else if (widget.is_open && aplay)
+			aplay.click();
+
 		else if (is_dir && !have_sel)
 			treectl.reqls(href, true);

+		else if (is_txt && !has(['md', 'htm', 'html'], is_txt))
+			atext.click();
+
 		else if (!is_img && have_sel)
 			window.open(href, '_blank');

@@ -5051,6 +5075,13 @@ document.onkeydown = function (e) {
 			return QS('#twobytwo').click();
 	}

+	if (showfile.active()) {
+		if (k == 'KeyS')
+			showfile.tglsel();
+		if (k == 'KeyE' && ebi('editdoc').style.display != 'none')
+			ebi('editdoc').click();
+	}
+
 	if (thegrid.en) {
 		if (k == 'KeyS')
 			return ebi('gridsel').click();
@@ -5061,13 +5092,6 @@ document.onkeydown = function (e) {
 		if (k == 'KeyD')
 			return QSA('#ghead a[z]')[1].click();
 	}
-
-	if (showfile.active()) {
-		if (k == 'KeyS')
-			showfile.tglsel();
-		if (k == 'KeyE' && ebi('editdoc').style.display != 'none')
-			ebi('editdoc').click();
-	}
 };


@@ -6062,7 +6086,7 @@ var treectl = (function () {
 			}

 			if (tn.lead == '-')
-				tn.lead = '<a href="?doc=' + bhref +
+				tn.lead = '<a href="?doc=' + bhref + '" id="t' + id +
 					'" class="doc' + (lang ? ' bri' : '') +
 					'" hl="' + id + '" name="' + hname + '">-txt-</a>';

@@ -6097,6 +6121,7 @@ var treectl = (function () {
 				setTimeout(r.tscroll, 100);
 			}
 		}
+		else ebi('lazy').innerHTML = '';

 		function asdf() {
 			showfile.mktree();
--- a/copyparty/web/md2.js
+++ b/copyparty/web/md2.js
@@ -931,7 +931,11 @@ var set_lno = (function () {
 // hotkeys / toolbar
 (function () {
    var keydown = function (ev) {
-        ev = ev || window.event;
+        if (!ev && window.event) {
+            ev = window.event;
+            toast.warn(10, 'hello from fallback code ;_;\ncheck console trace');
+            console.error('using window.event');
+        }
        var kc = ev.code || ev.keyCode || ev.which,
            editing = document.activeElement == dom_src;

--- a/copyparty/web/up2k.js
+++ b/copyparty/web/up2k.js
@@ -1043,7 +1043,7 @@ function up2k_init(subtle) {
            clmod(ebi(v), 'hl', 1);
    }
    function offdrag(e) {
-        ev(e);
+        noope(e);

        var v = this.getAttribute('v');
        if (v)
--- a/copyparty/web/util.js
+++ b/copyparty/web/util.js
@@ -277,7 +277,11 @@ function anymod(e, shift_ok) {


 function ev(e) {
-    e = e || window.event;
+    if (!e && window.event) {
+        e = window.event;
+        toast.warn(10, 'hello from fallback code ;_;\ncheck console trace');
+        console.error('using window.event');
+    }
    if (!e)
        return;

@@ -296,7 +300,7 @@ function ev(e) {


 function noope(e) {
-    ev(e);
+    try { ev(e); } catch (ex) { }
 }


@@ -755,17 +759,6 @@ function noq_href(el) {
 }


-function get_pwd() {
-    var k = HTTPS ? 's=' : 'd=',
-        pwd = ('; ' + document.cookie).split('; cppw' + k);
-
-    if (pwd.length < 2)
-        return null;
-
-    return decodeURIComponent(pwd[1].split(';')[0]);
-}
-
-
 function unix2iso(ts) {
    return new Date(ts * 1000).toISOString().replace("T", " ").slice(0, -5);
 }
@@ -1473,6 +1466,7 @@ var modal = (function () {
    r.load();

    r.busy = false;
+    r.nofocus = 0;

    r.show = function (html) {
        o = mknod('div', 'modal');
@@ -1496,6 +1490,7 @@ var modal = (function () {
            }, 0);

        document.addEventListener('focus', onfocus);
+        document.addEventListener('selectionchange', onselch);
        timer.add(onfocus);
        if (cb_up)
            setTimeout(cb_up, 1);
@@ -1503,6 +1498,7 @@ var modal = (function () {

    r.hide = function () {
        timer.rm(onfocus);
+        document.removeEventListener('selectionchange', onselch);
        document.removeEventListener('focus', onfocus);
        document.removeEventListener('keydown', onkey);
        o.parentNode.removeChild(o);
@@ -1524,12 +1520,19 @@ var modal = (function () {
            cb_ng(null);
    }

+    var onselch = function (e) {
+        r.nofocus = 30;
+    };
+
    var onfocus = function (e) {
        var ctr = ebi('modalc');
        if (!ctr || !ctr.contains || !document.activeElement || ctr.contains(document.activeElement))
            return;

        setTimeout(function () {
+            if (--r.nofocus > 0)
+                return;
+
            if (ctr = ebi('modal-ok'))
                ctr.focus();
        }, 20);
@@ -1547,16 +1550,16 @@ var modal = (function () {

        if (k == 'Enter') {
            if (ae && ae == eng)
-                return ng();
+                return ng(e);

-            return ok();
+            return ok(e);
        }

        if ((k == 'ArrowLeft' || k == 'ArrowRight') && eng && (ae == eok || ae == eng))
            return (ae == eok ? eng : eok).focus() || ev(e);

        if (k == 'Escape')
-            return ng();
+            return ng(e);
    }

    var next = function () {
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,42 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-1125-1417  `v1.9.21`  in a bind
+
+## new features
+* #63 the grid-view will open textfiles in the textfile viewer
+* [prisonparty](https://github.com/9001/copyparty/blob/hovudstraum/bin/prisonparty.sh) now accepts user/group names (in addition to IDs)
+
+## bugfixes
+* the `Y` hotkey (which turns all links into download links) didn't affect the grid-view
+* on some servers with unusual filesystem layouts (especially ubuntu-zfs), [prisonparty](https://github.com/9001/copyparty/blob/hovudstraum/bin/prisonparty.sh) would make an unholy mess of recursive bind-mounts, quickly running out of inodes and requiring a server reboot
+  * added several safeguards to avoid anything like this in the future
+    * mutex around jail setup/teardown to prevent racing other instances
+    * verify jail status by inspecting /proc/mounts between each folder to bind
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-1121-2325  `v1.9.20`  nice
+
+## new features
+* expensive subprocesses (ffmpeg, parsers, hooks) will run with `nice` to reduce cpu priority
+  * ...so listening to flacs won't grind everything else to a halt
+
+## bugfixes
+* the "load more" search results button didn't disappear if you hit the serverside limit
+* the "show all" button for huge folders didn't disappear when navigating into a smaller folder
+* trying to play the previous track when you're already playing the first track in a folder would send you on a wild adventure
+
+
+
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-1119-1229  `v1.9.19`  shadow filter
+
+## bugfixes
+* #61 Mk.II: filter search results to also handle this issue in volumes where reindexing is disabled, or (spoiler warning:) a bug in the directory indexer prevents shadowed files from being forgotten
+* filekeys didn't always get included in the up2k UI for world-readable folders
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2023-1118-2106  `v1.9.18`  cache invalidation

--- a/docs/examples/docker/basic-docker-compose/copyparty.conf
+++ b/docs/examples/docker/basic-docker-compose/copyparty.conf
@@ -0,0 +1,33 @@
+# not actually YAML but lets pretend:
+# -*- mode: yaml -*-
+# vim: ft=yaml:
+
+
+[global]
+  e2dsa  # enable file indexing and filesystem scanning
+  e2ts   # enable multimedia indexing
+  ansi   # enable colors in log messages
+
+  # q, lo: /cfg/log/%Y-%m%d.log   # log to file instead of docker
+
+  # ftp: 3921        # enable ftp server on port 3921
+  # p: 3939          # listen on another port
+  # ipa: 10.89.      # only allow connections from 10.89.*
+  # df: 16           # stop accepting uploads if less than 16 GB free disk space
+  # ver              # show copyparty version in the controlpanel
+  # grid             # show thumbnails/grid-view by default
+  # theme: 2         # monokai
+  # name: datasaver  # change the server-name that's displayed in the browser
+  # stats, nos-dup   # enable the prometheus endpoint, but disable the dupes counter (too slow)
+  # no-robots, force-js  # make it harder for search engines to read your server
+
+
+[accounts]
+  ed: wark  # username: password
+
+
+[/]            # create a volume at "/" (the webroot), which will
+  /w           # share /w (the docker data volume)
+  accs:
+    rw: *      # everyone gets read-write access, but
+    rwmda: ed  # the user "ed" gets read-write-move-delete-admin
--- a/docs/examples/docker/basic-docker-compose/docker-compose.yml
+++ b/docs/examples/docker/basic-docker-compose/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '3'
+services:
+
+  copyparty:
+    image: copyparty/ac:latest
+    container_name: copyparty
+    user: "1000:1000"
+    ports:
+      - 3923:3923
+    volumes:
+      - ./:/cfg:z
+      - /path/to/your/fileshare/top/folder:/w:z
+
+    stop_grace_period: 15s  # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal
+    healthcheck:
+      test: ["CMD-SHELL", "wget --spider -q 127.0.0.1:3923/?reset"]
+      interval: 1m
+      timeout: 2s
+      retries: 5
+      start_period: 15s
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -100,6 +100,10 @@ include_trailing_comma = true
 [tool.bandit]
 skips = ["B104", "B110", "B112"]

+[tool.ruff]
+line-length = 120
+ignore = ["E402", "E722"]
+
 # =====================================================================

 [tool.pylint.MAIN]
--- a/scripts/docker/README.md
+++ b/scripts/docker/README.md
@@ -17,11 +17,15 @@ docker run --rm -it -u 1000 -p 3923:3923 -v /mnt/nas:/w -v $PWD/cfgdir:/cfg copy
 * if you are using rootless podman, remove `-u 1000`
 * if you have selinux, append `:z` to all `-v` args (for example `-v /mnt/nas:/w:z`)

+this example is also available as a podman-compatible [docker-compose yaml](https://github.com/9001/copyparty/blob/hovudstraum/docs/examples/docker/basic-docker-compose); example usage: `docker-compose up` (you may need to `systemctl enable --now podman.socket` or similar)
+
 i'm unfamiliar with docker-compose and alternatives so let me know if this section could be better 🙏


 ## configuration

+> this section basically explains how the [docker-compose yaml](https://github.com/9001/copyparty/blob/hovudstraum/docs/examples/docker/basic-docker-compose) works, so you may look there instead
+
 the container has the same default config as the sfx and the pypi module, meaning it will listen on port 3923 and share the "current folder" (`/w` inside the container) as read-write for anyone

 the recommended way to configure copyparty inside a container is to mount a folder which has one or more [config files](https://github.com/9001/copyparty/blob/hovudstraum/docs/example.conf) inside; `-v /your/config/folder:/cfg`
--- a/tests/ptrav.py
+++ b/tests/ptrav.py
@@ -1,16 +1,16 @@
 #!/usr/bin/env python3

+import itertools
 import re
 import sys
 import time
-import itertools
-
-from . import util as tu
-from .util import Cfg

 from copyparty.authsrv import AuthSrv
 from copyparty.httpcli import HttpCli

+from . import util as tu
+from .util import Cfg
+
 atlas = ["%", "25", "2e", "2f", ".", "/"]


--- a/tests/run.py
+++ b/tests/run.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3

-import sys
 import runpy
+import sys

 host = sys.argv[1]
 sys.argv = sys.argv[:1] + sys.argv[2:]
--- a/tests/test_dxml.py
+++ b/tests/test_dxml.py
@@ -4,9 +4,9 @@ from __future__ import print_function, unicode_literals

 import re
 import unittest
-
 from xml.etree import ElementTree as ET
-from copyparty.dxml import parse_xml, BadXML, mkenod, mktnod
+
+from copyparty.dxml import BadXML, mkenod, mktnod, parse_xml

 ET.register_namespace("D", "DAV:")

--- a/tests/test_httpcli.py
+++ b/tests/test_httpcli.py
@@ -4,18 +4,17 @@ from __future__ import print_function, unicode_literals

 import io
 import os
-import time
-import shutil
 import pprint
+import shutil
 import tarfile
 import tempfile
+import time
 import unittest

-from tests import util as tu
-from tests.util import Cfg, eprint
-
 from copyparty.authsrv import AuthSrv
 from copyparty.httpcli import HttpCli
+from tests import util as tu
+from tests.util import Cfg, eprint


 def hdr(query):
--- a/tests/test_vfs.py
+++ b/tests/test_vfs.py
@@ -2,19 +2,18 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals

-import os
 import json
+import os
 import shutil
 import tempfile
 import unittest
 from textwrap import dedent

+from copyparty import util
+from copyparty.authsrv import VFS, AuthSrv
 from tests import util as tu
 from tests.util import Cfg

-from copyparty.authsrv import AuthSrv, VFS
-from copyparty import util
-

 class TestVFS(unittest.TestCase):
    def setUp(self):
--- a/tests/util.py
+++ b/tests/util.py
@@ -3,23 +3,23 @@
 from __future__ import print_function, unicode_literals

 import os
-import re
-import sys
-import time
-import shutil
-import jinja2
-import threading
-import tempfile
 import platform
+import re
+import shutil
 import subprocess as sp
+import sys
+import tempfile
+import threading
+import time
 from argparse import Namespace

+import jinja2

 WINDOWS = platform.system() == "Windows"
 ANYWIN = WINDOWS or sys.platform in ["msys"]
 MACOS = platform.system() == "Darwin"

-J2_ENV = jinja2.Environment(loader=jinja2.BaseLoader)
+J2_ENV = jinja2.Environment(loader=jinja2.BaseLoader)  # type: ignore
 J2_FILES = J2_ENV.from_string("{{ files|join('\n') }}\nJ2EOT")


@@ -43,7 +43,7 @@ if MACOS:

 from copyparty.__init__ import E
 from copyparty.__main__ import init_E
-from copyparty.util import Unrecv, FHC, Garda
+from copyparty.util import FHC, Garda, Unrecv

 init_E(E)

@@ -83,8 +83,8 @@ def get_ramdisk():
        for _ in range(10):
            try:
                _, _ = chkcmd(["diskutil", "eraseVolume", "HFS+", "cptd", devname])
-                with open("/Volumes/cptd/.metadata_never_index", "w") as f:
-                    f.write("orz")
+                with open("/Volumes/cptd/.metadata_never_index", "wb") as f:
+                    f.write(b"orz")

                try:
                    shutil.rmtree("/Volumes/cptd/.fseventsd")
@@ -99,10 +99,10 @@ def get_ramdisk():
        raise Exception("ramdisk creation failed")

    ret = os.path.join(tempfile.gettempdir(), "copyparty-test")
-    try:
+    if not os.path.isdir(ret):
        os.mkdir(ret)
-    finally:
-        return subdir(ret)
+
+    return subdir(ret)


 class Cfg(Namespace):
@@ -156,10 +156,10 @@ class Cfg(Namespace):


 class NullBroker(object):
-    def say(*args):
+    def say(self, *args):
        pass

-    def ask(*args):
+    def ask(self, *args):
        pass


@@ -209,7 +209,7 @@ class VHttpSrv(object):
 class VHttpConn(object):
    def __init__(self, args, asrv, log, buf):
        self.s = VSock(buf)
-        self.sr = Unrecv(self.s, None)
+        self.sr = Unrecv(self.s, None)  # type: ignore
        self.addr = ("127.0.0.1", "42069")
        self.args = args
        self.asrv = asrv
Author	SHA1	Message	Date
ed	e6bcee28d6	v1.9.22	2023-12-01 00:31:02 +00:00
ed	626b5770a5	add --ftp-ipa	2023-11-30 23:36:46 +00:00
ed	c2f92cacc1	mention the new auth feature	2023-11-30 23:01:05 +00:00
ed	4f8a1f5f6a	allow free text selection in modals by deferring focus	2023-11-30 22:41:16 +00:00
ed	4a98b73915	fix a bug previouly concealed by window.event; hitting enter would clear out an entire chain of modals, because the event didn't get consumed like it should, so let's make double sure that will be the case	2023-11-30 22:40:30 +00:00
ed	00812cb1da	new option --ipa; client IP allowlist: connections from outside the specified list of IP prefixes are rejected (docker-friendly alternative to -i 127.0.0.1) also mkdir any missing folders when logging to file	2023-11-30 20:45:43 +00:00
ed	16766e702e	add basic-docker-compose (#59 )	2023-11-30 20:14:38 +00:00
ed	5e932a9504	hilight metavars in help text	2023-11-30 18:19:34 +00:00
ed	ccab44daf2	initial support for identity providers (#62 ): add argument --hdr-au-usr which specifies a HTTP header to read usernames from; entirely bypasses copyparty's password checks for http/https clients (ftp/smb are unaffected) users must exist in the copyparty config, passwords can be whatever just the first step but already a bit useful on its own, more to come in a few months	2023-11-30 18:18:47 +00:00
ed	8c52b88767	make linters happier	2023-11-30 17:33:07 +00:00
ed	c9fd26255b	support environment variables mostly everywhere, useful for docker/systemd stuff also makes logfiles flush to disk per line by default; can be disabled for a small performance gain with --no-logflush	2023-11-30 10:22:52 +00:00
ed	0b9b8dbe72	systemd: get rid of nftables portforwarding; suggest letting copyparty bind 80/443 itself because nft hard	2023-11-30 10:13:14 +00:00
ed	b7723ac245	rely on filekeys for album-art over bluetooth; will probably fail when some devices (sup iphone) stream to car stereos but at least passwords won't end up somewhere unexpected this way (plus, the js no longer uses the jank url to request waveforms)	2023-11-29 23:20:59 +00:00
ed	35b75c3db1	avoid palemoon bug on dragging a text selection; "permission denied to access property preventDefault"	2023-11-26 20:22:59 +00:00
ed	f902779050	avoid potential dom confusion (ie8 is already no-js)	2023-11-26 20:08:52 +00:00
ed	fdddd36a5d	update pkgs to 1.9.21	2023-11-25 14:48:41 +00:00
ed	c4ba123779	v1.9.21	2023-11-25 14:17:58 +00:00
ed	72e355eb2c	prisonparty: prevent overlapping setup/teardown	2023-11-25 14:03:41 +00:00
ed	43d409a5d9	prisonparty accepts user/group names	2023-11-25 13:40:21 +00:00
ed	b1fffc2246	open textfiles inline in grid-view, closes #63 ; also fix the Y hotkey (which converts all links in the list-view into download links), making that apply to the grid-view as well	2023-11-25 13:09:12 +00:00
ed	edd3e53ab3	prisonparty: support zfs-ubuntu * when bind-mounting, resolve any symlinks ($v/) and read target inode; for example merged /bin and /usr/bin * add failsafe in case this test should break in new exciting ways; inspect `mount` for any instances of the jailed path (not /proc/mounts since that has funny space encoding) * unmount in a while-loop because xargs freaks out if one of them fail * and systemd doesn't give us a /dev/stderr to write to anyways	2023-11-25 02:16:48 +00:00
ed	aa0b119031	update pkgs to 1.9.20	2023-11-21 23:44:56 +00:00
ed	eddce00765	v1.9.20	2023-11-21 23:25:41 +00:00
ed	6f4bde2111	fix infinite backspin on "previous track"; when playing the first track in a folder and hitting the previous track button, it would keep switching through the previous folders inifinitely	2023-11-21 23:23:51 +00:00
ed	f3035e8869	clear load-more buttons upon navigation (thx icxes)	2023-11-21 22:53:46 +00:00
ed	a9730499c0	don't suggest loading more search results beyond server cap	2023-11-21 22:38:35 +00:00
ed	b66843efe2	reduce cpu priority of ffmpeg, hooks, parsers	2023-11-21 22:21:33 +00:00
ed	cc1aaea300	update pkgs to 1.9.19	2023-11-19 12:45:32 +00:00