pkgres:

* pyz: yeet the resource tar which is now pointless thanks to pkgres
* cache impresource stuff because pyz lookups are Extremely slow
* prefer tx_file when possible for slightly better performance
* use hardcoded list of expected resources instead of dynamic
   discovery at runtime; much simpler and probably safer
* fix some forgotten resources (copying.txt, insecure.pem)
* fix loading jinja templates on windows

Author: 9001

copyparty/__init__.py

@@ -16,7 +16,9 @@
     TYPE_CHECKING = False
 
 if True:
-    from typing import Any, Callable
+    from types import ModuleType
+
+    from typing import Any, Callable, Optional
 
 PY2 = sys.version_info < (3,)
 PY36 = sys.version_info > (3, 6)
@@ -51,10 +53,63 @@
 except:
     CORES = (os.cpu_count() if hasattr(os, "cpu_count") else 0) or 2
 
+# all embedded resources to be retrievable over http
+zs = """
+web/a/partyfuse.py
+web/a/u2c.py
+web/a/webdav-cfg.bat
+web/baguettebox.js
+web/browser.css
+web/browser.html
+web/browser.js
+web/browser2.html
+web/cf.html
+web/copyparty.gif
+web/dd/2.png
+web/dd/3.png
+web/dd/4.png
+web/dd/5.png
+web/deps/busy.mp3
+web/deps/easymde.css
+web/deps/easymde.js
+web/deps/marked.js
+web/deps/mini-fa.css
+web/deps/mini-fa.woff
+web/deps/prism.css
+web/deps/prism.js
+web/deps/prismd.css
+web/deps/scp.woff2
+web/deps/sha512.ac.js
+web/deps/sha512.hw.js
+web/md.css
+web/md.html
+web/md.js
+web/md2.css
+web/md2.js
+web/mde.css
+web/mde.html
+web/mde.js
+web/msg.css
+web/msg.html
+web/shares.css
+web/shares.html
+web/shares.js
+web/splash.css
+web/splash.html
+web/splash.js
+web/svcs.html
+web/svcs.js
+web/ui.css
+web/up2k.js
+web/util.js
+web/w.hash.js
+"""
+RES = set(zs.strip().split("\n"))
+
 
 class EnvParams(object):
     def __init__(self) -> None:
-        self.pkg = None
+        self.pkg: Optional[ModuleType] = None
         self.t0 = time.time()
         self.mod = ""
         self.cfg = ""

copyparty/__main__.py

@@ -58,6 +58,7 @@
     b64enc,
     dedent,
     has_resource,
+    load_resource,
     min_ex,
     pybin,
     termsize,
@@ -217,6 +218,7 @@ def get_unixdir() -> str:
 
         raise Exception("could not find a writable path for config")
 
+    assert __package__  # !rm
     E.pkg = sys.modules[__package__]
     E.mod = os.path.dirname(os.path.realpath(__file__))
     if E.mod.endswith("__init__"):
@@ -520,14 +522,18 @@ def sfx_tpoke(top: str):
 
 
 def showlic() -> None:
-    p = os.path.join(E.mod, "res", "COPYING.txt")
-    if not os.path.exists(p):
+    try:
+        with load_resource(E, "res/COPYING.txt") as f:
+            buf = f.read()
+    except:
+        buf = b""
+
+    if buf:
+        print(buf.decode("utf-8", "replace"))
+    else:
         print("no relevant license info to display")
         return
 
-    with open(p, "rb") as f:
-        print(f.read().decode("utf-8", "replace"))
-
 
 def get_sects():
     return [
@@ -1567,16 +1573,13 @@ def run_argparse(
     return ret
 
 
-def main(argv: Optional[list[str]] = None, rsrc: Optional[str] = None) -> None:
+def main(argv: Optional[list[str]] = None) -> None:
     time.strptime("19970815", "%Y%m%d")  # python#7980
     if WINDOWS:
         os.system("rem")  # enables colors
 
     init_E(E)
 
-    if rsrc:  # pyz
-        E.mod = rsrc
-
     if argv is None:
         argv = sys.argv
 

copyparty/cert.py

@@ -7,7 +7,7 @@
 import time
 
 from .__init__ import ANYWIN
-from .util import Netdev, runcmd, wrename, wunlink
+from .util import Netdev, load_resource, runcmd, wrename, wunlink
 
 HAVE_CFSSL = not os.environ.get("PRTY_NO_CFSSL")
 
@@ -29,13 +29,15 @@ def ensure_cert(log: "RootLogger", args) -> None:
 
     i feel awful about this and so should they
     """
-    cert_insec = os.path.join(args.E.mod, "res/insecure.pem")
+    with load_resource(args.E, "res/insecure.pem") as f:
+        cert_insec = f.read()
     cert_appdata = os.path.join(args.E.cfg, "cert.pem")
     if not os.path.isfile(args.cert):
         if cert_appdata != args.cert:
             raise Exception("certificate file does not exist: " + args.cert)
 
-        shutil.copy(cert_insec, args.cert)
+        with open(args.cert, "wb") as f:
+            f.write(cert_insec)
 
     with open(args.cert, "rb") as f:
         buf = f.read()
@@ -50,7 +52,9 @@ def ensure_cert(log: "RootLogger", args) -> None:
             raise Exception(m + "private key must appear before server certificate")
 
     try:
-        if filecmp.cmp(args.cert, cert_insec):
+        with open(args.cert, "rb") as f:
+            active_cert = f.read()
+        if active_cert == cert_insec:
             t = "using default TLS certificate; https will be insecure:\033[36m {}"
             log("cert", t.format(args.cert), 3)
     except:
@@ -151,14 +155,22 @@ def _gen_srv(log: "RootLogger", args, netdevs: dict[str, Netdev]):
             raise Exception("no useable cert found")
 
         expired = time.time() + args.crt_sdays * 60 * 60 * 24 * 0.5 > expiry
-        cert_insec = os.path.join(args.E.mod, "res/insecure.pem")
+        if expired:
+            raise Exception("old server-cert has expired")
+
         for n in names:
             if n not in inf["sans"]:
                 raise Exception("does not have {}".format(n))
-        if expired:
-            raise Exception("old server-cert has expired")
-        if not filecmp.cmp(args.cert, cert_insec):
+
+        with load_resource(args.E, "res/insecure.pem") as f:
+            cert_insec = f.read()
+
+        with open(args.cert, "rb") as f:
+            active_cert = f.read()
+
+        if active_cert and active_cert != cert_insec:
             return
+
     except Exception as ex:
         log("cert", "will create new server-cert; {}".format(ex))
 

copyparty/httpcli.py

@@ -32,7 +32,7 @@
 except:
     pass
 
-from .__init__ import ANYWIN, PY2, TYPE_CHECKING, EnvParams, unicode
+from .__init__ import ANYWIN, PY2, RES, TYPE_CHECKING, EnvParams, unicode
 from .__version__ import S_VERSION
 from .authsrv import VFS  # typechk
 from .bos import bos
@@ -67,8 +67,8 @@
     get_df,
     get_spd,
     guess_mime,
-    gzip_orig_sz,
     gzip_file_orig_sz,
+    gzip_orig_sz,
     has_resource,
     hashcopy,
     hidedir,
@@ -1097,13 +1097,17 @@ def handle_get(self) -> bool:
             if self.vpath == ".cpr/metrics":
                 return self.conn.hsrv.metrics.tx(self)
 
-            static_path = os.path.join("web", self.vpath[5:])
-            if static_path in self.conn.hsrv.statics:
-                return self.tx_res(static_path)
+            res_path = "web/" + self.vpath[5:]
+            if res_path in RES:
+                ap = os.path.join(self.E.mod, res_path)
+                if bos.path.exists(ap) or bos.path.exists(ap + ".gz"):
+                    return self.tx_file(ap)
+                else:
+                    return self.tx_res(res_path)
 
-            if not undot(static_path).startswith("web"):
+            if res_path != undot(res_path):
                 t = "malicious user; attempted path traversal [{}] => [{}]"
-                self.log(t.format(self.vpath, static_path), 1)
+                self.log(t.format(self.vpath, res_path), 1)
                 self.cbonk(self.conn.hsrv.gmal, self.req, "trav", "path traversal")
 
             self.tx_404()
@@ -3415,6 +3419,7 @@ def tx_res(self, req_path: str) -> bool:
             self.args.s_wr_slp,
             not self.args.no_poll,
         )
+        res.close()
 
         if remains > 0:
             logmsg += " \033[31m" + unicode(file_sz - remains) + "\033[0m"

copyparty/httpsrv.py

@@ -66,7 +66,6 @@
     Magician,
     Netdev,
     NetMap,
-    absreal,
     build_netmap,
     has_resource,
     ipnorm,
@@ -76,9 +75,7 @@
     spack,
     start_log_thrs,
     start_stackmon,
-    stat_resource,
     ub64enc,
-    walk_resources,
 )
 
 if TYPE_CHECKING:
@@ -96,7 +93,7 @@
 
 
 def load_jinja2_resource(E: EnvParams, name: str):
-    return load_resource(E, os.path.join("web", name), "r").read()
+    return load_resource(E, "web/" + name, "r").read()
 
 
 class HttpSrv(object):
@@ -174,15 +171,12 @@ def __init__(self, broker: "BrokerCli", nid: Optional[int]) -> None:
             "cf",
         ]
         self.j2 = {x: env.get_template(x + ".html") for x in jn}
-        self.prism = has_resource(self.E, os.path.join("web", "deps", "prism.js.gz"))
+        self.prism = has_resource(self.E, "web/deps/prism.js.gz")
 
         self.ipa_nm = build_netmap(self.args.ipa)
         self.xff_nm = build_netmap(self.args.xff_src)
         self.xff_lan = build_netmap("lan")
 
-        self.statics: set[str] = set()
-        self._build_statics()
-
         self.ptn_cc = re.compile(r"[\x00-\x1f]")
         self.ptn_hsafe = re.compile(r"[\x00-\x1f<>\"'&]")
 
@@ -216,14 +210,6 @@ def post_init(self) -> None:
         except:
             pass
 
-    def _build_statics(self) -> None:
-        for dp, _, df in walk_resources(self.E, "web"):
-            for fn in df:
-                ap = os.path.join(dp, fn)
-                self.statics.add(ap)
-                if ap.endswith(".gz"):
-                    self.statics.add(ap[:-3])
-
     def set_netdevs(self, netdevs: dict[str, Netdev]) -> None:
         ips = set()
         for ip, _ in self.bound:
@@ -543,20 +529,10 @@ def cachebuster(self) -> str:
 
             v = self.E.t0
             try:
-                for (base, dirs, files) in walk_resources(self.E, "web"):
-                    inf = stat_resource(self.E, base)
-                    if inf:
+                with os.scandir(os.path.join(self.E.mod, "web")) as dh:
+                    for fh in dh:
+                        inf = fh.stat()
                         v = max(v, inf.st_mtime)
-                    for d in dirs:
-                        inf = stat_resource(self.E, os.path.join(base, d))
-                        if inf:
-                            v = max(v, inf.st_mtime)
-                    for f in files:
-                        inf = stat_resource(self.E, os.path.join(base, e))
-                        if inf:
-                            v = max(v, inf.st_mtime)
-                    # only do top-level
-                    break
             except:
                 pass