devnotes toc

• top
• future ideas - list of dreams which will probably never happen
• design
  • up2k - quick outline of the up2k protocol
    • why not tus - I didn't know about tus
    • why chunk-hashes - a single sha512 would be better, right?
    • list of chunk-sizes - specific chunksizes are enforced
• hashed passwords - regarding the curious decisions
• http api
  • read
  • write
  • admin
  • general
• event hooks - on writing your own hooks
  • hook effects - hooks can cause intentional side-effects
  • hook import - the I flag runs the hook inside copyparty
• assumptions
  • mdns
• sfx repack - reduce the size of an sfx by removing features
• building
  • dev env setup
  • just the sfx
  • build from release tarball - uses the included prebuilt webdeps
  • build from scratch - how the sausage is made
  • complete release
• debugging
  • music playback halting on phones - mostly fine on android
  • discarded ideas

future ideas

list of dreams which will probably never happen

• the JS is a mess -- a preact rewrite would be nice
  • preferably without build dependencies like webpack/babel/node.js, maybe a python thing to assemble js files into main.js
  • good excuse to look at using virtual lists (browsers start to struggle when folders contain over 5000 files)
  • maybe preact / vdom isn't the best choice, could just wait for the Next Big Thing
• the UX is a mess -- a proper design would be nice
  • very organic (much like the python/js), everything was an afterthought
  • true for both the layout and the visual flair
  • something like the tron board-room ui (or most other hollywood ones, like ironman) would be :100:
    • would preferably keep the information density, just more organized yet not too boring
• some of the python files are way too big
  • up2k.py ended up doing all the file indexing / db management
  • httpcli.py should be separated into modules in general

design

up2k

quick outline of the up2k protocol, see uploading for the web-client

• the up2k client splits a file into an "optimal" number of chunks
  • 1 MiB each, unless that becomes more than 256 chunks
  • tries 1.5M, 2M, 3, 4, 6, ... until <= 256 chunks or size >= 32M
• client posts the list of hashes, filename, size, last-modified
• server creates the wark, an identifier for this upload
  • sha512( salt + filesize + chunk_hashes )
  • and a sparse file is created for the chunks to drop into
• client sends a series of POSTs, with one or more consecutive chunks in each
  • header entries for the chunk-hashes (comma-separated) and wark
  • server writes chunks into place based on the hash
• client does another handshake with the hashlist; server replies with OK or a list of chunks to reupload

up2k has saved a few uploads from becoming corrupted in-transfer already;

• caught an android phone on wifi redhanded in wireshark with a bitflip, however bup with https would probably have noticed as well (thanks to tls also functioning as an integrity check)
• also stopped someone from uploading because their ram was bad

regarding the frequent server log message during uploads;
6.0M 106M/s 2.77G 102.9M/s n948 thank 4/0/3/1 10042/7198 00:01:09

• this chunk was 6 MiB, uploaded at 106 MiB/s
• on this http connection, 2.77 GiB transferred, 102.9 MiB/s average, 948 chunks handled
• client says 4 uploads OK, 0 failed, 3 busy, 1 queued, 10042 MiB total size, 7198 MiB and 00:01:09 left

why not tus

I didn't know about tus when I made this, but:

• up2k has the advantage that it supports parallel uploading of non-contiguous chunks straight into the final file -- tus does a merge at the end which is slow and taxing on the server HDD / filesystem (unless i'm misunderstanding)
• up2k has the slight disadvantage of requiring the client to hash the entire file before an upload can begin, but this has the benefit of immediately skipping duplicate files
  • and the hashing happens in a separate thread anyways so it's usually not a bottleneck

why chunk-hashes

a single sha512 would be better, right?

this was due to crypto.subtle not yet providing a streaming api (or the option to seed the sha512 hasher with a starting hash)

as a result, the hashes are much less useful than they could have been (search the server by sha512, provide the sha512 in the response http headers, ...)

however it allows for hashing multiple chunks in parallel, greatly increasing upload speed from fast storage (NVMe, raid-0 and such)

• both the browser uploader and the commandline one does this now, allowing for fast uploading even from plaintext http

hashwasm would solve the streaming issue but reduces hashing speed for sha512 (xxh128 does 6 GiB/s), and it would make old browsers and iphones unsupported

• blake2 might be a better choice since xxh is non-cryptographic, but that gets ~15 MiB/s on slower androids

list of chunk-sizes

specific chunksizes are enforced depending on total filesize

each pair of filesize/chunksize is the largest filesize which will use its listed chunksize; a 512 MiB file will use chunksize 2 MiB, but if the file is one byte larger than 512 MiB then it becomes 3 MiB

for the purpose of performance (or dodging arbitrary proxy limitations), it is possible to upload combined and/or partial chunks using stitching and/or subchunks respectively

hashed passwords

regarding the curious decisions

there is a static salt for all passwords;

• because most copyparty APIs allow users to authenticate using only their password, making the username unknown, so impossible to do per-account salts
• the drawback of this is that an attacker can bruteforce all accounts in parallel, however most copyparty instances only have a handful of accounts in the first place, and it can be compensated by increasing the hashing cost anyways

http api

• table-column params = URL parameters; ?foo=bar&qux=...
• table-column body = POST payload
• method jPOST = json post
• method mPOST = multipart post
• method uPOST = url-encoded post
• FILE = conventional HTTP file upload entry (rfc1867 et al, filename in Content-Disposition)

clients can authenticate in the following ways; the first of these which is not blank will be used:

• url-param &pw=foo -- can be disabled with --pw-urlp=A (or renamed, if provided value is lowercase)
• then, header PW: foo -- can be disabled with --pw-hdr=A (or renamed, if provided value is lowercase)
• then, basic-auth -- can be disabled with --no-bauth
• then, depending on protocol, header Cookie: cppwd=foo on plaintext http, or header Cookie: cppws=foo on https

read

write

upload modifiers:

• life only has an effect if the volume has a lifetime, and the volume lifetime must be greater than the file's
• replace upload-modifier:
  • the header replace: 1 works for both PUT and multipart-post
  • the url-param replace only works for multipart-post
• server behavior of msg can be reconfigured with --urlform

admin

general

event hooks

on writing your own hooks

hook effects

hooks can cause intentional side-effects, such as redirecting an upload into another location, or creating+indexing additional files, or deleting existing files, by returning json on stdout

• reloc can redirect uploads before/after uploading has finished, based on filename, extension, file contents, uploader ip/name etc.
  • example: reloc-by-ext
• idx informs copyparty about a new file to index as a consequence of this upload
  • example: podcast-normalizer.py
• del tells copyparty to delete an unrelated file by vpath
  • example: (　´・ω・) nyoro~n

for these to take effect, the hook must be defined with the c1 flag; see example reloc-by-ext

a subset of effect types are available for a subset of hook types,

• most hook types (xbu/xau/xbr/xar/xbd/xad/xm) support idx and del for all http protocols (up2k / basic-uploader / webdav), but not ftp/tftp/smb
• most hook types will abort/reject the action if the hook returns nonzero, assuming flag c is given, see examples reject-extension and reject-mimetype
• xbu supports reloc for all http protocols (up2k / basic-uploader / webdav), but not ftp/tftp/smb
• xau supports reloc for basic-uploader / webdav only, not up2k or ftp/tftp/smb
  • so clients like sharex are supported, but not dragdrop into browser

to trigger indexing of files /foo/1.txt and /foo/bar/2.txt, a hook can print(json.dumps({"idx":{"vp":["/foo/1.txt","/foo/bar/2.txt"]}})) (and replace "idx" with "del" to delete instead)

• note: paths starting with / are absolute URLs, but you can also do ../3.txt relative to the destination folder of each uploaded file

hook import

the I flag runs the hook inside copyparty, which can be very useful and dangerous:

• around 140x faster because it doesn't need to launch a new subprocess
• the hook can intentionally (or accidentally) mess with copyparty's internals
  • very easy to crash things if not careful

assumptions

mdns

• outgoing replies will always fit in one packet
• if a client mentions any of our services, assume it's not missing any
• always answer with all services, even if the client only asked for a few
• not-impl: probe tiebreaking (too complicated)
• not-impl: unicast listen (assume avahi took it)

sfx repack

reduce the size of an sfx by removing features

if you don't need all the features, you can repack the sfx and save a bunch of space; all you need is an sfx and a copy of this repo (nothing else to download or build, except if you're on windows then you need msys2 or WSL)

• 393k size of original sfx.py as of v1.1.3
• 310k after ./scripts/make-sfx.sh re no-cm
• 269k after ./scripts/make-sfx.sh re no-cm no-hl

the features you can opt to drop are

• cm/easymde, the "fancy" markdown editor, saves ~89k
• hl, prism, the syntax highlighter, saves ~41k
• fnt, source-code-pro, the monospace font, saves ~9k

for the repack to work, first run one of the sfx'es once to unpack it

note: you can also just download and run /scripts/copyparty-repack.sh -- this will grab the latest copyparty release from github and do a few repacks; works on linux/macos (and windows with msys2 or WSL)

dependencies

vendored dependencies

some third-party code has been vendored into the git repo; some for convenience, some because they have been lightly hacked to fit copyparty's usecase better:

• inside the folder /copyparty/stolen is python-libraries which runs on the serverside:

  • surrogateescape.py (BSD2) can be removed; only needed for python2 support
  • qrcodegen.py (MIT) can be removed and replaced with a systemwide install of the original qrcodegen.py;
    • modifications: removed code/features that copyparty does not need/use
  • ifaddr (BSD2) can be removed and replaced with a systemwide install of the original ifaddr;
    • modifications: support python2, support s390x / irix32 / graal
  • dnslib (MIT) may be deleted and replaced with a systemwide install of the original dnslib, HOWEVER:
    • will cause problems for mDNS in some network environments; 6c1cf68bca7376c6291c3cfe710ebd5bd5ed3e6c + 94d1924fa97e5faaf1ebfd85cae73faebcb89fa1

• inside the folder /copyparty/web/deps (only in distributed archives/builds) is fuse.py, to make it downloadable from the connect-page on the web-ui

• inside the folder /copyparty/web (only in distributed archives/builds) is a collection of javascript libraries (produced by deps-docker) which are used clientside by the web-UI:

  • marked.js (MIT) powers the markdown editor, and has been patched to include the line-numbers of each input line, to enable scroll-sync between the editor and the preview-pane. This patch is not strictly necessary anymore but I haven't gotten around to making the change yet
  • easyMDE (MIT), the alternative markdown editor, has the same patch to enable scroll-sync, and also some size-golfing
  • codemirror5 (MIT) has no noteworthy changes, and has only been size-golfed, could have been used as-is
  • DOMPurify (Apache2) is used as-is
  • hash-wasm (MIT) is used entirely as-is
  • asmcrypto.js (MIT) is abandoned software, and used almost as-is (slightly golfed for size); it is probably fine to exclude/remove this, since it will only break support for uploading from really old browsers (IE10/IE11) using up2k (the "fancy uploader")
  • prism.js (MIT) is built with a selection of languages; there is an assumption about the exact subset of languages elsewhere in copyparty, but there shouldn't be any big consequences of replacing it with a different build if that exists in Fedora
  • an old version of SourceCodePro (OFL-1.1), is size-reduced to only the necessary characters. There will be subtle layout issues if this is replaced with a newer version, because they changed some line-heights or something in later versions, but shouldn't be a big issue
  • an old version of font-awesome (OFL-1.1), size-reduced to only the necessary icons. I believe a newer version should also work.

optional dependencies

explained in the main readme, but a quick recap:

• recommended python libraries: argon2-cffi paramiko pyftpdlib pyopenssl pillow rawpy pyzmq python-magic
  • only recommended on Windows: psutil (not very useful on Linux)
  • NOT recommended: impacket because the feature it enables is a security nightmare
  • NOT recommended: mutagen because ffmpeg produces better results (albeit slower)
  • NOT recommended: pyvips because converting to jxl is extremely RAM-heavy
  • NOT recommended: pillow-heif due to legal reasons
• recommended programs: ffmpeg ffprobe cfssl cfssljson cfssl-certinfo
  • FFmpeg powers audio transcoding, and thumbnails of formats not covered by pillow/pyvips

building

dev env setup

you need python 3.9 or newer due to type hints

setting up a venv with the below packages is only necessary if you want it for vscode or similar

python3 -m venv .venv
. .venv/bin/activate
pip install jinja2 strip_hints  # MANDATORY
pip install argon2-cffi  # password hashing
pip install pyzmq  # send 0mq from hooks
pip install mutagen  # audio metadata
pip install paramiko  # sftp server
pip install pyftpdlib  # ftp server
pip install partftpy  # tftp server
pip install impacket  # smb server -- disable Windows Defender if you REALLY need this on windows
pip install Pillow pillow-heif  # thumbnails
pip install pyvips  # faster thumbnails
pip install psutil  # better cleanup of stuck metadata parsers on windows
pip install black==21.12b0 click==8.0.2 bandit pylint flake8 isort mypy  # vscode tooling

• on archlinux you can do this:

  • sudo pacman -Sy --needed python-{pip,isort,jinja,argon2-cffi,pyzmq,mutagen,paramiko,pyftpdlib,pillow}
  • then, as user: python3 -m pip install --user --break-system-packages -U strip_hints black==21.12b0 click==8.0.2
  • for building docker images: sudo pacman -Sy --needed qemu-user-static{,-binfmt} podman{,-docker} jq

• and if you want to run the python 2.7 tests:

  • git clone https://github.com/pyenv/pyenv .pyenv ; cd .pyenv/bin ; env PYTHON_CONFIGURE_OPTS='--enable-optimizations' PYTHON_CFLAGS='-march=native -mtune=native -std=c17' ./pyenv install 2.7.18 -v ; ln -s $HOME/.pyenv/versions/2.7.18/bin/python2 $HOME/bin/

just the sfx

if you just want to modify the copyparty source code (py/html/css/js) then this is the easiest approach

build the sfx using any of the following examples:

./scripts/make-sfx.sh           # regular edition
./scripts/make-sfx.sh fast      # build faster (worse js/css compression)
./scripts/make-sfx.sh gz no-cm  # gzip-compressed + no fancy markdown editor

build from release tarball

uses the included prebuilt webdeps

if you downloaded a release source tarball from github (for example copyparty-1.6.15.tar.gz so not the autogenerated one) you can build it like so,

python3 -m pip install --user -U build setuptools wheel jinja2 strip_hints
bash scripts/run-tests.sh python3  # optional
python3 -m build

if you are unable to use build, you can use the old setuptools approach instead,

python3 setup.py install --user setuptools wheel jinja2
python3 setup.py build
python3 setup.py bdist_wheel
# you now have a wheel which you can install. or extract and repackage:
python3 setup.py install --skip-build --prefix=/usr --root=$HOME/pe/copyparty

build from scratch

how the sausage is made:

to get started, first cd into the scripts folder

• the first step is the webdeps; they end up in ../copyparty/web/deps/ for example ../copyparty/web/deps/marked.js.gz -- if you need to build the webdeps, run make -C deps-docker

  • this needs rootless podman and the podman-docker compat-layer to pretend it's docker, although it should be possible to use rootful/rootless docker too
  • if you don't have rootless podman/docker then sudo make -C deps-docker is fine too
  • alternatively, you can entirely skip building the webdeps and instead extract the compiled webdeps from the latest github release with ./make-sfx.sh fast dl-wd

• next, build copyparty-sfx.py by running ./make-sfx.sh gz fast

  • this is a dependency for most of the remaining steps, since they take the sfx as input
  • removing fast makes it compress better
  • removing gz too compresses even better, but startup gets slower

• if you want to build the .pyz standalone "binary", now run ./make-pyz.sh

• if you want to build the tar.gz for use in a linux-distro package, now run ./make-tgz-release.sh theVersionNumber

• if you want to build a pypi package, now run ./make-pypi-release.sh d

• if you want to build a docker-image, you have two options:

  • if you want to use podman to build all docker-images for all supported architectures, now run (cd docker; ./make.sh hclean; ./make.sh hclean pull img)
  • if you want to use docker to build all docker-images for your native architecture, now run sudo make -C docker
  • if you want to do something else, please take a look at docker/make.sh or docker/Makefile for inspiration

• if you want to build the windows exe, first grab some snacks and a beer, you'll need it

the complete list of buildtime dependencies to do a build from scratch is as follows:

• on ubuntu-server, install podman or docker, and then sudo apt install make zip bzip2
  • because ubuntu is specifically what someone asked about :-p

complete release

also builds the sfx so skip the sfx section above

WARNING: rls.sh has not yet been updated with the docker-images and arch/nix packaging

does everything completely from scratch, straight from your local repo

in the scripts folder:

• run make -C deps-docker to build all dependencies
• run ./rls.sh 1.2.3 which uploads to pypi + creates github release + sfx

debugging

music playback halting on phones

mostly fine on android, but still haven't find a way to massage iphones into behaving well

• conditionally starting/stopping mp.fau according to mp.au.readyState <3 or <4 doesn't help
• loop=true doesn't work, and manually looping mp.fau from an onended also doesn't work (it does nothing)
• assigning fau.currentTime in a timer doesn't work, as safari merely pretends to assign it
• on ios 16.7.7, mp.fau can sometimes make everything visibly work correctly, but no audio is actually hitting the speakers

can be reproduced with --no-sendfile --s-wr-sz 8192 --s-wr-slp 0.3 --rsp-slp 6 and then play a collection of small audio files with the screen off, ffmpeg -i track01.cdda.flac -c:a libopus -b:a 128k -segment_time 12 -f segment smol-%02d.opus

discarded ideas

• optimization attempts which didn't improve performance
  • remove brokers / multiprocessing stuff; https://github.com/9001/copyparty/tree/no-broker
  • reduce the nesting / indirections in HttpCli / httpcli.py
    • nearly zero benefit from stuff like replacing all the self.conn.hsrv with a local hsrv variable
• single sha512 across all up2k chunks?
  • crypto.subtle cannot into streaming, would have to use hashwasm, expensive
• separate sqlite table per tag
  • performance fixed by skipping some indexes (+mt.k)
• audio fingerprinting
  • only makes sense if there can be a wasm client and that doesn't exist yet (except for olaf which is agpl hence counts as not existing)
• os.copy_file_range for up2k cloning
  • almost never hit this path anyways
• up2k partials ui
  • feels like there isn't much point
• cache sha512 chunks on client
  • too dangerous -- overtaken by turbo mode
• comment field
  • nah
• look into android thumbnail cache file format
  • absolutely not
• indexedDB for hashes, cfg enable/clear/sz, 2gb avail, ~9k for 1g, ~4k for 100m, 500k items before autoeviction
  • blank hashlist when up-ok to skip handshake
    • too many confusing side-effects
• hls framework for Someone Else to drop code into :^)
  • probably not, too much stuff to consider -- seeking, start at offset, task stitching (probably np-hard), conditional passthru, rate-control (especially multi-consumer), session keepalive, cache mgmt...