v0.11.13

add image gallery
v0.11.12
2025-10-23 16:14:10 +00:00 · 2021-06-12 20:37:05 +02:00 · 2021-06-12 20:25:08 +02:00 · 2021-06-12 04:28:21 +02:00 · 2021-06-12 04:26:53 +02:00 · 2021-06-12 04:22:07 +02:00
72 changed files with 6268 additions and 1972 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -16,12 +16,9 @@
                "-e2ts",
                "-mtp",
                ".bpm=f,bin/mtag/audio-bpm.py",
-                "-a",
-                "ed:wark",
-                "-v",
-                "srv::r:aed:cnodupe",
-                "-v",
-                "dist:dist:r"
+                "-aed:wark",
+                "-vsrv::r:aed:cnodupe",
+                "-vdist:dist:r"
            ]
        },
        {
@@ -43,5 +40,13 @@
                "${file}"
            ]
        },
+        {
+            "name": "Python: Current File",
+            "type": "python",
+            "request": "launch",
+            "program": "${file}",
+            "console": "integratedTerminal",
+            "justMyCode": false
+        },
    ]
 }
--- a/.vscode/launch.py
+++ b/.vscode/launch.py
@@ -3,16 +3,18 @@
 # launches 10x faster than mspython debugpy
 # and is stoppable with ^C

+import re
 import os
 import sys
+
+print(sys.executable)
+
 import shlex
-
-sys.path.insert(0, os.getcwd())
-
 import jstyleson
-from copyparty.__main__ import main as copyparty
+import subprocess as sp

-with open(".vscode/launch.json", "r") as f:
+
+with open(".vscode/launch.json", "r", encoding="utf-8") as f:
    tj = f.read()

 oj = jstyleson.loads(tj)
@@ -25,11 +27,19 @@ except:
    pass

 argv = [os.path.expanduser(x) if x.startswith("~") else x for x in argv]
-try:
-    copyparty(["a"] + argv)
-except SystemExit as ex:
-    if ex.code:
-        raise
+
+if re.search(" -j ?[0-9]", " ".join(argv)):
+    argv = [sys.executable, "-m", "copyparty"] + argv
+    sp.check_call(argv)
+else:
+    sys.path.insert(0, os.getcwd())
+    from copyparty.__main__ import main as copyparty
+
+    try:
+        copyparty(["a"] + argv)
+    except SystemExit as ex:
+        if ex.code:
+            raise

 print("\n\033[32mokke\033[0m")
 sys.exit(1)
--- a/README.md
+++ b/README.md
@@ -9,9 +9,12 @@
 turn your phone or raspi into a portable file server with resumable uploads/downloads using IE6 or any other browser

 * server runs on anything with `py2.7` or `py3.3+`
-* *resumable* uploads need `firefox 12+` / `chrome 6+` / `safari 6+` / `IE 10+`
+* browse/upload with IE4 / netscape4.0 on win3.11 (heh)
+* *resumable* uploads need `firefox 34+` / `chrome 41+` / `safari 7+` for full speed
 * code standard: `black`

+📷 **screenshots:** [browser](#the-browser) // [upload](#uploading) // [thumbnails](#thumbnails) // [md-viewer](#markdown-viewer) // [search](#searching) // [fsearch](#file-search) // [zip-DL](#zip-downloads) // [ie4](#browser-support)
+

 ## readme toc

@@ -20,16 +23,30 @@ turn your phone or raspi into a portable file server with resumable uploads/down
    * [notes](#notes)
    * [status](#status)
 * [bugs](#bugs)
-* [usage](#usage)
+    * [general bugs](#general-bugs)
+    * [not my bugs](#not-my-bugs)
+* [the browser](#the-browser)
+    * [tabs](#tabs)
+    * [hotkeys](#hotkeys)
+    * [tree-mode](#tree-mode)
+    * [thumbnails](#thumbnails)
    * [zip downloads](#zip-downloads)
+    * [uploading](#uploading)
+        * [file-search](#file-search)
+    * [markdown viewer](#markdown-viewer)
+    * [other tricks](#other-tricks)
 * [searching](#searching)
    * [search configuration](#search-configuration)
+    * [database location](#database-location)
    * [metadata from audio files](#metadata-from-audio-files)
    * [file parser plugins](#file-parser-plugins)
    * [complete examples](#complete-examples)
 * [browser support](#browser-support)
 * [client examples](#client-examples)
+* [up2k](#up2k)
 * [dependencies](#dependencies)
+    * [optional dependencies](#optional-dependencies)
+    * [install recommended deps](#install-recommended-deps)
    * [optional gpl stuff](#optional-gpl-stuff)
 * [sfx](#sfx)
    * [sfx repack](#sfx-repack)
@@ -43,25 +60,31 @@ turn your phone or raspi into a portable file server with resumable uploads/down

 download [copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) and you're all set!

-running the sfx without arguments (for example doubleclicking it on Windows) will let anyone access the current folder; see `-h` for help if you want accounts and volumes etc
+running the sfx without arguments (for example doubleclicking it on Windows) will give everyone full access to the current folder; see `-h` for help if you want accounts and volumes etc

 you may also want these, especially on servers:
 * [contrib/systemd/copyparty.service](contrib/systemd/copyparty.service) to run copyparty as a systemd service
-* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to reverse-proxy behind nginx (for legit https)
+* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to reverse-proxy behind nginx (for better https)


 ## notes

-* iPhone/iPad: use Firefox to download files
-* Android-Chrome: set max "parallel uploads" for 200% upload speed (android bug)
-* Android-Firefox: takes a while to select files (in order to avoid the above android-chrome issue)
-* Desktop-Firefox: may use gigabytes of RAM if your connection is great and your files are massive
+general:
 * paper-printing is affected by dark/light-mode! use lightmode for color, darkmode for grayscale
  * because no browsers currently implement the media-query to do this properly orz

+browser-specific:
+* iPhone/iPad: use Firefox to download files
+* Android-Chrome: increase "parallel uploads" for higher speed (android bug)
+* Android-Firefox: takes a while to select files (their fix for ☝️)
+* Desktop-Firefox: ~~may use gigabytes of RAM if your files are massive~~ *seems to be OK now*
+* Desktop-Firefox: may stop you from deleting folders you've uploaded until you visit `about:memory` and click `Minimize memory usage`
+

 ## status

+summary: all planned features work! now please enjoy the bloatening
+
 * backend stuff
  * ☑ sanic multipart parser
  * ☑ load balancer (multiprocessing)
@@ -79,9 +102,13 @@ you may also want these, especially on servers:
 * browser
  * ☑ tree-view
  * ☑ media player
-  * ✖ thumbnails
-  * ✖ SPA (browse while uploading)
-    * currently safe using the file-tree on the left only, not folders in the file list
+  * ☑ thumbnails
+    * ☑ images using Pillow
+    * ☑ videos using FFmpeg
+    * ☑ cache eviction (max-age; maybe max-size eventually)
+  * ☑ image gallery
+  * ☑ SPA (browse while uploading)
+    * if you use the file-tree on the left only, not folders in the file list
 * server indexing
  * ☑ locate files by contents
  * ☑ search by name/path/date/size
@@ -90,28 +117,72 @@ you may also want these, especially on servers:
  * ☑ viewer
  * ☑ editor (sure why not)

-summary: it works! you can use it! (but technically not even close to beta)
-

 # bugs

 * Windows: python 3.7 and older cannot read tags with ffprobe, so use mutagen or upgrade
 * Windows: python 2.7 cannot index non-ascii filenames with `-e2d`
 * Windows: python 2.7 cannot handle filenames with mojibake
-* hiding the contents at url `/d1/d2/d3` using `-v :d1/d2/d3:cd2d` has the side-effect of creating databases (for files/tags) inside folders d1 and d2, and those databases take precedence over the main db at the top of the vfs - this means all files in d2 and below will be reindexed unless you already had a vfs entry at or below d2
+* MacOS: `--th-ff-jpg` may fix thumbnails using macports-FFmpeg
+
+## general bugs
+
+* all volumes must exist / be available on startup; up2k (mtp especially) gets funky otherwise
+* cannot mount something at `/d1/d2/d3` unless `d2` exists inside `d1`
 * probably more, pls let me know

+## not my bugs

-# usage
+* Windows: msys2-python 3.8.6 occasionally throws "RuntimeError: release unlocked lock" when leaving a scoped mutex in up2k
+  * this is an msys2 bug, the regular windows edition of python is fine
+
+
+# the browser
+
+![copyparty-browser-fs8](https://user-images.githubusercontent.com/241032/115978054-65106380-a57d-11eb-98f8-59e3dee73557.png)
+
+
+## tabs
+
+* `[🔎]` search by size, date, path/name, mp3-tags ... see [searching](#searching)
+* `[🚀]` and `[🎈]` are the uploaders, see [uploading](#uploading)
+* `[📂]` mkdir, create directories
+* `[📝]` new-md, create a new markdown document
+* `[📟]` send-msg, either to server-log or into textfiles if `--urlform save`
+* `[⚙️]` client configuration options
+
+
+## hotkeys

 the browser has the following hotkeys
-* `0..9` jump to 10%..90%
-* `U/O` skip 10sec back/forward
-* `J/L` prev/next song
 * `I/K` prev/next folder
 * `P` parent folder
+* `G` toggle list / grid view
+* `T` toggle thumbnails / icons
+* when playing audio:
+  * `0..9` jump to 10%..90%
+  * `U/O` skip 10sec back/forward
+  * `J/L` prev/next song
+    * `J` also starts playing the folder
+* in the grid view:
+  * `S` toggle multiselect
+  * `A/D` zoom

-you can link a particular timestamp in an audio file by adding it to the URL, such as `&20` / `&20s` / `&1m20` / `&1:20` after the `.../#af-c8960dab`
+
+## tree-mode
+
+by default there's a breadcrumbs path; you can replace this with a tree-browser sidebar thing by clicking the 🌲
+
+click `[-]` and `[+]` to adjust the size, and the `[a]` toggles if the tree should widen dynamically as you go deeper or stay fixed-size
+
+
+## thumbnails
+
+![copyparty-thumbs-fs8](https://user-images.githubusercontent.com/241032/120070302-10836b00-c08a-11eb-8eb4-82004a34c342.png)
+
+it does static images with Pillow and uses FFmpeg for video files, so you may want to `--no-thumb` or maybe just `--no-vthumb` depending on how destructive your users are
+
+images named `folder.jpg` and `folder.png` become the thumbnail of the folder they're in


 ## zip downloads
@@ -130,12 +201,80 @@ the `zip` link next to folders can produce various types of zip/tar files using
 * `zip_crc` will take longer to download since the server has to read each file twice
  * please let me know if you find a program old enough to actually need this

+you can also zip a selection of files or folders by clicking them in the browser, that brings up a selection editor and zip button in the bottom right
+
+![copyparty-zipsel-fs8](https://user-images.githubusercontent.com/241032/116008321-372a2e00-a614-11eb-9a4a-4a1fd9074224.png)
+
+## uploading
+
+two upload methods are available in the html client:
+* `🎈 bup`, the basic uploader, supports almost every browser since netscape 4.0
+* `🚀 up2k`, the fancy one
+
+up2k has several advantages:
+* you can drop folders into the browser (files are added recursively)
+* files are processed in chunks, and each chunk is checksummed
+  * uploads resume if they are interrupted (for example by a reboot)
+  * server detects any corruption; the client reuploads affected chunks
+  * the client doesn't upload anything that already exists on the server
+* the last-modified timestamp of the file is preserved
+
+see [up2k](#up2k) for details on how it works
+
+![copyparty-upload-fs8](https://user-images.githubusercontent.com/241032/115978061-680b5400-a57d-11eb-9ef6-cbb5f60aeccc.png)
+
+**protip:** you can avoid scaring away users with [docs/minimal-up2k.html](docs/minimal-up2k.html) which makes it look [much simpler](https://user-images.githubusercontent.com/241032/118311195-dd6ca380-b4ef-11eb-86f3-75a3ff2e1332.png)
+
+the up2k UI is the epitome of polished inutitive experiences:
+* "parallel uploads" specifies how many chunks to upload at the same time
+* `[🏃]` analysis of other files should continue while one is uploading
+* `[💭]` ask for confirmation before files are added to the list
+* `[💤]` sync uploading between other copyparty tabs so only one is active
+* `[🔎]` switch between upload and file-search mode
+
+and then theres the tabs below it,
+* `[ok]` is uploads which completed successfully
+* `[ng]` is the uploads which failed / got rejected (already exists, ...)
+* `[done]` shows a combined list of `[ok]` and `[ng]`, chronological order
+* `[busy]` files which are currently hashing, pending-upload, or uploading
+  * plus up to 3 entries each from `[done]` and `[que]` for context
+* `[que]` is all the files that are still queued
+
+### file-search
+
+![copyparty-fsearch-fs8](https://user-images.githubusercontent.com/241032/116008320-36919780-a614-11eb-803f-04162326a700.png)
+
+in the `[🚀 up2k]` tab, after toggling the `[🔎]` switch green, any files/folders you drop onto the dropzone will be hashed on the client-side. Each hash is sent to the server which checks if that file exists somewhere already
+
+files go into `[ok]` if they exist (and you get a link to where it is), otherwise they land in `[ng]`
+* the main reason filesearch is combined with the uploader is cause the code was too spaghetti to separate it out somewhere else, this is no longer the case but now i've warmed up to the idea too much
+
+adding the same file multiple times is blocked, so if you first search for a file and then decide to upload it, you have to click the `[cleanup]` button to discard `[done]` files
+
+note that since up2k has to read the file twice, `[🎈 bup]` can be up to 2x faster in extreme cases (if your internet connection is faster than the read-speed of your HDD)
+
+up2k has saved a few uploads from becoming corrupted in-transfer already; caught an android phone on wifi redhanded in wireshark with a bitflip, however bup with https would *probably* have noticed as well thanks to tls also functioning as an integrity check
+
+
+## markdown viewer
+
+![copyparty-md-read-fs8](https://user-images.githubusercontent.com/241032/115978057-66419080-a57d-11eb-8539-d2be843991aa.png)
+
+* the document preview has a max-width which is the same as an A4 paper when printed
+
+
+## other tricks
+
+* you can link a particular timestamp in an audio file by adding it to the URL, such as `&20` / `&20s` / `&1m20` / `&t=1:20` after the `.../#af-c8960dab`
+

 # searching

+![copyparty-search-fs8](https://user-images.githubusercontent.com/241032/115978060-6772bd80-a57d-11eb-81d3-174e869b72c3.png)
+
 when started with `-e2dsa` copyparty will scan/index all your files. This avoids duplicates on upload, and also makes the volumes searchable through the web-ui:
 * make search queries by `size`/`date`/`directory-path`/`filename`, or...
-* drag/drop a local file to see if the same contents exist somewhere on the server (you get the URL if it does)
+* drag/drop a local file to see if the same contents exist somewhere on the server, see [file-search](#file-search)

 path/name queries are space-separated, AND'ed together, and words are negated with a `-` prefix, so for example:
 * path: `shibayan -bossa` finds all files where one of the folders contain `shibayan` but filters out any results where `bossa` exists somewhere in the path
@@ -161,7 +300,29 @@ the same arguments can be set as volume flags, in addition to `d2d` and `d2t` fo
 * `-v ~/music::r:cd2d` disables **all** indexing, even if any `-e2*` are on
 * `-v ~/music::r:cd2t` disables all `-e2t*` (tags), does not affect `-e2d*`

-`e2tsr` is probably always overkill, since `e2ds`/`e2dsa` would pick up any file modifications and cause `e2ts` to reindex those
+note:
+* `e2tsr` is probably always overkill, since `e2ds`/`e2dsa` would pick up any file modifications and cause `e2ts` to reindex those
+* the rescan button in the admin panel has no effect unless the volume has `-e2ds` or higher
+
+you can choose to only index filename/path/size/last-modified (and not the hash of the file contents) by setting `--no-hash` or the volume-flag `cdhash`, this has the following consequences:
+* initial indexing is way faster, especially when the volume is on a networked disk
+* makes it impossible to [file-search](#file-search)
+* if someone uploads the same file contents, the upload will not be detected as a dupe, so it will not get symlinked or rejected
+
+if you set `--no-hash`, you can enable hashing for specific volumes using flag `cehash`
+
+
+## database location
+
+copyparty creates a subfolder named `.hist` inside each volume where it stores the database, thumbnails, and some other stuff
+
+this can instead be kept in a single place using the `--hist` argument, or the `hist=` volume flag, or a mix of both:
+* `--hist ~/.cache/copyparty -v ~/music::r:chist=-` sets `~/.cache/copyparty` as the default place to put volume info, but `~/music` gets the regular `.hist` subfolder (`-` restores default behavior)
+
+note:
+* markdown edits are always stored in a local `.hist` subdirectory
+* on windows the volflag path is cyglike, so `/c/temp` means `C:\temp` but use regular paths for `--hist`
+  * you can use cygpaths for volumes too, `-v C:\Users::r` and `-v /c/users::r` both work


 ## metadata from audio files
@@ -180,6 +341,7 @@ see the beautiful mess of a dictionary in [mtag.py](https://github.com/9001/copy
 `--no-mutagen` disables mutagen and uses ffprobe instead, which...
 * is about 20x slower than mutagen
 * catches a few tags that mutagen doesn't
+  * melodic key, video resolution, framerate, pixfmt
 * avoids pulling any GPL code into copyparty
 * more importantly runs ffprobe on incoming files which is bad if your ffmpeg has a cve

@@ -192,6 +354,11 @@ copyparty can invoke external programs to collect additional metadata for files
 * `-mtp key=f,t5,~/bin/audio-key.py` uses `~/bin/audio-key.py` to get the `key` tag, replacing any existing metadata tag (`f,`), aborting if it takes longer than 5sec (`t5,`)
 * `-v ~/music::r:cmtp=.bpm=~/bin/audio-bpm.py:cmtp=key=f,t5,~/bin/audio-key.py` both as a per-volume config wow this is getting ugly

+*but wait, there's more!* `-mtp` can be used for non-audio files as well using the `a` flag: `ay` only do audio files, `an` only do non-audio files, or `ad` do all files (d as in dontcare) 
+
+* `-mtp ext=an,~/bin/file-ext.py` runs `~/bin/file-ext.py` to get the `ext` tag only if file is not audio (`an`)
+* `-mtp arch,built,ver,orig=an,eexe,edll,~/bin/exe.py` runs `~/bin/exe.py` to get properties about windows-binaries only if file is not audio (`an`) and file extension is exe or dll
+

 ## complete examples

@@ -201,6 +368,8 @@ copyparty can invoke external programs to collect additional metadata for files

 # browser support

+![copyparty-ie4-fs8](https://user-images.githubusercontent.com/241032/118192791-fb31fe00-b446-11eb-9647-898ea8efc1f7.png)
+
 `ie` = internet-explorer, `ff` = firefox, `c` = chrome, `iOS` = iPhone/iPad, `Andr` = Android

 | feature         | ie6 | ie9 | ie10 | ie11 | ff 52 | c 49 | iOS | Andr |
@@ -225,14 +394,18 @@ copyparty can invoke external programs to collect additional metadata for files
 * `*2` using a wasm decoder which can sometimes get stuck and consumes a bit more power

 quick summary of more eccentric web-browsers trying to view a directory index:
-* safari (14.0.3/macos) is chrome with janky wasm, so playing opus can deadlock the javascript engine
-* safari (14.0.1/iOS) same as macos, except it recovers from the deadlocks if you poke it a bit
-* links (2.21/macports) can browse, login, upload/mkdir/msg
-* lynx (2.8.9/macports) can browse, login, upload/mkdir/msg
-* w3m (0.5.3/macports) can browse, login, upload at 100kB/s, mkdir/msg
-* netsurf (3.10/arch) is basically ie6 with much better css (javascript has almost no effect)
-* netscape 4.0 and 4.5 can browse (text is yellow on white), upload with `?b=u`
-* SerenityOS (22d13d8) hits a page fault, works with `?b=u`, file input not-impl, url params are multiplying
+
+| browser | will it blend |
+| ------- | ------------- |
+| **safari** (14.0.3/macos) | is chrome with janky wasm, so playing opus can deadlock the javascript engine |
+| **safari** (14.0.1/iOS)   | same as macos, except it recovers from the deadlocks if you poke it a bit |
+| **links** (2.21/macports) | can browse, login, upload/mkdir/msg |
+| **lynx** (2.8.9/macports) | can browse, login, upload/mkdir/msg |
+| **w3m** (0.5.3/macports)  | can browse, login, upload at 100kB/s, mkdir/msg |
+| **netsurf** (3.10/arch)   | is basically ie6 with much better css (javascript has almost no effect) | 
+| **ie4** and **netscape** 4.0  | can browse (text is yellow on white), upload with `?b=u` |
+| **SerenityOS** (22d13d8)  | hits a page fault, works with `?b=u`, file input not-impl, url params are multiplying |
+

 # client examples

@@ -252,36 +425,72 @@ quick summary of more eccentric web-browsers trying to view a directory index:
  * cross-platform python client available in [./bin/](bin/)
  * [rclone](https://rclone.org/) as client can give ~5x performance, see [./docs/rclone.md](docs/rclone.md)

+* sharex (screenshot utility): see [./contrib/sharex.sxcu](contrib/#sharexsxcu)
+
 copyparty returns a truncated sha512sum of your PUT/POST as base64; you can generate the same checksum locally to verify uplaods:

    b512(){ printf "$((sha512sum||shasum -a512)|sed -E 's/ .*//;s/(..)/\\x\1/g')"|base64|head -c43;}
    b512 <movie.mkv


+# up2k
+
+quick outline of the up2k protocol, see [uploading](#uploading) for the web-client
+* the up2k client splits a file into an "optimal" number of chunks
+  * 1 MiB each, unless that becomes more than 256 chunks
+  * tries 1.5M, 2M, 3, 4, 6, ... until <= 256 chunks or size >= 32M
+* client posts the list of hashes, filename, size, last-modified
+* server creates the `wark`, an identifier for this upload
+  * `sha512( salt + filesize + chunk_hashes )`
+  * and a sparse file is created for the chunks to drop into
+* client uploads each chunk
+  * header entries for the chunk-hash and wark
+  * server writes chunks into place based on the hash
+* client does another handshake with the hashlist; server replies with OK or a list of chunks to reupload
+
+
 # dependencies

 * `jinja2` (is built into the SFX)

-**optional,** enables music tags:
+
+## optional dependencies
+
+enable music tags:
 * either `mutagen` (fast, pure-python, skips a few tags, makes copyparty GPL? idk)
 * or `FFprobe` (20x slower, more accurate, possibly dangerous depending on your distro and users)

-**optional,** will eventually enable thumbnails:
+enable image thumbnails:
 * `Pillow` (requires py2.7 or py3.5+)

+enable video thumbnails:
+* `ffmpeg` and `ffprobe` somewhere in `$PATH`
+
+enable reading HEIF pictures:
+* `pyheif-pillow-opener` (requires Linux or a C compiler)
+
+enable reading AVIF pictures:
+* `pillow-avif-plugin`
+
+
+## install recommended deps
+```
+python -m pip install --user -U jinja2 mutagen Pillow
+```
+

 ## optional gpl stuff

 some bundled tools have copyleft dependencies, see [./bin/#mtag](bin/#mtag)

-these are standalone and will never be imported / evaluated by copyparty
+these are standalone programs and will never be imported / evaluated by copyparty


 # sfx

-currently there are two self-contained binaries:
-* [copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) -- pure python, works everywhere
-* [copyparty-sfx.sh](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.sh) -- smaller, but only for linux and macos
+currently there are two self-contained "binaries":
+* [copyparty-sfx.py](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.py) -- pure python, works everywhere, **recommended**
+* [copyparty-sfx.sh](https://github.com/9001/copyparty/releases/latest/download/copyparty-sfx.sh) -- smaller, but only for linux and macos, kinda deprecated

 launch either of them (**use sfx.py on systemd**) and it'll unpack and run copyparty, assuming you have python installed of course

@@ -341,20 +550,25 @@ in the `scripts` folder:

 roughly sorted by priority

-* separate sqlite table per tag
-* audio fingerprinting
 * readme.md as epilogue
+* single sha512 across all up2k chunks? maybe
 * reduce up2k roundtrips
  * start from a chunk index and just go
  * terminate client on bad data
-* `os.copy_file_range` for up2k cloning
-* support pillow-simd
-* figure out the deal with pixel3a not being connectable as hotspot
-  * pixel3a having unpredictable 3sec latency in general :||||

 discarded ideas

+* separate sqlite table per tag
+  * performance fixed by skipping some indexes (`+mt.k`)
+* audio fingerprinting
+  * only makes sense if there can be a wasm client and that doesn't exist yet (except for olaf which is agpl hence counts as not existing)
+* `os.copy_file_range` for up2k cloning
+  * almost never hit this path anyways
 * up2k partials ui
+  * feels like there isn't much point
 * cache sha512 chunks on client
+  * too dangerous
 * comment field
+  * nah
 * look into android thumbnail cache file format
+  * absolutely not
--- a/bin/README.md
+++ b/bin/README.md
@@ -45,3 +45,18 @@ you could replace winfsp with [dokan](https://github.com/dokan-dev/dokany/releas
 # [`mtag/`](mtag/)
 * standalone programs which perform misc. file analysis
 * copyparty can Popen programs like these during file indexing to collect additional metadata
+
+
+# [`dbtool.py`](dbtool.py)
+upgrade utility which can show db info and help transfer data between databases, for example when a new version of copyparty recommends to wipe the DB and reindex because it now collects additional metadata during analysis, but you have some really expensive `-mtp` parsers and want to copy over the tags from the old db
+
+for that example (upgrading to v0.11.0), first move the old db aside, launch copyparty, let it rebuild the db until the point where it starts running mtp (colored messages as it adds the mtp tags), then CTRL-C and patch in the old mtp tags from the old db instead
+
+so assuming you have `-mtp` parsers to provide the tags `key` and `.bpm`:
+
+```
+~/bin/dbtool.py -ls up2k.db
+~/bin/dbtool.py -src up2k.db.v0.10.22 up2k.db -cmp
+~/bin/dbtool.py -src up2k.db.v0.10.22 up2k.db -rm-mtp-flag -copy key
+~/bin/dbtool.py -src up2k.db.v0.10.22 up2k.db -rm-mtp-flag -copy .bpm -vac
+```
--- a/bin/copyparty-fuse.py
+++ b/bin/copyparty-fuse.py
@@ -54,6 +54,12 @@ MACOS = platform.system() == "Darwin"
 info = log = dbg = None


+print("{} v{} @ {}".format(
+    platform.python_implementation(),
+    ".".join([str(x) for x in sys.version_info]),
+    sys.executable))
+
+
 try:
    from fuse import FUSE, FuseOSError, Operations
 except:
--- a/bin/dbtool.py
+++ b/bin/dbtool.py
@@ -0,0 +1,198 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import sqlite3
+import argparse
+
+DB_VER = 3
+
+
+def die(msg):
+    print("\033[31m\n" + msg + "\n\033[0m")
+    sys.exit(1)
+
+
+def read_ver(db):
+    for tab in ["ki", "kv"]:
+        try:
+            c = db.execute(r"select v from {} where k = 'sver'".format(tab))
+        except:
+            continue
+
+        rows = c.fetchall()
+        if rows:
+            return int(rows[0][0])
+
+    return "corrupt"
+
+
+def ls(db):
+    nfiles = next(db.execute("select count(w) from up"))[0]
+    ntags = next(db.execute("select count(w) from mt"))[0]
+    print(f"{nfiles} files")
+    print(f"{ntags} tags\n")
+
+    print("number of occurences for each tag,")
+    print(" 'x' = file has no tags")
+    print(" 't:mtp' = the mtp flag (file not mtp processed yet)")
+    print()
+    for k, nk in db.execute("select k, count(k) from mt group by k order by k"):
+        print(f"{nk:9} {k}")
+
+
+def compare(n1, d1, n2, d2, verbose):
+    nt = next(d1.execute("select count(w) from up"))[0]
+    n = 0
+    miss = 0
+    for w, rd, fn in d1.execute("select w, rd, fn from up"):
+        n += 1
+        if n % 25_000 == 0:
+            m = f"\033[36mchecked {n:,} of {nt:,} files in {n1} against {n2}\033[0m"
+            print(m)
+
+        q = "select w from up where substr(w,1,16) = ?"
+        hit = d2.execute(q, (w[:16],)).fetchone()
+        if not hit:
+            miss += 1
+            if verbose:
+                print(f"file in {n1} missing in {n2}: [{w}] {rd}/{fn}")
+
+    print(f" {miss} files in {n1} missing in {n2}\n")
+
+    nt = next(d1.execute("select count(w) from mt"))[0]
+    n = 0
+    miss = {}
+    nmiss = 0
+    for w, k, v in d1.execute("select * from mt"):
+        n += 1
+        if n % 100_000 == 0:
+            m = f"\033[36mchecked {n:,} of {nt:,} tags in {n1} against {n2}, so far {nmiss} missing tags\033[0m"
+            print(m)
+
+        v2 = d2.execute("select v from mt where w = ? and +k = ?", (w, k)).fetchone()
+        if v2:
+            v2 = v2[0]
+
+        # if v != v2 and v2 and k in [".bpm", "key"] and n2 == "src":
+        #    print(f"{w} [{rd}/{fn}] {k} = [{v}] / [{v2}]")
+
+        if v2 is not None:
+            if k.startswith("."):
+                try:
+                    diff = abs(float(v) - float(v2))
+                    if diff > float(v) / 0.9:
+                        v2 = None
+                    else:
+                        v2 = v
+                except:
+                    pass
+
+            if v != v2:
+                v2 = None
+
+        if v2 is None:
+            nmiss += 1
+            try:
+                miss[k] += 1
+            except:
+                miss[k] = 1
+
+            if verbose:
+                q = "select rd, fn from up where substr(w,1,16) = ?"
+                rd, fn = d1.execute(q, (w,)).fetchone()
+                print(f"missing in {n2}: [{w}] [{rd}/{fn}] {k} = {v}")
+
+    for k, v in sorted(miss.items()):
+        if v:
+            print(f"{n1} has {v:6} more {k:<6} tags than {n2}")
+
+    print(f"in total, {nmiss} missing tags in {n2}\n")
+
+
+def copy_mtp(d1, d2, tag, rm):
+    nt = next(d1.execute("select count(w) from mt where k = ?", (tag,)))[0]
+    n = 0
+    ndone = 0
+    for w, k, v in d1.execute("select * from mt where k = ?", (tag,)):
+        n += 1
+        if n % 25_000 == 0:
+            m = f"\033[36m{n:,} of {nt:,} tags checked, so far {ndone} copied\033[0m"
+            print(m)
+
+        hit = d2.execute("select v from mt where w = ? and +k = ?", (w, k)).fetchone()
+        if hit:
+            hit = hit[0]
+
+        if hit != v:
+            ndone += 1
+            if hit is not None:
+                d2.execute("delete from mt where w = ? and +k = ?", (w, k))
+
+            d2.execute("insert into mt values (?,?,?)", (w, k, v))
+            if rm:
+                d2.execute("delete from mt where w = ? and +k = 't:mtp'", (w,))
+
+    d2.commit()
+    print(f"copied {ndone} {tag} tags over")
+
+
+def main():
+    os.system("")
+    print()
+    
+    ap = argparse.ArgumentParser()
+    ap.add_argument("db", help="database to work on")
+    ap.add_argument("-src", metavar="DB", type=str, help="database to copy from")
+
+    ap2 = ap.add_argument_group("informational / read-only stuff")
+    ap2.add_argument("-v", action="store_true", help="verbose")
+    ap2.add_argument("-ls", action="store_true", help="list summary for db")
+    ap2.add_argument("-cmp", action="store_true", help="compare databases")
+
+    ap2 = ap.add_argument_group("options which modify target db")
+    ap2.add_argument("-copy", metavar="TAG", type=str, help="mtp tag to copy over")
+    ap2.add_argument(
+        "-rm-mtp-flag",
+        action="store_true",
+        help="when an mtp tag is copied over, also mark that as done, so copyparty won't run mtp on it",
+    )
+    ap2.add_argument("-vac", action="store_true", help="optimize DB")
+
+    ar = ap.parse_args()
+
+    for v in [ar.db, ar.src]:
+        if v and not os.path.exists(v):
+            die("database must exist")
+
+    db = sqlite3.connect(ar.db)
+    ds = sqlite3.connect(ar.src) if ar.src else None
+
+    for d, n in [[ds, "src"], [db, "dst"]]:
+        if not d:
+            continue
+
+        ver = read_ver(d)
+        if ver == "corrupt":
+            die("{} database appears to be corrupt, sorry")
+
+        if ver != DB_VER:
+            m = f"{n} db is version {ver}, this tool only supports version {DB_VER}, please upgrade it with copyparty first"
+            die(m)
+
+    if ar.ls:
+        ls(db)
+
+    if ar.cmp:
+        if not ds:
+            die("need src db to compare against")
+
+        compare("src", ds, "dst", db, ar.v)
+        compare("dst", db, "src", ds, ar.v)
+
+    if ar.copy:
+        copy_mtp(ds, db, ar.copy, ar.rm_mtp_flag)
+
+
+if __name__ == "__main__":
+    main()
--- a/bin/mtag/exe.py
+++ b/bin/mtag/exe.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+import sys
+import time
+import json
+import pefile
+
+"""
+retrieve exe info,
+example for multivalue providers
+"""
+
+
+def unk(v):
+    return "unk({:04x})".format(v)
+
+
+class PE2(pefile.PE):
+    def __init__(self, *a, **ka):
+        for k in [
+            # -- parse_data_directories:
+            "parse_import_directory",
+            "parse_export_directory",
+            # "parse_resources_directory",
+            "parse_debug_directory",
+            "parse_relocations_directory",
+            "parse_directory_tls",
+            "parse_directory_load_config",
+            "parse_delay_import_directory",
+            "parse_directory_bound_imports",
+            # -- full_load:
+            "parse_rich_header",
+        ]:
+            setattr(self, k, self.noop)
+
+        super(PE2, self).__init__(*a, **ka)
+
+    def noop(*a, **ka):
+        pass
+
+
+try:
+    pe = PE2(sys.argv[1], fast_load=False)
+except:
+    sys.exit(0)
+
+arch = pe.FILE_HEADER.Machine
+if arch == 0x14C:
+    arch = "x86"
+elif arch == 0x8664:
+    arch = "x64"
+else:
+    arch = unk(arch)
+
+try:
+    buildtime = time.gmtime(pe.FILE_HEADER.TimeDateStamp)
+    buildtime = time.strftime("%Y-%m-%d_%H:%M:%S", buildtime)
+except:
+    buildtime = "invalid"
+
+ui = pe.OPTIONAL_HEADER.Subsystem
+if ui == 2:
+    ui = "GUI"
+elif ui == 3:
+    ui = "cmdline"
+else:
+    ui = unk(ui)
+
+extra = {}
+if hasattr(pe, "FileInfo"):
+    for v1 in pe.FileInfo:
+        for v2 in v1:
+            if v2.name != "StringFileInfo":
+                continue
+
+            for v3 in v2.StringTable:
+                for k, v in v3.entries.items():
+                    v = v.decode("utf-8", "replace").strip()
+                    if not v:
+                        continue
+
+                    if k in [b"FileVersion", b"ProductVersion"]:
+                        extra["ver"] = v
+
+                    if k in [b"OriginalFilename", b"InternalName"]:
+                        extra["orig"] = v
+
+r = {
+    "arch": arch,
+    "built": buildtime,
+    "ui": ui,
+    "cksum": "{:08x}".format(pe.OPTIONAL_HEADER.CheckSum),
+}
+r.update(extra)
+
+print(json.dumps(r, indent=4))
--- a/bin/mtag/file-ext.py
+++ b/bin/mtag/file-ext.py
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+import sys
+
+"""
+example that just prints the file extension
+"""
+
+print(sys.argv[1].split(".")[-1])
--- a/contrib/README.md
+++ b/contrib/README.md
@@ -9,6 +9,16 @@
 * assumes the webserver and copyparty is running on the same server/IP
 * modify `10.13.1.1` as necessary if you wish to support browsers without javascript

+### [`sharex.sxcu`](sharex.sxcu)
+* sharex config file to upload screenshots and grab the URL
+* `RequestURL`: full URL to the target folder
+* `pw`: password (remove the `pw` line if anon-write)
+
+however if your copyparty is behind a reverse-proxy, you may want to use [`sharex-html.sxcu`](sharex-html.sxcu) instead:
+* `RequestURL`: full URL to the target folder
+* `URL`: full URL to the root folder (with trailing slash) followed by `$regex:1|1$`
+* `pw`: password (remove `Parameters` if anon-write)
+
 ### [`explorer-nothumbs-nofoldertypes.reg`](explorer-nothumbs-nofoldertypes.reg)
 * disables thumbnails and folder-type detection in windows explorer
 * makes it way faster (especially for slow/networked locations (such as copyparty-fuse))
--- a/contrib/sharex-html.sxcu
+++ b/contrib/sharex-html.sxcu
@@ -0,0 +1,19 @@
+{
+  "Version": "13.5.0",
+  "Name": "copyparty-html",
+  "DestinationType": "ImageUploader",
+  "RequestMethod": "POST",
+  "RequestURL": "http://127.0.0.1:3923/sharex",
+  "Parameters": {
+    "pw": "wark"
+  },
+  "Body": "MultipartFormData",
+  "Arguments": {
+    "act": "bput"
+  },
+  "FileFormName": "f",
+  "RegexList": [
+    "bytes // <a href=\"/([^\"]+)\""
+  ],
+  "URL": "http://127.0.0.1:3923/$regex:1|1$"
+}
--- a/contrib/sharex.sxcu
+++ b/contrib/sharex.sxcu
@@ -0,0 +1,17 @@
+{
+  "Version": "13.5.0",
+  "Name": "copyparty",
+  "DestinationType": "ImageUploader",
+  "RequestMethod": "POST",
+  "RequestURL": "http://127.0.0.1:3923/sharex",
+  "Parameters": {
+    "pw": "wark",
+    "j": null
+  },
+  "Body": "MultipartFormData",
+  "Arguments": {
+    "act": "bput"
+  },
+  "FileFormName": "f",
+  "URL": "$json:files[0].url$"
+}
--- a/copyparty/init.py
+++ b/copyparty/init.py
@@ -2,6 +2,7 @@
 from __future__ import print_function, unicode_literals

 import platform
+import time
 import sys
 import os

@@ -16,12 +17,18 @@ if platform.system() == "Windows":
 VT100 = not WINDOWS or WINDOWS >= [10, 0, 14393]
 # introduced in anniversary update

+ANYWIN = WINDOWS or sys.platform in ["msys"]
+
 MACOS = platform.system() == "Darwin"


 class EnvParams(object):
    def __init__(self):
+        self.t0 = time.time()
        self.mod = os.path.dirname(os.path.realpath(__file__))
+        if self.mod.endswith("__init__"):
+            self.mod = os.path.dirname(self.mod)
+
        if sys.platform == "win32":
            self.cfg = os.path.normpath(os.environ["APPDATA"] + "/copyparty")
        elif sys.platform == "darwin":
--- a/copyparty/main.py
+++ b/copyparty/main.py
@@ -225,6 +225,20 @@ def run_argparse(argv, formatter):
            --ciphers help = available ssl/tls ciphers,
            --ssl-ver help = available ssl/tls versions,
              default is what python considers safe, usually >= TLS1
+            
+            values for --ls:
+              "USR" is a user to browse as; * is anonymous, ** is all users
+              "VOL" is a single volume to scan, default is * (all vols)
+              "FLAG" is flags;
+                "v" in addition to realpaths, print usernames and vpaths
+                "ln" only prints symlinks leaving the volume mountpoint
+                "p" exits 1 if any such symlinks are found
+                "r" resumes startup after the listing
+            examples:
+              --ls '**'          # list all files which are possible to read
+              --ls '**,*,ln'     # check for dangerous symlinks
+              --ls '**,*,ln,p,r' # check, then start normally if safe
+            \033[0m
            """
        ),
    )
@@ -237,19 +251,37 @@ def run_argparse(argv, formatter):
    ap.add_argument("-a", metavar="ACCT", type=str, action="append", help="add account")
    ap.add_argument("-v", metavar="VOL", type=str, action="append", help="add volume")
    ap.add_argument("-q", action="store_true", help="quiet")
-    ap.add_argument("--log-conn", action="store_true", help="print tcp-server msgs")
    ap.add_argument("-ed", action="store_true", help="enable ?dots")
    ap.add_argument("-emp", action="store_true", help="enable markdown plugins")
    ap.add_argument("-mcr", metavar="SEC", type=int, default=60, help="md-editor mod-chk rate")
    ap.add_argument("-nw", action="store_true", help="disable writes (benchmark)")
    ap.add_argument("-nih", action="store_true", help="no info hostname")
    ap.add_argument("-nid", action="store_true", help="no info disk-usage")
+    ap.add_argument("--dotpart", action="store_true", help="dotfile incomplete uploads")
    ap.add_argument("--no-zip", action="store_true", help="disable download as zip/tar")
-    ap.add_argument("--no-sendfile", action="store_true", help="disable sendfile (for debugging)")
-    ap.add_argument("--no-scandir", action="store_true", help="disable scandir (for debugging)")
+    ap.add_argument("--sparse", metavar="MiB", type=int, default=4, help="up2k min.size threshold (mswin-only)")
    ap.add_argument("--urlform", metavar="MODE", type=str, default="print,get", help="how to handle url-forms")
    ap.add_argument("--salt", type=str, default="hunter2", help="up2k file-hash salt")

+    ap2 = ap.add_argument_group('appearance options')
+    ap2.add_argument("--css-browser", metavar="L", help="URL to additional CSS to include")
+
+    ap2 = ap.add_argument_group('admin panel options')
+    ap2.add_argument("--no-rescan", action="store_true", help="disable ?scan (volume reindexing)")
+    ap2.add_argument("--no-stack", action="store_true", help="disable ?stack (list all stacks)")
+
+    ap2 = ap.add_argument_group('thumbnail options')
+    ap2.add_argument("--no-thumb", action="store_true", help="disable all thumbnails")
+    ap2.add_argument("--no-vthumb", action="store_true", help="disable video thumbnails")
+    ap2.add_argument("--th-size", metavar="WxH", default="320x256", help="thumbnail res")
+    ap2.add_argument("--th-no-crop", action="store_true", help="dynamic height; show full image")
+    ap2.add_argument("--th-no-jpg", action="store_true", help="disable jpg output")
+    ap2.add_argument("--th-no-webp", action="store_true", help="disable webp output")
+    ap2.add_argument("--th-ff-jpg", action="store_true", help="force jpg for video thumbs")
+    ap2.add_argument("--th-poke", metavar="SEC", type=int, default=300, help="activity labeling cooldown")
+    ap2.add_argument("--th-clean", metavar="SEC", type=int, default=43200, help="cleanup interval")
+    ap2.add_argument("--th-maxage", metavar="SEC", type=int, default=604800, help="max folder age")
+
    ap2 = ap.add_argument_group('database options')
    ap2.add_argument("-e2d", action="store_true", help="enable up2k database")
    ap2.add_argument("-e2ds", action="store_true", help="enable up2k db-scanner, sets -e2d")
@@ -257,11 +289,13 @@ def run_argparse(argv, formatter):
    ap2.add_argument("-e2t", action="store_true", help="enable metadata indexing")
    ap2.add_argument("-e2ts", action="store_true", help="enable metadata scanner, sets -e2t")
    ap2.add_argument("-e2tsr", action="store_true", help="rescan all metadata, sets -e2ts")
+    ap2.add_argument("--hist", metavar="PATH", type=str, help="where to store volume state")
+    ap2.add_argument("--no-hash", action="store_true", help="disable hashing during e2ds folder scans")
    ap2.add_argument("--no-mutagen", action="store_true", help="use ffprobe for tags instead")
    ap2.add_argument("--no-mtag-mt", action="store_true", help="disable tag-read parallelism")
    ap2.add_argument("-mtm", metavar="M=t,t,t", action="append", type=str, help="add/replace metadata mapping")
    ap2.add_argument("-mte", metavar="M,M,M", type=str, help="tags to index/display (comma-sep.)",
-        default="circle,album,.tn,artist,title,.bpm,key,.dur,.q")
+        default="circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,ac,vc,res,.fps")
    ap2.add_argument("-mtp", metavar="M=[f,]bin", action="append", type=str, help="read tag M using bin")
    ap2.add_argument("--srch-time", metavar="SEC", type=int, default=30, help="search deadline")

@@ -272,6 +306,15 @@ def run_argparse(argv, formatter):
    ap2.add_argument("--ciphers", metavar="LIST", help="set allowed ciphers")
    ap2.add_argument("--ssl-dbg", action="store_true", help="dump some tls info")
    ap2.add_argument("--ssl-log", metavar="PATH", help="log master secrets")
+
+    ap2 = ap.add_argument_group('debug options')
+    ap2.add_argument("--ls", metavar="U[,V[,F]]", help="scan all volumes")
+    ap2.add_argument("--log-conn", action="store_true", help="print tcp-server msgs")
+    ap2.add_argument("--no-sendfile", action="store_true", help="disable sendfile")
+    ap2.add_argument("--no-scandir", action="store_true", help="disable scandir")
+    ap2.add_argument("--no-fastboot", action="store_true", help="wait for up2k indexing")
+    ap2.add_argument("--ihead", metavar="HEADER", action='append', help="dump incoming header")
+    ap2.add_argument("--lf-url", metavar="RE", type=str, default=r"^/\.cpr/|\?th=[wj]$", help="dont log URLs matching")
    
    return ap.parse_args(args=argv[1:])
    # fmt: on
@@ -341,6 +384,9 @@ def main(argv=None):
            + "  (if you crash with codec errors then that is why)"
        )

+    if WINDOWS and sys.version_info < (3, 6):
+        al.no_scandir = True
+
    # signal.signal(signal.SIGINT, sighandler)

    SvcHub(al).run()
--- a/copyparty/version.py
+++ b/copyparty/version.py
@@ -1,8 +1,8 @@
 # coding: utf-8

-VERSION = (0, 10, 11)
-CODENAME = "zip it"
-BUILD_DT = (2021, 4, 19)
+VERSION = (0, 11, 13)
+CODENAME = "the grid"
+BUILD_DT = (2021, 6, 12)

 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -5,35 +5,49 @@ import re
 import os
 import sys
 import stat
+import base64
+import hashlib
 import threading

-from .__init__ import PY2, WINDOWS
+from .__init__ import WINDOWS
 from .util import IMPLICATIONS, undot, Pebkac, fsdec, fsenc, statdir, nuprint


 class VFS(object):
    """single level in the virtual fs"""

-    def __init__(self, realpath, vpath, uread=[], uwrite=[], flags={}):
+    def __init__(self, realpath, vpath, uread=[], uwrite=[], uadm=[], flags={}):
        self.realpath = realpath  # absolute path on host filesystem
        self.vpath = vpath  # absolute path in the virtual filesystem
        self.uread = uread  # users who can read this
        self.uwrite = uwrite  # users who can write this
+        self.uadm = uadm  # users who are regular admins
        self.flags = flags  # config switches
        self.nodes = {}  # child nodes
-        self.all_vols = {vpath: self}  # flattened recursive
+        self.histtab = None  # all realpath->histpath
+        self.dbv = None  # closest full/non-jump parent
+
+        if realpath:
+            self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
+            self.all_vols = {vpath: self}  # flattened recursive
+        else:
+            self.histpath = None
+            self.all_vols = None

    def __repr__(self):
        return "VFS({})".format(
            ", ".join(
                "{}={!r}".format(k, self.__dict__[k])
-                for k in "realpath vpath uread uwrite flags".split()
+                for k in "realpath vpath uread uwrite uadm flags".split()
            )
        )

-    def _trk(self, vol):
-        self.all_vols[vol.vpath] = vol
-        return vol
+    def get_all_vols(self, outdict):
+        if self.realpath:
+            outdict[self.vpath] = self
+
+        for v in self.nodes.values():
+            v.get_all_vols(outdict)

    def add(self, src, dst):
        """get existing, or add new path to the vfs"""
@@ -45,18 +59,19 @@ class VFS(object):
            name, dst = dst.split("/", 1)
            if name in self.nodes:
                # exists; do not manipulate permissions
-                return self._trk(self.nodes[name].add(src, dst))
+                return self.nodes[name].add(src, dst)

            vn = VFS(
-                "{}/{}".format(self.realpath, name),
+                os.path.join(self.realpath, name) if self.realpath else None,
                "{}/{}".format(self.vpath, name).lstrip("/"),
                self.uread,
                self.uwrite,
-                self.flags,
+                self.uadm,
+                self._copy_flags(name),
            )
-            self._trk(vn)
+            vn.dbv = self.dbv or self
            self.nodes[name] = vn
-            return self._trk(vn.add(src, dst))
+            return vn.add(src, dst)

        if dst in self.nodes:
            # leaf exists; return as-is
@@ -65,8 +80,26 @@ class VFS(object):
        # leaf does not exist; create and keep permissions blank
        vp = "{}/{}".format(self.vpath, dst).lstrip("/")
        vn = VFS(src, vp)
+        vn.dbv = self.dbv or self
        self.nodes[dst] = vn
-        return self._trk(vn)
+        return vn
+
+    def _copy_flags(self, name):
+        flags = {k: v for k, v in self.flags.items()}
+        hist = flags.get("hist")
+        if hist and hist != "-":
+            flags["hist"] = "{}/{}".format(hist.rstrip("/"), name)
+
+        return flags
+
+    def bubble_flags(self):
+        if self.dbv:
+            for k, v in self.dbv.flags.items():
+                if k not in ["hist"]:
+                    self.flags[k] = v
+
+        for v in self.nodes.values():
+            v.bubble_flags()

    def _find(self, vpath):
        """return [vfs,remainder]"""
@@ -94,6 +127,7 @@ class VFS(object):
        ]

    def get(self, vpath, uname, will_read, will_write):
+        # type: (str, str, bool, bool) -> tuple[VFS, str]
        """returns [vfsnode,fs_remainder] if user has the requested permissions"""
        vn, rem = self._find(vpath)

@@ -105,6 +139,15 @@ class VFS(object):

        return vn, rem

+    def get_dbv(self, vrem):
+        dbv = self.dbv
+        if not dbv:
+            return self, vrem
+
+        vrem = [self.vpath[len(dbv.vpath) + 1 :], vrem]
+        vrem = "/".join([x for x in vrem if x])
+        return dbv, vrem
+
    def canonical(self, rem):
        """returns the canonical path (fully-resolved absolute fs path)"""
        rp = self.realpath
@@ -133,7 +176,8 @@ class VFS(object):
            #
            return os.path.realpath(rp)

-    def ls(self, rem, uname, scandir, lstat=False):
+    def ls(self, rem, uname, scandir, incl_wo=False, lstat=False):
+        # type: (str, str, bool, bool, bool) -> tuple[str, str, dict[str, VFS]]
        """return user-readable [fsdir,real,virt] items at vpath"""
        virt_vis = {}  # nodes readable by user
        abspath = self.canonical(rem)
@@ -141,7 +185,12 @@ class VFS(object):
        real.sort()
        if not rem:
            for name, vn2 in sorted(self.nodes.items()):
-                if uname in vn2.uread or "*" in vn2.uread:
+                ok = uname in vn2.uread or "*" in vn2.uread
+
+                if not ok and incl_wo:
+                    ok = uname in vn2.uwrite or "*" in vn2.uwrite
+
+                if ok:
                    virt_vis[name] = vn2

            # no vfs nodes in the list of real inodes
@@ -149,13 +198,21 @@ class VFS(object):

        return [abspath, real, virt_vis]

-    def walk(self, rel, rem, uname, dots, scandir, lstat=False):
+    def walk(self, rel, rem, seen, uname, dots, scandir, lstat):
        """
        recursively yields from ./rem;
        rel is a unix-style user-defined vpath (not vfs-related)
        """

-        fsroot, vfs_ls, vfs_virt = self.ls(rem, uname, scandir, lstat)
+        fsroot, vfs_ls, vfs_virt = self.ls(
+            rem, uname, scandir, incl_wo=False, lstat=lstat
+        )
+
+        if seen and not fsroot.startswith(seen[-1]) and fsroot in seen:
+            print("bailing from symlink loop,\n  {}\n  {}".format(seen[-1], fsroot))
+            return
+
+        seen = seen[:] + [fsroot]
        rfiles = [x for x in vfs_ls if not stat.S_ISDIR(x[1].st_mode)]
        rdirs = [x for x in vfs_ls if stat.S_ISDIR(x[1].st_mode)]

@@ -170,7 +227,7 @@ class VFS(object):

            wrel = (rel + "/" + rdir).lstrip("/")
            wrem = (rem + "/" + rdir).lstrip("/")
-            for x in self.walk(wrel, wrem, uname, scandir, lstat):
+            for x in self.walk(wrel, wrem, seen, uname, dots, scandir, lstat):
                yield x

        for n, vfs in sorted(vfs_virt.items()):
@@ -178,14 +235,16 @@ class VFS(object):
                continue

            wrel = (rel + "/" + n).lstrip("/")
-            for x in vfs.walk(wrel, "", uname, scandir, lstat):
+            for x in vfs.walk(wrel, "", seen, uname, dots, scandir, lstat):
                yield x

    def zipgen(self, vrem, flt, uname, dots, scandir):
        if flt:
            flt = {k: True for k in flt}

-        for vpath, apath, files, rd, vd in self.walk("", vrem, uname, dots, scandir):
+        for vpath, apath, files, rd, vd in self.walk(
+            "", vrem, [], uname, dots, scandir, False
+        ):
            if flt:
                files = [x for x in files if x[0] in flt]

@@ -221,17 +280,19 @@ class VFS(object):
            for f in [{"vp": v, "ap": a, "st": n[1]} for v, a, n in files]:
                yield f

-    def user_tree(self, uname, readable=False, writable=False):
-        ret = []
-        opt1 = readable and (uname in self.uread or "*" in self.uread)
-        opt2 = writable and (uname in self.uwrite or "*" in self.uwrite)
-        if opt1 or opt2:
-            ret.append(self.vpath)
+    def user_tree(self, uname, readable, writable, admin):
+        is_readable = False
+        if uname in self.uread or "*" in self.uread:
+            readable.append(self.vpath)
+            is_readable = True
+
+        if uname in self.uwrite or "*" in self.uwrite:
+            writable.append(self.vpath)
+            if is_readable:
+                admin.append(self.vpath)

        for _, vn in sorted(self.nodes.items()):
-            ret.extend(vn.user_tree(uname, readable, writable))
-
-        return ret
+            vn.user_tree(uname, readable, writable, admin)


 class AuthSrv(object):
@@ -241,6 +302,7 @@ class AuthSrv(object):
        self.args = args
        self.log_func = log_func
        self.warn_anonwrite = warn_anonwrite
+        self.line_ctr = 0

        if WINDOWS:
            self.re_vol = re.compile(r"^([a-zA-Z]:[\\/][^:]*|[^:]*):([^:]*):(.*)$")
@@ -251,7 +313,8 @@ class AuthSrv(object):
        self.reload()

    def log(self, msg, c=0):
-        self.log_func("auth", msg, c)
+        if self.log_func:
+            self.log_func("auth", msg, c)

    def laggy_iter(self, iterable):
        """returns [value,isFinalValue]"""
@@ -263,10 +326,12 @@ class AuthSrv(object):

        yield prev, True

-    def _parse_config_file(self, fd, user, mread, mwrite, mflags, mount):
+    def _parse_config_file(self, fd, user, mread, mwrite, madm, mflags, mount):
        vol_src = None
        vol_dst = None
+        self.line_ctr = 0
        for ln in [x.decode("utf-8").strip() for x in fd]:
+            self.line_ctr += 1
            if not ln and vol_src is not None:
                vol_src = None
                vol_dst = None
@@ -293,15 +358,26 @@ class AuthSrv(object):
                mount[vol_dst] = vol_src
                mread[vol_dst] = []
                mwrite[vol_dst] = []
+                madm[vol_dst] = []
                mflags[vol_dst] = {}
                continue

-            lvl, uname = ln.split(" ")
+            if len(ln) > 1:
+                lvl, uname = ln.split(" ")
+            else:
+                lvl = ln
+                uname = "*"
+
            self._read_vol_str(
-                lvl, uname, mread[vol_dst], mwrite[vol_dst], mflags[vol_dst]
+                lvl,
+                uname,
+                mread[vol_dst],
+                mwrite[vol_dst],
+                madm[vol_dst],
+                mflags[vol_dst],
            )

-    def _read_vol_str(self, lvl, uname, mr, mw, mf):
+    def _read_vol_str(self, lvl, uname, mr, mw, ma, mf):
        if lvl == "c":
            cval = True
            if "=" in uname:
@@ -319,6 +395,9 @@ class AuthSrv(object):
        if lvl in "wa":
            mw.append(uname)

+        if lvl == "a":
+            ma.append(uname)
+
    def _read_volflag(self, flags, name, value, is_list):
        if name not in ["mtp"]:
            flags[name] = value
@@ -342,6 +421,7 @@ class AuthSrv(object):
        user = {}  # username:password
        mread = {}  # mountpoint:[username]
        mwrite = {}  # mountpoint:[username]
+        madm = {}  # mountpoint:[username]
        mflags = {}  # mountpoint:[flag]
        mount = {}  # dst:src (mountpoint:realpath)

@@ -359,29 +439,42 @@ class AuthSrv(object):
                    raise Exception("invalid -v argument: [{}]".format(v_str))

                src, dst, perms = m.groups()
+                if WINDOWS and src.startswith("/"):
+                    src = "{}:\\{}".format(src[1], src[3:])
+
                # print("\n".join([src, dst, perms]))
                src = fsdec(os.path.abspath(fsenc(src)))
                dst = dst.strip("/")
                mount[dst] = src
                mread[dst] = []
                mwrite[dst] = []
+                madm[dst] = []
                mflags[dst] = {}

                perms = perms.split(":")
                for (lvl, uname) in [[x[0], x[1:]] for x in perms]:
-                    self._read_vol_str(lvl, uname, mread[dst], mwrite[dst], mflags[dst])
+                    self._read_vol_str(
+                        lvl, uname, mread[dst], mwrite[dst], madm[dst], mflags[dst]
+                    )

        if self.args.c:
            for cfg_fn in self.args.c:
                with open(cfg_fn, "rb") as f:
-                    self._parse_config_file(f, user, mread, mwrite, mflags, mount)
+                    try:
+                        self._parse_config_file(
+                            f, user, mread, mwrite, madm, mflags, mount
+                        )
+                    except:
+                        m = "\n\033[1;31m\nerror in config file {} on line {}:\n\033[0m"
+                        print(m.format(cfg_fn, self.line_ctr))
+                        raise

        if not mount:
            # -h says our defaults are CWD at root and read/write for everyone
            vfs = VFS(os.path.abspath("."), "", ["*"], ["*"])
        elif "" not in mount:
            # there's volumes but no root; make root inaccessible
-            vfs = VFS(os.path.abspath("."), "")
+            vfs = VFS(None, "")
            vfs.flags["d2d"] = True

        maxdepth = 0
@@ -392,13 +485,20 @@ class AuthSrv(object):

            if dst == "":
                # rootfs was mapped; fully replaces the default CWD vfs
-                vfs = VFS(mount[dst], dst, mread[dst], mwrite[dst], mflags[dst])
+                vfs = VFS(
+                    mount[dst], dst, mread[dst], mwrite[dst], madm[dst], mflags[dst]
+                )
                continue

            v = vfs.add(mount[dst], dst)
            v.uread = mread[dst]
            v.uwrite = mwrite[dst]
+            v.uadm = madm[dst]
            v.flags = mflags[dst]
+            v.dbv = None
+
+        vfs.all_vols = {}
+        vfs.get_all_vols(vfs.all_vols)

        missing_users = {}
        for d in [mread, mwrite]:
@@ -415,6 +515,69 @@ class AuthSrv(object):
            )
            raise Exception("invalid config")

+        promote = []
+        demote = []
+        for vol in vfs.all_vols.values():
+            hid = hashlib.sha512(fsenc(vol.realpath)).digest()
+            hid = base64.b32encode(hid).decode("ascii").lower()
+            vflag = vol.flags.get("hist")
+            if vflag == "-":
+                pass
+            elif vflag:
+                if WINDOWS and vflag.startswith("/"):
+                    vflag = "{}:\\{}".format(vflag[1], vflag[3:])
+                vol.histpath = vflag
+            elif self.args.hist:
+                for nch in range(len(hid)):
+                    hpath = os.path.join(self.args.hist, hid[: nch + 1])
+                    try:
+                        os.makedirs(hpath)
+                    except:
+                        pass
+
+                    powner = os.path.join(hpath, "owner.txt")
+                    try:
+                        with open(powner, "rb") as f:
+                            owner = f.read().rstrip()
+                    except:
+                        owner = None
+
+                    me = fsenc(vol.realpath).rstrip()
+                    if owner not in [None, me]:
+                        continue
+
+                    if owner is None:
+                        with open(powner, "wb") as f:
+                            f.write(me)
+
+                    vol.histpath = hpath
+                    break
+
+            vol.histpath = os.path.realpath(vol.histpath)
+            if vol.dbv:
+                if os.path.exists(os.path.join(vol.histpath, "up2k.db")):
+                    promote.append(vol)
+                    vol.dbv = None
+                else:
+                    demote.append(vol)
+
+        # discard jump-vols
+        for v in demote:
+            vfs.all_vols.pop(v.vpath)
+
+        if promote:
+            msg = [
+                "\n  the following jump-volumes were generated to assist the vfs.\n  As they contain a database (probably from v0.11.11 or older),\n  they are promoted to full volumes:"
+            ]
+            for vol in promote:
+                msg.append(
+                    "  /{}  ({})  ({})".format(vol.vpath, vol.realpath, vol.histpath)
+                )
+
+            self.log("\n\n".join(msg) + "\n", c=3)
+
+        vfs.histtab = {v.realpath: v.histpath for v in vfs.all_vols.values()}
+
        all_mte = {}
        errors = False
        for vol in vfs.all_vols.values():
@@ -424,6 +587,10 @@ class AuthSrv(object):
            if self.args.e2d or "e2ds" in vol.flags:
                vol.flags["e2d"] = True

+            if self.args.no_hash:
+                if "ehash" not in vol.flags:
+                    vol.flags["dhash"] = True
+
            for k in ["e2t", "e2ts", "e2tsr"]:
                if getattr(self.args, k):
                    vol.flags[k] = True
@@ -457,8 +624,10 @@ class AuthSrv(object):
            # verify tags mentioned by -mt[mp] are used by -mte
            local_mtp = {}
            local_only_mtp = {}
-            for a in vol.flags.get("mtp", []) + vol.flags.get("mtm", []):
-                a = a.split("=")[0]
+            tags = vol.flags.get("mtp", []) + vol.flags.get("mtm", [])
+            tags = [x.split("=")[0] for x in tags]
+            tags = [y for x in tags for y in x.split(",")]
+            for a in tags:
                local_mtp[a] = True
                local = True
                for b in self.args.mtp or []:
@@ -487,8 +656,10 @@ class AuthSrv(object):
                    self.log(m.format(vol.vpath, mtp), 1)
                    errors = True

-        for mtp in self.args.mtp or []:
-            mtp = mtp.split("=")[0]
+        tags = self.args.mtp or []
+        tags = [x.split("=")[0] for x in tags]
+        tags = [y for x in tags for y in x.split(",")]
+        for mtp in tags:
            if mtp not in all_mte:
                m = 'metadata tag "{}" is defined by "-mtm" or "-mtp", but is not used by "-mte" (or by any "cmte" volume-flag)'
                self.log(m.format(mtp), 1)
@@ -497,6 +668,8 @@ class AuthSrv(object):
        if errors:
            sys.exit(1)

+        vfs.bubble_flags()
+
        try:
            v, _ = vfs.get("/", "*", False, True)
            if self.warn_anonwrite and os.getcwd() == v.realpath:
@@ -513,3 +686,90 @@ class AuthSrv(object):

        # import pprint
        # pprint.pprint({"usr": user, "rd": mread, "wr": mwrite, "mnt": mount})
+
+    def dbg_ls(self):
+        users = self.args.ls
+        vols = "*"
+        flags = []
+
+        try:
+            users, vols = users.split(",", 1)
+        except:
+            pass
+
+        try:
+            vols, flags = vols.split(",", 1)
+            flags = flags.split(",")
+        except:
+            pass
+
+        if users == "**":
+            users = list(self.user.keys()) + ["*"]
+        else:
+            users = [users]
+
+        for u in users:
+            if u not in self.user and u != "*":
+                raise Exception("user not found: " + u)
+
+        if vols == "*":
+            vols = ["/" + x for x in self.vfs.all_vols.keys()]
+        else:
+            vols = [vols]
+
+        for v in vols:
+            if not v.startswith("/"):
+                raise Exception("volumes must start with /")
+
+            if v[1:] not in self.vfs.all_vols:
+                raise Exception("volume not found: " + v)
+
+        self.log({"users": users, "vols": vols, "flags": flags})
+        for k, v in self.vfs.all_vols.items():
+            self.log("/{}: read({}) write({})".format(k, v.uread, v.uwrite))
+
+        flag_v = "v" in flags
+        flag_ln = "ln" in flags
+        flag_p = "p" in flags
+        flag_r = "r" in flags
+
+        n_bads = 0
+        for v in vols:
+            v = v[1:]
+            vtop = "/{}/".format(v) if v else "/"
+            for u in users:
+                self.log("checking /{} as {}".format(v, u))
+                try:
+                    vn, _ = self.vfs.get(v, u, True, False)
+                except:
+                    continue
+
+                atop = vn.realpath
+                g = vn.walk("", "", [], u, True, not self.args.no_scandir, False)
+                for vpath, apath, files, _, _ in g:
+                    fnames = [n[0] for n in files]
+                    vpaths = [vpath + "/" + n for n in fnames] if vpath else fnames
+                    vpaths = [vtop + x for x in vpaths]
+                    apaths = [os.path.join(apath, n) for n in fnames]
+                    files = [[vpath + "/", apath + os.sep]] + list(zip(vpaths, apaths))
+
+                    if flag_ln:
+                        files = [x for x in files if not x[1].startswith(atop + os.sep)]
+                        n_bads += len(files)
+
+                    if flag_v:
+                        msg = [
+                            '# user "{}", vpath "{}"\n{}'.format(u, vp, ap)
+                            for vp, ap in files
+                        ]
+                    else:
+                        msg = [x[1] for x in files]
+
+                    if msg:
+                        nuprint("\n".join(msg))
+
+                if n_bads and flag_p:
+                    raise Exception("found symlink leaving volume, and strict is set")
+
+        if not flag_r:
+            sys.exit(0)
--- a/copyparty/broker_mp.py
+++ b/copyparty/broker_mp.py
@@ -44,7 +44,9 @@ class BrokerMp(object):
            proc.clients = {}
            proc.workload = 0

-            thr = threading.Thread(target=self.collector, args=(proc,))
+            thr = threading.Thread(
+                target=self.collector, args=(proc,), name="mp-collector"
+            )
            thr.daemon = True
            thr.start()

@@ -52,14 +54,19 @@ class BrokerMp(object):
            proc.start()

        if not self.args.q:
-            thr = threading.Thread(target=self.debug_load_balancer)
+            thr = threading.Thread(
+                target=self.debug_load_balancer, name="mp-dbg-loadbalancer"
+            )
            thr.daemon = True
            thr.start()

    def shutdown(self):
        self.log("broker", "shutting down")
-        for proc in self.procs:
-            thr = threading.Thread(target=proc.q_pend.put([0, "shutdown", []]))
+        for n, proc in enumerate(self.procs):
+            thr = threading.Thread(
+                target=proc.q_pend.put([0, "shutdown", []]),
+                name="mp-shutdown-{}-{}".format(n, len(self.procs)),
+            )
            thr.start()

        with self.mutex:
--- a/copyparty/broker_mpw.py
+++ b/copyparty/broker_mpw.py
@@ -1,5 +1,6 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals
+from copyparty.authsrv import AuthSrv

 import sys
 import time
@@ -27,20 +28,23 @@ class MpWorker(object):
        self.retpend = {}
        self.retpend_mutex = threading.Lock()
        self.mutex = threading.Lock()
-        self.workload_thr_active = False
+        self.workload_thr_alive = False

        # we inherited signal_handler from parent,
        # replace it with something harmless
        if not FAKE_MP:
            signal.signal(signal.SIGINT, self.signal_handler)

+        # starting to look like a good idea
+        self.asrv = AuthSrv(args, None, False)
+
        # instantiate all services here (TODO: inheritance?)
-        self.httpsrv = HttpSrv(self)
+        self.httpsrv = HttpSrv(self, True)
        self.httpsrv.disconnect_func = self.httpdrop

        # on winxp and some other platforms,
        # use thr.join() to block all signals
-        thr = threading.Thread(target=self.main)
+        thr = threading.Thread(target=self.main, name="mpw-main")
        thr.daemon = True
        thr.start()
        thr.join()
@@ -75,13 +79,15 @@ class MpWorker(object):

                if self.args.log_conn:
                    self.log("%s %s" % addr, "|%sC-qpop" % ("-" * 4,), c="1;30")
-                
+
                self.httpsrv.accept(sck, addr)

                with self.mutex:
-                    if not self.workload_thr_active:
+                    if not self.workload_thr_alive:
                        self.workload_thr_alive = True
-                        thr = threading.Thread(target=self.thr_workload)
+                        thr = threading.Thread(
+                            target=self.thr_workload, name="mpw-workload"
+                        )
                        thr.daemon = True
                        thr.start()

--- a/copyparty/broker_thr.py
+++ b/copyparty/broker_thr.py
@@ -3,6 +3,7 @@ from __future__ import print_function, unicode_literals

 import threading

+from .authsrv import AuthSrv
 from .httpsrv import HttpSrv
 from .broker_util import ExceptionalQueue, try_exec

@@ -14,6 +15,7 @@ class BrokerThr(object):
        self.hub = hub
        self.log = hub.log
        self.args = hub.args
+        self.asrv = hub.asrv

        self.mutex = threading.Lock()

--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
--- a/copyparty/httpconn.py
+++ b/copyparty/httpconn.py
@@ -1,6 +1,7 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals

+import re
 import os
 import sys
 import time
@@ -16,6 +17,9 @@ from .__init__ import E
 from .util import Unrecv
 from .httpcli import HttpCli
 from .u2idx import U2idx
+from .th_cli import ThumbCli
+from .th_srv import HAVE_PIL
+from .ico import Ico


 class HttpConn(object):
@@ -30,14 +34,20 @@ class HttpConn(object):
        self.hsrv = hsrv

        self.args = hsrv.args
-        self.auth = hsrv.auth
+        self.asrv = hsrv.asrv
+        self.is_mp = hsrv.is_mp
        self.cert_path = hsrv.cert_path

+        enth = HAVE_PIL and not self.args.no_thumb
+        self.thumbcli = ThumbCli(hsrv.broker) if enth else None
+        self.ico = Ico(self.args)
+
        self.t0 = time.time()
        self.nbyte = 0
        self.workload = 0
        self.u2idx = None
        self.log_func = hsrv.log
+        self.lf_url = re.compile(self.args.lf_url) if self.args.lf_url else None
        self.set_rproxy()

    def set_rproxy(self, ip=None):
@@ -61,7 +71,7 @@ class HttpConn(object):

    def get_u2idx(self):
        if not self.u2idx:
-            self.u2idx = U2idx(self.args, self.log_func)
+            self.u2idx = U2idx(self)

        return self.u2idx

@@ -165,6 +175,11 @@ class HttpConn(object):
            self.sr = Unrecv(self.s)

        while True:
+            if self.is_mp:
+                self.workload += 50
+                if self.workload >= 2 ** 31:
+                    self.workload = 100
+
            cli = HttpCli(self)
            if not cli.run():
                return
--- a/copyparty/httpsrv.py
+++ b/copyparty/httpsrv.py
@@ -25,8 +25,8 @@ except ImportError:
    sys.exit(1)

 from .__init__ import E, MACOS
-from .httpconn import HttpConn
 from .authsrv import AuthSrv
+from .httpconn import HttpConn


 class HttpSrv(object):
@@ -35,10 +35,12 @@ class HttpSrv(object):
    relying on MpSrv for performance (HttpSrv is just plain threads)
    """

-    def __init__(self, broker):
+    def __init__(self, broker, is_mp=False):
        self.broker = broker
+        self.is_mp = is_mp
        self.args = broker.args
        self.log = broker.log
+        self.asrv = broker.asrv

        self.disconnect_func = None
        self.mutex = threading.Lock()
@@ -46,7 +48,6 @@ class HttpSrv(object):
        self.clients = {}
        self.workload = 0
        self.workload_thr_alive = False
-        self.auth = AuthSrv(self.args, self.log)

        env = jinja2.Environment()
        env.loader = jinja2.FileSystemLoader(os.path.join(E.mod, "web"))
@@ -66,7 +67,11 @@ class HttpSrv(object):
        if self.args.log_conn:
            self.log("%s %s" % addr, "|%sC-cthr" % ("-" * 5,), c="1;30")

-        thr = threading.Thread(target=self.thr_client, args=(sck, addr))
+        thr = threading.Thread(
+            target=self.thr_client,
+            args=(sck, addr),
+            name="httpsrv-{}-{}".format(addr[0].split(".", 2)[-1][-6:], addr[1]),
+        )
        thr.daemon = True
        thr.start()

@@ -84,13 +89,16 @@ class HttpSrv(object):
        cli = HttpConn(sck, addr, self)
        with self.mutex:
            self.clients[cli] = 0
-            self.workload += 50

-            if not self.workload_thr_alive:
-                self.workload_thr_alive = True
-                thr = threading.Thread(target=self.thr_workload)
-                thr.daemon = True
-                thr.start()
+            if self.is_mp:
+                self.workload += 50
+                if not self.workload_thr_alive:
+                    self.workload_thr_alive = True
+                    thr = threading.Thread(
+                        target=self.thr_workload, name="httpsrv-workload"
+                    )
+                    thr.daemon = True
+                    thr.start()

        try:
            if self.args.log_conn:
@@ -99,6 +107,7 @@ class HttpSrv(object):
            cli.run()

        finally:
+            sck = cli.s
            if self.args.log_conn:
                self.log("%s %s" % addr, "|%sC-cdone" % ("-" * 7,), c="1;30")

--- a/copyparty/ico.py
+++ b/copyparty/ico.py
@@ -0,0 +1,42 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import hashlib
+import colorsys
+
+from .__init__ import PY2
+
+
+class Ico(object):
+    def __init__(self, args):
+        self.args = args
+
+    def get(self, ext, as_thumb):
+        """placeholder to make thumbnails not break"""
+
+        h = hashlib.md5(ext.encode("utf-8")).digest()[:2]
+        if PY2:
+            h = [ord(x) for x in h]
+
+        c1 = colorsys.hsv_to_rgb(h[0] / 256.0, 1, 0.3)
+        c2 = colorsys.hsv_to_rgb(h[0] / 256.0, 1, 1)
+        c = list(c1) + list(c2)
+        c = [int(x * 255) for x in c]
+        c = "".join(["{:02x}".format(x) for x in c])
+
+        h = 30
+        if not self.args.th_no_crop and as_thumb:
+            w, h = self.args.th_size.split("x")
+            h = int(100 / (float(w) / float(h)))
+
+        svg = """\
+<?xml version="1.0" encoding="UTF-8"?>
+<svg version="1.1" viewBox="0 0 100 {}" xmlns="http://www.w3.org/2000/svg"><g>
+<rect width="100%" height="100%" fill="#{}" />
+<text x="50%" y="50%" dominant-baseline="middle" text-anchor="middle" xml:space="preserve"
+  fill="#{}" font-family="monospace" font-size="14px" style="letter-spacing:.5px">{}</text>
+</g></svg>
+"""
+        svg = svg.format(h, c[:6], c[6:], ext).encode("utf-8")
+
+        return ["image/svg+xml", svg]
--- a/copyparty/mtag.py
+++ b/copyparty/mtag.py
@@ -1,9 +1,9 @@
 # coding: utf-8
 from __future__ import print_function, unicode_literals

-import re
 import os
 import sys
+import json
 import shutil
 import subprocess as sp

@@ -14,6 +14,204 @@ if not PY2:
    unicode = str


+def have_ff(cmd):
+    if PY2:
+        cmd = (cmd + " -version").encode("ascii").split(b" ")
+        try:
+            sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE).communicate()
+            return True
+        except:
+            return False
+    else:
+        return bool(shutil.which(cmd))
+
+
+HAVE_FFMPEG = have_ff("ffmpeg")
+HAVE_FFPROBE = have_ff("ffprobe")
+
+
+class MParser(object):
+    def __init__(self, cmdline):
+        self.tag, args = cmdline.split("=", 1)
+        self.tags = self.tag.split(",")
+
+        self.timeout = 30
+        self.force = False
+        self.audio = "y"
+        self.ext = []
+
+        while True:
+            try:
+                bp = os.path.expanduser(args)
+                if os.path.exists(bp):
+                    self.bin = bp
+                    return
+            except:
+                pass
+
+            arg, args = args.split(",", 1)
+            arg = arg.lower()
+
+            if arg.startswith("a"):
+                self.audio = arg[1:]  # [r]equire [n]ot [d]ontcare
+                continue
+
+            if arg == "f":
+                self.force = True
+                continue
+
+            if arg.startswith("t"):
+                self.timeout = int(arg[1:])
+                continue
+
+            if arg.startswith("e"):
+                self.ext.append(arg[1:])
+                continue
+
+            raise Exception()
+
+
+def ffprobe(abspath):
+    cmd = [
+        b"ffprobe",
+        b"-hide_banner",
+        b"-show_streams",
+        b"-show_format",
+        b"--",
+        fsenc(abspath),
+    ]
+    p = sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE)
+    r = p.communicate()
+    txt = r[0].decode("utf-8", "replace")
+    return parse_ffprobe(txt)
+
+
+def parse_ffprobe(txt):
+    """ffprobe -show_format -show_streams"""
+    streams = []
+    fmt = {}
+    g = None
+    for ln in [x.rstrip("\r") for x in txt.split("\n")]:
+        try:
+            k, v = ln.split("=", 1)
+            g[k] = v
+            continue
+        except:
+            pass
+
+        if ln == "[STREAM]":
+            g = {}
+            streams.append(g)
+
+        if ln == "[FORMAT]":
+            g = {"codec_type": "format"}  # heh
+            fmt = g
+
+    streams = [fmt] + streams
+    ret = {}  # processed
+    md = {}  # raw tags
+
+    have = {}
+    for strm in streams:
+        typ = strm.get("codec_type")
+        if typ in have:
+            continue
+
+        have[typ] = True
+        kvm = []
+
+        if typ == "audio":
+            kvm = [
+                ["codec_name", "ac"],
+                ["channel_layout", "chs"],
+                ["sample_rate", ".hz"],
+                ["bit_rate", ".aq"],
+                ["duration", ".dur"],
+            ]
+
+        if typ == "video":
+            if strm.get("DISPOSITION:attached_pic") == "1" or fmt.get(
+                "format_name"
+            ) in ["mp3", "ogg", "flac"]:
+                continue
+
+            kvm = [
+                ["codec_name", "vc"],
+                ["pix_fmt", "pixfmt"],
+                ["r_frame_rate", ".fps"],
+                ["bit_rate", ".vq"],
+                ["width", ".resw"],
+                ["height", ".resh"],
+                ["duration", ".dur"],
+            ]
+
+        if typ == "format":
+            kvm = [["duration", ".dur"], ["bit_rate", ".q"]]
+
+        for sk, rk in kvm:
+            v = strm.get(sk)
+            if v is None:
+                continue
+
+            if rk.startswith("."):
+                try:
+                    v = float(v)
+                    v2 = ret.get(rk)
+                    if v2 is None or v > v2:
+                        ret[rk] = v
+                except:
+                    # sqlite doesnt care but the code below does
+                    if v not in ["N/A"]:
+                        ret[rk] = v
+            else:
+                ret[rk] = v
+
+    if ret.get("vc") == "ansi":  # shellscript
+        return {}, {}
+
+    for strm in streams:
+        for k, v in strm.items():
+            if not k.startswith("TAG:"):
+                continue
+
+            k = k[4:].strip()
+            v = v.strip()
+            if k and v:
+                md[k] = [v]
+
+    for k in [".q", ".vq", ".aq"]:
+        if k in ret:
+            ret[k] /= 1000  # bit_rate=320000
+
+    for k in [".q", ".vq", ".aq", ".resw", ".resh"]:
+        if k in ret:
+            ret[k] = int(ret[k])
+
+    if ".fps" in ret:
+        fps = ret[".fps"]
+        if "/" in fps:
+            fa, fb = fps.split("/")
+            fps = int(fa) * 1.0 / int(fb)
+
+        if fps < 1000 and fmt.get("format_name") not in ["image2", "png_pipe"]:
+            ret[".fps"] = round(fps, 3)
+        else:
+            del ret[".fps"]
+
+    if ".dur" in ret:
+        if ret[".dur"] < 0.1:
+            del ret[".dur"]
+            if ".q" in ret:
+                del ret[".q"]
+
+    if ".resw" in ret and ".resh" in ret:
+        ret["res"] = "{}x{}".format(ret[".resw"], ret[".resh"])
+
+    ret = {k: [0, v] for k, v in ret.items()}
+
+    return ret, md
+
+
 class MTag(object):
    def __init__(self, log_func, args):
        self.log_func = log_func
@@ -35,15 +233,7 @@ class MTag(object):
            self.get = self.get_ffprobe
            self.prefer_mt = True
            # about 20x slower
-            if PY2:
-                cmd = [b"ffprobe", b"-version"]
-                try:
-                    sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE)
-                except:
-                    self.usable = False
-            else:
-                if not shutil.which("ffprobe"):
-                    self.usable = False
+            self.usable = HAVE_FFPROBE

            if self.usable and WINDOWS and sys.version_info < (3, 8):
                self.usable = False
@@ -52,8 +242,10 @@ class MTag(object):
                self.log(msg, c=1)

        if not self.usable:
-            msg = "need mutagen{} to read media tags so please run this:\n  {} -m pip install --user mutagen"
-            self.log(msg.format(or_ffprobe, os.path.basename(sys.executable)), c=1)
+            msg = "need mutagen{} to read media tags so please run this:\n{}{} -m pip install --user mutagen\n"
+            self.log(
+                msg.format(or_ffprobe, " " * 37, os.path.basename(sys.executable)), c=1
+            )
            return

        # https://picard-docs.musicbrainz.org/downloads/MusicBrainz_Picard_Tag_Map.html
@@ -201,7 +393,7 @@ class MTag(object):
        import mutagen

        try:
-            md = mutagen.File(abspath, easy=True)
+            md = mutagen.File(fsenc(abspath), easy=True)
            x = md.info.length
        except Exception as ex:
            return {}
@@ -212,7 +404,7 @@ class MTag(object):
            try:
                q = int(md.info.bitrate / 1024)
            except:
-                q = int((os.path.getsize(abspath) / dur) / 128)
+                q = int((os.path.getsize(fsenc(abspath)) / dur) / 128)

            ret[".dur"] = [0, dur]
            ret[".q"] = [0, q]
@@ -222,101 +414,7 @@ class MTag(object):
        return self.normalize_tags(ret, md)

    def get_ffprobe(self, abspath):
-        cmd = [b"ffprobe", b"-hide_banner", b"--", fsenc(abspath)]
-        p = sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE)
-        r = p.communicate()
-        txt = r[1].decode("utf-8", "replace")
-        txt = [x.rstrip("\r") for x in txt.split("\n")]
-
-        """
-        note:
-          tags which contain newline will be truncated on first \n,
-          ffprobe emits \n and spacepads the : to align visually
-        note:
-          the Stream ln always mentions Audio: if audio
-          the Stream ln usually has kb/s, is more accurate
-          the Duration ln always has kb/s
-          the Metadata: after Chapter may contain BPM info,
-            title : Tempo: 126.0
-
-        Input #0, wav,
-          Metadata:
-            date : <OK>
-          Duration:
-            Chapter #
-            Metadata:
-              title : <NG>
-
-        Input #0, mp3,
-          Metadata:
-            album : <OK>
-          Duration:
-            Stream #0:0: Audio:
-            Stream #0:1: Video:
-            Metadata:
-              comment : <NG>
-        """
-
-        ptn_md_beg = re.compile("^( +)Metadata:$")
-        ptn_md_kv = re.compile("^( +)([^:]+) *: (.*)")
-        ptn_dur = re.compile("^ *Duration: ([^ ]+)(, |$)")
-        ptn_br1 = re.compile("^ *Duration: .*, bitrate: ([0-9]+) kb/s(, |$)")
-        ptn_br2 = re.compile("^ *Stream.*: Audio:.* ([0-9]+) kb/s(, |$)")
-        ptn_audio = re.compile("^ *Stream .*: Audio: ")
-        ptn_au_parent = re.compile("^ *(Input #|Stream .*: Audio: )")
-
-        ret = {}
-        md = {}
-        in_md = False
-        is_audio = False
-        au_parent = False
-        for ln in txt:
-            m = ptn_md_kv.match(ln)
-            if m and in_md and len(m.group(1)) == in_md:
-                _, k, v = [x.strip() for x in m.groups()]
-                if k != "" and v != "":
-                    md[k] = [v]
-                continue
-            else:
-                in_md = False
-
-            m = ptn_md_beg.match(ln)
-            if m and au_parent:
-                in_md = len(m.group(1)) + 2
-                continue
-
-            au_parent = bool(ptn_au_parent.search(ln))
-
-            if ptn_audio.search(ln):
-                is_audio = True
-
-            m = ptn_dur.search(ln)
-            if m:
-                sec = 0
-                tstr = m.group(1)
-                if tstr.lower() != "n/a":
-                    try:
-                        tf = tstr.split(",")[0].split(".")[0].split(":")
-                        for f in tf:
-                            sec *= 60
-                            sec += int(f)
-                    except:
-                        self.log("invalid timestr from ffprobe: [{}]".format(tstr), c=3)
-
-                ret[".dur"] = sec
-                m = ptn_br1.search(ln)
-                if m:
-                    ret[".q"] = m.group(1)
-
-            m = ptn_br2.search(ln)
-            if m:
-                ret[".q"] = m.group(1)
-
-        if not is_audio:
-            return {}
-
-        ret = {k: [0, v] for k, v in ret.items()}
-
+        ret, md = ffprobe(abspath)
        return self.normalize_tags(ret, md)

    def get_bin(self, parsers, abspath):
@@ -327,10 +425,10 @@ class MTag(object):
        env["PYTHONPATH"] = pypath

        ret = {}
-        for tagname, (binpath, timeout) in parsers.items():
+        for tagname, mp in parsers.items():
            try:
-                cmd = [sys.executable, binpath, abspath]
-                args = {"env": env, "timeout": timeout}
+                cmd = [sys.executable, mp.bin, abspath]
+                args = {"env": env, "timeout": mp.timeout}

                if WINDOWS:
                    args["creationflags"] = 0x4000
@@ -339,8 +437,16 @@ class MTag(object):

                cmd = [fsenc(x) for x in cmd]
                v = sp.check_output(cmd, **args).strip()
-                if v:
+                if not v:
+                    continue
+
+                if "," not in tagname:
                    ret[tagname] = v.decode("utf-8")
+                else:
+                    v = json.loads(v)
+                    for tag in tagname.split(","):
+                        if tag and tag in v:
+                            ret[tag] = v[tag]
            except:
                pass

--- a/copyparty/star.py
+++ b/copyparty/star.py
@@ -1,3 +1,6 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
 import os
 import tarfile
 import threading
@@ -42,7 +45,7 @@ class StreamTar(object):
        fmt = tarfile.GNU_FORMAT
        self.tar = tarfile.open(fileobj=self.qfile, mode="w|", format=fmt)

-        w = threading.Thread(target=self._gen)
+        w = threading.Thread(target=self._gen, name="star-gen")
        w.daemon = True
        w.start()

--- a/copyparty/sutil.py
+++ b/copyparty/sutil.py
@@ -1,3 +1,6 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
 import os
 import time
 import tempfile
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@@ -2,6 +2,7 @@
 from __future__ import print_function, unicode_literals

 import re
+import os
 import sys
 import time
 import threading
@@ -9,9 +10,11 @@ from datetime import datetime, timedelta
 import calendar

 from .__init__ import PY2, WINDOWS, MACOS, VT100
+from .util import mp
+from .authsrv import AuthSrv
 from .tcpsrv import TcpSrv
 from .up2k import Up2k
-from .util import mp
+from .th_srv import ThumbSrv, HAVE_PIL, HAVE_WEBP


 class SvcHub(object):
@@ -35,9 +38,28 @@ class SvcHub(object):
        self.log = self._log_disabled if args.q else self._log_enabled

        # initiate all services to manage
+        self.asrv = AuthSrv(self.args, self.log, False)
+        if args.ls:
+            self.asrv.dbg_ls()
+
        self.tcpsrv = TcpSrv(self)
        self.up2k = Up2k(self)

+        self.thumbsrv = None
+        if not args.no_thumb:
+            if HAVE_PIL:
+                if not HAVE_WEBP:
+                    args.th_no_webp = True
+                    msg = "setting --th-no-webp because either libwebp is not available or your Pillow is too old"
+                    self.log("thumb", msg, c=3)
+
+                self.thumbsrv = ThumbSrv(self)
+            else:
+                msg = "need Pillow to create thumbnails; for example:\n{}{} -m pip install --user Pillow\n"
+                self.log(
+                    "thumb", msg.format(" " * 37, os.path.basename(sys.executable)), c=3
+                )
+
        # decide which worker impl to use
        if self.check_mp_enable():
            from .broker_mp import BrokerMp as Broker
@@ -48,7 +70,7 @@ class SvcHub(object):
        self.broker = Broker(self)

    def run(self):
-        thr = threading.Thread(target=self.tcpsrv.run)
+        thr = threading.Thread(target=self.tcpsrv.run, name="svchub-main")
        thr.daemon = True
        thr.start()

@@ -63,7 +85,20 @@ class SvcHub(object):

            self.tcpsrv.shutdown()
            self.broker.shutdown()
-            print("nailed it")
+            if self.thumbsrv:
+                self.thumbsrv.shutdown()
+
+                for n in range(200):  # 10s
+                    time.sleep(0.05)
+                    if self.thumbsrv.stopped():
+                        break
+
+                    if n == 3:
+                        print("waiting for thumbsrv (10sec)...")
+
+            print("nailed it", end="")
+        finally:
+            print("\033[0m")

    def _log_disabled(self, src, msg, c=0):
        pass
--- a/copyparty/szip.py
+++ b/copyparty/szip.py
@@ -1,3 +1,6 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
 import os
 import time
 import zlib
@@ -87,7 +90,7 @@ def gen_hdr(h_pos, fn, sz, lastmod, utf8, crc32, pre_crc):
    ret += struct.pack("<LL", vsz, vsz)

    # windows support (the "?" replace below too)
-    fn = sanitize_fn(fn, "/")
+    fn = sanitize_fn(fn, ok="/")
    bfn = fn.encode("utf-8" if utf8 else "cp437", "replace").replace(b"?", b"_")

    z64_len = len(z64v) * 8 + 4 if z64v else 0
--- a/copyparty/th_cli.py
+++ b/copyparty/th_cli.py
@@ -0,0 +1,55 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import os
+
+from .util import Cooldown
+from .th_srv import thumb_path, THUMBABLE, FMT_FF
+
+
+class ThumbCli(object):
+    def __init__(self, broker):
+        self.broker = broker
+        self.args = broker.args
+        self.asrv = broker.asrv
+
+        # cache on both sides for less broker spam
+        self.cooldown = Cooldown(self.args.th_poke)
+
+    def get(self, ptop, rem, mtime, fmt):
+        ext = rem.rsplit(".")[-1].lower()
+        if ext not in THUMBABLE:
+            return None
+
+        is_vid = ext in FMT_FF
+        if is_vid and self.args.no_vthumb:
+            return None
+
+        if fmt == "j" and self.args.th_no_jpg:
+            fmt = "w"
+
+        if fmt == "w":
+            if self.args.th_no_webp or (is_vid and self.args.th_ff_jpg):
+                fmt = "j"
+
+        histpath = self.asrv.vfs.histtab[ptop]
+        tpath = thumb_path(histpath, rem, mtime, fmt)
+        ret = None
+        try:
+            st = os.stat(tpath)
+            if st.st_size:
+                ret = tpath
+            else:
+                return None
+        except:
+            pass
+
+        if ret:
+            tdir = os.path.dirname(tpath)
+            if self.cooldown.poke(tdir):
+                self.broker.put(False, "thumbsrv.poke", tdir)
+
+            return ret
+
+        x = self.broker.put(True, "thumbsrv.get", ptop, rem, mtime, fmt)
+        return x.get()
--- a/copyparty/th_srv.py
+++ b/copyparty/th_srv.py
@@ -0,0 +1,399 @@
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import os
+import time
+import shutil
+import base64
+import hashlib
+import threading
+import subprocess as sp
+
+from .__init__ import PY2
+from .util import fsenc, runcmd, Queue, Cooldown, BytesIO, min_ex
+from .mtag import HAVE_FFMPEG, HAVE_FFPROBE, ffprobe
+
+
+if not PY2:
+    unicode = str
+
+
+HAVE_PIL = False
+HAVE_HEIF = False
+HAVE_AVIF = False
+HAVE_WEBP = False
+
+try:
+    from PIL import Image, ImageOps
+
+    HAVE_PIL = True
+    try:
+        Image.new("RGB", (2, 2)).save(BytesIO(), format="webp")
+        HAVE_WEBP = True
+    except:
+        pass
+
+    try:
+        from pyheif_pillow_opener import register_heif_opener
+
+        register_heif_opener()
+        HAVE_HEIF = True
+    except:
+        pass
+
+    try:
+        import pillow_avif
+
+        HAVE_AVIF = True
+    except:
+        pass
+except:
+    pass
+
+# https://pillow.readthedocs.io/en/stable/handbook/image-file-formats.html
+# ffmpeg -formats
+FMT_PIL = "bmp dib gif icns ico jpg jpeg jp2 jpx pcx png pbm pgm ppm pnm sgi tga tif tiff webp xbm dds xpm"
+FMT_FF = "av1 asf avi flv m4v mkv mjpeg mjpg mpg mpeg mpg2 mpeg2 h264 avc h265 hevc mov 3gp mp4 ts mpegts nut ogv ogm rm vob webm wmv"
+
+if HAVE_HEIF:
+    FMT_PIL += " heif heifs heic heics"
+
+if HAVE_AVIF:
+    FMT_PIL += " avif avifs"
+
+FMT_PIL, FMT_FF = [{x: True for x in y.split(" ") if x} for y in [FMT_PIL, FMT_FF]]
+
+
+THUMBABLE = {}
+
+if HAVE_PIL:
+    THUMBABLE.update(FMT_PIL)
+
+if HAVE_FFMPEG and HAVE_FFPROBE:
+    THUMBABLE.update(FMT_FF)
+
+
+def thumb_path(histpath, rem, mtime, fmt):
+    # base16 = 16 = 256
+    # b64-lc = 38 = 1444
+    # base64 = 64 = 4096
+    try:
+        rd, fn = rem.rsplit("/", 1)
+    except:
+        rd = ""
+        fn = rem
+
+    if rd:
+        h = hashlib.sha512(fsenc(rd)).digest()[:24]
+        b64 = base64.urlsafe_b64encode(h).decode("ascii")[:24]
+        rd = "{}/{}/".format(b64[:2], b64[2:4]).lower() + b64
+    else:
+        rd = "top"
+
+    # could keep original filenames but this is safer re pathlen
+    h = hashlib.sha512(fsenc(fn)).digest()[:24]
+    fn = base64.urlsafe_b64encode(h).decode("ascii")[:24]
+
+    return "{}/th/{}/{}.{:x}.{}".format(
+        histpath, rd, fn, int(mtime), "webp" if fmt == "w" else "jpg"
+    )
+
+
+class ThumbSrv(object):
+    def __init__(self, hub):
+        self.hub = hub
+        self.asrv = hub.asrv
+        self.args = hub.args
+        self.log_func = hub.log
+
+        res = hub.args.th_size.split("x")
+        self.res = tuple([int(x) for x in res])
+        self.poke_cd = Cooldown(self.args.th_poke)
+
+        self.mutex = threading.Lock()
+        self.busy = {}
+        self.stopping = False
+        self.nthr = os.cpu_count() if hasattr(os, "cpu_count") else 4
+        self.q = Queue(self.nthr * 4)
+        for n in range(self.nthr):
+            t = threading.Thread(
+                target=self.worker, name="thumb-{}-{}".format(n, self.nthr)
+            )
+            t.daemon = True
+            t.start()
+
+        if not self.args.no_vthumb and (not HAVE_FFMPEG or not HAVE_FFPROBE):
+            missing = []
+            if not HAVE_FFMPEG:
+                missing.append("ffmpeg")
+
+            if not HAVE_FFPROBE:
+                missing.append("ffprobe")
+
+            msg = "cannot create video thumbnails because some of the required programs are not available: "
+            msg += ", ".join(missing)
+            self.log(msg, c=3)
+
+        t = threading.Thread(target=self.cleaner, name="thumb-cleaner")
+        t.daemon = True
+        t.start()
+
+    def log(self, msg, c=0):
+        self.log_func("thumb", msg, c)
+
+    def shutdown(self):
+        self.stopping = True
+        for _ in range(self.nthr):
+            self.q.put(None)
+
+    def stopped(self):
+        with self.mutex:
+            return not self.nthr
+
+    def get(self, ptop, rem, mtime, fmt):
+        histpath = self.asrv.vfs.histtab[ptop]
+        tpath = thumb_path(histpath, rem, mtime, fmt)
+        abspath = os.path.join(ptop, rem)
+        cond = threading.Condition()
+        with self.mutex:
+            try:
+                self.busy[tpath].append(cond)
+                self.log("wait {}".format(tpath))
+            except:
+                thdir = os.path.dirname(tpath)
+                try:
+                    os.makedirs(thdir)
+                except:
+                    pass
+
+                inf_path = os.path.join(thdir, "dir.txt")
+                if not os.path.exists(inf_path):
+                    with open(inf_path, "wb") as f:
+                        f.write(fsenc(os.path.dirname(abspath)))
+
+                self.busy[tpath] = [cond]
+                self.q.put([abspath, tpath])
+                self.log("conv {} \033[0m{}".format(tpath, abspath), c=6)
+
+        while not self.stopping:
+            with self.mutex:
+                if tpath not in self.busy:
+                    break
+
+            with cond:
+                cond.wait()
+
+        try:
+            st = os.stat(tpath)
+            if st.st_size:
+                return tpath
+        except:
+            pass
+
+        return None
+
+    def worker(self):
+        while not self.stopping:
+            task = self.q.get()
+            if not task:
+                break
+
+            abspath, tpath = task
+            ext = abspath.split(".")[-1].lower()
+            fun = None
+            if not os.path.exists(tpath):
+                if ext in FMT_PIL:
+                    fun = self.conv_pil
+                elif ext in FMT_FF:
+                    fun = self.conv_ffmpeg
+
+            if fun:
+                try:
+                    fun(abspath, tpath)
+                except:
+                    msg = "{} failed on {}\n{}"
+                    self.log(msg.format(fun.__name__, abspath, min_ex()), 3)
+                    with open(tpath, "wb") as _:
+                        pass
+
+            with self.mutex:
+                subs = self.busy[tpath]
+                del self.busy[tpath]
+
+            for x in subs:
+                with x:
+                    x.notify_all()
+
+        with self.mutex:
+            self.nthr -= 1
+
+    def conv_pil(self, abspath, tpath):
+        with Image.open(fsenc(abspath)) as im:
+            crop = not self.args.th_no_crop
+            res2 = self.res
+            if crop:
+                res2 = (res2[0] * 2, res2[1] * 2)
+
+            try:
+                im.thumbnail(res2, resample=Image.LANCZOS)
+                if crop:
+                    iw, ih = im.size
+                    dw, dh = self.res
+                    res = (min(iw, dw), min(ih, dh))
+                    im = ImageOps.fit(im, res, method=Image.LANCZOS)
+            except:
+                im.thumbnail(self.res)
+
+            fmts = ["RGB", "L"]
+            args = {"quality": 40}
+
+            if tpath.endswith(".webp"):
+                # quality 80 = pillow-default
+                # quality 75 = ffmpeg-default
+                # method 0 = pillow-default, fast
+                # method 4 = ffmpeg-default
+                # method 6 = max, slow
+                fmts += ["RGBA", "LA"]
+                args["method"] = 6
+            else:
+                pass  # default q = 75
+
+            if im.mode not in fmts:
+                print("conv {}".format(im.mode))
+                im = im.convert("RGB")
+
+            im.save(tpath, quality=40, method=6)
+
+    def conv_ffmpeg(self, abspath, tpath):
+        ret, _ = ffprobe(abspath)
+
+        ext = abspath.rsplit(".")[-1]
+        if ext in ["h264", "h265"]:
+            seek = []
+        else:
+            dur = ret[".dur"][1] if ".dur" in ret else 4
+            seek = "{:.0f}".format(dur / 3)
+            seek = [b"-ss", seek.encode("utf-8")]
+
+        scale = "scale={0}:{1}:force_original_aspect_ratio="
+        if self.args.th_no_crop:
+            scale += "decrease,setsar=1:1"
+        else:
+            scale += "increase,crop={0}:{1},setsar=1:1"
+
+        scale = scale.format(*list(self.res)).encode("utf-8")
+        # fmt: off
+        cmd = [
+            b"ffmpeg",
+            b"-nostdin",
+            b"-v", b"error",
+            b"-hide_banner"
+        ]
+        cmd += seek
+        cmd += [
+            b"-i", fsenc(abspath),
+            b"-vf", scale,
+            b"-vframes", b"1",
+        ]
+        # fmt: on
+
+        if tpath.endswith(".jpg"):
+            cmd += [
+                b"-q:v",
+                b"6",  # default=??
+            ]
+        else:
+            cmd += [
+                b"-q:v",
+                b"50",  # default=75
+                b"-compression_level:v",
+                b"6",  # default=4, 0=fast, 6=max
+            ]
+
+        cmd += [fsenc(tpath)]
+
+        ret, sout, serr = runcmd(*cmd)
+        if ret != 0:
+            msg = ["ff: {}".format(x) for x in serr.split("\n")]
+            self.log("FFmpeg failed:\n" + "\n".join(msg), c="1;30")
+            raise sp.CalledProcessError(ret, (cmd[0], b"...", cmd[-1]))
+
+    def poke(self, tdir):
+        if not self.poke_cd.poke(tdir):
+            return
+
+        ts = int(time.time())
+        try:
+            p1 = os.path.dirname(tdir)
+            p2 = os.path.dirname(p1)
+            for dp in [tdir, p1, p2]:
+                os.utime(fsenc(dp), (ts, ts))
+        except:
+            pass
+
+    def cleaner(self):
+        interval = self.args.th_clean
+        while True:
+            time.sleep(interval)
+            for vol, histpath in self.asrv.vfs.histtab.items():
+                if histpath.startswith(vol):
+                    self.log("\033[Jcln {}/\033[A".format(histpath))
+                else:
+                    self.log("\033[Jcln {} ({})/\033[A".format(histpath, vol))
+
+                self.clean(histpath)
+
+            self.log("\033[Jcln ok")
+
+    def clean(self, histpath):
+        # self.log("cln {}".format(histpath))
+        maxage = self.args.th_maxage
+        now = time.time()
+        prev_b64 = None
+        prev_fp = None
+        try:
+            ents = os.listdir(histpath)
+        except:
+            return
+
+        for f in sorted(ents):
+            fp = os.path.join(histpath, f)
+            cmp = fp.lower().replace("\\", "/")
+
+            # "top" or b64 prefix/full (a folder)
+            if len(f) <= 3 or len(f) == 24:
+                age = now - os.path.getmtime(fp)
+                if age > maxage:
+                    with self.mutex:
+                        safe = True
+                        for k in self.busy.keys():
+                            if k.lower().replace("\\", "/").startswith(cmp):
+                                safe = False
+                                break
+
+                        if safe:
+                            self.log("rm -rf [{}]".format(fp))
+                            shutil.rmtree(fp, ignore_errors=True)
+                else:
+                    self.clean(fp)
+                continue
+
+            # thumb file
+            try:
+                b64, ts, ext = f.split(".")
+                if len(b64) != 24 or len(ts) != 8 or ext not in ["jpg", "webp"]:
+                    raise Exception()
+
+                ts = int(ts, 16)
+            except:
+                if f != "dir.txt":
+                    self.log("foreign file in thumbs dir: [{}]".format(fp), 1)
+
+                continue
+
+            if b64 == prev_b64:
+                self.log("rm replaced [{}]".format(fp))
+                os.unlink(prev_fp)
+
+            prev_b64 = b64
+            prev_fp = fp
--- a/copyparty/u2idx.py
+++ b/copyparty/u2idx.py
@@ -7,7 +7,7 @@ import time
 import threading
 from datetime import datetime

-from .util import u8safe, s3dec, html_escape, Pebkac
+from .util import s3dec, Pebkac, min_ex
 from .up2k import up2k_wark_from_hashlist


@@ -19,10 +19,11 @@ except:


 class U2idx(object):
-    def __init__(self, args, log_func):
-        self.args = args
-        self.log_func = log_func
-        self.timeout = args.srch_time
+    def __init__(self, conn):
+        self.log_func = conn.log_func
+        self.asrv = conn.asrv
+        self.args = conn.args
+        self.timeout = self.args.srch_time

        if not HAVE_SQLITE3:
            self.log("could not load sqlite3; searchign wqill be disabled")
@@ -47,57 +48,143 @@ class U2idx(object):
        fhash = body["hash"]
        wark = up2k_wark_from_hashlist(self.args.salt, fsize, fhash)

-        uq = "substr(w,1,16) = ? and w = ?"
+        uq = "where substr(w,1,16) = ? and w = ?"
        uv = [wark[:16], wark]

        try:
-            return self.run_query(vols, uq, uv, {})[0]
-        except Exception as ex:
-            raise Pebkac(500, repr(ex))
+            return self.run_query(vols, uq, uv)[0]
+        except:
+            raise Pebkac(500, min_ex())

    def get_cur(self, ptop):
        cur = self.cur.get(ptop)
        if cur:
            return cur

-        cur = _open(ptop)
-        if not cur:
+        histpath = self.asrv.vfs.histtab[ptop]
+        db_path = os.path.join(histpath, "up2k.db")
+        if not os.path.exists(db_path):
            return None

+        cur = sqlite3.connect(db_path).cursor()
        self.cur[ptop] = cur
        return cur

-    def search(self, vols, body):
+    def search(self, vols, uq):
        """search by query params"""
        if not HAVE_SQLITE3:
            return []

-        qobj = {}
-        _conv_sz(qobj, body, "sz_min", "up.sz >= ?")
-        _conv_sz(qobj, body, "sz_max", "up.sz <= ?")
-        _conv_dt(qobj, body, "dt_min", "up.mt >= ?")
-        _conv_dt(qobj, body, "dt_max", "up.mt <= ?")
-        for seg, dk in [["path", "up.rd"], ["name", "up.fn"]]:
-            if seg in body:
-                _conv_txt(qobj, body, seg, dk)
+        q = ""
+        va = []
+        joins = ""
+        is_key = True
+        is_size = False
+        is_date = False
+        kw_key = ["(", ")", "and ", "or ", "not "]
+        kw_val = ["==", "=", "!=", ">", ">=", "<", "<=", "like "]
+        ptn_mt = re.compile(r"^\.?[a-z]+$")
+        mt_ctr = 0
+        mt_keycmp = "substr(up.w,1,16)"
+        mt_keycmp2 = None

-        uq, uv = _sqlize(qobj)
+        while True:
+            uq = uq.strip()
+            if not uq:
+                break

-        qobj = {}
-        if "tags" in body:
-            _conv_txt(qobj, body, "tags", "mt.v")
+            ok = False
+            for kw in kw_key + kw_val:
+                if uq.startswith(kw):
+                    is_key = kw in kw_key
+                    uq = uq[len(kw) :]
+                    ok = True
+                    q += kw
+                    break

-        if "adv" in body:
-            _conv_adv(qobj, body, "adv")
+            if ok:
+                continue
+
+            v, uq = (uq + " ").split(" ", 1)
+            if is_key:
+                is_key = False
+
+                if v == "size":
+                    v = "up.sz"
+                    is_size = True
+
+                elif v == "date":
+                    v = "up.mt"
+                    is_date = True
+
+                elif v == "path":
+                    v = "up.rd"
+
+                elif v == "name":
+                    v = "up.fn"
+
+                elif v == "tags" or ptn_mt.match(v):
+                    mt_ctr += 1
+                    mt_keycmp2 = "mt{}.w".format(mt_ctr)
+                    joins += "inner join mt mt{} on {} = {} ".format(
+                        mt_ctr, mt_keycmp, mt_keycmp2
+                    )
+                    mt_keycmp = mt_keycmp2
+                    if v == "tags":
+                        v = "mt{0}.v".format(mt_ctr)
+                    else:
+                        v = "+mt{0}.k = '{1}' and mt{0}.v".format(mt_ctr, v)
+
+                else:
+                    raise Pebkac(400, "invalid key [" + v + "]")
+
+                q += v + " "
+                continue
+
+            head = ""
+            tail = ""
+
+            if is_date:
+                is_date = False
+                v = v.upper().rstrip("Z").replace(",", " ").replace("T", " ")
+                while "  " in v:
+                    v = v.replace("  ", " ")
+
+                for fmt in [
+                    "%Y-%m-%d %H:%M:%S",
+                    "%Y-%m-%d %H:%M",
+                    "%Y-%m-%d %H",
+                    "%Y-%m-%d",
+                ]:
+                    try:
+                        v = datetime.strptime(v, fmt).timestamp()
+                        break
+                    except:
+                        pass
+
+            elif is_size:
+                is_size = False
+                v = int(float(v) * 1024 * 1024)
+
+            else:
+                if v.startswith("*"):
+                    head = "'%'||"
+                    v = v[1:]
+
+                if v.endswith("*"):
+                    tail = "||'%'"
+                    v = v[:-1]
+
+            q += " {}?{} ".format(head, tail)
+            va.append(v)
+            is_key = True

        try:
-            return self.run_query(vols, uq, uv, qobj)
+            return self.run_query(vols, joins + "where " + q, va)
        except Exception as ex:
            raise Pebkac(500, repr(ex))

-    def run_query(self, vols, uq, uv, targs):
-        self.log("qs: {} {} ,  {}".format(uq, repr(uv), repr(targs)))
-
+    def run_query(self, vols, uq, uv):
        done_flag = []
        self.active_id = "{:.6f}_{}".format(
            time.time(), threading.current_thread().ident
@@ -108,39 +195,19 @@ class U2idx(object):
                self.active_id,
                done_flag,
            ),
+            name="u2idx-terminator",
        )
        thr.daemon = True
        thr.start()

-        if not targs:
-            if not uq:
-                q = "select * from up"
-                v = ()
-            else:
-                q = "select * from up where " + uq
-                v = tuple(uv)
+        if not uq or not uv:
+            q = "select * from up"
+            v = ()
        else:
-            q = "select up.* from up"
-            keycmp = "substr(up.w,1,16)"
-            where = []
-            v = []
-            ctr = 0
-            for tq, tv in sorted(targs.items()):
-                ctr += 1
-                tq = tq.split("\n")[0]
-                keycmp2 = "mt{}.w".format(ctr)
-                q += " inner join mt mt{} on {} = {}".format(ctr, keycmp, keycmp2)
-                keycmp = keycmp2
-                where.append(tq.replace("mt.", keycmp[:-1]))
-                v.append(tv)
+            q = "select up.* from up " + uq
+            v = tuple(uv)

-            if uq:
-                where.append(uq)
-                v.extend(uv)
-
-            q += " where " + (" and ".join(where))
-
-        # self.log("q2: {} {}".format(q, repr(v)))
+        self.log("qs: {!r} {!r}".format(q, v))

        ret = []
        lim = 1000
@@ -163,7 +230,7 @@ class U2idx(object):
                if rd.startswith("//") or fn.startswith("//"):
                    rd, fn = s3dec(rd, fn)

-                rp = os.path.join(vtop, rd, fn).replace("\\", "/")
+                rp = "/".join([x for x in [vtop, rd, fn] if x])
                sret.append({"ts": int(ts), "sz": sz, "rp": rp, "w": w[:16]})

            for hit in sret:
@@ -178,6 +245,7 @@ class U2idx(object):
                hit["tags"] = tags

            ret.extend(sret)
+            # print("[{}] {}".format(ptop, sret))

        done_flag.append(True)
        self.active_id = None
@@ -198,84 +266,3 @@ class U2idx(object):

        if identifier == self.active_id:
            self.active_cur.connection.interrupt()
-
-
-def _open(ptop):
-    db_path = os.path.join(ptop, ".hist", "up2k.db")
-    if os.path.exists(db_path):
-        return sqlite3.connect(db_path).cursor()
-
-
-def _conv_sz(q, body, k, sql):
-    if k in body:
-        q[sql] = int(float(body[k]) * 1024 * 1024)
-
-
-def _conv_dt(q, body, k, sql):
-    if k not in body:
-        return
-
-    v = body[k].upper().rstrip("Z").replace(",", " ").replace("T", " ")
-    while "  " in v:
-        v = v.replace("  ", " ")
-
-    for fmt in ["%Y-%m-%d %H:%M:%S", "%Y-%m-%d %H:%M", "%Y-%m-%d %H", "%Y-%m-%d"]:
-        try:
-            ts = datetime.strptime(v, fmt).timestamp()
-            break
-        except:
-            ts = None
-
-    if ts:
-        q[sql] = ts
-
-
-def _conv_txt(q, body, k, sql):
-    for v in body[k].split(" "):
-        inv = ""
-        if v.startswith("-"):
-            inv = "not"
-            v = v[1:]
-
-        if not v:
-            continue
-
-        head = "'%'||"
-        if v.startswith("^"):
-            head = ""
-            v = v[1:]
-
-        tail = "||'%'"
-        if v.endswith("$"):
-            tail = ""
-            v = v[:-1]
-
-        qk = "{} {} like {}?{}".format(sql, inv, head, tail)
-        q[qk + "\n" + v] = u8safe(v)
-
-
-def _conv_adv(q, body, k):
-    ptn = re.compile(r"^(\.?[a-z]+) *(==?|!=|<=?|>=?) *(.*)$")
-
-    parts = body[k].split(" ")
-    parts = [x.strip() for x in parts if x.strip()]
-
-    for part in parts:
-        m = ptn.match(part)
-        if not m:
-            p = html_escape(part)
-            raise Pebkac(400, "invalid argument [" + p + "]")
-
-        k, op, v = m.groups()
-        qk = "mt.k = '{}' and mt.v {} ?".format(k, op)
-        q[qk + "\n" + v] = u8safe(v)
-
-
-def _sqlize(qobj):
-    keys = []
-    values = []
-    for k, v in sorted(qobj.items()):
-        keys.append(k.split("\n")[0])
-        values.append(v)
-
-    return " and ".join(keys), values
--- a/copyparty/up2k.py
+++ b/copyparty/up2k.py
--- a/copyparty/util.py
+++ b/copyparty/util.py
@@ -15,8 +15,9 @@ import threading
 import mimetypes
 import contextlib
 import subprocess as sp  # nosec
+from datetime import datetime

-from .__init__ import PY2, WINDOWS
+from .__init__ import PY2, WINDOWS, ANYWIN
 from .stolen import surrogateescape

 FAKE_MP = False
@@ -34,10 +35,12 @@ if not PY2:
    from urllib.parse import unquote_to_bytes as unquote
    from urllib.parse import quote_from_bytes as quote
    from queue import Queue
+    from io import BytesIO
 else:
    from urllib import unquote  # pylint: disable=no-name-in-module
    from urllib import quote  # pylint: disable=no-name-in-module
    from Queue import Queue  # pylint: disable=import-error,no-name-in-module
+    from StringIO import StringIO as BytesIO

 surrogateescape.register_surrogateescape()
 FS_ENCODING = sys.getfilesystemencoding()
@@ -45,10 +48,14 @@ if WINDOWS and PY2:
    FS_ENCODING = "utf-8"


+HTTP_TS_FMT = "%a, %d %b %Y %H:%M:%S GMT"
+
+
 HTTPCODE = {
    200: "OK",
    204: "No Content",
    206: "Partial Content",
+    302: "Found",
    304: "Not Modified",
    400: "Bad Request",
    403: "Forbidden",
@@ -72,6 +79,13 @@ IMPLICATIONS = [
 ]


+MIMES = {
+    "md": "text/plain; charset=UTF-8",
+    "opus": "audio/ogg; codecs=opus",
+    "webp": "image/webp",
+}
+
+
 REKOBO_KEY = {
    v: ln.split(" ", 1)[0]
    for ln in """
@@ -123,6 +137,32 @@ class Counter(object):
            self.v = absval


+class Cooldown(object):
+    def __init__(self, maxage):
+        self.maxage = maxage
+        self.mutex = threading.Lock()
+        self.hist = {}
+        self.oldest = 0
+
+    def poke(self, key):
+        with self.mutex:
+            now = time.time()
+
+            ret = False
+            v = self.hist.get(key, 0)
+            if now - v > self.maxage:
+                self.hist[key] = now
+                ret = True
+
+            if self.oldest - now > self.maxage * 2:
+                self.hist = {
+                    k: v for k, v in self.hist.items() if now - v < self.maxage
+                }
+                self.oldest = sorted(self.hist.values())[0]
+
+            return ret
+
+
 class Unrecv(object):
    """
    undo any number of socket recv ops
@@ -153,7 +193,7 @@ class ProgressPrinter(threading.Thread):
    """

    def __init__(self):
-        threading.Thread.__init__(self)
+        threading.Thread.__init__(self, name="pp")
        self.daemon = True
        self.msg = None
        self.end = False
@@ -168,6 +208,8 @@ class ProgressPrinter(threading.Thread):

            msg = self.msg
            uprint(" {}\033[K\r".format(msg))
+            if PY2:
+                sys.stdout.flush()

        print("\033[K", end="")
        sys.stdout.flush()  # necessary on win10 even w/ stderr btw
@@ -212,6 +254,17 @@ def trace(*args, **kwargs):
    nuprint(msg)


+def min_ex():
+    et, ev, tb = sys.exc_info()
+    tb = traceback.extract_tb(tb, 2)
+    ex = [
+        "{} @ {} <{}>: {}".format(fp.split(os.sep)[-1], ln, fun, txt)
+        for fp, ln, fun, txt in tb
+    ]
+    ex.append("{}: {}".format(et.__name__, ev))
+    return "\n".join(ex)
+
+
@contextlib.contextmanager
 def ren_open(fname, *args, **kwargs):
    fdir = kwargs.pop("fdir", None)
@@ -222,6 +275,11 @@ def ren_open(fname, *args, **kwargs):
            yield {"orz": [f, fname]}
            return

+    if suffix:
+        ext = fname.split(".")[-1]
+        if len(ext) < 7:
+            suffix += "." + ext
+
    orig_name = fname
    bname = fname
    ext = ""
@@ -242,7 +300,7 @@ def ren_open(fname, *args, **kwargs):
            else:
                fpath = fname

-            if suffix and os.path.exists(fpath):
+            if suffix and os.path.exists(fsenc(fpath)):
                fpath += suffix
                fname += suffix
                ext += suffix
@@ -521,8 +579,10 @@ def read_header(sr):
            else:
                continue

-        sr.unrecv(ret[ofs + 4 :])
-        return ret[:ofs].decode("utf-8", "surrogateescape").split("\r\n")
+        if len(ret) > ofs + 4:
+            sr.unrecv(ret[ofs + 4 :])
+
+        return ret[:ofs].decode("utf-8", "surrogateescape").lstrip("\r\n").split("\r\n")


 def humansize(sz, terse=False):
@@ -576,12 +636,12 @@ def undot(path):
    return "/".join(ret)


-def sanitize_fn(fn, ok=""):
+def sanitize_fn(fn, ok="", bad=[]):
    if "/" not in ok:
        fn = fn.replace("\\", "/").split("/")[-1]

-    if WINDOWS:
-        for bad, good in [x for x in [
+    if ANYWIN:
+        remap = [
            ["<", "＜"],
            [">", "＞"],
            [":", "："],
@@ -591,15 +651,16 @@ def sanitize_fn(fn, ok=""):
            ["|", "｜"],
            ["?", "？"],
            ["*", "＊"],
-        ] if x[0] not in ok]:
-            fn = fn.replace(bad, good)
+        ]
+        for a, b in [x for x in remap if x[0] not in ok]:
+            fn = fn.replace(a, b)

-        bad = ["con", "prn", "aux", "nul"]
+        bad.extend(["con", "prn", "aux", "nul"])
        for n in range(1, 10):
            bad += "com{0} lpt{0}".format(n).split(" ")

-        if fn.lower() in bad:
-            fn = "_" + fn
+    if fn.lower() in bad:
+        fn = "_" + fn

    return fn.strip()

@@ -615,17 +676,29 @@ def exclude_dotfiles(filepaths):
    return [x for x in filepaths if not x.split("/")[-1].startswith(".")]


-def html_escape(s, quote=False):
+def http_ts(ts):
+    file_dt = datetime.utcfromtimestamp(ts)
+    return file_dt.strftime(HTTP_TS_FMT)
+
+
+def html_escape(s, quote=False, crlf=False):
    """html.escape but also newlines"""
-    s = (
-        s.replace("&", "&amp;")
-        .replace("<", "&lt;")
-        .replace(">", "&gt;")
-        .replace("\r", "&#13;")
-        .replace("\n", "&#10;")
-    )
+    s = s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
    if quote:
        s = s.replace('"', "&quot;").replace("'", "&#x27;")
+    if crlf:
+        s = s.replace("\r", "&#13;").replace("\n", "&#10;")
+
+    return s
+
+
+def html_bescape(s, quote=False, crlf=False):
+    """html.escape but bytestrings"""
+    s = s.replace(b"&", b"&amp;").replace(b"<", b"&lt;").replace(b">", b"&gt;")
+    if quote:
+        s = s.replace(b'"', b"&quot;").replace(b"'", b"&#x27;")
+    if crlf:
+        s = s.replace(b"\r", b"&#13;").replace(b"\n", b"&#10;")

    return s

@@ -714,6 +787,8 @@ def s3dec(rd, fn):


 def atomic_move(src, dst):
+    src = fsenc(src)
+    dst = fsenc(dst)
    if not PY2:
        os.replace(src, dst)
    else:
@@ -792,13 +867,14 @@ def yieldfile(fn):


 def hashcopy(actor, fin, fout):
-    u32_lim = int((2 ** 31) * 0.9)
+    is_mp = actor.is_mp
    hashobj = hashlib.sha512()
    tlen = 0
    for buf in fin:
-        actor.workload += 1
-        if actor.workload > u32_lim:
-            actor.workload = 100  # prevent overflow
+        if is_mp:
+            actor.workload += 1
+            if actor.workload > 2 ** 31:
+                actor.workload = 100

        tlen += len(buf)
        hashobj.update(buf)
@@ -810,12 +886,17 @@ def hashcopy(actor, fin, fout):
    return tlen, hashobj.hexdigest(), digest_b64


-def sendfile_py(lower, upper, f, s):
+def sendfile_py(lower, upper, f, s, actor=None):
    remains = upper - lower
    f.seek(lower)
    while remains > 0:
+        if actor:
+            actor.workload += 1
+            if actor.workload > 2 ** 31:
+                actor.workload = 100
+
        # time.sleep(0.01)
-        buf = f.read(min(4096, remains))
+        buf = f.read(min(1024 * 32, remains))
        if not buf:
            return remains

@@ -905,18 +986,20 @@ def unescape_cookie(orig):
    return ret


-def guess_mime(url):
-    if url.endswith(".md"):
-        return ["text/plain; charset=UTF-8"]
+def guess_mime(url, fallback="application/octet-stream"):
+    try:
+        _, ext = url.rsplit(".", 1)
+    except:
+        return fallback

-    return mimetypes.guess_type(url)
+    return MIMES.get(ext) or mimetypes.guess_type(url)[0] or fallback


 def runcmd(*argv):
    p = sp.Popen(argv, stdout=sp.PIPE, stderr=sp.PIPE)
    stdout, stderr = p.communicate()
-    stdout = stdout.decode("utf-8")
-    stderr = stderr.decode("utf-8")
+    stdout = stdout.decode("utf-8", "replace")
+    stderr = stderr.decode("utf-8", "replace")
    return [p.returncode, stdout, stderr]


@@ -928,6 +1011,17 @@ def chkcmd(*argv):
    return sout, serr


+def mchkcmd(argv, timeout=10):
+    if PY2:
+        with open(os.devnull, "wb") as f:
+            rv = sp.call(argv, stdout=f, stderr=f)
+    else:
+        rv = sp.call(argv, stdout=sp.DEVNULL, stderr=sp.DEVNULL, timeout=timeout)
+
+    if rv:
+        raise sp.CalledProcessError(rv, (argv[0], b"...", argv[-1]))
+
+
 def gzip_orig_sz(fn):
    with open(fsenc(fn), "rb") as f:
        f.seek(-4, 2)
--- a/copyparty/web/baguettebox.js
+++ b/copyparty/web/baguettebox.js
@@ -0,0 +1,583 @@
+/*!
+ * baguetteBox.js
+ * @author  feimosi
+ * @version 1.11.1-mod
+ * @url https://github.com/feimosi/baguetteBox.js
+ */
+
+window.baguetteBox = (function () {
+    'use strict';
+
+    var options = {},
+        defaults = {
+            captions: true,
+            buttons: 'auto',
+            noScrollbars: false,
+            bodyClass: 'baguetteBox-open',
+            titleTag: false,
+            async: false,
+            preload: 2,
+            animation: 'slideIn',
+            afterShow: null,
+            afterHide: null,
+            onChange: null,
+        },
+        overlay, slider, previousButton, nextButton, closeButton,
+        currentGallery = [],
+        currentIndex = 0,
+        isOverlayVisible = false,
+        touch = {},  // start-pos
+        touchFlag = false,  // busy
+        regex = /.+\.(gif|jpe?g|png|webp)/i,
+        data = {},  // all galleries
+        imagesElements = [],
+        documentLastFocus = null;
+
+    var overlayClickHandler = function (event) {
+        if (event.target.id.indexOf('baguette-img') !== -1) {
+            hideOverlay();
+        }
+    };
+
+    var touchstartHandler = function (event) {
+        touch.count++;
+        if (touch.count > 1) {
+            touch.multitouch = true;
+        }
+        touch.startX = event.changedTouches[0].pageX;
+        touch.startY = event.changedTouches[0].pageY;
+    };
+    var touchmoveHandler = function (event) {
+        if (touchFlag || touch.multitouch) {
+            return;
+        }
+        event.preventDefault ? event.preventDefault() : event.returnValue = false;
+        var touchEvent = event.touches[0] || event.changedTouches[0];
+        if (touchEvent.pageX - touch.startX > 40) {
+            touchFlag = true;
+            showPreviousImage();
+        } else if (touchEvent.pageX - touch.startX < -40) {
+            touchFlag = true;
+            showNextImage();
+        } else if (touch.startY - touchEvent.pageY > 100) {
+            hideOverlay();
+        }
+    };
+    var touchendHandler = function () {
+        touch.count--;
+        if (touch.count <= 0) {
+            touch.multitouch = false;
+        }
+        touchFlag = false;
+    };
+    var contextmenuHandler = function () {
+        touchendHandler();
+    };
+
+    var trapFocusInsideOverlay = function (event) {
+        if (overlay.style.display === 'block' && (overlay.contains && !overlay.contains(event.target))) {
+            event.stopPropagation();
+            initFocus();
+        }
+    };
+
+    function run(selector, userOptions) {
+        buildOverlay();
+        removeFromCache(selector);
+        return bindImageClickListeners(selector, userOptions);
+    }
+
+    function bindImageClickListeners(selector, userOptions) {
+        var galleryNodeList = document.querySelectorAll(selector);
+        var selectorData = {
+            galleries: [],
+            nodeList: galleryNodeList
+        };
+        data[selector] = selectorData;
+
+        [].forEach.call(galleryNodeList, function (galleryElement) {
+            if (userOptions && userOptions.filter) {
+                regex = userOptions.filter;
+            }
+
+            var tagsNodeList = [];
+            if (galleryElement.tagName === 'A') {
+                tagsNodeList = [galleryElement];
+            } else {
+                tagsNodeList = galleryElement.getElementsByTagName('a');
+            }
+
+            tagsNodeList = [].filter.call(tagsNodeList, function (element) {
+                if (element.className.indexOf(userOptions && userOptions.ignoreClass) === -1) {
+                    return regex.test(element.href);
+                }
+            });
+            if (tagsNodeList.length === 0) {
+                return;
+            }
+
+            var gallery = [];
+            [].forEach.call(tagsNodeList, function (imageElement, imageIndex) {
+                var imageElementClickHandler = function (event) {
+                    if (event && event.ctrlKey)
+                        return true;
+
+                    event.preventDefault ? event.preventDefault() : event.returnValue = false;
+                    prepareOverlay(gallery, userOptions);
+                    showOverlay(imageIndex);
+                };
+                var imageItem = {
+                    eventHandler: imageElementClickHandler,
+                    imageElement: imageElement
+                };
+                bind(imageElement, 'click', imageElementClickHandler);
+                gallery.push(imageItem);
+            });
+            selectorData.galleries.push(gallery);
+        });
+
+        return selectorData.galleries;
+    }
+
+    function clearCachedData() {
+        for (var selector in data) {
+            if (data.hasOwnProperty(selector)) {
+                removeFromCache(selector);
+            }
+        }
+    }
+
+    function removeFromCache(selector) {
+        if (!data.hasOwnProperty(selector)) {
+            return;
+        }
+        var galleries = data[selector].galleries;
+        [].forEach.call(galleries, function (gallery) {
+            [].forEach.call(gallery, function (imageItem) {
+                unbind(imageItem.imageElement, 'click', imageItem.eventHandler);
+            });
+
+            if (currentGallery === gallery) {
+                currentGallery = [];
+            }
+        });
+
+        delete data[selector];
+    }
+
+    function buildOverlay() {
+        overlay = ebi('baguetteBox-overlay');
+        if (overlay) {
+            slider = ebi('baguetteBox-slider');
+            previousButton = ebi('previous-button');
+            nextButton = ebi('next-button');
+            closeButton = ebi('close-button');
+            return;
+        }
+        overlay = mknod('div');
+        overlay.setAttribute('role', 'dialog');
+        overlay.id = 'baguetteBox-overlay';
+        document.getElementsByTagName('body')[0].appendChild(overlay);
+
+        slider = mknod('div');
+        slider.id = 'baguetteBox-slider';
+        overlay.appendChild(slider);
+
+        previousButton = mknod('button');
+        previousButton.setAttribute('type', 'button');
+        previousButton.id = 'previous-button';
+        previousButton.setAttribute('aria-label', 'Previous');
+        previousButton.innerHTML = '&lt;';
+        overlay.appendChild(previousButton);
+
+        nextButton = mknod('button');
+        nextButton.setAttribute('type', 'button');
+        nextButton.id = 'next-button';
+        nextButton.setAttribute('aria-label', 'Next');
+        nextButton.innerHTML = '&gt;';
+        overlay.appendChild(nextButton);
+
+        closeButton = mknod('button');
+        closeButton.setAttribute('type', 'button');
+        closeButton.id = 'close-button';
+        closeButton.setAttribute('aria-label', 'Close');
+        closeButton.innerHTML = '&times;';
+        overlay.appendChild(closeButton);
+
+        previousButton.className = nextButton.className = closeButton.className = 'baguetteBox-button';
+
+        bindEvents();
+    }
+
+    function keyDownHandler(event) {
+        switch (event.keyCode) {
+            case 37: // Left
+                showPreviousImage();
+                break;
+            case 39: // Right
+                showNextImage();
+                break;
+            case 27: // Esc
+                hideOverlay();
+                break;
+            case 36: // Home
+                showFirstImage(event);
+                break;
+            case 35: // End
+                showLastImage(event);
+                break;
+        }
+    }
+
+    var passiveSupp = false;
+    try {
+        var opts = {
+            get passive() {
+                passiveSupp = true;
+                return false;
+            }
+        };
+        window.addEventListener('test', null, opts);
+        window.removeEventListener('test', null, opts);
+    }
+    catch (ex) {
+        passiveSupp = false;
+    }
+    var passiveEvent = passiveSupp ? { passive: false } : null;
+    var nonPassiveEvent = passiveSupp ? { passive: true } : null;
+
+    function bindEvents() {
+        bind(overlay, 'click', overlayClickHandler);
+        bind(previousButton, 'click', showPreviousImage);
+        bind(nextButton, 'click', showNextImage);
+        bind(closeButton, 'click', hideOverlay);
+        bind(slider, 'contextmenu', contextmenuHandler);
+        bind(overlay, 'touchstart', touchstartHandler, nonPassiveEvent);
+        bind(overlay, 'touchmove', touchmoveHandler, passiveEvent);
+        bind(overlay, 'touchend', touchendHandler);
+        bind(document, 'focus', trapFocusInsideOverlay, true);
+    }
+
+    function unbindEvents() {
+        unbind(overlay, 'click', overlayClickHandler);
+        unbind(previousButton, 'click', showPreviousImage);
+        unbind(nextButton, 'click', showNextImage);
+        unbind(closeButton, 'click', hideOverlay);
+        unbind(slider, 'contextmenu', contextmenuHandler);
+        unbind(overlay, 'touchstart', touchstartHandler, nonPassiveEvent);
+        unbind(overlay, 'touchmove', touchmoveHandler, passiveEvent);
+        unbind(overlay, 'touchend', touchendHandler);
+        unbind(document, 'focus', trapFocusInsideOverlay, true);
+    }
+
+    function prepareOverlay(gallery, userOptions) {
+        if (currentGallery === gallery) {
+            return;
+        }
+        currentGallery = gallery;
+        setOptions(userOptions);
+        slider.innerHTML = '';
+        imagesElements.length = 0;
+
+        var imagesFiguresIds = [];
+        var imagesCaptionsIds = [];
+        for (var i = 0, fullImage; i < gallery.length; i++) {
+            fullImage = mknod('div');
+            fullImage.className = 'full-image';
+            fullImage.id = 'baguette-img-' + i;
+            imagesElements.push(fullImage);
+
+            imagesFiguresIds.push('baguetteBox-figure-' + i);
+            imagesCaptionsIds.push('baguetteBox-figcaption-' + i);
+            slider.appendChild(imagesElements[i]);
+        }
+        overlay.setAttribute('aria-labelledby', imagesFiguresIds.join(' '));
+        overlay.setAttribute('aria-describedby', imagesCaptionsIds.join(' '));
+    }
+
+    function setOptions(newOptions) {
+        if (!newOptions) {
+            newOptions = {};
+        }
+        for (var item in defaults) {
+            options[item] = defaults[item];
+            if (typeof newOptions[item] !== 'undefined') {
+                options[item] = newOptions[item];
+            }
+        }
+        slider.style.transition = (options.animation === 'fadeIn' ? 'opacity .4s ease' :
+            options.animation === 'slideIn' ? '' : 'none');
+
+        if (options.buttons === 'auto' && ('ontouchstart' in window || currentGallery.length === 1)) {
+            options.buttons = false;
+        }
+
+        previousButton.style.display = nextButton.style.display = (options.buttons ? '' : 'none');
+    }
+
+    function showOverlay(chosenImageIndex) {
+        if (options.noScrollbars) {
+            document.documentElement.style.overflowY = 'hidden';
+            document.body.style.overflowY = 'scroll';
+        }
+        if (overlay.style.display === 'block') {
+            return;
+        }
+
+        bind(document, 'keydown', keyDownHandler);
+        currentIndex = chosenImageIndex;
+        touch = {
+            count: 0,
+            startX: null,
+            startY: null
+        };
+        loadImage(currentIndex, function () {
+            preloadNext(currentIndex);
+            preloadPrev(currentIndex);
+        });
+
+        updateOffset();
+        overlay.style.display = 'block';
+        // Fade in overlay
+        setTimeout(function () {
+            overlay.className = 'visible';
+            if (options.bodyClass && document.body.classList) {
+                document.body.classList.add(options.bodyClass);
+            }
+            if (options.afterShow) {
+                options.afterShow();
+            }
+        }, 50);
+        if (options.onChange) {
+            options.onChange(currentIndex, imagesElements.length);
+        }
+        documentLastFocus = document.activeElement;
+        initFocus();
+        isOverlayVisible = true;
+    }
+
+    function initFocus() {
+        if (options.buttons) {
+            previousButton.focus();
+        } else {
+            closeButton.focus();
+        }
+    }
+
+    function hideOverlay(e) {
+        ev(e);
+        if (options.noScrollbars) {
+            document.documentElement.style.overflowY = 'auto';
+            document.body.style.overflowY = 'auto';
+        }
+        if (overlay.style.display === 'none') {
+            return;
+        }
+
+        unbind(document, 'keydown', keyDownHandler);
+        // Fade out and hide the overlay
+        overlay.className = '';
+        setTimeout(function () {
+            overlay.style.display = 'none';
+            if (options.bodyClass && document.body.classList) {
+                document.body.classList.remove(options.bodyClass);
+            }
+            if (options.afterHide) {
+                options.afterHide();
+            }
+            documentLastFocus && documentLastFocus.focus();
+            isOverlayVisible = false;
+        }, 500);
+    }
+
+    function loadImage(index, callback) {
+        var imageContainer = imagesElements[index];
+        var galleryItem = currentGallery[index];
+
+        if (typeof imageContainer === 'undefined' || typeof galleryItem === 'undefined') {
+            return;  // out-of-bounds or gallery dirty
+        }
+
+        if (imageContainer.getElementsByTagName('img')[0]) {
+            // image is loaded, cb and bail
+            if (callback) {
+                callback();
+            }
+            return;
+        }
+
+        var imageElement = galleryItem.imageElement,
+            imageSrc = imageElement.href,
+            thumbnailElement = imageElement.getElementsByTagName('img')[0],
+            imageCaption = typeof options.captions === 'function' ?
+                options.captions.call(currentGallery, imageElement) :
+                imageElement.getAttribute('data-caption') || imageElement.title;
+
+        var figure = mknod('figure');
+        figure.id = 'baguetteBox-figure-' + index;
+        figure.innerHTML = '<div class="baguetteBox-spinner">' +
+            '<div class="baguetteBox-double-bounce1"></div>' +
+            '<div class="baguetteBox-double-bounce2"></div>' +
+            '</div>';
+
+        if (options.captions && imageCaption) {
+            var figcaption = mknod('figcaption');
+            figcaption.id = 'baguetteBox-figcaption-' + index;
+            figcaption.innerHTML = imageCaption;
+            figure.appendChild(figcaption);
+        }
+        imageContainer.appendChild(figure);
+
+        var image = mknod('img');
+        image.onload = function () {
+            // Remove loader element
+            var spinner = document.querySelector('#baguette-img-' + index + ' .baguetteBox-spinner');
+            figure.removeChild(spinner);
+            if (!options.async && callback) {
+                callback();
+            }
+        };
+        image.setAttribute('src', imageSrc);
+        image.alt = thumbnailElement ? thumbnailElement.alt || '' : '';
+        if (options.titleTag && imageCaption) {
+            image.title = imageCaption;
+        }
+        figure.appendChild(image);
+
+        if (options.async && callback) {
+            callback();
+        }
+    }
+
+    function showNextImage(e) {
+        ev(e);
+        return show(currentIndex + 1);
+    }
+
+    function showPreviousImage(e) {
+        ev(e);
+        return show(currentIndex - 1);
+    }
+
+    function showFirstImage(event) {
+        if (event) {
+            event.preventDefault();
+        }
+        return show(0);
+    }
+
+    function showLastImage(event) {
+        if (event) {
+            event.preventDefault();
+        }
+        return show(currentGallery.length - 1);
+    }
+
+    /**
+     * Move the gallery to a specific index
+     * @param `index` {number} - the position of the image
+     * @param `gallery` {array} - gallery which should be opened, if omitted assumes the currently opened one
+     * @return {boolean} - true on success or false if the index is invalid
+     */
+    function show(index, gallery) {
+        if (!isOverlayVisible && index >= 0 && index < gallery.length) {
+            prepareOverlay(gallery, options);
+            showOverlay(index);
+            return true;
+        }
+        if (index < 0) {
+            if (options.animation) {
+                bounceAnimation('left');
+            }
+            return false;
+        }
+        if (index >= imagesElements.length) {
+            if (options.animation) {
+                bounceAnimation('right');
+            }
+            return false;
+        }
+
+        currentIndex = index;
+        loadImage(currentIndex, function () {
+            preloadNext(currentIndex);
+            preloadPrev(currentIndex);
+        });
+        updateOffset();
+
+        if (options.onChange) {
+            options.onChange(currentIndex, imagesElements.length);
+        }
+
+        return true;
+    }
+
+    /**
+     * Triggers the bounce animation
+     * @param {('left'|'right')} direction - Direction of the movement
+     */
+    function bounceAnimation(direction) {
+        slider.className = 'bounce-from-' + direction;
+        setTimeout(function () {
+            slider.className = '';
+        }, 400);
+    }
+
+    function updateOffset() {
+        var offset = -currentIndex * 100 + '%';
+        if (options.animation === 'fadeIn') {
+            slider.style.opacity = 0;
+            setTimeout(function () {
+                slider.style.transform = 'translate3d(' + offset + ',0,0)';
+                slider.style.opacity = 1;
+            }, 400);
+        } else {
+            slider.style.transform = 'translate3d(' + offset + ',0,0)';
+        }
+    }
+
+    function preloadNext(index) {
+        if (index - currentIndex >= options.preload) {
+            return;
+        }
+        loadImage(index + 1, function () {
+            preloadNext(index + 1);
+        });
+    }
+
+    function preloadPrev(index) {
+        if (currentIndex - index >= options.preload) {
+            return;
+        }
+        loadImage(index - 1, function () {
+            preloadPrev(index - 1);
+        });
+    }
+
+    function bind(element, event, callback, options) {
+        element.addEventListener(event, callback, options);
+    }
+
+    function unbind(element, event, callback, options) {
+        element.removeEventListener(event, callback, options);
+    }
+
+    function destroyPlugin() {
+        unbindEvents();
+        clearCachedData();
+        unbind(document, 'keydown', keyDownHandler);
+        document.getElementsByTagName('body')[0].removeChild(ebi('baguetteBox-overlay'));
+        data = {};
+        currentGallery = [];
+        currentIndex = 0;
+    }
+
+    return {
+        run: run,
+        show: show,
+        showNext: showNextImage,
+        showPrevious: showPreviousImage,
+        hide: hideOverlay,
+        destroy: destroyPlugin
+    };
+})();
--- a/copyparty/web/browser.css
+++ b/copyparty/web/browser.css
@@ -1,3 +1,6 @@
+:root {
+	--grid-sz: 10em;
+}
 * {
 	line-height: 1.2em;
 }
@@ -6,7 +9,7 @@ html,body,tr,th,td,#files,a {
 	background: none;
 	font-weight: inherit;
 	font-size: inherit;
-	padding: none;
+	padding: 0;
 	border: none;
 }
 html {
@@ -64,11 +67,16 @@ a, #files tbody div a:last-child {
 	background: #161616;
 	text-decoration: underline;
 }
+#files thead {
+	background: #333;
+	position: sticky;
+	top: 0;
+}
 #files thead a {
 	color: #999;
 	font-weight: normal;
 }
-#files tr+tr:hover {
+#files tr:hover {
 	background: #1c1c1c;
 }
 #files thead th {
@@ -90,8 +98,6 @@ a, #files tbody div a:last-child {
 #files td {
 	margin: 0;
 	padding: 0 .5em;
-}
-#files td {
 	border-bottom: 1px solid #111;
 }
 #files td+td+td {
@@ -182,11 +188,42 @@ a, #files tbody div a:last-child {
 	color: #840;
 	text-shadow: 0 0 .3em #b80;
 }
-#files tbody tr.sel td {
+#files tbody tr.sel td,
+#ggrid a.sel,
+html.light #ggrid a.sel {
 	color: #fff;
 	background: #925;
 	border-color: #c37;
 }
+#files tbody tr.sel:hover td,
+#ggrid a.sel:hover,
+html.light #ggrid a.sel:hover {
+	color: #fff;
+	background: #d39;
+	border-color: #d48;
+	text-shadow: 1px 1px 0 #804;
+}
+#ggrid a.sel,
+html.light #ggrid a.sel {
+	border-top: 1px solid #d48;
+	box-shadow: 0 .1em 1.2em #b36;
+	transition: all 0.2s cubic-bezier(.2, 2.2, .5, 1); /* https://cubic-bezier.com/#.4,2,.7,1 */
+}
+#ggrid a.sel img {
+	opacity: .7;
+	box-shadow: 0 0 1em #b36;
+	filter: contrast(130%) brightness(107%);
+}
+#files tr.sel a {
+	color: #fff;
+}
+#files tr.sel a.play {
+	color: #fc5;
+}
+#files tr.sel a.play.act {
+	color: #fff;
+	text-shadow: 0 0 1px #fff;
+}
 #blocked {
 	position: fixed;
 	top: 0;
@@ -244,7 +281,10 @@ a, #files tbody div a:last-child {
 	background: #3c3c3c;
 }
 #wtico {
-	cursor: url(/.cpr/dd/1.png), pointer;
+	cursor: url(/.cpr/dd/4.png), pointer;
+	animation: cursor 500ms;
+}
+#wtico:hover {
 	animation: cursor 500ms infinite;
 }
@keyframes cursor {
@@ -252,7 +292,7 @@ a, #files tbody div a:last-child {
 	30% {cursor: url(/.cpr/dd/3.png), pointer}
 	50% {cursor: url(/.cpr/dd/4.png), pointer}
 	75% {cursor: url(/.cpr/dd/5.png), pointer}
-	85% {cursor: url(/.cpr/dd/1.png), pointer}
+	85% {cursor: url(/.cpr/dd/4.png), pointer}
 }
@keyframes spin {
 	100% {transform: rotate(360deg)}
@@ -273,29 +313,48 @@ a, #files tbody div a:last-child {
 	padding: .2em 0 0 .07em;
 	color: #fff;
 }
-#wzip {
+#wzip, #wnp {
 	display: none;
 	margin-right: .3em;
 	padding-right: .3em;
 	border-right: .1em solid #555;
 }
+#wnp a {
+	position: relative;
+	font-size: .47em;
+	margin: 0 .1em;
+	top: -.4em;
+}
+#wnp a+a {
+	margin-left: .33em;
+}
 #wtoggle,
 #wtoggle * {
 	line-height: 1em;
 }
+#wtoggle.np {
+	width: 5.5em;
+}
 #wtoggle.sel {
 	width: 6.4em;
 }
-#wtoggle.sel #wzip {
+#wtoggle.sel #wzip,
+#wtoggle.np #wnp {
 	display: inline-block;
 }
-#wtoggle.sel #wzip a {
+#wtoggle.sel.np #wnp {
+	display: none;
+}
+#wzip a {
 	font-size: .4em;
 	padding: 0 .3em;
 	margin: -.3em .2em;
 	position: relative;
 	display: inline-block;
 }
+#wzip a+a {
+	margin-left: .8em;
+}
 #wtoggle.sel #wzip #selzip {
 	top: -.6em;
 	padding: .4em .3em;
@@ -343,10 +402,10 @@ a, #files tbody div a:last-child {
 	width: calc(100% - 10.5em);
 	background: rgba(0,0,0,0.2);
 }
-@media (min-width: 90em) {
+@media (min-width: 80em) {
 	#barpos,
 	#barbuf {
-		width: calc(100% - 24em);
+		width: calc(100% - 21em);
 		left: 9.8em;
 		top: .7em;
 		height: 1.6em;
@@ -356,6 +415,9 @@ a, #files tbody div a:last-child {
 		bottom: -3.2em;
 		height: 3.2em;
 	}
+	#pvol {
+		max-width: 9em;
+	}
 }


@@ -407,6 +469,7 @@ a, #files tbody div a:last-child {
 	padding: .3em .6em;
 	border-radius: .3em;
 	border-width: .15em 0;
+	white-space: nowrap;
 }
 .opbox {
 	background: #2d2d2d;
@@ -466,6 +529,17 @@ input[type="checkbox"]:checked+label {
 	height: 1em;
 	margin: .2em 0 -1em 1.6em;
 }
+#tq_raw {
+	width: calc(100% - 2em);
+	margin: .3em 0 0 1.4em;
+}
+#tq_raw td+td {
+	width: 100%;
+}
+#op_search #q_raw {
+	width: 100%;
+	display: block;
+}
 #files td div span {
 	color: #fff;
 	padding: 0 .4em;
@@ -487,9 +561,6 @@ input[type="checkbox"]:checked+label {
 	border-collapse: collapse;
 	width: 100%;
 }
-#files td div a:last-child {
-	width: 100%;
-}
 #wrap {
 	margin-top: 2em;
 }
@@ -499,7 +570,6 @@ input[type="checkbox"]:checked+label {
 	left: 0;
 	bottom: 0;
 	top: 7em;
-	padding-top: .2em;
 	overflow-y: auto;
 	-ms-scroll-chaining: none;
 	overscroll-behavior-y: none;
@@ -508,9 +578,7 @@ input[type="checkbox"]:checked+label {
 #thx_ff {
 	padding: 5em 0;
 }
-#tree::-webkit-scrollbar-track {
-	background: #333;
-}
+#tree::-webkit-scrollbar-track,
 #tree::-webkit-scrollbar {
 	background: #333;
 }
@@ -525,8 +593,7 @@ input[type="checkbox"]:checked+label {
 	left: -1.7em;
 	width: calc(100% + 1.3em);
 }
-.tglbtn,
-#tree>a+a {
+.btn {
 	padding: .2em .4em;
 	font-size: 1.2em;
 	background: #2a2a2a;
@@ -536,12 +603,10 @@ input[type="checkbox"]:checked+label {
 	position: relative;
 	top: -.2em;
 }
-.tglbtn:hover,
-#tree>a+a:hover {
+.btn:hover {
 	background: #805;
 }
-.tglbtn.on,
-#tree>a+a.on {
+.tgl.btn.on {
 	background: #fc4;
 	color: #400;
 	text-shadow: none;
@@ -549,6 +614,7 @@ input[type="checkbox"]:checked+label {
 #detree {
 	padding: .3em .5em;
 	font-size: 1.5em;
+	line-height: 1.5em;
 }
 #tree ul,
 #tree li {
@@ -578,7 +644,6 @@ input[type="checkbox"]:checked+label {
 }
 #treeul a+a {
 	width: calc(100% - 2em);
-	background: #333;
 	line-height: 1em;
 }
 #treeul a+a:hover {
@@ -685,6 +750,103 @@ input[type="checkbox"]:checked+label {
 	font-family: monospace, monospace;
 	line-height: 2em;
 }
+#thumbs {
+	opacity: .3;
+}
+#griden.on+#thumbs {
+	opacity: 1;
+}
+#ghead {
+	background: #3c3c3c;
+	border: 1px solid #444;
+	border-radius: .3em;
+	padding: .5em;
+	margin: 0 1.5em 1em .4em;
+	position: sticky;
+	top: -.3em;
+}
+html.light #ghead {
+	background: #f7f7f7;
+	border-color: #ddd;
+}
+#ghead .btn {
+	position: relative;
+	top: 0;
+}
+#ggrid {
+	padding-top: .5em;
+}
+#ggrid a {
+	display: inline-block;
+	width: var(--grid-sz);
+	vertical-align: top;
+	overflow-wrap: break-word;
+	background: #383838;
+	border: 1px solid #444;
+	border-top: 1px solid #555;
+	box-shadow: 0 .1em .2em #222;
+	border-radius: .3em;
+	padding: .3em;
+	margin: .5em;
+}
+#ggrid a img {
+	border-radius: .2em;
+	max-width: var(--grid-sz);
+	max-height: calc(var(--grid-sz)/1.25);
+	margin: 0 auto;
+	display: block;
+}
+#ggrid a span {
+	padding: .2em .3em;
+	display: block;
+}
+#ggrid span.dir:before {
+	content: '📂';
+	line-height: 0;
+	font-size: 2em;
+	display: inline-block;
+	margin: -.7em .1em -.5em -.3em;
+}
+#ggrid a:hover {
+	background: #444;
+	border-color: #555;
+	color: #fd9;
+}
+html.light #ggrid a {
+	background: #f7f7f7;
+	border-color: #ddd;
+	box-shadow: 0 .1em .2em #ddd;
+}
+html.light #ggrid a:hover {
+	background: #fff;
+	border-color: #ccc;
+	color: #015;
+	box-shadow: 0 .1em .5em #aaa;
+}
+#pvol,
+#barbuf,
+#barpos,
+#u2conf label {
+	-webkit-user-select: none;
+	-moz-user-select: none;
+	-ms-user-select: none;
+	user-select: none;
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



@@ -704,25 +866,22 @@ html.light #srch_form {
 }
 html.light #ops a.act {
 	box-shadow: 0 .2em .2em #ccc;
-	background: #f7f7f7;
+	background: #fff;
 	border-color: #07a;
 	padding-top: .4em;
 }
 html.light #op_cfg h3 {
 	border-color: #ccc;
 }
-html.light .tglbtn,
-html.light #tree > a + a {
+html.light .btn {
 	color: #666;
 	background: #ddd;
 	box-shadow: none;
 }
-html.light .tglbtn:hover,
-html.light #tree > a + a:hover {
+html.light .btn:hover {
 	background: #caf;
 }
-html.light .tglbtn.on,
-html.light #tree > a + a.on {
+html.light .tgl.btn.on {
 	background: #4a0;
 	color: #fff;
 }
@@ -760,8 +919,9 @@ html.light #files {
 }
 html.light #files thead th {
 	background: #eee;
+	border-radius: 0;
 }
-html.light #files tr+tr td {
+html.light #files tr td {
 	border-top: 1px solid #ddd;
 }
 html.light #files td {
@@ -785,8 +945,12 @@ html.light tr.play td {
 html.light tr.play a {
 	color: #406;
 }
+html.light #files th:hover .cfg,
+html.light #files th.min .cfg {
+	background: #ccc;
+}
 html.light #files > thead > tr > th.min span {
-	background: linear-gradient(90deg, rgba(68,68,68,0), rgba(68,68,68,0.2) 70%, rgba(68,68,68,0.5));
+	background: linear-gradient(90deg, rgba(204,204,204,0), rgba(204,204,204,0.5) 70%, #ccc);
 }
 html.light #blocked {
 	background: #eee;
@@ -808,6 +972,9 @@ html.light #files tr.sel td {
 html.light #files tr.sel a {
 	color: #fff;
 }
+html.light #files tr.sel a.play.act {
+	color: #fb0;
+}
 html.light input[type="checkbox"] + label {
 	color: #333;
 }
@@ -854,4 +1021,171 @@ html.light #files a:hover,
 html.light #files tr.sel a:hover {
 	color: #000;
 	background: #fff;
-}
+}
+html.light #tree {
+	scrollbar-color: #a70 #ddd;
+}
+html.light #tree::-webkit-scrollbar-track,
+html.light #tree::-webkit-scrollbar {
+	background: #ddd;
+}
+#tree::-webkit-scrollbar-thumb {
+	background: #da0;
+}
+
+
+
+#baguetteBox-overlay {
+	display: none;
+	opacity: 0;
+	position: fixed;
+	overflow: hidden;
+	top: 0;
+	left: 0;
+	width: 100%;
+	height: 100%;
+	z-index: 1000000;
+	background: rgba(0, 0, 0, 0.8);
+	transition: opacity .3s ease;
+}
+#baguetteBox-overlay.visible {
+	opacity: 1;
+}
+#baguetteBox-overlay .full-image {
+    display: inline-block;
+    position: relative;
+    width: 100%;
+    height: 100%;
+    text-align: center;
+}
+#baguetteBox-overlay .full-image figure {
+	display: inline;
+	margin: 0;
+	height: 100%;
+}
+#baguetteBox-overlay .full-image img {
+	display: inline-block;
+	width: auto;
+	height: auto;
+	max-height: 100%;
+	max-width: 100%;
+	vertical-align: middle;
+	box-shadow: 0 0 8px rgba(0, 0, 0, 0.6);
+}
+#baguetteBox-overlay .full-image figcaption {
+	display: block;
+	position: absolute;
+	bottom: 0;
+	width: 100%;
+	text-align: center;
+	line-height: 1.8;
+	white-space: normal;
+	color: #ccc;
+}
+#baguetteBox-overlay figcaption a {
+	background: rgba(0, 0, 0, 0.6);
+	border-radius: .4em;
+	padding: .3em .6em;
+}
+#baguetteBox-overlay .full-image:before {
+	content: "";
+	display: inline-block;
+	height: 50%;
+	width: 1px;
+	margin-right: -1px;
+}
+#baguetteBox-slider {
+	position: absolute;
+	left: 0;
+	top: 0;
+	height: 100%;
+	width: 100%;
+	white-space: nowrap;
+	transition: left .2s ease, transform .2s ease;
+}
+#baguetteBox-slider.bounce-from-right {
+	animation: bounceFromRight .4s ease-out;
+}
+#baguetteBox-slider.bounce-from-left {
+	animation: bounceFromLeft .4s ease-out;
+}
+@keyframes bounceFromRight {
+	0% {margin-left: 0}
+	50% {margin-left: -30px}
+	100% {margin-left: 0}
+}
+@keyframes bounceFromLeft {
+	0% {margin-left: 0}
+	50% {margin-left: 30px}
+	100% {margin-left: 0}
+}
+.baguetteBox-button#next-button,
+.baguetteBox-button#previous-button {
+	top: 50%;
+	top: calc(50% - 30px);
+	width: 44px;
+	height: 60px;
+} 
+.baguetteBox-button {
+	position: absolute;
+	cursor: pointer;
+	outline: none;
+	padding: 0;
+	margin: 0;
+	border: 0;
+	border-radius: 15%;
+	background: rgba(50, 50, 50, 0.5);
+	color: #ddd;
+	font: 1.6em sans-serif;
+	transition: background-color .3s ease;
+}
+.baguetteBox-button:focus,
+.baguetteBox-button:hover {
+	background: rgba(50, 50, 50, 0.9);
+}
+#next-button {
+	right: 2%;
+}
+#previous-button {
+	left: 2%;
+}
+#close-button {
+	top: 20px;
+	right: 2%;
+	width: 30px;
+	height: 30px;
+}
+.baguetteBox-button svg {
+	position: absolute;
+	left: 0;
+	top: 0;
+}
+.baguetteBox-spinner {
+	width: 40px;
+	height: 40px;
+	display: inline-block;
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	margin-top: -20px;
+	margin-left: -20px;
+}
+.baguetteBox-double-bounce1,
+.baguetteBox-double-bounce2 {
+	width: 100%;
+	height: 100%;
+	border-radius: 50%;
+	background-color: #fff;
+	opacity: .6;
+	position: absolute;
+	top: 0;
+	left: 0;
+	animation: bounce 2s infinite ease-in-out;
+}
+.baguetteBox-double-bounce2 {
+	animation-delay: -1s;
+}
+@keyframes bounce {
+	0%, 100% {transform: scale(0)}
+	50% {transform: scale(1)}
+}
--- a/copyparty/web/browser.html
+++ b/copyparty/web/browser.html
@@ -8,6 +8,9 @@
    <meta name="viewport" content="width=device-width, initial-scale=0.8">
    <link rel="stylesheet" type="text/css" media="screen" href="/.cpr/browser.css{{ ts }}">
    <link rel="stylesheet" type="text/css" media="screen" href="/.cpr/upload.css{{ ts }}">
+    {%- if css %}
+    <link rel="stylesheet" type="text/css" media="screen" href="{{ css }}{{ ts }}">
+    {%- endif %}
 </head>

 <body>
@@ -21,7 +24,7 @@
        {%- endif %}
        <a href="#" data-perm="write" data-dest="bup" data-desc="bup: basic uploader, even supports netscape 4.0">🎈</a>
        <a href="#" data-perm="write" data-dest="mkdir" data-desc="mkdir: create a new directory">📂</a>
-        <a href="#" data-perm="write" data-dest="new_md" data-desc="new-md: create a new markdown document">📝</a>
+        <a href="#" data-perm="read write" data-dest="new_md" data-desc="new-md: create a new markdown document">📝</a>
        <a href="#" data-perm="write" data-dest="msg" data-desc="msg: send a message to the server log">📟</a>
        <a href="#" data-dest="cfg" data-desc="configuration options">⚙️</a>
        <div id="opdesc"></div>
@@ -41,8 +44,10 @@
    <div id="op_cfg" class="opview opbox">
        <h3>switches</h3>
        <div>
-            <a id="tooltips" class="tglbtn" href="#">tooltips</a>
-            <a id="lightmode" class="tglbtn" href="#">lightmode</a>
+            <a id="tooltips" class="tgl btn" href="#">tooltips</a>
+            <a id="lightmode" class="tgl btn" href="#">lightmode</a>
+            <a id="griden" class="tgl btn" href="#">the grid</a>
+            <a id="thumbs" class="tgl btn" href="#">thumbs</a>
        </div>
        {%- if have_zip %}
        <h3>folder download</h3>
@@ -61,9 +66,9 @@
    
    <div id="tree">
        <a href="#" id="detree">🍞...</a>
-        <a href="#" step="2" id="twobytwo">+</a>
-        <a href="#" step="-2" id="twig">&ndash;</a>
-        <a href="#" class="tglbtn" id="dyntree">a</a>
+        <a href="#" class="btn" step="2" id="twobytwo">+</a>
+        <a href="#" class="btn" step="-2" id="twig">&ndash;</a>
+        <a href="#" class="tgl btn" id="dyntree">a</a>
        <ul id="treeul"></ul>
        <div id="thx_ff">&nbsp;</div>
    </div>
@@ -114,22 +119,7 @@
    <div id="srv_info"><span>{{ srv_info }}</span></div>
    {%- endif %}

-    <div id="widget">
-        <div id="wtoggle">
-            <span id="wzip">
-                <a href="#" id="selall">sel.<br />all</a>
-                <a href="#" id="selinv">sel.<br />inv.</a>
-                <a href="#" id="selzip">zip</a>
-            </span><a
-                href="#" id="wtico">♫</a>
-        </div>
-        <div id="widgeti">
-            <div id="pctl"><a href="#" id="bprev">⏮</a><a href="#" id="bplay">▶</a><a href="#" id="bnext">⏭</a></div>
-            <canvas id="pvol" width="288" height="38"></canvas>
-            <canvas id="barpos"></canvas>
-            <canvas id="barbuf"></canvas>
-        </div>
-    </div>
+    <div id="widget"></div>

    <script>
        var tag_order_cfg = {{ tag_order }};
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
--- a/copyparty/web/browser2.html
+++ b/copyparty/web/browser2.html
@@ -6,6 +6,11 @@
    <title>{{ title }}</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=0.8">
+    <style>
+        html{font-family:sans-serif}
+        td{border:1px solid #999;border-width:1px 1px 0 0;padding:0 5px}
+        a{display:block}
+    </style>
 </head>

 <body>
@@ -49,7 +54,7 @@
    <div>{{ logues[1] }}</div><br />
    {%- endif %}
    
-    <h2><a href="{{ url_suf }}&amp;h">control-panel</a></h2>
+    <h2><a href="{{ url_suf }}{{ url_suf and '&amp;' or '?' }}h">control-panel</a></h2>

 </body>
 </html>
--- a/copyparty/web/dd/1.png
+++ b/copyparty/web/dd/1.png
--- a/copyparty/web/md.css
+++ b/copyparty/web/md.css
@@ -50,6 +50,9 @@ pre code:last-child {
 pre code::before {
 	content: counter(precode);
 	-webkit-user-select: none;
+	-moz-user-select: none;
+	-ms-user-select: none;
+	user-select: none;
 	display: inline-block;
 	text-align: right;
 	font-size: .75em;
@@ -591,12 +594,3 @@ blink {
 		color: #940;
 	}
 }
-
-/*
-*[data-ln]:before {
-	content: attr(data-ln);
-	font-size: .8em;
-	margin: 0 .4em;
-	color: #f0c;
-}
-*/
--- a/copyparty/web/md.js
+++ b/copyparty/web/md.js
@@ -46,7 +46,7 @@ function statify(obj) {
    var ua = navigator.userAgent;
    if (ua.indexOf(') Gecko/') !== -1 && /Linux| Mac /.exec(ua)) {
        // necessary on ff-68.7 at least
-        var s = document.createElement('style');
+        var s = mknod('style');
        s.innerHTML = '@page { margin: .5in .6in .8in .6in; }';
        console.log(s.innerHTML);
        document.head.appendChild(s);
@@ -175,12 +175,12 @@ function md_plug_err(ex, js) {
        msg = "Line " + ln + ", " + msg;
        var lns = js.split('\n');
        if (ln < lns.length) {
-            o = document.createElement('span');
+            o = mknod('span');
            o.style.cssText = 'color:#ac2;font-size:.9em;font-family:scp;display:block';
            o.textContent = lns[ln - 1];
        }
    }
-    errbox = document.createElement('div');
+    errbox = mknod('div');
    errbox.setAttribute('id', 'md_errbox');
    errbox.style.cssText = 'position:absolute;top:0;left:0;padding:1em .5em;background:#2b2b2b;color:#fc5'
    errbox.textContent = msg;
--- a/copyparty/web/md2.css
+++ b/copyparty/web/md2.css
@@ -1,126 +1,125 @@
 #toc {
-    display: none;
+	display: none;
 }
 #mtw {
-    display: block;
-    position: fixed;
-    left: .5em;
-    bottom: 0;
-    width: calc(100% - 56em);
+	display: block;
+	position: fixed;
+	left: .5em;
+	bottom: 0;
+	width: calc(100% - 56em);
 }
 #mw {
-    left: calc(100% - 55em);
-    overflow-y: auto;
-    position: fixed;
-    bottom: 0;
+	left: calc(100% - 55em);
+	overflow-y: auto;
+	position: fixed;
+	bottom: 0;
 }


 /* single-screen */
 #mtw.preview,
 #mw.editor {
-    opacity: 0;
-    z-index: 1;
+	opacity: 0;
+	z-index: 1;
 }
 #mw.preview,
 #mtw.editor {
-    z-index: 5;
+	z-index: 5;
 }
 #mtw.single,
 #mw.single {
-    margin: 0;
-    left: 1em;
-    left: max(1em, calc((100% - 56em) / 2));
+	margin: 0;
+	left: 1em;
+	left: max(1em, calc((100% - 56em) / 2));
 }
 #mtw.single {
-    width: 55em;
-    width: min(55em, calc(100% - 2em));
+	width: 55em;
+	width: min(55em, calc(100% - 2em));
 }


 #mp {
-    position: relative;
+	position: relative;
 }
 #mt, #mtr {
-    width: 100%;
-    height: calc(100% - 1px);
-    color: #444;
-    background: #f7f7f7;
-    border: 1px solid #999;
-    outline: none;
-    padding: 0;
-    margin: 0;
-    font-family: 'consolas', monospace, monospace;
-    white-space: pre-wrap;
-    word-break: break-word;
-    overflow-wrap: break-word;
-    word-wrap: break-word; /*ie*/
-    overflow-y: scroll;
-    line-height: 1.3em;
-    font-size: .9em;
-    position: relative;
-    scrollbar-color: #eb0 #f7f7f7;
+	width: 100%;
+	height: calc(100% - 1px);
+	color: #444;
+	background: #f7f7f7;
+	border: 1px solid #999;
+	outline: none;
+	padding: 0;
+	margin: 0;
+	font-family: 'consolas', monospace, monospace;
+	white-space: pre-wrap;
+	word-break: break-word;
+	overflow-wrap: break-word;
+	word-wrap: break-word; /*ie*/
+	overflow-y: scroll;
+	line-height: 1.3em;
+	font-size: .9em;
+	position: relative;
+	scrollbar-color: #eb0 #f7f7f7;
 }
 html.dark #mt {
-    color: #eee;
-    background: #222;
-    border: 1px solid #777;
-    scrollbar-color: #b80 #282828;
+	color: #eee;
+	background: #222;
+	border: 1px solid #777;
+	scrollbar-color: #b80 #282828;
 }
 #mtr {
-    position: absolute;
-    top: 0;
-    left: 0;
+	position: absolute;
+	top: 0;
+	left: 0;
 }
 #save.force-save {
-    color: #400;
-    background: #f97;
-    border-radius: .15em;
+	color: #400;
+	background: #f97;
+	border-radius: .15em;
 }
 html.dark #save.force-save {
-    color: #fca;
-    background: #720;
+	color: #fca;
+	background: #720;
 }
 #save.disabled {
-    opacity: .4;
+	opacity: .4;
 }
 #helpbox,
 #toast {
-    background: #f7f7f7;
-    border-radius: .4em;
-    z-index: 9001;
+	background: #f7f7f7;
+	border-radius: .4em;
+	z-index: 9001;
 }
 #helpbox {
-    display: none;
-    position: fixed;
-    padding: 2em;
-    top: 4em;
-    overflow-y: auto;
-    box-shadow: 0 .5em 2em #777;
-    height: calc(100% - 12em);
-    left: calc(50% - 15em);
-    right: 0;
-    width: 30em;
+	display: none;
+	position: fixed;
+	padding: 2em;
+	top: 4em;
+	overflow-y: auto;
+	box-shadow: 0 .5em 2em #777;
+	height: calc(100% - 12em);
+	left: calc(50% - 15em);
+	right: 0;
+	width: 30em;
 }
 #helpclose {
-    display: block;
+	display: block;
 }
 html.dark #helpbox {
-    box-shadow: 0 .5em 2em #444;
+	box-shadow: 0 .5em 2em #444;
 }
 html.dark #helpbox,
 html.dark #toast {
-    background: #222;
-    border: 1px solid #079;
-    border-width: 1px 0;
+	background: #222;
+	border: 1px solid #079;
+	border-width: 1px 0;
 }
 #toast {
-    font-weight: bold;
-    text-align: center;
-    padding: .6em 0;
-    position: fixed;
-    z-index: 9001;
-    top: 30%;
-    transition: opacity 0.2s ease-in-out;
-    opacity: 1;
+	font-weight: bold;
+	text-align: center;
+	padding: .6em 0;
+	position: fixed;
+	top: 30%;
+	transition: opacity 0.2s ease-in-out;
+	opacity: 1;
 }
--- a/copyparty/web/md2.js
+++ b/copyparty/web/md2.js
@@ -16,7 +16,7 @@ var dom_sbs = ebi('sbs');
 var dom_nsbs = ebi('nsbs');
 var dom_tbox = ebi('toolsbox');
 var dom_ref = (function () {
-    var d = document.createElement('div');
+    var d = mknod('div');
    d.setAttribute('id', 'mtr');
    dom_swrap.appendChild(d);
    d = ebi('mtr');
@@ -71,7 +71,7 @@ var map_src = [];
 var map_pre = [];
 function genmap(dom, oldmap) {
    var find = nlines;
-    while (oldmap && find --> 0) {
+    while (oldmap && find-- > 0) {
        var tmap = genmapq(dom, '*[data-ln="' + find + '"]');
        if (!tmap || !tmap.length)
            continue;
@@ -94,7 +94,7 @@ var nlines = 0;
 var draw_md = (function () {
    var delay = 1;
    function draw_md() {
-        var t0 = new Date().getTime();
+        var t0 = Date.now();
        var src = dom_src.value;
        convert_markdown(src, dom_pre);

@@ -110,7 +110,7 @@ var draw_md = (function () {

        cls(ebi('save'), 'disabled', src == server_md);

-        var t1 = new Date().getTime();
+        var t1 = Date.now();
        delay = t1 - t0 > 100 ? 25 : 1;
    }

@@ -252,7 +252,7 @@ function Modpoll() {
        }

        console.log('modpoll...');
-        var url = (document.location + '').split('?')[0] + '?raw&_=' + new Date().getTime();
+        var url = (document.location + '').split('?')[0] + '?raw&_=' + Date.now();
        var xhr = new XMLHttpRequest();
        xhr.modpoll = this;
        xhr.open('GET', url, true);
@@ -399,7 +399,7 @@ function save_cb() {

 function run_savechk(lastmod, txt, btn, ntry) {
    // download the saved doc from the server and compare
-    var url = (document.location + '').split('?')[0] + '?raw&_=' + new Date().getTime();
+    var url = (document.location + '').split('?')[0] + '?raw&_=' + Date.now();
    var xhr = new XMLHttpRequest();
    xhr.open('GET', url, true);
    xhr.responseType = 'text';
@@ -455,7 +455,7 @@ function toast(autoclose, style, width, msg) {
        ok.parentNode.removeChild(ok);

    style = "width:" + width + "em;left:calc(50% - " + (width / 2) + "em);" + style;
-    ok = document.createElement('div');
+    ok = mknod('div');
    ok.setAttribute('id', 'toast');
    ok.setAttribute('style', style);
    ok.innerHTML = msg;
@@ -1049,7 +1049,7 @@ action_stack = (function () {
        var p1 = from.length,
            p2 = to.length;

-        while (p1 --> 0 && p2 --> 0)
+        while (p1-- > 0 && p2-- > 0)
            if (from[p1] != to[p2])
                break;

@@ -1142,14 +1142,3 @@ action_stack = (function () {
        _ref: ref
    }
 })();
-
-/*
-ebi('help').onclick = function () {
-    var c1 = getComputedStyle(dom_src).cssText.split(';');
-    var c2 = getComputedStyle(dom_ref).cssText.split(';');
-    var max = Math.min(c1.length, c2.length);
-    for (var a = 0; a < max; a++)
-        if (c1[a] !== c2[a])
-            console.log(c1[a] + '\n' + c2[a]);
-}
-*/
--- a/copyparty/web/mde.css
+++ b/copyparty/web/mde.css
@@ -8,68 +8,58 @@ html .editor-toolbar>i.separator { border-left: 1px solid #ccc; }
 html .editor-toolbar.disabled-for-preview>button:not(.no-disable) { opacity: .35 }

 html {
-    line-height: 1.5em;
+	line-height: 1.5em;
 }
 html, body {
-    margin: 0;
-    padding: 0;
-    min-height: 100%;
-    font-family: sans-serif;
-    background: #f7f7f7;
-    color: #333;
+	margin: 0;
+	padding: 0;
+	min-height: 100%;
+	font-family: sans-serif;
+	background: #f7f7f7;
+	color: #333;
 }
 #mn {
-    font-weight: normal;
-    margin: 1.3em 0 .7em 1em;
+	font-weight: normal;
+	margin: 1.3em 0 .7em 1em;
 }
 #mn a {
-    color: #444;
-    margin: 0 0 0 -.2em;
-    padding: 0 0 0 .4em;
-    text-decoration: none;
-    /* ie: */
-    border-bottom: .1em solid #777\9;
-    margin-right: 1em\9;
+	color: #444;
+	margin: 0 0 0 -.2em;
+	padding: 0 0 0 .4em;
+	text-decoration: none;
+	/* ie: */
+	border-bottom: .1em solid #777\9;
+	margin-right: 1em\9;
 }
 #mn a:first-child {
-    padding-left: .5em;
+	padding-left: .5em;
 }
 #mn a:last-child {
-    padding-right: .5em;
+	padding-right: .5em;
 }
 #mn a:not(:last-child):after {
-    content: '';
-    width: 1.05em;
-    height: 1.05em;
-    margin: -.2em .3em -.2em -.4em;
-    display: inline-block;
-    border: 1px solid rgba(0,0,0,0.2);
-    border-width: .2em .2em 0 0;
-    transform: rotate(45deg);
+	content: '';
+	width: 1.05em;
+	height: 1.05em;
+	margin: -.2em .3em -.2em -.4em;
+	display: inline-block;
+	border: 1px solid rgba(0,0,0,0.2);
+	border-width: .2em .2em 0 0;
+	transform: rotate(45deg);
 }
 #mn a:hover {
-    color: #000;
-    text-decoration: underline;
+	color: #000;
+	text-decoration: underline;
 }

 html .editor-toolbar>button.disabled {
-    opacity: .35;
-    pointer-events: none;
+	opacity: .35;
+	pointer-events: none;
 }
 html .editor-toolbar>button.save.force-save {
-    background: #f97;
+	background: #f97;
 }

-/*
-*[data-ln]:before {
-	content: attr(data-ln);
-	font-size: .8em;
-	margin: 0 .4em;
-	color: #f0c;
-}
-.cm-header { font-size: .4em !important }
-*/
-



@@ -101,29 +91,29 @@ html .editor-toolbar>button.save.force-save {
 	line-height: 1.1em;
 }
 .mdo a {
-    color: #fff;
-    background: #39b;
-    text-decoration: none;
-    padding: 0 .3em;
-    border: none;
-    border-bottom: .07em solid #079;
+	color: #fff;
+	background: #39b;
+	text-decoration: none;
+	padding: 0 .3em;
+	border: none;
+	border-bottom: .07em solid #079;
 }
 .mdo h2 {
-    color: #fff;
-    background: #555;
-    margin-top: 2em;
-    border-bottom: .22em solid #999;
-    border-top: none;
+	color: #fff;
+	background: #555;
+	margin-top: 2em;
+	border-bottom: .22em solid #999;
+	border-top: none;
 }
 .mdo h1 {
-    color: #fff;
-    background: #444;
-    font-weight: normal;
-    border-top: .4em solid #fb0;
-    border-bottom: .4em solid #777;
-    border-radius: 0 1em 0 1em;
-    margin: 3em 0 1em 0;
-    padding: .5em 0;
+	color: #fff;
+	background: #444;
+	font-weight: normal;
+	border-top: .4em solid #fb0;
+	border-bottom: .4em solid #777;
+	border-radius: 0 1em 0 1em;
+	margin: 3em 0 1em 0;
+	padding: .5em 0;
 }
 h1, h2 {
 	line-height: 1.5em;
@@ -197,14 +187,14 @@ th {

 /* mde support */
 .mdo {
-    padding: 1em;
-    background: #f7f7f7;
+	padding: 1em;
+	background: #f7f7f7;
 }
 html.dark .mdo {
-    background: #1c1c1c;
+	background: #1c1c1c;
 }
 .CodeMirror {
-    background: #f7f7f7;
+	background: #f7f7f7;
 }


@@ -214,108 +204,108 @@ html.dark .mdo {
 /* darkmode */
 html.dark .mdo,
 html.dark .CodeMirror {
-    border-color: #222;
+	border-color: #222;
 }
 html.dark,
 html.dark body,
 html.dark .CodeMirror {
-    background: #222;
-    color: #ccc;
+	background: #222;
+	color: #ccc;
 }
 html.dark .CodeMirror-cursor {
-    border-color: #fff;
+	border-color: #fff;
 }
 html.dark .CodeMirror-selected {
-    box-shadow: 0 0 1px #0cf inset;
+	box-shadow: 0 0 1px #0cf inset;
 }
 html.dark .CodeMirror-selected,
 html.dark .CodeMirror-selectedtext {
-    border-radius: .1em;
-    background: #246;
-    color: #fff;
+	border-radius: .1em;
+	background: #246;
+	color: #fff;
 }
 html.dark .mdo a {
-    background: #057;
+	background: #057;
 }
 html.dark .mdo h1 a, html.dark .mdo h4 a,
 html.dark .mdo h2 a, html.dark .mdo h5 a,
 html.dark .mdo h3 a, html.dark .mdo h6 a {
-    color: inherit;
-    background: none;
+	color: inherit;
+	background: none;
 }
 html.dark pre,
 html.dark code {
-    color: #8c0;
-    background: #1a1a1a;
-    border: .07em solid #333;
+	color: #8c0;
+	background: #1a1a1a;
+	border: .07em solid #333;
 }
 html.dark .mdo ul,
 html.dark .mdo ol {
-    border-color: #444;
+	border-color: #444;
 }
 html.dark .mdo>ul,
 html.dark .mdo>ol {
-    border-color: #555;
+	border-color: #555;
 }
 html.dark strong {
-    color: #fff;
+	color: #fff;
 }
 html.dark p>em,
 html.dark li>em,
 html.dark td>em {
-    color: #f94;
-    border-color: #666;
+	color: #f94;
+	border-color: #666;
 }
 html.dark h1 {
-    background: #383838;
-    border-top: .4em solid #b80;
-    border-bottom: .4em solid #4c4c4c;
+	background: #383838;
+	border-top: .4em solid #b80;
+	border-bottom: .4em solid #4c4c4c;
 }
 html.dark h2 {
-    background: #444;
-    border-bottom: .22em solid #555;
+	background: #444;
+	border-bottom: .22em solid #555;
 }
 html.dark td,
 html.dark th {
-    border-color: #444;
+	border-color: #444;
 }
 html.dark blockquote {
-    background: #282828;
-    border: .07em dashed #444;
+	background: #282828;
+	border: .07em dashed #444;
 }



 html.dark #mn a {
-    color: #ccc;
+	color: #ccc;
 }
 html.dark #mn a:not(:last-child):after {
-    border-color: rgba(255,255,255,0.3);
+	border-color: rgba(255,255,255,0.3);
 }
 html.dark .editor-toolbar {
-    border-color: #2c2c2c;
-    background: #1c1c1c;
+	border-color: #2c2c2c;
+	background: #1c1c1c;
 }
 html.dark .editor-toolbar>i.separator {
-    border-left: 1px solid #444;
-    border-right: 1px solid #111;
+	border-left: 1px solid #444;
+	border-right: 1px solid #111;
 }
 html.dark .editor-toolbar>button {
-    margin-left: -1px; border: 1px solid rgba(255,255,255,0.1);
-    color: #aaa;
+	margin-left: -1px; border: 1px solid rgba(255,255,255,0.1);
+	color: #aaa;
 }



 html.dark .editor-toolbar>button:hover {
-    color: #333;
+	color: #333;
 }
 html.dark .editor-toolbar>button.active {
-    color: #333;
-    border-color: #ec1;
-    background: #c90;
+	color: #333;
+	border-color: #ec1;
+	background: #c90;
 }
 html.dark .editor-toolbar::after,
 html.dark .editor-toolbar::before {
-    background: none;
+	background: none;
 }
--- a/copyparty/web/mde.js
+++ b/copyparty/web/mde.js
@@ -71,7 +71,7 @@ var mde = (function () {
 })();

 function set_jumpto() {
-    document.querySelector('.editor-preview-side').onclick = jumpto;
+    QS('.editor-preview-side').onclick = jumpto;
 }

 function jumpto(ev) {
@@ -94,7 +94,7 @@ function md_changed(mde, on_srv) {
        window.md_saved = mde.value();

    var md_now = mde.value();
-    var save_btn = document.querySelector('.editor-toolbar button.save');
+    var save_btn = QS('.editor-toolbar button.save');

    if (md_now == window.md_saved)
        save_btn.classList.add('disabled');
@@ -105,7 +105,7 @@ function md_changed(mde, on_srv) {
 }

 function save(mde) {
-    var save_btn = document.querySelector('.editor-toolbar button.save');
+    var save_btn = QS('.editor-toolbar button.save');
    if (save_btn.classList.contains('disabled')) {
        alert('there is nothing to save');
        return;
@@ -212,7 +212,7 @@ function save_chk() {
    last_modified = this.lastmod;
    md_changed(this.mde, true);

-    var ok = document.createElement('div');
+    var ok = mknod('div');
    ok.setAttribute('style', 'font-size:6em;font-family:serif;font-weight:bold;color:#cf6;background:#444;border-radius:.3em;padding:.6em 0;position:fixed;top:30%;left:calc(50% - 2em);width:4em;text-align:center;z-index:9001;transition:opacity 0.2s ease-in-out;opacity:1');
    ok.innerHTML = 'OK✔️';
    var parent = ebi('m');
--- a/copyparty/web/msg.css
+++ b/copyparty/web/msg.css
@@ -3,7 +3,7 @@ html,body,tr,th,td,#files,a {
 	background: none;
 	font-weight: inherit;
 	font-size: inherit;
-	padding: none;
+	padding: 0;
 	border: none;
 }
 html {
@@ -20,8 +20,8 @@ body {
 	padding-bottom: 5em;
 }
 #box {
-    padding: .5em 1em;
-    background: #2c2c2c;
+	padding: .5em 1em;
+	background: #2c2c2c;
 }
 pre {
 	font-family: monospace, monospace;
--- a/copyparty/web/splash.css
+++ b/copyparty/web/splash.css
@@ -26,6 +26,26 @@ a {
 	border-radius: .2em;
 	padding: .2em .8em;
 }
+table {
+	border-collapse: collapse;
+}
+.vols td,
+.vols th {
+	padding: .3em .6em;
+	text-align: left;
+}
+.num {
+	border-right: 1px solid #bbb;
+}
+.num td {
+	padding: .1em .7em .1em 0;
+}
+.num td:first-child {
+	text-align: right;
+}
+.btns {
+	margin: 1em 0;
+}


 html.dark,
@@ -50,4 +70,7 @@ html.dark input {
 	border-radius: .5em;
 	padding: .5em .7em;
 	margin: 0 .5em 0 0;
+}
+html.dark .num {
+	border-color: #777;
 }
--- a/copyparty/web/splash.html
+++ b/copyparty/web/splash.html
@@ -13,19 +13,49 @@
    <div id="wrap">
        <p>hello {{ this.uname }}</p>

+        {%- if avol %}
+        <h1>admin panel:</h1>
+        <table><tr><td> <!-- hehehe -->
+            <table class="num">
+                <tr><td>scanning</td><td>{{ scanning }}</td></tr>
+                <tr><td>hash-q</td><td>{{ hashq }}</td></tr>
+                <tr><td>tag-q</td><td>{{ tagq }}</td></tr>
+                <tr><td>mtp-q</td><td>{{ mtpq }}</td></tr>
+            </table>
+        </td><td>
+            <table class="vols">
+                <thead><tr><th>vol</th><th>action</th><th>status</th></tr></thead>
+                <tbody>
+                    {% for mp in avol %}
+                    {%- if mp in vstate and vstate[mp] %}
+                    <tr><td><a href="{{ mp }}{{ url_suf }}">{{ mp }}</a></td><td><a href="{{ mp }}?scan">rescan</a></td><td>{{ vstate[mp] }}</td></tr>
+                    {%- endif %}
+                    {% endfor %}
+                </tbody>
+            </table>
+        </td></tr></table>
+        <div class="btns">
+            <a href="{{ avol[0] }}?stack">dump stack</a>
+        </div>
+        {%- endif %}
+
+        {%- if rvol %}
        <h1>you can browse these:</h1>
        <ul>
            {% for mp in rvol %}
-            <li><a href="/{{ mp }}{{ url_suf }}">/{{ mp }}</a></li>
+            <li><a href="{{ mp }}{{ url_suf }}">{{ mp }}</a></li>
            {% endfor %}
        </ul>
+        {%- endif %}

+        {%- if wvol %}
        <h1>you can upload to:</h1>
        <ul>
            {% for mp in wvol %}
-            <li><a href="/{{ mp }}{{ url_suf }}">/{{ mp }}</a></li>
+            <li><a href="{{ mp }}{{ url_suf }}">{{ mp }}</a></li>
            {% endfor %}
        </ul>
+        {%- endif %}

        <h1>login for more:</h1>
        <ul>
--- a/copyparty/web/up2k.js
+++ b/copyparty/web/up2k.js
@@ -17,15 +17,16 @@ function goto_up2k() {
 // chrome requires https to use crypto.subtle,
 // usually it's undefined but some chromes throw on invoke
 var up2k = null;
+var sha_js = window.WebAssembly ? 'hw' : 'ac';  // ff53,c57,sa11
 try {
-    crypto.subtle.digest(
-        'SHA-512', new Uint8Array(1)
-    ).then(
-        function (x) { up2k = up2k_init(true) },
-        function (x) { up2k = up2k_init(false) }
+    var cf = crypto.subtle || crypto.webkitSubtle;
+    cf.digest('SHA-512', new Uint8Array(1)).then(
+        function (x) { console.log('sha-ok'); up2k = up2k_init(cf); },
+        function (x) { console.log('sha-ng:', x); up2k = up2k_init(false); }
    );
 }
 catch (ex) {
+    console.log('sha-na:', ex);
    try {
        up2k = up2k_init(false);
    }
@@ -55,7 +56,7 @@ function up2k_flagbus() {
            dbg(who, 'hi me (??)');
            return;
        }
-        flag.act = new Date().getTime();
+        flag.act = Date.now();
        if (what == "want") {
            // lowest id wins, don't care if that's us
            if (who < flag.id) {
@@ -209,7 +210,7 @@ function U2pvis(act, btns) {
    };

    this.perc = function (bd, bd0, sz, t0) {
-        var td = new Date().getTime() - t0,
+        var td = Date.now() - t0,
            p = bd * 100.0 / sz,
            nb = bd - bd0,
            spd = nb / (td / 1000),
@@ -219,25 +220,28 @@ function U2pvis(act, btns) {
    };

    this.hashed = function (fobj) {
-        var fo = this.tab[fobj.n];
-        var nb = fo.bt * (++fo.nh / fo.cb.length);
-        var p = this.perc(nb, 0, fobj.size, fobj.t1);
+        var fo = this.tab[fobj.n],
+            nb = fo.bt * (++fo.nh / fo.cb.length),
+            p = this.perc(nb, 0, fobj.size, fobj.t1);
+
        fo.hp = '{0}%, {1}, {2} MB/s'.format(
            p[0].toFixed(2), p[1], p[2].toFixed(2)
        );
        if (!this.is_act(fo.in))
            return;

-        var obj = ebi('f{0}p'.format(fobj.n));
+        var obj = ebi('f{0}p'.format(fobj.n)),
+            o1 = p[0] - 2, o2 = p[0] - 0.1, o3 = p[0];
+
        obj.innerHTML = fo.hp;
        obj.style.color = '#fff';
-        var o1 = p[0] - 2, o2 = p[0] - 0.1, o3 = p[0];
        obj.style.background = 'linear-gradient(90deg, #025, #06a ' + o1 + '%, #09d ' + o2 + '%, #333 ' + o3 + '%, #333 99%, #777)';
    };

    this.prog = function (fobj, nchunk, cbd) {
-        var fo = this.tab[fobj.n];
-        var delta = cbd - fo.cb[nchunk];
+        var fo = this.tab[fobj.n],
+            delta = cbd - fo.cb[nchunk];
+
        fo.cb[nchunk] = cbd;
        fo.bd += delta;

@@ -249,10 +253,11 @@ function U2pvis(act, btns) {
        if (!this.is_act(fo.in))
            return;

-        var obj = ebi('f{0}p'.format(fobj.n));
+        var obj = ebi('f{0}p'.format(fobj.n)),
+            o1 = p[0] - 2, o2 = p[0] - 0.1, o3 = p[0];
+
        obj.innerHTML = fo.hp;
        obj.style.color = '#fff';
-        var o1 = p[0] - 2, o2 = p[0] - 0.1, o3 = p[0];
        obj.style.background = 'linear-gradient(90deg, #050, #270 ' + o1 + '%, #4b0 ' + o2 + '%, #333 ' + o3 + '%, #333 99%, #777)';
    };

@@ -287,24 +292,14 @@ function U2pvis(act, btns) {
        }
    };

-    this.bzw_log = function (first, last) {
-        console.log("first %d   head %d   tail %d   last %d", first, this.head, this.tail, last);
-        var trs = document.querySelectorAll('#u2tab>tbody>tr'), msg = [];
-        for (var a = 0; a < trs.length; a++)
-            msg.push(trs[a].getAttribute('id'));
-
-        console.log(msg.join(' '));
-    }
-
    this.bzw = function () {
-        var first = document.querySelector('#u2tab>tbody>tr:first-child');
+        var first = QS('#u2tab>tbody>tr:first-child');
        if (!first)
            return;

-        var last = document.querySelector('#u2tab>tbody>tr:last-child');
+        var last = QS('#u2tab>tbody>tr:last-child');
        first = parseInt(first.getAttribute('id').slice(1));
        last = parseInt(last.getAttribute('id').slice(1));
-        //this.bzw_log(first, last);

        while (this.head - first > this.wsz) {
            var obj = ebi('f' + (first++));
@@ -315,12 +310,10 @@ function U2pvis(act, btns) {
            if (!obj)
                this.addrow(last);
        }
-        //this.bzw_log(first, last);
-        //console.log('--');
    };

    this.drawcard = function (cat) {
-        var cards = document.querySelectorAll('#u2cards>a>span');
+        var cards = QSA('#u2cards>a>span');

        if (cat == "q") {
            cards[4].innerHTML = this.ctr[cat];
@@ -343,9 +336,9 @@ function U2pvis(act, btns) {

    this.changecard = function (card) {
        this.act = card;
-        var html = [];
        this.head = -1;
        this.tail = -1;
+        var html = [];
        for (var a = 0; a < this.tab.length; a++) {
            var rt = this.tab[a].in;
            if (this.is_act(rt)) {
@@ -382,7 +375,7 @@ function U2pvis(act, btns) {
        if (as_html)
            return '<tr id="f' + nfile + '">' + ret + '</tr>';

-        var obj = document.createElement('tr');
+        var obj = mknod('tr');
        obj.setAttribute('id', 'f' + nfile);
        obj.innerHTML = ret;
        return obj;
@@ -394,7 +387,7 @@ function U2pvis(act, btns) {
    };

    var that = this;
-    btns = document.querySelectorAll(btns + '>a[act]');
+    btns = QSA(btns + '>a[act]');
    for (var a = 0; a < btns.length; a++) {
        btns[a].onclick = function (e) {
            ev(e);
@@ -409,10 +402,7 @@ function U2pvis(act, btns) {
 }


-function up2k_init(have_crypto) {
-    //have_crypto = false;
-    var need_filereader_cache = undefined;
-
+function up2k_init(subtle) {
    // show modal message
    function showmodal(msg) {
        ebi('u2notbtn').innerHTML = msg;
@@ -429,54 +419,68 @@ function up2k_init(have_crypto) {
        ebi('u2notbtn').innerHTML = '';
    }

-    var shame = 'your browser <a href="https://www.chromium.org/blink/webcrypto">disables sha512</a> unless you <a href="' + (window.location + '').replace(':', 's:') + '">use https</a>'
-    var is_https = (window.location + '').indexOf('https:') === 0;
+    var suggest_up2k = 'this is the basic uploader; <a href="#" id="u2yea">up2k</a> is better';
+
+    var shame = 'your browser <a href="https://www.chromium.org/blink/webcrypto">disables sha512</a> unless you <a href="' + (window.location + '').replace(':', 's:') + '">use https</a>',
+        is_https = (window.location + '').indexOf('https:') === 0;
+
    if (is_https)
-        // chrome<37 firefox<34 edge<12 ie<11 opera<24 safari<10.1
+        // chrome<37 firefox<34 edge<12 opera<24 safari<7
        shame = 'your browser is impressively ancient';

    // upload ui hidden by default, clicking the header shows it
    function init_deps() {
-        if (!have_crypto && !window.asmCrypto) {
-            showmodal('<h1>loading sha512.js</h1><h2>since ' + shame + '</h2><h4>thanks chrome</h4>');
-            import_js('/.cpr/deps/sha512.js', unmodal);
+        if (!subtle && !window.asmCrypto) {
+            var fn = 'sha512.' + sha_js + '.js';
+            showmodal('<h1>loading ' + fn + '</h1><h2>since ' + shame + '</h2><h4>thanks chrome</h4>');
+            import_js('/.cpr/deps/' + fn, unmodal);

            if (is_https)
                ebi('u2foot').innerHTML = shame + ' so <em>this</em> uploader will do like 500kB/s at best';
            else
-                ebi('u2foot').innerHTML = 'seems like ' + shame + ' so do that if you want more performance';
+                ebi('u2foot').innerHTML = 'seems like ' + shame + ' so do that if you want more performance <span style="color:#' +
+                    (sha_js == 'ac' ? 'c84">(expecting 20' : '8a5">(but dont worry too much, expect 100') + ' MiB/s)</span>';
        }
    }

    // show uploader if the user only has write-access
-    if (!ebi('files'))
+    var perms = document.body.getAttribute('perms');
+    if (perms && !has(perms.split(' '), 'read'))
        goto('up2k');

-    // shows or clears an error message in the basic uploader ui
-    function setmsg(msg) {
+    // shows or clears a message in the basic uploader ui
+    function setmsg(msg, type) {
        if (msg !== undefined) {
-            ebi('u2err').setAttribute('class', 'err');
+            ebi('u2err').setAttribute('class', type);
            ebi('u2err').innerHTML = msg;
        }
        else {
            ebi('u2err').setAttribute('class', '');
            ebi('u2err').innerHTML = '';
        }
+        if (msg == suggest_up2k) {
+            ebi('u2yea').onclick = function (e) {
+                ev(e);
+                goto('up2k');
+            };
+        }
    }

    // switches to the basic uploader with msg as error message
    function un2k(msg) {
-        setmsg(msg);
+        setmsg(msg, 'err');
        return false;
    }

    // handle user intent to use the basic uploader instead
    ebi('u2nope').onclick = function (e) {
        ev(e);
-        setmsg();
+        setmsg(suggest_up2k, 'msg');
        goto('bup');
    };

+    setmsg(suggest_up2k, 'msg');
+
    if (!String.prototype.format) {
        String.prototype.format = function () {
            var args = arguments;
@@ -487,13 +491,14 @@ function up2k_init(have_crypto) {
        };
    }

-    var parallel_uploads = icfg_get('nthread');
-    var multitask = bcfg_get('multitask', true);
-    var ask_up = bcfg_get('ask_up', true);
-    var flag_en = bcfg_get('flag_en', false);
-    var fsearch = bcfg_get('fsearch', false);
+    var parallel_uploads = icfg_get('nthread'),
+        multitask = bcfg_get('multitask', true),
+        ask_up = bcfg_get('ask_up', true),
+        flag_en = bcfg_get('flag_en', false),
+        fsearch = bcfg_get('fsearch', false),
+        fdom_ctr = 0,
+        min_filebuf = 0;

-    var fdom_ctr = 0;
    var st = {
        "files": [],
        "todo": {
@@ -543,8 +548,9 @@ function up2k_init(have_crypto) {
        e.stopPropagation();
        e.preventDefault();

-        var files;
-        var is_itemlist = false;
+        var files,
+            is_itemlist = false;
+
        if (e.dataTransfer) {
            if (e.dataTransfer.items) {
                files = e.dataTransfer.items; // DataTransferItemList
@@ -558,9 +564,10 @@ function up2k_init(have_crypto) {
            return alert('no files selected??');

        more_one_file();
-        var bad_files = [];
-        var good_files = [];
-        var dirs = [];
+        var bad_files = [],
+            good_files = [],
+            dirs = [];
+
        for (var a = 0; a < files.length; a++) {
            var fobj = files[a];
            if (is_itemlist) {
@@ -645,12 +652,13 @@ function up2k_init(have_crypto) {

    function gotallfiles(good_files, bad_files) {
        if (bad_files.length > 0) {
-            var ntot = bad_files.length + good_files.length;
-            var msg = 'These {0} files (of {1} total) were skipped because they are empty:\n'.format(bad_files.length, ntot);
+            var ntot = bad_files.length + good_files.length,
+                msg = 'These {0} files (of {1} total) were skipped because they are empty:\n'.format(bad_files.length, ntot);
+
            for (var a = 0, aa = Math.min(20, bad_files.length); a < aa; a++)
                msg += '-- ' + bad_files[a] + '\n';

-            if (good_files.length - bad_files.length <= 1 && /(android)/i.test(navigator.userAgent))
+            if (good_files.length - bad_files.length <= 1 && ANDROID)
                msg += '\nFirefox-Android has a bug which prevents selecting multiple files. Try selecting one file at a time. For more info, see firefox bug 1456557';

            alert(msg);
@@ -664,9 +672,10 @@ function up2k_init(have_crypto) {
            return;

        for (var a = 0; a < good_files.length; a++) {
-            var fobj = good_files[a][0];
-            var now = new Date().getTime();
-            var lmod = fobj.lastModified || now;
+            var fobj = good_files[a][0],
+                now = Date.now(),
+                lmod = fobj.lastModified || now;
+
            var entry = {
                "n": parseInt(st.files.length.toString()),
                "t0": now,
@@ -690,7 +699,7 @@ function up2k_init(have_crypto) {

            pvis.addfile([
                fsearch ? esc(entry.name) : linksplit(
-                    esc(uricom_dec(entry.purl)[0] + entry.name)).join(' '),
+                    uricom_dec(entry.purl)[0] + entry.name).join(' '),
                '📐 hash',
                ''
            ], fobj.size);
@@ -702,7 +711,7 @@ function up2k_init(have_crypto) {

    function more_one_file() {
        fdom_ctr++;
-        var elm = document.createElement('div')
+        var elm = mknod('div');
        elm.innerHTML = '<input id="file{0}" type="file" name="file{0}[]" multiple="multiple" />'.format(fdom_ctr);
        ebi('u2form').appendChild(elm);
        ebi('file' + fdom_ctr).addEventListener('change', gotfile, false);
@@ -740,7 +749,7 @@ function up2k_init(have_crypto) {
    function hashing_permitted() {
        if (multitask) {
            var ahead = st.bytes.hashed - st.bytes.uploaded;
-            return ahead < 1024 * 1024 * 128 &&
+            return ahead < 1024 * 1024 * 1024 * 4 &&
                st.todo.handshake.length + st.busy.handshake.length < 16;
        }
        return handshakes_permitted() && 0 ==
@@ -749,26 +758,23 @@ function up2k_init(have_crypto) {
    }

    var tasker = (function () {
-        var mutex = false;
-        var was_busy = false;
+        var tto = null,
+            running = false,
+            was_busy = false;
+
+        function defer() {
+            running = false;
+            clearTimeout(tto);
+            tto = setTimeout(taskerd, 100);
+        }

        function taskerd() {
-            if (mutex)
+            if (running)
                return;

-            mutex = true;
+            clearTimeout(tto);
+            running = true;
            while (true) {
-                if (false) {
-                    ebi('srv_info').innerHTML =
-                        new Date().getTime() + ", " +
-                        st.todo.hash.length + ", " +
-                        st.todo.handshake.length + ", " +
-                        st.todo.upload.length + ", " +
-                        st.busy.hash.length + ", " +
-                        st.busy.handshake.length + ", " +
-                        st.busy.upload.length;
-                }
-
                var is_busy = 0 !=
                    st.todo.hash.length +
                    st.todo.handshake.length +
@@ -780,21 +786,16 @@ function up2k_init(have_crypto) {
                if (was_busy != is_busy) {
                    was_busy = is_busy;

-                    if (is_busy)
-                        window.addEventListener("beforeunload", warn_uploader_busy);
-                    else
-                        window.removeEventListener("beforeunload", warn_uploader_busy);
+                    window[(is_busy ? "add" : "remove") +
+                        "EventListener"]("beforeunload", warn_uploader_busy);
                }

                if (flag) {
                    if (is_busy) {
-                        var now = new Date().getTime();
+                        var now = Date.now();
                        flag.take(now);
-                        if (!flag.ours) {
-                            setTimeout(taskerd, 100);
-                            mutex = false;
-                            return;
-                        }
+                        if (!flag.ours)
+                            return defer();
                    }
                    else if (flag.ours) {
                        flag.give();
@@ -836,11 +837,8 @@ function up2k_init(have_crypto) {
                    mou_ikkai = true;
                }

-                if (!mou_ikkai) {
-                    setTimeout(taskerd, 100);
-                    mutex = false;
-                    return;
-                }
+                if (!mou_ikkai)
+                    return defer();
            }
        }
        taskerd();
@@ -854,47 +852,51 @@ function up2k_init(have_crypto) {

    // https://gist.github.com/jonleighton/958841
    function buf2b64(arrayBuffer) {
-        var base64 = '';
-        var encodings = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
-        var bytes = new Uint8Array(arrayBuffer);
-        var byteLength = bytes.byteLength;
-        var byteRemainder = byteLength % 3;
-        var mainLength = byteLength - byteRemainder;
-        var a, b, c, d;
-        var chunk;
+        var base64 = '',
+            cset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
+            src = new Uint8Array(arrayBuffer),
+            nbytes = src.byteLength,
+            byteRem = nbytes % 3,
+            mainLen = nbytes - byteRem,
+            a, b, c, d, chunk;

-        for (var i = 0; i < mainLength; i = i + 3) {
-            chunk = (bytes[i] << 16) | (bytes[i + 1] << 8) | bytes[i + 2];
+        for (var i = 0; i < mainLen; i = i + 3) {
+            chunk = (src[i] << 16) | (src[i + 1] << 8) | src[i + 2];
            // create 8*3=24bit segment then split into 6bit segments
-            a = (chunk & 16515072) >> 18; // 16515072 = (2^6 - 1) << 18
-            b = (chunk & 258048) >> 12; // 258048   = (2^6 - 1) << 12
-            c = (chunk & 4032) >> 6; // 4032     = (2^6 - 1) << 6
-            d = chunk & 63;               // 63       = 2^6 - 1
+            a = (chunk & 16515072) >> 18; // (2^6 - 1) << 18
+            b = (chunk & 258048) >> 12; // (2^6 - 1) << 12
+            c = (chunk & 4032) >> 6; // (2^6 - 1) << 6
+            d = chunk & 63; // 2^6 - 1

            // Convert the raw binary segments to the appropriate ASCII encoding
-            base64 += encodings[a] + encodings[b] + encodings[c] + encodings[d];
+            base64 += cset[a] + cset[b] + cset[c] + cset[d];
        }

-        if (byteRemainder == 1) {
-            chunk = bytes[mainLength];
-            a = (chunk & 252) >> 2; // 252 = (2^6 - 1) << 2
-            b = (chunk & 3) << 4; // 3   = 2^2 - 1  (zero 4 LSB)
-            base64 += encodings[a] + encodings[b];//+ '==';
+        if (byteRem == 1) {
+            chunk = src[mainLen];
+            a = (chunk & 252) >> 2; // (2^6 - 1) << 2
+            b = (chunk & 3) << 4; // 2^2 - 1  (zero 4 LSB)
+            base64 += cset[a] + cset[b];//+ '==';
        }
-        else if (byteRemainder == 2) {
-            chunk = (bytes[mainLength] << 8) | bytes[mainLength + 1];
-            a = (chunk & 64512) >> 10; // 64512 = (2^6 - 1) << 10
-            b = (chunk & 1008) >> 4; // 1008  = (2^6 - 1) << 4
-            c = (chunk & 15) << 2; // 15    = 2^4 - 1  (zero 2 LSB)
-            base64 += encodings[a] + encodings[b] + encodings[c];//+ '=';
+        else if (byteRem == 2) {
+            chunk = (src[mainLen] << 8) | src[mainLen + 1];
+            a = (chunk & 64512) >> 10; // (2^6 - 1) << 10
+            b = (chunk & 1008) >> 4; // (2^6 - 1) << 4
+            c = (chunk & 15) << 2; // 2^4 - 1  (zero 2 LSB)
+            base64 += cset[a] + cset[b] + cset[c];//+ '=';
        }

        return base64;
    }

+    function hex2u8(txt) {
+        return new Uint8Array(txt.match(/.{2}/g).map(function (b) { return parseInt(b, 16); }));
+    }
+
    function get_chunksize(filesize) {
-        var chunksize = 1024 * 1024;
-        var stepsize = 512 * 1024;
+        var chunksize = 1024 * 1024,
+            stepsize = 512 * 1024;
+
        while (true) {
            for (var mul = 1; mul <= 2; mul++) {
                var nchunks = Math.ceil(filesize / chunksize);
@@ -907,156 +909,107 @@ function up2k_init(have_crypto) {
        }
    }

-    function test_filereader_speed(segm_err) {
-        var f = st.todo.hash[0].fobj,
-            sz = Math.min(2, f.size),
-            reader = new FileReader(),
-            t0, ctr = 0;
-
-        var segm_next = function () {
-            var t = new Date().getTime(),
-                td = t - t0;
-
-            if (++ctr > 2) {
-                need_filereader_cache = td > 50;
-                st.busy.hash.pop();
-                return;
-            }
-            t0 = t;
-            reader.onload = segm_next;
-            reader.onerror = segm_err;
-            reader.readAsArrayBuffer(
-                bobslice.call(f, 0, sz));
-        };
-
-        segm_next();
-    }
-
-    function ensure_rendered(func) {
-        var hidden = false;
-        var keys = ['hidden', 'msHidden', 'webkitHidden'];
-        for (var a = 0; a < keys.length; a++)
-            if (typeof document[keys[a]] !== "undefined")
-                hidden = document[keys[a]];
-
-        if (hidden)
-            return func();
-
-        window.requestAnimationFrame(func);
-    }
-
    function exec_hash() {
-        if (need_filereader_cache === undefined) {
-            st.busy.hash.push(1);
-            return test_filereader_speed(segm_err);
-        }
-
        var t = st.todo.hash.shift();
        st.busy.hash.push(t);
        st.bytes.hashed += t.size;
        t.bytes_uploaded = 0;
-        t.t1 = new Date().getTime();

-        var nchunk = 0;
-        var chunksize = get_chunksize(t.size);
-        var nchunks = Math.ceil(t.size / chunksize);
-
-        // android-chrome has 180ms latency on FileReader calls,
-        // detect this and do 32MB at a time
-        var cache_buf = undefined,
-            cache_ofs = 0,
-            subchunks = 2;
-
-        while (subchunks * chunksize <= 32 * 1024 * 1024)
-            subchunks++;
-
-        subchunks--;
-        if (!need_filereader_cache)
-            subchunks = 1;
+        var bpend = 0,
+            nchunk = 0,
+            chunksize = get_chunksize(t.size),
+            nchunks = Math.ceil(t.size / chunksize),
+            hashtab = {};

        pvis.setab(t.n, nchunks);
        pvis.move(t.n, 'bz');

-        var reader = new FileReader();
-
        var segm_next = function () {
-            if (cache_buf) {
-                return hash_calc();
-            }
-            reader.onload = segm_load;
-            reader.onerror = segm_err;
+            if (nchunk >= nchunks || (bpend > chunksize && bpend >= min_filebuf))
+                return false;
+
+            var reader = new FileReader(),
+                nch = nchunk++,
+                car = nch * chunksize,
+                cdr = car + chunksize,
+                t0 = Date.now();

-            var car = nchunk * chunksize;
-            var cdr = car + chunksize * subchunks;
            if (cdr >= t.size)
                cdr = t.size;

+            bpend += cdr - car;
+
+            reader.onload = function (e) {
+                if (!min_filebuf && nch == 1) {
+                    min_filebuf = 1;
+                    var td = Date.now() - t0;
+                    if (td > 50) {
+                        ebi('u2foot').innerHTML += "<p>excessive filereader latency (" + td + " ms), increasing readahead</p>";
+                        min_filebuf = 32 * 1024 * 1024;
+                    }
+                }
+                hash_calc(nch, e.target.result);
+            };
+            reader.onerror = function () {
+                alert('y o u   b r o k e    i t\nerror: ' + reader.error);
+            };
            reader.readAsArrayBuffer(
                bobslice.call(t.fobj, car, cdr));
+
+            return true;
        };

-        var segm_load = function (e) {
-            cache_buf = e.target.result;
-            cache_ofs = 0;
-            hash_calc();
-        };
+        var hash_calc = function (nch, buf) {
+            while (segm_next());

-        var hash_calc = function () {
-            var buf = cache_buf;
-            if (chunksize >= buf.byteLength)
-                cache_buf = undefined;
-            else {
-                var ofs = cache_ofs;
-                var ofs2 = ofs + Math.min(chunksize, cache_buf.byteLength - cache_ofs);
-                cache_ofs = ofs2;
-                buf = new Uint8Array(cache_buf).subarray(ofs, ofs2);
-                if (ofs2 >= cache_buf.byteLength)
-                    cache_buf = undefined;
-            }
+            var hash_done = function (hashbuf) {
+                var hslice = new Uint8Array(hashbuf).subarray(0, 32),
+                    b64str = buf2b64(hslice).replace(/=$/, '');

-            var func = function () {
-                if (have_crypto)
-                    crypto.subtle.digest('SHA-512', buf).then(hash_done);
+                hashtab[nch] = b64str;
+                t.hash.push(nch);
+                pvis.hashed(t);
+
+                bpend -= buf.byteLength;
+                if (t.hash.length < nchunks) {
+                    return segm_next();
+                }
+                t.hash = [];
+                for (var a = 0; a < nchunks; a++) {
+                    t.hash.push(hashtab[a]);
+                }
+
+                t.t2 = Date.now();
+                if (t.n == 0 && window.location.hash == '#dbg') {
+                    var spd = (t.size / ((t.t2 - t.t1) / 1000.)) / (1024 * 1024.);
+                    alert('{0} ms, {1} MB/s\n'.format(t.t2 - t.t1, spd.toFixed(3)) + t.hash.join('\n'));
+                }
+
+                pvis.seth(t.n, 2, 'hashing done');
+                pvis.seth(t.n, 1, '📦 wait');
+                st.busy.hash.splice(st.busy.hash.indexOf(t), 1);
+                st.todo.handshake.push(t);
+            };
+
+            if (subtle)
+                subtle.digest('SHA-512', buf).then(hash_done);
+            else setTimeout(function () {
+                var u8buf = new Uint8Array(buf);
+                if (sha_js == 'hw') {
+                    hashwasm.sha512(u8buf).then(function (v) {
+                        hash_done(hex2u8(v))
+                    });
+                }
                else {
                    var hasher = new asmCrypto.Sha512();
-                    hasher.process(new Uint8Array(buf));
+                    hasher.process(u8buf);
                    hasher.finish();
                    hash_done(hasher.result);
                }
-            };
-
-            if (cache_buf)
-                ensure_rendered(func);
-            else
-                func();
-        };
-
-        var hash_done = function (hashbuf) {
-            var hslice = new Uint8Array(hashbuf).subarray(0, 32);
-            var b64str = buf2b64(hslice).replace(/=$/, '');
-            t.hash.push(b64str);
-
-            pvis.hashed(t);
-            if (++nchunk < nchunks) {
-                return segm_next();
-            }
-
-            t.t2 = new Date().getTime();
-            if (t.n == 0 && window.location.hash == '#dbg') {
-                var spd = (t.size / ((t.t2 - t.t1) / 1000.)) / (1024 * 1024.);
-                alert('{0} ms, {1} MB/s\n'.format(t.t2 - t.t1, spd.toFixed(3)) + t.hash.join('\n'));
-            }
-
-            pvis.seth(t.n, 2, 'hashing done');
-            pvis.seth(t.n, 1, '📦 wait');
-            st.busy.hash.splice(st.busy.hash.indexOf(t), 1);
-            st.todo.handshake.push(t);
-        };
-
-        var segm_err = function () {
-            alert('y o u   b r o k e    i t\nerror: ' + reader.error);
+            }, 1);
        };

+        t.t1 = Date.now();
        segm_next();
    }

@@ -1075,8 +1028,9 @@ function up2k_init(have_crypto) {
                var response = JSON.parse(xhr.responseText);

                if (!response.name) {
-                    var msg = '';
-                    var smsg = '';
+                    var msg = '',
+                        smsg = '';
+
                    if (!response || !response.hits || !response.hits.length) {
                        msg = 'not found on server';
                        smsg = '404';
@@ -1084,7 +1038,7 @@ function up2k_init(have_crypto) {
                    else {
                        smsg = 'found';
                        var hit = response.hits[0],
-                            msg = linksplit(esc(hit.rp)).join(''),
+                            msg = linksplit(hit.rp).join(''),
                            tr = unix2iso(hit.ts),
                            tu = unix2iso(t.lmod),
                            diff = parseInt(t.lmod) - parseInt(hit.ts),
@@ -1106,13 +1060,14 @@ function up2k_init(have_crypto) {
                if (response.name !== t.name) {
                    // file exists; server renamed us
                    t.name = response.name;
-                    pvis.seth(t.n, 0, linksplit(esc(t.purl + t.name)).join(' '));
+                    pvis.seth(t.n, 0, linksplit(t.purl + t.name).join(' '));
                }

-                var chunksize = get_chunksize(t.size);
-                var cdr_idx = Math.ceil(t.size / chunksize) - 1;
-                var cdr_sz = (t.size % chunksize) || chunksize;
-                var cbd = [];
+                var chunksize = get_chunksize(t.size),
+                    cdr_idx = Math.ceil(t.size / chunksize) - 1,
+                    cdr_sz = (t.size % chunksize) || chunksize,
+                    cbd = [];
+
                for (var a = 0; a <= cdr_idx; a++) {
                    cbd.push(a == cdr_idx ? cdr_sz : chunksize);
                }
@@ -1133,8 +1088,9 @@ function up2k_init(have_crypto) {
                pvis.setat(t.n, cbd);
                pvis.prog(t, 0, cbd[0]);

-                var done = true;
-                var msg = '&#x1f3b7;&#x1f41b;';
+                var done = true,
+                    msg = '&#x1f3b7;&#x1f41b;';
+
                if (t.postlist.length > 0) {
                    for (var a = 0; a < t.postlist.length; a++)
                        st.todo.upload.push({
@@ -1151,10 +1107,12 @@ function up2k_init(have_crypto) {
                if (done) {
                    t.done = true;
                    st.bytes.uploaded += t.size - t.bytes_uploaded;
-                    var spd1 = (t.size / ((t.t2 - t.t1) / 1000.)) / (1024 * 1024.);
-                    var spd2 = (t.size / ((t.t4 - t.t3) / 1000.)) / (1024 * 1024.);
+                    var spd1 = (t.size / ((t.t2 - t.t1) / 1000.)) / (1024 * 1024.),
+                        spd2 = (t.size / ((t.t4 - t.t3) / 1000.)) / (1024 * 1024.);
+
                    pvis.seth(t.n, 2, 'hash {0}, up {1} MB/s'.format(
                        spd1.toFixed(2), spd2.toFixed(2)));
+
                    pvis.move(t.n, 'ok');
                }
                else t.t4 = undefined;
@@ -1221,16 +1179,18 @@ function up2k_init(have_crypto) {
        var upt = st.todo.upload.shift();
        st.busy.upload.push(upt);

-        var npart = upt.npart;
-        var t = st.files[upt.nfile];
+        var npart = upt.npart,
+            t = st.files[upt.nfile];
+
        if (!t.t3)
-            t.t3 = new Date().getTime();
+            t.t3 = Date.now();

        pvis.seth(t.n, 1, "🚀 send");

-        var chunksize = get_chunksize(t.size);
-        var car = npart * chunksize;
-        var cdr = car + chunksize;
+        var chunksize = get_chunksize(t.size),
+            car = npart * chunksize,
+            cdr = car + chunksize;
+
        if (cdr >= t.size)
            cdr = t.size;

@@ -1246,7 +1206,7 @@ function up2k_init(have_crypto) {
                st.busy.upload.splice(st.busy.upload.indexOf(upt), 1);
                t.postlist.splice(t.postlist.indexOf(npart), 1);
                if (t.postlist.length == 0) {
-                    t.t4 = new Date().getTime();
+                    t.t4 = Date.now();
                    pvis.seth(t.n, 1, 'verifying');
                    st.todo.handshake.unshift(t);
                }
@@ -1295,20 +1255,24 @@ function up2k_init(have_crypto) {
    onresize();

    function desc_show(e) {
-        var msg = this.getAttribute('alt');
-        msg = msg.replace(/\$N/g, "<br />");
-        var cdesc = ebi('u2cdesc');
-        cdesc.innerHTML = msg;
+        var cfg = sread('tooltips');
+        if (cfg !== null && cfg != '1')
+            return;
+
+        var msg = this.getAttribute('alt'),
+            cdesc = ebi('u2cdesc');
+
+        cdesc.innerHTML = msg.replace(/\$N/g, "<br />");
        cdesc.setAttribute('class', 'show');
    }
    function desc_hide(e) {
        ebi('u2cdesc').setAttribute('class', '');
    }
-    var o = document.querySelectorAll('#u2conf *[alt]');
+    var o = QSA('#u2conf *[alt]');
    for (var a = o.length - 1; a >= 0; a--) {
        o[a].parentNode.getElementsByTagName('input')[0].setAttribute('alt', o[a].getAttribute('alt'));
    }
-    var o = document.querySelectorAll('#u2conf *[alt]');
+    var o = QSA('#u2conf *[alt]');
    for (var a = 0; a < o.length; a++) {
        o[a].onfocus = desc_show;
        o[a].onblur = desc_hide;
@@ -1362,15 +1326,22 @@ function up2k_init(have_crypto) {
    }

    function set_fsearch(new_state) {
-        var perms = document.body.getAttribute('perms');
-        var read_only = false;
+        var perms = document.body.getAttribute('perms'),
+            fixed = false;

        if (!ebi('fsearch')) {
            new_state = false;
        }
-        else if (perms && perms.indexOf('write') === -1) {
-            new_state = true;
-            read_only = true;
+        else if (perms) {
+            perms = perms.split(' ');
+            if (!has(perms, 'write')) {
+                new_state = true;
+                fixed = true;
+            }
+            if (!has(perms, 'read')) {
+                new_state = false;
+                fixed = true;
+            }
        }

        if (new_state !== undefined) {
@@ -1379,16 +1350,16 @@ function up2k_init(have_crypto) {
        }

        try {
-            document.querySelector('label[for="fsearch"]').style.opacity = read_only ? '0' : '1';
+            QS('label[for="fsearch"]').style.display = QS('#fsearch').style.display = fixed ? 'none' : '';
        }
        catch (ex) { }

        try {
-            var fun = fsearch ? 'add' : 'remove';
-            ebi('op_up2k').classList[fun]('srch');
+            var fun = fsearch ? 'add' : 'remove',
+                ico = fsearch ? '🔎' : '🚀',
+                desc = fsearch ? 'Search' : 'Upload';

-            var ico = fsearch ? '🔎' : '🚀';
-            var desc = fsearch ? 'Search' : 'Upload';
+            ebi('op_up2k').classList[fun]('srch');
            ebi('u2bm').innerHTML = ico + ' <sup>' + desc + '</sup>';
        }
        catch (ex) { }
@@ -1455,5 +1426,5 @@ function warn_uploader_busy(e) {
 }


-if (document.querySelector('#op_up2k.act'))
+if (QS('#op_up2k.act'))
    goto_up2k();
--- a/copyparty/web/upload.css
+++ b/copyparty/web/upload.css
@@ -19,6 +19,11 @@
 	color: #f87;
 	padding: .5em;
 }
+#u2err.msg {
+	color: #999;
+	padding: .5em;
+	font-size: .9em;
+}
 #u2btn {
 	color: #eee;
 	background: #555;
@@ -86,12 +91,15 @@
 	font-family: sans-serif;
 	width: auto;
 }
-#u2tab tr+tr:hover td {
+#u2tab tbody tr:hover td {
 	background: #222;
 }
 #u2cards {
-	margin: 2.5em auto -2.5em auto;
+	padding: 1em 0 .3em 1em;
+	margin: 1.5em auto -2.5em auto;
+	white-space: nowrap;
 	text-align: center;
+	overflow: hidden;
 }
 #u2cards.w {
 	width: 45em;
@@ -110,10 +118,15 @@
 	border-radius: 0 .4em 0 0;
 }
 #u2cards a.act {
-	border-width: 1px 1px 0 1px;
+	padding-bottom: .5em;
+	border-width: 1px 1px .1em 1px;
 	border-radius: .3em .3em 0 0;
 	margin-left: -1px;
-	background: transparent;
+	background: linear-gradient(to bottom, #464, #333 80%);
+	box-shadow: 0 -.17em .67em #280;
+	border-color: #7c5 #583 #333 #583;
+	position: relative;
+	color: #fd7;
 }
 #u2cards span {
 	color: #fff;
@@ -134,12 +147,13 @@
 	outline: none;
 }
 #u2conf .txtbox {
-	width: 4em;
+	width: 3em;
 	color: #fff;
 	background: #444;
 	border: 1px solid #777;
 	font-size: 1.2em;
 	padding: .15em 0;
+	height: 1.05em;
 }
 #u2conf .txtbox.err {
 	background: #922;
@@ -151,13 +165,12 @@
 	border-radius: .1em;
 	font-size: 1.5em;
 	padding: .1em 0;
-	margin: 0 -.25em;
+	margin: 0 -1px;
 	width: 1.5em;
 	height: 1em;
 	display: inline-block;
 	position: relative;
-	line-height: 1em;
-	bottom: -.08em;
+	bottom: -0.08em;
 }
 #u2conf input+a {
 	background: #d80;
@@ -168,7 +181,6 @@
 	height: 1em;
 	padding: .4em 0;
 	display: block;
-	user-select: none;
 	border-radius: .25em;
 }
 #u2conf input[type="checkbox"] {
@@ -208,12 +220,13 @@
 	text-align: center;
 	overflow: hidden;
 	margin: 0 -2em;
-	height: 0;
 	padding: 0 1em;
+	height: 0;
 	opacity: .1;
-    transition: all 0.14s ease-in-out;
-	border-radius: .4em;
+	transition: all 0.14s ease-in-out;
 	box-shadow: 0 .2em .5em #222;
+	border-radius: .4em;
+	z-index: 1;
 }
 #u2cdesc.show {
 	padding: 1em;
@@ -225,6 +238,10 @@
 	color: #fff;
 	font-style: italic;
 }
+#u2foot span {
+	color: #999;
+	font-size: .9em;
+}
 #u2footfoot {
 	margin-bottom: -1em;
 }
@@ -256,7 +273,10 @@ html.light #u2cards a {
 	background: linear-gradient(to bottom, #eee, #fff);
 }
 html.light #u2cards a.act {
+	color: #037;
 	background: inherit;
+	box-shadow: 0 -.17em .67em #0ad;
+	border-color: #09c #05a #eee #05a;
 }
 html.light #u2conf .txtbox {
 	background: #fff;
@@ -272,4 +292,10 @@ html.light #u2cdesc {
 }
 html.light #op_up2k.srch #u2btn {
 	border-color: #a80;
-}
+}
+html.light #u2foot {
+	color: #000;
+}
+html.light #u2tab tbody tr:hover td {
+	background: #fff;
+}
--- a/copyparty/web/upload.html
+++ b/copyparty/web/upload.html
@@ -36,7 +36,7 @@

            <table id="u2conf">
                <tr>
-                    <td>parallel uploads</td>
+                    <td><br />parallel uploads:</td>
                    <td rowspan="2">
                        <input type="checkbox" id="multitask" />
                        <label for="multitask" alt="continue hashing other files while uploading">🏃</label>
@@ -59,9 +59,9 @@
                </tr>
                <tr>
                    <td>
-                        <a href="#" id="nthread_sub">&ndash;</a>
-                        <input class="txtbox" id="nthread" value="2" />
-                        <a href="#" id="nthread_add">+</a>
+                        <a href="#" id="nthread_sub">&ndash;</a><input
+                            class="txtbox" id="nthread" value="2"/><a
+                            href="#" id="nthread_add">+</a><br />&nbsp;
                    </td>
                </tr>
            </table>
@@ -99,5 +99,5 @@
            </table>

            <p id="u2foot"></p>
-            <p id="u2footfoot">( if you don't need lastmod timestamps, resumable uploads or progress bars just use the <a href="#" id="u2nope">basic uploader</a>)</p>
+            <p id="u2footfoot" data-perm="write">( you can use the <a href="#" id="u2nope">basic uploader</a> if you don't need lastmod timestamps, resumable uploads, or progress bars )</p>
    </div>
--- a/copyparty/web/util.js
+++ b/copyparty/web/util.js
@@ -6,7 +6,8 @@ if (!window['console'])
    };


-var clickev = window.Touch ? 'touchstart' : 'click';
+var clickev = window.Touch ? 'touchstart' : 'click',
+    ANDROID = /(android)/i.test(navigator.userAgent);


 // error handler for mobile devices
@@ -49,9 +50,11 @@ function vis_exh(msg, url, lineNo, columnNo, error) {
 }


-function ebi(id) {
-    return document.getElementById(id);
-}
+var ebi = document.getElementById.bind(document),
+    QS = document.querySelector.bind(document),
+    QSA = document.querySelectorAll.bind(document),
+    mknod = document.createElement.bind(document);
+

 function ev(e) {
    e = e || window.event;
@@ -89,7 +92,7 @@ if (!String.startsWith) {
 // https://stackoverflow.com/a/950146
 function import_js(url, cb) {
    var head = document.head || document.getElementsByTagName('head')[0];
-    var script = document.createElement('script');
+    var script = mknod('script');
    script.type = 'text/javascript';
    script.src = url;

@@ -132,7 +135,7 @@ function clmod(obj, cls, add) {


 function sortfiles(nodes) {
-    var sopts = jread('fsort', [["lead", -1, ""], ["href", 1, ""]]);
+    var sopts = jread('fsort', [["href", 1, ""]]);

    try {
        var is_srch = false;
@@ -149,6 +152,9 @@ function sortfiles(nodes) {
            if (!name)
                continue;

+            if (name == 'ts')
+                typ = 'int';
+
            if (name.indexOf('tags/') === 0) {
                name = name.slice(5);
                for (var b = 0, bb = nodes.length; b < bb; b++)
@@ -160,8 +166,12 @@ function sortfiles(nodes) {

                    if ((v + '').indexOf('<a ') === 0)
                        v = v.split('>')[1];
-                    else if (name == "href" && v)
+                    else if (name == "href" && v) {
+                        if (v.slice(-1) == '/')
+                            v = '\t' + v;
+
                        v = uricom_dec(v)[0]
+                    }

                    nodes[b]._sv = v;
                }
@@ -195,6 +205,8 @@ function sortfiles(nodes) {
    }
    catch (ex) {
        console.log("failed to apply sort config: " + ex);
+        console.log("resetting fsort " + sread('fsort'))
+        localStorage.removeItem('fsort');
    }
    return nodes;
 }
@@ -274,7 +286,7 @@ function makeSortable(table, cb) {


 (function () {
-    var ops = document.querySelectorAll('#ops>a');
+    var ops = QSA('#ops>a');
    for (var a = 0; a < ops.length; a++) {
        ops[a].onclick = opclick;
    }
@@ -289,25 +301,25 @@ function opclick(e) {

    swrite('opmode', dest || null);

-    var input = document.querySelector('.opview.act input:not([type="hidden"])')
+    var input = QS('.opview.act input:not([type="hidden"])')
    if (input)
        input.focus();
 }


 function goto(dest) {
-    var obj = document.querySelectorAll('.opview.act');
+    var obj = QSA('.opview.act');
    for (var a = obj.length - 1; a >= 0; a--)
        clmod(obj[a], 'act');

-    obj = document.querySelectorAll('#ops>a');
+    obj = QSA('#ops>a');
    for (var a = obj.length - 1; a >= 0; a--)
        clmod(obj[a], 'act');

    if (dest) {
        var ui = ebi('op_' + dest);
        clmod(ui, 'act', true);
-        document.querySelector('#ops>a[data-dest=' + dest + ']').className += " act";
+        QS('#ops>a[data-dest=' + dest + ']').className += " act";

        var fn = window['goto_' + dest];
        if (fn)
@@ -346,12 +358,16 @@ function linksplit(rp) {
            link = rp.slice(0, ofs + 1);
            rp = rp.slice(ofs + 1);
        }
-        var vlink = link;
-        if (link.indexOf('/') !== -1)
-            vlink = link.slice(0, -1) + '<span>/</span>';
+        var vlink = esc(link),
+            elink = uricom_enc(link);

-        ret.push('<a href="' + apath + link + '">' + vlink + '</a>');
-        apath += link;
+        if (link.indexOf('/') !== -1) {
+            vlink = vlink.slice(0, -1) + '<span>/</span>';
+            elink = elink.slice(0, -3) + '/';
+        }
+
+        ret.push('<a href="' + apath + elink + '">' + vlink + '</a>');
+        apath += elink;
    }
    return ret;
 }
@@ -453,11 +469,15 @@ function jwrite(key, val) {
 }

 function icfg_get(name, defval) {
+    return parseInt(fcfg_get(name, defval));
+}
+
+function fcfg_get(name, defval) {
    var o = ebi(name);

-    var val = parseInt(sread(name));
+    var val = parseFloat(sread(name));
    if (isNaN(val))
-        return parseInt(o ? o.value : defval);
+        return parseFloat(o ? o.value : defval);

    if (o)
        o.value = val;
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1,11 @@
+## [`minimal-up2k.html`](minimal-up2k.html)
+* save as `.epilogue.html` inside a folder to [simplify the ui](https://user-images.githubusercontent.com/241032/118311195-dd6ca380-b4ef-11eb-86f3-75a3ff2e1332.png)
+
+## [`browser.css`](browser.css)
+* example for `--css-browser`
+
+## [`rclone.md`](rclone.md)
+* notes on using rclone as a fuse client/server
+
+## [`example.conf`](example.conf)
+* example config file for `-c` which never really happened
--- a/docs/browser.css
+++ b/docs/browser.css
@@ -0,0 +1,29 @@
+html {
+    background: url('/wp/wallhaven-mdjrqy.jpg') center / cover no-repeat fixed;
+}
+#files th {
+    background: rgba(32, 32, 32, 0.9) !important;
+}
+#ops,
+#treeul,
+#files td {
+    background: rgba(32, 32, 32, 0.3) !important;
+}
+
+
+html.light {
+    background: url('/wp/wallhaven-dpxl6l.png') center / cover no-repeat fixed;
+}
+html.light #files th {
+    background: rgba(255, 255, 255, 0.9) !important;
+}
+html.light #ops,
+html.light #treeul,
+html.light #files td {
+    background: rgba(248, 248, 248, 0.8) !important;
+}
+
+
+#files * {
+    background: transparent !important;
+}
--- a/docs/example.conf
+++ b/docs/example.conf
@@ -32,9 +32,13 @@ r

 # and a folder where anyone can upload
 # but nobody can see the contents
+# and set the e2d flag to enable the uploads database
+# and set the nodupe flag to reject duplicate uploads
 /home/ed/inc
 /dump
 w
+c e2d
+c nodupe

 # this entire config file can be replaced with these arguments:
 # -u ed:123 -u k:k -v .::r:aed -v priv:priv:rk:aed -v /home/ed/Music:music:r -v /home/ed/inc:dump:w
--- a/docs/minimal-up2k.html
+++ b/docs/minimal-up2k.html
@@ -0,0 +1,32 @@
+<!--
+  save this as .epilogue.html inside a write-only folder to declutter the UI,  makes it look like
+  https://user-images.githubusercontent.com/241032/118311195-dd6ca380-b4ef-11eb-86f3-75a3ff2e1332.png
+-->
+
+<style>
+
+    /* make the up2k ui REALLY minimal by hiding a bunch of stuff: */
+
+    #ops, #tree, #path, #wrap>h2:last-child,  /* main tabs and navigators (tree/breadcrumbs) */
+
+    #u2cleanup, #u2conf tr:first-child>td[rowspan]:not(#u2btn_cw),  /* most of the config options */
+
+    #u2cards  /* and the upload progress tabs */
+
+    {display: none !important}  /* do it! */
+
+
+
+    /* add some margins because now it's weird */
+    .opview {margin-top: 2.5em}
+    #op_up2k {margin-top: 3em}
+
+    /* and embiggen the upload button */
+    #u2conf #u2btn, #u2btn {padding:1.5em 0}
+
+    /* adjust the button area a bit */
+    #u2conf.has_btn {width: 35em !important; margin: 5em auto}
+
+</style>
+
+<a href="#" onclick="this.parentNode.innerHTML='';">show advanced options</a>
--- a/docs/notes.sh
+++ b/docs/notes.sh
@@ -80,6 +80,13 @@ command -v gdate && date() { gdate "$@"; }; while true; do t=$(date +%s.%N); (ti
 var t=[]; var b=document.location.href.split('#')[0].slice(0, -1); document.querySelectorAll('#u2tab .prog a').forEach((x) => {t.push(b+encodeURI(x.getAttribute("href")))}); console.log(t.join("\n"));


+##
+## bash oneliners
+
+# get the size and video-id of all youtube vids in folder, assuming filename ends with -id.ext, and create a copyparty search query
+find -maxdepth 1 -printf '%s %p\n' | sort -n | awk '!/-([0-9a-zA-Z_-]{11})\.(mkv|mp4|webm)$/{next} {sub(/\.[^\.]+$/,"");n=length($0);v=substr($0,n-10);print $1, v}' | tee /dev/stderr | awk 'BEGIN {p="("} {printf("%s name like *-%s.* ",p,$2);p="or"} END {print ")\n"}' | cat >&2
+
+
 ##
 ## sqlite3 stuff

@@ -146,6 +153,9 @@ dbg.asyncStore.pendingBreakpoints = {}
 # fix firefox phantom breakpoints
 about:config >> devtools.debugger.prefs-schema-version = -1

+# determine server version
+git reset --hard origin/HEAD && git log --format=format:"%H %ai %d" --decorate=full > /dev/shm/revs && cat /dev/shm/revs | while read -r rev extra; do (git reset --hard $rev >/dev/null 2>/dev/null && dsz=$(cat copyparty/web/{util,browser,up2k}.js 2>/dev/null | diff -wNarU0 - <(cat /mnt/Users/ed/Downloads/ref/{util,browser,up2k}.js) | wc -c) && printf '%s %6s %s\n' "$rev" $dsz "$extra") </dev/null; done                
+

 ##
 ## http 206
@@ -171,7 +181,7 @@ Range: bytes=26-         Content-Range: bytes */26

 var tsh = [];
 function convert_markdown(md_text, dest_dom) {
-    tsh.push(new Date().getTime());
+    tsh.push(Date.now());
    while (tsh.length > 10)
        tsh.shift();
    if (tsh.length > 1) {
--- a/docs/nuitka.txt
+++ b/docs/nuitka.txt
@@ -0,0 +1,82 @@
+# recipe for building an exe with nuitka (extreme jank edition)
+#
+# NOTE: win7 and win10 builds both work on win10 but
+#   on win7 they immediately c0000005 in kernelbase.dll
+#
+# first install python-3.6.8-amd64.exe
+#   [x] add to path
+#
+# copypaste the rest of this file into cmd
+
+rem from pypi
+cd \users\ed\downloads
+python -m pip install --user Nuitka-0.6.14.7.tar.gz
+
+rem https://github.com/brechtsanders/winlibs_mingw/releases/download/10.2.0-11.0.0-8.0.0-r5/winlibs-x86_64-posix-seh-gcc-10.2.0-llvm-11.0.0-mingw-w64-8.0.0-r5.zip
+mkdir C:\Users\ed\AppData\Local\Nuitka\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\gcc\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\gcc\x86_64\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\gcc\x86_64\10.2.0-11.0.0-8.0.0-r5\
+copy c:\users\ed\downloads\winlibs-x86_64-posix-seh-gcc-10.2.0-llvm-11.0.0-mingw-w64-8.0.0-r5.zip C:\Users\ed\AppData\Local\Nuitka\Nuitka\gcc\x86_64\10.2.0-11.0.0-8.0.0-r5\winlibs-x86_64-posix-seh-gcc-10.2.0-llvm-11.0.0-mingw-w64-8.0.0-r5.zip
+
+rem https://github.com/ccache/ccache/releases/download/v3.7.12/ccache-3.7.12-windows-32.zip
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\ccache\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\ccache\v3.7.12\
+copy c:\users\ed\downloads\ccache-3.7.12-windows-32.zip C:\Users\ed\AppData\Local\Nuitka\Nuitka\ccache\v3.7.12\ccache-3.7.12-windows-32.zip
+
+rem https://dependencywalker.com/depends22_x64.zip
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\depends\
+mkdir C:\Users\ed\AppData\Local\Nuitka\Nuitka\depends\x86_64\
+copy c:\users\ed\downloads\depends22_x64.zip C:\Users\ed\AppData\Local\Nuitka\Nuitka\depends\x86_64\depends22_x64.zip
+
+cd \
+rd /s /q %appdata%\..\local\temp\pe-copyparty
+cd \users\ed\downloads
+python copyparty-sfx.py -h
+cd %appdata%\..\local\temp\pe-copyparty\copyparty
+
+python
+import os, re
+os.rename('../dep-j2/jinja2', '../jinja2')
+os.rename('../dep-j2/markupsafe', '../markupsafe')
+
+print("# nuitka dies if .__init__.stuff is imported")
+with open('__init__.py','r',encoding='utf-8') as f:
+ t1 = f.read()
+
+with open('util.py','r',encoding='utf-8') as f:
+ t2 = f.read().split('\n')[3:]
+
+t2 = [x for x in t2 if 'from .__init__' not in x]
+t = t1 + '\n'.join(t2)
+with open('__init__.py','w',encoding='utf-8') as f:
+ f.write('\n')
+
+with open('util.py','w',encoding='utf-8') as f:
+ f.write(t)
+
+print("# local-imports fail, prefix module names")
+ptn = re.compile(r'^( *from )(\.[^ ]+ import .*)')
+for d, _, fs in os.walk('.'):
+ for f in fs:
+  fp = os.path.join(d, f)
+  if not fp.endswith('.py'):
+   continue
+  t = ''
+  with open(fp,'r',encoding='utf-8') as f:
+   for ln in [x.rstrip('\r\n') for x in f]:
+    m = ptn.match(ln)
+    if not m:
+     t += ln + '\n'
+     continue
+    p1, p2 = m.groups()
+    t += "{}copyparty{}\n".format(p1, p2).replace("__init__", "util")
+  with open(fp,'w',encoding='utf-8') as f:
+   f.write(t)
+
+exit()
+
+cd ..
+
+rd /s /q bout & python -m nuitka --standalone --onefile --windows-onefile-tempdir --python-flag=no_site --assume-yes-for-downloads --include-data-dir=copyparty\web=copyparty\web --include-data-dir=copyparty\res=copyparty\res --run --output-dir=bout --mingw64 --include-package=markupsafe --include-package=jinja2 copyparty
--- a/scripts/deps-docker/Dockerfile
+++ b/scripts/deps-docker/Dockerfile
@@ -9,6 +9,12 @@ ENV     ver_asmcrypto=5b994303a9d3e27e0915f72a10b6c2c51535a4dc \
        ver_zopfli=1.0.3


+# TODO
+# sha512.hw.js https://github.com/Daninet/hash-wasm
+# sha512.kc.js https://github.com/chm-diederichs/sha3-wasm
+# awk '/HMAC state/{o=1}  /var HEAP/{o=0}  /function hmac_reset/{o=1}  /return \{/{o=0}  /var __extends =/{o=1}  /var Hash =/{o=0}  /hmac_|pbkdf2_/{next}  o{next}  {gsub(/IllegalStateError/,"Exception")}  {sub(/^ +/,"");sub(/^\/\/ .*/,"");sub(/;$/," ;")}  1' <sha512.ac.js.orig >sha512.ac.js; for fn in sha512.ac.js.orig sha512.ac.js; do wc -c <$fn; wc -c <$fn.gz ; for n in {1..9}; do printf '%8d %d bz\n' $(bzip2 -c$n <$fn | wc -c) $n; done; done
+
+
 # download;
 # the scp url is latin from https://fonts.googleapis.com/css2?family=Source+Code+Pro&display=swap
 RUN     mkdir -p /z/dist/no-pk \
--- a/scripts/install-githooks.sh
+++ b/scripts/install-githooks.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -ex
+
+[ -e setup.py ] || ..
+[ -e setup.py ] || {
+    echo u wot
+    exit 1
+}
+
+cd .git/hooks
+rm -f pre-commit
+ln -s ../../scripts/run-tests.sh pre-commit
--- a/scripts/make-sfx.sh
+++ b/scripts/make-sfx.sh
@@ -32,6 +32,10 @@ gtar=$(command -v gtar || command -v gnutar) || true
 	[ -e /opt/local/bin/bzip2 ] &&
 		bzip2() { /opt/local/bin/bzip2 "$@"; }
 }
+
+gawk=$(command -v gawk || command -v gnuawk || command -v awk)
+awk() { $gawk "$@"; }
+
 pybin=$(command -v python3 || command -v python) || {
 	echo need python
 	exit 1
@@ -117,7 +121,7 @@ cd sfx
 ver=
 git describe --tags >/dev/null 2>/dev/null && {
 	git_ver="$(git describe --tags)";  # v0.5.5-2-gb164aa0
-	ver="$(printf '%s\n' "$git_ver" | sed -r 's/^v//; s/-g?/./g')";
+	ver="$(printf '%s\n' "$git_ver" | sed -r 's/^v//')";
 	t_ver=

 	printf '%s\n' "$git_ver" | grep -qE '^v[0-9\.]+$' && {
@@ -163,7 +167,7 @@ find .. -type f \( -name .DS_Store -or -name ._.DS_Store \) -delete
 find .. -type f -name ._\* | while IFS= read -r f; do cmp <(printf '\x00\x05\x16') <(head -c 3 -- "$f") && rm -f -- "$f"; done

 echo use smol web deps
-rm -f copyparty/web/deps/*.full.* copyparty/web/{Makefile,splash.js}
+rm -f copyparty/web/deps/*.full.* copyparty/web/Makefile

 # it's fine dw
 grep -lE '\.full\.(js|css)' copyparty/web/* |
@@ -194,17 +198,53 @@ tmv "$f"

 # up2k goes from 28k to 22k laff
 echo entabbening
-find | grep -E '\.(js|css|html)$' | while IFS= read -r f; do
+find | grep -E '\.css$' | while IFS= read -r f; do
+	awk '{
+		sub(/^[ \t]+/,"");
+		sub(/[ \t]+$/,"");
+		$0=gensub(/^([a-z-]+) *: *(.*[^ ]) *;$/,"\\1:\\2;","1");
+		sub(/ +\{$/,"{");
+		gsub(/, /,",")
+	}
+	!/\}$/ {printf "%s",$0;next}
+	1
+	' <$f | sed 's/;\}$/}/' >t
+	tmv "$f"
+done
+find | grep -E '\.(js|html)$' | while IFS= read -r f; do
 	unexpand -t 4 --first-only <"$f" >t
 	tmv "$f"
 done

+
+gzres() {
+command -v pigz &&
+	pk='pigz -11 -J 34 -I 100' ||
+	pk='gzip'
+
+echo "$pk"
+find | grep -E '\.(js|css)$' | grep -vF /deps/ | while IFS= read -r f; do
+	echo -n .
+	$pk "$f"
+done
+echo
+}
+gzres
+
+
+echo gen tarlist
+for d in copyparty dep-j2; do find $d -type f; done |
+sed -r 's/(.*)\.(.*)/\2 \1/' | LC_ALL=C sort |
+sed -r 's/([^ ]*) (.*)/\2.\1/' | grep -vE '/list1?$' > list1
+
+(grep -vE '\.(gz|br)$' list1; grep -E '\.(gz|br)$' list1) >list || true
+
 echo creating tar
 args=(--owner=1000 --group=1000)
 [ "$OSTYPE" = msys ] &&
 	args=()

-tar -cf tar "${args[@]}" --numeric-owner copyparty dep-j2
+tar -cf tar "${args[@]}" --numeric-owner -T list

 pc=bzip2
 pe=bz2
--- a/scripts/profile.py
+++ b/scripts/profile.py
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import sys
+
+sys.path.insert(0, ".")
+cmd = sys.argv[1]
+
+if cmd == "cpp":
+    from copyparty.__main__ import main
+
+    argv = ["__main__", "-v", "srv::r", "-v", "../../yt:yt:r"]
+    main(argv=argv)
+
+elif cmd == "test":
+    from unittest import main
+
+    argv = ["__main__", "discover", "-s", "tests"]
+    main(module=None, argv=argv)
+
+else:
+    raise Exception()
+
+# import dis; print(dis.dis(main))
+
+
+# macos:
+#   option1) python3.9 -m pip install --user -U vmprof==0.4.9
+#   option2) python3.9 -m pip install --user -U https://github.com/vmprof/vmprof-python/archive/refs/heads/master.zip
+#
+# python -m vmprof -o prof --lines ./scripts/profile.py test
+
+# linux: ~/.local/bin/vmprofshow prof tree | grep -vF '[1m  0.'
+# macos: ~/Library/Python/3.9/bin/vmprofshow prof tree | grep -vF '[1m  0.'
+#   win: %appdata%\..\Roaming\Python\Python39\Scripts\vmprofshow.exe prof tree
--- a/scripts/run-tests.sh
+++ b/scripts/run-tests.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -ex
+
+pids=()
+for py in python{2,3}; do
+    nice $py -m unittest discover -s tests >/dev/null &
+    pids+=($!)
+done
+
+python3 scripts/test/smoketest.py &
+pids+=($!)
+
+for pid in ${pids[@]}; do
+    wait $pid
+done
--- a/scripts/sfx.py
+++ b/scripts/sfx.py
@@ -2,7 +2,8 @@
 # coding: latin-1
 from __future__ import print_function, unicode_literals

-import os, sys, time, shutil, threading, tarfile, hashlib, platform, tempfile, traceback
+import re, os, sys, time, shutil, signal, threading, tarfile, hashlib, platform, tempfile, traceback
+import subprocess as sp

 """
 run me with any version of python, i will unpack and run copyparty
@@ -26,22 +27,21 @@ CKSUM = None
 STAMP = None

 PY2 = sys.version_info[0] == 2
-WINDOWS = sys.platform == "win32"
+WINDOWS = sys.platform in ["win32", "msys"]
 sys.dont_write_bytecode = True
 me = os.path.abspath(os.path.realpath(__file__))
-cpp = None


-def eprint(*args, **kwargs):
-    kwargs["file"] = sys.stderr
-    print(*args, **kwargs)
+def eprint(*a, **ka):
+    ka["file"] = sys.stderr
+    print(*a, **ka)


-def msg(*args, **kwargs):
-    if args:
-        args = ["[SFX]", args[0]] + list(args[1:])
+def msg(*a, **ka):
+    if a:
+        a = ["[SFX]", a[0]] + list(a[1:])

-    eprint(*args, **kwargs)
+    eprint(*a, **ka)


 # skip 1
@@ -156,6 +156,9 @@ def encode(data, size, cksum, ver, ts):
                skip = True
                continue

+            if ln.strip().startswith("# fmt: "):
+                continue
+
            unpk += ln + "\n"

        for k, v in [
@@ -209,11 +212,11 @@ def yieldfile(fn):


 def hashfile(fn):
-    hasher = hashlib.md5()
+    h = hashlib.md5()
    for block in yieldfile(fn):
-        hasher.update(block)
+        h.update(block)

-    return hasher.hexdigest()
+    return h.hexdigest()


 def unpack():
@@ -222,9 +225,10 @@ def unpack():
    tag = "v" + str(STAMP)
    withpid = "{}.{}".format(name, os.getpid())
    top = tempfile.gettempdir()
-    final = os.path.join(top, name)
-    mine = os.path.join(top, withpid)
-    tar = os.path.join(mine, "tar")
+    opj = os.path.join
+    final = opj(top, name)
+    mine = opj(top, withpid)
+    tar = opj(mine, "tar")

    try:
        if tag in os.listdir(final):
@@ -233,28 +237,24 @@ def unpack():
    except:
        pass

-    nwrite = 0
+    sz = 0
    os.mkdir(mine)
    with open(tar, "wb") as f:
        for buf in get_payload():
-            nwrite += len(buf)
+            sz += len(buf)
            f.write(buf)

-    if nwrite != SIZE:
-        t = "\n\n  bad file:\n    expected {} bytes, got {}\n".format(SIZE, nwrite)
-        raise Exception(t)
-
-    cksum = hashfile(tar)
-    if cksum != CKSUM:
-        t = "\n\n  bad file:\n    {} expected,\n    {} obtained\n".format(CKSUM, cksum)
-        raise Exception(t)
+    ck = hashfile(tar)
+    if ck != CKSUM:
+        t = "\n\nexpected {} ({} byte)\nobtained {} ({} byte)\nsfx corrupt"
+        raise Exception(t.format(CKSUM, SIZE, ck, sz))

    with tarfile.open(tar, "r:bz2") as tf:
        tf.extractall(mine)

    os.remove(tar)

-    with open(os.path.join(mine, tag), "wb") as f:
+    with open(opj(mine, tag), "wb") as f:
        f.write(b"h\n")

    try:
@@ -272,25 +272,25 @@ def unpack():
    except:
        pass

+    for fn in u8(os.listdir(top)):
+        if fn.startswith(name) and fn != withpid:
+            try:
+                old = opj(top, fn)
+                if time.time() - os.path.getmtime(old) > 86400:
+                    shutil.rmtree(old)
+            except:
+                pass
+
    try:
        os.symlink(mine, final)
    except:
        try:
            os.rename(mine, final)
+            return final
        except:
            msg("reloc fail,", mine)
-            return mine

-    for fn in u8(os.listdir(top)):
-        if fn.startswith(name) and fn not in [name, withpid]:
-            try:
-                old = os.path.join(top, fn)
-                if time.time() - os.path.getmtime(old) > 10:
-                    shutil.rmtree(old)
-            except:
-                pass
-
-    return final
+    return mine


 def get_payload():
@@ -307,37 +307,33 @@ def get_payload():
        if ofs < 0:
            raise Exception("could not find archive marker")

-        # start reading from the final b"\n"
+        # start at final b"\n"
        fpos = ofs + len(ptn) - 3
-        # msg("tar found at", fpos)
        f.seek(fpos)
        dpos = 0
-        leftovers = b""
+        rem = b""
        while True:
            rbuf = f.read(1024 * 32)
            if rbuf:
-                buf = leftovers + rbuf
+                buf = rem + rbuf
                ofs = buf.rfind(b"\n")
                if len(buf) <= 4:
-                    leftovers = buf
+                    rem = buf
                    continue

                if ofs >= len(buf) - 4:
-                    leftovers = buf[ofs:]
+                    rem = buf[ofs:]
                    buf = buf[:ofs]
                else:
-                    leftovers = b"\n# "
+                    rem = b"\n# "
            else:
-                buf = leftovers
+                buf = rem

            fpos += len(buf) + 1
-            buf = (
-                buf.replace(b"\n# ", b"")
-                .replace(b"\n#r", b"\r")
-                .replace(b"\n#n", b"\n")
-            )
-            dpos += len(buf) - 1
+            for a, b in [[b"\n# ", b""], [b"\n#r", b"\r"], [b"\n#n", b"\n"]]:
+                buf = buf.replace(a, b)

+            dpos += len(buf) - 1
            yield buf

            if not rbuf:
@@ -361,7 +357,7 @@ def utime(top):

 def confirm(rv):
    msg()
-    msg(traceback.format_exc())
+    msg("retcode", rv if rv else traceback.format_exc())
    msg("*** hit enter to exit ***")
    try:
        raw_input() if PY2 else input()
@@ -371,10 +367,8 @@ def confirm(rv):
    sys.exit(rv)


-def run(tmp, j2ver):
-    global cpp
-
-    msg("jinja2:", j2ver or "bundled")
+def run(tmp, j2):
+    msg("jinja2:", j2 or "bundled")
    msg("sfxdir:", tmp)
    msg()

@@ -384,7 +378,6 @@ def run(tmp, j2ver):

        fd = os.open(tmp, os.O_RDONLY)
        fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
-        tmp = os.readlink(tmp)  # can't flock a symlink, even with O_NOFOLLOW
    except Exception as ex:
        if not WINDOWS:
            msg("\033[31mflock:", repr(ex))
@@ -394,22 +387,39 @@ def run(tmp, j2ver):
    t.start()

    ld = [tmp, os.path.join(tmp, "dep-j2")]
-    if j2ver:
+    if j2:
        del ld[-1]

+    if any([re.match(r"^-.*j[0-9]", x) for x in sys.argv]):
+        run_s(ld)
+    else:
+        run_i(ld)
+
+
+def run_i(ld):
    for x in ld:
        sys.path.insert(0, x)

-    try:
-        from copyparty.__main__ import main as copyparty
+    from copyparty.__main__ import main as p

-        copyparty()
+    p()

-    except SystemExit as ex:
-        if ex.code:
-            confirm(ex.code)
-    except:
-        confirm(1)
+
+def run_s(ld):
+    # fmt: off
+    c = "import sys,runpy;" + "".join(['sys.path.insert(0,r"' + x + '");' for x in ld]) + 'runpy.run_module("copyparty",run_name="__main__")'
+    c = [str(x) for x in [sys.executable, "-c", c] + list(sys.argv[1:])]
+    # fmt: on
+    msg("\n", c, "\n")
+    p = sp.Popen(c)
+
+    def bye(*a):
+        p.send_signal(signal.SIGINT)
+
+    signal.signal(signal.SIGTERM, bye)
+    p.wait()
+
+    raise SystemExit(p.returncode)


 def main():
@@ -443,14 +453,23 @@ def main():

    # skip 0

-    tmp = unpack()
+    tmp = os.path.realpath(unpack())

    try:
-        from jinja2 import __version__ as j2ver
+        from jinja2 import __version__ as j2
    except:
-        j2ver = None
+        j2 = None

-    run(tmp, j2ver)
+    try:
+        run(tmp, j2)
+    except SystemExit as ex:
+        c = ex.code
+        if c not in [0, -15]:
+            confirm(ex.code)
+    except KeyboardInterrupt:
+        pass
+    except:
+        confirm(0)


 if __name__ == "__main__":
--- a/scripts/sfx.sh
+++ b/scripts/sfx.sh
@@ -47,7 +47,7 @@ grep -E '/(python|pypy)[0-9\.-]*$' >$dir/pys || true
 	printf '\033[1;30mlooking for jinja2 in [%s]\033[0m\n' "$_py" >&2
 	$_py -c 'import jinja2' 2>/dev/null || continue
 	printf '%s\n' "$_py"
-	mv $dir/{,x.}jinja2
+	mv $dir/{,x.}dep-j2
 	break
 done)"

--- a/scripts/speedtest-fs.py
+++ b/scripts/speedtest-fs.py
@@ -17,14 +17,15 @@ __license__ = "MIT"
 __url__ = "https://github.com/9001/copyparty/"


-def get_spd(nbyte, nsec):
+def get_spd(nbyte, nfiles, nsec):
    if not nsec:
-        return "0.000 MB   0.000 sec   0.000 MB/s"
+        return "0.000 MB   0 files   0.000 sec   0.000 MB/s   0.000 f/s"

    mb = nbyte / (1024 * 1024.0)
    spd = mb / nsec
+    nspd = nfiles / nsec

-    return f"{mb:.3f} MB   {nsec:.3f} sec   {spd:.3f} MB/s"
+    return f"{mb:.3f} MB   {nfiles} files   {nsec:.3f} sec   {spd:.3f} MB/s   {nspd:.3f} f/s"


 class Inf(object):
@@ -36,6 +37,7 @@ class Inf(object):
        self.mtx_reports = threading.Lock()

        self.n_byte = 0
+        self.n_file = 0
        self.n_sec = 0
        self.n_done = 0
        self.t0 = t0
@@ -63,7 +65,8 @@ class Inf(object):
                continue

            msgs = msgs[-64:]
-            msgs = [f"{get_spd(self.n_byte, self.n_sec)}   {x}" for x in msgs]
+            spd = get_spd(self.n_byte, len(self.reports), self.n_sec)
+            msgs = [f"{spd}   {x}" for x in msgs]
            print("\n".join(msgs))

    def report(self, fn, n_byte, n_sec):
@@ -131,8 +134,9 @@ def main():

    num_threads = 8
    read_sz = 32 * 1024
+    targs = (q, inf, read_sz)
    for _ in range(num_threads):
-        thr = threading.Thread(target=worker, args=(q, inf, read_sz,))
+        thr = threading.Thread(target=worker, args=targs)
        thr.daemon = True
        thr.start()

@@ -151,14 +155,14 @@ def main():
    log = inf.reports
    log.sort()
    for nbyte, nsec, fn in log[-64:]:
-        print(f"{get_spd(nbyte, nsec)}   {fn}")
+        spd = get_spd(nbyte, len(log), nsec)
+        print(f"{spd}   {fn}")

    print()
    print("\n".join(inf.errors))

-    print(get_spd(inf.n_byte, t2 - t0))
+    print(get_spd(inf.n_byte, len(log), t2 - t0))


 if __name__ == "__main__":
    main()
-
--- a/scripts/test/smoketest.py
+++ b/scripts/test/smoketest.py
@@ -0,0 +1,209 @@
+import os
+import sys
+import time
+import shlex
+import shutil
+import signal
+import tempfile
+import requests
+import threading
+import subprocess as sp
+
+
+CPP = []
+
+
+class Cpp(object):
+    def __init__(self, args):
+        args = [sys.executable, "-m", "copyparty"] + args
+        print(" ".join([shlex.quote(x) for x in args]))
+
+        self.ls_pre = set(list(os.listdir()))
+        self.p = sp.Popen(args)
+        # , stdout=sp.PIPE, stderr=sp.PIPE)
+
+        self.t = threading.Thread(target=self._run)
+        self.t.daemon = True
+        self.t.start()
+
+    def _run(self):
+        self.so, self.se = self.p.communicate()
+
+    def stop(self, wait):
+        if wait:
+            os.kill(self.p.pid, signal.SIGINT)
+            self.t.join(timeout=2)
+        else:
+            self.p.kill()  # macos py3.8
+
+    def clean(self):
+        t = os.listdir()
+        for f in t:
+            if f not in self.ls_pre and f.startswith("up."):
+                os.unlink(f)
+
+    def await_idle(self, ub, timeout):
+        req = ["scanning</td><td>False", "hash-q</td><td>0", "tag-q</td><td>0"]
+        lim = int(timeout * 10)
+        u = ub + "?h"
+        for n in range(lim):
+            try:
+                time.sleep(0.1)
+                r = requests.get(u, timeout=0.1)
+                for x in req:
+                    if x not in r.text:
+                        print("ST: {}/{} miss {}".format(n, lim, x))
+                        raise Exception()
+                print("ST: idle")
+                return
+            except:
+                pass
+
+
+def tc1():
+    ub = "http://127.0.0.1:4321/"
+    td = os.path.join("srv", "smoketest")
+    try:
+        shutil.rmtree(td)
+    except:
+        if os.path.exists(td):
+            raise
+
+    for _ in range(10):
+        try:
+            os.mkdir(td)
+        except:
+            time.sleep(0.1)  # win10
+
+    assert os.path.exists(td)
+
+    vidp = os.path.join(tempfile.gettempdir(), "smoketest.h264")
+    if not os.path.exists(vidp):
+        cmd = "ffmpeg -f lavfi -i testsrc=48x32:3 -t 1 -c:v libx264 -tune animation -preset veryslow -crf 69"
+        sp.check_call(cmd.split(" ") + [vidp])
+
+    with open(vidp, "rb") as f:
+        ovid = f.read()
+
+    args = [
+        "-p4321",
+        "-e2dsa",
+        "-e2tsr",
+        "--no-mutagen",
+        "--th-ff-jpg",
+        "--hist",
+        os.path.join(td, "dbm"),
+    ]
+    pdirs = []
+    hpaths = {}
+
+    for d1 in ["r", "w", "a"]:
+        pdirs.append("{}/{}".format(td, d1))
+        pdirs.append("{}/{}/j".format(td, d1))
+        for d2 in ["r", "w", "a"]:
+            d = os.path.join(td, d1, "j", d2)
+            pdirs.append(d)
+            os.makedirs(d)
+
+    pdirs = [x.replace("\\", "/") for x in pdirs]
+    udirs = [x.split("/", 2)[2] for x in pdirs]
+    perms = [x.rstrip("j/")[-1] for x in pdirs]
+    for pd, ud, p in zip(pdirs, udirs, perms):
+        if ud[-1] == "j":
+            continue
+
+        hp = None
+        if pd.endswith("st/a"):
+            hp = hpaths[ud] = os.path.join(td, "db1")
+        elif pd[:-1].endswith("a/j/"):
+            hpaths[ud] = os.path.join(td, "dbm")
+            hp = None
+        else:
+            hp = "-"
+            hpaths[ud] = os.path.join(pd, ".hist")
+
+        arg = "{}:{}:{}".format(pd, ud, p, hp)
+        if hp:
+            arg += ":chist=" + hp
+
+        args += ["-v", arg]
+
+    # return
+    cpp = Cpp(args)
+    CPP.append(cpp)
+    cpp.await_idle(ub, 3)
+
+    for d in udirs:
+        vid = ovid + "\n{}".format(d).encode("utf-8")
+        try:
+            requests.post(ub + d, data={"act": "bput"}, files={"f": ("a.h264", vid)})
+        except:
+            pass
+
+    cpp.clean()
+
+    # GET permission
+    for d, p in zip(udirs, perms):
+        u = "{}{}/a.h264".format(ub, d)
+        r = requests.get(u)
+        ok = bool(r)
+        if ok != (p in ["a"]):
+            raise Exception("get {} with perm {} at {}".format(ok, p, u))
+
+    # stat filesystem
+    for d, p in zip(pdirs, perms):
+        u = "{}/a.h264".format(d)
+        ok = os.path.exists(u)
+        if ok != (p in ["a", "w"]):
+            raise Exception("stat {} with perm {} at {}".format(ok, p, u))
+
+    # GET thumbnail, vreify contents
+    for d, p in zip(udirs, perms):
+        u = "{}{}/a.h264?th=j".format(ub, d)
+        r = requests.get(u)
+        ok = bool(r and r.content[:3] == b"\xff\xd8\xff")
+        if ok != (p in ["a"]):
+            raise Exception("thumb {} with perm {} at {}".format(ok, p, u))
+
+    # check tags
+    cpp.await_idle(ub, 5)
+    for d, p in zip(udirs, perms):
+        u = "{}{}?ls".format(ub, d)
+        r = requests.get(u)
+        j = r.json() if r else False
+        tag = None
+        if j:
+            for f in j["files"]:
+                tag = tag or f["tags"].get("res")
+
+        r_ok = bool(j)
+        w_ok = bool(r_ok and j.get("files"))
+
+        if not r_ok or w_ok != (p in ["a"]):
+            raise Exception("ls {} with perm {} at {}".format(ok, p, u))
+
+        if (tag and p != "a") or (not tag and p == "a"):
+            raise Exception("tag {} with perm {} at {}".format(tag, p, u))
+
+        if tag is not None and tag != "48x32":
+            raise Exception("tag [{}] at {}".format(tag, u))
+
+    cpp.stop(True)
+
+
+def run(tc):
+    try:
+        tc()
+    finally:
+        try:
+            CPP[0].stop(False)
+        except:
+            pass
+
+
+def main():
+    run(tc1)
+
+
+if __name__ == "__main__":
+    main()
--- a/setup.py
+++ b/setup.py
@@ -5,22 +5,7 @@ from __future__ import print_function
 import os
 import sys
 from shutil import rmtree
-
-setuptools_available = True
-try:
-    # need setuptools to build wheel
-    from setuptools import setup, Command, find_packages
-
-except ImportError:
-    # works in a pinch
-    setuptools_available = False
-    from distutils.core import setup, Command
-
-from distutils.spawn import spawn
-
-if "bdist_wheel" in sys.argv and not setuptools_available:
-    print("cannot build wheel without setuptools")
-    sys.exit(1)
+from setuptools import setup, Command, find_packages


 NAME = "copyparty"
@@ -100,9 +85,8 @@ args = {
    "author_email": "copyparty@ocv.me",
    "url": "https://github.com/9001/copyparty",
    "license": "MIT",
-    "data_files": data_files,
    "classifiers": [
-        "Development Status :: 3 - Alpha",
+        "Development Status :: 4 - Beta",
        "License :: OSI Approved :: MIT License",
        "Programming Language :: Python",
        "Programming Language :: Python :: 2",
@@ -120,35 +104,16 @@ args = {
        "Environment :: Console",
        "Environment :: No Input/Output (Daemon)",
        "Topic :: Communications :: File Sharing",
+        "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
    ],
+    "include_package_data": True,
+    "data_files": data_files,
+    "packages": find_packages(),
+    "install_requires": ["jinja2"],
+    "extras_require": {"thumbnails": ["Pillow"], "audiotags": ["mutagen"]},
+    "entry_points": {"console_scripts": ["copyparty = copyparty.__main__:main"]},
+    "scripts": ["bin/copyparty-fuse.py"],
    "cmdclass": {"clean2": clean2},
 }

-
-if setuptools_available:
-    args.update(
-        {
-            "packages": find_packages(),
-            "install_requires": ["jinja2"],
-            "extras_require": {"thumbnails": ["Pillow"]},
-            "include_package_data": True,
-            "entry_points": {
-                "console_scripts": ["copyparty = copyparty.__main__:main"]
-            },
-            "scripts": ["bin/copyparty-fuse.py"],
-        }
-    )
-else:
-    args.update(
-        {
-            "packages": ["copyparty", "copyparty.stolen"],
-            "scripts": ["bin/copyparty-fuse.py"],
-        }
-    )
-
-
-# import pprint
-# pprint.PrettyPrinter().pprint(args)
-# sys.exit(0)
-
 setup(**args)
--- a/copyparty/web/splash.js
+++ b/copyparty/web/splash.js
--- a/tests/run.py
+++ b/tests/run.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+import sys
+import runpy
+
+host = sys.argv[1]
+sys.argv = sys.argv[:1] + sys.argv[2:]
+sys.path.insert(0, ".")
+
+
+def rp():
+    runpy.run_module("unittest", run_name="__main__")
+
+
+if host == "vmprof":
+    rp()
+
+elif host == "cprofile":
+    import cProfile
+    import pstats
+
+    log_fn = "cprofile.log"
+    cProfile.run("rp()", log_fn)
+    p = pstats.Stats(log_fn)
+    p.sort_stats(pstats.SortKey.CUMULATIVE).print_stats(64)
+
+
+"""
+python3.9 tests/run.py cprofile -v tests/test_httpcli.py
+
+python3.9 -m pip install --user vmprof
+python3.9 -m vmprof --lines -o vmprof.log tests/run.py vmprof -v tests/test_httpcli.py
+"""
--- a/tests/test_httpcli.py
+++ b/tests/test_httpcli.py
@@ -0,0 +1,209 @@
+#!/usr/bin/env python
+# coding: utf-8
+from __future__ import print_function, unicode_literals
+
+import io
+import os
+import time
+import shutil
+import pprint
+import tarfile
+import tempfile
+import unittest
+from argparse import Namespace
+
+from tests import util as tu
+from copyparty.authsrv import AuthSrv
+from copyparty.httpcli import HttpCli
+
+
+def hdr(query):
+    h = "GET /{} HTTP/1.1\r\nCookie: cppwd=o\r\nConnection: close\r\n\r\n"
+    return h.format(query).encode("utf-8")
+
+
+class Cfg(Namespace):
+    def __init__(self, a=[], v=[], c=None):
+        super(Cfg, self).__init__(
+            a=a,
+            v=v,
+            c=c,
+            ed=False,
+            no_zip=False,
+            no_scandir=False,
+            no_sendfile=True,
+            no_rescan=True,
+            ihead=False,
+            nih=True,
+            mtp=[],
+            mte="a",
+            hist=None,
+            no_hash=False,
+            css_browser=None,
+            **{k: False for k in "e2d e2ds e2dsa e2t e2ts e2tsr".split()}
+        )
+
+
+class TestHttpCli(unittest.TestCase):
+    def setUp(self):
+        self.td = tu.get_ramdisk()
+
+    def tearDown(self):
+        os.chdir(tempfile.gettempdir())
+        shutil.rmtree(self.td)
+
+    def test(self):
+        td = os.path.join(self.td, "vfs")
+        os.mkdir(td)
+        os.chdir(td)
+
+        self.dtypes = ["ra", "ro", "rx", "wa", "wo", "wx", "aa", "ao", "ax"]
+        self.can_read = ["ra", "ro", "aa", "ao"]
+        self.can_write = ["wa", "wo", "aa", "ao"]
+        self.fn = "g{:x}g".format(int(time.time() * 3))
+
+        allfiles = []
+        allvols = []
+        for top in self.dtypes:
+            allvols.append(top)
+            allfiles.append("/".join([top, self.fn]))
+            for s1 in self.dtypes:
+                p = "/".join([top, s1])
+                allvols.append(p)
+                allfiles.append(p + "/" + self.fn)
+                allfiles.append(p + "/n/" + self.fn)
+                for s2 in self.dtypes:
+                    p = "/".join([top, s1, "n", s2])
+                    os.makedirs(p)
+                    allvols.append(p)
+                    allfiles.append(p + "/" + self.fn)
+
+        for fp in allfiles:
+            with open(fp, "w") as f:
+                f.write("ok {}\n".format(fp))
+
+        for top in self.dtypes:
+            vcfg = []
+            for vol in allvols:
+                if not vol.startswith(top):
+                    continue
+
+                mode = vol[-2]
+                usr = vol[-1]
+                if usr == "a":
+                    usr = ""
+
+                if "/" not in vol:
+                    vol += "/"
+
+                top, sub = vol.split("/", 1)
+                vcfg.append("{0}/{1}:{1}:{2}{3}".format(top, sub, mode, usr))
+
+            pprint.pprint(vcfg)
+
+            self.args = Cfg(v=vcfg, a=["o:o", "x:x"])
+            self.asrv = AuthSrv(self.args, self.log)
+            vfiles = [x for x in allfiles if x.startswith(top)]
+            for fp in vfiles:
+                rok, wok = self.can_rw(fp)
+                furl = fp.split("/", 1)[1]
+                durl = furl.rsplit("/", 1)[0] if "/" in furl else ""
+
+                # file download
+                h, ret = self.curl(furl)
+                res = "ok " + fp in ret
+                print("[{}] {} {} = {}".format(fp, rok, wok, res))
+                if rok != res:
+                    print("\033[33m{}\n# {}\033[0m".format(ret, furl))
+                    self.fail()
+
+                # file browser: html
+                h, ret = self.curl(durl)
+                res = "'{}'".format(self.fn) in ret
+                print(res)
+                if rok != res:
+                    print("\033[33m{}\n# {}\033[0m".format(ret, durl))
+                    self.fail()
+
+                # file browser: json
+                url = durl + "?ls"
+                h, ret = self.curl(url)
+                res = '"{}"'.format(self.fn) in ret
+                print(res)
+                if rok != res:
+                    print("\033[33m{}\n# {}\033[0m".format(ret, url))
+                    self.fail()
+
+                # tar
+                url = durl + "?tar"
+                h, b = self.curl(url, True)
+                # with open(os.path.join(td, "tar"), "wb") as f:
+                #    f.write(b)
+                try:
+                    tar = tarfile.open(fileobj=io.BytesIO(b)).getnames()
+                except:
+                    tar = []
+                tar = ["/".join([y for y in [top, durl, x] if y]) for x in tar]
+                tar = [[x] + self.can_rw(x) for x in tar]
+                tar_ok = [x[0] for x in tar if x[1]]
+                tar_ng = [x[0] for x in tar if not x[1]]
+                self.assertEqual([], tar_ng)
+
+                if durl.split("/")[-1] in self.can_read:
+                    ref = [x for x in vfiles if self.in_dive(top + "/" + durl, x)]
+                    for f in ref:
+                        print("{}: {}".format("ok" if f in tar_ok else "NG", f))
+                    ref.sort()
+                    tar_ok.sort()
+                    self.assertEqual(ref, tar_ok)
+
+                # stash
+                h, ret = self.put(url)
+                res = h.startswith("HTTP/1.1 200 ")
+                self.assertEqual(res, wok)
+
+    def can_rw(self, fp):
+        # lowest non-neutral folder declares permissions
+        expect = fp.split("/")[:-1]
+        for x in reversed(expect):
+            if x != "n":
+                expect = x
+                break
+
+        return [expect in self.can_read, expect in self.can_write]
+
+    def in_dive(self, top, fp):
+        # archiver bails at first inaccessible subvolume
+        top = top.strip("/").split("/")
+        fp = fp.split("/")
+        for f1, f2 in zip(top, fp):
+            if f1 != f2:
+                return False
+
+        for f in fp[len(top) :]:
+            if f == self.fn:
+                return True
+            if f not in self.can_read and f != "n":
+                return False
+
+        return True
+
+    def put(self, url):
+        buf = "PUT /{0} HTTP/1.1\r\nCookie: cppwd=o\r\nConnection: close\r\nContent-Length: {1}\r\n\r\nok {0}\n"
+        buf = buf.format(url, len(url) + 4).encode("utf-8")
+        conn = tu.VHttpConn(self.args, self.asrv, self.log, buf)
+        HttpCli(conn).run()
+        return conn.s._reply.decode("utf-8").split("\r\n\r\n", 1)
+
+    def curl(self, url, binary=False):
+        conn = tu.VHttpConn(self.args, self.asrv, self.log, hdr(url))
+        HttpCli(conn).run()
+        if binary:
+            h, b = conn.s._reply.split(b"\r\n\r\n", 1)
+            return [h.decode("utf-8"), b]
+
+        return conn.s._reply.decode("utf-8").split("\r\n\r\n", 1)
+
+    def log(self, src, msg, c=0):
+        # print(repr(msg))
+        pass
--- a/tests/test_vfs.py
+++ b/tests/test_vfs.py
@@ -3,28 +3,40 @@
 from __future__ import print_function, unicode_literals

 import os
-import time
 import json
 import shutil
 import tempfile
 import unittest
-import subprocess as sp  # nosec
-
 from textwrap import dedent
 from argparse import Namespace
-from copyparty.authsrv import AuthSrv
+
+from tests import util as tu
+from copyparty.authsrv import AuthSrv, VFS
 from copyparty import util


 class Cfg(Namespace):
    def __init__(self, a=[], v=[], c=None):
        ex = {k: False for k in "e2d e2ds e2dsa e2t e2ts e2tsr".split()}
-        ex["mtp"] = []
-        ex["mte"] = "a"
+        ex2 = {
+            "mtp": [],
+            "mte": "a",
+            "hist": None,
+            "no_hash": False,
+            "css_browser": None,
+        }
+        ex.update(ex2)
        super(Cfg, self).__init__(a=a, v=v, c=c, **ex)


 class TestVFS(unittest.TestCase):
+    def setUp(self):
+        self.td = tu.get_ramdisk()
+
+    def tearDown(self):
+        os.chdir(tempfile.gettempdir())
+        shutil.rmtree(self.td)
+
    def dump(self, vfs):
        print(json.dumps(vfs, indent=4, sort_keys=True, default=lambda o: o.__dict__))

@@ -41,6 +53,7 @@ class TestVFS(unittest.TestCase):
        self.assertEqual(util.undot(query), response)

    def ls(self, vfs, vpath, uname):
+        # type: (VFS, str, str) -> tuple[str, str, str]
        """helper for resolving and listing a folder"""
        vn, rem = vfs.get(vpath, uname, True, False)
        r1 = vn.ls(rem, uname, False)
@@ -51,57 +64,11 @@ class TestVFS(unittest.TestCase):
        real = [x[0] for x in real]
        return fsdir, real, virt

-    def runcmd(self, *argv):
-        p = sp.Popen(argv, stdout=sp.PIPE, stderr=sp.PIPE)
-        stdout, stderr = p.communicate()
-        stdout = stdout.decode("utf-8")
-        stderr = stderr.decode("utf-8")
-        return [p.returncode, stdout, stderr]
-
-    def chkcmd(self, *argv):
-        ok, sout, serr = self.runcmd(*argv)
-        if ok != 0:
-            raise Exception(serr)
-
-        return sout, serr
-
-    def get_ramdisk(self):
-        for vol in ["/dev/shm", "/Volumes/cptd"]:  # nosec (singleton test)
-            if os.path.exists(vol):
-                return vol
-
-        if os.path.exists("/Volumes"):
-            devname, _ = self.chkcmd("hdiutil", "attach", "-nomount", "ram://8192")
-            devname = devname.strip()
-            print("devname: [{}]".format(devname))
-            for _ in range(10):
-                try:
-                    _, _ = self.chkcmd(
-                        "diskutil", "eraseVolume", "HFS+", "cptd", devname
-                    )
-                    return "/Volumes/cptd"
-                except Exception as ex:
-                    print(repr(ex))
-                    time.sleep(0.25)
-
-            raise Exception("ramdisk creation failed")
-
-        ret = os.path.join(tempfile.gettempdir(), "copyparty-test")
-        try:
-            os.mkdir(ret)
-        finally:
-            return ret
-
    def log(self, src, msg, c=0):
        pass

    def test(self):
-        td = os.path.join(self.get_ramdisk(), "vfs")
-        try:
-            shutil.rmtree(td)
-        except OSError:
-            pass
-
+        td = os.path.join(self.td, "vfs")
        os.mkdir(td)
        os.chdir(td)

@@ -152,13 +119,13 @@ class TestVFS(unittest.TestCase):
        n = vfs.nodes["a"]
        self.assertEqual(len(vfs.nodes), 1)
        self.assertEqual(n.vpath, "a")
-        self.assertEqual(n.realpath, td + "/a")
+        self.assertEqual(n.realpath, os.path.join(td, "a"))
        self.assertEqual(n.uread, ["*", "k"])
        self.assertEqual(n.uwrite, ["k"])
        n = n.nodes["ac"]
        self.assertEqual(len(vfs.nodes), 1)
        self.assertEqual(n.vpath, "a/ac")
-        self.assertEqual(n.realpath, td + "/a/ac")
+        self.assertEqual(n.realpath, os.path.join(td, "a", "ac"))
        self.assertEqual(n.uread, ["*", "k"])
        self.assertEqual(n.uwrite, ["k"])
        n = n.nodes["acb"]
@@ -268,7 +235,7 @@ class TestVFS(unittest.TestCase):
        self.assertEqual(list(v1), list(v2))

        # config file parser
-        cfg_path = os.path.join(self.get_ramdisk(), "test.cfg")
+        cfg_path = os.path.join(self.td, "test.cfg")
        with open(cfg_path, "wb") as f:
            f.write(
                dedent(
@@ -290,7 +257,7 @@ class TestVFS(unittest.TestCase):
        n = au.vfs
        # root was not defined, so PWD with no access to anyone
        self.assertEqual(n.vpath, "")
-        self.assertEqual(n.realpath, td)
+        self.assertEqual(n.realpath, None)
        self.assertEqual(n.uread, [])
        self.assertEqual(n.uwrite, [])
        self.assertEqual(len(n.nodes), 1)
@@ -301,6 +268,4 @@ class TestVFS(unittest.TestCase):
        self.assertEqual(n.uwrite, ["asd"])
        self.assertEqual(len(n.nodes), 0)

-        os.chdir(tempfile.gettempdir())
-        shutil.rmtree(td)
        os.unlink(cfg_path)
--- a/tests/util.py
+++ b/tests/util.py
@@ -0,0 +1,128 @@
+import os
+import sys
+import time
+import shutil
+import jinja2
+import tempfile
+import platform
+import subprocess as sp
+
+
+WINDOWS = platform.system() == "Windows"
+ANYWIN = WINDOWS or sys.platform in ["msys"]
+MACOS = platform.system() == "Darwin"
+
+J2_ENV = jinja2.Environment(loader=jinja2.BaseLoader)
+J2_FILES = J2_ENV.from_string("{{ files|join('\n') }}")
+
+
+def nah(*a, **ka):
+    return False
+
+
+if MACOS:
+    import posixpath
+
+    posixpath.islink = nah
+    os.path.islink = nah
+    # 25% faster; until any tests do symlink stuff
+
+
+from copyparty.util import Unrecv
+
+
+def runcmd(*argv):
+    p = sp.Popen(argv, stdout=sp.PIPE, stderr=sp.PIPE)
+    stdout, stderr = p.communicate()
+    stdout = stdout.decode("utf-8")
+    stderr = stderr.decode("utf-8")
+    return [p.returncode, stdout, stderr]
+
+
+def chkcmd(*argv):
+    ok, sout, serr = runcmd(*argv)
+    if ok != 0:
+        raise Exception(serr)
+
+    return sout, serr
+
+
+def get_ramdisk():
+    def subdir(top):
+        ret = os.path.join(top, "cptd-{}".format(os.getpid()))
+        shutil.rmtree(ret, True)
+        os.mkdir(ret)
+        return ret
+
+    for vol in ["/dev/shm", "/Volumes/cptd"]:  # nosec (singleton test)
+        if os.path.exists(vol):
+            return subdir(vol)
+
+    if os.path.exists("/Volumes"):
+        # hdiutil eject /Volumes/cptd/
+        devname, _ = chkcmd("hdiutil", "attach", "-nomount", "ram://131072")
+        devname = devname.strip()
+        print("devname: [{}]".format(devname))
+        for _ in range(10):
+            try:
+                _, _ = chkcmd("diskutil", "eraseVolume", "HFS+", "cptd", devname)
+                return subdir("/Volumes/cptd")
+            except Exception as ex:
+                print(repr(ex))
+                time.sleep(0.25)
+
+        raise Exception("ramdisk creation failed")
+
+    ret = os.path.join(tempfile.gettempdir(), "copyparty-test")
+    try:
+        os.mkdir(ret)
+    finally:
+        return subdir(ret)
+
+
+class NullBroker(object):
+    def put(*args):
+        pass
+
+
+class VSock(object):
+    def __init__(self, buf):
+        self._query = buf
+        self._reply = b""
+        self.sendall = self.send
+
+    def recv(self, sz):
+        ret = self._query[:sz]
+        self._query = self._query[sz:]
+        return ret
+
+    def send(self, buf):
+        self._reply += buf
+        return len(buf)
+
+
+class VHttpSrv(object):
+    def __init__(self):
+        self.broker = NullBroker()
+
+        aliases = ["splash", "browser", "browser2", "msg", "md", "mde"]
+        self.j2 = {x: J2_FILES for x in aliases}
+
+
+class VHttpConn(object):
+    def __init__(self, args, asrv, log, buf):
+        self.s = VSock(buf)
+        self.sr = Unrecv(self.s)
+        self.addr = ("127.0.0.1", "42069")
+        self.args = args
+        self.asrv = asrv
+        self.is_mp = False
+        self.log_func = log
+        self.log_src = "a"
+        self.lf_url = None
+        self.hsrv = VHttpSrv()
+        self.nbyte = 0
+        self.workload = 0
+        self.ico = None
+        self.thumbcli = None
+        self.t0 = time.time()
Author	SHA1	Message	Date
ed	f3dfd24c92	v0.11.13	2021-06-12 20:37:05 +02:00
ed	fa0a7f50bb	add image gallery	2021-06-12 20:25:08 +02:00
ed	44a78a7e21	v0.11.12	2021-06-12 04:28:21 +02:00
ed	6b75cbf747	add readme	2021-06-12 04:26:53 +02:00
ed	e7b18ab9fe	custom css	2021-06-12 04:22:07 +02:00
ed	aa12830015	keep transparency in thumbnails	2021-06-12 03:32:06 +02:00
ed	f156e00064	s/cover/folder/g	2021-06-12 03:06:56 +02:00
ed	d53c212516	add mtp queue to status page	2021-06-12 02:23:48 +02:00
ed	ca27f8587c	add cygpath support for volume src too	2021-06-12 01:55:45 +02:00
ed	88ce008e16	more status on admin panel	2021-06-12 01:39:14 +02:00
ed	081d2cc5d7	add folder thumbnails (cover.jpg or png)	2021-06-11 23:54:54 +02:00
ed	60ac68d000	single authsrv instance per process	2021-06-11 23:01:13 +02:00
ed	fbe656957d	fix race	2021-06-11 18:12:06 +02:00
ed	5534c78c17	tests pass	2021-06-11 03:10:33 +02:00
ed	a45a53fdce	support macos ffmpeg	2021-06-11 03:05:42 +02:00
ed	972a56e738	fix stuff	2021-06-11 01:45:28 +02:00
ed	5e03b3ca38	use parent db/thumbs in jump-volumes	2021-06-10 20:43:19 +02:00
ed	1078d933b4	adding --no-hash	2021-06-10 18:08:30 +02:00
ed	d6bf300d80	option to store state out-of-volume (mostly untested)	2021-06-10 01:27:04 +02:00
ed	a359d64d44	v0.11.11	2021-06-08 23:43:00 +02:00
ed	22396e8c33	zopfli js/css	2021-06-08 23:19:35 +02:00
ed	5ded5a4516	alphabetical up2k indexing	2021-06-08 21:42:08 +02:00
ed	79c7639aaf	haha memes	2021-06-08 21:10:25 +02:00
ed	5bbf875385	fuse-client: print python version	2021-06-08 20:19:51 +02:00
ed	5e159432af	vscode: support running with -jN	2021-06-08 20:18:24 +02:00
ed	1d6ae409f6	count expenses when sending files	2021-06-08 20:17:53 +02:00
ed	9d729d3d1a	add thread names	2021-06-08 20:14:23 +02:00
ed	4dd5d4e1b7	when rootless, blank instead of block rootdir	2021-06-08 18:35:55 +02:00
ed	acd8149479	dont track workloads unless multiprocessing	2021-06-08 18:01:59 +02:00
ed	b97a1088fa	v0.11.10	2021-06-08 09:41:31 +02:00
ed	b77bed3324	fix terminating tls connections wow	2021-06-08 09:40:49 +02:00
ed	a2b7c85a1f	forgot what version was running on a box	2021-06-08 00:01:08 +02:00
ed	b28533f850	v0.11.9	2021-06-07 20:22:10 +02:00
ed	bd8c7e538a	sfx.sh: use system jinja2 when available	2021-06-07 20:09:45 +02:00
ed	89e48cff24	detect recursive symlinks	2021-06-07 20:09:18 +02:00
ed	ae90a7b7b6	mention firefox funny	2021-06-07 02:10:54 +02:00
ed	6fc1be04da	support windows-py3.5	2021-06-06 21:10:53 +02:00
ed	0061d29534	v0.11.8	2021-06-06 19:09:55 +02:00
ed	a891f34a93	update sharex example	2021-06-06 19:06:33 +02:00
ed	d6a1e62a95	append file-ext when avoiding name collisions	2021-06-06 18:53:32 +02:00
ed	cda36ea8b4	support json replies from bput	2021-06-06 18:47:21 +02:00
ed	909a76434a	a	2021-06-06 03:07:11 +02:00
ed	39348ef659	add sharex example	2021-06-06 02:53:01 +02:00
ed	99d30edef3	v0.11.7	2021-06-05 03:33:29 +02:00
ed	b63ab15bf9	gallery links in new tab if a selection is atcive	2021-06-05 03:27:44 +02:00
ed	485cb4495c	minify asmcrypto a bit	2021-06-05 03:25:54 +02:00
ed	df018eb1f2	add colors	2021-06-05 01:34:39 +02:00
ed	49aa47a9b8	way faster sha512 wasm fallback	2021-06-05 01:14:16 +02:00
ed	7d20eb202a	optimize	2021-06-04 19:35:08 +02:00
ed	c533da9129	fix single-threaded mtag	2021-06-04 19:00:24 +02:00
ed	5cba31a814	spin on thumbnails too	2021-06-04 17:38:57 +02:00
ed	1d824cb26c	add volume lister / containment checker	2021-06-04 02:23:46 +02:00
ed	83b903d60e	readme: update todos	2021-06-02 09:42:33 +02:00
ed	9c8ccabe8e	v0.11.6	2021-06-01 08:25:35 +02:00
ed	b1f2c4e70d	gain 1000x performance with one weird trick	2021-06-01 06:17:46 +00:00
ed	273ca0c8da	run tests on commit	2021-06-01 05:49:41 +02:00
ed	d6f516b34f	pypi exclusive	2021-06-01 04:14:23 +02:00
ed	83127858ca	v0.11.4	2021-06-01 03:55:51 +02:00
ed	d89329757e	fix permission check in tar/zip generator (gdi)	2021-06-01 03:55:31 +02:00
ed	49ffec5320	v0.11.3	2021-06-01 03:11:02 +02:00
ed	2eaae2b66a	fix youtube query example	2021-06-01 02:53:54 +02:00
ed	ea4441e25c	v0.11.2	2021-06-01 02:47:37 +02:00
ed	e5f34042f9	more precise volume state in admin panel	2021-06-01 02:32:53 +02:00
ed	271096874a	fix adv and date handling in query lang	2021-06-01 02:10:17 +02:00
ed	8efd780a72	thumbnail cleaner too noisy	2021-06-01 01:51:03 +02:00
ed	41bcf7308d	fix search results as thumbnails	2021-06-01 01:41:36 +02:00
ed	d102bb3199	fix on-upload hasher (0.11.1 regression)	2021-06-01 01:20:34 +02:00
ed	d0bed95415	search: add a query language	2021-06-01 01:16:40 +02:00
ed	2528729971	add dbtool	2021-05-30 16:49:08 +00:00
ed	292c18b3d0	v0.11.1	2021-05-29 23:39:39 +02:00
ed	0be7c5e2d8	live db/tags rescan	2021-05-29 23:35:07 +02:00
ed	eb5aaddba4	v0.11.0	2021-05-29 15:03:32 +02:00
ed	d8fd82bcb5	ffthumb only gets one shot	2021-05-29 12:32:51 +02:00
ed	97be495861	another chrome bug: navigating somewhere and back can return a REALLY OLD copy of the page	2021-05-29 12:31:06 +02:00
ed	8b53c159fc	dodge chrome bug	2021-05-29 10:58:21 +02:00
ed	81e281f703	add opus mimetype	2021-05-29 10:17:24 +02:00
ed	3948214050	drop deleted files from snap	2021-05-29 09:03:18 +02:00
ed	c5e9a643e7	more accurate url escaping	2021-05-29 09:02:42 +02:00
ed	d25881d5c3	mojibake fixes	2021-05-29 09:01:59 +02:00
ed	38d8d9733f	fix bugs	2021-05-29 05:50:41 +02:00
ed	118ebf668d	fix bugs	2021-05-29 05:43:09 +02:00
ed	a86f09fa46	mtp: file extension filtering	2021-05-29 04:18:57 +02:00
ed	dd4fb35c8f	nit	2021-05-29 03:45:02 +02:00
ed	621eb4cf95	add multitag example	2021-05-29 03:43:30 +02:00
ed	deea66ad0b	support multiple tags from mtp helpers	2021-05-29 03:43:14 +02:00
ed	bf99445377	groking the ffprobe tarot cards	2021-05-28 06:25:44 +02:00
ed	7b54a63396	icon fix	2021-05-28 06:25:00 +02:00
ed	0fcb015f9a	minor fixes	2021-05-28 05:16:28 +02:00
ed	0a22b1ffb6	dont log thumbnail GETs by default	2021-05-28 05:16:01 +02:00
ed	68cecc52ab	dont grow thumbs	2021-05-28 05:01:25 +02:00
ed	53657ccfff	add avif read support	2021-05-28 05:01:12 +02:00
ed	96223fda01	detect missing webp support	2021-05-28 05:00:08 +02:00
ed	374ff3433e	gj	2021-05-28 02:52:03 +02:00
ed	5d63949e98	create webp thumbnails by default	2021-05-28 02:44:13 +02:00
ed	6b065d507d	crop thumbs for AESTHETICS	2021-05-28 01:46:27 +02:00
ed	e79997498a	a	2021-05-27 01:42:22 +02:00
ed	f7ee02ec35	ux fixes	2021-05-27 01:41:50 +02:00
ed	69dc433e1c	ffprobe parser less bad	2021-05-27 01:41:12 +02:00
ed	c880cd848c	gridview lightmode	2021-05-26 22:53:40 +02:00
ed	5752b6db48	hook up the multiselect ui	2021-05-26 00:47:43 +02:00
ed	b36f905eab	sort folders first + tweak thumbs ui	2021-05-25 21:15:54 +02:00
ed	483dd527c6	add cache eviction	2021-05-25 19:46:35 +02:00
ed	e55678e28f	fix thumb/ico bugs	2021-05-25 17:36:31 +02:00
ed	3f4a8b9d6f	fixes	2021-05-25 06:35:12 +02:00
ed	02a856ecb4	create video thumbnails	2021-05-25 06:14:25 +02:00
ed	4dff726310	initial thumbnail and icon stuff	2021-05-25 03:37:01 +02:00
ed	cbc449036f	readme: todo	2021-05-23 02:43:40 +02:00
ed	8f53152220	todays mistake	2021-05-21 02:30:45 +02:00
ed	bbb1e165d6	v0.10.22	2021-05-18 04:10:37 +02:00
ed	fed8d94885	handle unsupported codecs better	2021-05-18 03:44:30 +02:00
ed	58040cc0ed	fix the treesize off-by-one (finally)	2021-05-18 03:21:53 +02:00
ed	03d692db66	add now-playing clipboard meme	2021-05-18 02:54:52 +02:00
ed	903f8e8453	logging	2021-05-17 18:45:15 +02:00
ed	405ae1308e	v0.10.21	2021-05-16 20:22:33 +02:00
ed	8a0f583d71	oh no	2021-05-16 11:01:32 +02:00
ed	b6d7017491	readme	2021-05-16 09:05:40 +02:00
ed	0f0217d203	readme	2021-05-16 08:52:22 +02:00
ed	a203e33347	v0.10.20	2021-05-16 07:51:39 +02:00
ed	3b8f697dd4	include links in bup summary	2021-05-16 07:51:22 +02:00
ed	78ba16f722	log filtering by url regex	2021-05-16 07:29:34 +02:00
ed	0fcfe79994	general-purpose file parsing	2021-05-16 07:04:18 +02:00
ed	c0e6df4b63	let it gooo	2021-05-16 05:27:04 +02:00
ed	322abdcb43	more dino support	2021-05-16 05:04:44 +02:00
ed	31100787ce	ahh whatever	2021-05-16 03:21:49 +02:00
ed	c57d721be4	ie11 doesnt support sha512	2021-05-16 03:11:37 +02:00
ed	3b5a03e977	this too	2021-05-16 02:34:36 +02:00
ed	ed807ee43e	native sha512 on old iphones	2021-05-16 02:25:00 +02:00
ed	073c130ae6	respect tooltip pref in up2k	2021-05-16 02:18:54 +02:00
ed	8810e0be13	add option to log headers	2021-05-16 02:11:09 +02:00
ed	f93016ab85	dont suggest bup if no write-access	2021-05-16 00:30:32 +02:00
ed	b19cf260c2	drop the control-panel link too	2021-05-14 20:07:48 +02:00
ed	db03e1e7eb	readme	2021-05-14 16:38:07 +02:00
ed	e0d975e36a	v0.10.19	2021-05-14 00:00:15 +02:00
ed	cfeb15259f	not careful enough	2021-05-13 23:29:15 +02:00
ed	3b3f8fc8fb	careful rice	2021-05-13 23:00:51 +02:00
ed	88bd2c084c	misc	2021-05-13 22:58:36 +02:00
ed	bd367389b0	broke windows	2021-05-13 22:58:23 +02:00
ed	58ba71a76f	option to hide incomplete uploads	2021-05-13 22:56:52 +02:00
ed	d03e34d55d	v0.10.18	2021-05-13 17:42:06 +02:00
ed	24f239a46c	ui tweaks	2021-05-13 17:41:14 +02:00
ed	2c0826f85a	conditional sections in volume listing	2021-05-13 17:24:37 +02:00
ed	c061461d01	fix md perm reqs + dyn up2k modeset	2021-05-13 17:22:31 +02:00
ed	e7982a04fe	explicit redirect to single non-roots	2021-05-13 16:54:31 +02:00
ed	33b91a7513	set password cookie expiration	2021-05-13 16:23:28 +02:00
ed	9bb1323e44	rclone faster + query params correctness	2021-05-13 16:02:30 +02:00
ed	e62bb807a5	better	2021-05-13 01:36:14 +02:00
ed	3fc0d2cc4a	better	2021-05-13 00:43:25 +02:00
ed	0c786b0766	v0.10.17	2021-05-12 23:39:54 +02:00
ed	68c7528911	yes good	2021-05-12 23:26:30 +02:00
ed	26e18ae800	disallow uploading logues	2021-05-12 23:22:43 +02:00
ed	c30dc0b546	write-only QoL mostly	2021-05-12 23:06:13 +02:00
ed	f94aa46a11	open write-only folders from tree	2021-05-12 21:50:32 +02:00
ed	403261a293	support pyinstaller	2021-05-12 21:21:07 +02:00
ed	c7d9cbb11f	show logues in write-only folders	2021-05-12 21:20:59 +02:00
ed	57e1c53cbb	mention volume flags in the cfg-file example	2021-05-02 09:48:19 +02:00
ed	0754b553dd	v0.10.16	2021-05-02 09:18:19 +02:00
ed	50661d941b	cfg-parser: fix wildcard permissions	2021-05-02 09:16:14 +02:00
ed	c5db7c1a0c	pickle needs this ;_;	2021-04-29 22:41:57 +02:00
ed	2cef5365f7	readme again	2021-04-27 09:26:14 +02:00
ed	fbc4e94007	readme (realized this was confusing)	2021-04-27 09:24:50 +02:00
ed	037ed5a2ad	readme	2021-04-26 04:02:22 +02:00
ed	69dfa55705	readme	2021-04-26 04:01:47 +02:00
ed	a79a5c4e3e	readme + ui tweaks	2021-04-25 22:44:50 +02:00
ed	7e80eabfe6	readme	2021-04-25 21:42:45 +02:00
ed	375b72770d	readme	2021-04-25 04:34:06 +02:00
ed	e2dd683def	does this look better	2021-04-25 03:04:24 +02:00
ed	9eba50c6e4	readme	2021-04-25 03:00:47 +02:00
ed	5a579dba52	sfx: help bzip2 make smaller archives	2021-04-24 22:07:09 +02:00
ed	e86c719575	sfx: cooperate better with other instances	2021-04-24 22:06:50 +02:00
ed	0e87f35547	ui tweaks	2021-04-24 22:06:21 +02:00
ed	b6d3d791a5	shave	2021-04-24 20:08:07 +02:00
ed	c9c3302664	a	2021-04-24 19:22:15 +02:00
ed	c3e4d65b80	v0.10.15	2021-04-24 04:05:57 +02:00
ed	27a03510c5	quick upload test too	2021-04-24 03:35:58 +02:00
ed	ed7727f7cb	fix write-only volumes + add regression test	2021-04-24 02:48:41 +02:00
ed	127ec10c0d	js cleanup + minor tweaks	2021-04-23 20:04:17 +02:00
ed	5a9c0ad225	ui tweaks	2021-04-22 09:10:32 +02:00
ed	7e8daf650e	v0.10.14	2021-04-21 22:04:21 +02:00
ed	0cf737b4ce	404 rather than redirect home if 404 or 403	2021-04-21 21:51:27 +02:00
ed	74635e0113	phew	2021-04-21 21:42:37 +02:00
ed	e5c4f49901	ok ok	2021-04-21 21:26:55 +02:00
ed	e4654ee7f1	uhh	2021-04-21 21:13:16 +02:00
ed	e5d05c05ed	up2k ui tweaks	2021-04-21 20:50:10 +02:00
ed	73c4f99687	add markdown streaming	2021-04-21 20:28:50 +02:00
ed	28c12ef3bf	cleanup	2021-04-21 18:48:23 +02:00
ed	eed82dbb54	remove dead code	2021-04-21 18:44:47 +02:00
ed	2c4b4ab928	up2k-cli: cond. readahead	2021-04-21 18:39:55 +02:00
ed	505a8fc6f6	up2k: sparse alloc on windows	2021-04-21 18:32:21 +02:00
ed	e4801d9b06	support msys2-python	2021-04-21 18:28:44 +02:00
ed	04f1b2cf3a	v0.10.13	2021-04-21 01:19:22 +02:00
ed	c06d928bb5	sorry android	2021-04-21 01:10:18 +02:00
ed	ab09927e7b	v0.10.12	2021-04-19 21:58:49 +02:00
ed	779437db67	up2k: more runahead	2021-04-19 21:58:30 +02:00