virtual user core

Author: MenxLi

lfss/api/connector.py

@@ -378,7 +378,8 @@ def list_path(
         path = _p(path)
         if path == '/':
             # handle root path separately
-            dirnames = [f'{self.whoami().username}/'] + [f'{p.username}/' for p in self.peers(AccessLevel.READ)]
+            my_username = self.whoami().username
+            dirnames = [f'{my_username}/'] if not my_username.startswith('.') else [] + [f'{p.username}/' for p in self.peers(AccessLevel.READ)]
             return PathContents(
                 dirs = [DirectoryRecord(url = d) for d in dirnames], 
                 files = []

lfss/cli/user.py

@@ -1,7 +1,7 @@
 import argparse, asyncio, os
 from contextlib import asynccontextmanager
 from .cli import parse_permission, FileReadPermission
-from ..eng.utils import parse_storage_size, fmt_storage_size
+from ..eng.utils import parse_storage_size, fmt_storage_size, fmt_sec_time
 from ..eng.datatype import AccessLevel
 from ..eng.database import Database, FileReadPermission, transaction, UserConn, unique_cursor, FileConn
 from ..eng.connection_pool import global_entrance
@@ -17,6 +17,11 @@ async def _main():
     sp_add.add_argument('--admin', action='store_true', help='Set user as admin')
     sp_add.add_argument("--permission", type=parse_permission, default=FileReadPermission.UNSET, help="File fallback read permission, can be public, protected, private, or unset")
     sp_add.add_argument('--max-storage', type=parse_storage_size, default="10G", help="Maximum storage size, e.g. 1G, 100M, 10K, default is 10G")
+
+    sp_add_virtual = sp.add_parser('add-virtual', help="Add a virtual (hidden) user, username will be prefixed with '.v-'")
+    sp_add_virtual.add_argument('--tag', type=str, default=None, help="Tag for the virtual user, will be embedded in the username for easier identification")
+    sp_add_virtual.add_argument('--peers', type=str, default="", help="Peer users and their access levels in the format 'READ:user1,user2;WRITE:user3'")
+    sp_add_virtual.add_argument('--max-storage', type=parse_storage_size, default="1G", help="Maximum storage size for the virtual user, e.g. 1G, 100M, 10K, default is 1G")
 
     sp_delete = sp.add_parser('delete')
     sp_delete.add_argument('username', type=str)
@@ -37,11 +42,16 @@ def parse_bool(s):
     sp_list = sp.add_parser('list')
     sp_list.add_argument("username", nargs='*', type=str, default=None)
     sp_list.add_argument("-l", "--long", action="store_true", help="Show detailed information, including credential and peer users")
+    sp_list.add_argument("--hidden", action="store_true", help="Include hidden users (virtual users) in the listing")
 
     sp_peer = sp.add_parser('set-peer')
     sp_peer.add_argument('src_username', type=str)
     sp_peer.add_argument('dst_username', type=str)
     sp_peer.add_argument('--level', type=parse_access_level, default=AccessLevel.READ, help="Access level")
+
+    sp_expire = sp.add_parser('set-expire')
+    sp_expire.add_argument('username', type=str)
+    sp_expire.add_argument('expire_time', type=str, nargs='?', default=None, help="Expire time in seconds or a string like '1d2h3m4s'. If not provided, the user will never expire.")
 
     args = parser.parse_args()
     db = await Database().init()
@@ -61,6 +71,14 @@ async def get_uconn():
         )
         print('User created, credential:', user.credential)
 
+    if args.subparser_name == 'add-virtual':
+        user =  await UserCtl.add_virtual(
+            tag=args.tag,
+            peers=args.peers,
+            max_storage=args.max_storage
+        )
+        print('Virtual user created, username:', user.username, ', credential:', user.credential)
+    
     if args.subparser_name == 'delete':
         user = await UserCtl.delete(args.username)
         print('User deleted')
@@ -79,10 +97,20 @@ async def get_uconn():
         await UserCtl.set_peer(args.src_username, args.dst_username, args.level)
         print(f"Peer set: [{args.src_username}] now have [{args.level.name}] access to [{args.dst_username}]")
 
+    if args.subparser_name == 'set-expire':
+        await UserCtl.set_expire(args.username, args.expire_time)
+        print(f"User [{args.username}] expire time set.")
+    
     if args.subparser_name == 'list':
         async with get_uconn() as uconn:
             term_width = os.get_terminal_size().columns
-            async for user in uconn.all():
+            async def __iter_users():
+                if args.hidden:
+                    async for user in uconn.iter_all(): yield user
+                    async for user in uconn.iter_hidden(): yield user
+                else:
+                    async for user in uconn.iter_all(): yield user
+            async for user in __iter_users():
                 if args.username and not user.username in args.username:
                     continue
                 print("\033[90m-\033[0m" * term_width)
@@ -93,6 +121,7 @@ async def get_uconn():
                         user_size_used = await fconn.user_size(user.id)
                     print('- Credential: ', user.credential)
                     print(f'- Storage: {fmt_storage_size(user_size_used)} / {fmt_storage_size(user.max_storage)}')
+                    print(f'- Expire: {fmt_sec_time(exp_time) if (exp_time := await uconn.query_user_expire(user.id)) is not None else "never"}')
                     for p in AccessLevel:
                         if p > AccessLevel.NONE:
                             usernames = [x.username for x in await uconn.list_peer_users(user.id, p)]

lfss/eng/database_conn.py

@@ -3,7 +3,7 @@
 from typing import Optional, Literal, overload
 from collections.abc import AsyncIterable
 from abc import ABC
-import re
+import re, time
 
 import urllib.parse
 import asyncio
@@ -86,15 +86,17 @@ async def get_user_by_credential(self, credential: str) -> Optional[UserRecord]:
 
     async def create_user(
         self, username: str, password: str, is_admin: bool = False, 
-        max_storage: int = 1073741824, permission: FileReadPermission = FileReadPermission.UNSET
+        max_storage: int = 1073741824, permission: FileReadPermission = FileReadPermission.UNSET, 
+        _validate = True
         ) -> int:
         def validate_username(username: str):
             assert_or(not set(username) & {'/', ':'}, InvalidInputError("Invalid username"))
             assert_or(not username.startswith('_'), InvalidInputError("Error: reserved username"))
             assert_or(not username.startswith('.'), InvalidInputError("Error: reserved username"))
             assert_or(not (len(username) > 255), InvalidInputError("Username too long"))
             assert_or(urllib.parse.quote(username) == username, InvalidInputError("Invalid username, must be URL safe"))
-        validate_username(username)
+        if _validate:
+            validate_username(username)
         self.logger.debug(f"Creating user {username}")
         credential = hash_credential(username, password)
         assert_or(await self.get_user(username) is None, InvalidDataError(f"Duplicate username: {username}"))
@@ -103,6 +105,22 @@ def validate_username(username: str):
         assert self.cur.lastrowid is not None
         return self.cur.lastrowid
 
+    async def query_user_expire(self, user_id: int) -> Optional[int]:
+        """ Return the remaining seconds before user expire, None if no expire is set. """
+        await self.cur.execute("SELECT posix_stamp FROM uexpire WHERE user_id = ?", (user_id, ))
+        res = await self.cur.fetchone()
+        return res[0] - int(time.time()) if res is not None else None
+    
+    async def set_user_expire(self, user_id: int, expire_seconds: int):
+        """ Set the user to expire in `expire_seconds` seconds from now. """
+        expire_time = int(time.time()) + expire_seconds
+        await self.cur.execute("INSERT OR REPLACE INTO uexpire (user_id, posix_stamp) VALUES (?, ?)", (user_id, expire_time))
+        self.logger.info(f"Set user {user_id} to expire in {expire_seconds} seconds")
+    
+    async def clear_user_expire(self, user_id: int):
+        await self.cur.execute("DELETE FROM uexpire WHERE user_id = ?", (user_id, ))
+        self.logger.info(f"Cleared expire for user {user_id}")
+    
     async def update_user(
         self, username: str, password: Optional[str] = None, is_admin: Optional[bool] = None, 
         max_storage: Optional[int] = None, permission: Optional[FileReadPermission] = None
@@ -130,17 +148,25 @@ async def update_user(
             )
         self.logger.info(f"User {username} updated")
 
-    async def all(self):
-        await self.cur.execute("SELECT * FROM user")
+    async def iter_all(self) -> AsyncIterable[UserRecord]:
+        await self.cur.execute("SELECT * FROM user where username NOT LIKE '.%'")
+        for record in await self.cur.fetchall():
+            yield self.parse_record(record)
+    
+    async def iter_hidden(self) -> AsyncIterable[UserRecord]:
+        await self.cur.execute("SELECT * FROM user where username LIKE '.%'")
         for record in await self.cur.fetchall():
             yield self.parse_record(record)
 
     async def set_active(self, username: str):
         await self.cur.execute("UPDATE user SET last_active = CURRENT_TIMESTAMP WHERE username = ?", (username, ))
 
     async def delete_user(self, username: str):
+        """ Note: this will not delete files owned by the user, please use higher level API to delete user and files together. """
         await self.cur.execute("DELETE FROM upeer WHERE src_user_id = (SELECT id FROM user WHERE username = ?) OR dst_user_id = (SELECT id FROM user WHERE username = ?)", (username, username))
         await self.cur.execute("DELETE FROM user WHERE username = ?", (username, ))
+        await self.cur.execute("DELETE FROM usize WHERE user_id = (SELECT id FROM user WHERE username = ?)", (username, ))
+        await self.cur.execute("DELETE FROM uexpire WHERE user_id = (SELECT id FROM user WHERE username = ?)", (username, ))
         self.logger.info(f"Delete user {username}")
 
     async def set_peer_level(self, src_user: int | str, dst_user: int | str, level: AccessLevel):
@@ -185,7 +211,7 @@ async def query_peer_level(self, src_user_id: int, dst_user_id: int) -> AccessLe
         return AccessLevel(res[0])
 
     async def list_all_users(self) -> list[UserRecord]:
-        return [u async for u in self.all()]
+        return [u async for u in self.iter_all()]
 
     async def list_admin_users(self) -> list[UserRecord]:
         await self.cur.execute("SELECT * FROM user WHERE is_admin = 1")

lfss/eng/log.py

@@ -1,4 +1,4 @@
-from .config import LOG_DIR, DISABLE_LOGGING
+from .config import LOG_DIR, DISABLE_LOGGING, DEBUG_MODE
 import time, sqlite3, dataclasses
 from typing import TypeVar, Callable, Literal, Optional
 from concurrent.futures import ThreadPoolExecutor
@@ -130,7 +130,7 @@ def get_logger(
     name = 'default', 
     log_home = LOG_DIR, 
     level = 'DEBUG',
-    term_level = 'INFO',
+    term_level = 'INFO' if not DEBUG_MODE else 'DEBUG',
     file_handler_type: _fh_T = 'sqlite', 
     global_instance = True
     )->BaseLogger:

lfss/eng/permission.py

@@ -81,6 +81,10 @@ async def this_cur():
                 yield _cur
         else:
             yield cursor
+    
+    # reserved paths
+    if path.startswith('.') or path.startswith('/.'):
+        return AccessLevel.NONE
 
     # check if path user exists, may raise exception
     async with this_cur() as cur: