Update v1.124

- Fixed File Selector transition animation bug
- Fixed Music module search function
- Fixed Music player highlight issue
- Fixed touch floatWindow interaction bug
- Fixed css bug for Music Embedded player
- Fixed share interface not found bug
- Fixed critical security bug in diskmg
- Fixed ContentLength not serving when gzip enabled bug
- Fixed CopyRight year info on some pages
- Added Share interface OG preview
- Added experimental RISCV64 support
- Added floatWindow resize from top edge
- Added Music module playlist paging function
- Added Memo Deadline highlight function
- Added automatic upload mode optimizer logic
- Added experimental UPnP auto renew function
- Updated MakeFile
- Updated Video playlist structure
- Optimized Video module UI
- Migrated Music module away from Tocas UI and interface update
- Migrated File Selector, diskmg, Desktop module away from Tocas UI

Author: tobychui

src/Makefile

@@ -1,5 +1,5 @@
 # PLATFORMS := darwin/amd64 darwin/arm64 freebsd/amd64 linux/386 linux/amd64 linux/arm linux/arm64 linux/mipsle windows/386 windows/amd64 windows/arm windows/arm64
-PLATFORMS := darwin/amd64 darwin/arm64 linux/amd64 linux/arm linux/arm64 linux/mipsle windows/amd64 windows/arm64
+PLATFORMS := darwin/amd64 darwin/arm64 linux/amd64 linux/arm linux/arm64 linux/mipsle  linux/riscv64 windows/amd64 windows/arm64
 temp = $(subst /, ,$@)
 os = $(word 1, $(temp))
 arch = $(word 2, $(temp))
@@ -65,4 +65,4 @@ web.tar.gz:
 
 arozos_file_checksum.sha1:
 	@echo "Generating the checksum, if sha1sum installed"
-	-sha1sum ./dist/arozos_*_* web.tar.gz > ./dist/arozos_file_checksum.sha1
+	-sha1sum ./dist/web.tar.gz > ./dist/arozos_file_checksum.sha1

src/disk.go

@@ -130,6 +130,20 @@ func DiskServiceInit() {
 				diskmg.HandleMount(w, r, fsHandlers)
 			})
 			adminRouter.HandleFunc("/system/disk/diskmg/format", func(w http.ResponseWriter, r *http.Request) {
+				//Check if request are made in POST mode
+				if r.Method != http.MethodPost {
+					w.WriteHeader(http.StatusMethodNotAllowed)
+					w.Write([]byte("405 - Method Not Allowed"))
+					return
+				}
+
+				//Check if ArozOS is running in sudo mode
+				if !sudo_mode {
+					w.WriteHeader(http.StatusUnauthorized)
+					w.Write([]byte("401 - Unauthorized (Is ArozOS running in sudo mode?)"))
+					return
+				}
+
 				//Format option require passing in all filesystem handlers
 				diskmg.HandleFormat(w, r, fsHandlers)
 			})

src/file_system.go

@@ -413,16 +413,22 @@ func system_fs_handleLowMemoryUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	//Unescape the upload target path
+	unescapedPath, err := url.PathUnescape(uploadTarget)
+	if err != nil {
+		unescapedPath = uploadTarget
+	}
+
 	//Check if the user can write to this folder
-	if !userinfo.CanWrite(uploadTarget) {
+	if !userinfo.CanWrite(unescapedPath) {
 		//No permission
 		w.WriteHeader(http.StatusForbidden)
 		w.Write([]byte("403 - Access Denied"))
 		return
 	}
 
 	//Translate the upload target directory
-	realUploadPath, err := userinfo.VirtualPathToRealPath(uploadTarget)
+	realUploadPath, err := userinfo.VirtualPathToRealPath(unescapedPath)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte("500 - Path translation failed"))
@@ -570,7 +576,7 @@ func system_fs_handleLowMemoryUpload(w http.ResponseWriter, r *http.Request) {
 	}
 
 	//Try to decode the location if possible
-	decodedUploadLocation, err := url.QueryUnescape(targetUploadLocation)
+	decodedUploadLocation, err := url.PathUnescape(targetUploadLocation)
 	if err != nil {
 		decodedUploadLocation = targetUploadLocation
 	}

src/go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-ldap/ldap v3.0.3+incompatible
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/gorilla/sessions v1.2.1
@@ -42,7 +43,7 @@ require (
 	github.com/xanzy/ssh-agent v0.3.1 // indirect
 	gitlab.com/NebulousLabs/go-upnp v0.0.0-20211002182029-11da932010b6
 	golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 // indirect
-	golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9 // indirect
+	golang.org/x/image v0.0.0-20220617043117-41969df76e82 // indirect
 	golang.org/x/net v0.0.0-20220513224357-95641704303c // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	golang.org/x/sync v0.0.0-20220513210516-0976fa681c29

src/go.sum

@@ -166,6 +166,8 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -484,6 +486,8 @@ golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+o
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9 h1:LRtI4W37N+KFebI/qV0OFiLUv4GLOWeEW5hn/KEJvxE=
 golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/image v0.0.0-20220617043117-41969df76e82 h1:KpZB5pUSBvrHltNEdK/tw0xlPeD13M6M6aGP32gKqiw=
+golang.org/x/image v0.0.0-20220617043117-41969df76e82/go.mod h1:doUCurBvlfPMKfmIpRIywoHmhN3VyhnoFDbvIEWF4hY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

src/main.flags.go

@@ -28,7 +28,7 @@ var subserviceBasePort = 12810            //Next subservice port
 
 // =========== SYSTEM BUILD INFORMATION ==============
 var build_version = "development"                      //System build flag, this can be either {development / production / stable}
-var internal_version = "0.1.123"                       //Internal build version, [fork_id].[major_release_no].[minor_release_no]
+var internal_version = "0.1.124"                       //Internal build version, [fork_id].[major_release_no].[minor_release_no]
 var deviceUUID string                                  //The device uuid of this host
 var deviceVendor = "IMUSLAB.INC"                       //Vendor of the system
 var deviceVendorURL = "http://imuslab.com"             //Vendor contact information
@@ -37,7 +37,7 @@ var deviceModelDesc = "General Purpose Cloud Platform" //Device Model Descriptio
 var iconVendor = "img/vendor/vendor_icon.png"          //Vendor icon location
 var iconSystem = "img/vendor/system_icon.png"          //System icon location
 
-// =========== RUNTTIME RELATED ================S
+// =========== RUNTTIME RELATED ================
 var max_upload_size int64 = 8192 << 20                         //Maxmium upload size, default 8GB
 var sudo_mode bool = (os.Geteuid() == 0 || os.Geteuid() == -1) //Check if the program is launched as sudo mode or -1 on windows
 var startupTime int64 = time.Now().Unix()                      //The startup time of the ArozOS Core

src/main.go

@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 	"strconv"
 	"syscall"
+	"time"
 
 	console "imuslab.com/arozos/mod/console"
 	"imuslab.com/arozos/mod/network/gzipmiddleware"
@@ -98,7 +99,7 @@ func main() {
 	os.Mkdir(*tmp_directory, 0777)
 
 	//Print copyRight information
-	log.Println("ArozOS(C) 2021 " + deviceVendor + ".")
+	log.Println("ArozOS(C) " + strconv.Itoa(time.Now().Year()) + " " + deviceVendor + ".")
 	log.Println("ArozOS " + build_version + " Revision " + internal_version)
 
 	/*

src/mediaServer.go

@@ -24,12 +24,8 @@ Example usage:
 This will serve / download the file located at files/users/{username}/Desktop/test/02.Orchestra- エミール (Addendum version).mp3
 
 PLEASE ALWAYS USE URLENCODE IN THE LINK PASSED INTO THE /media ENDPOINT
-
-
 */
 
-//
-
 func mediaServer_init() {
 	if *enable_gzip {
 		http.HandleFunc("/media/", gzipmiddleware.CompressFunc(serverMedia))
@@ -39,6 +35,8 @@ func mediaServer_init() {
 		http.HandleFunc("/media/getMime/", serveMediaMime)
 	}
 
+	//Download API always bypass gzip no matter if gzip mode is enabled
+	http.HandleFunc("/media/download/", serverMedia)
 }
 
 //This function validate the incoming media request and return the real path for the targed file
@@ -57,6 +55,9 @@ func media_server_validateSourceFile(w http.ResponseWriter, r *http.Request) (st
 
 	targetfile, _ := common.Mv(r, "file", false)
 	targetfile, err = url.QueryUnescape(targetfile)
+	if err != nil {
+		return "", err
+	}
 	if targetfile == "" {
 		return "", errors.New("Missing paramter 'file'")
 	}
@@ -138,22 +139,38 @@ func serverMedia(w http.ResponseWriter, r *http.Request) {
 		downloadMode = true
 	}
 
+	//New download implementations, allow /download to be used instead of &download=true
+	if strings.Contains(r.RequestURI, "media/download/?file=") {
+		downloadMode = true
+	}
+
 	//Serve the file
 	if downloadMode {
-		userAgent := r.Header.Get("User-Agent")
-		filename := strings.ReplaceAll(url.QueryEscape(filepath.Base(realFilepath)), "+", "%20")
-		log.Println(r.Header.Get("User-Agent"))
-
-		if strings.Contains(userAgent, "Safari/") {
-			//This is Safari. Use speial header
-			w.Header().Set("Content-Disposition", "attachment; filename="+filepath.Base(realFilepath))
-			w.Header().Set("Content-Type", r.Header.Get("Content-Type"))
-		} else {
-			//Fixing the header issue on Golang url encode lib problems
-			w.Header().Set("Content-Disposition", "attachment; filename*=UTF-8''"+filename)
-			w.Header().Set("Content-Type", r.Header.Get("Content-Type"))
+		escapedRealFilepath, err := url.PathUnescape(realFilepath)
+		if err != nil {
+			common.SendErrorResponse(w, err.Error())
+			return
 		}
+		filename := filepath.Base(escapedRealFilepath)
+
+		/*
+			//12 Jul 2022 Update: Deprecated the browser detection logic
+			userAgent := r.Header.Get("User-Agent")
+			if strings.Contains(userAgent, "Safari/")) {
+				//This is Safari. Use speial header
+				w.Header().Set("Content-Disposition", "attachment; filename="+filepath.Base(realFilepath))
+			} else {
+				//Fixing the header issue on Golang url encode lib problems
+				w.Header().Set("Content-Disposition", "attachment; filename*=UTF-8''"+filename)
+			}
+		*/
+
+		w.Header().Set("Content-Disposition", "attachment; filename=\""+filename+"\"")
+		w.Header().Set("Content-Type", r.Header.Get("Content-Type"))
+
+		http.ServeFile(w, r, escapedRealFilepath)
+	} else {
+		http.ServeFile(w, r, realFilepath)
 	}
 
-	http.ServeFile(w, r, realFilepath)
 }

src/mod/database/database_core.go

@@ -1,5 +1,5 @@
-//go:build !mipsle
-// +build !mipsle
+//go:build !mipsle && !riscv64
+// +build !mipsle,!riscv64
 
 package database
 

src/mod/database/database_openwrt.go

@@ -1,5 +1,5 @@
-//go:build mipsle
-// +build mipsle
+//go:build mipsle || riscv64
+// +build mipsle riscv64
 
 package database