chore(release): set APP_VERSION to v1.8.7 [skip ci]

release(v1.8.7): fix(zip-download): stream clean ZIP response and purge stale temp archives
chore(ci): add manual trigger + bot-derived version detection for releases
2025-11-05 05:02:42 +00:00 · 2025-11-05 00:02:32 -05:00 · 2025-11-04 23:09:31 -05:00 · 2025-11-05 03:57:04 +00:00
5 changed files with 174 additions and 54 deletions
--- a/.github/workflows/release-on-version.yml
+++ b/.github/workflows/release-on-version.yml
@@ -3,12 +3,20 @@ name: Release on version.js update

 on:
  push:
-    branches: ["master"] # keep as-is; change to ["master","main"] if you use main too
+    branches: ["master"]
    paths:
      - public/js/version.js
  workflow_run:
    workflows: ["Bump version and sync Changelog to Docker Repo"]
    types: [completed]
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "Ref (branch or SHA) to build from (default: origin/master)"
+        required: false
+      version:
+        description: "Explicit version tag to release (e.g., v1.8.6). If empty, auto-detect."
+        required: false

 permissions:
  contents: write
@@ -27,37 +35,94 @@ jobs:
    # Guard: Only run on trusted workflow_run events (pushes from this repo)
    if: >
      github.event_name == 'push' ||
+      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'workflow_run' &&
       github.event.workflow_run.event == 'push' &&
       github.event.workflow_run.head_repository.full_name == github.repository)

+    # Use run_id for a stable, unique key
    concurrency:
-      # Ensure concurrency key follows the actual source ref
-      group: release-${{ github.event_name }}-${{ github.event.workflow_run.head_sha || github.sha }}
+      group: release-${{ github.run_id }}
      cancel-in-progress: false

    steps:
-      - name: Resolve correct ref
+      - name: Checkout (fetch all)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Ensure tags + master available
+        shell: bash
+        run: |
+          git fetch --tags --force --prune --quiet
+          git fetch origin master --quiet
+
+      - name: Resolve source ref + (maybe) version
        id: pickref
        shell: bash
        run: |
-          if [ "${{ github.event_name }}" = "workflow_run" ]; then
-            echo "ref=${{ github.event.workflow_run.head_sha }}" >> "$GITHUB_OUTPUT"
-          else
-            echo "ref=${{ github.sha }}" >> "$GITHUB_OUTPUT"
-          fi
-          echo "Using ref: $(cat $GITHUB_OUTPUT)"
+          set -euo pipefail

-      - name: Checkout
+          # Defaults
+          REF=""
+          VER=""
+          SRC=""
+
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            # manual run
+            REF_IN="${{ github.event.inputs.ref }}"
+            VER_IN="${{ github.event.inputs.version }}"
+            if [[ -n "$REF_IN" ]]; then
+              # Try branch/sha; fetch branch if needed
+              git fetch origin "$REF_IN" --quiet || true
+              if REF_SHA="$(git rev-parse --verify --quiet "$REF_IN")"; then
+                REF="$REF_SHA"
+              else
+                echo "Provided ref '$REF_IN' not found" >&2
+                exit 1
+              fi
+            else
+              REF="$(git rev-parse origin/master)"
+            fi
+            if [[ -n "$VER_IN" ]]; then
+              VER="$VER_IN"
+              SRC="manual-version"
+            fi
+          elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then
+            REF="${{ github.event.workflow_run.head_sha }}"
+          else
+            REF="${{ github.sha }}"
+          fi
+
+          # If no explicit version, try to find the latest bot bump reachable from REF
+          if [[ -z "$VER" ]]; then
+            # Search recent history reachable from REF
+            BOT_SHA="$(git log "$REF" -n 200 --author='github-actions[bot]' --grep='set APP_VERSION to v' --pretty=%H | head -n1 || true)"
+            if [[ -n "$BOT_SHA" ]]; then
+              SUBJ="$(git log -n1 --pretty=%s "$BOT_SHA")"
+              BOT_VER="$(sed -n 's/.*set APP_VERSION to \(v[^ ]*\).*/\1/p' <<<"${SUBJ}")"
+              if [[ -n "$BOT_VER" ]]; then
+                VER="$BOT_VER"
+                REF="$BOT_SHA"   # build/tag from the bump commit
+                SRC="bot-commit"
+              fi
+            fi
+          fi
+
+          # Output
+          REF_SHA="$(git rev-parse "$REF")"
+          echo "ref=$REF_SHA"           >> "$GITHUB_OUTPUT"
+          echo "source=${SRC:-event-ref}" >> "$GITHUB_OUTPUT"
+          echo "preversion=${VER}"      >> "$GITHUB_OUTPUT"
+          echo "Using source=${SRC:-event-ref} ref=$REF_SHA"
+          if [[ -n "$VER" ]]; then echo "Pre-resolved version=$VER"; fi
+
+      - name: Checkout chosen ref
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ steps.pickref.outputs.ref }}

-      - name: Ensure tags available
-        run: git fetch --tags --force --prune --quiet
-
-      # Guard: refuse if the ref isn’t contained in master
      - name: Assert ref is on master
        shell: bash
        run: |
@@ -66,26 +131,35 @@ jobs:
          git fetch origin master --quiet
          if ! git merge-base --is-ancestor "$REF" origin/master; then
            echo "Ref $REF is not on master; refusing to release."
-            exit 78  # neutral exit
+            exit 78
          fi

-      - name: Debug version.js origin
+      - name: Debug version.js provenance
+        shell: bash
        run: |
-          echo "version.js at commit: $(git log -n1 --pretty=%h -- public/js/version.js)"
+          echo "version.js last-change commit: $(git log -n1 --pretty='%h %s' -- public/js/version.js || echo 'none')"
          sed -n '1,20p' public/js/version.js || true

-      - name: Read version from version.js
+      - name: Determine version
        id: ver
        shell: bash
        run: |
          set -euo pipefail
-          VER=$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/")
+          # Prefer pre-resolved version (manual input or bot commit)
+          if [[ -n "${{ steps.pickref.outputs.preversion }}" ]]; then
+            VER="${{ steps.pickref.outputs.preversion }}"
+            echo "version=$VER" >> "$GITHUB_OUTPUT"
+            echo "Parsed version (pre-resolved): $VER"
+            exit 0
+          fi
+          # Fallback to version.js
+          VER="$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/")"
          if [[ -z "$VER" ]]; then
            echo "Could not parse APP_VERSION from version.js" >&2
            exit 1
          fi
          echo "version=$VER" >> "$GITHUB_OUTPUT"
-          echo "Parsed version: $VER"
+          echo "Parsed version (file): $VER"

      - name: Skip if tag already exists
        id: tagcheck
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,23 @@
 # Changelog

+## Changes 11/5/2025 (v1.8.7)
+
+release(v1.8.7): fix(zip-download): stream clean ZIP response and purge stale temp archives
+
+- FileController::downloadZip
+  - Remove _jsonStart/_jsonEnd and JSON wrappers; send a pure binary ZIP
+  - Close session locks, disable gzip/output buffering, set Content-Length when known
+  - Stream in 1MiB chunks; proper HTTP codes/messages on errors
+  - Unlink the temp ZIP after successful send
+  - Preserves all auth/ACL/ownership checks
+
+- FileModel::createZipArchive
+  - Purge META_DIR/ziptmp/download-*.zip older than 6h before creating a new ZIP
+
+Result: fixes “failed to fetch / load failed” with fetch>blob flow and reduces leftover tmp ZIPs.
+
+---
+
 ## Changes 11/4/2025 (v1.8.6)

 release(v1.8.6): fix large ZIP downloads + safer extract; close #60
--- a/public/js/version.js
+++ b/public/js/version.js
@@ -1,2 +1,2 @@
 // generated by CI
-window.APP_VERSION = 'v1.8.5';
+window.APP_VERSION = 'v1.8.7';
--- a/src/controllers/FileController.php
+++ b/src/controllers/FileController.php
@@ -667,26 +667,26 @@ public function deleteFiles()

    public function downloadZip()
    {
-        $this->_jsonStart();
        try {
-            if (!$this->_checkCsrf()) return;
-            if (!$this->_requireAuth()) return;
+            
+            if (!$this->_checkCsrf()) { http_response_code(400); echo "Bad CSRF"; return; }
+            if (!$this->_requireAuth()) { http_response_code(401); echo "Unauthorized"; return; }
    
            $data = $this->_readJsonBody();
            if (!is_array($data) || !isset($data['folder'], $data['files']) || !is_array($data['files'])) {
-                $this->_jsonOut(["error" => "Invalid input."], 400); return;
+                http_response_code(400); echo "Invalid input."; return;
            }
    
            $folder = $this->_normalizeFolder($data['folder']);
            $files  = $data['files'];
-            if (!$this->_validFolder($folder)) { $this->_jsonOut(["error"=>"Invalid folder name."], 400); return; }
+            if (!$this->_validFolder($folder)) { http_response_code(400); echo "Invalid folder name."; return; }
    
            $username = $_SESSION['username'] ?? '';
            $perms    = $this->loadPerms($username);
    
            // Optional zip gate by account flag
            if (!$this->isAdmin($perms) && !empty($perms['disableZip'])) {
-                $this->_jsonOut(["error" => "ZIP downloads are not allowed for your account."], 403); return;
+                http_response_code(403); echo "ZIP downloads are not allowed for your account."; return;
            }
    
            $ignoreOwnership = $this->isAdmin($perms)
@@ -698,44 +698,65 @@ public function deleteFiles()
                || $this->ownsFolderOrAncestor($folder, $username, $perms);
            $ownOnly  = !$fullView && ACL::hasGrant($username, $folder, 'read_own');
    
-            if (!$fullView && !$ownOnly) {
-                $this->_jsonOut(["error" => "Forbidden: no view access to this folder."], 403); return;
-            }
+            if (!$fullView && !$ownOnly) { http_response_code(403); echo "Forbidden: no view access to this folder."; return; }
    
-            // If own-only, ensure all files are owned by the user
            if ($ownOnly) {
                $meta = $this->loadFolderMetadata($folder);
                foreach ($files as $f) {
                    $bn = basename((string)$f);
                    if (!isset($meta[$bn]['uploader']) || strcasecmp((string)$meta[$bn]['uploader'], $username) !== 0) {
-                        $this->_jsonOut(["error" => "Forbidden: you are not the owner of '{$bn}'."], 403); return;
+                        http_response_code(403); echo "Forbidden: you are not the owner of '{$bn}'."; return;
                    }
                }
            }
    
            $result = FileModel::createZipArchive($folder, $files);
-            if (isset($result['error'])) {
-                $this->_jsonOut(["error" => $result['error']], 400); return;
-            }
+            if (isset($result['error'])) { http_response_code(400); echo $result['error']; return; }
    
            $zipPath = $result['zipPath'] ?? null;
-            if (!$zipPath || !file_exists($zipPath)) { $this->_jsonOut(["error"=>"ZIP archive not found."], 500); return; }
+            if (!$zipPath || !is_file($zipPath)) { http_response_code(500); echo "ZIP archive not found."; return; }
    
-            // switch to file streaming
+            // ---- Clean binary stream setup ----
+            @session_write_close();
+            @set_time_limit(0);
+            @ignore_user_abort(true);
+            if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', '1'); }
+            @ini_set('zlib.output_compression', '0');
+            @ini_set('output_buffering', 'off');
+            while (ob_get_level() > 0) { @ob_end_clean(); }
+    
+            @clearstatcache(true, $zipPath);
+            $size = (int)@filesize($zipPath);
+    
+            header('X-Accel-Buffering: no');
            header_remove('Content-Type');
            header('Content-Type: application/zip');
+            // Client sets the final name via a.download in your JS; server can be generic
            header('Content-Disposition: attachment; filename="files.zip"');
-            header('Content-Length: ' . filesize($zipPath));
+            if ($size > 0) header('Content-Length: ' . $size);
            header('Cache-Control: no-store, no-cache, must-revalidate');
            header('Pragma: no-cache');
    
-            readfile($zipPath);
+            $fp = fopen($zipPath, 'rb');
+            if ($fp === false) { http_response_code(500); echo "Failed to open ZIP."; return; }
+    
+            $chunk = 1048576; // 1 MiB
+            while (!feof($fp)) {
+                $buf = fread($fp, $chunk);
+                if ($buf === false) break;
+                echo $buf;
+                flush();
+            }
+            fclose($fp);
            @unlink($zipPath);
            exit;
+    
        } catch (Throwable $e) {
            error_log('FileController::downloadZip error: '.$e->getMessage().' @ '.$e->getFile().':'.$e->getLine());
-            $this->_jsonOut(['error' => 'Internal server error while preparing ZIP.'], 500);
-        } finally { $this->_jsonEnd(); }
+            if (!headers_sent()) http_response_code(500);
+            echo "Internal server error while preparing ZIP.";
+        }
+        
    }

    public function extractZip()
--- a/src/models/FileModel.php
+++ b/src/models/FileModel.php
@@ -557,6 +557,13 @@ class FileModel {
     * @return array An associative array with either an "error" key or a "zipPath" key.
     */
    public static function createZipArchive($folder, $files) {
+
+        // (optional) purge old temp zips > 6h
+        $zipRoot = rtrim((string)META_DIR, '/\\') . DIRECTORY_SEPARATOR . 'ziptmp';
+        $now = time();
+        foreach (glob($zipRoot . DIRECTORY_SEPARATOR . 'download-*.zip') ?: [] as $zp) {
+            if (is_file($zp) && ($now - @filemtime($zp)) > 21600) { @unlink($zp); }
+        }
        // Normalize and validate target folder
        $folder = trim((string)$folder) ?: 'root';
        $baseDir = realpath(UPLOAD_DIR);
Author	SHA1	Message	Date
github-actions[bot]	a9fe342175	chore(release): set APP_VERSION to v1.8.7 [skip ci]	2025-11-05 05:02:42 +00:00
Ryan	7669f5a10b	release(v1.8.7): fix(zip-download): stream clean ZIP response and purge stale temp archives	2025-11-05 00:02:32 -05:00
Ryan	34a4e06a23	chore(ci): add manual trigger + bot-derived version detection for releases	2025-11-04 23:09:31 -05:00
github-actions[bot]	d00faf5fe7	chore(release): set APP_VERSION to v1.8.6 [skip ci]	2025-11-05 03:57:04 +00:00