npm - @balaji003/lantransfer - Versions diffs - 1.0.8 → 1.0.10 - Mend

@balaji003/lantransfer 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@balaji003/lantransfer",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "LAN File Transfer — peer-to-peer file sharing over local network. Zero dependencies.",
   "main": "server.js",
   "bin": {

package/public/index.html CHANGED Viewed

@@ -186,6 +186,28 @@
     }
     .btn-change-dir:hover { background: var(--surface-hover); border-color: var(--accent); }
+    /* ── Update banner ── */
+    .update-banner {
+      display: none; align-items: center; justify-content: center; gap: 12px;
+      padding: 8px 24px; background: rgba(74, 158, 255, 0.1);
+      border-bottom: 1px solid var(--accent); font-size: 13px; flex-shrink: 0;
+    }
+    .update-banner.show { display: flex; }
+    .update-banner span { color: var(--text); }
+    .update-banner .version-new { color: var(--green); font-weight: 600; }
+    .update-banner .version-old { color: var(--text-dim); }
+    .btn-update {
+      background: var(--accent); color: #fff; border: none; border-radius: 4px;
+      padding: 3px 12px; font-size: 12px; font-weight: 500; cursor: pointer;
+      transition: background 0.12s;
+    }
+    .btn-update:hover { background: var(--accent-dim); }
+    .btn-dismiss {
+      background: none; border: none; color: var(--text-dim); cursor: pointer;
+      font-size: 16px; padding: 0 4px; line-height: 1;
+    }
+    .btn-dismiss:hover { color: var(--text); }
     /* ── Transfers ── */
     .transfers-section { flex: 1; overflow-y: auto; padding: 16px 24px; }
     .transfer {
@@ -284,6 +306,13 @@
     </div>
   </div>
+  <!-- Update banner -->
+  <div class="update-banner" id="update-banner">
+    <span>Update available: <span class="version-old" id="ver-current"></span> → <span class="version-new" id="ver-latest"></span></span>
+    <button class="btn-update" id="update-btn" onclick="doUpdate()">Update Now</button>
+    <button class="btn-dismiss" onclick="dismissUpdate()" title="Dismiss">&times;</button>
+  </div>
   <!-- Download location -->
   <div class="download-dir">
     <span>Save to:</span>
@@ -419,6 +448,28 @@
     api('open-folder', { transferId: transferId });
   }
+  let updateDismissed = false;
+  function doUpdate() {
+    const btn = document.getElementById('update-btn');
+    btn.textContent = 'Updating...';
+    btn.disabled = true;
+    api('do-update');
+    // Server will restart — poll until it's back
+    setTimeout(function poll() {
+      fetch('/api/ping').then(() => {
+        window.location.reload();
+      }).catch(() => {
+        setTimeout(poll, 1000);
+      });
+    }, 3000);
+  }
+  function dismissUpdate() {
+    updateDismissed = true;
+    document.getElementById('update-banner').classList.remove('show');
+  }
   function doShutdown() {
     if (confirm('Stop the server? This will close LAN Transfer.')) {
       api('shutdown');
@@ -450,6 +501,16 @@
     }
     document.getElementById('local-ip').textContent = state.localIP || '';
+    // Update banner
+    const banner = document.getElementById('update-banner');
+    if (!updateDismissed && state.latestVersion && state.currentVersion && state.latestVersion !== state.currentVersion) {
+      document.getElementById('ver-current').textContent = 'v' + state.currentVersion;
+      document.getElementById('ver-latest').textContent = 'v' + state.latestVersion;
+      banner.classList.add('show');
+    } else {
+      banner.classList.remove('show');
+    }
     // Download dir
     const dirEl = document.getElementById('download-dir');
     dirEl.textContent = state.downloadDir || '';
@@ -586,11 +647,13 @@
       extra += '</div>';
     }
+    const encrypted = (t.status === 'in_progress' || t.status === 'completed') ? ' \uD83D\uDD12' : '';
     return '<div class="transfer">'
       + '<div class="transfer-top">'
       + '<div class="transfer-info">'
       + '<span class="transfer-icon">' + icon + '</span>'
-      + '<span>' + esc(t.filename) + ' ' + arrow + ' ' + esc(peer) + '</span>'
+      + '<span>' + esc(t.filename) + ' ' + arrow + ' ' + esc(peer) + encrypted + '</span>'
       + '</div>'
       + '<span class="badge ' + badgeClass + '">' + badgeText + '</span>'
       + '</div>'

package/server.js CHANGED Viewed

@@ -4,18 +4,19 @@
  * server.js — LAN File Transfer (Node.js rewrite)
  *
  * Zero external dependencies. Uses built-in modules only.
- * Protocol-compatible with the original Rust version:
- *   - UDP discovery on port 34254
+ *   - HTTP + UDP discovery
  *   - TCP file transfer on port 34255
- *   - XOR obfuscation with key "LAN-XFER-KEY-2024"
+ *   - E2E encryption: ECDH key exchange + AES-256-CTR
  *
  * Run:  node server.js
  * Then open http://localhost:3000 in a browser.
  */
 const http = require('http');
+const https = require('https');
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const dgram = require('dgram');
 const net = require('net');
 const os = require('os');
@@ -27,9 +28,13 @@ const { exec } = require('child_process');
 const DISCOVERY_PORT = 34254;
 const TRANSFER_PORT = 34255;
 const HTTP_PORT = 3000;
-const XOR_KEY = Buffer.from('LAN-XFER-KEY-2024');
 const PEER_TIMEOUT = 10_000;   // ms
 const BROADCAST_INTERVAL = 3_000; // ms
+const ECDH_CURVE = 'prime256v1'; // NIST P-256
+const PKG = JSON.parse(fs.readFileSync(path.join(__dirname, 'package.json'), 'utf-8'));
+const CURRENT_VERSION = PKG.version;
+const PKG_NAME = PKG.name;
+let latestVersion = null; // filled by update check
 // ──────────────────────────────────────────────────────────────────────────────
 // Persistent config (device name)
@@ -101,6 +106,8 @@ function serializeState() {
     isDiscoverable,
     deviceName,
     downloadDir,
+    currentVersion: CURRENT_VERSION,
+    latestVersion,
     localIP: getLocalIP(),
     peers: [...peers.entries()].map(([id, p]) => ({
       id, name: p.device_name, ip: p.ip,
@@ -128,14 +135,18 @@ function broadcast() {
 }
 // ──────────────────────────────────────────────────────────────────────────────
-// Helpers
+// Helpers — E2E encryption (ECDH + AES-256-CTR)
 // ──────────────────────────────────────────────────────────────────────────────
-function xorCrypt(buf, offset) {
-  const out = Buffer.allocUnsafe(buf.length);
-  for (let i = 0; i < buf.length; i++) {
-    out[i] = buf[i] ^ XOR_KEY[(offset + i) % XOR_KEY.length];
-  }
-  return out;
+function createKeyPair() {
+  const ecdh = crypto.createECDH(ECDH_CURVE);
+  ecdh.generateKeys();
+  return ecdh;
+}
+function deriveKey(ecdh, peerPubKey) {
+  const shared = ecdh.computeSecret(peerPubKey);
+  // SHA-256 the shared secret to get a 32-byte AES key
+  return crypto.createHash('sha256').update(shared).digest();
 }
 function readBody(req) {
@@ -350,6 +361,34 @@ const server = http.createServer(async (req, res) => {
         console.log(`  [open] Failed — transferId: ${transferId}, found: ${!!t}, savePath: ${t ? t.savePath : 'N/A'}`);
       }
     }
+    else if (req.url === '/api/check-update') {
+      checkForUpdate();
+    }
+    else if (req.url === '/api/do-update') {
+      res.writeHead(200, { 'Content-Type': 'text/plain' });
+      res.end('ok');
+      console.log(`  [update] Running: npm install -g ${PKG_NAME}`);
+      exec(`npm install -g ${PKG_NAME}`, { timeout: 120_000 }, (err, stdout, stderr) => {
+        if (err) {
+          console.error(`  [update] Failed: ${err.message}`);
+          console.error(stderr);
+        } else {
+          console.log(`  [update] Success! Restarting...`);
+          console.log(stdout);
+          // Restart the process
+          setTimeout(() => {
+            const args = process.argv.slice(1);
+            const child = require('child_process').spawn(process.execPath, args, {
+              detached: true,
+              stdio: 'ignore',
+            });
+            child.unref();
+            process.exit(0);
+          }, 500);
+        }
+      });
+      return;
+    }
     else if (req.url === '/api/shutdown') {
       res.writeHead(200, { 'Content-Type': 'text/plain' });
       res.end('ok');
@@ -536,12 +575,32 @@ async function handleIncoming(socket) {
   t.savePath = savePath;
   console.log(`  [recv] Saving to: ${savePath}`);
+  // ── E2E key exchange: receive sender's public key, send ours ──
+  const pubKeyLenBuf = await readExact(socket, 2);
+  const pubKeyLen = pubKeyLenBuf.readUInt16BE(0);
+  const senderPubKey = await readExact(socket, pubKeyLen);
+  console.log(`  [recv] Got sender public key (${pubKeyLen} bytes)`);
+  const ecdh = createKeyPair();
+  const myPubKey = ecdh.getPublicKey();
+  const keyLenBuf = Buffer.alloc(2);
+  keyLenBuf.writeUInt16BE(myPubKey.length);
+  socket.write(keyLenBuf);
+  socket.write(myPubKey);
+  console.log(`  [recv] Sent our public key (${myPubKey.length} bytes)`);
+  // Derive AES key + receive IV
+  const aesKey = deriveKey(ecdh, senderPubKey);
+  const iv = await readExact(socket, 16);
+  console.log(`  [recv] AES key derived, IV received — decrypting with AES-256-CTR`);
+  const decipher = crypto.createDecipheriv('aes-256-ctr', aesKey, iv);
   const ws = fs.createWriteStream(savePath);
   let received = 0;
   let lastBc = 0;
   socket.on('data', chunk => {
-    const decrypted = xorCrypt(chunk, received);
+    const decrypted = decipher.update(chunk);
     ws.write(decrypted);
     received += chunk.length;
@@ -558,6 +617,8 @@ async function handleIncoming(socket) {
   await new Promise((resolve, reject) => {
     socket.on('end', () => {
+      const final = decipher.final();
+      if (final.length > 0) ws.write(final);
       ws.end();
       t.status = 'completed';
       t.progress = 100;
@@ -595,6 +656,7 @@ async function sendFile(peer, file) {
       socket.connect(peer.tcp_port, peer.ip, res);
       socket.once('error', rej);
     });
+    console.log(`  [send] Connected to ${peer.ip}:${peer.tcp_port}`);
     // Send header
     const headerJSON = JSON.stringify({
@@ -613,20 +675,44 @@ async function sendFile(peer, file) {
       t.error = 'Rejected by recipient';
       broadcast();
       socket.end();
+      console.log(`  [send] Rejected by ${peer.device_name}`);
       return;
     }
+    console.log(`  [send] Accepted — starting E2E key exchange`);
+    // ── E2E key exchange: send our public key, receive receiver's ──
+    const ecdh = createKeyPair();
+    const myPubKey = ecdh.getPublicKey();
+    const keyLenBuf = Buffer.alloc(2);
+    keyLenBuf.writeUInt16BE(myPubKey.length);
+    socket.write(keyLenBuf);
+    socket.write(myPubKey);
+    console.log(`  [send] Sent our public key (${myPubKey.length} bytes)`);
+    const recvKeyLenBuf = await readExact(socket, 2);
+    const recvKeyLen = recvKeyLenBuf.readUInt16BE(0);
+    const recvPubKey = await readExact(socket, recvKeyLen);
+    console.log(`  [send] Got receiver public key (${recvKeyLen} bytes)`);
+    // Derive AES key, generate IV, send IV
+    const aesKey = deriveKey(ecdh, recvPubKey);
+    const iv = crypto.randomBytes(16);
+    socket.write(iv);
+    console.log(`  [send] AES key derived, IV sent — encrypting with AES-256-CTR`);
     t.status = 'in_progress';
     t._start = Date.now();
     broadcast();
-    // Stream file with XOR encryption
+    // Stream file with AES-256-CTR encryption
+    const cipher = crypto.createCipheriv('aes-256-ctr', aesKey, iv);
     const rs = fs.createReadStream(file.path, { highWaterMark: 65536 });
     let sent = 0;
     let lastBc = 0;
     for await (const chunk of rs) {
-      const encrypted = xorCrypt(Buffer.from(chunk), sent);
+      const encrypted = cipher.update(Buffer.from(chunk));
       const ok = socket.write(encrypted);
       sent += chunk.length;
@@ -649,19 +735,50 @@ async function sendFile(peer, file) {
       }
     }
+    // Write final cipher block
+    const final = cipher.final();
+    if (final.length > 0) socket.write(final);
     socket.end();
     t.status = 'completed';
     t.progress = 100;
     broadcast();
-    console.log(`  Sent: ${file.name} → ${peer.device_name}`);
+    console.log(`  [send] Complete: ${file.name} → ${peer.device_name}`);
   } catch (e) {
     t.status = 'failed';
     t.error = e.message;
     broadcast();
-    console.error(`  Send error: ${e.message}`);
+    console.error(`  [send] Error: ${e.message}`);
   }
 }
+// ──────────────────────────────────────────────────────────────────────────────
+// Update checker
+// ──────────────────────────────────────────────────────────────────────────────
+function checkForUpdate() {
+  const url = `https://registry.npmjs.org/${PKG_NAME}/latest`;
+  console.log(`  [update] Checking ${url}`);
+  https.get(url, { timeout: 5000 }, res => {
+    let body = '';
+    res.on('data', c => body += c);
+    res.on('end', () => {
+      try {
+        const data = JSON.parse(body);
+        latestVersion = data.version || null;
+        console.log(`  [update] Current: ${CURRENT_VERSION}, Latest: ${latestVersion}`);
+        if (latestVersion && latestVersion !== CURRENT_VERSION) {
+          console.log(`  [update] Update available! Run: npm install -g ${PKG_NAME}`);
+        }
+        broadcast();
+      } catch (e) {
+        console.error(`  [update] Parse error: ${e.message}`);
+      }
+    });
+  }).on('error', e => {
+    console.error(`  [update] Check failed: ${e.message}`);
+  });
+}
 // ──────────────────────────────────────────────────────────────────────────────
 // Utility
 // ──────────────────────────────────────────────────────────────────────────────
@@ -770,9 +887,14 @@ server.listen(HTTP_PORT, () => {
   console.log(`  Discovery  HTTP scan (no firewall needed)`);
   console.log(`  Discovery  UDP :${DISCOVERY_PORT} (fallback)`);
   console.log(`  Transfer   TCP :${TRANSFER_PORT}`);
+  console.log(`  Encryption ECDH + AES-256-CTR (E2E)`);
+  console.log(`  Version    ${CURRENT_VERSION}`);
   console.log(`  UI:        http://localhost:${HTTP_PORT}`);
   console.log('');
+  // Check for updates on startup
+  checkForUpdate();
   // Auto-open browser
   const url = `http://localhost:${HTTP_PORT}`;
   if (process.platform === 'win32') exec(`start "" "${url}"`);