@hasna/configs 0.2.13 → 0.2.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +11 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":";;;;;AAqRA,wBAAgD"}
|
package/dist/server/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env bun
|
|
2
2
|
// @bun
|
|
3
|
+
var __require = import.meta.require;
|
|
3
4
|
|
|
4
5
|
// node_modules/hono/dist/compose.js
|
|
5
6
|
var compose = (middleware, onError, onNotFound) => {
|
|
@@ -2617,6 +2618,12 @@ app.post("/api/sync", async (c) => {
|
|
|
2617
2618
|
try {
|
|
2618
2619
|
const body = await c.req.json();
|
|
2619
2620
|
const dir = body.dir || "~/.claude";
|
|
2621
|
+
const { resolve: resolve3 } = __require("path");
|
|
2622
|
+
const { homedir: hd } = __require("os");
|
|
2623
|
+
const absDir = dir.startsWith("~/") ? resolve3(hd(), dir.slice(2)) : resolve3(dir);
|
|
2624
|
+
if (!absDir.startsWith(hd())) {
|
|
2625
|
+
return c.json({ error: "Sync restricted to home directory paths" }, 403);
|
|
2626
|
+
}
|
|
2620
2627
|
const direction = body.direction || "from_disk";
|
|
2621
2628
|
const result = direction === "to_disk" ? await syncToDir(dir, { dryRun: body.dry_run }) : await syncFromDir(dir, { dryRun: body.dry_run });
|
|
2622
2629
|
return c.json(result);
|
|
@@ -2696,10 +2703,13 @@ function findDashboardDir() {
|
|
|
2696
2703
|
}
|
|
2697
2704
|
var dashDir = findDashboardDir();
|
|
2698
2705
|
if (dashDir) {
|
|
2706
|
+
const resolvedDashDir = __require("path").resolve(dashDir);
|
|
2699
2707
|
app.get("/*", (c) => {
|
|
2700
2708
|
const url = new URL(c.req.url);
|
|
2701
2709
|
let filePath = url.pathname === "/" ? "/index.html" : url.pathname;
|
|
2702
|
-
let absPath = join4(dashDir, filePath);
|
|
2710
|
+
let absPath = __require("path").resolve(join4(dashDir, filePath));
|
|
2711
|
+
if (!absPath.startsWith(resolvedDashDir))
|
|
2712
|
+
return c.json({ error: "Forbidden" }, 403);
|
|
2703
2713
|
if (!existsSync5(absPath))
|
|
2704
2714
|
absPath = join4(dashDir, "index.html");
|
|
2705
2715
|
if (!existsSync5(absPath))
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hasna/configs",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.14",
|
|
4
4
|
"description": "AI coding agent configuration manager — store, version, apply, and share all your AI coding configs. CLI + MCP + REST API + Dashboard.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|