npm - @juspay/shooter - Versions diffs - 1.19.0 → 1.21.0 - Mend

@juspay/shooter 1.19.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (283) hide show

package/src/lib/types/ws.ts CHANGED Viewed

@@ -146,6 +146,7 @@ export type WireTerminalServerMessage =
   | { bytes: number; type: 'output-dropped' }
   | { chunk: number; data: string; total: number; type: 'scrollback' }
   | { code: null | number; signal: null | string; type: 'exit' }
+  | { cols: number; rows: number; type: 'resize' }
   | { data: string; type: 'output' }
   | { message: string; type: 'error' };

package/src/routes/+layout.server.ts CHANGED Viewed

@@ -5,5 +5,7 @@ import type { LayoutServerLoad } from './$types';
 export const load: LayoutServerLoad = () => ({
   aiProviders: getProviderAvailability(env),
+  litellmBaseUrl: env.LITELLM_BASE_URL ?? '',
+  litellmModel: env.LITELLM_MODEL ?? 'open-large',
   neurolinkProvider: env.NEUROLINK_PROVIDER ?? '',
 });

package/src/routes/+layout.svelte CHANGED Viewed

@@ -22,11 +22,26 @@
       return;
     }
     (window as unknown as Record<string, unknown>).__aiProviders = data.aiProviders;
+    // Ensure window.process.env exists minimally so env vars can be injected.
+    const win = window as unknown as Record<string, unknown>;
+    if (!win.process || typeof win.process !== 'object') {
+      win.process = { env: {} };
+    }
+    const proc = win.process as Record<string, unknown>;
+    if (!proc.env || typeof proc.env !== 'object') {
+      proc.env = {};
+    }
+    const procEnv = proc.env as Record<string, string>;
     if (data.neurolinkProvider) {
-      const proc = (window as unknown as { process?: { env?: Record<string, string> } }).process;
-      if (proc?.env) {
-        proc.env.NEUROLINK_PROVIDER = data.neurolinkProvider;
-      }
+      procEnv.NEUROLINK_PROVIDER = data.neurolinkProvider;
+    }
+    if (data.litellmBaseUrl) {
+      procEnv.LITELLM_BASE_URL = data.litellmBaseUrl;
+    }
+    if (data.litellmModel) {
+      procEnv.LITELLM_MODEL = data.litellmModel;
     }
   });

package/src/routes/+page.svelte CHANGED Viewed

@@ -12,7 +12,13 @@
     isShooterConfig,
     setCache,
   } from '$lib/modules/client/common';
-  import { connect, DashboardView, disconnect, getCards } from '$lib/modules/client/dashboard';
+  import {
+    AutopilotPanel,
+    connect,
+    DashboardView,
+    disconnect,
+    getCards,
+  } from '$lib/modules/client/dashboard';
   import { Banner, Button, EmptyState, Icon, Pill, Shimmer } from '@juspay/svelte-ui-components';
   import { onDestroy, onMount } from 'svelte';
@@ -203,6 +209,8 @@
       <Button classes="btn-primary" onclick={navigateToConfig} text="Configure Settings" />
     </EmptyState>
   {:else}
+    <AutopilotPanel />
     <!-- Dashboard section: active terminal sessions -->
     {#if cards.length > 0}
       <div class="dashboard-section">

package/src/routes/api/autopilot/+server.ts ADDED Viewed

@@ -0,0 +1,74 @@
+// Control endpoint for the always-on server-side autopilot engine.
+// GET returns the enabled flag; POST { enabled } toggles it.
+//
+// The engine runs in the server.ts module graph and exposes its control on
+// globalThis.__shooter_autopilot. This route (bundled handler graph) reaches it
+// there rather than importing the engine — importing it would start a second
+// event subscriber. Falls back to the on-disk state file if the engine has not
+// started yet.
+import { validateAuth } from '$lib/modules/server/auth';
+import { json } from '@sveltejs/kit';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+import type { RequestHandler } from './$types';
+const STATE_FILE = join(homedir(), '.shooter', 'autopilot.json');
+function control(): undefined | { isEnabled: () => boolean; setEnabled: (v: boolean) => void } {
+  return (globalThis as Record<string, unknown>).__shooter_autopilot as
+    | undefined
+    | { isEnabled: () => boolean; setEnabled: (v: boolean) => void };
+}
+function readFileEnabled(): boolean {
+  try {
+    if (existsSync(STATE_FILE)) {
+      const parsed: unknown = JSON.parse(readFileSync(STATE_FILE, 'utf-8'));
+      return Boolean((parsed as { enabled?: unknown })?.enabled);
+    }
+  } catch {
+    // corrupt / unreadable
+  }
+  return false;
+}
+export const GET: RequestHandler = ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const ctrl = control();
+  return json({ enabled: ctrl ? ctrl.isEnabled() : readFileEnabled(), running: Boolean(ctrl) });
+};
+export const POST: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  let body: { enabled?: unknown };
+  try {
+    body = (await request.json()) as { enabled?: unknown };
+  } catch {
+    return json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+  if (typeof body.enabled !== 'boolean') {
+    return json({ error: 'enabled must be a boolean' }, { status: 400 });
+  }
+  const ctrl = control();
+  if (ctrl) {
+    ctrl.setEnabled(body.enabled);
+  } else {
+    try {
+      mkdirSync(join(homedir(), '.shooter'), { recursive: true });
+      writeFileSync(STATE_FILE, JSON.stringify({ enabled: body.enabled }), 'utf-8');
+    } catch {
+      // best-effort
+    }
+  }
+  return json({ enabled: body.enabled, running: Boolean(ctrl) });
+};

package/src/routes/api/neurolink-proxy/+server.ts CHANGED Viewed

@@ -15,6 +15,7 @@ import type { RequestHandler } from './$types';
 const ALLOWED_CLIENT_HEADERS: Record<string, Set<string>> = {
   anthropic: new Set(['anthropic-beta', 'anthropic-version']),
   'google-ai': new Set<string>([]),
+  litellm: new Set<string>([]),
   mistral: new Set([]),
   openai: new Set(['openai-organization', 'openai-project']),
 };
@@ -63,15 +64,29 @@ export const POST: RequestHandler = async ({ request }) => {
     openai: 'https://api.openai.com/',
   };
-  const allowedPrefix = ALLOWED_PREFIXES[provider];
-  if (!allowedPrefix || !url.startsWith(allowedPrefix)) {
-    return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+  if (provider === 'litellm') {
+    // SSRF-safe: only forward to the operator-configured LiteLLM endpoint.
+    // Trim to align with getProviderAvailability semantics (whitespace-only = not configured).
+    const rawBase = env.LITELLM_BASE_URL?.trim();
+    if (!rawBase) {
+      return json({ error: 'LiteLLM is not configured on this server' }, { status: 403 });
+    }
+    const litellmPrefix = `${rawBase.replace(/\/+$/, '')}/`;
+    if (!url.startsWith(litellmPrefix)) {
+      return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+    }
+  } else {
+    const allowedPrefix = ALLOWED_PREFIXES[provider];
+    if (!allowedPrefix || !url.startsWith(allowedPrefix)) {
+      return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+    }
   }
   // Inject the server-side API key so the browser never sees it
   const apiKeyEnv: Record<string, string> = {
     anthropic: env.ANTHROPIC_API_KEY ?? '',
     'google-ai': env.GOOGLE_AI_API_KEY ?? '',
+    litellm: env.LITELLM_API_KEY ?? '',
     mistral: env.MISTRAL_API_KEY ?? '',
     openai: env.OPENAI_API_KEY ?? '',
   };
@@ -93,16 +108,26 @@ export const POST: RequestHandler = async ({ request }) => {
     ...normalizedReqHeaders,
   };
-  // Override / set auth header with server-side key
+  // Override / set auth header with server-side key.
+  // For Bearer-token providers, only inject the header when the key is non-empty
+  // to avoid sending a malformed `Authorization: Bearer ` to the upstream.
   if (provider === 'anthropic') {
     forwardHeaders['x-api-key'] = apiKeyEnv.anthropic;
     forwardHeaders['anthropic-version'] = forwardHeaders['anthropic-version'] ?? '2023-06-01';
   } else if (provider === 'google-ai') {
     forwardHeaders['x-goog-api-key'] = apiKeyEnv['google-ai'];
   } else if (provider === 'openai') {
-    forwardHeaders.Authorization = `Bearer ${apiKeyEnv.openai}`;
+    if (apiKeyEnv.openai) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.openai}`;
+    }
   } else if (provider === 'mistral') {
-    forwardHeaders.Authorization = `Bearer ${apiKeyEnv.mistral}`;
+    if (apiKeyEnv.mistral) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.mistral}`;
+    }
+  } else if (provider === 'litellm') {
+    if (apiKeyEnv.litellm) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.litellm}`;
+    }
   }
   const controller = new AbortController();

package/src/routes/api/notify/+server.ts CHANGED Viewed

@@ -238,7 +238,15 @@ function isDuplicateNotification(
     return false;
   }
-  const key = `${title}|${message}|${data?.category || 'unknown'}`;
+  // Autopilot pushes include a stable dedupKey keyed on sessionId + top-step text
+  // (not the variable summary). Prefer it over the title|message|category key so
+  // two runs with the same top-step but different summary wording are correctly
+  // deduplicated.
+  const dataRecord = data as (NotificationData & { dedupKey?: string }) | undefined;
+  const key = dataRecord?.dedupKey
+    ? dataRecord.dedupKey
+    : `${title}|${message}|${data?.category || 'unknown'}`;
   const now = Date.now();
   if (notificationCache.has(key)) {
@@ -262,7 +270,10 @@ function isDuplicateNotification(
 /** Record a notification key in the dedup cache after successful delivery. */
 function recordNotification(title: string, message: string, data?: NotificationData): void {
-  const key = `${title}|${message}|${data?.category || 'unknown'}`;
+  const dataRecord = data as (NotificationData & { dedupKey?: string }) | undefined;
+  const key = dataRecord?.dedupKey
+    ? dataRecord.dedupKey
+    : `${title}|${message}|${data?.category || 'unknown'}`;
   notificationCache.set(key, Date.now());
 }
@@ -302,6 +313,11 @@ export const POST: RequestHandler = async ({ request }) => {
     const waitForResponse =
       typeof body.waitForResponse === 'boolean' ? body.waitForResponse : false;
+    // forcePush: when true, send the push even if WS clients are connected.
+    // Used by the autopilot engine for high-signal notifications.
+    // Deduplication still applies — only the WS-client skip is bypassed.
+    const forcePush = typeof body.forcePush === 'boolean' ? body.forcePush : false;
     // Dynamic-options fields (PR-2/PR-3). When the caller wants to drive
     // a richer notification category — plan-mode approval, MCP
     // elicitation, AskUserQuestion choices — these arrive in the top
@@ -375,7 +391,8 @@ export const POST: RequestHandler = async ({ request }) => {
     // (for bidirectional permission polling) without actually sending a push
     // notification.  This happens when WebSocket clients are connected and the
     // events channel will broadcast the permission-requested event instead.
-    if (skipPush) {
+    // forcePush overrides this so high-signal autopilot pushes still reach the device.
+    if (skipPush && !forcePush) {
       if (waitForResponse) {
         createPendingRequest(canonicalRequestId, {
           options,

package/src/routes/api/summaries/+server.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import type { SessionSummaryRecord } from '$lib/types';
+import { validateAuth } from '$lib/modules/server/auth';
+import { summaryStore } from '$lib/modules/server/sessions/summary-store';
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+const DEFAULT_LIMIT = 50;
+const MAX_LIMIT = 200;
+export const POST: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const rawBody: unknown = await request.json();
+  if (!rawBody || typeof rawBody !== 'object' || Array.isArray(rawBody)) {
+    return json({ error: 'Request body must be a JSON object' }, { status: 400 });
+  }
+  const body = rawBody as Record<string, unknown>;
+  // Validate required fields with length caps to prevent unbounded storage growth.
+  if (typeof body.id !== 'string' || !body.id) {
+    return json({ error: 'id is required and must be a non-empty string' }, { status: 400 });
+  }
+  if (body.id.length > 128) {
+    return json({ error: 'id must be 128 characters or fewer' }, { status: 400 });
+  }
+  if (typeof body.summary !== 'string' || !body.summary) {
+    return json({ error: 'summary is required and must be a non-empty string' }, { status: 400 });
+  }
+  if (body.summary.length > 1000) {
+    return json({ error: 'summary must be 1000 characters or fewer' }, { status: 400 });
+  }
+  if (typeof body.trigger !== 'string' || !body.trigger) {
+    return json({ error: 'trigger is required and must be a non-empty string' }, { status: 400 });
+  }
+  if (body.trigger.length > 64) {
+    return json({ error: 'trigger must be 64 characters or fewer' }, { status: 400 });
+  }
+  if (typeof body.createdAt !== 'string' || !body.createdAt) {
+    return json({ error: 'createdAt is required and must be a non-empty string' }, { status: 400 });
+  }
+  if (body.createdAt.length > 64 || isNaN(Date.parse(body.createdAt))) {
+    return json({ error: 'createdAt must be a valid ISO 8601 date string' }, { status: 400 });
+  }
+  if (typeof body.nextSteps === 'string' && body.nextSteps.length > 8192) {
+    return json({ error: 'nextSteps must be 8192 characters or fewer' }, { status: 400 });
+  }
+  const record: SessionSummaryRecord = {
+    createdAt: body.createdAt,
+    id: body.id,
+    nextSteps: typeof body.nextSteps === 'string' ? body.nextSteps : '[]',
+    projectName: typeof body.projectName === 'string' ? body.projectName : null,
+    sessionId: typeof body.sessionId === 'string' ? body.sessionId : null,
+    summary: body.summary,
+    terminalId: typeof body.terminalId === 'string' ? body.terminalId : null,
+    trigger: body.trigger,
+  };
+  try {
+    summaryStore.insert(record);
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : String(err);
+    // Avoid surfacing raw SQLite error messages (may leak schema details).
+    const isDuplicate = typeof message === 'string' && message.includes('UNIQUE constraint failed');
+    if (isDuplicate) {
+      return json({ error: 'Record with this id already exists' }, { status: 409 });
+    }
+    return json({ error: 'Failed to persist summary' }, { status: 500 });
+  }
+  return json({ id: record.id, success: true }, { status: 201 });
+};
+export const GET: RequestHandler = ({ request, url }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const sessionId = url.searchParams.get('sessionId') ?? undefined;
+  const rawLimit = parseInt(url.searchParams.get('limit') || String(DEFAULT_LIMIT));
+  const limit =
+    Number.isFinite(rawLimit) && rawLimit >= 1 ? Math.min(rawLimit, MAX_LIMIT) : DEFAULT_LIMIT;
+  const summaries = summaryStore.listRecent(limit, sessionId);
+  return json({
+    count: summaries.length,
+    summaries,
+    timestamp: new Date().toISOString(),
+  });
+};

package/src/routes/api/terminals/[id]/+server.ts CHANGED Viewed

@@ -1,6 +1,9 @@
 import { validateAuth } from '$lib/modules/server/auth';
 import { ptyManager } from '$lib/modules/server/terminal/pty-manager.js';
+import { resolveAccess } from '$lib/modules/server/terminal/share-auth';
+import { shareStore } from '$lib/modules/server/terminal/share-store';
 import { toErrorMessage } from '$lib/modules/server/utils/error';
+import { closeGuests } from '$lib/modules/server/ws/guest-registry';
 import { json } from '@sveltejs/kit';
 import type { RequestHandler } from './$types';
@@ -21,10 +24,11 @@ function lastScrollbackLine(scrollback: string): null | string {
 }
 // GET /api/terminals/:id — Get terminal details by ID
+// Accepts the API key (owner) or a share session token scoped to this terminal.
 export const GET: RequestHandler = ({ params, request }) => {
-  const authError = validateAuth(request);
-  if (authError) {
-    return authError;
+  const access = resolveAccess(request, params.id);
+  if (!access) {
+    return json({ error: 'Unauthorized' }, { status: 401 });
   }
   try {
@@ -37,6 +41,7 @@ export const GET: RequestHandler = ({ params, request }) => {
     return json({
       args: terminal.args,
       clientCount: terminal.clients.size,
+      cols: terminal.cols,
       command: terminal.command,
       createdAt: terminal.createdAt.toISOString(),
       cwd: terminal.cwd,
@@ -45,10 +50,12 @@ export const GET: RequestHandler = ({ params, request }) => {
       id: terminal.id,
       lastOutput: lastScrollbackLine(terminal.scrollback),
       pid: terminal.pid,
+      rows: terminal.rows,
       sessionWs: `/ws/session/${terminal.id}`,
       status: terminal.status,
       timestamp: new Date().toISOString(),
       ws: `/ws/terminal/${terminal.id}`,
+      ...(access.level === 'guest' ? { shareMode: access.mode } : {}),
     });
   } catch (error) {
     console.error('[terminals] Failed to get terminal:', toErrorMessage(error));
@@ -72,6 +79,8 @@ export const DELETE: RequestHandler = ({ params, request }) => {
     if (terminal.status === 'exited') {
       ptyManager.remove(params.id);
+      shareStore.deleteShare(params.id);
+      closeGuests(params.id);
       console.log(`[terminals] Removed exited terminal ${params.id}`);
       return json({
         removed: true,
@@ -81,6 +90,8 @@ export const DELETE: RequestHandler = ({ params, request }) => {
     }
     ptyManager.kill(params.id);
+    shareStore.deleteShare(params.id);
+    closeGuests(params.id);
     console.log(`[terminals] Killed terminal ${params.id} (pid=${terminal.pid})`);

package/src/routes/api/terminals/[id]/paste-image/+server.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { validateAuth } from '$lib/modules/server/auth';
+import { resolveAccess } from '$lib/modules/server/terminal/share-auth';
 import { toErrorMessage } from '$lib/modules/server/utils/error';
 import { json } from '@sveltejs/kit';
 import { mkdirSync, writeFileSync } from 'fs';
@@ -6,10 +6,14 @@ import { mkdirSync, writeFileSync } from 'fs';
 import type { RequestHandler } from './$types';
 // POST /api/terminals/[id]/paste-image — Write clipboard image for a terminal
+// Accepts the API key (owner) or a control-mode share token for this terminal.
 export const POST: RequestHandler = async ({ params, request }) => {
-  const authError = validateAuth(request);
-  if (authError) {
-    return authError;
+  const access = resolveAccess(request, params.id);
+  if (!access) {
+    return json({ error: 'Unauthorized' }, { status: 401 });
+  }
+  if (access.level === 'guest' && access.mode !== 'control') {
+    return json({ error: 'View-only access' }, { status: 403 });
   }
   const terminalId = params.id;

package/src/routes/api/terminals/[id]/resize/+server.ts CHANGED Viewed

@@ -1,15 +1,19 @@
-import { validateAuth } from '$lib/modules/server/auth';
 import { ptyManager } from '$lib/modules/server/terminal/pty-manager.js';
+import { resolveAccess } from '$lib/modules/server/terminal/share-auth';
 import { toErrorMessage } from '$lib/modules/server/utils/error';
 import { json } from '@sveltejs/kit';
 import type { RequestHandler } from './$types';
 // POST /api/terminals/:id/resize — Resize terminal
+// Accepts the API key (owner) or a control-mode share token for this terminal.
 export const POST: RequestHandler = async ({ params, request }) => {
-  const authError = validateAuth(request);
-  if (authError) {
-    return authError;
+  const access = resolveAccess(request, params.id);
+  if (!access) {
+    return json({ error: 'Unauthorized' }, { status: 401 });
+  }
+  if (access.level === 'guest' && access.mode !== 'control') {
+    return json({ error: 'View-only access' }, { status: 403 });
   }
   let body: { cols?: number; rows?: number };

package/src/routes/api/terminals/[id]/share/+server.ts ADDED Viewed

@@ -0,0 +1,98 @@
+// /api/terminals/[id]/share — owner management of a terminal's share.
+// GET: current state. PUT: create/update. DELETE: revoke.
+// All methods require the API key (owners only).
+import type { ShareConfigRequest, ShareInfoResponse, ShareMode } from '$lib/types';
+import { validateAuth } from '$lib/modules/server/auth';
+import { ptyManager } from '$lib/modules/server/terminal/pty-manager.js';
+import { hashPassword, shareStore } from '$lib/modules/server/terminal/share-store';
+import { closeGuests } from '$lib/modules/server/ws/guest-registry';
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+const MIN_PASSWORD_LENGTH = 6;
+const MODES: ShareMode[] = ['view', 'control'];
+function toInfo(terminalId: string): ShareInfoResponse {
+  const share = shareStore.getShare(terminalId);
+  if (!share) {
+    return { active: false, createdAt: null, mode: null, updatedAt: null };
+  }
+  return { active: true, createdAt: share.createdAt, mode: share.mode, updatedAt: share.updatedAt };
+}
+export const GET: RequestHandler = ({ params, request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  return json(toInfo(params.id));
+};
+export const PUT: RequestHandler = async ({ params, request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  if (!ptyManager.get(params.id)) {
+    return json({ error: 'Terminal not found' }, { status: 404 });
+  }
+  let body: ShareConfigRequest;
+  try {
+    body = (await request.json()) as ShareConfigRequest;
+  } catch {
+    return json({ error: 'Invalid JSON' }, { status: 400 });
+  }
+  if (!MODES.includes(body.mode)) {
+    return json({ error: "mode must be 'view' or 'control'" }, { status: 400 });
+  }
+  const existing = shareStore.getShare(params.id);
+  const password = typeof body.password === 'string' ? body.password : '';
+  if (!existing && password.length < MIN_PASSWORD_LENGTH) {
+    return json(
+      { error: `password is required (min ${String(MIN_PASSWORD_LENGTH)} chars)` },
+      { status: 400 }
+    );
+  }
+  if (password && password.length < MIN_PASSWORD_LENGTH) {
+    return json(
+      { error: `password must be at least ${String(MIN_PASSWORD_LENGTH)} chars` },
+      { status: 400 }
+    );
+  }
+  const now = Date.now();
+  shareStore.setShare({
+    createdAt: existing?.createdAt ?? now,
+    mode: body.mode,
+    // `existing` is guaranteed non-null when password is empty (validated above).
+    passwordHash: password ? hashPassword(password) : (existing?.passwordHash ?? ''),
+    terminalId: params.id,
+    updatedAt: now,
+  });
+  // A new password invalidates existing guest sessions; any change to the
+  // share forces connected guests to reconnect under the new scope.
+  if (password) {
+    shareStore.deleteSessions(params.id);
+  }
+  if (password || existing?.mode !== body.mode) {
+    closeGuests(params.id);
+  }
+  return json(toInfo(params.id));
+};
+export const DELETE: RequestHandler = ({ params, request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  shareStore.deleteShare(params.id);
+  const closed = closeGuests(params.id);
+  return json({ closedConnections: closed, success: true });
+};

package/src/routes/api/terminals/[id]/share/auth/+server.ts ADDED Viewed

@@ -0,0 +1,81 @@
+// POST /api/terminals/[id]/share/auth — exchange the share password for a
+// guest session token. Public endpoint; brute-force-limited per IP+terminal.
+import type { ShareAuthRequest } from '$lib/types';
+import { shareStore, verifyPassword } from '$lib/modules/server/terminal/share-store';
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const RATE_LIMIT_MAX = 10;
+/** Maps "ip:terminalId" -> attempt timestamps (epoch ms). */
+const attempts = new Map<string, number[]>();
+function checkRateLimit(key: string): boolean {
+  const now = Date.now();
+  const recent = (attempts.get(key) ?? []).filter((t) => t > now - RATE_LIMIT_WINDOW_MS);
+  attempts.set(key, recent);
+  if (recent.length >= RATE_LIMIT_MAX) {
+    return false;
+  }
+  recent.push(now);
+  return true;
+}
+// Cleanup stale rate limit entries every 5 minutes
+setInterval(() => {
+  const cutoff = Date.now() - RATE_LIMIT_WINDOW_MS;
+  for (const [key, timestamps] of attempts) {
+    const recent = timestamps.filter((t) => t > cutoff);
+    if (recent.length === 0) {
+      attempts.delete(key);
+    } else {
+      attempts.set(key, recent);
+    }
+  }
+}, 300_000).unref();
+export const POST: RequestHandler = async (event) => {
+  const { params, request } = event;
+  const share = shareStore.getShare(params.id);
+  if (!share) {
+    return json({ error: 'Not shared' }, { status: 404 });
+  }
+  // Behind Cloudflare Tunnel the connecting IP arrives in headers.
+  let ip = 'unknown';
+  const cfIp = request.headers.get('cf-connecting-ip');
+  const fwd = request.headers.get('x-forwarded-for');
+  if (cfIp) {
+    ip = cfIp;
+  } else if (fwd) {
+    ip = fwd.split(',')[0].trim();
+  } else {
+    try {
+      ip = event.getClientAddress();
+    } catch {
+      // Keep 'unknown' — the rate limit still applies per terminal.
+    }
+  }
+  if (!checkRateLimit(`${ip}:${params.id}`)) {
+    return json({ error: 'Too many attempts. Try again in a minute.' }, { status: 429 });
+  }
+  let body: ShareAuthRequest;
+  try {
+    body = (await request.json()) as ShareAuthRequest;
+  } catch {
+    return json({ error: 'Invalid JSON' }, { status: 400 });
+  }
+  if (typeof body.password !== 'string' || !verifyPassword(body.password, share.passwordHash)) {
+    return json({ error: 'Invalid password' }, { status: 401 });
+  }
+  const { expiresAt, token } = shareStore.createSession(params.id);
+  return json({ expiresAt, mode: share.mode, token });
+};

package/src/routes/api/terminals/[id]/share/status/+server.ts ADDED Viewed

@@ -0,0 +1,11 @@
+// GET /api/terminals/[id]/share/status — public probe used by the page to
+// decide whether to show the password gate. Reveals only a boolean.
+import { shareStore } from '$lib/modules/server/terminal/share-store';
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+export const GET: RequestHandler = ({ params }) => {
+  return json({ shared: shareStore.getShare(params.id) !== null });
+};