@qiaolei81/copilot-session-viewer 0.1.9 → 0.2.1

package/src/app.js

@@ -7,7 +7,8 @@ const helmet = require('helmet');
 const config = require('./config');
 
 // Middleware
-const { globalLimiter, insightGenerationLimiter, insightAccessLimiter, uploadLimiter } = require('./middleware/rateLimiting');
+// Rate limiting disabled for local development
+// const { globalLimiter, insightGenerationLimiter, insightAccessLimiter, uploadLimiter } = require('./middleware/rateLimiting');
 const { requestTimeout, developmentCors, errorHandler, notFoundHandler } = require('./middleware/common');
 
 // Controllers
@@ -20,23 +21,45 @@ function createApp(options = {}) {
 
   // Create controller instances (with optional dependency injection)
   const sessionController = new SessionController(options.sessionService);
-  const insightController = new InsightController(options.insightService);
+  const insightController = new InsightController(options.insightService, options.sessionService);
   const uploadController = new UploadController();
 
-  // Security and parsing middleware
+  // Minimal security headers for local development tool
+  // Custom CSP without upgrade-insecure-requests
+  app.use((req, res, next) => {
+    res.setHeader(
+      'Content-Security-Policy',
+      "default-src 'self'; " +
+      "style-src 'self' 'unsafe-inline' https: http:; " +
+      "font-src 'self' https: http:; " +
+      "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; " +
+      "img-src 'self' data: https: http:; " +
+      "connect-src 'self' https: http:"
+    );
+    next();
+  });
+  
+  // Other helmet protections (without CSP and HSTS)
   app.use(helmet({
-    contentSecurityPolicy: {
-      directives: {
-        defaultSrc: ['\'self\''],
-        styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://fonts.googleapis.com', 'https://cdn.jsdelivr.net'],
-        fontSrc: ['\'self\'', 'https://fonts.gstatic.com'],
-        scriptSrc: ['\'self\'', '\'unsafe-inline\'', '\'unsafe-eval\'', 'https://cdn.jsdelivr.net'],
-        imgSrc: ['\'self\'', 'data:', 'https:']
+    contentSecurityPolicy: false,
+    hsts: false,
+    referrerPolicy: false,
+    crossOriginEmbedderPolicy: false,
+    crossOriginOpenerPolicy: false,
+    crossOriginResourcePolicy: false
+  }));
+
+  app.use(compression({
+    level: 9, // Maximum compression for local use (CPU is not a bottleneck)
+    threshold: 1024, // Compress responses > 1KB
+    filter: (req, res) => {
+      // Always compress JSON responses
+      if (res.getHeader('Content-Type')?.includes('application/json')) {
+        return true;
       }
+      return compression.filter(req, res);
     }
   }));
-
-  app.use(compression());
   app.use(express.json({ limit: '1mb' }));
   app.use(express.urlencoded({ extended: true }));
   app.use(requestTimeout);
@@ -46,8 +69,8 @@ function createApp(options = {}) {
     app.use(developmentCors);
   }
 
-  // Rate limiting
-  app.use(globalLimiter);
+  // Rate limiting - DISABLED for local development
+  // app.use(globalLimiter);
 
   // Static files
   app.use('/public', express.static(path.join(__dirname, '../public')));
@@ -62,11 +85,13 @@ function createApp(options = {}) {
   app.get('/', sessionController.getHomepage.bind(sessionController));
   app.get('/session/:id', sessionController.getSessionDetail.bind(sessionController));
   app.get('/session/:id/time-analyze', sessionController.getTimeAnalysis.bind(sessionController));
+  app.get('/session/:id/export', sessionController.exportSession.bind(sessionController));
 
   // API routes (more specific routes first)
   app.get('/api/sessions/load-more', sessionController.loadMoreSessions.bind(sessionController));
   app.get('/api/sessions', sessionController.getSessions.bind(sessionController));
   app.get('/api/sessions/:id/events', sessionController.getSessionEvents.bind(sessionController));
+  app.get('/api/sessions/:id/timeline', sessionController.getTimeline.bind(sessionController));
 
   // Upload routes
   app.get('/session/:id/share', uploadController.shareSession.bind(uploadController));
@@ -75,13 +100,13 @@ function createApp(options = {}) {
     uploadController.importSession.bind(uploadController)
   );
 
-  // Insight routes with appropriate rate limiting
-  app.post('/session/:id/insight', insightGenerationLimiter, insightController.generateInsight.bind(insightController));
-  app.get('/session/:id/insight', insightController.getInsightStatus.bind(insightController)); // Remove rate limiting for GET
-  app.delete('/session/:id/insight', insightAccessLimiter, insightController.deleteInsight.bind(insightController));
+  // Insight routes (rate limiting disabled)
+  app.post('/session/:id/insight', insightController.generateInsight.bind(insightController));
+  app.get('/session/:id/insight', insightController.getInsightStatus.bind(insightController));
+  app.delete('/session/:id/insight', insightController.deleteInsight.bind(insightController));
 
-  // Upload rate limiting
-  app.use('/session/import', uploadLimiter);
+  // Upload rate limiting - DISABLED
+  // app.use('/session/import', uploadLimiter);
 
   // Error handling
   app.use(notFoundHandler);

package/src/controllers/insightController.js

@@ -1,15 +1,21 @@
 const InsightService = require('../services/insightService');
 const { isValidSessionId } = require('../utils/helpers');
-const path = require('path');
-const os = require('os');
 
 class InsightController {
-  constructor(insightService = null) {
+  constructor(insightService = null, sessionService = null) {
     if (insightService) {
       this.insightService = insightService;
     } else {
-      const SESSION_DIR = process.env.SESSION_DIR || path.join(os.homedir(), '.copilot', 'session-state');
-      this.insightService = new InsightService(SESSION_DIR);
+      // Use default multi-source configuration
+      this.insightService = new InsightService();
+    }
+    
+    // SessionService for getting session metadata (source)
+    if (sessionService) {
+      this.sessionService = sessionService;
+    } else {
+      const SessionService = require('../services/sessionService');
+      this.sessionService = new SessionService();
     }
   }
 
@@ -23,7 +29,17 @@ class InsightController {
         return res.status(400).json({ error: 'Invalid session ID' });
       }
 
-      const result = await this.insightService.generateInsight(sessionId, forceRegenerate);
+      // Get session to determine source and directory
+      const session = await this.sessionService.getSessionById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      if (!session.directory) {
+        return res.status(400).json({ error: 'Session directory not available' });
+      }
+
+      const result = await this.insightService.generateInsight(session.id, session.directory, session.source, forceRegenerate);
       res.json(result);
     } catch (err) {
       console.error('Error generating insight:', err);
@@ -40,7 +56,17 @@ class InsightController {
         return res.status(400).json({ error: 'Invalid session ID' });
       }
 
-      const result = await this.insightService.getInsightStatus(sessionId);
+      // Get session to determine directory
+      const session = await this.sessionService.getSessionById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      if (!session.directory) {
+        return res.status(400).json({ error: 'Session directory not available' });
+      }
+
+      const result = await this.insightService.getInsightStatus(session.id, session.directory, session.source);
       res.json(result);
     } catch (err) {
       console.error('Error getting insight status:', err);
@@ -57,7 +83,17 @@ class InsightController {
         return res.status(400).json({ error: 'Invalid session ID' });
       }
 
-      const result = await this.insightService.deleteInsight(sessionId);
+      // Get session to determine directory
+      const session = await this.sessionService.getSessionById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      if (!session.directory) {
+        return res.status(400).json({ error: 'Session directory not available' });
+      }
+
+      const result = await this.insightService.deleteInsight(session.id, session.directory, session.source);
       res.json(result);
     } catch (err) {
       console.error('Error deleting insight:', err);

package/src/controllers/sessionController.js

@@ -1,5 +1,8 @@
 const SessionService = require('../services/sessionService');
 const { isValidSessionId } = require('../utils/helpers');
+const AdmZip = require('adm-zip');
+const path = require('path');
+const fs = require('fs');
 
 class SessionController {
   constructor(sessionService = null) {
@@ -9,7 +12,7 @@ class SessionController {
   // Homepage with initial load (first batch)
   async getHomepage(req, res) {
     try {
-      const initialLimit = 20; // Load first 20 sessions
+      const initialLimit = 100; // Load first 100 sessions to ensure Pi-Mono sessions are included
       const paginationData = await this.sessionService.getPaginatedSessions(1, initialLimit);
 
       // Pass data for infinite scroll
@@ -67,6 +70,7 @@ class SessionController {
       }
 
       const { events, metadata } = sessionData;
+      // Use original time-analyze view (supports all sources via normalized events)
       res.render('time-analyze', { sessionId, events, metadata });
     } catch (err) {
       console.error('Error loading time analysis:', err);
@@ -150,13 +154,223 @@ class SessionController {
         return res.status(400).json({ error: 'Invalid session ID' });
       }
 
-      const events = await this.sessionService.getSessionEvents(sessionId);
-      res.json(events);
+      // Check if pagination is requested
+      const isPaginationRequested = req.query.limit !== undefined || req.query.offset !== undefined;
+
+      // Parse pagination parameters (only if requested)
+      let limit, offset, result;
+      
+      if (isPaginationRequested) {
+        limit = parseInt(req.query.limit) || 100; // Default 100 events per page
+        offset = parseInt(req.query.offset) || 0;
+
+        // Validate pagination parameters
+        if (limit < 1 || limit > 1000) {
+          return res.status(400).json({ error: 'Limit must be between 1 and 1000' });
+        }
+        if (offset < 0) {
+          return res.status(400).json({ error: 'Offset must be non-negative' });
+        }
+      }
+
+      // Get session metadata for ETag generation
+      const session = await this.sessionService.getSessionById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      // Generate ETag from session ID + timestamp + pagination params (if used)
+      const crypto = require('crypto');
+      const etagBase = isPaginationRequested 
+        ? `${sessionId}-${session.updated || session.created}-${limit}-${offset}`
+        : `${sessionId}-${session.updated || session.created}`;
+      const etag = crypto.createHash('md5').update(etagBase).digest('hex');
+
+      // Check If-None-Match header (client cache)
+      const clientEtag = req.headers['if-none-match'];
+      if (clientEtag === etag) {
+        return res.status(304).end(); // Not Modified - use cached version
+      }
+
+      // Load events (with or without pagination)
+      if (isPaginationRequested) {
+        result = await this.sessionService.getSessionEvents(sessionId, { limit, offset });
+      } else {
+        // Load all events (backward compatibility)
+        const events = await this.sessionService.getSessionEvents(sessionId);
+        result = events; // Direct array
+      }
+
+      // Set caching headers
+      res.set({
+        'ETag': etag,
+        'Cache-Control': 'private, max-age=0, no-cache', // Disable cache during development
+        'Vary': 'Accept-Encoding'
+      });
+
+      // Return response (paginated or plain array)
+      if (isPaginationRequested) {
+        res.json({
+          events: result.events,
+          pagination: {
+            total: result.total,
+            limit,
+            offset,
+            hasMore: offset + limit < result.total
+          }
+        });
+      } else {
+        res.json(result); // Plain array for backward compatibility
+      }
     } catch (err) {
       console.error('Error loading events:', err);
       res.status(500).json({ error: 'Error loading events' });
     }
   }
+
+  // API: Get timeline data (source-agnostic)
+  async getTimeline(req, res) {
+    try {
+      const sessionId = req.params.id;
+
+      // Validate session ID format
+      if (!isValidSessionId(sessionId)) {
+        return res.status(400).json({ error: 'Invalid session ID' });
+      }
+
+      const session = await this.sessionService.getSessionById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      // Generate unified timeline structure
+      const timeline = await this.sessionService.getTimeline(sessionId);
+
+      // Set caching headers
+      const crypto = require('crypto');
+      const etagBase = `${sessionId}-timeline-${session.updated || session.created}`;
+      const etag = crypto.createHash('md5').update(etagBase).digest('hex');
+
+      res.set({
+        'ETag': etag,
+        'Cache-Control': 'private, max-age=300',
+        'Vary': 'Accept-Encoding'
+      });
+
+      res.json(timeline);
+    } catch (err) {
+      console.error('Error loading timeline:', err);
+      res.status(500).json({ error: 'Error loading timeline' });
+    }
+  }
+
+  // Export session as zip
+  async exportSession(req, res) {
+    const sessionId = req.params.id;
+
+    if (!isValidSessionId(sessionId)) {
+      return res.status(400).json({ error: 'Invalid session ID' });
+    }
+
+    try {
+      // Get session to verify it exists and get its source
+      const session = await this.sessionService.sessionRepository.findById(sessionId);
+      if (!session) {
+        return res.status(404).json({ error: 'Session not found' });
+      }
+
+      // Find session file/directory path based on source
+      let sessionPath;
+      let isDirectory = false;
+
+      if (session.source === 'copilot') {
+        const copilotSource = this.sessionService.sessionRepository.sources.find(s => s.type === 'copilot');
+        if (!copilotSource) {
+          return res.status(404).json({ error: 'Copilot source not found' });
+        }
+
+        const basePath = path.join(copilotSource.dir, sessionId);
+        try {
+          const stats = await fs.promises.stat(basePath);
+          if (stats.isDirectory()) {
+            sessionPath = basePath;
+            isDirectory = true;
+          } else {
+            sessionPath = `${basePath}.jsonl`;
+          }
+        } catch {
+          sessionPath = `${basePath}.jsonl`;
+        }
+      } else if (session.source === 'claude') {
+        const claudeSource = this.sessionService.sessionRepository.sources.find(s => s.type === 'claude');
+        if (!claudeSource) {
+          return res.status(404).json({ error: 'Claude source not found' });
+        }
+
+        // Claude sessions are in projects/*/sessionId.jsonl
+        const projectDirs = await fs.promises.readdir(path.join(claudeSource.dir, 'projects'));
+        for (const projectDir of projectDirs) {
+          const candidatePath = path.join(claudeSource.dir, 'projects', projectDir, `${sessionId}.jsonl`);
+          try {
+            await fs.promises.access(candidatePath);
+            sessionPath = candidatePath;
+            break;
+          } catch {
+            // Try next project
+          }
+        }
+
+        if (!sessionPath) {
+          return res.status(404).json({ error: 'Session file not found' });
+        }
+      } else if (session.source === 'pi-mono') {
+        const piMonoSource = this.sessionService.sessionRepository.sources.find(s => s.type === 'pi-mono');
+        if (!piMonoSource) {
+          return res.status(404).json({ error: 'Pi-Mono source not found' });
+        }
+
+        // Pi-Mono sessions are timestamp-based JSONL files
+        const files = await fs.promises.readdir(piMonoSource.dir);
+        const matchingFile = files.find(f => f.includes(sessionId) && f.endsWith('.jsonl'));
+        if (!matchingFile) {
+          return res.status(404).json({ error: 'Session file not found' });
+        }
+        sessionPath = path.join(piMonoSource.dir, matchingFile);
+      }
+
+      if (!sessionPath) {
+        return res.status(404).json({ error: 'Session file not found' });
+      }
+
+      // Verify path exists
+      try {
+        await fs.promises.access(sessionPath);
+      } catch {
+        return res.status(404).json({ error: 'Session file not accessible' });
+      }
+
+      // Create zip
+      const zip = new AdmZip();
+
+      if (isDirectory) {
+        // Add entire directory
+        zip.addLocalFolder(sessionPath, sessionId);
+      } else {
+        // Add single file
+        const fileName = path.basename(sessionPath);
+        zip.addLocalFile(sessionPath, '', fileName);
+      }
+
+      // Send zip file
+      const zipBuffer = zip.toBuffer();
+      res.setHeader('Content-Type', 'application/zip');
+      res.setHeader('Content-Disposition', `attachment; filename="session-${sessionId}.zip"`);
+      res.send(zipBuffer);
+    } catch (err) {
+      console.error('Error exporting session:', err);
+      res.status(500).json({ error: 'Error exporting session' });
+    }
+  }
 }
 
 module.exports = SessionController;