npm - @wendongfly/myhi - Versions diffs - 1.3.60 → 1.3.61 - Mend

@wendongfly/myhi 1.3.60 → 1.3.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.min.js CHANGED Viewed

@@ -356,7 +356,7 @@ Content-Length: `+C+`\r
 `).filter(Boolean);let e=null,l=null,a=0,r="";for(const u of t)try{const v=JSON.parse(u);if(e||(e=v),l=v,a++,!r&&v.type==="human"||v.type==="user"&&v.message?.content){const b=v.message.content;if(typeof b=="string")r=b.slice(0,120);else if(Array.isArray(b)){const _=b.find((k=>k.type==="text"));_&&(r=_.text?.slice(0,120)||"")}}}catch{}let d=p.name;if(process.platform==="win32"&&/^[A-Za-z]--/.test(d)?d=d[0]+":\\"+d.slice(3).replace(/-/g,"\\"):d.startsWith("-")&&(d=d.replace(/-/g,"/")),g&&!(0,external_path_.resolve)((0,external_path_.normalize)(d)).replace(/[\\/]+$/,"").startsWith(g))continue;o.push({sessionId:n,projectDir:p.name,projectPath:d,messageCount:a,summary:r,createdAt:e?.timestamp||null,updatedAt:l?.timestamp||null})}catch{}}}catch{}}}catch{}o.sort(((m,p)=>new Date(p.updatedAt||0).getTime()-new Date(m.updatedAt||0).getTime()));const h=o.slice(0,50);return _claudeSessionsCache=h,_claudeSessionsCacheTime=Date.now(),h.slice(0,20)}const DEFAULT_SHELL=process.platform==="win32"?process.env.SHELL||"powershell.exe":process.env.SHELL||"/bin/bash",CONFIG_DIR=(0,external_path_.join)((0,external_os_.homedir)(),".myhi"),SESSIONS_FILE=(0,external_path_.join)(CONFIG_DIR,"sessions.json"),savePath=null;function loadSavedConfigs(){try{return JSON.parse((0,external_fs_.readFileSync)(SESSIONS_FILE,"utf8"))}catch{return[]}}function writeSavedConfigs(w){try{(0,external_fs_.mkdirSync)(CONFIG_DIR,{recursive:!0});const c=SESSIONS_FILE+".tmp";(0,external_fs_.writeFileSync)(c,JSON.stringify(w,null,2),{mode:384}),(0,external_fs_.renameSync)(c,SESSIONS_FILE)}catch(c){console.error("[sessions] \u6301\u4E45\u5316\u5199\u5165\u5931\u8D25:",c.message)}}class Session extends external_events_.EventEmitter{constructor(c,o={}){super(),this.id=c,this.createdAt=new Date().toISOString(),this.title=o.title||DEFAULT_SHELL,this.cwd=o.cwd||process.env.MYHI_CWD||process.cwd(),this.initCmd=o.initCmd||null,this.owner=o.owner||null,this.cols=o.cols||120,this.rows=o.rows||30,this._viewers=new Set,this._viewerNames=new Map,this.controlHolder=null,this.controlHolderName=null,this.lastInputTime=null;const g={...process.env};if(delete g.CLAUDECODE,delete g.CLAUDE_CODE_ENTRYPOINT,delete g.CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC,o.userDir){const m=(0,external_path_.join)(o.userDir,".gitconfig");(0,external_fs_.existsSync)(m)&&(g.GIT_CONFIG_GLOBAL=m)}this._pty=external_node_pty_namespaceObject.spawn(DEFAULT_SHELL,[],{name:"xterm-256color",cols:this.cols,rows:this.rows,cwd:this.cwd,env:g,useConpty:!1}),this._scrollback="";const h=100*1024;if(this._pty.onData((m=>{this.emit("data",m),this._scrollback+=m,this._scrollback.length>h&&(this._scrollback=this._scrollback.slice(this._scrollback.length-h))})),this._pty.onExit((({exitCode:m})=>{this.exitCode=m,this.emit("exit",m)})),o.initCmd){const m=o.initCmd;let p=!1;const f=i=>{!p&&/[$>#\]]\s*$/.test(i.trimEnd())&&(p=!0,this._pty.off("data",f),setTimeout((()=>this._pty.write(m+"\r")),120))};this._pty.onData(f),setTimeout((()=>{p||(p=!0,this._pty.write(m+"\r"))}),3e3)}}write(c){c!=null&&this._pty.write(c)}resize(c,o){this.cols=c,this.rows=o,this._pty.resize(c,o)}kill(){try{this._pty.kill()}catch{}}addViewer(c,o){this._viewers.add(c),o&&this._viewerNames.set(c,o)}removeViewer(c){this._viewers.delete(c),this._viewerNames.delete(c)}get viewerCount(){return new Set(this._viewerNames.values()).size||this._viewers.size}takeControl(c,o){this.controlHolder=c,this.controlHolderName=o||null,this.lastInputTime=Date.now()}releaseControl(){this.controlHolder=null,this.controlHolderName=null,this.lastInputTime=null}isController(c){return this.controlHolder===c}toJSON(){return{id:this.id,title:this.title,cwd:this.cwd,createdAt:this.createdAt,cols:this.cols,rows:this.rows,viewers:this.viewerCount,alive:this.exitCode===void 0,controlHolder:this.controlHolder,controlHolderName:this.controlHolderName,owner:this.owner}}}class SessionManager{constructor(){this._sessions=new Map,this._agentSessions=new Map;for(const c of loadSavedConfigs())try{if(c.mode==="agent"){if(c.claudeSessionId){const o=(0,external_crypto_.randomUUID)(),g=new AgentSession(o,{...c,resumeSessionId:c.claudeSessionId});g.on("session-id",(()=>this._persist())),this._agentSessions.set(o,g),console.log(`[\u4F1A\u8BDD] \u6062\u590D Agent "${c.title}" (claude: ${c.claudeSessionId.slice(0,8)}...)`)}}else this._spawn((0,external_crypto_.randomUUID)(),c,!1)}catch(o){console.warn(`[\u4F1A\u8BDD] \u6062\u590D "${c.title}" \u5931\u8D25:`,o.message)}}_spawn(c,o,g=!0){const h=new Session(c,o);return this._sessions.set(c,h),h.on("exit",(()=>{setTimeout((()=>this._sessions.delete(c)),300*1e3)})),g&&this._persist(),h}create(c={}){return this._spawn((0,external_crypto_.randomUUID)(),c,!0)}createAgent(c={}){const o=(0,external_crypto_.randomUUID)(),g=new AgentSession(o,c);return this._agentSessions.set(o,g),g.on("session-id",(()=>this._persist())),this._persist(),g}get(c){return this._sessions.get(c)||this._agentSessions.get(c)}list(c,o=!1){let g=[...this._sessions.values()].map((m=>({...m.toJSON(),mode:"pty"}))),h=[...this._agentSessions.values()].map((m=>m.toJSON()));return c&&!o&&(g=g.filter((m=>!m.owner||m.owner===c)),h=h.filter((m=>!m.owner||m.owner===c))),[...g,...h]}listSessions(){return[...this._sessions.values(),...this._agentSessions.values()]}kill(c){const o=this._sessions.get(c);if(o){o.kill(),this._sessions.delete(c),this._persist();return}const g=this._agentSessions.get(c);g&&(g.kill(),this._agentSessions.delete(c),this._persist())}persist(){this._persist()}_persist(){const c=[...this._sessions.values()].filter((g=>g.exitCode===void 0)).map((g=>({mode:"pty",title:g.title,cwd:g.cwd,initCmd:g.initCmd||void 0,owner:g.owner||void 0}))),o=[...this._agentSessions.values()].filter((g=>g.alive)).map((g=>({mode:"agent",title:g.title,cwd:g.cwd,owner:g.owner||void 0,userDir:g.userDir||void 0,claudeSessionId:g.claudeSessionId||void 0})));writeSavedConfigs([...c,...o])}}const roles_CONFIG_DIR=(0,external_path_.join)((0,external_os_.homedir)(),".myhi"),ROLES_FILE=(0,external_path_.join)(roles_CONFIG_DIR,"roles.json"),USERS_FILE=(0,external_path_.join)(roles_CONFIG_DIR,"users.json"),ROLE_LEVELS={admin:3,operator:2,viewer:1};let rolesConfig=null,usersConfig=null;function loadRoles(){try{if((0,external_fs_.existsSync)(ROLES_FILE))return rolesConfig=JSON.parse((0,external_fs_.readFileSync)(ROLES_FILE,"utf8")),rolesConfig}catch(w){console.warn("[\u89D2\u8272] \u52A0\u8F7D roles.json \u5931\u8D25:",w.message)}return rolesConfig=null,null}function lookupPassword(w){if(!rolesConfig?.passwords)return null;const c=rolesConfig.passwords[w];return c?{name:c.name||"\u7528\u6237",role:c.role||"viewer"}:null}function hasPermission(w,c){return(ROLE_LEVELS[w]||0)>=(ROLE_LEVELS[c]||0)}function isMultiUserMode(){return rolesConfig!==null&&rolesConfig.passwords&&Object.keys(rolesConfig.passwords).length>0}function getDefaultRole(){return rolesConfig?.defaultRole||"admin"}function loadUsers(){try{if((0,external_fs_.existsSync)(USERS_FILE))return usersConfig=JSON.parse((0,external_fs_.readFileSync)(USERS_FILE,"utf8")),usersConfig}catch(w){console.warn("[\u7528\u6237] \u52A0\u8F7D users.json \u5931\u8D25:",w.message)}return usersConfig=null,null}function hasUsers(){return usersConfig!==null&&usersConfig.users&&Object.keys(usersConfig.users).length>0}function isExclusiveMode(){return hasUsers()&&usersConfig.exclusive===!0}function setExclusiveMode(w){usersConfig||(usersConfig={users:{}}),usersConfig.exclusive=!!w,_writeUsers()}function lookupUser(w){if(!usersConfig?.users)return null;const c=usersConfig.users[w];return c?{name:c.name||"\u7528\u6237",dir:c.dir}:null}function listUsers(){return usersConfig?.users?Object.entries(usersConfig.users).map((([w,c])=>({password:w.slice(0,2)+"*".repeat(w.length-2),name:c.name,dir:c.dir}))):[]}function addUser(w,c,o){usersConfig||(usersConfig={users:{}}),usersConfig.users||(usersConfig.users={}),usersConfig.users[w]={name:c,dir:o},_writeUsers()}function removeUser(w){return!usersConfig?.users||!usersConfig.users[w]?!1:(delete usersConfig.users[w],_writeUsers(),!0)}function _writeUsers(){(0,external_fs_.mkdirSync)(roles_CONFIG_DIR,{recursive:!0}),(0,external_fs_.writeFileSync)(USERS_FILE,JSON.stringify(usersConfig,null,2),{mode:384})}const execAsync=(0,external_util_.promisify)(external_child_process_namespaceObject.exec),server_dirname=(0,external_path_.dirname)((0,external_url_.fileURLToPath)(import.meta.url));let PORT=parseInt(process.env.PORT,10)||12300;const HOST=process.env.HOST||"0.0.0.0",PORT_EXPLICIT=!!process.env.PORT,configDir=(0,external_path_.join)((0,external_os_.homedir)(),".myhi");(0,external_fs_.mkdirSync)(configDir,{recursive:!0});let httpsServer=null,httpServer=null;function getOrCreateCert(){const w=(0,external_path_.join)(configDir,"cert.pem"),c=(0,external_path_.join)(configDir,"key.pem");if((0,external_fs_.existsSync)(w)&&(0,external_fs_.existsSync)(c))try{return{cert:(0,external_fs_.readFileSync)(w),key:(0,external_fs_.readFileSync)(c)}}catch{}try{return(0,external_child_process_namespaceObject.execSync)(`openssl req -x509 -newkey rsa:2048 -keyout "${c}" -out "${w}" -days 3650 -nodes -subj "/CN=myhi"`,{stdio:"pipe",timeout:1e4}),{cert:(0,external_fs_.readFileSync)(w),key:(0,external_fs_.readFileSync)(c)}}catch(o){return console.warn(`[myhi] \u751F\u6210 HTTPS \u8BC1\u4E66\u5931\u8D25\uFF08openssl \u4E0D\u53EF\u7528\uFF09: ${o.message?.split(`
 `)[0]||o}`),null}}const pidFile=(0,external_path_.join)(configDir,"server.pid"),daemonPidFile=(0,external_path_.join)(configDir,"daemon.pid"),IS_DAEMON_CHILD=!!process.env.MYHI_DAEMON;function killOldProcess(w,c){let o=!1;try{process.kill(w,0),o=!0}catch{}if(!o)return!0;console.log(`[myhi] \u68C0\u6D4B\u5230\u5DF2\u8FD0\u884C\u7684${c} (PID ${w})\uFF0C\u6B63\u5728\u505C\u6B62...`);try{process.platform==="win32"?(0,external_child_process_namespaceObject.execSync)(`taskkill /PID ${w} /F /T`,{stdio:"pipe",timeout:5e3}):process.kill(w,"SIGTERM")}catch{}const g=Date.now()+5e3;for(;Date.now()<g;){try{process.kill(w,0)}catch{return!0}const m=Date.now()+200;for(;Date.now()<m;);}let h=!1;try{process.kill(w,0),h=!0}catch{}return!h}(function w(){try{const c=parseInt((0,external_fs_.readFileSync)(daemonPidFile,"utf8").trim(),10);if(c&&c!==process.pid&&c!==parseInt(process.env.MYHI_DAEMON_PID||"0",10)){let o=!1;try{process.kill(c,0),o=!0}catch{}if(o&&!IS_DAEMON_CHILD){console.log("[myhi] \u68C0\u6D4B\u5230\u540E\u53F0 daemon \u5728\u8FD0\u884C\uFF0C\u5148\u505C\u6B62..."),killOldProcess(c,"daemon")||(console.error("[myhi] \u65E0\u6CD5\u505C\u6B62 daemon\uFF0C\u8BF7\u5148\u8FD0\u884C: myhi stop"),process.exit(1));try{(0,external_fs_.unlinkSync)(daemonPidFile)}catch{}}}}catch{}if(!IS_DAEMON_CHILD)try{const c=parseInt((0,external_fs_.readFileSync)(pidFile,"utf8").trim(),10);c&&c!==process.pid&&(killOldProcess(c,"\u5B9E\u4F8B")||(console.error(`[myhi] \u65E0\u6CD5\u505C\u6B62\u65E7\u8FDB\u7A0B (PID ${c})\uFF0C\u8BF7\u624B\u52A8\u6267\u884C\uFF1A`),console.error("  myhi stop"),console.error(`  \u6216: ${process.platform==="win32"?`taskkill /PID ${c} /F`:`kill -9 ${c}`}`),process.exit(1)))}catch{}(0,external_fs_.writeFileSync)(pidFile,String(process.pid))})();function cleanupPid(){try{parseInt((0,external_fs_.readFileSync)(pidFile,"utf8").trim(),10)===process.pid&&(0,external_fs_.unlinkSync)(pidFile)}catch{}}function gracefulShutdown(){try{if(typeof manager<"u"){try{manager.persist()}catch{}for(const w of manager.listSessions())try{w.kill()}catch{}}}catch{}cleanupPid()}process.on("exit",cleanupPid),process.on("SIGTERM",(()=>{gracefulShutdown(),process.exit(0)})),process.on("SIGINT",(()=>{gracefulShutdown(),process.exit(0)})),process.on("uncaughtException",(w=>{console.error("[myhi] \u672A\u6355\u83B7\u5F02\u5E38:",w.message),gracefulShutdown(),process.exit(1)})),process.on("unhandledRejection",(w=>{console.error("[myhi] \u672A\u5904\u7406\u7684 Promise \u62D2\u7EDD:",w)}));function readOrCreate(w,c){try{if((0,external_fs_.existsSync)(w))return(0,external_fs_.readFileSync)(w,"utf8").trim()}catch{}const o=c();return(0,external_fs_.writeFileSync)(w,o,{mode:384}),o}const TOKEN=readOrCreate((0,external_path_.join)(configDir,"token"),(()=>(0,external_crypto_.randomBytes)(16).toString("hex")));let PASSWORD=readOrCreate((0,external_path_.join)(configDir,"password"),(()=>String(Math.floor(1e3+Math.random()*9e3))));loadRoles(),loadUsers();let activeUser=null;const userSessions=new Map;userSessions.set(TOKEN,{role:"admin",name:"\u7BA1\u7406\u5458",permanent:!0});const SESSION_MAX_AGE=10080*60*1e3;setInterval((()=>{const w=Date.now();for(const[c,o]of userSessions)o.permanent||(!o.lastUsed||w-o.lastUsed>SESSION_MAX_AGE)&&userSessions.delete(c)}),3600*1e3);function getTailscaleIP(){try{return(0,external_child_process_namespaceObject.execSync)("tailscale ip -4",{timeout:3e3,stdio:"pipe"}).toString().trim().split(`
 `)[0]}catch{}try{if(process.platform==="win32"){const w=(0,external_child_process_namespaceObject.execSync)("route print 0.0.0.0",{timeout:3e3,stdio:"pipe"}).toString().match(/0\.0\.0\.0\s+0\.0\.0\.0\s+\S+\s+(\d+\.\d+\.\d+\.\d+)/);if(w)return w[1]}else try{const w=(0,external_child_process_namespaceObject.execSync)("ip route get 1.1.1.1",{timeout:3e3,stdio:"pipe"}).toString().match(/src\s+(\d+\.\d+\.\d+\.\d+)/);if(w)return w[1]}catch{const w=(0,external_child_process_namespaceObject.execSync)("route -n get default 2>/dev/null || route -n 2>/dev/null",{timeout:3e3,stdio:"pipe"}).toString(),c=w.match(/interface:\s*(\S+)/i)||w.match(/0\.0\.0\.0\s+(\d+\.\d+\.\d+\.\d+)/);if(c){const o=(0,external_os_.networkInterfaces)()[c[1]];if(o){const g=o.find((h=>h.family==="IPv4"&&!h.internal));if(g)return g.address}if(/^\d+\.\d+\.\d+\.\d+$/.test(c[1]))return c[1]}}}catch{}for(const w of Object.values((0,external_os_.networkInterfaces)()))for(const c of w)if(c.family==="IPv4"&&!c.internal)return c.address;return"localhost"}function parseCookies(w=""){const c={};for(const o of w.split(";")){const g=o.indexOf("=");g>0&&(c[o.slice(0,g).trim()]=o.slice(g+1).trim())}return c}const SESSION_COOKIE="myhi_sid",COOKIE_OPTS_BASE="HttpOnly; SameSite=Strict; Path=/; Max-Age=31536000";function cookieOpts(w){return w?.secure||w?.headers?.["x-forwarded-proto"]==="https"?COOKIE_OPTS_BASE+"; Secure":COOKIE_OPTS_BASE}function setSessionCookie(w,c,o){w.setHeader("Set-Cookie",`${SESSION_COOKIE}=${c||TOKEN}; ${cookieOpts(o)}`)}function getSessionToken(w){return parseCookies(w)[SESSION_COOKIE]||null}function hasValidSession(w){const c=getSessionToken(w);if(c&&userSessions.has(c)){const o=userSessions.get(c);return o&&(o.lastUsed=Date.now()),!0}return!1}function getUserInfo(w){const c=getSessionToken(w);return c?userSessions.get(c):null}const app=express();app.set("trust proxy",!0),app.use(((w,c,o)=>{c.setHeader("Referrer-Policy","no-referrer"),c.setHeader("X-Content-Type-Options","nosniff"),o()}));const _tlsOpts=process.env.MYHI_NO_HTTPS?null:getOrCreateCert();_tlsOpts?(httpsServer=(0,external_https_.createServer)(_tlsOpts,app),httpServer=(0,external_http_.createServer)(((w,c)=>{const o=(w.headers.host||"").replace(/:\d+$/,"");c.writeHead(301,{Location:`https://${o}:${PORT}${w.url}`}),c.end()}))):(console.warn("[myhi] TLS \u4E0D\u53EF\u7528\uFF0C\u4EE5 HTTP \u6A21\u5F0F\u8FD0\u884C\uFF08\u9EA6\u514B\u98CE/\u6444\u50CF\u5934\u7B49\u6D4F\u89C8\u5668\u5B89\u5168\u529F\u80FD\u53D7\u9650\uFF09"),httpServer=(0,external_http_.createServer)(app));const _corsAllowed=/^https?:\/\/(localhost|127\.0\.0\.1|\[::1\]|10\.\d+\.\d+\.\d+|172\.(1[6-9]|2\d|3[01])\.\d+\.\d+|192\.168\.\d+\.\d+|100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.\d+\.\d+)(:\d+)?$/,io=new Server({serveClient:!1,cors:{origin:(w,c)=>{if(!w||_corsAllowed.test(w))return c(null,!0);c(new Error("CORS \u4E0D\u5141\u8BB8\u6B64\u6765\u6E90"),!1)},credentials:!0},transports:["websocket","polling"],pingTimeout:6e4,pingInterval:25e3,upgradeTimeout:3e4,maxHttpBufferSize:5e6});httpsServer?io.attach(httpsServer):io.attach(httpServer);const manager=new SessionManager,AUTO_ATTACH=process.env.MYHI_AUTO_ATTACH!=="0",_autoSpawned=new Set;function spawnLocalTerminal(w,c){if(!AUTO_ATTACH||_autoSpawned.has(w)||!process.env.DISPLAY&&process.platform==="linux")return;_autoSpawned.add(w);const o=__nccwpck_require__.ab+"attach.js",g=process.execPath,h=c||"myhi";if(process.platform==="win32"){const m=`"${g}" "${o}" ${w}`,p=(0,external_child_process_namespaceObject.spawn)("wt.exe",["-w","0","new-tab","--title",h,"--","cmd","/k",m],{detached:!0,stdio:"ignore"});p.unref(),p.on("error",(f=>{console.warn("[attach] wt.exe \u5931\u8D25\uFF0C\u56DE\u9000\u5230 cmd:",f.message),(0,external_child_process_namespaceObject.spawn)("cmd.exe",["/c","start",`"${h}"`,"cmd","/k",m],{detached:!0,stdio:"ignore"}).unref()}))}else if(process.platform==="darwin"){const m=`tell application "Terminal" to do script "${g} ${o} ${w}"`;(0,external_child_process_namespaceObject.spawn)("osascript",["-e",m],{detached:!0,stdio:"ignore"}).unref()}else{const m=`${g} "${o}" ${w}`;for(const[p,f]of[["gnome-terminal",["--","bash","-c",`${m}; exec bash`]],["xterm",["-title",h,"-e",m]],["konsole",["--new-tab","-e",m]]]){const i=(0,external_child_process_namespaceObject.spawn)(p,f,{detached:!0,stdio:"ignore"});i.unref(),i.on("error",(()=>{}));break}}}const uploadDir=(0,external_path_.join)(configDir,"uploads");(0,external_fs_.mkdirSync)(uploadDir,{recursive:!0});function checkAuth(w,c,o){const g=w.query.token;if(g&&(g===TOKEN||userSessions.has(g))){const h=userSessions.get(g);if(h?.onetime){userSessions.delete(g);const f=(0,external_crypto_.randomBytes)(16).toString("hex");userSessions.set(f,{role:h.role,name:h.name,lastUsed:Date.now()}),setSessionCookie(c,f,w)}else setSessionCookie(c,g===TOKEN?TOKEN:g,w);const m=Object.keys(w.query).filter((f=>f!=="token")),p=w.path+(m.length?"?"+new URLSearchParams(Object.fromEntries(Object.entries(w.query).filter((([f])=>f!=="token")))):"");return c.redirect(p)}if(hasValidSession(w.headers.cookie)){if(isExclusiveMode()&&activeUser){const h=getSessionToken(w.headers.cookie);if(h!==TOKEN){const m=userSessions.get(h);if(!m||m.name!==activeUser.name)return c.setHeader("Set-Cookie",`${SESSION_COOKIE}=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0`),c.redirect("/login")}}return o()}c.redirect("/login")}const _require=(0,external_module_namespaceObject.createRequire)(import.meta.url);function pkgDirSafe(w){try{return(0,external_path_.dirname)(_require.resolve(`${w}/package.json`))}catch{return null}}const libDir=(0,external_path_.join)(server_dirname,"lib"),staticOpts={maxAge:864e5};app.use("/lib/xterm",express.static(pkgDirSafe("xterm")||(0,external_path_.join)(libDir,"xterm"),staticOpts)),app.use("/lib/xterm-fit",express.static(pkgDirSafe("xterm-addon-fit")||(0,external_path_.join)(libDir,"xterm-fit"),staticOpts)),app.use("/lib/xterm-links",express.static(pkgDirSafe("xterm-addon-web-links")||(0,external_path_.join)(libDir,"xterm-links"),staticOpts)),app.use("/sio-client",express.static((0,external_path_.join)(server_dirname,"client-dist"),{maxAge:"1h",index:!1,setHeaders:(w,c)=>{c.endsWith(".js")&&w.setHeader("Content-Type","application/javascript; charset=utf-8")}})),app.get("/manifest.json",((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"manifest.json")))),app.get("/icon.png",((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"icon.png")))),app.get("/icon.svg",((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"icon.svg"))));const _loginAttempts=new Map,LOGIN_MAX_ATTEMPTS=5,LOGIN_LOCKOUT_MS=300*1e3;function checkLoginRate(w){const c=Date.now(),o=_loginAttempts.get(w);return!o||c>o.resetAt?!0:o.count<LOGIN_MAX_ATTEMPTS}function recordLoginFailure(w){const c=Date.now(),o=_loginAttempts.get(w);!o||c>o.resetAt?_loginAttempts.set(w,{count:1,resetAt:c+LOGIN_LOCKOUT_MS}):o.count++}function clearLoginFailures(w){_loginAttempts.delete(w)}setInterval((()=>{const w=Date.now();for(const[c,o]of _loginAttempts)w>o.resetAt&&_loginAttempts.delete(c)}),600*1e3),app.get("/login",((w,c)=>{c.sendFile((0,external_path_.join)(server_dirname,"login.html"))})),app.post("/login",express.urlencoded({extended:!1}),((w,c)=>{const o=w.ip;if(!checkLoginRate(o))return c.redirect("/login?error=locked");loadRoles(),loadUsers();const g=w.body?.password,h=w.query.from,m=h&&h.startsWith("/")&&!h.startsWith("//")?h:"/";if(hasUsers()){const f=lookupUser(g);if(!f)return recordLoginFailure(o),c.redirect("/login?error=1");if(isExclusiveMode()&&activeUser&&activeUser.name!==f.name)return c.redirect("/login?error=occupied&user="+encodeURIComponent(activeUser.name));clearLoginFailures(o);const i=(0,external_crypto_.randomBytes)(16).toString("hex");return userSessions.set(i,{role:"operator",name:f.name,dir:f.dir,lastUsed:Date.now()}),isExclusiveMode()&&(activeUser?activeUser.tokens.add(i):activeUser={name:f.name,dir:f.dir,tokens:new Set([i]),loginAt:Date.now()}),setSessionCookie(c,i,w),console.log(`[\u767B\u5F55] ${f.name} \u767B\u5F55\uFF08${isExclusiveMode()?"\u72EC\u5360":"\u5171\u4EAB"}\u6A21\u5F0F\uFF09`),c.redirect(m)}const p=lookupPassword(g);if(p){clearLoginFailures(o);const f=(0,external_crypto_.randomBytes)(16).toString("hex");return userSessions.set(f,{role:p.role,name:p.name,lastUsed:Date.now()}),setSessionCookie(c,f,w),c.redirect(m)}if(g===PASSWORD){clearLoginFailures(o);const f=(0,external_crypto_.randomBytes)(16).toString("hex");return userSessions.set(f,{role:"admin",name:"\u7BA1\u7406\u5458",lastUsed:Date.now()}),setSessionCookie(c,f,w),c.redirect(m)}recordLoginFailure(o),c.redirect("/login?error=1")})),app.post("/logout",((w,c)=>{const o=getSessionToken(w.headers.cookie);o&&(activeUser&&activeUser.tokens.has(o)&&(activeUser.tokens.delete(o),activeUser.tokens.size===0?(console.log(`[\u9000\u51FA] ${activeUser.name} \u5168\u90E8\u8BBE\u5907\u9000\u51FA\uFF0C\u91CA\u653E\u767B\u5F55\u72B6\u6001\uFF08\u4F1A\u8BDD\u4FDD\u7559\uFF09`),activeUser=null):console.log(`[\u9000\u51FA] ${activeUser.name} \u4E00\u4E2A\u8BBE\u5907\u9000\u51FA\uFF08\u5269\u4F59 ${activeUser.tokens.size} \u4E2A\uFF09`)),userSessions.delete(o)),c.setHeader("Set-Cookie",`${SESSION_COOKIE}=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0`),c.redirect("/login")})),app.get("/api/status",((w,c)=>{if(isExclusiveMode()&&activeUser)return c.json({occupied:!0,userName:activeUser.name,releasing:!!_exclusiveReleaseTimer});if(hasUsers()&&!isExclusiveMode()){const o=new Set;for(const[,g]of io.sockets.sockets){if(!g.data.userName||g.data.userName==="\u7BA1\u7406\u5458")continue;const h=g.handshake.headers.cookie;h&&!hasValidSession(h)||o.add(g.data.userName)}return c.json({occupied:!1,onlineUsers:[...o]})}c.json({occupied:!1})})),app.get("/admin",((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"admin.html")))),app.get("/",checkAuth,((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"index.html")))),app.get("/terminal/:id",checkAuth,((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"chat.html")))),app.get("/terminal-raw/:id",checkAuth,((w,c)=>c.sendFile((0,external_path_.join)(server_dirname,"terminal.html")))),app.use("/lib",express.static((0,external_path_.join)(server_dirname,"lib"),staticOpts)),app.get("/api/sessions",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);c.json(manager.list(o?.name,o?.role==="admin"))})),app.get("/api/usage",((w,c)=>{try{const o=manager.listSessions().filter((h=>h.mode==="agent"&&h.alive)).map((h=>({id:h.id,title:h.title,owner:h.owner,usage:h._usage})));let g=null;for(const h of o)if(h.usage?.rateLimitInfo){g=h.usage.rateLimitInfo;break}c.json({rateLimit:g,activeSessions:o})}catch(o){c.status(500).json({error:o.message})}})),app.post("/api/sessions",checkAuth,express.json(),((w,c)=>{const o=getUserInfo(w.headers.cookie),g=manager.create({...w.body,owner:o?.name,userDir:o?.dir});c.status(201).json(g.toJSON())})),app.delete("/api/sessions/:id",checkAuth,((w,c)=>{manager.kill(w.params.id),c.status(204).end()})),app.get("/api/claude-sessions",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);c.json(listLocalClaudeSessions(o?.dir))})),app.get("/api/agent/history/:sessionId",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o||o.mode!=="agent")return c.status(404).json({ok:!1,error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=o.claudeSessionId;if(!g)return c.json({ok:!0,messages:[],total:0,hasMore:!1});const h=(0,external_path_.join)((0,external_os_.homedir)(),".claude","projects");let m=null;try{if((0,external_fs_.existsSync)(h))for(const l of(0,external_fs_.readdirSync)(h,{withFileTypes:!0})){if(!l.isDirectory())continue;const a=(0,external_path_.join)(h,l.name,g+".jsonl");if((0,external_fs_.existsSync)(a)){m=a;break}}}catch{}if(!m)return c.json({ok:!0,messages:[],total:0,hasMore:!1});let p;try{p=(0,external_fs_.readFileSync)(m,"utf8").split(`
-`).filter(Boolean)}catch(l){return c.status(500).json({ok:!1,error:l.message})}const f=Math.max(0,parseInt(w.query.offset,10)||0),i=Math.min(200,Math.max(1,parseInt(w.query.limit,10)||50)),n=p.length,s=n-f,t=Math.max(0,s-i),e=[];for(let l=t;l<s;l++)try{const a=JSON.parse(p[l]);if((a.type==="human"||a.type==="user")&&a.message?.content){const r=typeof a.message.content=="string"?a.message.content:a.message.content.find((d=>d.type==="text"))?.text||"";r&&e.push({type:"user",content:r,timestamp:a.timestamp})}else a.type==="assistant"&&a.message?.content?e.push({type:"assistant",message:a.message,timestamp:a.timestamp}):a.type==="result"&&e.push({type:"result",total_cost_usd:a.costUSD||a.total_cost_usd,timestamp:a.timestamp})}catch{}c.json({ok:!0,messages:e,total:n,hasMore:t>0})})),app.get("/api/dirs",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);if(!o||o.role!=="admin")return c.status(403).json({error:"\u6CA1\u6709\u76EE\u5F55\u6D4F\u89C8\u6743\u9650"});const g=o.dir?(0,external_path_.resolve)((0,external_path_.normalize)(o.dir)):null,h=process.platform==="win32"?"\\":"/";let m=w.query.path||g||process.env.MYHI_CWD||(0,external_os_.homedir)(),p=(0,external_path_.resolve)((0,external_path_.normalize)(m)).replace(/[/\\]+$/,"");process.platform==="win32"&&/^[A-Za-z]:$/.test(p)&&(p+="\\"),g&&!p.startsWith(g)&&(p=g);try{const f=(0,external_fs_.readdirSync)(p,{withFileTypes:!0}).filter((s=>s.isDirectory()&&s.name!==".git")).map((s=>({name:s.name,path:p.replace(/[/\\]+$/,"")+h+s.name}))).sort(((s,t)=>s.name.localeCompare(t.name))),i=(0,external_path_.join)(p,".."),n=!g||(0,external_path_.resolve)((0,external_path_.normalize)(i)).startsWith(g);c.json({current:p,parent:n&&i!==p?i:null,dirs:f})}catch(f){c.status(400).json({error:f.message})}}));function safePath(w,c){const o=(0,external_path_.resolve)((0,external_path_.normalize)(w)),g=(0,external_path_.resolve)((0,external_path_.normalize)((0,external_path_.join)(w,c||"")));if(g!==o&&!g.startsWith(o+external_path_.sep))return null;try{const h=(0,external_fs_.realpathSync)(o),m=(0,external_fs_.existsSync)(g)?(0,external_fs_.realpathSync)(g):g;if(m!==h&&!m.startsWith(h+external_path_.sep))return null}catch{}return g}function walkFiles(w,c,o=[],g=0){if(g>20)return o;let h;try{h=(0,external_fs_.readdirSync)(w,{withFileTypes:!0})}catch{return o}for(const m of h){if(m.name===".git")continue;const p=(0,external_path_.join)(w,m.name),f=c?c+"/"+m.name:m.name;try{const i=(0,external_fs_.lstatSync)(p);if(i.isSymbolicLink())continue;i.isDirectory()?walkFiles(p,f,o,g+1):i.isFile()&&o.push({name:f,size:i.size,mtime:i.mtimeMs})}catch{}}return o}function fileHash(w){return new Promise(((c,o)=>{const g=(0,external_crypto_.createHash)("sha256"),h=(0,external_fs_.createReadStream)(w);h.on("data",(m=>g.update(m))),h.on("end",(()=>c(g.digest("hex")))),h.on("error",o)}))}app.get("/api/files/:sessionId",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path||"",h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{if(!(0,external_fs_.statSync)(h).isDirectory())return c.status(400).json({error:"\u4E0D\u662F\u76EE\u5F55"});const m=(0,external_fs_.readdirSync)(h,{withFileTypes:!0}).filter((i=>i.name!==".git")).map((i=>{const n=(0,external_path_.join)(h,i.name);try{const s=(0,external_fs_.lstatSync)(n);return s.isSymbolicLink()?null:{name:i.name,isDir:s.isDirectory(),size:s.isFile()?s.size:void 0,mtime:s.mtimeMs}}catch{return null}})).filter(Boolean).sort(((i,n)=>n.isDir-i.isDir||i.name.localeCompare(n.name))),p=g?g.replace(/\\/g,"/"):"",f=p.includes("/")?p.slice(0,p.lastIndexOf("/")):p?"":null;c.json({ok:!0,cwd:o.cwd,path:p,parent:f,entries:m})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/files/:sessionId/download",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path;if(!g)return c.status(400).json({error:"\u7F3A\u5C11 path \u53C2\u6570"});const h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{const m=(0,external_fs_.statSync)(h);if(!m.isFile())return c.status(400).json({error:"\u4E0D\u662F\u6587\u4EF6"});const p=g.split("/").pop();c.setHeader("Content-Disposition",`attachment; filename*=UTF-8''${encodeURIComponent(p)}`),c.setHeader("Content-Length",m.size),(0,external_fs_.createReadStream)(h).pipe(c)}catch{c.status(404).json({error:"\u6587\u4EF6\u4E0D\u5B58\u5728"})}})),app.post("/api/files/:sessionId/upload",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=(w.query.path||"").replace(/\\/g,"/"),h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});(0,external_fs_.mkdirSync)(h,{recursive:!0}),multer({storage:multer.diskStorage({destination:(m,p,f)=>{p.originalname=Buffer.from(p.originalname,"latin1").toString("utf8");const i=p.originalname.includes("/")?p.originalname.slice(0,p.originalname.lastIndexOf("/")):"",n=i?(0,external_path_.join)(h,i):h,s=(0,external_path_.resolve)((0,external_path_.normalize)(n)),t=(0,external_path_.resolve)((0,external_path_.normalize)(o.cwd));if(s!==t&&!s.startsWith(t+external_path_.sep))return f(new Error("\u8DEF\u5F84\u8D8A\u754C"));(0,external_fs_.mkdirSync)(n,{recursive:!0}),f(null,n)},filename:(m,p,f)=>{const i=p.originalname.includes("/")?p.originalname.slice(p.originalname.lastIndexOf("/")+1):p.originalname;f(null,i)}}),limits:{fileSize:500*1024*1024}}).array("files",100)(w,c,(m=>{if(m)return c.status(400).json({error:m.message});if(!w.files?.length)return c.status(400).json({error:"\u6CA1\u6709\u6587\u4EF6"});const p=w.files.map((f=>({name:f.originalname,size:f.size,path:(0,external_path_.resolve)(f.path).replace(/\\/g,"/")})));io.emit("files:changed",{sessionId:o.id}),c.json({ok:!0,files:p})}))})),app.delete("/api/files/:sessionId",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path;if(!g)return c.status(400).json({error:"\u7F3A\u5C11 path \u53C2\u6570"});const h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});if((0,external_path_.resolve)((0,external_path_.normalize)(h))===(0,external_path_.resolve)((0,external_path_.normalize)(o.cwd)))return c.status(403).json({error:"\u4E0D\u80FD\u5220\u9664\u4F1A\u8BDD\u6839\u76EE\u5F55"});try{(0,external_fs_.statSync)(h).isDirectory()?(0,external_fs_.rmSync)(h,{recursive:!0}):(0,external_fs_.unlinkSync)(h),io.emit("files:changed",{sessionId:o.id}),c.json({ok:!0})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/files/:sessionId/manifest",checkAuth,(async(w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path||"",h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{const m=walkFiles(h,""),p=[];for(const f of m){if(f.size>=50*1024*1024){p.push(f);continue}try{const i=await fileHash((0,external_path_.join)(h,f.name));p.push({...f,hash:i})}catch{p.push(f)}}c.json({ok:!0,cwd:o.cwd,path:g,files:p})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/me",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);c.json({name:o?.name||"\u7528\u6237",role:o?.role||"admin",exclusive:isExclusiveMode(),hasUsers:hasUsers(),dir:o?.dir||null})}));const gatewayFile=(0,external_path_.join)(configDir,"gateway.json");function loadGateway(){try{return JSON.parse((0,external_fs_.readFileSync)(gatewayFile,"utf8"))}catch{return{baseUrl:"",apiKey:""}}}app.get("/api/gateway",checkAdminAuth,((w,c)=>{const o=loadGateway();c.json({baseUrl:o.baseUrl||"",apiKey:o.apiKey?o.apiKey.length>12?o.apiKey.slice(0,6)+"***"+o.apiKey.slice(-4):"***":"",hasKey:!!o.apiKey})})),app.post("/api/gateway",checkAdminAuth,express.json(),((w,c)=>{const{baseUrl:o,apiKey:g}=w.body||{},h=loadGateway(),m={baseUrl:typeof o=="string"?o.trim():h.baseUrl,apiKey:!g||g.includes("***")?h.apiKey:g.trim()};try{(0,external_fs_.mkdirSync)(configDir,{recursive:!0}),(0,external_fs_.writeFileSync)(gatewayFile,JSON.stringify(m,null,2),{mode:384}),c.json({ok:!0})}catch(p){c.status(500).json({error:p.message})}}));function getPkgVersion(){for(const w of["../package.json","./package.json","package.json"])try{const c=JSON.parse((0,external_fs_.readFileSync)((0,external_path_.join)(server_dirname,w),"utf8")).version;if(c&&c!=="0.0.0")return c}catch{}return"0.0.0"}const PKG_VERSION=getPkgVersion();let _latestVersion=null,_lastVersionCheck=0;const VERSION_CHECK_INTERVAL=600*1e3;async function checkLatestVersion(){const w=Date.now();if(_latestVersion&&w-_lastVersionCheck<VERSION_CHECK_INTERVAL)return _latestVersion;try{const c=await fetch("https://registry.npmjs.org/@wendongfly/myhi/latest",{headers:{Accept:"application/json"},signal:AbortSignal.timeout(8e3)});c.ok&&(_latestVersion=(await c.json()).version,_lastVersionCheck=w)}catch{}return _latestVersion}app.get("/api/version",(async(w,c)=>{const o=getPkgVersion(),g=await checkLatestVersion();c.json({current:o,latest:g||o,updateAvailable:g&&g!==o})}));function isSystemd(){return process.platform==="linux"&&(process.env.INVOCATION_ID||process.env.JOURNAL_STREAM)}function getNpmUpgradeCmd(){return process.platform==="win32"?"npm.cmd install -g @wendongfly/myhi@latest":"npm install -g @wendongfly/myhi@latest"}function restartService(){if(process.send)process.send({type:"restart"});else if(isSystemd())try{(0,external_child_process_namespaceObject.spawn)("sudo",["systemctl","restart","myhi.service"],{detached:!0,stdio:"ignore"}).unref()}catch{}else process.exit(0)}app.post("/api/update",checkAuth,(async(w,c)=>{try{await execAsync(getNpmUpgradeCmd(),{encoding:"utf8",timeout:12e4}),console.log("[myhi] \u5347\u7EA7\u5B8C\u6210"),c.json({ok:!0,message:"\u5347\u7EA7\u5B8C\u6210\uFF0C\u670D\u52A1\u5C06\u81EA\u52A8\u91CD\u542F..."}),setTimeout((()=>restartService()),500)}catch(o){const g=(o.stderr||o.stdout||o.message||"").split(`
+`).filter(Boolean)}catch(l){return c.status(500).json({ok:!1,error:l.message})}const f=Math.max(0,parseInt(w.query.offset,10)||0),i=Math.min(200,Math.max(1,parseInt(w.query.limit,10)||50)),n=p.length,s=n-f,t=Math.max(0,s-i),e=[];for(let l=t;l<s;l++)try{const a=JSON.parse(p[l]);if((a.type==="human"||a.type==="user")&&a.message?.content){const r=typeof a.message.content=="string"?a.message.content:a.message.content.find((d=>d.type==="text"))?.text||"";r&&e.push({type:"user",content:r,timestamp:a.timestamp})}else a.type==="assistant"&&a.message?.content?e.push({type:"assistant",message:a.message,timestamp:a.timestamp}):a.type==="result"&&e.push({type:"result",total_cost_usd:a.costUSD||a.total_cost_usd,timestamp:a.timestamp})}catch{}c.json({ok:!0,messages:e,total:n,hasMore:t>0})})),app.get("/api/dirs",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);if(!o||o.role!=="admin")return c.status(403).json({error:"\u6CA1\u6709\u76EE\u5F55\u6D4F\u89C8\u6743\u9650"});const g=o.dir?(0,external_path_.resolve)((0,external_path_.normalize)(o.dir)):null,h=process.platform==="win32"?"\\":"/";let m=w.query.path||g||process.env.MYHI_CWD||(0,external_os_.homedir)(),p=(0,external_path_.resolve)((0,external_path_.normalize)(m)).replace(/[/\\]+$/,"");process.platform==="win32"&&/^[A-Za-z]:$/.test(p)&&(p+="\\"),g&&!p.startsWith(g)&&(p=g);try{const f=(0,external_fs_.readdirSync)(p,{withFileTypes:!0}).filter((s=>s.isDirectory()&&s.name!==".git")).map((s=>({name:s.name,path:p.replace(/[/\\]+$/,"")+h+s.name}))).sort(((s,t)=>s.name.localeCompare(t.name))),i=(0,external_path_.join)(p,".."),n=!g||(0,external_path_.resolve)((0,external_path_.normalize)(i)).startsWith(g);c.json({current:p,parent:n&&i!==p?i:null,dirs:f})}catch(f){c.status(400).json({error:f.message})}}));function safePath(w,c){const o=(0,external_path_.resolve)((0,external_path_.normalize)(w)),g=(0,external_path_.resolve)((0,external_path_.normalize)((0,external_path_.join)(w,c||"")));if(g!==o&&!g.startsWith(o+external_path_.sep))return null;try{const h=(0,external_fs_.realpathSync)(o),m=(0,external_fs_.existsSync)(g)?(0,external_fs_.realpathSync)(g):g;if(m!==h&&!m.startsWith(h+external_path_.sep))return null}catch{}return g}function walkFiles(w,c,o=[],g=0){if(g>20)return o;let h;try{h=(0,external_fs_.readdirSync)(w,{withFileTypes:!0})}catch{return o}for(const m of h){if(m.name===".git")continue;const p=(0,external_path_.join)(w,m.name),f=c?c+"/"+m.name:m.name;try{const i=(0,external_fs_.lstatSync)(p);if(i.isSymbolicLink())continue;i.isDirectory()?walkFiles(p,f,o,g+1):i.isFile()&&o.push({name:f,size:i.size,mtime:i.mtimeMs})}catch{}}return o}function fileHash(w){return new Promise(((c,o)=>{const g=(0,external_crypto_.createHash)("sha256"),h=(0,external_fs_.createReadStream)(w);h.on("data",(m=>g.update(m))),h.on("end",(()=>c(g.digest("hex")))),h.on("error",o)}))}app.get("/api/files/:sessionId",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path||"",h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{if(!(0,external_fs_.statSync)(h).isDirectory())return c.status(400).json({error:"\u4E0D\u662F\u76EE\u5F55"});const m=(0,external_fs_.readdirSync)(h,{withFileTypes:!0}).filter((i=>i.name!==".git")).map((i=>{const n=(0,external_path_.join)(h,i.name);try{const s=(0,external_fs_.lstatSync)(n);return s.isSymbolicLink()?null:{name:i.name,isDir:s.isDirectory(),size:s.isFile()?s.size:void 0,mtime:s.mtimeMs}}catch{return null}})).filter(Boolean).sort(((i,n)=>n.isDir-i.isDir||i.name.localeCompare(n.name))),p=g?g.replace(/\\/g,"/"):"",f=p.includes("/")?p.slice(0,p.lastIndexOf("/")):p?"":null;c.json({ok:!0,cwd:o.cwd,path:p,parent:f,entries:m})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/files/:sessionId/download",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path;if(!g)return c.status(400).json({error:"\u7F3A\u5C11 path \u53C2\u6570"});const h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{const m=(0,external_fs_.statSync)(h);if(!m.isFile())return c.status(400).json({error:"\u4E0D\u662F\u6587\u4EF6"});const p=g.split("/").pop();c.setHeader("Content-Disposition",`attachment; filename*=UTF-8''${encodeURIComponent(p)}`),c.setHeader("Content-Length",m.size),(0,external_fs_.createReadStream)(h).pipe(c)}catch{c.status(404).json({error:"\u6587\u4EF6\u4E0D\u5B58\u5728"})}})),app.post("/api/files/:sessionId/upload",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=(w.query.path||"").replace(/\\/g,"/"),h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});(0,external_fs_.mkdirSync)(h,{recursive:!0}),multer({storage:multer.diskStorage({destination:(m,p,f)=>{p.originalname=Buffer.from(p.originalname,"latin1").toString("utf8");const i=p.originalname.includes("/")?p.originalname.slice(0,p.originalname.lastIndexOf("/")):"",n=i?(0,external_path_.join)(h,i):h,s=(0,external_path_.resolve)((0,external_path_.normalize)(n)),t=(0,external_path_.resolve)((0,external_path_.normalize)(o.cwd));if(s!==t&&!s.startsWith(t+external_path_.sep))return f(new Error("\u8DEF\u5F84\u8D8A\u754C"));(0,external_fs_.mkdirSync)(n,{recursive:!0}),f(null,n)},filename:(m,p,f)=>{const i=p.originalname.includes("/")?p.originalname.slice(p.originalname.lastIndexOf("/")+1):p.originalname;f(null,i)}}),limits:{fileSize:500*1024*1024}}).array("files",100)(w,c,(m=>{if(m)return c.status(400).json({error:m.message});if(!w.files?.length)return c.status(400).json({error:"\u6CA1\u6709\u6587\u4EF6"});const p=w.files.map((f=>({name:f.originalname,size:f.size,path:(0,external_path_.resolve)(f.path).replace(/\\/g,"/")})));io.emit("files:changed",{sessionId:o.id}),c.json({ok:!0,files:p})}))})),app.delete("/api/files/:sessionId",checkAuth,((w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path;if(!g)return c.status(400).json({error:"\u7F3A\u5C11 path \u53C2\u6570"});const h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});if((0,external_path_.resolve)((0,external_path_.normalize)(h))===(0,external_path_.resolve)((0,external_path_.normalize)(o.cwd)))return c.status(403).json({error:"\u4E0D\u80FD\u5220\u9664\u4F1A\u8BDD\u6839\u76EE\u5F55"});try{(0,external_fs_.statSync)(h).isDirectory()?(0,external_fs_.rmSync)(h,{recursive:!0}):(0,external_fs_.unlinkSync)(h),io.emit("files:changed",{sessionId:o.id}),c.json({ok:!0})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/files/:sessionId/manifest",checkAuth,(async(w,c)=>{const o=manager.get(w.params.sessionId);if(!o)return c.status(404).json({error:"\u4F1A\u8BDD\u4E0D\u5B58\u5728"});const g=w.query.path||"",h=safePath(o.cwd,g);if(!h)return c.status(403).json({error:"\u8DEF\u5F84\u8D8A\u754C"});try{const m=walkFiles(h,""),p=[];for(const f of m){if(f.size>=50*1024*1024){p.push(f);continue}try{const i=await fileHash((0,external_path_.join)(h,f.name));p.push({...f,hash:i})}catch{p.push(f)}}c.json({ok:!0,cwd:o.cwd,path:g,files:p})}catch(m){c.status(500).json({error:m.message})}})),app.get("/api/me",checkAuth,((w,c)=>{const o=getUserInfo(w.headers.cookie);c.json({name:o?.name||"\u7528\u6237",role:o?.role||"admin",exclusive:isExclusiveMode(),hasUsers:hasUsers(),dir:o?.dir||null})}));const gatewayFile=(0,external_path_.join)(configDir,"gateway.json");function loadGateway(){try{return JSON.parse((0,external_fs_.readFileSync)(gatewayFile,"utf8"))}catch{return{baseUrl:"",apiKey:""}}}app.get("/api/gateway",checkAdminAuth,((w,c)=>{const o=loadGateway();c.json({baseUrl:o.baseUrl||"",apiKey:o.apiKey?o.apiKey.length>12?o.apiKey.slice(0,6)+"***"+o.apiKey.slice(-4):"***":"",hasKey:!!o.apiKey})})),app.post("/api/gateway",checkAdminAuth,express.json(),((w,c)=>{const{baseUrl:o,apiKey:g}=w.body||{},h=loadGateway(),m={baseUrl:typeof o=="string"?o.trim():h.baseUrl,apiKey:!g||g.includes("***")?h.apiKey:g.trim()};try{(0,external_fs_.mkdirSync)(configDir,{recursive:!0}),(0,external_fs_.writeFileSync)(gatewayFile,JSON.stringify(m,null,2),{mode:384}),c.json({ok:!0})}catch(p){c.status(500).json({error:p.message})}}));function getPkgVersion(){for(const w of["../package.json","./package.json","package.json"])try{const c=JSON.parse((0,external_fs_.readFileSync)((0,external_path_.join)(server_dirname,w),"utf8")).version;if(c&&c!=="0.0.0")return c}catch{}return"0.0.0"}const PKG_VERSION=getPkgVersion();let _latestVersion=null,_lastVersionCheck=0;const VERSION_CHECK_INTERVAL=600*1e3;async function checkLatestVersion(){const w=Date.now();if(_latestVersion&&w-_lastVersionCheck<VERSION_CHECK_INTERVAL)return _latestVersion;try{const c=await fetch("https://registry.npmjs.org/@wendongfly/myhi/latest",{headers:{Accept:"application/json"},signal:AbortSignal.timeout(8e3)});c.ok&&(_latestVersion=(await c.json()).version,_lastVersionCheck=w)}catch{}return _latestVersion}app.get("/api/version",(async(w,c)=>{const o=getPkgVersion(),g=await checkLatestVersion();c.json({current:o,latest:g||o,updateAvailable:g&&g!==o})}));function isSystemd(){return process.platform==="linux"&&(process.env.INVOCATION_ID||process.env.JOURNAL_STREAM)}function getNpmUpgradeCmd(){return process.platform==="win32"?"npm.cmd install -g @wendongfly/myhi@latest":"npm install -g @wendongfly/myhi@latest"}function restartService(){if(process.send)process.send({type:"restart"});else if(isSystemd())try{(0,external_child_process_namespaceObject.spawn)("sudo",["systemctl","restart","myhi.service"],{detached:!0,stdio:"ignore"}).unref()}catch{}else process.exit(0)}app.get("/api/server-config",checkAuth,((w,c)=>{const o=process.env.ASR_URL||(()=>{try{return JSON.parse((0,external_fs_.readFileSync)((0,external_path_.join)((0,external_os_.homedir)(),".myhi","asr.json"),"utf8")).url}catch{return""}})();c.json({asrUrl:o||""})})),app.post("/api/server-config",checkAuth,express.json(),((w,c)=>{const{asrUrl:o}=w.body||{},g=(0,external_path_.join)((0,external_os_.homedir)(),".myhi","asr.json");try{const h=(o||"").trim();(0,external_fs_.writeFileSync)(g,JSON.stringify({url:h},null,2),"utf8"),c.json({ok:!0})}catch(h){c.status(500).json({error:h.message})}})),app.post("/api/restart",checkAuth,((w,c)=>{c.json({ok:!0}),setTimeout((()=>restartService()),300)})),app.post("/api/update",checkAuth,(async(w,c)=>{try{await execAsync(getNpmUpgradeCmd(),{encoding:"utf8",timeout:12e4}),console.log("[myhi] \u5347\u7EA7\u5B8C\u6210"),c.json({ok:!0,message:"\u5347\u7EA7\u5B8C\u6210\uFF0C\u670D\u52A1\u5C06\u81EA\u52A8\u91CD\u542F..."}),setTimeout((()=>restartService()),500)}catch(o){const g=(o.stderr||o.stdout||o.message||"").split(`
 `).filter((h=>h.trim())).slice(-5).join(`
 `);console.error("[myhi] \u5347\u7EA7\u5931\u8D25:",g),c.status(500).json({ok:!1,error:`npm install \u5931\u8D25\uFF1A
 `+g+`

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wendongfly/myhi",
-  "version": "1.3.60",
+  "version": "1.3.61",
   "description": "Web-based terminal sharing with chat UI — control your terminal from phone via LAN/Tailscale",
   "type": "module",
   "main": "dist/index.js",