npm - @xopcai/xopc - Versions diffs - 0.0.83 → 0.0.85 - Mend

@xopcai/xopc 0.0.83 → 0.0.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/dist/src/gateway/hono/routes/shares.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"shares.js","names":[],"sources":["../../../../../src/gateway/hono/routes/shares.ts"],"sourcesContent":["import type { Hono } from 'hono';\nimport { createReadStream } from 'node:fs';\nimport { stat } from 'node:fs/promises';\nimport { createHash } from 'node:crypto';\nimport { Readable } from 'node:stream';\n\nimport { extractToken } from '../../auth.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { getShareStore } from '../../../share/share-store.js';\nimport { resolveShareUrl } from '../../../share/share-url.js';\nimport { consumeSharePublicLimit } from '../../../share/share-rate-limit.js';\nimport { logShareAudit } from '../../../share/share-audit.js';\nimport { renderShareLandingPage, renderShareExpiredPage } from '../../../share/share-landing.js';\nimport type { ShareExpiredReason } from '../../../share/share-landing.js';\nimport type { ShareConfig } from '../../../share/share-types.js';\nimport { resolveGatewayEffectiveHost } from '../../../config/gateway-bind.js';\nimport { SHARE_CONFIG_DEFAULTS } from '../../../share/share-types.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\nimport type { GatewayService } from '../../service.js';\n\nfunction getShareUrlContext(service: GatewayService) {\n const gateway = service.currentConfig.gateway;\n return {\n gatewayHost: resolveGatewayEffectiveHost(service.currentConfig),\n gatewayPort: gateway.port ?? 18790,\n };\n}\n\nfunction resolveShareConfig(service: GatewayService): Partial<ShareConfig> {\n const raw = (service.currentConfig.gateway as Record<string, unknown>)?.share;\n if (!raw \|\| typeof raw !== 'object') return {};\n return raw as Partial<ShareConfig>;\n}\n\nfunction hashGatewayToken(token: string): string {\n return createHash('sha256').update(token, 'utf8').digest('hex').slice(0, 12);\n}\n\nconst MAX_CONCURRENT_DOWNLOADS_PER_TOKEN = 5;\nconst activeDownloads = new Map<string, number>();\n\nfunction acquireDownloadSlot(token: string): boolean {\n const current = activeDownloads.get(token) ?? 0;\n if (current >= MAX_CONCURRENT_DOWNLOADS_PER_TOKEN) return false;\n activeDownloads.set(token, current + 1);\n return true;\n}\n\nfunction releaseDownloadSlot(token: string): void {\n const current = activeDownloads.get(token) ?? 0;\n if (current <= 1) {\n activeDownloads.delete(token);\n } else {\n activeDownloads.set(token, current - 1);\n }\n}\n\n// ── Public routes (no auth required) ──────────────────────────────────────────\n\nexport function registerSharePublicRoutes(app: Hono, service: GatewayService): void {\n const store = getShareStore(resolveShareConfig(service));\n\n /** Landing page — does NOT consume viewCount (prevents link unfurl from wasting views). /\n app.get('/s/:token', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n\n if (!record) {\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: token.slice(0, 8), reason: validation.reason, clientIp },\n `Share access denied: ${validation.reason}`,\n );\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n // Direct download shortcut: ?dl=1\n if (c.req.query('dl') === '1') {\n return handleDownload(c, store, record, clientIp);\n }\n\n // Inline preview for whitelisted MIME types: ?inline=1\n if (c.req.query('inline') === '1') {\n const cfg = { ...SHARE_CONFIG_DEFAULTS, ...resolveShareConfig(service) };\n if (cfg.inlinePreviewMimes.includes(record.mimeType)) {\n return handleDownload(c, store, record, clientIp, true);\n }\n }\n\n const downloadPath = `/s/${token}/download`;\n return c.html(renderShareLandingPage(record, downloadPath));\n });\n\n /* Actual file download — consumes viewCount. /\n app.post('/s/:token/download', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n\n if (!record) {\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: token.slice(0, 8), reason: validation.reason, clientIp },\n `Share download denied: ${validation.reason}`,\n );\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n return handleDownload(c, store, record, clientIp);\n });\n\n /* File metadata (for link preview cards). /\n app.get('/s/:token/meta', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) {\n return c.json({ valid: false }, 404);\n }\n\n const validation = store.validateAccess(record);\n const remainingViews = record.maxViews !== null ? Math.max(0, record.maxViews - record.viewCount) : null;\n\n return c.json({\n fileName: record.fileName,\n fileSize: record.fileSize,\n mimeType: record.mimeType,\n description: record.description ?? null,\n expiresAt: record.expiresAt,\n remainingViews,\n valid: validation.valid,\n });\n });\n\n /* HEAD check (Hono uses .on() for HEAD method). /\n app.on('HEAD', '/s/:token', async (c) => {\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.body(null, 404);\n const validation = store.validateAccess(record);\n return c.body(null, validation.valid ? 200 : 410);\n });\n}\n\n// ── Authenticated routes ──────────────────────────────────────────────────────\n\nexport function registerShareRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const { service } = deps;\n const store = getShareStore(resolveShareConfig(service));\n\n /* Create a share. /\n authenticated.post('/api/shares', async (c) => {\n const gatewayToken = extractToken({ authorization: c.req.header('authorization') ?? undefined });\n if (!gatewayToken) return c.json({ ok: false, error: { message: 'Token required' } }, 401);\n\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const path = typeof body.path === 'string' ? body.path.trim() : '';\n if (!path) {\n return c.json({ ok: false, error: { message: 'Missing path' } }, 400);\n }\n\n const sessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : undefined;\n const agentId = typeof body.agentId === 'string' ? body.agentId.trim() : undefined;\n\n // Resolve workspace root (same logic as workspace editor routes)\n const workspaceRoot = await resolveWorkspaceRootForShare(service, sessionKey, agentId);\n if (!workspaceRoot) {\n return c.json({ ok: false, error: { message: 'Workspace not configured' } }, 400);\n }\n\n const ttlMs = typeof body.ttlMs === 'number' ? body.ttlMs : undefined;\n const maxViews = body.maxViews === null ? null : typeof body.maxViews === 'number' ? body.maxViews : undefined;\n const description = typeof body.description === 'string' ? body.description.trim() \|\| undefined : undefined;\n\n try {\n store.updateConfig(resolveShareConfig(service));\n const record = await store.create({\n path,\n ttlMs,\n maxViews,\n description,\n sessionKey,\n agentId,\n workspaceRoot,\n gatewayTokenHash: hashGatewayToken(gatewayToken),\n });\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(record.token, urlCtx);\n\n return c.json({\n ok: true,\n payload: {\n id: record.id,\n token: record.token,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n reachabilityHint: resolved.reachabilityHint,\n expiresAt: record.expiresAt,\n maxViews: record.maxViews,\n fileName: record.fileName,\n fileSize: record.fileSize,\n },\n }, 201);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n });\n\n /* List all shares. /\n authenticated.get('/api/shares', async (c) => {\n store.updateConfig(resolveShareConfig(service));\n const shares = store.getAllShares();\n const urlCtx = getShareUrlContext(service);\n const now = Date.now();\n\n const items = shares.map((r) => {\n const resolved = resolveShareUrl(r.token, urlCtx);\n const expired = now >= new Date(r.expiresAt).getTime();\n return {\n id: r.id,\n fileName: r.fileName,\n workspaceRelativePath: r.workspaceRelativePath,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n createdAt: r.createdAt,\n expiresAt: r.expiresAt,\n viewCount: r.viewCount,\n maxViews: r.maxViews,\n revoked: r.revoked,\n expired,\n description: r.description ?? null,\n fileSize: r.fileSize,\n mimeType: r.mimeType,\n };\n });\n\n return c.json({ ok: true, payload: { shares: items } });\n });\n\n /* Get single share details. /\n authenticated.get('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n const record = store.getById(id);\n if (!record) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(record.token, urlCtx);\n const expired = Date.now() >= new Date(record.expiresAt).getTime();\n\n return c.json({\n ok: true,\n payload: {\n ...record,\n token: undefined,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n expired,\n },\n });\n });\n\n /* Revoke a share. /\n authenticated.delete('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n const success = store.revoke(id);\n if (!success) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n return c.json({ ok: true });\n });\n\n /* Batch revoke. /\n authenticated.delete('/api/shares', async (c) => {\n let body: Record<string, unknown> = {};\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n / empty body = no-op /\n }\n\n if (body.expired === true) {\n const count = store.revokeExpired();\n return c.json({ ok: true, payload: { revokedCount: count } });\n }\n\n const ids = Array.isArray(body.ids) ? (body.ids as string[]).filter((x) => typeof x === 'string') : [];\n if (ids.length === 0) {\n return c.json({ ok: false, error: { message: 'Provide ids array or expired: true' } }, 400);\n }\n const count = store.revokeMany(ids);\n return c.json({ ok: true, payload: { revokedCount: count } });\n });\n\n /* Update a share (extend TTL or change maxViews). /\n authenticated.patch('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const patch: { extendTtlMs?: number; maxViews?: number \| null } = {};\n if (typeof body.extendTtlMs === 'number') patch.extendTtlMs = body.extendTtlMs;\n if (body.maxViews === null \|\| typeof body.maxViews === 'number') patch.maxViews = body.maxViews as number \| null;\n\n const updated = store.update(id, patch);\n if (!updated) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(updated.token, urlCtx);\n\n return c.json({\n ok: true,\n payload: {\n id: updated.id,\n expiresAt: updated.expiresAt,\n maxViews: updated.maxViews,\n shareUrl: resolved.shareUrl,\n },\n });\n });\n}\n\n// ── Helpers ───────────────────────────────────────────────────────────────────\n\nasync function resolveWorkspaceRootForShare(\n service: GatewayService,\n sessionKey: string \| undefined,\n agentId: string \| undefined,\n): Promise<string \| null> {\n const cfg = service.currentConfig;\n\n if (sessionKey) {\n try {\n return await service.sessions.getEffectiveWorkspacePath(sessionKey);\n } catch {\n / fall through to agentId */\n }\n }\n\n // Import dynamically to avoid circular dependency at module load time\n const { getWorkspacePath } = await import('../../../config/workspace-path-helpers.js');\n const { resolveAgentWorkspaceDir, normalizeAgentId, resolveDefaultAgentId } = await import(\n '../../../agent/agent-scope.js'\n );\n\n if (agentId) {\n const normalized = normalizeAgentId(agentId);\n return resolveAgentWorkspaceDir(cfg, normalized);\n }\n\n const root = getWorkspacePath(cfg);\n if (root) return root;\n\n const defaultId = resolveDefaultAgentId(cfg);\n return resolveAgentWorkspaceDir(cfg, defaultId);\n}\n\nasync function handleDownload(\n c: { header: (n: string, v: string) => void; body: (b: unknown, s?: number) => Response },\n store: ReturnType<typeof getShareStore>,\n record: ReturnType<ReturnType<typeof getShareStore>['getByToken']> & {},\n clientIp: string,\n inline = false,\n): Promise<Response> {\n // Concurrency check\n if (!acquireDownloadSlot(record.token)) {\n return c.body('Too many concurrent downloads for this share', 429) as unknown as Response;\n }\n\n try {\n // File integrity check (inode + path)\n const integrity = await store.validateFileIntegrity(record);\n if (!integrity.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), reason: integrity.reason, clientIp },\n `Share file integrity check failed: ${integrity.reason}`,\n );\n const { renderShareExpiredPage: render } = await import('../../../share/share-landing.js');\n return new Response(render(integrity.reason as ShareExpiredReason), {\n status: 410,\n headers: { 'Content-Type': 'text/html; charset=utf-8' },\n });\n }\n\n // Consume viewCount\n store.incrementViewCount(record.id);\n\n logShareAudit(\n 'share.access',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), clientIp, viewCount: record.viewCount },\n `Share downloaded: ${record.fileName}`,\n );\n\n // Stream file\n const fileStat = await stat(record.absolutePath);\n const stream = createReadStream(record.absolutePath);\n const webStream = Readable.toWeb(stream) as ReadableStream;\n\n const disposition = inline ? `inline; filename=\"${encodeURIComponent(record.fileName)}\"` : `attachment; filename=\"${encodeURIComponent(record.fileName)}\"`;\n\n return new Response(webStream, {\n status: 200,\n headers: {\n 'Content-Type': record.mimeType,\n 'Content-Disposition': disposition,\n 'Content-Length': String(fileStat.size),\n 'Cache-Control': 'private, no-store',\n 'X-Content-Type-Options': 'nosniff',\n 'X-Frame-Options': 'DENY',\n 'Referrer-Policy': 'no-referrer',\n },\n });\n } finally {\n releaseDownloadSlot(record.token);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAoBA,SAAS,mBAAmB,SAAyB;CACnD,MAAM,UAAU,QAAQ,cAAc;AACtC,QAAO;EACL,aAAa,4BAA4B,QAAQ,cAAc;EAC/D,aAAa,QAAQ,QAAQ;EAC9B;;AAGH,SAAS,mBAAmB,SAA+C;CACzE,MAAM,MAAO,QAAQ,cAAc,SAAqC;AACxE,KAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO,EAAE;AAC9C,QAAO;;AAGT,SAAS,iBAAiB,OAAuB;AAC/C,QAAO,WAAW,SAAS,CAAC,OAAO,OAAO,OAAO,CAAC,OAAO,MAAM,CAAC,MAAM,GAAG,GAAG;;AAG9E,MAAM,qCAAqC;AAC3C,MAAM,kCAAkB,IAAI,KAAqB;AAEjD,SAAS,oBAAoB,OAAwB;CACnD,MAAM,UAAU,gBAAgB,IAAI,MAAM,IAAI;AAC9C,KAAI,WAAW,mCAAoC,QAAO;AAC1D,iBAAgB,IAAI,OAAO,UAAU,EAAE;AACvC,QAAO;;AAGT,SAAS,oBAAoB,OAAqB;CAChD,MAAM,UAAU,gBAAgB,IAAI,MAAM,IAAI;AAC9C,KAAI,WAAW,EACb,iBAAgB,OAAO,MAAM;KAE7B,iBAAgB,IAAI,OAAO,UAAU,EAAE;;AAM3C,SAAgB,0BAA0B,KAAW,SAA+B;CAClF,MAAM,QAAQ,cAAc,mBAAmB,QAAQ,CAAC;;AAGxD,KAAI,IAAI,aAAa,OAAO,MAAM;EAChC,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AAEtC,MAAI,CAAC,OACH,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAGzD,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,OAAO;AACrB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,WAAW;IAAQ;IAAU,EAC3F,wBAAwB,WAAW,SACpC;AACD,UAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;;AAIrF,MAAI,EAAE,IAAI,MAAM,KAAK,KAAK,IACxB,QAAO,eAAe,GAAG,OAAO,QAAQ,SAAS;AAInD,MAAI,EAAE,IAAI,MAAM,SAAS,KAAK;OAExB;IADU,GAAG;IAAuB,GAAG,mBAAmB,QAAQ;IAC/D,CAAC,mBAAmB,SAAS,OAAO,SAAS,CAClD,QAAO,eAAe,GAAG,OAAO,QAAQ,UAAU,KAAK;;EAI3D,MAAM,eAAe,MAAM,MAAM;AACjC,SAAO,EAAE,KAAK,uBAAuB,QAAQ,aAAa,CAAC;GAC3D;;AAGF,KAAI,KAAK,sBAAsB,OAAO,MAAM;EAC1C,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AAEtC,MAAI,CAAC,OACH,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAGzD,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,OAAO;AACrB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,WAAW;IAAQ;IAAU,EAC3F,0BAA0B,WAAW,SACtC;AACD,UAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;;AAGrF,SAAO,eAAe,GAAG,OAAO,QAAQ,SAAS;GACjD;;AAGF,KAAI,IAAI,kBAAkB,OAAO,MAAM;EAErC,MAAM,aAAa,wBADF,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CACzC,CAAC;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OACH,QAAO,EAAE,KAAK,EAAE,OAAO,OAAO,EAAE,IAAI;EAGtC,MAAM,aAAa,MAAM,eAAe,OAAO;EAC/C,MAAM,iBAAiB,OAAO,aAAa,OAAO,KAAK,IAAI,GAAG,OAAO,WAAW,OAAO,UAAU,GAAG;AAEpG,SAAO,EAAE,KAAK;GACZ,UAAU,OAAO;GACjB,UAAU,OAAO;GACjB,UAAU,OAAO;GACjB,aAAa,OAAO,eAAe;GACnC,WAAW,OAAO;GAClB;GACA,OAAO,WAAW;GACnB,CAAC;GACF;;AAGF,KAAI,GAAG,QAAQ,aAAa,OAAO,MAAM;EACvC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,MAAM,IAAI;EACrC,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,SAAO,EAAE,KAAK,MAAM,WAAW,QAAQ,MAAM,IAAI;GACjD;;AAKJ,SAAgB,oBAAoB,eAAqB,MAAoC;CAC3F,MAAM,EAAE,YAAY;CACpB,MAAM,QAAQ,cAAc,mBAAmB,QAAQ,CAAC;;AAGxD,eAAc,KAAK,eAAe,OAAO,MAAM;EAC7C,MAAM,eAAe,aAAa,EAAE,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GAAW,CAAC;AAChG,MAAI,CAAC,aAAc,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,kBAAkB;GAAE,EAAE,IAAI;EAE1F,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,KAAK,MAAM,GAAG;AAChE,MAAI,CAAC,KACH,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,gBAAgB;GAAE,EAAE,IAAI;EAGvE,MAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG,KAAA;EAClF,MAAM,UAAU,OAAO,KAAK,YAAY,WAAW,KAAK,QAAQ,MAAM,GAAG,KAAA;EAGzE,MAAM,gBAAgB,MAAM,6BAA6B,SAAS,YAAY,QAAQ;AACtF,MAAI,CAAC,cACH,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,4BAA4B;GAAE,EAAE,IAAI;EAGnF,MAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,KAAA;EAC5D,MAAM,WAAW,KAAK,aAAa,OAAO,OAAO,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW,KAAA;EACrG,MAAM,cAAc,OAAO,KAAK,gBAAgB,WAAW,KAAK,YAAY,MAAM,IAAI,KAAA,IAAY,KAAA;AAElG,MAAI;AACF,SAAM,aAAa,mBAAmB,QAAQ,CAAC;GAC/C,MAAM,SAAS,MAAM,MAAM,OAAO;IAChC;IACA;IACA;IACA;IACA;IACA;IACA;IACA,kBAAkB,iBAAiB,aAAa;IACjD,CAAC;GAEF,MAAM,SAAS,mBAAmB,QAAQ;GAC1C,MAAM,WAAW,gBAAgB,OAAO,OAAO,OAAO;AAEtD,UAAO,EAAE,KAAK;IACZ,IAAI;IACJ,SAAS;KACP,IAAI,OAAO;KACX,OAAO,OAAO;KACd,UAAU,SAAS;KACnB,QAAQ,SAAS;KACjB,cAAc,SAAS;KACvB,kBAAkB,SAAS;KAC3B,WAAW,OAAO;KAClB,UAAU,OAAO;KACjB,UAAU,OAAO;KACjB,UAAU,OAAO;KAClB;IACF,EAAE,IAAI;WACA,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;GAEvD;;AAGF,eAAc,IAAI,eAAe,OAAO,MAAM;AAC5C,QAAM,aAAa,mBAAmB,QAAQ,CAAC;EAC/C,MAAM,SAAS,MAAM,cAAc;EACnC,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,MAAM,KAAK,KAAK;EAEtB,MAAM,QAAQ,OAAO,KAAK,MAAM;GAC9B,MAAM,WAAW,gBAAgB,EAAE,OAAO,OAAO;GACjD,MAAM,UAAU,OAAO,IAAI,KAAK,EAAE,UAAU,CAAC,SAAS;AACtD,UAAO;IACL,IAAI,EAAE;IACN,UAAU,EAAE;IACZ,uBAAuB,EAAE;IACzB,UAAU,SAAS;IACnB,QAAQ,SAAS;IACjB,cAAc,SAAS;IACvB,WAAW,EAAE;IACb,WAAW,EAAE;IACb,WAAW,EAAE;IACb,UAAU,EAAE;IACZ,SAAS,EAAE;IACX;IACA,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE;IACZ,UAAU,EAAE;IACb;IACD;AAEF,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,QAAQ,OAAO;GAAE,CAAC;GACvD;;AAGF,eAAc,IAAI,mBAAmB,OAAO,MAAM;EAChD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,MAAM,SAAS,MAAM,QAAQ,GAAG;AAChC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;EAE/E,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,WAAW,gBAAgB,OAAO,OAAO,OAAO;EACtD,MAAM,UAAU,KAAK,KAAK,IAAI,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS;AAElE,SAAO,EAAE,KAAK;GACZ,IAAI;GACJ,SAAS;IACP,GAAG;IACH,OAAO,KAAA;IACP,UAAU,SAAS;IACnB,QAAQ,SAAS;IACjB,cAAc,SAAS;IACvB;IACD;GACF,CAAC;GACF;;AAGF,eAAc,OAAO,mBAAmB,OAAO,MAAM;EACnD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;AAE5B,MAAI,CADY,MAAM,OAAO,GACjB,CAAE,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;AAChF,SAAO,EAAE,KAAK,EAAE,IAAI,MAAM,CAAC;GAC3B;;AAGF,eAAc,OAAO,eAAe,OAAO,MAAM;EAC/C,IAAI,OAAgC,EAAE;AACtC,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AAIR,MAAI,KAAK,YAAY,MAAM;GACzB,MAAM,QAAQ,MAAM,eAAe;AACnC,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS,EAAE,cAAc,OAAO;IAAE,CAAC;;EAG/D,MAAM,MAAM,MAAM,QAAQ,KAAK,IAAI,GAAI,KAAK,IAAiB,QAAQ,MAAM,OAAO,MAAM,SAAS,GAAG,EAAE;AACtG,MAAI,IAAI,WAAW,EACjB,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,sCAAsC;GAAE,EAAE,IAAI;EAE7F,MAAM,QAAQ,MAAM,WAAW,IAAI;AACnC,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,cAAc,OAAO;GAAE,CAAC;GAC7D;;AAGF,eAAc,MAAM,mBAAmB,OAAO,MAAM;EAClD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,QAA4D,EAAE;AACpE,MAAI,OAAO,KAAK,gBAAgB,SAAU,OAAM,cAAc,KAAK;AACnE,MAAI,KAAK,aAAa,QAAQ,OAAO,KAAK,aAAa,SAAU,OAAM,WAAW,KAAK;EAEvF,MAAM,UAAU,MAAM,OAAO,IAAI,MAAM;AACvC,MAAI,CAAC,QAAS,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;EAEhF,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,WAAW,gBAAgB,QAAQ,OAAO,OAAO;AAEvD,SAAO,EAAE,KAAK;GACZ,IAAI;GACJ,SAAS;IACP,IAAI,QAAQ;IACZ,WAAW,QAAQ;IACnB,UAAU,QAAQ;IAClB,UAAU,SAAS;IACpB;GACF,CAAC;GACF;;AAKJ,eAAe,6BACb,SACA,YACA,SACwB;CACxB,MAAM,MAAM,QAAQ;AAEpB,KAAI,WACF,KAAI;AACF,SAAO,MAAM,QAAQ,SAAS,0BAA0B,WAAW;SAC7D;CAMV,MAAM,EAAE,qBAAqB,MAAM,OAAO;CAC1C,MAAM,EAAE,0BAA0B,kBAAkB,0BAA0B,MAAM,OAClF;AAGF,KAAI,QAEF,QAAO,yBAAyB,KADb,iBAAiB,QACW,CAAC;CAGlD,MAAM,OAAO,iBAAiB,IAAI;AAClC,KAAI,KAAM,QAAO;AAGjB,QAAO,yBAAyB,KADd,sBAAsB,IACM,CAAC;;AAGjD,eAAe,eACb,GACA,OACA,QACA,UACA,SAAS,OACU;AAEnB,KAAI,CAAC,oBAAoB,OAAO,MAAM,CACpC,QAAO,EAAE,KAAK,gDAAgD,IAAI;AAGpE,KAAI;EAEF,MAAM,YAAY,MAAM,MAAM,sBAAsB,OAAO;AAC3D,MAAI,CAAC,UAAU,OAAO;AACpB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,UAAU;IAAQ;IAAU,EACjG,sCAAsC,UAAU,SACjD;GACD,MAAM,EAAE,wBAAwB,WAAW,MAAM,OAAO;AACxD,UAAO,IAAI,SAAS,OAAO,UAAU,OAA6B,EAAE;IAClE,QAAQ;IACR,SAAS,EAAE,gBAAgB,4BAA4B;IACxD,CAAC;;AAIJ,QAAM,mBAAmB,OAAO,GAAG;AAEnC,gBACE,gBACA;GAAE,SAAS,OAAO;GAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;GAAE;GAAU,WAAW,OAAO;GAAW,EACpG,qBAAqB,OAAO,WAC7B;EAGD,MAAM,WAAW,MAAM,KAAK,OAAO,aAAa;EAChD,MAAM,SAAS,iBAAiB,OAAO,aAAa;EACpD,MAAM,YAAY,SAAS,MAAM,OAAO;EAExC,MAAM,cAAc,SAAS,qBAAqB,mBAAmB,OAAO,SAAS,CAAC,KAAK,yBAAyB,mBAAmB,OAAO,SAAS,CAAC;AAExJ,SAAO,IAAI,SAAS,WAAW;GAC7B,QAAQ;GACR,SAAS;IACP,gBAAgB,OAAO;IACvB,uBAAuB;IACvB,kBAAkB,OAAO,SAAS,KAAK;IACvC,iBAAiB;IACjB,0BAA0B;IAC1B,mBAAmB;IACnB,mBAAmB;IACpB;GACF,CAAC;WACM;AACR,sBAAoB,OAAO,MAAM"}
1	+ {"version":3,"file":"shares.js","names":[],"sources":["../../../../../src/gateway/hono/routes/shares.ts"],"sourcesContent":["import type { Context, Hono } from 'hono';\nimport { createReadStream } from 'node:fs';\nimport { stat } from 'node:fs/promises';\nimport { createHash } from 'node:crypto';\nimport { Readable } from 'node:stream';\n\nimport { extractToken } from '../../auth.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { getShareStore, shareResponseContentType } from '../../../share/share-store.js';\nimport { getSiteShareStore } from '../../../share/site-share-store.js';\nimport { resolveSiteShareConfig } from '../../../share/site-share-config.js';\nimport { resolveShareUrl } from '../../../share/share-url.js';\nimport { consumeSharePublicLimit } from '../../../share/share-rate-limit.js';\nimport { logShareAudit } from '../../../share/share-audit.js';\nimport {\n renderShareLandingPage,\n renderShareExpiredPage,\n renderFolderLandingPage,\n} from '../../../share/share-landing.js';\nimport type { ShareExpiredReason } from '../../../share/share-landing.js';\nimport type { ShareConfig, ShareRecord } from '../../../share/share-types.js';\nimport { resolveGatewayEffectiveHost } from '../../../config/gateway-bind.js';\nimport { SHARE_CONFIG_DEFAULTS } from '../../../share/share-types.js';\nimport { createZipStream, planDirectoryFiles } from '../../../share/share-zip.js';\nimport {\n audienceDefaults,\n cleanupStagedSite,\n decideShareKind,\n forgetStagedSite,\n makeDescription,\n makeTitle,\n probeShareTarget,\n rememberStagedSite,\n stageSingleHtmlAsSite,\n type ShareAudience,\n type ShareAutoMode,\n} from '../../../share/share-auto.js';\nimport {\n deleteThumbnail,\n placeholderSvg,\n readThumbnail,\n scheduleThumbnail,\n thumbnailContentType,\n thumbnailExists,\n} from '../../../share/share-thumbnail.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\nimport type { GatewayService } from '../../service.js';\n\nfunction getShareUrlContext(service: GatewayService) {\n const gateway = service.currentConfig.gateway;\n return {\n gatewayHost: resolveGatewayEffectiveHost(service.currentConfig),\n gatewayPort: gateway.port ?? 18790,\n };\n}\n\nfunction thumbnailRenderContext(service: GatewayService) {\n const cfg = { ...SHARE_CONFIG_DEFAULTS, ...resolveShareConfig(service) };\n const port = service.currentConfig.gateway.port ?? 18790;\n // Always use loopback for the internal renderer — never the public tunnel URL.\n const internalBaseUrl = cfg.thumbnail.internalGatewayUrl ?? `http://127.0.0.1:${port}`;\n return { config: cfg.thumbnail, internalBaseUrl };\n}\n\nfunction resolveShareConfig(service: GatewayService): Partial<ShareConfig> {\n const raw = (service.currentConfig.gateway as Record<string, unknown>)?.share;\n if (!raw \|\| typeof raw !== 'object') return {};\n return raw as Partial<ShareConfig>;\n}\n\nfunction hashGatewayToken(token: string): string {\n return createHash('sha256').update(token, 'utf8').digest('hex').slice(0, 12);\n}\n\nconst MAX_CONCURRENT_DOWNLOADS_PER_TOKEN = 5;\nconst activeDownloads = new Map<string, number>();\nconst activeZipStreams = new Map<string, number>();\n\nfunction acquireDownloadSlot(token: string): boolean {\n const current = activeDownloads.get(token) ?? 0;\n if (current >= MAX_CONCURRENT_DOWNLOADS_PER_TOKEN) return false;\n activeDownloads.set(token, current + 1);\n return true;\n}\n\nfunction releaseDownloadSlot(token: string): void {\n const current = activeDownloads.get(token) ?? 0;\n if (current <= 1) activeDownloads.delete(token);\n else activeDownloads.set(token, current - 1);\n}\n\nfunction acquireZipSlot(token: string, limit: number): boolean {\n const current = activeZipStreams.get(token) ?? 0;\n if (current >= limit) return false;\n activeZipStreams.set(token, current + 1);\n return true;\n}\n\nfunction releaseZipSlot(token: string): void {\n const current = activeZipStreams.get(token) ?? 0;\n if (current <= 1) activeZipStreams.delete(token);\n else activeZipStreams.set(token, current - 1);\n}\n\n/*\n Whether the browser can render this MIME natively (when served with\n * `Content-Disposition: inline`). Honours the per-deployment whitelist so\n * admins can block specific types.\n /\nfunction isPreviewableInline(mime: string, whitelist: string[]): boolean {\n return whitelist.includes(mime);\n}\n\n/\n Whether the type benefits from being rendered through the SPA preview page\n * (e.g. markdown — the browser would otherwise show raw source). Independent\n * of the inline whitelist: SPA preview pulls the bytes via the share API and\n * renders client-side, so admins control reach via TTL/maxViews, not MIME.\n /\nfunction isRichSpaPreviewable(mime: string): boolean {\n return (\n mime === 'text/markdown' \|\|\n mime === 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' \|\|\n mime === 'application/vnd.openxmlformats-officedocument.presentationml.presentation'\n );\n}\n\nfunction rfc5987ContentDisposition(disposition: 'inline' \| 'attachment', fileName: string): string {\n const ascii = fileName.replace(/[^\\x20-\\x7e]/g, '_').replace(/\"/g, '');\n const utf8 = encodeURIComponent(fileName);\n return `${disposition}; filename=\"${ascii}\"; filename=UTF-8''${utf8}`;\n}\n\n// ── Public routes (no auth required) ──────────────────────────────────────────\n\nexport function registerSharePublicRoutes(app: Hono, service: GatewayService): void {\n const store = getShareStore(resolveShareConfig(service));\n\n /** Landing page — does NOT consume downloadCount. /\n app.get('/s/:token', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.html(renderShareExpiredPage('not_found'), 404);\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: token.slice(0, 8), reason: validation.reason, clientIp },\n `Share access denied: ${validation.reason}`,\n );\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n if (record.kind === 'directory') {\n return renderDirectoryLanding(c, store, service, record, token);\n }\n\n // File: support direct download / inline preview shortcuts\n if (c.req.query('dl') === '1') {\n return handleFileDownload(c, store, record, clientIp);\n }\n if (c.req.query('inline') === '1') {\n const cfg = { ...SHARE_CONFIG_DEFAULTS, ...resolveShareConfig(service) };\n if (cfg.inlinePreviewMimes.includes(record.mimeType)) {\n return handleFileDownload(c, store, record, clientIp, true);\n }\n }\n\n const downloadPath = `/s/${token}/download`;\n const cfg = { ...SHARE_CONFIG_DEFAULTS, ...resolveShareConfig(service) };\n const previewable = isPreviewableInline(record.mimeType, cfg.inlinePreviewMimes);\n const richPreviewable = isRichSpaPreviewable(record.mimeType);\n const og = buildLandingOg(service, record);\n return c.html(\n renderShareLandingPage(record, downloadPath, {\n inlineUrl: previewable ? `/s/${token}?inline=1` : null,\n previewUrl: richPreviewable ? `/#/share/${encodeURIComponent(token)}` : null,\n og,\n }),\n );\n });\n\n /* Single-file download — POST so unfurl/scrapers don't consume views. /\n app.post('/s/:token/download', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.html(renderShareExpiredPage('not_found'), 404);\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: token.slice(0, 8), reason: validation.reason, clientIp },\n `Share download denied: ${validation.reason}`,\n );\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n if (record.kind === 'directory') {\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n return handleFileDownload(c, store, record, clientIp);\n });\n\n /* Directory child file (GET — preview counts as download per product). /\n app.get('/s/:token/file', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.html(renderShareExpiredPage('not_found'), 404);\n if (record.kind !== 'directory') return c.html(renderShareExpiredPage('not_found'), 404);\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n const relPath = c.req.query('path') ?? '';\n const inline = c.req.query('inline') === '1' \|\| c.req.query('dl') !== '1';\n return handleDirectoryFile(c, store, service, record, relPath, clientIp, inline);\n });\n\n /* Directory JSON listing. /\n app.get('/s/:token/tree', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.json({ ok: false, error: { message: 'not_found' } }, 404);\n if (record.kind !== 'directory') return c.json({ ok: false, error: { message: 'not_directory' } }, 400);\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n return c.json({ ok: false, error: { message: validation.reason } }, 410);\n }\n\n const path = c.req.query('path') ?? '';\n // Tree HTML browser pages: render landing for the sub-path\n if ((c.req.header('accept') ?? '').includes('text/html')) {\n return renderDirectoryLanding(c, store, service, record, token, path);\n }\n try {\n const listing = await store.listDirectory(record, path);\n return c.json({ ok: true, payload: listing });\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n });\n\n /* Folder ZIP download (whole share or sub-path). /\n app.get('/s/:token/zip', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.html(renderShareExpiredPage('not_found'), 404);\n if (record.kind !== 'directory') return c.html(renderShareExpiredPage('not_found'), 404);\n\n const validation = store.validateAccess(record);\n if (!validation.valid) {\n return c.html(renderShareExpiredPage(validation.reason as ShareExpiredReason), 410);\n }\n\n return handleDirectoryZip(c, store, service, record, c.req.query('path') ?? '', clientIp);\n });\n\n /* Metadata (for link preview cards / unfurl). Does NOT consume views. /\n app.get('/s/:token/meta', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.json({ valid: false }, 404);\n\n const validation = store.validateAccess(record);\n const remainingViews = record.maxViews !== null ? Math.max(0, record.maxViews - record.downloadCount) : null;\n\n return c.json({\n kind: record.kind,\n fileName: record.fileName,\n fileSize: record.fileSize,\n mimeType: record.mimeType,\n description: record.description ?? null,\n expiresAt: record.expiresAt,\n remainingViews,\n valid: validation.valid,\n directory: record.directory ?? null,\n });\n });\n\n /* HEAD check. /\n app.on('HEAD', '/s/:token', async (c) => {\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.body(null, 404);\n const validation = store.validateAccess(record);\n return c.body(null, validation.valid ? 200 : 410);\n });\n\n /* Thumbnail (jpeg/png/svg) — does NOT consume views. /\n app.get('/s/:token/thumbnail', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.body(null, 404);\n const validation = store.validateAccess(record);\n if (!validation.valid) return c.body(null, 410);\n\n const cached = await readThumbnail(token);\n if (cached) {\n return new Response(cached, {\n status: 200,\n headers: {\n 'Content-Type': thumbnailContentType(cached),\n 'Cache-Control': 'public, max-age=300',\n 'X-Content-Type-Options': 'nosniff',\n },\n });\n }\n // Schedule and return a placeholder so social-card scrapers always get an image.\n scheduleThumbnail({ scope: 'file', token, recordId: record.id }, thumbnailRenderContext(service));\n const placeholder = placeholderSvg(record.fileName, record.kind === 'directory' ? 'folder' : 'file');\n return new Response(placeholder, {\n status: 200,\n headers: {\n 'Content-Type': 'image/svg+xml; charset=utf-8',\n 'Cache-Control': 'public, max-age=10',\n 'X-Content-Type-Options': 'nosniff',\n },\n });\n });\n\n app.on('HEAD', '/s/:token/thumbnail', async (c) => {\n const token = c.req.param('token');\n const record = store.getByToken(token);\n if (!record) return c.body(null, 404);\n const validation = store.validateAccess(record);\n if (!validation.valid) return c.body(null, 410);\n const ready = await thumbnailExists(token);\n return c.body(null, ready ? 200 : 202);\n });\n\n /* Site-share thumbnail. Shape mirrors /s/:token/thumbnail. /\n app.get('/site/:token/thumbnail', async (c) => {\n const clientIp = getClientIpFromHeaders({ get: (n: string) => c.req.header(n) ?? undefined });\n const rateResult = consumeSharePublicLimit(clientIp);\n if (!rateResult.allowed) {\n c.header('Retry-After', String(Math.ceil(rateResult.retryAfterMs / 1000)));\n return c.text('Too many requests', 429);\n }\n const token = c.req.param('token');\n const siteStore = getSiteShareStore(resolveSiteShareConfig(service));\n const record = siteStore.getByToken(token);\n if (!record) return c.body(null, 404);\n const validation = siteStore.validateAccess(record);\n if (!validation.valid) return c.body(null, 410);\n\n const cached = await readThumbnail(token);\n if (cached) {\n return new Response(cached, {\n status: 200,\n headers: {\n 'Content-Type': thumbnailContentType(cached),\n 'Cache-Control': 'public, max-age=300',\n 'X-Content-Type-Options': 'nosniff',\n },\n });\n }\n scheduleThumbnail({ scope: 'site', token, recordId: record.id }, thumbnailRenderContext(service));\n const placeholder = placeholderSvg(record.description ?? 'site share', 'html');\n return new Response(placeholder, {\n status: 200,\n headers: {\n 'Content-Type': 'image/svg+xml; charset=utf-8',\n 'Cache-Control': 'public, max-age=10',\n 'X-Content-Type-Options': 'nosniff',\n },\n });\n });\n\n app.on('HEAD', '/site/:token/thumbnail', async (c) => {\n const token = c.req.param('token');\n const ready = await thumbnailExists(token);\n return c.body(null, ready ? 200 : 202);\n });\n\n // Wire share-store cleanup → drop on-disk thumbnail file.\n store.setCleanupHook((rec) => {\n void deleteThumbnail(rec.token);\n });\n}\n\n// ── Authenticated routes ──────────────────────────────────────────────────────\n\nexport function registerShareRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const { service } = deps;\n const store = getShareStore(resolveShareConfig(service));\n const siteStoreEager = getSiteShareStore(resolveSiteShareConfig(service));\n // Register once: when a site share is revoked / expires, drop its staging dir (if any).\n siteStoreEager.setCleanupHook((rec) => {\n const dir = forgetStagedSite(rec.id);\n if (dir) void cleanupStagedSite(dir);\n });\n\n authenticated.post('/api/shares', async (c) => {\n const gatewayToken = extractToken({ authorization: c.req.header('authorization') ?? undefined });\n if (!gatewayToken) return c.json({ ok: false, error: { message: 'Token required' } }, 401);\n\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const path = typeof body.path === 'string' ? body.path.trim() : '';\n if (!path) return c.json({ ok: false, error: { message: 'Missing path' } }, 400);\n\n const sessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : undefined;\n const agentId = typeof body.agentId === 'string' ? body.agentId.trim() : undefined;\n\n const workspaceRoot = await resolveWorkspaceRootForShare(service, sessionKey, agentId);\n if (!workspaceRoot) {\n return c.json({ ok: false, error: { message: 'Workspace not configured' } }, 400);\n }\n\n const ttlMs = typeof body.ttlMs === 'number' ? body.ttlMs : undefined;\n const maxViews = body.maxViews === null ? null : typeof body.maxViews === 'number' ? body.maxViews : undefined;\n const description = typeof body.description === 'string' ? body.description.trim() \|\| undefined : undefined;\n const kind = body.kind === 'directory' \|\| body.kind === 'file' ? body.kind : undefined;\n const directoryMode = body.directoryMode === 'zip-only' ? 'zip-only' : body.directoryMode === 'browse' ? 'browse' : undefined;\n const followSymlinks = body.followSymlinks === true;\n const maxFileCount = typeof body.maxFileCount === 'number' ? body.maxFileCount : undefined;\n const maxFolderSize = typeof body.maxFolderSize === 'number' ? body.maxFolderSize : undefined;\n const maxDepth = typeof body.maxDepth === 'number' ? body.maxDepth : undefined;\n\n try {\n store.updateConfig(resolveShareConfig(service));\n const record = await store.create({\n path,\n ttlMs,\n maxViews,\n description,\n sessionKey,\n agentId,\n workspaceRoot,\n gatewayTokenHash: hashGatewayToken(gatewayToken),\n kind,\n directoryMode,\n followSymlinks,\n maxFileCount,\n maxFolderSize,\n maxDepth,\n });\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(record.token, urlCtx);\n\n return c.json(\n {\n ok: true,\n payload: {\n id: record.id,\n token: record.token,\n kind: record.kind,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n reachabilityHint: resolved.reachabilityHint,\n expiresAt: record.expiresAt,\n maxViews: record.maxViews,\n fileName: record.fileName,\n fileSize: record.fileSize,\n directory: record.directory ?? null,\n },\n },\n 201,\n );\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n });\n\n /\n Smart share — picks file vs site, fills sensible defaults, returns the\n * payload the mobile share-sheet needs (title, description, thumbnailUrl,\n * reachability) in a single round-trip.\n /\n authenticated.post('/api/shares/auto', async (c) => {\n const gatewayToken = extractToken({ authorization: c.req.header('authorization') ?? undefined });\n if (!gatewayToken) return c.json({ ok: false, error: { message: 'Token required' } }, 401);\n\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const path = typeof body.path === 'string' ? body.path.trim() : '';\n if (!path) return c.json({ ok: false, error: { message: 'Missing path' } }, 400);\n const sessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : undefined;\n const agentId = typeof body.agentId === 'string' ? body.agentId.trim() : undefined;\n const mode = (typeof body.mode === 'string' && ['auto', 'force-file', 'force-site', 'force-zip'].includes(body.mode))\n ? (body.mode as ShareAutoMode)\n : 'auto';\n const audience: ShareAudience \| undefined =\n body.audience === 'friend' \|\| body.audience === 'colleague' \|\| body.audience === 'public'\n ? body.audience\n : undefined;\n const title = typeof body.title === 'string' ? body.title : undefined;\n const description = typeof body.description === 'string' ? body.description : undefined;\n const ttlOverride = typeof body.ttlMs === 'number' ? body.ttlMs : undefined;\n const maxViewsOverride =\n body.maxViews === null ? null : typeof body.maxViews === 'number' ? body.maxViews : undefined;\n const wantThumbnail = body.thumbnail !== false;\n\n const workspaceRoot = await resolveWorkspaceRootForShare(service, sessionKey, agentId);\n if (!workspaceRoot) {\n return c.json({ ok: false, error: { message: 'Workspace not configured' } }, 400);\n }\n\n let probe;\n try {\n probe = await probeShareTarget(workspaceRoot, path);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n\n let decision;\n try {\n decision = decideShareKind(probe, mode);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n\n const defaults = audienceDefaults(audience);\n const ttlMs = ttlOverride ?? defaults.ttlMs;\n const maxViews = maxViewsOverride !== undefined ? maxViewsOverride : defaults.maxViews;\n const tokenHash = hashGatewayToken(gatewayToken);\n const urlCtx = getShareUrlContext(service);\n\n try {\n if (decision.kind === 'site') {\n const siteStore = getSiteShareStore(resolveSiteShareConfig(service));\n // Single HTML file → stage into a temp dir as index.html so it can be\n // served as a site (recipient lands on a rendered page, not the\n // file-landing). The staging dir is auto-cleaned on revoke/expire.\n let sitePath = path;\n let stagedDir: string \| null = null;\n if (probe.kind === 'file') {\n const staged = await stageSingleHtmlAsSite(workspaceRoot, probe.absolutePath);\n sitePath = staged.relativePath;\n stagedDir = staged.stagingDir;\n }\n const siteRec = await siteStore.create({\n kind: 'static',\n path: sitePath,\n ttlMs,\n description,\n subdomain: typeof body.subdomain === 'string' ? body.subdomain : undefined,\n spaFallback: true,\n rewriteMode: 'html-css',\n sessionKey,\n agentId,\n workspaceRoot,\n gatewayTokenHash: tokenHash,\n });\n if (stagedDir) rememberStagedSite(siteRec.id, stagedDir);\n const cfg = siteStore.getConfig();\n const gatewayPort = service.currentConfig.gateway.port ?? 18790;\n const gatewayHost = resolveGatewayEffectiveHost(service.currentConfig);\n const subdomainLabel = siteRec.subdomain ?? siteRec.token;\n const tunnelUp = !!(await import('../../../tunnel/tunnel-state.js')).loadTunnelState();\n const shareUrl = tunnelUp\n ? `https://${subdomainLabel}.${cfg.publicHostSuffix}/`\n : `http://${gatewayHost}:${gatewayPort}/site/${siteRec.token}/`;\n const reachability = tunnelUp ? 'public' : (gatewayHost === '127.0.0.1' \|\| gatewayHost === 'localhost' \|\| gatewayHost === '::1' ? 'local-only' : 'lan');\n const thumbnailUrl = wantThumbnail\n ? `${tunnelUp ? `https://${subdomainLabel}.${cfg.publicHostSuffix}` : `http://${gatewayHost}:${gatewayPort}`}/site/${siteRec.token}/thumbnail`\n : '';\n if (wantThumbnail) {\n scheduleThumbnail({ scope: 'site', token: siteRec.token, recordId: siteRec.id }, thumbnailRenderContext(service));\n siteStore.setThumbnailStatus(siteRec.id, 'pending');\n }\n const titleOut = makeTitle(probe.kind === 'directory' ? path.split('/').pop() \|\| path : path, title);\n return c.json({\n ok: true,\n payload: {\n share: {\n id: siteRec.id,\n kind: 'site',\n title: titleOut,\n description: makeDescription({ audience, expiresAt: siteRec.expiresAt, override: description }),\n shareUrl,\n lanUrl: null,\n reachability,\n reachabilityHint: reachability === 'public' ? null : (reachability === 'lan' ? '当前局域网内可访问，开启远程隧道后对外网可达' : '当前仅本机可访问，开启远程隧道后对外可达'),\n expiresAt: siteRec.expiresAt,\n maxViews: null,\n },\n thumbnail: {\n url: thumbnailUrl,\n status: wantThumbnail ? 'pending' : 'unavailable',\n width: SHARE_CONFIG_DEFAULTS.thumbnail.viewportWidth,\n height: SHARE_CONFIG_DEFAULTS.thumbnail.viewportHeight,\n },\n routing: { reason: decision.reason, hint: decision.hint },\n },\n }, 201);\n }\n\n return await createFileShareResponse({\n c, service, store, probe, decision,\n ttlMs, maxViews, title, description, audience,\n workspaceRoot, tokenHash, urlCtx, wantThumbnail,\n });\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n });\n\n authenticated.get('/api/shares', async (c) => {\n store.updateConfig(resolveShareConfig(service));\n const shares = store.getAllShares();\n const urlCtx = getShareUrlContext(service);\n const now = Date.now();\n\n const items = shares.map((r) => {\n const resolved = resolveShareUrl(r.token, urlCtx);\n const expired = now >= new Date(r.expiresAt).getTime();\n return {\n id: r.id,\n kind: r.kind,\n fileName: r.fileName,\n workspaceRelativePath: r.workspaceRelativePath,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n createdAt: r.createdAt,\n expiresAt: r.expiresAt,\n downloadCount: r.downloadCount,\n maxViews: r.maxViews,\n revoked: r.revoked,\n expired,\n description: r.description ?? null,\n fileSize: r.fileSize,\n mimeType: r.mimeType,\n directory: r.directory ?? null,\n };\n });\n\n return c.json({ ok: true, payload: { shares: items } });\n });\n\n authenticated.get('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n const record = store.getById(id);\n if (!record) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(record.token, urlCtx);\n const expired = Date.now() >= new Date(record.expiresAt).getTime();\n\n return c.json({\n ok: true,\n payload: {\n ...record,\n token: undefined,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n expired,\n },\n });\n });\n\n authenticated.delete('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n const success = store.revoke(id);\n if (!success) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n return c.json({ ok: true });\n });\n\n authenticated.delete('/api/shares', async (c) => {\n let body: Record<string, unknown> = {};\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n / empty body = no-op /\n }\n\n if (body.expired === true) {\n const count = store.revokeExpired();\n return c.json({ ok: true, payload: { revokedCount: count } });\n }\n\n const ids = Array.isArray(body.ids) ? (body.ids as string[]).filter((x) => typeof x === 'string') : [];\n if (ids.length === 0) {\n return c.json({ ok: false, error: { message: 'Provide ids array or expired: true' } }, 400);\n }\n const count = store.revokeMany(ids);\n return c.json({ ok: true, payload: { revokedCount: count } });\n });\n\n authenticated.patch('/api/shares/:id', async (c) => {\n const id = c.req.param('id');\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const patch: { extendTtlMs?: number; maxViews?: number \| null } = {};\n if (typeof body.extendTtlMs === 'number') patch.extendTtlMs = body.extendTtlMs;\n if (body.maxViews === null \|\| typeof body.maxViews === 'number') patch.maxViews = body.maxViews as number \| null;\n\n const updated = store.update(id, patch);\n if (!updated) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n\n const urlCtx = getShareUrlContext(service);\n const resolved = resolveShareUrl(updated.token, urlCtx);\n\n return c.json({\n ok: true,\n payload: {\n id: updated.id,\n expiresAt: updated.expiresAt,\n maxViews: updated.maxViews,\n shareUrl: resolved.shareUrl,\n },\n });\n });\n}\n\n// ── Directory landing / file / zip helpers ────────────────────────────────────\n\nasync function renderDirectoryLanding(\n c: Context,\n store: ReturnType<typeof getShareStore>,\n service: GatewayService,\n record: ShareRecord,\n token: string,\n subPath = '',\n): Promise<Response> {\n store.updateConfig(resolveShareConfig(service));\n const urls = {\n tree: (p: string) => (p ? `/s/${token}/tree?path=${encodeURIComponent(p)}` : `/s/${token}`),\n file: (p: string) => `/s/${token}/file?path=${encodeURIComponent(p)}`,\n zip: (p: string) => (p ? `/s/${token}/zip?path=${encodeURIComponent(p)}` : `/s/${token}/zip`),\n };\n\n let listing: import('../../../share/share-store.js').DirectoryListing \| null = null;\n if (record.directory?.mode !== 'zip-only') {\n try {\n listing = await store.listDirectory(record, subPath);\n } catch (err) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), subPath, reason: String(err) },\n `Directory listing failed`,\n );\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n }\n const og = buildLandingOg(service, record);\n return c.html(renderFolderLandingPage(record, listing, urls, { og })) as unknown as Response;\n}\n\nfunction buildLandingOg(service: GatewayService, record: ShareRecord) {\n const resolved = resolveShareUrl(record.token, getShareUrlContext(service));\n // Only emit OG tags when the share is genuinely public — otherwise WeChat\n // and friends would silently fall back to \"no preview\" on unreachable URLs.\n if (resolved.reachability !== 'public') return undefined;\n return {\n absoluteShareUrl: resolved.shareUrl,\n absoluteThumbnailUrl: `${resolved.shareUrl}/thumbnail`,\n title: record.fileName,\n description: record.description ?? undefined,\n };\n}\n\nasync function handleDirectoryFile(\n c: Context,\n store: ReturnType<typeof getShareStore>,\n service: GatewayService,\n record: ShareRecord,\n relPath: string,\n clientIp: string,\n inline: boolean,\n): Promise<Response> {\n if (!acquireDownloadSlot(record.token)) {\n return new Response('Too many concurrent downloads for this share', { status: 429 });\n }\n\n try {\n const resolved = await store.resolveDirectoryChild(record, relPath);\n if (resolved.ok !== true) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), reason: resolved.reason, clientIp, relPath },\n `Directory child resolution failed: ${resolved.reason}`,\n );\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n const integrity = await store.validateFileIntegrity(record);\n if (!integrity.valid) {\n return c.html(renderShareExpiredPage((integrity.reason ?? 'file_deleted') as ShareExpiredReason), 410);\n }\n\n const fileStat = await stat(resolved.absolutePath);\n if (!fileStat.isFile()) {\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n\n // Re-check size against configured max\n store.updateConfig(resolveShareConfig(service));\n const cfg = store.getConfig();\n if (fileStat.size > cfg.maxFileSize) {\n return c.html(renderShareExpiredPage('not_found'), 410);\n }\n\n // Inline preview MIME guard\n const cfgPreview = { ...SHARE_CONFIG_DEFAULTS, ...resolveShareConfig(service) };\n const baseName = relPath.split('/').pop() \|\| record.fileName;\n const { resolveMimeType } = await import('../../../share/share-store.js');\n const mime = resolveMimeType(baseName);\n const useInline = inline && cfgPreview.inlinePreviewMimes.includes(mime);\n\n store.incrementDownloadCount(record.id);\n logShareAudit(\n 'share.access',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), clientIp, relPath, mode: useInline ? 'inline' : 'attachment' },\n `Directory file served: ${baseName}`,\n );\n\n const stream = createReadStream(resolved.absolutePath);\n const webStream = Readable.toWeb(stream) as ReadableStream;\n const disposition = rfc5987ContentDisposition(useInline ? 'inline' : 'attachment', baseName);\n\n return new Response(webStream, {\n status: 200,\n headers: {\n 'Content-Type': shareResponseContentType(mime),\n 'Content-Disposition': disposition,\n 'Content-Length': String(fileStat.size),\n 'Cache-Control': 'private, no-store',\n 'X-Content-Type-Options': 'nosniff',\n 'X-Frame-Options': 'DENY',\n 'Referrer-Policy': 'no-referrer',\n },\n });\n } finally {\n releaseDownloadSlot(record.token);\n }\n}\n\nasync function handleDirectoryZip(\n c: Context,\n store: ReturnType<typeof getShareStore>,\n service: GatewayService,\n record: ShareRecord,\n subPath: string,\n clientIp: string,\n): Promise<Response> {\n store.updateConfig(resolveShareConfig(service));\n const cfg = store.getConfig();\n const zipLimit = cfg.directory.zipConcurrency;\n if (!acquireZipSlot(record.token, zipLimit)) {\n return new Response('Too many concurrent ZIP streams for this share', { status: 429 });\n }\n\n try {\n const resolved = await store.resolveDirectoryChild(record, subPath);\n if (resolved.ok !== true) {\n return c.html(renderShareExpiredPage('not_found'), 404);\n }\n const integrity = await store.validateFileIntegrity(record);\n if (!integrity.valid) {\n return c.html(renderShareExpiredPage((integrity.reason ?? 'file_deleted') as ShareExpiredReason), 410);\n }\n\n const files = await planDirectoryFiles(record, {\n rootRelativePath: subPath,\n maxFileCount: cfg.directory.maxFileCount,\n maxFolderSize: cfg.directory.maxFolderSize,\n followSymlinks: record.directory?.followSymlinks ?? false,\n maxDepth: record.directory?.maxDepth ?? cfg.directory.maxDepth,\n });\n\n store.incrementDownloadCount(record.id);\n logShareAudit(\n 'share.access',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), clientIp, mode: 'zip', subPath, fileCount: files.length },\n `Directory zip served: ${record.fileName}${subPath ? '/' + subPath : ''}`,\n );\n\n const zipName = subPath\n ? `${record.fileName}-${subPath.replace(/[\\\\/]/g, '_')}.zip`\n : `${record.fileName}.zip`;\n const stream = createZipStream({ files });\n const webStream = Readable.toWeb(stream) as ReadableStream;\n\n return new Response(webStream, {\n status: 200,\n headers: {\n 'Content-Type': 'application/zip',\n 'Content-Disposition': rfc5987ContentDisposition('attachment', zipName),\n 'Cache-Control': 'private, no-store',\n 'X-Content-Type-Options': 'nosniff',\n 'X-Frame-Options': 'DENY',\n 'Referrer-Policy': 'no-referrer',\n },\n });\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return new Response(`zip build failed: ${message}`, { status: 500 });\n } finally {\n releaseZipSlot(record.token);\n }\n}\n\n// ── Helpers ───────────────────────────────────────────────────────────────────\n\nasync function createFileShareResponse(args: {\n c: Context;\n service: GatewayService;\n store: ReturnType<typeof getShareStore>;\n probe: Awaited<ReturnType<typeof probeShareTarget>>;\n decision: ReturnType<typeof decideShareKind>;\n ttlMs: number;\n maxViews: number \| null \| undefined;\n title?: string;\n description?: string;\n audience?: ShareAudience;\n workspaceRoot: string;\n tokenHash: string;\n urlCtx: ReturnType<typeof getShareUrlContext>;\n wantThumbnail: boolean;\n}): Promise<Response> {\n const { c, service, store, probe, decision, ttlMs, maxViews, title, description, audience, workspaceRoot, tokenHash, urlCtx, wantThumbnail } = args;\n store.updateConfig(resolveShareConfig(service));\n const record = await store.create({\n path: relPathFromAbs(workspaceRoot, probe.absolutePath),\n workspaceRoot,\n gatewayTokenHash: tokenHash,\n ttlMs,\n maxViews: maxViews === undefined ? undefined : maxViews,\n description,\n kind: probe.kind === 'directory' ? 'directory' : 'file',\n directoryMode: decision.kind === 'zip' ? 'zip-only' : (probe.kind === 'directory' ? 'browse' : undefined),\n });\n const resolved = resolveShareUrl(record.token, urlCtx);\n const titleOut = makeTitle(record.fileName, title);\n const descOut = makeDescription({ audience, expiresAt: record.expiresAt, override: description });\n const thumbnailUrl = wantThumbnail\n ? `${resolved.shareUrl}/thumbnail`\n : '';\n if (wantThumbnail) {\n scheduleThumbnail({ scope: 'file', token: record.token, recordId: record.id }, thumbnailRenderContext(service));\n store.setThumbnailStatus(record.id, 'pending');\n }\n return c.json({\n ok: true,\n payload: {\n share: {\n id: record.id,\n kind: decision.kind,\n title: titleOut,\n description: descOut,\n shareUrl: resolved.shareUrl,\n lanUrl: resolved.lanUrl,\n reachability: resolved.reachability,\n reachabilityHint: resolved.reachabilityHint,\n expiresAt: record.expiresAt,\n maxViews: record.maxViews,\n },\n thumbnail: {\n url: thumbnailUrl,\n status: wantThumbnail ? 'pending' : 'unavailable',\n width: SHARE_CONFIG_DEFAULTS.thumbnail.viewportWidth,\n height: SHARE_CONFIG_DEFAULTS.thumbnail.viewportHeight,\n },\n routing: { reason: decision.reason, hint: decision.hint },\n },\n }, 201) as unknown as Response;\n}\n\nfunction relPathFromAbs(workspaceRoot: string, abs: string): string {\n const root = workspaceRoot.replace(/[\\\\/]+$/, '');\n if (abs === root) return '';\n if (abs.startsWith(`${root}/`)) return abs.slice(root.length + 1);\n if (abs.startsWith(`${root}\\\\`)) return abs.slice(root.length + 1).replace(/\\\\/g, '/');\n // Fall back to basename — store.create will resolve again under workspace.\n return abs.split(/[\\\\/]/).pop() ?? abs;\n}\n\nasync function resolveWorkspaceRootForShare(\n service: GatewayService,\n sessionKey: string \| undefined,\n agentId: string \| undefined,\n): Promise<string \| null> {\n const cfg = service.currentConfig;\n\n if (sessionKey) {\n try {\n return await service.sessions.getEffectiveWorkspacePath(sessionKey);\n } catch {\n / fall through to agentId */\n }\n }\n\n const { getWorkspacePath } = await import('../../../config/workspace-path-helpers.js');\n const { resolveAgentWorkspaceDir, normalizeAgentId, resolveDefaultAgentId } = await import(\n '../../../agent/agent-scope.js'\n );\n\n if (agentId) {\n const normalized = normalizeAgentId(agentId);\n return resolveAgentWorkspaceDir(cfg, normalized);\n }\n\n const root = getWorkspacePath(cfg);\n if (root) return root;\n\n const defaultId = resolveDefaultAgentId(cfg);\n return resolveAgentWorkspaceDir(cfg, defaultId);\n}\n\nasync function handleFileDownload(\n c: Context,\n store: ReturnType<typeof getShareStore>,\n record: ShareRecord,\n clientIp: string,\n inline = false,\n): Promise<Response> {\n if (!acquireDownloadSlot(record.token)) {\n return new Response('Too many concurrent downloads for this share', { status: 429 });\n }\n\n try {\n const integrity = await store.validateFileIntegrity(record);\n if (!integrity.valid) {\n logShareAudit(\n 'share.access_denied',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), reason: integrity.reason, clientIp },\n `Share file integrity check failed: ${integrity.reason}`,\n );\n return new Response(renderShareExpiredPage((integrity.reason ?? 'file_deleted') as ShareExpiredReason), {\n status: 410,\n headers: { 'Content-Type': 'text/html; charset=utf-8' },\n });\n }\n\n store.incrementDownloadCount(record.id);\n\n logShareAudit(\n 'share.access',\n { shareId: record.id, tokenPrefix: record.token.slice(0, 8), clientIp, downloadCount: record.downloadCount },\n `Share downloaded: ${record.fileName}`,\n );\n\n const fileStat = await stat(record.absolutePath);\n const stream = createReadStream(record.absolutePath);\n const webStream = Readable.toWeb(stream) as ReadableStream;\n const disposition = rfc5987ContentDisposition(inline ? 'inline' : 'attachment', record.fileName);\n\n return new Response(webStream, {\n status: 200,\n headers: {\n 'Content-Type': shareResponseContentType(record.mimeType),\n 'Content-Disposition': disposition,\n 'Content-Length': String(fileStat.size),\n 'Cache-Control': 'private, no-store',\n 'X-Content-Type-Options': 'nosniff',\n 'X-Frame-Options': 'DENY',\n 'Referrer-Policy': 'no-referrer',\n },\n });\n } finally {\n releaseDownloadSlot(record.token);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAgDA,SAAS,mBAAmB,SAAyB;CACnD,MAAM,UAAU,QAAQ,cAAc;AACtC,QAAO;EACL,aAAa,4BAA4B,QAAQ,cAAc;EAC/D,aAAa,QAAQ,QAAQ;EAC9B;;AAGH,SAAS,uBAAuB,SAAyB;CACvD,MAAM,MAAM;EAAE,GAAG;EAAuB,GAAG,mBAAmB,QAAQ;EAAE;CACxE,MAAM,OAAO,QAAQ,cAAc,QAAQ,QAAQ;CAEnD,MAAM,kBAAkB,IAAI,UAAU,sBAAsB,oBAAoB;AAChF,QAAO;EAAE,QAAQ,IAAI;EAAW;EAAiB;;AAGnD,SAAS,mBAAmB,SAA+C;CACzE,MAAM,MAAO,QAAQ,cAAc,SAAqC;AACxE,KAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO,EAAE;AAC9C,QAAO;;AAGT,SAAS,iBAAiB,OAAuB;AAC/C,QAAO,WAAW,SAAS,CAAC,OAAO,OAAO,OAAO,CAAC,OAAO,MAAM,CAAC,MAAM,GAAG,GAAG;;AAG9E,MAAM,qCAAqC;AAC3C,MAAM,kCAAkB,IAAI,KAAqB;AACjD,MAAM,mCAAmB,IAAI,KAAqB;AAElD,SAAS,oBAAoB,OAAwB;CACnD,MAAM,UAAU,gBAAgB,IAAI,MAAM,IAAI;AAC9C,KAAI,WAAW,mCAAoC,QAAO;AAC1D,iBAAgB,IAAI,OAAO,UAAU,EAAE;AACvC,QAAO;;AAGT,SAAS,oBAAoB,OAAqB;CAChD,MAAM,UAAU,gBAAgB,IAAI,MAAM,IAAI;AAC9C,KAAI,WAAW,EAAG,iBAAgB,OAAO,MAAM;KAC1C,iBAAgB,IAAI,OAAO,UAAU,EAAE;;AAG9C,SAAS,eAAe,OAAe,OAAwB;CAC7D,MAAM,UAAU,iBAAiB,IAAI,MAAM,IAAI;AAC/C,KAAI,WAAW,MAAO,QAAO;AAC7B,kBAAiB,IAAI,OAAO,UAAU,EAAE;AACxC,QAAO;;AAGT,SAAS,eAAe,OAAqB;CAC3C,MAAM,UAAU,iBAAiB,IAAI,MAAM,IAAI;AAC/C,KAAI,WAAW,EAAG,kBAAiB,OAAO,MAAM;KAC3C,kBAAiB,IAAI,OAAO,UAAU,EAAE;;;;;;;AAQ/C,SAAS,oBAAoB,MAAc,WAA8B;AACvE,QAAO,UAAU,SAAS,KAAK;;;;;;;;AASjC,SAAS,qBAAqB,MAAuB;AACnD,QACE,SAAS,mBACT,SAAS,6EACT,SAAS;;AAIb,SAAS,0BAA0B,aAAsC,UAA0B;AAGjG,QAAO,GAAG,YAAY,cAFR,SAAS,QAAQ,iBAAiB,IAAI,CAAC,QAAQ,MAAM,GAE1B,CAAC,sBAD7B,mBAAmB,SACoC;;AAKtE,SAAgB,0BAA0B,KAAW,SAA+B;CAClF,MAAM,QAAQ,cAAc,mBAAmB,QAAQ,CAAC;;AAGxD,KAAI,IAAI,aAAa,OAAO,MAAM;EAChC,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAEpE,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,OAAO;AACrB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,WAAW;IAAQ;IAAU,EAC3F,wBAAwB,WAAW,SACpC;AACD,UAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;;AAGrF,MAAI,OAAO,SAAS,YAClB,QAAO,uBAAuB,GAAG,OAAO,SAAS,QAAQ,MAAM;AAIjE,MAAI,EAAE,IAAI,MAAM,KAAK,KAAK,IACxB,QAAO,mBAAmB,GAAG,OAAO,QAAQ,SAAS;AAEvD,MAAI,EAAE,IAAI,MAAM,SAAS,KAAK;OAExB;IADU,GAAG;IAAuB,GAAG,mBAAmB,QAAQ;IAC/D,CAAC,mBAAmB,SAAS,OAAO,SAAS,CAClD,QAAO,mBAAmB,GAAG,OAAO,QAAQ,UAAU,KAAK;;EAI/D,MAAM,eAAe,MAAM,MAAM;EACjC,MAAM,MAAM;GAAE,GAAG;GAAuB,GAAG,mBAAmB,QAAQ;GAAE;EACxE,MAAM,cAAc,oBAAoB,OAAO,UAAU,IAAI,mBAAmB;EAChF,MAAM,kBAAkB,qBAAqB,OAAO,SAAS;EAC7D,MAAM,KAAK,eAAe,SAAS,OAAO;AAC1C,SAAO,EAAE,KACP,uBAAuB,QAAQ,cAAc;GAC3C,WAAW,cAAc,MAAM,MAAM,aAAa;GAClD,YAAY,kBAAkB,YAAY,mBAAmB,MAAM,KAAK;GACxE;GACD,CAAC,CACH;GACD;;AAGF,KAAI,KAAK,sBAAsB,OAAO,MAAM;EAC1C,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAEpE,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,OAAO;AACrB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,WAAW;IAAQ;IAAU,EAC3F,0BAA0B,WAAW,SACtC;AACD,UAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;;AAGrF,MAAI,OAAO,SAAS,YAClB,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;AAEzD,SAAO,mBAAmB,GAAG,OAAO,QAAQ,SAAS;GACrD;;AAGF,KAAI,IAAI,kBAAkB,OAAO,MAAM;EACrC,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;AACpE,MAAI,OAAO,SAAS,YAAa,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAExF,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,MACd,QAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;AAKrF,SAAO,oBAAoB,GAAG,OAAO,SAAS,QAF9B,EAAE,IAAI,MAAM,OAAO,IAAI,IAEwB,UADhD,EAAE,IAAI,MAAM,SAAS,KAAK,OAAO,EAAE,IAAI,MAAM,KAAK,KAAK,IACU;GAChF;;AAGF,KAAI,IAAI,kBAAkB,OAAO,MAAM;EAErC,MAAM,aAAa,wBADF,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CACzC,CAAC;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;AAC/E,MAAI,OAAO,SAAS,YAAa,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,iBAAiB;GAAE,EAAE,IAAI;EAEvG,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,MACd,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,WAAW,QAAQ;GAAE,EAAE,IAAI;EAG1E,MAAM,OAAO,EAAE,IAAI,MAAM,OAAO,IAAI;AAEpC,OAAK,EAAE,IAAI,OAAO,SAAS,IAAI,IAAI,SAAS,YAAY,CACtD,QAAO,uBAAuB,GAAG,OAAO,SAAS,QAAQ,OAAO,KAAK;AAEvE,MAAI;GACF,MAAM,UAAU,MAAM,MAAM,cAAc,QAAQ,KAAK;AACvD,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS;IAAS,CAAC;WACtC,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;GAEvD;;AAGF,KAAI,IAAI,iBAAiB,OAAO,MAAM;EACpC,MAAM,WAAW,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CAAC;EAC7F,MAAM,aAAa,wBAAwB,SAAS;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;AACpE,MAAI,OAAO,SAAS,YAAa,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAExF,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,MAAI,CAAC,WAAW,MACd,QAAO,EAAE,KAAK,uBAAuB,WAAW,OAA6B,EAAE,IAAI;AAGrF,SAAO,mBAAmB,GAAG,OAAO,SAAS,QAAQ,EAAE,IAAI,MAAM,OAAO,IAAI,IAAI,SAAS;GACzF;;AAGF,KAAI,IAAI,kBAAkB,OAAO,MAAM;EAErC,MAAM,aAAa,wBADF,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CACzC,CAAC;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAGzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,EAAE,OAAO,OAAO,EAAE,IAAI;EAEjD,MAAM,aAAa,MAAM,eAAe,OAAO;EAC/C,MAAM,iBAAiB,OAAO,aAAa,OAAO,KAAK,IAAI,GAAG,OAAO,WAAW,OAAO,cAAc,GAAG;AAExG,SAAO,EAAE,KAAK;GACZ,MAAM,OAAO;GACb,UAAU,OAAO;GACjB,UAAU,OAAO;GACjB,UAAU,OAAO;GACjB,aAAa,OAAO,eAAe;GACnC,WAAW,OAAO;GAClB;GACA,OAAO,WAAW;GAClB,WAAW,OAAO,aAAa;GAChC,CAAC;GACF;;AAGF,KAAI,GAAG,QAAQ,aAAa,OAAO,MAAM;EACvC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,MAAM,IAAI;EACrC,MAAM,aAAa,MAAM,eAAe,OAAO;AAC/C,SAAO,EAAE,KAAK,MAAM,WAAW,QAAQ,MAAM,IAAI;GACjD;;AAGF,KAAI,IAAI,uBAAuB,OAAO,MAAM;EAE1C,MAAM,aAAa,wBADF,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CACzC,CAAC;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAEzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,MAAM,IAAI;AAErC,MAAI,CADe,MAAM,eAAe,OACzB,CAAC,MAAO,QAAO,EAAE,KAAK,MAAM,IAAI;EAE/C,MAAM,SAAS,MAAM,cAAc,MAAM;AACzC,MAAI,OACF,QAAO,IAAI,SAAS,QAAQ;GAC1B,QAAQ;GACR,SAAS;IACP,gBAAgB,qBAAqB,OAAO;IAC5C,iBAAiB;IACjB,0BAA0B;IAC3B;GACF,CAAC;AAGJ,oBAAkB;GAAE,OAAO;GAAQ;GAAO,UAAU,OAAO;GAAI,EAAE,uBAAuB,QAAQ,CAAC;EACjG,MAAM,cAAc,eAAe,OAAO,UAAU,OAAO,SAAS,cAAc,WAAW,OAAO;AACpG,SAAO,IAAI,SAAS,aAAa;GAC/B,QAAQ;GACR,SAAS;IACP,gBAAgB;IAChB,iBAAiB;IACjB,0BAA0B;IAC3B;GACF,CAAC;GACF;AAEF,KAAI,GAAG,QAAQ,uBAAuB,OAAO,MAAM;EACjD,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,SAAS,MAAM,WAAW,MAAM;AACtC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,MAAM,IAAI;AAErC,MAAI,CADe,MAAM,eAAe,OACzB,CAAC,MAAO,QAAO,EAAE,KAAK,MAAM,IAAI;EAC/C,MAAM,QAAQ,MAAM,gBAAgB,MAAM;AAC1C,SAAO,EAAE,KAAK,MAAM,QAAQ,MAAM,IAAI;GACtC;;AAGF,KAAI,IAAI,0BAA0B,OAAO,MAAM;EAE7C,MAAM,aAAa,wBADF,uBAAuB,EAAE,MAAM,MAAc,EAAE,IAAI,OAAO,EAAE,IAAI,KAAA,GAAW,CACzC,CAAC;AACpD,MAAI,CAAC,WAAW,SAAS;AACvB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,WAAW,eAAe,IAAK,CAAC,CAAC;AAC1E,UAAO,EAAE,KAAK,qBAAqB,IAAI;;EAEzC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;EAClC,MAAM,YAAY,kBAAkB,uBAAuB,QAAQ,CAAC;EACpE,MAAM,SAAS,UAAU,WAAW,MAAM;AAC1C,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK,MAAM,IAAI;AAErC,MAAI,CADe,UAAU,eAAe,OAC7B,CAAC,MAAO,QAAO,EAAE,KAAK,MAAM,IAAI;EAE/C,MAAM,SAAS,MAAM,cAAc,MAAM;AACzC,MAAI,OACF,QAAO,IAAI,SAAS,QAAQ;GAC1B,QAAQ;GACR,SAAS;IACP,gBAAgB,qBAAqB,OAAO;IAC5C,iBAAiB;IACjB,0BAA0B;IAC3B;GACF,CAAC;AAEJ,oBAAkB;GAAE,OAAO;GAAQ;GAAO,UAAU,OAAO;GAAI,EAAE,uBAAuB,QAAQ,CAAC;EACjG,MAAM,cAAc,eAAe,OAAO,eAAe,cAAc,OAAO;AAC9E,SAAO,IAAI,SAAS,aAAa;GAC/B,QAAQ;GACR,SAAS;IACP,gBAAgB;IAChB,iBAAiB;IACjB,0BAA0B;IAC3B;GACF,CAAC;GACF;AAEF,KAAI,GAAG,QAAQ,0BAA0B,OAAO,MAAM;EAEpD,MAAM,QAAQ,MAAM,gBADN,EAAE,IAAI,MAAM,QACe,CAAC;AAC1C,SAAO,EAAE,KAAK,MAAM,QAAQ,MAAM,IAAI;GACtC;AAGF,OAAM,gBAAgB,QAAQ;AACvB,kBAAgB,IAAI,MAAM;GAC/B;;AAKJ,SAAgB,oBAAoB,eAAqB,MAAoC;CAC3F,MAAM,EAAE,YAAY;CACpB,MAAM,QAAQ,cAAc,mBAAmB,QAAQ,CAAC;AACjC,mBAAkB,uBAAuB,QAAQ,CAE1D,CAAC,gBAAgB,QAAQ;EACrC,MAAM,MAAM,iBAAiB,IAAI,GAAG;AACpC,MAAI,IAAU,mBAAkB,IAAI;GACpC;AAEF,eAAc,KAAK,eAAe,OAAO,MAAM;EAC7C,MAAM,eAAe,aAAa,EAAE,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GAAW,CAAC;AAChG,MAAI,CAAC,aAAc,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,kBAAkB;GAAE,EAAE,IAAI;EAE1F,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,KAAK,MAAM,GAAG;AAChE,MAAI,CAAC,KAAM,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,gBAAgB;GAAE,EAAE,IAAI;EAEhF,MAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG,KAAA;EAClF,MAAM,UAAU,OAAO,KAAK,YAAY,WAAW,KAAK,QAAQ,MAAM,GAAG,KAAA;EAEzE,MAAM,gBAAgB,MAAM,6BAA6B,SAAS,YAAY,QAAQ;AACtF,MAAI,CAAC,cACH,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,4BAA4B;GAAE,EAAE,IAAI;EAGnF,MAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,KAAA;EAC5D,MAAM,WAAW,KAAK,aAAa,OAAO,OAAO,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW,KAAA;EACrG,MAAM,cAAc,OAAO,KAAK,gBAAgB,WAAW,KAAK,YAAY,MAAM,IAAI,KAAA,IAAY,KAAA;EAClG,MAAM,OAAO,KAAK,SAAS,eAAe,KAAK,SAAS,SAAS,KAAK,OAAO,KAAA;EAC7E,MAAM,gBAAgB,KAAK,kBAAkB,aAAa,aAAa,KAAK,kBAAkB,WAAW,WAAW,KAAA;EACpH,MAAM,iBAAiB,KAAK,mBAAmB;EAC/C,MAAM,eAAe,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe,KAAA;EACjF,MAAM,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB,KAAA;EACpF,MAAM,WAAW,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW,KAAA;AAErE,MAAI;AACF,SAAM,aAAa,mBAAmB,QAAQ,CAAC;GAC/C,MAAM,SAAS,MAAM,MAAM,OAAO;IAChC;IACA;IACA;IACA;IACA;IACA;IACA;IACA,kBAAkB,iBAAiB,aAAa;IAChD;IACA;IACA;IACA;IACA;IACA;IACD,CAAC;GAEF,MAAM,SAAS,mBAAmB,QAAQ;GAC1C,MAAM,WAAW,gBAAgB,OAAO,OAAO,OAAO;AAEtD,UAAO,EAAE,KACP;IACE,IAAI;IACJ,SAAS;KACP,IAAI,OAAO;KACX,OAAO,OAAO;KACd,MAAM,OAAO;KACb,UAAU,SAAS;KACnB,QAAQ,SAAS;KACjB,cAAc,SAAS;KACvB,kBAAkB,SAAS;KAC3B,WAAW,OAAO;KAClB,UAAU,OAAO;KACjB,UAAU,OAAO;KACjB,UAAU,OAAO;KACjB,WAAW,OAAO,aAAa;KAChC;IACF,EACD,IACD;WACM,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;GAEvD;;;;;;AAOF,eAAc,KAAK,oBAAoB,OAAO,MAAM;EAClD,MAAM,eAAe,aAAa,EAAE,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GAAW,CAAC;AAChG,MAAI,CAAC,aAAc,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,kBAAkB;GAAE,EAAE,IAAI;EAE1F,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,KAAK,MAAM,GAAG;AAChE,MAAI,CAAC,KAAM,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,gBAAgB;GAAE,EAAE,IAAI;EAChF,MAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG,KAAA;EAClF,MAAM,UAAU,OAAO,KAAK,YAAY,WAAW,KAAK,QAAQ,MAAM,GAAG,KAAA;EACzE,MAAM,OAAQ,OAAO,KAAK,SAAS,YAAY;GAAC;GAAQ;GAAc;GAAc;GAAY,CAAC,SAAS,KAAK,KAAK,GAC/G,KAAK,OACN;EACJ,MAAM,WACJ,KAAK,aAAa,YAAY,KAAK,aAAa,eAAe,KAAK,aAAa,WAC7E,KAAK,WACL,KAAA;EACN,MAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,KAAA;EAC5D,MAAM,cAAc,OAAO,KAAK,gBAAgB,WAAW,KAAK,cAAc,KAAA;EAC9E,MAAM,cAAc,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,KAAA;EAClE,MAAM,mBACJ,KAAK,aAAa,OAAO,OAAO,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW,KAAA;EACtF,MAAM,gBAAgB,KAAK,cAAc;EAEzC,MAAM,gBAAgB,MAAM,6BAA6B,SAAS,YAAY,QAAQ;AACtF,MAAI,CAAC,cACH,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,4BAA4B;GAAE,EAAE,IAAI;EAGnF,IAAI;AACJ,MAAI;AACF,WAAQ,MAAM,iBAAiB,eAAe,KAAK;WAC5C,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;EAGvD,IAAI;AACJ,MAAI;AACF,cAAW,gBAAgB,OAAO,KAAK;WAChC,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;EAGvD,MAAM,WAAW,iBAAiB,SAAS;EAC3C,MAAM,QAAQ,eAAe,SAAS;EACtC,MAAM,WAAW,qBAAqB,KAAA,IAAY,mBAAmB,SAAS;EAC9E,MAAM,YAAY,iBAAiB,aAAa;EAChD,MAAM,SAAS,mBAAmB,QAAQ;AAE1C,MAAI;AACF,OAAI,SAAS,SAAS,QAAQ;IAC5B,MAAM,YAAY,kBAAkB,uBAAuB,QAAQ,CAAC;IAIpE,IAAI,WAAW;IACf,IAAI,YAA2B;AAC/B,QAAI,MAAM,SAAS,QAAQ;KACzB,MAAM,SAAS,MAAM,sBAAsB,eAAe,MAAM,aAAa;AAC7E,gBAAW,OAAO;AAClB,iBAAY,OAAO;;IAErB,MAAM,UAAU,MAAM,UAAU,OAAO;KACrC,MAAM;KACN,MAAM;KACN;KACA;KACA,WAAW,OAAO,KAAK,cAAc,WAAW,KAAK,YAAY,KAAA;KACjE,aAAa;KACb,aAAa;KACb;KACA;KACA;KACA,kBAAkB;KACnB,CAAC;AACF,QAAI,UAAW,oBAAmB,QAAQ,IAAI,UAAU;IACxD,MAAM,MAAM,UAAU,WAAW;IACjC,MAAM,cAAc,QAAQ,cAAc,QAAQ,QAAQ;IAC1D,MAAM,cAAc,4BAA4B,QAAQ,cAAc;IACtE,MAAM,iBAAiB,QAAQ,aAAa,QAAQ;IACpD,MAAM,WAAW,CAAC,EAAE,MAAM,OAAO,oCAAoC,iBAAiB;IACtF,MAAM,WAAW,WACb,WAAW,eAAe,GAAG,IAAI,iBAAiB,KAClD,UAAU,YAAY,GAAG,YAAY,QAAQ,QAAQ,MAAM;IAC/D,MAAM,eAAe,WAAW,WAAY,gBAAgB,eAAe,gBAAgB,eAAe,gBAAgB,QAAQ,eAAe;IACjJ,MAAM,eAAe,gBACjB,GAAG,WAAW,WAAW,eAAe,GAAG,IAAI,qBAAqB,UAAU,YAAY,GAAG,cAAc,QAAQ,QAAQ,MAAM,cACjI;AACJ,QAAI,eAAe;AACjB,uBAAkB;MAAE,OAAO;MAAQ,OAAO,QAAQ;MAAO,UAAU,QAAQ;MAAI,EAAE,uBAAuB,QAAQ,CAAC;AACjH,eAAU,mBAAmB,QAAQ,IAAI,UAAU;;IAErD,MAAM,WAAW,UAAU,MAAM,SAAS,cAAc,KAAK,MAAM,IAAI,CAAC,KAAK,IAAI,OAAO,MAAM,MAAM;AACpG,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,SAAS;MACP,OAAO;OACL,IAAI,QAAQ;OACZ,MAAM;OACN,OAAO;OACP,aAAa,gBAAgB;QAAE;QAAU,WAAW,QAAQ;QAAW,UAAU;QAAa,CAAC;OAC/F;OACA,QAAQ;OACR;OACA,kBAAkB,iBAAiB,WAAW,OAAQ,iBAAiB,QAAQ,2BAA2B;OAC1G,WAAW,QAAQ;OACnB,UAAU;OACX;MACD,WAAW;OACT,KAAK;OACL,QAAQ,gBAAgB,YAAY;OACpC,OAAO,sBAAsB,UAAU;OACvC,QAAQ,sBAAsB,UAAU;OACzC;MACD,SAAS;OAAE,QAAQ,SAAS;OAAQ,MAAM,SAAS;OAAM;MAC1D;KACF,EAAE,IAAI;;AAGT,UAAO,MAAM,wBAAwB;IACnC;IAAG;IAAS;IAAO;IAAO;IAC1B;IAAO;IAAU;IAAO;IAAa;IACrC;IAAe;IAAW;IAAQ;IACnC,CAAC;WACK,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;GAEvD;AAEF,eAAc,IAAI,eAAe,OAAO,MAAM;AAC5C,QAAM,aAAa,mBAAmB,QAAQ,CAAC;EAC/C,MAAM,SAAS,MAAM,cAAc;EACnC,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,MAAM,KAAK,KAAK;EAEtB,MAAM,QAAQ,OAAO,KAAK,MAAM;GAC9B,MAAM,WAAW,gBAAgB,EAAE,OAAO,OAAO;GACjD,MAAM,UAAU,OAAO,IAAI,KAAK,EAAE,UAAU,CAAC,SAAS;AACtD,UAAO;IACL,IAAI,EAAE;IACN,MAAM,EAAE;IACR,UAAU,EAAE;IACZ,uBAAuB,EAAE;IACzB,UAAU,SAAS;IACnB,QAAQ,SAAS;IACjB,cAAc,SAAS;IACvB,WAAW,EAAE;IACb,WAAW,EAAE;IACb,eAAe,EAAE;IACjB,UAAU,EAAE;IACZ,SAAS,EAAE;IACX;IACA,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE;IACZ,UAAU,EAAE;IACZ,WAAW,EAAE,aAAa;IAC3B;IACD;AAEF,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,QAAQ,OAAO;GAAE,CAAC;GACvD;AAEF,eAAc,IAAI,mBAAmB,OAAO,MAAM;EAChD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,MAAM,SAAS,MAAM,QAAQ,GAAG;AAChC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;EAE/E,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,WAAW,gBAAgB,OAAO,OAAO,OAAO;EACtD,MAAM,UAAU,KAAK,KAAK,IAAI,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS;AAElE,SAAO,EAAE,KAAK;GACZ,IAAI;GACJ,SAAS;IACP,GAAG;IACH,OAAO,KAAA;IACP,UAAU,SAAS;IACnB,QAAQ,SAAS;IACjB,cAAc,SAAS;IACvB;IACD;GACF,CAAC;GACF;AAEF,eAAc,OAAO,mBAAmB,OAAO,MAAM;EACnD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;AAE5B,MAAI,CADY,MAAM,OAAO,GACjB,CAAE,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;AAChF,SAAO,EAAE,KAAK,EAAE,IAAI,MAAM,CAAC;GAC3B;AAEF,eAAc,OAAO,eAAe,OAAO,MAAM;EAC/C,IAAI,OAAgC,EAAE;AACtC,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AAIR,MAAI,KAAK,YAAY,MAAM;GACzB,MAAM,QAAQ,MAAM,eAAe;AACnC,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS,EAAE,cAAc,OAAO;IAAE,CAAC;;EAG/D,MAAM,MAAM,MAAM,QAAQ,KAAK,IAAI,GAAI,KAAK,IAAiB,QAAQ,MAAM,OAAO,MAAM,SAAS,GAAG,EAAE;AACtG,MAAI,IAAI,WAAW,EACjB,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,sCAAsC;GAAE,EAAE,IAAI;EAE7F,MAAM,QAAQ,MAAM,WAAW,IAAI;AACnC,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,cAAc,OAAO;GAAE,CAAC;GAC7D;AAEF,eAAc,MAAM,mBAAmB,OAAO,MAAM;EAClD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,QAA4D,EAAE;AACpE,MAAI,OAAO,KAAK,gBAAgB,SAAU,OAAM,cAAc,KAAK;AACnE,MAAI,KAAK,aAAa,QAAQ,OAAO,KAAK,aAAa,SAAU,OAAM,WAAW,KAAK;EAEvF,MAAM,UAAU,MAAM,OAAO,IAAI,MAAM;AACvC,MAAI,CAAC,QAAS,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;EAEhF,MAAM,SAAS,mBAAmB,QAAQ;EAC1C,MAAM,WAAW,gBAAgB,QAAQ,OAAO,OAAO;AAEvD,SAAO,EAAE,KAAK;GACZ,IAAI;GACJ,SAAS;IACP,IAAI,QAAQ;IACZ,WAAW,QAAQ;IACnB,UAAU,QAAQ;IAClB,UAAU,SAAS;IACpB;GACF,CAAC;GACF;;AAKJ,eAAe,uBACb,GACA,OACA,SACA,QACA,OACA,UAAU,IACS;AACnB,OAAM,aAAa,mBAAmB,QAAQ,CAAC;CAC/C,MAAM,OAAO;EACX,OAAO,MAAe,IAAI,MAAM,MAAM,aAAa,mBAAmB,EAAE,KAAK,MAAM;EACnF,OAAO,MAAc,MAAM,MAAM,aAAa,mBAAmB,EAAE;EACnE,MAAM,MAAe,IAAI,MAAM,MAAM,YAAY,mBAAmB,EAAE,KAAK,MAAM,MAAM;EACxF;CAED,IAAI,UAA2E;AAC/E,KAAI,OAAO,WAAW,SAAS,WAC7B,KAAI;AACF,YAAU,MAAM,MAAM,cAAc,QAAQ,QAAQ;UAC7C,KAAK;AACZ,gBACE,uBACA;GAAE,SAAS,OAAO;GAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;GAAE;GAAS,QAAQ,OAAO,IAAI;GAAE,EAC3F,2BACD;AACD,SAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;;CAG3D,MAAM,KAAK,eAAe,SAAS,OAAO;AAC1C,QAAO,EAAE,KAAK,wBAAwB,QAAQ,SAAS,MAAM,EAAE,IAAI,CAAC,CAAC;;AAGvE,SAAS,eAAe,SAAyB,QAAqB;CACpE,MAAM,WAAW,gBAAgB,OAAO,OAAO,mBAAmB,QAAQ,CAAC;AAG3E,KAAI,SAAS,iBAAiB,SAAU,QAAO,KAAA;AAC/C,QAAO;EACL,kBAAkB,SAAS;EAC3B,sBAAsB,GAAG,SAAS,SAAS;EAC3C,OAAO,OAAO;EACd,aAAa,OAAO,eAAe,KAAA;EACpC;;AAGH,eAAe,oBACb,GACA,OACA,SACA,QACA,SACA,UACA,QACmB;AACnB,KAAI,CAAC,oBAAoB,OAAO,MAAM,CACpC,QAAO,IAAI,SAAS,gDAAgD,EAAE,QAAQ,KAAK,CAAC;AAGtF,KAAI;EACF,MAAM,WAAW,MAAM,MAAM,sBAAsB,QAAQ,QAAQ;AACnE,MAAI,SAAS,OAAO,MAAM;AACxB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,SAAS;IAAQ;IAAU;IAAS,EACzG,sCAAsC,SAAS,SAChD;AACD,UAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;;EAEzD,MAAM,YAAY,MAAM,MAAM,sBAAsB,OAAO;AAC3D,MAAI,CAAC,UAAU,MACb,QAAO,EAAE,KAAK,uBAAwB,UAAU,UAAU,eAAsC,EAAE,IAAI;EAGxG,MAAM,WAAW,MAAM,KAAK,SAAS,aAAa;AAClD,MAAI,CAAC,SAAS,QAAQ,CACpB,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;AAIzD,QAAM,aAAa,mBAAmB,QAAQ,CAAC;EAC/C,MAAM,MAAM,MAAM,WAAW;AAC7B,MAAI,SAAS,OAAO,IAAI,YACtB,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAIzD,MAAM,aAAa;GAAE,GAAG;GAAuB,GAAG,mBAAmB,QAAQ;GAAE;EAC/E,MAAM,WAAW,QAAQ,MAAM,IAAI,CAAC,KAAK,IAAI,OAAO;EACpD,MAAM,EAAE,oBAAoB,MAAM,OAAO;EACzC,MAAM,OAAO,gBAAgB,SAAS;EACtC,MAAM,YAAY,UAAU,WAAW,mBAAmB,SAAS,KAAK;AAExE,QAAM,uBAAuB,OAAO,GAAG;AACvC,gBACE,gBACA;GAAE,SAAS,OAAO;GAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;GAAE;GAAU;GAAS,MAAM,YAAY,WAAW;GAAc,EAC3H,0BAA0B,WAC3B;EAED,MAAM,SAAS,iBAAiB,SAAS,aAAa;EACtD,MAAM,YAAY,SAAS,MAAM,OAAO;EACxC,MAAM,cAAc,0BAA0B,YAAY,WAAW,cAAc,SAAS;AAE5F,SAAO,IAAI,SAAS,WAAW;GAC7B,QAAQ;GACR,SAAS;IACP,gBAAgB,yBAAyB,KAAK;IAC9C,uBAAuB;IACvB,kBAAkB,OAAO,SAAS,KAAK;IACvC,iBAAiB;IACjB,0BAA0B;IAC1B,mBAAmB;IACnB,mBAAmB;IACpB;GACF,CAAC;WACM;AACR,sBAAoB,OAAO,MAAM;;;AAIrC,eAAe,mBACb,GACA,OACA,SACA,QACA,SACA,UACmB;AACnB,OAAM,aAAa,mBAAmB,QAAQ,CAAC;CAC/C,MAAM,MAAM,MAAM,WAAW;CAC7B,MAAM,WAAW,IAAI,UAAU;AAC/B,KAAI,CAAC,eAAe,OAAO,OAAO,SAAS,CACzC,QAAO,IAAI,SAAS,kDAAkD,EAAE,QAAQ,KAAK,CAAC;AAGxF,KAAI;AAEF,OAAI,MADmB,MAAM,sBAAsB,QAAQ,QAAQ,EACtD,OAAO,KAClB,QAAO,EAAE,KAAK,uBAAuB,YAAY,EAAE,IAAI;EAEzD,MAAM,YAAY,MAAM,MAAM,sBAAsB,OAAO;AAC3D,MAAI,CAAC,UAAU,MACb,QAAO,EAAE,KAAK,uBAAwB,UAAU,UAAU,eAAsC,EAAE,IAAI;EAGxG,MAAM,QAAQ,MAAM,mBAAmB,QAAQ;GAC7C,kBAAkB;GAClB,cAAc,IAAI,UAAU;GAC5B,eAAe,IAAI,UAAU;GAC7B,gBAAgB,OAAO,WAAW,kBAAkB;GACpD,UAAU,OAAO,WAAW,YAAY,IAAI,UAAU;GACvD,CAAC;AAEF,QAAM,uBAAuB,OAAO,GAAG;AACvC,gBACE,gBACA;GAAE,SAAS,OAAO;GAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;GAAE;GAAU,MAAM;GAAO;GAAS,WAAW,MAAM;GAAQ,EACtH,yBAAyB,OAAO,WAAW,UAAU,MAAM,UAAU,KACtE;EAED,MAAM,UAAU,UACZ,GAAG,OAAO,SAAS,GAAG,QAAQ,QAAQ,UAAU,IAAI,CAAC,QACrD,GAAG,OAAO,SAAS;EACvB,MAAM,SAAS,gBAAgB,EAAE,OAAO,CAAC;EACzC,MAAM,YAAY,SAAS,MAAM,OAAO;AAExC,SAAO,IAAI,SAAS,WAAW;GAC7B,QAAQ;GACR,SAAS;IACP,gBAAgB;IAChB,uBAAuB,0BAA0B,cAAc,QAAQ;IACvE,iBAAiB;IACjB,0BAA0B;IAC1B,mBAAmB;IACnB,mBAAmB;IACpB;GACF,CAAC;UACK,KAAK;EACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,SAAO,IAAI,SAAS,qBAAqB,WAAW,EAAE,QAAQ,KAAK,CAAC;WAC5D;AACR,iBAAe,OAAO,MAAM;;;AAMhC,eAAe,wBAAwB,MAejB;CACpB,MAAM,EAAE,GAAG,SAAS,OAAO,OAAO,UAAU,OAAO,UAAU,OAAO,aAAa,UAAU,eAAe,WAAW,QAAQ,kBAAkB;AAC/I,OAAM,aAAa,mBAAmB,QAAQ,CAAC;CAC/C,MAAM,SAAS,MAAM,MAAM,OAAO;EAChC,MAAM,eAAe,eAAe,MAAM,aAAa;EACvD;EACA,kBAAkB;EAClB;EACA,UAAU,aAAa,KAAA,IAAY,KAAA,IAAY;EAC/C;EACA,MAAM,MAAM,SAAS,cAAc,cAAc;EACjD,eAAe,SAAS,SAAS,QAAQ,aAAc,MAAM,SAAS,cAAc,WAAW,KAAA;EAChG,CAAC;CACF,MAAM,WAAW,gBAAgB,OAAO,OAAO,OAAO;CACtD,MAAM,WAAW,UAAU,OAAO,UAAU,MAAM;CAClD,MAAM,UAAU,gBAAgB;EAAE;EAAU,WAAW,OAAO;EAAW,UAAU;EAAa,CAAC;CACjG,MAAM,eAAe,gBACjB,GAAG,SAAS,SAAS,cACrB;AACJ,KAAI,eAAe;AACjB,oBAAkB;GAAE,OAAO;GAAQ,OAAO,OAAO;GAAO,UAAU,OAAO;GAAI,EAAE,uBAAuB,QAAQ,CAAC;AAC/G,QAAM,mBAAmB,OAAO,IAAI,UAAU;;AAEhD,QAAO,EAAE,KAAK;EACZ,IAAI;EACJ,SAAS;GACP,OAAO;IACL,IAAI,OAAO;IACX,MAAM,SAAS;IACf,OAAO;IACP,aAAa;IACb,UAAU,SAAS;IACnB,QAAQ,SAAS;IACjB,cAAc,SAAS;IACvB,kBAAkB,SAAS;IAC3B,WAAW,OAAO;IAClB,UAAU,OAAO;IAClB;GACD,WAAW;IACT,KAAK;IACL,QAAQ,gBAAgB,YAAY;IACpC,OAAO,sBAAsB,UAAU;IACvC,QAAQ,sBAAsB,UAAU;IACzC;GACD,SAAS;IAAE,QAAQ,SAAS;IAAQ,MAAM,SAAS;IAAM;GAC1D;EACF,EAAE,IAAI;;AAGT,SAAS,eAAe,eAAuB,KAAqB;CAClE,MAAM,OAAO,cAAc,QAAQ,WAAW,GAAG;AACjD,KAAI,QAAQ,KAAM,QAAO;AACzB,KAAI,IAAI,WAAW,GAAG,KAAK,GAAG,CAAE,QAAO,IAAI,MAAM,KAAK,SAAS,EAAE;AACjE,KAAI,IAAI,WAAW,GAAG,KAAK,IAAI,CAAE,QAAO,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC,QAAQ,OAAO,IAAI;AAEtF,QAAO,IAAI,MAAM,QAAQ,CAAC,KAAK,IAAI;;AAGrC,eAAe,6BACb,SACA,YACA,SACwB;CACxB,MAAM,MAAM,QAAQ;AAEpB,KAAI,WACF,KAAI;AACF,SAAO,MAAM,QAAQ,SAAS,0BAA0B,WAAW;SAC7D;CAKV,MAAM,EAAE,qBAAqB,MAAM,OAAO;CAC1C,MAAM,EAAE,0BAA0B,kBAAkB,0BAA0B,MAAM,OAClF;AAGF,KAAI,QAEF,QAAO,yBAAyB,KADb,iBAAiB,QACW,CAAC;CAGlD,MAAM,OAAO,iBAAiB,IAAI;AAClC,KAAI,KAAM,QAAO;AAGjB,QAAO,yBAAyB,KADd,sBAAsB,IACM,CAAC;;AAGjD,eAAe,mBACb,GACA,OACA,QACA,UACA,SAAS,OACU;AACnB,KAAI,CAAC,oBAAoB,OAAO,MAAM,CACpC,QAAO,IAAI,SAAS,gDAAgD,EAAE,QAAQ,KAAK,CAAC;AAGtF,KAAI;EACF,MAAM,YAAY,MAAM,MAAM,sBAAsB,OAAO;AAC3D,MAAI,CAAC,UAAU,OAAO;AACpB,iBACE,uBACA;IAAE,SAAS,OAAO;IAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;IAAE,QAAQ,UAAU;IAAQ;IAAU,EACjG,sCAAsC,UAAU,SACjD;AACD,UAAO,IAAI,SAAS,uBAAwB,UAAU,UAAU,eAAsC,EAAE;IACtG,QAAQ;IACR,SAAS,EAAE,gBAAgB,4BAA4B;IACxD,CAAC;;AAGJ,QAAM,uBAAuB,OAAO,GAAG;AAEvC,gBACE,gBACA;GAAE,SAAS,OAAO;GAAI,aAAa,OAAO,MAAM,MAAM,GAAG,EAAE;GAAE;GAAU,eAAe,OAAO;GAAe,EAC5G,qBAAqB,OAAO,WAC7B;EAED,MAAM,WAAW,MAAM,KAAK,OAAO,aAAa;EAChD,MAAM,SAAS,iBAAiB,OAAO,aAAa;EACpD,MAAM,YAAY,SAAS,MAAM,OAAO;EACxC,MAAM,cAAc,0BAA0B,SAAS,WAAW,cAAc,OAAO,SAAS;AAEhG,SAAO,IAAI,SAAS,WAAW;GAC7B,QAAQ;GACR,SAAS;IACP,gBAAgB,yBAAyB,OAAO,SAAS;IACzD,uBAAuB;IACvB,kBAAkB,OAAO,SAAS,KAAK;IACvC,iBAAiB;IACjB,0BAA0B;IAC1B,mBAAmB;IACnB,mBAAmB;IACpB;GACF,CAAC;WACM;AACR,sBAAoB,OAAO,MAAM"}

package/dist/src/gateway/hono/routes/site-shares.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Hono } from 'hono';
+import type { AuthenticatedRouteDeps } from './deps.js';
+export declare function registerSiteShareRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void;

package/dist/src/gateway/hono/routes/site-shares.js ADDED Viewed

@@ -0,0 +1,228 @@
+import { resolveGatewayEffectiveHost } from "../../../config/gateway-bind.js";
+import { resolveSiteShareConfig } from "../../../share/site-share-config.js";
+import { getSiteShareStore } from "../../../share/site-share-store.js";
+import { extractToken } from "../../auth.js";
+import { createHash } from "node:crypto";
+//#region src/gateway/hono/routes/site-shares.ts
+function hashGatewayToken(token) {
+	return createHash("sha256").update(token, "utf8").digest("hex").slice(0, 12);
+}
+function buildShareUrls(record, publicHostSuffix, gatewayHost, gatewayPort) {
+	return {
+		publicUrl: `https://${record.subdomain ?? record.token}.${publicHostSuffix}/`,
+		subpathUrl: `http://${gatewayHost}:${gatewayPort}/site/${record.token}/`
+	};
+}
+function registerSiteShareRoutes(authenticated, deps) {
+	const { service } = deps;
+	const store = getSiteShareStore(resolveSiteShareConfig(service));
+	async function resolveWorkspaceRoot(sessionKey, agentId) {
+		const cfg = service.currentConfig;
+		if (sessionKey) try {
+			return await service.sessions.getEffectiveWorkspacePath(sessionKey);
+		} catch {}
+		const { getWorkspacePath } = await import("../../../config/workspace-path-helpers.js");
+		const { resolveAgentWorkspaceDir, normalizeAgentId, resolveDefaultAgentId } = await import("../../../agent/agent-scope.js");
+		if (agentId) return resolveAgentWorkspaceDir(cfg, normalizeAgentId(agentId));
+		const root = getWorkspacePath(cfg);
+		if (root) return root;
+		return resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg));
+	}
+	authenticated.post("/api/site-shares", async (c) => {
+		const gatewayToken = extractToken({ authorization: c.req.header("authorization") ?? void 0 });
+		if (!gatewayToken) return c.json({
+			ok: false,
+			error: { message: "Token required" }
+		}, 401);
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({
+				ok: false,
+				error: { message: "Invalid JSON" }
+			}, 400);
+		}
+		const kind = body.kind === "static" || body.kind === "proxy" ? body.kind : null;
+		if (!kind) return c.json({
+			ok: false,
+			error: { message: "kind must be 'static' or 'proxy'" }
+		}, 400);
+		const sessionKey = typeof body.sessionKey === "string" ? body.sessionKey.trim() : void 0;
+		const agentId = typeof body.agentId === "string" ? body.agentId.trim() : void 0;
+		const path = typeof body.path === "string" ? body.path.trim() : void 0;
+		const upstreamUrl = typeof body.upstreamUrl === "string" ? body.upstreamUrl.trim() : void 0;
+		const ttlMs = typeof body.ttlMs === "number" ? body.ttlMs : void 0;
+		const description = typeof body.description === "string" ? body.description.trim() || void 0 : void 0;
+		const subdomain = typeof body.subdomain === "string" ? body.subdomain.trim() || void 0 : void 0;
+		const maxRequests = body.maxRequests === null ? null : typeof body.maxRequests === "number" ? body.maxRequests : void 0;
+		const spaFallback = typeof body.spaFallback === "boolean" ? body.spaFallback : void 0;
+		const rewriteMode = body.rewriteMode === "none" || body.rewriteMode === "html-only" || body.rewriteMode === "html-css" ? body.rewriteMode : void 0;
+		const forwardWebSocket = typeof body.forwardWebSocket === "boolean" ? body.forwardWebSocket : void 0;
+		let workspaceRoot = null;
+		if (kind === "static") {
+			workspaceRoot = await resolveWorkspaceRoot(sessionKey, agentId);
+			if (!workspaceRoot) return c.json({
+				ok: false,
+				error: { message: "Workspace not configured" }
+			}, 400);
+		}
+		try {
+			store.updateConfig(resolveSiteShareConfig(service));
+			const record = await store.create({
+				kind,
+				path,
+				upstreamUrl,
+				ttlMs,
+				description,
+				subdomain,
+				maxRequests,
+				spaFallback,
+				rewriteMode,
+				forwardWebSocket,
+				sessionKey,
+				agentId,
+				workspaceRoot,
+				gatewayTokenHash: hashGatewayToken(gatewayToken)
+			});
+			const cfg = store.getConfig();
+			const gw = service.currentConfig.gateway;
+			const urls = buildShareUrls(record, cfg.publicHostSuffix, resolveGatewayEffectiveHost(service.currentConfig), gw.port ?? 18790);
+			return c.json({
+				ok: true,
+				payload: {
+					id: record.id,
+					token: record.token,
+					subdomain: record.subdomain,
+					kind: record.source.kind,
+					createdAt: record.createdAt,
+					expiresAt: record.expiresAt,
+					description: record.description ?? null,
+					maxRequests: record.maxRequests,
+					publicUrl: urls.publicUrl,
+					subpathUrl: urls.subpathUrl
+				}
+			}, 201);
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			return c.json({
+				ok: false,
+				error: { message }
+			}, 400);
+		}
+	});
+	authenticated.get("/api/site-shares", (c) => {
+		store.updateConfig(resolveSiteShareConfig(service));
+		const cfg = store.getConfig();
+		const gw = service.currentConfig.gateway;
+		const gatewayHost = resolveGatewayEffectiveHost(service.currentConfig);
+		const gatewayPort = gw.port ?? 18790;
+		const items = store.getAllShares().map((r) => {
+			const urls = buildShareUrls(r, cfg.publicHostSuffix, gatewayHost, gatewayPort);
+			const expired = Date.now() >= new Date(r.expiresAt).getTime();
+			return {
+				id: r.id,
+				token: r.token,
+				subdomain: r.subdomain,
+				kind: r.source.kind,
+				createdAt: r.createdAt,
+				expiresAt: r.expiresAt,
+				revoked: r.revoked,
+				expired,
+				description: r.description ?? null,
+				requestCount: r.requestCount,
+				uniqueClientCount: r.uniqueClientCount,
+				maxRequests: r.maxRequests,
+				source: r.source,
+				publicUrl: urls.publicUrl,
+				subpathUrl: urls.subpathUrl
+			};
+		});
+		return c.json({
+			ok: true,
+			payload: { shares: items }
+		});
+	});
+	authenticated.get("/api/site-shares/:id", (c) => {
+		const id = c.req.param("id");
+		const record = store.getById(id);
+		if (!record) return c.json({
+			ok: false,
+			error: { message: "Not found" }
+		}, 404);
+		const cfg = store.getConfig();
+		const gw = service.currentConfig.gateway;
+		const urls = buildShareUrls(record, cfg.publicHostSuffix, resolveGatewayEffectiveHost(service.currentConfig), gw.port ?? 18790);
+		return c.json({
+			ok: true,
+			payload: {
+				...record,
+				...urls,
+				expired: Date.now() >= new Date(record.expiresAt).getTime()
+			}
+		});
+	});
+	authenticated.delete("/api/site-shares/:id", (c) => {
+		const id = c.req.param("id");
+		if (!store.revoke(id)) return c.json({
+			ok: false,
+			error: { message: "Not found" }
+		}, 404);
+		return c.json({ ok: true });
+	});
+	authenticated.delete("/api/site-shares", async (c) => {
+		let body = {};
+		try {
+			body = await c.req.json();
+		} catch {}
+		if (body.expired === true) {
+			const count = store.revokeExpired();
+			return c.json({
+				ok: true,
+				payload: { revokedCount: count }
+			});
+		}
+		const ids = Array.isArray(body.ids) ? body.ids.filter((x) => typeof x === "string") : [];
+		if (ids.length === 0) return c.json({
+			ok: false,
+			error: { message: "Provide ids array or expired: true" }
+		}, 400);
+		const count = store.revokeMany(ids);
+		return c.json({
+			ok: true,
+			payload: { revokedCount: count }
+		});
+	});
+	authenticated.patch("/api/site-shares/:id", async (c) => {
+		const id = c.req.param("id");
+		let body;
+		try {
+			body = await c.req.json();
+		} catch {
+			return c.json({
+				ok: false,
+				error: { message: "Invalid JSON" }
+			}, 400);
+		}
+		const patch = {};
+		if (typeof body.extendTtlMs === "number") patch.extendTtlMs = body.extendTtlMs;
+		if (body.maxRequests === null || typeof body.maxRequests === "number") patch.maxRequests = body.maxRequests;
+		const updated = store.update(id, patch);
+		if (!updated) return c.json({
+			ok: false,
+			error: { message: "Not found" }
+		}, 404);
+		return c.json({
+			ok: true,
+			payload: {
+				id: updated.id,
+				expiresAt: updated.expiresAt,
+				maxRequests: updated.maxRequests
+			}
+		});
+	});
+}
+//#endregion
+export { registerSiteShareRoutes };
+//# sourceMappingURL=site-shares.js.map

package/dist/src/gateway/hono/routes/site-shares.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"site-shares.js","names":[],"sources":["../../../../../src/gateway/hono/routes/site-shares.ts"],"sourcesContent":["import type { Hono } from 'hono';\nimport { createHash } from 'node:crypto';\n\nimport { extractToken } from '../../auth.js';\nimport { getSiteShareStore } from '../../../share/site-share-store.js';\nimport { resolveSiteShareConfig } from '../../../share/site-share-config.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\nimport { resolveGatewayEffectiveHost } from '../../../config/gateway-bind.js';\n\nfunction hashGatewayToken(token: string): string {\n return createHash('sha256').update(token, 'utf8').digest('hex').slice(0, 12);\n}\n\nfunction buildShareUrls(\n record: import('../../../share/site-share-types.js').SiteShareRecord,\n publicHostSuffix: string,\n gatewayHost: string,\n gatewayPort: number,\n): { publicUrl: string; subpathUrl: string } {\n const label = record.subdomain ?? record.token;\n const publicUrl = `https://${label}.${publicHostSuffix}/`;\n const subpathUrl = `http://${gatewayHost}:${gatewayPort}/site/${record.token}/`;\n return { publicUrl, subpathUrl };\n}\n\nexport function registerSiteShareRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const { service } = deps;\n const store = getSiteShareStore(resolveSiteShareConfig(service));\n\n async function resolveWorkspaceRoot(\n sessionKey: string | undefined,\n agentId: string | undefined,\n ): Promise<string | null> {\n const cfg = service.currentConfig;\n if (sessionKey) {\n try {\n return await service.sessions.getEffectiveWorkspacePath(sessionKey);\n } catch {\n /* fall through */\n }\n }\n const { getWorkspacePath } = await import('../../../config/workspace-path-helpers.js');\n const { resolveAgentWorkspaceDir, normalizeAgentId, resolveDefaultAgentId } = await import(\n '../../../agent/agent-scope.js'\n );\n if (agentId) {\n const normalized = normalizeAgentId(agentId);\n return resolveAgentWorkspaceDir(cfg, normalized);\n }\n const root = getWorkspacePath(cfg);\n if (root) return root;\n const defaultId = resolveDefaultAgentId(cfg);\n return resolveAgentWorkspaceDir(cfg, defaultId);\n }\n\n authenticated.post('/api/site-shares', async (c) => {\n const gatewayToken = extractToken({ authorization: c.req.header('authorization') ?? undefined });\n if (!gatewayToken) return c.json({ ok: false, error: { message: 'Token required' } }, 401);\n\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n\n const kind = body.kind === 'static' || body.kind === 'proxy' ? body.kind : null;\n if (!kind) return c.json({ ok: false, error: { message: \"kind must be 'static' or 'proxy'\" } }, 400);\n\n const sessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : undefined;\n const agentId = typeof body.agentId === 'string' ? body.agentId.trim() : undefined;\n const path = typeof body.path === 'string' ? body.path.trim() : undefined;\n const upstreamUrl = typeof body.upstreamUrl === 'string' ? body.upstreamUrl.trim() : undefined;\n const ttlMs = typeof body.ttlMs === 'number' ? body.ttlMs : undefined;\n const description = typeof body.description === 'string' ? body.description.trim() || undefined : undefined;\n const subdomain = typeof body.subdomain === 'string' ? body.subdomain.trim() || undefined : undefined;\n const maxRequests =\n body.maxRequests === null\n ? null\n : typeof body.maxRequests === 'number'\n ? body.maxRequests\n : undefined;\n const spaFallback = typeof body.spaFallback === 'boolean' ? body.spaFallback : undefined;\n const rewriteMode =\n body.rewriteMode === 'none' || body.rewriteMode === 'html-only' || body.rewriteMode === 'html-css'\n ? body.rewriteMode\n : undefined;\n const forwardWebSocket = typeof body.forwardWebSocket === 'boolean' ? body.forwardWebSocket : undefined;\n\n let workspaceRoot: string | null = null;\n if (kind === 'static') {\n workspaceRoot = await resolveWorkspaceRoot(sessionKey, agentId);\n if (!workspaceRoot) {\n return c.json({ ok: false, error: { message: 'Workspace not configured' } }, 400);\n }\n }\n\n try {\n store.updateConfig(resolveSiteShareConfig(service));\n const record = await store.create({\n kind,\n path,\n upstreamUrl,\n ttlMs,\n description,\n subdomain,\n maxRequests,\n spaFallback,\n rewriteMode,\n forwardWebSocket,\n sessionKey,\n agentId,\n workspaceRoot,\n gatewayTokenHash: hashGatewayToken(gatewayToken),\n });\n\n const cfg = store.getConfig();\n const gw = service.currentConfig.gateway;\n const urls = buildShareUrls(record, cfg.publicHostSuffix, resolveGatewayEffectiveHost(service.currentConfig), gw.port ?? 18790);\n\n return c.json(\n {\n ok: true,\n payload: {\n id: record.id,\n token: record.token,\n subdomain: record.subdomain,\n kind: record.source.kind,\n createdAt: record.createdAt,\n expiresAt: record.expiresAt,\n description: record.description ?? null,\n maxRequests: record.maxRequests,\n publicUrl: urls.publicUrl,\n subpathUrl: urls.subpathUrl,\n },\n },\n 201,\n );\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return c.json({ ok: false, error: { message } }, 400);\n }\n });\n\n authenticated.get('/api/site-shares', (c) => {\n store.updateConfig(resolveSiteShareConfig(service));\n const cfg = store.getConfig();\n const gw = service.currentConfig.gateway;\n const gatewayHost = resolveGatewayEffectiveHost(service.currentConfig);\n const gatewayPort = gw.port ?? 18790;\n const items = store.getAllShares().map((r) => {\n const urls = buildShareUrls(r, cfg.publicHostSuffix, gatewayHost, gatewayPort);\n const expired = Date.now() >= new Date(r.expiresAt).getTime();\n return {\n id: r.id,\n token: r.token,\n subdomain: r.subdomain,\n kind: r.source.kind,\n createdAt: r.createdAt,\n expiresAt: r.expiresAt,\n revoked: r.revoked,\n expired,\n description: r.description ?? null,\n requestCount: r.requestCount,\n uniqueClientCount: r.uniqueClientCount,\n maxRequests: r.maxRequests,\n source: r.source,\n publicUrl: urls.publicUrl,\n subpathUrl: urls.subpathUrl,\n };\n });\n return c.json({ ok: true, payload: { shares: items } });\n });\n\n authenticated.get('/api/site-shares/:id', (c) => {\n const id = c.req.param('id');\n const record = store.getById(id);\n if (!record) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n const cfg = store.getConfig();\n const gw = service.currentConfig.gateway;\n const urls = buildShareUrls(record, cfg.publicHostSuffix, resolveGatewayEffectiveHost(service.currentConfig), gw.port ?? 18790);\n return c.json({\n ok: true,\n payload: {\n ...record,\n ...urls,\n expired: Date.now() >= new Date(record.expiresAt).getTime(),\n },\n });\n });\n\n authenticated.delete('/api/site-shares/:id', (c) => {\n const id = c.req.param('id');\n const ok = store.revoke(id);\n if (!ok) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n return c.json({ ok: true });\n });\n\n authenticated.delete('/api/site-shares', async (c) => {\n let body: Record<string, unknown> = {};\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n /* empty */\n }\n if (body.expired === true) {\n const count = store.revokeExpired();\n return c.json({ ok: true, payload: { revokedCount: count } });\n }\n const ids = Array.isArray(body.ids) ? (body.ids as string[]).filter((x) => typeof x === 'string') : [];\n if (ids.length === 0) {\n return c.json({ ok: false, error: { message: 'Provide ids array or expired: true' } }, 400);\n }\n const count = store.revokeMany(ids);\n return c.json({ ok: true, payload: { revokedCount: count } });\n });\n\n authenticated.patch('/api/site-shares/:id', async (c) => {\n const id = c.req.param('id');\n let body: Record<string, unknown>;\n try {\n body = (await c.req.json()) as Record<string, unknown>;\n } catch {\n return c.json({ ok: false, error: { message: 'Invalid JSON' } }, 400);\n }\n const patch: { extendTtlMs?: number; maxRequests?: number | null } = {};\n if (typeof body.extendTtlMs === 'number') patch.extendTtlMs = body.extendTtlMs;\n if (body.maxRequests === null || typeof body.maxRequests === 'number') {\n patch.maxRequests = body.maxRequests as number | null;\n }\n const updated = store.update(id, patch);\n if (!updated) return c.json({ ok: false, error: { message: 'Not found' } }, 404);\n return c.json({ ok: true, payload: { id: updated.id, expiresAt: updated.expiresAt, maxRequests: updated.maxRequests } });\n });\n}\n"],"mappings":";;;;;;AASA,SAAS,iBAAiB,OAAuB;AAC/C,QAAO,WAAW,SAAS,CAAC,OAAO,OAAO,OAAO,CAAC,OAAO,MAAM,CAAC,MAAM,GAAG,GAAG;;AAG9E,SAAS,eACP,QACA,kBACA,aACA,aAC2C;AAI3C,QAAO;EAAE,WAAA,WAHK,OAAO,aAAa,OAAO,MACN,GAAG,iBAAiB;EAEnC,YAAA,UADS,YAAY,GAAG,YAAY,QAAQ,OAAO,MAAM;EAC7C;;AAGlC,SAAgB,wBAAwB,eAAqB,MAAoC;CAC/F,MAAM,EAAE,YAAY;CACpB,MAAM,QAAQ,kBAAkB,uBAAuB,QAAQ,CAAC;CAEhE,eAAe,qBACb,YACA,SACwB;EACxB,MAAM,MAAM,QAAQ;AACpB,MAAI,WACF,KAAI;AACF,UAAO,MAAM,QAAQ,SAAS,0BAA0B,WAAW;UAC7D;EAIV,MAAM,EAAE,qBAAqB,MAAM,OAAO;EAC1C,MAAM,EAAE,0BAA0B,kBAAkB,0BAA0B,MAAM,OAClF;AAEF,MAAI,QAEF,QAAO,yBAAyB,KADb,iBAAiB,QACW,CAAC;EAElD,MAAM,OAAO,iBAAiB,IAAI;AAClC,MAAI,KAAM,QAAO;AAEjB,SAAO,yBAAyB,KADd,sBAAsB,IACM,CAAC;;AAGjD,eAAc,KAAK,oBAAoB,OAAO,MAAM;EAClD,MAAM,eAAe,aAAa,EAAE,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GAAW,CAAC;AAChG,MAAI,CAAC,aAAc,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,kBAAkB;GAAE,EAAE,IAAI;EAE1F,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAGvE,MAAM,OAAO,KAAK,SAAS,YAAY,KAAK,SAAS,UAAU,KAAK,OAAO;AAC3E,MAAI,CAAC,KAAM,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,oCAAoC;GAAE,EAAE,IAAI;EAEpG,MAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG,KAAA;EAClF,MAAM,UAAU,OAAO,KAAK,YAAY,WAAW,KAAK,QAAQ,MAAM,GAAG,KAAA;EACzE,MAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,KAAK,MAAM,GAAG,KAAA;EAChE,MAAM,cAAc,OAAO,KAAK,gBAAgB,WAAW,KAAK,YAAY,MAAM,GAAG,KAAA;EACrF,MAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,KAAA;EAC5D,MAAM,cAAc,OAAO,KAAK,gBAAgB,WAAW,KAAK,YAAY,MAAM,IAAI,KAAA,IAAY,KAAA;EAClG,MAAM,YAAY,OAAO,KAAK,cAAc,WAAW,KAAK,UAAU,MAAM,IAAI,KAAA,IAAY,KAAA;EAC5F,MAAM,cACJ,KAAK,gBAAgB,OACjB,OACA,OAAO,KAAK,gBAAgB,WAC5B,KAAK,cACL,KAAA;EACN,MAAM,cAAc,OAAO,KAAK,gBAAgB,YAAY,KAAK,cAAc,KAAA;EAC/E,MAAM,cACJ,KAAK,gBAAgB,UAAU,KAAK,gBAAgB,eAAe,KAAK,gBAAgB,aACpF,KAAK,cACL,KAAA;EACN,MAAM,mBAAmB,OAAO,KAAK,qBAAqB,YAAY,KAAK,mBAAmB,KAAA;EAE9F,IAAI,gBAA+B;AACnC,MAAI,SAAS,UAAU;AACrB,mBAAgB,MAAM,qBAAqB,YAAY,QAAQ;AAC/D,OAAI,CAAC,cACH,QAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,4BAA4B;IAAE,EAAE,IAAI;;AAIrF,MAAI;AACF,SAAM,aAAa,uBAAuB,QAAQ,CAAC;GACnD,MAAM,SAAS,MAAM,MAAM,OAAO;IAChC;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,kBAAkB,iBAAiB,aAAa;IACjD,CAAC;GAEF,MAAM,MAAM,MAAM,WAAW;GAC7B,MAAM,KAAK,QAAQ,cAAc;GACjC,MAAM,OAAO,eAAe,QAAQ,IAAI,kBAAkB,4BAA4B,QAAQ,cAAc,EAAE,GAAG,QAAQ,MAAM;AAE/H,UAAO,EAAE,KACP;IACE,IAAI;IACJ,SAAS;KACP,IAAI,OAAO;KACX,OAAO,OAAO;KACd,WAAW,OAAO;KAClB,MAAM,OAAO,OAAO;KACpB,WAAW,OAAO;KAClB,WAAW,OAAO;KAClB,aAAa,OAAO,eAAe;KACnC,aAAa,OAAO;KACpB,WAAW,KAAK;KAChB,YAAY,KAAK;KAClB;IACF,EACD,IACD;WACM,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS;IAAE,EAAE,IAAI;;GAEvD;AAEF,eAAc,IAAI,qBAAqB,MAAM;AAC3C,QAAM,aAAa,uBAAuB,QAAQ,CAAC;EACnD,MAAM,MAAM,MAAM,WAAW;EAC7B,MAAM,KAAK,QAAQ,cAAc;EACjC,MAAM,cAAc,4BAA4B,QAAQ,cAAc;EACtE,MAAM,cAAc,GAAG,QAAQ;EAC/B,MAAM,QAAQ,MAAM,cAAc,CAAC,KAAK,MAAM;GAC5C,MAAM,OAAO,eAAe,GAAG,IAAI,kBAAkB,aAAa,YAAY;GAC9E,MAAM,UAAU,KAAK,KAAK,IAAI,IAAI,KAAK,EAAE,UAAU,CAAC,SAAS;AAC7D,UAAO;IACL,IAAI,EAAE;IACN,OAAO,EAAE;IACT,WAAW,EAAE;IACb,MAAM,EAAE,OAAO;IACf,WAAW,EAAE;IACb,WAAW,EAAE;IACb,SAAS,EAAE;IACX;IACA,aAAa,EAAE,eAAe;IAC9B,cAAc,EAAE;IAChB,mBAAmB,EAAE;IACrB,aAAa,EAAE;IACf,QAAQ,EAAE;IACV,WAAW,KAAK;IAChB,YAAY,KAAK;IAClB;IACD;AACF,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,QAAQ,OAAO;GAAE,CAAC;GACvD;AAEF,eAAc,IAAI,yBAAyB,MAAM;EAC/C,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,MAAM,SAAS,MAAM,QAAQ,GAAG;AAChC,MAAI,CAAC,OAAQ,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;EAC/E,MAAM,MAAM,MAAM,WAAW;EAC7B,MAAM,KAAK,QAAQ,cAAc;EACjC,MAAM,OAAO,eAAe,QAAQ,IAAI,kBAAkB,4BAA4B,QAAQ,cAAc,EAAE,GAAG,QAAQ,MAAM;AAC/H,SAAO,EAAE,KAAK;GACZ,IAAI;GACJ,SAAS;IACP,GAAG;IACH,GAAG;IACH,SAAS,KAAK,KAAK,IAAI,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS;IAC5D;GACF,CAAC;GACF;AAEF,eAAc,OAAO,yBAAyB,MAAM;EAClD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;AAE5B,MAAI,CADO,MAAM,OAAO,GACjB,CAAE,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;AAC3E,SAAO,EAAE,KAAK,EAAE,IAAI,MAAM,CAAC;GAC3B;AAEF,eAAc,OAAO,oBAAoB,OAAO,MAAM;EACpD,IAAI,OAAgC,EAAE;AACtC,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AAGR,MAAI,KAAK,YAAY,MAAM;GACzB,MAAM,QAAQ,MAAM,eAAe;AACnC,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS,EAAE,cAAc,OAAO;IAAE,CAAC;;EAE/D,MAAM,MAAM,MAAM,QAAQ,KAAK,IAAI,GAAI,KAAK,IAAiB,QAAQ,MAAM,OAAO,MAAM,SAAS,GAAG,EAAE;AACtG,MAAI,IAAI,WAAW,EACjB,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,sCAAsC;GAAE,EAAE,IAAI;EAE7F,MAAM,QAAQ,MAAM,WAAW,IAAI;AACnC,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,cAAc,OAAO;GAAE,CAAC;GAC7D;AAEF,eAAc,MAAM,wBAAwB,OAAO,MAAM;EACvD,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK;EAC5B,IAAI;AACJ,MAAI;AACF,UAAQ,MAAM,EAAE,IAAI,MAAM;UACpB;AACN,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO,EAAE,SAAS,gBAAgB;IAAE,EAAE,IAAI;;EAEvE,MAAM,QAA+D,EAAE;AACvE,MAAI,OAAO,KAAK,gBAAgB,SAAU,OAAM,cAAc,KAAK;AACnE,MAAI,KAAK,gBAAgB,QAAQ,OAAO,KAAK,gBAAgB,SAC3D,OAAM,cAAc,KAAK;EAE3B,MAAM,UAAU,MAAM,OAAO,IAAI,MAAM;AACvC,MAAI,CAAC,QAAS,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO,EAAE,SAAS,aAAa;GAAE,EAAE,IAAI;AAChF,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS;IAAE,IAAI,QAAQ;IAAI,WAAW,QAAQ;IAAW,aAAa,QAAQ;IAAa;GAAE,CAAC;GACxH"}