gh-here 2.0.0 → 3.0.0

package/lib/server.js

@@ -6,6 +6,7 @@ const { getGitStatus, getGitBranch, commitAllChanges, commitSelectedFiles, getGi
 const { isIgnoredByGitignore, getGitignoreRules } = require('./gitignore');
 const { renderDirectory, renderFileDiff, renderFile, renderNewFile } = require('./renderers');
 const { isImageFile, isBinaryFile } = require('./file-utils');
+const { buildFileTree } = require('./file-tree-builder');
 
 /**
  * Express server setup and route handlers
@@ -18,6 +19,84 @@ function setupRoutes(app, workingDir, isGitRepo, gitRepoRoot) {
   app.use('/octicons', express.static(path.join(__dirname, '..', 'node_modules', '@primer', 'octicons', 'build')));
 
 
+  // API endpoint for file tree
+  app.get('/api/file-tree', (req, res) => {
+    try {
+      const showGitignored = req.query.showGitignored === 'true';
+      const gitignoreRules = getGitignoreRules(workingDir);
+      const tree = buildFileTree(workingDir, '', gitignoreRules, workingDir, showGitignored);
+      res.json({ success: true, tree });
+    } catch (error) {
+      res.status(500).json({ success: false, error: error.message });
+    }
+  });
+
+  // API endpoint for global file search
+  app.get('/api/search', (req, res) => {
+    try {
+      const query = req.query.q || '';
+      if (!query.trim()) {
+        return res.json({ success: true, results: [] });
+      }
+
+      const gitignoreRules = getGitignoreRules(workingDir);
+      const results = [];
+      const lowerQuery = query.toLowerCase();
+
+      function searchDirectory(dir, relativePath = '') {
+        const entries = fs.readdirSync(dir);
+
+        for (const entry of entries) {
+          const fullPath = path.join(dir, entry);
+          const relPath = path.join(relativePath, entry).replace(/\\/g, '/');
+
+          try {
+            const stats = fs.statSync(fullPath);
+
+            // Skip gitignored files
+            if (!isIgnoredByGitignore(fullPath, gitignoreRules, workingDir, stats.isDirectory())) {
+              // Check if filename matches
+              if (entry.toLowerCase().includes(lowerQuery)) {
+                results.push({
+                  path: relPath,
+                  name: entry,
+                  isDirectory: stats.isDirectory(),
+                  modified: stats.mtime
+                });
+              }
+
+              // Recurse into directories
+              if (stats.isDirectory()) {
+                searchDirectory(fullPath, relPath);
+              }
+            }
+          } catch (err) {
+            // Skip files we can't access
+            continue;
+          }
+        }
+      }
+
+      searchDirectory(workingDir);
+
+      // Sort results: exact matches first, then directories, then alphabetically
+      results.sort((a, b) => {
+        const aExact = a.name.toLowerCase() === lowerQuery ? 1 : 0;
+        const bExact = b.name.toLowerCase() === lowerQuery ? 1 : 0;
+        if (aExact !== bExact) return bExact - aExact;
+
+        if (a.isDirectory !== b.isDirectory) {
+          return a.isDirectory ? -1 : 1;
+        }
+        return a.path.localeCompare(b.path);
+      });
+
+      res.json({ success: true, results, query });
+    } catch (error) {
+      res.status(500).json({ success: false, error: error.message });
+    }
+  });
+
   // Download route
   app.get('/download', (req, res) => {
     const filePath = req.query.path || '';
@@ -48,7 +127,7 @@ function setupRoutes(app, workingDir, isGitRepo, gitRepoRoot) {
   // Main route - directory or file view
   app.get('/', async (req, res) => {
     const currentPath = req.query.path || '';
-    const showGitignored = req.query.gitignore === 'false';
+    const showGitignored = req.query.showGitignored === 'true';
     const fullPath = path.join(workingDir, currentPath);
     
     // Get git status and branch info
@@ -61,36 +140,39 @@ function setupRoutes(app, workingDir, isGitRepo, gitRepoRoot) {
       if (stats.isDirectory()) {
         const gitignoreRules = getGitignoreRules(workingDir);
         
-        let items = fs.readdirSync(fullPath).map(item => {
-          const itemPath = path.join(fullPath, item);
-          const itemStats = fs.statSync(itemPath);
-          const absoluteItemPath = path.resolve(itemPath);
-          const gitInfo = gitStatus[absoluteItemPath] || null;
-          
-          return {
-            name: item,
-            path: path.join(currentPath, item).replace(/\\/g, '/'),
-            isDirectory: itemStats.isDirectory(),
-            size: itemStats.size,
-            modified: itemStats.mtime,
-            gitStatus: gitInfo
-          };
-        });
-        
-        // Filter out gitignored files unless explicitly requested to show them
-        if (!showGitignored) {
-          items = items.filter(item => {
-            const itemFullPath = path.join(fullPath, item.name);
-            return !isIgnoredByGitignore(itemFullPath, gitignoreRules, workingDir, item.isDirectory);
+        // Optimize: Batch file system operations
+        const dirEntries = fs.readdirSync(fullPath);
+        const items = dirEntries
+          .map(item => {
+            const itemPath = path.join(fullPath, item);
+            const itemStats = fs.statSync(itemPath);
+            const absoluteItemPath = path.resolve(itemPath);
+            const gitInfo = gitStatus[absoluteItemPath] || null;
+            
+            return {
+              name: item,
+              path: path.join(currentPath, item).replace(/\\/g, '/'),
+              isDirectory: itemStats.isDirectory(),
+              size: itemStats.size,
+              modified: itemStats.mtime,
+              gitStatus: gitInfo,
+              fullPath: itemPath
+            };
+          })
+          .filter(item => {
+            // Filter gitignored files unless explicitly requested
+            if (!showGitignored) {
+              return !isIgnoredByGitignore(item.fullPath, gitignoreRules, workingDir, item.isDirectory);
+            }
+            return true;
+          })
+          .sort((a, b) => {
+            // Sort: directories first, then alphabetically
+            if (a.isDirectory !== b.isDirectory) {
+              return a.isDirectory ? -1 : 1;
+            }
+            return a.name.localeCompare(b.name, undefined, { numeric: true, sensitivity: 'base' });
           });
-        }
-        
-        // Sort items (directories first, then alphabetically)
-        items.sort((a, b) => {
-          if (a.isDirectory && !b.isDirectory) return -1;
-          if (!a.isDirectory && b.isDirectory) return 1;
-          return a.name.localeCompare(b.name);
-        });
         
         res.send(renderDirectory(currentPath, items, showGitignored, gitBranch, gitStatus, workingDir));
       } else {
@@ -108,11 +190,11 @@ function setupRoutes(app, workingDir, isGitRepo, gitRepoRoot) {
           const absolutePath = path.resolve(fullPath);
           const gitInfo = gitStatus[absolutePath];
           if (gitInfo) {
-            const diffHtml = await renderFileDiff(currentPath, ext, gitInfo, gitRepoRoot, workingDir);
+            const diffHtml = await renderFileDiff(currentPath, ext, gitInfo, gitRepoRoot, workingDir, gitBranch);
             return res.send(diffHtml);
           }
         }
-        
+
         res.send(await renderFile(currentPath, content, ext, viewMode, gitStatus, workingDir));
       }
     } catch (error) {
@@ -143,6 +225,12 @@ function setupRoutes(app, workingDir, isGitRepo, gitRepoRoot) {
       }
       
       const content = fs.readFileSync(fullPath, 'utf-8');
+      
+      // Set proper headers for raw file view (like GitHub)
+      res.setHeader('Content-Type', 'text/plain; charset=utf-8');
+      res.setHeader('X-Content-Type-Options', 'nosniff');
+      res.setHeader('Content-Disposition', `inline; filename="${path.basename(fullPath)}"`);
+      
       res.send(content);
     } catch (error) {
       res.status(404).send(`File not found: ${error.message}`);

package/lib/validation.js

@@ -0,0 +1,77 @@
+/**
+ * Input validation and security utilities
+ */
+
+const path = require('path');
+
+/**
+ * Validates that a path is within the allowed working directory
+ * Prevents path traversal attacks
+ */
+function validatePath(requestPath, workingDir) {
+  const fullPath = path.resolve(path.join(workingDir, requestPath || ''));
+  return fullPath.startsWith(workingDir);
+}
+
+/**
+ * Sanitizes file paths to prevent injection
+ */
+function sanitizePath(filePath) {
+  if (!filePath) {
+    return '';
+  }
+  return filePath.replace(/\.\./g, '').replace(/[<>:"|?*]/g, '');
+}
+
+/**
+ * Validates commit message
+ */
+function validateCommitMessage(message) {
+  if (!message || typeof message !== 'string') {
+    return false;
+  }
+  return message.trim().length > 0 && message.trim().length <= 5000;
+}
+
+/**
+ * Validates filename
+ */
+function validateFilename(filename) {
+  if (!filename || typeof filename !== 'string') {
+    return false;
+  }
+
+  const sanitized = filename.trim();
+
+  if (sanitized.length === 0 || sanitized.length > 255) {
+    return false;
+  }
+
+  const invalidChars = /[<>:"|?*\x00-\x1F]/;
+  if (invalidChars.test(sanitized)) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Validates an array of file paths
+ */
+function validateFilePaths(files) {
+  if (!Array.isArray(files) || files.length === 0) {
+    return false;
+  }
+
+  return files.every(file => {
+    return typeof file === 'string' && file.trim().length > 0;
+  });
+}
+
+module.exports = {
+  validatePath,
+  sanitizePath,
+  validateCommitMessage,
+  validateFilename,
+  validateFilePaths
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gh-here",
-  "version": "2.0.0",
+  "version": "3.0.0",
   "description": "A local GitHub-like file browser for viewing code",
   "repository": "https://github.com/corywilkerson/gh-here",
   "main": "index.js",