nterminal 1.2.0

package/dist/server/auth/cookies.js

@@ -0,0 +1,39 @@
+export const cookieNames = {
+    session: 'nterminal_session',
+    device: 'nterminal_device'
+};
+const legacyCookieNames = ['nterminal_device_id', 'nterminal_device_token'];
+const deviceCookieMaxAgeSeconds = 30 * 24 * 60 * 60;
+export function authCookieOptions(config, maxAgeSeconds) {
+    const options = {
+        httpOnly: true,
+        sameSite: 'lax',
+        secure: config.cookieSecure,
+        path: '/'
+    };
+    if (maxAgeSeconds !== undefined) {
+        options.maxAge = maxAgeSeconds;
+    }
+    return options;
+}
+export function setSessionCookie(reply, config, sessionId) {
+    clearLegacyAuthCookies(reply, config);
+    reply.setCookie(cookieNames.session, sessionId, authCookieOptions(config, Math.ceil(config.sessionTtlMs / 1000)));
+}
+export function setDeviceCookie(reply, config, token) {
+    reply.setCookie(cookieNames.device, token, authCookieOptions(config, deviceCookieMaxAgeSeconds));
+}
+export function clearSessionCookie(reply, config) {
+    reply.clearCookie(cookieNames.session, authCookieOptions(config));
+}
+export function clearAuthCookies(reply, config) {
+    reply.clearCookie(cookieNames.session, authCookieOptions(config));
+    reply.clearCookie(cookieNames.device, authCookieOptions(config));
+    clearLegacyAuthCookies(reply, config);
+}
+function clearLegacyAuthCookies(reply, config) {
+    for (const name of legacyCookieNames) {
+        reply.clearCookie(name, authCookieOptions(config));
+    }
+}
+//# sourceMappingURL=cookies.js.map

package/dist/server/auth/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/server/auth/cookies.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,OAAO,EAAE,mBAAmB;IAC5B,MAAM,EAAE,kBAAkB;CAClB,CAAC;AAEX,MAAM,iBAAiB,GAAG,CAAC,qBAAqB,EAAE,wBAAwB,CAAU,CAAC;AAErF,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEpD,MAAM,UAAU,iBAAiB,CAAC,MAAiB,EAAE,aAAsB;IACzE,MAAM,OAAO,GAAsD;QACjE,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,IAAI,EAAE,GAAG;KACV,CAAC;IACF,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC;IACjC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAmB,EAAE,MAAiB,EAAE,SAAiB;IACxF,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACtC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACpH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAmB,EAAE,MAAiB,EAAE,KAAa;IACnF,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,iBAAiB,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC;AACnG,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAmB,EAAE,MAAiB;IACvE,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAmB,EAAE,MAAiB;IACrE,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IAClE,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAmB,EAAE,MAAiB;IACpE,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IACrD,CAAC;AACH,CAAC"}

package/dist/server/auth/ipMatch.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Normalize a raw IP into a canonical string. IPv4-mapped IPv6 addresses
+ * (e.g. "::ffff:1.2.3.4") collapse to their IPv4 form so the same client
+ * compares equal regardless of socket family.
+ */
+export declare function normalizeIp(raw: string | undefined | null): string | null;
+/** Validate that a string is a bare IP or CIDR (e.g. "1.2.3.4" or "10.0.0.0/8"). */
+export declare function isValidIpRule(value: string): boolean;
+export declare function ipMatchesAny(ip: string | null, rules: Array<{
+    value: string;
+}>): boolean;
+export declare const DEFAULT_SESSION_IP_MASK_V4 = 24;
+export declare const DEFAULT_SESSION_IP_MASK_V6 = 48;
+export declare function isWithinSessionNetwork(candidate: string, reference: string, ipv4Bits?: number, ipv6Bits?: number): boolean;

package/dist/server/auth/ipMatch.js

@@ -0,0 +1,103 @@
+import ipaddr from 'ipaddr.js';
+/**
+ * Normalize a raw IP into a canonical string. IPv4-mapped IPv6 addresses
+ * (e.g. "::ffff:1.2.3.4") collapse to their IPv4 form so the same client
+ * compares equal regardless of socket family.
+ */
+export function normalizeIp(raw) {
+    if (!raw) {
+        return null;
+    }
+    const trimmed = raw.trim();
+    if (!ipaddr.isValid(trimmed)) {
+        return null;
+    }
+    let addr = ipaddr.parse(trimmed);
+    if (addr.kind() === 'ipv6' && addr.isIPv4MappedAddress()) {
+        addr = addr.toIPv4Address();
+    }
+    return addr.toNormalizedString();
+}
+/** Validate that a string is a bare IP or CIDR (e.g. "1.2.3.4" or "10.0.0.0/8"). */
+export function isValidIpRule(value) {
+    const trimmed = value.trim();
+    if (trimmed.includes('/')) {
+        try {
+            ipaddr.parseCIDR(trimmed);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    return ipaddr.isValid(trimmed);
+}
+/** True if `ip` matches the rule, which may be a bare IP or a CIDR range. */
+function ipMatchesRule(ip, rule) {
+    const trimmed = rule.trim();
+    let candidate;
+    try {
+        candidate = ipaddr.parse(ip);
+    }
+    catch {
+        return false;
+    }
+    if (trimmed.includes('/')) {
+        let range;
+        try {
+            range = ipaddr.parseCIDR(trimmed);
+        }
+        catch {
+            return false;
+        }
+        if (candidate.kind() !== range[0].kind()) {
+            return false;
+        }
+        return candidate.match(range);
+    }
+    const normalizedRule = normalizeIp(trimmed);
+    return normalizedRule !== null && normalizedRule === normalizeIp(ip);
+}
+export function ipMatchesAny(ip, rules) {
+    if (!ip) {
+        return false;
+    }
+    return rules.some((rule) => ipMatchesRule(ip, rule.value));
+}
+// Default prefix lengths used to decide whether a new IP "looks like" the
+// same network as the one a session was bound to. /24 for IPv4 covers the
+// common residential / CGNAT rotation case (ISP keeps reassigning addresses
+// inside the same /24 every few minutes) without letting a totally unrelated
+// network reuse the session. /48 for IPv6 matches the canonical site prefix.
+export const DEFAULT_SESSION_IP_MASK_V4 = 24;
+export const DEFAULT_SESSION_IP_MASK_V6 = 48;
+// True when `candidate` falls inside `reference`'s /prefix subnet of the
+// matching address family. Both inputs must already be normalized strings
+// (use `normalizeIp` first). Returns false when families differ, either
+// input fails to parse, or the prefix is out of range — callers treat that
+// as "no match" rather than throwing, so a malformed value can't accidentally
+// let a session through.
+export function isWithinSessionNetwork(candidate, reference, ipv4Bits = DEFAULT_SESSION_IP_MASK_V4, ipv6Bits = DEFAULT_SESSION_IP_MASK_V6) {
+    if (candidate === reference) {
+        return true;
+    }
+    let candAddr;
+    let refAddr;
+    try {
+        candAddr = ipaddr.parse(candidate);
+        refAddr = ipaddr.parse(reference);
+    }
+    catch {
+        return false;
+    }
+    if (candAddr.kind() !== refAddr.kind()) {
+        return false;
+    }
+    const bits = candAddr.kind() === 'ipv4' ? ipv4Bits : ipv6Bits;
+    const maxBits = candAddr.kind() === 'ipv4' ? 32 : 128;
+    if (!Number.isInteger(bits) || bits < 0 || bits > maxBits) {
+        return false;
+    }
+    return candAddr.match([refAddr, bits]);
+}
+//# sourceMappingURL=ipMatch.js.map

package/dist/server/auth/ipMatch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipMatch.js","sourceRoot":"","sources":["../../../src/server/auth/ipMatch.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,WAAW,CAAC;AAE/B;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,GAA8B;IACxD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,MAAM,IAAK,IAAoB,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC1E,IAAI,GAAI,IAAoB,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;AACnC,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,6EAA6E;AAC7E,SAAS,aAAa,CAAC,EAAU,EAAE,IAAY;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,SAAoC,CAAC;IACzC,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,IAAI,KAA0C,CAAC;QAC/C,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACzC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,WAAW,CAAC,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,EAAiB,EAAE,KAA+B;IAC7E,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,0EAA0E;AAC1E,0EAA0E;AAC1E,4EAA4E;AAC5E,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,0BAA0B,GAAG,EAAE,CAAC;AAC7C,MAAM,CAAC,MAAM,0BAA0B,GAAG,EAAE,CAAC;AAE7C,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,2EAA2E;AAC3E,8EAA8E;AAC9E,yBAAyB;AACzB,MAAM,UAAU,sBAAsB,CACpC,SAAiB,EACjB,SAAiB,EACjB,QAAQ,GAAG,0BAA0B,EACrC,QAAQ,GAAG,0BAA0B;IAErC,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAmC,CAAC;IACxC,IAAI,OAAkC,CAAC;IACvC,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC9D,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;AACzC,CAAC"}

package/dist/server/auth/rateLimit.d.ts

@@ -0,0 +1,17 @@
+export interface RateLimitOptions {
+    limit: number;
+    windowMs: number;
+    now?: () => number;
+}
+export interface RateLimitResult {
+    allowed: boolean;
+    retryAfterMs: number;
+}
+export declare class InMemoryRateLimit {
+    private readonly options;
+    private readonly buckets;
+    private readonly now;
+    constructor(options: RateLimitOptions);
+    consume(key: string): RateLimitResult;
+    reset(key: string): void;
+}

package/dist/server/auth/rateLimit.js

@@ -0,0 +1,25 @@
+export class InMemoryRateLimit {
+    options;
+    buckets = new Map();
+    now;
+    constructor(options) {
+        this.options = options;
+        this.now = options.now ?? Date.now;
+    }
+    consume(key) {
+        const now = this.now();
+        const existing = this.buckets.get(key);
+        const bucket = existing && existing.resetAt > now ? existing : { count: 0, resetAt: now + this.options.windowMs };
+        if (bucket.count >= this.options.limit) {
+            this.buckets.set(key, bucket);
+            return { allowed: false, retryAfterMs: Math.max(0, bucket.resetAt - now) };
+        }
+        bucket.count += 1;
+        this.buckets.set(key, bucket);
+        return { allowed: true, retryAfterMs: 0 };
+    }
+    reset(key) {
+        this.buckets.delete(key);
+    }
+}
+//# sourceMappingURL=rateLimit.js.map

package/dist/server/auth/rateLimit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rateLimit.js","sourceRoot":"","sources":["../../../src/server/auth/rateLimit.ts"],"names":[],"mappings":"AAgBA,MAAM,OAAO,iBAAiB;IAIC;IAHZ,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,GAAG,CAAe;IAEnC,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;IACrC,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,QAAQ,IAAI,QAAQ,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAElH,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;QAClB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,GAAW;QACf,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;CACF"}

package/dist/server/auth/totpService.d.ts

@@ -0,0 +1,10 @@
+export interface TotpSetup {
+    secret: string;
+    qrDataUrl: string;
+}
+export declare class TotpService {
+    private readonly issuer;
+    constructor(issuer?: string);
+    generateSetup(accountName: string): Promise<TotpSetup>;
+    verify(secret: string, token: string): boolean;
+}

package/dist/server/auth/totpService.js

@@ -0,0 +1,37 @@
+import * as OTPAuth from 'otpauth';
+import QRCode from 'qrcode';
+export class TotpService {
+    issuer;
+    constructor(issuer = 'NTerminal') {
+        this.issuer = issuer;
+    }
+    async generateSetup(accountName) {
+        const totp = new OTPAuth.TOTP({
+            issuer: this.issuer,
+            label: accountName,
+            algorithm: 'SHA1',
+            digits: 6,
+            period: 30,
+            secret: new OTPAuth.Secret()
+        });
+        const uri = totp.toString();
+        const qrDataUrl = await QRCode.toDataURL(uri, { width: 256, margin: 2 });
+        return { secret: totp.secret.base32, qrDataUrl };
+    }
+    verify(secret, token) {
+        try {
+            const totp = new OTPAuth.TOTP({
+                algorithm: 'SHA1',
+                digits: 6,
+                period: 30,
+                secret: OTPAuth.Secret.fromBase32(secret)
+            });
+            const delta = totp.validate({ token, window: 1 });
+            return delta !== null;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=totpService.js.map

package/dist/server/auth/totpService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totpService.js","sourceRoot":"","sources":["../../../src/server/auth/totpService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC;AACnC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAO5B,MAAM,OAAO,WAAW;IACL,MAAM,CAAS;IAEhC,YAAY,MAAM,GAAG,WAAW;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,WAAmB;QACrC,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,WAAW;YAClB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,IAAI,OAAO,CAAC,MAAM,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;IACnD,CAAC;IAED,MAAM,CAAC,MAAc,EAAE,KAAa;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;gBAC5B,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,CAAC;gBACT,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;aAC1C,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,KAAK,KAAK,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/server/config.d.ts

@@ -0,0 +1,27 @@
+export interface AppConfig {
+    host: string;
+    port: number;
+    workspaceRoot: string;
+    shell: string;
+    statePath: string;
+    sessionSecret: string;
+    sessionTtlMs: number;
+    cookieSecure: boolean;
+    allowedOrigins: string[];
+    staticRoot: string;
+    isProduction: boolean;
+    agentToken: string | null;
+    trustProxy: boolean | string;
+    uploadMaxFiles: number;
+    uploadMaxFileBytes: number;
+    uploadMaxBatchBytes: number;
+    fileListMaxEntries: number;
+    fileTextMaxBytes: number;
+    filePreviewMaxBytes: number;
+}
+export interface ConfigEnv {
+    [key: string]: string | undefined;
+}
+export declare function loadDotEnvFile(filePath?: string, baseEnv?: ConfigEnv): ConfigEnv;
+export declare function loadConfig(env?: ConfigEnv): AppConfig;
+export declare function isAllowedOrigin(config: Pick<AppConfig, 'allowedOrigins'>, origin: string | undefined): boolean;

package/dist/server/config.js

@@ -0,0 +1,138 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+function readInt(value, fallback, name) {
+    if (value === undefined || value.trim() === '') {
+        return fallback;
+    }
+    const parsed = Number(value);
+    if (!Number.isInteger(parsed) || parsed <= 0) {
+        throw new Error(`${name} must be a positive integer`);
+    }
+    return parsed;
+}
+function requireSecret(env, name, fallbackForTest) {
+    const value = env[name]?.trim();
+    const secret = value || (env.NODE_ENV === 'test' ? fallbackForTest : undefined);
+    if (!secret) {
+        throw new Error(`${name} is required`);
+    }
+    if (secret.length < 16) {
+        throw new Error(`${name} must be at least 16 characters`);
+    }
+    if (name === 'NTERMINAL_SESSION_SECRET' && secret.length < 24) {
+        throw new Error(`${name} must be at least 24 characters`);
+    }
+    return secret;
+}
+function parseTrustProxy(raw) {
+    const value = raw?.trim();
+    if (!value || value === 'false') {
+        return false;
+    }
+    if (value === 'true') {
+        return true;
+    }
+    // Number of hops or a comma-separated list of trusted IPs/CIDRs — passed through to Fastify.
+    return value;
+}
+function resolveShell(env) {
+    return env.NTERMINAL_SHELL?.trim() || env.SHELL?.trim() || (os.platform() === 'win32' ? 'powershell.exe' : '/bin/bash');
+}
+function parseOrigins(raw, host, port) {
+    const configured = raw
+        ?.split(',')
+        .map((origin) => origin.trim())
+        .filter(Boolean);
+    if (configured && configured.length > 0) {
+        return configured;
+    }
+    return [`http://${host}:${port}`, `http://localhost:${port}`, `http://127.0.0.1:${port}`];
+}
+export function loadDotEnvFile(filePath = '.env', baseEnv = process.env) {
+    if (!fs.existsSync(filePath)) {
+        return baseEnv;
+    }
+    const parsed = { ...baseEnv };
+    const content = fs.readFileSync(filePath, 'utf8');
+    for (const rawLine of content.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith('#')) {
+            continue;
+        }
+        const separator = line.indexOf('=');
+        if (separator === -1) {
+            continue;
+        }
+        const key = line.slice(0, separator).trim();
+        if (!key || parsed[key] !== undefined) {
+            continue;
+        }
+        parsed[key] = stripEnvQuotes(line.slice(separator + 1).trim());
+    }
+    return parsed;
+}
+export function loadConfig(env = process.env) {
+    const host = env.NTERMINAL_HOST?.trim() || '127.0.0.1';
+    const port = readInt(env.NTERMINAL_PORT, 3107, 'NTERMINAL_PORT');
+    // Default to the operator's HOME — process.cwd() was confusing because
+    // nterminalctl deploy starts the server from the repo directory, so new
+    // terminals opened in 127.0.0.1:3107 would start in the NTerminal repo
+    // instead of the operator's working directory.
+    const workspaceRoot = path.resolve(expandHomePath(env.NTERMINAL_WORKSPACE_ROOT?.trim() || os.homedir()));
+    const statePath = path.resolve(env.NTERMINAL_STATE_PATH?.trim() || '.nterminal/state.json');
+    const sessionTtlSeconds = readInt(env.NTERMINAL_SESSION_TTL_SECONDS, 43_200, 'NTERMINAL_SESSION_TTL_SECONDS');
+    const uploadMaxFiles = readInt(env.NTERMINAL_UPLOAD_MAX_FILES, 1024, 'NTERMINAL_UPLOAD_MAX_FILES');
+    const uploadMaxFileBytes = readInt(env.NTERMINAL_UPLOAD_MAX_FILE_BYTES, 536_870_912, 'NTERMINAL_UPLOAD_MAX_FILE_BYTES');
+    const uploadMaxBatchBytes = readInt(env.NTERMINAL_UPLOAD_MAX_BATCH_BYTES, 2_147_483_648, 'NTERMINAL_UPLOAD_MAX_BATCH_BYTES');
+    const fileListMaxEntries = readInt(env.NTERMINAL_FILE_LIST_MAX_ENTRIES, 2000, 'NTERMINAL_FILE_LIST_MAX_ENTRIES');
+    const fileTextMaxBytes = readInt(env.NTERMINAL_FILE_TEXT_MAX_BYTES, 1_048_576, 'NTERMINAL_FILE_TEXT_MAX_BYTES');
+    const filePreviewMaxBytes = readInt(env.NTERMINAL_FILE_PREVIEW_MAX_BYTES, 52_428_800, 'NTERMINAL_FILE_PREVIEW_MAX_BYTES');
+    const isProduction = env.NODE_ENV === 'production';
+    const rawAgentToken = env.NTERMINAL_AGENT_TOKEN?.trim() || null;
+    const agentToken = rawAgentToken && rawAgentToken.length >= 32 ? rawAgentToken : null;
+    const trustProxy = parseTrustProxy(env.NTERMINAL_TRUST_PROXY);
+    return {
+        host,
+        port,
+        workspaceRoot,
+        shell: resolveShell(env),
+        statePath,
+        sessionSecret: requireSecret(env, 'NTERMINAL_SESSION_SECRET', 'test-session-secret-that-is-long-enough'),
+        sessionTtlMs: sessionTtlSeconds * 1000,
+        cookieSecure: env.NTERMINAL_COOKIE_SECURE === 'true' || (isProduction && env.NTERMINAL_COOKIE_SECURE !== 'false'),
+        allowedOrigins: parseOrigins(env.NTERMINAL_ALLOWED_ORIGINS, host, port),
+        staticRoot: path.resolve(env.NTERMINAL_STATIC_ROOT?.trim() || 'dist/client'),
+        isProduction,
+        agentToken,
+        trustProxy,
+        uploadMaxFiles,
+        uploadMaxFileBytes,
+        uploadMaxBatchBytes,
+        fileListMaxEntries,
+        fileTextMaxBytes,
+        filePreviewMaxBytes
+    };
+}
+export function isAllowedOrigin(config, origin) {
+    if (!origin) {
+        return true;
+    }
+    return config.allowedOrigins.includes(origin);
+}
+function stripEnvQuotes(value) {
+    if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+        return value.slice(1, -1);
+    }
+    return value;
+}
+function expandHomePath(value) {
+    if (value === '~') {
+        return os.homedir();
+    }
+    if (value.startsWith('~/')) {
+        return path.join(os.homedir(), value.slice(2));
+    }
+    return value;
+}
+//# sourceMappingURL=config.js.map

package/dist/server/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/server/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AA4B7B,SAAS,OAAO,CAAC,KAAyB,EAAE,QAAgB,EAAE,IAAY;IACxE,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC/C,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,6BAA6B,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAc,EAAE,IAAY,EAAE,eAAwB;IAC3E,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;IAChC,MAAM,MAAM,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAChF,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,cAAc,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,IAAI,KAAK,0BAA0B,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,GAAuB;IAC9C,MAAM,KAAK,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,6FAA6F;IAC7F,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,GAAc;IAClC,OAAO,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AAC1H,CAAC;AAED,SAAS,YAAY,CAAC,GAAuB,EAAE,IAAY,EAAE,IAAY;IACvE,MAAM,UAAU,GAAG,GAAG;QACpB,EAAE,KAAK,CAAC,GAAG,CAAC;SACX,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;SAC9B,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,UAAU,IAAI,IAAI,IAAI,EAAE,EAAE,oBAAoB,IAAI,EAAE,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAQ,GAAG,MAAM,EAAE,UAAqB,OAAO,CAAC,GAAG;IAChF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,MAAM,MAAM,GAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,SAAS;QACX,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACrB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YACtC,SAAS;QACX,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAiB,OAAO,CAAC,GAAG;IACrD,MAAM,IAAI,GAAG,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,WAAW,CAAC;IACvD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,gBAAgB,CAAC,CAAC;IACjE,uEAAuE;IACvE,wEAAwE;IACxE,uEAAuE;IACvE,+CAA+C;IAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACzG,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,EAAE,IAAI,uBAAuB,CAAC,CAAC;IAC5F,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,MAAM,EAAE,+BAA+B,CAAC,CAAC;IAC9G,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,EAAE,4BAA4B,CAAC,CAAC;IACnG,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,WAAW,EAAE,iCAAiC,CAAC,CAAC;IACxH,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,aAAa,EAAE,kCAAkC,CAAC,CAAC;IAC7H,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,IAAI,EAAE,iCAAiC,CAAC,CAAC;IACjH,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,SAAS,EAAE,+BAA+B,CAAC,CAAC;IAChH,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,UAAU,EAAE,kCAAkC,CAAC,CAAC;IAC1H,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IACnD,MAAM,aAAa,GAAG,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAChE,MAAM,UAAU,GAAG,aAAa,IAAI,aAAa,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC;IACtF,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC9D,OAAO;QACL,IAAI;QACJ,IAAI;QACJ,aAAa;QACb,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC;QACxB,SAAS;QACT,aAAa,EAAE,aAAa,CAAC,GAAG,EAAE,0BAA0B,EAAE,yCAAyC,CAAC;QACxG,YAAY,EAAE,iBAAiB,GAAG,IAAI;QACtC,YAAY,EAAE,GAAG,CAAC,uBAAuB,KAAK,MAAM,IAAI,CAAC,YAAY,IAAI,GAAG,CAAC,uBAAuB,KAAK,OAAO,CAAC;QACjH,cAAc,EAAE,YAAY,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,CAAC;QACvE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,aAAa,CAAC;QAC5E,YAAY;QACZ,UAAU;QACV,UAAU;QACV,cAAc;QACd,kBAAkB;QAClB,mBAAmB;QACnB,kBAAkB;QAClB,gBAAgB;QAChB,mBAAmB;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAyC,EAAE,MAA0B;IACnG,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACrG,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/server/files/fileExplorerService.d.ts

@@ -0,0 +1,38 @@
+import type { AppConfig } from '../config.js';
+import type { FileDeletePreviewResponse, FileDeleteResponse, FileEntry, FileListResponse, FileReadResponse, FileVersion, FileWriteResponse } from '../../shared/protocol.js';
+export type FileExplorerConfig = Pick<AppConfig, 'sessionSecret' | 'fileListMaxEntries' | 'fileTextMaxBytes' | 'filePreviewMaxBytes'>;
+export interface FilePreviewResult {
+    absolutePath: string;
+    contentType: string;
+    size: number;
+    stream: NodeJS.ReadableStream;
+}
+export declare class FileExplorerError extends Error {
+    readonly statusCode: number;
+    readonly code: string;
+    constructor(statusCode: number, code: string);
+}
+export declare class FileExplorerService {
+    private readonly config;
+    constructor(config: FileExplorerConfig);
+    resolveRootPath(rootPath: string): Promise<string>;
+    list(rootPath: string, requestPath: string): Promise<FileListResponse>;
+    readText(rootPath: string, requestPath: string): Promise<FileReadResponse>;
+    resolveFileForTerminalOpen(rootPath: string, requestPath: string): Promise<{
+        path: string;
+        absolutePath: string;
+    }>;
+    writeText(rootPath: string, requestPath: string, content: string, expectedVersion: FileVersion): Promise<FileWriteResponse>;
+    createEntry(rootPath: string, requestPath: string, kind: 'file' | 'directory'): Promise<FileEntry>;
+    moveEntry(rootPath: string, sourcePath: string, destinationPath: string): Promise<FileEntry>;
+    previewDelete(rootPath: string, requestPath: string, rootToken: string): Promise<FileDeletePreviewResponse>;
+    deleteEntry(rootPath: string, requestPath: string, previewToken: string, rootToken: string): Promise<FileDeleteResponse>;
+    previewFile(rootPath: string, requestPath: string): Promise<FilePreviewResult>;
+    private resolveExistingPath;
+    private resolveNewPath;
+    private assertNoSymlinkSegments;
+    private entryForPath;
+    private inspectDeleteTarget;
+    private countDescendants;
+    private openNoFollow;
+}