nterminal 1.2.0

package/dist/server/routes/terminalRoutes.js

@@ -0,0 +1,177 @@
+import { requireAllowedOrigin } from './authRoutes.js';
+export async function authenticateTerminalRequest(authService, request, reply) {
+    const auth = authService;
+    const methodNames = ['requireSession', 'requireAuth', 'authenticateRequest', 'validateRequest', 'isAuthenticated', 'validateSession'];
+    for (const methodName of methodNames) {
+        const method = auth[methodName];
+        if (typeof method !== 'function') {
+            continue;
+        }
+        if (method.length > 2) {
+            continue;
+        }
+        const result = await method.call(authService, request, reply);
+        return normalizeAuthResult(result, reply);
+    }
+    if (reply && !reply.sent) {
+        await reply.code(401).send({ error: 'unauthorized' });
+    }
+    return null;
+}
+export async function registerTerminalRoutes(app, config, services) {
+    app.get('/api/terminals', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        return { terminals: services.terminalManager.listTerminals() };
+    });
+    app.get('/api/terminals/:id/history', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const beforeLine = parseOptionalInt(request.query.beforeLine, 'beforeLine', reply);
+        if (beforeLine === null) {
+            return reply;
+        }
+        const limit = parseOptionalInt(request.query.limit, 'limit', reply);
+        if (limit === null) {
+            return reply;
+        }
+        const history = services.terminalManager.getTerminalHistory(request.params.id, {
+            ...(beforeLine !== undefined ? { beforeLine } : {}),
+            ...(limit !== undefined ? { limit } : {})
+        });
+        if (!history) {
+            return reply.code(404).send({ error: 'terminal_history_unavailable' });
+        }
+        return history;
+    });
+    app.get('/api/terminals/:id/transcript-history', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const limit = parseOptionalInt(request.query.limit, 'limit', reply);
+        if (limit === null) {
+            return reply;
+        }
+        const history = services.terminalManager.getTerminalTranscriptHistory(request.params.id, {
+            ...(typeof request.query.cursor === 'string' && request.query.cursor ? { cursor: request.query.cursor } : {}),
+            ...(limit !== undefined ? { limit } : {})
+        });
+        if (!history) {
+            if (!services.terminalManager.getTerminal(request.params.id)) {
+                return reply.code(404).send({ error: 'terminal_not_found' });
+            }
+            return {
+                terminalId: request.params.id,
+                source: null,
+                cursor: null,
+                hasMore: false,
+                output: []
+            };
+        }
+        return history;
+    });
+    app.get('/api/terminals/:id/transcript-source', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const source = services.terminalManager.getTerminalTranscriptSource(request.params.id);
+        if (!source) {
+            if (!services.terminalManager.getTerminal(request.params.id)) {
+                return reply.code(404).send({ error: 'terminal_not_found' });
+            }
+            return { terminalId: request.params.id, source: null };
+        }
+        return source;
+    });
+    app.post('/api/terminals', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const body = (request.body ?? {});
+        const createOptions = {
+            ...(body.parentTerminalId !== undefined ? { parentTerminalId: body.parentTerminalId } : {}),
+            ...(body.cols !== undefined ? { cols: body.cols } : {}),
+            ...(body.rows !== undefined ? { rows: body.rows } : {})
+        };
+        const terminal = await services.terminalManager.createTerminal(createOptions);
+        return reply.code(201).send({ terminal });
+    });
+    app.delete('/api/terminals/:id', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        if (!services.terminalManager.closeTerminal(request.params.id)) {
+            return reply.code(404).send({ error: 'terminal_not_found' });
+        }
+        return reply.code(204).send();
+    });
+    // Update an existing terminal's title. We use PATCH so the request body
+    // only carries the fields the client wants to change — currently just
+    // `title`, but the shape lets us add more fields (cwd hint, color, etc.)
+    // later without a new endpoint.
+    app.patch('/api/terminals/:id', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const titleField = (request.body ?? {}).title;
+        if (typeof titleField !== 'string' || !titleField.trim()) {
+            return reply.code(400).send({ error: 'title_required' });
+        }
+        const summary = services.terminalManager.renameTerminal(request.params.id, titleField);
+        if (!summary) {
+            return reply.code(404).send({ error: 'terminal_not_found' });
+        }
+        return { terminal: summary };
+    });
+    app.delete('/api/terminals', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        services.terminalManager.closeAll();
+        return reply.code(204).send();
+    });
+}
+function normalizeAuthResult(result, reply) {
+    if (result === true) {
+        return {};
+    }
+    if (typeof result === 'string') {
+        return { sessionId: result };
+    }
+    if (result && typeof result === 'object') {
+        if (result.authenticated === false) {
+            sendUnauthorized(reply);
+            return null;
+        }
+        return typeof result.sessionId === 'string' ? { sessionId: result.sessionId } : {};
+    }
+    sendUnauthorized(reply);
+    return null;
+}
+function sendUnauthorized(reply) {
+    if (reply && !reply.sent) {
+        void reply.code(401).send({ error: 'unauthorized' });
+    }
+}
+function parseOptionalInt(value, name, reply) {
+    if (value === undefined || value === '') {
+        return undefined;
+    }
+    const parsed = Number(value);
+    if (!Number.isInteger(parsed)) {
+        reply.code(400).send({ error: `invalid_${name}` });
+        return null;
+    }
+    return parsed;
+}
+//# sourceMappingURL=terminalRoutes.js.map

package/dist/server/routes/terminalRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminalRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/terminalRoutes.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAcvD,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,WAAwB,EACxB,OAAuB,EACvB,KAAoB;IAEpB,MAAM,IAAI,GAAG,WAAiD,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,gBAAgB,EAAE,aAAa,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAC;IAEtI,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,MAAO,MAAsB,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC/E,OAAO,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAA+B;IACnH,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,eAAe,CAAC,aAAa,EAAE,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CACL,4BAA4B,EAC5B,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;QACnF,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACpE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE;YAC7E,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnD,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CACL,uCAAuC,EACvC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACpE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,4BAA4B,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE;YACvF,GAAG,CAAC,OAAO,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7G,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC7B,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;aACX,CAAC;QACJ,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CACL,sCAAsC,EACtC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,eAAe,CAAC,2BAA2B,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACzD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpI,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAA0B,CAAC;QAC3D,MAAM,aAAa,GAAG;YACpB,GAAG,CAAC,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3F,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC9E,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CACR,oBAAoB,EACpB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC,CACF,CAAC;IAEF,wEAAwE;IACxE,sEAAsE;IACtE,yEAAyE;IACzE,gCAAgC;IAChC,GAAG,CAAC,KAAK,CACP,oBAAoB,EACpB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC;QAC9C,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;YACzD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QACvF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACtI,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,QAAQ,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAmB,EAAE,KAAoB;IACpE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAC/B,CAAC;IACD,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACzC,IAAI,MAAM,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACnC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACrF,CAAC;IAED,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAoB;IAC5C,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACzB,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;IACvD,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAyB,EAAE,IAAY,EAAE,KAAmB;IACpF,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,IAAI,EAAE,EAAE,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/routes/terminalWebSocket.d.ts

@@ -0,0 +1,9 @@
+import type { FastifyInstance } from 'fastify';
+import { type AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+import type { TerminalManager } from '../terminal/TerminalManager.js';
+export interface TerminalWebSocketServices {
+    authService: AuthService;
+    terminalManager: TerminalManager;
+}
+export declare function registerTerminalWebSocket(app: FastifyInstance, config: AppConfig, services: TerminalWebSocketServices): Promise<void>;

package/dist/server/routes/terminalWebSocket.js

@@ -0,0 +1,129 @@
+import WebSocket from 'ws';
+import { isAllowedOrigin } from '../config.js';
+import { parseClientTerminalMessage } from '../../shared/protocol.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+import { SocketBackpressure } from './socketBackpressure.js';
+// Bytes pending in this socket's outbound buffer before we ask the PTY to
+// pause. 1 MB is enough to absorb normal interactive spikes but small enough
+// that a stalled client can't grow it unbounded.
+const PAUSE_HIGH_WATER_BYTES = 1 << 20;
+// Resume once the buffer drains back below this — gives the socket headroom
+// before the next pause/resume cycle.
+const PAUSE_LOW_WATER_BYTES = 64 << 10;
+// How often to poll bufferedAmount while paused. ws doesn't emit a drain
+// event we can hook here, so we sample on a coarse interval.
+const DRAIN_POLL_MS = 50;
+export async function registerTerminalWebSocket(app, config, services) {
+    app.get('/api/terminals/:id/ws', { websocket: true }, async (socket, request) => {
+        if (!request.headers.origin) {
+            socket.close(1008, 'origin required');
+            return;
+        }
+        if (!isAllowedOrigin(config, request.headers.origin)) {
+            socket.close(1008, 'origin not allowed');
+            return;
+        }
+        const auth = await authenticateTerminalRequest(services.authService, request);
+        if (!auth) {
+            socket.close(1008, 'unauthorized');
+            return;
+        }
+        const terminalId = request.params.id;
+        let snapshotSent = false;
+        const pendingMessages = [];
+        // Forward-declared so the subscriber closure (registered below) and the
+        // backpressure sink can both reference it. Assigned exactly once before
+        // any send occurs, so the optional chains in the sink stay null-safe
+        // without ever actually hitting null in practice.
+        let attachment = null;
+        const backpressure = new SocketBackpressure({
+            get bufferedAmount() {
+                return socket.bufferedAmount;
+            },
+            isOpen: () => socket.readyState === WebSocket.OPEN
+        }, {
+            pause: () => attachment?.pause(),
+            resume: () => attachment?.resume()
+        }, {
+            highWaterBytes: PAUSE_HIGH_WATER_BYTES,
+            lowWaterBytes: PAUSE_LOW_WATER_BYTES,
+            pollMs: DRAIN_POLL_MS
+        });
+        const sendWithBackpressure = (message) => {
+            sendJson(socket, message);
+            backpressure.observe();
+        };
+        attachment = services.terminalManager.attachTerminal(terminalId, (message) => {
+            if (!snapshotSent) {
+                pendingMessages.push(message);
+                return;
+            }
+            sendWithBackpressure(message);
+        }, { replay: false });
+        if (!attachment) {
+            backpressure.dispose();
+            socket.close(1008, 'terminal not found');
+            return;
+        }
+        sendWithBackpressure({ type: 'snapshot', terminal: attachment.terminal, output: attachment.output, history: attachment.history });
+        snapshotSent = true;
+        for (const message of pendingMessages) {
+            sendWithBackpressure(message);
+        }
+        pendingMessages.length = 0;
+        let isAlive = true;
+        const heartbeat = setInterval(() => {
+            if (socket.readyState !== WebSocket.OPEN) {
+                return;
+            }
+            if (!isAlive) {
+                socket.terminate();
+                return;
+            }
+            isAlive = false;
+            socket.ping();
+        }, 30_000);
+        socket.on('pong', () => {
+            isAlive = true;
+        });
+        socket.on('message', (raw) => {
+            const message = parseClientTerminalMessage(raw.toString());
+            if (!message) {
+                sendJson(socket, { type: 'error', message: 'invalid terminal message' });
+                return;
+            }
+            if (message.type === 'ping') {
+                sendJson(socket, { type: 'pong', nonce: message.nonce });
+                return;
+            }
+            if (message.terminalId !== terminalId) {
+                sendJson(socket, { type: 'error', message: 'terminal id mismatch' });
+                return;
+            }
+            if (message.type === 'refresh_cwd') {
+                void services.terminalManager.refreshTerminalCwd(message.terminalId);
+                return;
+            }
+            if (message.type === 'input') {
+                if (!services.terminalManager.writeToTerminal(message.terminalId, message.data)) {
+                    sendJson(socket, { type: 'error', message: 'terminal is not writable' });
+                }
+                return;
+            }
+            if (!services.terminalManager.resizeTerminal(message.terminalId, message.cols, message.rows)) {
+                sendJson(socket, { type: 'error', message: 'terminal is not resizable' });
+            }
+        });
+        socket.on('close', () => {
+            clearInterval(heartbeat);
+            backpressure.dispose();
+            attachment?.dispose();
+        });
+    });
+}
+function sendJson(socket, payload) {
+    if (socket.readyState !== WebSocket.CLOSING && socket.readyState !== WebSocket.CLOSED) {
+        socket.send(JSON.stringify(payload));
+    }
+}
+//# sourceMappingURL=terminalWebSocket.js.map

package/dist/server/routes/terminalWebSocket.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminalWebSocket.js","sourceRoot":"","sources":["../../../src/server/routes/terminalWebSocket.ts"],"names":[],"mappings":"AACA,OAAO,SAAS,MAAM,IAAI,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAkB,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAO7D,0EAA0E;AAC1E,6EAA6E;AAC7E,iDAAiD;AACjD,MAAM,sBAAsB,GAAG,CAAC,IAAI,EAAE,CAAC;AACvC,4EAA4E;AAC5E,sCAAsC;AACtC,MAAM,qBAAqB,GAAG,EAAE,IAAI,EAAE,CAAC;AACvC,yEAAyE;AACzE,6DAA6D;AAC7D,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,GAAoB,EACpB,MAAiB,EACjB,QAAmC;IAEnC,GAAG,CAAC,GAAG,CAA6B,uBAAuB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;QAC1G,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzC,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,wEAAwE;QACxE,wEAAwE;QACxE,qEAAqE;QACrE,kDAAkD;QAClD,IAAI,UAAU,GAA8B,IAAI,CAAC;QAEjD,MAAM,YAAY,GAAG,IAAI,kBAAkB,CACzC;YACE,IAAI,cAAc;gBAChB,OAAO,MAAM,CAAC,cAAc,CAAC;YAC/B,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI;SACnD,EACD;YACE,KAAK,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE;YAChC,MAAM,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE;SACnC,EACD;YACE,cAAc,EAAE,sBAAsB;YACtC,aAAa,EAAE,qBAAqB;YACpC,MAAM,EAAE,aAAa;SACtB,CACF,CAAC;QAEF,MAAM,oBAAoB,GAAG,CAAC,OAA8B,EAAE,EAAE;YAC9D,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1B,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC,CAAC;QAEF,UAAU,GAAG,QAAQ,CAAC,eAAe,CAAC,cAAc,CAClD,UAAU,EACV,CAAC,OAAO,EAAE,EAAE;YACV,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9B,OAAO;YACT,CAAC;YACD,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC,EACD,EAAE,MAAM,EAAE,KAAK,EAAE,CAClB,CAAC;QAEF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,YAAY,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzC,OAAO;QACT,CAAC;QAED,oBAAoB,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;QAClI,YAAY,GAAG,IAAI,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QACD,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;QAE3B,IAAI,OAAO,GAAG,IAAI,CAAC;QACnB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;YACjC,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YACD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC,EAAE,MAAM,CAAC,CAAC;QAEX,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACrB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC3D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBACzE,OAAO;YACT,CAAC;YACD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC5B,QAAQ,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,IAAI,OAAO,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACtC,QAAQ,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YACD,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBACnC,KAAK,QAAQ,CAAC,eAAe,CAAC,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YACD,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChF,QAAQ,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBAC3E,CAAC;gBACD,OAAO;YACT,CAAC;YACD,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7F,QAAQ,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,aAAa,CAAC,SAAS,CAAC,CAAC;YACzB,YAAY,CAAC,OAAO,EAAE,CAAC;YACvB,UAAU,EAAE,OAAO,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,MAAiB,EAAE,OAAgB;IACnD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACvC,CAAC;AACH,CAAC"}

package/dist/server/routes/totpRoutes.d.ts

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from 'fastify';
+import type { AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+export interface TotpRouteServices {
+    authService: AuthService;
+}
+export declare function registerTotpRoutes(app: FastifyInstance, config: AppConfig, services: TotpRouteServices): Promise<void>;

package/dist/server/routes/totpRoutes.js

@@ -0,0 +1,46 @@
+import { cookieNames } from '../auth/cookies.js';
+import { requireAllowedOrigin } from './authRoutes.js';
+export async function registerTotpRoutes(app, config, services) {
+    app.post('/api/auth/totp/setup', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const cookies = request.cookies;
+        try {
+            const result = await services.authService.setupTotp(cookies[cookieNames.session], request.ip);
+            return result;
+        }
+        catch (error) {
+            return sendAuthError(reply, error);
+        }
+    });
+    app.post('/api/auth/totp/activate', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const cookies = request.cookies;
+        const { secret, otp } = request.body ?? {};
+        if (typeof secret !== 'string' || typeof otp !== 'string') {
+            return reply.code(400).send({ error: 'invalid_request' });
+        }
+        try {
+            await services.authService.activateTotp(cookies[cookieNames.session], secret, otp, request.ip);
+            return { totpEnabled: true };
+        }
+        catch (error) {
+            return sendAuthError(reply, error);
+        }
+    });
+    app.delete('/api/auth/totp', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const cookies = request.cookies;
+        try {
+            await services.authService.disableTotp(cookies[cookieNames.session], request.ip);
+            return { totpEnabled: false };
+        }
+        catch (error) {
+            return sendAuthError(reply, error);
+        }
+    });
+}
+function sendAuthError(reply, error) {
+    if (error instanceof Error && 'statusCode' in error && 'code' in error) {
+        const authError = error;
+        return reply.code(authError.statusCode).send({ error: authError.code.toLowerCase() });
+    }
+    throw error;
+}
+//# sourceMappingURL=totpRoutes.js.map

package/dist/server/routes/totpRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totpRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/totpRoutes.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAMvD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAA2B;IAC3G,GAAG,CAAC,IAAI,CACN,sBAAsB,EACtB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6C,CAAC;QACtE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YAC9F,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,IAAI,CACN,yBAAyB,EACzB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6C,CAAC;QACtE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YAC/F,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,MAAM,CACR,gBAAgB,EAChB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6C,CAAC;QACtE,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YACjF,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAmB,EAAE,KAAc;IACxD,IAAI,KAAK,YAAY,KAAK,IAAI,YAAY,IAAI,KAAK,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;QACvE,MAAM,SAAS,GAAG,KAAkB,CAAC;QACrC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,MAAM,KAAK,CAAC;AACd,CAAC"}

package/dist/server/routes/updateRoutes.d.ts

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from 'fastify';
+import type { AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+export interface UpdateRouteServices {
+    authService: AuthService;
+}
+export declare function registerUpdateRoutes(app: FastifyInstance, config: AppConfig, services: UpdateRouteServices): Promise<void>;

package/dist/server/routes/updateRoutes.js

@@ -0,0 +1,24 @@
+import { requireAllowedOrigin } from './authRoutes.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+import { checkBehind, getVersionInfo, runUpdate } from '../update/gitUpdate.js';
+export async function registerUpdateRoutes(app, config, services) {
+    app.get('/api/version', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        return getVersionInfo();
+    });
+    app.post('/api/update/check', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        return checkBehind();
+    });
+    app.post('/api/update', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        return runUpdate();
+    });
+}
+//# sourceMappingURL=updateRoutes.js.map

package/dist/server/routes/updateRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"updateRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/updateRoutes.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAMhF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAA6B;IAC/G,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC/C,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,OAAO,cAAc,EAAE,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvI,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,OAAO,WAAW,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjI,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,OAAO,SAAS,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/server/routes/uploadRoutes.d.ts

@@ -0,0 +1,9 @@
+import type { FastifyInstance } from 'fastify';
+import type { AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+import type { TerminalManager } from '../terminal/TerminalManager.js';
+export interface UploadRouteServices {
+    authService: AuthService;
+    terminalManager: TerminalManager;
+}
+export declare function registerUploadRoutes(app: FastifyInstance, config: AppConfig, services: UploadRouteServices): Promise<void>;

package/dist/server/routes/uploadRoutes.js

@@ -0,0 +1,95 @@
+import { requireAllowedOrigin } from './authRoutes.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+import { createUploadSession, parseUploadManifest, UploadRequestError } from '../uploads/uploadService.js';
+export async function registerUploadRoutes(app, config, services) {
+    app.post('/api/uploads', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        if (!request.isMultipart()) {
+            return reply.code(400).send({ error: 'multipart_required' });
+        }
+        let session = null;
+        let responseError = null;
+        try {
+            for await (const part of request.parts({
+                limits: {
+                    files: config.uploadMaxFiles,
+                    fileSize: config.uploadMaxFileBytes + 1,
+                    parts: config.uploadMaxFiles + 1,
+                    fields: 1
+                }
+            })) {
+                if (responseError) {
+                    if (part.type === 'file') {
+                        await drain(part.file);
+                    }
+                    continue;
+                }
+                if (part.type === 'field') {
+                    if (part.fieldname === 'manifest' && !session) {
+                        session = await createSessionFromManifest(part.value, config, services);
+                    }
+                    continue;
+                }
+                if (!session) {
+                    responseError = { statusCode: 400, code: 'manifest_required' };
+                    await drain(part.file);
+                    continue;
+                }
+                await session.writeFile(part.fieldname, part.file);
+            }
+        }
+        catch (error) {
+            await session?.abort();
+            if (error instanceof UploadRequestError) {
+                return reply.code(error.statusCode).send({ error: error.code });
+            }
+            throw error;
+        }
+        if (responseError) {
+            await session?.abort();
+            return reply.code(responseError.statusCode).send({ error: responseError.code });
+        }
+        if (!session) {
+            return reply.code(400).send({ error: 'manifest_required' });
+        }
+        return session.finish();
+    });
+}
+async function createSessionFromManifest(value, config, services) {
+    const manifest = parseUploadManifest(parseManifestValue(value));
+    if (!manifest) {
+        throw new UploadRequestError(400, 'invalid_upload_manifest');
+    }
+    if (!services.terminalManager.getTerminal(manifest.terminalId)) {
+        throw new UploadRequestError(404, 'terminal_not_found');
+    }
+    const destinationCwd = await services.terminalManager.resolveTerminalCwd(manifest.terminalId);
+    if (!destinationCwd) {
+        throw new UploadRequestError(409, 'terminal_cwd_unavailable');
+    }
+    return createUploadSession({
+        destinationCwd,
+        limits: config,
+        manifest
+    });
+}
+function parseManifestValue(value) {
+    if (typeof value !== 'string') {
+        return value;
+    }
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
+}
+async function drain(stream) {
+    for await (const _chunk of stream) {
+        // Consume the stream so multipart parsing can continue before returning.
+    }
+}
+//# sourceMappingURL=uploadRoutes.js.map

package/dist/server/routes/uploadRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uploadRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/uploadRoutes.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,kBAAkB,EAAsB,MAAM,6BAA6B,CAAC;AAO/H,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAA6B;IAC/G,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAClI,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,OAAO,GAAyB,IAAI,CAAC;QACzC,IAAI,aAAa,GAAgD,IAAI,CAAC;QAEtE,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC;gBACrC,MAAM,EAAE;oBACN,KAAK,EAAE,MAAM,CAAC,cAAc;oBAC5B,QAAQ,EAAE,MAAM,CAAC,kBAAkB,GAAG,CAAC;oBACvC,KAAK,EAAE,MAAM,CAAC,cAAc,GAAG,CAAC;oBAChC,MAAM,EAAE,CAAC;iBACV;aACF,CAAC,EAAE,CAAC;gBACH,IAAI,aAAa,EAAE,CAAC;oBAClB,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wBACzB,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACzB,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC1B,IAAI,IAAI,CAAC,SAAS,KAAK,UAAU,IAAI,CAAC,OAAO,EAAE,CAAC;wBAC9C,OAAO,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;oBAC1E,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,aAAa,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;oBAC/D,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACvB,SAAS;gBACX,CAAC;gBACD,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,EAAE,KAAK,EAAE,CAAC;YACvB,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;gBACxC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAClE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,OAAO,EAAE,KAAK,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,yBAAyB,CAAC,KAAc,EAAE,MAAiB,EAAE,QAA6B;IACvG,MAAM,QAAQ,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,kBAAkB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,kBAAkB,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC9F,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,kBAAkB,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,mBAAmB,CAAC;QACzB,cAAc;QACd,MAAM,EAAE,MAAM;QACd,QAAQ;KACT,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,KAAK,CAAC,MAA6B;IAChD,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;QAClC,yEAAyE;IAC3E,CAAC;AACH,CAAC"}

package/dist/server/storage/fileStore.d.ts

@@ -0,0 +1,90 @@
+import type { TerminalLayoutState } from '../../shared/types.js';
+export interface StoredPasswordCredential {
+    algorithm: 'scrypt';
+    hash: string;
+    salt: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface StoredTotpCredential {
+    secret: string;
+    algorithm: 'SHA1';
+    digits: 6;
+    period: 30;
+    createdAt: string;
+}
+export interface StoredAgent {
+    id: string;
+    name: string;
+    url: string;
+    token: string;
+    createdAt: string;
+}
+export interface StoredTrustedDevice {
+    id: string;
+    tokenHash: string;
+    label: string;
+    createdAt: string;
+    lastSeenAt: string;
+    expiresAt: string;
+}
+export interface StoredIpRule {
+    id: string;
+    value: string;
+    label: string;
+    createdAt: string;
+}
+export interface StoredTerminalLayout {
+    layout: TerminalLayoutState;
+    revision: number;
+    updatedAt: string;
+}
+export interface StoredNotificationAsset {
+    id: string;
+    filename: string;
+    storedFilename: string;
+    contentType: 'video/mp4' | 'video/webm';
+    size: number;
+    createdAt: string;
+}
+export interface StoredState {
+    passwordCredential: StoredPasswordCredential | null;
+    totpCredential: StoredTotpCredential | null;
+    mainName: string | null;
+    agents: StoredAgent[];
+    trustedDevices: StoredTrustedDevice[];
+    ipWhitelist: StoredIpRule[];
+    terminalLayout: StoredTerminalLayout | null;
+    agentLayouts: Record<string, StoredTerminalLayout>;
+    notificationAssets: StoredNotificationAsset[];
+    notificationAssetDisabledIds: string[];
+}
+export interface FileStoreOptions {
+    coalesceWindowMs?: number;
+    onError?: (err: unknown) => void;
+}
+export interface UpdateOptions {
+    flush?: 'immediate' | 'coalesced';
+}
+export declare class FileStore {
+    readonly path: string;
+    private memoryState;
+    private dirty;
+    private flushTimer;
+    private updateQueue;
+    private readonly coalesceWindowMs;
+    private onError;
+    constructor(path: string, options?: FileStoreOptions);
+    setErrorHandler(handler: (err: unknown) => void): void;
+    init(): Promise<void>;
+    read(): Promise<StoredState>;
+    update(updater: (state: StoredState) => StoredState | Promise<StoredState>, options?: UpdateOptions): Promise<StoredState>;
+    flush(): Promise<void>;
+    flushSync(): void;
+    private flushDirty;
+    private scheduleFlush;
+    private cancelTimer;
+    private readFromDisk;
+    private writeToDisk;
+    private enqueue;
+}