npm - pal-explorer-cli - Versions diffs - 0.4.0 - Mend

pal-explorer-cli 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/LICENSE.md +18 -0
package/README.md +314 -0
package/bin/pal.js +230 -0
package/extensions/@palexplorer/analytics/README.md +45 -0
package/extensions/@palexplorer/analytics/docs/MONETIZATION.md +14 -0
package/extensions/@palexplorer/analytics/docs/PLAN.md +23 -0
package/extensions/@palexplorer/analytics/docs/PRIVACY.md +38 -0
package/extensions/@palexplorer/analytics/extension.json +27 -0
package/extensions/@palexplorer/analytics/index.js +186 -0
package/extensions/@palexplorer/analytics/test/analytics.test.js +82 -0
package/extensions/@palexplorer/audit/extension.json +17 -0
package/extensions/@palexplorer/audit/index.js +2 -0
package/extensions/@palexplorer/auth-email/extension.json +17 -0
package/extensions/@palexplorer/auth-email/index.js +102 -0
package/extensions/@palexplorer/auth-oauth/extension.json +16 -0
package/extensions/@palexplorer/auth-oauth/index.js +199 -0
package/extensions/@palexplorer/chat/extension.json +17 -0
package/extensions/@palexplorer/chat/index.js +2 -0
package/extensions/@palexplorer/discovery/extension.json +16 -0
package/extensions/@palexplorer/discovery/index.js +111 -0
package/extensions/@palexplorer/email-notifications/extension.json +23 -0
package/extensions/@palexplorer/email-notifications/index.js +242 -0
package/extensions/@palexplorer/explorer-integration/extension.json +13 -0
package/extensions/@palexplorer/explorer-integration/index.js +122 -0
package/extensions/@palexplorer/groups/extension.json +17 -0
package/extensions/@palexplorer/groups/index.js +2 -0
package/extensions/@palexplorer/networks/extension.json +17 -0
package/extensions/@palexplorer/networks/index.js +2 -0
package/extensions/@palexplorer/share-links/extension.json +17 -0
package/extensions/@palexplorer/share-links/index.js +2 -0
package/extensions/@palexplorer/sync/extension.json +17 -0
package/extensions/@palexplorer/sync/index.js +2 -0
package/extensions/@palexplorer/user-mgmt/extension.json +17 -0
package/extensions/@palexplorer/user-mgmt/index.js +2 -0
package/extensions/@palexplorer/vfs/extension.json +17 -0
package/extensions/@palexplorer/vfs/index.js +167 -0
package/lib/capabilities.js +263 -0
package/lib/commands/analytics.js +175 -0
package/lib/commands/api-keys.js +131 -0
package/lib/commands/audit.js +235 -0
package/lib/commands/auth.js +137 -0
package/lib/commands/backup.js +76 -0
package/lib/commands/billing.js +148 -0
package/lib/commands/chat.js +217 -0
package/lib/commands/cloud-backup.js +231 -0
package/lib/commands/comment.js +99 -0
package/lib/commands/completion.js +203 -0
package/lib/commands/compliance.js +218 -0
package/lib/commands/config.js +136 -0
package/lib/commands/connect.js +44 -0
package/lib/commands/dept.js +294 -0
package/lib/commands/device.js +146 -0
package/lib/commands/download.js +226 -0
package/lib/commands/explorer.js +178 -0
package/lib/commands/extension.js +970 -0
package/lib/commands/favorite.js +90 -0
package/lib/commands/federation.js +270 -0
package/lib/commands/file.js +533 -0
package/lib/commands/group.js +271 -0
package/lib/commands/gui-share.js +29 -0
package/lib/commands/init.js +61 -0
package/lib/commands/invite.js +59 -0
package/lib/commands/list.js +59 -0
package/lib/commands/log.js +116 -0
package/lib/commands/nearby.js +108 -0
package/lib/commands/network.js +251 -0
package/lib/commands/notify.js +198 -0
package/lib/commands/org.js +273 -0
package/lib/commands/pal.js +180 -0
package/lib/commands/permissions.js +216 -0
package/lib/commands/pin.js +97 -0
package/lib/commands/protocol.js +357 -0
package/lib/commands/rbac.js +147 -0
package/lib/commands/recover.js +36 -0
package/lib/commands/register.js +171 -0
package/lib/commands/relay.js +131 -0
package/lib/commands/remote.js +368 -0
package/lib/commands/revoke.js +50 -0
package/lib/commands/scanner.js +280 -0
package/lib/commands/schedule.js +344 -0
package/lib/commands/scim.js +203 -0
package/lib/commands/search.js +181 -0
package/lib/commands/serve.js +438 -0
package/lib/commands/server.js +350 -0
package/lib/commands/share-link.js +199 -0
package/lib/commands/share.js +323 -0
package/lib/commands/sso.js +200 -0
package/lib/commands/status.js +136 -0
package/lib/commands/stream.js +562 -0
package/lib/commands/su.js +187 -0
package/lib/commands/sync.js +827 -0
package/lib/commands/transfers.js +152 -0
package/lib/commands/uninstall.js +188 -0
package/lib/commands/update.js +204 -0
package/lib/commands/user.js +276 -0
package/lib/commands/vfs.js +84 -0
package/lib/commands/web.js +52 -0
package/lib/commands/webhook.js +180 -0
package/lib/commands/whoami.js +59 -0
package/lib/commands/workspace.js +121 -0
package/lib/core/accessLog.js +54 -0
package/lib/core/analytics.js +99 -0
package/lib/core/backup.js +84 -0
package/lib/core/billing.js +336 -0
package/lib/core/bitfieldStore.js +53 -0
package/lib/core/connectionManager.js +182 -0
package/lib/core/dhtDiscovery.js +148 -0
package/lib/core/discoveryClient.js +408 -0
package/lib/core/extensionAnalyzer.js +357 -0
package/lib/core/extensionSandbox.js +250 -0
package/lib/core/extensionWorkerHost.js +166 -0
package/lib/core/extensions.js +1082 -0
package/lib/core/fileDiff.js +69 -0
package/lib/core/groups.js +119 -0
package/lib/core/identity.js +340 -0
package/lib/core/mdnsService.js +126 -0
package/lib/core/networks.js +81 -0
package/lib/core/permissions.js +109 -0
package/lib/core/pro.js +27 -0
package/lib/core/resolver.js +74 -0
package/lib/core/serverList.js +224 -0
package/lib/core/sharePolicy.js +69 -0
package/lib/core/shares.js +325 -0
package/lib/core/signalingServer.js +441 -0
package/lib/core/streamTransport.js +106 -0
package/lib/core/su.js +55 -0
package/lib/core/syncEngine.js +264 -0
package/lib/core/syncState.js +159 -0
package/lib/core/transfers.js +259 -0
package/lib/core/users.js +225 -0
package/lib/core/vfs.js +216 -0
package/lib/core/webServer.js +702 -0
package/lib/core/webrtcStream.js +396 -0
package/lib/crypto/chatEncryption.js +57 -0
package/lib/crypto/shareEncryption.js +195 -0
package/lib/crypto/sharePassword.js +35 -0
package/lib/crypto/streamEncryption.js +189 -0
package/lib/package.json +1 -0
package/lib/protocol/envelope.js +271 -0
package/lib/protocol/handler.js +191 -0
package/lib/protocol/index.js +27 -0
package/lib/protocol/messages.js +247 -0
package/lib/protocol/negotiation.js +127 -0
package/lib/protocol/policy.js +142 -0
package/lib/protocol/router.js +86 -0
package/lib/protocol/sync.js +122 -0
package/lib/utils/cli.js +15 -0
package/lib/utils/config.js +123 -0
package/lib/utils/configIntegrity.js +87 -0
package/lib/utils/downloadDir.js +9 -0
package/lib/utils/explorer.js +83 -0
package/lib/utils/format.js +12 -0
package/lib/utils/help.js +357 -0
package/lib/utils/logger.js +103 -0
package/lib/utils/torrent.js +203 -0
package/package.json +71 -0

package/lib/core/networks.js ADDED Viewed

@@ -0,0 +1,81 @@
+import config from '../utils/config.js';
+import { getIdentity } from './identity.js';
+import { getPrimaryServer } from './discoveryClient.js';
+async function authHeaders() {
+  const identity = await getIdentity();
+  return {
+    'Content-Type': 'application/json',
+    'X-Public-Key': identity?.publicKey || '',
+    'X-Handle': identity?.handle || '',
+  };
+}
+function serverUrl() {
+  return getPrimaryServer();
+}
+async function request(method, path, body) {
+  const headers = await authHeaders();
+  const opts = { method, headers, signal: AbortSignal.timeout(10000) };
+  if (body) opts.body = JSON.stringify(body);
+  const res = await fetch(`${serverUrl()}${path}`, opts);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({}));
+    throw new Error(err.error || res.statusText);
+  }
+  const text = await res.text();
+  return text ? JSON.parse(text) : null;
+}
+export async function createNetwork(name, slug, description) {
+  return request('POST', '/api/v1/networks', { name, slug, description });
+}
+export async function listNetworks() {
+  return request('GET', '/api/v1/networks');
+}
+export async function getNetwork(id) {
+  return request('GET', `/api/v1/networks/${encodeURIComponent(id)}`);
+}
+export async function updateNetwork(id, updates) {
+  return request('PATCH', `/api/v1/networks/${encodeURIComponent(id)}`, updates);
+}
+export async function deleteNetwork(id) {
+  return request('DELETE', `/api/v1/networks/${encodeURIComponent(id)}`);
+}
+export async function listMembers(networkId) {
+  return request('GET', `/api/v1/networks/${encodeURIComponent(networkId)}/members`);
+}
+export async function createInvite(networkId, role) {
+  return request('POST', `/api/v1/networks/${encodeURIComponent(networkId)}/invite`, { role });
+}
+export async function joinNetwork(code) {
+  return request('POST', `/api/v1/networks/join/${encodeURIComponent(code)}`);
+}
+export async function updateMemberRole(networkId, userId, role) {
+  return request('PATCH', `/api/v1/networks/${encodeURIComponent(networkId)}/members/${encodeURIComponent(userId)}`, { role });
+}
+export async function removeMember(networkId, userId) {
+  return request('DELETE', `/api/v1/networks/${encodeURIComponent(networkId)}/members/${encodeURIComponent(userId)}`);
+}
+export async function createGroup(networkId, name) {
+  return request('POST', `/api/v1/networks/${encodeURIComponent(networkId)}/groups`, { name });
+}
+export async function listGroups(networkId) {
+  return request('GET', `/api/v1/networks/${encodeURIComponent(networkId)}/groups`);
+}
+export async function deleteGroup(networkId, groupId) {
+  return request('DELETE', `/api/v1/networks/${encodeURIComponent(networkId)}/groups/${encodeURIComponent(groupId)}`);
+}

package/lib/core/permissions.js ADDED Viewed

@@ -0,0 +1,109 @@
+import config from '../utils/config.js';
+import { verifyConfigKey } from '../utils/configIntegrity.js';
+import { getIdentity } from './identity.js';
+import fs from 'fs';
+import path from 'path';
+const AUDIT_MAX = 500;
+export function requireIdentity() {
+  const identity = config.get('identity');
+  if (!identity || !identity.publicKey) {
+    throw new Error('No identity found. Run `pe init` first.');
+  }
+  return identity;
+}
+export function getPermissions(sharePath) {
+  const shares = config.get('shares') || [];
+  const share = shares.find(s => s.path === sharePath);
+  if (!share) return { owned: false, canRead: true, canWrite: false, canDelete: false, canShare: false };
+  return {
+    owned: true,
+    canRead: true,
+    canWrite: true,
+    canDelete: true,
+    canShare: true,
+    visibility: share.visibility || 'global',
+    recipients: share.recipients || [],
+  };
+}
+export async function getSharePermissionsForPal(shareId, palPublicKey) {
+  const valid = await verifyConfigKey('shares');
+  if (!valid) throw new Error('Shares config integrity check failed — possible tampering');
+  const shares = config.get('shares') || [];
+  const share = shares.find(s => s.id === shareId || s.magnet === shareId);
+  if (!share) return { canRead: false, canWrite: false, canDownload: false, drillDown: false };
+  if (share.visibility === 'global') {
+    return { canRead: true, canWrite: false, canDownload: true, drillDown: true };
+  }
+  const recipients = share.recipients || [];
+  const isRecipient = recipients.some(r =>
+    r.publicKey === palPublicKey || r.id === palPublicKey || r.handle === palPublicKey
+  );
+  if (!isRecipient) return { canRead: false, canWrite: false, canDownload: false, drillDown: false };
+  const perms = share.palPermissions?.[palPublicKey] || {};
+  return {
+    canRead: true,
+    canWrite: perms.canWrite || false,
+    canDownload: perms.canDownload !== false,
+    drillDown: perms.drillDown !== false,
+  };
+}
+function safeRealpath(p) {
+  try { return fs.realpathSync(p); } catch { return path.resolve(p); }
+}
+export function checkPathAccess(targetPath, operation = 'read') {
+  requireIdentity();
+  const resolved = safeRealpath(targetPath);
+  const shares = config.get('shares') || [];
+  const isSharedPath = shares.some(s => {
+    const sharePath = safeRealpath(s.path);
+    return resolved === sharePath || resolved.startsWith(sharePath + path.sep);
+  });
+  if (isSharedPath && (operation === 'delete' || operation === 'move')) {
+    const share = shares.find(s => {
+      const sp = safeRealpath(s.path);
+      return resolved === sp || resolved.startsWith(sp + path.sep);
+    });
+    if (share && resolved === safeRealpath(share.path)) {
+      throw new Error(`Cannot ${operation} a shared root directory. Revoke the share first.`);
+    }
+  }
+  return { allowed: true, isShared: isSharedPath };
+}
+export function auditLog(action, details = {}) {
+  const log = config.get('auditLog') || [];
+  const identity = config.get('identity');
+  const { timestamp: _t, action: _a, user: _u, deviceId: _d, ...safeDetails } = details;
+  log.push({
+    timestamp: new Date().toISOString(),
+    action,
+    user: identity?.handle || identity?.name || 'unknown',
+    deviceId: config.get('device')?.id || 'unknown',
+    ...safeDetails,
+  });
+  if (log.length > AUDIT_MAX) log.splice(0, log.length - AUDIT_MAX);
+  config.set('auditLog', log);
+}
+export function getAuditLog(limit = 50) {
+  const log = config.get('auditLog') || [];
+  return log.slice(-limit);
+}
+export function clearAuditLog() {
+  config.set('auditLog', []);
+}

package/lib/core/pro.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { PLANS, getActivePlan as billingGetActivePlan, getFeature, checkFeature, getPlanLimits } from './billing.js';
+export const FREE_LIMITS = {
+  ...PLANS.free.limits,
+  maxShareRecipients: PLANS.free.limits.maxRecipients,
+};
+export function isPro() {
+  const plan = billingGetActivePlan();
+  return plan.key !== 'free';
+}
+export function isEnterprise() {
+  const plan = billingGetActivePlan();
+  return plan.key === 'enterprise';
+}
+export function checkLimit(feature, currentCount) {
+  if (isPro()) return;
+  const limit = FREE_LIMITS[feature];
+  if (limit == null) return;
+  if (currentCount > limit) {
+    throw new Error(`Free tier limit reached: ${feature} (max ${limit}). Upgrade to Pro for unlimited access.`);
+  }
+}
+export { getFeature, checkFeature, getPlanLimits };

package/lib/core/resolver.js ADDED Viewed

@@ -0,0 +1,74 @@
+import config from '../utils/config.js';
+import { getServers, parseHandle, resolveFromServer } from './discoveryClient.js';
+const CACHE_TTL_MS = Number(process.env.PAL_CACHE_TTL_MS) || 3600000; // 1 hour
+const DHT_TIMEOUT_MS = 10000;
+export async function resolveHandle(handle, opts = {}) {
+  const { name, server } = parseHandle(handle);
+  const order = opts.order || ['cache', 'server', 'dht'];
+  const cache = config.get('handleCache') || {};
+  const cacheKey = handle; // full handle including @server for uniqueness
+  for (const source of order) {
+    try {
+      const result = await resolveFrom(source, name, cache, cacheKey, server);
+      if (result) {
+        if (source !== 'cache') {
+          cache[cacheKey] = { ...result, timestamp: Date.now(), source };
+          config.set('handleCache', cache);
+        }
+        return result;
+      }
+    } catch {
+      // Source failed, try next
+    }
+  }
+  return null;
+}
+async function resolveFrom(source, handle, cache, cacheKey, targetServer) {
+  switch (source) {
+    case 'cache': {
+      const cached = cache[cacheKey];
+      if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
+        return cached;
+      }
+      return null;
+    }
+    case 'server': {
+      // Federated: if handle has @server, query that server directly
+      if (targetServer) {
+        return await resolveFromServer(targetServer, handle);
+      }
+      // Local: query servers with 'discovery' role
+      const servers = getServers('discovery');
+      const results = await Promise.allSettled(
+        servers.map(server => resolveFromServer(server, handle))
+      );
+      for (const r of results) {
+        if (r.status === 'fulfilled' && r.value) return r.value;
+      }
+      return null;
+    }
+    case 'dht': {
+      const { DHTDiscovery } = await import('./dhtDiscovery.js');
+      const dht = new DHTDiscovery();
+      try {
+        const knownPk = cache[cacheKey]?.publicKey || cache[cacheKey]?.dhtHash;
+        const result = await Promise.race([
+          dht.resolve(handle, knownPk),
+          new Promise((_, reject) => setTimeout(() => reject(new Error('DHT timeout')), DHT_TIMEOUT_MS))
+        ]);
+        return result || null;
+      } finally {
+        dht.destroy();
+      }
+    }
+    default:
+      return null;
+  }
+}

package/lib/core/serverList.js ADDED Viewed

@@ -0,0 +1,224 @@
+import config from '../utils/config.js';
+export const SERVER_ROLES = ['discovery', 'signaling', 'turn', 'stun', 'relay', 'billing'];
+export const TRUST_LEVELS = { bootstrap: 4, user: 3, federation: 2, gossip: 1 };
+const WRITE_TRUST_THRESHOLD = 3; // only bootstrap and user-trusted servers can receive writes
+// Bootstrap servers are injected by extensions (e.g. discovery).
+// Core is pure P2P — no hardcoded server dependencies.
+const BOOTSTRAP_SERVERS = [];
+let cachedServers = null;
+let healthSortedServers = null; // sorted by health + latency, updated by health checks
+let serverRolesCache = new Map(); // url -> { roles, trusted, addedBy }
+export function getBootstrapServers() {
+  return [...BOOTSTRAP_SERVERS];
+}
+export function addBootstrapServer(url) {
+  const normalized = url.replace(/\/+$/, '');
+  if (!BOOTSTRAP_SERVERS.includes(normalized)) {
+    BOOTSTRAP_SERVERS.push(normalized);
+    if (!serverRolesCache.has(normalized)) {
+      serverRolesCache.set(normalized, { roles: [...SERVER_ROLES], trusted: true, addedBy: 'bootstrap' });
+    }
+  }
+}
+function getServerMeta(url) {
+  return serverRolesCache.get(url) || { roles: [...SERVER_ROLES], trusted: true, addedBy: 'bootstrap' };
+}
+function setServerMeta(url, meta) {
+  serverRolesCache.set(url, meta);
+}
+export function getServersForRole(role) {
+  const servers = getCachedServers();
+  return servers.filter(url => {
+    const meta = getServerMeta(url);
+    return meta.roles.includes(role);
+  });
+}
+export async function addServerWithRoles(url, roles = [], { trustWrites = false } = {}) {
+  const normalized = url.replace(/\/+$/, '');
+  let verifiedRoles = roles.length > 0 ? roles.filter(r => SERVER_ROLES.includes(r)) : [...SERVER_ROLES];
+  try {
+    const res = await fetch(`${normalized}/status`, { signal: AbortSignal.timeout(5000) });
+    if (res.ok) {
+      const data = await res.json();
+      if (Array.isArray(data.roles)) {
+        verifiedRoles = roles.length > 0
+          ? roles.filter(r => data.roles.includes(r))
+          : data.roles.filter(r => SERVER_ROLES.includes(r));
+      }
+    }
+  } catch {
+    // keep claimed roles if server unreachable
+  }
+  const addedBy = trustWrites ? 'user' : 'federation';
+  setServerMeta(normalized, { roles: verifiedRoles, trusted: trustWrites, addedBy });
+  const settings = config.get('settings') || {};
+  const serverRoles = settings.server_roles || {};
+  serverRoles[normalized] = { roles: verifiedRoles, trusted: trustWrites, addedBy };
+  settings.server_roles = serverRoles;
+  config.set('settings', settings);
+  return { url: normalized, roles: verifiedRoles, trustWrites };
+}
+function loadServerRolesFromConfig() {
+  const settings = config.get('settings') || {};
+  const stored = settings.server_roles || {};
+  for (const [url, meta] of Object.entries(stored)) {
+    serverRolesCache.set(url, meta);
+  }
+  for (const url of BOOTSTRAP_SERVERS) {
+    if (!serverRolesCache.has(url)) {
+      serverRolesCache.set(url, { roles: [...SERVER_ROLES], trusted: true, addedBy: 'bootstrap' });
+    }
+  }
+}
+loadServerRolesFromConfig();
+export function getServerRoles(url) {
+  return getServerMeta(url);
+}
+export async function fetchServerList(serverUrl) {
+  try {
+    const res = await fetch(`${serverUrl}/api/v1/servers`, {
+      signal: AbortSignal.timeout(5000),
+    });
+    if (!res.ok) return [];
+    const data = await res.json();
+    return Array.isArray(data.servers) ? data.servers : [];
+  } catch {
+    return [];
+  }
+}
+export async function refreshServerList(onProgress) {
+  const bootstraps = getBootstrapServers();
+  const settings = config.get('settings') || {};
+  const configured = Array.isArray(settings.discovery_servers) ? settings.discovery_servers : [];
+  const allKnown = [...new Set([...bootstraps, ...configured])];
+  const fetched = new Set();
+  for (let i = 0; i < allKnown.length; i++) {
+    const server = allKnown[i];
+    onProgress?.(`Fetching server list from ${server}...`, Math.round((i / allKnown.length) * 100));
+    const list = await fetchServerList(server);
+    for (const entry of list) {
+      const url = typeof entry === 'string' ? entry : entry?.url;
+      if (!url) continue;
+      fetched.add(url);
+      if (typeof entry === 'object' && Array.isArray(entry.roles) && !serverRolesCache.has(url)) {
+        setServerMeta(url, {
+          roles: entry.roles.filter(r => SERVER_ROLES.includes(r)),
+          trusted: false,
+          addedBy: 'federation',
+        });
+      }
+    }
+  }
+  const merged = [...new Set([...allKnown, ...fetched])];
+  cachedServers = merged;
+  return merged;
+}
+export async function healthCheckServers(servers) {
+  const results = await Promise.all(
+    servers.map(async (url) => {
+      const start = Date.now();
+      try {
+        const res = await fetch(`${url}/status`, { signal: AbortSignal.timeout(3000) });
+        const latencyMs = Date.now() - start;
+        let roles = null;
+        if (res.ok) {
+          try {
+            const data = await res.json();
+            if (Array.isArray(data.roles)) {
+              roles = data.roles;
+              const existing = getServerMeta(url);
+              setServerMeta(url, { ...existing, roles: data.roles });
+            }
+          } catch {}
+        }
+        return { url, reachable: res.ok, latencyMs, roles };
+      } catch {
+        return { url, reachable: false, latencyMs: Infinity, roles: null };
+      }
+    })
+  );
+  return results;
+}
+export async function getSortedServers() {
+  const settings = config.get('settings') || {};
+  const configured = Array.isArray(settings.discovery_servers) ? settings.discovery_servers : [];
+  const servers = configured.length > 0 ? configured : BOOTSTRAP_SERVERS;
+  const checked = await healthCheckServers(servers);
+  checked.sort((a, b) => {
+    if (a.reachable && !b.reachable) return -1;
+    if (!a.reachable && b.reachable) return 1;
+    return a.latencyMs - b.latencyMs;
+  });
+  cachedServers = checked.map(s => s.url);
+  return checked;
+}
+export function getCachedServers() {
+  return cachedServers ? [...cachedServers] : getBootstrapServers();
+}
+export function getHealthSortedServers() {
+  return healthSortedServers ? [...healthSortedServers] : null;
+}
+export function setHealthSortedServers(sorted) {
+  healthSortedServers = sorted;
+}
+export function getTrustLevel(url) {
+  const meta = getServerMeta(url);
+  return TRUST_LEVELS[meta.addedBy] || 0;
+}
+export function isWriteTrusted(url) {
+  return getTrustLevel(url) >= WRITE_TRUST_THRESHOLD;
+}
+export function getWriteServers() {
+  return getCachedServers().filter(url => isWriteTrusted(url));
+}
+export function addGossipServer(url, publicKey) {
+  const normalized = url.replace(/\/+$/, '');
+  if (serverRolesCache.has(normalized)) return false;
+  const pinned = config.get('pinnedServerKeys') || {};
+  if (publicKey) {
+    pinned[normalized] = publicKey;
+    config.set('pinnedServerKeys', pinned);
+  }
+  setServerMeta(normalized, {
+    roles: [...SERVER_ROLES],
+    trusted: false,
+    addedBy: 'gossip',
+    publicKey,
+  });
+  return true;
+}

package/lib/core/sharePolicy.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const POLICY_FILE = join(homedir(), '.palexplorer', 'share-policies.json');
+function readPolicies() {
+  try {
+    if (!existsSync(POLICY_FILE)) return {};
+    return JSON.parse(readFileSync(POLICY_FILE, 'utf8'));
+  } catch { return {}; }
+}
+function writePolicies(policies) {
+  writeFileSync(POLICY_FILE, JSON.stringify(policies, null, 2), 'utf8');
+}
+export function setSharePolicy(shareId, policy) {
+  const policies = readPolicies();
+  policies[shareId] = {
+    ...policies[shareId],
+    ...policy,
+    updatedAt: new Date().toISOString(),
+  };
+  writePolicies(policies);
+  return policies[shareId];
+}
+export function getSharePolicy(shareId) {
+  const policies = readPolicies();
+  return policies[shareId] || null;
+}
+export function checkShareAccess(shareId) {
+  const policy = getSharePolicy(shareId);
+  if (!policy) return { allowed: true };
+  if (policy.expiresAt && new Date(policy.expiresAt) < new Date()) {
+    return { allowed: false, reason: 'expired', message: 'This share link has expired' };
+  }
+  if (policy.maxDownloads && policy.downloadCount >= policy.maxDownloads) {
+    return { allowed: false, reason: 'download_limit', message: `Download limit reached (${policy.maxDownloads})` };
+  }
+  if (policy.allowedIPs && policy.allowedIPs.length > 0) {
+    return { allowed: true, requireIPCheck: true, allowedIPs: policy.allowedIPs };
+  }
+  return { allowed: true };
+}
+export function incrementDownloadCount(shareId) {
+  const policies = readPolicies();
+  if (!policies[shareId]) return;
+  policies[shareId].downloadCount = (policies[shareId].downloadCount || 0) + 1;
+  writePolicies(policies);
+  return policies[shareId].downloadCount;
+}
+export function removeSharePolicy(shareId) {
+  const policies = readPolicies();
+  delete policies[shareId];
+  writePolicies(policies);
+}
+export function listPolicies() {
+  return readPolicies();
+}