pal-explorer-cli 0.4.11 → 0.4.13

package/lib/core/imageProcessor.js

@@ -0,0 +1,109 @@
+import sharp from 'sharp';
+import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+const IMAGES_DIR = path.join(os.homedir(), '.palexplorer', 'images');
+const ALLOWED_FORMATS = new Set(['jpeg', 'png', 'webp']);
+const MAX_AVATAR_INPUT = 256 * 1024;   // 256KB
+const MAX_SHARE_INPUT = 512 * 1024;    // 512KB
+const AVATAR_SIZE = 256;
+const SHARE_IMAGE_SIZE = 512;
+
+function ensureImagesDir() {
+  if (!fs.existsSync(IMAGES_DIR)) {
+    fs.mkdirSync(IMAGES_DIR, { recursive: true });
+  }
+}
+
+function contentHash(buffer) {
+  return crypto.createHash('sha256').update(buffer).digest('hex');
+}
+
+async function validateAndProcess(buffer, { maxInput, size }) {
+  if (!Buffer.isBuffer(buffer)) throw new Error('Input must be a Buffer');
+  if (buffer.length === 0) throw new Error('Empty image buffer');
+  if (buffer.length > maxInput) throw new Error(`Image too large (${buffer.length} bytes, max ${maxInput})`);
+
+  let metadata;
+  try {
+    metadata = await sharp(buffer).metadata();
+  } catch {
+    throw new Error('Invalid or corrupted image file');
+  }
+
+  if (!metadata.format || !ALLOWED_FORMATS.has(metadata.format)) {
+    throw new Error(`Unsupported format: ${metadata.format || 'unknown'}. Allowed: ${[...ALLOWED_FORMATS].join(', ')}`);
+  }
+
+  const output = await sharp(buffer)
+    .resize(size, size, { fit: 'cover', withoutEnlargement: false })
+    .rotate()           // auto-rotate based on EXIF, then EXIF is stripped
+    .webp({ quality: 80 })
+    .toBuffer();
+
+  const hash = contentHash(output);
+  return { buffer: output, hash, format: 'webp', width: size, height: size };
+}
+
+export async function processAvatar(buffer) {
+  return validateAndProcess(buffer, { maxInput: MAX_AVATAR_INPUT, size: AVATAR_SIZE });
+}
+
+export async function processShareImage(buffer) {
+  return validateAndProcess(buffer, { maxInput: MAX_SHARE_INPUT, size: SHARE_IMAGE_SIZE });
+}
+
+export async function sanitizeReceived(buffer) {
+  if (!Buffer.isBuffer(buffer) || buffer.length === 0) throw new Error('Invalid image buffer');
+  if (buffer.length > MAX_SHARE_INPUT) throw new Error('Received image too large');
+
+  let metadata;
+  try {
+    metadata = await sharp(buffer).metadata();
+  } catch {
+    throw new Error('Invalid received image');
+  }
+
+  if (!metadata.format || !ALLOWED_FORMATS.has(metadata.format)) {
+    throw new Error(`Rejected format: ${metadata.format || 'unknown'}`);
+  }
+
+  const output = await sharp(buffer)
+    .resize(SHARE_IMAGE_SIZE, SHARE_IMAGE_SIZE, { fit: 'inside', withoutEnlargement: true })
+    .rotate()
+    .webp({ quality: 80 })
+    .toBuffer();
+
+  const hash = contentHash(output);
+  return { buffer: output, hash, format: 'webp' };
+}
+
+export function saveImage(hash, buffer) {
+  ensureImagesDir();
+  const filePath = path.join(IMAGES_DIR, `${hash}.webp`);
+  if (!fs.existsSync(filePath)) {
+    fs.writeFileSync(filePath, buffer);
+  }
+  return filePath;
+}
+
+export function getImagePath(hash) {
+  return path.join(IMAGES_DIR, `${hash}.webp`);
+}
+
+export function hasImage(hash) {
+  return fs.existsSync(getImagePath(hash));
+}
+
+export function loadImage(hash) {
+  const p = getImagePath(hash);
+  if (!fs.existsSync(p)) return null;
+  return fs.readFileSync(p);
+}
+
+export function getImagesDir() {
+  ensureImagesDir();
+  return IMAGES_DIR;
+}

package/lib/core/imageTorrent.js

@@ -0,0 +1,167 @@
+import WebTorrent from 'webtorrent';
+import fs from 'fs';
+import path from 'path';
+import { processAvatar, processShareImage, sanitizeReceived, saveImage, hasImage, loadImage, getImagesDir } from './imageProcessor.js';
+import { DEFAULT_TRACKERS } from '../utils/torrent.js';
+
+let seedClient = null;
+const seededImages = new Map(); // hash → torrent
+const fetchCache = new Map();  // hash → Promise<Buffer>
+
+const FETCH_TIMEOUT = 30_000;
+const MAX_CONCURRENT_FETCHES = 5;
+let activeFetches = 0;
+
+// Rate limiting: max 1 avatar update per hour per identity
+const lastAvatarUpdate = new Map(); // publicKey → timestamp
+const AVATAR_RATE_LIMIT_MS = 60 * 60 * 1000;
+
+function getSeedClient() {
+  if (!seedClient) {
+    seedClient = new WebTorrent();
+    seedClient.on('error', () => {}); // prevent unhandled errors
+  }
+  return seedClient;
+}
+
+export function checkAvatarRateLimit(publicKey) {
+  const last = lastAvatarUpdate.get(publicKey);
+  if (last && Date.now() - last < AVATAR_RATE_LIMIT_MS) {
+    const waitMin = Math.ceil((AVATAR_RATE_LIMIT_MS - (Date.now() - last)) / 60000);
+    throw new Error(`Avatar can only be changed once per hour. Try again in ${waitMin} minute(s).`);
+  }
+}
+
+export function recordAvatarUpdate(publicKey) {
+  lastAvatarUpdate.set(publicKey, Date.now());
+}
+
+export async function seedImage(hash) {
+  if (seededImages.has(hash)) return seededImages.get(hash);
+
+  const buffer = loadImage(hash);
+  if (!buffer) throw new Error(`Image not found in cache: ${hash}`);
+
+  const client = getSeedClient();
+  const imagePath = path.join(getImagesDir(), `${hash}.webp`);
+
+  return new Promise((resolve, reject) => {
+    client.seed(imagePath, {
+      name: `${hash}.webp`,
+      announce: DEFAULT_TRACKERS,
+    }, (torrent) => {
+      seededImages.set(hash, {
+        magnetURI: torrent.magnetURI,
+        infoHash: torrent.infoHash,
+      });
+      resolve(seededImages.get(hash));
+    });
+
+    setTimeout(() => reject(new Error('Seed timeout')), 10_000);
+  });
+}
+
+export async function fetchImage(magnetOrInfoHash, expectedHash) {
+  if (expectedHash && hasImage(expectedHash)) {
+    return loadImage(expectedHash);
+  }
+
+  if (expectedHash && fetchCache.has(expectedHash)) {
+    return fetchCache.get(expectedHash);
+  }
+
+  if (activeFetches >= MAX_CONCURRENT_FETCHES) {
+    throw new Error('Too many concurrent image fetches');
+  }
+
+  const promise = _doFetch(magnetOrInfoHash, expectedHash);
+  if (expectedHash) fetchCache.set(expectedHash, promise);
+  return promise;
+}
+
+async function _doFetch(magnetOrInfoHash, expectedHash) {
+  activeFetches++;
+  const client = new WebTorrent();
+
+  try {
+    const buffer = await new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        client.destroy();
+        reject(new Error('Image fetch timeout'));
+      }, FETCH_TIMEOUT);
+
+      client.add(magnetOrInfoHash, { announce: DEFAULT_TRACKERS, path: getImagesDir() }, (torrent) => {
+        const file = torrent.files[0];
+        if (!file) {
+          clearTimeout(timer);
+          client.destroy();
+          reject(new Error('No file in torrent'));
+          return;
+        }
+
+        if (file.length > 512 * 1024) {
+          clearTimeout(timer);
+          client.destroy();
+          reject(new Error('Image torrent file too large'));
+          return;
+        }
+
+        file.getBuffer((err, buf) => {
+          clearTimeout(timer);
+          client.destroy();
+          if (err) return reject(err);
+          resolve(buf);
+        });
+      });
+    });
+
+    // Defense in depth: re-encode received image
+    const sanitized = await sanitizeReceived(buffer);
+
+    if (expectedHash && sanitized.hash !== expectedHash) {
+      throw new Error('Image hash mismatch — possible tampering');
+    }
+
+    saveImage(sanitized.hash, sanitized.buffer);
+    return sanitized.buffer;
+  } finally {
+    activeFetches--;
+    if (expectedHash) fetchCache.delete(expectedHash);
+  }
+}
+
+export async function setAvatarImage(inputBuffer, publicKey) {
+  checkAvatarRateLimit(publicKey);
+
+  const processed = await processAvatar(inputBuffer);
+  saveImage(processed.hash, processed.buffer);
+
+  const torrentInfo = await seedImage(processed.hash);
+  recordAvatarUpdate(publicKey);
+
+  return {
+    avatarHash: processed.hash,
+    avatarMagnet: torrentInfo.magnetURI,
+  };
+}
+
+export async function setShareCoverImage(inputBuffer) {
+  const processed = await processShareImage(inputBuffer);
+  saveImage(processed.hash, processed.buffer);
+
+  const torrentInfo = await seedImage(processed.hash);
+
+  return {
+    coverImageHash: processed.hash,
+    coverImageMagnet: torrentInfo.magnetURI,
+  };
+}
+
+export function destroySeedClient() {
+  if (seedClient) {
+    seedClient.destroy();
+    seedClient = null;
+  }
+  seededImages.clear();
+  fetchCache.clear();
+}

package/lib/core/permissions.js

@@ -9,7 +9,7 @@ const AUDIT_MAX = 500;
 export function requireIdentity() {
   const identity = config.get('identity');
   if (!identity || !identity.publicKey) {
-    throw new Error('No identity found. Run `pe init` first.');
+    throw new Error('No identity found. Run `pal init` first.');
   }
   return identity;
 }

package/lib/core/pro.js

@@ -5,17 +5,24 @@ export const FREE_LIMITS = {
   maxShareRecipients: PLANS.free.limits.maxRecipients,
 };
 
-// BETA: all features unlocked — re-enable billing when ready
+// Check if user has a Pro or Enterprise plan
 export function isPro() {
-  return true;
+  const plan = billingGetActivePlan();
+  return !!(plan && plan.id !== 'free');
 }
 
 export function isEnterprise() {
-  return true;
+  const plan = billingGetActivePlan();
+  return plan && plan.id === 'enterprise';
 }
 
 export function checkLimit(feature, currentCount) {
-  return;
+  if (isPro()) return;
+  
+  const limit = FREE_LIMITS[feature];
+  if (limit !== undefined && currentCount > limit) {
+    throw new Error(`Free tier limit reached for ${feature} (max ${limit})`);
+  }
 }
 
 export { getFeature, checkFeature, getPlanLimits };

package/lib/core/serverList.js

@@ -7,7 +7,10 @@ const WRITE_TRUST_THRESHOLD = 3; // only bootstrap and user-trusted servers can
 
 // Bootstrap servers are injected by extensions (e.g. discovery).
 // Core is pure P2P — no hardcoded server dependencies.
-const BOOTSTRAP_SERVERS = [];
+const BOOTSTRAP_SERVERS = [
+  'http://138.2.142.188',
+  'stun:stun.l.google.com:19302'
+];
 
 let cachedServers = null;
 let healthSortedServers = null; // sorted by health + latency, updated by health checks

package/lib/core/shares.js

@@ -178,10 +178,15 @@ export function updateShare(idOrPath, updates) {
   if (!share) throw new Error('Share not found.');
 
   const allowed = ['visibility', 'recipients', 'sharedWithGroups', 'sharedWithNetworks',
-    'streamable', 'recursive', 'name', 'permissions'];
+    'streamable', 'recursive', 'name', 'permissions',
+    'category', 'description', 'color', 'icon', 'tags',
+    'coverImageHash', 'coverImageMagnet'];
   for (const key of allowed) {
     if (updates[key] !== undefined) share[key] = updates[key];
   }
+  if (updates.tags) {
+    share.tags = Array.isArray(updates.tags) ? updates.tags.slice(0, 20).map(t => String(t).slice(0, 30)) : [];
+  }
   share.updatedAt = new Date().toISOString();
   config.set('shares', shares); signConfigKey('shares').catch(() => {});
   return share;
@@ -203,6 +208,12 @@ export function getShareSummary() {
     hasMagnet: !!s.magnet,
     hasPassword: !!s.password,
     recursive: s.recursive !== false,
+    category: s.category || null,
+    description: s.description || null,
+    color: s.color || null,
+    icon: s.icon || null,
+    tags: s.tags || [],
+    coverImageHash: s.coverImageHash || null,
     createdAt: s.createdAt,
     updatedAt: s.updatedAt,
   }));

package/lib/core/signalingServer.js

@@ -383,17 +383,22 @@ export function getPort() {
 // Client helper — send a request to a peer's signaling port and get a response
 export function sendRequest(host, port, request, timeout = 3000) {
   return new Promise((resolve, reject) => {
+    let closing = false;
     const socket = net.createConnection({ host, port }, () => {
+      if (closing) return;
       socket.write(frameMessage(request));
     });
 
     let buffer = Buffer.alloc(0);
     const timer = setTimeout(() => {
+      if (closing) return;
+      closing = true;
       socket.destroy();
       reject(new Error('Timeout'));
     }, timeout);
 
     socket.on('data', (chunk) => {
+      if (closing) return;
       buffer = Buffer.concat([buffer, chunk]);
       if (buffer.length >= 4) {
         const msgLen = buffer.readUInt32BE(0);
@@ -405,18 +410,25 @@ export function sendRequest(host, port, request, timeout = 3000) {
           } catch (e) {
             reject(e);
           }
-          socket.end();
+          if (!closing) {
+            closing = true;
+            socket.end();
+          }
         }
       }
     });
 
     socket.on('error', (err) => {
       clearTimeout(timer);
-      reject(err);
+      if (!closing) {
+        closing = true;
+        reject(err);
+      }
     });
 
     socket.on('close', () => {
       clearTimeout(timer);
+      closing = true;
     });
   });
 }

package/lib/core/su.js

@@ -45,7 +45,7 @@ export function isAuthenticated() {
 
 export function requireSu() {
   if (isAuthenticated()) return true;
-  throw new Error('This command requires super user access. Run "pe su auth" first or set PAL_SU_TOKEN.');
+  throw new Error('This command requires super user access. Run "pal su auth" first or set PAL_SU_TOKEN.');
 }
 
 export function removeSuToken() {

package/lib/core/users.js

@@ -133,7 +133,7 @@ export function isOwner(publicKey) {
 
 export function requireRole(minRole) {
   const active = getActiveUser();
-  if (!active) throw new Error('No active user. Run `pe login` first.');
+  if (!active) throw new Error('No active user. Run `pal login` first.');
 
   const roleLevel = { owner: 2, user: 1, guest: 0 };
   if ((roleLevel[active.role] || 0) < (roleLevel[minRole] || 0)) {

package/lib/protocol/messages.js

@@ -4,7 +4,7 @@ import { create, createEncrypted } from './envelope.js';
 
 // ── Identity & Discovery ──
 
-export function identityAnnounce(keyPair, { handle, deviceId, deviceName, version, lanAddresses, capabilities }) {
+export function identityAnnounce(keyPair, { handle, deviceId, deviceName, version, lanAddresses, capabilities, profile }) {
   return create('identity.announce', keyPair, null, {
     handle,
     deviceId,
@@ -15,6 +15,7 @@ export function identityAnnounce(keyPair, { handle, deviceId, deviceName, versio
       lan: lanAddresses || [],
       public: null,
     },
+    profile: profile || null,
   });
 }
 
@@ -22,7 +23,7 @@ export function identityResolve(keyPair, handle) {
   return create('identity.resolve', keyPair, null, { handle });
 }
 
-export function identityResponse(keyPair, requesterPK, { handle, publicKey, deviceId, capabilities, lastSeen, source }) {
+export function identityResponse(keyPair, requesterPK, { handle, publicKey, deviceId, capabilities, lastSeen, source, profile }) {
   return create('identity.response', keyPair, requesterPK, {
     handle,
     publicKey,
@@ -30,6 +31,7 @@ export function identityResponse(keyPair, requesterPK, { handle, publicKey, devi
     capabilities: capabilities || [],
     lastSeen: lastSeen || new Date().toISOString(),
     source: source || 'server',
+    profile: profile || null,
   });
 }
 
@@ -39,7 +41,7 @@ export function heartbeat(keyPair, { handle, deviceId }) {
 
 // ── Share Negotiation ──
 
-export function shareOffer(keyPair, recipientPK, { shareId, name, type, totalSize, fileCount, policy, preview }) {
+export function shareOffer(keyPair, recipientPK, { shareId, name, type, totalSize, fileCount, policy, preview, category, description, tags, color, icon, coverImageHash, coverImageMagnet }) {
   return createEncrypted('share.offer', keyPair, recipientPK, {
     shareId,
     name,
@@ -48,6 +50,13 @@ export function shareOffer(keyPair, recipientPK, { shareId, name, type, totalSiz
     fileCount: fileCount || 0,
     preview: preview || null,
     policy: policy || {},
+    category: category || null,
+    description: description || null,
+    tags: tags || null,
+    color: color || null,
+    icon: icon || null,
+    coverImageHash: coverImageHash || null,
+    coverImageMagnet: coverImageMagnet || null,
     encryption: {
       algorithm: 'xchacha20-poly1305',
       chunkSize: 65536,

package/lib/utils/explorer.js

@@ -16,7 +16,7 @@ export async function installExplorerContextMenu() {
 
   const exePath = process.execPath;
   const scriptPath = path.resolve(__dirname, '../../bin/pal.js');
-  // Command to run: pe share "filepath"
+  // Command to run: pal share "filepath"
   // For the GUI, we might want a specific handler that opens the GUI
   const command = `"${exePath}" "${scriptPath}" gui-share "%1"`;