npm - peertube-plugin-static-review - Versions diffs - 1.0.3 - Mend

peertube-plugin-static-review 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +94 -0
package/client-scripts/client.js +259 -0
package/main.js +234 -0
package/package.json +27 -0

package/README.md ADDED Viewed

@@ -0,0 +1,94 @@
+# peertube-plugin-static-review
+A lightweight admin dev tools plugin for [PeerTube](https://joinpeertube.org/) that provides system monitoring, file browsing, and an optional command terminal — all from within the PeerTube admin interface.
+## Features
+- **Logs Viewer** — In-memory log viewer with filtering by type (system, video, user) and one-click clear
+- **System Info** — Real-time server stats including CPU, memory, uptime, load average, and Node.js version
+- **Environment Variables** — View PeerTube-related environment variables (secrets are masked)
+- **File Browser** — Browse the server filesystem with support for absolute paths, file preview, and file downloads
+- **Terminal** — Execute shell commands on the server as the PeerTube user (disabled by default, must be explicitly enabled)
+## Screenshots
+Access everything from a single tabbed interface via the **Dev Tools** sidebar link.
+## Requirements
+- PeerTube **v4.0.0** or later
+- Admin-level access
+## Installation
+### From npm
+```bash
+cd /var/www/peertube/peertube-latest
+sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production \
+  npm run plugin:install -- --npm-name peertube-plugin-static-review
+sudo systemctl restart peertube
+```
+Or install from the PeerTube admin UI under **Administration → Plugins/Themes → Search** and search for `static-review`.
+### From source
+```bash
+git clone https://github.com/michaeljsjmartin/peertube-plugin-static-review.git /tmp/peertube-plugin-static-review
+cd /var/www/peertube/peertube-latest
+sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production \
+  npm run plugin:install -- --plugin-path /tmp/peertube-plugin-static-review
+sudo systemctl restart peertube
+```
+## Usage
+After installation, click **🛠️ Dev Tools** in the left sidebar (you must be logged in as an admin).
+### Settings
+Go to **Administration → Plugins → static-review → Settings** to configure:
+| Setting | Description | Default |
+|---|---|---|
+| **Enable Command Execution** | Enables the terminal tab. Only turn this on if you understand the risks. | `false` |
+| **Command Timeout** | Max execution time for commands in seconds | `30` |
+| **Allowed File Browser Paths** | Comma-separated list of allowed paths, or `*` for unrestricted | `*` |
+## Security
+- All API endpoints require admin authentication
+- Command execution is **disabled by default** and must be explicitly enabled in settings
+- Environment variable output masks values containing `PASSWORD`, `SECRET`, or `KEY`
+- File path traversal (`..`) is stripped from all requests
+- Commands run as the PeerTube system user, not root (unless PeerTube itself runs as root, which is not recommended)
+> ⚠️ **Warning**: Enabling command execution gives full shell access as the PeerTube user. Only enable this in trusted environments.
+## Uninstallation
+```bash
+cd /var/www/peertube/peertube-latest
+sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production \
+  npm run plugin:uninstall -- --npm-name peertube-plugin-static-review
+sudo systemctl restart peertube
+```
+## Troubleshooting
+| Symptom | Fix |
+|---|---|
+| Sidebar link missing | Ensure plugin is enabled in admin UI, restart PeerTube, hard-refresh browser (`Ctrl+Shift+R`) |
+| 404 on client page | Bump version in `package.json`, reinstall, and restart to bust cache |
+| 403 on API calls | Must be logged in as admin |
+| "No settings" in admin | Uninstall, restart, reinstall, restart again |
+| ENOENT errors | Check that the file path exists and is readable by the PeerTube user |
+## License
+MIT
+## Author
+[michaeljsjmartin](https://github.com/michaeljsjmartin)

package/client-scripts/client.js ADDED Viewed

@@ -0,0 +1,259 @@
+async function register ({ registerClientRoute, registerHook, peertubeHelpers }) {
+  registerHook({
+    target: 'filter:left-menu.links.create.result',
+    handler: (items) => {
+      return [...items, {
+        key: 'static-review',
+        title: 'Dev Tools',
+        links: [{
+          label: '🛠️ Dev Tools',
+          icon: 'cog',
+          shortLabel: 'DevTools',
+          path: '/p/devtools'
+        }]
+      }]
+    }
+  })
+  registerClientRoute({
+    route: 'devtools',
+    onMount: ({ rootEl }) => {
+      const base = peertubeHelpers.getBaseRouterRoute()
+      async function api (endpoint, opts = {}) {
+        const auth = peertubeHelpers.getAuthHeader() || {}
+        const res = await fetch(`${base}/${endpoint}`, {
+          ...opts,
+          headers: { 'Content-Type': 'application/json', ...auth, ...(opts.headers || {}) }
+        })
+        if (!res.ok) {
+          const e = await res.json().catch(() => ({ error: res.statusText }))
+          throw new Error(e.error || res.statusText)
+        }
+        return res.json()
+      }
+      rootEl.innerHTML = `
+        <div style="padding:20px;font-family:sans-serif;max-width:1100px;margin:0 auto">
+          <h1>🛠️ Admin Dev Tools</h1>
+          <div id="tabs" style="display:flex;border-bottom:2px solid #ddd;margin-bottom:20px">
+            <button class="tb" data-t="logs"     style="padding:10px 18px;border:none;background:none;cursor:pointer;color:#f1680d;border-bottom:3px solid #f1680d;font-size:14px">Logs</button>
+            <button class="tb" data-t="system"   style="padding:10px 18px;border:none;background:none;cursor:pointer;color:#666;font-size:14px">System</button>
+            <button class="tb" data-t="env"      style="padding:10px 18px;border:none;background:none;cursor:pointer;color:#666;font-size:14px">Env</button>
+            <button class="tb" data-t="files"    style="padding:10px 18px;border:none;background:none;cursor:pointer;color:#666;font-size:14px">Files</button>
+            <button class="tb" data-t="terminal" style="padding:10px 18px;border:none;background:none;cursor:pointer;color:#666;font-size:14px">Terminal</button>
+          </div>
+          <div id="p-logs">
+            <div style="display:flex;gap:8px;margin-bottom:12px">
+              <button id="rl" style="padding:6px 14px;background:#f1680d;color:#fff;border:none;border-radius:4px;cursor:pointer">Refresh</button>
+              <button id="cl" style="padding:6px 14px;background:#888;color:#fff;border:none;border-radius:4px;cursor:pointer">Clear</button>
+              <select id="lf" style="padding:6px;border:1px solid #ddd;border-radius:4px">
+                <option value="">All</option>
+                <option value="system">System</option>
+                <option value="video">Video</option>
+                <option value="user">User</option>
+              </select>
+            </div>
+            <div id="lo" style="background:#fafafa;border:1px solid #ddd;border-radius:4px;padding:12px;max-height:500px;overflow-y:auto;font-family:monospace;font-size:12px">Loading...</div>
+          </div>
+          <div id="p-system" style="display:none">
+            <button id="rs" style="padding:6px 14px;background:#f1680d;color:#fff;border:none;border-radius:4px;cursor:pointer;margin-bottom:12px">Refresh</button>
+            <pre id="so" style="background:#fafafa;border:1px solid #ddd;border-radius:4px;padding:12px;max-height:500px;overflow-y:auto;font-size:12px">Click Refresh</pre>
+          </div>
+          <div id="p-env" style="display:none">
+            <button id="re" style="padding:6px 14px;background:#f1680d;color:#fff;border:none;border-radius:4px;cursor:pointer;margin-bottom:12px">Refresh</button>
+            <pre id="eo" style="background:#fafafa;border:1px solid #ddd;border-radius:4px;padding:12px;max-height:500px;overflow-y:auto;font-size:12px">Click Refresh</pre>
+          </div>
+          <div id="p-files" style="display:none">
+            <div style="display:flex;gap:8px;margin-bottom:12px;align-items:center">
+              <span style="font-size:13px;color:#666">Path:</span>
+              <input id="fp" type="text" placeholder="e.g. /var/www/peertube" value=""
+                style="flex:1;padding:6px 10px;border:1px solid #ddd;border-radius:4px;font-family:monospace;font-size:13px">
+              <button id="fg" style="padding:6px 14px;background:#f1680d;color:#fff;border:none;border-radius:4px;cursor:pointer">Go</button>
+              <button id="rf" style="padding:6px 14px;background:#888;color:#fff;border:none;border-radius:4px;cursor:pointer">Refresh</button>
+            </div>
+            <div style="display:flex;gap:8px;margin-bottom:12px;align-items:center">
+              <div id="bc" style="flex:1;font-size:13px"></div>
+            </div>
+            <div id="fo" style="background:#fafafa;border:1px solid #ddd;border-radius:4px;padding:12px;max-height:400px;overflow-y:auto;font-size:13px"></div>
+            <div id="fc" style="display:none;margin-top:12px">
+              <button id="xf" style="padding:6px 14px;background:#888;color:#fff;border:none;border-radius:4px;cursor:pointer;margin-bottom:8px">Close</button>
+              <pre id="ft" style="background:#fafafa;border:1px solid #ddd;border-radius:4px;padding:12px;max-height:400px;overflow-y:auto;font-size:12px"></pre>
+            </div>
+          </div>
+          <div id="p-terminal" style="display:none">
+            <div style="background:#fff3cd;border:2px solid #ffc107;border-radius:6px;padding:12px;margin-bottom:16px;text-align:center">
+              ⚠️ <strong>Runs commands as the PeerTube user. Enable in plugin settings first.</strong><br>
+              <span id="cs" style="display:inline-block;margin-top:6px;padding:3px 10px;border-radius:4px;font-size:13px;background:#f8d7da;color:#dc3545">DISABLED</span>
+            </div>
+            <div style="display:flex;gap:8px;margin-bottom:8px;align-items:center">
+              <span style="color:#aaa;font-size:12px;font-family:monospace">cwd:</span>
+              <input id="cwd" type="text" placeholder="/var/www/peertube (blank = default)" autocomplete="off"
+                style="flex:1;padding:6px 10px;background:#2d2d2d;border:1px solid #444;border-radius:4px;color:#fff;font-family:monospace;font-size:12px">
+            </div>
+            <div style="display:flex;gap:8px;margin-bottom:12px">
+              <div style="flex:1;display:flex;align-items:center;background:#2d2d2d;padding:8px 12px;border-radius:4px">
+                <span style="color:#4caf50;margin-right:8px;font-family:monospace;font-weight:bold">$</span>
+                <input id="ci" type="text" placeholder="command..." autocomplete="off"
+                  style="flex:1;background:transparent;border:none;outline:none;color:#fff;font-family:monospace;font-size:13px">
+              </div>
+              <button id="rx" style="padding:8px 16px;background:#dc3545;color:#fff;border:none;border-radius:4px;cursor:pointer;font-weight:bold">Run</button>
+              <button id="cx" style="padding:8px 16px;background:#666;color:#fff;border:none;border-radius:4px;cursor:pointer">Clear</button>
+            </div>
+            <div id="to" style="background:#1e1e1e;color:#d4d4d4;min-height:250px;max-height:500px;overflow-y:auto;font-family:monospace;font-size:12px;padding:12px;border-radius:4px"></div>
+          </div>
+        </div>
+      `
+      // Tab switching
+      const panels = { logs:'p-logs', system:'p-system', env:'p-env', files:'p-files', terminal:'p-terminal' }
+      rootEl.querySelectorAll('.tb').forEach(b => b.addEventListener('click', () => {
+        rootEl.querySelectorAll('.tb').forEach(x => { x.style.color='#666'; x.style.borderBottom='none' })
+        b.style.color = '#f1680d'; b.style.borderBottom = '3px solid #f1680d'
+        Object.values(panels).forEach(id => rootEl.querySelector('#'+id).style.display = 'none')
+        rootEl.querySelector('#' + panels[b.dataset.t]).style.display = 'block'
+      }))
+      // Logs
+      let lf = ''
+      async function loadLogs () {
+        const out = rootEl.querySelector('#lo')
+        try {
+          const p = new URLSearchParams({ limit: 100 })
+          if (lf) p.append('type', lf)
+          const d = await api('logs?' + p)
+          if (!d.logs.length) { out.textContent = 'No logs yet.'; return }
+          out.innerHTML = d.logs.map(l => `
+            <div style="border-left:3px solid #3498db;padding:8px;margin-bottom:6px;background:#fff;border-radius:2px">
+              <div style="display:flex;justify-content:space-between;margin-bottom:2px">
+                <span style="color:#999;font-size:10px">${new Date(l.timestamp).toLocaleString()}</span>
+                <span style="font-size:10px;padding:1px 5px;background:#eee;border-radius:2px">${l.type}</span>
+              </div>
+              <div>${l.message}</div>
+              ${Object.keys(l.data||{}).length ? `<pre style="font-size:10px;background:#f5f5f5;padding:4px;margin-top:4px">${JSON.stringify(l.data,null,2)}</pre>` : ''}
+            </div>`).join('')
+        } catch(e) { out.textContent = 'Error: ' + e.message }
+      }
+      rootEl.querySelector('#rl').addEventListener('click', loadLogs)
+      rootEl.querySelector('#lf').addEventListener('change', e => { lf = e.target.value; loadLogs() })
+      rootEl.querySelector('#cl').addEventListener('click', async () => {
+        if (!confirm('Clear logs?')) return
+        try { await api('logs/clear', { method:'POST' }); loadLogs() } catch(e) { alert(e.message) }
+      })
+      // System
+      rootEl.querySelector('#rs').addEventListener('click', async () => {
+        const o = rootEl.querySelector('#so'); o.textContent = 'Loading...'
+        try { o.textContent = JSON.stringify(await api('system-info'), null, 2) } catch(e) { o.textContent = 'Error: '+e.message }
+      })
+      // Env
+      rootEl.querySelector('#re').addEventListener('click', async () => {
+        const o = rootEl.querySelector('#eo'); o.textContent = 'Loading...'
+        try { o.textContent = JSON.stringify(await api('env'), null, 2) } catch(e) { o.textContent = 'Error: '+e.message }
+      })
+      // Files
+      let cp = ''
+      const fpInput = rootEl.querySelector('#fp')
+      rootEl.querySelector('#fg').addEventListener('click', () => loadFiles(fpInput.value.trim()))
+      fpInput.addEventListener('keydown', e => { if (e.key === 'Enter') loadFiles(fpInput.value.trim()) })
+      async function loadFiles (p='') {
+        const out = rootEl.querySelector('#fo'); out.textContent = 'Loading...'
+        fpInput.value = p
+        try {
+          const d = await api('files?path=' + encodeURIComponent(p))
+          cp = d.path || ''
+          fpInput.value = cp
+          const parts = cp ? cp.split('/') : []
+          const bc = rootEl.querySelector('#bc')
+          bc.innerHTML = `<a href="#" data-p="" style="color:#f1680d">root</a>` +
+            parts.map((x,i) => ` / <a href="#" data-p="${parts.slice(0,i+1).join('/')}" style="color:#f1680d">${x}</a>`).join('')
+          bc.querySelectorAll('a').forEach(a => a.addEventListener('click', e => { e.preventDefault(); loadFiles(a.dataset.p) }))
+          out.innerHTML = d.items.map(item => `
+            <div style="display:flex;align-items:center;gap:8px;padding:7px;border-bottom:1px solid #eee">
+              <span>${item.type==='directory'?'📁':'📄'}</span>
+              <a href="#" data-p="${item.path}" data-type="${item.type}" style="flex:1;color:#f1680d;text-decoration:none">${item.name}</a>
+              <span style="color:#aaa;font-size:11px">${item.type==='file'?(item.size/1024).toFixed(1)+' KB':''}</span>
+              ${item.type==='file'?`<a href="#" data-dl="${item.path}" style="color:#888;font-size:11px;text-decoration:none;padding:2px 6px;border:1px solid #ddd;border-radius:3px" title="Download">⬇</a>`:''}
+            </div>`).join('')
+          out.querySelectorAll('a[data-p]').forEach(a => a.addEventListener('click', async e => {
+            e.preventDefault()
+            if (a.dataset.type === 'directory') { loadFiles(a.dataset.p); return }
+            try {
+              const f = await api('files/content?path=' + encodeURIComponent(a.dataset.p))
+              rootEl.querySelector('#ft').textContent = f.content
+              rootEl.querySelector('#fc').style.display = 'block'
+            } catch(err) { alert(err.message) }
+          }))
+          out.querySelectorAll('a[data-dl]').forEach(a => a.addEventListener('click', e => {
+            e.preventDefault()
+            const auth = peertubeHelpers.getAuthHeader() || {}
+            const url = `${base}/files/download?path=${encodeURIComponent(a.dataset.dl)}`
+            fetch(url, { headers: auth }).then(r => r.blob()).then(blob => {
+              const link = document.createElement('a')
+              link.href = URL.createObjectURL(blob)
+              link.download = a.dataset.dl.split('/').pop()
+              link.click()
+              URL.revokeObjectURL(link.href)
+            }).catch(err => alert('Download failed: ' + err.message))
+          }))
+          rootEl.querySelector('#fc').style.display = 'none'
+        } catch(e) { out.textContent = 'Error: '+e.message }
+      }
+      rootEl.querySelector('#rf').addEventListener('click', () => loadFiles(cp))
+      rootEl.querySelector('#xf').addEventListener('click', () => rootEl.querySelector('#fc').style.display = 'none')
+      // Terminal
+      async function checkCmd () {
+        try {
+          const d = await api('execute/status')
+          const el = rootEl.querySelector('#cs')
+          if (d.enabled) { el.textContent = '✓ ENABLED'; el.style.background='#d4edda'; el.style.color='#28a745' }
+          return d.enabled
+        } catch { return false }
+      }
+      async function runCmd () {
+        const cmd = rootEl.querySelector('#ci').value.trim()
+        if (!cmd) return
+        if (!await checkCmd()) { alert('Enable command execution in plugin settings first.'); return }
+        if (!confirm('Run on server: ' + cmd)) return
+        const out = rootEl.querySelector('#to')
+        const div = document.createElement('div')
+        div.style.cssText = 'margin-bottom:12px;padding-bottom:12px;border-bottom:1px solid #3d3d3d'
+        div.innerHTML = `<div style="color:#4caf50">$ ${cmd}</div><div style="color:#ffc107">running...</div>`
+        out.appendChild(div); out.scrollTop = out.scrollHeight
+        try {
+          const d = await api('execute', { method:'POST', body: JSON.stringify({ command: cmd, cwd: rootEl.querySelector('#cwd').value.trim() || undefined }) })
+          div.querySelector('div:last-child').remove()
+          const r = document.createElement('div')
+          r.style.cssText = `border-left:3px solid ${d.success?'#28a745':'#dc3545'};padding-left:8px`
+          if (d.stdout) r.innerHTML += `<pre style="margin:4px 0;white-space:pre-wrap">${d.stdout}</pre>`
+          if (d.stderr)  r.innerHTML += `<pre style="margin:4px 0;color:#ffc107;white-space:pre-wrap">${d.stderr}</pre>`
+          r.innerHTML += `<div style="color:#666;font-size:11px;margin-top:4px">exit ${d.exitCode} · ${d.duration}ms</div>`
+          div.appendChild(r)
+          rootEl.querySelector('#ci').value = ''
+        } catch(e) { div.querySelector('div:last-child').textContent = '❌ '+e.message }
+        out.scrollTop = out.scrollHeight
+      }
+      rootEl.querySelector('#rx').addEventListener('click', runCmd)
+      rootEl.querySelector('#ci').addEventListener('keydown', e => { if(e.key==='Enter') runCmd() })
+      rootEl.querySelector('#cx').addEventListener('click', () => { if(confirm('Clear?')) rootEl.querySelector('#to').innerHTML='' })
+      // Init
+      loadLogs()
+      loadFiles()
+      checkCmd()
+    }
+  })
+}
+function unregister () {}
+export { register, unregister }

package/main.js ADDED Viewed

@@ -0,0 +1,234 @@
+const fs = require('fs').promises
+const path = require('path')
+const os = require('os')
+async function register({
+  registerSetting,
+  settingsManager,
+  peertubeHelpers,
+  getRouter
+}) {
+  const logger = peertubeHelpers.logger
+  const router = getRouter()
+  const adminOnly = async (req, res, next) => {
+    const user = await peertubeHelpers.user.getAuthUser(res)
+    if (!user || user.role !== 0) {
+      return res.status(403).json({ error: 'Admin access required' })
+    }
+    next()
+  }
+  registerSetting({
+    name: 'enable-command-execution',
+    label: 'Enable Command Execution (DANGER)',
+    type: 'input-checkbox',
+    default: false,
+    private: false
+  })
+  registerSetting({
+    name: 'command-timeout',
+    label: 'Command Timeout (seconds)',
+    type: 'input',
+    default: '30',
+    private: false
+  })
+  registerSetting({
+    name: 'allowed-paths',
+    label: 'Allowed File Browser Paths (comma-separated, use * for all)',
+    type: 'input-textarea',
+    default: '*',
+    private: false
+  })
+  // In-memory log store
+  const logs = []
+  const addLog = (type, message, data = {}) => {
+    logs.unshift({
+      timestamp: new Date().toISOString(),
+      type,
+      message,
+      data
+    })
+    if (logs.length > 1000) logs.length = 1000
+  }
+  // GET /logs
+  router.get('/logs', adminOnly, (req, res) => {
+    const { limit = 100, type } = req.query
+    let result = type ? logs.filter(l => l.type === type) : logs
+    res.json({ logs: result.slice(0, parseInt(limit)), total: result.length })
+  })
+  // POST /logs/clear
+  router.post('/logs/clear', adminOnly, (req, res) => {
+    const count = logs.length
+    logs.length = 0
+    res.json({ success: true, cleared: count })
+  })
+  // GET /system-info
+  router.get('/system-info', adminOnly, (req, res) => {
+    res.json({
+      platform: os.platform(),
+      arch: os.arch(),
+      nodeVersion: process.version,
+      hostname: os.hostname(),
+      uptime: os.uptime(),
+      processUptime: process.uptime(),
+      cpus: os.cpus().length,
+      totalMemory: os.totalmem(),
+      freeMemory: os.freemem(),
+      loadAverage: os.loadavg(),
+      processMemory: process.memoryUsage()
+    })
+  })
+  // GET /env
+  router.get('/env', adminOnly, (req, res) => {
+    const safe = {}
+    for (const [k, v] of Object.entries(process.env)) {
+      if (/^(PEERTUBE_|NODE_|DATABASE_|REDIS_)/.test(k)) {
+        safe[k] = /PASSWORD|SECRET|KEY/.test(k) ? '***' : v
+      }
+    }
+    res.json(safe)
+  })
+  // Helper to get allowed paths with fallback
+  const getAllowedPaths = async () => {
+    const raw = (await settingsManager.getSetting('allowed-paths')) || '*'
+    return raw.split(',').map(p => p.trim())
+  }
+  const isPathAllowed = (reqPath, allowed) => {
+    if (allowed.includes('*')) return true
+    return reqPath === '' || allowed.some(a => reqPath === a || reqPath.startsWith(a + '/'))
+  }
+  const resolvePath = (reqPath) => {
+    if (reqPath.startsWith('/')) return reqPath
+    return path.join(process.cwd(), reqPath)
+  }
+  // GET /files
+  router.get('/files', adminOnly, async (req, res) => {
+    try {
+      const allowed = await getAllowedPaths()
+      let reqPath = (req.query.path || '').replace(/\.\./g, '')
+      if (!isPathAllowed(reqPath, allowed)) {
+        return res.status(403).json({ error: 'Path not allowed', allowedPaths: allowed })
+      }
+      const full = resolvePath(reqPath)
+      const stat = await fs.stat(full)
+      if (!stat.isDirectory()) return res.status(400).json({ error: 'Not a directory' })
+      const entries = await fs.readdir(full, { withFileTypes: true })
+      const items = await Promise.all(entries.map(async e => {
+        const s = await fs.stat(path.join(full, e.name))
+        return {
+          name: e.name,
+          type: e.isDirectory() ? 'directory' : 'file',
+          size: s.size,
+          modified: s.mtime,
+          path: reqPath ? reqPath.replace(/\/$/, '') + '/' + e.name : e.name
+        }
+      }))
+      items.sort((a, b) => a.type !== b.type ? (a.type === 'directory' ? -1 : 1) : a.name.localeCompare(b.name))
+      res.json({ path: reqPath, items })
+    } catch (err) {
+      res.status(500).json({ error: err.message })
+    }
+  })
+  // GET /files/content
+  router.get('/files/content', adminOnly, async (req, res) => {
+    try {
+      const allowed = await getAllowedPaths()
+      let reqPath = (req.query.path || '').replace(/\.\./g, '')
+      if (!isPathAllowed(reqPath, allowed)) {
+        return res.status(403).json({ error: 'Path not allowed' })
+      }
+      const full = resolvePath(reqPath)
+      const stat = await fs.stat(full)
+      if (stat.size > 1024 * 1024) return res.status(400).json({ error: 'File too large (max 1MB)' })
+      const content = await fs.readFile(full, 'utf8')
+      res.json({ path: reqPath, content, size: stat.size })
+    } catch (err) {
+      res.status(500).json({ error: err.message })
+    }
+  })
+  // GET /files/download
+  router.get('/files/download', adminOnly, async (req, res) => {
+    try {
+      const allowed = await getAllowedPaths()
+      let reqPath = (req.query.path || '').replace(/\.\./g, '')
+      if (!isPathAllowed(reqPath, allowed)) {
+        return res.status(403).json({ error: 'Path not allowed' })
+      }
+      const full = resolvePath(reqPath)
+      const stat = await fs.stat(full)
+      if (stat.isDirectory()) return res.status(400).json({ error: 'Cannot download a directory' })
+      const filename = path.basename(full)
+      res.setHeader('Content-Disposition', `attachment; filename="${filename}"`)
+      res.setHeader('Content-Length', stat.size)
+      const { createReadStream } = require('fs')
+      createReadStream(full).pipe(res)
+    } catch (err) {
+      res.status(500).json({ error: err.message })
+    }
+  })
+  // GET /health
+  router.get('/health', adminOnly, (req, res) => {
+    res.json({ status: 'ok', uptime: process.uptime(), logs: logs.length })
+  })
+  // GET /execute/status
+  router.get('/execute/status', adminOnly, async (req, res) => {
+    const enabled = await settingsManager.getSetting('enable-command-execution')
+    const timeout = parseInt(await settingsManager.getSetting('command-timeout') || '30') || 30
+    res.json({ enabled: enabled === true || enabled === 'true', timeout })
+  })
+  // POST /execute
+  router.post('/execute', adminOnly, async (req, res) => {
+    const enabled = await settingsManager.getSetting('enable-command-execution')
+    if (!enabled || enabled === 'false') {
+      return res.status(403).json({ error: 'Command execution is disabled.' })
+    }
+    const { command, cwd } = req.body
+    if (!command) return res.status(400).json({ error: 'Command required' })
+    const timeoutSec = parseInt(await settingsManager.getSetting('command-timeout') || '30') || 30
+    const { exec } = require('child_process')
+    const { promisify } = require('util')
+    const execAsync = promisify(exec)
+    const start = Date.now()
+    try {
+      const { stdout, stderr } = await execAsync(command, {
+        cwd: cwd || process.cwd(),
+        timeout: timeoutSec * 1000,
+        maxBuffer: 1024 * 1024
+      })
+      res.json({ success: true, stdout: stdout || '', stderr: stderr || '', exitCode: 0, duration: Date.now() - start })
+    } catch (e) {
+      res.json({ success: false, stdout: e.stdout || '', stderr: e.stderr || e.message, exitCode: e.code || 1, duration: Date.now() - start })
+    }
+  })
+  addLog('system', 'Static Review plugin loaded')
+  logger.info('Static Review plugin loaded')
+}
+async function unregister() {}
+module.exports = { register, unregister }

package/package.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "name": "peertube-plugin-static-review",
+  "version": "1.0.3",
+  "description": "Admin dev tools for PeerTube — logs, system info, file browser, and terminal",
+  "main": "./main.js",
+  "library": "./main.js",
+  "author": "michaeljsjmartin",
+  "license": "MIT",
+  "engine": {
+    "peertube": ">=4.0.0"
+  },
+  "keywords": ["peertube", "plugin"],
+  "homepage": "https://github.com/michaeljsjmartin/peertube-plugin-static-review",
+  "bugs": "https://github.com/michaeljsjmartin/peertube-plugin-static-review/issues",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/michaeljsjmartin/peertube-plugin-static-review.git"
+  },
+  "clientScripts": [
+    {
+      "script": "client-scripts/client.js",
+      "scopes": ["common"]
+    }
+  ],
+  "css": [],
+  "staticDirs": {}
+}