sessioncast-cli 1.0.0 → 1.1.0

package/dist/utils/fileUtils.js

@@ -0,0 +1,159 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeFilename = sanitizeFilename;
+exports.getUploadDirectory = getUploadDirectory;
+exports.handleUploadChunk = handleUploadChunk;
+exports.cleanupStaleUploads = cleanupStaleUploads;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+// Track ongoing uploads
+const pendingUploads = new Map();
+// Cleanup stale uploads after 5 minutes
+const UPLOAD_TIMEOUT_MS = 5 * 60 * 1000;
+/**
+ * Sanitize filename to prevent path traversal attacks
+ */
+function sanitizeFilename(filename) {
+    // Remove any path components
+    const basename = path.basename(filename);
+    // Remove potentially dangerous characters
+    return basename.replace(/[<>:"/\\|?*\x00-\x1f]/g, '_');
+}
+/**
+ * Get the working directory for file uploads
+ * Priority: SESSIONCAST_UPLOAD_DIR env var > current working directory
+ */
+function getUploadDirectory() {
+    return process.env.SESSIONCAST_UPLOAD_DIR || process.cwd();
+}
+/**
+ * Handle file upload chunk
+ * Returns upload result when all chunks are received, null otherwise
+ */
+async function handleUploadChunk(sessionId, meta, payload) {
+    const filename = sanitizeFilename(meta.filename);
+    const uploadKey = `${sessionId}:${filename}`;
+    const chunkIndex = parseInt(meta.chunkIndex, 10);
+    const totalChunks = parseInt(meta.totalChunks, 10);
+    const size = parseInt(meta.size, 10);
+    // Validate parameters
+    if (isNaN(chunkIndex) || isNaN(totalChunks) || isNaN(size)) {
+        return { success: false, error: 'Invalid upload metadata' };
+    }
+    // Check file size limit (10MB)
+    const MAX_FILE_SIZE = 10 * 1024 * 1024;
+    if (size > MAX_FILE_SIZE) {
+        return { success: false, error: `File too large. Max size: ${MAX_FILE_SIZE / 1024 / 1024}MB` };
+    }
+    // Get or create upload state
+    let state = pendingUploads.get(uploadKey);
+    if (!state) {
+        state = {
+            filename,
+            totalChunks,
+            receivedChunks: new Map(),
+            size,
+            mimeType: meta.mimeType,
+            createdAt: Date.now(),
+        };
+        pendingUploads.set(uploadKey, state);
+    }
+    // Decode and store chunk
+    try {
+        const chunkBuffer = Buffer.from(payload, 'base64');
+        state.receivedChunks.set(chunkIndex, chunkBuffer);
+        console.log(`[FileUpload] Received chunk ${chunkIndex + 1}/${totalChunks} for ${filename}`);
+    }
+    catch (e) {
+        pendingUploads.delete(uploadKey);
+        return { success: false, error: 'Failed to decode chunk data' };
+    }
+    // Check if all chunks received
+    if (state.receivedChunks.size === totalChunks) {
+        try {
+            // Assemble file from chunks
+            const chunks = [];
+            for (let i = 0; i < totalChunks; i++) {
+                const chunk = state.receivedChunks.get(i);
+                if (!chunk) {
+                    throw new Error(`Missing chunk ${i}`);
+                }
+                chunks.push(chunk);
+            }
+            const fileBuffer = Buffer.concat(chunks);
+            // Determine save path
+            const uploadDir = getUploadDirectory();
+            let savePath = path.join(uploadDir, filename);
+            // Handle filename collision
+            if (fs.existsSync(savePath)) {
+                const ext = path.extname(filename);
+                const basename = path.basename(filename, ext);
+                let counter = 1;
+                while (fs.existsSync(savePath)) {
+                    savePath = path.join(uploadDir, `${basename}_${counter}${ext}`);
+                    counter++;
+                }
+            }
+            // Write file
+            fs.writeFileSync(savePath, fileBuffer);
+            console.log(`[FileUpload] File saved: ${savePath}`);
+            // Cleanup
+            pendingUploads.delete(uploadKey);
+            return { success: true, path: savePath };
+        }
+        catch (e) {
+            pendingUploads.delete(uploadKey);
+            const errorMsg = e instanceof Error ? e.message : 'Unknown error';
+            return { success: false, error: `Failed to save file: ${errorMsg}` };
+        }
+    }
+    // Not all chunks received yet
+    return null;
+}
+/**
+ * Cleanup stale uploads periodically
+ */
+function cleanupStaleUploads() {
+    const now = Date.now();
+    for (const [key, state] of pendingUploads.entries()) {
+        if (now - state.createdAt > UPLOAD_TIMEOUT_MS) {
+            console.log(`[FileUpload] Cleaning up stale upload: ${state.filename}`);
+            pendingUploads.delete(key);
+        }
+    }
+}
+// Run cleanup every minute
+setInterval(cleanupStaleUploads, 60 * 1000);

package/dist/utils/oauthServer.d.ts

@@ -0,0 +1,18 @@
+interface CallbackResult {
+    code?: string;
+    state?: string;
+    error?: string;
+    errorDescription?: string;
+}
+/**
+ * Start a temporary local HTTP server to receive OAuth callback
+ * @param port Port number to listen on
+ * @param timeoutMs Timeout in milliseconds (default: 5 minutes)
+ * @returns Promise that resolves with the authorization code
+ */
+export declare function startCallbackServer(port?: number, timeoutMs?: number): Promise<CallbackResult>;
+/**
+ * Find an available port
+ */
+export declare function findAvailablePort(startPort?: number): Promise<number>;
+export {};

package/dist/utils/oauthServer.js

@@ -0,0 +1,244 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startCallbackServer = startCallbackServer;
+exports.findAvailablePort = findAvailablePort;
+const http = __importStar(require("http"));
+const url = __importStar(require("url"));
+/**
+ * Start a temporary local HTTP server to receive OAuth callback
+ * @param port Port number to listen on
+ * @param timeoutMs Timeout in milliseconds (default: 5 minutes)
+ * @returns Promise that resolves with the authorization code
+ */
+function startCallbackServer(port = 9876, timeoutMs = 300000) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer((req, res) => {
+            const parsedUrl = url.parse(req.url || '', true);
+            if (parsedUrl.pathname === '/callback') {
+                const query = parsedUrl.query;
+                // Build result
+                const result = {
+                    code: query.code,
+                    state: query.state,
+                    error: query.error,
+                    errorDescription: query.error_description,
+                };
+                // Send response to browser
+                if (result.error) {
+                    res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                    res.end(getErrorPage(result.error, result.errorDescription));
+                }
+                else if (result.code) {
+                    res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                    res.end(getSuccessPage());
+                }
+                else {
+                    res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                    res.end(getErrorPage('missing_code', 'No authorization code received'));
+                }
+                // Close server and resolve
+                server.close();
+                resolve(result);
+            }
+            else {
+                res.writeHead(404);
+                res.end('Not Found');
+            }
+        });
+        // Handle server errors
+        server.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                reject(new Error(`Port ${port} is already in use. Please try again.`));
+            }
+            else {
+                reject(err);
+            }
+        });
+        // Start listening
+        server.listen(port, '127.0.0.1', () => {
+            // console.log(`OAuth callback server listening on http://127.0.0.1:${port}/callback`);
+        });
+        // Set timeout
+        const timeout = setTimeout(() => {
+            server.close();
+            reject(new Error('Login timed out. Please try again.'));
+        }, timeoutMs);
+        // Clear timeout on successful resolution
+        server.on('close', () => {
+            clearTimeout(timeout);
+        });
+    });
+}
+/**
+ * Find an available port
+ */
+async function findAvailablePort(startPort = 9876) {
+    return new Promise((resolve, reject) => {
+        const server = http.createServer();
+        server.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                // Try next port
+                server.close();
+                resolve(findAvailablePort(startPort + 1));
+            }
+            else {
+                reject(err);
+            }
+        });
+        server.listen(startPort, '127.0.0.1', () => {
+            server.close(() => {
+                resolve(startPort);
+            });
+        });
+    });
+}
+function getSuccessPage() {
+    return `
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>SessionCast - Login Successful</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #0f0f23 0%, #1a1a3e 100%);
+      color: #fff;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .container {
+      text-align: center;
+      padding: 40px;
+    }
+    .icon {
+      font-size: 64px;
+      margin-bottom: 24px;
+    }
+    h1 {
+      font-size: 28px;
+      margin-bottom: 16px;
+      color: #22c55e;
+    }
+    p {
+      color: #a1a1aa;
+      font-size: 16px;
+      margin-bottom: 24px;
+    }
+    .hint {
+      background: rgba(255,255,255,0.1);
+      padding: 12px 24px;
+      border-radius: 8px;
+      font-family: monospace;
+      font-size: 14px;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">✅</div>
+    <h1>Login Successful!</h1>
+    <p>You can close this window and return to your terminal.</p>
+    <div class="hint">sessioncast agent</div>
+  </div>
+  <script>
+    // Auto-close after 3 seconds
+    setTimeout(() => window.close(), 3000);
+  </script>
+</body>
+</html>
+`;
+}
+function getErrorPage(error, description) {
+    return `
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>SessionCast - Login Failed</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #0f0f23 0%, #1a1a3e 100%);
+      color: #fff;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .container {
+      text-align: center;
+      padding: 40px;
+    }
+    .icon {
+      font-size: 64px;
+      margin-bottom: 24px;
+    }
+    h1 {
+      font-size: 28px;
+      margin-bottom: 16px;
+      color: #ef4444;
+    }
+    p {
+      color: #a1a1aa;
+      font-size: 16px;
+      margin-bottom: 16px;
+    }
+    .error-detail {
+      background: rgba(239, 68, 68, 0.1);
+      padding: 12px 24px;
+      border-radius: 8px;
+      font-family: monospace;
+      font-size: 14px;
+      color: #fca5a5;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">❌</div>
+    <h1>Login Failed</h1>
+    <p>${description || 'An error occurred during authentication.'}</p>
+    <div class="error-detail">${error}</div>
+  </div>
+</body>
+</html>
+`;
+}

package/dist/utils/pkce.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Generate a cryptographically random code verifier for PKCE
+ * @returns Base64URL encoded random string (43-128 characters)
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * Generate code challenge from code verifier using SHA-256
+ * @param codeVerifier The code verifier string
+ * @returns Base64URL encoded SHA-256 hash
+ */
+export declare function generateCodeChallenge(codeVerifier: string): string;
+/**
+ * Generate a random state parameter for OAuth
+ * @returns Random hex string
+ */
+export declare function generateState(): string;

package/dist/utils/pkce.js

@@ -0,0 +1,73 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCodeVerifier = generateCodeVerifier;
+exports.generateCodeChallenge = generateCodeChallenge;
+exports.generateState = generateState;
+const crypto = __importStar(require("crypto"));
+/**
+ * Generate a cryptographically random code verifier for PKCE
+ * @returns Base64URL encoded random string (43-128 characters)
+ */
+function generateCodeVerifier() {
+    const buffer = crypto.randomBytes(32);
+    return base64URLEncode(buffer);
+}
+/**
+ * Generate code challenge from code verifier using SHA-256
+ * @param codeVerifier The code verifier string
+ * @returns Base64URL encoded SHA-256 hash
+ */
+function generateCodeChallenge(codeVerifier) {
+    const hash = crypto.createHash('sha256').update(codeVerifier).digest();
+    return base64URLEncode(hash);
+}
+/**
+ * Generate a random state parameter for OAuth
+ * @returns Random hex string
+ */
+function generateState() {
+    return crypto.randomBytes(16).toString('hex');
+}
+/**
+ * Base64URL encode a buffer (RFC 4648)
+ */
+function base64URLEncode(buffer) {
+    return buffer
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sessioncast-cli",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "SessionCast CLI - Control your agents from anywhere",
   "main": "dist/index.js",
   "bin": {
@@ -17,23 +17,13 @@
     "tmux",
     "cli",
     "terminal",
-    "remote",
-    "agent",
-    "websocket"
+    "remote"
   ],
-  "author": {
-    "name": "SessionCast",
-    "email": "devload@sessioncast.io"
-  },
+  "author": "SessionCast",
   "license": "MIT",
-  "homepage": "https://sessioncast.io",
-  "bugs": {
-    "email": "devload@sessioncast.io"
-  },
   "type": "commonjs",
   "files": [
-    "dist",
-    "README.md"
+    "dist"
   ],
   "dependencies": {
     "chalk": "^4.1.2",
@@ -50,6 +40,7 @@
     "@types/node": "^22.10.2",
     "@types/node-fetch": "^2.6.13",
     "@types/ws": "^8.5.13",
+    "puppeteer": "^24.34.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.7.2"
   },

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 SessionCast
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.