termbeam 0.0.9 → 0.1.0

package/src/auth.js

@@ -61,6 +61,19 @@ function createAuth(password) {
   const tokens = new Map();
   const authAttempts = new Map();
 
+  // Periodically clean up expired tokens and stale rate-limit entries
+  setInterval(() => {
+    const now = Date.now();
+    for (const [token, expiry] of tokens) {
+      if (now > expiry) tokens.delete(token);
+    }
+    for (const [ip, attempts] of authAttempts) {
+      const recent = attempts.filter((t) => now - t < 60 * 1000);
+      if (recent.length === 0) authAttempts.delete(ip);
+      else authAttempts.set(ip, recent);
+    }
+  }, 60 * 60 * 1000).unref();
+
   function generateToken() {
     const token = crypto.randomBytes(32).toString('hex');
     tokens.set(token, Date.now() + 24 * 60 * 60 * 1000);

package/src/routes.js

@@ -51,13 +51,14 @@ function setupRoutes(app, { auth, sessions, config }) {
   });
 
   app.post('/api/sessions', auth.middleware, (req, res) => {
-    const { name, shell, args: shellArgs, cwd, initialCommand } = req.body || {};
+    const { name, shell, args: shellArgs, cwd, initialCommand, color } = req.body || {};
     const id = sessions.create({
       name: name || `Session ${sessions.sessions.size + 1}`,
       shell: shell || config.defaultShell,
       args: shellArgs || [],
       cwd: cwd || config.cwd,
       initialCommand: initialCommand || null,
+      color: color || null,
     });
     res.json({ id, url: `/terminal?id=${id}` });
   });
@@ -76,6 +77,18 @@ function setupRoutes(app, { auth, sessions, config }) {
     }
   });
 
+  app.patch('/api/sessions/:id', auth.middleware, (req, res) => {
+    const { color, name } = req.body || {};
+    const updates = {};
+    if (color !== undefined) updates.color = color;
+    if (name !== undefined) updates.name = name;
+    if (sessions.update(req.params.id, updates)) {
+      res.json({ ok: true });
+    } else {
+      res.status(404).json({ error: 'not found' });
+    }
+  });
+
   // Directory listing for folder browser
   app.get('/api/dirs', auth.middleware, (req, res) => {
     const query = req.query.q || os.homedir();

package/src/sessions.js

@@ -1,13 +1,21 @@
 const crypto = require('crypto');
 const pty = require('node-pty');
 
+const SESSION_COLORS = [
+  '#4a9eff', '#4ade80', '#fbbf24', '#c084fc',
+  '#f87171', '#22d3ee', '#fb923c', '#f472b6',
+];
+
 class SessionManager {
   constructor() {
     this.sessions = new Map();
   }
 
-  create({ name, shell, args = [], cwd, initialCommand = null }) {
+  create({ name, shell, args = [], cwd, initialCommand = null, color = null }) {
     const id = crypto.randomBytes(4).toString('hex');
+    if (!color) {
+      color = SESSION_COLORS[this.sessions.size % SESSION_COLORS.length];
+    }
     const ptyProcess = pty.spawn(shell, args, {
       name: 'xterm-256color',
       cols: 120,
@@ -26,14 +34,21 @@ class SessionManager {
       name,
       shell,
       cwd,
+      color,
       createdAt: new Date().toISOString(),
+      lastActivity: Date.now(),
       clients: new Set(),
       scrollback: [],
+      scrollbackBuf: '',
     };
 
     ptyProcess.onData((data) => {
-      session.scrollback.push(data);
-      if (session.scrollback.length > 2000) session.scrollback.shift();
+      session.lastActivity = Date.now();
+      session.scrollbackBuf += data;
+      // Cap scrollback at ~200KB
+      if (session.scrollbackBuf.length > 200000) {
+        session.scrollbackBuf = session.scrollbackBuf.slice(-100000);
+      }
       for (const ws of session.clients) {
         if (ws.readyState === 1) ws.send(JSON.stringify({ type: 'output', data }));
       }
@@ -56,11 +71,18 @@ class SessionManager {
     return this.sessions.get(id);
   }
 
+  update(id, fields) {
+    const s = this.sessions.get(id);
+    if (!s) return false;
+    if (fields.color !== undefined) s.color = fields.color;
+    if (fields.name !== undefined) s.name = fields.name;
+    return true;
+  }
+
   delete(id) {
     const s = this.sessions.get(id);
     if (!s) return false;
     s.pty.kill();
-    this.sessions.delete(id);
     return true;
   }
 
@@ -75,6 +97,8 @@ class SessionManager {
         pid: s.pty.pid,
         clients: s.clients.size,
         createdAt: s.createdAt,
+        color: s.color,
+        lastActivity: s.lastActivity,
       });
     }
     return list;

package/src/shells.js

@@ -74,4 +74,4 @@ function detectUnixShells() {
   return shells;
 }
 
-module.exports = { detectShells };
+module.exports = { detectShells, detectWindowsShells, detectUnixShells };

package/src/tunnel.js

@@ -1,4 +1,4 @@
-const { execSync, spawn } = require('child_process');
+const { execSync, execFileSync, spawn } = require('child_process');
 const path = require('path');
 const fs = require('fs');
 const os = require('os');
@@ -10,6 +10,8 @@ let tunnelId = null;
 let tunnelProc = null;
 let devtunnelCmd = 'devtunnel';
 
+const SAFE_ID_RE = /^[a-zA-Z0-9._-]+$/;
+
 function findDevtunnel() {
   // Try devtunnel directly
   try {
@@ -51,8 +53,10 @@ function deletePersisted() {
   const persisted = loadPersistedTunnel();
   if (persisted) {
     try {
-      execSync(`"${devtunnelCmd}" delete ${persisted.tunnelId} -f`, { stdio: 'pipe' });
-      console.log(`[termbeam] Deleted persisted tunnel ${persisted.tunnelId}`);
+      if (SAFE_ID_RE.test(persisted.tunnelId)) {
+        execFileSync(devtunnelCmd, ['delete', persisted.tunnelId, '-f'], { stdio: 'pipe' });
+        console.log(`[termbeam] Deleted persisted tunnel ${persisted.tunnelId}`);
+      }
     } catch {}
     try {
       fs.unlinkSync(TUNNEL_CONFIG_PATH);
@@ -62,7 +66,8 @@ function deletePersisted() {
 
 function isTunnelValid(id) {
   try {
-    execSync(`"${devtunnelCmd}" show ${id} --json`, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    if (!SAFE_ID_RE.test(id)) return false;
+    execFileSync(devtunnelCmd, ['show', id, '--json'], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
     return true;
   } catch {
     return false;
@@ -97,7 +102,7 @@ async function startTunnel(port, options = {}) {
     // Ensure user is logged in
     let loggedIn = false;
     try {
-      const userOut = execSync(`"${devtunnelCmd}" user show`, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+      const userOut = execFileSync(devtunnelCmd, ['user', 'show'], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
       // user show can succeed but show "not logged in" status
       loggedIn = userOut && !userOut.toLowerCase().includes('not logged in');
     } catch {}
@@ -105,7 +110,7 @@ async function startTunnel(port, options = {}) {
     if (!loggedIn) {
       console.log('[termbeam] devtunnel not logged in, launching login...');
       console.log('[termbeam] A browser window will open for authentication.');
-      execSync(`"${devtunnelCmd}" user login`, { stdio: 'inherit' });
+      execFileSync(devtunnelCmd, ['user', 'login'], { stdio: 'inherit' });
     }
 
     const persisted = options.persisted;
@@ -124,7 +129,7 @@ async function startTunnel(port, options = {}) {
         if (saved) {
           console.log('[termbeam] Persisted tunnel expired, creating new one');
         }
-        const createOut = execSync(`"${devtunnelCmd}" create --expiration 30d --json`, { encoding: 'utf-8' });
+        const createOut = execFileSync(devtunnelCmd, ['create', '--expiration', '30d', '--json'], { encoding: 'utf-8' });
         const tunnelData = JSON.parse(createOut);
         tunnelId = tunnelData.tunnel.tunnelId;
         savePersistedTunnel(tunnelId);
@@ -134,7 +139,7 @@ async function startTunnel(port, options = {}) {
       tunnelMode = 'ephemeral';
       tunnelExpiry = '1 day';
       // Ephemeral tunnel — create fresh, will be deleted on shutdown
-      const createOut = execSync(`"${devtunnelCmd}" create --expiration 1d --json`, { encoding: 'utf-8' });
+      const createOut = execFileSync(devtunnelCmd, ['create', '--expiration', '1d', '--json'], { encoding: 'utf-8' });
       const tunnelData = JSON.parse(createOut);
       tunnelId = tunnelData.tunnel.tunnelId;
       console.log(`[termbeam] Created ephemeral tunnel ${tunnelId}`);
@@ -142,10 +147,10 @@ async function startTunnel(port, options = {}) {
 
     // Idempotent port and access setup
     try {
-      execSync(`"${devtunnelCmd}" port create ${tunnelId} -p ${port} --protocol http`, { stdio: 'pipe' });
+      execFileSync(devtunnelCmd, ['port', 'create', tunnelId, '-p', String(port), '--protocol', 'http'], { stdio: 'pipe' });
     } catch {}
     try {
-      execSync(`"${devtunnelCmd}" access create ${tunnelId} -p ${port} --anonymous`, { stdio: 'pipe' });
+      execFileSync(devtunnelCmd, ['access', 'create', tunnelId, '-p', String(port), '--anonymous'], { stdio: 'pipe' });
     } catch {}
 
     const hostProc = spawn(devtunnelCmd, ['host', tunnelId], {
@@ -186,7 +191,7 @@ function cleanupTunnel() {
       // On Windows, kill the process tree to ensure all children die
       if (process.platform === 'win32' && tunnelProc.pid) {
         try {
-          execSync(`taskkill /pid ${tunnelProc.pid} /T /F`, { stdio: 'pipe', timeout: 5000 });
+          execFileSync('taskkill', ['/pid', String(tunnelProc.pid), '/T', '/F'], { stdio: 'pipe', timeout: 5000 });
         } catch { /* best effort */ }
       } else {
         tunnelProc.kill('SIGKILL');
@@ -202,7 +207,7 @@ function cleanupTunnel() {
       console.log('[termbeam] Tunnel host stopped (tunnel preserved for reuse)');
     } else {
       try {
-        execSync(`"${devtunnelCmd}" delete ${id} -f`, { stdio: 'pipe', timeout: 10000 });
+        execFileSync(devtunnelCmd, ['delete', id, '-f'], { stdio: 'pipe', timeout: 10000 });
         console.log('[termbeam] Tunnel cleaned up');
       } catch {
         /* best effort — tunnel will expire on its own */

package/src/websocket.js

@@ -1,3 +1,19 @@
+function recalcPtySize(session) {
+  let minCols = Infinity;
+  let minRows = Infinity;
+  for (const client of session.clients) {
+    if (client._dims) {
+      minCols = Math.min(minCols, client._dims.cols);
+      minRows = Math.min(minRows, client._dims.rows);
+    }
+  }
+  if (minCols === Infinity || minRows === Infinity) return;
+  if (minCols === session._lastCols && minRows === session._lastRows) return;
+  session._lastCols = minCols;
+  session._lastRows = minRows;
+  session.pty.resize(minCols, minRows);
+}
+
 function setupWebSocket(wss, { auth, sessions }) {
   wss.on('connection', (ws, req) => {
     let authenticated = !auth.password;
@@ -40,8 +56,8 @@ function setupWebSocket(wss, { auth, sessions }) {
           }
           attached = session;
           session.clients.add(ws);
-          if (session.scrollback.length > 0) {
-            ws.send(JSON.stringify({ type: 'output', data: session.scrollback.join('') }));
+          if (session.scrollbackBuf.length > 0) {
+            ws.send(JSON.stringify({ type: 'output', data: session.scrollbackBuf }));
           }
           ws.send(JSON.stringify({ type: 'attached', sessionId: msg.sessionId }));
           console.log(`[termbeam] Client attached to session ${msg.sessionId}`);
@@ -53,7 +69,12 @@ function setupWebSocket(wss, { auth, sessions }) {
         if (msg.type === 'input') {
           attached.pty.write(msg.data);
         } else if (msg.type === 'resize') {
-          attached.pty.resize(msg.cols, msg.rows);
+          const cols = Math.floor(msg.cols);
+          const rows = Math.floor(msg.rows);
+          if (cols > 0 && cols <= 500 && rows > 0 && rows <= 200) {
+            ws._dims = { cols, rows };
+            recalcPtySize(attached);
+          }
         }
       } catch {
         if (attached) attached.pty.write(raw.toString());
@@ -63,6 +84,7 @@ function setupWebSocket(wss, { auth, sessions }) {
     ws.on('close', () => {
       if (attached) {
         attached.clients.delete(ws);
+        recalcPtySize(attached);
         console.log('[termbeam] Client detached');
       }
     });