termbeam 1.2.8 → 1.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/public/terminal.html +55 -46
  3. package/src/auth.js +8 -9
  4. package/src/routes.js +18 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "termbeam",
3
- "version": "1.2.8",
3
+ "version": "1.2.9",
4
4
  "description": "Beam your terminal to any device — mobile-optimized web terminal with multi-session support",
5
5
  "main": "src/server.js",
6
6
  "bin": {
package/public/terminal.html CHANGED
@@ -3203,23 +3203,7 @@
3203
3203
  }
3204
3204
 
3205
3205
  async function handlePaste() {
3206
- // Try clipboard API for text first (most common), then images, then fallback to modal
3207
- if (navigator.clipboard && navigator.clipboard.readText) {
3208
- try {
3209
- const text = await navigator.clipboard.readText();
3210
- if (text) {
3211
- const ms = managed.get(activeId);
3212
- if (ms && ms.ws && ms.ws.readyState === 1) {
3213
- ms.ws.send(JSON.stringify({ type: 'input', data: text }));
3214
- showToast('Pasted!');
3215
- }
3216
- return;
3217
- }
3218
- } catch (err) {
3219
- console.warn('clipboard.readText failed:', err.message);
3220
- }
3221
- }
3222
- // Image paste: try clipboard.read() only if readText didn't work
3206
+ // Try image first via clipboard.read()
3223
3207
  if (navigator.clipboard && navigator.clipboard.read) {
3224
3208
  try {
3225
3209
  const items = await navigator.clipboard.read();
@@ -3237,8 +3221,9 @@
3237
3221
  const data = await res.json();
3238
3222
  const ms = managed.get(activeId);
3239
3223
  if (ms && ms.ws && ms.ws.readyState === 1) {
3240
- ms.ws.send(JSON.stringify({ type: 'input', data: data.path + ' ' }));
3241
- showToast('Image pasted: ' + data.path.split(/[/\\]/).pop());
3224
+ ms.ws.send(
3225
+ JSON.stringify({ type: 'input', data: (data.path || data.url) + ' ' }),
3226
+ );
3242
3227
  }
3243
3228
  return;
3244
3229
  }
@@ -3247,6 +3232,22 @@
3247
3232
  console.warn('clipboard.read failed:', err.message);
3248
3233
  }
3249
3234
  }
3235
+ // Text paste
3236
+ if (navigator.clipboard && navigator.clipboard.readText) {
3237
+ try {
3238
+ const text = await navigator.clipboard.readText();
3239
+ if (text) {
3240
+ const ms = managed.get(activeId);
3241
+ if (ms && ms.ws && ms.ws.readyState === 1) {
3242
+ ms.ws.send(JSON.stringify({ type: 'input', data: text }));
3243
+ showToast('Pasted!');
3244
+ }
3245
+ return;
3246
+ }
3247
+ } catch (err) {
3248
+ console.warn('clipboard.readText failed:', err.message);
3249
+ }
3250
+ }
3250
3251
  openPasteModal();
3251
3252
  }
3252
3253
 
@@ -3392,36 +3393,44 @@
3392
3393
 
3393
3394
  // ===== Image Paste =====
3394
3395
  function setupImagePaste() {
3395
- document.addEventListener('paste', async (e) => {
3396
- const items = e.clipboardData && e.clipboardData.items;
3397
- if (!items) return;
3398
-
3399
- for (const item of items) {
3400
- if (item.type.startsWith('image/')) {
3401
- e.preventDefault();
3402
- const blob = item.getAsFile();
3403
- if (!blob) return;
3404
-
3405
- try {
3406
- const res = await fetch('/api/upload', {
3407
- method: 'POST',
3408
- headers: { 'Content-Type': item.type },
3409
- body: blob,
3410
- });
3411
- if (!res.ok) throw new Error('Upload failed');
3412
- const data = await res.json();
3413
- const ms = managed.get(activeId);
3414
- if (ms && ms.ws && ms.ws.readyState === 1) {
3415
- ms.ws.send(JSON.stringify({ type: 'input', data: data.path + ' ' }));
3416
- showToast('Image pasted: ' + data.path.split(/[/\\]/).pop());
3396
+ // Use capture phase so we intercept before xterm.js pastes a file path as text
3397
+ document.addEventListener(
3398
+ 'paste',
3399
+ async (e) => {
3400
+ const items = e.clipboardData && e.clipboardData.items;
3401
+ if (!items) return;
3402
+
3403
+ for (const item of items) {
3404
+ if (item.type.startsWith('image/')) {
3405
+ e.preventDefault();
3406
+ e.stopPropagation();
3407
+ const blob = item.getAsFile();
3408
+ if (!blob) return;
3409
+
3410
+ try {
3411
+ const res = await fetch('/api/upload', {
3412
+ method: 'POST',
3413
+ headers: { 'Content-Type': item.type },
3414
+ body: blob,
3415
+ credentials: 'same-origin',
3416
+ });
3417
+ if (!res.ok) throw new Error('Upload failed');
3418
+ const data = await res.json();
3419
+ const ms = managed.get(activeId);
3420
+ if (ms && ms.ws && ms.ws.readyState === 1) {
3421
+ ms.ws.send(
3422
+ JSON.stringify({ type: 'input', data: (data.path || data.url) + ' ' }),
3423
+ );
3424
+ }
3425
+ } catch (err) {
3426
+ showToast('Image paste failed');
3417
3427
  }
3418
- } catch (err) {
3419
- showToast('Image paste failed');
3428
+ return;
3420
3429
  }
3421
- return;
3422
3430
  }
3423
- }
3424
- });
3431
+ },
3432
+ true,
3433
+ );
3425
3434
  }
3426
3435
 
3427
3436
  // ===== New Session Modal =====
package/src/auth.js CHANGED
@@ -86,26 +86,25 @@ function createAuth(password) {
86
86
  const token = crypto.randomBytes(32).toString('hex');
87
87
  const expiry = Date.now() + 5 * 60 * 1000;
88
88
  shareTokens.set(token, expiry); // 5 minute expiry
89
- log.info(`Share: created ${token.slice(0, 8)}… (expires in 5m)`);
89
+ log.info('Share: created new token (expires in 5m)');
90
+ log.debug(`Share: token expires at ${new Date(expiry).toISOString()}`);
90
91
  return token;
91
92
  }
92
93
 
93
94
  function validateShareToken(token) {
94
95
  const expiry = shareTokens.get(token);
95
- const tag = token.slice(0, 8);
96
96
  if (!expiry) {
97
- log.warn(`Share: unknown token ${tag}…`);
97
+ log.warn('Share: unknown token presented');
98
98
  return false;
99
99
  }
100
100
  const remaining = Math.round((expiry - Date.now()) / 1000);
101
101
  if (remaining <= 0) {
102
102
  shareTokens.delete(token);
103
- log.warn(`Share: expired token ${tag}…`);
103
+ log.warn('Share: expired token presented');
104
104
  return false;
105
105
  }
106
- const min = Math.floor(remaining / 60);
107
- const sec = remaining % 60;
108
- log.info(`Share: valid token ${tag}… (${min}m ${sec}s remaining)`);
106
+ shareTokens.delete(token);
107
+ log.info('share token consumed');
109
108
  return true;
110
109
  }
111
110
 
@@ -145,8 +144,8 @@ function createAuth(password) {
145
144
  authAttempts.set(ip, recent);
146
145
  return res.status(401).json({ error: 'unauthorized' });
147
146
  }
148
- if (req.accepts('html')) return res.redirect('/login');
149
- res.status(401).json({ error: 'unauthorized' });
147
+ if (req.path.startsWith('/api/')) return res.status(401).json({ error: 'unauthorized' });
148
+ res.redirect('/login');
150
149
  }
151
150
 
152
151
  function rateLimit(req, res, next) {
package/src/routes.js CHANGED
@@ -7,7 +7,7 @@ const { detectShells } = require('./shells');
7
7
  const log = require('./logger');
8
8
 
9
9
  const PUBLIC_DIR = path.join(__dirname, '..', 'public');
10
- const uploadedFiles = [];
10
+ const uploadedFiles = new Map(); // id -> filepath
11
11
 
12
12
  function setupRoutes(app, { auth, sessions, config, state }) {
13
13
  // Serve static files (manifest.json, sw.js, icons, etc.)
@@ -212,12 +212,13 @@ function setupRoutes(app, { auth, sessions, config, state }) {
212
212
  'image/webp': '.webp',
213
213
  'image/bmp': '.bmp',
214
214
  }[contentType] || '.png';
215
- const filename = `termbeam-${crypto.randomUUID()}${ext}`;
215
+ const id = crypto.randomUUID();
216
+ const filename = `termbeam-${id}${ext}`;
216
217
  const filepath = path.join(os.tmpdir(), filename);
217
218
  fs.writeFileSync(filepath, buffer);
218
- uploadedFiles.push(filepath);
219
+ uploadedFiles.set(id, filepath);
219
220
  log.info(`Upload: ${filename} (${buffer.length} bytes)`);
220
- res.json({ path: filepath });
221
+ res.json({ id, url: `/uploads/${id}`, path: filepath });
221
222
  });
222
223
 
223
224
  req.on('error', (err) => {
@@ -226,6 +227,17 @@ function setupRoutes(app, { auth, sessions, config, state }) {
226
227
  });
227
228
  });
228
229
 
230
+ // Serve uploaded files by opaque ID
231
+ app.get('/uploads/:id', auth.middleware, (req, res) => {
232
+ const filepath = uploadedFiles.get(req.params.id);
233
+ if (!filepath) return res.status(404).json({ error: 'not found' });
234
+ if (!fs.existsSync(filepath)) {
235
+ uploadedFiles.delete(req.params.id);
236
+ return res.status(404).json({ error: 'not found' });
237
+ }
238
+ res.sendFile(filepath);
239
+ });
240
+
229
241
  // Directory listing for folder browser
230
242
  app.get('/api/dirs', auth.middleware, (req, res) => {
231
243
  const query = req.query.q || config.cwd + path.sep;
@@ -248,7 +260,7 @@ function setupRoutes(app, { auth, sessions, config, state }) {
248
260
  }
249
261
 
250
262
  function cleanupUploadedFiles() {
251
- for (const filepath of uploadedFiles) {
263
+ for (const [id, filepath] of uploadedFiles) {
252
264
  try {
253
265
  if (fs.existsSync(filepath)) {
254
266
  fs.unlinkSync(filepath);
@@ -257,7 +269,7 @@ function cleanupUploadedFiles() {
257
269
  log.error(`Failed to cleanup ${filepath}: ${err.message}`);
258
270
  }
259
271
  }
260
- uploadedFiles.length = 0;
272
+ uploadedFiles.clear();
261
273
  }
262
274
 
263
275
  module.exports = { setupRoutes, cleanupUploadedFiles };