termbeam 1.8.1 → 1.10.0

package/src/client.js

@@ -0,0 +1,169 @@
+const WebSocket = require('ws');
+
+const DETACH_KEY = '\x02'; // Ctrl+B
+
+/**
+ * Create a terminal client that pipes stdin/stdout over WebSocket.
+ * Resolves when detached or session exits. Rejects on connection error.
+ *
+ * @param {object} opts
+ * @param {string} opts.url        WebSocket URL (ws://host:port/ws)
+ * @param {string} [opts.password] Server password (null for no-auth mode)
+ * @param {string} opts.sessionId  Session ID to connect to
+ * @param {string} [opts.sessionName] Session name (for display)
+ * @param {string} [opts.detachKey] Key to detach (default: Ctrl+B)
+ * @returns {Promise<{reason: string}>}
+ */
+function createTerminalClient({
+  url,
+  password,
+  sessionId,
+  sessionName = 'session',
+  detachKey = DETACH_KEY,
+  detachLabel = 'Ctrl+B',
+}) {
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(url);
+    let cleaned = false;
+    let bannerTimer = null;
+    let bannerShown = false;
+    let onData = null;
+    let onSigwinch = null;
+
+    function showBanner() {
+      if (!cleaned && !bannerShown) {
+        bannerShown = true;
+        process.stdout.write(
+          `\r\n\x1b[33m  attached: ${sessionName} ─── ${detachLabel} to detach\x1b[0m\r\n\r\n`,
+        );
+      }
+      bannerTimer = null;
+    }
+
+    function debounceBanner() {
+      if (bannerShown) return;
+      if (bannerTimer) clearTimeout(bannerTimer);
+      bannerTimer = setTimeout(showBanner, 500);
+    }
+
+    function resetTerminal() {
+      if (bannerTimer) clearTimeout(bannerTimer);
+      process.stdout.write('\x1b]0;\x07');
+      if (process.stdin.isTTY && process.stdin.isRaw) {
+        process.stdin.setRawMode(false);
+      }
+      if (onData) process.stdin.removeListener('data', onData);
+      process.stdin.pause();
+      if (onSigwinch) process.removeListener('SIGWINCH', onSigwinch);
+      if (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING) {
+        ws.close();
+      }
+    }
+
+    function cleanup(reason) {
+      if (cleaned) return;
+      cleaned = true;
+      resetTerminal();
+      resolve({ reason });
+    }
+
+    ws.on('open', () => {
+      if (password) {
+        ws.send(JSON.stringify({ type: 'auth', password }));
+      } else {
+        ws.send(JSON.stringify({ type: 'attach', sessionId }));
+      }
+    });
+
+    ws.on('message', (raw) => {
+      let msg;
+      try {
+        msg = JSON.parse(raw);
+      } catch {
+        return;
+      }
+
+      if (msg.type === 'auth_ok') {
+        ws.send(JSON.stringify({ type: 'attach', sessionId }));
+        return;
+      }
+
+      if (msg.type === 'attached') {
+        // Set terminal title to show we're attached
+        process.stdout.write(`\x1b]0;[termbeam] ${sessionName} — ${detachLabel} to detach\x07`);
+
+        const refs = {};
+        enterRawMode(ws, detachKey, cleanup, refs);
+        onData = refs.onData;
+        onSigwinch = refs.onSigwinch;
+        sendResize(ws);
+        debounceBanner();
+        return;
+      }
+
+      if (msg.type === 'output') {
+        debounceBanner();
+        process.stdout.write(msg.data);
+        return;
+      }
+
+      if (msg.type === 'exit') {
+        cleanup(`session exited with code ${msg.code}`);
+        return;
+      }
+
+      if (msg.type === 'error') {
+        cleanup(`error: ${msg.message}`);
+        return;
+      }
+    });
+
+    ws.on('error', (err) => {
+      if (!cleaned) {
+        cleaned = true;
+        resetTerminal();
+        reject(err);
+      }
+    });
+
+    ws.on('close', () => {
+      cleanup('connection closed');
+    });
+  });
+}
+
+function enterRawMode(ws, detachKey, cleanup, refs) {
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+  }
+  process.stdin.resume();
+
+  refs.onData = (data) => {
+    const str = data.toString();
+    if (str === detachKey) {
+      cleanup('detached');
+      return;
+    }
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify({ type: 'input', data: str }));
+    }
+  };
+  process.stdin.on('data', refs.onData);
+
+  refs.onSigwinch = () => sendResize(ws);
+  process.on('SIGWINCH', refs.onSigwinch);
+}
+
+function sendResize(ws) {
+  if (ws.readyState === WebSocket.OPEN && process.stdout.columns && process.stdout.rows) {
+    ws.send(
+      JSON.stringify({
+        type: 'resize',
+        cols: process.stdout.columns,
+        rows: process.stdout.rows,
+      }),
+    );
+  }
+}
+
+module.exports = { createTerminalClient };

package/src/resume.js

@@ -0,0 +1,387 @@
+const http = require('http');
+const path = require('path');
+const os = require('os');
+const fs = require('fs');
+const { createTerminalClient } = require('./client');
+const { bold, dim, red, yellow, choose, createRL, ask } = require('./prompts');
+
+const CONFIG_DIR = process.env.TERMBEAM_CONFIG_DIR || path.join(os.homedir(), '.termbeam');
+const CONNECTION_FILE = path.join(CONFIG_DIR, 'connection.json');
+
+// ── Connection config ────────────────────────────────────────────────────────
+
+function readConnectionConfig() {
+  try {
+    return JSON.parse(fs.readFileSync(CONNECTION_FILE, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function writeConnectionConfig({ port, host, password }) {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  fs.writeFileSync(CONNECTION_FILE, JSON.stringify({ port, host, password }, null, 2) + '\n', {
+    mode: 0o600,
+  });
+  // Ensure restrictive permissions even if the file already existed
+  if (process.platform !== 'win32') {
+    try {
+      fs.chmodSync(CONNECTION_FILE, 0o600);
+    } catch {
+      /* best-effort */
+    }
+  }
+}
+
+function removeConnectionConfig() {
+  try {
+    fs.unlinkSync(CONNECTION_FILE);
+  } catch {
+    /* ignore */
+  }
+}
+
+// ── Arg parsing ──────────────────────────────────────────────────────────────
+
+function parseDetachKey(value) {
+  // \xNN hex escape → control character
+  const hexMatch = value.match(/^\\x([0-9a-fA-F]{2})$/);
+  if (hexMatch) return String.fromCharCode(parseInt(hexMatch[1], 16));
+  // ^X or ctrl+X → control character
+  const caretMatch = value.match(/^\^([A-Za-z])$/);
+  if (caretMatch) return String.fromCharCode(caretMatch[1].toUpperCase().charCodeAt(0) - 64);
+  const ctrlMatch = value.match(/^ctrl\+([A-Za-z])$/i);
+  if (ctrlMatch) return String.fromCharCode(ctrlMatch[1].toUpperCase().charCodeAt(0) - 64);
+  return value;
+}
+
+function parseResumeArgs(args) {
+  let name = null;
+  let port = null;
+  let host = null;
+  let password = null;
+  let detachKey = null;
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--port' && args[i + 1]) {
+      port = parseInt(args[++i], 10);
+    } else if (args[i] === '--host' && args[i + 1]) {
+      host = args[++i];
+    } else if (args[i] === '--password' && args[i + 1]) {
+      password = args[++i];
+    } else if (args[i].startsWith('--password=')) {
+      password = args[i].split('=')[1];
+    } else if (args[i] === '--detach-key' && args[i + 1]) {
+      detachKey = parseDetachKey(args[++i]);
+    } else if (args[i] === '--help' || args[i] === '-h') {
+      return { help: true };
+    } else if (args[i].startsWith('--')) {
+      console.error(`Unknown flag: ${args[i]}`);
+      process.exitCode = 1;
+      return { help: true };
+    } else if (!args[i].startsWith('-')) {
+      name = args[i];
+    }
+  }
+
+  return { name, port, host, password, detachKey };
+}
+
+// ── HTTP helpers ─────────────────────────────────────────────────────────────
+
+function httpRequest(urlStr, options = {}) {
+  return new Promise((resolve, reject) => {
+    const url = new URL(urlStr);
+    const reqOpts = {
+      hostname: url.hostname,
+      port: url.port,
+      path: url.pathname,
+      method: options.method || 'GET',
+      headers: { ...options.headers },
+    };
+
+    const req = http.request(reqOpts, (res) => {
+      let body = '';
+      res.on('data', (chunk) => (body += chunk));
+      res.on('end', () => resolve({ status: res.statusCode, body, headers: res.headers }));
+    });
+    req.on('error', reject);
+    if (options.body) req.write(options.body);
+    req.end();
+  });
+}
+
+async function fetchSessions(baseUrl, password) {
+  const headers = {};
+  if (password) headers.Authorization = `Bearer ${password}`;
+
+  const res = await httpRequest(`${baseUrl}/api/sessions`, { headers });
+  if (res.status === 401) {
+    throw new Error('unauthorized');
+  }
+  if (res.status >= 400) {
+    throw new Error(`HTTP ${res.status}: ${res.body}`);
+  }
+  return JSON.parse(res.body);
+}
+
+// ── Formatting ───────────────────────────────────────────────────────────────
+
+function formatUptime(createdAt) {
+  const ms = Date.now() - new Date(createdAt).getTime();
+  const secs = Math.floor(ms / 1000);
+  if (secs < 60) return `${secs}s`;
+  const mins = Math.floor(secs / 60);
+  if (mins < 60) return `${mins}m`;
+  const hours = Math.floor(mins / 60);
+  if (hours < 24) return `${hours}h ${mins % 60}m`;
+  const days = Math.floor(hours / 24);
+  return `${days}d ${hours % 24}h`;
+}
+
+function shortId(id) {
+  return id.slice(0, 8);
+}
+
+// ── Help text ────────────────────────────────────────────────────────────────
+
+function detachKeyLabel(key) {
+  if (!key || key === '\x02') return 'Ctrl+B';
+  if (key.length === 1 && key.charCodeAt(0) < 27) {
+    return `Ctrl+${String.fromCharCode(key.charCodeAt(0) + 64)}`;
+  }
+  return key;
+}
+
+function printResumeHelp() {
+  console.log(`
+${bold('termbeam resume')} — Reconnect to a running session
+
+${bold('Usage:')}
+  termbeam resume [name] [options]
+
+${bold('Arguments:')}
+  name                  Session name to connect to (auto-selects if unique match)
+
+${bold('Options:')}
+  --port <port>         Server port (default: from ~/.termbeam/connection.json or 3456)
+  --host <host>         Server host (default: from config or localhost)
+  --password <pw>       Server password (default: from config or prompt)
+  --detach-key <key>    Detach key combo (default: Ctrl+B)
+  -h, --help            Show this help
+
+${bold('Examples:')}
+  termbeam resume                     Select from running sessions
+  termbeam resume my-project          Connect to session named "my-project"
+  termbeam resume --port 4000         Connect to server on port 4000
+
+${dim('Press Ctrl+B to detach from a session without closing it.')}
+`);
+}
+
+// ── Commands ─────────────────────────────────────────────────────────────────
+
+async function resolveConnection(args) {
+  const opts = parseResumeArgs(args);
+  if (opts.help) return { help: true };
+
+  const saved = readConnectionConfig();
+  const host = opts.host || (saved && saved.host) || 'localhost';
+  const port = opts.port || (saved && saved.port) || 3456;
+  let password = opts.password || (saved && saved.password) || null;
+  const connHost = host === 'localhost' ? '127.0.0.1' : host;
+  const baseUrl = `http://${connHost}:${port}`;
+  const displayUrl = `http://${connHost === '127.0.0.1' ? 'localhost' : connHost}:${port}`;
+
+  // Try to fetch sessions, handle auth errors
+  let sessions;
+  try {
+    sessions = await fetchSessions(baseUrl, password);
+  } catch (err) {
+    if (err.message === 'unauthorized') {
+      // Prompt for password if none was explicitly provided
+      if (!opts.password) {
+        const rl = createRL();
+        password = await ask(rl, `  Password for ${displayUrl}:`);
+        rl.close();
+        try {
+          sessions = await fetchSessions(baseUrl, password);
+        } catch {
+          console.error(red('  Authentication failed.'));
+          process.exit(1);
+        }
+      } else {
+        console.error(red('  Authentication failed.'));
+        process.exit(1);
+      }
+    } else if (err.code === 'ECONNREFUSED') {
+      return { refused: true, displayUrl };
+    } else {
+      throw err;
+    }
+  }
+
+  return { host, port, password, baseUrl, displayUrl, sessions, opts };
+}
+
+async function resume(args) {
+  if (process.env.TERMBEAM_SESSION) {
+    console.error(red('  Already inside a TermBeam session. Detach first (Ctrl+B).'));
+    process.exit(1);
+  }
+
+  const conn = await resolveConnection(args);
+  if (conn.help) {
+    printResumeHelp();
+    return;
+  }
+  if (conn.refused) {
+    console.error(red('  No TermBeam server is running.'));
+    process.exit(1);
+  }
+
+  const { host, port, password, sessions, opts } = conn;
+
+  if (sessions.length === 0) {
+    console.error(red('  No active sessions on the server.'));
+    process.exit(1);
+  }
+
+  let session;
+
+  if (opts.name) {
+    // Match by name (case-insensitive) or by ID prefix
+    session =
+      sessions.find((s) => s.name.toLowerCase() === opts.name.toLowerCase()) ||
+      sessions.find((s) => s.id.startsWith(opts.name));
+
+    if (!session) {
+      console.error(red(`  No session matching "${opts.name}".`));
+      console.log(dim('  Available sessions:'));
+      for (const s of sessions) {
+        console.log(dim(`    ${s.name} (${shortId(s.id)})`));
+      }
+      process.exit(1);
+    }
+  } else if (sessions.length === 1) {
+    session = sessions[0];
+  } else {
+    // Interactive chooser
+    const rl = createRL();
+    const choices = sessions.map((s) => ({
+      label: `${s.name}  ${dim(shortId(s.id))}`,
+      hint: `${s.cwd}  ·  ${formatUptime(s.createdAt)}  ·  ${s.clients} client${s.clients !== 1 ? 's' : ''}`,
+    }));
+
+    console.log('');
+    const { index } = await choose(rl, `  ${bold('Select a session:')}`, choices);
+    rl.close();
+    session = sessions[index];
+  }
+
+  const wsHost = host === 'localhost' ? '127.0.0.1' : host;
+  const wsUrl = `ws://${wsHost}:${port}/ws`;
+  const detachKey = opts.detachKey || '\x02';
+
+  try {
+    const { reason } = await createTerminalClient({
+      url: wsUrl,
+      password,
+      sessionId: session.id,
+      sessionName: session.name,
+      detachKey,
+      detachLabel: detachKeyLabel(detachKey),
+    });
+
+    console.log('');
+    if (reason === 'detached') {
+      console.log(yellow(`  Detached from ${bold(session.name)}.`));
+    } else if (reason && reason.startsWith('session exited')) {
+      console.log(dim(`  Session ${bold(session.name)} ended.`));
+    } else {
+      console.log(dim(`  Disconnected from ${bold(session.name)}.`));
+    }
+  } catch (err) {
+    console.error(red(`  Connection failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+async function list() {
+  const saved = readConnectionConfig();
+  const host = (saved && saved.host) || 'localhost';
+  const port = (saved && saved.port) || 3456;
+  let password = (saved && saved.password) || null;
+  const connHost = host === 'localhost' ? '127.0.0.1' : host;
+  const baseUrl = `http://${connHost}:${port}`;
+  const displayUrl = `http://${connHost === '127.0.0.1' ? 'localhost' : connHost}:${port}`;
+
+  let sessions;
+  try {
+    sessions = await fetchSessions(baseUrl, password);
+  } catch (err) {
+    if (err.message === 'unauthorized') {
+      if (!password) {
+        const rl = createRL();
+        password = await ask(rl, `  Password for ${displayUrl}:`);
+        rl.close();
+        try {
+          sessions = await fetchSessions(baseUrl, password);
+        } catch {
+          console.error(red('  Authentication failed.'));
+          process.exit(1);
+        }
+      } else {
+        console.error(red('  Authentication failed.'));
+        process.exit(1);
+      }
+    } else if (err.code === 'ECONNREFUSED') {
+      console.log(dim('  No TermBeam server is running.'));
+      return;
+    } else {
+      console.error(red(`  Connection failed: ${err.message}`));
+      process.exit(1);
+    }
+  }
+
+  if (sessions.length === 0) {
+    console.log(dim('  No active sessions.'));
+    return;
+  }
+
+  console.log('');
+  console.log(
+    bold(`  ${sessions.length} session${sessions.length !== 1 ? 's' : ''} on ${displayUrl}`),
+  );
+  console.log('');
+
+  // Table header
+  const nameW = Math.max(6, ...sessions.map((s) => s.name.length));
+  const cwdW = Math.max(4, ...sessions.map((s) => s.cwd.length));
+
+  console.log(
+    dim(
+      `  ${'NAME'.padEnd(nameW)}  ${'ID'.padEnd(8)}  ${'CWD'.padEnd(cwdW)}  ${'UPTIME'.padEnd(8)}  CLIENTS`,
+    ),
+  );
+
+  for (const s of sessions) {
+    const uptime = formatUptime(s.createdAt);
+    console.log(
+      `  ${bold(s.name.padEnd(nameW))}  ${dim(shortId(s.id).padEnd(8))}  ${s.cwd.padEnd(cwdW)}  ${uptime.padEnd(8)}  ${s.clients}`,
+    );
+  }
+  console.log('');
+}
+
+module.exports = {
+  resume,
+  list,
+  writeConnectionConfig,
+  removeConnectionConfig,
+  readConnectionConfig,
+  printResumeHelp,
+  parseDetachKey,
+  CONFIG_DIR,
+  CONNECTION_FILE,
+};

package/src/routes.js

@@ -69,7 +69,7 @@ function setupRoutes(app, { auth, sessions, config, state }) {
       const token = auth.generateToken();
       res.cookie('pty_token', token, {
         httpOnly: true,
-        sameSite: 'lax',
+        sameSite: 'strict',
         maxAge: 24 * 60 * 60 * 1000,
         secure: req.secure,
       });
@@ -99,7 +99,7 @@ function setupRoutes(app, { auth, sessions, config, state }) {
       const token = auth.generateToken();
       res.cookie('pty_token', token, {
         httpOnly: true,
-        sameSite: 'lax',
+        sameSite: 'strict',
         maxAge: 24 * 60 * 60 * 1000,
         secure: req.secure,
       });
@@ -308,6 +308,112 @@ function setupRoutes(app, { auth, sessions, config, state }) {
     res.sendFile(filepath);
   });
 
+  // General file upload to a session's working directory
+  app.post('/api/sessions/:id/upload', apiRateLimit, auth.middleware, (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) {
+      return res.status(404).json({ error: 'Session not found' });
+    }
+
+    const rawName = req.headers['x-filename'];
+    if (!rawName || typeof rawName !== 'string') {
+      return res.status(400).json({ error: 'Missing X-Filename header' });
+    }
+
+    // Sanitize: take only the basename, strip control chars, collapse whitespace
+    const sanitized = path
+      .basename(rawName)
+      .replace(/[\x00-\x1f]/g, '')
+      .replace(/\s+/g, ' ')
+      .trim();
+    if (!sanitized || sanitized === '.' || sanitized === '..') {
+      return res.status(400).json({ error: 'Invalid filename' });
+    }
+
+    // Resolve target directory: optional X-Target-Dir header, falls back to session cwd
+    const rawTargetDir = req.headers['x-target-dir'];
+    let targetDir = session.cwd;
+    if (rawTargetDir && typeof rawTargetDir === 'string') {
+      if (!path.isAbsolute(rawTargetDir)) {
+        return res.status(400).json({ error: 'Target directory must be an absolute path' });
+      }
+      const resolved = path.resolve(rawTargetDir);
+      try {
+        if (fs.statSync(resolved).isDirectory()) {
+          targetDir = resolved;
+        } else {
+          return res.status(400).json({ error: 'Target directory is not a directory' });
+        }
+      } catch {
+        return res.status(400).json({ error: 'Target directory does not exist' });
+      }
+    }
+    // Defense-in-depth: ensure destPath is still inside targetDir after join
+    const destPath = path.join(targetDir, sanitized);
+    if (
+      !path.resolve(destPath).startsWith(path.resolve(targetDir) + path.sep) &&
+      path.resolve(destPath) !== path.resolve(targetDir)
+    ) {
+      return res.status(400).json({ error: 'Invalid filename' });
+    }
+
+    const chunks = [];
+    let size = 0;
+    let aborted = false;
+    const limit = 10 * 1024 * 1024;
+
+    req.on('data', (chunk) => {
+      if (aborted) return;
+      size += chunk.length;
+      if (size > limit) {
+        aborted = true;
+        log.warn(`File upload rejected: too large (${size} bytes)`);
+        res.status(413).json({ error: 'File too large (max 10 MB)' });
+        req.resume();
+        return;
+      }
+      chunks.push(chunk);
+    });
+
+    req.on('end', () => {
+      if (aborted) return;
+      const buffer = Buffer.concat(chunks);
+      if (!buffer.length) {
+        return res.status(400).json({ error: 'Empty file' });
+      }
+
+      // Atomic write with dedup: use wx flag to fail on existing file, retry with suffix
+      const ext = path.extname(sanitized);
+      const base = path.basename(sanitized, ext);
+      let destPath = path.join(targetDir, sanitized);
+      let written = false;
+      for (let n = 0; n < 100; n++) {
+        const candidate = n === 0 ? destPath : path.join(targetDir, `${base} (${n})${ext}`);
+        try {
+          fs.writeFileSync(candidate, buffer, { flag: 'wx' });
+          destPath = candidate;
+          written = true;
+          break;
+        } catch (err) {
+          if (err.code === 'EEXIST') continue;
+          log.error(`File upload write error: ${err.message}`);
+          return res.status(500).json({ error: 'Failed to write file' });
+        }
+      }
+      if (!written) {
+        return res.status(409).json({ error: 'Too many filename collisions' });
+      }
+      const finalName = path.basename(destPath);
+      log.info(`File upload: ${finalName} → ${targetDir} (${buffer.length} bytes)`);
+      res.json({ name: finalName, path: destPath, size: buffer.length });
+    });
+
+    req.on('error', (err) => {
+      log.error(`File upload error: ${err.message}`);
+      res.status(500).json({ error: 'Upload failed' });
+    });
+  });
+
   // Directory listing for folder browser
   app.get('/api/dirs', apiRateLimit, auth.middleware, (req, res) => {
     const query = req.query.q || config.cwd + path.sep;