some styling cleanup

This commit is contained in:
Nystik
2026-03-17 12:38:30 +01:00
parent c70b9e9d0f
commit 0738c47ac5
27 changed files with 479 additions and 105 deletions

View File

@@ -9,6 +9,7 @@ const router = express.Router();
function getVaultRoot(req, res) {
const vaultId = req.query.vault || req.body?.vault || config.defaultVaultId;
const vaultPath = config.getVaultPath(vaultId);
if (!vaultPath) {
res.status(404).json({ error: "Vault not found", id: vaultId });
return null;
@@ -21,39 +22,35 @@ function getVaultRoot(req, res) {
function resolveVaultPath(vaultRoot, relativePath) {
const cleaned = (relativePath || "").replace(/^\/+/, "");
const resolved = path.resolve(vaultRoot, cleaned);
if (!resolved.startsWith(path.resolve(vaultRoot))) {
return null;
}
return resolved;
}
function guardPath(req, res) {
function guardPath(req, res, source = "query") {
const vaultRoot = getVaultRoot(req, res);
if (!vaultRoot) return null;
const p = req.query.path ?? req.body?.path;
if (!vaultRoot) {
return null;
}
const p = source === "body" ? req.body?.path : req.query.path;
if (p === undefined || p === null) {
res.status(400).json({ error: "Missing path parameter" });
return null;
}
// Empty string = vault root, which is valid
const resolved = resolveVaultPath(vaultRoot, p);
if (!resolved) {
res.status(403).json({ error: "Path traversal rejected" });
return null;
}
req._vaultRoot = vaultRoot;
return resolved;
}
// Same as guardPath but reads path from req.body (POST routes)
function guardBodyPath(req, res) {
const vaultRoot = getVaultRoot(req, res);
if (!vaultRoot) return null;
const resolved = resolveVaultPath(vaultRoot, req.body?.path);
if (!resolved) {
res.status(403).json({ error: "Invalid path" });
return null;
}
req._vaultRoot = vaultRoot;
return resolved;
}
@@ -61,9 +58,14 @@ function guardBodyPath(req, res) {
// GET /api/fs/stat?path=...
router.get("/stat", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
const stat = await fs.promises.stat(resolved);
res.json({
type: stat.isDirectory() ? "directory" : "file",
size: stat.size,
@@ -80,18 +82,25 @@ router.get("/stat", async (req, res) => {
// GET /api/fs/readdir?path=...
router.get("/readdir", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
// Check if path is a file. return ENOTDIR instead of crashing
const stat = await fs.promises.stat(resolved);
if (!stat.isDirectory()) {
return res
.status(400)
.json({ error: "ENOTDIR: not a directory", code: "ENOTDIR" });
}
const entries = await fs.promises.readdir(resolved, {
withFileTypes: true,
});
res.json(
entries.map((e) => ({
name: e.name,
@@ -108,22 +117,30 @@ router.get("/readdir", async (req, res) => {
// GET /api/fs/readFile?path=...&encoding=...
router.get("/readFile", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
// Check if path is a directory
const stat = await fs.promises.stat(resolved);
if (stat.isDirectory()) {
return res.status(400).json({
error: "EISDIR: illegal operation on a directory",
code: "EISDIR",
});
}
const encoding = req.query.encoding;
if (encoding === "utf8" || encoding === "utf-8") {
const data = await fs.promises.readFile(resolved, "utf-8");
res.type("text/plain").send(data);
} else {
const data = await fs.promises.readFile(resolved);
res.type("application/octet-stream").send(data);
}
} catch (e) {
@@ -135,8 +152,12 @@ router.get("/readFile", async (req, res) => {
// POST /api/fs/writeFile { path, content, encoding?, vault? }
router.post("/writeFile", async (req, res) => {
const resolved = guardBodyPath(req, res);
if (!resolved) return;
const resolved = guardPath(req, res, "body");
if (!resolved) {
return;
}
try {
// Ensure parent directory exists
const dir = path.dirname(resolved);
@@ -144,15 +165,19 @@ router.post("/writeFile", async (req, res) => {
const encoding = req.body.encoding || "utf-8";
let data = req.body.content;
if (req.body.base64) {
data = Buffer.from(req.body.content, "base64");
}
await fs.promises.writeFile(
resolved,
data,
encoding === "binary" ? undefined : encoding,
);
const stat = await fs.promises.stat(resolved);
res.json({ ok: true, mtime: stat.mtimeMs, size: stat.size });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -161,10 +186,15 @@ router.post("/writeFile", async (req, res) => {
// POST /api/fs/appendFile { path, content, vault? }
router.post("/appendFile", async (req, res) => {
const resolved = guardBodyPath(req, res);
if (!resolved) return;
const resolved = guardPath(req, res, "body");
if (!resolved) {
return;
}
try {
await fs.promises.appendFile(resolved, req.body.content, "utf-8");
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -173,10 +203,15 @@ router.post("/appendFile", async (req, res) => {
// POST /api/fs/mkdir { path, recursive?, vault? }
router.post("/mkdir", async (req, res) => {
const resolved = guardBodyPath(req, res);
if (!resolved) return;
const resolved = guardPath(req, res, "body");
if (!resolved) {
return;
}
try {
await fs.promises.mkdir(resolved, { recursive: !!req.body.recursive });
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -186,13 +221,21 @@ router.post("/mkdir", async (req, res) => {
// POST /api/fs/rename { oldPath, newPath, vault? }
router.post("/rename", async (req, res) => {
const vaultRoot = getVaultRoot(req, res);
if (!vaultRoot) return;
if (!vaultRoot) {
return;
}
const oldResolved = resolveVaultPath(vaultRoot, req.body?.oldPath);
const newResolved = resolveVaultPath(vaultRoot, req.body?.newPath);
if (!oldResolved || !newResolved)
if (!oldResolved || !newResolved) {
return res.status(403).json({ error: "Invalid path" });
}
try {
await fs.promises.rename(oldResolved, newResolved);
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -202,13 +245,21 @@ router.post("/rename", async (req, res) => {
// POST /api/fs/copyFile { src, dest, vault? }
router.post("/copyFile", async (req, res) => {
const vaultRoot = getVaultRoot(req, res);
if (!vaultRoot) return;
if (!vaultRoot) {
return;
}
const srcResolved = resolveVaultPath(vaultRoot, req.body?.src);
const destResolved = resolveVaultPath(vaultRoot, req.body?.dest);
if (!srcResolved || !destResolved)
if (!srcResolved || !destResolved) {
return res.status(403).json({ error: "Invalid path" });
}
try {
await fs.promises.copyFile(srcResolved, destResolved);
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -218,12 +269,18 @@ router.post("/copyFile", async (req, res) => {
// DELETE /api/fs/unlink?path=...
router.delete("/unlink", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
await fs.promises.unlink(resolved);
res.json({ ok: true });
} catch (e) {
const status = e.code === "ENOENT" ? 404 : 500;
res.status(status).json({ error: e.message, code: e.code });
}
});
@@ -231,9 +288,14 @@ router.delete("/unlink", async (req, res) => {
// DELETE /api/fs/rmdir?path=...
router.delete("/rmdir", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
await fs.promises.rmdir(resolved);
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -243,7 +305,11 @@ router.delete("/rmdir", async (req, res) => {
// DELETE /api/fs/rm?path=...&recursive=true
router.delete("/rm", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
await fs.promises.rm(resolved, {
recursive: req.query.recursive === "true",
@@ -254,12 +320,16 @@ router.delete("/rm", async (req, res) => {
}
});
// GET /api/fs/access?path=...
router.get("/access", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
await fs.promises.access(resolved);
res.json({ ok: true });
} catch (e) {
res
@@ -268,13 +338,16 @@ router.get("/access", async (req, res) => {
}
});
// GET /api/fs/realpath?path=...
router.get("/realpath", async (req, res) => {
const resolved = guardPath(req, res);
if (!resolved) return;
if (!resolved) {
return;
}
try {
const real = await fs.promises.realpath(resolved);
// Return path relative to vault root
res.json({ path: path.relative(req._vaultRoot, real) });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });
@@ -283,8 +356,12 @@ router.get("/realpath", async (req, res) => {
// POST /api/fs/utimes { path, atime, mtime, vault? }
router.post("/utimes", async (req, res) => {
const resolved = guardBodyPath(req, res);
if (!resolved) return;
const resolved = guardPath(req, res, "body");
if (!resolved) {
return;
}
try {
await fs.promises.utimes(
resolved,
@@ -300,23 +377,36 @@ router.post("/utimes", async (req, res) => {
// GET /api/fs/tree?path=...&vault=... returns full recursive file tree with metadata
router.get("/tree", async (req, res) => {
const vaultRoot = getVaultRoot(req, res);
if (!vaultRoot) return;
if (!vaultRoot) {
return;
}
const rootPath = req.query.path
? resolveVaultPath(vaultRoot, req.query.path)
: vaultRoot;
if (!rootPath) return res.status(403).json({ error: "Invalid path" });
if (!rootPath) {
return res.status(403).json({ error: "Invalid path" });
}
try {
const tree = {};
async function walk(dir, prefix) {
const entries = await fs.promises.readdir(dir, { withFileTypes: true });
for (const entry of entries) {
const rel = prefix ? prefix + "/" + entry.name : entry.name;
const full = path.join(dir, entry.name);
if (entry.isDirectory()) {
tree[rel] = { type: "directory" };
await walk(full, rel);
} else {
const stat = await fs.promises.stat(full);
tree[rel] = {
type: "file",
size: stat.size,
@@ -326,7 +416,9 @@ router.get("/tree", async (req, res) => {
}
}
}
await walk(rootPath, "");
res.json(tree);
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });

View File

@@ -2,10 +2,11 @@ const express = require("express");
const router = express.Router();
// POST /api/proxy - forward a request to an external URL (bypasses browser CORS)
// Used by the requestUrl shim for plugin installation, update checks, etc.
// POST /api/proxy - forward a request to an external URL to bypass CORS
// Used by the requestUrl shim for plugin installation, etc.
router.post("/", async (req, res) => {
const { url, method, headers, body, binary } = req.body;
if (!url) {
return res.status(400).json({ error: "Missing url" });
}
@@ -15,6 +16,7 @@ router.post("/", async (req, res) => {
method: method || "GET",
headers: headers || {},
};
if (body && method !== "GET" && method !== "HEAD") {
if (binary && typeof body === "string") {
fetchOpts.body = Buffer.from(body, "base64");

View File

@@ -8,11 +8,13 @@ const router = express.Router();
// GET /api/vault/list - returns all discovered vaults (re-scans on each call)
router.get("/list", (req, res) => {
config.refreshVaults();
const list = Object.entries(config.vaults).map(([id, vaultPath]) => ({
id,
name: id,
path: vaultPath,
}));
res.json(list);
});
@@ -20,9 +22,11 @@ router.get("/list", (req, res) => {
router.get("/info", (req, res) => {
const vaultId = req.query.vault || config.defaultVaultId;
const vaultPath = config.getVaultPath(vaultId);
if (!vaultPath) {
return res.status(404).json({ error: "Vault not found", id: vaultId });
}
res.json({
id: vaultId,
name: vaultId,
@@ -35,21 +39,27 @@ router.get("/info", (req, res) => {
// POST /api/vault/create { name } - create a new vault in VAULT_ROOT
router.post("/create", async (req, res) => {
const name = req.body?.name;
if (!name || /[\/\\:*?"<>|]/.test(name)) {
return res.status(400).json({ error: "Invalid vault name" });
}
const vaultPath = path.join(config.vaultRoot, name);
try {
await fs.promises.mkdir(vaultPath, { recursive: false });
await fs.promises.mkdir(path.join(vaultPath, ".obsidian"), {
recursive: false,
});
config.refreshVaults();
res.json({ ok: true, id: name, path: vaultPath });
} catch (e) {
if (e.code === "EEXIST") {
return res.status(409).json({ error: "Vault already exists" });
}
res.status(500).json({ error: e.message, code: e.code });
}
});
@@ -58,12 +68,16 @@ router.post("/create", async (req, res) => {
router.delete("/remove", async (req, res) => {
const vaultId = req.query.vault;
const vaultPath = config.getVaultPath(vaultId);
if (!vaultPath) {
return res.status(404).json({ error: "Vault not found" });
}
try {
await fs.promises.rm(vaultPath, { recursive: true });
config.refreshVaults();
res.json({ ok: true });
} catch (e) {
res.status(500).json({ error: e.message, code: e.code });