mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-11 08:55:42 +08:00
Merge branch 'main' into camoufox-novnc-browser-use
This commit is contained in:
@@ -318,6 +318,22 @@ export const chatRunRegistry = {
|
||||
run.writer.sendComplete(opts);
|
||||
},
|
||||
|
||||
/**
|
||||
* Safety-net variant of `completeRun` scoped to one specific run: a no-op
|
||||
* unless `run` is still the session's current, running run. A runtime
|
||||
* promise can resolve after its own `complete` already streamed AND a new
|
||||
* run has replaced it in the registry (a queued message sends within
|
||||
* milliseconds of the previous turn ending) — the session-keyed
|
||||
* `completeRun` would terminate that newer run.
|
||||
*/
|
||||
completeRunIfCurrent(run: ChatRun, opts: { exitCode: number; aborted?: boolean }): void {
|
||||
if (runs.get(run.appSessionId) !== run || run.status !== 'running') {
|
||||
return;
|
||||
}
|
||||
|
||||
run.writer.sendComplete(opts);
|
||||
},
|
||||
|
||||
/**
|
||||
* Test-only escape hatch: clears every tracked run.
|
||||
*/
|
||||
|
||||
@@ -1,8 +1,11 @@
|
||||
import path from 'node:path';
|
||||
|
||||
import type { WebSocket } from 'ws';
|
||||
|
||||
import { sessionsDb } from '@/modules/database/index.js';
|
||||
import { chatRunRegistry } from '@/modules/websocket/services/chat-run-registry.service.js';
|
||||
import { connectedClients, WS_OPEN_STATE } from '@/modules/websocket/services/websocket-state.service.js';
|
||||
import { getGlobalImageAssetsDir, normalizeImageDescriptors } from '@/shared/image-attachments.js';
|
||||
import type {
|
||||
AnyRecord,
|
||||
AuthenticatedWebSocketRequest,
|
||||
@@ -10,6 +13,37 @@ import type {
|
||||
} from '@/shared/types.js';
|
||||
import { parseIncomingJsonObject } from '@/shared/utils.js';
|
||||
|
||||
/**
|
||||
* Trust boundary for client-supplied image attachments: chat.send options come
|
||||
* straight from the browser, and the provider runtimes read the referenced
|
||||
* files off disk (Claude base64-encodes them into the prompt). Only images
|
||||
* that live directly inside the global upload store (`~/.cloudcli/assets`,
|
||||
* where POST /api/assets/images puts them) are allowed through — anything
|
||||
* else (absolute paths elsewhere, traversal, subdirectories) is dropped.
|
||||
*
|
||||
* Exported for tests; `assetsRootOverride` exists only for them.
|
||||
*/
|
||||
export function filterImagesToUploadStore(images: unknown, assetsRootOverride?: string): AnyRecord[] {
|
||||
const assetsRoot = path.resolve(assetsRootOverride ?? getGlobalImageAssetsDir());
|
||||
|
||||
return normalizeImageDescriptors(images).filter((descriptor) => {
|
||||
// Relative paths are anchored in the store; absolute ones must already be in it.
|
||||
const resolved = path.resolve(assetsRoot, descriptor.path);
|
||||
const relative = path.relative(assetsRoot, resolved);
|
||||
const isDirectChild =
|
||||
relative.length > 0 &&
|
||||
!relative.startsWith('..') &&
|
||||
!path.isAbsolute(relative) &&
|
||||
!relative.includes(path.sep) &&
|
||||
!relative.includes('/');
|
||||
|
||||
if (!isDirectChild) {
|
||||
console.warn(`[Chat] Dropping image outside the upload store: ${descriptor.path}`);
|
||||
}
|
||||
return isDirectChild;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* One provider runtime entry point. All five runtimes share this signature,
|
||||
* which lets the chat handler dispatch through a provider-keyed map instead
|
||||
@@ -161,6 +195,9 @@ async function handleChatSend(
|
||||
// gateway writer captures and maps back to the app session id.
|
||||
const runtimeOptions: AnyRecord = {
|
||||
...clientOptions,
|
||||
// Image attachments are re-validated server-side: only files inside the
|
||||
// global upload store may reach the provider runtimes' file reads.
|
||||
images: filterImagesToUploadStore(clientOptions.images),
|
||||
sessionId: session.provider_session_id ?? undefined,
|
||||
resume: Boolean(session.provider_session_id),
|
||||
cwd: clientOptions.cwd ?? session.project_path ?? undefined,
|
||||
@@ -175,8 +212,10 @@ async function handleChatSend(
|
||||
} finally {
|
||||
// Safety net: a runtime that crashed (or resolved) without emitting its
|
||||
// terminal `complete` would otherwise leave the session stuck in
|
||||
// "processing" forever on every connected client.
|
||||
chatRunRegistry.completeRun(sessionId, { exitCode: 1 });
|
||||
// "processing" forever on every connected client. Scoped to THIS run —
|
||||
// a queued message can start the session's next run before this promise
|
||||
// settles, and the session-keyed completeRun would kill that new run.
|
||||
chatRunRegistry.completeRunIfCurrent(run, { exitCode: 1 });
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -146,14 +146,6 @@ function buildShellCommand(
|
||||
return 'codex';
|
||||
}
|
||||
|
||||
if (provider === 'gemini') {
|
||||
const command = initialCommand || 'gemini';
|
||||
if (resumeSessionId) {
|
||||
return `${command} --resume "${resumeSessionId}"`;
|
||||
}
|
||||
return command;
|
||||
}
|
||||
|
||||
if (provider === 'opencode') {
|
||||
if (resumeSessionId) {
|
||||
return `opencode --session "${resumeSessionId}"`;
|
||||
@@ -477,9 +469,7 @@ export function handleShellConnection(
|
||||
? 'Cursor'
|
||||
: provider === 'codex'
|
||||
? 'Codex'
|
||||
: provider === 'gemini'
|
||||
? 'Gemini'
|
||||
: provider === 'opencode'
|
||||
: provider === 'opencode'
|
||||
? 'OpenCode'
|
||||
: 'Claude';
|
||||
welcomeMsg = hasSession && resumeSessionId
|
||||
|
||||
Reference in New Issue
Block a user