UNPKG

@kaifronsdal/transcript-viewer

Version:

A web-based viewer for AI conversation transcripts with rollback support

github.com/kaifronsdal/AutoAlignmentAuditor

kaifronsdal/AutoAlignmentAuditor

106 lines (87 loc) 2.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import path from 'path'; /** * Server-side file path utilities with full validation */ /** * Validate that a file path is safe and appropriate for transcript loading */ export function validateFilePath(filePath: string): boolean { // Check for empty or null paths if (!filePath || typeof filePath !== 'string') { return false; } // Normalize the path to check for directory traversal const normalized = path.normalize(filePath); // Reject paths that try to go up directories if (normalized.includes('../') || normalized.startsWith('/')) { return false; } // Reject paths with null bytes (security) if (normalized.includes('\0')) { return false; } // Must end with .json if (!normalized.endsWith('.json')) { return false; } // Must start with transcript_ filename const filename = path.basename(normalized); if (!filename.startsWith('transcript_')) { return false; } return true; } /** * Parse and validate URL path segments server-side */ export function parseAndValidateUrlPath(pathSegments: string[]): string { if (!pathSegments || pathSegments.length === 0) { throw new Error('Invalid path: empty path segments'); } // Decode each segment const decodedSegments = pathSegments.map(segment => { try { return decodeURIComponent(segment); } catch (error) { throw new Error(`Invalid URL encoding in path segment: ${segment}`); } }); // Join segments into a file path const filePath = decodedSegments.join('/'); // Validate the resulting path if (!validateFilePath(filePath)) { throw new Error(`Invalid or unsafe file path: ${filePath}`); } return filePath; } /** * Normalize a file path to consistent format */ export function normalizeFilePath(filePath: string): string { if (!filePath) { throw new Error('Invalid file path: empty string'); } // Remove leading slash if present const cleanPath = filePath.startsWith('/') ? filePath.slice(1) : filePath; // Normalize path separators for cross-platform compatibility return path.normalize(cleanPath).replace(/\\\\/g, '/'); } /** * Extract directory name from file path */ export function extractDirectoryName(filePath: string): string { const dirname = path.dirname(filePath); return dirname === '.' ? 'root' : dirname; } /** * Extract filename without extension */ export function extractFilenameWithoutExtension(filePath: string): string { return path.basename(filePath, '.json'); } /** * Check if a path represents a transcript file */ export function isTranscriptFile(filePath: string): boolean { return validateFilePath(filePath); }