fix: address PR review comments

- Add nonce parameter to terminal navigation to allow reopening same worktree multiple times - Fix shell path escaping in editor.ts using single-quote wrapper - Add validatePathParams middleware to open-in-external-terminal route - Remove redundant validation block from createOpenInExternalTerminalHandler - Remove unused pendingTerminal state and setPendingTerminal action - Remove unused getTerminalInfo function from editor.ts
2026-02-02 08:33:36 +00:00 · 2026-01-17 23:09:23 +01:00
parent 111eb24856
commit 9529afbbaa
7 changed files with 36 additions and 81 deletions
--- a/apps/server/src/routes/worktree/index.ts
+++ b/apps/server/src/routes/worktree/index.ts
@@ -117,7 +117,11 @@ export function createWorktreeRoutes(
  router.get('/available-terminals', createGetAvailableTerminalsHandler());
  router.get('/default-terminal', createGetDefaultTerminalHandler());
  router.post('/refresh-terminals', createRefreshTerminalsHandler());
-  router.post('/open-in-external-terminal', createOpenInExternalTerminalHandler());
+  router.post(
+    '/open-in-external-terminal',
+    validatePathParams('worktreePath'),
+    createOpenInExternalTerminalHandler()
+  );

  router.post('/init-git', validatePathParams('projectPath'), createInitGitHandler());
  router.post('/migrate', createMigrateHandler());
--- a/apps/server/src/routes/worktree/routes/open-in-terminal.ts
+++ b/apps/server/src/routes/worktree/routes/open-in-terminal.ts
@@ -144,42 +144,20 @@ export function createRefreshTerminalsHandler() {
 export function createOpenInExternalTerminalHandler() {
  return async (req: Request, res: Response): Promise<void> => {
    try {
+      // worktreePath is validated by validatePathParams middleware
      const { worktreePath, terminalId } = req.body as {
        worktreePath: string;
        terminalId?: string;
      };

-      if (!worktreePath) {
-        res.status(400).json({
-          success: false,
-          error: 'worktreePath required',
-        });
-        return;
-      }
-
-      // Security: Validate that worktreePath is an absolute path
-      if (!isAbsolute(worktreePath)) {
-        res.status(400).json({
-          success: false,
-          error: 'worktreePath must be an absolute path',
-        });
-        return;
-      }
-
-      try {
-        const result = await openInExternalTerminal(worktreePath, terminalId);
-        res.json({
-          success: true,
-          result: {
-            message: `Opened ${worktreePath} in ${result.terminalName}`,
-            terminalName: result.terminalName,
-          },
-        });
-      } catch (terminalError) {
-        // Terminal failed to open
-        logger.warn(`Failed to open in terminal: ${getErrorMessage(terminalError)}`);
-        throw terminalError;
-      }
+      const result = await openInExternalTerminal(worktreePath, terminalId);
+      res.json({
+        success: true,
+        result: {
+          message: `Opened ${worktreePath} in ${result.terminalName}`,
+          terminalName: result.terminalName,
+        },
+      });
    } catch (error) {
      logError(error, 'Open in external terminal failed');
      res.status(500).json({ success: false, error: getErrorMessage(error) });