From 4b553d67d4cf26596af881997bfdb0e80b989bc9 Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Mon, 29 Dec 2025 14:14:20 -0600
Subject: [PATCH] Update main.go to allow HOST environment variable for host
 binding and improve error handling in API response. Update app.go to enforce
 stricter file permissions and ensure valid file paths when loading files.

---
 desktop/app.go  | 12 +++++++++---
 desktop/main.go |  1 -
 main.go         |  9 +++++++--
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/desktop/app.go b/desktop/app.go
index 9892eda..1d32f21 100644
--- a/desktop/app.go
+++ b/desktop/app.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/wailsapp/wails/v2/pkg/runtime"
@@ -128,7 +129,7 @@ func (a *App) SaveFile(filename string, content string) error {
 		return nil // Cancelled
 	}
 
-	return os.WriteFile(filePath, []byte(content), 0644)
+	return os.WriteFile(filePath, []byte(content), 0600)
 }
 
 // LoadFile shows an open dialog and returns the content of the selected file
@@ -150,10 +151,15 @@ func (a *App) LoadFile() (string, error) {
 		return "", nil // Cancelled
 	}
 
-	content, err := os.ReadFile(filePath)
+	absPath, err := filepath.Abs(filePath)
+	if err != nil {
+		return "", fmt.Errorf("invalid file path: %w", err)
+	}
+	cleanPath := filepath.Clean(absPath)
+
+	content, err := os.ReadFile(cleanPath)
 	if err != nil {
 		return "", err
 	}
 	return string(content), nil
 }
-
diff --git a/desktop/main.go b/desktop/main.go
index f2ee1ae..700e968 100644
--- a/desktop/main.go
+++ b/desktop/main.go
@@ -50,4 +50,3 @@ func main() {
 		println("Error:", err.Error())
 	}
 }
-
diff --git a/main.go b/main.go
index 3b90a42..4ec47e6 100644
--- a/main.go
+++ b/main.go
@@ -78,6 +78,10 @@ func main() {
 		}
 	}
 
+	if hostEnv := os.Getenv("HOST"); hostEnv != "" {
+		*host = hostEnv
+	}
+
 	if *port == "" {
 		*port = os.Getenv("PORT")
 		if *port == "" {
@@ -90,7 +94,9 @@ func main() {
 
 	http.HandleFunc("/api/ping", cors(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		w.Write([]byte(`{"status":"ok"}`))
+		if _, err := w.Write([]byte(`{"status":"ok"}`)); err != nil {
+			log.Printf("Error writing response: %v", err)
+		}
 	}))
 
 	// Static Assets
@@ -138,4 +144,3 @@ func main() {
 		log.Fatal(err)
 	}
 }
-