Update server.js

server.js

@@ -4,241 +4,421 @@ import fs from "fs-extra";
 import path from "path";
 import { spawn, exec } from "child_process";
 import httpProxy from "http-proxy";
+import os from "os";
 
+/**
+ * ============================================================
+ * CONFIGURATION & CONSTANTS
+ * ============================================================
+ */
 const app = express();
-
-// ================= 1. SECURITY & IFRAME HEADERS =================
-// Ye block Iframe connection refused aur CSP errors ko fix karta hai
-app.use((req, res, next) => {
-  const allowedOrigin = "https://avneesh123-autodev-mark2.hf.space";
-  
-  res.removeHeader("X-Frame-Options");
-  // Content-Security-Policy: Sirf tera frontend is engine ko embed kar payega
-  res.setHeader(
-    "Content-Security-Policy",
-    `frame-ancestors 'self' ${allowedOrigin} https://*.hf.space`
-  );
-  res.setHeader("X-Frame-Options", "ALLOWALL");
-  next();
-});
-
-const PORT = 7860;
-const VITE_PORT = 5173;
+const PORT = 7860; // Hugging Face default port
+const VITE_PORT = 5173; // Internal Vite dev server port
 const PROJECT_DIR = path.join(process.cwd(), "project");
+
+// Security Credentials
 const MASTER_KEY = "AVNEESH_GOD_MODE_777";
+const PREVIEW_SECRET = "AUTODEV_PREVIEW_777";
+const FRONTEND_URL = "https://avneesh123-autodev-mark2.hf.space";
 
+// State Management
 let viteProcess = null;
 let isBooting = false;
 let buildRetryCount = 0;
-const MAX_RETRIES = 3;
+const MAX_RETRIES = 5;
+let lastActivityTime = Date.now();
+const IDLE_TIMEOUT = 15 * 60 * 1000; // 15 Minutes
 
-// ================= 2. PERSISTENCE & LOCKS =================
-const FOUNDATION_LOCK = path.join(process.cwd(), ".foundation_lock");
+// Persistence Locks
 const DEPS_LOCK = path.join(process.cwd(), ".deps_lock");
+const FOUNDATION_LOCK = path.join(process.cwd(), ".foundation_lock");
 
-/* ================= 3. LOGGING SYSTEM ================= */
+/**
+ * ============================================================
+ * LOGGING SYSTEM (SSE)
+ * ============================================================
+ */
 let logs = [];
 let clients = new Set();
 
 function pushLog(message, type = "info") {
-  const entry = {
-    id: Date.now() + Math.random(),
-    time: new Date().toLocaleTimeString(),
-    message,
-    type 
-  };
-  logs.push(entry);
-  if (logs.length > 500) logs.shift();
-  const payload = `data: ${JSON.stringify(entry)}\n\n`;
-  clients.forEach(c => {
-    try { c.write(payload); } catch { clients.delete(c); }
-  });
-  console.log(`[${type.toUpperCase()}] ${message}`);
+    const entry = {
+        id: Date.now() + Math.random(),
+        time: new Date().toLocaleTimeString(),
+        timestamp: Date.now(),
+        message,
+        type // info | error | success | warning | system
+    };
+    
+    logs.push(entry);
+    if (logs.length > 1000) logs.shift(); // Max 1000 logs in memory
+
+    const payload = `data: ${JSON.stringify(entry)}\n\n`;
+    clients.forEach(client => {
+        try {
+            client.write(payload);
+        } catch (err) {
+            clients.delete(client);
+        }
+    });
+    
+    console.log(`[${type.toUpperCase()}] ${message}`);
 }
 
-/* ================= 4. MIDDLEWARE & CORS ================= */
-const ALLOWED_ORIGINS = [
-  "https://avneesh123-autodev-mark2.hf.space",
-  "https://avneesh123-autodev-mark2-engine.hf.space",
-  "http://localhost:5173",
-];
-
-app.use(cors({
-  origin: (origin, callback) => {
-    if (!origin || ALLOWED_ORIGINS.includes(origin) || origin.endsWith(".hf.space")) {
-      return callback(null, true);
-    }
-    callback(new Error("CORS_DENIED"));
-  },
-  credentials: true
-}));
-
-app.use(express.json({ limit: "50mb" }));
+/**
+ * ============================================================
+ * SECURITY MIDDLEWARE (THE LOCKDOWN)
+ * ============================================================
+ */
 
-if (!fs.existsSync(PROJECT_DIR)) {
-  fs.mkdirSync(PROJECT_DIR, { recursive: true });
-}
+// 1. Iframe & CSP Lockdown
+app.use((req, res, next) => {
+    // Remove default headers that might block embedding
+    res.removeHeader("X-Frame-Options");
+    res.removeHeader("Content-Security-Policy");
+
+    // Allow only YOUR frontend to embed this engine
+    res.setHeader(
+        "Content-Security-Policy",
+        `frame-ancestors 'self' ${FRONTEND_URL}`
+    );
+    res.setHeader("X-Frame-Options", "ALLOW-FROM " + FRONTEND_URL);
+    res.setHeader("Access-Control-Allow-Credentials", "true");
+    
+    next();
+});
 
-/* ================= 5. VITE PROCESS MANAGER ================= */
-function killVite() {
-  return new Promise((resolve) => {
-    if (viteProcess) {
-      pushLog("[SYSTEM] Killing existing Vite process", "system");
-      viteProcess.kill("SIGKILL");
-      viteProcess = null;
+// 2. Direct Access & Secret Key Enforcement
+const privateAccessCheck = (req, res, next) => {
+    const isApiRequest = req.path.startsWith("/api") || req.path === "/health";
+    
+    if (!isApiRequest) {
+        const querySecret = req.query["__autodev"];
+        const headerSecret = req.headers["x-autodev-preview"];
+
+        if (querySecret !== PREVIEW_SECRET && headerSecret !== PREVIEW_SECRET) {
+            pushLog(`[SECURITY] Blocked direct access attempt from ${req.ip}`, "warning");
+            return res.status(403).send(`
+                <!DOCTYPE html>
+                <html>
+                <head>
+                    <title>Access Denied</title>
+                    <style>
+                        body { background: #09090b; color: #ef4444; font-family: monospace; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; flex-direction: column; }
+                        .box { border: 1px solid #ef444440; padding: 40px; border-radius: 20px; text-align: center; background: #ef444405; }
+                        h1 { letter-spacing: -2px; font-size: 2rem; margin: 0; }
+                        p { color: #71717a; margin-top: 10px; font-size: 0.9rem; }
+                    </style>
+                </head>
+                <body>
+                    <div class="box">
+                        <h1>ACCESS DENIED</h1>
+                        <p>AutoDev Mark-II Engine is in private lockdown mode.</p>
+                    </div>
+                </body>
+                </html>
+            `);
+        }
     }
-    // Port cleanup logic
-    const killCmd = process.platform === "win32"
-      ? `for /f "tokens=5" %a in ('netstat -aon ^| findstr :${VITE_PORT}') do taskkill /F /PID %a`
-      : `fuser -k ${VITE_PORT}/tcp`;
-
-    exec(killCmd, () => {
-      setTimeout(resolve, 1500);
-    });
-  });
+    next();
+};
+
+app.use(privateAccessCheck);
+
+/**
+ * ============================================================
+ * RATE LIMITER
+ * ============================================================
+ */
+const rateLimitMap = new Map();
+function checkRateLimit(req, res, next) {
+    const ip = req.ip || req.headers['x-forwarded-for'];
+    const now = Date.now();
+    
+    if (!rateLimitMap.has(ip)) {
+        rateLimitMap.set(ip, []);
+    }
+    
+    const requests = rateLimitMap.get(ip).filter(timestamp => now - timestamp < 60000);
+    if (requests.length > 50) { // Max 50 requests per minute
+        pushLog(`[RATE LIMIT] Throttling IP: ${ip}`, "warning");
+        return res.status(429).json({ error: "TOO_MANY_REQUESTS" });
+    }
+    
+    requests.push(now);
+    rateLimitMap.set(ip, requests);
+    next();
 }
 
-function startVite(forceRestart = false) {
-  // RACE CONDITION LOCK: Agar boot ho raha hai toh naya start mat karo
-  if (isBooting && !forceRestart) return;
-  if (viteProcess && !forceRestart) return;
-
-  isBooting = true;
-  if (forceRestart) {
-    killVite().then(() => bootVite());
-  } else {
-    bootVite();
-  }
+/**
+ * ============================================================
+ * CORE ENGINE LOGIC (VITE MANAGEMENT)
+ * ============================================================
+ */
+
+async function killVite() {
+    return new Promise((resolve) => {
+        if (viteProcess) {
+            pushLog("[SYSTEM] Terminating active Vite instance...", "system");
+            viteProcess.kill("SIGKILL");
+            viteProcess = null;
+        }
+
+        // Cross-platform port clearing
+        const command = process.platform === "win32"
+            ? `for /f "tokens=5" %a in ('netstat -aon ^| findstr :${VITE_PORT}') do taskkill /F /PID %a`
+            : `fuser -k ${VITE_PORT}/tcp`;
+
+        exec(command, (err) => {
+            // Wait 1.5s for OS to release the socket
+            setTimeout(resolve, 1500);
+        });
+    });
 }
 
-function bootVite() {
-  pushLog("[SYSTEM] Starting Vite dev server...", "system");
-  const nodeModules = path.join(PROJECT_DIR, "node_modules");
-
-  const boot = () => {
-    // Check if package.json exists to avoid "Missing script: dev"
-    const pkgPath = path.join(PROJECT_DIR, "package.json");
-    if (!fs.existsSync(pkgPath)) {
-      pushLog("[ERROR] package.json missing in project folder!", "error");
-      isBooting = false;
-      return;
+function startVite(force = false) {
+    if (isBooting && !force) return;
+    if (viteProcess && !force) {
+        pushLog("[SYSTEM] Vite already active.", "info");
+        return;
     }
 
-    viteProcess = spawn("pnpm", ["run", "dev", "--", "--host", "0.0.0.0", "--port", String(VITE_PORT)], {
-      cwd: PROJECT_DIR,
-      shell: true,
-      env: { ...process.env, FORCE_COLOR: "0" }
-    });
+    isBooting = true;
+    if (force) {
+        killVite().then(() => bootProcess());
+    } else {
+        bootProcess();
+    }
+}
 
-    viteProcess.stdout.on("data", d => {
-      const msg = d.toString().trim();
-      if (msg.includes("Local:") || msg.includes("ready in")) {
-        isBooting = false;
-        buildRetryCount = 0;
-        pushLog("[SYSTEM] ✅ Vite is ready!", "success");
-      }
-      pushLog("[VITE] " + msg, "info");
-    });
+function bootProcess() {
+    pushLog("[SYSTEM] Initializing Vite environment...", "system");
+    const nodeModules = path.join(PROJECT_DIR, "node_modules");
+
+    const launch = () => {
+        const pkgJson = path.join(PROJECT_DIR, "package.json");
+        if (!fs.existsSync(pkgJson)) {
+            pushLog("[ERROR] package.json not found. Boot aborted.", "error");
+            isBooting = false;
+            return;
+        }
+
+        viteProcess = spawn("pnpm", ["run", "dev", "--", "--host", "0.0.0.0", "--port", String(VITE_PORT)], {
+            cwd: PROJECT_DIR,
+            shell: true,
+            env: { ...process.env, FORCE_COLOR: "0" }
+        });
+
+        viteProcess.stdout.on("data", (data) => {
+            const msg = data.toString().trim();
+            if (msg.includes("Local:") || msg.includes("ready in")) {
+                isBooting = false;
+                buildRetryCount = 0;
+                pushLog("[SYSTEM] Vite is ready and listening.", "success");
+            }
+            pushLog("[VITE] " + msg, "info");
+        });
+
+        viteProcess.stderr.on("data", (data) => {
+            pushLog("[VITE ERROR] " + data.toString().trim(), "error");
+        });
+
+        viteProcess.on("close", (code) => {
+            pushLog(`[SYSTEM] Vite process exited with code ${code}`, "warning");
+            viteProcess = null;
+            isBooting = false;
+
+            if (code !== 0 && buildRetryCount < MAX_RETRIES) {
+                buildRetryCount++;
+                pushLog(`[RECOVERY] Attempting auto-restart (${buildRetryCount}/${MAX_RETRIES})`, "system");
+                setTimeout(() => startVite(true), 3000);
+            }
+        });
+    };
+
+    // Check for Dependencies
+    if (fs.existsSync(DEPS_LOCK) && fs.existsSync(nodeModules)) {
+        launch();
+    } else {
+        pushLog("[INSTALL] Running dependency installation...", "system");
+        const install = spawn("pnpm", ["install"], { cwd: PROJECT_DIR, shell: true });
+        
+        install.stdout.on("data", (d) => pushLog("[INSTALL] " + d.toString().trim(), "info"));
+        
+        install.on("close", (code) => {
+            if (code === 0) {
+                fs.writeFileSync(DEPS_LOCK, new Date().toISOString());
+                pushLog("[INSTALL] Dependencies successfully locked.", "success");
+                launch();
+            } else {
+                isBooting = false;
+                pushLog("[ERROR] Dependency installation failed.", "error");
+            }
+        });
+    }
+}
 
-    viteProcess.stderr.on("data", d => pushLog("[VITE ERROR] " + d.toString().trim(), "error"));
+/**
+ * ============================================================
+ * API ENDPOINTS
+ * ============================================================
+ */
 
-    viteProcess.on("close", (code) => {
-      viteProcess = null;
-      isBooting = false;
-      if (code !== 0 && buildRetryCount < MAX_RETRIES) {
-        buildRetryCount++;
-        setTimeout(() => startVite(true), 3000);
-      }
-    });
-  };
-
-  if (fs.existsSync(DEPS_LOCK) && fs.existsSync(nodeModules)) {
-    boot();
-  } else {
-    pushLog("[INSTALL] Installing dependencies...", "system");
-    const install = spawn("pnpm", ["install"], { cwd: PROJECT_DIR, shell: true });
-    install.on("close", code => {
-      if (code === 0) {
-        fs.writeFileSync(DEPS_LOCK, new Date().toISOString());
-        boot();
-      } else {
-        isBooting = false;
-        pushLog("[ERROR] pnpm install failed", "error");
-      }
-    });
-  }
-}
+app.use(cors({ origin: [FRONTEND_URL], credentials: true }));
+app.use(express.json({ limit: "50mb" }));
 
-/* ================= 6. API ROUTES ================= */
-function verify(req, res, next) {
-  const token = req.headers["x-api-key"] || req.body?.token;
-  if (token !== MASTER_KEY) return res.status(403).json({ error: "UNAUTHORIZED" });
-  next();
-}
+// Token Verification Helper
+const auth = (req, res, next) => {
+    const token = req.headers["x-api-key"] || req.body?.token;
+    if (token !== MASTER_KEY) {
+        pushLog(`[SECURITY] Unauthorized API request from ${req.ip}`, "error");
+        return res.status(403).json({ error: "UNAUTHORIZED_ACCESS" });
+    }
+    next();
+};
 
+// 1. Logs Stream (SSE)
 app.get("/api/logs", (req, res) => {
-  res.setHeader("Content-Type", "text/event-stream");
-  res.setHeader("Cache-Control", "no-cache");
-  res.setHeader("Connection", "keep-alive");
-  clients.add(res);
-  req.on("close", () => clients.delete(res));
+    res.setHeader("Content-Type", "text/event-stream");
+    res.setHeader("Cache-Control", "no-cache");
+    res.setHeader("Connection", "keep-alive");
+    
+    clients.add(res);
+    req.on("close", () => clients.delete(res));
+});
+
+// 2. Health & Status
+app.get("/health", (req, res) => {
+    res.json({
+        status: "ok",
+        viteActive: !!viteProcess,
+        booting: isBooting,
+        uptime: process.uptime(),
+        memory: process.memoryUsage().rss
+    });
 });
 
-app.post("/api/update", verify, async (req, res) => {
-  const { files, restart = false } = req.body;
-  try {
-    for (const [p, c] of Object.entries(files)) {
-      const fp = path.join(PROJECT_DIR, p);
-      await fs.ensureDir(path.dirname(fp));
-      await fs.writeFile(fp, c, "utf-8");
+// 3. File Updates
+app.post("/api/update", auth, checkRateLimit, async (req, res) => {
+    const { files, restart = false } = req.body;
+    lastActivityTime = Date.now();
+
+    try {
+        const fileEntries = Object.entries(files);
+        for (const [filePath, content] of fileEntries) {
+            const fullPath = path.join(PROJECT_DIR, filePath);
+            await fs.ensureDir(path.dirname(fullPath));
+            await fs.writeFile(fullPath, content, "utf-8");
+        }
+
+        pushLog(`[FILES] Synchronized ${fileEntries.length} files.`, "success");
+        
+        if (restart) startVite(true);
+        else if (!viteProcess) startVite();
+
+        res.json({ success: true });
+    } catch (err) {
+        pushLog(`[ERROR] File sync failed: ${err.message}`, "error");
+        res.status(500).json({ error: err.message });
     }
-    if (restart) startVite(true); else startVite();
-    res.json({ success: true });
-  } catch (e) {
-    res.status(500).json({ error: e.message });
-  }
 });
 
-app.post("/api/reset", verify, async (req, res) => {
-  await killVite();
-  await fs.remove(PROJECT_DIR);
-  fs.mkdirSync(PROJECT_DIR, { recursive: true });
-  if (fs.existsSync(DEPS_LOCK)) fs.removeSync(DEPS_LOCK);
-  pushLog("[SYSTEM] Project Reset Complete", "warning");
-  res.json({ success: true });
+// 4. Project Reset
+app.post("/api/reset", auth, async (req, res) => {
+    pushLog("[SYSTEM] Initiating full project wipe...", "warning");
+    await killVite();
+    await fs.remove(PROJECT_DIR);
+    fs.mkdirSync(PROJECT_DIR, { recursive: true });
+    
+    if (fs.existsSync(DEPS_LOCK)) fs.unlinkSync(DEPS_LOCK);
+    if (fs.existsSync(FOUNDATION_LOCK)) fs.unlinkSync(FOUNDATION_LOCK);
+    
+    res.json({ success: true, message: "Project directory cleared." });
+});
+
+// 5. Command Execution
+app.post("/api/execute", auth, checkRateLimit, (req, res) => {
+    const { command } = req.body;
+    pushLog(`[SHELL] Executing: ${command}`, "system");
+
+    exec(command, { cwd: PROJECT_DIR, timeout: 30000 }, (err, stdout, stderr) => {
+        res.json({
+            success: !err,
+            output: stdout || stderr || (err ? err.message : ""),
+            code: err ? err.code : 0
+        });
+    });
 });
 
-app.get("/health", (req, res) => res.json({ status: "ok", vite: !!viteProcess }));
+/**
+ * ============================================================
+ * PROXY & SERVER INITIALIZATION
+ * ============================================================
+ */
 
-/* ================= 7. PROXY MANAGER ================= */
 const proxy = httpProxy.createProxyServer({
-  target: `http://127.0.0.1:${VITE_PORT}`,
-  changeOrigin: true,
-  ws: true
+    target: `http://127.0.0.1:${VITE_PORT}`,
+    changeOrigin: true,
+    ws: true
 });
 
+// Proxy Error Handler
 proxy.on("error", (err, req, res) => {
-  if (res.writeHead) {
-    res.writeHead(503, { "Content-Type": "text/html" });
-    res.end("<html><body>Vite is booting... Refresh in 5s</body></html>");
-  }
+    if (res.writeHead) {
+        res.writeHead(503, { "Content-Type": "text/html" });
+        res.end(`
+            <html>
+                <body style="background:#09090b;color:#71717a;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;">
+                    <div style="text-align:center;">
+                        <p style="color:#eab308;font-weight:bold;">ENGINE WARMING UP</p>
+                        <p>Vite is still booting. Auto-refreshing in 3s...</p>
+                        <script>setTimeout(() => location.reload(), 3000);</script>
+                    </div>
+                </body>
+            </html>
+        `);
+    }
 });
 
+// Root Handler for Preview
 app.use((req, res) => {
-  if (req.path.startsWith("/api") || req.path === "/health") return;
-  
-  // Security check for preview access
-  const isRoot = req.path === "/" || req.path === "";
-  if (isRoot) {
-    const secret = req.headers["x-autodev-preview"] || req.query["__autodev"];
-    if (secret !== "AUTODEV_PREVIEW_777") {
-      return res.status(403).send("ACCESS DENIED");
+    if (req.path.startsWith("/api") || req.path === "/health") return;
+
+    lastActivityTime = Date.now();
+    if (!viteProcess && !isBooting) {
+        pushLog("[IDLE] Activity detected. Waking up engine...", "system");
+        startVite();
     }
-  }
+    
+    proxy.web(req, res);
+});
+
+// Idle Auto-Shutdown to save Hugging Face Resources
+setInterval(() => {
+    const now = Date.now();
+    if (viteProcess && (now - lastActivityTime > IDLE_TIMEOUT)) {
+        pushLog("[IDLE] Hibernating engine due to inactivity.", "warning");
+        killVite();
+    }
+}, 60000);
+
+// Startup
+const server = app.listen(PORT, () => {
+    pushLog(`AutoDev Engine Kernel Online (Port: ${PORT})`, "success");
+    pushLog(`Project Workspace: ${PROJECT_DIR}`, "system");
+});
 
-  if (!viteProcess && !isBooting) startVite();
-  proxy.web(req, res);
+// WebSocket Support for HMR
+server.on("upgrade", (req, socket, head) => {
+    proxy.ws(req, socket, head);
 });
 
-const server = app.listen(PORT, () => pushLog(`Engine running on port ${PORT}`, "success"));
-server.on("upgrade", (req, socket, head) => proxy.ws(req, socket, head));
+/**
+ * ============================================================
+ * GRACEFUL SHUTDOWN
+ * ============================================================
+ */
+process.on("SIGTERM", async () => {
+    await killVite();
+    process.exit(0);
+});