Update server.js

server.js

@@ -9,40 +9,41 @@ const app = express();
 
 const PORT = 7860;
 const VITE_PORT = 5173;
-
 const PROJECT_DIR = path.join(process.cwd(), "project");
 const MASTER_KEY = "AVNEESH_GOD_MODE_777";
 
 let viteProcess = null;
 let isBooting = false;
+let buildRetryCount = 0;
+const MAX_RETRIES = 3;
 
 /* ================= LOG STREAM ================= */
 
 let logs = [];
 let clients = new Set();
+const logHistory = new Map(); // sessionId -> logs
 
-function pushLog(message) {
-
+function pushLog(message, type = "info") {
   const entry = {
+    id: Date.now() + Math.random(),
     time: new Date().toLocaleTimeString(),
-    message
+    timestamp: Date.now(),
+    message,
+    type // info | error | success | warning | system
   };
 
   logs.push(entry);
-
-  if (logs.length > 200) logs.shift();
+  if (logs.length > 500) logs.shift();
 
   const payload = `data: ${JSON.stringify(entry)}\n\n`;
-
   clients.forEach(c => {
     try { c.write(payload); } catch { clients.delete(c); }
   });
 
-  console.log(message);
-
+  console.log(`[${type.toUpperCase()}] ${message}`);
 }
 
-/* ================= BASIC MIDDLEWARE ================= */
+/* ================= MIDDLEWARE ================= */
 
 app.use(cors());
 app.use(express.json({ limit: "50mb" }));
@@ -51,250 +52,457 @@ if (!fs.existsSync(PROJECT_DIR)) {
   fs.mkdirSync(PROJECT_DIR, { recursive: true });
 }
 
-/* ================= TOKEN SECURITY ================= */
+/* ================= RATE LIMITER ================= */
 
-function verifyToken(req, res) {
+const rateLimitMap = new Map();
 
-  const token = req.body?.token || req.query?.token;
+function rateLimit(req, res, maxRequests = 30, windowMs = 60000) {
+  const ip = req.ip || req.connection.remoteAddress;
+  const now = Date.now();
+  const windowStart = now - windowMs;
 
-  if (token !== MASTER_KEY) {
+  if (!rateLimitMap.has(ip)) rateLimitMap.set(ip, []);
 
-    pushLog("[SECURITY] ACTION DENIED");
-
-    res.status(403).json({
-      error: "ACTION_DENIED"
-    });
+  const requests = rateLimitMap.get(ip).filter(t => t > windowStart);
+  requests.push(now);
+  rateLimitMap.set(ip, requests);
 
+  if (requests.length > maxRequests) {
+    pushLog(`[RATE LIMIT] IP ${ip} throttled`, "warning");
+    res.status(429).json({ error: "TOO_MANY_REQUESTS", retryAfter: 60 });
     return false;
   }
-
   return true;
+}
 
+// Clean rate limit map every 5 minutes
+setInterval(() => {
+  const cutoff = Date.now() - 60000;
+  rateLimitMap.forEach((times, ip) => {
+    const filtered = times.filter(t => t > cutoff);
+    if (filtered.length === 0) rateLimitMap.delete(ip);
+    else rateLimitMap.set(ip, filtered);
+  });
+}, 300000);
+
+/* ================= TOKEN SECURITY ================= */
+
+function verifyToken(req, res) {
+  const token = req.body?.token || req.query?.token || req.headers?.["x-api-key"];
+
+  if (token !== MASTER_KEY) {
+    pushLog(`[SECURITY] Unauthorized access attempt from ${req.ip}`, "error");
+    res.status(403).json({ error: "ACTION_DENIED", message: "Invalid token" });
+    return false;
+  }
+  return true;
 }
 
 /* ================= SSE LOG STREAM ================= */
 
 app.get("/api/logs", (req, res) => {
-
   res.setHeader("Content-Type", "text/event-stream");
   res.setHeader("Cache-Control", "no-cache");
   res.setHeader("Connection", "keep-alive");
+  res.setHeader("X-Accel-Buffering", "no");
 
-  logs.forEach(l => {
+  // Send last N logs on connect
+  const last = parseInt(req.query.last) || 50;
+  logs.slice(-last).forEach(l => {
     res.write(`data: ${JSON.stringify(l)}\n\n`);
   });
 
+  // Heartbeat every 30s to keep connection alive
+  const heartbeat = setInterval(() => {
+    try {
+      res.write(`: heartbeat\n\n`);
+    } catch {
+      clearInterval(heartbeat);
+    }
+  }, 30000);
+
   clients.add(res);
 
   req.on("close", () => {
     clients.delete(res);
+    clearInterval(heartbeat);
   });
-
 });
 
-/* ================= VITE START ================= */
+/* ================= VITE MANAGER ================= */
 
-function startVite() {
+function killVite() {
+  return new Promise((resolve) => {
+    if (!viteProcess) return resolve();
+    pushLog("[SYSTEM] Killing existing Vite process", "system");
+    viteProcess.kill("SIGTERM");
+    setTimeout(() => {
+      if (viteProcess) viteProcess.kill("SIGKILL");
+      viteProcess = null;
+      resolve();
+    }, 2000);
+  });
+}
 
-  if (viteProcess || isBooting) {
-    pushLog("[SYSTEM] Vite already running");
+function startVite(forceRestart = false) {
+  if ((viteProcess || isBooting) && !forceRestart) {
+    pushLog("[SYSTEM] Vite already running", "system");
     return;
   }
 
-  pushLog("[SYSTEM] Starting Vite");
+  if (forceRestart) {
+    killVite().then(() => bootVite());
+  } else {
+    bootVite();
+  }
+}
 
+function bootVite() {
+  pushLog("[SYSTEM] Starting Vite dev server...", "system");
   isBooting = true;
 
   const nodeModules = path.join(PROJECT_DIR, "node_modules");
 
   const boot = () => {
-
-    viteProcess = spawn("pnpm", ["run", "dev"], {
+    viteProcess = spawn("pnpm", ["run", "dev", "--", "--host", "0.0.0.0"], {
       cwd: PROJECT_DIR,
-      shell: true
+      shell: true,
+      env: { ...process.env, FORCE_COLOR: "0" }
     });
 
     viteProcess.stdout.on("data", d => {
-
-      const msg = d.toString();
-
-      pushLog("[VITE] " + msg);
-
-      if (msg.includes("Local:") || msg.includes("ready")) {
+      const msg = d.toString().trim();
+      if (!msg) return;
+      pushLog("[VITE] " + msg, "info");
+      if (msg.includes("Local:") || msg.includes("ready in") || msg.includes("localhost")) {
         isBooting = false;
+        buildRetryCount = 0;
+        pushLog("[SYSTEM] ✅ Vite is ready!", "success");
       }
-
     });
 
     viteProcess.stderr.on("data", d => {
-      pushLog("[VITE] " + d.toString());
+      const msg = d.toString().trim();
+      if (!msg) return;
+      pushLog("[VITE ERROR] " + msg, "error");
     });
 
-    viteProcess.on("close", () => {
-
-      pushLog("[SYSTEM] Vite stopped");
-
+    viteProcess.on("close", (code) => {
+      pushLog(`[SYSTEM] Vite stopped (exit code: ${code})`, "system");
       viteProcess = null;
-
       isBooting = false;
 
+      // Auto-restart on unexpected crash (not manual kill)
+      if (code !== null && code !== 0 && buildRetryCount < MAX_RETRIES) {
+        buildRetryCount++;
+        pushLog(`[SYSTEM] Auto-restarting Vite (attempt ${buildRetryCount}/${MAX_RETRIES})...`, "warning");
+        setTimeout(() => bootVite(), 3000);
+      }
     });
-
   };
 
   if (!fs.existsSync(nodeModules)) {
-
-    pushLog("[INSTALL] Installing dependencies");
+    pushLog("[INSTALL] node_modules not found. Installing dependencies...", "system");
 
     const install = spawn("pnpm", ["install"], {
       cwd: PROJECT_DIR,
       shell: true
     });
 
-    install.stdout.on("data", d => {
-      pushLog("[INSTALL] " + d.toString());
-    });
-
-    install.stderr.on("data", d => {
-      pushLog("[INSTALL] " + d.toString());
-    });
+    install.stdout.on("data", d => pushLog("[INSTALL] " + d.toString().trim(), "info"));
+    install.stderr.on("data", d => pushLog("[INSTALL] " + d.toString().trim(), "warning"));
 
     install.on("close", code => {
-
       if (code === 0) {
-
-        pushLog("[INSTALL] Done");
-
+        pushLog("[INSTALL] ✅ Dependencies installed successfully!", "success");
         boot();
-
       } else {
-
-        pushLog("[ERROR] install failed");
-
+        pushLog("[ERROR] ❌ pnpm install failed!", "error");
         isBooting = false;
-
       }
-
     });
-
   } else {
-
     boot();
-
   }
-
 }
 
 /* ================= STATUS ================= */
 
 app.get("/api/status", (req, res) => {
-
-  if (!verifyToken(req, res)) return;
-
   res.json({
-    ready: !!viteProcess && !isBooting
+    ready: !!viteProcess && !isBooting,
+    booting: isBooting,
+    viteRunning: !!viteProcess,
+    uptime: process.uptime(),
+    logCount: logs.length,
+    connectedClients: clients.size,
+    retryCount: buildRetryCount
   });
-
 });
 
 /* ================= FILE UPDATE ================= */
 
 app.post("/api/update", async (req, res) => {
-
   if (!verifyToken(req, res)) return;
+  if (!rateLimit(req, res, 20, 60000)) return;
 
-  const { files } = req.body;
+  const { files, restart = false } = req.body;
 
   try {
-
-    if (files) {
+    if (files && Object.keys(files).length > 0) {
+      const updatedFiles = [];
 
       for (const [p, c] of Object.entries(files)) {
+        // Security: prevent path traversal
+        const safePath = path.normalize(p).replace(/^(\.\.[\/\\])+/, "");
+        const fp = path.join(PROJECT_DIR, safePath);
 
-        const fp = path.join(PROJECT_DIR, p);
+        // Only allow writes inside PROJECT_DIR
+        if (!fp.startsWith(PROJECT_DIR)) {
+          pushLog(`[SECURITY] Blocked path traversal: ${p}`, "error");
+          continue;
+        }
 
         await fs.ensureDir(path.dirname(fp));
+        await fs.writeFile(fp, c, "utf-8");
+        updatedFiles.push(safePath);
+      }
 
-        await fs.writeFile(fp, c);
+      pushLog(`[FILES] ✅ Updated ${updatedFiles.length} files: ${updatedFiles.join(", ")}`, "success");
+    }
 
-      }
+    if (restart) {
+      startVite(true);
+    } else {
+      startVite();
+    }
+
+    res.json({ success: true, filesUpdated: Object.keys(files || {}).length });
+
+  } catch (e) {
+    pushLog("[ERROR] File update failed: " + e.message, "error");
+    res.status(500).json({ error: e.message });
+  }
+});
+
+/* ================= FILE READ ================= */
+
+app.post("/api/read", async (req, res) => {
+  if (!verifyToken(req, res)) return;
 
-      pushLog("[FILES] Updated " + Object.keys(files).length + " files");
+  const { filePath } = req.body;
 
+  try {
+    const safePath = path.normalize(filePath).replace(/^(\.\.[\/\\])+/, "");
+    const fp = path.join(PROJECT_DIR, safePath);
+
+    if (!fp.startsWith(PROJECT_DIR)) {
+      return res.status(403).json({ error: "Path traversal blocked" });
     }
 
-    startVite();
+    if (!fs.existsSync(fp)) {
+      return res.status(404).json({ error: "File not found" });
+    }
 
-    res.json({ success: true });
+    const content = await fs.readFile(fp, "utf-8");
+    res.json({ success: true, content, path: safePath });
 
   } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
 
-    pushLog("[ERROR] " + e.message);
+/* ================= FILE LIST ================= */
 
-    res.status(500).json({ error: e.message });
+app.post("/api/files", async (req, res) => {
+  if (!verifyToken(req, res)) return;
 
+  async function walkDir(dir, base = "") {
+    const items = [];
+    try {
+      const entries = await fs.readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (["node_modules", ".git", "dist", ".cache"].includes(entry.name)) continue;
+        const relPath = path.join(base, entry.name);
+        if (entry.isDirectory()) {
+          const children = await walkDir(path.join(dir, entry.name), relPath);
+          items.push({ name: entry.name, path: relPath, type: "dir", children });
+        } else {
+          items.push({ name: entry.name, path: relPath, type: "file" });
+        }
+      }
+    } catch {}
+    return items;
   }
 
+  const tree = await walkDir(PROJECT_DIR);
+  res.json({ success: true, tree });
+});
+
+/* ================= FILE DELETE ================= */
+
+app.post("/api/delete", async (req, res) => {
+  if (!verifyToken(req, res)) return;
+
+  const { filePath } = req.body;
+
+  try {
+    const safePath = path.normalize(filePath).replace(/^(\.\.[\/\\])+/, "");
+    const fp = path.join(PROJECT_DIR, safePath);
+
+    if (!fp.startsWith(PROJECT_DIR)) {
+      return res.status(403).json({ error: "Path traversal blocked" });
+    }
+
+    await fs.remove(fp);
+    pushLog(`[FILES] Deleted: ${safePath}`, "warning");
+    res.json({ success: true });
+
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
 });
 
 /* ================= COMMAND EXEC ================= */
 
-app.post("/api/execute", (req, res) => {
+// Dangerous commands blocked
+const BLOCKED_COMMANDS = ["rm -rf /", "mkfs", ":(){ :|:& };:", "shutdown", "reboot", "format"];
 
+app.post("/api/execute", (req, res) => {
   if (!verifyToken(req, res)) return;
+  if (!rateLimit(req, res, 15, 60000)) return;
 
-  const { command } = req.body;
+  const { command, timeout = 30000 } = req.body;
 
-  pushLog("[TERMINAL] " + command);
+  // Block dangerous commands
+  const isBlocked = BLOCKED_COMMANDS.some(cmd => command.includes(cmd));
+  if (isBlocked) {
+    pushLog(`[SECURITY] Blocked dangerous command: ${command}`, "error");
+    return res.status(403).json({ error: "COMMAND_BLOCKED" });
+  }
 
-  exec(command, { cwd: PROJECT_DIR }, (err, stdout, stderr) => {
+  pushLog("[TERMINAL] $ " + command, "system");
 
-    res.json({
-      success: !err,
-      output: stdout || stderr || err?.message
-    });
+  const child = exec(command, {
+    cwd: PROJECT_DIR,
+    timeout,
+    maxBuffer: 1024 * 1024 * 10 // 10MB
+  }, (err, stdout, stderr) => {
+    const output = stdout || stderr || err?.message || "";
+    const success = !err;
 
-  });
+    if (success) {
+      pushLog("[TERMINAL] ✅ Done", "success");
+    } else {
+      pushLog("[TERMINAL] ❌ " + (err?.message || "Command failed"), "error");
+    }
 
+    res.json({ success, output, exitCode: err?.code || 0 });
+  });
 });
 
-/* ================= PROXY ================= */
+/* ================= VITE CONTROL ================= */
 
-const proxy = httpProxy.createProxyServer({
-  target: `http://127.0.0.1:${VITE_PORT}`,
-  changeOrigin: true
+app.post("/api/vite/restart", async (req, res) => {
+  if (!verifyToken(req, res)) return;
+  pushLog("[SYSTEM] Manual Vite restart requested", "system");
+  buildRetryCount = 0;
+  startVite(true);
+  res.json({ success: true, message: "Vite restart initiated" });
 });
 
-proxy.on("error", (err, req, res) => {
-
-  pushLog("[PROXY] Preview not ready");
-
-  if (res && typeof res.writeHead === "function") {
+app.post("/api/vite/stop", async (req, res) => {
+  if (!verifyToken(req, res)) return;
+  await killVite();
+  res.json({ success: true, message: "Vite stopped" });
+});
 
-    res.writeHead(503);
+/* ================= PROJECT RESET ================= */
 
-    res.end("Preview not ready");
+app.post("/api/reset", async (req, res) => {
+  if (!verifyToken(req, res)) return;
 
+  try {
+    pushLog("[SYSTEM] 🔄 Resetting project...", "warning");
+    await killVite();
+    await fs.remove(PROJECT_DIR);
+    await fs.mkdirSync(PROJECT_DIR, { recursive: true });
+    pushLog("[SYSTEM] ✅ Project reset complete", "success");
+    res.json({ success: true });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
   }
-
 });
 
-app.use((req, res, next) => {
+/* ================= HEALTH CHECK ================= */
+
+app.get("/health", (req, res) => {
+  res.json({
+    status: "ok",
+    uptime: process.uptime(),
+    memory: process.memoryUsage(),
+    vite: !!viteProcess,
+    timestamp: new Date().toISOString()
+  });
+});
 
-  if (req.path.startsWith("/api")) {
+/* ================= PROXY ================= */
 
-    return next();
+const proxy = httpProxy.createProxyServer({
+  target: `http://127.0.0.1:${VITE_PORT}`,
+  changeOrigin: true,
+  ws: true // WebSocket support for Vite HMR
+});
 
+proxy.on("error", (err, req, res) => {
+  if (res && typeof res.writeHead === "function") {
+    res.writeHead(503, { "Content-Type": "text/html" });
+    res.end(`
+      <html>
+        <body style="background:#0a0a0a;color:#fff;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;flex-direction:column;gap:12px;">
+          <div style="font-size:2rem">⚡</div>
+          <div style="color:#facc15;font-size:1.1rem">AutoDev is booting up...</div>
+          <div style="color:#6b7280;font-size:0.8rem">Preview will be live in a moment</div>
+          <script>setTimeout(()=>location.reload(), 2000)</script>
+        </body>
+      </html>
+    `);
   }
+});
 
+app.use((req, res, next) => {
+  if (req.path.startsWith("/api") || req.path === "/health") return next();
   proxy.web(req, res);
+});
 
+// WebSocket proxy for Vite HMR
+const server = app.listen(PORT, () => {
+  pushLog(`🚀 AutoDev Engine running on port ${PORT}`, "success");
+  pushLog(`📁 Project dir: ${PROJECT_DIR}`, "system");
 });
 
-/* ================= SERVER START ================= */
+server.on("upgrade", (req, socket, head) => {
+  proxy.ws(req, socket, head);
+});
 
-app.listen(PORT, () => {
+/* ================= GRACEFUL SHUTDOWN ================= */
 
-  pushLog("AUTO DEV ENGINE RUNNING ON PORT " + PORT);
+process.on("SIGTERM", async () => {
+  pushLog("[SYSTEM] Shutting down gracefully...", "system");
+  await killVite();
+  process.exit(0);
+});
+
+process.on("SIGINT", async () => {
+  pushLog("[SYSTEM] Interrupted. Shutting down...", "system");
+  await killVite();
+  process.exit(0);
+});
+
+process.on("uncaughtException", (err) => {
+  pushLog("[CRITICAL] Uncaught Exception: " + err.message, "error");
+});
 
+process.on("unhandledRejection", (reason) => {
+  pushLog("[CRITICAL] Unhandled Rejection: " + reason, "error");
 });