@manojkmfsi/monodog 1.0.20 → 1.0.21

package/monodog-dashboard/dist/index.html

@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MonoDog Dashboard</title>
-    <script type="module" crossorigin src="/assets/index-dadb5f0d.js"></script>
+    <script type="module" crossorigin src="/assets/index-1a6836e4.js"></script>
     <link rel="stylesheet" href="/assets/index-504dc418.css">
   </head>
   <body class="bg-gray-100 text-gray-900">

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@manojkmfsi/monodog",
-  "version": "1.0.20",
+  "version": "1.0.21",
   "description": "App for monodog monorepo",
   "license": "MIT",
   "bin": {
@@ -11,7 +11,9 @@
     "body-parser": "^1.20.4",
     "cors": "^2.8.5",
     "express": "^4.22.1",
+    "helmet": "^7.1.0",
     "init": "^0.1.2",
+    "js-yaml": "^4.1.0",
     "prisma": "^5.22.0"
   },
   "devDependencies": {
@@ -19,6 +21,7 @@
     "@types/cors": "^2.8.19",
     "@types/express": "^4.17.25",
     "@types/jest": "^29.5.14",
+    "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.19.27",
     "cross-env": "^10.1.0",
     "jest": "^29.7.0",
@@ -28,8 +31,6 @@
     "tsx": "^4.21.0",
     "typescript": "^5.9.3"
   },
-  "repository": {},
-  "peerDependencies": {},
   "scripts": {
     "dev": "DATABASE_URL=$(npm run db:url --silent 2>/dev/null | tr -d '\\n') tsx watch src/serve.js",
     "serve": "DATABASE_URL=$(npm run db:url --silent 2>/dev/null | tr -d '\\n') tsx dist/serve.js",

package/src/config-loader.ts

@@ -25,7 +25,7 @@ interface MonodogConfig {
 let config: MonodogConfig | null = null;
 
 /**
- * Loads the monodog-conf.json file from the monorepo root.
+ * Loads the monodog-config.json file from the monorepo root.
  * This should be called only once during application startup.
  * @returns The application configuration object.
  */
@@ -37,8 +37,8 @@ function loadConfig(): MonodogConfig {
   // 1. Determine the path to the config file
   // We assume the backend package is running from the monorepo root (cwd is root)
   // or that we can navigate up to the root from the current file's location.
-  const rootPath = path.resolve(process.cwd()); // Adjust based on your workspace folder depth  from root if needed
-  const configPath = path.resolve(rootPath, 'monodog-conf.json');
+  const rootPath = path.resolve(process.cwd());
+  const configPath = path.resolve(rootPath, 'monodog-config.json');
   createConfigFileIfMissing(rootPath);
 
   if (!fs.existsSync(configPath)) {
@@ -51,14 +51,12 @@ function loadConfig(): MonodogConfig {
     const fileContent = fs.readFileSync(configPath, 'utf-8');
     const parsedConfig = JSON.parse(fileContent) as MonodogConfig;
 
-    // 3. Optional: Add validation logic here (e.g., check if ports are numbers)
-
     // Cache and return
     config = parsedConfig;
     process.stderr.write('[Config] Loaded configuration from: ...\n');
     return config;
   } catch (error) {
-    console.error('ERROR: Failed to read or parse monodog-conf.json.');
+    console.error('ERROR: Failed to read or parse monodog-config.json.');
     console.error(error);
     process.exit(1);
   }
@@ -66,7 +64,7 @@ function loadConfig(): MonodogConfig {
 
 function createConfigFileIfMissing(rootPath: string): void {
   // --- CONFIGURATION ---
-  const configFileName = 'monodog-conf.json';
+  const configFileName = 'monodog-config.json';
   const configFilePath = path.resolve(rootPath, configFileName);
 
   // The default content for the configuration file

package/src/get-db-url.ts

@@ -1,8 +1,6 @@
 import { appConfig } from './config-loader';
 
 function generateUrl() {
-  // const appConfig = loadConfig();
-
   const DATABASE_URL = `${appConfig.database.path}`;
   process.env.DATABASE_URL = DATABASE_URL;
   process.stdout.write(DATABASE_URL);

package/src/index.ts

@@ -2,10 +2,13 @@ import express, {
   type Request,
   type Response,
   type NextFunction,
+  type ErrorRequestHandler,
 } from 'express';
+
 import cors from 'cors';
 import path from 'path';
 import { json } from 'body-parser';
+import helmet from 'helmet';
 
 import { appConfig } from './config-loader';
 
@@ -13,52 +16,116 @@ import packageRouter from './routes/packageRoutes';
 import commitRouter from './routes/commitRoutes';
 import healthRouter from './routes/healthRoutes';
 import configRouter from './routes/configRoutes';
+
+// Security constants
+const PORT_MIN = 1024;
+const PORT_MAX = 65535;
+
+// Validate port number
+function validatePort(port: string | number): number {
+  const portNum = typeof port === 'string' ? parseInt(port, 10) : port;
+
+  if (isNaN(portNum) || portNum < PORT_MIN || portNum > PORT_MAX) {
+    throw new Error(`Port must be between ${PORT_MIN} and ${PORT_MAX}`);
+  }
+
+  return portNum;
+}
+
+// Global error handler
+const errorHandler: ErrorRequestHandler = (err: any, req: Request, res: Response, _next: NextFunction) => {
+  const status = err.status || err.statusCode || 500;
+  const message = process.env.NODE_ENV === 'production'
+    ? 'Internal server error'
+    : err.message;
+
+  console.error('[ERROR]', {
+    status,
+    method: req.method,
+    path: req.path,
+    message: err.message,
+  });
+
+  res.status(status).json({
+    error: 'Internal server error'
+  });
+};
+
 // The main function exported and called by the CLI
 export function startServer(
-  rootPath: string,
-  port: number | string,
-  host: string
+  rootPath: string
 ): void {
-  const app = express();
-app.locals.rootPath = rootPath;
-  // --- Middleware ---
-
-  // 1. Logging Middleware
-  app.use((_req: Request, _res: Response, next: NextFunction) => {
-    console.log(`[SERVER] ${_req.method} ${_req.url} (Root: ${rootPath})`);
-    next();
-  });
-  app.use(cors());
-  app.use(json());
 
+  try {
+    const port = appConfig.server.port;
+    const host = appConfig.server.host;
+    const validatedPort = validatePort(port);
+    const app = express();
 
-  app.use('/api/packages',  packageRouter);
+    // Set request timeout (30 seconds)
+    app.use((req, res, next) => {
+      req.setTimeout(30000);
+      res.setTimeout(30000);
+      next();
+    });
 
+    app.locals.rootPath = rootPath;
 
-  // Get commit details
-  app.use('/api/commits/', commitRouter);
+    // Security middleware with CSP allowing API calls
+    const apiHost = host === '0.0.0.0' ? 'localhost' : host;
+    const apiUrl = process.env.API_URL || `http://${apiHost}:${validatedPort}`;
+    const dashboardHost = appConfig.dashboard.host === '0.0.0.0' ? 'localhost' : appConfig.dashboard.host;
+    const dashboardUrl = `http://${dashboardHost}:${appConfig.dashboard.port}`;
 
-  // ---------- HEALTH --------------------
+    app.use(helmet({
+      contentSecurityPolicy: {
+        directives: {
+          defaultSrc: ["'self'"],
+          connectSrc: ["'self'", apiUrl, 'http://localhost:*', 'http://127.0.0.1:*'],
+          scriptSrc: ["'self'"],
+          imgSrc: ["'self'", 'data:', 'https:'],
+        },
+      },
+    }));
+    app.use(cors({
+      origin: process.env.CORS_ORIGIN || dashboardUrl,
+      credentials: true,
+      methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+      allowedHeaders: ['Content-Type', 'Authorization'],
+    }));
 
-  app.use('/api/health/', healthRouter)
+    app.use(json({ limit: '1mb' }));
 
-  // ------------------------- CONFIGURATION TAB ------------------------- //
-  // Get all configuration files from the file system
-  app.use('/api/config/', configRouter);
+    // Request logging middleware (safe version)
+    app.use((_req: Request, _res: Response, next: NextFunction) => {
+      console.log(`[${new Date().toISOString()}] ${_req.method} ${_req.path}`);
+      next();
+    });
+
+    app.use('/api/packages', packageRouter);
+
+    // Get commit details
+    app.use('/api/commits/', commitRouter);
 
-  // 404 handler
-  app.use('*', (_, res) => {
-    res.status(404).json({
-      error: 'Endpoint not found',
-      timestamp: Date.now(),
+    // Health check endpoint
+    app.use('/api/health/', healthRouter);
+
+    // Configuration endpoint
+    app.use('/api/config/', configRouter);
+
+    // 404 handler
+    app.use('*', (_, res) => {
+      res.status(404).json({
+        error: 'Endpoint not found',
+        timestamp: Date.now(),
+      });
     });
-  });
 
-  const PORT = parseInt(port ? port.toString() : '4000');
+    // Global error handler (must be last)
+    app.use(errorHandler);
 
-  app
-    .listen(PORT, host, async () => {
-      console.log(`🚀 Backend server running on http://${host}:${PORT}`);
+    const server = app.listen(validatedPort, host, () => {
+      console.log(`🚀 Backend server running on http://${host}:${validatedPort}`);
       console.log(`📊 API endpoints available:`);
       console.log(`   - GET  /api/health`);
       console.log(`   - GET  /api/packages/refresh`);
@@ -69,61 +136,149 @@ app.locals.rootPath = rootPath;
       console.log(`   - GET  /api/health/packages`);
       console.log(`   - PUT  /api/config/files/:id`);
       console.log(`   - GET  /api/config/files`);
+    });
 
-    })
-    .on('error', err => {
+    server.on('error', (err: any) => {
       // Handle common errors like EADDRINUSE (port already in use)
-      if (err.message.includes('EADDRINUSE')) {
+      if (err.code === 'EADDRINUSE') {
         console.error(
-          `Error: Port ${port} is already in use. Please specify a different port via configuration file.`
+          `Error: Port ${validatedPort} is already in use. Please specify a different port.`
+        );
+        process.exit(1);
+      } else if (err.code === 'EACCES') {
+        console.error(
+          `Error: Permission denied to listen on port ${validatedPort}. Use a port above 1024.`
         );
         process.exit(1);
       } else {
-        console.error('Server failed to start:', err);
+        console.error('Server failed to start:', err.message);
         process.exit(1);
       }
     });
+
+    // Graceful shutdown
+    process.on('SIGTERM', () => {
+      console.log('SIGTERM signal received: closing HTTP server');
+      server.close(() => {
+        console.log('HTTP server closed');
+        process.exit(0);
+      });
+    });
+  } catch (error: any) {
+    console.error('Failed to start server:', error.message);
+    process.exit(1);
+  }
 }
 
 export function serveDashboard(
-  rootPath: string,
-  port: number | string,
-  host: string
+  rootPath: string
 ): void {
-  const app = express();
-  app.get('/env-config.js', (req, res) => {
-    res.setHeader('Content-Type', 'application/javascript');
-    res.send(
-      `window.ENV = { API_URL: "${`${appConfig.server.host}:${appConfig.server.port}` || 'localhost:8999'}" };`
-    );
-  });
+  try {
+    const port = appConfig.dashboard.port;
+    const host = appConfig.dashboard.host;
+    const validatedPort = validatePort(port);
+    const app = express();
+
+    // Security middleware
+    const serverHost = appConfig.server.host === '0.0.0.0' ? 'localhost' : appConfig.server.host;
+    const apiUrl = process.env.API_URL || `http://${serverHost}:${appConfig.server.port}`;
+    app.use(helmet({
+      contentSecurityPolicy: {
+        directives: {
+          defaultSrc: ["'self'"],
+          connectSrc: ["'self'", apiUrl, 'http://localhost:*', 'http://127.0.0.1:*'],
+          scriptSrc: ["'self'"],
+          imgSrc: ["'self'", 'data:', 'https:'],
+        },
+      },
+    }));
+
+    // Strict CORS for dashboard
+    app.use(cors({
+      origin: false, // Don't allow any origin for static assets
+    }));
 
-  // This code makes sure that any request that does not matches a static file
-  // in the build folder, will just serve index.html. Client side routing is
-  // going to make sure that the correct content will be loaded.
-  app.use((req, res, next) => {
-    if (/(.ico|.js|.css|.jpg|.png|.map)$/i.test(req.path)) {
+    // Set request timeout
+    app.use((req, res, next) => {
+      req.setTimeout(30000);
+      res.setTimeout(30000);
       next();
-    } else {
-      res.header(
-        'Cache-Control',
-        'private, no-cache, no-store, must-revalidate'
+    });
+
+    app.get('/env-config.js', (req, res) => {
+      res.setHeader('Content-Type', 'application/javascript');
+      res.setHeader('Cache-Control', 'private, no-cache, no-store, must-revalidate');
+
+      const serverHost = appConfig.server.host === '0.0.0.0' ? 'localhost' : appConfig.server.host;
+      const apiUrl = process.env.API_URL || `http://${serverHost}:${appConfig.server.port}`;
+      res.send(
+        `window.ENV = { API_URL: "${apiUrl}" };`
       );
-      res.header('Expires', '-1');
-      res.header('Pragma', 'no-cache');
-      res.sendFile('index.html', {
-        root: path.resolve(__dirname, '..', 'monodog-dashboard', 'dist'),
+    });
+
+    // This code makes sure that any request that does not matches a static file
+    // in the build folder, will just serve index.html. Client side routing is
+    // going to make sure that the correct content will be loaded.
+    app.use((req, res, next) => {
+      if (/(.ico|.js|.css|.jpg|.png|.map|.woff|.woff2|.ttf)$/i.test(req.path)) {
+        next();
+      } else {
+        res.header(
+          'Cache-Control',
+          'private, no-cache, no-store, must-revalidate'
+        );
+        res.header('Expires', '-1');
+        res.header('Pragma', 'no-cache');
+        res.sendFile('index.html', {
+          root: path.resolve(__dirname, '..', 'monodog-dashboard', 'dist'),
+        }, (err) => {
+          if (err) {
+            console.error('Error serving index.html:', err.message);
+            res.status(500).json({ error: 'Internal server error' });
+          }
+        });
+      }
+    });
+
+    const staticPath = path.join(__dirname, '..', 'monodog-dashboard', 'dist');
+    console.log('Serving static files from:', staticPath);
+    app.use(express.static(staticPath, {
+      maxAge: '1d',
+      etag: false,
+      dotfiles: 'deny', // Don't serve dot files
+    }));
+
+    // Global error handler
+    app.use(errorHandler);
+
+    const server = app.listen(validatedPort, host, () => {
+      console.log(`✅ Dashboard listening on http://${host}:${validatedPort}`);
+      console.log('Press Ctrl+C to quit.');
+    });
+
+    server.on('error', (err: any) => {
+      if (err.code === 'EADDRINUSE') {
+        console.error(`Error: Port ${validatedPort} is already in use.`);
+        process.exit(1);
+      } else if (err.code === 'EACCES') {
+        console.error(`Error: Permission denied to listen on port ${validatedPort}.`);
+        process.exit(1);
+      } else {
+        console.error('Server failed to start:', err.message);
+        process.exit(1);
+      }
+    });
+
+    // Graceful shutdown
+    process.on('SIGTERM', () => {
+      console.log('SIGTERM signal received: closing dashboard server');
+      server.close(() => {
+        console.log('Dashboard server closed');
+        process.exit(0);
       });
-    }
-  });
-  const staticPath = path.join(__dirname, '..', 'monodog-dashboard', 'dist');
-  console.log('Serving static files from:', staticPath);
-  app.use(express.static(staticPath));
-  // Start the server
-  const PORT = parseInt(port ? port.toString() : '8999');
-
-  app.listen(PORT, host, () => {
-    console.log(`App listening on ${host}:${port}`);
-    console.log('Press Ctrl+C to quit.');
-  });
+    });
+  } catch (error: any) {
+    console.error('Failed to start dashboard:', error.message);
+    process.exit(1);
+  }
 }

package/src/serve.ts

@@ -2,86 +2,24 @@
 
 /**
  * CLI Entry Point for serving Monodog.
- * * This script is executed when a user runs the serve command
+ * This script is executed when a user runs the serve command
  * in their project. It handles command-line arguments to determine
  * whether to:
  * 1. Start the API server for the dashboard.
  * 2. Start serving the dashboard frontend.
  */
 
-import * as path from 'path';
-import { startServer, serveDashboard } from './index'; // Assume index.ts exports this function
+import { startServer, serveDashboard } from './index';
+import { findMonorepoRoot } from './utils/utilities';
 
-import { appConfig } from './config-loader';
-import fs from 'fs';
-
-// --- Argument Parsing ---
-
-// 1. Get arguments excluding the node executable and script name
-const args = process.argv.slice(2);
-
-// Default settings
-const DEFAULT_PORT = 8999;
 const rootPath = findMonorepoRoot();
-const port = appConfig.server.port ?? DEFAULT_PORT; //Default port
-const host = appConfig.server.host ?? 'localhost'; //Default host
-
-
-// --- Execution Logic ---
 
 console.log(`Starting Monodog API server...`);
 console.log(`Analyzing monorepo at root: ${rootPath}`);
-// Start the Express server and begin analysis
-startServer(rootPath, port, host);
-serveDashboard(
-  path.join(rootPath),
-  appConfig.dashboard.port,
-  appConfig.dashboard.host
-);
-
-  /**
-   * Find the monorepo root by looking for package.json with workspaces or pnpm-workspace.yaml
-   */
-  function findMonorepoRoot(): string {
-    let currentDir = __dirname;
-
-    while (currentDir !== path.parse(currentDir).root) {
-      const packageJsonPath = path.join(currentDir, 'package.json');
-      const pnpmWorkspacePath = path.join(currentDir, 'pnpm-workspace.yaml');
 
-      // Check if this directory has package.json with workspaces or pnpm-workspace.yaml
-      if (fs.existsSync(packageJsonPath)) {
-        try {
-          const packageJson = JSON.parse(
-            fs.readFileSync(packageJsonPath, 'utf8')
-          );
-          // If it has workspaces or is the root monorepo package
-          if (packageJson.workspaces || fs.existsSync(pnpmWorkspacePath)) {
-            console.log('✅ Found monorepo root:', currentDir);
-            return currentDir;
-          }
-        } catch (error) {
-          // Continue searching if package.json is invalid
-        }
-      }
+// Start the Express server and dashboard
 
-      // Check if we're at the git root
-      const gitPath = path.join(currentDir, '.git');
-      if (fs.existsSync(gitPath)) {
-        console.log('✅ Found git root (likely monorepo root):', currentDir);
-        return currentDir;
-      }
+startServer(rootPath);
 
-      // Go up one directory
-      const parentDir = path.dirname(currentDir);
-      if (parentDir === currentDir) break; // Prevent infinite loop
-      currentDir = parentDir;
-    }
+serveDashboard(rootPath);
 
-    // Fallback to process.cwd() if we can't find the root
-    console.log(
-      '⚠️ Could not find monorepo root, using process.cwd():',
-      process.cwd()
-    );
-    return process.cwd();
-  }

package/src/services/commitService.ts

@@ -1,4 +1,4 @@
-import { GitService } from '../gitService';
+import { GitService } from './gitService';
 import path from 'path';
 import fs from 'fs';