@pixelbyte-software/pixcode 1.33.8 → 1.33.10

package/server/database/json-store.js

@@ -1,194 +1,194 @@
-import fs from 'node:fs';
-import path from 'node:path';
-
-/**
- * Minimal JSON-backed store with atomic writes.
- *
- * Replaces the `better-sqlite3` auth/session/telegram DB from previous
- * releases. The backing store is kilobytes, not gigabytes — a SQL engine
- * was overkill and the native compile dragged install-time warnings +
- * on-disk WAL files that confused users. This impl:
- *
- *   - Loads the entire store into memory on first access (synchronous
- *     readFileSync) and keeps it cached; all subsequent reads hit the
- *     in-memory structure.
- *   - Every write flushes the whole document via write-to-tmp + rename
- *     so a crash mid-write can never truncate the file; either the
- *     old file survives or the new one is fully written.
- *   - All operations are synchronous and rely on Node's single-threaded
- *     JS execution for concurrency safety. No async queue, no locks.
- *
- * The schema is a flat object with one array per "table":
- *   { _version, _sequences: {<table>: nextId}, users: [...], ... }
- *
- * Callers use helpers like `insert`, `updateWhere`, `findWhere`,
- * `deleteWhere` rather than composing queries — this is a key/value map
- * with filter helpers, not a SQL engine.
- */
-
-const CURRENT_VERSION = 1;
-
-// Tables the store manages — empty arrays on a fresh file.
-const EMPTY_STORE = () => ({
-  _version: CURRENT_VERSION,
-  _sequences: {
-    users: 0,
-    api_keys: 0,
-    user_credentials: 0,
-    vapid_keys: 0,
-    push_subscriptions: 0,
-  },
-  users: [],
-  api_keys: [],
-  user_credentials: [],
-  user_notification_preferences: [], // each row: { user_id, preferences_json, updated_at }
-  vapid_keys: [],
-  push_subscriptions: [],
-  session_names: [], // each row: { session_id, provider, custom_name, created_at, updated_at }
-  app_config: [], // each row: { key, value, created_at }
-  telegram_config: [], // 0 or 1 row: { id=1, bot_token, bot_username, updated_at }
-  telegram_links: [], // each row: { user_id, chat_id, ... }
-});
-
-export class JsonStore {
-  constructor(filePath) {
-    this.filePath = filePath;
-    this.tmpPath = `${filePath}.tmp`;
-    this.data = null;
-    this._ensureLoaded();
-  }
-
-  _ensureLoaded() {
-    if (this.data) return;
-
-    // Ensure parent directory exists — matches the old better-sqlite3
-    // behavior where the directory was created during initialization.
-    const dir = path.dirname(this.filePath);
-    if (!fs.existsSync(dir)) {
-      fs.mkdirSync(dir, { recursive: true });
-    }
-
-    if (!fs.existsSync(this.filePath)) {
-      this.data = EMPTY_STORE();
-      this._flush();
-      return;
-    }
-
-    try {
-      const raw = fs.readFileSync(this.filePath, 'utf8');
-      const parsed = JSON.parse(raw);
-      // Fill missing keys from EMPTY_STORE so adding a new "table" in a
-      // later schema doesn't crash a fresh deploy reading an old file.
-      this.data = { ...EMPTY_STORE(), ...parsed };
-      // Ensure each well-known array key is actually an array — defends
-      // against a hand-edited file that set one to null or an object.
-      const empty = EMPTY_STORE();
-      for (const key of Object.keys(empty)) {
-        if (key === '_version' || key === '_sequences') continue;
-        if (!Array.isArray(this.data[key])) {
-          this.data[key] = [];
-        }
-      }
-      this.data._sequences = { ...empty._sequences, ...(parsed._sequences || {}) };
-    } catch (err) {
-      // Corrupted file — back up and start fresh. Never hide this; it's
-      // very likely user-visible (logins will reset).
-      const backup = `${this.filePath}.corrupt-${Date.now()}`;
-      console.error(`[JsonStore] Failed to read ${this.filePath}: ${err.message}. Backing up to ${backup}.`);
-      try { fs.renameSync(this.filePath, backup); } catch { /* noop */ }
-      this.data = EMPTY_STORE();
-      this._flush();
-    }
-  }
-
-  _flush() {
-    const serialized = JSON.stringify(this.data, null, 2);
-    fs.writeFileSync(this.tmpPath, serialized, 'utf8');
-    fs.renameSync(this.tmpPath, this.filePath);
-  }
-
-  // ---------- Raw access ----------
-  get raw() {
-    this._ensureLoaded();
-    return this.data;
-  }
-
-  save() { this._flush(); }
-
-  // ---------- Sequence (AUTOINCREMENT) ----------
-  nextId(table) {
-    this._ensureLoaded();
-    this.data._sequences[table] = (this.data._sequences[table] || 0) + 1;
-    return this.data._sequences[table];
-  }
-
-  // ---------- Query helpers ----------
-  findWhere(table, predicate) {
-    this._ensureLoaded();
-    return this.data[table].find(predicate) || null;
-  }
-
-  filterWhere(table, predicate) {
-    this._ensureLoaded();
-    return this.data[table].filter(predicate);
-  }
-
-  count(table, predicate) {
-    this._ensureLoaded();
-    if (!predicate) return this.data[table].length;
-    return this.data[table].filter(predicate).length;
-  }
-
-  // ---------- Mutation helpers ----------
-  insert(table, row, { autoId = true, sequenceKey } = {}) {
-    this._ensureLoaded();
-    const finalRow = { ...row };
-    if (autoId && finalRow.id === undefined) {
-      finalRow.id = this.nextId(sequenceKey || table);
-    }
-    this.data[table].push(finalRow);
-    this._flush();
-    return finalRow;
-  }
-
-  updateWhere(table, predicate, updater) {
-    this._ensureLoaded();
-    let changed = 0;
-    for (const row of this.data[table]) {
-      if (predicate(row)) {
-        const patch = typeof updater === 'function' ? updater(row) : updater;
-        Object.assign(row, patch);
-        changed += 1;
-      }
-    }
-    if (changed > 0) this._flush();
-    return changed;
-  }
-
-  upsertWhere(table, predicate, row) {
-    this._ensureLoaded();
-    const existing = this.data[table].find(predicate);
-    if (existing) {
-      Object.assign(existing, row);
-      this._flush();
-      return existing;
-    }
-    return this.insert(table, row);
-  }
-
-  deleteWhere(table, predicate) {
-    this._ensureLoaded();
-    const before = this.data[table].length;
-    this.data[table] = this.data[table].filter((row) => !predicate(row));
-    const removed = before - this.data[table].length;
-    if (removed > 0) this._flush();
-    return removed;
-  }
-}
-
-/**
- * Helper — ISO timestamp matching the DATETIME format SQLite used to
- * write. Stored as a plain ISO string; no one actually parses it beyond
- * displaying "last login X hours ago".
- */
-export const nowIso = () => new Date().toISOString();
+import fs from 'node:fs';
+import path from 'node:path';
+
+/**
+ * Minimal JSON-backed store with atomic writes.
+ *
+ * Replaces the `better-sqlite3` auth/session/telegram DB from previous
+ * releases. The backing store is kilobytes, not gigabytes — a SQL engine
+ * was overkill and the native compile dragged install-time warnings +
+ * on-disk WAL files that confused users. This impl:
+ *
+ *   - Loads the entire store into memory on first access (synchronous
+ *     readFileSync) and keeps it cached; all subsequent reads hit the
+ *     in-memory structure.
+ *   - Every write flushes the whole document via write-to-tmp + rename
+ *     so a crash mid-write can never truncate the file; either the
+ *     old file survives or the new one is fully written.
+ *   - All operations are synchronous and rely on Node's single-threaded
+ *     JS execution for concurrency safety. No async queue, no locks.
+ *
+ * The schema is a flat object with one array per "table":
+ *   { _version, _sequences: {<table>: nextId}, users: [...], ... }
+ *
+ * Callers use helpers like `insert`, `updateWhere`, `findWhere`,
+ * `deleteWhere` rather than composing queries — this is a key/value map
+ * with filter helpers, not a SQL engine.
+ */
+
+const CURRENT_VERSION = 1;
+
+// Tables the store manages — empty arrays on a fresh file.
+const EMPTY_STORE = () => ({
+  _version: CURRENT_VERSION,
+  _sequences: {
+    users: 0,
+    api_keys: 0,
+    user_credentials: 0,
+    vapid_keys: 0,
+    push_subscriptions: 0,
+  },
+  users: [],
+  api_keys: [],
+  user_credentials: [],
+  user_notification_preferences: [], // each row: { user_id, preferences_json, updated_at }
+  vapid_keys: [],
+  push_subscriptions: [],
+  session_names: [], // each row: { session_id, provider, custom_name, created_at, updated_at }
+  app_config: [], // each row: { key, value, created_at }
+  telegram_config: [], // 0 or 1 row: { id=1, bot_token, bot_username, updated_at }
+  telegram_links: [], // each row: { user_id, chat_id, ... }
+});
+
+export class JsonStore {
+  constructor(filePath) {
+    this.filePath = filePath;
+    this.tmpPath = `${filePath}.tmp`;
+    this.data = null;
+    this._ensureLoaded();
+  }
+
+  _ensureLoaded() {
+    if (this.data) return;
+
+    // Ensure parent directory exists — matches the old better-sqlite3
+    // behavior where the directory was created during initialization.
+    const dir = path.dirname(this.filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+
+    if (!fs.existsSync(this.filePath)) {
+      this.data = EMPTY_STORE();
+      this._flush();
+      return;
+    }
+
+    try {
+      const raw = fs.readFileSync(this.filePath, 'utf8');
+      const parsed = JSON.parse(raw);
+      // Fill missing keys from EMPTY_STORE so adding a new "table" in a
+      // later schema doesn't crash a fresh deploy reading an old file.
+      this.data = { ...EMPTY_STORE(), ...parsed };
+      // Ensure each well-known array key is actually an array — defends
+      // against a hand-edited file that set one to null or an object.
+      const empty = EMPTY_STORE();
+      for (const key of Object.keys(empty)) {
+        if (key === '_version' || key === '_sequences') continue;
+        if (!Array.isArray(this.data[key])) {
+          this.data[key] = [];
+        }
+      }
+      this.data._sequences = { ...empty._sequences, ...(parsed._sequences || {}) };
+    } catch (err) {
+      // Corrupted file — back up and start fresh. Never hide this; it's
+      // very likely user-visible (logins will reset).
+      const backup = `${this.filePath}.corrupt-${Date.now()}`;
+      console.error(`[JsonStore] Failed to read ${this.filePath}: ${err.message}. Backing up to ${backup}.`);
+      try { fs.renameSync(this.filePath, backup); } catch { /* noop */ }
+      this.data = EMPTY_STORE();
+      this._flush();
+    }
+  }
+
+  _flush() {
+    const serialized = JSON.stringify(this.data, null, 2);
+    fs.writeFileSync(this.tmpPath, serialized, 'utf8');
+    fs.renameSync(this.tmpPath, this.filePath);
+  }
+
+  // ---------- Raw access ----------
+  get raw() {
+    this._ensureLoaded();
+    return this.data;
+  }
+
+  save() { this._flush(); }
+
+  // ---------- Sequence (AUTOINCREMENT) ----------
+  nextId(table) {
+    this._ensureLoaded();
+    this.data._sequences[table] = (this.data._sequences[table] || 0) + 1;
+    return this.data._sequences[table];
+  }
+
+  // ---------- Query helpers ----------
+  findWhere(table, predicate) {
+    this._ensureLoaded();
+    return this.data[table].find(predicate) || null;
+  }
+
+  filterWhere(table, predicate) {
+    this._ensureLoaded();
+    return this.data[table].filter(predicate);
+  }
+
+  count(table, predicate) {
+    this._ensureLoaded();
+    if (!predicate) return this.data[table].length;
+    return this.data[table].filter(predicate).length;
+  }
+
+  // ---------- Mutation helpers ----------
+  insert(table, row, { autoId = true, sequenceKey } = {}) {
+    this._ensureLoaded();
+    const finalRow = { ...row };
+    if (autoId && finalRow.id === undefined) {
+      finalRow.id = this.nextId(sequenceKey || table);
+    }
+    this.data[table].push(finalRow);
+    this._flush();
+    return finalRow;
+  }
+
+  updateWhere(table, predicate, updater) {
+    this._ensureLoaded();
+    let changed = 0;
+    for (const row of this.data[table]) {
+      if (predicate(row)) {
+        const patch = typeof updater === 'function' ? updater(row) : updater;
+        Object.assign(row, patch);
+        changed += 1;
+      }
+    }
+    if (changed > 0) this._flush();
+    return changed;
+  }
+
+  upsertWhere(table, predicate, row) {
+    this._ensureLoaded();
+    const existing = this.data[table].find(predicate);
+    if (existing) {
+      Object.assign(existing, row);
+      this._flush();
+      return existing;
+    }
+    return this.insert(table, row);
+  }
+
+  deleteWhere(table, predicate) {
+    this._ensureLoaded();
+    const before = this.data[table].length;
+    this.data[table] = this.data[table].filter((row) => !predicate(row));
+    const removed = before - this.data[table].length;
+    if (removed > 0) this._flush();
+    return removed;
+  }
+}
+
+/**
+ * Helper — ISO timestamp matching the DATETIME format SQLite used to
+ * write. Stored as a plain ISO string; no one actually parses it beyond
+ * displaying "last login X hours ago".
+ */
+export const nowIso = () => new Date().toISOString();

package/server/gemini-cli.js

@@ -15,6 +15,48 @@ import { createNormalizedMessage } from './shared/utils.js';
 
 let activeGeminiProcesses = new Map(); // Track active processes by session ID
 
+/**
+ * Auto-create `~/.gemini/settings.json` when the user has signed in via OAuth
+ * (so `oauth_creds.json` exists) but never opened the Gemini TUI to write the
+ * `selectedAuthType` field. Without this, `gemini --prompt … --output-format
+ * stream-json --yolo` exits 41 with "Please set an Auth method in your
+ * settings.json" — even though credentials are perfectly valid. We respect a
+ * pre-existing `settings.json` and never overwrite a chosen auth type.
+ *
+ * Triggered every spawn (cheap: one fs.access + maybe one tiny write).
+ */
+async function ensureGeminiSettingsJson() {
+    const home = os.homedir();
+    const dir = path.join(home, '.gemini');
+    const settingsPath = path.join(dir, 'settings.json');
+    const oauthPath = path.join(dir, 'oauth_creds.json');
+    const apiKey = process.env.GEMINI_API_KEY;
+
+    try {
+        await fs.access(settingsPath);
+        return; // user-managed, leave it.
+    } catch { /* missing — we may create it */ }
+
+    let selectedAuthType = null;
+    if (apiKey && apiKey.trim()) {
+        selectedAuthType = 'gemini-api-key';
+    } else {
+        try {
+            await fs.access(oauthPath);
+            selectedAuthType = 'oauth-personal';
+        } catch { /* no oauth either */ }
+    }
+    if (!selectedAuthType) return;
+
+    try {
+        await fs.mkdir(dir, { recursive: true });
+        await fs.writeFile(settingsPath, JSON.stringify({ selectedAuthType }, null, 2), { mode: 0o600 });
+        console.log(`[gemini] auto-bootstrapped ~/.gemini/settings.json with selectedAuthType="${selectedAuthType}"`);
+    } catch (error) {
+        console.warn('[gemini] failed to bootstrap settings.json:', error?.message || error);
+    }
+}
+
 async function spawnGemini(command, options = {}, ws) {
     const { sessionId, projectPath, cwd, toolsSettings, permissionMode, images, sessionSummary } = options;
     let capturedSessionId = sessionId; // Track session ID throughout the process
@@ -174,6 +216,24 @@ async function spawnGemini(command, options = {}, ws) {
     // exporting GEMINI_API_KEY in their shell.
     const spawnEnv = await buildSpawnEnv('gemini');
 
+    // OAuth-only users never opened the TUI → no settings.json → spawn dies
+    // with exit 41. Bootstrap it once.
+    await ensureGeminiSettingsJson();
+
+    // Headless OAuth handshake. Without this Gemini exits 41 with "Please
+    // set an Auth method..." even when ~/.gemini/oauth_creds.json is fully
+    // valid — the CLI gates oauth-personal mode behind GOOGLE_GENAI_USE_GCA
+    // when running non-interactively. Only set when the user hasn't supplied
+    // an API key (which has its own auth path).
+    if (!spawnEnv.GEMINI_API_KEY) {
+        spawnEnv.GOOGLE_GENAI_USE_GCA = 'true';
+    }
+    // `--yolo` skips approval prompts but Gemini still refuses to operate
+    // on directories it doesn't recognise as trusted. There's no
+    // interactive prompt available in our pty-less spawn, so we set the
+    // documented headless escape hatch.
+    spawnEnv.GEMINI_CLI_TRUST_WORKSPACE = 'true';
+
     return new Promise((resolve, reject) => {
         const geminiProcess = spawnFunction(spawnCmd, spawnArgs, {
             cwd: workingDir,

package/server/index.js

@@ -866,7 +866,12 @@ app.delete('/api/projects/:projectName', authenticateToken, async (req, res) =>
         await deleteProject(projectName, force, deleteData);
         res.json({ success: true });
     } catch (error) {
-        res.status(500).json({ error: error.message });
+        // "Cannot delete project with existing sessions" is a precondition
+        // failure, not a server fault — surface it as 409 so clients can
+        // catch it and prompt the user to pass `?force=true` (or clean
+        // sessions first) instead of treating it like a crash.
+        const conflict = typeof error?.message === 'string' && error.message.includes('existing sessions');
+        res.status(conflict ? 409 : 500).json({ error: error.message });
     }
 });
 

package/server/middleware/auth.js

@@ -1,5 +1,5 @@
 import jwt from 'jsonwebtoken';
-import { userDb, appConfigDb } from '../database/db.js';
+import { userDb, appConfigDb, apiKeysDb } from '../database/db.js';
 import { IS_PLATFORM } from '../constants/config.js';
 
 // Use env var if set, otherwise auto-generate a unique secret per installation
@@ -36,21 +36,47 @@ const authenticateToken = async (req, res, next) => {
     }
   }
 
-  // Normal OSS JWT validation
+  // Pull credentials from any of the supported transports.
+  //  - Authorization: Bearer <jwt-or-apikey>
+  //  - X-API-Key: <apikey>            (legacy, kept for /api/agent compatibility)
+  //  - ?token=<jwt>                    (EventSource workaround — can't set headers)
+  //  - ?apiKey=<apikey>                (EventSource workaround)
+  // Auth-token mode is decided by the prefix: keys generated by Pixcode start
+  // with `ck_` (see apiKeysDb.generateApiKey) — anything else falls through
+  // to JWT verification.
   const authHeader = req.headers['authorization'];
-  let token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+  const bearerToken = authHeader && authHeader.startsWith('Bearer ') ? authHeader.slice(7).trim() : null;
+  const apiKeyHeader = req.headers['x-api-key'];
+  const queryToken = typeof req.query.token === 'string' ? req.query.token : null;
+  const queryApiKey = typeof req.query.apiKey === 'string' ? req.query.apiKey : null;
 
-  // Also check query param for SSE endpoints (EventSource can't set headers)
-  if (!token && req.query.token) {
-    token = req.query.token;
+  // Try API-key paths first when the credential is unambiguously an API key.
+  const explicitApiKey = apiKeyHeader || queryApiKey
+    || (bearerToken && bearerToken.startsWith('ck_') ? bearerToken : null)
+    || (queryToken && queryToken.startsWith('ck_') ? queryToken : null);
+
+  if (explicitApiKey) {
+    try {
+      const user = apiKeysDb.validateApiKey(explicitApiKey);
+      if (!user) {
+        return res.status(401).json({ error: 'Invalid or inactive API key' });
+      }
+      req.user = user;
+      return next();
+    } catch (error) {
+      console.error('API key validation error:', error);
+      return res.status(500).json({ error: 'Authentication backend error' });
+    }
   }
 
-  if (!token) {
+  // Otherwise fall back to JWT.
+  const jwtToken = bearerToken || queryToken;
+  if (!jwtToken) {
     return res.status(401).json({ error: 'Access denied. No token provided.' });
   }
 
   try {
-    const decoded = jwt.verify(token, JWT_SECRET);
+    const decoded = jwt.verify(jwtToken, JWT_SECRET);
 
     // Verify user still exists and is active
     const user = userDb.getUserById(decoded.userId);
@@ -104,11 +130,26 @@ const authenticateWebSocket = (token) => {
     }
   }
 
-  // Normal OSS JWT validation
+  // Normal OSS validation — accept either an API key (`ck_…`) or a JWT.
+  // Mirrors the REST `authenticateToken` middleware so any tool that has
+  // a `ck_` key (CI scripts, the api-tester subagent, the user's own
+  // automation, ...) can also open a WebSocket without first exchanging
+  // the key for a JWT.
   if (!token) {
     return null;
   }
 
+  if (typeof token === 'string' && token.startsWith('ck_')) {
+    try {
+      const user = apiKeysDb.validateApiKey(token);
+      if (!user) return null;
+      return { userId: user.id, username: user.username };
+    } catch (error) {
+      console.error('WebSocket API key validation error:', error);
+      return null;
+    }
+  }
+
   try {
     const decoded = jwt.verify(token, JWT_SECRET);
     // Verify user actually exists in database (matches REST authenticateToken behavior)