@xenon-device-management/xenon 1.1.17 → 1.1.18

package/lib/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@xenon-device-management/xenon",
-    "version": "1.1.17",
+    "version": "1.1.18",
     "description": "Xenon - Intelligent Mobile Infrastructure. A self-healing device orchestration platform for Appium.",
     "main": "./lib/src/index.js",
     "exports": {

package/lib/src/app/index.js

@@ -140,6 +140,7 @@ const findPublicPath = () => {
         path_1.default.resolve(__dirname, '../public'), // Alternative structure
         path_1.default.resolve(__dirname, '../../public'),
         path_1.default.resolve(__dirname, '../../../public'),
+        path_1.default.resolve(__dirname, '../../../../public'),
     ];
     for (const p of searchPaths) {
         if (fs_1.default.existsSync(path_1.default.join(p, 'index.html'))) {
@@ -154,9 +155,16 @@ const findPublicPath = () => {
 };
 const publicPath = findPublicPath();
 logger_1.default.info(`[Xenon] Public assets path resolved to: ${publicPath}`);
-staticFilesRouter.use(express_1.default.static(publicPath));
+// Principal Security: Add permissive CSP and CORS for the dashboard
+router.use((req, res, next) => {
+    res.setHeader('Content-Security-Policy', "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self';");
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    next();
+});
+staticFilesRouter.use(express_1.default.static(publicPath, { index: false }));
 router.use('/api', apiRouter);
-router.use('/assets', express_1.default.static(config_1.config.sessionAssetsPath));
+// Principal Fix: Rename collision route from /assets to /session-recordings to avoid conflict with dashboard's /assets folder
+router.use('/session-recordings', express_1.default.static(config_1.config.sessionAssetsPath));
 router.use(staticFilesRouter);
 function createRouter(pluginArgs) {
     dashboard_1.default.register(apiRouter);
@@ -184,17 +192,19 @@ function createRouter(pluginArgs) {
     });
     // Fallback route for client-side routing - serve index.html for all non-API routes
     // MUST be registered after Swagger to avoid interception
-    router.get(/^(?!\/api).*/, (req, res) => {
+    router.get('*', (req, res) => {
         const indexPath = path_1.default.resolve(publicPath, 'index.html');
         const url = req.originalUrl || req.url;
+        // Skip if it's an API call that somehow reached here
+        if (url.includes('/api/'))
+            return res.status(404).json({ error: true, message: 'Not Found' });
         logger_1.default.debug(`[Xenon] UI Fallback triggered for: ${url}. Targeting: ${indexPath}`);
         if (fs_1.default.existsSync(indexPath)) {
+            res.set('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
             res.sendFile(indexPath, (err) => {
-                if (err) {
+                if (err && !res.headersSent) {
                     logger_1.default.error(`[Xenon] res.sendFile failed for ${indexPath}. Error: ${err.message}`);
-                    if (!res.headersSent) {
-                        res.status(404).send(`Xenon UI Asset Error: ${err.message}`);
-                    }
+                    res.status(404).send(`Xenon UI Asset Error: ${err.message}`);
                 }
             });
         }

package/lib/src/device-utils.js

@@ -66,6 +66,7 @@ exports.unblockCandidateDevices = unblockCandidateDevices;
 exports.releaseBlockedDevices = releaseBlockedDevices;
 exports.setupCronReleaseBlockedDevices = setupCronReleaseBlockedDevices;
 exports.setupCronUpdateDeviceList = setupCronUpdateDeviceList;
+exports.setupCronLocalDiscovery = setupCronLocalDiscovery;
 exports.cleanPendingSessions = cleanPendingSessions;
 exports.setupCronCleanPendingSessions = setupCronCleanPendingSessions;
 exports.setupCronCleanExpiredReservations = setupCronCleanExpiredReservations;
@@ -578,6 +579,21 @@ function setupCronUpdateDeviceList(host, hubArgument, intervalMs, tlsRejectUnaut
         }), intervalMs);
     });
 }
+/**
+ * Principal discovery: Periodically poll for local devices to prune stales/offlines.
+ * Critical for standalone Hubs where setupCronUpdateDeviceList isn't called.
+ */
+function setupCronLocalDiscovery(host, intervalMs) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (timer) {
+            clearInterval(timer);
+        }
+        logger_1.default.info(`Local device discovery poll started every ${intervalMs} ms`);
+        timer = setInterval(() => __awaiter(this, void 0, void 0, function* () {
+            yield updateDeviceList(host);
+        }), intervalMs);
+    });
+}
 function cleanPendingSessions(timeoutMs) {
     return __awaiter(this, void 0, void 0, function* () {
         const pendingSessions = yield pendingStore.getAllPendingSessions();

package/lib/src/services/ServerManager.js

@@ -246,6 +246,11 @@ let ServerManager = ServerManager_1 = class ServerManager {
             else {
                 ServerManager_1.IS_HUB = true;
                 this.logger.info(`🌐 I'm a hub and I'm listening on ${pluginArgs.bindHostOrIp}:${cliArgs.port}`);
+                // Principal discovery: Background poll to prune stale/offline devices on the Hub itself
+                (() => __awaiter(this, void 0, void 0, function* () {
+                    const { setupCronLocalDiscovery } = yield Promise.resolve().then(() => __importStar(require('../device-utils')));
+                    yield setupCronLocalDiscovery(pluginArgs.bindHostOrIp, pluginArgs.sendNodeDevicesToHubIntervalMs);
+                }))();
                 const socketServer = typedi_1.Container.get(SocketServer_1.SocketServer);
                 socketServer.initialize(httpServer);
                 const tracingService = typedi_1.Container.get(TracingService_1.TracingService);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xenon-device-management/xenon",
-  "version": "1.1.17",
+  "version": "1.1.18",
   "description": "Xenon - Intelligent Mobile Infrastructure. A self-healing device orchestration platform for Appium.",
   "main": "./lib/src/index.js",
   "exports": {