npm - greend-server - Versions diffs - 1.0.2 → 1.0.4 - Mend

greend-server 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/.env.example CHANGED Viewed

@@ -5,10 +5,16 @@
 PORT=3001
 HOST=0.0.0.0
-# Directory where all ESG data, user accounts, and audit logs are stored.
-# Use an absolute path outside the npm package so data survives upgrades.
-# Example: DATA_DIR=/opt/greend/data
-DATA_DIR=./data
+# Directory where all ESG data, user accounts, audit logs, and sessions are stored.
+# Use an absolute path outside the app/package directory so data survives upgrades.
+# If omitted, GreenD defaults to an OS-managed shared data location:
+#   Windows: %PROGRAMDATA%\GreenD\data
+#   macOS:   ~/Library/Application Support/GreenD/data
+#   Linux:   ~/.local/share/GreenD/data
+# Example:
+# DATA_DIR=C:\ProgramData\GreenD\data
+# DATA_DIR=/opt/greend/data
+# DATA_DIR=
 # REQUIRED in production: set this to a long random string (32+ chars).
 # Never use the default in production.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "greend-server",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "GreenD ESG backend — self-hosted Express.js API server",
   "type": "module",
   "main": "server.js",

package/server.js CHANGED Viewed

@@ -2,10 +2,12 @@ import 'dotenv/config';
 import { randomBytes } from 'crypto';
 import express from 'express';
 import cors from 'cors';
+import { readFileSync } from 'fs';
 import { readFile, writeFile, mkdir, readdir } from 'fs/promises';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
 import path from 'path';
+import os from 'os';
 import { createRequire } from 'module';
 const require = createRequire(import.meta.url);
@@ -28,9 +30,94 @@ if (
   process.exit(1);
 }
+function getDefaultDataDir() {
+  if (process.platform === 'win32') {
+    const programData = process.env.PROGRAMDATA || path.join(process.env.SystemDrive || 'C:', 'ProgramData');
+    return path.join(programData, 'GreenD', 'data');
+  }
+  if (process.platform === 'darwin') {
+    return path.join(os.homedir(), 'Library', 'Application Support', 'GreenD', 'data');
+  }
+  const xdgDataHome = process.env.XDG_DATA_HOME || path.join(os.homedir(), '.local', 'share');
+  return path.join(xdgDataHome, 'GreenD', 'data');
+}
 const DATA_DIR = process.env.DATA_DIR
   ? path.resolve(process.env.DATA_DIR)
-  : join(__dirname, 'data');
+  : getDefaultDataDir();
+const SESSION_COOKIE_NAME = 'connect.sid';
+const SESSION_COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === 'production',
+  sameSite: 'lax',
+  path: '/',
+  maxAge: 8 * 60 * 60 * 1000,
+};
+const CLEAR_SESSION_COOKIE_OPTIONS = {
+  httpOnly: SESSION_COOKIE_OPTIONS.httpOnly,
+  secure: SESSION_COOKIE_OPTIONS.secure,
+  sameSite: SESSION_COOKIE_OPTIONS.sameSite,
+  path: SESSION_COOKIE_OPTIONS.path,
+};
+// ---------------------------------------------------------------------------
+// File-backed session store — persists sessions to DATA_DIR/sessions.json so
+// that sessions survive server restarts (MemoryStore loses them on every restart).
+// ---------------------------------------------------------------------------
+class FileSessionStore extends session.Store {
+  #filepath;
+  #sessions;
+  constructor(filepath) {
+    super();
+    this.#filepath = filepath;
+    this.#sessions = {};
+    // Load synchronously at startup so sessions are available immediately.
+    try {
+      const raw = readFileSync(filepath, 'utf8');
+      const loaded = JSON.parse(raw);
+      const now = Date.now();
+      // Discard any already-expired sessions while loading.
+      for (const [sid, s] of Object.entries(loaded)) {
+        if (s?.cookie?.expires && new Date(s.cookie.expires).getTime() < now) continue;
+        this.#sessions[sid] = s;
+      }
+    } catch {
+      // File doesn't exist yet — start with empty sessions.
+    }
+  }
+  #save() {
+    mkdir(dirname(this.#filepath), { recursive: true })
+      .then(() => writeFile(this.#filepath, JSON.stringify(this.#sessions)))
+      .catch(e => console.error('[sessions] write error:', e.message));
+  }
+  get(sid, cb) {
+    const s = this.#sessions[sid];
+    if (!s) return cb(null, null);
+    if (s.cookie?.expires && new Date(s.cookie.expires).getTime() < Date.now()) {
+      delete this.#sessions[sid];
+      this.#save();
+      return cb(null, null);
+    }
+    cb(null, s);
+  }
+  set(sid, s, cb) {
+    this.#sessions[sid] = s;
+    this.#save();
+    cb(null);
+  }
+  destroy(sid, cb) {
+    delete this.#sessions[sid];
+    this.#save();
+    cb(null);
+  }
+}
 const app = express();
 app.use(express.json({ limit: '50mb' }));
@@ -48,15 +135,11 @@ app.use(cors({
 }));
 app.use(session({
+  store: new FileSessionStore(join(DATA_DIR, 'sessions.json')),
   secret: process.env.SESSION_SECRET || 'greend-dev-secret-change-in-production',
   resave: false,
   saveUninitialized: false,
-  cookie: {
-    httpOnly: true,
-    secure: process.env.NODE_ENV === 'production',
-    sameSite: 'lax',
-    maxAge: 8 * 60 * 60 * 1000, // 8 hours
-  },
+  cookie: SESSION_COOKIE_OPTIONS,
 }));
 // Generic helpers for simple single-file read/write
@@ -201,13 +284,35 @@ app.post('/api/auth/login', async (req, res) => {
   const valid = await bcrypt.compare(password, user.passwordHash);
   if (!valid) return res.status(401).json({ error: 'Invalid username or password' });
-  req.session.userId = user.id;
   const { passwordHash, ...safeUser } = user;
-  res.json(safeUser);
+  req.session.regenerate((err) => {
+    if (err) {
+      console.error('[auth] failed to regenerate session:', err.message);
+      return res.status(500).json({ error: 'Failed to start a new session' });
+    }
+    req.session.userId = user.id;
+    res.json(safeUser);
+  });
 });
 app.post('/api/auth/logout', (req, res) => {
-  req.session.destroy(() => res.sendStatus(204));
+  const finalize = () => {
+    res.clearCookie(SESSION_COOKIE_NAME, CLEAR_SESSION_COOKIE_OPTIONS);
+    res.sendStatus(204);
+  };
+  if (!req.session) {
+    finalize();
+    return;
+  }
+  req.session.destroy((err) => {
+    if (err) {
+      console.error('[auth] failed to destroy session:', err.message);
+      return res.status(500).json({ error: 'Failed to close the session' });
+    }
+    finalize();
+  });
 });
 app.put('/api/auth/password', requireAuth, async (req, res) => {
@@ -230,7 +335,11 @@ app.put('/api/auth/password', requireAuth, async (req, res) => {
 app.get('/api/auth/me', requireAuth, async (req, res) => {
   const users = await readUsers();
   const user = users.find(u => u.id === req.session.userId);
-  if (!user) return res.status(401).json({ error: 'Session invalid' });
+  if (!user) {
+    req.session.destroy(() => {});
+    res.clearCookie(SESSION_COOKIE_NAME, CLEAR_SESSION_COOKIE_OPTIONS);
+    return res.status(401).json({ error: 'Session invalid' });
+  }
   const { passwordHash, ...safeUser } = user;
   res.json(safeUser);
 });
@@ -360,8 +469,15 @@ async function seedDefaultAdmin() {
 const PORT = Number(process.env.PORT) || 3001;
 const HOST = process.env.HOST || '0.0.0.0';
-seedDefaultAdmin().then(() => {
-  app.listen(PORT, HOST, () =>
-    console.log(`GreenD server running on http://${HOST}:${PORT}`)
-  );
-});
+mkdir(DATA_DIR, { recursive: true })
+  .then(() => seedDefaultAdmin())
+  .then(() => {
+    console.log(`GreenD data directory: ${DATA_DIR}`);
+    app.listen(PORT, HOST, () =>
+      console.log(`GreenD server running on http://${HOST}:${PORT}`)
+    );
+  })
+  .catch((err) => {
+    console.error('Failed to initialize GreenD server:', err.message);
+    process.exit(1);
+  });