web-agent-bridge 1.1.1 → 1.1.2

package/server/utils/migrate.js

@@ -1,81 +1,81 @@
-/**
- * Database Migration Runner
- * Tracks and applies SQL migrations from server/migrations/ in order.
- * Uses a `_migrations` table to record applied migrations.
- */
-const Database = require('better-sqlite3');
-const path = require('path');
-const fs = require('fs');
-
-const DATA_DIR = process.env.NODE_ENV === 'test'
-  ? path.join(__dirname, '..', '..', 'data-test')
-  : path.join(__dirname, '..', '..', 'data');
-if (!fs.existsSync(DATA_DIR)) fs.mkdirSync(DATA_DIR, { recursive: true });
-
-const dbFile = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
-const db = new Database(path.join(DATA_DIR, dbFile));
-
-// Ensure migrations tracking table exists
-db.exec(`
-  CREATE TABLE IF NOT EXISTS _migrations (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    name TEXT UNIQUE NOT NULL,
-    applied_at TEXT DEFAULT (datetime('now'))
-  );
-`);
-
-const MIGRATIONS_DIR = path.join(__dirname, '..', 'migrations');
-
-function getAppliedMigrations() {
-  return new Set(
-    db.prepare('SELECT name FROM _migrations ORDER BY id').all().map(r => r.name)
-  );
-}
-
-function runMigrations() {
-  if (!fs.existsSync(MIGRATIONS_DIR)) {
-    console.log('No migrations directory found.');
-    return;
-  }
-
-  const files = fs.readdirSync(MIGRATIONS_DIR)
-    .filter(f => f.endsWith('.sql'))
-    .sort();
-
-  const applied = getAppliedMigrations();
-  let count = 0;
-
-  const applyMigration = db.transaction((name, sql) => {
-    db.exec(sql);
-    db.prepare('INSERT INTO _migrations (name) VALUES (?)').run(name);
-  });
-
-  for (const file of files) {
-    if (applied.has(file)) continue;
-
-    const sql = fs.readFileSync(path.join(MIGRATIONS_DIR, file), 'utf8');
-    try {
-      applyMigration(file, sql);
-      console.log(`  ✅ Migration applied: ${file}`);
-      count++;
-    } catch (err) {
-      console.error(`  ❌ Migration failed: ${file} — ${err.message}`);
-      process.exit(1);
-    }
-  }
-
-  if (count === 0) {
-    console.log('  All migrations up to date.');
-  } else {
-    console.log(`  ${count} migration(s) applied.`);
-  }
-}
-
-// Run when called directly: node server/utils/migrate.js
-if (require.main === module) {
-  console.log('Running database migrations...');
-  runMigrations();
-  db.close();
-}
-
-module.exports = { runMigrations };
+/**
+ * Database Migration Runner
+ * Tracks and applies SQL migrations from server/migrations/ in order.
+ * Uses a `_migrations` table to record applied migrations.
+ */
+const Database = require('better-sqlite3');
+const path = require('path');
+const fs = require('fs');
+
+const DATA_DIR = process.env.NODE_ENV === 'test'
+  ? path.join(__dirname, '..', '..', 'data-test')
+  : path.join(__dirname, '..', '..', 'data');
+if (!fs.existsSync(DATA_DIR)) fs.mkdirSync(DATA_DIR, { recursive: true });
+
+const dbFile = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
+const db = new Database(path.join(DATA_DIR, dbFile));
+
+// Ensure migrations tracking table exists
+db.exec(`
+  CREATE TABLE IF NOT EXISTS _migrations (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name TEXT UNIQUE NOT NULL,
+    applied_at TEXT DEFAULT (datetime('now'))
+  );
+`);
+
+const MIGRATIONS_DIR = path.join(__dirname, '..', 'migrations');
+
+function getAppliedMigrations() {
+  return new Set(
+    db.prepare('SELECT name FROM _migrations ORDER BY id').all().map(r => r.name)
+  );
+}
+
+function runMigrations() {
+  if (!fs.existsSync(MIGRATIONS_DIR)) {
+    console.log('No migrations directory found.');
+    return;
+  }
+
+  const files = fs.readdirSync(MIGRATIONS_DIR)
+    .filter(f => f.endsWith('.sql'))
+    .sort();
+
+  const applied = getAppliedMigrations();
+  let count = 0;
+
+  const applyMigration = db.transaction((name, sql) => {
+    db.exec(sql);
+    db.prepare('INSERT INTO _migrations (name) VALUES (?)').run(name);
+  });
+
+  for (const file of files) {
+    if (applied.has(file)) continue;
+
+    const sql = fs.readFileSync(path.join(MIGRATIONS_DIR, file), 'utf8');
+    try {
+      applyMigration(file, sql);
+      console.log(`  ✅ Migration applied: ${file}`);
+      count++;
+    } catch (err) {
+      console.error(`  ❌ Migration failed: ${file} — ${err.message}`);
+      process.exit(1);
+    }
+  }
+
+  if (count === 0) {
+    console.log('  All migrations up to date.');
+  } else {
+    console.log(`  ${count} migration(s) applied.`);
+  }
+}
+
+// Run when called directly: node server/utils/migrate.js
+if (require.main === module) {
+  console.log('Running database migrations...');
+  runMigrations();
+  db.close();
+}
+
+module.exports = { runMigrations };

package/server/utils/secureFields.js

@@ -1,50 +1,50 @@
-/**
- * Optional AES-256-GCM encryption for sensitive DB fields (e.g. SMTP password).
- * Set CREDENTIALS_ENCRYPTION_KEY (any long random string) to enable at-rest encryption.
- */
-
-const crypto = require('crypto');
-
-const PREFIX = 'enc:v1:';
-
-function getKey() {
-  const raw = process.env.CREDENTIALS_ENCRYPTION_KEY;
-  if (!raw || String(raw).length < 8) return null;
-  return crypto.createHash('sha256').update(String(raw)).digest();
-}
-
-function encryptOptional(plain) {
-  if (plain == null || plain === '') return plain;
-  const key = getKey();
-  if (!key) return plain;
-  const iv = crypto.randomBytes(12);
-  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
-  const enc = Buffer.concat([cipher.update(String(plain), 'utf8'), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  return `${PREFIX}${iv.toString('hex')}:${tag.toString('hex')}:${enc.toString('hex')}`;
-}
-
-function decryptOptional(stored) {
-  if (stored == null || stored === '') return stored;
-  if (typeof stored !== 'string' || !stored.startsWith(PREFIX)) return stored;
-  const key = getKey();
-  if (!key) {
-    console.warn('[WAB] CREDENTIALS_ENCRYPTION_KEY missing; cannot decrypt stored credential');
-    return null;
-  }
-  try {
-    const rest = stored.slice(PREFIX.length);
-    const [ivHex, tagHex, dataHex] = rest.split(':');
-    const iv = Buffer.from(ivHex, 'hex');
-    const tag = Buffer.from(tagHex, 'hex');
-    const data = Buffer.from(dataHex, 'hex');
-    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
-    decipher.setAuthTag(tag);
-    return Buffer.concat([decipher.update(data), decipher.final()]).toString('utf8');
-  } catch (e) {
-    console.error('[WAB] Decrypt failed:', e.message);
-    return null;
-  }
-}
-
-module.exports = { encryptOptional, decryptOptional };
+/**
+ * Optional AES-256-GCM encryption for sensitive DB fields (e.g. SMTP password).
+ * Set CREDENTIALS_ENCRYPTION_KEY (any long random string) to enable at-rest encryption.
+ */
+
+const crypto = require('crypto');
+
+const PREFIX = 'enc:v1:';
+
+function getKey() {
+  const raw = process.env.CREDENTIALS_ENCRYPTION_KEY;
+  if (!raw || String(raw).length < 8) return null;
+  return crypto.createHash('sha256').update(String(raw)).digest();
+}
+
+function encryptOptional(plain) {
+  if (plain == null || plain === '') return plain;
+  const key = getKey();
+  if (!key) return plain;
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  const enc = Buffer.concat([cipher.update(String(plain), 'utf8'), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return `${PREFIX}${iv.toString('hex')}:${tag.toString('hex')}:${enc.toString('hex')}`;
+}
+
+function decryptOptional(stored) {
+  if (stored == null || stored === '') return stored;
+  if (typeof stored !== 'string' || !stored.startsWith(PREFIX)) return stored;
+  const key = getKey();
+  if (!key) {
+    console.warn('[WAB] CREDENTIALS_ENCRYPTION_KEY missing; cannot decrypt stored credential');
+    return null;
+  }
+  try {
+    const rest = stored.slice(PREFIX.length);
+    const [ivHex, tagHex, dataHex] = rest.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const tag = Buffer.from(tagHex, 'hex');
+    const data = Buffer.from(dataHex, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(data), decipher.final()]).toString('utf8');
+  } catch (e) {
+    console.error('[WAB] Decrypt failed:', e.message);
+    return null;
+  }
+}
+
+module.exports = { encryptOptional, decryptOptional };

package/server/ws.js

@@ -1,101 +1,101 @@
-const WebSocket = require('ws');
-const { verifyUserToken, verifyAdminToken } = require('./config/secrets');
-const { findSiteById } = require('./models/db');
-
-// Map of siteId → Set of WebSocket clients
-const siteClients = new Map();
-
-function setupWebSocket(server) {
-  const wss = new WebSocket.Server({ server, path: '/ws/analytics' });
-
-  wss.on('connection', (ws, req) => {
-    let authenticatedSiteId = null;
-
-    ws.isAlive = true;
-    ws.on('pong', () => { ws.isAlive = true; });
-
-    ws.on('message', (data) => {
-      try {
-        const msg = JSON.parse(data);
-
-        if (msg.type === 'auth') {
-          if (!msg.token || !msg.siteId) {
-            ws.send(JSON.stringify({ type: 'error', message: 'token and siteId required' }));
-            return;
-          }
-
-          let decoded;
-          let isAdmin = false;
-          try {
-            decoded = verifyUserToken(msg.token);
-          } catch {
-            try {
-              decoded = verifyAdminToken(msg.token);
-              isAdmin = decoded.isAdmin === true;
-            } catch {
-              ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
-              return;
-            }
-          }
-
-          if (!isAdmin) {
-            const site = findSiteById.get(msg.siteId);
-            if (!site || site.user_id !== decoded.id) {
-              ws.send(JSON.stringify({ type: 'error', message: 'Forbidden: not your site' }));
-              return;
-            }
-          }
-
-          authenticatedSiteId = msg.siteId;
-          if (!siteClients.has(msg.siteId)) {
-            siteClients.set(msg.siteId, new Set());
-          }
-          siteClients.get(msg.siteId).add(ws);
-          ws.send(JSON.stringify({ type: 'auth:success', siteId: msg.siteId }));
-        }
-      } catch (e) {
-        ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
-      }
-    });
-
-    ws.on('close', () => {
-      if (authenticatedSiteId && siteClients.has(authenticatedSiteId)) {
-        siteClients.get(authenticatedSiteId).delete(ws);
-        if (siteClients.get(authenticatedSiteId).size === 0) {
-          siteClients.delete(authenticatedSiteId);
-        }
-      }
-    });
-  });
-
-  const interval = setInterval(() => {
-    wss.clients.forEach((ws) => {
-      if (!ws.isAlive) return ws.terminate();
-      ws.isAlive = false;
-      ws.ping();
-    });
-  }, 30000);
-
-  wss.on('close', () => clearInterval(interval));
-
-  return wss;
-}
-
-function broadcastAnalytic(siteId, eventData) {
-  const clients = siteClients.get(siteId);
-  if (!clients || clients.size === 0) return;
-
-  const message = JSON.stringify({
-    type: 'analytic',
-    timestamp: new Date().toISOString(),
-    ...eventData
-  });
-
-  clients.forEach((ws) => {
-    if (ws.readyState === WebSocket.OPEN) {
-      ws.send(message);
-    }
-  });
-}
-
-module.exports = { setupWebSocket, broadcastAnalytic };
+const WebSocket = require('ws');
+const { verifyUserToken, verifyAdminToken } = require('./config/secrets');
+const { findSiteById } = require('./models/db');
+
+// Map of siteId → Set of WebSocket clients
+const siteClients = new Map();
+
+function setupWebSocket(server) {
+  const wss = new WebSocket.Server({ server, path: '/ws/analytics' });
+
+  wss.on('connection', (ws, req) => {
+    let authenticatedSiteId = null;
+
+    ws.isAlive = true;
+    ws.on('pong', () => { ws.isAlive = true; });
+
+    ws.on('message', (data) => {
+      try {
+        const msg = JSON.parse(data);
+
+        if (msg.type === 'auth') {
+          if (!msg.token || !msg.siteId) {
+            ws.send(JSON.stringify({ type: 'error', message: 'token and siteId required' }));
+            return;
+          }
+
+          let decoded;
+          let isAdmin = false;
+          try {
+            decoded = verifyUserToken(msg.token);
+          } catch {
+            try {
+              decoded = verifyAdminToken(msg.token);
+              isAdmin = decoded.isAdmin === true;
+            } catch {
+              ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
+              return;
+            }
+          }
+
+          if (!isAdmin) {
+            const site = findSiteById.get(msg.siteId);
+            if (!site || site.user_id !== decoded.id) {
+              ws.send(JSON.stringify({ type: 'error', message: 'Forbidden: not your site' }));
+              return;
+            }
+          }
+
+          authenticatedSiteId = msg.siteId;
+          if (!siteClients.has(msg.siteId)) {
+            siteClients.set(msg.siteId, new Set());
+          }
+          siteClients.get(msg.siteId).add(ws);
+          ws.send(JSON.stringify({ type: 'auth:success', siteId: msg.siteId }));
+        }
+      } catch (e) {
+        ws.send(JSON.stringify({ type: 'error', message: 'Invalid message or auth failed' }));
+      }
+    });
+
+    ws.on('close', () => {
+      if (authenticatedSiteId && siteClients.has(authenticatedSiteId)) {
+        siteClients.get(authenticatedSiteId).delete(ws);
+        if (siteClients.get(authenticatedSiteId).size === 0) {
+          siteClients.delete(authenticatedSiteId);
+        }
+      }
+    });
+  });
+
+  const interval = setInterval(() => {
+    wss.clients.forEach((ws) => {
+      if (!ws.isAlive) return ws.terminate();
+      ws.isAlive = false;
+      ws.ping();
+    });
+  }, 30000);
+
+  wss.on('close', () => clearInterval(interval));
+
+  return wss;
+}
+
+function broadcastAnalytic(siteId, eventData) {
+  const clients = siteClients.get(siteId);
+  if (!clients || clients.size === 0) return;
+
+  const message = JSON.stringify({
+    type: 'analytic',
+    timestamp: new Date().toISOString(),
+    ...eventData
+  });
+
+  clients.forEach((ws) => {
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(message);
+    }
+  });
+}
+
+module.exports = { setupWebSocket, broadcastAnalytic };