74f19f3312
Real-Time Collaboration (WebSocket): - WebSocket server with JWT auth and trip-based rooms - Live sync for all CRUD operations (places, assignments, days, notes, budget, packing, reservations, files) - Socket-based exclusion to prevent duplicate updates - Auto-reconnect with exponential backoff - Assignment move sync between days Performance: - 16 database indexes on all foreign key columns - N+1 query fix in places, assignments and days endpoints - Marker clustering (react-leaflet-cluster) with configurable radius - List virtualization (react-window) for places sidebar - useMemo for filtered places - SQLite WAL mode + busy_timeout for concurrent writes - Weather API: server-side cache (1h forecast, 15min current) + client sessionStorage - Google Places photos: persisted to DB after first fetch - Google Details: 3-tier cache (memory → sessionStorage → API) Security: - CORS auto-configuration (production: same-origin, dev: open) - API keys removed from /auth/me response - Admin-only endpoint for reading API keys - Path traversal prevention in cover image deletion - JWT secret persisted to file (survives restarts) - Avatar upload file extension whitelist - API key fallback: normal users use admin's key without exposure - Case-insensitive email login Dark Mode: - Fixed hardcoded colors across PackingList, Budget, ReservationModal, ReservationsPanel - Mobile map buttons and sidebar sheets respect dark mode - Cluster markers always dark UI/UX: - Redesigned login page with animated planes, stars and feature cards - Admin: create user functionality with CustomSelect - Mobile: day-picker popup for assigning places to days - Mobile: touch-friendly reorder buttons (32px targets) - Mobile: responsive text (shorter labels on small screens) - Packing list: index-based category colors - i18n: translated date picker placeholder, fixed German labels - Default map tile: CartoDB Light
29 lines
1006 B
JavaScript
29 lines
1006 B
JavaScript
const crypto = require('crypto');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
|
|
let JWT_SECRET = process.env.JWT_SECRET;
|
|
|
|
if (!JWT_SECRET) {
|
|
// Try to read a persisted secret from disk
|
|
const dataDir = path.resolve(__dirname, '../data');
|
|
const secretFile = path.join(dataDir, '.jwt_secret');
|
|
|
|
try {
|
|
JWT_SECRET = fs.readFileSync(secretFile, 'utf8').trim();
|
|
} catch {
|
|
// File doesn't exist yet — generate and persist a new secret
|
|
JWT_SECRET = crypto.randomBytes(32).toString('hex');
|
|
try {
|
|
if (!fs.existsSync(dataDir)) fs.mkdirSync(dataDir, { recursive: true });
|
|
fs.writeFileSync(secretFile, JWT_SECRET, { mode: 0o600 });
|
|
console.log('Generated and saved JWT secret to', secretFile);
|
|
} catch (writeErr) {
|
|
console.warn('WARNING: Could not persist JWT secret to disk:', writeErr.message);
|
|
console.warn('Sessions will reset on server restart. Set JWT_SECRET env var for persistent sessions.');
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = { JWT_SECRET };
|