refactor: streamline ALLOWED_ROOT_DIRECTORY handling and remove legacy support

This commit refactors the handling of ALLOWED_ROOT_DIRECTORY by removing legacy support for ALLOWED_PROJECT_DIRS and simplifying the security logic. Key changes include: - Removed deprecated ALLOWED_PROJECT_DIRS references from .env.example and security.ts. - Updated initAllowedPaths() to focus solely on ALLOWED_ROOT_DIRECTORY and DATA_DIR. - Enhanced logging for ALLOWED_ROOT_DIRECTORY configuration status. - Adjusted route handlers to utilize the new workspace directory logic. - Introduced a centralized storage module for localStorage operations to improve consistency and error handling. These changes aim to enhance security and maintainability by consolidating directory management into a single variable. Tests: All unit tests passing.
2026-02-02 08:33:36 +00:00 · 2025-12-20 20:49:28 -05:00
parent f3c9e828e2
commit 86d92e610b
17 changed files with 485 additions and 244 deletions
--- a/apps/ui/src/hooks/use-settings-migration.ts
+++ b/apps/ui/src/hooks/use-settings-migration.ts
@@ -20,6 +20,7 @@
 import { useEffect, useState, useRef } from "react";
 import { getHttpApiClient } from "@/lib/http-api-client";
 import { isElectron } from "@/lib/electron";
+import { getItem, removeItem } from "@/lib/storage";

 /**
 * State returned by useSettingsMigration hook
@@ -122,7 +123,7 @@ export function useSettingsMigration(): MigrationState {
        }

        // Check if we have localStorage data to migrate
-        const automakerStorage = localStorage.getItem("automaker-storage");
+        const automakerStorage = getItem("automaker-storage");
        if (!automakerStorage) {
          console.log(
            "[Settings Migration] No localStorage data to migrate"
@@ -136,7 +137,7 @@ export function useSettingsMigration(): MigrationState {
        // Collect all localStorage data
        const localStorageData: Record<string, string> = {};
        for (const key of LOCALSTORAGE_KEYS) {
-          const value = localStorage.getItem(key);
+          const value = getItem(key);
          if (value) {
            localStorageData[key] = value;
          }
@@ -154,7 +155,7 @@ export function useSettingsMigration(): MigrationState {

          // Clear old localStorage keys (but keep automaker-storage for Zustand)
          for (const key of KEYS_TO_CLEAR_AFTER_MIGRATION) {
-            localStorage.removeItem(key);
+            removeItem(key);
          }

          setState({ checked: true, migrated: true, error: null });
@@ -203,7 +204,7 @@ export async function syncSettingsToServer(): Promise<boolean> {

  try {
    const api = getHttpApiClient();
-    const automakerStorage = localStorage.getItem("automaker-storage");
+    const automakerStorage = getItem("automaker-storage");

    if (!automakerStorage) {
      return false;