refactor: streamline ALLOWED_ROOT_DIRECTORY handling and remove legacy support

This commit refactors the handling of ALLOWED_ROOT_DIRECTORY by removing legacy support for ALLOWED_PROJECT_DIRS and simplifying the security logic. Key changes include: - Removed deprecated ALLOWED_PROJECT_DIRS references from .env.example and security.ts. - Updated initAllowedPaths() to focus solely on ALLOWED_ROOT_DIRECTORY and DATA_DIR. - Enhanced logging for ALLOWED_ROOT_DIRECTORY configuration status. - Adjusted route handlers to utilize the new workspace directory logic. - Introduced a centralized storage module for localStorage operations to improve consistency and error handling. These changes aim to enhance security and maintainability by consolidating directory management into a single variable. Tests: All unit tests passing.
2026-02-02 08:33:36 +00:00 · 2025-12-20 20:49:28 -05:00
parent f3c9e828e2
commit 86d92e610b
17 changed files with 485 additions and 244 deletions
--- a/apps/ui/src/main.ts
+++ b/apps/ui/src/main.ts
@@ -116,7 +116,9 @@ async function startStaticServer(): Promise<void> {

  return new Promise((resolve, reject) => {
    staticServer!.listen(STATIC_PORT, () => {
-      console.log(`[Electron] Static server running at http://localhost:${STATIC_PORT}`);
+      console.log(
+        `[Electron] Static server running at http://localhost:${STATIC_PORT}`
+      );
      resolve();
    });
    staticServer!.on("error", reject);
@@ -135,7 +137,10 @@ async function startServer(): Promise<void> {
    command = "node";
    serverPath = path.join(__dirname, "../../server/src/index.ts");

-    const serverNodeModules = path.join(__dirname, "../../server/node_modules/tsx");
+    const serverNodeModules = path.join(
+      __dirname,
+      "../../server/node_modules/tsx"
+    );
    const rootNodeModules = path.join(__dirname, "../../../node_modules/tsx");

    let tsxCliPath: string;
@@ -170,23 +175,16 @@ async function startServer(): Promise<void> {
    ? path.join(process.resourcesPath, "server", "node_modules")
    : path.join(__dirname, "../../server/node_modules");

-  const defaultRootDirectory = path.join(app.getPath("documents"), "Automaker");
-
-  if (!fs.existsSync(defaultRootDirectory)) {
-    try {
-      fs.mkdirSync(defaultRootDirectory, { recursive: true });
-      console.log("[Electron] Created ALLOWED_ROOT_DIRECTORY:", defaultRootDirectory);
-    } catch (error) {
-      console.error("[Electron] Failed to create ALLOWED_ROOT_DIRECTORY:", error);
-    }
-  }
-
  const env = {
    ...process.env,
    PORT: SERVER_PORT.toString(),
    DATA_DIR: app.getPath("userData"),
    NODE_PATH: serverNodeModules,
-    ALLOWED_ROOT_DIRECTORY: process.env.ALLOWED_ROOT_DIRECTORY || defaultRootDirectory,
+    // Only set ALLOWED_ROOT_DIRECTORY if explicitly provided in environment
+    // If not set, server will allow access to all paths
+    ...(process.env.ALLOWED_ROOT_DIRECTORY && {
+      ALLOWED_ROOT_DIRECTORY: process.env.ALLOWED_ROOT_DIRECTORY,
+    }),
  };

  console.log("[Electron] Starting backend server...");
@@ -324,7 +322,10 @@ app.whenReady().then(async () => {
      try {
        app.dock.setIcon(iconPath);
      } catch (error) {
-        console.warn("[Electron] Failed to set dock icon:", (error as Error).message);
+        console.warn(
+          "[Electron] Failed to set dock icon:",
+          (error as Error).message
+        );
      }
    }
  }
@@ -426,9 +427,12 @@ ipcMain.handle("shell:openPath", async (_, filePath: string) => {
 });

 // App info
-ipcMain.handle("app:getPath", async (_, name: Parameters<typeof app.getPath>[0]) => {
-  return app.getPath(name);
-});
+ipcMain.handle(
+  "app:getPath",
+  async (_, name: Parameters<typeof app.getPath>[0]) => {
+    return app.getPath(name);
+  }
+);

 ipcMain.handle("app:getVersion", async () => {
  return app.getVersion();