server/static.js

// Static file serving + authenticated recording/transcript downloads.
// handleGet() is the fallback for any GET that didn't match an API route.
const fs = require('fs');
const path = require('path');
const R = require('./repos');
const { json } = require('./lib');
const { currentUser } = require('./session');
const { PUBLIC_DIR, REC_DIR, TRANS_DIR } = require('./config');

const MIME = { '.html': 'text/html', '.js': 'text/javascript', '.css': 'text/css', '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.svg': 'image/svg+xml', '.ico': 'image/x-icon' };

function serveStatic(req, res) {
  let p = req.url.split('?')[0];
  if (p === '/') p = '/index.html';
  if (p === '/home') p = '/home.html';
  // Console was replaced by Dashboard; keep the old path working.
  if (p === '/console' || p === '/dashboard') p = '/dashboard.html';
  if (p === '/share') p = '/share.html';
  if (p === '/connect') p = '/connect.html';
  const fp = path.join(PUBLIC_DIR, path.normalize(p));
  if (!fp.startsWith(PUBLIC_DIR)) return json(res, 403, { error: 'forbidden' });
  fs.readFile(fp, (err, data) => {
    if (err) return json(res, 404, { error: 'not found' });
    const ct = MIME[path.extname(fp)] || 'application/octet-stream';
    res.writeHead(200, { 'Content-Type': ct, 'Cache-Control': 'no-cache' });
    res.end(data);
  });
}

// GET fallback: authenticated transcript/recording downloads, else static files.
function handleGet(req, res) {
  const pathOnly = req.url.split('?')[0];
  if (pathOnly.startsWith('/transcripts/')) {
    const u = currentUser(req);
    if (!u) return json(res, 401, { error: 'unauthorized' });
    const name = path.basename(decodeURIComponent(pathOnly));
    const sid = name.replace(/\.txt$/i, '');
    const row = R.sessionsLog.byIdInTenant(sid, u.team_id);
    if (!row || !row.transcript) return json(res, 404, { error: 'not found' });
    const fp = path.join(TRANS_DIR, row.transcript);
    if (!fp.startsWith(TRANS_DIR)) return json(res, 403, { error: 'forbidden' });
    return fs.stat(fp, (err, st) => {
      if (err) return json(res, 404, { error: 'not found' });
      res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8', 'Content-Length': st.size, 'Content-Disposition': 'attachment; filename="transcript-' + sid + '.txt"', 'Cache-Control': 'no-store' });
      const rs = fs.createReadStream(fp);
      rs.on('error', () => { try { res.destroy(); } catch (e) {} });
      rs.pipe(res);
    });
  }
  if (pathOnly.startsWith('/recordings/')) {
    const u = currentUser(req);
    if (!u) return json(res, 401, { error: 'unauthorized' });
    const name = path.basename(decodeURIComponent(pathOnly));
    const sid = name.replace(/\.(webm|mp4)$/i, '');
    const row = R.sessionsLog.byIdInTenant(sid, u.team_id);
    if (!row || !row.recording) return json(res, 404, { error: 'not found' });
    const fp = path.join(REC_DIR, row.recording);
    if (!fp.startsWith(REC_DIR)) return json(res, 403, { error: 'forbidden' });
    const ext = path.extname(row.recording).toLowerCase() === '.mp4' ? 'mp4' : 'webm';
    const ctype = ext === 'mp4' ? 'video/mp4' : 'video/webm';
    return fs.stat(fp, (err, st) => {
      if (err) return json(res, 404, { error: 'not found' });
      res.writeHead(200, { 'Content-Type': ctype, 'Content-Length': st.size, 'Content-Disposition': 'attachment; filename="session-' + sid + '.' + ext + '"', 'Cache-Control': 'no-store', 'Accept-Ranges': 'bytes' });
      const rs = fs.createReadStream(fp);
      rs.on('error', () => { try { res.destroy(); } catch (e) {} });
      rs.pipe(res);
    });
  }
  return serveStatic(req, res);
}

module.exports = { handleGet, serveStatic };
feat: BizGaze Connect home, BizGaze login, modular backend, /api/v1 2026-06-12 00:40:07 +05:30			`// Static file serving + authenticated recording/transcript downloads.`
			`// handleGet() is the fallback for any GET that didn't match an API route.`
			`const fs = require('fs');`
			`const path = require('path');`
			`const R = require('./repos');`
			`const { json } = require('./lib');`
			`const { currentUser } = require('./session');`
			`const { PUBLIC_DIR, REC_DIR, TRANS_DIR } = require('./config');`

			`const MIME = { '.html': 'text/html', '.js': 'text/javascript', '.css': 'text/css', '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.svg': 'image/svg+xml', '.ico': 'image/x-icon' };`

			`function serveStatic(req, res) {`
			`let p = req.url.split('?')[0];`
			`if (p === '/') p = '/index.html';`
			`if (p === '/home') p = '/home.html';`
			`// Console was replaced by Dashboard; keep the old path working.`
			`if (p === '/console' \|\| p === '/dashboard') p = '/dashboard.html';`
			`if (p === '/share') p = '/share.html';`
			`if (p === '/connect') p = '/connect.html';`
			`const fp = path.join(PUBLIC_DIR, path.normalize(p));`
			`if (!fp.startsWith(PUBLIC_DIR)) return json(res, 403, { error: 'forbidden' });`
			`fs.readFile(fp, (err, data) => {`
			`if (err) return json(res, 404, { error: 'not found' });`
			`const ct = MIME[path.extname(fp)] \|\| 'application/octet-stream';`
			`res.writeHead(200, { 'Content-Type': ct, 'Cache-Control': 'no-cache' });`
			`res.end(data);`
			`});`
			`}`

			`// GET fallback: authenticated transcript/recording downloads, else static files.`
			`function handleGet(req, res) {`
			`const pathOnly = req.url.split('?')[0];`
			`if (pathOnly.startsWith('/transcripts/')) {`
			`const u = currentUser(req);`
			`if (!u) return json(res, 401, { error: 'unauthorized' });`
			`const name = path.basename(decodeURIComponent(pathOnly));`
			`const sid = name.replace(/\.txt$/i, '');`
			`const row = R.sessionsLog.byIdInTenant(sid, u.team_id);`
			`if (!row \|\| !row.transcript) return json(res, 404, { error: 'not found' });`
			`const fp = path.join(TRANS_DIR, row.transcript);`
			`if (!fp.startsWith(TRANS_DIR)) return json(res, 403, { error: 'forbidden' });`
			`return fs.stat(fp, (err, st) => {`
			`if (err) return json(res, 404, { error: 'not found' });`
			`res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8', 'Content-Length': st.size, 'Content-Disposition': 'attachment; filename="transcript-' + sid + '.txt"', 'Cache-Control': 'no-store' });`
			`const rs = fs.createReadStream(fp);`
			`rs.on('error', () => { try { res.destroy(); } catch (e) {} });`
			`rs.pipe(res);`
			`});`
			`}`
			`if (pathOnly.startsWith('/recordings/')) {`
			`const u = currentUser(req);`
			`if (!u) return json(res, 401, { error: 'unauthorized' });`
			`const name = path.basename(decodeURIComponent(pathOnly));`
			`const sid = name.replace(/\.(webm\|mp4)$/i, '');`
			`const row = R.sessionsLog.byIdInTenant(sid, u.team_id);`
			`if (!row \|\| !row.recording) return json(res, 404, { error: 'not found' });`
			`const fp = path.join(REC_DIR, row.recording);`
			`if (!fp.startsWith(REC_DIR)) return json(res, 403, { error: 'forbidden' });`
			`const ext = path.extname(row.recording).toLowerCase() === '.mp4' ? 'mp4' : 'webm';`
			`const ctype = ext === 'mp4' ? 'video/mp4' : 'video/webm';`
			`return fs.stat(fp, (err, st) => {`
			`if (err) return json(res, 404, { error: 'not found' });`
			`res.writeHead(200, { 'Content-Type': ctype, 'Content-Length': st.size, 'Content-Disposition': 'attachment; filename="session-' + sid + '.' + ext + '"', 'Cache-Control': 'no-store', 'Accept-Ranges': 'bytes' });`
			`const rs = fs.createReadStream(fp);`
			`rs.on('error', () => { try { res.destroy(); } catch (e) {} });`
			`rs.pipe(res);`
			`});`
			`}`
			`return serveStatic(req, res);`
			`}`

			`module.exports = { handleGet, serveStatic };`