feat: Complete Application Infrastructure and Security Overhaul (#28)

Chores & Configuration
	•	Enhanced development setup: optimized Dockerfile, refined scripts, and improved .gitignore.
	•	Updated docker-compose for better dev/prod separation.
	•	Improved documentation in README and source files.

Features & Enhancements
	•	Refactored project structure with modular architecture.
	•	Improved testing infrastructure and integration tests.
	•	Enhanced file upload logic, client-side handling, and API routes.
	•	Implemented robust server shutdown, rate limiting, and cleanup mechanisms.
	•	Improved upload progress tracking with UI enhancements.
	•	Strengthened security in PIN authentication and cookie handling.

Refactors & Fixes
	•	Cleaned up test infrastructure, logging, and error handling.
	•	Simplified API route paths and improved middleware.
	•	Fixed incorrect total storage size reporting.
	•	Optimized logging verbosity based on environment.

Documentation
	•	Expanded project documentation and comments for clarity.

Author: greirson

.cursorrules

@@ -0,0 +1,130 @@
+/**
+ * Cursor rules for maintaining code quality and consistency
+ */
+
+{
+  "rules": {
+    "file-header-docs": {
+      "description": "All source files must have a header comment explaining their purpose",
+      "pattern": "src/**/*.js",
+      "check": {
+        "type": "regex",
+        "value": "^/\\*\\*\\n \\* [^\\n]+\\n \\* [^\\n]+\\n \\* [^\\n]+\\n \\*/\\n",
+        "message": "File must start with a header comment block (3 lines) explaining its purpose"
+      }
+    }
+  }
+}
+
+# Project Principles
+
+# Code Philosophy
+- Keep code simple, smart, and follow best practices
+- Don't over-engineer for the sake of engineering
+- Use standard conventions and patterns
+- Write human-readable code
+- Keep it simple so the app just works
+- Follow the principle: "Make it work, make it right, make it fast"
+- Comments should explain "why" behind the code in more complex functions
+- Overcommented code is better than undercommented code
+
+# Commit Conventions
+- Use Conventional Commits format:
+  - feat: new features
+  - fix: bug fixes
+  - docs: documentation changes
+  - style: formatting, missing semi colons, etc.
+  - refactor: code changes that neither fix bugs nor add features
+  - test: adding or modifying tests
+  - chore: updating build tasks, package manager configs, etc.
+- Each commit should be atomic and focused
+- Write clear, descriptive commit messages
+
+# Project Structure
+
+# Root Directory
+- Keep root directory clean with only essential files
+- Production configuration files in root:
+  - docker-compose.yml
+  - Dockerfile
+  - .env.example
+  - package.json
+  - README.md
+
+# Source Code (/src)
+- All application source code in /src directory
+  - app.js: Application setup and configuration
+  - server.js: Server entry point
+  - routes/: Route handlers
+  - middleware/: Custom middleware
+  - utils/: Helper functions and utilities
+  - models/: Data models (if applicable)
+  - services/: Business logic
+
+# Development
+- All development configurations in /dev directory
+- Development specific files:
+  - /dev/docker-compose.dev.yml
+  - /dev/.env.dev.example
+  - /dev/README.md (development setup instructions)
+
+# Static Assets and Uploads
+- Static assets in /public directory
+- Upload directories:
+  - /uploads (production)
+  - /local_uploads (local development)
+
+# Testing
+- Tests are mandatory for all new features
+- Test files location:
+  - Unit tests: __tests__/unit/
+  - Integration tests: __tests__/integration/
+  - E2E tests: __tests__/e2e/
+- Test naming convention:
+  - Unit tests: [feature].test.js
+  - Integration tests: [feature].integration.test.js
+  - E2E tests: [feature].e2e.test.js
+- Test coverage requirements:
+  - Minimum 80% coverage for new features
+  - Must include happy path and error cases
+  - API endpoints must have integration tests
+
+# Documentation
+- Main README.md in root focuses on production deployment
+- Development documentation in /dev/README.md
+- Code must be self-documenting with clear naming
+- Complex logic must include comments explaining "why" not "what"
+- JSDoc comments for public functions and APIs
+
+# Docker Configuration
+- Use environment-specific .dockerignore files:
+  - .dockerignore: Production defaults (most restrictive)
+  - dev/.dockerignore: Development-specific (allows test/dev files)
+- Production .dockerignore should exclude:
+  - All test files and configurations
+  - Development-only dependencies
+  - Documentation and non-essential files
+  - Local development configurations
+- Development .dockerignore should:
+  - Allow test files and configurations
+  - Allow development dependencies
+  - Still exclude node_modules and sensitive files
+  - Keep Docker-specific files excluded
+- Docker Compose configurations:
+  - Production: docker-compose.yml in root
+  - Development: docker-compose.dev.yml in /dev
+  - Use BuildKit features when needed
+  - Document any special build arguments
+- Multi-stage builds:
+  - Use appropriate base images
+  - Minimize final image size
+  - Separate development and production stages
+  - Use specific version tags for base images
+
+# Code Style
+- Follow ESLint and Prettier configurations
+- Use meaningful variable and function names
+- Keep functions small and focused
+- Maximum line length: 100 characters
+- Use modern JavaScript features appropriately
+- Prefer clarity over cleverness 

.dockerignore

@@ -1,7 +1,56 @@
+# Version control
+.git
+.gitignore
+
+# Dependencies
 node_modules
 npm-debug.log
-uploads/*
+yarn-debug.log
+yarn-error.log
+
+# Environment variables
 .env
-.git
-.gitignore
+.env.*
+!.env.example
+
+# Development
+.vscode
+.idea
+*.swp
+*.swo
+
+# Build outputs
+dist
+build
+coverage
+
+# Local uploads (development only)
+local_uploads
+
+# Logs
+logs
+*.log
+
+# System files
+.DS_Store
+Thumbs.db
+
+# Docker
+.docker
+docker-compose*.yml
+Dockerfile*
+
+# Documentation
 README.md
+CHANGELOG.md
+docs
+
+# Keep test files and configs for development builds
+# __tests__
+# jest.config.js
+# *.test.js
+# *.spec.js
+# .eslintrc*
+# .prettierrc*
+.editorconfig
+nodemon.json

.eslintignore

@@ -0,0 +1,14 @@
+# Dependencies
+node_modules/
+
+# Upload directories
+local_uploads/
+uploads/
+test_uploads/
+
+# Build directories
+dist/
+build/
+
+# Coverage directory
+coverage/ 

.eslintrc.json

@@ -0,0 +1,25 @@
+{
+  "env": {
+    "node": true,
+    "es2022": true
+  },
+  "extends": [
+    "eslint:recommended",
+    "plugin:node/recommended",
+    "prettier"
+  ],
+  "parserOptions": {
+    "ecmaVersion": 2022
+  },
+  "rules": {
+    "node/exports-style": ["error", "module.exports"],
+    "node/file-extension-in-import": ["error", "always"],
+    "node/prefer-global/buffer": ["error", "always"],
+    "node/prefer-global/console": ["error", "always"],
+    "node/prefer-global/process": ["error", "always"],
+    "node/prefer-global/url-search-params": ["error", "always"],
+    "node/prefer-global/url": ["error", "always"],
+    "node/prefer-promises/dns": "error",
+    "node/prefer-promises/fs": "error"
+  }
+} 

.gitignore

@@ -149,5 +149,55 @@ Thumbs.db
 # Development
 dev/*
 !dev/docker-compose.dev.yml
+!dev/Dockerfile.dev
+!dev/.dockerignore
 !dev/dev.sh
-!dev/README.md
+!dev/README.md
+
+# Dependencies
+node_modules/
+/.pnp
+.pnp.js
+
+# Testing
+/coverage
+.nyc_output
+
+# Production
+/build
+/dist
+
+# Development
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+dev/.env.dev
+
+# Debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Application specific
+/uploads/*
+/local_uploads/*
+!uploads/.gitkeep
+!local_uploads/.gitkeep
+
+# Misc
+*.log
+.env.*
+!.env.example
+!dev/.env.dev.example

.prettierrc

@@ -0,0 +1,9 @@
+{
+  "semi": true,
+  "trailingComma": "es5",
+  "singleQuote": true,
+  "printWidth": 100,
+  "tabWidth": 2,
+  "useTabs": false,
+  "endOfLine": "lf"
+} 

Dockerfile

@@ -1,26 +1,64 @@
-FROM node:18-alpine
+# Base stage for shared configurations
+FROM node:20-alpine as base
 
-# Install python and create virtual environment
+# Install python and create virtual environment with minimal dependencies
 RUN apk add --no-cache python3 py3-pip && \
-    python3 -m venv /opt/venv
+    python3 -m venv /opt/venv && \
+    rm -rf /var/cache/apk/*
 
 # Activate virtual environment and install apprise
 RUN . /opt/venv/bin/activate && \
-    pip install --no-cache-dir apprise
+    pip install --no-cache-dir apprise && \
+    find /opt/venv -type d -name "__pycache__" -exec rm -r {} +
 
 # Add virtual environment to PATH
 ENV PATH="/opt/venv/bin:$PATH"
 
-WORKDIR /app
+WORKDIR /usr/src/app
+
+# Dependencies stage
+FROM base as deps
 
 COPY package*.json ./
+RUN npm ci --only=production && \
+    # Remove npm cache
+    npm cache clean --force
+
+# Development stage
+FROM deps as development
+ENV NODE_ENV=development
+
+# Install dev dependencies
+RUN npm install && \
+    npm cache clean --force
+
+# Create upload directories
+RUN mkdir -p uploads local_uploads
 
-RUN npm install
+# Copy source with specific paths to avoid unnecessary files
+COPY src/ ./src/
+COPY public/ ./public/
+COPY __tests__/ ./__tests__/
+COPY dev/ ./dev/
+COPY .eslintrc.json .eslintignore ./
 
-COPY . .
+# Expose port
+EXPOSE 3000
+
+CMD ["npm", "run", "dev"]
 
+# Production stage
+FROM deps as production
+ENV NODE_ENV=production
+
+# Create upload directory
 RUN mkdir -p uploads
 
+# Copy only necessary source files
+COPY src/ ./src/
+COPY public/ ./public/
+
+# Expose port
 EXPOSE 3000
 
-CMD ["node", "server.js"]
+CMD ["npm", "start"]