make async database integrity check

Merge pull request #2 from ZimengXiong/fix-bind-mount-prisma
fix bind mount prisma, auto hydrate empty folder
2025-11-22 21:59:18 -08:00 · 2025-11-22 20:25:44 -08:00 · 2025-11-22 20:25:07 -08:00 · 2025-11-22 19:18:05 -08:00 · 2025-11-22 19:14:55 -08:00 · 2025-11-22 19:07:28 -08:00
11 changed files with 122 additions and 28 deletions
@@ -36,8 +36,9 @@ COPY package*.json ./
 # Install production dependencies only
 RUN npm ci --only=production

-# Copy prisma schema and migrations
+# Copy prisma schema and migrations for runtime and hydration template
 COPY prisma ./prisma/
+COPY prisma ./prisma_template/

 # Copy built application from builder
 COPY --from=builder /app/dist ./dist
@@ -1,6 +1,12 @@
 #!/bin/sh
 set -e

+# Auto-hydrate prisma directory when bind-mounted volume is empty
+if [ ! -f "/app/prisma/schema.prisma" ]; then
+	echo "Mount is empty. Hydrating /app/prisma from /app/prisma_template..."
+	cp -R /app/prisma_template/. /app/prisma/
+fi
+
 # Run migrations
 npx prisma migrate deploy

@@ -4,7 +4,7 @@
 generator client {
  provider      = "prisma-client-js"
  output        = "../src/generated/client"
-  binaryTargets = ["native", "linux-musl-arm64-openssl-3.0.x"]
+  binaryTargets = ["native", "linux-musl-arm64-openssl-3.0.x", "linux-musl-openssl-3.0.x"]
 }

 datasource db {
@@ -148,6 +148,10 @@ const config = {
      {
        "fromEnvVar": null,
        "value": "linux-musl-arm64-openssl-3.0.x"
+      },
+      {
+        "fromEnvVar": null,
+        "value": "linux-musl-openssl-3.0.x"
      }
    ],
    "previewFeatures": [],
@@ -165,6 +169,7 @@ const config = {
    "db"
  ],
  "activeProvider": "sqlite",
+  "postinstall": false,
  "inlineDatasources": {
    "db": {
      "url": {
@@ -173,8 +178,8 @@ const config = {
      }
    }
  },
-  "inlineSchema": "// This is your Prisma schema file,\n// learn more about it in the docs: https://pris.ly/d/prisma-schema\n\ngenerator client {\n  provider      = \"prisma-client-js\"\n  output        = \"../src/generated/client\"\n  binaryTargets = [\"native\", \"linux-musl-arm64-openssl-3.0.x\"]\n}\n\ndatasource db {\n  provider = \"sqlite\"\n  url      = env(\"DATABASE_URL\")\n}\n\nmodel Collection {\n  id        String    @id @default(uuid())\n  name      String\n  drawings  Drawing[]\n  createdAt DateTime  @default(now())\n  updatedAt DateTime  @updatedAt\n}\n\nmodel Drawing {\n  id           String      @id @default(uuid())\n  name         String\n  elements     String // Stored as JSON string\n  appState     String // Stored as JSON string\n  files        String      @default(\"{}\") // Stored as JSON string\n  preview      String? // SVG string for thumbnail\n  version      Int         @default(1)\n  collectionId String?\n  collection   Collection? @relation(fields: [collectionId], references: [id])\n  createdAt    DateTime    @default(now())\n  updatedAt    DateTime    @updatedAt\n}\n",
-  "inlineSchemaHash": "9864a039193c73ddda01fd51751788fa5729bb0a603a9379a3fa314a4aced64f",
+  "inlineSchema": "// This is your Prisma schema file,\n// learn more about it in the docs: https://pris.ly/d/prisma-schema\n\ngenerator client {\n  provider      = \"prisma-client-js\"\n  output        = \"../src/generated/client\"\n  binaryTargets = [\"native\", \"linux-musl-arm64-openssl-3.0.x\", \"linux-musl-openssl-3.0.x\"]\n}\n\ndatasource db {\n  provider = \"sqlite\"\n  url      = env(\"DATABASE_URL\")\n}\n\nmodel Collection {\n  id        String    @id @default(uuid())\n  name      String\n  drawings  Drawing[]\n  createdAt DateTime  @default(now())\n  updatedAt DateTime  @updatedAt\n}\n\nmodel Drawing {\n  id           String      @id @default(uuid())\n  name         String\n  elements     String // Stored as JSON string\n  appState     String // Stored as JSON string\n  files        String      @default(\"{}\") // Stored as JSON string\n  preview      String? // SVG string for thumbnail\n  version      Int         @default(1)\n  collectionId String?\n  collection   Collection? @relation(fields: [collectionId], references: [id])\n  createdAt    DateTime    @default(now())\n  updatedAt    DateTime    @updatedAt\n}\n",
+  "inlineSchemaHash": "30da526c2a5efdf3e5097c3736a52d47246ca4da8e5bd0401a3f28dd46ab5c3e",
  "copyEngine": true
 }
 config.dirname = '/'
@@ -149,6 +149,10 @@ const config = {
      {
        "fromEnvVar": null,
        "value": "linux-musl-arm64-openssl-3.0.x"
+      },
+      {
+        "fromEnvVar": null,
+        "value": "linux-musl-openssl-3.0.x"
      }
    ],
    "previewFeatures": [],
@@ -166,6 +170,7 @@ const config = {
    "db"
  ],
  "activeProvider": "sqlite",
+  "postinstall": false,
  "inlineDatasources": {
    "db": {
      "url": {
@@ -174,8 +179,8 @@ const config = {
      }
    }
  },
-  "inlineSchema": "// This is your Prisma schema file,\n// learn more about it in the docs: https://pris.ly/d/prisma-schema\n\ngenerator client {\n  provider      = \"prisma-client-js\"\n  output        = \"../src/generated/client\"\n  binaryTargets = [\"native\", \"linux-musl-arm64-openssl-3.0.x\"]\n}\n\ndatasource db {\n  provider = \"sqlite\"\n  url      = env(\"DATABASE_URL\")\n}\n\nmodel Collection {\n  id        String    @id @default(uuid())\n  name      String\n  drawings  Drawing[]\n  createdAt DateTime  @default(now())\n  updatedAt DateTime  @updatedAt\n}\n\nmodel Drawing {\n  id           String      @id @default(uuid())\n  name         String\n  elements     String // Stored as JSON string\n  appState     String // Stored as JSON string\n  files        String      @default(\"{}\") // Stored as JSON string\n  preview      String? // SVG string for thumbnail\n  version      Int         @default(1)\n  collectionId String?\n  collection   Collection? @relation(fields: [collectionId], references: [id])\n  createdAt    DateTime    @default(now())\n  updatedAt    DateTime    @updatedAt\n}\n",
-  "inlineSchemaHash": "9864a039193c73ddda01fd51751788fa5729bb0a603a9379a3fa314a4aced64f",
+  "inlineSchema": "// This is your Prisma schema file,\n// learn more about it in the docs: https://pris.ly/d/prisma-schema\n\ngenerator client {\n  provider      = \"prisma-client-js\"\n  output        = \"../src/generated/client\"\n  binaryTargets = [\"native\", \"linux-musl-arm64-openssl-3.0.x\", \"linux-musl-openssl-3.0.x\"]\n}\n\ndatasource db {\n  provider = \"sqlite\"\n  url      = env(\"DATABASE_URL\")\n}\n\nmodel Collection {\n  id        String    @id @default(uuid())\n  name      String\n  drawings  Drawing[]\n  createdAt DateTime  @default(now())\n  updatedAt DateTime  @updatedAt\n}\n\nmodel Drawing {\n  id           String      @id @default(uuid())\n  name         String\n  elements     String // Stored as JSON string\n  appState     String // Stored as JSON string\n  files        String      @default(\"{}\") // Stored as JSON string\n  preview      String? // SVG string for thumbnail\n  version      Int         @default(1)\n  collectionId String?\n  collection   Collection? @relation(fields: [collectionId], references: [id])\n  createdAt    DateTime    @default(now())\n  updatedAt    DateTime    @updatedAt\n}\n",
+  "inlineSchemaHash": "30da526c2a5efdf3e5097c3736a52d47246ca4da8e5bd0401a3f28dd46ab5c3e",
  "copyEngine": true
 }

@@ -219,6 +224,10 @@ path.join(process.cwd(), "src/generated/client/libquery_engine-darwin-arm64.dyli
 // file annotations for bundling tools to include these files
 path.join(__dirname, "libquery_engine-linux-musl-arm64-openssl-3.0.x.so.node");
 path.join(process.cwd(), "src/generated/client/libquery_engine-linux-musl-arm64-openssl-3.0.x.so.node")
+
+// file annotations for bundling tools to include these files
+path.join(__dirname, "libquery_engine-linux-musl-openssl-3.0.x.so.node");
+path.join(process.cwd(), "src/generated/client/libquery_engine-linux-musl-openssl-3.0.x.so.node")
 // file annotations for bundling tools to include these files
 path.join(__dirname, "schema.prisma");
 path.join(process.cwd(), "src/generated/client/schema.prisma")
@@ -1,5 +1,5 @@
 {
-  "name": "prisma-client-04007c5051869a2f5298bd562ab2fb60a423747e0d5699dd1a73a4757b2657b6",
+  "name": "prisma-client-6afe3d9baa793154c8d01c79f8418d91423e5ccaec794547bf848a451459cf53",
  "main": "index.js",
  "types": "index.d.ts",
  "browser": "index-browser.js",
@@ -4,7 +4,7 @@
 generator client {
  provider      = "prisma-client-js"
  output        = "../src/generated/client"
-  binaryTargets = ["native", "linux-musl-arm64-openssl-3.0.x"]
+  binaryTargets = ["native", "linux-musl-arm64-openssl-3.0.x", "linux-musl-openssl-3.0.x"]
 }

 datasource db {
@@ -5,6 +5,7 @@ import path from "path";
 import fs from "fs";
 import { createServer } from "http";
 import { Server } from "socket.io";
+import { Worker } from "worker_threads";
 import multer from "multer";
 import archiver from "archiver";
 import Database from "better-sqlite3";
@@ -38,7 +39,26 @@ const resolveDatabaseUrl = (rawUrl?: string) => {
 process.env.DATABASE_URL = resolveDatabaseUrl(process.env.DATABASE_URL);
 console.log("Resolved DATABASE_URL:", process.env.DATABASE_URL);

-const allowedOrigin = process.env.FRONTEND_URL || "http://localhost:6767";
+const normalizeOrigins = (rawOrigins?: string | null): string[] => {
+  const fallback = "http://localhost:6767";
+  if (!rawOrigins || rawOrigins.trim().length === 0) {
+    return [fallback];
+  }
+
+  const ensureProtocol = (origin: string) =>
+    /^https?:\/\//i.test(origin) ? origin : `http://${origin}`;
+
+  const parsed = rawOrigins
+    .split(",")
+    .map((origin) => origin.trim())
+    .filter((origin) => origin.length > 0)
+    .map(ensureProtocol);
+
+  return parsed.length > 0 ? parsed : [fallback];
+};
+
+const allowedOrigins = normalizeOrigins(process.env.FRONTEND_URL);
+console.log("Allowed origins:", allowedOrigins);

 const uploadDir = path.resolve(__dirname, "../uploads");
 if (!fs.existsSync(uploadDir)) {
@@ -49,7 +69,7 @@ const app = express();
 const httpServer = createServer(app);
 const io = new Server(httpServer, {
  cors: {
-    origin: allowedOrigin,
+    origin: allowedOrigins,
    credentials: true,
  },
  maxHttpBufferSize: 1e8, // 100 MB
@@ -62,7 +82,7 @@ const upload = multer({ dest: uploadDir });

 app.use(
  cors({
-    origin: allowedOrigin,
+    origin: allowedOrigins,
    credentials: true,
  })
 );
@@ -106,21 +126,31 @@ const respondWithValidationErrors = (
  });
 };

-const runIntegrityCheck = (filePath: string): boolean => {
-  let dbInstance: Database.Database | undefined;
-  try {
-    dbInstance = new Database(filePath, {
-      readonly: true,
-      fileMustExist: true,
-    });
-    const result = dbInstance.prepare("PRAGMA integrity_check;").get();
-    return result?.integrity_check === "ok";
-  } catch (error) {
-    console.error("Integrity check failed:", error);
-    return false;
-  } finally {
-    dbInstance?.close();
+// Non-blocking CPU check using worker threads
+const verifyDatabaseIntegrityAsync = (filePath: string): Promise<boolean> => {
+  return new Promise((resolve) => {
+    const worker = new Worker(
+      path.resolve(__dirname, "./workers/db-verify.js"),
+      {
+        workerData: { filePath },
      }
+    );
+
+    worker.on("message", (isValid: boolean) => resolve(isValid));
+    worker.on("error", (err) => {
+      console.error("Worker error:", err);
+      resolve(false);
+    });
+    worker.on("exit", (code) => {
+      if (code !== 0) resolve(false);
+    });
+
+    // Kill worker if it takes too long (DoS protection)
+    setTimeout(() => {
+      worker.terminate();
+      resolve(false);
+    }, 10000); // 10 second timeout
+  });
 };

 const removeFileIfExists = (filePath?: string) => {
@@ -626,7 +656,7 @@ app.post("/import/sqlite/verify", upload.single("db"), async (req, res) => {
    }

    const stagedPath = req.file.path;
-    const isValid = runIntegrityCheck(stagedPath);
+    const isValid = await verifyDatabaseIntegrityAsync(stagedPath);
    removeFileIfExists(stagedPath);

    if (!isValid) {
@@ -665,7 +695,7 @@ app.post("/import/sqlite", upload.single("db"), async (req, res) => {
      return res.status(500).json({ error: "Failed to stage uploaded file" });
    }

-    const isValid = runIntegrityCheck(stagedPath);
+    const isValid = await verifyDatabaseIntegrityAsync(stagedPath);
    if (!isValid) {
      removeFileIfExists(stagedPath);
      return res
@@ -0,0 +1,18 @@
+const { parentPort, workerData } = require('worker_threads');
+const Database = require('better-sqlite3');
+
+if (!parentPort) throw new Error("Must be run in a worker thread");
+
+try {
+  const { filePath } = workerData;
+  const db = new Database(filePath, { readonly: true, fileMustExist: true });
+  
+  // This is the CPU-heavy operation
+  const result = db.prepare("PRAGMA integrity_check;").get();
+  
+  db.close();
+  parentPort.postMessage(result.integrity_check === "ok");
+} catch (error) {
+  // Any error means invalid or corrupt DB
+  parentPort.postMessage(false);
+}
@@ -80,6 +80,31 @@ const COLORS = [
  "#f43f5e", // rose-500
 ];

+const generateClientId = (): string => {
+  const cryptoObj: Crypto | undefined =
+    typeof globalThis !== "undefined"
+      ? globalThis.crypto || (globalThis as any).msCrypto
+      : undefined;
+
+  if (cryptoObj?.randomUUID) {
+    return cryptoObj.randomUUID();
+  }
+
+  if (cryptoObj?.getRandomValues) {
+    const bytes = new Uint8Array(16);
+    cryptoObj.getRandomValues(bytes);
+    bytes[6] = (bytes[6] & 0x0f) | 0x40; // RFC 4122 variant
+    bytes[8] = (bytes[8] & 0x3f) | 0x80;
+    const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0"));
+    return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex
+      .slice(6, 8)
+      .join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
+  }
+
+  // Final fallback for very old browsers; uniqueness window-scoped only.
+  return `id-${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
+};
+
 export const getUserIdentity = (): UserIdentity => {
  const stored = localStorage.getItem("excalidash-user-id");
  if (stored) {
@@ -91,7 +116,7 @@ export const getUserIdentity = (): UserIdentity => {
  const randomColor = COLORS[Math.floor(Math.random() * COLORS.length)];

  const identity: UserIdentity = {
-    id: crypto.randomUUID(),
+    id: generateClientId(),
    name: randomTransformer.name,
    initials: randomTransformer.initials,
    color: randomColor,
Author	SHA1	Message	Date
Zimeng Xiong	bb42187ba8	make async database integrity check	2025-11-22 21:59:18 -08:00
Zimeng Xiong	888834c8f0	Merge pull request #2 from ZimengXiong/fix-bind-mount-prisma fix bind mount prisma, auto hydrate empty folder	2025-11-22 20:25:44 -08:00
Zimeng Xiong	ae8f6d696e	fix bind mount prisma, auto hydrate empty folder	2025-11-22 20:25:07 -08:00
Zimeng Xiong	77c1824b00	add fallback for browsers that do not have crypto.randomUUID	2025-11-22 19:18:05 -08:00
Zimeng Xiong	c54a2ae5e7	add CORS fallback	2025-11-22 19:14:55 -08:00
Zimeng Xiong	55162c0b93	fix: add linux-musl-openssl-3.0.x	2025-11-22 19:07:28 -08:00