maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LearnSpace: full-stack educational whiteboard platform

Browse Source 
Node.js/Express backend + vanilla JS frontend.
Features: real-time collaborative whiteboard (SSE), multi-page support,
LaTeX formulas, shapes/connectors, coordinate systems, number lines,
compass, zoom/pan, Catmull-Rom pencil smoothing, ruler/protractor with
rotation & resize controls, minimap navigation overlay, auto-measurements,
multi-page thumbnails sidebar, PNG export, page templates.
Student/teacher workflows: classes, assignments, library, dashboard.
Mobile responsive. SQLite (better-sqlite3).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Maxim Dolgolyov
2026-04-12 10:10:37 +03:00
commit be4d43105e
204 changed files with 118117 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/server.js
+327
View File
@@ -0,0 +1,327 @@
const config = require('./config'); // validates .env, fails fast on error
const logger = require('./utils/logger'); // structured logging
require('./db/migrate'); // авто-миграция при каждом старте
const { seedDefaults: seedPermissions } = require('./controllers/permissionsController');
seedPermissions();
const express = require('express');
const cors = require('cors');
const path = require('path');
const compression = require('compression');
const authRoutes = require('./routes/auth');
const subjectRoutes = require('./routes/subjects');
const sessionRoutes = require('./routes/sessions');
const adminRoutes = require('./routes/admin');
const questionRoutes = require('./routes/questions');
const classRoutes = require('./routes/classes');
const assignmentRoutes = require('./routes/assignments');
const fileRoutes = require('./routes/files');
const testRoutes = require('./routes/tests');
const notificationRoutes = require('./routes/notifications');
const permissionRoutes = require('./routes/permissions');
const submissionRoutes = require('./routes/submissions');
const courseRoutes = require('./routes/courses');
const lessonRoutes = require('./routes/lessons');
const gamificationRoutes = require('./routes/gamification');
const shopRoutes = require('./routes/shop');
const templateRoutes = require('./routes/templates');
const bookmarkRoutes = require('./routes/bookmarks');
const searchRoutes = require('./routes/search');
const flashcardRoutes = require('./routes/flashcards');
const settingsRoutes = require('./routes/settings');
const analyticsRoutes = require('./routes/analytics');
const liveRoutes = require('./routes/live');
const classroomRoutes = require('./routes/classroom');
const gamesRoutes = require('./routes/games');
const knowledgeMapRoutes = require('./routes/knowledgeMap');
const petRoutes = require('./routes/pet');
const collectionRoutes = require('./routes/collection');
const redBookRoutes = require('./routes/red-book');
const parentRoutes = require('./routes/parent');
const { requestId, errorHandler } = require('./middleware/errorHandler');
const app = express();
const PORT = config.PORT;
const isProd = config.isProd;
/* ── Gzip compression (skip SSE streams — compression buffers chunks and breaks real-time) ── */
app.use(compression({
filter: (req, res) => {
if (req.path.includes('/stream') || req.headers.accept === 'text/event-stream') return false;
return compression.filter(req, res);
},
}));
/* ── Request ID — attach before everything else ── */
app.use(requestId);
/* ── Security headers (no helmet dep needed) ── */
app.use((_req, res, next) => {
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
res.setHeader('X-XSS-Protection', '1; mode=block');
// classroom.html needs microphone + camera for WebRTC
const isClassroom = _req.path === '/classroom' || _req.path === '/classroom.html';
res.setHeader('Permissions-Policy',
isClassroom
? 'camera=(self), microphone=(self), geolocation=()'
: 'camera=(), microphone=(), geolocation=()'
);
res.setHeader('Content-Security-Policy',
"default-src 'self'; " +
"script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net; " +
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; " +
"font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; " +
"img-src 'self' data: blob: https:; " +
"connect-src 'self' https://cdn.jsdelivr.net https://stun.l.google.com; " +
"frame-src https://www.youtube.com https://rutube.ru https://player.vimeo.com; " +
"frame-ancestors 'none'" +
(isProd ? "; upgrade-insecure-requests" : "")
);
if (isProd) res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
next();
});
/* ── Request logger ── */
app.use((req, res, next) => {
const start = Date.now();
res.on('finish', () => {
const ms = Date.now() - start;
const status = res.statusCode;
const level = status >= 500 ? 'error' : status >= 400 ? 'warn' : 'info';
logger[level](`${req.method} ${req.path}`, {
status, ms, requestId: req.requestId,
userId: req.user?.id,
});
});
next();
});
/* ── CORS ── */
app.set('trust proxy', 1);
const allowedOrigins = [process.env.CLIENT_ORIGIN].filter(Boolean);
app.use(cors({
origin: (origin, cb) => {
if (!origin) return cb(null, !isProd); // dev: allow, prod: block
cb(null, allowedOrigins.includes(origin) ? origin : false);
},
credentials: true
}));
/* ── Body parser with size limit ── */
app.use(express.json({ limit: '1mb' }));
/* ── Global API rate limit ── */
const rateLimit = require('./middleware/rateLimit');
// Classroom real-time endpoints (cursor, stroke-preview) fire ~10/s per user — higher limit
app.use('/api/classroom', rateLimit({ windowMs: 60_000, max: 6000, message: 'Слишком много запросов' }));
app.use('/api', rateLimit({ windowMs: 60_000, max: 600, message: 'Слишком много запросов, подождите минуту' }));
/* ── Routes ── */
app.use('/api/auth', authRoutes);
app.use('/api/subjects', subjectRoutes);
app.use('/api/sessions', sessionRoutes);
app.use('/api/admin', adminRoutes);
app.use('/api/questions', questionRoutes);
app.use('/api/classes', classRoutes);
app.use('/api/assignments', assignmentRoutes);
app.use('/api/files', fileRoutes);
app.use('/api/tests', testRoutes);
app.use('/api/notifications', notificationRoutes);
app.use('/api/permissions', permissionRoutes);
app.use('/api/submissions', submissionRoutes);
app.use('/api/courses', courseRoutes);
app.use('/api/lessons', lessonRoutes);
app.use('/api/gamification', gamificationRoutes);
app.use('/api/shop', shopRoutes);
app.use('/api/templates', templateRoutes);
app.use('/api/bookmarks', bookmarkRoutes);
app.use('/api/search', searchRoutes);
app.use('/api/flashcards', flashcardRoutes);
app.use('/api/settings', settingsRoutes);
app.use('/api/analytics', analyticsRoutes);
app.use('/api/live', liveRoutes);
app.use('/api/classroom', classroomRoutes);
app.use('/api/games', gamesRoutes);
app.use('/api/knowledge-map', knowledgeMapRoutes);
app.use('/api/pet', petRoutes);
app.use('/api/collection', collectionRoutes);
app.use('/api/red-book', redBookRoutes);
app.use('/api/biochem', require('./routes/biochem'));
app.use('/api/parent', parentRoutes);
/* ── Public features endpoint (merges global + per-class for authenticated students) ── */
const _featDb = require('./db/db');
const _stmtGlobalFeats = _featDb.prepare("SELECT key, value FROM app_settings WHERE key LIKE 'feature_%'");
const _stmtClassFeats = _featDb.prepare(
'SELECT c.features FROM classes c JOIN class_members cm ON cm.class_id = c.id WHERE cm.user_id = ?'
);
const _stmtFreeStudentFeats = _featDb.prepare("SELECT value FROM app_settings WHERE key = 'free_student_features'");
const _jwtLib = require('jsonwebtoken');
app.get('/api/features', (req, res) => {
const rows = _stmtGlobalFeats.all();
const features = {};
for (const r of rows) {
const name = r.key.replace('feature_', '').replace('_enabled', '');
features[name] = r.value === '1';
}
// Prevent browser caching — class features change when teacher updates settings
res.setHeader('Cache-Control', 'no-store');
// For authenticated students: overlay class-specific feature flags
const token = (req.headers.authorization || '').replace('Bearer ', '');
if (token) {
try {
const payload = _jwtLib.verify(token, process.env.JWT_SECRET, { algorithms: ['HS256'] });
if (payload.role === 'student' || payload.role === 'free_student') {
const classes = _stmtClassFeats.all(payload.id);
if (classes.length === 0 && payload.role === 'student') {
features._no_class = true; // regular student has no class — restrict access
}
for (const cls of classes) {
if (!cls.features) continue;
try {
const f = JSON.parse(cls.features);
for (const [key, val] of Object.entries(f)) {
if (val === false) features[key] = false;
}
} catch (e) { console.error('[features] class JSON parse error:', e.message); }
}
// Apply role-level free_student restrictions (set by admin)
if (payload.role === 'free_student') {
const fsRow = _stmtFreeStudentFeats.get();
if (fsRow?.value) {
try {
const fsFeats = JSON.parse(fsRow.value);
for (const [key, val] of Object.entries(fsFeats)) {
if (val === false) features[key] = false;
}
} catch (e) { console.error('[features] free_student JSON parse error:', e.message); }
}
}
}
} catch { /* invalid/expired token — anonymous features */ }
}
res.json(features);
});
/* ── Health check ── */
const _startTime = Date.now();
const _pkg = require('../package.json');
const _db = require('./db/db');
app.get('/api/health', (req, res) => {
let dbStatus = 'ok';
let dbLatencyMs = null;
try {
const t0 = Date.now();
_db.prepare('SELECT 1').get();
dbLatencyMs = Date.now() - t0;
} catch {
dbStatus = 'error';
}
const status = dbStatus === 'ok' ? 'ok' : 'degraded';
const httpStatus = status === 'ok' ? 200 : 503;
// Minimal public response — no version/runtime details
const pub = { status, timestamp: new Date().toISOString() };
// Detailed response only for authenticated admins
const token = (req.headers.authorization || '').replace('Bearer ', '');
if (token) {
try {
const jwt = require('jsonwebtoken');
const payload = jwt.verify(token, process.env.JWT_SECRET, { algorithms: ['HS256'] });
const u = _db.prepare('SELECT role FROM users WHERE id = ?').get(payload.id);
if (u?.role === 'admin') {
const uptimeSec = Math.floor((Date.now() - _startTime) / 1000);
return res.status(httpStatus).json({
...pub,
version: _pkg.version,
uptime: { seconds: uptimeSec, human: _fmtUptime(uptimeSec) },
db: { status: dbStatus, latency_ms: dbLatencyMs },
node: process.version,
env: process.env.NODE_ENV || 'development',
});
}
} catch { /* invalid token → fall through to public response */ }
}
res.status(httpStatus).json(pub);
});
function _fmtUptime(s) {
const d = Math.floor(s / 86400);
const h = Math.floor((s % 86400) / 3600);
const m = Math.floor((s % 3600) / 60);
const sec = s % 60;
if (d > 0) return `${d}d ${h}h ${m}m`;
if (h > 0) return `${h}h ${m}m ${sec}s`;
if (m > 0) return `${m}m ${sec}s`;
return `${sec}s`;
}
/* ── Static frontend ── */
const frontendDir = path.join(__dirname, '../../frontend');
const jsDir = path.join(__dirname, '../../js');
const staticCache = isProd ? { maxAge: '7d' } : { setHeaders: (res) => res.setHeader('Cache-Control', 'no-store') };
app.use('/js', express.static(jsDir, staticCache));
app.use('/css', express.static(path.join(frontendDir, 'css'), staticCache));
app.use('/img', express.static(path.join(frontendDir, 'img'), staticCache));
// Redirect legacy .html URLs → clean URLs (301)
app.use((req, res, next) => {
if (req.path.endsWith('.html') && !req.path.startsWith('/api/')) {
const clean = req.path.slice(0, -5);
const qs = req.url.slice(req.path.length); // preserve ?query
return res.redirect(301, clean + qs);
}
next();
});
// Serve HTML files without extension (/dashboard → dashboard.html)
// In dev: disable cache so edits are always picked up immediately
const htmlCacheOpts = isProd ? { extensions: ['html'] } : {
extensions: ['html'],
setHeaders: (res, filePath) => {
if (filePath.endsWith('.html')) res.setHeader('Cache-Control', 'no-store');
},
};
app.use(express.static(frontendDir, htmlCacheOpts));
app.get('/', (_req, res) => res.sendFile(path.join(frontendDir, 'login.html')));
app.get('/login', (_req, res) => res.sendFile(path.join(frontendDir, 'login.html')));
/* ── Custom error pages ── */
app.get('/403', (_req, res) => res.status(403).sendFile(path.join(frontendDir, '403.html')));
app.get('/404', (_req, res) => res.status(404).sendFile(path.join(frontendDir, '404.html')));
app.get('/500', (_req, res) => res.status(500).sendFile(path.join(frontendDir, '500.html')));
/* ── Global error handler ── */
app.use(errorHandler);
app.use((_req, res) => res.status(404).sendFile(path.join(frontendDir, '404.html')));
const server = app.listen(PORT, () => logger.info(`Server running on port ${PORT}`, { env: config.NODE_ENV }));
/* ── Graceful shutdown ── */
function shutdown(signal) {
logger.info(`${signal} received — shutting down gracefully`);
server.close(() => {
try {
const _shutDb = require('./db/db');
_shutDb.exec('PRAGMA optimize');
_shutDb.close();
} catch (e) { logger.error('db close error', { err: e.message }); }
logger.info('Server closed');
process.exit(0);
});
// Force exit after 5s if connections hang
setTimeout(() => process.exit(1), 5000).unref();
}
process.on('SIGTERM', () => shutdown('SIGTERM'));
process.on('SIGINT', () => shutdown('SIGINT'));