NiLai_Clock/Nilai_Clock
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SSL certificates and database schema for attendance management system

Browse Source 
- Added SSL certificate (cert.pem) for secure communication.
- Added private key (key.pem) for SSL configuration.
- Added root CA certificate (rootCA.pem) for certificate validation.
- Created initial database schema in dev.sql with tables for system configuration, worker profiles, attendance rules, notifications, geofence zones, shift schedules, overtime records, leave requests, and payroll records.
- Inserted sample data for system configuration and attendance rules.
This commit is contained in:
sudomarcma
2025-07-14 15:28:28 +08:00
parent 3aa4897bc5
commit 4587fad562
6 changed files with 912 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/server.js
+599 -80
View File
@@ -1,23 +1,166 @@
import express from 'express'
import cors from 'cors'
import https from 'https'
import http from 'http'
import fs from 'fs'
import path from 'path'
import { fileURLToPath } from 'url'
import { Parser } from 'json2csv'
import { v4 as uuidv4 } from 'uuid'
import mysql from 'mysql2/promise'
import dotenv from 'dotenv'
import bcrypt from 'bcrypt'
import jwt from 'jsonwebtoken'
// --- FIX START ---
// Import only the required functions from turf
import { point, polygon, booleanPointInPolygon, pointToLineDistance } from '@turf/turf'
// --- FIX END ---
import { point, polygon, booleanPointInPolygon, pointToLineDistance } from '@turf/turf'
async function validateDeviceForUser(userId, deviceUuid, db) {
try {
// Step 1: Get user's current registered device UUID from workers table
const [userRows] = await db.execute(
'SELECT device_uuid, role, username FROM workers WHERE id = ?',
[userId]
)
if (userRows.length === 0) {
return {
valid: false,
message: 'User not found'
}
}
const user = userRows[0]
const registeredDeviceUuid = user.device_uuid
// Step 2: If no device is registered for this user (NULL device_uuid)
if (!registeredDeviceUuid) {
// Check if this device UUID is already registered to another user
const [otherUserRows] = await db.execute(
'SELECT id, username FROM workers WHERE device_uuid = ? AND id != ?',
[deviceUuid, userId]
)
if (otherUserRows.length > 0) {
// Log security alert for device conflict
await logSecurityAlert(userId, 'device_conflict', {
attempted_device_uuid: deviceUuid,
conflicting_user: otherUserRows[0].username,
message: 'Attempted to register device already assigned to another user'
}, db)
return {
valid: false,
message: 'Device is already registered to another account'
}
}
// Step 3: Auto-register this device for the user (initial setup)
await db.execute(
'UPDATE workers SET device_uuid = ? WHERE id = ?',
[deviceUuid, userId]
)
console.log(`Auto-registered device ${deviceUuid} for user ${userId} (${user.username}) - initial setup`)
return {
valid: true,
message: 'Device registered successfully for first-time login'
}
}
// Step 4: User has a registered device - check if current device matches
if (registeredDeviceUuid === deviceUuid) {
// Device UUID matches - allow login
return {
valid: true,
message: 'Device validated successfully'
}
}
// Step 5: Device UUID mismatch - log security alert and reject
await logSecurityAlert(userId, 'unauthorized_device_attempt', {
registered_device_uuid: registeredDeviceUuid,
attempted_device_uuid: deviceUuid,
username: user.username,
message: 'Login attempt from unauthorized device'
}, db)
return {
valid: false,
message: 'This device is not authorized for your account. Please use your registered device.'
}
} catch (error) {
console.error('Device validation error:', error)
return {
valid: false,
message: 'Device validation failed'
}
}
}
// Helper function to log security alerts for device validation issues
async function logSecurityAlert(userId, alertType, alertData, db) {
try {
await db.execute(
'INSERT INTO security_alerts (user_id, alert_type, alert_data, severity, created_at) VALUES (?, ?, ?, ?, NOW())',
[userId, alertType, JSON.stringify(alertData), 'medium']
)
console.log(`Security alert logged: ${alertType} for user ${userId}`)
} catch (error) {
console.error('Failed to log security alert:', error)
}
}
// Helper function to register a new device for user (simplified for workers table)
async function registerDeviceForUser(userId, deviceUuid, db) {
try {
// Check if device is already registered to another user
const [otherUserRows] = await db.execute(
'SELECT id, username FROM workers WHERE device_uuid = ? AND id != ?',
[deviceUuid, userId]
)
if (otherUserRows.length > 0) {
// Log security alert for device conflict
await logSecurityAlert(userId, 'device_registration_conflict', {
attempted_device_uuid: deviceUuid,
conflicting_user: otherUserRows[0].username,
message: 'Attempted to register device already assigned to another user'
}, db)
return {
success: false,
message: 'Device is already registered to another account'
}
}
// Register device by updating workers table
await db.execute(
'UPDATE workers SET device_uuid = ? WHERE id = ?',
[deviceUuid, userId]
)
console.log(`Device ${deviceUuid} registered for user ${userId}`)
return {
success: true,
message: 'Device registered successfully'
}
} catch (error) {
console.error('Device registration error:', error)
return {
success: false,
message: 'Database error during device registration'
}
}
}
// Main function to start the server
async function startServer() {
dotenv.config()
dotenv.config({ path: path.join(path.dirname(fileURLToPath(import.meta.url)), '.env') })
const app = express()
const port = 3000
// --- Database Connection ---
const db = mysql.createPool({
@@ -42,29 +185,86 @@ async function startServer() {
}
// Define the geofence polygon by calling the 'polygon' function directly
const geofence = polygon([
[
[101.80827335908509, 2.8350045747358337],
[101.80822799653066, 2.8340134829130363],
[101.80827902940462, 2.8335264317641418],
[101.80941309326164, 2.8332772427247335],
[101.81144873788423, 2.834596811345506],
[101.81166988033686, 2.8345911479647157],
[101.81199875885511, 2.83593336858695],
[101.80827335908509, 2.8350045747358337],
],
])
// const geofence = polygon([
// [
// [101.80827335908509, 2.8350045747358337],
// [101.80822799653066, 2.8340134829130363],
// [101.80827902940462, 2.8335264317641418],
// [101.80941309326164, 2.8332772427247335],
// [101.81144873788423, 2.834596811345506],
// [101.81166988033686, 2.8345911479647157],
// [101.81199875885511, 2.83593336858695],
// [101.80827335908509, 2.8350045747358337],
// ],
// ])
const geofence = polygon([
[
[113.35311466293217, 23.161344441258407],
[113.28591534444001, 23.161344441258407],
[113.28591534444001, 23.091366234233973],
[113.35311466293217, 23.091366234233973],
[113.35311466293217, 23.161344441258407]
]
])
app.use(cors())
// Enhanced CORS configuration for HTTPS and mobile development
const corsOptions = {
origin: function (origin, callback) {
// Allow requests with no origin (mobile apps, Postman, etc.)
if (!origin) return callback(null, true)
// Define allowed origins
const allowedOrigins = [
'http://localhost:5173',
'https://localhost:5173',
'capacitor://localhost',
'ionic://localhost',
'http://localhost',
'https://localhost'
]
// Add environment-specific origins
if (process.env.CORS_ORIGIN) {
const envOrigins = process.env.CORS_ORIGIN.split(',')
allowedOrigins.push(...envOrigins)
}
// Add local IP origins for mobile testing
if (process.env.SERVER_IP) {
const serverIP = process.env.SERVER_IP
allowedOrigins.push(
`http://${serverIP}:5173`,
`https://${serverIP}:5173`,
`http://${serverIP}:3000`,
`https://${serverIP}:3443`
)
}
// Check if origin is allowed
if (allowedOrigins.indexOf(origin) !== -1 || origin.startsWith('capacitor://') || origin.startsWith('ionic://')) {
callback(null, true)
} else {
console.log('CORS blocked origin:', origin)
callback(null, true) // Allow all origins in development
}
},
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'ngrok-skip-browser-warning'],
exposedHeaders: ['Content-Range', 'X-Content-Range']
}
app.use(cors(corsOptions))
app.use(express.json())
// --- API Endpoints ---
// Auth Endpoint
// Auth Endpoint with Device UUID validation
app.post('/api/auth/login', async (req, res) => {
try {
const { username, password } = req.body
const { username, password, deviceUuid } = req.body
const [rows] = await db.execute(
'SELECT id, role, password_hash FROM workers WHERE username = ?',
[username],
@@ -73,6 +273,17 @@ async function startServer() {
const user = rows[0]
const passwordMatch = await bcrypt.compare(password, user.password_hash)
if (passwordMatch) {
// Check device UUID validation if provided, but skip for managers
if (deviceUuid && user.role !== 'manager') {
const deviceValidation = await validateDeviceForUser(user.id, deviceUuid, db)
if (!deviceValidation.valid) {
return res.status(403).json({
message: 'Device not authorized for this account',
deviceError: deviceValidation.message
})
}
}
const token = jwt.sign({ userId: user.id, role: user.role }, process.env.JWT_SECRET, {
expiresIn: '1h',
})
@@ -98,77 +309,99 @@ async function startServer() {
jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
if (err) {
return res.sendStatus(403)
return res.status(403).json({ message: 'Forbidden' })
}
req.user = user
next()
})
} else {
res.sendStatus(401)
res.status(401).json({ message: 'Unauthorized' })
}
}
// Worker Clock In/Out Endpoint
// Worker Clock In/Out Endpoint - Optimized Version
app.post('/api/clock', authenticateJWT, async (req, res) => {
try {
const { userId, eventType, qrCodeValue, latitude, longitude } = req.body
const { userId, eventType, qrCodeValue, latitude, longitude, notes } = req.body;
const connection = await db.getConnection(); // Get connection from pool first
// Geofencing check using the directly imported functions
const userLocation = point([longitude, latitude]);
const isWithinGeofence = booleanPointInPolygon(userLocation, geofence);
try {
// Start transaction
await connection.beginTransaction();
if (!isWithinGeofence) {
// User is outside the geofence, log a 'failed' attempt
// Calculate the distance from the geofence
const distance = pointToLineDistance(userLocation, geofence.geometry.coordinates[0], { units: 'meters' });
// Create a descriptive note
const notes = `Clock-in outside of the zone: ${distance.toFixed(2)} meters.`;
// Bypass checks for special cases
if (qrCodeValue !== 'FORCE_CLOCK_OUT') {
// Parallelize geofence and QR code checks
const [geofenceCheck, qrCheck] = await Promise.all([
booleanPointInPolygon(point([longitude, latitude]), geofence),
connection.execute('SELECT name, is_active FROM qr_codes WHERE id = ?', [qrCodeValue])
]);
// Insert the failed attempt into the database
await db.execute(
'INSERT INTO clock_records (worker_id, event_type, timestamp, qr_code_id, latitude, longitude, notes) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
[userId, 'failed', new Date(), qrCodeValue, latitude, longitude, notes]
);
if (!geofenceCheck) {
const distance = pointToLineDistance(point([longitude, latitude]),
geofence.geometry.coordinates[0], { units: 'meters' });
const notes = `Clock-in outside of the zone: ${distance.toFixed(2)} meters.`;
// Return an error to the user
return res.status(403).json({ message: `You are not within the allowed work area.` });
// --- MODIFICATION END ---
}
await connection.execute(
'INSERT INTO clock_records (worker_id, event_type, timestamp, qr_code_id, latitude, longitude, notes) VALUES (?, ?, ?, ?, ?, ?, ?)',
[userId, 'failed', new Date(), qrCodeValue, latitude, longitude, notes]
);
const [qrRows] = await db.execute('SELECT name, is_active FROM qr_codes WHERE id = ?', [
qrCodeValue,
])
await connection.commit();
return res.status(403).json({ message: `You are not within the allowed work area.` });
}
if (qrRows.length === 0) {
// This code is not in the database at all.
return res.status(400).json({ message: 'Invalid QR Code scanned.' })
if (qrCheck[0].length === 0) {
await connection.rollback();
return res.status(400).json({ message: 'Invalid QR Code scanned.' });
}
if (!qrCheck[0][0].is_active) {
await connection.rollback();
return res.status(400).json({ message: 'This QR Code has expired and is no longer active.' });
}
}
// Check last event
const [lastEvent] = await connection.execute(
'SELECT event_type FROM clock_records WHERE worker_id = ? ORDER BY timestamp DESC LIMIT 1',
[userId]
);
if (qrCodeValue === 'FORCE_CLOCK_OUT') {
// If it's a forced clock-out, log it as a failed event regardless of previous state
await connection.execute(
'INSERT INTO clock_records (worker_id, event_type, timestamp, qr_code_id, latitude, longitude, notes) VALUES (?, ?, ?, ?, ?, ?, ?)',
[userId, 'failed', new Date(), qrCodeValue, latitude, longitude, `FAKE GPS APP Detected.`]
);
await connection.commit();
return res.status(200).json({ message: 'Forced clock-out attempt was logged.' });
}
if (lastEvent.length > 0 && lastEvent[0].event_type === eventType) {
await connection.rollback();
return res.status(400).json({ message: `You are already clocked ${eventType === 'clock_in' ? 'in' : 'out'}.` });
}
// Insert new record
const timestamp = new Date();
await connection.execute(
'INSERT INTO clock_records (worker_id, event_type, timestamp, qr_code_id, latitude, longitude, notes) VALUES (?, ?, ?, ?, ?, ?, ?)',
[userId, eventType, timestamp, qrCodeValue || null, latitude || null, longitude || null, notes || null]
);
await connection.commit();
res.status(201).json({ message: 'Clock event recorded successfully' });
} catch (err) {
await connection.rollback();
throw err;
} finally {
connection.release();
}
if (!qrRows[0].is_active) {
// This code exists but has been deactivated.
return res
.status(400)
.json({ message: 'This QR Code has expired and is no longer active.' })
}
const [lastEventRows] = await db.execute(
'SELECT event_type FROM clock_records WHERE worker_id = ? ORDER BY timestamp DESC LIMIT 1',
[userId],
)
if (lastEventRows.length > 0 && lastEventRows[0].event_type === eventType) {
return res
.status(400)
.json({ message: `You are already clocked ${eventType === 'clock_in' ? 'in' : 'out'}.` })
}
const timestamp = new Date()
await db.execute(
'INSERT INTO clock_records (worker_id, event_type, timestamp, qr_code_id, latitude, longitude) VALUES (?, ?, ?, ?, ?, ?)',
[userId, eventType, timestamp, qrCodeValue, latitude, longitude],
)
res.status(201).json({ message: 'Clock event recorded successfully' })
} catch (error) {
console.error('Clock event error:', error)
res.status(500).json({ message: 'Database error during clock event.' })
console.error('Clock event error:', error);
res.status(500).json({ message: 'Database error during clock event.' });
}
})
@@ -690,15 +923,301 @@ async function startServer() {
}
})
// --- Server Start ---
// const httpsOptions = {
// key: fs.readFileSync(process.env.SSL_KEY_PATH),
// cert: fs.readFileSync(process.env.SSL_CERT_PATH),
// }
// --- NEW NATIVE FEATURES API ENDPOINTS ---
app.listen(port, () => {
console.log(`Server is running on http://localhost:${port}`)
// Location Update Endpoint - OPTIMIZED: Removed continuous geofence checking
app.post('/api/location/update', authenticateJWT, async (req, res) => {
try {
const { userId, latitude, longitude, checkGeofence } = req.body
if (!userId || !latitude || !longitude) {
return res.status(400).json({ message: 'User ID, latitude, and longitude are required.' })
}
// OPTIMIZATION: Only check geofence when explicitly requested
// This reduces unnecessary processing on every location update
if (checkGeofence === true) {
try {
const userLocation = point([longitude, latitude]);
const isWithinGeofence = booleanPointInPolygon(userLocation, geofence);
if (!isWithinGeofence) {
// User is outside the geofence - log security alert silently
const distance = pointToLineDistance(userLocation, geofence.geometry.coordinates[0], { units: 'meters' });
const alertData = {
latitude: latitude,
longitude: longitude,
timestamp: new Date().toISOString(),
distance_from_geofence: distance.toFixed(2),
check_type: 'scheduled_update' // Indicate this was a scheduled check
};
// Log geofence violation to security_alerts table
await logSecurityAlert(userId, 'geofence_violation', alertData, db);
console.log(`OPTIMIZED: Geofence violation detected for user ${userId}: ${distance.toFixed(2)} meters outside boundary`);
} else {
console.log(`OPTIMIZED: User ${userId} within geofence during scheduled check`);
}
} catch (geofenceError) {
console.error('OPTIMIZED: Error checking geofence:', geofenceError);
// Continue with location update even if geofence check fails
}
}
// OPTIMIZED: Simplified location update - only essential fields
// No need for timestamp conversion as we use created_at with NOW()
await db.execute(
'INSERT INTO location_updates (user_id, longitude, latitude, created_at) VALUES (?, ?, ?, NOW())',
[userId, longitude, latitude]
)
res.json({ message: 'Location updated successfully' })
} catch (error) {
console.error('Location update error:', error)
res.status(500).json({ message: 'Database error during location update.' })
}
})
// Device Registration Endpoint
app.post('/api/device/register', authenticateJWT, async (req, res) => {
try {
const { userId, deviceUuid, deviceInfo } = req.body
if (!userId || !deviceUuid) {
return res.status(400).json({ message: 'User ID and device UUID are required.' })
}
const result = await registerDeviceForUser(userId, deviceUuid, deviceInfo, db)
if (result.success) {
res.json({ message: result.message, success: true })
} else {
res.status(409).json({ message: result.message, success: false })
}
} catch (error) {
console.error('Device registration error:', error)
res.status(500).json({ message: 'Database error during device registration.', success: false })
}
})
// Device Validation Endpoint
app.post('/api/device/validate', authenticateJWT, async (req, res) => {
try {
const { userId, deviceUuid } = req.body
if (!userId || !deviceUuid) {
return res.status(400).json({ message: 'User ID and device UUID are required.' })
}
const validation = await validateDeviceForUser(userId, deviceUuid, db)
res.json({
valid: validation.valid,
message: validation.message
})
} catch (error) {
console.error('Device validation error:', error)
res.status(500).json({ message: 'Database error during device validation.', valid: false })
}
})
// Security Check Endpoint - COMMENTED OUT FOR SERVER-SIDE SECURITY PREFERENCE
// Client-side security computation removed per user preference for server-side security
/*
app.post('/api/security/check', authenticateJWT, async (req, res) => {
try {
const { userId, timestamp, deviceInfo, securityCheck } = req.body
if (!userId || !securityCheck) {
return res.status(400).json({ message: 'User ID and security check data are required.' })
}
// Calculate risk score
let riskScore = 0
if (securityCheck.suspiciousApps && securityCheck.suspiciousApps.totalSuspiciousApps > 0) {
riskScore += securityCheck.suspiciousApps.totalSuspiciousApps * 10
}
if (securityCheck.riskLevel === 'high') {
riskScore += 50
} else if (securityCheck.riskLevel === 'medium') {
riskScore += 25
}
// Convert timestamp to MySQL-compatible format
let mysqlTimestamp
if (timestamp) {
if (typeof timestamp === 'string' && timestamp.includes('T')) {
// Handle ISO 8601 format (e.g., '2025-07-04T09:00:49.192Z')
// Convert to MySQL DATETIME format by replacing 'T' with ' ' and removing 'Z'
mysqlTimestamp = timestamp.replace('T', ' ').replace('Z', '')
} else if (timestamp instanceof Date) {
// Handle Date object
mysqlTimestamp = timestamp.toISOString().replace('T', ' ').replace('Z', '')
} else {
// Fallback to current time for invalid formats
mysqlTimestamp = new Date().toISOString().replace('T', ' ').replace('Z', '')
}
} else {
// Use current time if no timestamp provided
mysqlTimestamp = new Date().toISOString().replace('T', ' ').replace('Z', '')
}
// Store security check results
await db.execute(
'INSERT INTO security_checks (user_id, timestamp, device_info, security_data, risk_level, risk_score, created_at) VALUES (?, ?, ?, ?, ?, ?, NOW())',
[userId, mysqlTimestamp, JSON.stringify(deviceInfo), JSON.stringify(securityCheck), securityCheck.riskLevel, riskScore]
)
// Check if risk level is too high
if (riskScore >= 50) {
// Log high-risk event
await db.execute(
'INSERT INTO security_alerts (user_id, alert_type, alert_data, severity, created_at) VALUES (?, ?, ?, ?, NOW())',
[userId, 'high_risk_device', JSON.stringify({ riskScore, securityCheck }), 'high']
)
return res.status(403).json({
message: 'Device security risk too high. Please contact administrator.',
riskLevel: securityCheck.riskLevel,
riskScore: riskScore
})
}
res.json({
message: 'Security check completed successfully',
riskLevel: securityCheck.riskLevel,
riskScore: riskScore,
status: 'approved'
})
} catch (error) {
console.error('Security check error:', error)
res.status(500).json({ message: 'Database error during security check.' })
}
})
*/
// Get Security Status Endpoint
app.get('/api/security/status/:userId', authenticateJWT, async (req, res) => {
try {
const { userId } = req.params
// Get latest security check
const [securityRows] = await db.execute(
'SELECT * FROM security_checks WHERE user_id = ? ORDER BY created_at DESC LIMIT 1',
[userId]
)
// Get recent security alerts
const [alertRows] = await db.execute(
'SELECT * FROM security_alerts WHERE user_id = ? AND created_at > DATE_SUB(NOW(), INTERVAL 7 DAY) ORDER BY created_at DESC',
[userId]
)
res.json({
latestSecurityCheck: securityRows[0] || null,
recentAlerts: alertRows,
securityStatus: securityRows.length > 0 ? securityRows[0].risk_level : 'unknown'
})
} catch (error) {
console.error('Get security status error:', error)
res.status(500).json({ message: 'Database error fetching security status.' })
}
})
// Get App Blacklist Endpoint
app.get('/api/security/app-blacklist', authenticateJWT, async (req, res) => {
try {
const [rows] = await db.execute('SELECT package_name FROM app_blacklist');
const packageNames = rows.map(row => row.package_name);
res.json(packageNames);
} catch (error) {
console.error('Get app blacklist error:', error);
res.status(500).json({ message: 'Database error fetching app blacklist.' });
}
});
// --- Server Start ---
const httpPort = process.env.HTTP_PORT || 3000
const httpsPort = process.env.HTTPS_PORT || 3443
const sslEnabled = process.env.SSL_ENABLED === 'true'
if (sslEnabled) {
try {
// Check if SSL certificate files exist
const currentDir = path.dirname(fileURLToPath(import.meta.url))
const keyPath = path.join(currentDir, 'key.pem')
const certPath = path.join(currentDir, 'cert.pem')
console.log('Resolved keyPath:', keyPath)
console.log('Resolved certPath:', certPath)
if (!fs.existsSync(keyPath) || !fs.existsSync(certPath)) {
console.error('SSL certificate or key file not found. Falling back to HTTP.')
startHttpServer()
return
}
const httpsOptions = {
key: fs.readFileSync(keyPath),
cert: fs.readFileSync(certPath),
}
// Start HTTPS server
const httpsServer = https.createServer(httpsOptions, app)
httpsServer.listen(httpsPort, '0.0.0.0', () => {
console.log(`🔒 HTTPS Server is running on https://localhost:${httpsPort}`)
if (process.env.SERVER_IP) {
console.log(`🔒 HTTPS Server is also available on https://${process.env.SERVER_IP}:${httpsPort}`)
}
console.log('📱 For Android testing, use the IP address URL')
})
// Optional: Start HTTP server that redirects to HTTPS
const httpApp = express()
httpApp.use((req, res) => {
const host = req.headers.host?.split(':')[0] || 'localhost'
const redirectUrl = `https://${host}:${httpsPort}${req.url}`
res.redirect(301, redirectUrl)
})
const httpServer = http.createServer(httpApp)
httpServer.listen(httpPort, '0.0.0.0', () => {
console.log(`🔄 HTTP Server (redirect) is running on http://localhost:${httpPort}`)
})
// Graceful shutdown
process.on('SIGTERM', () => {
console.log('Shutting down servers...')
httpsServer.close(() => {
console.log('HTTPS server closed')
})
httpServer.close(() => {
console.log('HTTP server closed')
})
})
} catch (error) {
console.error('❌ Failed to start HTTPS server:', error.message)
console.log('Falling back to HTTP server...')
startHttpServer()
}
} else {
startHttpServer()
}
function startHttpServer() {
const httpServer = http.createServer(app)
httpServer.listen(httpPort, '0.0.0.0', () => {
console.log(`🌐 HTTP Server is running on http://localhost:${httpPort}`)
if (process.env.SERVER_IP) {
console.log(`🌐 HTTP Server is also available on http://${process.env.SERVER_IP}:${httpPort}`)
}
console.log('⚠️ Using HTTP - HTTPS recommended for mobile testing')
})
}
}
startServer()