server.mjs

// server.mjs
import { createServer, request as httpRequest } from 'http';
import { request as httpsRequest } from 'https';
import { handler } from './dist/server/entry.mjs';
import sirv from 'sirv';
import { fileURLToPath } from 'url';
import { dirname, join } from 'path';
import { createReadStream, existsSync, statSync } from 'fs';
import { createGzip, createBrotliCompress, constants as zlibConstants } from 'zlib';

const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);

const PORT = process.env.PORT || 4321;
const HOST = process.env.HOST || '0.0.0.0';
const CLIENT_DIR = join(__dirname, 'dist', 'client');

const CONTENT_TYPES = {
  '.html': 'text/html; charset=utf-8',
  '.css': 'text/css; charset=utf-8',
  '.js': 'application/javascript; charset=utf-8',
  '.mjs': 'application/javascript; charset=utf-8',
  '.json': 'application/json; charset=utf-8',
  '.xml': 'application/xml; charset=utf-8',
  '.svg': 'image/svg+xml',
  '.txt': 'text/plain; charset=utf-8',
  '.webp': 'image/webp',
  '.png': 'image/png',
  '.jpg': 'image/jpeg',
  '.jpeg': 'image/jpeg',
  '.gif': 'image/gif',
  '.ico': 'image/x-icon',
  '.avif': 'image/avif',
  '.woff': 'font/woff',
  '.woff2': 'font/woff2',
  '.ttf': 'font/ttf',
  '.eot': 'application/vnd.ms-fontobject',
  '.otf': 'font/otf',
  '.pdf': 'application/pdf',
  '.zip': 'application/zip',
  '.doc': 'application/msword',
  '.docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
  '.xls': 'application/vnd.ms-excel',
  '.xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
  '.ppt': 'application/vnd.ms-powerpoint',
  '.pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
  '.webmanifest': 'application/manifest+json',
  '.map': 'application/json',
  '.pf_fragment': 'application/octet-stream',
  '.pf_index': 'application/octet-stream',
  '.pf_meta': 'application/octet-stream',
};

const COMPRESSIBLE_EXTENSIONS = /\.(html|css|js|mjs|json|xml|svg|txt|map)$/;

// RFC 8288 Link headers for agent discovery on all HTML responses
const AGENT_LINK_HEADERS = [
  '</.well-known/api-catalog>; rel="api-catalog"',
  '</docs/>; rel="service-doc"',
  '</.well-known/openid-configuration>; rel="openid-configuration"',
  '</.well-known/mcp/server-card.json>; rel="describedby"',
].join(', ');

// Content-type overrides for .well-known files that have no file extension
const WELL_KNOWN_CONTENT_TYPES = {
  '/.well-known/api-catalog': 'application/linkset+json',
  '/.well-known/oauth-protected-resource': 'application/json',
  '/.well-known/openid-configuration': 'application/json',
  '/.well-known/oauth-authorization-server': 'application/json',
};

// Redirect configuration with Cache-Control: no-cache
const AUTH_TARGET = 'https://auth.datum.net';
const REDIRECTS = {
  '/product': { destination: '/features', status: 302 },
  '/feature/': { destination: '/features', status: 302 },
  '/product/overview/overview': { destination: '/features', status: 302 },
  '/team': { destination: '/about', status: 302 },
  '/jobs/': { destination: '/careers', status: 302 },
  '/community-huddle/': { destination: '/events', status: 302 },
  '/handbook/engineering/rfc/': { destination: '/handbook/build', status: 302 },
  '/handbook/company/what-we-believe/': { destination: '/handbook/about/purpose', status: 302 },
  '/handbook/culture/anti-harassment-and-discrimination-policy/': {
    destination: '/handbook/policy/anti-harassment',
    status: 302,
  },
  '/handbook/company/who-are-we-building-for/': {
    destination: '/handbook/product/customers',
    status: 302,
  },
  '/handbook/people/travel-policy/': { destination: '/handbook/operate/traveling', status: 302 },
  '/handbook/company/where-are-we-now/': { destination: '/handbook/about/strategy', status: 302 },
  '/handbook/go-to-market/keep-momentum/': {
    destination: '/handbook/about/strategy',
    status: 302,
  },
  '/handbook/go-to-market/approach-gtm/': { destination: '/handbook/about/model', status: 302 },
  '/netzero/overview/overview': { destination: '/', status: 302 },
  '/api-reference/invite/deletes-a-invite-by-id': {
    destination: '/docs/api/reference',
    status: 302,
  },
  '/blog/internet-superpowers-for-every-builder/)_/': {
    destination: '/blog/internet-superpowers-for-every-builder',
    status: 302,
  },
  '/legal/': { destination: '/legal/terms', status: 302 },
  '/privacy-policy/': { destination: '/legal/privacy', status: 302 },
  '/privacy/': { destination: '/legal/privacy', status: 302 },
  '/terms-of-service/': { destination: '/legal/terms', status: 302 },
  '/index.asp': { destination: '/', status: 302 },
  '/logon.html': { destination: `${AUTH_TARGET}/ui/v2/login/loginname`, status: 302 },
  '/public-slack/': { destination: 'https://link.datum.net/discord', status: 302 },
  '/handbook/company/': { destination: '/handbook/about', status: 302 },
  '/handbook/engineering/': { destination: '/handbook/build', status: 302 },
  '/handbook/go-to-market/': { destination: '/handbook/about', status: 302 },
  '/downloads/': { destination: '/download', status: 302 },
  '/downloads/mac-os/': { destination: '/download/mac-os', status: 302 },
  '/downloads/windows/': { destination: '/download/windows', status: 302 },
  '/downloads/linux/': { destination: '/download/linux', status: 302 },
  '/downloads/datumctl/': { destination: '/download/datumctl', status: 302 },
  '/downloads/datum-mcp/': { destination: '/download/datum-mcp', status: 302 },
  '/resources/changelog/': { destination: '/changelog', status: 302 },
  '/resources/roadmap/': { destination: '/roadmap', status: 302 },
  '/resources/open-source/': { destination: '/open-source', status: 302 },

  // Site page aliases
  '/about-us': { destination: '/about', status: 302 },
  '/about-us/': { destination: '/about', status: 302 },
  '/team/': { destination: '/about', status: 302 },
  '/leadership': { destination: '/about', status: 302 },
  '/leadership/': { destination: '/about', status: 302 },
  '/jobs': { destination: '/careers', status: 302 },
  '/feature': { destination: '/features', status: 302 },
  '/products': { destination: '/features', status: 302 },
  '/products/': { destination: '/features', status: 302 },
  '/product/vpc': { destination: '/features', status: 302 },
  '/design': { destination: '/brand', status: 302 },
  '/design/': { destination: '/brand', status: 302 },
  '/support': { destination: '/contact', status: 302 },
  '/support/': { destination: '/contact', status: 302 },
  '/overview/datum': { destination: '/docs/overview/why-datum', status: 302 },
  '/overview/datum/': { destination: '/docs/overview/why-datum', status: 302 },

  // Legal aliases and typos
  '/privacy-policy': { destination: '/legal/privacy', status: 302 },
  '/privacy': { destination: '/legal/privacy', status: 302 },
  '/terms-of-service': { destination: '/legal/terms', status: 302 },
  '/legal/privacy-policy': { destination: '/legal/privacy', status: 302 },
  '/legal/privacy-policy/': { destination: '/legal/privacy', status: 302 },
  '/legal/pricavy': { destination: '/legal/privacy', status: 302 },
  '/legal/pricavy/': { destination: '/legal/privacy', status: 302 },
  '/legal/term': { destination: '/legal/terms', status: 302 },
  '/legal/term/': { destination: '/legal/terms', status: 302 },
  '/legal/trust': { destination: '/legal/privacy', status: 302 },
  '/legal/trust/': { destination: '/legal/privacy', status: 302 },
  '/legal/security': { destination: '/docs/overview/support', status: 302 },
  '/legal/security/': { destination: '/docs/overview/support', status: 302 },
};

const MINTLIFY_TARGET = 'https://datum-4926dda5.mintlify.dev';

// Reverse proxy routes: requests matching prefix are forwarded to the target host.
// Per Mintlify reverse-proxy docs: https://mintlify.com/docs/deploy/reverse-proxy
const PROXY_ROUTES = [
  // Mintlify static assets — long-lived cache allowed
  { prefix: '/mintlify-assets/_next/static', target: MINTLIFY_TARGET, cache: true },
  // Core docs path
  { prefix: '/docs', target: MINTLIFY_TARGET, cache: false },
  { prefix: '/docs/*', target: MINTLIFY_TARGET, cache: false },
  // Mintlify internal routes
  { prefix: '/_mintlify', target: MINTLIFY_TARGET, cache: false },
  // AI / agent discovery files
  { prefix: '/.well-known/vercel/*', target: MINTLIFY_TARGET, cache: false },
  { prefix: '/.well-known/skills/*', target: MINTLIFY_TARGET, cache: false },
  { prefix: '/.well-known/agent-skills/*', target: MINTLIFY_TARGET, cache: false },
  // LLM context files
  // { prefix: '/llms.txt', target: MINTLIFY_TARGET, cache: false },
  // { prefix: '/llms-full.txt', target: MINTLIFY_TARGET, cache: false },
  { prefix: '/skill.md', target: MINTLIFY_TARGET, cache: false },
];

// Prefix-based redirects: source prefix → destination prefix (preserves the rest of the path)
const PREFIX_REDIRECTS = [
  { from: '/handbook/technical/', to: '/handbook/build', status: 302 },
  { from: '/handbook/culture/', to: '/handbook/operate', status: 302 },
];

// File extensions that should trigger download instead of display
const DOWNLOAD_EXTENSIONS = /\.(docx?|xlsx?|pptx?|zip)$/i;

// Static file server for pre-rendered pages and assets
const staticServer = sirv(CLIENT_DIR, {
  maxAge: 31536000,
  immutable: true,
  gzip: true,
  brotli: true,
  etag: true,
  dotfiles: false,
  extensions: ['html'], // Auto-append .html for clean URLs
  single: false, // Don't serve index.html for all routes (SPA mode)
  setHeaders: (res, pathname) => {
    if (pathname.includes('/_astro/')) {
      res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
    } else if (pathname.match(/\.(html)$/)) {
      res.setHeader('Cache-Control', 'public, max-age=0, must-revalidate');
    } else if (pathname.startsWith('/download/brand-assets/')) {
      res.setHeader('Cache-Control', 'no-store, must-revalidate');
    }
    // Force download for Office documents and archives
    if (DOWNLOAD_EXTENSIONS.test(pathname)) {
      const filename = pathname.split('/').pop();
      res.setHeader('Content-Disposition', `attachment; filename="${filename}"`);
    }
  },
});

function getContentType(url) {
  const ext = url.match(/\.[^.]+$/)?.[0]?.toLowerCase() || '';
  return CONTENT_TYPES[ext] || 'application/octet-stream';
}

function isCompressible(url) {
  return COMPRESSIBLE_EXTENSIONS.test(url);
}

// Generate a stable ETag from a file's mtime and size
function generateETag(stat) {
  return `"${stat.mtime.getTime().toString(16)}-${stat.size.toString(16)}"`;
}

// Check conditional request headers; returns true if a 304 was sent
function handleConditional(req, res, etag, lastModified, cacheControl, varyHeader) {
  const ifNoneMatch = req.headers['if-none-match'];
  const ifModifiedSince = req.headers['if-modified-since'];

  const etagMatch = ifNoneMatch && ifNoneMatch === etag;
  const modifiedMatch =
    !ifNoneMatch && ifModifiedSince && new Date(ifModifiedSince) >= lastModified;

  if (etagMatch || modifiedMatch) {
    res.writeHead(304, {
      ETag: etag,
      'Last-Modified': lastModified.toUTCString(),
      'Cache-Control': cacheControl,
      Vary: varyHeader,
      'X-Cache': 'HIT',
    });
    res.end();
    return true;
  }
  return false;
}

// Serve pre-compressed files (.gz, .br) for text-based content
function serveCompressed(req, res, next) {
  if (req.method !== 'GET' && req.method !== 'HEAD') {
    return next();
  }

  let url = req.url.split('?')[0];

  if (url.endsWith('/')) {
    url += 'index.html';
  }

  if (!isCompressible(url)) {
    return next();
  }

  const acceptEncoding = req.headers['accept-encoding'] || '';
  const filePath = join(CLIENT_DIR, url);

  // Use the original file's stat for a consistent ETag across encodings
  const originalStat = existsSync(filePath) ? statSync(filePath) : null;
  const cacheControl = url.includes('/_astro/')
    ? 'public, max-age=31536000, immutable'
    : 'public, max-age=0, must-revalidate';

  // Try brotli first (better compression ratio)
  if (acceptEncoding.includes('br')) {
    const brPath = filePath + '.br';
    if (existsSync(brPath)) {
      const stat = originalStat ?? statSync(brPath);
      const etag = generateETag(stat);
      const lastModified = stat.mtime;

      if (handleConditional(req, res, etag, lastModified, cacheControl, 'Accept-Encoding')) return;

      const brContentType = getContentType(url);
      res.writeHead(200, {
        'Content-Type': brContentType,
        'Content-Encoding': 'br',
        'Content-Length': statSync(brPath).size,
        ETag: etag,
        'Last-Modified': lastModified.toUTCString(),
        Vary: 'Accept-Encoding',
        'Cache-Control': cacheControl,
        'X-Cache': 'MISS',
        ...(brContentType.includes('text/html') && { Link: AGENT_LINK_HEADERS }),
      });
      if (req.method === 'HEAD') {
        res.end();
      } else {
        createReadStream(brPath).pipe(res);
      }
      return;
    }
  }

  // Fallback to gzip (widely supported)
  if (acceptEncoding.includes('gzip')) {
    const gzPath = filePath + '.gz';
    if (existsSync(gzPath)) {
      const stat = originalStat ?? statSync(gzPath);
      const etag = generateETag(stat);
      const lastModified = stat.mtime;

      if (handleConditional(req, res, etag, lastModified, cacheControl, 'Accept-Encoding')) return;

      const gzContentType = getContentType(url);
      res.writeHead(200, {
        'Content-Type': gzContentType,
        'Content-Encoding': 'gzip',
        'Content-Length': statSync(gzPath).size,
        ETag: etag,
        'Last-Modified': lastModified.toUTCString(),
        Vary: 'Accept-Encoding',
        'Cache-Control': cacheControl,
        'X-Cache': 'MISS',
        ...(gzContentType.includes('text/html') && { Link: AGENT_LINK_HEADERS }),
      });
      if (req.method === 'HEAD') {
        res.end();
      } else {
        createReadStream(gzPath).pipe(res);
      }
      return;
    }
  }

  next();
}

function handleProxy(req, res, target, cache = false) {
  const targetUrl = new URL(target);
  const isHttps = targetUrl.protocol === 'https:';
  const requestFn = isHttps ? httpsRequest : httpRequest;

  const options = {
    hostname: targetUrl.hostname,
    port: targetUrl.port || (isHttps ? 443 : 80),
    path: req.url,
    method: req.method,
    headers: {
      ...req.headers,
      host: targetUrl.hostname,
      'x-forwarded-host': req.headers.host,
      'x-forwarded-proto': 'https',
    },
  };

  const proxyReq = requestFn(options, (proxyRes) => {
    const headers = { ...proxyRes.headers };
    if (!cache) {
      headers['cache-control'] = 'no-cache, no-store, must-revalidate';
    }

    // Allow cloud-portal to embed proxied Mintlify content as an iframe.
    // Mintlify hard-codes `frame-ancestors 'self' https://dashboard.mintlify.com`
    // and `X-Frame-Options: DENY`, with no docs.json knob to customize either.
    delete headers['x-frame-options'];
    const csp = headers['content-security-policy'];
    if (typeof csp === 'string') {
      headers['content-security-policy'] = csp.replace(
        /frame-ancestors[^;]*/i,
        "frame-ancestors 'self' https://dashboard.mintlify.com https://cloud.datum.net https://cloud.staging.env.datum.net"
      );
    }

    res.writeHead(proxyRes.statusCode, headers);
    proxyRes.pipe(res);
  });

  proxyReq.on('error', (err) => {
    console.error('Proxy error:', err);
    res.writeHead(502);
    res.end('Bad Gateway');
  });

  req.pipe(proxyReq);
}

const SSR_COMPRESSIBLE = /^(text\/|application\/(javascript|json|xml|manifest\+json)|image\/svg)/;

// Wrap the Astro SSR handler with streaming compression and cache headers
function handleSSR(req, res) {
  const acceptEncoding = req.headers['accept-encoding'] ?? '';

  let compressor = null;
  let encoding = null;

  if (req.method === 'GET' || req.method === 'HEAD') {
    if (acceptEncoding.includes('br')) {
      compressor = createBrotliCompress({
        params: { [zlibConstants.BROTLI_PARAM_QUALITY]: 4 },
      });
      encoding = 'br';
    } else if (acceptEncoding.includes('gzip')) {
      compressor = createGzip({ level: 6 });
      encoding = 'gzip';
    }
  }

  const origWriteHead = res.writeHead.bind(res);
  const origWrite = res.write.bind(res);
  const origEnd = res.end.bind(res);

  let compressionActive = false;

  res.writeHead = (statusCode, headers) => {
    const h = headers && typeof headers === 'object' ? { ...headers } : {};

    const ct = String(
      h['content-type'] ?? h['Content-Type'] ?? res.getHeader('content-type') ?? ''
    );
    compressionActive = !!compressor && SSR_COMPRESSIBLE.test(ct);

    if (compressionActive) {
      delete h['content-length'];
      delete h['Content-Length'];
      h['Content-Encoding'] = encoding;
      h['Vary'] = 'Accept-Encoding';
    }

    if (!h['Cache-Control'] && !h['cache-control']) {
      h['Cache-Control'] = 'no-cache';
    }

    if (ct.includes('text/html') && !h['Link']) {
      h['Link'] = AGENT_LINK_HEADERS;
    }

    return origWriteHead(statusCode, h);
  };

  if (compressor) {
    compressor.on('data', (chunk) => origWrite(chunk));
    compressor.on('end', () => origEnd());
    compressor.on('error', () => origEnd());

    res.write = (chunk, enc, cb) => {
      if (!compressionActive) return origWrite(chunk, enc, cb);
      return compressor.write(chunk, enc, cb);
    };

    res.end = (chunk, enc, cb) => {
      if (!compressionActive) return origEnd(chunk, enc, cb);
      if (chunk) compressor.write(chunk);
      compressor.end();
    };
  }

  handler(req, res);
}

const server = createServer((req, res) => {
  if (process.env.NODE_ENV !== 'production') {
    console.log(`[${new Date().toISOString()}] ${req.method} ${req.url}`);
  }

  const url = req.url.split('?')[0];

  // Inject Link headers on every successful HTML response regardless of which handler
  // serves it (sirv, serveCompressed, or Astro SSR). Patching writeHead here ensures
  // the header is present even when sirv builds its own headers object internally.
  if (req.method === 'GET' || req.method === 'HEAD') {
    const _origWriteHead = res.writeHead.bind(res);
    res.writeHead = function (statusCode, headersOrMessage, headersArg) {
      let h;
      let msg;
      if (typeof headersOrMessage === 'string') {
        msg = headersOrMessage;
        h = headersArg ? { ...headersArg } : {};
      } else {
        h = headersOrMessage ? { ...headersOrMessage } : {};
      }
      const ct = String(h['content-type'] || h['Content-Type'] || '');
      if (statusCode === 200 && ct.includes('text/html') && !h['link'] && !h['Link']) {
        h['Link'] = AGENT_LINK_HEADERS;
      }
      return msg !== undefined ? _origWriteHead(statusCode, msg, h) : _origWriteHead(statusCode, h);
    };
  }

  // Health check endpoints for Kubernetes probes
  if (url === '/healthz' || url === '/livez' || url === '/readyz') {
    res.writeHead(200, { 'Content-Type': 'text/plain' });
    res.end('OK');
    return;
  }

  // Markdown content negotiation (RFC-style: return text/markdown when Accept: text/markdown)
  if (
    (req.method === 'GET' || req.method === 'HEAD') &&
    req.headers.accept?.includes('text/markdown')
  ) {
    const mdUrl = url.endsWith('/') ? url + 'index.md' : url + '.md';
    const mdPath = join(CLIENT_DIR, mdUrl);
    if (existsSync(mdPath)) {
      const stat = statSync(mdPath);
      res.writeHead(200, {
        'Content-Type': 'text/markdown; charset=utf-8',
        'Cache-Control': 'public, max-age=0, must-revalidate',
        'Content-Length': stat.size,
        Link: AGENT_LINK_HEADERS,
      });
      if (req.method === 'HEAD') {
        res.end();
      } else {
        createReadStream(mdPath).pipe(res);
      }
      return;
    }
  }

  // Serve .well-known files without extensions with correct content-type
  if (WELL_KNOWN_CONTENT_TYPES[url]) {
    const filePath = join(CLIENT_DIR, url);
    if (existsSync(filePath)) {
      res.writeHead(200, {
        'Content-Type': WELL_KNOWN_CONTENT_TYPES[url],
        'Cache-Control': 'public, max-age=3600',
        'Access-Control-Allow-Origin': '*',
      });
      createReadStream(filePath).pipe(res);
      return;
    }
  }

  // Handle exact redirects with Cache-Control: no-cache
  const redirect = REDIRECTS[url];
  if (redirect) {
    res.writeHead(redirect.status, {
      Location: redirect.destination,
      'Cache-Control': 'no-cache',
    });
    res.end();
    return;
  }

  // Handle prefix-based redirects (wildcard)
  for (const prefixRedirect of PREFIX_REDIRECTS) {
    if (url.startsWith(prefixRedirect.from)) {
      const newPath = prefixRedirect.to + url.slice(prefixRedirect.from.length);
      res.writeHead(prefixRedirect.status, {
        Location: newPath,
        'Cache-Control': 'no-cache',
      });
      res.end();
      return;
    }
  }

  // Handle proxy routes
  for (const route of PROXY_ROUTES) {
    if (url.startsWith(route.prefix)) {
      handleProxy(req, res, route.target, route.cache);
      return;
    }
  }

  // Remove trailing slash (mirrors astro trailingSlash: 'never')
  const hasExt = /\.[^/]+$/.test(url);
  if (!hasExt && url !== '/' && url.endsWith('/')) {
    const trimmed = url.replace(/\/+$/, '');
    const qs = req.url.includes('?') ? req.url.slice(req.url.indexOf('?')) : '';
    res.writeHead(301, {
      Location: trimmed + qs,
      'Cache-Control': 'public, max-age=31536000',
    });
    res.end();
    return;
  }

  // /hello/:slug → serve same SSR page as /hello (popup deep links)
  const helloProfileMatch = url.match(/^\/hello\/([^/]+)$/);
  if (helloProfileMatch) {
    const qs = req.url.includes('?') ? req.url.slice(req.url.indexOf('?')) : '';
    req.url = '/hello' + qs;
  }

  // Middleware order: compressed files → static files → Astro SSR handler
  serveCompressed(req, res, () => {
    staticServer(req, res, () => {
      handleSSR(req, res);
    });
  });
});

server.on('error', (err) => {
  console.error('Server error:', err);
});

process.on('SIGTERM', () => {
  console.log('SIGTERM received, shutting down gracefully...');
  server.close(() => {
    console.log('Server closed');
    process.exit(0);
  });
});

server.listen(PORT, HOST, () => {
  console.log(`
╔════════════════════════════════════════════════════════════╗
║  Server running at http://${HOST}:${PORT}/
║
║  ✅ Pre-compressed files (.gz, .br) enabled
║  ✅ Static file server (images, fonts, etc.) enabled
║  ✅ Astro SSR handler enabled
║
║  Compression: HTML, CSS, JS, JSON, SVG, XML, TXT
║  Static: WebP, PNG, JPG, WOFF2, WOFF, PDF, ZIP, etc.
╚════════════════════════════════════════════════════════════╝
  `);
});