Add snapshot management to API and enhance user-agent validation for v2 routes

api.js

@@ -5,7 +5,7 @@ const path = require('path');
 const crypto = require('crypto');
 const { initPool, renderHtml, POOL_SIZE } = require('./browserPool');
 const v2Routes = require('./v2Routes');
-const { cleanupExpiredSessions } = require('./db');
+const { cleanupExpiredSessions, cleanupExpiredSnapshots } = require('./db');
 
 const app = express();
 const PORT = 3000;
@@ -23,10 +23,34 @@ app.use(express.urlencoded({ limit: '1gb', extended: true }));
 app.use(cors({
     origin: '*',
     methods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],
-    allowedHeaders: ['Content-Type', 'Authorization'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'User-Agent'],
     credentials: false
 }));
 
+// user-agent check middleware (only for v2 routes)
+app.use((req, res, next) => {
+    // only check user-agent for v2 routes
+    if (!req.url.startsWith('/v2')) {
+        return next();
+    }
+
+    const userAgent = req.get('User-Agent') || '';
+
+    // allow flutter app or web browsers
+    const isFlutterApp = userAgent.includes('QuoteGen-Flutter/1.0');
+    const isBrowser = userAgent.includes('Mozilla') ||
+                     userAgent.includes('Chrome') ||
+                     userAgent.includes('Safari') ||
+                     userAgent.includes('Firefox') ||
+                     userAgent.includes('Edge');
+
+    if (!isFlutterApp && !isBrowser) {
+        return res.status(403).json({ error: 'Forbidden: Invalid user agent' });
+    }
+
+    next();
+});
+
 // Request logging middleware
 app.use((req, res, next) => {
     // skip logging health checks
@@ -372,11 +396,13 @@ app.get('/health', (req, res) => {
 // Clear all cache on startup
 clearCache();
 cleanupExpiredSessions();
+cleanupExpiredSnapshots();
 
 // Run cleanup every hour
 setInterval(() => {
     cleanupOldCache();
     cleanupExpiredSessions();
+    cleanupExpiredSnapshots();
 }, 60 * 60 * 1000);
 
 // Initialize browser pool then start server