Update app.py

app.py

@@ -1,10 +1,8 @@
 from fastapi import FastAPI, Request, UploadFile, File, Form
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.staticfiles import StaticFiles
-from fastapi.responses import FileResponse
+from fastapi.responses import JSONResponse
 from pydantic import BaseModel, Field
-from typing import Optional, List, Dict, Any
-import httpx
+from typing import Optional, List, Dict
 import json
 import logging
 import os
@@ -12,17 +10,13 @@ import asyncio
 import hashlib
 from datetime import datetime, timezone
 import re
-import fastapi
 import base64
 import imghdr
-import mimetypes
-import pathlib
-import uuid
 
 app = FastAPI()
 logging.basicConfig(level=logging.INFO)
 
-# Enable CORS for convenience (adjust origins for production)
+# CORS
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
@@ -35,7 +29,6 @@ app.add_middleware(
 # ---------------------------
 PERSISTENT_ROOT = os.environ.get("PERSISTENT_DIR", "/data")
 if not os.path.isdir(PERSISTENT_ROOT):
-    # fallback to local data folder for dev
     PERSISTENT_ROOT = os.path.join(".", "data")
 os.makedirs(PERSISTENT_ROOT, exist_ok=True)
 
@@ -46,29 +39,20 @@ USERS_DIR = os.path.join(PERSISTENT_ROOT, "users")
 os.makedirs(USERS_DIR, exist_ok=True)
 USERS_FILE = os.path.join(USERS_DIR, "users.jsonl")
 SESSIONS_FILE = os.path.join(USERS_DIR, "sessions.json")
-ROOMS_FILE = os.path.join(USERS_DIR, "rooms.json")   # rooms persisted here
+ADMIN_KEY = os.environ.get("ADMIN_KEY", "")
 
-STATIC_DIR = os.path.join(PERSISTENT_ROOT, "static")
-IMAGES_DIR = os.path.join(STATIC_DIR, "images")
-os.makedirs(IMAGES_DIR, exist_ok=True)
-
-ADMIN_KEY = os.environ.get("ADMIN_KEY", "")  # set as secret in HF Space
-
-# Mount static files (serves uploaded images at /static/images/...)
-app.mount("/static", StaticFiles(directory=STATIC_DIR), name="static")
-
-# Async locks
+# locks & in-memory
 app.state.chat_locks = {}
 app.state.users_lock = asyncio.Lock()
 app.state.sessions_lock = asyncio.Lock()
-app.state.rooms_lock = asyncio.Lock()
 app.state.sessions: Dict[str, str] = {}
 
+
 # ---------------------------
-# Helpers: filenames, locks, time
+# Helpers
 # ---------------------------
-def _chat_file_for(room_code: str) -> str:
-    h = hashlib.sha256(room_code.encode("utf-8")).hexdigest()[:32]
+def _chat_file_for(room: str) -> str:
+    h = hashlib.sha256(room.encode("utf-8")).hexdigest()[:32]
     return os.path.join(CHAT_DIR, f"{h}.jsonl")
 
 def _lock_for(path: str) -> asyncio.Lock:
@@ -87,15 +71,13 @@ def _safe_handle(s: str) -> str:
     return s[:24]
 
 def _hash_pin(pin: str) -> str:
-    return hashlib.sha256(("tlks|" + pin).encode("utf-8")).hexdigest()
+    return hashlib.sha256(("tlks|" + (pin or "")).encode("utf-8")).hexdigest()
 
 def _rand_token() -> str:
     return hashlib.sha256(os.urandom(32)).hexdigest()
 
-# ---------------------------
-# JSONL read/write helpers
-# ---------------------------
-async def _append_jsonl(path: str, record: dict) -> None:
+# JSONL read/write
+async def _append_jsonl(path: str, record: dict):
     line = json.dumps(record, ensure_ascii=False) + "\n"
     def _write():
         with open(path, "a", encoding="utf-8") as f:
@@ -105,149 +87,74 @@ async def _append_jsonl(path: str, record: dict) -> None:
 async def _read_jsonl(path: str) -> List[dict]:
     if not os.path.exists(path):
         return []
-    def _read():
+    def _r():
         with open(path, "r", encoding="utf-8") as f:
             return [json.loads(x) for x in f if x.strip()]
-    return await asyncio.to_thread(_read)
-
-# ---------------------------
-# Users & sessions
-# ---------------------------
-async def _append_user(record: dict) -> None:
-    line = json.dumps(record, ensure_ascii=False) + "\n"
-    async with app.state.users_lock:
-        def _write():
-            with open(USERS_FILE, "a", encoding="utf-8") as f:
-                f.write(line)
-        await asyncio.to_thread(_write)
+    return await asyncio.to_thread(_r)
 
+# users load/write helpers
 async def _read_users() -> List[dict]:
     if not os.path.exists(USERS_FILE):
         return []
+    def _r():
+        with open(USERS_FILE, "r", encoding="utf-8") as f:
+            return [json.loads(x) for x in f if x.strip()]
     async with app.state.users_lock:
-        def _read():
-            with open(USERS_FILE, "r", encoding="utf-8") as f:
-                return [json.loads(x) for x in f if x.strip()]
-        return await asyncio.to_thread(_read)
+        return await asyncio.to_thread(_r)
 
+async def _write_users(users: List[dict]):
+    def _w():
+        with open(USERS_FILE, "w", encoding="utf-8") as f:
+            for u in users:
+                f.write(json.dumps(u, ensure_ascii=False) + "\n")
+    async with app.state.users_lock:
+        await asyncio.to_thread(_w)
+
+async def _append_user(rec: dict):
+    # ensure default fields
+    rec.setdefault("disabled", False)
+    rec.setdefault("created_at", _now_iso())
+    rec.setdefault("verified", "")      # "", "staff", "dev"
+    rec.setdefault("seen_intro", False)
+    line = json.dumps(rec, ensure_ascii=False) + "\n"
+    async with app.state.users_lock:
+        def _w():
+            with open(USERS_FILE, "a", encoding="utf-8") as f:
+                f.write(line)
+        await asyncio.to_thread(_w)
+
+# sessions
 async def _load_sessions():
     if os.path.exists(SESSIONS_FILE):
-        def _read():
+        def _r():
             with open(SESSIONS_FILE, "r", encoding="utf-8") as f:
                 return json.load(f)
-        app.state.sessions = await asyncio.to_thread(_read)
+        app.state.sessions = await asyncio.to_thread(_r)
     else:
         app.state.sessions = {}
 
 async def _save_sessions():
-    def _write(data):
+    def _w(data):
         with open(SESSIONS_FILE, "w", encoding="utf-8") as f:
             json.dump(data, f)
     async with app.state.sessions_lock:
-        await asyncio.to_thread(_write, app.state.sessions)
+        await asyncio.to_thread(_w, app.state.sessions)
 
 @app.on_event("startup")
-async def _startup_load_sessions():
+async def _startup():
     await _load_sessions()
-    # ensure ROOMS_FILE exists with a default public 'main' room
-    async with app.state.rooms_lock:
-        if not os.path.exists(ROOMS_FILE):
-            default = [
-                {"code": "main", "name": "General", "private": False, "invite_code": "", "members": []}
-            ]
-            def _write():
-                with open(ROOMS_FILE, "w", encoding="utf-8") as f:
-                    json.dump(default, f)
-            await asyncio.to_thread(_write)
 
-# ---------------------------
-# Room persistence helpers
-# ---------------------------
-async def _read_rooms() -> List[dict]:
-    async with app.state.rooms_lock:
-        if not os.path.exists(ROOMS_FILE):
-            return []
-        def _read():
-            with open(ROOMS_FILE, "r", encoding="utf-8") as f:
-                return json.load(f)
-        return await asyncio.to_thread(_read)
-
-async def _save_rooms(rooms: List[dict]) -> None:
-    async with app.state.rooms_lock:
-        def _write(r):
-            with open(ROOMS_FILE, "w", encoding="utf-8") as f:
-                json.dump(r, f, ensure_ascii=False, indent=2)
-        await asyncio.to_thread(_write, rooms)
 
+# admin guard
 def _require_admin(request: Request):
     provided = request.headers.get("x-admin-key", "")
     if not ADMIN_KEY or provided != ADMIN_KEY:
         raise fastapi.HTTPException(status_code=401, detail="Admin key required")
 
-# ---------------------------
-# Image helpers (save data-URL or UploadFile)
-# ---------------------------
-def _guess_ext_from_mime(mime: str) -> str:
-    ext = mimetypes.guess_extension(mime.split(";")[0].strip()) or ""
-    if ext == ".jpe":
-        ext = ".jpg"
-    return ext
-
-def _safe_image_filename(data_bytes: bytes, ext: str) -> str:
-    h = hashlib.sha256(data_bytes).hexdigest()[:20]
-    filename = f"{h}{ext or ''}"
-    return filename
-
-async def save_data_url(data_url: str) -> str:
-    """
-    Accept data URL (data:<mime>;base64,<data>) and save to IMAGES_DIR.
-    Returns path relative to /static (e.g. /static/images/<file>).
-    """
-    if not data_url.startswith("data:"):
-        raise ValueError("Not a data URL")
-    header, b64 = data_url.split(",", 1)
-    # header e.g. "data:image/png;base64"
-    try:
-        payload = base64.b64decode(b64)
-    except Exception as e:
-        raise ValueError("Bad base64") from e
-
-    mime_match = header.split(";")[0].split(":", 1)[-1] if ";" in header else header.split(":", 1)[-1]
-    ext = _guess_ext_from_mime(mime_match) or (("." + imghdr.what(None, payload)) if imghdr.what(None, payload) else ".jpg")
-    fname = _safe_image_filename(payload, ext)
-    out_path = os.path.join(IMAGES_DIR, fname)
-    # save
-    def _write():
-        with open(out_path, "wb") as f:
-            f.write(payload)
-    await asyncio.to_thread(_write)
-    return f"/static/images/{fname}"
-
-async def save_upload_file(upload: UploadFile) -> str:
-    contents = await upload.read()
-    ext = ""
-    # try from content-type
-    if upload.content_type:
-        ext = _guess_ext_from_mime(upload.content_type)
-    if not ext:
-        # fallback to imghdr to detect
-        kind = imghdr.what(None, contents)
-        ext = f".{kind}" if kind else ".jpg"
-    fname = _safe_image_filename(contents, ext)
-    out_path = os.path.join(IMAGES_DIR, fname)
-    def _write():
-        with open(out_path, "wb") as f:
-            f.write(contents)
-    await asyncio.to_thread(_write)
-    return f"/static/images/{fname}"
 
 # ---------------------------
 # Models
 # ---------------------------
-class NewMessage(BaseModel):
-    text: str = Field(..., min_length=1, max_length=5000)
-    images: Optional[List[str]] = None  # can be data-URLs or already-servable URLs
-
 class NewUser(BaseModel):
     email: str
     first_name: str
@@ -257,6 +164,7 @@ class NewUser(BaseModel):
     profile_image: Optional[str] = ""
     description: Optional[str] = ""
     pin: str = Field(..., min_length=3, max_length=32)
+    verified: Optional[str] = ""  # optional initial verified status
 
 class UpdateUser(BaseModel):
     first_name: Optional[str] = None
@@ -266,17 +174,23 @@ class UpdateUser(BaseModel):
     description: Optional[str] = None
     pin: Optional[str] = None
     disabled: Optional[bool] = None
+    verified: Optional[str] = None
 
 class LoginReq(BaseModel):
     handle: str
     pin: str
 
+class NewMessage(BaseModel):
+    text: str = Field(..., min_length=1, max_length=5000)
+    images: Optional[List[str]] = None  # (base64 data URLs or URLs)
+
+
 # ---------------------------
 # Auth utilities
 # ---------------------------
 async def _require_user(request: Request) -> dict:
     auth = request.headers.get("authorization", "")
-    if not auth.lower().startswith("bearer "):
+    if not auth or not auth.lower().startswith("bearer "):
         raise fastapi.HTTPException(status_code=401, detail="Missing bearer token")
     token = auth.split(" ", 1)[1].strip()
     handle = app.state.sessions.get(token)
@@ -288,8 +202,9 @@ async def _require_user(request: Request) -> dict:
         raise fastapi.HTTPException(status_code=401, detail="User disabled")
     return user
 
+
 # ---------------------------
-# Admin: user creation (existing) and room management
+# Admin: create/list/update users (pin stored hashed); includes 'verified'
 # ---------------------------
 @app.post("/admin/users")
 async def admin_create_user(user: NewUser, request: Request):
@@ -309,8 +224,8 @@ async def admin_create_user(user: NewUser, request: Request):
         "pin_hash": _hash_pin(user.pin),
         "disabled": False,
         "created_at": _now_iso(),
-        "followers": [],
-        "following": [],
+        "verified": (user.verified or ""),
+        "seen_intro": False
     }
     await _append_user(rec)
     pub = {k: v for k, v in rec.items() if k != "pin_hash"}
@@ -324,9 +239,11 @@ async def admin_list_users(request: Request, q: Optional[str] = None, limit: int
         ql = q.lower()
         users = [u for u in users if ql in u.get("email", "").lower() or ql in u.get("handle", "").lower()]
     users = users[: max(1, min(limit, 1000))]
+    out = []
     for u in users:
-        u.pop("pin_hash", None)
-    return {"count": len(users), "users": users}
+        copy = {k: v for k, v in u.items() if k != "pin_hash"}
+        out.append(copy)
+    return {"count": len(out), "users": out}
 
 @app.put("/admin/users/{handle}")
 async def admin_update_user(handle: str, patch: UpdateUser, request: Request):
@@ -350,21 +267,19 @@ async def admin_update_user(handle: str, patch: UpdateUser, request: Request):
                 u["disabled"] = bool(patch.disabled)
             if patch.pin is not None:
                 u["pin_hash"] = _hash_pin(patch.pin)
+            if patch.verified is not None:
+                # allow "", "staff", "dev"
+                val = (patch.verified or "").strip()
+                u["verified"] = val
             changed = True
             break
     if not changed:
         raise fastapi.HTTPException(status_code=404, detail="User not found")
-    # rewrite users file
-    async with app.state.users_lock:
-        def _write_all():
-            with open(USERS_FILE, "w", encoding="utf-8") as f:
-                for rec in users:
-                    f.write(json.dumps(rec, ensure_ascii=False) + "\n")
-        await asyncio.to_thread(_write_all)
+    await _write_users(users)
     return {"ok": True}
 
 # ---------------------------
-# Auth: login
+# Auth: login & me with intro support
 # ---------------------------
 @app.post("/auth/login")
 async def login(req: LoginReq):
@@ -383,164 +298,33 @@ async def login(req: LoginReq):
 @app.get("/me")
 async def me(request: Request):
     user = await _require_user(request)
-    pub = {k: v for k, v in user.items() if k not in ("pin_hash",)}
+    # copy raising sensitive info out
+    pub = {k: v for k, v in user.items() if k != "pin_hash"}
+    # Intro behavior: if user hasn't seen intro, return show_intro and update their flag
+    show_intro = False
+    if not user.get("seen_intro"):
+        show_intro = True
+        # mark seen_intro true and rewrite users file
+        users = await _read_users()
+        for u in users:
+            if u.get("handle") == user.get("handle"):
+                u["seen_intro"] = True
+                break
+        await _write_users(users)
+    # Access notice string for frontend popup
+    access_notice = "Access is rolling out class by class — you must be invited. If you entered an incorrect name or PIN, ask your teacher for help."
+    pub["show_intro"] = show_intro
+    pub["access_notice"] = access_notice
     return {"ok": True, "user": pub}
 
-# ---------------------------
-# Rooms endpoints
-# ---------------------------
-@app.get("/rooms")
-async def list_rooms(request: Request = None):
-    """
-    Returns rooms. If an Authorization bearer is supplied and the user is member/admin,
-    private room info will be visible. Otherwise invite_code is hidden.
-    """
-    rooms = await _read_rooms()
-    # If a valid bearer token present, get handle
-    authed_handle = None
-    auth = None
-    if request:
-        auth = request.headers.get("authorization", "")
-    if auth and auth.lower().startswith("bearer "):
-        token = auth.split(" ", 1)[1].strip()
-        authed_handle = app.state.sessions.get(token)
-    out = []
-    for r in rooms:
-        copy = {k: v for k, v in r.items() if k != "invite_code"}
-        # show invite_code only to admin (x-admin-key) or to admin bearer user (not implemented)
-        if request and request.headers.get("x-admin-key", "") == ADMIN_KEY:
-            copy["invite_code"] = r.get("invite_code", "")
-        # mark if current user is a member
-        copy["member"] = authed_handle in (r.get("members") or [])
-        out.append(copy)
-    return {"ok": True, "rooms": out}
-
-@app.post("/admin/rooms")
-async def admin_create_room(payload: dict, request: Request):
-    """
-    Admin-only: create room:
-    { "code": "grade6", "name": "Grade 6", "private": true }
-    Returns invite_code (server-generated) for private rooms.
-    """
-    _require_admin(request)
-    code = _safe_handle((payload.get("code") or "").lower())
-    if not code:
-        raise fastapi.HTTPException(status_code=400, detail="Invalid code")
-    name = (payload.get("name") or code).strip()
-    private = bool(payload.get("private", False))
-    rooms = await _read_rooms()
-    if any(r.get("code") == code for r in rooms):
-        return {"ok": False, "error": "Room exists"}
-    invite_code = ""
-    if private:
-        invite_code = hashlib.sha1(os.urandom(16)).hexdigest()[:10].upper()
-    rec = {"code": code, "name": name, "private": private, "invite_code": invite_code, "members": []}
-    rooms.append(rec)
-    await _save_rooms(rooms)
-    return {"ok": True, "room": rec}
-
-@app.get("/admin/rooms")
-async def admin_list_rooms(request: Request):
-    _require_admin(request)
-    rooms = await _read_rooms()
-    return {"ok": True, "rooms": rooms}
-
-@app.get("/admin/rooms/{code}")
-async def admin_get_room(code: str, request: Request):
-    _require_admin(request)
-    rooms = await _read_rooms()
-    r = next((x for x in rooms if x.get("code") == code), None)
-    if not r:
-        raise fastapi.HTTPException(status_code=404, detail="Room not found")
-    return {"ok": True, "room": r}
-
-@app.delete("/admin/rooms/{code}")
-async def admin_delete_room(code: str, request: Request):
-    _require_admin(request)
-    rooms = await _read_rooms()
-    code = _safe_handle(code)
-    new = [r for r in rooms if r.get("code") != code]
-    await _save_rooms(new)
-    return {"ok": True}
-
-@app.get("/admin/rooms/{code}/members")
-async def admin_room_members(code: str, request: Request):
-    _require_admin(request)
-    rooms = await _read_rooms()
-    r = next((x for x in rooms if x.get("code") == code), None)
-    if not r: raise fastapi.HTTPException(status_code=404, detail="Room not found")
-    return {"ok": True, "members": r.get("members", [])}
-
-@app.post("/admin/rooms/{code}/members/remove")
-async def admin_remove_room_member(code: str, body: dict, request: Request):
-    _require_admin(request)
-    handle = _safe_handle(body.get("handle", ""))
-    rooms = await _read_rooms()
-    found = False
-    for r in rooms:
-        if r.get("code") == code:
-            members = r.get("members", [])
-            if handle in members:
-                members.remove(handle)
-                r["members"] = members
-                found = True
-            break
-    if not found:
-        return {"ok": False, "error": "Member not found in room"}
-    await _save_rooms(rooms)
-    return {"ok": True}
-
-@app.post("/rooms/{code}/join")
-async def join_room(code: str, body: dict, request: Request):
-    """
-    Authenticated users call to join private rooms using invite code.
-    Non-private rooms are joinable without invite (server adds user as member).
-    """
-    user = await _require_user(request)
-    code = _safe_handle(code)
-    rooms = await _read_rooms()
-    r = next((x for x in rooms if x.get("code") == code), None)
-    if not r:
-        raise fastapi.HTTPException(status_code=404, detail="Room not found")
-    if r.get("private"):
-        provided = (body.get("invite") or "").strip()
-        if not provided:
-            raise fastapi.HTTPException(status_code=400, detail="Invite required")
-        if provided != r.get("invite_code"):
-            raise fastapi.HTTPException(status_code=403, detail="Invalid invite code")
-    # add member if not already
-    members = set(r.get("members", []))
-    members.add(user["handle"])
-    r["members"] = list(members)
-    await _save_rooms(rooms)
-    return {"ok": True, "room": r}
 
 # ---------------------------
-# Chat endpoints (read + write) with privacy enforcement
+# Chat endpoints (post + read + delete)
 # ---------------------------
-@app.get("/chat/{room_code}")
-async def get_messages(room_code: str, limit: int = 50, since: Optional[str] = None, request: Request = None):
-    """
-    Fetch messages for a room.
-    Public rooms are readable by anyone; private rooms require membership/auth.
-    """
+@app.get("/chat/{room}")
+async def get_messages(room: str, limit: int = 50, since: Optional[str] = None):
     limit = max(1, min(limit, 200))
-    rooms = await _read_rooms()
-    room_code = _safe_handle(room_code)
-    room = next((r for r in rooms if r.get("code") == room_code), None)
-    if not room:
-        # allow fallback to legacy behavior if no room metadata: public
-        room = {"code": room_code, "private": False}
-    # if private, require membership
-    if room.get("private"):
-        # require bearer token
-        try:
-            user = await _require_user(request)
-        except Exception:
-            raise fastapi.HTTPException(status_code=401, detail="Authentication required for this room")
-        if user.get("handle") not in room.get("members", []):
-            raise fastapi.HTTPException(status_code=403, detail="Not a member of this room")
-    path = _chat_file_for(room_code)
+    path = _chat_file_for(room)
     items = await _read_jsonl(path)
     if since:
         try:
@@ -554,214 +338,146 @@ async def get_messages(room_code: str, limit: int = 50, since: Optional[str] = N
     items.sort(key=lambda m: m.get("created_at", ""))
     if len(items) > limit:
         items = items[-limit:]
-    return {"room": room_code, "count": len(items), "messages": items}
+    return {"room": room, "count": len(items), "messages": items}
 
-@app.post("/chat/{room_code}")
-async def post_message(room_code: str, msg: NewMessage, request: Request):
-    """
-    Append a message to a room's chat.
-    Accepts images (data-urls or public URLs). Data-urls will be saved server-side and replaced with /static URLs.
-    """
-    room_code = _safe_handle(room_code)
-    rooms = await _read_rooms()
-    room = next((r for r in rooms if r.get("code") == room_code), None)
-    if not room:
-        # if room doesn't exist, disallow posting
-        raise fastapi.HTTPException(status_code=404, detail="Room not found")
-    # require auth
+@app.post("/chat/{room}")
+async def post_message(room: str, msg: NewMessage, request: Request):
+    path = _chat_file_for(room)
+    lock = _lock_for(path)
     user = await _require_user(request)
-    if room.get("private") and user.get("handle") not in room.get("members", []):
-        raise fastapi.HTTPException(status_code=403, detail="Not a member of this room")
+    author = f"{user.get('first_name','')} {user.get('last_name','')}".strip() or user.get("handle")
+    handle = user.get("handle")
+    klass = user.get("klass", "")
+    profile_image = user.get("profile_image", "")
     text = (msg.text or "").strip()
-    if not text and not msg.images:
+    if not text and not (msg.images or []):
         return {"ok": False, "error": "Empty message"}
-    images_out: List[str] = []
-    if msg.images:
-        # images can be data-urls or already public URLs; save data-urls
-        for im in msg.images[:8]:
-            try:
-                if isinstance(im, str) and im.startswith("data:"):
-                    url = await save_data_url(im)
-                    images_out.append(url)
-                else:
-                    # treat as already a served URL (validate basic)
-                    images_out.append(im)
-            except Exception as e:
-                logging.exception("image save failed")
-    author = f"{user.get('first_name','')} {user.get('last_name','')}".strip() or user.get("handle")
     created = _now_iso()
-    mid = hashlib.sha1(f"{room_code}|{author}|{created}|{text}".encode("utf-8")).hexdigest()[:16]
-    ip = request.client.host if request and request.client else None
+    mid = hashlib.sha1(f"{room}|{author}|{created}|{text}".encode("utf-8")).hexdigest()[:16]
     rec = {
         "id": mid,
-        "room": room_code,
+        "room": room,
         "author": author,
-        "handle": user.get("handle"),
-        "klass": user.get("klass", ""),
-        "profile_image": user.get("profile_image", ""),
+        "handle": handle,
+        "klass": klass,
+        "profile_image": profile_image,
         "text": text,
-        "images": images_out,
+        "images": msg.images or [],
         "created_at": created,
-        "ip": ip,
-        "ua": request.headers.get("user-agent", "")[:200],
+        "ua": request.headers.get("user-agent", "")[:200]
     }
-    path = _chat_file_for(room_code)
-    lock = _lock_for(path)
     async with lock:
         await _append_jsonl(path, rec)
     return {"ok": True, "message": rec}
 
+@app.delete("/chat/{room}/{msgid}")
+async def delete_message(room: str, msgid: str, request: Request):
+    """
+    Verified users (staff/dev) may delete posts; admin via x-admin-key may delete too.
+    """
+    # admin bypass?
+    if request.headers.get("x-admin-key", "") == ADMIN_KEY and ADMIN_KEY:
+        # allow admin delete
+        pass
+    else:
+        user = await _require_user(request)
+        if user.get("verified") not in ("staff", "dev"):
+            raise fastapi.HTTPException(status_code=403, detail="Only verified staff/developers may delete posts")
+    path = _chat_file_for(room)
+    items = await _read_jsonl(path)
+    new = [m for m in items if m.get("id") != msgid]
+    if len(new) == len(items):
+        raise fastapi.HTTPException(status_code=404, detail="Message not found")
+    # rewrite file
+    def _write():
+        with open(path, "w", encoding="utf-8") as f:
+            for rec in new:
+                f.write(json.dumps(rec, ensure_ascii=False) + "\n")
+    await asyncio.to_thread(_write)
+    return {"ok": True, "deleted": msgid}
+
+# ---------------------------
+# Admin endpoints for posts (view and delete)
+# ---------------------------
+@app.get("/admin/users/{handle}/posts")
+async def admin_user_posts(handle: str, request: Request):
+    _require_admin(request)
+    handle = _safe_handle(handle)
+    posts = []
+    # scan chat files
+    for fn in os.listdir(CHAT_DIR):
+        path = os.path.join(CHAT_DIR, fn)
+        try:
+            items = await _read_jsonl(path)
+            for m in items:
+                if m.get("handle") == handle:
+                    posts.append(m)
+        except Exception:
+            continue
+    # sort newest first
+    posts.sort(key=lambda x: x.get("created_at", ""), reverse=True)
+    return {"ok": True, "count": len(posts), "posts": posts}
+
+@app.delete("/admin/posts/{room}/{msgid}")
+async def admin_delete_post(room: str, msgid: str, request: Request):
+    _require_admin(request)
+    path = _chat_file_for(room)
+    items = await _read_jsonl(path)
+    new = [m for m in items if m.get("id") != msgid]
+    if len(new) == len(items):
+        raise fastapi.HTTPException(status_code=404, detail="Message not found")
+    def _write():
+        with open(path, "w", encoding="utf-8") as f:
+            for rec in new:
+                f.write(json.dumps(rec, ensure_ascii=False) + "\n")
+    await asyncio.to_thread(_write)
+    return {"ok": True, "deleted": msgid}
+
 # ---------------------------
-# Upload endpoint (multipart or JSON data-url)
+# Optional: upload_data_url endpoint (kept for future use)
 # ---------------------------
 @app.post("/upload_image")
-async def upload_image(file: Optional[UploadFile] = File(None), data_url: Optional[str] = Form(None), request: Request = None):
+async def upload_image(file: Optional[UploadFile] = File(None), data_url: Optional[str] = Form(None)):
     """
-    Accepts:
-    - multipart form 'file' (UploadFile)
-    - OR form field 'data_url' with a base64 data:... URL
-    Returns JSON: { ok: True, url: "/static/images/<file>" }
+    Accepts multipart file OR a data_url form field. Saves to disk and returns /static path.
+    (You asked to keep base64 as-is; we keep this endpoint but you can keep sending base64/images directly.)
     """
+    # simple saving implementation
+    IMAGES_DIR = os.path.join(PERSISTENT_ROOT, "static_images")
+    os.makedirs(IMAGES_DIR, exist_ok=True)
     if file:
-        try:
-            url = await save_upload_file(file)
-            return {"ok": True, "url": url}
-        except Exception as e:
-            logging.exception("upload failed")
-            raise fastapi.HTTPException(status_code=400, detail="Upload failed")
+        contents = await file.read()
+        ext = "." + (imghdr.what(None, contents) or "jpg")
+        name = hashlib.sha256(contents).hexdigest()[:20] + ext
+        out = os.path.join(IMAGES_DIR, name)
+        def _w():
+            with open(out, "wb") as f:
+                f.write(contents)
+        await asyncio.to_thread(_w)
+        return {"ok": True, "url": f"/static_images/{name}"}
     if data_url:
+        if not data_url.startswith("data:"):
+            raise fastapi.HTTPException(status_code=400, detail="Not a data URL")
+        header, b64 = data_url.split(",", 1)
         try:
-            url = await save_data_url(data_url)
-            return {"ok": True, "url": url}
-        except Exception as e:
-            logging.exception("data-url save failed")
-            raise fastapi.HTTPException(status_code=400, detail="Bad data URL")
+            payload = base64.b64decode(b64)
+        except Exception:
+            raise fastapi.HTTPException(status_code=400, detail="Bad base64")
+        ext = "." + (imghdr.what(None, payload) or "jpg")
+        name = hashlib.sha256(payload).hexdigest()[:20] + ext
+        out = os.path.join(IMAGES_DIR, name)
+        def _w():
+            with open(out, "wb") as f:
+                f.write(payload)
+        await asyncio.to_thread(_w)
+        return {"ok": True, "url": f"/static_images/{name}"}
     raise fastapi.HTTPException(status_code=400, detail="No file or data_url provided")
 
 # ---------------------------
-# (leftover original icloud endpoints unchanged)
+# Keep existing /album endpoints if you use them unchanged (omitted here)
 # ---------------------------
-BASE_62_MAP = {c: i for i, c in enumerate("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")}
-
-async def get_client() -> httpx.AsyncClient:
-    if not hasattr(app.state, "client"):
-        app.state.client = httpx.AsyncClient(timeout=15.0)
-    return app.state.client
-
-def base62_to_int(token: str) -> int:
-    result = 0
-    for ch in token:
-        result = result * 62 + BASE_62_MAP[ch]
-    return result
-
-async def get_base_url(token: str) -> str:
-    first = token[0]
-    if first == "A":
-        n = base62_to_int(token[1])
-    else:
-        n = base62_to_int(token[1:3])
-    return f"https://p{n:02d}-sharedstreams.icloud.com/{token}/sharedstreams/"
-
-ICLOUD_HEADERS = {
-    "Origin": "https://www.icloud.com",
-    "Content-Type": "text/plain",
-}
-ICLOUD_PAYLOAD = '{"streamCtag":null}'
-
-async def get_redirected_base_url(base_url: str, token: str) -> str:
-    client = await get_client()
-    resp = await client.post(
-        f"{base_url}webstream", headers=ICLOUD_HEADERS, data=ICLOUD_PAYLOAD, follow_redirects=False
-    )
-    if resp.status_code == 330:
-        try:
-            body = resp.json()
-            host = body.get("X-Apple-MMe-Host")
-            if not host:
-                raise ValueError("Missing X-Apple-MMe-Host in 330 response")
-            logging.info(f"Redirected to {host}")
-            return f"https://{host}/{token}/sharedstreams/"
-        except Exception as e:
-            logging.error(f"Redirect parsing failed: {e}")
-            raise
-    elif resp.status_code == 200:
-        return base_url
-    else:
-        resp.raise_for_status()
-
-async def post_json(path: str, base_url: str, payload: str) -> dict:
-    client = await get_client()
-    resp = await client.post(f"{base_url}{path}", headers=ICLOUD_HEADERS, data=payload)
-    resp.raise_for_status()
-    return resp.json()
-
-async def get_metadata(base_url: str) -> list:
-    data = await post_json("webstream", base_url, ICLOUD_PAYLOAD)
-    return data.get("photos", [])
-
-async def get_asset_urls(base_url: str, guids: list) -> dict:
-    payload = json.dumps({"photoGuids": guids})
-    data = await post_json("webasseturls", base_url, payload)
-    return data.get("items", {})
-
-@app.get("/album/{token}")
-async def get_album(token: str):
-    try:
-        base_url = await get_base_url(token)
-        base_url = await get_redirected_base_url(base_url, token)
-
-        metadata = await get_metadata(base_url)
-        guids = [photo["photoGuid"] for photo in metadata]
-        asset_map = await get_asset_urls(base_url, guids)
-
-        videos = []
-        for photo in metadata:
-            if photo.get("mediaAssetType", "").lower() != "video":
-                continue
-
-            derivatives = photo.get("derivatives", {})
-            best = max(
-                (d for k, d in derivatives.items() if k.lower() != "posterframe"),
-                key=lambda d: int(d.get("fileSize") or 0),
-                default=None,
-            )
-            if not best:
-                continue
-
-            checksum = best.get("checksum")
-            info = asset_map.get(checksum)
-            if not info:
-                continue
-            video_url = f"https://{info['url_location']}{info['url_path']}"
-
-            poster = None
-            pf = derivatives.get("PosterFrame")
-            if pf:
-                pf_info = asset_map.get(pf.get("checksum"))
-                if pf_info:
-                    poster = f"https://{pf_info['url_location']}{pf_info['url_path']}"
-
-            videos.append({
-                "caption": photo.get("caption", ""),
-                "url": video_url,
-                "poster": poster or "",
-            })
-
-        return {"videos": videos}
-
-    except Exception as e:
-        logging.exception("Error in get_album")
-        return {"error": str(e)}
-
-@app.get("/album/{token}/raw")
-async def get_album_raw(token: str):
-    try:
-        base_url = await get_base_url(token)
-        base_url = await get_redirected_base_url(base_url, token)
-        metadata = await get_metadata(base_url)
-        guids = [photo["photoGuid"] for photo in metadata]
-        asset_map = await get_asset_urls(base_url, guids)
-        return {"metadata": metadata, "asset_urls": asset_map}
-    except Exception as e:
-        logging.exception("Error in get_album_raw")
-        return {"error": str(e)}
+
+# minimal root
+@app.get("/")
+async def root():
+    return {"ok": True, "msg": "Central TLKS backend running"}