Deploy Zone.ID Domain API 2025-12-07

.gitattributes

@@ -1,35 +1,2 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
-*.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
-*.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text
+*.js linguist-language=JavaScript
+*.json linguist-language=JSON

Dockerfile

@@ -0,0 +1,54 @@
+FROM node:20-slim
+
+RUN apt-get update && apt-get install -y \
+    chromium \
+    fonts-liberation \
+    libasound2 \
+    libatk-bridge2.0-0 \
+    libatk1.0-0 \
+    libatspi2.0-0 \
+    libcups2 \
+    libdbus-1-3 \
+    libdrm2 \
+    libgbm1 \
+    libgtk-3-0 \
+    libnspr4 \
+    libnss3 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxfixes3 \
+    libxkbcommon0 \
+    libxrandr2 \
+    xdg-utils \
+    openssl \
+    ca-certificates \
+    git \
+    --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m -u 1000 user
+USER user
+
+ENV HOME=/home/user
+ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
+ENV CHROMIUM_PATH=/usr/bin/chromium
+
+WORKDIR /home/user/app
+
+COPY --chown=user package*.json ./
+
+RUN npm ci --only=production
+
+COPY --chown=user prisma ./prisma/
+
+RUN npx prisma generate
+
+COPY --chown=user . .
+
+ENV PORT=7860
+ENV HOST=0.0.0.0
+
+EXPOSE 7860
+
+CMD ["node", "src/server.js"]

README.md

@@ -1,10 +1,95 @@
 ---
-title: Domain Reg
-emoji: 🐨
-colorFrom: green
-colorTo: gray
+title: Zone.ID Domain Registration API
+emoji: 🌐
+colorFrom: blue
+colorTo: purple
 sdk: docker
+app_port: 7860
 pinned: false
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# Zone.ID Domain Registration API
+
+A REST API for automating zone.id and nett.to domain registration with automatic account management.
+
+## Features
+
+- **Domain Registration**: Create subdomains on zone.id and nett.to
+- **DNS Management**: Create, update, and delete A and CNAME records
+- **Auto-Account Creation**: Automatically creates new accounts when domain limits are reached
+- **Token Auto-Refresh**: Automatically refreshes tokens every 6 hours to prevent expiration
+
+## API Endpoints
+
+All endpoints require `X-API-Key` header for authentication.
+
+### Health Check
+- `GET /health` - Check API status
+- `GET /docs` - Swagger API documentation
+
+### Accounts (`/api/accounts`)
+- `GET /` - List all accounts
+- `POST /` - Create a new account
+- `GET /:id` - Get account details
+- `PATCH /:id` - Update account
+- `DELETE /:id` - Delete account
+- `POST /:id/refresh-token` - Manually refresh account token
+- `POST /refresh-all-tokens` - Refresh tokens for all accounts
+
+### Domains (`/api/domains`)
+- `GET /` - List all domains
+- `POST /` - Register a new domain
+- `GET /:id` - Get domain details
+- `DELETE /:id` - Delete domain
+
+### DNS Records (`/api/dns`)
+- `GET /:domainId/records` - List DNS records
+- `POST /:domainId/records` - Create DNS record (A/CNAME)
+- `PUT /:domainId/records/:recordId` - Update record
+- `DELETE /:domainId/records/:recordId` - Delete record
+- `POST /:domainId/sync` - Sync records from Zone.ID
+
+## Environment Variables
+
+Required:
+- `DATABASE_URL` - PostgreSQL connection string
+
+Optional:
+- `PORT` - Server port (default: 7860)
+- `HOST` - Server host (default: 0.0.0.0)
+
+## Usage Example
+
+```bash
+# Create a domain
+curl -X POST https://your-space.hf.space/api/domains \
+  -H "X-API-Key: your-api-key" \
+  -H "Content-Type: application/json" \
+  -d '{"subdomain": "myapp", "suffix": "zone.id"}'
+
+# Create an A record
+curl -X POST https://your-space.hf.space/api/dns/{domainId}/records \
+  -H "X-API-Key: your-api-key" \
+  -H "Content-Type: application/json" \
+  -d '{"type": "A", "hostname": "@", "content": "1.2.3.4"}'
+
+# Create a CNAME record
+curl -X POST https://your-space.hf.space/api/dns/{domainId}/records \
+  -H "X-API-Key: your-api-key" \
+  -H "Content-Type: application/json" \
+  -d '{"type": "CNAME", "hostname": "www", "content": "example.com"}'
+```
+
+## Token Auto-Refresh
+
+The API automatically refreshes Zone.ID tokens every 6 hours to prevent the 3-day expiration. You can also manually trigger a refresh:
+
+```bash
+# Refresh specific account token
+curl -X POST https://your-space.hf.space/api/accounts/{accountId}/refresh-token \
+  -H "X-API-Key: your-api-key"
+
+# Refresh all account tokens
+curl -X POST https://your-space.hf.space/api/accounts/refresh-all-tokens \
+  -H "X-API-Key: your-api-key"
+```

lib/account-creator.js

@@ -0,0 +1,389 @@
+const { PrismaClient } = require('@prisma/client');
+const bcrypt = require('bcrypt');
+const axios = require('axios');
+const cheerio = require('cheerio');
+const { generateEmail, waitForEmail, deleteAddress } = require('./temp-email');
+const { createAutzAccount } = require('./autz-account');
+
+const prisma = new PrismaClient();
+
+const AUTZ_API = 'https://autz.org/api';
+const ZONEID_API = 'https://my.zone.id/api';
+
+function generatePassword(length = 16) {
+  const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789!@#$%';
+  let password = '';
+  for (let i = 0; i < length; i++) {
+    password += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  return password;
+}
+
+function generateName() {
+  const firstNames = ['Alex', 'Jordan', 'Taylor', 'Morgan', 'Casey', 'Riley', 'Quinn', 'Avery', 'Parker', 'Drew'];
+  const lastNames = ['Smith', 'Johnson', 'Williams', 'Brown', 'Jones', 'Garcia', 'Miller', 'Davis', 'Wilson', 'Moore'];
+  return `${firstNames[Math.floor(Math.random() * firstNames.length)]} ${lastNames[Math.floor(Math.random() * lastNames.length)]}`;
+}
+
+function generatePhone() {
+  const prefix = '+628';
+  let number = '';
+  for (let i = 0; i < 10; i++) {
+    number += Math.floor(Math.random() * 10);
+  }
+  return prefix + number;
+}
+
+async function extractOtpFromEmail(emailHtml) {
+  const $ = cheerio.load(emailHtml);
+  const text = $.text();
+  
+  const otpMatch = text.match(/\b(\d{6})\b/);
+  if (otpMatch) {
+    return otpMatch[1];
+  }
+  
+  const codeMatch = text.match(/code[:\s]+(\d{6})/i);
+  if (codeMatch) {
+    return codeMatch[1];
+  }
+  
+  return null;
+}
+
+async function activateAccount(userTokenId, otp) {
+  const response = await axios.post(`${AUTZ_API}/activate`, {
+    user_token_id: userTokenId,
+    otp
+  });
+  return response.data;
+}
+
+async function loginToAutz(email, password) {
+  const response = await axios.post(`${AUTZ_API}/login`, {
+    email,
+    password
+  }, {
+    headers: {
+      'Content-Type': 'application/json',
+      'Origin': 'https://autz.org',
+      'Referer': 'https://autz.org/'
+    }
+  });
+  return response.data;
+}
+
+async function getZoneIdRefreshToken(email, password, retryCount = 0) {
+  const puppeteer = require('puppeteer-core');
+  const { solveTurnstile } = require('./autz-account');
+  
+  const CHROMIUM_PATH = process.env.CHROMIUM_PATH || process.env.PUPPETEER_EXECUTABLE_PATH || '/nix/store/khk7xpgsm5insk81azy9d560yq4npf77-chromium-131.0.6778.204/bin/chromium';
+  const ONBOARDING_URL = 'https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F';
+  const MAX_RETRIES = 2;
+  
+  console.log(`[OAuth] Starting Zone.ID OAuth flow for ${email} (attempt ${retryCount + 1}/${MAX_RETRIES + 1})`);
+  
+  let turnstileToken;
+  try {
+    console.log('[OAuth] Solving CAPTCHA...');
+    turnstileToken = await solveTurnstile();
+    console.log('[OAuth] CAPTCHA solved successfully');
+  } catch (err) {
+    console.error('[OAuth] CAPTCHA solve failed:', err.message);
+    if (retryCount < MAX_RETRIES) {
+      console.log('[OAuth] Retrying after CAPTCHA failure...');
+      await new Promise(r => setTimeout(r, 5000));
+      return getZoneIdRefreshToken(email, password, retryCount + 1);
+    }
+    throw new Error('Failed to solve CAPTCHA after retries');
+  }
+  
+  console.log('[OAuth] Launching browser...');
+  const browser = await puppeteer.launch({
+    executablePath: CHROMIUM_PATH,
+    headless: true,
+    args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage', '--disable-gpu']
+  });
+  
+  let refreshToken = null;
+  let authorizeRequestSeen = false;
+  
+  try {
+    const page = await browser.newPage();
+    await page.setViewport({ width: 1280, height: 800 });
+    
+    page.on('response', async (response) => {
+      const url = response.url();
+      if (url.includes('my.zone.id/api/authorize')) {
+        authorizeRequestSeen = true;
+        console.log('[OAuth] Detected Zone.ID authorize request');
+        try {
+          const headers = response.headers();
+          const setCookie = headers['set-cookie'];
+          if (setCookie && setCookie.includes('rt_subzoneid=')) {
+            const match = setCookie.match(/rt_subzoneid=([^;]+)/);
+            if (match) {
+              refreshToken = `rt_subzoneid=${match[1]}`;
+              console.log('[OAuth] Captured refresh token from authorize response!');
+            }
+          }
+        } catch (e) {
+          console.log('[OAuth] Error extracting token from response:', e.message);
+        }
+      }
+    });
+    
+    await page.evaluateOnNewDocument((token) => {
+      window.turnstile = {
+        render: (container, params) => {
+          if (params.callback) setTimeout(() => params.callback(token), 500);
+          return 'widget-id';
+        },
+        getResponse: () => token,
+        reset: () => {}
+      };
+    }, turnstileToken);
+    
+    console.log('[OAuth] Navigating to onboarding URL...');
+    await page.goto(ONBOARDING_URL, { waitUntil: 'networkidle2', timeout: 60000 });
+    
+    try {
+      await page.waitForSelector('#login-modal', { visible: true, timeout: 30000 });
+      console.log('[OAuth] Login modal visible');
+    } catch (err) {
+      console.log('[OAuth] Login modal not found, checking page state...');
+      const currentUrl = page.url();
+      console.log('[OAuth] Current URL:', currentUrl);
+    }
+    
+    console.log('[OAuth] Entering email...');
+    const emailInput = await page.$('input[type="email"]');
+    if (!emailInput) {
+      throw new Error('Email input not found on page');
+    }
+    await emailInput.type(email, { delay: 30 });
+    
+    await page.evaluate((token) => {
+      if (window.onVerifiedCaptcha) window.onVerifiedCaptcha(token);
+      const btn = document.querySelector('button.btn-primary');
+      if (btn) btn.disabled = false;
+    }, turnstileToken);
+    
+    await new Promise(r => setTimeout(r, 1000));
+    await page.click('button.btn-primary');
+    console.log('[OAuth] Submitted email, waiting for password field...');
+    
+    let passwordFieldFound = false;
+    for (let i = 0; i < 10; i++) {
+      await new Promise(r => setTimeout(r, 1000));
+      const passwordInput = await page.$('input[type="password"]');
+      if (passwordInput) {
+        passwordFieldFound = true;
+        console.log('[OAuth] Password field found');
+        break;
+      }
+      const pageText = await page.evaluate(() => document.body.innerText);
+      if (pageText.includes('Password') || pageText.includes('password')) {
+        passwordFieldFound = true;
+        break;
+      }
+    }
+    
+    if (!passwordFieldFound) {
+      const pageText = await page.evaluate(() => document.body.innerText);
+      console.log('[OAuth] Page content after email submit:', pageText.substring(0, 500));
+      throw new Error('Password field did not appear - account may not be properly activated');
+    }
+    
+    const passwordInput = await page.$('input[type="password"]');
+    if (passwordInput) {
+      console.log('[OAuth] Entering password...');
+      await passwordInput.type(password, { delay: 30 });
+      await new Promise(r => setTimeout(r, 500));
+      
+      console.log('[OAuth] Clicking login button...');
+      await Promise.all([
+        page.waitForNavigation({ waitUntil: 'networkidle0', timeout: 45000 }).catch(err => {
+          console.log('[OAuth] Navigation timeout/error:', err.message);
+        }),
+        page.click('button.btn-primary')
+      ]);
+      
+      console.log('[OAuth] Login submitted, waiting for redirect...');
+      await new Promise(r => setTimeout(r, 5000));
+    }
+    
+    if (!refreshToken) {
+      console.log('[OAuth] Checking cookies for refresh token...');
+      const cookies = await page.cookies('https://my.zone.id');
+      for (const cookie of cookies) {
+        if (cookie.name === 'rt_subzoneid') {
+          refreshToken = `rt_subzoneid=${cookie.value}`;
+          console.log('[OAuth] Captured refresh token from cookies!');
+          break;
+        }
+      }
+    }
+    
+    if (!refreshToken) {
+      const pageText = await page.evaluate(() => document.body.innerText);
+      if (pageText.includes('Choose account') || pageText.includes('Select account')) {
+        console.log('[OAuth] Account selection page detected, selecting account...');
+        
+        await page.evaluate((emailStr) => {
+          const emailPrefix = emailStr.split('@')[0];
+          const elements = document.querySelectorAll('div, button, a, li, span');
+          for (const el of elements) {
+            if (el.textContent && el.textContent.includes(emailPrefix)) {
+              el.click();
+              break;
+            }
+          }
+        }, email);
+        
+        await new Promise(r => setTimeout(r, 5000));
+        
+        const cookies = await page.cookies('https://my.zone.id');
+        for (const cookie of cookies) {
+          if (cookie.name === 'rt_subzoneid') {
+            refreshToken = `rt_subzoneid=${cookie.value}`;
+            console.log('[OAuth] Captured refresh token after account selection!');
+            break;
+          }
+        }
+      }
+    }
+    
+    if (!refreshToken && !authorizeRequestSeen) {
+      console.log('[OAuth] Authorize request not seen, trying direct navigation to my.zone.id...');
+      await page.goto('https://my.zone.id/', { waitUntil: 'networkidle2', timeout: 30000 });
+      await new Promise(r => setTimeout(r, 3000));
+      
+      const cookies = await page.cookies('https://my.zone.id');
+      for (const cookie of cookies) {
+        if (cookie.name === 'rt_subzoneid') {
+          refreshToken = `rt_subzoneid=${cookie.value}`;
+          console.log('[OAuth] Captured refresh token from my.zone.id navigation!');
+          break;
+        }
+      }
+    }
+    
+    if (!refreshToken) {
+      const finalUrl = page.url();
+      console.log('[OAuth] Final URL:', finalUrl);
+      console.log('[OAuth] Authorize request seen:', authorizeRequestSeen);
+    }
+    
+  } finally {
+    await browser.close();
+  }
+  
+  if (!refreshToken && retryCount < MAX_RETRIES) {
+    console.log('[OAuth] Retrying OAuth flow...');
+    await new Promise(r => setTimeout(r, 3000));
+    return getZoneIdRefreshToken(email, password, retryCount + 1);
+  }
+  
+  if (refreshToken) {
+    console.log('[OAuth] Successfully obtained refresh token');
+  } else {
+    console.log('[OAuth] Failed to obtain refresh token after all attempts');
+  }
+  
+  return refreshToken;
+}
+
+async function createAndActivateAccount() {
+  console.log('Starting auto-account creation...');
+  
+  const emailData = await generateEmail('zoneid');
+  const email = emailData.address;
+  console.log(`Generated temp email: ${email}`);
+  
+  const password = generatePassword();
+  const name = generateName();
+  const phone = generatePhone();
+  
+  console.log('Creating Autz.org account...');
+  const accountResult = await createAutzAccount(email, password, name, phone);
+  
+  if (!accountResult.success || !accountResult.userTokenId) {
+    await deleteAddress(email);
+    throw new Error('Failed to create Autz.org account');
+  }
+  
+  console.log('Waiting for verification email...');
+  const verificationEmail = await waitForEmail(email, 180000, 5000);
+  
+  const otp = await extractOtpFromEmail(verificationEmail.html || verificationEmail.text);
+  if (!otp) {
+    await deleteAddress(email);
+    throw new Error('Could not extract OTP from email');
+  }
+  
+  console.log(`Activating account with OTP: ${otp}`);
+  await activateAccount(accountResult.userTokenId, otp);
+  
+  console.log('Getting Zone.ID refresh token via OAuth flow...');
+  let refreshToken = null;
+  try {
+    refreshToken = await getZoneIdRefreshToken(email, password);
+    if (refreshToken) {
+      console.log('Successfully obtained Zone.ID refresh token');
+    } else {
+      await deleteAddress(email);
+      throw new Error('Could not obtain Zone.ID refresh token - account created but not usable');
+    }
+  } catch (err) {
+    console.error('Error getting Zone.ID refresh token:', err.message);
+    await deleteAddress(email);
+    throw err;
+  }
+  
+  const passwordHash = await bcrypt.hash(password, 10);
+  
+  const account = await prisma.account.create({
+    data: {
+      email,
+      passwordHash,
+      name,
+      phone,
+      refreshToken,
+      status: 'active',
+      domainCount: 0
+    }
+  });
+  
+  await deleteAddress(email);
+  
+  console.log(`Account created successfully: ${account.id}`);
+  
+  return account;
+}
+
+async function getOrCreateAvailableAccount() {
+  let account = await prisma.account.findFirst({
+    where: {
+      status: 'active',
+      domainCount: { lt: 10 },
+      refreshToken: { not: null }
+    },
+    orderBy: { domainCount: 'asc' }
+  });
+  
+  if (account) {
+    return account;
+  }
+  
+  console.log('No available account with domain slots. Creating new account...');
+  return await createAndActivateAccount();
+}
+
+module.exports = {
+  createAndActivateAccount,
+  getOrCreateAvailableAccount,
+  generatePassword,
+  generateName,
+  generatePhone
+};

lib/autz-account.js

@@ -0,0 +1,104 @@
+const puppeteer = require('puppeteer-core');
+const axios = require('axios');
+
+const CHROMIUM_PATH = process.env.CHROMIUM_PATH || process.env.PUPPETEER_EXECUTABLE_PATH || '/nix/store/khk7xpgsm5insk81azy9d560yq4npf77-chromium-131.0.6778.204/bin/chromium';
+const CF_SOLVER_URL = 'https://samleuma-cf-solver.hf.space/solver';
+const TURNSTILE_SITEKEY = '0x4AAAAAAAfqMU3EtZs0r_nN';
+const ONBOARDING_URL = 'https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F';
+
+async function solveTurnstile() {
+  const response = await axios.post(CF_SOLVER_URL, {
+    mode: 'turnstile-max',
+    url: ONBOARDING_URL,
+    siteKey: TURNSTILE_SITEKEY
+  }, { timeout: 180000 });
+  
+  if (response.data.code === 200 && response.data.token) {
+    return response.data.token;
+  }
+  throw new Error('Failed to solve Turnstile: ' + JSON.stringify(response.data));
+}
+
+async function createAutzAccount(email, password, name, phone) {
+  const turnstileToken = await solveTurnstile();
+  
+  const browser = await puppeteer.launch({
+    executablePath: CHROMIUM_PATH,
+    headless: true,
+    args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage', '--disable-gpu']
+  });
+
+  let loginToken = null;
+  let userTokenId = null;
+
+  try {
+    const page = await browser.newPage();
+    await page.setViewport({ width: 1280, height: 800 });
+    
+    page.on('response', async (response) => {
+      const url = response.url();
+      if (url.includes('/api/login') && response.status() === 201) {
+        try {
+          const data = await response.json();
+          loginToken = data.token;
+        } catch (e) {}
+      }
+      if (url.includes('/api/register') && response.status() === 200) {
+        try {
+          const data = await response.json();
+          userTokenId = data.user_token_id;
+        } catch (e) {}
+      }
+    });
+    
+    await page.evaluateOnNewDocument((token) => {
+      window.turnstile = {
+        render: (container, params) => {
+          if (params.callback) setTimeout(() => params.callback(token), 500);
+          return 'widget-id';
+        },
+        getResponse: () => token,
+        reset: () => {}
+      };
+    }, turnstileToken);
+    
+    await page.goto(ONBOARDING_URL, { waitUntil: 'networkidle2', timeout: 60000 });
+    await page.waitForSelector('#login-modal', { visible: true, timeout: 30000 });
+    
+    await page.type('input[type="email"]', email, { delay: 20 });
+
+    await page.evaluate((token) => {
+      if (window.onVerifiedCaptcha) window.onVerifiedCaptcha(token);
+      const btn = document.querySelector('button.btn-primary');
+      if (btn) btn.disabled = false;
+    }, turnstileToken);
+
+    await new Promise(r => setTimeout(r, 1000));
+    await page.click('button.btn-primary');
+    await new Promise(r => setTimeout(r, 3000));
+
+    const inputs = await page.$$('#login-modal input.form-control');
+    
+    if (inputs.length >= 4) {
+      await inputs[1].type(password, { delay: 15 });
+      await inputs[2].type(name, { delay: 15 });
+      await inputs[3].type(phone, { delay: 15 });
+      
+      await page.click('button.btn-primary');
+      await new Promise(r => setTimeout(r, 5000));
+    }
+
+    return {
+      success: !!userTokenId,
+      email,
+      userTokenId,
+      loginToken,
+      needsActivation: true
+    };
+
+  } finally {
+    await browser.close();
+  }
+}
+
+module.exports = { createAutzAccount, solveTurnstile };

lib/remote-browser.js

@@ -0,0 +1,53 @@
+const puppeteer = require('puppeteer-core');
+const axios = require('axios');
+
+const BROWSER_API_URL = 'https://samleuma-browser.hf.space';
+
+async function getRemoteBrowser() {
+  const response = await axios.get(`${BROWSER_API_URL}/api/ws-endpoint`, { timeout: 30000 });
+  
+  if (!response.data.browserConnected || !response.data.wsEndpoint) {
+    throw new Error('Remote browser not ready');
+  }
+  
+  const wsEndpoint = response.data.wsEndpoint.replace('ws://127.0.0.1', 'wss://samleuma-browser.hf.space');
+  
+  const browser = await puppeteer.connect({
+    browserWSEndpoint: wsEndpoint,
+    defaultViewport: { width: 1280, height: 800 }
+  });
+  
+  return browser;
+}
+
+async function executeOnRemoteBrowser(url, script, waitFor = null) {
+  const payload = { url, script };
+  if (waitFor) payload.waitFor = waitFor;
+  
+  const response = await axios.post(`${BROWSER_API_URL}/api/execute`, payload, { timeout: 60000 });
+  return response.data;
+}
+
+async function takeRemoteScreenshot(url, fullPage = false) {
+  const response = await axios.post(`${BROWSER_API_URL}/api/screenshot`, { url, fullPage }, { timeout: 60000 });
+  return response.data;
+}
+
+async function createRemotePage() {
+  const response = await axios.post(`${BROWSER_API_URL}/api/page/new`, {}, { timeout: 30000 });
+  return response.data;
+}
+
+async function getBrowserStatus() {
+  const response = await axios.get(`${BROWSER_API_URL}/api/status`, { timeout: 10000 });
+  return response.data;
+}
+
+module.exports = {
+  getRemoteBrowser,
+  executeOnRemoteBrowser,
+  takeRemoteScreenshot,
+  createRemotePage,
+  getBrowserStatus,
+  BROWSER_API_URL
+};

lib/temp-email.js

@@ -0,0 +1,64 @@
+const axios = require('axios');
+
+const EMAIL_API_URL = 'https://email.agbala-itura.name.ng/api';
+
+async function generateEmail(label = null, custom = null) {
+  const payload = {};
+  if (label) payload.label = label;
+  if (custom) payload.custom = custom;
+  
+  const response = await axios.post(`${EMAIL_API_URL}/addresses`, payload);
+  
+  if (response.data.success) {
+    return response.data.data;
+  }
+  throw new Error('Failed to generate email: ' + JSON.stringify(response.data));
+}
+
+async function listEmails(address) {
+  const response = await axios.get(`${EMAIL_API_URL}/emails`, {
+    params: { address }
+  });
+  
+  if (response.data.success) {
+    return response.data.data.items;
+  }
+  return [];
+}
+
+async function getEmail(id) {
+  const response = await axios.get(`${EMAIL_API_URL}/emails/${id}`);
+  
+  if (response.data.success) {
+    return response.data.data;
+  }
+  throw new Error('Email not found');
+}
+
+async function waitForEmail(address, timeout = 120000, interval = 5000) {
+  const startTime = Date.now();
+  
+  while (Date.now() - startTime < timeout) {
+    const emails = await listEmails(address);
+    
+    if (emails.length > 0) {
+      return emails[0];
+    }
+    
+    await new Promise(r => setTimeout(r, interval));
+  }
+  
+  throw new Error('Timeout waiting for email');
+}
+
+async function deleteAddress(address) {
+  await axios.delete(`${EMAIL_API_URL}/addresses/${encodeURIComponent(address)}`);
+}
+
+module.exports = { 
+  generateEmail, 
+  listEmails, 
+  getEmail, 
+  waitForEmail, 
+  deleteAddress 
+};

lib/token-scheduler.js

@@ -0,0 +1,149 @@
+const { PrismaClient } = require('@prisma/client');
+const { ZoneIdAPI } = require('./zoneid-api');
+
+const prisma = new PrismaClient();
+
+const REFRESH_INTERVAL_MS = 3 * 24 * 60 * 60 * 1000;
+const REFRESH_CHECK_INTERVAL_MS = 6 * 60 * 60 * 1000;
+
+async function refreshAccountToken(account) {
+  console.log(`[TokenScheduler] Refreshing token for account: ${account.email}`);
+  
+  if (!account.refreshToken) {
+    console.log(`[TokenScheduler] Account ${account.email} has no refresh token, skipping`);
+    return { success: false, reason: 'no_token' };
+  }
+  
+  const api = new ZoneIdAPI();
+  api.setRefreshTokenCookie(account.refreshToken);
+  
+  try {
+    const response = await api.refreshAccessToken();
+    
+    if (response && response.token) {
+      console.log(`[TokenScheduler] Successfully refreshed token for ${account.email}`);
+      
+      await prisma.account.update({
+        where: { id: account.id },
+        data: { updatedAt: new Date() }
+      });
+      
+      return { success: true };
+    }
+    
+    return { success: true, note: 'Token validated' };
+  } catch (err) {
+    console.error(`[TokenScheduler] Failed to refresh token for ${account.email}:`, err.message);
+    
+    if (err.response?.status === 401 || err.message.includes('expired')) {
+      console.log(`[TokenScheduler] Marking account ${account.email} as needing re-authentication`);
+      
+      await prisma.account.update({
+        where: { id: account.id },
+        data: { status: 'token_expired' }
+      });
+      
+      return { success: false, reason: 'token_expired' };
+    }
+    
+    return { success: false, reason: err.message };
+  }
+}
+
+async function refreshAllAccountTokens() {
+  console.log('[TokenScheduler] Starting token refresh cycle for all accounts...');
+  
+  const accounts = await prisma.account.findMany({
+    where: {
+      status: 'active',
+      refreshToken: { not: null }
+    }
+  });
+  
+  console.log(`[TokenScheduler] Found ${accounts.length} active accounts with tokens`);
+  
+  const results = {
+    total: accounts.length,
+    success: 0,
+    failed: 0,
+    skipped: 0,
+    details: []
+  };
+  
+  for (const account of accounts) {
+    try {
+      await new Promise(r => setTimeout(r, 2000));
+      
+      const result = await refreshAccountToken(account);
+      
+      if (result.success) {
+        results.success++;
+      } else if (result.reason === 'no_token') {
+        results.skipped++;
+      } else {
+        results.failed++;
+      }
+      
+      results.details.push({
+        accountId: account.id,
+        email: account.email,
+        ...result
+      });
+    } catch (err) {
+      console.error(`[TokenScheduler] Unexpected error for ${account.email}:`, err.message);
+      results.failed++;
+      results.details.push({
+        accountId: account.id,
+        email: account.email,
+        success: false,
+        reason: err.message
+      });
+    }
+  }
+  
+  console.log(`[TokenScheduler] Refresh cycle complete: ${results.success} success, ${results.failed} failed, ${results.skipped} skipped`);
+  
+  return results;
+}
+
+let schedulerInterval = null;
+
+function startTokenScheduler() {
+  if (schedulerInterval) {
+    console.log('[TokenScheduler] Scheduler already running');
+    return;
+  }
+  
+  console.log(`[TokenScheduler] Starting scheduler (check interval: ${REFRESH_CHECK_INTERVAL_MS / 1000 / 60 / 60} hours)`);
+  
+  setTimeout(() => {
+    refreshAllAccountTokens().catch(err => {
+      console.error('[TokenScheduler] Initial refresh failed:', err.message);
+    });
+  }, 60000);
+  
+  schedulerInterval = setInterval(() => {
+    refreshAllAccountTokens().catch(err => {
+      console.error('[TokenScheduler] Scheduled refresh failed:', err.message);
+    });
+  }, REFRESH_CHECK_INTERVAL_MS);
+  
+  console.log('[TokenScheduler] Scheduler started successfully');
+}
+
+function stopTokenScheduler() {
+  if (schedulerInterval) {
+    clearInterval(schedulerInterval);
+    schedulerInterval = null;
+    console.log('[TokenScheduler] Scheduler stopped');
+  }
+}
+
+module.exports = {
+  refreshAccountToken,
+  refreshAllAccountTokens,
+  startTokenScheduler,
+  stopTokenScheduler,
+  REFRESH_INTERVAL_MS,
+  REFRESH_CHECK_INTERVAL_MS
+};

lib/zoneid-api.js

@@ -0,0 +1,180 @@
+const axios = require('axios');
+
+const API_BASE = 'https://my.zone.id/api';
+
+class ZoneIdAPI {
+  constructor() {
+    this.accessToken = null;
+    this.refreshTokenCookie = null;
+    this.client = axios.create({
+      baseURL: API_BASE,
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
+        'Accept': 'application/json',
+        'Content-Type': 'application/json',
+        'Origin': 'https://my.zone.id',
+        'Referer': 'https://my.zone.id/'
+      }
+    });
+    
+    this.client.interceptors.request.use((config) => {
+      if (this.accessToken) {
+        config.headers.Authorization = `Bearer ${this.accessToken}`;
+      }
+      if (this.refreshTokenCookie) {
+        config.headers.Cookie = this.refreshTokenCookie;
+      }
+      return config;
+    });
+    
+    this.client.interceptors.response.use(
+      (response) => response,
+      (error) => {
+        if (error.response) {
+          console.log('API Error:', error.response.status, error.response.data);
+        }
+        return Promise.reject(error);
+      }
+    );
+  }
+
+  setAccessToken(token) {
+    this.accessToken = token;
+  }
+
+  setRefreshTokenCookie(cookie) {
+    this.refreshTokenCookie = cookie;
+  }
+
+  async refreshAccessToken() {
+    if (!this.refreshTokenCookie) {
+      throw new Error('No refresh token cookie set');
+    }
+    const response = await this.client.post('/refresh-token');
+    if (response.data && response.data.token) {
+      this.accessToken = response.data.token;
+    }
+    return response.data;
+  }
+
+  async getAuthUrl() {
+    const response = await this.client.get('/authurl');
+    return response.data;
+  }
+
+  async authorize(code) {
+    const response = await this.client.post('/authorize', { auth_code: code });
+    return response.data;
+  }
+
+  async refreshToken() {
+    const response = await this.client.post('/refresh-token');
+    return response.data;
+  }
+
+  async logout() {
+    const response = await this.client.post('/logout');
+    return response.data;
+  }
+
+  async listSubdomains() {
+    const response = await this.client.get('/subdomains');
+    return response.data;
+  }
+
+  async createSubdomain(subdomain, suffix = 'zone.id', mode = 'dns_record', usageType, usageDescription) {
+    const fullSubdomain = `${subdomain}.${suffix}`;
+    console.log('Creating subdomain:', fullSubdomain);
+    const response = await this.client.post('/subdomains', {
+      subdomain: fullSubdomain,
+      mode,
+      usage_type: usageType,
+      usage_description: usageDescription
+    });
+    console.log('Create response:', JSON.stringify(response.data));
+    
+    if (!response.data || !response.data.id) {
+      console.log('No ID in response, fetching subdomain list...');
+      const list = await this.listSubdomains();
+      if (list && list.data) {
+        const created = list.data.find(d => d.subdomain === fullSubdomain);
+        if (created) {
+          console.log('Found created subdomain:', created.id);
+          return created;
+        }
+      }
+    }
+    
+    return response.data;
+  }
+
+  async getSubdomain(id) {
+    const response = await this.client.get(`/subdomains/${id}`);
+    return response.data;
+  }
+
+  async updateSubdomain(id, data) {
+    const response = await this.client.patch(`/subdomains/${id}`, data);
+    return response.data;
+  }
+
+  async deleteSubdomain(id) {
+    const response = await this.client.delete(`/subdomains/${id}`);
+    return response.data;
+  }
+
+  async getDnsRecords(subdomainId) {
+    const response = await this.client.get(`/subdomains/${subdomainId}/dns`);
+    return response.data;
+  }
+
+  async createDnsRecord(subdomainId, record) {
+    const normalizedRecord = {
+      type: record.type,
+      hostname: record.hostname || record.name,
+      content: record.content || record.value
+    };
+    if (record.note) normalizedRecord.note = record.note;
+    
+    const response = await this.client.post(`/subdomains/${subdomainId}/dns`, normalizedRecord);
+    return response.data;
+  }
+
+  async updateDnsRecord(subdomainId, recordId, record) {
+    const normalizedRecord = {};
+    if (record.type) normalizedRecord.type = record.type;
+    if (record.hostname || record.name) normalizedRecord.hostname = record.hostname || record.name;
+    if (record.content || record.value) normalizedRecord.content = record.content || record.value;
+    if (record.note) normalizedRecord.note = record.note;
+    
+    const response = await this.client.patch(`/subdomains/${subdomainId}/dns/${recordId}`, normalizedRecord);
+    return response.data;
+  }
+
+  async deleteDnsRecord(subdomainId, recordId) {
+    const response = await this.client.delete(`/subdomains/${subdomainId}/dns/${recordId}`);
+    return response.data;
+  }
+
+  async getUrlForwarder(subdomainId) {
+    const response = await this.client.get(`/subdomains/${subdomainId}/url_forwarder`);
+    return response.data;
+  }
+
+  async createUrlForwarder(subdomainId, forwarder) {
+    const response = await this.client.post(`/subdomains/${subdomainId}/url_forwarder`, forwarder);
+    return response.data;
+  }
+
+  async getFeatured() {
+    const response = await this.client.get('/featured');
+    return response.data;
+  }
+
+  async getOfficial() {
+    const response = await this.client.get('/official');
+    return response.data;
+  }
+}
+
+module.exports = { ZoneIdAPI };

package.json

@@ -0,0 +1,31 @@
+{
+  "name": "zoneid-domain-api",
+  "version": "1.0.0",
+  "description": "Zone.ID Domain Registration API with auto-account creation",
+  "main": "src/server.js",
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "node src/server.js",
+    "db:migrate": "npx prisma migrate deploy",
+    "db:generate": "npx prisma generate",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@fastify/cors": "^11.1.0",
+    "@fastify/swagger": "^9.6.1",
+    "@fastify/swagger-ui": "^5.2.3",
+    "@prisma/client": "^5.22.0",
+    "@types/node": "^22.13.11",
+    "axios": "^1.13.2",
+    "bcrypt": "^6.0.0",
+    "cheerio": "^1.1.2",
+    "dotenv": "^17.2.3",
+    "fastify": "^5.6.2",
+    "prisma": "^5.22.0",
+    "puppeteer": "^24.32.0",
+    "puppeteer-core": "^24.32.0"
+  }
+}

prisma/migrations/20251207094931_init/migration.sql

@@ -0,0 +1,96 @@
+-- CreateTable
+CREATE TABLE "Account" (
+    "id" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "passwordHash" TEXT NOT NULL,
+    "refreshToken" TEXT,
+    "name" TEXT,
+    "phone" TEXT,
+    "autzorgId" TEXT,
+    "zoneIdUserId" TEXT,
+    "status" TEXT NOT NULL DEFAULT 'active',
+    "domainCount" INTEGER NOT NULL DEFAULT 0,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "Account_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "Domain" (
+    "id" TEXT NOT NULL,
+    "zoneIdDomainId" TEXT NOT NULL,
+    "subdomain" TEXT NOT NULL,
+    "suffix" TEXT NOT NULL,
+    "mode" TEXT NOT NULL DEFAULT 'dns_record',
+    "usageType" TEXT,
+    "usageDescription" TEXT,
+    "status" TEXT NOT NULL DEFAULT 'active',
+    "plan" TEXT NOT NULL DEFAULT 'free',
+    "expiresAt" TIMESTAMP(3),
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "accountId" TEXT NOT NULL,
+
+    CONSTRAINT "Domain_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "DnsRecord" (
+    "id" TEXT NOT NULL,
+    "zoneIdRecordId" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "hostname" TEXT NOT NULL,
+    "content" TEXT NOT NULL,
+    "note" TEXT,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "domainId" TEXT NOT NULL,
+
+    CONSTRAINT "DnsRecord_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "ApiKey" (
+    "id" TEXT NOT NULL,
+    "key" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "isActive" BOOLEAN NOT NULL DEFAULT true,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "lastUsedAt" TIMESTAMP(3),
+
+    CONSTRAINT "ApiKey_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Account_email_key" ON "Account"("email");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Domain_zoneIdDomainId_key" ON "Domain"("zoneIdDomainId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Domain_subdomain_key" ON "Domain"("subdomain");
+
+-- CreateIndex
+CREATE INDEX "Domain_accountId_idx" ON "Domain"("accountId");
+
+-- CreateIndex
+CREATE INDEX "Domain_suffix_idx" ON "Domain"("suffix");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "DnsRecord_zoneIdRecordId_key" ON "DnsRecord"("zoneIdRecordId");
+
+-- CreateIndex
+CREATE INDEX "DnsRecord_domainId_idx" ON "DnsRecord"("domainId");
+
+-- CreateIndex
+CREATE INDEX "DnsRecord_type_idx" ON "DnsRecord"("type");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ApiKey_key_key" ON "ApiKey"("key");
+
+-- AddForeignKey
+ALTER TABLE "Domain" ADD CONSTRAINT "Domain_accountId_fkey" FOREIGN KEY ("accountId") REFERENCES "Account"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "DnsRecord" ADD CONSTRAINT "DnsRecord_domainId_fkey" FOREIGN KEY ("domainId") REFERENCES "Domain"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/migration_lock.toml

@@ -0,0 +1,3 @@
+# Please do not edit this file manually
+# It should be added in your version-control system (i.e. Git)
+provider = "postgresql"

prisma/schema.prisma

@@ -0,0 +1,74 @@
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+model Account {
+  id              String   @id @default(cuid())
+  email           String   @unique
+  passwordHash    String
+  refreshToken    String?
+  name            String?
+  phone           String?
+  autzorgId       String?
+  zoneIdUserId    String?
+  status          String   @default("active")
+  domainCount     Int      @default(0)
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+  
+  domains         Domain[]
+}
+
+model Domain {
+  id              String   @id @default(cuid())
+  zoneIdDomainId  String   @unique
+  subdomain       String   @unique
+  suffix          String
+  mode            String   @default("dns_record")
+  usageType       String?
+  usageDescription String?
+  status          String   @default("active")
+  plan            String   @default("free")
+  expiresAt       DateTime?
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+  
+  accountId       String
+  account         Account  @relation(fields: [accountId], references: [id])
+  
+  dnsRecords      DnsRecord[]
+  
+  @@index([accountId])
+  @@index([suffix])
+}
+
+model DnsRecord {
+  id              String   @id @default(cuid())
+  zoneIdRecordId  String   @unique
+  type            String
+  hostname        String
+  content         String
+  note            String?
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+  
+  domainId        String
+  domain          Domain   @relation(fields: [domainId], references: [id], onDelete: Cascade)
+  
+  @@index([domainId])
+  @@index([type])
+}
+
+model ApiKey {
+  id              String   @id @default(cuid())
+  key             String   @unique
+  name            String
+  isActive        Boolean  @default(true)
+  createdAt       DateTime @default(now())
+  lastUsedAt      DateTime?
+}

src/routes/accounts.js

@@ -0,0 +1,310 @@
+const { PrismaClient } = require('@prisma/client');
+const bcrypt = require('bcrypt');
+const { refreshAccountToken, refreshAllAccountTokens } = require('../../lib/token-scheduler');
+
+const prisma = new PrismaClient();
+
+async function accountRoutes(fastify, options) {
+  fastify.get('/', {
+    schema: {
+      summary: 'List all accounts',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            accounts: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  email: { type: 'string' },
+                  name: { type: 'string' },
+                  status: { type: 'string' },
+                  domainCount: { type: 'integer' },
+                  createdAt: { type: 'string' }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const accounts = await prisma.account.findMany({
+      select: {
+        id: true,
+        email: true,
+        name: true,
+        status: true,
+        domainCount: true,
+        createdAt: true
+      }
+    });
+    return { accounts };
+  });
+
+  fastify.post('/', {
+    schema: {
+      summary: 'Create a new account',
+      description: 'Register a new account with Autz.org credentials. Note: Browser automation required for initial setup.',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      body: {
+        type: 'object',
+        required: ['email', 'password'],
+        properties: {
+          email: { type: 'string', format: 'email' },
+          password: { type: 'string', minLength: 8 },
+          name: { type: 'string' },
+          phone: { type: 'string' },
+          refreshToken: { type: 'string', description: 'Refresh token cookie from browser authentication' }
+        }
+      },
+      response: {
+        201: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            email: { type: 'string' },
+            message: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { email, password, name, phone, refreshToken } = request.body;
+
+    const existing = await prisma.account.findUnique({ where: { email } });
+    if (existing) {
+      return reply.code(409).send({ error: 'Account already exists' });
+    }
+
+    const passwordHash = await bcrypt.hash(password, 10);
+
+    const account = await prisma.account.create({
+      data: {
+        email,
+        passwordHash,
+        name,
+        phone,
+        refreshToken
+      }
+    });
+
+    reply.code(201);
+    return {
+      id: account.id,
+      email: account.email,
+      message: 'Account created successfully'
+    };
+  });
+
+  fastify.get('/:id', {
+    schema: {
+      summary: 'Get account details',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            email: { type: 'string' },
+            name: { type: 'string' },
+            status: { type: 'string' },
+            domainCount: { type: 'integer' },
+            createdAt: { type: 'string' },
+            domains: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  subdomain: { type: 'string' },
+                  suffix: { type: 'string' },
+                  status: { type: 'string' }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+
+    const account = await prisma.account.findUnique({
+      where: { id },
+      include: {
+        domains: {
+          select: {
+            id: true,
+            subdomain: true,
+            suffix: true,
+            status: true
+          }
+        }
+      }
+    });
+
+    if (!account) {
+      return reply.code(404).send({ error: 'Account not found' });
+    }
+
+    return {
+      id: account.id,
+      email: account.email,
+      name: account.name,
+      status: account.status,
+      domainCount: account.domainCount,
+      createdAt: account.createdAt,
+      domains: account.domains
+    };
+  });
+
+  fastify.patch('/:id', {
+    schema: {
+      summary: 'Update account',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      },
+      body: {
+        type: 'object',
+        properties: {
+          refreshToken: { type: 'string' },
+          status: { type: 'string', enum: ['active', 'inactive'] }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+    const { refreshToken, status } = request.body;
+
+    const account = await prisma.account.update({
+      where: { id },
+      data: {
+        ...(refreshToken && { refreshToken }),
+        ...(status && { status })
+      }
+    });
+
+    return { id: account.id, message: 'Account updated' };
+  });
+
+  fastify.delete('/:id', {
+    schema: {
+      summary: 'Delete account',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+
+    await prisma.account.delete({ where: { id } });
+
+    return { message: 'Account deleted' };
+  });
+
+  fastify.post('/:id/refresh-token', {
+    schema: {
+      summary: 'Refresh account token',
+      description: 'Manually refresh the Zone.ID access token for a specific account',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            success: { type: 'boolean' },
+            message: { type: 'string' },
+            accountId: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+
+    const account = await prisma.account.findUnique({ where: { id } });
+    if (!account) {
+      return reply.code(404).send({ error: 'Account not found' });
+    }
+
+    if (!account.refreshToken) {
+      return reply.code(400).send({ error: 'Account has no refresh token' });
+    }
+
+    const result = await refreshAccountToken(account);
+
+    if (result.success) {
+      return {
+        success: true,
+        message: 'Token refreshed successfully',
+        accountId: account.id
+      };
+    } else {
+      return reply.code(400).send({
+        success: false,
+        error: 'Failed to refresh token',
+        reason: result.reason
+      });
+    }
+  });
+
+  fastify.post('/refresh-all-tokens', {
+    schema: {
+      summary: 'Refresh all account tokens',
+      description: 'Manually trigger token refresh for all active accounts',
+      tags: ['Accounts'],
+      security: [{ apiKey: [] }],
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            total: { type: 'integer' },
+            success: { type: 'integer' },
+            failed: { type: 'integer' },
+            skipped: { type: 'integer' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const results = await refreshAllAccountTokens();
+    return {
+      total: results.total,
+      success: results.success,
+      failed: results.failed,
+      skipped: results.skipped,
+      details: results.details
+    };
+  });
+}
+
+module.exports = accountRoutes;

src/routes/dns.js

@@ -0,0 +1,421 @@
+const { PrismaClient } = require('@prisma/client');
+const { ZoneIdAPI } = require('../../lib/zoneid-api');
+
+const prisma = new PrismaClient();
+
+async function dnsRoutes(fastify, options) {
+  fastify.get('/:domainId/records', {
+    schema: {
+      summary: 'List DNS records for a domain',
+      tags: ['DNS Records'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        required: ['domainId'],
+        properties: {
+          domainId: { type: 'string', description: 'Domain ID' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            records: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  type: { type: 'string' },
+                  hostname: { type: 'string' },
+                  content: { type: 'string' },
+                  note: { type: 'string' },
+                  createdAt: { type: 'string' }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { domainId } = request.params;
+
+    const domain = await prisma.domain.findUnique({
+      where: { id: domainId },
+      include: { 
+        account: true,
+        dnsRecords: true 
+      }
+    });
+
+    if (!domain) {
+      return reply.code(404).send({ error: 'Domain not found' });
+    }
+
+    return {
+      records: domain.dnsRecords.map(r => ({
+        id: r.id,
+        zoneIdRecordId: r.zoneIdRecordId,
+        type: r.type,
+        hostname: r.hostname,
+        content: r.content,
+        note: r.note,
+        createdAt: r.createdAt
+      }))
+    };
+  });
+
+  fastify.post('/:domainId/records', {
+    schema: {
+      summary: 'Create a DNS record',
+      description: 'Create an A or CNAME record for the domain',
+      tags: ['DNS Records'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        required: ['domainId'],
+        properties: {
+          domainId: { type: 'string', description: 'Domain ID' }
+        }
+      },
+      body: {
+        type: 'object',
+        required: ['type', 'hostname', 'content'],
+        properties: {
+          type: { type: 'string', enum: ['A', 'CNAME'], description: 'DNS record type' },
+          hostname: { type: 'string', description: 'Hostname (e.g., @ for root, www for subdomain)' },
+          content: { type: 'string', description: 'IP address for A records, target domain for CNAME' },
+          note: { type: 'string', description: 'Optional note for the record' }
+        }
+      },
+      response: {
+        201: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            zoneIdRecordId: { type: 'string' },
+            type: { type: 'string' },
+            hostname: { type: 'string' },
+            content: { type: 'string' },
+            note: { type: 'string' },
+            domainId: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { domainId } = request.params;
+    const { type, hostname, content, note } = request.body;
+
+    const domain = await prisma.domain.findUnique({
+      where: { id: domainId },
+      include: { account: true }
+    });
+
+    if (!domain) {
+      return reply.code(404).send({ error: 'Domain not found' });
+    }
+
+    if (!domain.account.refreshToken) {
+      return reply.code(400).send({ error: 'Account has no refresh token' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(domain.account.refreshToken);
+
+    try {
+      await api.refreshAccessToken();
+    } catch (err) {
+      return reply.code(401).send({ error: 'Failed to authenticate with Zone.ID', details: err.message });
+    }
+
+    let zoneIdRecord;
+    try {
+      zoneIdRecord = await api.createDnsRecord(domain.zoneIdDomainId, {
+        type,
+        hostname,
+        content,
+        note
+      });
+    } catch (err) {
+      return reply.code(400).send({ error: 'Failed to create DNS record', details: err.response?.data || err.message });
+    }
+
+    const zoneIdRecordId = zoneIdRecord?.id || zoneIdRecord?.data?.id;
+    if (!zoneIdRecordId) {
+      return reply.code(500).send({ error: 'DNS record created but ID not returned' });
+    }
+
+    const record = await prisma.dnsRecord.create({
+      data: {
+        zoneIdRecordId,
+        type,
+        hostname,
+        content,
+        note,
+        domainId
+      }
+    });
+
+    reply.code(201);
+    return {
+      id: record.id,
+      zoneIdRecordId,
+      type: record.type,
+      hostname: record.hostname,
+      content: record.content,
+      note: record.note,
+      domainId: record.domainId
+    };
+  });
+
+  fastify.put('/:domainId/records/:recordId', {
+    schema: {
+      summary: 'Update a DNS record',
+      tags: ['DNS Records'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        required: ['domainId', 'recordId'],
+        properties: {
+          domainId: { type: 'string', description: 'Domain ID' },
+          recordId: { type: 'string', description: 'DNS Record ID' }
+        }
+      },
+      body: {
+        type: 'object',
+        properties: {
+          type: { type: 'string', enum: ['A', 'CNAME'], description: 'DNS record type' },
+          hostname: { type: 'string', description: 'Hostname' },
+          content: { type: 'string', description: 'Record content' },
+          note: { type: 'string', description: 'Optional note' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            type: { type: 'string' },
+            hostname: { type: 'string' },
+            content: { type: 'string' },
+            note: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { domainId, recordId } = request.params;
+    const { type, hostname, content, note } = request.body;
+
+    const record = await prisma.dnsRecord.findFirst({
+      where: { id: recordId, domainId },
+      include: { 
+        domain: { 
+          include: { account: true } 
+        } 
+      }
+    });
+
+    if (!record) {
+      return reply.code(404).send({ error: 'DNS record not found' });
+    }
+
+    if (!record.domain.account.refreshToken) {
+      return reply.code(400).send({ error: 'Account has no refresh token' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(record.domain.account.refreshToken);
+
+    try {
+      await api.refreshAccessToken();
+    } catch (err) {
+      return reply.code(401).send({ error: 'Failed to authenticate with Zone.ID', details: err.message });
+    }
+
+    try {
+      await api.updateDnsRecord(record.domain.zoneIdDomainId, record.zoneIdRecordId, {
+        type,
+        hostname,
+        content,
+        note
+      });
+    } catch (err) {
+      return reply.code(400).send({ error: 'Failed to update DNS record', details: err.response?.data || err.message });
+    }
+
+    const updatedRecord = await prisma.dnsRecord.update({
+      where: { id: recordId },
+      data: {
+        ...(type && { type }),
+        ...(hostname && { hostname }),
+        ...(content && { content }),
+        ...(note !== undefined && { note })
+      }
+    });
+
+    return {
+      id: updatedRecord.id,
+      type: updatedRecord.type,
+      hostname: updatedRecord.hostname,
+      content: updatedRecord.content,
+      note: updatedRecord.note
+    };
+  });
+
+  fastify.delete('/:domainId/records/:recordId', {
+    schema: {
+      summary: 'Delete a DNS record',
+      tags: ['DNS Records'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        required: ['domainId', 'recordId'],
+        properties: {
+          domainId: { type: 'string', description: 'Domain ID' },
+          recordId: { type: 'string', description: 'DNS Record ID' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            message: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { domainId, recordId } = request.params;
+
+    const record = await prisma.dnsRecord.findFirst({
+      where: { id: recordId, domainId },
+      include: { 
+        domain: { 
+          include: { account: true } 
+        } 
+      }
+    });
+
+    if (!record) {
+      return reply.code(404).send({ error: 'DNS record not found' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(record.domain.account.refreshToken);
+
+    try {
+      await api.refreshAccessToken();
+      await api.deleteDnsRecord(record.domain.zoneIdDomainId, record.zoneIdRecordId);
+    } catch (err) {
+      fastify.log.error('Failed to delete from Zone.ID:', err.message);
+    }
+
+    await prisma.dnsRecord.delete({ where: { id: recordId } });
+
+    return { message: 'DNS record deleted' };
+  });
+
+  fastify.post('/:domainId/sync', {
+    schema: {
+      summary: 'Sync DNS records from Zone.ID',
+      description: 'Fetches DNS records from Zone.ID and syncs them to the local database',
+      tags: ['DNS Records'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        required: ['domainId'],
+        properties: {
+          domainId: { type: 'string', description: 'Domain ID' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            synced: { type: 'integer' },
+            records: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  type: { type: 'string' },
+                  hostname: { type: 'string' },
+                  content: { type: 'string' }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { domainId } = request.params;
+
+    const domain = await prisma.domain.findUnique({
+      where: { id: domainId },
+      include: { account: true }
+    });
+
+    if (!domain) {
+      return reply.code(404).send({ error: 'Domain not found' });
+    }
+
+    if (!domain.account.refreshToken) {
+      return reply.code(400).send({ error: 'Account has no refresh token' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(domain.account.refreshToken);
+
+    try {
+      await api.refreshAccessToken();
+    } catch (err) {
+      return reply.code(401).send({ error: 'Failed to authenticate with Zone.ID', details: err.message });
+    }
+
+    let zoneIdRecords;
+    try {
+      const response = await api.getDnsRecords(domain.zoneIdDomainId);
+      zoneIdRecords = response?.data || response || [];
+    } catch (err) {
+      return reply.code(400).send({ error: 'Failed to fetch DNS records from Zone.ID', details: err.response?.data || err.message });
+    }
+
+    const syncedRecords = [];
+    for (const zr of zoneIdRecords) {
+      const existing = await prisma.dnsRecord.findUnique({
+        where: { zoneIdRecordId: zr.id }
+      });
+
+      if (!existing) {
+        const record = await prisma.dnsRecord.create({
+          data: {
+            zoneIdRecordId: zr.id,
+            type: zr.type,
+            hostname: zr.hostname,
+            content: zr.content,
+            note: zr.note,
+            domainId
+          }
+        });
+        syncedRecords.push(record);
+      }
+    }
+
+    return {
+      synced: syncedRecords.length,
+      records: syncedRecords.map(r => ({
+        id: r.id,
+        type: r.type,
+        hostname: r.hostname,
+        content: r.content
+      }))
+    };
+  });
+}
+
+module.exports = dnsRoutes;

src/routes/domains.js

@@ -0,0 +1,283 @@
+const { PrismaClient } = require('@prisma/client');
+const { ZoneIdAPI } = require('../../lib/zoneid-api');
+const { getOrCreateAvailableAccount } = require('../../lib/account-creator');
+
+const prisma = new PrismaClient();
+
+async function domainRoutes(fastify, options) {
+  fastify.get('/', {
+    schema: {
+      summary: 'List all domains',
+      tags: ['Domains'],
+      security: [{ apiKey: [] }],
+      querystring: {
+        type: 'object',
+        properties: {
+          suffix: { type: 'string', enum: ['zone.id', 'nett.to'] },
+          accountId: { type: 'string' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            domains: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  subdomain: { type: 'string' },
+                  suffix: { type: 'string' },
+                  fullDomain: { type: 'string' },
+                  status: { type: 'string' },
+                  accountId: { type: 'string' },
+                  createdAt: { type: 'string' }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { suffix, accountId } = request.query;
+
+    const domains = await prisma.domain.findMany({
+      where: {
+        ...(suffix && { suffix }),
+        ...(accountId && { accountId })
+      },
+      include: {
+        account: {
+          select: { email: true }
+        }
+      }
+    });
+
+    return {
+      domains: domains.map(d => ({
+        id: d.id,
+        subdomain: d.subdomain,
+        suffix: d.suffix,
+        fullDomain: `${d.subdomain}.${d.suffix}`,
+        status: d.status,
+        accountId: d.accountId,
+        accountEmail: d.account.email,
+        createdAt: d.createdAt
+      }))
+    };
+  });
+
+  fastify.post('/', {
+    schema: {
+      summary: 'Register a new domain',
+      description: 'Create a new subdomain on zone.id or nett.to',
+      tags: ['Domains'],
+      security: [{ apiKey: [] }],
+      body: {
+        type: 'object',
+        required: ['subdomain', 'suffix'],
+        properties: {
+          subdomain: { type: 'string', minLength: 3, description: 'Subdomain name (without suffix)' },
+          suffix: { type: 'string', enum: ['zone.id', 'nett.to'], description: 'Domain suffix' },
+          usageType: { type: 'string', description: 'Usage type (e.g., Blog, Portfolio)' },
+          usageDescription: { type: 'string', description: 'Brief description of usage' },
+          accountId: { type: 'string', description: 'Account ID to use (optional, uses available account if not specified)' }
+        }
+      },
+      response: {
+        201: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            subdomain: { type: 'string' },
+            suffix: { type: 'string' },
+            fullDomain: { type: 'string' },
+            zoneIdDomainId: { type: 'string' },
+            accountId: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { subdomain, suffix, usageType, usageDescription, accountId } = request.body;
+
+    const existing = await prisma.domain.findUnique({
+      where: { subdomain: `${subdomain}.${suffix}` }
+    });
+    if (existing) {
+      return reply.code(409).send({ error: 'Domain already registered' });
+    }
+
+    let account;
+    if (accountId) {
+      account = await prisma.account.findUnique({ where: { id: accountId } });
+      if (!account) {
+        return reply.code(404).send({ error: 'Account not found' });
+      }
+      if (account.domainCount >= 10) {
+        return reply.code(400).send({ error: 'Account has reached 10 domain limit' });
+      }
+    } else {
+      try {
+        account = await getOrCreateAvailableAccount();
+      } catch (err) {
+        fastify.log.error('Auto-account creation failed:', err);
+        return reply.code(500).send({ 
+          error: 'No available account and failed to create new account', 
+          details: err.message 
+        });
+      }
+    }
+
+    if (!account) {
+      return reply.code(500).send({ error: 'Failed to get or create account' });
+    }
+
+    if (!account.refreshToken) {
+      return reply.code(400).send({ error: 'Account has no refresh token' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(account.refreshToken);
+    
+    try {
+      await api.refreshAccessToken();
+    } catch (err) {
+      return reply.code(401).send({ error: 'Failed to authenticate with Zone.ID', details: err.message });
+    }
+
+    let zoneIdDomain;
+    try {
+      zoneIdDomain = await api.createSubdomain(subdomain, suffix, 'dns_record', usageType, usageDescription);
+    } catch (err) {
+      return reply.code(400).send({ error: 'Failed to create domain', details: err.response?.data || err.message });
+    }
+
+    let zoneIdDomainId = zoneIdDomain?.id;
+    if (!zoneIdDomainId) {
+      const list = await api.listSubdomains();
+      const created = list?.subdomains?.find(d => d.subdomain === `${subdomain}.${suffix}`);
+      if (created) zoneIdDomainId = created.id;
+    }
+
+    if (!zoneIdDomainId) {
+      return reply.code(500).send({ error: 'Domain created but ID not returned' });
+    }
+
+    const domain = await prisma.domain.create({
+      data: {
+        zoneIdDomainId,
+        subdomain: `${subdomain}.${suffix}`,
+        suffix,
+        mode: 'dns_record',
+        usageType,
+        usageDescription,
+        accountId: account.id
+      }
+    });
+
+    await prisma.account.update({
+      where: { id: account.id },
+      data: { domainCount: { increment: 1 } }
+    });
+
+    reply.code(201);
+    return {
+      id: domain.id,
+      subdomain: domain.subdomain,
+      suffix: domain.suffix,
+      fullDomain: `${subdomain}.${suffix}`,
+      zoneIdDomainId,
+      accountId: account.id
+    };
+  });
+
+  fastify.get('/:id', {
+    schema: {
+      summary: 'Get domain details',
+      tags: ['Domains'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+
+    const domain = await prisma.domain.findUnique({
+      where: { id },
+      include: {
+        account: { select: { email: true } },
+        dnsRecords: true
+      }
+    });
+
+    if (!domain) {
+      return reply.code(404).send({ error: 'Domain not found' });
+    }
+
+    return {
+      id: domain.id,
+      subdomain: domain.subdomain,
+      suffix: domain.suffix,
+      fullDomain: `${domain.subdomain}.${domain.suffix}`,
+      status: domain.status,
+      usageType: domain.usageType,
+      usageDescription: domain.usageDescription,
+      accountId: domain.accountId,
+      accountEmail: domain.account.email,
+      dnsRecords: domain.dnsRecords,
+      createdAt: domain.createdAt
+    };
+  });
+
+  fastify.delete('/:id', {
+    schema: {
+      summary: 'Delete domain',
+      tags: ['Domains'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { id } = request.params;
+
+    const domain = await prisma.domain.findUnique({
+      where: { id },
+      include: { account: true }
+    });
+
+    if (!domain) {
+      return reply.code(404).send({ error: 'Domain not found' });
+    }
+
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(domain.account.refreshToken);
+    
+    try {
+      await api.refreshAccessToken();
+      await api.deleteSubdomain(domain.zoneIdDomainId);
+    } catch (err) {
+      fastify.log.error('Failed to delete from Zone.ID:', err.message);
+    }
+
+    await prisma.domain.delete({ where: { id } });
+    await prisma.account.update({
+      where: { id: domain.accountId },
+      data: { domainCount: { decrement: 1 } }
+    });
+
+    return { message: 'Domain deleted' };
+  });
+}
+
+module.exports = domainRoutes;

src/server.js

@@ -0,0 +1,126 @@
+require('dotenv').config();
+const Fastify = require('fastify');
+const cors = require('@fastify/cors');
+const swagger = require('@fastify/swagger');
+const swaggerUi = require('@fastify/swagger-ui');
+
+const accountRoutes = require('./routes/accounts');
+const domainRoutes = require('./routes/domains');
+const dnsRoutes = require('./routes/dns');
+const { startTokenScheduler } = require('../lib/token-scheduler');
+
+const fastify = Fastify({
+  logger: true
+});
+
+async function build() {
+  await fastify.register(cors, {
+    origin: true
+  });
+
+  await fastify.register(swagger, {
+    openapi: {
+      info: {
+        title: 'Zone.ID Domain Registration API',
+        description: 'API for managing zone.id and nett.to domain registrations and DNS records',
+        version: '1.0.0'
+      },
+      servers: [
+        { url: 'http://localhost:5000', description: 'Development server' }
+      ],
+      components: {
+        securitySchemes: {
+          apiKey: {
+            type: 'apiKey',
+            name: 'X-API-Key',
+            in: 'header'
+          }
+        }
+      }
+    }
+  });
+
+  await fastify.register(swaggerUi, {
+    routePrefix: '/docs',
+    uiConfig: {
+      docExpansion: 'list',
+      deepLinking: false
+    }
+  });
+
+  fastify.addHook('onRequest', async (request, reply) => {
+    const publicRoutes = ['/docs', '/docs/', '/docs/json', '/docs/yaml', '/health', '/'];
+    const isPublic = publicRoutes.some(route => request.url.startsWith(route));
+    
+    if (isPublic) return;
+
+    const apiKey = request.headers['x-api-key'];
+    if (!apiKey) {
+      reply.code(401).send({ error: 'API key required' });
+      return;
+    }
+
+    const { PrismaClient } = require('@prisma/client');
+    const prisma = new PrismaClient();
+    
+    try {
+      const key = await prisma.apiKey.findUnique({ where: { key: apiKey } });
+      if (!key || !key.isActive) {
+        reply.code(401).send({ error: 'Invalid API key' });
+        return;
+      }
+      
+      await prisma.apiKey.update({
+        where: { id: key.id },
+        data: { lastUsedAt: new Date() }
+      });
+    } finally {
+      await prisma.$disconnect();
+    }
+  });
+
+  fastify.get('/', {
+    schema: {
+      hide: true
+    }
+  }, async () => {
+    return {
+      name: 'Zone.ID Domain Registration API',
+      version: '1.0.0',
+      docs: '/docs'
+    };
+  });
+
+  fastify.get('/health', {
+    schema: {
+      hide: true
+    }
+  }, async () => {
+    return { status: 'ok' };
+  });
+
+  await fastify.register(accountRoutes, { prefix: '/api/accounts' });
+  await fastify.register(domainRoutes, { prefix: '/api/domains' });
+  await fastify.register(dnsRoutes, { prefix: '/api/dns' });
+
+  return fastify;
+}
+
+async function start() {
+  try {
+    const port = parseInt(process.env.PORT) || 5000;
+    const host = process.env.HOST || '0.0.0.0';
+    const server = await build();
+    await server.listen({ port, host });
+    console.log(`Server running at http://${host}:${port}`);
+    console.log(`API Documentation at http://${host}:${port}/docs`);
+    
+    startTokenScheduler();
+    console.log('Token auto-refresh scheduler started (checks every 6 hours)');
+  } catch (err) {
+    console.error(err);
+    process.exit(1);
+  }
+}
+
+start();