Deploy Zone.ID Domain API 2025-12-07

lib/account-creator.js

@@ -3,7 +3,7 @@ const bcrypt = require('bcrypt');
 const axios = require('axios');
 const cheerio = require('cheerio');
 const { generateEmail, waitForEmail, deleteAddress } = require('./temp-email');
-const { createAutzAccount } = require('./autz-account');
+const { createAutzAccountWithBrowser, enterOtpAndActivate } = require('./autz-account');
 
 const prisma = new PrismaClient();
 
@@ -52,11 +52,18 @@ async function extractOtpFromEmail(emailHtml) {
 }
 
 async function activateAccount(userTokenId, otp) {
-  const response = await axios.post(`${AUTZ_API}/activate`, {
-    user_token_id: userTokenId,
-    otp
-  });
-  return response.data;
+  try {
+    console.log(`[Activate] Calling API with userTokenId=${userTokenId}, otp=${otp}`);
+    const response = await axios.post(`${AUTZ_API}/activate`, {
+      user_token_id: userTokenId,
+      otp
+    });
+    console.log('[Activate] API response:', JSON.stringify(response.data));
+    return response.data;
+  } catch (err) {
+    console.error('[Activate] API error:', err.response?.data || err.message);
+    throw err;
+  }
 }
 
 async function loginToAutz(email, password) {
@@ -75,12 +82,24 @@ async function loginToAutz(email, password) {
 
 async function getZoneIdRefreshToken(email, password, retryCount = 0) {
   const puppeteer = require('puppeteer-core');
+  const path = require('path');
   const { solveTurnstile } = require('./autz-account');
   
   const CHROMIUM_PATH = process.env.CHROMIUM_PATH || process.env.PUPPETEER_EXECUTABLE_PATH || '/nix/store/khk7xpgsm5insk81azy9d560yq4npf77-chromium-131.0.6778.204/bin/chromium';
   const ONBOARDING_URL = 'https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F';
+  const SCREENSHOTS_DIR = path.join(__dirname, '..', 'screenshots');
   const MAX_RETRIES = 2;
   
+  async function saveScreenshot(page, name) {
+    try {
+      const filePath = path.join(SCREENSHOTS_DIR, `oauth_${name}_${Date.now()}.png`);
+      await page.screenshot({ path: filePath, fullPage: true });
+      console.log(`[OAuth Screenshot] Saved: ${filePath}`);
+    } catch (err) {
+      console.error(`[OAuth Screenshot] Failed: ${err.message}`);
+    }
+  }
+  
   console.log(`[OAuth] Starting Zone.ID OAuth flow for ${email} (attempt ${retryCount + 1}/${MAX_RETRIES + 1})`);
   
   let turnstileToken;
@@ -146,6 +165,7 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
     
     console.log('[OAuth] Navigating to onboarding URL...');
     await page.goto(ONBOARDING_URL, { waitUntil: 'networkidle2', timeout: 60000 });
+    await saveScreenshot(page, '01_initial_page');
     
     try {
       await page.waitForSelector('#login-modal', { visible: true, timeout: 30000 });
@@ -154,6 +174,7 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
       console.log('[OAuth] Login modal not found, checking page state...');
       const currentUrl = page.url();
       console.log('[OAuth] Current URL:', currentUrl);
+      await saveScreenshot(page, '01_no_modal');
     }
     
     console.log('[OAuth] Entering email...');
@@ -172,6 +193,7 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
     await new Promise(r => setTimeout(r, 1000));
     await page.click('button.btn-primary');
     console.log('[OAuth] Submitted email, waiting for password field...');
+    await saveScreenshot(page, '02_after_email_submit');
     
     let passwordFieldFound = false;
     for (let i = 0; i < 10; i++) {
@@ -190,6 +212,7 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
     }
     
     if (!passwordFieldFound) {
+      await saveScreenshot(page, '03_no_password_field');
       const pageText = await page.evaluate(() => document.body.innerText);
       console.log('[OAuth] Page content after email submit:', pageText.substring(0, 500));
       throw new Error('Password field did not appear - account may not be properly activated');
@@ -211,6 +234,7 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
       
       console.log('[OAuth] Login submitted, waiting for redirect...');
       await new Promise(r => setTimeout(r, 5000));
+      await saveScreenshot(page, '04_after_login');
     }
     
     if (!refreshToken) {
@@ -228,20 +252,29 @@ async function getZoneIdRefreshToken(email, password, retryCount = 0) {
     if (!refreshToken) {
       const pageText = await page.evaluate(() => document.body.innerText);
       if (pageText.includes('Choose account') || pageText.includes('Select account')) {
-        console.log('[OAuth] Account selection page detected, selecting account...');
+        console.log('[OAuth] Account selection page detected, clicking first account...');
+        await saveScreenshot(page, '05_account_selection');
         
-        await page.evaluate((emailStr) => {
-          const emailPrefix = emailStr.split('@')[0];
-          const elements = document.querySelectorAll('div, button, a, li, span');
-          for (const el of elements) {
-            if (el.textContent && el.textContent.includes(emailPrefix)) {
-              el.click();
-              break;
+        await Promise.all([
+          page.waitForNavigation({ waitUntil: 'networkidle2', timeout: 30000 }).catch(() => {}),
+          page.evaluate(() => {
+            const rows = document.querySelectorAll('[class*="account"], [class*="list-group-item"], div[role="button"], a[href*="authorize"]');
+            if (rows.length > 0) {
+              rows[0].click();
+            } else {
+              const allDivs = document.querySelectorAll('div');
+              for (const div of allDivs) {
+                if (div.textContent && div.textContent.includes('@') && div.querySelector) {
+                  div.click();
+                  break;
+                }
+              }
             }
-          }
-        }, email);
+          })
+        ]);
         
         await new Promise(r => setTimeout(r, 5000));
+        await saveScreenshot(page, '06_after_account_select');
         
         const cookies = await page.cookies('https://my.zone.id');
         for (const cookie of cookies) {
@@ -305,86 +338,131 @@ async function createAndActivateAccount() {
   const name = generateName();
   const phone = generatePhone();
   
-  console.log('Creating Autz.org account...');
-  const accountResult = await createAutzAccount(email, password, name, phone);
-  
-  if (!accountResult.success || !accountResult.userTokenId) {
-    await deleteAddress(email);
-    throw new Error('Failed to create Autz.org account');
-  }
-  
-  console.log('Waiting for verification email (5 min timeout)...');
-  const verificationEmail = await waitForEmail(email, 300000, 5000);
+  let browser = null;
   
-  const otp = await extractOtpFromEmail(verificationEmail.html || verificationEmail.text);
-  if (!otp) {
-    await deleteAddress(email);
-    throw new Error('Could not extract OTP from email');
-  }
-  
-  console.log(`Activating account with OTP: ${otp}`);
-  await activateAccount(accountResult.userTokenId, otp);
-  
-  console.log('Getting Zone.ID refresh token via OAuth flow...');
-  let refreshToken = null;
   try {
+    console.log('Creating Autz.org account...');
+    const accountResult = await createAutzAccountWithBrowser(email, password, name, phone);
+    
+    if (!accountResult.success) {
+      throw new Error('Failed to create Autz.org account');
+    }
+    
+    browser = accountResult.browser;
+    const activePage = accountResult.activePage;
+    
+    console.log('Waiting for verification email (5 min timeout)...');
+    const verificationEmail = await waitForEmail(email, 300000, 5000);
+    
+    const otp = await extractOtpFromEmail(verificationEmail.body || verificationEmail.html || verificationEmail.text);
+    if (!otp) {
+      throw new Error('Could not extract OTP from email');
+    }
+    
+    console.log(`Activating account with OTP: ${otp} via page form...`);
+    await enterOtpAndActivate(activePage, otp);
+    console.log('Account activated successfully via page form!');
+    
+    await browser.close();
+    browser = null;
+    
+    console.log('Getting Zone.ID refresh token via OAuth flow...');
+    let refreshToken = null;
     refreshToken = await getZoneIdRefreshToken(email, password);
-    if (refreshToken) {
-      console.log('Successfully obtained Zone.ID refresh token');
-    } else {
-      await deleteAddress(email);
+    
+    if (!refreshToken) {
       throw new Error('Could not obtain Zone.ID refresh token - account created but not usable');
     }
+    
+    console.log('Successfully obtained Zone.ID refresh token');
+    
+    const passwordHash = await bcrypt.hash(password, 10);
+    
+    const account = await prisma.account.create({
+      data: {
+        email,
+        passwordHash,
+        name,
+        phone,
+        refreshToken,
+        status: 'active',
+        domainCount: 0
+      }
+    });
+    
+    await deleteAddress(email);
+    
+    console.log(`Account created successfully: ${account.id}`);
+    
+    return account;
+    
   } catch (err) {
-    console.error('Error getting Zone.ID refresh token:', err.message);
+    console.error('[CreateAccount] Error:', err.message);
+    if (browser) {
+      try { await browser.close(); } catch (e) {}
+    }
     await deleteAddress(email);
     throw err;
   }
-  
-  const passwordHash = await bcrypt.hash(password, 10);
-  
-  const account = await prisma.account.create({
-    data: {
-      email,
-      passwordHash,
-      name,
-      phone,
-      refreshToken,
-      status: 'active',
-      domainCount: 0
-    }
-  });
-  
-  await deleteAddress(email);
-  
-  console.log(`Account created successfully: ${account.id}`);
-  
-  return account;
 }
 
 async function getOrCreateAvailableAccount() {
   const thirtyMinutesAgo = new Date(Date.now() - 30 * 60 * 1000);
   
-  let account = await prisma.account.findFirst({
+  // Strategy: Always create a fresh account first for immediate domain registration
+  // Only fall back to existing accounts if:
+  // 1. Account creation fails, OR
+  // 2. We want to reuse accounts whose rate limit has expired
+  
+  // First, check if there's an OLD account whose rate limit has expired (30+ mins ago)
+  // These are accounts that have been used before and are now available again
+  const expiredRateLimitAccount = await prisma.account.findFirst({
     where: {
       status: 'active',
       domainCount: { lt: 10 },
       refreshToken: { not: null },
-      OR: [
-        { lastDomainRegistration: null },
-        { lastDomainRegistration: { lt: thirtyMinutesAgo } }
-      ]
+      lastDomainRegistration: { 
+        not: null,
+        lt: thirtyMinutesAgo 
+      }
     },
-    orderBy: { domainCount: 'asc' }
+    orderBy: { lastDomainRegistration: 'asc' } // Use oldest first (longest since last use)
   });
   
-  if (account) {
-    console.log(`Using existing account ${account.email} (last registration: ${account.lastDomainRegistration || 'never'})`);
-    return account;
+  if (expiredRateLimitAccount) {
+    console.log(`[Round-Robin] Reusing account ${expiredRateLimitAccount.email} - rate limit expired (last used: ${expiredRateLimitAccount.lastDomainRegistration})`);
+    return expiredRateLimitAccount;
   }
   
-  console.log('No available account (all are rate-limited or full). Creating new account...');
-  return await createAndActivateAccount();
+  // No expired rate-limit accounts available, create a fresh new account
+  console.log('[Round-Robin] No accounts with expired rate limit. Creating fresh account for immediate registration...');
+  
+  try {
+    const newAccount = await createAndActivateAccount();
+    console.log(`[Round-Robin] Fresh account created: ${newAccount.email}`);
+    return newAccount;
+  } catch (err) {
+    console.error('[Round-Robin] Failed to create new account:', err.message);
+    
+    // Fallback: Check for any never-used account (lastDomainRegistration is null)
+    const unusedAccount = await prisma.account.findFirst({
+      where: {
+        status: 'active',
+        domainCount: { lt: 10 },
+        refreshToken: { not: null },
+        lastDomainRegistration: null
+      },
+      orderBy: { createdAt: 'asc' }
+    });
+    
+    if (unusedAccount) {
+      console.log(`[Round-Robin] Fallback: Using unused account ${unusedAccount.email}`);
+      return unusedAccount;
+    }
+    
+    // No options left
+    throw new Error('Failed to create new account and no available accounts exist');
+  }
 }
 
 module.exports = {

lib/autz-account.js

@@ -1,10 +1,25 @@
 const puppeteer = require('puppeteer-core');
 const axios = require('axios');
+const path = require('path');
 
 const CHROMIUM_PATH = process.env.CHROMIUM_PATH || process.env.PUPPETEER_EXECUTABLE_PATH || '/nix/store/khk7xpgsm5insk81azy9d560yq4npf77-chromium-131.0.6778.204/bin/chromium';
 const CF_SOLVER_URL = 'https://samleuma-cf-solver.hf.space/solver';
 const TURNSTILE_SITEKEY = '0x4AAAAAAAfqMU3EtZs0r_nN';
 const ONBOARDING_URL = 'https://autz.org/onboarding/qinw2ix?callback_url=https%3A%2F%2Fmy.zone.id%2F';
+const SCREENSHOTS_DIR = path.join(__dirname, '..', 'screenshots');
+
+async function saveScreenshot(page, name) {
+  try {
+    const timestamp = Date.now();
+    const filePath = path.join(SCREENSHOTS_DIR, `${name}_${timestamp}.png`);
+    await page.screenshot({ path: filePath, fullPage: true });
+    console.log(`[Screenshot] Saved: ${filePath}`);
+    return filePath;
+  } catch (err) {
+    console.error(`[Screenshot] Failed to save ${name}:`, err.message);
+    return null;
+  }
+}
 
 async function solveTurnstile() {
   const response = await axios.post(CF_SOLVER_URL, {
@@ -19,7 +34,7 @@ async function solveTurnstile() {
   throw new Error('Failed to solve Turnstile: ' + JSON.stringify(response.data));
 }
 
-async function createAutzAccount(email, password, name, phone) {
+async function createAutzAccountWithBrowser(email, password, name, phone) {
   const turnstileToken = await solveTurnstile();
   
   const browser = await puppeteer.launch({
@@ -28,7 +43,6 @@ async function createAutzAccount(email, password, name, phone) {
     args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage', '--disable-gpu']
   });
 
-  let loginToken = null;
   let userTokenId = null;
 
   try {
@@ -37,16 +51,11 @@ async function createAutzAccount(email, password, name, phone) {
     
     page.on('response', async (response) => {
       const url = response.url();
-      if (url.includes('/api/login') && response.status() === 201) {
-        try {
-          const data = await response.json();
-          loginToken = data.token;
-        } catch (e) {}
-      }
       if (url.includes('/api/register') && response.status() === 200) {
         try {
           const data = await response.json();
           userTokenId = data.user_token_id;
+          console.log('[Autz] Captured userTokenId:', userTokenId);
         } catch (e) {}
       }
     });
@@ -64,6 +73,7 @@ async function createAutzAccount(email, password, name, phone) {
     
     await page.goto(ONBOARDING_URL, { waitUntil: 'networkidle2', timeout: 60000 });
     await page.waitForSelector('#login-modal', { visible: true, timeout: 30000 });
+    await saveScreenshot(page, '01_login_modal');
     
     await page.type('input[type="email"]', email, { delay: 20 });
 
@@ -83,9 +93,11 @@ async function createAutzAccount(email, password, name, phone) {
       await inputs[1].type(password, { delay: 15 });
       await inputs[2].type(name, { delay: 15 });
       await inputs[3].type(phone, { delay: 15 });
+      await saveScreenshot(page, '02_registration_form_filled');
       
       await page.click('button.btn-primary');
       await new Promise(r => setTimeout(r, 5000));
+      await saveScreenshot(page, '03_after_registration_submit');
     }
 
     console.log('[Autz] Registration completed, clicking Activate Now...');
@@ -109,6 +121,7 @@ async function createAutzAccount(email, password, name, phone) {
     
     let pageText = await activePage.evaluate(() => document.body.innerText);
     console.log('[Autz] Current page:', pageText.substring(0, 120).replace(/\n/g, ' '));
+    await saveScreenshot(activePage, '04_after_activate_click');
     
     if (pageText.toLowerCase().includes('send otp')) {
       console.log('[Autz] Found Send OTP page - clicking Send OTP button...');
@@ -122,22 +135,60 @@ async function createAutzAccount(email, password, name, phone) {
       });
       
       await new Promise(r => setTimeout(r, 3000));
+      await saveScreenshot(activePage, '05_after_send_otp_click');
       console.log('[Autz] Send OTP clicked - email should be sent now');
     } else {
       console.log('[Autz] Send OTP page not found, checking for other activation methods...');
     }
 
     return {
-      success: !!userTokenId,
+      success: true,
       email,
       userTokenId,
-      loginToken,
-      needsActivation: true
+      browser,
+      activePage
     };
 
-  } finally {
+  } catch (err) {
     await browser.close();
+    throw err;
+  }
+}
+
+async function enterOtpAndActivate(activePage, otp) {
+  console.log(`[Autz] Entering OTP: ${otp}`);
+  
+  const otpInput = await activePage.$('input');
+  if (!otpInput) {
+    throw new Error('OTP input field not found');
   }
+  
+  await otpInput.click({ clickCount: 3 });
+  await otpInput.type(otp, { delay: 50 });
+  await saveScreenshot(activePage, '06_otp_entered');
+  
+  await activePage.evaluate(() => {
+    document.querySelectorAll('button').forEach(btn => {
+      if (btn.textContent?.toLowerCase().includes('submit') || 
+          btn.textContent?.toLowerCase().includes('verify') ||
+          btn.textContent?.toLowerCase().includes('activate')) {
+        btn.click();
+      }
+    });
+  });
+  
+  console.log('[Autz] OTP submitted, waiting for activation...');
+  await new Promise(r => setTimeout(r, 5000));
+  await saveScreenshot(activePage, '07_after_otp_submit');
+  
+  const pageText = await activePage.evaluate(() => document.body.innerText);
+  console.log('[Autz] Page after OTP submit:', pageText.substring(0, 200).replace(/\n/g, ' '));
+  
+  if (pageText.toLowerCase().includes('error') || pageText.toLowerCase().includes('invalid')) {
+    throw new Error('OTP activation failed: ' + pageText.substring(0, 100));
+  }
+  
+  return true;
 }
 
-module.exports = { createAutzAccount, solveTurnstile };
+module.exports = { createAutzAccountWithBrowser, enterOtpAndActivate, solveTurnstile, saveScreenshot };

lib/job-worker.js

@@ -0,0 +1,164 @@
+const { PrismaClient } = require('@prisma/client');
+const { getOrCreateAvailableAccount } = require('./account-creator');
+const { ZoneIdAPI } = require('./zoneid-api');
+
+const prisma = new PrismaClient();
+
+const JOB_STATUS = {
+  PENDING: 'pending',
+  FINDING_ACCOUNT: 'finding_account',
+  CREATING_ACCOUNT: 'creating_account',
+  REGISTERING_DOMAIN: 'registering_domain',
+  COMPLETED: 'completed',
+  FAILED: 'failed'
+};
+
+async function updateJobStatus(jobId, status, message = null, extra = {}) {
+  await prisma.domainJob.update({
+    where: { id: jobId },
+    data: {
+      status,
+      statusMessage: message,
+      updatedAt: new Date(),
+      ...extra
+    }
+  });
+}
+
+async function processJob(job) {
+  console.log(`[Worker] Processing job ${job.id}: ${job.subdomain}.${job.suffix}`);
+  
+  try {
+    await updateJobStatus(job.id, JOB_STATUS.FINDING_ACCOUNT, 'Looking for available account...');
+    
+    let account;
+    try {
+      if (job.accountId) {
+        account = await prisma.account.findUnique({ where: { id: job.accountId } });
+        if (!account) {
+          await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Specified account not found', { error: 'Account not found' });
+          return;
+        }
+        console.log(`[Worker] Job ${job.id} using specified account: ${account.email}`);
+      } else {
+        account = await getOrCreateAvailableAccount();
+        console.log(`[Worker] Job ${job.id} auto-selected account: ${account.email}`);
+      }
+      await updateJobStatus(job.id, JOB_STATUS.FINDING_ACCOUNT, `Using account: ${account.email}`, { accountId: account.id });
+    } catch (err) {
+      console.error(`[Worker] Job ${job.id} failed to get account:`, err.message);
+      await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Failed to get or create account', { error: err.message });
+      return;
+    }
+    
+    if (!account.refreshToken) {
+      await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Account has no refresh token', { error: 'No refresh token' });
+      return;
+    }
+    
+    await updateJobStatus(job.id, JOB_STATUS.REGISTERING_DOMAIN, 'Registering domain on Zone.ID...');
+    
+    const api = new ZoneIdAPI();
+    api.setRefreshTokenCookie(account.refreshToken);
+    
+    try {
+      await api.refreshAccessToken();
+    } catch (err) {
+      console.error(`[Worker] Job ${job.id} failed to authenticate:`, err.message);
+      await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Failed to authenticate with Zone.ID', { error: err.message });
+      return;
+    }
+    
+    let zoneIdDomain;
+    try {
+      zoneIdDomain = await api.createSubdomain(job.subdomain, job.suffix, 'dns_record', job.usageType, job.usageDescription);
+    } catch (err) {
+      console.error(`[Worker] Job ${job.id} failed to create domain:`, err.message);
+      await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Failed to create domain', { error: err.response?.data?.message || err.message });
+      return;
+    }
+    
+    let zoneIdDomainId = zoneIdDomain?.id;
+    if (!zoneIdDomainId) {
+      const list = await api.listSubdomains();
+      const created = list?.subdomains?.find(d => d.subdomain === `${job.subdomain}.${job.suffix}`);
+      if (created) zoneIdDomainId = created.id;
+    }
+    
+    if (!zoneIdDomainId) {
+      await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Domain created but ID not returned', { error: 'Missing domain ID' });
+      return;
+    }
+    
+    const domain = await prisma.domain.create({
+      data: {
+        zoneIdDomainId,
+        subdomain: `${job.subdomain}.${job.suffix}`,
+        suffix: job.suffix,
+        mode: 'dns_record',
+        usageType: job.usageType,
+        usageDescription: job.usageDescription,
+        accountId: account.id
+      }
+    });
+    
+    await prisma.account.update({
+      where: { id: account.id },
+      data: {
+        domainCount: { increment: 1 },
+        lastDomainRegistration: new Date()
+      }
+    });
+    
+    await updateJobStatus(job.id, JOB_STATUS.COMPLETED, 'Domain registered successfully', {
+      domainId: domain.id,
+      completedAt: new Date()
+    });
+    
+    console.log(`[Worker] Job ${job.id} completed: ${domain.subdomain}`);
+    
+  } catch (err) {
+    console.error(`[Worker] Job ${job.id} unexpected error:`, err);
+    await updateJobStatus(job.id, JOB_STATUS.FAILED, 'Unexpected error', { error: err.message });
+  }
+}
+
+async function runWorker() {
+  console.log('[Worker] Checking for pending jobs...');
+  
+  const pendingJob = await prisma.domainJob.findFirst({
+    where: { status: JOB_STATUS.PENDING },
+    orderBy: { createdAt: 'asc' }
+  });
+  
+  if (pendingJob) {
+    await processJob(pendingJob);
+  }
+}
+
+let workerInterval = null;
+
+function startWorker(intervalMs = 5000) {
+  console.log(`[Worker] Starting job worker (polling every ${intervalMs/1000}s)`);
+  
+  runWorker();
+  
+  workerInterval = setInterval(runWorker, intervalMs);
+  
+  return workerInterval;
+}
+
+function stopWorker() {
+  if (workerInterval) {
+    clearInterval(workerInterval);
+    workerInterval = null;
+    console.log('[Worker] Job worker stopped');
+  }
+}
+
+module.exports = {
+  startWorker,
+  stopWorker,
+  processJob,
+  JOB_STATUS
+};

lib/zoneid-api.js

@@ -85,19 +85,24 @@ class ZoneIdAPI {
   async createSubdomain(subdomain, suffix = 'zone.id', mode = 'dns_record', usageType, usageDescription) {
     const fullSubdomain = `${subdomain}.${suffix}`;
     console.log('Creating subdomain:', fullSubdomain);
-    const response = await this.client.post('/subdomains', {
-      subdomain: fullSubdomain,
-      mode,
-      usage_type: usageType,
-      usage_description: usageDescription
-    });
+    
+    const payload = {
+      subdomain: subdomain,
+      suffix: suffix,
+      mode
+    };
+    if (usageType) payload.usage_type = usageType;
+    if (usageDescription) payload.usage_description = usageDescription;
+    
+    console.log('Payload:', JSON.stringify(payload));
+    const response = await this.client.post('/subdomains', payload);
     console.log('Create response:', JSON.stringify(response.data));
     
     if (!response.data || !response.data.id) {
       console.log('No ID in response, fetching subdomain list...');
       const list = await this.listSubdomains();
-      if (list && list.data) {
-        const created = list.data.find(d => d.subdomain === fullSubdomain);
+      if (list && list.subdomains) {
+        const created = list.subdomains.find(d => d.subdomain === fullSubdomain);
         if (created) {
           console.log('Found created subdomain:', created.id);
           return created;

prisma/schema.prisma

@@ -73,3 +73,22 @@ model ApiKey {
   createdAt       DateTime @default(now())
   lastUsedAt      DateTime?
 }
+
+model DomainJob {
+  id                String   @id @default(cuid())
+  subdomain         String
+  suffix            String
+  usageType         String?
+  usageDescription  String?
+  status            String   @default("pending")
+  statusMessage     String?
+  error             String?
+  domainId          String?
+  accountId         String?
+  createdAt         DateTime @default(now())
+  updatedAt         DateTime @updatedAt
+  completedAt       DateTime?
+  
+  @@index([status])
+  @@index([createdAt])
+}

src/routes/accounts.js

@@ -1,5 +1,4 @@
 const { PrismaClient } = require('@prisma/client');
-const bcrypt = require('bcrypt');
 const { refreshAccountToken, refreshAllAccountTokens } = require('../../lib/token-scheduler');
 
 const prisma = new PrismaClient();
@@ -46,62 +45,6 @@ async function accountRoutes(fastify, options) {
     return { accounts };
   });
 
-  fastify.post('/', {
-    schema: {
-      summary: 'Create a new account',
-      description: 'Register a new account with Autz.org credentials. Note: Browser automation required for initial setup.',
-      tags: ['Accounts'],
-      security: [{ apiKey: [] }],
-      body: {
-        type: 'object',
-        required: ['email', 'password'],
-        properties: {
-          email: { type: 'string', format: 'email' },
-          password: { type: 'string', minLength: 8 },
-          name: { type: 'string' },
-          phone: { type: 'string' },
-          refreshToken: { type: 'string', description: 'Refresh token cookie from browser authentication' }
-        }
-      },
-      response: {
-        201: {
-          type: 'object',
-          properties: {
-            id: { type: 'string' },
-            email: { type: 'string' },
-            message: { type: 'string' }
-          }
-        }
-      }
-    }
-  }, async (request, reply) => {
-    const { email, password, name, phone, refreshToken } = request.body;
-
-    const existing = await prisma.account.findUnique({ where: { email } });
-    if (existing) {
-      return reply.code(409).send({ error: 'Account already exists' });
-    }
-
-    const passwordHash = await bcrypt.hash(password, 10);
-
-    const account = await prisma.account.create({
-      data: {
-        email,
-        passwordHash,
-        name,
-        phone,
-        refreshToken
-      }
-    });
-
-    reply.code(201);
-    return {
-      id: account.id,
-      email: account.email,
-      message: 'Account created successfully'
-    };
-  });
-
   fastify.get('/:id', {
     schema: {
       summary: 'Get account details',
@@ -171,60 +114,6 @@ async function accountRoutes(fastify, options) {
     };
   });
 
-  fastify.patch('/:id', {
-    schema: {
-      summary: 'Update account',
-      tags: ['Accounts'],
-      security: [{ apiKey: [] }],
-      params: {
-        type: 'object',
-        properties: {
-          id: { type: 'string' }
-        }
-      },
-      body: {
-        type: 'object',
-        properties: {
-          refreshToken: { type: 'string' },
-          status: { type: 'string', enum: ['active', 'inactive'] }
-        }
-      }
-    }
-  }, async (request, reply) => {
-    const { id } = request.params;
-    const { refreshToken, status } = request.body;
-
-    const account = await prisma.account.update({
-      where: { id },
-      data: {
-        ...(refreshToken && { refreshToken }),
-        ...(status && { status })
-      }
-    });
-
-    return { id: account.id, message: 'Account updated' };
-  });
-
-  fastify.delete('/:id', {
-    schema: {
-      summary: 'Delete account',
-      tags: ['Accounts'],
-      security: [{ apiKey: [] }],
-      params: {
-        type: 'object',
-        properties: {
-          id: { type: 'string' }
-        }
-      }
-    }
-  }, async (request, reply) => {
-    const { id } = request.params;
-
-    await prisma.account.delete({ where: { id } });
-
-    return { message: 'Account deleted' };
-  });
-
   fastify.post('/:id/refresh-token', {
     schema: {
       summary: 'Refresh account token',

src/routes/domains.js

@@ -1,10 +1,67 @@
 const { PrismaClient } = require('@prisma/client');
 const { ZoneIdAPI } = require('../../lib/zoneid-api');
-const { getOrCreateAvailableAccount } = require('../../lib/account-creator');
+const { JOB_STATUS } = require('../../lib/job-worker');
 
 const prisma = new PrismaClient();
 
 async function domainRoutes(fastify, options) {
+  fastify.get('/jobs/:jobId', {
+    schema: {
+      summary: 'Get job status',
+      description: 'Check the status of a domain creation job',
+      tags: ['Domains'],
+      security: [{ apiKey: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          jobId: { type: 'string' }
+        }
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            id: { type: 'string' },
+            subdomain: { type: 'string' },
+            suffix: { type: 'string' },
+            fullDomain: { type: 'string' },
+            status: { type: 'string' },
+            statusMessage: { type: 'string' },
+            error: { type: 'string' },
+            domainId: { type: 'string' },
+            accountId: { type: 'string' },
+            createdAt: { type: 'string' },
+            completedAt: { type: 'string' }
+          }
+        }
+      }
+    }
+  }, async (request, reply) => {
+    const { jobId } = request.params;
+
+    const job = await prisma.domainJob.findUnique({
+      where: { id: jobId }
+    });
+
+    if (!job) {
+      return reply.code(404).send({ error: 'Job not found' });
+    }
+
+    return {
+      id: job.id,
+      subdomain: job.subdomain,
+      suffix: job.suffix,
+      fullDomain: `${job.subdomain}.${job.suffix}`,
+      status: job.status,
+      statusMessage: job.statusMessage,
+      error: job.error,
+      domainId: job.domainId,
+      accountId: job.accountId,
+      createdAt: job.createdAt,
+      completedAt: job.completedAt
+    };
+  });
+
   fastify.get('/', {
     schema: {
       summary: 'List all domains',
@@ -71,8 +128,8 @@ async function domainRoutes(fastify, options) {
 
   fastify.post('/', {
     schema: {
-      summary: 'Register a new domain',
-      description: 'Create a new subdomain on zone.id or nett.to',
+      summary: 'Register a new domain (async)',
+      description: 'Create a new subdomain on zone.id or nett.to. Returns a job ID immediately - poll GET /jobs/:jobId for status.',
       tags: ['Domains'],
       security: [{ apiKey: [] }],
       body: {
@@ -83,19 +140,20 @@ async function domainRoutes(fastify, options) {
           suffix: { type: 'string', enum: ['zone.id', 'nett.to'], description: 'Domain suffix' },
           usageType: { type: 'string', description: 'Usage type (e.g., Blog, Portfolio)' },
           usageDescription: { type: 'string', description: 'Brief description of usage' },
-          accountId: { type: 'string', description: 'Account ID to use (optional, uses available account if not specified)' }
+          accountId: { type: 'string', description: 'Account ID to use (optional, auto-selects if not specified)' }
         }
       },
       response: {
-        201: {
+        202: {
           type: 'object',
           properties: {
-            id: { type: 'string' },
+            jobId: { type: 'string' },
             subdomain: { type: 'string' },
             suffix: { type: 'string' },
             fullDomain: { type: 'string' },
-            zoneIdDomainId: { type: 'string' },
-            accountId: { type: 'string' }
+            status: { type: 'string' },
+            message: { type: 'string' },
+            statusUrl: { type: 'string' }
           }
         }
       }
@@ -110,90 +168,54 @@ async function domainRoutes(fastify, options) {
       return reply.code(409).send({ error: 'Domain already registered' });
     }
 
-    let account;
     if (accountId) {
-      account = await prisma.account.findUnique({ where: { id: accountId } });
+      const account = await prisma.account.findUnique({ where: { id: accountId } });
       if (!account) {
         return reply.code(404).send({ error: 'Account not found' });
       }
       if (account.domainCount >= 10) {
         return reply.code(400).send({ error: 'Account has reached 10 domain limit' });
       }
-    } else {
-      try {
-        account = await getOrCreateAvailableAccount();
-      } catch (err) {
-        fastify.log.error('Auto-account creation failed:', err);
-        return reply.code(500).send({ 
-          error: 'No available account and failed to create new account', 
-          details: err.message 
-        });
+      if (!account.refreshToken) {
+        return reply.code(400).send({ error: 'Account has no refresh token' });
       }
     }
 
-    if (!account) {
-      return reply.code(500).send({ error: 'Failed to get or create account' });
-    }
-
-    if (!account.refreshToken) {
-      return reply.code(400).send({ error: 'Account has no refresh token' });
-    }
-
-    const api = new ZoneIdAPI();
-    api.setRefreshTokenCookie(account.refreshToken);
-    
-    try {
-      await api.refreshAccessToken();
-    } catch (err) {
-      return reply.code(401).send({ error: 'Failed to authenticate with Zone.ID', details: err.message });
-    }
-
-    let zoneIdDomain;
-    try {
-      zoneIdDomain = await api.createSubdomain(subdomain, suffix, 'dns_record', usageType, usageDescription);
-    } catch (err) {
-      return reply.code(400).send({ error: 'Failed to create domain', details: err.response?.data || err.message });
-    }
-
-    let zoneIdDomainId = zoneIdDomain?.id;
-    if (!zoneIdDomainId) {
-      const list = await api.listSubdomains();
-      const created = list?.subdomains?.find(d => d.subdomain === `${subdomain}.${suffix}`);
-      if (created) zoneIdDomainId = created.id;
-    }
-
-    if (!zoneIdDomainId) {
-      return reply.code(500).send({ error: 'Domain created but ID not returned' });
+    const existingJob = await prisma.domainJob.findFirst({
+      where: {
+        subdomain,
+        suffix,
+        status: { in: ['pending', 'finding_account', 'creating_account', 'registering_domain'] }
+      }
+    });
+    if (existingJob) {
+      return reply.code(409).send({ 
+        error: 'Domain registration already in progress',
+        jobId: existingJob.id
+      });
     }
 
-    const domain = await prisma.domain.create({
+    const job = await prisma.domainJob.create({
       data: {
-        zoneIdDomainId,
-        subdomain: `${subdomain}.${suffix}`,
+        subdomain,
         suffix,
-        mode: 'dns_record',
         usageType,
         usageDescription,
-        accountId: account.id
+        accountId,
+        status: JOB_STATUS.PENDING,
+        statusMessage: 'Job queued for processing'
       }
     });
 
-    await prisma.account.update({
-      where: { id: account.id },
-      data: { 
-        domainCount: { increment: 1 },
-        lastDomainRegistration: new Date()
-      }
-    });
-
-    reply.code(201);
+    reply.code(202);
     return {
-      id: domain.id,
-      subdomain: domain.subdomain,
-      suffix: domain.suffix,
+      jobId: job.id,
+      subdomain,
+      suffix,
       fullDomain: `${subdomain}.${suffix}`,
-      zoneIdDomainId,
-      accountId: account.id
+      status: job.status,
+      message: 'Domain registration job created. Poll the status URL to track progress.',
+      statusUrl: `/api/domains/jobs/${job.id}`
     };
   });
 

src/server.js

@@ -8,6 +8,20 @@ const accountRoutes = require('./routes/accounts');
 const domainRoutes = require('./routes/domains');
 const dnsRoutes = require('./routes/dns');
 const { startTokenScheduler } = require('../lib/token-scheduler');
+const { startWorker } = require('../lib/job-worker');
+const { execSync } = require('child_process');
+
+async function setupDatabase() {
+  console.log('Setting up database...');
+  try {
+    execSync('npx prisma generate', { stdio: 'inherit' });
+    execSync('npx prisma db push --accept-data-loss', { stdio: 'inherit' });
+    console.log('Database setup complete');
+  } catch (err) {
+    console.error('Database setup failed:', err.message);
+    throw err;
+  }
+}
 
 const fastify = Fastify({
   logger: true
@@ -108,6 +122,8 @@ async function build() {
 
 async function start() {
   try {
+    await setupDatabase();
+    
     const port = parseInt(process.env.PORT) || 5000;
     const host = process.env.HOST || '0.0.0.0';
     const server = await build();
@@ -117,6 +133,9 @@ async function start() {
     
     startTokenScheduler();
     console.log('Token auto-refresh scheduler started (checks every 6 hours)');
+    
+    startWorker();
+    console.log('Domain job worker started (polling every 5 seconds)');
   } catch (err) {
     console.error(err);
     process.exit(1);