Update server.js

server.js

@@ -1,242 +1,708 @@
-const fs = require('fs-extra');
-const path = require('path');
-
-// Configure directories
-const USERS_DIR = path.join(__dirname, 'users');
-
-// Ensure directories exist with proper permissions
-try {
-  fs.ensureDirSync(USERS_DIR);
-  console.log('✅ Users directory ready');
-} catch (err) {
-  console.error('❌ Failed to setup users directory:', err);
-  process.exit(1);
-}
+/**
+ * server.js
+ *
+ * A multi-user “panel” for deploying and hosting WhatsApp bots (Baileys-based).
+ * - Stores all data in /app/storage (writable on HF Spaces).
+ * - Spawns bots in child processes so bot crashes don’t kill the panel.
+ * - Global error handlers prevent uncaught exceptions from exiting.
+ * - Serves a frontend in /public and accepts a “ping” to keep the Socket.IO connection alive.
+ */
 
-// Rest of your server code remains the same...
 const express = require('express');
-const { spawn, exec } = require('child_process');
-const fs = require('fs-extra');
+const { spawn } = require('child_process');
+const fs = require('fs');
+const fsPromises = require('fs').promises;
 const path = require('path');
 const app = express();
 const http = require('http').createServer(app);
 const io = require('socket.io')(http);
-const crypto = require('crypto');
 const fetch = require('node-fetch');
+const crypto = require('crypto');
 
-// Configuration
-const PORT = process.env.PORT || 7860;
-const USERS_DIR = path.join(__dirname, 'users');
-const SESSIONS_FILE = path.join(__dirname, 'sessions.json');
-const BANNED_FILE = path.join(__dirname, 'banned.json');
-const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || crypto.randomBytes(16).toString('hex');
-
-// Ensure directories exist
-fs.ensureDirSync(USERS_DIR);
-if (!fs.existsSync(SESSIONS_FILE)) fs.writeFileSync(SESSIONS_FILE, '{}');
-if (!fs.existsSync(BANNED_FILE)) fs.writeFileSync(BANNED_FILE, '[]');
+// ─── 1) PATHS & STORAGE SETUP ─────────────────────────────────────────────────
+const DATA_DIR = path.join(__dirname, 'storage');
+const USERS_DIR = path.join(DATA_DIR, 'users');
 
-// Store active processes
-const activeProcesses = {};
+// Ensure storage directories exist
+try {
+  fs.mkdirSync(DATA_DIR, { recursive: true });
+  fs.mkdirSync(USERS_DIR, { recursive: true });
+} catch (err) {
+  console.error('Error ensuring storage directories:', err);
+  process.exit(1);
+}
 
-// Middleware
-app.use(express.static('public'));
-app.use(express.json());
+// Paths to JSON files in storage
+const blueBuyerCodeFile = path.join(DATA_DIR, 'blueBuyerCode.json');
+const bannedFilePath   = path.join(DATA_DIR, 'banned.json');
+const usersFilePath    = path.join(DATA_DIR, 'users.json');
+
+// ─── 2) INITIALIZE blueBuyerCode.json ─────────────────────────────────────────
+let blueBuyerCode;
+if (fs.existsSync(blueBuyerCodeFile)) {
+  const data = fs.readFileSync(blueBuyerCodeFile, 'utf8');
+  blueBuyerCode = JSON.parse(data).code;
+} else {
+  blueBuyerCode = Math.floor(118738411 + Math.random() * 599938);
+  fs.writeFileSync(blueBuyerCodeFile, JSON.stringify({ code: blueBuyerCode }, null, 2));
+}
+console.log(`YOUR BUYER CODE: ${blueBuyerCode}`);
 
-// Load banned users
-const loadBannedUsers = () => JSON.parse(fs.readFileSync(BANNED_FILE));
-const isBanned = (ip) => loadBannedUsers().includes(ip);
+// ─── 3) INITIALIZE banned.json & users.json ──────────────────────────────────
+if (!fs.existsSync(bannedFilePath)) {
+  fs.writeFileSync(bannedFilePath, JSON.stringify([], null, 2));
+}
+if (!fs.existsSync(usersFilePath)) {
+  // Create a default admin “BLUEX”
+  const initialUsers = {
+    BLUEX: { id: 'creator001', password: 'Taloalob,1', isAdmin: true }
+  };
+  fs.writeFileSync(usersFilePath, JSON.stringify(initialUsers, null, 2));
+}
 
-// Socket.io connection handler
-io.on('connection', (socket) => {
-  const clientIp = socket.handshake.address;
-  console.log(`New connection from ${clientIp}`);
-
-  // Check if banned
-  if (isBanned(clientIp)) {
-    socket.emit('output', '❌ You are banned from this service');
-    socket.disconnect(true);
-    return;
+// ─── 4) JSON LOAD / SAVE HELPERS ───────────────────────────────────────────────
+const loadBannedUsers = () => {
+  try {
+    const data = fs.readFileSync(bannedFilePath, 'utf8');
+    return JSON.parse(data);
+  } catch (err) {
+    console.error('Error loading banned users:', err);
+    return [];
   }
+};
 
-  // Generate session ID
-  const sessionId = crypto.randomBytes(8).toString('hex');
-  const sessionDir = path.join(USERS_DIR, sessionId);
-  
-  // Ensure session directory exists
-  fs.ensureDirSync(sessionDir);
-
-  // Store session info
-  const sessions = JSON.parse(fs.readFileSync(SESSIONS_FILE));
-  sessions[sessionId] = {
-    ip: clientIp,
-    createdAt: new Date().toISOString(),
-    lastActivity: new Date().toISOString()
-  };
-  fs.writeFileSync(SESSIONS_FILE, JSON.stringify(sessions, null, 2));
+const saveBannedUsers = (bannedUsers) => {
+  try {
+    fs.writeFileSync(bannedFilePath, JSON.stringify(bannedUsers, null, 2));
+  } catch (err) {
+    console.error('Error saving banned users:', err);
+  }
+};
+
+const loadUsers = () => {
+  try {
+    const data = fs.readFileSync(usersFilePath, 'utf8');
+    return JSON.parse(data);
+  } catch (err) {
+    console.error('Error loading users:', err);
+    return {};
+  }
+};
 
-  // Handle repository cloning
-  socket.on('clone', (repoUrl) => {
-    if (!repoUrl.startsWith('https://github.com/')) {
-      return socket.emit('output', '❌ Invalid GitHub repository URL');
+const saveUsers = (users) => {
+  try {
+    fs.writeFileSync(usersFilePath, JSON.stringify(users, null, 2));
+  } catch (err) {
+    console.error('Error saving users:', err);
+  }
+};
+
+// ─── 5) COUNT HELPERS ───────────────────────────────────────────────────────────
+const getClientAccountCount = (clientId) => {
+  const users = loadUsers();
+  return Object.values(users).filter(u => u.clientId === clientId).length;
+};
+
+const getTotalUserCount = () => Object.keys(loadUsers()).length;
+const getBannedUserCount = () => loadBannedUsers().length;
+
+// ─── 6) CALCULATE STORAGE USAGE ────────────────────────────────────────────────
+const calculateDirectorySize = (directory) => {
+  let totalSize = 0;
+  const items = fs.readdirSync(directory, { withFileTypes: true });
+  for (const item of items) {
+    const p = path.join(directory, item.name);
+    const stats = fs.statSync(p);
+    if (stats.isFile()) {
+      totalSize += stats.size;
+    } else if (stats.isDirectory()) {
+      totalSize += calculateDirectorySize(p);
     }
+  }
+  return totalSize;
+};
+
+// ─── 7) FILE OPERATIONS FOR USERS ───────────────────────────────────────────────
+async function uploadFile(userId, filePath, content) {
+  const fullPath = path.join(USERS_DIR, userId, filePath);
+  try {
+    await fsPromises.mkdir(path.dirname(fullPath), { recursive: true });
+    await fsPromises.writeFile(fullPath, content, 'utf-8');
+  } catch (err) {
+    console.error('Error uploading file:', err);
+    throw new Error('Failed to upload file');
+  }
+}
 
-    socket.emit('output', `🔄 Cloning ${repoUrl}...`);
-    
-    // Clear directory first
-    fs.emptyDirSync(sessionDir);
+async function readFile(userId, filePath) {
+  const fullPath = path.join(USERS_DIR, userId, filePath);
+  try {
+    return await fsPromises.readFile(fullPath, 'utf-8');
+  } catch (err) {
+    console.error('Error reading file:', err);
+    throw new Error('Failed to read file');
+  }
+}
 
-    const gitClone = spawn('git', ['clone', repoUrl, '.'], { cwd: sessionDir });
+async function writeFile(userId, filePath, content) {
+  const fullPath = path.join(USERS_DIR, userId, filePath);
+  try {
+    await fsPromises.writeFile(fullPath, content, 'utf-8');
+  } catch (err) {
+    console.error('Error writing file:', err);
+    throw new Error('Failed to write file');
+  }
+}
+
+async function listFiles(userId, dirPath = '') {
+  const fullPath = path.join(USERS_DIR, userId, dirPath);
+  try {
+    const items = await fsPromises.readdir(fullPath, { withFileTypes: true });
+    return items.map(item => ({
+      name: item.name,
+      type: item.isDirectory() ? 'folder' : 'file',
+      path: path.join(dirPath, item.name)
+    }));
+  } catch (err) {
+    console.error('Error listing files:', err);
+    throw new Error('Failed to list files');
+  }
+}
+
+// ─── 8) SERVER SETUP ───────────────────────────────────────────────────────────
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+app.use(express.static(path.join(__dirname, 'public')));
 
-    gitClone.stdout.on('data', (data) => socket.emit('output', data.toString()));
-    gitClone.stderr.on('data', (data) => socket.emit('output', data.toString()));
+// Health check endpoint for HF Spaces
+app.get('/', (req, res) => {
+  res.send('Panel is running.');
+});
 
-    gitClone.on('close', (code) => {
-      if (code === 0) {
-        socket.emit('output', '✅ Repository cloned successfully!');
-        socket.emit('clone-complete');
+// In-memory user state tracking
+const userStates = {}; // { [userId]: { step: string, runningProcess: ChildProcess|null } }
+
+// ─── 9) LOGIN / AUTH ───────────────────────────────────────────────────────────
+io.on('connection', (socket) => {
+  console.log('A user connected');
+
+  // ─── Login ─────────────────────────────────────────────────────────────────
+  socket.on('login', async ({ username, password }) => {
+    try {
+      if (!username || !password) throw new Error('Missing fields');
+      if (typeof username !== 'string' || typeof password !== 'string') throw new Error('Invalid types');
+
+      const users = loadUsers();
+      const user = users[username];
+      if (user && user.password === password) {
+        socket.emit('loginResponse', {
+          success: true,
+          userId: user.id,
+          isAdmin: user.isAdmin
+        });
       } else {
-        socket.emit('output', '❌ Failed to clone repository');
+        socket.emit('loginResponse', {
+          success: false,
+          message: 'Invalid username or password.'
+        });
       }
-    });
+    } catch (err) {
+      console.error('Error during login:', err);
+      socket.emit('loginResponse', {
+        success: false,
+        message: 'An error occurred during login.'
+      });
+    }
   });
 
-  // Handle dependency installation
-  socket.on('install', (packageManager) => {
-    if (!['npm', 'yarn'].includes(packageManager)) {
-      return socket.emit('output', '❌ Invalid package manager');
+  // ─── Admin: Get Users ─────────────────────────────────────────────────────
+  socket.on('adminGetUsers', () => {
+    try {
+      const users = loadUsers();
+      const userList = Object.keys(users).map(username => ({
+        username,
+        id: users[username].id,
+        isAdmin: users[username].isAdmin,
+        password: users[username].password
+      }));
+      const totalUsers = getTotalUserCount();
+      socket.emit('adminUserList', { users: userList, totalUsers });
+    } catch (err) {
+      console.error('Error getting user list:', err);
+      socket.emit('adminUserList', { users: [], totalUsers: 0 });
     }
+  });
 
-    socket.emit('output', `📦 Installing dependencies with ${packageManager}...`);
-    
-    const installProcess = spawn(packageManager, ['install'], { cwd: sessionDir });
+  // ─── Admin: Ban User ───────────────────────────────────────────────────────
+  socket.on('adminBanUser', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const bannedUsers = loadBannedUsers();
+      if (!bannedUsers.includes(userId)) {
+        bannedUsers.push(userId);
+        saveBannedUsers(bannedUsers);
+        socket.emit('adminBanResponse', { success: true, message: 'User banned.' });
+        io.emit('userStats', getUserStats());
+      } else {
+        socket.emit('adminBanResponse', { success: false, message: 'User already banned.' });
+      }
+    } catch (err) {
+      console.error('Error banning user:', err);
+      socket.emit('adminBanResponse', { success: false, message: 'Error banning user.' });
+    }
+  });
 
-    installProcess.stdout.on('data', (data) => socket.emit('output', data.toString()));
-    installProcess.stderr.on('data', (data) => socket.emit('output', data.toString()));
+  // ─── Admin: Unban User ─────────────────────────────────────────────────────
+  socket.on('adminUnbanUser', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const bannedUsers = loadBannedUsers();
+      const idx = bannedUsers.indexOf(userId);
+      if (idx > -1) {
+        bannedUsers.splice(idx, 1);
+        saveBannedUsers(bannedUsers);
+        socket.emit('adminUnbanResponse', { success: true, message: 'User unbanned.' });
+        io.emit('userStats', getUserStats());
+      } else {
+        socket.emit('adminUnbanResponse', { success: false, message: 'User not banned.' });
+      }
+    } catch (err) {
+      console.error('Error unbanning user:', err);
+      socket.emit('adminUnbanResponse', { success: false, message: 'Error unbanning user.' });
+    }
+  });
+
+  // ─── Admin: Delete User ────────────────────────────────────────────────────
+  socket.on('adminDeleteUser', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const users = loadUsers();
+      const usernameToDelete = Object.keys(users).find(u => users[u].id === userId);
+      if (usernameToDelete) {
+        delete users[usernameToDelete];
+        saveUsers(users);
+
+        // Remove user's folder
+        const userDir = path.join(USERS_DIR, userId);
+        if (fs.existsSync(userDir)) {
+          fs.rmSync(userDir, { recursive: true, force: true });
+        }
+
+        // Also unban if present
+        const bannedUsers = loadBannedUsers();
+        const idx = bannedUsers.indexOf(userId);
+        if (idx > -1) {
+          bannedUsers.splice(idx, 1);
+          saveBannedUsers(bannedUsers);
+        }
+
+        socket.emit('adminDeleteUserResponse', { success: true, message: 'User deleted.' });
+        io.emit('userStats', getUserStats());
+      } else {
+        socket.emit('adminDeleteUserResponse', { success: false, message: 'User not found.' });
+      }
+    } catch (err) {
+      console.error('Error deleting user:', err);
+      socket.emit('adminDeleteUserResponse', { success: false, message: 'Error deleting user.' });
+    }
+  });
 
-    installProcess.on('close', (code) => {
-      if (code === 0) {
-        socket.emit('output', '✅ Dependencies installed successfully!');
+  // ─── Admin: Make Admin ──────────────────────────────────────────────────────
+  socket.on('adminMakeAdmin', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const users = loadUsers();
+      const usernameToUpdate = Object.keys(users).find(u => users[u].id === userId);
+      if (usernameToUpdate) {
+        users[usernameToUpdate].isAdmin = true;
+        saveUsers(users);
+        socket.emit('adminMakeAdminResponse', { success: true, message: 'User is now admin.' });
       } else {
-        socket.emit('output', '❌ Failed to install dependencies');
+        socket.emit('adminMakeAdminResponse', { success: false, message: 'User not found.' });
       }
-    });
+    } catch (err) {
+      console.error('Error making user admin:', err);
+      socket.emit('adminMakeAdminResponse', { success: false, message: 'Error making user admin.' });
+    }
   });
 
-  // Handle application start
-  socket.on('start', (command) => {
-    if (!command) return socket.emit('output', '❌ No command provided');
-    
-    // Kill any existing process for this session
-    if (activeProcesses[sessionId]) {
-      activeProcesses[sessionId].kill();
-      delete activeProcesses[sessionId];
+  // ─── Admin: Remove Admin ────────────────────────────────────────────────────
+  socket.on('adminRemoveAdmin', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const users = loadUsers();
+      const usernameToUpdate = Object.keys(users).find(u => users[u].id === userId);
+      if (usernameToUpdate) {
+        users[usernameToUpdate].isAdmin = false;
+        saveUsers(users);
+        socket.emit('adminRemoveAdminResponse', { success: true, message: 'Admin removed.' });
+      } else {
+        socket.emit('adminRemoveAdminResponse', { success: false, message: 'User not found.' });
+      }
+    } catch (err) {
+      console.error('Error removing admin:', err);
+      socket.emit('adminRemoveAdminResponse', { success: false, message: 'Error removing admin.' });
     }
+  });
 
-    socket.emit('output', `🚀 Starting: ${command}`);
-    
-    const [cmd, ...args] = command.split(' ');
-    const process = spawn(cmd, args, { cwd: sessionDir });
+  // ─── User “Start” (makes user folder and prompts for repo) ──────────────────
+  socket.on('start', (userId) => {
+    try {
+      if (typeof userId !== 'string') throw new Error('Invalid userId');
+      const bannedUsers = loadBannedUsers();
+      if (bannedUsers.includes(userId)) {
+        socket.emit('message', '❌ You are banned from using this service.');
+        return;
+      }
 
-    activeProcesses[sessionId] = process;
+      const userDir = path.join(USERS_DIR, userId);
+      if (!fs.existsSync(userDir)) {
+        fs.mkdirSync(userDir, { recursive: true });
+      }
 
-    process.stdout.on('data', (data) => socket.emit('output', data.toString()));
-    process.stderr.on('data', (data) => socket.emit('output', data.toString()));
+      // Show storage usage
+      const spaceUsed = calculateDirectorySize(userDir);
+      const spaceMB = (spaceUsed / (1024 * 1024)).toFixed(2);
+      socket.emit('message', JSON.stringify({ type: 'spaceUsage', usage: `${spaceMB} MB` }));
 
-    process.on('close', (code) => {
-      socket.emit('output', `🔴 Process exited with code ${code}`);
-      delete activeProcesses[sessionId];
-    });
+      userStates[userId] = { step: 'ask_repo', runningProcess: null };
+      socket.emit('message', '🔄 Please send the GitHub repo URL to clone (e.g. https://github.com/user/repo).');
+    } catch (err) {
+      console.error('Error starting session:', err);
+      socket.emit('message', '❌ Error starting your session.');
+    }
   });
 
-  // Handle PM2 commands
-  socket.on('pm2', (subcommand) => {
-    if (!['start', 'stop', 'restart', 'list', 'logs'].includes(subcommand)) {
-      return socket.emit('output', '❌ Invalid PM2 command');
-    }
+  // ─── User “Command” Handler (clone, install, run, clear, list) ─────────────
+  socket.on('command', async (data) => {
+    try {
+      if (!data || typeof data.userId !== 'string' || typeof data.message !== 'string') {
+        throw new Error('Invalid input types');
+      }
+      const { userId, message } = data;
+      const bannedUsers = loadBannedUsers();
+      if (bannedUsers.includes(userId)) {
+        socket.emit('message', '❌ You are banned from using this service.');
+        return;
+      }
+
+      if (!userStates[userId] || !userStates[userId].step) {
+        socket.emit('message', '❌ Please click “Start” before sending commands.');
+        return;
+      }
+
+      const userDir = path.join(USERS_DIR, userId);
+      if (!fs.existsSync(userDir)) {
+        fs.mkdirSync(userDir, { recursive: true });
+      }
+
+      const state = userStates[userId];
+
+      // “clear” → delete user's folder
+      if (message.toLowerCase() === 'clear') {
+        if (fs.existsSync(userDir)) {
+          socket.emit('message', '🗑 Clearing your directory...');
+          const rmProc = spawn('rm', ['-rf', userDir]);
+
+          rmProc.on('error', (err) => {
+            console.error('❌ Failed to spawn rm:', err);
+            socket.emit('message', '❌ Failed to clear directory: ' + err.message);
+          });
+
+          rmProc.on('close', (code) => {
+            if (code === 0) {
+              socket.emit('message', '✅ Directory cleared.');
+            } else {
+              socket.emit('message', '❌ Failed to clear directory.');
+            }
+          });
+        } else {
+          socket.emit('message', '❌ Directory not found.');
+        }
+        return;
+      }
+
+      // “list” → list files in user's folder
+      if (message.toLowerCase() === 'list') {
+        try {
+          const files = await listFiles(userId);
+          const names = files.map(f => f.name).join('\n');
+          socket.emit('message', `📂 Files:\n${names || '(empty)'}`);
+        } catch {
+          socket.emit('message', '❌ Could not list files.');
+        }
+        return;
+      }
+
+      // If we are in “ask_repo” state, treat message as GitHub URL
+      if (state.step === 'ask_repo') {
+        const repoUrl = message.trim();
+        if (!repoUrl.startsWith('https://github.com/')) {
+          socket.emit('message', '❌ Invalid GitHub URL. It must start with https://github.com/');
+          return;
+        }
+
+        socket.emit('message', `🔄 Cloning repo: ${repoUrl}`);
+        const gitClone = spawn('git', ['clone', repoUrl, '.'], { cwd: userDir });
+
+        gitClone.on('error', (err) => {
+          console.error('❌ Failed to spawn git clone:', err);
+          socket.emit('message', '❌ Failed to run git clone: ' + err.message);
+        });
+
+        gitClone.stdout.on('data', (data) => {
+          socket.emit('message', `✅ GIT: ${data.toString()}`);
+        });
+        gitClone.stderr.on('data', (data) => {
+          socket.emit('message', `⚠️ GIT ERROR: ${data.toString()}`);
+        });
+
+        gitClone.on('close', (code) => {
+          if (code === 0) {
+            socket.emit('message', '✅ Repo cloned successfully! Installing dependencies...');
+            const yarnInstall = spawn('yarn', ['install'], { cwd: userDir });
+
+            yarnInstall.on('error', (err) => {
+              console.error('❌ Failed to spawn yarn install:', err);
+              socket.emit('message', '❌ Failed to run yarn install: ' + err.message);
+            });
+
+            yarnInstall.stdout.on('data', (data) => {
+              socket.emit('message', `✅ YARN: ${data.toString()}`);
+            });
+            yarnInstall.stderr.on('data', (data) => {
+              socket.emit('message', `⚠️ YARN ERROR: ${data.toString()}`);
+            });
+            yarnInstall.on('close', (installCode) => {
+              if (installCode === 0) {
+                socket.emit('message', '✅ Dependencies installed.\n▶️ Send the filename to run (e.g. index.js).');
+                state.step = 'ask_file';
+              } else {
+                socket.emit('message', '❌ Error installing dependencies.');
+              }
+            });
+          } else {
+            socket.emit('message', '❌ Error cloning the repository.');
+          }
+        });
+
+        return;
+      }
 
-    socket.emit('output', `⚡ Executing: pm2 ${subcommand}`);
-    
-    const pm2Process = spawn('pm2', [subcommand], { cwd: sessionDir });
+      // If we are in “ask_file” state, message is the filename to run
+      if (state.step === 'ask_file') {
+        const filename = message.trim();
+        const filePath = path.join(userDir, filename);
+        if (!fs.existsSync(filePath)) {
+          socket.emit('message', '❌ File not found: ' + filename);
+          return;
+        }
+        socket.emit('message', `🚀 Running file: ${filename}`);
+
+        // Run the bot safely
+        runBot(userId, filename, socket);
+
+        // Next commands will go to “interacting” state
+        state.step = 'interacting';
+        return;
+      }
 
-    pm2Process.stdout.on('data', (data) => socket.emit('output', data.toString()));
-    pm2Process.stderr.on('data', (data) => socket.emit('output', data.toString()));
+      // If we are in “interacting” state, forward input to bot’s stdin
+      if (state.step === 'interacting') {
+        if (state.runningProcess) {
+          try {
+            state.runningProcess.stdin.write(message + '\n');
+          } catch (err) {
+            socket.emit('message', '❌ Failed to write to bot stdin: ' + err.message);
+          }
+        } else {
+          socket.emit('message', '❌ No active bot process. Please “Start” again.');
+        }
+        return;
+      }
 
-    pm2Process.on('close', (code) => {
-      socket.emit('output', `PM2 ${subcommand} completed with code ${code}`);
-    });
+      // Otherwise, unrecognized command
+      socket.emit('message', '❌ Unrecognized command. Use “list”, “clear”, or send the GitHub URL.');
+    } catch (err) {
+      console.error('Error processing command:', err);
+      socket.emit('message', '❌ Error processing command: ' + err.message);
+    }
   });
 
-  // Handle file operations
-  socket.on('read-file', (filePath, callback) => {
-    const fullPath = path.join(sessionDir, filePath);
-    
-    fs.readFile(fullPath, 'utf8', (err, data) => {
-      if (err) return callback({ error: err.message });
-      callback({ content: data });
-    });
+  // ─── Read File ─────────────────────────────────────────────────────────────────
+  socket.on('readFile', async ({ userId, filePath }) => {
+    try {
+      const content = await readFile(userId, filePath);
+      socket.emit('fileContent', { filePath, content });
+    } catch (err) {
+      socket.emit('error', { message: err.message });
+    }
   });
 
-  socket.on('write-file', ({ filePath, content }, callback) => {
-    const fullPath = path.join(sessionDir, filePath);
-    
-    fs.writeFile(fullPath, content, 'utf8', (err) => {
-      if (err) return callback({ error: err.message });
-      callback({ success: true });
-    });
+  // ─── Write File ────────────────────────────────────────────────────────────────
+  socket.on('writeFile', async ({ userId, filePath, content }) => {
+    try {
+      await writeFile(userId, filePath, content);
+      socket.emit('fileSaved', { filePath });
+    } catch (err) {
+      socket.emit('error', { message: err.message });
+    }
   });
 
-  // Handle directory listing
-  socket.on('list-files', (dirPath, callback) => {
-    const fullPath = path.join(sessionDir, dirPath || '');
-    
-    fs.readdir(fullPath, (err, files) => {
-      if (err) return callback({ error: err.message });
-      callback({ files });
-    });
+  // ─── List Files ────────────────────────────────────────────────────────────────
+  socket.on('listFiles', async ({ userId, dirPath }) => {
+    try {
+      const files = await listFiles(userId, dirPath);
+      socket.emit('fileList', files);
+    } catch (err) {
+      socket.emit('error', { message: err.message });
+    }
   });
 
-  // Handle admin commands
-  socket.on('admin', ({ password, command }) => {
-    if (password !== ADMIN_PASSWORD) {
-      return socket.emit('output', '❌ Invalid admin password');
+  // ─── Upload File ───────────────────────────────────────────────────────────────
+  socket.on('uploadFile', async ({ userId, filePath, content }) => {
+    try {
+      await uploadFile(userId, filePath, content);
+      socket.emit('fileUploaded', { filePath });
+    } catch (err) {
+      socket.emit('error', { message: err.message });
     }
+  });
 
-    if (command === 'ban') {
-      const banned = loadBannedUsers();
-      if (!banned.includes(clientIp)) {
-        banned.push(clientIp);
-        fs.writeFileSync(BANNED_FILE, JSON.stringify(banned));
-        socket.emit('output', `✅ Banned IP: ${clientIp}`);
+  // ─── Forgot Password: generate token ───────────────────────────────────────────
+  socket.on('forgotPassword', async (clientId) => {
+    try {
+      const users = loadUsers();
+      const userObj = Object.values(users).find(u => u.clientId === clientId);
+      if (userObj) {
+        const resetToken = crypto.randomBytes(20).toString('hex');
+        userObj.resetToken = resetToken;
+        userObj.resetTokenExpires = Date.now() + 3600000; // 1 hour
+        saveUsers(users);
+        socket.emit('resetTokenGenerated', { username: Object.keys(users).find(k => users[k].clientId === clientId), resetToken });
       } else {
-        socket.emit('output', '⚠️ IP already banned');
+        socket.emit('resetTokenError', 'No user found with that Device ID.');
       }
+    } catch (err) {
+      console.error('Error in forgotPassword:', err);
+      socket.emit('resetTokenError', 'Error during password reset.');
     }
-    // Add more admin commands as needed
   });
 
-  // Handle disconnection
-  socket.on('disconnect', () => {
-    console.log(`Client disconnected: ${clientIp}`);
-    // Clean up any active processes
-    if (activeProcesses[sessionId]) {
-      activeProcesses[sessionId].kill();
-      delete activeProcesses[sessionId];
+  // ─── Reset Password: validate token and update ─────────────────────────────────
+  socket.on('resetPassword', async ({ resetToken, newPassword }) => {
+    try {
+      const users = loadUsers();
+      const userObj = Object.values(users).find(u => u.resetToken === resetToken && u.resetTokenExpires > Date.now());
+      if (userObj) {
+        userObj.password = newPassword;
+        delete userObj.resetToken;
+        delete userObj.resetTokenExpires;
+        saveUsers(users);
+        socket.emit('passwordResetSuccess', 'Password has been reset.');
+      } else {
+        socket.emit('passwordResetError', 'Invalid or expired token.');
+      }
+    } catch (err) {
+      console.error('Error in resetPassword:', err);
+      socket.emit('passwordResetError', 'Error resetting password.');
     }
   });
+
+  // ─── Keep-Alive “ping” (frontend sends every 10s) ──────────────────────────────
+  socket.on('ping', () => {
+    // simply acknowledges so the container doesn’t go idle
+  });
+
+  // ─── Get Live Stats on Demand ─────────────────────────────────────────────────
+  socket.on('getServerRuntime', () => {
+    socket.emit('serverRuntime', getServerRuntime());
+  });
+
+  socket.on('getSystemStatus', () => {
+    socket.emit('systemStatus', getSystemStatus());
+  });
+
+  socket.on('getUserStats', () => {
+    socket.emit('userStats', getUserStats());
+  });
+
+  // ─── Disconnect ───────────────────────────────────────────────────────────────
+  socket.on('disconnect', () => {
+    console.log('A user disconnected');
+    io.emit('userStats', getUserStats());
+  });
 });
 
-// Start the server
+// ─── 10) BROADCAST LIVE STATS EVERY 5 SECONDS ─────────────────────────────────
+function getServerRuntime() {
+  const uptime = process.uptime();
+  return `${Math.floor(uptime / 3600)}h ${Math.floor((uptime % 3600) / 60)}m ${Math.floor(uptime % 60)}s`;
+}
+
+function getSystemStatus() {
+  // (For example purposes; expand as needed)
+  return {
+    freeMemory: (os.freemem() / (1024 * 1024)).toFixed(2) + ' MB',
+    totalMemory: (os.totalmem() / (1024 * 1024)).toFixed(2) + ' MB',
+    cpuUsage: process.cpuUsage().system + process.cpuUsage().user
+  };
+}
+
+function getUserStats() {
+  const total = getTotalUserCount();
+  const bannedCount = getBannedUserCount();
+  return { totalUsers: total, bannedUsers: bannedCount };
+}
+
+setInterval(() => {
+  try {
+    io.emit('serverRuntime', getServerRuntime());
+    io.emit('systemStatus', getSystemStatus());
+    io.emit('userStats', getUserStats());
+  } catch (err) {
+    console.error('Error emitting periodic stats:', err);
+  }
+}, 5000);
+
+// ─── 11) RUN BOT HELPER ────────────────────────────────────────────────────────
+function runBot(userId, filename, socket) {
+  const userDir = path.join(USERS_DIR, userId);
+  const fullPath = path.join(userDir, filename);
+  const proc = spawn('node', [fullPath], { cwd: userDir });
+
+  // Store reference so we can send stdin later
+  userStates[userId].runningProcess = proc;
+
+  proc.on('error', (err) => {
+    console.error(`❌ Bot spawn error for ${userId}:`, err);
+    socket.emit('message', '❌ Failed to start bot: ' + err.message);
+  });
+
+  proc.stdout.on('data', (data) => {
+    socket.emit('message', `🟢 BOT: ${data.toString()}`);
+  });
+
+  proc.stderr.on('data', (data) => {
+    socket.emit('message', `🔴 BOT ERROR: ${data.toString()}`);
+  });
+
+  proc.on('close', (code) => {
+    socket.emit('message', `⚪ BOT exited with code ${code}`);
+    userStates[userId].runningProcess = null;
+  });
+}
+
+// ─── 12) START THE SERVER ───────────────���─────────────────────────────────────
+const PORT = process.env.PORT || 7860;
 http.listen(PORT, () => {
-  console.log(`🚀 Server running on port ${PORT}`);
-  console.log(`🔑 Admin password: ${ADMIN_PASSWORD}`);
+  console.log(`✅ Server running on port ${PORT}`);
 });
 
-// Error handling
+// ─── 13) GLOBAL ERROR HANDLERS ────────────────────────────────────────────────
 process.on('uncaughtException', (err) => {
-  console.error('Uncaught Exception:', err);
+  console.error('💥 Uncaught Exception:', err);
 });
-
-process.on('unhandledRejection', (reason, promise) => {
-  console.error('Unhandled Rejection at:', promise, 'reason:', reason);
+process.on('unhandledRejection', (reason) => {
+  console.error('💥 Unhandled Promise Rejection:', reason);
 });