Update server.js

server.js

@@ -2,356 +2,191 @@
  * server.js
  *
  * A multi-user “panel” for deploying and hosting WhatsApp bots (Baileys-based).
- * - Stores all data in /app/storage (writable on HF Spaces).
+ * - Stores all data in /users (writable on HF Spaces).
  * - Spawns bots in child processes so bot crashes don’t kill the panel.
  * - Global error handlers prevent uncaught exceptions from exiting.
  * - Serves a frontend in /public and accepts a “ping” to keep the Socket.IO connection alive.
  */
 
 const express = require('express');
-const { spawn } = require('child_process');
-const fs = require('fs');
-const fsPromises = require('fs').promises;
+const http = require('http');
+const socketIO = require('socket.io');
 const path = require('path');
+const fs = require('fs');
+const { spawn } = require('child_process');
+const cors = require('cors');
+
+// Create server
 const app = express();
-const http = require('http').createServer(app);
-const io = require('socket.io')(http);
-const fetch = require('node-fetch');
-const crypto = require('crypto');
+const httpServer = http.createServer(app);
+const io = socketIO(httpServer, {
+  cors: {
+    origin: '*',
+  },
+});
 
 // ─── 1) PATHS & STORAGE SETUP ─────────────────────────────────────────────────
-const DATA_DIR = path.join(__dirname, 'storage');
-const USERS_DIR = path.join(DATA_DIR, 'users');
-
-// Ensure storage directories exist
-try {
-  fs.mkdirSync(DATA_DIR, { recursive: true });
-  fs.mkdirSync(USERS_DIR, { recursive: true });
-} catch (err) {
-  console.error('Error ensuring storage directories:', err);
-  process.exit(1);
-}
+const USERS_DIR = path.join(__dirname, 'users');
+if (!fs.existsSync(USERS_DIR)) fs.mkdirSync(USERS_DIR);
 
-// Paths to JSON files in storage
-const blueBuyerCodeFile = path.join(DATA_DIR, 'blueBuyerCode.json');
-const bannedFilePath   = path.join(DATA_DIR, 'banned.json');
-const usersFilePath    = path.join(DATA_DIR, 'users.json');
-
-// ─── 2) INITIALIZE blueBuyerCode.json ─────────────────────────────────────────
-let blueBuyerCode;
-if (fs.existsSync(blueBuyerCodeFile)) {
-  const data = fs.readFileSync(blueBuyerCodeFile, 'utf8');
-  blueBuyerCode = JSON.parse(data).code;
-} else {
-  blueBuyerCode = Math.floor(118738411 + Math.random() * 599938);
-  fs.writeFileSync(blueBuyerCodeFile, JSON.stringify({ code: blueBuyerCode }, null, 2));
-}
-console.log(`YOUR BUYER CODE: ${blueBuyerCode}`);
+// In-memory state per user
+const userStates = {}; // { [userId]: { step: string, runningProcess: ChildProcess|null } }
+let activeUsers = 0;
 
-// ─── 3) INITIALIZE banned.json & users.json ──────────────────────────────────
-if (!fs.existsSync(bannedFilePath)) {
-  fs.writeFileSync(bannedFilePath, JSON.stringify([], null, 2));
+// ─── 2) LOAD / SAVE USERS & BANNED ────────────────────────────────────────────
+function loadUsers() {
+  const file = path.join(__dirname, 'users.json');
+  if (!fs.existsSync(file)) return {};
+  try {
+    return JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch {
+    return {};
+  }
 }
-if (!fs.existsSync(usersFilePath)) {
-  // Create a default admin “BLUEX”
-  const initialUsers = {
-    BLUEX: { id: 'creator001', password: 'Taloalob,1', isAdmin: true }
-  };
-  fs.writeFileSync(usersFilePath, JSON.stringify(initialUsers, null, 2));
+function saveUsers(users) {
+  fs.writeFileSync(path.join(__dirname, 'users.json'), JSON.stringify(users, null, 2));
 }
 
-// ─── 4) JSON LOAD / SAVE HELPERS ───────────────────────────────────────────────
-const loadBannedUsers = () => {
+function loadBannedUsers() {
+  const file = path.join(__dirname, 'banned.json');
+  if (!fs.existsSync(file)) return [];
   try {
-    const data = fs.readFileSync(bannedFilePath, 'utf8');
-    return JSON.parse(data);
-  } catch (err) {
-    console.error('Error loading banned users:', err);
+    return JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch {
     return [];
   }
-};
-
-const saveBannedUsers = (bannedUsers) => {
-  try {
-    fs.writeFileSync(bannedFilePath, JSON.stringify(bannedUsers, null, 2));
-  } catch (err) {
-    console.error('Error saving banned users:', err);
-  }
-};
-
-const loadUsers = () => {
-  try {
-    const data = fs.readFileSync(usersFilePath, 'utf8');
-    return JSON.parse(data);
-  } catch (err) {
-    console.error('Error loading users:', err);
-    return {};
-  }
-};
+}
+function saveBannedUsers(bannedList) {
+  fs.writeFileSync(path.join(__dirname, 'banned.json'), JSON.stringify(bannedList, null, 2));
+}
 
-const saveUsers = (users) => {
-  try {
-    fs.writeFileSync(usersFilePath, JSON.stringify(users, null, 2));
-  } catch (err) {
-    console.error('Error saving users:', err);
+// ─── 3) HELPER: CALCULATE STORAGE USAGE ────────────────────────────────────────
+function calculateDirectorySize(dirPath) {
+  let totalSize = 0;
+  if (!fs.existsSync(dirPath)) return 0;
+
+  function walk(directory) {
+    const entries = fs.readdirSync(directory, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = path.join(directory, entry.name);
+      const stats = fs.statSync(fullPath);
+      if (stats.isFile()) {
+        totalSize += stats.size;
+      } else if (stats.isDirectory()) {
+        walk(fullPath);
+      }
+    }
   }
-};
 
-// ─── 5) COUNT HELPERS ───────────────────────────────────────────────────────────
-const getClientAccountCount = (clientId) => {
-  const users = loadUsers();
-  return Object.values(users).filter(u => u.clientId === clientId).length;
-};
+  walk(dirPath);
+  return totalSize;
+}
 
-const getTotalUserCount = () => Object.keys(loadUsers()).length;
-const getBannedUserCount = () => loadBannedUsers().length;
+// ─── 4) HELPER: RUN BOT ────────────────────────────────────────────────────────
+function runBot(userId, filename, socket) {
+  const userDir = path.join(USERS_DIR, userId);
+  const fullFilePath = path.join(userDir, filename);
 
-// ─── 6) CALCULATE STORAGE USAGE ────────────────────────────────────────────────
-const calculateDirectorySize = (directory) => {
-  let totalSize = 0;
-  const items = fs.readdirSync(directory, { withFileTypes: true });
-  for (const item of items) {
-    const p = path.join(directory, item.name);
-    const stats = fs.statSync(p);
-    if (stats.isFile()) {
-      totalSize += stats.size;
-    } else if (stats.isDirectory()) {
-      totalSize += calculateDirectorySize(p);
-    }
+  if (!fs.existsSync(fullFilePath)) {
+    socket.emit('message', '❌ Bot file not found: ' + filename);
+    return;
   }
-  return totalSize;
-};
 
-// ─── 7) FILE OPERATIONS FOR USERS ───────────────────────────────────────────────
-async function uploadFile(userId, filePath, content) {
-  const fullPath = path.join(USERS_DIR, userId, filePath);
   try {
-    await fsPromises.mkdir(path.dirname(fullPath), { recursive: true });
-    await fsPromises.writeFile(fullPath, content, 'utf-8');
+    const child = spawn('node', [filename], {
+      cwd: userDir,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+
+    // Store reference so we can send stdin later
+    userStates[userId].runningProcess = child;
+
+    child.stdout.on('data', (data) => {
+      socket.emit('message', `📤 ${data.toString()}`);
+    });
+
+    child.stderr.on('data', (data) => {
+      socket.emit('message', `⚠️ BOT ERROR: ${data.toString()}`);
+    });
+
+    child.on('close', (code) => {
+      socket.emit('message', `🛑 Bot exited with code ${code}`);
+      userStates[userId].runningProcess = null;
+    });
+
+    child.on('error', (err) => {
+      socket.emit('message', '❌ Failed to spawn bot: ' + err.message);
+      userStates[userId].runningProcess = null;
+    });
   } catch (err) {
-    console.error('Error uploading file:', err);
-    throw new Error('Failed to upload file');
+    socket.emit('message', '❌ Exception running bot: ' + err.message);
   }
 }
 
+// ─── 5) HELPER: FILE OPERATIONS ───────────────────────────────────────────────
+async function listFiles(userId, dirPath = '') {
+  const fullDir = path.join(USERS_DIR, userId, dirPath);
+  if (!fs.existsSync(fullDir)) return [];
+  return fs.readdirSync(fullDir).map((name) => ({ name }));
+}
+
 async function readFile(userId, filePath) {
   const fullPath = path.join(USERS_DIR, userId, filePath);
-  try {
-    return await fsPromises.readFile(fullPath, 'utf-8');
-  } catch (err) {
-    console.error('Error reading file:', err);
-    throw new Error('Failed to read file');
-  }
+  if (!fs.existsSync(fullPath)) throw new Error('File not found');
+  return fs.readFileSync(fullPath, 'utf8');
 }
 
 async function writeFile(userId, filePath, content) {
   const fullPath = path.join(USERS_DIR, userId, filePath);
-  try {
-    await fsPromises.writeFile(fullPath, content, 'utf-8');
-  } catch (err) {
-    console.error('Error writing file:', err);
-    throw new Error('Failed to write file');
-  }
+  fs.writeFileSync(fullPath, content, 'utf8');
 }
 
-async function listFiles(userId, dirPath = '') {
-  const fullPath = path.join(USERS_DIR, userId, dirPath);
-  try {
-    const items = await fsPromises.readdir(fullPath, { withFileTypes: true });
-    return items.map(item => ({
-      name: item.name,
-      type: item.isDirectory() ? 'folder' : 'file',
-      path: path.join(dirPath, item.name)
-    }));
-  } catch (err) {
-    console.error('Error listing files:', err);
-    throw new Error('Failed to list files');
-  }
+async function uploadFile(userId, filePath, contentBase64) {
+  const fullPath = path.join(USERS_DIR, userId, filePath);
+  const buffer = Buffer.from(contentBase64, 'base64');
+  fs.writeFileSync(fullPath, buffer);
 }
 
-// ─── 8) SERVER SETUP ───────────────────────────────────────────────────────────
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-app.use(express.static(path.join(__dirname, 'public')));
-
-// Health check endpoint for HF Spaces
-app.get('/', (req, res) => {
-  res.send('Panel is running.');
-});
-
-// In-memory user state tracking
-const userStates = {}; // { [userId]: { step: string, runningProcess: ChildProcess|null } }
-
-// ─── 9) LOGIN / AUTH ───────────────────────────────────────────────────────────
-io.on('connection', (socket) => {
-  console.log('A user connected');
-
-  // ─── Login ─────────────────────────────────────────────────────────────────
-  socket.on('login', async ({ username, password }) => {
-    try {
-      if (!username || !password) throw new Error('Missing fields');
-      if (typeof username !== 'string' || typeof password !== 'string') throw new Error('Invalid types');
-
-      const users = loadUsers();
-      const user = users[username];
-      if (user && user.password === password) {
-        socket.emit('loginResponse', {
-          success: true,
-          userId: user.id,
-          isAdmin: user.isAdmin
-        });
-      } else {
-        socket.emit('loginResponse', {
-          success: false,
-          message: 'Invalid username or password.'
-        });
-      }
-    } catch (err) {
-      console.error('Error during login:', err);
-      socket.emit('loginResponse', {
-        success: false,
-        message: 'An error occurred during login.'
-      });
-    }
-  });
-
-  // ─── Admin: Get Users ─────────────────────────────────────────────────────
-  socket.on('adminGetUsers', () => {
-    try {
-      const users = loadUsers();
-      const userList = Object.keys(users).map(username => ({
-        username,
-        id: users[username].id,
-        isAdmin: users[username].isAdmin,
-        password: users[username].password
-      }));
-      const totalUsers = getTotalUserCount();
-      socket.emit('adminUserList', { users: userList, totalUsers });
-    } catch (err) {
-      console.error('Error getting user list:', err);
-      socket.emit('adminUserList', { users: [], totalUsers: 0 });
-    }
-  });
-
-  // ─── Admin: Ban User ───────────────────────────────────────────────────────
-  socket.on('adminBanUser', (userId) => {
-    try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const bannedUsers = loadBannedUsers();
-      if (!bannedUsers.includes(userId)) {
-        bannedUsers.push(userId);
-        saveBannedUsers(bannedUsers);
-        socket.emit('adminBanResponse', { success: true, message: 'User banned.' });
-        io.emit('userStats', getUserStats());
-      } else {
-        socket.emit('adminBanResponse', { success: false, message: 'User already banned.' });
-      }
-    } catch (err) {
-      console.error('Error banning user:', err);
-      socket.emit('adminBanResponse', { success: false, message: 'Error banning user.' });
-    }
-  });
-
-  // ─── Admin: Unban User ─────────────────────────────────────────────────────
-  socket.on('adminUnbanUser', (userId) => {
-    try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const bannedUsers = loadBannedUsers();
-      const idx = bannedUsers.indexOf(userId);
-      if (idx > -1) {
-        bannedUsers.splice(idx, 1);
-        saveBannedUsers(bannedUsers);
-        socket.emit('adminUnbanResponse', { success: true, message: 'User unbanned.' });
-        io.emit('userStats', getUserStats());
-      } else {
-        socket.emit('adminUnbanResponse', { success: false, message: 'User not banned.' });
-      }
-    } catch (err) {
-      console.error('Error unbanning user:', err);
-      socket.emit('adminUnbanResponse', { success: false, message: 'Error unbanning user.' });
-    }
-  });
+// ��── 6) HELPER: STATS ─────────────────────────────────────────────────────────
+function getServerRuntime() {
+  const u = process.uptime();
+  const hours = Math.floor(u / 3600);
+  const minutes = Math.floor((u % 3600) / 60);
+  const seconds = Math.floor(u % 60);
+  return `${hours}h ${minutes}m ${seconds}s`;
+}
 
-  // ─── Admin: Delete User ────────────────────────────────────────────────────
-  socket.on('adminDeleteUser', (userId) => {
-    try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const users = loadUsers();
-      const usernameToDelete = Object.keys(users).find(u => users[u].id === userId);
-      if (usernameToDelete) {
-        delete users[usernameToDelete];
-        saveUsers(users);
-
-        // Remove user's folder
-        const userDir = path.join(USERS_DIR, userId);
-        if (fs.existsSync(userDir)) {
-          fs.rmSync(userDir, { recursive: true, force: true });
-        }
+function getSystemStatus() {
+  return {
+    memoryUsage: process.memoryUsage(),
+    uptime: process.uptime()
+  };
+}
 
-        // Also unban if present
-        const bannedUsers = loadBannedUsers();
-        const idx = bannedUsers.indexOf(userId);
-        if (idx > -1) {
-          bannedUsers.splice(idx, 1);
-          saveBannedUsers(bannedUsers);
-        }
+function getUserStats() {
+  return { activeUsers };
+}
 
-        socket.emit('adminDeleteUserResponse', { success: true, message: 'User deleted.' });
-        io.emit('userStats', getUserStats());
-      } else {
-        socket.emit('adminDeleteUserResponse', { success: false, message: 'User not found.' });
-      }
-    } catch (err) {
-      console.error('Error deleting user:', err);
-      socket.emit('adminDeleteUserResponse', { success: false, message: 'Error deleting user.' });
-    }
-  });
+// ─── 7) STATIC & CORS ─────────────────────────────────────────────────────────
+app.use(cors());
+app.use(express.static(path.join(__dirname, 'public')));
 
-  // ─── Admin: Make Admin ──────────────────────────────────────────────────────
-  socket.on('adminMakeAdmin', (userId) => {
-    try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const users = loadUsers();
-      const usernameToUpdate = Object.keys(users).find(u => users[u].id === userId);
-      if (usernameToUpdate) {
-        users[usernameToUpdate].isAdmin = true;
-        saveUsers(users);
-        socket.emit('adminMakeAdminResponse', { success: true, message: 'User is now admin.' });
-      } else {
-        socket.emit('adminMakeAdminResponse', { success: false, message: 'User not found.' });
-      }
-    } catch (err) {
-      console.error('Error making user admin:', err);
-      socket.emit('adminMakeAdminResponse', { success: false, message: 'Error making user admin.' });
-    }
-  });
+// ─── 8) WEBSOCKET HANDLERS ────────────────────────────────────────────────────
+io.on('connection', (socket) => {
+  activeUsers++;
+  io.emit('userStats', getUserStats());
 
-  // ─── Admin: Remove Admin ────────────────────────────────────────────────────
-  socket.on('adminRemoveAdmin', (userId) => {
+  // ─── Start Session ─────────────────────────────────────────────────────────
+  socket.on('start', (userId) => {
     try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const users = loadUsers();
-      const usernameToUpdate = Object.keys(users).find(u => users[u].id === userId);
-      if (usernameToUpdate) {
-        users[usernameToUpdate].isAdmin = false;
-        saveUsers(users);
-        socket.emit('adminRemoveAdminResponse', { success: true, message: 'Admin removed.' });
-      } else {
-        socket.emit('adminRemoveAdminResponse', { success: false, message: 'User not found.' });
+      if (typeof userId !== 'string' || userId.trim() === '') {
+        socket.emit('message', '❌ Invalid userId.');
+        return;
       }
-    } catch (err) {
-      console.error('Error removing admin:', err);
-      socket.emit('adminRemoveAdminResponse', { success: false, message: 'Error removing admin.' });
-    }
-  });
 
-  // ─── User “Start” (makes user folder and prompts for repo) ──────────────────
-  socket.on('start', (userId) => {
-    try {
-      if (typeof userId !== 'string') throw new Error('Invalid userId');
-      const bannedUsers = loadBannedUsers();
-      if (bannedUsers.includes(userId)) {
-        socket.emit('message', '❌ You are banned from using this service.');
+      const bannedList = loadBannedUsers();
+      if (bannedList.includes(userId)) {
+        socket.emit('message', '❌ You are banned from this service.');
         return;
       }
 
@@ -360,29 +195,32 @@ io.on('connection', (socket) => {
         fs.mkdirSync(userDir, { recursive: true });
       }
 
-      // Show storage usage
-      const spaceUsed = calculateDirectorySize(userDir);
-      const spaceMB = (spaceUsed / (1024 * 1024)).toFixed(2);
-      socket.emit('message', JSON.stringify({ type: 'spaceUsage', usage: `${spaceMB} MB` }));
+      const used = calculateDirectorySize(userDir);
+      socket.emit('message', JSON.stringify({
+        type: 'spaceUsage',
+        usage: `${(used / 1024 / 1024).toFixed(2)} MB`
+      }));
 
+      // Set state to ask for GitHub repo
       userStates[userId] = { step: 'ask_repo', runningProcess: null };
-      socket.emit('message', '🔄 Please send the GitHub repo URL to clone (e.g. https://github.com/user/repo).');
+      socket.emit('message', '🔄 Please send your GitHub repo URL (e.g., https://github.com/user/repo).');
     } catch (err) {
-      console.error('Error starting session:', err);
-      socket.emit('message', '❌ Error starting your session.');
+      console.error('Error in start:', err);
+      socket.emit('message', '❌ Error starting session: ' + err.message);
     }
   });
 
-  // ─── User “Command” Handler (clone, install, run, clear, list) ─────────────
-  socket.on('command', async (data) => {
+  // ─── Command Handler ────────────────────────────────────────────────────────
+  socket.on('command', async ({ userId, message }) => {
     try {
-      if (!data || typeof data.userId !== 'string' || typeof data.message !== 'string') {
-        throw new Error('Invalid input types');
+      if (typeof userId !== 'string' || typeof message !== 'string') {
+        socket.emit('message', '❌ Invalid command data.');
+        return;
       }
-      const { userId, message } = data;
-      const bannedUsers = loadBannedUsers();
-      if (bannedUsers.includes(userId)) {
-        socket.emit('message', '❌ You are banned from using this service.');
+
+      const bannedList = loadBannedUsers();
+      if (bannedList.includes(userId)) {
+        socket.emit('message', '❌ You are banned from this service.');
         return;
       }
 
@@ -392,23 +230,16 @@ io.on('connection', (socket) => {
       }
 
       const userDir = path.join(USERS_DIR, userId);
-      if (!fs.existsSync(userDir)) {
-        fs.mkdirSync(userDir, { recursive: true });
-      }
-
       const state = userStates[userId];
 
-      // “clear” → delete user's folder
+      // ——— “clear” → delete user’s entire directory —————————————
       if (message.toLowerCase() === 'clear') {
         if (fs.existsSync(userDir)) {
-          socket.emit('message', '🗑 Clearing your directory...');
           const rmProc = spawn('rm', ['-rf', userDir]);
-
           rmProc.on('error', (err) => {
-            console.error('❌ Failed to spawn rm:', err);
+            console.error('Error spawning rm:', err);
             socket.emit('message', '❌ Failed to clear directory: ' + err.message);
           });
-
           rmProc.on('close', (code) => {
             if (code === 0) {
               socket.emit('message', '✅ Directory cleared.');
@@ -422,19 +253,19 @@ io.on('connection', (socket) => {
         return;
       }
 
-      // “list” → list files in user's folder
+      // ——— “list” → list files in user’s folder ————————————————
       if (message.toLowerCase() === 'list') {
         try {
           const files = await listFiles(userId);
-          const names = files.map(f => f.name).join('\n');
-          socket.emit('message', `📂 Files:\n${names || '(empty)'}`);
-        } catch {
-          socket.emit('message', '❌ Could not list files.');
+          const names = files.map(f => f.name).join('\n') || '(empty)';
+          socket.emit('message', `📂 Files:\n${names}`);
+        } catch (err) {
+          socket.emit('message', '❌ Could not list files: ' + err.message);
         }
         return;
       }
 
-      // If we are in “ask_repo” state, treat message as GitHub URL
+      // ——— If state = “ask_repo”, treat message as GitHub URL ——————
       if (state.step === 'ask_repo') {
         const repoUrl = message.trim();
         if (!repoUrl.startsWith('https://github.com/')) {
@@ -446,12 +277,12 @@ io.on('connection', (socket) => {
         const gitClone = spawn('git', ['clone', repoUrl, '.'], { cwd: userDir });
 
         gitClone.on('error', (err) => {
-          console.error('❌ Failed to spawn git clone:', err);
+          console.error('Error spawning git clone:', err);
           socket.emit('message', '❌ Failed to run git clone: ' + err.message);
         });
 
         gitClone.stdout.on('data', (data) => {
-          socket.emit('message', `✅ GIT: ${data.toString()}`);
+          socket.emit('message', `📦 GIT: ${data.toString()}`);
         });
         gitClone.stderr.on('data', (data) => {
           socket.emit('message', `⚠️ GIT ERROR: ${data.toString()}`);
@@ -463,16 +294,17 @@ io.on('connection', (socket) => {
             const yarnInstall = spawn('yarn', ['install'], { cwd: userDir });
 
             yarnInstall.on('error', (err) => {
-              console.error('❌ Failed to spawn yarn install:', err);
+              console.error('Error spawning yarn install:', err);
               socket.emit('message', '❌ Failed to run yarn install: ' + err.message);
             });
 
             yarnInstall.stdout.on('data', (data) => {
-              socket.emit('message', `✅ YARN: ${data.toString()}`);
+              socket.emit('message', `📦 YARN: ${data.toString()}`);
             });
             yarnInstall.stderr.on('data', (data) => {
               socket.emit('message', `⚠️ YARN ERROR: ${data.toString()}`);
             });
+
             yarnInstall.on('close', (installCode) => {
               if (installCode === 0) {
                 socket.emit('message', '✅ Dependencies installed.\n▶️ Send the filename to run (e.g. index.js).');
@@ -489,7 +321,7 @@ io.on('connection', (socket) => {
         return;
       }
 
-      // If we are in “ask_file” state, message is the filename to run
+      // ——— If state = “ask_file”, message = filename to run ————————
       if (state.step === 'ask_file') {
         const filename = message.trim();
         const filePath = path.join(userDir, filename);
@@ -498,20 +330,17 @@ io.on('connection', (socket) => {
           return;
         }
         socket.emit('message', `🚀 Running file: ${filename}`);
-
-        // Run the bot safely
         runBot(userId, filename, socket);
-
-        // Next commands will go to “interacting” state
         state.step = 'interacting';
         return;
       }
 
-      // If we are in “interacting” state, forward input to bot’s stdin
+      // ——— If state = “interacting”, forward input to bot’s stdin ————
       if (state.step === 'interacting') {
-        if (state.runningProcess) {
+        const proc = state.runningProcess;
+        if (proc) {
           try {
-            state.runningProcess.stdin.write(message + '\n');
+            proc.stdin.write(message + '\n');
           } catch (err) {
             socket.emit('message', '❌ Failed to write to bot stdin: ' + err.message);
           }
@@ -521,15 +350,15 @@ io.on('connection', (socket) => {
         return;
       }
 
-      // Otherwise, unrecognized command
-      socket.emit('message', '❌ Unrecognized command. Use “list”, “clear”, or send the GitHub URL.');
+      // ——— Unrecognized command ————————————————————————————————————
+      socket.emit('message', '❌ Unrecognized command. Use “list”, “clear”, or send the GitHub URL/file.');
     } catch (err) {
-      console.error('Error processing command:', err);
-      socket.emit('message', '❌ Error processing command: ' + err.message);
+      console.error('Error in command handler:', err);
+      socket.emit('message', '❌ Error: ' + err.message);
     }
   });
 
-  // ─── Read File ─────────────────────────────────────────────────────────────────
+  // ─── Read File ───────────────────────────────────────────────────────────────
   socket.on('readFile', async ({ userId, filePath }) => {
     try {
       const content = await readFile(userId, filePath);
@@ -539,7 +368,7 @@ io.on('connection', (socket) => {
     }
   });
 
-  // ─── Write File ────────────────────────────────────────────────────────────────
+  // ─── Write File ──────────────────────────────────────────────────────────────
   socket.on('writeFile', async ({ userId, filePath, content }) => {
     try {
       await writeFile(userId, filePath, content);
@@ -549,17 +378,7 @@ io.on('connection', (socket) => {
     }
   });
 
-  // ─── List Files ───────────────────────────────────────────────���────────────────
-  socket.on('listFiles', async ({ userId, dirPath }) => {
-    try {
-      const files = await listFiles(userId, dirPath);
-      socket.emit('fileList', files);
-    } catch (err) {
-      socket.emit('error', { message: err.message });
-    }
-  });
-
-  // ─── Upload File ───────────────────────────────────────────────────────────────
+  // ─── Upload File ──────────────────────────────────────────────────────────────
   socket.on('uploadFile', async ({ userId, filePath, content }) => {
     try {
       await uploadFile(userId, filePath, content);
@@ -569,137 +388,30 @@ io.on('connection', (socket) => {
     }
   });
 
-  // ─── Forgot Password: generate token ───────────────────────────────────────────
-  socket.on('forgotPassword', async (clientId) => {
-    try {
-      const users = loadUsers();
-      const userObj = Object.values(users).find(u => u.clientId === clientId);
-      if (userObj) {
-        const resetToken = crypto.randomBytes(20).toString('hex');
-        userObj.resetToken = resetToken;
-        userObj.resetTokenExpires = Date.now() + 3600000; // 1 hour
-        saveUsers(users);
-        socket.emit('resetTokenGenerated', { username: Object.keys(users).find(k => users[k].clientId === clientId), resetToken });
-      } else {
-        socket.emit('resetTokenError', 'No user found with that Device ID.');
-      }
-    } catch (err) {
-      console.error('Error in forgotPassword:', err);
-      socket.emit('resetTokenError', 'Error during password reset.');
-    }
-  });
-
-  // ─── Reset Password: validate token and update ─────────────────────────────────
-  socket.on('resetPassword', async ({ resetToken, newPassword }) => {
-    try {
-      const users = loadUsers();
-      const userObj = Object.values(users).find(u => u.resetToken === resetToken && u.resetTokenExpires > Date.now());
-      if (userObj) {
-        userObj.password = newPassword;
-        delete userObj.resetToken;
-        delete userObj.resetTokenExpires;
-        saveUsers(users);
-        socket.emit('passwordResetSuccess', 'Password has been reset.');
-      } else {
-        socket.emit('passwordResetError', 'Invalid or expired token.');
-      }
-    } catch (err) {
-      console.error('Error in resetPassword:', err);
-      socket.emit('passwordResetError', 'Error resetting password.');
-    }
-  });
-
-  // ─── Keep-Alive “ping” (frontend sends every 10s) ──────────────────────────────
+  // ─── Keep-Alive “ping” (frontend sends every 10s) ─────────────────────────────
   socket.on('ping', () => {
-    // simply acknowledges so the container doesn’t go idle
-  });
-
-  // ─── Get Live Stats on Demand ─────────────────────────────────────────────────
-  socket.on('getServerRuntime', () => {
-    socket.emit('serverRuntime', getServerRuntime());
-  });
-
-  socket.on('getSystemStatus', () => {
-    socket.emit('systemStatus', getSystemStatus());
-  });
-
-  socket.on('getUserStats', () => {
-    socket.emit('userStats', getUserStats());
+    // Do nothing; prevents HF Spaces from idling
   });
 
   // ─── Disconnect ───────────────────────────────────────────────────────────────
   socket.on('disconnect', () => {
-    console.log('A user disconnected');
+    activeUsers--;
     io.emit('userStats', getUserStats());
   });
 });
 
-// ─── 10) BROADCAST LIVE STATS EVERY 5 SECONDS ─────────────────────────────────
-function getServerRuntime() {
-  const uptime = process.uptime();
-  return `${Math.floor(uptime / 3600)}h ${Math.floor((uptime % 3600) / 60)}m ${Math.floor(uptime % 60)}s`;
-}
-
-function getSystemStatus() {
-  // (For example purposes; expand as needed)
-  return {
-    freeMemory: (os.freemem() / (1024 * 1024)).toFixed(2) + ' MB',
-    totalMemory: (os.totalmem() / (1024 * 1024)).toFixed(2) + ' MB',
-    cpuUsage: process.cpuUsage().system + process.cpuUsage().user
-  };
-}
-
-function getUserStats() {
-  const total = getTotalUserCount();
-  const bannedCount = getBannedUserCount();
-  return { totalUsers: total, bannedUsers: bannedCount };
-}
-
+// ─── 9) BROADCAST LIVE STATS EVERY 5 SECONDS ─────────────────────────────────
 setInterval(() => {
-  try {
-    io.emit('serverRuntime', getServerRuntime());
-    io.emit('systemStatus', getSystemStatus());
-    io.emit('userStats', getUserStats());
-  } catch (err) {
-    console.error('Error emitting periodic stats:', err);
-  }
+  io.emit('serverRuntime', getServerRuntime());
+  io.emit('systemStatus', getSystemStatus());
+  io.emit('userStats', getUserStats());
 }, 5000);
 
-// ─── 11) RUN BOT HELPER ────────────────────────────────────────────────────────
-function runBot(userId, filename, socket) {
-  const userDir = path.join(USERS_DIR, userId);
-  const fullPath = path.join(userDir, filename);
-  const proc = spawn('node', [fullPath], { cwd: userDir });
-
-  // Store reference so we can send stdin later
-  userStates[userId].runningProcess = proc;
-
-  proc.on('error', (err) => {
-    console.error(`❌ Bot spawn error for ${userId}:`, err);
-    socket.emit('message', '❌ Failed to start bot: ' + err.message);
-  });
-
-  proc.stdout.on('data', (data) => {
-    socket.emit('message', `🟢 BOT: ${data.toString()}`);
-  });
-
-  proc.stderr.on('data', (data) => {
-    socket.emit('message', `🔴 BOT ERROR: ${data.toString()}`);
-  });
-
-  proc.on('close', (code) => {
-    socket.emit('message', `⚪ BOT exited with code ${code}`);
-    userStates[userId].runningProcess = null;
-  });
-}
-
-// ─── 12) START THE SERVER ─────────────────────────────────────────────────────
+// ─── 10) START THE SERVER ─────────────────────────────────────────────────────
 const PORT = process.env.PORT || 7860;
-http.listen(PORT, () => {
-  console.log(`✅ Server running on port ${PORT}`);
-});
+httpServer.listen(PORT, () => console.log(`✅ Server running on port ${PORT}`));
 
-// ─── 13) GLOBAL ERROR HANDLERS ────────────────────────────────────────────────
+// ─── 11) GLOBAL ERROR HANDLERS ────────────────────────────────────────────────
 process.on('uncaughtException', (err) => {
   console.error('💥 Uncaught Exception:', err);
 });