Chore: environment variable support and security updates

.gitignore

@@ -1 +1,3 @@
 node_modules/
+credentials.json
+.env

credentials.json

@@ -1,13 +0,0 @@
-{
-  "type": "service_account",
-  "project_id": "gen-lang-client-0963727327",
-  "private_key_id": "9bd1ab7c0de460b7e1e99f7cbb9ee0423f0581e6",
-  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9vhCyLjXvka79\n4siXVml6tRMBjKu686XPjcZpj9DplKu4nuJbnkW9HbdKxz2qaA3K2/0Eb5+vV86U\ngK/QxArvJ3SwbF3Uoo8S6YOgtZ4/WZLKthIEN0o8t6emqifPbDydsvJ88hNmm7r0\n7Jy2+xCdQhnbkNnfPLBjEornTc86Pqq3lDh24XE8YK8bPB1gpsiOMKh6rzBV80qM\noPSYwkNttdvoEdMSVEr6bvWUtt7XJiXitR/ZZbs2oPl3jeVDZzxRPb4TTrPpvWRK\nXAXq8ktkj8ZiReapgahEcse3h49rAxU8Z93YBVdMKrNf3TxlL+VAuUafVknVBdg5\nCYd0vqgNAgMBAAECggEAAbYDFER1nrwvpyzp9SYj/YPvtBIOzGFHLwwVed7Kkz6J\n4cXdpDSl4BSDYyrlQHxC7rxx/+6wK8+8+BI3bBKyLIul4UfQCl+WronK5UDPseVx\nRyK7VH2c72u0Oqiy7tWPAMtBETYoddbOCAUcaFkN6toqFV60CzMc38JcLYIMZ2nN\nG/5OOCgopdX3pEjKLZqdp1pKCB1m4+Tkf+MXJigCnUqVtcOtaDMq4LjMxj1uwM4l\nQXd1fanQU4dEdPzCrgjNe0pFEfnCYsMSByMAw8ny99J4GTyYCRQaQxmf27rHWX31\n4XSDwQoUgI3KueqpAhchYujwGqy5nN10To3guNWccQKBgQDtBD889ltKvdx5vHts\n0Jfhhm1zzUYwKpsZqNJoR521MkdJZ5/scrrgFiOQ+TEmBkq2dKoO185kWf6saKeE\nuWdmbnEIuRC1hm1yS/NcDW9u66/Z02VS88ZOkPkzVxtfdLfrJzA5qQbji2kRKFoO\n0W56CrcdMUpNyFDdIp6txfmRBQKBgQDM8IQeYNFQAJqeS/NGQDa2TKbqohiqbivw\nNodXmeIAbYDyoZYuCbJq1kx0bJpwG+YXGmFJ0HPVi5C3wwKQcAzV4UQK5CAVk6pX\n+cpAk+/a6xdiER0a0pe9Iae+OCJaLsrWb2v9HGebRjKbffFI6EqrELSU6cWX17cs\nw18RpHUJaQKBgBCU8HuqXJ6xA8C8kAH/4fBUQEoOvW9XO7yi0/2ZrQ3lM5mOF2Eq\ncaqFwf09gdPAMu/q347kSDs7FJcpRzcA5ZwD9AKBOAsLGZMafy8cfYRMFuRtZrRT\n+7a5a8XMvUyDVO6tsjEGg0XeFf6uTQamXk1JfKAdN66TahzedC2CIUClAoGBAL0e\nnu1hrwbC5+x4bjFABL1KEyanG1f7fzSXPWJLsVFvu/UrxGkLrcgFplwx9HrMZBKh\n13HEmYBQ4OWTYgRkQpQE40OhrTH8KNAyxL+/RTKii9uFq3QbLsfsDN3u81SBpdEo\n1WCoG7wglYcEO+tp4a3nJp3c9OjgujrmuA6R0ycxAoGAU9KF9GfAJDXKMjXBQiH+\n6ch1awgNF8jQ+fmvp5Va62FgdK9aMSQTnJJDVMYg6nTg2cvhbTL1rXr/bYjWHglV\nJx0SIzUAJjMRoOLxeG9bbX3JAUcuxcRdN97f0JTTpG9y2FoxwwLuTPeG7GhAUi60\njNfEUUkqWEFAjnjK8eujifU=\n-----END PRIVATE KEY-----\n",
-  "client_email": "wall-form-api@gen-lang-client-0963727327.iam.gserviceaccount.com",
-  "client_id": "101446101542617249984",
-  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "https://oauth2.googleapis.com/token",
-  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/wall-form-api%40gen-lang-client-0963727327.iam.gserviceaccount.com",
-  "universe_domain": "googleapis.com"
-}

public/live-site-integration.js

@@ -73,7 +73,7 @@
                     }
                 });
 
-                // Read file inputs as base64 DataURLs — server handles saving
+                // Read file inputs as base64 DataURLs
                 const filePromises = [];
                 Array.from(form.elements).forEach(el => {
                     if (el.type !== 'file' || !el.files || !el.files.length) return;
@@ -88,6 +88,28 @@
                 });
                 await Promise.all(filePromises);
 
+                // Upload photo directly to live server PHP — avoids HF ephemeral storage
+                if (PHOTO_UPLOAD_URL && formData.vetPhoto && formData.vetPhoto.startsWith('data:image')) {
+                    try {
+                        const idRes = await fetch(RESERVE_ID_URL + '?tab=Honor');
+                        const idData = await idRes.json();
+                        const uploadRes = await fetch(PHOTO_UPLOAD_URL, {
+                            method: 'POST',
+                            headers: { 'Content-Type': 'application/json' },
+                            body: JSON.stringify({ image: formData.vetPhoto, id: idData.id })
+                        });
+                        if (uploadRes.ok) {
+                            const uploadData = await uploadRes.json();
+                            if (uploadData.url) {
+                                formData.vetPhoto = uploadData.url;
+                                formData._reservedPhotoId = idData.id;
+                            }
+                        }
+                    } catch (e) {
+                        console.warn('[WallAPI] Direct photo upload failed, API will handle it:', e.message);
+                    }
+                }
+
                 // Set fallbacks for strict checking on the backend if this was just a generic form
                 if (!formData.name && !formData.Name && !formData.contactName && !formData.vetFirstName && !formData.submitterName) {
                     formData._generic_name = "User";

scrape_forms.js

@@ -0,0 +1,119 @@
+const fs = require('fs');
+const path = require('path');
+const cheerio = require('cheerio');
+
+const urls = [
+    { name: 'tours', url: 'https://www.thewallthathealsreynolds.org/tours.html' },
+    { name: 'escort', url: 'https://www.thewallthathealsreynolds.org/escort.html' },
+    { name: 'honor', url: 'https://www.thewallthathealsreynolds.org/honor.html' },
+    { name: 'contact', url: 'https://www.thewallthathealsreynolds.org/contact.html' }
+];
+
+const { execSync } = require('child_process');
+
+async function scrapeForms() {
+    for (const item of urls) {
+        console.log(`Fetching ${item.url}...`);
+        try {
+            const html = execSync(`curl -s -k "${item.url}"`).toString();
+            const $ = cheerio.load(html);
+
+            // Find the form container
+            let formHtml = '';
+
+            const formContainer = $('.contact-form');
+            if (formContainer.length > 0) {
+                formHtml = $.html(formContainer);
+            } else {
+                const justForm = $('form[data-validate]');
+                if (justForm.length > 0) {
+                    formHtml = $.html(justForm);
+                } else {
+                    const fallback = $('form');
+                    if (fallback.length > 0) {
+                        formHtml = $.html(fallback.first());
+                    }
+                }
+            }
+
+            if (formHtml) {
+                const finalHtml = `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>${item.name.charAt(0).toUpperCase() + item.name.slice(1)} Form</title>
+    <style>
+        body {
+            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            background-color: transparent;
+            margin: 0;
+            padding: 20px;
+            color: #333;
+        }
+        .contact-form {
+            max-width: 600px;
+            margin: 0 auto;
+            background: #fff;
+            padding: 30px;
+            border-radius: 8px;
+            box-shadow: 0 4px 6px rgba(0,0,0,0.1);
+        }
+        .form-group {
+            margin-bottom: 20px;
+        }
+        label {
+            display: block;
+            margin-bottom: 8px;
+            font-weight: 500;
+            color: #1a365d;
+        }
+        input[type="text"],
+        input[type="email"],
+        input[type="tel"],
+        select,
+        textarea {
+            width: 100%;
+            padding: 10px;
+            border: 1px solid #ccc;
+            border-radius: 4px;
+            font-size: 16px;
+            box-sizing: border-box;
+        }
+        button[type="submit"], input[type="submit"] {
+            background-color: #1a365d;
+            color: white;
+            padding: 12px 24px;
+            border: none;
+            border-radius: 4px;
+            font-size: 16px;
+            cursor: pointer;
+            width: 100%;
+            transition: background-color 0.2s;
+        }
+        button[type="submit"]:hover, input[type="submit"]:hover {
+            background-color: #2c5282;
+        }
+    </style>
+</head>
+<body>
+    ${formHtml.replace(/action="[^"]*"/g, '').replace(/method="[^"]*"/g, '')}
+    
+    <!-- Integration Script to automatically wire this form up to the Hugging Face API -->
+    <script src="/live-site-integration.js"></script>
+</body>
+</html>`;
+
+                const outputPath = path.join(__dirname, 'public', `${item.name}.html`);
+                fs.writeFileSync(outputPath, finalHtml);
+                console.log(`Saved form to ${outputPath}`);
+            } else {
+                console.log(`No form found on ${item.url}`);
+            }
+        } catch (e) {
+            console.error(`Failed to fetch ${item.url}:`, e);
+        }
+    }
+}
+
+scrapeForms();

server.js

@@ -82,27 +82,6 @@ async function getAuth() {
 // Ensure the Google Sheet ID is configured
 const spreadsheetId = process.env.GOOGLE_SHEET_ID;
 
-// Reserve next ID for a tab (used by client before photo upload)
-app.get('/api/reserve-id', async (req, res) => {
-  try {
-    const tab = req.query.tab || 'Sheet1';
-    const auth = await getAuth();
-    const sheets = google.sheets({ version: 'v4', auth });
-    const idCheck = await sheets.spreadsheets.values.get({
-      spreadsheetId,
-      range: `${tab}!A:A`,
-    });
-    const numericIds = (idCheck.data.values || [])
-      .flat()
-      .map(v => parseInt(v))
-      .filter(v => !isNaN(v));
-    const nextId = numericIds.length > 0 ? Math.max(...numericIds) + 1 : 1;
-    res.json({ id: nextId });
-  } catch (e) {
-    res.status(500).json({ error: e.message });
-  }
-});
-
 // API Endpoint to receive form submissions
 app.post('/api/submit', async (req, res) => {
   try {
@@ -127,31 +106,9 @@ app.post('/api/submit', async (req, res) => {
     // We are going to append to Columns A to G (Timestamp, Name, Email, Message, Phone, Subject, Origin).
     const TIMESTAMP = new Date().toISOString();
 
-    // Pre-determine range so we can fetch the current row count for the ID
+    // The range specifies where to append. 
+    // Dynamically sort into different tabs based on the origin URL!
     let range = 'Sheet1';
-    if (origin) {
-      const lo = origin.toLowerCase();
-      if (lo.includes('contact'))     range = 'Contact';
-      else if (lo.includes('tours'))  range = 'Tours';
-      else if (lo.includes('escort')) range = 'Escort';
-      else if (lo.includes('honor'))  range = 'Honor';
-    }
-
-    let nextId = 1;
-    try {
-      const idCheck = await sheets.spreadsheets.values.get({
-        spreadsheetId,
-        range: `${range}!A:A`,
-      });
-      const numericIds = (idCheck.data.values || [])
-        .flat()
-        .filter(v => /^\d+$/.test(String(v).trim()))
-        .map(v => parseInt(v, 10));
-      nextId = numericIds.length > 0 ? Math.max(...numericIds) + 1 : 1;
-    } catch (e) {
-      console.error('ID fetch failed:', e.message);
-    }
-
     let rowData = [];
 
     // Fallbacks if generic integration script used
@@ -164,8 +121,8 @@ app.post('/api/submit', async (req, res) => {
       const lowerOrigin = origin.toLowerCase();
       if (lowerOrigin.includes('contact')) {
         range = 'Contact';
+        // Match Contact Form: Date, Name, Email, Phone, Subject, Message, Origin
         rowData = [
-          nextId,
           TIMESTAMP,
           safeName,
           safeEmail,
@@ -176,8 +133,8 @@ app.post('/api/submit', async (req, res) => {
         ];
       } else if (lowerOrigin.includes('tours')) {
         range = 'Tours';
+        // Map exactly to: Date, Group Name, Tour Type, Contact Name, Contact Title, Email, Phone, Group Size, Date, Time, Special Needs, Additional Info, Origin
         rowData = [
-          nextId,
           TIMESTAMP,
           req.body.groupName || '',
           req.body.tourType || '',
@@ -194,13 +151,14 @@ app.post('/api/submit', async (req, res) => {
         ];
       } else if (lowerOrigin.includes('escort')) {
         range = 'Escort';
+        // Map exactly to: Date, Name, Email, Phone, Vehicle, Group Affiliation, Origin
         rowData = [
-          nextId,
           TIMESTAMP,
           req.body.name || '',
           req.body.email || '',
           req.body.phone || '',
           req.body.vehicle || '',
+          req.body.groupAffiliation || '',
           origin
         ];
       } else if (lowerOrigin.includes('honor')) {
@@ -210,35 +168,13 @@ app.post('/api/submit', async (req, res) => {
         const photoData = req.body.vetPhoto;
         if (photoData && photoData.startsWith('data:image')) {
           try {
-            const matches = photoData.match(/^data:image\/(jpeg|jpg|png|gif|webp);base64,(.+)$/si);
+            const matches = photoData.match(/^data:image\/(\w+);base64,(.+)$/s);
             if (matches) {
-              const ext = matches[1].toLowerCase() === 'jpeg' ? 'jpg' : matches[1].toLowerCase();
-
-              // Try permanent storage on live server first
-              if (process.env.PHOTO_UPLOAD_ENDPOINT) {
-                try {
-                  const phpRes = await fetch(process.env.PHOTO_UPLOAD_ENDPOINT, {
-                    method: 'POST',
-                    headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ image: photoData, id: nextId })
-                  });
-                  if (phpRes.ok) {
-                    const phpData = await phpRes.json();
-                    if (phpData.url) vetPhotoUrl = phpData.url;
-                  }
-                } catch (phpErr) {
-                  console.error('PHP upload failed, falling back to local:', phpErr.message);
-                }
-              }
-
-              // Fallback: save on HF space, but store the permanent thewall URL
-              if (!vetPhotoUrl) {
-                const uploadDir = path.join(__dirname, 'public', 'uploads');
-                if (!fs.existsSync(uploadDir)) fs.mkdirSync(uploadDir, { recursive: true });
-                const fileName = `${nextId}.${ext}`;
-                fs.writeFileSync(path.join(uploadDir, fileName), Buffer.from(matches[2], 'base64'));
-                vetPhotoUrl = `https://www.thewallthathealsreynolds.org/images/uploads/tributes/${fileName}`;
-              }
+              const uploadDir = path.join(__dirname, 'public', 'uploads');
+              if (!fs.existsSync(uploadDir)) fs.mkdirSync(uploadDir, { recursive: true });
+              const fileName = `${Date.now()}.${matches[1]}`;
+              fs.writeFileSync(path.join(uploadDir, fileName), Buffer.from(matches[2], 'base64'));
+              vetPhotoUrl = `${req.protocol}://${req.get('host')}/uploads/${fileName}`;
             }
           } catch (photoErr) {
             console.error('Failed to save photo:', photoErr);
@@ -246,7 +182,6 @@ app.post('/api/submit', async (req, res) => {
         }
 
         rowData = [
-          nextId,
           TIMESTAMP,
           req.body.vetFirstName || '',
           req.body.vetMiddleName || '',
@@ -268,10 +203,11 @@ app.post('/api/submit', async (req, res) => {
           vetPhotoUrl
         ];
       } else {
-        rowData = [nextId, TIMESTAMP, safeName, safeEmail, safeMessage, safePhone, subject || '', origin];
+        // Fallback catch-all
+        rowData = [TIMESTAMP, safeName, safeEmail, safeMessage, safePhone, subject || '', origin];
       }
     } else {
-      rowData = [nextId, TIMESTAMP, safeName, safeEmail, safeMessage, safePhone, subject || '', origin || 'Unknown'];
+      rowData = [TIMESTAMP, safeName, safeEmail, safeMessage, safePhone, subject || '', origin || 'Unknown'];
     }
 
     const response = await sheets.spreadsheets.values.append({