Update server/server.js

server/server.js

@@ -1,19 +1,33 @@
-// server.js
+/**
+ * Full server.js
+ *
+ * - Robust /api/yt/source -> resolves YouTube via VidFly (configurable via VIDFLY_API env)
+ * - Debug endpoint /api/vidfly/debug -> calls VidFly and returns the raw JSON for debugging
+ * - Robust /api/yt/proxy -> proxies googlevideo redirector URLs (for browser CORS + Range support)
+ * - Full Socket.IO room handlers (join, set_track, play/pause/seek/ended, requests, admin commands)
+ *
+ * Notes:
+ * - Set VIDFLY_API to override the default VidFly endpoint (default: https://api.vidfly.ai/api/media/youtube/download)
+ * - This file is self-contained; keep your existing jiosaavn.js module alongside (imported)
+ * - Be mindful of bandwidth when proxying large files through this server.
+ */
+
 import express from 'express';
 import http from 'http';
 import cors from 'cors';
-import { Server as SocketIOServer } from 'socket.io';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import axios from 'axios';
 import { PassThrough } from 'stream';
+import { Server as SocketIOServer } from 'socket.io';
+
 import {
   searchUniversal,
   getSong,
   getAlbum,
   getPlaylist,
   getLyrics
-} from './jiosaavn.js';
+} from './jiosaavn.js'; // keep your module
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -22,19 +36,24 @@ const app = express();
 app.use(cors());
 app.use(express.json());
 
+function log(...args) { console.log(new Date().toISOString(), ...args); }
 function short(v, n = 400) {
   try {
     const s = typeof v === 'string' ? v : JSON.stringify(v);
     return s.length > n ? s.slice(0, n) + '…' : s;
-  } catch {
-    return String(v).slice(0, n) + '…';
-  }
-}
-function log(...args) {
-  console.log(new Date().toISOString(), ...args);
+  } catch { return String(v).slice(0, n) + '…'; }
 }
 
-// ---------- Room state (same as before) ----------
+// ---------- Room state ----------
+/*
+room = {
+  id, name, hostId,
+  users: Map<socketId, { name, role: 'host'|'cohost'|'member', muted?: boolean }>,
+  track: { url, title, meta, kind, thumb? },
+  isPlaying, anchor, anchorAt,
+  queue: Array<track>
+}
+*/
 const rooms = new Map();
 function ensureRoom(roomId) {
   if (!rooms.has(roomId)) {
@@ -70,8 +89,6 @@ function membersPayload(room) {
     isHost: id === room.hostId
   }));
 }
-
-// helpers used by socket handlers later
 function broadcastMembers(roomId) {
   const room = rooms.get(roomId);
   if (!room) return;
@@ -155,7 +172,7 @@ app.get('/api/lyrics', async (req, res) => {
   } catch (e) { log('/api/lyrics error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); }
 });
 
-// ---------- YouTube search ----------
+// ---------- YouTube search (optional) ----------
 app.get('/api/ytsearch', async (req, res) => {
   try {
     const key = process.env.YT_API_KEY;
@@ -178,37 +195,63 @@ app.get('/api/ytsearch', async (req, res) => {
   }
 });
 
-// ---------- YouTube resolve via VidFly API ----------
+// ---------- YouTube resolve via VidFly ----------
+const VIDFLY_API = process.env.VIDFLY_API || 'https://api.vidfly.ai/api/media/youtube/download';
+
+app.get('/api/vidfly/debug', async (req, res) => {
+  // Debug endpoint: calls VidFly and returns raw response (JSON) for troubleshooting
+  try {
+    let raw = (req.query.url || '').trim();
+    if (!raw) return res.status(400).json({ error: 'Missing url' });
+    if (/^[a-zA-Z0-9_-]{11}$/.test(raw)) raw = `https://www.youtube.com/watch?v=${raw}`;
+
+    const apiUrl = `${VIDFLY_API}?url=${encodeURIComponent(raw)}`;
+    log('VIDFLY debug call ->', apiUrl);
+    const resp = await axios.get(apiUrl, { timeout: 20000, validateStatus: () => true });
+    // Return status and body so caller can inspect
+    res.status(200).json({ status: resp.status, headers: resp.headers, data: resp.data });
+  } catch (e) {
+    log('/api/vidfly/debug error', e?.message ?? e);
+    res.status(500).json({ error: e?.message ?? String(e) });
+  }
+});
+
 app.get('/api/yt/source', async (req, res) => {
+  // Primary resolver: call VidFly and return chosen playable url + metadata
   try {
     let raw = (req.query.url || '').trim();
     if (!raw) return res.status(400).json({ error: 'Missing url' });
     if (/^[a-zA-Z0-9_-]{11}$/.test(raw)) raw = `https://www.youtube.com/watch?v=${raw}`;
-    const vidflyUrl = `https://api.vidfly.ai/api/media/youtube/download?url=${encodeURIComponent(raw)}`;
-    log('Calling VidFly API:', vidflyUrl);
-    const resp = await axios.get(vidflyUrl, { timeout: 20000, validateStatus: () => true });
+
+    const apiUrl = `${VIDFLY_API}?url=${encodeURIComponent(raw)}`;
+    log('Calling VidFly API:', apiUrl);
+    const resp = await axios.get(apiUrl, { timeout: 20000, validateStatus: () => true });
     const data = resp.data;
+
     if (!data || typeof data !== 'object') {
       log('/api/yt/source vidfly non-object response:', short(data, 1000));
       return res.status(502).json({ error: 'Invalid VidFly response', snippet: short(data, 1000) });
     }
     if (Number(data.code) !== 0 || !data.data || !Array.isArray(data.data.items)) {
+      // include vidfly response to aid debugging
       log('/api/yt/source vidfly returned error shape:', short(data, 1000));
       return res.status(502).json({ error: 'Invalid VidFly API response', detail: data });
     }
+
     const items = data.data.items;
-    const progressive = items
-      .filter(f => f.type === 'video_with_audio')
+    // prefer progressive (video with audio), otherwise highest-res video-only, otherwise any
+    const progressive = items.filter(f => f.type === 'video_with_audio')
       .sort((a, b) => (Number(b.height || 0) - Number(a.height || 0)))[0];
-    const videoOnly = items
-      .filter(f => f.type === 'video')
+    const videoOnly = items.filter(f => f.type === 'video')
       .sort((a, b) => (Number(b.height || 0) - Number(a.height || 0)))[0];
     const anyItem = items.find(f => f.url);
     const chosen = progressive || videoOnly || anyItem;
+
     if (!chosen || !chosen.url) {
       log('/api/yt/source no playable item found:', short(items, 1200));
-      return res.status(502).json({ error: 'No playable format found in VidFly API response' });
+      return res.status(502).json({ error: 'No playable format found in VidFly API response', detail: data });
     }
+
     res.json({
       url: chosen.url,
       title: data.data.title || raw,
@@ -229,18 +272,16 @@ app.get('/api/yt/source', async (req, res) => {
 });
 
 /*
-  Robust /api/yt/proxy implementation
-  - Proxies only allowed hosts (default: googlevideo.com)
-  - Forwards Range header
-  - Sets a user-agent and referer to reduce upstream blocking
-  - Peeks first chunk and rejects HTML/text responses (common when link expired)
-  - Forwards content-type, content-length, content-range, accept-ranges, cache-control, etag, last-modified
+  /api/yt/proxy
+  - Proxies direct signed googlevideo URLs (redirector.googlevideo.com / googlevideo.com).
+  - Forwards Range header to support seeking.
+  - Forwards upstream headers (content-type, content-length, content-range, accept-ranges).
+  - Responds with CORS header.
 */
 function isAllowedProxyHost(urlStr) {
   try {
     const u = new URL(urlStr);
     const host = u.hostname.toLowerCase();
-    // allow googlevideo redirector hosts (expand as needed)
     return host.endsWith('googlevideo.com') || host.endsWith('redirector.googlevideo.com');
   } catch {
     return false;
@@ -256,18 +297,15 @@ app.get('/api/yt/proxy', async (req, res) => {
       return res.status(400).json({ error: 'Proxy to this host is not allowed by server policy' });
     }
 
-    // Forward client's Range if present
     const rangeHeader = req.headers.range || null;
     const requestHeaders = {
-      // make upstream think this is a real browser request
       'User-Agent': req.headers['user-agent'] || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
-      'Accept': 'video/*,*/*;q=0.9',
+      'Accept': '*/*',
       'Referer': 'https://www.youtube.com/',
-      // pass Range if client requested it (seek)
       ...(rangeHeader ? { Range: rangeHeader } : {})
     };
 
-    log('/api/yt/proxy fetching remote', short(raw, 200), 'Range:', rangeHeader ? rangeHeader.slice(0,120) : 'none');
+    log('/api/yt/proxy fetching', short(raw, 200), 'Range:', rangeHeader ? rangeHeader.slice(0,120) : 'none');
 
     const resp = await axios.get(raw, {
       responseType: 'stream',
@@ -277,119 +315,78 @@ app.get('/api/yt/proxy', async (req, res) => {
       validateStatus: () => true
     });
 
-    // If remote responded with an error status, try to capture a small snippet and return 502
     if (resp.status >= 400) {
+      // try to capture a short snippet for debugging
       let snippet = '';
       try {
-        // try to read a short snippet from the stream (if any)
-        const streamReader = resp.data;
+        const reader = resp.data;
         const chunk = await new Promise((resolve) => {
           let done = false;
           const onData = (c) => { if (!done) { done = true; cleanup(); resolve(c); } };
           const onEnd = () => { if (!done) { done = true; cleanup(); resolve(null); } };
           const onErr = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const cleanup = () => { streamReader.removeListener('data', onData); streamReader.removeListener('end', onEnd); streamReader.removeListener('error', onErr); };
-          streamReader.once('data', onData);
-          streamReader.once('end', onEnd);
-          streamReader.once('error', onErr);
+          const cleanup = () => { reader.removeListener('data', onData); reader.removeListener('end', onEnd); reader.removeListener('error', onErr); };
+          reader.once('data', onData);
+          reader.once('end', onEnd);
+          reader.once('error', onErr);
         });
         if (chunk) snippet = chunk.toString('utf8', 0, 800);
       } catch (xx) { /* ignore */ }
+
       log('/api/yt/proxy remote returned error status', resp.status, 'snippet:', short(snippet, 400));
       return res.status(502).json({ error: 'Remote returned error', status: resp.status, snippet: short(snippet, 800) });
     }
 
-    // If content-type looks like html/text/json, the signed URL probably expired or upstream blocked — reject.
+    // check content-type header for obvious non-media responses
     const ct = String(resp.headers['content-type'] || '').toLowerCase();
     if (ct.includes('text/html') || ct.includes('application/json') || ct.includes('text/plain')) {
-      // read a small snippet from stream to give debug info then abort
+      // read a small snippet then return 502
       let snippet = '';
       try {
-        const streamReader = resp.data;
+        const reader = resp.data;
         const chunk = await new Promise((resolve) => {
           let done = false;
           const onData = (c) => { if (!done) { done = true; cleanup(); resolve(c); } };
           const onEnd = () => { if (!done) { done = true; cleanup(); resolve(null); } };
           const onErr = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const cleanup = () => { streamReader.removeListener('data', onData); streamReader.removeListener('end', onEnd); streamReader.removeListener('error', onErr); };
-          streamReader.once('data', onData);
-          streamReader.once('end', onEnd);
-          streamReader.once('error', onErr);
+          const cleanup = () => { reader.removeListener('data', onData); reader.removeListener('end', onEnd); reader.removeListener('error', onErr); };
+          reader.once('data', onData);
+          reader.once('end', onEnd);
+          reader.once('error', onErr);
         });
         if (chunk) snippet = chunk.toString('utf8', 0, 1600);
       } catch (xx) {}
-      log('/api/yt/proxy remote returned text/html or json; rejecting. ct=', ct, 'snippet=', short(snippet, 800));
-      return res.status(502).json({ error: 'Remote returned unexpected content-type', contentType: ct, snippet: short(snippet, 800) });
-    }
 
-    // Now we will peek first data chunk to ensure we didn't get HTML disguised as video,
-    // then pass the full stream to client via PassThrough.
-    const remoteStream = resp.data; // Readable
-    const pass = new PassThrough();
-
-    let firstChunkChecked = false;
-    let firstChunkBuffer = null;
-    const onRemoteData = (chunk) => {
-      if (!firstChunkChecked) {
-        firstChunkChecked = true;
-        firstChunkBuffer = chunk;
-        const s = chunk.toString('utf8', 0, Math.min(chunk.length, 1024)).trim();
-        // if snippet looks like HTML or JSON, abort (remote probably returned an error page)
-        if (s.startsWith('<!doctype') || s.startsWith('<html') || s.startsWith('{') || s.includes('<html') || s.includes('Sign in to')) {
-          // drain remote and return 502
-          try { remoteStream.pause(); } catch {}
-          const snippet = s.slice(0, 1600);
-          log('/api/yt/proxy detected HTML/JSON in first chunk; aborting. snippet:', short(snippet, 800));
-          // cleanup listeners
-          remoteStream.removeListener('data', onRemoteData);
-          remoteStream.removeAllListeners();
-          pass.end(); // end passthrough
-          // respond with 502 and snippet
-          return res.status(502).json({ error: 'Remote returned non-media content (HTML/JSON)', snippet: short(snippet, 1000) });
-        } else {
-          // write the first chunk into pass and then pipe remainder
-          pass.write(chunk);
-          // allow rest of remote stream to be piped into pass
-          remoteStream.pipe(pass, { end: true });
-          // remove this listener (since we piped)
-          remoteStream.removeListener('data', onRemoteData);
-        }
-      }
-    };
-
-    // attach the onRemoteData listener
-    remoteStream.on('data', onRemoteData);
+      log('/api/yt/proxy remote returned non-media content-type', ct, short(snippet, 400));
+      return res.status(502).json({ error: 'Remote returned non-media content-type', contentType: ct, snippet: short(snippet, 800) });
+    }
 
-    // Forward key headers from remote to client
+    // forward useful headers
     const forwardable = ['content-type','content-length','content-range','accept-ranges','cache-control','last-modified','etag'];
     forwardable.forEach(h => {
       const v = resp.headers[h];
       if (v !== undefined) res.setHeader(h, v);
     });
 
-    // Set explicit CORS
+    // CORS for browsers (already app.use(cors()) but explicitly set for stream)
     res.setHeader('Access-Control-Allow-Origin', '*');
     res.setHeader('Access-Control-Allow-Headers', 'Range,Accept,Content-Type');
-    // set status (206 if partial content)
-    res.status(resp.status);
 
-    // If remote hasn't emitted any data yet (rare), pipe anyway (the onRemoteData handles first chunk)
-    // finally pipe the pass-through to the client response
-    pass.pipe(res);
+    // status (206 or 200)
+    res.status(resp.status);
 
-    // handle remote stream errors
-    remoteStream.on('error', (err) => {
-      log('/api/yt/proxy remote stream error:', err?.message || String(err));
+    // pipe upstream stream directly to client (no peeking)
+    const upstream = resp.data;
+    upstream.on('error', (err) => {
+      log('/api/yt/proxy upstream stream error:', err?.message || String(err));
       try {
-        if (!res.headersSent) res.status(502).json({ error: 'Remote stream error', detail: err?.message || String(err) });
+        if (!res.headersSent) res.status(502).json({ error: 'Upstream stream error', detail: err?.message || String(err) });
         else res.destroy(err);
       } catch {}
     });
-
-    // handle pass errors
-    pass.on('error', (err) => {
-      log('/api/yt/proxy pass error:', err?.message || String(err));
-      try { if (!res.headersSent) res.status(502).json({ error: 'PassThrough error', detail: err?.message || String(err) }); } catch {}
+    upstream.pipe(res).on('error', (err) => {
+      log('/api/yt/proxy pipe error:', err?.message || String(err));
+      try { if (!res.headersSent) res.status(502).json({ error: 'Pipe error', detail: err?.message || String(err) }); } catch {}
     });
 
   } catch (e) {
@@ -399,10 +396,7 @@ app.get('/api/yt/proxy', async (req, res) => {
   }
 });
 
-// ---------- Lobby / static / Socket.IO ----------
-// (The rest of your server remains the same — socket handlers, static client, etc.)
-// For completeness, include the socket setup and handlers (copied from your previous file).
-
+// ---------- Lobby ----------
 app.get('/api/rooms', (_req, res) => {
   const data = [...rooms.values()]
     .filter(r => r.users.size > 0)
@@ -416,34 +410,41 @@ app.get('/api/rooms', (_req, res) => {
 });
 app.get('/api/ping', (_req, res) => res.json({ ok: true }));
 
+// ---------- Static client ----------
 const clientDir = path.resolve(__dirname, '../client/dist');
 app.use(express.static(clientDir));
 app.get('*', (_req, res) => res.sendFile(path.join(clientDir, 'index.html')));
 
+// ---------- Socket.IO ----------
 const server = http.createServer(app);
 const io = new SocketIOServer(server, {
   cors: { origin: '*', methods: ['GET', 'POST'] }
 });
 
-// Socket handlers (unchanged logic) — simplified copy from your previous code:
 io.on('connection', (socket) => {
   let joinedRoom = null;
 
   socket.on('join_room', ({ roomId, name, asHost = false, roomName = null }, ack) => {
     const room = ensureRoom(roomId);
+
     if (asHost || !room.hostId) room.hostId = socket.id;
     if (!room.name && roomName) room.name = String(roomName).trim().slice(0, 60) || null;
+
     const role = socket.id === room.hostId ? 'host' : 'member';
     const cleanName = String(name || 'Guest').slice(0, 40);
     room.users.set(socket.id, { name: cleanName, role });
+
     socket.join(roomId);
     joinedRoom = roomId;
+
     ack?.({
       roomId,
       isHost: socket.id === room.hostId,
       state: currentState(room),
       roomName: room.name || room.id
     });
+
+    // Single clean system message to everyone
     io.to(roomId).emit('system', { text: `System: ${cleanName} has joined the chat` });
     broadcastMembers(roomId);
   });
@@ -469,6 +470,7 @@ io.on('connection', (socket) => {
     socket.to(roomId).emit('chat_message', { name, text, at: Date.now() });
   });
 
+  // /play request (user requests a song; host/cohost get notified)
   socket.on('song_request', ({ roomId, requester, query }) => {
     const room = rooms.get(roomId);
     if (!room) return;
@@ -479,6 +481,7 @@ io.on('connection', (socket) => {
     io.to(roomId).emit('system', { text: `System: ${requester} requested /play ${query}` });
   });
 
+  // Host handles request action
   socket.on('song_request_action', ({ roomId, action, track }) => {
     const room = rooms.get(roomId);
     if (!room) return;
@@ -507,6 +510,7 @@ io.on('connection', (socket) => {
     }
   });
 
+  // Host/cohost controls
   socket.on('set_track', ({ roomId, track }) => {
     const room = rooms.get(roomId);
     if (!room || !requireHostOrCohost(room, socket.id)) return;
@@ -546,6 +550,7 @@ io.on('connection', (socket) => {
     io.to(roomId).emit('seek', { anchor: room.anchor, anchorAt: room.anchorAt, isPlaying: room.isPlaying });
   });
 
+  // Ended -> auto next
   socket.on('ended', ({ roomId }) => {
     const room = rooms.get(roomId);
     if (!room || !requireHostOrCohost(room, socket.id)) return;
@@ -565,16 +570,19 @@ io.on('connection', (socket) => {
     }
   });
 
+  // Admin commands: kick/promote/mute
   socket.on('admin_command', ({ roomId, cmd, targetName }) => {
     const room = rooms.get(roomId);
     if (!room) return;
     const actor = room.users.get(socket.id);
     if (!actor || !(socket.id === room.hostId || actor.role === 'cohost')) return;
+
     const found = findUserByName(room, targetName);
     if (!found) {
       io.to(socket.id).emit('system', { text: `System: User @${targetName} not found` });
       return;
     }
+
     if (cmd === 'kick') {
       const { id } = found;
       io.to(id).emit('system', { text: 'System: You were kicked by the host' });
@@ -593,6 +601,7 @@ io.on('connection', (socket) => {
     }
   });
 
+  // Sync request: client asks for current room state
   socket.on('sync_request', ({ roomId }, ack) => {
     const room = rooms.get(roomId);
     if (!room) return;
@@ -623,6 +632,7 @@ io.on('connection', (socket) => {
   });
 });
 
+// start server
 const PORT = process.env.PORT || 3000;
 server.listen(PORT, () => {
   log(`Server running on port ${PORT}`);