Update app.js

app.js

@@ -5,8 +5,11 @@ const { v4: uuidv4 } = require('uuid');
 const axios = require('axios');
 const bodyParser = require('body-parser');
 
+// Add CORS if your dashboard is on a different port (optional but recommended for dashboard access)
+const cors = require('cors'); 
+
 const app = express();
-// Increased limit to support image/context uploads from Plugin
+app.use(cors()); // Allow Dashboard requests
 app.use(bodyParser.json({ limit: '50mb' })); 
 
 // ---------------------------------------------------------
@@ -175,42 +178,34 @@ app.post('/verify', async (req, res) => {
 // ---------------------------------------------------------
 
 /**
- * FEEDBACK FORWARDER
- * Forwards everything (Prompt, Context, Images, TaskComplete)
- * to the Main Core Server.
+ * FEEDBACK FORWARDER (PLUGIN)
+ * Authenticates via Plugin JWT.
  */
 app.post('/feedback', async (req, res) => {
-    // 1. Separate the Auth Token from the Data payload
     const { token, ...pluginPayload } = req.body;
 
     if (!token) return res.status(400).json({ error: 'Token required' });
 
-    // 2. Decode Token to Identify User/Project
     const decoded = jwt.decode(token);
     if (!decoded || !decoded.uid || !decoded.projectId) {
         return res.status(401).json({ error: 'Malformed token' });
     }
 
-    // 3. Verify Session exists
     const secret = await getSessionSecret(decoded.uid, decoded.projectId);
     if (!secret) return res.status(404).json({ error: 'Session revoked' });
 
     try {
-        jwt.verify(token, secret); // Validate Signature
+        jwt.verify(token, secret); 
 
-        // 4. Construct External URL
         const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
         const targetUrl = externalBase.replace(/\/$/, '') + '/project/feedback';
 
-        console.log(`📨 Forwarding feedback for ${decoded.projectId} (${decoded.uid})`);
+        console.log(`📨 Forwarding PLUGIN feedback for ${decoded.projectId} (${decoded.uid})`);
 
-        // 5. Forward Payload with User/Project Injection
-        // We pass ...pluginPayload which includes:
-        // prompt, hierarchyContext, scriptContext, logContext, taskComplete, images
         const response = await axios.post(targetUrl, {
-            userId: decoded.uid,       // Injected from Auth
-            projectId: decoded.projectId, // Injected from Auth
-            ...pluginPayload           // Pass-through everything else from Plugin
+            userId: decoded.uid,       
+            projectId: decoded.projectId, 
+            ...pluginPayload           
         });
 
         return res.json({ success: true, externalResponse: response.data });
@@ -224,9 +219,47 @@ app.post('/feedback', async (req, res) => {
     }
 });
 
+/**
+ * FEEDBACK FORWARDER (DASHBOARD)
+ * Authenticates via Firebase ID Token (Header).
+ * Endpoint: /feedback2
+ */
+app.post('/feedback2', verifyFirebaseUser, async (req, res) => {
+    const { projectId, prompt, ...otherPayload } = req.body;
+    const userId = req.user.uid; // Verified from Firebase Token
+
+    if (!projectId || !prompt) {
+        return res.status(400).json({ error: 'Missing projectId or prompt' });
+    }
+
+    const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
+    const targetUrl = externalBase.replace(/\/$/, '') + '/project/feedback';
+
+    console.log(`📨 Forwarding DASHBOARD feedback for ${projectId} (User: ${userId})`);
+
+    try {
+        // We inject the authenticated userId here so the Core server knows 
+        // it was verified by the Auth Proxy.
+        const response = await axios.post(targetUrl, {
+            userId: userId,
+            projectId: projectId,
+            prompt: prompt,
+            ...otherPayload // images, etc.
+        });
+
+        return res.json({ success: true, externalResponse: response.data });
+
+    } catch (err) {
+        console.error("Dashboard Feedback Forward Error:", err.message);
+        if (err.response) {
+            return res.status(err.response.status).json(err.response.data);
+        }
+        return res.status(502).json({ error: 'Failed to forward feedback to Main AI server' });
+    }
+});
+
 /**
  * POLLING FORWARDER
- * Maps Plugin '/poll' -> Main Server '/project/ping'
  */
 app.post('/poll', async (req, res) => {
     const { token } = req.body;
@@ -244,7 +277,6 @@ app.post('/poll', async (req, res) => {
     try {
         const verifiedData = jwt.verify(token, secret);
 
-        // Expiry check
         const threeDaysInSeconds = 3 * 24 * 60 * 60;
         const nowInSeconds = Math.floor(Date.now() / 1000);
         if (verifiedData.iat && (nowInSeconds - verifiedData.iat > threeDaysInSeconds)) {
@@ -252,18 +284,14 @@ app.post('/poll', async (req, res) => {
         }
         
         const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
-        // Note: Main Core Server uses /project/ping for task retrieval
         const targetUrl = externalBase.replace(/\/$/, '') + '/project/ping'; 
-        console.log(targetUrl);
       
         try {
             const response = await axios.post(targetUrl, {
-               // projectId: verifiedData.projectId
               projectId: verifiedData.projectId,
               userId: verifiedData.uid
             });
           
-            // Return raw response from Main Server (contains action: 'EXECUTE', code: '...')
             return res.json(response.data); 
         } catch (extError) {
             console.error("Poll Forward Error:", extError.message);
@@ -337,7 +365,7 @@ app.get('/', (req, res) => {
     res.send('Plugin Auth Proxy Running');
 });
 
-const PORT = process.env.PORT || 7860; // Changed default port to avoid conflict if running locally
+const PORT = process.env.PORT || 7860;
 app.listen(PORT, () => {
     console.log(`🚀 Auth Proxy running on http://localhost:${PORT}`);
 });