Update app.js

app.js

@@ -43,7 +43,7 @@ const verifyFirebaseUser = async (req, res, next) => {
     const debugMode = process.env.DEBUG_NO_AUTH === 'true'; 
 
     if (debugMode) {
-        req.user = { uid: "user_dev_01" };
+        req.user = { uid: "debug_user_001" };
         return next();
     }
 
@@ -121,7 +121,6 @@ app.post('/redeem', async (req, res) => {
     const data = tempKeys.get(key);
     const sessionSecret = uuidv4(); 
     
-    // Set expiresIn to '3d' (3 days)
     const token = jwt.sign(
         { uid: data.uid, projectId: data.projectId }, 
         sessionSecret, 
@@ -141,7 +140,6 @@ app.post('/redeem', async (req, res) => {
     res.json({ token });
 });
 
-// --- NEW ENDPOINT: Simple Verification Check ---
 app.post('/verify', async (req, res) => {
     const { token } = req.body;
     if (!token) return res.status(400).json({ valid: false, error: 'Token required' });
@@ -159,7 +157,6 @@ app.post('/verify', async (req, res) => {
 
     try {
         jwt.verify(token, secret);
-        // Explicitly check 3 day max age
         const threeDaysInSeconds = 3 * 24 * 60 * 60;
         const nowInSeconds = Math.floor(Date.now() / 1000);
         if (decoded.iat && (nowInSeconds - decoded.iat > threeDaysInSeconds)) {
@@ -172,8 +169,49 @@ app.post('/verify', async (req, res) => {
     }
 });
 
+// --- NEW ENDPOINT: Feedback Forwarder ---
+app.post('/feedback', async (req, res) => {
+    const { token, prompt, logs } = req.body;
+
+    if (!token || !prompt) return res.status(400).json({ error: 'Token and prompt required' });
+
+    // 1. Verify User Session
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.uid || !decoded.projectId) {
+        return res.status(401).json({ error: 'Malformed token' });
+    }
+
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
+    if (!secret) return res.status(404).json({ error: 'Session revoked' });
+
+    try {
+        jwt.verify(token, secret); // Validate signature
+
+        const externalBase = process.env.EXTERNAL_SERVER_URL || 'https://httpbin.org/post';
+        // Strip the query parameters or path from base if necessary, or just append
+        // Assuming EXTERNAL_SERVER_URL is the root (e.g. https://my-ai-api.com)
+        // We append /project/feedback
+        const targetUrl = externalBase.replace(/\/$/, '') + '/project/feedback';
+
+        console.log(`📨 Forwarding feedback for ${decoded.projectId} to ${targetUrl}`);
+
+        const response = await axios.post(targetUrl, {
+            user: decoded.uid,
+            projectId: decoded.projectId,
+            prompt: prompt,
+            logs: logs || ""
+        });
+
+        return res.json({ success: true, externalResponse: response.data });
+
+    } catch (err) {
+        console.error("Feedback Error:", err.message);
+        return res.status(502).json({ error: 'Failed to forward feedback to AI server' });
+    }
+});
+
 app.post('/poll', async (req, res) => {
-    const { token, payload: clientPayload } = req.body;
+    const { token } = req.body;
 
     if (!token) return res.status(400).json({ error: 'Token required' });
 
@@ -195,7 +233,6 @@ app.post('/poll', async (req, res) => {
         const nowInSeconds = Math.floor(Date.now() / 1000);
 
         if (verifiedData.iat && (nowInSeconds - verifiedData.iat > threeDaysInSeconds)) {
-             console.log("⚠️ Token is valid signature, but too old.");
              return res.status(403).json({ error: 'Token expired (older than 3 days)' });
         }
         
@@ -203,8 +240,8 @@ app.post('/poll', async (req, res) => {
         
         try {
             const response = await axios.post(externalUrl, {
-                projectId: verifiedData.projectId,
-                // data: clientPayload 
+                projectId: verifiedData.projectId
+                // Just polling for tasks, no user prompt here anymore
             });
           
             return res.json({ status: 'success', externalResponse: response.data });
@@ -221,7 +258,7 @@ app.post('/poll', async (req, res) => {
 });
 
 app.get('/cleanup', (req, res) => {
-    const THRESHOLD = 1000 * 60 * 60; // 1 Hour
+    const THRESHOLD = 1000 * 60 * 60; 
     const now = Date.now();
     let cleanedCount = 0;
 
@@ -231,7 +268,6 @@ app.get('/cleanup', (req, res) => {
             cleanedCount++;
         }
     }
-
     for (const [key, value] of tempKeys.entries()) {
         if (now - value.createdAt > (1000 * 60 * 4)) {
             tempKeys.delete(key);
@@ -245,7 +281,6 @@ app.post('/nullify', verifyFirebaseUser, async (req, res) => {
     if (!projectId) return res.status(400).json({ error: 'projectId required' });
 
     const cacheKey = `${req.user.uid}:${projectId}`;
-
     const existedInMemory = activeSessions.delete(cacheKey);
 
     let deletedTempKeys = 0;
@@ -264,10 +299,10 @@ app.post('/nullify', verifyFirebaseUser, async (req, res) => {
         }
     }
 
-    console.log(`☢️ NULLIFIED session for ${cacheKey}. Removed ${deletedTempKeys} pending keys.`);
+    console.log(`☢️ NULLIFIED session for ${cacheKey}.`);
     res.json({ 
         success: true, 
-        message: 'Session secrets and pending keys purged from memory and database.',
+        message: 'Session purged.',
         wasCached: existedInMemory,
         tempKeysRemoved: deletedTempKeys
     });