Spaces:
Running
Running
Update app.js
Browse files
app.js
CHANGED
|
@@ -10,20 +10,14 @@ const app = express();
|
|
| 10 |
app.use(cors());
|
| 11 |
app.use(bodyParser.json({ limit: '50mb' }));
|
| 12 |
|
| 13 |
-
// ---------------------------------------------------------
|
| 14 |
-
// 1. STATE MANAGEMENT
|
| 15 |
-
// ---------------------------------------------------------
|
| 16 |
const tempKeys = new Map();
|
| 17 |
const activeSessions = new Map();
|
| 18 |
|
| 19 |
-
// ---------------------------------------------------------
|
| 20 |
-
// 2. SUPABASE INITIALIZATION
|
| 21 |
-
// ---------------------------------------------------------
|
| 22 |
const {
|
| 23 |
SUPABASE_URL,
|
| 24 |
SUPABASE_SERVICE_ROLE_KEY,
|
| 25 |
EXTERNAL_SERVER_URL = 'http://localhost:7860',
|
| 26 |
-
STORAGE_BUCKET = 'project-assets',
|
| 27 |
PORT = 7860
|
| 28 |
} = process.env;
|
| 29 |
|
|
@@ -31,7 +25,6 @@ let supabase = null;
|
|
| 31 |
|
| 32 |
try {
|
| 33 |
if (SUPABASE_URL && SUPABASE_SERVICE_ROLE_KEY) {
|
| 34 |
-
// Use Service Role Key for Admin privileges (bypass RLS for management)
|
| 35 |
supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, {
|
| 36 |
auth: {
|
| 37 |
autoRefreshToken: false,
|
|
@@ -46,9 +39,6 @@ try {
|
|
| 46 |
console.error("Supabase Init Error:", e);
|
| 47 |
}
|
| 48 |
|
| 49 |
-
// ---------------------------------------------------------
|
| 50 |
-
// 3. MIDDLEWARE
|
| 51 |
-
// ---------------------------------------------------------
|
| 52 |
const verifySupabaseUser = async (req, res, next) => {
|
| 53 |
const debugMode = process.env.DEBUG_NO_AUTH === 'true';
|
| 54 |
|
|
@@ -89,7 +79,6 @@ async function getSessionSecret(uid, projectId) {
|
|
| 89 |
|
| 90 |
if (supabase) {
|
| 91 |
try {
|
| 92 |
-
// Retrieve plugin_secret from projects table
|
| 93 |
const { data, error } = await supabase
|
| 94 |
.from('projects')
|
| 95 |
.select('plugin_secret')
|
|
@@ -110,10 +99,6 @@ async function getSessionSecret(uid, projectId) {
|
|
| 110 |
return null;
|
| 111 |
}
|
| 112 |
|
| 113 |
-
// ---------------------------------------------------------
|
| 114 |
-
// 4. ENDPOINTS
|
| 115 |
-
// ---------------------------------------------------------
|
| 116 |
-
|
| 117 |
app.post('/key', verifySupabaseUser, (req, res) => {
|
| 118 |
const { projectId } = req.body;
|
| 119 |
if (!projectId) return res.status(400).json({ error: 'projectId required' });
|
|
@@ -121,7 +106,7 @@ app.post('/key', verifySupabaseUser, (req, res) => {
|
|
| 121 |
const key = `key_${uuidv4().replace(/-/g, '')}`;
|
| 122 |
|
| 123 |
tempKeys.set(key, {
|
| 124 |
-
uid: req.user.id,
|
| 125 |
projectId: projectId,
|
| 126 |
createdAt: Date.now()
|
| 127 |
});
|
|
@@ -151,7 +136,6 @@ app.post('/redeem', async (req, res) => {
|
|
| 151 |
activeSessions.set(cacheKey, { secret: sessionSecret, lastAccessed: Date.now() });
|
| 152 |
|
| 153 |
if (supabase) {
|
| 154 |
-
// Store secret in the projects table
|
| 155 |
await supabase
|
| 156 |
.from('projects')
|
| 157 |
.update({ plugin_secret: sessionSecret })
|
|
@@ -193,10 +177,6 @@ app.post('/verify', async (req, res) => {
|
|
| 193 |
}
|
| 194 |
});
|
| 195 |
|
| 196 |
-
// ---------------------------------------------------------
|
| 197 |
-
// PROXY ENDPOINTS
|
| 198 |
-
// ---------------------------------------------------------
|
| 199 |
-
|
| 200 |
app.post('/feedback', async (req, res) => {
|
| 201 |
const { token, ...pluginPayload } = req.body;
|
| 202 |
|
|
@@ -234,7 +214,6 @@ app.post('/feedback', async (req, res) => {
|
|
| 234 |
}
|
| 235 |
});
|
| 236 |
|
| 237 |
-
// --- RETAINED FEEDBACK2 ENDPOINT ---
|
| 238 |
app.post('/feedback2', verifySupabaseUser, async (req, res) => {
|
| 239 |
const { projectId, prompt, images, ...otherPayload } = req.body;
|
| 240 |
const userId = req.user.id;
|
|
@@ -261,6 +240,44 @@ app.post('/feedback2', verifySupabaseUser, async (req, res) => {
|
|
| 261 |
}
|
| 262 |
});
|
| 263 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 264 |
app.post('/poll', async (req, res) => {
|
| 265 |
const { token } = req.body;
|
| 266 |
|
|
@@ -286,7 +303,6 @@ app.post('/poll', async (req, res) => {
|
|
| 286 |
const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/ping';
|
| 287 |
|
| 288 |
try {
|
| 289 |
-
// Forward ping to get commands AND stream
|
| 290 |
const response = await axios.post(targetUrl, {
|
| 291 |
projectId: verifiedData.projectId,
|
| 292 |
userId: verifiedData.uid
|
|
@@ -302,10 +318,6 @@ app.post('/poll', async (req, res) => {
|
|
| 302 |
}
|
| 303 |
});
|
| 304 |
|
| 305 |
-
// ---------------------------------------------------------
|
| 306 |
-
// MANAGEMENT ENDPOINTS
|
| 307 |
-
// ---------------------------------------------------------
|
| 308 |
-
|
| 309 |
app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
| 310 |
const { projectId } = req.body;
|
| 311 |
const userId = req.user.id;
|
|
@@ -315,7 +327,6 @@ app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
|
| 315 |
console.log(`🗑️ Deleting Project: ${projectId} requested by ${userId}`);
|
| 316 |
|
| 317 |
try {
|
| 318 |
-
// 1. Verify Ownership
|
| 319 |
const { data: project, error: fetchError } = await supabase
|
| 320 |
.from('projects')
|
| 321 |
.select('user_id')
|
|
@@ -326,7 +337,6 @@ app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
|
| 326 |
return res.status(403).json({ error: "Unauthorized" });
|
| 327 |
}
|
| 328 |
|
| 329 |
-
// 2. Explicitly Delete Message Chunks
|
| 330 |
const { error: chunkError } = await supabase
|
| 331 |
.from('message_chunks')
|
| 332 |
.delete()
|
|
@@ -336,7 +346,6 @@ app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
|
| 336 |
console.warn(`Warning: Failed to delete message chunks: ${chunkError.message}`);
|
| 337 |
}
|
| 338 |
|
| 339 |
-
// 3. Delete Project
|
| 340 |
const { error: dbError } = await supabase
|
| 341 |
.from('projects')
|
| 342 |
.delete()
|
|
@@ -344,7 +353,6 @@ app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
|
| 344 |
|
| 345 |
if (dbError) throw dbError;
|
| 346 |
|
| 347 |
-
// 4. Delete from Supabase Storage
|
| 348 |
if (STORAGE_BUCKET) {
|
| 349 |
const { data: files } = await supabase.storage.from(STORAGE_BUCKET).list(projectId);
|
| 350 |
|
|
@@ -354,7 +362,6 @@ app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
|
| 354 |
}
|
| 355 |
}
|
| 356 |
|
| 357 |
-
// 5. Clear from Memory
|
| 358 |
activeSessions.delete(`${userId}:${projectId}`);
|
| 359 |
for (const [key, val] of tempKeys.entries()) {
|
| 360 |
if (val.projectId === projectId) tempKeys.delete(key);
|
|
|
|
| 10 |
app.use(cors());
|
| 11 |
app.use(bodyParser.json({ limit: '50mb' }));
|
| 12 |
|
|
|
|
|
|
|
|
|
|
| 13 |
const tempKeys = new Map();
|
| 14 |
const activeSessions = new Map();
|
| 15 |
|
|
|
|
|
|
|
|
|
|
| 16 |
const {
|
| 17 |
SUPABASE_URL,
|
| 18 |
SUPABASE_SERVICE_ROLE_KEY,
|
| 19 |
EXTERNAL_SERVER_URL = 'http://localhost:7860',
|
| 20 |
+
STORAGE_BUCKET = 'project-assets',
|
| 21 |
PORT = 7860
|
| 22 |
} = process.env;
|
| 23 |
|
|
|
|
| 25 |
|
| 26 |
try {
|
| 27 |
if (SUPABASE_URL && SUPABASE_SERVICE_ROLE_KEY) {
|
|
|
|
| 28 |
supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, {
|
| 29 |
auth: {
|
| 30 |
autoRefreshToken: false,
|
|
|
|
| 39 |
console.error("Supabase Init Error:", e);
|
| 40 |
}
|
| 41 |
|
|
|
|
|
|
|
|
|
|
| 42 |
const verifySupabaseUser = async (req, res, next) => {
|
| 43 |
const debugMode = process.env.DEBUG_NO_AUTH === 'true';
|
| 44 |
|
|
|
|
| 79 |
|
| 80 |
if (supabase) {
|
| 81 |
try {
|
|
|
|
| 82 |
const { data, error } = await supabase
|
| 83 |
.from('projects')
|
| 84 |
.select('plugin_secret')
|
|
|
|
| 99 |
return null;
|
| 100 |
}
|
| 101 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 102 |
app.post('/key', verifySupabaseUser, (req, res) => {
|
| 103 |
const { projectId } = req.body;
|
| 104 |
if (!projectId) return res.status(400).json({ error: 'projectId required' });
|
|
|
|
| 106 |
const key = `key_${uuidv4().replace(/-/g, '')}`;
|
| 107 |
|
| 108 |
tempKeys.set(key, {
|
| 109 |
+
uid: req.user.id,
|
| 110 |
projectId: projectId,
|
| 111 |
createdAt: Date.now()
|
| 112 |
});
|
|
|
|
| 136 |
activeSessions.set(cacheKey, { secret: sessionSecret, lastAccessed: Date.now() });
|
| 137 |
|
| 138 |
if (supabase) {
|
|
|
|
| 139 |
await supabase
|
| 140 |
.from('projects')
|
| 141 |
.update({ plugin_secret: sessionSecret })
|
|
|
|
| 177 |
}
|
| 178 |
});
|
| 179 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
app.post('/feedback', async (req, res) => {
|
| 181 |
const { token, ...pluginPayload } = req.body;
|
| 182 |
|
|
|
|
| 214 |
}
|
| 215 |
});
|
| 216 |
|
|
|
|
| 217 |
app.post('/feedback2', verifySupabaseUser, async (req, res) => {
|
| 218 |
const { projectId, prompt, images, ...otherPayload } = req.body;
|
| 219 |
const userId = req.user.id;
|
|
|
|
| 240 |
}
|
| 241 |
});
|
| 242 |
|
| 243 |
+
app.post('/stream-feed', verifySupabaseUser, async (req, res) => {
|
| 244 |
+
const { projectId } = req.body;
|
| 245 |
+
const userId = req.user.id;
|
| 246 |
+
|
| 247 |
+
if (!projectId) {
|
| 248 |
+
return res.status(400).json({ error: 'Missing projectId' });
|
| 249 |
+
}
|
| 250 |
+
|
| 251 |
+
if (supabase) {
|
| 252 |
+
const { data, error } = await supabase
|
| 253 |
+
.from('projects')
|
| 254 |
+
.select('id, user_id, info')
|
| 255 |
+
.eq('id', projectId)
|
| 256 |
+
.single();
|
| 257 |
+
|
| 258 |
+
if (error || !data || data.user_id !== userId) {
|
| 259 |
+
return res.status(403).json({ error: 'Unauthorized' });
|
| 260 |
+
}
|
| 261 |
+
|
| 262 |
+
const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/ping';
|
| 263 |
+
|
| 264 |
+
try {
|
| 265 |
+
const response = await axios.post(targetUrl, {
|
| 266 |
+
projectId: projectId,
|
| 267 |
+
userId: userId,
|
| 268 |
+
isFrontend: true
|
| 269 |
+
});
|
| 270 |
+
|
| 271 |
+
return res.json({
|
| 272 |
+
...response.data,
|
| 273 |
+
dbStatus: data.info?.status || 'idle'
|
| 274 |
+
});
|
| 275 |
+
} catch (e) {
|
| 276 |
+
return res.status(502).json({ error: "AI Server Unreachable" });
|
| 277 |
+
}
|
| 278 |
+
}
|
| 279 |
+
});
|
| 280 |
+
|
| 281 |
app.post('/poll', async (req, res) => {
|
| 282 |
const { token } = req.body;
|
| 283 |
|
|
|
|
| 303 |
const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/ping';
|
| 304 |
|
| 305 |
try {
|
|
|
|
| 306 |
const response = await axios.post(targetUrl, {
|
| 307 |
projectId: verifiedData.projectId,
|
| 308 |
userId: verifiedData.uid
|
|
|
|
| 318 |
}
|
| 319 |
});
|
| 320 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 321 |
app.post('/project/delete', verifySupabaseUser, async (req, res) => {
|
| 322 |
const { projectId } = req.body;
|
| 323 |
const userId = req.user.id;
|
|
|
|
| 327 |
console.log(`🗑️ Deleting Project: ${projectId} requested by ${userId}`);
|
| 328 |
|
| 329 |
try {
|
|
|
|
| 330 |
const { data: project, error: fetchError } = await supabase
|
| 331 |
.from('projects')
|
| 332 |
.select('user_id')
|
|
|
|
| 337 |
return res.status(403).json({ error: "Unauthorized" });
|
| 338 |
}
|
| 339 |
|
|
|
|
| 340 |
const { error: chunkError } = await supabase
|
| 341 |
.from('message_chunks')
|
| 342 |
.delete()
|
|
|
|
| 346 |
console.warn(`Warning: Failed to delete message chunks: ${chunkError.message}`);
|
| 347 |
}
|
| 348 |
|
|
|
|
| 349 |
const { error: dbError } = await supabase
|
| 350 |
.from('projects')
|
| 351 |
.delete()
|
|
|
|
| 353 |
|
| 354 |
if (dbError) throw dbError;
|
| 355 |
|
|
|
|
| 356 |
if (STORAGE_BUCKET) {
|
| 357 |
const { data: files } = await supabase.storage.from(STORAGE_BUCKET).list(projectId);
|
| 358 |
|
|
|
|
| 362 |
}
|
| 363 |
}
|
| 364 |
|
|
|
|
| 365 |
activeSessions.delete(`${userId}:${projectId}`);
|
| 366 |
for (const [key, val] of tempKeys.entries()) {
|
| 367 |
if (val.projectId === projectId) tempKeys.delete(key);
|