Update app.js

app.js

@@ -157,6 +157,7 @@ app.post('/stream-feed', verifySupabaseUser, async (req, res) => {
     }
 });
 
+/*
 app.post('/poll', async (req, res) => {
     const { token } = req.body;
     if (!token) return res.status(400).json({ error: 'Token required' });
@@ -171,6 +172,33 @@ app.post('/poll', async (req, res) => {
         return res.json(response.data); 
     } catch (err) { return res.status(403).json({ error: 'Invalid Token' }); }
 });
+*/
+
+app.post('/poll', async (req, res) => {
+    const { token } = req.body;
+    if (!token) return res.status(400).json({ error: 'Token required' });
+    
+    const decoded = jwt.decode(token);
+    if (!decoded) return res.status(401).json({ error: 'Malformed token' });
+    
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
+    if (!secret) return res.status(404).json({ error: 'Session revoked' });
+    
+    try {
+        jwt.verify(token, secret);
+        const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/ping'; 
+        
+        // FIX: We do NOT send isFrontend: true. 
+        // We act as the Plugin (Executor), but the Main Server will still give us the snapshot now.
+        const response = await axios.post(targetUrl, { 
+            projectId: decoded.projectId, 
+            userId: decoded.uid 
+        });
+        
+        return res.json(response.data); 
+    } catch (err) { return res.status(403).json({ error: 'Invalid Token' }); }
+});
+
 
 app.post('/project/delete', verifySupabaseUser, async (req, res) => {
     const { projectId } = req.body;