thrust_front_server

Running

App Files Files Community

everydaycats commited on Feb 23

Commit

bed4e30

verified ·

1 Parent(s): c13a5c0

Create app.js

Browse files

Files changed (1) hide show

app.js +434 -0

app.js ADDED Viewed

	@@ -0,0 +1,434 @@

+const express = require('express');
+const { createClient } = require('@supabase/supabase-js');
+const jwt = require('jsonwebtoken');
+const { v4: uuidv4 } = require('uuid');
+const axios = require('axios');
+const bodyParser = require('body-parser');
+const cors = require('cors');
+const app = express();
+app.use(cors());
+app.use(bodyParser.json({ limit: '50mb' }));
+// ---------------------------------------------------------
+// 1. STATE MANAGEMENT
+// ---------------------------------------------------------
+const tempKeys = new Map();
+const activeSessions = new Map();
+// ---------------------------------------------------------
+// 2. SUPABASE INITIALIZATION
+// ---------------------------------------------------------
+const {
+    SUPABASE_URL,
+    SUPABASE_SERVICE_ROLE_KEY,
+    EXTERNAL_SERVER_URL = 'http://localhost:7860',
+    STORAGE_BUCKET = 'project-assets', // Default bucket name
+    PORT = 7860
+} = process.env;
+let supabase = null;
+try {
+    if (SUPABASE_URL && SUPABASE_SERVICE_ROLE_KEY) {
+        // Use Service Role Key for Admin privileges (bypass RLS for management)
+        supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, {
+            auth: {
+                autoRefreshToken: false,
+                persistSession: false
+            }
+        });
+        console.log("⚡ Supabase Connected (Admin Context)");
+    } else {
+        console.warn("⚠️ Memory-Only mode (Supabase credentials missing).");
+    }
+} catch (e) {
+    console.error("Supabase Init Error:", e);
+}
+// ---------------------------------------------------------
+// 3. MIDDLEWARE
+// ---------------------------------------------------------
+const verifySupabaseUser = async (req, res, next) => {
+    const debugMode = process.env.DEBUG_NO_AUTH === 'true';
+    if (debugMode) {
+        req.user = { id: "user_dev_01" };
+        return next();
+    }
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return res.status(401).json({ error: 'Missing Bearer token' });
+    }
+    const idToken = authHeader.split('Bearer ')[1];
+    try {
+        if (supabase) {
+            const { data: { user }, error } = await supabase.auth.getUser(idToken);
+            if (error || !user) throw new Error("Invalid Token");
+            req.user = user;
+            next();
+        } else {
+            req.user = { id: "memory_user" };
+            next();
+        }
+    } catch (error) {
+        return res.status(403).json({ error: 'Unauthorized', details: error.message });
+    }
+};
+async function getSessionSecret(uid, projectId) {
+    const cacheKey = `${uid}:${projectId}`;
+    if (activeSessions.has(cacheKey)) {
+        const session = activeSessions.get(cacheKey);
+        session.lastAccessed = Date.now();
+        return session.secret;
+    }
+    if (supabase) {
+        try {
+            // Retrieve plugin_secret from projects table
+            const { data, error } = await supabase
+                .from('projects')
+                .select('plugin_secret')
+                .eq('id', projectId)
+                .eq('user_id', uid)
+                .single();
+            if (data && data.plugin_secret) {
+                const secret = data.plugin_secret;
+                activeSessions.set(cacheKey, { secret, lastAccessed: Date.now() });
+                console.log(`💧 Hydrated secret for ${cacheKey} from DB`);
+                return secret;
+            }
+        } catch (err) {
+            console.error("DB Read Error:", err);
+        }
+    }
+    return null;
+}
+// ---------------------------------------------------------
+// 4. ENDPOINTS
+// ---------------------------------------------------------
+app.post('/key', verifySupabaseUser, (req, res) => {
+    const { projectId } = req.body;
+    if (!projectId) return res.status(400).json({ error: 'projectId required' });
+    const key = `key_${uuidv4().replace(/-/g, '')}`;
+    tempKeys.set(key, {
+        uid: req.user.id, // Supabase UUID
+        projectId: projectId,
+        createdAt: Date.now()
+    });
+    console.log(`🔑 Generated Key for user ${req.user.id}: ${key}`);
+    res.json({ key, expiresIn: 300 });
+});
+app.post('/redeem', async (req, res) => {
+    const { key } = req.body;
+    if (!key || !tempKeys.has(key)) {
+        return res.status(404).json({ error: 'Invalid or expired key' });
+    }
+    const data = tempKeys.get(key);
+    const sessionSecret = uuidv4();
+    const token = jwt.sign(
+        { uid: data.uid, projectId: data.projectId },
+        sessionSecret,
+        { expiresIn: '3d' }
+    );
+    const cacheKey = `${data.uid}:${data.projectId}`;
+    activeSessions.set(cacheKey, { secret: sessionSecret, lastAccessed: Date.now() });
+    if (supabase) {
+        // Store secret in the projects table
+        await supabase
+            .from('projects')
+            .update({ plugin_secret: sessionSecret })
+            .eq('id', data.projectId)
+            .eq('user_id', data.uid);
+    }
+    tempKeys.delete(key);
+    console.log(`🚀 Redeemed JWT for ${cacheKey}`);
+    res.json({ token });
+});
+app.post('/verify', async (req, res) => {
+    const { token } = req.body;
+    if (!token) return res.status(400).json({ valid: false, error: 'Token required' });
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.uid || !decoded.projectId) {
+        return res.status(401).json({ valid: false, error: 'Malformed token' });
+    }
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
+    if (!secret) {
+        return res.status(401).json({ valid: false, error: 'Session revoked' });
+    }
+    try {
+        jwt.verify(token, secret);
+        const threeDaysInSeconds = 3 * 24 * 60 * 60;
+        const nowInSeconds = Math.floor(Date.now() / 1000);
+        if (decoded.iat && (nowInSeconds - decoded.iat > threeDaysInSeconds)) {
+             return res.status(403).json({ valid: false, error: 'Expired' });
+        }
+        return res.json({ valid: true });
+    } catch (err) {
+        return res.status(403).json({ valid: false, error: 'Invalid signature' });
+    }
+});
+// ---------------------------------------------------------
+// PROXY ENDPOINTS
+// ---------------------------------------------------------
+app.post('/feedback', async (req, res) => {
+    const { token, ...pluginPayload } = req.body;
+    if (!token) return res.status(400).json({ error: 'Token required' });
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.uid || !decoded.projectId) {
+        return res.status(401).json({ error: 'Malformed token' });
+    }
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
+    if (!secret) return res.status(404).json({ error: 'Session revoked' });
+    try {
+        jwt.verify(token, secret);
+        const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/feedback';
+        console.log(`📨 Forwarding PLUGIN feedback for ${decoded.projectId} (${decoded.uid})`);
+        const response = await axios.post(targetUrl, {
+            userId: decoded.uid,
+            projectId: decoded.projectId,
+            ...pluginPayload
+        });
+        return res.json({ success: true, externalResponse: response.data });
+    } catch (err) {
+        console.error("Feedback Forward Error:", err.message);
+        if (err.response) {
+            return res.status(err.response.status).json(err.response.data);
+        }
+        return res.status(502).json({ error: 'Failed to forward feedback to Main AI server' });
+    }
+});
+app.post('/feedback2', verifySupabaseUser, async (req, res) => {
+    const { projectId, prompt, images, ...otherPayload } = req.body;
+    const userId = req.user.id;
+    if (!projectId || !prompt) {
+        return res.status(400).json({ error: 'Missing projectId or prompt' });
+    }
+    const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/feedback';
+    try {
+        const response = await axios.post(targetUrl, {
+            userId: userId,
+            projectId: projectId,
+            prompt: prompt,
+            images: images || [],
+            ...otherPayload
+        });
+        return res.json({ success: true, externalResponse: response.data });
+    } catch (err) {
+        console.error("Forward Error:", err.message);
+        return res.status(502).json({ error: 'Failed to forward' });
+    }
+});
+app.post('/poll', async (req, res) => {
+    const { token } = req.body;
+    if (!token) return res.status(400).json({ error: 'Token required' });
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.uid || !decoded.projectId) {
+        return res.status(401).json({ error: 'Malformed token' });
+    }
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
+    if (!secret) return res.status(404).json({ error: 'Session revoked or not found' });
+    try {
+        const verifiedData = jwt.verify(token, secret);
+        const threeDaysInSeconds = 3 * 24 * 60 * 60;
+        const nowInSeconds = Math.floor(Date.now() / 1000);
+        if (verifiedData.iat && (nowInSeconds - verifiedData.iat > threeDaysInSeconds)) {
+             return res.status(403).json({ error: 'Token expired (older than 3 days)' });
+        }
+        const targetUrl = EXTERNAL_SERVER_URL.replace(/\/$/, '') + '/project/ping';
+        try {
+            const response = await axios.post(targetUrl, {
+              projectId: verifiedData.projectId,
+              userId: verifiedData.uid
+            });
+            return res.json(response.data);
+        } catch (extError) {
+            return res.status(502).json({ error: 'External server error' });
+        }
+    } catch (err) {
+        return res.status(403).json({ error: 'Invalid Token Signature' });
+    }
+});
+// ---------------------------------------------------------
+// MANAGEMENT ENDPOINTS
+// ---------------------------------------------------------
+app.post('/project/delete', verifySupabaseUser, async (req, res) => {
+    const { projectId } = req.body;
+    const userId = req.user.id;
+    if (!projectId) return res.status(400).json({ error: "Missing Project ID" });
+    console.log(`🗑️ Deleting Project: ${projectId} requested by ${userId}`);
+    try {
+        // 1. Verify Ownership
+        const { data: project, error: fetchError } = await supabase
+            .from('projects')
+            .select('user_id')
+            .eq('id', projectId)
+            .single();
+        if (fetchError || !project || project.user_id !== userId) {
+            return res.status(403).json({ error: "Unauthorized" });
+        }
+        // 2. Explicitly Delete Message Chunks
+        // Safe to run even if ON DELETE CASCADE exists
+        const { error: chunkError } = await supabase
+            .from('message_chunks')
+            .delete()
+            .eq('project_id', projectId);
+        if (chunkError) {
+            console.warn(`Warning: Failed to delete message chunks: ${chunkError.message}`);
+            // We continue, hoping foreign key cascade picks it up, or it might be partial delete
+        }
+        // 3. Delete Project
+        const { error: dbError } = await supabase
+            .from('projects')
+            .delete()
+            .eq('id', projectId);
+        if (dbError) throw dbError;
+        // 4. Delete from Supabase Storage
+        // Supabase storage doesn't have a "delete folder" command, so we list -> delete files
+        if (STORAGE_BUCKET) {
+            const { data: files } = await supabase.storage.from(STORAGE_BUCKET).list(projectId);
+            if (files && files.length > 0) {
+                const filesToRemove = files.map(f => `${projectId}/${f.name}`);
+                await supabase.storage.from(STORAGE_BUCKET).remove(filesToRemove);
+            }
+        }
+        // 5. Clear from Memory
+        activeSessions.delete(`${userId}:${projectId}`);
+        for (const [key, val] of tempKeys.entries()) {
+            if (val.projectId === projectId) tempKeys.delete(key);
+        }
+        console.log(`✅ Project ${projectId} deleted successfully.`);
+        res.json({ success: true });
+    } catch (err) {
+        console.error("Delete Error:", err);
+        res.status(500).json({ error: "Failed to delete project resources" });
+    }
+});
+app.get('/cleanup', (req, res) => {
+    const THRESHOLD = 1000 * 60 * 60;
+    const now = Date.now();
+    let cleanedCount = 0;
+    for (const [key, value] of activeSessions.entries()) {
+        if (now - value.lastAccessed > THRESHOLD) {
+            activeSessions.delete(key);
+            cleanedCount++;
+        }
+    }
+    for (const [key, value] of tempKeys.entries()) {
+        if (now - value.createdAt > (1000 * 60 * 4)) {
+            tempKeys.delete(key);
+        }
+    }
+    res.json({ message: `Cleaned ${cleanedCount} cached sessions from memory.` });
+});
+app.post('/nullify', verifySupabaseUser, async (req, res) => {
+    const { projectId } = req.body;
+    if (!projectId) return res.status(400).json({ error: 'projectId required' });
+    const cacheKey = `${req.user.id}:${projectId}`;
+    const existedInMemory = activeSessions.delete(cacheKey);
+    let deletedTempKeys = 0;
+    for (const [tKey, tData] of tempKeys.entries()) {
+        if (tData.uid === req.user.id && tData.projectId === projectId) {
+            tempKeys.delete(tKey);
+            deletedTempKeys++;
+        }
+    }
+    if (supabase) {
+        try {
+            await supabase
+                .from('projects')
+                .update({ plugin_secret: null })
+                .eq('id', projectId)
+                .eq('user_id', req.user.id);
+        } catch (e) {
+            return res.status(500).json({ error: 'Database error during nullify' });
+        }
+    }
+    console.log(`☢️ NULLIFIED session for ${cacheKey}.`);
+    res.json({
+        success: true,
+        message: 'Session purged.',
+        wasCached: existedInMemory,
+        tempKeysRemoved: deletedTempKeys
+    });
+});
+app.get('/', (req, res) => {
+    res.send('Plugin Auth Proxy Running (Supabase Edition)');
+});
+app.listen(PORT, () => {
+    console.log(`🚀 Auth Proxy running on port ${PORT}`);
+});