updated

.env.example

@@ -0,0 +1,21 @@
+# Supabase project URL from Project Settings -> Data API
+SUPABASE_URL=https://your-project-ref.supabase.co
+
+# Server-only Supabase secret key from Project Settings -> API Keys -> Secret keys
+# Never expose this key in frontend JavaScript or commit your real .env file.
+SUPABASE_SERVICE_ROLE_KEY=your-supabase-secret-key
+
+# Public Supabase Storage bucket used for chat file uploads
+SUPABASE_BUCKET=chat-files
+
+# How long messages and uploaded files should stay available
+ROOM_HISTORY_HOURS=5
+
+# How long room history is cached in app memory before refetching
+HISTORY_CACHE_SECONDS=30
+
+# How often the app checks for expired messages/files to delete
+CLEANUP_INTERVAL_SECONDS=600
+
+# Local/server port for the FastAPI app
+PORT=7860

.gitignore

@@ -0,0 +1,6 @@
+.env
+__pycache__/
+*.pyc
+uvicorn.out.log
+uvicorn.err.log
+server.log

README.md

@@ -1,6 +1,6 @@
 ---
 title: TriChat
-emoji: 💬
+emoji: chat
 colorFrom: indigo
 colorTo: pink
 sdk: docker
@@ -8,3 +8,328 @@ sdk_version: '1.0'
 app_file: Dockerfile
 pinned: false
 ---
+
+<div align="center">
+
+# TriChat
+
+### Temporary anonymous rooms for quick file sharing between devices.
+
+No account. No phone login. No personal messenger on office PCs.
+
+**Open a room. Share what you need. Everything clears after 5 hours.**
+
+[Live Demo](#) . [Quick Start](#quick-start) . [Why It Exists](#the-little-office-problem) . [Architecture](#how-it-works)
+
+</div>
+
+![TriChat hero banner](docs/images/trichat-hero-banner.png)
+
+```text
+        [ PC-1 ]  ---- room: project-drop ----  [ PC-2 ]
+            \                                      /
+             \---- files, links, notes, images ---/
+
+                 temporary by design: 5 hours
+```
+
+> Screenshot/GIF idea: add a short demo here showing two browser windows joining the same room and sharing a file.
+
+---
+
+## The Little Office Problem
+
+![The little office problem](docs/images/office-problem-scene.png)
+
+Scene: three friends at work. Three computers. One tiny task.
+
+> "Can you send me that file?"
+
+> "Sure. Wait... should I log into WhatsApp Web on your PC?"
+
+> "Maybe email?"
+
+> "No no, I don't want my personal account open here."
+
+And suddenly, sharing one small file becomes a weird little ritual:
+
+- open personal messenger
+- scan QR code
+- wait for sync
+- remember to log out
+- hope nothing private stays open
+
+So TriChat started as a tiny escape hatch.
+
+Not a social network.  
+Not a permanent chat app.  
+Just a quick temporary room where teammates can drop files, links, and notes without logging into personal accounts.
+
+---
+
+## The Idea
+
+![The idea moment](docs/images/glowing-room-idea.png)
+
+```text
+What if sharing between office PCs felt like passing a sticky note?
+
+1. Create a room
+2. Tell your friend the room name
+3. Drop files, links, or text
+4. Leave
+5. History disappears after 5 hours
+```
+
+That is TriChat.
+
+It is made for quick, low-friction sharing:
+
+| Need | TriChat Answer |
+| --- | --- |
+| Move a file from one PC to another | Join the same room and upload it |
+| Avoid logging into personal WhatsApp/email | No account needed |
+| Share quick links or notes | Send them as messages |
+| Avoid long-term clutter | Auto-clears after 5 hours |
+| Use any device | Works in a browser |
+
+---
+
+## Features
+
+- Anonymous rooms
+- No signup, no phone, no QR login
+- Text, links, images, and file sharing
+- Real-time WebSocket chat
+- Works across laptops, office PCs, lab machines, and phones
+- 5-hour message and file expiry
+- Small in-memory history cache for faster room loading
+- Supabase-backed storage and database
+- Docker-ready and self-hostable
+
+---
+
+## Story Mode Flow
+
+![TriChat sharing flow](docs/images/temp-room-flow.png)
+
+```mermaid
+flowchart LR
+    A[Open TriChat] --> B[Enter name + room]
+    B --> C[Friend joins same room]
+    C --> D[Share text, links, images, files]
+    D --> E[Work gets done]
+    E --> F[History clears after 5 hours]
+```
+
+If GitHub does not render Mermaid in your environment, replace this with an image from `docs/flow.png`.
+
+---
+
+## Quick Start
+
+```bash
+git clone https://github.com/parthmax2/TriChat.git
+cd TriChat
+pip install -r requirements.txt
+```
+
+Create your environment file:
+
+```bash
+cp .env.example .env
+```
+
+Fill in:
+
+```env
+SUPABASE_URL=https://your-project-ref.supabase.co
+SUPABASE_SERVICE_ROLE_KEY=your-supabase-secret-key
+SUPABASE_BUCKET=chat-files
+ROOM_HISTORY_HOURS=5
+HISTORY_CACHE_SECONDS=30
+CLEANUP_INTERVAL_SECONDS=600
+PORT=7860
+```
+
+Run it:
+
+```bash
+uvicorn app:app --reload --port 7860
+```
+
+Open:
+
+```text
+http://127.0.0.1:7860
+```
+
+---
+
+## Setup
+
+### 1. Create The Database
+
+In your Supabase SQL editor, run:
+
+```text
+supabase_schema.sql
+```
+
+This creates the `messages` table and adds:
+
+- `expires_at` for 5-hour cleanup
+- `file_path` so uploaded files can be deleted from storage
+- indexes for faster room history
+
+### 2. Create The File Bucket
+
+Create a public storage bucket named:
+
+```text
+chat-files
+```
+
+TriChat stores uploaded files there and deletes expired file objects during cleanup.
+
+### 3. Add Environment Variables
+
+Use `.env.example` as your guide.
+
+Never commit your real `.env` file.
+
+---
+
+## How It Works
+
+```text
+Browser
+  |
+  | WebSocket messages
+  v
+FastAPI app
+  |
+  | save messages / fetch room history
+  v
+Supabase Postgres
+  |
+  | upload files / delete expired files
+  v
+Supabase Storage
+```
+
+### Temporary Cleanup
+
+Every message gets an expiry time:
+
+```text
+created_at + 5 hours = expires_at
+```
+
+The app cleanup task runs every `CLEANUP_INTERVAL_SECONDS` and removes:
+
+- expired database messages
+- expired uploaded files
+- stale cached history
+
+---
+
+## Test The Integration
+
+Run:
+
+```bash
+python test.py
+```
+
+Expected result:
+
+```text
+Supabase database integration successful.
+Inserted, read, and deleted test row id: ...
+```
+
+---
+
+## Screenshots
+
+Add these before launch:
+
+| Screen | Preview |
+| --- | --- |
+| Join room | `docs/screenshots/join-room.png` |
+| Two users chatting | `docs/screenshots/chat-room.png` |
+| File upload | `docs/screenshots/file-share.png` |
+| Mobile view | `docs/screenshots/mobile.png` |
+
+> Tip: a 10-second GIF is more powerful than four static screenshots.
+
+---
+
+## Image Prompts
+
+Use this shared visual style for every image so the README matches the app theme:
+
+```text
+dreamy anime-style illustration, soft sky-blue and white glassy UI glow, pastel pink highlights, tiny mint-green accents, cozy modern office, clean rounded shapes, gentle bloom, cinematic lighting, professional but cute, no readable text, no watermark
+```
+
+| File name | Where it appears | Prompt |
+| --- | --- | --- |
+| `docs/images/trichat-hero-banner.png` | Top hero banner | Three young office friends at separate computers in a cozy modern workplace, their screens connected by a soft glowing temporary chat room, floating files and notes moving between devices, white glass panels, sky-blue glow, pastel pink highlights, mint-green status dots, wide cinematic banner composition |
+| `docs/images/office-problem-scene.png` | The Little Office Problem | One coworker hesitating before logging into a personal messenger on someone else's office PC, two friends waiting with a file, privacy concern shown with subtle lock shapes and a phone silhouette, awkward but cute expressions, soft blue-white office lighting, pastel pink monitor glow |
+| `docs/images/glowing-room-idea.png` | The Idea | A small magical chat-room portal appearing between three computer screens, files, links, sticky notes, and image cards floating through it, coworkers smiling with relief, glassy white interface elements, blue glow, mint accents, dreamy startup energy |
+| `docs/images/temp-room-flow.png` | Story Mode Flow | Two office computers connected through a temporary room bubble, files and messages traveling safely between screens, a gentle hourglass symbol showing 5-hour expiry, calm blue-white workspace, pastel pink rim light, clean readable composition with no text |
+| `docs/images/auto-delete-scene.png` | Optional cleanup section image | A temporary chat room gently dissolving into sparkling light after 5 hours, old files and message cards fading like soft particles, hourglass glow, peaceful night office, blue-white base colors, pink highlights, mint safety accents |
+| `docs/images/friends-success-scene.png` | Optional final CTA image | Three office friends smiling around glowing computer screens after sharing files successfully, calm satisfied mood, sunrise light, clean desks, blue-white glass UI, pastel pink warmth, tiny mint-green online indicators |
+
+---
+
+## Perfect For
+
+- Office teammates sharing files across PCs
+- Students in computer labs
+- Hackathon teams
+- Support desks
+- Temporary project rooms
+- People who do not want to log into personal messengers on shared machines
+
+---
+
+## Safety Note
+
+TriChat is built for quick temporary exchange, not permanent private storage.
+
+Do not share passwords, private keys, confidential company documents, or anything that should not appear in a public temporary room.
+
+---
+
+## The Short Story For GitHub
+
+I built TriChat because my coworkers and I often needed to move files between office PCs.
+
+Using WhatsApp Web was annoying because nobody wanted to log into a personal account on someone else's computer.
+
+TriChat is a temporary anonymous room: open a room, share files or links, and the history clears after 5 hours.
+
+---
+
+## Roadmap
+
+- Copy invite link button
+- Room expiry countdown in the UI
+- Drag-and-drop file upload
+- Dark mode
+- Optional room password
+- Admin cleanup dashboard
+- One-click deploy buttons
+
+---
+
+<div align="center">
+
+### If TriChat saved you from logging into WhatsApp on a random PC, give it a star.
+
+Temporary rooms. Quick sharing. No personal login.
+
+</div>

app.py

@@ -1,92 +1,378 @@
-from fastapi import FastAPI, WebSocket, WebSocketDisconnect, HTTPException
-from fastapi.staticfiles import StaticFiles
-from fastapi.responses import HTMLResponse
-from fastapi.templating import Jinja2Templates
-import json
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+from typing import Dict, List, Optional
+from uuid import uuid4
 import asyncio
-from datetime import datetime
-from typing import Dict, List, Set
 import base64
+import binascii
+import contextlib
+import json
+import logging
 import mimetypes
 import os
+
+import httpx
 import uvicorn
-app = FastAPI(title="Tri-Chat API", description="Real-time chat with WebSocket support")
+from fastapi import FastAPI, WebSocket, WebSocketDisconnect
+from fastapi.responses import HTMLResponse
+from fastapi.staticfiles import StaticFiles
+
+
+def load_env_file(path: str = ".env") -> None:
+    env_path = Path(path)
+    if not env_path.exists():
+        return
 
-# Serve static assets
+    for raw_line in env_path.read_text(encoding="utf-8").splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#") or "=" not in line:
+            continue
+
+        key, value = line.split("=", 1)
+        os.environ.setdefault(key.strip(), value.strip().strip('"').strip("'"))
+
+
+load_env_file()
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger("trichat")
+
+MAX_HISTORY_MESSAGES = 100
+MAX_FILE_SIZE = 5 * 1024 * 1024
+ROOM_HISTORY_HOURS = int(os.getenv("ROOM_HISTORY_HOURS", "5"))
+HISTORY_CACHE_SECONDS = int(os.getenv("HISTORY_CACHE_SECONDS", "30"))
+CLEANUP_INTERVAL_SECONDS = int(os.getenv("CLEANUP_INTERVAL_SECONDS", "600"))
+SUPABASE_URL = os.getenv("SUPABASE_URL", "").rstrip("/")
+SUPABASE_KEY = os.getenv("SUPABASE_SERVICE_ROLE_KEY", "")
+SUPABASE_BUCKET = os.getenv("SUPABASE_BUCKET", "chat-files")
+
+app = FastAPI(title="Tri-Chat API", description="Temporary anonymous chat rooms")
 app.mount("/static", StaticFiles(directory="static"), name="static")
 
-# Setup templates
-templates = Jinja2Templates(directory="templates")
 
-# Connection Manager to handle WebSocket connections
+def now_utc() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def utc_now() -> str:
+    return now_utc().isoformat()
+
+
+def expiry_time() -> str:
+    return (now_utc() + timedelta(hours=ROOM_HISTORY_HOURS)).isoformat()
+
+
+def clean_text(value: object, limit: int, default: str = "") -> str:
+    if not isinstance(value, str):
+        return default
+    return value.strip()[:limit]
+
+
+def safe_file_name(file_name: str) -> str:
+    cleaned = Path(file_name).name.strip()[:100]
+    return cleaned or "upload.bin"
+
+
+def storage_path_for(room: str, file_name: str) -> str:
+    room_prefix = "".join(char if char.isalnum() or char in ("-", "_") else "_" for char in room)
+    return f"{room_prefix}/{uuid4().hex}-{safe_file_name(file_name)}"
+
+
+def parse_iso_datetime(value: str) -> Optional[datetime]:
+    if not value:
+        return None
+
+    try:
+        return datetime.fromisoformat(value.replace("Z", "+00:00"))
+    except ValueError:
+        return None
+
+
+def is_expired(message: dict) -> bool:
+    expires_at = parse_iso_datetime(message.get("expiresAt", ""))
+    return bool(expires_at and expires_at <= now_utc())
+
+
+class SupabaseStore:
+    def __init__(self, url: str, key: str, bucket: str):
+        self.url = url
+        self.key = key
+        self.bucket = bucket
+
+    @property
+    def enabled(self) -> bool:
+        return bool(self.url and self.key)
+
+    @property
+    def headers(self) -> Dict[str, str]:
+        return {
+            "apikey": self.key,
+            "Authorization": f"Bearer {self.key}",
+        }
+
+    async def fetch_history(self, room: str) -> List[dict]:
+        if not self.enabled:
+            return []
+
+        params = {
+            "select": "*",
+            "room": f"eq.{room}",
+            "expires_at": f"gt.{utc_now()}",
+            "order": "created_at.desc",
+            "limit": str(MAX_HISTORY_MESSAGES),
+        }
+
+        async with httpx.AsyncClient(timeout=10) as client:
+            response = await client.get(
+                f"{self.url}/rest/v1/messages",
+                headers=self.headers,
+                params=params,
+            )
+            response.raise_for_status()
+
+        rows = list(reversed(response.json()))
+        return [self.row_to_message(row) for row in rows]
+
+    async def save_message(self, message: dict) -> None:
+        if not self.enabled or message.get("type") == "system":
+            return
+
+        payload = {
+            "room": message["room"],
+            "username": message["username"],
+            "message_type": message["type"],
+            "text": message.get("text"),
+            "file_url": message.get("fileUrl"),
+            "file_path": message.get("filePath"),
+            "file_name": message.get("fileName"),
+            "file_type": message.get("fileType"),
+            "file_size": message.get("fileSize"),
+            "created_at": message["timestamp"],
+            "expires_at": message["expiresAt"],
+        }
+
+        async with httpx.AsyncClient(timeout=10) as client:
+            response = await client.post(
+                f"{self.url}/rest/v1/messages",
+                headers={**self.headers, "Content-Type": "application/json"},
+                json=payload,
+            )
+            response.raise_for_status()
+
+    async def upload_file(self, room: str, file_name: str, file_type: str, file_bytes: bytes) -> tuple[str, str]:
+        if not self.enabled:
+            raise RuntimeError("Supabase is not configured")
+
+        path = storage_path_for(room, file_name)
+        content_type = file_type or mimetypes.guess_type(file_name)[0] or "application/octet-stream"
+
+        async with httpx.AsyncClient(timeout=30) as client:
+            response = await client.post(
+                f"{self.url}/storage/v1/object/{self.bucket}/{path}",
+                headers={
+                    **self.headers,
+                    "Content-Type": content_type,
+                    "x-upsert": "false",
+                },
+                content=file_bytes,
+            )
+            response.raise_for_status()
+
+        public_url = f"{self.url}/storage/v1/object/public/{self.bucket}/{path}"
+        return public_url, path
+
+    async def delete_storage_objects(self, paths: List[str]) -> None:
+        if not self.enabled or not paths:
+            return
+
+        async with httpx.AsyncClient(timeout=30) as client:
+            response = await client.request(
+                "DELETE",
+                f"{self.url}/storage/v1/object/{self.bucket}",
+                headers={**self.headers, "Content-Type": "application/json"},
+                json={"prefixes": paths},
+            )
+            response.raise_for_status()
+
+    async def cleanup_expired(self) -> int:
+        if not self.enabled:
+            return 0
+
+        current_time = utc_now()
+        async with httpx.AsyncClient(timeout=30) as client:
+            select_response = await client.get(
+                f"{self.url}/rest/v1/messages",
+                headers=self.headers,
+                params={
+                    "select": "id,file_path",
+                    "expires_at": f"lte.{current_time}",
+                    "limit": "500",
+                },
+            )
+            select_response.raise_for_status()
+            expired_rows = select_response.json()
+
+            if not expired_rows:
+                return 0
+
+            file_paths = [row["file_path"] for row in expired_rows if row.get("file_path")]
+            if file_paths:
+                await self.delete_storage_objects(file_paths)
+
+            delete_response = await client.delete(
+                f"{self.url}/rest/v1/messages",
+                headers=self.headers,
+                params={"expires_at": f"lte.{current_time}"},
+            )
+            delete_response.raise_for_status()
+
+        return len(expired_rows)
+
+    def row_to_message(self, row: dict) -> dict:
+        message = {
+            "type": row["message_type"],
+            "username": row["username"],
+            "timestamp": row["created_at"],
+            "expiresAt": row["expires_at"],
+            "room": row["room"],
+        }
+
+        if row["message_type"] == "text":
+            message["text"] = row.get("text") or ""
+        elif row["message_type"] == "file":
+            message.update(
+                {
+                    "fileUrl": row.get("file_url") or "",
+                    "fileName": row.get("file_name") or "download",
+                    "fileType": row.get("file_type") or "application/octet-stream",
+                    "fileSize": row.get("file_size") or 0,
+                }
+            )
+
+        return message
+
+
+store = SupabaseStore(SUPABASE_URL, SUPABASE_KEY, SUPABASE_BUCKET)
+
+
 class ConnectionManager:
     def __init__(self):
-        # Store active connections by room
         self.active_connections: Dict[str, List[Dict]] = {}
-        # Store message history by room (in-memory for demo)
-        self.message_history: Dict[str, List[Dict]] = {}
-        
+        self.fallback_history: Dict[str, List[Dict]] = {}
+        self.history_cache: Dict[str, Dict] = {}
+
     async def connect(self, websocket: WebSocket, room: str, username: str):
         await websocket.accept()
-        
-        # Initialize room if it doesn't exist
+
         if room not in self.active_connections:
             self.active_connections[room] = []
-            self.message_history[room] = []
-            
-        # Add connection to room
-        connection_info = {
-            "websocket": websocket,
-            "username": username,
-            "joined_at": datetime.now().isoformat()
-        }
-        self.active_connections[room].append(connection_info)
+            self.fallback_history[room] = []
 
-        # Send message history to new user before broadcasting the fresh join event
-        for message in self.message_history[room]:
+        self.active_connections[room].append(
+            {
+                "websocket": websocket,
+                "username": username,
+                "joined_at": utc_now(),
+            }
+        )
+
+        for message in await self.get_history(room):
             await websocket.send_text(json.dumps(message))
-        
-        # Send join notification
-        join_message = {
-            "type": "system",
-            "message": f"{username} joined the room",
-            "timestamp": datetime.now().isoformat(),
-            "room": room
-        }
-        await self.broadcast_to_room(room, join_message)
+
+        await self.broadcast_to_room(
+            room,
+            {
+                "type": "system",
+                "message": f"{username} joined the room",
+                "timestamp": utc_now(),
+                "room": room,
+            },
+            persist=False,
+        )
         await self.broadcast_user_list(room)
-    
-    def disconnect(self, websocket: WebSocket, room: str):
-        if room in self.active_connections:
-            # Find and remove the connection
-            for conn in self.active_connections[room]:
-                if conn["websocket"] == websocket:
-                    self.active_connections[room].remove(conn)
-                    return conn["username"]
+
+    async def get_history(self, room: str) -> List[dict]:
+        self.prune_fallback_history(room)
+        cached = self.history_cache.get(room)
+        if cached and cached["expires_at"] > now_utc():
+            return cached["messages"]
+
+        if store.enabled:
+            try:
+                messages = await store.fetch_history(room)
+                self.cache_history(room, messages)
+                return messages
+            except httpx.HTTPError as exc:
+                logger.warning("Could not fetch Supabase history: %s", exc)
+
+        messages = self.fallback_history.get(room, [])
+        self.cache_history(room, messages)
+        return messages
+
+    def cache_history(self, room: str, messages: List[dict]) -> None:
+        self.history_cache[room] = {
+            "messages": [message for message in messages if not is_expired(message)],
+            "expires_at": now_utc() + timedelta(seconds=HISTORY_CACHE_SECONDS),
+        }
+
+    def append_to_cache(self, room: str, message: dict) -> None:
+        cached = self.history_cache.get(room)
+        if not cached:
+            return
+
+        cached["messages"].append(message)
+        cached["messages"] = cached["messages"][-MAX_HISTORY_MESSAGES:]
+
+    def prune_fallback_history(self, room: str) -> None:
+        if room in self.fallback_history:
+            self.fallback_history[room] = [
+                message for message in self.fallback_history[room] if not is_expired(message)
+            ][-MAX_HISTORY_MESSAGES:]
+
+    def disconnect(self, websocket: WebSocket, room: str) -> Optional[str]:
+        if room not in self.active_connections:
+            return None
+
+        for conn in list(self.active_connections[room]):
+            if conn["websocket"] == websocket:
+                self.active_connections[room].remove(conn)
+                username = conn["username"]
+                if not self.active_connections[room]:
+                    self.active_connections.pop(room, None)
+                return username
+
         return None
-    
-    async def broadcast_to_room(self, room: str, message: dict):
+
+    async def broadcast_to_room(self, room: str, message: dict, persist: bool = True):
+        if persist:
+            if store.enabled:
+                try:
+                    await store.save_message(message)
+                except httpx.HTTPError as exc:
+                    logger.warning("Could not save message to Supabase: %s", exc)
+                    self.add_fallback_message(room, message)
+            else:
+                self.add_fallback_message(room, message)
+
+            self.append_to_cache(room, message)
+
         if room not in self.active_connections:
             return
-            
-        # Store message in history
-        self.message_history[room].append(message)
-        
-        # Keep only last 100 messages per room
-        if len(self.message_history[room]) > 100:
-            self.message_history[room] = self.message_history[room][-100:]
-        
-        # Send to all connections in room
+
         disconnected = []
-        for connection_info in self.active_connections[room]:
+        for connection_info in list(self.active_connections[room]):
             try:
                 await connection_info["websocket"].send_text(json.dumps(message))
-            except:
+            except RuntimeError:
                 disconnected.append(connection_info)
-        
-        # Remove disconnected clients
+
         for conn in disconnected:
-            self.active_connections[room].remove(conn)
+            if conn in self.active_connections.get(room, []):
+                self.active_connections[room].remove(conn)
+
+    def add_fallback_message(self, room: str, message: dict) -> None:
+        self.fallback_history.setdefault(room, []).append(message)
+        self.prune_fallback_history(room)
 
     async def broadcast_user_list(self, room: str):
         if room not in self.active_connections:
@@ -95,162 +381,204 @@ class ConnectionManager:
         users_message = {
             "type": "user_list",
             "users": self.get_room_users(room),
-            "room": room
+            "room": room,
         }
 
         disconnected = []
-        for connection_info in self.active_connections[room]:
+        for connection_info in list(self.active_connections[room]):
             try:
                 await connection_info["websocket"].send_text(json.dumps(users_message))
-            except:
+            except RuntimeError:
                 disconnected.append(connection_info)
 
         for conn in disconnected:
-            self.active_connections[room].remove(conn)
-    
+            if conn in self.active_connections.get(room, []):
+                self.active_connections[room].remove(conn)
+
     def get_room_users(self, room: str) -> List[str]:
         if room not in self.active_connections:
             return []
         return [conn["username"] for conn in self.active_connections[room]]
 
-# Global connection manager instance
+    def clear_cache(self) -> None:
+        self.history_cache.clear()
+
+
 manager = ConnectionManager()
+cleanup_task: Optional[asyncio.Task] = None
+
+
+async def cleanup_loop() -> None:
+    while True:
+        try:
+            deleted_count = await store.cleanup_expired()
+            if deleted_count:
+                manager.clear_cache()
+                logger.info("Deleted %s expired messages/files", deleted_count)
+        except httpx.HTTPError as exc:
+            logger.warning("Expired cleanup failed: %s", exc)
+
+        await asyncio.sleep(CLEANUP_INTERVAL_SECONDS)
+
+
+@app.on_event("startup")
+async def startup_event():
+    global cleanup_task
+    if store.enabled:
+        cleanup_task = asyncio.create_task(cleanup_loop())
+        logger.info("Temporary cleanup is running every %s seconds", CLEANUP_INTERVAL_SECONDS)
+    else:
+        logger.warning("Supabase is not configured. Using in-memory fallback only.")
+
+
+@app.on_event("shutdown")
+async def shutdown_event():
+    if cleanup_task:
+        cleanup_task.cancel()
+        with contextlib.suppress(asyncio.CancelledError):
+            await cleanup_task
+
 
 @app.get("/", response_class=HTMLResponse)
 async def get_chat_page():
-    """Serve the chat HTML page"""
     try:
         with open("templates/index.html", "r", encoding="utf-8") as f:
-            html_content = f.read()
-        return HTMLResponse(content=html_content)
+            return HTMLResponse(content=f.read())
     except FileNotFoundError:
         return HTMLResponse(
-            content="<h1>Error: templates/index.html not found</h1><p>Please make sure the templates directory exists with index.html</p>",
-            status_code=404
+            content="<h1>Error: templates/index.html not found</h1>",
+            status_code=404,
         )
 
+
 @app.websocket("/ws/{room}")
 async def websocket_endpoint(websocket: WebSocket, room: str, username: str):
-    """WebSocket endpoint for real-time chat"""
-    
-    # Validate inputs
-    if not username or len(username.strip()) == 0:
+    username = clean_text(username, 20)
+    room = clean_text(room, 30, "global") or "global"
+
+    if not username:
         await websocket.close(code=1008, reason="Username is required")
         return
-        
-    if not room or len(room.strip()) == 0:
-        room = "global"
-    
-    # Sanitize inputs
-    username = username.strip()[:20]  # Limit username length
-    room = room.strip()[:30]  # Limit room name length
-    
+
     await manager.connect(websocket, room, username)
-    
+
     try:
         while True:
-            # Receive message from client
             data = await websocket.receive_text()
-            message_data = json.loads(data)
-            
-            # Validate message type
-            if message_data.get("type") not in ["text", "file"]:
+
+            try:
+                message_data = json.loads(data)
+            except json.JSONDecodeError:
+                await websocket.send_text(json.dumps({"type": "error", "message": "Invalid message"}))
                 continue
-                
-            # Process text message
-            if message_data["type"] == "text":
-                text_content = message_data.get("text", "").strip()
-                if len(text_content) == 0:
-                    continue
-                    
-                # Sanitize and limit text length
-                text_content = text_content[:500]
-                
-                message = {
-                    "type": "text",
-                    "username": username,
-                    "text": text_content,
-                    "timestamp": datetime.now().isoformat(),
-                    "room": room
-                }
-                
-                await manager.broadcast_to_room(room, message)
-            
-            # Process file message
-            elif message_data["type"] == "file":
-                file_name = message_data.get("fileName", "unknown")[:100]
-                file_type = message_data.get("fileType", "application/octet-stream")
-                file_size = message_data.get("fileSize", 0)
-                file_data = message_data.get("fileData", "")
-                
-                # Validate file size (5MB limit)
-                if file_size > 5 * 1024 * 1024:
-                    await websocket.send_text(json.dumps({
-                        "type": "error",
-                        "message": "File size exceeds 5MB limit"
-                    }))
-                    continue
-                
-                # Validate base64 data
-                try:
-                    base64.b64decode(file_data)
-                except Exception:
-                    await websocket.send_text(json.dumps({
-                        "type": "error", 
-                        "message": "Invalid file data"
-                    }))
-                    continue
-                
-                message = {
-                    "type": "file",
-                    "username": username,
-                    "fileName": file_name,
-                    "fileType": file_type,
-                    "fileSize": file_size,
-                    "fileData": file_data,
-                    "timestamp": datetime.now().isoformat(),
-                    "room": room
-                }
-                
-                await manager.broadcast_to_room(room, message)
-                
+
+            message_type = message_data.get("type")
+            if message_type == "text":
+                await handle_text_message(room, username, message_data)
+            elif message_type == "file":
+                await handle_file_message(websocket, room, username, message_data)
     except WebSocketDisconnect:
         disconnected_username = manager.disconnect(websocket, room)
         if disconnected_username:
-            leave_message = {
-                "type": "system",
-                "message": f"{disconnected_username} left the room",
-                "timestamp": datetime.now().isoformat(),
-                "room": room
-            }
-            await manager.broadcast_to_room(room, leave_message)
+            await manager.broadcast_to_room(
+                room,
+                {
+                    "type": "system",
+                    "message": f"{disconnected_username} left the room",
+                    "timestamp": utc_now(),
+                    "room": room,
+                },
+                persist=False,
+            )
             await manager.broadcast_user_list(room)
 
+
+async def handle_text_message(room: str, username: str, message_data: dict):
+    text_content = clean_text(message_data.get("text"), 500)
+    if not text_content:
+        return
+
+    await manager.broadcast_to_room(
+        room,
+        {
+            "type": "text",
+            "username": username,
+            "text": text_content,
+            "timestamp": utc_now(),
+            "expiresAt": expiry_time(),
+            "room": room,
+        },
+    )
+
+
+async def handle_file_message(websocket: WebSocket, room: str, username: str, message_data: dict):
+    file_name = safe_file_name(clean_text(message_data.get("fileName"), 100, "upload.bin"))
+    file_type = clean_text(message_data.get("fileType"), 120, "application/octet-stream")
+    file_data = message_data.get("fileData", "")
+
+    if not store.enabled:
+        await websocket.send_text(json.dumps({"type": "error", "message": "File uploads need Supabase configured"}))
+        return
+
+    try:
+        file_bytes = base64.b64decode(file_data, validate=True)
+    except (binascii.Error, TypeError):
+        await websocket.send_text(json.dumps({"type": "error", "message": "Invalid file data"}))
+        return
+
+    if len(file_bytes) > MAX_FILE_SIZE:
+        await websocket.send_text(json.dumps({"type": "error", "message": "File size exceeds 5MB limit"}))
+        return
+
+    try:
+        file_url, file_path = await store.upload_file(room, file_name, file_type, file_bytes)
+    except httpx.HTTPError as exc:
+        logger.warning("File upload failed: %s", exc)
+        await websocket.send_text(json.dumps({"type": "error", "message": "File upload failed"}))
+        return
+
+    await manager.broadcast_to_room(
+        room,
+        {
+            "type": "file",
+            "username": username,
+            "fileName": file_name,
+            "fileType": file_type,
+            "fileSize": len(file_bytes),
+            "fileUrl": file_url,
+            "filePath": file_path,
+            "timestamp": utc_now(),
+            "expiresAt": expiry_time(),
+            "room": room,
+        },
+    )
+
+
 @app.get("/api/rooms")
 async def get_active_rooms():
-    """Get list of active chat rooms"""
     rooms = []
     for room_name, connections in manager.active_connections.items():
-        if connections:  # Only include rooms with active connections
-            rooms.append({
-                "name": room_name,
-                "user_count": len(connections),
-                "users": [conn["username"] for conn in connections]
-            })
+        if connections:
+            rooms.append(
+                {
+                    "name": room_name,
+                    "user_count": len(connections),
+                    "users": [conn["username"] for conn in connections],
+                }
+            )
     return {"rooms": rooms}
 
+
 @app.get("/api/rooms/{room}/users")
 async def get_room_users(room: str):
-    """Get list of users in a specific room"""
     users = manager.get_room_users(room)
     return {
         "room": room,
         "users": users,
-        "user_count": len(users)
+        "user_count": len(users),
     }
 
 
-
 if __name__ == "__main__":
-    port = int(os.getenv("PORT", 7860))  # Hugging Face expects 7860
+    port = int(os.getenv("PORT", 7860))
     uvicorn.run(app, host="0.0.0.0", port=port)

docs/images/README.md

@@ -0,0 +1,16 @@
+# TriChat README Images
+
+Generate the README images with the prompts in the main `README.md`, then save them here:
+
+- `trichat-hero-banner.png`
+- `office-problem-scene.png`
+- `glowing-room-idea.png`
+- `temp-room-flow.png`
+- `auto-delete-scene.png`
+- `friends-success-scene.png`
+
+Recommended sizes:
+
+- Hero banner: `1600x700`
+- Story scenes: `1200x800`
+- Flow/CTA images: `1200x700`

requirements.txt

@@ -1,5 +1,5 @@
 fastapi==0.104.1
 uvicorn[standard]==0.24.0
 websockets==12.0
-python-multipart==0.0.6
 jinja2==3.1.2
+httpx==0.27.2

static/main.js

@@ -120,7 +120,13 @@ class TriChat {
             };
 
             this.ws.onmessage = (event) => {
-                const message = JSON.parse(event.data);
+                let message;
+                try {
+                    message = JSON.parse(event.data);
+                } catch (error) {
+                    console.error("Invalid WebSocket message:", error);
+                    return;
+                }
 
                 if (message.type === "user_list") {
                     this.updateUserList(message.users || []);
@@ -293,9 +299,11 @@ class TriChat {
                     <div class="message-content">${this.escapeHtml(message.text)}</div>
                 `;
             } else if (message.type === "file") {
-                const downloadUrl = `data:${message.fileType};base64,${message.fileData}`;
-                const preview = message.fileType.startsWith("image/")
-                    ? `<div class="file-preview"><img src="${downloadUrl}" alt="${this.escapeHtml(message.fileName)}"></div>`
+                const downloadUrl = message.fileUrl || "";
+                const safeDownloadUrl = this.escapeHtml(downloadUrl);
+                const safeFileName = this.escapeHtml(message.fileName);
+                const preview = downloadUrl && message.fileType.startsWith("image/")
+                    ? `<div class="file-preview"><img src="${safeDownloadUrl}" alt="${safeFileName}"></div>`
                     : "";
                 const fileIcon = this.getFileIcon(message.fileType);
 
@@ -307,11 +315,11 @@ class TriChat {
                     <div class="message-content">
                         <div class="file-summary">
                             <i class="${fileIcon}"></i>
-                            <strong>${this.escapeHtml(message.fileName)}</strong>
+                            <strong>${safeFileName}</strong>
                         </div>
                         <div class="file-size">${this.formatFileSize(message.fileSize)}</div>
                         ${preview}
-                        <a href="${downloadUrl}" download="${this.escapeHtml(message.fileName)}" class="file-download">
+                        <a href="${safeDownloadUrl}" download="${safeFileName}" class="file-download">
                             <i class="fas fa-download"></i>
                             Download
                         </a>

supabase_schema.sql

@@ -0,0 +1,40 @@
+create table if not exists public.messages (
+    id bigint generated by default as identity primary key,
+    room text not null,
+    username text not null,
+    message_type text not null check (message_type in ('text', 'file')),
+    text text,
+    file_url text,
+    file_path text,
+    file_name text,
+    file_type text,
+    file_size integer,
+    created_at timestamptz not null default now(),
+    expires_at timestamptz not null default (now() + interval '5 hours')
+);
+
+alter table public.messages
+    add column if not exists file_path text;
+
+alter table public.messages
+    add column if not exists expires_at timestamptz;
+
+update public.messages
+set expires_at = created_at + interval '5 hours'
+where expires_at is null;
+
+alter table public.messages
+    alter column expires_at set default (now() + interval '5 hours');
+
+alter table public.messages
+    alter column expires_at set not null;
+
+create index if not exists messages_room_created_at_idx
+    on public.messages (room, created_at desc);
+
+create index if not exists messages_expires_at_idx
+    on public.messages (expires_at);
+
+alter table public.messages enable row level security;
+
+drop policy if exists "Allow public read messages" on public.messages;

test.py

@@ -0,0 +1,110 @@
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+from uuid import uuid4
+import os
+import sys
+
+import httpx
+
+
+def load_env_file(path: str) -> None:
+    env_path = Path(path)
+    if not env_path.exists():
+        return
+
+    for raw_line in env_path.read_text(encoding="utf-8").splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#") or "=" not in line:
+            continue
+
+        key, value = line.split("=", 1)
+        key = key.strip()
+        value = value.strip().strip('"').strip("'")
+        os.environ.setdefault(key, value)
+
+
+def require_env(name: str) -> str:
+    value = os.getenv(name, "").strip()
+    if not value:
+        raise RuntimeError(f"Missing {name}. Add it to .env or .env.example.")
+    return value
+
+
+def main() -> int:
+    load_env_file(".env")
+    load_env_file(".env.example")
+
+    supabase_url = require_env("SUPABASE_URL").rstrip("/")
+    supabase_key = require_env("SUPABASE_SERVICE_ROLE_KEY")
+
+    headers = {
+        "apikey": supabase_key,
+        "Authorization": f"Bearer {supabase_key}",
+        "Content-Type": "application/json",
+    }
+
+    test_room = f"test-{uuid4().hex}"
+    test_text = f"Supabase integration test {datetime.now(timezone.utc).isoformat()}"
+    payload = {
+        "room": test_room,
+        "username": "integration-test",
+        "message_type": "text",
+        "text": test_text,
+        "created_at": datetime.now(timezone.utc).isoformat(),
+        "expires_at": (datetime.now(timezone.utc) + timedelta(hours=5)).isoformat(),
+    }
+
+    with httpx.Client(timeout=20) as client:
+        insert_response = client.post(
+            f"{supabase_url}/rest/v1/messages",
+            headers={**headers, "Prefer": "return=representation"},
+            json=payload,
+        )
+        insert_response.raise_for_status()
+
+        inserted = insert_response.json()
+        if not inserted:
+            raise RuntimeError("Insert succeeded, but Supabase did not return a row.")
+
+        inserted_id = inserted[0]["id"]
+
+        select_response = client.get(
+            f"{supabase_url}/rest/v1/messages",
+            headers=headers,
+            params={
+                "select": "id,room,username,message_type,text,expires_at,file_path",
+                "id": f"eq.{inserted_id}",
+            },
+        )
+        select_response.raise_for_status()
+        rows = select_response.json()
+
+        if not rows or rows[0]["text"] != test_text:
+            raise RuntimeError("Inserted test row could not be read back correctly.")
+
+        if not rows[0].get("expires_at") or "file_path" not in rows[0]:
+            raise RuntimeError("Expiry columns are missing. Run supabase_schema.sql again.")
+
+        delete_response = client.delete(
+            f"{supabase_url}/rest/v1/messages",
+            headers=headers,
+            params={"id": f"eq.{inserted_id}"},
+        )
+        delete_response.raise_for_status()
+
+    print("Supabase database integration successful.")
+    print(f"Inserted, read, and deleted test row id: {inserted_id}")
+    return 0
+
+
+if __name__ == "__main__":
+    try:
+        raise SystemExit(main())
+    except httpx.HTTPStatusError as exc:
+        response_body = exc.response.text[:500]
+        print(f"Supabase database integration failed: {exc}", file=sys.stderr)
+        print(f"Response body: {response_body}", file=sys.stderr)
+        raise SystemExit(1)
+    except Exception as exc:
+        print(f"Supabase database integration failed: {exc}", file=sys.stderr)
+        raise SystemExit(1)