Spaces:

somratpro
/

HuggingClip

Running

somratpro Claude Haiku 4.5 commited on Apr 27

Commit

c1db737

1 Parent(s): e96aeec

fix: hostname allowlist via env var, correct first-boot DB status

- Use PAPERCLIP_ALLOWED_HOSTNAMES env var (no CLI/config.json required)
- Set PAPERCLIP_PUBLIC_URL from SPACE_HOST for Better Auth base URL
- Remove broken CLI-based allowed-hostname calls from step 7
- sync_from_hf returns None for no-backup (first boot) vs False for errors
- First boot restore: write db_status=connected, not error

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

Files changed (2) hide show

paperclip-sync.py +21 -14
start.sh +15 -12

paperclip-sync.py CHANGED Viewed

@@ -15,7 +15,7 @@ from datetime import datetime
 from pathlib import Path
 from huggingface_hub import HfApi
-from huggingface_hub.utils import RepositoryNotFoundError
 # ============================================================================
 # Configuration
@@ -341,9 +341,9 @@ def sync_from_hf() -> bool:
                 local_dir=temp_dir,
                 local_dir_use_symlinks=False
             )
-        except RepositoryNotFoundError:
-            logger.info(f'No backup found in {dataset_id}')
-            return False
         logger.info(f'Downloaded backup from {dataset_id}')
@@ -446,18 +446,25 @@ def sync_from_backup() -> bool:
     try:
         success = sync_from_hf()
-        # Update status
-        status['db_status'] = 'connected' if success else 'error'
-        status['last_error'] = None if success else 'Restore failed'
-        write_status(status)
-        if success:
             logger.info('Restore operation completed successfully')
         else:
-            logger.warning('Restore operation completed (no backup or error)')
-        return success
     except Exception as e:
         logger.error(f'Restore operation failed: {e}')

 from pathlib import Path
 from huggingface_hub import HfApi
+from huggingface_hub.utils import RepositoryNotFoundError, EntryNotFoundError
 # ============================================================================
 # Configuration
                 local_dir=temp_dir,
                 local_dir_use_symlinks=False
             )
+        except (RepositoryNotFoundError, EntryNotFoundError):
+            logger.info(f'No backup found in {dataset_id} (first boot)')
+            return None  # not an error — just no backup yet
         logger.info(f'Downloaded backup from {dataset_id}')
     try:
         success = sync_from_hf()
+        if success is None:
+            # No backup exists yet (first boot) — not an error
+            status['db_status'] = 'connected'
+            status['last_error'] = None
+            write_status(status)
+            logger.info('No prior backup found — fresh instance, DB ready')
+            return True
+        elif success:
+            status['db_status'] = 'connected'
+            status['last_error'] = None
+            write_status(status)
             logger.info('Restore operation completed successfully')
+            return True
         else:
+            status['db_status'] = 'error'
+            status['last_error'] = 'Restore failed'
+            write_status(status)
+            logger.warning('Restore operation failed')
+            return False
     except Exception as e:
         logger.error(f'Restore operation failed: {e}')

start.sh CHANGED Viewed

@@ -58,6 +58,19 @@ export BACKUP_DATASET_NAME="${BACKUP_DATASET_NAME:-paperclip-backup}"
 export PAPERCLIP_TELEMETRY_DISABLED="${PAPERCLIP_TELEMETRY_DISABLED:-1}"
 export DO_NOT_TRACK="${DO_NOT_TRACK:-1}"
 # Auto-generate BETTER_AUTH_SECRET if not provided
 # User-set secret (HF Space secret) always takes precedence
 AUTH_SECRET_FILE="${PAPERCLIP_HOME}/.auth-secret"
@@ -206,18 +219,8 @@ export DO_NOT_TRACK
 export PAPERCLIP_DEPLOYMENT_EXPOSURE="${PAPERCLIP_DEPLOYMENT_EXPOSURE:-private}"
 export PAPERCLIP_INSTANCE_ID="${PAPERCLIP_INSTANCE_ID:-default}"
 export OPENCODE_ALLOW_ALL_MODELS="${OPENCODE_ALLOW_ALL_MODELS:-true}"
-# Allowlist hostnames Paperclip will accept connections from
-echo "Configuring allowed hostnames..."
-pnpm paperclipai allowed-hostname localhost 2>/dev/null || true
-pnpm paperclipai allowed-hostname 127.0.0.1 2>/dev/null || true
-pnpm paperclipai allowed-hostname 0.0.0.0 2>/dev/null || true
-# HF Spaces sets SPACE_HOST to the public URL (e.g. somratpro-huggingclip.hf.space)
-if [ -n "$SPACE_HOST" ]; then
-    pnpm paperclipai allowed-hostname "$SPACE_HOST" 2>/dev/null || true
-    echo "Allowed HF Space host: $SPACE_HOST"
-fi
-echo -e "${GREEN}✓ Hostnames configured${NC}"
 echo -e "${GREEN}✓ All systems ready${NC}"
 echo -e "${GREEN}═══════════════════════════════════════════${NC}"

 export PAPERCLIP_TELEMETRY_DISABLED="${PAPERCLIP_TELEMETRY_DISABLED:-1}"
 export DO_NOT_TRACK="${DO_NOT_TRACK:-1}"
+# Derive public URL from HF Space host (auto-set by HF Spaces runtime)
+if [ -z "${PAPERCLIP_PUBLIC_URL}" ] && [ -n "${SPACE_HOST}" ]; then
+    export PAPERCLIP_PUBLIC_URL="https://${SPACE_HOST}"
+fi
+# Allow hostnames via env var (no CLI needed, comma-separated)
+# Includes localhost, 0.0.0.0, and the HF Space public hostname
+_ALLOWED="localhost,127.0.0.1,0.0.0.0"
+if [ -n "${SPACE_HOST}" ]; then
+    _ALLOWED="${_ALLOWED},${SPACE_HOST}"
+fi
+export PAPERCLIP_ALLOWED_HOSTNAMES="${PAPERCLIP_ALLOWED_HOSTNAMES:-${_ALLOWED}}"
 # Auto-generate BETTER_AUTH_SECRET if not provided
 # User-set secret (HF Space secret) always takes precedence
 AUTH_SECRET_FILE="${PAPERCLIP_HOME}/.auth-secret"
 export PAPERCLIP_DEPLOYMENT_EXPOSURE="${PAPERCLIP_DEPLOYMENT_EXPOSURE:-private}"
 export PAPERCLIP_INSTANCE_ID="${PAPERCLIP_INSTANCE_ID:-default}"
 export OPENCODE_ALLOW_ALL_MODELS="${OPENCODE_ALLOW_ALL_MODELS:-true}"
+export PAPERCLIP_ALLOWED_HOSTNAMES
+export PAPERCLIP_PUBLIC_URL
 echo -e "${GREEN}✓ All systems ready${NC}"
 echo -e "${GREEN}═══════════════════════════════════════════${NC}"