Hugging Face's logo

Spaces:
somratpro
/
HuggingPost
Running

App Files Community
HuggingPost / health-server.js
somratpro's picture
somratpro
fix uptime showing undefined on dashboard
5532c91
raw
history blame contribute delete
81.9 kB
// Single public entrypoint for HF Spaces: HuggingPost dashboard + reverse
// proxy to Postiz (which lives behind the container's internal nginx on
// port 5000 — that nginx routes /api → backend, /uploads → file system,
// / → frontend).
//
// Routing rules (in order):
// /health, /status, /uptimerobot/setup → handled here
// / (exact) → HuggingPost dashboard HTML
// /app, /app/ or /app/* → Postiz (nginx :5000), /app prefix stripped
// /_next/* or /static/* → 301 redirect to /app/<same path>
// (catches asset URLs Next.js may emit
// without basePath in edge cases)
// anything else → 404
//
// Why strip /app: the Postiz frontend is built with basePath="/app" so it
// emits asset URLs prefixed with /app. The browser sends /app/_next/foo to
// us; we strip /app and forward /_next/foo to nginx :5000, which forwards
// to Next.js on :4200. nginx's own routes (/api, /uploads, /) are also
// reached after we strip the /app prefix.
const http = require("http");
const fs = require("fs");
const net = require("net");
const path = require("path");
const PORT = 7860;
// Static files in Next.js public/ directory are served directly from disk.
// The nginx proxy chain re-adds the /app basePath prefix when forwarding to
// Next.js:4200, making public file paths misalign. Serving from disk here
// is simpler and faster.
const NEXTJS_PUBLIC_DIR = "/app/apps/frontend/public";
const MIME_TYPES = {
 ".jpg": "image/jpeg",
 ".jpeg": "image/jpeg",
 ".png": "image/png",
 ".gif": "image/gif",
 ".webp": "image/webp",
 ".svg": "image/svg+xml",
 ".ico": "image/x-icon",
 ".woff": "font/woff",
 ".woff2": "font/woff2",
 ".ttf": "font/ttf",
 ".eot": "application/vnd.ms-fontobject",
 ".txt": "text/plain; charset=utf-8",
 ".xml": "application/xml",
};
const POSTIZ_HOST = "127.0.0.1";
const POSTIZ_PORT = 5000;
const startTime = Date.now();
const HF_BACKUP_ENABLED = !!process.env.HF_TOKEN;
const SYNC_INTERVAL = process.env.SYNC_INTERVAL || "300";
const CLOUDFLARE_KEEPALIVE_STATUS_FILE =
 "/tmp/huggingpost-cloudflare-keepalive-status.json";
// Social platform env-var presence check (for dashboard status grid).
// Each entry: { name, emoji, ready: bool, setupUrl, envVars, noOAuth }
function getSocialPlatforms() {
 const e = process.env;
 return [
 // ── Works immediately (connect inside Postiz UI, no env vars needed) ─────
 {
 name: "Bluesky",
 emoji: "🦋",
 noOAuth: true,
 ready: true,
 note: "Username + App Password in Postiz",
 },
 {
 name: "Mastodon",
 emoji: "🐘",
 noOAuth: true,
 ready: true,
 note: "Instance URL + credentials in Postiz",
 },
 {
 name: "Telegram",
 emoji: "✈️",
 noOAuth: true,
 ready: true,
 note: "Bot token from @BotFather in Postiz",
 },
 {
 name: "Nostr",
 emoji: "🔑",
 noOAuth: true,
 ready: true,
 note: "Private key in Postiz",
 },
 {
 name: "Lemmy",
 emoji: "🐾",
 noOAuth: true,
 ready: true,
 note: "Instance + credentials in Postiz",
 },
 {
 name: "Warpcast",
 emoji: "🟣",
 noOAuth: true,
 ready: true,
 note: "FID + private key in Postiz",
 },
 {
 name: "Dev.to",
 emoji: "💻",
 noOAuth: true,
 ready: true,
 note: "API key from dev.to settings",
 },
 {
 name: "Hashnode",
 emoji: "📰",
 noOAuth: true,
 ready: true,
 note: "API token from Hashnode settings",
 },
 // ── Needs OAuth app (env vars required) ───────────────────────────────────
 {
 id: "google",
 name: "Google Login",
 emoji: "🔵",
 ready: !!(e.GOOGLE_CLIENT_ID || e.YOUTUBE_CLIENT_ID),
 setupUrl: "https://console.cloud.google.com/apis/credentials",
 envVars: ["GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET"],
 },
 {
 id: "linkedin",
 name: "LinkedIn",
 emoji: "💼",
 ready: !!(e.LINKEDIN_CLIENT_ID && e.LINKEDIN_CLIENT_ID !== "undefined"),
 setupUrl: "https://www.linkedin.com/developers/apps/new",
 envVars: ["LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET"],
 },
 {
 id: "x",
 name: "X / Twitter",
 emoji: "🐦",
 ready: !!e.X_API_KEY,
 setupUrl: "https://developer.twitter.com/en/portal/projects-and-apps",
 envVars: ["X_API_KEY", "X_API_SECRET"],
 },
 {
 id: "facebook",
 name: "Facebook",
 emoji: "📘",
 ready: !!e.FACEBOOK_APP_ID,
 setupUrl: "https://developers.facebook.com/apps/create/",
 envVars: ["FACEBOOK_APP_ID", "FACEBOOK_APP_SECRET"],
 },
 {
 id: "instagram",
 name: "Instagram",
 emoji: "📸",
 ready: !!e.FACEBOOK_APP_ID,
 setupUrl: "https://developers.facebook.com/apps/create/",
 envVars: ["FACEBOOK_APP_ID", "FACEBOOK_APP_SECRET"],
 note: "Uses same app as Facebook",
 },
 {
 id: "threads",
 name: "Threads",
 emoji: "🧵",
 ready: !!e.THREADS_APP_ID,
 setupUrl: "https://developers.facebook.com/apps/create/",
 envVars: ["THREADS_APP_ID", "THREADS_APP_SECRET"],
 },
 {
 id: "youtube",
 name: "YouTube",
 emoji: "▶️",
 ready: !!(e.GOOGLE_CLIENT_ID || e.YOUTUBE_CLIENT_ID),
 setupUrl: "https://console.cloud.google.com/apis/credentials",
 envVars: ["GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET"],
 note: "Uses same app as Google Login",
 },
 {
 id: "tiktok",
 name: "TikTok",
 emoji: "🎵",
 ready: !!e.TIKTOK_CLIENT_ID,
 setupUrl: "https://developers.tiktok.com/",
 envVars: ["TIKTOK_CLIENT_ID", "TIKTOK_CLIENT_SECRET"],
 },
 {
 id: "reddit",
 name: "Reddit",
 emoji: "🤖",
 ready: !!e.REDDIT_CLIENT_ID,
 setupUrl: "https://www.reddit.com/prefs/apps",
 envVars: ["REDDIT_CLIENT_ID", "REDDIT_CLIENT_SECRET"],
 },
 {
 id: "pinterest",
 name: "Pinterest",
 emoji: "📌",
 ready: !!e.PINTEREST_CLIENT_ID,
 setupUrl: "https://developers.pinterest.com/apps/",
 envVars: ["PINTEREST_CLIENT_ID", "PINTEREST_CLIENT_SECRET"],
 },
 {
 id: "discord",
 name: "Discord",
 emoji: "🎮",
 ready: !!e.DISCORD_CLIENT_ID,
 setupUrl: "https://discord.com/developers/applications",
 envVars: [
 "DISCORD_CLIENT_ID",
 "DISCORD_CLIENT_SECRET",
 "DISCORD_BOT_TOKEN_ID",
 ],
 },
 {
 id: "slack",
 name: "Slack",
 emoji: "💬",
 ready: !!e.SLACK_ID,
 setupUrl: "https://api.slack.com/apps?new_app=1",
 envVars: ["SLACK_ID", "SLACK_SECRET", "SLACK_SIGNING_SECRET"],
 },
 ];
}
// Returns detailed per-platform "direct connect" guide data (no OAuth / no env vars).
// These platforms connect entirely inside the Postiz UI — no developer portal needed.
function getDirectPlatformDetails(postizUrl) {
 const postizIntegrations = `${postizUrl}/integrations`;
 return [
 {
 id: "bluesky",
 name: "Bluesky",
 emoji: "🦋",
 docsUrl: "https://bsky.social",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Service", value: "https://bsky.social", hint: "Default for bsky.social users. Custom instance: use your instance URL." },
 { label: "Identifier", value: "yourname.bsky.social", hint: "Your full Bluesky handle." },
 { label: "Password", value: "App Password", hint: "NOT your login password — generate a dedicated App Password in Bluesky settings." },
 ],
 steps: [
 { title: "Create a Bluesky account", body: "Sign up at <a href=\"https://bsky.app\" target=\"_blank\" rel=\"noopener\">bsky.app</a> if you don't have one. Custom PDS users: use your own instance URL." },
 { title: "Generate an App Password", body: "In Bluesky → <strong>Settings → Privacy and Security → App Passwords → Add App Password</strong>. Name it <em>HuggingPost</em>. Copy the generated password — it's shown only once." },
 { title: "Open Postiz Integrations", body: "Click the button below to go to Postiz → click <strong>Connect</strong> next to Bluesky." },
 { title: "Fill in credentials", body: "<strong>Service:</strong> <code>https://bsky.social</code> (or your instance URL)<br><strong>Identifier:</strong> your full handle (e.g. <code>yourname.bsky.social</code>)<br><strong>Password:</strong> the App Password from Step 2 — <em>not</em> your login password." },
 { title: "Click Connect", body: "Postiz authenticates and adds your Bluesky account. You can post immediately." },
 ],
 },
 {
 id: "mastodon",
 name: "Mastodon",
 emoji: "🐘",
 docsUrl: "https://joinmastodon.org",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Service", value: "https://mastodon.social", hint: "Your Mastodon instance URL (e.g. https://fosstodon.org)." },
 { label: "Identifier", value: "yourhandle", hint: "Your username without the @instance part." },
 { label: "Password", value: "Your password", hint: "Your Mastodon account password." },
 ],
 steps: [
 { title: "Find your Mastodon instance URL", body: "Check your profile URL — it's the domain part (e.g. <code>mastodon.social</code>, <code>fosstodon.org</code>)." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Mastodon." },
 { title: "Fill in credentials", body: "<strong>Service:</strong> your full instance URL with https (e.g. <code>https://mastodon.social</code>)<br><strong>Identifier:</strong> your username (the part before @instance)<br><strong>Password:</strong> your account password." },
 { title: "Click Connect", body: "Postiz will authenticate via Mastodon's API and add your account." },
 ],
 },
 {
 id: "telegram",
 name: "Telegram",
 emoji: "✈️",
 docsUrl: "https://core.telegram.org/bots#how-do-i-create-a-bot",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Bot Token", value: "123456:ABC-DEF...", hint: "From @BotFather. Format: number:string." },
 ],
 steps: [
 { title: "Create a Telegram Bot", body: "Open Telegram → message <strong>@BotFather</strong> → send <code>/newbot</code> → follow prompts → copy the <strong>Bot Token</strong> (format: <code>123456789:ABC-...</code>)." },
 { title: "(Optional) Add bot to a channel", body: "To post to a Telegram channel: add your bot as an <strong>Admin</strong> of the channel with post permission." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Telegram." },
 { title: "Enter Bot Token", body: "Paste your Bot Token from @BotFather. Click Connect." },
 ],
 },
 {
 id: "devto",
 name: "Dev.to",
 emoji: "💻",
 docsUrl: "https://dev.to/settings/extensions",
 postizUrl: postizIntegrations,
 fields: [
 { label: "API Key", value: "Your Dev.to API key", hint: "From dev.to → Settings → Extensions → DEV API Keys." },
 ],
 steps: [
 { title: "Log in to Dev.to", body: "Go to <a href=\"https://dev.to\" target=\"_blank\" rel=\"noopener\">dev.to</a> and sign in." },
 { title: "Generate an API key", body: "Go to <strong>Settings → Extensions → DEV API Keys</strong>. Enter a description (e.g. <em>HuggingPost</em>) and click <strong>Generate API Key</strong>. Copy the key." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Dev.to." },
 { title: "Enter API key", body: "Paste your API key. Click Connect." },
 ],
 },
 {
 id: "hashnode",
 name: "Hashnode",
 emoji: "📰",
 docsUrl: "https://hashnode.com/settings/developer",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Personal Access Token", value: "Your Hashnode token", hint: "From hashnode.com → Account Settings → Developer → Personal Access Token." },
 ],
 steps: [
 { title: "Log in to Hashnode", body: "Go to <a href=\"https://hashnode.com\" target=\"_blank\" rel=\"noopener\">hashnode.com</a> and sign in." },
 { title: "Generate a Personal Access Token", body: "Go to <strong>Account Settings → Developer → Personal Access Token → Generate new token</strong>. Name it <em>HuggingPost</em>. Copy the token." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Hashnode." },
 { title: "Enter token", body: "Paste your Personal Access Token. Click Connect." },
 ],
 },
 {
 id: "nostr",
 name: "Nostr",
 emoji: "🔑",
 docsUrl: "https://nostr.how/en/get-started",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Private Key", value: "nsec1...", hint: "Your Nostr private key in nsec (bech32) format." },
 ],
 steps: [
 { title: "Get a Nostr keypair", body: "Use a Nostr client like <a href=\"https://snort.social\" target=\"_blank\" rel=\"noopener\">Snort</a> or <a href=\"https://primal.net\" target=\"_blank\" rel=\"noopener\">Primal</a> to create or export your keys. You need the <strong>private key</strong> in <code>nsec1...</code> format." },
 { title: "⚠️ Security note", body: "Your private key controls your entire Nostr identity. Only enter it in trusted apps. HuggingPost is self-hosted — your key stays in your container." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Nostr." },
 { title: "Enter private key", body: "Paste your <code>nsec1...</code> private key. Click Connect." },
 ],
 },
 {
 id: "lemmy",
 name: "Lemmy",
 emoji: "🐾",
 docsUrl: "https://join-lemmy.org",
 postizUrl: postizIntegrations,
 fields: [
 { label: "Instance", value: "https://lemmy.world", hint: "Your Lemmy instance URL." },
 { label: "Username", value: "yourhandle", hint: "Your Lemmy username." },
 { label: "Password", value: "Your password", hint: "Your Lemmy account password." },
 ],
 steps: [
 { title: "Find your Lemmy instance", body: "You need the full URL of your Lemmy instance (e.g. <code>https://lemmy.world</code>, <code>https://lemmy.ml</code>). Find it at <a href=\"https://join-lemmy.org\" target=\"_blank\" rel=\"noopener\">join-lemmy.org</a>." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Lemmy." },
 { title: "Fill in credentials", body: "<strong>Instance:</strong> your instance URL<br><strong>Username:</strong> your account username<br><strong>Password:</strong> your account password." },
 { title: "Click Connect", body: "Postiz authenticates via Lemmy's API." },
 ],
 },
 {
 id: "warpcast",
 name: "Warpcast",
 emoji: "🟣",
 docsUrl: "https://docs.farcaster.xyz",
 postizUrl: postizIntegrations,
 fields: [
 { label: "FID", value: "12345", hint: "Your Farcaster user ID (numeric)." },
 { label: "Private Key", value: "0x...", hint: "Your Farcaster custody private key (hex, 0x-prefixed)." },
 ],
 steps: [
 { title: "Find your FID", body: "Your Farcaster ID (FID) is a numeric value. In Warpcast → Profile → the number in your profile URL, or use <a href=\"https://www.farcaster.xyz\" target=\"_blank\" rel=\"noopener\">farcaster.xyz</a> to look it up." },
 { title: "Export your private key", body: "In Warpcast → <strong>Settings → Advanced → Recovery phrase</strong>, or use a Farcaster tool to derive your custody private key. The key is in hex format (<code>0x...</code>)." },
 { title: "Open Postiz Integrations", body: "Click the button below → click <strong>Connect</strong> next to Warpcast." },
 { title: "Enter FID and private key", body: "Paste your FID and private key. Click Connect." },
 ],
 },
 ];
}
// Returns detailed per-platform OAuth setup guide data.
// publicUrl: "https://somratpro-huggingpost.hf.space" (no trailing slash)
function getOAuthPlatformDetails(publicUrl) {
 const cb = (provider) => `${publicUrl}/integrations/social/${provider}`;
 const e = process.env;
 return [
 {
 id: "linkedin",
 name: "LinkedIn",
 emoji: "💼",
 setupUrl: "https://www.linkedin.com/developers/apps/new",
 docsUrl:
 "https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow",
 callbackUrl: cb("linkedin"),
 envVars: [
 {
 name: "LINKEDIN_CLIENT_ID",
 desc: "Client ID",
 set: !!e.LINKEDIN_CLIENT_ID,
 },
 {
 name: "LINKEDIN_CLIENT_SECRET",
 desc: "Client Secret",
 set: !!e.LINKEDIN_CLIENT_SECRET,
 },
 ],
 steps: [
 {
 title: "Create a LinkedIn App",
 body: "Visit the developer portal. Create a new app; set <strong>App type = Web</strong>.",
 },
 {
 title: "Add OAuth redirect URL",
 body: "In the <strong>Auth</strong> tab → OAuth 2.0 settings, paste the callback URL below.",
 },
 {
 title: "Enable products",
 body: "Add <strong>Sign In with LinkedIn using OpenID Connect</strong> and <strong>Share on LinkedIn</strong> products.",
 },
 {
 title: "Copy credentials",
 body: "From the Auth tab, copy <strong>Client ID</strong> and <strong>Client Secret</strong>.",
 },
 {
 title: "Add to Space secrets",
 body: "Open your HF Space settings, add both env vars below, then restart the Space.",
 },
 ],
 },
 {
 id: "x",
 name: "X / Twitter",
 emoji: "🐦",
 setupUrl: "https://developer.twitter.com/en/portal/projects-and-apps",
 docsUrl:
 "https://developer.twitter.com/en/docs/authentication/oauth-1-0a",
 callbackUrl: cb("x"),
 envVars: [
 {
 name: "X_API_KEY",
 desc: "API Key (Consumer Key)",
 set: !!e.X_API_KEY,
 },
 {
 name: "X_API_SECRET",
 desc: "API Secret (Consumer Secret)",
 set: !!e.X_API_SECRET,
 },
 ],
 steps: [
 {
 title: "Create an X Developer App",
 body: 'Go to <a href="https://developer.twitter.com" target="_blank" rel="noopener">developer.twitter.com</a>. Apply for a developer account if needed. Create a new project + app.',
 },
 {
 title: "Configure User Authentication Settings",
 body: "On your app page → <strong>User authentication settings → Set up</strong>. Set ALL THREE of these, then click Save:<br><br><strong>1. App permissions:</strong> <strong>Read and write</strong> (default is Read-only — must change this)<br><strong>2. Type of App:</strong> <strong>Native App</strong> (Public client) — ⚠️ NOT Web App, Web App causes error code 32<br><strong>3. Callback URI:</strong> paste the Callback URL shown below. Website URL = your HF Space URL.<br><br>Save when done.",
 },
 {
 title: "Regenerate Consumer Keys (required after saving settings)",
 body: "Go to <strong>Keys &amp; Tokens</strong> tab → <strong>OAuth 1.0 Keys</strong> section → click <strong>Regenerate</strong> next to Consumer Key.<br><br><strong>⚠️ You must regenerate after changing User Auth Settings</strong> — existing keys don't pick up new permissions.<br><br>The Regenerate popup shows BOTH values together — copy them immediately:<br>• <strong>API Key</strong> = your <strong>X_API_KEY</strong><br>• <strong>API Key Secret</strong> = your <strong>X_API_SECRET</strong><br><br>⚠️ Do NOT use Bearer Token, Access Token/Secret, or OAuth 2.0 Client ID/Secret.",
 },
 {
 title: "Add to Space secrets and restart",
 body: "Add <strong>X_API_KEY</strong> and <strong>X_API_SECRET</strong> to HF Space → Settings → Variables &amp; Secrets. Then <strong>Restart the Space</strong> to load the new values.",
 },
 ],
 },
 {
 id: "facebook",
 name: "Facebook",
 emoji: "📘",
 setupUrl: "https://developers.facebook.com/apps/create/",
 docsUrl: "https://developers.facebook.com/docs/facebook-login/web",
 callbackUrl: cb("facebook"),
 envVars: [
 { name: "FACEBOOK_APP_ID", desc: "App ID", set: !!e.FACEBOOK_APP_ID },
 {
 name: "FACEBOOK_APP_SECRET",
 desc: "App Secret",
 set: !!e.FACEBOOK_APP_SECRET,
 },
 ],
 steps: [
 {
 title: "Create a Meta App",
 body: "Go to Meta for Developers. Create a new app with use case <strong>Authenticate and request data from users</strong>.",
 },
 {
 title: "Add Facebook Login product",
 body: "In the app dashboard, click <strong>Add Product</strong> → Facebook Login → Web.",
 },
 {
 title: "Add callback URL",
 body: "In Facebook Login settings → Valid OAuth Redirect URIs, paste the callback URL below.",
 },
 {
 title: "Request permissions",
 body: "Add <strong>pages_manage_posts</strong>, <strong>pages_read_engagement</strong>, <strong>publish_to_groups</strong> permissions.",
 },
 {
 title: "Copy credentials",
 body: "From <strong>App Settings → Basic</strong>, copy App ID and App Secret.",
 },
 {
 title: "Add to Space secrets",
 body: "Add both env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "instagram",
 name: "Instagram",
 emoji: "📸",
 setupUrl: "https://developers.facebook.com/apps/create/",
 docsUrl: "https://developers.facebook.com/docs/instagram-api",
 callbackUrl: cb("instagram"),
 envVars: [
 {
 name: "FACEBOOK_APP_ID",
 desc: "App ID (same as Facebook app)",
 set: !!e.FACEBOOK_APP_ID,
 },
 {
 name: "FACEBOOK_APP_SECRET",
 desc: "App Secret (same as Facebook app)",
 set: !!e.FACEBOOK_APP_SECRET,
 },
 ],
 steps: [
 {
 title: "Use the Facebook app",
 body: "Instagram uses the same Meta app as Facebook — configure Facebook first.",
 },
 {
 title: "Add Instagram Graph API product",
 body: "In your Meta app dashboard, click <strong>Add Product</strong> → Instagram Graph API.",
 },
 {
 title: "Connect an Instagram Business account",
 body: "Your Instagram account must be a <strong>Professional (Business or Creator)</strong> account linked to a Facebook Page.",
 },
 {
 title: "Add callback URL",
 body: "In Instagram Login settings → Valid OAuth Redirect URIs, paste the callback URL below.",
 },
 {
 title: "No extra env vars needed",
 body: "Instagram and Facebook share <code>FACEBOOK_APP_ID</code> and <code>FACEBOOK_APP_SECRET</code>.",
 },
 ],
 },
 {
 id: "threads",
 name: "Threads",
 emoji: "🧵",
 setupUrl: "https://developers.facebook.com/apps/create/",
 docsUrl: "https://developers.facebook.com/docs/threads",
 callbackUrl: cb("threads"),
 envVars: [
 { name: "THREADS_APP_ID", desc: "App ID", set: !!e.THREADS_APP_ID },
 {
 name: "THREADS_APP_SECRET",
 desc: "App Secret",
 set: !!e.THREADS_APP_SECRET,
 },
 ],
 steps: [
 {
 title: "Create a Meta App",
 body: "Create a Meta Developer app (separate from Facebook/Instagram if you prefer clean separation).",
 },
 {
 title: "Add Threads API product",
 body: "In the app dashboard, click <strong>Add Product</strong> → Threads API.",
 },
 {
 title: "Add callback URL",
 body: "In Threads API settings → Redirect URI, paste the callback URL below.",
 },
 {
 title: "Copy credentials",
 body: "From <strong>App Settings → Basic</strong>, copy App ID and App Secret.",
 },
 {
 title: "Add to Space secrets",
 body: "Add both env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "google",
 name: "Google Login",
 emoji: "🔵",
 setupUrl: "https://console.cloud.google.com/apis/credentials",
 docsUrl: "https://developers.google.com/identity/protocols/oauth2",
 callbackUrl: cb("google"),
 envVars: [
 {
 name: "GOOGLE_CLIENT_ID",
 desc: "OAuth 2.0 Client ID",
 set: !!(e.GOOGLE_CLIENT_ID || e.YOUTUBE_CLIENT_ID),
 },
 {
 name: "GOOGLE_CLIENT_SECRET",
 desc: "OAuth 2.0 Client Secret",
 set: !!(e.GOOGLE_CLIENT_SECRET || e.YOUTUBE_CLIENT_SECRET),
 },
 ],
 steps: [
 {
 title: "Create a Google Cloud project",
 body: 'Go to <a href="https://console.cloud.google.com" target="_blank" rel="noopener">console.cloud.google.com</a>. Create a new project (or use an existing one).',
 },
 {
 title: "Configure OAuth consent screen",
 body: "In <strong>APIs & Services → OAuth consent screen</strong>, set User Type to <strong>External</strong>. Fill app name, support email, developer email. Add scopes: <code>email</code>, <code>profile</code>, <code>openid</code>. Add your own Google account as a test user.",
 },
 {
 title: "Create OAuth 2.0 credentials",
 body: "In <strong>APIs & Services → Credentials</strong>, click <strong>Create Credentials → OAuth client ID</strong>. Set type to <strong>Web application</strong>. Name it <em>HuggingPost</em>.",
 },
 {
 title: "Add callback URLs",
 body: "Under <strong>Authorized redirect URIs</strong>, add the callback URL below. Also add the YouTube callback URL if you plan to connect YouTube — it is shown on the YouTube tab.",
 },
 {
 title: "Copy credentials",
 body: "Copy the <strong>Client ID</strong> and <strong>Client Secret</strong> shown in the dialog.",
 },
 {
 title: "Add to Space secrets",
 body: "Add <code>GOOGLE_CLIENT_ID</code> and <code>GOOGLE_CLIENT_SECRET</code> to HF Space → Settings → Variables &amp; Secrets. Restart the Space. <br><br><strong>💡 These same credentials also power YouTube channel connections</strong> — no separate YouTube OAuth app needed.",
 },
 ],
 },
 {
 id: "youtube",
 name: "YouTube",
 emoji: "▶️",
 setupUrl: "https://console.cloud.google.com/apis/credentials",
 docsUrl: "https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps",
 callbackUrl: cb("youtube"),
 envVars: [
 {
 name: "GOOGLE_CLIENT_ID",
 desc: "OAuth 2.0 Client ID (same as Google Login)",
 set: !!(e.GOOGLE_CLIENT_ID || e.YOUTUBE_CLIENT_ID),
 },
 {
 name: "GOOGLE_CLIENT_SECRET",
 desc: "OAuth 2.0 Client Secret (same as Google Login)",
 set: !!(e.GOOGLE_CLIENT_SECRET || e.YOUTUBE_CLIENT_SECRET),
 },
 ],
 steps: [
 {
 title: "Already set up Google Login?",
 body: "✅ <strong>Skip to Step 2.</strong> YouTube uses the same <code>GOOGLE_CLIENT_ID</code> and <code>GOOGLE_CLIENT_SECRET</code> — no new OAuth app needed. Just enable the YouTube API and add the callback URL.",
 },
 {
 title: "Enable YouTube Data API v3",
 body: "In <a href=\"https://console.cloud.google.com/apis/library\" target=\"_blank\" rel=\"noopener\">APIs & Services → Library</a>, search for <strong>YouTube Data API v3</strong> and click <strong>Enable</strong>.",
 },
 {
 title: "Add YouTube callback URL to your OAuth client",
 body: "In <strong>Credentials → your OAuth client → Edit</strong>, add the callback URL below to <strong>Authorized redirect URIs</strong>. Save.",
 },
 {
 title: "Add YouTube scopes to consent screen",
 body: "In <strong>OAuth consent screen → Edit App → Scopes</strong>, add <code>https://www.googleapis.com/auth/youtube.upload</code> and <code>https://www.googleapis.com/auth/youtube</code>.",
 },
 {
 title: "First time setup only: add GOOGLE_* secrets",
 body: "If you haven't done Google Login yet — add <code>GOOGLE_CLIENT_ID</code> and <code>GOOGLE_CLIENT_SECRET</code> to HF Space secrets and restart. If Google Login is already working, no new secrets needed.",
 },
 ],
 },
 {
 id: "tiktok",
 name: "TikTok",
 emoji: "🎵",
 setupUrl: "https://developers.tiktok.com/",
 docsUrl: "https://developers.tiktok.com/doc/login-kit-web",
 callbackUrl: cb("tiktok"),
 envVars: [
 {
 name: "TIKTOK_CLIENT_ID",
 desc: "Client Key",
 set: !!e.TIKTOK_CLIENT_ID,
 },
 {
 name: "TIKTOK_CLIENT_SECRET",
 desc: "Client Secret",
 set: !!e.TIKTOK_CLIENT_SECRET,
 },
 ],
 steps: [
 {
 title: "Apply for TikTok Developer access",
 body: "Sign in at developers.tiktok.com. Apply for developer access (may take 1-2 days).",
 },
 {
 title: "Create an app",
 body: "Create a new app. Set <strong>Platform: Web</strong>.",
 },
 {
 title: "Add Login Kit",
 body: "Add <strong>Login Kit</strong> product. This enables OAuth for your app.",
 },
 {
 title: "Add callback URL",
 body: "In Login Kit settings → Redirect domain, add your HF Space hostname. In redirect URI, paste the callback URL below.",
 },
 {
 title: "Request Content Posting API",
 body: "Add <strong>Content Posting API</strong> product for posting videos/photos.",
 },
 {
 title: "Copy credentials",
 body: "From app overview, copy <strong>Client Key</strong> (as CLIENT_ID) and <strong>Client Secret</strong>.",
 },
 {
 title: "Add to Space secrets",
 body: "Add both env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "reddit",
 name: "Reddit",
 emoji: "🤖",
 setupUrl: "https://www.reddit.com/prefs/apps",
 docsUrl: "https://github.com/reddit-archive/reddit/wiki/OAuth2",
 callbackUrl: cb("reddit"),
 envVars: [
 {
 name: "REDDIT_CLIENT_ID",
 desc: "Client ID (under app name)",
 set: !!e.REDDIT_CLIENT_ID,
 },
 {
 name: "REDDIT_CLIENT_SECRET",
 desc: "Secret",
 set: !!e.REDDIT_CLIENT_SECRET,
 },
 ],
 steps: [
 {
 title: "Go to Reddit App Preferences",
 body: "Visit reddit.com/prefs/apps while logged in.",
 },
 {
 title: "Create a new app",
 body: "Click <strong>create another app…</strong>. Set type to <strong>web app</strong>.",
 },
 {
 title: "Add callback URL",
 body: "In the <strong>redirect uri</strong> field, paste the callback URL below.",
 },
 {
 title: "Copy credentials",
 body: 'The Client ID is the string below the app name. Client Secret is labelled "secret".',
 },
 {
 title: "Add to Space secrets",
 body: "Add both env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "pinterest",
 name: "Pinterest",
 emoji: "📌",
 setupUrl: "https://developers.pinterest.com/apps/",
 docsUrl:
 "https://developers.pinterest.com/docs/getting-started/set-up-app/",
 callbackUrl: cb("pinterest"),
 envVars: [
 {
 name: "PINTEREST_CLIENT_ID",
 desc: "App ID",
 set: !!e.PINTEREST_CLIENT_ID,
 },
 {
 name: "PINTEREST_CLIENT_SECRET",
 desc: "App Secret",
 set: !!e.PINTEREST_CLIENT_SECRET,
 },
 ],
 steps: [
 {
 title: "Create a Pinterest App",
 body: "Go to Pinterest Developer Portal and create a new app.",
 },
 {
 title: "Add redirect URI",
 body: "In app settings, add the callback URL below as a redirect URI.",
 },
 {
 title: "Request scopes",
 body: "Request <strong>boards:read</strong>, <strong>pins:read</strong>, <strong>pins:write</strong> scopes.",
 },
 {
 title: "Copy credentials",
 body: "Copy App ID and App Secret from the app settings.",
 },
 {
 title: "Add to Space secrets",
 body: "Add both env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "discord",
 name: "Discord",
 emoji: "🎮",
 setupUrl: "https://discord.com/developers/applications",
 docsUrl: "https://discord.com/developers/docs/topics/oauth2",
 callbackUrl: cb("discord"),
 envVars: [
 {
 name: "DISCORD_CLIENT_ID",
 desc: "Application ID",
 set: !!e.DISCORD_CLIENT_ID,
 },
 {
 name: "DISCORD_CLIENT_SECRET",
 desc: "Client Secret",
 set: !!e.DISCORD_CLIENT_SECRET,
 },
 {
 name: "DISCORD_BOT_TOKEN_ID",
 desc: "Bot Token",
 set: !!e.DISCORD_BOT_TOKEN_ID,
 },
 ],
 steps: [
 {
 title: "Create a Discord Application",
 body: "Go to Discord Developer Portal → New Application.",
 },
 {
 title: "Add redirect URL",
 body: "In <strong>OAuth2 → Redirects</strong>, paste the callback URL below.",
 },
 {
 title: "Create a Bot",
 body: "In the <strong>Bot</strong> section, create a bot. Enable <strong>Message Content Intent</strong>.",
 },
 {
 title: "Copy credentials",
 body: "Copy Client ID and Client Secret from OAuth2 tab. Copy Bot Token from Bot tab.",
 },
 {
 title: "Add to Space secrets",
 body: "Add all three env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 {
 id: "slack",
 name: "Slack",
 emoji: "💬",
 setupUrl: "https://api.slack.com/apps?new_app=1",
 docsUrl: "https://api.slack.com/authentication/oauth-v2",
 callbackUrl: cb("slack"),
 envVars: [
 { name: "SLACK_ID", desc: "Client ID", set: !!e.SLACK_ID },
 { name: "SLACK_SECRET", desc: "Client Secret", set: !!e.SLACK_SECRET },
 {
 name: "SLACK_SIGNING_SECRET",
 desc: "Signing Secret",
 set: !!e.SLACK_SIGNING_SECRET,
 },
 ],
 steps: [
 {
 title: "Create a Slack App",
 body: "Go to api.slack.com/apps → Create New App → From scratch.",
 },
 {
 title: "Add OAuth redirect URL",
 body: "In <strong>OAuth & Permissions → Redirect URLs</strong>, paste the callback URL below.",
 },
 {
 title: "Add Bot Token Scopes",
 body: "Under Bot Token Scopes, add: <code>channels:join</code>, <code>chat:write</code>, <code>channels:read</code>, <code>groups:read</code>.",
 },
 {
 title: "Install to workspace",
 body: "Click <strong>Install to Workspace</strong> to generate tokens.",
 },
 {
 title: "Copy credentials",
 body: "From <strong>Basic Information</strong>: App Credentials has Client ID, Client Secret, Signing Secret.",
 },
 {
 title: "Add to Space secrets",
 body: "Add all three env vars below to your HF Space settings, then restart.",
 },
 ],
 },
 ];
}
function renderSetupPage() {
 const spaceHost = process.env.SPACE_HOST || null;
 const spaceId = process.env.SPACE_ID || null;
 const publicUrl = spaceHost
 ? `https://${spaceHost}`
 : "http://localhost:7860";
 const postizUrl = publicUrl + "/app";
 const settingsUrl = spaceId
 ? `https://huggingface.co/spaces/${spaceId}/settings`
 : "https://huggingface.co/settings/spaces";
const platforms = getOAuthPlatformDetails(publicUrl);
 const directPlatforms = getDirectPlatformDetails(postizUrl);
 const configuredCount = platforms.filter((p) =>
 p.envVars.every((v) => v.set),
 ).length;
 const totalPanels = platforms.length + directPlatforms.length;
// ── Build sidebar ────────────────────────────────────────────────────────────
 const oauthSidebarItems = platforms.map((p, i) => {
 const allSet = p.envVars.every((v) => v.set);
 const anySet = p.envVars.some((v) => v.set);
 const dot = allSet
 ? `<span class="dot dot-ok"></span>`
 : anySet
 ? `<span class="dot dot-warn"></span>`
 : `<span class="dot dot-off"></span>`;
 return `<button class="plat-tab${i === 0 ? " active" : ""}" onclick="show(${i})" id="tab-${i}">
 <span class="tab-emoji">${p.emoji}</span>
 <span class="tab-name">${p.name}</span>
 ${dot}
 </button>`;
 }).join("");
const directSidebarItems = directPlatforms.map((p, i) => {
 const idx = platforms.length + i;
 return `<button class="plat-tab" onclick="show(${idx})" id="tab-${idx}">
 <span class="tab-emoji">${p.emoji}</span>
 <span class="tab-name">${p.name}</span>
 <span class="dot dot-ok"></span>
 </button>`;
 }).join("");
// ── Build OAuth panels ───────────────────────────────────────────────────────
 const oauthPanels = platforms.map((p, i) => {
 const allSet = p.envVars.every((v) => v.set);
 const anySet = p.envVars.some((v) => v.set);
const stepsList = p.steps.map((s, si) =>
 `<div class="step">
 <div class="step-num">${si + 1}</div>
 <div>
 <div class="step-title">${s.title}</div>
 <div class="step-body">${s.body}</div>
 </div>
 </div>`
 ).join("");
const envRows = p.envVars.map((v) =>
 `<div class="env-row">
 <div class="env-info">
 <code class="env-name">${v.name}</code>
 <span class="env-desc">${v.desc}</span>
 </div>
 <div class="env-actions">
 ${v.set
 ? `<span class="badge ok">SET</span>`
 : `<span class="badge off">NOT SET</span>`}
 <button class="btn-copy" onclick="copy('${v.name}',this)">Copy name</button>
 </div>
 </div>`
 ).join("");
const banner = allSet
 ? `<div class="banner banner-ok">All credentials configured — restart Space if you just added them.</div>`
 : anySet
 ? `<div class="banner banner-warn">Partially configured — add the missing env vars below.</div>`
 : `<div class="banner banner-info">Not yet configured — follow the steps below.</div>`;
return `<div class="panel${i === 0 ? " active" : ""}" id="panel-${i}">
 <div class="panel-head">
 <span class="panel-emoji">${p.emoji}</span>
 <div>
 <div class="panel-title">${p.name}</div>
 <div class="panel-links">
 <a href="${p.setupUrl}" target="_blank" rel="noopener">Open Developer Portal →</a>
 ${p.docsUrl ? `<a href="${p.docsUrl}" target="_blank" rel="noopener">Official Docs →</a>` : ""}
 </div>
 </div>
 </div>
 ${banner}
 <div class="section-label">Setup Steps</div>
 <div class="steps-list">${stepsList}</div>
 <div class="section-label">Callback URL
 <span class="section-hint">Paste this in the developer portal when asked for "Redirect URI" or "Callback URL"</span>
 </div>
 <div class="copy-block">
 <span class="copy-block-text">${p.callbackUrl}</span>
 <button class="btn-copy btn-copy-white" onclick="copy('${p.callbackUrl}',this)">Copy</button>
 </div>
 <div class="section-label">Space Secrets to Add
 <span class="section-hint">HF Space → Settings → Variables &amp; Secrets</span>
 </div>
 <div class="env-list">${envRows}</div>
 <a href="${settingsUrl}" target="_blank" rel="noopener" class="cta-btn">
 Open Space Settings → Variables &amp; Secrets
 </a>
 <p class="hint-final">After adding all secrets, click <strong>Restart Space</strong> for them to take effect.</p>
 </div>`;
 }).join("");
// ── Build direct-connect panels ──────────────────────────────────────────────
 const directPanels = directPlatforms.map((p, i) => {
 const idx = platforms.length + i;
const stepsList = p.steps.map((s, si) =>
 `<div class="step">
 <div class="step-num">${si + 1}</div>
 <div>
 <div class="step-title">${s.title}</div>
 <div class="step-body">${s.body}</div>
 </div>
 </div>`
 ).join("");
const fieldRows = (p.fields || []).map((f) =>
 `<div class="env-row">
 <div class="env-info">
 <code class="env-name">${f.label}</code>
 <span class="env-desc">${f.hint}</span>
 </div>
 <div class="env-actions">
 <span class="badge ok">READY</span>
 </div>
 </div>`
 ).join("");
return `<div class="panel" id="panel-${idx}">
 <div class="panel-head">
 <span class="panel-emoji">${p.emoji}</span>
 <div>
 <div class="panel-title">${p.name}</div>
 <div class="panel-links">
 ${p.docsUrl ? `<a href="${p.docsUrl}" target="_blank" rel="noopener">Official Docs →</a>` : ""}
 </div>
 </div>
 </div>
 <div class="banner banner-ok">No developer portal needed — connects directly inside Postiz.</div>
 <div class="section-label">Setup Steps</div>
 <div class="steps-list">${stepsList}</div>
 ${fieldRows ? `<div class="section-label">Fields Required in Postiz</div>
 <div class="env-list">${fieldRows}</div>` : ""}
 <a href="${p.postizUrl}" target="_blank" rel="noopener" class="cta-btn">
 Open Postiz Integrations →
 </a>
 <p class="hint-final">Click <strong>Connect</strong> next to ${p.name} in Postiz, fill in the credentials above.</p>
 </div>`;
 }).join("");
const allPlatformIds = [
 ...platforms.map((p) => p.id),
 ...directPlatforms.map((p) => p.id),
 ];
return `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Platform Setup — HuggingPost</title>
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
:root {
 color-scheme: dark;
 --bg: #08080f;
 --panel: #12111b;
 --panel2: #151421;
 --line: #26243a;
 --text: #f6f4ff;
 --muted: #7f7a9e;
 --soft: #b8b3d7;
 --good: #22c55e;
 --warn: #f5c542;
 --bad: #fb7185;
 --accent: #3b82f6;
}
body {
 font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
 background: var(--bg);
 color: var(--text);
 font-size: 13px;
 height: 100dvh;
 display: flex;
 flex-direction: column;
 overflow: hidden;
}
/* ── Top bar ─────────────────────────────────────────── */
.topbar {
 display: flex;
 align-items: center;
 gap: 16px;
 padding: 0 20px;
 height: 48px;
 border-bottom: 1px solid var(--line);
 background: var(--panel);
 flex-shrink: 0;
}
.topbar-back {
 color: var(--muted);
 text-decoration: none;
 font-size: .78rem;
 font-weight: 700;
 letter-spacing: .04em;
 display: flex;
 align-items: center;
 gap: 6px;
 transition: color .15s;
}
.topbar-back:hover { color: var(--text); }
.topbar-title {
 font-size: .78rem;
 font-weight: 850;
 letter-spacing: .12em;
 text-transform: uppercase;
 color: var(--soft);
}
.topbar-count {
 margin-left: auto;
 font-size: .72rem;
 font-weight: 850;
 color: var(--muted);
 letter-spacing: .08em;
 text-transform: uppercase;
 border: 1px solid var(--line);
 border-radius: 999px;
 padding: 3px 10px;
}
/* ── Layout ──────────────────────────────────────────── */
.layout { display: flex; flex: 1; overflow: hidden; }
/* ── Sidebar ─────────────────────────────────────────── */
.sidebar {
 width: 210px;
 flex-shrink: 0;
 background: var(--panel);
 border-right: 1px solid var(--line);
 overflow-y: auto;
 padding: 10px 8px;
 display: flex;
 flex-direction: column;
 gap: 2px;
}
.sidebar-label {
 font-size: .62rem;
 font-weight: 850;
 letter-spacing: .14em;
 text-transform: uppercase;
 color: var(--muted);
 padding: 6px 10px 10px;
}
.sidebar-divider {
 height: 1px;
 background: var(--line);
 margin: 6px 4px 8px;
}
.plat-tab {
 width: 100%;
 background: none;
 border: 1px solid transparent;
 color: var(--soft);
 font: inherit;
 font-size: .82rem;
 font-weight: 600;
 display: flex;
 align-items: center;
 gap: 9px;
 padding: 8px 10px;
 border-radius: 8px;
 cursor: pointer;
 text-align: left;
 transition: background .12s, color .12s;
}
.plat-tab:hover { background: var(--panel2); color: var(--text); }
.plat-tab.active {
 background: var(--panel2);
 color: var(--text);
 border-color: var(--line);
}
.tab-emoji { font-size: .95rem; width: 20px; text-align: center; flex-shrink: 0; }
.tab-name { flex: 1; }
.dot { width: 7px; height: 7px; border-radius: 50%; flex-shrink: 0; }
.dot-ok { background: var(--good); }
.dot-warn { background: var(--warn); }
.dot-off { background: var(--line); }
/* ── Main panel ──────────────────────────────────────── */
.main { flex: 1; overflow-y: auto; padding: 28px 32px; max-width: 780px; }
.panel { display: none; animation: fadein .18s ease; }
.panel.active { display: block; }
@keyframes fadein { from { opacity:0; transform:translateY(6px); } to { opacity:1; transform:none; } }
.panel-head {
 display: flex;
 align-items: flex-start;
 gap: 14px;
 margin-bottom: 18px;
}
.panel-emoji { font-size: 2.2rem; flex-shrink: 0; line-height: 1; }
.panel-title { font-size: 1.4rem; font-weight: 850; margin-bottom: 6px; }
.panel-links { display: flex; gap: 14px; flex-wrap: wrap; }
.panel-links a {
 color: var(--accent);
 font-size: .76rem;
 font-weight: 700;
 text-decoration: none;
 letter-spacing: .02em;
}
.panel-links a:hover { text-decoration: underline; }
/* Banner */
.banner {
 padding: 10px 14px;
 border-radius: 8px;
 font-size: .8rem;
 font-weight: 600;
 margin-bottom: 20px;
 border: 1px solid transparent;
}
.banner-ok { background: rgba(34,197,94,.08); border-color: rgba(34,197,94,.22); color: #86efac; }
.banner-warn { background: rgba(245,197,66,.08); border-color: rgba(245,197,66,.22); color: #fde68a; }
.banner-info { background: rgba(59,130,246,.08); border-color: rgba(59,130,246,.22); color: #93c5fd; }
/* Section labels */
.section-label {
 font-size: .62rem;
 font-weight: 850;
 letter-spacing: .14em;
 text-transform: uppercase;
 color: var(--muted);
 margin: 22px 0 10px;
 display: flex;
 align-items: baseline;
 gap: 10px;
}
.section-hint {
 font-size: .7rem;
 font-weight: 500;
 letter-spacing: 0;
 text-transform: none;
 color: var(--muted);
 opacity: .7;
}
/* Steps */
.steps-list { display: flex; flex-direction: column; gap: 4px; }
.step {
 display: flex;
 gap: 12px;
 padding: 11px 14px;
 border-radius: 8px;
 background: var(--panel);
 border: 1px solid var(--line);
}
.step-num {
 width: 22px;
 height: 22px;
 border-radius: 50%;
 background: var(--accent);
 color: #fff;
 font-size: .68rem;
 font-weight: 850;
 display: flex;
 align-items: center;
 justify-content: center;
 flex-shrink: 0;
 margin-top: 1px;
}
.step-title { font-size: .82rem; font-weight: 800; margin-bottom: 3px; color: var(--text); }
.step-body { font-size: .78rem; color: var(--soft); line-height: 1.6; }
.step-body strong { color: var(--text); font-weight: 800; }
.step-body em { color: var(--soft); font-style: italic; }
.step-body code {
 background: var(--panel2);
 border: 1px solid var(--line);
 padding: 1px 5px;
 border-radius: 4px;
 font-size: .85em;
 color: var(--text);
}
.step-body a { color: var(--accent); text-decoration: none; }
.step-body a:hover { text-decoration: underline; }
/* Callback copy block */
.copy-block {
 display: flex;
 align-items: center;
 gap: 10px;
 background: var(--panel2);
 border: 1px solid var(--line);
 border-radius: 8px;
 padding: 11px 14px;
}
.copy-block-text {
 flex: 1;
 font-family: ui-monospace, "Cascadia Code", "Source Code Pro", Menlo, monospace;
 font-size: .78rem;
 color: var(--accent);
 word-break: break-all;
 opacity: .9;
}
/* Env var / field rows */
.env-list { display: flex; flex-direction: column; gap: 5px; }
.env-row {
 display: flex;
 align-items: center;
 gap: 10px;
 padding: 10px 14px;
 background: var(--panel);
 border: 1px solid var(--line);
 border-radius: 8px;
}
.env-info { flex: 1; display: flex; flex-direction: column; gap: 3px; }
.env-name {
 font-family: ui-monospace, "Cascadia Code", monospace;
 font-size: .78rem;
 color: var(--accent);
 background: rgba(59,130,246,.1);
 border: 1px solid rgba(59,130,246,.2);
 padding: 2px 7px;
 border-radius: 5px;
 width: fit-content;
}
.env-desc { font-size: .72rem; color: var(--muted); }
.env-actions { display: flex; align-items: center; gap: 8px; flex-shrink: 0; }
/* Badges */
.badge {
 display: inline-flex;
 align-items: center;
 border: 1px solid var(--line);
 border-radius: 999px;
 padding: 2px 8px;
 font-size: .66rem;
 font-weight: 850;
 letter-spacing: .06em;
 text-transform: uppercase;
 white-space: nowrap;
}
.badge.ok { color: var(--good); border-color: rgba(34,197,94,.3); background: rgba(34,197,94,.1); }
.badge.off { color: var(--bad); border-color: rgba(251,113,133,.3); background: rgba(251,113,133,.1); }
/* Buttons — secondary (small copy buttons) */
.btn-copy {
 background: var(--panel2);
 border: 1px solid var(--line);
 color: var(--soft);
 font: inherit;
 font-size: .72rem;
 font-weight: 700;
 padding: 5px 10px;
 border-radius: 6px;
 cursor: pointer;
 transition: background .12s, color .12s;
 flex-shrink: 0;
 white-space: nowrap;
}
.btn-copy:hover { background: var(--line); color: var(--text); }
.btn-copy.copied { background: rgba(34,197,94,.12); border-color: rgba(34,197,94,.3); color: var(--good); }
/* White copy button (accent copy block) */
.btn-copy-white {
 background: #ffffff;
 border: 1px solid #ffffff;
 color: #0d0c1a;
 font: inherit;
 font-size: .76rem;
 font-weight: 800;
 padding: 6px 14px;
 border-radius: 6px;
 cursor: pointer;
 transition: background .12s;
 flex-shrink: 0;
 white-space: nowrap;
}
.btn-copy-white:hover { background: #e8e8f0; border-color: #e8e8f0; }
.btn-copy-white.copied { background: rgba(34,197,94,.15); border-color: rgba(34,197,94,.4); color: var(--good); }
/* Primary CTA button — white with dark text */
.cta-btn {
 display: inline-flex;
 align-items: center;
 margin-top: 18px;
 background: #ffffff;
 color: #0d0c1a;
 text-decoration: none;
 padding: 10px 22px;
 border-radius: 8px;
 font-size: .82rem;
 font-weight: 850;
 border: none;
 transition: background .15s;
 letter-spacing: .01em;
}
.cta-btn:hover { background: #e8e8f0; }
.hint-final {
 margin-top: 10px;
 font-size: .74rem;
 color: var(--muted);
 line-height: 1.5;
 padding-bottom: 32px;
}
.hint-final strong { color: var(--soft); }
/* Mobile */
@media (max-width: 680px) {
 body { overflow: auto; height: auto; }
 .layout { flex-direction: column; overflow: visible; }
 .sidebar {
 width: 100%;
 border-right: none;
 border-bottom: 1px solid var(--line);
 flex-direction: row;
 flex-wrap: wrap;
 overflow-x: auto;
 padding: 8px;
 gap: 4px;
 }
 .sidebar-label { display: none; }
 .sidebar-divider { display: none; }
 .plat-tab { width: auto; flex: 0 0 auto; }
 .tab-name { display: none; }
 .main { padding: 16px; }
}
</style>
</head>
<body>
<div class="topbar">
 <a class="topbar-back" href="/">← Dashboard</a>
 <span class="topbar-title">Platform Setup Guide</span>
 <span class="topbar-count">${configuredCount} / ${platforms.length} OAuth configured</span>
</div>
<div class="layout">
 <nav class="sidebar">
 <div class="sidebar-label">OAuth Platforms</div>
 ${oauthSidebarItems}
 <div class="sidebar-divider"></div>
 <div class="sidebar-label">Direct Connect</div>
 ${directSidebarItems}
 </nav>
 <main class="main">
 ${oauthPanels}
 ${directPanels}
 </main>
</div>
<script>
const PLATFORM_IDS = ${JSON.stringify(allPlatformIds)};
function show(i) {
 document.querySelectorAll('.plat-tab').forEach((t,j)=>t.classList.toggle('active',j===i));
 document.querySelectorAll('.panel').forEach((p,j)=>p.classList.toggle('active',j===i));
 if(PLATFORM_IDS[i]) history.replaceState(null,'','#'+PLATFORM_IDS[i]);
}
function copy(text,btn) {
 const finish = () => {
 const orig = btn.textContent;
 btn.textContent = 'Copied!';
 btn.classList.add('copied');
 setTimeout(()=>{ btn.textContent=orig; btn.classList.remove('copied'); },1800);
 };
 if(navigator.clipboard) { navigator.clipboard.writeText(text).then(finish).catch(fallback); }
 else fallback();
 function fallback() {
 const ta=document.createElement('textarea');
 ta.value=text; ta.style.cssText='position:fixed;opacity:0';
 document.body.appendChild(ta); ta.select();
 try{document.execCommand('copy');}catch{}
 document.body.removeChild(ta); finish();
 }
}
(function(){
 const hash=location.hash.replace('#','').toLowerCase();
 if(hash){const idx=PLATFORM_IDS.indexOf(hash);if(idx!==-1)show(idx);}
})();
</script>
</body>
</html>`;
}
// ============================================================================
// URL helpers
// ============================================================================
function parseRequestUrl(url) {
 try {
 return new URL(url, "http://localhost");
 } catch {
 return new URL("http://localhost/");
 }
}
function isLocalRoute(pathname) {
 return (
 pathname === "/health" ||
 pathname === "/status" ||
 pathname === "/" ||
 pathname === "" ||
 pathname === "/setup" ||
 pathname === "/setup/"
 );
}
// ============================================================================
// UptimeRobot helpers
// ============================================================================
function getKeepaliveStatus() {
 try {
 if (fs.existsSync(CLOUDFLARE_KEEPALIVE_STATUS_FILE)) {
 return JSON.parse(
 fs.readFileSync(CLOUDFLARE_KEEPALIVE_STATUS_FILE, "utf8"),
 );
 }
 } catch {}
 return null;
}
function escapeHtml(value) {
 return String(value)
 .replace(/&/g, "&amp;")
 .replace(/</g, "&lt;")
 .replace(/>/g, "&gt;")
 .replace(/"/g, "&quot;");
}
function toneBadge(label, tone = "neutral") {
 return `<span class="badge ${tone}">${escapeHtml(label)}</span>`;
}
function renderTile({
 title,
 value,
 detail = "",
 tone = "neutral",
 meta = "",
}) {
 return `<article class="tile ${tone}">
 <div class="tile-head">
 <span class="tile-title">${escapeHtml(title)}</span>
 <span class="tile-dot"></span>
 </div>
 <div class="tile-value">${value}</div>
 ${detail ? `<div class="tile-detail">${detail}</div>` : ""}
 ${meta ? `<div class="tile-meta">${meta}</div>` : ""}
 </article>`;
}
// ============================================================================
// Status helpers
// ============================================================================
function readSyncStatus() {
 try {
 if (fs.existsSync("/tmp/sync-status.json")) {
 return JSON.parse(fs.readFileSync("/tmp/sync-status.json", "utf8"));
 }
 } catch {}
 if (HF_BACKUP_ENABLED) {
 return {
 db_status: "unknown",
 last_sync_time: null,
 last_error: null,
 sync_count: 0,
 status: "configured",
 message: `Backup enabled. Waiting for first sync (every ${SYNC_INTERVAL}s).`,
 };
 }
 return {
 db_status: "unknown",
 last_sync_time: null,
 last_error: null,
 sync_count: 0,
 };
}
function checkPostizHealth() {
 return new Promise((resolve) => {
 const timeout = setTimeout(
 () => resolve({ status: "unreachable", reason: "timeout" }),
 5000,
 );
 http
 .get(`http://${POSTIZ_HOST}:${POSTIZ_PORT}/`, (res) => {
 clearTimeout(timeout);
 resolve({
 status: res.statusCode < 500 ? "running" : "error",
 statusCode: res.statusCode,
 });
 res.resume();
 })
 .on("error", (err) => {
 clearTimeout(timeout);
 resolve({ status: "unreachable", reason: err.message });
 });
 });
}
function formatUptime(seconds) {
 const h = Math.floor(seconds / 3600);
 const m = Math.floor((seconds % 3600) / 60);
 return `${h}h ${m}m`;
}
// ============================================================================
// Dashboard HTML
// ============================================================================
function renderDashboard(data) {
 const syncStatus = String(data.sync?.status || "unknown");
 const syncTone = ["success", "restored", "synced", "configured"].includes(
 syncStatus,
 )
 ? "ok"
 : syncStatus === "disabled"
 ? "warn"
 : "neutral";
 const backupDetail = data.sync?.message
 ? escapeHtml(data.sync.message)
 : "No status yet";
const keepaliveConfigured = data.keepalive?.configured === true;
 const keepaliveStatus = String(
 data.keepalive?.status ||
 (process.env.CLOUDFLARE_WORKERS_TOKEN ? "pending" : "not configured"),
 );
 const keepAliveTone = keepaliveConfigured
 ? "ok"
 : process.env.CLOUDFLARE_WORKERS_TOKEN
 ? "warn"
 : "neutral";
 const keepAliveDetail = keepaliveConfigured
 ? `Pinging <code>${escapeHtml(data.keepalive.targetUrl || "/health")}</code>`
 : keepaliveStatus === "error" && data.keepalive?.message
 ? escapeHtml(data.keepalive.message)
 : process.env.CLOUDFLARE_WORKERS_TOKEN
 ? "Worker pending or failed"
 : "Not configured";
const platforms = getSocialPlatforms();
 const readyNow = platforms.filter((p) => p.noOAuth);
 const needsSetup = platforms.filter((p) => !p.noOAuth);
 const configuredCount = needsSetup.filter((p) => p.ready).length;
const needsSetupRows = needsSetup
 .map((p) => {
 if (p.ready) {
 return `<div class="plat-row ready">
 <span class="plat-icon">${p.emoji}</span>
 <span class="plat-name">${p.name}</span>
 <span class="badge ok" style="font-size:0.72rem">Configured</span>
 </div>`;
 }
 return `<div class="plat-row">
 <span class="plat-icon" style="filter:grayscale(1);opacity:.5">${p.emoji}</span>
 <span class="plat-name" style="color:var(--dim)">${p.name}</span>
 <a class="setup-link" href="/setup#${p.id}" style="margin-right:4px">Setup guide →</a>
 </div>`;
 })
 .join("");
const readyNowRows = readyNow
 .map(
 (p) => `
 <div class="plat-row ready">
 <span class="plat-icon">${p.emoji}</span>
 <span class="plat-name">${p.name}</span>
 <span style="font-size:0.75rem;color:var(--dim)">${p.note || ""}</span>
 </div>`,
 )
 .join("");
const tiles = [
 renderTile({
 title: "Postiz Core",
 value: toneBadge(
 data.postizRunning ? "Online" : "Booting",
 data.postizRunning ? "ok" : "warn",
 ),
 detail: `Backend Port ${POSTIZ_PORT}`,
 tone: data.postizRunning ? "ok" : "warn",
 }),
 renderTile({
 title: "Uptime",
 value: escapeHtml(data.uptimeHuman),
 detail: `Exposed on port ${PORT}`,
 tone: "neutral",
 }),
 renderTile({
 title: "Backup",
 value: toneBadge(syncStatus.toUpperCase(), syncTone),
 detail: backupDetail,
 tone: syncTone,
 meta: data.sync?.timestamp
 ? `<span class="local-time" data-iso="${data.sync.timestamp}"></span>`
 : "",
 }),
 renderTile({
 title: "Keep Awake",
 value: toneBadge(
 keepaliveConfigured ? "CF Cron" : keepaliveStatus.toUpperCase(),
 keepAliveTone,
 ),
 detail: keepAliveDetail,
 tone: keepAliveTone,
 }),
 ].join("");
return `<!doctype html>
<html lang="en">
<head>
 <meta charset="utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>HuggingPost</title>
 <style>
 :root { color-scheme: dark; --bg:#08080f; --panel:#12111b; --panel2:#151421; --line:#26243a; --text:#f6f4ff; --muted:#7f7a9e; --soft:#b8b3d7; --good:#22c55e; --warn:#f5c542; --bad:#fb7185; --accent:#3b82f6; --accent2:#8b5cf6; --dim:#94a3b8; }
 * { box-sizing:border-box; }
 body { margin:0; min-height:100vh; font-family:Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; background:var(--bg); color:var(--text); font-size:13px; }
 main { width:min(720px, calc(100% - 32px)); margin:0 auto; padding:36px 0 44px; }
 header { text-align:center; margin-bottom:22px; }
 h1 { margin:0; font-size:1.65rem; line-height:1; letter-spacing:0; }
 .subtitle { margin-top:12px; color:var(--muted); font-size:.72rem; text-transform:uppercase; letter-spacing:.14em; font-weight:800; }
.hero-action { display:flex; width:100%; min-height:46px; align-items:center; justify-content:center; border-radius:8px; background:linear-gradient(135deg, var(--accent), var(--accent2)); color:#ffffff; text-decoration:none; font-weight:850; font-size:.98rem; margin:24px 0 20px; transition: opacity 0.15s ease; }
 .hero-action:hover { opacity: 0.9; }
 .hero-action.booting { background:var(--panel2); color:var(--muted); cursor:wait; border:1px solid var(--line); }
 .overview { display:grid; grid-template-columns:repeat(2, minmax(0, 1fr)); gap:10px; margin-bottom:24px; }
 .tile { border:1px solid var(--line); background:var(--panel); border-radius:11px; padding:18px; min-height:124px; display:flex; flex-direction:column; gap:10px; position:relative; }
 .tile.ok { border-color:rgba(34,197,94,.22); }
 .tile.warn { border-color:rgba(245,197,66,.24); }
 .tile.off { border-color:rgba(251,113,133,.28); }
 .tile-head { display:flex; align-items:center; justify-content:space-between; gap:12px; }
 .tile-title { color:var(--muted); font-size:.67rem; letter-spacing:.18em; text-transform:uppercase; font-weight:850; }
 .tile-dot { width:7px; height:7px; border-radius:50%; background:var(--line); }
 .tile.ok .tile-dot { background:var(--good); }
 .tile.warn .tile-dot { background:var(--warn); }
 .tile.off .tile-dot { background:var(--bad); }
 .tile-value { font-size:1.12rem; font-weight:850; overflow-wrap:anywhere; }
 .tile-detail { color:var(--soft); line-height:1.45; font-size:.83rem; }
 .tile-meta { color:var(--muted); line-height:1.4; font-size:.75rem; margin-top:auto; overflow-wrap:anywhere; }
 .card { background:var(--panel); border:1px solid var(--line); border-radius:11px; padding:20px; margin-bottom:12px; }
 .card h2 { font-size:.7rem; text-transform:uppercase; color:var(--muted); letter-spacing:.1em; margin:0 0 16px; }
 .steps { list-style:none; padding:0; margin:0; }
 .steps li { display:flex; gap:12px; padding:12px 0; border-top:1px solid var(--line); }
 .steps li:first-child { border-top:none; padding-top:0; }
 .steps li::before { content: counter(step-counter); counter-increment: step-counter; width:22px; height:22px; border-radius:50%; background:var(--panel2); border:1px solid var(--line); color:var(--text); font-size:10px; font-weight:800; display:flex; align-items:center; justify-content:center; flex-shrink:0; }
 .steps { counter-reset: step-counter; }
 .s-title { font-weight:800; margin-bottom:4px; font-size:14px; }
 .s-note { color:var(--muted); line-height:1.5; font-size:12px; }
 .plat-row { display:flex; align-items:center; gap:10px; padding:10px 0; border-top:1px solid var(--line); font-size:13px; }
 .plat-row:first-child { border-top:none; }
 .plat-icon { font-size:16px; width:22px; text-align:center; flex-shrink:0; }
 .plat-name { flex:1; font-weight:700; }
 .setup-link { color:var(--accent2); font-size:11px; text-decoration:none; font-weight:800; }
 .setup-link:hover { text-decoration:underline; }
 .badge { display:inline-flex; align-items:center; width:max-content; border:1px solid var(--line); border-radius:999px; padding:5px 10px; font-size:.72rem; font-weight:850; line-height:1; text-transform:uppercase; }
 .badge.ok { color:var(--good); border-color:rgba(34,197,94,.34); background:rgba(34,197,94,.11); }
 .badge.warn { color:var(--warn); border-color:rgba(245,197,66,.34); background:rgba(245,197,66,.11); }
 .badge.off { color:var(--bad); border-color:rgba(251,113,133,.34); background:rgba(251,113,133,.11); }
 .badge.neutral { color:var(--soft); }
 code { background:var(--panel2); border:1px solid var(--line); border-radius:6px; padding:2px 6px; color:var(--text); font-size:.9em; }
 footer { color:var(--muted); text-align:center; font-size:.74rem; margin-top:18px; }
 footer .live { color:var(--good); }
 @media (max-width: 700px) { .overview { grid-template-columns:1fr; } main { width:min(100% - 22px, 720px); padding-top:28px; } }
 </style>
</head>
<body>
 <main>
 <header>
 <h1>📝 HuggingPost</h1>
 <div class="subtitle">Self-hosted Postiz Dashboard</div>
 </header>
 ${
 data.postizRunning
 ? `<a href="/app/auth" class="hero-action" target="_blank" rel="noopener">Open Postiz -></a>`
 : `<a href="#" class="hero-action booting" onclick="return false">Postiz is starting up (first boot ~5 min)...</a>`
 }
 <section class="overview">
 ${tiles}
 </section>
 <div class="card">
 <h2>🚀 Getting Started</h2>
 <ol class="steps">
 <li>
 <div>
 <div class="s-title">Create your account</div>
 <div class="s-note">Click <strong>Open Postiz</strong> above. The first signup becomes the admin account.</div>
 </div>
 </li>
 <li>
 <div>
 <div class="s-title">Connect direct channels</div>
 <div class="s-note">Bluesky, Mastodon, Telegram, Dev.to, and Hashnode connect with just your credentials.</div>
 </div>
 </li>
 <li>
 <div>
 <div class="s-title">Enable OAuth platforms</div>
 <div class="s-note">LinkedIn, X, YouTube... require API keys. Use the <a href="/setup" class="setup-link">Setup Guide -></a> for instructions.</div>
 </div>
 </li>
 </ol>
 </div>
 <div class="card">
 <h2>✅ Works immediately (${readyNow.length} platforms)</h2>
 <div class="plat-list">
 ${readyNowRows}
 </div>
 </div>
 <div class="card">
 <h2>🔑 Needs API keys (${configuredCount}/${needsSetup.length} configured)</h2>
 <div class="plat-list">
 ${needsSetupRows}
 </div>
 <div style="margin-top:16px">
 <a href="/setup" class="hero-action" style="background:var(--panel2); border:1px solid var(--line); margin:0;">📖 View Full Setup Guide</a>
 </div>
 </div>
 <footer>Built by <a href="https://github.com/somratpro" target="_blank" rel="noopener noreferrer" style="color: var(--accent); text-decoration: none;">@somratpro</a></footer>
 </main>
 <script>
 async function refresh() {
 try {
 const d = await fetch('/status').then(r => r.json());
 if (d.postizRunning && document.querySelector('.hero-action.booting')) {
 location.reload();
 }
 } catch(e) {}
 }
 setInterval(refresh, 15000);
 document.querySelectorAll('.local-time').forEach(el => {
 const date = new Date(el.getAttribute('data-iso'));
 if (!isNaN(date)) {
 el.textContent = 'At ' + date.toLocaleTimeString();
 }
 });
 </script>
</body>
</html>`;
}
// ============================================================================
// Reverse proxy
// ============================================================================
function buildProxyHeaders(headers) {
 const f = headers["x-forwarded-for"];
 const clientIp =
 typeof f === "string"
 ? f.split(",")[0].trim()
 : Array.isArray(f) && f.length
 ? String(f[0]).split(",")[0].trim()
 : "";
 return {
 ...headers,
 host: `${POSTIZ_HOST}:${POSTIZ_PORT}`,
 "x-forwarded-for": clientIp,
 "x-forwarded-host": headers.host || "",
 "x-forwarded-proto": headers["x-forwarded-proto"] || "https",
 };
}
function rewriteLocation(loc) {
 // Postiz's Next.js middleware redirects without the basePath prefix (/app)
 // and may use an internal hostname (127.0.0.1:NGINX_PORT) or the public
 // HF Space hostname (SPACE_HOST). The HF Spaces reverse proxy intercepts
 // absolute redirects to its own hostname — it resolves them server-side
 // and returns 200 at the original URL (blank white page for the client).
 //
 // Normalise every Location header from the Postiz nginx proxy:
 // 1. If it's an absolute URL to an internal or own-Space host → extract path.
 // 2. If the resulting path doesn't start with /app → prepend /app.
 //
 // This converts absolute redirects to relative ones so the browser
 // (not HF proxy) navigates and the URL bar updates correctly.
 //
 // Examples:
 // http://127.0.0.1:5000/auth/login → /app/auth/login
 // https://somratpro-huggingpost.hf.space/auth → /app/auth
 // /auth/login → /app/auth/login
 // /app/auth/login → /app/auth/login (unchanged)
 // https://twitter.com/oauth/... → unchanged (external)
 if (!loc) return loc;
 const spaceHost = process.env.SPACE_HOST || null; // e.g. somratpro-huggingpost.hf.space
 let path = null;
 if (loc.startsWith("/")) {
 path = loc;
 } else {
 try {
 const u = new URL(loc);
 if (
 /^(127\.0\.0\.1|localhost)(:\d+)?$/.test(u.host) ||
 (spaceHost && u.hostname === spaceHost)
 ) {
 path = u.pathname + u.search + u.hash;
 }
 } catch {}
 }
 if (path !== null && !path.startsWith("/app/") && path !== "/app") {
 return "/app" + path;
 }
 return loc;
}
function proxyHttp(req, res, overridePath) {
 const targetPath = overridePath !== undefined ? overridePath : req.url;
 let upstreamStarted = false;
 const proxyReq = http.request(
 {
 hostname: POSTIZ_HOST,
 port: POSTIZ_PORT,
 method: req.method,
 path: targetPath,
 headers: buildProxyHeaders(req.headers),
 },
 (proxyRes) => {
 upstreamStarted = true;
 // Rewrite Location headers: add /app basePath if missing, convert
 // internal-host absolute URLs to relative paths.
 const outHeaders = Object.assign({}, proxyRes.headers);
 const fixedLoc = rewriteLocation(outHeaders["location"]);
 if (fixedLoc !== outHeaders["location"])
 outHeaders["location"] = fixedLoc;
 res.writeHead(proxyRes.statusCode || 502, outHeaders);
 proxyRes.pipe(res);
 },
 );
 proxyReq.on("error", (error) => {
 if (res.headersSent || upstreamStarted) {
 res.destroy();
 return;
 }
 res.writeHead(502, { "Content-Type": "application/json" });
 res.end(
 JSON.stringify({
 status: "error",
 message: "Postiz unavailable",
 detail: error.message,
 hint: "Postiz may still be starting (first boot ~60s after build). Check the Logs tab.",
 }),
 );
 });
 res.on("close", () => proxyReq.destroy());
 req.pipe(proxyReq);
}
function proxyUpgrade(req, socket, head, overridePath) {
 const targetPath = overridePath !== undefined ? overridePath : req.url;
 const proxySocket = net.connect(POSTIZ_PORT, POSTIZ_HOST);
 proxySocket.on("connect", () => {
 const f = req.headers["x-forwarded-for"];
 const clientIp =
 typeof f === "string"
 ? f.split(",")[0].trim()
 : req.socket.remoteAddress || "";
 const headerLines = [];
 for (let i = 0; i < req.rawHeaders.length; i += 2) {
 const name = req.rawHeaders[i];
 const value = req.rawHeaders[i + 1];
 const lower = String(name).toLowerCase();
 if (lower === "host" || lower.startsWith("x-forwarded-")) continue;
 headerLines.push(`${name}: ${value}`);
 }
 const lines = [
 `${req.method} ${targetPath} HTTP/${req.httpVersion}`,
 ...headerLines,
 `Host: ${POSTIZ_HOST}:${POSTIZ_PORT}`,
 `X-Forwarded-For: ${clientIp}`,
 `X-Forwarded-Host: ${req.headers.host || ""}`,
 `X-Forwarded-Proto: ${req.headers["x-forwarded-proto"] || "https"}`,
 "",
 "",
 ];
 proxySocket.write(lines.join("\r\n"));
 if (head && head.length > 0) proxySocket.write(head);
 socket.pipe(proxySocket).pipe(socket);
 });
 proxySocket.on("error", () => {
 if (socket.writable)
 socket.write("HTTP/1.1 502 Bad Gateway\r\nConnection: close\r\n\r\n");
 socket.destroy();
 });
 socket.on("error", () => proxySocket.destroy());
}
// ============================================================================
// HTTP Server
// ============================================================================
const server = http.createServer((req, res) => {
 const parsedUrl = parseRequestUrl(req.url || "/");
 const pathname = parsedUrl.pathname;
 const uptime = Math.floor((Date.now() - startTime) / 1000);
// ── /health ──────────────────────────────────────────────────────────────
 if (pathname === "/health") {
 res.writeHead(200, { "Content-Type": "application/json" });
 res.end(
 JSON.stringify({
 status: "ok",
 uptime,
 uptimeHuman: formatUptime(uptime),
 timestamp: new Date().toISOString(),
 sync: readSyncStatus(),
 }),
 );
 return;
 }
// ── /status ──────────────────────────────────────────────────────────────
 if (pathname === "/status") {
 void (async () => {
 const postiz = await checkPostizHealth();
 res.writeHead(200, { "Content-Type": "application/json" });
 res.end(
 JSON.stringify({
 uptime: formatUptime(uptime),
 postizRunning: postiz.status === "running",
 sync: readSyncStatus(),
 keepalive: getKeepaliveStatus(),
 }),
 );
 })();
 return;
 }
// ── /setup — OAuth platform setup wizard ─────────────────────────────────
 if (pathname === "/setup" || pathname === "/setup/") {
 res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
 res.end(renderSetupPage());
 return;
 }
// ── /app/redeploy-cf-worker — force Cloudflare Worker redeploy ───────────
 // Strips CLOUDFLARE_PROXY_URL from subprocess env so the setup script
 // bypasses the short-circuit and deploys the updated Worker template.
 if (pathname === "/app/redeploy-cf-worker") {
 const { execFile } = require("child_process");
 const subEnv = { ...process.env };
 delete subEnv.CLOUDFLARE_PROXY_URL;
 delete subEnv.CLOUDFLARE_PROXY_SECRET;
 execFile("python3", ["/opt/postiz-sync.py", "--version"], { env: subEnv }, () => {}); // no-op warm-up
 execFile("python3", ["/opt/cloudflare-proxy-setup.py"], { env: subEnv, timeout: 60000 },
 (err, stdout, stderr) => {
 const lines = [
 "Redeploying Cloudflare Worker with updated template...",
 "",
 "=== stdout ===",
 stdout || "(empty)",
 "=== stderr ===",
 stderr || "(empty)",
 err ? "=== exec error ===\n" + err.message : "=== done ===",
 "",
 "Worker updated. Try connecting X now.",
 ];
 res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
 res.end(lines.join("\n"));
 }
 );
 return;
 }
// ── Dashboard at exact / ─────────────────────────────────────────────────
 if (pathname === "/" || pathname === "") {
 void (async () => {
 const postiz = await checkPostizHealth();
 const uptime = Math.floor((Date.now() - startTime) / 1000);
 const initialData = {
 postizRunning: postiz.status === "running",
 uptimeHuman: formatUptime(uptime),
 keepalive: getKeepaliveStatus(),
 sync: readSyncStatus(),
 };
 res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
 res.end(renderDashboard(initialData));
 })();
 return;
 }
// ── /app, /app/ and /app/* → proxy to nginx (Next.js handles routing) ────
 if (pathname === "/app" || pathname === "/app/") {
 // Postiz Next.js root redirect to /launches sometimes fails with basePath
 // + trailingSlash:true, leaving users on a blank /app/ page after signup.
 // Force the redirect here. Next.js middleware will still redirect to
 // /auth/login if they aren't authenticated yet.
 res.writeHead(302, {
 Location: "/app/launches/" + (parsedUrl.search || ""),
 });
 res.end();
 return;
 }
if (pathname.startsWith("/app/")) {
 const stripped = pathname.slice("/app".length) || "/";
 const query = parsedUrl.search || "";
// Static files in Next.js public/ land here with /app/ prefix (basePath).
 // Serve them directly from disk instead of proxying through nginx so the
 // path mismatch introduced by the nginx /app/ re-add patch doesn't matter.
 // _next/ bundles are NOT in public/ — skip them and proxy normally.
 const ext = path.extname(stripped).toLowerCase();
 if (ext && !stripped.startsWith("/_next/") && MIME_TYPES[ext]) {
 const absPath = path.resolve(NEXTJS_PUBLIC_DIR, "." + stripped);
 if (absPath.startsWith(NEXTJS_PUBLIC_DIR + path.sep)) {
 const stream = fs.createReadStream(absPath);
 stream.once("open", () => {
 res.writeHead(200, {
 "Content-Type": MIME_TYPES[ext],
 "Cache-Control": "public, max-age=86400",
 });
 stream.pipe(res);
 });
 stream.once("error", () => {
 // File not in public/ — fall through to nginx proxy.
 if (!res.headersSent) proxyHttp(req, res, stripped + query);
 else res.destroy();
 });
 return;
 }
 }
proxyHttp(req, res, stripped + query);
 return;
 }
// ── Stray asset URLs without basePath (Sentry, hardcoded /static) ────────
 // Browser-side libs sometimes emit absolute URLs that bypass Next.js
 // basePath. Catch /_next/* and /static/* at root and 301 to /app/* so the
 // browser learns the right prefix.
 if (pathname.startsWith("/_next/") || pathname.startsWith("/static/")) {
 res.writeHead(301, {
 Location: "/app" + pathname + (parsedUrl.search || ""),
 });
 res.end();
 return;
 }
// ── Anything else → redirect to /app<path> ──────────────────────────────
 // After login, Postiz's client-side router may navigate to a path without
 // the /app basePath prefix (e.g. /launches, /analytics, /api/...).
 // Redirect those here rather than 404-ing so the browser lands correctly.
res.writeHead(302, {
 Location: "/app" + pathname + (parsedUrl.search || ""),
 });
 res.end();
});
server.on("upgrade", (req, socket, head) => {
 const parsedUrl = parseRequestUrl(req.url || "/");
 const pathname = parsedUrl.pathname;
 if (isLocalRoute(pathname)) {
 socket.destroy();
 return;
 }
 if (pathname === "/app" || pathname.startsWith("/app/")) {
 const stripped = pathname.slice("/app".length) || "/";
 proxyUpgrade(req, socket, head, stripped + (parsedUrl.search || ""));
 return;
 }
 socket.destroy();
});
server.listen(PORT, "0.0.0.0", () => {
 console.log(`✓ Health server listening on port ${PORT}`);
 console.log(`✓ Dashboard : http://localhost:${PORT}/`);
 console.log(
 `✓ Postiz : http://localhost:${PORT}/app/ → nginx :${POSTIZ_PORT}`,
 );
});