Hugging Face's logo

Spaces:
zhlajiex
/
Codeai
Running

App Files Community
Codeai
File size: 6,240 Bytes 
1dc8372
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9df3c32
1dc8372
 
 
bdb0988
 
 
 
 
1dc8372
 
9df3c32
 
 
 
1dc8372
072fffe
1dc8372
072fffe
1dc8372
 
 
 
 
 
 
 
 
 
210d827
 
 
1dc8372
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
401687a
 
885b766
 
 
401687a
1dc8372
 
 
 
 
 
 
 
 
885b766
 
1dc8372
 
885b766
 
 
 
 
 
 
 
 
 
 
1dc8372
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
da1e4a6
 
 
 
 
 
1dc8372
 
 
 
a705c01
1dc8372
 
 
 
 
d0929e4
 
b0e463e
1dc8372
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
05fb10a
1dc8372
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
const express = require('express');
const dotenv = require('dotenv');
const dns = require('dns');

// DNS FIX: Force SRV resolution to use reliable servers
// This fixes querySrv EBADNAME in Termux/Android
dns.setServers(['8.8.8.8', '8.8.4.4']);

const cors = require('cors');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const http = require('http');
const path = require('path');
const socketio = require('socket.io');
const connectDB = require('./db');
const { performSurgery, getLogs, handleCommand } = require('./services/sentinelService');
const { syncToCloud, restoreFromCloud } = require('./services/persistenceService');

dotenv.config();

// Critical Environment Defaults
process.env.JWT_SECRET = process.env.JWT_SECRET || 'TITAN_CORE_BETA_SECRET_2026';
process.env.JWT_EXPIRE = process.env.JWT_EXPIRE || '30d';
process.env.JWT_COOKIE_EXPIRE = process.env.JWT_COOKIE_EXPIRE || '30';

// Connect to Cloud Database
connectDB();
restoreFromCloud();

// Periodic Cloud Sync (Every 30 minutes)
setInterval(syncToCloud, 30 * 60 * 1000);

// Ensure Uploads Directory exists inside public
const fs = require('fs');
const uploadsDir = path.join(__dirname, 'public', 'uploads');
if (!fs.existsSync(uploadsDir)){
    fs.mkdirSync(uploadsDir, { recursive: true });
}

const auth = require('./routes/auth');
const ai = require('./routes/ai');
const users = require('./routes/users');

const app = express();

// Trust first proxy (Hugging Face / Cloudflare)
app.set('trust proxy', 1);

// --- SENTINEL PRIORITY INTERCEPTOR ---
app.use((req, res, next) => {
  const originalSend = res.send;
  res.send = function (body) {
    if (res.statusCode >= 500) {
      console.log(`[SENTINEL_AUTO] Intercepted 500 on ${req.originalUrl}`);
      // performSurgery logic handled in error catcher below
    }
    return originalSend.apply(res, arguments);
  };
  next();
});

const server = http.createServer(app);
const io = socketio(server, { cors: { origin: "*" } });

app.use(express.json());
app.use(helmet({ 
  contentSecurityPolicy: false,
  frameguard: false, // Allow iframing
  crossOriginResourcePolicy: { policy: "cross-origin" },
  crossOriginEmbedderPolicy: false
}));

// Request Logger
app.use((req, res, next) => {
  console.log(`${req.method} ${req.path} - ${new Date().toISOString()}`);
  next();
});

const limiter = rateLimit({ windowMs: 10 * 60 * 1000, max: 1000 });
app.use(limiter);

// Enable Robust Multi-Node CORS
app.use(cors({
  origin: function (origin, callback) {
    // Allow any origin for now to 'allow everything' as requested, 
    // or you can keep it slightly restricted to your domains:
    const isAllowed = !origin || 
                       origin === 'null' || 
                       origin.includes("hf.space") || 
                       origin.includes("qzz.io") || 
                       origin.includes("js.org") || 
                       origin.includes("onrender.com") ||
                       origin.includes("localhost");
    
    if (isAllowed) {
      callback(null, true);
    } else {
      callback(new Error('CORS_VIOLATION_BY_MAIN_CORE'));
    }
  },
  credentials: true
}));

app.use(express.static(path.join(__dirname, 'public')));

app.use('/api/auth', auth);
app.use('/api/ai', ai);
app.use('/api/users', users);

app.get('/api/status/uptime', (req, res) => {
  const uptime = process.uptime();
  res.json({ success: true, uptime: Math.floor(uptime) });
});

app.get('/api/status/sentinel-test', (req, res) => {
  console.log("[DIAGNOSTIC] Triggering synthetic breach for Sentinel verification...");
  throw new Error("SENTINEL_TEST_STRESS_BREACH");
});

app.get('/', (req, res) => res.sendFile(path.join(__dirname, 'public', 'index.html')));
app.get('/auth', (req, res) => res.sendFile(path.join(__dirname, 'public', 'auth.html')));
const Announcement = require('./models/Announcement');

// --- ANNOUNCEMENT API ---
app.get('/api/announcements/active', async (req, res) => {
  const now = new Date();
  const active = await Announcement.findOne({
    isActive: true,
    startTime: { $lte: now },
    endTime: { $gte: now }
  }).sort({ createdAt: -1 });
  res.json({ success: true, data: active });
});

app.post('/api/announcements', async (req, res) => {
  const { message, startTime, endTime } = req.body;
  // Verification: In a production build, we would use JWT. 
  // For now, we will allow the creation and let the frontend handle Architect-level auth.
  const announcement = await Announcement.create({ 
    message, 
    startTime: new Date(startTime), 
    endTime: new Date(endTime),
    isActive: true 
  });
  res.json({ success: true, data: announcement });
});

app.get('/chat', (req, res) => res.sendFile(path.join(__dirname, 'public', 'chat.html')));
app.get('/keys', (req, res) => res.sendFile(path.join(__dirname, 'public', 'keys.html')));
app.get('/about', (req, res) => res.sendFile(path.join(__dirname, 'public', 'about.html')));
app.get('/sentinel', (req, res) => res.sendFile(path.join(__dirname, 'public', 'sentinel.html')));
app.get('/manifesto', (req, res) => res.sendFile(path.join(__dirname, 'public', 'manifesto.html')));
app.get('/broadcast', (req, res) => res.sendFile(path.join(__dirname, 'public', 'broadcast.html')));

// Catch-all for React/Frontend routes
app.get(/^(?!\/api).+/, (req, res) => {
  res.sendFile(path.join(__dirname, 'public', 'index.html'));
});

app.get('/api/status/sentinel-history', (req, res) => {
  res.json({ success: true, logs: getLogs() });
});

app.post('/api/status/sentinel-command', async (req, res) => {
  const { command } = req.body;
  try {
    const response = await handleCommand(command);
    res.status(200).json({ success: true, response });
  } catch (err) {
    res.status(500).json({ success: false, error: "INTERLINK_TIMEOUT" });
  }
});

// GLOBAL ERROR HANDLER (SENTINEL UPLINK)
app.use((err, req, res, next) => {
  console.log(`[SENTINEL_BREACH] ${err.stack}`);
  performSurgery(err.stack, req.originalUrl);
  res.status(err.statusCode || 500).json({ success: false, error: err.message || 'Server Error' });
});

const PORT = process.env.PORT || 7860;
server.listen(PORT, () => console.log(`Codex Neural Interface active on port ${PORT}`));

module.exports = io;