Hugging Face's logo

Spaces:
everydaycats
/
ai_plugin_server
Running

App Files Community
1
ai_plugin_server
File size: 14,367 Bytes 
c78bf1e
 
 
 
 
 
0472344
 
ab9b3de
a283b7f
81bfb97
c78bf1e
 
afeb8cb
c78bf1e
 
 
a283b7f
 
afeb8cb
a283b7f
 
c78bf1e
 
 
 
 
 
 
a283b7f
 
 
8910a41
 
c78bf1e
 
 
a283b7f
 
c78bf1e
 
a283b7f
 
c78bf1e
a283b7f
 
 
 
c78bf1e
a283b7f
c78bf1e
 
 
 
b6fcea9
c78bf1e
afeb8cb
c78bf1e
 
afeb8cb
ab9b3de
c78bf1e
3cfc75e
c78bf1e
 
8edba50
c78bf1e
 
 
 
8edba50
c78bf1e
c9f2107
b6fcea9
c78bf1e
 
 
 
 
 
 
 
 
 
 
 
c9f2107
c78bf1e
 
 
 
afeb8cb
c78bf1e
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
b6fcea9
c78bf1e
 
 
c9f2107
c78bf1e
 
 
0787978
d41a5ad
c78bf1e
 
 
 
 
 
8edba50
c78bf1e
 
 
b6fcea9
c78bf1e
 
 
 
 
b6fcea9
 
c78bf1e
 
 
 
 
 
afeb8cb
c78bf1e
c9f2107
c78bf1e
8edba50
c78bf1e
b6fcea9
c78bf1e
 
 
b6fcea9
c78bf1e
 
 
 
0787978
f9c93a3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
81bfb97
a283b7f
81bfb97
 
3b8e3e1
81bfb97
3b8e3e1
81bfb97
3b8e3e1
 
 
 
 
 
 
 
 
 
0472344
3b8e3e1
81bfb97
3b8e3e1
 
0472344
3b8e3e1
 
0472344
 
 
3b8e3e1
 
 
 
 
81bfb97
 
 
 
 
3b8e3e1
 
 
0472344
a283b7f
3668dab
0472344
 
 
 
 
3668dab
 
 
 
0472344
 
 
 
 
 
 
 
a283b7f
3668dab
0472344
 
 
 
3668dab
 
0472344
 
 
c78bf1e
3b8e3e1
0787978
c78bf1e
8edba50
c78bf1e
 
 
 
b6fcea9
c78bf1e
81bfb97
0787978
b6fcea9
afeb8cb
 
 
 
 
 
 
8edba50
81bfb97
 
328efbf
c78bf1e
81bfb97
3cfc75e
 
c78bf1e
47608ab
81bfb97
c78bf1e
81bfb97
c78bf1e
 
c9f2107
0787978
afeb8cb
 
 
c78bf1e
0787978
c9f2107
b6fcea9
81bfb97
 
 
 
a283b7f
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1dee96d
3b8e3e1
c78bf1e
 
 
 
 
 
 
 
b6fcea9
c78bf1e
ca39894
c78bf1e
 
 
 
8edba50
 
c78bf1e
8edba50
c78bf1e
c9f2107
c78bf1e
 
 
e803ce9
 
 
 
 
 
 
 
c78bf1e
 
 
 
 
b6fcea9
9b3839b
c78bf1e
3b8e3e1
c78bf1e
 
3b8e3e1
e803ce9
 
c78bf1e
c9f2107
 
c78bf1e
81bfb97
6b42f1b
 
0472344
6b42f1b
81bfb97
6b42f1b
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
 
const express = require('express');
const admin = require('firebase-admin');
const jwt = require('jsonwebtoken');
const { v4: uuidv4 } = require('uuid');
const axios = require('axios');
const bodyParser = require('body-parser');
const cors = require('cors'); 

const app = express();
app.use(cors()); 
app.use(bodyParser.json({ limit: '50mb' })); 

// ---------------------------------------------------------
// 1. STATE MANAGEMENT
// ---------------------------------------------------------
const tempKeys = new Map();
const activeSessions = new Map();

// --- GLOBAL FIREBASE SERVICES ---
let db = null;
let firestore = null; // Added
let storage = null;   // Added

// ---------------------------------------------------------
// 2. FIREBASE INITIALIZATION
// ---------------------------------------------------------
try {
    if (process.env.FIREBASE_SERVICE_ACCOUNT_JSON) {
        const serviceAccount = JSON.parse(process.env.FIREBASE_SERVICE_ACCOUNT_JSON);
        
        // Define your bucket name here (or via ENV). 
        // Based on your previous context, it is likely:
        const bucketName = process.env.FIREBASE_STORAGE_BUCKET;
      
        if (admin.apps.length === 0) {
            admin.initializeApp({
                credential: admin.credential.cert(serviceAccount),
                databaseURL: process.env.FIREBASE_DB_URL,
                storageBucket: bucketName // Required for Storage deletion
            });
        }
        
        // Initialize ALL services
        db = admin.database();
        firestore = admin.firestore();
        storage = admin.storage();

        console.log("🔥 Firebase Connected (RTDB, Firestore, Storage)");
    } else {
        console.warn("⚠️ Memory-Only mode (Firebase credentials missing).");
    }
} catch (e) {
    console.error("Firebase Init Error:", e);
}

// ---------------------------------------------------------
// 3. MIDDLEWARE
// ---------------------------------------------------------
const verifyFirebaseUser = async (req, res, next) => {
    const debugMode = process.env.DEBUG_NO_AUTH === 'true'; 

    if (debugMode) {
        req.user = { uid: "user_dev_01" };
        return next();
    }

    const authHeader = req.headers.authorization;
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
        return res.status(401).json({ error: 'Missing Bearer token' });
    }

    const idToken = authHeader.split('Bearer ')[1];

    try {
        if (admin.apps.length > 0) {
            const decodedToken = await admin.auth().verifyIdToken(idToken);
            req.user = decodedToken;
            next();
        } else {
            req.user = { uid: "memory_user" };
            next();
        }
    } catch (error) {
        return res.status(403).json({ error: 'Unauthorized', details: error.message });
    }
};

async function getSessionSecret(uid, projectId) {
    const cacheKey = `${uid}:${projectId}`;
    if (activeSessions.has(cacheKey)) {
        const session = activeSessions.get(cacheKey);
        session.lastAccessed = Date.now();
        return session.secret;
    }
    if (db) {
        try {
            const snapshot = await db.ref(`plugin_oauth/${uid}/${projectId}`).once('value');
            if (snapshot.exists()) {
                const secret = snapshot.val();
                activeSessions.set(cacheKey, { secret, lastAccessed: Date.now() });
                console.log(`💧 Hydrated secret for ${cacheKey} from DB`);
                return secret;
            }
        } catch (err) {
            console.error("DB Read Error:", err);
        }
    }
    return null;
}

// ---------------------------------------------------------
// 4. ENDPOINTS
// ---------------------------------------------------------

app.post('/key', verifyFirebaseUser, (req, res) => {
    const { projectId } = req.body;
    if (!projectId) return res.status(400).json({ error: 'projectId required' });

    const key = `key_${uuidv4().replace(/-/g, '')}`;
    
    tempKeys.set(key, {
        uid: req.user.uid,
        projectId: projectId,
        createdAt: Date.now()
    });

    console.log(`🔑 Generated Key for user ${req.user.uid}: ${key}`);
    res.json({ key, expiresIn: 300 });
});

app.post('/redeem', async (req, res) => {
    const { key } = req.body;
    
    if (!key || !tempKeys.has(key)) {
        return res.status(404).json({ error: 'Invalid or expired key' });
    }

    const data = tempKeys.get(key);
    const sessionSecret = uuidv4(); 
    
    const token = jwt.sign(
        { uid: data.uid, projectId: data.projectId }, 
        sessionSecret, 
        { expiresIn: '3d' } 
    );

    const cacheKey = `${data.uid}:${data.projectId}`;

    activeSessions.set(cacheKey, { secret: sessionSecret, lastAccessed: Date.now() });

    if (db) {
        await db.ref(`plugin_oauth/${data.uid}/${data.projectId}`).set(sessionSecret);
    }

    tempKeys.delete(key);
    console.log(`🚀 Redeemed JWT for ${cacheKey}`);
    res.json({ token });
});

app.post('/verify', async (req, res) => {
    const { token } = req.body;
    if (!token) return res.status(400).json({ valid: false, error: 'Token required' });

    const decoded = jwt.decode(token);
    if (!decoded || !decoded.uid || !decoded.projectId) {
        return res.status(401).json({ valid: false, error: 'Malformed token' });
    }

    const secret = await getSessionSecret(decoded.uid, decoded.projectId);

    if (!secret) {
        return res.status(401).json({ valid: false, error: 'Session revoked' });
    }

    try {
        jwt.verify(token, secret);
        const threeDaysInSeconds = 3 * 24 * 60 * 60;
        const nowInSeconds = Math.floor(Date.now() / 1000);
        if (decoded.iat && (nowInSeconds - decoded.iat > threeDaysInSeconds)) {
             return res.status(403).json({ valid: false, error: 'Expired' });
        }

        return res.json({ valid: true });
    } catch (err) {
        return res.status(403).json({ valid: false, error: 'Invalid signature' });
    }
});

// ---------------------------------------------------------
// PROXY ENDPOINTS
// ---------------------------------------------------------

app.post('/feedback', async (req, res) => {
    const { token, ...pluginPayload } = req.body;

    if (!token) return res.status(400).json({ error: 'Token required' });

    const decoded = jwt.decode(token);
    if (!decoded || !decoded.uid || !decoded.projectId) {
        return res.status(401).json({ error: 'Malformed token' });
    }

    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
    if (!secret) return res.status(404).json({ error: 'Session revoked' });

    try {
        jwt.verify(token, secret); 

        const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
        const targetUrl = externalBase.replace(/\/$/, '') + '/project/feedback';

        console.log(`📨 Forwarding PLUGIN feedback for ${decoded.projectId} (${decoded.uid})`);

        const response = await axios.post(targetUrl, {
            userId: decoded.uid,       
            projectId: decoded.projectId, 
            ...pluginPayload           
        });

        return res.json({ success: true, externalResponse: response.data });

    } catch (err) {
        console.error("Feedback Forward Error:", err.message);
        if (err.response) {
            return res.status(err.response.status).json(err.response.data);
        }
        return res.status(502).json({ error: 'Failed to forward feedback to Main AI server' });
    }
});

app.post('/feedback2', verifyFirebaseUser, async (req, res) => {
    const { projectId, prompt, images, ...otherPayload } = req.body; 
    const userId = req.user.uid;

    if (!projectId || !prompt) {
        return res.status(400).json({ error: 'Missing projectId or prompt' });
    }

    if (images && images.length > 0) {
        console.log(`📸 Received ${images.length} image(s) from Dashboard.`);
    }

    const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
    const targetUrl = externalBase.replace(/\/$/, '') + '/project/feedback';

    try {
        const response = await axios.post(targetUrl, {
            userId: userId,
            projectId: projectId,
            prompt: prompt,
            images: images || [], 
            ...otherPayload
        });

        return res.json({ success: true, externalResponse: response.data });
    } catch (err) {
        console.error("Forward Error:", err.message);
        return res.status(502).json({ error: 'Failed to forward' });
    }
});

app.post('/poll', async (req, res) => {
    const { token } = req.body;

    if (!token) return res.status(400).json({ error: 'Token required' });

    const decoded = jwt.decode(token);
    if (!decoded || !decoded.uid || !decoded.projectId) {
        return res.status(401).json({ error: 'Malformed token' });
    }

    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
    if (!secret) return res.status(404).json({ error: 'Session revoked or not found' });

    try {
        const verifiedData = jwt.verify(token, secret);

        const threeDaysInSeconds = 3 * 24 * 60 * 60;
        const nowInSeconds = Math.floor(Date.now() / 1000);
        if (verifiedData.iat && (nowInSeconds - verifiedData.iat > threeDaysInSeconds)) {
             return res.status(403).json({ error: 'Token expired (older than 3 days)' });
        }
        
        const externalBase = process.env.EXTERNAL_SERVER_URL || 'http://localhost:7860';
        const targetUrl = externalBase.replace(/\/$/, '') + '/project/ping'; 
      
        try {
            const response = await axios.post(targetUrl, {
              projectId: verifiedData.projectId,
              userId: verifiedData.uid
            });
          
            return res.json(response.data); 
        } catch (extError) {
            console.error("Poll Forward Error:", extError.message);
            return res.status(502).json({ error: 'External server error' });
        }

    } catch (err) {
        if (err.name === 'TokenExpiredError') {
            return res.status(403).json({ error: 'Token has expired' });
        }
        return res.status(403).json({ error: 'Invalid Token Signature' });
    }
});

// ---------------------------------------------------------
// MANAGEMENT ENDPOINTS
// ---------------------------------------------------------

app.post('/project/delete', verifyFirebaseUser, async (req, res) => {
    const { projectId } = req.body;
    const userId = req.user.uid;

    if (!projectId) return res.status(400).json({ error: "Missing Project ID" });

    console.log(`🗑️ Deleting Project: ${projectId} requested by ${userId}`);

    try {
        // 1. Verify Ownership
        // We check if the project info exists for this user
        const projectRef = db.ref(`projects/${projectId}/info`);
        const snapshot = await projectRef.once('value');
        if (snapshot.exists()) {
            const data = snapshot.val();
            if (data.userId !== userId) {
                return res.status(403).json({ error: "Unauthorized" });
            }
        }

        const promises = [];

        // 2. Delete from Realtime Database
        promises.push(db.ref(`projects/${projectId}`).remove());
        promises.push(db.ref(`plugin_oauth/${userId}/${projectId}`).remove());

        // 3. Delete from Firestore
        if (firestore) {
            promises.push(firestore.collection('projects').doc(projectId).delete());
        } else {
            console.warn("Skipping Firestore delete (not initialized)");
        }

        // 4. Delete from Storage (Recursive)
        if (storage) {
            const bucket = storage.bucket();
            promises.push(bucket.deleteFiles({ prefix: `${projectId}/` }));
        } else {
            console.warn("Skipping Storage delete (not initialized)");
        }

        // 5. Clear from Memory (Manually, since StateManager isn't imported here)
        activeSessions.delete(`${userId}:${projectId}`);
        // Also iterate tempKeys if needed, though they expire quickly anyway
        for (const [key, val] of tempKeys.entries()) {
            if (val.projectId === projectId) tempKeys.delete(key);
        }
        
        await Promise.all(promises);

        console.log(`✅ Project ${projectId} deleted successfully.`);
        res.json({ success: true });

    } catch (err) {
        console.error("Delete Error:", err);
        res.status(500).json({ error: "Failed to delete project resources" });
    }
});

app.get('/cleanup', (req, res) => {
    const THRESHOLD = 1000 * 60 * 60; 
    const now = Date.now();
    let cleanedCount = 0;

    for (const [key, value] of activeSessions.entries()) {
        if (now - value.lastAccessed > THRESHOLD) {
            activeSessions.delete(key);
            cleanedCount++;
        }
    }
    for (const [key, value] of tempKeys.entries()) {
        if (now - value.createdAt > (1000 * 60 * 4)) {
            tempKeys.delete(key);
        }
    }
    res.json({ message: `Cleaned ${cleanedCount} cached sessions from memory.` });
});

app.post('/nullify', verifyFirebaseUser, async (req, res) => {
    const { projectId } = req.body;
    if (!projectId) return res.status(400).json({ error: 'projectId required' });

    const cacheKey = `${req.user.uid}:${projectId}`;
    const existedInMemory = activeSessions.delete(cacheKey);

    let deletedTempKeys = 0;
    for (const [tKey, tData] of tempKeys.entries()) {
        if (tData.uid === req.user.uid && tData.projectId === projectId) {
            tempKeys.delete(tKey);
            deletedTempKeys++;
        }
    }

    if (db) {
        try {
            await db.ref(`plugin_oauth/${req.user.uid}/${projectId}`).remove();
        } catch (e) {
            return res.status(500).json({ error: 'Database error during nullify' });
        }
    }

    console.log(`☢️ NULLIFIED session for ${cacheKey}.`);
    res.json({ 
        success: true, 
        message: 'Session purged.',
        wasCached: existedInMemory,
        tempKeysRemoved: deletedTempKeys
    });
});

app.get('/', (req, res) => {
    res.send('Plugin Auth Proxy Running');
});

const PORT = process.env.PORT || 7860;
app.listen(PORT, () => {
    console.log(`🚀 Auth Proxy running on http://localhost:${PORT}`);
});