"use strict";
const http = require("http");
const fs = require("fs");
const net = require("net");
const crypto = require("crypto");
const PORT = Number(process.env.PORT || 7861);
const GATEWAY_PORT = Number(process.env.API_SERVER_PORT || 8642);
const DASHBOARD_PORT = Number(process.env.DASHBOARD_PORT || 9119);
const TELEGRAM_WEBHOOK_PORT = Number(process.env.TELEGRAM_WEBHOOK_PORT || 8765);
const GATEWAY_HOST = "127.0.0.1";
const startTime = Date.now();
const API_SERVER_KEY = process.env.API_SERVER_KEY || "";
const APP_BASE = "/app";
const LOGIN_PATH = "/login";
const SESSION_COOKIE = "huggingmess_session";
const SYNC_STATUS_FILE = "/tmp/huggingmess-sync-status.json";
const CLOUDFLARE_KEEPALIVE_STATUS_FILE = "/tmp/huggingmess-cloudflare-keepalive-status.json";
function canConnect(port, host = GATEWAY_HOST, timeoutMs = 600) {
return new Promise((resolve) => {
const socket = net.createConnection({ port, host });
const done = (ok) => {
socket.removeAllListeners();
socket.destroy();
resolve(ok);
};
socket.setTimeout(timeoutMs);
socket.once("connect", () => done(true));
socket.once("timeout", () => done(false));
socket.once("error", () => done(false));
});
}
function readJson(path, fallback = null) {
try {
if (fs.existsSync(path)) return JSON.parse(fs.readFileSync(path, "utf8"));
} catch {}
return fallback;
}
function timingSafeEqualString(left, right) {
if (!left || !right) return false;
const leftBuffer = Buffer.from(left);
const rightBuffer = Buffer.from(right);
if (leftBuffer.length !== rightBuffer.length) return false;
return crypto.timingSafeEqual(leftBuffer, rightBuffer);
}
function expectedSessionValue() {
if (!API_SERVER_KEY) return "";
return crypto
.createHmac("sha256", API_SERVER_KEY)
.update("huggingmess-session-v1")
.digest("hex");
}
function parseCookies(req) {
const header = req.headers.cookie || "";
const cookies = {};
for (const item of header.split(";")) {
const separator = item.indexOf("=");
if (separator < 0) continue;
const name = item.slice(0, separator).trim();
const value = item.slice(separator + 1).trim();
if (!name) continue;
try {
cookies[name] = decodeURIComponent(value);
} catch {
cookies[name] = value;
}
}
return cookies;
}
function isHttpsRequest(req) {
return req.headers["x-forwarded-proto"] === "https";
}
function buildSessionCookie(req) {
const secure = isHttpsRequest(req) ? "; Secure" : "";
return `${SESSION_COOKIE}=${encodeURIComponent(expectedSessionValue())}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400${secure}`;
}
function getBearerToken(req) {
const value = req.headers.authorization || "";
const match = /^Bearer\s+(.+)$/i.exec(value);
return match ? match[1] : "";
}
function isAuthorized(req) {
if (!API_SERVER_KEY) return true;
return (
timingSafeEqualString(getBearerToken(req), API_SERVER_KEY) ||
timingSafeEqualString(parseCookies(req)[SESSION_COOKIE], expectedSessionValue())
);
}
function sanitizeNext(value) {
if (!value || typeof value !== "string") return `${APP_BASE}/`;
if (!value.startsWith("/") || value.startsWith("//")) return `${APP_BASE}/`;
return value;
}
function loginUrl(nextPath) {
return `${LOGIN_PATH}?next=${encodeURIComponent(sanitizeNext(nextPath))}`;
}
function renderLoginPage(nextPath, errorMessage = "") {
const safeNext = sanitizeNext(nextPath);
const errorHtml = errorMessage ? `
${escapeHtml(errorMessage)}
` : "";
return `
HuggingMess Login
Open HuggingMess
Enter the GATEWAY_TOKEN from your Space secrets.
${errorHtml}
`;
}
function escapeHtml(value) {
return String(value)
.replace(/&/g, "&")
.replace(//g, ">")
.replace(/"/g, """);
}
function readRequestBody(req, limit = 64 * 1024) {
return new Promise((resolve, reject) => {
let body = "";
req.on("data", (chunk) => {
body += chunk;
if (body.length > limit) {
reject(new Error("Request body is too large."));
req.destroy();
}
});
req.on("end", () => resolve(body));
req.on("error", reject);
});
}
function requireAuth(req, res) {
if (isAuthorized(req)) return true;
const parsed = new URL(req.url, "http://localhost");
redirect(res, loginUrl(`${parsed.pathname}${parsed.search}`));
return false;
}
function wantsHtml(req) {
const accept = String(req.headers.accept || "");
return accept.includes("text/html");
}
async function handleLogin(req, res, parsed) {
const nextPath = sanitizeNext(parsed.searchParams.get("next") || `${APP_BASE}/`);
if (!API_SERVER_KEY) {
redirect(res, nextPath);
return;
}
if (req.method === "GET") {
res.writeHead(200, {
"content-type": "text/html; charset=utf-8",
"cache-control": "no-store",
});
res.end(renderLoginPage(nextPath));
return;
}
if (req.method !== "POST") {
res.writeHead(405, { allow: "GET, POST" });
res.end("Method not allowed");
return;
}
try {
const body = await readRequestBody(req);
const params = new URLSearchParams(body);
const submittedToken = params.get("token") || "";
const submittedNext = sanitizeNext(params.get("next") || nextPath);
if (!timingSafeEqualString(submittedToken, API_SERVER_KEY)) {
res.writeHead(401, {
"content-type": "text/html; charset=utf-8",
"cache-control": "no-store",
});
res.end(renderLoginPage(submittedNext, "That token did not match GATEWAY_TOKEN."));
return;
}
res.writeHead(302, {
location: submittedNext,
"set-cookie": buildSessionCookie(req),
"cache-control": "no-store",
});
res.end();
} catch (error) {
res.writeHead(400, {
"content-type": "text/plain; charset=utf-8",
"cache-control": "no-store",
});
res.end(error.message || "Invalid login request.");
}
}
function proxyRequest(req, res, targetPort, rewritePath = (path) => path, headerOverrides = {}) {
const parsed = new URL(req.url, "http://localhost");
const targetPath = rewritePath(parsed.pathname) + parsed.search;
const headers = {
...req.headers,
...headerOverrides,
host: `${GATEWAY_HOST}:${targetPort}`,
"x-forwarded-host": req.headers.host || "",
"x-forwarded-proto": req.headers["x-forwarded-proto"] || "https",
};
const proxy = http.request(
{
hostname: GATEWAY_HOST,
port: targetPort,
method: req.method,
path: targetPath,
headers,
},
(upstream) => {
res.writeHead(upstream.statusCode || 502, upstream.headers);
upstream.pipe(res);
},
);
proxy.on("error", (error) => {
res.writeHead(502, { "content-type": "application/json" });
res.end(JSON.stringify({ error: "proxy_error", message: error.message }));
});
req.pipe(proxy);
}
function redirect(res, location, statusCode = 302) {
res.writeHead(statusCode, { location });
res.end();
}
function formatUptime(ms) {
const total = Math.floor(ms / 1000);
const days = Math.floor(total / 86400);
const hours = Math.floor((total % 86400) / 3600);
const minutes = Math.floor((total % 3600) / 60);
if (days) return `${days}d ${hours}h ${minutes}m`;
if (hours) return `${hours}h ${minutes}m`;
return `${minutes}m`;
}
async function statusPayload() {
const gateway = await canConnect(GATEWAY_PORT);
const dashboard = await canConnect(DASHBOARD_PORT);
const telegramWebhook =
!!process.env.TELEGRAM_WEBHOOK_URL && (await canConnect(TELEGRAM_WEBHOOK_PORT));
const sync = readJson(SYNC_STATUS_FILE, process.env.HF_TOKEN
? { status: "configured", message: "Backup is enabled; waiting for the first sync." }
: { status: "disabled", message: "HF_TOKEN is not configured." });
return {
ok: gateway,
uptime: formatUptime(Date.now() - startTime),
startedAt: new Date(startTime).toISOString(),
gateway,
dashboard,
authConfigured: !!API_SERVER_KEY,
ports: {
public: PORT,
gateway: GATEWAY_PORT,
dashboard: DASHBOARD_PORT,
telegramWebhook: TELEGRAM_WEBHOOK_PORT,
},
telegram: {
configured: !!process.env.TELEGRAM_BOT_TOKEN,
webhook: !!process.env.TELEGRAM_WEBHOOK_URL,
webhookUrl: process.env.TELEGRAM_WEBHOOK_URL || "",
webhookListening: telegramWebhook,
proxy: process.env.CLOUDFLARE_PROXY_URL || "",
},
model: process.env.MODEL_FOR_CONFIG || process.env.HERMES_MODEL || process.env.LLM_MODEL || "",
provider: process.env.PROVIDER_FOR_CONFIG || process.env.HERMES_INFERENCE_PROVIDER || "auto",
backup: sync,
keepalive: readJson(CLOUDFLARE_KEEPALIVE_STATUS_FILE, null),
};
}
function badge(label, state) {
return `${escapeHtml(label)}`;
}
function toneBadge(label, tone = "neutral") {
return `${escapeHtml(label)}`;
}
function valueOrUnset(value, fallback = "Not set") {
return value ? escapeHtml(value) : `${escapeHtml(fallback)}`;
}
function renderTile({ title, value, detail = "", tone = "neutral", meta = "" }) {
return `
${escapeHtml(title)}
${value}
${detail ? `${detail}
` : ""}
${meta ? `${meta}
` : ""}
`;
}
function renderDashboard(data) {
const syncStatus = String(data.backup?.status || "unknown");
const syncTone = ["success", "restored", "synced", "configured"].includes(syncStatus) ? "ok" : syncStatus === "disabled" ? "warn" : "neutral";
const telegramTone = data.telegram.configured ? (data.telegram.webhookListening || !data.telegram.webhook ? "ok" : "warn") : "warn";
const keepaliveConfigured = data.keepalive?.configured === true;
const keepaliveStatus = String(data.keepalive?.status || (process.env.CLOUDFLARE_WORKERS_TOKEN ? "pending" : "not configured"));
const keepAliveTone = keepaliveConfigured ? "ok" : process.env.CLOUDFLARE_WORKERS_TOKEN ? "warn" : "neutral";
const telegramDetail = data.telegram.configured
? `${data.telegram.webhook ? "Webhook mode" : "Polling mode"}${data.telegram.proxy ? ` through Cloudflare proxy` : ""}.`
: "Add TELEGRAM_BOT_TOKEN to enable Telegram.";
const backupDetail = data.backup?.message ? escapeHtml(data.backup.message) : "No backup status has been written yet.";
const backupMeta = data.backup?.timestamp ? `Last update ${escapeHtml(data.backup.timestamp)}` : "";
const keepAliveDetail = keepaliveConfigured
? `Worker ${escapeHtml(data.keepalive.workerName || "keepalive")} pings ${escapeHtml(data.keepalive.targetUrl || "/health")}.`
: process.env.CLOUDFLARE_WORKERS_TOKEN
? "Cloudflare keep-awake Worker is pending or failed; check Space logs."
: "Add CLOUDFLARE_WORKERS_TOKEN to create a scheduled keep-awake Worker.";
const serviceOk = data.gateway && data.dashboard;
const tiles = [
renderTile({
title: "Gateway",
value: toneBadge(data.gateway ? "Online" : "Offline", data.gateway ? "ok" : "off"),
detail: data.gateway ? `OpenAI-compatible API on port ${data.ports.gateway}.` : `Gateway API is not reachable on port ${data.ports.gateway}.`,
tone: data.gateway ? "ok" : "off",
meta: data.authConfigured ? `Protected by GATEWAY_TOKEN.` : `Set GATEWAY_TOKEN before sharing.`,
}),
renderTile({
title: "Model",
value: `${valueOrUnset(data.model)}`,
detail: `Provider ${valueOrUnset(data.provider || "auto")}.`,
tone: data.model ? "ok" : "warn",
meta: "Gemini example: google/gemini-2.5-flash",
}),
renderTile({
title: "Runtime",
value: escapeHtml(data.uptime),
detail: `Public port ${data.ports.public}; health at /health.`,
tone: "neutral",
meta: `Started ${escapeHtml(data.startedAt)}.`,
}),
renderTile({
title: "Telegram",
value: toneBadge(data.telegram.configured ? "Configured" : "Disabled", telegramTone),
detail: telegramDetail,
tone: telegramTone,
meta: data.telegram.webhookUrl ? `${escapeHtml(data.telegram.webhookUrl)}` : "",
}),
renderTile({
title: "Backup",
value: toneBadge(syncStatus.toUpperCase(), syncTone),
detail: backupDetail,
tone: syncTone,
meta: backupMeta,
}),
renderTile({
title: "Keep Awake",
value: toneBadge(keepaliveConfigured ? "Cloudflare cron" : keepaliveStatus.toUpperCase(), keepAliveTone),
detail: keepAliveDetail,
tone: keepAliveTone,
meta: keepaliveConfigured ? `Schedule ${escapeHtml(data.keepalive.cron || "*/10 * * * *")}.` : "",
}),
].join("");
return `
HuggingMess
Open Hermes Agent ->
`;
}
const server = http.createServer(async (req, res) => {
const parsed = new URL(req.url, "http://localhost");
const path = parsed.pathname;
if (path === LOGIN_PATH) {
await handleLogin(req, res, parsed);
return;
}
if (path === "/health" || path === `${APP_BASE}/health`) {
const data = await statusPayload();
res.writeHead(data.ok ? 200 : 503, { "content-type": "application/json" });
res.end(JSON.stringify({ ok: data.ok, gateway: data.gateway, uptime: data.uptime }));
return;
}
if (path === "/status" || path === `${APP_BASE}/status`) {
const data = await statusPayload();
res.writeHead(200, { "content-type": "application/json" });
res.end(JSON.stringify(data, null, 2));
return;
}
if (path === "/") {
const data = await statusPayload();
res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
res.end(renderDashboard(data));
return;
}
if (path === "/dashboard" || path === "/dashboard/") {
redirect(res, `${APP_BASE}/${parsed.search}`);
return;
}
if (path === "/telegram" || path.startsWith("/telegram/")) {
proxyRequest(req, res, TELEGRAM_WEBHOOK_PORT);
return;
}
if (path === APP_BASE || path.startsWith(`${APP_BASE}/`)) {
if (!requireAuth(req, res)) return;
proxyRequest(req, res, DASHBOARD_PORT, (p) => p.replace(/^\/app/, "") || "/");
return;
}
if (
path === "/favicon.ico" ||
path.startsWith("/assets/") ||
path.startsWith("/api/") ||
path.startsWith("/dashboard-plugins/") ||
path.startsWith("/ds-assets/")
) {
if (!requireAuth(req, res)) return;
proxyRequest(req, res, DASHBOARD_PORT);
return;
}
if (
[
"/analytics",
"/chat",
"/config",
"/cron",
"/docs",
"/env",
"/logs",
"/models",
"/plugins",
"/profiles",
"/sessions",
"/skills",
].some((route) => path === route || path.startsWith(`${route}/`))
) {
redirect(res, `${APP_BASE}${path}${parsed.search}`);
return;
}
if (path === "/v1" || path.startsWith("/v1/")) {
if (!isAuthorized(req)) {
if (wantsHtml(req)) {
redirect(res, loginUrl(`${path}${parsed.search}`));
return;
}
res.writeHead(401, {
"content-type": "application/json",
"cache-control": "no-store",
});
res.end(JSON.stringify({ error: "unauthorized", message: "Use Authorization: Bearer ." }));
return;
}
const upstreamHeaders = getBearerToken(req) || !API_SERVER_KEY
? {}
: { authorization: `Bearer ${API_SERVER_KEY}` };
proxyRequest(req, res, GATEWAY_PORT, (p) => p, upstreamHeaders);
return;
}
res.writeHead(404, { "content-type": "text/plain; charset=utf-8" });
res.end("Not found");
});
server.listen(PORT, "0.0.0.0", () => {
console.log(`HuggingMess dashboard listening on 0.0.0.0:${PORT}`);
});