Upload 3 files

Dockerfile

@@ -0,0 +1,41 @@
+# ── Base image ────────────────────────────────────────────────
+FROM python:3.11-slim
+
+# ── System dependencies ────────────────────────────────────────
+# libgomp1 is required by ONNX Runtime (used internally by piper-tts)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        build-essential \
+        curl \
+        libgomp1 \
+    && rm -rf /var/lib/apt/lists/*
+
+# ── Non-root user required by HuggingFace Spaces ──────────────
+RUN useradd -m -u 1000 user
+USER user
+ENV HOME=/home/user \
+    PATH=/home/user/.local/bin:$PATH
+
+# ── Working directory ──────────────────────────────────────────
+WORKDIR $HOME/app
+
+# ── Install Python dependencies ────────────────────────────────
+COPY --chown=user requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip \
+ && pip install --no-cache-dir -r requirements.txt
+
+# ── Download Piper voice model (en_US-lessac-medium) ──────────
+# Model and its JSON config are fetched from the official Piper voices repo
+RUN mkdir -p $HOME/app/models \
+ && curl -L -o $HOME/app/models/en_US-lessac-medium.onnx \
+        "https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/medium/en_US-lessac-medium.onnx" \
+ && curl -L -o $HOME/app/models/en_US-lessac-medium.onnx.json \
+        "https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/medium/en_US-lessac-medium.onnx.json"
+
+# ── Copy application code ──────────────────────────────────────
+COPY --chown=user app.py .
+
+# ── Expose the port HuggingFace Spaces expects ─────────────────
+EXPOSE 7860
+
+# ── Start the server ───────────────────────────────────────────
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]

app.py

@@ -0,0 +1,169 @@
+import os
+import hashlib
+import base64
+import asyncio
+import wave
+import io
+import httpx
+from piper.voice import PiperVoice
+from fastapi import FastAPI, Request, HTTPException
+from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
+
+# ── Secrets (set these in HuggingFace Space → Settings → Variables and secrets) ──
+EXPECTED_HASH  = os.environ.get("HASH_VALUE")
+SERVER_MAIN    = os.environ.get("SERVER_MAIN_URL")
+SERV_CODE      = os.environ.get("SERV_CODE")
+CF_SECRET_KEY  = os.environ.get("CF_SECRET_KEY")   # reserved for Cloudflare token verification if needed
+
+ALLOWED_DOMAIN = os.environ.get("ALLOWED_DOMAIN", "buildwithsupratim.github.io")
+
+# ── Piper TTS config ──
+PIPER_MODEL_PATH = os.path.join(os.path.dirname(__file__), "models", "en_US-lessac-medium.onnx")
+
+# Load voice once at startup (heavy; reuse across requests)
+_piper_voice: PiperVoice = PiperVoice.load(PIPER_MODEL_PATH)
+
+app = FastAPI(title="Maria Middleware", version="1.0.0")
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["https://buildwithsupratim.github.io"],
+    allow_methods=["GET", "POST"],
+    allow_headers=["*"],
+)
+
+# ═══════════════════════════════════════════════════════════════
+#  AUTH HELPERS
+# ═══════════════════════════════════════════════════════════════
+
+def _hash_auth_code(auth_code: str) -> str:
+    return hashlib.sha256(auth_code.encode()).hexdigest()
+
+
+def _check_first(request: Request) -> bool:
+    """Primary check: hash of auth_code header must match EXPECTED_HASH."""
+    auth_code = request.headers.get("auth_code") or request.headers.get("Auth-Code")
+    if not auth_code:
+        return False
+    return _hash_auth_code(auth_code) == EXPECTED_HASH
+
+
+def _check_second(request: Request) -> bool:
+    """Fallback check: request must originate from the allowed domain.
+    
+    Cloudflare adds CF-Referer / the standard Referer / Origin headers.
+    We validate at the domain level so any path under the GitHub Pages site passes.
+    """
+    referer = request.headers.get("referer", "")
+    origin  = request.headers.get("origin",  "")
+
+    for value in (referer, origin):
+        if value and ALLOWED_DOMAIN in value:
+            return True
+    return False
+
+
+async def _authorize(request: Request) -> None:
+    """Raise 403 if neither check passes."""
+    if _check_first(request):
+        return
+    if _check_second(request):
+        return
+    raise HTTPException(status_code=403, detail="Forbidden: invalid auth_code and domain not allowed.")
+
+
+# ═══════════════════════════════════════════════════════════════
+#  TTS HELPER
+# ═══════════════════════════════════════════════════════════════
+
+def _generate_tts_base64(text: str) -> str:
+    """Synthesize *text* with Piper TTS and return base64-encoded WAV bytes."""
+    wav_buffer = io.BytesIO()
+    with wave.open(wav_buffer, "wb") as wav_file:
+        _piper_voice.synthesize(text, wav_file)
+    return base64.b64encode(wav_buffer.getvalue()).decode("utf-8")
+
+
+# ═══════════════════════════════════════════════════════════════
+#  ROUTES
+# ═══════════════════════════════════════════════════════════════
+
+@app.get("/")
+async def root():
+    """Root endpoint for HuggingFace health checks."""
+    return {"status": "alive"}
+
+
+@app.get("/ping")
+async def ping():
+    """Health-check endpoint. Wakes the Space if it was sleeping."""
+    return {"status": "alive"}
+
+
+@app.post("/chat_start")
+async def chat_start(request: Request):
+    """
+    1. Authenticate the caller.
+    2. Forward the payload to SERVER_MAIN with serv_code in headers.
+    3. Override / add audio_output with Piper TTS base64 WAV audio.
+    4. Return the final response.
+    """
+    await _authorize(request)
+
+    # ── Parse incoming JSON ──────────────────────────────────────
+    try:
+        payload = await request.json()
+    except Exception:
+        raise HTTPException(status_code=400, detail="Invalid JSON body.")
+
+    # ── Forward to SERVER_MAIN ───────────────────────────────────
+    forward_headers = {
+        "Content-Type": "application/json",
+        "serv_code":    SERV_CODE,
+    }
+
+    async with httpx.AsyncClient(timeout=120.0) as client:
+        try:
+            server_response = await client.post(
+                SERVER_MAIN,
+                json=payload,
+                headers=forward_headers,
+            )
+            server_response.raise_for_status()
+            response_data = server_response.json()
+        except httpx.HTTPStatusError as exc:
+            raise HTTPException(
+                status_code=exc.response.status_code,
+                detail=f"SERVER_MAIN error: {exc.response.text}",
+            )
+        except httpx.RequestError as exc:
+            raise HTTPException(status_code=502, detail=f"SERVER_MAIN unreachable: {str(exc)}")
+
+    # ── Extract text for TTS ─────────────────────────────────────
+    try:
+        response_message = response_data["query"]["response_message"]
+        tts_text = response_message.get("text", "")
+    except (KeyError, TypeError):
+        raise HTTPException(status_code=502, detail="Unexpected response schema from SERVER_MAIN.")
+
+    # ── Generate TTS and override audio_output ───────────────────
+    if tts_text:
+        # Run blocking Piper synthesis in a thread pool to avoid blocking the event loop
+        loop = asyncio.get_event_loop()
+        audio_b64 = await loop.run_in_executor(None, _generate_tts_base64, tts_text)
+        response_data["query"]["response_message"]["audio_output"] = audio_b64
+    else:
+        # No text → clear audio_output to avoid stale base64
+        response_data["query"]["response_message"]["audio_output"] = ""
+
+    return JSONResponse(content=response_data)
+
+
+# ═══════════════════════════════════════════════════════════════
+#  ENTRY POINT
+# ═══════════════════════════════════════════════════════════════
+
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run("app:app", host="0.0.0.0", port=7860, reload=False)

requirements.txt

@@ -0,0 +1,4 @@
+fastapi==0.111.1
+uvicorn[standard]==0.30.1
+httpx==0.27.0
+piper-tts==1.2.0