Upload 4 files

Dockerfile

@@ -0,0 +1,28 @@
+# ──────────────────────────────────────────────
+#  TG Store · Dockerfile for Hugging Face Spaces
+# ──────────────────────────────────────────────
+FROM node:20-slim
+
+# HF Spaces runs containers as uid 1000
+RUN useradd -m -u 1000 appuser
+
+WORKDIR /app
+
+# Install dependencies first (better layer caching)
+COPY package.json ./
+RUN npm install --omit=dev
+
+# Copy application source
+COPY --chown=appuser:appuser . .
+
+# Hugging Face Spaces requires port 7860
+ENV PORT=7860
+EXPOSE 7860
+
+USER appuser
+
+# HF pings /system to verify the app is healthy
+HEALTHCHECK --interval=30s --timeout=10s --start-period=20s \
+  CMD node -e "require('http').get('http://localhost:7860/system',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"
+
+CMD ["node", "index.js"]

index.js

@@ -0,0 +1,339 @@
+'use strict';
+
+const express = require('express');
+const { MongoClient } = require('mongodb');
+const Busboy = require('busboy');
+const path = require('path');
+const crypto = require('crypto');
+const { TelegramClient, Api } = require('telegram');
+const { StringSession } = require('telegram/sessions');
+const { PassThrough } = require('stream');
+
+// ─────────────────────────────────────────────
+//  CONFIG
+// ─────────────────────────────────────────────
+const PORT       = process.env.PORT       || 7860;
+const MONGO_URI  = process.env.MONGO_URI  || 'mongodb://127.0.0.1:27017/tgstore';
+const CHANNEL_ID = BigInt(process.env.CHANNEL_ID || '0');
+const CHUNK_SIZE = 1.9 * 1024 * 1024 * 1024; // 1.9 GB in bytes
+const DL_WORKERS = parseInt(process.env.DL_WORKERS) || 4;
+const BASE_URL   = process.env.BASE_URL   || `http://localhost:${PORT}`;
+
+// ─────────────────────────────────────────────
+//  MONGODB
+// ─────────────────────────────────────────────
+let Sessions, Files;
+
+async function connectMongo() {
+  const client = new MongoClient(MONGO_URI, { maxPoolSize: 20 });
+  await client.connect();
+  const db = client.db();
+  Sessions = db.collection('sessions');
+  Files    = db.collection('files');
+  await Files.createIndex({ fileId: 1 }, { unique: true });
+  console.log('[MongoDB] Connected');
+}
+
+// ─────────────────────────────────────────────
+//  SESSION POOL  (round-robin)
+// ─────────────────────────────────────────────
+const clientPool = [];
+let   poolIndex  = 0;
+
+async function buildClient(apiId, apiHash, sessionString = '') {
+  const session = new StringSession(sessionString);
+  const client  = new TelegramClient(session, Number(apiId), apiHash, {
+    connectionRetries: 5,
+    retryDelay: 1000,
+    autoReconnect: true,
+    maxConcurrentDownloads: DL_WORKERS,
+  });
+  await client.connect();
+  return client;
+}
+
+async function loadSessions() {
+  const docs = await Sessions.find({ active: true }).toArray();
+  for (const doc of docs) {
+    try {
+      const client = await buildClient(doc.apiId, doc.apiHash, doc.session);
+      clientPool.push(client);
+      console.log(`[Pool] Loaded session for ${doc.phone}`);
+    } catch (e) {
+      console.warn(`[Pool] Failed session ${doc._id}: ${e.message}`);
+    }
+  }
+  console.log(`[Pool] ${clientPool.length} session(s) active`);
+}
+
+function getClient() {
+  if (!clientPool.length)
+    throw new Error('No active Telegram sessions. Visit /strings to add one.');
+  const client = clientPool[poolIndex % clientPool.length];
+  poolIndex++;
+  return client;
+}
+
+// ─────────────────────────────────────────────
+//  PENDING AUTH MAP  phone → { client, hash }
+// ─────────────────────────────────────────────
+const authMap = new Map();
+
+// ─────────────────────────────────────────────
+//  EXPRESS
+// ─────────────────────────────────────────────
+const app = express();
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+app.use(express.static(path.join(__dirname, 'public')));
+
+// ── GET /system ──────────────────────────────
+app.get('/system', (_req, res) => {
+  const m = process.memoryUsage();
+  res.json({
+    status:   'ok',
+    uptime:   process.uptime(),
+    memory: {
+      rss:       m.rss,
+      heapUsed:  m.heapUsed,
+      heapTotal: m.heapTotal,
+      external:  m.external,
+    },
+    sessions: clientPool.length,
+    node:     process.version,
+    ts:       new Date().toISOString(),
+  });
+});
+
+// ── GET /strings ─────────────────────────────
+app.get('/strings', (_req, res) => {
+  res.sendFile(path.join(__dirname, 'public', 'strings.html'));
+});
+
+// ── POST /strings/send-code ──────────────────
+app.post('/strings/send-code', async (req, res) => {
+  const { apiId, apiHash, phone } = req.body;
+  if (!apiId || !apiHash || !phone)
+    return res.status(400).json({ error: 'apiId, apiHash and phone are required.' });
+
+  try {
+    const client = await buildClient(apiId, apiHash, '');
+    const result = await client.sendCode({ apiId: Number(apiId), apiHash }, phone);
+    authMap.set(phone, { client, apiId, apiHash, phoneCodeHash: result.phoneCodeHash });
+    res.json({ ok: true, message: 'OTP sent to your Telegram app.' });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+});
+
+// ── POST /strings/verify ─────────────────────
+app.post('/strings/verify', async (req, res) => {
+  const { phone, code, password } = req.body;
+  const entry = authMap.get(phone);
+  if (!entry)
+    return res.status(400).json({ error: 'No pending auth for this phone. Send code first.' });
+
+  const { client, apiId, apiHash, phoneCodeHash } = entry;
+
+  try {
+    await client.invoke(new Api.auth.SignIn({ phoneNumber: phone, phoneCodeHash, phoneCode: code }));
+  } catch (e) {
+    if (e.errorMessage === 'SESSION_PASSWORD_NEEDED') {
+      if (!password)
+        return res.status(400).json({ error: '2FA password required.', twoFA: true });
+      try {
+        const pwdInfo = await client.invoke(new Api.account.GetPassword());
+        const check   = await require('telegram/utils/Password').computeCheck(pwdInfo, password);
+        await client.invoke(new Api.auth.CheckPassword({ password: check }));
+      } catch (e2) {
+        authMap.delete(phone);
+        return res.status(400).json({ error: e2.message });
+      }
+    } else {
+      authMap.delete(phone);
+      return res.status(400).json({ error: e.message });
+    }
+  }
+
+  const sessionString = client.session.save();
+  await Sessions.insertOne({
+    apiId, apiHash, phone,
+    session: sessionString,
+    active: true,
+    createdAt: new Date(),
+  });
+  clientPool.push(client);
+  authMap.delete(phone);
+
+  res.json({ ok: true, session: sessionString, message: 'Session saved and added to pool!' });
+});
+
+// ── POST /upload ─────────────────────────────
+app.post('/upload', (req, res) => {
+  let client;
+  try { client = getClient(); }
+  catch (e) { return res.status(503).json({ error: e.message }); }
+
+  const busboy = Busboy({ headers: req.headers, limits: { files: 1, fileSize: Infinity } });
+  let responded = false;
+  const done = (code, body) => { if (!responded) { responded = true; res.status(code).json(body); } };
+
+  busboy.on('file', async (_field, fileStream, info) => {
+    const { filename, mimeType } = info;
+    const fileId = crypto.randomBytes(16).toString('hex');
+
+    const chunks     = [];  // { chunkIndex, messageId, size }
+    let chunkIndex   = 0;
+    let totalSize    = 0;
+    let chunkBufs    = [];
+    let chunkBytes   = 0;
+    let uploadError  = null;
+
+    const flushChunk = async () => {
+      if (!chunkBufs.length) return;
+      const buf = Buffer.concat(chunkBufs);
+      chunkBufs  = [];
+      chunkBytes = 0;
+      const idx  = chunkIndex++;
+      const msgId = await uploadBuffer(client, buf, `${fileId}_${idx}`);
+      chunks.push({ chunkIndex: idx, messageId: msgId, size: buf.length });
+    };
+
+    // Backpressure-aware data handler
+    fileStream.on('data', async (data) => {
+      if (uploadError) return;
+      fileStream.pause();
+      totalSize  += data.length;
+      chunkBufs.push(data);
+      chunkBytes += data.length;
+      try {
+        if (chunkBytes >= CHUNK_SIZE) await flushChunk();
+      } catch (e) {
+        uploadError = e;
+        fileStream.destroy();
+      }
+      fileStream.resume();
+    });
+
+    fileStream.on('end', async () => {
+      if (uploadError) return done(500, { error: uploadError.message });
+      try {
+        await flushChunk(); // flush remainder
+        await Files.insertOne({ fileId, filename, mimeType, totalSize, chunks, uploadedAt: new Date() });
+        done(200, {
+          ok: true, fileId, filename,
+          size: totalSize,
+          chunks: chunks.length,
+          downloadUrl: `${BASE_URL}/download/${fileId}`,
+        });
+      } catch (e) {
+        done(500, { error: e.message });
+      }
+    });
+
+    fileStream.on('error', (e) => done(500, { error: e.message }));
+  });
+
+  busboy.on('error', (e) => done(500, { error: e.message }));
+  req.pipe(busboy);
+});
+
+// ── GET /download/:fileId ────────────────────
+app.get('/download/:fileId', async (req, res) => {
+  const doc = await Files.findOne({ fileId: req.params.fileId });
+  if (!doc) return res.status(404).json({ error: 'File not found.' });
+
+  let client;
+  try { client = getClient(); }
+  catch (e) { return res.status(503).json({ error: e.message }); }
+
+  res.setHeader('Content-Disposition', `attachment; filename="${encodeURIComponent(doc.filename)}"`);
+  res.setHeader('Content-Type', doc.mimeType || 'application/octet-stream');
+  if (doc.totalSize) res.setHeader('Content-Length', String(doc.totalSize));
+
+  const sorted = [...doc.chunks].sort((a, b) => a.chunkIndex - b.chunkIndex);
+
+  for (const chunk of sorted) {
+    try {
+      await streamChunk(client, chunk.messageId, res);
+    } catch (e) {
+      console.error('[Download] chunk error:', e.message);
+      if (!res.headersSent) res.status(500).json({ error: e.message });
+      else res.destroy();
+      return;
+    }
+  }
+  res.end();
+});
+
+// ─────────────────────────────────────────────
+//  TELEGRAM HELPERS
+// ─────────────────────────────────────────────
+
+// Upload a Buffer to the Telegram channel and return the message ID
+async function uploadBuffer(client, buffer, caption) {
+  const file = await client.uploadFile({
+    file: new BufferFile(caption, buffer),
+    workers: DL_WORKERS,
+  });
+  const msg = await client.sendFile(CHANNEL_ID, {
+    file,
+    caption,
+    forceDocument: true,
+    workers: DL_WORKERS,
+  });
+  return msg.id;
+}
+
+// Stream a Telegram message's media directly to the HTTP response
+async function streamChunk(client, messageId, res) {
+  const [msg] = await client.getMessages(CHANNEL_ID, { ids: [messageId] });
+  if (!msg?.media) throw new Error(`No media in message ${messageId}`);
+
+  const pass = new PassThrough();
+
+  pass.on('data', (chunk) => {
+    const ok = res.write(chunk);
+    if (!ok) {
+      pass.pause();
+      res.once('drain', () => pass.resume()); // handle backpressure
+    }
+  });
+
+  await new Promise((resolve, reject) => {
+    pass.on('end', resolve);
+    pass.on('error', reject);
+    client.downloadMedia(msg, { outputFile: pass, workers: DL_WORKERS })
+      .then(() => pass.end())
+      .catch(reject);
+  });
+}
+
+// GramJS-compatible file object that reads from a Buffer
+class BufferFile {
+  constructor(name, buffer) {
+    this.name = name;
+    this.size = buffer.length;
+    this.path = name;
+    this._buf = buffer;
+  }
+  async *[Symbol.asyncIterator]() {
+    const PART = 512 * 1024;
+    for (let i = 0; i < this._buf.length; i += PART)
+      yield this._buf.slice(i, i + PART);
+  }
+}
+
+// ─────────────────────────────────────────────
+//  BOOT
+// ─────────────────────────────────────────────
+(async () => {
+  await connectMongo();
+  await loadSessions();
+  app.listen(PORT, '0.0.0.0', () => {
+    console.log(`\n🚀  Server ready at http://0.0.0.0:${PORT}`);
+    console.log(`🔗  Base URL      : ${BASE_URL}`);
+    console.log(`📦  Sessions      : ${clientPool.length}`);
+    console.log(`🗄️   MongoDB       : ${MONGO_URI}\n`);
+  });
+})();

package.json

@@ -0,0 +1,19 @@
+{
+  "name": "tg-store",
+  "version": "1.0.0",
+  "description": "Telegram File Storage & Direct Download System for Hugging Face Spaces",
+  "main": "index.js",
+  "scripts": {
+    "start": "node index.js",
+    "dev": "node --watch index.js"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "busboy": "^1.6.0",
+    "express": "^4.18.2",
+    "mongodb": "^6.3.0",
+    "telegram": "^2.22.2"
+  }
+}

strings.html

@@ -0,0 +1,206 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>TG Store · Add Session</title>
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+    :root {
+      --bg: #0d1117; --surface: #161b22; --border: #30363d;
+      --accent: #2f81f7; --accent2: #388bfd; --text: #e6edf3;
+      --muted: #8b949e; --success: #3fb950; --error: #f85149;
+    }
+    body {
+      background: var(--bg); color: var(--text);
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+      min-height: 100vh; display: flex; align-items: center;
+      justify-content: center; padding: 24px;
+    }
+    .card {
+      background: var(--surface); border: 1px solid var(--border);
+      border-radius: 10px; padding: 36px 40px;
+      width: 100%; max-width: 460px; box-shadow: 0 8px 32px #0009;
+    }
+    .logo { display: flex; align-items: center; gap: 12px; margin-bottom: 28px; }
+    .logo svg { color: var(--accent); flex-shrink: 0; }
+    .logo h1 { font-size: 1.25rem; font-weight: 700; }
+    .logo span { color: var(--muted); font-weight: 400; }
+    .steps { display: flex; gap: 8px; margin-bottom: 28px; }
+    .step { height: 4px; flex: 1; background: var(--border); border-radius: 2px; transition: background .3s; }
+    .step.on { background: var(--accent); }
+    label {
+      display: block; font-size: .78rem; color: var(--muted);
+      text-transform: uppercase; letter-spacing: .06em;
+      margin-bottom: 6px; margin-top: 18px;
+    }
+    input {
+      width: 100%; background: var(--bg); border: 1px solid var(--border);
+      border-radius: 6px; color: var(--text); padding: 10px 14px;
+      font-size: .95rem; outline: none; transition: border-color .2s;
+    }
+    input:focus { border-color: var(--accent); }
+    button {
+      margin-top: 22px; width: 100%; background: var(--accent);
+      color: #fff; border: none; border-radius: 6px; padding: 11px;
+      font-size: .98rem; font-weight: 600; cursor: pointer;
+      transition: background .2s, opacity .2s;
+    }
+    button:hover { background: var(--accent2); }
+    button:disabled { opacity: .45; cursor: not-allowed; }
+    .msg {
+      margin-top: 14px; padding: 11px 14px; border-radius: 6px;
+      font-size: .88rem; display: none;
+    }
+    .msg.ok  { background:#1a3a2a; border:1px solid #2d6040; color:var(--success); display:block; }
+    .msg.err { background:#3b1a1a; border:1px solid #7a2828; color:var(--error);   display:block; }
+    .session-out {
+      margin-top: 12px; background: var(--bg); border: 1px solid var(--border);
+      border-radius: 6px; padding: 10px 14px; font-size: .72rem;
+      font-family: monospace; color: var(--muted); word-break: break-all;
+    }
+    .hidden { display: none !important; }
+    footer { margin-top: 28px; font-size: .76rem; color: var(--muted); text-align: center; }
+  </style>
+</head>
+<body>
+<div class="card">
+
+  <div class="logo">
+    <svg width="26" height="26" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+      <polyline points="22 12 18 12 15 21 9 3 6 12 2 12"/>
+    </svg>
+    <h1>TG Store <span>· Add Session</span></h1>
+  </div>
+
+  <div class="steps">
+    <div class="step on"  id="s1"></div>
+    <div class="step"     id="s2"></div>
+    <div class="step"     id="s3"></div>
+  </div>
+
+  <!-- Step 1 -->
+  <div id="p1">
+    <label>API ID</label>
+    <input id="apiId" type="number" placeholder="12345678" />
+    <label>API Hash</label>
+    <input id="apiHash" type="text" placeholder="0123456789abcdef..." />
+    <label>Phone Number (with country code)</label>
+    <input id="phone" type="tel" placeholder="+1 555 000 0000" />
+    <button id="btnCode">Send OTP →</button>
+    <div class="msg" id="m1"></div>
+  </div>
+
+  <!-- Step 2 -->
+  <div id="p2" class="hidden">
+    <p style="color:var(--muted);font-size:.88rem;line-height:1.5">
+      Check your Telegram app or SMS for the one-time code.
+    </p>
+    <label>OTP Code</label>
+    <input id="otp" type="text" placeholder="12345" maxlength="12" />
+    <div id="twoFAWrap" class="hidden">
+      <label>Two-Factor Password</label>
+      <input id="twoFA" type="password" placeholder="Cloud password" />
+    </div>
+    <button id="btnVerify">Verify &amp; Save →</button>
+    <div class="msg" id="m2"></div>
+  </div>
+
+  <!-- Step 3 -->
+  <div id="p3" class="hidden">
+    <p style="color:var(--success);font-weight:700;font-size:1.05rem">✓ Session saved!</p>
+    <p style="color:var(--muted);font-size:.88rem;margin-top:8px;line-height:1.5">
+      This account is now in the upload pool and will be used for file uploads.
+    </p>
+    <label style="margin-top:20px">String Session (store safely)</label>
+    <div class="session-out" id="sessionOut"></div>
+    <button onclick="location.reload()"
+      style="margin-top:18px;background:#21262d;border:1px solid var(--border)">
+      + Add Another Account
+    </button>
+  </div>
+
+  <footer>Powered by GramJS · Node.js · MongoDB</footer>
+</div>
+
+<script>
+const $ = id => document.getElementById(id);
+
+function setStep(n) {
+  ['p1','p2','p3'].forEach((id,i) => $(id).classList.toggle('hidden', i+1 !== n));
+  ['s1','s2','s3'].forEach((id,i) => $(id).classList.toggle('on', i < n));
+}
+
+function msg(id, text, type) {
+  const el = $(id);
+  el.textContent = text;
+  el.className = 'msg ' + (type === 'ok' ? 'ok' : 'err');
+}
+
+let pendingPhone = '';
+
+$('btnCode').addEventListener('click', async () => {
+  const btn = $('btnCode');
+  btn.disabled = true; btn.textContent = 'Sending…';
+  msg('m1', '', '');
+
+  const body = {
+    apiId:   $('apiId').value.trim(),
+    apiHash: $('apiHash').value.trim(),
+    phone:   $('phone').value.trim(),
+  };
+  if (!body.apiId || !body.apiHash || !body.phone) {
+    msg('m1', 'All three fields are required.', 'err');
+    btn.disabled = false; btn.textContent = 'Send OTP →';
+    return;
+  }
+
+  try {
+    const r = await fetch('/strings/send-code', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    });
+    const d = await r.json();
+    if (!r.ok) throw new Error(d.error);
+    pendingPhone = body.phone;
+    setStep(2);
+  } catch(e) {
+    msg('m1', e.message, 'err');
+    btn.disabled = false; btn.textContent = 'Send OTP →';
+  }
+});
+
+$('btnVerify').addEventListener('click', async () => {
+  const btn = $('btnVerify');
+  btn.disabled = true; btn.textContent = 'Verifying…';
+  msg('m2', '', '');
+
+  const body = { phone: pendingPhone, code: $('otp').value.trim() };
+  const pw = $('twoFA').value.trim();
+  if (pw) body.password = pw;
+
+  try {
+    const r = await fetch('/strings/verify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    });
+    const d = await r.json();
+    if (d.twoFA) {
+      $('twoFAWrap').classList.remove('hidden');
+      msg('m2', '2FA required — enter your cloud password above and try again.', 'err');
+      btn.disabled = false; btn.textContent = 'Verify & Save →';
+      return;
+    }
+    if (!r.ok) throw new Error(d.error);
+    $('sessionOut').textContent = d.session || '';
+    setStep(3);
+  } catch(e) {
+    msg('m2', e.message, 'err');
+    btn.disabled = false; btn.textContent = 'Verify & Save →';
+  }
+});
+</script>
+</body>
+</html>