Upload 6 files

dockerfile

@@ -0,0 +1,23 @@
+
+
+# Secret Swap – Docker image
+# Uses lightweight Alpine Node base
+
+FROM node:20-alpine
+
+# Create app directory
+WORKDIR /app
+
+# Install production dependencies
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+# Copy source
+COPY . .
+
+# Hugging Face exposes its own $PORT; default to 7860 for local runs
+ENV PORT=${PORT:-7860}
+EXPOSE 7860
+
+# Launch the server
+CMD ["node", "server.js"]

package.json

@@ -0,0 +1,13 @@
+{
+  "name": "secret-swap",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "Ultra‑light secret exchange web app",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js"
+  },
+  "dependencies": {
+    "express": "^4.18.2"
+  }
+}

public/style.css

@@ -0,0 +1,93 @@
+
+
+/* ===== Secret Swap minimalist styling ===== */
+
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+}
+
+body {
+  font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
+    Helvetica, Arial, sans-serif;
+  margin: 2rem;
+  background: #f9f9fb;
+  color: #333;
+  line-height: 1.5;
+}
+
+h1,
+h2 {
+  margin-top: 0;
+  color: #111;
+}
+
+.container {
+  max-width: 640px;
+  margin: 0 auto;
+}
+
+form {
+  margin-top: 1rem;
+}
+
+label {
+  display: block;
+  margin-bottom: 0.75rem;
+  font-weight: 600;
+}
+
+input[type="text"],
+input[type="password"] {
+  width: 100%;
+  padding: 0.45rem 0.6rem;
+  border: 1px solid #ccc;
+  border-radius: 4px;
+  font-size: 1rem;
+}
+
+button {
+  padding: 0.55rem 1.1rem;
+  border: none;
+  border-radius: 4px;
+  background: #1e88e5;
+  color: #fff;
+  font-size: 1rem;
+  cursor: pointer;
+  transition: background 0.18s ease-in-out;
+}
+
+button:hover {
+  background: #1565c0;
+}
+
+a {
+  color: #1e88e5;
+  text-decoration: none;
+}
+
+a:hover {
+  text-decoration: underline;
+}
+
+ul {
+  padding-left: 1.25rem;
+}
+
+li {
+  margin-bottom: 0.35rem;
+}
+
+.message {
+  padding: 0.85rem 1rem;
+  border: 1px solid #1e88e5;
+  background: #e3f2fd;
+  border-radius: 4px;
+  margin: 1rem 0;
+}
+
+.error {
+  border-color: #e53935;
+  background: #ffebee;
+}

server.js

@@ -0,0 +1,169 @@
+/*  Secret-Swap – minimal Express server with flat-file storage  */
+import express from 'express';
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname  = path.dirname(__filename);
+
+const USERS_FILE = path.join(__dirname, 'users.json');
+const EXCH_FILE  = path.join(__dirname, 'exchanges.json');
+const PORT       = process.env.PORT || 3000;
+
+/* ---------- helpers ---------- */
+const readJSON  = (f, d = {}) => (fs.existsSync(f) ? JSON.parse(fs.readFileSync(f)) : d);
+const writeJSON = (f, o)      => fs.writeFileSync(f, JSON.stringify(o, null, 2));
+
+const sessions = new Map(); // token → username
+const genToken = () => crypto.randomUUID();
+
+function hashPass(pw, salt = crypto.randomBytes(16).toString('hex')) {
+  const hash = crypto.scryptSync(pw, salt, 64).toString('hex');
+  return `${salt}:${hash}`;
+}
+function checkPass(pw, stored) {
+  const [salt, ref] = stored.split(':');
+  const hash = crypto.scryptSync(pw, salt, 64).toString('hex');
+  return crypto.timingSafeEqual(Buffer.from(hash, 'hex'), Buffer.from(ref, 'hex'));
+}
+
+/* ---------- tiny templating ---------- */
+const page = (title, body) => `<!DOCTYPE html><html><head><meta charset=utf-8><title>${title}</title><link rel="stylesheet" href="/style.css"></head><body><h1>${title}</h1>${body}</body></html>`;
+const input = (n,l,t='text') => `<label>${l}: <input type="${t}" name="${n}" required></label><br>`;
+
+/* ---------- app ---------- */
+const app = express();
+app.use(express.urlencoded({extended:true}));
+app.use(express.static(path.join(__dirname,'public')));
+
+app.use((req, _res, next) => {
+  const token = (req.headers.cookie||'').split(';').map(c=>c.trim().split('='))[0]?.[1];
+  req.user = sessions.get(token);
+  req.token = token;
+  next();
+});
+const needAuth = (req,res,next)=>req.user?next():res.redirect('/login');
+
+/* ---------- auth ---------- */
+app.get('/register', (req,res)=>res.send(page('Register',`
+  <form method=post action=/register>
+    ${input('username','Username')}
+    ${input('password','Password','password')}
+    <button>Register</button>
+  </form>
+  <p><a href=/login>Have an account? Login</a></p>`)));
+
+app.post('/register',(req,res)=>{
+  const {username,password}=req.body;
+  const users=readJSON(USERS_FILE,{});
+  if(users[username])return res.send(page('Error','<p>User exists.</p>'));
+  users[username]=hashPass(password);
+  writeJSON(USERS_FILE,users);
+  res.redirect('/login');
+});
+
+app.get('/login',(req,res)=>res.send(page('Login',`
+  <form method=post action=/login>
+    ${input('username','Username')}
+    ${input('password','Password','password')}
+    <button>Login</button>
+  </form>
+  <p><a href=/register>No account? Register</a></p>`)));
+
+app.post('/login',(req,res)=>{
+  const {username,password}=req.body;
+  const users=readJSON(USERS_FILE,{});
+  if(!users[username]||!checkPass(password,users[username]))
+    return res.send(page('Error','<p>Bad credentials.</p>'));
+  const token=genToken();
+  sessions.set(token,username);
+  res.setHeader('Set-Cookie',`token=${token}; HttpOnly; Path=/`);
+  res.redirect('/dashboard');
+});
+
+app.get('/logout',(req,res)=>{
+  if(req.token) sessions.delete(req.token);
+  res.setHeader('Set-Cookie','token=; Max-Age=0; Path=/');
+  res.redirect('/login');
+});
+
+/* ---------- dashboard ---------- */
+app.get(['/','/dashboard'],needAuth,(req,res)=>{
+  const exchanges=readJSON(EXCH_FILE,{});
+  const list=Object.entries(exchanges)
+    .filter(([id,x])=>x.owner===req.user||x.partner===req.user)
+    .map(([id,x])=>{
+      const role = x.owner===req.user? 'owner':'partner';
+      return `<li>[${role}] “${x.secret}” → <a href=/respond/${id}>link</a>${x.responses.length?` (${x.responses.length} reply)`:' '}</li>`;
+    }).join('');
+  res.send(page('Dashboard',`
+    <p>Logged in as <strong>${req.user}</strong> | <a href=/logout>Logout</a></p>
+    <h2>Create new secret swap</h2>
+    <form method=post action=/create>
+      ${input('partner','Partner username')}
+      ${input('secret','Your secret')}
+      <button>Create & share</button>
+    </form>
+    <h2>Your swaps</h2>
+    <ul>${list||'<li>(none yet)</li>'}</ul>`));
+});
+
+/* ---------- create ---------- */
+app.post('/create',needAuth,(req,res)=>{
+  const {secret,partner}=req.body;
+  const users=readJSON(USERS_FILE,{});
+  if(!users[partner]) return res.send(page('Error','<p>Partner username not found.</p>'));
+  const exchanges=readJSON(EXCH_FILE,{});
+  const id=crypto.randomUUID();
+  exchanges[id]={id,owner:req.user,partner,secret,responses:[]};
+  writeJSON(EXCH_FILE,exchanges);
+  const host=req.headers.host;
+  res.send(page('Swap created',`
+    <p>Send this link to <strong>${partner}</strong>:</p>
+    <p><a href=/respond/${id}>http://${host}/respond/${id}</a></p>
+    <p><a href=/dashboard>Return to dashboard</a></p>`));
+});
+
+/* ---------- respond ---------- */
+app.get('/respond/:id',needAuth,(req,res)=>{
+  const ex=readJSON(EXCH_FILE,{})[req.params.id];
+  if(!ex) return res.send(page('Error','<p>Swap not found.</p>'));
+  if(req.user!==ex.partner && req.user!==ex.owner)
+    return res.send(page('Forbidden','<p>You are not part of this swap.</p>'));
+  if(req.user===ex.owner)
+    return res.redirect(`/view/${req.params.id}`);
+  const done=ex.responses.some(r=>r.from===req.user);
+  if(done) return res.redirect(`/view/${req.params.id}`);
+  res.send(page('Respond to secret',
+    `<p>Original secret will be revealed after you submit yours.</p>
+     <form method=post action=/respond/${req.params.id}>
+       ${input('response','Your secret')}
+       <button>Submit</button>
+     </form>`));
+});
+
+app.post('/respond/:id',needAuth,(req,res)=>{
+  const data=readJSON(EXCH_FILE,{});
+  const ex=data[req.params.id];
+  if(!ex||req.user!==ex.partner) return res.send(page('Error','<p>Not allowed.</p>'));
+  ex.responses.push({from:req.user,secret:req.body.response});
+  writeJSON(EXCH_FILE,data);
+  res.send(page('Secret revealed',`<p>Original secret from ${ex.owner}: <strong>${ex.secret}</strong></p>
+    <p><a href=/dashboard>Back to dashboard</a></p>`));
+});
+
+/* ---------- view (owner) ---------- */
+app.get('/view/:id',needAuth,(req,res)=>{
+  const ex=readJSON(EXCH_FILE,{})[req.params.id];
+  if(!ex||req.user!==ex.owner) return res.send(page('Error','<p>Not allowed.</p>'));
+  const list=ex.responses.map(r=>`<li>${r.from}: ${r.secret}</li>`).join('')||'<li>(no response yet)</li>';
+  res.send(page('Swap responses',`
+    <p>Your secret: <strong>${ex.secret}</strong></p>
+    <ul>${list}</ul>
+    <p><a href=/dashboard>Back to dashboard</a></p>`));
+});
+
+/* ---------- start ---------- */
+app.listen(PORT,()=>console.log(`Secret-Swap listening on ${PORT}`));