Upload 72 files

src/additional-headers.js

@@ -0,0 +1,242 @@
+const { TEXTGEN_TYPES, OPENROUTER_HEADERS, FEATHERLESS_HEADERS } = require('./constants');
+const { SECRET_KEYS, readSecret } = require('./endpoints/secrets');
+const { getConfigValue } = require('./util');
+
+/**
+ * Gets the headers for the Mancer API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getMancerHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.MANCER);
+
+    return apiKey ? ({
+        'X-API-KEY': apiKey,
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the TogetherAI API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getTogetherAIHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.TOGETHERAI);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the InfermaticAI API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getInfermaticAIHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.INFERMATICAI);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the DreamGen API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getDreamGenHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.DREAMGEN);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the OpenRouter API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getOpenRouterHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.OPENROUTER);
+    const baseHeaders = { ...OPENROUTER_HEADERS };
+
+    return apiKey ? Object.assign(baseHeaders, { 'Authorization': `Bearer ${apiKey}` }) : baseHeaders;
+}
+
+/**
+ * Gets the headers for the vLLM API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getVllmHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.VLLM);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the Aphrodite API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getAphroditeHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.APHRODITE);
+
+    return apiKey ? ({
+        'X-API-KEY': apiKey,
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the Tabby API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getTabbyHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.TABBY);
+
+    return apiKey ? ({
+        'x-api-key': apiKey,
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the LlamaCPP API.
+ * @param {import('./users').UserDirectoryList} directories User directories
+ * @returns {object} Headers for the request
+ */
+function getLlamaCppHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.LLAMACPP);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the Ooba API.
+ * @param {import('./users').UserDirectoryList} directories
+ * @returns {object} Headers for the request
+ */
+function getOobaHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.OOBA);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the KoboldCpp API.
+ * @param {import('./users').UserDirectoryList} directories
+ * @returns {object} Headers for the request
+ */
+function getKoboldCppHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.KOBOLDCPP);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+/**
+ * Gets the headers for the Featherless API.
+ * @param {import('./users').UserDirectoryList} directories
+ * @returns {object} Headers for the request
+ */
+function getFeatherlessHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.FEATHERLESS);
+    const baseHeaders = { ...FEATHERLESS_HEADERS };
+
+    return apiKey ? Object.assign(baseHeaders, { 'Authorization': `Bearer ${apiKey}` }) : baseHeaders;
+}
+
+/**
+ * Gets the headers for the HuggingFace API.
+ * @param {import('./users').UserDirectoryList} directories
+ * @returns {object} Headers for the request
+ */
+function getHuggingFaceHeaders(directories) {
+    const apiKey = readSecret(directories, SECRET_KEYS.HUGGINGFACE);
+
+    return apiKey ? ({
+        'Authorization': `Bearer ${apiKey}`,
+    }) : {};
+}
+
+function getOverrideHeaders(urlHost) {
+    const requestOverrides = getConfigValue('requestOverrides', []);
+    const overrideHeaders = requestOverrides?.find((e) => e.hosts?.includes(urlHost))?.headers;
+    if (overrideHeaders && urlHost) {
+        return overrideHeaders;
+    } else {
+        return {};
+    }
+}
+
+/**
+ * Sets additional headers for the request.
+ * @param {import('express').Request} request Original request body
+ * @param {object} args New request arguments
+ * @param {string|null} server API server for new request
+ */
+function setAdditionalHeaders(request, args, server) {
+    setAdditionalHeadersByType(args.headers, request.body.api_type, server, request.user.directories);
+}
+
+/**
+ *
+ * @param {object} requestHeaders Request headers
+ * @param {string} type API type
+ * @param {string|null} server API server for new request
+ * @param {import('./users').UserDirectoryList} directories User directories
+ */
+function setAdditionalHeadersByType(requestHeaders, type, server, directories) {
+    const headerGetters = {
+        [TEXTGEN_TYPES.MANCER]: getMancerHeaders,
+        [TEXTGEN_TYPES.VLLM]: getVllmHeaders,
+        [TEXTGEN_TYPES.APHRODITE]: getAphroditeHeaders,
+        [TEXTGEN_TYPES.TABBY]: getTabbyHeaders,
+        [TEXTGEN_TYPES.TOGETHERAI]: getTogetherAIHeaders,
+        [TEXTGEN_TYPES.OOBA]: getOobaHeaders,
+        [TEXTGEN_TYPES.INFERMATICAI]: getInfermaticAIHeaders,
+        [TEXTGEN_TYPES.DREAMGEN]: getDreamGenHeaders,
+        [TEXTGEN_TYPES.OPENROUTER]: getOpenRouterHeaders,
+        [TEXTGEN_TYPES.KOBOLDCPP]: getKoboldCppHeaders,
+        [TEXTGEN_TYPES.LLAMACPP]: getLlamaCppHeaders,
+        [TEXTGEN_TYPES.FEATHERLESS]: getFeatherlessHeaders,
+        [TEXTGEN_TYPES.HUGGINGFACE]: getHuggingFaceHeaders,
+    };
+
+    const getHeaders = headerGetters[type];
+    const headers = getHeaders ? getHeaders(directories) : {};
+
+    if (typeof server === 'string' && server.length > 0) {
+        try {
+            const url = new URL(server);
+            const overrideHeaders = getOverrideHeaders(url.host);
+
+            if (overrideHeaders && Object.keys(overrideHeaders).length > 0) {
+                Object.assign(headers, overrideHeaders);
+            }
+        } catch {
+            // Do nothing
+        }
+    }
+
+    Object.assign(requestHeaders, headers);
+}
+
+module.exports = {
+    getOverrideHeaders,
+    setAdditionalHeaders,
+    setAdditionalHeadersByType,
+};

src/character-card-parser.js

@@ -0,0 +1,100 @@
+const fs = require('fs');
+
+const encode = require('png-chunks-encode');
+const extract = require('png-chunks-extract');
+const PNGtext = require('png-chunk-text');
+
+/**
+ * Writes Character metadata to a PNG image buffer.
+ * Writes only 'chara', 'ccv3' is not supported and removed not to create a mismatch.
+ * @param {Buffer} image PNG image buffer
+ * @param {string} data Character data to write
+ * @returns {Buffer} PNG image buffer with metadata
+ */
+const write = (image, data) => {
+    const chunks = extract(image);
+    const tEXtChunks = chunks.filter(chunk => chunk.name === 'tEXt');
+
+    // Remove existing tEXt chunks
+    for (const tEXtChunk of tEXtChunks) {
+        const data = PNGtext.decode(tEXtChunk.data);
+        if (data.keyword.toLowerCase() === 'chara' || data.keyword.toLowerCase() === 'ccv3') {
+            chunks.splice(chunks.indexOf(tEXtChunk), 1);
+        }
+    }
+
+    // Add new v2 chunk before the IEND chunk
+    const base64EncodedData = Buffer.from(data, 'utf8').toString('base64');
+    chunks.splice(-1, 0, PNGtext.encode('chara', base64EncodedData));
+
+    // Try adding v3 chunk before the IEND chunk
+    try {
+        //change v2 format to v3
+        const v3Data = JSON.parse(data);
+        v3Data.spec = 'chara_card_v3';
+        v3Data.spec_version = '3.0';
+
+        const base64EncodedData = Buffer.from(JSON.stringify(v3Data), 'utf8').toString('base64');
+        chunks.splice(-1, 0, PNGtext.encode('ccv3', base64EncodedData));
+    } catch (error) { }
+
+    const newBuffer = Buffer.from(encode(chunks));
+    return newBuffer;
+};
+
+/**
+ * Reads Character metadata from a PNG image buffer.
+ * Supports both V2 (chara) and V3 (ccv3). V3 (ccv3) takes precedence.
+ * @param {Buffer} image PNG image buffer
+ * @returns {string} Character data
+ */
+const read = (image) => {
+    const chunks = extract(image);
+
+    const textChunks = chunks.filter((chunk) => chunk.name === 'tEXt').map((chunk) => PNGtext.decode(chunk.data));
+
+    if (textChunks.length === 0) {
+        console.error('PNG metadata does not contain any text chunks.');
+        throw new Error('No PNG metadata.');
+    }
+
+    const ccv3Index = textChunks.findIndex((chunk) => chunk.keyword.toLowerCase() === 'ccv3');
+
+    if (ccv3Index > -1) {
+        return Buffer.from(textChunks[ccv3Index].text, 'base64').toString('utf8');
+    }
+
+    const charaIndex = textChunks.findIndex((chunk) => chunk.keyword.toLowerCase() === 'chara');
+
+    if (charaIndex > -1) {
+        return Buffer.from(textChunks[charaIndex].text, 'base64').toString('utf8');
+    }
+
+    console.error('PNG metadata does not contain any character data.');
+    throw new Error('No PNG metadata.');
+};
+
+/**
+ * Parses a card image and returns the character metadata.
+ * @param {string} cardUrl Path to the card image
+ * @param {string} format File format
+ * @returns {string} Character data
+ */
+const parse = (cardUrl, format) => {
+    let fileFormat = format === undefined ? 'png' : format;
+
+    switch (fileFormat) {
+        case 'png': {
+            const buffer = fs.readFileSync(cardUrl);
+            return read(buffer);
+        }
+    }
+
+    throw new Error('Unsupported format');
+};
+
+module.exports = {
+    parse,
+    write,
+    read,
+};

src/constants.js

@@ -0,0 +1,442 @@
+const PUBLIC_DIRECTORIES = {
+    images: 'public/img/',
+    backups: 'backups/',
+    sounds: 'public/sounds',
+    extensions: 'public/scripts/extensions',
+};
+
+const DEFAULT_AVATAR = '/img/ai4.png';
+const SETTINGS_FILE = 'settings.json';
+
+/**
+ * @type {import('./users').UserDirectoryList}
+ * @readonly
+ * @enum {string}
+ */
+const USER_DIRECTORY_TEMPLATE = Object.freeze({
+    root: '',
+    thumbnails: 'thumbnails',
+    thumbnailsBg: 'thumbnails/bg',
+    thumbnailsAvatar: 'thumbnails/avatar',
+    worlds: 'worlds',
+    user: 'user',
+    avatars: 'User Avatars',
+    userImages: 'user/images',
+    groups: 'groups',
+    groupChats: 'group chats',
+    chats: 'chats',
+    characters: 'characters',
+    backgrounds: 'backgrounds',
+    novelAI_Settings: 'NovelAI Settings',
+    koboldAI_Settings: 'KoboldAI Settings',
+    openAI_Settings: 'OpenAI Settings',
+    textGen_Settings: 'TextGen Settings',
+    themes: 'themes',
+    movingUI: 'movingUI',
+    extensions: 'extensions',
+    instruct: 'instruct',
+    context: 'context',
+    quickreplies: 'QuickReplies',
+    assets: 'assets',
+    comfyWorkflows: 'user/workflows',
+    files: 'user/files',
+    vectors: 'vectors',
+    backups: 'backups',
+});
+
+/**
+ * @type {import('./users').User}
+ * @readonly
+ */
+const DEFAULT_USER = Object.freeze({
+    handle: 'default-user',
+    name: 'User',
+    created: Date.now(),
+    password: '',
+    admin: true,
+    enabled: true,
+    salt: '',
+});
+
+const UNSAFE_EXTENSIONS = [
+    '.php',
+    '.exe',
+    '.com',
+    '.dll',
+    '.pif',
+    '.application',
+    '.gadget',
+    '.msi',
+    '.jar',
+    '.cmd',
+    '.bat',
+    '.reg',
+    '.sh',
+    '.py',
+    '.js',
+    '.jse',
+    '.jsp',
+    '.pdf',
+    '.html',
+    '.htm',
+    '.hta',
+    '.vb',
+    '.vbs',
+    '.vbe',
+    '.cpl',
+    '.msc',
+    '.scr',
+    '.sql',
+    '.iso',
+    '.img',
+    '.dmg',
+    '.ps1',
+    '.ps1xml',
+    '.ps2',
+    '.ps2xml',
+    '.psc1',
+    '.psc2',
+    '.msh',
+    '.msh1',
+    '.msh2',
+    '.mshxml',
+    '.msh1xml',
+    '.msh2xml',
+    '.scf',
+    '.lnk',
+    '.inf',
+    '.reg',
+    '.doc',
+    '.docm',
+    '.docx',
+    '.dot',
+    '.dotm',
+    '.dotx',
+    '.xls',
+    '.xlsm',
+    '.xlsx',
+    '.xlt',
+    '.xltm',
+    '.xltx',
+    '.xlam',
+    '.ppt',
+    '.pptm',
+    '.pptx',
+    '.pot',
+    '.potm',
+    '.potx',
+    '.ppam',
+    '.ppsx',
+    '.ppsm',
+    '.pps',
+    '.ppam',
+    '.sldx',
+    '.sldm',
+    '.ws',
+];
+
+const GEMINI_SAFETY = [
+    {
+        category: 'HARM_CATEGORY_HARASSMENT',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_HATE_SPEECH',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_SEXUALLY_EXPLICIT',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_DANGEROUS_CONTENT',
+        threshold: 'BLOCK_NONE',
+    },
+];
+
+const BISON_SAFETY = [
+    {
+        category: 'HARM_CATEGORY_DEROGATORY',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_TOXICITY',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_VIOLENCE',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_SEXUAL',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_MEDICAL',
+        threshold: 'BLOCK_NONE',
+    },
+    {
+        category: 'HARM_CATEGORY_DANGEROUS',
+        threshold: 'BLOCK_NONE',
+    },
+];
+
+const CHAT_COMPLETION_SOURCES = {
+    OPENAI: 'openai',
+    WINDOWAI: 'windowai',
+    CLAUDE: 'claude',
+    SCALE: 'scale',
+    OPENROUTER: 'openrouter',
+    AI21: 'ai21',
+    MAKERSUITE: 'makersuite',
+    MISTRALAI: 'mistralai',
+    CUSTOM: 'custom',
+    COHERE: 'cohere',
+    PERPLEXITY: 'perplexity',
+    GROQ: 'groq',
+    ZEROONEAI: '01ai',
+    BLOCKENTROPY: 'blockentropy',
+};
+
+/**
+ * Path to multer file uploads under the data root.
+ */
+const UPLOADS_DIRECTORY = '_uploads';
+
+// TODO: this is copied from the client code; there should be a way to de-duplicate it eventually
+const TEXTGEN_TYPES = {
+    OOBA: 'ooba',
+    MANCER: 'mancer',
+    VLLM: 'vllm',
+    APHRODITE: 'aphrodite',
+    TABBY: 'tabby',
+    KOBOLDCPP: 'koboldcpp',
+    TOGETHERAI: 'togetherai',
+    LLAMACPP: 'llamacpp',
+    OLLAMA: 'ollama',
+    INFERMATICAI: 'infermaticai',
+    DREAMGEN: 'dreamgen',
+    OPENROUTER: 'openrouter',
+    FEATHERLESS: 'featherless',
+    HUGGINGFACE: 'huggingface',
+};
+
+const INFERMATICAI_KEYS = [
+    'model',
+    'prompt',
+    'max_tokens',
+    'temperature',
+    'top_p',
+    'top_k',
+    'repetition_penalty',
+    'stream',
+    'stop',
+    'presence_penalty',
+    'frequency_penalty',
+    'min_p',
+    'seed',
+    'ignore_eos',
+    'n',
+    'best_of',
+    'min_tokens',
+    'spaces_between_special_tokens',
+    'skip_special_tokens',
+    'logprobs',
+];
+
+const FEATHERLESS_KEYS = [
+    'model',
+    'prompt',
+    'best_of',
+    'echo',
+    'frequency_penalty',
+    'logit_bias',
+    'logprobs',
+    'max_tokens',
+    'n',
+    'presence_penalty',
+    'seed',
+    'stop',
+    'stream',
+    'suffix',
+    'temperature',
+    'top_p',
+    'user',
+
+    'use_beam_search',
+    'top_k',
+    'min_p',
+    'repetition_penalty',
+    'length_penalty',
+    'early_stopping',
+    'stop_token_ids',
+    'ignore_eos',
+    'min_tokens',
+    'skip_special_tokens',
+    'spaces_between_special_tokens',
+    'truncate_prompt_tokens',
+
+    'include_stop_str_in_output',
+    'response_format',
+    'guided_json',
+    'guided_regex',
+    'guided_choice',
+    'guided_grammar',
+    'guided_decoding_backend',
+    'guided_whitespace_pattern',
+];
+
+
+// https://dreamgen.com/docs/api#openai-text
+const DREAMGEN_KEYS = [
+    'model',
+    'prompt',
+    'max_tokens',
+    'temperature',
+    'top_p',
+    'top_k',
+    'min_p',
+    'repetition_penalty',
+    'frequency_penalty',
+    'presence_penalty',
+    'stop',
+    'stream',
+    'minimum_message_content_tokens',
+];
+
+// https://docs.together.ai/reference/completions
+const TOGETHERAI_KEYS = [
+    'model',
+    'prompt',
+    'max_tokens',
+    'temperature',
+    'top_p',
+    'top_k',
+    'repetition_penalty',
+    'min_p',
+    'presence_penalty',
+    'frequency_penalty',
+    'stream',
+    'stop',
+];
+
+// https://github.com/jmorganca/ollama/blob/main/docs/api.md#request-with-options
+const OLLAMA_KEYS = [
+    'num_predict',
+    'num_ctx',
+    'stop',
+    'temperature',
+    'repeat_penalty',
+    'presence_penalty',
+    'frequency_penalty',
+    'top_k',
+    'top_p',
+    'tfs_z',
+    'typical_p',
+    'seed',
+    'repeat_last_n',
+    'mirostat',
+    'mirostat_tau',
+    'mirostat_eta',
+    'min_p',
+];
+
+const AVATAR_WIDTH = 512;
+const AVATAR_HEIGHT = 768;
+
+const OPENROUTER_HEADERS = {
+    'HTTP-Referer': 'https://sillytavern.app',
+    'X-Title': 'SillyTavern',
+};
+
+const FEATHERLESS_HEADERS = {
+    'HTTP-Referer': 'https://sillytavern.app',
+    'X-Title': 'SillyTavern',
+};
+
+const OPENROUTER_KEYS = [
+    'max_tokens',
+    'temperature',
+    'top_k',
+    'top_p',
+    'presence_penalty',
+    'frequency_penalty',
+    'repetition_penalty',
+    'min_p',
+    'top_a',
+    'seed',
+    'logit_bias',
+    'model',
+    'stream',
+    'prompt',
+    'stop',
+    'provider',
+];
+
+// https://github.com/vllm-project/vllm/blob/0f8a91401c89ac0a8018def3756829611b57727f/vllm/entrypoints/openai/protocol.py#L220
+const VLLM_KEYS = [
+    'model',
+    'prompt',
+    'best_of',
+    'echo',
+    'frequency_penalty',
+    'logit_bias',
+    'logprobs',
+    'max_tokens',
+    'n',
+    'presence_penalty',
+    'seed',
+    'stop',
+    'stream',
+    'suffix',
+    'temperature',
+    'top_p',
+    'user',
+
+    'use_beam_search',
+    'top_k',
+    'min_p',
+    'repetition_penalty',
+    'length_penalty',
+    'early_stopping',
+    'stop_token_ids',
+    'ignore_eos',
+    'min_tokens',
+    'skip_special_tokens',
+    'spaces_between_special_tokens',
+    'truncate_prompt_tokens',
+
+    'include_stop_str_in_output',
+    'response_format',
+    'guided_json',
+    'guided_regex',
+    'guided_choice',
+    'guided_grammar',
+    'guided_decoding_backend',
+    'guided_whitespace_pattern',
+];
+
+module.exports = {
+    DEFAULT_USER,
+    DEFAULT_AVATAR,
+    SETTINGS_FILE,
+    PUBLIC_DIRECTORIES,
+    USER_DIRECTORY_TEMPLATE,
+    UNSAFE_EXTENSIONS,
+    UPLOADS_DIRECTORY,
+    GEMINI_SAFETY,
+    BISON_SAFETY,
+    TEXTGEN_TYPES,
+    CHAT_COMPLETION_SOURCES,
+    AVATAR_WIDTH,
+    AVATAR_HEIGHT,
+    TOGETHERAI_KEYS,
+    OLLAMA_KEYS,
+    INFERMATICAI_KEYS,
+    DREAMGEN_KEYS,
+    OPENROUTER_HEADERS,
+    OPENROUTER_KEYS,
+    VLLM_KEYS,
+    FEATHERLESS_KEYS,
+    FEATHERLESS_HEADERS,
+};

src/endpoints/anthropic.js

@@ -0,0 +1,68 @@
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const fetch = require('node-fetch').default;
+const express = require('express');
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+router.post('/caption-image', jsonParser, async (request, response) => {
+    try {
+        const mimeType = request.body.image.split(';')[0].split(':')[1];
+        const base64Data = request.body.image.split(',')[1];
+        const baseUrl = request.body.reverse_proxy ? request.body.reverse_proxy : 'https://api.anthropic.com/v1';
+        const url = `${baseUrl}/messages`;
+        const body = {
+            model: request.body.model,
+            messages: [
+                {
+                    'role': 'user', 'content': [
+                        {
+                            'type': 'image',
+                            'source': {
+                                'type': 'base64',
+                                'media_type': mimeType,
+                                'data': base64Data,
+                            },
+                        },
+                        { 'type': 'text', 'text': request.body.prompt },
+                    ],
+                },
+            ],
+            max_tokens: 4096,
+        };
+
+        console.log('Multimodal captioning request', body);
+
+        const result = await fetch(url, {
+            body: JSON.stringify(body),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'anthropic-version': '2023-06-01',
+                'x-api-key': request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.CLAUDE),
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log(`Claude API returned error: ${result.status} ${result.statusText}`, text);
+            return response.status(result.status).send({ error: true });
+        }
+
+        const generateResponseJson = await result.json();
+        const caption = generateResponseJson.content[0].text;
+        console.log('Claude response:', generateResponseJson);
+
+        if (!caption) {
+            return response.status(500).send('No caption found');
+        }
+
+        return response.json({ caption });
+    } catch (error) {
+        console.error(error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+module.exports = { router };

src/endpoints/assets.js

@@ -0,0 +1,370 @@
+const path = require('path');
+const fs = require('fs');
+const mime = require('mime-types');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const fetch = require('node-fetch').default;
+const { finished } = require('stream/promises');
+const { UNSAFE_EXTENSIONS } = require('../constants');
+const { jsonParser } = require('../express-common');
+const { clientRelativePath } = require('../util');
+
+const VALID_CATEGORIES = ['bgm', 'ambient', 'blip', 'live2d', 'vrm', 'character', 'temp'];
+
+/**
+ * Validates the input filename for the asset.
+ * @param {string} inputFilename Input filename
+ * @returns {{error: boolean, message?: string}} Whether validation failed, and why if so
+ */
+function validateAssetFileName(inputFilename) {
+    if (!/^[a-zA-Z0-9_\-.]+$/.test(inputFilename)) {
+        return {
+            error: true,
+            message: 'Illegal character in filename; only alphanumeric, \'_\', \'-\' are accepted.',
+        };
+    }
+
+    const inputExtension = path.extname(inputFilename).toLowerCase();
+    if (UNSAFE_EXTENSIONS.some(ext => ext === inputExtension)) {
+        return {
+            error: true,
+            message: 'Forbidden file extension.',
+        };
+    }
+
+    if (inputFilename.startsWith('.')) {
+        return {
+            error: true,
+            message: 'Filename cannot start with \'.\'',
+        };
+    }
+
+    if (sanitize(inputFilename) !== inputFilename) {
+        return {
+            error: true,
+            message: 'Reserved or long filename.',
+        };
+    }
+
+    return { error: false };
+}
+
+/**
+ * Recursive function to get files
+ * @param {string} dir - The directory to search for files
+ * @param {string[]} files - The array of files to return
+ * @returns {string[]} - The array of files
+ */
+function getFiles(dir, files = []) {
+    if (!fs.existsSync(dir)) return files;
+
+    // Get an array of all files and directories in the passed directory using fs.readdirSync
+    const fileList = fs.readdirSync(dir, { withFileTypes: true });
+    // Create the full path of the file/directory by concatenating the passed directory and file/directory name
+    for (const file of fileList) {
+        const name = path.join(dir, file.name);
+        // Check if the current file/directory is a directory using fs.statSync
+        if (file.isDirectory()) {
+            // If it is a directory, recursively call the getFiles function with the directory path and the files array
+            getFiles(name, files);
+        } else {
+            // If it is a file, push the full path to the files array
+            files.push(name);
+        }
+    }
+    return files;
+}
+
+/**
+ * Ensure that the asset folders exist.
+ * @param {import('../users').UserDirectoryList} directories - The user's directories
+ */
+function ensureFoldersExist(directories) {
+    const folderPath = path.join(directories.assets);
+
+    for (const category of VALID_CATEGORIES) {
+        const assetCategoryPath = path.join(folderPath, category);
+        if (fs.existsSync(assetCategoryPath) && !fs.statSync(assetCategoryPath).isDirectory()) {
+            fs.unlinkSync(assetCategoryPath);
+        }
+        if (!fs.existsSync(assetCategoryPath)) {
+            fs.mkdirSync(assetCategoryPath, { recursive: true });
+        }
+    }
+}
+
+const router = express.Router();
+
+/**
+ * HTTP POST handler function to retrieve name of all files of a given folder path.
+ *
+ * @param {Object} request - HTTP Request object. Require folder path in query
+ * @param {Object} response - HTTP Response object will contain a list of file path.
+ *
+ * @returns {void}
+ */
+router.post('/get', jsonParser, async (request, response) => {
+    const folderPath = path.join(request.user.directories.assets);
+    let output = {};
+
+    try {
+        if (fs.existsSync(folderPath) && fs.statSync(folderPath).isDirectory()) {
+
+            ensureFoldersExist(request.user.directories);
+
+            const folders = fs.readdirSync(folderPath, { withFileTypes: true })
+                .filter(file => file.isDirectory());
+
+            for (const { name: folder } of folders) {
+                if (folder == 'temp')
+                    continue;
+
+                // Live2d assets
+                if (folder == 'live2d') {
+                    output[folder] = [];
+                    const live2d_folder = path.normalize(path.join(folderPath, folder));
+                    const files = getFiles(live2d_folder);
+                    //console.debug("FILE FOUND:",files)
+                    for (let file of files) {
+                        if (file.includes('model') && file.endsWith('.json')) {
+                            //console.debug("Asset live2d model found:",file)
+                            output[folder].push(clientRelativePath(request.user.directories.root, file));
+                        }
+                    }
+                    continue;
+                }
+
+                // VRM assets
+                if (folder == 'vrm') {
+                    output[folder] = { 'model': [], 'animation': [] };
+                    // Extract models
+                    const vrm_model_folder = path.normalize(path.join(folderPath, 'vrm', 'model'));
+                    let files = getFiles(vrm_model_folder);
+                    //console.debug("FILE FOUND:",files)
+                    for (let file of files) {
+                        if (!file.endsWith('.placeholder')) {
+                            //console.debug("Asset VRM model found:",file)
+                            output['vrm']['model'].push(clientRelativePath(request.user.directories.root, file));
+                        }
+                    }
+
+                    // Extract models
+                    const vrm_animation_folder = path.normalize(path.join(folderPath, 'vrm', 'animation'));
+                    files = getFiles(vrm_animation_folder);
+                    //console.debug("FILE FOUND:",files)
+                    for (let file of files) {
+                        if (!file.endsWith('.placeholder')) {
+                            //console.debug("Asset VRM animation found:",file)
+                            output['vrm']['animation'].push(clientRelativePath(request.user.directories.root, file));
+                        }
+                    }
+                    continue;
+                }
+
+                // Other assets (bgm/ambient/blip)
+                const files = fs.readdirSync(path.join(folderPath, folder))
+                    .filter(filename => {
+                        return filename != '.placeholder';
+                    });
+                output[folder] = [];
+                for (const file of files) {
+                    output[folder].push(`assets/${folder}/${file}`);
+                }
+            }
+        }
+    }
+    catch (err) {
+        console.log(err);
+    }
+    return response.send(output);
+});
+
+/**
+ * HTTP POST handler function to download the requested asset.
+ *
+ * @param {Object} request - HTTP Request object, expects a url, a category and a filename.
+ * @param {Object} response - HTTP Response only gives status.
+ *
+ * @returns {void}
+ */
+router.post('/download', jsonParser, async (request, response) => {
+    const url = request.body.url;
+    const inputCategory = request.body.category;
+
+    // Check category
+    let category = null;
+    for (let i of VALID_CATEGORIES)
+        if (i == inputCategory)
+            category = i;
+
+    if (category === null) {
+        console.debug('Bad request: unsupported asset category.');
+        return response.sendStatus(400);
+    }
+
+    // Validate filename
+    ensureFoldersExist(request.user.directories);
+    const validation = validateAssetFileName(request.body.filename);
+    if (validation.error)
+        return response.status(400).send(validation.message);
+
+    const temp_path = path.join(request.user.directories.assets, 'temp', request.body.filename);
+    const file_path = path.join(request.user.directories.assets, category, request.body.filename);
+    console.debug('Request received to download', url, 'to', file_path);
+
+    try {
+        // Download to temp
+        const res = await fetch(url);
+        if (!res.ok || res.body === null) {
+            throw new Error(`Unexpected response ${res.statusText}`);
+        }
+        const destination = path.resolve(temp_path);
+        // Delete if previous download failed
+        if (fs.existsSync(temp_path)) {
+            fs.unlink(temp_path, (err) => {
+                if (err) throw err;
+            });
+        }
+        const fileStream = fs.createWriteStream(destination, { flags: 'wx' });
+        // @ts-ignore
+        await finished(res.body.pipe(fileStream));
+
+        if (category === 'character') {
+            const fileContent = fs.readFileSync(temp_path);
+            const contentType = mime.lookup(temp_path) || 'application/octet-stream';
+            response.setHeader('Content-Type', contentType);
+            response.send(fileContent);
+            fs.rmSync(temp_path);
+            return;
+        }
+
+        // Move into asset place
+        console.debug('Download finished, moving file from', temp_path, 'to', file_path);
+        fs.copyFileSync(temp_path, file_path);
+        fs.rmSync(temp_path);
+        response.sendStatus(200);
+    }
+    catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+/**
+ * HTTP POST handler function to delete the requested asset.
+ *
+ * @param {Object} request - HTTP Request object, expects a category and a filename
+ * @param {Object} response - HTTP Response only gives stats.
+ *
+ * @returns {void}
+ */
+router.post('/delete', jsonParser, async (request, response) => {
+    const inputCategory = request.body.category;
+
+    // Check category
+    let category = null;
+    for (let i of VALID_CATEGORIES)
+        if (i == inputCategory)
+            category = i;
+
+    if (category === null) {
+        console.debug('Bad request: unsupported asset category.');
+        return response.sendStatus(400);
+    }
+
+    // Validate filename
+    const validation = validateAssetFileName(request.body.filename);
+    if (validation.error)
+        return response.status(400).send(validation.message);
+
+    const file_path = path.join(request.user.directories.assets, category, request.body.filename);
+    console.debug('Request received to delete', category, file_path);
+
+    try {
+        // Delete if previous download failed
+        if (fs.existsSync(file_path)) {
+            fs.unlink(file_path, (err) => {
+                if (err) throw err;
+            });
+            console.debug('Asset deleted.');
+        }
+        else {
+            console.debug('Asset not found.');
+            response.sendStatus(400);
+        }
+        // Move into asset place
+        response.sendStatus(200);
+    }
+    catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+///////////////////////////////
+/**
+ * HTTP POST handler function to retrieve a character background music list.
+ *
+ * @param {Object} request - HTTP Request object, expects a character name in the query.
+ * @param {Object} response - HTTP Response object will contain a list of audio file path.
+ *
+ * @returns {void}
+ */
+router.post('/character', jsonParser, async (request, response) => {
+    if (request.query.name === undefined) return response.sendStatus(400);
+    // For backwards compatibility, don't reject invalid character names, just sanitize them
+    const name = sanitize(request.query.name.toString());
+    const inputCategory = request.query.category;
+
+    // Check category
+    let category = null;
+    for (let i of VALID_CATEGORIES)
+        if (i == inputCategory)
+            category = i;
+
+    if (category === null) {
+        console.debug('Bad request: unsupported asset category.');
+        return response.sendStatus(400);
+    }
+
+    const folderPath = path.join(request.user.directories.characters, name, category);
+
+    let output = [];
+    try {
+        if (fs.existsSync(folderPath) && fs.statSync(folderPath).isDirectory()) {
+
+            // Live2d assets
+            if (category == 'live2d') {
+                const folders = fs.readdirSync(folderPath, { withFileTypes: true });
+                for (const folderInfo of folders) {
+                    if (!folderInfo.isDirectory()) continue;
+
+                    const modelFolder = folderInfo.name;
+                    const live2dModelPath = path.join(folderPath, modelFolder);
+                    for (let file of fs.readdirSync(live2dModelPath)) {
+                        //console.debug("Character live2d model found:", file)
+                        if (file.includes('model') && file.endsWith('.json'))
+                            output.push(path.join('characters', name, category, modelFolder, file));
+                    }
+                }
+                return response.send(output);
+            }
+
+            // Other assets
+            const files = fs.readdirSync(folderPath)
+                .filter(filename => {
+                    return filename != '.placeholder';
+                });
+
+            for (let i of files)
+                output.push(`/characters/${name}/${category}/${i}`);
+        }
+        return response.send(output);
+    }
+    catch (err) {
+        console.log(err);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router, validateAssetFileName };

src/endpoints/avatars.js

@@ -0,0 +1,62 @@
+const express = require('express');
+const path = require('path');
+const fs = require('fs');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { jsonParser, urlencodedParser } = require('../express-common');
+const { AVATAR_WIDTH, AVATAR_HEIGHT } = require('../constants');
+const { getImages, tryParse } = require('../util');
+
+// image processing related library imports
+const jimp = require('jimp');
+
+const router = express.Router();
+
+router.post('/get', jsonParser, function (request, response) {
+    var images = getImages(request.user.directories.avatars);
+    response.send(JSON.stringify(images));
+});
+
+router.post('/delete', jsonParser, function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    if (request.body.avatar !== sanitize(request.body.avatar)) {
+        console.error('Malicious avatar name prevented');
+        return response.sendStatus(403);
+    }
+
+    const fileName = path.join(request.user.directories.avatars, sanitize(request.body.avatar));
+
+    if (fs.existsSync(fileName)) {
+        fs.rmSync(fileName);
+        return response.send({ result: 'ok' });
+    }
+
+    return response.sendStatus(404);
+});
+
+router.post('/upload', urlencodedParser, async (request, response) => {
+    if (!request.file) return response.sendStatus(400);
+
+    try {
+        const pathToUpload = path.join(request.file.destination, request.file.filename);
+        const crop = tryParse(request.query.crop);
+        let rawImg = await jimp.read(pathToUpload);
+
+        if (typeof crop == 'object' && [crop.x, crop.y, crop.width, crop.height].every(x => typeof x === 'number')) {
+            rawImg = rawImg.crop(crop.x, crop.y, crop.width, crop.height);
+        }
+
+        const image = await rawImg.cover(AVATAR_WIDTH, AVATAR_HEIGHT).getBufferAsync(jimp.MIME_PNG);
+
+        const filename = request.body.overwrite_name || `${Date.now()}.png`;
+        const pathToNewFile = path.join(request.user.directories.avatars, filename);
+        writeFileAtomicSync(pathToNewFile, image);
+        fs.rmSync(pathToUpload);
+        return response.send({ path: filename });
+    } catch (err) {
+        return response.status(400).send('Is not a valid image');
+    }
+});
+
+module.exports = { router };

src/endpoints/azure.js

@@ -0,0 +1,92 @@
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const fetch = require('node-fetch').default;
+const express = require('express');
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+router.post('/list', jsonParser, async (req, res) => {
+    try {
+        const key = readSecret(req.user.directories, SECRET_KEYS.AZURE_TTS);
+
+        if (!key) {
+            console.error('Azure TTS API Key not set');
+            return res.sendStatus(403);
+        }
+
+        const region = req.body.region;
+
+        if (!region) {
+            console.error('Azure TTS region not set');
+            return res.sendStatus(400);
+        }
+
+        const url = `https://${region}.tts.speech.microsoft.com/cognitiveservices/voices/list`;
+
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Ocp-Apim-Subscription-Key': key,
+            },
+        });
+
+        if (!response.ok) {
+            console.error('Azure Request failed', response.status, response.statusText);
+            return res.sendStatus(500);
+        }
+
+        const voices = await response.json();
+        return res.json(voices);
+    } catch (error) {
+        console.error('Azure Request failed', error);
+        return res.sendStatus(500);
+    }
+});
+
+router.post('/generate', jsonParser, async (req, res) => {
+    try {
+        const key = readSecret(req.user.directories, SECRET_KEYS.AZURE_TTS);
+
+        if (!key) {
+            console.error('Azure TTS API Key not set');
+            return res.sendStatus(403);
+        }
+
+        const { text, voice, region } = req.body;
+        if (!text || !voice || !region) {
+            console.error('Missing required parameters');
+            return res.sendStatus(400);
+        }
+
+        const url = `https://${region}.tts.speech.microsoft.com/cognitiveservices/v1`;
+        const lang = String(voice).split('-').slice(0, 2).join('-');
+        const escapedText = String(text).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+        const ssml = `<speak version='1.0' xmlns='http://www.w3.org/2001/10/synthesis' xml:lang='${lang}'><voice xml:lang='${lang}' name='${voice}'>${escapedText}</voice></speak>`;
+
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Ocp-Apim-Subscription-Key': key,
+                'Content-Type': 'application/ssml+xml',
+                'X-Microsoft-OutputFormat': 'ogg-48khz-16bit-mono-opus',
+            },
+            body: ssml,
+        });
+
+        if (!response.ok) {
+            console.error('Azure Request failed', response.status, response.statusText);
+            return res.sendStatus(500);
+        }
+
+        const audio = await response.buffer();
+        res.set('Content-Type', 'audio/ogg');
+        return res.send(audio);
+    } catch (error) {
+        console.error('Azure Request failed', error);
+        return res.sendStatus(500);
+    }
+});
+
+module.exports = {
+    router,
+};

src/endpoints/backends/chat-completions.js

@@ -0,0 +1,1106 @@
+const express = require('express');
+const fetch = require('node-fetch').default;
+const Readable = require('stream').Readable;
+
+const { jsonParser } = require('../../express-common');
+const { CHAT_COMPLETION_SOURCES, GEMINI_SAFETY, BISON_SAFETY, OPENROUTER_HEADERS } = require('../../constants');
+const { forwardFetchResponse, getConfigValue, tryParse, uuidv4, mergeObjectWithYaml, excludeKeysByYaml, color } = require('../../util');
+const { convertClaudeMessages, convertGooglePrompt, convertTextCompletionPrompt, convertCohereMessages, convertMistralMessages, convertCohereTools } = require('../../prompt-converters');
+
+const { readSecret, SECRET_KEYS } = require('../secrets');
+const { getTokenizerModel, getSentencepiceTokenizer, getTiktokenTokenizer, sentencepieceTokenizers, TEXT_COMPLETION_MODELS } = require('../tokenizers');
+
+const API_OPENAI = 'https://api.openai.com/v1';
+const API_CLAUDE = 'https://api.anthropic.com/v1';
+const API_MISTRAL = 'https://api.mistral.ai/v1';
+const API_COHERE = 'https://api.cohere.ai/v1';
+const API_PERPLEXITY = 'https://api.perplexity.ai';
+const API_GROQ = 'https://api.groq.com/openai/v1';
+const API_MAKERSUITE = 'https://generativelanguage.googleapis.com';
+const API_01AI = 'https://api.01.ai/v1';
+const API_BLOCKENTROPY = 'https://api.blockentropy.ai/v1';
+
+/**
+ * Applies a post-processing step to the generated messages.
+ * @param {object[]} messages Messages to post-process
+ * @param {string} type Prompt conversion type
+ * @param {string} charName Character name
+ * @param {string} userName User name
+ * @returns
+ */
+function postProcessPrompt(messages, type, charName, userName) {
+    switch (type) {
+        case 'claude':
+            return convertClaudeMessages(messages, '', false, '', charName, userName).messages;
+        default:
+            return messages;
+    }
+}
+
+/**
+ * Ollama strikes back. Special boy #2's steaming routine.
+ * Wrap this abomination into proper SSE stream, again.
+ * @param {import('node-fetch').Response} jsonStream JSON stream
+ * @param {import('express').Request} request Express request
+ * @param {import('express').Response} response Express response
+ * @returns {Promise<any>} Nothing valuable
+ */
+async function parseCohereStream(jsonStream, request, response) {
+    try {
+        let partialData = '';
+        jsonStream.body.on('data', (data) => {
+            const chunk = data.toString();
+            partialData += chunk;
+            while (true) {
+                let json;
+                try {
+                    json = JSON.parse(partialData);
+                } catch (e) {
+                    break;
+                }
+                if (json.message) {
+                    const message = json.message || 'Unknown error';
+                    const chunk = { error: { message: message } };
+                    response.write(`data: ${JSON.stringify(chunk)}\n\n`);
+                    partialData = '';
+                    break;
+                } else if (json.event_type === 'text-generation') {
+                    const text = json.text || '';
+                    const chunk = { choices: [{ text }] };
+                    response.write(`data: ${JSON.stringify(chunk)}\n\n`);
+                    partialData = '';
+                } else {
+                    partialData = '';
+                    break;
+                }
+            }
+        });
+
+        request.socket.on('close', function () {
+            if (jsonStream.body instanceof Readable) jsonStream.body.destroy();
+            response.end();
+        });
+
+        jsonStream.body.on('end', () => {
+            console.log('Streaming request finished');
+            response.write('data: [DONE]\n\n');
+            response.end();
+        });
+    } catch (error) {
+        console.log('Error forwarding streaming response:', error);
+        if (!response.headersSent) {
+            return response.status(500).send({ error: true });
+        } else {
+            return response.end();
+        }
+    }
+}
+
+/**
+ * Sends a request to Claude API.
+ * @param {express.Request} request Express request
+ * @param {express.Response} response Express response
+ */
+async function sendClaudeRequest(request, response) {
+    const apiUrl = new URL(request.body.reverse_proxy || API_CLAUDE).toString();
+    const apiKey = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.CLAUDE);
+    const divider = '-'.repeat(process.stdout.columns);
+    const enableSystemPromptCache = getConfigValue('claude.enableSystemPromptCache', false);
+
+    if (!apiKey) {
+        console.log(color.red(`Claude API key is missing.\n${divider}`));
+        return response.status(400).send({ error: true });
+    }
+
+    try {
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            controller.abort();
+        });
+        const additionalHeaders = {};
+        const useSystemPrompt = (request.body.model.startsWith('claude-2') || request.body.model.startsWith('claude-3')) && request.body.claude_use_sysprompt;
+        const convertedPrompt = convertClaudeMessages(request.body.messages, request.body.assistant_prefill, useSystemPrompt, request.body.human_sysprompt_message, request.body.char_name, request.body.user_name);
+        // Add custom stop sequences
+        const stopSequences = [];
+        if (Array.isArray(request.body.stop)) {
+            stopSequences.push(...request.body.stop);
+        }
+
+        const requestBody = {
+            messages: convertedPrompt.messages,
+            model: request.body.model,
+            max_tokens: request.body.max_tokens,
+            stop_sequences: stopSequences,
+            temperature: request.body.temperature,
+            top_p: request.body.top_p,
+            top_k: request.body.top_k,
+            stream: request.body.stream,
+        };
+        if (useSystemPrompt) {
+            requestBody.system = enableSystemPromptCache
+                ? [{ type: 'text', text: convertedPrompt.systemPrompt, cache_control: { type: 'ephemeral' } }]
+                : convertedPrompt.systemPrompt;
+        }
+        if (Array.isArray(request.body.tools) && request.body.tools.length > 0) {
+            // Claude doesn't do prefills on function calls, and doesn't allow empty messages
+            if (convertedPrompt.messages.length && convertedPrompt.messages[convertedPrompt.messages.length - 1].role === 'assistant') {
+                convertedPrompt.messages.push({ role: 'user', content: '.' });
+            }
+            additionalHeaders['anthropic-beta'] = 'tools-2024-05-16';
+            requestBody.tool_choice = { type: request.body.tool_choice === 'required' ? 'any' : 'auto' };
+            requestBody.tools = request.body.tools
+                .filter(tool => tool.type === 'function')
+                .map(tool => tool.function)
+                .map(fn => ({ name: fn.name, description: fn.description, input_schema: fn.parameters }));
+        }
+        if (enableSystemPromptCache) {
+            additionalHeaders['anthropic-beta'] = 'prompt-caching-2024-07-31';
+        }
+        console.log('Claude request:', requestBody);
+
+        const generateResponse = await fetch(apiUrl + '/messages', {
+            method: 'POST',
+            signal: controller.signal,
+            body: JSON.stringify(requestBody),
+            headers: {
+                'Content-Type': 'application/json',
+                'anthropic-version': '2023-06-01',
+                'x-api-key': apiKey,
+                ...additionalHeaders,
+            },
+            timeout: 0,
+        });
+
+        if (request.body.stream) {
+            // Pipe remote SSE stream to Express response
+            forwardFetchResponse(generateResponse, response);
+        } else {
+            if (!generateResponse.ok) {
+                console.log(color.red(`Claude API returned error: ${generateResponse.status} ${generateResponse.statusText}\n${await generateResponse.text()}\n${divider}`));
+                return response.status(generateResponse.status).send({ error: true });
+            }
+
+            const generateResponseJson = await generateResponse.json();
+            const responseText = generateResponseJson.content[0].text;
+            console.log('Claude response:', generateResponseJson);
+
+            // Wrap it back to OAI format + save the original content
+            const reply = { choices: [{ 'message': { 'content': responseText } }], content: generateResponseJson.content };
+            return response.send(reply);
+        }
+    } catch (error) {
+        console.log(color.red(`Error communicating with Claude: ${error}\n${divider}`));
+        if (!response.headersSent) {
+            return response.status(500).send({ error: true });
+        }
+    }
+}
+
+/**
+ * Sends a request to Scale Spellbook API.
+ * @param {import("express").Request} request Express request
+ * @param {import("express").Response} response Express response
+ */
+async function sendScaleRequest(request, response) {
+    const apiUrl = new URL(request.body.api_url_scale).toString();
+    const apiKey = readSecret(request.user.directories, SECRET_KEYS.SCALE);
+
+    if (!apiKey) {
+        console.log('Scale API key is missing.');
+        return response.status(400).send({ error: true });
+    }
+
+    const requestPrompt = convertTextCompletionPrompt(request.body.messages);
+    console.log('Scale request:', requestPrompt);
+
+    try {
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            controller.abort();
+        });
+
+        const generateResponse = await fetch(apiUrl, {
+            method: 'POST',
+            body: JSON.stringify({ input: { input: requestPrompt } }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Basic ${apiKey}`,
+            },
+            timeout: 0,
+        });
+
+        if (!generateResponse.ok) {
+            console.log(`Scale API returned error: ${generateResponse.status} ${generateResponse.statusText} ${await generateResponse.text()}`);
+            return response.status(generateResponse.status).send({ error: true });
+        }
+
+        const generateResponseJson = await generateResponse.json();
+        console.log('Scale response:', generateResponseJson);
+
+        const reply = { choices: [{ 'message': { 'content': generateResponseJson.output } }] };
+        return response.send(reply);
+    } catch (error) {
+        console.log(error);
+        if (!response.headersSent) {
+            return response.status(500).send({ error: true });
+        }
+    }
+}
+
+/**
+ * Sends a request to Google AI API.
+ * @param {express.Request} request Express request
+ * @param {express.Response} response Express response
+ */
+async function sendMakerSuiteRequest(request, response) {
+    const apiUrl = new URL(request.body.reverse_proxy || API_MAKERSUITE);
+    const apiKey = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.MAKERSUITE);
+
+    if (!request.body.reverse_proxy && !apiKey) {
+        console.log('Google AI Studio API key is missing.');
+        return response.status(400).send({ error: true });
+    }
+
+    const model = String(request.body.model);
+    const isGemini = model.includes('gemini');
+    const isText = model.includes('text');
+    const stream = Boolean(request.body.stream) && isGemini;
+
+    const generationConfig = {
+        stopSequences: request.body.stop,
+        candidateCount: 1,
+        maxOutputTokens: request.body.max_tokens,
+        temperature: request.body.temperature,
+        topP: request.body.top_p,
+        topK: request.body.top_k || undefined,
+    };
+
+    function getGeminiBody() {
+        const should_use_system_prompt = (model.includes('gemini-1.5-flash') || model.includes('gemini-1.5-pro')) && request.body.use_makersuite_sysprompt;
+        const prompt = convertGooglePrompt(request.body.messages, model, should_use_system_prompt, request.body.char_name, request.body.user_name);
+        let body = {
+            contents: prompt.contents,
+            safetySettings: GEMINI_SAFETY,
+            generationConfig: generationConfig,
+        };
+
+        if (should_use_system_prompt) {
+            body.system_instruction = prompt.system_instruction;
+        }
+
+        return body;
+    }
+
+    function getBisonBody() {
+        const prompt = isText
+            ? ({ text: convertTextCompletionPrompt(request.body.messages) })
+            : ({ messages: convertGooglePrompt(request.body.messages, model).contents });
+
+        /** @type {any} Shut the lint up */
+        const bisonBody = {
+            ...generationConfig,
+            safetySettings: BISON_SAFETY,
+            candidate_count: 1, // lewgacy spelling
+            prompt: prompt,
+        };
+
+        if (!isText) {
+            delete bisonBody.stopSequences;
+            delete bisonBody.maxOutputTokens;
+            delete bisonBody.safetySettings;
+
+            if (Array.isArray(prompt.messages)) {
+                for (const msg of prompt.messages) {
+                    msg.author = msg.role;
+                    msg.content = msg.parts[0].text;
+                    delete msg.parts;
+                    delete msg.role;
+                }
+            }
+        }
+
+        delete bisonBody.candidateCount;
+        return bisonBody;
+    }
+
+    const body = isGemini ? getGeminiBody() : getBisonBody();
+    console.log('Google AI Studio request:', body);
+
+    try {
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            controller.abort();
+        });
+
+        const apiVersion = isGemini ? 'v1beta' : 'v1beta2';
+        const responseType = isGemini
+            ? (stream ? 'streamGenerateContent' : 'generateContent')
+            : (isText ? 'generateText' : 'generateMessage');
+
+        const generateResponse = await fetch(`${apiUrl.origin}/${apiVersion}/models/${model}:${responseType}?key=${apiKey}${stream ? '&alt=sse' : ''}`, {
+            body: JSON.stringify(body),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            signal: controller.signal,
+            timeout: 0,
+        });
+        // have to do this because of their busted ass streaming endpoint
+        if (stream) {
+            try {
+                // Pipe remote SSE stream to Express response
+                forwardFetchResponse(generateResponse, response);
+            } catch (error) {
+                console.log('Error forwarding streaming response:', error);
+                if (!response.headersSent) {
+                    return response.status(500).send({ error: true });
+                }
+            }
+        } else {
+            if (!generateResponse.ok) {
+                console.log(`Google AI Studio API returned error: ${generateResponse.status} ${generateResponse.statusText} ${await generateResponse.text()}`);
+                return response.status(generateResponse.status).send({ error: true });
+            }
+
+            const generateResponseJson = await generateResponse.json();
+
+            const candidates = generateResponseJson?.candidates;
+            if (!candidates || candidates.length === 0) {
+                let message = 'Google AI Studio API returned no candidate';
+                console.log(message, generateResponseJson);
+                if (generateResponseJson?.promptFeedback?.blockReason) {
+                    message += `\nPrompt was blocked due to : ${generateResponseJson.promptFeedback.blockReason}`;
+                }
+                return response.send({ error: { message } });
+            }
+
+            const responseContent = candidates[0].content ?? candidates[0].output;
+            const responseText = typeof responseContent === 'string' ? responseContent : responseContent?.parts?.[0]?.text;
+            if (!responseText) {
+                let message = 'Google AI Studio Candidate text empty';
+                console.log(message, generateResponseJson);
+                return response.send({ error: { message } });
+            }
+
+            console.log('Google AI Studio response:', responseText);
+
+            // Wrap it back to OAI format
+            const reply = { choices: [{ 'message': { 'content': responseText } }] };
+            return response.send(reply);
+        }
+    } catch (error) {
+        console.log('Error communicating with Google AI Studio API: ', error);
+        if (!response.headersSent) {
+            return response.status(500).send({ error: true });
+        }
+    }
+}
+
+/**
+ * Sends a request to AI21 API.
+ * @param {express.Request} request Express request
+ * @param {express.Response} response Express response
+ */
+async function sendAI21Request(request, response) {
+    if (!request.body) return response.sendStatus(400);
+    const controller = new AbortController();
+    console.log(request.body.messages);
+    request.socket.removeAllListeners('close');
+    request.socket.on('close', function () {
+        controller.abort();
+    });
+    const options = {
+        method: 'POST',
+        headers: {
+            accept: 'application/json',
+            'content-type': 'application/json',
+            Authorization: `Bearer ${readSecret(request.user.directories, SECRET_KEYS.AI21)}`,
+        },
+        body: JSON.stringify({
+            numResults: 1,
+            maxTokens: request.body.max_tokens,
+            minTokens: 0,
+            temperature: request.body.temperature,
+            topP: request.body.top_p,
+            stopSequences: request.body.stop_tokens,
+            topKReturn: request.body.top_k,
+            frequencyPenalty: {
+                scale: request.body.frequency_penalty * 100,
+                applyToWhitespaces: false,
+                applyToPunctuations: false,
+                applyToNumbers: false,
+                applyToStopwords: false,
+                applyToEmojis: false,
+            },
+            presencePenalty: {
+                scale: request.body.presence_penalty,
+                applyToWhitespaces: false,
+                applyToPunctuations: false,
+                applyToNumbers: false,
+                applyToStopwords: false,
+                applyToEmojis: false,
+            },
+            countPenalty: {
+                scale: request.body.count_pen,
+                applyToWhitespaces: false,
+                applyToPunctuations: false,
+                applyToNumbers: false,
+                applyToStopwords: false,
+                applyToEmojis: false,
+            },
+            prompt: request.body.messages,
+        }),
+        signal: controller.signal,
+    };
+
+    fetch(`https://api.ai21.com/studio/v1/${request.body.model}/complete`, options)
+        .then(r => r.json())
+        .then(r => {
+            if (r.completions === undefined) {
+                console.log(r);
+            } else {
+                console.log(r.completions[0].data.text);
+            }
+            const reply = { choices: [{ 'message': { 'content': r.completions?.[0]?.data?.text } }] };
+            return response.send(reply);
+        })
+        .catch(err => {
+            console.error(err);
+            return response.send({ error: true });
+        });
+
+}
+
+/**
+ * Sends a request to MistralAI API.
+ * @param {express.Request} request Express request
+ * @param {express.Response} response Express response
+ */
+async function sendMistralAIRequest(request, response) {
+    const apiUrl = new URL(request.body.reverse_proxy || API_MISTRAL).toString();
+    const apiKey = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.MISTRALAI);
+
+    if (!apiKey) {
+        console.log('MistralAI API key is missing.');
+        return response.status(400).send({ error: true });
+    }
+
+    try {
+        const messages = convertMistralMessages(request.body.messages, request.body.char_name, request.body.user_name);
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            controller.abort();
+        });
+
+        const requestBody = {
+            'model': request.body.model,
+            'messages': messages,
+            'temperature': request.body.temperature,
+            'top_p': request.body.top_p,
+            'max_tokens': request.body.max_tokens,
+            'stream': request.body.stream,
+            'safe_prompt': request.body.safe_prompt,
+            'random_seed': request.body.seed === -1 ? undefined : request.body.seed,
+        };
+
+        if (Array.isArray(request.body.tools) && request.body.tools.length > 0) {
+            requestBody['tools'] = request.body.tools;
+            requestBody['tool_choice'] = request.body.tool_choice === 'required' ? 'any' : 'auto';
+        }
+
+        const config = {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Bearer ' + apiKey,
+            },
+            body: JSON.stringify(requestBody),
+            signal: controller.signal,
+            timeout: 0,
+        };
+
+        console.log('MisralAI request:', requestBody);
+
+        const generateResponse = await fetch(apiUrl + '/chat/completions', config);
+        if (request.body.stream) {
+            forwardFetchResponse(generateResponse, response);
+        } else {
+            if (!generateResponse.ok) {
+                console.log(`MistralAI API returned error: ${generateResponse.status} ${generateResponse.statusText} ${await generateResponse.text()}`);
+                // a 401 unauthorized response breaks the frontend auth, so return a 500 instead. prob a better way of dealing with this.
+                // 401s are already handled by the streaming processor and dont pop up an error toast, that should probably be fixed too.
+                return response.status(generateResponse.status === 401 ? 500 : generateResponse.status).send({ error: true });
+            }
+            const generateResponseJson = await generateResponse.json();
+            console.log('MistralAI response:', generateResponseJson);
+            return response.send(generateResponseJson);
+        }
+    } catch (error) {
+        console.log('Error communicating with MistralAI API: ', error);
+        if (!response.headersSent) {
+            response.send({ error: true });
+        } else {
+            response.end();
+        }
+    }
+}
+
+/**
+ * Sends a request to Cohere API.
+ * @param {express.Request} request Express request
+ * @param {express.Response} response Express response
+ */
+async function sendCohereRequest(request, response) {
+    const apiKey = readSecret(request.user.directories, SECRET_KEYS.COHERE);
+    const controller = new AbortController();
+    request.socket.removeAllListeners('close');
+    request.socket.on('close', function () {
+        controller.abort();
+    });
+
+    if (!apiKey) {
+        console.log('Cohere API key is missing.');
+        return response.status(400).send({ error: true });
+    }
+
+    try {
+        const convertedHistory = convertCohereMessages(request.body.messages, request.body.char_name, request.body.user_name);
+        const connectors = [];
+        const tools = [];
+
+        if (request.body.websearch) {
+            connectors.push({
+                id: 'web-search',
+            });
+        }
+
+        if (Array.isArray(request.body.tools) && request.body.tools.length > 0) {
+            tools.push(...convertCohereTools(request.body.tools));
+            // Can't have both connectors and tools in the same request
+            connectors.splice(0, connectors.length);
+        }
+
+        // https://docs.cohere.com/reference/chat
+        const requestBody = {
+            stream: Boolean(request.body.stream),
+            model: request.body.model,
+            message: convertedHistory.userPrompt,
+            preamble: convertedHistory.systemPrompt,
+            chat_history: convertedHistory.chatHistory,
+            temperature: request.body.temperature,
+            max_tokens: request.body.max_tokens,
+            k: request.body.top_k,
+            p: request.body.top_p,
+            seed: request.body.seed,
+            stop_sequences: request.body.stop,
+            frequency_penalty: request.body.frequency_penalty,
+            presence_penalty: request.body.presence_penalty,
+            prompt_truncation: 'AUTO_PRESERVE_ORDER',
+            connectors: connectors,
+            documents: [],
+            tools: tools,
+            search_queries_only: false,
+        };
+
+        console.log('Cohere request:', requestBody);
+
+        const config = {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Bearer ' + apiKey,
+            },
+            body: JSON.stringify(requestBody),
+            signal: controller.signal,
+            timeout: 0,
+        };
+
+        const apiUrl = API_COHERE + '/chat';
+
+        if (request.body.stream) {
+            const stream = await fetch(apiUrl, config);
+            parseCohereStream(stream, request, response);
+        } else {
+            const generateResponse = await fetch(apiUrl, config);
+            if (!generateResponse.ok) {
+                console.log(`Cohere API returned error: ${generateResponse.status} ${generateResponse.statusText} ${await generateResponse.text()}`);
+                // a 401 unauthorized response breaks the frontend auth, so return a 500 instead. prob a better way of dealing with this.
+                // 401s are already handled by the streaming processor and dont pop up an error toast, that should probably be fixed too.
+                return response.status(generateResponse.status === 401 ? 500 : generateResponse.status).send({ error: true });
+            }
+            const generateResponseJson = await generateResponse.json();
+            console.log('Cohere response:', generateResponseJson);
+            return response.send(generateResponseJson);
+        }
+    } catch (error) {
+        console.log('Error communicating with Cohere API: ', error);
+        if (!response.headersSent) {
+            response.send({ error: true });
+        } else {
+            response.end();
+        }
+    }
+}
+
+const router = express.Router();
+
+router.post('/status', jsonParser, async function (request, response_getstatus_openai) {
+    if (!request.body) return response_getstatus_openai.sendStatus(400);
+
+    let api_url;
+    let api_key_openai;
+    let headers;
+
+    if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.OPENAI) {
+        api_url = new URL(request.body.reverse_proxy || API_OPENAI).toString();
+        api_key_openai = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+        headers = {};
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.OPENROUTER) {
+        api_url = 'https://openrouter.ai/api/v1';
+        api_key_openai = readSecret(request.user.directories, SECRET_KEYS.OPENROUTER);
+        // OpenRouter needs to pass the Referer and X-Title: https://openrouter.ai/docs#requests
+        headers = { ...OPENROUTER_HEADERS };
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.MISTRALAI) {
+        api_url = new URL(request.body.reverse_proxy || API_MISTRAL).toString();
+        api_key_openai = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.MISTRALAI);
+        headers = {};
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.CUSTOM) {
+        api_url = request.body.custom_url;
+        api_key_openai = readSecret(request.user.directories, SECRET_KEYS.CUSTOM);
+        headers = {};
+        mergeObjectWithYaml(headers, request.body.custom_include_headers);
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.COHERE) {
+        api_url = API_COHERE;
+        api_key_openai = readSecret(request.user.directories, SECRET_KEYS.COHERE);
+        headers = {};
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.ZEROONEAI) {
+        api_url = API_01AI;
+        api_key_openai = readSecret(request.user.directories, SECRET_KEYS.ZEROONEAI);
+        headers = {};
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.BLOCKENTROPY) {
+        api_url = API_BLOCKENTROPY;
+        api_key_openai = readSecret(request.user.directories, SECRET_KEYS.BLOCKENTROPY);
+        headers = {};
+    } else {
+        console.log('This chat completion source is not supported yet.');
+        return response_getstatus_openai.status(400).send({ error: true });
+    }
+
+    if (!api_key_openai && !request.body.reverse_proxy && request.body.chat_completion_source !== CHAT_COMPLETION_SOURCES.CUSTOM) {
+        console.log('OpenAI API key is missing.');
+        return response_getstatus_openai.status(400).send({ error: true });
+    }
+
+    try {
+        const response = await fetch(api_url + '/models', {
+            method: 'GET',
+            headers: {
+                'Authorization': 'Bearer ' + api_key_openai,
+                ...headers,
+            },
+        });
+
+        if (response.ok) {
+            const data = await response.json();
+            response_getstatus_openai.send(data);
+
+            if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.COHERE && Array.isArray(data?.models)) {
+                data.data = data.models.map(model => ({ id: model.name, ...model }));
+            }
+
+            if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.OPENROUTER && Array.isArray(data?.data)) {
+                let models = [];
+
+                data.data.forEach(model => {
+                    const context_length = model.context_length;
+                    const tokens_dollar = Number(1 / (1000 * model.pricing?.prompt));
+                    const tokens_rounded = (Math.round(tokens_dollar * 1000) / 1000).toFixed(0);
+                    models[model.id] = {
+                        tokens_per_dollar: tokens_rounded + 'k',
+                        context_length: context_length,
+                    };
+                });
+
+                console.log('Available OpenRouter models:', models);
+            } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.MISTRALAI) {
+                const models = data?.data;
+                console.log(models);
+            } else {
+                const models = data?.data;
+
+                if (Array.isArray(models)) {
+                    const modelIds = models.filter(x => x && typeof x === 'object').map(x => x.id).sort();
+                    console.log('Available OpenAI models:', modelIds);
+                } else {
+                    console.log('OpenAI endpoint did not return a list of models.');
+                }
+            }
+        }
+        else {
+            console.log('OpenAI status check failed. Either Access Token is incorrect or API endpoint is down.');
+            response_getstatus_openai.send({ error: true, can_bypass: true, data: { data: [] } });
+        }
+    } catch (e) {
+        console.error(e);
+
+        if (!response_getstatus_openai.headersSent) {
+            response_getstatus_openai.send({ error: true });
+        } else {
+            response_getstatus_openai.end();
+        }
+    }
+});
+
+router.post('/bias', jsonParser, async function (request, response) {
+    if (!request.body || !Array.isArray(request.body))
+        return response.sendStatus(400);
+
+    try {
+        const result = {};
+        const model = getTokenizerModel(String(request.query.model || ''));
+
+        // no bias for claude
+        if (model == 'claude') {
+            return response.send(result);
+        }
+
+        let encodeFunction;
+
+        if (sentencepieceTokenizers.includes(model)) {
+            const tokenizer = getSentencepiceTokenizer(model);
+            const instance = await tokenizer?.get();
+            if (!instance) {
+                console.warn('Tokenizer not initialized:', model);
+                return response.send({});
+            }
+            encodeFunction = (text) => new Uint32Array(instance.encodeIds(text));
+        } else {
+            const tokenizer = getTiktokenTokenizer(model);
+            encodeFunction = (tokenizer.encode.bind(tokenizer));
+        }
+
+        for (const entry of request.body) {
+            if (!entry || !entry.text) {
+                continue;
+            }
+
+            try {
+                const tokens = getEntryTokens(entry.text, encodeFunction);
+
+                for (const token of tokens) {
+                    result[token] = entry.value;
+                }
+            } catch {
+                console.warn('Tokenizer failed to encode:', entry.text);
+            }
+        }
+
+        // not needed for cached tokenizers
+        //tokenizer.free();
+        return response.send(result);
+
+        /**
+         * Gets tokenids for a given entry
+         * @param {string} text Entry text
+         * @param {(string) => Uint32Array} encode Function to encode text to token ids
+         * @returns {Uint32Array} Array of token ids
+         */
+        function getEntryTokens(text, encode) {
+            // Get raw token ids from JSON array
+            if (text.trim().startsWith('[') && text.trim().endsWith(']')) {
+                try {
+                    const json = JSON.parse(text);
+                    if (Array.isArray(json) && json.every(x => typeof x === 'number')) {
+                        return new Uint32Array(json);
+                    }
+                } catch {
+                    // ignore
+                }
+            }
+
+            // Otherwise, get token ids from tokenizer
+            return encode(text);
+        }
+    } catch (error) {
+        console.error(error);
+        return response.send({});
+    }
+});
+
+
+router.post('/generate', jsonParser, function (request, response) {
+    if (!request.body) return response.status(400).send({ error: true });
+
+    switch (request.body.chat_completion_source) {
+        case CHAT_COMPLETION_SOURCES.CLAUDE: return sendClaudeRequest(request, response);
+        case CHAT_COMPLETION_SOURCES.SCALE: return sendScaleRequest(request, response);
+        case CHAT_COMPLETION_SOURCES.AI21: return sendAI21Request(request, response);
+        case CHAT_COMPLETION_SOURCES.MAKERSUITE: return sendMakerSuiteRequest(request, response);
+        case CHAT_COMPLETION_SOURCES.MISTRALAI: return sendMistralAIRequest(request, response);
+        case CHAT_COMPLETION_SOURCES.COHERE: return sendCohereRequest(request, response);
+    }
+
+    let apiUrl;
+    let apiKey;
+    let headers;
+    let bodyParams;
+    const isTextCompletion = Boolean(request.body.model && TEXT_COMPLETION_MODELS.includes(request.body.model)) || typeof request.body.messages === 'string';
+
+    if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.OPENAI) {
+        apiUrl = new URL(request.body.reverse_proxy || API_OPENAI).toString();
+        apiKey = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+        headers = {};
+        bodyParams = {
+            logprobs: request.body.logprobs,
+            top_logprobs: undefined,
+        };
+
+        // Adjust logprobs params for Chat Completions API, which expects { top_logprobs: number; logprobs: boolean; }
+        if (!isTextCompletion && bodyParams.logprobs > 0) {
+            bodyParams.top_logprobs = bodyParams.logprobs;
+            bodyParams.logprobs = true;
+        }
+
+        if (getConfigValue('openai.randomizeUserId', false)) {
+            bodyParams['user'] = uuidv4();
+        }
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.OPENROUTER) {
+        apiUrl = 'https://openrouter.ai/api/v1';
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.OPENROUTER);
+        // OpenRouter needs to pass the Referer and X-Title: https://openrouter.ai/docs#requests
+        headers = { ...OPENROUTER_HEADERS };
+        bodyParams = { 'transforms': ['middle-out'] };
+
+        if (request.body.min_p !== undefined) {
+            bodyParams['min_p'] = request.body.min_p;
+        }
+
+        if (request.body.top_a !== undefined) {
+            bodyParams['top_a'] = request.body.top_a;
+        }
+
+        if (request.body.repetition_penalty !== undefined) {
+            bodyParams['repetition_penalty'] = request.body.repetition_penalty;
+        }
+
+        if (Array.isArray(request.body.provider) && request.body.provider.length > 0) {
+            bodyParams['provider'] = {
+                allow_fallbacks: request.body.allow_fallbacks ?? true,
+                order: request.body.provider ?? [],
+            };
+        }
+
+        if (request.body.use_fallback) {
+            bodyParams['route'] = 'fallback';
+        }
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.CUSTOM) {
+        apiUrl = request.body.custom_url;
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.CUSTOM);
+        headers = {};
+        bodyParams = {
+            logprobs: request.body.logprobs,
+            top_logprobs: undefined,
+        };
+
+        // Adjust logprobs params for Chat Completions API, which expects { top_logprobs: number; logprobs: boolean; }
+        if (!isTextCompletion && bodyParams.logprobs > 0) {
+            bodyParams.top_logprobs = bodyParams.logprobs;
+            bodyParams.logprobs = true;
+        }
+
+        mergeObjectWithYaml(bodyParams, request.body.custom_include_body);
+        mergeObjectWithYaml(headers, request.body.custom_include_headers);
+
+        if (request.body.custom_prompt_post_processing) {
+            console.log('Applying custom prompt post-processing of type', request.body.custom_prompt_post_processing);
+            request.body.messages = postProcessPrompt(
+                request.body.messages,
+                request.body.custom_prompt_post_processing,
+                request.body.char_name,
+                request.body.user_name);
+        }
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.PERPLEXITY) {
+        apiUrl = API_PERPLEXITY;
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.PERPLEXITY);
+        headers = {};
+        bodyParams = {};
+        request.body.messages = postProcessPrompt(request.body.messages, 'claude', request.body.char_name, request.body.user_name);
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.GROQ) {
+        apiUrl = API_GROQ;
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.GROQ);
+        headers = {};
+        bodyParams = {};
+
+        // 'required' tool choice is not supported by Groq
+        if (request.body.tool_choice === 'required') {
+            if (Array.isArray(request.body.tools) && request.body.tools.length > 0) {
+                request.body.tool_choice = request.body.tools.length > 1
+                    ? 'auto' :
+                    { type: 'function', function: { name: request.body.tools[0]?.function?.name } };
+
+            } else {
+                request.body.tool_choice = 'none';
+            }
+        }
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.ZEROONEAI) {
+        apiUrl = API_01AI;
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.ZEROONEAI);
+        headers = {};
+        bodyParams = {};
+    } else if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.BLOCKENTROPY) {
+        apiUrl = API_BLOCKENTROPY;
+        apiKey = readSecret(request.user.directories, SECRET_KEYS.BLOCKENTROPY);
+        headers = {};
+        bodyParams = {};
+    } else {
+        console.log('This chat completion source is not supported yet.');
+        return response.status(400).send({ error: true });
+    }
+
+    if (!apiKey && !request.body.reverse_proxy && request.body.chat_completion_source !== CHAT_COMPLETION_SOURCES.CUSTOM) {
+        console.log('OpenAI API key is missing.');
+        return response.status(400).send({ error: true });
+    }
+
+    // Add custom stop sequences
+    if (Array.isArray(request.body.stop) && request.body.stop.length > 0) {
+        bodyParams['stop'] = request.body.stop;
+    }
+
+    const textPrompt = isTextCompletion ? convertTextCompletionPrompt(request.body.messages) : '';
+    const endpointUrl = isTextCompletion && request.body.chat_completion_source !== CHAT_COMPLETION_SOURCES.OPENROUTER ?
+        `${apiUrl}/completions` :
+        `${apiUrl}/chat/completions`;
+
+    const controller = new AbortController();
+    request.socket.removeAllListeners('close');
+    request.socket.on('close', function () {
+        controller.abort();
+    });
+
+    if (!isTextCompletion) {
+        bodyParams['tools'] = request.body.tools;
+        bodyParams['tool_choice'] = request.body.tool_choice;
+    }
+
+    const requestBody = {
+        'messages': isTextCompletion === false ? request.body.messages : undefined,
+        'prompt': isTextCompletion === true ? textPrompt : undefined,
+        'model': request.body.model,
+        'temperature': request.body.temperature,
+        'max_tokens': request.body.max_tokens,
+        'stream': request.body.stream,
+        'presence_penalty': request.body.presence_penalty,
+        'frequency_penalty': request.body.frequency_penalty,
+        'top_p': request.body.top_p,
+        'top_k': request.body.top_k,
+        'stop': isTextCompletion === false ? request.body.stop : undefined,
+        'logit_bias': request.body.logit_bias,
+        'seed': request.body.seed,
+        'n': request.body.n,
+        ...bodyParams,
+    };
+
+    if (request.body.chat_completion_source === CHAT_COMPLETION_SOURCES.CUSTOM) {
+        excludeKeysByYaml(requestBody, request.body.custom_exclude_body);
+    }
+
+    /** @type {import('node-fetch').RequestInit} */
+    const config = {
+        method: 'post',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': 'Bearer ' + apiKey,
+            ...headers,
+        },
+        body: JSON.stringify(requestBody),
+        signal: controller.signal,
+        timeout: 0,
+    };
+
+    console.log(requestBody);
+
+    makeRequest(config, response, request);
+
+    /**
+     * Makes a fetch request to the OpenAI API endpoint.
+     * @param {import('node-fetch').RequestInit} config Fetch config
+     * @param {express.Response} response Express response
+     * @param {express.Request} request Express request
+     * @param {Number} retries Number of retries left
+     * @param {Number} timeout Request timeout in ms
+     */
+    async function makeRequest(config, response, request, retries = 5, timeout = 5000) {
+        try {
+            const fetchResponse = await fetch(endpointUrl, config);
+
+            if (request.body.stream) {
+                console.log('Streaming request in progress');
+                forwardFetchResponse(fetchResponse, response);
+                return;
+            }
+
+            if (fetchResponse.ok) {
+                let json = await fetchResponse.json();
+                response.send(json);
+                console.log(json);
+                console.log(json?.choices?.[0]?.message);
+            } else if (fetchResponse.status === 429 && retries > 0) {
+                console.log(`Out of quota, retrying in ${Math.round(timeout / 1000)}s`);
+                setTimeout(() => {
+                    timeout *= 2;
+                    makeRequest(config, response, request, retries - 1, timeout);
+                }, timeout);
+            } else {
+                await handleErrorResponse(fetchResponse);
+            }
+        } catch (error) {
+            console.log('Generation failed', error);
+            if (!response.headersSent) {
+                response.send({ error: true });
+            } else {
+                response.end();
+            }
+        }
+    }
+
+    /**
+     * @param {import("node-fetch").Response} errorResponse
+     */
+    async function handleErrorResponse(errorResponse) {
+        const responseText = await errorResponse.text();
+        const errorData = tryParse(responseText);
+
+        const statusMessages = {
+            400: 'Bad request',
+            401: 'Unauthorized',
+            402: 'Credit limit reached',
+            403: 'Forbidden',
+            404: 'Not found',
+            429: 'Too many requests',
+            451: 'Unavailable for legal reasons',
+            502: 'Bad gateway',
+        };
+
+        const message = errorData?.error?.message || statusMessages[errorResponse.status] || 'Unknown error occurred';
+        const quota_error = errorResponse.status === 429 && errorData?.error?.type === 'insufficient_quota';
+        console.log(message);
+
+        if (!response.headersSent) {
+            response.send({ error: { message }, quota_error: quota_error });
+        } else if (!response.writableEnded) {
+            response.write(errorResponse);
+        } else {
+            response.end();
+        }
+    }
+});
+
+module.exports = {
+    router,
+};

src/endpoints/backends/kobold.js

@@ -0,0 +1,241 @@
+const express = require('express');
+const fetch = require('node-fetch').default;
+const fs = require('fs');
+
+const { jsonParser, urlencodedParser } = require('../../express-common');
+const { forwardFetchResponse, delay } = require('../../util');
+const { getOverrideHeaders, setAdditionalHeaders, setAdditionalHeadersByType } = require('../../additional-headers');
+const { TEXTGEN_TYPES } = require('../../constants');
+
+const router = express.Router();
+
+router.post('/generate', jsonParser, async function (request, response_generate) {
+    if (!request.body) return response_generate.sendStatus(400);
+
+    if (request.body.api_server.indexOf('localhost') != -1) {
+        request.body.api_server = request.body.api_server.replace('localhost', '127.0.0.1');
+    }
+
+    const request_prompt = request.body.prompt;
+    const controller = new AbortController();
+    request.socket.removeAllListeners('close');
+    request.socket.on('close', async function () {
+        if (request.body.can_abort && !response_generate.writableEnded) {
+            try {
+                console.log('Aborting Kobold generation...');
+                // send abort signal to koboldcpp
+                const abortResponse = await fetch(`${request.body.api_server}/extra/abort`, {
+                    method: 'POST',
+                });
+
+                if (!abortResponse.ok) {
+                    console.log('Error sending abort request to Kobold:', abortResponse.status);
+                }
+            } catch (error) {
+                console.log(error);
+            }
+        }
+        controller.abort();
+    });
+
+    let this_settings = {
+        prompt: request_prompt,
+        use_story: false,
+        use_memory: false,
+        use_authors_note: false,
+        use_world_info: false,
+        max_context_length: request.body.max_context_length,
+        max_length: request.body.max_length,
+    };
+
+    if (!request.body.gui_settings) {
+        this_settings = {
+            prompt: request_prompt,
+            use_story: false,
+            use_memory: false,
+            use_authors_note: false,
+            use_world_info: false,
+            max_context_length: request.body.max_context_length,
+            max_length: request.body.max_length,
+            rep_pen: request.body.rep_pen,
+            rep_pen_range: request.body.rep_pen_range,
+            rep_pen_slope: request.body.rep_pen_slope,
+            temperature: request.body.temperature,
+            tfs: request.body.tfs,
+            top_a: request.body.top_a,
+            top_k: request.body.top_k,
+            top_p: request.body.top_p,
+            min_p: request.body.min_p,
+            typical: request.body.typical,
+            sampler_order: request.body.sampler_order,
+            singleline: !!request.body.singleline,
+            use_default_badwordsids: request.body.use_default_badwordsids,
+            mirostat: request.body.mirostat,
+            mirostat_eta: request.body.mirostat_eta,
+            mirostat_tau: request.body.mirostat_tau,
+            grammar: request.body.grammar,
+            sampler_seed: request.body.sampler_seed,
+        };
+        if (request.body.stop_sequence) {
+            this_settings['stop_sequence'] = request.body.stop_sequence;
+        }
+    }
+
+    console.log(this_settings);
+    const args = {
+        body: JSON.stringify(this_settings),
+        headers: Object.assign(
+            { 'Content-Type': 'application/json' },
+            getOverrideHeaders((new URL(request.body.api_server))?.host),
+        ),
+        signal: controller.signal,
+    };
+
+    const MAX_RETRIES = 50;
+    const delayAmount = 2500;
+    for (let i = 0; i < MAX_RETRIES; i++) {
+        try {
+            const url = request.body.streaming ? `${request.body.api_server}/extra/generate/stream` : `${request.body.api_server}/v1/generate`;
+            const response = await fetch(url, { method: 'POST', timeout: 0, ...args });
+
+            if (request.body.streaming) {
+                // Pipe remote SSE stream to Express response
+                forwardFetchResponse(response, response_generate);
+                return;
+            } else {
+                if (!response.ok) {
+                    const errorText = await response.text();
+                    console.log(`Kobold returned error: ${response.status} ${response.statusText} ${errorText}`);
+
+                    try {
+                        const errorJson = JSON.parse(errorText);
+                        const message = errorJson?.detail?.msg || errorText;
+                        return response_generate.status(400).send({ error: { message } });
+                    } catch {
+                        return response_generate.status(400).send({ error: { message: errorText } });
+                    }
+                }
+
+                const data = await response.json();
+                console.log('Endpoint response:', data);
+                return response_generate.send(data);
+            }
+        } catch (error) {
+            // response
+            switch (error?.status) {
+                case 403:
+                case 503: // retry in case of temporary service issue, possibly caused by a queue failure?
+                    console.debug(`KoboldAI is busy. Retry attempt ${i + 1} of ${MAX_RETRIES}...`);
+                    await delay(delayAmount);
+                    break;
+                default:
+                    if ('status' in error) {
+                        console.log('Status Code from Kobold:', error.status);
+                    }
+                    return response_generate.send({ error: true });
+            }
+        }
+    }
+
+    console.log('Max retries exceeded. Giving up.');
+    return response_generate.send({ error: true });
+});
+
+router.post('/status', jsonParser, async function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+    let api_server = request.body.api_server;
+    if (api_server.indexOf('localhost') != -1) {
+        api_server = api_server.replace('localhost', '127.0.0.1');
+    }
+
+    const args = {
+        headers: { 'Content-Type': 'application/json' },
+    };
+
+    setAdditionalHeaders(request, args, api_server);
+
+    const result = {};
+
+    const [koboldUnitedResponse, koboldExtraResponse, koboldModelResponse] = await Promise.all([
+        // We catch errors both from the response not having a successful HTTP status and from JSON parsing failing
+
+        // Kobold United API version
+        fetch(`${api_server}/v1/info/version`).then(response => {
+            if (!response.ok) throw new Error(`Kobold API error: ${response.status, response.statusText}`);
+            return response.json();
+        }).catch(() => ({ result: '0.0.0' })),
+
+        // KoboldCpp version
+        fetch(`${api_server}/extra/version`).then(response => {
+            if (!response.ok) throw new Error(`Kobold API error: ${response.status, response.statusText}`);
+            return response.json();
+        }).catch(() => ({ version: '0.0' })),
+
+        // Current model
+        fetch(`${api_server}/v1/model`).then(response => {
+            if (!response.ok) throw new Error(`Kobold API error: ${response.status, response.statusText}`);
+            return response.json();
+        }).catch(() => null),
+    ]);
+
+    result.koboldUnitedVersion = koboldUnitedResponse.result;
+    result.koboldCppVersion = koboldExtraResponse.result;
+    result.model = !koboldModelResponse || koboldModelResponse.result === 'ReadOnly' ?
+        'no_connection' :
+        koboldModelResponse.result;
+
+    response.send(result);
+});
+
+router.post('/transcribe-audio', urlencodedParser, async function (request, response) {
+    try {
+        const server = request.body.server;
+
+        if (!server) {
+            console.log('Server is not set');
+            return response.sendStatus(400);
+        }
+
+        if (!request.file) {
+            console.log('No audio file found');
+            return response.sendStatus(400);
+        }
+
+        console.log('Transcribing audio with KoboldCpp', server);
+
+        const fileBase64 = fs.readFileSync(request.file.path).toString('base64');
+        fs.rmSync(request.file.path);
+
+        const headers = {};
+        setAdditionalHeadersByType(headers, TEXTGEN_TYPES.KOBOLDCPP, server, request.user.directories);
+
+        const url = new URL(server);
+        url.pathname = '/api/extra/transcribe';
+
+        const result = await fetch(url, {
+            method: 'POST',
+            headers: {
+                ...headers,
+            },
+            body: JSON.stringify({
+                prompt: '',
+                audio_data: fileBase64,
+            }),
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('KoboldCpp request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const data = await result.json();
+        console.log('KoboldCpp transcription response', data);
+        return response.json(data);
+    } catch (error) {
+        console.error('KoboldCpp transcription failed', error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+module.exports = { router };

src/endpoints/backends/scale-alt.js

@@ -0,0 +1,101 @@
+const express = require('express');
+const fetch = require('node-fetch').default;
+
+const { jsonParser } = require('../../express-common');
+
+const { readSecret, SECRET_KEYS } = require('../secrets');
+
+const router = express.Router();
+
+router.post('/generate', jsonParser, async function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    try {
+        const cookie = readSecret(request.user.directories, SECRET_KEYS.SCALE_COOKIE);
+
+        if (!cookie) {
+            console.log('No Scale cookie found');
+            return response.sendStatus(400);
+        }
+
+        const body = {
+            json: {
+                variant: {
+                    name: 'New Variant',
+                    appId: '',
+                    taxonomy: null,
+                },
+                prompt: {
+                    id: '',
+                    template: '{{input}}\n',
+                    exampleVariables: {},
+                    variablesSourceDataId: null,
+                    systemMessage: request.body.sysprompt,
+                },
+                modelParameters: {
+                    id: '',
+                    modelId: 'GPT4',
+                    modelType: 'OpenAi',
+                    maxTokens: request.body.max_tokens,
+                    temperature: request.body.temp,
+                    stop: 'user:',
+                    suffix: null,
+                    topP: request.body.top_p,
+                    logprobs: null,
+                    logitBias: request.body.logit_bias,
+                },
+                inputs: [
+                    {
+                        index: '-1',
+                        valueByName: {
+                            input: request.body.prompt,
+                        },
+                    },
+                ],
+            },
+            meta: {
+                values: {
+                    'variant.taxonomy': ['undefined'],
+                    'prompt.variablesSourceDataId': ['undefined'],
+                    'modelParameters.suffix': ['undefined'],
+                    'modelParameters.logprobs': ['undefined'],
+                },
+            },
+        };
+
+        console.log('Scale request:', body);
+
+        const result = await fetch('https://dashboard.scale.com/spellbook/api/trpc/v2.variant.run', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': `_jwt=${cookie}`,
+            },
+            timeout: 0,
+            body: JSON.stringify(body),
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('Scale request failed', result.statusText, text);
+            return response.status(500).send({ error: { message: result.statusText } });
+        }
+
+        const data = await result.json();
+        const output = data?.result?.data?.json?.outputs?.[0] || '';
+
+        console.log('Scale response:', data);
+
+        if (!output) {
+            console.warn('Scale response is empty');
+            return response.sendStatus(500).send({ error: { message: 'Empty response' } });
+        }
+
+        return response.json({ output });
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/backends/text-completions.js

@@ -0,0 +1,641 @@
+const express = require('express');
+const fetch = require('node-fetch').default;
+const _ = require('lodash');
+const Readable = require('stream').Readable;
+
+const { jsonParser } = require('../../express-common');
+const { TEXTGEN_TYPES, TOGETHERAI_KEYS, OLLAMA_KEYS, INFERMATICAI_KEYS, OPENROUTER_KEYS, VLLM_KEYS, DREAMGEN_KEYS, FEATHERLESS_KEYS } = require('../../constants');
+const { forwardFetchResponse, trimV1, getConfigValue } = require('../../util');
+const { setAdditionalHeaders } = require('../../additional-headers');
+
+const router = express.Router();
+
+/**
+ * Special boy's steaming routine. Wrap this abomination into proper SSE stream.
+ * @param {import('node-fetch').Response} jsonStream JSON stream
+ * @param {import('express').Request} request Express request
+ * @param {import('express').Response} response Express response
+ * @returns {Promise<any>} Nothing valuable
+ */
+async function parseOllamaStream(jsonStream, request, response) {
+    try {
+        let partialData = '';
+        jsonStream.body.on('data', (data) => {
+            const chunk = data.toString();
+            partialData += chunk;
+            while (true) {
+                let json;
+                try {
+                    json = JSON.parse(partialData);
+                } catch (e) {
+                    break;
+                }
+                const text = json.response || '';
+                const chunk = { choices: [{ text }] };
+                response.write(`data: ${JSON.stringify(chunk)}\n\n`);
+                partialData = '';
+            }
+        });
+
+        request.socket.on('close', function () {
+            if (jsonStream.body instanceof Readable) jsonStream.body.destroy();
+            response.end();
+        });
+
+        jsonStream.body.on('end', () => {
+            console.log('Streaming request finished');
+            response.write('data: [DONE]\n\n');
+            response.end();
+        });
+    } catch (error) {
+        console.log('Error forwarding streaming response:', error);
+        if (!response.headersSent) {
+            return response.status(500).send({ error: true });
+        } else {
+            return response.end();
+        }
+    }
+}
+
+/**
+ * Abort KoboldCpp generation request.
+ * @param {string} url Server base URL
+ * @returns {Promise<void>} Promise resolving when we are done
+ */
+async function abortKoboldCppRequest(url) {
+    try {
+        console.log('Aborting Kobold generation...');
+        const abortResponse = await fetch(`${url}/api/extra/abort`, {
+            method: 'POST',
+        });
+
+        if (!abortResponse.ok) {
+            console.log('Error sending abort request to Kobold:', abortResponse.status, abortResponse.statusText);
+        }
+    } catch (error) {
+        console.log(error);
+    }
+}
+
+//************** Ooba/OpenAI text completions API
+router.post('/status', jsonParser, async function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    try {
+        if (request.body.api_server.indexOf('localhost') !== -1) {
+            request.body.api_server = request.body.api_server.replace('localhost', '127.0.0.1');
+        }
+
+        console.log('Trying to connect to API:', request.body);
+        const baseUrl = trimV1(request.body.api_server);
+
+        const args = {
+            headers: { 'Content-Type': 'application/json' },
+        };
+
+        setAdditionalHeaders(request, args, baseUrl);
+
+        const apiType = request.body.api_type;
+        let url = baseUrl;
+        let result = '';
+
+        if (request.body.legacy_api) {
+            url += '/v1/model';
+        } else {
+            switch (apiType) {
+                case TEXTGEN_TYPES.OOBA:
+                case TEXTGEN_TYPES.VLLM:
+                case TEXTGEN_TYPES.APHRODITE:
+                case TEXTGEN_TYPES.KOBOLDCPP:
+                case TEXTGEN_TYPES.LLAMACPP:
+                case TEXTGEN_TYPES.INFERMATICAI:
+                case TEXTGEN_TYPES.OPENROUTER:
+                    url += '/v1/models';
+                    break;
+                case TEXTGEN_TYPES.DREAMGEN:
+                    url += '/api/openai/v1/models';
+                    break;
+                case TEXTGEN_TYPES.MANCER:
+                    url += '/oai/v1/models';
+                    break;
+                case TEXTGEN_TYPES.TABBY:
+                    url += '/v1/model/list';
+                    break;
+                case TEXTGEN_TYPES.TOGETHERAI:
+                    url += '/api/models?&info';
+                    break;
+                case TEXTGEN_TYPES.OLLAMA:
+                    url += '/api/tags';
+                    break;
+                case TEXTGEN_TYPES.FEATHERLESS:
+                    url += '/v1/models';
+                    break;
+                case TEXTGEN_TYPES.HUGGINGFACE:
+                    url += '/info';
+                    break;
+            }
+        }
+
+        const modelsReply = await fetch(url, args);
+
+        if (!modelsReply.ok) {
+            console.log('Models endpoint is offline.');
+            return response.status(400);
+        }
+
+        let data = await modelsReply.json();
+
+        if (request.body.legacy_api) {
+            console.log('Legacy API response:', data);
+            return response.send({ result: data?.result });
+        }
+
+        // Rewrap to OAI-like response
+        if (apiType === TEXTGEN_TYPES.TOGETHERAI && Array.isArray(data)) {
+            data = { data: data.map(x => ({ id: x.name, ...x })) };
+        }
+
+        if (apiType === TEXTGEN_TYPES.OLLAMA && Array.isArray(data.models)) {
+            data = { data: data.models.map(x => ({ id: x.name, ...x })) };
+        }
+
+        if (apiType === TEXTGEN_TYPES.HUGGINGFACE) {
+            data = { data: [] };
+        }
+
+        if (!Array.isArray(data.data)) {
+            console.log('Models response is not an array.');
+            return response.status(400);
+        }
+
+        const modelIds = data.data.map(x => x.id);
+        console.log('Models available:', modelIds);
+
+        // Set result to the first model ID
+        result = modelIds[0] || 'Valid';
+
+        if (apiType === TEXTGEN_TYPES.OOBA) {
+            try {
+                const modelInfoUrl = baseUrl + '/v1/internal/model/info';
+                const modelInfoReply = await fetch(modelInfoUrl, args);
+
+                if (modelInfoReply.ok) {
+                    const modelInfo = await modelInfoReply.json();
+                    console.log('Ooba model info:', modelInfo);
+
+                    const modelName = modelInfo?.model_name;
+                    result = modelName || result;
+                }
+            } catch (error) {
+                console.error(`Failed to get Ooba model info: ${error}`);
+            }
+        } else if (apiType === TEXTGEN_TYPES.TABBY) {
+            try {
+                const modelInfoUrl = baseUrl + '/v1/model';
+                const modelInfoReply = await fetch(modelInfoUrl, args);
+
+                if (modelInfoReply.ok) {
+                    const modelInfo = await modelInfoReply.json();
+                    console.log('Tabby model info:', modelInfo);
+
+                    const modelName = modelInfo?.id;
+                    result = modelName || result;
+                } else {
+                    // TabbyAPI returns an error 400 if a model isn't loaded
+
+                    result = 'None';
+                }
+            } catch (error) {
+                console.error(`Failed to get TabbyAPI model info: ${error}`);
+            }
+        }
+
+        return response.send({ result, data: data.data });
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+router.post('/generate', jsonParser, async function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    try {
+        if (request.body.api_server.indexOf('localhost') !== -1) {
+            request.body.api_server = request.body.api_server.replace('localhost', '127.0.0.1');
+        }
+
+        const apiType = request.body.api_type;
+        const baseUrl = request.body.api_server;
+        console.log(request.body);
+
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', async function () {
+            if (request.body.api_type === TEXTGEN_TYPES.KOBOLDCPP && !response.writableEnded) {
+                await abortKoboldCppRequest(trimV1(baseUrl));
+            }
+
+            controller.abort();
+        });
+
+        let url = trimV1(baseUrl);
+
+        if (request.body.legacy_api) {
+            url += '/v1/generate';
+        } else {
+            switch (request.body.api_type) {
+                case TEXTGEN_TYPES.VLLM:
+                case TEXTGEN_TYPES.FEATHERLESS:
+                case TEXTGEN_TYPES.APHRODITE:
+                case TEXTGEN_TYPES.OOBA:
+                case TEXTGEN_TYPES.TABBY:
+                case TEXTGEN_TYPES.KOBOLDCPP:
+                case TEXTGEN_TYPES.TOGETHERAI:
+                case TEXTGEN_TYPES.INFERMATICAI:
+                case TEXTGEN_TYPES.HUGGINGFACE:
+                    url += '/v1/completions';
+                    break;
+                case TEXTGEN_TYPES.DREAMGEN:
+                    url += '/api/openai/v1/completions';
+                    break;
+                case TEXTGEN_TYPES.MANCER:
+                    url += '/oai/v1/completions';
+                    break;
+                case TEXTGEN_TYPES.LLAMACPP:
+                    url += '/completion';
+                    break;
+                case TEXTGEN_TYPES.OLLAMA:
+                    url += '/api/generate';
+                    break;
+                case TEXTGEN_TYPES.OPENROUTER:
+                    url += '/v1/chat/completions';
+                    break;
+            }
+        }
+
+        const args = {
+            method: 'POST',
+            body: JSON.stringify(request.body),
+            headers: { 'Content-Type': 'application/json' },
+            signal: controller.signal,
+            timeout: 0,
+        };
+
+        setAdditionalHeaders(request, args, baseUrl);
+
+        if (request.body.api_type === TEXTGEN_TYPES.TOGETHERAI) {
+            request.body = _.pickBy(request.body, (_, key) => TOGETHERAI_KEYS.includes(key));
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.INFERMATICAI) {
+            request.body = _.pickBy(request.body, (_, key) => INFERMATICAI_KEYS.includes(key));
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.FEATHERLESS) {
+            request.body = _.pickBy(request.body, (_, key) => FEATHERLESS_KEYS.includes(key));
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.DREAMGEN) {
+            request.body = _.pickBy(request.body, (_, key) => DREAMGEN_KEYS.includes(key));
+            // NOTE: DreamGen sometimes get confused by the unusual formatting in the character cards.
+            request.body.stop?.push('### User', '## User');
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.OPENROUTER) {
+            if (Array.isArray(request.body.provider) && request.body.provider.length > 0) {
+                request.body.provider = {
+                    allow_fallbacks: request.body.allow_fallbacks ?? true,
+                    order: request.body.provider,
+                };
+            } else {
+                delete request.body.provider;
+            }
+            request.body = _.pickBy(request.body, (_, key) => OPENROUTER_KEYS.includes(key));
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.VLLM) {
+            request.body = _.pickBy(request.body, (_, key) => VLLM_KEYS.includes(key));
+            args.body = JSON.stringify(request.body);
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.OLLAMA) {
+            const keepAlive = getConfigValue('ollama.keepAlive', -1);
+            args.body = JSON.stringify({
+                model: request.body.model,
+                prompt: request.body.prompt,
+                stream: request.body.stream ?? false,
+                keep_alive: keepAlive,
+                raw: true,
+                options: _.pickBy(request.body, (_, key) => OLLAMA_KEYS.includes(key)),
+            });
+        }
+
+        if (request.body.api_type === TEXTGEN_TYPES.OLLAMA && request.body.stream) {
+            const stream = await fetch(url, args);
+            parseOllamaStream(stream, request, response);
+        } else if (request.body.stream) {
+            const completionsStream = await fetch(url, args);
+            // Pipe remote SSE stream to Express response
+            forwardFetchResponse(completionsStream, response);
+        }
+        else {
+            const completionsReply = await fetch(url, args);
+
+            if (completionsReply.ok) {
+                const data = await completionsReply.json();
+                console.log('Endpoint response:', data);
+
+                // Wrap legacy response to OAI completions format
+                if (request.body.legacy_api) {
+                    const text = data?.results[0]?.text;
+                    data['choices'] = [{ text }];
+                }
+
+                // Map InfermaticAI response to OAI completions format
+                if (apiType === TEXTGEN_TYPES.INFERMATICAI) {
+                    data['choices'] = (data?.choices || []).map(choice => ({ text: choice?.message?.content || choice.text, logprobs: choice?.logprobs, index: choice?.index }));
+                }
+
+                return response.send(data);
+            } else {
+                const text = await completionsReply.text();
+                const errorBody = { error: true, status: completionsReply.status, response: text };
+
+                if (!response.headersSent) {
+                    return response.send(errorBody);
+                }
+
+                return response.end();
+            }
+        }
+    } catch (error) {
+        let value = { error: true, status: error?.status, response: error?.statusText };
+        console.log('Endpoint error:', error);
+
+        if (!response.headersSent) {
+            return response.send(value);
+        }
+
+        return response.end();
+    }
+});
+
+const ollama = express.Router();
+
+ollama.post('/download', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.name || !request.body.api_server) return response.sendStatus(400);
+
+        const name = request.body.name;
+        const url = String(request.body.api_server).replace(/\/$/, '');
+
+        const fetchResponse = await fetch(`${url}/api/pull`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                name: name,
+                stream: false,
+            }),
+            timeout: 0,
+        });
+
+        if (!fetchResponse.ok) {
+            console.log('Download error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(fetchResponse.status).send({ error: true });
+        }
+
+        return response.send({ ok: true });
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+ollama.post('/caption-image', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.server_url || !request.body.model) {
+            return response.sendStatus(400);
+        }
+
+        console.log('Ollama caption request:', request.body);
+        const baseUrl = trimV1(request.body.server_url);
+
+        const fetchResponse = await fetch(`${baseUrl}/api/generate`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                model: request.body.model,
+                prompt: request.body.prompt,
+                images: [request.body.image],
+                stream: false,
+            }),
+            timeout: 0,
+        });
+
+        if (!fetchResponse.ok) {
+            console.log('Ollama caption error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(500).send({ error: true });
+        }
+
+        const data = await fetchResponse.json();
+        console.log('Ollama caption response:', data);
+
+        const caption = data?.response || '';
+
+        if (!caption) {
+            console.log('Ollama caption is empty.');
+            return response.status(500).send({ error: true });
+        }
+
+        return response.send({ caption });
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+const llamacpp = express.Router();
+
+llamacpp.post('/caption-image', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.server_url) {
+            return response.sendStatus(400);
+        }
+
+        console.log('LlamaCpp caption request:', request.body);
+        const baseUrl = trimV1(request.body.server_url);
+
+        const fetchResponse = await fetch(`${baseUrl}/completion`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            timeout: 0,
+            body: JSON.stringify({
+                prompt: `USER:[img-1]${String(request.body.prompt).trim()}\nASSISTANT:`,
+                image_data: [{ data: request.body.image, id: 1 }],
+                temperature: 0.1,
+                stream: false,
+                stop: ['USER:', '</s>'],
+            }),
+        });
+
+        if (!fetchResponse.ok) {
+            console.log('LlamaCpp caption error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(500).send({ error: true });
+        }
+
+        const data = await fetchResponse.json();
+        console.log('LlamaCpp caption response:', data);
+
+        const caption = data?.content || '';
+
+        if (!caption) {
+            console.log('LlamaCpp caption is empty.');
+            return response.status(500).send({ error: true });
+        }
+
+        return response.send({ caption });
+
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+llamacpp.post('/props', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.server_url) {
+            return response.sendStatus(400);
+        }
+
+        console.log('LlamaCpp props request:', request.body);
+        const baseUrl = trimV1(request.body.server_url);
+
+        const fetchResponse = await fetch(`${baseUrl}/props`, {
+            method: 'GET',
+            timeout: 0,
+        });
+
+        if (!fetchResponse.ok) {
+            console.log('LlamaCpp props error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(500).send({ error: true });
+        }
+
+        const data = await fetchResponse.json();
+        console.log('LlamaCpp props response:', data);
+
+        return response.send(data);
+
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+llamacpp.post('/slots', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.server_url) {
+            return response.sendStatus(400);
+        }
+        if (!/^(erase|info|restore|save)$/.test(request.body.action)) {
+            return response.sendStatus(400);
+        }
+
+        console.log('LlamaCpp slots request:', request.body);
+        const baseUrl = trimV1(request.body.server_url);
+
+        let fetchResponse;
+        if (request.body.action === 'info') {
+            fetchResponse = await fetch(`${baseUrl}/slots`, {
+                method: 'GET',
+                timeout: 0,
+            });
+        } else {
+            if (!/^\d+$/.test(request.body.id_slot)) {
+                return response.sendStatus(400);
+            }
+            if (request.body.action !== 'erase' && !request.body.filename) {
+                return response.sendStatus(400);
+            }
+
+            fetchResponse = await fetch(`${baseUrl}/slots/${request.body.id_slot}?action=${request.body.action}`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                timeout: 0,
+                body: JSON.stringify({
+                    filename: request.body.action !== 'erase' ? `${request.body.filename}` : undefined,
+                }),
+            });
+        }
+
+        if (!fetchResponse.ok) {
+            console.log('LlamaCpp slots error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(500).send({ error: true });
+        }
+
+        const data = await fetchResponse.json();
+        console.log('LlamaCpp slots response:', data);
+
+        return response.send(data);
+
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+const tabby = express.Router();
+
+tabby.post('/download', jsonParser, async function (request, response) {
+    try {
+        const baseUrl = String(request.body.api_server).replace(/\/$/, '');
+
+        const args = {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(request.body),
+            timeout: 0,
+        };
+
+        setAdditionalHeaders(request, args, baseUrl);
+
+        // Check key permissions
+        const permissionResponse = await fetch(`${baseUrl}/v1/auth/permission`, {
+            headers: args.headers,
+        });
+
+        if (permissionResponse.ok) {
+            const permissionJson = await permissionResponse.json();
+
+            if (permissionJson['permission'] !== 'admin') {
+                return response.status(403).send({ error: true });
+            }
+        } else {
+            console.log('API Permission error:', permissionResponse.status, permissionResponse.statusText);
+            return response.status(permissionResponse.status).send({ error: true });
+        }
+
+        const fetchResponse = await fetch(`${baseUrl}/v1/download`, args);
+
+        if (!fetchResponse.ok) {
+            console.log('Download error:', fetchResponse.status, fetchResponse.statusText);
+            return response.status(fetchResponse.status).send({ error: true });
+        }
+
+        return response.send({ ok: true });
+    } catch (error) {
+        console.error(error);
+        return response.status(500);
+    }
+});
+
+router.use('/ollama', ollama);
+router.use('/llamacpp', llamacpp);
+router.use('/tabby', tabby);
+
+module.exports = { router };

src/endpoints/backgrounds.js

@@ -0,0 +1,76 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+
+const { jsonParser, urlencodedParser } = require('../express-common');
+const { invalidateThumbnail } = require('./thumbnails');
+const { getImages } = require('../util');
+
+const router = express.Router();
+
+router.post('/all', jsonParser, function (request, response) {
+    var images = getImages(request.user.directories.backgrounds);
+    response.send(JSON.stringify(images));
+});
+
+router.post('/delete', jsonParser, function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    if (request.body.bg !== sanitize(request.body.bg)) {
+        console.error('Malicious bg name prevented');
+        return response.sendStatus(403);
+    }
+
+    const fileName = path.join(request.user.directories.backgrounds, sanitize(request.body.bg));
+
+    if (!fs.existsSync(fileName)) {
+        console.log('BG file not found');
+        return response.sendStatus(400);
+    }
+
+    fs.rmSync(fileName);
+    invalidateThumbnail(request.user.directories, 'bg', request.body.bg);
+    return response.send('ok');
+});
+
+router.post('/rename', jsonParser, function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    const oldFileName = path.join(request.user.directories.backgrounds, sanitize(request.body.old_bg));
+    const newFileName = path.join(request.user.directories.backgrounds, sanitize(request.body.new_bg));
+
+    if (!fs.existsSync(oldFileName)) {
+        console.log('BG file not found');
+        return response.sendStatus(400);
+    }
+
+    if (fs.existsSync(newFileName)) {
+        console.log('New BG file already exists');
+        return response.sendStatus(400);
+    }
+
+    fs.copyFileSync(oldFileName, newFileName);
+    fs.rmSync(oldFileName);
+    invalidateThumbnail(request.user.directories, 'bg', request.body.old_bg);
+    return response.send('ok');
+});
+
+router.post('/upload', urlencodedParser, function (request, response) {
+    if (!request.body || !request.file) return response.sendStatus(400);
+
+    const img_path = path.join(request.file.destination, request.file.filename);
+    const filename = request.file.originalname;
+
+    try {
+        fs.copyFileSync(img_path, path.join(request.user.directories.backgrounds, filename));
+        fs.rmSync(img_path);
+        invalidateThumbnail(request.user.directories, 'bg', filename);
+        response.send(filename);
+    } catch (err) {
+        console.error(err);
+        response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/caption.js

@@ -0,0 +1,32 @@
+const express = require('express');
+const { jsonParser } = require('../express-common');
+
+const TASK = 'image-to-text';
+
+const router = express.Router();
+
+router.post('/', jsonParser, async (req, res) => {
+    try {
+        const { image } = req.body;
+
+        const module = await import('../transformers.mjs');
+        const rawImage = await module.default.getRawImage(image);
+
+        if (!rawImage) {
+            console.log('Failed to parse captioned image');
+            return res.sendStatus(400);
+        }
+
+        const pipe = await module.default.getPipeline(TASK);
+        const result = await pipe(rawImage);
+        const text = result[0].generated_text;
+        console.log('Image caption:', text);
+
+        return res.json({ caption: text });
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/characters.js

@@ -0,0 +1,1230 @@
+const path = require('path');
+const fs = require('fs');
+const fsPromises = require('fs').promises;
+const readline = require('readline');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const yaml = require('yaml');
+const _ = require('lodash');
+const mime = require('mime-types');
+
+const jimp = require('jimp');
+
+const { AVATAR_WIDTH, AVATAR_HEIGHT } = require('../constants');
+const { jsonParser, urlencodedParser } = require('../express-common');
+const { deepMerge, humanizedISO8601DateTime, tryParse, extractFileFromZipBuffer } = require('../util');
+const { TavernCardValidator } = require('../validator/TavernCardValidator');
+const characterCardParser = require('../character-card-parser.js');
+const { readWorldInfoFile } = require('./worldinfo');
+const { invalidateThumbnail } = require('./thumbnails');
+const { importRisuSprites } = require('./sprites');
+const defaultAvatarPath = './public/img/ai4.png';
+
+// KV-store for parsed character data
+const characterDataCache = new Map();
+
+/**
+ * Reads the character card from the specified image file.
+ * @param {string} inputFile - Path to the image file
+ * @param {string} inputFormat - 'png'
+ * @returns {Promise<string | undefined>} - Character card data
+ */
+async function readCharacterData(inputFile, inputFormat = 'png') {
+    const stat = fs.statSync(inputFile);
+    const cacheKey = `${inputFile}-${stat.mtimeMs}`;
+    if (characterDataCache.has(cacheKey)) {
+        return characterDataCache.get(cacheKey);
+    }
+
+    const result = characterCardParser.parse(inputFile, inputFormat);
+    characterDataCache.set(cacheKey, result);
+    return result;
+}
+
+/**
+ * Writes the character card to the specified image file.
+ * @param {string|Buffer} inputFile - Path to the image file or image buffer
+ * @param {string} data - Character card data
+ * @param {string} outputFile - Target image file name
+ * @param {import('express').Request} request - Express request obejct
+ * @param {Crop|undefined} crop - Crop parameters
+ * @returns {Promise<boolean>} - True if the operation was successful
+ */
+async function writeCharacterData(inputFile, data, outputFile, request, crop = undefined) {
+    try {
+        // Reset the cache
+        for (const key of characterDataCache.keys()) {
+            if (key.startsWith(inputFile)) {
+                characterDataCache.delete(key);
+                break;
+            }
+        }
+
+        /**
+         * Read the image, resize, and save it as a PNG into the buffer.
+         * @returns {Promise<Buffer>} Image buffer
+         */
+        function getInputImage() {
+            if (Buffer.isBuffer(inputFile)) {
+                return parseImageBuffer(inputFile, crop);
+            }
+
+            return tryReadImage(inputFile, crop);
+        }
+
+        const inputImage = await getInputImage();
+
+        // Get the chunks
+        const outputImage = characterCardParser.write(inputImage, data);
+        const outputImagePath = path.join(request.user.directories.characters, `${outputFile}.png`);
+
+        writeFileAtomicSync(outputImagePath, outputImage);
+        return true;
+    } catch (err) {
+        console.log(err);
+        return false;
+    }
+}
+
+/**
+ * @typedef {Object} Crop
+ * @property {number} x X-coordinate
+ * @property {number} y Y-coordinate
+ * @property {number} width Width
+ * @property {number} height Height
+ * @property {boolean} want_resize Resize the image to the standard avatar size
+ */
+
+/**
+ * Parses an image buffer and applies crop if defined.
+ * @param {Buffer} buffer Buffer of the image
+ * @param {Crop|undefined} [crop] Crop parameters
+ * @returns {Promise<Buffer>} Image buffer
+ */
+async function parseImageBuffer(buffer, crop) {
+    const image = await jimp.read(buffer);
+    let finalWidth = image.bitmap.width, finalHeight = image.bitmap.height;
+
+    // Apply crop if defined
+    if (typeof crop == 'object' && [crop.x, crop.y, crop.width, crop.height].every(x => typeof x === 'number')) {
+        image.crop(crop.x, crop.y, crop.width, crop.height);
+        // Apply standard resize if requested
+        if (crop.want_resize) {
+            finalWidth = AVATAR_WIDTH;
+            finalHeight = AVATAR_HEIGHT;
+        } else {
+            finalWidth = crop.width;
+            finalHeight = crop.height;
+        }
+    }
+
+    return image.cover(finalWidth, finalHeight).getBufferAsync(jimp.MIME_PNG);
+}
+
+/**
+ * Reads an image file and applies crop if defined.
+ * @param {string} imgPath Path to the image file
+ * @param {Crop|undefined} crop Crop parameters
+ * @returns {Promise<Buffer>} Image buffer
+ */
+async function tryReadImage(imgPath, crop) {
+    try {
+        let rawImg = await jimp.read(imgPath);
+        let finalWidth = rawImg.bitmap.width, finalHeight = rawImg.bitmap.height;
+
+        // Apply crop if defined
+        if (typeof crop == 'object' && [crop.x, crop.y, crop.width, crop.height].every(x => typeof x === 'number')) {
+            rawImg = rawImg.crop(crop.x, crop.y, crop.width, crop.height);
+            // Apply standard resize if requested
+            if (crop.want_resize) {
+                finalWidth = AVATAR_WIDTH;
+                finalHeight = AVATAR_HEIGHT;
+            } else {
+                finalWidth = crop.width;
+                finalHeight = crop.height;
+            }
+        }
+
+        const image = await rawImg.cover(finalWidth, finalHeight).getBufferAsync(jimp.MIME_PNG);
+        return image;
+    }
+    // If it's an unsupported type of image (APNG) - just read the file as buffer
+    catch {
+        return fs.readFileSync(imgPath);
+    }
+}
+
+/**
+ * calculateChatSize - Calculates the total chat size for a given character.
+ *
+ * @param  {string} charDir The directory where the chats are stored.
+ * @return { {chatSize: number, dateLastChat: number} }         The total chat size.
+ */
+const calculateChatSize = (charDir) => {
+    let chatSize = 0;
+    let dateLastChat = 0;
+
+    if (fs.existsSync(charDir)) {
+        const chats = fs.readdirSync(charDir);
+        if (Array.isArray(chats) && chats.length) {
+            for (const chat of chats) {
+                const chatStat = fs.statSync(path.join(charDir, chat));
+                chatSize += chatStat.size;
+                dateLastChat = Math.max(dateLastChat, chatStat.mtimeMs);
+            }
+        }
+    }
+
+    return { chatSize, dateLastChat };
+};
+
+// Calculate the total string length of the data object
+const calculateDataSize = (data) => {
+    return typeof data === 'object' ? Object.values(data).reduce((acc, val) => acc + new String(val).length, 0) : 0;
+};
+
+/**
+ * processCharacter - Process a given character, read its data and calculate its statistics.
+ *
+ * @param  {string} item The name of the character.
+ * @param  {import('../users').UserDirectoryList} directories User directories
+ * @return {Promise<object>}     A Promise that resolves when the character processing is done.
+ */
+const processCharacter = async (item, directories) => {
+    try {
+        const imgFile = path.join(directories.characters, item);
+        const imgData = await readCharacterData(imgFile);
+        if (imgData === undefined) throw new Error('Failed to read character file');
+
+        let jsonObject = getCharaCardV2(JSON.parse(imgData), directories, false);
+        jsonObject.avatar = item;
+        const character = jsonObject;
+        character['json_data'] = imgData;
+        const charStat = fs.statSync(path.join(directories.characters, item));
+        character['date_added'] = charStat.ctimeMs;
+        character['create_date'] = jsonObject['create_date'] || humanizedISO8601DateTime(charStat.ctimeMs);
+        const chatsDirectory = path.join(directories.chats, item.replace('.png', ''));
+
+        const { chatSize, dateLastChat } = calculateChatSize(chatsDirectory);
+        character['chat_size'] = chatSize;
+        character['date_last_chat'] = dateLastChat;
+        character['data_size'] = calculateDataSize(jsonObject?.data);
+        return character;
+    }
+    catch (err) {
+        console.log(`Could not process character: ${item}`);
+
+        if (err instanceof SyntaxError) {
+            console.log(`${item} does not contain a valid JSON object.`);
+        } else {
+            console.log('An unexpected error occurred: ', err);
+        }
+
+        return {
+            date_added: 0,
+            date_last_chat: 0,
+            chat_size: 0,
+        };
+    }
+};
+
+/**
+ * Convert a character object to Spec V2 format.
+ * @param {object} jsonObject Character object
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {boolean} hoistDate Will set the chat and create_date fields to the current date if they are missing
+ * @returns {object} Character object in Spec V2 format
+ */
+function getCharaCardV2(jsonObject, directories, hoistDate = true) {
+    if (jsonObject.spec === undefined) {
+        jsonObject = convertToV2(jsonObject, directories);
+
+        if (hoistDate && !jsonObject.create_date) {
+            jsonObject.create_date = humanizedISO8601DateTime();
+        }
+    } else {
+        jsonObject = readFromV2(jsonObject);
+    }
+    return jsonObject;
+}
+
+/**
+ * Convert a character object to Spec V2 format.
+ * @param {object} char Character object
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {object} Character object in Spec V2 format
+ */
+function convertToV2(char, directories) {
+    // Simulate incoming data from frontend form
+    const result = charaFormatData({
+        json_data: JSON.stringify(char),
+        ch_name: char.name,
+        description: char.description,
+        personality: char.personality,
+        scenario: char.scenario,
+        first_mes: char.first_mes,
+        mes_example: char.mes_example,
+        creator_notes: char.creatorcomment,
+        talkativeness: char.talkativeness,
+        fav: char.fav,
+        creator: char.creator,
+        tags: char.tags,
+        depth_prompt_prompt: char.depth_prompt_prompt,
+        depth_prompt_depth: char.depth_prompt_depth,
+        depth_prompt_role: char.depth_prompt_role,
+    }, directories);
+
+    result.chat = char.chat ?? humanizedISO8601DateTime();
+    result.create_date = char.create_date;
+
+    return result;
+}
+
+
+function unsetFavFlag(char) {
+    _.set(char, 'fav', false);
+    _.set(char, 'data.extensions.fav', false);
+}
+
+function readFromV2(char) {
+    if (_.isUndefined(char.data)) {
+        console.warn(`Char ${char['name']} has Spec v2 data missing`);
+        return char;
+    }
+
+    const fieldMappings = {
+        name: 'name',
+        description: 'description',
+        personality: 'personality',
+        scenario: 'scenario',
+        first_mes: 'first_mes',
+        mes_example: 'mes_example',
+        talkativeness: 'extensions.talkativeness',
+        fav: 'extensions.fav',
+        tags: 'tags',
+    };
+
+    _.forEach(fieldMappings, (v2Path, charField) => {
+        //console.log(`Migrating field: ${charField} from ${v2Path}`);
+        const v2Value = _.get(char.data, v2Path);
+        if (_.isUndefined(v2Value)) {
+            let defaultValue = undefined;
+
+            // Backfill default values for missing ST extension fields
+            if (v2Path === 'extensions.talkativeness') {
+                defaultValue = 0.5;
+            }
+
+            if (v2Path === 'extensions.fav') {
+                defaultValue = false;
+            }
+
+            if (!_.isUndefined(defaultValue)) {
+                //console.debug(`Spec v2 extension data missing for field: ${charField}, using default value: ${defaultValue}`);
+                char[charField] = defaultValue;
+            } else {
+                console.debug(`Char ${char['name']} has Spec v2 data missing for unknown field: ${charField}`);
+                return;
+            }
+        }
+        if (!_.isUndefined(char[charField]) && !_.isUndefined(v2Value) && String(char[charField]) !== String(v2Value)) {
+            console.debug(`Char ${char['name']} has Spec v2 data mismatch with Spec v1 for field: ${charField}`, char[charField], v2Value);
+        }
+        char[charField] = v2Value;
+    });
+
+    char['chat'] = char['chat'] ?? humanizedISO8601DateTime();
+
+    return char;
+}
+
+/**
+ * Format character data to Spec V2 format.
+ * @param {object} data Character data
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns
+ */
+function charaFormatData(data, directories) {
+    // This is supposed to save all the foreign keys that ST doesn't care about
+    const char = tryParse(data.json_data) || {};
+
+    // Checks if data.alternate_greetings is an array, a string, or neither, and acts accordingly. (expected to be an array of strings)
+    const getAlternateGreetings = data => {
+        if (Array.isArray(data.alternate_greetings)) return data.alternate_greetings;
+        if (typeof data.alternate_greetings === 'string') return [data.alternate_greetings];
+        return [];
+    };
+
+    // Spec V1 fields
+    _.set(char, 'name', data.ch_name);
+    _.set(char, 'description', data.description || '');
+    _.set(char, 'personality', data.personality || '');
+    _.set(char, 'scenario', data.scenario || '');
+    _.set(char, 'first_mes', data.first_mes || '');
+    _.set(char, 'mes_example', data.mes_example || '');
+
+    // Old ST extension fields (for backward compatibility, will be deprecated)
+    _.set(char, 'creatorcomment', data.creator_notes);
+    _.set(char, 'avatar', 'none');
+    _.set(char, 'chat', data.ch_name + ' - ' + humanizedISO8601DateTime());
+    _.set(char, 'talkativeness', data.talkativeness);
+    _.set(char, 'fav', data.fav == 'true');
+    _.set(char, 'tags', typeof data.tags == 'string' ? (data.tags.split(',').map(x => x.trim()).filter(x => x)) : data.tags || []);
+
+    // Spec V2 fields
+    _.set(char, 'spec', 'chara_card_v2');
+    _.set(char, 'spec_version', '2.0');
+    _.set(char, 'data.name', data.ch_name);
+    _.set(char, 'data.description', data.description || '');
+    _.set(char, 'data.personality', data.personality || '');
+    _.set(char, 'data.scenario', data.scenario || '');
+    _.set(char, 'data.first_mes', data.first_mes || '');
+    _.set(char, 'data.mes_example', data.mes_example || '');
+
+    // New V2 fields
+    _.set(char, 'data.creator_notes', data.creator_notes || '');
+    _.set(char, 'data.system_prompt', data.system_prompt || '');
+    _.set(char, 'data.post_history_instructions', data.post_history_instructions || '');
+    _.set(char, 'data.tags', typeof data.tags == 'string' ? (data.tags.split(',').map(x => x.trim()).filter(x => x)) : data.tags || []);
+    _.set(char, 'data.creator', data.creator || '');
+    _.set(char, 'data.character_version', data.character_version || '');
+    _.set(char, 'data.alternate_greetings', getAlternateGreetings(data));
+
+    // ST extension fields to V2 object
+    _.set(char, 'data.extensions.talkativeness', data.talkativeness);
+    _.set(char, 'data.extensions.fav', data.fav == 'true');
+    _.set(char, 'data.extensions.world', data.world || '');
+
+    // Spec extension: depth prompt
+    const depth_default = 4;
+    const role_default = 'system';
+    const depth_value = !isNaN(Number(data.depth_prompt_depth)) ? Number(data.depth_prompt_depth) : depth_default;
+    const role_value = data.depth_prompt_role ?? role_default;
+    _.set(char, 'data.extensions.depth_prompt.prompt', data.depth_prompt_prompt ?? '');
+    _.set(char, 'data.extensions.depth_prompt.depth', depth_value);
+    _.set(char, 'data.extensions.depth_prompt.role', role_value);
+    //_.set(char, 'data.extensions.create_date', humanizedISO8601DateTime());
+    //_.set(char, 'data.extensions.avatar', 'none');
+    //_.set(char, 'data.extensions.chat', data.ch_name + ' - ' + humanizedISO8601DateTime());
+
+    // V3 fields
+    _.set(char, 'data.group_only_greetings', data.group_only_greetings ?? []);
+
+    if (data.world) {
+        try {
+            const file = readWorldInfoFile(directories, data.world, false);
+
+            // File was imported - save it to the character book
+            if (file && file.originalData) {
+                _.set(char, 'data.character_book', file.originalData);
+            }
+
+            // File was not imported - convert the world info to the character book
+            if (file && file.entries) {
+                _.set(char, 'data.character_book', convertWorldInfoToCharacterBook(data.world, file.entries));
+            }
+
+        } catch {
+            console.debug(`Failed to read world info file: ${data.world}. Character book will not be available.`);
+        }
+    }
+
+    if (data.extensions) {
+        try {
+            const extensions = JSON.parse(data.extensions);
+            // Deep merge the extensions object
+            _.set(char, 'data.extensions', deepMerge(char.data.extensions, extensions));
+        } catch {
+            console.debug(`Failed to parse extensions JSON: ${data.extensions}`);
+        }
+    }
+
+    return char;
+}
+
+/**
+ * @param {string} name Name of World Info file
+ * @param {object} entries Entries object
+ */
+function convertWorldInfoToCharacterBook(name, entries) {
+    /** @type {{ entries: object[]; name: string }} */
+    const result = { entries: [], name };
+
+    for (const index in entries) {
+        const entry = entries[index];
+
+        const originalEntry = {
+            id: entry.uid,
+            keys: entry.key,
+            secondary_keys: entry.keysecondary,
+            comment: entry.comment,
+            content: entry.content,
+            constant: entry.constant,
+            selective: entry.selective,
+            insertion_order: entry.order,
+            enabled: !entry.disable,
+            position: entry.position == 0 ? 'before_char' : 'after_char',
+            use_regex: true, // ST keys are always regex
+            extensions: {
+                position: entry.position,
+                exclude_recursion: entry.excludeRecursion,
+                display_index: entry.displayIndex,
+                probability: entry.probability ?? null,
+                useProbability: entry.useProbability ?? false,
+                depth: entry.depth ?? 4,
+                selectiveLogic: entry.selectiveLogic ?? 0,
+                group: entry.group ?? '',
+                group_override: entry.groupOverride ?? false,
+                group_weight: entry.groupWeight ?? null,
+                prevent_recursion: entry.preventRecursion ?? false,
+                delay_until_recursion: entry.delayUntilRecursion ?? false,
+                scan_depth: entry.scanDepth ?? null,
+                match_whole_words: entry.matchWholeWords ?? null,
+                use_group_scoring: entry.useGroupScoring ?? false,
+                case_sensitive: entry.caseSensitive ?? null,
+                automation_id: entry.automationId ?? '',
+                role: entry.role ?? 0,
+                vectorized: entry.vectorized ?? false,
+                sticky: entry.sticky ?? null,
+                cooldown: entry.cooldown ?? null,
+                delay: entry.delay ?? null,
+            },
+        };
+
+        result.entries.push(originalEntry);
+    }
+
+    return result;
+}
+
+/**
+ * Import a character from a YAML file.
+ * @param {string} uploadPath Path to the uploaded file
+ * @param {{ request: import('express').Request, response: import('express').Response }} context Express request and response objects
+ * @param {string|undefined} preservedFileName Preserved file name
+ * @returns {Promise<string>} Internal name of the character
+ */
+async function importFromYaml(uploadPath, context, preservedFileName) {
+    const fileText = fs.readFileSync(uploadPath, 'utf8');
+    fs.rmSync(uploadPath);
+    const yamlData = yaml.parse(fileText);
+    console.log('Importing from YAML');
+    yamlData.name = sanitize(yamlData.name);
+    const fileName = preservedFileName || getPngName(yamlData.name, context.request.user.directories);
+    let char = convertToV2({
+        'name': yamlData.name,
+        'description': yamlData.context ?? '',
+        'first_mes': yamlData.greeting ?? '',
+        'create_date': humanizedISO8601DateTime(),
+        'chat': `${yamlData.name} - ${humanizedISO8601DateTime()}`,
+        'personality': '',
+        'creatorcomment': '',
+        'avatar': 'none',
+        'mes_example': '',
+        'scenario': '',
+        'talkativeness': 0.5,
+        'creator': '',
+        'tags': '',
+    }, context.request.user.directories);
+    const result = await writeCharacterData(defaultAvatarPath, JSON.stringify(char), fileName, context.request);
+    return result ? fileName : '';
+}
+
+/**
+ * Imports a character card from CharX (ZIP) file.
+ * @param {string} uploadPath
+ * @param {object} params
+ * @param {import('express').Request} params.request
+ * @param {string|undefined} preservedFileName Preserved file name
+ * @returns {Promise<string>} Internal name of the character
+ */
+async function importFromCharX(uploadPath, { request }, preservedFileName) {
+    const data = fs.readFileSync(uploadPath);
+    fs.rmSync(uploadPath);
+    console.log('Importing from CharX');
+    const cardBuffer = await extractFileFromZipBuffer(data, 'card.json');
+
+    if (!cardBuffer) {
+        throw new Error('Failed to extract card.json from CharX file');
+    }
+
+    const card = readFromV2(JSON.parse(cardBuffer.toString()));
+
+    if (card.spec === undefined) {
+        throw new Error('Invalid CharX card file: missing spec field');
+    }
+
+    /** @type {string|Buffer} */
+    let avatar = defaultAvatarPath;
+    const assets = _.get(card, 'data.assets');
+    if (Array.isArray(assets) && assets.length) {
+        for (const asset of assets.filter(x => x.type === 'icon' && typeof x.uri === 'string')) {
+            const pathNoProtocol = String(asset.uri.replace(/^(?:\/\/|[^/]+)*\//, ''));
+            const buffer = await extractFileFromZipBuffer(data, pathNoProtocol);
+            if (buffer) {
+                avatar = buffer;
+                break;
+            }
+        }
+    }
+
+    unsetFavFlag(card);
+    card['create_date'] = humanizedISO8601DateTime();
+    card.name = sanitize(card.name);
+    const fileName = preservedFileName || getPngName(card.name, request.user.directories);
+    const result = await writeCharacterData(avatar, JSON.stringify(card), fileName, request);
+    return result ? fileName : '';
+}
+
+/**
+ * Import a character from a JSON file.
+ * @param {string} uploadPath Path to the uploaded file
+ * @param {{ request: import('express').Request, response: import('express').Response }} context Express request and response objects
+ * @param {string|undefined} preservedFileName Preserved file name
+ * @returns {Promise<string>} Internal name of the character
+ */
+async function importFromJson(uploadPath, { request }, preservedFileName) {
+    const data = fs.readFileSync(uploadPath, 'utf8');
+    fs.unlinkSync(uploadPath);
+
+    let jsonData = JSON.parse(data);
+
+    if (jsonData.spec !== undefined) {
+        console.log(`Importing from ${jsonData.spec} json`);
+        importRisuSprites(request.user.directories, jsonData);
+        unsetFavFlag(jsonData);
+        jsonData = readFromV2(jsonData);
+        jsonData['create_date'] = humanizedISO8601DateTime();
+        const pngName = preservedFileName || getPngName(jsonData.data?.name || jsonData.name, request.user.directories);
+        const char = JSON.stringify(jsonData);
+        const result = await writeCharacterData(defaultAvatarPath, char, pngName, request);
+        return result ? pngName : '';
+    } else if (jsonData.name !== undefined) {
+        console.log('Importing from v1 json');
+        jsonData.name = sanitize(jsonData.name);
+        if (jsonData.creator_notes) {
+            jsonData.creator_notes = jsonData.creator_notes.replace('Creator\'s notes go here.', '');
+        }
+        const pngName = preservedFileName || getPngName(jsonData.name, request.user.directories);
+        let char = {
+            'name': jsonData.name,
+            'description': jsonData.description ?? '',
+            'creatorcomment': jsonData.creatorcomment ?? jsonData.creator_notes ?? '',
+            'personality': jsonData.personality ?? '',
+            'first_mes': jsonData.first_mes ?? '',
+            'avatar': 'none',
+            'chat': jsonData.name + ' - ' + humanizedISO8601DateTime(),
+            'mes_example': jsonData.mes_example ?? '',
+            'scenario': jsonData.scenario ?? '',
+            'create_date': humanizedISO8601DateTime(),
+            'talkativeness': jsonData.talkativeness ?? 0.5,
+            'creator': jsonData.creator ?? '',
+            'tags': jsonData.tags ?? '',
+        };
+        char = convertToV2(char, request.user.directories);
+        let charJSON = JSON.stringify(char);
+        const result = await writeCharacterData(defaultAvatarPath, charJSON, pngName, request);
+        return result ? pngName : '';
+    } else if (jsonData.char_name !== undefined) {//json Pygmalion notepad
+        console.log('Importing from gradio json');
+        jsonData.char_name = sanitize(jsonData.char_name);
+        if (jsonData.creator_notes) {
+            jsonData.creator_notes = jsonData.creator_notes.replace('Creator\'s notes go here.', '');
+        }
+        const pngName = preservedFileName || getPngName(jsonData.char_name, request.user.directories);
+        let char = {
+            'name': jsonData.char_name,
+            'description': jsonData.char_persona ?? '',
+            'creatorcomment': jsonData.creatorcomment ?? jsonData.creator_notes ?? '',
+            'personality': '',
+            'first_mes': jsonData.char_greeting ?? '',
+            'avatar': 'none',
+            'chat': jsonData.name + ' - ' + humanizedISO8601DateTime(),
+            'mes_example': jsonData.example_dialogue ?? '',
+            'scenario': jsonData.world_scenario ?? '',
+            'create_date': humanizedISO8601DateTime(),
+            'talkativeness': jsonData.talkativeness ?? 0.5,
+            'creator': jsonData.creator ?? '',
+            'tags': jsonData.tags ?? '',
+        };
+        char = convertToV2(char, request.user.directories);
+        const charJSON = JSON.stringify(char);
+        const result = await writeCharacterData(defaultAvatarPath, charJSON, pngName, request);
+        return result ? pngName : '';
+    }
+
+    return '';
+}
+
+/**
+ * Import a character from a PNG file.
+ * @param {string} uploadPath Path to the uploaded file
+ * @param {{ request: import('express').Request, response: import('express').Response }} context Express request and response objects
+ * @param {string|undefined} preservedFileName Preserved file name
+ * @returns {Promise<string>} Internal name of the character
+ */
+async function importFromPng(uploadPath, { request }, preservedFileName) {
+    const imgData = await readCharacterData(uploadPath);
+    if (imgData === undefined) throw new Error('Failed to read character data');
+
+    let jsonData = JSON.parse(imgData);
+
+    jsonData.name = sanitize(jsonData.data?.name || jsonData.name);
+    const pngName = preservedFileName || getPngName(jsonData.name, request.user.directories);
+
+    if (jsonData.spec !== undefined) {
+        console.log(`Found a ${jsonData.spec} character file.`);
+        importRisuSprites(request.user.directories, jsonData);
+        unsetFavFlag(jsonData);
+        jsonData = readFromV2(jsonData);
+        jsonData['create_date'] = humanizedISO8601DateTime();
+        const char = JSON.stringify(jsonData);
+        const result = await writeCharacterData(uploadPath, char, pngName, request);
+        fs.unlinkSync(uploadPath);
+        return result ? pngName : '';
+    } else if (jsonData.name !== undefined) {
+        console.log('Found a v1 character file.');
+
+        if (jsonData.creator_notes) {
+            jsonData.creator_notes = jsonData.creator_notes.replace('Creator\'s notes go here.', '');
+        }
+
+        let char = {
+            'name': jsonData.name,
+            'description': jsonData.description ?? '',
+            'creatorcomment': jsonData.creatorcomment ?? jsonData.creator_notes ?? '',
+            'personality': jsonData.personality ?? '',
+            'first_mes': jsonData.first_mes ?? '',
+            'avatar': 'none',
+            'chat': jsonData.name + ' - ' + humanizedISO8601DateTime(),
+            'mes_example': jsonData.mes_example ?? '',
+            'scenario': jsonData.scenario ?? '',
+            'create_date': humanizedISO8601DateTime(),
+            'talkativeness': jsonData.talkativeness ?? 0.5,
+            'creator': jsonData.creator ?? '',
+            'tags': jsonData.tags ?? '',
+        };
+        char = convertToV2(char, request.user.directories);
+        const charJSON = JSON.stringify(char);
+        const result = await writeCharacterData(uploadPath, charJSON, pngName, request);
+        fs.unlinkSync(uploadPath);
+        return result ? pngName : '';
+    }
+
+    return '';
+}
+
+const router = express.Router();
+
+router.post('/create', urlencodedParser, async function (request, response) {
+    try {
+        if (!request.body) return response.sendStatus(400);
+
+        request.body.ch_name = sanitize(request.body.ch_name);
+
+        const char = JSON.stringify(charaFormatData(request.body, request.user.directories));
+        const internalName = getPngName(request.body.ch_name, request.user.directories);
+        const avatarName = `${internalName}.png`;
+        const defaultAvatar = './public/img/ai4.png';
+        const chatsPath = path.join(request.user.directories.chats, internalName);
+
+        if (!fs.existsSync(chatsPath)) fs.mkdirSync(chatsPath);
+
+        if (!request.file) {
+            await writeCharacterData(defaultAvatar, char, internalName, request);
+            return response.send(avatarName);
+        } else {
+            const crop = tryParse(request.query.crop);
+            const uploadPath = path.join(request.file.destination, request.file.filename);
+            await writeCharacterData(uploadPath, char, internalName, request, crop);
+            fs.unlinkSync(uploadPath);
+            return response.send(avatarName);
+        }
+    } catch (err) {
+        console.error(err);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/rename', jsonParser, async function (request, response) {
+    if (!request.body.avatar_url || !request.body.new_name) {
+        return response.sendStatus(400);
+    }
+
+    const oldAvatarName = request.body.avatar_url;
+    const newName = sanitize(request.body.new_name);
+    const oldInternalName = path.parse(request.body.avatar_url).name;
+    const newInternalName = getPngName(newName, request.user.directories);
+    const newAvatarName = `${newInternalName}.png`;
+
+    const oldAvatarPath = path.join(request.user.directories.characters, oldAvatarName);
+
+    const oldChatsPath = path.join(request.user.directories.chats, oldInternalName);
+    const newChatsPath = path.join(request.user.directories.chats, newInternalName);
+
+    try {
+        // Read old file, replace name int it
+        const rawOldData = await readCharacterData(oldAvatarPath);
+        if (rawOldData === undefined) throw new Error('Failed to read character file');
+
+        const oldData = getCharaCardV2(JSON.parse(rawOldData), request.user.directories);
+        _.set(oldData, 'data.name', newName);
+        _.set(oldData, 'name', newName);
+        const newData = JSON.stringify(oldData);
+
+        // Write data to new location
+        await writeCharacterData(oldAvatarPath, newData, newInternalName, request);
+
+        // Rename chats folder
+        if (fs.existsSync(oldChatsPath) && !fs.existsSync(newChatsPath)) {
+            fs.cpSync(oldChatsPath, newChatsPath, { recursive: true });
+            fs.rmSync(oldChatsPath, { recursive: true, force: true });
+        }
+
+        // Remove the old character file
+        fs.rmSync(oldAvatarPath);
+
+        // Return new avatar name to ST
+        return response.send({ avatar: newAvatarName });
+    }
+    catch (err) {
+        console.error(err);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/edit', urlencodedParser, async function (request, response) {
+    if (!request.body) {
+        console.error('Error: no response body detected');
+        response.status(400).send('Error: no response body detected');
+        return;
+    }
+
+    if (request.body.ch_name === '' || request.body.ch_name === undefined || request.body.ch_name === '.') {
+        console.error('Error: invalid name.');
+        response.status(400).send('Error: invalid name.');
+        return;
+    }
+
+    let char = charaFormatData(request.body, request.user.directories);
+    char.chat = request.body.chat;
+    char.create_date = request.body.create_date;
+    char = JSON.stringify(char);
+    let targetFile = (request.body.avatar_url).replace('.png', '');
+
+    try {
+        if (!request.file) {
+            const avatarPath = path.join(request.user.directories.characters, request.body.avatar_url);
+            await writeCharacterData(avatarPath, char, targetFile, request);
+        } else {
+            const crop = tryParse(request.query.crop);
+            const newAvatarPath = path.join(request.file.destination, request.file.filename);
+            invalidateThumbnail(request.user.directories, 'avatar', request.body.avatar_url);
+            await writeCharacterData(newAvatarPath, char, targetFile, request, crop);
+            fs.unlinkSync(newAvatarPath);
+        }
+
+        return response.sendStatus(200);
+    }
+    catch {
+        console.error('An error occured, character edit invalidated.');
+    }
+});
+
+
+/**
+ * Handle a POST request to edit a character attribute.
+ *
+ * This function reads the character data from a file, updates the specified attribute,
+ * and writes the updated data back to the file.
+ *
+ * @param {Object} request - The HTTP request object.
+ * @param {Object} response - The HTTP response object.
+ * @returns {void}
+ */
+router.post('/edit-attribute', jsonParser, async function (request, response) {
+    console.log(request.body);
+    if (!request.body) {
+        console.error('Error: no response body detected');
+        return response.status(400).send('Error: no response body detected');
+    }
+
+    if (request.body.ch_name === '' || request.body.ch_name === undefined || request.body.ch_name === '.') {
+        console.error('Error: invalid name.');
+        return response.status(400).send('Error: invalid name.');
+    }
+
+    try {
+        const avatarPath = path.join(request.user.directories.characters, request.body.avatar_url);
+        const charJSON = await readCharacterData(avatarPath);
+        if (typeof charJSON !== 'string') throw new Error('Failed to read character file');
+
+        const char = JSON.parse(charJSON);
+        //check if the field exists
+        if (char[request.body.field] === undefined && char.data[request.body.field] === undefined) {
+            console.error('Error: invalid field.');
+            response.status(400).send('Error: invalid field.');
+            return;
+        }
+        char[request.body.field] = request.body.value;
+        char.data[request.body.field] = request.body.value;
+        let newCharJSON = JSON.stringify(char);
+        const targetFile = (request.body.avatar_url).replace('.png', '');
+        await writeCharacterData(avatarPath, newCharJSON, targetFile, request);
+        return response.sendStatus(200);
+    } catch (err) {
+        console.error('An error occured, character edit invalidated.', err);
+    }
+});
+
+/**
+ * Handle a POST request to edit character properties.
+ *
+ * Merges the request body with the selected character and
+ * validates the result against TavernCard V2 specification.
+ *
+ * @param {Object} request - The HTTP request object.
+ * @param {Object} response - The HTTP response object.
+ *
+ * @returns {void}
+ * */
+router.post('/merge-attributes', jsonParser, async function (request, response) {
+    try {
+        const update = request.body;
+        const avatarPath = path.join(request.user.directories.characters, update.avatar);
+
+        const pngStringData = await readCharacterData(avatarPath);
+
+        if (!pngStringData) {
+            console.error('Error: invalid character file.');
+            return response.status(400).send('Error: invalid character file.');
+        }
+
+        let character = JSON.parse(pngStringData);
+        character = deepMerge(character, update);
+
+        const validator = new TavernCardValidator(character);
+        const targetImg = (update.avatar).replace('.png', '');
+
+        //Accept either V1 or V2.
+        if (validator.validate()) {
+            await writeCharacterData(avatarPath, JSON.stringify(character), targetImg, request);
+            response.sendStatus(200);
+        } else {
+            console.log(validator.lastValidationError);
+            response.status(400).send({ message: `Validation failed for ${character.name}`, error: validator.lastValidationError });
+        }
+    } catch (exception) {
+        response.status(500).send({ message: 'Unexpected error while saving character.', error: exception.toString() });
+    }
+});
+
+router.post('/delete', jsonParser, async function (request, response) {
+    if (!request.body || !request.body.avatar_url) {
+        return response.sendStatus(400);
+    }
+
+    if (request.body.avatar_url !== sanitize(request.body.avatar_url)) {
+        console.error('Malicious filename prevented');
+        return response.sendStatus(403);
+    }
+
+    const avatarPath = path.join(request.user.directories.characters, request.body.avatar_url);
+    if (!fs.existsSync(avatarPath)) {
+        return response.sendStatus(400);
+    }
+
+    fs.rmSync(avatarPath);
+    invalidateThumbnail(request.user.directories, 'avatar', request.body.avatar_url);
+    let dir_name = (request.body.avatar_url.replace('.png', ''));
+
+    if (!dir_name.length) {
+        console.error('Malicious dirname prevented');
+        return response.sendStatus(403);
+    }
+
+    if (request.body.delete_chats == true) {
+        try {
+            await fs.promises.rm(path.join(request.user.directories.chats, sanitize(dir_name)), { recursive: true, force: true });
+        } catch (err) {
+            console.error(err);
+            return response.sendStatus(500);
+        }
+    }
+
+    return response.sendStatus(200);
+});
+
+/**
+ * HTTP POST endpoint for the "/api/characters/all" route.
+ *
+ * This endpoint is responsible for reading character files from the `charactersPath` directory,
+ * parsing character data, calculating stats for each character and responding with the data.
+ * Stats are calculated only on the first run, on subsequent runs the stats are fetched from
+ * the `charStats` variable.
+ * The stats are calculated by the `calculateStats` function.
+ * The characters are processed by the `processCharacter` function.
+ *
+ * @param  {import("express").Request} request The HTTP request object.
+ * @param  {import("express").Response} response The HTTP response object.
+ * @return {void}
+ */
+router.post('/all', jsonParser, async function (request, response) {
+    try {
+        const files = fs.readdirSync(request.user.directories.characters);
+        const pngFiles = files.filter(file => file.endsWith('.png'));
+        const processingPromises = pngFiles.map(file => processCharacter(file, request.user.directories));
+        const data = (await Promise.all(processingPromises)).filter(c => c.name);
+        return response.send(data);
+    } catch (err) {
+        console.error(err);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/get', jsonParser, async function (request, response) {
+    try {
+        if (!request.body) return response.sendStatus(400);
+        const item = request.body.avatar_url;
+        const filePath = path.join(request.user.directories.characters, item);
+
+        if (!fs.existsSync(filePath)) {
+            return response.sendStatus(404);
+        }
+
+        const data = await processCharacter(item, request.user.directories);
+
+        return response.send(data);
+    } catch (err) {
+        console.error(err);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/chats', jsonParser, async function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    const characterDirectory = (request.body.avatar_url).replace('.png', '');
+
+    try {
+        const chatsDirectory = path.join(request.user.directories.chats, characterDirectory);
+        const files = fs.readdirSync(chatsDirectory);
+        const jsonFiles = files.filter(file => path.extname(file) === '.jsonl');
+
+        if (jsonFiles.length === 0) {
+            response.send({ error: true });
+            return;
+        }
+
+        if (request.body.simple) {
+            return response.send(jsonFiles.map(file => ({ file_name: file })));
+        }
+
+        const jsonFilesPromise = jsonFiles.map((file) => {
+            return new Promise(async (res) => {
+                const pathToFile = path.join(request.user.directories.chats, characterDirectory, file);
+                const fileStream = fs.createReadStream(pathToFile);
+                const stats = fs.statSync(pathToFile);
+                const fileSizeInKB = `${(stats.size / 1024).toFixed(2)}kb`;
+
+                const rl = readline.createInterface({
+                    input: fileStream,
+                    crlfDelay: Infinity,
+                });
+
+                let lastLine;
+                let itemCounter = 0;
+                rl.on('line', (line) => {
+                    itemCounter++;
+                    lastLine = line;
+                });
+                rl.on('close', () => {
+                    rl.close();
+
+                    if (lastLine) {
+                        const jsonData = tryParse(lastLine);
+                        if (jsonData && (jsonData.name || jsonData.character_name)) {
+                            const chatData = {};
+
+                            chatData['file_name'] = file;
+                            chatData['file_size'] = fileSizeInKB;
+                            chatData['chat_items'] = itemCounter - 1;
+                            chatData['mes'] = jsonData['mes'] || '[The chat is empty]';
+                            chatData['last_mes'] = jsonData['send_date'] || Date.now();
+
+                            res(chatData);
+                        } else {
+                            console.log('Found an invalid or corrupted chat file:', pathToFile);
+                            res({});
+                        }
+                    }
+                });
+            });
+        });
+
+        const chatData = await Promise.all(jsonFilesPromise);
+        const validFiles = chatData.filter(i => i.file_name);
+
+        return response.send(validFiles);
+    } catch (error) {
+        console.log(error);
+        return response.send({ error: true });
+    }
+});
+
+/**
+ * Gets the name for the uploaded PNG file.
+ * @param {string} file File name
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {string} - The name for the uploaded PNG file
+ */
+function getPngName(file, directories) {
+    let i = 1;
+    const baseName = file;
+    while (fs.existsSync(path.join(directories.characters, `${file}.png`))) {
+        file = baseName + i;
+        i++;
+    }
+    return file;
+}
+
+/**
+ * Gets the preserved name for the uploaded file if the request is valid.
+ * @param {import("express").Request} request - Express request object
+ * @returns {string | undefined} - The preserved name if the request is valid, otherwise undefined
+ */
+function getPreservedName(request) {
+    return typeof request.body.preserved_name === 'string' && request.body.preserved_name.length > 0
+        ? path.parse(request.body.preserved_name).name
+        : undefined;
+}
+
+router.post('/import', urlencodedParser, async function (request, response) {
+    if (!request.body || !request.file) return response.sendStatus(400);
+
+    const uploadPath = path.join(request.file.destination, request.file.filename);
+    const format = request.body.file_type;
+    const preservedFileName = getPreservedName(request);
+
+    const formatImportFunctions = {
+        'yaml': importFromYaml,
+        'yml': importFromYaml,
+        'json': importFromJson,
+        'png': importFromPng,
+        'charx': importFromCharX,
+    };
+
+    try {
+        const importFunction = formatImportFunctions[format];
+
+        if (!importFunction) {
+            throw new Error(`Unsupported format: ${format}`);
+        }
+
+        const fileName = await importFunction(uploadPath, { request, response }, preservedFileName);
+
+        if (!fileName) {
+            console.error('Failed to import character');
+            return response.sendStatus(400);
+        }
+
+        if (preservedFileName) {
+            invalidateThumbnail(request.user.directories, 'avatar', `${preservedFileName}.png`);
+        }
+
+        response.send({ file_name: fileName });
+    } catch (err) {
+        console.log(err);
+        response.send({ error: true });
+    }
+});
+
+router.post('/duplicate', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.avatar_url) {
+            console.log('avatar URL not found in request body');
+            console.log(request.body);
+            return response.sendStatus(400);
+        }
+        let filename = path.join(request.user.directories.characters, sanitize(request.body.avatar_url));
+        if (!fs.existsSync(filename)) {
+            console.log('file for dupe not found');
+            console.log(filename);
+            return response.sendStatus(404);
+        }
+        let suffix = 1;
+        let newFilename = filename;
+
+        // If filename ends with a _number, increment the number
+        const nameParts = path.basename(filename, path.extname(filename)).split('_');
+        const lastPart = nameParts[nameParts.length - 1];
+
+        let baseName;
+
+        if (!isNaN(Number(lastPart)) && nameParts.length > 1) {
+            suffix = parseInt(lastPart) + 1;
+            baseName = nameParts.slice(0, -1).join('_'); // construct baseName without suffix
+        } else {
+            baseName = nameParts.join('_'); // original filename is completely the baseName
+        }
+
+        newFilename = path.join(request.user.directories.characters, `${baseName}_${suffix}${path.extname(filename)}`);
+
+        while (fs.existsSync(newFilename)) {
+            let suffixStr = '_' + suffix;
+            newFilename = path.join(request.user.directories.characters, `${baseName}${suffixStr}${path.extname(filename)}`);
+            suffix++;
+        }
+
+        fs.copyFileSync(filename, newFilename);
+        console.log(`${filename} was copied to ${newFilename}`);
+        response.send({ path: path.parse(newFilename).base });
+    }
+    catch (error) {
+        console.error(error);
+        return response.send({ error: true });
+    }
+});
+
+router.post('/export', jsonParser, async function (request, response) {
+    try {
+        if (!request.body.format || !request.body.avatar_url) {
+            return response.sendStatus(400);
+        }
+
+        let filename = path.join(request.user.directories.characters, sanitize(request.body.avatar_url));
+
+        if (!fs.existsSync(filename)) {
+            return response.sendStatus(404);
+        }
+
+        switch (request.body.format) {
+            case 'png': {
+                const fileContent = await fsPromises.readFile(filename);
+                const contentType = mime.lookup(filename) || 'image/png';
+                response.setHeader('Content-Type', contentType);
+                response.setHeader('Content-Disposition', `attachment; filename="${encodeURI(path.basename(filename))}"`);
+                return response.send(fileContent);
+            }
+            case 'json': {
+                try {
+                    let json = await readCharacterData(filename);
+                    if (json === undefined) return response.sendStatus(400);
+                    let jsonObject = getCharaCardV2(JSON.parse(json), request.user.directories);
+                    return response.type('json').send(JSON.stringify(jsonObject, null, 4));
+                }
+                catch {
+                    return response.sendStatus(400);
+                }
+            }
+        }
+
+        return response.sendStatus(400);
+    } catch (err) {
+        console.error('Character export failed', err);
+        response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/chats.js

@@ -0,0 +1,461 @@
+const fs = require('fs');
+const path = require('path');
+const readline = require('readline');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+
+const { jsonParser, urlencodedParser } = require('../express-common');
+const { getConfigValue, humanizedISO8601DateTime, tryParse, generateTimestamp, removeOldBackups } = require('../util');
+
+/**
+ * Saves a chat to the backups directory.
+ * @param {string} directory The user's backups directory.
+ * @param {string} name The name of the chat.
+ * @param {string} chat The serialized chat to save.
+ */
+function backupChat(directory, name, chat) {
+    try {
+        const isBackupDisabled = getConfigValue('disableChatBackup', false);
+
+        if (isBackupDisabled) {
+            return;
+        }
+
+        // replace non-alphanumeric characters with underscores
+        name = sanitize(name).replace(/[^a-z0-9]/gi, '_').toLowerCase();
+
+        const backupFile = path.join(directory, `chat_${name}_${generateTimestamp()}.jsonl`);
+        writeFileAtomicSync(backupFile, chat, 'utf-8');
+
+        removeOldBackups(directory, `chat_${name}_`);
+    } catch (err) {
+        console.log(`Could not backup chat for ${name}`, err);
+    }
+}
+
+/**
+ * Imports a chat from Ooba's format.
+ * @param {string} userName User name
+ * @param {string} characterName Character name
+ * @param {object} jsonData JSON data
+ * @returns {string} Chat data
+ */
+function importOobaChat(userName, characterName, jsonData) {
+    /** @type {object[]} */
+    const chat = [{
+        user_name: userName,
+        character_name: characterName,
+        create_date: humanizedISO8601DateTime(),
+    }];
+
+    for (const arr of jsonData.data_visible) {
+        if (arr[0]) {
+            const userMessage = {
+                name: userName,
+                is_user: true,
+                send_date: humanizedISO8601DateTime(),
+                mes: arr[0],
+            };
+            chat.push(userMessage);
+        }
+        if (arr[1]) {
+            const charMessage = {
+                name: characterName,
+                is_user: false,
+                send_date: humanizedISO8601DateTime(),
+                mes: arr[1],
+            };
+            chat.push(charMessage);
+        }
+    }
+
+    const chatContent = chat.map(obj => JSON.stringify(obj)).join('\n');
+    return chatContent;
+}
+
+/**
+ * Imports a chat from Agnai's format.
+ * @param {string} userName User name
+ * @param {string} characterName Character name
+ * @param {object} jsonData Chat data
+ * @returns {string} Chat data
+ */
+function importAgnaiChat(userName, characterName, jsonData) {
+    /** @type {object[]} */
+    const chat = [{
+        user_name: userName,
+        character_name: characterName,
+        create_date: humanizedISO8601DateTime(),
+    }];
+
+    for (const message of jsonData.messages) {
+        const isUser = !!message.userId;
+        chat.push({
+            name: isUser ? userName : characterName,
+            is_user: isUser,
+            send_date: humanizedISO8601DateTime(),
+            mes: message.msg,
+        });
+    }
+
+    const chatContent = chat.map(obj => JSON.stringify(obj)).join('\n');
+    return chatContent;
+}
+
+/**
+ * Imports a chat from CAI Tools format.
+ * @param {string} userName User name
+ * @param {string} characterName Character name
+ * @param {object} jsonData JSON data
+ * @returns {string[]} Converted data
+ */
+function importCAIChat(userName, characterName, jsonData) {
+    /**
+     * Converts the chat data to suitable format.
+     * @param {object} history Imported chat data
+     * @returns {object[]} Converted chat data
+     */
+    function convert(history) {
+        const starter = {
+            user_name: userName,
+            character_name: characterName,
+            create_date: humanizedISO8601DateTime(),
+        };
+
+        const historyData = history.msgs.map((msg) => ({
+            name: msg.src.is_human ? userName : characterName,
+            is_user: msg.src.is_human,
+            send_date: humanizedISO8601DateTime(),
+            mes: msg.text,
+        }));
+
+        return [starter, ...historyData];
+    }
+
+    const newChats = (jsonData.histories.histories ?? []).map(history => newChats.push(convert(history).map(obj => JSON.stringify(obj)).join('\n')));
+    return newChats;
+}
+
+const router = express.Router();
+
+router.post('/save', jsonParser, function (request, response) {
+    try {
+        const directoryName = String(request.body.avatar_url).replace('.png', '');
+        const chatData = request.body.chat;
+        const jsonlData = chatData.map(JSON.stringify).join('\n');
+        const fileName = `${sanitize(String(request.body.file_name))}.jsonl`;
+        const filePath = path.join(request.user.directories.chats, directoryName, fileName);
+        writeFileAtomicSync(filePath, jsonlData, 'utf8');
+        backupChat(request.user.directories.backups, directoryName, jsonlData);
+        return response.send({ result: 'ok' });
+    } catch (error) {
+        response.send(error);
+        return console.log(error);
+    }
+});
+
+router.post('/get', jsonParser, function (request, response) {
+    try {
+        const dirName = String(request.body.avatar_url).replace('.png', '');
+        const directoryPath = path.join(request.user.directories.chats, dirName);
+        const chatDirExists = fs.existsSync(directoryPath);
+
+        //if no chat dir for the character is found, make one with the character name
+        if (!chatDirExists) {
+            fs.mkdirSync(directoryPath);
+            return response.send({});
+        }
+
+        if (!request.body.file_name) {
+            return response.send({});
+        }
+
+        const fileName = path.join(directoryPath, `${sanitize(String(request.body.file_name))}.jsonl`);
+        const chatFileExists = fs.existsSync(fileName);
+
+        if (!chatFileExists) {
+            return response.send({});
+        }
+
+        const data = fs.readFileSync(fileName, 'utf8');
+        const lines = data.split('\n');
+
+        // Iterate through the array of strings and parse each line as JSON
+        const jsonData = lines.map((l) => { try { return JSON.parse(l); } catch (_) { return; } }).filter(x => x);
+        return response.send(jsonData);
+    } catch (error) {
+        console.error(error);
+        return response.send({});
+    }
+});
+
+
+router.post('/rename', jsonParser, async function (request, response) {
+    if (!request.body || !request.body.original_file || !request.body.renamed_file) {
+        return response.sendStatus(400);
+    }
+
+    const pathToFolder = request.body.is_group
+        ? request.user.directories.groupChats
+        : path.join(request.user.directories.chats, String(request.body.avatar_url).replace('.png', ''));
+    const pathToOriginalFile = path.join(pathToFolder, request.body.original_file);
+    const pathToRenamedFile = path.join(pathToFolder, request.body.renamed_file);
+    console.log('Old chat name', pathToOriginalFile);
+    console.log('New chat name', pathToRenamedFile);
+
+    if (!fs.existsSync(pathToOriginalFile) || fs.existsSync(pathToRenamedFile)) {
+        console.log('Either Source or Destination files are not available');
+        return response.status(400).send({ error: true });
+    }
+
+    fs.copyFileSync(pathToOriginalFile, pathToRenamedFile);
+    fs.rmSync(pathToOriginalFile);
+    console.log('Successfully renamed.');
+    return response.send({ ok: true });
+});
+
+router.post('/delete', jsonParser, function (request, response) {
+    if (!request.body) {
+        console.log('no request body seen');
+        return response.sendStatus(400);
+    }
+
+    if (request.body.chatfile !== sanitize(request.body.chatfile)) {
+        console.error('Malicious chat name prevented');
+        return response.sendStatus(403);
+    }
+
+    const dirName = String(request.body.avatar_url).replace('.png', '');
+    const fileName = path.join(request.user.directories.chats, dirName, sanitize(String(request.body.chatfile)));
+    const chatFileExists = fs.existsSync(fileName);
+
+    if (!chatFileExists) {
+        console.log(`Chat file not found '${fileName}'`);
+        return response.sendStatus(400);
+    } else {
+        fs.rmSync(fileName);
+        console.log('Deleted chat file: ' + fileName);
+    }
+
+    return response.send('ok');
+});
+
+router.post('/export', jsonParser, async function (request, response) {
+    if (!request.body.file || (!request.body.avatar_url && request.body.is_group === false)) {
+        return response.sendStatus(400);
+    }
+    const pathToFolder = request.body.is_group
+        ? request.user.directories.groupChats
+        : path.join(request.user.directories.chats, String(request.body.avatar_url).replace('.png', ''));
+    let filename = path.join(pathToFolder, request.body.file);
+    let exportfilename = request.body.exportfilename;
+    if (!fs.existsSync(filename)) {
+        const errorMessage = {
+            message: `Could not find JSONL file to export. Source chat file: ${filename}.`,
+        };
+        console.log(errorMessage.message);
+        return response.status(404).json(errorMessage);
+    }
+    try {
+        // Short path for JSONL files
+        if (request.body.format == 'jsonl') {
+            try {
+                const rawFile = fs.readFileSync(filename, 'utf8');
+                const successMessage = {
+                    message: `Chat saved to ${exportfilename}`,
+                    result: rawFile,
+                };
+
+                console.log(`Chat exported as ${exportfilename}`);
+                return response.status(200).json(successMessage);
+            }
+            catch (err) {
+                console.error(err);
+                const errorMessage = {
+                    message: `Could not read JSONL file to export. Source chat file: ${filename}.`,
+                };
+                console.log(errorMessage.message);
+                return response.status(500).json(errorMessage);
+            }
+        }
+
+        const readStream = fs.createReadStream(filename);
+        const rl = readline.createInterface({
+            input: readStream,
+        });
+        let buffer = '';
+        rl.on('line', (line) => {
+            const data = JSON.parse(line);
+            // Skip non-printable/prompt-hidden messages
+            if (data.is_system) {
+                return;
+            }
+            if (data.mes) {
+                const name = data.name;
+                const message = (data?.extra?.display_text || data?.mes || '').replace(/\r?\n/g, '\n');
+                buffer += (`${name}: ${message}\n\n`);
+            }
+        });
+        rl.on('close', () => {
+            const successMessage = {
+                message: `Chat saved to ${exportfilename}`,
+                result: buffer,
+            };
+            console.log(`Chat exported as ${exportfilename}`);
+            return response.status(200).json(successMessage);
+        });
+    }
+    catch (err) {
+        console.log('chat export failed.');
+        console.log(err);
+        return response.sendStatus(400);
+    }
+});
+
+router.post('/group/import', urlencodedParser, function (request, response) {
+    try {
+        const filedata = request.file;
+
+        if (!filedata) {
+            return response.sendStatus(400);
+        }
+
+        const chatname = humanizedISO8601DateTime();
+        const pathToUpload = path.join(filedata.destination, filedata.filename);
+        const pathToNewFile = path.join(request.user.directories.groupChats, `${chatname}.jsonl`);
+        fs.copyFileSync(pathToUpload, pathToNewFile);
+        fs.unlinkSync(pathToUpload);
+        return response.send({ res: chatname });
+    } catch (error) {
+        console.error(error);
+        return response.send({ error: true });
+    }
+});
+
+router.post('/import', urlencodedParser, function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+
+    const format = request.body.file_type;
+    const avatarUrl = (request.body.avatar_url).replace('.png', '');
+    const characterName = request.body.character_name;
+    const userName = request.body.user_name || 'You';
+
+    if (!request.file) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const pathToUpload = path.join(request.file.destination, request.file.filename);
+        const data = fs.readFileSync(pathToUpload, 'utf8');
+
+        if (format === 'json') {
+            fs.unlinkSync(pathToUpload);
+            const jsonData = JSON.parse(data);
+            if (jsonData.histories !== undefined) {
+                // CAI Tools format
+                const chats = importCAIChat(userName, characterName, jsonData);
+                for (const chat of chats) {
+                    const fileName = `${characterName} - ${humanizedISO8601DateTime()} imported.jsonl`;
+                    const filePath = path.join(request.user.directories.chats, avatarUrl, fileName);
+                    writeFileAtomicSync(filePath, chat, 'utf8');
+                }
+                return response.send({ res: true });
+            } else if (Array.isArray(jsonData.data_visible)) {
+                // oobabooga's format
+                const chat = importOobaChat(userName, characterName, jsonData);
+                const fileName = `${characterName} - ${humanizedISO8601DateTime()} imported.jsonl`;
+                const filePath = path.join(request.user.directories.chats, avatarUrl, fileName);
+                writeFileAtomicSync(filePath, chat, 'utf8');
+                return response.send({ res: true });
+            } else if (Array.isArray(jsonData.messages)) {
+                // Agnai format
+                const chat = importAgnaiChat(userName, characterName, jsonData);
+                const fileName = `${characterName} - ${humanizedISO8601DateTime()} imported.jsonl`;
+                const filePath = path.join(request.user.directories.chats, avatarUrl, fileName);
+                writeFileAtomicSync(filePath, chat, 'utf8');
+                return response.send({ res: true });
+            } else {
+                console.log('Incorrect chat format .json');
+                return response.send({ error: true });
+            }
+        }
+
+        if (format === 'jsonl') {
+            const line = data.split('\n')[0];
+
+            const jsonData = JSON.parse(line);
+
+            if (jsonData.user_name !== undefined || jsonData.name !== undefined) {
+                const fileName = `${characterName} - ${humanizedISO8601DateTime()} imported.jsonl`;
+                const filePath = path.join(request.user.directories.chats, avatarUrl, fileName);
+                fs.copyFileSync(pathToUpload, filePath);
+                fs.unlinkSync(pathToUpload);
+                response.send({ res: true });
+            } else {
+                console.log('Incorrect chat format .jsonl');
+                return response.send({ error: true });
+            }
+        }
+    } catch (error) {
+        console.error(error);
+        return response.send({ error: true });
+    }
+});
+
+router.post('/group/get', jsonParser, (request, response) => {
+    if (!request.body || !request.body.id) {
+        return response.sendStatus(400);
+    }
+
+    const id = request.body.id;
+    const pathToFile = path.join(request.user.directories.groupChats, `${id}.jsonl`);
+
+    if (fs.existsSync(pathToFile)) {
+        const data = fs.readFileSync(pathToFile, 'utf8');
+        const lines = data.split('\n');
+
+        // Iterate through the array of strings and parse each line as JSON
+        const jsonData = lines.map(line => tryParse(line)).filter(x => x);
+        return response.send(jsonData);
+    } else {
+        return response.send([]);
+    }
+});
+
+router.post('/group/delete', jsonParser, (request, response) => {
+    if (!request.body || !request.body.id) {
+        return response.sendStatus(400);
+    }
+
+    const id = request.body.id;
+    const pathToFile = path.join(request.user.directories.groupChats, `${id}.jsonl`);
+
+    if (fs.existsSync(pathToFile)) {
+        fs.rmSync(pathToFile);
+        return response.send({ ok: true });
+    }
+
+    return response.send({ error: true });
+});
+
+router.post('/group/save', jsonParser, (request, response) => {
+    if (!request.body || !request.body.id) {
+        return response.sendStatus(400);
+    }
+
+    const id = request.body.id;
+    const pathToFile = path.join(request.user.directories.groupChats, `${id}.jsonl`);
+
+    if (!fs.existsSync(request.user.directories.groupChats)) {
+        fs.mkdirSync(request.user.directories.groupChats);
+    }
+
+    let chat_data = request.body.chat;
+    let jsonlData = chat_data.map(JSON.stringify).join('\n');
+    writeFileAtomicSync(pathToFile, jsonlData, 'utf8');
+    backupChat(request.user.directories.backups, String(id), jsonlData);
+    return response.send({ ok: true });
+});
+
+module.exports = { router };

src/endpoints/classify.js

@@ -0,0 +1,58 @@
+const express = require('express');
+const { jsonParser } = require('../express-common');
+
+const TASK = 'text-classification';
+
+const router = express.Router();
+
+/**
+ * @type {Map<string, object>} Cache for classification results
+ */
+const cacheObject = new Map();
+
+router.post('/labels', jsonParser, async (req, res) => {
+    try {
+        const module = await import('../transformers.mjs');
+        const pipe = await module.default.getPipeline(TASK);
+        const result = Object.keys(pipe.model.config.label2id);
+        return res.json({ labels: result });
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+router.post('/', jsonParser, async (req, res) => {
+    try {
+        const { text } = req.body;
+
+        /**
+         * Get classification result for a given text
+         * @param {string} text Text to classify
+         * @returns {Promise<object>} Classification result
+         */
+        async function getResult(text) {
+            if (cacheObject.has(text)) {
+                return cacheObject.get(text);
+            } else {
+                const module = await import('../transformers.mjs');
+                const pipe = await module.default.getPipeline(TASK);
+                const result = await pipe(text, { topk: 5 });
+                result.sort((a, b) => b.score - a.score);
+                cacheObject.set(text, result);
+                return result;
+            }
+        }
+
+        console.log('Classify input:', text);
+        const result = await getResult(text);
+        console.log('Classify output:', result);
+
+        return res.json({ classification: result });
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/content-manager.js

@@ -0,0 +1,725 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const fetch = require('node-fetch').default;
+const sanitize = require('sanitize-filename');
+const { getConfigValue, color } = require('../util');
+const { jsonParser } = require('../express-common');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const contentDirectory = path.join(process.cwd(), 'default/content');
+const scaffoldDirectory = path.join(process.cwd(), 'default/scaffold');
+const contentIndexPath = path.join(contentDirectory, 'index.json');
+const scaffoldIndexPath = path.join(scaffoldDirectory, 'index.json');
+const characterCardParser = require('../character-card-parser.js');
+
+const WHITELIST_GENERIC_URL_DOWNLOAD_SOURCES = getConfigValue('whitelistImportDomains', []);
+
+/**
+ * @typedef {Object} ContentItem
+ * @property {string} filename
+ * @property {string} type
+ * @property {string} [name]
+ * @property {string|null} [folder]
+ */
+
+/**
+ * @typedef {string} ContentType
+ * @enum {string}
+ */
+const CONTENT_TYPES = {
+    SETTINGS: 'settings',
+    CHARACTER: 'character',
+    SPRITES: 'sprites',
+    BACKGROUND: 'background',
+    WORLD: 'world',
+    AVATAR: 'avatar',
+    THEME: 'theme',
+    WORKFLOW: 'workflow',
+    KOBOLD_PRESET: 'kobold_preset',
+    OPENAI_PRESET: 'openai_preset',
+    NOVEL_PRESET: 'novel_preset',
+    TEXTGEN_PRESET: 'textgen_preset',
+    INSTRUCT: 'instruct',
+    CONTEXT: 'context',
+    MOVING_UI: 'moving_ui',
+    QUICK_REPLIES: 'quick_replies',
+};
+
+/**
+ * Gets the default presets from the content directory.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {object[]} Array of default presets
+ */
+function getDefaultPresets(directories) {
+    try {
+        const contentIndex = getContentIndex();
+        const presets = [];
+
+        for (const contentItem of contentIndex) {
+            if (contentItem.type.endsWith('_preset') || contentItem.type === 'instruct' || contentItem.type === 'context') {
+                contentItem.name = path.parse(contentItem.filename).name;
+                contentItem.folder = getTargetByType(contentItem.type, directories);
+                presets.push(contentItem);
+            }
+        }
+
+        return presets;
+    } catch (err) {
+        console.log('Failed to get default presets', err);
+        return [];
+    }
+}
+
+/**
+ * Gets a default JSON file from the content directory.
+ * @param {string} filename Name of the file to get
+ * @returns {object | null} JSON object or null if the file doesn't exist
+ */
+function getDefaultPresetFile(filename) {
+    try {
+        const contentPath = path.join(contentDirectory, filename);
+
+        if (!fs.existsSync(contentPath)) {
+            return null;
+        }
+
+        const fileContent = fs.readFileSync(contentPath, 'utf8');
+        return JSON.parse(fileContent);
+    } catch (err) {
+        console.log(`Failed to get default file ${filename}`, err);
+        return null;
+    }
+}
+
+/**
+ * Seeds content for a user.
+ * @param {ContentItem[]} contentIndex Content index
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {string[]} forceCategories List of categories to force check (even if content check is skipped)
+ * @returns {Promise<boolean>} Whether any content was added
+ */
+async function seedContentForUser(contentIndex, directories, forceCategories) {
+    let anyContentAdded = false;
+
+    if (!fs.existsSync(directories.root)) {
+        fs.mkdirSync(directories.root, { recursive: true });
+    }
+
+    const contentLogPath = path.join(directories.root, 'content.log');
+    const contentLog = getContentLog(contentLogPath);
+
+    for (const contentItem of contentIndex) {
+        // If the content item is already in the log, skip it
+        if (contentLog.includes(contentItem.filename) && !forceCategories?.includes(contentItem.type)) {
+            continue;
+        }
+
+        if (!contentItem.folder) {
+            console.log(`Content file ${contentItem.filename} has no parent folder`);
+            continue;
+        }
+
+        const contentPath = path.join(contentItem.folder, contentItem.filename);
+
+        if (!fs.existsSync(contentPath)) {
+            console.log(`Content file ${contentItem.filename} is missing`);
+            continue;
+        }
+
+        const contentTarget = getTargetByType(contentItem.type, directories);
+
+        if (!contentTarget) {
+            console.log(`Content file ${contentItem.filename} has unknown type ${contentItem.type}`);
+            continue;
+        }
+
+        const basePath = path.parse(contentItem.filename).base;
+        const targetPath = path.join(contentTarget, basePath);
+        contentLog.push(contentItem.filename);
+
+        if (fs.existsSync(targetPath)) {
+            console.log(`Content file ${contentItem.filename} already exists in ${contentTarget}`);
+            continue;
+        }
+
+        fs.cpSync(contentPath, targetPath, { recursive: true, force: false });
+        console.log(`Content file ${contentItem.filename} copied to ${contentTarget}`);
+        anyContentAdded = true;
+    }
+
+    writeFileAtomicSync(contentLogPath, contentLog.join('\n'));
+    return anyContentAdded;
+}
+
+/**
+ * Checks for new content and seeds it for all users.
+ * @param {import('../users').UserDirectoryList[]} directoriesList List of user directories
+ * @param {string[]} forceCategories List of categories to force check (even if content check is skipped)
+ * @returns {Promise<void>}
+ */
+async function checkForNewContent(directoriesList, forceCategories = []) {
+    try {
+        const contentCheckSkip = getConfigValue('skipContentCheck', false);
+        if (contentCheckSkip && forceCategories?.length === 0) {
+            return;
+        }
+
+        const contentIndex = getContentIndex();
+        let anyContentAdded = false;
+
+        for (const directories of directoriesList) {
+            const seedResult = await seedContentForUser(contentIndex, directories, forceCategories);
+
+            if (seedResult) {
+                anyContentAdded = true;
+            }
+        }
+
+        if (anyContentAdded && !contentCheckSkip && forceCategories?.length === 0) {
+            console.log();
+            console.log(`${color.blue('If you don\'t want to receive content updates in the future, set')} ${color.yellow('skipContentCheck')} ${color.blue('to true in the config.yaml file.')}`);
+            console.log();
+        }
+    } catch (err) {
+        console.log('Content check failed', err);
+    }
+}
+
+/**
+ * Gets combined content index from the content and scaffold directories.
+ * @returns {ContentItem[]} Array of content index
+ */
+function getContentIndex() {
+    const result = [];
+
+    if (fs.existsSync(scaffoldIndexPath)) {
+        const scaffoldIndexText = fs.readFileSync(scaffoldIndexPath, 'utf8');
+        const scaffoldIndex = JSON.parse(scaffoldIndexText);
+        if (Array.isArray(scaffoldIndex)) {
+            scaffoldIndex.forEach((item) => {
+                item.folder = scaffoldDirectory;
+            });
+            result.push(...scaffoldIndex);
+        }
+    }
+
+    if (fs.existsSync(contentIndexPath)) {
+        const contentIndexText = fs.readFileSync(contentIndexPath, 'utf8');
+        const contentIndex = JSON.parse(contentIndexText);
+        if (Array.isArray(contentIndex)) {
+            contentIndex.forEach((item) => {
+                item.folder = contentDirectory;
+            });
+            result.push(...contentIndex);
+        }
+    }
+
+    return result;
+}
+
+/**
+ * Gets the target directory for the specified asset type.
+ * @param {ContentType} type Asset type
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {string | null} Target directory
+ */
+function getTargetByType(type, directories) {
+    switch (type) {
+        case CONTENT_TYPES.SETTINGS:
+            return directories.root;
+        case CONTENT_TYPES.CHARACTER:
+            return directories.characters;
+        case CONTENT_TYPES.SPRITES:
+            return directories.characters;
+        case CONTENT_TYPES.BACKGROUND:
+            return directories.backgrounds;
+        case CONTENT_TYPES.WORLD:
+            return directories.worlds;
+        case CONTENT_TYPES.AVATAR:
+            return directories.avatars;
+        case CONTENT_TYPES.THEME:
+            return directories.themes;
+        case CONTENT_TYPES.WORKFLOW:
+            return directories.comfyWorkflows;
+        case CONTENT_TYPES.KOBOLD_PRESET:
+            return directories.koboldAI_Settings;
+        case CONTENT_TYPES.OPENAI_PRESET:
+            return directories.openAI_Settings;
+        case CONTENT_TYPES.NOVEL_PRESET:
+            return directories.novelAI_Settings;
+        case CONTENT_TYPES.TEXTGEN_PRESET:
+            return directories.textGen_Settings;
+        case CONTENT_TYPES.INSTRUCT:
+            return directories.instruct;
+        case CONTENT_TYPES.CONTEXT:
+            return directories.context;
+        case CONTENT_TYPES.MOVING_UI:
+            return directories.movingUI;
+        case CONTENT_TYPES.QUICK_REPLIES:
+            return directories.quickreplies;
+        default:
+            return null;
+    }
+}
+
+/**
+ * Gets the content log from the content log file.
+ * @param {string} contentLogPath Path to the content log file
+ * @returns {string[]} Array of content log lines
+ */
+function getContentLog(contentLogPath) {
+    if (!fs.existsSync(contentLogPath)) {
+        return [];
+    }
+
+    const contentLogText = fs.readFileSync(contentLogPath, 'utf8');
+    return contentLogText.split('\n');
+}
+
+async function downloadChubLorebook(id) {
+    const result = await fetch('https://api.chub.ai/api/lorebooks/download', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            'fullPath': id,
+            'format': 'SILLYTAVERN',
+        }),
+    });
+
+    if (!result.ok) {
+        const text = await result.text();
+        console.log('Chub returned error', result.statusText, text);
+        throw new Error('Failed to download lorebook');
+    }
+
+    const name = id.split('/').pop();
+    const buffer = await result.buffer();
+    const fileName = `${sanitize(name)}.json`;
+    const fileType = result.headers.get('content-type');
+
+    return { buffer, fileName, fileType };
+}
+
+async function downloadChubCharacter(id) {
+    const result = await fetch('https://api.chub.ai/api/characters/download', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            'format': 'tavern',
+            'fullPath': id,
+        }),
+    });
+
+    if (!result.ok) {
+        const text = await result.text();
+        console.log('Chub returned error', result.statusText, text);
+        throw new Error('Failed to download character');
+    }
+
+    const buffer = await result.buffer();
+    const fileName = result.headers.get('content-disposition')?.split('filename=')[1] || `${sanitize(id)}.png`;
+    const fileType = result.headers.get('content-type');
+
+    return { buffer, fileName, fileType };
+}
+
+/**
+ * Downloads a character card from the Pygsite.
+ * @param {string} id UUID of the character
+ * @returns {Promise<{buffer: Buffer, fileName: string, fileType: string}>}
+ */
+async function downloadPygmalionCharacter(id) {
+    const result = await fetch(`https://server.pygmalion.chat/api/export/character/${id}/v2`);
+
+    if (!result.ok) {
+        const text = await result.text();
+        console.log('Pygsite returned error', result.status, text);
+        throw new Error('Failed to download character');
+    }
+
+    const jsonData = await result.json();
+    const characterData = jsonData?.character;
+
+    if (!characterData || typeof characterData !== 'object') {
+        console.error('Pygsite returned invalid character data', jsonData);
+        throw new Error('Failed to download character');
+    }
+
+    try {
+        const avatarUrl = characterData?.data?.avatar;
+
+        if (!avatarUrl) {
+            console.error('Pygsite character does not have an avatar', characterData);
+            throw new Error('Failed to download avatar');
+        }
+
+        const avatarResult = await fetch(avatarUrl);
+        const avatarBuffer = await avatarResult.buffer();
+
+        const cardBuffer = characterCardParser.write(avatarBuffer, JSON.stringify(characterData));
+
+        return {
+            buffer: cardBuffer,
+            fileName: `${sanitize(id)}.png`,
+            fileType: 'image/png',
+        };
+    } catch (e) {
+        console.error('Failed to download avatar, using JSON instead', e);
+        return {
+            buffer: Buffer.from(JSON.stringify(jsonData)),
+            fileName: `${sanitize(id)}.json`,
+            fileType: 'application/json',
+        };
+    }
+}
+
+/**
+ *
+ * @param {String} str
+ * @returns { { id: string, type: "character" | "lorebook" } | null }
+ */
+function parseChubUrl(str) {
+    const splitStr = str.split('/');
+    const length = splitStr.length;
+
+    if (length < 2) {
+        return null;
+    }
+
+    let domainIndex = -1;
+
+    splitStr.forEach((part, index) => {
+        if (part === 'www.chub.ai' || part === 'chub.ai' || part === 'www.characterhub.org' || part === 'characterhub.org') {
+            domainIndex = index;
+        }
+    });
+
+    const lastTwo = domainIndex !== -1 ? splitStr.slice(domainIndex + 1) : splitStr;
+
+    const firstPart = lastTwo[0].toLowerCase();
+
+    if (firstPart === 'characters' || firstPart === 'lorebooks') {
+        const type = firstPart === 'characters' ? 'character' : 'lorebook';
+        const id = type === 'character' ? lastTwo.slice(1).join('/') : lastTwo.join('/');
+        return {
+            id: id,
+            type: type,
+        };
+    } else if (length === 2) {
+        return {
+            id: lastTwo.join('/'),
+            type: 'character',
+        };
+    }
+
+    return null;
+}
+
+// Warning: Some characters might not exist in JannyAI.me
+async function downloadJannyCharacter(uuid) {
+    // This endpoint is being guarded behind Bot Fight Mode of Cloudflare
+    // So hosted ST on Azure/AWS/GCP/Collab might get blocked by IP
+    // Should work normally on self-host PC/Android
+    const result = await fetch('https://api.jannyai.com/api/v1/download', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            'characterId': uuid,
+        }),
+    });
+
+    if (result.ok) {
+        const downloadResult = await result.json();
+        if (downloadResult.status === 'ok') {
+            const imageResult = await fetch(downloadResult.downloadUrl);
+            const buffer = await imageResult.buffer();
+            const fileName = `${sanitize(uuid)}.png`;
+            const fileType = imageResult.headers.get('content-type');
+
+            return { buffer, fileName, fileType };
+        }
+    }
+
+    console.log('Janny returned error', result.statusText, await result.text());
+    throw new Error('Failed to download character');
+}
+
+//Download Character Cards from AICharactersCards.com (AICC) API.
+async function downloadAICCCharacter(id) {
+    const apiURL = `https://aicharactercards.com/wp-json/pngapi/v1/image/${id}`;
+    try {
+        const response = await fetch(apiURL);
+        if (!response.ok) {
+            throw new Error(`Failed to download character: ${response.statusText}`);
+        }
+
+        const contentType = response.headers.get('content-type') || 'image/png'; // Default to 'image/png' if header is missing
+        const buffer = await response.buffer();
+        const fileName = `${sanitize(id)}.png`; // Assuming PNG, but adjust based on actual content or headers
+
+        return {
+            buffer: buffer,
+            fileName: fileName,
+            fileType: contentType,
+        };
+    } catch (error) {
+        console.error('Error downloading character:', error);
+        throw error;
+    }
+}
+
+/**
+ * Parses an aicharactercards URL to extract the path.
+ * @param {string} url URL to parse
+ * @returns {string | null} AICC path
+ */
+function parseAICC(url) {
+    const pattern = /^https?:\/\/aicharactercards\.com\/character-cards\/([^/]+)\/([^/]+)\/?$|([^/]+)\/([^/]+)$/;
+    const match = url.match(pattern);
+    if (match) {
+        // Match group 1 & 2 for full URL, 3 & 4 for relative path
+        return match[1] && match[2] ? `${match[1]}/${match[2]}` : `${match[3]}/${match[4]}`;
+    }
+    return null;
+}
+
+/**
+ * Download character card from generic url.
+ * @param {String} url
+ */
+async function downloadGenericPng(url) {
+    try {
+        const result = await fetch(url);
+
+        if (result.ok) {
+            const buffer = await result.buffer();
+            const fileName = sanitize(result.url.split('?')[0].split('/').reverse()[0]);
+            const contentType = result.headers.get('content-type') || 'image/png'; //yoink it from AICC function lol
+
+            return {
+                buffer: buffer,
+                fileName: fileName,
+                fileType: contentType,
+            };
+        }
+    } catch (error) {
+        console.error('Error downloading file: ', error);
+        throw error;
+    }
+    return null;
+}
+
+/**
+ * Parse Risu Realm URL to extract the UUID.
+ * @param {string} url Risu Realm URL
+ * @returns {string | null} UUID of the character
+ */
+function parseRisuUrl(url) {
+    // Example: https://realm.risuai.net/character/7adb0ed8d81855c820b3506980fb40f054ceef010ff0c4bab73730c0ebe92279
+    // or https://realm.risuai.net/character/7adb0ed8-d818-55c8-20b3-506980fb40f0
+    const pattern = /^https?:\/\/realm\.risuai\.net\/character\/([a-f0-9-]+)\/?$/i;
+    const match = url.match(pattern);
+    return match ? match[1] : null;
+}
+
+/**
+ * Download RisuAI character card
+ * @param {string} uuid UUID of the character
+ * @returns {Promise<{buffer: Buffer, fileName: string, fileType: string}>}
+ */
+async function downloadRisuCharacter(uuid) {
+    const result = await fetch(`https://realm.risuai.net/api/v1/download/png-v3/${uuid}?non_commercial=true`);
+
+    if (!result.ok) {
+        const text = await result.text();
+        console.log('RisuAI returned error', result.statusText, text);
+        throw new Error('Failed to download character');
+    }
+
+    const buffer = await result.buffer();
+    const fileName = `${sanitize(uuid)}.png`;
+    const fileType = 'image/png';
+
+    return { buffer, fileName, fileType };
+}
+
+/**
+* @param {String} url
+* @returns {String | null } UUID of the character
+*/
+function getUuidFromUrl(url) {
+    // Extract UUID from URL
+    const uuidRegex = /[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/;
+    const matches = url.match(uuidRegex);
+
+    // Check if UUID is found
+    const uuid = matches ? matches[0] : null;
+    return uuid;
+}
+
+/**
+ * Filter to get the domain host of a url instead of a blanket string search.
+ * @param {String} url URL to strip
+ * @returns {String} Domain name
+ */
+function getHostFromUrl(url) {
+    try {
+        const urlObj = new URL(url);
+        return urlObj.hostname;
+    } catch {
+        return '';
+    }
+}
+
+/**
+ * Checks if host is part of generic download source whitelist.
+ * @param {String} host Host to check
+ * @returns {boolean} If the host is on the whitelist.
+ */
+function isHostWhitelisted(host) {
+    return WHITELIST_GENERIC_URL_DOWNLOAD_SOURCES.includes(host);
+}
+
+const router = express.Router();
+
+router.post('/importURL', jsonParser, async (request, response) => {
+    if (!request.body.url) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const url = request.body.url;
+        const host = getHostFromUrl(url);
+        let result;
+        let type;
+
+        const isChub = host.includes('chub.ai') || host.includes('characterhub.org');
+        const isJannnyContent = host.includes('janitorai');
+        const isPygmalionContent = host.includes('pygmalion.chat');
+        const isAICharacterCardsContent = host.includes('aicharactercards.com');
+        const isRisu = host.includes('realm.risuai.net');
+        const isGeneric = isHostWhitelisted(host);
+
+        if (isPygmalionContent) {
+            const uuid = getUuidFromUrl(url);
+            if (!uuid) {
+                return response.sendStatus(404);
+            }
+
+            type = 'character';
+            result = await downloadPygmalionCharacter(uuid);
+        } else if (isJannnyContent) {
+            const uuid = getUuidFromUrl(url);
+            if (!uuid) {
+                return response.sendStatus(404);
+            }
+
+            type = 'character';
+            result = await downloadJannyCharacter(uuid);
+        } else if (isAICharacterCardsContent) {
+            const AICCParsed = parseAICC(url);
+            if (!AICCParsed) {
+                return response.sendStatus(404);
+            }
+            type = 'character';
+            result = await downloadAICCCharacter(AICCParsed);
+        } else if (isChub) {
+            const chubParsed = parseChubUrl(url);
+            type = chubParsed?.type;
+
+            if (chubParsed?.type === 'character') {
+                console.log('Downloading chub character:', chubParsed.id);
+                result = await downloadChubCharacter(chubParsed.id);
+            }
+            else if (chubParsed?.type === 'lorebook') {
+                console.log('Downloading chub lorebook:', chubParsed.id);
+                result = await downloadChubLorebook(chubParsed.id);
+            }
+            else {
+                return response.sendStatus(404);
+            }
+        } else if (isRisu) {
+            const uuid = parseRisuUrl(url);
+            if (!uuid) {
+                return response.sendStatus(404);
+            }
+
+            type = 'character';
+            result = await downloadRisuCharacter(uuid);
+        } else if (isGeneric) {
+            console.log('Downloading from generic url.');
+            type = 'character';
+            result = await downloadGenericPng(url);
+        } else {
+            return response.sendStatus(404);
+        }
+
+        if (!result) {
+            return response.sendStatus(404);
+        }
+
+        if (result.fileType) response.set('Content-Type', result.fileType);
+        response.set('Content-Disposition', `attachment; filename="${encodeURI(result.fileName)}"`);
+        response.set('X-Custom-Content-Type', type);
+        return response.send(result.buffer);
+    } catch (error) {
+        console.log('Importing custom content failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/importUUID', jsonParser, async (request, response) => {
+    if (!request.body.url) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const uuid = request.body.url;
+        let result;
+
+        const isJannny = uuid.includes('_character');
+        const isPygmalion = (!isJannny && uuid.length == 36);
+        const isAICC = uuid.startsWith('AICC/');
+        const uuidType = uuid.includes('lorebook') ? 'lorebook' : 'character';
+
+        if (isPygmalion) {
+            console.log('Downloading Pygmalion character:', uuid);
+            result = await downloadPygmalionCharacter(uuid);
+        } else if (isJannny) {
+            console.log('Downloading Janitor character:', uuid.split('_')[0]);
+            result = await downloadJannyCharacter(uuid.split('_')[0]);
+        } else if (isAICC) {
+            const [, author, card] = uuid.split('/');
+            console.log('Downloading AICC character:', `${author}/${card}`);
+            result = await downloadAICCCharacter(`${author}/${card}`);
+        } else {
+            if (uuidType === 'character') {
+                console.log('Downloading chub character:', uuid);
+                result = await downloadChubCharacter(uuid);
+            }
+            else if (uuidType === 'lorebook') {
+                console.log('Downloading chub lorebook:', uuid);
+                result = await downloadChubLorebook(uuid);
+            }
+            else {
+                return response.sendStatus(404);
+            }
+        }
+
+        if (result.fileType) response.set('Content-Type', result.fileType);
+        response.set('Content-Disposition', `attachment; filename="${result.fileName}"`);
+        response.set('X-Custom-Content-Type', uuidType);
+        return response.send(result.buffer);
+    } catch (error) {
+        console.log('Importing custom content failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    CONTENT_TYPES,
+    checkForNewContent,
+    getDefaultPresets,
+    getDefaultPresetFile,
+    router,
+};

src/endpoints/extensions.js

@@ -0,0 +1,244 @@
+const path = require('path');
+const fs = require('fs');
+const express = require('express');
+const { default: simpleGit } = require('simple-git');
+const sanitize = require('sanitize-filename');
+const { PUBLIC_DIRECTORIES } = require('../constants');
+const { jsonParser } = require('../express-common');
+
+/**
+ * This function extracts the extension information from the manifest file.
+ * @param {string} extensionPath - The path of the extension folder
+ * @returns {Promise<Object>} - Returns the manifest data as an object
+ */
+async function getManifest(extensionPath) {
+    const manifestPath = path.join(extensionPath, 'manifest.json');
+
+    // Check if manifest.json exists
+    if (!fs.existsSync(manifestPath)) {
+        throw new Error(`Manifest file not found at ${manifestPath}`);
+    }
+
+    const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
+    return manifest;
+}
+
+/**
+ * This function checks if the local repository is up-to-date with the remote repository.
+ * @param {string} extensionPath - The path of the extension folder
+ * @returns {Promise<Object>} - Returns the extension information as an object
+ */
+async function checkIfRepoIsUpToDate(extensionPath) {
+    const git = simpleGit();
+    await git.cwd(extensionPath).fetch('origin');
+    const currentBranch = await git.cwd(extensionPath).branch();
+    const currentCommitHash = await git.cwd(extensionPath).revparse(['HEAD']);
+    const log = await git.cwd(extensionPath).log({
+        from: currentCommitHash,
+        to: `origin/${currentBranch.current}`,
+    });
+
+    // Fetch remote repository information
+    const remotes = await git.cwd(extensionPath).getRemotes(true);
+
+    return {
+        isUpToDate: log.total === 0,
+        remoteUrl: remotes[0].refs.fetch, // URL of the remote repository
+    };
+}
+
+const router = express.Router();
+
+/**
+ * HTTP POST handler function to clone a git repository from a provided URL, read the extension manifest,
+ * and return extension information and path.
+ *
+ * @param {Object} request - HTTP Request object, expects a JSON body with a 'url' property.
+ * @param {Object} response - HTTP Response object used to respond to the HTTP request.
+ *
+ * @returns {void}
+ */
+router.post('/install', jsonParser, async (request, response) => {
+    if (!request.body.url) {
+        return response.status(400).send('Bad Request: URL is required in the request body.');
+    }
+
+    try {
+        const git = simpleGit();
+
+        // make sure the third-party directory exists
+        if (!fs.existsSync(path.join(request.user.directories.extensions))) {
+            fs.mkdirSync(path.join(request.user.directories.extensions));
+        }
+
+        const url = request.body.url;
+        const extensionPath = path.join(request.user.directories.extensions, path.basename(url, '.git'));
+
+        if (fs.existsSync(extensionPath)) {
+            return response.status(409).send(`Directory already exists at ${extensionPath}`);
+        }
+
+        await git.clone(url, extensionPath, { '--depth': 1 });
+        console.log(`Extension has been cloned at ${extensionPath}`);
+
+
+        const { version, author, display_name } = await getManifest(extensionPath);
+
+
+        return response.send({ version, author, display_name, extensionPath });
+    } catch (error) {
+        console.log('Importing custom content failed', error);
+        return response.status(500).send(`Server Error: ${error.message}`);
+    }
+});
+
+/**
+ * HTTP POST handler function to pull the latest updates from a git repository
+ * based on the extension name provided in the request body. It returns the latest commit hash,
+ * the path of the extension, the status of the repository (whether it's up-to-date or not),
+ * and the remote URL of the repository.
+ *
+ * @param {Object} request - HTTP Request object, expects a JSON body with an 'extensionName' property.
+ * @param {Object} response - HTTP Response object used to respond to the HTTP request.
+ *
+ * @returns {void}
+ */
+router.post('/update', jsonParser, async (request, response) => {
+    const git = simpleGit();
+    if (!request.body.extensionName) {
+        return response.status(400).send('Bad Request: extensionName is required in the request body.');
+    }
+
+    try {
+        const extensionName = request.body.extensionName;
+        const extensionPath = path.join(request.user.directories.extensions, extensionName);
+
+        if (!fs.existsSync(extensionPath)) {
+            return response.status(404).send(`Directory does not exist at ${extensionPath}`);
+        }
+
+        const { isUpToDate, remoteUrl } = await checkIfRepoIsUpToDate(extensionPath);
+        const currentBranch = await git.cwd(extensionPath).branch();
+        if (!isUpToDate) {
+
+            await git.cwd(extensionPath).pull('origin', currentBranch.current);
+            console.log(`Extension has been updated at ${extensionPath}`);
+        } else {
+            console.log(`Extension is up to date at ${extensionPath}`);
+        }
+        await git.cwd(extensionPath).fetch('origin');
+        const fullCommitHash = await git.cwd(extensionPath).revparse(['HEAD']);
+        const shortCommitHash = fullCommitHash.slice(0, 7);
+
+        return response.send({ shortCommitHash, extensionPath, isUpToDate, remoteUrl });
+
+    } catch (error) {
+        console.log('Updating custom content failed', error);
+        return response.status(500).send(`Server Error: ${error.message}`);
+    }
+});
+
+/**
+ * HTTP POST handler function to get the current git commit hash and branch name for a given extension.
+ * It checks whether the repository is up-to-date with the remote, and returns the status along with
+ * the remote URL of the repository.
+ *
+ * @param {Object} request - HTTP Request object, expects a JSON body with an 'extensionName' property.
+ * @param {Object} response - HTTP Response object used to respond to the HTTP request.
+ *
+ * @returns {void}
+ */
+router.post('/version', jsonParser, async (request, response) => {
+    const git = simpleGit();
+    if (!request.body.extensionName) {
+        return response.status(400).send('Bad Request: extensionName is required in the request body.');
+    }
+
+    try {
+        const extensionName = request.body.extensionName;
+        const extensionPath = path.join(request.user.directories.extensions, extensionName);
+
+        if (!fs.existsSync(extensionPath)) {
+            return response.status(404).send(`Directory does not exist at ${extensionPath}`);
+        }
+
+        const currentBranch = await git.cwd(extensionPath).branch();
+        // get only the working branch
+        const currentBranchName = currentBranch.current;
+        await git.cwd(extensionPath).fetch('origin');
+        const currentCommitHash = await git.cwd(extensionPath).revparse(['HEAD']);
+        console.log(currentBranch, currentCommitHash);
+        const { isUpToDate, remoteUrl } = await checkIfRepoIsUpToDate(extensionPath);
+
+        return response.send({ currentBranchName, currentCommitHash, isUpToDate, remoteUrl });
+
+    } catch (error) {
+        console.log('Getting extension version failed', error);
+        return response.status(500).send(`Server Error: ${error.message}`);
+    }
+});
+
+/**
+ * HTTP POST handler function to delete a git repository based on the extension name provided in the request body.
+ *
+ * @param {Object} request - HTTP Request object, expects a JSON body with a 'url' property.
+ * @param {Object} response - HTTP Response object used to respond to the HTTP request.
+ *
+ * @returns {void}
+ */
+router.post('/delete', jsonParser, async (request, response) => {
+    if (!request.body.extensionName) {
+        return response.status(400).send('Bad Request: extensionName is required in the request body.');
+    }
+
+    // Sanitize the extension name to prevent directory traversal
+    const extensionName = sanitize(request.body.extensionName);
+
+    try {
+        const extensionPath = path.join(request.user.directories.extensions, extensionName);
+
+        if (!fs.existsSync(extensionPath)) {
+            return response.status(404).send(`Directory does not exist at ${extensionPath}`);
+        }
+
+        await fs.promises.rm(extensionPath, { recursive: true });
+        console.log(`Extension has been deleted at ${extensionPath}`);
+
+        return response.send(`Extension has been deleted at ${extensionPath}`);
+
+    } catch (error) {
+        console.log('Deleting custom content failed', error);
+        return response.status(500).send(`Server Error: ${error.message}`);
+    }
+});
+
+/**
+ * Discover the extension folders
+ * If the folder is called third-party, search for subfolders instead
+ */
+router.get('/discover', jsonParser, function (request, response) {
+    // get all folders in the extensions folder, except third-party
+    const extensions = fs
+        .readdirSync(PUBLIC_DIRECTORIES.extensions)
+        .filter(f => fs.statSync(path.join(PUBLIC_DIRECTORIES.extensions, f)).isDirectory())
+        .filter(f => f !== 'third-party');
+
+    // get all folders in the third-party folder, if it exists
+
+    if (!fs.existsSync(path.join(request.user.directories.extensions))) {
+        return response.send(extensions);
+    }
+
+    const thirdPartyExtensions = fs
+        .readdirSync(path.join(request.user.directories.extensions))
+        .filter(f => fs.statSync(path.join(request.user.directories.extensions, f)).isDirectory());
+
+    // add the third-party extensions to the extensions array
+    extensions.push(...thirdPartyExtensions.map(f => `third-party/${f}`));
+    console.log(extensions);
+
+
+    return response.send(extensions);
+});
+
+module.exports = { router };

src/endpoints/files.js

@@ -0,0 +1,101 @@
+const path = require('path');
+const fs = require('fs');
+const writeFileSyncAtomic = require('write-file-atomic').sync;
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const router = express.Router();
+const { validateAssetFileName } = require('./assets');
+const { jsonParser } = require('../express-common');
+const { clientRelativePath } = require('../util');
+
+router.post('/sanitize-filename', jsonParser, async (request, response) => {
+    try {
+        const fileName = String(request.body.fileName);
+        if (!fileName) {
+            return response.status(400).send('No fileName specified');
+        }
+
+        const sanitizedFilename = sanitize(fileName);
+        return response.send({ fileName: sanitizedFilename });
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/upload', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.name) {
+            return response.status(400).send('No upload name specified');
+        }
+
+        if (!request.body.data) {
+            return response.status(400).send('No upload data specified');
+        }
+
+        // Validate filename
+        const validation = validateAssetFileName(request.body.name);
+        if (validation.error)
+            return response.status(400).send(validation.message);
+
+        const pathToUpload = path.join(request.user.directories.files, request.body.name);
+        writeFileSyncAtomic(pathToUpload, request.body.data, 'base64');
+        const url = clientRelativePath(request.user.directories.root, pathToUpload);
+        console.log(`Uploaded file: ${url} from ${request.user.profile.handle}`);
+        return response.send({ path: url });
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/delete', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.path) {
+            return response.status(400).send('No path specified');
+        }
+
+        const pathToDelete = path.join(request.user.directories.root, request.body.path);
+        if (!pathToDelete.startsWith(request.user.directories.files)) {
+            return response.status(400).send('Invalid path');
+        }
+
+        if (!fs.existsSync(pathToDelete)) {
+            return response.status(404).send('File not found');
+        }
+
+        fs.rmSync(pathToDelete);
+        console.log(`Deleted file: ${request.body.path} from ${request.user.profile.handle}`);
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/verify', jsonParser, async (request, response) => {
+    try {
+        if (!Array.isArray(request.body.urls)) {
+            return response.status(400).send('No URLs specified');
+        }
+
+        const verified = {};
+
+        for (const url of request.body.urls) {
+            const pathToVerify = path.join(request.user.directories.root, url);
+            if (!pathToVerify.startsWith(request.user.directories.files)) {
+                console.debug(`File verification: Invalid path: ${pathToVerify}`);
+                continue;
+            }
+            const fileExists = fs.existsSync(pathToVerify);
+            verified[url] = fileExists;
+        }
+
+        return response.send(verified);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/google.js

@@ -0,0 +1,71 @@
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const fetch = require('node-fetch').default;
+const express = require('express');
+const { jsonParser } = require('../express-common');
+const { GEMINI_SAFETY } = require('../constants');
+
+const API_MAKERSUITE = 'https://generativelanguage.googleapis.com';
+
+const router = express.Router();
+
+router.post('/caption-image', jsonParser, async (request, response) => {
+    try {
+        const mimeType = request.body.image.split(';')[0].split(':')[1];
+        const base64Data = request.body.image.split(',')[1];
+        const apiKey = request.body.reverse_proxy ? request.body.proxy_password : readSecret(request.user.directories, SECRET_KEYS.MAKERSUITE);
+        const apiUrl = new URL(request.body.reverse_proxy || API_MAKERSUITE);
+        const model = request.body.model || 'gemini-pro-vision';
+        const url = `${apiUrl.origin}/v1beta/models/${model}:generateContent?key=${apiKey}`;
+        const body = {
+            contents: [{
+                parts: [
+                    { text: request.body.prompt },
+                    {
+                        inlineData: {
+                            mimeType: 'image/png', // It needs to specify a MIME type in data if it's not a PNG
+                            data: mimeType === 'image/png' ? base64Data : request.body.image,
+                        },
+                    }],
+            }],
+            safetySettings: GEMINI_SAFETY,
+            generationConfig: { maxOutputTokens: 1000 },
+        };
+
+        console.log('Multimodal captioning request', model, body);
+
+        const result = await fetch(url, {
+            body: JSON.stringify(body),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const error = await result.json();
+            console.log(`Google AI Studio API returned error: ${result.status} ${result.statusText}`, error);
+            return response.status(result.status).send({ error: true });
+        }
+
+        const data = await result.json();
+        console.log('Multimodal captioning response', data);
+
+        const candidates = data?.candidates;
+        if (!candidates) {
+            return response.status(500).send('No candidates found, image was most likely filtered.');
+        }
+
+        const caption = candidates[0].content.parts[0].text;
+        if (!caption) {
+            return response.status(500).send('No caption found');
+        }
+
+        return response.json({ caption });
+    } catch (error) {
+        console.error(error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+module.exports = { router };

src/endpoints/groups.js

@@ -0,0 +1,135 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+
+const { jsonParser } = require('../express-common');
+const { humanizedISO8601DateTime } = require('../util');
+
+const router = express.Router();
+
+router.post('/all', jsonParser, (request, response) => {
+    const groups = [];
+
+    if (!fs.existsSync(request.user.directories.groups)) {
+        fs.mkdirSync(request.user.directories.groups);
+    }
+
+    const files = fs.readdirSync(request.user.directories.groups).filter(x => path.extname(x) === '.json');
+    const chats = fs.readdirSync(request.user.directories.groupChats).filter(x => path.extname(x) === '.jsonl');
+
+    files.forEach(function (file) {
+        try {
+            const filePath = path.join(request.user.directories.groups, file);
+            const fileContents = fs.readFileSync(filePath, 'utf8');
+            const group = JSON.parse(fileContents);
+            const groupStat = fs.statSync(filePath);
+            group['date_added'] = groupStat.birthtimeMs;
+            group['create_date'] = humanizedISO8601DateTime(groupStat.birthtimeMs);
+
+            let chat_size = 0;
+            let date_last_chat = 0;
+
+            if (Array.isArray(group.chats) && Array.isArray(chats)) {
+                for (const chat of chats) {
+                    if (group.chats.includes(path.parse(chat).name)) {
+                        const chatStat = fs.statSync(path.join(request.user.directories.groupChats, chat));
+                        chat_size += chatStat.size;
+                        date_last_chat = Math.max(date_last_chat, chatStat.mtimeMs);
+                    }
+                }
+            }
+
+            group['date_last_chat'] = date_last_chat;
+            group['chat_size'] = chat_size;
+            groups.push(group);
+        }
+        catch (error) {
+            console.error(error);
+        }
+    });
+
+    return response.send(groups);
+});
+
+router.post('/create', jsonParser, (request, response) => {
+    if (!request.body) {
+        return response.sendStatus(400);
+    }
+
+    const id = String(Date.now());
+    const groupMetadata = {
+        id: id,
+        name: request.body.name ?? 'New Group',
+        members: request.body.members ?? [],
+        avatar_url: request.body.avatar_url,
+        allow_self_responses: !!request.body.allow_self_responses,
+        activation_strategy: request.body.activation_strategy ?? 0,
+        generation_mode: request.body.generation_mode ?? 0,
+        disabled_members: request.body.disabled_members ?? [],
+        chat_metadata: request.body.chat_metadata ?? {},
+        fav: request.body.fav,
+        chat_id: request.body.chat_id ?? id,
+        chats: request.body.chats ?? [id],
+        auto_mode_delay: request.body.auto_mode_delay ?? 5,
+        generation_mode_join_prefix: request.body.generation_mode_join_prefix ?? '',
+        generation_mode_join_suffix: request.body.generation_mode_join_suffix ?? '',
+    };
+    const pathToFile = path.join(request.user.directories.groups, `${id}.json`);
+    const fileData = JSON.stringify(groupMetadata, null, 4);
+
+    if (!fs.existsSync(request.user.directories.groups)) {
+        fs.mkdirSync(request.user.directories.groups);
+    }
+
+    writeFileAtomicSync(pathToFile, fileData);
+    return response.send(groupMetadata);
+});
+
+router.post('/edit', jsonParser, (request, response) => {
+    if (!request.body || !request.body.id) {
+        return response.sendStatus(400);
+    }
+    const id = request.body.id;
+    const pathToFile = path.join(request.user.directories.groups, `${id}.json`);
+    const fileData = JSON.stringify(request.body, null, 4);
+
+    writeFileAtomicSync(pathToFile, fileData);
+    return response.send({ ok: true });
+});
+
+router.post('/delete', jsonParser, async (request, response) => {
+    if (!request.body || !request.body.id) {
+        return response.sendStatus(400);
+    }
+
+    const id = request.body.id;
+    const pathToGroup = path.join(request.user.directories.groups, sanitize(`${id}.json`));
+
+    try {
+        // Delete group chats
+        const group = JSON.parse(fs.readFileSync(pathToGroup, 'utf8'));
+
+        if (group && Array.isArray(group.chats)) {
+            for (const chat of group.chats) {
+                console.log('Deleting group chat', chat);
+                const pathToFile = path.join(request.user.directories.groupChats, `${id}.jsonl`);
+
+                if (fs.existsSync(pathToFile)) {
+                    fs.rmSync(pathToFile);
+                }
+            }
+        }
+    } catch (error) {
+        console.error('Could not delete group chats. Clean them up manually.', error);
+    }
+
+    if (fs.existsSync(pathToGroup)) {
+        fs.rmSync(pathToGroup);
+    }
+
+    return response.send({ ok: true });
+});
+
+module.exports = { router };

src/endpoints/horde.js

@@ -0,0 +1,382 @@
+const fetch = require('node-fetch').default;
+const express = require('express');
+const { AIHorde, ModelGenerationInputStableSamplers, ModelInterrogationFormTypes, HordeAsyncRequestStates } = require('@zeldafan0225/ai_horde');
+const { getVersion, delay, Cache } = require('../util');
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const { jsonParser } = require('../express-common');
+
+const ANONYMOUS_KEY = '0000000000';
+const cache = new Cache(60 * 1000);
+const router = express.Router();
+
+/**
+ * Returns the AIHorde client agent.
+ * @returns {Promise<string>} AIHorde client agent
+ */
+async function getClientAgent() {
+    const version = await getVersion();
+    return version?.agent || 'SillyTavern:UNKNOWN:Cohee#1207';
+}
+
+/**
+ * Returns the AIHorde client.
+ * @returns {Promise<AIHorde>} AIHorde client
+ */
+async function getHordeClient() {
+    const ai_horde = new AIHorde({
+        client_agent: await getClientAgent(),
+    });
+    return ai_horde;
+}
+
+/**
+ * Removes dirty no-no words from the prompt.
+ * Taken verbatim from KAI Lite's implementation (AGPLv3).
+ * https://github.com/LostRuins/lite.koboldai.net/blob/main/index.html#L7786C2-L7811C1
+ * @param {string} prompt Prompt to sanitize
+ * @returns {string} Sanitized prompt
+ */
+function sanitizeHordeImagePrompt(prompt) {
+    if (!prompt) {
+        return '';
+    }
+
+    //to avoid flagging from some image models, always swap these words
+    prompt = prompt.replace(/\b(girl)\b/gmi, 'woman');
+    prompt = prompt.replace(/\b(boy)\b/gmi, 'man');
+    prompt = prompt.replace(/\b(girls)\b/gmi, 'women');
+    prompt = prompt.replace(/\b(boys)\b/gmi, 'men');
+    //always remove these high risk words from prompt, as they add little value to image gen while increasing the risk the prompt gets flagged
+    prompt = prompt.replace(/\b(under.age|under.aged|underage|underaged|loli|pedo|pedophile|(\w+).year.old|(\w+).years.old|minor|prepubescent|minors|shota)\b/gmi, '');
+    //replace risky subject nouns with person
+    prompt = prompt.replace(/\b(youngster|infant|baby|toddler|child|teen|kid|kiddie|kiddo|teenager|student|preteen|pre.teen)\b/gmi, 'person');
+    //remove risky adjectives and related words
+    prompt = prompt.replace(/\b(young|younger|youthful|youth|small|smaller|smallest|girly|boyish|lil|tiny|teenaged|lit[tl]le|school.aged|school|highschool|kindergarten|teens|children|kids)\b/gmi, '');
+
+    return prompt;
+}
+
+router.post('/text-workers', jsonParser, async (request, response) => {
+    try {
+        const cachedWorkers = cache.get('workers');
+
+        if (cachedWorkers && !request.body.force) {
+            return response.send(cachedWorkers);
+        }
+
+        const agent = await getClientAgent();
+        const fetchResult = await fetch('https://aihorde.net/api/v2/workers?type=text', {
+            headers: {
+                'Client-Agent': agent,
+            },
+        });
+        const data = await fetchResult.json();
+        cache.set('workers', data);
+        return response.send(data);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/text-models', jsonParser, async (request, response) => {
+    try {
+        const cachedModels = cache.get('models');
+
+        if (cachedModels && !request.body.force) {
+            return response.send(cachedModels);
+        }
+
+        const agent = await getClientAgent();
+        const fetchResult = await fetch('https://aihorde.net/api/v2/status/models?type=text', {
+            headers: {
+                'Client-Agent': agent,
+            },
+        });
+
+        const data = await fetchResult.json();
+        cache.set('models', data);
+        return response.send(data);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/status', jsonParser, async (_, response) => {
+    try {
+        const agent = await getClientAgent();
+        const fetchResult = await fetch('https://aihorde.net/api/v2/status/heartbeat', {
+            headers: {
+                'Client-Agent': agent,
+            },
+        });
+
+        return response.send({ ok: fetchResult.ok });
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/cancel-task', jsonParser, async (request, response) => {
+    try {
+        const taskId = request.body.taskId;
+        const agent = await getClientAgent();
+        const fetchResult = await fetch(`https://aihorde.net/api/v2/generate/text/status/${taskId}`, {
+            method: 'DELETE',
+            headers: {
+                'Client-Agent': agent,
+            },
+        });
+
+        const data = await fetchResult.json();
+        console.log(`Cancelled Horde task ${taskId}`);
+        return response.send(data);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/task-status', jsonParser, async (request, response) => {
+    try {
+        const taskId = request.body.taskId;
+        const agent = await getClientAgent();
+        const fetchResult = await fetch(`https://aihorde.net/api/v2/generate/text/status/${taskId}`, {
+            headers: {
+                'Client-Agent': agent,
+            },
+        });
+
+        const data = await fetchResult.json();
+        console.log(`Horde task ${taskId} status:`, data);
+        return response.send(data);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/generate-text', jsonParser, async (request, response) => {
+    const apiKey = readSecret(request.user.directories, SECRET_KEYS.HORDE) || ANONYMOUS_KEY;
+    const url = 'https://aihorde.net/api/v2/generate/text/async';
+    const agent = await getClientAgent();
+
+    console.log(request.body);
+    try {
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(request.body),
+            headers: {
+                'Content-Type': 'application/json',
+                'apikey': apiKey,
+                'Client-Agent': agent,
+            },
+        });
+
+        if (!result.ok) {
+            const message = await result.text();
+            console.log('Horde returned an error:', message);
+            return response.send({ error: { message } });
+        }
+
+        const data = await result.json();
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.send({ error: true });
+    }
+});
+
+router.post('/sd-samplers', jsonParser, async (_, response) => {
+    try {
+        const samplers = Object.values(ModelGenerationInputStableSamplers);
+        response.send(samplers);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/sd-models', jsonParser, async (_, response) => {
+    try {
+        const ai_horde = await getHordeClient();
+        const models = await ai_horde.getModels();
+        response.send(models);
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/caption-image', jsonParser, async (request, response) => {
+    try {
+        const api_key_horde = readSecret(request.user.directories, SECRET_KEYS.HORDE) || ANONYMOUS_KEY;
+        const ai_horde = await getHordeClient();
+        const result = await ai_horde.postAsyncInterrogate({
+            source_image: request.body.image,
+            forms: [{ name: ModelInterrogationFormTypes.caption }],
+        }, { token: api_key_horde });
+
+        if (!result.id) {
+            console.error('Image interrogation request is not satisfyable:', result.message || 'unknown error');
+            return response.sendStatus(400);
+        }
+
+        const MAX_ATTEMPTS = 200;
+        const CHECK_INTERVAL = 3000;
+
+        for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+            await delay(CHECK_INTERVAL);
+            const status = await ai_horde.getInterrogationStatus(result.id);
+            console.log(status);
+
+            if (status.state === HordeAsyncRequestStates.done) {
+
+                if (status.forms === undefined) {
+                    console.error('Image interrogation request failed: no forms found.');
+                    return response.sendStatus(500);
+                }
+
+                console.log('Image interrogation result:', status);
+                const caption = status?.forms[0]?.result?.caption || '';
+
+                if (!caption) {
+                    console.error('Image interrogation request failed: no caption found.');
+                    return response.sendStatus(500);
+                }
+
+                return response.send({ caption });
+            }
+
+            if (status.state === HordeAsyncRequestStates.faulted || status.state === HordeAsyncRequestStates.cancelled) {
+                console.log('Image interrogation request is not successful.');
+                return response.sendStatus(503);
+            }
+        }
+
+    } catch (error) {
+        console.error(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/user-info', jsonParser, async (request, response) => {
+    const api_key_horde = readSecret(request.user.directories, SECRET_KEYS.HORDE);
+
+    if (!api_key_horde) {
+        return response.send({ anonymous: true });
+    }
+
+    try {
+        const ai_horde = await getHordeClient();
+        const user = await ai_horde.findUser({ token: api_key_horde });
+        return response.send(user);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/generate-image', jsonParser, async (request, response) => {
+    if (!request.body.prompt) {
+        return response.sendStatus(400);
+    }
+
+    const MAX_ATTEMPTS = 200;
+    const CHECK_INTERVAL = 3000;
+    const PROMPT_THRESHOLD = 5000;
+
+    try {
+        const maxLength = PROMPT_THRESHOLD - String(request.body.negative_prompt).length - 5;
+        if (String(request.body.prompt).length > maxLength) {
+            console.log('Stable Horde prompt is too long, truncating...');
+            request.body.prompt = String(request.body.prompt).substring(0, maxLength);
+        }
+
+        // Sanitize prompt if requested
+        if (request.body.sanitize) {
+            const sanitized = sanitizeHordeImagePrompt(request.body.prompt);
+
+            if (request.body.prompt !== sanitized) {
+                console.log('Stable Horde prompt was sanitized.');
+            }
+
+            request.body.prompt = sanitized;
+        }
+
+        const api_key_horde = readSecret(request.user.directories, SECRET_KEYS.HORDE) || ANONYMOUS_KEY;
+        console.log('Stable Horde request:', request.body);
+
+        const ai_horde = await getHordeClient();
+        const generation = await ai_horde.postAsyncImageGenerate(
+            {
+                prompt: `${request.body.prompt} ### ${request.body.negative_prompt}`,
+                params:
+                {
+                    sampler_name: request.body.sampler,
+                    hires_fix: request.body.enable_hr,
+                    // @ts-ignore - use_gfpgan param is not in the type definition, need to update to new ai_horde @ https://github.com/ZeldaFan0225/ai_horde/blob/main/index.ts
+                    use_gfpgan: request.body.restore_faces,
+                    cfg_scale: request.body.scale,
+                    steps: request.body.steps,
+                    width: request.body.width,
+                    height: request.body.height,
+                    karras: Boolean(request.body.karras),
+                    clip_skip: request.body.clip_skip,
+                    seed: request.body.seed >= 0 ? String(request.body.seed) : undefined,
+                    n: 1,
+                },
+                r2: false,
+                nsfw: request.body.nfsw,
+                models: [request.body.model],
+            },
+            { token: api_key_horde });
+
+        if (!generation.id) {
+            console.error('Image generation request is not satisfyable:', generation.message || 'unknown error');
+            return response.sendStatus(400);
+        }
+
+        console.log('Horde image generation request:', generation);
+
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            console.log('Horde image generation request aborted.');
+            controller.abort();
+            if (generation.id) ai_horde.deleteImageGenerationRequest(generation.id);
+        });
+
+        for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+            controller.signal.throwIfAborted();
+            await delay(CHECK_INTERVAL);
+            const check = await ai_horde.getImageGenerationCheck(generation.id);
+            console.log(check);
+
+            if (check.done) {
+                const result = await ai_horde.getImageGenerationStatus(generation.id);
+                if (result.generations === undefined) return response.sendStatus(500);
+                return response.send(result.generations[0].img);
+            }
+
+            /*
+            if (!check.is_possible) {
+                return response.sendStatus(503);
+            }
+            */
+
+            if (check.faulted) {
+                return response.sendStatus(500);
+            }
+        }
+
+        return response.sendStatus(504);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/images.js

@@ -0,0 +1,93 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+
+const { jsonParser } = require('../express-common');
+const { clientRelativePath, removeFileExtension, getImages } = require('../util');
+
+/**
+ * Ensure the directory for the provided file path exists.
+ * If not, it will recursively create the directory.
+ *
+ * @param {string} filePath - The full path of the file for which the directory should be ensured.
+ */
+function ensureDirectoryExistence(filePath) {
+    const dirname = path.dirname(filePath);
+    if (fs.existsSync(dirname)) {
+        return true;
+    }
+    ensureDirectoryExistence(dirname);
+    fs.mkdirSync(dirname);
+}
+
+const router = express.Router();
+
+/**
+ * Endpoint to handle image uploads.
+ * The image should be provided in the request body in base64 format.
+ * Optionally, a character name can be provided to save the image in a sub-folder.
+ *
+ * @route POST /api/images/upload
+ * @param {Object} request.body - The request payload.
+ * @param {string} request.body.image - The base64 encoded image data.
+ * @param {string} [request.body.ch_name] - Optional character name to determine the sub-directory.
+ * @returns {Object} response - The response object containing the path where the image was saved.
+ */
+router.post('/upload', jsonParser, async (request, response) => {
+    // Check for image data
+    if (!request.body || !request.body.image) {
+        return response.status(400).send({ error: 'No image data provided' });
+    }
+
+    try {
+        // Extracting the base64 data and the image format
+        const splitParts = request.body.image.split(',');
+        const format = splitParts[0].split(';')[0].split('/')[1];
+        const base64Data = splitParts[1];
+        const validFormat = ['png', 'jpg', 'webp', 'jpeg', 'gif'].includes(format);
+        if (!validFormat) {
+            return response.status(400).send({ error: 'Invalid image format' });
+        }
+
+        // Constructing filename and path
+        let filename;
+        if (request.body.filename) {
+            filename = `${removeFileExtension(request.body.filename)}.${format}`;
+        } else {
+            filename = `${Date.now()}.${format}`;
+        }
+
+        // if character is defined, save to a sub folder for that character
+        let pathToNewFile = path.join(request.user.directories.userImages, sanitize(filename));
+        if (request.body.ch_name) {
+            pathToNewFile = path.join(request.user.directories.userImages, sanitize(request.body.ch_name), sanitize(filename));
+        }
+
+        ensureDirectoryExistence(pathToNewFile);
+        const imageBuffer = Buffer.from(base64Data, 'base64');
+        await fs.promises.writeFile(pathToNewFile, imageBuffer);
+        response.send({ path: clientRelativePath(request.user.directories.root, pathToNewFile) });
+    } catch (error) {
+        console.log(error);
+        response.status(500).send({ error: 'Failed to save the image' });
+    }
+});
+
+router.post('/list/:folder', (request, response) => {
+    const directoryPath = path.join(request.user.directories.userImages, sanitize(request.params.folder));
+
+    if (!fs.existsSync(directoryPath)) {
+        fs.mkdirSync(directoryPath, { recursive: true });
+    }
+
+    try {
+        const images = getImages(directoryPath, 'date');
+        return response.send(images);
+    } catch (error) {
+        console.error(error);
+        return response.status(500).send({ error: 'Unable to retrieve files' });
+    }
+});
+
+module.exports = { router };

src/endpoints/moving-ui.js

@@ -0,0 +1,21 @@
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+router.post('/save', jsonParser, (request, response) => {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    const filename = path.join(request.user.directories.movingUI, sanitize(request.body.name) + '.json');
+    writeFileAtomicSync(filename, JSON.stringify(request.body, null, 4), 'utf8');
+
+    return response.sendStatus(200);
+});
+
+module.exports = { router };

src/endpoints/novelai.js

@@ -0,0 +1,381 @@
+const fetch = require('node-fetch').default;
+const express = require('express');
+const util = require('util');
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const { readAllChunks, extractFileFromZipBuffer, forwardFetchResponse } = require('../util');
+const { jsonParser } = require('../express-common');
+
+const API_NOVELAI = 'https://api.novelai.net';
+const IMAGE_NOVELAI = 'https://image.novelai.net';
+
+// Ban bracket generation, plus defaults
+const badWordsList = [
+    [3], [49356], [1431], [31715], [34387], [20765], [30702], [10691], [49333], [1266],
+    [19438], [43145], [26523], [41471], [2936], [85, 85], [49332], [7286], [1115], [24],
+];
+
+const hypeBotBadWordsList = [
+    [58], [60], [90], [92], [685], [1391], [1782], [2361], [3693], [4083], [4357], [4895],
+    [5512], [5974], [7131], [8183], [8351], [8762], [8964], [8973], [9063], [11208],
+    [11709], [11907], [11919], [12878], [12962], [13018], [13412], [14631], [14692],
+    [14980], [15090], [15437], [16151], [16410], [16589], [17241], [17414], [17635],
+    [17816], [17912], [18083], [18161], [18477], [19629], [19779], [19953], [20520],
+    [20598], [20662], [20740], [21476], [21737], [22133], [22241], [22345], [22935],
+    [23330], [23785], [23834], [23884], [25295], [25597], [25719], [25787], [25915],
+    [26076], [26358], [26398], [26894], [26933], [27007], [27422], [28013], [29164],
+    [29225], [29342], [29565], [29795], [30072], [30109], [30138], [30866], [31161],
+    [31478], [32092], [32239], [32509], [33116], [33250], [33761], [34171], [34758],
+    [34949], [35944], [36338], [36463], [36563], [36786], [36796], [36937], [37250],
+    [37913], [37981], [38165], [38362], [38381], [38430], [38892], [39850], [39893],
+    [41832], [41888], [42535], [42669], [42785], [42924], [43839], [44438], [44587],
+    [44926], [45144], [45297], [46110], [46570], [46581], [46956], [47175], [47182],
+    [47527], [47715], [48600], [48683], [48688], [48874], [48999], [49074], [49082],
+    [49146], [49946], [10221], [4841], [1427], [2602, 834], [29343], [37405], [35780], [2602], [50256],
+];
+
+// Used for phrase repetition penalty
+const repPenaltyAllowList = [
+    [49256, 49264, 49231, 49230, 49287, 85, 49255, 49399, 49262, 336, 333, 432, 363, 468, 492, 745, 401, 426, 623, 794,
+        1096, 2919, 2072, 7379, 1259, 2110, 620, 526, 487, 16562, 603, 805, 761, 2681, 942, 8917, 653, 3513, 506, 5301,
+        562, 5010, 614, 10942, 539, 2976, 462, 5189, 567, 2032, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 588,
+        803, 1040, 49209, 4, 5, 6, 7, 8, 9, 10, 11, 12],
+];
+
+// Ban the dinkus and asterism
+const logitBiasExp = [
+    { 'sequence': [23], 'bias': -0.08, 'ensure_sequence_finish': false, 'generate_once': false },
+    { 'sequence': [21], 'bias': -0.08, 'ensure_sequence_finish': false, 'generate_once': false },
+];
+
+function getBadWordsList(model) {
+    let list = [];
+
+    if (model.includes('hypebot')) {
+        list = hypeBotBadWordsList;
+    }
+
+    if (model.includes('clio') || model.includes('kayra')) {
+        list = badWordsList;
+    }
+
+    // Clone the list so we don't modify the original
+    return list.slice();
+}
+
+const router = express.Router();
+
+router.post('/status', jsonParser, async function (req, res) {
+    if (!req.body) return res.sendStatus(400);
+    const api_key_novel = readSecret(req.user.directories, SECRET_KEYS.NOVEL);
+
+    if (!api_key_novel) {
+        console.log('NovelAI Access Token is missing.');
+        return res.sendStatus(400);
+    }
+
+    try {
+        const response = await fetch(API_NOVELAI + '/user/subscription', {
+            method: 'GET',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Bearer ' + api_key_novel,
+            },
+        });
+
+        if (response.ok) {
+            const data = await response.json();
+            return res.send(data);
+        } else if (response.status == 401) {
+            console.log('NovelAI Access Token is incorrect.');
+            return res.send({ error: true });
+        }
+        else {
+            console.log('NovelAI returned an error:', response.statusText);
+            return res.send({ error: true });
+        }
+    } catch (error) {
+        console.log(error);
+        return res.send({ error: true });
+    }
+});
+
+router.post('/generate', jsonParser, async function (req, res) {
+    if (!req.body) return res.sendStatus(400);
+
+    const api_key_novel = readSecret(req.user.directories, SECRET_KEYS.NOVEL);
+
+    if (!api_key_novel) {
+        console.log('NovelAI Access Token is missing.');
+        return res.sendStatus(400);
+    }
+
+    const controller = new AbortController();
+    req.socket.removeAllListeners('close');
+    req.socket.on('close', function () {
+        controller.abort();
+    });
+
+    const isNewModel = (req.body.model.includes('clio') || req.body.model.includes('kayra'));
+    const badWordsList = getBadWordsList(req.body.model);
+
+    // Add customized bad words for Clio and Kayra
+    if (isNewModel && Array.isArray(req.body.bad_words_ids)) {
+        for (const badWord of req.body.bad_words_ids) {
+            if (Array.isArray(badWord) && badWord.every(x => Number.isInteger(x))) {
+                badWordsList.push(badWord);
+            }
+        }
+    }
+
+    // Remove empty arrays from bad words list
+    for (const badWord of badWordsList) {
+        if (badWord.length === 0) {
+            badWordsList.splice(badWordsList.indexOf(badWord), 1);
+        }
+    }
+
+    // Add default biases for dinkus and asterism
+    const logit_bias_exp = isNewModel ? logitBiasExp.slice() : [];
+
+    if (Array.isArray(logit_bias_exp) && Array.isArray(req.body.logit_bias_exp)) {
+        logit_bias_exp.push(...req.body.logit_bias_exp);
+    }
+
+    const data = {
+        'input': req.body.input,
+        'model': req.body.model,
+        'parameters': {
+            'use_string': req.body.use_string ?? true,
+            'temperature': req.body.temperature,
+            'max_length': req.body.max_length,
+            'min_length': req.body.min_length,
+            'tail_free_sampling': req.body.tail_free_sampling,
+            'repetition_penalty': req.body.repetition_penalty,
+            'repetition_penalty_range': req.body.repetition_penalty_range,
+            'repetition_penalty_slope': req.body.repetition_penalty_slope,
+            'repetition_penalty_frequency': req.body.repetition_penalty_frequency,
+            'repetition_penalty_presence': req.body.repetition_penalty_presence,
+            'repetition_penalty_whitelist': isNewModel ? repPenaltyAllowList : null,
+            'top_a': req.body.top_a,
+            'top_p': req.body.top_p,
+            'top_k': req.body.top_k,
+            'typical_p': req.body.typical_p,
+            'mirostat_lr': req.body.mirostat_lr,
+            'mirostat_tau': req.body.mirostat_tau,
+            'cfg_scale': req.body.cfg_scale,
+            'cfg_uc': req.body.cfg_uc,
+            'phrase_rep_pen': req.body.phrase_rep_pen,
+            'stop_sequences': req.body.stop_sequences,
+            'bad_words_ids': badWordsList.length ? badWordsList : null,
+            'logit_bias_exp': logit_bias_exp,
+            'generate_until_sentence': req.body.generate_until_sentence,
+            'use_cache': req.body.use_cache,
+            'return_full_text': req.body.return_full_text,
+            'prefix': req.body.prefix,
+            'order': req.body.order,
+            'num_logprobs': req.body.num_logprobs,
+        },
+    };
+
+    // Tells the model to stop generation at '>'
+    if ('theme_textadventure' === req.body.prefix &&
+        (true === req.body.model.includes('clio') ||
+         true === req.body.model.includes('kayra'))) {
+        data.parameters.eos_token_id = 49405;
+    }
+
+    console.log(util.inspect(data, { depth: 4 }));
+
+    const args = {
+        body: JSON.stringify(data),
+        headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + api_key_novel },
+        signal: controller.signal,
+    };
+
+    try {
+        const url = req.body.streaming ? `${API_NOVELAI}/ai/generate-stream` : `${API_NOVELAI}/ai/generate`;
+        const response = await fetch(url, { method: 'POST', timeout: 0, ...args });
+
+        if (req.body.streaming) {
+            // Pipe remote SSE stream to Express response
+            forwardFetchResponse(response, res);
+        } else {
+            if (!response.ok) {
+                const text = await response.text();
+                let message = text;
+                console.log(`Novel API returned error: ${response.status} ${response.statusText} ${text}`);
+
+                try {
+                    const data = JSON.parse(text);
+                    message = data.message;
+                }
+                catch {
+                    // ignore
+                }
+
+                return res.status(response.status).send({ error: { message } });
+            }
+
+            const data = await response.json();
+            console.log('NovelAI Output', data?.output);
+            return res.send(data);
+        }
+    } catch (error) {
+        return res.send({ error: true });
+    }
+});
+
+router.post('/generate-image', jsonParser, async (request, response) => {
+    if (!request.body) {
+        return response.sendStatus(400);
+    }
+
+    const key = readSecret(request.user.directories, SECRET_KEYS.NOVEL);
+
+    if (!key) {
+        console.log('NovelAI Access Token is missing.');
+        return response.sendStatus(400);
+    }
+
+    try {
+        console.log('NAI Diffusion request:', request.body);
+        const generateUrl = `${IMAGE_NOVELAI}/ai/generate-image`;
+        const generateResult = await fetch(generateUrl, {
+            method: 'POST',
+            headers: {
+                'Authorization': `Bearer ${key}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                action: 'generate',
+                input: request.body.prompt,
+                model: request.body.model ?? 'nai-diffusion',
+                parameters: {
+                    negative_prompt: request.body.negative_prompt ?? '',
+                    height: request.body.height ?? 512,
+                    width: request.body.width ?? 512,
+                    scale: request.body.scale ?? 9,
+                    seed: request.body.seed >= 0 ? request.body.seed : Math.floor(Math.random() * 9999999999),
+                    sampler: request.body.sampler ?? 'k_dpmpp_2m',
+                    steps: request.body.steps ?? 28,
+                    n_samples: 1,
+                    // NAI handholding for prompts
+                    ucPreset: 0,
+                    qualityToggle: false,
+                    add_original_image: false,
+                    controlnet_strength: 1,
+                    dynamic_thresholding: request.body.decrisper ?? false,
+                    legacy: false,
+                    sm: request.body.sm ?? false,
+                    sm_dyn: request.body.sm_dyn ?? false,
+                    uncond_scale: 1,
+                },
+            }),
+        });
+
+        if (!generateResult.ok) {
+            const text = await generateResult.text();
+            console.log('NovelAI returned an error.', generateResult.statusText, text);
+            return response.sendStatus(500);
+        }
+
+        const archiveBuffer = await generateResult.arrayBuffer();
+        const imageBuffer = await extractFileFromZipBuffer(archiveBuffer, '.png');
+
+        if (!imageBuffer) {
+            console.warn('NovelAI generated an image, but the PNG file was not found.');
+            return response.sendStatus(500);
+        }
+
+        const originalBase64 = imageBuffer.toString('base64');
+
+        // No upscaling
+        if (isNaN(request.body.upscale_ratio) || request.body.upscale_ratio <= 1) {
+            return response.send(originalBase64);
+        }
+
+        try {
+            console.debug('Upscaling image...');
+            const upscaleUrl = `${API_NOVELAI}/ai/upscale`;
+            const upscaleResult = await fetch(upscaleUrl, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${key}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    image: originalBase64,
+                    height: request.body.height,
+                    width: request.body.width,
+                    scale: request.body.upscale_ratio,
+                }),
+            });
+
+            if (!upscaleResult.ok) {
+                throw new Error('NovelAI returned an error.');
+            }
+
+            const upscaledArchiveBuffer = await upscaleResult.arrayBuffer();
+            const upscaledImageBuffer = await extractFileFromZipBuffer(upscaledArchiveBuffer, '.png');
+
+            if (!upscaledImageBuffer) {
+                throw new Error('NovelAI upscaled an image, but the PNG file was not found.');
+            }
+
+            const upscaledBase64 = upscaledImageBuffer.toString('base64');
+
+            return response.send(upscaledBase64);
+        } catch (error) {
+            console.warn('NovelAI generated an image, but upscaling failed. Returning original image.');
+            return response.send(originalBase64);
+        }
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/generate-voice', jsonParser, async (request, response) => {
+    const token = readSecret(request.user.directories, SECRET_KEYS.NOVEL);
+
+    if (!token) {
+        console.log('NovelAI Access Token is missing.');
+        return response.sendStatus(400);
+    }
+
+    const text = request.body.text;
+    const voice = request.body.voice;
+
+    if (!text || !voice) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const url = `${API_NOVELAI}/ai/generate-voice?text=${encodeURIComponent(text)}&voice=-1&seed=${encodeURIComponent(voice)}&opus=false&version=v2`;
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': `Bearer ${token}`,
+                'Accept': 'audio/mpeg',
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const errorText = await result.text();
+            console.log('NovelAI returned an error.', result.statusText, errorText);
+            return response.sendStatus(500);
+        }
+
+        const chunks = await readAllChunks(result.body);
+        const buffer = Buffer.concat(chunks);
+        response.setHeader('Content-Type', 'audio/mpeg');
+        return response.send(buffer);
+    }
+    catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/openai.js

@@ -0,0 +1,329 @@
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const fetch = require('node-fetch').default;
+const express = require('express');
+const FormData = require('form-data');
+const fs = require('fs');
+const { jsonParser, urlencodedParser } = require('../express-common');
+const { getConfigValue, mergeObjectWithYaml, excludeKeysByYaml, trimV1 } = require('../util');
+const { setAdditionalHeaders } = require('../additional-headers');
+const { OPENROUTER_HEADERS } = require('../constants');
+
+const router = express.Router();
+
+router.post('/caption-image', jsonParser, async (request, response) => {
+    try {
+        let key = '';
+        let headers = {};
+        let bodyParams = {};
+
+        if (request.body.api === 'openai' && !request.body.reverse_proxy) {
+            key = readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+        }
+
+        if (request.body.api === 'openrouter' && !request.body.reverse_proxy) {
+            key = readSecret(request.user.directories, SECRET_KEYS.OPENROUTER);
+        }
+
+        if (request.body.reverse_proxy && request.body.proxy_password) {
+            key = request.body.proxy_password;
+        }
+
+        if (request.body.api === 'custom') {
+            key = readSecret(request.user.directories, SECRET_KEYS.CUSTOM);
+            mergeObjectWithYaml(bodyParams, request.body.custom_include_body);
+            mergeObjectWithYaml(headers, request.body.custom_include_headers);
+        }
+
+        if (request.body.api === 'ooba') {
+            key = readSecret(request.user.directories, SECRET_KEYS.OOBA);
+            bodyParams.temperature = 0.1;
+        }
+
+        if (request.body.api === 'koboldcpp') {
+            key = readSecret(request.user.directories, SECRET_KEYS.KOBOLDCPP);
+        }
+
+        if (request.body.api === 'vllm') {
+            key = readSecret(request.user.directories, SECRET_KEYS.VLLM);
+        }
+
+        if (request.body.api === 'zerooneai') {
+            key = readSecret(request.user.directories, SECRET_KEYS.ZEROONEAI);
+        }
+
+        if (!key && !request.body.reverse_proxy && ['custom', 'ooba', 'koboldcpp', 'vllm'].includes(request.body.api) === false) {
+            console.log('No key found for API', request.body.api);
+            return response.sendStatus(400);
+        }
+
+        const body = {
+            model: request.body.model,
+            messages: [
+                {
+                    role: 'user',
+                    content: [
+                        { type: 'text', text: request.body.prompt },
+                        { type: 'image_url', image_url: { 'url': request.body.image } },
+                    ],
+                },
+            ],
+            ...bodyParams,
+        };
+
+        const captionSystemPrompt = getConfigValue('openai.captionSystemPrompt');
+        if (captionSystemPrompt) {
+            body.messages.unshift({
+                role: 'system',
+                content: captionSystemPrompt,
+            });
+        }
+
+        if (request.body.api === 'custom') {
+            excludeKeysByYaml(body, request.body.custom_exclude_body);
+        }
+
+        console.log('Multimodal captioning request', body);
+
+        let apiUrl = '';
+
+        if (request.body.api === 'openrouter') {
+            apiUrl = 'https://openrouter.ai/api/v1/chat/completions';
+            Object.assign(headers, OPENROUTER_HEADERS);
+        }
+
+        if (request.body.api === 'openai') {
+            apiUrl = 'https://api.openai.com/v1/chat/completions';
+        }
+
+        if (request.body.reverse_proxy) {
+            apiUrl = `${request.body.reverse_proxy}/chat/completions`;
+        }
+
+        if (request.body.api === 'custom') {
+            apiUrl = `${request.body.server_url}/chat/completions`;
+        }
+
+        if (request.body.api === 'zerooneai') {
+            apiUrl = 'https://api.01.ai/v1/chat/completions';
+        }
+
+        if (request.body.api === 'ooba') {
+            apiUrl = `${trimV1(request.body.server_url)}/v1/chat/completions`;
+            const imgMessage = body.messages.pop();
+            body.messages.push({
+                role: 'user',
+                content: imgMessage?.content?.[0]?.text,
+            });
+            body.messages.push({
+                role: 'user',
+                content: [],
+                image_url: imgMessage?.content?.[1]?.image_url?.url,
+            });
+        }
+
+        if (request.body.api === 'koboldcpp' || request.body.api === 'vllm') {
+            apiUrl = `${trimV1(request.body.server_url)}/v1/chat/completions`;
+        }
+
+        setAdditionalHeaders(request, { headers }, apiUrl);
+
+        const result = await fetch(apiUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${key}`,
+                ...headers,
+            },
+            body: JSON.stringify(body),
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('Multimodal captioning request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const data = await result.json();
+        console.log('Multimodal captioning response', data);
+        const caption = data?.choices[0]?.message?.content;
+
+        if (!caption) {
+            return response.status(500).send('No caption found');
+        }
+
+        return response.json({ caption });
+    }
+    catch (error) {
+        console.error(error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+router.post('/transcribe-audio', urlencodedParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+
+        if (!key) {
+            console.log('No OpenAI key found');
+            return response.sendStatus(400);
+        }
+
+        if (!request.file) {
+            console.log('No audio file found');
+            return response.sendStatus(400);
+        }
+
+        const formData = new FormData();
+        console.log('Processing audio file', request.file.path);
+        formData.append('file', fs.createReadStream(request.file.path), { filename: 'audio.wav', contentType: 'audio/wav' });
+        formData.append('model', request.body.model);
+
+        if (request.body.language) {
+            formData.append('language', request.body.language);
+        }
+
+        const result = await fetch('https://api.openai.com/v1/audio/transcriptions', {
+            method: 'POST',
+            headers: {
+                'Authorization': `Bearer ${key}`,
+                ...formData.getHeaders(),
+            },
+            body: formData,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('OpenAI request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        fs.rmSync(request.file.path);
+        const data = await result.json();
+        console.log('OpenAI transcription response', data);
+        return response.json(data);
+    } catch (error) {
+        console.error('OpenAI transcription failed', error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+router.post('/generate-voice', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+
+        if (!key) {
+            console.log('No OpenAI key found');
+            return response.sendStatus(400);
+        }
+
+        const result = await fetch('https://api.openai.com/v1/audio/speech', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${key}`,
+            },
+            body: JSON.stringify({
+                input: request.body.text,
+                response_format: 'mp3',
+                voice: request.body.voice ?? 'alloy',
+                speed: request.body.speed ?? 1,
+                model: request.body.model ?? 'tts-1',
+            }),
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('OpenAI request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const buffer = await result.arrayBuffer();
+        response.setHeader('Content-Type', 'audio/mpeg');
+        return response.send(Buffer.from(buffer));
+    } catch (error) {
+        console.error('OpenAI TTS generation failed', error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+router.post('/generate-image', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.OPENAI);
+
+        if (!key) {
+            console.log('No OpenAI key found');
+            return response.sendStatus(400);
+        }
+
+        console.log('OpenAI request', request.body);
+
+        const result = await fetch('https://api.openai.com/v1/images/generations', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${key}`,
+            },
+            body: JSON.stringify(request.body),
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('OpenAI request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const data = await result.json();
+        return response.json(data);
+    } catch (error) {
+        console.error(error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+const custom = express.Router();
+
+custom.post('/generate-voice', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.CUSTOM_OPENAI_TTS);
+        const { input, provider_endpoint, response_format, voice, speed, model } = request.body;
+
+        if (!provider_endpoint) {
+            console.log('No OpenAI-compatible TTS provider endpoint provided');
+            return response.sendStatus(400);
+        }
+
+        const result = await fetch(provider_endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${key ?? ''}`,
+            },
+            body: JSON.stringify({
+                input: input ?? '',
+                response_format: response_format ?? 'mp3',
+                voice: voice ?? 'alloy',
+                speed: speed ?? 1,
+                model: model ?? 'tts-1',
+            }),
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('OpenAI request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const buffer = await result.arrayBuffer();
+        response.setHeader('Content-Type', 'audio/mpeg');
+        return response.send(Buffer.from(buffer));
+    } catch (error) {
+        console.error('OpenAI TTS generation failed', error);
+        response.status(500).send('Internal server error');
+    }
+});
+
+router.use('/custom', custom);
+
+module.exports = { router };

src/endpoints/presets.js

@@ -0,0 +1,129 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { getDefaultPresetFile, getDefaultPresets } = require('./content-manager');
+const { jsonParser } = require('../express-common');
+
+/**
+ * Gets the folder and extension for the preset settings based on the API source ID.
+ * @param {string} apiId API source ID
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {object} Object containing the folder and extension for the preset settings
+ */
+function getPresetSettingsByAPI(apiId, directories) {
+    switch (apiId) {
+        case 'kobold':
+        case 'koboldhorde':
+            return { folder: directories.koboldAI_Settings, extension: '.json' };
+        case 'novel':
+            return { folder: directories.novelAI_Settings, extension: '.json' };
+        case 'textgenerationwebui':
+            return { folder: directories.textGen_Settings, extension: '.json' };
+        case 'openai':
+            return { folder: directories.openAI_Settings, extension: '.json' };
+        case 'instruct':
+            return { folder: directories.instruct, extension: '.json' };
+        case 'context':
+            return { folder: directories.context, extension: '.json' };
+        default:
+            return { folder: null, extension: null };
+    }
+}
+
+const router = express.Router();
+
+router.post('/save', jsonParser, function (request, response) {
+    const name = sanitize(request.body.name);
+    if (!request.body.preset || !name) {
+        return response.sendStatus(400);
+    }
+
+    const settings = getPresetSettingsByAPI(request.body.apiId, request.user.directories);
+    const filename = name + settings.extension;
+
+    if (!settings.folder) {
+        return response.sendStatus(400);
+    }
+
+    const fullpath = path.join(settings.folder, filename);
+    writeFileAtomicSync(fullpath, JSON.stringify(request.body.preset, null, 4), 'utf-8');
+    return response.send({ name });
+});
+
+router.post('/delete', jsonParser, function (request, response) {
+    const name = sanitize(request.body.name);
+    if (!name) {
+        return response.sendStatus(400);
+    }
+
+    const settings = getPresetSettingsByAPI(request.body.apiId, request.user.directories);
+    const filename = name + settings.extension;
+
+    if (!settings.folder) {
+        return response.sendStatus(400);
+    }
+
+    const fullpath = path.join(settings.folder, filename);
+
+    if (fs.existsSync(fullpath)) {
+        fs.unlinkSync(fullpath);
+        return response.sendStatus(200);
+    } else {
+        return response.sendStatus(404);
+    }
+});
+
+router.post('/restore', jsonParser, function (request, response) {
+    try {
+        const settings = getPresetSettingsByAPI(request.body.apiId, request.user.directories);
+        const name = sanitize(request.body.name);
+        const defaultPresets = getDefaultPresets(request.user.directories);
+
+        const defaultPreset = defaultPresets.find(p => p.name === name && p.folder === settings.folder);
+
+        const result = { isDefault: false, preset: {} };
+
+        if (defaultPreset) {
+            result.isDefault = true;
+            result.preset = getDefaultPresetFile(defaultPreset.filename) || {};
+        }
+
+        return response.send(result);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+// TODO: Merge with /api/presets/save
+router.post('/save-openai', jsonParser, function (request, response) {
+    if (!request.body || typeof request.query.name !== 'string') return response.sendStatus(400);
+    const name = sanitize(request.query.name);
+    if (!name) return response.sendStatus(400);
+
+    const filename = `${name}.json`;
+    const fullpath = path.join(request.user.directories.openAI_Settings, filename);
+    writeFileAtomicSync(fullpath, JSON.stringify(request.body, null, 4), 'utf-8');
+    return response.send({ name });
+});
+
+// TODO: Merge with /api/presets/delete
+router.post('/delete-openai', jsonParser, function (request, response) {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    const name = request.body.name;
+    const pathToFile = path.join(request.user.directories.openAI_Settings, `${name}.json`);
+
+    if (fs.existsSync(pathToFile)) {
+        fs.rmSync(pathToFile);
+        return response.send({ ok: true });
+    }
+
+    return response.send({ error: true });
+});
+
+module.exports = { router };

src/endpoints/quick-replies.js

@@ -0,0 +1,35 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+router.post('/save', jsonParser, (request, response) => {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    const filename = path.join(request.user.directories.quickreplies, sanitize(request.body.name) + '.json');
+    writeFileAtomicSync(filename, JSON.stringify(request.body, null, 4), 'utf8');
+
+    return response.sendStatus(200);
+});
+
+router.post('/delete', jsonParser, (request, response) => {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    const filename = path.join(request.user.directories.quickreplies, sanitize(request.body.name) + '.json');
+    if (fs.existsSync(filename)) {
+        fs.unlinkSync(filename);
+    }
+
+    return response.sendStatus(200);
+});
+
+module.exports = { router };

src/endpoints/search.js

@@ -0,0 +1,246 @@
+const fetch = require('node-fetch').default;
+const express = require('express');
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+// Cosplay as Chrome
+const visitHeaders = {
+    'Accept': 'text/html',
+    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36',
+    'Accept-Language': 'en-US,en;q=0.5',
+    'Accept-Encoding': 'gzip, deflate, br',
+    'Connection': 'keep-alive',
+    'Cache-Control': 'no-cache',
+    'Pragma': 'no-cache',
+    'TE': 'trailers',
+    'DNT': '1',
+    'Sec-Fetch-Dest': 'document',
+    'Sec-Fetch-Mode': 'navigate',
+    'Sec-Fetch-Site': 'none',
+    'Sec-Fetch-User': '?1',
+};
+
+router.post('/serpapi', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.SERPAPI);
+
+        if (!key) {
+            console.log('No SerpApi key found');
+            return response.sendStatus(400);
+        }
+
+        const { query } = request.body;
+        const result = await fetch(`https://serpapi.com/search.json?q=${encodeURIComponent(query)}&api_key=${key}`);
+
+        console.log('SerpApi query', query);
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('SerpApi request failed', result.statusText, text);
+            return response.status(500).send(text);
+        }
+
+        const data = await result.json();
+        return response.json(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+/**
+ * Get the transcript of a YouTube video
+ * @copyright https://github.com/Kakulukian/youtube-transcript (MIT License)
+ */
+router.post('/transcript', jsonParser, async (request, response) => {
+    try {
+        const he = require('he');
+        const RE_XML_TRANSCRIPT = /<text start="([^"]*)" dur="([^"]*)">([^<]*)<\/text>/g;
+        const id = request.body.id;
+        const lang = request.body.lang;
+
+        if (!id) {
+            console.log('Id is required for /transcript');
+            return response.sendStatus(400);
+        }
+
+        const videoPageResponse = await fetch(`https://www.youtube.com/watch?v=${id}`, {
+            headers: {
+                ...(lang && { 'Accept-Language': lang }),
+                'User-Agent': visitHeaders['User-Agent'],
+            },
+        });
+
+        const videoPageBody = await videoPageResponse.text();
+        const splittedHTML = videoPageBody.split('"captions":');
+
+        if (splittedHTML.length <= 1) {
+            if (videoPageBody.includes('class="g-recaptcha"')) {
+                throw new Error('Too many requests');
+            }
+            if (!videoPageBody.includes('"playabilityStatus":')) {
+                throw new Error('Video is not available');
+            }
+            throw new Error('Transcript not available');
+        }
+
+        const captions = (() => {
+            try {
+                return JSON.parse(splittedHTML[1].split(',"videoDetails')[0].replace('\n', ''));
+            } catch (e) {
+                return undefined;
+            }
+        })()?.['playerCaptionsTracklistRenderer'];
+
+        if (!captions) {
+            throw new Error('Transcript disabled');
+        }
+
+        if (!('captionTracks' in captions)) {
+            throw new Error('Transcript not available');
+        }
+
+        if (lang && !captions.captionTracks.some(track => track.languageCode === lang)) {
+            throw new Error('Transcript not available in this language');
+        }
+
+        const transcriptURL = (lang ? captions.captionTracks.find(track => track.languageCode === lang) : captions.captionTracks[0]).baseUrl;
+        const transcriptResponse = await fetch(transcriptURL, {
+            headers: {
+                ...(lang && { 'Accept-Language': lang }),
+                'User-Agent': visitHeaders['User-Agent'],
+            },
+        });
+
+        if (!transcriptResponse.ok) {
+            throw new Error('Transcript request failed');
+        }
+
+        const transcriptBody = await transcriptResponse.text();
+        const results = [...transcriptBody.matchAll(RE_XML_TRANSCRIPT)];
+        const transcript = results.map((result) => ({
+            text: result[3],
+            duration: parseFloat(result[2]),
+            offset: parseFloat(result[1]),
+            lang: lang ?? captions.captionTracks[0].languageCode,
+        }));
+        // The text is double-encoded
+        const transcriptText = transcript.map((line) => he.decode(he.decode(line.text))).join(' ');
+
+        return response.send(transcriptText);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/searxng', jsonParser, async (request, response) => {
+    try {
+        const { baseUrl, query } = request.body;
+
+        if (!baseUrl || !query) {
+            console.log('Missing required parameters for /searxng');
+            return response.sendStatus(400);
+        }
+
+        console.log('SearXNG query', baseUrl, query);
+
+        const mainPageUrl = new URL(baseUrl);
+        const mainPageRequest = await fetch(mainPageUrl, { headers: visitHeaders });
+
+        if (!mainPageRequest.ok) {
+            console.log('SearXNG request failed', mainPageRequest.statusText);
+            return response.sendStatus(500);
+        }
+
+        const mainPageText = await mainPageRequest.text();
+        const clientHref = mainPageText.match(/href="(\/client.+\.css)"/)?.[1];
+
+        if (clientHref) {
+            const clientUrl = new URL(clientHref, baseUrl);
+            await fetch(clientUrl, { headers: visitHeaders });
+        }
+
+        const searchUrl = new URL('/search', baseUrl);
+        const searchParams = new URLSearchParams();
+        searchParams.append('q', query);
+        searchUrl.search = searchParams.toString();
+
+        const searchResult = await fetch(searchUrl, { headers: visitHeaders });
+
+        if (!searchResult.ok) {
+            const text = await searchResult.text();
+            console.log('SearXNG request failed', searchResult.statusText, text);
+            return response.sendStatus(500);
+        }
+
+        const data = await searchResult.text();
+        return response.send(data);
+    } catch (error) {
+        console.log('SearXNG request failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/visit', jsonParser, async (request, response) => {
+    try {
+        const url = request.body.url;
+
+        if (!url) {
+            console.log('No url provided for /visit');
+            return response.sendStatus(400);
+        }
+
+        try {
+            const urlObj = new URL(url);
+
+            // Reject relative URLs
+            if (urlObj.protocol === null || urlObj.host === null) {
+                throw new Error('Invalid URL format');
+            }
+
+            // Reject non-HTTP URLs
+            if (urlObj.protocol !== 'http:' && urlObj.protocol !== 'https:') {
+                throw new Error('Invalid protocol');
+            }
+
+            // Reject URLs with a non-standard port
+            if (urlObj.port !== '') {
+                throw new Error('Invalid port');
+            }
+
+            // Reject IP addresses
+            if (urlObj.hostname.match(/^\d+\.\d+\.\d+\.\d+$/)) {
+                throw new Error('Invalid hostname');
+            }
+        } catch (error) {
+            console.log('Invalid url provided for /visit', url);
+            return response.sendStatus(400);
+        }
+
+        console.log('Visiting web URL', url);
+
+        const result = await fetch(url, { headers: visitHeaders });
+
+        if (!result.ok) {
+            console.log(`Visit failed ${result.status} ${result.statusText}`);
+            return response.sendStatus(500);
+        }
+
+        const contentType = String(result.headers.get('content-type'));
+        if (!contentType.includes('text/html')) {
+            console.log(`Visit failed, content-type is ${contentType}, expected text/html`);
+            return response.sendStatus(500);
+        }
+
+        const text = await result.text();
+        return response.send(text);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/secrets.js

@@ -0,0 +1,230 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const { getConfigValue } = require('../util');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { jsonParser } = require('../express-common');
+
+const SECRETS_FILE = 'secrets.json';
+const SECRET_KEYS = {
+    HORDE: 'api_key_horde',
+    MANCER: 'api_key_mancer',
+    VLLM: 'api_key_vllm',
+    APHRODITE: 'api_key_aphrodite',
+    TABBY: 'api_key_tabby',
+    OPENAI: 'api_key_openai',
+    NOVEL: 'api_key_novel',
+    CLAUDE: 'api_key_claude',
+    DEEPL: 'deepl',
+    LIBRE: 'libre',
+    LIBRE_URL: 'libre_url',
+    LINGVA_URL: 'lingva_url',
+    OPENROUTER: 'api_key_openrouter',
+    SCALE: 'api_key_scale',
+    AI21: 'api_key_ai21',
+    SCALE_COOKIE: 'scale_cookie',
+    ONERING_URL: 'oneringtranslator_url',
+    DEEPLX_URL: 'deeplx_url',
+    MAKERSUITE: 'api_key_makersuite',
+    SERPAPI: 'api_key_serpapi',
+    TOGETHERAI: 'api_key_togetherai',
+    MISTRALAI: 'api_key_mistralai',
+    CUSTOM: 'api_key_custom',
+    OOBA: 'api_key_ooba',
+    INFERMATICAI: 'api_key_infermaticai',
+    DREAMGEN: 'api_key_dreamgen',
+    NOMICAI: 'api_key_nomicai',
+    KOBOLDCPP: 'api_key_koboldcpp',
+    LLAMACPP: 'api_key_llamacpp',
+    COHERE: 'api_key_cohere',
+    PERPLEXITY: 'api_key_perplexity',
+    GROQ: 'api_key_groq',
+    AZURE_TTS: 'api_key_azure_tts',
+    FEATHERLESS: 'api_key_featherless',
+    ZEROONEAI: 'api_key_01ai',
+    HUGGINGFACE: 'api_key_huggingface',
+    STABILITY: 'api_key_stability',
+    BLOCKENTROPY: 'api_key_blockentropy',
+    CUSTOM_OPENAI_TTS: 'api_key_custom_openai_tts',
+};
+
+// These are the keys that are safe to expose, even if allowKeysExposure is false
+const EXPORTABLE_KEYS = [
+    SECRET_KEYS.LIBRE_URL,
+    SECRET_KEYS.LINGVA_URL,
+    SECRET_KEYS.ONERING_URL,
+    SECRET_KEYS.DEEPLX_URL,
+];
+
+/**
+ * Writes a secret to the secrets file
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {string} key Secret key
+ * @param {string} value Secret value
+ */
+function writeSecret(directories, key, value) {
+    const filePath = path.join(directories.root, SECRETS_FILE);
+
+    if (!fs.existsSync(filePath)) {
+        const emptyFile = JSON.stringify({});
+        writeFileAtomicSync(filePath, emptyFile, 'utf-8');
+    }
+
+    const fileContents = fs.readFileSync(filePath, 'utf-8');
+    const secrets = JSON.parse(fileContents);
+    secrets[key] = value;
+    writeFileAtomicSync(filePath, JSON.stringify(secrets, null, 4), 'utf-8');
+}
+
+/**
+ * Deletes a secret from the secrets file
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {string} key Secret key
+ * @returns
+ */
+function deleteSecret(directories, key) {
+    const filePath = path.join(directories.root, SECRETS_FILE);
+
+    if (!fs.existsSync(filePath)) {
+        return;
+    }
+
+    const fileContents = fs.readFileSync(filePath, 'utf-8');
+    const secrets = JSON.parse(fileContents);
+    delete secrets[key];
+    writeFileAtomicSync(filePath, JSON.stringify(secrets, null, 4), 'utf-8');
+}
+
+/**
+ * Reads a secret from the secrets file
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {string} key Secret key
+ * @returns {string} Secret value
+ */
+function readSecret(directories, key) {
+    const filePath = path.join(directories.root, SECRETS_FILE);
+
+    if (!fs.existsSync(filePath)) {
+        return '';
+    }
+
+    const fileContents = fs.readFileSync(filePath, 'utf-8');
+    const secrets = JSON.parse(fileContents);
+    return secrets[key];
+}
+
+/**
+ * Reads the secret state from the secrets file
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {object} Secret state
+ */
+function readSecretState(directories) {
+    const filePath = path.join(directories.root, SECRETS_FILE);
+
+    if (!fs.existsSync(filePath)) {
+        return {};
+    }
+
+    const fileContents = fs.readFileSync(filePath, 'utf8');
+    const secrets = JSON.parse(fileContents);
+    const state = {};
+
+    for (const key of Object.values(SECRET_KEYS)) {
+        state[key] = !!secrets[key]; // convert to boolean
+    }
+
+    return state;
+}
+
+/**
+ * Reads all secrets from the secrets file
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @returns {Record<string, string> | undefined} Secrets
+ */
+function getAllSecrets(directories) {
+    const filePath = path.join(directories.root, SECRETS_FILE);
+
+    if (!fs.existsSync(filePath)) {
+        console.log('Secrets file does not exist');
+        return undefined;
+    }
+
+    const fileContents = fs.readFileSync(filePath, 'utf8');
+    const secrets = JSON.parse(fileContents);
+    return secrets;
+}
+
+const router = express.Router();
+
+router.post('/write', jsonParser, (request, response) => {
+    const key = request.body.key;
+    const value = request.body.value;
+
+    writeSecret(request.user.directories, key, value);
+    return response.send('ok');
+});
+
+router.post('/read', jsonParser, (request, response) => {
+    try {
+        const state = readSecretState(request.user.directories);
+        return response.send(state);
+    } catch (error) {
+        console.error(error);
+        return response.send({});
+    }
+});
+
+router.post('/view', jsonParser, async (request, response) => {
+    const allowKeysExposure = getConfigValue('allowKeysExposure', false);
+
+    if (!allowKeysExposure) {
+        console.error('secrets.json could not be viewed unless the value of allowKeysExposure in config.yaml is set to true');
+        return response.sendStatus(403);
+    }
+
+    try {
+        const secrets = getAllSecrets(request.user.directories);
+
+        if (!secrets) {
+            return response.sendStatus(404);
+        }
+
+        return response.send(secrets);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/find', jsonParser, (request, response) => {
+    const allowKeysExposure = getConfigValue('allowKeysExposure', false);
+    const key = request.body.key;
+
+    if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) {
+        console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
+        return response.sendStatus(403);
+    }
+
+    try {
+        const secret = readSecret(request.user.directories, key);
+
+        if (!secret) {
+            response.sendStatus(404);
+        }
+
+        return response.send({ value: secret });
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    writeSecret,
+    readSecret,
+    deleteSecret,
+    readSecretState,
+    getAllSecrets,
+    SECRET_KEYS,
+    router,
+};

src/endpoints/settings.js

@@ -0,0 +1,360 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const _ = require('lodash');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { SETTINGS_FILE } = require('../constants');
+const { getConfigValue, generateTimestamp, removeOldBackups } = require('../util');
+const { jsonParser } = require('../express-common');
+const { getAllUserHandles, getUserDirectories } = require('../users');
+
+const ENABLE_EXTENSIONS = getConfigValue('enableExtensions', true);
+const ENABLE_ACCOUNTS = getConfigValue('enableUserAccounts', false);
+
+// 10 minutes
+const AUTOSAVE_INTERVAL = 10 * 60 * 1000;
+
+/**
+ * Map of functions to trigger settings autosave for a user.
+ * @type {Map<string, function>}
+ */
+const AUTOSAVE_FUNCTIONS = new Map();
+
+/**
+ * Triggers autosave for a user every 10 minutes.
+ * @param {string} handle User handle
+ * @returns {void}
+ */
+function triggerAutoSave(handle) {
+    if (!AUTOSAVE_FUNCTIONS.has(handle)) {
+        const throttledAutoSave = _.throttle(() => backupUserSettings(handle, true), AUTOSAVE_INTERVAL);
+        AUTOSAVE_FUNCTIONS.set(handle, throttledAutoSave);
+    }
+
+    const functionToCall = AUTOSAVE_FUNCTIONS.get(handle);
+    if (functionToCall && typeof functionToCall === 'function') {
+        functionToCall();
+    }
+}
+
+/**
+ * Reads and parses files from a directory.
+ * @param {string} directoryPath Path to the directory
+ * @param {string} fileExtension File extension
+ * @returns {Array} Parsed files
+ */
+function readAndParseFromDirectory(directoryPath, fileExtension = '.json') {
+    const files = fs
+        .readdirSync(directoryPath)
+        .filter(x => path.parse(x).ext == fileExtension)
+        .sort();
+
+    const parsedFiles = [];
+
+    files.forEach(item => {
+        try {
+            const file = fs.readFileSync(path.join(directoryPath, item), 'utf-8');
+            parsedFiles.push(fileExtension == '.json' ? JSON.parse(file) : file);
+        }
+        catch {
+            // skip
+        }
+    });
+
+    return parsedFiles;
+}
+
+/**
+ * Gets a sort function for sorting strings.
+ * @param {*} _
+ * @returns {(a: string, b: string) => number} Sort function
+ */
+function sortByName(_) {
+    return (a, b) => a.localeCompare(b);
+}
+
+/**
+ * Gets backup file prefix for user settings.
+ * @param {string} handle User handle
+ * @returns {string} File prefix
+ */
+function getFilePrefix(handle) {
+    return `settings_${handle}_`;
+}
+
+function readPresetsFromDirectory(directoryPath, options = {}) {
+    const {
+        sortFunction,
+        removeFileExtension = false,
+        fileExtension = '.json',
+    } = options;
+
+    const files = fs.readdirSync(directoryPath).sort(sortFunction).filter(x => path.parse(x).ext == fileExtension);
+    const fileContents = [];
+    const fileNames = [];
+
+    files.forEach(item => {
+        try {
+            const file = fs.readFileSync(path.join(directoryPath, item), 'utf8');
+            JSON.parse(file);
+            fileContents.push(file);
+            fileNames.push(removeFileExtension ? item.replace(/\.[^/.]+$/, '') : item);
+        } catch {
+            // skip
+            console.log(`${item} is not a valid JSON`);
+        }
+    });
+
+    return { fileContents, fileNames };
+}
+
+async function backupSettings() {
+    try {
+        const userHandles = await getAllUserHandles();
+
+        for (const handle of userHandles) {
+            backupUserSettings(handle, true);
+        }
+    } catch (err) {
+        console.log('Could not backup settings file', err);
+    }
+}
+
+/**
+ * Makes a backup of the user's settings file.
+ * @param {string} handle User handle
+ * @param {boolean} preventDuplicates Prevent duplicate backups
+ * @returns {void}
+ */
+function backupUserSettings(handle, preventDuplicates) {
+    const userDirectories = getUserDirectories(handle);
+    const backupFile = path.join(userDirectories.backups, `${getFilePrefix(handle)}${generateTimestamp()}.json`);
+    const sourceFile = path.join(userDirectories.root, SETTINGS_FILE);
+
+    if (preventDuplicates && isDuplicateBackup(handle, sourceFile)) {
+        return;
+    }
+
+    if (!fs.existsSync(sourceFile)) {
+        return;
+    }
+
+    fs.copyFileSync(sourceFile, backupFile);
+    removeOldBackups(userDirectories.backups, `settings_${handle}`);
+}
+
+/**
+ * Checks if the backup would be a duplicate.
+ * @param {string} handle User handle
+ * @param {string} sourceFile Source file path
+ * @returns {boolean} True if the backup is a duplicate
+ */
+function isDuplicateBackup(handle, sourceFile) {
+    const latestBackup = getLatestBackup(handle);
+    if (!latestBackup) {
+        return false;
+    }
+    return areFilesEqual(latestBackup, sourceFile);
+}
+
+/**
+ * Returns true if the two files are equal.
+ * @param {string} file1 File path
+ * @param {string} file2 File path
+ */
+function areFilesEqual(file1, file2) {
+    if (!fs.existsSync(file1) || !fs.existsSync(file2)) {
+        return false;
+    }
+
+    const content1 = fs.readFileSync(file1);
+    const content2 = fs.readFileSync(file2);
+    return content1.toString() === content2.toString();
+}
+
+/**
+ * Gets the latest backup file for a user.
+ * @param {string} handle User handle
+ * @returns {string|null} Latest backup file. Null if no backup exists.
+ */
+function getLatestBackup(handle) {
+    const userDirectories = getUserDirectories(handle);
+    const backupFiles = fs.readdirSync(userDirectories.backups)
+        .filter(x => x.startsWith(getFilePrefix(handle)))
+        .map(x => ({ name: x, ctime: fs.statSync(path.join(userDirectories.backups, x)).ctimeMs }));
+    const latestBackup = backupFiles.sort((a, b) => b.ctime - a.ctime)[0]?.name;
+    if (!latestBackup) {
+        return null;
+    }
+    return path.join(userDirectories.backups, latestBackup);
+}
+
+const router = express.Router();
+
+router.post('/save', jsonParser, function (request, response) {
+    try {
+        const pathToSettings = path.join(request.user.directories.root, SETTINGS_FILE);
+        writeFileAtomicSync(pathToSettings, JSON.stringify(request.body, null, 4), 'utf8');
+        triggerAutoSave(request.user.profile.handle);
+        response.send({ result: 'ok' });
+    } catch (err) {
+        console.log(err);
+        response.send(err);
+    }
+});
+
+// Wintermute's code
+router.post('/get', jsonParser, (request, response) => {
+    let settings;
+    try {
+        const pathToSettings = path.join(request.user.directories.root, SETTINGS_FILE);
+        settings = fs.readFileSync(pathToSettings, 'utf8');
+    } catch (e) {
+        return response.sendStatus(500);
+    }
+
+    // NovelAI Settings
+    const { fileContents: novelai_settings, fileNames: novelai_setting_names }
+        = readPresetsFromDirectory(request.user.directories.novelAI_Settings, {
+            sortFunction: sortByName(request.user.directories.novelAI_Settings),
+            removeFileExtension: true,
+        });
+
+    // OpenAI Settings
+    const { fileContents: openai_settings, fileNames: openai_setting_names }
+        = readPresetsFromDirectory(request.user.directories.openAI_Settings, {
+            sortFunction: sortByName(request.user.directories.openAI_Settings), removeFileExtension: true,
+        });
+
+    // TextGenerationWebUI Settings
+    const { fileContents: textgenerationwebui_presets, fileNames: textgenerationwebui_preset_names }
+        = readPresetsFromDirectory(request.user.directories.textGen_Settings, {
+            sortFunction: sortByName(request.user.directories.textGen_Settings), removeFileExtension: true,
+        });
+
+    //Kobold
+    const { fileContents: koboldai_settings, fileNames: koboldai_setting_names }
+        = readPresetsFromDirectory(request.user.directories.koboldAI_Settings, {
+            sortFunction: sortByName(request.user.directories.koboldAI_Settings), removeFileExtension: true,
+        });
+
+    const worldFiles = fs
+        .readdirSync(request.user.directories.worlds)
+        .filter(file => path.extname(file).toLowerCase() === '.json')
+        .sort((a, b) => a.localeCompare(b));
+    const world_names = worldFiles.map(item => path.parse(item).name);
+
+    const themes = readAndParseFromDirectory(request.user.directories.themes);
+    const movingUIPresets = readAndParseFromDirectory(request.user.directories.movingUI);
+    const quickReplyPresets = readAndParseFromDirectory(request.user.directories.quickreplies);
+
+    const instruct = readAndParseFromDirectory(request.user.directories.instruct);
+    const context = readAndParseFromDirectory(request.user.directories.context);
+
+    response.send({
+        settings,
+        koboldai_settings,
+        koboldai_setting_names,
+        world_names,
+        novelai_settings,
+        novelai_setting_names,
+        openai_settings,
+        openai_setting_names,
+        textgenerationwebui_presets,
+        textgenerationwebui_preset_names,
+        themes,
+        movingUIPresets,
+        quickReplyPresets,
+        instruct,
+        context,
+        enable_extensions: ENABLE_EXTENSIONS,
+        enable_accounts: ENABLE_ACCOUNTS,
+    });
+});
+
+router.post('/get-snapshots', jsonParser, async (request, response) => {
+    try {
+        const snapshots = fs.readdirSync(request.user.directories.backups);
+        const userFilesPattern = getFilePrefix(request.user.profile.handle);
+        const userSnapshots = snapshots.filter(x => x.startsWith(userFilesPattern));
+
+        const result = userSnapshots.map(x => {
+            const stat = fs.statSync(path.join(request.user.directories.backups, x));
+            return { date: stat.ctimeMs, name: x, size: stat.size };
+        });
+
+        response.json(result);
+    } catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/load-snapshot', jsonParser, async (request, response) => {
+    try {
+        const userFilesPattern = getFilePrefix(request.user.profile.handle);
+
+        if (!request.body.name || !request.body.name.startsWith(userFilesPattern)) {
+            return response.status(400).send({ error: 'Invalid snapshot name' });
+        }
+
+        const snapshotName = request.body.name;
+        const snapshotPath = path.join(request.user.directories.backups, snapshotName);
+
+        if (!fs.existsSync(snapshotPath)) {
+            return response.sendStatus(404);
+        }
+
+        const content = fs.readFileSync(snapshotPath, 'utf8');
+
+        response.send(content);
+    } catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/make-snapshot', jsonParser, async (request, response) => {
+    try {
+        backupUserSettings(request.user.profile.handle, false);
+        response.sendStatus(204);
+    } catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+router.post('/restore-snapshot', jsonParser, async (request, response) => {
+    try {
+        const userFilesPattern = getFilePrefix(request.user.profile.handle);
+
+        if (!request.body.name || !request.body.name.startsWith(userFilesPattern)) {
+            return response.status(400).send({ error: 'Invalid snapshot name' });
+        }
+
+        const snapshotName = request.body.name;
+        const snapshotPath = path.join(request.user.directories.backups, snapshotName);
+
+        if (!fs.existsSync(snapshotPath)) {
+            return response.sendStatus(404);
+        }
+
+        const pathToSettings = path.join(request.user.directories.root, SETTINGS_FILE);
+        fs.rmSync(pathToSettings, { force: true });
+        fs.copyFileSync(snapshotPath, pathToSettings);
+
+        response.sendStatus(204);
+    } catch (error) {
+        console.log(error);
+        response.sendStatus(500);
+    }
+});
+
+/**
+ * Initializes the settings endpoint
+ */
+async function init() {
+    await backupSettings();
+}
+
+module.exports = { router, init };

src/endpoints/speech.js

@@ -0,0 +1,82 @@
+const express = require('express');
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+/**
+ * Gets the audio data from a base64-encoded audio file.
+ * @param {string} audio Base64-encoded audio
+ * @returns {Float64Array} Audio data
+ */
+function getWaveFile(audio) {
+    const wavefile = require('wavefile');
+    const wav = new wavefile.WaveFile();
+    wav.fromDataURI(audio);
+    wav.toBitDepth('32f');
+    wav.toSampleRate(16000);
+    let audioData = wav.getSamples();
+    if (Array.isArray(audioData)) {
+        if (audioData.length > 1) {
+            const SCALING_FACTOR = Math.sqrt(2);
+
+            // Merge channels (into first channel to save memory)
+            for (let i = 0; i < audioData[0].length; ++i) {
+                audioData[0][i] = SCALING_FACTOR * (audioData[0][i] + audioData[1][i]) / 2;
+            }
+        }
+
+        // Select first channel
+        audioData = audioData[0];
+    }
+
+    return audioData;
+}
+
+router.post('/recognize', jsonParser, async (req, res) => {
+    try {
+        const TASK = 'automatic-speech-recognition';
+        const { model, audio, lang } = req.body;
+        const module = await import('../transformers.mjs');
+        const pipe = await module.default.getPipeline(TASK, model);
+        const wav = getWaveFile(audio);
+        const start = performance.now();
+        const result = await pipe(wav, { language: lang || null, task: 'transcribe' });
+        const end = performance.now();
+        console.log(`Execution duration: ${(end - start) / 1000} seconds`);
+        console.log('Transcribed audio:', result.text);
+
+        return res.json({ text: result.text });
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+router.post('/synthesize', jsonParser, async (req, res) => {
+    try {
+        const wavefile = require('wavefile');
+        const TASK = 'text-to-speech';
+        const { text, model, speaker } = req.body;
+        const module = await import('../transformers.mjs');
+        const pipe = await module.default.getPipeline(TASK, model);
+        const speaker_embeddings = speaker
+            ? new Float32Array(new Uint8Array(Buffer.from(speaker.startsWith('data:') ? speaker.split(',')[1] : speaker, 'base64')).buffer)
+            : null;
+        const start = performance.now();
+        const result = await pipe(text, { speaker_embeddings: speaker_embeddings });
+        const end = performance.now();
+        console.log(`Execution duration: ${(end - start) / 1000} seconds`);
+
+        const wav = new wavefile.WaveFile();
+        wav.fromScratch(1, result.sampling_rate, '32f', result.audio);
+        const buffer = wav.toBuffer();
+
+        res.set('Content-Type', 'audio/wav');
+        return res.send(Buffer.from(buffer));
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/sprites.js

@@ -0,0 +1,266 @@
+
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const mime = require('mime-types');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { getImageBuffers } = require('../util');
+const { jsonParser, urlencodedParser } = require('../express-common');
+
+/**
+ * Gets the path to the sprites folder for the provided character name
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} name - The name of the character
+ * @param {boolean} isSubfolder - Whether the name contains a subfolder
+ * @returns {string | null} The path to the sprites folder. Null if the name is invalid.
+ */
+function getSpritesPath(directories, name, isSubfolder) {
+    if (isSubfolder) {
+        const nameParts = name.split('/');
+        const characterName = sanitize(nameParts[0]);
+        const subfolderName = sanitize(nameParts[1]);
+
+        if (!characterName || !subfolderName) {
+            return null;
+        }
+
+        return path.join(directories.characters, characterName, subfolderName);
+    }
+
+    name = sanitize(name);
+
+    if (!name) {
+        return null;
+    }
+
+    return path.join(directories.characters, name);
+}
+
+/**
+ * Imports base64 encoded sprites from RisuAI character data.
+ * The sprites are saved in the character's sprites folder.
+ * The additionalAssets and emotions are removed from the data.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {object} data RisuAI character data
+ * @returns {void}
+ */
+function importRisuSprites(directories, data) {
+    try {
+        const name = data?.data?.name;
+        const risuData = data?.data?.extensions?.risuai;
+
+        // Not a Risu AI character
+        if (!risuData || !name) {
+            return;
+        }
+
+        let images = [];
+
+        if (Array.isArray(risuData.additionalAssets)) {
+            images = images.concat(risuData.additionalAssets);
+        }
+
+        if (Array.isArray(risuData.emotions)) {
+            images = images.concat(risuData.emotions);
+        }
+
+        // No sprites to import
+        if (images.length === 0) {
+            return;
+        }
+
+        // Create sprites folder if it doesn't exist
+        const spritesPath = path.join(directories.characters, name);
+        if (!fs.existsSync(spritesPath)) {
+            fs.mkdirSync(spritesPath);
+        }
+
+        // Path to sprites is not a directory. This should never happen.
+        if (!fs.statSync(spritesPath).isDirectory()) {
+            return;
+        }
+
+        console.log(`RisuAI: Found ${images.length} sprites for ${name}. Writing to disk.`);
+        const files = fs.readdirSync(spritesPath);
+
+        outer: for (const [label, fileBase64] of images) {
+            // Remove existing sprite with the same label
+            for (const file of files) {
+                if (path.parse(file).name === label) {
+                    console.log(`RisuAI: The sprite ${label} for ${name} already exists. Skipping.`);
+                    continue outer;
+                }
+            }
+
+            const filename = label + '.png';
+            const pathToFile = path.join(spritesPath, filename);
+            writeFileAtomicSync(pathToFile, fileBase64, { encoding: 'base64' });
+        }
+
+        // Remove additionalAssets and emotions from data (they are now in the sprites folder)
+        delete data.data.extensions.risuai.additionalAssets;
+        delete data.data.extensions.risuai.emotions;
+    } catch (error) {
+        console.error(error);
+    }
+}
+
+const router = express.Router();
+
+router.get('/get', jsonParser, function (request, response) {
+    const name = String(request.query.name);
+    const isSubfolder = name.includes('/');
+    const spritesPath = getSpritesPath(request.user.directories, name, isSubfolder);
+    let sprites = [];
+
+    try {
+        if (spritesPath && fs.existsSync(spritesPath) && fs.statSync(spritesPath).isDirectory()) {
+            sprites = fs.readdirSync(spritesPath)
+                .filter(file => {
+                    const mimeType = mime.lookup(file);
+                    return mimeType && mimeType.startsWith('image/');
+                })
+                .map((file) => {
+                    const pathToSprite = path.join(spritesPath, file);
+                    return {
+                        label: path.parse(pathToSprite).name.toLowerCase(),
+                        path: `/characters/${name}/${file}`,
+                    };
+                });
+        }
+    }
+    catch (err) {
+        console.log(err);
+    }
+    return response.send(sprites);
+});
+
+router.post('/delete', jsonParser, async (request, response) => {
+    const label = request.body.label;
+    const name = request.body.name;
+
+    if (!label || !name) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const spritesPath = path.join(request.user.directories.characters, name);
+
+        // No sprites folder exists, or not a directory
+        if (!fs.existsSync(spritesPath) || !fs.statSync(spritesPath).isDirectory()) {
+            return response.sendStatus(404);
+        }
+
+        const files = fs.readdirSync(spritesPath);
+
+        // Remove existing sprite with the same label
+        for (const file of files) {
+            if (path.parse(file).name === label) {
+                fs.rmSync(path.join(spritesPath, file));
+            }
+        }
+
+        return response.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/upload-zip', urlencodedParser, async (request, response) => {
+    const file = request.file;
+    const name = request.body.name;
+
+    if (!file || !name) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const spritesPath = path.join(request.user.directories.characters, name);
+
+        // Create sprites folder if it doesn't exist
+        if (!fs.existsSync(spritesPath)) {
+            fs.mkdirSync(spritesPath);
+        }
+
+        // Path to sprites is not a directory. This should never happen.
+        if (!fs.statSync(spritesPath).isDirectory()) {
+            return response.sendStatus(404);
+        }
+
+        const spritePackPath = path.join(file.destination, file.filename);
+        const sprites = await getImageBuffers(spritePackPath);
+        const files = fs.readdirSync(spritesPath);
+
+        for (const [filename, buffer] of sprites) {
+            // Remove existing sprite with the same label
+            const existingFile = files.find(file => path.parse(file).name === path.parse(filename).name);
+
+            if (existingFile) {
+                fs.rmSync(path.join(spritesPath, existingFile));
+            }
+
+            // Write sprite buffer to disk
+            const pathToSprite = path.join(spritesPath, filename);
+            writeFileAtomicSync(pathToSprite, buffer);
+        }
+
+        // Remove uploaded ZIP file
+        fs.rmSync(spritePackPath);
+        return response.send({ count: sprites.length });
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/upload', urlencodedParser, async (request, response) => {
+    const file = request.file;
+    const label = request.body.label;
+    const name = request.body.name;
+
+    if (!file || !label || !name) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const spritesPath = path.join(request.user.directories.characters, name);
+
+        // Create sprites folder if it doesn't exist
+        if (!fs.existsSync(spritesPath)) {
+            fs.mkdirSync(spritesPath);
+        }
+
+        // Path to sprites is not a directory. This should never happen.
+        if (!fs.statSync(spritesPath).isDirectory()) {
+            return response.sendStatus(404);
+        }
+
+        const files = fs.readdirSync(spritesPath);
+
+        // Remove existing sprite with the same label
+        for (const file of files) {
+            if (path.parse(file).name === label) {
+                fs.rmSync(path.join(spritesPath, file));
+            }
+        }
+
+        const filename = label + path.parse(file.originalname).ext;
+        const spritePath = path.join(file.destination, file.filename);
+        const pathToFile = path.join(spritesPath, filename);
+        // Copy uploaded file to sprites folder
+        fs.cpSync(spritePath, pathToFile);
+        // Remove uploaded file
+        fs.rmSync(spritePath);
+        return response.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    router,
+    importRisuSprites,
+};

src/endpoints/stable-diffusion.js

@@ -0,0 +1,1042 @@
+const express = require('express');
+const fetch = require('node-fetch').default;
+const sanitize = require('sanitize-filename');
+const { getBasicAuthHeader, delay, getHexString } = require('../util.js');
+const fs = require('fs');
+const path = require('path');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { jsonParser } = require('../express-common');
+const { readSecret, SECRET_KEYS } = require('./secrets.js');
+const FormData = require('form-data');
+
+/**
+ * Sanitizes a string.
+ * @param {string} x String to sanitize
+ * @returns {string} Sanitized string
+ */
+function safeStr(x) {
+    x = String(x);
+    x = x.replace(/ +/g, ' ');
+    x = x.trim();
+    x = x.replace(/^[\s,.]+|[\s,.]+$/g, '');
+    return x;
+}
+
+const splitStrings = [
+    ', extremely',
+    ', intricate,',
+];
+
+const dangerousPatterns = '[]【】()（）|:：';
+
+/**
+ * Removes patterns from a string.
+ * @param {string} x String to sanitize
+ * @param {string} pattern Pattern to remove
+ * @returns {string} Sanitized string
+ */
+function removePattern(x, pattern) {
+    for (let i = 0; i < pattern.length; i++) {
+        let p = pattern[i];
+        let regex = new RegExp('\\' + p, 'g');
+        x = x.replace(regex, '');
+    }
+    return x;
+}
+
+/**
+ * Gets the comfy workflows.
+ * @param {import('../users.js').UserDirectoryList} directories
+ * @returns {string[]} List of comfy workflows
+ */
+function getComfyWorkflows(directories) {
+    return fs
+        .readdirSync(directories.comfyWorkflows)
+        .filter(file => file[0] != '.' && file.toLowerCase().endsWith('.json'))
+        .sort(Intl.Collator().compare);
+}
+
+const router = express.Router();
+
+router.post('/ping', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/options';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/upscalers', jsonParser, async (request, response) => {
+    try {
+        async function getUpscalerModels() {
+            const url = new URL(request.body.url);
+            url.pathname = '/sdapi/v1/upscalers';
+
+            const result = await fetch(url, {
+                method: 'GET',
+                headers: {
+                    'Authorization': getBasicAuthHeader(request.body.auth),
+                },
+            });
+
+            if (!result.ok) {
+                throw new Error('SD WebUI returned an error.');
+            }
+
+            const data = await result.json();
+            const names = data.map(x => x.name);
+            return names;
+        }
+
+        async function getLatentUpscalers() {
+            const url = new URL(request.body.url);
+            url.pathname = '/sdapi/v1/latent-upscale-modes';
+
+            const result = await fetch(url, {
+                method: 'GET',
+                headers: {
+                    'Authorization': getBasicAuthHeader(request.body.auth),
+                },
+            });
+
+            if (!result.ok) {
+                throw new Error('SD WebUI returned an error.');
+            }
+
+            const data = await result.json();
+            const names = data.map(x => x.name);
+            return names;
+        }
+
+        const [upscalers, latentUpscalers] = await Promise.all([getUpscalerModels(), getLatentUpscalers()]);
+
+        // 0 = None, then Latent Upscalers, then Upscalers
+        upscalers.splice(1, 0, ...latentUpscalers);
+
+        return response.send(upscalers);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/vaes', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/sd-vae';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        const data = await result.json();
+        const names = data.map(x => x.model_name);
+        return response.send(names);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/samplers', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/samplers';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        const data = await result.json();
+        const names = data.map(x => x.name);
+        return response.send(names);
+
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/schedulers', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/schedulers';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        const data = await result.json();
+        const names = data.map(x => x.name);
+        return response.send(names);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/models', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/sd-models';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        const data = await result.json();
+        const models = data.map(x => ({ value: x.title, text: x.title }));
+        return response.send(models);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/get-model', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/options';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+        const data = await result.json();
+        return response.send(data['sd_model_checkpoint']);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/set-model', jsonParser, async (request, response) => {
+    try {
+        async function getProgress() {
+            const url = new URL(request.body.url);
+            url.pathname = '/sdapi/v1/progress';
+
+            const result = await fetch(url, {
+                method: 'GET',
+                headers: {
+                    'Authorization': getBasicAuthHeader(request.body.auth),
+                },
+                timeout: 0,
+            });
+            const data = await result.json();
+            return data;
+        }
+
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/options';
+
+        const options = {
+            sd_model_checkpoint: request.body.model,
+        };
+
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(options),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        const MAX_ATTEMPTS = 10;
+        const CHECK_INTERVAL = 2000;
+
+        for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+            const progressState = await getProgress();
+
+            const progress = progressState['progress'];
+            const jobCount = progressState['state']['job_count'];
+            if (progress == 0.0 && jobCount === 0) {
+                break;
+            }
+
+            console.log(`Waiting for SD WebUI to finish model loading... Progress: ${progress}; Job count: ${jobCount}`);
+            await delay(CHECK_INTERVAL);
+        }
+
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/generate', jsonParser, async (request, response) => {
+    try {
+        console.log('SD WebUI request:', request.body);
+
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/txt2img';
+
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            if (!response.writableEnded) {
+                const url = new URL(request.body.url);
+                url.pathname = '/sdapi/v1/interrupt';
+                fetch(url, { method: 'POST', headers: { 'Authorization': getBasicAuthHeader(request.body.auth) } });
+            }
+            controller.abort();
+        });
+
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(request.body),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+            timeout: 0,
+            // @ts-ignore
+            signal: controller.signal,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            throw new Error('SD WebUI returned an error.', { cause: text });
+        }
+
+        const data = await result.json();
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/sd-next/upscalers', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/upscalers';
+
+        const result = await fetch(url, {
+            method: 'GET',
+            headers: {
+                'Authorization': getBasicAuthHeader(request.body.auth),
+            },
+        });
+
+        if (!result.ok) {
+            throw new Error('SD WebUI returned an error.');
+        }
+
+        // Vlad doesn't provide Latent Upscalers in the API, so we have to hardcode them here
+        const latentUpscalers = ['Latent', 'Latent (antialiased)', 'Latent (bicubic)', 'Latent (bicubic antialiased)', 'Latent (nearest)', 'Latent (nearest-exact)'];
+
+        const data = await result.json();
+        const names = data.map(x => x.name);
+
+        // 0 = None, then Latent Upscalers, then Upscalers
+        names.splice(1, 0, ...latentUpscalers);
+
+        return response.send(names);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+/**
+ * SD prompt expansion using GPT-2 text generation model.
+ * Adapted from: https://github.com/lllyasviel/Fooocus/blob/main/modules/expansion.py
+ */
+router.post('/expand', jsonParser, async (request, response) => {
+    const originalPrompt = request.body.prompt;
+
+    if (!originalPrompt) {
+        console.warn('No prompt provided for SD expansion.');
+        return response.send({ prompt: '' });
+    }
+
+    console.log('Refine prompt input:', originalPrompt);
+    const splitString = splitStrings[Math.floor(Math.random() * splitStrings.length)];
+    let prompt = safeStr(originalPrompt) + splitString;
+
+    try {
+        const task = 'text-generation';
+        const module = await import('../transformers.mjs');
+        const pipe = await module.default.getPipeline(task);
+
+        const result = await pipe(prompt, { num_beams: 1, max_new_tokens: 256, do_sample: true });
+
+        const newText = result[0].generated_text;
+        const newPrompt = safeStr(removePattern(newText, dangerousPatterns));
+        console.log('Refine prompt output:', newPrompt);
+
+        return response.send({ prompt: newPrompt });
+    } catch {
+        console.warn('Failed to load transformers.js pipeline.');
+        return response.send({ prompt: originalPrompt });
+    }
+});
+
+const comfy = express.Router();
+
+comfy.post('/ping', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/system_stats';
+
+        const result = await fetch(url);
+        if (!result.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/samplers', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/object_info';
+
+        const result = await fetch(url);
+        if (!result.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+
+        const data = await result.json();
+        return response.send(data.KSampler.input.required.sampler_name[0]);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/models', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/object_info';
+
+        const result = await fetch(url);
+        if (!result.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+        const data = await result.json();
+        return response.send(data.CheckpointLoaderSimple.input.required.ckpt_name[0].map(it => ({ value: it, text: it })));
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/schedulers', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/object_info';
+
+        const result = await fetch(url);
+        if (!result.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+
+        const data = await result.json();
+        return response.send(data.KSampler.input.required.scheduler[0]);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/vaes', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/object_info';
+
+        const result = await fetch(url);
+        if (!result.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+
+        const data = await result.json();
+        return response.send(data.VAELoader.input.required.vae_name[0]);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/workflows', jsonParser, async (request, response) => {
+    try {
+        const data = getComfyWorkflows(request.user.directories);
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/workflow', jsonParser, async (request, response) => {
+    try {
+        let filePath = path.join(request.user.directories.comfyWorkflows, sanitize(String(request.body.file_name)));
+        if (!fs.existsSync(filePath)) {
+            filePath = path.join(request.user.directories.comfyWorkflows, 'Default_Comfy_Workflow.json');
+        }
+        const data = fs.readFileSync(filePath, { encoding: 'utf-8' });
+        return response.send(JSON.stringify(data));
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/save-workflow', jsonParser, async (request, response) => {
+    try {
+        const filePath = path.join(request.user.directories.comfyWorkflows, sanitize(String(request.body.file_name)));
+        writeFileAtomicSync(filePath, request.body.workflow, 'utf8');
+        const data = getComfyWorkflows(request.user.directories);
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/delete-workflow', jsonParser, async (request, response) => {
+    try {
+        const filePath = path.join(request.user.directories.comfyWorkflows, sanitize(String(request.body.file_name)));
+        if (fs.existsSync(filePath)) {
+            fs.unlinkSync(filePath);
+        }
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+comfy.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/prompt';
+
+        const controller = new AbortController();
+        request.socket.removeAllListeners('close');
+        request.socket.on('close', function () {
+            if (!response.writableEnded && !item) {
+                const interruptUrl = new URL(request.body.url);
+                interruptUrl.pathname = '/interrupt';
+                fetch(interruptUrl, { method: 'POST', headers: { 'Authorization': getBasicAuthHeader(request.body.auth) } });
+            }
+            controller.abort();
+        });
+
+        const promptResult = await fetch(url, {
+            method: 'POST',
+            body: request.body.prompt,
+        });
+        if (!promptResult.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+
+        const data = await promptResult.json();
+        const id = data.prompt_id;
+        let item;
+        const historyUrl = new URL(request.body.url);
+        historyUrl.pathname = '/history';
+        while (true) {
+            const result = await fetch(historyUrl);
+            if (!result.ok) {
+                throw new Error('ComfyUI returned an error.');
+            }
+            const history = await result.json();
+            item = history[id];
+            if (item) {
+                break;
+            }
+            await delay(100);
+        }
+        if (item.status.status_str === 'error') {
+            throw new Error('ComfyUI generation did not succeed.');
+        }
+        const imgInfo = Object.keys(item.outputs).map(it => item.outputs[it].images).flat()[0];
+        const imgUrl = new URL(request.body.url);
+        imgUrl.pathname = '/view';
+        imgUrl.search = `?filename=${imgInfo.filename}&subfolder=${imgInfo.subfolder}&type=${imgInfo.type}`;
+        const imgResponse = await fetch(imgUrl);
+        if (!imgResponse.ok) {
+            throw new Error('ComfyUI returned an error.');
+        }
+        const imgBuffer = await imgResponse.buffer();
+        return response.send(imgBuffer.toString('base64'));
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+const together = express.Router();
+
+together.post('/models', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.TOGETHERAI);
+
+        if (!key) {
+            console.log('TogetherAI key not found.');
+            return response.sendStatus(400);
+        }
+
+        const modelsResponse = await fetch('https://api.together.xyz/api/models', {
+            method: 'GET',
+            headers: {
+                'Authorization': `Bearer ${key}`,
+            },
+        });
+
+        if (!modelsResponse.ok) {
+            console.log('TogetherAI returned an error.');
+            return response.sendStatus(500);
+        }
+
+        const data = await modelsResponse.json();
+
+        if (!Array.isArray(data)) {
+            console.log('TogetherAI returned invalid data.');
+            return response.sendStatus(500);
+        }
+
+        const models = data
+            .filter(x => x.display_type === 'image')
+            .map(x => ({ value: x.name, text: x.display_name }));
+
+        return response.send(models);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+together.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.TOGETHERAI);
+
+        if (!key) {
+            console.log('TogetherAI key not found.');
+            return response.sendStatus(400);
+        }
+
+        console.log('TogetherAI request:', request.body);
+
+        const result = await fetch('https://api.together.xyz/api/inference', {
+            method: 'POST',
+            body: JSON.stringify({
+                request_type: 'image-model-inference',
+                prompt: request.body.prompt,
+                negative_prompt: request.body.negative_prompt,
+                height: request.body.height,
+                width: request.body.width,
+                model: request.body.model,
+                steps: request.body.steps,
+                n: 1,
+                // Limited to 10000 on playground, works fine with more.
+                seed: request.body.seed >= 0 ? request.body.seed : Math.floor(Math.random() * 10_000_000),
+                // Don't know if that's supposed to be random or not. It works either way.
+                sessionKey: getHexString(40),
+            }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${key}`,
+            },
+        });
+
+        if (!result.ok) {
+            console.log('TogetherAI returned an error.');
+            return response.sendStatus(500);
+        }
+
+        const data = await result.json();
+        console.log('TogetherAI response:', data);
+
+        if (data.status !== 'finished') {
+            console.log('TogetherAI job failed.');
+            return response.sendStatus(500);
+        }
+
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+const drawthings = express.Router();
+
+drawthings.post('/ping', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/';
+
+        const result = await fetch(url, {
+            method: 'HEAD',
+        });
+
+        if (!result.ok) {
+            throw new Error('SD DrawThings API returned an error.');
+        }
+
+        return response.sendStatus(200);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+drawthings.post('/get-model', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/';
+
+        const result = await fetch(url, {
+            method: 'GET',
+        });
+        const data = await result.json();
+
+        return response.send(data['model']);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+drawthings.post('/get-upscaler', jsonParser, async (request, response) => {
+    try {
+        const url = new URL(request.body.url);
+        url.pathname = '/';
+
+        const result = await fetch(url, {
+            method: 'GET',
+        });
+        const data = await result.json();
+
+        return response.send(data['upscaler']);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+drawthings.post('/generate', jsonParser, async (request, response) => {
+    try {
+        console.log('SD DrawThings API request:', request.body);
+
+        const url = new URL(request.body.url);
+        url.pathname = '/sdapi/v1/txt2img';
+
+        const body = { ...request.body };
+        const auth = getBasicAuthHeader(request.body.auth);
+        delete body.url;
+        delete body.auth;
+
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify(body),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': auth,
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            throw new Error('SD DrawThings API returned an error.', { cause: text });
+        }
+
+        const data = await result.json();
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+const pollinations = express.Router();
+
+pollinations.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const promptUrl = new URL(`https://image.pollinations.ai/prompt/${encodeURIComponent(request.body.prompt)}`);
+        const params = new URLSearchParams({
+            model: String(request.body.model),
+            negative_prompt: String(request.body.negative_prompt),
+            seed: String(request.body.seed >= 0 ? request.body.seed : Math.floor(Math.random() * 10_000_000)),
+            enhance: String(request.body.enhance ?? false),
+            refine: String(request.body.refine ?? false),
+            width: String(request.body.width ?? 1024),
+            height: String(request.body.height ?? 1024),
+            nologo: String(true),
+            nofeed: String(true),
+            referer: 'sillytavern',
+        });
+        promptUrl.search = params.toString();
+
+        console.log('Pollinations request URL:', promptUrl.toString());
+
+        const result = await fetch(promptUrl);
+
+        if (!result.ok) {
+            console.log('Pollinations returned an error.', result.status, result.statusText);
+            throw new Error('Pollinations request failed.');
+        }
+
+        const buffer = await result.buffer();
+        const base64 = buffer.toString('base64');
+
+        return response.send({ image: base64 });
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+const stability = express.Router();
+
+stability.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.STABILITY);
+
+        if (!key) {
+            console.log('Stability AI key not found.');
+            return response.sendStatus(400);
+        }
+
+        const { payload, model } = request.body;
+
+        console.log('Stability AI request:', model, payload);
+
+        const formData = new FormData();
+        for (const [key, value] of Object.entries(payload)) {
+            if (value !== undefined) {
+                formData.append(key, String(value));
+            }
+        }
+
+        let apiUrl;
+        switch (model) {
+            case 'stable-image-ultra':
+                apiUrl = 'https://api.stability.ai/v2beta/stable-image/generate/ultra';
+                break;
+            case 'stable-image-core':
+                apiUrl = 'https://api.stability.ai/v2beta/stable-image/generate/core';
+                break;
+            case 'stable-diffusion-3':
+                apiUrl = 'https://api.stability.ai/v2beta/stable-image/generate/sd3';
+                break;
+            default:
+                throw new Error('Invalid Stability AI model selected');
+        }
+
+        const result = await fetch(apiUrl, {
+            method: 'POST',
+            headers: {
+                'Authorization': `Bearer ${key}`,
+                'Accept': 'image/*',
+            },
+            body: formData,
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const text = await result.text();
+            console.log('Stability AI returned an error.', result.status, result.statusText, text);
+            return response.sendStatus(500);
+        }
+
+        const buffer = await result.buffer();
+        return response.send(buffer.toString('base64'));
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+const blockentropy = express.Router();
+
+blockentropy.post('/models', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.BLOCKENTROPY);
+
+        if (!key) {
+            console.log('Block Entropy key not found.');
+            return response.sendStatus(400);
+        }
+
+        const modelsResponse = await fetch('https://api.blockentropy.ai/sdapi/v1/sd-models', {
+            method: 'GET',
+            headers: {
+                'Authorization': `Bearer ${key}`,
+            },
+        });
+
+        if (!modelsResponse.ok) {
+            console.log('Block Entropy returned an error.');
+            return response.sendStatus(500);
+        }
+
+        const data = await modelsResponse.json();
+
+        if (!Array.isArray(data)) {
+            console.log('Block Entropy returned invalid data.');
+            return response.sendStatus(500);
+        }
+        const models = data.map(x => ({ value: x.name, text: x.name }));
+        return response.send(models);
+
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+blockentropy.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.BLOCKENTROPY);
+
+        if (!key) {
+            console.log('Block Entropy key not found.');
+            return response.sendStatus(400);
+        }
+
+        console.log('Block Entropy request:', request.body);
+
+        const result = await fetch('https://api.blockentropy.ai/sdapi/v1/txt2img', {
+            method: 'POST',
+            body: JSON.stringify({
+                prompt: request.body.prompt,
+                negative_prompt: request.body.negative_prompt,
+                model: request.body.model,
+                steps: request.body.steps,
+                width: request.body.width,
+                height: request.body.height,
+                // Random seed if negative.
+                seed: request.body.seed >= 0 ? request.body.seed : Math.floor(Math.random() * 10_000_000),
+            }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${key}`,
+            },
+        });
+
+        if (!result.ok) {
+            console.log('Block Entropy returned an error.');
+            return response.sendStatus(500);
+        }
+
+        const data = await result.json();
+        console.log('Block Entropy response:', data);
+
+        return response.send(data);
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+
+const huggingface = express.Router();
+
+huggingface.post('/generate', jsonParser, async (request, response) => {
+    try {
+        const key = readSecret(request.user.directories, SECRET_KEYS.HUGGINGFACE);
+
+        if (!key) {
+            console.log('Hugging Face key not found.');
+            return response.sendStatus(400);
+        }
+
+        console.log('Hugging Face request:', request.body);
+
+        const result = await fetch(`https://api-inference.huggingface.co/models/${request.body.model}`, {
+            method: 'POST',
+            body: JSON.stringify({
+                inputs: request.body.prompt,
+            }),
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${key}`,
+            },
+        });
+
+        if (!result.ok) {
+            console.log('Hugging Face returned an error.');
+            return response.sendStatus(500);
+        }
+
+        const buffer = await result.buffer();
+        return response.send({
+            image: buffer.toString('base64'),
+        });
+    } catch (error) {
+        console.log(error);
+        return response.sendStatus(500);
+    }
+});
+
+
+router.use('/comfy', comfy);
+router.use('/together', together);
+router.use('/drawthings', drawthings);
+router.use('/pollinations', pollinations);
+router.use('/stability', stability);
+router.use('/blockentropy', blockentropy);
+router.use('/huggingface', huggingface);
+
+module.exports = { router };

src/endpoints/stats.js

@@ -0,0 +1,474 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const writeFileAtomic = require('write-file-atomic');
+const crypto = require('crypto');
+
+const readFile = fs.promises.readFile;
+const readdir = fs.promises.readdir;
+
+const { jsonParser } = require('../express-common');
+const { getAllUserHandles, getUserDirectories } = require('../users');
+
+const STATS_FILE = 'stats.json';
+
+/**
+ * @type {Map<string, Object>} The stats object for each user.
+ */
+const STATS = new Map();
+/**
+ * @type {Map<string, number>} The timestamps for each user.
+ */
+const TIMESTAMPS = new Map();
+
+/**
+ * Convert a timestamp to an integer timestamp.
+ * (sorry, it's momentless for now, didn't want to add a package just for this)
+ * This function can handle several different timestamp formats:
+ * 1. Unix timestamps (the number of seconds since the Unix Epoch)
+ * 2. ST "humanized" timestamps, formatted like "YYYY-MM-DD @HHh MMm SSs ms"
+ * 3. Date strings in the format "Month DD, YYYY H:MMam/pm"
+ *
+ * The function returns the timestamp as the number of milliseconds since
+ * the Unix Epoch, which can be converted to a JavaScript Date object with new Date().
+ *
+ * @param {string|number} timestamp - The timestamp to convert.
+ * @returns {number} The timestamp in milliseconds since the Unix Epoch, or 0 if the input cannot be parsed.
+ *
+ * @example
+ * // Unix timestamp
+ * timestampToMoment(1609459200);
+ * // ST humanized timestamp
+ * timestampToMoment("2021-01-01 \@00h 00m 00s 000ms");
+ * // Date string
+ * timestampToMoment("January 1, 2021 12:00am");
+ */
+function timestampToMoment(timestamp) {
+    if (!timestamp) {
+        return 0;
+    }
+
+    if (typeof timestamp === 'number') {
+        return timestamp;
+    }
+
+    const pattern1 =
+        /(\d{4})-(\d{1,2})-(\d{1,2}) @(\d{1,2})h (\d{1,2})m (\d{1,2})s (\d{1,3})ms/;
+    const replacement1 = (
+        match,
+        year,
+        month,
+        day,
+        hour,
+        minute,
+        second,
+        millisecond,
+    ) => {
+        return `${year}-${month.padStart(2, '0')}-${day.padStart(
+            2,
+            '0',
+        )}T${hour.padStart(2, '0')}:${minute.padStart(
+            2,
+            '0',
+        )}:${second.padStart(2, '0')}.${millisecond.padStart(3, '0')}Z`;
+    };
+    const isoTimestamp1 = timestamp.replace(pattern1, replacement1);
+    if (!isNaN(Number(new Date(isoTimestamp1)))) {
+        return new Date(isoTimestamp1).getTime();
+    }
+
+    const pattern2 = /(\w+)\s(\d{1,2}),\s(\d{4})\s(\d{1,2}):(\d{1,2})(am|pm)/i;
+    const replacement2 = (match, month, day, year, hour, minute, meridiem) => {
+        const monthNames = [
+            'January',
+            'February',
+            'March',
+            'April',
+            'May',
+            'June',
+            'July',
+            'August',
+            'September',
+            'October',
+            'November',
+            'December',
+        ];
+        const monthNum = monthNames.indexOf(month) + 1;
+        const hour24 =
+            meridiem.toLowerCase() === 'pm'
+                ? (parseInt(hour, 10) % 12) + 12
+                : parseInt(hour, 10) % 12;
+        return `${year}-${monthNum.toString().padStart(2, '0')}-${day.padStart(
+            2,
+            '0',
+        )}T${hour24.toString().padStart(2, '0')}:${minute.padStart(
+            2,
+            '0',
+        )}:00Z`;
+    };
+    const isoTimestamp2 = timestamp.replace(pattern2, replacement2);
+    if (!isNaN(Number(new Date(isoTimestamp2)))) {
+        return new Date(isoTimestamp2).getTime();
+    }
+
+    return 0;
+}
+
+/**
+ * Collects and aggregates stats for all characters.
+ *
+ * @param {string} chatsPath - The path to the directory containing the chat files.
+ * @param {string} charactersPath - The path to the directory containing the character files.
+ * @returns {Promise<Object>} The aggregated stats object.
+ */
+async function collectAndCreateStats(chatsPath, charactersPath) {
+    const files = await readdir(charactersPath);
+
+    const pngFiles = files.filter((file) => file.endsWith('.png'));
+
+    let processingPromises = pngFiles.map((file) =>
+        calculateStats(chatsPath, file),
+    );
+    const statsArr = await Promise.all(processingPromises);
+
+    let finalStats = {};
+    for (let stat of statsArr) {
+        finalStats = { ...finalStats, ...stat };
+    }
+    // tag with timestamp on when stats were generated
+    finalStats.timestamp = Date.now();
+    return finalStats;
+}
+
+/**
+ * Recreates the stats object for a user.
+ * @param {string} handle User handle
+ * @param {string} chatsPath Path to the directory containing the chat files.
+ * @param {string} charactersPath Path to the directory containing the character files.
+ */
+async function recreateStats(handle, chatsPath, charactersPath) {
+    console.log('Collecting and creating stats for user:', handle);
+    const stats = await collectAndCreateStats(chatsPath, charactersPath);
+    STATS.set(handle, stats);
+    await saveStatsToFile();
+}
+
+/**
+ * Loads the stats file into memory. If the file doesn't exist or is invalid,
+ * initializes stats by collecting and creating them for each character.
+ */
+async function init() {
+    try {
+        const userHandles = await getAllUserHandles();
+        for (const handle of userHandles) {
+            const directories = getUserDirectories(handle);
+            try {
+                const statsFilePath = path.join(directories.root, STATS_FILE);
+                const statsFileContent = await readFile(statsFilePath, 'utf-8');
+                STATS.set(handle, JSON.parse(statsFileContent));
+            } catch (err) {
+                // If the file doesn't exist or is invalid, initialize stats
+                if (err.code === 'ENOENT' || err instanceof SyntaxError) {
+                    await recreateStats(handle, directories.chats, directories.characters);
+                } else {
+                    throw err; // Rethrow the error if it's something we didn't expect
+                }
+            }
+        }
+    } catch (err) {
+        console.error('Failed to initialize stats:', err);
+    }
+    // Save stats every 5 minutes
+    setInterval(saveStatsToFile, 5 * 60 * 1000);
+}
+/**
+ * Saves the current state of charStats to a file, only if the data has changed since the last save.
+ */
+async function saveStatsToFile() {
+    const userHandles = await getAllUserHandles();
+    for (const handle of userHandles) {
+        if (!STATS.has(handle)) {
+            continue;
+        }
+        const charStats = STATS.get(handle);
+        const lastSaveTimestamp = TIMESTAMPS.get(handle) || 0;
+        if (charStats.timestamp > lastSaveTimestamp) {
+            try {
+                const directories = getUserDirectories(handle);
+                const statsFilePath = path.join(directories.root, STATS_FILE);
+                await writeFileAtomic(statsFilePath, JSON.stringify(charStats));
+                TIMESTAMPS.set(handle, Date.now());
+            } catch (error) {
+                console.log('Failed to save stats to file.', error);
+            }
+        }
+    }
+}
+
+/**
+ * Attempts to save charStats to a file and then terminates the process.
+ * If an error occurs during the file write, it logs the error before exiting.
+ */
+async function onExit() {
+    try {
+        await saveStatsToFile();
+    } catch (err) {
+        console.error('Failed to write stats to file:', err);
+    }
+}
+
+/**
+ * Reads the contents of a file and returns the lines in the file as an array.
+ *
+ * @param {string} filepath - The path of the file to be read.
+ * @returns {Array<string>} - The lines in the file.
+ * @throws Will throw an error if the file cannot be read.
+ */
+function readAndParseFile(filepath) {
+    try {
+        let file = fs.readFileSync(filepath, 'utf8');
+        let lines = file.split('\n');
+        return lines;
+    } catch (error) {
+        console.error(`Error reading file at ${filepath}: ${error}`);
+        return [];
+    }
+}
+
+/**
+ * Calculates the time difference between two dates.
+ *
+ * @param {string} gen_started - The start time in ISO 8601 format.
+ * @param {string} gen_finished - The finish time in ISO 8601 format.
+ * @returns {number} - The difference in time in milliseconds.
+ */
+function calculateGenTime(gen_started, gen_finished) {
+    let startDate = new Date(gen_started);
+    let endDate = new Date(gen_finished);
+    return Number(endDate) - Number(startDate);
+}
+
+/**
+ * Counts the number of words in a string.
+ *
+ * @param {string} str - The string to count words in.
+ * @returns {number} - The number of words in the string.
+ */
+function countWordsInString(str) {
+    const match = str.match(/\b\w+\b/g);
+    return match ? match.length : 0;
+}
+
+/**
+ * calculateStats - Calculate statistics for a given character chat directory.
+ *
+ * @param  {string} chatsPath The directory containing the chat files.
+ * @param  {string} item     The name of the character.
+ * @return {object}          An object containing the calculated statistics.
+ */
+const calculateStats = (chatsPath, item) => {
+    const chatDir = path.join(chatsPath, item.replace('.png', ''));
+    const stats = {
+        total_gen_time: 0,
+        user_word_count: 0,
+        non_user_word_count: 0,
+        user_msg_count: 0,
+        non_user_msg_count: 0,
+        total_swipe_count: 0,
+        chat_size: 0,
+        date_last_chat: 0,
+        date_first_chat: new Date('9999-12-31T23:59:59.999Z').getTime(),
+    };
+    let uniqueGenStartTimes = new Set();
+
+    if (fs.existsSync(chatDir)) {
+        const chats = fs.readdirSync(chatDir);
+        if (Array.isArray(chats) && chats.length) {
+            for (const chat of chats) {
+                const result = calculateTotalGenTimeAndWordCount(
+                    chatDir,
+                    chat,
+                    uniqueGenStartTimes,
+                );
+                stats.total_gen_time += result.totalGenTime || 0;
+                stats.user_word_count += result.userWordCount || 0;
+                stats.non_user_word_count += result.nonUserWordCount || 0;
+                stats.user_msg_count += result.userMsgCount || 0;
+                stats.non_user_msg_count += result.nonUserMsgCount || 0;
+                stats.total_swipe_count += result.totalSwipeCount || 0;
+
+                const chatStat = fs.statSync(path.join(chatDir, chat));
+                stats.chat_size += chatStat.size;
+                stats.date_last_chat = Math.max(
+                    stats.date_last_chat,
+                    Math.floor(chatStat.mtimeMs),
+                );
+                stats.date_first_chat = Math.min(
+                    stats.date_first_chat,
+                    result.firstChatTime,
+                );
+            }
+        }
+    }
+
+    return { [item]: stats };
+};
+
+/**
+ * Sets the current charStats object.
+ * @param {string} handle - The user handle.
+ * @param {Object} stats - The new charStats object.
+ **/
+function setCharStats(handle, stats) {
+    stats.timestamp = Date.now();
+    STATS.set(handle, stats);
+}
+
+/**
+ * Calculates the total generation time and word count for a chat with a character.
+ *
+ * @param {string} chatDir - The directory path where character chat files are stored.
+ * @param {string} chat - The name of the chat file.
+ * @returns {Object} - An object containing the total generation time, user word count, and non-user word count.
+ * @throws Will throw an error if the file cannot be read or parsed.
+ */
+function calculateTotalGenTimeAndWordCount(
+    chatDir,
+    chat,
+    uniqueGenStartTimes,
+) {
+    let filepath = path.join(chatDir, chat);
+    let lines = readAndParseFile(filepath);
+
+    let totalGenTime = 0;
+    let userWordCount = 0;
+    let nonUserWordCount = 0;
+    let nonUserMsgCount = 0;
+    let userMsgCount = 0;
+    let totalSwipeCount = 0;
+    let firstChatTime = new Date('9999-12-31T23:59:59.999Z').getTime();
+
+    for (let line of lines) {
+        if (line.length) {
+            try {
+                let json = JSON.parse(line);
+                if (json.mes) {
+                    let hash = crypto
+                        .createHash('sha256')
+                        .update(json.mes)
+                        .digest('hex');
+                    if (uniqueGenStartTimes.has(hash)) {
+                        continue;
+                    }
+                    if (hash) {
+                        uniqueGenStartTimes.add(hash);
+                    }
+                }
+
+                if (json.gen_started && json.gen_finished) {
+                    let genTime = calculateGenTime(
+                        json.gen_started,
+                        json.gen_finished,
+                    );
+                    totalGenTime += genTime;
+
+                    if (json.swipes && !json.swipe_info) {
+                        // If there are swipes but no swipe_info, estimate the genTime
+                        totalGenTime += genTime * json.swipes.length;
+                    }
+                }
+
+                if (json.mes) {
+                    let wordCount = countWordsInString(json.mes);
+                    json.is_user
+                        ? (userWordCount += wordCount)
+                        : (nonUserWordCount += wordCount);
+                    json.is_user ? userMsgCount++ : nonUserMsgCount++;
+                }
+
+                if (json.swipes && json.swipes.length > 1) {
+                    totalSwipeCount += json.swipes.length - 1; // Subtract 1 to not count the first swipe
+                    for (let i = 1; i < json.swipes.length; i++) {
+                        // Start from the second swipe
+                        let swipeText = json.swipes[i];
+
+                        let wordCount = countWordsInString(swipeText);
+                        json.is_user
+                            ? (userWordCount += wordCount)
+                            : (nonUserWordCount += wordCount);
+                        json.is_user ? userMsgCount++ : nonUserMsgCount++;
+                    }
+                }
+
+                if (json.swipe_info && json.swipe_info.length > 1) {
+                    for (let i = 1; i < json.swipe_info.length; i++) {
+                        // Start from the second swipe
+                        let swipe = json.swipe_info[i];
+                        if (swipe.gen_started && swipe.gen_finished) {
+                            totalGenTime += calculateGenTime(
+                                swipe.gen_started,
+                                swipe.gen_finished,
+                            );
+                        }
+                    }
+                }
+
+                // If this is the first user message, set the first chat time
+                if (json.is_user) {
+                    //get min between firstChatTime and timestampToMoment(json.send_date)
+                    firstChatTime = Math.min(timestampToMoment(json.send_date), firstChatTime);
+                }
+            } catch (error) {
+                console.error(`Error parsing line ${line}: ${error}`);
+            }
+        }
+    }
+    return {
+        totalGenTime,
+        userWordCount,
+        nonUserWordCount,
+        userMsgCount,
+        nonUserMsgCount,
+        totalSwipeCount,
+        firstChatTime,
+    };
+}
+
+const router = express.Router();
+
+/**
+ * Handle a POST request to get the stats object
+ */
+router.post('/get', jsonParser, function (request, response) {
+    const stats = STATS.get(request.user.profile.handle) || {};
+    response.send(stats);
+});
+
+/**
+ * Triggers the recreation of statistics from chat files.
+ */
+router.post('/recreate', jsonParser, async function (request, response) {
+    try {
+        await recreateStats(request.user.profile.handle, request.user.directories.chats, request.user.directories.characters);
+        return response.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+/**
+ * Handle a POST request to update the stats object
+*/
+router.post('/update', jsonParser, function (request, response) {
+    if (!request.body) return response.sendStatus(400);
+    setCharStats(request.user.profile.handle, request.body);
+    return response.sendStatus(200);
+});
+
+module.exports = {
+    router,
+    recreateStats,
+    init,
+    onExit,
+};

src/endpoints/themes.js

@@ -0,0 +1,40 @@
+const express = require('express');
+const path = require('path');
+const fs = require('fs');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { jsonParser } = require('../express-common');
+
+const router = express.Router();
+
+router.post('/save', jsonParser, (request, response) => {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    const filename = path.join(request.user.directories.themes, sanitize(request.body.name) + '.json');
+    writeFileAtomicSync(filename, JSON.stringify(request.body, null, 4), 'utf8');
+
+    return response.sendStatus(200);
+});
+
+router.post('/delete', jsonParser, function (request, response) {
+    if (!request.body || !request.body.name) {
+        return response.sendStatus(400);
+    }
+
+    try {
+        const filename = path.join(request.user.directories.themes, sanitize(request.body.name) + '.json');
+        if (!fs.existsSync(filename)) {
+            console.error('Theme file not found:', filename);
+            return response.sendStatus(404);
+        }
+        fs.rmSync(filename);
+        return response.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/thumbnails.js

@@ -0,0 +1,235 @@
+const fs = require('fs');
+const fsPromises = require('fs').promises;
+const path = require('path');
+const mime = require('mime-types');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const jimp = require('jimp');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+const { getAllUserHandles, getUserDirectories } = require('../users');
+const { getConfigValue } = require('../util');
+const { jsonParser } = require('../express-common');
+
+const thumbnailsDisabled = getConfigValue('disableThumbnails', false);
+const quality = getConfigValue('thumbnailsQuality', 95);
+const pngFormat = getConfigValue('avatarThumbnailsPng', false);
+
+/**
+ * Gets a path to thumbnail folder based on the type.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {'bg' | 'avatar'} type Thumbnail type
+ * @returns {string} Path to the thumbnails folder
+ */
+function getThumbnailFolder(directories, type) {
+    let thumbnailFolder;
+
+    switch (type) {
+        case 'bg':
+            thumbnailFolder = directories.thumbnailsBg;
+            break;
+        case 'avatar':
+            thumbnailFolder = directories.thumbnailsAvatar;
+            break;
+    }
+
+    return thumbnailFolder;
+}
+
+/**
+ * Gets a path to the original images folder based on the type.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {'bg' | 'avatar'} type Thumbnail type
+ * @returns {string} Path to the original images folder
+ */
+function getOriginalFolder(directories, type) {
+    let originalFolder;
+
+    switch (type) {
+        case 'bg':
+            originalFolder = directories.backgrounds;
+            break;
+        case 'avatar':
+            originalFolder = directories.characters;
+            break;
+    }
+
+    return originalFolder;
+}
+
+/**
+ * Removes the generated thumbnail from the disk.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {'bg' | 'avatar'} type Type of the thumbnail
+ * @param {string} file Name of the file
+ */
+function invalidateThumbnail(directories, type, file) {
+    const folder = getThumbnailFolder(directories, type);
+    if (folder === undefined) throw new Error('Invalid thumbnail type');
+
+    const pathToThumbnail = path.join(folder, file);
+
+    if (fs.existsSync(pathToThumbnail)) {
+        fs.rmSync(pathToThumbnail);
+    }
+}
+
+/**
+ * Generates a thumbnail for the given file.
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {'bg' | 'avatar'} type Type of the thumbnail
+ * @param {string} file Name of the file
+ * @returns
+ */
+async function generateThumbnail(directories, type, file) {
+    let thumbnailFolder = getThumbnailFolder(directories, type);
+    let originalFolder = getOriginalFolder(directories, type);
+    if (thumbnailFolder === undefined || originalFolder === undefined) throw new Error('Invalid thumbnail type');
+
+    const pathToCachedFile = path.join(thumbnailFolder, file);
+    const pathToOriginalFile = path.join(originalFolder, file);
+
+    const cachedFileExists = fs.existsSync(pathToCachedFile);
+    const originalFileExists = fs.existsSync(pathToOriginalFile);
+
+    // to handle cases when original image was updated after thumb creation
+    let shouldRegenerate = false;
+
+    if (cachedFileExists && originalFileExists) {
+        const originalStat = fs.statSync(pathToOriginalFile);
+        const cachedStat = fs.statSync(pathToCachedFile);
+
+        if (originalStat.mtimeMs > cachedStat.ctimeMs) {
+            //console.log('Original file changed. Regenerating thumbnail...');
+            shouldRegenerate = true;
+        }
+    }
+
+    if (cachedFileExists && !shouldRegenerate) {
+        return pathToCachedFile;
+    }
+
+    if (!originalFileExists) {
+        return null;
+    }
+
+    const imageSizes = { 'bg': [160, 90], 'avatar': [96, 144] };
+    const mySize = imageSizes[type];
+
+    try {
+        let buffer;
+
+        try {
+            const image = await jimp.read(pathToOriginalFile);
+            const imgType = type == 'avatar' && pngFormat ? 'image/png' : 'image/jpeg';
+            buffer = await image.cover(mySize[0], mySize[1]).quality(quality).getBufferAsync(imgType);
+        }
+        catch (inner) {
+            console.warn(`Thumbnailer can not process the image: ${pathToOriginalFile}. Using original size`);
+            buffer = fs.readFileSync(pathToOriginalFile);
+        }
+
+        writeFileAtomicSync(pathToCachedFile, buffer);
+    }
+    catch (outer) {
+        return null;
+    }
+
+    return pathToCachedFile;
+}
+
+/**
+ * Ensures that the thumbnail cache for backgrounds is valid.
+ * @returns {Promise<void>} Promise that resolves when the cache is validated
+ */
+async function ensureThumbnailCache() {
+    const userHandles = await getAllUserHandles();
+    for (const handle of userHandles) {
+        const directories = getUserDirectories(handle);
+        const cacheFiles = fs.readdirSync(directories.thumbnailsBg);
+
+        // files exist, all ok
+        if (cacheFiles.length) {
+            return;
+        }
+
+        console.log('Generating thumbnails cache. Please wait...');
+
+        const bgFiles = fs.readdirSync(directories.backgrounds);
+        const tasks = [];
+
+        for (const file of bgFiles) {
+            tasks.push(generateThumbnail(directories, 'bg', file));
+        }
+
+        await Promise.all(tasks);
+        console.log(`Done! Generated: ${bgFiles.length} preview images`);
+    }
+}
+
+const router = express.Router();
+
+// Important: This route must be mounted as '/thumbnail'. It is used in the client code and saved to chat files.
+router.get('/', jsonParser, async function (request, response) {
+    try{
+        if (typeof request.query.file !== 'string' || typeof request.query.type !== 'string') {
+            return response.sendStatus(400);
+        }
+
+        const type = request.query.type;
+        const file = sanitize(request.query.file);
+
+        if (!type || !file) {
+            return response.sendStatus(400);
+        }
+
+        if (!(type == 'bg' || type == 'avatar')) {
+            return response.sendStatus(400);
+        }
+
+        if (sanitize(file) !== file) {
+            console.error('Malicious filename prevented');
+            return response.sendStatus(403);
+        }
+
+        if (thumbnailsDisabled) {
+            const folder = getOriginalFolder(request.user.directories, type);
+
+            if (folder === undefined) {
+                return response.sendStatus(400);
+            }
+
+            const pathToOriginalFile = path.join(folder, file);
+            if (!fs.existsSync(pathToOriginalFile)) {
+                return response.sendStatus(404);
+            }
+            const contentType = mime.lookup(pathToOriginalFile) || 'image/png';
+            const originalFile = await fsPromises.readFile(pathToOriginalFile);
+            response.setHeader('Content-Type', contentType);
+            return response.send(originalFile);
+        }
+
+        const pathToCachedFile = await generateThumbnail(request.user.directories, type, file);
+
+        if (!pathToCachedFile) {
+            return response.sendStatus(404);
+        }
+
+        if (!fs.existsSync(pathToCachedFile)) {
+            return response.sendStatus(404);
+        }
+
+        const contentType = mime.lookup(pathToCachedFile) || 'image/jpeg';
+        const cachedFile = await fsPromises.readFile(pathToCachedFile);
+        response.setHeader('Content-Type', contentType);
+        return response.send(cachedFile);
+    } catch (error) {
+        console.error('Failed getting thumbnail', error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    invalidateThumbnail,
+    ensureThumbnailCache,
+    router,
+};

src/endpoints/tokenizers.js

@@ -0,0 +1,885 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const { SentencePieceProcessor } = require('@agnai/sentencepiece-js');
+const tiktoken = require('tiktoken');
+const { Tokenizer } = require('@agnai/web-tokenizers');
+const { convertClaudePrompt, convertGooglePrompt } = require('../prompt-converters');
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const { TEXTGEN_TYPES } = require('../constants');
+const { jsonParser } = require('../express-common');
+const { setAdditionalHeaders } = require('../additional-headers');
+
+const API_MAKERSUITE = 'https://generativelanguage.googleapis.com';
+
+/**
+ * @typedef { (req: import('express').Request, res: import('express').Response) => Promise<any> } TokenizationHandler
+ */
+
+/**
+ * @type {{[key: string]: import('tiktoken').Tiktoken}} Tokenizers cache
+ */
+const tokenizersCache = {};
+
+/**
+ * @type {string[]}
+ */
+const TEXT_COMPLETION_MODELS = [
+    'gpt-3.5-turbo-instruct',
+    'gpt-3.5-turbo-instruct-0914',
+    'text-davinci-003',
+    'text-davinci-002',
+    'text-davinci-001',
+    'text-curie-001',
+    'text-babbage-001',
+    'text-ada-001',
+    'code-davinci-002',
+    'code-davinci-001',
+    'code-cushman-002',
+    'code-cushman-001',
+    'text-davinci-edit-001',
+    'code-davinci-edit-001',
+    'text-embedding-ada-002',
+    'text-similarity-davinci-001',
+    'text-similarity-curie-001',
+    'text-similarity-babbage-001',
+    'text-similarity-ada-001',
+    'text-search-davinci-doc-001',
+    'text-search-curie-doc-001',
+    'text-search-babbage-doc-001',
+    'text-search-ada-doc-001',
+    'code-search-babbage-code-001',
+    'code-search-ada-code-001',
+];
+
+const CHARS_PER_TOKEN = 3.35;
+
+/**
+ * Sentencepiece tokenizer for tokenizing text.
+ */
+class SentencePieceTokenizer {
+    /**
+     * @type {import('@agnai/sentencepiece-js').SentencePieceProcessor} Sentencepiece tokenizer instance
+     */
+    #instance;
+    /**
+     * @type {string} Path to the tokenizer model
+     */
+    #model;
+
+    /**
+     * Creates a new Sentencepiece tokenizer.
+     * @param {string} model Path to the tokenizer model
+     */
+    constructor(model) {
+        this.#model = model;
+    }
+
+    /**
+     * Gets the Sentencepiece tokenizer instance.
+     * @returns {Promise<import('@agnai/sentencepiece-js').SentencePieceProcessor|null>} Sentencepiece tokenizer instance
+     */
+    async get() {
+        if (this.#instance) {
+            return this.#instance;
+        }
+
+        try {
+            this.#instance = new SentencePieceProcessor();
+            await this.#instance.load(this.#model);
+            console.log('Instantiated the tokenizer for', path.parse(this.#model).name);
+            return this.#instance;
+        } catch (error) {
+            console.error('Sentencepiece tokenizer failed to load: ' + this.#model, error);
+            return null;
+        }
+    }
+}
+
+/**
+ * Web tokenizer for tokenizing text.
+ */
+class WebTokenizer {
+    /**
+     * @type {Tokenizer} Web tokenizer instance
+     */
+    #instance;
+    /**
+     * @type {string} Path to the tokenizer model
+     */
+    #model;
+
+    /**
+     * Creates a new Web tokenizer.
+     * @param {string} model Path to the tokenizer model
+     */
+    constructor(model) {
+        this.#model = model;
+    }
+
+    /**
+     * Gets the Web tokenizer instance.
+     * @returns {Promise<Tokenizer|null>} Web tokenizer instance
+     */
+    async get() {
+        if (this.#instance) {
+            return this.#instance;
+        }
+
+        try {
+            const arrayBuffer = fs.readFileSync(this.#model).buffer;
+            this.#instance = await Tokenizer.fromJSON(arrayBuffer);
+            console.log('Instantiated the tokenizer for', path.parse(this.#model).name);
+            return this.#instance;
+        } catch (error) {
+            console.error('Web tokenizer failed to load: ' + this.#model, error);
+            return null;
+        }
+    }
+}
+
+const spp_llama = new SentencePieceTokenizer('src/tokenizers/llama.model');
+const spp_nerd = new SentencePieceTokenizer('src/tokenizers/nerdstash.model');
+const spp_nerd_v2 = new SentencePieceTokenizer('src/tokenizers/nerdstash_v2.model');
+const spp_mistral = new SentencePieceTokenizer('src/tokenizers/mistral.model');
+const spp_yi = new SentencePieceTokenizer('src/tokenizers/yi.model');
+const spp_gemma = new SentencePieceTokenizer('src/tokenizers/gemma.model');
+const claude_tokenizer = new WebTokenizer('src/tokenizers/claude.json');
+const llama3_tokenizer = new WebTokenizer('src/tokenizers/llama3.json');
+
+const sentencepieceTokenizers = [
+    'llama',
+    'nerdstash',
+    'nerdstash_v2',
+    'mistral',
+    'yi',
+    'gemma',
+];
+
+/**
+ * Gets the Sentencepiece tokenizer by the model name.
+ * @param {string} model Sentencepiece model name
+ * @returns {SentencePieceTokenizer|null} Sentencepiece tokenizer
+ */
+function getSentencepiceTokenizer(model) {
+    if (model.includes('llama')) {
+        return spp_llama;
+    }
+
+    if (model.includes('nerdstash')) {
+        return spp_nerd;
+    }
+
+    if (model.includes('mistral')) {
+        return spp_mistral;
+    }
+
+    if (model.includes('nerdstash_v2')) {
+        return spp_nerd_v2;
+    }
+
+    if (model.includes('yi')) {
+        return spp_yi;
+    }
+
+    if (model.includes('gemma')) {
+        return spp_gemma;
+    }
+
+    return null;
+}
+
+/**
+ * Counts the token ids for the given text using the Sentencepiece tokenizer.
+ * @param {SentencePieceTokenizer} tokenizer Sentencepiece tokenizer
+ * @param {string} text Text to tokenize
+ * @returns { Promise<{ids: number[], count: number}> } Tokenization result
+ */
+async function countSentencepieceTokens(tokenizer, text) {
+    const instance = await tokenizer?.get();
+
+    // Fallback to strlen estimation
+    if (!instance) {
+        return {
+            ids: [],
+            count: Math.ceil(text.length / CHARS_PER_TOKEN),
+        };
+    }
+
+    let cleaned = text; // cleanText(text); <-- cleaning text can result in an incorrect tokenization
+
+    let ids = instance.encodeIds(cleaned);
+    return {
+        ids,
+        count: ids.length,
+    };
+}
+
+/**
+ * Counts the tokens in the given array of objects using the Sentencepiece tokenizer.
+ * @param {SentencePieceTokenizer} tokenizer
+ * @param {object[]} array Array of objects to tokenize
+ * @returns {Promise<number>} Number of tokens
+ */
+async function countSentencepieceArrayTokens(tokenizer, array) {
+    const jsonBody = array.flatMap(x => Object.values(x)).join('\n\n');
+    const result = await countSentencepieceTokens(tokenizer, jsonBody);
+    const num_tokens = result.count;
+    return num_tokens;
+}
+
+async function getTiktokenChunks(tokenizer, ids) {
+    const decoder = new TextDecoder();
+    const chunks = [];
+
+    for (let i = 0; i < ids.length; i++) {
+        const id = ids[i];
+        const chunkTextBytes = await tokenizer.decode(new Uint32Array([id]));
+        const chunkText = decoder.decode(chunkTextBytes);
+        chunks.push(chunkText);
+    }
+
+    return chunks;
+}
+
+/**
+ * Gets the token chunks for the given token IDs using the Web tokenizer.
+ * @param {Tokenizer} tokenizer Web tokenizer instance
+ * @param {number[]} ids Token IDs
+ * @returns {string[]} Token chunks
+ */
+function getWebTokenizersChunks(tokenizer, ids) {
+    const chunks = [];
+
+    for (let i = 0, lastProcessed = 0; i < ids.length; i++) {
+        const chunkIds = ids.slice(lastProcessed, i + 1);
+        const chunkText = tokenizer.decode(new Int32Array(chunkIds));
+        if (chunkText === '�') {
+            continue;
+        }
+        chunks.push(chunkText);
+        lastProcessed = i + 1;
+    }
+
+    return chunks;
+}
+
+/**
+ * Gets the tokenizer model by the model name.
+ * @param {string} requestModel Models to use for tokenization
+ * @returns {string} Tokenizer model to use
+ */
+function getTokenizerModel(requestModel) {
+    if (requestModel.includes('gpt-4o')) {
+        return 'gpt-4o';
+    }
+
+    if (requestModel.includes('chatgpt-4o-latest')) {
+        return 'gpt-4o';
+    }
+
+    if (requestModel.includes('gpt-4-32k')) {
+        return 'gpt-4-32k';
+    }
+
+    if (requestModel.includes('gpt-4')) {
+        return 'gpt-4';
+    }
+
+    if (requestModel.includes('gpt-3.5-turbo-0301')) {
+        return 'gpt-3.5-turbo-0301';
+    }
+
+    if (requestModel.includes('gpt-3.5-turbo')) {
+        return 'gpt-3.5-turbo';
+    }
+
+    if (TEXT_COMPLETION_MODELS.includes(requestModel)) {
+        return requestModel;
+    }
+
+    if (requestModel.includes('claude')) {
+        return 'claude';
+    }
+
+    if (requestModel.includes('llama3') || requestModel.includes('llama-3')) {
+        return 'llama3';
+    }
+
+    if (requestModel.includes('llama')) {
+        return 'llama';
+    }
+
+    if (requestModel.includes('mistral')) {
+        return 'mistral';
+    }
+
+    if (requestModel.includes('yi')) {
+        return 'yi';
+    }
+
+    if (requestModel.includes('gemma') || requestModel.includes('gemini')) {
+        return 'gemma';
+    }
+
+    // default
+    return 'gpt-3.5-turbo';
+}
+
+function getTiktokenTokenizer(model) {
+    if (tokenizersCache[model]) {
+        return tokenizersCache[model];
+    }
+
+    const tokenizer = tiktoken.encoding_for_model(model);
+    console.log('Instantiated the tokenizer for', model);
+    tokenizersCache[model] = tokenizer;
+    return tokenizer;
+}
+
+/**
+ * Counts the tokens for the given messages using the WebTokenizer and Claude prompt conversion.
+ * @param {Tokenizer} tokenizer Web tokenizer
+ * @param {object[]} messages Array of messages
+ * @returns {number} Number of tokens
+ */
+function countWebTokenizerTokens(tokenizer, messages) {
+    // Should be fine if we use the old conversion method instead of the messages API one i think?
+    const convertedPrompt = convertClaudePrompt(messages, false, '', false, false, '', false);
+
+    // Fallback to strlen estimation
+    if (!tokenizer) {
+        return Math.ceil(convertedPrompt.length / CHARS_PER_TOKEN);
+    }
+
+    const count = tokenizer.encode(convertedPrompt).length;
+    return count;
+}
+
+/**
+ * Creates an API handler for encoding Sentencepiece tokens.
+ * @param {SentencePieceTokenizer} tokenizer Sentencepiece tokenizer
+ * @returns {TokenizationHandler} Handler function
+ */
+function createSentencepieceEncodingHandler(tokenizer) {
+    /**
+     * Request handler for encoding Sentencepiece tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const text = request.body.text || '';
+            const instance = await tokenizer?.get();
+            const { ids, count } = await countSentencepieceTokens(tokenizer, text);
+            const chunks = instance?.encodePieces(text);
+            return response.send({ ids, count, chunks });
+        } catch (error) {
+            console.log(error);
+            return response.send({ ids: [], count: 0, chunks: [] });
+        }
+    };
+}
+
+/**
+ * Creates an API handler for decoding Sentencepiece tokens.
+ * @param {SentencePieceTokenizer} tokenizer Sentencepiece tokenizer
+ * @returns {TokenizationHandler} Handler function
+ */
+function createSentencepieceDecodingHandler(tokenizer) {
+    /**
+     * Request handler for decoding Sentencepiece tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const ids = request.body.ids || [];
+            const instance = await tokenizer?.get();
+            if (!instance) throw new Error('Failed to load the Sentencepiece tokenizer');
+            const ops = ids.map(id => instance.decodeIds([id]));
+            const chunks = await Promise.all(ops);
+            const text = chunks.join('');
+            return response.send({ text, chunks });
+        } catch (error) {
+            console.log(error);
+            return response.send({ text: '', chunks: [] });
+        }
+    };
+}
+
+/**
+ * Creates an API handler for encoding Tiktoken tokens.
+ * @param {string} modelId Tiktoken model ID
+ * @returns {TokenizationHandler} Handler function
+ */
+function createTiktokenEncodingHandler(modelId) {
+    /**
+     * Request handler for encoding Tiktoken tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const text = request.body.text || '';
+            const tokenizer = getTiktokenTokenizer(modelId);
+            const tokens = Object.values(tokenizer.encode(text));
+            const chunks = await getTiktokenChunks(tokenizer, tokens);
+            return response.send({ ids: tokens, count: tokens.length, chunks });
+        } catch (error) {
+            console.log(error);
+            return response.send({ ids: [], count: 0, chunks: [] });
+        }
+    };
+}
+
+/**
+ * Creates an API handler for decoding Tiktoken tokens.
+ * @param {string} modelId Tiktoken model ID
+ * @returns {TokenizationHandler} Handler function
+ */
+function createTiktokenDecodingHandler(modelId) {
+    /**
+     * Request handler for decoding Tiktoken tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const ids = request.body.ids || [];
+            const tokenizer = getTiktokenTokenizer(modelId);
+            const textBytes = tokenizer.decode(new Uint32Array(ids));
+            const text = new TextDecoder().decode(textBytes);
+            return response.send({ text });
+        } catch (error) {
+            console.log(error);
+            return response.send({ text: '' });
+        }
+    };
+}
+
+/**
+ * Creates an API handler for encoding WebTokenizer tokens.
+ * @param {WebTokenizer} tokenizer WebTokenizer instance
+ * @returns {TokenizationHandler} Handler function
+ */
+function createWebTokenizerEncodingHandler(tokenizer) {
+    /**
+     * Request handler for encoding WebTokenizer tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const text = request.body.text || '';
+            const instance = await tokenizer?.get();
+            if (!instance) throw new Error('Failed to load the Web tokenizer');
+            const tokens = Array.from(instance.encode(text));
+            const chunks = getWebTokenizersChunks(instance, tokens);
+            return response.send({ ids: tokens, count: tokens.length, chunks });
+        } catch (error) {
+            console.log(error);
+            return response.send({ ids: [], count: 0, chunks: [] });
+        }
+    };
+}
+
+/**
+ * Creates an API handler for decoding WebTokenizer tokens.
+ * @param {WebTokenizer} tokenizer WebTokenizer instance
+ * @returns {TokenizationHandler} Handler function
+ */
+function createWebTokenizerDecodingHandler(tokenizer) {
+    /**
+     * Request handler for decoding WebTokenizer tokens.
+     * @param {import('express').Request} request
+     * @param {import('express').Response} response
+     * @returns {Promise<any>}
+     */
+    return async function (request, response) {
+        try {
+            if (!request.body) {
+                return response.sendStatus(400);
+            }
+
+            const ids = request.body.ids || [];
+            const instance = await tokenizer?.get();
+            if (!instance) throw new Error('Failed to load the Web tokenizer');
+            const chunks = getWebTokenizersChunks(instance, ids);
+            const text = instance.decode(new Int32Array(ids));
+            return response.send({ text, chunks });
+        } catch (error) {
+            console.log(error);
+            return response.send({ text: '', chunks: [] });
+        }
+    };
+}
+
+const router = express.Router();
+
+router.post('/ai21/count', jsonParser, async function (req, res) {
+    if (!req.body) return res.sendStatus(400);
+    const key = readSecret(req.user.directories, SECRET_KEYS.AI21);
+    const options = {
+        method: 'POST',
+        headers: {
+            accept: 'application/json',
+            'content-type': 'application/json',
+            Authorization: `Bearer ${key}`,
+        },
+        body: JSON.stringify({ text: req.body[0].content }),
+    };
+
+    try {
+        const response = await fetch('https://api.ai21.com/studio/v1/tokenize', options);
+        const data = await response.json();
+        return res.send({ 'token_count': data?.tokens?.length || 0 });
+    } catch (err) {
+        console.error(err);
+        return res.send({ 'token_count': 0 });
+    }
+});
+
+router.post('/google/count', jsonParser, async function (req, res) {
+    if (!req.body) return res.sendStatus(400);
+    const options = {
+        method: 'POST',
+        headers: {
+            accept: 'application/json',
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ contents: convertGooglePrompt(req.body, String(req.query.model)).contents }),
+    };
+    try {
+        const reverseProxy = req.query.reverse_proxy?.toString() || '';
+        const proxyPassword = req.query.proxy_password?.toString() || '';
+        const apiKey = reverseProxy ? proxyPassword : readSecret(req.user.directories, SECRET_KEYS.MAKERSUITE);
+        const apiUrl = new URL(reverseProxy || API_MAKERSUITE);
+        const response = await fetch(`${apiUrl.origin}/v1beta/models/${req.query.model}:countTokens?key=${apiKey}`, options);
+        const data = await response.json();
+        return res.send({ 'token_count': data?.totalTokens || 0 });
+    } catch (err) {
+        console.error(err);
+        return res.send({ 'token_count': 0 });
+    }
+});
+
+router.post('/llama/encode', jsonParser, createSentencepieceEncodingHandler(spp_llama));
+router.post('/nerdstash/encode', jsonParser, createSentencepieceEncodingHandler(spp_nerd));
+router.post('/nerdstash_v2/encode', jsonParser, createSentencepieceEncodingHandler(spp_nerd_v2));
+router.post('/mistral/encode', jsonParser, createSentencepieceEncodingHandler(spp_mistral));
+router.post('/yi/encode', jsonParser, createSentencepieceEncodingHandler(spp_yi));
+router.post('/gemma/encode', jsonParser, createSentencepieceEncodingHandler(spp_gemma));
+router.post('/gpt2/encode', jsonParser, createTiktokenEncodingHandler('gpt2'));
+router.post('/claude/encode', jsonParser, createWebTokenizerEncodingHandler(claude_tokenizer));
+router.post('/llama3/encode', jsonParser, createWebTokenizerEncodingHandler(llama3_tokenizer));
+router.post('/llama/decode', jsonParser, createSentencepieceDecodingHandler(spp_llama));
+router.post('/nerdstash/decode', jsonParser, createSentencepieceDecodingHandler(spp_nerd));
+router.post('/nerdstash_v2/decode', jsonParser, createSentencepieceDecodingHandler(spp_nerd_v2));
+router.post('/mistral/decode', jsonParser, createSentencepieceDecodingHandler(spp_mistral));
+router.post('/yi/decode', jsonParser, createSentencepieceDecodingHandler(spp_yi));
+router.post('/gemma/decode', jsonParser, createSentencepieceDecodingHandler(spp_gemma));
+router.post('/gpt2/decode', jsonParser, createTiktokenDecodingHandler('gpt2'));
+router.post('/claude/decode', jsonParser, createWebTokenizerDecodingHandler(claude_tokenizer));
+router.post('/llama3/decode', jsonParser, createWebTokenizerDecodingHandler(llama3_tokenizer));
+
+router.post('/openai/encode', jsonParser, async function (req, res) {
+    try {
+        const queryModel = String(req.query.model || '');
+
+        if (queryModel.includes('llama3') || queryModel.includes('llama-3')) {
+            const handler = createWebTokenizerEncodingHandler(llama3_tokenizer);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('llama')) {
+            const handler = createSentencepieceEncodingHandler(spp_llama);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('mistral')) {
+            const handler = createSentencepieceEncodingHandler(spp_mistral);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('yi')) {
+            const handler = createSentencepieceEncodingHandler(spp_yi);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('claude')) {
+            const handler = createWebTokenizerEncodingHandler(claude_tokenizer);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('gemma') || queryModel.includes('gemini')) {
+            const handler = createSentencepieceEncodingHandler(spp_gemma);
+            return handler(req, res);
+        }
+
+        const model = getTokenizerModel(queryModel);
+        const handler = createTiktokenEncodingHandler(model);
+        return handler(req, res);
+    } catch (error) {
+        console.log(error);
+        return res.send({ ids: [], count: 0, chunks: [] });
+    }
+});
+
+router.post('/openai/decode', jsonParser, async function (req, res) {
+    try {
+        const queryModel = String(req.query.model || '');
+
+        if (queryModel.includes('llama3') || queryModel.includes('llama-3')) {
+            const handler = createWebTokenizerDecodingHandler(llama3_tokenizer);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('llama')) {
+            const handler = createSentencepieceDecodingHandler(spp_llama);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('mistral')) {
+            const handler = createSentencepieceDecodingHandler(spp_mistral);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('yi')) {
+            const handler = createSentencepieceDecodingHandler(spp_yi);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('claude')) {
+            const handler = createWebTokenizerDecodingHandler(claude_tokenizer);
+            return handler(req, res);
+        }
+
+        if (queryModel.includes('gemma') || queryModel.includes('gemini')) {
+            const handler = createSentencepieceDecodingHandler(spp_gemma);
+            return handler(req, res);
+        }
+
+        const model = getTokenizerModel(queryModel);
+        const handler = createTiktokenDecodingHandler(model);
+        return handler(req, res);
+    } catch (error) {
+        console.log(error);
+        return res.send({ text: '' });
+    }
+});
+
+router.post('/openai/count', jsonParser, async function (req, res) {
+    try {
+        if (!req.body) return res.sendStatus(400);
+
+        let num_tokens = 0;
+        const queryModel = String(req.query.model || '');
+        const model = getTokenizerModel(queryModel);
+
+        if (model === 'claude') {
+            const instance = await claude_tokenizer.get();
+            if (!instance) throw new Error('Failed to load the Claude tokenizer');
+            num_tokens = countWebTokenizerTokens(instance, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        if (model === 'llama3' || model === 'llama-3') {
+            const instance = await llama3_tokenizer.get();
+            if (!instance) throw new Error('Failed to load the Llama3 tokenizer');
+            num_tokens = countWebTokenizerTokens(instance, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        if (model === 'llama') {
+            num_tokens = await countSentencepieceArrayTokens(spp_llama, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        if (model === 'mistral') {
+            num_tokens = await countSentencepieceArrayTokens(spp_mistral, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        if (model === 'yi') {
+            num_tokens = await countSentencepieceArrayTokens(spp_yi, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        if (model === 'gemma' || model === 'gemini') {
+            num_tokens = await countSentencepieceArrayTokens(spp_gemma, req.body);
+            return res.send({ 'token_count': num_tokens });
+        }
+
+        const tokensPerName = queryModel.includes('gpt-3.5-turbo-0301') ? -1 : 1;
+        const tokensPerMessage = queryModel.includes('gpt-3.5-turbo-0301') ? 4 : 3;
+        const tokensPadding = 3;
+
+        const tokenizer = getTiktokenTokenizer(model);
+
+        for (const msg of req.body) {
+            try {
+                num_tokens += tokensPerMessage;
+                for (const [key, value] of Object.entries(msg)) {
+                    num_tokens += tokenizer.encode(value).length;
+                    if (key == 'name') {
+                        num_tokens += tokensPerName;
+                    }
+                }
+            } catch {
+                console.warn('Error tokenizing message:', msg);
+            }
+        }
+        num_tokens += tokensPadding;
+
+        // NB: Since 2023-10-14, the GPT-3.5 Turbo 0301 model shoves in 7-9 extra tokens to every message.
+        // More details: https://community.openai.com/t/gpt-3-5-turbo-0301-showing-different-behavior-suddenly/431326/14
+        if (queryModel.includes('gpt-3.5-turbo-0301')) {
+            num_tokens += 9;
+        }
+
+        // not needed for cached tokenizers
+        //tokenizer.free();
+
+        res.send({ 'token_count': num_tokens });
+    } catch (error) {
+        console.error('An error counting tokens, using fallback estimation method', error);
+        const jsonBody = JSON.stringify(req.body);
+        const num_tokens = Math.ceil(jsonBody.length / CHARS_PER_TOKEN);
+        res.send({ 'token_count': num_tokens });
+    }
+});
+
+router.post('/remote/kobold/count', jsonParser, async function (request, response) {
+    if (!request.body) {
+        return response.sendStatus(400);
+    }
+    const text = String(request.body.text) || '';
+    const baseUrl = String(request.body.url);
+
+    try {
+        const args = {
+            method: 'POST',
+            body: JSON.stringify({ 'prompt': text }),
+            headers: { 'Content-Type': 'application/json' },
+        };
+
+        let url = String(baseUrl).replace(/\/$/, '');
+        url += '/extra/tokencount';
+
+        const result = await fetch(url, args);
+
+        if (!result.ok) {
+            console.log(`API returned error: ${result.status} ${result.statusText}`);
+            return response.send({ error: true });
+        }
+
+        const data = await result.json();
+        const count = data['value'];
+        const ids = data['ids'] ?? [];
+        return response.send({ count, ids });
+    } catch (error) {
+        console.log(error);
+        return response.send({ error: true });
+    }
+});
+
+router.post('/remote/textgenerationwebui/encode', jsonParser, async function (request, response) {
+    if (!request.body) {
+        return response.sendStatus(400);
+    }
+    const text = String(request.body.text) || '';
+    const baseUrl = String(request.body.url);
+    const legacyApi = Boolean(request.body.legacy_api);
+    const vllmModel = String(request.body.vllm_model) || '';
+
+    try {
+        const args = {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+        };
+
+        setAdditionalHeaders(request, args, baseUrl);
+
+        // Convert to string + remove trailing slash + /v1 suffix
+        let url = String(baseUrl).replace(/\/$/, '').replace(/\/v1$/, '');
+
+        if (legacyApi) {
+            url += '/v1/token-count';
+            args.body = JSON.stringify({ 'prompt': text });
+        } else {
+            switch (request.body.api_type) {
+                case TEXTGEN_TYPES.TABBY:
+                    url += '/v1/token/encode';
+                    args.body = JSON.stringify({ 'text': text });
+                    break;
+                case TEXTGEN_TYPES.KOBOLDCPP:
+                    url += '/api/extra/tokencount';
+                    args.body = JSON.stringify({ 'prompt': text });
+                    break;
+                case TEXTGEN_TYPES.LLAMACPP:
+                    url += '/tokenize';
+                    args.body = JSON.stringify({ 'content': text });
+                    break;
+                case TEXTGEN_TYPES.VLLM:
+                    url += '/tokenize';
+                    args.body = JSON.stringify({ 'model': vllmModel, 'prompt': text });
+                    break;
+                case TEXTGEN_TYPES.APHRODITE:
+                    url += '/v1/tokenize';
+                    args.body = JSON.stringify({ 'prompt': text });
+                    break;
+                default:
+                    url += '/v1/internal/encode';
+                    args.body = JSON.stringify({ 'text': text });
+                    break;
+            }
+        }
+
+        const result = await fetch(url, args);
+
+        if (!result.ok) {
+            console.log(`API returned error: ${result.status} ${result.statusText}`);
+            return response.send({ error: true });
+        }
+
+        const data = await result.json();
+        const count = legacyApi ? data?.results[0]?.tokens : (data?.length ?? data?.count ?? data?.value ?? data?.tokens?.length);
+        const ids = legacyApi ? [] : (data?.tokens ?? data?.ids ?? []);
+
+        return response.send({ count, ids });
+    } catch (error) {
+        console.log(error);
+        return response.send({ error: true });
+    }
+});
+
+module.exports = {
+    TEXT_COMPLETION_MODELS,
+    getTokenizerModel,
+    getTiktokenTokenizer,
+    countWebTokenizerTokens,
+    getSentencepiceTokenizer,
+    sentencepieceTokenizers,
+    router,
+};

src/endpoints/translate.js

@@ -0,0 +1,398 @@
+const fetch = require('node-fetch').default;
+const https = require('https');
+const express = require('express');
+const iconv = require('iconv-lite');
+const { readSecret, SECRET_KEYS } = require('./secrets');
+const { getConfigValue, uuidv4 } = require('../util');
+const { jsonParser } = require('../express-common');
+
+const DEEPLX_URL_DEFAULT = 'http://127.0.0.1:1188/translate';
+const ONERING_URL_DEFAULT = 'http://127.0.0.1:4990/translate';
+
+const router = express.Router();
+
+router.post('/libre', jsonParser, async (request, response) => {
+    const key = readSecret(request.user.directories, SECRET_KEYS.LIBRE);
+    const url = readSecret(request.user.directories, SECRET_KEYS.LIBRE_URL);
+
+    if (!url) {
+        console.log('LibreTranslate URL is not configured.');
+        return response.sendStatus(400);
+    }
+
+    if (request.body.lang === 'zh-CN') {
+        request.body.lang = 'zh';
+    }
+
+    if (request.body.lang === 'zh-TW') {
+        request.body.lang = 'zt';
+    }
+
+    const text = request.body.text;
+    const lang = request.body.lang;
+
+    if (!text || !lang) {
+        return response.sendStatus(400);
+    }
+
+    console.log('Input text: ' + text);
+
+    try {
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify({
+                q: text,
+                source: 'auto',
+                target: lang,
+                format: 'text',
+                api_key: key,
+            }),
+            headers: { 'Content-Type': 'application/json' },
+        });
+
+        if (!result.ok) {
+            const error = await result.text();
+            console.log('LibreTranslate error: ', result.statusText, error);
+            return response.sendStatus(result.status);
+        }
+
+        const json = await result.json();
+        console.log('Translated text: ' + json.translatedText);
+
+        return response.send(json.translatedText);
+    } catch (error) {
+        console.log('Translation error: ' + error.message);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/google', jsonParser, async (request, response) => {
+    try {
+        const { generateRequestUrl, normaliseResponse } = require('google-translate-api-browser');
+        const text = request.body.text;
+        const lang = request.body.lang;
+
+        if (!text || !lang) {
+            return response.sendStatus(400);
+        }
+
+        console.log('Input text: ' + text);
+
+        const url = generateRequestUrl(text, { to: lang });
+
+        https.get(url, (resp) => {
+            const data = [];
+
+            resp.on('data', (chunk) => {
+                data.push(chunk);
+            });
+
+            resp.on('end', () => {
+                try {
+                    const decodedData = iconv.decode(Buffer.concat(data), 'utf-8');
+                    const result = normaliseResponse(JSON.parse(decodedData));
+                    console.log('Translated text: ' + result.text);
+                    response.setHeader('Content-Type', 'text/plain; charset=utf-8');
+                    return response.send(result.text);
+                } catch (error) {
+                    console.log('Translation error', error);
+                    return response.sendStatus(500);
+                }
+            });
+        }).on('error', (err) => {
+            console.log('Translation error: ' + err.message);
+            return response.sendStatus(500);
+        });
+    } catch (error) {
+        console.log('Translation error', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/yandex', jsonParser, async (request, response) => {
+    const chunks = request.body.chunks;
+    const lang = request.body.lang;
+
+    if (!chunks || !lang) {
+        return response.sendStatus(400);
+    }
+
+    // reconstruct original text to log
+    let inputText = '';
+
+    const params = new URLSearchParams();
+    for (const chunk of chunks) {
+        params.append('text', chunk);
+        inputText += chunk;
+    }
+    params.append('lang', lang);
+    const ucid = uuidv4().replaceAll('-', '');
+
+    console.log('Input text: ' + inputText);
+
+    try {
+        const result = await fetch(`https://translate.yandex.net/api/v1/tr.json/translate?ucid=${ucid}&srv=android&format=text`, {
+            method: 'POST',
+            body: params,
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const error = await result.text();
+            console.log('Yandex error: ', result.statusText, error);
+            return response.sendStatus(500);
+        }
+
+        const json = await result.json();
+        const translated = json.text.join();
+        console.log('Translated text: ' + translated);
+
+        return response.send(translated);
+    } catch (error) {
+        console.log('Translation error: ' + error.message);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/lingva', jsonParser, async (request, response) => {
+    try {
+        const baseUrl = readSecret(request.user.directories, SECRET_KEYS.LINGVA_URL);
+
+        if (!baseUrl) {
+            console.log('Lingva URL is not configured.');
+            return response.sendStatus(400);
+        }
+
+        const text = request.body.text;
+        const lang = request.body.lang;
+
+        if (!text || !lang) {
+            return response.sendStatus(400);
+        }
+
+        console.log('Input text: ' + text);
+        const url = `${baseUrl}/auto/${lang}/${encodeURIComponent(text)}`;
+
+        https.get(url, (resp) => {
+            let data = '';
+
+            resp.on('data', (chunk) => {
+                data += chunk;
+            });
+
+            resp.on('end', () => {
+                try {
+                    const result = JSON.parse(data);
+                    console.log('Translated text: ' + result.translation);
+                    return response.send(result.translation);
+                } catch (error) {
+                    console.log('Translation error', error);
+                    return response.sendStatus(500);
+                }
+            });
+        }).on('error', (err) => {
+            console.log('Translation error: ' + err.message);
+            return response.sendStatus(500);
+        });
+    } catch (error) {
+        console.log('Translation error', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/deepl', jsonParser, async (request, response) => {
+    const key = readSecret(request.user.directories, SECRET_KEYS.DEEPL);
+
+    if (!key) {
+        console.log('DeepL key is not configured.');
+        return response.sendStatus(400);
+    }
+
+    if (request.body.lang === 'zh-CN' || request.body.lang === 'zh-TW') {
+        request.body.lang = 'ZH';
+    }
+
+    const text = request.body.text;
+    const lang = request.body.lang;
+    const formality = getConfigValue('deepl.formality', 'default');
+
+    if (!text || !lang) {
+        return response.sendStatus(400);
+    }
+
+    console.log('Input text: ' + text);
+
+    const params = new URLSearchParams();
+    params.append('text', text);
+    params.append('target_lang', lang);
+
+    if (['de', 'fr', 'it', 'es', 'nl', 'ja', 'ru'].includes(lang)) {
+        // We don't specify a Portuguese variant, so ignore formality for it.
+        params.append('formality', formality);
+    }
+
+    try {
+        const result = await fetch('https://api-free.deepl.com/v2/translate', {
+            method: 'POST',
+            body: params,
+            headers: {
+                'Accept': 'application/json',
+                'Authorization': `DeepL-Auth-Key ${key}`,
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const error = await result.text();
+            console.log('DeepL error: ', result.statusText, error);
+            return response.sendStatus(result.status);
+        }
+
+        const json = await result.json();
+        console.log('Translated text: ' + json.translations[0].text);
+
+        return response.send(json.translations[0].text);
+    } catch (error) {
+        console.log('Translation error: ' + error.message);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/onering', jsonParser, async (request, response) => {
+    const secretUrl = readSecret(request.user.directories, SECRET_KEYS.ONERING_URL);
+    const url = secretUrl || ONERING_URL_DEFAULT;
+
+    if (!url) {
+        console.log('OneRing URL is not configured.');
+        return response.sendStatus(400);
+    }
+
+    if (!secretUrl && url === ONERING_URL_DEFAULT) {
+        console.log('OneRing URL is using default value.', ONERING_URL_DEFAULT);
+    }
+
+    const text = request.body.text;
+    const from_lang = request.body.from_lang;
+    const to_lang = request.body.to_lang;
+
+    if (!text || !from_lang || !to_lang) {
+        return response.sendStatus(400);
+    }
+
+    const params = new URLSearchParams();
+    params.append('text', text);
+    params.append('from_lang', from_lang);
+    params.append('to_lang', to_lang);
+
+    console.log('Input text: ' + text);
+
+    try {
+        const fetchUrl = new URL(url);
+        fetchUrl.search = params.toString();
+
+        const result = await fetch(fetchUrl, {
+            method: 'GET',
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const error = await result.text();
+            console.log('OneRing error: ', result.statusText, error);
+            return response.sendStatus(result.status);
+        }
+
+        const data = await result.json();
+        console.log('Translated text: ' + data.result);
+
+        return response.send(data.result);
+    } catch (error) {
+        console.log('Translation error: ' + error.message);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/deeplx', jsonParser, async (request, response) => {
+    const secretUrl = readSecret(request.user.directories, SECRET_KEYS.DEEPLX_URL);
+    const url = secretUrl || DEEPLX_URL_DEFAULT;
+
+    if (!url) {
+        console.log('DeepLX URL is not configured.');
+        return response.sendStatus(400);
+    }
+
+    if (!secretUrl && url === DEEPLX_URL_DEFAULT) {
+        console.log('DeepLX URL is using default value.', DEEPLX_URL_DEFAULT);
+    }
+
+    const text = request.body.text;
+    let lang = request.body.lang;
+    if (request.body.lang === 'zh-CN' || request.body.lang === 'zh-TW') {
+        lang = 'ZH';
+    }
+
+    if (!text || !lang) {
+        return response.sendStatus(400);
+    }
+
+    console.log('Input text: ' + text);
+
+    try {
+        const result = await fetch(url, {
+            method: 'POST',
+            body: JSON.stringify({
+                text: text,
+                source_lang: 'auto',
+                target_lang: lang,
+            }),
+            headers: {
+                'Accept': 'application/json',
+                'Content-Type': 'application/json',
+            },
+            timeout: 0,
+        });
+
+        if (!result.ok) {
+            const error = await result.text();
+            console.log('DeepLX error: ', result.statusText, error);
+            return response.sendStatus(result.status);
+        }
+
+        const json = await result.json();
+        console.log('Translated text: ' + json.data);
+
+        return response.send(json.data);
+    } catch (error) {
+        console.log('DeepLX translation error: ' + error.message);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/bing', jsonParser, async (request, response) => {
+    const bingTranslateApi = require('bing-translate-api');
+    const text = request.body.text;
+    let lang = request.body.lang;
+
+    if (request.body.lang === 'zh-CN') {
+        lang = 'zh-Hans';
+    }
+
+    if (!text || !lang) {
+        return response.sendStatus(400);
+    }
+
+    console.log('Input text: ' + text);
+
+    bingTranslateApi.translate(text, null, lang).then(result => {
+        console.log('Translated text: ' + result.translation);
+        return response.send(result.translation);
+    }).catch(err => {
+        console.log('Translation error: ' + err.message);
+        return response.sendStatus(500);
+    });
+});
+
+module.exports = { router };

src/endpoints/users-admin.js

@@ -0,0 +1,255 @@
+const fsPromises = require('fs').promises;
+const storage = require('node-persist');
+const express = require('express');
+const lodash = require('lodash');
+const { jsonParser } = require('../express-common');
+const { checkForNewContent } = require('./content-manager');
+const {
+    KEY_PREFIX,
+    toKey,
+    requireAdminMiddleware,
+    getUserAvatar,
+    getAllUserHandles,
+    getPasswordSalt,
+    getPasswordHash,
+    getUserDirectories,
+    ensurePublicDirectoriesExist,
+} = require('../users');
+const { DEFAULT_USER } = require('../constants');
+
+const router = express.Router();
+
+router.post('/get', requireAdminMiddleware, jsonParser, async (_request, response) => {
+    try {
+        /** @type {import('../users').User[]} */
+        const users = await storage.values(x => x.key.startsWith(KEY_PREFIX));
+
+        /** @type {Promise<import('../users').UserViewModel>[]} */
+        const viewModelPromises = users
+            .map(user => new Promise(resolve => {
+                getUserAvatar(user.handle).then(avatar =>
+                    resolve({
+                        handle: user.handle,
+                        name: user.name,
+                        avatar: avatar,
+                        admin: user.admin,
+                        enabled: user.enabled,
+                        created: user.created,
+                        password: !!user.password,
+                    }),
+                );
+            }));
+
+        const viewModels = await Promise.all(viewModelPromises);
+        viewModels.sort((x, y) => (x.created ?? 0) - (y.created ?? 0));
+        return response.json(viewModels);
+    } catch (error) {
+        console.error('User list failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/disable', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Disable user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle === request.user.profile.handle) {
+            console.log('Disable user failed: Cannot disable yourself');
+            return response.status(400).json({ error: 'Cannot disable yourself' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Disable user failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        user.enabled = false;
+        await storage.setItem(toKey(request.body.handle), user);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('User disable failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/enable', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Enable user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Enable user failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        user.enabled = true;
+        await storage.setItem(toKey(request.body.handle), user);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('User enable failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/promote', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Promote user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Promote user failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        user.admin = true;
+        await storage.setItem(toKey(request.body.handle), user);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('User promote failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/demote', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Demote user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle === request.user.profile.handle) {
+            console.log('Demote user failed: Cannot demote yourself');
+            return response.status(400).json({ error: 'Cannot demote yourself' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Demote user failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        user.admin = false;
+        await storage.setItem(toKey(request.body.handle), user);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('User demote failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/create', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle || !request.body.name) {
+            console.log('Create user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        const handles = await getAllUserHandles();
+        const handle = lodash.kebabCase(String(request.body.handle).toLowerCase().trim());
+
+        if (!handle) {
+            console.log('Create user failed: Invalid handle');
+            return response.status(400).json({ error: 'Invalid handle' });
+        }
+
+        if (handles.some(x => x === handle)) {
+            console.log('Create user failed: User with that handle already exists');
+            return response.status(409).json({ error: 'User already exists' });
+        }
+
+        const salt = getPasswordSalt();
+        const password = request.body.password ? getPasswordHash(request.body.password, salt) : '';
+
+        const newUser = {
+            handle: handle,
+            name: request.body.name || 'Anonymous',
+            created: Date.now(),
+            password: password,
+            salt: salt,
+            admin: !!request.body.admin,
+            enabled: true,
+        };
+
+        await storage.setItem(toKey(handle), newUser);
+
+        // Create user directories
+        console.log('Creating data directories for', newUser.handle);
+        await ensurePublicDirectoriesExist();
+        const directories = getUserDirectories(newUser.handle);
+        await checkForNewContent([directories]);
+        return response.json({ handle: newUser.handle });
+    } catch (error) {
+        console.error('User create failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/delete', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Delete user failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle === request.user.profile.handle) {
+            console.log('Delete user failed: Cannot delete yourself');
+            return response.status(400).json({ error: 'Cannot delete yourself' });
+        }
+
+        if (request.body.handle === DEFAULT_USER.handle) {
+            console.log('Delete user failed: Cannot delete default user');
+            return response.status(400).json({ error: 'Sorry, but the default user cannot be deleted. It is required as a fallback.' });
+        }
+
+        await storage.removeItem(toKey(request.body.handle));
+
+        if (request.body.purge) {
+            const directories = getUserDirectories(request.body.handle);
+            console.log('Deleting data directories for', request.body.handle);
+            await fsPromises.rm(directories.root, { recursive: true, force: true });
+        }
+
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('User delete failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/slugify', requireAdminMiddleware, jsonParser, async (request, response) => {
+    try {
+        if (!request.body.text) {
+            console.log('Slugify failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        const text = lodash.kebabCase(String(request.body.text).toLowerCase().trim());
+
+        return response.send(text);
+    } catch (error) {
+        console.error('Slugify failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    router,
+};

src/endpoints/users-private.js

@@ -0,0 +1,257 @@
+const path = require('path');
+const fsPromises = require('fs').promises;
+const storage = require('node-persist');
+const express = require('express');
+const crypto = require('crypto');
+const { jsonParser } = require('../express-common');
+const { getUserAvatar, toKey, getPasswordHash, getPasswordSalt, createBackupArchive, ensurePublicDirectoriesExist, toAvatarKey } = require('../users');
+const { SETTINGS_FILE } = require('../constants');
+const contentManager = require('./content-manager');
+const { color, Cache } = require('../util');
+const { checkForNewContent } = require('./content-manager');
+
+const RESET_CACHE = new Cache(5 * 60 * 1000);
+
+const router = express.Router();
+
+router.post('/logout', async (request, response) => {
+    try {
+        if (!request.session) {
+            console.error('Session not available');
+            return response.sendStatus(500);
+        }
+
+        request.session.handle = null;
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.get('/me', async (request, response) => {
+    try {
+        if (!request.user) {
+            return response.sendStatus(403);
+        }
+
+        const user = request.user.profile;
+        const viewModel = {
+            handle: user.handle,
+            name: user.name,
+            avatar: await getUserAvatar(user.handle),
+            admin: user.admin,
+            password: !!user.password,
+            created: user.created,
+        };
+
+        return response.json(viewModel);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/change-avatar', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Change avatar failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) {
+            console.log('Change avatar failed: Unauthorized');
+            return response.status(403).json({ error: 'Unauthorized' });
+        }
+
+        // Avatar is not a data URL or not an empty string
+        if (!request.body.avatar.startsWith('data:image/') && request.body.avatar !== '') {
+            console.log('Change avatar failed: Invalid data URL');
+            return response.status(400).json({ error: 'Invalid data URL' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Change avatar failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        await storage.setItem(toAvatarKey(request.body.handle), request.body.avatar);
+
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/change-password', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Change password failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) {
+            console.log('Change password failed: Unauthorized');
+            return response.status(403).json({ error: 'Unauthorized' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Change password failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        if (!user.enabled) {
+            console.log('Change password failed: User is disabled');
+            return response.status(403).json({ error: 'User is disabled' });
+        }
+
+        if (!request.user.profile.admin && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
+            console.log('Change password failed: Incorrect password');
+            return response.status(403).json({ error: 'Incorrect password' });
+        }
+
+        if (request.body.newPassword) {
+            const salt = getPasswordSalt();
+            user.password = getPasswordHash(request.body.newPassword, salt);
+            user.salt = salt;
+        } else {
+            user.password = '';
+            user.salt = '';
+        }
+
+        await storage.setItem(toKey(request.body.handle), user);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error(error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/backup', jsonParser, async (request, response) => {
+    try {
+        const handle = request.body.handle;
+
+        if (!handle) {
+            console.log('Backup failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (handle !== request.user.profile.handle && !request.user.profile.admin) {
+            console.log('Backup failed: Unauthorized');
+            return response.status(403).json({ error: 'Unauthorized' });
+        }
+
+        await createBackupArchive(handle, response);
+    } catch (error) {
+        console.error('Backup failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/reset-settings', jsonParser, async (request, response) => {
+    try {
+        const password = request.body.password;
+
+        if (request.user.profile.password && request.user.profile.password !== getPasswordHash(password, request.user.profile.salt)) {
+            console.log('Reset settings failed: Incorrect password');
+            return response.status(403).json({ error: 'Incorrect password' });
+        }
+
+        const pathToFile = path.join(request.user.directories.root, SETTINGS_FILE);
+        await fsPromises.rm(pathToFile, { force: true });
+        await contentManager.checkForNewContent([request.user.directories], [contentManager.CONTENT_TYPES.SETTINGS]);
+
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('Reset settings failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/change-name', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.name || !request.body.handle) {
+            console.log('Change name failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) {
+            console.log('Change name failed: Unauthorized');
+            return response.status(403).json({ error: 'Unauthorized' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Change name failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        user.name = request.body.name;
+        await storage.setItem(toKey(request.body.handle), user);
+
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('Change name failed', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/reset-step1', jsonParser, async (request, response) => {
+    try {
+        const resetCode = String(crypto.randomInt(1000, 9999));
+        console.log();
+        console.log(color.magenta(`${request.user.profile.name}, your account reset code is: `) + color.red(resetCode));
+        console.log();
+        RESET_CACHE.set(request.user.profile.handle, resetCode);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('Recover step 1 failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/reset-step2', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.code) {
+            console.log('Recover step 2 failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        if (request.user.profile.password && request.user.profile.password !== getPasswordHash(request.body.password, request.user.profile.salt)) {
+            console.log('Recover step 2 failed: Incorrect password');
+            return response.status(400).json({ error: 'Incorrect password' });
+        }
+
+        const code = RESET_CACHE.get(request.user.profile.handle);
+
+        if (!code || code !== request.body.code) {
+            console.log('Recover step 2 failed: Incorrect code');
+            return response.status(400).json({ error: 'Incorrect code' });
+        }
+
+        console.log('Resetting account data:', request.user.profile.handle);
+        await fsPromises.rm(request.user.directories.root, { recursive: true, force: true });
+
+        await ensurePublicDirectoriesExist();
+        await checkForNewContent([request.user.directories]);
+
+        RESET_CACHE.remove(request.user.profile.handle);
+        return response.sendStatus(204);
+    } catch (error) {
+        console.error('Recover step 2 failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    router,
+};

src/endpoints/users-public.js

@@ -0,0 +1,199 @@
+const crypto = require('crypto');
+const storage = require('node-persist');
+const express = require('express');
+const { RateLimiterMemory, RateLimiterRes } = require('rate-limiter-flexible');
+const { jsonParser, getIpFromRequest } = require('../express-common');
+const { color, Cache, getConfigValue } = require('../util');
+const { KEY_PREFIX, getUserAvatar, toKey, getPasswordHash, getPasswordSalt } = require('../users');
+
+const DISCREET_LOGIN = getConfigValue('enableDiscreetLogin', false);
+const MFA_CACHE = new Cache(5 * 60 * 1000);
+
+const router = express.Router();
+const loginLimiter = new RateLimiterMemory({
+    points: 5,
+    duration: 60,
+});
+const recoverLimiter = new RateLimiterMemory({
+    points: 5,
+    duration: 300,
+});
+
+router.post('/list', async (_request, response) => {
+    try {
+        if (DISCREET_LOGIN) {
+            return response.sendStatus(204);
+        }
+
+        /** @type {import('../users').User[]} */
+        const users = await storage.values(x => x.key.startsWith(KEY_PREFIX));
+
+        /** @type {Promise<import('../users').UserViewModel>[]} */
+        const viewModelPromises = users
+            .filter(x => x.enabled)
+            .map(user => new Promise(async (resolve) => {
+                getUserAvatar(user.handle).then(avatar =>
+                    resolve({
+                        handle: user.handle,
+                        name: user.name,
+                        created: user.created,
+                        avatar: avatar,
+                        password: !!user.password,
+                    }),
+                );
+            }));
+
+        const viewModels = await Promise.all(viewModelPromises);
+        viewModels.sort((x, y) => (x.created ?? 0) - (y.created ?? 0));
+        return response.json(viewModels);
+    } catch (error) {
+        console.error('User list failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/login', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Login failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        const ip = getIpFromRequest(request);
+        await loginLimiter.consume(ip);
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Login failed: User not found');
+            return response.status(403).json({ error: 'Incorrect credentials' });
+        }
+
+        if (!user.enabled) {
+            console.log('Login failed: User is disabled');
+            return response.status(403).json({ error: 'User is disabled' });
+        }
+
+        if (user.password && user.password !== getPasswordHash(request.body.password, user.salt)) {
+            console.log('Login failed: Incorrect password');
+            return response.status(403).json({ error: 'Incorrect credentials' });
+        }
+
+        if (!request.session) {
+            console.error('Session not available');
+            return response.sendStatus(500);
+        }
+
+        await loginLimiter.delete(ip);
+        request.session.handle = user.handle;
+        console.log('Login successful:', user.handle, request.session);
+        return response.json({ handle: user.handle });
+    } catch (error) {
+        if (error instanceof RateLimiterRes) {
+            console.log('Login failed: Rate limited from', getIpFromRequest(request));
+            return response.status(429).send({ error: 'Too many attempts. Try again later or recover your password.' });
+        }
+
+        console.error('Login failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/recover-step1', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle) {
+            console.log('Recover step 1 failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        const ip = getIpFromRequest(request);
+        await recoverLimiter.consume(ip);
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+
+        if (!user) {
+            console.log('Recover step 1 failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        if (!user.enabled) {
+            console.log('Recover step 1 failed: User is disabled');
+            return response.status(403).json({ error: 'User is disabled' });
+        }
+
+        const mfaCode = String(crypto.randomInt(1000, 9999));
+        console.log();
+        console.log(color.blue(`${user.name}, your password recovery code is: `) + color.magenta(mfaCode));
+        console.log();
+        MFA_CACHE.set(user.handle, mfaCode);
+        return response.sendStatus(204);
+    } catch (error) {
+        if (error instanceof RateLimiterRes) {
+            console.log('Recover step 1 failed: Rate limited from', getIpFromRequest(request));
+            return response.status(429).send({ error: 'Too many attempts. Try again later or contact your admin.' });
+        }
+
+        console.error('Recover step 1 failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+router.post('/recover-step2', jsonParser, async (request, response) => {
+    try {
+        if (!request.body.handle || !request.body.code) {
+            console.log('Recover step 2 failed: Missing required fields');
+            return response.status(400).json({ error: 'Missing required fields' });
+        }
+
+        /** @type {import('../users').User} */
+        const user = await storage.getItem(toKey(request.body.handle));
+        const ip = getIpFromRequest(request);
+
+        if (!user) {
+            console.log('Recover step 2 failed: User not found');
+            return response.status(404).json({ error: 'User not found' });
+        }
+
+        if (!user.enabled) {
+            console.log('Recover step 2 failed: User is disabled');
+            return response.status(403).json({ error: 'User is disabled' });
+        }
+
+        const mfaCode = MFA_CACHE.get(user.handle);
+
+        if (request.body.code !== mfaCode) {
+            await recoverLimiter.consume(ip);
+            console.log('Recover step 2 failed: Incorrect code');
+            return response.status(403).json({ error: 'Incorrect code' });
+        }
+
+        if (request.body.newPassword) {
+            const salt = getPasswordSalt();
+            user.password = getPasswordHash(request.body.newPassword, salt);
+            user.salt = salt;
+            await storage.setItem(toKey(user.handle), user);
+        } else {
+            user.password = '';
+            user.salt = '';
+            await storage.setItem(toKey(user.handle), user);
+        }
+
+        await recoverLimiter.delete(ip);
+        MFA_CACHE.remove(user.handle);
+        return response.sendStatus(204);
+    } catch (error) {
+        if (error instanceof RateLimiterRes) {
+            console.log('Recover step 2 failed: Rate limited from', getIpFromRequest(request));
+            return response.status(429).send({ error: 'Too many attempts. Try again later or contact your admin.' });
+        }
+
+        console.error('Recover step 2 failed:', error);
+        return response.sendStatus(500);
+    }
+});
+
+module.exports = {
+    router,
+};

src/endpoints/vectors.js

@@ -0,0 +1,491 @@
+const vectra = require('vectra');
+const path = require('path');
+const fs = require('fs');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const { jsonParser } = require('../express-common');
+
+// Don't forget to add new sources to the SOURCES array
+const SOURCES = [
+    'transformers',
+    'mistral',
+    'openai',
+    'extras',
+    'palm',
+    'togetherai',
+    'nomicai',
+    'cohere',
+    'ollama',
+    'llamacpp',
+    'vllm',
+];
+
+/**
+ * Gets the vector for the given text from the given source.
+ * @param {string} source - The source of the vector
+ * @param {Object} sourceSettings - Settings for the source, if it needs any
+ * @param {string} text - The text to get the vector for
+ * @param {boolean} isQuery - If the text is a query for embedding search
+ * @param {import('../users').UserDirectoryList} directories - The directories object for the user
+ * @returns {Promise<number[]>} - The vector for the text
+ */
+async function getVector(source, sourceSettings, text, isQuery, directories) {
+    switch (source) {
+        case 'nomicai':
+            return require('../vectors/nomicai-vectors').getNomicAIVector(text, source, directories);
+        case 'togetherai':
+        case 'mistral':
+        case 'openai':
+            return require('../vectors/openai-vectors').getOpenAIVector(text, source, directories, sourceSettings.model);
+        case 'transformers':
+            return require('../vectors/embedding').getTransformersVector(text);
+        case 'extras':
+            return require('../vectors/extras-vectors').getExtrasVector(text, sourceSettings.extrasUrl, sourceSettings.extrasKey);
+        case 'palm':
+            return require('../vectors/makersuite-vectors').getMakerSuiteVector(text, directories);
+        case 'cohere':
+            return require('../vectors/cohere-vectors').getCohereVector(text, isQuery, directories, sourceSettings.model);
+        case 'llamacpp':
+            return require('../vectors/llamacpp-vectors').getLlamaCppVector(text, sourceSettings.apiUrl, directories);
+        case 'vllm':
+            return require('../vectors/vllm-vectors').getVllmVector(text, sourceSettings.apiUrl, sourceSettings.model, directories);
+        case 'ollama':
+            return require('../vectors/ollama-vectors').getOllamaVector(text, sourceSettings.apiUrl, sourceSettings.model, sourceSettings.keep, directories);
+    }
+
+    throw new Error(`Unknown vector source ${source}`);
+}
+
+/**
+ * Gets the vector for the given text batch from the given source.
+ * @param {string} source - The source of the vector
+ * @param {Object} sourceSettings - Settings for the source, if it needs any
+ * @param {string[]} texts - The array of texts to get the vector for
+ * @param {boolean} isQuery - If the text is a query for embedding search
+ * @param {import('../users').UserDirectoryList} directories - The directories object for the user
+ * @returns {Promise<number[][]>} - The array of vectors for the texts
+ */
+async function getBatchVector(source, sourceSettings, texts, isQuery, directories) {
+    const batchSize = 10;
+    const batches = Array(Math.ceil(texts.length / batchSize)).fill(undefined).map((_, i) => texts.slice(i * batchSize, i * batchSize + batchSize));
+
+    let results = [];
+    for (let batch of batches) {
+        switch (source) {
+            case 'nomicai':
+                results.push(...await require('../vectors/nomicai-vectors').getNomicAIBatchVector(batch, source, directories));
+                break;
+            case 'togetherai':
+            case 'mistral':
+            case 'openai':
+                results.push(...await require('../vectors/openai-vectors').getOpenAIBatchVector(batch, source, directories, sourceSettings.model));
+                break;
+            case 'transformers':
+                results.push(...await require('../vectors/embedding').getTransformersBatchVector(batch));
+                break;
+            case 'extras':
+                results.push(...await require('../vectors/extras-vectors').getExtrasBatchVector(batch, sourceSettings.extrasUrl, sourceSettings.extrasKey));
+                break;
+            case 'palm':
+                results.push(...await require('../vectors/makersuite-vectors').getMakerSuiteBatchVector(batch, directories));
+                break;
+            case 'cohere':
+                results.push(...await require('../vectors/cohere-vectors').getCohereBatchVector(batch, isQuery, directories, sourceSettings.model));
+                break;
+            case 'llamacpp':
+                results.push(...await require('../vectors/llamacpp-vectors').getLlamaCppBatchVector(batch, sourceSettings.apiUrl, directories));
+                break;
+            case 'vllm':
+                results.push(...await require('../vectors/vllm-vectors').getVllmBatchVector(batch, sourceSettings.apiUrl, sourceSettings.model, directories));
+                break;
+            case 'ollama':
+                results.push(...await require('../vectors/ollama-vectors').getOllamaBatchVector(batch, sourceSettings.apiUrl, sourceSettings.model, sourceSettings.keep, directories));
+                break;
+            default:
+                throw new Error(`Unknown vector source ${source}`);
+        }
+    }
+
+    return results;
+}
+
+/**
+ * Gets the index for the vector collection
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} collectionId - The collection ID
+ * @param {string} source - The source of the vector
+ * @param {boolean} create - Whether to create the index if it doesn't exist
+ * @returns {Promise<vectra.LocalIndex>} - The index for the collection
+ */
+async function getIndex(directories, collectionId, source, create = true) {
+    const pathToFile = path.join(directories.vectors, sanitize(source), sanitize(collectionId));
+    const store = new vectra.LocalIndex(pathToFile);
+
+    if (create && !await store.isIndexCreated()) {
+        await store.createIndex();
+    }
+
+    return store;
+}
+
+/**
+ * Inserts items into the vector collection
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} collectionId - The collection ID
+ * @param {string} source - The source of the vector
+ * @param {Object} sourceSettings - Settings for the source, if it needs any
+ * @param {{ hash: number; text: string; index: number; }[]} items - The items to insert
+ */
+async function insertVectorItems(directories, collectionId, source, sourceSettings, items) {
+    const store = await getIndex(directories, collectionId, source);
+
+    await store.beginUpdate();
+
+    const vectors = await getBatchVector(source, sourceSettings, items.map(x => x.text), false, directories);
+
+    for (let i = 0; i < items.length; i++) {
+        const item = items[i];
+        const vector = vectors[i];
+        await store.upsertItem({ vector: vector, metadata: { hash: item.hash, text: item.text, index: item.index } });
+    }
+
+    await store.endUpdate();
+}
+
+/**
+ * Gets the hashes of the items in the vector collection
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} collectionId - The collection ID
+ * @param {string} source - The source of the vector
+ * @returns {Promise<number[]>} - The hashes of the items in the collection
+ */
+async function getSavedHashes(directories, collectionId, source) {
+    const store = await getIndex(directories, collectionId, source);
+
+    const items = await store.listItems();
+    const hashes = items.map(x => Number(x.metadata.hash));
+
+    return hashes;
+}
+
+/**
+ * Deletes items from the vector collection by hash
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} collectionId - The collection ID
+ * @param {string} source - The source of the vector
+ * @param {number[]} hashes - The hashes of the items to delete
+ */
+async function deleteVectorItems(directories, collectionId, source, hashes) {
+    const store = await getIndex(directories, collectionId, source);
+    const items = await store.listItemsByMetadata({ hash: { '$in': hashes } });
+
+    await store.beginUpdate();
+
+    for (const item of items) {
+        await store.deleteItem(item.id);
+    }
+
+    await store.endUpdate();
+}
+
+/**
+ * Gets the hashes of the items in the vector collection that match the search text
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string} collectionId - The collection ID
+ * @param {string} source - The source of the vector
+ * @param {Object} sourceSettings - Settings for the source, if it needs any
+ * @param {string} searchText - The text to search for
+ * @param {number} topK - The number of results to return
+ * @param {number} threshold - The threshold for the search
+ * @returns {Promise<{hashes: number[], metadata: object[]}>} - The metadata of the items that match the search text
+ */
+async function queryCollection(directories, collectionId, source, sourceSettings, searchText, topK, threshold) {
+    const store = await getIndex(directories, collectionId, source);
+    const vector = await getVector(source, sourceSettings, searchText, true, directories);
+
+    const result = await store.queryItems(vector, topK);
+    const metadata = result.filter(x => x.score >= threshold).map(x => x.item.metadata);
+    const hashes = result.map(x => Number(x.item.metadata.hash));
+    return { metadata, hashes };
+}
+
+/**
+ * Queries multiple collections for the given search queries. Returns the overall top K results.
+ * @param {import('../users').UserDirectoryList} directories - User directories
+ * @param {string[]} collectionIds - The collection IDs to query
+ * @param {string} source - The source of the vector
+ * @param {Object} sourceSettings - Settings for the source, if it needs any
+ * @param {string} searchText - The text to search for
+ * @param {number} topK - The number of results to return
+ * @param {number} threshold - The threshold for the search
+ *
+ * @returns {Promise<Record<string, { hashes: number[], metadata: object[] }>>} - The top K results from each collection
+ */
+async function multiQueryCollection(directories, collectionIds, source, sourceSettings, searchText, topK, threshold) {
+    const vector = await getVector(source, sourceSettings, searchText, true, directories);
+    const results = [];
+
+    for (const collectionId of collectionIds) {
+        const store = await getIndex(directories, collectionId, source);
+        const result = await store.queryItems(vector, topK);
+        results.push(...result.map(result => ({ collectionId, result })));
+    }
+
+    // Sort results by descending similarity, apply threshold, and take top K
+    const sortedResults = results
+        .sort((a, b) => b.result.score - a.result.score)
+        .filter(x => x.result.score >= threshold)
+        .slice(0, topK);
+
+    /**
+     * Group the results by collection ID
+     * @type {Record<string, { hashes: number[], metadata: object[] }>}
+     */
+    const groupedResults = {};
+    for (const result of sortedResults) {
+        if (!groupedResults[result.collectionId]) {
+            groupedResults[result.collectionId] = { hashes: [], metadata: [] };
+        }
+
+        groupedResults[result.collectionId].hashes.push(Number(result.result.item.metadata.hash));
+        groupedResults[result.collectionId].metadata.push(result.result.item.metadata);
+    }
+
+    return groupedResults;
+}
+
+/**
+ * Extracts settings for the vectorization sources from the HTTP request headers.
+ * @param {string} source - Which source to extract settings for.
+ * @param {object} request - The HTTP request object.
+ * @returns {object} - An object that can be used as `sourceSettings` in functions that take that parameter.
+ */
+function getSourceSettings(source, request) {
+    if (source === 'togetherai') {
+        const model = String(request.headers['x-togetherai-model']);
+
+        return {
+            model: model,
+        };
+    } else if (source === 'openai') {
+        const model = String(request.headers['x-openai-model']);
+
+        return {
+            model: model,
+        };
+    } else if (source === 'cohere') {
+        const model = String(request.headers['x-cohere-model']);
+
+        return {
+            model: model,
+        };
+    } else if (source === 'llamacpp') {
+        const apiUrl = String(request.headers['x-llamacpp-url']);
+
+        return {
+            apiUrl: apiUrl,
+        };
+    } else if (source === 'vllm') {
+        const apiUrl = String(request.headers['x-vllm-url']);
+        const model = String(request.headers['x-vllm-model']);
+
+        return {
+            apiUrl: apiUrl,
+            model: model,
+        };
+    } else if (source === 'ollama') {
+        const apiUrl = String(request.headers['x-ollama-url']);
+        const model = String(request.headers['x-ollama-model']);
+        const keep = Boolean(request.headers['x-ollama-keep']);
+
+        return {
+            apiUrl: apiUrl,
+            model: model,
+            keep: keep,
+        };
+    } else {
+        // Extras API settings to connect to the Extras embeddings provider
+        let extrasUrl = '';
+        let extrasKey = '';
+        if (source === 'extras') {
+            extrasUrl = String(request.headers['x-extras-url']);
+            extrasKey = String(request.headers['x-extras-key']);
+        }
+
+        return {
+            extrasUrl: extrasUrl,
+            extrasKey: extrasKey,
+        };
+    }
+}
+
+/**
+ * Performs a request to regenerate the index if it is corrupted.
+ * @param {import('express').Request} req Express request object
+ * @param {import('express').Response} res Express response object
+ * @param {Error} error Error object
+ * @returns {Promise<any>} Promise
+ */
+async function regenerateCorruptedIndexErrorHandler(req, res, error) {
+    if (error instanceof SyntaxError && !req.query.regenerated) {
+        const collectionId = String(req.body.collectionId);
+        const source = String(req.body.source) || 'transformers';
+
+        if (collectionId && source) {
+            const index = await getIndex(req.user.directories, collectionId, source, false);
+            const exists = await index.isIndexCreated();
+
+            if (exists) {
+                const path = index.folderPath;
+                console.error(`Corrupted index detected at ${path}, regenerating...`);
+                await index.deleteIndex();
+                return res.redirect(307, req.originalUrl + '?regenerated=true');
+            }
+        }
+    }
+
+    console.error(error);
+    return res.sendStatus(500);
+}
+
+const router = express.Router();
+
+router.post('/query', jsonParser, async (req, res) => {
+    try {
+        if (!req.body.collectionId || !req.body.searchText) {
+            return res.sendStatus(400);
+        }
+
+        const collectionId = String(req.body.collectionId);
+        const searchText = String(req.body.searchText);
+        const topK = Number(req.body.topK) || 10;
+        const threshold = Number(req.body.threshold) || 0.0;
+        const source = String(req.body.source) || 'transformers';
+        const sourceSettings = getSourceSettings(source, req);
+
+        const results = await queryCollection(req.user.directories, collectionId, source, sourceSettings, searchText, topK, threshold);
+        return res.json(results);
+    } catch (error) {
+        return regenerateCorruptedIndexErrorHandler(req, res, error);
+    }
+});
+
+router.post('/query-multi', jsonParser, async (req, res) => {
+    try {
+        if (!Array.isArray(req.body.collectionIds) || !req.body.searchText) {
+            return res.sendStatus(400);
+        }
+
+        const collectionIds = req.body.collectionIds.map(x => String(x));
+        const searchText = String(req.body.searchText);
+        const topK = Number(req.body.topK) || 10;
+        const threshold = Number(req.body.threshold) || 0.0;
+        const source = String(req.body.source) || 'transformers';
+        const sourceSettings = getSourceSettings(source, req);
+
+        const results = await multiQueryCollection(req.user.directories, collectionIds, source, sourceSettings, searchText, topK, threshold);
+        return res.json(results);
+    } catch (error) {
+        return regenerateCorruptedIndexErrorHandler(req, res, error);
+    }
+});
+
+router.post('/insert', jsonParser, async (req, res) => {
+    try {
+        if (!Array.isArray(req.body.items) || !req.body.collectionId) {
+            return res.sendStatus(400);
+        }
+
+        const collectionId = String(req.body.collectionId);
+        const items = req.body.items.map(x => ({ hash: x.hash, text: x.text, index: x.index }));
+        const source = String(req.body.source) || 'transformers';
+        const sourceSettings = getSourceSettings(source, req);
+
+        await insertVectorItems(req.user.directories, collectionId, source, sourceSettings, items);
+        return res.sendStatus(200);
+    } catch (error) {
+        return regenerateCorruptedIndexErrorHandler(req, res, error);
+    }
+});
+
+router.post('/list', jsonParser, async (req, res) => {
+    try {
+        if (!req.body.collectionId) {
+            return res.sendStatus(400);
+        }
+
+        const collectionId = String(req.body.collectionId);
+        const source = String(req.body.source) || 'transformers';
+
+        const hashes = await getSavedHashes(req.user.directories, collectionId, source);
+        return res.json(hashes);
+    } catch (error) {
+        return regenerateCorruptedIndexErrorHandler(req, res, error);
+    }
+});
+
+router.post('/delete', jsonParser, async (req, res) => {
+    try {
+        if (!Array.isArray(req.body.hashes) || !req.body.collectionId) {
+            return res.sendStatus(400);
+        }
+
+        const collectionId = String(req.body.collectionId);
+        const hashes = req.body.hashes.map(x => Number(x));
+        const source = String(req.body.source) || 'transformers';
+
+        await deleteVectorItems(req.user.directories, collectionId, source, hashes);
+        return res.sendStatus(200);
+    } catch (error) {
+        return regenerateCorruptedIndexErrorHandler(req, res, error);
+    }
+});
+
+router.post('/purge-all', jsonParser, async (req, res) => {
+    try {
+        for (const source of SOURCES) {
+            const sourcePath = path.join(req.user.directories.vectors, sanitize(source));
+            if (!fs.existsSync(sourcePath)) {
+                continue;
+            }
+            await fs.promises.rm(sourcePath, { recursive: true });
+            console.log(`Deleted vector source store at ${sourcePath}`);
+        }
+
+        return res.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+router.post('/purge', jsonParser, async (req, res) => {
+    try {
+        if (!req.body.collectionId) {
+            return res.sendStatus(400);
+        }
+
+        const collectionId = String(req.body.collectionId);
+
+        for (const source of SOURCES) {
+            const index = await getIndex(req.user.directories, collectionId, source, false);
+
+            const exists = await index.isIndexCreated();
+
+            if (!exists) {
+                continue;
+            }
+
+            const path = index.folderPath;
+            await index.deleteIndex();
+            console.log(`Deleted vector index at ${path}`);
+        }
+
+        return res.sendStatus(200);
+    } catch (error) {
+        console.error(error);
+        return res.sendStatus(500);
+    }
+});
+
+module.exports = { router };

src/endpoints/worldinfo.js

@@ -0,0 +1,126 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const sanitize = require('sanitize-filename');
+const writeFileAtomicSync = require('write-file-atomic').sync;
+
+const { jsonParser, urlencodedParser } = require('../express-common');
+
+/**
+ * Reads a World Info file and returns its contents
+ * @param {import('../users').UserDirectoryList} directories User directories
+ * @param {string} worldInfoName Name of the World Info file
+ * @param {boolean} allowDummy If true, returns an empty object if the file doesn't exist
+ * @returns {object} World Info file contents
+ */
+function readWorldInfoFile(directories, worldInfoName, allowDummy) {
+    const dummyObject = allowDummy ? { entries: {} } : null;
+
+    if (!worldInfoName) {
+        return dummyObject;
+    }
+
+    const filename = `${worldInfoName}.json`;
+    const pathToWorldInfo = path.join(directories.worlds, filename);
+
+    if (!fs.existsSync(pathToWorldInfo)) {
+        console.log(`World info file ${filename} doesn't exist.`);
+        return dummyObject;
+    }
+
+    const worldInfoText = fs.readFileSync(pathToWorldInfo, 'utf8');
+    const worldInfo = JSON.parse(worldInfoText);
+    return worldInfo;
+}
+
+const router = express.Router();
+
+router.post('/get', jsonParser, (request, response) => {
+    if (!request.body?.name) {
+        return response.sendStatus(400);
+    }
+
+    const file = readWorldInfoFile(request.user.directories, request.body.name, true);
+
+    return response.send(file);
+});
+
+router.post('/delete', jsonParser, (request, response) => {
+    if (!request.body?.name) {
+        return response.sendStatus(400);
+    }
+
+    const worldInfoName = request.body.name;
+    const filename = sanitize(`${worldInfoName}.json`);
+    const pathToWorldInfo = path.join(request.user.directories.worlds, filename);
+
+    if (!fs.existsSync(pathToWorldInfo)) {
+        throw new Error(`World info file ${filename} doesn't exist.`);
+    }
+
+    fs.rmSync(pathToWorldInfo);
+
+    return response.sendStatus(200);
+});
+
+router.post('/import', urlencodedParser, (request, response) => {
+    if (!request.file) return response.sendStatus(400);
+
+    const filename = `${path.parse(sanitize(request.file.originalname)).name}.json`;
+
+    let fileContents = null;
+
+    if (request.body.convertedData) {
+        fileContents = request.body.convertedData;
+    } else {
+        const pathToUpload = path.join(request.file.destination, request.file.filename);
+        fileContents = fs.readFileSync(pathToUpload, 'utf8');
+        fs.unlinkSync(pathToUpload);
+    }
+
+    try {
+        const worldContent = JSON.parse(fileContents);
+        if (!('entries' in worldContent)) {
+            throw new Error('File must contain a world info entries list');
+        }
+    } catch (err) {
+        return response.status(400).send('Is not a valid world info file');
+    }
+
+    const pathToNewFile = path.join(request.user.directories.worlds, filename);
+    const worldName = path.parse(pathToNewFile).name;
+
+    if (!worldName) {
+        return response.status(400).send('World file must have a name');
+    }
+
+    writeFileAtomicSync(pathToNewFile, fileContents);
+    return response.send({ name: worldName });
+});
+
+router.post('/edit', jsonParser, (request, response) => {
+    if (!request.body) {
+        return response.sendStatus(400);
+    }
+
+    if (!request.body.name) {
+        return response.status(400).send('World file must have a name');
+    }
+
+    try {
+        if (!('entries' in request.body.data)) {
+            throw new Error('World info must contain an entries list');
+        }
+    } catch (err) {
+        return response.status(400).send('Is not a valid world info file');
+    }
+
+    const filename = `${sanitize(request.body.name)}.json`;
+    const pathToFile = path.join(request.user.directories.worlds, filename);
+
+    writeFileAtomicSync(pathToFile, JSON.stringify(request.body.data, null, 4));
+
+    return response.send({ ok: true });
+});
+
+module.exports = { router, readWorldInfoFile };

src/express-common.js

@@ -0,0 +1,28 @@
+const express = require('express');
+const ipaddr = require('ipaddr.js');
+
+// Instantiate parser middleware here with application-level size limits
+const jsonParser = express.json({ limit: '200mb' });
+const urlencodedParser = express.urlencoded({ extended: true, limit: '200mb' });
+
+/**
+ * Gets the IP address of the client from the request object.
+ * @param {import('express'.Request)} req Request object
+ * @returns {string} IP address of the client
+ */
+function getIpFromRequest(req) {
+    let clientIp = req.connection.remoteAddress;
+    let ip = ipaddr.parse(clientIp);
+    // Check if the IP address is IPv4-mapped IPv6 address
+    if (ip.kind() === 'ipv6' && ip instanceof ipaddr.IPv6 && ip.isIPv4MappedAddress()) {
+        const ipv4 = ip.toIPv4Address().toString();
+        clientIp = ipv4;
+    } else {
+        clientIp = ip;
+        clientIp = clientIp.toString();
+    }
+    return clientIp;
+}
+
+
+module.exports = { jsonParser, urlencodedParser, getIpFromRequest };

src/middleware/basicAuth.js

@@ -0,0 +1,37 @@
+/**
+ * When applied, this middleware will ensure the request contains the required header for basic authentication and only
+ * allow access to the endpoint after successful authentication.
+ */
+const { getConfig } = require('../util.js');
+
+const unauthorizedResponse = (res) => {
+    res.set('WWW-Authenticate', 'Basic realm="SillyTavern", charset="UTF-8"');
+    return res.status(401).send('Authentication required');
+};
+
+const basicAuthMiddleware = function (request, response, callback) {
+    const config = getConfig();
+    const authHeader = request.headers.authorization;
+
+    if (!authHeader) {
+        return unauthorizedResponse(response);
+    }
+
+    const [scheme, credentials] = authHeader.split(' ');
+
+    if (scheme !== 'Basic' || !credentials) {
+        return unauthorizedResponse(response);
+    }
+
+    const [username, password] = Buffer.from(credentials, 'base64')
+        .toString('utf8')
+        .split(':');
+
+    if (username === config.basicAuthUser.username && password === config.basicAuthUser.password) {
+        return callback();
+    } else {
+        return unauthorizedResponse(response);
+    }
+};
+
+module.exports = basicAuthMiddleware;

src/middleware/multerMonkeyPatch.js

@@ -0,0 +1,30 @@
+/**
+ * Decodes a file name from Latin1 to UTF-8.
+ * @param {string} str Input string
+ * @returns {string} Decoded file name
+ */
+function decodeFileName(str) {
+    return Buffer.from(str, 'latin1').toString('utf-8');
+}
+
+/**
+ * Middleware to decode file names from Latin1 to UTF-8.
+ * See: https://github.com/expressjs/multer/issues/1104
+ * @param {import('express').Request} req Request
+ * @param {import('express').Response} _res Response
+ * @param {import('express').NextFunction} next Next middleware
+ */
+function multerMonkeyPatch(req, _res, next) {
+    try {
+        if (req.file) {
+            req.file.originalname = decodeFileName(req.file.originalname);
+        }
+
+        next();
+    } catch (error) {
+        console.error('Error in multerMonkeyPatch:', error);
+        next();
+    }
+}
+
+module.exports = multerMonkeyPatch;

src/middleware/whitelist.js

@@ -0,0 +1,86 @@
+const path = require('path');
+const fs = require('fs');
+const ipMatching = require('ip-matching');
+
+const { getIpFromRequest } = require('../express-common');
+const { color, getConfigValue } = require('../util');
+
+const whitelistPath = path.join(process.cwd(), './whitelist.txt');
+const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', false);
+let whitelist = getConfigValue('whitelist', []);
+let knownIPs = new Set();
+
+if (fs.existsSync(whitelistPath)) {
+    try {
+        let whitelistTxt = fs.readFileSync(whitelistPath, 'utf-8');
+        whitelist = whitelistTxt.split('\n').filter(ip => ip).map(ip => ip.trim());
+    } catch (e) {
+        // Ignore errors that may occur when reading the whitelist (e.g. permissions)
+    }
+}
+
+/**
+ * Get the client IP address from the request headers.
+ * @param {import('express').Request} req Express request object
+ * @returns {string|undefined} The client IP address
+ */
+function getForwardedIp(req) {
+    if (!enableForwardedWhitelist) {
+        return undefined;
+    }
+
+    // Check if X-Real-IP is available
+    if (req.headers['x-real-ip']) {
+        return req.headers['x-real-ip'].toString();
+    }
+
+    // Check for X-Forwarded-For and parse if available
+    if (req.headers['x-forwarded-for']) {
+        const ipList = req.headers['x-forwarded-for'].toString().split(',').map(ip => ip.trim());
+        return ipList[0];
+    }
+
+    // If none of the headers are available, return undefined
+    return undefined;
+}
+
+/**
+ * Returns a middleware function that checks if the client IP is in the whitelist.
+ * @param {boolean} whitelistMode If whitelist mode is enabled via config or command line
+ * @param {boolean} listen If listen mode is enabled via config or command line
+ * @returns {import('express').RequestHandler} The middleware function
+ */
+function whitelistMiddleware(whitelistMode, listen) {
+    return function (req, res, next) {
+        const clientIp = getIpFromRequest(req);
+        const forwardedIp = getForwardedIp(req);
+
+        if (listen && !knownIPs.has(clientIp)) {
+            const userAgent = req.headers['user-agent'];
+            console.log(color.yellow(`New connection from ${clientIp}; User Agent: ${userAgent}\n`));
+            knownIPs.add(clientIp);
+
+            // Write access log
+            const timestamp = new Date().toISOString();
+            const log = `${timestamp} ${clientIp} ${userAgent}\n`;
+            fs.appendFile('access.log', log, (err) => {
+                if (err) {
+                    console.error('Failed to write access log:', err);
+                }
+            });
+        }
+
+        //clientIp = req.connection.remoteAddress.split(':').pop();
+        if (whitelistMode === true && !whitelist.some(x => ipMatching.matches(clientIp, ipMatching.getMatch(x)))
+            || forwardedIp && whitelistMode === true && !whitelist.some(x => ipMatching.matches(forwardedIp, ipMatching.getMatch(x)))
+        ) {
+            // Log the connection attempt with real IP address
+            const ipDetails = forwardedIp ? `${clientIp} (forwarded from ${forwardedIp})` : clientIp;
+            console.log(color.red('Forbidden: Connection attempt from ' + ipDetails + '. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.\n'));
+            return res.status(403).send('<b>Forbidden</b>: Connection attempt from <b>' + ipDetails + '</b>. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.');
+        }
+        next();
+    };
+}
+
+module.exports = whitelistMiddleware;

src/plugin-loader.js

@@ -0,0 +1,223 @@
+const fs = require('fs');
+const path = require('path');
+const url = require('url');
+const express = require('express');
+const { getConfigValue } = require('./util');
+const enableServerPlugins = getConfigValue('enableServerPlugins', false);
+
+/**
+ * Map of loaded plugins.
+ * @type {Map<string, any>}
+ */
+const loadedPlugins = new Map();
+
+/**
+ * Determine if a file is a CommonJS module.
+ * @param {string} file Path to file
+ * @returns {boolean} True if file is a CommonJS module
+ */
+const isCommonJS = (file) => path.extname(file) === '.js';
+
+/**
+ * Determine if a file is an ECMAScript module.
+ * @param {string} file Path to file
+ * @returns {boolean} True if file is an ECMAScript module
+ */
+const isESModule = (file) => path.extname(file) === '.mjs';
+
+/**
+ * Load and initialize server plugins from a directory if they are enabled.
+ * @param {import('express').Express} app Express app
+ * @param {string} pluginsPath Path to plugins directory
+ * @returns {Promise<Function>} Promise that resolves when all plugins are loaded. Resolves to a "cleanup" function to
+ * be called before the server shuts down.
+ */
+async function loadPlugins(app, pluginsPath) {
+    const exitHooks = [];
+    const emptyFn = () => {};
+
+    // Server plugins are disabled.
+    if (!enableServerPlugins) {
+        return emptyFn;
+    }
+
+    // Plugins directory does not exist.
+    if (!fs.existsSync(pluginsPath)) {
+        return emptyFn;
+    }
+
+    const files = fs.readdirSync(pluginsPath);
+
+    // No plugins to load.
+    if (files.length === 0) {
+        return emptyFn;
+    }
+
+    for (const file of files) {
+        const pluginFilePath = path.join(pluginsPath, file);
+
+        if (fs.statSync(pluginFilePath).isDirectory()) {
+            await loadFromDirectory(app, pluginFilePath, exitHooks);
+            continue;
+        }
+
+        // Not a JavaScript file.
+        if (!isCommonJS(file) && !isESModule(file)) {
+            continue;
+        }
+
+        await loadFromFile(app, pluginFilePath, exitHooks);
+    }
+
+    // Call all plugin "exit" functions at once and wait for them to finish
+    return () => Promise.all(exitHooks.map(exitFn => exitFn()));
+}
+
+async function loadFromDirectory(app, pluginDirectoryPath, exitHooks) {
+    const files = fs.readdirSync(pluginDirectoryPath);
+
+    // No plugins to load.
+    if (files.length === 0) {
+        return;
+    }
+
+    // Plugin is an npm package.
+    const packageJsonFilePath = path.join(pluginDirectoryPath, 'package.json');
+    if (fs.existsSync(packageJsonFilePath)) {
+        if (await loadFromPackage(app, packageJsonFilePath, exitHooks)) {
+            return;
+        }
+    }
+
+    // Plugin is a CommonJS module.
+    const cjsFilePath = path.join(pluginDirectoryPath, 'index.js');
+    if (fs.existsSync(cjsFilePath)) {
+        if (await loadFromFile(app, cjsFilePath, exitHooks)) {
+            return;
+        }
+    }
+
+    // Plugin is an ECMAScript module.
+    const esmFilePath = path.join(pluginDirectoryPath, 'index.mjs');
+    if (fs.existsSync(esmFilePath)) {
+        if (await loadFromFile(app, esmFilePath, exitHooks)) {
+            return;
+        }
+    }
+}
+
+/**
+ * Loads and initializes a plugin from an npm package.
+ * @param {import('express').Express} app Express app
+ * @param {string} packageJsonPath Path to package.json file
+ * @param {Array<Function>} exitHooks Array of functions to be run on plugin exit. Will be pushed to if the plugin has
+ * an "exit" function.
+ * @returns {Promise<boolean>} Promise that resolves to true if plugin was loaded successfully
+ */
+async function loadFromPackage(app, packageJsonPath, exitHooks) {
+    try {
+        const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+        if (packageJson.main) {
+            const pluginFilePath = path.join(path.dirname(packageJsonPath), packageJson.main);
+            return await loadFromFile(app, pluginFilePath, exitHooks);
+        }
+    } catch (error) {
+        console.error(`Failed to load plugin from ${packageJsonPath}: ${error}`);
+    }
+    return false;
+}
+
+/**
+ * Loads and initializes a plugin from a file.
+ * @param {import('express').Express} app Express app
+ * @param {string} pluginFilePath Path to plugin directory
+ * @param {Array.<Function>} exitHooks Array of functions to be run on plugin exit. Will be pushed to if the plugin has
+ * an "exit" function.
+ * @returns {Promise<boolean>} Promise that resolves to true if plugin was loaded successfully
+ */
+async function loadFromFile(app, pluginFilePath, exitHooks) {
+    try {
+        const fileUrl = url.pathToFileURL(pluginFilePath).toString();
+        const plugin = await import(fileUrl);
+        console.log(`Initializing plugin from ${pluginFilePath}`);
+        return await initPlugin(app, plugin, exitHooks);
+    } catch (error) {
+        console.error(`Failed to load plugin from ${pluginFilePath}: ${error}`);
+        return false;
+    }
+}
+
+/**
+ * Check whether a plugin ID is valid (only lowercase alphanumeric, hyphens, and underscores).
+ * @param {string} id The plugin ID to check
+ * @returns {boolean} True if the plugin ID is valid.
+ */
+function isValidPluginID(id) {
+    return /^[a-z0-9_-]+$/.test(id);
+}
+
+/**
+ * Initializes a plugin module.
+ * @param {import('express').Express} app Express app
+ * @param {any} plugin Plugin module
+ * @param {Array.<Function>} exitHooks Array of functions to be run on plugin exit. Will be pushed to if the plugin has
+ * an "exit" function.
+ * @returns {Promise<boolean>} Promise that resolves to true if plugin was initialized successfully
+ */
+async function initPlugin(app, plugin, exitHooks) {
+    const info = plugin.info || plugin.default?.info;
+    if (typeof info !== 'object') {
+        console.error('Failed to load plugin module; plugin info not found');
+        return false;
+    }
+
+    // We don't currently use "name" or "description" but it would be nice to have a UI for listing server plugins, so
+    // require them now just to be safe
+    for (const field of ['id', 'name', 'description']) {
+        if (typeof info[field] !== 'string') {
+            console.error(`Failed to load plugin module; plugin info missing field '${field}'`);
+            return false;
+        }
+    }
+
+    const init = plugin.init || plugin.default?.init;
+    if (typeof init !== 'function') {
+        console.error('Failed to load plugin module; no init function');
+        return false;
+    }
+
+    const { id } = info;
+
+    if (!isValidPluginID(id)) {
+        console.error(`Failed to load plugin module; invalid plugin ID '${id}'`);
+        return false;
+    }
+
+    if (loadedPlugins.has(id)) {
+        console.error(`Failed to load plugin module; plugin ID '${id}' is already in use`);
+        return false;
+    }
+
+    // Allow the plugin to register API routes under /api/plugins/[plugin ID] via a router
+    const router = express.Router();
+
+    await init(router);
+
+    loadedPlugins.set(id, plugin);
+
+    // Add API routes to the app if the plugin registered any
+    if (router.stack.length > 0) {
+        app.use(`/api/plugins/${id}`, router);
+    }
+
+    const exit = plugin.exit || plugin.default?.exit;
+    if (typeof exit === 'function') {
+        exitHooks.push(exit);
+    }
+
+    return true;
+}
+
+module.exports = {
+    loadPlugins,
+};

src/polyfill.js

@@ -0,0 +1,10 @@
+if (!Array.prototype.findLastIndex) {
+    Array.prototype.findLastIndex = function (callback, thisArg) {
+        for (let i = this.length - 1; i >= 0; i--) {
+            if (callback.call(thisArg, this[i], i, this)) return i;
+        }
+        return -1;
+    };
+}
+
+module.exports = {};