nodebb-plugin-pdf-secure2 1.3.8 → 1.4.0

package/lib/controllers.js

@@ -10,12 +10,36 @@ const db = require.main.require('./src/database');
 
 const Controllers = module.exports;
 
-// Rate limiting configuration (DB-backed sliding window)
+// Rate limiting configuration (DB-backed sliding window — spam protection, not shown in UI)
 const RATE_LIMITS = {
 	vip: { max: 50, window: 60 * 1000 },
 	premium: { max: 25, window: 60 * 1000 },
 };
 
+// 4-hour rolling window token quota (shown in UI quota bar as percentage)
+// Tracks output tokens (candidatesTokenCount) only — fair regardless of PDF size
+// Defaults — overridden by admin settings via initQuotaSettings()
+const QUOTAS = {
+	vip: { max: 750000, window: 4 * 60 * 60 * 1000 }, // 750K output tokens / 4h
+	premium: { max: 200000, window: 4 * 60 * 60 * 1000 }, // 200K output tokens / 4h
+};
+
+// Apply admin-configured quota settings (called from library.js on init)
+Controllers.initQuotaSettings = function (settings) {
+	if (!settings) return;
+	const premiumTokens = parseInt(settings.quotaPremiumTokens, 10);
+	const vipTokens = parseInt(settings.quotaVipTokens, 10);
+	const windowHours = parseInt(settings.quotaWindowHours, 10);
+
+	if (premiumTokens >= 10000 && premiumTokens <= 10000000) QUOTAS.premium.max = premiumTokens;
+	if (vipTokens >= 10000 && vipTokens <= 10000000) QUOTAS.vip.max = vipTokens;
+	if (windowHours >= 1 && windowHours <= 24) {
+		const windowMs = windowHours * 60 * 60 * 1000;
+		QUOTAS.premium.window = windowMs;
+		QUOTAS.vip.window = windowMs;
+	}
+};
+
 // DB-backed sliding window rate limiter
 // Returns { allowed, used, max } for quota visibility
 async function checkRateLimit(uid, tier) {
@@ -41,6 +65,104 @@ async function checkRateLimit(uid, tier) {
 	}
 }
 
+// Helper: parse token count from sorted set members and calculate totals
+// Member format: "${timestamp}:${random}:${tokensUsed}"
+function sumTokensFromMembers(members) {
+	let total = 0;
+	for (const m of members) {
+		const parts = (typeof m === 'string' ? m : m.value || '').split(':');
+		total += parseInt(parts[2], 10) || 0;
+	}
+	return total;
+}
+
+// Token-based 4-hour sliding window quota (DB-backed sorted set)
+// Read-only check — does NOT add entries (call recordQuotaUsage after AI response)
+// Returns { allowed, used, max, resetsIn }
+async function checkQuota(uid, tier) {
+	const cfg = QUOTAS[tier] || QUOTAS.premium;
+	const key = `pdf-secure:quota:${uid}`;
+	const now = Date.now();
+	const windowStart = now - cfg.window;
+
+	try {
+		// Remove expired entries outside the 4-hour window
+		await db.sortedSetRemoveRangeByScore(key, '-inf', windowStart);
+		// Get all members to sum their token values
+		const members = await db.getSortedSetRange(key, 0, -1);
+		const totalTokens = sumTokensFromMembers(members);
+
+		// Calculate resetsIn from oldest entry
+		let resetsIn = 0;
+		if (members.length > 0) {
+			const oldest = await db.getSortedSetRangeWithScores(key, 0, 0);
+			if (oldest && oldest.length > 0) {
+				resetsIn = Math.max(0, (oldest[0].score + cfg.window) - now);
+			}
+		}
+
+		if (totalTokens >= cfg.max) {
+			return { allowed: false, used: totalTokens, max: cfg.max, resetsIn };
+		}
+		return { allowed: true, used: totalTokens, max: cfg.max, resetsIn };
+	} catch (err) {
+		return { allowed: true, used: 0, max: cfg.max, resetsIn: 0 };
+	}
+}
+
+// Record token usage after a successful AI response
+// Returns updated { used, max, resetsIn }
+async function recordQuotaUsage(uid, tier, tokensUsed) {
+	const cfg = QUOTAS[tier] || QUOTAS.premium;
+	const key = `pdf-secure:quota:${uid}`;
+	const now = Date.now();
+
+	try {
+		// Add entry with token count encoded in member string
+		await db.sortedSetAdd(key, now, `${now}:${crypto.randomBytes(4).toString('hex')}:${tokensUsed}`);
+
+		// Re-read total for accurate response
+		const members = await db.getSortedSetRange(key, 0, -1);
+		const totalTokens = sumTokensFromMembers(members);
+
+		let resetsIn = 0;
+		if (members.length > 0) {
+			const oldest = await db.getSortedSetRangeWithScores(key, 0, 0);
+			if (oldest && oldest.length > 0) {
+				resetsIn = Math.max(0, (oldest[0].score + cfg.window) - now);
+			}
+		}
+
+		return { used: totalTokens, max: cfg.max, resetsIn };
+	} catch (err) {
+		return { used: 0, max: cfg.max, resetsIn: 0 };
+	}
+}
+
+// Read-only quota usage (for initial UI display, does not increment)
+async function getQuotaUsage(uid, tier) {
+	const cfg = QUOTAS[tier] || QUOTAS.premium;
+	const key = `pdf-secure:quota:${uid}`;
+	const now = Date.now();
+	const windowStart = now - cfg.window;
+
+	try {
+		await db.sortedSetRemoveRangeByScore(key, '-inf', windowStart);
+		const members = await db.getSortedSetRange(key, 0, -1);
+		const totalTokens = sumTokensFromMembers(members);
+		let resetsIn = 0;
+		if (members.length > 0) {
+			const oldest = await db.getSortedSetRangeWithScores(key, 0, 0);
+			if (oldest && oldest.length > 0) {
+				resetsIn = Math.max(0, (oldest[0].score + cfg.window) - now);
+			}
+		}
+		return { used: totalTokens, max: cfg.max, resetsIn };
+	} catch (err) {
+		return { used: 0, max: cfg.max, resetsIn: 0 };
+	}
+}
+
 // AES-256-GCM encryption - replaces weak XOR obfuscation
 function aesGcmEncrypt(buffer, key, iv) {
 	const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
@@ -57,17 +179,13 @@ Controllers.renderAdminPage = function (req, res) {
 };
 
 Controllers.servePdfBinary = async function (req, res) {
-	console.log('[PDF-Secure] servePdfBinary called - uid:', req.uid, 'nonce:', req.query.nonce ? 'present' : 'missing');
-
 	// Authentication gate - require logged-in user
 	if (!req.uid) {
-		console.log('[PDF-Secure] servePdfBinary - REJECTED: no uid');
 		return res.status(401).json({ error: 'Authentication required' });
 	}
 
 	const { nonce } = req.query;
 	if (!nonce) {
-		console.log('[PDF-Secure] servePdfBinary - REJECTED: no nonce');
 		return res.status(400).json({ error: 'Missing nonce' });
 	}
 
@@ -75,12 +193,9 @@ Controllers.servePdfBinary = async function (req, res) {
 
 	const data = nonceStore.validate(nonce, uid);
 	if (!data) {
-		console.log('[PDF-Secure] servePdfBinary - REJECTED: invalid/expired nonce for uid:', uid);
 		return res.status(403).json({ error: 'Invalid or expired nonce' });
 	}
 
-	console.log('[PDF-Secure] servePdfBinary - OK: file:', data.file, 'isPremium:', data.isPremium);
-
 	try {
 		// Server-side premium gate: non-premium users only get first page
 		const pdfBuffer = data.isPremium
@@ -132,10 +247,21 @@ Controllers.handleChat = async function (req, res) {
 	const isVip = isVipMember || isAdmin;
 	const tier = isVip ? 'vip' : 'premium';
 
-	// Rate limiting (DB-backed sliding window, survives restarts and works across cluster)
+	// 4-hour rolling window quota check (visible to user in quota bar)
+	const quotaResult = await checkQuota(req.uid, tier);
+	if (!quotaResult.allowed) {
+		return res.status(429).json({
+			error: 'Mesaj kotanız doldu.',
+			quotaExhausted: true,
+			quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn },
+			tier,
+		});
+	}
+
+	// Spam rate limiting (DB-backed 60s sliding window, not shown in UI)
 	const rateResult = await checkRateLimit(req.uid, tier);
 	if (!rateResult.allowed) {
-		return res.status(429).json({ error: 'Çok hızlı mesaj gönderiyorsunuz. Lütfen biraz bekleyin.', quota: { used: rateResult.used, max: rateResult.max } });
+		return res.status(429).json({ error: 'Çok hızlı mesaj gönderiyorsunuz. Lütfen biraz bekleyin.', quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn } });
 	}
 
 	// Body validation
@@ -158,6 +284,7 @@ Controllers.handleChat = async function (req, res) {
 		return res.status(400).json({ error: 'Invalid history (max 50 entries)' });
 	}
 	if (history) {
+		let totalHistorySize = 0;
 		for (const entry of history) {
 			if (!entry || typeof entry !== 'object') {
 				return res.status(400).json({ error: 'Invalid history entry' });
@@ -165,9 +292,17 @@ Controllers.handleChat = async function (req, res) {
 			if (entry.role !== 'user' && entry.role !== 'model') {
 				return res.status(400).json({ error: 'Invalid history role' });
 			}
-			if (typeof entry.text !== 'string' || entry.text.length > 4000) {
+			if (typeof entry.text !== 'string' || entry.text.length > 12000) {
 				return res.status(400).json({ error: 'Invalid history text' });
 			}
+			// Truncate overly long entries (AI responses can be up to ~4096 tokens ≈ 10K chars)
+			if (entry.text.length > 10000) {
+				entry.text = entry.text.slice(0, 10000);
+			}
+			totalHistorySize += entry.text.length;
+			if (totalHistorySize > 150000) {
+				return res.status(400).json({ error: 'History too large' });
+			}
 			// Sanitize: strip null bytes and control characters
 			entry.text = entry.text.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '');
 			// Collapse excessive whitespace (padding attack prevention)
@@ -178,14 +313,19 @@ Controllers.handleChat = async function (req, res) {
 
 	try {
 		const result = await geminiChat.chat(safeName, trimmedQuestion, history || [], tier);
+		// Record actual token usage after successful AI response
+		// Sanitize: clamp to [0, 1000000] to prevent NaN/negative/absurd values
+		const tokensUsed = Math.max(0, Math.min(parseInt(result.tokensUsed, 10) || 0, 1000000));
+		const updatedQuota = await recordQuotaUsage(req.uid, tier, tokensUsed);
 		return res.json({
 			answer: result.text,
 			injectionWarning: result.suspicious || false,
-			quota: { used: rateResult.used, max: rateResult.max },
+			quota: updatedQuota,
 		});
 	} catch (err) {
 		console.error('[PDF-Secure] Chat error:', err.message, err.status || '', err.code || '');
-		const quota = { used: rateResult.used, max: rateResult.max };
+		// On error, no tokens were used — return pre-call quota
+		const quota = { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn };
 
 		if (err.message === 'File not found') {
 			return res.status(404).json({ error: 'PDF bulunamadı.', quota });
@@ -224,6 +364,9 @@ Controllers.getSuggestions = async function (req, res) {
 		return res.status(403).json({ error: 'Premium/VIP only' });
 	}
 
+	const isVip = isVipMember || isAdmin;
+	const tier = isVip ? 'vip' : 'premium';
+
 	// Simple rate limit: 1 request per 12 seconds per user
 	const now = Date.now();
 	const lastReq = suggestionsRateLimit.get(req.uid) || 0;
@@ -243,7 +386,8 @@ Controllers.getSuggestions = async function (req, res) {
 
 	try {
 		const suggestions = await geminiChat.generateSuggestions(safeName);
-		return res.json({ suggestions });
+		const quotaUsage = await getQuotaUsage(req.uid, tier);
+		return res.json({ suggestions, quota: quotaUsage });
 	} catch (err) {
 		console.error('[PDF-Secure] Suggestions error:', err.message);
 		return res.json({ suggestions: [] });

package/lib/gemini-chat.js

@@ -68,6 +68,20 @@ function sanitizeAiOutput(text) {
 const suggestionsCache = new Map(); // filename -> { suggestions, cachedAt }
 const SUGGESTIONS_TTL = 30 * 60 * 1000; // 30 minutes
 
+// Cache for PDF summary responses — most expensive request type (~3000-4000 tokens)
+// Same PDF summary is identical for all users, so cache aggressively
+const summaryCache = new Map(); // filename -> { text, tokensUsed, cachedAt }
+const SUMMARY_TTL = 60 * 60 * 1000; // 1 hour
+
+// Patterns that indicate a summary request (Turkish + English)
+const SUMMARY_PATTERNS = [
+	/\b(özet|özetle|özetini|özetini çıkar|özetле)\b/i,
+	/\b(summary|summarize|summarise|overview)\b/i,
+	/\bkapsamlı\b.*\b(özet|liste)\b/i,
+	/\bana\s+(noktalar|başlıklar|konular)\b/i,
+	/\bmadde\s+madde\b/i,
+];
+
 // Sanitize history text to prevent injection attacks
 function sanitizeHistoryText(text) {
 	// Strip null bytes and control characters (except newline, tab)
@@ -80,8 +94,8 @@ function sanitizeHistoryText(text) {
 
 // Tier-based configuration
 const TIER_CONFIG = {
-	vip: { maxHistory: 30, maxOutputTokens: 4096 },
-	premium: { maxHistory: 20, maxOutputTokens: 2048 },
+	vip: { maxHistory: 30, maxOutputTokens: 4096, recentFullMessages: 6 },
+	premium: { maxHistory: 20, maxOutputTokens: 2048, recentFullMessages: 4 },
 };
 
 const MODEL_NAME = 'gemini-2.5-flash';
@@ -99,6 +113,11 @@ const cleanupTimer = setInterval(() => {
 			fileUploadCache.delete(key);
 		}
 	}
+	for (const [key, entry] of summaryCache.entries()) {
+		if (now - entry.cachedAt > SUMMARY_TTL) {
+			summaryCache.delete(key);
+		}
+	}
 }, 10 * 60 * 1000);
 cleanupTimer.unref();
 
@@ -141,79 +160,32 @@ async function getOrUploadPdf(filename) {
 	}
 
 	// Upload to Gemini File API — file is stored server-side, only URI is sent per request
-	console.log('[PDF-Secure] === FILE API UPLOAD START ===');
-	console.log('[PDF-Secure] Filename:', filename);
-	console.log('[PDF-Secure] FilePath:', filePath);
-	console.log('[PDF-Secure] FileSize:', stats.size, 'bytes');
-	console.log('[PDF-Secure] ai.files exists:', !!ai.files);
-	console.log('[PDF-Secure] ai.files.upload exists:', typeof (ai.files && ai.files.upload));
-
 	const fileBuffer = await fs.promises.readFile(filePath);
-	console.log('[PDF-Secure] File read OK, buffer size:', fileBuffer.length);
 
-	// Try upload with multiple approaches
+	// Try upload with multiple approaches (path string → Blob → Buffer)
 	let uploadResult;
-	const uploadErrors = [];
-
-	// Approach 1: file path string
-	console.log('[PDF-Secure] Trying approach 1: file path string...');
-	try {
-		uploadResult = await ai.files.upload({
-			file: filePath,
-			config: { mimeType: 'application/pdf', displayName: filename },
-		});
-		console.log('[PDF-Secure] Approach 1 SUCCESS! Result:', JSON.stringify(uploadResult).slice(0, 500));
-	} catch (err1) {
-		console.error('[PDF-Secure] Approach 1 FAILED:', err1.message);
-		console.error('[PDF-Secure] Approach 1 error detail:', err1.status || '', err1.code || '', err1.stack?.split('\n').slice(0, 3).join(' | '));
-		uploadErrors.push('path: ' + err1.message);
-	}
-
-	// Approach 2: Blob (Node 18+)
-	if (!uploadResult) {
-		console.log('[PDF-Secure] Trying approach 2: Blob...');
-		console.log('[PDF-Secure] Blob available:', typeof Blob !== 'undefined');
-		try {
-			const blob = new Blob([fileBuffer], { type: 'application/pdf' });
-			uploadResult = await ai.files.upload({
-				file: blob,
-				config: { mimeType: 'application/pdf', displayName: filename },
-			});
-			console.log('[PDF-Secure] Approach 2 SUCCESS! Result:', JSON.stringify(uploadResult).slice(0, 500));
-		} catch (err2) {
-			console.error('[PDF-Secure] Approach 2 FAILED:', err2.message);
-			uploadErrors.push('blob: ' + err2.message);
-		}
-	}
+	const methods = [
+		() => ai.files.upload({ file: filePath, config: { mimeType: 'application/pdf', displayName: filename } }),
+		() => ai.files.upload({ file: new Blob([fileBuffer], { type: 'application/pdf' }), config: { mimeType: 'application/pdf', displayName: filename } }),
+		() => ai.files.upload({ file: fileBuffer, config: { mimeType: 'application/pdf', displayName: filename } }),
+	];
 
-	// Approach 3: Buffer directly
-	if (!uploadResult) {
-		console.log('[PDF-Secure] Trying approach 3: Buffer...');
+	for (const method of methods) {
+		if (uploadResult) break;
 		try {
-			uploadResult = await ai.files.upload({
-				file: fileBuffer,
-				config: { mimeType: 'application/pdf', displayName: filename },
-			});
-			console.log('[PDF-Secure] Approach 3 SUCCESS! Result:', JSON.stringify(uploadResult).slice(0, 500));
-		} catch (err3) {
-			console.error('[PDF-Secure] Approach 3 FAILED:', err3.message);
-			uploadErrors.push('buffer: ' + err3.message);
+			uploadResult = await method();
+		} catch (err) {
+			// Try next method
 		}
 	}
 
 	if (uploadResult && uploadResult.uri) {
-		const fileUri = uploadResult.uri;
-		const mimeType = uploadResult.mimeType || 'application/pdf';
-		console.log('[PDF-Secure] === UPLOAD FINAL: SUCCESS ===', fileUri);
-
-		fileUploadCache.set(filename, { fileUri, mimeType, cachedAt: Date.now() });
-		return { type: 'fileData', fileUri, mimeType };
+		fileUploadCache.set(filename, { fileUri: uploadResult.uri, mimeType: uploadResult.mimeType || 'application/pdf', cachedAt: Date.now() });
+		return { type: 'fileData', fileUri: uploadResult.uri, mimeType: uploadResult.mimeType || 'application/pdf' };
 	}
 
-	// All upload methods failed
-	console.error('[PDF-Secure] === UPLOAD FINAL: ALL FAILED ===');
-	console.error('[PDF-Secure] Errors:', uploadErrors.join(' | '));
-	console.error('[PDF-Secure] Falling back to inline base64 (will use many tokens!)');
+	// All upload methods failed — fallback to inline base64
+	console.error('[PDF-Secure] File API upload failed for', filename, '- falling back to inline base64');
 	const base64 = fileBuffer.toString('base64');
 	return { type: 'inlineData', mimeType: 'application/pdf', data: base64 };
 }
@@ -242,29 +214,52 @@ async function getPdfBase64(filename) {
 	return base64;
 }
 
+// Check if a question is a summary request
+function isSummaryRequest(question, history) {
+	// Only cache first-time summary requests (no history = fresh summary)
+	if (history && history.length > 0) return false;
+	return SUMMARY_PATTERNS.some((p) => p.test(question));
+}
+
 GeminiChat.chat = async function (filename, question, history, tier) {
 	if (!ai) {
 		throw new Error('AI chat is not configured');
 	}
 
+	// Summary cache: same PDF summary is identical for all users
+	if (isSummaryRequest(question, history)) {
+		const cached = summaryCache.get(filename);
+		if (cached && Date.now() - cached.cachedAt < SUMMARY_TTL) {
+			return { text: cached.text, suspicious: false, tokensUsed: 0 };
+		}
+	}
+
 	const config = TIER_CONFIG[tier] || TIER_CONFIG.premium;
 	const pdfRef = await getOrUploadPdf(filename);
 
 	// Build conversation contents from history (trimmed to last N entries)
+	// Cost optimization: only recent messages get full text, older ones are truncated
 	const contents = [];
 	if (Array.isArray(history)) {
 		const trimmedHistory = history.slice(-config.maxHistory);
+		const recentStart = Math.max(0, trimmedHistory.length - config.recentFullMessages);
 		// Start with 'model' as lastRole since the preamble ends with a model message
 		let lastRole = 'model';
-		for (const entry of trimmedHistory) {
+		for (let i = 0; i < trimmedHistory.length; i++) {
+			const entry = trimmedHistory[i];
 			if (entry.role && entry.text) {
 				const role = entry.role === 'user' ? 'user' : 'model';
 				// Skip consecutive same-role entries (prevents injection via fake model responses)
 				if (role === lastRole) continue;
 				lastRole = role;
+				let text = sanitizeHistoryText(entry.text);
+				// Truncate older messages to save input tokens (~90% cost reduction on history)
+				if (i < recentStart && text.length > 500) {
+					text = text.slice(0, 500) + '...';
+				}
 				contents.push({
 					role,
-					parts: [{ text: sanitizeHistoryText(entry.text) }],
+					parts: [{ text }],
 				});
 			}
 		}
@@ -310,7 +305,28 @@ GeminiChat.chat = async function (filename, question, history, tier) {
 		throw new Error('Empty response from AI');
 	}
 
-	return sanitizeAiOutput(text);
+	// Extract output token count — multiple fallbacks for SDK version compatibility
+	const usage = response?.usageMetadata || response?.usage_metadata || {};
+	let tokensUsed = usage.candidatesTokenCount
+		|| usage.candidates_token_count
+		|| usage.outputTokenCount
+		|| usage.output_token_count
+		|| 0;
+	// Last resort: estimate from text length if API didn't return token count
+	// (~4 chars per token is a reasonable approximation for multilingual text)
+	if (!tokensUsed && text.length > 0) {
+		tokensUsed = Math.ceil(text.length / 4);
+	}
+
+	const result = sanitizeAiOutput(text);
+	result.tokensUsed = tokensUsed;
+
+	// Cache summary responses (most expensive request type)
+	if (isSummaryRequest(question, history) && !result.suspicious) {
+		summaryCache.set(filename, { text: result.text, tokensUsed, cachedAt: Date.now() });
+	}
+
+	return result;
 };
 
 // Generate AI-powered question suggestions for a PDF

package/library.js

@@ -73,6 +73,9 @@ plugin.init = async (params) => {
 		geminiChat.init(pluginSettings.geminiApiKey);
 	}
 
+	// Apply admin-configured quota settings
+	controllers.initQuotaSettings(pluginSettings);
+
 	const watermarkEnabled = pluginSettings.watermarkEnabled === 'on';
 
 	// Admin page route
@@ -118,7 +121,6 @@ plugin.init = async (params) => {
 			// Lite: full PDF access but restricted UI (no annotations, sidebar, etc.)
 			isLite = !isPremium && isLiteMember;
 		}
-		console.log('[PDF-Secure] Viewer request - uid:', req.uid, 'file:', safeName, 'isPremium:', isPremium, 'isVip:', isVip, 'isLite:', isLite);
 
 		// Lite users get full PDF like premium (for nonce/server-side PDF data)
 		const hasFullAccess = isPremium || isLite;
@@ -158,6 +160,7 @@ plugin.init = async (params) => {
 			isPremium,
 			isVip,
 			isLite,
+			tier: isVip ? 'vip' : (isPremium ? 'premium' : 'free'),
 			uid: req.uid,
 			totalPages,
 			chatEnabled: geminiChat.isAvailable(),
@@ -249,7 +252,6 @@ plugin.filterMetaTags = async (hookData) => {
 
 // Inject plugin config into client-side
 plugin.filterConfig = async function (data) {
-	console.log('[PDF-Secure] filterConfig called - data exists:', !!data, 'config exists:', !!(data && data.config));
 	return data;
 };
 
@@ -257,18 +259,15 @@ plugin.filterConfig = async function (data) {
 // This hides PDF URLs from: page source, API, RSS, ActivityPub
 plugin.transformPdfLinks = async (data) => {
 	if (!data || !data.postData || !data.postData.content) {
-		console.log('[PDF-Secure] transformPdfLinks - no data/postData/content, skipping');
 		return data;
 	}
 
-	console.log('[PDF-Secure] transformPdfLinks - processing post tid:', data.postData.tid, 'pid:', data.postData.pid);
 
 	// Regex to match PDF links: <a href="...xxx.pdf">text</a>
 	// Captures: full URL path, filename, link text
 	const pdfLinkRegex = /<a\s+[^>]*href=["']([^"']*\/([^"'\/]+\.pdf))["'][^>]*>([^<]*)<\/a>/gi;
 
 	const matchCount = (data.postData.content.match(pdfLinkRegex) || []).length;
-	console.log('[PDF-Secure] transformPdfLinks - found', matchCount, 'PDF links in post');
 
 	data.postData.content = data.postData.content.replace(pdfLinkRegex, (match, fullPath, filename, linkText) => {
 		// Decode filename to prevent double encoding (URL may already be encoded)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure2",
-  "version": "1.3.8",
+  "version": "1.4.0",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/templates/admin/plugins/pdf-secure.tpl

@@ -41,7 +41,7 @@
 										Grup Adi
 									</label>
 									<input type="text" id="vipGroup" name="vipGroup" data-key="vipGroup" title="VIP Group Name" class="form-control" placeholder="VIP" value="VIP">
-									<div class="form-text">Premium ozellikleri + VIP rozeti, yuksek token/rate limitleri.</div>
+									<div class="form-text">Premium ozellikleri + VIP rozeti, yuksek token limitleri.</div>
 								</div>
 
 								<div class="mb-0">
@@ -96,12 +96,47 @@
 									</div>
 								</div>
 
-								<div class="alert alert-light border d-flex gap-2 mb-0" role="alert" style="font-size:13px;">
-									<svg viewBox="0 0 24 24" style="width:18px;height:18px;fill:#0d6efd;flex-shrink:0;margin-top:1px;"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-6h2v6zm0-8h-2V7h2v2z"/></svg>
+								<hr class="my-3">
+								<h6 class="fw-semibold mb-3" style="font-size:13px;">Token Kota Ayarlari</h6>
+
+								<div class="row g-3 mb-3">
+									<div class="col-6">
+										<label class="form-label fw-medium" for="quotaPremiumTokens" style="font-size:13px;">
+											<span class="badge text-bg-primary me-1" style="font-size:9px;">PREMIUM</span>
+											Token Limiti
+										</label>
+										<div class="input-group input-group-sm">
+											<input type="number" id="quotaPremiumTokens" name="quotaPremiumTokens" data-key="quotaPremiumTokens" class="form-control" placeholder="200000" min="10000" step="10000">
+											<span class="input-group-text" style="font-size:12px;">token</span>
+										</div>
+										<div class="form-text" style="font-size:11px;">Varsayilan: 200.000 (~100 mesaj)</div>
+									</div>
+									<div class="col-6">
+										<label class="form-label fw-medium" for="quotaVipTokens" style="font-size:13px;">
+											<span class="badge me-1" style="font-size:9px;background:linear-gradient(135deg,#f59e0b,#d97706);color:#fff;">VIP</span>
+											Token Limiti
+										</label>
+										<div class="input-group input-group-sm">
+											<input type="number" id="quotaVipTokens" name="quotaVipTokens" data-key="quotaVipTokens" class="form-control" placeholder="750000" min="10000" step="10000">
+											<span class="input-group-text" style="font-size:12px;">token</span>
+										</div>
+										<div class="form-text" style="font-size:11px;">Varsayilan: 750.000 (~375 mesaj)</div>
+									</div>
+								</div>
+								<div class="mb-3">
+									<label class="form-label fw-medium" for="quotaWindowHours" style="font-size:13px;">Pencere Suresi</label>
+									<div class="input-group input-group-sm" style="max-width:180px;">
+										<input type="number" id="quotaWindowHours" name="quotaWindowHours" data-key="quotaWindowHours" class="form-control" placeholder="4" min="1" max="24" step="1">
+										<span class="input-group-text" style="font-size:12px;">saat</span>
+									</div>
+									<div class="form-text" style="font-size:11px;">Varsayilan: 4 saat. Kota bu sure icerisinde sifirlanir.</div>
+								</div>
+
+								<div class="alert alert-light border d-flex gap-2 mb-0" role="alert" style="font-size:12px;">
+									<svg viewBox="0 0 24 24" style="width:16px;height:16px;fill:#0d6efd;flex-shrink:0;margin-top:1px;"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-6h2v6zm0-8h-2V7h2v2z"/></svg>
 									<div>
-										<strong>Tier farklari:</strong><br>
-										<strong>Premium</strong> — 25 mesaj/dk, 2048 token, 20 gecmis<br>
-										<strong>VIP</strong> — 50 mesaj/dk, 4096 token, 30 gecmis
+										Sadece output (yanit) tokenleri sayilir. PDF ve soru tokenleri dahil degildir.<br>
+										Ortalama mesaj ~1000-2000 token, uzun ozet ~3000-4000 token tuketir.
 									</div>
 								</div>
 							</div>

package/static/viewer.html

@@ -1048,6 +1048,8 @@
             background: linear-gradient(135deg, #ffd700 0%, #ffaa00 100%);
             color: #1a1a1a;
             text-decoration: none;
+            border: none;
+            cursor: pointer;
             border-radius: 10px;
             font-size: 14px;
             font-weight: 700;
@@ -1092,6 +1094,7 @@
             color: #ccc;
             font-size: 13px;
             font-weight: 600;
+            cursor: pointer;
             border-radius: 10px;
             border: 1.5px solid rgba(255, 255, 255, 0.15);
             text-decoration: none;
@@ -1105,6 +1108,59 @@
             background: rgba(255, 255, 255, 0.05);
         }
 
+        /* Quota exhausted upsell (in-chat) */
+        .chatQuotaExhausted {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            text-align: center;
+            padding: 24px 16px;
+            margin: 8px;
+            background: rgba(255, 215, 0, 0.06);
+            border: 1px solid rgba(255, 215, 0, 0.15);
+            border-radius: 12px;
+        }
+        .quotaExhaustedIcon { margin-bottom: 10px; opacity: 0.9; }
+        .quotaExhaustedTitle {
+            font-size: 16px;
+            font-weight: 700;
+            color: #ffd700;
+            margin-bottom: 6px;
+        }
+        .quotaExhaustedText {
+            font-size: 13px;
+            color: #a0a0a0;
+            line-height: 1.5;
+            margin-bottom: 14px;
+            max-width: 240px;
+        }
+        .quotaExhaustedText strong { color: #ffd700; }
+        .quotaExhaustedBtn {
+            display: inline-flex;
+            align-items: center;
+            gap: 6px;
+            padding: 10px 24px;
+            background: linear-gradient(135deg, #ffd700, #ffaa00);
+            color: #1a1a1a;
+            text-decoration: none;
+            border: none;
+            cursor: pointer;
+            border-radius: 10px;
+            font-size: 14px;
+            font-weight: 700;
+            transition: transform 0.2s, box-shadow 0.2s;
+            box-shadow: 0 4px 15px rgba(255, 215, 0, 0.3);
+        }
+        .quotaExhaustedBtn:hover {
+            transform: translateY(-2px);
+            box-shadow: 0 6px 20px rgba(255, 215, 0, 0.4);
+        }
+        .quotaExhaustedNote {
+            font-size: 11px;
+            color: #666;
+            margin-top: 10px;
+        }
+
         /* PRO badge on chat button for non-premium */
         #chatBtn {
             position: relative;
@@ -2800,7 +2856,7 @@
             <span id="chatQuotaText"></span>
         </div>
         <div id="chatInputArea">
-            <textarea id="chatInput" placeholder="Bu PDF hakkında bir soru sorun..." rows="1"></textarea>
+            <textarea id="chatInput" placeholder="Bu PDF hakkında bir soru sorun..." rows="1" maxlength="2000"></textarea>
             <button id="chatSendBtn">
                 <svg viewBox="0 0 24 24">
                     <path d="M2.01 21L23 12 2.01 3 2 10l15 2-15 2z" />
@@ -4035,13 +4091,28 @@
             var quotaFillEl = document.getElementById('chatQuotaFill');
             var quotaTextEl = document.getElementById('chatQuotaText');
 
-            function updateQuotaBar(used, max) {
+            // Format milliseconds to human-readable time string
+            function formatResetsIn(ms) {
+                if (!ms || ms <= 0) return '';
+                var totalMin = Math.ceil(ms / 60000);
+                if (totalMin < 60) return totalMin + 'dk';
+                var h = Math.floor(totalMin / 60);
+                var m = totalMin % 60;
+                return m > 0 ? (h + 's ' + m + 'dk') : (h + 's');
+            }
+
+            function updateQuotaBar(used, max, resetsIn) {
                 if (!quotaBarEl || !max) return;
-                var remaining = Math.max(0, max - used);
-                var pct = Math.min(100, (used / max) * 100);
+                var pct = Math.min(100, Math.round((used / max) * 100));
 
                 quotaFillEl.style.width = pct + '%';
-                quotaTextEl.textContent = remaining + '/' + max;
+
+                // Show percentage only (no raw token numbers — users don't need to know)
+                var text = '%' + pct + ' kullan\u0131ld\u0131';
+                if (used > 0 && resetsIn > 0) {
+                    text += ' \u2022 ' + formatResetsIn(resetsIn) + ' sonra yenilenir';
+                }
+                quotaTextEl.textContent = text;
 
                 // Color states
                 quotaFillEl.classList.remove('warning', 'critical');
@@ -4098,6 +4169,14 @@
                         } else {
                             existingChips.forEach(function (c) { c.classList.remove('loading'); });
                         }
+                        // Show initial quota bar from suggestions response
+                        if (data.quota) {
+                            updateQuotaBar(data.quota.used, data.quota.max, data.quota.resetsIn);
+                            // Proactive lock: if quota already exhausted on page load, lock input immediately
+                            if (data.quota.max > 0 && data.quota.used >= data.quota.max) {
+                                showQuotaExhaustedUpsell(_cfg.tier || 'premium', data.quota.resetsIn);
+                            }
+                        }
                     })
                     .catch(function () {
                         existingChips.forEach(function (c) { c.classList.remove('loading'); });
@@ -4126,26 +4205,158 @@
             function showChatUpsell() {
                 var uid = (_cfg && _cfg.uid) || 0;
                 var checkoutUrl = 'https://forum.ieu.app/pay/checkout?uid=' + uid;
-                const upsell = document.createElement('div');
+                var materialUrl = 'https://forum.ieu.app/material-info';
+
+                // Build using DOM methods — MutationObserver strips <a> tags
+                var upsell = document.createElement('div');
                 upsell.className = 'chatUpsell';
-                upsell.innerHTML = '<div class="chatUpsellIcon">' +
-                    '<svg viewBox="0 0 24 24" width="48" height="48" fill="#ffd700">' +
-                    '<path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"/>' +
-                    '</svg></div>' +
-                    '<div class="chatUpsellTitle">PDF Chat</div>' +
-                    '<div class="chatUpsellText">PDF\'ler hakkında <strong>yapay zeka</strong> ile sohbet edebilir, sorular sorabilirsiniz. Bu özellik <strong>Premium</strong> ve <strong>VIP</strong> üyelere özeldir.</div>' +
-                    '<div class="chatUpsellActions">' +
-                    '<a href="' + checkoutUrl + '" target="_blank" class="chatUpsellBtn">' +
-                    '<svg viewBox="0 0 24 24" width="18" height="18" fill="#1a1a1a"><path d="M16 18v2H8v-2h8zM11 7.99V16h2V7.99h3L12 4l-4 3.99h3z"/></svg>' +
-                    'Hesabını Yükselt</a>' +
-                    '<div class="chatUpsellDivider">ya da</div>' +
-                    '<a href="https://forum.ieu.app/material-info" target="_blank" class="chatUpsellBtnSecondary">' +
-                    '<svg viewBox="0 0 24 24" width="16" height="16" fill="#ccc"><path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11zM8 15.01l1.41 1.41L11 14.84V19h2v-4.16l1.59 1.59L16 15.01 12.01 11 8 15.01z"/></svg>' +
-                    'Materyal Yükle</a>' +
-                    '</div>';
+
+                // Icon
+                var iconDiv = document.createElement('div');
+                iconDiv.className = 'chatUpsellIcon';
+                var iconSvg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+                iconSvg.setAttribute('viewBox', '0 0 24 24');
+                iconSvg.setAttribute('width', '48');
+                iconSvg.setAttribute('height', '48');
+                iconSvg.setAttribute('fill', '#ffd700');
+                var iconPath = document.createElementNS('http://www.w3.org/2000/svg', 'path');
+                iconPath.setAttribute('d', 'M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z');
+                iconSvg.appendChild(iconPath);
+                iconDiv.appendChild(iconSvg);
+                upsell.appendChild(iconDiv);
+
+                // Title
+                var title = document.createElement('div');
+                title.className = 'chatUpsellTitle';
+                title.textContent = 'PDF Chat';
+                upsell.appendChild(title);
+
+                // Text
+                var text = document.createElement('div');
+                text.className = 'chatUpsellText';
+                text.innerHTML = 'PDF\'ler hakk\u0131nda <strong>yapay zeka</strong> ile sohbet edebilir, sorular sorabilirsiniz. Bu \u00f6zellik <strong>Premium</strong> ve <strong>VIP</strong> \u00fcyelere \u00f6zeldir.';
+                upsell.appendChild(text);
+
+                // Actions
+                var actions = document.createElement('div');
+                actions.className = 'chatUpsellActions';
+
+                // Primary button (upgrade)
+                var btn1 = document.createElement('button');
+                btn1.className = 'chatUpsellBtn';
+                var btn1Svg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+                btn1Svg.setAttribute('viewBox', '0 0 24 24');
+                btn1Svg.setAttribute('width', '18');
+                btn1Svg.setAttribute('height', '18');
+                btn1Svg.setAttribute('fill', '#1a1a1a');
+                var btn1Path = document.createElementNS('http://www.w3.org/2000/svg', 'path');
+                btn1Path.setAttribute('d', 'M16 18v2H8v-2h8zM11 7.99V16h2V7.99h3L12 4l-4 3.99h3z');
+                btn1Svg.appendChild(btn1Path);
+                btn1.appendChild(btn1Svg);
+                btn1.appendChild(document.createTextNode(' Hesab\u0131n\u0131 Y\u00fckselt'));
+                btn1.addEventListener('click', function () { window.open(checkoutUrl, '_blank'); });
+                actions.appendChild(btn1);
+
+                // Divider
+                var divider = document.createElement('div');
+                divider.className = 'chatUpsellDivider';
+                divider.textContent = 'ya da';
+                actions.appendChild(divider);
+
+                // Secondary button (upload material)
+                var btn2 = document.createElement('button');
+                btn2.className = 'chatUpsellBtnSecondary';
+                var btn2Svg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+                btn2Svg.setAttribute('viewBox', '0 0 24 24');
+                btn2Svg.setAttribute('width', '16');
+                btn2Svg.setAttribute('height', '16');
+                btn2Svg.setAttribute('fill', '#ccc');
+                var btn2Path = document.createElementNS('http://www.w3.org/2000/svg', 'path');
+                btn2Path.setAttribute('d', 'M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11zM8 15.01l1.41 1.41L11 14.84V19h2v-4.16l1.59 1.59L16 15.01 12.01 11 8 15.01z');
+                btn2Svg.appendChild(btn2Path);
+                btn2.appendChild(btn2Svg);
+                btn2.appendChild(document.createTextNode(' Materyal Y\u00fckle'));
+                btn2.addEventListener('click', function () { window.open(materialUrl, '_blank'); });
+                actions.appendChild(btn2);
+
+                upsell.appendChild(actions);
                 chatMessagesEl.appendChild(upsell);
             }
 
+            function showQuotaExhaustedUpsell(tier, resetsIn) {
+                var uid = (_cfg && _cfg.uid) || 0;
+                var checkoutUrl = 'https://forum.ieu.app/pay/checkout?uid=' + uid;
+                var resetText = resetsIn ? formatResetsIn(resetsIn) : '~4 saat';
+                var msg = document.createElement('div');
+                msg.className = 'chatMsg chatQuotaExhausted';
+
+                // Build using DOM methods to avoid MutationObserver stripping <a> tags
+                var icon = document.createElement('div');
+                icon.className = 'quotaExhaustedIcon';
+                var iconSvg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+                iconSvg.setAttribute('viewBox', '0 0 24 24');
+                iconSvg.setAttribute('width', '36');
+                iconSvg.setAttribute('height', '36');
+                var iconPath = document.createElementNS('http://www.w3.org/2000/svg', 'path');
+
+                if (tier === 'vip') {
+                    iconSvg.setAttribute('fill', '#f59e0b');
+                    iconPath.setAttribute('d', 'M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-2h2v2zm0-4h-2V7h2v6z');
+                } else {
+                    iconSvg.setAttribute('fill', '#ffd700');
+                    iconPath.setAttribute('d', 'M12 2L9.19 8.63 2 9.24l5.46 4.73L5.82 21 12 17.27 18.18 21l-1.64-7.03L22 9.24l-7.19-.61z');
+                }
+                iconSvg.appendChild(iconPath);
+                icon.appendChild(iconSvg);
+                msg.appendChild(icon);
+
+                var title = document.createElement('div');
+                title.className = 'quotaExhaustedTitle';
+                title.textContent = 'Mesaj kotas\u0131 doldu';
+                msg.appendChild(title);
+
+                var text = document.createElement('div');
+                text.className = 'quotaExhaustedText';
+                if (tier === 'vip') {
+                    text.textContent = 'Mesaj hakk\u0131n\u0131z\u0131 kulland\u0131n\u0131z. ' + resetText + ' sonra s\u0131f\u0131rlan\u0131r.';
+                } else {
+                    text.innerHTML = 'Kullan\u0131m hakk\u0131n\u0131z doldu. <strong>VIP</strong>\u2019e y\u00fckselterek \u00e7ok daha fazla kullan\u0131m hakk\u0131 kazan\u0131n!';
+                }
+                msg.appendChild(text);
+
+                if (tier !== 'vip') {
+                    // Use <button> + addEventListener instead of <a> to avoid
+                    // MutationObserver stripping (it removes <a> tags as dangerous)
+                    var btn = document.createElement('button');
+                    btn.className = 'quotaExhaustedBtn';
+                    var btnSvg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+                    btnSvg.setAttribute('viewBox', '0 0 24 24');
+                    btnSvg.setAttribute('width', '18');
+                    btnSvg.setAttribute('height', '18');
+                    btnSvg.setAttribute('fill', '#1a1a1a');
+                    var btnPath = document.createElementNS('http://www.w3.org/2000/svg', 'path');
+                    btnPath.setAttribute('d', 'M16 18v2H8v-2h8zM11 7.99V16h2V7.99h3L12 4l-4 3.99h3z');
+                    btnSvg.appendChild(btnPath);
+                    btn.appendChild(btnSvg);
+                    btn.appendChild(document.createTextNode(' Hesab\u0131n\u0131 Y\u00fckselt'));
+                    btn.addEventListener('click', function () { window.open(checkoutUrl, '_blank'); });
+                    msg.appendChild(btn);
+                }
+
+                var note = document.createElement('div');
+                note.className = 'quotaExhaustedNote';
+                note.textContent = resetText + ' sonra s\u0131f\u0131rlan\u0131r';
+                msg.appendChild(note);
+
+                chatMessagesEl.appendChild(msg);
+                chatMessagesEl.scrollTop = chatMessagesEl.scrollHeight;
+
+                // Disable input area
+                chatInputEl.disabled = true;
+                chatSendBtnEl.disabled = true;
+                chatInputEl.placeholder = 'Mesaj kotas\u0131 doldu';
+            }
+
             async function sendChatMessage() {
                 if (!chatIsPremium) return;
                 if (chatSending) return;
@@ -4180,7 +4391,12 @@
                     const data = await resp.json();
                     // Update quota bar from response
                     if (data.quota) {
-                        updateQuotaBar(data.quota.used, data.quota.max);
+                        updateQuotaBar(data.quota.used, data.quota.max, data.quota.resetsIn);
+                    }
+                    // Daily quota exhausted — show upsell
+                    if (resp.status === 429 && data.quotaExhausted) {
+                        showQuotaExhaustedUpsell(data.tier, data.quota && data.quota.resetsIn);
+                        return;
                     }
                     if (resp.ok && data.answer) {
                         addChatMessage('ai', data.answer, data.injectionWarning);
@@ -4198,9 +4414,12 @@
                     addChatMessage('error', 'Bağlantı hatası. Tekrar deneyin.');
                 } finally {
                     chatSending = false;
-                    chatSendBtnEl.disabled = false;
-                    updateSendBtnState();
-                    chatInputEl.focus();
+                    // Don't re-enable if quota exhausted (input was permanently disabled)
+                    if (!chatInputEl.disabled) {
+                        chatSendBtnEl.disabled = false;
+                        updateSendBtnState();
+                        chatInputEl.focus();
+                    }
                 }
             }