nodebb-plugin-pdf-secure2 1.5.0 → 1.5.1

package/lib/controllers.js

@@ -27,6 +27,12 @@ const QUOTAS = {
 
 // Apply admin-configured quota settings (called from library.js on init)
 Controllers.initQuotaSettings = function (settings) {
+	console.log('[PDF-Secure][DEBUG] initQuotaSettings called, settings:', JSON.stringify({
+		quotaPremiumTokens: settings?.quotaPremiumTokens,
+		quotaVipTokens: settings?.quotaVipTokens,
+		quotaWindowHours: settings?.quotaWindowHours,
+		geminiApiKey: settings?.geminiApiKey ? '***SET***' : '***EMPTY***',
+	}));
 	if (!settings) return;
 	const premiumTokens = parseInt(settings.quotaPremiumTokens, 10);
 	const vipTokens = parseInt(settings.quotaVipTokens, 10);
@@ -39,6 +45,7 @@ Controllers.initQuotaSettings = function (settings) {
 		QUOTAS.premium.window = windowMs;
 		QUOTAS.vip.window = windowMs;
 	}
+	console.log('[PDF-Secure][DEBUG] Final QUOTAS after init:', JSON.stringify(QUOTAS));
 };
 
 // DB-backed sliding window rate limiter
@@ -54,14 +61,16 @@ async function checkRateLimit(uid, tier) {
 		await db.sortedSetRemoveRangeByScore(key, '-inf', windowStart);
 		// Count remaining entries in window
 		const count = await db.sortedSetCard(key);
+		console.log('[PDF-Secure][DEBUG] checkRateLimit uid=%s tier=%s count=%d max=%d', uid, tier, count, rateConfig.max);
 		if (count >= rateConfig.max) {
+			console.log('[PDF-Secure][DEBUG] Rate limit BLOCKED uid=%s (%d >= %d)', uid, count, rateConfig.max);
 			return { allowed: false, used: count, max: rateConfig.max };
 		}
 		// Add current request (unique member via timestamp + random suffix)
 		await db.sortedSetAdd(key, now, `${now}:${crypto.randomBytes(4).toString('hex')}`);
 		return { allowed: true, used: count + 1, max: rateConfig.max };
 	} catch (err) {
-		console.error('[PDF-Secure] Rate limit DB error:', err.message);
+		console.error('[PDF-Secure][DEBUG] Rate limit DB ERROR:', err.message, err.stack);
 		return { allowed: false, used: 0, max: rateConfig.max };
 	}
 }
@@ -71,21 +80,29 @@ async function checkRateLimit(uid, tier) {
 function sumTokensFromMembers(members) {
 	let total = 0;
 	for (const m of members) {
-		const parts = (typeof m === 'string' ? m : m.value || '').split(':');
-		total += parseInt(parts[2], 10) || 0;
+		const raw = typeof m === 'string' ? m : m.value || '';
+		const parts = raw.split(':');
+		const tokenVal = parseInt(parts[2], 10) || 0;
+		total += tokenVal;
+		// Log each member for debugging (only if suspicious values)
+		if (tokenVal > 50000 || tokenVal < 0 || isNaN(parseInt(parts[2], 10))) {
+			console.log('[PDF-Secure][DEBUG] sumTokens UNUSUAL member: raw="%s" parts=%j tokenVal=%d', raw, parts, tokenVal);
+		}
 	}
 	return total;
 }
 
 // Token-based 4-hour sliding window quota (DB-backed sorted set)
 // Read-only check — does NOT add entries (call recordQuotaUsage after AI response)
-// Returns { allowed, used, max, resetsIn }
+// Returns { allowed, used, max, resetsIn, dbError }
 async function checkQuota(uid, tier) {
 	const cfg = QUOTAS[tier] || QUOTAS.premium;
 	const key = `pdf-secure:quota:${uid}`;
 	const now = Date.now();
 	const windowStart = now - cfg.window;
 
+	console.log('[PDF-Secure][DEBUG] checkQuota START uid=%s tier=%s key=%s max=%d window=%dms', uid, tier, key, cfg.max, cfg.window);
+
 	try {
 		// Remove expired entries outside the 4-hour window
 		await db.sortedSetRemoveRangeByScore(key, '-inf', windowStart);
@@ -93,22 +110,33 @@ async function checkQuota(uid, tier) {
 		const members = await db.getSortedSetRange(key, 0, -1);
 		const totalTokens = sumTokensFromMembers(members);
 
+		console.log('[PDF-Secure][DEBUG] checkQuota uid=%s members=%d totalTokens=%d max=%d', uid, members.length, totalTokens, cfg.max);
+		// Log first 5 members for debugging
+		if (members.length > 0) {
+			console.log('[PDF-Secure][DEBUG] checkQuota uid=%s sample members: %j', uid, members.slice(0, 5));
+		}
+
 		// Calculate resetsIn from oldest entry
 		let resetsIn = 0;
 		if (members.length > 0) {
 			const oldest = await db.getSortedSetRangeWithScores(key, 0, 0);
 			if (oldest && oldest.length > 0) {
 				resetsIn = Math.max(0, (oldest[0].score + cfg.window) - now);
+				console.log('[PDF-Secure][DEBUG] checkQuota uid=%s oldestScore=%d resetsIn=%dms (%s min)', uid, oldest[0].score, resetsIn, Math.round(resetsIn / 60000));
 			}
 		}
 
 		if (totalTokens >= cfg.max) {
+			console.log('[PDF-Secure][DEBUG] checkQuota BLOCKED uid=%s totalTokens=%d >= max=%d', uid, totalTokens, cfg.max);
 			return { allowed: false, used: totalTokens, max: cfg.max, resetsIn };
 		}
+		console.log('[PDF-Secure][DEBUG] checkQuota ALLOWED uid=%s totalTokens=%d < max=%d', uid, totalTokens, cfg.max);
 		return { allowed: true, used: totalTokens, max: cfg.max, resetsIn };
 	} catch (err) {
-		console.error('[PDF-Secure] Quota check DB error:', err.message);
-		return { allowed: false, used: 0, max: cfg.max, resetsIn: 0 };
+		console.error('[PDF-Secure][DEBUG] checkQuota DB ERROR uid=%s:', uid, err.message, err.stack);
+		// Fail-open on DB error: allow the request but log the issue
+		// Previously this was fail-closed which caused "kota doldu" on any DB hiccup
+		return { allowed: true, used: 0, max: cfg.max, resetsIn: 0, dbError: true };
 	}
 }
 
@@ -118,10 +146,13 @@ async function recordQuotaUsage(uid, tier, tokensUsed) {
 	const cfg = QUOTAS[tier] || QUOTAS.premium;
 	const key = `pdf-secure:quota:${uid}`;
 	const now = Date.now();
+	const member = `${now}:${crypto.randomBytes(4).toString('hex')}:${tokensUsed}`;
+
+	console.log('[PDF-Secure][DEBUG] recordQuotaUsage uid=%s tier=%s tokensUsed=%d member=%s', uid, tier, tokensUsed, member);
 
 	try {
 		// Add entry with token count encoded in member string
-		await db.sortedSetAdd(key, now, `${now}:${crypto.randomBytes(4).toString('hex')}:${tokensUsed}`);
+		await db.sortedSetAdd(key, now, member);
 
 		// Re-read total for accurate response
 		const members = await db.getSortedSetRange(key, 0, -1);
@@ -135,8 +166,10 @@ async function recordQuotaUsage(uid, tier, tokensUsed) {
 			}
 		}
 
+		console.log('[PDF-Secure][DEBUG] recordQuotaUsage uid=%s afterRecord: totalTokens=%d members=%d max=%d', uid, totalTokens, members.length, cfg.max);
 		return { used: totalTokens, max: cfg.max, resetsIn };
 	} catch (err) {
+		console.error('[PDF-Secure][DEBUG] recordQuotaUsage DB ERROR uid=%s:', uid, err.message, err.stack);
 		return { used: 0, max: cfg.max, resetsIn: 0 };
 	}
 }
@@ -148,6 +181,8 @@ async function getQuotaUsage(uid, tier) {
 	const now = Date.now();
 	const windowStart = now - cfg.window;
 
+	console.log('[PDF-Secure][DEBUG] getQuotaUsage uid=%s tier=%s', uid, tier);
+
 	try {
 		await db.sortedSetRemoveRangeByScore(key, '-inf', windowStart);
 		const members = await db.getSortedSetRange(key, 0, -1);
@@ -159,8 +194,10 @@ async function getQuotaUsage(uid, tier) {
 				resetsIn = Math.max(0, (oldest[0].score + cfg.window) - now);
 			}
 		}
+		console.log('[PDF-Secure][DEBUG] getQuotaUsage uid=%s result: used=%d max=%d members=%d resetsIn=%dms', uid, totalTokens, cfg.max, members.length, resetsIn);
 		return { used: totalTokens, max: cfg.max, resetsIn };
 	} catch (err) {
+		console.error('[PDF-Secure][DEBUG] getQuotaUsage DB ERROR uid=%s:', uid, err.message, err.stack);
 		return { used: 0, max: cfg.max, resetsIn: 0 };
 	}
 }
@@ -224,13 +261,17 @@ Controllers.servePdfBinary = async function (req, res) {
 };
 
 Controllers.handleChat = async function (req, res) {
+	console.log('[PDF-Secure][DEBUG] handleChat START uid=%s body.filename=%s', req.uid, req.body?.filename);
+
 	// Authentication gate
 	if (!req.uid) {
+		console.log('[PDF-Secure][DEBUG] handleChat REJECTED: not authenticated');
 		return res.status(401).json({ error: 'Authentication required' });
 	}
 
 	// Check AI availability
 	if (!geminiChat.isAvailable()) {
+		console.log('[PDF-Secure][DEBUG] handleChat REJECTED: AI not available (no API key?)');
 		return res.status(503).json({ error: 'AI chat is not configured' });
 	}
 
@@ -242,28 +283,42 @@ Controllers.handleChat = async function (req, res) {
 		groups.isMember(req.uid, 'VIP'),
 	]);
 	const isPremium = isAdmin || isGlobalMod || isPremiumMember || isVipMember;
+	console.log('[PDF-Secure][DEBUG] handleChat uid=%s groups: isAdmin=%s isGlobalMod=%s isPremium=%s isVip=%s', req.uid, isAdmin, isGlobalMod, isPremiumMember, isVipMember);
 	if (!isPremium) {
+		console.log('[PDF-Secure][DEBUG] handleChat REJECTED: not premium uid=%s', req.uid);
 		return res.status(403).json({ error: 'Bu özellik Premium/VIP üyelere özeldir.' });
 	}
 
 	const isVip = isVipMember || isAdmin;
 	const tier = isVip ? 'vip' : 'premium';
+	console.log('[PDF-Secure][DEBUG] handleChat uid=%s tier=%s isAdmin=%s', req.uid, tier, isAdmin);
+
+	// Quota check (admins bypass for testing)
+	let quotaResult;
+	if (isAdmin) {
+		const cfg = QUOTAS[tier] || QUOTAS.premium;
+		quotaResult = { allowed: true, used: 0, max: cfg.max, resetsIn: 0 };
+		console.log('[PDF-Secure][DEBUG] handleChat uid=%s ADMIN BYPASS - skipping quota/rate checks', req.uid);
+	} else {
+		// 4-hour rolling window quota check (visible to user in quota bar)
+		quotaResult = await checkQuota(req.uid, tier);
+		console.log('[PDF-Secure][DEBUG] handleChat uid=%s quotaResult: %j', req.uid, quotaResult);
+		if (!quotaResult.allowed) {
+			console.log('[PDF-Secure][DEBUG] handleChat REJECTED: quota exhausted uid=%s used=%d max=%d', req.uid, quotaResult.used, quotaResult.max);
+			return res.status(429).json({
+				error: 'Mesaj kotanız doldu.',
+				quotaExhausted: true,
+				quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn },
+				tier,
+			});
+		}
 
-	// 4-hour rolling window quota check (visible to user in quota bar)
-	const quotaResult = await checkQuota(req.uid, tier);
-	if (!quotaResult.allowed) {
-		return res.status(429).json({
-			error: 'Mesaj kotanız doldu.',
-			quotaExhausted: true,
-			quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn },
-			tier,
-		});
-	}
-
-	// Spam rate limiting (DB-backed 60s sliding window, not shown in UI)
-	const rateResult = await checkRateLimit(req.uid, tier);
-	if (!rateResult.allowed) {
-		return res.status(429).json({ error: 'Çok hızlı mesaj gönderiyorsunuz. Lütfen biraz bekleyin.', quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn } });
+		// Spam rate limiting (DB-backed 60s sliding window, not shown in UI)
+		const rateResult = await checkRateLimit(req.uid, tier);
+		if (!rateResult.allowed) {
+			console.log('[PDF-Secure][DEBUG] handleChat REJECTED: rate limit uid=%s', req.uid);
+			return res.status(429).json({ error: 'Çok hızlı mesaj gönderiyorsunuz. Lütfen biraz bekleyin.', quota: { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn } });
+		}
 	}
 
 	// Body validation
@@ -321,36 +376,48 @@ Controllers.handleChat = async function (req, res) {
 	}
 
 	try {
+		console.log('[PDF-Secure][DEBUG] handleChat calling geminiChat.chat uid=%s file=%s question="%s" historyLen=%d tier=%s detailMode=%s',
+			req.uid, safeName, trimmedQuestion.slice(0, 80), (history || []).length, tier, useDetailMode);
 		const result = await geminiChat.chat(safeName, trimmedQuestion, history || [], tier, useDetailMode);
 		// Record actual token usage after successful AI response
 		// Sanitize: clamp to [0, 1000000] to prevent NaN/negative/absurd values
+		const rawTokens = result.tokensUsed;
 		const tokensUsed = Math.max(0, Math.min(parseInt(result.tokensUsed, 10) || 0, 1000000));
+		console.log('[PDF-Secure][DEBUG] handleChat AI SUCCESS uid=%s rawTokens=%s parsedTokens=%d answerLen=%d suspicious=%s',
+			req.uid, rawTokens, tokensUsed, (result.text || '').length, result.suspicious);
 		const updatedQuota = await recordQuotaUsage(req.uid, tier, tokensUsed);
+		console.log('[PDF-Secure][DEBUG] handleChat RESPONSE uid=%s quota: used=%d max=%d', req.uid, updatedQuota.used, updatedQuota.max);
 		return res.json({
 			answer: result.text,
 			injectionWarning: result.suspicious || false,
 			quota: updatedQuota,
 		});
 	} catch (err) {
-		console.error('[PDF-Secure] Chat error:', err.message, err.status || '', err.code || '');
+		console.error('[PDF-Secure][DEBUG] handleChat ERROR uid=%s:', req.uid, err.message, 'status=', err.status || 'none', 'code=', err.code || 'none');
+		console.error('[PDF-Secure][DEBUG] handleChat ERROR stack:', err.stack);
 		// On error, no tokens were used — return pre-call quota
 		const quota = { used: quotaResult.used, max: quotaResult.max, resetsIn: quotaResult.resetsIn };
 
 		if (err.message === 'File not found') {
+			console.log('[PDF-Secure][DEBUG] handleChat returning 404 PDF not found');
 			return res.status(404).json({ error: 'PDF bulunamadı.', quota });
 		}
 		if (err.message === 'PDF too large for AI chat') {
+			console.log('[PDF-Secure][DEBUG] handleChat returning 413 PDF too large');
 			const sizeMsg = tier === 'premium'
 				? 'Bu PDF, Premium limiti (20MB) aşıyor. VIP üyelikle 50MB\'a kadar PDF\'lerle sohbet edebilirsiniz.'
 				: 'Bu PDF çok büyük. AI chat için maksimum dosya boyutu 50MB.';
 			return res.status(413).json({ error: sizeMsg, quota, showUpgrade: tier === 'premium' });
 		}
 		if (err.status === 429 || err.message.includes('rate limit') || err.message.includes('quota')) {
+			console.log('[PDF-Secure][DEBUG] handleChat returning 429 Gemini rate limit/quota');
 			return res.status(429).json({ error: 'AI servisi şu an yoğun. Lütfen birkaç saniye sonra tekrar deneyin.', quota });
 		}
 		if (err.status === 401 || err.status === 403 || err.message.includes('API key')) {
+			console.log('[PDF-Secure][DEBUG] handleChat returning 503 API key/auth issue');
 			return res.status(503).json({ error: 'AI servisi yapılandırma hatası. Yöneticiyle iletişime geçin.', quota });
 		}
+		console.log('[PDF-Secure][DEBUG] handleChat returning 500 generic error');
 		return res.status(500).json({ error: 'AI yanıt veremedi. Lütfen tekrar deneyin.', quota });
 	}
 };
@@ -365,10 +432,12 @@ setInterval(() => {
 	}
 }, 5 * 60 * 1000).unref();
 Controllers.getSuggestions = async function (req, res) {
+	console.log('[PDF-Secure][DEBUG] getSuggestions START uid=%s filename=%s', req.uid, req.query?.filename);
 	if (!req.uid) {
 		return res.status(401).json({ error: 'Authentication required' });
 	}
 	if (!geminiChat.isAvailable()) {
+		console.log('[PDF-Secure][DEBUG] getSuggestions REJECTED: AI not available');
 		return res.status(503).json({ error: 'AI chat is not configured' });
 	}
 
@@ -379,6 +448,7 @@ Controllers.getSuggestions = async function (req, res) {
 		groups.isMember(req.uid, 'Premium'),
 		groups.isMember(req.uid, 'VIP'),
 	]);
+	console.log('[PDF-Secure][DEBUG] getSuggestions uid=%s groups: admin=%s gmod=%s premium=%s vip=%s', req.uid, isAdmin, isGlobalMod, isPremiumMember, isVipMember);
 	if (!isAdmin && !isGlobalMod && !isPremiumMember && !isVipMember) {
 		return res.status(403).json({ error: 'Premium/VIP only' });
 	}
@@ -410,11 +480,47 @@ Controllers.getSuggestions = async function (req, res) {
 	}
 
 	try {
+		console.log('[PDF-Secure][DEBUG] getSuggestions calling generateSuggestions file=%s tier=%s', safeName, tier);
 		const suggestions = await geminiChat.generateSuggestions(safeName, tier);
 		const quotaUsage = await getQuotaUsage(req.uid, tier);
+		console.log('[PDF-Secure][DEBUG] getSuggestions SUCCESS uid=%s suggestions=%d quota: used=%d max=%d', req.uid, suggestions.length, quotaUsage.used, quotaUsage.max);
 		return res.json({ suggestions, quota: quotaUsage });
 	} catch (err) {
-		console.error('[PDF-Secure] Suggestions error:', err.message);
+		console.error('[PDF-Secure][DEBUG] getSuggestions ERROR uid=%s:', req.uid, err.message, err.stack);
 		return res.json({ suggestions: [] });
 	}
 };
+
+// Admin: reset quota for a specific user or all users
+Controllers.resetQuota = async function (req, res) {
+	console.log('[PDF-Secure][DEBUG] resetQuota called by uid=%s body=%j', req.uid, req.body);
+	if (!req.uid) {
+		return res.status(401).json({ error: 'Authentication required' });
+	}
+
+	const isAdmin = await groups.isMember(req.uid, 'administrators');
+	if (!isAdmin) {
+		console.log('[PDF-Secure][DEBUG] resetQuota REJECTED: uid=%s not admin', req.uid);
+		return res.status(403).json({ error: 'Admin only' });
+	}
+
+	const targetUid = parseInt(req.body.uid, 10);
+
+	try {
+		if (targetUid > 0) {
+			// Reset specific user's quota and rate limit
+			console.log('[PDF-Secure][DEBUG] resetQuota deleting quota+ratelimit for uid=%s (requested by admin uid=%s)', targetUid, req.uid);
+			await db.delete(`pdf-secure:quota:${targetUid}`);
+			await db.delete(`pdf-secure:ratelimit:${targetUid}`);
+			return res.json({ success: true, message: `UID ${targetUid} kotası sıfırlandı.` });
+		}
+		// No uid specified: reset the calling admin's own quota
+		console.log('[PDF-Secure][DEBUG] resetQuota deleting own quota+ratelimit for admin uid=%s', req.uid);
+		await db.delete(`pdf-secure:quota:${req.uid}`);
+		await db.delete(`pdf-secure:ratelimit:${req.uid}`);
+		return res.json({ success: true, message: 'Kendi kotanız sıfırlandı.' });
+	} catch (err) {
+		console.error('[PDF-Secure][DEBUG] resetQuota ERROR:', err.message, err.stack);
+		return res.status(500).json({ error: 'Kota sıfırlama hatası.' });
+	}
+};

package/lib/gemini-chat.js

@@ -159,16 +159,18 @@ GeminiChat.setCustomPrompts = function (prompts) {
 };
 
 GeminiChat.init = function (apiKey) {
+	console.log('[PDF-Secure][DEBUG] GeminiChat.init called, apiKey=%s', apiKey ? '***' + apiKey.slice(-6) : '***EMPTY***');
 	if (!apiKey) {
 		ai = null;
+		console.log('[PDF-Secure][DEBUG] GeminiChat.init: no API key, ai=null');
 		return;
 	}
 	try {
 		const { GoogleGenAI } = require('@google/genai');
 		ai = new GoogleGenAI({ apiKey });
-		console.log('[PDF-Secure] Gemini AI client initialized');
+		console.log('[PDF-Secure][DEBUG] GeminiChat.init SUCCESS - Gemini AI client initialized');
 	} catch (err) {
-		console.error('[PDF-Secure] Failed to initialize Gemini client:', err.message);
+		console.error('[PDF-Secure][DEBUG] GeminiChat.init FAILED:', err.message, err.stack);
 		ai = null;
 	}
 };
@@ -183,16 +185,20 @@ async function getOrUploadPdf(filename, tier) {
 	// Check file upload cache first
 	const cached = fileUploadCache.get(filename);
 	if (cached && Date.now() - cached.cachedAt < PDF_DATA_TTL) {
+		console.log('[PDF-Secure][DEBUG] getOrUploadPdf CACHED file=%s uri=%s', filename, cached.fileUri);
 		return { type: 'fileData', fileUri: cached.fileUri, mimeType: cached.mimeType };
 	}
 
 	const filePath = pdfHandler.resolveFilePath(filename);
+	console.log('[PDF-Secure][DEBUG] getOrUploadPdf file=%s resolvedPath=%s', filename, filePath);
 	if (!filePath || !fs.existsSync(filePath)) {
+		console.log('[PDF-Secure][DEBUG] getOrUploadPdf FILE NOT FOUND file=%s path=%s', filename, filePath);
 		throw new Error('File not found');
 	}
 
 	const maxSize = MAX_FILE_SIZE[tier] || MAX_FILE_SIZE.premium;
 	const stats = await fs.promises.stat(filePath);
+	console.log('[PDF-Secure][DEBUG] getOrUploadPdf file=%s size=%dKB maxSize=%dKB tier=%s', filename, Math.round(stats.size / 1024), Math.round(maxSize / 1024), tier);
 	if (stats.size > maxSize) {
 		throw new Error('PDF too large for AI chat');
 	}
@@ -211,9 +217,11 @@ async function getOrUploadPdf(filename, tier) {
 	for (let i = 0; i < methods.length; i++) {
 		if (uploadResult) break;
 		try {
+			console.log('[PDF-Secure][DEBUG] getOrUploadPdf trying upload method %d for %s', i + 1, filename);
 			uploadResult = await methods[i]();
+			console.log('[PDF-Secure][DEBUG] getOrUploadPdf upload method %d SUCCESS uri=%s', i + 1, uploadResult?.uri);
 		} catch (err) {
-			console.warn('[PDF-Secure] File API upload method', i + 1, 'failed:', err.message);
+			console.warn('[PDF-Secure][DEBUG] getOrUploadPdf upload method %d FAILED: %s', i + 1, err.message);
 		}
 	}
 
@@ -223,8 +231,9 @@ async function getOrUploadPdf(filename, tier) {
 	}
 
 	// All upload methods failed — fallback to inline base64
-	console.error('[PDF-Secure] File API upload failed for', filename, '- falling back to inline base64');
+	console.error('[PDF-Secure][DEBUG] getOrUploadPdf ALL upload methods FAILED for %s - falling back to inline base64', filename);
 	const base64 = fileBuffer.toString('base64');
+	console.log('[PDF-Secure][DEBUG] getOrUploadPdf inline base64 size=%dKB', Math.round(base64.length / 1024));
 	return { type: 'inlineData', mimeType: 'application/pdf', data: base64 };
 }
 
@@ -261,7 +270,9 @@ function isSummaryRequest(question, history) {
 }
 
 GeminiChat.chat = async function (filename, question, history, tier, detailMode) {
+	console.log('[PDF-Secure][DEBUG] chat START file=%s question="%s" historyLen=%d tier=%s detailMode=%s', filename, question.slice(0, 60), history.length, tier, detailMode);
 	if (!ai) {
+		console.log('[PDF-Secure][DEBUG] chat FAILED: ai is null (not initialized)');
 		throw new Error('AI chat is not configured');
 	}
 
@@ -269,12 +280,15 @@ GeminiChat.chat = async function (filename, question, history, tier, detailMode)
 	if (isSummaryRequest(question, history)) {
 		const cached = summaryCache.get(filename);
 		if (cached && Date.now() - cached.cachedAt < SUMMARY_TTL) {
+			console.log('[PDF-Secure][DEBUG] chat returning CACHED summary for %s (tokensUsed=0)', filename);
 			return { text: cached.text, suspicious: false, tokensUsed: 0 };
 		}
 	}
 
 	const config = TIER_CONFIG[tier] || TIER_CONFIG.premium;
+	console.log('[PDF-Secure][DEBUG] chat uploading/fetching PDF for %s', filename);
 	const pdfRef = await getOrUploadPdf(filename, tier);
+	console.log('[PDF-Secure][DEBUG] chat pdfRef type=%s fileUri=%s', pdfRef.type, pdfRef.fileUri || 'inline');
 
 	// Build conversation contents from history (trimmed to last N entries)
 	// Cost optimization: only recent messages get full text, older ones are truncated
@@ -347,35 +361,46 @@ GeminiChat.chat = async function (filename, question, history, tier, detailMode)
 		systemInstruction += '\n' + SECURITY_RULES;
 	}
 
+	const maxOutputTokens = (tier === 'vip' && detailMode) ? config.detailedMaxOutputTokens : config.maxOutputTokens;
+	console.log('[PDF-Secure][DEBUG] chat calling Gemini API model=%s maxOutputTokens=%d contentsLen=%d', MODEL_NAME, maxOutputTokens, fullContents.length);
+
 	const response = await ai.models.generateContent({
 		model: MODEL_NAME,
 		contents: fullContents,
 		config: {
 			systemInstruction,
-			maxOutputTokens: (tier === 'vip' && detailMode) ? config.detailedMaxOutputTokens : config.maxOutputTokens,
+			maxOutputTokens,
 		},
 	});
 
+	console.log('[PDF-Secure][DEBUG] chat Gemini API response received');
+
 	const text = response?.candidates?.[0]?.content?.parts?.[0]?.text;
 	if (!text) {
+		console.log('[PDF-Secure][DEBUG] chat EMPTY RESPONSE from Gemini. candidates=%j', response?.candidates);
 		throw new Error('Empty response from AI');
 	}
 
 	// Extract output token count — multiple fallbacks for SDK version compatibility
 	const usage = response?.usageMetadata || response?.usage_metadata || {};
+	console.log('[PDF-Secure][DEBUG] chat usageMetadata raw: %j', usage);
 	let tokensUsed = usage.candidatesTokenCount
 		|| usage.candidates_token_count
 		|| usage.outputTokenCount
 		|| usage.output_token_count
 		|| 0;
+	console.log('[PDF-Secure][DEBUG] chat token extraction: candidatesTokenCount=%s candidates_token_count=%s outputTokenCount=%s output_token_count=%s => tokensUsed=%s',
+		usage.candidatesTokenCount, usage.candidates_token_count, usage.outputTokenCount, usage.output_token_count, tokensUsed);
 	// Last resort: estimate from text length if API didn't return token count
 	// (~4 chars per token is a reasonable approximation for multilingual text)
 	if (!tokensUsed && text.length > 0) {
 		tokensUsed = Math.ceil(text.length / 4);
+		console.log('[PDF-Secure][DEBUG] chat token ESTIMATED from text length: textLen=%d => tokensUsed=%d', text.length, tokensUsed);
 	}
 
 	const result = sanitizeAiOutput(text);
 	result.tokensUsed = tokensUsed;
+	console.log('[PDF-Secure][DEBUG] chat DONE file=%s tokensUsed=%d textLen=%d suspicious=%s', filename, tokensUsed, text.length, result.suspicious);
 
 	// Cache summary responses (most expensive request type)
 	if (isSummaryRequest(question, history) && !result.suspicious) {
@@ -387,7 +412,9 @@ GeminiChat.chat = async function (filename, question, history, tier, detailMode)
 
 // Generate AI-powered question suggestions for a PDF
 GeminiChat.generateSuggestions = async function (filename, tier) {
+	console.log('[PDF-Secure][DEBUG] generateSuggestions START file=%s tier=%s', filename, tier);
 	if (!ai) {
+		console.log('[PDF-Secure][DEBUG] generateSuggestions FAILED: ai is null');
 		throw new Error('AI chat is not configured');
 	}
 
@@ -395,6 +422,7 @@ GeminiChat.generateSuggestions = async function (filename, tier) {
 	const cacheKey = filename + '::' + (tier || 'premium');
 	const cached = suggestionsCache.get(cacheKey);
 	if (cached && Date.now() - cached.cachedAt < SUGGESTIONS_TTL) {
+		console.log('[PDF-Secure][DEBUG] generateSuggestions returning CACHED for %s', cacheKey);
 		return cached.suggestions;
 	}
 

package/library.js

@@ -77,12 +77,23 @@ plugin.init = async (params) => {
 	// AI suggestions endpoint (Premium/VIP only)
 	router.get('/api/v3/plugins/pdf-secure/suggestions', controllers.getSuggestions);
 
+	// Admin: reset user quota (for testing/support)
+	router.post('/api/v3/plugins/pdf-secure/reset-quota', controllers.resetQuota);
+
 	// Load plugin settings
 	pluginSettings = await meta.settings.get('pdf-secure') || {};
+	console.log('[PDF-Secure][DEBUG] Plugin settings loaded. Keys:', Object.keys(pluginSettings).join(', '));
+	console.log('[PDF-Secure][DEBUG] geminiApiKey=%s, quotaPremium=%s, quotaVip=%s, quotaWindow=%s',
+		pluginSettings.geminiApiKey ? '***SET(' + pluginSettings.geminiApiKey.length + ' chars)' : '***EMPTY***',
+		pluginSettings.quotaPremiumTokens || 'default',
+		pluginSettings.quotaVipTokens || 'default',
+		pluginSettings.quotaWindowHours || 'default');
 
 	// Initialize Gemini AI chat (if API key is configured)
 	if (pluginSettings.geminiApiKey) {
 		geminiChat.init(pluginSettings.geminiApiKey);
+	} else {
+		console.log('[PDF-Secure][DEBUG] WARNING: No Gemini API key configured! AI chat will be disabled.');
 	}
 
 	// Apply admin-configured quota settings

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure2",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/lib/admin.js

@@ -34,6 +34,31 @@ define('admin/plugins/pdf-secure', ['settings', 'alerts'], function (Settings, a
 		$('#deselectAllCats').on('click', function () {
 			$('#categoryCheckboxes input[type="checkbox"]').prop('checked', false);
 		});
+
+		// Quota reset button
+		$('#resetQuotaBtn').on('click', function () {
+			var uid = parseInt($('#resetQuotaUid').val(), 10) || 0;
+			var btn = $(this);
+			btn.prop('disabled', true);
+			$('#resetQuotaResult').text('Sifirlaniyor...').css('color', '#6c757d');
+
+			$.ajax({
+				url: config.relative_path + '/api/v3/plugins/pdf-secure/reset-quota',
+				type: 'POST',
+				contentType: 'application/json',
+				headers: { 'x-csrf-token': config.csrf_token },
+				data: JSON.stringify(uid > 0 ? { uid: uid } : {}),
+				success: function (data) {
+					$('#resetQuotaResult').text(data.message || 'Basarili!').css('color', '#198754');
+					btn.prop('disabled', false);
+				},
+				error: function (xhr) {
+					var msg = (xhr.responseJSON && xhr.responseJSON.error) || 'Hata olustu.';
+					$('#resetQuotaResult').text(msg).css('color', '#dc3545');
+					btn.prop('disabled', false);
+				},
+			});
+		});
 	};
 
 	function loadCategories() {

package/static/templates/admin/plugins/pdf-secure.tpl

@@ -153,11 +153,27 @@
 									<div class="form-text" style="font-size:11px;">Varsayilan: 4 saat. Kota bu sure icerisinde sifirlanir.</div>
 								</div>
 
-								<div class="alert alert-light border d-flex gap-2 mb-0" role="alert" style="font-size:12px;">
+								<div class="alert alert-light border d-flex gap-2 mb-3" role="alert" style="font-size:12px;">
 									<svg viewBox="0 0 24 24" style="width:16px;height:16px;fill:#0d6efd;flex-shrink:0;margin-top:1px;"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-6h2v6zm0-8h-2V7h2v2z"/></svg>
 									<div>
 										Sadece output (yanit) tokenleri sayilir. PDF ve soru tokenleri dahil degildir.<br>
-										Ortalama mesaj ~1000-2000 token, uzun ozet ~3000-4000 token tuketir.
+										Ortalama mesaj ~1000-2000 token, uzun ozet ~3000-4000 token tuketir.<br>
+										<strong>Not:</strong> Admin kullanicilari kota sinirlamasindan muaftir.
+									</div>
+								</div>
+
+								<hr class="my-3">
+								<h6 class="fw-semibold mb-3" style="font-size:13px;">Kota Sifirlama</h6>
+								<div class="row g-3 align-items-end">
+									<div class="col-auto">
+										<label class="form-label fw-medium" for="resetQuotaUid" style="font-size:13px;">Kullanici UID</label>
+										<input type="number" id="resetQuotaUid" class="form-control form-control-sm" placeholder="Bos = kendi kotam" min="0" style="width:150px;">
+									</div>
+									<div class="col-auto">
+										<button type="button" id="resetQuotaBtn" class="btn btn-sm btn-outline-warning">Kotayi Sifirla</button>
+									</div>
+									<div class="col-auto">
+										<span id="resetQuotaResult" style="font-size:12px;"></span>
 									</div>
 								</div>
 							</div>