webtools-cli 1.2.0__tar.gz → 1.2.2__tar.gz

{webtools_cli-1.2.0 → webtools_cli-1.2.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: webtools-cli
-Version: 1.2.0
+Version: 1.2.2
 Summary: Advanced Web Intelligence & Scraping Toolkit with CLI and Web UI
 Author: Abhinav Adarsh
 License-Expression: MIT
@@ -29,6 +29,8 @@ Requires-Dist: Pillow
 Requires-Dist: mtranslate
 Requires-Dist: colorama
 Requires-Dist: playwright
+Requires-Dist: mega.py
+Requires-Dist: pycryptodome
 Requires-Dist: pyreadline3; platform_system == "Windows"
 Provides-Extra: playwright
 Requires-Dist: playwright; extra == "playwright"
@@ -52,6 +54,7 @@ WebTools CLI is an advanced web intelligence suite for researchers, OSINT enthus
 
 - **🎯 Stealth & Speed**: Smart proxy rotation and Turbo-Fetch logic for evasion and performance.
 - **🧠 AI-Powered**: Automated content summarization, sentiment analysis, and readability scoring.
+- **☁️ Cloud-Native**: Integrated Mega.nz storage for seamless media backups and file management.
 - **🔧 Security-Centric**: Built-in honeypot detection, threat leveling, and image forensic analysis.
 - **💻 Terminal-First**: Designed for power users who live in the command line.
 - **🛡️ Cross-Platform**: Works seamlessly on Windows, Linux, and macOS (with auto-download for Windows tunnels).
@@ -84,6 +87,8 @@ pip install webtools-cli --upgrade
 ### Advanced Scraping & Stealth
 - **Smart Proxy Rotation**: Automatically rotates User-Agents and Proxies to evade detection.
 - **Turbo-Fetch**: Parallel chunk downloads for large media (Videos/Images).
+- **Mega Cloud Drive**: Native integration with Mega.nz for multi-account storage and file management.
+- **One-Click Save**: Instantly save scraped images and videos directly to your cloud storage.
 - **Deep Crawl**: Recursive link mapping up to 3 levels deep.
 - **Headless Fallback**: Integrated Playwright support for auth-walled or SPA environments.
 

{webtools_cli-1.2.0 → webtools_cli-1.2.2}/README.md

@@ -16,6 +16,7 @@ WebTools CLI is an advanced web intelligence suite for researchers, OSINT enthus
 
 - **🎯 Stealth & Speed**: Smart proxy rotation and Turbo-Fetch logic for evasion and performance.
 - **🧠 AI-Powered**: Automated content summarization, sentiment analysis, and readability scoring.
+- **☁️ Cloud-Native**: Integrated Mega.nz storage for seamless media backups and file management.
 - **🔧 Security-Centric**: Built-in honeypot detection, threat leveling, and image forensic analysis.
 - **💻 Terminal-First**: Designed for power users who live in the command line.
 - **🛡️ Cross-Platform**: Works seamlessly on Windows, Linux, and macOS (with auto-download for Windows tunnels).
@@ -48,6 +49,8 @@ pip install webtools-cli --upgrade
 ### Advanced Scraping & Stealth
 - **Smart Proxy Rotation**: Automatically rotates User-Agents and Proxies to evade detection.
 - **Turbo-Fetch**: Parallel chunk downloads for large media (Videos/Images).
+- **Mega Cloud Drive**: Native integration with Mega.nz for multi-account storage and file management.
+- **One-Click Save**: Instantly save scraped images and videos directly to your cloud storage.
 - **Deep Crawl**: Recursive link mapping up to 3 levels deep.
 - **Headless Fallback**: Integrated Playwright support for auth-walled or SPA environments.
 

{webtools_cli-1.2.0 → webtools_cli-1.2.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "webtools-cli"
-version = "1.2.0"
+version = "1.2.2"
 description = "Advanced Web Intelligence & Scraping Toolkit with CLI and Web UI"
 readme = "README.md"
 license = "MIT"
@@ -36,6 +36,8 @@ dependencies = [
     "mtranslate",
     "colorama",
     "playwright",
+    "mega.py",
+    "pycryptodome",
     "pyreadline3; platform_system == 'Windows'",
 ]
 

{webtools_cli-1.2.0 → webtools_cli-1.2.2}/webtools/core.py

@@ -7,6 +7,32 @@ if sys.stdout.encoding and sys.stdout.encoding.lower() != 'utf-8':
         sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8', errors='replace')
     except Exception: pass
 
+# --- AUTO-INSTALLER FOR MISSING DEPENDENCIES ---
+def ensure_dependencies():
+    """Checks and installs missing dependencies at runtime"""
+    dependencies = {
+        "mega": "mega.py",
+        "Crypto": "pycryptodome"
+    }
+    missing = []
+    for module_name, package_name in dependencies.items():
+        try:
+            __import__(module_name)
+        except ImportError:
+            missing.append(package_name)
+    
+    if missing:
+        print(f"\n[!] Missing dependencies detected: {', '.join(missing)}")
+        print("[*] Attempting automatic installation...")
+        try:
+            subprocess.check_call([sys.executable, "-m", "pip", "install"] + missing)
+            print("[+] Dependencies installed successfully!\n")
+        except Exception as e:
+            print(f"[-] Auto-installation failed: {e}")
+            print("[!] Please run: pip install mega.py pycryptodome")
+
+ensure_dependencies()
+
 
 # --- PACKAGE PATHS ---
 PACKAGE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -23,9 +49,179 @@ except ImportError:
 import numpy as np
 from bs4 import BeautifulSoup
 from collections import Counter
-from flask import Flask, render_template_string, send_from_directory, request, jsonify, send_file
+from flask import Flask, render_template_string, send_from_directory, request, jsonify, send_file, after_this_request
 from PIL import Image,ExifTags,ImageChops,ImageEnhance
 from io import BytesIO
+from mega import Mega
+try:
+    from mega.errors import RequestError
+    from mega.crypto import (
+        base64_to_a32, decrypt_key, base64_url_decode, a32_to_str, 
+        encrypt_key, str_to_a32, mpi_to_int, base64_url_encode
+    )
+    from Crypto.PublicKey import RSA
+    import binascii
+except ImportError:
+    class RequestError(Exception): pass
+
+# --- MONKEY PATCH FOR MEGA.PY (Fixes TypeError in AES calls) ---
+try:
+    from Crypto.Cipher import AES
+    import mega.mega as mega_module
+    _original_aes_new = AES.new
+    
+    def _patched_aes_new(key, *args, **kwargs):
+        # Convert key to bytes if string
+        if isinstance(key, str):
+            key = key.encode('latin-1')
+        
+        # Convert positional arguments (like IV/mode) to bytes if strings
+        new_args = list(args)
+        for i in range(len(new_args)):
+            if isinstance(new_args[i], str):
+                new_args[i] = new_args[i].encode('latin-1')
+            
+        # Convert keyword arguments (IV, nonce, etc.) to bytes if strings
+        for k in kwargs:
+            if isinstance(kwargs[k], str):
+                kwargs[k] = kwargs[k].encode('latin-1')
+                
+        return _original_aes_new(key, *new_args, **kwargs)
+    
+    # Apply patch globally
+    AES.new = _patched_aes_new
+    if hasattr(mega_module, 'AES'):
+        mega_module.AES.new = _patched_aes_new
+except Exception:
+    pass
+
+class RobustMega(Mega):
+    """
+    Patched version of Mega library to handle fragile API responses.
+    The original library crashes if the API returns non-JSON or an empty string.
+    """
+    def _login_process(self, resp, password):
+        """
+        Overridden to fix 'Invalid RSA public exponent' error in newer pycryptodome.
+        The original code passes 0 as the exponent, which is rejected.
+        """
+        encrypted_master_key = base64_to_a32(resp['k'])
+        self.master_key = decrypt_key(encrypted_master_key, password)
+        if 'tsid' in resp:
+            tsid = base64_url_decode(resp['tsid'])
+            key_encrypted = a32_to_str(
+                encrypt_key(str_to_a32(tsid[:16]), self.master_key)
+            )
+            if key_encrypted == tsid[-16:]:
+                self.sid = resp['tsid']
+        elif 'csid' in resp:
+            encrypted_rsa_private_key = base64_to_a32(resp['privk'])
+            rsa_private_key = decrypt_key(
+                encrypted_rsa_private_key, self.master_key
+            )
+
+            private_key_str = a32_to_str(rsa_private_key)
+            self.rsa_private_key = [0, 0, 0, 0]
+            
+            # This loop parses the 4 components: p, q, d, u
+            for i in range(4):
+                l = int(((private_key_str[0]) * 256 + (private_key_str[1]) + 7) / 8) + 2
+                self.rsa_private_key[i] = mpi_to_int(private_key_str[:l])
+                private_key_str = private_key_str[l:]
+
+            encrypted_sid = mpi_to_int(base64_url_decode(resp['csid']))
+            
+            # The Fix: Calculate the real 'e' from p, q, d
+            p = self.rsa_private_key[0]
+            q = self.rsa_private_key[1]
+            d = self.rsa_private_key[2]
+            n = p * q
+            phi = (p - 1) * (q - 1)
+            
+            try:
+                # Calculate real e = d^-1 mod phi
+                e = pow(d, -1, phi)
+                rsa_decrypter = RSA.construct((n, e, d, p, q))
+            except:
+                # Fallback to 65537 if inverse fails (shouldn't happen)
+                e = 65537
+                rsa_decrypter = RSA.construct((n, e, d, p, q), consistency_check=False)
+            
+            # Handle potential library differences in how the key is accessed
+            key_obj = rsa_decrypter.key if hasattr(rsa_decrypter, 'key') else rsa_decrypter
+            
+            # Decrypt sid integer
+            sid_int = key_obj._decrypt(encrypted_sid)
+            
+            # Convert to hex then to bytes, ensuring we handle the 0 padding if any
+            sid_hex = '%x' % sid_int
+            if len(sid_hex) % 2:
+                sid_hex = '0' + sid_hex
+            sid_bytes = binascii.unhexlify(sid_hex)
+            
+            self.sid = base64_url_encode(sid_bytes[:43])
+
+    def _api_request(self, data):
+        params = {'id': self.sequence_num}
+        self.sequence_num += 1
+
+        if self.sid:
+            params.update({'sid': self.sid})
+
+        if not isinstance(data, list):
+            data = [data]
+
+        url = '{0}://g.api.{1}/cs'.format(self.schema, self.domain)
+        headers = {
+            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36',
+            'Accept': '*/*',
+            'Accept-Language': 'en-US,en;q=0.9',
+            'Origin': 'https://mega.nz',
+            'Referer': 'https://mega.nz/'
+        }
+        
+        try:
+            req = requests.post(
+                url,
+                params=params,
+                data=json.dumps(data),
+                headers=headers,
+                timeout=self.timeout,
+            )
+            
+            content = req.text.strip() if req.text else ""
+            
+            if not content:
+                if req.status_code == 402:
+                    raise Exception("Mega.nz is temporarily blocking this connection (Status 402). This usually happens due to rate-limiting. Please try again later or use a different network.")
+                raise Exception(f"Mega API returned empty response (Status {req.status_code})")
+                
+            try:
+                json_resp = json.loads(content)
+            except json.JSONDecodeError:
+                # Try to parse as integer error code
+                try:
+                    val = int(content)
+                    raise RequestError(val)
+                except (ValueError, RequestError):
+                    if content.startswith("-") and content[1:].isdigit():
+                         raise RequestError(int(content))
+                    raise Exception(f"Mega API error: {content[:100]}")
+
+            if isinstance(json_resp, int):
+                if json_resp == -3:
+                    time.sleep(0.5)
+                    return self._api_request(data=data)
+                raise RequestError(json_resp)
+            
+            return json_resp[0]
+        except Exception:
+            raise
+
+# Global Mega session state
+mega_engine = RobustMega()
+mega_sessions = {} # Mapping: email -> {'client': MegaClient, 'info': user_info, 'quota': quota}
+active_mega_email = None
 
 try:
     from playwright.sync_api import sync_playwright
@@ -144,6 +340,8 @@ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 # Directories setup kar rahe hain
 os.makedirs(os.path.join(SCRAPED_DIR, 'images'), exist_ok=True)
 os.makedirs(os.path.join(SCRAPED_DIR, 'videos'), exist_ok=True)
+CLOUD_DIR = os.path.join(os.getcwd(), 'cloud_storage')
+os.makedirs(CLOUD_DIR, exist_ok=True)
 
 # --- PERFORMANCE AUDITOR ---
 class PerformanceTracker:
@@ -429,12 +627,339 @@ def serve_js():
 def serve_favicon():
     return send_from_directory(WEB_DIR, 'Web_Tools.png')
 
-@app.route('/download/<path:filename>')
-
 @app.route('/download/<path:filename>')
 def serve_scraped_file(filename):
     return send_from_directory(SCRAPED_DIR, filename)
 
+# --- CLOUD STORAGE APIs (MEGA.NZ) ---
+
+def _get_node_by_path(path, client=None):
+    if not client:
+        global active_mega_email, mega_sessions
+        if not active_mega_email or active_mega_email not in mega_sessions:
+            return None
+        client = mega_sessions[active_mega_email]['client']
+        
+    if not path or path == '/':
+        files = client.get_files()
+        for k, v in files.items():
+            if v.get('t') == 2: # Root node
+                return k
+        return None
+    else:
+        node = client.find(path)
+        if node:
+            if isinstance(node, tuple):
+                return node[0]
+            elif hasattr(node, '__getitem__'):
+                return node[0]
+        return None
+
+def _get_or_create_node(name, parent_id, client):
+    """Find a folder by name under parent_id, or create it if missing."""
+    files = client.get_files()
+    for k, v in files.items():
+        if v.get('p') == parent_id and v.get('t') == 1 and v.get('a', {}).get('n') == name:
+            return k
+    # Not found, create it
+    new_node = client.create_folder(name, dest=parent_id)
+    # create_folder returns the new dict or node id depending on version
+    if isinstance(new_node, dict):
+        # find it again to be sure
+        files = client.get_files()
+        for k, v in files.items():
+             if v.get('p') == parent_id and v.get('t') == 1 and v.get('a', {}).get('n') == name:
+                return k
+    return new_node
+
+@app.route('/api/cloud/login', methods=['POST'])
+def cloud_login():
+    global mega_sessions, active_mega_email
+    try:
+        data = request.json or {}
+        email = data.get('email', '').strip()
+        password = data.get('password', '').strip()
+        if not email or not password:
+            return jsonify({'success': False, 'error': 'Email and password required'}), 400
+            
+        client = mega_engine.login(email, password)
+        user_info = client.get_user()
+        quota_raw = client.get_quota()
+        # Normalize quota (some versions use total/space_used, others total/used)
+        quota = {
+            'total': quota_raw.get('total', 0) if isinstance(quota_raw, dict) else 0,
+            'used': quota_raw.get('space_used', quota_raw.get('used', 0)) if isinstance(quota_raw, dict) else 0
+        }
+        
+        # Store in sessions
+        mega_sessions[email] = {
+            'client': client,
+            'info': user_info,
+            'quota': quota
+        }
+        active_mega_email = email
+        
+        return jsonify({
+            'success': True, 
+            'message': f'Logged in as {email}',
+            'user': user_info,
+            'quota': quota,
+            'active_email': active_mega_email,
+            'all_accounts': list(mega_sessions.keys())
+        })
+    except Exception as e:
+        error_msg = str(e)
+        if "-9" in error_msg: error_msg = "Invalid email or password"
+        elif "-11" in error_msg: error_msg = "Access denied (Blocked/Banned)"
+        elif "-3" in error_msg: error_msg = "Too many requests, please wait"
+        return jsonify({'success': False, 'error': error_msg}), 401
+
+@app.route('/api/cloud/switch_account', methods=['POST'])
+def cloud_switch_account():
+    global active_mega_email, mega_sessions
+    data = request.json or {}
+    email = data.get('email')
+    if email in mega_sessions:
+        active_mega_email = email
+        return jsonify({'success': True, 'active_email': active_mega_email})
+    return jsonify({'success': False, 'error': 'Account not found'}), 404
+
+@app.route('/api/cloud/check_auth', methods=['GET'])
+def cloud_check_auth():
+    global active_mega_email, mega_sessions
+    accounts = []
+    for email, session in mega_sessions.items():
+        try:
+            # Quick check if still valid
+            quota_raw = session['client'].get_quota()
+            quota = {
+                'total': quota_raw.get('total', 0) if isinstance(quota_raw, dict) else 0,
+                'used': quota_raw.get('space_used', quota_raw.get('used', 0)) if isinstance(quota_raw, dict) else 0
+            }
+            session['quota'] = quota # update quota
+            accounts.append({
+                'email': email,
+                'user': session['info'],
+                'quota': quota
+            })
+        except:
+            # Session might have died
+            pass
+            
+    return jsonify({
+        'success': True, 
+        'authenticated': len(accounts) > 0,
+        'active_email': active_mega_email,
+        'accounts': accounts
+    })
+
+@app.route('/api/cloud/logout', methods=['POST'])
+def cloud_logout():
+    global mega_sessions, active_mega_email
+    data = request.json or {}
+    email = data.get('email', active_mega_email)
+    if email in mega_sessions:
+        del mega_sessions[email]
+        if active_mega_email == email:
+            active_mega_email = list(mega_sessions.keys())[0] if mega_sessions else None
+    return jsonify({'success': True, 'message': 'Logged out', 'active_email': active_mega_email})
+
+@app.route('/api/cloud/files', methods=['GET'])
+def cloud_list_files():
+    global mega_sessions, active_mega_email
+    email = request.args.get('email', active_mega_email)
+    if not email or email not in mega_sessions:
+        return jsonify({'success': False, 'error': 'Not authenticated'}), 401
+        
+    try:
+        client = mega_sessions[email]['client']
+        req_path = request.args.get('path', '').strip('/')
+        parent_id = _get_node_by_path(req_path, client)
+        if not parent_id:
+             return jsonify({'success': False, 'error': 'Directory not found'}), 404
+             
+        files = client.get_files()
+        items = []
+        for k, v in files.items():
+            if v.get('p') == parent_id:
+                items.append({
+                    'name': v.get('a', {}).get('n'),
+                    'is_dir': v.get('t') == 1,
+                    'size': v.get('s', 0),
+                    'modified_at': v.get('ts', 0)
+                })
+                
+        items.sort(key=lambda x: (not x['is_dir'], (x['name'] or '').lower()))
+        return jsonify({'success': True, 'path': req_path, 'items': items})
+    except Exception as e:
+        return jsonify({'success': False, 'error': str(e)}), 500
+
+@app.route('/api/cloud/import_local', methods=['POST'])
+def cloud_import_local():
+    global mega_sessions, active_mega_email
+    try:
+        data = request.json or {}
+        local_path = data.get('path') # relative to SCRAPED_DIR or static/uploads?
+        file_type = data.get('type') # 'image' or 'video'
+        page_title = data.get('title', 'Imported Media').strip() or 'Imported Media'
+        email = data.get('email', active_mega_email)
+        
+        if not email or email not in mega_sessions:
+            return jsonify({'success': False, 'error': 'Cloud login required'}), 401
+            
+        if not local_path:
+            return jsonify({'success': False, 'error': 'No file path provided'}), 400
+
+        # Handle local path check
+        # Usually scraped files are in SCRAPED_DIR
+        # If path starts with /download/ we strip it
+        clean_path = local_path.split('?')[0] # remove cache busters
+        if clean_path.startswith('/download/'):
+            filename = clean_path.replace('/download/', '')
+            disk_path = os.path.join(SCRAPED_DIR, filename)
+        else:
+            # Ad-hoc filenames
+            filename = os.path.basename(clean_path)
+            disk_path = os.path.join(SCRAPED_DIR, filename)
+            
+        if not os.path.exists(disk_path):
+             return jsonify({'success': False, 'error': f'File not found: {filename}'}), 404
+
+        client = mega_sessions[email]['client']
+        
+        # 1. Ensure Root Folder for this Page
+        root_node = _get_node_by_path('', client)
+        page_node = _get_or_create_node(page_title, root_node, client)
+        
+        # 2. Ensure Type Folder (Images / Videos)
+        type_folder_name = "Images" if file_type == 'image' else "Videos"
+        type_node = _get_or_create_node(type_folder_name, page_node, client)
+        
+        # 3. Upload
+        client.upload(disk_path, dest=type_node)
+        
+        return jsonify({'success': True, 'message': f'Saved to {page_title}/{type_folder_name}'})
+    except Exception as e:
+        return jsonify({'success': False, 'error': str(e)}), 500
+
+@app.route('/api/cloud/upload', methods=['POST'])
+def cloud_upload():
+    global mega_sessions, active_mega_email
+    email = request.form.get('email', active_mega_email)
+    if not email or email not in mega_sessions:
+        return jsonify({'success': False, 'error': 'Not authenticated'}), 401
+    try:
+        client = mega_sessions[email]['client']
+        req_path = request.form.get('path', '').strip('/')
+        parent_id = _get_node_by_path(req_path, client)
+        if not parent_id:
+            return jsonify({'success': False, 'error': 'Invalid path'}), 403
+            
+        if 'file' not in request.files:
+            return jsonify({'success': False, 'error': 'No file part'}), 400
+            
+        file = request.files['file']
+        if file.filename == '':
+            return jsonify({'success': False, 'error': 'No selected file'}), 400
+            
+        from werkzeug.utils import secure_filename
+        filename = secure_filename(file.filename)
+        
+        temp_dir = os.path.join(PACKAGE_DIR, 'tmp_mega')
+        os.makedirs(temp_dir, exist_ok=True)
+        temp_path = os.path.join(temp_dir, filename)
+        file.save(temp_path)
+        
+        client.upload(temp_path, parent_id)
+        
+        try: os.remove(temp_path)
+        except: pass
+        
+        return jsonify({'success': True, 'message': 'File uploaded successfully'})
+    except Exception as e:
+        import traceback
+        traceback.print_exc()
+        return jsonify({'success': False, 'error': str(e)}), 500
+
+@app.route('/api/cloud/mkdir', methods=['POST'])
+def cloud_mkdir():
+    global mega_sessions, active_mega_email
+    data = request.json or {}
+    email = data.get('email', active_mega_email)
+    if not email or email not in mega_sessions:
+        return jsonify({'success': False, 'error': 'Not authenticated'}), 401
+    try:
+        client = mega_sessions[email]['client']
+        req_path = data.get('path', '').strip('/')
+        folder_name = data.get('folder_name', '').strip()
+        
+        if not folder_name:
+            return jsonify({'success': False, 'error': 'Folder name required'}), 400
+            
+        parent_id = _get_node_by_path(req_path, client)
+        if not parent_id:
+             return jsonify({'success': False, 'error': 'Invalid path'}), 403
+             
+        client.create_folder(folder_name, parent_id)
+        return jsonify({'success': True, 'message': 'Folder created'})
+    except Exception as e:
+        import traceback
+        traceback.print_exc()
+        return jsonify({'success': False, 'error': str(e)}), 500
+
+@app.route('/api/cloud/delete', methods=['DELETE'])
+def cloud_delete():
+    global mega_sessions, active_mega_email
+    data = request.json or {}
+    email = data.get('email', active_mega_email)
+    if not email or email not in mega_sessions:
+        return jsonify({'success': False, 'error': 'Not authenticated'}), 401
+    try:
+        client = mega_sessions[email]['client']
+        req_path = data.get('path', '').strip('/')
+        item_name = data.get('item_name', '').strip()
+        
+        target_path = f"{req_path}/{item_name}".strip('/')
+        node_id = _get_node_by_path(target_path, client)
+        
+        if not node_id:
+             return jsonify({'success': False, 'error': 'Item not found'}), 404
+             
+        client.destroy(node_id)
+        return jsonify({'success': True, 'message': 'Item deleted'})
+    except Exception as e:
+        return jsonify({'success': False, 'error': str(e)}), 500
+
+@app.route('/api/cloud/download/<path:filepath>')
+def cloud_download(filepath):
+    global mega_sessions, active_mega_email
+    email = request.args.get('email', active_mega_email)
+    if not email or email not in mega_sessions:
+        return "Not authenticated", 401
+    try:
+        client = mega_sessions[email]['client']
+        node_id = _get_node_by_path(filepath, client)
+        if not node_id:
+            return "File not found", 404
+            
+        # Download to local temp folder, then serve it
+        temp_dir = os.path.join(PACKAGE_DIR, 'tmp_mega_dl')
+        os.makedirs(temp_dir, exist_ok=True)
+        # find node object first
+        files = client.get_files()
+        node = {node_id: files[node_id]}
+        downloaded_path = client.download(node, temp_dir)
+        
+        @after_this_request
+        def remove_file(response):
+            try: os.remove(downloaded_path)
+            except: pass
+            return response
+            
+        return send_file(downloaded_path, as_attachment=True)
+    except Exception as e:
+        return str(e), 500
+
 def _run_playwright_scrape(url):
     """Internal: Actually run the Playwright scrape"""
     with sync_playwright() as p: