const DC={NAME:"DashCaddy",POLL:{DASHBOARD:1e4,LOGS:3e3,STATS:5e3,WEATHER:6e5,HEALTH:1e3,DEPLOY_SSL:5e3},DELAYS:{BTN_RESET:2e3,RELOAD:5e3,MODAL_CLOSE:500,PORT_CHECK:500,DEPLOY_INIT:3e3},DEFAULTS:{DNS_PORT:"5380",SERVICE_PORT:"8080",TTL:300,CADDYFILE:"C:\\caddy\\Caddyfile"}},_cachedCfg=JSON.parse(localStorage.getItem("dashcaddy_site_config")||"null"),SITE={tld:_cachedCfg&&_cachedCfg.tld||".home",dnsIp:"",dnsPort:DC.DEFAULTS.DNS_PORT,dnsServers:{},configurationType:_cachedCfg&&_cachedCfg.configurationType||"homelab",domain:_cachedCfg&&_cachedCfg.domain||"",defaults:_cachedCfg&&_cachedCfg.defaults||{},routingMode:_cachedCfg&&_cachedCfg.routingMode||"subdomain",onboardingCompleted:!1};window.__dashcaddySiteConfigLoaded=(async function(){try{const v=await fetch("/api/v1/config");if(v.ok){const y=await v.json();if(y.tld&&(SITE.tld=y.tld.startsWith(".")?y.tld:"."+y.tld),y.dns&&(SITE.dnsIp=y.dns.ip||"",SITE.dnsPort=y.dns.port||DC.DEFAULTS.DNS_PORT),y.dnsServers&&typeof y.dnsServers=="object")for(const[h,r]of Object.entries(y.dnsServers))h!=="__proto__"&&h!=="constructor"&&h!=="prototype"&&(SITE.dnsServers[h]=r);y.configurationType&&(SITE.configurationType=y.configurationType),y.domain&&(SITE.domain=y.domain),y.defaults&&(SITE.defaults=y.defaults),y.routingMode&&(SITE.routingMode=y.routingMode),SITE.onboardingCompleted=y.onboardingCompleted===!0,localStorage.setItem("dashcaddy_site_config",JSON.stringify({tld:SITE.tld,configurationType:SITE.configurationType,domain:SITE.domain,routingMode:SITE.routingMode})),renderDnsCards();const k=document.getElementById("manage-tokens");k&&(k.style.display=Object.keys(SITE.dnsServers).length?"":"none")}}catch{}document.querySelectorAll("[data-tld]").forEach(v=>v.textContent=SITE.tld);const i=document.getElementById("edit-tld-suffix");i&&(i.textContent=SITE.tld);const g=document.getElementById("external-proxy-ip");g&&SITE.dnsIp&&(g.value=SITE.dnsIp,g.placeholder=SITE.dnsIp)})();function buildDomain(o){return o+SITE.tld}function buildServiceUrl(o){return SITE.routingMode==="subdirectory"&&SITE.domain?"https://"+SITE.domain+"/"+o:SITE.configurationType==="public"&&SITE.domain?"https://"+o+"."+SITE.domain:"https://"+buildDomain(o)}function getDnsServerAddr(o){const i=SITE.dnsServers[o];return i?`${i.ip}:${i.port}`:buildDomain(o)}function getPrimaryDnsId(){if(!SITE.dnsIp)return null;for(const[o,i]of Object.entries(SITE.dnsServers))if(i.ip===SITE.dnsIp)return o;return null}function renderDnsCards(){const o=document.querySelector(".top");if(!o)return;const i=Object.keys(SITE.dnsServers);if(!i.length)return;const g='<svg viewBox="0 0 24 24" class="service-icon"><rect x="3" y="4" width="18" height="16" rx="2" fill="#34495e"/><rect x="5" y="6" width="14" height="2" rx="1" fill="#3498db"/><rect x="5" y="9" width="10" height="1" fill="#ecf0f1"/><rect x="5" y="11" width="12" height="1" fill="#ecf0f1"/><rect x="5" y="13" width="8" height="1" fill="#ecf0f1"/><rect x="5" y="15" width="14" height="1" fill="#ecf0f1"/><circle cx="17" cy="11" r="2" fill="#e74c3c"/><path d="M17 9v4M15 11h4" stroke="white" stroke-width="1"/></svg>',v=o.firstElementChild;i.forEach(y=>{const k=escapeHtml(y),h=escapeHtml((SITE.dnsServers[y].name||y).toUpperCase()),r=document.createElement("div");r.className="card",r.setAttribute("data-app",y),r.setAttribute("data-status","off"),r.innerHTML=`<span id="${k}-dot" class="dot bad at-bl"></span><div class="row"><div class="logo-wrap">${g}</div><span class="name">${h}</span><span class="spacer"></span><span id="${k}-pill" class="badge off">OFF</span></div><div class="response-row"><span id="${k}-time" class="response-time">--</span></div><div class="health-row" id="health-${k}"><span id="uptime-${k}" class="uptime-chip">--</span><div class="uptime-mini-bar"><div class="fill" id="uptime-bar-${k}" style="width: 0%"></div></div></div><div class="btn-row"><button id="${k}-restart" class="restart-btn">Restart</button><button id="${k}-update" class="update-btn" title="Update DNS server">\u2B06\uFE0F</button><button id="${k}-open">Open</button><button id="${k}-logs" class="logs-btn">Logs</button><button id="${k}-settings" class="settings-btn">\u2699\uFE0F</button></div>`,o.insertBefore(r,v)})}window.renderDnsCards=renderDnsCards;let csrfToken=null;async function getCSRFToken(){if(csrfToken)return csrfToken;try{const o=await fetch("/api/v1/csrf-token");if(!o.ok)throw new Error("Failed to fetch CSRF token");return csrfToken=(await o.json()).token,csrfToken}catch(o){throw console.error("Failed to get CSRF token:",o),o}}async function secureFetch(o,i={}){const g=(i.method||"GET").toUpperCase(),v=!["GET","HEAD","OPTIONS"].includes(g);if(v)try{const k=await getCSRFToken();i.headers={...i.headers,"X-CSRF-Token":k}}catch(k){console.error("Failed to add CSRF token to request:",k)}i.signal||(i={...i,signal:AbortSignal.timeout(15e3)});const y=await fetch(o,i);if(v&&y.status===403)try{const k=await y.clone().json();if(k.error&&(k.error.includes("DC-100")||k.error.includes("DC-101"))){csrfToken=null;const h=await getCSRFToken();return i.headers={...i.headers,"X-CSRF-Token":h},i.signal=AbortSignal.timeout(15e3),fetch(o,i)}}catch{}return y}async function postJSON(o,i){const g=await secureFetch(o,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(i)}),v=await g.json();if(!g.ok||v.success===!1)throw new Error(v.error||`Request failed (${g.status})`);return v}async function getJSON(o){const i=await secureFetch(o);if(!i.ok){let g=`Request failed (${i.status})`;try{g=(await i.json()).error||g}catch{}throw new Error(g)}return i.json()}async function deleteAPI(o){const i=await secureFetch(o,{method:"DELETE"}),g=await i.json();if(!i.ok||g.success===!1)throw new Error(g.error||`Delete failed (${i.status})`);return g}async function withButton(o,i,g,v={}){const y=o.innerHTML,{successText:k="\u2705",resetDelay:h=DC.DELAYS.BTN_RESET}=v;o.disabled=!0,o.innerHTML=i;try{const r=await g();return o.innerHTML=k,setTimeout(()=>{o.innerHTML=y,o.disabled=!1},h),r}catch(r){throw o.innerHTML=y,o.disabled=!1,r}}function openModal(o){document.getElementById(o)?.classList.add("show")}function closeModal(o){document.getElementById(o)?.classList.remove("show")}function wireModal(o,...i){o&&(o.addEventListener("click",g=>{g.target===o&&o.classList.remove("show")}),i.forEach(g=>g?.addEventListener("click",()=>o.classList.remove("show"))))}function showNotification(o,i="info",g=3e3){const v=document.querySelector(".deploy-notification");v&&v.remove();const y={info:{bg:"#2196F3",fg:"#fff"},success:{bg:"var(--ok-bg)",fg:"var(--ok-fg)"},error:{bg:"#f44336",fg:"#fff"},warning:{bg:"#ff9800",fg:"#fff"}},k=y[i]||y.info,h=document.createElement("div");h.className="deploy-notification",h.textContent=o,h.style.cssText=`
    position: fixed; top: 20px; right: 20px;
    background: ${k.bg}; color: ${k.fg};
    padding: 16px 24px; border-radius: 8px;
    box-shadow: 0 4px 12px rgba(0,0,0,.3);
    z-index: 10000; animation: slideIn 0.3s ease-out;
    max-width: 400px; white-space: pre-line; font-size: 14px;
  `,document.body.appendChild(h),g>0&&setTimeout(()=>h.remove(),g)}function timeAgo(o){const i=Date.now()-new Date(o).getTime();return i<6e4?"just now":i<36e5?Math.floor(i/6e4)+"m ago":i<864e5?Math.floor(i/36e5)+"h ago":Math.floor(i/864e5)+"d ago"}function safeGet(o,i=null){try{const g=localStorage.getItem(o);return g!==null?g:i}catch{return i}}function safeSet(o,i){try{localStorage.setItem(o,i)}catch{}}function safeRemove(o){try{localStorage.removeItem(o)}catch{}}function safeSessionGet(o,i=null){try{const g=sessionStorage.getItem(o);return g!==null?g:i}catch{return i}}function safeSessionSet(o,i){try{sessionStorage.setItem(o,i)}catch{}}function safeGetJSON(o,i=null){try{const g=localStorage.getItem(o);return g?JSON.parse(g):i}catch{return i}}function escapeHtml(o){return String(o??"").replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function injectModal(o,i){document.getElementById(o)||document.body.insertAdjacentHTML("beforeend",i)}const DC_BUS={_handlers:{},on(o,i){var g;((g=this._handlers)[o]||(g[o]=[])).push(i)},off(o,i){this._handlers[o]=this._handlers[o]?.filter(g=>g!==i)},emit(o,i){this._handlers[o]?.forEach(g=>g(i))}},AppState={_apps:[],getApps(){return this._apps},setApps(o){this._apps=o,window.APPS=o,DC_BUS.emit("apps:changed",o)},findApp(o){return this._apps.find(i=>i.id===o)},addApp(o){this._apps.push(o),window.APPS=this._apps,DC_BUS.emit("apps:changed",this._apps)},removeApp(o){const i=this._apps.findIndex(g=>g.id===o);return i>-1&&(this._apps.splice(i,1),window.APPS=this._apps,DC_BUS.emit("apps:changed",this._apps)),i>-1},updateApp(o,i){const g=this._apps.find(v=>v.id===o);if(g){for(const[v,y]of Object.entries(i))v!=="__proto__"&&v!=="constructor"&&v!=="prototype"&&(g[v]=y);DC_BUS.emit("apps:changed",this._apps)}return g}};(function(){function o(){const v=document.createElement("div");return v.className="skeleton-card",v.innerHTML='<div style="display:flex;align-items:center;gap:12px;margin-bottom:12px"><div class="skeleton-bar" style="width:48px;height:48px;border-radius:8px;flex-shrink:0"></div><div style="flex:1"><div class="skeleton-bar" style="width:60%;height:14px;margin-bottom:6px"></div><div class="skeleton-bar" style="width:35%;height:10px"></div></div><div class="skeleton-bar" style="width:42px;height:22px;border-radius:11px"></div></div><div class="skeleton-bar" style="width:45%;height:12px;margin-bottom:10px"></div><div style="display:flex;gap:8px;margin-top:auto"><div class="skeleton-bar" style="width:64px;height:28px;border-radius:8px"></div><div class="skeleton-bar" style="width:64px;height:28px;border-radius:8px"></div></div>',v}function i(v){const y=document.getElementById("cards");if(!(!y||y.querySelector(".card"))){v=v||6;for(let k=0;k<v;k++){const h=o();y.appendChild(h),setTimeout(function(){h.classList.add("loaded")},k*60)}}}function g(){const v=document.getElementById("cards");if(v){var y=v.querySelectorAll(".skeleton-card");y.length&&(y.forEach(function(k,h){setTimeout(function(){k.style.opacity="0",k.style.transform="translateY(-10px)"},h*25)}),setTimeout(function(){y.forEach(function(k){k.parentNode&&k.remove()})},y.length*25+300))}}window.SkeletonLoader={show:i,hide:g}})(),(function(){var o="theme",i="user-themes",g="custom-theme",v=["dark","light","blue","black","nord","dracula","solarized-dark","solarized-light","taxi","ocean"],y=v.slice(),k=["bg","fg","muted","fg-muted","card-base","card-bg","border","hover","card-hover","base","ok-bg","ok-fg","bad-bg","bad-fg","dot-ok","dot-bad","uptime","success","error","warning","accent","accent-strong"],h=["bg","fg","muted","card-base","card-bg","border","ok-bg","ok-fg","bad-bg","bad-fg","dot-ok","dot-bad","uptime","accent","accent-strong"],r=["fg-muted","hover","card-hover","base","success","error","warning"],E={dark:{bg:"#0b0f1a",fg:"#e8ecf5",muted:"#9aa6bf","fg-muted":"#6b7a94","card-base":"#121826","card-bg":"#121826",border:"#263552",hover:"#1a2235","card-hover":"#161e2e",base:"#151c2b","ok-bg":"#0c2430","ok-fg":"#7ef2ff","bad-bg":"#2a121a","bad-fg":"#ff9aa3","dot-ok":"#35d1ff","dot-bad":"#ff5f7a",uptime:"#35d1ff",success:"#4caf50",error:"#e74c3c",warning:"#f39c12",accent:"#8FD6FF","accent-strong":"#1F7BFF"},light:{bg:"#f6f7fb",fg:"#0f1115",muted:"#5f6b7a","fg-muted":"#8993a4","card-base":"#ffffff","card-bg":"#ffffff",border:"#e2e7ef",hover:"#eef1f6","card-hover":"#f5f6fa",base:"#ebeef3","ok-bg":"#eafff1","ok-fg":"#0a7c3a","bad-bg":"#ffefef","bad-fg":"#b00020","dot-ok":"#0fb15a","dot-bad":"#d93b3b",uptime:"#0fb15a",success:"#0a7c3a",error:"#b00020",warning:"#d68a00",accent:"#4a90d9","accent-strong":"#2563eb",lightBg:!0},blue:{bg:"#1908AC",fg:"#e8f1ff",muted:"#d6e2ff","fg-muted":"#9eafdb","card-base":"#0d1533","card-bg":"#0d1533",border:"#1c2d6a",hover:"#141f4a","card-hover":"#111a3e",base:"#0f1840","ok-bg":"#162040","ok-fg":"#edffff","bad-bg":"#0a0e24","bad-fg":"#ffb3c0","dot-ok":"#c7e5ff","dot-bad":"#ffd6dc",uptime:"#7ec8ff",success:"#7ec8ff",error:"#ffb3c0",warning:"#ffd080",accent:"#9cd4ff","accent-strong":"#6fb2ff"},black:{bg:"#0e0e0e",fg:"#f5f5f5",muted:"#999999","fg-muted":"#666666","card-base":"#1a1a1a","card-bg":"#1a1a1a",border:"#2e2e2e",hover:"#242424","card-hover":"#202020",base:"#161616","ok-bg":"#0f2a12","ok-fg":"#66ff7a","bad-bg":"#2a0f0f","bad-fg":"#ff6b6b","dot-ok":"#4caf50","dot-bad":"#ff4444",uptime:"#e0e0e0",success:"#4caf50",error:"#ff4444",warning:"#ff9800",accent:"#E63946","accent-strong":"#C62828"},nord:{bg:"#2e3440",fg:"#eceff4",muted:"#81a1c1","fg-muted":"#6882a0","card-base":"#3b4252","card-bg":"#3b4252",border:"#4c566a",hover:"#434c5e","card-hover":"#3f4858",base:"#353c4a","ok-bg":"#2d4f3e","ok-fg":"#a3be8c","bad-bg":"#4a2c2a","bad-fg":"#bf616a","dot-ok":"#a3be8c","dot-bad":"#bf616a",uptime:"#a3be8c",success:"#a3be8c",error:"#bf616a",warning:"#ebcb8b",accent:"#88c0d0","accent-strong":"#5e81ac"},dracula:{bg:"#282a36",fg:"#f8f8f2",muted:"#6272a4","fg-muted":"#515d85","card-base":"#44475a","card-bg":"#44475a",border:"#6272a4",hover:"#4e5170","card-hover":"#494c63",base:"#363848","ok-bg":"#1e3a2e","ok-fg":"#50fa7b","bad-bg":"#3d1a1a","bad-fg":"#ff5555","dot-ok":"#50fa7b","dot-bad":"#ff5555",uptime:"#50fa7b",success:"#50fa7b",error:"#ff5555",warning:"#f1fa8c",accent:"#bd93f9","accent-strong":"#8be9fd"},"solarized-dark":{bg:"#002b36",fg:"#839496",muted:"#586e75","fg-muted":"#4a5f65","card-base":"#073642","card-bg":"#073642",border:"#586e75",hover:"#0d4050","card-hover":"#0a3a48",base:"#053340","ok-bg":"#0d3d2c","ok-fg":"#859900","bad-bg":"#3d1a1a","bad-fg":"#dc322f","dot-ok":"#859900","dot-bad":"#dc322f",uptime:"#b5bd68",success:"#859900",error:"#dc322f",warning:"#b58900",accent:"#268bd2","accent-strong":"#2aa198"},"solarized-light":{bg:"#fdf6e3",fg:"#657b83",muted:"#93a1a1","fg-muted":"#adb8b8","card-base":"#eee8d5","card-bg":"#eee8d5",border:"#93a1a1",hover:"#e6dfcb","card-hover":"#eae3cf",base:"#e8e1cd","ok-bg":"#e8f5e8","ok-fg":"#859900","bad-bg":"#fdf2f2","bad-fg":"#dc322f","dot-ok":"#859900","dot-bad":"#dc322f",uptime:"#859900",success:"#859900",error:"#dc322f",warning:"#b58900",accent:"#268bd2","accent-strong":"#2aa198",lightBg:!0},taxi:{bg:"#f3d321",fg:"#0e0e00",muted:"#4a4a10","fg-muted":"#6b6b30","card-base":"#ffd700","card-bg":"#ffd700",border:"#b8a840",hover:"#ffe84d","card-hover":"#ffe033",base:"#f0d000","ok-bg":"#d4ffd9","ok-fg":"#0f2a0f","bad-bg":"#ffd4d4","bad-fg":"#2a0f0f","dot-ok":"#4caf50","dot-bad":"#ff4444",uptime:"#0e0e00",success:"#2e7d32",error:"#c62828",warning:"#e65100",accent:"#7a4a00","accent-strong":"#5c3800",lightBg:!0},ocean:{bg:"#2060b0",fg:"#faf5eb",muted:"#dcd2c0","fg-muted":"#b0a890","card-base":"#7a94ed","card-bg":"#7a94ed",border:"#deb67a",hover:"#8aa0f0","card-hover":"#8298e8",base:"#6888e0","ok-bg":"#4f5bb0","ok-fg":"#c7d7eb","bad-bg":"#f41a3a","bad-fg":"#6a1818","dot-ok":"#30a050","dot-bad":"#d04040",uptime:"#2d32f2",success:"#30a050",error:"#d04040",warning:"#e6a030",accent:"#1860a0","accent-strong":"#104080"}};function t(w){return!w||typeof w!="string"?{r:0,g:0,b:0}:(w=w.replace("#",""),w.length===3&&(w=w[0]+w[0]+w[1]+w[1]+w[2]+w[2]),{r:parseInt(w.substr(0,2),16)||0,g:parseInt(w.substr(2,2),16)||0,b:parseInt(w.substr(4,2),16)||0})}function d(w,T,$){return"#"+[w,T,$].map(function(b){var m=Math.max(0,Math.min(255,Math.round(b))).toString(16);return m.length===1?"0"+m:m}).join("")}function c(w,T,$){var b=t(w),m=t(T);return d(b.r+(m.r-b.r)*$,b.g+(m.g-b.g)*$,b.b+(m.b-b.b)*$)}function f(w){w=w.replace("#",""),w.length===3&&(w=w[0]+w[0]+w[1]+w[1]+w[2]+w[2]);var T=parseInt(w.substr(0,2),16)/255,$=parseInt(w.substr(2,2),16)/255,b=parseInt(w.substr(4,2),16)/255;return T=T<=.03928?T/12.92:Math.pow((T+.055)/1.055,2.4),$=$<=.03928?$/12.92:Math.pow(($+.055)/1.055,2.4),b=b<=.03928?b/12.92:Math.pow((b+.055)/1.055,2.4),.2126*T+.7152*$+.0722*b}function e(w){var T=w.bg||"#0b0f1a",$=w.fg||"#e8ecf5",b=w.muted||"#9aa6bf",m=w["card-base"]||w.bg||"#121826",S=w["dot-ok"]||"#4caf50",x=w["dot-bad"]||"#e74c3c",C=w.lightBg||T&&f(T)>.4,P={};return P.hover=C?c(m,T,.35):c(m,$,.08),P["card-hover"]=c(m,P.hover,.5),P.base=c(T,m,.6),P["fg-muted"]=c(b,T,.35),P.success=S,P.error=x,P.warning=C?"#d68a00":"#f39c12",P}function a(w,T){var $=T.lightBg||T.bg&&f(T.bg)>.4,b=T.accent||T["accent-strong"]||"#888888",m=t(b);return $?":root."+w+` body {
  background:
    radial-gradient(1200px 800px at 10% -10%, rgba(`+m.r+","+m.g+","+m.b+`, .08), transparent 60%),
    radial-gradient(1000px 700px at 110% 10%, rgba(`+m.r+","+m.g+","+m.b+`, .05), transparent 55%),
    var(--bg);
}
`:":root."+w+` body {
  background:
    radial-gradient(1200px 900px at 8% -12%, rgba(`+m.r+","+m.g+","+m.b+`, .10), transparent 60%),
    radial-gradient(1000px 700px at 110% -10%, rgba(`+m.r+","+m.g+","+m.b+`, .07), transparent 55%),
    var(--bg);
}
`}function u(w,T){var $=T.lightBg||T.bg&&f(T.bg)>.4;return $?":root."+w+` button:hover {
  background: color-mix(in srgb, var(--accent-strong) 12%, white 88%);
  border-color: rgba(0, 0, 0, .15);
  box-shadow: 0 1px 6px rgba(0, 0, 0, .08), inset 0 1px 0 rgba(255, 255, 255, .8);
}
`:":root."+w+` button:hover {
  background: color-mix(in srgb, var(--accent) 18%, transparent);
  border-color: color-mix(in srgb, var(--accent) 35%, var(--border));
}
`}function n(){return window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light"}function l(){k.forEach(function(w){document.documentElement.style.removeProperty("--"+w)})}function p(w,T){var $=w.toLowerCase().replace(/[^a-z0-9]+/g,"-").replace(/^-|-$/g,"");$||($="custom"),v.indexOf($)!==-1&&($=$+"-custom");for(var b=safeGetJSON(i,{}),m=$,S=2;b[$]&&$!==T;)$=m+"-"+S++;return $}function s(w){var T=document.getElementById("user-theme-styles");T&&T.remove(),y.length=v.length,Object.keys(E).forEach(function(x){v.indexOf(x)===-1&&delete E[x]});var $=w||safeGetJSON(i,{}),b=Object.keys($);if(b=b.filter(function(x){return v.indexOf(x)===-1}),!!b.length){var m="";b.forEach(function(x){var C=$[x];y.indexOf(x)===-1&&y.push(x);var P={};k.forEach(function(D){C[D]&&(P[D]=C[D])}),P["card-bg"]=C["card-base"]||C.bg,C.lightBg&&(P.lightBg=!0);var O=e(P);r.forEach(function(D){!P[D]&&O[D]&&(P[D]=O[D])}),E[x]=P,m+=":root."+x+` {
`,k.forEach(function(D){P[D]&&(m+="  --"+D+": "+P[D]+`;
`)}),m+=`}
`,m+=a(x,P),m+=u(x,P)});var S=document.createElement("style");S.id="user-theme-styles",S.textContent=m,document.head.appendChild(S)}}function I(){secureFetch("/api/v1/themes").then(function(w){return w.json()}).then(function(w){if(!(!w.success||!w.themes)){var T=w.themes,$=safeGetJSON(i,{});if(JSON.stringify(T)!==JSON.stringify($)){safeSet(i,JSON.stringify(T)),s(T);var b=safeGet(o);b&&y.indexOf(b)!==-1&&L(b)}}}).catch(function(){})}function B(){var w=safeGetJSON(g);if(w){var T=w.name||"Custom",$=p(T),b={name:T};k.forEach(function(x){w[x]&&(b[x]=w[x])});var m=safeGetJSON(i,{});m[$]=b,safeSet(i,JSON.stringify(m)),safeGet(o)==="custom"&&safeSet(o,$),safeRemove(g);var S={};k.forEach(function(x){b[x]&&(S[x]=b[x])}),fetch("/api/v1/themes/"+$,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({name:T,colors:S})}).catch(function(){})}}function L(w){document.documentElement.classList.add("theme-transitioning"),y.forEach(function(m){m!=="dark"&&document.documentElement.classList.remove(m)}),l(),w!=="dark"&&document.documentElement.classList.add(w),safeSet(o,w);var T=E[w],$=document.querySelector('meta[name="theme-color"]');$&&T&&$.setAttribute("content",T.bg);var b=T&&T.lightBg;!b&&T&&T.bg&&(b=f(T.bg)>.4),b?document.documentElement.classList.add("light-bg"):document.documentElement.classList.remove("light-bg"),setTimeout(function(){document.documentElement.classList.remove("theme-transitioning")},300)}B(),s();var A=safeGet(o);A==="red"&&(A="black",safeSet(o,"black")),A&&A!=="dark"&&y.indexOf(A)===-1&&(A=null),L(A||n()),I(),window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change",function(w){safeGet(o)||L(w.matches?"dark":"light")}),window.THEMES=y,window.BUILTIN_THEMES=v,window.THEME_COLORS=E,window.THEME_PROPS=k,window.BASE_PROPS=h,window.DERIVED_PROPS=r,window.USER_THEMES_KEY=i,window.applyTheme=L,window.clearCustomProperties=l,window.injectUserThemeStyles=s,window.syncThemesFromServer=I,window.slugifyThemeName=p,window.getActiveTheme=function(){return safeGet(o)||n()},window.deriveExtendedColors=e,window.hexToRgb=t,window.rgbToHex=d,window.blendColors=c})(),(function(){function o(){const h=document.querySelector(".totp-card");if(!h)return;const E=getComputedStyle(h).backgroundColor.match(/\d+/g);if(!E)return;const t=(.299*+E[0]+.587*+E[1]+.114*+E[2])/255,d=h.querySelector(".totp-logo-dark"),c=h.querySelector(".totp-logo-light");d&&(d.style.display=t>.5?"none":""),c&&(c.style.display=t>.5?"":"none")}function i(){const h=document.getElementById("totp-overlay");if(h){h.classList.add("show"),setTimeout(o,50);const r=h.querySelector(".totp-digits input");r&&setTimeout(()=>r.focus(),100)}}function g(){const h=document.getElementById("totp-overlay");h&&h.classList.remove("show")}const v=document.getElementById("totp-digits");if(v){const h=v.querySelectorAll("input");h.forEach((r,E)=>{r.addEventListener("input",t=>{const d=t.target.value.replace(/\D/g,"");t.target.value=d.slice(0,1),d&&E<h.length-1&&h[E+1].focus();const c=Array.from(h).map(f=>f.value).join("");c.length===6&&y(c)}),r.addEventListener("keydown",t=>{t.key==="Backspace"&&!t.target.value&&E>0&&(h[E-1].focus(),h[E-1].value="")}),r.addEventListener("paste",t=>{t.preventDefault();const d=(t.clipboardData.getData("text")||"").replace(/\D/g,"");d.length>=6&&(h.forEach((c,f)=>{c.value=d[f]||""}),h[5].focus(),y(d.slice(0,6)))})})}async function y(h){const r=document.getElementById("totp-error");r.textContent="Verifying...",r.className="totp-error verifying";try{const t=await(await secureFetch("/api/v1/totp/verify",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code:h})})).json();if(t.success){r.textContent="",t.csrfToken&&(csrfToken=t.csrfToken),g();const d=safeSessionGet("totp_redirect");if(d){try{sessionStorage.removeItem("totp_redirect")}catch{}window.location.href=d;return}typeof window.initializeDashboard=="function"&&window.initializeDashboard()}else{r.textContent=t.error||"Invalid code",r.className="totp-error";const d=document.querySelectorAll("#totp-digits input");d.forEach(c=>{c.value=""}),d[0]?.focus()}}catch{r.textContent="Connection error",r.className="totp-error"}}const k=new URLSearchParams(window.location.search);if(k.get("auth")==="required"){const h=k.get("return");if(h)try{const r=new URL(h,window.location.origin),E=r.hostname,t=r.origin===window.location.origin,d=SITE.tld.startsWith(".")?SITE.tld:"."+SITE.tld,c=E.endsWith(d)||E===d.substring(1);(t||c)&&safeSessionSet("totp_redirect",h)}catch{}window.history.replaceState({},"",window.location.pathname)}window._showTotpOverlay=i})(),(function(){injectModal("folder-browser-modal",`<div id="folder-browser-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 500px; max-width: 700px; max-height: 80vh;">
      <h3>\u{1F4C2} Browse for Media Folders</h3>

      <div id="folder-browser-path" style="padding: 10px; background: var(--card-bg); border-radius: 6px; margin-bottom: 12px; font-family: monospace; font-size: 0.9rem; word-break: break-all;">
        /
      </div>

      <div id="folder-browser-list" style="max-height: 400px; overflow-y: auto; border: 1px solid var(--border); border-radius: 6px;">
        <div style="padding: 20px; text-align: center; color: var(--muted);">Loading...</div>
      </div>

      <div id="folder-browser-selected" style="margin-top: 12px; padding: 10px; background: color-mix(in srgb, var(--success) 10%, transparent); border: 1px solid var(--success); border-radius: 6px; display: none;">
        <div style="font-size: 0.85rem; color: var(--success); margin-bottom: 6px;">Selected folders:</div>
        <div id="folder-browser-selected-list" style="display: flex; flex-wrap: wrap; gap: 6px;"></div>
      </div>

      <div class="weather-modal-buttons" style="margin-top: 16px; display: flex; gap: 8px; justify-content: space-between;">
        <button id="folder-browser-select-current" class="btn-accent">
          + Add Current Folder
        </button>
        <div class="flex-row-gap">
          <button id="folder-browser-cancel">Cancel</button>
          <button id="folder-browser-done" style="background: color-mix(in srgb, var(--success) 20%, transparent); border-color: var(--success); color: var(--success);">Done</button>
        </div>
      </div>
    </div>
  </div>`),injectModal("service-creds-modal",`<div id="service-creds-modal">
    <div class="service-creds-content">
      <h3 id="svc-creds-title" style="margin: 0 0 4px; font-size: 1.05rem;">Service Credentials</h3>
      <p id="svc-creds-desc" style="font-size: 0.75rem; color: var(--muted); margin: 0 0 14px;">Credentials are injected automatically when accessing this service.</p>

      <!-- Status indicator -->
      <div style="display: flex; align-items: center; gap: 6px; margin-bottom: 12px;">
        <span id="svc-creds-dot" class="status-dot"></span>
        <span id="svc-creds-status" class="text-muted-sm">No credentials stored</span>
      </div>

      <!-- Seedhost credentials (shown for external services) -->
      <div id="svc-creds-seedhost" style="display: none; margin-bottom: 14px;">
        <label class="label-bold">Seedhost Login</label>
        <p class="hint-micro">Username shared across all services. Password is per-service.</p>
        <input type="text" id="svc-seedhost-user" placeholder="Username (shared)" autocomplete="username"
               style="width: 100%; padding: 8px 10px; margin-bottom: 6px; background: var(--bg); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; font-size: 0.85rem; box-sizing: border-box;" />
        <input type="password" id="svc-seedhost-pass" placeholder="Password" autocomplete="current-password"
               class="input-creds" />
      </div>

      <!-- API Key (shown for arr services or services with API key support) -->
      <div id="svc-creds-apikey" style="display: none; margin-bottom: 14px;">
        <label class="label-bold">API Key</label>
        <p class="hint-micro">Bypasses the app's own login screen</p>
        <input type="text" id="svc-apikey-input" placeholder="API key"
               style="width: 100%; padding: 8px 10px; background: var(--bg); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; font-size: 0.85rem; font-family: monospace; box-sizing: border-box;" />
      </div>

      <!-- Quality Profile (shown for radarr/sonarr only) -->
      <div id="svc-creds-quality" style="display: none; margin-bottom: 14px;">
        <label class="label-bold">Quality Profile</label>
        <p class="hint-micro">Used when requesting via Seerr</p>
        <div style="display: flex; gap: 8px; align-items: center;">
          <select id="svc-quality-select"
                  style="flex: 1; padding: 8px 10px; background: var(--bg); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; font-size: 0.85rem; box-sizing: border-box;">
            <option value="">-- Enter API key first --</option>
          </select>
          <button id="svc-quality-fetch" type="button"
                  style="padding: 8px 12px; font-size: 0.75rem; cursor: pointer; white-space: nowrap;">
            Fetch
          </button>
        </div>
        <div id="svc-quality-status" style="font-size: 0.75rem; margin-top: 4px; min-height: 1em;"></div>
      </div>

      <!-- Per-service Basic Auth (shown for non-external services) -->
      <div id="svc-creds-basic" style="display: none; margin-bottom: 14px;">
        <label class="label-bold">Service Login</label>
        <input type="text" id="svc-basic-user" placeholder="Username" autocomplete="username"
               style="width: 100%; padding: 8px 10px; margin-top: 6px; margin-bottom: 6px; background: var(--bg); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; font-size: 0.85rem; box-sizing: border-box;" />
        <input type="password" id="svc-basic-pass" placeholder="Password" autocomplete="current-password"
               class="input-creds" />
      </div>

      <!-- Error message -->
      <div id="svc-creds-error" style="display: none; padding: 8px 10px; margin-bottom: 10px; background: color-mix(in srgb, var(--error, #c62828) 12%, transparent); border: 1px solid var(--error, #c62828); border-radius: 6px; font-size: 0.8rem; color: var(--error, #c62828);"></div>

      <!-- Buttons -->
      <div style="display: flex; gap: 8px; margin-top: 14px;">
        <button id="svc-creds-save" class="btn-accent-solid" style="flex: 1; padding: 9px; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; font-size: 0.85rem;">
          Save
        </button>
        <button id="svc-creds-clear" style="padding: 9px 14px; background: transparent; color: var(--bad-fg, #ff9aa3); border: 1px solid var(--bad-fg, #ff9aa3); border-radius: 6px; cursor: pointer; font-size: 0.85rem; display: none;">
          Clear
        </button>
        <button id="svc-creds-close" style="padding: 9px 16px; background: var(--card-base); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; font-size: 0.85rem;">
          Cancel
        </button>
      </div>
    </div>
  </div>`);const o=document.getElementById("service-creds-modal");let i=null;const g=["sonarr","radarr","prowlarr","overseerr"],v=["sonarr","radarr"];function y(t){return t.externalUrl||t.url||""}function k(t){const d=document.getElementById("svc-creds-error");d.textContent=t,d.style.display=""}function h(){const t=document.getElementById("svc-creds-error");t.textContent="",t.style.display="none"}window.openServiceCredsModal=async function(t){i=t,h();const d=document.getElementById("svc-creds-title"),c=document.getElementById("svc-creds-desc"),f=document.getElementById("svc-creds-seedhost"),e=document.getElementById("svc-creds-apikey"),a=document.getElementById("svc-creds-basic"),u=document.getElementById("svc-creds-quality");d.textContent=t.name+" Credentials";const n=!!t.isExternal,l=g.includes(t.id)||g.includes(t.appTemplate),p=v.includes(t.id)||v.includes(t.appTemplate);f.style.display=n?"":"none",e.style.display=l?"":"none",u.style.display=p?"":"none",a.style.display=n?"none":"";const s=document.getElementById("svc-quality-select");s.innerHTML='<option value="">-- Enter API key first --</option>',document.getElementById("svc-quality-status").textContent="",n?(c.textContent="Seedhost credentials auto-login past the HTTP prompt. API key bypasses the app login.",document.getElementById("svc-seedhost-pass").placeholder=`Password for ${t.name}`):l?c.textContent="API key bypasses the app login screen automatically.":c.textContent="Credentials are injected automatically when accessing this service.",await r(t),o.classList.add("show")};async function r(t){const d=document.getElementById("svc-creds-dot"),c=document.getElementById("svc-creds-status"),f=document.getElementById("svc-creds-clear");let e=!1;if(t.isExternal){try{const n=await(await fetch(`/api/v1/seedhost-creds?serviceId=${t.id}`)).json();n.success?(document.getElementById("svc-seedhost-user").value=n.username||"",n.hasCredentials&&(e=!0)):document.getElementById("svc-seedhost-user").value=""}catch{}document.getElementById("svc-seedhost-pass").value=""}try{const n=await(await fetch(`/api/v1/services/${t.id}/credentials`)).json();n.success&&(n.hasApiKey?(document.getElementById("svc-apikey-input").value="\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022",e=!0):document.getElementById("svc-apikey-input").value="",n.hasBasicAuth&&!t.isExternal?(document.getElementById("svc-basic-user").value=n.username||"",e=!0):document.getElementById("svc-basic-user").value="")}catch{}document.getElementById("svc-basic-pass")&&(document.getElementById("svc-basic-pass").value="");const a=t.id||t.appTemplate;if(v.includes(a)&&await E(t),e){d.style.background="var(--ok-fg, #74dfc4)",c.style.color="var(--ok-fg, #74dfc4)",c.textContent="Credentials stored",f.style.display="";const u=document.getElementById(`creds-btn-${t.id}`);u&&u.classList.add("has-creds")}else d.style.background="var(--muted)",c.style.color="var(--muted)",c.textContent="No credentials stored",f.style.display="none"}async function E(t){const d=document.getElementById("svc-quality-select"),c=document.getElementById("svc-quality-status"),f=t.id||t.appTemplate,e=y(t);if(!e){d.innerHTML='<option value="">-- No service URL --</option>';return}d.innerHTML='<option value="">Loading...</option>',c.textContent="";try{const a=new URLSearchParams({service:f,url:e}),n=await(await fetch(`/api/v1/arr/quality-profiles?${a}`)).json();if(!n.success||!n.profiles?.length){d.innerHTML='<option value="">-- No profiles found (enter API key and click Fetch) --</option>';return}d.innerHTML="";for(const l of n.profiles){const p=document.createElement("option");p.value=l.id,p.textContent=l.name,d.appendChild(p)}if(n.storedProfileId&&(d.value=String(n.storedProfileId)),!d.value){const l=n.profiles.find(p=>/720/i.test(p.name));l&&(d.value=String(l.id))}!d.value&&n.profiles.length&&(d.value=String(n.profiles[0].id)),c.innerHTML=`<span style="color: var(--ok-fg);">${n.profiles.length} profiles loaded</span>`}catch(a){d.innerHTML='<option value="">-- Failed to load --</option>',c.innerHTML=`<span style="color: var(--error, #c62828);">Error: ${a.message}</span>`}}document.getElementById("svc-quality-fetch")?.addEventListener("click",async()=>{if(!i)return;const t=i.id||i.appTemplate,d=y(i),f=document.getElementById("svc-apikey-input")?.value.trim(),e=document.getElementById("svc-quality-select"),a=document.getElementById("svc-quality-status");if(!d){a.innerHTML='<span style="color: var(--error, #c62828);">No service URL available</span>';return}if(!f||f==="\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022"){a.innerHTML='<span style="color: var(--error, #c62828);">Enter an API key first</span>';return}e.innerHTML='<option value="">Fetching...</option>',a.textContent="";try{const u=new URLSearchParams({service:t,url:d,apiKey:f}),l=await(await fetch(`/api/v1/arr/quality-profiles?${u}`)).json();if(!l.success){e.innerHTML='<option value="">-- Error --</option>',a.innerHTML=`<span style="color: var(--error, #c62828);">${l.error||"Failed to fetch profiles"}</span>`;return}if(!l.profiles?.length){e.innerHTML='<option value="">-- No profiles found --</option>';return}e.innerHTML="";for(const s of l.profiles){const I=document.createElement("option");I.value=s.id,I.textContent=s.name,e.appendChild(I)}const p=l.profiles.find(s=>/720/i.test(s.name));p?e.value=String(p.id):l.profiles.length&&(e.value=String(l.profiles[0].id)),a.innerHTML=`<span style="color: var(--ok-fg);">${l.profiles.length} profiles loaded</span>`}catch(u){e.innerHTML='<option value="">-- Error --</option>',a.innerHTML=`<span style="color: var(--error, #c62828);">${u.message}</span>`}}),document.getElementById("svc-creds-save")?.addEventListener("click",async()=>{if(!i)return;const t=document.getElementById("svc-creds-save");t.textContent="Saving...",t.disabled=!0,h();try{const d=g.includes(i.id)||g.includes(i.appTemplate),c=i.id||i.appTemplate;if(i.isExternal){const a=document.getElementById("svc-seedhost-user").value.trim(),u=document.getElementById("svc-seedhost-pass").value;a&&await secureFetch("/api/v1/seedhost-creds",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({username:a,password:u||void 0,serviceId:i.id})})}const e=document.getElementById("svc-apikey-input")?.value.trim();if(e&&e!=="\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022")if(d){const a=y(i),u=document.getElementById("svc-quality-select"),n=u?.value?parseInt(u.value):void 0,l=u?.selectedOptions?.[0]?.textContent||void 0,s=await(await secureFetch("/api/v1/arr/credentials",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({service:c,apiKey:e,url:a||void 0,qualityProfileId:n||void 0,qualityProfileName:l||void 0})})).json();if(!s.success){k(s.error||"Failed to save API key"),t.textContent="Save",t.disabled=!1;return}s.connectionTest&&!s.connectionTest.success&&k(`API key saved but connection test failed: ${s.connectionTest.error}`)}else await secureFetch(`/api/v1/services/${i.id}/credentials`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({apiKey:e})});else if(d&&v.includes(c)){const a=document.getElementById("svc-quality-select"),u=a?.value?parseInt(a.value):void 0,n=a?.selectedOptions?.[0]?.textContent||void 0;u&&await secureFetch("/api/v1/arr/quality-profiles",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({service:c,qualityProfileId:u,qualityProfileName:n})})}if(!i.isExternal){const a=document.getElementById("svc-basic-user").value.trim(),u=document.getElementById("svc-basic-pass").value;a&&u&&await secureFetch(`/api/v1/services/${i.id}/credentials`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({username:a,password:u})})}await r(i)}catch(d){console.error("Failed to save credentials:",d),k("Failed to save: "+(d.message||"Unknown error"))}t.textContent="Save",t.disabled=!1}),document.getElementById("svc-creds-clear")?.addEventListener("click",async()=>{if(i&&confirm(`Remove stored credentials for ${i.name}?`)){h();try{const t=i.id||i.appTemplate,d=g.includes(t);i.isExternal&&await secureFetch(`/api/v1/seedhost-creds?serviceId=${i.id}`,{method:"DELETE"}),await secureFetch(`/api/v1/services/${i.id}/credentials`,{method:"DELETE"}),d&&await secureFetch(`/api/v1/arr/credentials/${t}`,{method:"DELETE"});const c=document.getElementById(`creds-btn-${i.id}`);c&&c.classList.remove("has-creds"),await r(i)}catch(t){console.error("Failed to clear credentials:",t),k("Failed to clear: "+(t.message||"Unknown error"))}}}),document.getElementById("svc-creds-close")?.addEventListener("click",()=>{o.classList.remove("show"),i=null}),o?.addEventListener("click",t=>{t.target===o&&(o.classList.remove("show"),i=null)}),window.refreshCredsButtons=async function(){try{for(const t of window.APPS||[]){if(!t.isExternal&&!t.appTemplate&&!t.url)continue;let d=!1;if(t.isExternal)try{const e=await(await fetch(`/api/v1/seedhost-creds?serviceId=${t.id}`)).json();e.success&&e.hasCredentials&&(d=!0)}catch{}try{const e=await(await fetch(`/api/v1/services/${t.id}/credentials`)).json();e.success&&(e.hasApiKey||e.hasBasicAuth)&&(d=!0)}catch{}const c=document.getElementById(`creds-btn-${t.id}`);c&&c.classList.toggle("has-creds",d)}}catch{}}})(),(function(){injectModal("totp-settings-modal",`<div id="totp-settings-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 420px; max-width: 520px;">
      <h3 style="margin: 0 0 16px; font-size: 1.1rem;">Authentication Settings</h3>

      <!-- Status Banner -->
      <div id="totp-status-banner" style="margin-bottom: 16px; padding: 12px 16px; border-radius: 8px; border: 1px solid var(--border); display: flex; align-items: center; gap: 8px;">
        <span id="totp-status-dot" class="status-dot"></span>
        <span id="totp-status-text" style="font-size: 0.9rem;">TOTP is not configured</span>
      </div>

      <!-- Setup Button (not configured state) -->
      <div id="totp-setup-section">
        <button id="totp-setup-btn" class="btn-accent-solid" style="width: 100%; padding: 12px; border: none; border-radius: 8px; cursor: pointer; font-weight: 600; font-size: 0.95rem;">
          Generate New Secret
        </button>
        <div style="display: flex; align-items: center; gap: 8px; margin: 10px 0 0;">
          <div class="divider-line"></div>
          <span class="text-tiny-muted">or</span>
          <div class="divider-line"></div>
        </div>
        <div style="margin-top: 10px;">
          <label class="text-hint">Import an existing secret key:</label>
          <div style="display: flex; gap: 8px; margin-top: 6px;">
            <input type="text" id="totp-import-key" placeholder="Paste your Base32 key" autocomplete="off" spellcheck="false"
                   style="flex: 1; padding: 10px; background: var(--bg); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; font-size: 0.9rem; font-family: monospace; letter-spacing: 1px; text-transform: uppercase;" />
            <button id="totp-import-btn" style="padding: 10px 16px; background: var(--card-base); color: var(--fg); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; font-weight: 600; font-size: 0.85rem; white-space: nowrap;">
              Import
            </button>
          </div>
          <div id="totp-import-error" style="color: var(--bad-fg, #ff9aa3); font-size: 0.8rem; min-height: 1.2em; margin-top: 6px;"></div>
        </div>
      </div>

      <!-- Secret Display (setup flow) -->
      <div id="totp-qr-section" style="display: none;">
        <!-- Manual Key (primary - for WinAuth/desktop authenticators) -->
        <p style="font-size: 0.85rem; color: var(--muted); margin: 0 0 8px;">Copy this key into your authenticator app:</p>
        <div style="display: flex; align-items: center; gap: 8px; margin-bottom: 16px;">
          <code id="totp-manual-key" style="flex: 1; display: block; padding: 12px; background: var(--bg, #0b0f1a); border: 1px solid var(--border); border-radius: 6px; font-size: 1rem; font-family: 'Sami Grotesk', monospace; letter-spacing: 2px; word-break: break-all; user-select: all; color: var(--fg);"></code>
          <button id="totp-copy-key" style="padding: 10px 14px; background: var(--card-base); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; font-size: 1rem; white-space: nowrap; color: var(--fg);" title="Copy to clipboard">\u{1F4CB}</button>
        </div>

        <!-- QR Code (secondary - for mobile apps) -->
        <details class="mb-16">
          <summary style="cursor: pointer; color: var(--muted); font-size: 0.8rem;">Show QR code (for mobile authenticator apps)</summary>
          <div style="text-align: center; margin-top: 8px;">
            <img id="totp-qr-image" style="width: 180px; height: 180px; border-radius: 8px;" />
          </div>
        </details>

        <!-- Verify First Code -->
        <div style="border-top: 1px solid var(--border); padding-top: 16px;">
          <label class="font-bold-sm">Enter code to confirm setup:</label>
          <div style="display: flex; gap: 8px; margin-top: 8px;">
            <input type="text" id="totp-setup-code" maxlength="6" inputmode="numeric" pattern="[0-9]{6}" placeholder="000000"
                   style="flex: 1; text-align: center; font-size: 1.3rem; padding: 10px; font-family: 'Sami Grotesk', monospace; letter-spacing: 4px; background: var(--bg); color: var(--fg); border: 2px solid var(--border); border-radius: 8px; outline: none;" />
            <button id="totp-confirm-setup" class="btn-accent-solid" style="padding: 10px 20px; border: none; border-radius: 8px; cursor: pointer; font-weight: 600;">
              Confirm
            </button>
          </div>
          <div id="totp-setup-error" style="color: var(--bad-fg, #ff9aa3); font-size: 0.8rem; min-height: 1.2em; margin-top: 6px;"></div>
        </div>
      </div>

      <!-- Session Duration (active state) -->
      <div id="totp-duration-section" style="display: none; margin-top: 12px;">
        <label class="font-bold-sm">Session Duration:</label>
        <select id="totp-duration-select" style="width: 100%; padding: 10px; margin-top: 6px; background: var(--bg, #0b0f1a); color: var(--fg); border: 1px solid var(--border); border-radius: 8px; font-size: 0.9rem; cursor: pointer;">
          <option value="15m">15 minutes</option>
          <option value="30m">30 minutes</option>
          <option value="1h">1 hour</option>
          <option value="2h">2 hours</option>
          <option value="4h">4 hours</option>
          <option value="8h">8 hours</option>
          <option value="12h">12 hours</option>
          <option value="24h">24 hours</option>
          <option value="never">Never (disable TOTP)</option>
        </select>
        <p style="font-size: 0.75rem; color: var(--muted); margin: 4px 0 0;">How long before you need to re-enter your code</p>
      </div>

      <!-- Disable Button (active state) -->
      <div id="totp-disable-section" style="display: none; margin-top: 16px; padding-top: 16px; border-top: 1px solid var(--border);">
        <button id="totp-disable-btn" style="width: 100%; padding: 10px; background: transparent; color: var(--bad-fg, #ff9aa3); border: 1px solid var(--bad-fg, #ff9aa3); border-radius: 8px; cursor: pointer; font-size: 0.9rem;">
          Disable TOTP
        </button>
      </div>

      <!-- Close -->
      <div style="margin-top: 16px; text-align: right;">
        <button id="totp-modal-close" style="padding: 8px 20px; background: var(--card-base); color: var(--fg); border: 1px solid var(--border); border-radius: 8px; cursor: pointer;">
          Close
        </button>
      </div>
    </div>
  </div>`);async function o(){try{const y=await(await fetch("/api/v1/totp/config")).json();if(!y.success)return;const{enabled:k,sessionDuration:h,isSetUp:r}=y.config,E=document.getElementById("totp-status-dot"),t=document.getElementById("totp-status-text"),d=document.getElementById("totp-status-banner"),c=document.getElementById("totp-setup-section"),f=document.getElementById("totp-qr-section"),e=document.getElementById("totp-duration-section"),a=document.getElementById("totp-disable-section");k&&r?(E.style.background="var(--ok-fg, #7ef2ff)",d.style.borderColor="var(--ok-fg, #7ef2ff)",d.style.background="color-mix(in srgb, var(--ok-fg) 8%, transparent)",t.textContent="TOTP is active",t.style.color="var(--ok-fg, #7ef2ff)",c.style.display="none",f.style.display="none",e.style.display="block",a.style.display="block",document.getElementById("totp-duration-select").value=h):(E.style.background="var(--muted)",d.style.borderColor="var(--border)",d.style.background="transparent",t.textContent="TOTP is not configured",t.style.color="var(--muted)",c.style.display="block",f.style.display="none",e.style.display="none",a.style.display="none"),g(k&&r,h)}catch(v){console.warn("Failed to load TOTP settings:",v)}}const i={"15m":"15 min","30m":"30 min","1h":"1 hour","2h":"2 hours","4h":"4 hours","8h":"8 hours","12h":"12 hours","24h":"24 hours",never:"Disabled"};function g(v,y){const k=document.getElementById("auth-card"),h=document.getElementById("auth-pill"),r=document.getElementById("auth-dot"),E=document.getElementById("auth-status-text");k&&(v?(k.setAttribute("data-status","on"),h.className="badge on",h.textContent="YES",r.className="dot ok at-bl",E.textContent="Session: "+(i[y]||y)):(k.setAttribute("data-status","off"),h.className="badge off",h.textContent="NO",r.className="dot bad at-bl",E.textContent="Not configured"))}document.getElementById("totp-setup-btn")?.addEventListener("click",async()=>{try{const y=await(await secureFetch("/api/v1/totp/setup",{method:"POST"})).json();y.success&&(document.getElementById("totp-qr-image").src=y.qrCode,document.getElementById("totp-manual-key").textContent=y.manualKey,document.getElementById("totp-setup-section").style.display="none",document.getElementById("totp-qr-section").style.display="block",document.getElementById("totp-setup-code").value="",document.getElementById("totp-setup-error").textContent="",document.getElementById("totp-setup-code").focus())}catch(v){console.error("TOTP setup failed:",v)}}),document.getElementById("totp-import-btn")?.addEventListener("click",async()=>{const v=document.getElementById("totp-import-key").value.trim(),y=document.getElementById("totp-import-error");if(y.textContent="",!v){y.textContent="Paste a Base32 secret key first";return}try{const h=await(await secureFetch("/api/v1/totp/setup",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({secret:v})})).json();h.success?(y.textContent="",document.getElementById("totp-qr-image").src=h.qrCode,document.getElementById("totp-manual-key").textContent=h.manualKey,document.getElementById("totp-setup-section").style.display="none",document.getElementById("totp-qr-section").style.display="block",document.getElementById("totp-setup-code").value="",document.getElementById("totp-setup-error").textContent="",document.getElementById("totp-setup-code").focus()):y.textContent=h.error||h.message||"Import failed"}catch{y.textContent="Connection error \u2014 try refreshing the page"}}),document.getElementById("totp-copy-key")?.addEventListener("click",()=>{const v=document.getElementById("totp-manual-key").textContent;navigator.clipboard.writeText(v).then(()=>{const y=document.getElementById("totp-copy-key");y.textContent="\u2705",setTimeout(()=>{y.textContent="\u{1F4CB}"},2e3)})}),document.getElementById("totp-confirm-setup")?.addEventListener("click",async()=>{const v=document.getElementById("totp-setup-code").value,y=document.getElementById("totp-setup-error");if(!/^\d{6}$/.test(v)){y.textContent="Enter a 6-digit code";return}try{const h=await(await secureFetch("/api/v1/totp/verify-setup",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code:v})})).json();h.success?(y.textContent="",o()):y.textContent=h.error||"Invalid code"}catch{y.textContent="Connection error"}}),document.getElementById("totp-setup-code")?.addEventListener("keydown",v=>{v.key==="Enter"&&document.getElementById("totp-confirm-setup")?.click()}),document.getElementById("totp-duration-select")?.addEventListener("change",async v=>{try{await secureFetch("/api/v1/totp/config",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({sessionDuration:v.target.value})}),o()}catch(y){console.error("Failed to update session duration:",y)}}),document.getElementById("totp-disable-btn")?.addEventListener("click",async()=>{if(confirm("Disable TOTP authentication? All services will be accessible without a code."))try{(await(await secureFetch("/api/v1/totp/disable",{method:"POST",headers:{"Content-Type":"application/json"},body:"{}"})).json()).success&&o()}catch(v){console.error("Failed to disable TOTP:",v)}}),document.getElementById("auth-settings-btn")?.addEventListener("click",()=>{o(),openModal("totp-settings-modal")}),document.getElementById("totp-modal-close")?.addEventListener("click",()=>{closeModal("totp-settings-modal")}),document.getElementById("totp-settings-modal")?.addEventListener("click",v=>{v.target.id==="totp-settings-modal"&&closeModal("totp-settings-modal")}),window._updateAuthCard=g,(async()=>{try{const y=await(await fetch("/api/v1/totp/config")).json();if(y.success){const k=y.config.enabled&&y.config.isSetUp;g(k,y.config.sessionDuration)}}catch(v){console.error("[AuthCard] Failed to update:",v)}})()})(),(function(){injectModal("token-management-modal",`
  <div id="token-management-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 500px; max-width: 600px;">
      <h3>\u{1F511} DNS Credentials</h3>

      <p style="font-size: 0.85rem; color: var(--muted); margin: 0 0 16px;">
        Enter Technitium DNS login credentials. Read-only accounts are used for logs; admin accounts for restarts, records, and updates.
      </p>

      <div id="dns-cred-sections"></div>

      <div class="weather-modal-buttons modal-footer-bar">
        <button id="token-clear-all" style="margin-right: auto; background: color-mix(in srgb, var(--bad-fg) 15%, transparent); border-color: var(--bad-fg); color: var(--bad-fg);">Clear All</button>
        <button id="token-cancel">Cancel</button>
        <button id="token-save" class="btn-accent">Save</button>
      </div>
    </div>
  </div>
  `);function o(){return Object.keys(SITE.dnsServers||{})}function i(n){return(SITE.dnsServers||{})[n]?.name||n.toUpperCase()}function g(){const n=document.getElementById("dns-cred-sections");if(!n)return;n.innerHTML="";const l=o();if(l.length===0){n.innerHTML='<p style="color: var(--muted); text-align: center; padding: 20px;">No DNS servers configured.</p>';return}for(const p of l)n.insertAdjacentHTML("beforeend",`
      <div class="token-section">
        <h4 class="token-section-title">${i(p)}</h4>
        <div class="token-grid">
          <div class="token-field">
            <label for="${p}-readonly-username">\u{1F4D6} Read-Only (Logs):</label>
            <input type="text" id="${p}-readonly-username" placeholder="Username" autocomplete="off" style="margin-bottom: 4px;" />
            <div class="token-input-row">
              <input type="password" id="${p}-readonly-token" placeholder="Password" autocomplete="off" />
              <button type="button" class="token-toggle" data-target="${p}-readonly-token">\u{1F441}</button>
            </div>
          </div>
          <div class="token-field">
            <label for="${p}-admin-username">\u{1F527} Admin:</label>
            <input type="text" id="${p}-admin-username" placeholder="Username" autocomplete="off" style="margin-bottom: 4px;" />
            <div class="token-input-row">
              <input type="password" id="${p}-admin-token" placeholder="Password" autocomplete="off" />
              <button type="button" class="token-toggle" data-target="${p}-admin-token">\u{1F441}</button>
            </div>
          </div>
        </div>
        <div class="token-status" id="${p}-token-status"></div>
      </div>
      `)}function v(){let n=safeSessionGet("dashcaddy-encryption-key");if(n)return n;const l=safeGet("dashcaddy-encryption-key");if(l)return safeSessionSet("dashcaddy-encryption-key",l),safeRemove("dashcaddy-encryption-key"),l;const p=new Uint8Array(32);return crypto.getRandomValues(p),n=Array.from(p,s=>s.toString(16).padStart(2,"0")).join(""),safeSessionSet("dashcaddy-encryption-key",n),n}const y=v();function k(n,l){if(!n)return"";const p=crypto.getRandomValues(new Uint8Array(8)),s=Array.from(p,L=>L.toString(16).padStart(2,"0")).join(""),I=new TextEncoder().encode(l+s);let B="";for(let L=0;L<n.length;L++){const A=n.charCodeAt(L)^I[L%I.length]^p[L%p.length]^L*31+17&255;B+=String.fromCharCode(A)}return s+":"+btoa(B)}function h(n,l){if(!n)return"";try{if(n.indexOf(":")===16){const B=n.substring(0,16),L=new Uint8Array(B.match(/.{2}/g).map($=>parseInt($,16))),A=atob(n.substring(17)),w=new TextEncoder().encode(l+B);let T="";for(let $=0;$<A.length;$++){const b=A.charCodeAt($)^w[$%w.length]^L[$%L.length]^$*31+17&255;T+=String.fromCharCode(b)}return T}const s=atob(n);let I="";for(let B=0;B<s.length;B++){const L=s.charCodeAt(B)^l.charCodeAt(B%l.length);I+=String.fromCharCode(L)}return I}catch{return""}}function r(n,l,p){const s=safeGet(`${n}-${l}-${p}-enc`);return h(s,y)}function E(n,l,p,s){const I=`${n}-${l}-${p}-enc`;s?safeSet(I,k(s,y)):safeRemove(I)}function t(n,l){return r(n,l,"token")}function d(n,l){return r(n,l,"username")}function c(n,l,p){E(n,l,"token",p)}function f(n,l,p){E(n,l,"username",p)}function e(){const n={};for(const l of o())n[l]={readonly:{username:d(l,"readonly"),token:t(l,"readonly")},admin:{username:d(l,"admin"),token:t(l,"admin")}};return n}function a(){o().forEach(n=>{["readonly","admin"].forEach(l=>{["token","username"].forEach(p=>{safeRemove(`${n}-${l}-${p}-enc`)})}),safeRemove(`${n}-token-enc`),safeRemove(`${n}-username-enc`)})}function u(n){const l=t(n,"readonly"),p=d(n,"readonly"),s=t(n,"admin"),I=d(n,"admin"),B=h(safeGet(`${n}-token-enc`),y),L=h(safeGet(`${n}-username-enc`),y);return{username:I||p||L,token:s||l||B,readonlyToken:l||B,readonlyUsername:p||L,adminToken:s||B,adminUsername:I||L}}document.getElementById("manage-tokens")?.addEventListener("click",()=>{g();const n=document.getElementById("token-management-modal"),l=e();o().forEach(p=>{const s=l[p];document.getElementById(`${p}-readonly-username`).value=s.readonly.username,document.getElementById(`${p}-readonly-token`).value=s.readonly.token,document.getElementById(`${p}-admin-username`).value=s.admin.username,document.getElementById(`${p}-admin-token`).value=s.admin.token,document.getElementById(`${p}-token-status`).textContent=""}),n.classList.add("show")}),document.getElementById("token-management-modal")?.addEventListener("click",n=>{const l=n.target.closest(".token-toggle");if(l){const p=l.dataset.target,s=document.getElementById(p);s.type==="password"?(s.type="text",l.textContent="\u{1F648}"):(s.type="password",l.textContent="\u{1F441}");return}n.target.id==="token-management-modal"&&n.target.classList.remove("show")}),document.getElementById("token-save")?.addEventListener("click",async()=>{const n=o();n.forEach(s=>{f(s,"readonly",document.getElementById(`${s}-readonly-username`).value.trim()),c(s,"readonly",document.getElementById(`${s}-readonly-token`).value.trim()),f(s,"admin",document.getElementById(`${s}-admin-username`).value.trim()),c(s,"admin",document.getElementById(`${s}-admin-token`).value.trim())});const l={};let p=!1;if(n.forEach(s=>{const I={},B=document.getElementById(`${s}-readonly-username`).value.trim(),L=document.getElementById(`${s}-readonly-token`).value.trim(),A=document.getElementById(`${s}-admin-username`).value.trim(),w=document.getElementById(`${s}-admin-token`).value.trim();B&&L&&(I.readonly={username:B,password:L},p=!0),A&&w&&(I.admin={username:A,password:w},p=!0),Object.keys(I).length>0&&(l[s]=I)}),p){n.forEach(s=>{l[s]&&(document.getElementById(`${s}-token-status`).textContent="Verifying...",document.getElementById(`${s}-token-status`).className="token-status")});try{const I=await(await secureFetch("/api/v1/dns/credentials",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({servers:l})})).json();I.results?n.forEach(B=>{const L=document.getElementById(`${B}-token-status`);if(!l[B]){L.textContent="";return}const A=I.results[B];A?.success?(L.textContent="\u2713 Verified & saved",L.className="token-status success"):A?.partial?(L.textContent="\u2713 "+A.partial,L.className="token-status success"):(L.textContent="\u2717 "+(A?.error||"Login failed"),L.className="token-status error")}):I.success?n.forEach(B=>{l[B]&&(document.getElementById(`${B}-token-status`).textContent="\u2713 Saved",document.getElementById(`${B}-token-status`).className="token-status success")}):n.forEach(B=>{l[B]&&(document.getElementById(`${B}-token-status`).textContent="\u2717 "+(I.error||"Failed"),document.getElementById(`${B}-token-status`).className="token-status error")})}catch(s){console.error("Failed to sync DNS credentials to backend:",s),n.forEach(I=>{l[I]&&(document.getElementById(`${I}-token-status`).textContent="\u2713 Saved locally (sync failed)",document.getElementById(`${I}-token-status`).className="token-status")})}}else n.forEach(s=>{document.getElementById(`${s}-token-status`).textContent=""});setTimeout(()=>{n.every(I=>{const B=document.getElementById(`${I}-token-status`)?.textContent;return!B||B.includes("\u2713")})&&closeModal("token-management-modal")},1500)}),document.getElementById("token-cancel")?.addEventListener("click",()=>{closeModal("token-management-modal")}),document.getElementById("token-clear-all")?.addEventListener("click",async()=>{if(confirm("Clear all stored DNS credentials? This cannot be undone.")){a(),o().forEach(n=>{document.getElementById(`${n}-readonly-username`).value="",document.getElementById(`${n}-readonly-token`).value="",document.getElementById(`${n}-admin-username`).value="",document.getElementById(`${n}-admin-token`).value="",document.getElementById(`${n}-token-status`).textContent="\u2713 Cleared",document.getElementById(`${n}-token-status`).className="token-status success"});try{await secureFetch("/api/v1/dns/credentials",{method:"DELETE"})}catch{}}}),window.getToken=t,window.getUsername=d,window.setToken=c,window.setUsername=f,window.getAllCredentials=e,window.getCredential=r,window.setCredential=E,window.getEncryptionKey=v,window.getDnsIds=o,window.getDnsDisplayName=i})(),(function(){function o(c,f,e=null){const a=document.getElementById(c+"-dot"),u=document.getElementById(c+"-pill"),n=document.getElementById(c+"-time"),l=document.querySelector(`[data-app="${c}"]`);a&&(a.classList.toggle("ok",f),a.classList.toggle("bad",!f)),u&&(u.textContent=f?"ON":"OFF",u.classList.toggle("on",f),u.classList.toggle("off",!f)),n&&e!==null&&(n.textContent=f?`${e}ms`:"timeout",n.className=`response-time ${i(e,f)}`),l&&l.setAttribute("data-status",f?"on":"off")}function i(c,f){return f?c<200?"excellent":c<500?"good":c<1e3?"fair":"slow":"timeout"}async function g(c){const f=performance.now();try{const e=await fetch("/probe/"+c,{cache:"no-store"}),a=performance.now(),u=Math.round(a-f);return{isUp:e.status>=200&&e.status<400||e.status===401||e.status===403,responseTime:u}}catch{const e=performance.now();return{isUp:!1,responseTime:Math.round(e-f)}}}window.APPS=[];let v=null,y=!1;async function k(){try{window.SkeletonLoader&&window.SkeletonLoader.show(6);const c=await fetch("/api/v1/services",{cache:"no-store"});c.ok?(window.APPS=await c.json(),window.SkeletonLoader&&window.SkeletonLoader.hide()):(console.error("Failed to load services:",c.status),window.SkeletonLoader&&window.SkeletonLoader.hide())}catch(c){console.error("Failed to load services:",c),window.SkeletonLoader&&window.SkeletonLoader.hide()}}function h(c){const f=window.APPS?.find(a=>a.id===c);if(f?.url)return f.url.startsWith("http")?f.url:"https://"+f.url;if(f?.isExternal&&f.externalUrl)return f.externalUrl;const e=SITE.dnsServers?.[c];return e?"http://"+e.ip+":"+(e.port||5380):buildServiceUrl(c)}function r(c,f,e){const a=document.createElement(c);return f&&(a.className=f),e&&(a.textContent=e),a}function E(){const c=document.getElementById("cards");c.innerHTML="";for(let f=0;f<window.APPS.length;f++){const e=window.APPS[f];if(e.id==="ca")continue;const a=r("div","card");a.setAttribute("data-app",e.id),a.setAttribute("data-status","off"),e.recipeId&&a.setAttribute("data-recipe-id",e.recipeId);const u=r("span","dot bad at-bl");u.id="dot-"+e.id+"-grid",a.appendChild(u);const n=r("div","row"),l=r("div","logo-wrap"),p=document.createElement("img");p.src=e.logo,p.alt=e.name,p.className="logo-img",p.onerror=function(){let x=e.id||e.appTemplate;if(!x&&e.name&&(x=e.name.toLowerCase().replace(/\s+/g,"-")),x){const C=[`https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/${x}.png`,`https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/${x.toLowerCase()}.png`,`https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/${x.replace(/-/g,"")}.png`,`https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/${e.name.toLowerCase().replace(/\s+/g,"-")}.png`],P=[...new Set(C)],D=P.indexOf(this.src)+1;D<P.length?this.src=P[D]:this.style.display="none"}else this.style.display="none"},l.appendChild(p),n.appendChild(l);const s=r("span","name",e.name);if(n.appendChild(s),e.tailscaleOnly){const x=r("span","ts-badge","\u{1F510}");x.title="Tailscale-only access",x.style.cssText="margin-left: 6px; font-size: 0.75rem; opacity: 0.8;",s.appendChild(x)}n.appendChild(r("span","spacer"));const I=r("span","badge off","OFF");I.id="badge-"+e.id,n.appendChild(I);const B=r("span","update-available-badge","UPDATE");B.id="update-badge-"+e.id,B.title="Update available",n.appendChild(B),a.appendChild(n);const L=r("div","response-row"),A=r("span","response-time","--");A.id="time-"+e.id,L.appendChild(A),a.appendChild(L);const w=r("div","health-row");w.id="health-"+e.id;const T=r("span","uptime-chip","--");T.id="uptime-"+e.id,w.appendChild(T);const $=document.createElement("div");$.className="uptime-mini-bar";const b=document.createElement("div");b.className="fill",b.id="uptime-bar-"+e.id,b.style.width="0%",$.appendChild(b),w.appendChild($),a.appendChild(w);const m=r("div","btn-row");if(e.containerId){const x=r("button","logs-btn","\u{1F4CB}");x.title="View container logs",x.onclick=P=>{P.stopPropagation(),window.openContainerLogsModal(e.containerId,e.name)},m.appendChild(x);const C=r("button","update-btn","\u2B06\uFE0F");C.title="Update container to latest version",C.id=`update-btn-${e.id}`,C.onclick=P=>{P.stopPropagation(),window.updateContainer(e.containerId,e.name,e.id)},m.appendChild(C)}if(e.logPath&&!e.containerId){const x=r("button","logs-btn","\u{1F4CB}");x.title="View application logs",x.onclick=C=>{C.stopPropagation(),window.openFileLogsModal(e.logPath,e.name)},m.appendChild(x)}if(e.isExternal||e.appTemplate||e.url){const x=r("button","creds-btn","\u{1F511}");x.title="Auto-login credentials",x.id=`creds-btn-${e.id}`,x.onclick=C=>{C.stopPropagation(),window.openServiceCredsModal(e)},m.appendChild(x)}if(e.id!=="internet"){const x=r("button","options-btn","\u2699\uFE0F");x.title="Edit service settings",x.onclick=C=>{C.stopPropagation(),window.openServiceEditModal(e)},m.appendChild(x)}if(e.id!=="internet"){const x=r("button","delete-btn","\u{1F5D1}\uFE0F");x.title="Delete this service",x.onclick=C=>{C.stopPropagation(),window.deleteService(e.id,e.name)},m.appendChild(x)}const S=r("button",null,"Open");S.onclick=()=>window.open(h(e.id),"_blank","noopener"),m.appendChild(S),a.appendChild(m),a.style.transitionDelay=`${Math.min(f*45,270)}ms`,c.appendChild(a)}requestAnimationFrame(()=>{c.querySelectorAll(".card").forEach(f=>f.classList.add("loaded"))}),window.groupRecipeCards&&requestAnimationFrame(()=>window.groupRecipeCards())}function t(c,f,e=null){const a=document.getElementById("dot-"+c+"-grid"),u=document.getElementById("badge-"+c),n=document.getElementById("time-"+c),l=document.querySelector(`[data-app="${c}"]`);a&&(a.classList.toggle("ok",f),a.classList.toggle("bad",!f)),u&&(u.textContent=f?"ON":"OFF",u.classList.toggle("on",f),u.classList.toggle("off",!f)),n&&e!==null&&(n.textContent=f?`${e}ms`:"timeout",n.className=`response-time ${i(e,f)}`),l&&l.setAttribute("data-status",f?"on":"off")}async function d(){if(v)return y=!0,v;function c(a,u=new Date){const n=document.getElementById("stamp");n&&(n.textContent=`${a}: ${new Date(u).toLocaleTimeString()}`)}function f(a){Object.keys(SITE.dnsServers).forEach(n=>{const l=a[n];l&&o(n,l.isUp,l.responseTime)}),a.internet&&o("internet",a.internet.isUp,a.internet.responseTime),window.APPS.forEach(n=>{const l=a[n.id];l&&t(n.id,l.isUp,l.responseTime)})}async function e(){const a=Object.keys(SITE.dnsServers),u=a.map(s=>g(s));u.push(g("internet"));const n=await Promise.all(u);a.forEach((s,I)=>o(s,n[I].isUp,n[I].responseTime));const l=n[n.length-1];o("internet",l.isUp,l.responseTime),(await Promise.all(window.APPS.map(async s=>{const I=await g(s.id);return{id:s.id,...I}}))).forEach(s=>{t(s.id,s.isUp,s.responseTime)})}return v=(async()=>{try{const a=await fetch("/api/v1/services/status",{cache:"no-store"});if(!a.ok)throw new Error(`Status refresh failed (${a.status})`);const u=await a.json();f(u.statuses||{}),c("last check",u.checkedAt||new Date)}catch(a){console.warn("Batched status refresh failed, falling back to direct probes:",a);try{await e(),c("last check")}catch(u){console.error("Dashboard refresh failed:",u),c("last failed")}}finally{v=null,y&&(y=!1,setTimeout(()=>{window.refreshAll()},0))}})(),v}document.querySelector(".top")?.addEventListener("click",c=>{const f=c.target.closest('[id$="-open"]');if(!f)return;const e=f.id.replace("-open","");SITE.dnsServers[e]&&window.open(h(e),"_blank","noopener")}),document.getElementById("ca-open")?.addEventListener("click",()=>window.open(h("ca"),"_blank","noopener")),document.getElementById("creds-btn-ca")?.addEventListener("click",c=>{c.stopPropagation();const f=window.APPS.find(e=>e.id==="ca");f&&window.openServiceCredsModal&&window.openServiceCredsModal(f)}),document.getElementById("options-btn-ca")?.addEventListener("click",c=>{c.stopPropagation();const f=window.APPS.find(e=>e.id==="ca");f&&window.openServiceEditModal&&window.openServiceEditModal(f)}),document.getElementById("delete-btn-ca")?.addEventListener("click",c=>{c.stopPropagation(),window.deleteService&&window.deleteService("ca","DashCA")}),window.loadServices=k,window.buildGrid=E,window.refreshAll=d,window.setQuick=o,window.setBadge=t,window.getResponseTimeClass=i,window.checkServiceWithTiming=g,window.serviceUrl=h,window.el=r})(),(function(){async function o(r){const t=await(await secureFetch(`/api/v1/dns/restart/${r}`,{method:"POST"})).json();if(!t.success)throw new Error(t.error||"Restart failed");return t}document.querySelector(".top")?.addEventListener("click",async r=>{const E=r.target.closest('[id$="-restart"]');if(!E)return;const t=E.id.replace("-restart","");if(SITE.dnsServers[t]&&confirm(`Restart ${t.toUpperCase()} service?`))try{await withButton(E,"...",()=>o(t)),setTimeout(window.refreshAll,DC.DELAYS.RELOAD)}catch(d){showNotification("Restart failed: "+d.message,"error")}});async function i(r,E){const t=document.getElementById(`${r}-update`),d=t?.textContent||"\u2B06\uFE0F";try{t.textContent="\u{1F50D}",t.disabled=!0,t.title="Checking for updates...";const f=await(await fetch(`/api/v1/dns/check-update?server=${encodeURIComponent(E)}`)).json();if(!f.success)throw new Error(f.error||"Failed to check for updates");if(!f.updateAvailable){t.textContent="\u2705",t.title=`Already on latest version (${f.currentVersion})`,showNotification(`${r.toUpperCase()} is already up to date! Current version: ${f.currentVersion}`,"info"),setTimeout(()=>{t.textContent=d,t.disabled=!1,t.title="Update DNS server"},3e3);return}if(!confirm(`Update available for ${r.toUpperCase()}!

Current: ${f.currentVersion}
New: ${f.updateVersion}

`+(f.updateTitle?`${f.updateTitle}

`:"")+`The DNS server will restart during the update.
Proceed?`)){t.textContent=d,t.disabled=!1,t.title="Update DNS server";return}t.textContent="\u{1F504}",t.title="Updating...";const u=await(await secureFetch(`/api/v1/dns/update?server=${encodeURIComponent(E)}`,{method:"POST"})).json();if(!u.success)throw new Error(u.error||"Update failed");if(u.manualUpdateRequired){t.textContent="\u2B06\uFE0F",t.title=`Update available: ${u.newVersion}`;const n=u.downloadLink?`
Download: ${u.downloadLink}`:"",l=u.instructionsLink?`
Instructions: ${u.instructionsLink}`:"";showNotification(`${r.toUpperCase()} update requires manual installation. Current: ${u.previousVersion} \u2192 ${u.newVersion}. Please update manually on the host machine.`,"warning",8e3),t.disabled=!1;return}t.textContent="\u2705",t.title="Updated successfully!",showNotification(`${r.toUpperCase()} updated successfully! ${u.previousVersion} \u2192 ${u.newVersion}. Server is restarting...`,"success"),setTimeout(()=>{t.textContent=d,t.disabled=!1,t.title="Update DNS server",window.refreshAll()},1e4)}catch(c){console.error("DNS update error:",c),t.textContent="\u274C",t.title="Update failed",showNotification(`Failed to update ${r.toUpperCase()}: ${c.message}`,"error"),setTimeout(()=>{t.textContent=d,t.disabled=!1,t.title="Update DNS server"},3e3)}}document.querySelector(".top")?.addEventListener("click",r=>{const E=r.target.closest('[id$="-update"]');if(!E)return;const t=E.id.replace("-update","");SITE.dnsServers[t]&&i(t,SITE.dnsServers[t]?.ip)}),injectModal("dns-settings-modal",`
  <div id="dns-settings-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 420px; max-width: 520px;">
      <h3 id="dns-settings-title">DNS Settings</h3>

      <div style="display: grid; gap: 16px; margin-top: 16px;">
        <div>
          <label for="dns-edit-ip" class="form-label-accent-sm">Server IP</label>
          <input type="text" id="dns-edit-ip" class="form-input-md" placeholder="192.168.1.1" />
        </div>
        <div>
          <label for="dns-edit-port" class="form-label-accent-sm">Port</label>
          <input type="number" id="dns-edit-port" class="form-input-md" placeholder="5380" />
        </div>
        <div>
          <label for="dns-edit-name" class="form-label-accent-sm">Display Name (optional)</label>
          <input type="text" id="dns-edit-name" class="form-input-md" placeholder="e.g. Primary DNS" />
        </div>
        <div class="form-hint-sm">Manage credentials via Tokens in the toolbar</div>
      </div>

      <div class="weather-modal-buttons" style="margin-top: 24px;">
        <button id="dns-settings-cancel">Cancel</button>
        <button id="dns-settings-delete" style="background: color-mix(in srgb, #e74c3c 20%, transparent); border-color: #e74c3c; color: #e74c3c;">Remove</button>
        <button id="dns-settings-save" class="btn-accent">Save</button>
      </div>
    </div>
  </div>`);let g=null;function v(r){g=r;const E=SITE.dnsServers[r]||{},t=document.getElementById("dns-settings-modal");document.getElementById("dns-settings-title").textContent=`${(E.name||r).toUpperCase()} Settings`,document.getElementById("dns-edit-ip").value=E.ip||"",document.getElementById("dns-edit-port").value=E.port||DC.DEFAULTS.DNS_PORT,document.getElementById("dns-edit-name").value=E.name||"",t.classList.add("show")}async function y(){if(!g)return;const r=document.getElementById("dns-edit-ip").value.trim(),E=document.getElementById("dns-edit-port").value.trim()||DC.DEFAULTS.DNS_PORT,t=document.getElementById("dns-edit-name").value.trim();if(!r){showNotification("Server IP is required","warning");return}const d={dnsServers:{}};d.dnsServers[g]={ip:r,port:String(E)},t&&(d.dnsServers[g].name=t);try{const f=await(await secureFetch("/api/v1/config",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(d)})).json();f.success?(SITE.dnsServers[g]=d.dnsServers[g],showNotification(`${g.toUpperCase()} settings saved`,"success"),h(),window.refreshAll()):showNotification(f.error||"Failed to save settings","error")}catch(c){showNotification("Failed to save: "+c.message,"error")}}async function k(){if(g&&confirm(`Remove ${g.toUpperCase()} from dashboard? This won't affect the actual DNS server.`))try{const E=await(await secureFetch("/api/v1/config")).json();E.dnsServers&&delete E.dnsServers[g];const d=await(await secureFetch("/api/v1/config",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({dnsServers:E.dnsServers||{}})})).json();if(d.success){delete SITE.dnsServers[g];const c=document.querySelector(`.top [data-app="${g}"]`);c&&c.remove(),showNotification(`${g.toUpperCase()} removed from dashboard`,"success"),h()}else showNotification(d.error||"Failed to remove","error")}catch(r){showNotification("Failed to remove: "+r.message,"error")}}function h(){closeModal("dns-settings-modal"),g=null}document.getElementById("dns-settings-cancel")?.addEventListener("click",h),document.getElementById("dns-settings-save")?.addEventListener("click",y),document.getElementById("dns-settings-delete")?.addEventListener("click",k),document.getElementById("dns-settings-modal")?.addEventListener("click",r=>{r.target.id==="dns-settings-modal"&&h()}),document.querySelector(".top")?.addEventListener("click",r=>{const E=r.target.closest('[id$="-settings"]');if(!E)return;const t=E.id.replace("-settings","");SITE.dnsServers[t]&&(r.stopPropagation(),v(t))}),document.getElementById("refresh")?.addEventListener("click",window.refreshAll)})(),(function(){injectModal("logs-modal",`
  <div id="logs-modal" class="logs-modal">
    <div class="logs-modal-content" style="min-width: 800px; max-width: 1000px;">
      <div class="logs-header">
        <h3 id="logs-title">DNS Logs</h3>
        <div class="logs-controls">
          <label for="log-lines">Show:</label>
          <select id="log-lines">
            <option value="25" selected>25</option>
            <option value="50">50</option>
            <option value="100">100</option>
            <option value="200">200</option>
          </select>
          <button id="logs-stream" class="stream-btn" title="Enable real-time streaming">\u{1F4E1} Live</button>
          <button id="logs-pause" class="pause-btn">\u23F8\uFE0F Pause</button>
          <button id="logs-close" class="close-btn">\u2715</button>
        </div>
      </div>
      <div class="logs-container scroll-container">
        <div id="logs-content" class="logs-content">
          <div class="logs-loading">Loading logs...</div>
        </div>
      </div>
    </div>
  </div>`);let o=null,i=null,g=!1,v=null,y=null,k=!1,h=null,r=null,E=!1,t=null,d=!1;async function c(b,m=25){try{const S=getDnsServerAddr(b),x=await fetch(`/api/v1/dns/logs?server=${S}&limit=${m}`,{cache:"no-store",headers:{Accept:"application/json","Cache-Control":"no-cache"}});if(x.ok){const C=await x.json();return C.success&&C.logs?{logs:C.logs,count:C.count,server:C.server}:{error:C.error||"Failed to fetch logs"}}else return x.status===401?{error:"DNS auto-auth failed - check credentials in settings"}:{error:`HTTP ${x.status}`}}catch(S){return console.error("DNS logs fetch failed:",S),{error:S.message}}}function f(b){return{NoError:"var(--ok-fg)",NOERROR:"var(--ok-fg)",NxDomain:"var(--muted)",NXDOMAIN:"var(--muted)",Refused:"var(--bad-fg)",REFUSED:"var(--bad-fg)",ServerFailure:"#f39c12",SERVFAIL:"#f39c12"}[b]||"var(--fg)"}function e(b){const m=document.createElement("div");if(m.className="log-entry",m.style.cssText="display: grid; grid-template-columns: 140px 110px 1fr 70px 80px; gap: 8px; padding: 6px 10px; border-bottom: 1px solid var(--border); font-size: 0.8rem; align-items: center;",b.parsed===!1)return m.style.gridTemplateColumns="1fr",m.innerHTML=`<span style="color: var(--muted); font-family: monospace; font-size: 0.75rem;">${escapeHtml(b.raw)}</span>`,m;const S=f(b.rcode),x=b.rcode==="Refused"||b.rcode==="REFUSED";return m.innerHTML=`
      <span style="color: var(--muted); font-size: 0.75rem;">${escapeHtml(b.timestamp)}</span>
      <span style="color: var(--accent); font-size: 0.75rem;" title="${escapeHtml(b.client)}">${escapeHtml(b.client)}</span>
      <span style="font-weight: 500; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; ${x?"text-decoration: line-through; opacity: 0.6;":""}" title="${escapeHtml(b.domain)}">${escapeHtml(b.domain)}</span>
      <span style="color: var(--muted); font-size: 0.75rem;">${escapeHtml(b.type)}</span>
      <span style="color: ${S}; font-weight: 500; font-size: 0.75rem;">${escapeHtml(b.rcode)}</span>
    `,m}async function a(){if(E){await T();return}if(k){await B();return}if(g||!o)return;const b=parseInt(document.getElementById("log-lines").value),m=document.getElementById("logs-content");try{const S=await c(o,b);if(S.error){m.innerHTML=`
          <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
            <div style="font-size: 1.2rem; margin-bottom: 8px;">\u26A0\uFE0F Error</div>
            <div>${escapeHtml(S.error)}</div>
          </div>`;return}m.innerHTML=`
        <div style="display: grid; grid-template-columns: 140px 110px 1fr 70px 80px; gap: 8px; padding: 8px 10px; background: var(--card-base); border-bottom: 2px solid var(--border); font-size: 0.75rem; font-weight: 600; color: var(--muted); position: sticky; top: 0;">
          <span>Time</span>
          <span>Client</span>
          <span>Domain</span>
          <span>Type</span>
          <span>Status</span>
        </div>`,S.logs&&S.logs.length>0?S.logs.forEach(x=>{const C=e(x);m.appendChild(C)}):m.innerHTML+=`
          <div style="padding: 20px; text-align: center; color: var(--muted);">
            No DNS queries logged yet
          </div>`}catch(S){m.innerHTML=`
        <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
          Failed to fetch logs: ${escapeHtml(S.message)}
        </div>`}}function u(b){o=b,g=!1,k=!1;const m=document.getElementById("logs-modal"),S=document.getElementById("logs-title"),x=document.getElementById("logs-pause"),C=document.getElementById("logs-stream");S.textContent=`${b.toUpperCase()} DNS Logs`,x.textContent="\u23F8\uFE0F Pause",x.classList.remove("paused"),C&&(C.style.display="none"),m.classList.add("show"),a(),i=setInterval(a,DC.POLL.LOGS)}function n(){document.getElementById("logs-modal").classList.remove("show"),i&&(clearInterval(i),i=null),p(),o=null,k=!1,v=null,y=null,E=!1,h=null,r=null,g=!1}function l(b){t&&p();const m=document.getElementById("logs-stream"),S=document.getElementById("logs-pause"),x=document.getElementById("logs-content");i&&(clearInterval(i),i=null);try{t=new EventSource(`/api/v1/logs/stream/${b}`),d=!0,m.classList.add("active"),m.textContent="\u{1F534} Live",m.title="Streaming - click to stop",S.style.display="none";const C=document.getElementById("logs-title");C.textContent.includes("\u{1F534}")||(C.innerHTML=C.textContent.replace("\u{1F4CB}","\u{1F4CB} \u{1F534}")),t.onmessage=P=>{try{const O=JSON.parse(P.data);if(O.error){console.error("Stream error:",O.error),p();return}const D=document.createElement("div");D.className="log-entry",D.style.cssText="display: flex; gap: 12px; padding: 6px 10px; border-bottom: 1px solid var(--border); font-size: 0.8rem; align-items: flex-start; font-family: monospace;";const R=(O.stream||"stdout")==="stderr",U=R?"var(--bad-fg)":"var(--fg)",M=`<span style="background: ${R?"var(--bad-bg)":"var(--ok-bg)"}; color: ${U}; padding: 2px 6px; border-radius: 4px; font-size: 0.7rem; font-weight: 600; min-width: 50px; text-align: center;">${R?"STDERR":"STDOUT"}</span>`;for(D.innerHTML=`
            <div style="flex-shrink: 0;">${M}</div>
            <div style="flex: 1; color: ${U}; word-break: break-all; white-space: pre-wrap;">${escapeHtml(O.text)}</div>
          `,x.appendChild(D),x.scrollTop=x.scrollHeight;x.children.length>500;)x.removeChild(x.firstChild)}catch(O){console.error("Error parsing stream data:",O)}},t.onerror=P=>{console.error("EventSource error:",P),p()}}catch(C){console.error("Failed to start streaming:",C),p()}}function p(){t&&(t.close(),t=null),d=!1;const b=document.getElementById("logs-stream"),m=document.getElementById("logs-pause"),S=document.getElementById("logs-title");b&&(b.classList.remove("active"),b.textContent="\u{1F4E1} Live",b.title="Enable real-time streaming"),m&&(m.style.display=""),S&&(S.textContent=S.textContent.replace(" \u{1F534}","")),k&&v&&!i&&(i=setInterval(B,DC.POLL.LOGS))}async function s(b,m=100){try{const S=`/api/v1/logs/container/${b}?tail=${m}&timestamps=true`,x=await fetch(S,{cache:"no-store",headers:{Accept:"application/json","Cache-Control":"no-cache"}});if(x.ok){const C=await x.json();return C.success&&C.logs?{logs:C.logs,count:C.count,containerName:C.containerName,containerId:C.containerId}:{error:C.error||"Failed to fetch container logs"}}else return{error:`HTTP ${x.status}: ${x.statusText}`}}catch(S){return console.error("Container logs fetch failed:",S),{error:S.message}}}function I(b){const m=document.createElement("div");m.className="log-entry",m.style.cssText="display: flex; gap: 12px; padding: 6px 10px; border-bottom: 1px solid var(--border); font-size: 0.8rem; align-items: flex-start; font-family: monospace;";const S=b.stream==="stderr"?"var(--bad-fg)":"var(--fg)",x=b.stream==="stderr"?'<span style="background: var(--bad-bg); color: var(--bad-fg); padding: 2px 6px; border-radius: 4px; font-size: 0.7rem; font-weight: 600;">STDERR</span>':'<span style="background: var(--ok-bg); color: var(--ok-fg); padding: 2px 6px; border-radius: 4px; font-size: 0.7rem; font-weight: 600;">STDOUT</span>';return m.innerHTML=`
      <div style="flex-shrink: 0;">${x}</div>
      <div style="flex: 1; color: ${S}; word-break: break-all; white-space: pre-wrap;">${escapeHtml(b.text)}</div>
    `,m}async function B(){if(g||!v||!k)return;const b=parseInt(document.getElementById("log-lines").value),m=document.getElementById("logs-content");try{const S=await s(v,b);if(S.error){m.innerHTML=`
          <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
            <div style="font-size: 1.2rem; margin-bottom: 8px;">\u26A0\uFE0F Error</div>
            <div>${escapeHtml(S.error)}</div>
          </div>`;return}m.innerHTML=`
        <div style="display: flex; gap: 12px; padding: 8px 10px; background: var(--card-base); border-bottom: 2px solid var(--border); font-size: 0.75rem; font-weight: 600; color: var(--muted); position: sticky; top: 0;">
          <span style="flex-shrink: 0; width: 80px;">Stream</span>
          <span style="flex: 1;">Log Output</span>
        </div>`,S.logs&&S.logs.length>0?(S.logs.forEach(x=>{const C=I(x);m.appendChild(C)}),m.scrollTop=m.scrollHeight):m.innerHTML+=`
          <div style="padding: 20px; text-align: center; color: var(--muted);">
            No logs available for this container
          </div>`}catch(S){m.innerHTML=`
        <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
          Failed to fetch logs: ${escapeHtml(S.message)}
        </div>`}}function L(b,m){v=b,y=m,k=!0,E=!1,g=!1,p();const S=document.getElementById("logs-modal"),x=document.getElementById("logs-title"),C=document.getElementById("logs-pause"),P=document.getElementById("logs-stream");x.textContent=`\u{1F4CB} ${m} - Container Logs`,C.textContent="\u23F8\uFE0F Pause",C.classList.remove("paused"),P&&(P.style.display=""),S.classList.add("show"),B(),i=setInterval(B,DC.POLL.LOGS)}async function A(b,m=100){try{const S=`/api/v1/logs/file?path=${encodeURIComponent(b)}&tail=${m}`,x=await fetch(S,{cache:"no-store",headers:{Accept:"application/json","Cache-Control":"no-cache"}});if(x.ok){const C=await x.json();return C.success&&C.logs?{logs:C.logs,count:C.count,logPath:C.logPath,totalLines:C.totalLines}:{error:C.error||"Failed to fetch file logs"}}else return{error:(await x.json().catch(()=>({}))).error||`HTTP ${x.status}`}}catch(S){return console.error("File logs fetch failed:",S),{error:S.message}}}function w(b){const m=document.createElement("div");m.className="log-entry",m.style.cssText="display: flex; gap: 12px; padding: 6px 10px; border-bottom: 1px solid var(--border); font-size: 0.8rem; align-items: flex-start; font-family: monospace;";const S=b.text;let x="INFO",C="var(--fg)";S.match(/ERROR|FATAL|CRITICAL/i)?(x="ERROR",C="var(--bad-fg)"):S.match(/WARN|WARNING/i)?(x="WARN",C="#f39c12"):S.match(/DEBUG/i)&&(x="DEBUG",C="var(--muted)");const O=`<span style="background: ${C==="var(--bad-fg)"?"var(--bad-bg)":"var(--ok-bg)"}; color: ${C}; padding: 2px 6px; border-radius: 4px; font-size: 0.7rem; font-weight: 600; min-width: 50px; text-align: center;">${x}</span>`;return m.innerHTML=`
      <div style="flex-shrink: 0;">${O}</div>
      <div style="flex: 1; color: ${C}; word-break: break-all; white-space: pre-wrap;">${escapeHtml(S)}</div>
    `,m}async function T(){if(g||!h||!E)return;const b=parseInt(document.getElementById("log-lines").value),m=document.getElementById("logs-content");try{const S=await A(h,b);if(S.error){m.innerHTML=`
          <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
            <div style="font-size: 1.2rem; margin-bottom: 8px;">\u26A0\uFE0F Error</div>
            <div>${escapeHtml(S.error)}</div>
          </div>`;return}m.innerHTML=`
        <div style="display: flex; gap: 12px; padding: 8px 10px; background: var(--card-base); border-bottom: 2px solid var(--border); font-size: 0.75rem; font-weight: 600; color: var(--muted); position: sticky; top: 0;">
          <span style="flex: 1;">Log Output (${S.count} of ${S.totalLines} lines)</span>
        </div>`,S.logs&&S.logs.length>0?(S.logs.forEach(x=>{const C=w(x);m.appendChild(C)}),m.scrollTop=m.scrollHeight):m.innerHTML+=`
          <div style="padding: 20px; text-align: center; color: var(--muted);">
            No logs available in this file
          </div>`}catch(S){m.innerHTML=`
        <div style="padding: 20px; text-align: center; color: var(--bad-fg);">
          Failed to fetch logs: ${escapeHtml(S.message)}
        </div>`}}function $(b,m){h=b,r=m,E=!0,k=!1,g=!1;const S=document.getElementById("logs-modal"),x=document.getElementById("logs-title"),C=document.getElementById("logs-pause"),P=document.getElementById("logs-stream");x.textContent=`\u{1F4CB} ${m} - Application Logs`,C.textContent="\u23F8\uFE0F Pause",C.classList.remove("paused"),P&&(P.style.display="none"),S.classList.add("show"),T(),i=setInterval(T,DC.POLL.LOGS)}document.querySelector(".top")?.addEventListener("click",b=>{const m=b.target.closest('[id$="-logs"]');if(!m)return;const S=m.id.replace("-logs","");SITE.dnsServers[S]&&u(S)}),document.getElementById("logs-close")?.addEventListener("click",n),document.getElementById("logs-pause")?.addEventListener("click",()=>{g=!g;const b=document.getElementById("logs-pause");g?(b.textContent="\u25B6\uFE0F Resume",b.classList.add("paused")):(b.textContent="\u23F8\uFE0F Pause",b.classList.remove("paused"),a())}),document.getElementById("log-lines")?.addEventListener("change",()=>{g||a()}),document.getElementById("logs-stream")?.addEventListener("click",()=>{!k||!v||(d?p():l(v))}),document.getElementById("logs-modal")?.addEventListener("click",b=>{b.target.id==="logs-modal"&&n()}),document.addEventListener("keydown",b=>{b.key==="Escape"&&document.getElementById("logs-modal")?.classList.contains("show")&&n()}),window.openContainerLogsModal=L,window.openFileLogsModal=$,window.openLogsModal=u})(),(function(){injectModal("service-edit-modal",`
  <div id="service-edit-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 500px; max-width: 600px;">
      <h3 id="service-edit-title">Edit Service</h3>

      <div style="display: grid; gap: 16px; margin-top: 16px;">
        <!-- Service Info -->
        <div style="display: flex; align-items: center; gap: 12px; padding: 12px; background: var(--card-bg); border-radius: 8px;">
          <img id="edit-service-logo-preview" src="" alt="" style="width: 48px; height: 48px; border-radius: 8px; object-fit: contain; background: var(--bg);" />
          <div style="flex: 1;">
            <div id="edit-service-url-display" class="text-muted-sm"></div>
          </div>
        </div>

        <!-- Display Name -->
        <div>
          <label for="edit-service-name" class="form-label-accent-sm">
            Display Name
          </label>
          <input type="text" id="edit-service-name" class="form-input-md" placeholder="Service name shown on dashboard" />
        </div>

        <!-- Subdomain -->
        <div>
          <label for="edit-subdomain" class="form-label-accent-sm">
            Subdomain
          </label>
          <div class="flex-row-gap-center">
            <input type="text" id="edit-subdomain" class="input-flex" />
            <span id="edit-tld-suffix" style="color: var(--muted);">.home</span>
          </div>
        </div>

        <!-- Port -->
        <div>
          <label for="edit-port" class="form-label-accent-sm">
            Port
          </label>
          <input type="number" id="edit-port" class="form-input-md" />
          <div class="form-hint-sm">
            The port Caddy will proxy to (container's exposed port)
          </div>
        </div>

        <!-- IP Address -->
        <div>
          <label for="edit-ip" class="form-label-accent-sm">
            IP Address
          </label>
          <input type="text" id="edit-ip" class="form-input-md" />
        </div>

        <!-- Tailscale Protection -->
        <div>
          <label style="display: flex; align-items: center; gap: 10px; padding: 12px; background: var(--card-bg); border: 1px solid var(--border); border-radius: 6px; cursor: pointer;">
            <input type="checkbox" id="edit-tailscale-only" style="width: 18px; height: 18px;" />
            <div>
              <div class="fw-500">Tailscale-Only Access</div>
              <div class="text-hint">Restrict this service to Tailscale users only</div>
            </div>
          </label>
        </div>

        <!-- Logo -->
        <div>
          <label class="form-label-accent-sm">
            Service Logo
          </label>
          <div class="flex-row-gap-center">
            <input type="text" id="edit-logo-url" placeholder="/assets/service.png or https://..." class="input-flex" />
            <label style="padding: 10px 16px; background: var(--card-bg); border: 1px solid var(--border); border-radius: 6px; cursor: pointer; white-space: nowrap;">
              <input type="file" id="edit-logo-file" accept="image/*" style="display: none;" />
              Upload
            </label>
          </div>
          <div class="form-hint-sm">
            Enter a URL or upload an image file (PNG, JPG, SVG)
          </div>
        </div>
      </div>

      <div class="weather-modal-buttons" style="margin-top: 24px;">
        <button id="service-edit-cancel">Cancel</button>
        <button id="service-edit-save" class="btn-accent">
          Save Changes
        </button>
      </div>
    </div>
  </div>`),injectModal("delete-service-modal",`
  <div id="delete-service-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 400px; max-width: 500px;">
      <h3 id="delete-modal-title" class="mb-16">Delete Service</h3>

      <div id="delete-modal-message" style="margin-bottom: 20px; line-height: 1.5;">
        <!-- Dynamic content -->
      </div>

      <div id="delete-modal-container-info" style="display: none; margin-bottom: 20px; padding: 12px; background: var(--card-bg); border-radius: 8px; border: 1px solid var(--border);">
        <div style="font-weight: 500; margin-bottom: 8px;">Docker Container</div>
        <div id="delete-modal-container-name" style="font-size: 0.9rem; color: var(--muted);"></div>
      </div>

      <div class="weather-modal-buttons" style="display: flex; gap: 8px; justify-content: flex-end;">
        <button id="delete-modal-cancel" style="padding: 10px 20px;">Cancel</button>
        <button id="delete-modal-remove" style="padding: 10px 20px; background: color-mix(in srgb, var(--accent) 20%, transparent); border-color: var(--accent); color: var(--accent);">
          Remove
        </button>
        <button id="delete-modal-delete" style="display: none; padding: 10px 20px; background: color-mix(in srgb, #e74c3c 20%, transparent); border-color: #e74c3c; color: #e74c3c;">
          Delete
        </button>
      </div>

      <div id="delete-modal-help" style="display: none; margin-top: 16px; padding: 12px; background: color-mix(in srgb, var(--muted) 10%, transparent); border-radius: 8px; font-size: 0.85rem; color: var(--muted);">
        <div><strong>Remove:</strong> Remove from dashboard only (container keeps running)</div>
        <div style="margin-top: 6px;"><strong>Delete:</strong> Full removal - stops container, removes DNS & Caddy config</div>
      </div>
    </div>
  </div>`),injectModal("add-service-modal",`
  <div id="add-service-modal" class="weather-modal">
    <div class="weather-modal-content" style="min-width: 420px; max-width: 520px;">
      <h3>Add Service</h3>

      <!-- Service Type Tabs -->
      <div style="display: flex; gap: 2px; margin-bottom: 16px; background: var(--card-bg); border-radius: 8px; padding: 3px; border: 1px solid var(--border);">
        <label id="tab-local" style="flex: 1; text-align: center; padding: 8px; border-radius: 6px; cursor: pointer; font-size: 0.85rem; font-weight: 500; background: var(--accent); color: var(--bg); transition: all 0.15s;">
          <input type="radio" name="service-type" value="local" id="service-type-local" checked style="display: none;" />
          Local
        </label>
        <label id="tab-external" style="flex: 1; text-align: center; padding: 8px; border-radius: 6px; cursor: pointer; font-size: 0.85rem; font-weight: 500; color: var(--muted); transition: all 0.15s;">
          <input type="radio" name="service-type" value="external" id="service-type-external" style="display: none;" />
          External
        </label>
      </div>
      <span id="service-type-description" style="display: none;"></span>

      <!-- LOCAL SERVICE -->
      <div id="local-service-config" style="display: grid; gap: 12px;">
        <div>
          <label for="service-name-input" style="font-size: 0.8rem; color: var(--muted); margin-bottom: 4px; display: block;">Name</label>
          <input type="text" id="service-name-input" placeholder="e.g., Jellyfin" style="font-size: 1rem;" />
          <div id="subdomain-preview" style="font-size: 0.75rem; color: var(--accent); margin-top: 4px; min-height: 1em;"></div>
        </div>

        <div class="grid-2col">
          <div>
            <label for="service-port-input" style="font-size: 0.8rem; color: var(--muted); margin-bottom: 4px; display: block;">Port</label>
            <input type="number" id="service-port-input" placeholder="e.g., 8096" style="font-size: 1rem;" />
          </div>
          <div>
            <label for="service-ip-input" style="font-size: 0.8rem; color: var(--muted); margin-bottom: 4px; display: block;">IP Address</label>
            <input type="text" id="service-ip-input" placeholder="Auto-detected" style="font-size: 1rem;" />
            <div class="quick-ip-buttons" style="display: flex; gap: 4px; margin-top: 4px; flex-wrap: wrap;">
              <button type="button" class="quick-ip-btn" data-ip="127.0.0.1" title="Localhost" style="font-size: 0.7rem; padding: 2px 6px;">localhost</button>
              <button type="button" class="quick-ip-btn" data-ip="" id="quick-ip-lan" title="LAN IP" style="font-size: 0.7rem; padding: 2px 6px;">LAN</button>
              <button type="button" class="quick-ip-btn" data-ip="" id="quick-ip-tailscale" title="Tailscale IP" style="font-size: 0.7rem; padding: 2px 6px;">Tailscale</button>
            </div>
          </div>
        </div>

        <!-- Options (collapsed by default) -->
        <details id="local-advanced-options">
          <summary style="cursor: pointer; color: var(--accent); font-size: 0.8rem; user-select: none;">Options</summary>
          <div style="margin-top: 10px; display: grid; gap: 10px; font-size: 0.8rem;">

            <div class="grid-2col">
              <div>
                <label for="service-subdomain-input">Subdomain:</label>
                <input type="text" id="service-subdomain-input" placeholder="auto-derived from name" />
              </div>
              <div>
                <label for="service-logo-input">Logo URL:</label>
                <input type="text" id="service-logo-input" placeholder="/assets/name.png" />
              </div>
            </div>

            <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 8px; align-items: start;">
              <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
                <input type="checkbox" id="create-dns-record" checked />
                Create DNS Record
              </label>
              <div>
                <label for="ssl-type-select">SSL:</label>
                <select id="ssl-type-select" style="width: 100%;">
                  <option value="caddy-managed">Caddy Managed (Internal)</option>
                  <option value="letsencrypt">Let's Encrypt</option>
                  <option value="existing-ca">Existing CA</option>
                  <option value="custom-ca">Custom CA</option>
                </select>
              </div>
            </div>

            <div id="dns-config">
              <div class="grid-2col">
                <div>
                  <label for="dns-ttl-input">DNS TTL:</label>
                  <input type="number" id="dns-ttl-input" value="300" />
                </div>
                <div>
                  <label for="caddyfile-path-input">Caddyfile Path:</label>
                  <input type="text" id="caddyfile-path-input" value="C:\\caddy\\Caddyfile" />
                </div>
              </div>
            </div>

            <div id="existing-ca-config" style="display: none;">
              <label for="existing-ca-select">Existing CA:</label>
              <div class="flex-row-gap">
                <select id="existing-ca-select" style="flex: 1;">
                  <option value="">Loading CAs...</option>
                </select>
                <button type="button" id="refresh-cas" style="padding: 4px 8px; font-size: 0.75rem;">\u{1F504}</button>
              </div>
            </div>

            <div id="custom-ca-config" style="display: none;">
              <label for="ca-name-input">CA Name:</label>
              <input type="text" id="ca-name-input" placeholder="e.g., sami-ca" />
            </div>

            <div id="manual-tailscale-status" style="padding: 6px 10px; background: var(--card-bg); border-radius: 6px; font-size: 0.75rem;">
              <span style="color: var(--muted);">Checking Tailscale...</span>
            </div>
            <label style="display: flex; align-items: center; gap: 8px; cursor: pointer;">
              <input type="checkbox" id="manual-tailscale-only" />
              Tailscale-Only Access
            </label>

            <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
              <input type="checkbox" id="reload-caddy" checked />
              Reload Caddy after adding
            </label>

            <hr style="border: none; border-top: 1px solid var(--border); margin: 4px 0;" />

            <div class="grid-2col">
              <div>
                <label class="field-label-sm">
                  <input type="checkbox" id="enable-auth" />
                  Authentication
                </label>
                <label class="field-label-sm">
                  <input type="checkbox" id="enable-cors" />
                  CORS Headers
                </label>
                <label for="upstream-path-input">Upstream Path:</label>
                <input type="text" id="upstream-path-input" value="/" />
              </div>
              <div>
                <label for="health-check-input">Health Check:</label>
                <input type="text" id="health-check-input" placeholder="/health" />
                <label for="timeout-input">Timeout (s):</label>
                <input type="number" id="timeout-input" value="30" />
                <label for="custom-headers-input">Headers (JSON):</label>
                <textarea id="custom-headers-input" placeholder='{"X-Custom": "value"}' rows="2" style="font-size: 0.7rem;"></textarea>
              </div>
            </div>

          </div>
        </details>
      </div>

      <!-- EXTERNAL SERVICE -->
      <div id="external-service-config" style="display: none;">
        <div style="display: grid; gap: 12px;">
          <div>
            <label for="external-service-name" style="font-size: 0.8rem; color: var(--muted); margin-bottom: 4px; display: block;">Name</label>
            <input type="text" id="external-service-name" placeholder="e.g., Radarr (Seedhost)" style="font-size: 1rem;" />
            <div id="external-subdomain-preview" style="font-size: 0.75rem; color: var(--accent); margin-top: 4px; min-height: 1em;"></div>
          </div>

          <div>
            <label for="external-service-url" style="font-size: 0.8rem; color: var(--muted); margin-bottom: 4px; display: block;">External URL</label>
            <input type="url" id="external-service-url" placeholder="https://username.seedhost.eu/radarr" style="font-size: 1rem;" />
          </div>

          <!-- Options (collapsed by default) -->
          <details id="external-advanced-options">
            <summary style="cursor: pointer; color: var(--accent); font-size: 0.8rem; user-select: none;">Options</summary>
            <div style="margin-top: 10px; display: grid; gap: 10px; font-size: 0.8rem;">

              <div class="grid-2col">
                <div>
                  <label for="external-service-subdomain">Subdomain:</label>
                  <input type="text" id="external-service-subdomain" placeholder="auto-derived from name" />
                  <span id="external-domain-preview" style="font-size: 0.7rem; color: var(--accent);"></span>
                </div>
                <div>
                  <label for="external-service-logo">Logo URL:</label>
                  <input type="text" id="external-service-logo" placeholder="/assets/name.png" />
                </div>
              </div>

              <div>
                <label for="external-service-icon">Icon Emoji:</label>
                <input type="text" id="external-service-icon" placeholder="\u{1F3AC}" maxlength="2" style="width: 60px;" />
              </div>

              <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
                <input type="checkbox" id="external-create-dns" checked />
                Create DNS Record
              </label>
              <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
                <input type="checkbox" id="external-create-caddy" checked />
                Create Caddy Reverse Proxy
              </label>

              <div>
                <label for="external-proxy-ip">Proxy Server IP:</label>
                <input type="text" id="external-proxy-ip" placeholder="Auto-detected" />
              </div>
              <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
                <input type="checkbox" id="external-preserve-host" checked />
                Preserve Host Header
              </label>
              <label style="display: flex; align-items: center; gap: 6px; cursor: pointer;">
                <input type="checkbox" id="external-follow-redirects" checked />
                Follow Redirects
              </label>

            </div>
          </details>
        </div>
      </div>

      <div class="weather-modal-buttons" style="margin-top: 16px; display: flex; gap: 8px; justify-content: flex-end;">
        <button id="add-service-cancel">Cancel</button>
        <button id="add-service-create" class="btn-accent">Create Service</button>
      </div>
    </div>
  </div>`)})(),(function(){async function o(k){try{const h=await fetch(`/api/v1/caddy/cas?caddyfilePath=${encodeURIComponent(k)}`);if(!h.ok)throw new Error(`Failed to load CAs: ${h.status}`);const r=await h.json();if(r.status==="success"){const E=document.getElementById("existing-ca-select");return E.innerHTML="",r.data.cas.length===0?E.innerHTML='<option value="">No CAs found in Caddyfile</option>':(E.innerHTML='<option value="">Select existing CA...</option>',r.data.cas.forEach(t=>{const d=document.createElement("option");typeof t=="object"?(d.value=t.id,d.textContent=t.displayName||t.name):(d.value=t,d.textContent=t),E.appendChild(d)})),r.data.cas}else throw new Error(r.message)}catch(h){console.error("Error loading CAs:",h);const r=document.getElementById("existing-ca-select");return r.innerHTML='<option value="">Error loading CAs</option>',[]}}function i(k){const{subdomain:h,port:r,ip:E,sslType:t,caName:d,existingCa:c,enableAuth:f,enableCors:e,customHeaders:a,upstreamPath:u,healthCheck:n,timeout:l,tailscaleOnly:p}=k;let s=`${buildDomain(h)} {
`;switch(p&&(s+=`  @blocked not remote_ip 100.64.0.0/10
`,s+=`  respond @blocked "Access denied. Tailscale connection required." 403
`),t){case"letsencrypt":break;case"caddy-managed":s+=`  tls internal
`;break;case"existing-ca":c&&(s+=`  tls {
    ca ${c}
  }
`);break;case"custom-ca":d&&(s+=`  tls {
    ca ${d}
  }
`);break}if(f&&(s+=`  basicauth {
    admin $2a$14$hashed_password_here
  }
`),e&&(s+=`  header {
`,s+=`    Access-Control-Allow-Origin "*"
`,s+=`    Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
`,s+=`    Access-Control-Allow-Headers "Content-Type, Authorization"
`,s+=`  }
`),a)try{const I=JSON.parse(a);s+=`  header {
`,Object.entries(I).forEach(([B,L])=>{s+=`    ${B} "${L}"
`}),s+=`  }
`}catch{console.warn("Invalid JSON in custom headers")}return n&&(s+=`  health_uri ${n}
`),s+=`  reverse_proxy ${E}:${r} {
`,u&&u!=="/"&&(s+=`    rewrite ${u}
`),l&&l!==30&&(s+=`    transport http {
`,s+=`      dial_timeout ${l}s
`,s+=`      response_header_timeout ${l}s
`,s+=`    }
`),s+=`  }
`,s+=`}
`,s}async function g(k,h,r=DC.DEFAULTS.TTL){const E=window.getToken(getPrimaryDnsId(),"admin");if(!E)throw new Error("DNS admin token not configured. Please set it in the Tokens menu.");const t=buildDomain(k),d=await secureFetch("/api/v1/dns/record",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:t,ip:h,ttl:r,token:E,server:SITE.dnsIp})});if(!d.ok){const f=await d.text();throw new Error(`DNS API Error: ${d.status} - ${f}`)}const c=await d.json();if(!c.success)throw new Error(`DNS Error: ${c.error||"Unknown error"}`);return c}async function v(k){const h={id:k.subdomain,name:k.name,logo:k.logo||`/assets/${k.subdomain}.png`};try{const r=await secureFetch("/api/v1/services",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(h)});if(!r.ok){const E=await r.json();throw new Error(E.error||"Failed to save service")}return await window.loadServices(),window.buildGrid(),h}catch(r){throw console.error("Failed to add service to config:",r),r}}async function y(k){const h=document.getElementById("service-subdomain-input").value.trim(),r=document.getElementById("service-ip-input").value.trim()||"localhost",E=document.getElementById("service-port-input").value.trim()||"80",t=await secureFetch("/api/v1/site",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:buildDomain(h),upstream:`${r}:${E}`,config:k})}),d=await t.json();if(!t.ok||!d.success)throw new Error(d.error||`Caddy API Error: ${t.status}`);return d}window.loadExistingCAs=o,window.generateCaddyConfig=i,window.createDnsRecord=g,window.addServiceToConfig=v,window.addToCaddyfile=y})(),(function(){let o=null;function i(r){o=r;const E=document.getElementById("service-edit-modal");document.getElementById("service-edit-title").textContent=`Edit ${r.name}`,document.getElementById("edit-service-name").value=r.name,document.getElementById("edit-service-url-display").textContent=r.url||buildServiceUrl(r.id),document.getElementById("edit-service-logo-preview").src=r.logo||`/assets/${r.id}.png`,document.getElementById("edit-subdomain").value=r.id,document.getElementById("edit-port").value=r.port||"",document.getElementById("edit-ip").value=r.ip||"localhost",document.getElementById("edit-tailscale-only").checked=r.tailscaleOnly||!1,document.getElementById("edit-logo-url").value=r.logo||"",E.classList.add("show")}function g(){closeModal("service-edit-modal"),o=null}async function v(){if(!o)return;const r=document.getElementById("edit-subdomain").value.trim().toLowerCase(),E=document.getElementById("edit-service-name").value.trim(),t=document.getElementById("edit-port").value.trim(),d=document.getElementById("edit-ip").value.trim()||"localhost",c=document.getElementById("edit-tailscale-only").checked,f=document.getElementById("edit-logo-url").value.trim();if(!r){showNotification("Subdomain is required","warning");return}const e=o.id,a=[];if(r!==e&&a.push("subdomain"),E&&E!==o.name&&a.push("name"),t&&t!==String(o.port)&&a.push("port"),d!==o.ip&&a.push("ip"),c!==(o.tailscaleOnly||!1)&&a.push("tailscale"),f&&f!==o.logo&&a.push("logo"),a.length===0){g();return}const u=document.getElementById("service-edit-save");u.textContent="Saving...",u.disabled=!0;try{const l=await(await secureFetch("/api/v1/services/update",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({oldSubdomain:e,newSubdomain:r,name:E||o.name,port:t||o.port,ip:d,tailscaleOnly:c,logo:f||void 0})})).json();if(!l.success)throw new Error(l.error||"Failed to update service");const p=window.APPS.findIndex(s=>s.id===e);p!==-1&&(window.APPS[p]={...window.APPS[p],id:r,name:E||window.APPS[p].name,port:t||window.APPS[p].port,ip:d,tailscaleOnly:c,logo:f||window.APPS[p].logo}),g(),window.buildGrid(),window.refreshAll()}catch(n){console.error("Error saving service changes:",n),showNotification(`Error saving changes: ${n.message}`,"error")}finally{u.textContent="Save Changes",u.disabled=!1}}document.getElementById("edit-logo-file")?.addEventListener("change",async r=>{const E=r.target.files[0];if(!E)return;if(!E.type.startsWith("image/")){showNotification("Please select an image file","warning");return}const t=new FileReader;t.onload=async d=>{const c=d.target.result;if(document.getElementById("edit-service-logo-preview").src=c,document.getElementById("edit-logo-url").value=c,o)try{const e=await(await secureFetch("/api/v1/assets/upload",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({filename:`${o.id}.png`,data:c})})).json();e.success&&e.path&&(document.getElementById("edit-logo-url").value=e.path)}catch{}},t.readAsDataURL(E)}),document.getElementById("service-edit-cancel")?.addEventListener("click",g),document.getElementById("service-edit-save")?.addEventListener("click",v),document.getElementById("service-edit-modal")?.addEventListener("click",r=>{r.target.id==="service-edit-modal"&&g()});function y(r,E,t){return new Promise(d=>{const c=document.getElementById("delete-service-modal"),f=document.getElementById("delete-modal-title"),e=document.getElementById("delete-modal-message"),a=document.getElementById("delete-modal-container-info"),u=document.getElementById("delete-modal-container-name"),n=document.getElementById("delete-modal-help"),l=document.getElementById("delete-modal-cancel"),p=document.getElementById("delete-modal-remove"),s=document.getElementById("delete-modal-delete");f.textContent=`Delete "${r}"`,E?(e.innerHTML="This service has an associated Docker container.<br>Choose how to proceed:",a.style.display="block",u.textContent=`Container ID: ${t?.slice(0,12)||"Unknown"}`,n.style.display="block",s.style.display="block"):(e.textContent="Remove this service from the dashboard?",a.style.display="none",n.style.display="none",s.style.display="none");const I=()=>{c.classList.remove("show"),l.removeEventListener("click",B),p.removeEventListener("click",L),s.removeEventListener("click",A),c.removeEventListener("click",w)},B=()=>{I(),d(null)},L=()=>{I(),d(!1)},A=()=>{I(),d(!0)},w=T=>{T.target===c&&(I(),d(null))};l.addEventListener("click",B),p.addEventListener("click",L),s.addEventListener("click",A),c.addEventListener("click",w),c.classList.add("show")})}async function k(r,E,t){const d=document.getElementById(`update-btn-${t}`),c=d?.textContent;if(confirm(`Update ${E} to the latest version?

This will:
1. Pull the latest image
2. Stop the container
3. Recreate with same settings

The service will be briefly unavailable.`))try{d&&(d.textContent="\u{1F504}",d.disabled=!0,d.title="Updating...");const e=await(await secureFetch(`/api/v1/containers/${r}/update`,{method:"POST"})).json();if(e.success){const a=window.APPS.find(u=>u.id===t);a&&e.newContainerId&&(a.containerId=e.newContainerId),d&&(d.textContent="\u2705",d.title="Updated successfully!",setTimeout(()=>{d.textContent=c,d.disabled=!1,d.title="Update container to latest version"},3e3)),setTimeout(()=>window.refreshAll(),2e3),showNotification(`${E} updated successfully!`,"success")}else throw new Error(e.error||"Update failed")}catch(f){console.error("Update error:",f),d&&(d.textContent="\u274C",d.title="Update failed",setTimeout(()=>{d.textContent=c,d.disabled=!1,d.title="Update container to latest version"},3e3)),showNotification(`Failed to update ${E}: ${f.message}`,"error")}}async function h(r,E){const t=window.APPS.find(s=>s.id===r),d=t?buildDomain(t.id):null,c=t?.containerId,f=await y(E||r,c,t?.containerId);if(f===null)return;let e={dashboard:!1,container:null,dns:null,caddy:null,service:null};if(f&&c)try{const s=new URLSearchParams({containerId:t.containerId,subdomain:t.id,ip:t.ip||"localhost",deleteContainer:"true"}),B=await(await secureFetch(`/api/v1/apps/${encodeURIComponent(t.id)}?${s.toString()}`,{method:"DELETE"})).json();B.success?e={...e,...B.results,dashboard:!1}:console.error("App removal failed:",B.error)}catch(s){console.error("App removal error:",s)}else if(f&&d){try{const s=t?.ip||"localhost",B=await(await secureFetch(`/api/v1/dns/record?domain=${encodeURIComponent(d)}&type=A&ipAddress=${encodeURIComponent(s)}&server=${SITE.dnsIp}`,{method:"DELETE"})).json();e.dns=B.success?"deleted":B.error||"failed"}catch(s){e.dns=s.message}try{const I=await(await secureFetch(`/api/v1/site/${encodeURIComponent(d)}`,{method:"DELETE"})).json();e.caddy=I.success||I.error&&I.error.includes("not found")?"removed":I.error||"failed"}catch(s){e.caddy=s.message}}const a=window.APPS.findIndex(s=>s.id===r);a>-1&&(window.APPS.splice(a,1),e.dashboard=!0);try{const s=safeGetJSON("custom-apps",[]),I=s.findIndex(B=>B.id===r);I>-1&&(s.splice(I,1),safeSet("custom-apps",JSON.stringify(s)))}catch{}try{const I=await(await secureFetch(`/api/v1/services/${encodeURIComponent(r)}`,{method:"DELETE"})).json();e.service=I.success?"removed":I.error||"failed"}catch(s){e.service=s.message}window.buildGrid(),window.refreshAll();let u=!1,n=[];e.dashboard||(u=!0,n.push("\u2717 Failed to remove from dashboard"));const l=["removed","already removed","not found","deleted","kept (user choice)","skipped","no such record","does not exist"],p=s=>!s||l.some(I=>s.toLowerCase().includes(I.toLowerCase()));e.container&&!p(e.container)&&(u=!0,n.push(`\u26A0 Container: ${e.container}`)),e.dns&&!p(e.dns)&&(u=!0,n.push(`\u26A0 DNS Record: ${e.dns}`)),e.caddy&&!p(e.caddy)&&(u=!0,n.push(`\u26A0 Caddy Config: ${e.caddy}`)),e.service&&!p(e.service)&&(u=!0,n.push(`\u26A0 Service File: ${e.service}`)),u&&showNotification(`Error deleting "${E||r}": ${n.join(", ")}`,"error",6e3)}window.openServiceEditModal=i,window.showDeleteModal=y,window.updateContainer=k,window.deleteService=h})(),(function(){function o(e){return e.toLowerCase().replace(/\s+/g,"-").replace(/[^a-z0-9-]/g,"").replace(/-+/g,"-").replace(/^-|-$/g,"")}function i(){return SITE.defaults?.sslType||(SITE.configurationType==="public"?"letsencrypt":"caddy-managed")}function g(){const e=document.getElementById("service-subdomain-input").value||"subdomain",a=document.getElementById("service-ip-input").value||v.lan||"localhost",u=document.getElementById("service-port-input").value||DC.DEFAULTS.SERVICE_PORT,n=document.getElementById("ssl-type-select").value,l=document.getElementById("ca-name-input").value||"sami-ca",p=document.getElementById("existing-ca-select").value,s=document.getElementById("enable-auth").checked,I=document.getElementById("enable-cors").checked,B=document.getElementById("custom-headers-input").value,L=document.getElementById("upstream-path-input").value||"/",A=document.getElementById("health-check-input").value,w=document.getElementById("timeout-input").value||30,T=document.getElementById("dns-preview");T&&(T.textContent=`${buildDomain(e)} \u2192 ${a}`);const $=document.getElementById("url-preview");$&&($.textContent=buildServiceUrl(e));const b={subdomain:e,port:u,ip:a,sslType:n,caName:l,existingCa:p,enableAuth:s,enableCors:I,customHeaders:B,upstreamPath:L,healthCheck:A,timeout:w},m=window.generateCaddyConfig(b),S=document.getElementById("caddy-config-preview");S&&(S.value=m)}const v={localhost:"127.0.0.1",lan:"",tailscale:""};async function y(){try{const n=await fetch("/api/v1/network/ips",{signal:AbortSignal.timeout(2e3)});if(n.ok){const l=await n.json();l.lan&&(v.lan=l.lan),l.tailscale&&(v.tailscale=l.tailscale)}}catch{}const e=document.getElementById("quick-ip-lan"),a=document.getElementById("quick-ip-tailscale");e&&(v.lan?(e.dataset.ip=v.lan,e.textContent=`LAN (${v.lan})`,e.title=`LAN IP: ${v.lan}`):e.style.display="none"),a&&(v.tailscale?(a.dataset.ip=v.tailscale,a.textContent=`Tailscale (${v.tailscale})`,a.title=`Tailscale IP: ${v.tailscale}`):a.style.display="none");const u=document.getElementById("service-ip-input");u&&!u.value&&v.lan&&(u.value=v.lan)}function k(){document.querySelectorAll(".quick-ip-btn").forEach(e=>{e.addEventListener("click",()=>{const a=e.dataset.ip;a&&(document.getElementById("service-ip-input").value=a,document.querySelectorAll(".quick-ip-btn").forEach(u=>u.classList.remove("active")),e.classList.add("active"),g())})}),document.getElementById("service-ip-input")?.addEventListener("input",e=>{const a=e.target.value;document.querySelectorAll(".quick-ip-btn").forEach(u=>{u.classList.toggle("active",u.dataset.ip===a)})})}async function h(){const e=document.getElementById("add-service-modal");e.classList.add("show");const a=e.querySelector(".weather-modal-content");a&&(a.scrollTop=0),document.body.style.overflow="hidden";const u=document.getElementById("ssl-type-select");u&&(u.value=i()),await y();const n=document.getElementById("caddyfile-path-input").value||DC.DEFAULTS.CADDYFILE;await window.loadExistingCAs(n);const l=document.getElementById("manual-tailscale-status"),p=document.getElementById("manual-tailscale-only");try{const I=await(await fetch("/api/v1/tailscale/status")).json();I.success&&I.installed&&I.connected?(l.innerHTML=`
          <span style="color: #4caf50;">\u2713 Connected</span>
          <span style="color: var(--muted); margin-left: 6px;">${I.self?.hostname} (${I.self?.ip})</span>
        `,p.disabled=!1):I.installed?(l.innerHTML='<span style="color: #ff9800;">\u26A0 Not connected</span>',p.disabled=!0):(l.innerHTML='<span style="color: var(--muted);">Not available</span>',p.disabled=!0)}catch{l.innerHTML='<span style="color: var(--muted);">Could not check</span>',p.disabled=!0}p.checked=!1,g()}function r(){const e=document.getElementById("service-type-local"),a=document.getElementById("service-type-external"),u=document.getElementById("local-service-config"),n=document.getElementById("external-service-config"),l=document.getElementById("tab-local"),p=document.getElementById("tab-external");function s(){e.checked?(u.style.display="grid",n.style.display="none",l&&(l.style.background="var(--accent)",l.style.color="var(--bg)"),p&&(p.style.background="transparent",p.style.color="var(--muted)")):(u.style.display="none",n.style.display="block",p&&(p.style.background="var(--accent)",p.style.color="var(--bg)"),l&&(l.style.background="transparent",l.style.color="var(--muted)"))}e?.addEventListener("change",s),a?.addEventListener("change",s)}function E(){const e=document.getElementById("service-name-input"),a=document.getElementById("service-subdomain-input"),u=document.getElementById("subdomain-preview");let n=!1;e?.addEventListener("input",()=>{const L=o(e.value);!n&&a&&(a.value=L),u&&(u.textContent=L?`\u2192 ${buildDomain(L)}`:""),g()}),a?.addEventListener("input",()=>{n=a.value!==o(e?.value||"");const L=a.value.trim()||o(e?.value||"");u&&(u.textContent=L?`\u2192 ${buildDomain(L)}`:""),g()});const l=document.getElementById("external-service-name"),p=document.getElementById("external-service-subdomain"),s=document.getElementById("external-subdomain-preview"),I=document.getElementById("external-domain-preview");let B=!1;l?.addEventListener("input",()=>{const L=o(l.value);!B&&p&&(p.value=L);const A=p?.value||L;s&&(s.textContent=A?`\u2192 ${buildDomain(A)}`:""),I&&(I.textContent=A?buildDomain(A):"")}),p?.addEventListener("input",()=>{B=p.value!==o(l?.value||"");const L=p.value.trim()||o(l?.value||"");s&&(s.textContent=L?`\u2192 ${buildDomain(L)}`:""),I&&(I.textContent=L?buildDomain(L):"")})}async function t(){const e=document.getElementById("external-service-name").value.trim(),a=document.getElementById("external-service-url").value.trim(),u=(document.getElementById("external-service-subdomain").value.trim()||o(e)).toLowerCase(),n=document.getElementById("external-service-logo").value.trim(),l=document.getElementById("external-service-icon").value.trim(),p=document.getElementById("external-create-dns").checked,s=document.getElementById("external-create-caddy").checked,I=document.getElementById("external-proxy-ip").value.trim()||SITE.dnsIp||"localhost",B=document.getElementById("external-preserve-host").checked,L=document.getElementById("external-follow-redirects").checked;if(!e||!a){showNotification("Please fill in Name and External URL","warning");return}if(!u){showNotification("Could not derive subdomain from name. Please set one in Options.","warning");return}if(!a.startsWith("http://")&&!a.startsWith("https://")){showNotification("External URL must start with http:// or https://","warning");return}const A=buildDomain(u);try{const w={dns:null,caddy:null,dashboard:!1};if(p)if(window.getToken(getPrimaryDnsId(),"admin"))try{const C=await(await secureFetch("/api/v1/dns/record",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:A,ip:I,ttl:DC.DEFAULTS.TTL,server:SITE.dnsIp})})).json();w.dns=C.success?"created":C.error||"failed"}catch(x){w.dns=x.message}else w.dns="no admin token (configure in \u{1F511} Tokens)";if(s)try{const S={subdomain:u,externalUrl:a,preserveHost:B,followRedirects:L,sslType:"caddy-managed",caddyfilePath:DC.DEFAULTS.CADDYFILE,reloadCaddy:!0},C=await(await secureFetch("/api/v1/site/external",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(S)})).json();w.caddy=C.success?"created":C.error||"failed"}catch(S){w.caddy=S.message}const T={id:u,name:e,url:`https://${A}`,externalUrl:a,logo:n||l||"\u{1F310}",isExternal:!0,isCustom:!0};window.APPS.push(T),w.dashboard=!0;const $=["plex","router","chat","sync","torrent","radarr","sonarr","prowlarr","portainer","requests","jellyfin","emby"],b=window.APPS.filter(S=>!$.includes(S.id));safeSet("custom-services",JSON.stringify(b));try{await secureFetch("/api/v1/services",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(window.APPS)})}catch(S){console.warn("Failed to save to services.json:",S)}window.buildGrid(),window.refreshAll(),d();const m=[`External service "${e}" added!`];p&&m.push(`DNS: ${w.dns==="created"?"\u2713":"\u26A0 "+w.dns}`),s&&m.push(`Caddy: ${w.caddy==="created"?"\u2713":"\u26A0 "+w.caddy}`),m.push(`Access at: https://${A}`),showNotification(m.join(" | "),"success",6e3)}catch(w){console.error("Failed to create external service:",w),showNotification(`Failed to create external service: ${w.message}`,"error")}}function d(){closeModal("add-service-modal"),document.body.style.overflow="",document.getElementById("service-name-input").value="",document.getElementById("service-subdomain-input").value="",document.getElementById("service-port-input").value="",document.getElementById("service-ip-input").value=v.lan||"",document.getElementById("service-logo-input").value="",document.getElementById("dns-ttl-input").value=DC.DEFAULTS.TTL,document.getElementById("ssl-type-select").value=i(),document.getElementById("ca-name-input").value="",document.getElementById("enable-auth").checked=!1,document.getElementById("enable-cors").checked=!1,document.getElementById("custom-headers-input").value="",document.getElementById("upstream-path-input").value="/",document.getElementById("health-check-input").value="",document.getElementById("timeout-input").value="30";const e=document.getElementById("subdomain-preview");e&&(e.textContent="");const a=document.getElementById("external-subdomain-preview");a&&(a.textContent="");const u=document.getElementById("external-service-name");u&&(u.value="");const n=document.getElementById("external-service-subdomain");n&&(n.value="");const l=document.getElementById("external-service-url");l&&(l.value="");const p=document.getElementById("external-service-logo");p&&(p.value="");const s=document.getElementById("external-service-icon");s&&(s.value="");const I=document.getElementById("local-advanced-options");I&&I.removeAttribute("open");const B=document.getElementById("external-advanced-options");B&&B.removeAttribute("open");const L=document.getElementById("service-type-local");L&&(L.checked=!0);const A=document.getElementById("local-service-config"),w=document.getElementById("external-service-config");A&&(A.style.display="grid"),w&&(w.style.display="none");const T=document.getElementById("tab-local"),$=document.getElementById("tab-external");T&&(T.style.background="var(--accent)",T.style.color="var(--bg)"),$&&($.style.background="transparent",$.style.color="var(--muted)")}async function c(){const e=document.getElementById("service-name-input").value.trim(),a=(document.getElementById("service-subdomain-input").value.trim()||o(e)).toLowerCase(),u=document.getElementById("service-port-input").value.trim(),n=document.getElementById("service-ip-input").value.trim(),l=document.getElementById("service-logo-input").value.trim(),p=document.getElementById("create-dns-record").checked,s=parseInt(document.getElementById("dns-ttl-input").value)||DC.DEFAULTS.TTL,I=document.getElementById("manual-tailscale-only")?.checked||!1,B=document.getElementById("ssl-type-select")?.value||"caddy-managed",L=document.getElementById("ca-name-input")?.value||"",A=document.getElementById("existing-ca-select")?.value||"",w=document.getElementById("enable-auth")?.checked||!1,T=document.getElementById("enable-cors")?.checked||!1,$=document.getElementById("custom-headers-input")?.value||"",b=document.getElementById("upstream-path-input")?.value||"/",m=document.getElementById("health-check-input")?.value||"",S=document.getElementById("timeout-input")?.value||30,x=window.getToken(getPrimaryDnsId(),"admin");if(!e||!u||!n){showNotification("Please fill in Name, Port, and IP Address","warning");return}if(!a){showNotification("Could not derive subdomain from name. Please set one in Options.","warning");return}if(p&&!x){showNotification("DNS Admin token required. Configure it in the Tokens menu first.","warning");return}const C={dns:null,caddy:null,dashboard:!1};try{if(p)try{await window.createDnsRecord(a,n,s),C.dns="created"}catch(N){throw console.error("DNS creation failed:",N),C.dns=N.message,new Error(`DNS creation failed: ${N.message}`)}else C.dns="skipped";const P=window.generateCaddyConfig({subdomain:a,port:u,ip:n,sslType:B,caName:L,existingCa:A,enableAuth:w,enableCors:T,customHeaders:$,upstreamPath:b,healthCheck:m,timeout:S,tailscaleOnly:I});try{const R=await(await secureFetch("/api/v1/site",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:buildDomain(a),upstream:`${n}:${u}`,config:P})})).json();if(R.success)C.caddy="added & reloaded";else throw console.error("Caddy configuration failed:",R.error),C.caddy=R.error||"failed",new Error(`Caddy configuration failed: ${R.error}`)}catch(N){throw console.error("Caddy API error:",N),C.caddy=N.message,new Error(`Caddy API error: ${N.message}`)}const O={name:e,subdomain:a,port:u,ip:n,logo:l||`/assets/${a}.png`,tailscaleOnly:I||!1};await window.addServiceToConfig(O),C.dashboard=!0;const D=[`DNS: ${C.dns==="created"?"\u2713":C.dns==="skipped"?"\u25CB":"\u2717"}`,`Caddy: ${C.caddy==="added & reloaded"?"\u2713":"\u2717"}`,`Dashboard: ${C.dashboard?"\u2713":"\u2717"}`];showNotification(`Service "${e}" created! ${D.join(" | ")} \u2014 ${buildServiceUrl(a)}${I?" (Tailscale)":""}`,"success",6e3),d(),window.buildGrid(),window.refreshAll()}catch(P){console.error("Error creating service:",P),showNotification(`Error creating "${e}": ${P.message}`,"error",6e3)}}document.getElementById("add-service")?.addEventListener("click",h),document.getElementById("add-service-cancel")?.addEventListener("click",d),document.getElementById("add-service-create")?.addEventListener("click",()=>{document.querySelector('input[name="service-type"]:checked')?.value==="external"?t():c()}),r(),E(),k(),document.getElementById("ssl-type-select")?.addEventListener("change",e=>{const a=document.getElementById("existing-ca-config"),u=document.getElementById("custom-ca-config");a.style.display="none",u.style.display="none",e.target.value==="existing-ca"?a.style.display="block":e.target.value==="custom-ca"&&(u.style.display="block"),g()}),document.getElementById("refresh-cas")?.addEventListener("click",async()=>{const e=document.getElementById("refresh-cas"),a=e.textContent;e.textContent="\u231B Loading...",e.disabled=!0;try{const u=document.getElementById("caddyfile-path-input").value||DC.DEFAULTS.CADDYFILE;await window.loadExistingCAs(u),e.textContent="\u2705 Refreshed"}catch(u){e.textContent="\u274C Failed",console.error("Failed to refresh CAs:",u)}setTimeout(()=>{e.textContent=a,e.disabled=!1},2e3)}),document.getElementById("create-dns-record")?.addEventListener("change",e=>{const a=document.getElementById("dns-config");a.style.display=e.target.checked?"block":"none"}),["service-subdomain-input","service-ip-input","service-port-input","ca-name-input","existing-ca-select","enable-auth","enable-cors","custom-headers-input","upstream-path-input","health-check-input","timeout-input"].forEach(e=>{const a=document.getElementById(e);a&&(a.addEventListener("input",g),a.addEventListener("change",g))});function f(){const e=safeGet("custom-services");if(e)try{JSON.parse(e).forEach(u=>{window.APPS.find(n=>n.id===u.id)||window.APPS.push(u)})}catch(a){console.warn("Failed to load custom services:",a)}}f(),window.openAddServiceModal=h,window.closeAddServiceModal=d})();