Rolfsvaag_Datateknikk/Lumi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
32ec0a102f
Lumi/knowledge/core/lumi-core.md
Franz Rolfsvaag 32ec0a102f Advance experimental OKF and Lumi AI systems
2026-06-25 14:10:04 +02:00

74 KiB
Raw Blame History

id title scope status priority visibility category tags generated editable updated_at
core.lumi lumi-bot core active 20 user Core core, routes, commands, settings true false 2026-06-25T12:06:11.231Z

lumi-bot

Lumi is the core web UI and bot runtime.

Runtime

Package: lumi-bot Version: 0.1.9

Routes

  • GET /api/events
  • POST /api/destructive-confirmations
  • GET /api/users/search
  • GET /api/placeholders/catalog
  • POST /api/placeholders/preview
  • GET /api/feedback/similar
  • POST /api/feedback/:id/support
  • POST /api/feedback
  • GET /api/feedback/notifications
  • GET /
  • GET /api/assistant-panels
  • GET /setup
  • GET /setup/discord
  • POST /setup/discord/verify
  • POST /setup/discord/cancel
  • GET /setup/twitch
  • POST /setup/twitch/verify
  • POST /setup/twitch/cancel
  • GET /setup/youtube
  • POST /setup/youtube/connect
  • POST /setup/youtube/verify
  • POST /setup/youtube/cancel
  • GET /auth/discord
  • GET /auth/discord/callback
  • GET /auth/localhost
  • POST /auth/localhost
  • POST /auth/logout
  • GET /auth/twitch
  • GET /auth/twitch/login
  • GET /auth/twitch/callback
  • GET /auth/youtube
  • GET /auth/youtube/login
  • GET /auth/youtube/callback
  • GET /profile
  • POST /profile/unlink/:provider
  • POST /profile/username
  • GET /feedback
  • POST /feedback/:id/comment
  • POST /feedback/:id/support
  • GET /feedback/:id/screenshot
  • GET /feedback/:id/attachments/:attachmentId
  • GET /health
  • GET /commands
  • GET /leaderboards
  • GET /stats
  • GET /stats/:username
  • GET /pages/:slug
  • GET /moderator
  • GET /admin
  • GET /api/admin/dashboard-metrics
  • GET /admin/settings
  • POST /admin/settings
  • POST /admin/settings/nav-icons
  • POST /admin/settings/nav-icons/reset
  • GET /admin/navigation
  • POST /admin/navigation
  • POST /admin/navigation/reset
  • GET /admin/discord-wizard
  • POST /admin/discord-wizard/verify
  • POST /admin/discord-wizard/cancel
  • GET /admin/twitch-wizard
  • POST /admin/twitch-wizard/verify
  • POST /admin/twitch-wizard/cancel
  • GET /admin/youtube-wizard
  • POST /admin/youtube-wizard/connect
  • POST /admin/youtube-wizard/verify
  • POST /admin/youtube-wizard/cancel
  • GET /admin/theming
  • POST /admin/theming/select
  • POST /admin/theming/duplicate
  • POST /admin/theming/custom/:id/save
  • POST /admin/theming/custom/:id/rename
  • POST /admin/theming/custom/:id/delete
  • POST /admin/theming
  • GET /admin/logs
  • GET /admin/logs/download
  • GET /admin/feedback
  • POST /admin/feedback/export
  • POST /admin/feedback/:id/export
  • POST /admin/feedback/:id/create-okf-correction
  • POST /admin/feedback/:id
  • POST /admin/feedback/:id/finalize
  • POST /admin/feedback/:id/reopen
  • POST /admin/feedback/:id/delete
  • POST /admin/feedback/:id/cleanup
  • GET /admin/privileges
  • GET /admin/commands
  • POST /admin/commands
  • POST /admin/commands/:id/toggle
  • POST /admin/commands/:id/delete
  • POST /admin/commands/:id/update
  • POST /admin/commands/:id/preview
  • GET /admin/pages
  • GET /admin/users
  • POST /admin/users/:id/username
  • POST /admin/pages
  • POST /admin/pages/:id/toggle
  • POST /admin/pages/:id/delete
  • POST /admin/pages/:id/update
  • GET /admin/plugins
  • POST /admin/plugins/:id/toggle
  • POST /admin/plugins/:id/uninstall
  • POST /admin/plugins/upload
  • POST /admin/plugins/install
  • POST /admin/plugins/create
  • POST /admin/plugins/:id/update
  • GET /admin/updates/events
  • GET /admin/updates/status
  • GET /admin/updates/recovery
  • POST /admin/updates/recovery/clear-marker
  • POST /admin/updates/recovery/retry-normal-startup
  • GET /admin/updates
  • POST /admin/updates/core/check
  • POST /admin/updates/core/apply
  • POST /admin/updates/core/revert
  • POST /admin/updates/bot
  • POST /admin/updates/core/zip
  • POST /admin/updates/plugin
  • POST /admin/updates/plugins/:id/check
  • POST /admin/updates/plugins/:id/apply
  • POST /admin/updates/plugins/:id/revert
  • POST /admin/updates/plugins/:id/disable
  • POST /admin/updates/plugins/:id/zip
  • POST /admin/update
  • POST /admin/check-update
  • POST /admin/restart

Route Reference

GET /api/events

  • Purpose: Streams live WebUI event notifications to the browser.
  • Inputs: No request parameters detected by static analysis.
  • Response format: streaming event response
  • Access: logged-in session required or used
  • Side effects: publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise.

POST /api/destructive-confirmations

  • Purpose: Provides api destructive confirmations data as JSON.
  • Inputs: body: action
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Consumes submitted data; state mutation happens in called helpers if present.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

GET /api/users/search

  • Purpose: Searches known linked Lumi users for shared user-lookup fields.
  • Inputs: query: limit, q
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise.

GET /api/placeholders/catalog

  • Purpose: Returns placeholder suggestions available to the current user and field policy.
  • Inputs: query: field_id, output_audience
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

POST /api/placeholders/preview

  • Purpose: Previews placeholder rendering for a submitted template without saving it.
  • Inputs: body: field_id, output_audience, template
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Consumes submitted data; state mutation happens in called helpers if present.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

GET /api/feedback/similar

  • Purpose: Provides api feedback similar data as JSON.
  • Inputs: query: limit
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

POST /api/feedback/:id/support

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Action route; side effects were not detected statically.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

POST /api/feedback

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: file upload: multipart form file data; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: API response; exact schema was not detected statically.
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

GET /api/feedback/notifications

  • Purpose: Provides api feedback notifications data as JSON.
  • Inputs: No request parameters detected by static analysis.
  • Response format: JSON response
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise.

GET /

  • Purpose: Renders the requested WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

GET /api/assistant-panels

  • Purpose: Provides api assistant panels data as JSON.
  • Inputs: No request parameters detected by static analysis.
  • Response format: JSON response
  • Access: logged-in session required or used; mount-level canAccess predicate applies
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

GET /setup

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /setup/discord

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /setup/discord/verify

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: body: discord_admin_role_id, discord_bot_token, discord_client_id, discord_client_secret, discord_guild_id, discord_mod_role_id, discord_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /setup/discord/cancel

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /setup/twitch

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /setup/twitch/verify

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: body: twitch_bot_oauth, twitch_bot_username, twitch_channels, twitch_client_id, twitch_client_secret, twitch_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /setup/twitch/cancel

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /setup/youtube

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /setup/youtube/connect

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: body: youtube_client_id, youtube_client_secret, youtube_redirect_uri
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /setup/youtube/verify

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: body: youtube_client_id, youtube_client_secret, youtube_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /setup/youtube/cancel

  • Purpose: Guides first-time platform setup and verification.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /auth/discord

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /auth/discord/callback

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

GET /auth/localhost

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /auth/localhost

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: body: password, username
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /auth/logout

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Action route; side effects were not detected statically.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /auth/twitch

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /auth/twitch/login

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /auth/twitch/callback

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

GET /auth/youtube

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /auth/youtube/login

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /auth/youtube/callback

  • Purpose: Starts, completes, or cancels a platform authentication/linking flow.
  • Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

GET /profile

  • Purpose: Renders the profile WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /profile/unlink/:provider

  • Purpose: Processes the profile unlink provider action and stores or applies submitted form data.
  • Inputs: path params: provider
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /profile/username

  • Purpose: Processes the profile username action and stores or applies submitted form data.
  • Inputs: body: internal_username
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /feedback

  • Purpose: Renders the feedback WebUI page.
  • Inputs: query: id
  • Response format: HTML page rendered from an EJS view
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /feedback/:id/comment

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: comment
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /feedback/:id/support

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /feedback/:id/screenshot

  • Purpose: Handles feedback id screenshot.
  • Inputs: path params: id
  • Response format: static file response
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /feedback/:id/attachments/:attachmentId

  • Purpose: Handles feedback id attachments attachmentId.
  • Inputs: path params: attachmentId, id
  • Response format: static file response
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /health

  • Purpose: Returns runtime health information.
  • Inputs: No request parameters detected by static analysis.
  • Response format: JSON response
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /commands

  • Purpose: Displays configured bot commands.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected; logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /leaderboards

  • Purpose: Displays leaderboard data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware.
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /stats

  • Purpose: Displays user or community statistics.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /stats/:username

  • Purpose: Displays user or community statistics.
  • Inputs: path params: username
  • Response format: HTML page rendered from an EJS view
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /pages/:slug

  • Purpose: Renders the pages slug WebUI page.
  • Inputs: path params: slug
  • Response format: HTML page rendered from an EJS view
  • Access: logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /moderator

  • Purpose: Renders the moderator WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: moderator access may be required
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin

  • Purpose: Renders the admin WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /api/admin/dashboard-metrics

  • Purpose: Provides api admin dashboard metrics data as JSON.
  • Inputs: query: scope
  • Response format: JSON response
  • Access: admin access expected
  • Side effects: writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise.

GET /admin/settings

  • Purpose: Renders the core settings page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected; logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/settings

  • Purpose: Saves core settings from the admin settings form.
  • Inputs: body: localhost_login_password, localhost_login_username
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Input length or numeric bounds are enforced by helper functions in the handler. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/settings/nav-icons

  • Purpose: Saves core settings from the admin settings form.
  • Inputs: body: item_id; file upload: multipart form file data
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/settings/nav-icons/reset

  • Purpose: Saves core settings from the admin settings form.
  • Inputs: body: item_id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/navigation

  • Purpose: Renders the admin navigation WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected; logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/navigation

  • Purpose: Processes the admin navigation action and stores or applies submitted form data.
  • Inputs: body: nav_enabled, nav_include_unassigned, nav_sections, nav_unassigned_icon, nav_unassigned_id, nav_unassigned_label
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/navigation/reset

  • Purpose: Processes the admin navigation reset action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/discord-wizard

  • Purpose: Renders the admin discord wizard WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/discord-wizard/verify

  • Purpose: Renders the admin discord wizard verify WebUI page.
  • Inputs: body: discord_admin_role_id, discord_bot_token, discord_client_id, discord_client_secret, discord_guild_id, discord_mod_role_id, discord_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/discord-wizard/cancel

  • Purpose: Processes the admin discord wizard cancel action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/twitch-wizard

  • Purpose: Renders the admin twitch wizard WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/twitch-wizard/verify

  • Purpose: Renders the admin twitch wizard verify WebUI page.
  • Inputs: body: twitch_bot_oauth, twitch_bot_username, twitch_channels, twitch_client_id, twitch_client_secret, twitch_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/twitch-wizard/cancel

  • Purpose: Processes the admin twitch wizard cancel action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/youtube-wizard

  • Purpose: Renders the admin youtube wizard WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/youtube-wizard/connect

  • Purpose: Processes the admin youtube wizard connect action and stores or applies submitted form data.
  • Inputs: body: youtube_client_id, youtube_client_secret, youtube_redirect_uri
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/youtube-wizard/verify

  • Purpose: Renders the admin youtube wizard verify WebUI page.
  • Inputs: body: youtube_client_id, youtube_client_secret, youtube_redirect_uri
  • Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/youtube-wizard/cancel

  • Purpose: Processes the admin youtube wizard cancel action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/theming

  • Purpose: Renders the admin theming WebUI page.
  • Inputs: query: edit
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/theming/select

  • Purpose: Processes the admin theming select action and stores or applies submitted form data.
  • Inputs: body: theme_id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/theming/duplicate

  • Purpose: Processes the admin theming duplicate action and stores or applies submitted form data.
  • Inputs: body: name, theme_id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/theming/custom/:id/save

  • Purpose: Processes the admin theming custom id save action and stores or applies submitted form data.
  • Inputs: path params: id; body: apply
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/theming/custom/:id/rename

  • Purpose: Processes the admin theming custom id rename action and stores or applies submitted form data.
  • Inputs: path params: id; body: name
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/theming/custom/:id/delete

  • Purpose: Processes the admin theming custom id delete action and stores or applies submitted form data.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/theming

  • Purpose: Processes the admin theming action and stores or applies submitted form data.
  • Inputs: body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/logs

  • Purpose: Displays, downloads, or manages application logs.
  • Inputs: query: level, limit, range
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin/logs/download

  • Purpose: Displays, downloads, or manages application logs.
  • Inputs: query: level, limit, range
  • Response format: plain or HTML response
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin/feedback

  • Purpose: Renders the admin feedback WebUI page.
  • Inputs: query: area, category, date_from, date_to, needs_action, scope, severity, sort, status, submitter
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/feedback/export

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: JSON response
  • Access: admin access expected
  • Side effects: Action route; side effects were not detected statically.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/export

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: JSON response
  • Access: admin access expected
  • Side effects: Action route; side effects were not detected statically.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/create-okf-correction

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: status_note
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/finalize

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: status_note
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/reopen

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: status_note
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/delete

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/feedback/:id/cleanup

  • Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path.
  • Inputs: path params: id; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/privileges

  • Purpose: Renders the admin privileges WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin/commands

  • Purpose: Displays configured bot commands.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected; logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/commands

  • Purpose: Creates, updates, previews, toggles, or deletes custom commands.
  • Inputs: body: code, language, mode, response, trigger
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/commands/:id/toggle

  • Purpose: Creates, updates, previews, toggles, or deletes custom commands.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/commands/:id/delete

  • Purpose: Creates, updates, previews, toggles, or deletes custom commands.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/commands/:id/update

  • Purpose: Creates, updates, previews, toggles, or deletes custom commands.
  • Inputs: path params: id; body: code, language, mode, response, trigger
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected; logged-in session required or used
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/commands/:id/preview

  • Purpose: Creates, updates, previews, toggles, or deletes custom commands.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/pages

  • Purpose: Renders the admin pages WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin/users

  • Purpose: Renders the admin users WebUI page.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected; logged-in session required or used
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/users/:id/username

  • Purpose: Processes the admin users id username action and stores or applies submitted form data.
  • Inputs: path params: id; body: internal_username
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/pages

  • Purpose: Processes the admin pages action and stores or applies submitted form data.
  • Inputs: body: content, content_css, format, nav_label, role, show_in_nav, slug, title
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/pages/:id/toggle

  • Purpose: Processes the admin pages id toggle action and stores or applies submitted form data.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/pages/:id/delete

  • Purpose: Processes the admin pages id delete action and stores or applies submitted form data.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/pages/:id/update

  • Purpose: Processes the admin pages id update action and stores or applies submitted form data.
  • Inputs: path params: id; body: content, content_css, format, nav_label, role, show_in_nav, slug, title
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes database state when the called service mutates data
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/plugins

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/plugins/:id/toggle

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: path params: id; body: enabled
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/plugins/:id/uninstall

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/plugins/upload

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: file upload: multipart form file data
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/plugins/install

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: body: url
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/plugins/create

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: body: description, id, name
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/plugins/:id/update

  • Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement.
  • Inputs: path params: id
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/updates/events

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: streaming event response
  • Access: admin access expected
  • Side effects: publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

GET /admin/updates/status

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: JSON response
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

GET /admin/updates/recovery

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: JSON response
  • Access: admin access expected
  • Side effects: Usually read-only.
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations.

POST /admin/updates/recovery/clear-marker

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/recovery/retry-normal-startup

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

GET /admin/updates

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTML page rendered from an EJS view
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page.

POST /admin/updates/core/check

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/core/apply

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: No request parameters detected by static analysis.
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/core/revert

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: body: snapshot_id
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/bot

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: body: patch_mode; file upload: multipart form file data
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/core/zip

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: body: patch_mode, rollback_safe; file upload: multipart form file data
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugin

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: file upload: multipart form file data
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugins/:id/check

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: path params: id
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugins/:id/apply

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: path params: id
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugins/:id/revert

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: path params: id; body: snapshot_id
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugins/:id/disable

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: path params: id
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: publishes or streams live WebUI events
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/updates/plugins/:id/zip

  • Purpose: Checks, applies, reverts, or reports update state for core or plugin updates.
  • Inputs: path params: id; body: rollback_safe; file upload: multipart form file data
  • Response format: Form/action response; exact format was not detected statically.
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; writes files
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/update

  • Purpose: Processes the admin update action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/check-update

  • Purpose: Processes the admin check update action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion.

POST /admin/restart

  • Purpose: Processes the admin restart action and stores or applies submitted form data.
  • Inputs: No request parameters detected by static analysis.
  • Response format: HTTP redirect after handling the request
  • Access: admin access expected
  • Side effects: writes or mutates server-side state; may restart or stop runtime processes
  • Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion.

README Summary

Lumi Bot

Discord bot + WebUI with role-based access, plugin management, and self-update support.

Quick start

Requires Node.js 18+.

  1. Install dependencies: 
    npm install
  2. Run with auto-restart: 
    npm run run