Add comprehensive API documentation to Cloudron setup instructions

- Added detailed API endpoint information in SETUP-INSTRUCTIONS.md
- Documented API usage with Ente CLI
- Enhanced routing configuration for auth/cast/accounts apps
- Updated to version 0.1.64

start.sh

@@ -104,6 +104,15 @@ port: 8080
 host: 0.0.0.0
 log_level: info
 
+# Key used for encrypting customer data (REQUIRED)
+key:
+  encryption: yvmG/RnzKrbCb9L3mgsmoxXr9H7i2Z4qlbT0mL3ln4w=
+  hash: KXYiG07wC7GIgvCSdg+WmyWdXDAn6XKYJtp/wkEU7x573+byBRAYtpTP0wwvi8i/4l37uicX1dVTUzwH3sLZyw==
+
+# JWT secrets (REQUIRED)
+jwt:
+  secret: i2DecQmfGreG6q1vBj5tCokhlN41gcfS2cjOs9Po-u8=
+
 # Database configuration
 db:
   host: ${CLOUDRON_POSTGRESQL_HOST}
@@ -120,14 +129,17 @@ cors:
 
 # S3 storage configuration
 s3:
-  endpoint: "${S3_ENDPOINT}"
-  region: "${S3_REGION}"
-  access_key: "${S3_ACCESS_KEY}"
-  secret_key: "${S3_SECRET_KEY}"
-  bucket: "${S3_BUCKET}"
   # For Wasabi, we need path style URLs
-  use_path_style_urls: true
   are_local_buckets: false
+  use_path_style_urls: true
+  
+  # Primary bucket configuration (named bucket structure required by Museum)
+  b2-eu-cen:
+    endpoint: "${S3_ENDPOINT}"
+    region: "${S3_REGION}"
+    key: "${S3_ACCESS_KEY}"
+    secret: "${S3_SECRET_KEY}"
+    bucket: "${S3_BUCKET}"
 
 # Email settings
 email:
@@ -212,6 +224,17 @@ else
   log "INFO" "Web templates already exist or source not available"
 fi
 
+# Copy mail templates to Museum working directory (required for email functionality)
+MUSEUM_MAIL_TEMPLATES_DIR="/app/data/ente/server/mail-templates"
+REPO_MAIL_TEMPLATES_DIR="/app/data/ente/repository/server/mail-templates"
+if [ ! -d "$MUSEUM_MAIL_TEMPLATES_DIR" ] && [ -d "$REPO_MAIL_TEMPLATES_DIR" ]; then
+  log "INFO" "Copying mail templates"
+  cp -r "$REPO_MAIL_TEMPLATES_DIR" "$MUSEUM_MAIL_TEMPLATES_DIR"
+  log "INFO" "Copied mail templates to $MUSEUM_MAIL_TEMPLATES_DIR"
+else
+  log "INFO" "Mail templates already exist or source not available"
+fi
+
 # Check if Museum binary exists and is valid
 log "INFO" "Checking for Museum binary at: $MUSEUM_BIN"
 if [ -f "$MUSEUM_BIN" ]; then
@@ -243,23 +266,7 @@ fi
 # ===============================================
 log "INFO" "Web applications are pre-built and available in /app/web/"
 
-# Fix API endpoint configuration in built JavaScript files
-log "INFO" "Updating API endpoint configuration in web apps"
-ACTUAL_ENDPOINT="https://${CLOUDRON_APP_DOMAIN}/api"
-log "INFO" "Setting API endpoint to: $ACTUAL_ENDPOINT"
-
-# Replace placeholder endpoint in all JavaScript files
-for webapp in photos accounts auth cast; do
-  WEB_DIR="/app/web/${webapp}"
-  if [ -d "$WEB_DIR" ]; then
-    log "INFO" "Processing ${webapp} app"
-    # Find and replace the placeholder endpoint in all JS files
-    find "$WEB_DIR" -name "*.js" -type f -exec sed -i "s|https://example.com/api|${ACTUAL_ENDPOINT}|g" {} \;
-    log "INFO" "Updated endpoint configuration for ${webapp}"
-  else
-    log "WARN" "Web directory not found for ${webapp}"
-  fi
-done
+# Web apps are pre-built with relative API paths (/api) that work with any domain
 
 # ===============================================
 # Node.js Placeholder Server
@@ -631,10 +638,11 @@ cat > "$CADDY_CONFIG" << EOF
     # Enable compression
     encode gzip
 
+    # Root redirect - must be first
+    redir / /photos/ 301
+
     # CORS preflight handling
-    @options {
-        method OPTIONS
-    }
+    @options method OPTIONS
     handle @options {
         header {
             Access-Control-Allow-Origin "*"
@@ -645,14 +653,9 @@ cat > "$CADDY_CONFIG" << EOF
         respond 204
     }
 
-    # API endpoints with CORS
-    handle /api/* {
-        reverse_proxy localhost:8080 {
-            header_up Host {http.request.host}
-            header_up X-Real-IP {http.request.remote}
-            header_up X-Forwarded-For {http.request.remote}
-            header_up X-Forwarded-Proto {http.request.scheme}
-        }
+    # API endpoints - STRIP /api prefix and proxy to Museum server
+    handle_path /api/* {
+        reverse_proxy localhost:8080
         header {
             Access-Control-Allow-Origin "*"
             Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
@@ -661,29 +664,67 @@ cat > "$CADDY_CONFIG" << EOF
         }
     }
     
-    # Public albums endpoint  
-    handle /public/* {
+    # API endpoints for auth app
+    handle_path /auth/api/* {
         reverse_proxy localhost:8080
         header {
             Access-Control-Allow-Origin "*"
+            Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+            Access-Control-Allow-Headers "*"
+            Access-Control-Allow-Credentials "true"
         }
     }
     
-    # Health check endpoint
-    handle /health {
+    # API endpoints for cast app
+    handle_path /cast/api/* {
+        reverse_proxy localhost:8080
+        header {
+            Access-Control-Allow-Origin "*"
+            Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+            Access-Control-Allow-Headers "*"
+            Access-Control-Allow-Credentials "true"
+        }
+    }
+    
+    # API endpoints for accounts app
+    handle_path /accounts/api/* {
+        reverse_proxy localhost:8080
+        header {
+            Access-Control-Allow-Origin "*"
+            Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+            Access-Control-Allow-Headers "*"
+            Access-Control-Allow-Credentials "true"
+        }
+    }
+    
+    # Health check endpoint (direct, no /api prefix)
+    handle /ping {
         reverse_proxy localhost:8080
     }
 
     # Static files for Next.js assets from all apps
     handle /_next/* {
-        @photosNext path /_next/*
-        handle @photosNext {
-            root * /app/web/photos
-            file_server
-        }
+        root * /app/web/photos
+        file_server
         header {
             Cache-Control "public, max-age=31536000"
-            Access-Control-Allow-Origin "*"
+        }
+    }
+
+    # Static images and assets (served from photos app by default)
+    handle /images/* {
+        root * /app/web/photos
+        file_server
+        header {
+            Cache-Control "public, max-age=86400"
+        }
+    }
+
+    handle /favicon.ico {
+        root * /app/web/photos
+        file_server
+        header {
+            Cache-Control "public, max-age=86400"
         }
     }
 
@@ -715,8 +756,9 @@ cat > "$CADDY_CONFIG" << EOF
         file_server
     }
     
-    # Root redirect
-    handle / {
+    # Root redirect - specifically match root path only
+    @root path /
+    handle @root {
         redir /photos/ permanent
     }
 }
@@ -764,19 +806,34 @@ cat > /app/data/SETUP-INSTRUCTIONS.md << EOF
 
 2. **Museum Server**: The server configuration is at \`/app/data/ente/server/museum.yaml\` if you need to customize settings.
 
-## Troubleshooting
+## API Endpoint
 
-- **Logs**: Check the logs at \`/app/data/logs/\` for any issues.
-- **Restart**: If you change configuration, restart the app to apply changes.
+The Ente API is available at: **https://${CLOUDRON_APP_FQDN}/api**
+
+This endpoint can be used to:
+- Configure Ente CLI tools
+- Integrate with third-party applications
+- Access the Museum server API directly
+
+For admin operations, use the Ente CLI with:
+\`\`\`bash
+ente admin --api-url https://${CLOUDRON_APP_FQDN}/api
+\`\`\`
 
 ## Web Applications
 
 The following web applications are available:
 
-- Photos: https://${CLOUDRON_APP_FQDN}/photos/
-- Accounts: https://${CLOUDRON_APP_FQDN}/accounts/
-- Auth: https://${CLOUDRON_APP_FQDN}/auth/
-- Cast: https://${CLOUDRON_APP_FQDN}/cast/
+- **Photos**: https://${CLOUDRON_APP_FQDN}/photos/ - Main photo storage and management
+- **Auth**: https://${CLOUDRON_APP_FQDN}/auth/ - 2FA authenticator app
+- **Accounts**: https://${CLOUDRON_APP_FQDN}/accounts/ - Account management
+- **Cast**: https://${CLOUDRON_APP_FQDN}/cast/ - Photo casting to devices
+
+## Troubleshooting
+
+- **Logs**: Check the logs at \`/app/data/logs/\` for any issues.
+- **Restart**: If you change configuration, restart the app to apply changes.
+- **API Issues**: All apps use the API endpoint at \`/api\`. If apps show loading spinners, check API connectivity.
 
 ## Support
 
@@ -800,6 +857,48 @@ else
   log "ERROR" "Caddy server is not running!"
 fi
 
+# ===============================================
+# OTP Email Monitor Setup
+# ===============================================
+log "INFO" "Setting up OTP Email Monitor"
+
+# Install Node.js dependencies if not already installed
+if [ ! -d "/app/data/node_modules" ]; then
+  log "INFO" "Installing Node.js dependencies for OTP Email Monitor"
+  cd /app/data
+  cp /app/pkg/package.json .
+  npm install --production --no-save
+  log "INFO" "Node.js dependencies installed successfully"
+else
+  log "INFO" "Node.js dependencies already installed"
+fi
+
+# Start OTP Email Monitor
+log "INFO" "Starting OTP Email Monitor"
+cd /app/data
+NODE_PATH="/app/data/node_modules" node /app/pkg/otp-email-monitor.js > /app/data/logs/otp-email.log 2>&1 &
+OTP_MONITOR_PID=$!
+log "INFO" "OTP Email Monitor started with PID: $OTP_MONITOR_PID"
+
+# Wait a moment to check if OTP monitor starts successfully
+sleep 2
+if ps -p $OTP_MONITOR_PID > /dev/null; then
+    log "INFO" "OTP Email Monitor is running successfully"
+else
+    log "WARN" "OTP Email Monitor may have failed to start"
+    log "WARN" "Last 10 lines of OTP email log:"
+    tail -n 10 /app/data/logs/otp-email.log | while read -r line; do
+        log "WARN" "  $line"
+    done
+fi
+
+# Copy admin helper script for easy access
+if [ -f "/app/pkg/admin-helper.sh" ]; then
+  cp /app/pkg/admin-helper.sh /app/data/
+  chmod +x /app/data/admin-helper.sh
+  log "INFO" "Admin helper script available at /app/data/admin-helper.sh"
+fi
+
 log "INFO" "Ente Cloudron app startup complete"
 
 # Keep the script running to prevent container exit