SLEEP TOKEN THEORY - HELP

📁 Site Structure

• Main Page: sleeptokentheory.com → Unmasked Media photobook with folder filters
• Submit Media: sleeptokentheory.com/submissions.html → Public submission form
• Contact: sleeptokentheory.com/contact.html → Contact form
• Admin Panel: sleeptokentheory.com/admin → Password protected dashboard
• Messages: sleeptokentheory.com/messages → Password protected contact inbox

🔐 Admin Access

URL: sleeptokentheory.com/admin

Default Credentials:

• admin1 / changeme123

⚠️ Change passwords in: /root/sleeptokentheory/reddit_server.py (ADMIN_USERS dictionary)

📸 Managing Media

Uploading Media:

• Go to sleeptokentheory.com/admin
• Login with credentials
• Drag & drop images or click to browse
• Add title and description
• Select folder (optional)
• Click "Upload Media"
• Media appears on main page instantly

Reviewing Submissions:

• Click "Review" button on pending submission
• Crop image (drag to adjust, images only)
• Edit title and description
• Assign to folder
• Click "Approve" or "Reject"

📁 Managing Folders (Categories)

Creating Folders:

• Scroll to "Manage Folders" section in admin panel
• Enter folder name and click "Create Folder"
• Creates top-level folder

Creating Sub-Folders:

• Click "+ SUB-FOLDER" button next to any folder
• Enter sub-folder name
• Sub-folders appear indented below parent
• Infinite nesting supported

Folder Operations:

• Rename: Click "Rename" button, enter new name
• Delete: Deletes folder and promotes children to parent level
• Main Page Display: Folders with sub-folders show ▶/▼ to expand/collapse

📬 Managing Messages

URL: sleeptokentheory.com/messages

• Separate page from main admin dashboard
• Login required (same admin credentials)
• View all contact form submissions
• Unread messages highlighted in pink
• Click "Mark Read" to mark as read
• Click "Delete" to remove message
• Unread count badge shows on Messages button in admin panel

🗂️ File Locations

• Website Files: /var/www/dev.sleeptokentheory.com/
• Flask Backend: /root/sleeptokentheory/reddit_server.py
• Media Storage: /mnt/volume_nyc1_01/media/
• Media Metadata: /root/sleeptokentheory/data/media_metadata.json
• Folders/Categories: /root/sleeptokentheory/data/folders.json
• Submissions Queue: /root/sleeptokentheory/data/submissions.json
• Contact Messages: /root/sleeptokentheory/data/contacts.json
• Nginx Config: /etc/nginx/sites-available/dev.sleeptokentheory.com
• Service: /etc/systemd/system/sleeptokentheory.service

🔧 Server Management

Restart Flask Backend:

systemctl restart sleeptokentheory.service

Check Service Status:

systemctl status sleeptokentheory.service

View Logs:

journalctl -u sleeptokentheory.service -f

Reload Nginx:

nginx -t && systemctl reload nginx

🌐 API Endpoints

Public Endpoints:

• GET /api/media - Get all media
• GET /api/folders - Get all folders
• POST /api/submissions/submit - Submit media (rate limited: 5/hour)
• POST /api/contact - Submit contact form (rate limited: 10/hour)

Admin Endpoints (require auth token):

• POST /api/admin/login - Admin login (rate limited: 5/min)
• POST /api/admin/upload - Upload media
• DELETE /api/admin/media/:id - Delete media
• POST /api/admin/folders - Create folder (accepts parent_id for sub-folders)
• PUT /api/admin/folders/:id - Rename folder
• DELETE /api/admin/folders/:id - Delete folder
• GET /api/admin/submissions - Get pending submissions
• POST /api/admin/submissions/:id/approve - Approve submission
• POST /api/admin/submissions/:id/reject - Reject submission
• GET /api/admin/contacts - Get contact messages
• POST /api/admin/contacts/:id/read - Mark message as read
• DELETE /api/admin/contacts/:id - Delete message

📝 Editing Content

• Homepage: /var/www/dev.sleeptokentheory.com/index.html
• Styles: /var/www/dev.sleeptokentheory.com/styles.css
• Gallery Styles: /var/www/dev.sleeptokentheory.com/gallery.css
• Submissions: /var/www/dev.sleeptokentheory.com/submissions.html
• Contact Page: /var/www/dev.sleeptokentheory.com/contact.html
• Admin Panel: /root/sleeptokentheory/static/admin.html
• Messages Page: /root/sleeptokentheory/static/messages.html

🔒 SSL Certificate

Renew Certificate:

certbot renew

Get New Certificate:

certbot --nginx -d sleeptokentheory.com -d www.sleeptokentheory.com

🔒 Security Features

Rate Limiting (nginx):

• Submissions: 5 requests per minute (burst: 2)
• Login: 5 requests per minute (burst: 3)
• API endpoints: 30 requests per minute (burst: 10)
• General pages: 10 requests per second (burst: 20)
• Connection limit: 10 concurrent connections per IP

File Upload Protection:

• MIME type validation (images, videos, audio only)
• PIL image verification (detects corrupted/malicious images)
• 100MB max file size
• File extension whitelist enforcement

IP Blocking System:

• Auto-ban after 5 failed login attempts
• 1-hour ban duration
• Blocked IPs get 403 Forbidden response

Security Headers:

• X-Frame-Options: SAMEORIGIN (prevents clickjacking)
• X-Content-Type-Options: nosniff
• Content-Security-Policy (restricts script sources)
• HSTS: max-age=31536000

DDoS Protection:

• Buffer overflow protection
• Request timeout limits (12s body, 12s header)
• Server version hidden (server_tokens off)
• Blocked common exploit paths (.git, .env, .sql, etc.)

💾 Backups

Critical files to backup regularly:

• Media Files: /mnt/volume_nyc1_01/media/
• Media Metadata: /root/sleeptokentheory/data/media_metadata.json
• Folders: /root/sleeptokentheory/data/folders.json
• Submissions Queue: /root/sleeptokentheory/data/submissions.json
• Contact Messages: /root/sleeptokentheory/data/contacts.json
• Backend Code: /root/sleeptokentheory/reddit_server.py
• Website Files: /var/www/dev.sleeptokentheory.com/

Quick Backup Command:

tar -czf backup-$(date +%Y%m%d).tar.gz /mnt/volume_nyc1_01/media/ /root/sleeptokentheory/data/ /var/www/dev.sleeptokentheory.com/

🎨 Color Scheme

• Primary (Blue): #0085FF
• Accent (Pink): #FF008A
• Background: #000000
• Font: Futura Bk BT