Add public endpoint to download cookie extraction script

Features:
- New GET /public/scripts/extract-and-upload-cookies.sh endpoint
- No authentication required (public)
- Downloads the automation script directly
- Proper Content-Disposition headers for file download

Usage:
# Download the script
curl -O http://tomp3.etheryale.com:3001/public/scripts/extract-and-upload-cookies.sh

# Make executable
chmod +x extract-and-upload-cookies.sh

# Configure and run
export API_TOKEN="your_token"
export API_URL="http://tomp3.etheryale.com:3001"
./extract-and-upload-cookies.sh

Security:
- No secrets in the script (uses environment variables)
- Safe to distribute publicly
- Users provide their own API_TOKEN and API_URL

Benefits:
- One-command download
- No need to clone repo
- Easy distribution to end-users
- Cross-platform compatible (Linux/Mac/WSL)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/server.js

@@ -89,7 +89,7 @@ app.use(express.json());
 app.use((req, res, next) => {
   // Public endpoints that should work over HTTP
   const publicEndpoints = ['/health', '/api', '/docs/api'];
-  const isPublic = publicEndpoints.includes(req.path) || req.path.startsWith('/public/download/');
+  const isPublic = publicEndpoints.includes(req.path) || req.path.startsWith('/public/download/') || req.path.startsWith('/public/scripts/');
 
   res.setHeader('X-Content-Type-Options', 'nosniff');
   res.setHeader('X-Frame-Options', 'DENY');
@@ -111,8 +111,8 @@ app.use((req, res, next) => {
 const authenticate = (req, res, next) => {
   // Skip authentication for public endpoints
   const publicEndpoints = ['/health', '/api', '/docs/api'];
-  // Allow public download endpoint
+  // Allow public download and scripts endpoints
-  if (publicEndpoints.includes(req.path) || req.path.startsWith('/public/download/')) {
+  if (publicEndpoints.includes(req.path) || req.path.startsWith('/public/download/') || req.path.startsWith('/public/scripts/')) {
     return next();
   }
 
@@ -216,6 +216,42 @@ app.get('/docs/api', (req, res) => {
   }
 });
 
+/**
+ * GET /public/scripts/extract-and-upload-cookies.sh
+ * Public endpoint to download the cookie extraction script
+ */
+app.get('/public/scripts/extract-and-upload-cookies.sh', (req, res) => {
+  try {
+    const scriptPath = path.join(__dirname, '../extract-and-upload-cookies.sh');
+
+    if (!fs.existsSync(scriptPath)) {
+      return res.status(404).json({
+        error: 'Script not found',
+        message: 'Cookie extraction script does not exist'
+      });
+    }
+
+    // Send file with proper headers for download
+    res.download(scriptPath, 'extract-and-upload-cookies.sh', (err) => {
+      if (err) {
+        console.error(`[Script Download] Error: ${err.message}`);
+        if (!res.headersSent) {
+          res.status(500).json({
+            error: 'Download failed',
+            message: err.message
+          });
+        }
+      }
+    });
+  } catch (error) {
+    console.error(`[Script Download] Error: ${error.message}`);
+    res.status(500).json({
+      error: 'Server error',
+      message: error.message
+    });
+  }
+});
+
 /**
  * GET /public/download/:filename
  * Public endpoint to download files without authentication
@@ -1515,6 +1551,7 @@ app.listen(PORT, () => {
   console.log('  GET  /health           - Health check');
   console.log('  GET  /docs/api         - API documentation (no auth)');
   console.log('  GET  /public/download/:filename - Public file download (no auth)');
+  console.log('  GET  /public/scripts/extract-and-upload-cookies.sh - Cookie script (no auth)');
   console.log('  GET  /info?url=        - Get video/playlist info');
   console.log('  POST /download         - Download as MP3');
   console.log('  POST /transcribe       - Transcribe audio file');