Sync from GitHub repo

admin.py

@@ -1,7 +1,8 @@
 from flask import Blueprint, render_template, current_app, jsonify, request, redirect, url_for, flash
 from models import db, User, Model, Vote, EloHistory, ModelType
 from auth import admin_required
-from sqlalchemy import func, desc, extract
+from security import check_user_security_score
+from sqlalchemy import func, desc, extract, text
 from datetime import datetime, timedelta
 import json
 import os
@@ -115,7 +116,20 @@ def users():
     admin_users = os.getenv("ADMIN_USERS", "").split(",")
     admin_users = [username.strip() for username in admin_users]
     
-    return render_template("admin/users.html", users=users, admin_users=admin_users)
+    # Calculate security scores for all users
+    users_with_scores = []
+    for user in users:
+        score, factors = check_user_security_score(user.id)
+        users_with_scores.append({
+            'user': user,
+            'security_score': score,
+            'security_factors': factors
+        })
+    
+    # Sort by security score (lowest first to highlight problematic users)
+    users_with_scores.sort(key=lambda x: x['security_score'])
+    
+    return render_template("admin/users.html", users_with_scores=users_with_scores, admin_users=admin_users)
 
 @admin.route("/user/<int:user_id>")
 @admin_required
@@ -123,6 +137,9 @@ def user_detail(user_id):
     """View user details"""
     user = User.query.get_or_404(user_id)
     
+    # Get security score and factors
+    security_score, security_factors = check_user_security_score(user_id)
+    
     # Get user votes
     recent_votes = Vote.query.filter_by(user_id=user_id).order_by(Vote.vote_date.desc()).limit(20).all()
     
@@ -130,28 +147,56 @@ def user_detail(user_id):
     tts_votes = Vote.query.filter_by(user_id=user_id, model_type=ModelType.TTS).count()
     conversational_votes = Vote.query.filter_by(user_id=user_id, model_type=ModelType.CONVERSATIONAL).count()
     
-    # Get favorite models (most chosen)
-    favorite_models = db.session.query(
-        Vote.model_chosen,
-        Model.name,
-        func.count().label('count')
-    ).join(
-        Model, Vote.model_chosen == Model.id
-    ).filter(
-        Vote.user_id == user_id
-    ).group_by(
-        Vote.model_chosen, Model.name
-    ).order_by(
-        desc('count')
-    ).limit(5).all()
+    # Get comprehensive model bias analysis
+    # This counts how often each model was chosen vs how often it appeared
+    model_bias_analysis = []
+    
+    # Get all votes by this user
+    user_votes = Vote.query.filter_by(user_id=user_id).all()
+    
+    if user_votes:
+        model_stats = {}
+        
+        for vote in user_votes:
+            # Track model_chosen
+            chosen_id = vote.model_chosen
+            rejected_id = vote.model_rejected
+            
+            # Initialize model stats if not exists
+            if chosen_id not in model_stats:
+                model_stats[chosen_id] = {'chosen': 0, 'appeared': 0, 'name': None}
+            if rejected_id not in model_stats:
+                model_stats[rejected_id] = {'chosen': 0, 'appeared': 0, 'name': None}
+            
+            # Count appearances and choices
+            model_stats[chosen_id]['chosen'] += 1
+            model_stats[chosen_id]['appeared'] += 1
+            model_stats[rejected_id]['appeared'] += 1
+        
+        # Get model names and calculate bias ratios
+        for model_id, stats in model_stats.items():
+            model = Model.query.get(model_id)
+            if model:
+                stats['name'] = model.name
+                stats['bias_ratio'] = stats['chosen'] / stats['appeared'] if stats['appeared'] > 0 else 0
+                stats['model_id'] = model_id
+        
+        # Sort by bias ratio (highest bias first) and take top 5
+        model_bias_analysis = sorted(
+            [stats for stats in model_stats.values() if stats['name'] is not None],
+            key=lambda x: x['bias_ratio'],
+            reverse=True
+        )[:5]
     
     return render_template(
         "admin/user_detail.html",
         user=user,
+        security_score=security_score,
+        security_factors=security_factors,
         recent_votes=recent_votes,
         tts_votes=tts_votes,
         conversational_votes=conversational_votes,
-        favorite_models=favorite_models,
+        model_bias_analysis=model_bias_analysis,
         total_votes=tts_votes + conversational_votes
     )
 
@@ -398,4 +443,240 @@ def activity():
         recent_tts_votes=recent_tts_votes,
         recent_conv_votes=recent_conv_votes,
         hourly_data=json.dumps(hourly_data)
-    ) 
+    )
+
+@admin.route("/analytics")
+@admin_required
+def analytics():
+    """View analytics data including session duration, IP addresses, etc."""
+    
+    # Get analytics statistics
+    analytics_stats = {}
+    
+    try:
+        # Session duration statistics
+        duration_stats = db.session.execute(text("""
+            SELECT 
+                AVG(session_duration_seconds) as avg_duration,
+                MIN(session_duration_seconds) as min_duration,
+                MAX(session_duration_seconds) as max_duration,
+                COUNT(session_duration_seconds) as total_with_duration
+            FROM vote 
+            WHERE session_duration_seconds IS NOT NULL
+        """)).fetchone()
+        
+        analytics_stats['duration'] = {
+            'avg': round(duration_stats.avg_duration, 2) if duration_stats.avg_duration else 0,
+            'min': round(duration_stats.min_duration, 2) if duration_stats.min_duration else 0,
+            'max': round(duration_stats.max_duration, 2) if duration_stats.max_duration else 0,
+            'total': duration_stats.total_with_duration or 0
+        }
+        
+        # Cache hit statistics
+        cache_stats = db.session.execute(text("""
+            SELECT 
+                cache_hit,
+                COUNT(*) as count
+            FROM vote 
+            WHERE cache_hit IS NOT NULL
+            GROUP BY cache_hit
+        """)).fetchall()
+        
+        analytics_stats['cache'] = {
+            'hits': 0,
+            'misses': 0,
+            'total': 0
+        }
+        
+        for stat in cache_stats:
+            if stat.cache_hit:
+                analytics_stats['cache']['hits'] = stat.count
+            else:
+                analytics_stats['cache']['misses'] = stat.count
+            analytics_stats['cache']['total'] += stat.count
+        
+        # Top IP address regions (anonymized)
+        ip_stats = db.session.execute(text("""
+            SELECT 
+                ip_address_partial,
+                COUNT(*) as count
+            FROM vote 
+            WHERE ip_address_partial IS NOT NULL
+            GROUP BY ip_address_partial
+            ORDER BY count DESC
+            LIMIT 10
+        """)).fetchall()
+        
+        analytics_stats['top_ips'] = [
+            {'ip': stat.ip_address_partial, 'count': stat.count}
+            for stat in ip_stats
+        ]
+        
+        # User agent statistics (top browsers/devices)
+        ua_stats = db.session.execute(text("""
+            SELECT 
+                CASE 
+                    WHEN user_agent LIKE '%Chrome%' THEN 'Chrome'
+                    WHEN user_agent LIKE '%Firefox%' THEN 'Firefox'
+                    WHEN user_agent LIKE '%Safari%' AND user_agent NOT LIKE '%Chrome%' THEN 'Safari'
+                    WHEN user_agent LIKE '%Edge%' THEN 'Edge'
+                    WHEN user_agent LIKE '%Mobile%' OR user_agent LIKE '%Android%' THEN 'Mobile'
+                    ELSE 'Other'
+                END as browser,
+                COUNT(*) as count
+            FROM vote 
+            WHERE user_agent IS NOT NULL
+            GROUP BY browser
+            ORDER BY count DESC
+        """)).fetchall()
+        
+        analytics_stats['browsers'] = [
+            {'browser': stat.browser, 'count': stat.count}
+            for stat in ua_stats
+        ]
+        
+        # Recent votes with analytics data
+        recent_analytics = db.session.execute(text("""
+            SELECT 
+                v.id,
+                v.vote_date,
+                v.session_duration_seconds,
+                v.ip_address_partial,
+                v.cache_hit,
+                v.model_type,
+                u.username,
+                m1.name as chosen_model,
+                m2.name as rejected_model
+            FROM vote v
+            LEFT JOIN user u ON v.user_id = u.id
+            LEFT JOIN model m1 ON v.model_chosen = m1.id
+            LEFT JOIN model m2 ON v.model_rejected = m2.id
+            WHERE v.session_duration_seconds IS NOT NULL
+            ORDER BY v.vote_date DESC
+            LIMIT 20
+        """)).fetchall()
+        
+        analytics_stats['recent_votes'] = [
+            {
+                'id': vote.id,
+                'vote_date': vote.vote_date,
+                'duration': round(vote.session_duration_seconds, 2) if vote.session_duration_seconds else None,
+                'ip': vote.ip_address_partial,
+                'cache_hit': vote.cache_hit,
+                'model_type': vote.model_type,
+                'username': vote.username,
+                'chosen_model': vote.chosen_model,
+                'rejected_model': vote.rejected_model
+            }
+            for vote in recent_analytics
+        ]
+        
+    except Exception as e:
+        flash(f"Error retrieving analytics data: {str(e)}", "error")
+        analytics_stats = {}
+    
+    return render_template(
+        "admin/analytics.html", 
+        analytics_stats=analytics_stats
+    )
+
+@admin.route("/security")
+@admin_required
+def security():
+    """View security monitoring data and suspicious activity."""
+    try:
+        from security import (
+            detect_suspicious_voting_patterns, 
+            detect_coordinated_voting, 
+            check_user_security_score,
+            detect_model_bias
+        )
+        
+        # Get recent suspicious users
+        recent_users = User.query.order_by(User.join_date.desc()).limit(50).all()
+        suspicious_users = []
+        
+        for user in recent_users:
+            score, factors = check_user_security_score(user.id)
+            if score < 50:  # Flag users with low security scores
+                suspicious_users.append({
+                    'user': user,
+                    'score': score,
+                    'factors': factors
+                })
+        
+        # Sort by lowest score first
+        suspicious_users.sort(key=lambda x: x['score'])
+        
+        # Check for coordinated voting on top models
+        top_models = Model.query.order_by(Model.current_elo.desc()).limit(10).all()
+        coordinated_campaigns = []
+        
+        for model in top_models:
+            is_coordinated, user_count, vote_count, suspicious_users_list = detect_coordinated_voting(model.id)
+            if is_coordinated:
+                coordinated_campaigns.append({
+                    'model': model,
+                    'user_count': user_count,
+                    'vote_count': vote_count,
+                    'suspicious_users': suspicious_users_list
+                })
+        
+        # Get users with high model bias
+        biased_users = []
+        for model in top_models:
+            # Check recent voters for this model
+            recent_voters = db.session.query(Vote.user_id).filter(
+                Vote.model_chosen == model.id
+            ).distinct().limit(20).all()
+            
+            for voter in recent_voters:
+                if voter.user_id:
+                    is_biased, bias_ratio, votes_for_model, total_votes = detect_model_bias(
+                        voter.user_id, model.id
+                    )
+                    if is_biased and total_votes >= 5:
+                        user = User.query.get(voter.user_id)
+                        if user:
+                            biased_users.append({
+                                'user': user,
+                                'model': model,
+                                'bias_ratio': bias_ratio,
+                                'votes_for_model': votes_for_model,
+                                'total_votes': total_votes
+                            })
+        
+        # Remove duplicates and sort by bias ratio
+        seen_users = set()
+        unique_biased_users = []
+        for item in biased_users:
+            user_model_key = (item['user'].id, item['model'].id)
+            if user_model_key not in seen_users:
+                seen_users.add(user_model_key)
+                unique_biased_users.append(item)
+        
+        unique_biased_users.sort(key=lambda x: x['bias_ratio'], reverse=True)
+        
+        # Get recent security blocks from logs (if available)
+        security_blocks = []
+        try:
+            # This would require parsing application logs
+            # For now, we'll show a placeholder
+            pass
+        except Exception:
+            pass
+        
+        return render_template(
+            "admin/security.html",
+            suspicious_users=suspicious_users[:20],  # Limit to top 20
+            coordinated_campaigns=coordinated_campaigns,
+            biased_users=unique_biased_users[:20],  # Limit to top 20
+            security_blocks=security_blocks
+        )
+        
+    except ImportError:
+        flash("Security module not available", "error")
+        return redirect(url_for("admin.index"))
+    except Exception as e:
+        flash(f"Error loading security data: {str(e)}", "error")
+        return redirect(url_for("admin.index")) 

app.py

@@ -1,33 +1,1528 @@
-from flask import Flask, render_template_string
+import os
+from huggingface_hub import HfApi, hf_hub_download
+from apscheduler.schedulers.background import BackgroundScheduler
+from concurrent.futures import ThreadPoolExecutor
+from datetime import datetime
+import threading # Added for locking
+from sqlalchemy import or_ # Added for vote counting query
+
+year = datetime.now().year
+month = datetime.now().month
+
+# Check if running in a Huggin Face Space
+IS_SPACES = False
+if os.getenv("SPACE_REPO_NAME"):
+    print("Running in a Hugging Face Space 🤗")
+    IS_SPACES = True
+
+    # Setup database sync for HF Spaces
+    if not os.path.exists("instance/tts_arena.db"):
+        os.makedirs("instance", exist_ok=True)
+        try:
+            print("Database not found, downloading from HF dataset...")
+            hf_hub_download(
+                repo_id="TTS-AGI/database-arena-v2",
+                filename="tts_arena.db",
+                repo_type="dataset",
+                local_dir="instance",
+                token=os.getenv("HF_TOKEN"),
+            )
+            print("Database downloaded successfully ✅")
+        except Exception as e:
+            print(f"Error downloading database from HF dataset: {str(e)} ⚠️")
+
+from flask import (
+    Flask,
+    render_template,
+    g,
+    request,
+    jsonify,
+    send_file,
+    redirect,
+    url_for,
+    session,
+    abort,
+)
+from flask_login import LoginManager, current_user
+from models import *
+from auth import auth, init_oauth, is_admin
+from admin import admin
+from security import is_vote_allowed, check_user_security_score
+import os
+from dotenv import load_dotenv
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
+import uuid
+import tempfile
+import shutil
+from tts import predict_tts
+import random
+import json
+from datetime import datetime, timedelta
+from flask_migrate import Migrate
+import requests
+import functools
+import time # Added for potential retries
+
+
+def get_client_ip():
+    """Get the client's IP address, handling proxies and load balancers."""
+    # Check for forwarded headers first (common with reverse proxies)
+    if request.headers.get('X-Forwarded-For'):
+        # X-Forwarded-For can contain multiple IPs, take the first one
+        return request.headers.get('X-Forwarded-For').split(',')[0].strip()
+    elif request.headers.get('X-Real-IP'):
+        return request.headers.get('X-Real-IP')
+    elif request.headers.get('CF-Connecting-IP'):  # Cloudflare
+        return request.headers.get('CF-Connecting-IP')
+    else:
+        return request.remote_addr
+
+
+# Load environment variables
+if not IS_SPACES:
+    load_dotenv()  # Only load .env if not running in a Hugging Face Space
 
 app = Flask(__name__)
+app.config["SECRET_KEY"] = os.getenv("SECRET_KEY", os.urandom(24))
+app.config["SQLALCHEMY_DATABASE_URI"] = os.getenv(
+    "DATABASE_URI", "sqlite:///tts_arena.db"
+)
+app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
+app.config["SESSION_COOKIE_SECURE"] = True
+app.config["SESSION_COOKIE_SAMESITE"] = (
+    "None" if IS_SPACES else "Lax"
+)  # HF Spaces uses iframes to load the app, so we need to set SAMESITE to None
+app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(days=30)  # Set to desired duration
+
+# Force HTTPS when running in HuggingFace Spaces
+if IS_SPACES:
+    app.config["PREFERRED_URL_SCHEME"] = "https"
+
+# Cloudflare Turnstile settings
+app.config["TURNSTILE_ENABLED"] = (
+    os.getenv("TURNSTILE_ENABLED", "False").lower() == "true"
+)
+app.config["TURNSTILE_SITE_KEY"] = os.getenv("TURNSTILE_SITE_KEY", "")
+app.config["TURNSTILE_SECRET_KEY"] = os.getenv("TURNSTILE_SECRET_KEY", "")
+app.config["TURNSTILE_VERIFY_URL"] = (
+    "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+)
+
+migrate = Migrate(app, db)
+
+# Initialize extensions
+db.init_app(app)
+login_manager = LoginManager()
+login_manager.init_app(app)
+login_manager.login_view = "auth.login"
+
+# Initialize OAuth
+init_oauth(app)
+
+# Configure rate limits
+limiter = Limiter(
+    app=app,
+    key_func=get_remote_address,
+    default_limits=["2000 per day", "50 per minute"],
+    storage_uri="memory://",
+)
+
+# TTS Cache Configuration - Read from environment
+TTS_CACHE_SIZE = int(os.getenv("TTS_CACHE_SIZE", "10"))
+CACHE_AUDIO_SUBDIR = "cache"
+tts_cache = {} # sentence -> {model_a, model_b, audio_a, audio_b, created_at}
+tts_cache_lock = threading.Lock()
+SMOOTHING_FACTOR_MODEL_SELECTION = 500 # For weighted random model selection
+# Increased max_workers to 8 for concurrent generation/refill
+cache_executor = ThreadPoolExecutor(max_workers=8, thread_name_prefix='CacheReplacer')
+all_harvard_sentences = [] # Keep the full list available
+
+# Create temp directories
+TEMP_AUDIO_DIR = os.path.join(tempfile.gettempdir(), "tts_arena_audio")
+CACHE_AUDIO_DIR = os.path.join(TEMP_AUDIO_DIR, CACHE_AUDIO_SUBDIR)
+os.makedirs(TEMP_AUDIO_DIR, exist_ok=True)
+os.makedirs(CACHE_AUDIO_DIR, exist_ok=True) # Ensure cache subdir exists
+
+
+# Store active TTS sessions
+app.tts_sessions = {}
+tts_sessions = app.tts_sessions
+
+# Store active conversational sessions
+app.conversational_sessions = {}
+conversational_sessions = app.conversational_sessions
+
+# Register blueprints
+app.register_blueprint(auth, url_prefix="/auth")
+app.register_blueprint(admin)
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+@app.before_request
+def before_request():
+    g.user = current_user
+    g.is_admin = is_admin(current_user)
+
+    # Ensure HTTPS for HuggingFace Spaces environment
+    if IS_SPACES and request.headers.get("X-Forwarded-Proto") == "http":
+        url = request.url.replace("http://", "https://", 1)
+        return redirect(url, code=301)
+
+    # Check if Turnstile verification is required
+    if app.config["TURNSTILE_ENABLED"]:
+        # Exclude verification routes
+        excluded_routes = ["verify_turnstile", "turnstile_page", "static"]
+        if request.endpoint not in excluded_routes:
+            # Check if user is verified
+            if not session.get("turnstile_verified"):
+                # Save original URL for redirect after verification
+                redirect_url = request.url
+                # Force HTTPS in HuggingFace Spaces
+                if IS_SPACES and redirect_url.startswith("http://"):
+                    redirect_url = redirect_url.replace("http://", "https://", 1)
+
+                # If it's an API request, return a JSON response
+                if request.path.startswith("/api/"):
+                    return jsonify({"error": "Turnstile verification required"}), 403
+                # For regular requests, redirect to verification page
+                return redirect(url_for("turnstile_page", redirect_url=redirect_url))
+            else:
+                # Check if verification has expired (default: 24 hours)
+                verification_timeout = (
+                    int(os.getenv("TURNSTILE_TIMEOUT_HOURS", "24")) * 3600
+                )  # Convert hours to seconds
+                verified_at = session.get("turnstile_verified_at", 0)
+                current_time = datetime.utcnow().timestamp()
+
+                if current_time - verified_at > verification_timeout:
+                    # Verification expired, clear status and redirect to verification page
+                    session.pop("turnstile_verified", None)
+                    session.pop("turnstile_verified_at", None)
+
+                    redirect_url = request.url
+                    # Force HTTPS in HuggingFace Spaces
+                    if IS_SPACES and redirect_url.startswith("http://"):
+                        redirect_url = redirect_url.replace("http://", "https://", 1)
+
+                    if request.path.startswith("/api/"):
+                        return jsonify({"error": "Turnstile verification expired"}), 403
+                    return redirect(
+                        url_for("turnstile_page", redirect_url=redirect_url)
+                    )
+
+
+@app.route("/turnstile", methods=["GET"])
+def turnstile_page():
+    """Display Cloudflare Turnstile verification page"""
+    redirect_url = request.args.get("redirect_url", url_for("arena", _external=True))
 
-HTML = """
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Maintenance</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <script src="https://cdn.tailwindcss.com"></script>
-</head>
-<body class="bg-gray-100 flex items-center justify-center h-screen">
-    <div class="bg-white p-8 rounded-2xl shadow-lg text-center max-w-md">
-        <svg class="mx-auto mb-4 w-16 h-16 text-yellow-500" fill="none" stroke="currentColor" stroke-width="1.5"
-             viewBox="0 0 24 24">
-            <path stroke-linecap="round" stroke-linejoin="round"
-                  d="M12 9v2m0 4h.01M4.93 4.93a10 10 0 0114.14 0 10 10 0 010 14.14 10 10 0 01-14.14 0 10 10 0 010-14.14z"/>
-        </svg>
-        <h1 class="text-2xl font-bold text-gray-800 mb-2">We'll be back soon!</h1>
-        <p class="text-gray-600">The TTS Arena is temporarily undergoing maintenance.<br>Thank you for your patience.</p>
-    </div>
-</body>
-</html>
-"""
+    # Force HTTPS in HuggingFace Spaces
+    if IS_SPACES and redirect_url.startswith("http://"):
+        redirect_url = redirect_url.replace("http://", "https://", 1)
+
+    return render_template(
+        "turnstile.html",
+        turnstile_site_key=app.config["TURNSTILE_SITE_KEY"],
+        redirect_url=redirect_url,
+    )
+
+
+@app.route("/verify-turnstile", methods=["POST"])
+def verify_turnstile():
+    """Verify Cloudflare Turnstile token"""
+    token = request.form.get("cf-turnstile-response")
+    redirect_url = request.form.get("redirect_url", url_for("arena", _external=True))
+
+    # Force HTTPS in HuggingFace Spaces
+    if IS_SPACES and redirect_url.startswith("http://"):
+        redirect_url = redirect_url.replace("http://", "https://", 1)
+
+    if not token:
+        # If AJAX request, return JSON error
+        if request.headers.get("X-Requested-With") == "XMLHttpRequest":
+            return (
+                jsonify({"success": False, "error": "Missing verification token"}),
+                400,
+            )
+        # Otherwise redirect back to turnstile page
+        return redirect(url_for("turnstile_page", redirect_url=redirect_url))
+
+    # Verify token with Cloudflare
+    data = {
+        "secret": app.config["TURNSTILE_SECRET_KEY"],
+        "response": token,
+        "remoteip": request.remote_addr,
+    }
+
+    try:
+        response = requests.post(app.config["TURNSTILE_VERIFY_URL"], data=data)
+        result = response.json()
+
+        if result.get("success"):
+            # Set verification status in session
+            session["turnstile_verified"] = True
+            session["turnstile_verified_at"] = datetime.utcnow().timestamp()
+
+            # Determine response type based on request
+            is_xhr = request.headers.get("X-Requested-With") == "XMLHttpRequest"
+            accepts_json = "application/json" in request.headers.get("Accept", "")
+
+            # If AJAX or JSON request, return success JSON
+            if is_xhr or accepts_json:
+                return jsonify({"success": True, "redirect": redirect_url})
+
+            # For regular form submissions, redirect to the target URL
+            return redirect(redirect_url)
+        else:
+            # Verification failed
+            app.logger.warning(f"Turnstile verification failed: {result}")
+
+            # If AJAX request, return JSON error
+            if request.headers.get("X-Requested-With") == "XMLHttpRequest":
+                return jsonify({"success": False, "error": "Verification failed"}), 403
+
+            # Otherwise redirect back to turnstile page
+            return redirect(url_for("turnstile_page", redirect_url=redirect_url))
+
+    except Exception as e:
+        app.logger.error(f"Turnstile verification error: {str(e)}")
+
+        # If AJAX request, return JSON error
+        if request.headers.get("X-Requested-With") == "XMLHttpRequest":
+            return (
+                jsonify(
+                    {"success": False, "error": "Server error during verification"}
+                ),
+                500,
+            )
+
+        # Otherwise redirect back to turnstile page
+        return redirect(url_for("turnstile_page", redirect_url=redirect_url))
+
+with open("sentences.txt", "r") as f, open("emotional_sentences.txt", "r") as f_emotional:
+    # Store all sentences and clean them up
+    all_harvard_sentences = [line.strip() for line in f.readlines() if line.strip()] + [line.strip() for line in f_emotional.readlines() if line.strip()]
+    # Shuffle for initial random selection if needed, but main list remains ordered
+    initial_sentences = random.sample(all_harvard_sentences, min(len(all_harvard_sentences), 500)) # Limit initial pass for template
 
 @app.route("/")
-def maintenance():
-    return render_template_string(HTML)
+def arena():
+    # Pass a subset of sentences for the random button fallback
+    return render_template("arena.html", harvard_sentences=json.dumps(initial_sentences))
+
+
+@app.route("/leaderboard")
+def leaderboard():
+    tts_leaderboard = get_leaderboard_data(ModelType.TTS)
+    conversational_leaderboard = get_leaderboard_data(ModelType.CONVERSATIONAL)
+    top_voters = get_top_voters(10)  # Get top 10 voters
+
+    # Initialize personal leaderboard data
+    tts_personal_leaderboard = None
+    conversational_personal_leaderboard = None
+    user_leaderboard_visibility = None
+
+    # If user is logged in, get their personal leaderboard and visibility setting
+    if current_user.is_authenticated:
+        tts_personal_leaderboard = get_user_leaderboard(current_user.id, ModelType.TTS)
+        conversational_personal_leaderboard = get_user_leaderboard(
+            current_user.id, ModelType.CONVERSATIONAL
+        )
+        user_leaderboard_visibility = current_user.show_in_leaderboard
+
+    # Get key dates for the timeline
+    tts_key_dates = get_key_historical_dates(ModelType.TTS)
+    conversational_key_dates = get_key_historical_dates(ModelType.CONVERSATIONAL)
+
+    # Format dates for display in the dropdown
+    formatted_tts_dates = [date.strftime("%B %Y") for date in tts_key_dates]
+    formatted_conversational_dates = [
+        date.strftime("%B %Y") for date in conversational_key_dates
+    ]
+
+    return render_template(
+        "leaderboard.html",
+        tts_leaderboard=tts_leaderboard,
+        conversational_leaderboard=conversational_leaderboard,
+        tts_personal_leaderboard=tts_personal_leaderboard,
+        conversational_personal_leaderboard=conversational_personal_leaderboard,
+        tts_key_dates=tts_key_dates,
+        conversational_key_dates=conversational_key_dates,
+        formatted_tts_dates=formatted_tts_dates,
+        formatted_conversational_dates=formatted_conversational_dates,
+        top_voters=top_voters,
+        user_leaderboard_visibility=user_leaderboard_visibility
+    )
+
+
+@app.route("/api/historical-leaderboard/<model_type>")
+def historical_leaderboard(model_type):
+    """Get historical leaderboard data for a specific date"""
+    if model_type not in [ModelType.TTS, ModelType.CONVERSATIONAL]:
+        return jsonify({"error": "Invalid model type"}), 400
+
+    # Get date from query parameter
+    date_str = request.args.get("date")
+    if not date_str:
+        return jsonify({"error": "Date parameter is required"}), 400
+
+    try:
+        # Parse date from URL parameter (format: YYYY-MM-DD)
+        target_date = datetime.strptime(date_str, "%Y-%m-%d")
+
+        # Get historical leaderboard data
+        leaderboard_data = get_historical_leaderboard_data(model_type, target_date)
+
+        return jsonify(
+            {"date": target_date.strftime("%B %d, %Y"), "leaderboard": leaderboard_data}
+        )
+    except ValueError:
+        return jsonify({"error": "Invalid date format. Use YYYY-MM-DD"}), 400
+
+
+@app.route("/about")
+def about():
+    return render_template("about.html")
+
+
+# --- TTS Caching Functions ---
+
+def generate_and_save_tts(text, model_id, output_dir):
+    """Generates TTS and saves it to a specific directory, returning the full path."""
+    temp_audio_path = None # Initialize to None
+    try:
+        app.logger.debug(f"[TTS Gen {model_id}] Starting generation for: '{text[:30]}...'")
+        # If predict_tts saves file itself and returns path:
+        temp_audio_path = predict_tts(text, model_id)
+        app.logger.debug(f"[TTS Gen {model_id}] predict_tts returned: {temp_audio_path}")
+
+        if not temp_audio_path or not os.path.exists(temp_audio_path):
+            app.logger.warning(f"[TTS Gen {model_id}] predict_tts failed or returned invalid path: {temp_audio_path}")
+            raise ValueError("predict_tts did not return a valid path or file does not exist")
+
+        file_uuid = str(uuid.uuid4())
+        dest_path = os.path.join(output_dir, f"{file_uuid}.wav")
+        app.logger.debug(f"[TTS Gen {model_id}] Moving {temp_audio_path} to {dest_path}")
+        # Move the file generated by predict_tts to the target cache directory
+        shutil.move(temp_audio_path, dest_path)
+        app.logger.debug(f"[TTS Gen {model_id}] Move successful. Returning {dest_path}")
+        return dest_path
+
+    except Exception as e:
+        app.logger.error(f"Error generating/saving TTS for model {model_id} and text '{text[:30]}...': {str(e)}")
+        # Ensure temporary file from predict_tts (if any) is cleaned up
+        if temp_audio_path and os.path.exists(temp_audio_path):
+            try:
+                app.logger.debug(f"[TTS Gen {model_id}] Cleaning up temporary file {temp_audio_path} after error.")
+                os.remove(temp_audio_path)
+            except OSError:
+                pass # Ignore error if file couldn't be removed
+        return None
+
+
+def _generate_cache_entry_task(sentence):
+    """Task function to generate audio for a sentence and add to cache."""
+    # Wrap the entire task in an application context
+    with app.app_context():
+        if not sentence:
+            # Select a new sentence if not provided (for replacement)
+            with tts_cache_lock:
+                cached_keys = set(tts_cache.keys())
+            available_sentences = [s for s in all_harvard_sentences if s not in cached_keys]
+            if not available_sentences:
+                app.logger.warning("No more unique Harvard sentences available for caching.")
+                return
+            sentence = random.choice(available_sentences)
+
+        # app.logger.info removed duplicate log
+        print(f"[Cache Task] Querying models for: '{sentence[:50]}...'")
+        available_models = Model.query.filter_by(
+            model_type=ModelType.TTS, is_active=True
+        ).all()
+
+        if len(available_models) < 2:
+            app.logger.error("Not enough active TTS models to generate cache entry.")
+            return
+
+        try:
+            models = get_weighted_random_models(available_models, 2, ModelType.TTS)
+            model_a_id = models[0].id
+            model_b_id = models[1].id
+
+            # Generate audio concurrently using a local executor for clarity within the task
+            with ThreadPoolExecutor(max_workers=2, thread_name_prefix='AudioGen') as audio_executor:
+                future_a = audio_executor.submit(generate_and_save_tts, sentence, model_a_id, CACHE_AUDIO_DIR)
+                future_b = audio_executor.submit(generate_and_save_tts, sentence, model_b_id, CACHE_AUDIO_DIR)
+
+                timeout_seconds = 120
+                audio_a_path = future_a.result(timeout=timeout_seconds)
+                audio_b_path = future_b.result(timeout=timeout_seconds)
+
+            if audio_a_path and audio_b_path:
+                with tts_cache_lock:
+                    # Only add if the sentence isn't already back in the cache
+                    # And ensure cache size doesn't exceed limit
+                    if sentence not in tts_cache and len(tts_cache) < TTS_CACHE_SIZE:
+                        tts_cache[sentence] = {
+                            "model_a": model_a_id,
+                            "model_b": model_b_id,
+                            "audio_a": audio_a_path,
+                            "audio_b": audio_b_path,
+                            "created_at": datetime.utcnow(),
+                        }
+                        app.logger.info(f"Successfully cached entry for: '{sentence[:50]}...'")
+                    elif sentence in tts_cache:
+                         app.logger.warning(f"Sentence '{sentence[:50]}...' already re-cached. Discarding new generation.")
+                         # Clean up the newly generated files if not added
+                         if os.path.exists(audio_a_path): os.remove(audio_a_path)
+                         if os.path.exists(audio_b_path): os.remove(audio_b_path)
+                    else: # Cache is full
+                        app.logger.warning(f"Cache is full ({len(tts_cache)} entries). Discarding new generation for '{sentence[:50]}...'.")
+                        # Clean up the newly generated files if not added
+                        if os.path.exists(audio_a_path): os.remove(audio_a_path)
+                        if os.path.exists(audio_b_path): os.remove(audio_b_path)
+
+            else:
+                app.logger.error(f"Failed to generate one or both audio files for cache: '{sentence[:50]}...'")
+                # Clean up whichever file might have been created
+                if audio_a_path and os.path.exists(audio_a_path): os.remove(audio_a_path)
+                if audio_b_path and os.path.exists(audio_b_path): os.remove(audio_b_path)
+
+        except Exception as e:
+            # Log the exception within the app context
+            app.logger.error(f"Exception in _generate_cache_entry_task for '{sentence[:50]}...': {str(e)}", exc_info=True)
+
+
+def initialize_tts_cache():
+    print("Initializing TTS cache")
+    """Selects initial sentences and starts generation tasks."""
+    with app.app_context(): # Ensure access to models
+        if not all_harvard_sentences:
+            app.logger.error("Harvard sentences not loaded. Cannot initialize cache.")
+            return
+
+        initial_selection = random.sample(all_harvard_sentences, min(len(all_harvard_sentences), TTS_CACHE_SIZE))
+        app.logger.info(f"Initializing TTS cache with {len(initial_selection)} sentences...")
+
+        for sentence in initial_selection:
+            # Use the main cache_executor for initial population too
+            cache_executor.submit(_generate_cache_entry_task, sentence)
+        app.logger.info("Submitted initial cache generation tasks.")
+
+# --- End TTS Caching Functions ---
+
+
+@app.route("/api/tts/generate", methods=["POST"])
+@limiter.limit("10 per minute") # Keep limit, cached responses are still requests
+def generate_tts():
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    # Require user to be logged in to generate audio
+    if not current_user.is_authenticated:
+        return jsonify({"error": "You must be logged in to generate audio"}), 401
+
+    data = request.json
+    text = data.get("text", "").strip() # Ensure text is stripped
+
+    if not text or len(text) > 1000:
+        return jsonify({"error": "Invalid or too long text"}), 400
+
+    # --- Cache Check ---
+    cache_hit = False
+    session_data_from_cache = None
+    with tts_cache_lock:
+        if text in tts_cache:
+            cache_hit = True
+            cached_entry = tts_cache.pop(text) # Remove from cache immediately
+            app.logger.info(f"TTS Cache HIT for: '{text[:50]}...'")
+
+            # Prepare session data using cached info
+            session_id = str(uuid.uuid4())
+            session_data_from_cache = {
+                "model_a": cached_entry["model_a"],
+                "model_b": cached_entry["model_b"],
+                "audio_a": cached_entry["audio_a"], # Paths are now from cache_dir
+                "audio_b": cached_entry["audio_b"],
+                "text": text,
+                "created_at": datetime.utcnow(),
+                "expires_at": datetime.utcnow() + timedelta(minutes=30),
+                "voted": False,
+                "cache_hit": True,
+            }
+            app.tts_sessions[session_id] = session_data_from_cache
+
+            # --- Trigger background tasks to refill the cache ---
+            # Calculate how many slots need refilling
+            current_cache_size = len(tts_cache) # Size *before* adding potentially new items
+            needed_refills = TTS_CACHE_SIZE - current_cache_size
+            # Limit concurrent refills to 8 or the actual need
+            refills_to_submit = min(needed_refills, 8)
+
+            if refills_to_submit > 0:
+                app.logger.info(f"Cache hit: Submitting {refills_to_submit} background task(s) to refill cache (current size: {current_cache_size}, target: {TTS_CACHE_SIZE}).")
+                for _ in range(refills_to_submit):
+                     # Pass None to signal replacement selection within the task
+                    cache_executor.submit(_generate_cache_entry_task, None)
+            else:
+                app.logger.info(f"Cache hit: Cache is already full or at target size ({current_cache_size}/{TTS_CACHE_SIZE}). No refill tasks submitted.")
+            # --- End Refill Trigger ---
+
+    if cache_hit and session_data_from_cache:
+        # Return response using cached data
+        # Note: The files are now managed by the session lifecycle (cleanup_session)
+        return jsonify(
+            {
+                "session_id": session_id,
+                "audio_a": f"/api/tts/audio/{session_id}/a",
+                "audio_b": f"/api/tts/audio/{session_id}/b",
+                "expires_in": 1800,  # 30 minutes in seconds
+                "cache_hit": True,
+            }
+        )
+    # --- End Cache Check ---
+
+    # --- Cache Miss: Generate on the fly ---
+    app.logger.info(f"TTS Cache MISS for: '{text[:50]}...'. Generating on the fly.")
+    available_models = Model.query.filter_by(
+        model_type=ModelType.TTS, is_active=True
+    ).all()
+    if len(available_models) < 2:
+        return jsonify({"error": "Not enough TTS models available"}), 500
+
+    selected_models = get_weighted_random_models(available_models, 2, ModelType.TTS)
+
+    try:
+        audio_files = []
+        model_ids = []
+
+        # Function to process a single model (generate directly to TEMP_AUDIO_DIR, not cache subdir)
+        def process_model_on_the_fly(model):
+             # Generate and save directly to the main temp dir
+             # Assume predict_tts handles saving temporary files
+             temp_audio_path = predict_tts(text, model.id)
+             if not temp_audio_path or not os.path.exists(temp_audio_path):
+                 raise ValueError(f"predict_tts failed for model {model.id}")
+
+             # Create a unique name in the main TEMP_AUDIO_DIR for the session
+             file_uuid = str(uuid.uuid4())
+             dest_path = os.path.join(TEMP_AUDIO_DIR, f"{file_uuid}.wav")
+             shutil.move(temp_audio_path, dest_path) # Move from predict_tts's temp location
+
+             return {"model_id": model.id, "audio_path": dest_path}
+
+
+        # Use ThreadPoolExecutor to process models concurrently
+        with ThreadPoolExecutor(max_workers=2) as executor:
+            results = list(executor.map(process_model_on_the_fly, selected_models))
+
+        # Extract results
+        for result in results:
+            model_ids.append(result["model_id"])
+            audio_files.append(result["audio_path"])
+
+        # Create session
+        session_id = str(uuid.uuid4())
+        app.tts_sessions[session_id] = {
+            "model_a": model_ids[0],
+            "model_b": model_ids[1],
+            "audio_a": audio_files[0], # Paths are now from TEMP_AUDIO_DIR directly
+            "audio_b": audio_files[1],
+            "text": text,
+            "created_at": datetime.utcnow(),
+            "expires_at": datetime.utcnow() + timedelta(minutes=30),
+            "voted": False,
+            "cache_hit": False,
+        }
+
+        # Return audio file paths and session
+        return jsonify(
+            {
+                "session_id": session_id,
+                "audio_a": f"/api/tts/audio/{session_id}/a",
+                "audio_b": f"/api/tts/audio/{session_id}/b",
+                "expires_in": 1800,
+                "cache_hit": False,
+            }
+        )
+
+    except Exception as e:
+        app.logger.error(f"TTS on-the-fly generation error: {str(e)}", exc_info=True)
+        # Cleanup any files potentially created during the failed attempt
+        if 'results' in locals():
+             for res in results:
+                 if 'audio_path' in res and os.path.exists(res['audio_path']):
+                     try:
+                         os.remove(res['audio_path'])
+                     except OSError:
+                         pass
+        return jsonify({"error": "Failed to generate TTS"}), 500
+    # --- End Cache Miss ---
+
+
+@app.route("/api/tts/audio/<session_id>/<model_key>")
+def get_audio(session_id, model_key):
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    if session_id not in app.tts_sessions:
+        return jsonify({"error": "Invalid or expired session"}), 404
+
+    session_data = app.tts_sessions[session_id]
+
+    # Check if session expired
+    if datetime.utcnow() > session_data["expires_at"]:
+        cleanup_session(session_id)
+        return jsonify({"error": "Session expired"}), 410
+
+    if model_key == "a":
+        audio_path = session_data["audio_a"]
+    elif model_key == "b":
+        audio_path = session_data["audio_b"]
+    else:
+        return jsonify({"error": "Invalid model key"}), 400
+
+    # Check if file exists
+    if not os.path.exists(audio_path):
+        return jsonify({"error": "Audio file not found"}), 404
+
+    return send_file(audio_path, mimetype="audio/wav")
+
+
+@app.route("/api/tts/vote", methods=["POST"])
+@limiter.limit("30 per minute")
+def submit_vote():
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    # Require user to be logged in to vote
+    if not current_user.is_authenticated:
+        return jsonify({"error": "You must be logged in to vote"}), 401
+
+    # Security checks for vote manipulation prevention
+    client_ip = get_client_ip()
+    vote_allowed, security_reason, security_score = is_vote_allowed(current_user.id, client_ip)
+    
+    if not vote_allowed:
+        app.logger.warning(f"Vote blocked for user {current_user.username} (ID: {current_user.id}): {security_reason} (Score: {security_score})")
+        return jsonify({"error": f"Vote not allowed: {security_reason}"}), 403
+
+    data = request.json
+    session_id = data.get("session_id")
+    chosen_model_key = data.get("chosen_model")  # "a" or "b"
+
+    if not session_id or session_id not in app.tts_sessions:
+        return jsonify({"error": "Invalid or expired session"}), 404
+
+    if not chosen_model_key or chosen_model_key not in ["a", "b"]:
+        return jsonify({"error": "Invalid chosen model"}), 400
+
+    session_data = app.tts_sessions[session_id]
+
+    # Check if session expired
+    if datetime.utcnow() > session_data["expires_at"]:
+        cleanup_session(session_id)
+        return jsonify({"error": "Session expired"}), 410
+
+    # Check if already voted
+    if session_data["voted"]:
+        return jsonify({"error": "Vote already submitted for this session"}), 400
+
+    # Get model IDs and audio paths
+    chosen_id = (
+        session_data["model_a"] if chosen_model_key == "a" else session_data["model_b"]
+    )
+    rejected_id = (
+        session_data["model_b"] if chosen_model_key == "a" else session_data["model_a"]
+    )
+    chosen_audio_path = (
+        session_data["audio_a"] if chosen_model_key == "a" else session_data["audio_b"]
+    )
+    rejected_audio_path = (
+        session_data["audio_b"] if chosen_model_key == "a" else session_data["audio_a"]
+    )
+
+    # Calculate session duration and gather analytics data
+    vote_time = datetime.utcnow()
+    session_duration = (vote_time - session_data["created_at"]).total_seconds()
+    client_ip = get_client_ip()
+    user_agent = request.headers.get('User-Agent')
+    cache_hit = session_data.get("cache_hit", False)
+
+    # Record vote in database with analytics data
+    vote, error = record_vote(
+        current_user.id, 
+        session_data["text"], 
+        chosen_id, 
+        rejected_id, 
+        ModelType.TTS,
+        session_duration=session_duration,
+        ip_address=client_ip,
+        user_agent=user_agent,
+        generation_date=session_data["created_at"],
+        cache_hit=cache_hit
+    )
+
+    if error:
+        return jsonify({"error": error}), 500
+
+    # --- Save preference data ---
+    try:
+        vote_uuid = str(uuid.uuid4())
+        vote_dir = os.path.join("./votes", vote_uuid)
+        os.makedirs(vote_dir, exist_ok=True)
+
+        # Copy audio files
+        shutil.copy(chosen_audio_path, os.path.join(vote_dir, "chosen.wav"))
+        shutil.copy(rejected_audio_path, os.path.join(vote_dir, "rejected.wav"))
+
+        # Create metadata
+        chosen_model_obj = Model.query.get(chosen_id)
+        rejected_model_obj = Model.query.get(rejected_id)
+        metadata = {
+            "text": session_data["text"],
+            "chosen_model": chosen_model_obj.name if chosen_model_obj else "Unknown",
+            "chosen_model_id": chosen_model_obj.id if chosen_model_obj else "Unknown",
+            "rejected_model": rejected_model_obj.name if rejected_model_obj else "Unknown",
+            "rejected_model_id": rejected_model_obj.id if rejected_model_obj else "Unknown",
+            "session_id": session_id,
+            "timestamp": datetime.utcnow().isoformat(),
+            "username": current_user.username,
+            "model_type": "TTS"
+        }
+        with open(os.path.join(vote_dir, "metadata.json"), "w") as f:
+            json.dump(metadata, f, indent=2)
+
+    except Exception as e:
+        app.logger.error(f"Error saving preference data for vote {session_id}: {str(e)}")
+        # Continue even if saving preference data fails, vote is already recorded
+
+    # Mark session as voted
+    session_data["voted"] = True
+
+    # Return updated models (use previously fetched objects)
+    return jsonify(
+        {
+            "success": True,
+            "chosen_model": {"id": chosen_id, "name": chosen_model_obj.name if chosen_model_obj else "Unknown"},
+            "rejected_model": {
+                "id": rejected_id,
+                "name": rejected_model_obj.name if rejected_model_obj else "Unknown",
+            },
+            "names": {
+                "a": (
+                    chosen_model_obj.name if chosen_model_key == "a" else rejected_model_obj.name
+                    if chosen_model_obj and rejected_model_obj else "Unknown"
+                ),
+                "b": (
+                    rejected_model_obj.name if chosen_model_key == "a" else chosen_model_obj.name
+                    if chosen_model_obj and rejected_model_obj else "Unknown"
+                ),
+            },
+        }
+    )
+
+
+def cleanup_session(session_id):
+    """Remove session and its audio files"""
+    if session_id in app.tts_sessions:
+        session = app.tts_sessions[session_id]
+
+        # Remove audio files
+        for audio_file in [session["audio_a"], session["audio_b"]]:
+            if os.path.exists(audio_file):
+                try:
+                    os.remove(audio_file)
+                except Exception as e:
+                    app.logger.error(f"Error removing audio file: {str(e)}")
+
+        # Remove session
+        del app.tts_sessions[session_id]
+
+
+@app.route("/api/conversational/generate", methods=["POST"])
+@limiter.limit("5 per minute")
+def generate_podcast():
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    # Require user to be logged in to generate audio
+    if not current_user.is_authenticated:
+        return jsonify({"error": "You must be logged in to generate audio"}), 401
+
+    data = request.json
+    script = data.get("script")
+
+    if not script or not isinstance(script, list) or len(script) < 2:
+        return jsonify({"error": "Invalid script format or too short"}), 400
+
+    # Validate script format
+    for line in script:
+        if not isinstance(line, dict) or "text" not in line or "speaker_id" not in line:
+            return (
+                jsonify(
+                    {
+                        "error": "Invalid script line format. Each line must have text and speaker_id"
+                    }
+                ),
+                400,
+            )
+        if (
+            not line["text"]
+            or not isinstance(line["speaker_id"], int)
+            or line["speaker_id"] not in [0, 1]
+        ):
+            return (
+                jsonify({"error": "Invalid script content. Speaker ID must be 0 or 1"}),
+                400,
+            )
+
+    # Get two conversational models (currently only CSM and PlayDialog)
+    available_models = Model.query.filter_by(
+        model_type=ModelType.CONVERSATIONAL, is_active=True
+    ).all()
+
+    if len(available_models) < 2:
+        return jsonify({"error": "Not enough conversational models available"}), 500
+
+    selected_models = get_weighted_random_models(available_models, 2, ModelType.CONVERSATIONAL)
+
+    try:
+        # Generate audio for both models concurrently
+        audio_files = []
+        model_ids = []
+
+        # Function to process a single model
+        def process_model(model):
+            # Call conversational TTS service
+            audio_content = predict_tts(script, model.id)
+
+            # Save to temp file with unique name
+            file_uuid = str(uuid.uuid4())
+            dest_path = os.path.join(TEMP_AUDIO_DIR, f"{file_uuid}.wav")
+
+            with open(dest_path, "wb") as f:
+                f.write(audio_content)
+
+            return {"model_id": model.id, "audio_path": dest_path}
+
+        # Use ThreadPoolExecutor to process models concurrently
+        with ThreadPoolExecutor(max_workers=2) as executor:
+            results = list(executor.map(process_model, selected_models))
+
+        # Extract results
+        for result in results:
+            model_ids.append(result["model_id"])
+            audio_files.append(result["audio_path"])
+
+        # Create session
+        session_id = str(uuid.uuid4())
+        script_text = " ".join([line["text"] for line in script])
+        app.conversational_sessions[session_id] = {
+            "model_a": model_ids[0],
+            "model_b": model_ids[1],
+            "audio_a": audio_files[0],
+            "audio_b": audio_files[1],
+            "text": script_text[:1000],  # Limit text length
+            "created_at": datetime.utcnow(),
+            "expires_at": datetime.utcnow() + timedelta(minutes=30),
+            "voted": False,
+            "script": script,
+            "cache_hit": False,  # Conversational is always generated on-demand
+        }
+
+        # Return audio file paths and session
+        return jsonify(
+            {
+                "session_id": session_id,
+                "audio_a": f"/api/conversational/audio/{session_id}/a",
+                "audio_b": f"/api/conversational/audio/{session_id}/b",
+                "expires_in": 1800,  # 30 minutes in seconds
+            }
+        )
+
+    except Exception as e:
+        app.logger.error(f"Conversational generation error: {str(e)}")
+        return jsonify({"error": f"Failed to generate podcast: {str(e)}"}), 500
+
+
+@app.route("/api/conversational/audio/<session_id>/<model_key>")
+def get_podcast_audio(session_id, model_key):
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    if session_id not in app.conversational_sessions:
+        return jsonify({"error": "Invalid or expired session"}), 404
+
+    session_data = app.conversational_sessions[session_id]
+
+    # Check if session expired
+    if datetime.utcnow() > session_data["expires_at"]:
+        cleanup_conversational_session(session_id)
+        return jsonify({"error": "Session expired"}), 410
+
+    if model_key == "a":
+        audio_path = session_data["audio_a"]
+    elif model_key == "b":
+        audio_path = session_data["audio_b"]
+    else:
+        return jsonify({"error": "Invalid model key"}), 400
+
+    # Check if file exists
+    if not os.path.exists(audio_path):
+        return jsonify({"error": "Audio file not found"}), 404
+
+    return send_file(audio_path, mimetype="audio/wav")
+
+
+@app.route("/api/conversational/vote", methods=["POST"])
+@limiter.limit("30 per minute")
+def submit_podcast_vote():
+    # If verification not setup, handle it first
+    if app.config["TURNSTILE_ENABLED"] and not session.get("turnstile_verified"):
+        return jsonify({"error": "Turnstile verification required"}), 403
+
+    # Require user to be logged in to vote
+    if not current_user.is_authenticated:
+        return jsonify({"error": "You must be logged in to vote"}), 401
+
+    # Security checks for vote manipulation prevention
+    client_ip = get_client_ip()
+    vote_allowed, security_reason, security_score = is_vote_allowed(current_user.id, client_ip)
+    
+    if not vote_allowed:
+        app.logger.warning(f"Conversational vote blocked for user {current_user.username} (ID: {current_user.id}): {security_reason} (Score: {security_score})")
+        return jsonify({"error": f"Vote not allowed: {security_reason}"}), 403
+
+    data = request.json
+    session_id = data.get("session_id")
+    chosen_model_key = data.get("chosen_model")  # "a" or "b"
+
+    if not session_id or session_id not in app.conversational_sessions:
+        return jsonify({"error": "Invalid or expired session"}), 404
+
+    if not chosen_model_key or chosen_model_key not in ["a", "b"]:
+        return jsonify({"error": "Invalid chosen model"}), 400
+
+    session_data = app.conversational_sessions[session_id]
+
+    # Check if session expired
+    if datetime.utcnow() > session_data["expires_at"]:
+        cleanup_conversational_session(session_id)
+        return jsonify({"error": "Session expired"}), 410
+
+    # Check if already voted
+    if session_data["voted"]:
+        return jsonify({"error": "Vote already submitted for this session"}), 400
+
+    # Get model IDs and audio paths
+    chosen_id = (
+        session_data["model_a"] if chosen_model_key == "a" else session_data["model_b"]
+    )
+    rejected_id = (
+        session_data["model_b"] if chosen_model_key == "a" else session_data["model_a"]
+    )
+    chosen_audio_path = (
+        session_data["audio_a"] if chosen_model_key == "a" else session_data["audio_b"]
+    )
+    rejected_audio_path = (
+        session_data["audio_b"] if chosen_model_key == "a" else session_data["audio_a"]
+    )
+
+    # Calculate session duration and gather analytics data
+    vote_time = datetime.utcnow()
+    session_duration = (vote_time - session_data["created_at"]).total_seconds()
+    client_ip = get_client_ip()
+    user_agent = request.headers.get('User-Agent')
+    cache_hit = session_data.get("cache_hit", False)
+
+    # Record vote in database with analytics data
+    vote, error = record_vote(
+        current_user.id, 
+        session_data["text"], 
+        chosen_id, 
+        rejected_id, 
+        ModelType.CONVERSATIONAL,
+        session_duration=session_duration,
+        ip_address=client_ip,
+        user_agent=user_agent,
+        generation_date=session_data["created_at"],
+        cache_hit=cache_hit
+    )
+
+    if error:
+        return jsonify({"error": error}), 500
+
+    # --- Save preference data ---\
+    try:
+        vote_uuid = str(uuid.uuid4())
+        vote_dir = os.path.join("./votes", vote_uuid)
+        os.makedirs(vote_dir, exist_ok=True)
+
+        # Copy audio files
+        shutil.copy(chosen_audio_path, os.path.join(vote_dir, "chosen.wav"))
+        shutil.copy(rejected_audio_path, os.path.join(vote_dir, "rejected.wav"))
+
+        # Create metadata
+        chosen_model_obj = Model.query.get(chosen_id)
+        rejected_model_obj = Model.query.get(rejected_id)
+        metadata = {
+            "script": session_data["script"], # Save the full script
+            "chosen_model": chosen_model_obj.name if chosen_model_obj else "Unknown",
+            "chosen_model_id": chosen_model_obj.id if chosen_model_obj else "Unknown",
+            "rejected_model": rejected_model_obj.name if rejected_model_obj else "Unknown",
+            "rejected_model_id": rejected_model_obj.id if rejected_model_obj else "Unknown",
+            "session_id": session_id,
+            "timestamp": datetime.utcnow().isoformat(),
+            "username": current_user.username,
+            "model_type": "CONVERSATIONAL"
+        }
+        with open(os.path.join(vote_dir, "metadata.json"), "w") as f:
+            json.dump(metadata, f, indent=2)
+
+    except Exception as e:
+        app.logger.error(f"Error saving preference data for conversational vote {session_id}: {str(e)}")
+        # Continue even if saving preference data fails, vote is already recorded
+
+    # Mark session as voted
+    session_data["voted"] = True
+
+    # Return updated models (use previously fetched objects)
+    return jsonify(
+        {
+            "success": True,
+            "chosen_model": {"id": chosen_id, "name": chosen_model_obj.name if chosen_model_obj else "Unknown"},
+            "rejected_model": {
+                "id": rejected_id,
+                "name": rejected_model_obj.name if rejected_model_obj else "Unknown",
+            },
+            "names": {
+                "a": Model.query.get(session_data["model_a"]).name,
+                "b": Model.query.get(session_data["model_b"]).name,
+            },
+        }
+    )
+
+
+def cleanup_conversational_session(session_id):
+    """Remove conversational session and its audio files"""
+    if session_id in app.conversational_sessions:
+        session = app.conversational_sessions[session_id]
+
+        # Remove audio files
+        for audio_file in [session["audio_a"], session["audio_b"]]:
+            if os.path.exists(audio_file):
+                try:
+                    os.remove(audio_file)
+                except Exception as e:
+                    app.logger.error(
+                        f"Error removing conversational audio file: {str(e)}"
+                    )
+
+        # Remove session
+        del app.conversational_sessions[session_id]
+
+
+# Schedule periodic cleanup
+def setup_cleanup():
+    def cleanup_expired_sessions():
+        with app.app_context(): # Ensure app context for logging
+            current_time = datetime.utcnow()
+            # Cleanup TTS sessions
+            expired_tts_sessions = [
+                sid
+                for sid, session_data in app.tts_sessions.items()
+                if current_time > session_data["expires_at"]
+            ]
+            for sid in expired_tts_sessions:
+                cleanup_session(sid)
+
+            # Cleanup conversational sessions
+            expired_conv_sessions = [
+                sid
+                for sid, session_data in app.conversational_sessions.items()
+                if current_time > session_data["expires_at"]
+            ]
+            for sid in expired_conv_sessions:
+                cleanup_conversational_session(sid)
+            app.logger.info(f"Cleaned up {len(expired_tts_sessions)} TTS and {len(expired_conv_sessions)} conversational sessions.")
+
+    # Also cleanup potentially expired cache entries (e.g., > 1 hour old)
+    # This prevents stale cache entries if generation is slow or failing
+    # cleanup_stale_cache_entries()
+
+    # Run cleanup every 15 minutes
+    scheduler = BackgroundScheduler(daemon=True) # Run scheduler as daemon thread
+    scheduler.add_job(cleanup_expired_sessions, "interval", minutes=15)
+    scheduler.start()
+    print("Cleanup scheduler started") # Use print for startup messages
+
+
+# Schedule periodic tasks (database sync and preference upload)
+def setup_periodic_tasks():
+    """Setup periodic database synchronization and preference data upload for Spaces"""
+    if not IS_SPACES:
+        return
+
+    db_path = app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "instance/") # Get relative path
+    preferences_repo_id = "TTS-AGI/arena-v2-preferences"
+    database_repo_id = "TTS-AGI/database-arena-v2"
+    votes_dir = "./votes"
+
+    def sync_database():
+        """Uploads the database to HF dataset"""
+        with app.app_context(): # Ensure app context for logging
+            try:
+                if not os.path.exists(db_path):
+                    app.logger.warning(f"Database file not found at {db_path}, skipping sync.")
+                    return
+
+                api = HfApi(token=os.getenv("HF_TOKEN"))
+                api.upload_file(
+                    path_or_fileobj=db_path,
+                    path_in_repo="tts_arena.db",
+                    repo_id=database_repo_id,
+                    repo_type="dataset",
+                )
+                app.logger.info(f"Database uploaded to {database_repo_id} at {datetime.utcnow()}")
+            except Exception as e:
+                app.logger.error(f"Error uploading database to {database_repo_id}: {str(e)}")
+
+    def sync_preferences_data():
+        """Zips and uploads preference data folders in batches to HF dataset"""
+        with app.app_context(): # Ensure app context for logging
+            if not os.path.isdir(votes_dir):
+                return # Don't log every 5 mins if dir doesn't exist yet
+
+            temp_batch_dir = None # Initialize to manage cleanup
+            temp_individual_zip_dir = None # Initialize for individual zips
+            local_batch_zip_path = None # Initialize for batch zip path
+
+            try:
+                api = HfApi(token=os.getenv("HF_TOKEN"))
+                vote_uuids = [d for d in os.listdir(votes_dir) if os.path.isdir(os.path.join(votes_dir, d))]
+
+                if not vote_uuids:
+                    return # No data to process
+
+                app.logger.info(f"Found {len(vote_uuids)} vote directories to process.")
+
+                # Create temporary directories
+                temp_batch_dir = tempfile.mkdtemp(prefix="hf_batch_")
+                temp_individual_zip_dir = tempfile.mkdtemp(prefix="hf_indiv_zips_")
+                app.logger.debug(f"Created temp directories: {temp_batch_dir}, {temp_individual_zip_dir}")
+
+                processed_vote_dirs = []
+                individual_zips_in_batch = []
+
+                # 1. Create individual zips and move them to the batch directory
+                for vote_uuid in vote_uuids:
+                    dir_path = os.path.join(votes_dir, vote_uuid)
+                    individual_zip_base_path = os.path.join(temp_individual_zip_dir, vote_uuid)
+                    individual_zip_path = f"{individual_zip_base_path}.zip"
+
+                    try:
+                        shutil.make_archive(individual_zip_base_path, 'zip', dir_path)
+                        app.logger.debug(f"Created individual zip: {individual_zip_path}")
+
+                        # Move the created zip into the batch directory
+                        final_individual_zip_path = os.path.join(temp_batch_dir, f"{vote_uuid}.zip")
+                        shutil.move(individual_zip_path, final_individual_zip_path)
+                        app.logger.debug(f"Moved individual zip to batch dir: {final_individual_zip_path}")
+
+                        processed_vote_dirs.append(dir_path) # Mark original dir for later cleanup
+                        individual_zips_in_batch.append(final_individual_zip_path)
+
+                    except Exception as zip_err:
+                        app.logger.error(f"Error creating or moving zip for {vote_uuid}: {str(zip_err)}")
+                        # Clean up partial zip if it exists
+                        if os.path.exists(individual_zip_path):
+                            try:
+                                os.remove(individual_zip_path)
+                            except OSError:
+                                pass
+                        # Continue processing other votes
+
+                # Clean up the temporary dir used for creating individual zips
+                shutil.rmtree(temp_individual_zip_dir)
+                temp_individual_zip_dir = None # Mark as cleaned
+                app.logger.debug("Cleaned up temporary individual zip directory.")
+
+                if not individual_zips_in_batch:
+                    app.logger.warning("No individual zips were successfully created for batching.")
+                    # Clean up batch dir if it's empty or only contains failed attempts
+                    if temp_batch_dir and os.path.exists(temp_batch_dir):
+                         shutil.rmtree(temp_batch_dir)
+                         temp_batch_dir = None
+                    return
+
+                # 2. Create the batch zip file
+                batch_timestamp = datetime.utcnow().strftime("%Y%m%d_%H%M%S")
+                batch_uuid_short = str(uuid.uuid4())[:8]
+                batch_zip_filename = f"{batch_timestamp}_batch_{batch_uuid_short}.zip"
+                # Create batch zip in a standard temp location first
+                local_batch_zip_base = os.path.join(tempfile.gettempdir(), batch_zip_filename.replace('.zip', ''))
+                local_batch_zip_path = f"{local_batch_zip_base}.zip"
+
+                app.logger.info(f"Creating batch zip: {local_batch_zip_path} with {len(individual_zips_in_batch)} individual zips.")
+                shutil.make_archive(local_batch_zip_base, 'zip', temp_batch_dir)
+                app.logger.info(f"Batch zip created successfully: {local_batch_zip_path}")
+
+                # 3. Upload the batch zip file
+                hf_repo_path = f"votes/{year}/{month}/{batch_zip_filename}"
+                app.logger.info(f"Uploading batch zip to HF Hub: {preferences_repo_id}/{hf_repo_path}")
+
+                api.upload_file(
+                    path_or_fileobj=local_batch_zip_path,
+                    path_in_repo=hf_repo_path,
+                    repo_id=preferences_repo_id,
+                    repo_type="dataset",
+                    commit_message=f"Add batch preference data {batch_zip_filename} ({len(individual_zips_in_batch)} votes)"
+                )
+                app.logger.info(f"Successfully uploaded batch {batch_zip_filename} to {preferences_repo_id}")
+
+                # 4. Cleanup after successful upload
+                app.logger.info("Cleaning up local files after successful upload.")
+                # Remove original vote directories that were successfully zipped and uploaded
+                for dir_path in processed_vote_dirs:
+                    try:
+                        shutil.rmtree(dir_path)
+                        app.logger.debug(f"Removed original vote directory: {dir_path}")
+                    except OSError as e:
+                        app.logger.error(f"Error removing processed vote directory {dir_path}: {str(e)}")
+
+                # Remove the temporary batch directory (containing the individual zips)
+                shutil.rmtree(temp_batch_dir)
+                temp_batch_dir = None
+                app.logger.debug("Removed temporary batch directory.")
+
+                # Remove the local batch zip file
+                os.remove(local_batch_zip_path)
+                local_batch_zip_path = None
+                app.logger.debug("Removed local batch zip file.")
+
+                app.logger.info(f"Finished preference data sync. Uploaded batch {batch_zip_filename}.")
+
+            except Exception as e:
+                app.logger.error(f"Error during preference data batch sync: {str(e)}", exc_info=True)
+                # If upload failed, the local batch zip might exist, clean it up.
+                if local_batch_zip_path and os.path.exists(local_batch_zip_path):
+                    try:
+                        os.remove(local_batch_zip_path)
+                        app.logger.debug("Cleaned up local batch zip after failed upload.")
+                    except OSError as clean_err:
+                        app.logger.error(f"Error cleaning up batch zip after failed upload: {clean_err}")
+                # Do NOT remove temp_batch_dir if it exists; its contents will be retried next time.
+                # Do NOT remove original vote directories if upload failed.
+
+            finally:
+                # Final cleanup for temporary directories in case of unexpected exits
+                if temp_individual_zip_dir and os.path.exists(temp_individual_zip_dir):
+                    try:
+                        shutil.rmtree(temp_individual_zip_dir)
+                    except Exception as final_clean_err:
+                        app.logger.error(f"Error in final cleanup (indiv zips): {final_clean_err}")
+                # Only clean up batch dir in finally block if it *wasn't* kept intentionally after upload failure
+                if temp_batch_dir and os.path.exists(temp_batch_dir):
+                     # Check if an upload attempt happened and failed
+                     upload_failed = 'e' in locals() and isinstance(e, Exception) # Crude check if exception occurred
+                     if not upload_failed: # If no upload error or upload succeeded, clean up
+                        try:
+                            shutil.rmtree(temp_batch_dir)
+                        except Exception as final_clean_err:
+                            app.logger.error(f"Error in final cleanup (batch dir): {final_clean_err}")
+                     else:
+                         app.logger.warning("Keeping temporary batch directory due to upload failure for next attempt.")
+
+
+    # Schedule periodic tasks
+    scheduler = BackgroundScheduler()
+    # Sync database less frequently if needed, e.g., every 15 minutes
+    scheduler.add_job(sync_database, "interval", minutes=15, id="sync_db_job")
+    # Sync preferences more frequently
+    scheduler.add_job(sync_preferences_data, "interval", minutes=5, id="sync_pref_job")
+    scheduler.start()
+    print("Periodic tasks scheduler started (DB sync and Preferences upload)") # Use print for startup
+
+
+@app.cli.command("init-db")
+def init_db():
+    """Initialize the database."""
+    with app.app_context():
+        db.create_all()
+        print("Database initialized!")
+
+
+@app.route("/api/toggle-leaderboard-visibility", methods=["POST"])
+def toggle_leaderboard_visibility():
+    """Toggle whether the current user appears in the top voters leaderboard"""
+    if not current_user.is_authenticated:
+        return jsonify({"error": "You must be logged in to change this setting"}), 401
+    
+    new_status = toggle_user_leaderboard_visibility(current_user.id)
+    if new_status is None:
+        return jsonify({"error": "User not found"}), 404
+        
+    return jsonify({
+        "success": True, 
+        "visible": new_status,
+        "message": "You are now visible in the voters leaderboard" if new_status else "You are now hidden from the voters leaderboard"
+    })
+
+
+@app.route("/api/tts/cached-sentences")
+def get_cached_sentences():
+    """Returns a list of sentences currently available in the TTS cache."""
+    with tts_cache_lock:
+        cached_keys = list(tts_cache.keys())
+    return jsonify(cached_keys)
+
+
+def get_weighted_random_models(
+    applicable_models: list[Model], num_to_select: int, model_type: ModelType
+) -> list[Model]:
+    """
+    Selects a specified number of models randomly from a list of applicable_models,
+    weighting models with fewer votes higher. A smoothing factor is used to ensure
+    the preference is slight and to prevent models with zero votes from being
+    overwhelmingly favored. Models are selected without replacement.
+
+    Assumes len(applicable_models) >= num_to_select, which should be checked by the caller.
+    """
+    model_votes_counts = {}
+    for model in applicable_models:
+        votes = (
+            Vote.query.filter(Vote.model_type == model_type)
+            .filter(or_(Vote.model_chosen == model.id, Vote.model_rejected == model.id))
+            .count()
+        )
+        model_votes_counts[model.id] = votes
+
+    weights = [
+        1.0 / (model_votes_counts[model.id] + SMOOTHING_FACTOR_MODEL_SELECTION)
+        for model in applicable_models
+    ]
+
+    selected_models_list = []
+    # Create copies to modify during selection process
+    current_candidates = list(applicable_models)
+    current_weights = list(weights)
+
+    # Assumes num_to_select is positive and less than or equal to len(current_candidates)
+    # Callers should ensure this (e.g., len(available_models) >= 2).
+    for _ in range(num_to_select):
+        if not current_candidates: # Safety break
+            app.logger.warning("Not enough candidates left for weighted selection.")
+            break
+        
+        chosen_model = random.choices(current_candidates, weights=current_weights, k=1)[0]
+        selected_models_list.append(chosen_model)
+
+        try:
+            idx_to_remove = current_candidates.index(chosen_model)
+            current_candidates.pop(idx_to_remove)
+            current_weights.pop(idx_to_remove)
+        except ValueError:
+            # This should ideally not happen if chosen_model came from current_candidates.
+            app.logger.error(f"Error removing model {chosen_model.id} from weighted selection candidates.")
+            break # Avoid potential issues
+
+    return selected_models_list
+
 
 if __name__ == "__main__":
-    app.run(host="0.0.0.0", port=7860)
+    with app.app_context():
+        # Ensure ./instance and ./votes directories exist
+        os.makedirs("instance", exist_ok=True)
+        os.makedirs("./votes", exist_ok=True) # Create votes directory if it doesn't exist
+        os.makedirs(CACHE_AUDIO_DIR, exist_ok=True) # Ensure cache audio dir exists
+
+        # Clean up old cache audio files on startup
+        try:
+            app.logger.info(f"Clearing old cache audio files from {CACHE_AUDIO_DIR}")
+            for filename in os.listdir(CACHE_AUDIO_DIR):
+                file_path = os.path.join(CACHE_AUDIO_DIR, filename)
+                try:
+                    if os.path.isfile(file_path) or os.path.islink(file_path):
+                        os.unlink(file_path)
+                    elif os.path.isdir(file_path):
+                        shutil.rmtree(file_path)
+                except Exception as e:
+                    app.logger.error(f'Failed to delete {file_path}. Reason: {e}')
+        except Exception as e:
+             app.logger.error(f"Error clearing cache directory {CACHE_AUDIO_DIR}: {e}")
+
+
+        # Download database if it doesn't exist (only on initial space start)
+        if IS_SPACES and not os.path.exists(app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "")):
+             try:
+                print("Database not found, downloading from HF dataset...")
+                hf_hub_download(
+                    repo_id="TTS-AGI/database-arena-v2",
+                    filename="tts_arena.db",
+                    repo_type="dataset",
+                    local_dir="instance", # download to instance/
+                    token=os.getenv("HF_TOKEN"),
+                )
+                print("Database downloaded successfully ✅")
+             except Exception as e:
+                 print(f"Error downloading database from HF dataset: {str(e)} ⚠️")
+
+
+        db.create_all()  # Create tables if they don't exist
+        insert_initial_models()
+        # Setup background tasks
+        initialize_tts_cache() # Start populating the cache
+        setup_cleanup()
+        setup_periodic_tasks() # Renamed function call
+
+    # Configure Flask to recognize HTTPS when behind a reverse proxy
+    from werkzeug.middleware.proxy_fix import ProxyFix
+
+    # Apply ProxyFix middleware to handle reverse proxy headers
+    # This ensures Flask generates correct URLs with https scheme
+    # X-Forwarded-Proto header will be used to detect the original protocol
+    app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
+
+    # Force Flask to prefer HTTPS for generated URLs
+    app.config["PREFERRED_URL_SCHEME"] = "https"
+
+    from waitress import serve
+
+    # Configuration for 2 vCPUs:
+    # - threads: typically 4-8 threads per CPU core is a good balance
+    # - connection_limit: maximum concurrent connections
+    # - channel_timeout: prevent hanging connections
+    threads = 12  # 6 threads per vCPU is a good balance for mixed IO/CPU workloads
+
+    if IS_SPACES:
+        serve(
+            app,
+            host="0.0.0.0",
+            port=int(os.environ.get("PORT", 7860)),
+            threads=threads,
+            connection_limit=100,
+            channel_timeout=30,
+            url_scheme='https'
+        )
+    else:
+        print(f"Starting Waitress server with {threads} threads")
+        serve(
+            app,
+            host="0.0.0.0",
+            port=5000,
+            threads=threads,
+            connection_limit=100,
+            channel_timeout=30,
+            url_scheme='https' # Keep https for local dev if using proxy/tunnel
+        )

auth.py

@@ -5,6 +5,7 @@ import os
 from models import db, User
 import requests
 from functools import wraps
+from datetime import datetime, timedelta
 
 auth = Blueprint("auth", __name__)
 oauth = OAuth()
@@ -50,6 +51,46 @@ def admin_required(f):
     return decorated_function
 
 
+def check_account_age(username, min_days=30):
+    """
+    Check if a Hugging Face account is at least min_days old.
+    Returns (is_old_enough, created_date, error_message)
+    """
+    try:
+        # Fetch user overview from HF API
+        resp = requests.get(f"https://huggingface.co/api/users/{username}/overview", timeout=10)
+        
+        if not resp.ok:
+            return False, None, f"Failed to fetch account information (HTTP {resp.status_code})"
+        
+        user_data = resp.json()
+        
+        if "createdAt" not in user_data:
+            return False, None, "Account creation date not available"
+        
+        # Parse the creation date
+        created_at_str = user_data["createdAt"]
+        # Handle both formats: with and without milliseconds
+        try:
+            created_at = datetime.fromisoformat(created_at_str.replace('Z', '+00:00'))
+        except ValueError:
+            # Try without milliseconds
+            created_at = datetime.strptime(created_at_str, "%Y-%m-%dT%H:%M:%S.%fZ")
+        
+        # Calculate account age
+        account_age = datetime.utcnow() - created_at.replace(tzinfo=None)
+        required_age = timedelta(days=min_days)
+        
+        is_old_enough = account_age >= required_age
+        
+        return is_old_enough, created_at, None
+        
+    except requests.RequestException as e:
+        return False, None, f"Network error checking account age: {str(e)}"
+    except Exception as e:
+        return False, None, f"Error parsing account data: {str(e)}"
+
+
 @auth.route("/login")
 def login():
     # Store the next URL to redirect after login
@@ -75,13 +116,40 @@ def authorize():
             return redirect(url_for("arena"))
 
         user_info = resp.json()
+        username = user_info["name"]
+
+        # Check account age requirement (30 days minimum)
+        is_old_enough, created_date, error_msg = check_account_age(username, min_days=30)
+        
+        if error_msg:
+            current_app.logger.warning(f"Account age check failed for {username}: {error_msg}")
+            flash("Unable to verify account age. Please try again later.", "error")
+            return redirect(url_for("arena"))
+        
+        if not is_old_enough:
+            if created_date:
+                account_age_days = (datetime.utcnow() - created_date.replace(tzinfo=None)).days
+                flash(f"Your Hugging Face account must be at least 30 days old to use TTS Arena. Your account is {account_age_days} days old. Please try again later.", "error")
+            else:
+                flash("Your Hugging Face account must be at least 30 days old to use TTS Arena.", "error")
+            return redirect(url_for("arena"))
 
         # Check if user exists, otherwise create
         user = User.query.filter_by(hf_id=user_info["id"]).first()
         if not user:
-            user = User(username=user_info["name"], hf_id=user_info["id"])
+            user = User(
+                username=username, 
+                hf_id=user_info["id"],
+                hf_account_created=created_date.replace(tzinfo=None) if created_date else None
+            )
             db.session.add(user)
             db.session.commit()
+            current_app.logger.info(f"Created new user account: {username} (HF account created: {created_date})")
+        elif not user.hf_account_created and created_date:
+            # Update existing users with missing creation date
+            user.hf_account_created = created_date.replace(tzinfo=None)
+            db.session.commit()
+            current_app.logger.info(f"Updated HF account creation date for {username}: {created_date}")
 
         # Log in the user
         login_user(user, remember=True)

migrate.py

@@ -0,0 +1,183 @@
+#!/usr/bin/env python3
+"""
+Database migration script for TTS Arena analytics columns.
+
+Usage:
+    python migrate.py database.db
+    python migrate.py instance/tts_arena.db
+"""
+
+import click
+import sqlite3
+import sys
+import os
+from pathlib import Path
+
+
+def check_column_exists(cursor, table_name, column_name):
+    """Check if a column exists in a table."""
+    cursor.execute(f"PRAGMA table_info({table_name})")
+    columns = [row[1] for row in cursor.fetchall()]
+    return column_name in columns
+
+
+def add_analytics_columns(db_path):
+    """Add analytics columns to the vote table."""
+    if not os.path.exists(db_path):
+        click.echo(f"❌ Database file not found: {db_path}", err=True)
+        return False
+    
+    try:
+        # Connect to the database
+        conn = sqlite3.connect(db_path)
+        cursor = conn.cursor()
+        
+        # Check if vote table exists
+        cursor.execute("SELECT name FROM sqlite_master WHERE type='table' AND name='vote'")
+        if not cursor.fetchone():
+            click.echo("❌ Vote table not found in database", err=True)
+            return False
+        
+        # Define the columns to add to vote table
+        vote_columns_to_add = [
+            ("session_duration_seconds", "REAL"),
+            ("ip_address_partial", "VARCHAR(20)"),
+            ("user_agent", "VARCHAR(500)"),
+            ("generation_date", "DATETIME"),
+            ("cache_hit", "BOOLEAN")
+        ]
+        
+        # Define the columns to add to user table
+        user_columns_to_add = [
+            ("hf_account_created", "DATETIME")
+        ]
+        
+        added_columns = []
+        skipped_columns = []
+        
+        # Add vote table columns
+        click.echo("📊 Processing vote table columns...")
+        for column_name, column_type in vote_columns_to_add:
+            if check_column_exists(cursor, "vote", column_name):
+                skipped_columns.append(f"vote.{column_name}")
+                click.echo(f"⏭️  Column 'vote.{column_name}' already exists, skipping")
+            else:
+                try:
+                    cursor.execute(f"ALTER TABLE vote ADD COLUMN {column_name} {column_type}")
+                    added_columns.append(f"vote.{column_name}")
+                    click.echo(f"✅ Added column 'vote.{column_name}' ({column_type})")
+                except sqlite3.Error as e:
+                    click.echo(f"❌ Failed to add column 'vote.{column_name}': {e}", err=True)
+                    conn.rollback()
+                    return False
+        
+        # Add user table columns
+        click.echo("👤 Processing user table columns...")
+        for column_name, column_type in user_columns_to_add:
+            if check_column_exists(cursor, "user", column_name):
+                skipped_columns.append(f"user.{column_name}")
+                click.echo(f"⏭️  Column 'user.{column_name}' already exists, skipping")
+            else:
+                try:
+                    cursor.execute(f"ALTER TABLE user ADD COLUMN {column_name} {column_type}")
+                    added_columns.append(f"user.{column_name}")
+                    click.echo(f"✅ Added column 'user.{column_name}' ({column_type})")
+                except sqlite3.Error as e:
+                    click.echo(f"❌ Failed to add column 'user.{column_name}': {e}", err=True)
+                    conn.rollback()
+                    return False
+        
+        # Commit the changes
+        conn.commit()
+        conn.close()
+        
+        # Summary
+        if added_columns:
+            click.echo(f"\n🎉 Successfully added {len(added_columns)} analytics columns:")
+            for col in added_columns:
+                click.echo(f"   • {col}")
+        
+        if skipped_columns:
+            click.echo(f"\n⏭️  Skipped {len(skipped_columns)} existing columns:")
+            for col in skipped_columns:
+                click.echo(f"   • {col}")
+        
+        if not added_columns and not skipped_columns:
+            click.echo("❌ No columns were processed")
+            return False
+        
+        click.echo(f"\n✨ Migration completed successfully!")
+        return True
+        
+    except sqlite3.Error as e:
+        click.echo(f"❌ Database error: {e}", err=True)
+        return False
+    except Exception as e:
+        click.echo(f"❌ Unexpected error: {e}", err=True)
+        return False
+
+
+@click.command()
+@click.argument('database_path', type=click.Path())
+@click.option('--dry-run', is_flag=True, help='Show what would be done without making changes')
+@click.option('--backup', is_flag=True, help='Create a backup before migration')
+def migrate(database_path, dry_run, backup):
+    """
+    Add analytics columns to the TTS Arena database.
+    
+    DATABASE_PATH: Path to the SQLite database file (e.g., instance/tts_arena.db)
+    """
+    click.echo("🚀 TTS Arena Analytics Migration Tool")
+    click.echo("=" * 40)
+    
+    # Resolve the database path
+    db_path = Path(database_path).resolve()
+    click.echo(f"📁 Database: {db_path}")
+    
+    if not db_path.exists():
+        click.echo(f"❌ Database file not found: {db_path}", err=True)
+        sys.exit(1)
+    
+    # Create backup if requested
+    if backup:
+        backup_path = db_path.with_suffix(f"{db_path.suffix}.backup")
+        try:
+            import shutil
+            shutil.copy2(db_path, backup_path)
+            click.echo(f"💾 Backup created: {backup_path}")
+        except Exception as e:
+            click.echo(f"❌ Failed to create backup: {e}", err=True)
+            sys.exit(1)
+    
+    if dry_run:
+        click.echo("\n🔍 DRY RUN MODE - No changes will be made")
+        click.echo("The following columns would be added to the 'vote' table:")
+        click.echo("   • session_duration_seconds (REAL)")
+        click.echo("   • ip_address_partial (VARCHAR(20))")
+        click.echo("   • user_agent (VARCHAR(500))")
+        click.echo("   • generation_date (DATETIME)")
+        click.echo("   • cache_hit (BOOLEAN)")
+        click.echo("\nThe following columns would be added to the 'user' table:")
+        click.echo("   • hf_account_created (DATETIME)")
+        click.echo("\nRun without --dry-run to apply changes.")
+        return
+    
+    # Confirm before proceeding
+    if not click.confirm(f"\n⚠️  This will modify the database at {db_path}. Continue?"):
+        click.echo("❌ Migration cancelled")
+        sys.exit(0)
+    
+    # Perform the migration
+    click.echo("\n🔧 Starting migration...")
+    success = add_analytics_columns(str(db_path))
+    
+    if success:
+        click.echo("\n🎊 Migration completed successfully!")
+        click.echo("You can now restart your TTS Arena application to use analytics features.")
+    else:
+        click.echo("\n💥 Migration failed!")
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    migrate() 

models.py

@@ -2,7 +2,8 @@ from flask_sqlalchemy import SQLAlchemy
 from flask_login import UserMixin
 from datetime import datetime
 import math
-from sqlalchemy import func
+from sqlalchemy import func, text
+import logging
 
 db = SQLAlchemy()
 
@@ -12,6 +13,7 @@ class User(db.Model, UserMixin):
     username = db.Column(db.String(100), unique=True, nullable=False)
     hf_id = db.Column(db.String(100), unique=True, nullable=False)
     join_date = db.Column(db.DateTime, default=datetime.utcnow)
+    hf_account_created = db.Column(db.DateTime, nullable=True)  # HF account creation date
     votes = db.relationship("Vote", backref="user", lazy=True)
     show_in_leaderboard = db.Column(db.Boolean, default=True)
 
@@ -63,6 +65,13 @@ class Vote(db.Model):
         db.String(100), db.ForeignKey("model.id"), nullable=False
     )
     model_type = db.Column(db.String(20), nullable=False)  # 'tts' or 'conversational'
+    
+    # New analytics columns - added with temporary checks for migration
+    session_duration_seconds = db.Column(db.Float, nullable=True)  # Time from generation to vote
+    ip_address_partial = db.Column(db.String(20), nullable=True)  # IP with last digits removed
+    user_agent = db.Column(db.String(500), nullable=True)  # Browser/device info
+    generation_date = db.Column(db.DateTime, nullable=True)  # When audio was generated
+    cache_hit = db.Column(db.Boolean, nullable=True)  # Whether generation was from cache
 
     chosen = db.relationship(
         "Model",
@@ -105,15 +114,49 @@ def calculate_elo_change(winner_elo, loser_elo, k_factor=32):
     return winner_new_elo, loser_new_elo
 
 
-def record_vote(user_id, text, chosen_model_id, rejected_model_id, model_type):
+def anonymize_ip_address(ip_address):
+    """
+    Remove the last 1-2 octets from an IP address for privacy compliance.
+    Examples:
+    - 192.168.1.100 -> 192.168.0.0
+    - 2001:db8::1 -> 2001:db8::
+    """
+    if not ip_address:
+        return None
+    
+    try:
+        if ':' in ip_address:  # IPv6
+            # Keep first 4 groups, zero out the rest
+            parts = ip_address.split(':')
+            if len(parts) >= 4:
+                return ':'.join(parts[:4]) + '::'
+            return ip_address
+        else:  # IPv4
+            # Keep first 2 octets, zero out last 2
+            parts = ip_address.split('.')
+            if len(parts) == 4:
+                return f"{parts[0]}.{parts[1]}.0.0"
+            return ip_address
+    except Exception:
+        return None
+
+
+def record_vote(user_id, text, chosen_model_id, rejected_model_id, model_type, 
+                session_duration=None, ip_address=None, user_agent=None, 
+                generation_date=None, cache_hit=None):
     """Record a vote and update Elo ratings."""
     # Create the vote
     vote = Vote(
-        user_id=user_id,  # Can be None for anonymous votes
+        user_id=user_id,  # Required - user must be logged in to vote
         text=text,
         model_chosen=chosen_model_id,
         model_rejected=rejected_model_id,
         model_type=model_type,
+        session_duration_seconds=session_duration,
+        ip_address_partial=anonymize_ip_address(ip_address),
+        user_agent=user_agent[:500] if user_agent else None,  # Truncate if too long
+        generation_date=generation_date,
+        cache_hit=cache_hit,
     )
     db.session.add(vote)
     db.session.flush()  # Get the vote ID without committing
@@ -503,6 +546,7 @@ def insert_initial_models():
             name="OpenAudio S1",
             model_type=ModelType.TTS,
             is_open=False,
+            is_active=False, # NOTE: Waiting to receive a pool of voices
             model_url="https://fish.audio/",
         ),
     ]

security.py

@@ -0,0 +1,344 @@
+"""
+Security utilities for TTS Arena to prevent vote manipulation and botting.
+"""
+
+from datetime import datetime, timedelta
+from models import db, Vote, User
+from sqlalchemy import func, and_, or_
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def detect_suspicious_voting_patterns(user_id, hours_back=24, max_votes_per_hour=30):
+    """
+    Detect if a user has suspicious voting patterns.
+    Updated to allow rapid voting for reasonable periods (30 votes/hour = 1 vote every 2 minutes)
+    Returns (is_suspicious, reason, vote_count)
+    """
+    if not user_id:
+        return False, None, 0
+    
+    # Check voting frequency over 24 hours
+    time_threshold = datetime.utcnow() - timedelta(hours=hours_back)
+    recent_votes = Vote.query.filter(
+        and_(
+            Vote.user_id == user_id,
+            Vote.vote_date >= time_threshold
+        )
+    ).count()
+    
+    # Allow up to 30 votes per hour (720 votes in 24 hours)
+    # This allows rapid voting for several hours but catches extended botting
+    max_votes_24h = max_votes_per_hour * hours_back
+    
+    if recent_votes > max_votes_24h:
+        return True, f"Too many votes: {recent_votes} in {hours_back} hours (max: {max_votes_24h})", recent_votes
+    
+    # Additional check: if someone votes more than 100 times in 3 hours, that's suspicious
+    # (100 votes in 3 hours = 1 vote every 1.8 minutes, which is very sustained)
+    if hours_back >= 3:
+        three_hour_threshold = datetime.utcnow() - timedelta(hours=3)
+        votes_3h = Vote.query.filter(
+            and_(
+                Vote.user_id == user_id,
+                Vote.vote_date >= three_hour_threshold
+            )
+        ).count()
+        
+        if votes_3h > 100:
+            return True, f"Excessive voting in short period: {votes_3h} votes in 3 hours", recent_votes
+    
+    return False, None, recent_votes
+
+
+def detect_model_bias(user_id, model_id, min_votes=5, bias_threshold=0.8):
+    """
+    Detect if a user consistently votes for a specific model.
+    Returns (is_biased, bias_ratio, total_votes_for_model, total_votes)
+    """
+    if not user_id:
+        return False, 0, 0, 0
+    
+    # Get all votes by this user
+    total_votes = Vote.query.filter_by(user_id=user_id).count()
+    
+    if total_votes < min_votes:
+        return False, 0, 0, total_votes
+    
+    # Get votes where this user chose the specific model
+    votes_for_model = Vote.query.filter(
+        and_(
+            Vote.user_id == user_id,
+            Vote.model_chosen == model_id
+        )
+    ).count()
+    
+    bias_ratio = votes_for_model / total_votes if total_votes > 0 else 0
+    
+    is_biased = bias_ratio >= bias_threshold and total_votes >= min_votes
+    
+    return is_biased, bias_ratio, votes_for_model, total_votes
+
+
+def detect_coordinated_voting(model_id, hours_back=6, min_users=3, vote_threshold=10):
+    """
+    Detect coordinated voting campaigns for a specific model.
+    Returns (is_coordinated, user_count, vote_count, suspicious_users)
+    """
+    time_threshold = datetime.utcnow() - timedelta(hours=hours_back)
+    
+    # Get recent votes for this model
+    recent_votes = db.session.query(Vote.user_id).filter(
+        and_(
+            Vote.model_chosen == model_id,
+            Vote.vote_date >= time_threshold
+        )
+    ).all()
+    
+    if len(recent_votes) < vote_threshold:
+        return False, 0, len(recent_votes), []
+    
+    # Count unique users
+    unique_users = set(vote.user_id for vote in recent_votes if vote.user_id)
+    user_count = len(unique_users)
+    
+    # Check if multiple users are voting for the same model in a short time
+    if user_count >= min_users and len(recent_votes) >= vote_threshold:
+        # Get user details for suspicious users
+        suspicious_users = []
+        for user_id in unique_users:
+            user_votes_for_model = Vote.query.filter(
+                and_(
+                    Vote.user_id == user_id,
+                    Vote.model_chosen == model_id,
+                    Vote.vote_date >= time_threshold
+                )
+            ).count()
+            
+            if user_votes_for_model > 1:  # Multiple votes for same model in short time
+                user = User.query.get(user_id)
+                if user:
+                    suspicious_users.append({
+                        'user_id': user_id,
+                        'username': user.username,
+                        'votes_for_model': user_votes_for_model,
+                        'account_age_days': (datetime.utcnow() - user.join_date).days if user.join_date else None
+                    })
+        
+        return True, user_count, len(recent_votes), suspicious_users
+    
+    return False, user_count, len(recent_votes), []
+
+
+def detect_rapid_voting(user_id, min_interval_seconds=3):
+    """
+    Detect if a user is voting too rapidly (potential bot behavior).
+    This allows rapid voting (3+ seconds) for reasonable periods, but flags
+    extended periods of very rapid voting that indicate bot behavior.
+    Returns (is_rapid, intervals, avg_interval)
+    """
+    if not user_id:
+        return False, [], 0
+    
+    # Get more recent votes to better analyze patterns (last 50 instead of 10)
+    recent_votes = Vote.query.filter_by(user_id=user_id).order_by(
+        Vote.vote_date.desc()
+    ).limit(50).all()
+    
+    if len(recent_votes) < 50:  # Need at least 50 votes to detect patterns
+        return False, [], 0
+    
+    # Calculate intervals between votes
+    intervals = []
+    for i in range(len(recent_votes) - 1):
+        interval = (recent_votes[i].vote_date - recent_votes[i + 1].vote_date).total_seconds()
+        intervals.append(interval)
+    
+    avg_interval = sum(intervals) / len(intervals) if intervals else 0
+    
+    # More sophisticated bot detection:
+    # 1. Count votes with intervals < 3 seconds (very rapid)
+    very_rapid_votes = sum(1 for interval in intervals if interval < 3)
+    
+    # 2. Count votes with intervals < 1 second (extremely rapid - likely bot)
+    extremely_rapid_votes = sum(1 for interval in intervals if interval < 1)
+    
+    # 3. Check for sustained rapid voting patterns
+    # Look for sequences of 10+ votes all under 5 seconds
+    sustained_rapid_sequences = 0
+    current_sequence = 0
+    for interval in intervals:
+        if interval < 5:
+            current_sequence += 1
+        else:
+            if current_sequence >= 10:  # 10+ votes in a row under 5 seconds
+                sustained_rapid_sequences += 1
+            current_sequence = 0
+    
+    # Final check for remaining sequence
+    if current_sequence >= 10:
+        sustained_rapid_sequences += 1
+    
+    # Flag as rapid/bot if:
+    # - More than 20% of votes are extremely rapid (< 1 second) OR
+    # - More than 60% of votes are very rapid (< 3 seconds) AND there are sustained sequences OR
+    # - There are multiple sustained rapid sequences (10+ votes under 5 seconds each)
+    total_intervals = len(intervals)
+    extremely_rapid_ratio = extremely_rapid_votes / total_intervals if total_intervals > 0 else 0
+    very_rapid_ratio = very_rapid_votes / total_intervals if total_intervals > 0 else 0
+    
+    is_rapid = (
+        extremely_rapid_ratio > 0.2 or  # > 20% extremely rapid
+        (very_rapid_ratio > 0.6 and sustained_rapid_sequences > 0) or  # > 60% very rapid + sustained
+        sustained_rapid_sequences >= 2  # Multiple sustained rapid sequences
+    )
+    
+    return is_rapid, intervals, avg_interval
+
+
+def check_user_security_score(user_id):
+    """
+    Calculate a security score for a user based on various factors.
+    Returns (score, factors) where score is 0-100 (higher = more trustworthy)
+    """
+    if not user_id:
+        return 0, {"error": "No user ID provided"}
+    
+    user = User.query.get(user_id)
+    if not user:
+        return 0, {"error": "User not found"}
+    
+    factors = {}
+    score = 100  # Start with perfect score and deduct points
+    
+    # Account age factor
+    if user.join_date:
+        account_age_days = (datetime.utcnow() - user.join_date).days
+        factors['account_age_days'] = account_age_days
+        if account_age_days < 45:
+            score -= 30
+        elif account_age_days < 90:
+            score -= 15
+        elif account_age_days < 180:
+            score -= 5
+    else:
+        score -= 20
+        factors['account_age_days'] = None
+    
+    # HF account age factor
+    if user.hf_account_created:
+        hf_age_days = (datetime.utcnow() - user.hf_account_created).days
+        factors['hf_account_age_days'] = hf_age_days
+        if hf_age_days < 30:
+            score -= 25  # This should be caught by auth, but double-check
+        elif hf_age_days < 90:
+            score -= 10
+    else:
+        score -= 15
+        factors['hf_account_age_days'] = None
+    
+    # Voting pattern analysis
+    is_suspicious, reason, vote_count = detect_suspicious_voting_patterns(user_id)
+    factors['suspicious_voting'] = is_suspicious
+    factors['recent_vote_count'] = vote_count
+    if is_suspicious:
+        score -= 25
+        factors['suspicious_reason'] = reason
+    
+    # Rapid voting check
+    is_rapid, intervals, avg_interval = detect_rapid_voting(user_id)
+    factors['rapid_voting'] = is_rapid
+    factors['avg_vote_interval'] = avg_interval
+    if is_rapid:
+        score -= 20
+    
+    # Total vote count (very new users with many votes are suspicious)
+    total_votes = Vote.query.filter_by(user_id=user_id).count()
+    factors['total_votes'] = total_votes
+    
+    if account_age_days and account_age_days < 7 and total_votes > 20:
+        score -= 15  # New account with many votes
+    
+    # Model bias detection - check for extreme bias toward any single model
+    if total_votes >= 5:  # Only check if user has enough votes
+        max_bias_ratio = 0
+        most_biased_model = None
+        
+        # Get all models this user has voted for
+        user_votes = Vote.query.filter_by(user_id=user_id).all()
+        model_stats = {}
+        
+        for vote in user_votes:
+            chosen_id = vote.model_chosen
+            rejected_id = vote.model_rejected
+            
+            # Track appearances and choices
+            if chosen_id not in model_stats:
+                model_stats[chosen_id] = {'chosen': 0, 'appeared': 0}
+            if rejected_id not in model_stats:
+                model_stats[rejected_id] = {'chosen': 0, 'appeared': 0}
+            
+            model_stats[chosen_id]['chosen'] += 1
+            model_stats[chosen_id]['appeared'] += 1
+            model_stats[rejected_id]['appeared'] += 1
+        
+        # Find the highest bias ratio
+        for model_id, stats in model_stats.items():
+            if stats['appeared'] >= 5:  # Only consider models with enough appearances
+                bias_ratio = stats['chosen'] / stats['appeared']
+                if bias_ratio > max_bias_ratio:
+                    max_bias_ratio = bias_ratio
+                    most_biased_model = model_id
+        
+        factors['max_bias_ratio'] = max_bias_ratio
+        factors['most_biased_model_id'] = most_biased_model
+        
+        # Deduct points based on bias level
+        if max_bias_ratio >= 0.95:  # 95%+ bias
+            score -= 30
+            factors['bias_penalty'] = 'Extreme bias (95%+)'
+        elif max_bias_ratio >= 0.9:  # 90%+ bias
+            score -= 20
+            factors['bias_penalty'] = 'Very high bias (90%+)'
+        elif max_bias_ratio >= 0.8:  # 80%+ bias
+            score -= 10
+            factors['bias_penalty'] = 'High bias (80%+)'
+        else:
+            factors['bias_penalty'] = None
+    else:
+        factors['max_bias_ratio'] = 0
+        factors['bias_penalty'] = None
+    
+    # Ensure score doesn't go below 0
+    score = max(0, score)
+    factors['final_score'] = score
+    
+    return score, factors
+
+
+def is_vote_allowed(user_id, ip_address=None):
+    """
+    Check if a vote should be allowed based on security factors.
+    Returns (allowed, reason, security_score)
+    """
+    if not user_id:
+        return False, "User not authenticated", 0
+    
+    # Check security score
+    score, factors = check_user_security_score(user_id)
+    
+    # Very low scores are blocked
+    if score < 20:
+        return False, f"Security score too low: {score}/100", score
+    
+    # Check for recent suspicious activity
+    if factors.get('suspicious_voting'):
+        return False, f"Suspicious voting pattern detected: {factors.get('suspicious_reason')}", score
+    
+    if factors.get('rapid_voting'):
+        return False, f"Voting too rapidly (avg interval: {factors.get('avg_vote_interval', 0):.1f}s)", score
+    
+    # Additional IP-based checks could go here
+    
+    return True, "Vote allowed", score 

templates/admin/analytics.html

@@ -0,0 +1,220 @@
+{% extends "admin/base.html" %}
+
+{% block extra_head %}
+{{ super() }}
+<style>
+    .admin-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+        gap: 24px;
+        margin-bottom: 24px;
+    }
+    
+    .stats-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(120px, 1fr));
+        gap: 16px;
+    }
+    
+    .stat-item {
+        text-align: center;
+        padding: 12px;
+        background-color: var(--secondary-color);
+        border-radius: var(--radius);
+    }
+    
+    .stat-value {
+        font-size: 24px;
+        font-weight: 600;
+        color: var(--primary-color);
+        margin-bottom: 4px;
+    }
+    
+    .stat-label {
+        font-size: 12px;
+        color: #666;
+        text-transform: uppercase;
+        letter-spacing: 0.5px;
+    }
+    
+    .badge-success {
+        background-color: #10b981;
+        color: white;
+    }
+    
+    .badge-warning {
+        background-color: #f59e0b;
+        color: white;
+    }
+    
+    @media (prefers-color-scheme: dark) {
+        .stat-item {
+            background-color: rgba(255, 255, 255, 0.05);
+        }
+        
+        .stat-label {
+            color: #999;
+        }
+    }
+</style>
+{% endblock %}
+
+{% block admin_content %}
+<div class="admin-header">
+    <div class="admin-title">Analytics</div>
+</div>
+
+<div class="admin-grid">
+    <!-- Session Duration Statistics -->
+    <div class="admin-card">
+        <div class="admin-card-header">
+            <div class="admin-card-title">Session Duration</div>
+        </div>
+        <div class="admin-card-content">
+            <div class="stats-grid">
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.duration.avg }}s</div>
+                    <div class="stat-label">Average Duration</div>
+                </div>
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.duration.min }}s</div>
+                    <div class="stat-label">Minimum Duration</div>
+                </div>
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.duration.max }}s</div>
+                    <div class="stat-label">Maximum Duration</div>
+                </div>
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.duration.total }}</div>
+                    <div class="stat-label">Total Sessions</div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Cache Hit Statistics -->
+    <div class="admin-card">
+        <div class="admin-card-header">
+            <div class="admin-card-title">Cache Performance</div>
+        </div>
+        <div class="admin-card-content">
+            <div class="stats-grid">
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.cache.hits }}</div>
+                    <div class="stat-label">Cache Hits</div>
+                </div>
+                <div class="stat-item">
+                    <div class="stat-value">{{ analytics_stats.cache.misses }}</div>
+                    <div class="stat-label">Cache Misses</div>
+                </div>
+                <div class="stat-item">
+                    <div class="stat-value">
+                        {% if analytics_stats.cache.total > 0 %}
+                            {{ "%.1f"|format((analytics_stats.cache.hits / analytics_stats.cache.total) * 100) }}%
+                        {% else %}
+                            0%
+                        {% endif %}
+                    </div>
+                    <div class="stat-label">Hit Rate</div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Top IP Addresses -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Top IP Address Regions (Anonymized)</div>
+    </div>
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>IP Range</th>
+                    <th>Vote Count</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for ip_stat in analytics_stats.top_ips %}
+                <tr>
+                    <td>{{ ip_stat.ip }}</td>
+                    <td>{{ ip_stat.count }}</td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</div>
+
+<!-- Browser Statistics -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Browser/Device Statistics</div>
+    </div>
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>Browser/Device</th>
+                    <th>Vote Count</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for browser_stat in analytics_stats.browsers %}
+                <tr>
+                    <td>{{ browser_stat.browser }}</td>
+                    <td>{{ browser_stat.count }}</td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</div>
+
+<!-- Recent Votes with Analytics -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Recent Votes with Analytics Data</div>
+    </div>
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>ID</th>
+                    <th>Date</th>
+                    <th>User</th>
+                    <th>Type</th>
+                    <th>Duration (s)</th>
+                    <th>IP Range</th>
+                    <th>Cache Hit</th>
+                    <th>Chosen Model</th>
+                    <th>Rejected Model</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for vote in analytics_stats.recent_votes %}
+                <tr>
+                    <td>{{ vote.id }}</td>
+                    <td>{{ vote.vote_date.strftime('%Y-%m-%d %H:%M') }}</td>
+                    <td>{{ vote.username or 'Anonymous' }}</td>
+                    <td>{{ vote.model_type }}</td>
+                    <td>{{ vote.duration }}</td>
+                    <td>{{ vote.ip }}</td>
+                    <td>
+                        {% if vote.cache_hit %}
+                            <span class="badge badge-success">Yes</span>
+                        {% else %}
+                            <span class="badge badge-warning">No</span>
+                        {% endif %}
+                    </td>
+                    <td>{{ vote.chosen_model }}</td>
+                    <td>{{ vote.rejected_model }}</td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</div>
+
+{% endblock %} 

templates/admin/base.html

@@ -526,6 +526,14 @@
             <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 3v18h18"/><path d="M18 12V8"/><path d="M13 12v-2"/><path d="M8 12v-5"/></svg>
             Statistics
         </a>
+        <a href="{{ url_for('admin.analytics') }}" class="admin-nav-item {% if request.endpoint == 'admin.analytics' %}active{% endif %}">
+            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M12 20h9"/><path d="M16.5 3.5a2.12 2.12 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"/></svg>
+            Analytics
+        </a>
+        <a href="{{ url_for('admin.security') }}" class="admin-nav-item {% if request.endpoint == 'admin.security' %}active{% endif %}">
+            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg>
+            Security
+        </a>
         <a href="{{ url_for('admin.activity') }}" class="admin-nav-item {% if request.endpoint == 'admin.activity' %}active{% endif %}">
             <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12h-8v8h8v-8z"/><path d="M3 21V3h18v9"/><path d="M12 3v6H3"/></svg>
             Activity

templates/admin/security.html

@@ -0,0 +1,248 @@
+{% extends "admin/base.html" %}
+
+{% block extra_head %}
+{{ super() }}
+<style>
+    .security-alert {
+        padding: 12px 16px;
+        border-radius: var(--radius);
+        margin-bottom: 16px;
+        border-left: 4px solid;
+    }
+    
+    .security-alert.high {
+        background-color: #fef2f2;
+        border-color: #dc2626;
+        color: #991b1b;
+    }
+    
+    .security-alert.medium {
+        background-color: #fffbeb;
+        border-color: #d97706;
+        color: #92400e;
+    }
+    
+    .security-alert.low {
+        background-color: #f0f9ff;
+        border-color: #0284c7;
+        color: #0c4a6e;
+    }
+    
+    .score-badge {
+        display: inline-block;
+        padding: 4px 8px;
+        border-radius: 4px;
+        font-size: 12px;
+        font-weight: 600;
+        color: white;
+    }
+    
+    .score-high { background-color: #dc2626; }
+    .score-medium { background-color: #d97706; }
+    .score-low { background-color: #059669; }
+    
+    .factor-list {
+        font-size: 12px;
+        color: #666;
+        margin-top: 4px;
+    }
+    
+    .factor-item {
+        margin-right: 12px;
+        display: inline-block;
+    }
+    
+    @media (prefers-color-scheme: dark) {
+        .security-alert.high {
+            background-color: rgba(220, 38, 38, 0.1);
+            color: #fca5a5;
+        }
+        
+        .security-alert.medium {
+            background-color: rgba(217, 119, 6, 0.1);
+            color: #fbbf24;
+        }
+        
+        .security-alert.low {
+            background-color: rgba(2, 132, 199, 0.1);
+            color: #7dd3fc;
+        }
+        
+        .factor-list {
+            color: #999;
+        }
+    }
+</style>
+{% endblock %}
+
+{% block admin_content %}
+<div class="admin-header">
+    <div class="admin-title">Security Monitoring</div>
+</div>
+
+<!-- Security Alerts -->
+{% if coordinated_campaigns %}
+<div class="security-alert high">
+    <strong>⚠️ Coordinated Voting Detected!</strong>
+    {{ coordinated_campaigns|length }} potential voting campaign(s) detected in the last 6 hours.
+</div>
+{% endif %}
+
+{% if suspicious_users %}
+<div class="security-alert medium">
+    <strong>🔍 Suspicious Users Detected</strong>
+    {{ suspicious_users|length }} users with low security scores (< 50/100) found.
+</div>
+{% endif %}
+
+{% if biased_users %}
+<div class="security-alert low">
+    <strong>📊 Model Bias Detected</strong>
+    {{ biased_users|length }} users showing strong bias toward specific models.
+</div>
+{% endif %}
+
+<!-- Suspicious Users -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Suspicious Users (Low Security Scores)</div>
+    </div>
+    {% if suspicious_users %}
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Security Score</th>
+                    <th>Account Age</th>
+                    <th>HF Account Age</th>
+                    <th>Total Votes</th>
+                    <th>Issues</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for item in suspicious_users %}
+                <tr>
+                    <td>
+                        <a href="{{ url_for('admin.user_detail', user_id=item.user.id) }}">
+                            {{ item.user.username }}
+                        </a>
+                    </td>
+                    <td>
+                        <span class="score-badge {% if item.score < 20 %}score-high{% elif item.score < 40 %}score-medium{% else %}score-low{% endif %}">
+                            {{ item.score }}/100
+                        </span>
+                    </td>
+                    <td>{{ item.factors.account_age_days or 'Unknown' }} days</td>
+                    <td>{{ item.factors.hf_account_age_days or 'Unknown' }} days</td>
+                    <td>{{ item.factors.total_votes or 0 }}</td>
+                    <td>
+                        <div class="factor-list">
+                            {% if item.factors.suspicious_voting %}
+                                <span class="factor-item">🚨 Suspicious voting</span>
+                            {% endif %}
+                            {% if item.factors.rapid_voting %}
+                                <span class="factor-item">⚡ Rapid voting</span>
+                            {% endif %}
+                            {% if item.factors.account_age_days and item.factors.account_age_days < 7 %}
+                                <span class="factor-item">🆕 New account</span>
+                            {% endif %}
+                            {% if item.factors.hf_account_age_days and item.factors.hf_account_age_days < 90 %}
+                                <span class="factor-item">🔰 New HF account</span>
+                            {% endif %}
+                        </div>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+    {% else %}
+    <p>No suspicious users detected.</p>
+    {% endif %}
+</div>
+
+<!-- Coordinated Voting Campaigns -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Coordinated Voting Campaigns</div>
+    </div>
+    {% if coordinated_campaigns %}
+    {% for campaign in coordinated_campaigns %}
+    <div class="security-alert high" style="margin-bottom: 16px;">
+        <h4>{{ campaign.model.name }}</h4>
+        <p><strong>{{ campaign.vote_count }}</strong> votes from <strong>{{ campaign.user_count }}</strong> users in the last 6 hours</p>
+        
+        {% if campaign.suspicious_users %}
+        <div class="table-responsive" style="margin-top: 12px;">
+            <table class="admin-table">
+                <thead>
+                    <tr>
+                        <th>Username</th>
+                        <th>Votes for Model</th>
+                        <th>Account Age</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for user in campaign.suspicious_users %}
+                    <tr>
+                        <td>{{ user.username }}</td>
+                        <td>{{ user.votes_for_model }}</td>
+                        <td>{{ user.account_age_days or 'Unknown' }} days</td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+        </div>
+        {% endif %}
+    </div>
+    {% endfor %}
+    {% else %}
+    <p>No coordinated voting campaigns detected in the last 6 hours.</p>
+    {% endif %}
+</div>
+
+<!-- Model Bias Detection -->
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Users with Strong Model Bias</div>
+    </div>
+    {% if biased_users %}
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Favored Model</th>
+                    <th>Bias Ratio</th>
+                    <th>Votes for Model</th>
+                    <th>Total Votes</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for item in biased_users %}
+                <tr>
+                    <td>
+                        <a href="{{ url_for('admin.user_detail', user_id=item.user.id) }}">
+                            {{ item.user.username }}
+                        </a>
+                    </td>
+                    <td>{{ item.model.name }}</td>
+                    <td>
+                        <span class="score-badge {% if item.bias_ratio > 0.9 %}score-high{% elif item.bias_ratio > 0.8 %}score-medium{% else %}score-low{% endif %}">
+                            {{ "%.1f"|format(item.bias_ratio * 100) }}%
+                        </span>
+                    </td>
+                    <td>{{ item.votes_for_model }}</td>
+                    <td>{{ item.total_votes }}</td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+    {% else %}
+    <p>No users with strong model bias detected.</p>
+    {% endif %}
+</div>
+
+{% endblock %} 

templates/admin/user_detail.html

@@ -21,7 +21,11 @@
         </div>
         <div class="user-detail-row">
             <div class="user-detail-label">Join Date:</div>
-            <div class="user-detail-value">{{ user.join_date.strftime('%Y-%m-%d %H:%M:%S') }}</div>
+            <div class="user-detail-value">{{ user.join_date.strftime('%Y-%m-%d %H:%M:%S') if user.join_date else 'N/A' }}</div>
+        </div>
+        <div class="user-detail-row">
+            <div class="user-detail-label">HF Account Created:</div>
+            <div class="user-detail-value">{{ user.hf_account_created.strftime('%Y-%m-%d %H:%M:%S') if user.hf_account_created else 'N/A' }}</div>
         </div>
     </div>
     
@@ -38,34 +42,99 @@
             <div class="stat-title">Conversational Votes</div>
             <div class="stat-value">{{ conversational_votes }}</div>
         </div>
+        <div class="stat-card security-score-card">
+            <div class="stat-title">Security Score</div>
+            <div class="stat-value">
+                {% if security_score < 20 %}
+                <span class="security-score high-risk">{{ security_score }}/100</span>
+                {% elif security_score < 40 %}
+                <span class="security-score medium-risk">{{ security_score }}/100</span>
+                {% elif security_score < 70 %}
+                <span class="security-score low-risk">{{ security_score }}/100</span>
+                {% else %}
+                <span class="security-score trusted">{{ security_score }}/100</span>
+                {% endif %}
+            </div>
+        </div>
     </div>
 </div>
 
-{% if favorite_models %}
 <div class="admin-card">
     <div class="admin-card-header">
-        <div class="admin-card-title">Favorite Models</div>
+        <div class="admin-card-title">Security Analysis</div>
     </div>
-    <div class="table-responsive">
-        <table class="admin-table">
-            <thead>
-                <tr>
-                    <th>Model</th>
-                    <th>Votes</th>
-                </tr>
-            </thead>
-            <tbody>
-                {% for model in favorite_models %}
-                <tr>
-                    <td>{{ model.name }}</td>
-                    <td>{{ model.count }}</td>
-                </tr>
-                {% endfor %}
-            </tbody>
-        </table>
+    <div class="security-factors">
+        {% if security_factors.account_age_days is not none %}
+        <div class="security-factor">
+            <div class="factor-label">Account Age:</div>
+            <div class="factor-value">{{ security_factors.account_age_days }} days</div>
+        </div>
+        {% endif %}
+        
+        {% if security_factors.hf_account_age_days is not none %}
+        <div class="security-factor">
+            <div class="factor-label">HF Account Age:</div>
+            <div class="factor-value">{{ security_factors.hf_account_age_days }} days</div>
+        </div>
+        {% endif %}
+        
+        <div class="security-factor">
+            <div class="factor-label">Recent Vote Count (24h):</div>
+            <div class="factor-value">{{ security_factors.recent_vote_count or 0 }}</div>
+        </div>
+        
+        <div class="security-factor">
+            <div class="factor-label">Total Votes:</div>
+            <div class="factor-value">{{ security_factors.total_votes or 0 }}</div>
+        </div>
+        
+        {% if security_factors.avg_vote_interval %}
+        <div class="security-factor">
+            <div class="factor-label">Avg Vote Interval:</div>
+            <div class="factor-value">{{ "%.1f"|format(security_factors.avg_vote_interval) }}s</div>
+        </div>
+        {% endif %}
+        
+        <div class="security-factor">
+            <div class="factor-label">Suspicious Voting:</div>
+            <div class="factor-value">
+                {% if security_factors.suspicious_voting %}
+                <span class="status-bad">Yes</span>
+                {% if security_factors.suspicious_reason %}
+                <div class="factor-detail">{{ security_factors.suspicious_reason }}</div>
+                {% endif %}
+                {% else %}
+                <span class="status-good">No</span>
+                {% endif %}
+            </div>
+        </div>
+        
+        <div class="security-factor">
+            <div class="factor-label">Rapid Voting:</div>
+            <div class="factor-value">
+                {% if security_factors.rapid_voting %}
+                <span class="status-bad">Yes</span>
+                {% else %}
+                <span class="status-good">No</span>
+                {% endif %}
+            </div>
+        </div>
+        
+        {% if security_factors.max_bias_ratio is defined %}
+        <div class="security-factor">
+            <div class="factor-label">Max Model Bias:</div>
+            <div class="factor-value">
+                {{ "%.1f"|format(security_factors.max_bias_ratio * 100) }}%
+                {% if security_factors.bias_penalty %}
+                <div class="factor-detail">{{ security_factors.bias_penalty }}</div>
+                {% endif %}
+            </div>
+        </div>
+        {% endif %}
     </div>
 </div>
-{% endif %}
+
+
 
 {% if recent_votes %}
 <div class="admin-card">
@@ -103,6 +172,53 @@
 </div>
 {% endif %}
 
+{% if model_bias_analysis %}
+<div class="admin-card">
+    <div class="admin-card-header">
+        <div class="admin-card-title">Model Bias Analysis</div>
+        <div class="admin-card-subtitle">Shows how often each model was chosen vs how often it appeared in comparisons</div>
+    </div>
+    <div class="table-responsive">
+        <table class="admin-table">
+            <thead>
+                <tr>
+                    <th>Model</th>
+                    <th>Chosen</th>
+                    <th>Appeared</th>
+                    <th>Bias Ratio</th>
+                    <th>Bias Level</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for model_stats in model_bias_analysis %}
+                <tr>
+                    <td>{{ model_stats.name }}</td>
+                    <td>{{ model_stats.chosen }}</td>
+                    <td>{{ model_stats.appeared }}</td>
+                    <td>{{ "%.1f"|format(model_stats.bias_ratio * 100) }}%</td>
+                    <td>
+                        {% if model_stats.appeared < 5 %}
+                        <span class="bias-badge insufficient-data">Too Few Votes</span>
+                        {% elif model_stats.bias_ratio >= 0.9 and model_stats.appeared >= 10 %}
+                        <span class="bias-badge extreme-bias">Extreme Bias</span>
+                        {% elif model_stats.bias_ratio >= 0.8 and model_stats.appeared >= 8 %}
+                        <span class="bias-badge high-bias">High Bias</span>
+                        {% elif model_stats.bias_ratio >= 0.7 and model_stats.appeared >= 5 %}
+                        <span class="bias-badge moderate-bias">Moderate Bias</span>
+                        {% elif model_stats.bias_ratio >= 0.6 and model_stats.appeared >= 5 %}
+                        <span class="bias-badge low-bias">Low Bias</span>
+                        {% else %}
+                        <span class="bias-badge no-bias">Normal Pattern</span>
+                        {% endif %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</div>
+{% endif %}
+
 <style>
     .user-detail-row {
         display: flex;
@@ -125,6 +241,112 @@
         margin-top: 24px;
     }
     
+    .security-score-card {
+        border: 2px solid #e9ecef;
+    }
+    
+    .security-score {
+        font-weight: bold;
+        font-size: 1.1em;
+    }
+    
+    .security-score.high-risk {
+        color: #dc3545;
+    }
+    
+    .security-score.medium-risk {
+        color: #fd7e14;
+    }
+    
+    .security-score.low-risk {
+        color: #ffc107;
+    }
+    
+    .security-score.trusted {
+        color: #28a745;
+    }
+    
+    .security-factors {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
+        gap: 16px;
+        margin-top: 16px;
+    }
+    
+    .security-factor {
+        display: flex;
+        flex-direction: column;
+        padding: 12px;
+        background-color: #f8f9fa;
+        border-radius: 6px;
+        border-left: 4px solid #dee2e6;
+    }
+    
+    .factor-label {
+        font-weight: 600;
+        margin-bottom: 4px;
+        color: #495057;
+    }
+    
+    .factor-value {
+        font-size: 1.1em;
+    }
+    
+    .factor-detail {
+        font-size: 0.9em;
+        color: #6c757d;
+        margin-top: 4px;
+        font-style: italic;
+    }
+    
+    .status-good {
+        color: #28a745;
+        font-weight: 600;
+    }
+    
+    .status-bad {
+        color: #dc3545;
+        font-weight: 600;
+    }
+    
+    .bias-badge {
+        padding: 4px 8px;
+        border-radius: 4px;
+        font-size: 0.85em;
+        font-weight: 600;
+        text-transform: uppercase;
+    }
+    
+    .bias-badge.extreme-bias {
+        background-color: #dc3545;
+        color: white;
+    }
+    
+    .bias-badge.high-bias {
+        background-color: #fd7e14;
+        color: white;
+    }
+    
+    .bias-badge.moderate-bias {
+        background-color: #ffc107;
+        color: black;
+    }
+    
+    .bias-badge.low-bias {
+        background-color: #17a2b8;
+        color: white;
+    }
+    
+    .bias-badge.no-bias {
+        background-color: #28a745;
+        color: white;
+    }
+    
+    .bias-badge.insufficient-data {
+        background-color: #6c757d;
+        color: white;
+    }
+    
     .text-truncate {
         max-width: 300px;
         white-space: nowrap;
@@ -140,6 +362,10 @@
         .user-detail-label {
             margin-bottom: 4px;
         }
+        
+        .security-factors {
+            grid-template-columns: 1fr;
+        }
     }
 </style>
 {% endblock %} 

templates/admin/users.html

@@ -7,7 +7,13 @@
 
 <div class="admin-card">
     <div class="admin-card-header">
-        <div class="admin-card-title">All Users</div>
+        <div class="admin-card-title">All Users (Sorted by Security Score)</div>
+        <div class="admin-card-subtitle">
+            <span class="badge" style="background-color: #dc3545; color: white;">0-19: High Risk</span>
+            <span class="badge" style="background-color: #fd7e14; color: white;">20-39: Medium Risk</span>
+            <span class="badge" style="background-color: #ffc107; color: black;">40-69: Low Risk</span>
+            <span class="badge" style="background-color: #28a745; color: white;">70-100: Trusted</span>
+        </div>
     </div>
     <div class="table-responsive">
         <table class="admin-table">
@@ -17,17 +23,31 @@
                     <th>Username</th>
                     <th>HF ID</th>
                     <th>Join Date</th>
+                    <th>Security Score</th>
                     <th>Admin Status</th>
                     <th>Actions</th>
                 </tr>
             </thead>
             <tbody>
-                {% for user in users %}
+                {% for user_data in users_with_scores %}
+                {% set user = user_data.user %}
+                {% set score = user_data.security_score %}
                 <tr>
                     <td>{{ user.id }}</td>
                     <td>{{ user.username }}</td>
                     <td>{{ user.hf_id }}</td>
-                    <td>{{ user.join_date.strftime('%Y-%m-%d %H:%M') }}</td>
+                    <td>{{ user.join_date.strftime('%Y-%m-%d %H:%M') if user.join_date else 'N/A' }}</td>
+                    <td>
+                        {% if score < 20 %}
+                        <span class="badge" style="background-color: #dc3545; color: white;" title="High Risk - Votes may be blocked">{{ score }}/100</span>
+                        {% elif score < 40 %}
+                        <span class="badge" style="background-color: #fd7e14; color: white;" title="Medium Risk - Monitor closely">{{ score }}/100</span>
+                        {% elif score < 70 %}
+                        <span class="badge" style="background-color: #ffc107; color: black;" title="Low Risk - Normal user">{{ score }}/100</span>
+                        {% else %}
+                        <span class="badge" style="background-color: #28a745; color: white;" title="Trusted - High security score">{{ score }}/100</span>
+                        {% endif %}
+                    </td>
                     <td>
                         {% if g.is_admin and user.username in admin_users %}
                         <span class="badge badge-primary">Admin</span>

templates/arena.html

@@ -5,6 +5,23 @@
 {% block current_page %}Arena{% endblock %}
 
 {% block content %}
+<!-- Authentication status for JavaScript -->
+<div id="auth-status" data-authenticated="{% if current_user.is_authenticated %}true{% else %}false{% endif %}" style="display: none;"></div>
+
+{% if not current_user.is_authenticated %}
+<!-- Login prompt overlay -->
+<div id="login-prompt-overlay" class="login-prompt-overlay" style="display: none;">
+    <div class="login-prompt-content">
+        <h3>Login Required</h3>
+        <p>You need to be logged in to use TTS Arena. Login to generate audio and vote on models!</p>
+        <div class="login-prompt-actions">
+            <button class="login-prompt-close">Maybe later</button>
+            <a href="{{ url_for('auth.login', next=request.path) }}" class="login-prompt-btn">Login with Hugging Face</a>
+        </div>
+    </div>
+</div>
+{% endif %}
+
 <div class="tabs">
     <div class="tab active" data-tab="tts">TTS</div>
     <div class="tab" data-tab="conversational">Conversational</div>
@@ -983,6 +1000,89 @@
             border-color: var(--border-color);
         }
     }
+
+    /* Login prompt overlay styles */
+    .login-prompt-overlay {
+        position: fixed;
+        top: 0;
+        left: 0;
+        width: 100%;
+        height: 100%;
+        background-color: rgba(0, 0, 0, 0.7);
+        z-index: 10000;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+    }
+
+    .login-prompt-content {
+        background: white;
+        border-radius: 12px;
+        padding: 32px;
+        max-width: 400px;
+        width: 90%;
+        text-align: center;
+        box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3);
+    }
+
+    .login-prompt-content h3 {
+        margin: 0 0 16px 0;
+        color: var(--text-color);
+        font-size: 24px;
+    }
+
+    .login-prompt-content p {
+        margin: 0 0 24px 0;
+        color: var(--text-secondary);
+        line-height: 1.5;
+    }
+
+    .login-prompt-actions {
+        display: flex;
+        gap: 12px;
+        justify-content: center;
+    }
+
+    .login-prompt-close {
+        padding: 12px 24px;
+        background: transparent;
+        border: 1px solid var(--border-color);
+        border-radius: 8px;
+        color: var(--text-secondary);
+        cursor: pointer;
+        font-size: 14px;
+        transition: all 0.2s;
+    }
+
+    .login-prompt-close:hover {
+        background: var(--light-gray);
+    }
+
+    .login-prompt-btn {
+        padding: 12px 24px;
+        background: var(--primary-color);
+        border: none;
+        border-radius: 8px;
+        color: white;
+        text-decoration: none;
+        font-size: 14px;
+        font-weight: 500;
+        transition: all 0.2s;
+        display: inline-block;
+    }
+
+    .login-prompt-btn:hover {
+        background: var(--primary-hover);
+        transform: translateY(-1px);
+    }
+
+    /* Dark mode for login prompt */
+    @media (prefers-color-scheme: dark) {
+        .login-prompt-content {
+            background: var(--bg-color);
+            border: 1px solid var(--border-color);
+        }
+    }
 </style>
 {% endblock %} 
 
@@ -990,6 +1090,40 @@
 <script src="{{ url_for('static', filename='js/waveplayer.js') }}"></script>
 <script>
     document.addEventListener('DOMContentLoaded', function() {
+        // Check authentication status
+        const authStatus = document.getElementById('auth-status');
+        const isAuthenticated = authStatus ? authStatus.dataset.authenticated === 'true' : false;
+        const loginPromptOverlay = document.getElementById('login-prompt-overlay');
+        const loginPromptClose = document.querySelector('.login-prompt-close');
+
+        // Function to show login prompt
+        function showLoginPrompt() {
+            if (loginPromptOverlay) {
+                loginPromptOverlay.style.display = 'flex';
+            }
+        }
+
+        // Function to hide login prompt
+        function hideLoginPrompt() {
+            if (loginPromptOverlay) {
+                loginPromptOverlay.style.display = 'none';
+            }
+        }
+
+        // Add event listener to close button
+        if (loginPromptClose) {
+            loginPromptClose.addEventListener('click', hideLoginPrompt);
+        }
+
+        // Close prompt when clicking outside
+        if (loginPromptOverlay) {
+            loginPromptOverlay.addEventListener('click', function(e) {
+                if (e.target === loginPromptOverlay) {
+                    hideLoginPrompt();
+                }
+            });
+        }
+
         const synthForm = document.querySelector('.input-container');
         const synthBtn = document.querySelector('.synth-btn');
         const mobileSynthBtn = document.querySelector('.mobile-synth-btn');
@@ -1102,6 +1236,12 @@
                 e.preventDefault();
             }
 
+            // Check authentication first
+            if (!isAuthenticated) {
+                showLoginPrompt();
+                return;
+            }
+
             const text = textInput.value.trim();
             if (!text) {
                 openToast("Please enter some text to synthesize", "warning");
@@ -1193,7 +1333,13 @@
             })
             .catch(error => {
                 loadingContainer.style.display = 'none';
-                openToast(error.message, "error");
+                
+                // Handle authentication errors specially
+                if (error.message.includes('logged in to generate') || error.message.includes('logged in to vote')) {
+                    openToast("Please log in to use TTS Arena. <a href='{{ url_for('auth.login', next=request.path) }}' style='color: white; text-decoration: underline;'>Login now</a>", "error");
+                } else {
+                    openToast(error.message, "error");
+                }
                 console.error('Error:', error);
             });
         }
@@ -1266,7 +1412,12 @@
                     btn.querySelector('.vote-loader').style.display = 'none';
                 });
                 
-                openToast(error.message, "error");
+                // Handle authentication errors specially
+                if (error.message.includes('logged in to vote')) {
+                    openToast("Please log in to vote. <a href='{{ url_for('auth.login', next=request.path) }}' style='color: white; text-decoration: underline;'>Login now</a>", "error");
+                } else {
+                    openToast(error.message, "error");
+                }
                 console.error('Error:', error);
             });
         }
@@ -1803,7 +1954,13 @@
             })
             .catch(error => {
                 podcastLoadingContainer.style.display = 'none';
-                openToast(error.message, "error");
+                
+                // Handle authentication errors specially
+                if (error.message.includes('logged in to generate') || error.message.includes('logged in to vote')) {
+                    openToast("Please log in to use TTS Arena. <a href='{{ url_for('auth.login', next=request.path) }}' style='color: white; text-decoration: underline;'>Login now</a>", "error");
+                } else {
+                    openToast(error.message, "error");
+                }
                 console.error('Error:', error);
             });
         }
@@ -1875,7 +2032,12 @@
                     btn.querySelector('.vote-loader').style.display = 'none';
                 });
                 
-                openToast(error.message, "error");
+                // Handle authentication errors specially
+                if (error.message.includes('logged in to vote')) {
+                    openToast("Please log in to vote. <a href='{{ url_for('auth.login', next=request.path) }}' style='color: white; text-decoration: underline;'>Login now</a>", "error");
+                } else {
+                    openToast(error.message, "error");
+                }
                 console.error('Error:', error);
             });
         }

templates/turnstile.html

@@ -159,7 +159,7 @@
     <div class="verification-container">
         <div class="logo">TTS Arena</div>
         <h1>Verification Required</h1>
-        <p>Please complete the verification below to access TTS Arena.</p>
+        <p>Please complete the verification below to access TTS Arena. <b>If you are having issues on Safari, please try again using Chrome.</b> (Apologies for the temporary inconvenience - this is a bug with the captcha on Safari and should be fixed soon.)</p>
         
         <div id="turnstile-form">
             <div class="turnstile-container">