@jaysonder/tts-server 1.0.0

package/packages/validation/src/validation-helpers.ts

@@ -0,0 +1,90 @@
+const DANGEROUS_PATTERNS = [
+  /```/g,
+  /<\|/g,
+  /\|>/g,
+  /\[INST\]/gi,
+  /\[\/INST\]/gi,
+  /\[SYSTEM\]/gi,
+  /\[\/SYSTEM\]/gi,
+  /\[HUMAN\]/gi,
+  /\[\/HUMAN\]/gi,
+  /\[AI\]/gi,
+  /\[\/AI\]/gi,
+  /^system:/gi,
+  /^user:/gi,
+  /^assistant:/gi,
+  /^human:/gi,
+  /^ai:/gi,
+  /^bot:/gi,
+  /^model:/gi,
+  /ignore\s+(?:previous|above|all|earlier)\s+(?:instructions|rules|prompts|text|content)/gi,
+  /disregard\s+(?:previous|above|all|earlier)/gi,
+  /forget\s+(?:previous|above|all|earlier)/gi,
+  /override\s+(?:previous|above|all|earlier)/gi,
+  /new\s+(?:instructions|rules|persona|role)/gi,
+  /you\s+are\s+now/gi,
+  /act\s+as\s+(?:if|though|a|an)/gi,
+  /pretend\s+(?:to\s+be|you\s+are)/gi,
+  /roleplay\s+as/gi,
+  /from\s+now\s+on/gi,
+  /from\s+this\s+point/gi,
+  /sudo/gi,
+  /rm\s+-rf/gi,
+  /chmod/gi,
+  /exec/gi,
+  /eval/gi,
+  /system\s*\(/gi,
+  /exec\s*\(/gi,
+  /api[_\s]?key/gi,
+  /secret/gi,
+  /password/gi,
+  /token/gi,
+  /credential/gi,
+  /^\s*-{3,}\s*$/gm,
+  /^\s*={3,}\s*$/gm,
+  /^\s*\*{3,}\s*$/gm,
+];
+
+const INJECTION_PATTERNS = [
+  /(?:ignore|disregard|forget|override)\s+(?:the\s+)?(?:previous|above|all|earlier|existing)\s+(?:instructions|rules|prompts|text|content|guidelines)/i,
+  /(?:you\s+are\s+now|act\s+as|pretend\s+(?:to\s+be|you\s+are)|roleplay\s+as|from\s+now\s+on|from\s+this\s+point)/i,
+  /(?:show\s+(?:me\s+)?(?:your|the)\s+)?(?:instructions|rules|prompts|system\s+message|system\s+prompt)/i,
+  /(?:execute|run|eval|exec|sudo|chmod|rm\s+-rf)\s*[(/]/i,
+  /(?:api[_\s]?key|secret|password|token|credential|auth)/i,
+  /(?:```|<\/?[a-z]+>|^\s*[-=]{3,}|^\s*\*{3,})/i,
+  /[?!]{3,}/,
+  /(.{3,})\1{2,}/i,
+];
+
+export function sanitizeInput(input: string): string {
+  if (typeof input !== 'string') {
+    return '';
+  }
+
+  let sanitized = input.trim();
+
+  DANGEROUS_PATTERNS.forEach((pattern) => {
+    sanitized = sanitized.replace(pattern, ' ');
+  });
+
+  sanitized = sanitized.replace(/\s+/g, ' ').trim();
+
+  return sanitized;
+}
+
+export function checkTopicForInjection(sanitized: string): string | null {
+  for (const pattern of INJECTION_PATTERNS) {
+    if (pattern.test(sanitized)) {
+      console.warn(
+        `[Validation] Potential prompt injection attempt detected, topic: ${sanitized.substring(0, 50)}, pattern: ${pattern.toString()}`,
+      );
+      if (
+        pattern.source.includes('ignore|disregard|forget|override') ||
+        pattern.source.includes('you are now|act as|pretend')
+      ) {
+        return 'Topic contains prohibited content. Please use a different topic.';
+      }
+    }
+  }
+  return null;
+}

package/packages/validation/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "target": "ES2022",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/src/app.module.ts

@@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { GameModule } from './game/game.module.js';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({
+      isGlobal: true,
+      envFilePath: '.env',
+    }),
+    GameModule,
+  ],
+})
+export class AppModule {}

package/src/common/pipes/zod-validation.pipe.ts

@@ -0,0 +1,15 @@
+import { PipeTransform, BadRequestException } from '@nestjs/common';
+import { ZodSchema } from 'zod';
+
+export class ZodValidationPipe implements PipeTransform {
+  constructor(private schema: ZodSchema) {}
+
+  transform(value: unknown) {
+    const result = this.schema.safeParse(value);
+    if (!result.success) {
+      const messages = result.error.issues.map((e) => e.message);
+      throw new BadRequestException(messages.join(', '));
+    }
+    return result.data;
+  }
+}

package/src/common/schemas/index.ts

@@ -0,0 +1,37 @@
+export {
+  // Constants
+  MAX_TOPIC_LENGTH,
+  MAX_ROUNDS,
+  MAX_CUSTOM_LENGTH,
+  MAX_PLAYER_NAME_LENGTH,
+  MAX_TRANSCRIPT_LENGTH,
+  MIN_ROUND_TIME_LIMIT,
+  MAX_ROUND_TIME_LIMIT,
+
+  // Field schemas
+  TwisterLengthSchema,
+  TopicSchema,
+  RoundsSchema,
+  CustomLengthSchema,
+  PlayerNameSchema,
+  TranscriptSchema,
+
+  // Composite schemas
+  GameSettingsSchema,
+  CreateRoomSchema,
+  JoinRoomSchema,
+  SubmitAnswerSchema,
+  GenerateTwistersSchema,
+
+  // Inferred types
+  type TwisterLength,
+  type GameSettings,
+  type CreateRoomDto,
+  type JoinRoomDto,
+  type SubmitAnswerDto,
+  type GenerateTwistersDto,
+
+  // Helpers
+  sanitizeInput,
+  checkTopicForInjection,
+} from '@nemsae/tts-validation';

package/src/common/types/index.ts

@@ -0,0 +1,53 @@
+import type { GameSettings as GameSettingsFromSchema, TwisterLength as TwisterLengthFromSchema } from '../schemas/index.js';
+
+export type TwisterLength = TwisterLengthFromSchema;
+export type GameSettings = GameSettingsFromSchema;
+
+export type TwisterTopic = string;
+export type GameScreen = 'lobby' | 'playing' | 'paused' | 'game-over';
+
+export interface Twister {
+  id: string;
+  text: string;
+  difficulty: 1 | 2 | 3;
+  topic: TwisterTopic;
+  length?: TwisterLength;
+}
+
+export interface Player {
+  id: string;
+  name: string;
+  isHost: boolean;
+  isReady: boolean;
+  currentScore: number;
+  isConnected: boolean;
+}
+
+export interface RoundResult {
+  playerId: string;
+  twisterId: string;
+  similarity: number;
+  completedAt: number;
+}
+
+export interface GameState {
+  roomCode: string;
+  settings: GameSettings;
+  players: Player[];
+  twisters: Twister[];
+  currentRound: number;
+  roundResults: RoundResult[];
+  status: GameScreen;
+  startedAt: number | null;
+  pausedAt: number | null;
+  totalPausedTime: number;
+  currentTwisterStartTime: number | null;
+  roundTimeLimit: number | null;
+}
+
+export interface Room {
+  code: string;
+  game: GameState;
+  hostId: string;
+  createdAt: number;
+}

package/src/common/utils/rate-limiter.ts

@@ -0,0 +1,87 @@
+import { Logger } from '@nestjs/common';
+
+const logger = new Logger('RateLimiter');
+
+interface RateLimitRecord {
+  count: number;
+  resetTime: number;
+}
+
+export class RateLimiter {
+  private limits = new Map<string, RateLimitRecord>();
+  private readonly windowMs: number;
+  private readonly maxRequests: number;
+
+  constructor(windowMs: number = 60000, maxRequests: number = 5) {
+    this.windowMs = windowMs;
+    this.maxRequests = maxRequests;
+
+    setInterval(() => this.cleanup(), 5 * 60 * 1000);
+  }
+
+  check(key: string): boolean {
+    const now = Date.now();
+    const record = this.limits.get(key);
+
+    if (!record || now > record.resetTime) {
+      this.limits.set(key, {
+        count: 1,
+        resetTime: now + this.windowMs,
+      });
+      return true;
+    }
+
+    if (record.count >= this.maxRequests) {
+      logger.warn(`Request rate limited, key: ${key.substring(0, 10)}, count: ${record.count}, maxRequests: ${this.maxRequests}`);
+      return false;
+    }
+
+    record.count++;
+    return true;
+  }
+
+  getRemaining(key: string): number {
+    const record = this.limits.get(key);
+    if (!record || Date.now() > record.resetTime) {
+      return this.maxRequests;
+    }
+    return Math.max(0, this.maxRequests - record.count);
+  }
+
+  getResetTime(key: string): number {
+    const record = this.limits.get(key);
+    if (!record || Date.now() > record.resetTime) {
+      return 0;
+    }
+    return record.resetTime - Date.now();
+  }
+
+  private cleanup(): void {
+    const now = Date.now();
+    let cleaned = 0;
+
+    for (const [key, record] of this.limits.entries()) {
+      if (now > record.resetTime) {
+        this.limits.delete(key);
+        cleaned++;
+      }
+    }
+
+    if (cleaned > 0) {
+      logger.debug(`Cleaned up expired records, cleaned: ${cleaned}`);
+    }
+  }
+
+  reset(key: string): void {
+    this.limits.delete(key);
+  }
+
+  clear(): void {
+    this.limits.clear();
+  }
+}
+
+export const openaiRateLimiter = new RateLimiter(60000, 5);
+export const roomCreationRateLimiter = new RateLimiter(60000, 10);
+export const roomJoinRateLimiter = new RateLimiter(60000, 20);
+export const answerSubmissionRateLimiter = new RateLimiter(60000, 60);

package/src/common/utils/room-code.ts

@@ -0,0 +1,13 @@
+const ROOM_CODE_CHARS = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+
+export function generateRoomCode(): string {
+  let code = '';
+  for (let i = 0; i < 4; i++) {
+    code += ROOM_CODE_CHARS[Math.floor(Math.random() * ROOM_CODE_CHARS.length)];
+  }
+  return code;
+}
+
+export function isValidRoomCode(code: string): boolean {
+  return /^[A-Z0-9]{4}$/.test(code);
+}

package/src/game/dto/game.dto.ts

@@ -0,0 +1,12 @@
+export {
+  GameSettingsSchema,
+  CreateRoomSchema,
+  JoinRoomSchema,
+  SubmitAnswerSchema,
+  GenerateTwistersSchema,
+  type GameSettings as GameSettingsDto,
+  type CreateRoomDto,
+  type JoinRoomDto,
+  type SubmitAnswerDto,
+  type GenerateTwistersDto,
+} from '@nemsae/tts-validation';

package/src/game/dto/index.ts

@@ -0,0 +1 @@
+export * from './game.dto.js';

package/src/game/game.controller.ts

@@ -0,0 +1,42 @@
+import { Controller, Get, Post, Body, HttpCode, HttpStatus, Logger, UsePipes } from '@nestjs/common';
+import { TwisterGeneratorService } from './services/twister-generator.service.js';
+import { RoomManagerService } from './services/room-manager.service.js';
+import { GenerateTwistersSchema, type GenerateTwistersDto } from './dto/game.dto.js';
+import { ZodValidationPipe } from '../common/pipes/zod-validation.pipe.js';
+
+@Controller('api')
+export class GameController {
+  private readonly logger = new Logger(GameController.name);
+
+  constructor(
+    private readonly twisterGenerator: TwisterGeneratorService,
+    private readonly roomManager: RoomManagerService,
+  ) {}
+
+  @Get('lobby/active-players')
+  getActivePlayers(): { count: number } {
+    const count = this.roomManager.getActiveLobbyPlayerCount();
+    return { count };
+  }
+
+  @Post('generate')
+  @HttpCode(HttpStatus.OK)
+  @UsePipes(new ZodValidationPipe(GenerateTwistersSchema))
+  async generateTwisters(@Body() dto: GenerateTwistersDto): Promise<{ twisters: unknown[] }> {
+    try {
+      const twisters = await this.twisterGenerator.generateTwisters(
+        dto.topic,
+        dto.length,
+        dto.customLength,
+        dto.rounds ?? 1,
+      );
+      this.logger.log(`Generated twisters via REST - topic: ${dto.topic}, length: ${dto.length}, rounds: ${dto.rounds}, count: ${twisters.length}`);
+      return { twisters };
+    } catch (error) {
+      this.logger.error('Failed to generate twisters', {
+        error: error instanceof Error ? error.message : String(error),
+      });
+      throw error;
+    }
+  }
+}